@ackplus/nest-auth 1.1.18 → 1.1.20

package/src/lib/auth/guards/auth.guard.js

@@ -11,6 +11,7 @@ const access_key_service_1 = require("../../user/services/access-key.service");
 const skip_mfa_decorator_1 = require("../../core/decorators/skip-mfa.decorator");
 const permissions_decorator_1 = require("../../core/decorators/permissions.decorator");
 const role_decorator_1 = require("../../core/decorators/role.decorator");
+const auth_config_service_1 = require("../../core/services/auth-config.service");
 // Key for optional auth metadata
 exports.OPTIONAL_AUTH_KEY = 'optional_auth';
 /**
@@ -28,11 +29,12 @@ exports.OPTIONAL_AUTH_KEY = 'optional_auth';
  * Note: For automatic token refresh, enable RefreshTokenInterceptor globally.
  */
 let NestAuthAuthGuard = class NestAuthAuthGuard {
-    constructor(reflector, jwtService, sessionManager, accessKeyService) {
+    constructor(reflector, jwtService, sessionManager, accessKeyService, authConfigService) {
         this.reflector = reflector;
         this.jwtService = jwtService;
         this.sessionManager = sessionManager;
         this.accessKeyService = accessKeyService;
+        this.authConfigService = authConfigService;
     }
     async canActivate(context) {
         const request = context.switchToHttp().getRequest();
@@ -58,7 +60,7 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
                 // Required auth: throw error
                 throw new common_1.UnauthorizedException({
                     message: 'No authentication provided',
-                    code: 'NO_AUTH'
+                    code: auth_constants_1.ERROR_CODES.NO_AUTH_PROVIDED
                 });
             }
         }
@@ -70,7 +72,7 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
             else {
                 throw new common_1.UnauthorizedException({
                     message: 'Invalid authentication format',
-                    code: 'INVALID_AUTH_FORMAT'
+                    code: auth_constants_1.ERROR_CODES.INVALID_AUTH_FORMAT
                 });
             }
         }
@@ -92,7 +94,7 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
                     else {
                         throw new common_1.UnauthorizedException({
                             message: 'Invalid authentication type',
-                            code: 'INVALID_AUTH_TYPE'
+                            code: auth_constants_1.ERROR_CODES.INVALID_AUTH_TYPE
                         });
                     }
             }
@@ -122,6 +124,17 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
         try {
             // Verify the JWT token
             const payload = await this.jwtService.verifyToken(token);
+            const config = this.authConfigService.getConfig();
+            // Apply guards.beforeAuth hook if configured
+            if (config.guards?.beforeAuth) {
+                const result = await config.guards.beforeAuth(request, payload);
+                if (result && result.reject) {
+                    throw new common_1.UnauthorizedException({
+                        message: result.reason || 'Authentication rejected by custom guard',
+                        code: auth_constants_1.ERROR_CODES.ACCESS_DENIED
+                    });
+                }
+            }
             request.user = payload;
             request.authType = 'jwt';
             // Verify session exists
@@ -136,13 +149,33 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
                 else {
                     throw new common_1.UnauthorizedException({
                         message: 'Session not found',
-                        code: auth_constants_1.UNAUTHORIZED_EXCEPTION_CODE
+                        code: auth_constants_1.ERROR_CODES.SESSION_NOT_FOUND
+                    });
+                }
+            }
+            // Apply jwt.validateToken hook if configured
+            if (config.jwt?.validateToken) {
+                const isValid = await config.jwt.validateToken(payload, session);
+                if (!isValid) {
+                    throw new common_1.UnauthorizedException({
+                        message: 'Token validation failed',
+                        code: auth_constants_1.ERROR_CODES.INVALID_TOKEN
                     });
                 }
             }
             request.session = session;
             // Check MFA requirements
             await this.checkMfa(context, payload, isOptional);
+            // Apply guards.afterAuth hook if configured
+            if (config.guards?.afterAuth) {
+                // We need the full user object for the hook if possible, but the signature asks for NestAuthUser
+                // The payload is just the JWT payload. The session has the user data.
+                // Let's try to use session.data.user if available, otherwise we might need to fetch it or cast payload
+                // The interface says user: NestAuthUser. session.data.user is usually the user object.
+                if (session.data?.user) {
+                    await config.guards.afterAuth(request, session.data.user, session);
+                }
+            }
             return true;
         }
         catch (error) {
@@ -155,7 +188,7 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
             else {
                 throw new common_1.UnauthorizedException({
                     message: 'Invalid or expired token',
-                    code: auth_constants_1.UNAUTHORIZED_EXCEPTION_CODE
+                    code: auth_constants_1.ERROR_CODES.INVALID_TOKEN
                 });
             }
         }
@@ -171,7 +204,7 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
             else {
                 throw new common_1.UnauthorizedException({
                     message: 'Invalid API key format',
-                    code: 'INVALID_API_KEY_FORMAT'
+                    code: auth_constants_1.ERROR_CODES.INVALID_API_KEY_FORMAT
                 });
             }
         }
@@ -186,7 +219,7 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
                 else {
                     throw new common_1.UnauthorizedException({
                         message: 'Invalid API key',
-                        code: 'INVALID_API_KEY'
+                        code: auth_constants_1.ERROR_CODES.INVALID_API_KEY
                     });
                 }
             }
@@ -229,7 +262,7 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
             else {
                 throw new common_1.UnauthorizedException({
                     message: 'Multi-factor authentication is required',
-                    code: auth_constants_1.UNAUTHORIZED_EXCEPTION_CODE
+                    code: auth_constants_1.ERROR_CODES.MFA_REQUIRED
                 });
             }
         }
@@ -248,15 +281,18 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
         const user = request.user;
         // Check if user exists
         if (!user) {
-            throw new common_1.ForbiddenException('Access denied: User not authenticated');
+            throw new common_1.ForbiddenException({
+                message: 'Access denied: User not authenticated',
+                code: auth_constants_1.ERROR_CODES.UNAUTHORIZED,
+            });
         }
         // Check roles if required
         if (requiredRoles.length > 0) {
-            this.checkRoles(user, requiredRoles);
+            await this.checkRoles(user, requiredRoles);
         }
         // Check permissions if required
         if (requiredPermissions.length > 0) {
-            this.checkPermissions(user, requiredPermissions);
+            await this.checkPermissions(user, requiredPermissions);
         }
     }
     /**
@@ -284,35 +320,86 @@ let NestAuthAuthGuard = class NestAuthAuthGuard {
     /**
      * Check if user has required roles
      */
-    checkRoles(user, requiredRoles) {
+    /**
+     * Check if user has required roles
+     */
+    /**
+     * Helper to resolve user roles
+     */
+    async resolveUserRoles(user) {
+        const config = this.authConfigService.getConfig();
+        // Apply authorization.resolveRoles hook if configured
+        if (config.authorization?.resolveRoles) {
+            return await config.authorization.resolveRoles(user);
+        }
+        // Default behavior
         if (!user.roles || !Array.isArray(user.roles)) {
-            throw new common_1.ForbiddenException('Access denied: No roles assigned');
+            // Return empty array instead of throwing, let the caller decide
+            return [];
         }
         // Get active role names
-        const userRoleNames = user.roles
-            .filter(role => role.isActive)
-            .map(role => role.name);
+        return user.roles
+            .filter((role) => role.isActive)
+            .map((role) => role.name);
+    }
+    /**
+     * Check if user has required roles
+     */
+    async checkRoles(user, requiredRoles) {
+        const userRoleNames = await this.resolveUserRoles(user);
+        if (userRoleNames.length === 0 && (!user.roles || !Array.isArray(user.roles))) {
+            throw new common_1.ForbiddenException({
+                message: 'Access denied: No roles assigned',
+                code: auth_constants_1.ERROR_CODES.NO_ROLES_ASSIGNED,
+            });
+        }
         // Check if user has all required roles
         const hasAllRoles = requiredRoles.every(role => userRoleNames.includes(role));
         if (!hasAllRoles) {
             const missingRoles = requiredRoles.filter(role => !userRoleNames.includes(role));
-            throw new common_1.ForbiddenException(`Access denied: Missing required roles: ${missingRoles.join(', ')}`);
+            throw new common_1.ForbiddenException({
+                message: `Access denied: Missing required roles: ${missingRoles.join(', ')}`,
+                code: auth_constants_1.ERROR_CODES.MISSING_REQUIRED_ROLES,
+            });
         }
     }
     /**
      * Check if user has required permissions
      */
-    checkPermissions(user, requiredPermissions) {
-        if (!user.roles || !Array.isArray(user.roles)) {
-            throw new common_1.ForbiddenException('Access denied: No roles assigned for permission check');
+    /**
+     * Check if user has required permissions
+     */
+    /**
+     * Check if user has required permissions
+     */
+    async checkPermissions(user, requiredPermissions) {
+        const config = this.authConfigService.getConfig();
+        let userPermissions = [];
+        // Apply authorization.resolvePermissions hook if configured
+        if (config.authorization?.resolvePermissions) {
+            // Resolve roles first as they are needed for the hook
+            const roles = await this.resolveUserRoles(user);
+            userPermissions = await config.authorization.resolvePermissions(user, roles);
+        }
+        else {
+            // Default behavior
+            if (!user.roles || !Array.isArray(user.roles)) {
+                throw new common_1.ForbiddenException({
+                    message: 'Access denied: No roles assigned for permission check',
+                    code: auth_constants_1.ERROR_CODES.NO_ROLES_ASSIGNED,
+                });
+            }
+            // Get all permissions from user's roles
+            userPermissions = this.getUserPermissions(user.roles);
         }
-        // Get all permissions from user's roles
-        const userPermissions = this.getUserPermissions(user.roles);
         // Check if user has all required permissions
         const hasAllPermissions = requiredPermissions.every(permission => userPermissions.includes(permission));
         if (!hasAllPermissions) {
             const missingPermissions = requiredPermissions.filter(permission => !userPermissions.includes(permission));
-            throw new common_1.ForbiddenException(`Access denied: Missing required permissions: ${missingPermissions.join(', ')}`);
+            throw new common_1.ForbiddenException({
+                message: `Access denied: Missing required permissions: ${missingPermissions.join(', ')}`,
+                code: auth_constants_1.ERROR_CODES.MISSING_REQUIRED_PERMISSIONS,
+            });
         }
     }
     /**
@@ -339,5 +426,6 @@ exports.NestAuthAuthGuard = NestAuthAuthGuard = tslib_1.__decorate([
     tslib_1.__metadata("design:paramtypes", [core_1.Reflector,
         jwt_service_1.JwtService,
         session_manager_service_1.SessionManagerService,
-        access_key_service_1.AccessKeyService])
+        access_key_service_1.AccessKeyService,
+        auth_config_service_1.AuthConfigService])
 ], NestAuthAuthGuard);

package/src/lib/auth/services/auth.service.d.ts

@@ -22,6 +22,8 @@ import { VerifyOtpResponseDto } from '../dto/responses/verify-otp.response.dto';
 import { SendEmailVerificationRequestDto } from '../dto/requests/send-email-verification.request.dto';
 import { VerifyEmailRequestDto } from '../dto/requests/verify-email.request.dto';
 import { AuthConfigService } from '../../core/services/auth-config.service';
+import { AuthTokensResponseDto } from '../dto/responses/auth.response.dto';
+import { UserService } from '../../user/services/user.service';
 export declare class AuthService {
     private readonly userRepository;
     private otpRepository;
@@ -33,9 +35,10 @@ export declare class AuthService {
     private readonly tenantService;
     private readonly debugLogger;
     private readonly authConfigService;
-    constructor(userRepository: Repository<NestAuthUser>, otpRepository: Repository<NestAuthOTP>, authProviderRegistry: AuthProviderRegistryService, mfaService: MfaService, sessionManager: SessionManagerService, jwtService: JwtService, eventEmitter: EventEmitter2, tenantService: TenantService, debugLogger: DebugLoggerService, authConfigService: AuthConfigService);
+    private readonly userService;
+    constructor(userRepository: Repository<NestAuthUser>, otpRepository: Repository<NestAuthOTP>, authProviderRegistry: AuthProviderRegistryService, mfaService: MfaService, sessionManager: SessionManagerService, jwtService: JwtService, eventEmitter: EventEmitter2, tenantService: TenantService, debugLogger: DebugLoggerService, authConfigService: AuthConfigService, userService: UserService);
     getUserWithRolesAndPermissions(userId: string, relations?: string[]): Promise<NestAuthUser>;
-    getUser(): Promise<NestAuthUser>;
+    getUser(): Promise<Partial<NestAuthUser>>;
     signup(input: SignupRequestDto): Promise<AuthResponseDto>;
     login(input: LoginRequestDto): Promise<AuthResponseDto>;
     verify2fa(input: Verify2faRequestDto): Promise<{
@@ -45,10 +48,7 @@ export declare class AuthService {
     }>;
     send2faCode(userId: string, method: MFAMethodEnum): Promise<boolean>;
     private handleSocialLogin;
-    refreshToken(refreshToken: string): Promise<{
-        accessToken: string;
-        refreshToken: string;
-    }>;
+    refreshToken(refreshToken: string): Promise<AuthTokensResponseDto>;
     changePassword(input: ChangePasswordRequestDto): Promise<AuthResponseDto>;
     forgotPassword(input: ForgotPasswordRequestDto): Promise<true | {
         message: string;
@@ -65,6 +65,10 @@ export declare class AuthService {
         message: string;
     }>;
     private generateTokensPayload;
+    /**
+     * Handle errors using the errorHandler hook if configured
+     */
+    private handleError;
     private generateTokensFromSession;
 }
 //# sourceMappingURL=auth.service.d.ts.map

package/src/lib/auth/services/auth.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/services/auth.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAc7D,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,gDAAgD,CAAC;AAEvF,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAC;AAC7E,OAAO,EACH,aAAa,EAChB,MAAM,6CAA6C,CAAC;AAErD,OAAO,EAAE,wBAAwB,EAAE,MAAM,6CAA6C,CAAC;AAEvF,OAAO,EAAE,uBAAuB,EAAE,MAAM,4CAA4C,CAAC;AAUrF,OAAO,EAAE,2BAA2B,EAAE,MAAM,oDAAoD,CAAC;AACjG,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAC;AAE9E,OAAO,EAAE,iCAAiC,EAAE,MAAM,wDAAwD,CAAC;AAC3G,OAAO,EAAE,gCAAgC,EAAE,MAAM,uDAAuD,CAAC;AACzG,OAAO,EAAE,wBAAwB,EAAE,MAAM,6CAA6C,CAAC;AACvF,OAAO,EAAE,oBAAoB,EAAE,MAAM,0CAA0C,CAAC;AAChF,OAAO,EAAE,+BAA+B,EAAE,MAAM,qDAAqD,CAAC;AACtG,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAG5E,qBACa,WAAW;IAIhB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAG/B,OAAO,CAAC,aAAa;IAErB,OAAO,CAAC,QAAQ,CAAC,oBAAoB;IAErC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAE3B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAE/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAE3B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAE7B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAE9B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;gBAnBjB,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EAGjD,aAAa,EAAE,UAAU,CAAC,WAAW,CAAC,EAE7B,oBAAoB,EAAE,2BAA2B,EAEjD,UAAU,EAAE,UAAU,EAEtB,cAAc,EAAE,qBAAqB,EAErC,UAAU,EAAE,UAAU,EAEtB,YAAY,EAAE,aAAa,EAE3B,aAAa,EAAE,aAAa,EAE5B,WAAW,EAAE,kBAAkB,EAE/B,iBAAiB,EAAE,iBAAiB;IAKzD,8BAA8B,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,GAAE,MAAM,EAAO,GAAG,OAAO,CAAC,YAAY,CAAC;IAUzF,OAAO;IAQP,MAAM,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAqGzD,KAAK,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;IAgGvD,SAAS,CAAC,KAAK,EAAE,mBAAmB;;;;;IAqEpC,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa;YAYzC,iBAAiB;IAiCzB,YAAY,CAAC,YAAY,EAAE,MAAM;qBA6jBkD,MAAM;sBAAgB,MAAM;;IA7f/G,cAAc,CAAC,KAAK,EAAE,wBAAwB,GAAG,OAAO,CAAC,eAAe,CAAC;IAiDzE,cAAc,CAAC,KAAK,EAAE,wBAAwB;;;IAyE9C,uBAAuB,CAAC,KAAK,EAAE,iCAAiC,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAyEhG,aAAa,CAAC,KAAK,EAAE,uBAAuB;IAqE5C,sBAAsB,CAAC,KAAK,EAAE,gCAAgC;IAyD9D,MAAM,CAAC,UAAU,GAAE,MAAM,GAAG,OAAO,GAAG,QAAiB,EAAE,MAAM,CAAC,EAAE,MAAM;IAwBxE,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,GAAE,MAAM,GAAG,OAAO,GAAG,QAAiB,EAAE,MAAM,CAAC,EAAE,MAAM;IA4B3F,qBAAqB,CAAC,KAAK,EAAE,+BAA+B;;;IAmD5D,WAAW,CAAC,KAAK,EAAE,qBAAqB;;;IAkE9C,OAAO,CAAC,qBAAqB;YAmBf,yBAAyB;CAK1C"}
+{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/services/auth.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAU7D,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,gDAAgD,CAAC;AAEvF,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAC;AAC7E,OAAO,EACH,aAAa,EAChB,MAAM,6CAA6C,CAAC;AAErD,OAAO,EAAE,wBAAwB,EAAE,MAAM,6CAA6C,CAAC;AAEvF,OAAO,EAAE,uBAAuB,EAAE,MAAM,4CAA4C,CAAC;AAUrF,OAAO,EAAE,2BAA2B,EAAE,MAAM,oDAAoD,CAAC;AACjG,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAC;AAE9E,OAAO,EAAE,iCAAiC,EAAE,MAAM,wDAAwD,CAAC;AAC3G,OAAO,EAAE,gCAAgC,EAAE,MAAM,uDAAuD,CAAC;AACzG,OAAO,EAAE,wBAAwB,EAAE,MAAM,6CAA6C,CAAC;AACvF,OAAO,EAAE,oBAAoB,EAAE,MAAM,0CAA0C,CAAC;AAChF,OAAO,EAAE,+BAA+B,EAAE,MAAM,qDAAqD,CAAC;AACtG,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAI5E,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAG/D,qBACa,WAAW;IAIhB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAG/B,OAAO,CAAC,aAAa;IAErB,OAAO,CAAC,QAAQ,CAAC,oBAAoB;IAErC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAE3B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAE/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAE3B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAE7B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAE9B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAElC,OAAO,CAAC,QAAQ,CAAC,WAAW;gBArBX,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EAGjD,aAAa,EAAE,UAAU,CAAC,WAAW,CAAC,EAE7B,oBAAoB,EAAE,2BAA2B,EAEjD,UAAU,EAAE,UAAU,EAEtB,cAAc,EAAE,qBAAqB,EAErC,UAAU,EAAE,UAAU,EAEtB,YAAY,EAAE,aAAa,EAE3B,aAAa,EAAE,aAAa,EAE5B,WAAW,EAAE,kBAAkB,EAE/B,iBAAiB,EAAE,iBAAiB,EAEpC,WAAW,EAAE,WAAW;IAK7C,8BAA8B,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,GAAE,MAAM,EAAO,GAAG,OAAO,CAAC,YAAY,CAAC;IAUzF,OAAO;IAgBP,MAAM,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAiIzD,KAAK,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;IA2HvD,SAAS,CAAC,KAAK,EAAE,mBAAmB;;;;;IAsEpC,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa;YAezC,iBAAiB;IAiCzB,YAAY,CAAC,YAAY,EAAE,MAAM;IA8DjC,cAAc,CAAC,KAAK,EAAE,wBAAwB,GAAG,OAAO,CAAC,eAAe,CAAC;IAsEzE,cAAc,CAAC,KAAK,EAAE,wBAAwB;;;IAsF9C,uBAAuB,CAAC,KAAK,EAAE,iCAAiC,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAyFhG,aAAa,CAAC,KAAK,EAAE,uBAAuB;IA+E5C,sBAAsB,CAAC,KAAK,EAAE,gCAAgC;IAsE9D,MAAM,CAAC,UAAU,GAAE,MAAM,GAAG,OAAO,GAAG,QAAiB,EAAE,MAAM,CAAC,EAAE,MAAM;IAwBxE,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,GAAE,MAAM,GAAG,OAAO,GAAG,QAAiB,EAAE,MAAM,CAAC,EAAE,MAAM;IAiC3F,qBAAqB,CAAC,KAAK,EAAE,+BAA+B;;;IA6D5D,WAAW,CAAC,KAAK,EAAE,qBAAqB;;;YAkFhC,qBAAqB;IAyBnC;;OAEG;IACH,OAAO,CAAC,WAAW;YAYL,yBAAyB;CAK1C"}