@alepha/react 0.11.11 → 0.11.12

package/dist/auth/index.d.ts

@@ -0,0 +1,564 @@
+import * as alepha4 from "alepha";
+import { Alepha, AlephaError, Async, Descriptor, KIND, Static } from "alepha";
+import { DateTimeProvider } from "alepha/datetime";
+import * as alepha_server0 from "alepha/server";
+import { HttpClient } from "alepha/server";
+import { HttpVirtualClient, ServerLinksProvider } from "alepha/server/links";
+import * as alepha_logger0 from "alepha/logger";
+import * as alepha_server_cookies0 from "alepha/server/cookies";
+import { Cookies, ServerCookiesProvider } from "alepha/server/cookies";
+import { AccessTokenResponse, RealmDescriptor, SecurityProvider, UserAccount, UserAccountToken } from "alepha/security";
+import { Configuration } from "openid-client";
+import * as typebox143 from "typebox";
+
+//#region src/auth/schemas/tokensSchema.d.ts
+declare const tokensSchema: typebox143.TObject<{
+  provider: typebox143.TString;
+  access_token: typebox143.TString;
+  issued_at: typebox143.TNumber;
+  expires_in: typebox143.TOptional<typebox143.TNumber>;
+  refresh_token: typebox143.TOptional<typebox143.TString>;
+  refresh_token_expires_in: typebox143.TOptional<typebox143.TNumber>;
+  refresh_expires_in: typebox143.TOptional<typebox143.TNumber>;
+  id_token: typebox143.TOptional<typebox143.TString>;
+  scope: typebox143.TOptional<typebox143.TString>;
+}>;
+type Tokens = Static<typeof tokensSchema>;
+//#endregion
+//#region src/auth/services/ReactAuth.d.ts
+/**
+ * Browser, SSR friendly, service to handle authentication.
+ */
+declare class ReactAuth {
+  protected readonly log: alepha_logger0.Logger;
+  protected readonly alepha: Alepha;
+  protected readonly httpClient: HttpClient;
+  static path: {
+    login: string;
+    callback: string;
+    logout: string;
+    token: string;
+    refresh: string;
+    userinfo: string;
+  };
+  protected readonly onBeginTransition: alepha4.HookDescriptor<"react:transition:begin">;
+  protected readonly onFetchRequest: alepha4.HookDescriptor<"client:onRequest">;
+  /**
+   * Get the current authenticated user.
+   *
+   * Alias for `alepha.state.get("user")`
+   */
+  get user(): UserAccountToken | undefined;
+  ping(): Promise<{
+    name?: string | undefined;
+    email?: string | undefined;
+    username?: string | undefined;
+    picture?: string | undefined;
+    sessionId?: string | undefined;
+    organizations?: string[] | undefined;
+    roles?: string[] | undefined;
+    id: string;
+  } | undefined>;
+  login(provider: string, options: {
+    hostname?: string;
+    username?: string;
+    password?: string;
+    redirect?: string;
+    [extra: string]: any;
+  }): Promise<Tokens>;
+  logout(): void;
+}
+//#endregion
+//#region src/auth/providers/ReactAuthProvider.d.ts
+declare class ReactAuthProvider {
+  protected readonly log: alepha_logger0.Logger;
+  protected readonly alepha: Alepha;
+  protected readonly serverCookiesProvider: ServerCookiesProvider;
+  protected readonly dateTimeProvider: DateTimeProvider;
+  protected readonly serverLinksProvider: ServerLinksProvider;
+  protected readonly reactAuth: ReactAuth;
+  protected readonly authorizationCode: alepha_server_cookies0.AbstractCookieDescriptor<typebox143.TObject<{
+    provider: typebox143.TString;
+    codeVerifier: typebox143.TOptional<typebox143.TString>;
+    redirectUri: typebox143.TOptional<typebox143.TString>;
+    state: typebox143.TOptional<typebox143.TString>;
+    nonce: typebox143.TOptional<typebox143.TString>;
+  }>>;
+  readonly tokens: alepha_server_cookies0.AbstractCookieDescriptor<typebox143.TObject<{
+    provider: typebox143.TString;
+    access_token: typebox143.TString;
+    issued_at: typebox143.TNumber;
+    expires_in: typebox143.TOptional<typebox143.TNumber>;
+    refresh_token: typebox143.TOptional<typebox143.TString>;
+    refresh_token_expires_in: typebox143.TOptional<typebox143.TNumber>;
+    refresh_expires_in: typebox143.TOptional<typebox143.TNumber>;
+    id_token: typebox143.TOptional<typebox143.TString>;
+    scope: typebox143.TOptional<typebox143.TString>;
+  }>>;
+  readonly onRender: alepha4.HookDescriptor<"react:server:render:begin">;
+  get identities(): Array<AuthDescriptor>;
+  protected readonly configure: alepha4.HookDescriptor<"configure">;
+  protected getAccessTokens(tokens: Tokens): string | undefined;
+  /**
+   * Fill request headers with access token from cookies or fallback to provider's fallback function.
+   */
+  protected readonly onRequest: alepha4.HookDescriptor<"server:onRequest">;
+  /**
+   * Convert cookies to tokens.
+   * If the tokens are expired, try to refresh them using the refresh token.
+   */
+  protected cookiesToTokens(cookies: Cookies): Promise<Tokens | undefined>;
+  protected refreshTokens(tokens: Tokens): Promise<Tokens | undefined>;
+  /**
+   * Get user information.
+   */
+  readonly userinfo: alepha_server0.RouteDescriptor<{
+    response: typebox143.TObject<{
+      user: typebox143.TOptional<typebox143.TObject<{
+        id: typebox143.TString;
+        name: typebox143.TOptional<typebox143.TString>;
+        email: typebox143.TOptional<typebox143.TString>;
+        username: typebox143.TOptional<typebox143.TString>;
+        picture: typebox143.TOptional<typebox143.TString>;
+        sessionId: typebox143.TOptional<typebox143.TString>;
+        organizations: typebox143.TOptional<typebox143.TArray<typebox143.TString>>;
+        roles: typebox143.TOptional<typebox143.TArray<typebox143.TString>>;
+      }>>;
+      api: typebox143.TObject<{
+        prefix: typebox143.TOptional<typebox143.TString>;
+        links: typebox143.TArray<typebox143.TObject<{
+          name: typebox143.TString;
+          group: typebox143.TOptional<typebox143.TString>;
+          path: typebox143.TString;
+          method: typebox143.TOptional<typebox143.TString>;
+          requestBodyType: typebox143.TOptional<typebox143.TString>;
+          service: typebox143.TOptional<typebox143.TString>;
+        }>>;
+      }>;
+    }>;
+  }>;
+  /**
+   * Refresh a token for internal providers.
+   */
+  readonly refresh: alepha_server0.RouteDescriptor<{
+    query: typebox143.TObject<{
+      provider: typebox143.TString;
+    }>;
+    body: typebox143.TObject<{
+      refresh_token: typebox143.TString;
+      access_token: typebox143.TOptional<typebox143.TString>;
+    }>;
+    response: typebox143.TObject<{
+      provider: typebox143.TString;
+      access_token: typebox143.TString;
+      issued_at: typebox143.TNumber;
+      expires_in: typebox143.TOptional<typebox143.TNumber>;
+      refresh_token: typebox143.TOptional<typebox143.TString>;
+      refresh_token_expires_in: typebox143.TOptional<typebox143.TNumber>;
+      refresh_expires_in: typebox143.TOptional<typebox143.TNumber>;
+      id_token: typebox143.TOptional<typebox143.TString>;
+      scope: typebox143.TOptional<typebox143.TString>;
+    }>;
+  }>;
+  /**
+   * Login for local password-based authentication.
+   */
+  readonly token: alepha_server0.RouteDescriptor<{
+    query: typebox143.TObject<{
+      provider: typebox143.TString;
+    }>;
+    body: typebox143.TObject<{
+      username: typebox143.TString;
+      password: typebox143.TString;
+    }>;
+    response: typebox143.TObject<{
+      provider: typebox143.TString;
+      access_token: typebox143.TString;
+      issued_at: typebox143.TNumber;
+      expires_in: typebox143.TOptional<typebox143.TNumber>;
+      refresh_token: typebox143.TOptional<typebox143.TString>;
+      refresh_token_expires_in: typebox143.TOptional<typebox143.TNumber>;
+      refresh_expires_in: typebox143.TOptional<typebox143.TNumber>;
+      id_token: typebox143.TOptional<typebox143.TString>;
+      scope: typebox143.TOptional<typebox143.TString>;
+      user: typebox143.TObject<{
+        id: typebox143.TString;
+        name: typebox143.TOptional<typebox143.TString>;
+        email: typebox143.TOptional<typebox143.TString>;
+        username: typebox143.TOptional<typebox143.TString>;
+        picture: typebox143.TOptional<typebox143.TString>;
+        sessionId: typebox143.TOptional<typebox143.TString>;
+        organizations: typebox143.TOptional<typebox143.TArray<typebox143.TString>>;
+        roles: typebox143.TOptional<typebox143.TArray<typebox143.TString>>;
+      }>;
+      api: typebox143.TObject<{
+        prefix: typebox143.TOptional<typebox143.TString>;
+        links: typebox143.TArray<typebox143.TObject<{
+          name: typebox143.TString;
+          group: typebox143.TOptional<typebox143.TString>;
+          path: typebox143.TString;
+          method: typebox143.TOptional<typebox143.TString>;
+          requestBodyType: typebox143.TOptional<typebox143.TString>;
+          service: typebox143.TOptional<typebox143.TString>;
+        }>>;
+      }>;
+    }>;
+  }>;
+  /**
+   * Oauth2/OIDC login route.
+   */
+  readonly login: alepha_server0.RouteDescriptor<{
+    query: typebox143.TObject<{
+      provider: typebox143.TString;
+      redirect_uri: typebox143.TOptional<typebox143.TString>;
+    }>;
+  }>;
+  /**
+   * Callback for OAuth2/OIDC providers.
+   * It handles the authorization code flow and retrieves the access token.
+   */
+  readonly callback: alepha_server0.RouteDescriptor<alepha_server0.RequestConfigSchema>;
+  /**
+   * Logout route for OAuth2/OIDC providers.
+   */
+  readonly logout: alepha_server0.RouteDescriptor<{
+    query: typebox143.TObject<{
+      post_logout_redirect_uri: typebox143.TOptional<typebox143.TString>;
+    }>;
+  }>;
+  protected provider(opts: string | {
+    provider: string;
+  }): AuthDescriptor;
+  protected setTokens(tokens: Tokens, cookies?: Cookies): void;
+}
+interface OAuth2Profile {
+  sub: string;
+  email?: string;
+  name?: string;
+  given_name?: string;
+  family_name?: string;
+  middle_name?: string;
+  nickname?: string;
+  preferred_username?: string;
+  profile?: string;
+  picture?: string;
+  website?: string;
+  email_verified?: boolean;
+  gender?: string;
+  birthdate?: string;
+  zoneinfo?: string;
+  locale?: string;
+  phone_number?: string;
+  phone_number_verified?: boolean;
+  address?: {
+    formatted?: string;
+    street_address?: string;
+    locality?: string;
+    region?: string;
+    postal_code?: string;
+    country?: string;
+  };
+  updated_at?: number;
+  [key: string]: unknown;
+}
+//#endregion
+//#region src/auth/descriptors/$auth.d.ts
+/**
+ * Creates an authentication provider descriptor for handling user login flows.
+ *
+ * Supports multiple authentication strategies: credentials (username/password), OAuth2,
+ * and OIDC (OpenID Connect). Handles token management, user profile retrieval, and
+ * integration with both external identity providers (Auth0, Keycloak) and internal realms.
+ *
+ * **Authentication Types**: Credentials, OAuth2 (Google, GitHub), OIDC, External providers
+ *
+ * @example
+ * ```ts
+ * class AuthProviders {
+ *   // Internal credentials-based auth
+ *   credentials = $auth({
+ *     realm: this.userRealm,
+ *     credentials: {
+ *       account: async ({ username, password }) => {
+ *         return await this.validateUser(username, password);
+ *       }
+ *     }
+ *   });
+ *
+ *   // External OIDC provider
+ *   keycloak = $auth({
+ *     oidc: {
+ *       issuer: "https://auth.example.com",
+ *       clientId: "my-app",
+ *       clientSecret: "secret",
+ *       redirectUri: "/auth/callback"
+ *     }
+ *   });
+ * }
+ * ```
+ */
+declare const $auth: {
+  (options: AuthDescriptorOptions): AuthDescriptor;
+  [KIND]: typeof AuthDescriptor;
+};
+type AuthDescriptorOptions = {
+  /**
+   * Name of the identity provider.
+   * If not provided, it will be derived from the property key.
+   */
+  name?: string;
+  /**
+   * If true, auth provider will be skipped.
+   */
+  disabled?: boolean;
+} & (AuthExternal | AuthInternal);
+/**
+ * When you let an external service handle authentication. (e.g. Keycloak, Auth0, etc.)
+ */
+type AuthExternal = {
+  /**
+   * Only OIDC is supported for external authentication.
+   */
+  oidc: OidcOptions;
+  /**
+   * For anonymous access, this will expect a service account access token.
+   *
+   * ```ts
+   * class App {
+   *   anonymous = $serviceAccount(...);
+   *   auth = $auth({
+   *     // ... config ...
+   *     fallback: this.anonymous,
+   *   })
+   * }
+   * ```
+   */
+  fallback?: () => Async<AccessToken>;
+};
+/**
+ * When using your own authentication system, e.g. using a database to store user accounts.
+ * This is usually used with a custom login form.
+ *
+ * This relies on the `realm`, which is used to create/verify the access token.
+ */
+type AuthInternal = {
+  realm: RealmDescriptor;
+} & ({
+  /**
+   * The common username/password authentication.
+   *
+   * - It uses the OAuth2 Client Credentials flow to obtain an access token.
+   *
+   * This is usually used with a custom login form on your website or mobile app.
+   */
+  credentials: CredentialsOptions;
+} | {
+  /**
+   * OAuth2 authentication. Delegates authentication to an OAuth2 provider. (e.g. Google, GitHub, etc.)
+   *
+   * - It uses the OAuth2 Authorization Code flow to obtain an access token and user information.
+   *
+   * This is usually used with a login button that redirects to the OAuth2 provider.
+   */
+  oauth: OAuth2Options;
+} | {
+  /**
+   * Like OAuth2, but uses OIDC (OpenID Connect) for authentication and user information retrieval.
+   * OIDC is an identity layer on top of OAuth2, providing user authentication and profile information.
+   *
+   * - It uses the OAuth2 Authorization Code flow to obtain an access token and user information.
+   * - PCKE (Proof Key for Code Exchange) is recommended for security.
+   *
+   * This is usually used with a login button that redirects to the OIDC provider.
+   */
+  oidc: OidcOptions;
+});
+type CredentialsOptions = {
+  account: (credentials: {
+    username: string;
+    password: string;
+  }) => Async<UserAccount>;
+};
+interface OidcOptions {
+  /**
+   * URL of the OIDC issuer.
+   */
+  issuer: string;
+  /**
+   * Client ID for the OIDC client.
+   */
+  clientId: string;
+  /**
+   * Client secret for the OIDC client.
+   * Optional if PKCE (Proof Key for Code Exchange) is used.
+   */
+  clientSecret?: string;
+  /**
+   * Redirect URI for the OIDC client.
+   * This is where the user will be redirected after authentication.
+   */
+  redirectUri?: string;
+  /**
+   * For external auth providers only.
+   * Take the ID token instead of the access token for validation.
+   */
+  useIdToken?: boolean;
+  /**
+   * URI to redirect the user after logout.
+   */
+  logoutUri?: string;
+  /**
+   * Optional scope for the OIDC client.
+   * @default "openid profile email".
+   */
+  scope?: string;
+  account?: (tokens: {
+    access_token: string;
+    user: OAuth2Profile;
+    id_token?: string;
+    expires_in?: number;
+    scope?: string;
+  }) => Async<UserAccount>;
+}
+interface OAuth2Options {
+  /**
+   * URL of the OAuth2 authorization endpoint.
+   */
+  clientId: string;
+  /**
+   * Client secret for the OAuth2 client.
+   */
+  clientSecret: string;
+  /**
+   * URL of the OAuth2 authorization endpoint.
+   */
+  authorization: string;
+  /**
+   * URL of the OAuth2 token endpoint.
+   */
+  token: string;
+  /**
+   * Function to retrieve user profile information from the OAuth2 tokens.
+   */
+  userinfo: (tokens: Tokens) => Async<OAuth2Profile>;
+  account?: (tokens: {
+    access_token: string;
+    user: OAuth2Profile;
+    id_token?: string;
+    expires_in?: number;
+    scope?: string;
+  }) => Async<UserAccount>;
+  /**
+   * URL of the OAuth2 authorization endpoint.
+   */
+  redirectUri?: string;
+  /**
+   * URL of the OAuth2 authorization endpoint.
+   */
+  scope?: string;
+}
+declare class AuthDescriptor extends Descriptor<AuthDescriptorOptions> {
+  protected readonly securityProvider: SecurityProvider;
+  protected readonly dateTimeProvider: DateTimeProvider;
+  oauth?: Configuration;
+  get name(): string;
+  get jwks_uri(): string;
+  get scope(): string | undefined;
+  get redirect_uri(): string | undefined;
+  /**
+   * Refreshes the access token using the refresh token.
+   * Can be used on oauth2, oidc or credentials auth providers.
+   */
+  refresh(refreshToken: string, accessToken?: string): Promise<AccessTokenResponse>;
+  /**
+   * Extracts user information from the access token.
+   * This is used to create a user account from the access token.
+   */
+  user(tokens: Tokens): Promise<UserAccount>;
+  protected getUserFromIdToken(idToken: string): OAuth2Profile;
+  prepare(): Promise<void>;
+}
+type AccessToken = string | {
+  token: () => Async<string>;
+};
+//#endregion
+//#region src/auth/descriptors/$authGithub.d.ts
+/**
+ * Already configured GitHub authentication descriptor.
+ *
+ * Uses OAuth2 to authenticate users via their GitHub accounts.
+ * Upon successful authentication, it links the GitHub account to a user session.
+ *
+ * Environment Variables:
+ * - `GITHUB_CLIENT_ID`: The client ID obtained from the GitHub Developer Settings.
+ * - `GITHUB_CLIENT_SECRET`: The client secret obtained from the GitHub Developer Settings.
+ */
+declare const $authGithub: (realm: RealmDescriptor, options: Partial<OidcOptions>) => AuthDescriptor;
+//#endregion
+//#region src/auth/descriptors/$authGoogle.d.ts
+/**
+ * Already configured Google authentication descriptor.
+ *
+ * Uses OpenID Connect (OIDC) to authenticate users via their Google accounts.
+ * Upon successful authentication, it links the Google account to a user session.
+ *
+ * Environment Variables:
+ * - `GOOGLE_CLIENT_ID`: The client ID obtained from the Google Developer Console.
+ * - `GOOGLE_CLIENT_SECRET`: The client secret obtained from the Google Developer Console.
+ */
+declare const $authGoogle: (realm: RealmDescriptor, options: Partial<OidcOptions>) => AuthDescriptor;
+//#endregion
+//#region src/auth/errors/SessionExpiredError.d.ts
+declare class SessionExpiredError extends AlephaError {
+  readonly name = "SessionExpiredError";
+  readonly status = 401;
+}
+//#endregion
+//#region src/auth/hooks/useAuth.d.ts
+declare const useAuth: <T extends object = any>() => {
+  user: {
+    name?: string | undefined;
+    email?: string | undefined;
+    username?: string | undefined;
+    picture?: string | undefined;
+    sessionId?: string | undefined;
+    organizations?: string[] | undefined;
+    roles?: string[] | undefined;
+    id: string;
+  } | undefined;
+  logout: () => void;
+  login: (provider: keyof T, options?: {
+    username?: string;
+    password?: string;
+    redirect?: string;
+    [extra: string]: any;
+  }) => Promise<void>;
+  can: <Api extends object = any>(name: keyof HttpVirtualClient<Api>) => boolean;
+};
+//#endregion
+//#region src/auth/index.d.ts
+declare module "alepha" {
+  interface State {
+    /**
+     * The authenticated user account attached to the server request state.
+     *
+     * @internal
+     */
+    "alepha.server.request.user"?: UserAccount;
+  }
+}
+declare module "@alepha/react" {
+  interface ReactRouterState {
+    user?: UserAccount;
+  }
+}
+/**
+ * The ReactAuthModule provides authentication services for React applications.
+ *
+ * @see {@link ReactAuthProvider}
+ * @module alepha.react.auth
+ */
+declare const AlephaReactAuth: alepha4.Service<alepha4.Module>;
+//#endregion
+export { $auth, $authGithub, $authGoogle, AccessToken, AlephaReactAuth, AuthDescriptor, AuthDescriptorOptions, AuthExternal, AuthInternal, CredentialsOptions, OAuth2Options, OAuth2Profile, OidcOptions, ReactAuth, ReactAuthProvider, SessionExpiredError, useAuth };
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/auth/schemas/tokensSchema.ts","../../src/auth/services/ReactAuth.ts","../../src/auth/providers/ReactAuthProvider.ts","../../src/auth/descriptors/$auth.ts","../../src/auth/descriptors/$authGithub.ts","../../src/auth/descriptors/$authGoogle.ts","../../src/auth/errors/SessionExpiredError.ts","../../src/auth/hooks/useAuth.ts","../../src/auth/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;cAGa,yBAAY;YAevB,UAAA,CAAA;;;;;;;;;;KAEU,MAAA,GAAS,cAAc;;;;;;cCRtB,SAAA;0BAAS,cAAA,CACE;6BACG;iCACI;;;;IDZlB,MAAA,EAAA,MAeX;IAAA,KAAA,EAAA,MAAA;;;;wCCH6B,OAAA,CAWO;qCAAA,OAAA,CAWH;;;;;;cAed;UAIF;;;YDrDM,CAAA,EAAA,MAAA,GAAA,SAAA;IAAA,OAAA,CAAA,EAAA,MAAA,GAAA,SAAA;IAiBb,SAAM,CAAA,EAAA,MAAiB,GAAA,SAAA;;;;ECRtB,CAAA,GAAA,SAAS,CAAA;EAAA,KAAA,CAAA,QACE,EAAA,MAAA,EAAA,OAAA,EAAA;IACG,QAAA,CAAA,EAAA,MAAA;IACI,QAAA,CAAA,EAAA,MAAA;IAAA,QAWO,CAAA,EAAA,MAAA;IAAA,QAWH,CAAA,EAAA,MAAA;IAed,CAAA,KAAA,EAAA,MAAA,CAAA,EAAA,GAAA;EAIF,CAAA,CAAA,EAoBd,OApBc,CAoBN,MApBM,CAAA;EAoBN,MAAA,CAAA,CAAA,EAAA,IAAA;;;;cCnDA,iBAAA;0BAAiB,cAAA,CACN;6BACG;4CACe;uCACL;0CACG;gCACV;EF5BjB,mBAeX,iBAAA,EEeoC,sBAAA,CAAA,wBFfpC,YEeoC,OFfpC,CAAA;IAAA,QAAA,EEa4B,UAAA,CAAA,OFb5B;;;;;;mBE4BsB,sBAAA,CAAA,oCAAA;cAbc,UAAA,CAAA;;;;;;;;SF9Bb,sBAAA,oBAAA;EAAA,CAAA,CAAA,CAAA;EAiBb,SAAM,QAAA,EE0BM,OAAA,CASE,cFnCC,CAAA,2BAAA,CAAA;oBE8CA,MAAM;gCAAD,OAAA,CAMF;oCASM;EDrEvB;;;EAGkB,mBAAA,SAAA,ECkEW,OAAA,CAiBZ,cDnFC,CAAA,kBAAA,CAAA;EAAA;;;;EA6DlB,UAAA,eAAA,CAAA,OAAA,EC2DA,OD3DA,CAAA,EC4DR,OD5DQ,CC4DA,MD5DA,GAAA,SAAA,CAAA;EAAR,UAAA,aAAA,CAAA,MAAA,EC0FmC,MD1FnC,CAAA,EC0F4C,OD1F5C,CC0FoD,MD1FpD,GAAA,SAAA,CAAA;EAAO;;;oCC2Ic;IA9Lb,QAAA,oBAAiB,CAAA;MAAA,IACN,sBAAA,mBAAA,CAAA;QACG,EAAA,EA2I6B,UAAA,CAAA,OA3I7B;QACe,IAAA,sBAAA,oBAAA;QACL,KAAA,sBAAA,oBAAA;QACG,QAAA,sBAAA,oBAAA;QACV,OAAA,sBAAA,oBAAA;QAAA,SAAA,sBAAA,oBAAA;;;;;;;;;UAEQ,IAAA,oBAAA;UAAA,MAAA,sBAAA,oBAAA;UAAA,eAAA,sBAAA,oBAAA;;;;;;;;;mCA2Nb;;gBArCC,UAAA,CAAA;;;;MAzKF,YAAA,sBAAA,oBAAA;IAAA,CAAA,CAAA;IAAA,QASE,oBAAA,CAAA;MAWO,QAAA,oBAAA;MAAN,YAAA,oBAAA;MAMG,SAAA,oBAAA;MASM,UAAA,sBAAA,oBAAA;MAiBN,aAAA,sBAAA,oBAAA;MAqCjB,wBAAA,sBAAA,oBAAA;MACA,kBAAA,sBAAA,oBAAA;MAAR,QAAA,sBAAA,oBAAA;MA8BmC,KAAA,sBAAA,oBAAA;IAAiB,CAAA,CAAA;EAAR,CAAA,CAAA;EAAO;;;iCA6HjC;;gBAvCE,UAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;UArCC,KAAA,sBAAA,oBAAA;UAAA,IAAA,oBAAA;;;;;;;;;;;iCA4IH;;gBAhEA,UAAA,CAAA;;;;;;;;qBA8IG,cAAA,CAAA,gBA9EH,cAAA,CA8EG,mBAAA;;;;kCAmEF;;qDAnEE,UAAA,CAAA,OAAA;;;;;MAyIiC;8BAW7B,kBAAkB;;UAiB/B,aAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AFnlBjB;;;;;;;;;;;;;;;;;;AAiBA;;;;ACRA;;;;AAG+B,cE4ClB,KFjCyB,EAAA;EAAA,CAAA,OAWH,EEsBJ,qBFtBI,CAAA,EEsBoB,cFtBpB;EAed,MAAA,EAAA,qBAAA;CAIF;AAoBN,KEXD,qBAAA,GFWC;EAAR;;;;;ECnDQ;;;EAG6B,QAAA,CAAA,EAAA,OAAA;CACL,GAAA,CC+ChC,YD/CgC,GC+CjB,YD/CiB,CAAA;;;;KCoDzB,YAAA;;;;QAIJ;;;;;;;;;;;;;;mBAeW,MAAM;;;;;;;;ADtDD,KC+DZ,YAAA,GD/DY;EAAA,KASE,ECuDjB,eDvDiB;CAWO,GAAA,CAAA;EAAN;;;;;;;EAoGa,WAAA,EC9CrB,kBD8CqB;CAAiB,GAAA;EAAR;;;;;;;SCpCpC;;;;;;;;;;;QAYD;;KAIA,kBAAA;;;;QAIJ,MAAM;;UAGG,WAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBDmGQ,EAAA;IAAA,YAAA,EAAA,MAAA;UCzDf;;;;QAIF,MAAM;;UAGG,aAAA;;;;;;;;;;;;;;;;;;;;qBAwBI,WAAW,MAAM;;;UAI5B;;;;QAIF,MAAM;;;;;;;;;;cAeD,cAAA,SAAuB,WAAW;uCACV;uCACA;UAEpB;;;;;;;;;uDA6CZ,QAAQ;;;;;EDuIa,IAAA,CAAA,MAAA,ECjGE,MDiGF,CAAA,ECjGW,ODiGX,CCjGmB,WDiGnB,CAAA;EAAA,UAAA,kBAAA,CAAA,OAAA,EAAA,MAAA,CAAA,ECxDuB,aDwDvB;aC5CJ;;KA8CV,WAAA,GDiEY,MAAA,GAAA;EAsEmC,KAAA,EAAA,GAAA,GCvIT,KDuIS,CAAA,MAAA,CAAA;CAW7B;;;;;;;;;;;;;cEtjBjB,qBACJ,0BACE,QAAQ,iBAAD;;;;;;;;;;;;;cCHL,qBACJ,0BACE,QAAQ,iBAAD;;;cCdL,mBAAA,SAA4B,WAAA;;;;;;cCE5B;;;;;;;;;;;;0BAUS;IPXT,QAAA,CAAA,EAeX,MAAA;IAAA,QAAA,CAAA,EAAA,MAAA;;;QOEK;8CAKW,kBAAkB;;;;;;;;;;;mCCAD;ERtBtB;;;;WQ2BF;;;;;;;;;cAYE,iBAAe,OAAA,CAAA,QAI1B,OAAA,CAJ0B,MAAA"}