@ahoo-wang/fetcher-cosec 3.9.9 → 3.10.2

package/dist/cosecConfigurer.d.ts

@@ -4,165 +4,463 @@ import { JwtTokenManager } from './jwtTokenManager';
 import { TokenRefresher } from './tokenRefresher';
 import { TokenStorage } from './tokenStorage';
 import { AppIdCapable, DeviceIdStorageCapable } from './types';
+import { SpaceIdProvider } from './spaceIdProvider';
 /**
- * Simplified configuration interface for CoSec setup.
- * Provides flexible configuration with sensible defaults for optional components.
+ * Configuration interface for CoSec security features.
+ *
+ * This interface provides a simplified, flexible configuration for setting up
+ * CoSec authentication and security features. It supports both full JWT
+ * authentication setups and minimal header injection configurations.
+ *
+ * @remarks
+ * **Required Properties:**
+ * - appId: Your application's unique identifier in the CoSec system
+ *
+ * **Optional Properties:**
+ * - tokenStorage: Custom token persistence (defaults to TokenStorage)
+ * - deviceIdStorage: Custom device ID management (defaults to DeviceIdStorage)
+ * - tokenRefresher: JWT token refresh handler (enables authentication)
+ * - spaceIdProvider: Space identifier resolver (enables multi-tenant)
+ * - onUnauthorized: Custom 401 error handler
+ * - onForbidden: Custom 403 error handler
+ *
+ * **Configuration Levels:**
+ * - Minimal: Only appId (headers only, no authentication)
+ * - Standard: appId + tokenRefresher (full JWT auth)
+ * - Enterprise: All options (multi-tenant with custom handlers)
+ *
+ * @example
+ * ```typescript
+ * // Minimal: Headers only, no authentication
+ * const minimalConfig: CoSecConfig = {
+ *   appId: 'my-web-app'
+ * };
+ *
+ * // Standard: Full JWT authentication
+ * const standardConfig: CoSecConfig = {
+ *   appId: 'my-web-app',
+ *   tokenRefresher: {
+ *     refresh: async (token) => refreshMyToken(token)
+ *   },
+ *   onUnauthorized: () => window.location.href = '/login',
+ *   onForbidden: () => showError('Access denied')
+ * };
+ *
+ * // Enterprise: Multi-tenant with custom storage
+ * const enterpriseConfig: CoSecConfig = {
+ *   appId: 'my-saas-app',
+ *   tokenStorage: myCustomTokenStorage,
+ *   deviceIdStorage: myCustomDeviceStorage,
+ *   tokenRefresher: myTokenRefresher,
+ *   spaceIdProvider: mySpaceProvider,
+ *   onUnauthorized: handle401,
+ *   onForbidden: handle403
+ * };
+ * ```
  */
 export interface CoSecConfig extends AppIdCapable, Partial<DeviceIdStorageCapable> {
     /**
-     * Application ID to be sent in the CoSec-App-Id header.
-     * This is required for identifying your application in the CoSec system.
+     * Your application's unique identifier in the CoSec authentication system.
+     *
+     * This ID is sent with every request in the `CoSec-App-Id` header and is
+     * used to identify which application is making the request. Obtain this
+     * value from your CoSec administration console.
+     *
+     * @remarks
+     * **Requirements:**
+     * - Must be a non-empty string
+     * - Must be registered in the CoSec system
+     * - Should be unique per application/deployment
+     *
+     * **Usage:**
+     * ```typescript
+     * const config: CoSecConfig = {
+     *   appId: 'my-production-app-001'  // Registered app ID
+     * };
+     * ```
      */
-    appId: string;
+    readonly appId: string;
     /**
-     * Custom token storage implementation.
-     * If not provided, a default TokenStorage instance will be created.
-     * Useful for custom storage backends or testing scenarios.
+     * Custom implementation for storing and retrieving JWT tokens.
+     *
+     * If not provided, a default TokenStorage instance will be created
+     * using browser localStorage. Use this property to provide custom
+     * storage backends or testing implementations.
+     *
+     * @defaultValue new TokenStorage()
+     *
+     * @example
+     * ```typescript
+     * // Custom encrypted storage
+     * const encryptedStorage = new EncryptedTokenStorage();
+     * const config: CoSecConfig = {
+     *   appId: 'my-app',
+     *   tokenStorage: encryptedStorage
+     * };
+     *
+     * // Memory storage for testing
+     * const memoryStorage = new InMemoryTokenStorage();
+     * const config: CoSecConfig = {
+     *   appId: 'my-app',
+     *   tokenStorage: memoryStorage
+     * };
+     * ```
      */
-    tokenStorage?: TokenStorage;
+    readonly tokenStorage?: TokenStorage;
     /**
-     * Custom device ID storage implementation.
-     * If not provided, a default DeviceIdStorage instance will be created.
-     * Useful for custom device identification strategies or testing scenarios.
+     * Custom implementation for storing and retrieving device identifiers.
+     *
+     * If not provided, a default DeviceIdStorage instance will be created
+     * using browser localStorage with cross-tab synchronization. Use this
+     * property for custom device identification strategies.
+     *
+     * @defaultValue new DeviceIdStorage()
+     *
+     * @example
+     * ```typescript
+     * // Custom device ID with custom key
+     * const customDeviceStorage = new DeviceIdStorage({
+     *   key: 'my-app-device-id',
+     *   storage: sessionStorage
+     * });
+     * const config: CoSecConfig = {
+     *   appId: 'my-app',
+     *   deviceIdStorage: customDeviceStorage
+     * };
+     * ```
      */
-    deviceIdStorage?: DeviceIdStorage;
+    readonly deviceIdStorage?: DeviceIdStorage;
     /**
-     * Token refresher implementation for handling expired tokens.
-     * If not provided, authentication interceptors will not be added.
-     * This enables CoSec configuration without full JWT authentication.
+     * Token refresh handler for automatic JWT token renewal.
+     *
+     * When provided, enables full JWT authentication including:
+     * - Automatic Bearer token injection in requests
+     * - Token refresh on 401 responses
+     * - Persistent token storage
+     *
+     * When not provided, no authentication interceptors are added.
+     *
+     * @defaultValue undefined (no authentication)
+     *
+     * @example
+     * ```typescript
+     * // Basic refresh implementation
+     * const myRefresher: TokenRefresher = {
+     *   refresh: async (token) => {
+     *     const response = await fetch('/api/auth/refresh', {
+     *       method: 'POST',
+     *       headers: { 'Content-Type': 'application/json' },
+     *       body: JSON.stringify({ refreshToken: token.refreshToken })
+     *     });
+     *     if (!response.ok) throw new Error('Refresh failed');
+     *     return response.json();
+     *   }
+     * };
+     *
+     * const config: CoSecConfig = {
+     *   appId: 'my-app',
+     *   tokenRefresher: myRefresher
+     * };
+     * ```
      */
-    tokenRefresher?: TokenRefresher;
+    readonly tokenRefresher?: TokenRefresher;
     /**
-     * Callback function invoked when an unauthorized (401) response is detected.
-     * If not provided, 401 errors will not be intercepted.
+     * Provider for resolving space identifiers from requests.
+     *
+     * Used for multi-tenant applications to scope requests to specific
+     * spaces within a tenant. When provided, the CoSec-Space-Id header
+     * will be added to requests for space-scoped resources.
+     *
+     * @defaultValue NoneSpaceIdProvider (no space identification)
+     *
+     * @example
+     * ```typescript
+     * // Multi-tenant space provider
+     * const spaceProvider: SpaceIdProvider = {
+     *   resolveSpaceId: (exchange) => {
+     *     return exchange.request.headers['X-Current-Space'] || null;
+     *   }
+     * };
+     *
+     * const config: CoSecConfig = {
+     *   appId: 'my-saas-app',
+     *   tokenRefresher: myRefresher,
+     *   spaceIdProvider: spaceProvider
+     * };
+     * ```
      */
-    onUnauthorized?: (exchange: FetchExchange) => Promise<void> | void;
+    readonly spaceIdProvider?: SpaceIdProvider;
     /**
-     * Callback function invoked when a forbidden (403) response is detected.
-     * If not provided, 403 errors will not be intercepted.
+     * Handler invoked when an HTTP 401 Unauthorized response is received.
+     *
+     * This callback is triggered when the server returns a 401 status code,
+     * typically indicating expired or invalid authentication. Use this to
+     * implement custom error handling such as redirecting to login.
+     *
+     * @param exchange - The fetch exchange containing the failed request
+     * @returns Promise<void> or void
+     *
+     * @defaultValue undefined (401 errors not intercepted)
+     *
+     * @example
+     * ```typescript
+     * // Redirect to login
+     * const config: CoSecConfig = {
+     *   appId: 'my-app',
+     *   tokenRefresher: myRefresher,
+     *   onUnauthorized: async (exchange) => {
+     *     await authService.logout();
+     *     window.location.href = '/login?reason=session_expired';
+     *   }
+     * };
+     *
+     * // Silent token refresh
+     * const config: CoSecConfig = {
+     *   appId: 'my-app',
+     *   tokenRefresher: myRefresher,
+     *   onUnauthorized: async (exchange) => {
+     *     // Force logout without redirect
+     *     authService.clearSession();
+     *     dispatch(logoutAction());
+     *   }
+     * };
+     * ```
+     */
+    readonly onUnauthorized?: (exchange: FetchExchange) => Promise<void> | void;
+    /**
+     * Handler invoked when an HTTP 403 Forbidden response is received.
+     *
+     * This callback is triggered when the server returns a 403 status code,
+     * indicating the authenticated user lacks permission for the requested
+     * resource. Use this to implement custom access denial handling.
+     *
+     * @param exchange - The fetch exchange containing the failed request
+     * @returns Promise<void>
+     *
+     * @defaultValue undefined (403 errors not intercepted)
+     *
+     * @example
+     * ```typescript
+     * // Show permission error
+     * const config: CoSecConfig = {
+     *   appId: 'my-app',
+     *   tokenRefresher: myRefresher,
+     *   onForbidden: async (exchange) => {
+     *     notification.error({
+     *       message: 'Access Denied',
+     *       description: 'You do not have permission to access this resource.'
+     *     });
+     *   }
+     * };
+     *
+     * // Redirect to access denied page
+     * const config: CoSecConfig = {
+     *   appId: 'my-app',
+     *   onForbidden: async (exchange) => {
+     *     router.push('/access-denied');
+     *   }
+     * };
+     * ```
      */
-    onForbidden?: (exchange: FetchExchange) => Promise<void>;
+    readonly onForbidden?: (exchange: FetchExchange) => Promise<void>;
 }
 /**
- * CoSecConfigurer provides a flexible way to configure CoSec interceptors
- * and dependencies with a single configuration object.
+ * Configurer class that applies CoSec security interceptors to a Fetcher instance.
+ *
+ * This class provides a simplified, declarative way to configure all CoSec
+ * authentication and security features. It implements FetcherConfigurer and
+ * handles the conditional creation and registration of interceptors based
+ * on the provided configuration.
  *
- * This class implements FetcherConfigurer and supports both full authentication
- * setups and minimal CoSec header injection. It conditionally creates dependencies
- * based on the provided configuration, allowing for different levels of integration.
+ * @remarks
+ * **Architecture:**
+ * The configurer acts as a composition root for all CoSec interceptors,
+ * managing their lifecycle and ensuring proper ordering in the interceptor
+ * chain. This approach provides a clean separation between configuration
+ * and implementation.
  *
- * @implements {FetcherConfigurer}
+ * **Interceptor Ordering:**
+ * Interceptors are registered in a specific order to ensure correct
+ * header injection and error handling:
+ * 1. CoSecRequestInterceptor (request) - Adds security headers
+ * 2. ResourceAttributionRequestInterceptor (request) - Adds tenant attribution
+ * 3. AuthorizationRequestInterceptor (request) - Adds Bearer token [conditional]
+ * 4. AuthorizationResponseInterceptor (response) - Handles 401 refresh [conditional]
+ * 5. UnauthorizedErrorInterceptor (error) - Handles 401 errors [conditional]
+ * 6. ForbiddenErrorInterceptor (error) - Handles 403 errors [conditional]
+ *
+ * **Conditional Features:**
+ * - Authentication (tokenRefresher): Enables JWT Bearer token injection and refresh
+ * - Space Support (spaceIdProvider): Enables multi-tenant space scoping
+ * - Error Handlers (onUnauthorized/onForbidden): Enables custom error handling
  *
  * @example
- * Full authentication setup with custom storage:
  * ```typescript
+ * import { Fetcher } from '@ahoo-wang/fetcher';
+ * import { CoSecConfigurer } from '@ahoo-wang/fetcher-cosec';
+ *
+ * // Create and configure
  * const configurer = new CoSecConfigurer({
- *   appId: 'my-app-001',
- *   tokenStorage: new CustomTokenStorage(),
- *   deviceIdStorage: new CustomDeviceStorage(),
+ *   appId: 'my-saas-app',
  *   tokenRefresher: {
- *     refresh: async (token: CompositeToken) => {
- *       const response = await fetch('/api/auth/refresh', {
+ *     refresh: async (token) => {
+ *       const res = await fetch('/api/refresh', {
  *         method: 'POST',
- *         body: JSON.stringify({ refreshToken: token.refreshToken }),
+ *         body: JSON.stringify({ refreshToken: token.refreshToken })
  *       });
- *       const newTokens = await response.json();
- *       return {
- *         accessToken: newTokens.accessToken,
- *         refreshToken: newTokens.refreshToken,
- *       };
- *     },
+ *       return res.json();
+ *     }
  *   },
- *   onUnauthorized: (exchange) => redirectToLogin(),
- *   onForbidden: (exchange) => showPermissionError(),
+ *   onUnauthorized: () => window.location.href = '/login',
+ *   onForbidden: () => showAccessDenied()
  * });
  *
+ * // Apply to fetcher
+ * const fetcher = new Fetcher({ baseUrl: 'https://api.example.com' });
  * configurer.applyTo(fetcher);
+ *
+ * // All requests now have CoSec headers and JWT auth
+ * const users = await fetcher.get('/api/users');
  * ```
  *
  * @example
- * Minimal setup with only CoSec headers (no authentication):
  * ```typescript
- * const configurer = new CoSecConfigurer({
- *   appId: 'my-app-001',
- *   // No tokenRefresher provided - authentication interceptors won't be added
- * });
+ * // Minimal setup - headers only, no authentication
+ * const fetcher = new Fetcher();
+ * new CoSecConfigurer({
+ *   appId: 'my-tracking-app'
+ * }).applyTo(fetcher);
  *
- * configurer.applyTo(fetcher);
+ * // Requests will include:
+ * // - CoSec-App-Id: my-tracking-app
+ * // - CoSec-Device-Id: <generated>
+ * // - CoSec-Request-Id: <unique-per-request>
  * ```
  */
 export declare class CoSecConfigurer implements FetcherConfigurer {
     readonly config: CoSecConfig;
     /**
-     * Token storage instance, either provided in config or auto-created.
+     * Token storage instance for JWT token persistence.
+     *
+     * Created from config.tokenStorage or instantiated with default TokenStorage.
+     * Used by authorization interceptors to retrieve and store JWT tokens.
      */
     readonly tokenStorage: TokenStorage;
     /**
-     * Device ID storage instance, either provided in config or auto-created.
+     * Device ID storage instance for device identifier management.
+     *
+     * Created from config.deviceIdStorage or instantiated with default DeviceIdStorage.
+     * Provides persistent device identification with cross-tab synchronization.
      */
     readonly deviceIdStorage: DeviceIdStorage;
     /**
-     * JWT token manager instance, only created if tokenRefresher is provided.
-     * When undefined, authentication interceptors will not be added.
+     * JWT token manager for authentication operations.
+     *
+     * Only created when tokenRefresher is provided in the config.
+     * When undefined, no authentication interceptors are registered.
      */
     readonly tokenManager?: JwtTokenManager;
+    /**
+     * Space identifier provider for multi-tenant support.
+     *
+     * Created from config.spaceIdProvider or defaulted to NoneSpaceIdProvider.
+     * Resolves space IDs from requests for tenant-scoped resource access.
+     */
+    readonly spaceIdProvider?: SpaceIdProvider;
     /**
      * Creates a new CoSecConfigurer instance with the provided configuration.
      *
-     * This constructor conditionally creates dependencies based on the configuration:
-     * - TokenStorage and DeviceIdStorage are always created (using defaults if not provided)
-     * - JwtTokenManager is only created if tokenRefresher is provided
+     * The constructor performs dependency initialization:
+     * - Creates or wraps tokenStorage and deviceIdStorage with defaults
+     * - Initializes spaceIdProvider (defaults to NoneSpaceIdProvider)
+     * - Conditionally creates tokenManager only if tokenRefresher is provided
+     *
+     * @param config - CoSec configuration object containing all settings
      *
-     * @param config - CoSec configuration object
+     * @throws Error if appId is not provided
+     * @throws Error if provided dependencies are invalid
      *
      * @example
      * ```typescript
-     * // Full setup with all dependencies
+     * // Full configuration
      * const configurer = new CoSecConfigurer({
      *   appId: 'my-app',
-     *   tokenRefresher: myTokenRefresher,
+     *   tokenStorage: customTokenStorage,
+     *   deviceIdStorage: customDeviceStorage,
+     *   tokenRefresher: myRefresher,
+     *   spaceIdProvider: mySpaceProvider,
+     *   onUnauthorized: handle401,
+     *   onForbidden: handle403
+     * });
+     *
+     * // Minimal configuration
+     * const configurer = new CoSecConfigurer({
+     *   appId: 'my-app'
      * });
      *
-     * // Minimal setup with custom storage
+     * // Custom storage with default refresh
      * const configurer = new CoSecConfigurer({
      *   appId: 'my-app',
-     *   tokenStorage: customStorage,
-     *   deviceIdStorage: customDeviceStorage,
+     *   tokenStorage: encryptedStorage,
+     *   deviceIdStorage: customDeviceStorage
      * });
      * ```
      */
     constructor(config: CoSecConfig);
     /**
-     * Applies CoSec interceptors to the provided Fetcher instance.
+     * Applies CoSec interceptors to the specified Fetcher instance.
      *
-     * This method conditionally configures interceptors based on the provided configuration:
+     * This method registers all configured interceptors with the Fetcher's
+     * interceptor chain. The registration is conditional based on the config:
      *
-     * Always added:
-     * 1. CoSecRequestInterceptor - Adds CoSec headers (appId, deviceId, requestId)
-     * 2. ResourceAttributionRequestInterceptor - Adds tenant/owner path parameters
+     * **Always Registered (Headers & Attribution):**
+     * - CoSecRequestInterceptor: Injects security headers
+     * - ResourceAttributionRequestInterceptor: Adds tenant attribution parameters
      *
-     * Only when `tokenRefresher` is provided:
-     * 3. AuthorizationRequestInterceptor - Adds Bearer token authentication
-     * 4. AuthorizationResponseInterceptor - Handles token refresh on 401 responses
+     * **Conditional Registration (Authentication):**
+     * - AuthorizationRequestInterceptor: Adds Bearer token [requires tokenRefresher]
+     * - AuthorizationResponseInterceptor: Handles 401 refresh [requires tokenRefresher]
      *
-     * Only when corresponding handlers are provided:
-     * 5. UnauthorizedErrorInterceptor - Handles 401 unauthorized errors
-     * 6. ForbiddenErrorInterceptor - Handles 403 forbidden errors
+     * **Conditional Registration (Error Handling):**
+     * - UnauthorizedErrorInterceptor: Custom 401 handling [requires onUnauthorized]
+     * - ForbiddenErrorInterceptor: Custom 403 handling [requires onForbidden]
      *
-     * @param fetcher - The Fetcher instance to configure
+     * @param fetcher - The Fetcher instance to configure with CoSec interceptors
+     *
+     * @throws Error if fetcher is null or undefined
      *
      * @example
      * ```typescript
-     * const fetcher = new Fetcher({ baseURL: '/api' });
+     * const fetcher = new Fetcher({ baseUrl: 'https://api.example.com' });
+     *
      * const configurer = new CoSecConfigurer({
      *   appId: 'my-app',
-     *   tokenRefresher: myTokenRefresher,
-     *   onUnauthorized: handle401,
-     *   onForbidden: handle403,
+     *   tokenRefresher: myRefresher,
+     *   onUnauthorized: () => redirectToLogin(),
+     *   onForbidden: () => showError()
      * });
      *
      * configurer.applyTo(fetcher);
+     *
      * // Now fetcher has all CoSec interceptors configured
+     * const data = await fetcher.get('/api/data');
+     * ```
+     *
+     * @example
+     * ```typescript
+     * // Applying to multiple fetchers
+     * const apiFetcher = new Fetcher({ baseUrl: 'https://api.example.com' });
+     * const adminFetcher = new Fetcher({ baseUrl: 'https://admin.example.com' });
+     *
+     * const configurer = new CoSecConfigurer({
+     *   appId: 'my-app',
+     *   tokenRefresher: myRefresher,
+     *   onForbidden: showAccessDenied
+     * });
+     *
+     * // Apply same configuration to multiple fetchers
+     * configurer.applyTo(apiFetcher);
+     * configurer.applyTo(adminFetcher);
      * ```
      */
     applyTo(fetcher: Fetcher): void;

package/dist/cosecConfigurer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cosecConfigurer.d.ts","sourceRoot":"","sources":["../src/cosecConfigurer.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAI/E,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAE/D;;;GAGG;AACH,MAAM,WAAW,WACf,SAAQ,YAAY,EAClB,OAAO,CAAC,sBAAsB,CAAC;IACjC;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;;;OAIG;IACH,YAAY,CAAC,EAAE,YAAY,CAAC;IAE5B;;;;OAIG;IACH,eAAe,CAAC,EAAE,eAAe,CAAC;IAElC;;;;OAIG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC;;;OAGG;IACH,cAAc,CAAC,EAAE,CAAC,QAAQ,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAEnE;;;OAGG;IACH,WAAW,CAAC,EAAE,CAAC,QAAQ,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1D;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+CG;AACH,qBAAa,eAAgB,YAAW,iBAAiB;aA0C3B,MAAM,EAAE,WAAW;IAzC/C;;OAEG;IACH,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IAEpC;;OAEG;IACH,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC;IAE1C;;;OAGG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,eAAe,CAAC;IAExC;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;gBACyB,MAAM,EAAE,WAAW;IAc/C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACH,OAAO,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;CA0ChC"}
+{"version":3,"file":"cosecConfigurer.d.ts","sourceRoot":"","sources":["../src/cosecConfigurer.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAI/E,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAuB,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEzE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AACH,MAAM,WAAW,WACf,SAAQ,YAAY,EAAE,OAAO,CAAC,sBAAsB,CAAC;IACrD;;;;;;;;;;;;;;;;;;;OAmBG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IAEvB;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAErC;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,eAAe,CAAC;IAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,cAAc,CAAC;IAEzC;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,eAAe,CAAC;IAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAmCG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC,QAAQ,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAE5E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,QAAQ,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACnE;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwEG;AACH,qBAAa,eAAgB,YAAW,iBAAiB;aAwE3B,MAAM,EAAE,WAAW;IAvE/C;;;;;OAKG;IACH,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IAEpC;;;;;OAKG;IACH,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC;IAE1C;;;;;OAKG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,eAAe,CAAC;IAExC;;;;;OAKG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,eAAe,CAAC;IAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;gBACyB,MAAM,EAAE,WAAW;IAe/C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAuDG;IACH,OAAO,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;CAmDhC"}