@alepha/react 0.12.0 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (85) hide show
  1. package/dist/auth/chunk-DhGyd7sr.js +28 -0
  2. package/dist/auth/index.browser.js +394 -114
  3. package/dist/auth/index.browser.js.map +1 -1
  4. package/dist/auth/index.cjs +80 -1927
  5. package/dist/auth/index.cjs.map +1 -1
  6. package/dist/auth/index.d.cts +1130 -420
  7. package/dist/auth/index.d.ts +1130 -420
  8. package/dist/auth/index.js +72 -1918
  9. package/dist/auth/index.js.map +1 -1
  10. package/dist/core/chunk-DhGyd7sr.js +28 -0
  11. package/dist/core/index.browser.js +79 -79
  12. package/dist/core/index.browser.js.map +1 -1
  13. package/dist/core/index.cjs +89 -85
  14. package/dist/core/index.cjs.map +1 -1
  15. package/dist/core/index.d.cts +1654 -154
  16. package/dist/core/index.d.ts +1654 -154
  17. package/dist/core/index.js +79 -79
  18. package/dist/core/index.js.map +1 -1
  19. package/dist/form/chunk-DhGyd7sr.js +28 -0
  20. package/dist/form/index.cjs +28 -8
  21. package/dist/form/index.cjs.map +1 -1
  22. package/dist/form/index.d.cts +215 -7
  23. package/dist/form/index.d.ts +215 -7
  24. package/dist/form/index.js +18 -3
  25. package/dist/form/index.js.map +1 -1
  26. package/dist/head/chunk-DhGyd7sr.js +28 -0
  27. package/dist/head/index.browser.js +385 -59
  28. package/dist/head/index.browser.js.map +1 -1
  29. package/dist/head/index.cjs +12 -8
  30. package/dist/head/index.cjs.map +1 -1
  31. package/dist/head/index.d.cts +1230 -24
  32. package/dist/head/index.d.ts +1230 -29
  33. package/dist/head/index.js +2 -2
  34. package/dist/head/index.js.map +1 -1
  35. package/dist/i18n/chunk-DhGyd7sr.js +28 -0
  36. package/dist/i18n/index.cjs +33 -20
  37. package/dist/i18n/index.cjs.map +1 -1
  38. package/dist/i18n/index.d.cts +282 -13
  39. package/dist/i18n/index.d.ts +282 -13
  40. package/dist/i18n/index.js +23 -14
  41. package/dist/i18n/index.js.map +1 -1
  42. package/dist/websocket/index.cjs +21 -8
  43. package/dist/websocket/index.cjs.map +1 -1
  44. package/dist/websocket/index.js +11 -2
  45. package/dist/websocket/index.js.map +1 -1
  46. package/package.json +7 -6
  47. package/src/auth/index.browser.ts +3 -6
  48. package/src/auth/index.shared.ts +0 -1
  49. package/src/auth/index.ts +3 -16
  50. package/src/auth/providers/ReactAuthProvider.ts +1 -614
  51. package/src/auth/services/ReactAuth.ts +6 -17
  52. package/src/core/descriptors/$page.ts +1 -1
  53. package/src/core/index.browser.ts +1 -0
  54. package/src/core/index.native.ts +21 -0
  55. package/src/core/index.shared-router.ts +15 -0
  56. package/src/core/index.shared.ts +0 -14
  57. package/src/core/index.ts +1 -0
  58. package/src/core/services/ReactRouter.ts +2 -2
  59. package/src/form/errors/FormValidationError.ts +20 -0
  60. package/src/form/hooks/useForm.ts +1 -1
  61. package/src/form/index.ts +1 -0
  62. package/src/head/providers/BrowserHeadProvider.ts +1 -1
  63. package/src/i18n/descriptors/$dictionary.ts +7 -3
  64. package/src/i18n/providers/I18nProvider.ts +9 -10
  65. package/src/websocket/hooks/useRoom.tsx +21 -2
  66. package/dist/auth/index.d.cts.map +0 -1
  67. package/dist/auth/index.d.ts.map +0 -1
  68. package/dist/core/index.d.cts.map +0 -1
  69. package/dist/core/index.d.ts.map +0 -1
  70. package/dist/form/index.d.cts.map +0 -1
  71. package/dist/form/index.d.ts.map +0 -1
  72. package/dist/head/index.d.cts.map +0 -1
  73. package/dist/head/index.d.ts.map +0 -1
  74. package/dist/i18n/index.d.cts.map +0 -1
  75. package/dist/i18n/index.d.ts.map +0 -1
  76. package/dist/websocket/index.d.cts.map +0 -1
  77. package/dist/websocket/index.d.ts.map +0 -1
  78. package/src/auth/descriptors/$auth.ts +0 -436
  79. package/src/auth/descriptors/$authApple.ts +0 -8
  80. package/src/auth/descriptors/$authGithub.ts +0 -81
  81. package/src/auth/descriptors/$authGoogle.ts +0 -38
  82. package/src/auth/errors/SessionExpiredError.ts +0 -6
  83. package/src/auth/schemas/tokenResponseSchema.ts +0 -11
  84. package/src/auth/schemas/tokensSchema.ts +0 -21
  85. package/src/auth/schemas/userinfoResponseSchema.ts +0 -10
package/dist/auth/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["props","subs: Function[]","props","state","props","ErrorBoundary","props","envSchema","pages: PageRoute[]","NestedView","e","context: Record<string, any>","stack: Array<RouterStackItem>","route","config: Record<string, any>","props","context","element: ReactNode | Redirection | undefined","ErrorViewer","ClientOnly","children","envSchema","target: PageRoute | undefined","element","hydrationData: ReactHydrationState","query: Record<string, string>","e","previous: PreviousLayerData[]","props","query: Record<string, string>","props","USER_AGENT","ERR_INVALID_ARG_VALUE","ERR_INVALID_ARG_TYPE","CodedTypeError","allowInsecureRequests","clockSkew","clockTolerance","customFetch","modifyAssertion","decoder","headers","signal","performDiscovery","assertString","calculatePKCECodeChallenge","ClientSecretPost","None","skipSubjectCheck","skipStateCheck","oauth.ClientSecretPost","headers","oauth.None","oauth.skipStateCheck","oauth.skipSubjectCheck","oauth.customFetch","oauth.modifyAssertion","oauth.clockSkew","oauth.clockTolerance","oauth.calculatePKCECodeChallenge","oauth.generateRandomCodeVerifier","oauth.generateRandomState","oauth.ResponseBodyError","oauth.AuthorizationResponseError","oauth.WWWAuthenticateChallengeError","oauth.OperationProcessingError","oauth.HTTP_REQUEST_FORBIDDEN","oauth.REQUEST_PROTOCOL_FORBIDDEN","oauth.RESPONSE_IS_NOT_CONFORM","oauth.RESPONSE_IS_NOT_JSON","oauth.PARSE_ERROR","oauth.INVALID_RESPONSE","oauth.JWT_CLAIM_COMPARISON","oauth.JSON_ATTRIBUTE_COMPARISON","oauth.JWT_TIMESTAMP_CHECK","oauth.UnsupportedOperationError","oauth.UNSUPPORTED_OPERATION","signal","oauth.discoveryRequest","oauth.allowInsecureRequests","oauth.processDiscoveryResponse","oauth._nodiscoverycheck","oauth._expectedIssuer","oauth.getValidatedIdTokenClaims","oauth.formPostResponse","oauth.validateAuthResponse","oauth\n .authorizationCodeGrantRequest","oauth.nopkce","fetch","oauth.processAuthorizationCodeResponse","oauth.jweDecrypt","oauth\n .refreshTokenGrantRequest","oauth.processRefreshTokenResponse","oauth.resolveEndpoint","oauth.isDPoPNonceError","addons: Array<(config: Configuration) => void>","e","user","headers","user: UserAccount","parameters: Record<string, string>","parameters","tokens","identity","res","user: OAuth2Profile","emails: any[]","e"],"sources":["../../src/core/services/ReactPageService.ts","../../src/core/descriptors/$page.ts","../../src/core/components/ClientOnly.tsx","../../src/core/components/ErrorViewer.tsx","../../src/core/contexts/RouterLayerContext.ts","../../src/core/errors/Redirection.ts","../../src/core/contexts/AlephaContext.ts","../../src/core/hooks/useAlepha.ts","../../src/core/hooks/useEvents.ts","../../src/core/hooks/useStore.ts","../../src/core/hooks/useRouterState.ts","../../src/core/components/ErrorBoundary.tsx","../../src/core/components/NestedView.tsx","../../src/core/components/NotFound.tsx","../../src/core/providers/ReactPageProvider.ts","../../src/core/providers/ReactServerProvider.ts","../../src/core/services/ReactPageServerService.ts","../../src/core/providers/ReactBrowserRouterProvider.ts","../../src/core/providers/ReactBrowserProvider.ts","../../src/core/services/ReactRouter.ts","../../src/core/index.ts","../../../../node_modules/oauth4webapi/build/index.js","../../../../node_modules/openid-client/build/index.js","../../src/auth/descriptors/$auth.ts","../../src/auth/schemas/tokensSchema.ts","../../src/auth/schemas/tokenResponseSchema.ts","../../src/auth/schemas/userinfoResponseSchema.ts","../../src/auth/services/ReactAuth.ts","../../src/auth/providers/ReactAuthProvider.ts","../../src/auth/descriptors/$authGithub.ts","../../src/auth/descriptors/$authGoogle.ts","../../src/auth/errors/SessionExpiredError.ts","../../src/auth/hooks/useAuth.ts","../../src/auth/index.ts"],"sourcesContent":["import { AlephaError } from \"alepha\";\nimport type {\n PageDescriptorRenderOptions,\n PageDescriptorRenderResult,\n} from \"../descriptors/$page.ts\";\n\nexport class ReactPageService {\n public fetch(\n pathname: string,\n options: PageDescriptorRenderOptions = {},\n ): Promise<{\n html: string;\n response: Response;\n }> {\n throw new AlephaError(\"Fetch is not available for this environment.\");\n }\n\n public render(\n name: string,\n options: PageDescriptorRenderOptions = {},\n ): Promise<PageDescriptorRenderResult> {\n throw new AlephaError(\"Render is not available for this environment.\");\n }\n}\n","import {\n $inject,\n type Async,\n createDescriptor,\n Descriptor,\n KIND,\n type Static,\n type TSchema,\n} from \"alepha\";\nimport type { ServerRequest } from \"alepha/server\";\nimport type { ServerRouteCache } from \"alepha/server/cache\";\nimport type { FC, ReactNode } from \"react\";\nimport type { ClientOnlyProps } from \"../components/ClientOnly.tsx\";\nimport type { Redirection } from \"../errors/Redirection.ts\";\nimport type { ReactRouterState } from \"../providers/ReactPageProvider.ts\";\nimport { ReactPageService } from \"../services/ReactPageService.ts\";\n\n/**\n * Main descriptor for defining a React route in the application.\n *\n * The $page descriptor is the core building block for creating type-safe, SSR-enabled React routes.\n * It provides a declarative way to define pages with powerful features:\n *\n * **Routing & Navigation**\n * - URL pattern matching with parameters (e.g., `/users/:id`)\n * - Nested routing with parent-child relationships\n * - Type-safe URL parameter and query string validation\n *\n * **Data Loading**\n * - Server-side data fetching with the `resolve` function\n * - Automatic serialization and hydration for SSR\n * - Access to request context, URL params, and parent data\n *\n * **Component Loading**\n * - Direct component rendering or lazy loading for code splitting\n * - Client-only rendering when browser APIs are needed\n * - Automatic fallback handling during hydration\n *\n * **Performance Optimization**\n * - Static generation for pre-rendered pages at build time\n * - Server-side caching with configurable TTL and providers\n * - Code splitting through lazy component loading\n *\n * **Error Handling**\n * - Custom error handlers with support for redirects\n * - Hierarchical error handling (child → parent)\n * - HTTP status code handling (404, 401, etc.)\n *\n * **Page Animations**\n * - CSS-based enter/exit animations\n * - Dynamic animations based on page state\n * - Custom timing and easing functions\n *\n * **Lifecycle Management**\n * - Server response hooks for headers and status codes\n * - Page leave handlers for cleanup (browser only)\n * - Permission-based access control\n *\n * @example Simple page with data fetching\n * ```typescript\n * const userProfile = $page({\n * path: \"/users/:id\",\n * schema: {\n * params: t.object({ id: t.int() }),\n * query: t.object({ tab: t.optional(t.text()) })\n * },\n * resolve: async ({ params }) => {\n * const user = await userApi.getUser(params.id);\n * return { user };\n * },\n * lazy: () => import(\"./UserProfile.tsx\")\n * });\n * ```\n *\n * @example Nested routing with error handling\n * ```typescript\n * const projectSection = $page({\n * path: \"/projects/:id\",\n * children: () => [projectBoard, projectSettings],\n * resolve: async ({ params }) => {\n * const project = await projectApi.get(params.id);\n * return { project };\n * },\n * errorHandler: (error) => {\n * if (HttpError.is(error, 404)) {\n * return <ProjectNotFound />;\n * }\n * }\n * });\n * ```\n *\n * @example Static generation with caching\n * ```typescript\n * const blogPost = $page({\n * path: \"/blog/:slug\",\n * static: {\n * entries: posts.map(p => ({ params: { slug: p.slug } }))\n * },\n * resolve: async ({ params }) => {\n * const post = await loadPost(params.slug);\n * return { post };\n * }\n * });\n * ```\n */\nexport const $page = <\n TConfig extends PageConfigSchema = PageConfigSchema,\n TProps extends object = TPropsDefault,\n TPropsParent extends object = TPropsParentDefault,\n>(\n options: PageDescriptorOptions<TConfig, TProps, TPropsParent>,\n): PageDescriptor<TConfig, TProps, TPropsParent> => {\n return createDescriptor(\n PageDescriptor<TConfig, TProps, TPropsParent>,\n options,\n );\n};\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface PageDescriptorOptions<\n TConfig extends PageConfigSchema = PageConfigSchema,\n TProps extends object = TPropsDefault,\n TPropsParent extends object = TPropsParentDefault,\n> {\n /**\n * Identifier name for the page. Must be unique.\n *\n * @default Descriptor key\n */\n name?: string;\n\n /**\n * Add a pathname to the page.\n *\n * Pathname can contain parameters, like `/post/:slug`.\n *\n * @default \"\"\n */\n path?: string;\n\n /**\n * Add an input schema to define:\n * - `params`: parameters from the pathname.\n * - `query`: query parameters from the URL.\n */\n schema?: TConfig;\n\n /**\n * Load data before rendering the page.\n *\n * This function receives\n * - the request context and\n * - the parent props (if page has a parent)\n *\n * In SSR, the returned data will be serialized and sent to the client, then reused during the client-side hydration.\n *\n * Resolve can be stopped by throwing an error, which will be handled by the `errorHandler` function.\n * It's common to throw a `NotFoundError` to display a 404 page.\n *\n * RedirectError can be thrown to redirect the user to another page.\n */\n resolve?: (context: PageResolve<TConfig, TPropsParent>) => Async<TProps>;\n\n /**\n * The component to render when the page is loaded.\n *\n * If `lazy` is defined, this will be ignored.\n * Prefer using `lazy` to improve the initial loading time.\n */\n component?: FC<TProps & TPropsParent>;\n\n /**\n * Lazy load the component when the page is loaded.\n *\n * It's recommended to use this for components to improve the initial loading time\n * and enable code-splitting.\n */\n lazy?: () => Promise<{ default: FC<TProps & TPropsParent> }>;\n\n /**\n * Attach child pages to create nested routes.\n * This will make the page a parent route.\n */\n children?: Array<PageDescriptor> | (() => Array<PageDescriptor>);\n\n /**\n * Define a parent page for nested routing.\n */\n parent?: PageDescriptor<PageConfigSchema, TPropsParent, any>;\n\n can?: () => boolean;\n\n /**\n * Catch any error from the `resolve` function or during `rendering`.\n *\n * Expected to return one of the following:\n * - a ReactNode to render an error page\n * - a Redirection to redirect the user\n * - undefined to let the error propagate\n *\n * If not defined, the error will be thrown and handled by the server or client error handler.\n * If a leaf $page does not define an error handler, the error can be caught by parent pages.\n *\n * @example Catch a 404 from API and render a custom not found component:\n * ```ts\n * resolve: async ({ params, query }) => {\n * api.fetch(\"/api/resource\", { params, query });\n * },\n * errorHandler: (error, context) => {\n * if (HttpError.is(error, 404)) {\n * return <ResourceNotFound />;\n * }\n * }\n * ```\n *\n * @example Catch an 401 error and redirect the user to the login page:\n * ```ts\n * resolve: async ({ params, query }) => {\n * // but the user is not authenticated\n * api.fetch(\"/api/resource\", { params, query });\n * },\n * errorHandler: (error, context) => {\n * if (HttpError.is(error, 401)) {\n * // throwing a Redirection is also valid!\n * return new Redirection(\"/login\");\n * }\n * }\n * ```\n */\n errorHandler?: ErrorHandler;\n\n /**\n * If true, the page will be considered as a static page, immutable and cacheable.\n * Replace boolean by an object to define static entries. (e.g. list of params/query)\n *\n * Browser-side: it only works with `alepha/vite`, which can pre-render the page at build time.\n *\n * Server-side: It will act as timeless cached page. You can use `cache` to configure the cache behavior.\n */\n static?:\n | boolean\n | {\n entries?: Array<Partial<PageRequestConfig<TConfig>>>;\n };\n\n cache?: ServerRouteCache;\n\n /**\n * If true, force the page to be rendered only on the client-side (browser).\n * It uses the `<ClientOnly/>` component to render the page.\n */\n client?: boolean | ClientOnlyProps;\n\n /**\n * Called before the server response is sent to the client. (server only)\n */\n onServerResponse?: (request: ServerRequest) => unknown;\n\n /**\n * Called when user leaves the page. (browser only)\n */\n onLeave?: () => void;\n\n /**\n * @experimental\n *\n * Add a css animation when the page is loaded or unloaded.\n * It uses CSS animations, so you need to define the keyframes in your CSS.\n *\n * @example Simple animation name\n * ```ts\n * animation: \"fadeIn\"\n * ```\n *\n * CSS example:\n * ```css\n * @keyframes fadeIn {\n * from { opacity: 0; }\n * to { opacity: 1; }\n * }\n * ```\n *\n * @example Detailed animation\n * ```ts\n * animation: {\n * enter: { name: \"fadeIn\", duration: 300 },\n * exit: { name: \"fadeOut\", duration: 200, timing: \"ease-in-out\" },\n * }\n * ```\n *\n * @example Only exit animation\n * ```ts\n * animation: {\n * exit: \"fadeOut\"\n * }\n * ```\n *\n * @example With custom timing function\n * ```ts\n * animation: {\n * enter: { name: \"fadeIn\", duration: 300, timing: \"cubic-bezier(0.4, 0, 0.2, 1)\" },\n * exit: { name: \"fadeOut\", duration: 200, timing: \"ease-in-out\" },\n * }\n * ```\n */\n animation?: PageAnimation;\n}\n\nexport type ErrorHandler = (\n error: Error,\n state: ReactRouterState,\n) => ReactNode | Redirection | undefined;\n\nexport class PageDescriptor<\n TConfig extends PageConfigSchema = PageConfigSchema,\n TProps extends object = TPropsDefault,\n TPropsParent extends object = TPropsParentDefault,\n> extends Descriptor<PageDescriptorOptions<TConfig, TProps, TPropsParent>> {\n protected readonly reactPageService = $inject(ReactPageService);\n\n protected onInit() {\n if (this.options.static) {\n this.options.cache ??= {\n store: {\n provider: \"memory\",\n ttl: [1, \"week\"],\n },\n };\n }\n }\n\n public get name(): string {\n return this.options.name ?? this.config.propertyKey;\n }\n\n /**\n * For testing or build purposes.\n *\n * This will render the page (HTML layout included or not) and return the HTML + context.\n * Only valid for server-side rendering, it will throw an error if called on the client-side.\n */\n public async render(\n options?: PageDescriptorRenderOptions,\n ): Promise<PageDescriptorRenderResult> {\n return this.reactPageService.render(this.name, options);\n }\n\n public async fetch(options?: PageDescriptorRenderOptions): Promise<{\n html: string;\n response: Response;\n }> {\n return this.reactPageService.fetch(this.options.path || \"\", options);\n }\n\n public match(url: string): boolean {\n // TODO: Implement a way to match the URL against the pathname\n return false;\n }\n\n public pathname(config: any) {\n // TODO: Implement a way to generate the pathname based on the config\n return this.options.path || \"\";\n }\n}\n\n$page[KIND] = PageDescriptor;\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface PageConfigSchema {\n query?: TSchema;\n params?: TSchema;\n}\n\nexport type TPropsDefault = any;\n\nexport type TPropsParentDefault = {};\n\nexport interface PageDescriptorRenderOptions {\n params?: Record<string, string>;\n query?: Record<string, string>;\n\n /**\n * If true, the HTML layout will be included in the response.\n * If false, only the page content will be returned.\n *\n * @default true\n */\n html?: boolean;\n hydration?: boolean;\n}\n\nexport interface PageDescriptorRenderResult {\n html: string;\n state: ReactRouterState;\n redirect?: string;\n}\n\nexport interface PageRequestConfig<\n TConfig extends PageConfigSchema = PageConfigSchema,\n> {\n params: TConfig[\"params\"] extends TSchema\n ? Static<TConfig[\"params\"]>\n : Record<string, string>;\n\n query: TConfig[\"query\"] extends TSchema\n ? Static<TConfig[\"query\"]>\n : Record<string, string>;\n}\n\nexport type PageResolve<\n TConfig extends PageConfigSchema = PageConfigSchema,\n TPropsParent extends object = TPropsParentDefault,\n> = PageRequestConfig<TConfig> &\n TPropsParent &\n Omit<ReactRouterState, \"layers\" | \"onError\">;\n\nexport type PageAnimation =\n | PageAnimationObject\n | ((state: ReactRouterState) => PageAnimationObject | undefined);\n\ntype PageAnimationObject =\n | CssAnimationName\n | {\n enter?: CssAnimation | CssAnimationName;\n exit?: CssAnimation | CssAnimationName;\n };\n\ntype CssAnimationName = string;\n\ntype CssAnimation = {\n name: string;\n duration?: number;\n timing?: string;\n};\n","import {\n type PropsWithChildren,\n type ReactNode,\n useEffect,\n useState,\n} from \"react\";\n\nexport interface ClientOnlyProps {\n fallback?: ReactNode;\n disabled?: boolean;\n}\n\n/**\n * A small utility component that renders its children only on the client side.\n *\n * Optionally, you can provide a fallback React node that will be rendered.\n *\n * You should use this component when\n * - you have code that relies on browser-specific APIs\n * - you want to avoid server-side rendering for a specific part of your application\n * - you want to prevent pre-rendering of a component\n */\nconst ClientOnly = (props: PropsWithChildren<ClientOnlyProps>) => {\n const [mounted, setMounted] = useState(false);\n\n useEffect(() => setMounted(true), []);\n\n if (props.disabled) {\n return props.children;\n }\n\n return mounted ? props.children : props.fallback;\n};\n\nexport default ClientOnly;\n","import type { Alepha } from \"alepha\";\nimport { useState } from \"react\";\n\ninterface ErrorViewerProps {\n error: Error;\n alepha: Alepha;\n}\n\n// TODO: design this better\n\nconst ErrorViewer = ({ error, alepha }: ErrorViewerProps) => {\n const [expanded, setExpanded] = useState(false);\n const isProduction = alepha.isProduction();\n // const status = isHttpError(error) ? error.status : 500;\n\n if (isProduction) {\n return <ErrorViewerProduction />;\n }\n\n const stackLines = error.stack?.split(\"\\n\") ?? [];\n const previewLines = stackLines.slice(0, 5);\n const hiddenLineCount = stackLines.length - previewLines.length;\n\n const copyToClipboard = (text: string) => {\n navigator.clipboard.writeText(text).catch((err) => {\n console.error(\"Clipboard error:\", err);\n });\n };\n\n const styles = {\n container: {\n padding: \"24px\",\n backgroundColor: \"#FEF2F2\",\n color: \"#7F1D1D\",\n border: \"1px solid #FECACA\",\n borderRadius: \"16px\",\n boxShadow: \"0 8px 24px rgba(0,0,0,0.05)\",\n fontFamily: \"monospace\",\n maxWidth: \"768px\",\n margin: \"40px auto\",\n },\n heading: {\n fontSize: \"20px\",\n fontWeight: \"bold\",\n marginBottom: \"10px\",\n },\n name: {\n fontSize: \"16px\",\n fontWeight: 600,\n },\n message: {\n fontSize: \"14px\",\n marginBottom: \"16px\",\n },\n sectionHeader: {\n display: \"flex\",\n justifyContent: \"space-between\",\n alignItems: \"center\",\n fontSize: \"12px\",\n marginBottom: \"4px\",\n color: \"#991B1B\",\n },\n copyButton: {\n fontSize: \"12px\",\n color: \"#DC2626\",\n background: \"none\",\n border: \"none\",\n cursor: \"pointer\",\n textDecoration: \"underline\",\n },\n stackContainer: {\n backgroundColor: \"#FEE2E2\",\n padding: \"12px\",\n borderRadius: \"8px\",\n fontSize: \"13px\",\n lineHeight: \"1.4\",\n overflowX: \"auto\" as const,\n whiteSpace: \"pre-wrap\" as const,\n },\n expandLine: {\n color: \"#F87171\",\n cursor: \"pointer\",\n marginTop: \"8px\",\n },\n };\n\n return (\n <div style={styles.container}>\n <div>\n <div style={styles.heading}>🔥 Error</div>\n <div style={styles.name}>{error.name}</div>\n <div style={styles.message}>{error.message}</div>\n </div>\n\n {stackLines.length > 0 && (\n <div>\n <div style={styles.sectionHeader}>\n <span>Stack trace</span>\n <button\n type=\"button\"\n onClick={() => copyToClipboard(error.stack!)}\n style={styles.copyButton}\n >\n Copy all\n </button>\n </div>\n <pre style={styles.stackContainer}>\n {(expanded ? stackLines : previewLines).map((line, i) => (\n <div key={i}>{line}</div>\n ))}\n {!expanded && hiddenLineCount > 0 && (\n <div style={styles.expandLine} onClick={() => setExpanded(true)}>\n + {hiddenLineCount} more lines...\n </div>\n )}\n </pre>\n </div>\n )}\n </div>\n );\n};\n\nexport default ErrorViewer;\n\nconst ErrorViewerProduction = () => {\n const styles = {\n container: {\n padding: \"24px\",\n backgroundColor: \"#FEF2F2\",\n color: \"#7F1D1D\",\n border: \"1px solid #FECACA\",\n borderRadius: \"16px\",\n boxShadow: \"0 8px 24px rgba(0,0,0,0.05)\",\n fontFamily: \"monospace\",\n maxWidth: \"768px\",\n margin: \"40px auto\",\n textAlign: \"center\" as const,\n },\n heading: {\n fontSize: \"20px\",\n fontWeight: \"bold\",\n marginBottom: \"8px\",\n },\n name: {\n fontSize: \"16px\",\n fontWeight: 600,\n marginBottom: \"4px\",\n },\n message: {\n fontSize: \"14px\",\n opacity: 0.85,\n },\n };\n\n return (\n <div style={styles.container}>\n <div style={styles.heading}>🚨 An error occurred</div>\n <div style={styles.message}>\n Something went wrong. Please try again later.\n </div>\n </div>\n );\n};\n","import { createContext } from \"react\";\n\nexport interface RouterLayerContextValue {\n index: number;\n path: string;\n}\n\nexport const RouterLayerContext = createContext<\n RouterLayerContextValue | undefined\n>(undefined);\n","/**\n * Used for Redirection during the page loading.\n *\n * Depends on the context, it can be thrown or just returned.\n */\nexport class Redirection extends Error {\n public readonly redirect: string;\n\n constructor(redirect: string) {\n super(\"Redirection\");\n this.redirect = redirect;\n }\n}\n","import type { Alepha } from \"alepha\";\nimport { createContext } from \"react\";\n\nexport const AlephaContext = createContext<Alepha | undefined>(undefined);\n","import { type Alepha, AlephaError } from \"alepha\";\nimport { useContext } from \"react\";\nimport { AlephaContext } from \"../contexts/AlephaContext.ts\";\n\n/**\n * Main Alepha hook.\n *\n * It provides access to the Alepha instance within a React component.\n *\n * With Alepha, you can access the core functionalities of the framework:\n *\n * - alepha.state() for state management\n * - alepha.inject() for dependency injection\n * - alepha.events.emit() for event handling\n * etc...\n */\nexport const useAlepha = (): Alepha => {\n const alepha = useContext(AlephaContext);\n if (!alepha) {\n throw new AlephaError(\n \"Hook 'useAlepha()' must be used within an AlephaContext.Provider\",\n );\n }\n\n return alepha;\n};\n","import type { Async, Hook, Hooks } from \"alepha\";\nimport { type DependencyList, useEffect } from \"react\";\nimport { useAlepha } from \"./useAlepha.ts\";\n\n/**\n * Allow subscribing to multiple Alepha events. See {@link Hooks} for available events.\n *\n * useEvents is fully typed to ensure correct event callback signatures.\n *\n * @example\n * ```tsx\n * useEvents(\n * {\n * \"react:transition:begin\": (ev) => {\n * console.log(\"Transition began to:\", ev.to);\n * },\n * \"react:transition:error\": {\n * priority: \"first\",\n * callback: (ev) => {\n * console.error(\"Transition error:\", ev.error);\n * },\n * },\n * },\n * [],\n * );\n * ```\n */\nexport const useEvents = (opts: UseEvents, deps: DependencyList) => {\n const alepha = useAlepha();\n\n useEffect(() => {\n if (!alepha.isBrowser()) {\n return;\n }\n\n const subs: Function[] = [];\n for (const [name, hook] of Object.entries(opts)) {\n subs.push(alepha.events.on(name as any, hook as any));\n }\n\n return () => {\n for (const clear of subs) {\n clear();\n }\n };\n }, deps);\n};\n\ntype UseEvents = {\n [T in keyof Hooks]?: Hook<T> | ((payload: Hooks[T]) => Async<void>);\n};\n","import type { State, Static, TAtomObject } from \"alepha\";\nimport { Atom } from \"alepha\";\nimport { useEffect, useMemo, useState } from \"react\";\nimport { useAlepha } from \"./useAlepha.ts\";\n\n/**\n * Hook to access and mutate the Alepha state.\n */\nfunction useStore<T extends TAtomObject>(\n target: Atom<T>,\n defaultValue?: Static<T>,\n): UseStoreReturn<Static<T>>;\nfunction useStore<Key extends keyof State>(\n target: Key,\n defaultValue?: State[Key],\n): UseStoreReturn<State[Key]>;\nfunction useStore(target: any, defaultValue?: any): any {\n const alepha = useAlepha();\n\n useMemo(() => {\n if (defaultValue != null && alepha.state.get(target) == null) {\n alepha.state.set(target, defaultValue);\n }\n }, [defaultValue]);\n\n const [state, setState] = useState(alepha.state.get(target));\n\n useEffect(() => {\n if (!alepha.isBrowser()) {\n return;\n }\n\n const key = target instanceof Atom ? target.key : target;\n\n return alepha.events.on(\"state:mutate\", (ev) => {\n if (ev.key === key) {\n setState(ev.value);\n }\n });\n }, []);\n\n return [\n state,\n (value: any) => {\n alepha.state.set(target, value);\n },\n ] as const;\n}\n\nexport type UseStoreReturn<T> = [T, (value: T) => void];\n\nexport { useStore };\n","import { AlephaError } from \"alepha\";\nimport type { ReactRouterState } from \"../providers/ReactPageProvider.ts\";\nimport { useStore } from \"./useStore.ts\";\n\nexport const useRouterState = (): ReactRouterState => {\n const [state] = useStore(\"alepha.react.router.state\");\n if (!state) {\n throw new AlephaError(\"Missing react router state\");\n }\n return state;\n};\n","import React, {\n type ErrorInfo,\n type PropsWithChildren,\n type ReactNode,\n} from \"react\";\n\n/**\n * Props for the ErrorBoundary component.\n */\nexport interface ErrorBoundaryProps {\n /**\n * Fallback React node to render when an error is caught.\n * If not provided, a default error message will be shown.\n */\n fallback: (error: Error) => ReactNode;\n\n /**\n * Optional callback that receives the error and error info.\n * Use this to log errors to a monitoring service.\n */\n onError?: (error: Error, info: ErrorInfo) => void;\n}\n\n/**\n * State of the ErrorBoundary component.\n */\ninterface ErrorBoundaryState {\n error?: Error;\n}\n\n/**\n * A reusable error boundary for catching rendering errors\n * in any part of the React component tree.\n */\nexport class ErrorBoundary extends React.Component<\n PropsWithChildren<ErrorBoundaryProps>,\n ErrorBoundaryState\n> {\n constructor(props: ErrorBoundaryProps) {\n super(props);\n this.state = {};\n }\n\n /**\n * Update state so the next render shows the fallback UI.\n */\n static getDerivedStateFromError(error: Error): ErrorBoundaryState {\n return {\n error,\n };\n }\n\n /**\n * Lifecycle method called when an error is caught.\n * You can log the error or perform side effects here.\n */\n componentDidCatch(error: Error, info: ErrorInfo): void {\n if (this.props.onError) {\n this.props.onError(error, info);\n }\n }\n\n render(): ReactNode {\n if (this.state.error) {\n return this.props.fallback(this.state.error);\n }\n\n return this.props.children;\n }\n}\n\nexport default ErrorBoundary;\n","import { memo, type ReactNode, use, useRef, useState } from \"react\";\nimport { RouterLayerContext } from \"../contexts/RouterLayerContext.ts\";\nimport type { PageAnimation } from \"../descriptors/$page.ts\";\nimport { Redirection } from \"../errors/Redirection.ts\";\nimport { useEvents } from \"../hooks/useEvents.ts\";\nimport { useRouterState } from \"../hooks/useRouterState.ts\";\nimport type { ReactRouterState } from \"../providers/ReactPageProvider.ts\";\nimport ErrorBoundary from \"./ErrorBoundary.tsx\";\n\nexport interface NestedViewProps {\n children?: ReactNode;\n errorBoundary?: false | ((error: Error) => ReactNode);\n}\n\n/**\n * A component that renders the current view of the nested router layer.\n *\n * To be simple, it renders the `element` of the current child page of a parent page.\n *\n * @example\n * ```tsx\n * import { NestedView } from \"@alepha/react\";\n *\n * class App {\n * parent = $page({\n * component: () => <NestedView />,\n * });\n *\n * child = $page({\n * parent: this.root,\n * component: () => <div>Child Page</div>,\n * });\n * }\n * ```\n */\nconst NestedView = (props: NestedViewProps) => {\n const index = use(RouterLayerContext)?.index ?? 0;\n const state = useRouterState();\n\n const [view, setView] = useState<ReactNode | undefined>(\n state.layers[index]?.element,\n );\n\n const [animation, setAnimation] = useState(\"\");\n const animationExitDuration = useRef<number>(0);\n const animationExitNow = useRef<number>(0);\n\n useEvents(\n {\n \"react:transition:begin\": async ({ previous, state }) => {\n // --------- Animations Begin ---------\n const layer = previous.layers[index];\n if (`${state.url.pathname}/`.startsWith(`${layer?.path}/`)) {\n return;\n }\n\n const animationExit = parseAnimation(\n layer.route?.animation,\n state,\n \"exit\",\n );\n\n if (animationExit) {\n const duration = animationExit.duration || 200;\n animationExitNow.current = Date.now();\n animationExitDuration.current = duration;\n setAnimation(animationExit.animation);\n } else {\n animationExitNow.current = 0;\n animationExitDuration.current = 0;\n setAnimation(\"\");\n }\n // --------- Animations End ---------\n },\n \"react:transition:end\": async ({ state }) => {\n const layer = state.layers[index];\n\n // --------- Animations Begin ---------\n if (animationExitNow.current) {\n const duration = animationExitDuration.current;\n const diff = Date.now() - animationExitNow.current;\n if (diff < duration) {\n await new Promise((resolve) =>\n setTimeout(resolve, duration - diff),\n );\n }\n }\n // --------- Animations End ---------\n\n if (!layer?.cache) {\n setView(layer?.element);\n\n // --------- Animations Begin ---------\n const animationEnter = parseAnimation(\n layer?.route?.animation,\n state,\n \"enter\",\n );\n\n if (animationEnter) {\n setAnimation(animationEnter.animation);\n } else {\n setAnimation(\"\");\n }\n // --------- Animations End ---------\n }\n },\n },\n [],\n );\n\n let element = view ?? props.children ?? null;\n\n // --------- Animations Begin ---------\n if (animation) {\n element = (\n <div\n style={{\n display: \"flex\",\n flex: 1,\n height: \"100%\",\n width: \"100%\",\n position: \"relative\",\n overflow: \"hidden\",\n }}\n >\n <div\n style={{ height: \"100%\", width: \"100%\", display: \"flex\", animation }}\n >\n {element}\n </div>\n </div>\n );\n }\n // --------- Animations End ---------\n\n if (props.errorBoundary === false) {\n return <>{element}</>;\n }\n\n if (props.errorBoundary) {\n return (\n <ErrorBoundary fallback={props.errorBoundary}>{element}</ErrorBoundary>\n );\n }\n\n return (\n <ErrorBoundary\n fallback={(error) => {\n const result = state.onError(error, state); // TODO: onError is not refreshed\n if (result instanceof Redirection) {\n return \"Redirection inside ErrorBoundary is not allowed.\";\n }\n return result as ReactNode;\n }}\n >\n {element}\n </ErrorBoundary>\n );\n};\n\nexport default memo(NestedView);\n\nfunction parseAnimation(\n animationLike: PageAnimation | undefined,\n state: ReactRouterState,\n type: \"enter\" | \"exit\" = \"enter\",\n):\n | {\n duration: number;\n animation: string;\n }\n | undefined {\n if (!animationLike) {\n return undefined;\n }\n\n const DEFAULT_DURATION = 300;\n\n const animation =\n typeof animationLike === \"function\" ? animationLike(state) : animationLike;\n\n if (typeof animation === \"string\") {\n if (type === \"exit\") {\n return;\n }\n return {\n duration: DEFAULT_DURATION,\n animation: `${DEFAULT_DURATION}ms ${animation}`,\n };\n }\n\n if (typeof animation === \"object\") {\n const anim = animation[type];\n const duration =\n typeof anim === \"object\"\n ? (anim.duration ?? DEFAULT_DURATION)\n : DEFAULT_DURATION;\n const name = typeof anim === \"object\" ? anim.name : anim;\n\n if (type === \"exit\") {\n const timing = typeof anim === \"object\" ? (anim.timing ?? \"\") : \"\";\n return {\n duration,\n animation: `${duration}ms ${timing} ${name}`,\n };\n }\n\n const timing = typeof anim === \"object\" ? (anim.timing ?? \"\") : \"\";\n\n return {\n duration,\n animation: `${duration}ms ${timing} ${name}`,\n };\n }\n\n return undefined;\n}\n","import type { CSSProperties } from \"react\";\n\nexport default function NotFoundPage(props: { style?: CSSProperties }) {\n return (\n <div\n style={{\n height: \"100vh\",\n display: \"flex\",\n flexDirection: \"column\",\n justifyContent: \"center\",\n alignItems: \"center\",\n textAlign: \"center\",\n fontFamily: \"sans-serif\",\n padding: \"1rem\",\n ...props.style,\n }}\n >\n <h1 style={{ fontSize: \"1rem\", marginBottom: \"0.5rem\" }}>\n 404 - This page does not exist\n </h1>\n </div>\n );\n}\n","import {\n $env,\n $hook,\n $inject,\n Alepha,\n AlephaError,\n type Static,\n type TSchema,\n t,\n} from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport { createElement, type ReactNode, StrictMode } from \"react\";\nimport ClientOnly from \"../components/ClientOnly.tsx\";\nimport ErrorViewer from \"../components/ErrorViewer.tsx\";\nimport NestedView from \"../components/NestedView.tsx\";\nimport NotFoundPage from \"../components/NotFound.tsx\";\nimport { AlephaContext } from \"../contexts/AlephaContext.ts\";\nimport { RouterLayerContext } from \"../contexts/RouterLayerContext.ts\";\nimport {\n $page,\n type ErrorHandler,\n type PageDescriptor,\n type PageDescriptorOptions,\n} from \"../descriptors/$page.ts\";\nimport { Redirection } from \"../errors/Redirection.ts\";\n\nconst envSchema = t.object({\n REACT_STRICT_MODE: t.boolean({ default: true }),\n});\n\ndeclare module \"alepha\" {\n export interface Env extends Partial<Static<typeof envSchema>> {}\n}\n\nexport class ReactPageProvider {\n protected readonly log = $logger();\n protected readonly env = $env(envSchema);\n protected readonly alepha = $inject(Alepha);\n protected readonly pages: PageRoute[] = [];\n\n public getPages(): PageRoute[] {\n return this.pages;\n }\n\n public getConcretePages(): PageRoute[] {\n const pages: PageRoute[] = [];\n for (const page of this.pages) {\n if (page.children && page.children.length > 0) {\n continue;\n }\n const fullPath = this.pathname(page.name);\n if (fullPath.includes(\":\") || fullPath.includes(\"*\")) {\n if (typeof page.static === \"object\") {\n const entries = page.static.entries;\n if (entries && entries.length > 0) {\n for (const entry of entries) {\n const params = entry.params as Record<string, string>;\n const path = this.compile(page.path ?? \"\", params);\n if (!path.includes(\":\") && !path.includes(\"*\")) {\n pages.push({\n ...page,\n name: params[Object.keys(params)[0]],\n path,\n ...entry,\n });\n }\n }\n }\n }\n\n continue;\n }\n pages.push(page);\n }\n return pages;\n }\n\n public page(name: string): PageRoute {\n for (const page of this.pages) {\n if (page.name === name) {\n return page;\n }\n }\n\n throw new AlephaError(`Page '${name}' not found`);\n }\n\n public pathname(\n name: string,\n options: {\n params?: Record<string, string>;\n query?: Record<string, string>;\n } = {},\n ) {\n const page = this.page(name);\n if (!page) {\n throw new Error(`Page ${name} not found`);\n }\n\n let url = page.path ?? \"\";\n let parent = page.parent;\n while (parent) {\n url = `${parent.path ?? \"\"}/${url}`;\n parent = parent.parent;\n }\n\n url = this.compile(url, options.params ?? {});\n\n if (options.query) {\n const query = new URLSearchParams(options.query);\n if (query.toString()) {\n url += `?${query.toString()}`;\n }\n }\n\n return url.replace(/\\/\\/+/g, \"/\") || \"/\";\n }\n\n public url(\n name: string,\n options: { params?: Record<string, string>; host?: string } = {},\n ): URL {\n return new URL(\n this.pathname(name, options),\n // use provided base or default to http://localhost\n options.host ?? `http://localhost`,\n );\n }\n\n public root(state: ReactRouterState): ReactNode {\n const root = createElement(\n AlephaContext.Provider,\n { value: this.alepha },\n createElement(NestedView, {}, state.layers[0]?.element),\n );\n\n if (this.env.REACT_STRICT_MODE) {\n return createElement(StrictMode, {}, root);\n }\n\n return root;\n }\n\n protected convertStringObjectToObject = (\n schema?: TSchema,\n value?: any,\n ): any => {\n if (t.schema.isObject(schema) && typeof value === \"object\") {\n for (const key in schema.properties) {\n if (\n t.schema.isObject(schema.properties[key]) &&\n typeof value[key] === \"string\"\n ) {\n try {\n value[key] = this.alepha.codec.decode(\n schema.properties[key],\n decodeURIComponent(value[key]),\n );\n } catch (e) {\n // ignore\n }\n }\n }\n }\n return value;\n };\n\n /**\n * Create a new RouterState based on a given route and request.\n * This method resolves the layers for the route, applying any query and params schemas defined in the route.\n * It also handles errors and redirects.\n */\n public async createLayers(\n route: PageRoute,\n state: ReactRouterState,\n previous: PreviousLayerData[] = [],\n ): Promise<CreateLayersResult> {\n let context: Record<string, any> = {}; // all props\n const stack: Array<RouterStackItem> = [{ route }]; // stack of routes\n\n let parent = route.parent;\n while (parent) {\n stack.unshift({ route: parent });\n parent = parent.parent;\n }\n\n let forceRefresh = false;\n\n for (let i = 0; i < stack.length; i++) {\n const it = stack[i];\n const route = it.route;\n const config: Record<string, any> = {};\n\n try {\n this.convertStringObjectToObject(route.schema?.query, state.query);\n config.query = route.schema?.query\n ? this.alepha.codec.decode(route.schema.query, state.query)\n : {};\n } catch (e) {\n it.error = e as Error;\n break;\n }\n\n try {\n config.params = route.schema?.params\n ? this.alepha.codec.decode(route.schema.params, state.params)\n : {};\n } catch (e) {\n it.error = e as Error;\n break;\n }\n\n // save config\n it.config = {\n ...config,\n };\n\n // check if previous layer is the same, reuse if possible\n if (previous?.[i] && !forceRefresh && previous[i].name === route.name) {\n const url = (str?: string) => (str ? str.replace(/\\/\\/+/g, \"/\") : \"/\");\n\n const prev = JSON.stringify({\n part: url(previous[i].part),\n params: previous[i].config?.params ?? {},\n });\n\n const curr = JSON.stringify({\n part: url(route.path),\n params: config.params ?? {},\n });\n\n if (prev === curr) {\n // part is the same, reuse previous layer\n it.props = previous[i].props;\n it.error = previous[i].error;\n it.cache = true;\n context = {\n ...context,\n ...it.props,\n };\n continue;\n }\n\n // part is different, force refresh of next layers\n forceRefresh = true;\n }\n\n // no resolve, render a basic view by default\n if (!route.resolve) {\n continue;\n }\n\n try {\n const args = Object.create(state);\n Object.assign(args, config, context);\n const props = (await route.resolve?.(args)) ?? {};\n\n // save props\n it.props = {\n ...props,\n };\n\n // add props to context\n context = {\n ...context,\n ...props,\n };\n } catch (e) {\n // check if we need to redirect\n if (e instanceof Redirection) {\n return {\n redirect: e.redirect,\n };\n }\n\n this.log.error(\"Page resolver has failed\", e);\n\n it.error = e as Error;\n break;\n }\n }\n\n let acc = \"\";\n for (let i = 0; i < stack.length; i++) {\n const it = stack[i];\n const props = it.props ?? {};\n\n const params = { ...it.config?.params };\n for (const key of Object.keys(params)) {\n params[key] = String(params[key]);\n }\n\n acc += \"/\";\n acc += it.route.path ? this.compile(it.route.path, params) : \"\";\n const path = acc.replace(/\\/+/, \"/\");\n const localErrorHandler = this.getErrorHandler(it.route);\n if (localErrorHandler) {\n const onErrorParent = state.onError;\n state.onError = (error, context) => {\n const result = localErrorHandler(error, context);\n // if nothing happen, call the parent\n if (result === undefined) {\n return onErrorParent(error, context);\n }\n return result;\n };\n }\n\n // normal use case\n if (!it.error) {\n try {\n const element = await this.createElement(it.route, {\n ...props,\n ...context,\n });\n\n state.layers.push({\n name: it.route.name,\n props,\n part: it.route.path,\n config: it.config,\n element: this.renderView(i + 1, path, element, it.route),\n index: i + 1,\n path,\n route: it.route,\n cache: it.cache,\n });\n } catch (e) {\n it.error = e as Error;\n }\n }\n\n // handler has thrown an error, render an error view\n if (it.error) {\n try {\n let element: ReactNode | Redirection | undefined =\n await state.onError(it.error, state);\n\n if (element === undefined) {\n throw it.error;\n }\n\n if (element instanceof Redirection) {\n return {\n redirect: element.redirect,\n };\n }\n\n if (element === null) {\n element = this.renderError(it.error);\n }\n\n state.layers.push({\n props,\n error: it.error,\n name: it.route.name,\n part: it.route.path,\n config: it.config,\n element: this.renderView(i + 1, path, element, it.route),\n index: i + 1,\n path,\n route: it.route,\n });\n break;\n } catch (e) {\n if (e instanceof Redirection) {\n return {\n redirect: e.redirect,\n };\n }\n throw e;\n }\n }\n }\n\n return { state };\n }\n\n protected createRedirectionLayer(redirect: string): CreateLayersResult {\n return {\n redirect,\n };\n }\n\n protected getErrorHandler(route: PageRoute): ErrorHandler | undefined {\n if (route.errorHandler) return route.errorHandler;\n let parent = route.parent;\n while (parent) {\n if (parent.errorHandler) return parent.errorHandler;\n parent = parent.parent;\n }\n }\n\n protected async createElement(\n page: PageRoute,\n props: Record<string, any>,\n ): Promise<ReactNode> {\n if (page.lazy && page.component) {\n this.log.warn(\n `Page ${page.name} has both lazy and component options, lazy will be used`,\n );\n }\n\n if (page.lazy) {\n const component = await page.lazy(); // load component\n return createElement(component.default, props);\n }\n\n if (page.component) {\n return createElement(page.component, props);\n }\n\n return undefined;\n }\n\n public renderError(error: Error): ReactNode {\n return createElement(ErrorViewer, { error, alepha: this.alepha });\n }\n\n public renderEmptyView(): ReactNode {\n return createElement(NestedView, {});\n }\n\n public href(\n page: { options: { name?: string } },\n params: Record<string, any> = {},\n ): string {\n const found = this.pages.find((it) => it.name === page.options.name);\n if (!found) {\n throw new Error(`Page ${page.options.name} not found`);\n }\n\n let url = found.path ?? \"\";\n let parent = found.parent;\n while (parent) {\n url = `${parent.path ?? \"\"}/${url}`;\n parent = parent.parent;\n }\n\n url = this.compile(url, params);\n\n return url.replace(/\\/\\/+/g, \"/\") || \"/\";\n }\n\n public compile(path: string, params: Record<string, string> = {}) {\n for (const [key, value] of Object.entries(params)) {\n path = path.replace(`:${key}`, value);\n }\n return path;\n }\n\n protected renderView(\n index: number,\n path: string,\n view: ReactNode | undefined,\n page: PageRoute,\n ): ReactNode {\n view ??= this.renderEmptyView();\n\n const element = page.client\n ? createElement(\n ClientOnly,\n typeof page.client === \"object\" ? page.client : {},\n view,\n )\n : view;\n\n return createElement(\n RouterLayerContext.Provider,\n {\n value: {\n index,\n path,\n },\n },\n element,\n );\n }\n\n protected readonly configure = $hook({\n on: \"configure\",\n handler: () => {\n let hasNotFoundHandler = false;\n const pages = this.alepha.descriptors($page);\n\n const hasParent = (it: PageDescriptor) => {\n if (it.options.parent) {\n return true;\n }\n\n for (const page of pages) {\n const children = page.options.children\n ? Array.isArray(page.options.children)\n ? page.options.children\n : page.options.children()\n : [];\n if (children.includes(it)) {\n return true;\n }\n }\n };\n\n for (const page of pages) {\n if (page.options.path === \"/*\") {\n hasNotFoundHandler = true;\n }\n\n // skip children, we only want root pages\n if (hasParent(page)) {\n continue;\n }\n\n this.add(this.map(pages, page));\n }\n\n if (!hasNotFoundHandler && pages.length > 0) {\n // add a default 404 page if not already defined\n this.add({\n path: \"/*\",\n name: \"notFound\",\n cache: true,\n component: NotFoundPage,\n onServerResponse: ({ reply }) => {\n reply.status = 404;\n },\n });\n }\n },\n });\n\n protected map(\n pages: Array<PageDescriptor>,\n target: PageDescriptor,\n ): PageRouteEntry {\n const children = target.options.children\n ? Array.isArray(target.options.children)\n ? target.options.children\n : target.options.children()\n : [];\n\n const getChildrenFromParent = (it: PageDescriptor): PageDescriptor[] => {\n const children = [];\n for (const page of pages) {\n if (page.options.parent === it) {\n children.push(page);\n }\n }\n return children;\n };\n\n children.push(...getChildrenFromParent(target));\n\n return {\n ...target.options,\n name: target.name,\n parent: undefined,\n children: children.map((it) => this.map(pages, it)),\n } as PageRoute;\n }\n\n public add(entry: PageRouteEntry) {\n if (this.alepha.isReady()) {\n throw new AlephaError(\"Router is already initialized\");\n }\n\n entry.name ??= this.nextId();\n const page = entry as PageRoute;\n\n page.match = this.createMatch(page);\n this.pages.push(page);\n\n if (page.children) {\n for (const child of page.children) {\n (child as PageRoute).parent = page;\n this.add(child);\n }\n }\n }\n\n protected createMatch(page: PageRoute): string {\n let url = page.path ?? \"/\";\n let target = page.parent;\n while (target) {\n url = `${target.path ?? \"\"}/${url}`;\n target = target.parent;\n }\n\n let path = url.replace(/\\/\\/+/g, \"/\");\n\n if (path.endsWith(\"/\") && path !== \"/\") {\n // remove trailing slash\n path = path.slice(0, -1);\n }\n\n return path;\n }\n\n protected _next = 0;\n\n protected nextId(): string {\n this._next += 1;\n return `P${this._next}`;\n }\n}\n\nexport const isPageRoute = (it: any): it is PageRoute => {\n return (\n it &&\n typeof it === \"object\" &&\n typeof it.path === \"string\" &&\n typeof it.page === \"object\"\n );\n};\n\nexport interface PageRouteEntry\n extends Omit<PageDescriptorOptions, \"children\" | \"parent\"> {\n children?: PageRouteEntry[];\n}\n\nexport interface PageRoute extends PageRouteEntry {\n type: \"page\";\n name: string;\n parent?: PageRoute;\n match: string;\n}\n\nexport interface Layer {\n config?: {\n query?: Record<string, any>;\n params?: Record<string, any>;\n // stack of resolved props\n context?: Record<string, any>;\n };\n\n name: string;\n props?: Record<string, any>;\n error?: Error;\n part?: string;\n element: ReactNode;\n index: number;\n path: string;\n route?: PageRoute;\n cache?: boolean;\n}\n\nexport type PreviousLayerData = Omit<Layer, \"element\" | \"index\" | \"path\">;\n\nexport interface AnchorProps {\n href: string;\n onClick: (ev?: any) => any;\n}\n\nexport interface ReactRouterState {\n /**\n * Stack of layers for the current page.\n */\n layers: Array<Layer>;\n\n /**\n * URL of the current page.\n */\n url: URL;\n\n /**\n * Error handler for the current page.\n */\n onError: ErrorHandler;\n\n /**\n * Params extracted from the URL for the current page.\n */\n params: Record<string, any>;\n\n /**\n * Query parameters extracted from the URL for the current page.\n */\n query: Record<string, string>;\n\n /**\n * Optional meta information associated with the current page.\n */\n meta: Record<string, any>;\n}\n\nexport interface RouterStackItem {\n route: PageRoute;\n config?: Record<string, any>;\n props?: Record<string, any>;\n error?: Error;\n cache?: boolean;\n}\n\nexport interface TransitionOptions {\n previous?: PreviousLayerData[];\n}\n\nexport interface CreateLayersResult {\n redirect?: string;\n state?: ReactRouterState;\n}\n","import { existsSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport {\n $atom,\n $env,\n $hook,\n $inject,\n $use,\n Alepha,\n AlephaError,\n type Static,\n t,\n} from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport {\n type ServerHandler,\n ServerProvider,\n ServerRouterProvider,\n ServerTimingProvider,\n} from \"alepha/server\";\nimport { ServerLinksProvider } from \"alepha/server/links\";\nimport { ServerStaticProvider } from \"alepha/server/static\";\nimport { renderToString } from \"react-dom/server\";\nimport {\n $page,\n type PageDescriptorRenderOptions,\n type PageDescriptorRenderResult,\n} from \"../descriptors/$page.ts\";\nimport { Redirection } from \"../errors/Redirection.ts\";\nimport type { ReactHydrationState } from \"./ReactBrowserProvider.ts\";\nimport {\n type PageRoute,\n ReactPageProvider,\n type ReactRouterState,\n} from \"./ReactPageProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nconst envSchema = t.object({\n REACT_SSR_ENABLED: t.optional(t.boolean()),\n REACT_ROOT_ID: t.text({ default: \"root\" }), // TODO: move to ReactPageProvider.options?\n REACT_SERVER_TEMPLATE: t.optional(\n t.text({\n size: \"rich\",\n }),\n ),\n});\n\ndeclare module \"alepha\" {\n interface Env extends Partial<Static<typeof envSchema>> {}\n interface State {\n \"alepha.react.server.ssr\"?: boolean;\n }\n}\n\n/**\n * React server provider configuration atom\n */\nexport const reactServerOptions = $atom({\n name: \"alepha.react.server.options\",\n schema: t.object({\n publicDir: t.string(),\n staticServer: t.object({\n disabled: t.boolean(),\n path: t.string({\n description: \"URL path where static files will be served.\",\n }),\n }),\n }),\n default: {\n publicDir: \"public\",\n staticServer: {\n disabled: false,\n path: \"/\",\n },\n },\n});\n\nexport type ReactServerProviderOptions = Static<\n typeof reactServerOptions.schema\n>;\n\ndeclare module \"alepha\" {\n interface State {\n [reactServerOptions.key]: ReactServerProviderOptions;\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport class ReactServerProvider {\n protected readonly log = $logger();\n protected readonly alepha = $inject(Alepha);\n protected readonly env = $env(envSchema);\n protected readonly pageApi = $inject(ReactPageProvider);\n protected readonly serverProvider = $inject(ServerProvider);\n protected readonly serverStaticProvider = $inject(ServerStaticProvider);\n protected readonly serverRouterProvider = $inject(ServerRouterProvider);\n protected readonly serverTimingProvider = $inject(ServerTimingProvider);\n\n public readonly ROOT_DIV_REGEX = new RegExp(\n `<div([^>]*)\\\\s+id=[\"']${this.env.REACT_ROOT_ID}[\"']([^>]*)>(.*?)<\\\\/div>`,\n \"is\",\n );\n protected preprocessedTemplate: PreprocessedTemplate | null = null;\n\n protected readonly options = $use(reactServerOptions);\n\n /**\n * Configure the React server provider.\n */\n public readonly onConfigure = $hook({\n on: \"configure\",\n handler: async () => {\n const pages = this.alepha.descriptors($page);\n\n const ssrEnabled =\n pages.length > 0 && this.env.REACT_SSR_ENABLED !== false;\n\n this.alepha.state.set(\"alepha.react.server.ssr\", ssrEnabled);\n\n // development mode\n if (this.alepha.isViteDev()) {\n await this.configureVite(ssrEnabled);\n return;\n }\n\n // production mode\n let root = \"\";\n\n // non-serverless mode only -> serve static files\n if (!this.alepha.isServerless()) {\n root = this.getPublicDirectory();\n if (!root) {\n this.log.warn(\n \"Missing static files, static file server will be disabled\",\n );\n } else {\n this.log.debug(`Using static files from: ${root}`);\n await this.configureStaticServer(root);\n }\n }\n\n if (ssrEnabled) {\n await this.registerPages(async () => this.template);\n this.log.info(\"SSR OK\");\n return;\n }\n\n // no SSR enabled, serve index.html for all unmatched routes\n this.log.info(\"SSR is disabled, use History API fallback\");\n this.serverRouterProvider.createRoute({\n path: \"*\",\n handler: async ({ url, reply }) => {\n if (url.pathname.includes(\".\")) {\n // If the request is for a file (e.g., /style.css), do not fallback\n reply.headers[\"content-type\"] = \"text/plain\";\n reply.body = \"Not Found\";\n reply.status = 404;\n return;\n }\n\n reply.headers[\"content-type\"] = \"text/html\";\n\n // serve index.html for all unmatched routes\n return this.template;\n },\n });\n },\n });\n\n public get template() {\n return (\n this.alepha.env.REACT_SERVER_TEMPLATE ??\n \"<!DOCTYPE html><html lang='en'><head></head><body></body></html>\"\n );\n }\n\n protected async registerPages(templateLoader: TemplateLoader) {\n // Preprocess template once\n const template = await templateLoader();\n if (template) {\n this.preprocessedTemplate = this.preprocessTemplate(template);\n }\n\n for (const page of this.pageApi.getPages()) {\n if (page.children?.length) {\n continue;\n }\n\n this.log.debug(`+ ${page.match} -> ${page.name}`);\n\n this.serverRouterProvider.createRoute({\n ...page,\n schema: undefined, // schema is handled by the page descriptor provider for now (shared by browser and server)\n method: \"GET\",\n path: page.match,\n handler: this.createHandler(page, templateLoader),\n });\n }\n }\n\n /**\n * Get the public directory path where static files are located.\n */\n protected getPublicDirectory(): string {\n const maybe = [\n join(process.cwd(), `dist/${this.options.publicDir}`),\n join(process.cwd(), this.options.publicDir),\n ];\n\n for (const it of maybe) {\n if (existsSync(it)) {\n return it;\n }\n }\n\n return \"\";\n }\n\n /**\n * Configure the static file server to serve files from the given root directory.\n */\n protected async configureStaticServer(root: string) {\n await this.serverStaticProvider.createStaticServer({\n root,\n cacheControl: {\n maxAge: 3600,\n immutable: true,\n },\n ...this.options.staticServer,\n });\n }\n\n /**\n * Configure Vite for SSR.\n */\n protected async configureVite(ssrEnabled: boolean) {\n if (!ssrEnabled) {\n // do nothing, vite will handle everything for us\n return;\n }\n\n this.log.info(\"SSR (dev) OK\");\n\n const url = `http://${process.env.SERVER_HOST}:${process.env.SERVER_PORT}`;\n\n await this.registerPages(() =>\n fetch(`${url}/index.html`)\n .then((it) => it.text())\n .catch(() => undefined),\n );\n }\n\n /**\n * For testing purposes, creates a render function that can be used.\n */\n public async render(\n name: string,\n options: PageDescriptorRenderOptions = {},\n ): Promise<PageDescriptorRenderResult> {\n const page = this.pageApi.page(name);\n const url = new URL(this.pageApi.url(name, options));\n const entry: Partial<ReactRouterState> = {\n url,\n params: options.params ?? {},\n query: options.query ?? {},\n onError: () => null,\n layers: [],\n meta: {},\n };\n const state = entry as ReactRouterState;\n\n this.log.trace(\"Rendering\", {\n url,\n });\n\n await this.alepha.events.emit(\"react:server:render:begin\", {\n state,\n });\n\n const { redirect } = await this.pageApi.createLayers(\n page,\n state as ReactRouterState,\n );\n\n if (redirect) {\n return { state, html: \"\", redirect };\n }\n\n if (!options.html) {\n this.alepha.state.set(\"alepha.react.router.state\", state);\n\n return {\n state,\n html: renderToString(this.pageApi.root(state)),\n };\n }\n\n const template = this.template ?? \"\";\n const html = this.renderToHtml(template, state, options.hydration);\n\n if (html instanceof Redirection) {\n return { state, html: \"\", redirect };\n }\n\n const result = {\n state,\n html,\n };\n\n await this.alepha.events.emit(\"react:server:render:end\", result);\n\n return result;\n }\n\n protected createHandler(\n route: PageRoute,\n templateLoader: TemplateLoader,\n ): ServerHandler {\n return async (serverRequest) => {\n const { url, reply, query, params } = serverRequest;\n const template = await templateLoader();\n if (!template) {\n throw new AlephaError(\"Missing template for SSR rendering\");\n }\n\n this.log.trace(\"Rendering page\", {\n name: route.name,\n });\n\n const entry: Partial<ReactRouterState> = {\n url,\n params,\n query,\n onError: () => null,\n layers: [],\n };\n\n const state = entry as ReactRouterState;\n\n if (this.alepha.has(ServerLinksProvider)) {\n this.alepha.state.set(\n \"alepha.server.request.apiLinks\",\n await this.alepha.inject(ServerLinksProvider).getUserApiLinks({\n user: (serverRequest as any).user, // TODO: fix type\n authorization: serverRequest.headers.authorization,\n }),\n );\n }\n\n let target: PageRoute | undefined = route; // TODO: move to PageDescriptorProvider\n while (target) {\n if (route.can && !route.can()) {\n // if the page is not accessible, return 403\n reply.status = 403;\n reply.headers[\"content-type\"] = \"text/plain\";\n return \"Forbidden\";\n }\n target = target.parent;\n }\n\n // TODO: SSR strategies\n // - only when googlebot\n // - only child pages\n // if (page.client) {\n // \t// if the page is a client-only page, return 404\n // \treply.status = 200;\n // \treply.headers[\"content-type\"] = \"text/html\";\n // \treply.body = template;\n // \treturn;\n // }\n\n await this.alepha.events.emit(\"react:server:render:begin\", {\n request: serverRequest,\n state,\n });\n\n this.serverTimingProvider.beginTiming(\"createLayers\");\n\n const { redirect } = await this.pageApi.createLayers(route, state);\n\n this.serverTimingProvider.endTiming(\"createLayers\");\n\n if (redirect) {\n return reply.redirect(redirect);\n }\n\n reply.headers[\"content-type\"] = \"text/html\";\n\n // by default, disable caching for SSR responses\n // some plugins may override this\n reply.headers[\"cache-control\"] =\n \"no-store, no-cache, must-revalidate, proxy-revalidate\";\n reply.headers.pragma = \"no-cache\";\n reply.headers.expires = \"0\";\n\n const html = this.renderToHtml(template, state);\n if (html instanceof Redirection) {\n reply.redirect(\n typeof html.redirect === \"string\"\n ? html.redirect\n : this.pageApi.href(html.redirect),\n );\n return;\n }\n\n const event = {\n request: serverRequest,\n state,\n html,\n };\n\n await this.alepha.events.emit(\"react:server:render:end\", event);\n\n route.onServerResponse?.(serverRequest);\n\n this.log.trace(\"Page rendered\", {\n name: route.name,\n });\n\n return event.html;\n };\n }\n\n public renderToHtml(\n template: string,\n state: ReactRouterState,\n hydration = true,\n ): string | Redirection {\n const element = this.pageApi.root(state);\n\n // attach react router state to the http request context\n this.alepha.state.set(\"alepha.react.router.state\", state);\n\n this.serverTimingProvider.beginTiming(\"renderToString\");\n let app = \"\";\n try {\n app = renderToString(element);\n } catch (error) {\n this.log.error(\n \"renderToString has failed, fallback to error handler\",\n error,\n );\n const element = state.onError(error as Error, state);\n if (element instanceof Redirection) {\n // if the error is a redirection, return the redirection URL\n return element;\n }\n\n app = renderToString(element);\n this.log.debug(\"Error handled successfully with fallback\");\n }\n this.serverTimingProvider.endTiming(\"renderToString\");\n\n const response = {\n html: template,\n };\n\n if (hydration) {\n const { request, context, ...store } =\n this.alepha.context.als?.getStore() ?? {}; /// TODO: als must be protected, find a way to iterate on alepha.state\n\n const hydrationData: ReactHydrationState = {\n ...store,\n // map react.router.state to the hydration state\n \"alepha.react.router.state\": undefined,\n layers: state.layers.map((it) => ({\n ...it,\n error: it.error\n ? {\n ...it.error,\n name: it.error.name,\n message: it.error.message,\n stack: !this.alepha.isProduction() ? it.error.stack : undefined,\n }\n : undefined,\n index: undefined,\n path: undefined,\n element: undefined,\n route: undefined,\n })),\n };\n\n // create hydration data\n const script = `<script>window.__ssr=${JSON.stringify(hydrationData)}</script>`;\n\n // inject app into template\n this.fillTemplate(response, app, script);\n }\n\n return response.html;\n }\n\n protected preprocessTemplate(template: string): PreprocessedTemplate {\n // Find the body close tag for script injection\n const bodyCloseMatch = template.match(/<\\/body>/i);\n const bodyCloseIndex = bodyCloseMatch?.index ?? template.length;\n\n const beforeScript = template.substring(0, bodyCloseIndex);\n const afterScript = template.substring(bodyCloseIndex);\n\n // Check if there's an existing root div\n const rootDivMatch = beforeScript.match(this.ROOT_DIV_REGEX);\n\n if (rootDivMatch) {\n // Split around the existing root div content\n const beforeDiv = beforeScript.substring(0, rootDivMatch.index!);\n const afterDivStart = rootDivMatch.index! + rootDivMatch[0].length;\n const afterDiv = beforeScript.substring(afterDivStart);\n\n const beforeApp = `${beforeDiv}<div${rootDivMatch[1]} id=\"${this.env.REACT_ROOT_ID}\"${rootDivMatch[2]}>`;\n const afterApp = `</div>${afterDiv}`;\n\n return { beforeApp, afterApp, beforeScript: \"\", afterScript };\n }\n\n // No existing root div, find body tag to inject new div\n const bodyMatch = beforeScript.match(/<body([^>]*)>/i);\n if (bodyMatch) {\n const beforeBody = beforeScript.substring(\n 0,\n bodyMatch.index! + bodyMatch[0].length,\n );\n const afterBody = beforeScript.substring(\n bodyMatch.index! + bodyMatch[0].length,\n );\n\n const beforeApp = `${beforeBody}<div id=\"${this.env.REACT_ROOT_ID}\">`;\n const afterApp = `</div>${afterBody}`;\n\n return { beforeApp, afterApp, beforeScript: \"\", afterScript };\n }\n\n // Fallback: no body tag found, just wrap everything\n return {\n beforeApp: `<div id=\"${this.env.REACT_ROOT_ID}\">`,\n afterApp: `</div>`,\n beforeScript,\n afterScript,\n };\n }\n\n protected fillTemplate(\n response: { html: string },\n app: string,\n script: string,\n ) {\n if (!this.preprocessedTemplate) {\n // Fallback to old logic if preprocessing failed\n this.preprocessedTemplate = this.preprocessTemplate(response.html);\n }\n\n // Pure concatenation - no regex replacements needed\n response.html =\n this.preprocessedTemplate.beforeApp +\n app +\n this.preprocessedTemplate.afterApp +\n script +\n this.preprocessedTemplate.afterScript;\n }\n}\n\ntype TemplateLoader = () => Promise<string | undefined>;\n\ninterface PreprocessedTemplate {\n beforeApp: string;\n afterApp: string;\n beforeScript: string;\n afterScript: string;\n}\n","import { $inject, AlephaError } from \"alepha\";\nimport { ServerProvider } from \"alepha/server\";\nimport type {\n PageDescriptorRenderOptions,\n PageDescriptorRenderResult,\n} from \"../descriptors/$page.ts\";\nimport { ReactServerProvider } from \"../providers/ReactServerProvider.ts\";\nimport { ReactPageService } from \"./ReactPageService.ts\";\n\nexport class ReactPageServerService extends ReactPageService {\n protected readonly reactServerProvider = $inject(ReactServerProvider);\n protected readonly serverProvider = $inject(ServerProvider);\n\n public async render(\n name: string,\n options: PageDescriptorRenderOptions = {},\n ): Promise<PageDescriptorRenderResult> {\n return this.reactServerProvider.render(name, options);\n }\n\n public async fetch(\n pathname: string,\n options: PageDescriptorRenderOptions = {},\n ): Promise<{\n html: string;\n response: Response;\n }> {\n const response = await fetch(`${this.serverProvider.hostname}/${pathname}`);\n\n const html = await response.text();\n if (options?.html) {\n return { html, response };\n }\n\n // take only text inside the root div\n const match = html.match(this.reactServerProvider.ROOT_DIV_REGEX);\n if (match) {\n return { html: match[3], response };\n }\n\n throw new AlephaError(\"Invalid HTML response\");\n }\n}\n","import { $hook, $inject, Alepha } from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport { type Route, RouterProvider } from \"alepha/router\";\nimport { createElement, type ReactNode } from \"react\";\nimport NotFoundPage from \"../components/NotFound.tsx\";\nimport {\n isPageRoute,\n type PageRoute,\n type PageRouteEntry,\n type PreviousLayerData,\n ReactPageProvider,\n type ReactRouterState,\n} from \"./ReactPageProvider.ts\";\n\nexport interface BrowserRoute extends Route {\n page: PageRoute;\n}\n\nexport class ReactBrowserRouterProvider extends RouterProvider<BrowserRoute> {\n protected readonly log = $logger();\n protected readonly alepha = $inject(Alepha);\n protected readonly pageApi = $inject(ReactPageProvider);\n\n public add(entry: PageRouteEntry) {\n this.pageApi.add(entry);\n }\n\n protected readonly configure = $hook({\n on: \"configure\",\n handler: async () => {\n for (const page of this.pageApi.getPages()) {\n // mount only if a view is provided\n if (page.component || page.lazy) {\n this.push({\n path: page.match,\n page,\n });\n }\n }\n },\n });\n\n public async transition(\n url: URL,\n previous: PreviousLayerData[] = [],\n meta = {},\n ): Promise<string | void> {\n const { pathname, search } = url;\n\n const entry: Partial<ReactRouterState> = {\n url,\n query: {},\n params: {},\n layers: [],\n onError: () => null,\n meta,\n };\n\n const state = entry as ReactRouterState;\n\n // Emit both action and transition events\n await this.alepha.events.emit(\"react:action:begin\", {\n type: \"transition\",\n });\n await this.alepha.events.emit(\"react:transition:begin\", {\n previous: this.alepha.state.get(\"alepha.react.router.state\")!,\n state,\n });\n\n try {\n const { route, params } = this.match(pathname);\n\n const query: Record<string, string> = {};\n if (search) {\n for (const [key, value] of new URLSearchParams(search).entries()) {\n query[key] = String(value);\n }\n }\n\n state.query = query;\n state.params = params ?? {};\n\n if (isPageRoute(route)) {\n const { redirect } = await this.pageApi.createLayers(\n route.page,\n state,\n previous,\n );\n if (redirect) {\n return redirect;\n }\n }\n\n if (state.layers.length === 0) {\n state.layers.push({\n name: \"not-found\",\n element: createElement(NotFoundPage),\n index: 0,\n path: \"/\",\n });\n }\n\n await this.alepha.events.emit(\"react:action:success\", {\n type: \"transition\",\n });\n await this.alepha.events.emit(\"react:transition:success\", { state });\n } catch (e) {\n this.log.error(\"Transition has failed\", e);\n state.layers = [\n {\n name: \"error\",\n element: this.pageApi.renderError(e as Error),\n index: 0,\n path: \"/\",\n },\n ];\n\n await this.alepha.events.emit(\"react:action:error\", {\n type: \"transition\",\n error: e as Error,\n });\n await this.alepha.events.emit(\"react:transition:error\", {\n error: e as Error,\n state,\n });\n }\n\n // [feature]: local hook for leaving a page\n if (previous) {\n for (let i = 0; i < previous.length; i++) {\n const layer = previous[i];\n if (state.layers[i]?.name !== layer.name) {\n this.pageApi.page(layer.name)?.onLeave?.();\n }\n }\n }\n\n this.alepha.state.set(\"alepha.react.router.state\", state);\n\n await this.alepha.events.emit(\"react:action:end\", {\n type: \"transition\",\n });\n await this.alepha.events.emit(\"react:transition:end\", {\n state,\n });\n }\n\n public root(state: ReactRouterState): ReactNode {\n return this.pageApi.root(state);\n }\n}\n","import {\n $atom,\n $env,\n $hook,\n $inject,\n $use,\n Alepha,\n type State,\n type Static,\n t,\n} from \"alepha\";\nimport { DateTimeProvider } from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { LinkProvider } from \"alepha/server/links\";\nimport { ReactBrowserRouterProvider } from \"./ReactBrowserRouterProvider.ts\";\nimport type {\n PreviousLayerData,\n ReactRouterState,\n TransitionOptions,\n} from \"./ReactPageProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nconst envSchema = t.object({\n REACT_ROOT_ID: t.text({ default: \"root\" }),\n});\n\ndeclare module \"alepha\" {\n interface Env extends Partial<Static<typeof envSchema>> {}\n}\n\n/**\n * React browser renderer configuration atom\n */\nexport const reactBrowserOptions = $atom({\n name: \"alepha.react.browser.options\",\n schema: t.object({\n scrollRestoration: t.enum([\"top\", \"manual\"]),\n }),\n default: {\n scrollRestoration: \"top\" as const,\n },\n});\n\nexport type ReactBrowserRendererOptions = Static<\n typeof reactBrowserOptions.schema\n>;\n\ndeclare module \"alepha\" {\n interface State {\n [reactBrowserOptions.key]: ReactBrowserRendererOptions;\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport class ReactBrowserProvider {\n protected readonly env = $env(envSchema);\n protected readonly log = $logger();\n protected readonly client = $inject(LinkProvider);\n protected readonly alepha = $inject(Alepha);\n protected readonly router = $inject(ReactBrowserRouterProvider);\n protected readonly dateTimeProvider = $inject(DateTimeProvider);\n\n protected readonly options = $use(reactBrowserOptions);\n\n protected getRootElement() {\n const root = this.document.getElementById(this.env.REACT_ROOT_ID);\n if (root) {\n return root;\n }\n\n const div = this.document.createElement(\"div\");\n div.id = this.env.REACT_ROOT_ID;\n\n this.document.body.prepend(div);\n\n return div;\n }\n\n public transitioning?: {\n to: string;\n from?: string;\n };\n\n public get state(): ReactRouterState {\n return this.alepha.state.get(\"alepha.react.router.state\")!;\n }\n\n /**\n * Accessor for Document DOM API.\n */\n public get document() {\n return window.document;\n }\n\n /**\n * Accessor for History DOM API.\n */\n public get history() {\n return window.history;\n }\n\n /**\n * Accessor for Location DOM API.\n */\n public get location() {\n return window.location;\n }\n\n public get base() {\n const base = import.meta.env?.BASE_URL;\n if (!base || base === \"/\") {\n return \"\";\n }\n\n return base;\n }\n\n public get url(): string {\n const url = this.location.pathname + this.location.search;\n if (this.base) {\n return url.replace(this.base, \"\");\n }\n return url;\n }\n\n public pushState(path: string, replace?: boolean) {\n const url = this.base + path;\n\n if (replace) {\n this.history.replaceState({}, \"\", url);\n } else {\n this.history.pushState({}, \"\", url);\n }\n }\n\n public async invalidate(props?: Record<string, any>) {\n const previous: PreviousLayerData[] = [];\n\n this.log.trace(\"Invalidating layers\");\n\n if (props) {\n const [key] = Object.keys(props);\n const value = props[key];\n\n for (const layer of this.state.layers) {\n if (layer.props?.[key]) {\n previous.push({\n ...layer,\n props: {\n ...layer.props,\n [key]: value,\n },\n });\n break;\n }\n previous.push(layer);\n }\n }\n\n await this.render({ previous });\n }\n\n public async go(url: string, options: RouterGoOptions = {}): Promise<void> {\n this.log.trace(`Going to ${url}`, {\n url,\n options,\n });\n\n await this.render({\n url,\n previous: options.force ? [] : this.state.layers,\n meta: options.meta,\n });\n\n // when redirecting in browser\n if (this.state.url.pathname + this.state.url.search !== url) {\n this.pushState(this.state.url.pathname + this.state.url.search);\n return;\n }\n\n this.pushState(url, options.replace);\n }\n\n protected async render(options: RouterRenderOptions = {}): Promise<void> {\n const previous = options.previous ?? this.state.layers;\n const url = options.url ?? this.url;\n const start = this.dateTimeProvider.now();\n\n this.transitioning = {\n to: url,\n from: this.state?.url.pathname,\n };\n\n this.log.debug(\"Transitioning...\", {\n to: url,\n });\n\n const redirect = await this.router.transition(\n new URL(`http://localhost${url}`),\n previous,\n options.meta,\n );\n\n if (redirect) {\n this.log.info(\"Redirecting to\", {\n redirect,\n });\n\n // if redirect is an absolute URL, use window.location.href (full page reload)\n if (redirect.startsWith(\"http\")) {\n window.location.href = redirect;\n } else {\n // if redirect is a relative URL, use render() (single page app)\n return await this.render({ url: redirect });\n }\n }\n\n const ms = this.dateTimeProvider.now().diff(start);\n this.log.info(`Transition OK [${ms}ms]`, this.transitioning);\n\n this.transitioning = undefined;\n }\n\n /**\n * Get embedded layers from the server.\n */\n protected getHydrationState(): ReactHydrationState | undefined {\n try {\n if (\"__ssr\" in window && typeof window.__ssr === \"object\") {\n return window.__ssr as ReactHydrationState;\n }\n } catch (error) {\n console.error(error);\n }\n }\n\n // -------------------------------------------------------------------------------------------------------------------\n\n protected readonly onTransitionEnd = $hook({\n on: \"react:transition:end\",\n handler: () => {\n if (\n this.options.scrollRestoration === \"top\" &&\n typeof window !== \"undefined\" &&\n !this.alepha.isTest()\n ) {\n this.log.trace(\"Restoring scroll position to top\");\n window.scrollTo(0, 0);\n }\n },\n });\n\n public readonly ready = $hook({\n on: \"ready\",\n handler: async () => {\n const hydration = this.getHydrationState();\n const previous = hydration?.layers ?? [];\n\n if (hydration) {\n // low budget, but works for now\n for (const [key, value] of Object.entries(hydration)) {\n if (key !== \"layers\") {\n this.alepha.state.set(key as keyof State, value);\n }\n }\n }\n\n await this.render({ previous });\n\n const element = this.router.root(this.state);\n\n await this.alepha.events.emit(\"react:browser:render\", {\n element,\n root: this.getRootElement(),\n hydration,\n state: this.state,\n });\n\n window.addEventListener(\"popstate\", () => {\n // when you update silently queryParams or hash, skip rendering\n // if you want to force a rendering, use #go()\n if (this.base + this.state.url.pathname === this.location.pathname) {\n return;\n }\n\n this.log.debug(\"Popstate event triggered - rendering new state\", {\n url: this.location.pathname + this.location.search,\n });\n\n this.render();\n });\n },\n });\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface RouterGoOptions {\n replace?: boolean;\n match?: TransitionOptions;\n params?: Record<string, string>;\n query?: Record<string, string>;\n meta?: Record<string, any>;\n\n /**\n * Recreate the whole page, ignoring the current state.\n */\n force?: boolean;\n}\n\nexport type ReactHydrationState = {\n layers?: Array<PreviousLayerData>;\n} & {\n [key: string]: any;\n};\n\nexport interface RouterRenderOptions {\n url?: string;\n previous?: PreviousLayerData[];\n meta?: Record<string, any>;\n}\n","import { $inject, Alepha } from \"alepha\";\nimport type { PageDescriptor } from \"../descriptors/$page.ts\";\nimport {\n ReactBrowserProvider,\n type RouterGoOptions,\n} from \"../providers/ReactBrowserProvider.ts\";\nimport {\n type AnchorProps,\n ReactPageProvider,\n type ReactRouterState,\n} from \"../providers/ReactPageProvider.ts\";\n\nexport class ReactRouter<T extends object> {\n protected readonly alepha = $inject(Alepha);\n protected readonly pageApi = $inject(ReactPageProvider);\n\n public get state(): ReactRouterState {\n return this.alepha.state.get(\"alepha.react.router.state\")!;\n }\n\n public get pages() {\n return this.pageApi.getPages();\n }\n\n public get concretePages() {\n return this.pageApi.getConcretePages();\n }\n\n public get browser(): ReactBrowserProvider | undefined {\n if (this.alepha.isBrowser()) {\n return this.alepha.inject(ReactBrowserProvider);\n }\n // server-side\n return undefined;\n }\n\n public isActive(\n href: string,\n options: {\n startWith?: boolean;\n } = {},\n ): boolean {\n const current = this.state.url.pathname;\n let isActive =\n current === href || current === `${href}/` || `${current}/` === href;\n\n if (options.startWith && !isActive) {\n isActive = current.startsWith(href);\n }\n\n return isActive;\n }\n\n public path(\n name: keyof VirtualRouter<T>,\n config: {\n params?: Record<string, any>;\n query?: Record<string, any>;\n } = {},\n ): string {\n return this.pageApi.pathname(name as string, {\n params: {\n ...this.state.params,\n ...config.params,\n },\n query: config.query,\n });\n }\n\n /**\n * Reload the current page.\n * This is equivalent to calling `go()` with the current pathname and search.\n */\n public async reload() {\n if (!this.browser) {\n return;\n }\n\n await this.go(this.location.pathname + this.location.search, {\n replace: true,\n force: true,\n });\n }\n\n public getURL(): URL {\n if (!this.browser) {\n return this.state.url;\n }\n\n return new URL(this.location.href);\n }\n\n public get location(): Location {\n if (!this.browser) {\n throw new Error(\"Browser is required\");\n }\n\n return this.browser.location;\n }\n\n public get current(): ReactRouterState {\n return this.state;\n }\n\n public get pathname(): string {\n return this.state.url.pathname;\n }\n\n public get query(): Record<string, string> {\n const query: Record<string, string> = {};\n\n for (const [key, value] of new URLSearchParams(\n this.state.url.search,\n ).entries()) {\n query[key] = String(value);\n }\n\n return query;\n }\n\n public async back() {\n this.browser?.history.back();\n }\n\n public async forward() {\n this.browser?.history.forward();\n }\n\n public async invalidate(props?: Record<string, any>) {\n await this.browser?.invalidate(props);\n }\n\n public async go(path: string, options?: RouterGoOptions): Promise<void>;\n public async go(\n path: keyof VirtualRouter<T>,\n options?: RouterGoOptions,\n ): Promise<void>;\n public async go(\n path: string | keyof VirtualRouter<T>,\n options?: RouterGoOptions,\n ): Promise<void> {\n for (const page of this.pages) {\n if (page.name === path) {\n await this.browser?.go(\n this.path(path as keyof VirtualRouter<T>, options),\n options,\n );\n return;\n }\n }\n\n await this.browser?.go(path as string, options);\n }\n\n public anchor(path: string, options?: RouterGoOptions): AnchorProps;\n public anchor(\n path: keyof VirtualRouter<T>,\n options?: RouterGoOptions,\n ): AnchorProps;\n public anchor(\n path: string | keyof VirtualRouter<T>,\n options: RouterGoOptions = {},\n ): AnchorProps {\n let href = path as string;\n\n for (const page of this.pages) {\n if (page.name === path) {\n href = this.path(path as keyof VirtualRouter<T>, options);\n break;\n }\n }\n\n return {\n href: this.base(href),\n onClick: (ev: any) => {\n ev.stopPropagation();\n ev.preventDefault();\n\n this.go(href, options).catch(console.error);\n },\n };\n }\n\n public base(path: string): string {\n const base = import.meta.env?.BASE_URL;\n if (!base || base === \"/\") {\n return path;\n }\n\n return base + path;\n }\n\n /**\n * Set query params.\n *\n * @param record\n * @param options\n */\n public setQueryParams(\n record:\n | Record<string, any>\n | ((queryParams: Record<string, any>) => Record<string, any>),\n options: {\n /**\n * If true, this will add a new entry to the history stack.\n */\n push?: boolean;\n } = {},\n ) {\n const func = typeof record === \"function\" ? record : () => record;\n const search = new URLSearchParams(func(this.query)).toString();\n const state = search ? `${this.pathname}?${search}` : this.pathname;\n\n if (options.push) {\n window.history.pushState({}, \"\", state);\n } else {\n window.history.replaceState({}, \"\", state);\n }\n }\n}\n\nexport type VirtualRouter<T> = {\n [K in keyof T as T[K] extends PageDescriptor ? K : never]: T[K];\n};\n","import { $module } from \"alepha\";\nimport { AlephaDateTime } from \"alepha/datetime\";\nimport { AlephaServer, type ServerRequest } from \"alepha/server\";\nimport { AlephaServerCache } from \"alepha/server/cache\";\nimport { AlephaServerLinks } from \"alepha/server/links\";\nimport type { ReactNode } from \"react\";\nimport { $page, type PageAnimation } from \"./descriptors/$page.ts\";\nimport type { ReactHydrationState } from \"./providers/ReactBrowserProvider.ts\";\nimport {\n ReactPageProvider,\n type ReactRouterState,\n} from \"./providers/ReactPageProvider.ts\";\nimport { ReactServerProvider } from \"./providers/ReactServerProvider.ts\";\nimport { ReactPageServerService } from \"./services/ReactPageServerService.ts\";\nimport { ReactPageService } from \"./services/ReactPageService.ts\";\nimport { ReactRouter } from \"./services/ReactRouter.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./index.shared.ts\";\nexport * from \"./providers/ReactBrowserProvider.ts\";\nexport * from \"./providers/ReactPageProvider.ts\";\nexport * from \"./providers/ReactServerProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha\" {\n interface State {\n \"alepha.react.router.state\"?: ReactRouterState;\n }\n\n interface Hooks {\n /**\n * Fires when the React application is starting to be rendered on the server.\n */\n \"react:server:render:begin\": {\n request?: ServerRequest;\n state: ReactRouterState;\n };\n /**\n * Fires when the React application has been rendered on the server.\n */\n \"react:server:render:end\": {\n request?: ServerRequest;\n state: ReactRouterState;\n html: string;\n };\n // -----------------------------------------------------------------------------------------------------------------\n /**\n * Fires when the React application is being rendered on the browser.\n */\n \"react:browser:render\": {\n root: HTMLElement;\n element: ReactNode;\n state: ReactRouterState;\n hydration?: ReactHydrationState;\n };\n // -----------------------------------------------------------------------------------------------------------------\n // TOP LEVEL: All user actions (forms, transitions, custom actions)\n /**\n * Fires when a user action is starting.\n * Action can be a form submission, a route transition, or a custom action.\n */\n \"react:action:begin\": {\n type: string;\n id?: string;\n };\n /**\n * Fires when a user action has succeeded.\n * Action can be a form submission, a route transition, or a custom action.\n */\n \"react:action:success\": {\n type: string;\n id?: string;\n };\n /**\n * Fires when a user action has failed.\n * Action can be a form submission, a route transition, or a custom action.\n */\n \"react:action:error\": {\n type: string;\n id?: string;\n error: Error;\n };\n /**\n * Fires when a user action has completed, regardless of success or failure.\n * Action can be a form submission, a route transition, or a custom action.\n */\n \"react:action:end\": {\n type: string;\n id?: string;\n };\n // -----------------------------------------------------------------------------------------------------------------\n // SPECIFIC: Route transitions\n /**\n * Fires when a route transition is starting.\n */\n \"react:transition:begin\": {\n previous: ReactRouterState;\n state: ReactRouterState;\n animation?: PageAnimation;\n };\n /**\n * Fires when a route transition has succeeded.\n */\n \"react:transition:success\": {\n state: ReactRouterState;\n };\n /**\n * Fires when a route transition has failed.\n */\n \"react:transition:error\": {\n state: ReactRouterState;\n error: Error;\n };\n /**\n * Fires when a route transition has completed, regardless of success or failure.\n */\n \"react:transition:end\": {\n state: ReactRouterState;\n };\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * Provides full-stack React development with declarative routing, server-side rendering, and client-side hydration.\n *\n * The React module enables building modern React applications using the `$page` descriptor on class properties.\n * It delivers seamless server-side rendering, automatic code splitting, and client-side navigation with full\n * type safety and schema validation for route parameters and data.\n *\n * @see {@link $page}\n * @module alepha.react\n */\nexport const AlephaReact = $module({\n name: \"alepha.react\",\n descriptors: [$page],\n services: [\n ReactServerProvider,\n ReactPageProvider,\n ReactRouter,\n ReactPageService,\n ReactPageServerService,\n ],\n register: (alepha) =>\n alepha\n .with(AlephaDateTime)\n .with(AlephaServer)\n .with(AlephaServerCache)\n .with(AlephaServerLinks)\n .with({\n provide: ReactPageService,\n use: ReactPageServerService,\n })\n .with(ReactServerProvider)\n .with(ReactPageProvider)\n .with(ReactRouter),\n});\n","let USER_AGENT;\nif (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {\n const NAME = 'oauth4webapi';\n const VERSION = 'v3.8.2';\n USER_AGENT = `${NAME}/${VERSION}`;\n}\nfunction looseInstanceOf(input, expected) {\n if (input == null) {\n return false;\n }\n try {\n return (input instanceof expected ||\n Object.getPrototypeOf(input)[Symbol.toStringTag] === expected.prototype[Symbol.toStringTag]);\n }\n catch {\n return false;\n }\n}\nconst ERR_INVALID_ARG_VALUE = 'ERR_INVALID_ARG_VALUE';\nconst ERR_INVALID_ARG_TYPE = 'ERR_INVALID_ARG_TYPE';\nfunction CodedTypeError(message, code, cause) {\n const err = new TypeError(message, { cause });\n Object.assign(err, { code });\n return err;\n}\nexport const allowInsecureRequests = Symbol();\nexport const clockSkew = Symbol();\nexport const clockTolerance = Symbol();\nexport const customFetch = Symbol();\nexport const modifyAssertion = Symbol();\nexport const jweDecrypt = Symbol();\nexport const jwksCache = Symbol();\nconst encoder = new TextEncoder();\nconst decoder = new TextDecoder();\nfunction buf(input) {\n if (typeof input === 'string') {\n return encoder.encode(input);\n }\n return decoder.decode(input);\n}\nlet encodeBase64Url;\nif (Uint8Array.prototype.toBase64) {\n encodeBase64Url = (input) => {\n if (input instanceof ArrayBuffer) {\n input = new Uint8Array(input);\n }\n return input.toBase64({ alphabet: 'base64url', omitPadding: true });\n };\n}\nelse {\n const CHUNK_SIZE = 0x8000;\n encodeBase64Url = (input) => {\n if (input instanceof ArrayBuffer) {\n input = new Uint8Array(input);\n }\n const arr = [];\n for (let i = 0; i < input.byteLength; i += CHUNK_SIZE) {\n arr.push(String.fromCharCode.apply(null, input.subarray(i, i + CHUNK_SIZE)));\n }\n return btoa(arr.join('')).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n };\n}\nlet decodeBase64Url;\nif (Uint8Array.fromBase64) {\n decodeBase64Url = (input) => {\n try {\n return Uint8Array.fromBase64(input, { alphabet: 'base64url' });\n }\n catch (cause) {\n throw CodedTypeError('The input to be decoded is not correctly encoded.', ERR_INVALID_ARG_VALUE, cause);\n }\n };\n}\nelse {\n decodeBase64Url = (input) => {\n try {\n const binary = atob(input.replace(/-/g, '+').replace(/_/g, '/').replace(/\\s/g, ''));\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n }\n catch (cause) {\n throw CodedTypeError('The input to be decoded is not correctly encoded.', ERR_INVALID_ARG_VALUE, cause);\n }\n };\n}\nfunction b64u(input) {\n if (typeof input === 'string') {\n return decodeBase64Url(input);\n }\n return encodeBase64Url(input);\n}\nexport class UnsupportedOperationError extends Error {\n code;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = UNSUPPORTED_OPERATION;\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nexport class OperationProcessingError extends Error {\n code;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n if (options?.code) {\n this.code = options?.code;\n }\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nfunction OPE(message, code, cause) {\n return new OperationProcessingError(message, { code, cause });\n}\nasync function calculateJwkThumbprint(jwk) {\n let components;\n switch (jwk.kty) {\n case 'EC':\n components = {\n crv: jwk.crv,\n kty: jwk.kty,\n x: jwk.x,\n y: jwk.y,\n };\n break;\n case 'OKP':\n components = {\n crv: jwk.crv,\n kty: jwk.kty,\n x: jwk.x,\n };\n break;\n case 'AKP':\n components = {\n alg: jwk.alg,\n kty: jwk.kty,\n pub: jwk.pub,\n };\n break;\n case 'RSA':\n components = {\n e: jwk.e,\n kty: jwk.kty,\n n: jwk.n,\n };\n break;\n default:\n throw new UnsupportedOperationError('unsupported JWK key type', { cause: jwk });\n }\n return b64u(await crypto.subtle.digest('SHA-256', buf(JSON.stringify(components))));\n}\nfunction assertCryptoKey(key, it) {\n if (!(key instanceof CryptoKey)) {\n throw CodedTypeError(`${it} must be a CryptoKey`, ERR_INVALID_ARG_TYPE);\n }\n}\nfunction assertPrivateKey(key, it) {\n assertCryptoKey(key, it);\n if (key.type !== 'private') {\n throw CodedTypeError(`${it} must be a private CryptoKey`, ERR_INVALID_ARG_VALUE);\n }\n}\nfunction assertPublicKey(key, it) {\n assertCryptoKey(key, it);\n if (key.type !== 'public') {\n throw CodedTypeError(`${it} must be a public CryptoKey`, ERR_INVALID_ARG_VALUE);\n }\n}\nfunction normalizeTyp(value) {\n return value.toLowerCase().replace(/^application\\//, '');\n}\nfunction isJsonObject(input) {\n if (input === null || typeof input !== 'object' || Array.isArray(input)) {\n return false;\n }\n return true;\n}\nfunction prepareHeaders(input) {\n if (looseInstanceOf(input, Headers)) {\n input = Object.fromEntries(input.entries());\n }\n const headers = new Headers(input ?? {});\n if (USER_AGENT && !headers.has('user-agent')) {\n headers.set('user-agent', USER_AGENT);\n }\n if (headers.has('authorization')) {\n throw CodedTypeError('\"options.headers\" must not include the \"authorization\" header name', ERR_INVALID_ARG_VALUE);\n }\n return headers;\n}\nfunction signal(url, value) {\n if (value !== undefined) {\n if (typeof value === 'function') {\n value = value(url.href);\n }\n if (!(value instanceof AbortSignal)) {\n throw CodedTypeError('\"options.signal\" must return or be an instance of AbortSignal', ERR_INVALID_ARG_TYPE);\n }\n return value;\n }\n return undefined;\n}\nfunction replaceDoubleSlash(pathname) {\n if (pathname.includes('//')) {\n return pathname.replace('//', '/');\n }\n return pathname;\n}\nfunction prependWellKnown(url, wellKnown, allowTerminatingSlash = false) {\n if (url.pathname === '/') {\n url.pathname = wellKnown;\n }\n else {\n url.pathname = replaceDoubleSlash(`${wellKnown}/${allowTerminatingSlash ? url.pathname : url.pathname.replace(/(\\/)$/, '')}`);\n }\n return url;\n}\nfunction appendWellKnown(url, wellKnown) {\n url.pathname = replaceDoubleSlash(`${url.pathname}/${wellKnown}`);\n return url;\n}\nasync function performDiscovery(input, urlName, transform, options) {\n if (!(input instanceof URL)) {\n throw CodedTypeError(`\"${urlName}\" must be an instance of URL`, ERR_INVALID_ARG_TYPE);\n }\n checkProtocol(input, options?.[allowInsecureRequests] !== true);\n const url = transform(new URL(input.href));\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n return (options?.[customFetch] || fetch)(url.href, {\n body: undefined,\n headers: Object.fromEntries(headers.entries()),\n method: 'GET',\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n}\nexport async function discoveryRequest(issuerIdentifier, options) {\n return performDiscovery(issuerIdentifier, 'issuerIdentifier', (url) => {\n switch (options?.algorithm) {\n case undefined:\n case 'oidc':\n appendWellKnown(url, '.well-known/openid-configuration');\n break;\n case 'oauth2':\n prependWellKnown(url, '.well-known/oauth-authorization-server');\n break;\n default:\n throw CodedTypeError('\"options.algorithm\" must be \"oidc\" (default), or \"oauth2\"', ERR_INVALID_ARG_VALUE);\n }\n return url;\n }, options);\n}\nfunction assertNumber(input, allow0, it, code, cause) {\n try {\n if (typeof input !== 'number' || !Number.isFinite(input)) {\n throw CodedTypeError(`${it} must be a number`, ERR_INVALID_ARG_TYPE, cause);\n }\n if (input > 0)\n return;\n if (allow0) {\n if (input !== 0) {\n throw CodedTypeError(`${it} must be a non-negative number`, ERR_INVALID_ARG_VALUE, cause);\n }\n return;\n }\n throw CodedTypeError(`${it} must be a positive number`, ERR_INVALID_ARG_VALUE, cause);\n }\n catch (err) {\n if (code) {\n throw OPE(err.message, code, cause);\n }\n throw err;\n }\n}\nfunction assertString(input, it, code, cause) {\n try {\n if (typeof input !== 'string') {\n throw CodedTypeError(`${it} must be a string`, ERR_INVALID_ARG_TYPE, cause);\n }\n if (input.length === 0) {\n throw CodedTypeError(`${it} must not be empty`, ERR_INVALID_ARG_VALUE, cause);\n }\n }\n catch (err) {\n if (code) {\n throw OPE(err.message, code, cause);\n }\n throw err;\n }\n}\nexport async function processDiscoveryResponse(expectedIssuerIdentifier, response) {\n const expected = expectedIssuerIdentifier;\n if (!(expected instanceof URL) && expected !== _nodiscoverycheck) {\n throw CodedTypeError('\"expectedIssuerIdentifier\" must be an instance of URL', ERR_INVALID_ARG_TYPE);\n }\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform Authorization Server Metadata response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.issuer, '\"response\" body \"issuer\" property', INVALID_RESPONSE, { body: json });\n if (expected !== _nodiscoverycheck && new URL(json.issuer).href !== expected.href) {\n throw OPE('\"response\" body \"issuer\" property does not match the expected value', JSON_ATTRIBUTE_COMPARISON, { expected: expected.href, body: json, attribute: 'issuer' });\n }\n return json;\n}\nfunction assertApplicationJson(response) {\n assertContentType(response, 'application/json');\n}\nfunction notJson(response, ...types) {\n let msg = '\"response\" content-type must be ';\n if (types.length > 2) {\n const last = types.pop();\n msg += `${types.join(', ')}, or ${last}`;\n }\n else if (types.length === 2) {\n msg += `${types[0]} or ${types[1]}`;\n }\n else {\n msg += types[0];\n }\n return OPE(msg, RESPONSE_IS_NOT_JSON, response);\n}\nfunction assertContentTypes(response, ...types) {\n if (!types.includes(getContentType(response))) {\n throw notJson(response, ...types);\n }\n}\nfunction assertContentType(response, contentType) {\n if (getContentType(response) !== contentType) {\n throw notJson(response, contentType);\n }\n}\nfunction randomBytes() {\n return b64u(crypto.getRandomValues(new Uint8Array(32)));\n}\nexport function generateRandomCodeVerifier() {\n return randomBytes();\n}\nexport function generateRandomState() {\n return randomBytes();\n}\nexport function generateRandomNonce() {\n return randomBytes();\n}\nexport async function calculatePKCECodeChallenge(codeVerifier) {\n assertString(codeVerifier, 'codeVerifier');\n return b64u(await crypto.subtle.digest('SHA-256', buf(codeVerifier)));\n}\nfunction getKeyAndKid(input) {\n if (input instanceof CryptoKey) {\n return { key: input };\n }\n if (!(input?.key instanceof CryptoKey)) {\n return {};\n }\n if (input.kid !== undefined) {\n assertString(input.kid, '\"kid\"');\n }\n return {\n key: input.key,\n kid: input.kid,\n };\n}\nfunction psAlg(key) {\n switch (key.algorithm.hash.name) {\n case 'SHA-256':\n return 'PS256';\n case 'SHA-384':\n return 'PS384';\n case 'SHA-512':\n return 'PS512';\n default:\n throw new UnsupportedOperationError('unsupported RsaHashedKeyAlgorithm hash name', {\n cause: key,\n });\n }\n}\nfunction rsAlg(key) {\n switch (key.algorithm.hash.name) {\n case 'SHA-256':\n return 'RS256';\n case 'SHA-384':\n return 'RS384';\n case 'SHA-512':\n return 'RS512';\n default:\n throw new UnsupportedOperationError('unsupported RsaHashedKeyAlgorithm hash name', {\n cause: key,\n });\n }\n}\nfunction esAlg(key) {\n switch (key.algorithm.namedCurve) {\n case 'P-256':\n return 'ES256';\n case 'P-384':\n return 'ES384';\n case 'P-521':\n return 'ES512';\n default:\n throw new UnsupportedOperationError('unsupported EcKeyAlgorithm namedCurve', { cause: key });\n }\n}\nfunction keyToJws(key) {\n switch (key.algorithm.name) {\n case 'RSA-PSS':\n return psAlg(key);\n case 'RSASSA-PKCS1-v1_5':\n return rsAlg(key);\n case 'ECDSA':\n return esAlg(key);\n case 'Ed25519':\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n return key.algorithm.name;\n case 'EdDSA':\n return 'Ed25519';\n default:\n throw new UnsupportedOperationError('unsupported CryptoKey algorithm name', { cause: key });\n }\n}\nfunction getClockSkew(client) {\n const skew = client?.[clockSkew];\n return typeof skew === 'number' && Number.isFinite(skew) ? skew : 0;\n}\nfunction getClockTolerance(client) {\n const tolerance = client?.[clockTolerance];\n return typeof tolerance === 'number' && Number.isFinite(tolerance) && Math.sign(tolerance) !== -1\n ? tolerance\n : 30;\n}\nfunction epochTime() {\n return Math.floor(Date.now() / 1000);\n}\nfunction assertAs(as) {\n if (typeof as !== 'object' || as === null) {\n throw CodedTypeError('\"as\" must be an object', ERR_INVALID_ARG_TYPE);\n }\n assertString(as.issuer, '\"as.issuer\"');\n}\nfunction assertClient(client) {\n if (typeof client !== 'object' || client === null) {\n throw CodedTypeError('\"client\" must be an object', ERR_INVALID_ARG_TYPE);\n }\n assertString(client.client_id, '\"client.client_id\"');\n}\nfunction formUrlEncode(token) {\n return encodeURIComponent(token).replace(/(?:[-_.!~*'()]|%20)/g, (substring) => {\n switch (substring) {\n case '-':\n case '_':\n case '.':\n case '!':\n case '~':\n case '*':\n case \"'\":\n case '(':\n case ')':\n return `%${substring.charCodeAt(0).toString(16).toUpperCase()}`;\n case '%20':\n return '+';\n default:\n throw new Error();\n }\n });\n}\nexport function ClientSecretPost(clientSecret) {\n assertString(clientSecret, '\"clientSecret\"');\n return (_as, client, body, _headers) => {\n body.set('client_id', client.client_id);\n body.set('client_secret', clientSecret);\n };\n}\nexport function ClientSecretBasic(clientSecret) {\n assertString(clientSecret, '\"clientSecret\"');\n return (_as, client, _body, headers) => {\n const username = formUrlEncode(client.client_id);\n const password = formUrlEncode(clientSecret);\n const credentials = btoa(`${username}:${password}`);\n headers.set('authorization', `Basic ${credentials}`);\n };\n}\nfunction clientAssertionPayload(as, client) {\n const now = epochTime() + getClockSkew(client);\n return {\n jti: randomBytes(),\n aud: as.issuer,\n exp: now + 60,\n iat: now,\n nbf: now,\n iss: client.client_id,\n sub: client.client_id,\n };\n}\nexport function PrivateKeyJwt(clientPrivateKey, options) {\n const { key, kid } = getKeyAndKid(clientPrivateKey);\n assertPrivateKey(key, '\"clientPrivateKey.key\"');\n return async (as, client, body, _headers) => {\n const header = { alg: keyToJws(key), kid };\n const payload = clientAssertionPayload(as, client);\n options?.[modifyAssertion]?.(header, payload);\n body.set('client_id', client.client_id);\n body.set('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n body.set('client_assertion', await signJwt(header, payload, key));\n };\n}\nexport function ClientSecretJwt(clientSecret, options) {\n assertString(clientSecret, '\"clientSecret\"');\n const modify = options?.[modifyAssertion];\n let key;\n return async (as, client, body, _headers) => {\n key ||= await crypto.subtle.importKey('raw', buf(clientSecret), { hash: 'SHA-256', name: 'HMAC' }, false, ['sign']);\n const header = { alg: 'HS256' };\n const payload = clientAssertionPayload(as, client);\n modify?.(header, payload);\n const data = `${b64u(buf(JSON.stringify(header)))}.${b64u(buf(JSON.stringify(payload)))}`;\n const hmac = await crypto.subtle.sign(key.algorithm, key, buf(data));\n body.set('client_id', client.client_id);\n body.set('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n body.set('client_assertion', `${data}.${b64u(new Uint8Array(hmac))}`);\n };\n}\nexport function None() {\n return (_as, client, body, _headers) => {\n body.set('client_id', client.client_id);\n };\n}\nexport function TlsClientAuth() {\n return None();\n}\nasync function signJwt(header, payload, key) {\n if (!key.usages.includes('sign')) {\n throw CodedTypeError('CryptoKey instances used for signing assertions must include \"sign\" in their \"usages\"', ERR_INVALID_ARG_VALUE);\n }\n const input = `${b64u(buf(JSON.stringify(header)))}.${b64u(buf(JSON.stringify(payload)))}`;\n const signature = b64u(await crypto.subtle.sign(keyToSubtle(key), key, buf(input)));\n return `${input}.${signature}`;\n}\nexport async function issueRequestObject(as, client, parameters, privateKey, options) {\n assertAs(as);\n assertClient(client);\n parameters = new URLSearchParams(parameters);\n const { key, kid } = getKeyAndKid(privateKey);\n assertPrivateKey(key, '\"privateKey.key\"');\n parameters.set('client_id', client.client_id);\n const now = epochTime() + getClockSkew(client);\n const claims = {\n ...Object.fromEntries(parameters.entries()),\n jti: randomBytes(),\n aud: as.issuer,\n exp: now + 60,\n iat: now,\n nbf: now,\n iss: client.client_id,\n };\n let resource;\n if (parameters.has('resource') &&\n (resource = parameters.getAll('resource')) &&\n resource.length > 1) {\n claims.resource = resource;\n }\n {\n let value = parameters.get('max_age');\n if (value !== null) {\n claims.max_age = parseInt(value, 10);\n assertNumber(claims.max_age, true, '\"max_age\" parameter');\n }\n }\n {\n let value = parameters.get('claims');\n if (value !== null) {\n try {\n claims.claims = JSON.parse(value);\n }\n catch (cause) {\n throw OPE('failed to parse the \"claims\" parameter as JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(claims.claims)) {\n throw CodedTypeError('\"claims\" parameter must be a JSON with a top level object', ERR_INVALID_ARG_VALUE);\n }\n }\n }\n {\n let value = parameters.get('authorization_details');\n if (value !== null) {\n try {\n claims.authorization_details = JSON.parse(value);\n }\n catch (cause) {\n throw OPE('failed to parse the \"authorization_details\" parameter as JSON', PARSE_ERROR, cause);\n }\n if (!Array.isArray(claims.authorization_details)) {\n throw CodedTypeError('\"authorization_details\" parameter must be a JSON with a top level array', ERR_INVALID_ARG_VALUE);\n }\n }\n }\n const header = {\n alg: keyToJws(key),\n typ: 'oauth-authz-req+jwt',\n kid,\n };\n options?.[modifyAssertion]?.(header, claims);\n return signJwt(header, claims, key);\n}\nlet jwkCache;\nasync function getSetPublicJwkCache(key, alg) {\n const { kty, e, n, x, y, crv, pub } = await crypto.subtle.exportKey('jwk', key);\n const jwk = { kty, e, n, x, y, crv, pub };\n if (kty === 'AKP')\n jwk.alg = alg;\n jwkCache.set(key, jwk);\n return jwk;\n}\nasync function publicJwk(key, alg) {\n jwkCache ||= new WeakMap();\n return jwkCache.get(key) || getSetPublicJwkCache(key, alg);\n}\nconst URLParse = URL.parse\n ?\n (url, base) => URL.parse(url, base)\n : (url, base) => {\n try {\n return new URL(url, base);\n }\n catch {\n return null;\n }\n };\nexport function checkProtocol(url, enforceHttps) {\n if (enforceHttps && url.protocol !== 'https:') {\n throw OPE('only requests to HTTPS are allowed', HTTP_REQUEST_FORBIDDEN, url);\n }\n if (url.protocol !== 'https:' && url.protocol !== 'http:') {\n throw OPE('only HTTP and HTTPS requests are allowed', REQUEST_PROTOCOL_FORBIDDEN, url);\n }\n}\nfunction validateEndpoint(value, endpoint, useMtlsAlias, enforceHttps) {\n let url;\n if (typeof value !== 'string' || !(url = URLParse(value))) {\n throw OPE(`authorization server metadata does not contain a valid ${useMtlsAlias ? `\"as.mtls_endpoint_aliases.${endpoint}\"` : `\"as.${endpoint}\"`}`, value === undefined ? MISSING_SERVER_METADATA : INVALID_SERVER_METADATA, { attribute: useMtlsAlias ? `mtls_endpoint_aliases.${endpoint}` : endpoint });\n }\n checkProtocol(url, enforceHttps);\n return url;\n}\nexport function resolveEndpoint(as, endpoint, useMtlsAlias, enforceHttps) {\n if (useMtlsAlias && as.mtls_endpoint_aliases && endpoint in as.mtls_endpoint_aliases) {\n return validateEndpoint(as.mtls_endpoint_aliases[endpoint], endpoint, useMtlsAlias, enforceHttps);\n }\n return validateEndpoint(as[endpoint], endpoint, useMtlsAlias, enforceHttps);\n}\nexport async function pushedAuthorizationRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'pushed_authorization_request_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(parameters);\n body.set('client_id', client.client_id);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n if (options?.DPoP !== undefined) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, 'POST');\n }\n const response = await authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nclass DPoPHandler {\n #header;\n #privateKey;\n #publicKey;\n #clockSkew;\n #modifyAssertion;\n #map;\n #jkt;\n constructor(client, keyPair, options) {\n assertPrivateKey(keyPair?.privateKey, '\"DPoP.privateKey\"');\n assertPublicKey(keyPair?.publicKey, '\"DPoP.publicKey\"');\n if (!keyPair.publicKey.extractable) {\n throw CodedTypeError('\"DPoP.publicKey.extractable\" must be true', ERR_INVALID_ARG_VALUE);\n }\n this.#modifyAssertion = options?.[modifyAssertion];\n this.#clockSkew = getClockSkew(client);\n this.#privateKey = keyPair.privateKey;\n this.#publicKey = keyPair.publicKey;\n branded.add(this);\n }\n #get(key) {\n this.#map ||= new Map();\n let item = this.#map.get(key);\n if (item) {\n this.#map.delete(key);\n this.#map.set(key, item);\n }\n return item;\n }\n #set(key, val) {\n this.#map ||= new Map();\n this.#map.delete(key);\n if (this.#map.size === 100) {\n this.#map.delete(this.#map.keys().next().value);\n }\n this.#map.set(key, val);\n }\n async calculateThumbprint() {\n if (!this.#jkt) {\n const jwk = await crypto.subtle.exportKey('jwk', this.#publicKey);\n this.#jkt ||= await calculateJwkThumbprint(jwk);\n }\n return this.#jkt;\n }\n async addProof(url, headers, htm, accessToken) {\n const alg = keyToJws(this.#privateKey);\n this.#header ||= {\n alg,\n typ: 'dpop+jwt',\n jwk: await publicJwk(this.#publicKey, alg),\n };\n const nonce = this.#get(url.origin);\n const now = epochTime() + this.#clockSkew;\n const payload = {\n iat: now,\n jti: randomBytes(),\n htm,\n nonce,\n htu: `${url.origin}${url.pathname}`,\n ath: accessToken\n ? b64u(await crypto.subtle.digest('SHA-256', buf(accessToken)))\n : undefined,\n };\n this.#modifyAssertion?.(this.#header, payload);\n headers.set('dpop', await signJwt(this.#header, payload, this.#privateKey));\n }\n cacheNonce(response, url) {\n try {\n const nonce = response.headers.get('dpop-nonce');\n if (nonce) {\n this.#set(url.origin, nonce);\n }\n }\n catch { }\n }\n}\nexport function isDPoPNonceError(err) {\n if (err instanceof WWWAuthenticateChallengeError) {\n const { 0: challenge, length } = err.cause;\n return (length === 1 && challenge.scheme === 'dpop' && challenge.parameters.error === 'use_dpop_nonce');\n }\n if (err instanceof ResponseBodyError) {\n return err.error === 'use_dpop_nonce';\n }\n return false;\n}\nexport function DPoP(client, keyPair, options) {\n return new DPoPHandler(client, keyPair, options);\n}\nexport class ResponseBodyError extends Error {\n cause;\n code;\n error;\n status;\n error_description;\n response;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = RESPONSE_BODY_ERROR;\n this.cause = options.cause;\n this.error = options.cause.error;\n this.status = options.response.status;\n this.error_description = options.cause.error_description;\n Object.defineProperty(this, 'response', { enumerable: false, value: options.response });\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nexport class AuthorizationResponseError extends Error {\n cause;\n code;\n error;\n error_description;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = AUTHORIZATION_RESPONSE_ERROR;\n this.cause = options.cause;\n this.error = options.cause.get('error');\n this.error_description = options.cause.get('error_description') ?? undefined;\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nexport class WWWAuthenticateChallengeError extends Error {\n cause;\n code;\n response;\n status;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = WWW_AUTHENTICATE_CHALLENGE;\n this.cause = options.cause;\n this.status = options.response.status;\n this.response = options.response;\n Object.defineProperty(this, 'response', { enumerable: false });\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nconst tokenMatch = \"[a-zA-Z0-9!#$%&\\\\'\\\\*\\\\+\\\\-\\\\.\\\\^_`\\\\|~]+\";\nconst token68Match = '[a-zA-Z0-9\\\\-\\\\._\\\\~\\\\+\\\\/]+[=]{0,2}';\nconst quotedMatch = '\"((?:[^\"\\\\\\\\]|\\\\\\\\.)*)\"';\nconst quotedParamMatcher = '(' + tokenMatch + ')\\\\s*=\\\\s*' + quotedMatch;\nconst paramMatcher = '(' + tokenMatch + ')\\\\s*=\\\\s*(' + tokenMatch + ')';\nconst schemeRE = new RegExp('^[,\\\\s]*(' + tokenMatch + ')\\\\s(.*)');\nconst quotedParamRE = new RegExp('^[,\\\\s]*' + quotedParamMatcher + '[,\\\\s]*(.*)');\nconst unquotedParamRE = new RegExp('^[,\\\\s]*' + paramMatcher + '[,\\\\s]*(.*)');\nconst token68ParamRE = new RegExp('^(' + token68Match + ')(?:$|[,\\\\s])(.*)');\nfunction parseWwwAuthenticateChallenges(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n const header = response.headers.get('www-authenticate');\n if (header === null) {\n return undefined;\n }\n const challenges = [];\n let rest = header;\n while (rest) {\n let match = rest.match(schemeRE);\n const scheme = match?.['1'].toLowerCase();\n rest = match?.['2'];\n if (!scheme) {\n return undefined;\n }\n const parameters = {};\n let token68;\n while (rest) {\n let key;\n let value;\n if ((match = rest.match(quotedParamRE))) {\n ;\n [, key, value, rest] = match;\n if (value.includes('\\\\')) {\n try {\n value = JSON.parse(`\"${value}\"`);\n }\n catch { }\n }\n parameters[key.toLowerCase()] = value;\n continue;\n }\n if ((match = rest.match(unquotedParamRE))) {\n ;\n [, key, value, rest] = match;\n parameters[key.toLowerCase()] = value;\n continue;\n }\n if ((match = rest.match(token68ParamRE))) {\n if (Object.keys(parameters).length) {\n break;\n }\n ;\n [, token68, rest] = match;\n break;\n }\n return undefined;\n }\n const challenge = { scheme, parameters };\n if (token68) {\n challenge.token68 = token68;\n }\n challenges.push(challenge);\n }\n if (!challenges.length) {\n return undefined;\n }\n return challenges;\n}\nexport async function processPushedAuthorizationResponse(as, client, response) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 201, 'Pushed Authorization Request Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.request_uri, '\"response\" body \"request_uri\" property', INVALID_RESPONSE, {\n body: json,\n });\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n return json;\n}\nasync function parseOAuthResponseErrorBody(response) {\n if (response.status > 399 && response.status < 500) {\n assertReadableResponse(response);\n assertApplicationJson(response);\n try {\n const json = await response.clone().json();\n if (isJsonObject(json) && typeof json.error === 'string' && json.error.length) {\n return json;\n }\n }\n catch { }\n }\n return undefined;\n}\nasync function checkOAuthBodyError(response, expected, label) {\n if (response.status !== expected) {\n checkAuthenticationChallenges(response);\n let err;\n if ((err = await parseOAuthResponseErrorBody(response))) {\n await response.body?.cancel();\n throw new ResponseBodyError('server responded with an error in the response body', {\n cause: err,\n response,\n });\n }\n throw OPE(`\"response\" is not a conform ${label} response (unexpected HTTP status code)`, RESPONSE_IS_NOT_CONFORM, response);\n }\n}\nfunction assertDPoP(option) {\n if (!branded.has(option)) {\n throw CodedTypeError('\"options.DPoP\" is not a valid DPoPHandle', ERR_INVALID_ARG_VALUE);\n }\n}\nasync function resourceRequest(accessToken, method, url, headers, body, options) {\n assertString(accessToken, '\"accessToken\"');\n if (!(url instanceof URL)) {\n throw CodedTypeError('\"url\" must be an instance of URL', ERR_INVALID_ARG_TYPE);\n }\n checkProtocol(url, options?.[allowInsecureRequests] !== true);\n headers = prepareHeaders(headers);\n if (options?.DPoP) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, method.toUpperCase(), accessToken);\n }\n headers.set('authorization', `${headers.has('dpop') ? 'DPoP' : 'Bearer'} ${accessToken}`);\n const response = await (options?.[customFetch] || fetch)(url.href, {\n body,\n headers: Object.fromEntries(headers.entries()),\n method,\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nexport async function protectedResourceRequest(accessToken, method, url, headers, body, options) {\n const response = await resourceRequest(accessToken, method, url, headers, body, options);\n checkAuthenticationChallenges(response);\n return response;\n}\nexport async function userInfoRequest(as, client, accessToken, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'userinfo_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const headers = prepareHeaders(options?.headers);\n if (client.userinfo_signed_response_alg) {\n headers.set('accept', 'application/jwt');\n }\n else {\n headers.set('accept', 'application/json');\n headers.append('accept', 'application/jwt');\n }\n return resourceRequest(accessToken, 'GET', url, headers, null, {\n ...options,\n [clockSkew]: getClockSkew(client),\n });\n}\nlet jwksMap;\nfunction setJwksCache(as, jwks, uat, cache) {\n jwksMap ||= new WeakMap();\n jwksMap.set(as, {\n jwks,\n uat,\n get age() {\n return epochTime() - this.uat;\n },\n });\n if (cache) {\n Object.assign(cache, { jwks: structuredClone(jwks), uat });\n }\n}\nfunction isFreshJwksCache(input) {\n if (typeof input !== 'object' || input === null) {\n return false;\n }\n if (!('uat' in input) || typeof input.uat !== 'number' || epochTime() - input.uat >= 300) {\n return false;\n }\n if (!('jwks' in input) ||\n !isJsonObject(input.jwks) ||\n !Array.isArray(input.jwks.keys) ||\n !Array.prototype.every.call(input.jwks.keys, isJsonObject)) {\n return false;\n }\n return true;\n}\nfunction clearJwksCache(as, cache) {\n jwksMap?.delete(as);\n delete cache?.jwks;\n delete cache?.uat;\n}\nasync function getPublicSigKeyFromIssuerJwksUri(as, options, header) {\n const { alg, kid } = header;\n checkSupportedJwsAlg(header);\n if (!jwksMap?.has(as) && isFreshJwksCache(options?.[jwksCache])) {\n setJwksCache(as, options?.[jwksCache].jwks, options?.[jwksCache].uat);\n }\n let jwks;\n let age;\n if (jwksMap?.has(as)) {\n ;\n ({ jwks, age } = jwksMap.get(as));\n if (age >= 300) {\n clearJwksCache(as, options?.[jwksCache]);\n return getPublicSigKeyFromIssuerJwksUri(as, options, header);\n }\n }\n else {\n jwks = await jwksRequest(as, options).then(processJwksResponse);\n age = 0;\n setJwksCache(as, jwks, epochTime(), options?.[jwksCache]);\n }\n let kty;\n switch (alg.slice(0, 2)) {\n case 'RS':\n case 'PS':\n kty = 'RSA';\n break;\n case 'ES':\n kty = 'EC';\n break;\n case 'Ed':\n kty = 'OKP';\n break;\n case 'ML':\n kty = 'AKP';\n break;\n default:\n throw new UnsupportedOperationError('unsupported JWS algorithm', { cause: { alg } });\n }\n const candidates = jwks.keys.filter((jwk) => {\n if (jwk.kty !== kty) {\n return false;\n }\n if (kid !== undefined && kid !== jwk.kid) {\n return false;\n }\n if (jwk.alg !== undefined && alg !== jwk.alg) {\n return false;\n }\n if (jwk.use !== undefined && jwk.use !== 'sig') {\n return false;\n }\n if (jwk.key_ops?.includes('verify') === false) {\n return false;\n }\n switch (true) {\n case alg === 'ES256' && jwk.crv !== 'P-256':\n case alg === 'ES384' && jwk.crv !== 'P-384':\n case alg === 'ES512' && jwk.crv !== 'P-521':\n case alg === 'Ed25519' && jwk.crv !== 'Ed25519':\n case alg === 'EdDSA' && jwk.crv !== 'Ed25519':\n return false;\n }\n return true;\n });\n const { 0: jwk, length } = candidates;\n if (!length) {\n if (age >= 60) {\n clearJwksCache(as, options?.[jwksCache]);\n return getPublicSigKeyFromIssuerJwksUri(as, options, header);\n }\n throw OPE('error when selecting a JWT verification key, no applicable keys found', KEY_SELECTION, { header, candidates, jwks_uri: new URL(as.jwks_uri) });\n }\n if (length !== 1) {\n throw OPE('error when selecting a JWT verification key, multiple applicable keys found, a \"kid\" JWT Header Parameter is required', KEY_SELECTION, { header, candidates, jwks_uri: new URL(as.jwks_uri) });\n }\n return importJwk(alg, jwk);\n}\nexport const skipSubjectCheck = Symbol();\nexport function getContentType(input) {\n return input.headers.get('content-type')?.split(';')[0];\n}\nexport async function processUserInfoResponse(as, client, expectedSubject, response, options) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n checkAuthenticationChallenges(response);\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform UserInfo Endpoint response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n let json;\n if (getContentType(response) === 'application/jwt') {\n const { claims, jwt } = await validateJwt(await response.text(), checkSigningAlgorithm.bind(undefined, client.userinfo_signed_response_alg, as.userinfo_signing_alg_values_supported, undefined), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(validateOptionalAudience.bind(undefined, client.client_id))\n .then(validateOptionalIssuer.bind(undefined, as));\n jwtRefs.set(response, jwt);\n json = claims;\n }\n else {\n if (client.userinfo_signed_response_alg) {\n throw OPE('JWT UserInfo Response expected', JWT_USERINFO_EXPECTED, response);\n }\n json = await getResponseJsonBody(response);\n }\n assertString(json.sub, '\"response\" body \"sub\" property', INVALID_RESPONSE, { body: json });\n switch (expectedSubject) {\n case skipSubjectCheck:\n break;\n default:\n assertString(expectedSubject, '\"expectedSubject\"');\n if (json.sub !== expectedSubject) {\n throw OPE('unexpected \"response\" body \"sub\" property value', JSON_ATTRIBUTE_COMPARISON, {\n expected: expectedSubject,\n body: json,\n attribute: 'sub',\n });\n }\n }\n return json;\n}\nasync function authenticatedRequest(as, client, clientAuthentication, url, body, headers, options) {\n await clientAuthentication(as, client, body, headers);\n headers.set('content-type', 'application/x-www-form-urlencoded;charset=UTF-8');\n return (options?.[customFetch] || fetch)(url.href, {\n body,\n headers: Object.fromEntries(headers.entries()),\n method: 'POST',\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n}\nasync function tokenEndpointRequest(as, client, clientAuthentication, grantType, parameters, options) {\n const url = resolveEndpoint(as, 'token_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n parameters.set('grant_type', grantType);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n if (options?.DPoP !== undefined) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, 'POST');\n }\n const response = await authenticatedRequest(as, client, clientAuthentication, url, parameters, headers, options);\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nexport async function refreshTokenGrantRequest(as, client, clientAuthentication, refreshToken, options) {\n assertAs(as);\n assertClient(client);\n assertString(refreshToken, '\"refreshToken\"');\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('refresh_token', refreshToken);\n return tokenEndpointRequest(as, client, clientAuthentication, 'refresh_token', parameters, options);\n}\nconst idTokenClaims = new WeakMap();\nconst jwtRefs = new WeakMap();\nexport function getValidatedIdTokenClaims(ref) {\n if (!ref.id_token) {\n return undefined;\n }\n const claims = idTokenClaims.get(ref);\n if (!claims) {\n throw CodedTypeError('\"ref\" was already garbage collected or did not resolve from the proper sources', ERR_INVALID_ARG_VALUE);\n }\n return claims;\n}\nexport async function validateApplicationLevelSignature(as, ref, options) {\n assertAs(as);\n if (!jwtRefs.has(ref)) {\n throw CodedTypeError('\"ref\" does not contain a processed JWT Response to verify the signature of', ERR_INVALID_ARG_VALUE);\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = jwtRefs.get(ref).split('.');\n const header = JSON.parse(buf(b64u(protectedHeader)));\n if (header.alg.startsWith('HS')) {\n throw new UnsupportedOperationError('unsupported JWS algorithm', { cause: { alg: header.alg } });\n }\n let key;\n key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, b64u(encodedSignature));\n}\nasync function processGenericAccessTokenResponse(as, client, response, additionalRequiredIdTokenClaims, decryptFn, recognizedTokenTypes) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Token Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.access_token, '\"response\" body \"access_token\" property', INVALID_RESPONSE, {\n body: json,\n });\n assertString(json.token_type, '\"response\" body \"token_type\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.token_type = json.token_type.toLowerCase();\n if (json.expires_in !== undefined) {\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n }\n if (json.refresh_token !== undefined) {\n assertString(json.refresh_token, '\"response\" body \"refresh_token\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n if (json.scope !== undefined && typeof json.scope !== 'string') {\n throw OPE('\"response\" body \"scope\" property must be a string', INVALID_RESPONSE, { body: json });\n }\n if (json.id_token !== undefined) {\n assertString(json.id_token, '\"response\" body \"id_token\" property', INVALID_RESPONSE, {\n body: json,\n });\n const requiredClaims = ['aud', 'exp', 'iat', 'iss', 'sub'];\n if (client.require_auth_time === true) {\n requiredClaims.push('auth_time');\n }\n if (client.default_max_age !== undefined) {\n assertNumber(client.default_max_age, true, '\"client.default_max_age\"');\n requiredClaims.push('auth_time');\n }\n if (additionalRequiredIdTokenClaims?.length) {\n requiredClaims.push(...additionalRequiredIdTokenClaims);\n }\n const { claims, jwt } = await validateJwt(json.id_token, checkSigningAlgorithm.bind(undefined, client.id_token_signed_response_alg, as.id_token_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), decryptFn)\n .then(validatePresence.bind(undefined, requiredClaims))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n if (Array.isArray(claims.aud) && claims.aud.length !== 1) {\n if (claims.azp === undefined) {\n throw OPE('ID Token \"aud\" (audience) claim includes additional untrusted audiences', JWT_CLAIM_COMPARISON, { claims, claim: 'aud' });\n }\n if (claims.azp !== client.client_id) {\n throw OPE('unexpected ID Token \"azp\" (authorized party) claim value', JWT_CLAIM_COMPARISON, { expected: client.client_id, claims, claim: 'azp' });\n }\n }\n if (claims.auth_time !== undefined) {\n assertNumber(claims.auth_time, true, 'ID Token \"auth_time\" (authentication time)', INVALID_RESPONSE, { claims });\n }\n jwtRefs.set(response, jwt);\n idTokenClaims.set(json, claims);\n }\n if (recognizedTokenTypes?.[json.token_type] !== undefined) {\n recognizedTokenTypes[json.token_type](response, json);\n }\n else if (json.token_type !== 'dpop' && json.token_type !== 'bearer') {\n throw new UnsupportedOperationError('unsupported `token_type` value', { cause: { body: json } });\n }\n return json;\n}\nfunction checkAuthenticationChallenges(response) {\n let challenges;\n if ((challenges = parseWwwAuthenticateChallenges(response))) {\n throw new WWWAuthenticateChallengeError('server responded with a challenge in the WWW-Authenticate HTTP Header', { cause: challenges, response });\n }\n}\nexport async function processRefreshTokenResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nfunction validateOptionalAudience(expected, result) {\n if (result.claims.aud !== undefined) {\n return validateAudience(expected, result);\n }\n return result;\n}\nfunction validateAudience(expected, result) {\n if (Array.isArray(result.claims.aud)) {\n if (!result.claims.aud.includes(expected)) {\n throw OPE('unexpected JWT \"aud\" (audience) claim value', JWT_CLAIM_COMPARISON, {\n expected,\n claims: result.claims,\n claim: 'aud',\n });\n }\n }\n else if (result.claims.aud !== expected) {\n throw OPE('unexpected JWT \"aud\" (audience) claim value', JWT_CLAIM_COMPARISON, {\n expected,\n claims: result.claims,\n claim: 'aud',\n });\n }\n return result;\n}\nfunction validateOptionalIssuer(as, result) {\n if (result.claims.iss !== undefined) {\n return validateIssuer(as, result);\n }\n return result;\n}\nfunction validateIssuer(as, result) {\n const expected = as[_expectedIssuer]?.(result) ?? as.issuer;\n if (result.claims.iss !== expected) {\n throw OPE('unexpected JWT \"iss\" (issuer) claim value', JWT_CLAIM_COMPARISON, {\n expected,\n claims: result.claims,\n claim: 'iss',\n });\n }\n return result;\n}\nconst branded = new WeakSet();\nfunction brand(searchParams) {\n branded.add(searchParams);\n return searchParams;\n}\nexport const nopkce = Symbol();\nexport async function authorizationCodeGrantRequest(as, client, clientAuthentication, callbackParameters, redirectUri, codeVerifier, options) {\n assertAs(as);\n assertClient(client);\n if (!branded.has(callbackParameters)) {\n throw CodedTypeError('\"callbackParameters\" must be an instance of URLSearchParams obtained from \"validateAuthResponse()\", or \"validateJwtAuthResponse()', ERR_INVALID_ARG_VALUE);\n }\n assertString(redirectUri, '\"redirectUri\"');\n const code = getURLSearchParameter(callbackParameters, 'code');\n if (!code) {\n throw OPE('no authorization code in \"callbackParameters\"', INVALID_RESPONSE);\n }\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('redirect_uri', redirectUri);\n parameters.set('code', code);\n if (codeVerifier !== nopkce) {\n assertString(codeVerifier, '\"codeVerifier\"');\n parameters.set('code_verifier', codeVerifier);\n }\n return tokenEndpointRequest(as, client, clientAuthentication, 'authorization_code', parameters, options);\n}\nconst jwtClaimNames = {\n aud: 'audience',\n c_hash: 'code hash',\n client_id: 'client id',\n exp: 'expiration time',\n iat: 'issued at',\n iss: 'issuer',\n jti: 'jwt id',\n nonce: 'nonce',\n s_hash: 'state hash',\n sub: 'subject',\n ath: 'access token hash',\n htm: 'http method',\n htu: 'http uri',\n cnf: 'confirmation',\n auth_time: 'authentication time',\n};\nfunction validatePresence(required, result) {\n for (const claim of required) {\n if (result.claims[claim] === undefined) {\n throw OPE(`JWT \"${claim}\" (${jwtClaimNames[claim]}) claim missing`, INVALID_RESPONSE, {\n claims: result.claims,\n });\n }\n }\n return result;\n}\nexport const expectNoNonce = Symbol();\nexport const skipAuthTimeCheck = Symbol();\nexport async function processAuthorizationCodeResponse(as, client, response, options) {\n if (typeof options?.expectedNonce === 'string' ||\n typeof options?.maxAge === 'number' ||\n options?.requireIdToken) {\n return processAuthorizationCodeOpenIDResponse(as, client, response, options.expectedNonce, options.maxAge, options[jweDecrypt], options.recognizedTokenTypes);\n }\n return processAuthorizationCodeOAuth2Response(as, client, response, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nasync function processAuthorizationCodeOpenIDResponse(as, client, response, expectedNonce, maxAge, decryptFn, recognizedTokenTypes) {\n const additionalRequiredClaims = [];\n switch (expectedNonce) {\n case undefined:\n expectedNonce = expectNoNonce;\n break;\n case expectNoNonce:\n break;\n default:\n assertString(expectedNonce, '\"expectedNonce\" argument');\n additionalRequiredClaims.push('nonce');\n }\n maxAge ??= client.default_max_age;\n switch (maxAge) {\n case undefined:\n maxAge = skipAuthTimeCheck;\n break;\n case skipAuthTimeCheck:\n break;\n default:\n assertNumber(maxAge, true, '\"maxAge\" argument');\n additionalRequiredClaims.push('auth_time');\n }\n const result = await processGenericAccessTokenResponse(as, client, response, additionalRequiredClaims, decryptFn, recognizedTokenTypes);\n assertString(result.id_token, '\"response\" body \"id_token\" property', INVALID_RESPONSE, {\n body: result,\n });\n const claims = getValidatedIdTokenClaims(result);\n if (maxAge !== skipAuthTimeCheck) {\n const now = epochTime() + getClockSkew(client);\n const tolerance = getClockTolerance(client);\n if (claims.auth_time + maxAge < now - tolerance) {\n throw OPE('too much time has elapsed since the last End-User authentication', JWT_TIMESTAMP_CHECK, { claims, now, tolerance, claim: 'auth_time' });\n }\n }\n if (expectedNonce === expectNoNonce) {\n if (claims.nonce !== undefined) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: undefined,\n claims,\n claim: 'nonce',\n });\n }\n }\n else if (claims.nonce !== expectedNonce) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: expectedNonce,\n claims,\n claim: 'nonce',\n });\n }\n return result;\n}\nasync function processAuthorizationCodeOAuth2Response(as, client, response, decryptFn, recognizedTokenTypes) {\n const result = await processGenericAccessTokenResponse(as, client, response, undefined, decryptFn, recognizedTokenTypes);\n const claims = getValidatedIdTokenClaims(result);\n if (claims) {\n if (client.default_max_age !== undefined) {\n assertNumber(client.default_max_age, true, '\"client.default_max_age\"');\n const now = epochTime() + getClockSkew(client);\n const tolerance = getClockTolerance(client);\n if (claims.auth_time + client.default_max_age < now - tolerance) {\n throw OPE('too much time has elapsed since the last End-User authentication', JWT_TIMESTAMP_CHECK, { claims, now, tolerance, claim: 'auth_time' });\n }\n }\n if (claims.nonce !== undefined) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: undefined,\n claims,\n claim: 'nonce',\n });\n }\n }\n return result;\n}\nexport const WWW_AUTHENTICATE_CHALLENGE = 'OAUTH_WWW_AUTHENTICATE_CHALLENGE';\nexport const RESPONSE_BODY_ERROR = 'OAUTH_RESPONSE_BODY_ERROR';\nexport const UNSUPPORTED_OPERATION = 'OAUTH_UNSUPPORTED_OPERATION';\nexport const AUTHORIZATION_RESPONSE_ERROR = 'OAUTH_AUTHORIZATION_RESPONSE_ERROR';\nexport const JWT_USERINFO_EXPECTED = 'OAUTH_JWT_USERINFO_EXPECTED';\nexport const PARSE_ERROR = 'OAUTH_PARSE_ERROR';\nexport const INVALID_RESPONSE = 'OAUTH_INVALID_RESPONSE';\nexport const INVALID_REQUEST = 'OAUTH_INVALID_REQUEST';\nexport const RESPONSE_IS_NOT_JSON = 'OAUTH_RESPONSE_IS_NOT_JSON';\nexport const RESPONSE_IS_NOT_CONFORM = 'OAUTH_RESPONSE_IS_NOT_CONFORM';\nexport const HTTP_REQUEST_FORBIDDEN = 'OAUTH_HTTP_REQUEST_FORBIDDEN';\nexport const REQUEST_PROTOCOL_FORBIDDEN = 'OAUTH_REQUEST_PROTOCOL_FORBIDDEN';\nexport const JWT_TIMESTAMP_CHECK = 'OAUTH_JWT_TIMESTAMP_CHECK_FAILED';\nexport const JWT_CLAIM_COMPARISON = 'OAUTH_JWT_CLAIM_COMPARISON_FAILED';\nexport const JSON_ATTRIBUTE_COMPARISON = 'OAUTH_JSON_ATTRIBUTE_COMPARISON_FAILED';\nexport const KEY_SELECTION = 'OAUTH_KEY_SELECTION_FAILED';\nexport const MISSING_SERVER_METADATA = 'OAUTH_MISSING_SERVER_METADATA';\nexport const INVALID_SERVER_METADATA = 'OAUTH_INVALID_SERVER_METADATA';\nfunction checkJwtType(expected, result) {\n if (typeof result.header.typ !== 'string' || normalizeTyp(result.header.typ) !== expected) {\n throw OPE('unexpected JWT \"typ\" header parameter value', INVALID_RESPONSE, {\n header: result.header,\n });\n }\n return result;\n}\nexport async function clientCredentialsGrantRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n return tokenEndpointRequest(as, client, clientAuthentication, 'client_credentials', new URLSearchParams(parameters), options);\n}\nexport async function genericTokenEndpointRequest(as, client, clientAuthentication, grantType, parameters, options) {\n assertAs(as);\n assertClient(client);\n assertString(grantType, '\"grantType\"');\n return tokenEndpointRequest(as, client, clientAuthentication, grantType, new URLSearchParams(parameters), options);\n}\nexport async function processGenericTokenEndpointResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function processClientCredentialsResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function revocationRequest(as, client, clientAuthentication, token, options) {\n assertAs(as);\n assertClient(client);\n assertString(token, '\"token\"');\n const url = resolveEndpoint(as, 'revocation_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(options?.additionalParameters);\n body.set('token', token);\n const headers = prepareHeaders(options?.headers);\n headers.delete('accept');\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processRevocationResponse(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Revocation Endpoint');\n return undefined;\n}\nfunction assertReadableResponse(response) {\n if (response.bodyUsed) {\n throw CodedTypeError('\"response\" body has been used already', ERR_INVALID_ARG_VALUE);\n }\n}\nexport async function introspectionRequest(as, client, clientAuthentication, token, options) {\n assertAs(as);\n assertClient(client);\n assertString(token, '\"token\"');\n const url = resolveEndpoint(as, 'introspection_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(options?.additionalParameters);\n body.set('token', token);\n const headers = prepareHeaders(options?.headers);\n if (options?.requestJwtResponse ?? client.introspection_signed_response_alg) {\n headers.set('accept', 'application/token-introspection+jwt');\n }\n else {\n headers.set('accept', 'application/json');\n }\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processIntrospectionResponse(as, client, response, options) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Introspection Endpoint');\n let json;\n if (getContentType(response) === 'application/token-introspection+jwt') {\n assertReadableResponse(response);\n const { claims, jwt } = await validateJwt(await response.text(), checkSigningAlgorithm.bind(undefined, client.introspection_signed_response_alg, as.introspection_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(checkJwtType.bind(undefined, 'token-introspection+jwt'))\n .then(validatePresence.bind(undefined, ['aud', 'iat', 'iss']))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n jwtRefs.set(response, jwt);\n if (!isJsonObject(claims.token_introspection)) {\n throw OPE('JWT \"token_introspection\" claim must be a JSON object', INVALID_RESPONSE, {\n claims,\n });\n }\n json = claims.token_introspection;\n }\n else {\n assertReadableResponse(response);\n json = await getResponseJsonBody(response);\n }\n if (typeof json.active !== 'boolean') {\n throw OPE('\"response\" body \"active\" property must be a boolean', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nasync function jwksRequest(as, options) {\n assertAs(as);\n const url = resolveEndpoint(as, 'jwks_uri', false, options?.[allowInsecureRequests] !== true);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n headers.append('accept', 'application/jwk-set+json');\n return (options?.[customFetch] || fetch)(url.href, {\n body: undefined,\n headers: Object.fromEntries(headers.entries()),\n method: 'GET',\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n}\nasync function processJwksResponse(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform JSON Web Key Set response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response, (response) => assertContentTypes(response, 'application/json', 'application/jwk-set+json'));\n if (!Array.isArray(json.keys)) {\n throw OPE('\"response\" body \"keys\" property must be an array', INVALID_RESPONSE, { body: json });\n }\n if (!Array.prototype.every.call(json.keys, isJsonObject)) {\n throw OPE('\"response\" body \"keys\" property members must be JWK formatted objects', INVALID_RESPONSE, { body: json });\n }\n return json;\n}\nfunction supported(alg) {\n switch (alg) {\n case 'PS256':\n case 'ES256':\n case 'RS256':\n case 'PS384':\n case 'ES384':\n case 'RS384':\n case 'PS512':\n case 'ES512':\n case 'RS512':\n case 'Ed25519':\n case 'EdDSA':\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n return true;\n default:\n return false;\n }\n}\nfunction checkSupportedJwsAlg(header) {\n if (!supported(header.alg)) {\n throw new UnsupportedOperationError('unsupported JWS \"alg\" identifier', {\n cause: { alg: header.alg },\n });\n }\n}\nfunction checkRsaKeyAlgorithm(key) {\n const { algorithm } = key;\n if (typeof algorithm.modulusLength !== 'number' || algorithm.modulusLength < 2048) {\n throw new UnsupportedOperationError(`unsupported ${algorithm.name} modulusLength`, {\n cause: key,\n });\n }\n}\nfunction ecdsaHashName(key) {\n const { algorithm } = key;\n switch (algorithm.namedCurve) {\n case 'P-256':\n return 'SHA-256';\n case 'P-384':\n return 'SHA-384';\n case 'P-521':\n return 'SHA-512';\n default:\n throw new UnsupportedOperationError('unsupported ECDSA namedCurve', { cause: key });\n }\n}\nfunction keyToSubtle(key) {\n switch (key.algorithm.name) {\n case 'ECDSA':\n return {\n name: key.algorithm.name,\n hash: ecdsaHashName(key),\n };\n case 'RSA-PSS': {\n checkRsaKeyAlgorithm(key);\n switch (key.algorithm.hash.name) {\n case 'SHA-256':\n case 'SHA-384':\n case 'SHA-512':\n return {\n name: key.algorithm.name,\n saltLength: parseInt(key.algorithm.hash.name.slice(-3), 10) >> 3,\n };\n default:\n throw new UnsupportedOperationError('unsupported RSA-PSS hash name', { cause: key });\n }\n }\n case 'RSASSA-PKCS1-v1_5':\n checkRsaKeyAlgorithm(key);\n return key.algorithm.name;\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n case 'Ed25519':\n return key.algorithm.name;\n }\n throw new UnsupportedOperationError('unsupported CryptoKey algorithm name', { cause: key });\n}\nasync function validateJwsSignature(protectedHeader, payload, key, signature) {\n const data = buf(`${protectedHeader}.${payload}`);\n const algorithm = keyToSubtle(key);\n const verified = await crypto.subtle.verify(algorithm, key, signature, data);\n if (!verified) {\n throw OPE('JWT signature verification failed', INVALID_RESPONSE, {\n key,\n data,\n signature,\n algorithm,\n });\n }\n}\nasync function validateJwt(jws, checkAlg, clockSkew, clockTolerance, decryptJwt) {\n let { 0: protectedHeader, 1: payload, length } = jws.split('.');\n if (length === 5) {\n if (decryptJwt !== undefined) {\n jws = await decryptJwt(jws);\n ({ 0: protectedHeader, 1: payload, length } = jws.split('.'));\n }\n else {\n throw new UnsupportedOperationError('JWE decryption is not configured', { cause: jws });\n }\n }\n if (length !== 3) {\n throw OPE('Invalid JWT', INVALID_RESPONSE, jws);\n }\n let header;\n try {\n header = JSON.parse(buf(b64u(protectedHeader)));\n }\n catch (cause) {\n throw OPE('failed to parse JWT Header body as base64url encoded JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(header)) {\n throw OPE('JWT Header must be a top level object', INVALID_RESPONSE, jws);\n }\n checkAlg(header);\n if (header.crit !== undefined) {\n throw new UnsupportedOperationError('no JWT \"crit\" header parameter extensions are supported', {\n cause: { header },\n });\n }\n let claims;\n try {\n claims = JSON.parse(buf(b64u(payload)));\n }\n catch (cause) {\n throw OPE('failed to parse JWT Payload body as base64url encoded JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(claims)) {\n throw OPE('JWT Payload must be a top level object', INVALID_RESPONSE, jws);\n }\n const now = epochTime() + clockSkew;\n if (claims.exp !== undefined) {\n if (typeof claims.exp !== 'number') {\n throw OPE('unexpected JWT \"exp\" (expiration time) claim type', INVALID_RESPONSE, { claims });\n }\n if (claims.exp <= now - clockTolerance) {\n throw OPE('unexpected JWT \"exp\" (expiration time) claim value, expiration is past current timestamp', JWT_TIMESTAMP_CHECK, { claims, now, tolerance: clockTolerance, claim: 'exp' });\n }\n }\n if (claims.iat !== undefined) {\n if (typeof claims.iat !== 'number') {\n throw OPE('unexpected JWT \"iat\" (issued at) claim type', INVALID_RESPONSE, { claims });\n }\n }\n if (claims.iss !== undefined) {\n if (typeof claims.iss !== 'string') {\n throw OPE('unexpected JWT \"iss\" (issuer) claim type', INVALID_RESPONSE, { claims });\n }\n }\n if (claims.nbf !== undefined) {\n if (typeof claims.nbf !== 'number') {\n throw OPE('unexpected JWT \"nbf\" (not before) claim type', INVALID_RESPONSE, { claims });\n }\n if (claims.nbf > now + clockTolerance) {\n throw OPE('unexpected JWT \"nbf\" (not before) claim value', JWT_TIMESTAMP_CHECK, {\n claims,\n now,\n tolerance: clockTolerance,\n claim: 'nbf',\n });\n }\n }\n if (claims.aud !== undefined) {\n if (typeof claims.aud !== 'string' && !Array.isArray(claims.aud)) {\n throw OPE('unexpected JWT \"aud\" (audience) claim type', INVALID_RESPONSE, { claims });\n }\n }\n return { header, claims, jwt: jws };\n}\nexport async function validateJwtAuthResponse(as, client, parameters, expectedState, options) {\n assertAs(as);\n assertClient(client);\n if (parameters instanceof URL) {\n parameters = parameters.searchParams;\n }\n if (!(parameters instanceof URLSearchParams)) {\n throw CodedTypeError('\"parameters\" must be an instance of URLSearchParams, or URL', ERR_INVALID_ARG_TYPE);\n }\n const response = getURLSearchParameter(parameters, 'response');\n if (!response) {\n throw OPE('\"parameters\" does not contain a JARM response', INVALID_RESPONSE);\n }\n const { claims, header, jwt } = await validateJwt(response, checkSigningAlgorithm.bind(undefined, client.authorization_signed_response_alg, as.authorization_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(validatePresence.bind(undefined, ['aud', 'exp', 'iss']))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = jwt.split('.');\n const signature = b64u(encodedSignature);\n const key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, signature);\n const result = new URLSearchParams();\n for (const [key, value] of Object.entries(claims)) {\n if (typeof value === 'string' && key !== 'aud') {\n result.set(key, value);\n }\n }\n return validateAuthResponse(as, client, result, expectedState);\n}\nasync function idTokenHash(data, header, claimName) {\n let algorithm;\n switch (header.alg) {\n case 'RS256':\n case 'PS256':\n case 'ES256':\n algorithm = 'SHA-256';\n break;\n case 'RS384':\n case 'PS384':\n case 'ES384':\n algorithm = 'SHA-384';\n break;\n case 'RS512':\n case 'PS512':\n case 'ES512':\n case 'Ed25519':\n case 'EdDSA':\n algorithm = 'SHA-512';\n break;\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n algorithm = { name: 'cSHAKE256', length: 512 };\n break;\n default:\n throw new UnsupportedOperationError(`unsupported JWS algorithm for ${claimName} calculation`, { cause: { alg: header.alg } });\n }\n const digest = await crypto.subtle.digest(algorithm, buf(data));\n return b64u(digest.slice(0, digest.byteLength / 2));\n}\nasync function idTokenHashMatches(data, actual, header, claimName) {\n const expected = await idTokenHash(data, header, claimName);\n return actual === expected;\n}\nexport async function validateDetachedSignatureResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options) {\n return validateHybridResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options, true);\n}\nexport async function validateCodeIdTokenResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options) {\n return validateHybridResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options, false);\n}\nasync function consumeStream(request) {\n if (request.bodyUsed) {\n throw CodedTypeError('form_post Request instances must contain a readable body', ERR_INVALID_ARG_VALUE, { cause: request });\n }\n return request.text();\n}\nexport async function formPostResponse(request) {\n if (request.method !== 'POST') {\n throw CodedTypeError('form_post responses are expected to use the POST method', ERR_INVALID_ARG_VALUE, { cause: request });\n }\n if (getContentType(request) !== 'application/x-www-form-urlencoded') {\n throw CodedTypeError('form_post responses are expected to use the application/x-www-form-urlencoded content-type', ERR_INVALID_ARG_VALUE, { cause: request });\n }\n return consumeStream(request);\n}\nasync function validateHybridResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options, fapi) {\n assertAs(as);\n assertClient(client);\n if (parameters instanceof URL) {\n if (!parameters.hash.length) {\n throw CodedTypeError('\"parameters\" as an instance of URL must contain a hash (fragment) with the Authorization Response parameters', ERR_INVALID_ARG_VALUE);\n }\n parameters = new URLSearchParams(parameters.hash.slice(1));\n }\n else if (looseInstanceOf(parameters, Request)) {\n parameters = new URLSearchParams(await formPostResponse(parameters));\n }\n else if (parameters instanceof URLSearchParams) {\n parameters = new URLSearchParams(parameters);\n }\n else {\n throw CodedTypeError('\"parameters\" must be an instance of URLSearchParams, URL, or Response', ERR_INVALID_ARG_TYPE);\n }\n const id_token = getURLSearchParameter(parameters, 'id_token');\n parameters.delete('id_token');\n switch (expectedState) {\n case undefined:\n case expectNoState:\n break;\n default:\n assertString(expectedState, '\"expectedState\" argument');\n }\n const result = validateAuthResponse({\n ...as,\n authorization_response_iss_parameter_supported: false,\n }, client, parameters, expectedState);\n if (!id_token) {\n throw OPE('\"parameters\" does not contain an ID Token', INVALID_RESPONSE);\n }\n const code = getURLSearchParameter(parameters, 'code');\n if (!code) {\n throw OPE('\"parameters\" does not contain an Authorization Code', INVALID_RESPONSE);\n }\n const requiredClaims = [\n 'aud',\n 'exp',\n 'iat',\n 'iss',\n 'sub',\n 'nonce',\n 'c_hash',\n ];\n const state = parameters.get('state');\n if (fapi && (typeof expectedState === 'string' || state !== null)) {\n requiredClaims.push('s_hash');\n }\n if (maxAge !== undefined) {\n assertNumber(maxAge, true, '\"maxAge\" argument');\n }\n else if (client.default_max_age !== undefined) {\n assertNumber(client.default_max_age, true, '\"client.default_max_age\"');\n }\n maxAge ??= client.default_max_age ?? skipAuthTimeCheck;\n if (client.require_auth_time || maxAge !== skipAuthTimeCheck) {\n requiredClaims.push('auth_time');\n }\n const { claims, header, jwt } = await validateJwt(id_token, checkSigningAlgorithm.bind(undefined, client.id_token_signed_response_alg, as.id_token_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(validatePresence.bind(undefined, requiredClaims))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n const clockSkew = getClockSkew(client);\n const now = epochTime() + clockSkew;\n if (claims.iat < now - 3600) {\n throw OPE('unexpected JWT \"iat\" (issued at) claim value, it is too far in the past', JWT_TIMESTAMP_CHECK, { now, claims, claim: 'iat' });\n }\n assertString(claims.c_hash, 'ID Token \"c_hash\" (code hash) claim value', INVALID_RESPONSE, {\n claims,\n });\n if (claims.auth_time !== undefined) {\n assertNumber(claims.auth_time, true, 'ID Token \"auth_time\" (authentication time)', INVALID_RESPONSE, { claims });\n }\n if (maxAge !== skipAuthTimeCheck) {\n const now = epochTime() + getClockSkew(client);\n const tolerance = getClockTolerance(client);\n if (claims.auth_time + maxAge < now - tolerance) {\n throw OPE('too much time has elapsed since the last End-User authentication', JWT_TIMESTAMP_CHECK, { claims, now, tolerance, claim: 'auth_time' });\n }\n }\n assertString(expectedNonce, '\"expectedNonce\" argument');\n if (claims.nonce !== expectedNonce) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: expectedNonce,\n claims,\n claim: 'nonce',\n });\n }\n if (Array.isArray(claims.aud) && claims.aud.length !== 1) {\n if (claims.azp === undefined) {\n throw OPE('ID Token \"aud\" (audience) claim includes additional untrusted audiences', JWT_CLAIM_COMPARISON, { claims, claim: 'aud' });\n }\n if (claims.azp !== client.client_id) {\n throw OPE('unexpected ID Token \"azp\" (authorized party) claim value', JWT_CLAIM_COMPARISON, {\n expected: client.client_id,\n claims,\n claim: 'azp',\n });\n }\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = jwt.split('.');\n const signature = b64u(encodedSignature);\n const key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, signature);\n if ((await idTokenHashMatches(code, claims.c_hash, header, 'c_hash')) !== true) {\n throw OPE('invalid ID Token \"c_hash\" (code hash) claim value', JWT_CLAIM_COMPARISON, {\n code,\n alg: header.alg,\n claim: 'c_hash',\n claims,\n });\n }\n if ((fapi && state !== null) || claims.s_hash !== undefined) {\n assertString(claims.s_hash, 'ID Token \"s_hash\" (state hash) claim value', INVALID_RESPONSE, {\n claims,\n });\n assertString(state, '\"state\" response parameter', INVALID_RESPONSE, { parameters });\n if ((await idTokenHashMatches(state, claims.s_hash, header, 's_hash')) !== true) {\n throw OPE('invalid ID Token \"s_hash\" (state hash) claim value', JWT_CLAIM_COMPARISON, {\n state,\n alg: header.alg,\n claim: 's_hash',\n claims,\n });\n }\n }\n return result;\n}\nfunction checkSigningAlgorithm(client, issuer, fallback, header) {\n if (client !== undefined) {\n if (typeof client === 'string' ? header.alg !== client : !client.includes(header.alg)) {\n throw OPE('unexpected JWT \"alg\" header parameter', INVALID_RESPONSE, {\n header,\n expected: client,\n reason: 'client configuration',\n });\n }\n return;\n }\n if (Array.isArray(issuer)) {\n if (!issuer.includes(header.alg)) {\n throw OPE('unexpected JWT \"alg\" header parameter', INVALID_RESPONSE, {\n header,\n expected: issuer,\n reason: 'authorization server metadata',\n });\n }\n return;\n }\n if (fallback !== undefined) {\n if (typeof fallback === 'string'\n ? header.alg !== fallback\n : typeof fallback === 'function'\n ? !fallback(header.alg)\n : !fallback.includes(header.alg)) {\n throw OPE('unexpected JWT \"alg\" header parameter', INVALID_RESPONSE, {\n header,\n expected: fallback,\n reason: 'default value',\n });\n }\n return;\n }\n throw OPE('missing client or server configuration to verify used JWT \"alg\" header parameter', undefined, { client, issuer, fallback });\n}\nfunction getURLSearchParameter(parameters, name) {\n const { 0: value, length } = parameters.getAll(name);\n if (length > 1) {\n throw OPE(`\"${name}\" parameter must be provided only once`, INVALID_RESPONSE);\n }\n return value;\n}\nexport const skipStateCheck = Symbol();\nexport const expectNoState = Symbol();\nexport function validateAuthResponse(as, client, parameters, expectedState) {\n assertAs(as);\n assertClient(client);\n if (parameters instanceof URL) {\n parameters = parameters.searchParams;\n }\n if (!(parameters instanceof URLSearchParams)) {\n throw CodedTypeError('\"parameters\" must be an instance of URLSearchParams, or URL', ERR_INVALID_ARG_TYPE);\n }\n if (getURLSearchParameter(parameters, 'response')) {\n throw OPE('\"parameters\" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()', INVALID_RESPONSE, { parameters });\n }\n const iss = getURLSearchParameter(parameters, 'iss');\n const state = getURLSearchParameter(parameters, 'state');\n if (!iss && as.authorization_response_iss_parameter_supported) {\n throw OPE('response parameter \"iss\" (issuer) missing', INVALID_RESPONSE, { parameters });\n }\n if (iss && iss !== as.issuer) {\n throw OPE('unexpected \"iss\" (issuer) response parameter value', INVALID_RESPONSE, {\n expected: as.issuer,\n parameters,\n });\n }\n switch (expectedState) {\n case undefined:\n case expectNoState:\n if (state !== undefined) {\n throw OPE('unexpected \"state\" response parameter encountered', INVALID_RESPONSE, {\n expected: undefined,\n parameters,\n });\n }\n break;\n case skipStateCheck:\n break;\n default:\n assertString(expectedState, '\"expectedState\" argument');\n if (state !== expectedState) {\n throw OPE(state === undefined\n ? 'response parameter \"state\" missing'\n : 'unexpected \"state\" response parameter value', INVALID_RESPONSE, { expected: expectedState, parameters });\n }\n }\n const error = getURLSearchParameter(parameters, 'error');\n if (error) {\n throw new AuthorizationResponseError('authorization response from the server is an error', {\n cause: parameters,\n });\n }\n const id_token = getURLSearchParameter(parameters, 'id_token');\n const token = getURLSearchParameter(parameters, 'token');\n if (id_token !== undefined || token !== undefined) {\n throw new UnsupportedOperationError('implicit and hybrid flows are not supported');\n }\n return brand(new URLSearchParams(parameters));\n}\nfunction algToSubtle(alg) {\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` };\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` };\n case 'ES256':\n case 'ES384':\n return { name: 'ECDSA', namedCurve: `P-${alg.slice(-3)}` };\n case 'ES512':\n return { name: 'ECDSA', namedCurve: 'P-521' };\n case 'EdDSA':\n return 'Ed25519';\n case 'Ed25519':\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n return alg;\n default:\n throw new UnsupportedOperationError('unsupported JWS algorithm', { cause: { alg } });\n }\n}\nasync function importJwk(alg, jwk) {\n const { ext, key_ops, use, ...key } = jwk;\n return crypto.subtle.importKey('jwk', key, algToSubtle(alg), true, ['verify']);\n}\nexport async function deviceAuthorizationRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'device_authorization_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(parameters);\n body.set('client_id', client.client_id);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processDeviceAuthorizationResponse(as, client, response) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Device Authorization Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.device_code, '\"response\" body \"device_code\" property', INVALID_RESPONSE, {\n body: json,\n });\n assertString(json.user_code, '\"response\" body \"user_code\" property', INVALID_RESPONSE, {\n body: json,\n });\n assertString(json.verification_uri, '\"response\" body \"verification_uri\" property', INVALID_RESPONSE, { body: json });\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n if (json.verification_uri_complete !== undefined) {\n assertString(json.verification_uri_complete, '\"response\" body \"verification_uri_complete\" property', INVALID_RESPONSE, { body: json });\n }\n if (json.interval !== undefined) {\n assertNumber(json.interval, false, '\"response\" body \"interval\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nexport async function deviceCodeGrantRequest(as, client, clientAuthentication, deviceCode, options) {\n assertAs(as);\n assertClient(client);\n assertString(deviceCode, '\"deviceCode\"');\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('device_code', deviceCode);\n return tokenEndpointRequest(as, client, clientAuthentication, 'urn:ietf:params:oauth:grant-type:device_code', parameters, options);\n}\nexport async function processDeviceCodeResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function generateKeyPair(alg, options) {\n assertString(alg, '\"alg\"');\n const algorithm = algToSubtle(alg);\n if (alg.startsWith('PS') || alg.startsWith('RS')) {\n Object.assign(algorithm, {\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n });\n }\n return crypto.subtle.generateKey(algorithm, options?.extractable ?? false, [\n 'sign',\n 'verify',\n ]);\n}\nfunction normalizeHtu(htu) {\n const url = new URL(htu);\n url.search = '';\n url.hash = '';\n return url.href;\n}\nasync function validateDPoP(request, accessToken, accessTokenClaims, options) {\n const headerValue = request.headers.get('dpop');\n if (headerValue === null) {\n throw OPE('operation indicated DPoP use but the request has no DPoP HTTP Header', INVALID_REQUEST, { headers: request.headers });\n }\n if (request.headers.get('authorization')?.toLowerCase().startsWith('dpop ') === false) {\n throw OPE(`operation indicated DPoP use but the request's Authorization HTTP Header scheme is not DPoP`, INVALID_REQUEST, { headers: request.headers });\n }\n if (typeof accessTokenClaims.cnf?.jkt !== 'string') {\n throw OPE('operation indicated DPoP use but the JWT Access Token has no jkt confirmation claim', INVALID_REQUEST, { claims: accessTokenClaims });\n }\n const clockSkew = getClockSkew(options);\n const proof = await validateJwt(headerValue, checkSigningAlgorithm.bind(undefined, options?.signingAlgorithms, undefined, supported), clockSkew, getClockTolerance(options), undefined)\n .then(checkJwtType.bind(undefined, 'dpop+jwt'))\n .then(validatePresence.bind(undefined, ['iat', 'jti', 'ath', 'htm', 'htu']));\n const now = epochTime() + clockSkew;\n const diff = Math.abs(now - proof.claims.iat);\n if (diff > 300) {\n throw OPE('DPoP Proof iat is not recent enough', JWT_TIMESTAMP_CHECK, {\n now,\n claims: proof.claims,\n claim: 'iat',\n });\n }\n if (proof.claims.htm !== request.method) {\n throw OPE('DPoP Proof htm mismatch', JWT_CLAIM_COMPARISON, {\n expected: request.method,\n claims: proof.claims,\n claim: 'htm',\n });\n }\n if (typeof proof.claims.htu !== 'string' ||\n normalizeHtu(proof.claims.htu) !== normalizeHtu(request.url)) {\n throw OPE('DPoP Proof htu mismatch', JWT_CLAIM_COMPARISON, {\n expected: normalizeHtu(request.url),\n claims: proof.claims,\n claim: 'htu',\n });\n }\n {\n const expected = b64u(await crypto.subtle.digest('SHA-256', buf(accessToken)));\n if (proof.claims.ath !== expected) {\n throw OPE('DPoP Proof ath mismatch', JWT_CLAIM_COMPARISON, {\n expected,\n claims: proof.claims,\n claim: 'ath',\n });\n }\n }\n {\n const expected = await calculateJwkThumbprint(proof.header.jwk);\n if (accessTokenClaims.cnf.jkt !== expected) {\n throw OPE('JWT Access Token confirmation mismatch', JWT_CLAIM_COMPARISON, {\n expected,\n claims: accessTokenClaims,\n claim: 'cnf.jkt',\n });\n }\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = headerValue.split('.');\n const signature = b64u(encodedSignature);\n const { jwk, alg } = proof.header;\n if (!jwk) {\n throw OPE('DPoP Proof is missing the jwk header parameter', INVALID_REQUEST, {\n header: proof.header,\n });\n }\n const key = await importJwk(alg, jwk);\n if (key.type !== 'public') {\n throw OPE('DPoP Proof jwk header parameter must contain a public key', INVALID_REQUEST, {\n header: proof.header,\n });\n }\n await validateJwsSignature(protectedHeader, payload, key, signature);\n}\nexport async function validateJwtAccessToken(as, request, expectedAudience, options) {\n assertAs(as);\n if (!looseInstanceOf(request, Request)) {\n throw CodedTypeError('\"request\" must be an instance of Request', ERR_INVALID_ARG_TYPE);\n }\n assertString(expectedAudience, '\"expectedAudience\"');\n const authorization = request.headers.get('authorization');\n if (authorization === null) {\n throw OPE('\"request\" is missing an Authorization HTTP Header', INVALID_REQUEST, {\n headers: request.headers,\n });\n }\n let { 0: scheme, 1: accessToken, length } = authorization.split(' ');\n scheme = scheme.toLowerCase();\n switch (scheme) {\n case 'dpop':\n case 'bearer':\n break;\n default:\n throw new UnsupportedOperationError('unsupported Authorization HTTP Header scheme', {\n cause: { headers: request.headers },\n });\n }\n if (length !== 2) {\n throw OPE('invalid Authorization HTTP Header format', INVALID_REQUEST, {\n headers: request.headers,\n });\n }\n const requiredClaims = [\n 'iss',\n 'exp',\n 'aud',\n 'sub',\n 'iat',\n 'jti',\n 'client_id',\n ];\n if (options?.requireDPoP || scheme === 'dpop' || request.headers.has('dpop')) {\n requiredClaims.push('cnf');\n }\n const { claims, header } = await validateJwt(accessToken, checkSigningAlgorithm.bind(undefined, options?.signingAlgorithms, undefined, supported), getClockSkew(options), getClockTolerance(options), undefined)\n .then(checkJwtType.bind(undefined, 'at+jwt'))\n .then(validatePresence.bind(undefined, requiredClaims))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, expectedAudience))\n .catch(reassignRSCode);\n for (const claim of ['client_id', 'jti', 'sub']) {\n if (typeof claims[claim] !== 'string') {\n throw OPE(`unexpected JWT \"${claim}\" claim type`, INVALID_REQUEST, { claims });\n }\n }\n if ('cnf' in claims) {\n if (!isJsonObject(claims.cnf)) {\n throw OPE('unexpected JWT \"cnf\" (confirmation) claim value', INVALID_REQUEST, { claims });\n }\n const { 0: cnf, length } = Object.keys(claims.cnf);\n if (length) {\n if (length !== 1) {\n throw new UnsupportedOperationError('multiple confirmation claims are not supported', {\n cause: { claims },\n });\n }\n if (cnf !== 'jkt') {\n throw new UnsupportedOperationError('unsupported JWT Confirmation method', {\n cause: { claims },\n });\n }\n }\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = accessToken.split('.');\n const signature = b64u(encodedSignature);\n const key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, signature);\n if (options?.requireDPoP ||\n scheme === 'dpop' ||\n claims.cnf?.jkt !== undefined ||\n request.headers.has('dpop')) {\n await validateDPoP(request, accessToken, claims, options).catch(reassignRSCode);\n }\n return claims;\n}\nfunction reassignRSCode(err) {\n if (err instanceof OperationProcessingError && err?.code === INVALID_REQUEST) {\n err.code = INVALID_RESPONSE;\n }\n throw err;\n}\nexport async function backchannelAuthenticationRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'backchannel_authentication_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(parameters);\n body.set('client_id', client.client_id);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processBackchannelAuthenticationResponse(as, client, response) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Backchannel Authentication Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.auth_req_id, '\"response\" body \"auth_req_id\" property', INVALID_RESPONSE, {\n body: json,\n });\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n if (json.interval !== undefined) {\n assertNumber(json.interval, false, '\"response\" body \"interval\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nexport async function backchannelAuthenticationGrantRequest(as, client, clientAuthentication, authReqId, options) {\n assertAs(as);\n assertClient(client);\n assertString(authReqId, '\"authReqId\"');\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('auth_req_id', authReqId);\n return tokenEndpointRequest(as, client, clientAuthentication, 'urn:openid:params:grant-type:ciba', parameters, options);\n}\nexport async function processBackchannelAuthenticationGrantResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function dynamicClientRegistrationRequest(as, metadata, options) {\n assertAs(as);\n const url = resolveEndpoint(as, 'registration_endpoint', metadata.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n headers.set('content-type', 'application/json');\n const method = 'POST';\n if (options?.DPoP) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, method, options.initialAccessToken);\n }\n if (options?.initialAccessToken) {\n headers.set('authorization', `${headers.has('dpop') ? 'DPoP' : 'Bearer'} ${options.initialAccessToken}`);\n }\n const response = await (options?.[customFetch] || fetch)(url.href, {\n body: JSON.stringify(metadata),\n headers: Object.fromEntries(headers.entries()),\n method,\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nexport async function processDynamicClientRegistrationResponse(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 201, 'Dynamic Client Registration Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.client_id, '\"response\" body \"client_id\" property', INVALID_RESPONSE, {\n body: json,\n });\n if (json.client_secret !== undefined) {\n assertString(json.client_secret, '\"response\" body \"client_secret\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n if (json.client_secret) {\n assertNumber(json.client_secret_expires_at, true, '\"response\" body \"client_secret_expires_at\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nexport async function resourceDiscoveryRequest(resourceIdentifier, options) {\n return performDiscovery(resourceIdentifier, 'resourceIdentifier', (url) => {\n prependWellKnown(url, '.well-known/oauth-protected-resource', true);\n return url;\n }, options);\n}\nexport async function processResourceDiscoveryResponse(expectedResourceIdentifier, response) {\n const expected = expectedResourceIdentifier;\n if (!(expected instanceof URL) && expected !== _nodiscoverycheck) {\n throw CodedTypeError('\"expectedResourceIdentifier\" must be an instance of URL', ERR_INVALID_ARG_TYPE);\n }\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform Resource Server Metadata response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.resource, '\"response\" body \"resource\" property', INVALID_RESPONSE, {\n body: json,\n });\n if (expected !== _nodiscoverycheck && new URL(json.resource).href !== expected.href) {\n throw OPE('\"response\" body \"resource\" property does not match the expected value', JSON_ATTRIBUTE_COMPARISON, { expected: expected.href, body: json, attribute: 'resource' });\n }\n return json;\n}\nasync function getResponseJsonBody(response, check = assertApplicationJson) {\n let json;\n try {\n json = await response.json();\n }\n catch (cause) {\n check(response);\n throw OPE('failed to parse \"response\" body as JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(json)) {\n throw OPE('\"response\" body must be a top level object', INVALID_RESPONSE, { body: json });\n }\n return json;\n}\nexport const _nopkce = nopkce;\nexport const _nodiscoverycheck = Symbol();\nexport const _expectedIssuer = Symbol();\n//# sourceMappingURL=index.js.map","import * as oauth from 'oauth4webapi';\nimport { compactDecrypt } from 'jose/jwe/compact/decrypt';\nimport { JOSEError } from 'jose/errors';\nlet headers;\nlet USER_AGENT;\nif (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {\n const NAME = 'openid-client';\n const VERSION = 'v6.8.1';\n USER_AGENT = `${NAME}/${VERSION}`;\n headers = { 'user-agent': USER_AGENT };\n}\nconst int = (config) => {\n return props.get(config);\n};\nlet props;\nexport { AuthorizationResponseError, ResponseBodyError, WWWAuthenticateChallengeError, } from 'oauth4webapi';\nlet tbi;\nexport function ClientSecretPost(clientSecret) {\n if (clientSecret !== undefined) {\n return oauth.ClientSecretPost(clientSecret);\n }\n tbi ||= new WeakMap();\n return (as, client, body, headers) => {\n let auth;\n if (!(auth = tbi.get(client))) {\n assertString(client.client_secret, '\"metadata.client_secret\"');\n auth = oauth.ClientSecretPost(client.client_secret);\n tbi.set(client, auth);\n }\n return auth(as, client, body, headers);\n };\n}\nfunction assertString(input, it) {\n if (typeof input !== 'string') {\n throw CodedTypeError(`${it} must be a string`, ERR_INVALID_ARG_TYPE);\n }\n if (input.length === 0) {\n throw CodedTypeError(`${it} must not be empty`, ERR_INVALID_ARG_VALUE);\n }\n}\nexport function ClientSecretBasic(clientSecret) {\n if (clientSecret !== undefined) {\n return oauth.ClientSecretBasic(clientSecret);\n }\n tbi ||= new WeakMap();\n return (as, client, body, headers) => {\n let auth;\n if (!(auth = tbi.get(client))) {\n assertString(client.client_secret, '\"metadata.client_secret\"');\n auth = oauth.ClientSecretBasic(client.client_secret);\n tbi.set(client, auth);\n }\n return auth(as, client, body, headers);\n };\n}\nexport function ClientSecretJwt(clientSecret, options) {\n if (clientSecret !== undefined) {\n return oauth.ClientSecretJwt(clientSecret, options);\n }\n tbi ||= new WeakMap();\n return (as, client, body, headers) => {\n let auth;\n if (!(auth = tbi.get(client))) {\n assertString(client.client_secret, '\"metadata.client_secret\"');\n auth = oauth.ClientSecretJwt(client.client_secret, options);\n tbi.set(client, auth);\n }\n return auth(as, client, body, headers);\n };\n}\nexport function None() {\n return oauth.None();\n}\nexport function PrivateKeyJwt(clientPrivateKey, options) {\n return oauth.PrivateKeyJwt(clientPrivateKey, options);\n}\nexport function TlsClientAuth() {\n return oauth.TlsClientAuth();\n}\nexport const skipStateCheck = oauth.skipStateCheck;\nexport const skipSubjectCheck = oauth.skipSubjectCheck;\nexport const customFetch = oauth.customFetch;\nexport const modifyAssertion = oauth.modifyAssertion;\nexport const clockSkew = oauth.clockSkew;\nexport const clockTolerance = oauth.clockTolerance;\nconst ERR_INVALID_ARG_VALUE = 'ERR_INVALID_ARG_VALUE';\nconst ERR_INVALID_ARG_TYPE = 'ERR_INVALID_ARG_TYPE';\nfunction CodedTypeError(message, code, cause) {\n const err = new TypeError(message, { cause });\n Object.assign(err, { code });\n return err;\n}\nexport function calculatePKCECodeChallenge(codeVerifier) {\n return oauth.calculatePKCECodeChallenge(codeVerifier);\n}\nexport function randomPKCECodeVerifier() {\n return oauth.generateRandomCodeVerifier();\n}\nexport function randomNonce() {\n return oauth.generateRandomNonce();\n}\nexport function randomState() {\n return oauth.generateRandomState();\n}\nexport class ClientError extends Error {\n code;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = options?.code;\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nconst decoder = new TextDecoder();\nfunction e(msg, cause, code) {\n return new ClientError(msg, { cause, code });\n}\nfunction errorHandler(err) {\n if (err instanceof TypeError ||\n err instanceof ClientError ||\n err instanceof oauth.ResponseBodyError ||\n err instanceof oauth.AuthorizationResponseError ||\n err instanceof oauth.WWWAuthenticateChallengeError) {\n throw err;\n }\n if (err instanceof oauth.OperationProcessingError) {\n switch (err.code) {\n case oauth.HTTP_REQUEST_FORBIDDEN:\n throw e('only requests to HTTPS are allowed', err, err.code);\n case oauth.REQUEST_PROTOCOL_FORBIDDEN:\n throw e('only requests to HTTP or HTTPS are allowed', err, err.code);\n case oauth.RESPONSE_IS_NOT_CONFORM:\n throw e('unexpected HTTP response status code', err.cause, err.code);\n case oauth.RESPONSE_IS_NOT_JSON:\n throw e('unexpected response content-type', err.cause, err.code);\n case oauth.PARSE_ERROR:\n throw e('parsing error occured', err, err.code);\n case oauth.INVALID_RESPONSE:\n throw e('invalid response encountered', err, err.code);\n case oauth.JWT_CLAIM_COMPARISON:\n throw e('unexpected JWT claim value encountered', err, err.code);\n case oauth.JSON_ATTRIBUTE_COMPARISON:\n throw e('unexpected JSON attribute value encountered', err, err.code);\n case oauth.JWT_TIMESTAMP_CHECK:\n throw e('JWT timestamp claim value failed validation', err, err.code);\n default:\n throw e(err.message, err, err.code);\n }\n }\n if (err instanceof oauth.UnsupportedOperationError) {\n throw e('unsupported operation', err, err.code);\n }\n if (err instanceof DOMException) {\n switch (err.name) {\n case 'OperationError':\n throw e('runtime operation error', err, oauth.UNSUPPORTED_OPERATION);\n case 'NotSupportedError':\n throw e('runtime unsupported operation', err, oauth.UNSUPPORTED_OPERATION);\n case 'TimeoutError':\n throw e('operation timed out', err, 'OAUTH_TIMEOUT');\n case 'AbortError':\n throw e('operation aborted', err, 'OAUTH_ABORT');\n }\n }\n throw new ClientError('something went wrong', { cause: err });\n}\nexport function randomDPoPKeyPair(alg, options) {\n return oauth\n .generateKeyPair(alg ?? 'ES256', {\n extractable: options?.extractable,\n })\n .catch(errorHandler);\n}\nfunction handleEntraId(server, as, options) {\n if (server.origin === 'https://login.microsoftonline.com' &&\n (!options?.algorithm || options.algorithm === 'oidc')) {\n as[kEntraId] = true;\n return true;\n }\n return false;\n}\nfunction handleB2Clogin(server, options) {\n if (server.hostname.endsWith('.b2clogin.com') &&\n (!options?.algorithm || options.algorithm === 'oidc')) {\n return true;\n }\n return false;\n}\nexport async function dynamicClientRegistration(server, metadata, clientAuthentication, options) {\n let as;\n if (options?.flag === retry) {\n as = options.as;\n }\n else {\n as = await performDiscovery(server, options);\n }\n const clockSkew = metadata[oauth.clockSkew] ?? 0;\n const clockTolerance = metadata[oauth.clockTolerance] ?? 30;\n metadata = structuredClone(metadata);\n const timeout = options?.timeout ?? 30;\n const signal = AbortSignal.timeout(timeout * 1000);\n let registered;\n try {\n registered = await oauth\n .dynamicClientRegistrationRequest(as, metadata, {\n initialAccessToken: options?.initialAccessToken,\n DPoP: options?.DPoP,\n headers: new Headers(headers),\n [oauth.customFetch]: options?.[customFetch],\n [oauth.allowInsecureRequests]: options?.execute?.includes(allowInsecureRequests),\n signal,\n })\n .then(oauth.processDynamicClientRegistrationResponse);\n }\n catch (err) {\n if (retryable(err, options)) {\n return dynamicClientRegistration(server, metadata, clientAuthentication, {\n ...options,\n flag: retry,\n as,\n });\n }\n errorHandler(err);\n }\n registered[oauth.clockSkew] = clockSkew;\n registered[oauth.clockTolerance] = clockTolerance;\n const instance = new Configuration(as, registered.client_id, registered, clientAuthentication);\n let internals = int(instance);\n if (options?.[customFetch]) {\n internals.fetch = options[customFetch];\n }\n if (options?.timeout) {\n internals.timeout = options.timeout;\n }\n if (options?.execute) {\n for (const extension of options.execute) {\n extension(instance);\n }\n }\n return instance;\n}\nexport async function discovery(server, clientId, metadata, clientAuthentication, options) {\n const as = await performDiscovery(server, options);\n const instance = new Configuration(as, clientId, metadata, clientAuthentication);\n let internals = int(instance);\n if (options?.[customFetch]) {\n internals.fetch = options[customFetch];\n }\n if (options?.timeout) {\n internals.timeout = options.timeout;\n }\n if (options?.execute) {\n for (const extension of options.execute) {\n extension(instance);\n }\n }\n return instance;\n}\nasync function performDiscovery(server, options) {\n if (!(server instanceof URL)) {\n throw CodedTypeError('\"server\" must be an instance of URL', ERR_INVALID_ARG_TYPE);\n }\n const resolve = !server.href.includes('/.well-known/');\n const timeout = options?.timeout ?? 30;\n const signal = AbortSignal.timeout(timeout * 1000);\n const as = await (resolve\n ? oauth.discoveryRequest(server, {\n algorithm: options?.algorithm,\n [oauth.customFetch]: options?.[customFetch],\n [oauth.allowInsecureRequests]: options?.execute?.includes(allowInsecureRequests),\n signal,\n headers: new Headers(headers),\n })\n : (options?.[customFetch] || fetch)((() => {\n oauth.checkProtocol(server, options?.execute?.includes(allowInsecureRequests) ? false : true);\n return server.href;\n })(), {\n headers: Object.fromEntries(new Headers({ accept: 'application/json', ...headers }).entries()),\n body: undefined,\n method: 'GET',\n redirect: 'manual',\n signal,\n }))\n .then((response) => oauth.processDiscoveryResponse(oauth._nodiscoverycheck, response))\n .catch(errorHandler);\n if (resolve && new URL(as.issuer).href !== server.href) {\n handleEntraId(server, as, options) ||\n handleB2Clogin(server, options) ||\n (() => {\n throw new ClientError('discovered metadata issuer does not match the expected issuer', {\n code: oauth.JSON_ATTRIBUTE_COMPARISON,\n cause: {\n expected: server.href,\n body: as,\n attribute: 'issuer',\n },\n });\n })();\n }\n return as;\n}\nfunction isRsaOaep(input) {\n return input.name === 'RSA-OAEP';\n}\nfunction isEcdh(input) {\n return input.name === 'ECDH';\n}\nconst ecdhEs = 'ECDH-ES';\nconst ecdhEsA128Kw = 'ECDH-ES+A128KW';\nconst ecdhEsA192Kw = 'ECDH-ES+A192KW';\nconst ecdhEsA256Kw = 'ECDH-ES+A256KW';\nfunction checkEcdhAlg(algs, alg, pk) {\n switch (alg) {\n case undefined:\n algs.add(ecdhEs);\n algs.add(ecdhEsA128Kw);\n algs.add(ecdhEsA192Kw);\n algs.add(ecdhEsA256Kw);\n break;\n case ecdhEs:\n case ecdhEsA128Kw:\n case ecdhEsA192Kw:\n case ecdhEsA256Kw:\n algs.add(alg);\n break;\n default:\n throw CodedTypeError('invalid key alg', ERR_INVALID_ARG_VALUE, { pk });\n }\n}\nexport function enableDecryptingResponses(config, contentEncryptionAlgorithms = [\n 'A128GCM',\n 'A192GCM',\n 'A256GCM',\n 'A128CBC-HS256',\n 'A192CBC-HS384',\n 'A256CBC-HS512',\n], ...keys) {\n if (int(config).decrypt !== undefined) {\n throw new TypeError('enableDecryptingResponses can only be called on a given Configuration instance once');\n }\n if (keys.length === 0) {\n throw CodedTypeError('no keys were provided', ERR_INVALID_ARG_VALUE);\n }\n const algs = new Set();\n const normalized = [];\n for (const pk of keys) {\n let key;\n if ('key' in pk) {\n key = { key: pk.key };\n if (typeof pk.alg === 'string')\n key.alg = pk.alg;\n if (typeof pk.kid === 'string')\n key.kid = pk.kid;\n }\n else {\n key = { key: pk };\n }\n if (key.key.type !== 'private') {\n throw CodedTypeError('only private keys must be provided', ERR_INVALID_ARG_VALUE);\n }\n if (isRsaOaep(key.key.algorithm)) {\n switch (key.key.algorithm.hash.name) {\n case 'SHA-1':\n case 'SHA-256':\n case 'SHA-384':\n case 'SHA-512': {\n let alg = 'RSA-OAEP';\n let sha;\n if ((sha = parseInt(key.key.algorithm.hash.name.slice(-3), 10))) {\n alg = `${alg}-${sha}`;\n }\n key.alg ||= alg;\n if (alg !== key.alg)\n throw CodedTypeError('invalid key alg', ERR_INVALID_ARG_VALUE, {\n pk,\n });\n algs.add(key.alg);\n break;\n }\n default:\n throw CodedTypeError('only SHA-512, SHA-384, SHA-256, and SHA-1 RSA-OAEP keys are supported', ERR_INVALID_ARG_VALUE);\n }\n }\n else if (isEcdh(key.key.algorithm)) {\n if (key.key.algorithm.namedCurve !== 'P-256') {\n throw CodedTypeError('Only P-256 ECDH keys are supported', ERR_INVALID_ARG_VALUE);\n }\n checkEcdhAlg(algs, key.alg, pk);\n }\n else if (key.key.algorithm.name === 'X25519') {\n checkEcdhAlg(algs, key.alg, pk);\n }\n else {\n throw CodedTypeError('only RSA-OAEP, ECDH, or X25519 keys are supported', ERR_INVALID_ARG_VALUE);\n }\n normalized.push(key);\n }\n int(config).decrypt = async (jwe) => decrypt(normalized, jwe, contentEncryptionAlgorithms, [...algs]).catch(errorHandler);\n}\nfunction checkCryptoKey(key, alg, epk) {\n if (alg.startsWith('RSA-OAEP')) {\n return true;\n }\n if (alg.startsWith('ECDH-ES')) {\n if (key.algorithm.name !== 'ECDH' && key.algorithm.name !== 'X25519') {\n return false;\n }\n if (key.algorithm.name === 'ECDH') {\n return epk?.crv === key.algorithm.namedCurve;\n }\n if (key.algorithm.name === 'X25519') {\n return epk?.crv === 'X25519';\n }\n }\n return false;\n}\nfunction selectCryptoKeyForDecryption(keys, alg, kid, epk) {\n const { 0: key, length } = keys.filter((key) => {\n if (kid !== key.kid) {\n return false;\n }\n if (key.alg && alg !== key.alg) {\n return false;\n }\n return checkCryptoKey(key.key, alg, epk);\n });\n if (!key) {\n throw e('no applicable decryption key selected', undefined, 'OAUTH_DECRYPTION_FAILED');\n }\n if (length !== 1) {\n throw e('multiple applicable decryption keys selected', undefined, 'OAUTH_DECRYPTION_FAILED');\n }\n return key.key;\n}\nasync function decrypt(keys, jwe, contentEncryptionAlgorithms, keyManagementAlgorithms) {\n return decoder.decode((await compactDecrypt(jwe, (header) => {\n const { kid, alg, epk } = header;\n return selectCryptoKeyForDecryption(keys, alg, kid, epk);\n }, { keyManagementAlgorithms, contentEncryptionAlgorithms }).catch((err) => {\n if (err instanceof JOSEError) {\n throw e('decryption failed', err, 'OAUTH_DECRYPTION_FAILED');\n }\n errorHandler(err);\n })).plaintext);\n}\nfunction getServerHelpers(metadata) {\n return {\n supportsPKCE: {\n __proto__: null,\n value(method = 'S256') {\n return (metadata.code_challenge_methods_supported?.includes(method) === true);\n },\n },\n };\n}\nfunction addServerHelpers(metadata) {\n Object.defineProperties(metadata, getServerHelpers(metadata));\n}\nconst kEntraId = Symbol();\nexport class Configuration {\n constructor(server, clientId, metadata, clientAuthentication) {\n if (typeof clientId !== 'string' || !clientId.length) {\n throw CodedTypeError('\"clientId\" must be a non-empty string', ERR_INVALID_ARG_TYPE);\n }\n if (typeof metadata === 'string') {\n metadata = { client_secret: metadata };\n }\n if (metadata?.client_id !== undefined && clientId !== metadata.client_id) {\n throw CodedTypeError('\"clientId\" and \"metadata.client_id\" must be the same', ERR_INVALID_ARG_VALUE);\n }\n const client = {\n ...structuredClone(metadata),\n client_id: clientId,\n };\n client[oauth.clockSkew] = metadata?.[oauth.clockSkew] ?? 0;\n client[oauth.clockTolerance] = metadata?.[oauth.clockTolerance] ?? 30;\n let auth;\n if (clientAuthentication) {\n auth = clientAuthentication;\n }\n else {\n if (typeof client.client_secret === 'string' &&\n client.client_secret.length) {\n auth = ClientSecretPost(client.client_secret);\n }\n else {\n auth = None();\n }\n }\n let c = Object.freeze(client);\n const clone = structuredClone(server);\n if (kEntraId in server) {\n clone[oauth._expectedIssuer] = ({ claims: { tid } }) => server.issuer.replace('{tenantid}', tid);\n }\n let as = Object.freeze(clone);\n props ||= new WeakMap();\n props.set(this, {\n __proto__: null,\n as,\n c,\n auth,\n tlsOnly: true,\n jwksCache: {},\n });\n }\n serverMetadata() {\n const metadata = structuredClone(int(this).as);\n addServerHelpers(metadata);\n return metadata;\n }\n clientMetadata() {\n const metadata = structuredClone(int(this).c);\n return metadata;\n }\n get timeout() {\n return int(this).timeout;\n }\n set timeout(value) {\n int(this).timeout = value;\n }\n get [customFetch]() {\n return int(this).fetch;\n }\n set [customFetch](value) {\n int(this).fetch = value;\n }\n}\nObject.freeze(Configuration.prototype);\nfunction getHelpers(response) {\n let exp = undefined;\n if (response.expires_in !== undefined) {\n const now = new Date();\n now.setSeconds(now.getSeconds() + response.expires_in);\n exp = now.getTime();\n }\n return {\n expiresIn: {\n __proto__: null,\n value() {\n if (exp) {\n const now = Date.now();\n if (exp > now) {\n return Math.floor((exp - now) / 1000);\n }\n return 0;\n }\n return undefined;\n },\n },\n claims: {\n __proto__: null,\n value() {\n try {\n return oauth.getValidatedIdTokenClaims(this);\n }\n catch {\n return undefined;\n }\n },\n },\n };\n}\nfunction addHelpers(response) {\n Object.defineProperties(response, getHelpers(response));\n}\nexport function getDPoPHandle(config, keyPair, options) {\n checkConfig(config);\n return oauth.DPoP(int(config).c, keyPair, options);\n}\nasync function handleRetryAfter(response, currentInterval, signal, throwIfInvalid = false) {\n const retryAfter = response.headers.get('retry-after')?.trim();\n if (retryAfter === undefined)\n return;\n let delaySeconds;\n if (/^\\d+$/.test(retryAfter)) {\n delaySeconds = parseInt(retryAfter, 10);\n }\n else {\n const retryDate = new Date(retryAfter);\n if (Number.isFinite(retryDate.getTime())) {\n const now = new Date();\n const delayMs = retryDate.getTime() - now.getTime();\n if (delayMs > 0) {\n delaySeconds = Math.ceil(delayMs / 1000);\n }\n }\n }\n if (throwIfInvalid && !Number.isFinite(delaySeconds)) {\n throw new oauth.OperationProcessingError('invalid Retry-After header value', { cause: response });\n }\n if (delaySeconds > currentInterval) {\n await wait(delaySeconds - currentInterval, signal);\n }\n}\nfunction wait(duration, signal) {\n return new Promise((resolve, reject) => {\n const waitStep = (remaining) => {\n try {\n signal.throwIfAborted();\n }\n catch (err) {\n reject(err);\n return;\n }\n if (remaining <= 0) {\n resolve();\n return;\n }\n const currentWait = Math.min(remaining, 5);\n setTimeout(() => waitStep(remaining - currentWait), currentWait * 1000);\n };\n waitStep(duration);\n });\n}\nexport async function pollDeviceAuthorizationGrant(config, deviceAuthorizationResponse, parameters, options) {\n checkConfig(config);\n parameters = new URLSearchParams(parameters);\n let interval = deviceAuthorizationResponse.interval ?? 5;\n const pollingSignal = options?.signal ??\n AbortSignal.timeout(deviceAuthorizationResponse.expires_in * 1000);\n try {\n await wait(interval, pollingSignal);\n }\n catch (err) {\n errorHandler(err);\n }\n const { as, c, auth, fetch, tlsOnly, nonRepudiation, timeout, decrypt } = int(config);\n const retryPoll = (updatedInterval, flag) => pollDeviceAuthorizationGrant(config, {\n ...deviceAuthorizationResponse,\n interval: updatedInterval,\n }, parameters, {\n ...options,\n signal: pollingSignal,\n flag,\n });\n const response = await oauth\n .deviceCodeGrantRequest(as, c, auth, deviceAuthorizationResponse.device_code, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n additionalParameters: parameters,\n DPoP: options?.DPoP,\n headers: new Headers(headers),\n signal: pollingSignal.aborted ? pollingSignal : signal(timeout),\n })\n .catch(errorHandler);\n if (response.status === 503 && response.headers.has('retry-after')) {\n await handleRetryAfter(response, interval, pollingSignal, true);\n await response.body?.cancel();\n return retryPoll(interval);\n }\n const p = oauth.processDeviceCodeResponse(as, c, response, {\n [oauth.jweDecrypt]: decrypt,\n });\n let result;\n try {\n result = await p;\n }\n catch (err) {\n if (retryable(err, options)) {\n return retryPoll(interval, retry);\n }\n if (err instanceof oauth.ResponseBodyError) {\n switch (err.error) {\n case 'slow_down':\n interval += 5;\n case 'authorization_pending':\n await handleRetryAfter(err.response, interval, pollingSignal);\n return retryPoll(interval);\n }\n }\n errorHandler(err);\n }\n result.id_token && (await nonRepudiation?.(response));\n addHelpers(result);\n return result;\n}\nexport async function initiateDeviceAuthorization(config, parameters) {\n checkConfig(config);\n const { as, c, auth, fetch, tlsOnly, timeout } = int(config);\n return oauth\n .deviceAuthorizationRequest(as, c, auth, parameters, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n headers: new Headers(headers),\n signal: signal(timeout),\n })\n .then((response) => oauth.processDeviceAuthorizationResponse(as, c, response))\n .catch(errorHandler);\n}\nexport async function initiateBackchannelAuthentication(config, parameters) {\n checkConfig(config);\n const { as, c, auth, fetch, tlsOnly, timeout } = int(config);\n return oauth\n .backchannelAuthenticationRequest(as, c, auth, parameters, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n headers: new Headers(headers),\n signal: signal(timeout),\n })\n .then((response) => oauth.processBackchannelAuthenticationResponse(as, c, response))\n .catch(errorHandler);\n}\nexport async function pollBackchannelAuthenticationGrant(config, backchannelAuthenticationResponse, parameters, options) {\n checkConfig(config);\n parameters = new URLSearchParams(parameters);\n let interval = backchannelAuthenticationResponse.interval ?? 5;\n const pollingSignal = options?.signal ??\n AbortSignal.timeout(backchannelAuthenticationResponse.expires_in * 1000);\n try {\n await wait(interval, pollingSignal);\n }\n catch (err) {\n errorHandler(err);\n }\n const { as, c, auth, fetch, tlsOnly, nonRepudiation, timeout, decrypt } = int(config);\n const retryPoll = (updatedInterval, flag) => pollBackchannelAuthenticationGrant(config, {\n ...backchannelAuthenticationResponse,\n interval: updatedInterval,\n }, parameters, {\n ...options,\n signal: pollingSignal,\n flag,\n });\n const response = await oauth\n .backchannelAuthenticationGrantRequest(as, c, auth, backchannelAuthenticationResponse.auth_req_id, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n additionalParameters: parameters,\n DPoP: options?.DPoP,\n headers: new Headers(headers),\n signal: pollingSignal.aborted ? pollingSignal : signal(timeout),\n })\n .catch(errorHandler);\n if (response.status === 503 && response.headers.has('retry-after')) {\n await handleRetryAfter(response, interval, pollingSignal, true);\n await response.body?.cancel();\n return retryPoll(interval);\n }\n const p = oauth.processBackchannelAuthenticationGrantResponse(as, c, response, {\n [oauth.jweDecrypt]: decrypt,\n });\n let result;\n try {\n result = await p;\n }\n catch (err) {\n if (retryable(err, options)) {\n return retryPoll(interval, retry);\n }\n if (err instanceof oauth.ResponseBodyError) {\n switch (err.error) {\n case 'slow_down':\n interval += 5;\n case 'authorization_pending':\n await handleRetryAfter(err.response, interval, pollingSignal);\n return retryPoll(interval);\n }\n }\n errorHandler(err);\n }\n result.id_token && (await nonRepudiation?.(response));\n addHelpers(result);\n return result;\n}\nexport function allowInsecureRequests(config) {\n int(config).tlsOnly = false;\n}\nexport function setJwksCache(config, jwksCache) {\n int(config).jwksCache = structuredClone(jwksCache);\n}\nexport function getJwksCache(config) {\n const cache = int(config).jwksCache;\n if (cache.uat) {\n return cache;\n }\n return undefined;\n}\nexport function enableNonRepudiationChecks(config) {\n checkConfig(config);\n int(config).nonRepudiation = (response) => {\n const { as, fetch, tlsOnly, timeout, jwksCache } = int(config);\n return oauth\n .validateApplicationLevelSignature(as, response, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n headers: new Headers(headers),\n signal: signal(timeout),\n [oauth.jwksCache]: jwksCache,\n })\n .catch(errorHandler);\n };\n}\nexport function useJwtResponseMode(config) {\n checkConfig(config);\n const { hybrid, implicit } = int(config);\n if (hybrid || implicit) {\n throw e('JARM cannot be combined with a hybrid or implicit response types', undefined, oauth.UNSUPPORTED_OPERATION);\n }\n int(config).jarm = (authorizationResponse, expectedState) => validateJARMResponse(config, authorizationResponse, expectedState);\n}\nexport function enableDetachedSignatureResponseChecks(config) {\n if (!int(config).hybrid) {\n throw e('\"code id_token\" response type must be configured to be used first', undefined, oauth.UNSUPPORTED_OPERATION);\n }\n int(config).hybrid = (authorizationResponse, expectedNonce, expectedState, maxAge) => validateCodeIdTokenResponse(config, authorizationResponse, expectedNonce, expectedState, maxAge, true);\n}\nexport async function implicitAuthentication(config, currentUrl, expectedNonce, checks) {\n checkConfig(config);\n if (!(currentUrl instanceof URL) &&\n !webInstanceOf(currentUrl, 'Request')) {\n throw CodedTypeError('\"currentUrl\" must be an instance of URL, or Request', ERR_INVALID_ARG_TYPE);\n }\n if (typeof expectedNonce !== 'string') {\n throw CodedTypeError('\"expectedNonce\" must be a string', ERR_INVALID_ARG_TYPE);\n }\n const { as, c, fetch, tlsOnly, timeout, decrypt, implicit, jwksCache } = int(config);\n if (!implicit) {\n throw new TypeError('implicitAuthentication() cannot be used by clients using flows other than response_type=id_token');\n }\n let params;\n if (!(currentUrl instanceof URL)) {\n const request = currentUrl;\n switch (request.method) {\n case 'GET':\n params = new URLSearchParams(new URL(request.url).hash.slice(1));\n break;\n case 'POST':\n params = new URLSearchParams(await oauth.formPostResponse(request));\n break;\n default:\n throw CodedTypeError('unexpected Request HTTP method', ERR_INVALID_ARG_VALUE);\n }\n }\n else {\n params = new URLSearchParams(currentUrl.hash.slice(1));\n }\n try {\n {\n const decoy = new URLSearchParams(params);\n decoy.delete('id_token');\n oauth.validateAuthResponse({\n ...as,\n authorization_response_iss_parameter_supported: undefined,\n }, c, decoy, checks?.expectedState);\n }\n {\n const decoy = new Response(JSON.stringify({\n access_token: 'decoy',\n token_type: 'bearer',\n id_token: params.get('id_token'),\n }), {\n headers: new Headers({ 'content-type': 'application/json' }),\n });\n const ref = await oauth.processAuthorizationCodeResponse(as, c, decoy, {\n expectedNonce,\n maxAge: checks?.maxAge,\n [oauth.jweDecrypt]: decrypt,\n });\n await oauth.validateApplicationLevelSignature(as, decoy, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n headers: new Headers(headers),\n signal: signal(timeout),\n [oauth.jwksCache]: jwksCache,\n });\n return oauth.getValidatedIdTokenClaims(ref);\n }\n }\n catch (err) {\n errorHandler(err);\n }\n}\nexport function useCodeIdTokenResponseType(config) {\n checkConfig(config);\n const { jarm, implicit } = int(config);\n if (jarm || implicit) {\n throw e('\"code id_token\" response type cannot be combined with JARM or implicit response type', undefined, oauth.UNSUPPORTED_OPERATION);\n }\n int(config).hybrid = (authorizationResponse, expectedNonce, expectedState, maxAge) => validateCodeIdTokenResponse(config, authorizationResponse, expectedNonce, expectedState, maxAge, false);\n}\nexport function useIdTokenResponseType(config) {\n checkConfig(config);\n const { jarm, hybrid } = int(config);\n if (jarm || hybrid) {\n throw e('\"id_token\" response type cannot be combined with JARM or hybrid response type', undefined, oauth.UNSUPPORTED_OPERATION);\n }\n int(config).implicit = true;\n}\nfunction stripParams(url) {\n url = new URL(url);\n url.search = '';\n url.hash = '';\n return url.href;\n}\nfunction webInstanceOf(input, toStringTag) {\n try {\n return Object.getPrototypeOf(input)[Symbol.toStringTag] === toStringTag;\n }\n catch {\n return false;\n }\n}\nexport async function authorizationCodeGrant(config, currentUrl, checks, tokenEndpointParameters, options) {\n checkConfig(config);\n if (options?.flag !== retry &&\n !(currentUrl instanceof URL) &&\n !webInstanceOf(currentUrl, 'Request')) {\n throw CodedTypeError('\"currentUrl\" must be an instance of URL, or Request', ERR_INVALID_ARG_TYPE);\n }\n let authResponse;\n let redirectUri;\n const { as, c, auth, fetch, tlsOnly, jarm, hybrid, nonRepudiation, timeout, decrypt, implicit } = int(config);\n if (options?.flag === retry) {\n authResponse = options.authResponse;\n redirectUri = options.redirectUri;\n }\n else {\n if (!(currentUrl instanceof URL)) {\n const request = currentUrl;\n currentUrl = new URL(currentUrl.url);\n switch (request.method) {\n case 'GET':\n break;\n case 'POST':\n const params = new URLSearchParams(await oauth.formPostResponse(request));\n if (hybrid) {\n currentUrl.hash = params.toString();\n }\n else {\n for (const [k, v] of params.entries()) {\n currentUrl.searchParams.append(k, v);\n }\n }\n break;\n default:\n throw CodedTypeError('unexpected Request HTTP method', ERR_INVALID_ARG_VALUE);\n }\n }\n redirectUri = stripParams(currentUrl);\n switch (true) {\n case !!jarm:\n authResponse = await jarm(currentUrl, checks?.expectedState);\n break;\n case !!hybrid:\n authResponse = await hybrid(currentUrl, checks?.expectedNonce, checks?.expectedState, checks?.maxAge);\n break;\n case !!implicit:\n throw new TypeError('authorizationCodeGrant() cannot be used by response_type=id_token clients');\n default:\n try {\n authResponse = oauth.validateAuthResponse(as, c, currentUrl.searchParams, checks?.expectedState);\n }\n catch (err) {\n errorHandler(err);\n }\n }\n }\n const response = await oauth\n .authorizationCodeGrantRequest(as, c, auth, authResponse, redirectUri, checks?.pkceCodeVerifier || oauth.nopkce, {\n additionalParameters: tokenEndpointParameters,\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n DPoP: options?.DPoP,\n headers: new Headers(headers),\n signal: signal(timeout),\n })\n .catch(errorHandler);\n if (typeof checks?.expectedNonce === 'string' ||\n typeof checks?.maxAge === 'number') {\n checks.idTokenExpected = true;\n }\n const p = oauth.processAuthorizationCodeResponse(as, c, response, {\n expectedNonce: checks?.expectedNonce,\n maxAge: checks?.maxAge,\n requireIdToken: checks?.idTokenExpected,\n [oauth.jweDecrypt]: decrypt,\n });\n let result;\n try {\n result = await p;\n }\n catch (err) {\n if (retryable(err, options)) {\n return authorizationCodeGrant(config, undefined, checks, tokenEndpointParameters, {\n ...options,\n flag: retry,\n authResponse: authResponse,\n redirectUri: redirectUri,\n });\n }\n errorHandler(err);\n }\n result.id_token && (await nonRepudiation?.(response));\n addHelpers(result);\n return result;\n}\nasync function validateJARMResponse(config, authorizationResponse, expectedState) {\n const { as, c, fetch, tlsOnly, timeout, decrypt, jwksCache } = int(config);\n return oauth\n .validateJwtAuthResponse(as, c, authorizationResponse, expectedState, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n headers: new Headers(headers),\n signal: signal(timeout),\n [oauth.jweDecrypt]: decrypt,\n [oauth.jwksCache]: jwksCache,\n })\n .catch(errorHandler);\n}\nasync function validateCodeIdTokenResponse(config, authorizationResponse, expectedNonce, expectedState, maxAge, fapi) {\n if (typeof expectedNonce !== 'string') {\n throw CodedTypeError('\"expectedNonce\" must be a string', ERR_INVALID_ARG_TYPE);\n }\n if (expectedState !== undefined && typeof expectedState !== 'string') {\n throw CodedTypeError('\"expectedState\" must be a string', ERR_INVALID_ARG_TYPE);\n }\n const { as, c, fetch, tlsOnly, timeout, decrypt, jwksCache } = int(config);\n return (fapi\n ? oauth.validateDetachedSignatureResponse\n : oauth.validateCodeIdTokenResponse)(as, c, authorizationResponse, expectedNonce, expectedState, maxAge, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n headers: new Headers(headers),\n signal: signal(timeout),\n [oauth.jweDecrypt]: decrypt,\n [oauth.jwksCache]: jwksCache,\n }).catch(errorHandler);\n}\nexport async function refreshTokenGrant(config, refreshToken, parameters, options) {\n checkConfig(config);\n parameters = new URLSearchParams(parameters);\n const { as, c, auth, fetch, tlsOnly, nonRepudiation, timeout, decrypt } = int(config);\n const response = await oauth\n .refreshTokenGrantRequest(as, c, auth, refreshToken, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n additionalParameters: parameters,\n DPoP: options?.DPoP,\n headers: new Headers(headers),\n signal: signal(timeout),\n })\n .catch(errorHandler);\n const p = oauth.processRefreshTokenResponse(as, c, response, {\n [oauth.jweDecrypt]: decrypt,\n });\n let result;\n try {\n result = await p;\n }\n catch (err) {\n if (retryable(err, options)) {\n return refreshTokenGrant(config, refreshToken, parameters, {\n ...options,\n flag: retry,\n });\n }\n errorHandler(err);\n }\n result.id_token && (await nonRepudiation?.(response));\n addHelpers(result);\n return result;\n}\nexport async function clientCredentialsGrant(config, parameters, options) {\n checkConfig(config);\n parameters = new URLSearchParams(parameters);\n const { as, c, auth, fetch, tlsOnly, timeout } = int(config);\n const response = await oauth\n .clientCredentialsGrantRequest(as, c, auth, parameters, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n DPoP: options?.DPoP,\n headers: new Headers(headers),\n signal: signal(timeout),\n })\n .catch(errorHandler);\n const p = oauth.processClientCredentialsResponse(as, c, response);\n let result;\n try {\n result = await p;\n }\n catch (err) {\n if (retryable(err, options)) {\n return clientCredentialsGrant(config, parameters, {\n ...options,\n flag: retry,\n });\n }\n errorHandler(err);\n }\n addHelpers(result);\n return result;\n}\nexport function buildAuthorizationUrl(config, parameters) {\n checkConfig(config);\n const { as, c, tlsOnly, hybrid, jarm, implicit } = int(config);\n const authorizationEndpoint = oauth.resolveEndpoint(as, 'authorization_endpoint', false, tlsOnly);\n parameters = new URLSearchParams(parameters);\n if (!parameters.has('client_id')) {\n parameters.set('client_id', c.client_id);\n }\n if (!parameters.has('request_uri') && !parameters.has('request')) {\n if (!parameters.has('response_type')) {\n parameters.set('response_type', hybrid ? 'code id_token' : implicit ? 'id_token' : 'code');\n }\n if (implicit && !parameters.has('nonce')) {\n throw CodedTypeError('response_type=id_token clients must provide a nonce parameter in their authorization request parameters', ERR_INVALID_ARG_VALUE);\n }\n if (jarm) {\n parameters.set('response_mode', 'jwt');\n }\n }\n for (const [k, v] of parameters.entries()) {\n authorizationEndpoint.searchParams.append(k, v);\n }\n return authorizationEndpoint;\n}\nexport async function buildAuthorizationUrlWithJAR(config, parameters, signingKey, options) {\n checkConfig(config);\n const authorizationEndpoint = buildAuthorizationUrl(config, parameters);\n parameters = authorizationEndpoint.searchParams;\n if (!signingKey) {\n throw CodedTypeError('\"signingKey\" must be provided', ERR_INVALID_ARG_VALUE);\n }\n const { as, c } = int(config);\n const request = await oauth\n .issueRequestObject(as, c, parameters, signingKey, options)\n .catch(errorHandler);\n return buildAuthorizationUrl(config, { request });\n}\nexport async function buildAuthorizationUrlWithPAR(config, parameters, options) {\n checkConfig(config);\n const authorizationEndpoint = buildAuthorizationUrl(config, parameters);\n const { as, c, auth, fetch, tlsOnly, timeout } = int(config);\n const response = await oauth\n .pushedAuthorizationRequest(as, c, auth, authorizationEndpoint.searchParams, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n DPoP: options?.DPoP,\n headers: new Headers(headers),\n signal: signal(timeout),\n })\n .catch(errorHandler);\n const p = oauth.processPushedAuthorizationResponse(as, c, response);\n let result;\n try {\n result = await p;\n }\n catch (err) {\n if (retryable(err, options)) {\n return buildAuthorizationUrlWithPAR(config, parameters, {\n ...options,\n flag: retry,\n });\n }\n errorHandler(err);\n }\n return buildAuthorizationUrl(config, { request_uri: result.request_uri });\n}\nexport function buildEndSessionUrl(config, parameters) {\n checkConfig(config);\n const { as, c, tlsOnly } = int(config);\n const endSessionEndpoint = oauth.resolveEndpoint(as, 'end_session_endpoint', false, tlsOnly);\n parameters = new URLSearchParams(parameters);\n if (!parameters.has('client_id')) {\n parameters.set('client_id', c.client_id);\n }\n for (const [k, v] of parameters.entries()) {\n endSessionEndpoint.searchParams.append(k, v);\n }\n return endSessionEndpoint;\n}\nfunction checkConfig(input) {\n if (!(input instanceof Configuration)) {\n throw CodedTypeError('\"config\" must be an instance of Configuration', ERR_INVALID_ARG_TYPE);\n }\n if (Object.getPrototypeOf(input) !== Configuration.prototype) {\n throw CodedTypeError('subclassing Configuration is not allowed', ERR_INVALID_ARG_VALUE);\n }\n}\nfunction signal(timeout) {\n return timeout ? AbortSignal.timeout(timeout * 1000) : undefined;\n}\nexport async function fetchUserInfo(config, accessToken, expectedSubject, options) {\n checkConfig(config);\n const { as, c, fetch, tlsOnly, nonRepudiation, timeout, decrypt } = int(config);\n const response = await oauth\n .userInfoRequest(as, c, accessToken, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n DPoP: options?.DPoP,\n headers: new Headers(headers),\n signal: signal(timeout),\n })\n .catch(errorHandler);\n let exec = oauth.processUserInfoResponse(as, c, expectedSubject, response, {\n [oauth.jweDecrypt]: decrypt,\n });\n let result;\n try {\n result = await exec;\n }\n catch (err) {\n if (retryable(err, options)) {\n return fetchUserInfo(config, accessToken, expectedSubject, {\n ...options,\n flag: retry,\n });\n }\n errorHandler(err);\n }\n oauth.getContentType(response) === 'application/jwt' &&\n (await nonRepudiation?.(response));\n return result;\n}\nfunction retryable(err, options) {\n if (options?.DPoP && options.flag !== retry) {\n return oauth.isDPoPNonceError(err);\n }\n return false;\n}\nexport async function tokenIntrospection(config, token, parameters) {\n checkConfig(config);\n const { as, c, auth, fetch, tlsOnly, nonRepudiation, timeout, decrypt } = int(config);\n const response = await oauth\n .introspectionRequest(as, c, auth, token, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n additionalParameters: new URLSearchParams(parameters),\n headers: new Headers(headers),\n signal: signal(timeout),\n })\n .catch(errorHandler);\n const result = await oauth\n .processIntrospectionResponse(as, c, response, {\n [oauth.jweDecrypt]: decrypt,\n })\n .catch(errorHandler);\n oauth.getContentType(response) === 'application/token-introspection+jwt' &&\n (await nonRepudiation?.(response));\n return result;\n}\nconst retry = Symbol();\nexport async function genericGrantRequest(config, grantType, parameters, options) {\n checkConfig(config);\n const { as, c, auth, fetch, tlsOnly, timeout, decrypt } = int(config);\n const result = await oauth\n .genericTokenEndpointRequest(as, c, auth, grantType, new URLSearchParams(parameters), {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n DPoP: options?.DPoP,\n headers: new Headers(headers),\n signal: signal(timeout),\n })\n .then((response) => {\n let recognizedTokenTypes;\n if (grantType === 'urn:ietf:params:oauth:grant-type:token-exchange') {\n recognizedTokenTypes = { n_a: () => { } };\n }\n return oauth.processGenericTokenEndpointResponse(as, c, response, {\n [oauth.jweDecrypt]: decrypt,\n recognizedTokenTypes,\n });\n })\n .catch(errorHandler);\n addHelpers(result);\n return result;\n}\nexport async function tokenRevocation(config, token, parameters) {\n checkConfig(config);\n const { as, c, auth, fetch, tlsOnly, timeout } = int(config);\n return oauth\n .revocationRequest(as, c, auth, token, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n additionalParameters: new URLSearchParams(parameters),\n headers: new Headers(headers),\n signal: signal(timeout),\n })\n .then(oauth.processRevocationResponse)\n .catch(errorHandler);\n}\nexport async function fetchProtectedResource(config, accessToken, url, method, body, headers, options) {\n checkConfig(config);\n headers ||= new Headers();\n if (!headers.has('user-agent')) {\n headers.set('user-agent', USER_AGENT);\n }\n const { fetch, tlsOnly, timeout } = int(config);\n const exec = oauth.protectedResourceRequest(accessToken, method, url, headers, body, {\n [oauth.customFetch]: fetch,\n [oauth.allowInsecureRequests]: !tlsOnly,\n DPoP: options?.DPoP,\n signal: signal(timeout),\n });\n let result;\n try {\n result = await exec;\n }\n catch (err) {\n if (retryable(err, options)) {\n return fetchProtectedResource(config, accessToken, url, method, body, headers, {\n ...options,\n flag: retry,\n });\n }\n errorHandler(err);\n }\n return result;\n}\n//# sourceMappingURL=index.js.map","import {\n $inject,\n AlephaError,\n type Async,\n createDescriptor,\n Descriptor,\n KIND,\n} from \"alepha\";\nimport { DateTimeProvider } from \"alepha/datetime\";\nimport {\n type AccessTokenResponse,\n type RealmDescriptor,\n SecurityError,\n SecurityProvider,\n type UserAccount,\n} from \"alepha/security\";\nimport {\n allowInsecureRequests,\n Configuration,\n discovery,\n refreshTokenGrant,\n} from \"openid-client\";\nimport type { OAuth2Profile } from \"../providers/ReactAuthProvider.ts\";\nimport type { Tokens } from \"../schemas/tokensSchema.ts\";\n\n/**\n * Creates an authentication provider descriptor for handling user login flows.\n *\n * Supports multiple authentication strategies: credentials (username/password), OAuth2,\n * and OIDC (OpenID Connect). Handles token management, user profile retrieval, and\n * integration with both external identity providers (Auth0, Keycloak) and internal realms.\n *\n * **Authentication Types**: Credentials, OAuth2 (Google, GitHub), OIDC, External providers\n *\n * @example\n * ```ts\n * class AuthProviders {\n * // Internal credentials-based auth\n * credentials = $auth({\n * realm: this.userRealm,\n * credentials: {\n * account: async ({ username, password }) => {\n * return await this.validateUser(username, password);\n * }\n * }\n * });\n *\n * // External OIDC provider\n * keycloak = $auth({\n * oidc: {\n * issuer: \"https://auth.example.com\",\n * clientId: \"my-app\",\n * clientSecret: \"secret\",\n * redirectUri: \"/auth/callback\"\n * }\n * });\n * }\n * ```\n */\nexport const $auth = (options: AuthDescriptorOptions): AuthDescriptor => {\n return createDescriptor(AuthDescriptor, options);\n};\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport type AuthDescriptorOptions = {\n /**\n * Name of the identity provider.\n * If not provided, it will be derived from the property key.\n */\n name?: string;\n\n /**\n * If true, auth provider will be skipped.\n */\n disabled?: boolean;\n} & (AuthExternal | AuthInternal);\n\n/**\n * When you let an external service handle authentication. (e.g. Keycloak, Auth0, etc.)\n */\nexport type AuthExternal = {\n /**\n * Only OIDC is supported for external authentication.\n */\n oidc: OidcOptions;\n\n /**\n * For anonymous access, this will expect a service account access token.\n *\n * ```ts\n * class App {\n * anonymous = $serviceAccount(...);\n * auth = $auth({\n * // ... config ...\n * fallback: this.anonymous,\n * })\n * }\n * ```\n */\n fallback?: () => Async<AccessToken>;\n};\n\n/**\n * When using your own authentication system, e.g. using a database to store user accounts.\n * This is usually used with a custom login form.\n *\n * This relies on the `realm`, which is used to create/verify the access token.\n */\nexport type AuthInternal = {\n realm: RealmDescriptor;\n} & (\n | {\n /**\n * The common username/password authentication.\n *\n * - It uses the OAuth2 Client Credentials flow to obtain an access token.\n *\n * This is usually used with a custom login form on your website or mobile app.\n */\n credentials: CredentialsOptions;\n }\n | {\n /**\n * OAuth2 authentication. Delegates authentication to an OAuth2 provider. (e.g. Google, GitHub, etc.)\n *\n * - It uses the OAuth2 Authorization Code flow to obtain an access token and user information.\n *\n * This is usually used with a login button that redirects to the OAuth2 provider.\n */\n oauth: OAuth2Options;\n }\n | {\n /**\n * Like OAuth2, but uses OIDC (OpenID Connect) for authentication and user information retrieval.\n * OIDC is an identity layer on top of OAuth2, providing user authentication and profile information.\n *\n * - It uses the OAuth2 Authorization Code flow to obtain an access token and user information.\n * - PCKE (Proof Key for Code Exchange) is recommended for security.\n *\n * This is usually used with a login button that redirects to the OIDC provider.\n */\n oidc: OidcOptions;\n }\n);\n\nexport type CredentialsOptions = {\n account: (credentials: {\n username: string;\n password: string;\n }) => Async<UserAccount>;\n};\n\nexport interface OidcOptions {\n /**\n * URL of the OIDC issuer.\n */\n issuer: string;\n\n /**\n * Client ID for the OIDC client.\n */\n clientId: string;\n\n /**\n * Client secret for the OIDC client.\n * Optional if PKCE (Proof Key for Code Exchange) is used.\n */\n clientSecret?: string;\n\n /**\n * Redirect URI for the OIDC client.\n * This is where the user will be redirected after authentication.\n */\n redirectUri?: string;\n\n /**\n * For external auth providers only.\n * Take the ID token instead of the access token for validation.\n */\n useIdToken?: boolean;\n\n /**\n * URI to redirect the user after logout.\n */\n logoutUri?: string;\n\n /**\n * Optional scope for the OIDC client.\n * @default \"openid profile email\".\n */\n scope?: string;\n\n account?: (tokens: {\n access_token: string;\n user: OAuth2Profile;\n id_token?: string;\n expires_in?: number;\n scope?: string;\n }) => Async<UserAccount>;\n}\n\nexport interface OAuth2Options {\n /**\n * URL of the OAuth2 authorization endpoint.\n */\n clientId: string;\n\n /**\n * Client secret for the OAuth2 client.\n */\n clientSecret: string;\n\n /**\n * URL of the OAuth2 authorization endpoint.\n */\n authorization: string;\n\n /**\n * URL of the OAuth2 token endpoint.\n */\n token: string;\n\n /**\n * Function to retrieve user profile information from the OAuth2 tokens.\n */\n userinfo: (tokens: Tokens) => Async<OAuth2Profile>;\n\n account?: (tokens: {\n access_token: string;\n user: OAuth2Profile;\n id_token?: string;\n expires_in?: number;\n scope?: string;\n }) => Async<UserAccount>;\n\n /**\n * URL of the OAuth2 authorization endpoint.\n */\n redirectUri?: string;\n\n /**\n * URL of the OAuth2 authorization endpoint.\n */\n scope?: string;\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport class AuthDescriptor extends Descriptor<AuthDescriptorOptions> {\n protected readonly securityProvider = $inject(SecurityProvider);\n protected readonly dateTimeProvider = $inject(DateTimeProvider);\n\n public oauth?: Configuration;\n\n public get name() {\n return this.options.name ?? this.config.propertyKey;\n }\n\n public get jwks_uri(): string {\n const jwks = this.oauth?.serverMetadata().jwks_uri;\n if (!jwks) {\n throw new AlephaError(\"No JWKS URI available for the auth provider\");\n }\n return jwks;\n }\n\n public get scope(): string | undefined {\n if (\"oauth\" in this.options) {\n return this.options.oauth.scope;\n }\n if (\"oidc\" in this.options) {\n return this.options.oidc.scope || \"openid profile email\";\n }\n throw new AlephaError(\n \"No OAuth2 or OIDC configuration available for the auth provider\",\n );\n }\n\n public get redirect_uri() {\n if (\"oauth\" in this.options) {\n return this.options.oauth.redirectUri;\n }\n if (\"oidc\" in this.options) {\n return this.options.oidc.redirectUri;\n }\n throw new AlephaError(\n \"No OAuth2 or OIDC configuration available for the auth provider\",\n );\n }\n\n /**\n * Refreshes the access token using the refresh token.\n * Can be used on oauth2, oidc or credentials auth providers.\n */\n public async refresh(\n refreshToken: string,\n accessToken?: string,\n ): Promise<AccessTokenResponse> {\n if (\"realm\" in this.options) {\n return this.options.realm\n .refreshToken(refreshToken, accessToken)\n .then((it) => it.tokens)\n .catch((error) => {\n throw new SecurityError(\n \"Failed to refresh access token using the refresh token (realm)\",\n {\n cause: error,\n },\n );\n });\n } else if (this.oauth) {\n try {\n return {\n ...(await refreshTokenGrant(this.oauth, refreshToken)),\n issued_at: this.dateTimeProvider.now().unix(),\n };\n } catch (error) {\n throw new SecurityError(\n \"Failed to refresh access token using the refresh token (oauth2)\",\n {\n cause: error,\n },\n );\n }\n }\n\n throw new AlephaError(\n \"No realm or OAuth2 configuration available for refreshing the access token\",\n );\n }\n\n /**\n * Extracts user information from the access token.\n * This is used to create a user account from the access token.\n */\n public async user(tokens: Tokens): Promise<UserAccount> {\n try {\n if (\"oauth\" in this.options) {\n const profile = await this.options.oauth.userinfo(tokens);\n\n if (this.options.oauth.account) {\n return this.options.oauth.account({\n ...tokens,\n user: profile,\n });\n }\n\n return this.securityProvider.createUserFromPayload(profile);\n }\n\n if (\"oidc\" in this.options) {\n const payload = this.getUserFromIdToken(tokens.id_token || \"\");\n\n if (this.options.oidc.account) {\n return this.options.oidc.account({\n ...tokens,\n user: payload,\n });\n }\n\n return this.securityProvider.createUserFromPayload(payload);\n }\n } catch (error) {\n throw new SecurityError(\n \"Failed to extract user from identity provider tokens\",\n {\n cause: error,\n },\n );\n }\n\n throw new AlephaError(\n \"This authentication does not support user extraction from tokens\",\n );\n }\n\n protected getUserFromIdToken(idToken: string): OAuth2Profile {\n try {\n return JSON.parse(\n Buffer.from(idToken.split(\".\")[1], \"base64\").toString(\"utf8\"),\n ) as OAuth2Profile;\n } catch (error) {\n throw new AlephaError(\"Failed to parse ID Token payload\", {\n cause: error,\n });\n }\n }\n\n public async prepare() {\n const addons: Array<(config: Configuration) => void> = [];\n\n addons.push(allowInsecureRequests);\n\n if (\"oidc\" in this.options) {\n const { oidc } = this.options;\n\n this.oauth = await discovery(\n new URL(oidc.issuer),\n oidc.clientId,\n {\n client_secret: oidc.clientSecret,\n },\n undefined,\n {\n execute: addons,\n },\n );\n }\n\n if (\"oauth\" in this.options) {\n const { oauth } = this.options;\n\n this.oauth = new Configuration(\n {\n authorization_endpoint: oauth.authorization,\n token_endpoint: oauth.token,\n issuer: oauth.authorization, // use authorization URL as a pseudo-issuer?\n // we don't need all of these endpoints\n jwks_uri: undefined,\n end_session_endpoint: undefined,\n },\n oauth.clientId,\n {\n client_secret: oauth.clientSecret,\n },\n );\n }\n }\n}\n\n$auth[KIND] = AuthDescriptor;\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport type AccessToken = string | { token: () => Async<string> };\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const tokensSchema = t.object({\n provider: t.text(),\n access_token: t.text({ size: \"rich\" }),\n issued_at: t.number(),\n expires_in: t.optional(t.number()),\n refresh_token: t.optional(t.text({ size: \"rich\" })),\n refresh_token_expires_in: t.optional(t.number()),\n refresh_expires_in: t.optional(\n t.number({\n description:\n \"Alias of `refresh_token_expires_in` for compatibility with some providers.\",\n }),\n ),\n id_token: t.optional(t.text({ size: \"rich\" })),\n scope: t.optional(t.text()),\n});\n\nexport type Tokens = Static<typeof tokensSchema>;\n","import { type Static, t } from \"alepha\";\nimport { userAccountInfoSchema } from \"alepha/security\";\nimport { apiLinksResponseSchema } from \"alepha/server/links\";\nimport { tokensSchema } from \"./tokensSchema.ts\";\n\nexport const tokenResponseSchema = t.extend(tokensSchema, {\n user: userAccountInfoSchema,\n api: apiLinksResponseSchema,\n});\n\nexport type TokenResponse = Static<typeof tokenResponseSchema>;\n","import { type Static, t } from \"alepha\";\nimport { userAccountInfoSchema } from \"alepha/security\";\nimport { apiLinksResponseSchema } from \"alepha/server/links\";\n\nexport const userinfoResponseSchema = t.object({\n user: t.optional(userAccountInfoSchema),\n api: apiLinksResponseSchema,\n});\n\nexport type UserinfoResponse = Static<typeof userinfoResponseSchema>;\n","import { ReactBrowserProvider, Redirection } from \"@alepha/react\";\nimport { $hook, $inject, Alepha } from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport { HttpClient } from \"alepha/server\";\nimport { tokenResponseSchema } from \"../schemas/tokenResponseSchema.ts\";\nimport type { Tokens } from \"../schemas/tokensSchema.ts\";\nimport { userinfoResponseSchema } from \"../schemas/userinfoResponseSchema.ts\";\n\n/**\n * Browser, SSR friendly, service to handle authentication.\n */\nexport class ReactAuth {\n protected readonly log = $logger();\n protected readonly alepha = $inject(Alepha);\n protected readonly httpClient = $inject(HttpClient);\n\n static path = {\n login: \"/oauth/login\",\n callback: \"/oauth/callback\",\n logout: \"/oauth/logout\",\n token: \"/_auth/token\",\n refresh: \"/_auth/refresh\",\n userinfo: \"/_auth/userinfo\",\n };\n\n protected readonly onBeginTransition = $hook({\n on: \"react:transition:begin\",\n handler: async (event) => {\n if (this.alepha.isBrowser()) {\n Object.defineProperty(event.state, \"user\", {\n get: () => this.user,\n });\n }\n },\n });\n\n protected readonly onFetchRequest = $hook({\n on: \"client:onRequest\",\n handler: async ({ request }) => {\n if (this.alepha.isBrowser() && this.user) {\n // ensure cookies are sent with requests and refresh-able\n request.credentials ??= \"include\";\n }\n },\n });\n\n /**\n * Get the current authenticated user.\n *\n * Alias for `alepha.state.get(\"user\")`\n */\n public get user(): UserAccountToken | undefined {\n return this.alepha.state.get(\"alepha.server.request.user\");\n }\n\n public async ping() {\n const { data } = await this.httpClient.fetch(ReactAuth.path.userinfo, {\n schema: { response: userinfoResponseSchema },\n });\n\n this.alepha.state.set(\"alepha.server.request.apiLinks\", data.api);\n this.alepha.state.set(\"alepha.server.request.user\", data.user);\n\n return data.user;\n }\n\n public async login(\n provider: string,\n options: {\n hostname?: string;\n username?: string;\n password?: string;\n redirect?: string;\n [extra: string]: any;\n },\n ): Promise<Tokens> {\n if (options.username || options.password) {\n const { data } = await this.httpClient.fetch(\n `${options.hostname || \"\"}${ReactAuth.path.token}?provider=${provider}`,\n {\n method: \"POST\",\n body: JSON.stringify({\n username: options.username,\n password: options.password,\n ...options,\n }),\n schema: { response: tokenResponseSchema },\n },\n );\n\n this.alepha.state.set(\"alepha.server.request.apiLinks\", data.api);\n this.alepha.state.set(\"alepha.server.request.user\", data.user);\n\n return data;\n }\n\n if (this.alepha.isBrowser()) {\n const browser = this.alepha.inject(ReactBrowserProvider);\n const redirect =\n options.redirect ||\n (browser.transitioning\n ? window.location.origin + browser.transitioning.to\n : window.location.href);\n\n const href = `${window.location.origin}${ReactAuth.path.login}?provider=${provider}&redirect_uri=${encodeURIComponent(redirect)}`;\n\n if (browser.transitioning) {\n throw new Redirection(href);\n } else {\n window.location.href = href;\n return {} as Tokens;\n }\n }\n\n throw new Redirection(\n `${ReactAuth.path.login}?provider=${provider}&redirect_uri=${options.redirect || \"/\"}`,\n );\n }\n\n public logout() {\n window.location.href = `${ReactAuth.path.logout}?post_logout_redirect_uri=${encodeURIComponent(window.location.origin)}`;\n }\n}\n","import { $hook, $inject, Alepha, t } from \"alepha\";\nimport { DateTimeProvider } from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { SecurityError, type UserAccount } from \"alepha/security\";\nimport { $route, BadRequestError, UnauthorizedError } from \"alepha/server\";\nimport {\n $cookie,\n type Cookies,\n ServerCookiesProvider,\n} from \"alepha/server/cookies\";\nimport { ServerLinksProvider } from \"alepha/server/links\";\nimport {\n authorizationCodeGrant,\n buildAuthorizationUrl,\n buildEndSessionUrl,\n calculatePKCECodeChallenge,\n randomPKCECodeVerifier,\n randomState,\n} from \"openid-client\";\nimport { $auth, type AuthDescriptor } from \"../descriptors/$auth.ts\";\nimport { tokenResponseSchema } from \"../schemas/tokenResponseSchema.ts\";\nimport { type Tokens, tokensSchema } from \"../schemas/tokensSchema.ts\";\nimport { userinfoResponseSchema } from \"../schemas/userinfoResponseSchema.ts\";\nimport { ReactAuth } from \"../services/ReactAuth.ts\";\n\nexport class ReactAuthProvider {\n protected readonly log = $logger();\n protected readonly alepha = $inject(Alepha);\n protected readonly serverCookiesProvider = $inject(ServerCookiesProvider);\n protected readonly dateTimeProvider = $inject(DateTimeProvider);\n protected readonly serverLinksProvider = $inject(ServerLinksProvider);\n protected readonly reactAuth = $inject(ReactAuth);\n\n protected readonly authorizationCode = $cookie({\n name: \"authorizationCode\",\n ttl: [15, \"minutes\"],\n httpOnly: true,\n schema: t.object({\n provider: t.text(),\n codeVerifier: t.optional(t.text({ size: \"long\" })),\n redirectUri: t.optional(t.text({ size: \"long\" })),\n state: t.optional(t.text()),\n nonce: t.optional(t.text()),\n }),\n });\n\n public readonly tokens = $cookie({\n name: \"tokens\",\n ttl: [30, \"days\"],\n httpOnly: true,\n compress: true,\n encrypt: true,\n schema: tokensSchema,\n });\n\n public readonly onRender = $hook({\n on: \"react:server:render:begin\",\n handler: async ({ request, state }) => {\n if (request?.user) {\n const { token, realm, ...user } = request.user; // do not send token and realm to the client\n this.alepha.state.set(\"alepha.server.request.user\", user); // for hydration, browser, etc...\n state.user = user;\n }\n },\n });\n\n public get identities(): Array<AuthDescriptor> {\n return this.alepha\n .descriptors($auth)\n .filter((auth) => !auth.options.disabled);\n }\n\n protected readonly configure = $hook({\n on: \"configure\",\n handler: async () => {\n for (const identity of this.identities) {\n await identity.prepare();\n }\n },\n });\n\n protected getAccessTokens(tokens: Tokens) {\n const idp = this.provider(tokens.provider);\n\n if (\n \"oidc\" in idp.options &&\n !(\"realm\" in idp.options) &&\n idp.options.oidc?.useIdToken\n ) {\n return tokens.id_token;\n }\n\n return tokens.access_token;\n }\n\n /**\n * Fill request headers with access token from cookies or fallback to provider's fallback function.\n */\n protected readonly onRequest = $hook({\n on: \"server:onRequest\",\n after: this.serverCookiesProvider,\n handler: async ({ request }) => {\n const cookies = request.cookies;\n\n // [feature] forward cookies to request headers\n if (cookies) {\n const tokens = await this.cookiesToTokens(cookies);\n if (tokens) {\n request.headers.authorization = `Bearer ${this.getAccessTokens(tokens)}`;\n this.log.trace(\"Access token set in request headers\", {\n provider: tokens.provider,\n });\n }\n }\n\n // [feature] support for auth providers with fallback\n if (!request.headers.authorization) {\n for (const provider of this.identities) {\n if (!(\"realm\" in provider.options) && !!provider.options.fallback) {\n const token = await provider.options.fallback();\n if (token) {\n request.headers.authorization = `Bearer ${token}`;\n break;\n }\n }\n }\n }\n },\n });\n\n /**\n * Convert cookies to tokens.\n * If the tokens are expired, try to refresh them using the refresh token.\n */\n protected async cookiesToTokens(\n cookies: Cookies,\n ): Promise<Tokens | undefined> {\n const tokens = this.tokens.get({ cookies });\n if (!tokens) {\n // no cookie, no tokens\n this.log.trace(\"No tokens found in cookies\");\n return;\n }\n\n this.log.trace(\"Tokens found in cookies\", {\n expires_in: tokens.expires_in,\n issued_at: tokens.issued_at,\n });\n\n // check if tokens are expired\n const refreshedTokens = await this.refreshTokens(tokens);\n if (!refreshedTokens) {\n this.tokens.del({ cookies });\n // 08/25: exception here will go to Server error handler, not the React one\n // better to remove cookie & session and let the page handle 401 Unauthorized\n //throw new SessionExpiredError(\"Session expired. Please login again.\");\n return;\n }\n\n if (refreshedTokens.access_token !== tokens.access_token) {\n this.setTokens(refreshedTokens, cookies);\n }\n\n return refreshedTokens;\n }\n\n protected async refreshTokens(tokens: Tokens): Promise<Tokens | undefined> {\n if (tokens.expires_in && tokens.issued_at) {\n const gracePeriodSec = 10;\n const expiresAt = tokens.issued_at + (tokens.expires_in - gracePeriodSec);\n\n if (expiresAt < this.dateTimeProvider.now().unix()) {\n this.log.trace(\"Tokens are expired\");\n\n // oh no, it is expired\n if (tokens.refresh_token) {\n this.log.trace(\"Trying to refresh tokens using refresh token\");\n // but has refresh token!\n try {\n const provider = this.provider(tokens);\n const result = await provider.refresh(\n tokens.refresh_token,\n tokens.access_token,\n );\n const newTokens = {\n ...result,\n provider: tokens.provider,\n issued_at: this.dateTimeProvider.now().unix(),\n };\n\n this.log.debug(\"Tokens refreshed successfully\");\n\n return newTokens;\n } catch (e) {\n this.log.warn(\"Failed to refresh token\", e);\n }\n }\n\n // session expired and no (valid) refresh token\n return;\n }\n }\n\n if (!tokens.issued_at && tokens.access_token) {\n return;\n }\n\n return tokens;\n }\n\n // -------------------------------------------------------------------------------------------------------------------\n\n /**\n * Get user information.\n */\n public readonly userinfo = $route({\n path: ReactAuth.path.userinfo,\n schema: {\n response: userinfoResponseSchema,\n },\n handler: async ({ user, headers, cookies }) => {\n const tokens = this.tokens.get({ cookies });\n if (tokens) {\n const provider = this.provider(tokens);\n if (!(\"realm\" in provider.options)) {\n const user = await provider.user(tokens);\n const api = await this.serverLinksProvider.getUserApiLinks({\n authorization: headers.authorization,\n user,\n });\n return {\n api,\n user,\n };\n }\n }\n\n const api = await this.serverLinksProvider.getUserApiLinks({\n authorization: headers.authorization,\n user,\n });\n\n return {\n api,\n user,\n };\n },\n });\n\n /**\n * Refresh a token for internal providers.\n */\n public readonly refresh = $route({\n path: ReactAuth.path.refresh,\n method: \"POST\",\n schema: {\n query: t.object({\n provider: t.text(),\n }),\n body: t.object({\n refresh_token: t.text({\n size: \"rich\",\n }),\n access_token: t.optional(\n t.text({\n size: \"rich\",\n description:\n \"Required if provider has stateless refresh token on credentials mode\",\n }),\n ),\n }),\n response: tokensSchema,\n },\n handler: async ({ query, body, cookies }) => {\n const provider = this.provider(query);\n\n const tokens = {\n provider: query.provider,\n ...(await provider.refresh(body.refresh_token, body.access_token)),\n };\n\n // for web applications, we store tokens in cookies\n this.setTokens(tokens, cookies);\n\n return tokens;\n },\n });\n\n /**\n * Login for local password-based authentication.\n */\n public readonly token = $route({\n path: ReactAuth.path.token,\n method: \"POST\",\n schema: {\n query: t.object({\n provider: t.text(),\n }),\n body: t.object({\n username: t.text(),\n password: t.text(),\n }),\n response: tokenResponseSchema,\n },\n handler: async ({ query, body, cookies }) => {\n const provider = this.provider(query);\n const realm = \"realm\" in provider.options && provider.options.realm;\n if (!realm) {\n throw new SecurityError(\n `Auth provider '${query.provider}' does not support password grant`,\n );\n }\n\n const credentials =\n \"credentials\" in provider.options && provider.options.credentials;\n\n if (!credentials) {\n throw new SecurityError(\n `Auth provider '${query.provider}' does not support password grant`,\n );\n }\n\n let user: UserAccount;\n try {\n user = await credentials.account(body);\n } catch (e) {\n throw new UnauthorizedError(`Failed to authenticate user`, {\n cause: e,\n });\n }\n\n const tokens = {\n provider: query.provider,\n ...(await realm.createToken(user)),\n };\n\n // for web applications, we store tokens in cookies\n this.setTokens(tokens, cookies);\n\n const api = await this.serverLinksProvider.getUserApiLinks({\n user,\n });\n\n // mobile apps require this\n return {\n ...tokens,\n user,\n api,\n };\n },\n });\n\n /**\n * Oauth2/OIDC login route.\n */\n public readonly login = $route({\n path: ReactAuth.path.login,\n schema: {\n query: t.object({\n provider: t.text(),\n redirect_uri: t.optional(t.text({ size: \"rich\" })),\n }),\n },\n handler: async ({ query, url, reply }) => {\n const provider = this.provider(query);\n const oauth = provider.oauth;\n if (!oauth) {\n throw new SecurityError(\n `Auth provider '${query.provider}' does not support OAuth2`,\n );\n }\n\n const scope = provider.scope;\n let redirect_uri = provider.redirect_uri || ReactAuth.path.callback;\n if (redirect_uri.startsWith(\"/\")) {\n redirect_uri = `${url.protocol}//${url.host}${redirect_uri}`;\n }\n\n const oidc = \"oidc\" in provider.options && provider.options.oidc;\n\n if (!oauth.serverMetadata().supportsPKCE()) {\n const state = randomState();\n const parameters: Record<string, string> = {\n redirect_uri,\n state,\n };\n\n if (oidc) {\n parameters.nonce = randomState();\n }\n\n if (scope) {\n parameters.scope = scope;\n }\n\n this.authorizationCode.set({\n state,\n nonce: parameters.nonce,\n redirectUri: query.redirect_uri ?? \"/\",\n provider: query.provider,\n });\n\n reply.redirect(buildAuthorizationUrl(oauth, parameters).toString());\n return;\n }\n\n const codeVerifier = randomPKCECodeVerifier();\n const codeChallenge = await calculatePKCECodeChallenge(codeVerifier);\n\n const parameters: Record<string, string> = {\n redirect_uri,\n code_challenge: codeChallenge,\n code_challenge_method: \"S256\",\n };\n\n if (scope) {\n parameters.scope = scope;\n }\n\n this.authorizationCode.set({\n codeVerifier,\n redirectUri: query.redirect_uri ?? \"/\",\n provider: query.provider,\n });\n\n reply.redirect(buildAuthorizationUrl(oauth, parameters).toString());\n },\n });\n\n /**\n * Callback for OAuth2/OIDC providers.\n * It handles the authorization code flow and retrieves the access token.\n */\n public readonly callback = $route({\n path: ReactAuth.path.callback,\n handler: async ({ url, reply, cookies }) => {\n const authorizationCode = this.authorizationCode.get({ cookies });\n if (!authorizationCode) {\n throw new BadRequestError(\"Missing code verifier\");\n }\n\n const provider = this.provider(authorizationCode);\n const oauth = provider.oauth;\n if (!oauth) {\n throw new SecurityError(\n `Auth provider '${provider.name}' does not support OAuth2`,\n );\n }\n\n const redirectUri = authorizationCode.redirectUri ?? \"/\";\n\n const externalTokens = await authorizationCodeGrant(oauth, url, {\n pkceCodeVerifier: authorizationCode.codeVerifier,\n expectedState: authorizationCode.state,\n expectedNonce: authorizationCode.nonce,\n })\n .then((tokens) => ({\n issued_at: this.dateTimeProvider.now().unix(),\n provider: provider.name,\n ...tokens,\n }))\n .catch((e) => {\n this.log.error(\"Failed to get access token\", e);\n throw new SecurityError(\"Failed to get access token\", {\n cause: e,\n });\n });\n\n this.authorizationCode.del({ cookies });\n\n const realm = \"realm\" in provider.options && provider.options.realm;\n\n // external, full OIDC System (e.g. Keycloak, Auth0)\n if (!realm) {\n this.setTokens(externalTokens, cookies);\n reply.redirect(redirectUri);\n return;\n }\n\n // internal, we need to create our own tokens\n\n const user = await provider.user(externalTokens);\n const tokens = await realm.createToken(user);\n\n this.setTokens(\n {\n ...tokens,\n issued_at: this.dateTimeProvider.now().unix(),\n provider: provider.name,\n },\n cookies,\n );\n\n reply.redirect(redirectUri);\n },\n });\n\n /**\n * Logout route for OAuth2/OIDC providers.\n */\n public readonly logout = $route({\n path: ReactAuth.path.logout,\n method: \"GET\",\n schema: {\n query: t.object({\n post_logout_redirect_uri: t.optional(t.text()),\n }),\n },\n handler: async ({ query, reply, cookies }) => {\n const redirect = query.post_logout_redirect_uri ?? \"/\";\n const tokens = this.tokens.get({ cookies });\n if (!tokens) {\n reply.redirect(redirect);\n return;\n }\n\n const provider = this.provider(tokens.provider);\n\n this.tokens.del({ cookies });\n\n // for internal providers, we can delete the session - if available\n if (\"realm\" in provider.options && tokens.refresh_token) {\n const onDeleteSession =\n provider.options.realm.options.settings?.onDeleteSession;\n if (onDeleteSession) {\n try {\n await onDeleteSession(tokens.refresh_token);\n } catch (e) {\n this.log.error(\"Failed to delete session\", e);\n }\n }\n }\n\n const oauth = provider.oauth;\n if (!oauth) {\n reply.redirect(redirect);\n return;\n }\n\n const params = new URLSearchParams();\n const idToken = tokens?.id_token;\n\n params.set(\"post_logout_redirect_uri\", redirect);\n if (idToken) {\n params.set(\"id_token_hint\", idToken);\n }\n\n const customLogoutUri =\n \"oidc\" in provider.options\n ? provider.options.oidc?.logoutUri\n : undefined;\n\n if (customLogoutUri) {\n reply.redirect(`${customLogoutUri}?${params}`);\n return;\n }\n\n if (!oauth.serverMetadata().end_session_endpoint) {\n // await tokenRevocation(\n // \toauth,\n // \ttokens?.refresh_token ?? tokens.access_token,\n // );\n reply.redirect(redirect);\n return;\n }\n\n reply.redirect(buildEndSessionUrl(oauth, params).toString());\n },\n });\n\n protected provider(opts: string | { provider: string }): AuthDescriptor {\n const name = typeof opts === \"string\" ? opts : opts.provider;\n const identity = this.identities.find((identity) => identity.name === name);\n\n if (!identity) {\n throw new SecurityError(`Auth provider '${name}' not found`);\n }\n\n return identity;\n }\n\n protected setTokens(tokens: Tokens, cookies?: Cookies): void {\n const exp =\n tokens.refresh_token_expires_in ||\n tokens.refresh_expires_in ||\n tokens.expires_in;\n\n const ttl = exp\n ? this.dateTimeProvider.duration(exp, \"seconds\")\n : undefined;\n\n this.tokens.set(tokens, {\n cookies,\n ttl,\n });\n }\n}\n\nexport interface OAuth2Profile {\n sub: string; // Subject - unique ID per user (required by OpenID)\n email?: string;\n name?: string;\n given_name?: string;\n family_name?: string;\n middle_name?: string;\n nickname?: string;\n preferred_username?: string;\n profile?: string;\n picture?: string;\n website?: string;\n email_verified?: boolean;\n gender?: string;\n birthdate?: string; // ISO 8601: YYYY-MM-DD\n zoneinfo?: string;\n locale?: string;\n phone_number?: string;\n phone_number_verified?: boolean;\n address?: {\n formatted?: string;\n street_address?: string;\n locality?: string;\n region?: string;\n postal_code?: string;\n country?: string;\n };\n updated_at?: number; // seconds since epoch\n // Allow additional fields (provider-specific)\n [key: string]: unknown;\n}\n","import { $context, t } from \"alepha\";\nimport type { RealmDescriptor } from \"alepha/security\";\nimport type { OAuth2Profile } from \"../providers/ReactAuthProvider.ts\";\nimport { $auth, type OidcOptions } from \"./$auth.ts\";\n\n/**\n * Already configured GitHub authentication descriptor.\n *\n * Uses OAuth2 to authenticate users via their GitHub accounts.\n * Upon successful authentication, it links the GitHub account to a user session.\n *\n * Environment Variables:\n * - `GITHUB_CLIENT_ID`: The client ID obtained from the GitHub Developer Settings.\n * - `GITHUB_CLIENT_SECRET`: The client secret obtained from the GitHub Developer Settings.\n */\nexport const $authGithub = (\n realm: RealmDescriptor,\n options: Partial<OidcOptions>,\n) => {\n const { alepha } = $context();\n\n const env = alepha.parseEnv(\n t.object({\n GITHUB_CLIENT_ID: t.string(),\n GITHUB_CLIENT_SECRET: t.string(),\n }),\n );\n\n return $auth({\n realm,\n name: \"github\",\n oauth: {\n clientId: env.GITHUB_CLIENT_ID,\n clientSecret: env.GITHUB_CLIENT_SECRET,\n authorization: \"https://github.com/login/oauth/authorize\",\n token: \"https://github.com/login/oauth/access_token\",\n scope: \"read:user user:email\",\n userinfo: async (tokens) => {\n const BASE_URL = \"https://api.github.com\";\n const res = await fetch(`${BASE_URL}/user`, {\n headers: {\n Authorization: `Bearer ${tokens.access_token}`,\n \"User-Agent\": \"Alepha\",\n },\n }).then((res) => res.json());\n\n const user: OAuth2Profile = {\n sub: res.id.toString(),\n };\n\n if (res.email) {\n user.email = res.email;\n }\n\n if (res.name) {\n user.name = res.name.trim();\n }\n\n if (res.avatar_url) {\n user.picture = res.avatar_url;\n }\n\n if (!user.email) {\n const res = await fetch(`${BASE_URL}/user/emails`, {\n headers: {\n Authorization: `Bearer ${tokens.access_token}`,\n \"User-Agent\": \"Alepha\",\n },\n });\n if (res.ok) {\n const emails: any[] = await res.json();\n user.email = (emails.find((e) => e.primary) ?? emails[0]).email;\n }\n }\n\n return user;\n },\n ...options,\n },\n });\n};\n","import { $context, t } from \"alepha\";\nimport type { RealmDescriptor } from \"alepha/security\";\nimport { $auth, type OidcOptions } from \"./$auth.ts\";\n\n/**\n * Already configured Google authentication descriptor.\n *\n * Uses OpenID Connect (OIDC) to authenticate users via their Google accounts.\n * Upon successful authentication, it links the Google account to a user session.\n *\n * Environment Variables:\n * - `GOOGLE_CLIENT_ID`: The client ID obtained from the Google Developer Console.\n * - `GOOGLE_CLIENT_SECRET`: The client secret obtained from the Google Developer Console.\n */\nexport const $authGoogle = (\n realm: RealmDescriptor,\n options: Partial<OidcOptions>,\n) => {\n const { alepha } = $context();\n\n const env = alepha.parseEnv(\n t.object({\n GOOGLE_CLIENT_ID: t.string(),\n GOOGLE_CLIENT_SECRET: t.string(),\n }),\n );\n\n return $auth({\n realm,\n name: \"google\",\n oidc: {\n issuer: \"https://accounts.google.com\",\n clientId: env.GOOGLE_CLIENT_ID,\n clientSecret: env.GOOGLE_CLIENT_SECRET,\n ...options,\n },\n });\n};\n","import { AlephaError } from \"alepha\";\n\nexport class SessionExpiredError extends AlephaError {\n readonly name = \"SessionExpiredError\";\n readonly status = 401;\n}\n","import { useAlepha, useStore } from \"@alepha/react\";\nimport { type HttpVirtualClient, LinkProvider } from \"alepha/server/links\";\nimport { ReactAuth } from \"../services/ReactAuth.ts\";\n\nexport const useAuth = <T extends object = any>() => {\n const alepha = useAlepha();\n const [user] = useStore(\"alepha.server.request.user\");\n\n return {\n user,\n logout: () => {\n alepha.inject(ReactAuth).logout();\n },\n login: async (\n provider: keyof T,\n options: {\n username?: string;\n password?: string;\n redirect?: string;\n [extra: string]: any;\n } = {},\n ) => {\n await alepha.inject(ReactAuth).login(provider as string, options);\n },\n can: <Api extends object = any>(\n name: keyof HttpVirtualClient<Api>,\n ): boolean => {\n return alepha.inject(LinkProvider).can(name as string);\n },\n };\n};\n","import { AlephaReact } from \"@alepha/react\";\nimport { $module } from \"alepha\";\nimport type { UserAccount } from \"alepha/security\";\nimport { AlephaServerCookies } from \"alepha/server/cookies\";\nimport { $auth } from \"./descriptors/$auth.ts\";\nimport { ReactAuthProvider } from \"./providers/ReactAuthProvider.ts\";\nimport { ReactAuth } from \"./services/ReactAuth.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./descriptors/$auth.ts\";\nexport * from \"./descriptors/$authGithub.ts\";\nexport * from \"./descriptors/$authGoogle.ts\";\nexport * from \"./index.shared.ts\";\nexport * from \"./providers/ReactAuthProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha\" {\n export interface State {\n /**\n * The authenticated user account attached to the server request state.\n *\n * @internal\n */\n \"alepha.server.request.user\"?: UserAccount;\n }\n}\ndeclare module \"@alepha/react\" {\n interface ReactRouterState {\n user?: UserAccount;\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * The ReactAuthModule provides authentication services for React applications.\n *\n * @see {@link ReactAuthProvider}\n * @module alepha.react.auth\n */\nexport const AlephaReactAuth = $module({\n name: \"alepha.react.auth\",\n descriptors: [$auth],\n services: [AlephaReact, AlephaServerCookies, ReactAuthProvider, ReactAuth],\n});\n"],"x_google_ignoreList":[21,22],"mappings":";;;;;;;;;;;;;;;;;AAMA,IAAa,mBAAb,MAA8B;CAC5B,AAAO,MACL,UACA,UAAuC,EAAE,EAIxC;AACD,QAAM,IAAI,YAAY,+CAA+C;;CAGvE,AAAO,OACL,MACA,UAAuC,EAAE,EACJ;AACrC,QAAM,IAAI,YAAY,gDAAgD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACoF1E,MAAa,SAKX,YACkD;AAClD,QAAO,iBACL,gBACA,QACD;;AAuMH,IAAa,iBAAb,cAIU,WAAiE;CACzE,AAAmB,mBAAmB,QAAQ,iBAAiB;CAE/D,AAAU,SAAS;AACjB,MAAI,KAAK,QAAQ,OACf,MAAK,QAAQ,UAAU,EACrB,OAAO;GACL,UAAU;GACV,KAAK,CAAC,GAAG,OAAO;GACjB,EACF;;CAIL,IAAW,OAAe;AACxB,SAAO,KAAK,QAAQ,QAAQ,KAAK,OAAO;;;;;;;;CAS1C,MAAa,OACX,SACqC;AACrC,SAAO,KAAK,iBAAiB,OAAO,KAAK,MAAM,QAAQ;;CAGzD,MAAa,MAAM,SAGhB;AACD,SAAO,KAAK,iBAAiB,MAAM,KAAK,QAAQ,QAAQ,IAAI,QAAQ;;CAGtE,AAAO,MAAM,KAAsB;AAEjC,SAAO;;CAGT,AAAO,SAAS,QAAa;AAE3B,SAAO,KAAK,QAAQ,QAAQ;;;AAIhC,MAAM,QAAQ;;;;;;;;;;;;;;ACxVd,MAAM,cAAc,YAA8C;CAChE,MAAM,CAAC,SAAS,cAAc,SAAS,MAAM;AAE7C,iBAAgB,WAAW,KAAK,EAAE,EAAE,CAAC;AAErC,KAAIA,QAAM,SACR,QAAOA,QAAM;AAGf,QAAO,UAAUA,QAAM,WAAWA,QAAM;;AAG1C,yBAAe;;;;ACxBf,MAAM,eAAe,EAAE,OAAO,aAA+B;CAC3D,MAAM,CAAC,UAAU,eAAe,SAAS,MAAM;AAI/C,KAHqB,OAAO,cAAc,CAIxC,QAAO,oBAAC,0BAAwB;CAGlC,MAAM,aAAa,MAAM,OAAO,MAAM,KAAK,IAAI,EAAE;CACjD,MAAM,eAAe,WAAW,MAAM,GAAG,EAAE;CAC3C,MAAM,kBAAkB,WAAW,SAAS,aAAa;CAEzD,MAAM,mBAAmB,SAAiB;AACxC,YAAU,UAAU,UAAU,KAAK,CAAC,OAAO,QAAQ;AACjD,WAAQ,MAAM,oBAAoB,IAAI;IACtC;;CAGJ,MAAM,SAAS;EACb,WAAW;GACT,SAAS;GACT,iBAAiB;GACjB,OAAO;GACP,QAAQ;GACR,cAAc;GACd,WAAW;GACX,YAAY;GACZ,UAAU;GACV,QAAQ;GACT;EACD,SAAS;GACP,UAAU;GACV,YAAY;GACZ,cAAc;GACf;EACD,MAAM;GACJ,UAAU;GACV,YAAY;GACb;EACD,SAAS;GACP,UAAU;GACV,cAAc;GACf;EACD,eAAe;GACb,SAAS;GACT,gBAAgB;GAChB,YAAY;GACZ,UAAU;GACV,cAAc;GACd,OAAO;GACR;EACD,YAAY;GACV,UAAU;GACV,OAAO;GACP,YAAY;GACZ,QAAQ;GACR,QAAQ;GACR,gBAAgB;GACjB;EACD,gBAAgB;GACd,iBAAiB;GACjB,SAAS;GACT,cAAc;GACd,UAAU;GACV,YAAY;GACZ,WAAW;GACX,YAAY;GACb;EACD,YAAY;GACV,OAAO;GACP,QAAQ;GACR,WAAW;GACZ;EACF;AAED,QACE,qBAAC;EAAI,OAAO,OAAO;aACjB,qBAAC;GACC,oBAAC;IAAI,OAAO,OAAO;cAAS;KAAc;GAC1C,oBAAC;IAAI,OAAO,OAAO;cAAO,MAAM;KAAW;GAC3C,oBAAC;IAAI,OAAO,OAAO;cAAU,MAAM;KAAc;MAC7C,EAEL,WAAW,SAAS,KACnB,qBAAC,oBACC,qBAAC;GAAI,OAAO,OAAO;cACjB,oBAAC,oBAAK,gBAAkB,EACxB,oBAAC;IACC,MAAK;IACL,eAAe,gBAAgB,MAAM,MAAO;IAC5C,OAAO,OAAO;cACf;KAEQ;IACL,EACN,qBAAC;GAAI,OAAO,OAAO;eACf,WAAW,aAAa,cAAc,KAAK,MAAM,MACjD,oBAAC,mBAAa,QAAJ,EAAe,CACzB,EACD,CAAC,YAAY,kBAAkB,KAC9B,qBAAC;IAAK,OAAO,OAAO;IAAY,eAAe,YAAY,KAAK;;KAAE;KAC7D;KAAgB;;KACf;IAEJ,IACF;GAEJ;;AAIV,0BAAe;AAEf,MAAM,8BAA8B;CAClC,MAAM,SAAS;EACb,WAAW;GACT,SAAS;GACT,iBAAiB;GACjB,OAAO;GACP,QAAQ;GACR,cAAc;GACd,WAAW;GACX,YAAY;GACZ,UAAU;GACV,QAAQ;GACR,WAAW;GACZ;EACD,SAAS;GACP,UAAU;GACV,YAAY;GACZ,cAAc;GACf;EACD,MAAM;GACJ,UAAU;GACV,YAAY;GACZ,cAAc;GACf;EACD,SAAS;GACP,UAAU;GACV,SAAS;GACV;EACF;AAED,QACE,qBAAC;EAAI,OAAO,OAAO;aACjB,oBAAC;GAAI,OAAO,OAAO;aAAS;IAA0B,EACtD,oBAAC;GAAI,OAAO,OAAO;aAAS;IAEtB;GACF;;;;;ACzJV,MAAa,qBAAqB,cAEhC,OAAU;;;;;;;;;ACJZ,IAAa,cAAb,cAAiC,MAAM;CACrC,AAAgB;CAEhB,YAAY,UAAkB;AAC5B,QAAM,cAAc;AACpB,OAAK,WAAW;;;;;;ACPpB,MAAa,gBAAgB,cAAkC,OAAU;;;;;;;;;;;;;;;;ACazE,MAAa,kBAA0B;CACrC,MAAM,SAAS,WAAW,cAAc;AACxC,KAAI,CAAC,OACH,OAAM,IAAI,YACR,mEACD;AAGH,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACGT,MAAa,aAAa,MAAiB,SAAyB;CAClE,MAAM,SAAS,WAAW;AAE1B,iBAAgB;AACd,MAAI,CAAC,OAAO,WAAW,CACrB;EAGF,MAAMC,OAAmB,EAAE;AAC3B,OAAK,MAAM,CAAC,MAAM,SAAS,OAAO,QAAQ,KAAK,CAC7C,MAAK,KAAK,OAAO,OAAO,GAAG,MAAa,KAAY,CAAC;AAGvD,eAAa;AACX,QAAK,MAAM,SAAS,KAClB,QAAO;;IAGV,KAAK;;;;;AC7BV,SAAS,SAAS,QAAa,cAAyB;CACtD,MAAM,SAAS,WAAW;AAE1B,eAAc;AACZ,MAAI,gBAAgB,QAAQ,OAAO,MAAM,IAAI,OAAO,IAAI,KACtD,QAAO,MAAM,IAAI,QAAQ,aAAa;IAEvC,CAAC,aAAa,CAAC;CAElB,MAAM,CAAC,OAAO,YAAY,SAAS,OAAO,MAAM,IAAI,OAAO,CAAC;AAE5D,iBAAgB;AACd,MAAI,CAAC,OAAO,WAAW,CACrB;EAGF,MAAM,MAAM,kBAAkB,OAAO,OAAO,MAAM;AAElD,SAAO,OAAO,OAAO,GAAG,iBAAiB,OAAO;AAC9C,OAAI,GAAG,QAAQ,IACb,UAAS,GAAG,MAAM;IAEpB;IACD,EAAE,CAAC;AAEN,QAAO,CACL,QACC,UAAe;AACd,SAAO,MAAM,IAAI,QAAQ,MAAM;GAElC;;;;;AC1CH,MAAa,uBAAyC;CACpD,MAAM,CAAC,SAAS,SAAS,4BAA4B;AACrD,KAAI,CAAC,MACH,OAAM,IAAI,YAAY,6BAA6B;AAErD,QAAO;;;;;;;;;ACyBT,IAAa,gBAAb,cAAmC,MAAM,UAGvC;CACA,YAAY,SAA2B;AACrC,QAAMC,QAAM;AACZ,OAAK,QAAQ,EAAE;;;;;CAMjB,OAAO,yBAAyB,OAAkC;AAChE,SAAO,EACL,OACD;;;;;;CAOH,kBAAkB,OAAc,MAAuB;AACrD,MAAI,KAAK,MAAM,QACb,MAAK,MAAM,QAAQ,OAAO,KAAK;;CAInC,SAAoB;AAClB,MAAI,KAAK,MAAM,MACb,QAAO,KAAK,MAAM,SAAS,KAAK,MAAM,MAAM;AAG9C,SAAO,KAAK,MAAM;;;AAItB,4BAAe;;;;;;;;;;;;;;;;;;;;;;;;;ACpCf,MAAM,cAAc,YAA2B;CAC7C,MAAM,QAAQ,IAAI,mBAAmB,EAAE,SAAS;CAChD,MAAM,QAAQ,gBAAgB;CAE9B,MAAM,CAAC,MAAM,WAAW,SACtB,MAAM,OAAO,QAAQ,QACtB;CAED,MAAM,CAAC,WAAW,gBAAgB,SAAS,GAAG;CAC9C,MAAM,wBAAwB,OAAe,EAAE;CAC/C,MAAM,mBAAmB,OAAe,EAAE;AAE1C,WACE;EACE,0BAA0B,OAAO,EAAE,UAAU,qBAAY;GAEvD,MAAM,QAAQ,SAAS,OAAO;AAC9B,OAAI,GAAGC,QAAM,IAAI,SAAS,GAAG,WAAW,GAAG,OAAO,KAAK,GAAG,CACxD;GAGF,MAAM,gBAAgB,eACpB,MAAM,OAAO,WACbA,SACA,OACD;AAED,OAAI,eAAe;IACjB,MAAM,WAAW,cAAc,YAAY;AAC3C,qBAAiB,UAAU,KAAK,KAAK;AACrC,0BAAsB,UAAU;AAChC,iBAAa,cAAc,UAAU;UAChC;AACL,qBAAiB,UAAU;AAC3B,0BAAsB,UAAU;AAChC,iBAAa,GAAG;;;EAIpB,wBAAwB,OAAO,EAAE,qBAAY;GAC3C,MAAM,QAAQA,QAAM,OAAO;AAG3B,OAAI,iBAAiB,SAAS;IAC5B,MAAM,WAAW,sBAAsB;IACvC,MAAM,OAAO,KAAK,KAAK,GAAG,iBAAiB;AAC3C,QAAI,OAAO,SACT,OAAM,IAAI,SAAS,YACjB,WAAW,SAAS,WAAW,KAAK,CACrC;;AAKL,OAAI,CAAC,OAAO,OAAO;AACjB,YAAQ,OAAO,QAAQ;IAGvB,MAAM,iBAAiB,eACrB,OAAO,OAAO,WACdA,SACA,QACD;AAED,QAAI,eACF,cAAa,eAAe,UAAU;QAEtC,cAAa,GAAG;;;EAKvB,EACD,EAAE,CACH;CAED,IAAI,UAAU,QAAQC,QAAM,YAAY;AAGxC,KAAI,UACF,WACE,oBAAC;EACC,OAAO;GACL,SAAS;GACT,MAAM;GACN,QAAQ;GACR,OAAO;GACP,UAAU;GACV,UAAU;GACX;YAED,oBAAC;GACC,OAAO;IAAE,QAAQ;IAAQ,OAAO;IAAQ,SAAS;IAAQ;IAAW;aAEnE;IACG;GACF;AAKV,KAAIA,QAAM,kBAAkB,MAC1B,QAAO,0CAAG,UAAW;AAGvB,KAAIA,QAAM,cACR,QACE,oBAACC;EAAc,UAAUD,QAAM;YAAgB;GAAwB;AAI3E,QACE,oBAACC;EACC,WAAW,UAAU;GACnB,MAAM,SAAS,MAAM,QAAQ,OAAO,MAAM;AAC1C,OAAI,kBAAkB,YACpB,QAAO;AAET,UAAO;;YAGR;GACa;;AAIpB,yBAAe,KAAK,WAAW;AAE/B,SAAS,eACP,eACA,OACA,OAAyB,SAMb;AACZ,KAAI,CAAC,cACH;CAGF,MAAM,mBAAmB;CAEzB,MAAM,YACJ,OAAO,kBAAkB,aAAa,cAAc,MAAM,GAAG;AAE/D,KAAI,OAAO,cAAc,UAAU;AACjC,MAAI,SAAS,OACX;AAEF,SAAO;GACL,UAAU;GACV,WAAW,GAAG,iBAAiB,KAAK;GACrC;;AAGH,KAAI,OAAO,cAAc,UAAU;EACjC,MAAM,OAAO,UAAU;EACvB,MAAM,WACJ,OAAO,SAAS,WACX,KAAK,YAAY,mBAClB;EACN,MAAM,OAAO,OAAO,SAAS,WAAW,KAAK,OAAO;AAEpD,MAAI,SAAS,OAEX,QAAO;GACL;GACA,WAAW,GAAG,SAAS,KAHV,OAAO,SAAS,WAAY,KAAK,UAAU,KAAM,GAG3B,GAAG;GACvC;AAKH,SAAO;GACL;GACA,WAAW,GAAG,SAAS,KAJV,OAAO,SAAS,WAAY,KAAK,UAAU,KAAM,GAI3B,GAAG;GACvC;;;;;;ACnNL,SAAwB,aAAa,SAAkC;AACrE,QACE,oBAAC;EACC,OAAO;GACL,QAAQ;GACR,SAAS;GACT,eAAe;GACf,gBAAgB;GAChB,YAAY;GACZ,WAAW;GACX,YAAY;GACZ,SAAS;GACT,GAAGC,QAAM;GACV;YAED,oBAAC;GAAG,OAAO;IAAE,UAAU;IAAQ,cAAc;IAAU;aAAE;IAEpD;GACD;;;;;ACMV,MAAMC,cAAY,EAAE,OAAO,EACzB,mBAAmB,EAAE,QAAQ,EAAE,SAAS,MAAM,CAAC,EAChD,CAAC;AAMF,IAAa,oBAAb,MAA+B;CAC7B,AAAmB,MAAM,SAAS;CAClC,AAAmB,MAAM,KAAKA,YAAU;CACxC,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,QAAqB,EAAE;CAE1C,AAAO,WAAwB;AAC7B,SAAO,KAAK;;CAGd,AAAO,mBAAgC;EACrC,MAAMC,QAAqB,EAAE;AAC7B,OAAK,MAAM,QAAQ,KAAK,OAAO;AAC7B,OAAI,KAAK,YAAY,KAAK,SAAS,SAAS,EAC1C;GAEF,MAAM,WAAW,KAAK,SAAS,KAAK,KAAK;AACzC,OAAI,SAAS,SAAS,IAAI,IAAI,SAAS,SAAS,IAAI,EAAE;AACpD,QAAI,OAAO,KAAK,WAAW,UAAU;KACnC,MAAM,UAAU,KAAK,OAAO;AAC5B,SAAI,WAAW,QAAQ,SAAS,EAC9B,MAAK,MAAM,SAAS,SAAS;MAC3B,MAAM,SAAS,MAAM;MACrB,MAAM,OAAO,KAAK,QAAQ,KAAK,QAAQ,IAAI,OAAO;AAClD,UAAI,CAAC,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,SAAS,IAAI,CAC5C,OAAM,KAAK;OACT,GAAG;OACH,MAAM,OAAO,OAAO,KAAK,OAAO,CAAC;OACjC;OACA,GAAG;OACJ,CAAC;;;AAMV;;AAEF,SAAM,KAAK,KAAK;;AAElB,SAAO;;CAGT,AAAO,KAAK,MAAyB;AACnC,OAAK,MAAM,QAAQ,KAAK,MACtB,KAAI,KAAK,SAAS,KAChB,QAAO;AAIX,QAAM,IAAI,YAAY,SAAS,KAAK,aAAa;;CAGnD,AAAO,SACL,MACA,UAGI,EAAE,EACN;EACA,MAAM,OAAO,KAAK,KAAK,KAAK;AAC5B,MAAI,CAAC,KACH,OAAM,IAAI,MAAM,QAAQ,KAAK,YAAY;EAG3C,IAAI,MAAM,KAAK,QAAQ;EACvB,IAAI,SAAS,KAAK;AAClB,SAAO,QAAQ;AACb,SAAM,GAAG,OAAO,QAAQ,GAAG,GAAG;AAC9B,YAAS,OAAO;;AAGlB,QAAM,KAAK,QAAQ,KAAK,QAAQ,UAAU,EAAE,CAAC;AAE7C,MAAI,QAAQ,OAAO;GACjB,MAAM,QAAQ,IAAI,gBAAgB,QAAQ,MAAM;AAChD,OAAI,MAAM,UAAU,CAClB,QAAO,IAAI,MAAM,UAAU;;AAI/B,SAAO,IAAI,QAAQ,UAAU,IAAI,IAAI;;CAGvC,AAAO,IACL,MACA,UAA8D,EAAE,EAC3D;AACL,SAAO,IAAI,IACT,KAAK,SAAS,MAAM,QAAQ,EAE5B,QAAQ,QAAQ,mBACjB;;CAGH,AAAO,KAAK,OAAoC;EAC9C,MAAM,OAAO,cACX,cAAc,UACd,EAAE,OAAO,KAAK,QAAQ,EACtB,cAAcC,oBAAY,EAAE,EAAE,MAAM,OAAO,IAAI,QAAQ,CACxD;AAED,MAAI,KAAK,IAAI,kBACX,QAAO,cAAc,YAAY,EAAE,EAAE,KAAK;AAG5C,SAAO;;CAGT,AAAU,+BACR,QACA,UACQ;AACR,MAAI,EAAE,OAAO,SAAS,OAAO,IAAI,OAAO,UAAU,UAChD;QAAK,MAAM,OAAO,OAAO,WACvB,KACE,EAAE,OAAO,SAAS,OAAO,WAAW,KAAK,IACzC,OAAO,MAAM,SAAS,SAEtB,KAAI;AACF,UAAM,OAAO,KAAK,OAAO,MAAM,OAC7B,OAAO,WAAW,MAClB,mBAAmB,MAAM,KAAK,CAC/B;YACMC,KAAG;;AAMlB,SAAO;;;;;;;CAQT,MAAa,aACX,OACA,OACA,WAAgC,EAAE,EACL;EAC7B,IAAIC,UAA+B,EAAE;EACrC,MAAMC,QAAgC,CAAC,EAAE,OAAO,CAAC;EAEjD,IAAI,SAAS,MAAM;AACnB,SAAO,QAAQ;AACb,SAAM,QAAQ,EAAE,OAAO,QAAQ,CAAC;AAChC,YAAS,OAAO;;EAGlB,IAAI,eAAe;AAEnB,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;GACrC,MAAM,KAAK,MAAM;GACjB,MAAMC,UAAQ,GAAG;GACjB,MAAMC,SAA8B,EAAE;AAEtC,OAAI;AACF,SAAK,4BAA4BD,QAAM,QAAQ,OAAO,MAAM,MAAM;AAClE,WAAO,QAAQA,QAAM,QAAQ,QACzB,KAAK,OAAO,MAAM,OAAOA,QAAM,OAAO,OAAO,MAAM,MAAM,GACzD,EAAE;YACCH,KAAG;AACV,OAAG,QAAQA;AACX;;AAGF,OAAI;AACF,WAAO,SAASG,QAAM,QAAQ,SAC1B,KAAK,OAAO,MAAM,OAAOA,QAAM,OAAO,QAAQ,MAAM,OAAO,GAC3D,EAAE;YACCH,KAAG;AACV,OAAG,QAAQA;AACX;;AAIF,MAAG,SAAS,EACV,GAAG,QACJ;AAGD,OAAI,WAAW,MAAM,CAAC,gBAAgB,SAAS,GAAG,SAASG,QAAM,MAAM;IACrE,MAAM,OAAO,QAAkB,MAAM,IAAI,QAAQ,UAAU,IAAI,GAAG;AAYlE,QAVa,KAAK,UAAU;KAC1B,MAAM,IAAI,SAAS,GAAG,KAAK;KAC3B,QAAQ,SAAS,GAAG,QAAQ,UAAU,EAAE;KACzC,CAAC,KAEW,KAAK,UAAU;KAC1B,MAAM,IAAIA,QAAM,KAAK;KACrB,QAAQ,OAAO,UAAU,EAAE;KAC5B,CAAC,EAEiB;AAEjB,QAAG,QAAQ,SAAS,GAAG;AACvB,QAAG,QAAQ,SAAS,GAAG;AACvB,QAAG,QAAQ;AACX,eAAU;MACR,GAAG;MACH,GAAG,GAAG;MACP;AACD;;AAIF,mBAAe;;AAIjB,OAAI,CAACA,QAAM,QACT;AAGF,OAAI;IACF,MAAM,OAAO,OAAO,OAAO,MAAM;AACjC,WAAO,OAAO,MAAM,QAAQ,QAAQ;IACpC,MAAME,UAAS,MAAMF,QAAM,UAAU,KAAK,IAAK,EAAE;AAGjD,OAAG,QAAQ,EACT,GAAGE,SACJ;AAGD,cAAU;KACR,GAAG;KACH,GAAGA;KACJ;YACML,KAAG;AAEV,QAAIA,eAAa,YACf,QAAO,EACL,UAAUA,IAAE,UACb;AAGH,SAAK,IAAI,MAAM,4BAA4BA,IAAE;AAE7C,OAAG,QAAQA;AACX;;;EAIJ,IAAI,MAAM;AACV,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;GACrC,MAAM,KAAK,MAAM;GACjB,MAAMK,UAAQ,GAAG,SAAS,EAAE;GAE5B,MAAM,SAAS,EAAE,GAAG,GAAG,QAAQ,QAAQ;AACvC,QAAK,MAAM,OAAO,OAAO,KAAK,OAAO,CACnC,QAAO,OAAO,OAAO,OAAO,KAAK;AAGnC,UAAO;AACP,UAAO,GAAG,MAAM,OAAO,KAAK,QAAQ,GAAG,MAAM,MAAM,OAAO,GAAG;GAC7D,MAAM,OAAO,IAAI,QAAQ,OAAO,IAAI;GACpC,MAAM,oBAAoB,KAAK,gBAAgB,GAAG,MAAM;AACxD,OAAI,mBAAmB;IACrB,MAAM,gBAAgB,MAAM;AAC5B,UAAM,WAAW,OAAO,cAAY;KAClC,MAAM,SAAS,kBAAkB,OAAOC,UAAQ;AAEhD,SAAI,WAAW,OACb,QAAO,cAAc,OAAOA,UAAQ;AAEtC,YAAO;;;AAKX,OAAI,CAAC,GAAG,MACN,KAAI;IACF,MAAM,UAAU,MAAM,KAAK,cAAc,GAAG,OAAO;KACjD,GAAGD;KACH,GAAG;KACJ,CAAC;AAEF,UAAM,OAAO,KAAK;KAChB,MAAM,GAAG,MAAM;KACf;KACA,MAAM,GAAG,MAAM;KACf,QAAQ,GAAG;KACX,SAAS,KAAK,WAAW,IAAI,GAAG,MAAM,SAAS,GAAG,MAAM;KACxD,OAAO,IAAI;KACX;KACA,OAAO,GAAG;KACV,OAAO,GAAG;KACX,CAAC;YACKL,KAAG;AACV,OAAG,QAAQA;;AAKf,OAAI,GAAG,MACL,KAAI;IACF,IAAIO,UACF,MAAM,MAAM,QAAQ,GAAG,OAAO,MAAM;AAEtC,QAAI,YAAY,OACd,OAAM,GAAG;AAGX,QAAI,mBAAmB,YACrB,QAAO,EACL,UAAU,QAAQ,UACnB;AAGH,QAAI,YAAY,KACd,WAAU,KAAK,YAAY,GAAG,MAAM;AAGtC,UAAM,OAAO,KAAK;KAChB;KACA,OAAO,GAAG;KACV,MAAM,GAAG,MAAM;KACf,MAAM,GAAG,MAAM;KACf,QAAQ,GAAG;KACX,SAAS,KAAK,WAAW,IAAI,GAAG,MAAM,SAAS,GAAG,MAAM;KACxD,OAAO,IAAI;KACX;KACA,OAAO,GAAG;KACX,CAAC;AACF;YACOP,KAAG;AACV,QAAIA,eAAa,YACf,QAAO,EACL,UAAUA,IAAE,UACb;AAEH,UAAMA;;;AAKZ,SAAO,EAAE,OAAO;;CAGlB,AAAU,uBAAuB,UAAsC;AACrE,SAAO,EACL,UACD;;CAGH,AAAU,gBAAgB,OAA4C;AACpE,MAAI,MAAM,aAAc,QAAO,MAAM;EACrC,IAAI,SAAS,MAAM;AACnB,SAAO,QAAQ;AACb,OAAI,OAAO,aAAc,QAAO,OAAO;AACvC,YAAS,OAAO;;;CAIpB,MAAgB,cACd,MACA,SACoB;AACpB,MAAI,KAAK,QAAQ,KAAK,UACpB,MAAK,IAAI,KACP,QAAQ,KAAK,KAAK,yDACnB;AAGH,MAAI,KAAK,KAEP,QAAO,eADW,MAAM,KAAK,MAAM,EACJ,SAASK,QAAM;AAGhD,MAAI,KAAK,UACP,QAAO,cAAc,KAAK,WAAWA,QAAM;;CAM/C,AAAO,YAAY,OAAyB;AAC1C,SAAO,cAAcG,qBAAa;GAAE;GAAO,QAAQ,KAAK;GAAQ,CAAC;;CAGnE,AAAO,kBAA6B;AAClC,SAAO,cAAcT,oBAAY,EAAE,CAAC;;CAGtC,AAAO,KACL,MACA,SAA8B,EAAE,EACxB;EACR,MAAM,QAAQ,KAAK,MAAM,MAAM,OAAO,GAAG,SAAS,KAAK,QAAQ,KAAK;AACpE,MAAI,CAAC,MACH,OAAM,IAAI,MAAM,QAAQ,KAAK,QAAQ,KAAK,YAAY;EAGxD,IAAI,MAAM,MAAM,QAAQ;EACxB,IAAI,SAAS,MAAM;AACnB,SAAO,QAAQ;AACb,SAAM,GAAG,OAAO,QAAQ,GAAG,GAAG;AAC9B,YAAS,OAAO;;AAGlB,QAAM,KAAK,QAAQ,KAAK,OAAO;AAE/B,SAAO,IAAI,QAAQ,UAAU,IAAI,IAAI;;CAGvC,AAAO,QAAQ,MAAc,SAAiC,EAAE,EAAE;AAChE,OAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,OAAO,CAC/C,QAAO,KAAK,QAAQ,IAAI,OAAO,MAAM;AAEvC,SAAO;;CAGT,AAAU,WACR,OACA,MACA,MACA,MACW;AACX,WAAS,KAAK,iBAAiB;EAE/B,MAAM,UAAU,KAAK,SACjB,cACEU,oBACA,OAAO,KAAK,WAAW,WAAW,KAAK,SAAS,EAAE,EAClD,KACD,GACD;AAEJ,SAAO,cACL,mBAAmB,UACnB,EACE,OAAO;GACL;GACA;GACD,EACF,EACD,QACD;;CAGH,AAAmB,YAAY,MAAM;EACnC,IAAI;EACJ,eAAe;GACb,IAAI,qBAAqB;GACzB,MAAM,QAAQ,KAAK,OAAO,YAAY,MAAM;GAE5C,MAAM,aAAa,OAAuB;AACxC,QAAI,GAAG,QAAQ,OACb,QAAO;AAGT,SAAK,MAAM,QAAQ,MAMjB,MALiB,KAAK,QAAQ,WAC1B,MAAM,QAAQ,KAAK,QAAQ,SAAS,GAClC,KAAK,QAAQ,WACb,KAAK,QAAQ,UAAU,GACzB,EAAE,EACO,SAAS,GAAG,CACvB,QAAO;;AAKb,QAAK,MAAM,QAAQ,OAAO;AACxB,QAAI,KAAK,QAAQ,SAAS,KACxB,sBAAqB;AAIvB,QAAI,UAAU,KAAK,CACjB;AAGF,SAAK,IAAI,KAAK,IAAI,OAAO,KAAK,CAAC;;AAGjC,OAAI,CAAC,sBAAsB,MAAM,SAAS,EAExC,MAAK,IAAI;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,WAAW;IACX,mBAAmB,EAAE,YAAY;AAC/B,WAAM,SAAS;;IAElB,CAAC;;EAGP,CAAC;CAEF,AAAU,IACR,OACA,QACgB;EAChB,MAAM,WAAW,OAAO,QAAQ,WAC5B,MAAM,QAAQ,OAAO,QAAQ,SAAS,GACpC,OAAO,QAAQ,WACf,OAAO,QAAQ,UAAU,GAC3B,EAAE;EAEN,MAAM,yBAAyB,OAAyC;GACtE,MAAMC,aAAW,EAAE;AACnB,QAAK,MAAM,QAAQ,MACjB,KAAI,KAAK,QAAQ,WAAW,GAC1B,YAAS,KAAK,KAAK;AAGvB,UAAOA;;AAGT,WAAS,KAAK,GAAG,sBAAsB,OAAO,CAAC;AAE/C,SAAO;GACL,GAAG,OAAO;GACV,MAAM,OAAO;GACb,QAAQ;GACR,UAAU,SAAS,KAAK,OAAO,KAAK,IAAI,OAAO,GAAG,CAAC;GACpD;;CAGH,AAAO,IAAI,OAAuB;AAChC,MAAI,KAAK,OAAO,SAAS,CACvB,OAAM,IAAI,YAAY,gCAAgC;AAGxD,QAAM,SAAS,KAAK,QAAQ;EAC5B,MAAM,OAAO;AAEb,OAAK,QAAQ,KAAK,YAAY,KAAK;AACnC,OAAK,MAAM,KAAK,KAAK;AAErB,MAAI,KAAK,SACP,MAAK,MAAM,SAAS,KAAK,UAAU;AACjC,GAAC,MAAoB,SAAS;AAC9B,QAAK,IAAI,MAAM;;;CAKrB,AAAU,YAAY,MAAyB;EAC7C,IAAI,MAAM,KAAK,QAAQ;EACvB,IAAI,SAAS,KAAK;AAClB,SAAO,QAAQ;AACb,SAAM,GAAG,OAAO,QAAQ,GAAG,GAAG;AAC9B,YAAS,OAAO;;EAGlB,IAAI,OAAO,IAAI,QAAQ,UAAU,IAAI;AAErC,MAAI,KAAK,SAAS,IAAI,IAAI,SAAS,IAEjC,QAAO,KAAK,MAAM,GAAG,GAAG;AAG1B,SAAO;;CAGT,AAAU,QAAQ;CAElB,AAAU,SAAiB;AACzB,OAAK,SAAS;AACd,SAAO,IAAI,KAAK;;;AAIpB,MAAa,eAAe,OAA6B;AACvD,QACE,MACA,OAAO,OAAO,YACd,OAAO,GAAG,SAAS,YACnB,OAAO,GAAG,SAAS;;;;;AC5jBvB,MAAMC,cAAY,EAAE,OAAO;CACzB,mBAAmB,EAAE,SAAS,EAAE,SAAS,CAAC;CAC1C,eAAe,EAAE,KAAK,EAAE,SAAS,QAAQ,CAAC;CAC1C,uBAAuB,EAAE,SACvB,EAAE,KAAK,EACL,MAAM,QACP,CAAC,CACH;CACF,CAAC;;;;AAYF,MAAa,qBAAqB,MAAM;CACtC,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,WAAW,EAAE,QAAQ;EACrB,cAAc,EAAE,OAAO;GACrB,UAAU,EAAE,SAAS;GACrB,MAAM,EAAE,OAAO,EACb,aAAa,+CACd,CAAC;GACH,CAAC;EACH,CAAC;CACF,SAAS;EACP,WAAW;EACX,cAAc;GACZ,UAAU;GACV,MAAM;GACP;EACF;CACF,CAAC;AAcF,IAAa,sBAAb,MAAiC;CAC/B,AAAmB,MAAM,SAAS;CAClC,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,MAAM,KAAKA,YAAU;CACxC,AAAmB,UAAU,QAAQ,kBAAkB;CACvD,AAAmB,iBAAiB,QAAQ,eAAe;CAC3D,AAAmB,uBAAuB,QAAQ,qBAAqB;CACvE,AAAmB,uBAAuB,QAAQ,qBAAqB;CACvE,AAAmB,uBAAuB,QAAQ,qBAAqB;CAEvE,AAAgB,iBAAiB,IAAI,OACnC,yBAAyB,KAAK,IAAI,cAAc,4BAChD,KACD;CACD,AAAU,uBAAoD;CAE9D,AAAmB,UAAU,KAAK,mBAAmB;;;;CAKrD,AAAgB,cAAc,MAAM;EAClC,IAAI;EACJ,SAAS,YAAY;GAGnB,MAAM,aAFQ,KAAK,OAAO,YAAY,MAAM,CAGpC,SAAS,KAAK,KAAK,IAAI,sBAAsB;AAErD,QAAK,OAAO,MAAM,IAAI,2BAA2B,WAAW;AAG5D,OAAI,KAAK,OAAO,WAAW,EAAE;AAC3B,UAAM,KAAK,cAAc,WAAW;AACpC;;GAIF,IAAI,OAAO;AAGX,OAAI,CAAC,KAAK,OAAO,cAAc,EAAE;AAC/B,WAAO,KAAK,oBAAoB;AAChC,QAAI,CAAC,KACH,MAAK,IAAI,KACP,4DACD;SACI;AACL,UAAK,IAAI,MAAM,4BAA4B,OAAO;AAClD,WAAM,KAAK,sBAAsB,KAAK;;;AAI1C,OAAI,YAAY;AACd,UAAM,KAAK,cAAc,YAAY,KAAK,SAAS;AACnD,SAAK,IAAI,KAAK,SAAS;AACvB;;AAIF,QAAK,IAAI,KAAK,4CAA4C;AAC1D,QAAK,qBAAqB,YAAY;IACpC,MAAM;IACN,SAAS,OAAO,EAAE,KAAK,YAAY;AACjC,SAAI,IAAI,SAAS,SAAS,IAAI,EAAE;AAE9B,YAAM,QAAQ,kBAAkB;AAChC,YAAM,OAAO;AACb,YAAM,SAAS;AACf;;AAGF,WAAM,QAAQ,kBAAkB;AAGhC,YAAO,KAAK;;IAEf,CAAC;;EAEL,CAAC;CAEF,IAAW,WAAW;AACpB,SACE,KAAK,OAAO,IAAI,yBAChB;;CAIJ,MAAgB,cAAc,gBAAgC;EAE5D,MAAM,WAAW,MAAM,gBAAgB;AACvC,MAAI,SACF,MAAK,uBAAuB,KAAK,mBAAmB,SAAS;AAG/D,OAAK,MAAM,QAAQ,KAAK,QAAQ,UAAU,EAAE;AAC1C,OAAI,KAAK,UAAU,OACjB;AAGF,QAAK,IAAI,MAAM,KAAK,KAAK,MAAM,MAAM,KAAK,OAAO;AAEjD,QAAK,qBAAqB,YAAY;IACpC,GAAG;IACH,QAAQ;IACR,QAAQ;IACR,MAAM,KAAK;IACX,SAAS,KAAK,cAAc,MAAM,eAAe;IAClD,CAAC;;;;;;CAON,AAAU,qBAA6B;EACrC,MAAM,QAAQ,CACZ,KAAK,QAAQ,KAAK,EAAE,QAAQ,KAAK,QAAQ,YAAY,EACrD,KAAK,QAAQ,KAAK,EAAE,KAAK,QAAQ,UAAU,CAC5C;AAED,OAAK,MAAM,MAAM,MACf,KAAI,WAAW,GAAG,CAChB,QAAO;AAIX,SAAO;;;;;CAMT,MAAgB,sBAAsB,MAAc;AAClD,QAAM,KAAK,qBAAqB,mBAAmB;GACjD;GACA,cAAc;IACZ,QAAQ;IACR,WAAW;IACZ;GACD,GAAG,KAAK,QAAQ;GACjB,CAAC;;;;;CAMJ,MAAgB,cAAc,YAAqB;AACjD,MAAI,CAAC,WAEH;AAGF,OAAK,IAAI,KAAK,eAAe;EAE7B,MAAM,MAAM,UAAU,QAAQ,IAAI,YAAY,GAAG,QAAQ,IAAI;AAE7D,QAAM,KAAK,oBACT,MAAM,GAAG,IAAI,aAAa,CACvB,MAAM,OAAO,GAAG,MAAM,CAAC,CACvB,YAAY,OAAU,CAC1B;;;;;CAMH,MAAa,OACX,MACA,UAAuC,EAAE,EACJ;EACrC,MAAM,OAAO,KAAK,QAAQ,KAAK,KAAK;EACpC,MAAM,MAAM,IAAI,IAAI,KAAK,QAAQ,IAAI,MAAM,QAAQ,CAAC;EASpD,MAAM,QARmC;GACvC;GACA,QAAQ,QAAQ,UAAU,EAAE;GAC5B,OAAO,QAAQ,SAAS,EAAE;GAC1B,eAAe;GACf,QAAQ,EAAE;GACV,MAAM,EAAE;GACT;AAGD,OAAK,IAAI,MAAM,aAAa,EAC1B,KACD,CAAC;AAEF,QAAM,KAAK,OAAO,OAAO,KAAK,6BAA6B,EACzD,OACD,CAAC;EAEF,MAAM,EAAE,aAAa,MAAM,KAAK,QAAQ,aACtC,MACA,MACD;AAED,MAAI,SACF,QAAO;GAAE;GAAO,MAAM;GAAI;GAAU;AAGtC,MAAI,CAAC,QAAQ,MAAM;AACjB,QAAK,OAAO,MAAM,IAAI,6BAA6B,MAAM;AAEzD,UAAO;IACL;IACA,MAAM,eAAe,KAAK,QAAQ,KAAK,MAAM,CAAC;IAC/C;;EAGH,MAAM,WAAW,KAAK,YAAY;EAClC,MAAM,OAAO,KAAK,aAAa,UAAU,OAAO,QAAQ,UAAU;AAElE,MAAI,gBAAgB,YAClB,QAAO;GAAE;GAAO,MAAM;GAAI;GAAU;EAGtC,MAAM,SAAS;GACb;GACA;GACD;AAED,QAAM,KAAK,OAAO,OAAO,KAAK,2BAA2B,OAAO;AAEhE,SAAO;;CAGT,AAAU,cACR,OACA,gBACe;AACf,SAAO,OAAO,kBAAkB;GAC9B,MAAM,EAAE,KAAK,OAAO,OAAO,WAAW;GACtC,MAAM,WAAW,MAAM,gBAAgB;AACvC,OAAI,CAAC,SACH,OAAM,IAAI,YAAY,qCAAqC;AAG7D,QAAK,IAAI,MAAM,kBAAkB,EAC/B,MAAM,MAAM,MACb,CAAC;GAUF,MAAM,QARmC;IACvC;IACA;IACA;IACA,eAAe;IACf,QAAQ,EAAE;IACX;AAID,OAAI,KAAK,OAAO,IAAI,oBAAoB,CACtC,MAAK,OAAO,MAAM,IAChB,kCACA,MAAM,KAAK,OAAO,OAAO,oBAAoB,CAAC,gBAAgB;IAC5D,MAAO,cAAsB;IAC7B,eAAe,cAAc,QAAQ;IACtC,CAAC,CACH;GAGH,IAAIC,SAAgC;AACpC,UAAO,QAAQ;AACb,QAAI,MAAM,OAAO,CAAC,MAAM,KAAK,EAAE;AAE7B,WAAM,SAAS;AACf,WAAM,QAAQ,kBAAkB;AAChC,YAAO;;AAET,aAAS,OAAO;;AAclB,SAAM,KAAK,OAAO,OAAO,KAAK,6BAA6B;IACzD,SAAS;IACT;IACD,CAAC;AAEF,QAAK,qBAAqB,YAAY,eAAe;GAErD,MAAM,EAAE,aAAa,MAAM,KAAK,QAAQ,aAAa,OAAO,MAAM;AAElE,QAAK,qBAAqB,UAAU,eAAe;AAEnD,OAAI,SACF,QAAO,MAAM,SAAS,SAAS;AAGjC,SAAM,QAAQ,kBAAkB;AAIhC,SAAM,QAAQ,mBACZ;AACF,SAAM,QAAQ,SAAS;AACvB,SAAM,QAAQ,UAAU;GAExB,MAAM,OAAO,KAAK,aAAa,UAAU,MAAM;AAC/C,OAAI,gBAAgB,aAAa;AAC/B,UAAM,SACJ,OAAO,KAAK,aAAa,WACrB,KAAK,WACL,KAAK,QAAQ,KAAK,KAAK,SAAS,CACrC;AACD;;GAGF,MAAM,QAAQ;IACZ,SAAS;IACT;IACA;IACD;AAED,SAAM,KAAK,OAAO,OAAO,KAAK,2BAA2B,MAAM;AAE/D,SAAM,mBAAmB,cAAc;AAEvC,QAAK,IAAI,MAAM,iBAAiB,EAC9B,MAAM,MAAM,MACb,CAAC;AAEF,UAAO,MAAM;;;CAIjB,AAAO,aACL,UACA,OACA,YAAY,MACU;EACtB,MAAM,UAAU,KAAK,QAAQ,KAAK,MAAM;AAGxC,OAAK,OAAO,MAAM,IAAI,6BAA6B,MAAM;AAEzD,OAAK,qBAAqB,YAAY,iBAAiB;EACvD,IAAI,MAAM;AACV,MAAI;AACF,SAAM,eAAe,QAAQ;WACtB,OAAO;AACd,QAAK,IAAI,MACP,wDACA,MACD;GACD,MAAMC,YAAU,MAAM,QAAQ,OAAgB,MAAM;AACpD,OAAIA,qBAAmB,YAErB,QAAOA;AAGT,SAAM,eAAeA,UAAQ;AAC7B,QAAK,IAAI,MAAM,2CAA2C;;AAE5D,OAAK,qBAAqB,UAAU,iBAAiB;EAErD,MAAM,WAAW,EACf,MAAM,UACP;AAED,MAAI,WAAW;GACb,MAAM,EAAE,SAAS,SAAS,GAAG,UAC3B,KAAK,OAAO,QAAQ,KAAK,UAAU,IAAI,EAAE;GAE3C,MAAMC,gBAAqC;IACzC,GAAG;IAEH,6BAA6B;IAC7B,QAAQ,MAAM,OAAO,KAAK,QAAQ;KAChC,GAAG;KACH,OAAO,GAAG,QACN;MACE,GAAG,GAAG;MACN,MAAM,GAAG,MAAM;MACf,SAAS,GAAG,MAAM;MAClB,OAAO,CAAC,KAAK,OAAO,cAAc,GAAG,GAAG,MAAM,QAAQ;MACvD,GACD;KACJ,OAAO;KACP,MAAM;KACN,SAAS;KACT,OAAO;KACR,EAAE;IACJ;GAGD,MAAM,SAAS,wBAAwB,KAAK,UAAU,cAAc,CAAC;AAGrE,QAAK,aAAa,UAAU,KAAK,OAAO;;AAG1C,SAAO,SAAS;;CAGlB,AAAU,mBAAmB,UAAwC;EAGnE,MAAM,iBADiB,SAAS,MAAM,YAAY,EACX,SAAS,SAAS;EAEzD,MAAM,eAAe,SAAS,UAAU,GAAG,eAAe;EAC1D,MAAM,cAAc,SAAS,UAAU,eAAe;EAGtD,MAAM,eAAe,aAAa,MAAM,KAAK,eAAe;AAE5D,MAAI,cAAc;GAEhB,MAAM,YAAY,aAAa,UAAU,GAAG,aAAa,MAAO;GAChE,MAAM,gBAAgB,aAAa,QAAS,aAAa,GAAG;GAC5D,MAAM,WAAW,aAAa,UAAU,cAAc;AAKtD,UAAO;IAAE,WAHS,GAAG,UAAU,MAAM,aAAa,GAAG,OAAO,KAAK,IAAI,cAAc,GAAG,aAAa,GAAG;IAGlF,UAFH,SAAS;IAEI,cAAc;IAAI;IAAa;;EAI/D,MAAM,YAAY,aAAa,MAAM,iBAAiB;AACtD,MAAI,WAAW;GACb,MAAM,aAAa,aAAa,UAC9B,GACA,UAAU,QAAS,UAAU,GAAG,OACjC;GACD,MAAM,YAAY,aAAa,UAC7B,UAAU,QAAS,UAAU,GAAG,OACjC;AAKD,UAAO;IAAE,WAHS,GAAG,WAAW,WAAW,KAAK,IAAI,cAAc;IAG9C,UAFH,SAAS;IAEI,cAAc;IAAI;IAAa;;AAI/D,SAAO;GACL,WAAW,YAAY,KAAK,IAAI,cAAc;GAC9C,UAAU;GACV;GACA;GACD;;CAGH,AAAU,aACR,UACA,KACA,QACA;AACA,MAAI,CAAC,KAAK,qBAER,MAAK,uBAAuB,KAAK,mBAAmB,SAAS,KAAK;AAIpE,WAAS,OACP,KAAK,qBAAqB,YAC1B,MACA,KAAK,qBAAqB,WAC1B,SACA,KAAK,qBAAqB;;;;;;ACtiBhC,IAAa,yBAAb,cAA4C,iBAAiB;CAC3D,AAAmB,sBAAsB,QAAQ,oBAAoB;CACrE,AAAmB,iBAAiB,QAAQ,eAAe;CAE3D,MAAa,OACX,MACA,UAAuC,EAAE,EACJ;AACrC,SAAO,KAAK,oBAAoB,OAAO,MAAM,QAAQ;;CAGvD,MAAa,MACX,UACA,UAAuC,EAAE,EAIxC;EACD,MAAM,WAAW,MAAM,MAAM,GAAG,KAAK,eAAe,SAAS,GAAG,WAAW;EAE3E,MAAM,OAAO,MAAM,SAAS,MAAM;AAClC,MAAI,SAAS,KACX,QAAO;GAAE;GAAM;GAAU;EAI3B,MAAM,QAAQ,KAAK,MAAM,KAAK,oBAAoB,eAAe;AACjE,MAAI,MACF,QAAO;GAAE,MAAM,MAAM;GAAI;GAAU;AAGrC,QAAM,IAAI,YAAY,wBAAwB;;;;;;ACtBlD,IAAa,6BAAb,cAAgD,eAA6B;CAC3E,AAAmB,MAAM,SAAS;CAClC,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,UAAU,QAAQ,kBAAkB;CAEvD,AAAO,IAAI,OAAuB;AAChC,OAAK,QAAQ,IAAI,MAAM;;CAGzB,AAAmB,YAAY,MAAM;EACnC,IAAI;EACJ,SAAS,YAAY;AACnB,QAAK,MAAM,QAAQ,KAAK,QAAQ,UAAU,CAExC,KAAI,KAAK,aAAa,KAAK,KACzB,MAAK,KAAK;IACR,MAAM,KAAK;IACX;IACD,CAAC;;EAIT,CAAC;CAEF,MAAa,WACX,KACA,WAAgC,EAAE,EAClC,OAAO,EAAE,EACe;EACxB,MAAM,EAAE,UAAU,WAAW;EAW7B,MAAM,QATmC;GACvC;GACA,OAAO,EAAE;GACT,QAAQ,EAAE;GACV,QAAQ,EAAE;GACV,eAAe;GACf;GACD;AAKD,QAAM,KAAK,OAAO,OAAO,KAAK,sBAAsB,EAClD,MAAM,cACP,CAAC;AACF,QAAM,KAAK,OAAO,OAAO,KAAK,0BAA0B;GACtD,UAAU,KAAK,OAAO,MAAM,IAAI,4BAA4B;GAC5D;GACD,CAAC;AAEF,MAAI;GACF,MAAM,EAAE,OAAO,WAAW,KAAK,MAAM,SAAS;GAE9C,MAAMC,QAAgC,EAAE;AACxC,OAAI,OACF,MAAK,MAAM,CAAC,KAAK,UAAU,IAAI,gBAAgB,OAAO,CAAC,SAAS,CAC9D,OAAM,OAAO,OAAO,MAAM;AAI9B,SAAM,QAAQ;AACd,SAAM,SAAS,UAAU,EAAE;AAE3B,OAAI,YAAY,MAAM,EAAE;IACtB,MAAM,EAAE,aAAa,MAAM,KAAK,QAAQ,aACtC,MAAM,MACN,OACA,SACD;AACD,QAAI,SACF,QAAO;;AAIX,OAAI,MAAM,OAAO,WAAW,EAC1B,OAAM,OAAO,KAAK;IAChB,MAAM;IACN,SAAS,cAAc,aAAa;IACpC,OAAO;IACP,MAAM;IACP,CAAC;AAGJ,SAAM,KAAK,OAAO,OAAO,KAAK,wBAAwB,EACpD,MAAM,cACP,CAAC;AACF,SAAM,KAAK,OAAO,OAAO,KAAK,4BAA4B,EAAE,OAAO,CAAC;WAC7DC,KAAG;AACV,QAAK,IAAI,MAAM,yBAAyBA,IAAE;AAC1C,SAAM,SAAS,CACb;IACE,MAAM;IACN,SAAS,KAAK,QAAQ,YAAYA,IAAW;IAC7C,OAAO;IACP,MAAM;IACP,CACF;AAED,SAAM,KAAK,OAAO,OAAO,KAAK,sBAAsB;IAClD,MAAM;IACN,OAAOA;IACR,CAAC;AACF,SAAM,KAAK,OAAO,OAAO,KAAK,0BAA0B;IACtD,OAAOA;IACP;IACD,CAAC;;AAIJ,MAAI,SACF,MAAK,IAAI,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;GACxC,MAAM,QAAQ,SAAS;AACvB,OAAI,MAAM,OAAO,IAAI,SAAS,MAAM,KAClC,MAAK,QAAQ,KAAK,MAAM,KAAK,EAAE,WAAW;;AAKhD,OAAK,OAAO,MAAM,IAAI,6BAA6B,MAAM;AAEzD,QAAM,KAAK,OAAO,OAAO,KAAK,oBAAoB,EAChD,MAAM,cACP,CAAC;AACF,QAAM,KAAK,OAAO,OAAO,KAAK,wBAAwB,EACpD,OACD,CAAC;;CAGJ,AAAO,KAAK,OAAoC;AAC9C,SAAO,KAAK,QAAQ,KAAK,MAAM;;;;;;AC7HnC,MAAM,YAAY,EAAE,OAAO,EACzB,eAAe,EAAE,KAAK,EAAE,SAAS,QAAQ,CAAC,EAC3C,CAAC;;;;AASF,MAAa,sBAAsB,MAAM;CACvC,MAAM;CACN,QAAQ,EAAE,OAAO,EACf,mBAAmB,EAAE,KAAK,CAAC,OAAO,SAAS,CAAC,EAC7C,CAAC;CACF,SAAS,EACP,mBAAmB,OACpB;CACF,CAAC;AAcF,IAAa,uBAAb,MAAkC;CAChC,AAAmB,MAAM,KAAK,UAAU;CACxC,AAAmB,MAAM,SAAS;CAClC,AAAmB,SAAS,QAAQ,aAAa;CACjD,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,SAAS,QAAQ,2BAA2B;CAC/D,AAAmB,mBAAmB,QAAQ,iBAAiB;CAE/D,AAAmB,UAAU,KAAK,oBAAoB;CAEtD,AAAU,iBAAiB;EACzB,MAAM,OAAO,KAAK,SAAS,eAAe,KAAK,IAAI,cAAc;AACjE,MAAI,KACF,QAAO;EAGT,MAAM,MAAM,KAAK,SAAS,cAAc,MAAM;AAC9C,MAAI,KAAK,KAAK,IAAI;AAElB,OAAK,SAAS,KAAK,QAAQ,IAAI;AAE/B,SAAO;;CAGT,AAAO;CAKP,IAAW,QAA0B;AACnC,SAAO,KAAK,OAAO,MAAM,IAAI,4BAA4B;;;;;CAM3D,IAAW,WAAW;AACpB,SAAO,OAAO;;;;;CAMhB,IAAW,UAAU;AACnB,SAAO,OAAO;;;;;CAMhB,IAAW,WAAW;AACpB,SAAO,OAAO;;CAGhB,IAAW,OAAO;EAChB,MAAM,OAAO,OAAO,KAAK,KAAK;AAC9B,MAAI,CAAC,QAAQ,SAAS,IACpB,QAAO;AAGT,SAAO;;CAGT,IAAW,MAAc;EACvB,MAAM,MAAM,KAAK,SAAS,WAAW,KAAK,SAAS;AACnD,MAAI,KAAK,KACP,QAAO,IAAI,QAAQ,KAAK,MAAM,GAAG;AAEnC,SAAO;;CAGT,AAAO,UAAU,MAAc,SAAmB;EAChD,MAAM,MAAM,KAAK,OAAO;AAExB,MAAI,QACF,MAAK,QAAQ,aAAa,EAAE,EAAE,IAAI,IAAI;MAEtC,MAAK,QAAQ,UAAU,EAAE,EAAE,IAAI,IAAI;;CAIvC,MAAa,WAAW,SAA6B;EACnD,MAAMC,WAAgC,EAAE;AAExC,OAAK,IAAI,MAAM,sBAAsB;AAErC,MAAIC,SAAO;GACT,MAAM,CAAC,OAAO,OAAO,KAAKA,QAAM;GAChC,MAAM,QAAQA,QAAM;AAEpB,QAAK,MAAM,SAAS,KAAK,MAAM,QAAQ;AACrC,QAAI,MAAM,QAAQ,MAAM;AACtB,cAAS,KAAK;MACZ,GAAG;MACH,OAAO;OACL,GAAG,MAAM;QACR,MAAM;OACR;MACF,CAAC;AACF;;AAEF,aAAS,KAAK,MAAM;;;AAIxB,QAAM,KAAK,OAAO,EAAE,UAAU,CAAC;;CAGjC,MAAa,GAAG,KAAa,UAA2B,EAAE,EAAiB;AACzE,OAAK,IAAI,MAAM,YAAY,OAAO;GAChC;GACA;GACD,CAAC;AAEF,QAAM,KAAK,OAAO;GAChB;GACA,UAAU,QAAQ,QAAQ,EAAE,GAAG,KAAK,MAAM;GAC1C,MAAM,QAAQ;GACf,CAAC;AAGF,MAAI,KAAK,MAAM,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK;AAC3D,QAAK,UAAU,KAAK,MAAM,IAAI,WAAW,KAAK,MAAM,IAAI,OAAO;AAC/D;;AAGF,OAAK,UAAU,KAAK,QAAQ,QAAQ;;CAGtC,MAAgB,OAAO,UAA+B,EAAE,EAAiB;EACvE,MAAM,WAAW,QAAQ,YAAY,KAAK,MAAM;EAChD,MAAM,MAAM,QAAQ,OAAO,KAAK;EAChC,MAAM,QAAQ,KAAK,iBAAiB,KAAK;AAEzC,OAAK,gBAAgB;GACnB,IAAI;GACJ,MAAM,KAAK,OAAO,IAAI;GACvB;AAED,OAAK,IAAI,MAAM,oBAAoB,EACjC,IAAI,KACL,CAAC;EAEF,MAAM,WAAW,MAAM,KAAK,OAAO,WACjC,IAAI,IAAI,mBAAmB,MAAM,EACjC,UACA,QAAQ,KACT;AAED,MAAI,UAAU;AACZ,QAAK,IAAI,KAAK,kBAAkB,EAC9B,UACD,CAAC;AAGF,OAAI,SAAS,WAAW,OAAO,CAC7B,QAAO,SAAS,OAAO;OAGvB,QAAO,MAAM,KAAK,OAAO,EAAE,KAAK,UAAU,CAAC;;EAI/C,MAAM,KAAK,KAAK,iBAAiB,KAAK,CAAC,KAAK,MAAM;AAClD,OAAK,IAAI,KAAK,kBAAkB,GAAG,MAAM,KAAK,cAAc;AAE5D,OAAK,gBAAgB;;;;;CAMvB,AAAU,oBAAqD;AAC7D,MAAI;AACF,OAAI,WAAW,UAAU,OAAO,OAAO,UAAU,SAC/C,QAAO,OAAO;WAET,OAAO;AACd,WAAQ,MAAM,MAAM;;;CAMxB,AAAmB,kBAAkB,MAAM;EACzC,IAAI;EACJ,eAAe;AACb,OACE,KAAK,QAAQ,sBAAsB,SACnC,OAAO,WAAW,eAClB,CAAC,KAAK,OAAO,QAAQ,EACrB;AACA,SAAK,IAAI,MAAM,mCAAmC;AAClD,WAAO,SAAS,GAAG,EAAE;;;EAG1B,CAAC;CAEF,AAAgB,QAAQ,MAAM;EAC5B,IAAI;EACJ,SAAS,YAAY;GACnB,MAAM,YAAY,KAAK,mBAAmB;GAC1C,MAAM,WAAW,WAAW,UAAU,EAAE;AAExC,OAAI,WAEF;SAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,UAAU,CAClD,KAAI,QAAQ,SACV,MAAK,OAAO,MAAM,IAAI,KAAoB,MAAM;;AAKtD,SAAM,KAAK,OAAO,EAAE,UAAU,CAAC;GAE/B,MAAM,UAAU,KAAK,OAAO,KAAK,KAAK,MAAM;AAE5C,SAAM,KAAK,OAAO,OAAO,KAAK,wBAAwB;IACpD;IACA,MAAM,KAAK,gBAAgB;IAC3B;IACA,OAAO,KAAK;IACb,CAAC;AAEF,UAAO,iBAAiB,kBAAkB;AAGxC,QAAI,KAAK,OAAO,KAAK,MAAM,IAAI,aAAa,KAAK,SAAS,SACxD;AAGF,SAAK,IAAI,MAAM,kDAAkD,EAC/D,KAAK,KAAK,SAAS,WAAW,KAAK,SAAS,QAC7C,CAAC;AAEF,SAAK,QAAQ;KACb;;EAEL,CAAC;;;;;AC1RJ,IAAa,cAAb,MAA2C;CACzC,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,UAAU,QAAQ,kBAAkB;CAEvD,IAAW,QAA0B;AACnC,SAAO,KAAK,OAAO,MAAM,IAAI,4BAA4B;;CAG3D,IAAW,QAAQ;AACjB,SAAO,KAAK,QAAQ,UAAU;;CAGhC,IAAW,gBAAgB;AACzB,SAAO,KAAK,QAAQ,kBAAkB;;CAGxC,IAAW,UAA4C;AACrD,MAAI,KAAK,OAAO,WAAW,CACzB,QAAO,KAAK,OAAO,OAAO,qBAAqB;;CAMnD,AAAO,SACL,MACA,UAEI,EAAE,EACG;EACT,MAAM,UAAU,KAAK,MAAM,IAAI;EAC/B,IAAI,WACF,YAAY,QAAQ,YAAY,GAAG,KAAK,MAAM,GAAG,QAAQ,OAAO;AAElE,MAAI,QAAQ,aAAa,CAAC,SACxB,YAAW,QAAQ,WAAW,KAAK;AAGrC,SAAO;;CAGT,AAAO,KACL,MACA,SAGI,EAAE,EACE;AACR,SAAO,KAAK,QAAQ,SAAS,MAAgB;GAC3C,QAAQ;IACN,GAAG,KAAK,MAAM;IACd,GAAG,OAAO;IACX;GACD,OAAO,OAAO;GACf,CAAC;;;;;;CAOJ,MAAa,SAAS;AACpB,MAAI,CAAC,KAAK,QACR;AAGF,QAAM,KAAK,GAAG,KAAK,SAAS,WAAW,KAAK,SAAS,QAAQ;GAC3D,SAAS;GACT,OAAO;GACR,CAAC;;CAGJ,AAAO,SAAc;AACnB,MAAI,CAAC,KAAK,QACR,QAAO,KAAK,MAAM;AAGpB,SAAO,IAAI,IAAI,KAAK,SAAS,KAAK;;CAGpC,IAAW,WAAqB;AAC9B,MAAI,CAAC,KAAK,QACR,OAAM,IAAI,MAAM,sBAAsB;AAGxC,SAAO,KAAK,QAAQ;;CAGtB,IAAW,UAA4B;AACrC,SAAO,KAAK;;CAGd,IAAW,WAAmB;AAC5B,SAAO,KAAK,MAAM,IAAI;;CAGxB,IAAW,QAAgC;EACzC,MAAMC,QAAgC,EAAE;AAExC,OAAK,MAAM,CAAC,KAAK,UAAU,IAAI,gBAC7B,KAAK,MAAM,IAAI,OAChB,CAAC,SAAS,CACT,OAAM,OAAO,OAAO,MAAM;AAG5B,SAAO;;CAGT,MAAa,OAAO;AAClB,OAAK,SAAS,QAAQ,MAAM;;CAG9B,MAAa,UAAU;AACrB,OAAK,SAAS,QAAQ,SAAS;;CAGjC,MAAa,WAAW,SAA6B;AACnD,QAAM,KAAK,SAAS,WAAWC,QAAM;;CAQvC,MAAa,GACX,MACA,SACe;AACf,OAAK,MAAM,QAAQ,KAAK,MACtB,KAAI,KAAK,SAAS,MAAM;AACtB,SAAM,KAAK,SAAS,GAClB,KAAK,KAAK,MAAgC,QAAQ,EAClD,QACD;AACD;;AAIJ,QAAM,KAAK,SAAS,GAAG,MAAgB,QAAQ;;CAQjD,AAAO,OACL,MACA,UAA2B,EAAE,EAChB;EACb,IAAI,OAAO;AAEX,OAAK,MAAM,QAAQ,KAAK,MACtB,KAAI,KAAK,SAAS,MAAM;AACtB,UAAO,KAAK,KAAK,MAAgC,QAAQ;AACzD;;AAIJ,SAAO;GACL,MAAM,KAAK,KAAK,KAAK;GACrB,UAAU,OAAY;AACpB,OAAG,iBAAiB;AACpB,OAAG,gBAAgB;AAEnB,SAAK,GAAG,MAAM,QAAQ,CAAC,MAAM,QAAQ,MAAM;;GAE9C;;CAGH,AAAO,KAAK,MAAsB;EAChC,MAAM,OAAO,OAAO,KAAK,KAAK;AAC9B,MAAI,CAAC,QAAQ,SAAS,IACpB,QAAO;AAGT,SAAO,OAAO;;;;;;;;CAShB,AAAO,eACL,QAGA,UAKI,EAAE,EACN;EACA,MAAM,OAAO,OAAO,WAAW,aAAa,eAAe;EAC3D,MAAM,SAAS,IAAI,gBAAgB,KAAK,KAAK,MAAM,CAAC,CAAC,UAAU;EAC/D,MAAM,QAAQ,SAAS,GAAG,KAAK,SAAS,GAAG,WAAW,KAAK;AAE3D,MAAI,QAAQ,KACV,QAAO,QAAQ,UAAU,EAAE,EAAE,IAAI,MAAM;MAEvC,QAAO,QAAQ,aAAa,EAAE,EAAE,IAAI,MAAM;;;;;;;;;;;;;;;;AChFhD,MAAa,cAAc,QAAQ;CACjC,MAAM;CACN,aAAa,CAAC,MAAM;CACpB,UAAU;EACR;EACA;EACA;EACA;EACA;EACD;CACD,WAAW,WACT,OACG,KAAK,eAAe,CACpB,KAAK,aAAa,CAClB,KAAK,kBAAkB,CACvB,KAAK,kBAAkB,CACvB,KAAK;EACJ,SAAS;EACT,KAAK;EACN,CAAC,CACD,KAAK,oBAAoB,CACzB,KAAK,kBAAkB,CACvB,KAAK,YAAY;CACvB,CAAC;;;;AC/JF,IAAIC;AACJ,IAAI,OAAO,cAAc,eAAe,CAAC,UAAU,WAAW,aAAa,eAAe,CAGtF,gBAAa;AAEjB,SAAS,gBAAgB,OAAO,UAAU;AACtC,KAAI,SAAS,KACT,QAAO;AAEX,KAAI;AACA,SAAQ,iBAAiB,YACrB,OAAO,eAAe,MAAM,CAAC,OAAO,iBAAiB,SAAS,UAAU,OAAO;SAEjF;AACF,SAAO;;;AAGf,MAAMC,0BAAwB;AAC9B,MAAMC,yBAAuB;AAC7B,SAASC,iBAAe,SAAS,MAAM,OAAO;CAC1C,MAAM,MAAM,IAAI,UAAU,SAAS,EAAE,OAAO,CAAC;AAC7C,QAAO,OAAO,KAAK,EAAE,MAAM,CAAC;AAC5B,QAAO;;AAEX,MAAaC,0BAAwB,QAAQ;AAC7C,MAAaC,cAAY,QAAQ;AACjC,MAAaC,mBAAiB,QAAQ;AACtC,MAAaC,gBAAc,QAAQ;AACnC,MAAaC,oBAAkB,QAAQ;AACvC,MAAa,aAAa,QAAQ;AAElC,MAAM,UAAU,IAAI,aAAa;AACjC,MAAMC,YAAU,IAAI,aAAa;AACjC,SAAS,IAAI,OAAO;AAChB,KAAI,OAAO,UAAU,SACjB,QAAO,QAAQ,OAAO,MAAM;AAEhC,QAAOA,UAAQ,OAAO,MAAM;;AAEhC,IAAI;AACJ,IAAI,WAAW,UAAU,SACrB,oBAAmB,UAAU;AACzB,KAAI,iBAAiB,YACjB,SAAQ,IAAI,WAAW,MAAM;AAEjC,QAAO,MAAM,SAAS;EAAE,UAAU;EAAa,aAAa;EAAM,CAAC;;KAGtE;CACD,MAAM,aAAa;AACnB,oBAAmB,UAAU;AACzB,MAAI,iBAAiB,YACjB,SAAQ,IAAI,WAAW,MAAM;EAEjC,MAAM,MAAM,EAAE;AACd,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,YAAY,KAAK,WACvC,KAAI,KAAK,OAAO,aAAa,MAAM,MAAM,MAAM,SAAS,GAAG,IAAI,WAAW,CAAC,CAAC;AAEhF,SAAO,KAAK,IAAI,KAAK,GAAG,CAAC,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI;;;AAG3F,IAAI;AACJ,IAAI,WAAW,WACX,oBAAmB,UAAU;AACzB,KAAI;AACA,SAAO,WAAW,WAAW,OAAO,EAAE,UAAU,aAAa,CAAC;UAE3D,OAAO;AACV,QAAMN,iBAAe,qDAAqDF,yBAAuB,MAAM;;;IAK/G,oBAAmB,UAAU;AACzB,KAAI;EACA,MAAM,SAAS,KAAK,MAAM,QAAQ,MAAM,IAAI,CAAC,QAAQ,MAAM,IAAI,CAAC,QAAQ,OAAO,GAAG,CAAC;EACnF,MAAM,QAAQ,IAAI,WAAW,OAAO,OAAO;AAC3C,OAAK,IAAI,IAAI,GAAG,IAAI,OAAO,QAAQ,IAC/B,OAAM,KAAK,OAAO,WAAW,EAAE;AAEnC,SAAO;UAEJ,OAAO;AACV,QAAME,iBAAe,qDAAqDF,yBAAuB,MAAM;;;AAInH,SAAS,KAAK,OAAO;AACjB,KAAI,OAAO,UAAU,SACjB,QAAO,gBAAgB,MAAM;AAEjC,QAAO,gBAAgB,MAAM;;AAEjC,IAAa,4BAAb,cAA+C,MAAM;CACjD;CACA,YAAY,SAAS,SAAS;AAC1B,QAAM,SAAS,QAAQ;AACvB,OAAK,OAAO,KAAK,YAAY;AAC7B,OAAK,OAAO;AACZ,QAAM,oBAAoB,MAAM,KAAK,YAAY;;;AAGzD,IAAa,2BAAb,cAA8C,MAAM;CAChD;CACA,YAAY,SAAS,SAAS;AAC1B,QAAM,SAAS,QAAQ;AACvB,OAAK,OAAO,KAAK,YAAY;AAC7B,MAAI,SAAS,KACT,MAAK,OAAO,SAAS;AAEzB,QAAM,oBAAoB,MAAM,KAAK,YAAY;;;AAGzD,SAAS,IAAI,SAAS,MAAM,OAAO;AAC/B,QAAO,IAAI,yBAAyB,SAAS;EAAE;EAAM;EAAO,CAAC;;AA2DjE,SAAS,aAAa,OAAO;AACzB,KAAI,UAAU,QAAQ,OAAO,UAAU,YAAY,MAAM,QAAQ,MAAM,CACnE,QAAO;AAEX,QAAO;;AAEX,SAAS,eAAe,OAAO;AAC3B,KAAI,gBAAgB,OAAO,QAAQ,CAC/B,SAAQ,OAAO,YAAY,MAAM,SAAS,CAAC;CAE/C,MAAMS,YAAU,IAAI,QAAQ,SAAS,EAAE,CAAC;AACxC,KAAIV,gBAAc,CAACU,UAAQ,IAAI,aAAa,CACxC,WAAQ,IAAI,cAAcV,aAAW;AAEzC,KAAIU,UAAQ,IAAI,gBAAgB,CAC5B,OAAMP,iBAAe,0EAAsEF,wBAAsB;AAErH,QAAOS;;AAEX,SAASC,SAAO,KAAK,OAAO;AACxB,KAAI,UAAU,QAAW;AACrB,MAAI,OAAO,UAAU,WACjB,SAAQ,MAAM,IAAI,KAAK;AAE3B,MAAI,EAAE,iBAAiB,aACnB,OAAMR,iBAAe,mEAAiED,uBAAqB;AAE/G,SAAO;;;AAIf,SAAS,mBAAmB,UAAU;AAClC,KAAI,SAAS,SAAS,KAAK,CACvB,QAAO,SAAS,QAAQ,MAAM,IAAI;AAEtC,QAAO;;AAEX,SAAS,iBAAiB,KAAK,WAAW,wBAAwB,OAAO;AACrE,KAAI,IAAI,aAAa,IACjB,KAAI,WAAW;KAGf,KAAI,WAAW,mBAAmB,GAAG,UAAU,GAAG,wBAAwB,IAAI,WAAW,IAAI,SAAS,QAAQ,SAAS,GAAG,GAAG;AAEjI,QAAO;;AAEX,SAAS,gBAAgB,KAAK,WAAW;AACrC,KAAI,WAAW,mBAAmB,GAAG,IAAI,SAAS,GAAG,YAAY;AACjE,QAAO;;AAEX,eAAeU,mBAAiB,OAAO,SAAS,WAAW,SAAS;AAChE,KAAI,EAAE,iBAAiB,KACnB,OAAMT,iBAAe,IAAI,QAAQ,+BAA+BD,uBAAqB;AAEzF,eAAc,OAAO,UAAUE,6BAA2B,KAAK;CAC/D,MAAM,MAAM,UAAU,IAAI,IAAI,MAAM,KAAK,CAAC;CAC1C,MAAMM,YAAU,eAAe,SAAS,QAAQ;AAChD,WAAQ,IAAI,UAAU,mBAAmB;AACzC,SAAQ,UAAUH,kBAAgB,OAAO,IAAI,MAAM;EAC/C,MAAM;EACN,SAAS,OAAO,YAAYG,UAAQ,SAAS,CAAC;EAC9C,QAAQ;EACR,UAAU;EACV,QAAQC,SAAO,KAAK,SAAS,OAAO;EACvC,CAAC;;AAEN,eAAsB,iBAAiB,kBAAkB,SAAS;AAC9D,QAAOC,mBAAiB,kBAAkB,qBAAqB,QAAQ;AACnE,UAAQ,SAAS,WAAjB;GACI,KAAK;GACL,KAAK;AACD,oBAAgB,KAAK,mCAAmC;AACxD;GACJ,KAAK;AACD,qBAAiB,KAAK,yCAAyC;AAC/D;GACJ,QACI,OAAMT,iBAAe,mEAA6DF,wBAAsB;;AAEhH,SAAO;IACR,QAAQ;;AAEf,SAAS,aAAa,OAAO,QAAQ,IAAI,MAAM,OAAO;AAClD,KAAI;AACA,MAAI,OAAO,UAAU,YAAY,CAAC,OAAO,SAAS,MAAM,CACpD,OAAME,iBAAe,GAAG,GAAG,oBAAoBD,wBAAsB,MAAM;AAE/E,MAAI,QAAQ,EACR;AACJ,MAAI,QAAQ;AACR,OAAI,UAAU,EACV,OAAMC,iBAAe,GAAG,GAAG,iCAAiCF,yBAAuB,MAAM;AAE7F;;AAEJ,QAAME,iBAAe,GAAG,GAAG,6BAA6BF,yBAAuB,MAAM;UAElF,KAAK;AACR,MAAI,KACA,OAAM,IAAI,IAAI,SAAS,MAAM,MAAM;AAEvC,QAAM;;;AAGd,SAASY,eAAa,OAAO,IAAI,MAAM,OAAO;AAC1C,KAAI;AACA,MAAI,OAAO,UAAU,SACjB,OAAMV,iBAAe,GAAG,GAAG,oBAAoBD,wBAAsB,MAAM;AAE/E,MAAI,MAAM,WAAW,EACjB,OAAMC,iBAAe,GAAG,GAAG,qBAAqBF,yBAAuB,MAAM;UAG9E,KAAK;AACR,MAAI,KACA,OAAM,IAAI,IAAI,SAAS,MAAM,MAAM;AAEvC,QAAM;;;AAGd,eAAsB,yBAAyB,0BAA0B,UAAU;CAC/E,MAAM,WAAW;AACjB,KAAI,EAAE,oBAAoB,QAAQ,aAAa,kBAC3C,OAAME,iBAAe,2DAAyDD,uBAAqB;AAEvG,KAAI,CAAC,gBAAgB,UAAU,SAAS,CACpC,OAAMC,iBAAe,gDAA8CD,uBAAqB;AAE5F,KAAI,SAAS,WAAW,IACpB,OAAM,IAAI,sGAAoG,yBAAyB,SAAS;AAEpJ,wBAAuB,SAAS;CAChC,MAAM,OAAO,MAAM,oBAAoB,SAAS;AAChD,gBAAa,KAAK,QAAQ,yCAAqC,kBAAkB,EAAE,MAAM,MAAM,CAAC;AAChG,KAAI,aAAa,qBAAqB,IAAI,IAAI,KAAK,OAAO,CAAC,SAAS,SAAS,KACzE,OAAM,IAAI,2EAAuE,2BAA2B;EAAE,UAAU,SAAS;EAAM,MAAM;EAAM,WAAW;EAAU,CAAC;AAE7K,QAAO;;AAEX,SAAS,sBAAsB,UAAU;AACrC,mBAAkB,UAAU,mBAAmB;;AAEnD,SAAS,QAAQ,UAAU,GAAG,OAAO;CACjC,IAAI,MAAM;AACV,KAAI,MAAM,SAAS,GAAG;EAClB,MAAM,OAAO,MAAM,KAAK;AACxB,SAAO,GAAG,MAAM,KAAK,KAAK,CAAC,OAAO;YAE7B,MAAM,WAAW,EACtB,QAAO,GAAG,MAAM,GAAG,MAAM,MAAM;KAG/B,QAAO,MAAM;AAEjB,QAAO,IAAI,KAAK,sBAAsB,SAAS;;AAOnD,SAAS,kBAAkB,UAAU,aAAa;AAC9C,KAAI,eAAe,SAAS,KAAK,YAC7B,OAAM,QAAQ,UAAU,YAAY;;AAG5C,SAAS,cAAc;AACnB,QAAO,KAAK,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC,CAAC;;AAE3D,SAAgB,6BAA6B;AACzC,QAAO,aAAa;;AAExB,SAAgB,sBAAsB;AAClC,QAAO,aAAa;;AAKxB,eAAsBY,6BAA2B,cAAc;AAC3D,gBAAa,cAAc,eAAe;AAC1C,QAAO,KAAK,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI,aAAa,CAAC,CAAC;;AA4EzE,SAAS,aAAa,QAAQ;CAC1B,MAAM,OAAO,SAAST;AACtB,QAAO,OAAO,SAAS,YAAY,OAAO,SAAS,KAAK,GAAG,OAAO;;AAEtE,SAAS,kBAAkB,QAAQ;CAC/B,MAAM,YAAY,SAASC;AAC3B,QAAO,OAAO,cAAc,YAAY,OAAO,SAAS,UAAU,IAAI,KAAK,KAAK,UAAU,KAAK,KACzF,YACA;;AAEV,SAAS,YAAY;AACjB,QAAO,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;;AAExC,SAAS,SAAS,IAAI;AAClB,KAAI,OAAO,OAAO,YAAY,OAAO,KACjC,OAAMH,iBAAe,4BAA0BD,uBAAqB;AAExE,gBAAa,GAAG,QAAQ,gBAAc;;AAE1C,SAAS,aAAa,QAAQ;AAC1B,KAAI,OAAO,WAAW,YAAY,WAAW,KACzC,OAAMC,iBAAe,gCAA8BD,uBAAqB;AAE5E,gBAAa,OAAO,WAAW,uBAAqB;;AAsBxD,SAAgBa,mBAAiB,cAAc;AAC3C,gBAAa,cAAc,mBAAiB;AAC5C,SAAQ,KAAK,QAAQ,MAAM,aAAa;AACpC,OAAK,IAAI,aAAa,OAAO,UAAU;AACvC,OAAK,IAAI,iBAAiB,aAAa;;;AAoD/C,SAAgBC,SAAO;AACnB,SAAQ,KAAK,QAAQ,MAAM,aAAa;AACpC,OAAK,IAAI,aAAa,OAAO,UAAU;;;AA6F/C,MAAM,WAAW,IAAI,SAEZ,KAAK,SAAS,IAAI,MAAM,KAAK,KAAK,IACpC,KAAK,SAAS;AACb,KAAI;AACA,SAAO,IAAI,IAAI,KAAK,KAAK;SAEvB;AACF,SAAO;;;AAGnB,SAAgB,cAAc,KAAK,cAAc;AAC7C,KAAI,gBAAgB,IAAI,aAAa,SACjC,OAAM,IAAI,sCAAsC,wBAAwB,IAAI;AAEhF,KAAI,IAAI,aAAa,YAAY,IAAI,aAAa,QAC9C,OAAM,IAAI,4CAA4C,4BAA4B,IAAI;;AAG9F,SAAS,iBAAiB,OAAO,UAAU,cAAc,cAAc;CACnE,IAAI;AACJ,KAAI,OAAO,UAAU,YAAY,EAAE,MAAM,SAAS,MAAM,EACpD,OAAM,IAAI,0DAA0D,eAAe,6BAA6B,SAAS,KAAK,OAAO,SAAS,MAAM,UAAU,SAAY,0BAA0B,yBAAyB,EAAE,WAAW,eAAe,yBAAyB,aAAa,UAAU,CAAC;AAE9S,eAAc,KAAK,aAAa;AAChC,QAAO;;AAEX,SAAgB,gBAAgB,IAAI,UAAU,cAAc,cAAc;AACtE,KAAI,gBAAgB,GAAG,yBAAyB,YAAY,GAAG,sBAC3D,QAAO,iBAAiB,GAAG,sBAAsB,WAAW,UAAU,cAAc,aAAa;AAErG,QAAO,iBAAiB,GAAG,WAAW,UAAU,cAAc,aAAa;;AA8F/E,SAAgB,iBAAiB,KAAK;AAClC,KAAI,eAAe,+BAA+B;EAC9C,MAAM,EAAE,GAAG,WAAW,WAAW,IAAI;AACrC,SAAQ,WAAW,KAAK,UAAU,WAAW,UAAU,UAAU,WAAW,UAAU;;AAE1F,KAAI,eAAe,kBACf,QAAO,IAAI,UAAU;AAEzB,QAAO;;AAKX,IAAa,oBAAb,cAAuC,MAAM;CACzC;CACA;CACA;CACA;CACA;CACA;CACA,YAAY,SAAS,SAAS;AAC1B,QAAM,SAAS,QAAQ;AACvB,OAAK,OAAO,KAAK,YAAY;AAC7B,OAAK,OAAO;AACZ,OAAK,QAAQ,QAAQ;AACrB,OAAK,QAAQ,QAAQ,MAAM;AAC3B,OAAK,SAAS,QAAQ,SAAS;AAC/B,OAAK,oBAAoB,QAAQ,MAAM;AACvC,SAAO,eAAe,MAAM,YAAY;GAAE,YAAY;GAAO,OAAO,QAAQ;GAAU,CAAC;AACvF,QAAM,oBAAoB,MAAM,KAAK,YAAY;;;AAGzD,IAAa,6BAAb,cAAgD,MAAM;CAClD;CACA;CACA;CACA;CACA,YAAY,SAAS,SAAS;AAC1B,QAAM,SAAS,QAAQ;AACvB,OAAK,OAAO,KAAK,YAAY;AAC7B,OAAK,OAAO;AACZ,OAAK,QAAQ,QAAQ;AACrB,OAAK,QAAQ,QAAQ,MAAM,IAAI,QAAQ;AACvC,OAAK,oBAAoB,QAAQ,MAAM,IAAI,oBAAoB,IAAI;AACnE,QAAM,oBAAoB,MAAM,KAAK,YAAY;;;AAGzD,IAAa,gCAAb,cAAmD,MAAM;CACrD;CACA;CACA;CACA;CACA,YAAY,SAAS,SAAS;AAC1B,QAAM,SAAS,QAAQ;AACvB,OAAK,OAAO,KAAK,YAAY;AAC7B,OAAK,OAAO;AACZ,OAAK,QAAQ,QAAQ;AACrB,OAAK,SAAS,QAAQ,SAAS;AAC/B,OAAK,WAAW,QAAQ;AACxB,SAAO,eAAe,MAAM,YAAY,EAAE,YAAY,OAAO,CAAC;AAC9D,QAAM,oBAAoB,MAAM,KAAK,YAAY;;;AAGzD,MAAM,aAAa;AACnB,MAAM,eAAe;AAErB,MAAM,qBAAqB,MAAM,aAAa;AAC9C,MAAM,eAAe,MAAM,aAAa;AACxC,MAAM,2BAAW,IAAI,OAAO,cAAc,aAAa,WAAW;AAClE,MAAM,gCAAgB,IAAI,OAAO,aAAa,qBAAqB,cAAc;AACjF,MAAM,kCAAkB,IAAI,OAAO,aAAa,eAAe,cAAc;AAC7E,MAAM,iCAAiB,IAAI,OAAO,OAAO,eAAe,oBAAoB;AAC5E,SAAS,+BAA+B,UAAU;AAC9C,KAAI,CAAC,gBAAgB,UAAU,SAAS,CACpC,OAAMb,iBAAe,gDAA8CD,uBAAqB;CAE5F,MAAM,SAAS,SAAS,QAAQ,IAAI,mBAAmB;AACvD,KAAI,WAAW,KACX;CAEJ,MAAM,aAAa,EAAE;CACrB,IAAI,OAAO;AACX,QAAO,MAAM;EACT,IAAI,QAAQ,KAAK,MAAM,SAAS;EAChC,MAAM,SAAS,QAAQ,KAAK,aAAa;AACzC,SAAO,QAAQ;AACf,MAAI,CAAC,OACD;EAEJ,MAAM,aAAa,EAAE;EACrB,IAAI;AACJ,SAAO,MAAM;GACT,IAAI;GACJ,IAAI;AACJ,OAAK,QAAQ,KAAK,MAAM,cAAc,EAAG;AAErC,OAAG,KAAK,OAAO,QAAQ;AACvB,QAAI,MAAM,SAAS,KAAK,CACpB,KAAI;AACA,aAAQ,KAAK,MAAM,IAAI,MAAM,GAAG;YAE9B;AAEV,eAAW,IAAI,aAAa,IAAI;AAChC;;AAEJ,OAAK,QAAQ,KAAK,MAAM,gBAAgB,EAAG;AAEvC,OAAG,KAAK,OAAO,QAAQ;AACvB,eAAW,IAAI,aAAa,IAAI;AAChC;;AAEJ,OAAK,QAAQ,KAAK,MAAM,eAAe,EAAG;AACtC,QAAI,OAAO,KAAK,WAAW,CAAC,OACxB;AAGJ,OAAG,SAAS,QAAQ;AACpB;;AAEJ;;EAEJ,MAAM,YAAY;GAAE;GAAQ;GAAY;AACxC,MAAI,QACA,WAAU,UAAU;AAExB,aAAW,KAAK,UAAU;;AAE9B,KAAI,CAAC,WAAW,OACZ;AAEJ,QAAO;;AAqBX,eAAe,4BAA4B,UAAU;AACjD,KAAI,SAAS,SAAS,OAAO,SAAS,SAAS,KAAK;AAChD,yBAAuB,SAAS;AAChC,wBAAsB,SAAS;AAC/B,MAAI;GACA,MAAM,OAAO,MAAM,SAAS,OAAO,CAAC,MAAM;AAC1C,OAAI,aAAa,KAAK,IAAI,OAAO,KAAK,UAAU,YAAY,KAAK,MAAM,OACnE,QAAO;UAGT;;;AAId,eAAe,oBAAoB,UAAU,UAAU,OAAO;AAC1D,KAAI,SAAS,WAAW,UAAU;AAC9B,gCAA8B,SAAS;EACvC,IAAI;AACJ,MAAK,MAAM,MAAM,4BAA4B,SAAS,EAAG;AACrD,SAAM,SAAS,MAAM,QAAQ;AAC7B,SAAM,IAAI,kBAAkB,uDAAuD;IAC/E,OAAO;IACP;IACH,CAAC;;AAEN,QAAM,IAAI,+BAA+B,MAAM,0CAA0C,yBAAyB,SAAS;;;AAGnI,SAAS,WAAW,QAAQ;AACxB,KAAI,CAAC,QAAQ,IAAI,OAAO,CACpB,OAAMC,iBAAe,8CAA4CF,wBAAsB;;AA+J/F,MAAagB,qBAAmB,QAAQ;AACxC,SAAgB,eAAe,OAAO;AAClC,QAAO,MAAM,QAAQ,IAAI,eAAe,EAAE,MAAM,IAAI,CAAC;;AA2CzD,eAAe,qBAAqB,IAAI,QAAQ,sBAAsB,KAAK,MAAM,WAAS,SAAS;AAC/F,OAAM,qBAAqB,IAAI,QAAQ,MAAMP,UAAQ;AACrD,WAAQ,IAAI,gBAAgB,kDAAkD;AAC9E,SAAQ,UAAUH,kBAAgB,OAAO,IAAI,MAAM;EAC/C;EACA,SAAS,OAAO,YAAYG,UAAQ,SAAS,CAAC;EAC9C,QAAQ;EACR,UAAU;EACV,QAAQC,SAAO,KAAK,SAAS,OAAO;EACvC,CAAC;;AAEN,eAAe,qBAAqB,IAAI,QAAQ,sBAAsB,WAAW,YAAY,SAAS;CAClG,MAAM,MAAM,gBAAgB,IAAI,kBAAkB,OAAO,2BAA2B,UAAUP,6BAA2B,KAAK;AAC9H,YAAW,IAAI,cAAc,UAAU;CACvC,MAAMM,YAAU,eAAe,SAAS,QAAQ;AAChD,WAAQ,IAAI,UAAU,mBAAmB;AACzC,KAAI,SAAS,SAAS,QAAW;AAC7B,aAAW,QAAQ,KAAK;AACxB,QAAM,QAAQ,KAAK,SAAS,KAAKA,WAAS,OAAO;;CAErD,MAAM,WAAW,MAAM,qBAAqB,IAAI,QAAQ,sBAAsB,KAAK,YAAYA,WAAS,QAAQ;AAChH,UAAS,MAAM,WAAW,UAAU,IAAI;AACxC,QAAO;;AAEX,eAAsB,yBAAyB,IAAI,QAAQ,sBAAsB,cAAc,SAAS;AACpG,UAAS,GAAG;AACZ,cAAa,OAAO;AACpB,gBAAa,cAAc,mBAAiB;CAC5C,MAAM,aAAa,IAAI,gBAAgB,SAAS,qBAAqB;AACrE,YAAW,IAAI,iBAAiB,aAAa;AAC7C,QAAO,qBAAqB,IAAI,QAAQ,sBAAsB,iBAAiB,YAAY,QAAQ;;AAEvG,MAAM,gCAAgB,IAAI,SAAS;AACnC,MAAM,0BAAU,IAAI,SAAS;AAC7B,SAAgB,0BAA0B,KAAK;AAC3C,KAAI,CAAC,IAAI,SACL;CAEJ,MAAM,SAAS,cAAc,IAAI,IAAI;AACrC,KAAI,CAAC,OACD,OAAMP,iBAAe,oFAAkFF,wBAAsB;AAEjI,QAAO;;AAgBX,eAAe,kCAAkC,IAAI,QAAQ,UAAU,iCAAiC,WAAW,sBAAsB;AACrI,UAAS,GAAG;AACZ,cAAa,OAAO;AACpB,KAAI,CAAC,gBAAgB,UAAU,SAAS,CACpC,OAAME,iBAAe,gDAA8CD,uBAAqB;AAE5F,OAAM,oBAAoB,UAAU,KAAK,iBAAiB;AAC1D,wBAAuB,SAAS;CAChC,MAAM,OAAO,MAAM,oBAAoB,SAAS;AAChD,gBAAa,KAAK,cAAc,+CAA2C,kBAAkB,EACzF,MAAM,MACT,CAAC;AACF,gBAAa,KAAK,YAAY,6CAAyC,kBAAkB,EACrF,MAAM,MACT,CAAC;AACF,MAAK,aAAa,KAAK,WAAW,aAAa;AAC/C,KAAI,KAAK,eAAe,QAAW;EAC/B,IAAI,YAAY,OAAO,KAAK,eAAe,WAAW,WAAW,KAAK,WAAW,GAAG,KAAK;AACzF,eAAa,WAAW,MAAM,6CAAyC,kBAAkB,EACrF,MAAM,MACT,CAAC;AACF,OAAK,aAAa;;AAEtB,KAAI,KAAK,kBAAkB,OACvB,gBAAa,KAAK,eAAe,gDAA4C,kBAAkB,EAC3F,MAAM,MACT,CAAC;AAEN,KAAI,KAAK,UAAU,UAAa,OAAO,KAAK,UAAU,SAClD,OAAM,IAAI,yDAAqD,kBAAkB,EAAE,MAAM,MAAM,CAAC;AAEpG,KAAI,KAAK,aAAa,QAAW;AAC7B,iBAAa,KAAK,UAAU,2CAAuC,kBAAkB,EACjF,MAAM,MACT,CAAC;EACF,MAAM,iBAAiB;GAAC;GAAO;GAAO;GAAO;GAAO;GAAM;AAC1D,MAAI,OAAO,sBAAsB,KAC7B,gBAAe,KAAK,YAAY;AAEpC,MAAI,OAAO,oBAAoB,QAAW;AACtC,gBAAa,OAAO,iBAAiB,MAAM,6BAA2B;AACtE,kBAAe,KAAK,YAAY;;AAEpC,MAAI,iCAAiC,OACjC,gBAAe,KAAK,GAAG,gCAAgC;EAE3D,MAAM,EAAE,QAAQ,QAAQ,MAAM,YAAY,KAAK,UAAU,sBAAsB,KAAK,QAAW,OAAO,8BAA8B,GAAG,uCAAuC,QAAQ,EAAE,aAAa,OAAO,EAAE,kBAAkB,OAAO,EAAE,UAAU,CAC9O,KAAK,iBAAiB,KAAK,QAAW,eAAe,CAAC,CACtD,KAAK,eAAe,KAAK,QAAW,GAAG,CAAC,CACxC,KAAK,iBAAiB,KAAK,QAAW,OAAO,UAAU,CAAC;AAC7D,MAAI,MAAM,QAAQ,OAAO,IAAI,IAAI,OAAO,IAAI,WAAW,GAAG;AACtD,OAAI,OAAO,QAAQ,OACf,OAAM,IAAI,6EAA2E,sBAAsB;IAAE;IAAQ,OAAO;IAAO,CAAC;AAExI,OAAI,OAAO,QAAQ,OAAO,UACtB,OAAM,IAAI,8DAA4D,sBAAsB;IAAE,UAAU,OAAO;IAAW;IAAQ,OAAO;IAAO,CAAC;;AAGzJ,MAAI,OAAO,cAAc,OACrB,cAAa,OAAO,WAAW,MAAM,gDAA8C,kBAAkB,EAAE,QAAQ,CAAC;AAEpH,UAAQ,IAAI,UAAU,IAAI;AAC1B,gBAAc,IAAI,MAAM,OAAO;;AAEnC,KAAI,uBAAuB,KAAK,gBAAgB,OAC5C,sBAAqB,KAAK,YAAY,UAAU,KAAK;UAEhD,KAAK,eAAe,UAAU,KAAK,eAAe,SACvD,OAAM,IAAI,0BAA0B,kCAAkC,EAAE,OAAO,EAAE,MAAM,MAAM,EAAE,CAAC;AAEpG,QAAO;;AAEX,SAAS,8BAA8B,UAAU;CAC7C,IAAI;AACJ,KAAK,aAAa,+BAA+B,SAAS,CACtD,OAAM,IAAI,8BAA8B,yEAAyE;EAAE,OAAO;EAAY;EAAU,CAAC;;AAGzJ,eAAsB,4BAA4B,IAAI,QAAQ,UAAU,SAAS;AAC7E,QAAO,kCAAkC,IAAI,QAAQ,UAAU,QAAW,UAAU,aAAa,SAAS,qBAAqB;;AAQnI,SAAS,iBAAiB,UAAU,QAAQ;AACxC,KAAI,MAAM,QAAQ,OAAO,OAAO,IAAI,EAChC;MAAI,CAAC,OAAO,OAAO,IAAI,SAAS,SAAS,CACrC,OAAM,IAAI,iDAA+C,sBAAsB;GAC3E;GACA,QAAQ,OAAO;GACf,OAAO;GACV,CAAC;YAGD,OAAO,OAAO,QAAQ,SAC3B,OAAM,IAAI,iDAA+C,sBAAsB;EAC3E;EACA,QAAQ,OAAO;EACf,OAAO;EACV,CAAC;AAEN,QAAO;;AAQX,SAAS,eAAe,IAAI,QAAQ;CAChC,MAAM,WAAW,GAAG,mBAAmB,OAAO,IAAI,GAAG;AACrD,KAAI,OAAO,OAAO,QAAQ,SACtB,OAAM,IAAI,+CAA6C,sBAAsB;EACzE;EACA,QAAQ,OAAO;EACf,OAAO;EACV,CAAC;AAEN,QAAO;;AAEX,MAAM,0BAAU,IAAI,SAAS;AAC7B,SAAS,MAAM,cAAc;AACzB,SAAQ,IAAI,aAAa;AACzB,QAAO;;AAEX,MAAa,SAAS,QAAQ;AAC9B,eAAsB,8BAA8B,IAAI,QAAQ,sBAAsB,oBAAoB,aAAa,cAAc,SAAS;AAC1I,UAAS,GAAG;AACZ,cAAa,OAAO;AACpB,KAAI,CAAC,QAAQ,IAAI,mBAAmB,CAChC,OAAMC,iBAAe,0IAAqIF,wBAAsB;AAEpL,gBAAa,aAAa,kBAAgB;CAC1C,MAAM,OAAO,sBAAsB,oBAAoB,OAAO;AAC9D,KAAI,CAAC,KACD,OAAM,IAAI,mDAAiD,iBAAiB;CAEhF,MAAM,aAAa,IAAI,gBAAgB,SAAS,qBAAqB;AACrE,YAAW,IAAI,gBAAgB,YAAY;AAC3C,YAAW,IAAI,QAAQ,KAAK;AAC5B,KAAI,iBAAiB,QAAQ;AACzB,iBAAa,cAAc,mBAAiB;AAC5C,aAAW,IAAI,iBAAiB,aAAa;;AAEjD,QAAO,qBAAqB,IAAI,QAAQ,sBAAsB,sBAAsB,YAAY,QAAQ;;AAE5G,MAAM,gBAAgB;CAClB,KAAK;CACL,QAAQ;CACR,WAAW;CACX,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,OAAO;CACP,QAAQ;CACR,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,WAAW;CACd;AACD,SAAS,iBAAiB,UAAU,QAAQ;AACxC,MAAK,MAAM,SAAS,SAChB,KAAI,OAAO,OAAO,WAAW,OACzB,OAAM,IAAI,QAAQ,MAAM,KAAK,cAAc,OAAO,kBAAkB,kBAAkB,EAClF,QAAQ,OAAO,QAClB,CAAC;AAGV,QAAO;;AAEX,MAAa,gBAAgB,QAAQ;AACrC,MAAa,oBAAoB,QAAQ;AACzC,eAAsB,iCAAiC,IAAI,QAAQ,UAAU,SAAS;AAClF,KAAI,OAAO,SAAS,kBAAkB,YAClC,OAAO,SAAS,WAAW,YAC3B,SAAS,eACT,QAAO,uCAAuC,IAAI,QAAQ,UAAU,QAAQ,eAAe,QAAQ,QAAQ,QAAQ,aAAa,QAAQ,qBAAqB;AAEjK,QAAO,uCAAuC,IAAI,QAAQ,UAAU,UAAU,aAAa,SAAS,qBAAqB;;AAE7H,eAAe,uCAAuC,IAAI,QAAQ,UAAU,eAAe,QAAQ,WAAW,sBAAsB;CAChI,MAAM,2BAA2B,EAAE;AACnC,SAAQ,eAAR;EACI,KAAK;AACD,mBAAgB;AAChB;EACJ,KAAK,cACD;EACJ;AACI,kBAAa,eAAe,6BAA2B;AACvD,4BAAyB,KAAK,QAAQ;;AAE9C,YAAW,OAAO;AAClB,SAAQ,QAAR;EACI,KAAK;AACD,YAAS;AACT;EACJ,KAAK,kBACD;EACJ;AACI,gBAAa,QAAQ,MAAM,sBAAoB;AAC/C,4BAAyB,KAAK,YAAY;;CAElD,MAAM,SAAS,MAAM,kCAAkC,IAAI,QAAQ,UAAU,0BAA0B,WAAW,qBAAqB;AACvI,gBAAa,OAAO,UAAU,2CAAuC,kBAAkB,EACnF,MAAM,QACT,CAAC;CACF,MAAM,SAAS,0BAA0B,OAAO;AAChD,KAAI,WAAW,mBAAmB;EAC9B,MAAM,MAAM,WAAW,GAAG,aAAa,OAAO;EAC9C,MAAM,YAAY,kBAAkB,OAAO;AAC3C,MAAI,OAAO,YAAY,SAAS,MAAM,UAClC,OAAM,IAAI,oEAAoE,qBAAqB;GAAE;GAAQ;GAAK;GAAW,OAAO;GAAa,CAAC;;AAG1J,KAAI,kBAAkB,eAClB;MAAI,OAAO,UAAU,OACjB,OAAM,IAAI,6CAA2C,sBAAsB;GACvE,UAAU;GACV;GACA,OAAO;GACV,CAAC;YAGD,OAAO,UAAU,cACtB,OAAM,IAAI,6CAA2C,sBAAsB;EACvE,UAAU;EACV;EACA,OAAO;EACV,CAAC;AAEN,QAAO;;AAEX,eAAe,uCAAuC,IAAI,QAAQ,UAAU,WAAW,sBAAsB;CACzG,MAAM,SAAS,MAAM,kCAAkC,IAAI,QAAQ,UAAU,QAAW,WAAW,qBAAqB;CACxH,MAAM,SAAS,0BAA0B,OAAO;AAChD,KAAI,QAAQ;AACR,MAAI,OAAO,oBAAoB,QAAW;AACtC,gBAAa,OAAO,iBAAiB,MAAM,6BAA2B;GACtE,MAAM,MAAM,WAAW,GAAG,aAAa,OAAO;GAC9C,MAAM,YAAY,kBAAkB,OAAO;AAC3C,OAAI,OAAO,YAAY,OAAO,kBAAkB,MAAM,UAClD,OAAM,IAAI,oEAAoE,qBAAqB;IAAE;IAAQ;IAAK;IAAW,OAAO;IAAa,CAAC;;AAG1J,MAAI,OAAO,UAAU,OACjB,OAAM,IAAI,6CAA2C,sBAAsB;GACvE,UAAU;GACV;GACA,OAAO;GACV,CAAC;;AAGV,QAAO;;AAEX,MAAa,6BAA6B;AAC1C,MAAa,sBAAsB;AACnC,MAAa,wBAAwB;AACrC,MAAa,+BAA+B;AAE5C,MAAa,cAAc;AAC3B,MAAa,mBAAmB;AAEhC,MAAa,uBAAuB;AACpC,MAAa,0BAA0B;AACvC,MAAa,yBAAyB;AACtC,MAAa,6BAA6B;AAC1C,MAAa,sBAAsB;AACnC,MAAa,uBAAuB;AACpC,MAAa,4BAA4B;AAEzC,MAAa,0BAA0B;AACvC,MAAa,0BAA0B;AA4CvC,SAAS,uBAAuB,UAAU;AACtC,KAAI,SAAS,SACT,OAAME,iBAAe,2CAAyCF,wBAAsB;;AAkL5F,eAAe,YAAY,KAAK,UAAU,aAAW,kBAAgB,YAAY;CAC7E,IAAI,EAAE,GAAG,iBAAiB,GAAG,SAAS,WAAW,IAAI,MAAM,IAAI;AAC/D,KAAI,WAAW,EACX,KAAI,eAAe,QAAW;AAC1B,QAAM,MAAM,WAAW,IAAI;AAC3B,GAAC,CAAE,GAAG,iBAAiB,GAAG,SAAS,UAAW,IAAI,MAAM,IAAI;OAG5D,OAAM,IAAI,0BAA0B,oCAAoC,EAAE,OAAO,KAAK,CAAC;AAG/F,KAAI,WAAW,EACX,OAAM,IAAI,eAAe,kBAAkB,IAAI;CAEnD,IAAI;AACJ,KAAI;AACA,WAAS,KAAK,MAAM,IAAI,KAAK,gBAAgB,CAAC,CAAC;UAE5C,OAAO;AACV,QAAM,IAAI,6DAA6D,aAAa,MAAM;;AAE9F,KAAI,CAAC,aAAa,OAAO,CACrB,OAAM,IAAI,yCAAyC,kBAAkB,IAAI;AAE7E,UAAS,OAAO;AAChB,KAAI,OAAO,SAAS,OAChB,OAAM,IAAI,0BAA0B,6DAA2D,EAC3F,OAAO,EAAE,QAAQ,EACpB,CAAC;CAEN,IAAI;AACJ,KAAI;AACA,WAAS,KAAK,MAAM,IAAI,KAAK,QAAQ,CAAC,CAAC;UAEpC,OAAO;AACV,QAAM,IAAI,8DAA8D,aAAa,MAAM;;AAE/F,KAAI,CAAC,aAAa,OAAO,CACrB,OAAM,IAAI,0CAA0C,kBAAkB,IAAI;CAE9E,MAAM,MAAM,WAAW,GAAGI;AAC1B,KAAI,OAAO,QAAQ,QAAW;AAC1B,MAAI,OAAO,OAAO,QAAQ,SACtB,OAAM,IAAI,uDAAqD,kBAAkB,EAAE,QAAQ,CAAC;AAEhG,MAAI,OAAO,OAAO,MAAMC,iBACpB,OAAM,IAAI,8FAA4F,qBAAqB;GAAE;GAAQ;GAAK,WAAWA;GAAgB,OAAO;GAAO,CAAC;;AAG5L,KAAI,OAAO,QAAQ,QACf;MAAI,OAAO,OAAO,QAAQ,SACtB,OAAM,IAAI,iDAA+C,kBAAkB,EAAE,QAAQ,CAAC;;AAG9F,KAAI,OAAO,QAAQ,QACf;MAAI,OAAO,OAAO,QAAQ,SACtB,OAAM,IAAI,8CAA4C,kBAAkB,EAAE,QAAQ,CAAC;;AAG3F,KAAI,OAAO,QAAQ,QAAW;AAC1B,MAAI,OAAO,OAAO,QAAQ,SACtB,OAAM,IAAI,kDAAgD,kBAAkB,EAAE,QAAQ,CAAC;AAE3F,MAAI,OAAO,MAAM,MAAMA,iBACnB,OAAM,IAAI,mDAAiD,qBAAqB;GAC5E;GACA;GACA,WAAWA;GACX,OAAO;GACV,CAAC;;AAGV,KAAI,OAAO,QAAQ,QACf;MAAI,OAAO,OAAO,QAAQ,YAAY,CAAC,MAAM,QAAQ,OAAO,IAAI,CAC5D,OAAM,IAAI,gDAA8C,kBAAkB,EAAE,QAAQ,CAAC;;AAG7F,QAAO;EAAE;EAAQ;EAAQ,KAAK;EAAK;;AAwEvC,eAAe,cAAc,SAAS;AAClC,KAAI,QAAQ,SACR,OAAMH,iBAAe,4DAA4DF,yBAAuB,EAAE,OAAO,SAAS,CAAC;AAE/H,QAAO,QAAQ,MAAM;;AAEzB,eAAsB,iBAAiB,SAAS;AAC5C,KAAI,QAAQ,WAAW,OACnB,OAAME,iBAAe,2DAA2DF,yBAAuB,EAAE,OAAO,SAAS,CAAC;AAE9H,KAAI,eAAe,QAAQ,KAAK,oCAC5B,OAAME,iBAAe,8FAA8FF,yBAAuB,EAAE,OAAO,SAAS,CAAC;AAEjK,QAAO,cAAc,QAAQ;;AAqIjC,SAAS,sBAAsB,QAAQ,QAAQ,UAAU,QAAQ;AAC7D,KAAI,WAAW,QAAW;AACtB,MAAI,OAAO,WAAW,WAAW,OAAO,QAAQ,SAAS,CAAC,OAAO,SAAS,OAAO,IAAI,CACjF,OAAM,IAAI,2CAAyC,kBAAkB;GACjE;GACA,UAAU;GACV,QAAQ;GACX,CAAC;AAEN;;AAEJ,KAAI,MAAM,QAAQ,OAAO,EAAE;AACvB,MAAI,CAAC,OAAO,SAAS,OAAO,IAAI,CAC5B,OAAM,IAAI,2CAAyC,kBAAkB;GACjE;GACA,UAAU;GACV,QAAQ;GACX,CAAC;AAEN;;AAEJ,KAAI,aAAa,QAAW;AACxB,MAAI,OAAO,aAAa,WAClB,OAAO,QAAQ,WACf,OAAO,aAAa,aAChB,CAAC,SAAS,OAAO,IAAI,GACrB,CAAC,SAAS,SAAS,OAAO,IAAI,CACpC,OAAM,IAAI,2CAAyC,kBAAkB;GACjE;GACA,UAAU;GACV,QAAQ;GACX,CAAC;AAEN;;AAEJ,OAAM,IAAI,sFAAoF,QAAW;EAAE;EAAQ;EAAQ;EAAU,CAAC;;AAE1I,SAAS,sBAAsB,YAAY,MAAM;CAC7C,MAAM,EAAE,GAAG,OAAO,WAAW,WAAW,OAAO,KAAK;AACpD,KAAI,SAAS,EACT,OAAM,IAAI,IAAI,KAAK,yCAAyC,iBAAiB;AAEjF,QAAO;;AAEX,MAAaiB,mBAAiB,QAAQ;AACtC,MAAa,gBAAgB,QAAQ;AACrC,SAAgB,qBAAqB,IAAI,QAAQ,YAAY,eAAe;AACxE,UAAS,GAAG;AACZ,cAAa,OAAO;AACpB,KAAI,sBAAsB,IACtB,cAAa,WAAW;AAE5B,KAAI,EAAE,sBAAsB,iBACxB,OAAMf,iBAAe,iEAA+DD,uBAAqB;AAE7G,KAAI,sBAAsB,YAAY,WAAW,CAC7C,OAAM,IAAI,4GAA0G,kBAAkB,EAAE,YAAY,CAAC;CAEzJ,MAAM,MAAM,sBAAsB,YAAY,MAAM;CACpD,MAAM,QAAQ,sBAAsB,YAAY,QAAQ;AACxD,KAAI,CAAC,OAAO,GAAG,+CACX,OAAM,IAAI,+CAA6C,kBAAkB,EAAE,YAAY,CAAC;AAE5F,KAAI,OAAO,QAAQ,GAAG,OAClB,OAAM,IAAI,wDAAsD,kBAAkB;EAC9E,UAAU,GAAG;EACb;EACH,CAAC;AAEN,SAAQ,eAAR;EACI,KAAK;EACL,KAAK;AACD,OAAI,UAAU,OACV,OAAM,IAAI,uDAAqD,kBAAkB;IAC7E,UAAU;IACV;IACH,CAAC;AAEN;EACJ,KAAKgB,iBACD;EACJ;AACI,kBAAa,eAAe,6BAA2B;AACvD,OAAI,UAAU,cACV,OAAM,IAAI,UAAU,SACd,yCACA,iDAA+C,kBAAkB;IAAE,UAAU;IAAe;IAAY,CAAC;;AAI3H,KADc,sBAAsB,YAAY,QAAQ,CAEpD,OAAM,IAAI,2BAA2B,sDAAsD,EACvF,OAAO,YACV,CAAC;CAEN,MAAM,WAAW,sBAAsB,YAAY,WAAW;CAC9D,MAAM,QAAQ,sBAAsB,YAAY,QAAQ;AACxD,KAAI,aAAa,UAAa,UAAU,OACpC,OAAM,IAAI,0BAA0B,8CAA8C;AAEtF,QAAO,MAAM,IAAI,gBAAgB,WAAW,CAAC;;AAgYjD,eAAe,oBAAoB,UAAU,QAAQ,uBAAuB;CACxE,IAAI;AACJ,KAAI;AACA,SAAO,MAAM,SAAS,MAAM;UAEzB,OAAO;AACV,QAAM,SAAS;AACf,QAAM,IAAI,6CAA2C,aAAa,MAAM;;AAE5E,KAAI,CAAC,aAAa,KAAK,CACnB,OAAM,IAAI,gDAA8C,kBAAkB,EAAE,MAAM,MAAM,CAAC;AAE7F,QAAO;;AAGX,MAAa,oBAAoB,QAAQ;AACzC,MAAa,kBAAkB,QAAQ;;;;ACz7EvC,IAAI;AACJ,IAAI;AACJ,IAAI,OAAO,cAAc,eAAe,CAAC,UAAU,WAAW,aAAa,eAAe,EAAE;AAGxF,cAAa;AACb,WAAU,EAAE,cAAc,YAAY;;AAE1C,MAAM,OAAO,WAAW;AACpB,QAAO,MAAM,IAAI,OAAO;;AAE5B,IAAI;AAEJ,IAAI;AACJ,SAAgB,iBAAiB,cAAc;AAC3C,KAAI,iBAAiB,OACjB,QAAOC,mBAAuB,aAAa;AAE/C,yBAAQ,IAAI,SAAS;AACrB,SAAQ,IAAI,QAAQ,MAAM,cAAY;EAClC,IAAI;AACJ,MAAI,EAAE,OAAO,IAAI,IAAI,OAAO,GAAG;AAC3B,gBAAa,OAAO,eAAe,6BAA2B;AAC9D,UAAOA,mBAAuB,OAAO,cAAc;AACnD,OAAI,IAAI,QAAQ,KAAK;;AAEzB,SAAO,KAAK,IAAI,QAAQ,MAAMC,UAAQ;;;AAG9C,SAAS,aAAa,OAAO,IAAI;AAC7B,KAAI,OAAO,UAAU,SACjB,OAAM,eAAe,GAAG,GAAG,oBAAoB,qBAAqB;AAExE,KAAI,MAAM,WAAW,EACjB,OAAM,eAAe,GAAG,GAAG,qBAAqB,sBAAsB;;AAiC9E,SAAgB,OAAO;AACnB,QAAOC,QAAY;;AAQvB,MAAa,iBAAiBC;AAC9B,MAAa,mBAAmBC;AAChC,MAAa,cAAcC;AAC3B,MAAa,kBAAkBC;AAC/B,MAAa,YAAYC;AACzB,MAAa,iBAAiBC;AAC9B,MAAM,wBAAwB;AAC9B,MAAM,uBAAuB;AAC7B,SAAS,eAAe,SAAS,MAAM,OAAO;CAC1C,MAAM,MAAM,IAAI,UAAU,SAAS,EAAE,OAAO,CAAC;AAC7C,QAAO,OAAO,KAAK,EAAE,MAAM,CAAC;AAC5B,QAAO;;AAEX,SAAgB,2BAA2B,cAAc;AACrD,QAAOC,6BAAiC,aAAa;;AAEzD,SAAgB,yBAAyB;AACrC,QAAOC,4BAAkC;;AAK7C,SAAgB,cAAc;AAC1B,QAAOC,qBAA2B;;AAEtC,IAAa,cAAb,cAAiC,MAAM;CACnC;CACA,YAAY,SAAS,SAAS;AAC1B,QAAM,SAAS,QAAQ;AACvB,OAAK,OAAO,KAAK,YAAY;AAC7B,OAAK,OAAO,SAAS;AACrB,QAAM,oBAAoB,MAAM,KAAK,YAAY;;;AAGzD,MAAM,UAAU,IAAI,aAAa;AACjC,SAAS,EAAE,KAAK,OAAO,MAAM;AACzB,QAAO,IAAI,YAAY,KAAK;EAAE;EAAO;EAAM,CAAC;;AAEhD,SAAS,aAAa,KAAK;AACvB,KAAI,eAAe,aACf,eAAe,eACf,eAAeC,qBACf,eAAeC,8BACf,eAAeC,8BACf,OAAM;AAEV,KAAI,eAAeC,yBACf,SAAQ,IAAI,MAAZ;EACI,KAAKC,uBACD,OAAM,EAAE,sCAAsC,KAAK,IAAI,KAAK;EAChE,KAAKC,2BACD,OAAM,EAAE,8CAA8C,KAAK,IAAI,KAAK;EACxE,KAAKC,wBACD,OAAM,EAAE,wCAAwC,IAAI,OAAO,IAAI,KAAK;EACxE,KAAKC,qBACD,OAAM,EAAE,oCAAoC,IAAI,OAAO,IAAI,KAAK;EACpE,KAAKC,YACD,OAAM,EAAE,yBAAyB,KAAK,IAAI,KAAK;EACnD,KAAKC,iBACD,OAAM,EAAE,gCAAgC,KAAK,IAAI,KAAK;EAC1D,KAAKC,qBACD,OAAM,EAAE,0CAA0C,KAAK,IAAI,KAAK;EACpE,KAAKC,0BACD,OAAM,EAAE,+CAA+C,KAAK,IAAI,KAAK;EACzE,KAAKC,oBACD,OAAM,EAAE,+CAA+C,KAAK,IAAI,KAAK;EACzE,QACI,OAAM,EAAE,IAAI,SAAS,KAAK,IAAI,KAAK;;AAG/C,KAAI,eAAeC,0BACf,OAAM,EAAE,yBAAyB,KAAK,IAAI,KAAK;AAEnD,KAAI,eAAe,aACf,SAAQ,IAAI,MAAZ;EACI,KAAK,iBACD,OAAM,EAAE,2BAA2B,KAAKC,sBAA4B;EACxE,KAAK,oBACD,OAAM,EAAE,iCAAiC,KAAKA,sBAA4B;EAC9E,KAAK,eACD,OAAM,EAAE,uBAAuB,KAAK,gBAAgB;EACxD,KAAK,aACD,OAAM,EAAE,qBAAqB,KAAK,cAAc;;AAG5D,OAAM,IAAI,YAAY,wBAAwB,EAAE,OAAO,KAAK,CAAC;;AASjE,SAAS,cAAc,QAAQ,IAAI,SAAS;AACxC,KAAI,OAAO,WAAW,wCACjB,CAAC,SAAS,aAAa,QAAQ,cAAc,SAAS;AACvD,KAAG,YAAY;AACf,SAAO;;AAEX,QAAO;;AAEX,SAAS,eAAe,QAAQ,SAAS;AACrC,KAAI,OAAO,SAAS,SAAS,gBAAgB,KACxC,CAAC,SAAS,aAAa,QAAQ,cAAc,QAC9C,QAAO;AAEX,QAAO;;AAuDX,eAAsB,UAAU,QAAQ,UAAU,UAAU,sBAAsB,SAAS;CAEvF,MAAM,WAAW,IAAI,cADV,MAAM,iBAAiB,QAAQ,QAAQ,EACX,UAAU,UAAU,qBAAqB;CAChF,IAAI,YAAY,IAAI,SAAS;AAC7B,KAAI,UAAU,aACV,WAAU,QAAQ,QAAQ;AAE9B,KAAI,SAAS,QACT,WAAU,UAAU,QAAQ;AAEhC,KAAI,SAAS,QACT,MAAK,MAAM,aAAa,QAAQ,QAC5B,WAAU,SAAS;AAG3B,QAAO;;AAEX,eAAe,iBAAiB,QAAQ,SAAS;AAC7C,KAAI,EAAE,kBAAkB,KACpB,OAAM,eAAe,yCAAuC,qBAAqB;CAErF,MAAM,UAAU,CAAC,OAAO,KAAK,SAAS,gBAAgB;CACtD,MAAM,UAAU,SAAS,WAAW;CACpC,MAAMC,WAAS,YAAY,QAAQ,UAAU,IAAK;CAClD,MAAM,KAAK,OAAO,UACZC,iBAAuB,QAAQ;EAC7B,WAAW,SAAS;GACnBvB,gBAAoB,UAAU;GAC9BwB,0BAA8B,SAAS,SAAS,SAAS,sBAAsB;EAChF;EACA,SAAS,IAAI,QAAQ,QAAQ;EAChC,CAAC,IACC,UAAU,gBAAgB,cAAc;AACvC,gBAAoB,QAAQ,SAAS,SAAS,SAAS,sBAAsB,GAAG,QAAQ,KAAK;AAC7F,SAAO,OAAO;KACd,EAAE;EACF,SAAS,OAAO,YAAY,IAAI,QAAQ;GAAE,QAAQ;GAAoB,GAAG;GAAS,CAAC,CAAC,SAAS,CAAC;EAC9F,MAAM;EACN,QAAQ;EACR,UAAU;EACV;EACH,CAAC,EACD,MAAM,aAAaC,yBAA+BC,mBAAyB,SAAS,CAAC,CACrF,MAAM,aAAa;AACxB,KAAI,WAAW,IAAI,IAAI,GAAG,OAAO,CAAC,SAAS,OAAO,KAC9C,eAAc,QAAQ,IAAI,QAAQ,IAC9B,eAAe,QAAQ,QAAQ,WACxB;AACH,QAAM,IAAI,YAAY,iEAAiE;GACnF,MAAMR;GACN,OAAO;IACH,UAAU,OAAO;IACjB,MAAM;IACN,WAAW;IACd;GACJ,CAAC;KACF;AAEZ,QAAO;;AAkJX,SAAS,iBAAiB,UAAU;AAChC,QAAO,EACH,cAAc;EACV,WAAW;EACX,MAAM,SAAS,QAAQ;AACnB,UAAQ,SAAS,kCAAkC,SAAS,OAAO,KAAK;;EAE/E,EACJ;;AAEL,SAAS,iBAAiB,UAAU;AAChC,QAAO,iBAAiB,UAAU,iBAAiB,SAAS,CAAC;;AAEjE,MAAM,WAAW,QAAQ;AACzB,IAAa,gBAAb,MAA2B;CACvB,YAAY,QAAQ,UAAU,UAAU,sBAAsB;AAC1D,MAAI,OAAO,aAAa,YAAY,CAAC,SAAS,OAC1C,OAAM,eAAe,2CAAyC,qBAAqB;AAEvF,MAAI,OAAO,aAAa,SACpB,YAAW,EAAE,eAAe,UAAU;AAE1C,MAAI,UAAU,cAAc,UAAa,aAAa,SAAS,UAC3D,OAAM,eAAe,4DAAwD,sBAAsB;EAEvG,MAAM,SAAS;GACX,GAAG,gBAAgB,SAAS;GAC5B,WAAW;GACd;AACD,SAAOhB,eAAmB,WAAWA,gBAAoB;AACzD,SAAOC,oBAAwB,WAAWA,qBAAyB;EACnE,IAAI;AACJ,MAAI,qBACA,QAAO;WAGH,OAAO,OAAO,kBAAkB,YAChC,OAAO,cAAc,OACrB,QAAO,iBAAiB,OAAO,cAAc;MAG7C,QAAO,MAAM;EAGrB,IAAI,IAAI,OAAO,OAAO,OAAO;EAC7B,MAAM,QAAQ,gBAAgB,OAAO;AACrC,MAAI,YAAY,OACZ,OAAMwB,oBAA0B,EAAE,QAAQ,EAAE,YAAY,OAAO,OAAO,QAAQ,cAAc,IAAI;EAEpG,IAAI,KAAK,OAAO,OAAO,MAAM;AAC7B,4BAAU,IAAI,SAAS;AACvB,QAAM,IAAI,MAAM;GACZ,WAAW;GACX;GACA;GACA;GACA,SAAS;GACT,WAAW,EAAE;GAChB,CAAC;;CAEN,iBAAiB;EACb,MAAM,WAAW,gBAAgB,IAAI,KAAK,CAAC,GAAG;AAC9C,mBAAiB,SAAS;AAC1B,SAAO;;CAEX,iBAAiB;AAEb,SADiB,gBAAgB,IAAI,KAAK,CAAC,EAAE;;CAGjD,IAAI,UAAU;AACV,SAAO,IAAI,KAAK,CAAC;;CAErB,IAAI,QAAQ,OAAO;AACf,MAAI,KAAK,CAAC,UAAU;;CAExB,KAAK,eAAe;AAChB,SAAO,IAAI,KAAK,CAAC;;CAErB,KAAK,aAAa,OAAO;AACrB,MAAI,KAAK,CAAC,QAAQ;;;AAG1B,OAAO,OAAO,cAAc,UAAU;AACtC,SAAS,WAAW,UAAU;CAC1B,IAAI,MAAM;AACV,KAAI,SAAS,eAAe,QAAW;EACnC,MAAM,sBAAM,IAAI,MAAM;AACtB,MAAI,WAAW,IAAI,YAAY,GAAG,SAAS,WAAW;AACtD,QAAM,IAAI,SAAS;;AAEvB,QAAO;EACH,WAAW;GACP,WAAW;GACX,QAAQ;AACJ,QAAI,KAAK;KACL,MAAM,MAAM,KAAK,KAAK;AACtB,SAAI,MAAM,IACN,QAAO,KAAK,OAAO,MAAM,OAAO,IAAK;AAEzC,YAAO;;;GAIlB;EACD,QAAQ;GACJ,WAAW;GACX,QAAQ;AACJ,QAAI;AACA,YAAOC,0BAAgC,KAAK;YAE1C;AACF;;;GAGX;EACJ;;AAEL,SAAS,WAAW,UAAU;AAC1B,QAAO,iBAAiB,UAAU,WAAW,SAAS,CAAC;;AAyM3D,SAAgB,sBAAsB,QAAQ;AAC1C,KAAI,OAAO,CAAC,UAAU;;AA2H1B,SAAS,YAAY,KAAK;AACtB,OAAM,IAAI,IAAI,IAAI;AAClB,KAAI,SAAS;AACb,KAAI,OAAO;AACX,QAAO,IAAI;;AAEf,SAAS,cAAc,OAAO,aAAa;AACvC,KAAI;AACA,SAAO,OAAO,eAAe,MAAM,CAAC,OAAO,iBAAiB;SAE1D;AACF,SAAO;;;AAGf,eAAsB,uBAAuB,QAAQ,YAAY,QAAQ,yBAAyB,SAAS;AACvG,aAAY,OAAO;AACnB,KAAI,SAAS,SAAS,SAClB,EAAE,sBAAsB,QACxB,CAAC,cAAc,YAAY,UAAU,CACrC,OAAM,eAAe,yDAAuD,qBAAqB;CAErG,IAAI;CACJ,IAAI;CACJ,MAAM,EAAE,IAAI,GAAG,MAAM,gBAAO,SAAS,MAAM,QAAQ,gBAAgB,SAAS,SAAS,aAAa,IAAI,OAAO;AAC7G,KAAI,SAAS,SAAS,OAAO;AACzB,iBAAe,QAAQ;AACvB,gBAAc,QAAQ;QAErB;AACD,MAAI,EAAE,sBAAsB,MAAM;GAC9B,MAAM,UAAU;AAChB,gBAAa,IAAI,IAAI,WAAW,IAAI;AACpC,WAAQ,QAAQ,QAAhB;IACI,KAAK,MACD;IACJ,KAAK;KACD,MAAM,SAAS,IAAI,gBAAgB,MAAMC,iBAAuB,QAAQ,CAAC;AACzE,SAAI,OACA,YAAW,OAAO,OAAO,UAAU;SAGnC,MAAK,MAAM,CAAC,GAAG,MAAM,OAAO,SAAS,CACjC,YAAW,aAAa,OAAO,GAAG,EAAE;AAG5C;IACJ,QACI,OAAM,eAAe,kCAAkC,sBAAsB;;;AAGzF,gBAAc,YAAY,WAAW;AACrC,UAAQ,MAAR;GACI,KAAK,CAAC,CAAC;AACH,mBAAe,MAAM,KAAK,YAAY,QAAQ,cAAc;AAC5D;GACJ,KAAK,CAAC,CAAC;AACH,mBAAe,MAAM,OAAO,YAAY,QAAQ,eAAe,QAAQ,eAAe,QAAQ,OAAO;AACrG;GACJ,KAAK,CAAC,CAAC,SACH,OAAM,IAAI,UAAU,4EAA4E;GACpG,QACI,KAAI;AACA,mBAAeC,qBAA2B,IAAI,GAAG,WAAW,cAAc,QAAQ,cAAc;YAE7F,KAAK;AACR,iBAAa,IAAI;;;;CAIjC,MAAM,WAAW,MAAMC,8BACY,IAAI,GAAG,MAAM,cAAc,aAAa,QAAQ,oBAAoBC,QAAc;EACjH,sBAAsB;GACrBhC,gBAAoBiC;GACpBT,0BAA8B,CAAC;EAChC,MAAM,SAAS;EACf,SAAS,IAAI,QAAQ,QAAQ;EAC7B,QAAQ,OAAO,QAAQ;EAC1B,CAAC,CACG,MAAM,aAAa;AACxB,KAAI,OAAO,QAAQ,kBAAkB,YACjC,OAAO,QAAQ,WAAW,SAC1B,QAAO,kBAAkB;CAE7B,MAAM,IAAIU,iCAAuC,IAAI,GAAG,UAAU;EAC9D,eAAe,QAAQ;EACvB,QAAQ,QAAQ;EAChB,gBAAgB,QAAQ;GACvBC,aAAmB;EACvB,CAAC;CACF,IAAI;AACJ,KAAI;AACA,WAAS,MAAM;UAEZ,KAAK;AACR,MAAI,UAAU,KAAK,QAAQ,CACvB,QAAO,uBAAuB,QAAQ,QAAW,QAAQ,yBAAyB;GAC9E,GAAG;GACH,MAAM;GACQ;GACD;GAChB,CAAC;AAEN,eAAa,IAAI;;AAErB,QAAO,YAAa,MAAM,iBAAiB,SAAS;AACpD,YAAW,OAAO;AAClB,QAAO;;AAkCX,eAAsB,kBAAkB,QAAQ,cAAc,YAAY,SAAS;AAC/E,aAAY,OAAO;AACnB,cAAa,IAAI,gBAAgB,WAAW;CAC5C,MAAM,EAAE,IAAI,GAAG,MAAM,gBAAO,SAAS,gBAAgB,SAAS,YAAY,IAAI,OAAO;CACrF,MAAM,WAAW,MAAMC,yBACO,IAAI,GAAG,MAAM,cAAc;GACpDpC,gBAAoBiC;GACpBT,0BAA8B,CAAC;EAChC,sBAAsB;EACtB,MAAM,SAAS;EACf,SAAS,IAAI,QAAQ,QAAQ;EAC7B,QAAQ,OAAO,QAAQ;EAC1B,CAAC,CACG,MAAM,aAAa;CACxB,MAAM,IAAIa,4BAAkC,IAAI,GAAG,UAAU,GACxDF,aAAmB,SACvB,CAAC;CACF,IAAI;AACJ,KAAI;AACA,WAAS,MAAM;UAEZ,KAAK;AACR,MAAI,UAAU,KAAK,QAAQ,CACvB,QAAO,kBAAkB,QAAQ,cAAc,YAAY;GACvD,GAAG;GACH,MAAM;GACT,CAAC;AAEN,eAAa,IAAI;;AAErB,QAAO,YAAa,MAAM,iBAAiB,SAAS;AACpD,YAAW,OAAO;AAClB,QAAO;;AAgCX,SAAgB,sBAAsB,QAAQ,YAAY;AACtD,aAAY,OAAO;CACnB,MAAM,EAAE,IAAI,GAAG,SAAS,QAAQ,MAAM,aAAa,IAAI,OAAO;CAC9D,MAAM,wBAAwBG,gBAAsB,IAAI,0BAA0B,OAAO,QAAQ;AACjG,cAAa,IAAI,gBAAgB,WAAW;AAC5C,KAAI,CAAC,WAAW,IAAI,YAAY,CAC5B,YAAW,IAAI,aAAa,EAAE,UAAU;AAE5C,KAAI,CAAC,WAAW,IAAI,cAAc,IAAI,CAAC,WAAW,IAAI,UAAU,EAAE;AAC9D,MAAI,CAAC,WAAW,IAAI,gBAAgB,CAChC,YAAW,IAAI,iBAAiB,SAAS,kBAAkB,WAAW,aAAa,OAAO;AAE9F,MAAI,YAAY,CAAC,WAAW,IAAI,QAAQ,CACpC,OAAM,eAAe,2GAA2G,sBAAsB;AAE1J,MAAI,KACA,YAAW,IAAI,iBAAiB,MAAM;;AAG9C,MAAK,MAAM,CAAC,GAAG,MAAM,WAAW,SAAS,CACrC,uBAAsB,aAAa,OAAO,GAAG,EAAE;AAEnD,QAAO;;AA4CX,SAAgB,mBAAmB,QAAQ,YAAY;AACnD,aAAY,OAAO;CACnB,MAAM,EAAE,IAAI,GAAG,YAAY,IAAI,OAAO;CACtC,MAAM,qBAAqBA,gBAAsB,IAAI,wBAAwB,OAAO,QAAQ;AAC5F,cAAa,IAAI,gBAAgB,WAAW;AAC5C,KAAI,CAAC,WAAW,IAAI,YAAY,CAC5B,YAAW,IAAI,aAAa,EAAE,UAAU;AAE5C,MAAK,MAAM,CAAC,GAAG,MAAM,WAAW,SAAS,CACrC,oBAAmB,aAAa,OAAO,GAAG,EAAE;AAEhD,QAAO;;AAEX,SAAS,YAAY,OAAO;AACxB,KAAI,EAAE,iBAAiB,eACnB,OAAM,eAAe,mDAAiD,qBAAqB;AAE/F,KAAI,OAAO,eAAe,MAAM,KAAK,cAAc,UAC/C,OAAM,eAAe,4CAA4C,sBAAsB;;AAG/F,SAAS,OAAO,SAAS;AACrB,QAAO,UAAU,YAAY,QAAQ,UAAU,IAAK,GAAG;;AAkC3D,SAAS,UAAU,KAAK,SAAS;AAC7B,KAAI,SAAS,QAAQ,QAAQ,SAAS,MAClC,QAAOC,iBAAuB,IAAI;AAEtC,QAAO;;AAuBX,MAAM,QAAQ,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AC9pCtB,MAAa,SAAS,YAAmD;AACvE,QAAO,iBAAiB,gBAAgB,QAAQ;;AA6LlD,IAAa,iBAAb,cAAoC,WAAkC;CACpE,AAAmB,mBAAmB,QAAQ,iBAAiB;CAC/D,AAAmB,mBAAmB,QAAQ,iBAAiB;CAE/D,AAAO;CAEP,IAAW,OAAO;AAChB,SAAO,KAAK,QAAQ,QAAQ,KAAK,OAAO;;CAG1C,IAAW,WAAmB;EAC5B,MAAM,OAAO,KAAK,OAAO,gBAAgB,CAAC;AAC1C,MAAI,CAAC,KACH,OAAM,IAAI,YAAY,8CAA8C;AAEtE,SAAO;;CAGT,IAAW,QAA4B;AACrC,MAAI,WAAW,KAAK,QAClB,QAAO,KAAK,QAAQ,MAAM;AAE5B,MAAI,UAAU,KAAK,QACjB,QAAO,KAAK,QAAQ,KAAK,SAAS;AAEpC,QAAM,IAAI,YACR,kEACD;;CAGH,IAAW,eAAe;AACxB,MAAI,WAAW,KAAK,QAClB,QAAO,KAAK,QAAQ,MAAM;AAE5B,MAAI,UAAU,KAAK,QACjB,QAAO,KAAK,QAAQ,KAAK;AAE3B,QAAM,IAAI,YACR,kEACD;;;;;;CAOH,MAAa,QACX,cACA,aAC8B;AAC9B,MAAI,WAAW,KAAK,QAClB,QAAO,KAAK,QAAQ,MACjB,aAAa,cAAc,YAAY,CACvC,MAAM,OAAO,GAAG,OAAO,CACvB,OAAO,UAAU;AAChB,SAAM,IAAI,cACR,kEACA,EACE,OAAO,OACR,CACF;IACD;WACK,KAAK,MACd,KAAI;AACF,UAAO;IACL,GAAI,MAAM,kBAAkB,KAAK,OAAO,aAAa;IACrD,WAAW,KAAK,iBAAiB,KAAK,CAAC,MAAM;IAC9C;WACM,OAAO;AACd,SAAM,IAAI,cACR,mEACA,EACE,OAAO,OACR,CACF;;AAIL,QAAM,IAAI,YACR,6EACD;;;;;;CAOH,MAAa,KAAK,QAAsC;AACtD,MAAI;AACF,OAAI,WAAW,KAAK,SAAS;IAC3B,MAAM,UAAU,MAAM,KAAK,QAAQ,MAAM,SAAS,OAAO;AAEzD,QAAI,KAAK,QAAQ,MAAM,QACrB,QAAO,KAAK,QAAQ,MAAM,QAAQ;KAChC,GAAG;KACH,MAAM;KACP,CAAC;AAGJ,WAAO,KAAK,iBAAiB,sBAAsB,QAAQ;;AAG7D,OAAI,UAAU,KAAK,SAAS;IAC1B,MAAM,UAAU,KAAK,mBAAmB,OAAO,YAAY,GAAG;AAE9D,QAAI,KAAK,QAAQ,KAAK,QACpB,QAAO,KAAK,QAAQ,KAAK,QAAQ;KAC/B,GAAG;KACH,MAAM;KACP,CAAC;AAGJ,WAAO,KAAK,iBAAiB,sBAAsB,QAAQ;;WAEtD,OAAO;AACd,SAAM,IAAI,cACR,wDACA,EACE,OAAO,OACR,CACF;;AAGH,QAAM,IAAI,YACR,mEACD;;CAGH,AAAU,mBAAmB,SAAgC;AAC3D,MAAI;AACF,UAAO,KAAK,MACV,OAAO,KAAK,QAAQ,MAAM,IAAI,CAAC,IAAI,SAAS,CAAC,SAAS,OAAO,CAC9D;WACM,OAAO;AACd,SAAM,IAAI,YAAY,oCAAoC,EACxD,OAAO,OACR,CAAC;;;CAIN,MAAa,UAAU;EACrB,MAAMC,SAAiD,EAAE;AAEzD,SAAO,KAAK,sBAAsB;AAElC,MAAI,UAAU,KAAK,SAAS;GAC1B,MAAM,EAAE,SAAS,KAAK;AAEtB,QAAK,QAAQ,MAAM,UACjB,IAAI,IAAI,KAAK,OAAO,EACpB,KAAK,UACL,EACE,eAAe,KAAK,cACrB,EACD,QACA,EACE,SAAS,QACV,CACF;;AAGH,MAAI,WAAW,KAAK,SAAS;GAC3B,MAAM,EAAE,UAAU,KAAK;AAEvB,QAAK,QAAQ,IAAI,cACf;IACE,wBAAwB,MAAM;IAC9B,gBAAgB,MAAM;IACtB,QAAQ,MAAM;IAEd,UAAU;IACV,sBAAsB;IACvB,EACD,MAAM,UACN,EACE,eAAe,MAAM,cACtB,CACF;;;;AAKP,MAAM,QAAQ;;;;AC5ad,MAAa,eAAe,EAAE,OAAO;CACnC,UAAU,EAAE,MAAM;CAClB,cAAc,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;CACtC,WAAW,EAAE,QAAQ;CACrB,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;CAClC,eAAe,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC,CAAC;CACnD,0BAA0B,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChD,oBAAoB,EAAE,SACpB,EAAE,OAAO,EACP,aACE,8EACH,CAAC,CACH;CACD,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC,CAAC;CAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC;CAC5B,CAAC;;;;ACbF,MAAa,sBAAsB,EAAE,OAAO,cAAc;CACxD,MAAM;CACN,KAAK;CACN,CAAC;;;;ACJF,MAAa,yBAAyB,EAAE,OAAO;CAC7C,MAAM,EAAE,SAAS,sBAAsB;CACvC,KAAK;CACN,CAAC;;;;;;;ACKF,IAAa,YAAb,MAAa,UAAU;CACrB,AAAmB,MAAM,SAAS;CAClC,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,aAAa,QAAQ,WAAW;CAEnD,OAAO,OAAO;EACZ,OAAO;EACP,UAAU;EACV,QAAQ;EACR,OAAO;EACP,SAAS;EACT,UAAU;EACX;CAED,AAAmB,oBAAoB,MAAM;EAC3C,IAAI;EACJ,SAAS,OAAO,UAAU;AACxB,OAAI,KAAK,OAAO,WAAW,CACzB,QAAO,eAAe,MAAM,OAAO,QAAQ,EACzC,WAAW,KAAK,MACjB,CAAC;;EAGP,CAAC;CAEF,AAAmB,iBAAiB,MAAM;EACxC,IAAI;EACJ,SAAS,OAAO,EAAE,cAAc;AAC9B,OAAI,KAAK,OAAO,WAAW,IAAI,KAAK,KAElC,SAAQ,gBAAgB;;EAG7B,CAAC;;;;;;CAOF,IAAW,OAAqC;AAC9C,SAAO,KAAK,OAAO,MAAM,IAAI,6BAA6B;;CAG5D,MAAa,OAAO;EAClB,MAAM,EAAE,SAAS,MAAM,KAAK,WAAW,MAAM,UAAU,KAAK,UAAU,EACpE,QAAQ,EAAE,UAAU,wBAAwB,EAC7C,CAAC;AAEF,OAAK,OAAO,MAAM,IAAI,kCAAkC,KAAK,IAAI;AACjE,OAAK,OAAO,MAAM,IAAI,8BAA8B,KAAK,KAAK;AAE9D,SAAO,KAAK;;CAGd,MAAa,MACX,UACA,SAOiB;AACjB,MAAI,QAAQ,YAAY,QAAQ,UAAU;GACxC,MAAM,EAAE,SAAS,MAAM,KAAK,WAAW,MACrC,GAAG,QAAQ,YAAY,KAAK,UAAU,KAAK,MAAM,YAAY,YAC7D;IACE,QAAQ;IACR,MAAM,KAAK,UAAU;KACnB,UAAU,QAAQ;KAClB,UAAU,QAAQ;KAClB,GAAG;KACJ,CAAC;IACF,QAAQ,EAAE,UAAU,qBAAqB;IAC1C,CACF;AAED,QAAK,OAAO,MAAM,IAAI,kCAAkC,KAAK,IAAI;AACjE,QAAK,OAAO,MAAM,IAAI,8BAA8B,KAAK,KAAK;AAE9D,UAAO;;AAGT,MAAI,KAAK,OAAO,WAAW,EAAE;GAC3B,MAAM,UAAU,KAAK,OAAO,OAAO,qBAAqB;GACxD,MAAM,WACJ,QAAQ,aACP,QAAQ,gBACL,OAAO,SAAS,SAAS,QAAQ,cAAc,KAC/C,OAAO,SAAS;GAEtB,MAAM,OAAO,GAAG,OAAO,SAAS,SAAS,UAAU,KAAK,MAAM,YAAY,SAAS,gBAAgB,mBAAmB,SAAS;AAE/H,OAAI,QAAQ,cACV,OAAM,IAAI,YAAY,KAAK;QACtB;AACL,WAAO,SAAS,OAAO;AACvB,WAAO,EAAE;;;AAIb,QAAM,IAAI,YACR,GAAG,UAAU,KAAK,MAAM,YAAY,SAAS,gBAAgB,QAAQ,YAAY,MAClF;;CAGH,AAAO,SAAS;AACd,SAAO,SAAS,OAAO,GAAG,UAAU,KAAK,OAAO,4BAA4B,mBAAmB,OAAO,SAAS,OAAO;;;;;;AChG1H,IAAa,oBAAb,MAA+B;CAC7B,AAAmB,MAAM,SAAS;CAClC,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,wBAAwB,QAAQ,sBAAsB;CACzE,AAAmB,mBAAmB,QAAQ,iBAAiB;CAC/D,AAAmB,sBAAsB,QAAQ,oBAAoB;CACrE,AAAmB,YAAY,QAAQ,UAAU;CAEjD,AAAmB,oBAAoB,QAAQ;EAC7C,MAAM;EACN,KAAK,CAAC,IAAI,UAAU;EACpB,UAAU;EACV,QAAQ,EAAE,OAAO;GACf,UAAU,EAAE,MAAM;GAClB,cAAc,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC,CAAC;GAClD,aAAa,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC,CAAC;GACjD,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC;GAC3B,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC;GAC5B,CAAC;EACH,CAAC;CAEF,AAAgB,SAAS,QAAQ;EAC/B,MAAM;EACN,KAAK,CAAC,IAAI,OAAO;EACjB,UAAU;EACV,UAAU;EACV,SAAS;EACT,QAAQ;EACT,CAAC;CAEF,AAAgB,WAAW,MAAM;EAC/B,IAAI;EACJ,SAAS,OAAO,EAAE,SAAS,YAAY;AACrC,OAAI,SAAS,MAAM;IACjB,MAAM,EAAE,OAAO,OAAO,GAAG,SAAS,QAAQ;AAC1C,SAAK,OAAO,MAAM,IAAI,8BAA8B,KAAK;AACzD,UAAM,OAAO;;;EAGlB,CAAC;CAEF,IAAW,aAAoC;AAC7C,SAAO,KAAK,OACT,YAAY,MAAM,CAClB,QAAQ,SAAS,CAAC,KAAK,QAAQ,SAAS;;CAG7C,AAAmB,YAAY,MAAM;EACnC,IAAI;EACJ,SAAS,YAAY;AACnB,QAAK,MAAM,YAAY,KAAK,WAC1B,OAAM,SAAS,SAAS;;EAG7B,CAAC;CAEF,AAAU,gBAAgB,QAAgB;EACxC,MAAM,MAAM,KAAK,SAAS,OAAO,SAAS;AAE1C,MACE,UAAU,IAAI,WACd,EAAE,WAAW,IAAI,YACjB,IAAI,QAAQ,MAAM,WAElB,QAAO,OAAO;AAGhB,SAAO,OAAO;;;;;CAMhB,AAAmB,YAAY,MAAM;EACnC,IAAI;EACJ,OAAO,KAAK;EACZ,SAAS,OAAO,EAAE,cAAc;GAC9B,MAAM,UAAU,QAAQ;AAGxB,OAAI,SAAS;IACX,MAAM,SAAS,MAAM,KAAK,gBAAgB,QAAQ;AAClD,QAAI,QAAQ;AACV,aAAQ,QAAQ,gBAAgB,UAAU,KAAK,gBAAgB,OAAO;AACtE,UAAK,IAAI,MAAM,uCAAuC,EACpD,UAAU,OAAO,UAClB,CAAC;;;AAKN,OAAI,CAAC,QAAQ,QAAQ,eACnB;SAAK,MAAM,YAAY,KAAK,WAC1B,KAAI,EAAE,WAAW,SAAS,YAAY,CAAC,CAAC,SAAS,QAAQ,UAAU;KACjE,MAAM,QAAQ,MAAM,SAAS,QAAQ,UAAU;AAC/C,SAAI,OAAO;AACT,cAAQ,QAAQ,gBAAgB,UAAU;AAC1C;;;;;EAMX,CAAC;;;;;CAMF,MAAgB,gBACd,SAC6B;EAC7B,MAAM,SAAS,KAAK,OAAO,IAAI,EAAE,SAAS,CAAC;AAC3C,MAAI,CAAC,QAAQ;AAEX,QAAK,IAAI,MAAM,6BAA6B;AAC5C;;AAGF,OAAK,IAAI,MAAM,2BAA2B;GACxC,YAAY,OAAO;GACnB,WAAW,OAAO;GACnB,CAAC;EAGF,MAAM,kBAAkB,MAAM,KAAK,cAAc,OAAO;AACxD,MAAI,CAAC,iBAAiB;AACpB,QAAK,OAAO,IAAI,EAAE,SAAS,CAAC;AAI5B;;AAGF,MAAI,gBAAgB,iBAAiB,OAAO,aAC1C,MAAK,UAAU,iBAAiB,QAAQ;AAG1C,SAAO;;CAGT,MAAgB,cAAc,QAA6C;AACzE,MAAI,OAAO,cAAc,OAAO,WAI9B;OAFkB,OAAO,aAAa,OAAO,aADtB,MAGP,KAAK,iBAAiB,KAAK,CAAC,MAAM,EAAE;AAClD,SAAK,IAAI,MAAM,qBAAqB;AAGpC,QAAI,OAAO,eAAe;AACxB,UAAK,IAAI,MAAM,+CAA+C;AAE9D,SAAI;MAMF,MAAM,YAAY;OAChB,GALa,MADE,KAAK,SAAS,OAAO,CACR,QAC5B,OAAO,eACP,OAAO,aACR;OAGC,UAAU,OAAO;OACjB,WAAW,KAAK,iBAAiB,KAAK,CAAC,MAAM;OAC9C;AAED,WAAK,IAAI,MAAM,gCAAgC;AAE/C,aAAO;cACAC,KAAG;AACV,WAAK,IAAI,KAAK,2BAA2BA,IAAE;;;AAK/C;;;AAIJ,MAAI,CAAC,OAAO,aAAa,OAAO,aAC9B;AAGF,SAAO;;;;;CAQT,AAAgB,WAAW,OAAO;EAChC,MAAM,UAAU,KAAK;EACrB,QAAQ,EACN,UAAU,wBACX;EACD,SAAS,OAAO,EAAE,MAAM,oBAAS,cAAc;GAC7C,MAAM,SAAS,KAAK,OAAO,IAAI,EAAE,SAAS,CAAC;AAC3C,OAAI,QAAQ;IACV,MAAM,WAAW,KAAK,SAAS,OAAO;AACtC,QAAI,EAAE,WAAW,SAAS,UAAU;KAClC,MAAMC,SAAO,MAAM,SAAS,KAAK,OAAO;AAKxC,YAAO;MACL,KALU,MAAM,KAAK,oBAAoB,gBAAgB;OACzD,eAAeC,UAAQ;OACvB;OACD,CAAC;MAGA;MACD;;;AASL,UAAO;IACL,KANU,MAAM,KAAK,oBAAoB,gBAAgB;KACzD,eAAeA,UAAQ;KACvB;KACD,CAAC;IAIA;IACD;;EAEJ,CAAC;;;;CAKF,AAAgB,UAAU,OAAO;EAC/B,MAAM,UAAU,KAAK;EACrB,QAAQ;EACR,QAAQ;GACN,OAAO,EAAE,OAAO,EACd,UAAU,EAAE,MAAM,EACnB,CAAC;GACF,MAAM,EAAE,OAAO;IACb,eAAe,EAAE,KAAK,EACpB,MAAM,QACP,CAAC;IACF,cAAc,EAAE,SACd,EAAE,KAAK;KACL,MAAM;KACN,aACE;KACH,CAAC,CACH;IACF,CAAC;GACF,UAAU;GACX;EACD,SAAS,OAAO,EAAE,OAAO,MAAM,cAAc;GAC3C,MAAM,WAAW,KAAK,SAAS,MAAM;GAErC,MAAM,SAAS;IACb,UAAU,MAAM;IAChB,GAAI,MAAM,SAAS,QAAQ,KAAK,eAAe,KAAK,aAAa;IAClE;AAGD,QAAK,UAAU,QAAQ,QAAQ;AAE/B,UAAO;;EAEV,CAAC;;;;CAKF,AAAgB,QAAQ,OAAO;EAC7B,MAAM,UAAU,KAAK;EACrB,QAAQ;EACR,QAAQ;GACN,OAAO,EAAE,OAAO,EACd,UAAU,EAAE,MAAM,EACnB,CAAC;GACF,MAAM,EAAE,OAAO;IACb,UAAU,EAAE,MAAM;IAClB,UAAU,EAAE,MAAM;IACnB,CAAC;GACF,UAAU;GACX;EACD,SAAS,OAAO,EAAE,OAAO,MAAM,cAAc;GAC3C,MAAM,WAAW,KAAK,SAAS,MAAM;GACrC,MAAM,QAAQ,WAAW,SAAS,WAAW,SAAS,QAAQ;AAC9D,OAAI,CAAC,MACH,OAAM,IAAI,cACR,kBAAkB,MAAM,SAAS,mCAClC;GAGH,MAAM,cACJ,iBAAiB,SAAS,WAAW,SAAS,QAAQ;AAExD,OAAI,CAAC,YACH,OAAM,IAAI,cACR,kBAAkB,MAAM,SAAS,mCAClC;GAGH,IAAIC;AACJ,OAAI;AACF,WAAO,MAAM,YAAY,QAAQ,KAAK;YAC/BH,KAAG;AACV,UAAM,IAAI,kBAAkB,+BAA+B,EACzD,OAAOA,KACR,CAAC;;GAGJ,MAAM,SAAS;IACb,UAAU,MAAM;IAChB,GAAI,MAAM,MAAM,YAAY,KAAK;IAClC;AAGD,QAAK,UAAU,QAAQ,QAAQ;GAE/B,MAAM,MAAM,MAAM,KAAK,oBAAoB,gBAAgB,EACzD,MACD,CAAC;AAGF,UAAO;IACL,GAAG;IACH;IACA;IACD;;EAEJ,CAAC;;;;CAKF,AAAgB,QAAQ,OAAO;EAC7B,MAAM,UAAU,KAAK;EACrB,QAAQ,EACN,OAAO,EAAE,OAAO;GACd,UAAU,EAAE,MAAM;GAClB,cAAc,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC,CAAC;GACnD,CAAC,EACH;EACD,SAAS,OAAO,EAAE,OAAO,KAAK,YAAY;GACxC,MAAM,WAAW,KAAK,SAAS,MAAM;GACrC,MAAM,QAAQ,SAAS;AACvB,OAAI,CAAC,MACH,OAAM,IAAI,cACR,kBAAkB,MAAM,SAAS,2BAClC;GAGH,MAAM,QAAQ,SAAS;GACvB,IAAI,eAAe,SAAS,gBAAgB,UAAU,KAAK;AAC3D,OAAI,aAAa,WAAW,IAAI,CAC9B,gBAAe,GAAG,IAAI,SAAS,IAAI,IAAI,OAAO;GAGhD,MAAM,OAAO,UAAU,SAAS,WAAW,SAAS,QAAQ;AAE5D,OAAI,CAAC,MAAM,gBAAgB,CAAC,cAAc,EAAE;IAC1C,MAAM,QAAQ,aAAa;IAC3B,MAAMI,eAAqC;KACzC;KACA;KACD;AAED,QAAI,KACF,cAAW,QAAQ,aAAa;AAGlC,QAAI,MACF,cAAW,QAAQ;AAGrB,SAAK,kBAAkB,IAAI;KACzB;KACA,OAAOC,aAAW;KAClB,aAAa,MAAM,gBAAgB;KACnC,UAAU,MAAM;KACjB,CAAC;AAEF,UAAM,SAAS,sBAAsB,OAAOA,aAAW,CAAC,UAAU,CAAC;AACnE;;GAGF,MAAM,eAAe,wBAAwB;GAC7C,MAAM,gBAAgB,MAAM,2BAA2B,aAAa;GAEpE,MAAMD,aAAqC;IACzC;IACA,gBAAgB;IAChB,uBAAuB;IACxB;AAED,OAAI,MACF,YAAW,QAAQ;AAGrB,QAAK,kBAAkB,IAAI;IACzB;IACA,aAAa,MAAM,gBAAgB;IACnC,UAAU,MAAM;IACjB,CAAC;AAEF,SAAM,SAAS,sBAAsB,OAAO,WAAW,CAAC,UAAU,CAAC;;EAEtE,CAAC;;;;;CAMF,AAAgB,WAAW,OAAO;EAChC,MAAM,UAAU,KAAK;EACrB,SAAS,OAAO,EAAE,KAAK,OAAO,cAAc;GAC1C,MAAM,oBAAoB,KAAK,kBAAkB,IAAI,EAAE,SAAS,CAAC;AACjE,OAAI,CAAC,kBACH,OAAM,IAAI,gBAAgB,wBAAwB;GAGpD,MAAM,WAAW,KAAK,SAAS,kBAAkB;GACjD,MAAM,QAAQ,SAAS;AACvB,OAAI,CAAC,MACH,OAAM,IAAI,cACR,kBAAkB,SAAS,KAAK,2BACjC;GAGH,MAAM,cAAc,kBAAkB,eAAe;GAErD,MAAM,iBAAiB,MAAM,uBAAuB,OAAO,KAAK;IAC9D,kBAAkB,kBAAkB;IACpC,eAAe,kBAAkB;IACjC,eAAe,kBAAkB;IAClC,CAAC,CACC,MAAM,cAAY;IACjB,WAAW,KAAK,iBAAiB,KAAK,CAAC,MAAM;IAC7C,UAAU,SAAS;IACnB,GAAGE;IACJ,EAAE,CACF,OAAO,QAAM;AACZ,SAAK,IAAI,MAAM,8BAA8BN,IAAE;AAC/C,UAAM,IAAI,cAAc,8BAA8B,EACpD,OAAOA,KACR,CAAC;KACF;AAEJ,QAAK,kBAAkB,IAAI,EAAE,SAAS,CAAC;GAEvC,MAAM,QAAQ,WAAW,SAAS,WAAW,SAAS,QAAQ;AAG9D,OAAI,CAAC,OAAO;AACV,SAAK,UAAU,gBAAgB,QAAQ;AACvC,UAAM,SAAS,YAAY;AAC3B;;GAKF,MAAM,OAAO,MAAM,SAAS,KAAK,eAAe;GAChD,MAAM,SAAS,MAAM,MAAM,YAAY,KAAK;AAE5C,QAAK,UACH;IACE,GAAG;IACH,WAAW,KAAK,iBAAiB,KAAK,CAAC,MAAM;IAC7C,UAAU,SAAS;IACpB,EACD,QACD;AAED,SAAM,SAAS,YAAY;;EAE9B,CAAC;;;;CAKF,AAAgB,SAAS,OAAO;EAC9B,MAAM,UAAU,KAAK;EACrB,QAAQ;EACR,QAAQ,EACN,OAAO,EAAE,OAAO,EACd,0BAA0B,EAAE,SAAS,EAAE,MAAM,CAAC,EAC/C,CAAC,EACH;EACD,SAAS,OAAO,EAAE,OAAO,OAAO,cAAc;GAC5C,MAAM,WAAW,MAAM,4BAA4B;GACnD,MAAM,SAAS,KAAK,OAAO,IAAI,EAAE,SAAS,CAAC;AAC3C,OAAI,CAAC,QAAQ;AACX,UAAM,SAAS,SAAS;AACxB;;GAGF,MAAM,WAAW,KAAK,SAAS,OAAO,SAAS;AAE/C,QAAK,OAAO,IAAI,EAAE,SAAS,CAAC;AAG5B,OAAI,WAAW,SAAS,WAAW,OAAO,eAAe;IACvD,MAAM,kBACJ,SAAS,QAAQ,MAAM,QAAQ,UAAU;AAC3C,QAAI,gBACF,KAAI;AACF,WAAM,gBAAgB,OAAO,cAAc;aACpCA,KAAG;AACV,UAAK,IAAI,MAAM,4BAA4BA,IAAE;;;GAKnD,MAAM,QAAQ,SAAS;AACvB,OAAI,CAAC,OAAO;AACV,UAAM,SAAS,SAAS;AACxB;;GAGF,MAAM,SAAS,IAAI,iBAAiB;GACpC,MAAM,UAAU,QAAQ;AAExB,UAAO,IAAI,4BAA4B,SAAS;AAChD,OAAI,QACF,QAAO,IAAI,iBAAiB,QAAQ;GAGtC,MAAM,kBACJ,UAAU,SAAS,UACf,SAAS,QAAQ,MAAM,YACvB;AAEN,OAAI,iBAAiB;AACnB,UAAM,SAAS,GAAG,gBAAgB,GAAG,SAAS;AAC9C;;AAGF,OAAI,CAAC,MAAM,gBAAgB,CAAC,sBAAsB;AAKhD,UAAM,SAAS,SAAS;AACxB;;AAGF,SAAM,SAAS,mBAAmB,OAAO,OAAO,CAAC,UAAU,CAAC;;EAE/D,CAAC;CAEF,AAAU,SAAS,MAAqD;EACtE,MAAM,OAAO,OAAO,SAAS,WAAW,OAAO,KAAK;EACpD,MAAM,WAAW,KAAK,WAAW,MAAM,eAAaO,WAAS,SAAS,KAAK;AAE3E,MAAI,CAAC,SACH,OAAM,IAAI,cAAc,kBAAkB,KAAK,aAAa;AAG9D,SAAO;;CAGT,AAAU,UAAU,QAAgB,SAAyB;EAC3D,MAAM,MACJ,OAAO,4BACP,OAAO,sBACP,OAAO;EAET,MAAM,MAAM,MACR,KAAK,iBAAiB,SAAS,KAAK,UAAU,GAC9C;AAEJ,OAAK,OAAO,IAAI,QAAQ;GACtB;GACA;GACD,CAAC;;;;;;;;;;;;;;;;ACnkBN,MAAa,eACX,OACA,YACG;CACH,MAAM,EAAE,WAAW,UAAU;CAE7B,MAAM,MAAM,OAAO,SACjB,EAAE,OAAO;EACP,kBAAkB,EAAE,QAAQ;EAC5B,sBAAsB,EAAE,QAAQ;EACjC,CAAC,CACH;AAED,QAAO,MAAM;EACX;EACA,MAAM;EACN,OAAO;GACL,UAAU,IAAI;GACd,cAAc,IAAI;GAClB,eAAe;GACf,OAAO;GACP,OAAO;GACP,UAAU,OAAO,WAAW;IAC1B,MAAM,WAAW;IACjB,MAAM,MAAM,MAAM,MAAM,GAAG,SAAS,QAAQ,EAC1C,SAAS;KACP,eAAe,UAAU,OAAO;KAChC,cAAc;KACf,EACF,CAAC,CAAC,MAAM,UAAQC,MAAI,MAAM,CAAC;IAE5B,MAAMC,OAAsB,EAC1B,KAAK,IAAI,GAAG,UAAU,EACvB;AAED,QAAI,IAAI,MACN,MAAK,QAAQ,IAAI;AAGnB,QAAI,IAAI,KACN,MAAK,OAAO,IAAI,KAAK,MAAM;AAG7B,QAAI,IAAI,WACN,MAAK,UAAU,IAAI;AAGrB,QAAI,CAAC,KAAK,OAAO;KACf,MAAMD,QAAM,MAAM,MAAM,GAAG,SAAS,eAAe,EACjD,SAAS;MACP,eAAe,UAAU,OAAO;MAChC,cAAc;MACf,EACF,CAAC;AACF,SAAIA,MAAI,IAAI;MACV,MAAME,SAAgB,MAAMF,MAAI,MAAM;AACtC,WAAK,SAAS,OAAO,MAAM,QAAMG,IAAE,QAAQ,IAAI,OAAO,IAAI;;;AAI9D,WAAO;;GAET,GAAG;GACJ;EACF,CAAC;;;;;;;;;;;;;;;ACjEJ,MAAa,eACX,OACA,YACG;CACH,MAAM,EAAE,WAAW,UAAU;CAE7B,MAAM,MAAM,OAAO,SACjB,EAAE,OAAO;EACP,kBAAkB,EAAE,QAAQ;EAC5B,sBAAsB,EAAE,QAAQ;EACjC,CAAC,CACH;AAED,QAAO,MAAM;EACX;EACA,MAAM;EACN,MAAM;GACJ,QAAQ;GACR,UAAU,IAAI;GACd,cAAc,IAAI;GAClB,GAAG;GACJ;EACF,CAAC;;;;;AClCJ,IAAa,sBAAb,cAAyC,YAAY;CACnD,AAAS,OAAO;CAChB,AAAS,SAAS;;;;;ACApB,MAAa,gBAAwC;CACnD,MAAM,SAAS,WAAW;CAC1B,MAAM,CAAC,QAAQ,SAAS,6BAA6B;AAErD,QAAO;EACL;EACA,cAAc;AACZ,UAAO,OAAO,UAAU,CAAC,QAAQ;;EAEnC,OAAO,OACL,UACA,UAKI,EAAE,KACH;AACH,SAAM,OAAO,OAAO,UAAU,CAAC,MAAM,UAAoB,QAAQ;;EAEnE,MACE,SACY;AACZ,UAAO,OAAO,OAAO,aAAa,CAAC,IAAI,KAAe;;EAEzD;;;;;;;;;;;ACaH,MAAa,kBAAkB,QAAQ;CACrC,MAAM;CACN,aAAa,CAAC,MAAM;CACpB,UAAU;EAAC;EAAa;EAAqB;EAAmB;EAAU;CAC3E,CAAC"}
1
+ {"version":3,"file":"index.js","names":["subs: Function[]","state","ErrorBoundary","envSchema","pages: PageRoute[]","NestedView","context: Record<string, any>","stack: Array<RouterStackItem>","route","config: Record<string, any>","context","element: ReactNode | Redirection | undefined","ErrorViewer","ClientOnly","children","envSchema","target: PageRoute | undefined","element","hydrationData: ReactHydrationState","query: Record<string, string>","previous: PreviousLayerData[]","query: Record<string, string>"],"sources":["../../src/core/services/ReactPageService.ts","../../src/core/descriptors/$page.ts","../../src/core/components/ClientOnly.tsx","../../src/core/components/ErrorViewer.tsx","../../src/core/contexts/RouterLayerContext.ts","../../src/core/errors/Redirection.ts","../../src/core/contexts/AlephaContext.ts","../../src/core/hooks/useAlepha.ts","../../src/core/hooks/useEvents.ts","../../src/core/hooks/useStore.ts","../../src/core/hooks/useRouterState.ts","../../src/core/components/ErrorBoundary.tsx","../../src/core/components/NestedView.tsx","../../src/core/components/NotFound.tsx","../../src/core/providers/ReactPageProvider.ts","../../src/core/providers/ReactServerProvider.ts","../../src/core/services/ReactPageServerService.ts","../../src/core/providers/ReactBrowserRouterProvider.ts","../../src/core/providers/ReactBrowserProvider.ts","../../src/core/services/ReactRouter.ts","../../src/core/index.ts","../../src/auth/providers/ReactAuthProvider.ts","../../src/auth/services/ReactAuth.ts","../../src/auth/hooks/useAuth.ts","../../src/auth/index.ts"],"sourcesContent":["import { AlephaError } from \"alepha\";\nimport type {\n PageDescriptorRenderOptions,\n PageDescriptorRenderResult,\n} from \"../descriptors/$page.ts\";\n\nexport class ReactPageService {\n public fetch(\n pathname: string,\n options: PageDescriptorRenderOptions = {},\n ): Promise<{\n html: string;\n response: Response;\n }> {\n throw new AlephaError(\"Fetch is not available for this environment.\");\n }\n\n public render(\n name: string,\n options: PageDescriptorRenderOptions = {},\n ): Promise<PageDescriptorRenderResult> {\n throw new AlephaError(\"Render is not available for this environment.\");\n }\n}\n","import {\n $inject,\n type Async,\n createDescriptor,\n Descriptor,\n KIND,\n type Static,\n type TSchema,\n} from \"alepha\";\nimport type { ServerRequest } from \"alepha/server\";\nimport type { ServerRouteCache } from \"alepha/server/cache\";\nimport type { FC, ReactNode } from \"react\";\nimport type { ClientOnlyProps } from \"../components/ClientOnly.tsx\";\nimport type { Redirection } from \"../errors/Redirection.ts\";\nimport type { ReactRouterState } from \"../providers/ReactPageProvider.ts\";\nimport { ReactPageService } from \"../services/ReactPageService.ts\";\n\n/**\n * Main descriptor for defining a React route in the application.\n *\n * The $page descriptor is the core building block for creating type-safe, SSR-enabled React routes.\n * It provides a declarative way to define pages with powerful features:\n *\n * **Routing & Navigation**\n * - URL pattern matching with parameters (e.g., `/users/:id`)\n * - Nested routing with parent-child relationships\n * - Type-safe URL parameter and query string validation\n *\n * **Data Loading**\n * - Server-side data fetching with the `resolve` function\n * - Automatic serialization and hydration for SSR\n * - Access to request context, URL params, and parent data\n *\n * **Component Loading**\n * - Direct component rendering or lazy loading for code splitting\n * - Client-only rendering when browser APIs are needed\n * - Automatic fallback handling during hydration\n *\n * **Performance Optimization**\n * - Static generation for pre-rendered pages at build time\n * - Server-side caching with configurable TTL and providers\n * - Code splitting through lazy component loading\n *\n * **Error Handling**\n * - Custom error handlers with support for redirects\n * - Hierarchical error handling (child → parent)\n * - HTTP status code handling (404, 401, etc.)\n *\n * **Page Animations**\n * - CSS-based enter/exit animations\n * - Dynamic animations based on page state\n * - Custom timing and easing functions\n *\n * **Lifecycle Management**\n * - Server response hooks for headers and status codes\n * - Page leave handlers for cleanup (browser only)\n * - Permission-based access control\n *\n * @example Simple page with data fetching\n * ```typescript\n * const userProfile = $page({\n * path: \"/users/:id\",\n * schema: {\n * params: t.object({ id: t.integer() }),\n * query: t.object({ tab: t.optional(t.text()) })\n * },\n * resolve: async ({ params }) => {\n * const user = await userApi.getUser(params.id);\n * return { user };\n * },\n * lazy: () => import(\"./UserProfile.tsx\")\n * });\n * ```\n *\n * @example Nested routing with error handling\n * ```typescript\n * const projectSection = $page({\n * path: \"/projects/:id\",\n * children: () => [projectBoard, projectSettings],\n * resolve: async ({ params }) => {\n * const project = await projectApi.get(params.id);\n * return { project };\n * },\n * errorHandler: (error) => {\n * if (HttpError.is(error, 404)) {\n * return <ProjectNotFound />;\n * }\n * }\n * });\n * ```\n *\n * @example Static generation with caching\n * ```typescript\n * const blogPost = $page({\n * path: \"/blog/:slug\",\n * static: {\n * entries: posts.map(p => ({ params: { slug: p.slug } }))\n * },\n * resolve: async ({ params }) => {\n * const post = await loadPost(params.slug);\n * return { post };\n * }\n * });\n * ```\n */\nexport const $page = <\n TConfig extends PageConfigSchema = PageConfigSchema,\n TProps extends object = TPropsDefault,\n TPropsParent extends object = TPropsParentDefault,\n>(\n options: PageDescriptorOptions<TConfig, TProps, TPropsParent>,\n): PageDescriptor<TConfig, TProps, TPropsParent> => {\n return createDescriptor(\n PageDescriptor<TConfig, TProps, TPropsParent>,\n options,\n );\n};\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface PageDescriptorOptions<\n TConfig extends PageConfigSchema = PageConfigSchema,\n TProps extends object = TPropsDefault,\n TPropsParent extends object = TPropsParentDefault,\n> {\n /**\n * Identifier name for the page. Must be unique.\n *\n * @default Descriptor key\n */\n name?: string;\n\n /**\n * Add a pathname to the page.\n *\n * Pathname can contain parameters, like `/post/:slug`.\n *\n * @default \"\"\n */\n path?: string;\n\n /**\n * Add an input schema to define:\n * - `params`: parameters from the pathname.\n * - `query`: query parameters from the URL.\n */\n schema?: TConfig;\n\n /**\n * Load data before rendering the page.\n *\n * This function receives\n * - the request context and\n * - the parent props (if page has a parent)\n *\n * In SSR, the returned data will be serialized and sent to the client, then reused during the client-side hydration.\n *\n * Resolve can be stopped by throwing an error, which will be handled by the `errorHandler` function.\n * It's common to throw a `NotFoundError` to display a 404 page.\n *\n * RedirectError can be thrown to redirect the user to another page.\n */\n resolve?: (context: PageResolve<TConfig, TPropsParent>) => Async<TProps>;\n\n /**\n * The component to render when the page is loaded.\n *\n * If `lazy` is defined, this will be ignored.\n * Prefer using `lazy` to improve the initial loading time.\n */\n component?: FC<TProps & TPropsParent>;\n\n /**\n * Lazy load the component when the page is loaded.\n *\n * It's recommended to use this for components to improve the initial loading time\n * and enable code-splitting.\n */\n lazy?: () => Promise<{ default: FC<TProps & TPropsParent> }>;\n\n /**\n * Attach child pages to create nested routes.\n * This will make the page a parent route.\n */\n children?: Array<PageDescriptor> | (() => Array<PageDescriptor>);\n\n /**\n * Define a parent page for nested routing.\n */\n parent?: PageDescriptor<PageConfigSchema, TPropsParent, any>;\n\n can?: () => boolean;\n\n /**\n * Catch any error from the `resolve` function or during `rendering`.\n *\n * Expected to return one of the following:\n * - a ReactNode to render an error page\n * - a Redirection to redirect the user\n * - undefined to let the error propagate\n *\n * If not defined, the error will be thrown and handled by the server or client error handler.\n * If a leaf $page does not define an error handler, the error can be caught by parent pages.\n *\n * @example Catch a 404 from API and render a custom not found component:\n * ```ts\n * resolve: async ({ params, query }) => {\n * api.fetch(\"/api/resource\", { params, query });\n * },\n * errorHandler: (error, context) => {\n * if (HttpError.is(error, 404)) {\n * return <ResourceNotFound />;\n * }\n * }\n * ```\n *\n * @example Catch an 401 error and redirect the user to the login page:\n * ```ts\n * resolve: async ({ params, query }) => {\n * // but the user is not authenticated\n * api.fetch(\"/api/resource\", { params, query });\n * },\n * errorHandler: (error, context) => {\n * if (HttpError.is(error, 401)) {\n * // throwing a Redirection is also valid!\n * return new Redirection(\"/login\");\n * }\n * }\n * ```\n */\n errorHandler?: ErrorHandler;\n\n /**\n * If true, the page will be considered as a static page, immutable and cacheable.\n * Replace boolean by an object to define static entries. (e.g. list of params/query)\n *\n * Browser-side: it only works with `alepha/vite`, which can pre-render the page at build time.\n *\n * Server-side: It will act as timeless cached page. You can use `cache` to configure the cache behavior.\n */\n static?:\n | boolean\n | {\n entries?: Array<Partial<PageRequestConfig<TConfig>>>;\n };\n\n cache?: ServerRouteCache;\n\n /**\n * If true, force the page to be rendered only on the client-side (browser).\n * It uses the `<ClientOnly/>` component to render the page.\n */\n client?: boolean | ClientOnlyProps;\n\n /**\n * Called before the server response is sent to the client. (server only)\n */\n onServerResponse?: (request: ServerRequest) => unknown;\n\n /**\n * Called when user leaves the page. (browser only)\n */\n onLeave?: () => void;\n\n /**\n * @experimental\n *\n * Add a css animation when the page is loaded or unloaded.\n * It uses CSS animations, so you need to define the keyframes in your CSS.\n *\n * @example Simple animation name\n * ```ts\n * animation: \"fadeIn\"\n * ```\n *\n * CSS example:\n * ```css\n * @keyframes fadeIn {\n * from { opacity: 0; }\n * to { opacity: 1; }\n * }\n * ```\n *\n * @example Detailed animation\n * ```ts\n * animation: {\n * enter: { name: \"fadeIn\", duration: 300 },\n * exit: { name: \"fadeOut\", duration: 200, timing: \"ease-in-out\" },\n * }\n * ```\n *\n * @example Only exit animation\n * ```ts\n * animation: {\n * exit: \"fadeOut\"\n * }\n * ```\n *\n * @example With custom timing function\n * ```ts\n * animation: {\n * enter: { name: \"fadeIn\", duration: 300, timing: \"cubic-bezier(0.4, 0, 0.2, 1)\" },\n * exit: { name: \"fadeOut\", duration: 200, timing: \"ease-in-out\" },\n * }\n * ```\n */\n animation?: PageAnimation;\n}\n\nexport type ErrorHandler = (\n error: Error,\n state: ReactRouterState,\n) => ReactNode | Redirection | undefined;\n\nexport class PageDescriptor<\n TConfig extends PageConfigSchema = PageConfigSchema,\n TProps extends object = TPropsDefault,\n TPropsParent extends object = TPropsParentDefault,\n> extends Descriptor<PageDescriptorOptions<TConfig, TProps, TPropsParent>> {\n protected readonly reactPageService = $inject(ReactPageService);\n\n protected onInit() {\n if (this.options.static) {\n this.options.cache ??= {\n store: {\n provider: \"memory\",\n ttl: [1, \"week\"],\n },\n };\n }\n }\n\n public get name(): string {\n return this.options.name ?? this.config.propertyKey;\n }\n\n /**\n * For testing or build purposes.\n *\n * This will render the page (HTML layout included or not) and return the HTML + context.\n * Only valid for server-side rendering, it will throw an error if called on the client-side.\n */\n public async render(\n options?: PageDescriptorRenderOptions,\n ): Promise<PageDescriptorRenderResult> {\n return this.reactPageService.render(this.name, options);\n }\n\n public async fetch(options?: PageDescriptorRenderOptions): Promise<{\n html: string;\n response: Response;\n }> {\n return this.reactPageService.fetch(this.options.path || \"\", options);\n }\n\n public match(url: string): boolean {\n // TODO: Implement a way to match the URL against the pathname\n return false;\n }\n\n public pathname(config: any) {\n // TODO: Implement a way to generate the pathname based on the config\n return this.options.path || \"\";\n }\n}\n\n$page[KIND] = PageDescriptor;\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface PageConfigSchema {\n query?: TSchema;\n params?: TSchema;\n}\n\nexport type TPropsDefault = any;\n\nexport type TPropsParentDefault = {};\n\nexport interface PageDescriptorRenderOptions {\n params?: Record<string, string>;\n query?: Record<string, string>;\n\n /**\n * If true, the HTML layout will be included in the response.\n * If false, only the page content will be returned.\n *\n * @default true\n */\n html?: boolean;\n hydration?: boolean;\n}\n\nexport interface PageDescriptorRenderResult {\n html: string;\n state: ReactRouterState;\n redirect?: string;\n}\n\nexport interface PageRequestConfig<\n TConfig extends PageConfigSchema = PageConfigSchema,\n> {\n params: TConfig[\"params\"] extends TSchema\n ? Static<TConfig[\"params\"]>\n : Record<string, string>;\n\n query: TConfig[\"query\"] extends TSchema\n ? Static<TConfig[\"query\"]>\n : Record<string, string>;\n}\n\nexport type PageResolve<\n TConfig extends PageConfigSchema = PageConfigSchema,\n TPropsParent extends object = TPropsParentDefault,\n> = PageRequestConfig<TConfig> &\n TPropsParent &\n Omit<ReactRouterState, \"layers\" | \"onError\">;\n\nexport type PageAnimation =\n | PageAnimationObject\n | ((state: ReactRouterState) => PageAnimationObject | undefined);\n\ntype PageAnimationObject =\n | CssAnimationName\n | {\n enter?: CssAnimation | CssAnimationName;\n exit?: CssAnimation | CssAnimationName;\n };\n\ntype CssAnimationName = string;\n\ntype CssAnimation = {\n name: string;\n duration?: number;\n timing?: string;\n};\n","import {\n type PropsWithChildren,\n type ReactNode,\n useEffect,\n useState,\n} from \"react\";\n\nexport interface ClientOnlyProps {\n fallback?: ReactNode;\n disabled?: boolean;\n}\n\n/**\n * A small utility component that renders its children only on the client side.\n *\n * Optionally, you can provide a fallback React node that will be rendered.\n *\n * You should use this component when\n * - you have code that relies on browser-specific APIs\n * - you want to avoid server-side rendering for a specific part of your application\n * - you want to prevent pre-rendering of a component\n */\nconst ClientOnly = (props: PropsWithChildren<ClientOnlyProps>) => {\n const [mounted, setMounted] = useState(false);\n\n useEffect(() => setMounted(true), []);\n\n if (props.disabled) {\n return props.children;\n }\n\n return mounted ? props.children : props.fallback;\n};\n\nexport default ClientOnly;\n","import type { Alepha } from \"alepha\";\nimport { useState } from \"react\";\n\ninterface ErrorViewerProps {\n error: Error;\n alepha: Alepha;\n}\n\n// TODO: design this better\n\nconst ErrorViewer = ({ error, alepha }: ErrorViewerProps) => {\n const [expanded, setExpanded] = useState(false);\n const isProduction = alepha.isProduction();\n // const status = isHttpError(error) ? error.status : 500;\n\n if (isProduction) {\n return <ErrorViewerProduction />;\n }\n\n const stackLines = error.stack?.split(\"\\n\") ?? [];\n const previewLines = stackLines.slice(0, 5);\n const hiddenLineCount = stackLines.length - previewLines.length;\n\n const copyToClipboard = (text: string) => {\n navigator.clipboard.writeText(text).catch((err) => {\n console.error(\"Clipboard error:\", err);\n });\n };\n\n const styles = {\n container: {\n padding: \"24px\",\n backgroundColor: \"#FEF2F2\",\n color: \"#7F1D1D\",\n border: \"1px solid #FECACA\",\n borderRadius: \"16px\",\n boxShadow: \"0 8px 24px rgba(0,0,0,0.05)\",\n fontFamily: \"monospace\",\n maxWidth: \"768px\",\n margin: \"40px auto\",\n },\n heading: {\n fontSize: \"20px\",\n fontWeight: \"bold\",\n marginBottom: \"10px\",\n },\n name: {\n fontSize: \"16px\",\n fontWeight: 600,\n },\n message: {\n fontSize: \"14px\",\n marginBottom: \"16px\",\n },\n sectionHeader: {\n display: \"flex\",\n justifyContent: \"space-between\",\n alignItems: \"center\",\n fontSize: \"12px\",\n marginBottom: \"4px\",\n color: \"#991B1B\",\n },\n copyButton: {\n fontSize: \"12px\",\n color: \"#DC2626\",\n background: \"none\",\n border: \"none\",\n cursor: \"pointer\",\n textDecoration: \"underline\",\n },\n stackContainer: {\n backgroundColor: \"#FEE2E2\",\n padding: \"12px\",\n borderRadius: \"8px\",\n fontSize: \"13px\",\n lineHeight: \"1.4\",\n overflowX: \"auto\" as const,\n whiteSpace: \"pre-wrap\" as const,\n },\n expandLine: {\n color: \"#F87171\",\n cursor: \"pointer\",\n marginTop: \"8px\",\n },\n };\n\n return (\n <div style={styles.container}>\n <div>\n <div style={styles.heading}>🔥 Error</div>\n <div style={styles.name}>{error.name}</div>\n <div style={styles.message}>{error.message}</div>\n </div>\n\n {stackLines.length > 0 && (\n <div>\n <div style={styles.sectionHeader}>\n <span>Stack trace</span>\n <button\n type=\"button\"\n onClick={() => copyToClipboard(error.stack!)}\n style={styles.copyButton}\n >\n Copy all\n </button>\n </div>\n <pre style={styles.stackContainer}>\n {(expanded ? stackLines : previewLines).map((line, i) => (\n <div key={i}>{line}</div>\n ))}\n {!expanded && hiddenLineCount > 0 && (\n <div style={styles.expandLine} onClick={() => setExpanded(true)}>\n + {hiddenLineCount} more lines...\n </div>\n )}\n </pre>\n </div>\n )}\n </div>\n );\n};\n\nexport default ErrorViewer;\n\nconst ErrorViewerProduction = () => {\n const styles = {\n container: {\n padding: \"24px\",\n backgroundColor: \"#FEF2F2\",\n color: \"#7F1D1D\",\n border: \"1px solid #FECACA\",\n borderRadius: \"16px\",\n boxShadow: \"0 8px 24px rgba(0,0,0,0.05)\",\n fontFamily: \"monospace\",\n maxWidth: \"768px\",\n margin: \"40px auto\",\n textAlign: \"center\" as const,\n },\n heading: {\n fontSize: \"20px\",\n fontWeight: \"bold\",\n marginBottom: \"8px\",\n },\n name: {\n fontSize: \"16px\",\n fontWeight: 600,\n marginBottom: \"4px\",\n },\n message: {\n fontSize: \"14px\",\n opacity: 0.85,\n },\n };\n\n return (\n <div style={styles.container}>\n <div style={styles.heading}>🚨 An error occurred</div>\n <div style={styles.message}>\n Something went wrong. Please try again later.\n </div>\n </div>\n );\n};\n","import { createContext } from \"react\";\n\nexport interface RouterLayerContextValue {\n index: number;\n path: string;\n}\n\nexport const RouterLayerContext = createContext<\n RouterLayerContextValue | undefined\n>(undefined);\n","/**\n * Used for Redirection during the page loading.\n *\n * Depends on the context, it can be thrown or just returned.\n */\nexport class Redirection extends Error {\n public readonly redirect: string;\n\n constructor(redirect: string) {\n super(\"Redirection\");\n this.redirect = redirect;\n }\n}\n","import type { Alepha } from \"alepha\";\nimport { createContext } from \"react\";\n\nexport const AlephaContext = createContext<Alepha | undefined>(undefined);\n","import { type Alepha, AlephaError } from \"alepha\";\nimport { useContext } from \"react\";\nimport { AlephaContext } from \"../contexts/AlephaContext.ts\";\n\n/**\n * Main Alepha hook.\n *\n * It provides access to the Alepha instance within a React component.\n *\n * With Alepha, you can access the core functionalities of the framework:\n *\n * - alepha.state() for state management\n * - alepha.inject() for dependency injection\n * - alepha.events.emit() for event handling\n * etc...\n */\nexport const useAlepha = (): Alepha => {\n const alepha = useContext(AlephaContext);\n if (!alepha) {\n throw new AlephaError(\n \"Hook 'useAlepha()' must be used within an AlephaContext.Provider\",\n );\n }\n\n return alepha;\n};\n","import type { Async, Hook, Hooks } from \"alepha\";\nimport { type DependencyList, useEffect } from \"react\";\nimport { useAlepha } from \"./useAlepha.ts\";\n\n/**\n * Allow subscribing to multiple Alepha events. See {@link Hooks} for available events.\n *\n * useEvents is fully typed to ensure correct event callback signatures.\n *\n * @example\n * ```tsx\n * useEvents(\n * {\n * \"react:transition:begin\": (ev) => {\n * console.log(\"Transition began to:\", ev.to);\n * },\n * \"react:transition:error\": {\n * priority: \"first\",\n * callback: (ev) => {\n * console.error(\"Transition error:\", ev.error);\n * },\n * },\n * },\n * [],\n * );\n * ```\n */\nexport const useEvents = (opts: UseEvents, deps: DependencyList) => {\n const alepha = useAlepha();\n\n useEffect(() => {\n if (!alepha.isBrowser()) {\n return;\n }\n\n const subs: Function[] = [];\n for (const [name, hook] of Object.entries(opts)) {\n subs.push(alepha.events.on(name as any, hook as any));\n }\n\n return () => {\n for (const clear of subs) {\n clear();\n }\n };\n }, deps);\n};\n\ntype UseEvents = {\n [T in keyof Hooks]?: Hook<T> | ((payload: Hooks[T]) => Async<void>);\n};\n","import type { State, Static, TAtomObject } from \"alepha\";\nimport { Atom } from \"alepha\";\nimport { useEffect, useMemo, useState } from \"react\";\nimport { useAlepha } from \"./useAlepha.ts\";\n\n/**\n * Hook to access and mutate the Alepha state.\n */\nfunction useStore<T extends TAtomObject>(\n target: Atom<T>,\n defaultValue?: Static<T>,\n): UseStoreReturn<Static<T>>;\nfunction useStore<Key extends keyof State>(\n target: Key,\n defaultValue?: State[Key],\n): UseStoreReturn<State[Key]>;\nfunction useStore(target: any, defaultValue?: any): any {\n const alepha = useAlepha();\n\n useMemo(() => {\n if (defaultValue != null && alepha.state.get(target) == null) {\n alepha.state.set(target, defaultValue);\n }\n }, [defaultValue]);\n\n const [state, setState] = useState(alepha.state.get(target));\n\n useEffect(() => {\n if (!alepha.isBrowser()) {\n return;\n }\n\n const key = target instanceof Atom ? target.key : target;\n\n return alepha.events.on(\"state:mutate\", (ev) => {\n if (ev.key === key) {\n setState(ev.value);\n }\n });\n }, []);\n\n return [\n state,\n (value: any) => {\n alepha.state.set(target, value);\n },\n ] as const;\n}\n\nexport type UseStoreReturn<T> = [T, (value: T) => void];\n\nexport { useStore };\n","import { AlephaError } from \"alepha\";\nimport type { ReactRouterState } from \"../providers/ReactPageProvider.ts\";\nimport { useStore } from \"./useStore.ts\";\n\nexport const useRouterState = (): ReactRouterState => {\n const [state] = useStore(\"alepha.react.router.state\");\n if (!state) {\n throw new AlephaError(\"Missing react router state\");\n }\n return state;\n};\n","import React, {\n type ErrorInfo,\n type PropsWithChildren,\n type ReactNode,\n} from \"react\";\n\n/**\n * Props for the ErrorBoundary component.\n */\nexport interface ErrorBoundaryProps {\n /**\n * Fallback React node to render when an error is caught.\n * If not provided, a default error message will be shown.\n */\n fallback: (error: Error) => ReactNode;\n\n /**\n * Optional callback that receives the error and error info.\n * Use this to log errors to a monitoring service.\n */\n onError?: (error: Error, info: ErrorInfo) => void;\n}\n\n/**\n * State of the ErrorBoundary component.\n */\ninterface ErrorBoundaryState {\n error?: Error;\n}\n\n/**\n * A reusable error boundary for catching rendering errors\n * in any part of the React component tree.\n */\nexport class ErrorBoundary extends React.Component<\n PropsWithChildren<ErrorBoundaryProps>,\n ErrorBoundaryState\n> {\n constructor(props: ErrorBoundaryProps) {\n super(props);\n this.state = {};\n }\n\n /**\n * Update state so the next render shows the fallback UI.\n */\n static getDerivedStateFromError(error: Error): ErrorBoundaryState {\n return {\n error,\n };\n }\n\n /**\n * Lifecycle method called when an error is caught.\n * You can log the error or perform side effects here.\n */\n componentDidCatch(error: Error, info: ErrorInfo): void {\n if (this.props.onError) {\n this.props.onError(error, info);\n }\n }\n\n render(): ReactNode {\n if (this.state.error) {\n return this.props.fallback(this.state.error);\n }\n\n return this.props.children;\n }\n}\n\nexport default ErrorBoundary;\n","import { memo, type ReactNode, use, useRef, useState } from \"react\";\nimport { RouterLayerContext } from \"../contexts/RouterLayerContext.ts\";\nimport type { PageAnimation } from \"../descriptors/$page.ts\";\nimport { Redirection } from \"../errors/Redirection.ts\";\nimport { useEvents } from \"../hooks/useEvents.ts\";\nimport { useRouterState } from \"../hooks/useRouterState.ts\";\nimport type { ReactRouterState } from \"../providers/ReactPageProvider.ts\";\nimport ErrorBoundary from \"./ErrorBoundary.tsx\";\n\nexport interface NestedViewProps {\n children?: ReactNode;\n errorBoundary?: false | ((error: Error) => ReactNode);\n}\n\n/**\n * A component that renders the current view of the nested router layer.\n *\n * To be simple, it renders the `element` of the current child page of a parent page.\n *\n * @example\n * ```tsx\n * import { NestedView } from \"@alepha/react\";\n *\n * class App {\n * parent = $page({\n * component: () => <NestedView />,\n * });\n *\n * child = $page({\n * parent: this.root,\n * component: () => <div>Child Page</div>,\n * });\n * }\n * ```\n */\nconst NestedView = (props: NestedViewProps) => {\n const index = use(RouterLayerContext)?.index ?? 0;\n const state = useRouterState();\n\n const [view, setView] = useState<ReactNode | undefined>(\n state.layers[index]?.element,\n );\n\n const [animation, setAnimation] = useState(\"\");\n const animationExitDuration = useRef<number>(0);\n const animationExitNow = useRef<number>(0);\n\n useEvents(\n {\n \"react:transition:begin\": async ({ previous, state }) => {\n // --------- Animations Begin ---------\n const layer = previous.layers[index];\n if (`${state.url.pathname}/`.startsWith(`${layer?.path}/`)) {\n return;\n }\n\n const animationExit = parseAnimation(\n layer.route?.animation,\n state,\n \"exit\",\n );\n\n if (animationExit) {\n const duration = animationExit.duration || 200;\n animationExitNow.current = Date.now();\n animationExitDuration.current = duration;\n setAnimation(animationExit.animation);\n } else {\n animationExitNow.current = 0;\n animationExitDuration.current = 0;\n setAnimation(\"\");\n }\n // --------- Animations End ---------\n },\n \"react:transition:end\": async ({ state }) => {\n const layer = state.layers[index];\n\n // --------- Animations Begin ---------\n if (animationExitNow.current) {\n const duration = animationExitDuration.current;\n const diff = Date.now() - animationExitNow.current;\n if (diff < duration) {\n await new Promise((resolve) =>\n setTimeout(resolve, duration - diff),\n );\n }\n }\n // --------- Animations End ---------\n\n if (!layer?.cache) {\n setView(layer?.element);\n\n // --------- Animations Begin ---------\n const animationEnter = parseAnimation(\n layer?.route?.animation,\n state,\n \"enter\",\n );\n\n if (animationEnter) {\n setAnimation(animationEnter.animation);\n } else {\n setAnimation(\"\");\n }\n // --------- Animations End ---------\n }\n },\n },\n [],\n );\n\n let element = view ?? props.children ?? null;\n\n // --------- Animations Begin ---------\n if (animation) {\n element = (\n <div\n style={{\n display: \"flex\",\n flex: 1,\n height: \"100%\",\n width: \"100%\",\n position: \"relative\",\n overflow: \"hidden\",\n }}\n >\n <div\n style={{ height: \"100%\", width: \"100%\", display: \"flex\", animation }}\n >\n {element}\n </div>\n </div>\n );\n }\n // --------- Animations End ---------\n\n if (props.errorBoundary === false) {\n return <>{element}</>;\n }\n\n if (props.errorBoundary) {\n return (\n <ErrorBoundary fallback={props.errorBoundary}>{element}</ErrorBoundary>\n );\n }\n\n return (\n <ErrorBoundary\n fallback={(error) => {\n const result = state.onError(error, state); // TODO: onError is not refreshed\n if (result instanceof Redirection) {\n return \"Redirection inside ErrorBoundary is not allowed.\";\n }\n return result as ReactNode;\n }}\n >\n {element}\n </ErrorBoundary>\n );\n};\n\nexport default memo(NestedView);\n\nfunction parseAnimation(\n animationLike: PageAnimation | undefined,\n state: ReactRouterState,\n type: \"enter\" | \"exit\" = \"enter\",\n):\n | {\n duration: number;\n animation: string;\n }\n | undefined {\n if (!animationLike) {\n return undefined;\n }\n\n const DEFAULT_DURATION = 300;\n\n const animation =\n typeof animationLike === \"function\" ? animationLike(state) : animationLike;\n\n if (typeof animation === \"string\") {\n if (type === \"exit\") {\n return;\n }\n return {\n duration: DEFAULT_DURATION,\n animation: `${DEFAULT_DURATION}ms ${animation}`,\n };\n }\n\n if (typeof animation === \"object\") {\n const anim = animation[type];\n const duration =\n typeof anim === \"object\"\n ? (anim.duration ?? DEFAULT_DURATION)\n : DEFAULT_DURATION;\n const name = typeof anim === \"object\" ? anim.name : anim;\n\n if (type === \"exit\") {\n const timing = typeof anim === \"object\" ? (anim.timing ?? \"\") : \"\";\n return {\n duration,\n animation: `${duration}ms ${timing} ${name}`,\n };\n }\n\n const timing = typeof anim === \"object\" ? (anim.timing ?? \"\") : \"\";\n\n return {\n duration,\n animation: `${duration}ms ${timing} ${name}`,\n };\n }\n\n return undefined;\n}\n","import type { CSSProperties } from \"react\";\n\nexport default function NotFoundPage(props: { style?: CSSProperties }) {\n return (\n <div\n style={{\n height: \"100vh\",\n display: \"flex\",\n flexDirection: \"column\",\n justifyContent: \"center\",\n alignItems: \"center\",\n textAlign: \"center\",\n fontFamily: \"sans-serif\",\n padding: \"1rem\",\n ...props.style,\n }}\n >\n <h1 style={{ fontSize: \"1rem\", marginBottom: \"0.5rem\" }}>\n 404 - This page does not exist\n </h1>\n </div>\n );\n}\n","import {\n $env,\n $hook,\n $inject,\n Alepha,\n AlephaError,\n type Static,\n type TSchema,\n t,\n} from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport { createElement, type ReactNode, StrictMode } from \"react\";\nimport ClientOnly from \"../components/ClientOnly.tsx\";\nimport ErrorViewer from \"../components/ErrorViewer.tsx\";\nimport NestedView from \"../components/NestedView.tsx\";\nimport NotFoundPage from \"../components/NotFound.tsx\";\nimport { AlephaContext } from \"../contexts/AlephaContext.ts\";\nimport { RouterLayerContext } from \"../contexts/RouterLayerContext.ts\";\nimport {\n $page,\n type ErrorHandler,\n type PageDescriptor,\n type PageDescriptorOptions,\n} from \"../descriptors/$page.ts\";\nimport { Redirection } from \"../errors/Redirection.ts\";\n\nconst envSchema = t.object({\n REACT_STRICT_MODE: t.boolean({ default: true }),\n});\n\ndeclare module \"alepha\" {\n export interface Env extends Partial<Static<typeof envSchema>> {}\n}\n\nexport class ReactPageProvider {\n protected readonly log = $logger();\n protected readonly env = $env(envSchema);\n protected readonly alepha = $inject(Alepha);\n protected readonly pages: PageRoute[] = [];\n\n public getPages(): PageRoute[] {\n return this.pages;\n }\n\n public getConcretePages(): PageRoute[] {\n const pages: PageRoute[] = [];\n for (const page of this.pages) {\n if (page.children && page.children.length > 0) {\n continue;\n }\n const fullPath = this.pathname(page.name);\n if (fullPath.includes(\":\") || fullPath.includes(\"*\")) {\n if (typeof page.static === \"object\") {\n const entries = page.static.entries;\n if (entries && entries.length > 0) {\n for (const entry of entries) {\n const params = entry.params as Record<string, string>;\n const path = this.compile(page.path ?? \"\", params);\n if (!path.includes(\":\") && !path.includes(\"*\")) {\n pages.push({\n ...page,\n name: params[Object.keys(params)[0]],\n path,\n ...entry,\n });\n }\n }\n }\n }\n\n continue;\n }\n pages.push(page);\n }\n return pages;\n }\n\n public page(name: string): PageRoute {\n for (const page of this.pages) {\n if (page.name === name) {\n return page;\n }\n }\n\n throw new AlephaError(`Page '${name}' not found`);\n }\n\n public pathname(\n name: string,\n options: {\n params?: Record<string, string>;\n query?: Record<string, string>;\n } = {},\n ) {\n const page = this.page(name);\n if (!page) {\n throw new Error(`Page ${name} not found`);\n }\n\n let url = page.path ?? \"\";\n let parent = page.parent;\n while (parent) {\n url = `${parent.path ?? \"\"}/${url}`;\n parent = parent.parent;\n }\n\n url = this.compile(url, options.params ?? {});\n\n if (options.query) {\n const query = new URLSearchParams(options.query);\n if (query.toString()) {\n url += `?${query.toString()}`;\n }\n }\n\n return url.replace(/\\/\\/+/g, \"/\") || \"/\";\n }\n\n public url(\n name: string,\n options: { params?: Record<string, string>; host?: string } = {},\n ): URL {\n return new URL(\n this.pathname(name, options),\n // use provided base or default to http://localhost\n options.host ?? `http://localhost`,\n );\n }\n\n public root(state: ReactRouterState): ReactNode {\n const root = createElement(\n AlephaContext.Provider,\n { value: this.alepha },\n createElement(NestedView, {}, state.layers[0]?.element),\n );\n\n if (this.env.REACT_STRICT_MODE) {\n return createElement(StrictMode, {}, root);\n }\n\n return root;\n }\n\n protected convertStringObjectToObject = (\n schema?: TSchema,\n value?: any,\n ): any => {\n if (t.schema.isObject(schema) && typeof value === \"object\") {\n for (const key in schema.properties) {\n if (\n t.schema.isObject(schema.properties[key]) &&\n typeof value[key] === \"string\"\n ) {\n try {\n value[key] = this.alepha.codec.decode(\n schema.properties[key],\n decodeURIComponent(value[key]),\n );\n } catch (e) {\n // ignore\n }\n }\n }\n }\n return value;\n };\n\n /**\n * Create a new RouterState based on a given route and request.\n * This method resolves the layers for the route, applying any query and params schemas defined in the route.\n * It also handles errors and redirects.\n */\n public async createLayers(\n route: PageRoute,\n state: ReactRouterState,\n previous: PreviousLayerData[] = [],\n ): Promise<CreateLayersResult> {\n let context: Record<string, any> = {}; // all props\n const stack: Array<RouterStackItem> = [{ route }]; // stack of routes\n\n let parent = route.parent;\n while (parent) {\n stack.unshift({ route: parent });\n parent = parent.parent;\n }\n\n let forceRefresh = false;\n\n for (let i = 0; i < stack.length; i++) {\n const it = stack[i];\n const route = it.route;\n const config: Record<string, any> = {};\n\n try {\n this.convertStringObjectToObject(route.schema?.query, state.query);\n config.query = route.schema?.query\n ? this.alepha.codec.decode(route.schema.query, state.query)\n : {};\n } catch (e) {\n it.error = e as Error;\n break;\n }\n\n try {\n config.params = route.schema?.params\n ? this.alepha.codec.decode(route.schema.params, state.params)\n : {};\n } catch (e) {\n it.error = e as Error;\n break;\n }\n\n // save config\n it.config = {\n ...config,\n };\n\n // check if previous layer is the same, reuse if possible\n if (previous?.[i] && !forceRefresh && previous[i].name === route.name) {\n const url = (str?: string) => (str ? str.replace(/\\/\\/+/g, \"/\") : \"/\");\n\n const prev = JSON.stringify({\n part: url(previous[i].part),\n params: previous[i].config?.params ?? {},\n });\n\n const curr = JSON.stringify({\n part: url(route.path),\n params: config.params ?? {},\n });\n\n if (prev === curr) {\n // part is the same, reuse previous layer\n it.props = previous[i].props;\n it.error = previous[i].error;\n it.cache = true;\n context = {\n ...context,\n ...it.props,\n };\n continue;\n }\n\n // part is different, force refresh of next layers\n forceRefresh = true;\n }\n\n // no resolve, render a basic view by default\n if (!route.resolve) {\n continue;\n }\n\n try {\n const args = Object.create(state);\n Object.assign(args, config, context);\n const props = (await route.resolve?.(args)) ?? {};\n\n // save props\n it.props = {\n ...props,\n };\n\n // add props to context\n context = {\n ...context,\n ...props,\n };\n } catch (e) {\n // check if we need to redirect\n if (e instanceof Redirection) {\n return {\n redirect: e.redirect,\n };\n }\n\n this.log.error(\"Page resolver has failed\", e);\n\n it.error = e as Error;\n break;\n }\n }\n\n let acc = \"\";\n for (let i = 0; i < stack.length; i++) {\n const it = stack[i];\n const props = it.props ?? {};\n\n const params = { ...it.config?.params };\n for (const key of Object.keys(params)) {\n params[key] = String(params[key]);\n }\n\n acc += \"/\";\n acc += it.route.path ? this.compile(it.route.path, params) : \"\";\n const path = acc.replace(/\\/+/, \"/\");\n const localErrorHandler = this.getErrorHandler(it.route);\n if (localErrorHandler) {\n const onErrorParent = state.onError;\n state.onError = (error, context) => {\n const result = localErrorHandler(error, context);\n // if nothing happen, call the parent\n if (result === undefined) {\n return onErrorParent(error, context);\n }\n return result;\n };\n }\n\n // normal use case\n if (!it.error) {\n try {\n const element = await this.createElement(it.route, {\n ...props,\n ...context,\n });\n\n state.layers.push({\n name: it.route.name,\n props,\n part: it.route.path,\n config: it.config,\n element: this.renderView(i + 1, path, element, it.route),\n index: i + 1,\n path,\n route: it.route,\n cache: it.cache,\n });\n } catch (e) {\n it.error = e as Error;\n }\n }\n\n // handler has thrown an error, render an error view\n if (it.error) {\n try {\n let element: ReactNode | Redirection | undefined =\n await state.onError(it.error, state);\n\n if (element === undefined) {\n throw it.error;\n }\n\n if (element instanceof Redirection) {\n return {\n redirect: element.redirect,\n };\n }\n\n if (element === null) {\n element = this.renderError(it.error);\n }\n\n state.layers.push({\n props,\n error: it.error,\n name: it.route.name,\n part: it.route.path,\n config: it.config,\n element: this.renderView(i + 1, path, element, it.route),\n index: i + 1,\n path,\n route: it.route,\n });\n break;\n } catch (e) {\n if (e instanceof Redirection) {\n return {\n redirect: e.redirect,\n };\n }\n throw e;\n }\n }\n }\n\n return { state };\n }\n\n protected createRedirectionLayer(redirect: string): CreateLayersResult {\n return {\n redirect,\n };\n }\n\n protected getErrorHandler(route: PageRoute): ErrorHandler | undefined {\n if (route.errorHandler) return route.errorHandler;\n let parent = route.parent;\n while (parent) {\n if (parent.errorHandler) return parent.errorHandler;\n parent = parent.parent;\n }\n }\n\n protected async createElement(\n page: PageRoute,\n props: Record<string, any>,\n ): Promise<ReactNode> {\n if (page.lazy && page.component) {\n this.log.warn(\n `Page ${page.name} has both lazy and component options, lazy will be used`,\n );\n }\n\n if (page.lazy) {\n const component = await page.lazy(); // load component\n return createElement(component.default, props);\n }\n\n if (page.component) {\n return createElement(page.component, props);\n }\n\n return undefined;\n }\n\n public renderError(error: Error): ReactNode {\n return createElement(ErrorViewer, { error, alepha: this.alepha });\n }\n\n public renderEmptyView(): ReactNode {\n return createElement(NestedView, {});\n }\n\n public href(\n page: { options: { name?: string } },\n params: Record<string, any> = {},\n ): string {\n const found = this.pages.find((it) => it.name === page.options.name);\n if (!found) {\n throw new Error(`Page ${page.options.name} not found`);\n }\n\n let url = found.path ?? \"\";\n let parent = found.parent;\n while (parent) {\n url = `${parent.path ?? \"\"}/${url}`;\n parent = parent.parent;\n }\n\n url = this.compile(url, params);\n\n return url.replace(/\\/\\/+/g, \"/\") || \"/\";\n }\n\n public compile(path: string, params: Record<string, string> = {}) {\n for (const [key, value] of Object.entries(params)) {\n path = path.replace(`:${key}`, value);\n }\n return path;\n }\n\n protected renderView(\n index: number,\n path: string,\n view: ReactNode | undefined,\n page: PageRoute,\n ): ReactNode {\n view ??= this.renderEmptyView();\n\n const element = page.client\n ? createElement(\n ClientOnly,\n typeof page.client === \"object\" ? page.client : {},\n view,\n )\n : view;\n\n return createElement(\n RouterLayerContext.Provider,\n {\n value: {\n index,\n path,\n },\n },\n element,\n );\n }\n\n protected readonly configure = $hook({\n on: \"configure\",\n handler: () => {\n let hasNotFoundHandler = false;\n const pages = this.alepha.descriptors($page);\n\n const hasParent = (it: PageDescriptor) => {\n if (it.options.parent) {\n return true;\n }\n\n for (const page of pages) {\n const children = page.options.children\n ? Array.isArray(page.options.children)\n ? page.options.children\n : page.options.children()\n : [];\n if (children.includes(it)) {\n return true;\n }\n }\n };\n\n for (const page of pages) {\n if (page.options.path === \"/*\") {\n hasNotFoundHandler = true;\n }\n\n // skip children, we only want root pages\n if (hasParent(page)) {\n continue;\n }\n\n this.add(this.map(pages, page));\n }\n\n if (!hasNotFoundHandler && pages.length > 0) {\n // add a default 404 page if not already defined\n this.add({\n path: \"/*\",\n name: \"notFound\",\n cache: true,\n component: NotFoundPage,\n onServerResponse: ({ reply }) => {\n reply.status = 404;\n },\n });\n }\n },\n });\n\n protected map(\n pages: Array<PageDescriptor>,\n target: PageDescriptor,\n ): PageRouteEntry {\n const children = target.options.children\n ? Array.isArray(target.options.children)\n ? target.options.children\n : target.options.children()\n : [];\n\n const getChildrenFromParent = (it: PageDescriptor): PageDescriptor[] => {\n const children = [];\n for (const page of pages) {\n if (page.options.parent === it) {\n children.push(page);\n }\n }\n return children;\n };\n\n children.push(...getChildrenFromParent(target));\n\n return {\n ...target.options,\n name: target.name,\n parent: undefined,\n children: children.map((it) => this.map(pages, it)),\n } as PageRoute;\n }\n\n public add(entry: PageRouteEntry) {\n if (this.alepha.isReady()) {\n throw new AlephaError(\"Router is already initialized\");\n }\n\n entry.name ??= this.nextId();\n const page = entry as PageRoute;\n\n page.match = this.createMatch(page);\n this.pages.push(page);\n\n if (page.children) {\n for (const child of page.children) {\n (child as PageRoute).parent = page;\n this.add(child);\n }\n }\n }\n\n protected createMatch(page: PageRoute): string {\n let url = page.path ?? \"/\";\n let target = page.parent;\n while (target) {\n url = `${target.path ?? \"\"}/${url}`;\n target = target.parent;\n }\n\n let path = url.replace(/\\/\\/+/g, \"/\");\n\n if (path.endsWith(\"/\") && path !== \"/\") {\n // remove trailing slash\n path = path.slice(0, -1);\n }\n\n return path;\n }\n\n protected _next = 0;\n\n protected nextId(): string {\n this._next += 1;\n return `P${this._next}`;\n }\n}\n\nexport const isPageRoute = (it: any): it is PageRoute => {\n return (\n it &&\n typeof it === \"object\" &&\n typeof it.path === \"string\" &&\n typeof it.page === \"object\"\n );\n};\n\nexport interface PageRouteEntry\n extends Omit<PageDescriptorOptions, \"children\" | \"parent\"> {\n children?: PageRouteEntry[];\n}\n\nexport interface PageRoute extends PageRouteEntry {\n type: \"page\";\n name: string;\n parent?: PageRoute;\n match: string;\n}\n\nexport interface Layer {\n config?: {\n query?: Record<string, any>;\n params?: Record<string, any>;\n // stack of resolved props\n context?: Record<string, any>;\n };\n\n name: string;\n props?: Record<string, any>;\n error?: Error;\n part?: string;\n element: ReactNode;\n index: number;\n path: string;\n route?: PageRoute;\n cache?: boolean;\n}\n\nexport type PreviousLayerData = Omit<Layer, \"element\" | \"index\" | \"path\">;\n\nexport interface AnchorProps {\n href: string;\n onClick: (ev?: any) => any;\n}\n\nexport interface ReactRouterState {\n /**\n * Stack of layers for the current page.\n */\n layers: Array<Layer>;\n\n /**\n * URL of the current page.\n */\n url: URL;\n\n /**\n * Error handler for the current page.\n */\n onError: ErrorHandler;\n\n /**\n * Params extracted from the URL for the current page.\n */\n params: Record<string, any>;\n\n /**\n * Query parameters extracted from the URL for the current page.\n */\n query: Record<string, string>;\n\n /**\n * Optional meta information associated with the current page.\n */\n meta: Record<string, any>;\n}\n\nexport interface RouterStackItem {\n route: PageRoute;\n config?: Record<string, any>;\n props?: Record<string, any>;\n error?: Error;\n cache?: boolean;\n}\n\nexport interface TransitionOptions {\n previous?: PreviousLayerData[];\n}\n\nexport interface CreateLayersResult {\n redirect?: string;\n state?: ReactRouterState;\n}\n","import { existsSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport {\n $atom,\n $env,\n $hook,\n $inject,\n $use,\n Alepha,\n AlephaError,\n type Static,\n t,\n} from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport {\n type ServerHandler,\n ServerProvider,\n ServerRouterProvider,\n ServerTimingProvider,\n} from \"alepha/server\";\nimport { ServerLinksProvider } from \"alepha/server/links\";\nimport { ServerStaticProvider } from \"alepha/server/static\";\nimport { renderToString } from \"react-dom/server\";\nimport {\n $page,\n type PageDescriptorRenderOptions,\n type PageDescriptorRenderResult,\n} from \"../descriptors/$page.ts\";\nimport { Redirection } from \"../errors/Redirection.ts\";\nimport type { ReactHydrationState } from \"./ReactBrowserProvider.ts\";\nimport {\n type PageRoute,\n ReactPageProvider,\n type ReactRouterState,\n} from \"./ReactPageProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nconst envSchema = t.object({\n REACT_SSR_ENABLED: t.optional(t.boolean()),\n REACT_ROOT_ID: t.text({ default: \"root\" }), // TODO: move to ReactPageProvider.options?\n REACT_SERVER_TEMPLATE: t.optional(\n t.text({\n size: \"rich\",\n }),\n ),\n});\n\ndeclare module \"alepha\" {\n interface Env extends Partial<Static<typeof envSchema>> {}\n interface State {\n \"alepha.react.server.ssr\"?: boolean;\n }\n}\n\n/**\n * React server provider configuration atom\n */\nexport const reactServerOptions = $atom({\n name: \"alepha.react.server.options\",\n schema: t.object({\n publicDir: t.string(),\n staticServer: t.object({\n disabled: t.boolean(),\n path: t.string({\n description: \"URL path where static files will be served.\",\n }),\n }),\n }),\n default: {\n publicDir: \"public\",\n staticServer: {\n disabled: false,\n path: \"/\",\n },\n },\n});\n\nexport type ReactServerProviderOptions = Static<\n typeof reactServerOptions.schema\n>;\n\ndeclare module \"alepha\" {\n interface State {\n [reactServerOptions.key]: ReactServerProviderOptions;\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport class ReactServerProvider {\n protected readonly log = $logger();\n protected readonly alepha = $inject(Alepha);\n protected readonly env = $env(envSchema);\n protected readonly pageApi = $inject(ReactPageProvider);\n protected readonly serverProvider = $inject(ServerProvider);\n protected readonly serverStaticProvider = $inject(ServerStaticProvider);\n protected readonly serverRouterProvider = $inject(ServerRouterProvider);\n protected readonly serverTimingProvider = $inject(ServerTimingProvider);\n\n public readonly ROOT_DIV_REGEX = new RegExp(\n `<div([^>]*)\\\\s+id=[\"']${this.env.REACT_ROOT_ID}[\"']([^>]*)>(.*?)<\\\\/div>`,\n \"is\",\n );\n protected preprocessedTemplate: PreprocessedTemplate | null = null;\n\n protected readonly options = $use(reactServerOptions);\n\n /**\n * Configure the React server provider.\n */\n public readonly onConfigure = $hook({\n on: \"configure\",\n handler: async () => {\n const pages = this.alepha.descriptors($page);\n\n const ssrEnabled =\n pages.length > 0 && this.env.REACT_SSR_ENABLED !== false;\n\n this.alepha.state.set(\"alepha.react.server.ssr\", ssrEnabled);\n\n // development mode\n if (this.alepha.isViteDev()) {\n await this.configureVite(ssrEnabled);\n return;\n }\n\n // production mode\n let root = \"\";\n\n // non-serverless mode only -> serve static files\n if (!this.alepha.isServerless()) {\n root = this.getPublicDirectory();\n if (!root) {\n this.log.warn(\n \"Missing static files, static file server will be disabled\",\n );\n } else {\n this.log.debug(`Using static files from: ${root}`);\n await this.configureStaticServer(root);\n }\n }\n\n if (ssrEnabled) {\n await this.registerPages(async () => this.template);\n this.log.info(\"SSR OK\");\n return;\n }\n\n // no SSR enabled, serve index.html for all unmatched routes\n this.log.info(\"SSR is disabled, use History API fallback\");\n this.serverRouterProvider.createRoute({\n path: \"*\",\n handler: async ({ url, reply }) => {\n if (url.pathname.includes(\".\")) {\n // If the request is for a file (e.g., /style.css), do not fallback\n reply.headers[\"content-type\"] = \"text/plain\";\n reply.body = \"Not Found\";\n reply.status = 404;\n return;\n }\n\n reply.headers[\"content-type\"] = \"text/html\";\n\n // serve index.html for all unmatched routes\n return this.template;\n },\n });\n },\n });\n\n public get template() {\n return (\n this.alepha.env.REACT_SERVER_TEMPLATE ??\n \"<!DOCTYPE html><html lang='en'><head></head><body></body></html>\"\n );\n }\n\n protected async registerPages(templateLoader: TemplateLoader) {\n // Preprocess template once\n const template = await templateLoader();\n if (template) {\n this.preprocessedTemplate = this.preprocessTemplate(template);\n }\n\n for (const page of this.pageApi.getPages()) {\n if (page.children?.length) {\n continue;\n }\n\n this.log.debug(`+ ${page.match} -> ${page.name}`);\n\n this.serverRouterProvider.createRoute({\n ...page,\n schema: undefined, // schema is handled by the page descriptor provider for now (shared by browser and server)\n method: \"GET\",\n path: page.match,\n handler: this.createHandler(page, templateLoader),\n });\n }\n }\n\n /**\n * Get the public directory path where static files are located.\n */\n protected getPublicDirectory(): string {\n const maybe = [\n join(process.cwd(), `dist/${this.options.publicDir}`),\n join(process.cwd(), this.options.publicDir),\n ];\n\n for (const it of maybe) {\n if (existsSync(it)) {\n return it;\n }\n }\n\n return \"\";\n }\n\n /**\n * Configure the static file server to serve files from the given root directory.\n */\n protected async configureStaticServer(root: string) {\n await this.serverStaticProvider.createStaticServer({\n root,\n cacheControl: {\n maxAge: 3600,\n immutable: true,\n },\n ...this.options.staticServer,\n });\n }\n\n /**\n * Configure Vite for SSR.\n */\n protected async configureVite(ssrEnabled: boolean) {\n if (!ssrEnabled) {\n // do nothing, vite will handle everything for us\n return;\n }\n\n this.log.info(\"SSR (dev) OK\");\n\n const url = `http://${process.env.SERVER_HOST}:${process.env.SERVER_PORT}`;\n\n await this.registerPages(() =>\n fetch(`${url}/index.html`)\n .then((it) => it.text())\n .catch(() => undefined),\n );\n }\n\n /**\n * For testing purposes, creates a render function that can be used.\n */\n public async render(\n name: string,\n options: PageDescriptorRenderOptions = {},\n ): Promise<PageDescriptorRenderResult> {\n const page = this.pageApi.page(name);\n const url = new URL(this.pageApi.url(name, options));\n const entry: Partial<ReactRouterState> = {\n url,\n params: options.params ?? {},\n query: options.query ?? {},\n onError: () => null,\n layers: [],\n meta: {},\n };\n const state = entry as ReactRouterState;\n\n this.log.trace(\"Rendering\", {\n url,\n });\n\n await this.alepha.events.emit(\"react:server:render:begin\", {\n state,\n });\n\n const { redirect } = await this.pageApi.createLayers(\n page,\n state as ReactRouterState,\n );\n\n if (redirect) {\n return { state, html: \"\", redirect };\n }\n\n if (!options.html) {\n this.alepha.state.set(\"alepha.react.router.state\", state);\n\n return {\n state,\n html: renderToString(this.pageApi.root(state)),\n };\n }\n\n const template = this.template ?? \"\";\n const html = this.renderToHtml(template, state, options.hydration);\n\n if (html instanceof Redirection) {\n return { state, html: \"\", redirect };\n }\n\n const result = {\n state,\n html,\n };\n\n await this.alepha.events.emit(\"react:server:render:end\", result);\n\n return result;\n }\n\n protected createHandler(\n route: PageRoute,\n templateLoader: TemplateLoader,\n ): ServerHandler {\n return async (serverRequest) => {\n const { url, reply, query, params } = serverRequest;\n const template = await templateLoader();\n if (!template) {\n throw new AlephaError(\"Missing template for SSR rendering\");\n }\n\n this.log.trace(\"Rendering page\", {\n name: route.name,\n });\n\n const entry: Partial<ReactRouterState> = {\n url,\n params,\n query,\n onError: () => null,\n layers: [],\n };\n\n const state = entry as ReactRouterState;\n\n if (this.alepha.has(ServerLinksProvider)) {\n this.alepha.state.set(\n \"alepha.server.request.apiLinks\",\n await this.alepha.inject(ServerLinksProvider).getUserApiLinks({\n user: (serverRequest as any).user, // TODO: fix type\n authorization: serverRequest.headers.authorization,\n }),\n );\n }\n\n let target: PageRoute | undefined = route; // TODO: move to PageDescriptorProvider\n while (target) {\n if (route.can && !route.can()) {\n // if the page is not accessible, return 403\n reply.status = 403;\n reply.headers[\"content-type\"] = \"text/plain\";\n return \"Forbidden\";\n }\n target = target.parent;\n }\n\n // TODO: SSR strategies\n // - only when googlebot\n // - only child pages\n // if (page.client) {\n // \t// if the page is a client-only page, return 404\n // \treply.status = 200;\n // \treply.headers[\"content-type\"] = \"text/html\";\n // \treply.body = template;\n // \treturn;\n // }\n\n await this.alepha.events.emit(\"react:server:render:begin\", {\n request: serverRequest,\n state,\n });\n\n this.serverTimingProvider.beginTiming(\"createLayers\");\n\n const { redirect } = await this.pageApi.createLayers(route, state);\n\n this.serverTimingProvider.endTiming(\"createLayers\");\n\n if (redirect) {\n return reply.redirect(redirect);\n }\n\n reply.headers[\"content-type\"] = \"text/html\";\n\n // by default, disable caching for SSR responses\n // some plugins may override this\n reply.headers[\"cache-control\"] =\n \"no-store, no-cache, must-revalidate, proxy-revalidate\";\n reply.headers.pragma = \"no-cache\";\n reply.headers.expires = \"0\";\n\n const html = this.renderToHtml(template, state);\n if (html instanceof Redirection) {\n reply.redirect(\n typeof html.redirect === \"string\"\n ? html.redirect\n : this.pageApi.href(html.redirect),\n );\n return;\n }\n\n const event = {\n request: serverRequest,\n state,\n html,\n };\n\n await this.alepha.events.emit(\"react:server:render:end\", event);\n\n route.onServerResponse?.(serverRequest);\n\n this.log.trace(\"Page rendered\", {\n name: route.name,\n });\n\n return event.html;\n };\n }\n\n public renderToHtml(\n template: string,\n state: ReactRouterState,\n hydration = true,\n ): string | Redirection {\n const element = this.pageApi.root(state);\n\n // attach react router state to the http request context\n this.alepha.state.set(\"alepha.react.router.state\", state);\n\n this.serverTimingProvider.beginTiming(\"renderToString\");\n let app = \"\";\n try {\n app = renderToString(element);\n } catch (error) {\n this.log.error(\n \"renderToString has failed, fallback to error handler\",\n error,\n );\n const element = state.onError(error as Error, state);\n if (element instanceof Redirection) {\n // if the error is a redirection, return the redirection URL\n return element;\n }\n\n app = renderToString(element);\n this.log.debug(\"Error handled successfully with fallback\");\n }\n this.serverTimingProvider.endTiming(\"renderToString\");\n\n const response = {\n html: template,\n };\n\n if (hydration) {\n const { request, context, ...store } =\n this.alepha.context.als?.getStore() ?? {}; /// TODO: als must be protected, find a way to iterate on alepha.state\n\n const hydrationData: ReactHydrationState = {\n ...store,\n // map react.router.state to the hydration state\n \"alepha.react.router.state\": undefined,\n layers: state.layers.map((it) => ({\n ...it,\n error: it.error\n ? {\n ...it.error,\n name: it.error.name,\n message: it.error.message,\n stack: !this.alepha.isProduction() ? it.error.stack : undefined,\n }\n : undefined,\n index: undefined,\n path: undefined,\n element: undefined,\n route: undefined,\n })),\n };\n\n // create hydration data\n const script = `<script>window.__ssr=${JSON.stringify(hydrationData)}</script>`;\n\n // inject app into template\n this.fillTemplate(response, app, script);\n }\n\n return response.html;\n }\n\n protected preprocessTemplate(template: string): PreprocessedTemplate {\n // Find the body close tag for script injection\n const bodyCloseMatch = template.match(/<\\/body>/i);\n const bodyCloseIndex = bodyCloseMatch?.index ?? template.length;\n\n const beforeScript = template.substring(0, bodyCloseIndex);\n const afterScript = template.substring(bodyCloseIndex);\n\n // Check if there's an existing root div\n const rootDivMatch = beforeScript.match(this.ROOT_DIV_REGEX);\n\n if (rootDivMatch) {\n // Split around the existing root div content\n const beforeDiv = beforeScript.substring(0, rootDivMatch.index!);\n const afterDivStart = rootDivMatch.index! + rootDivMatch[0].length;\n const afterDiv = beforeScript.substring(afterDivStart);\n\n const beforeApp = `${beforeDiv}<div${rootDivMatch[1]} id=\"${this.env.REACT_ROOT_ID}\"${rootDivMatch[2]}>`;\n const afterApp = `</div>${afterDiv}`;\n\n return { beforeApp, afterApp, beforeScript: \"\", afterScript };\n }\n\n // No existing root div, find body tag to inject new div\n const bodyMatch = beforeScript.match(/<body([^>]*)>/i);\n if (bodyMatch) {\n const beforeBody = beforeScript.substring(\n 0,\n bodyMatch.index! + bodyMatch[0].length,\n );\n const afterBody = beforeScript.substring(\n bodyMatch.index! + bodyMatch[0].length,\n );\n\n const beforeApp = `${beforeBody}<div id=\"${this.env.REACT_ROOT_ID}\">`;\n const afterApp = `</div>${afterBody}`;\n\n return { beforeApp, afterApp, beforeScript: \"\", afterScript };\n }\n\n // Fallback: no body tag found, just wrap everything\n return {\n beforeApp: `<div id=\"${this.env.REACT_ROOT_ID}\">`,\n afterApp: `</div>`,\n beforeScript,\n afterScript,\n };\n }\n\n protected fillTemplate(\n response: { html: string },\n app: string,\n script: string,\n ) {\n if (!this.preprocessedTemplate) {\n // Fallback to old logic if preprocessing failed\n this.preprocessedTemplate = this.preprocessTemplate(response.html);\n }\n\n // Pure concatenation - no regex replacements needed\n response.html =\n this.preprocessedTemplate.beforeApp +\n app +\n this.preprocessedTemplate.afterApp +\n script +\n this.preprocessedTemplate.afterScript;\n }\n}\n\ntype TemplateLoader = () => Promise<string | undefined>;\n\ninterface PreprocessedTemplate {\n beforeApp: string;\n afterApp: string;\n beforeScript: string;\n afterScript: string;\n}\n","import { $inject, AlephaError } from \"alepha\";\nimport { ServerProvider } from \"alepha/server\";\nimport type {\n PageDescriptorRenderOptions,\n PageDescriptorRenderResult,\n} from \"../descriptors/$page.ts\";\nimport { ReactServerProvider } from \"../providers/ReactServerProvider.ts\";\nimport { ReactPageService } from \"./ReactPageService.ts\";\n\nexport class ReactPageServerService extends ReactPageService {\n protected readonly reactServerProvider = $inject(ReactServerProvider);\n protected readonly serverProvider = $inject(ServerProvider);\n\n public async render(\n name: string,\n options: PageDescriptorRenderOptions = {},\n ): Promise<PageDescriptorRenderResult> {\n return this.reactServerProvider.render(name, options);\n }\n\n public async fetch(\n pathname: string,\n options: PageDescriptorRenderOptions = {},\n ): Promise<{\n html: string;\n response: Response;\n }> {\n const response = await fetch(`${this.serverProvider.hostname}/${pathname}`);\n\n const html = await response.text();\n if (options?.html) {\n return { html, response };\n }\n\n // take only text inside the root div\n const match = html.match(this.reactServerProvider.ROOT_DIV_REGEX);\n if (match) {\n return { html: match[3], response };\n }\n\n throw new AlephaError(\"Invalid HTML response\");\n }\n}\n","import { $hook, $inject, Alepha } from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport { type Route, RouterProvider } from \"alepha/router\";\nimport { createElement, type ReactNode } from \"react\";\nimport NotFoundPage from \"../components/NotFound.tsx\";\nimport {\n isPageRoute,\n type PageRoute,\n type PageRouteEntry,\n type PreviousLayerData,\n ReactPageProvider,\n type ReactRouterState,\n} from \"./ReactPageProvider.ts\";\n\nexport interface BrowserRoute extends Route {\n page: PageRoute;\n}\n\nexport class ReactBrowserRouterProvider extends RouterProvider<BrowserRoute> {\n protected readonly log = $logger();\n protected readonly alepha = $inject(Alepha);\n protected readonly pageApi = $inject(ReactPageProvider);\n\n public add(entry: PageRouteEntry) {\n this.pageApi.add(entry);\n }\n\n protected readonly configure = $hook({\n on: \"configure\",\n handler: async () => {\n for (const page of this.pageApi.getPages()) {\n // mount only if a view is provided\n if (page.component || page.lazy) {\n this.push({\n path: page.match,\n page,\n });\n }\n }\n },\n });\n\n public async transition(\n url: URL,\n previous: PreviousLayerData[] = [],\n meta = {},\n ): Promise<string | void> {\n const { pathname, search } = url;\n\n const entry: Partial<ReactRouterState> = {\n url,\n query: {},\n params: {},\n layers: [],\n onError: () => null,\n meta,\n };\n\n const state = entry as ReactRouterState;\n\n // Emit both action and transition events\n await this.alepha.events.emit(\"react:action:begin\", {\n type: \"transition\",\n });\n await this.alepha.events.emit(\"react:transition:begin\", {\n previous: this.alepha.state.get(\"alepha.react.router.state\")!,\n state,\n });\n\n try {\n const { route, params } = this.match(pathname);\n\n const query: Record<string, string> = {};\n if (search) {\n for (const [key, value] of new URLSearchParams(search).entries()) {\n query[key] = String(value);\n }\n }\n\n state.query = query;\n state.params = params ?? {};\n\n if (isPageRoute(route)) {\n const { redirect } = await this.pageApi.createLayers(\n route.page,\n state,\n previous,\n );\n if (redirect) {\n return redirect;\n }\n }\n\n if (state.layers.length === 0) {\n state.layers.push({\n name: \"not-found\",\n element: createElement(NotFoundPage),\n index: 0,\n path: \"/\",\n });\n }\n\n await this.alepha.events.emit(\"react:action:success\", {\n type: \"transition\",\n });\n await this.alepha.events.emit(\"react:transition:success\", { state });\n } catch (e) {\n this.log.error(\"Transition has failed\", e);\n state.layers = [\n {\n name: \"error\",\n element: this.pageApi.renderError(e as Error),\n index: 0,\n path: \"/\",\n },\n ];\n\n await this.alepha.events.emit(\"react:action:error\", {\n type: \"transition\",\n error: e as Error,\n });\n await this.alepha.events.emit(\"react:transition:error\", {\n error: e as Error,\n state,\n });\n }\n\n // [feature]: local hook for leaving a page\n if (previous) {\n for (let i = 0; i < previous.length; i++) {\n const layer = previous[i];\n if (state.layers[i]?.name !== layer.name) {\n this.pageApi.page(layer.name)?.onLeave?.();\n }\n }\n }\n\n this.alepha.state.set(\"alepha.react.router.state\", state);\n\n await this.alepha.events.emit(\"react:action:end\", {\n type: \"transition\",\n });\n await this.alepha.events.emit(\"react:transition:end\", {\n state,\n });\n }\n\n public root(state: ReactRouterState): ReactNode {\n return this.pageApi.root(state);\n }\n}\n","import {\n $atom,\n $env,\n $hook,\n $inject,\n $use,\n Alepha,\n type State,\n type Static,\n t,\n} from \"alepha\";\nimport { DateTimeProvider } from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { LinkProvider } from \"alepha/server/links\";\nimport { ReactBrowserRouterProvider } from \"./ReactBrowserRouterProvider.ts\";\nimport type {\n PreviousLayerData,\n ReactRouterState,\n TransitionOptions,\n} from \"./ReactPageProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nconst envSchema = t.object({\n REACT_ROOT_ID: t.text({ default: \"root\" }),\n});\n\ndeclare module \"alepha\" {\n interface Env extends Partial<Static<typeof envSchema>> {}\n}\n\n/**\n * React browser renderer configuration atom\n */\nexport const reactBrowserOptions = $atom({\n name: \"alepha.react.browser.options\",\n schema: t.object({\n scrollRestoration: t.enum([\"top\", \"manual\"]),\n }),\n default: {\n scrollRestoration: \"top\" as const,\n },\n});\n\nexport type ReactBrowserRendererOptions = Static<\n typeof reactBrowserOptions.schema\n>;\n\ndeclare module \"alepha\" {\n interface State {\n [reactBrowserOptions.key]: ReactBrowserRendererOptions;\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport class ReactBrowserProvider {\n protected readonly env = $env(envSchema);\n protected readonly log = $logger();\n protected readonly client = $inject(LinkProvider);\n protected readonly alepha = $inject(Alepha);\n protected readonly router = $inject(ReactBrowserRouterProvider);\n protected readonly dateTimeProvider = $inject(DateTimeProvider);\n\n protected readonly options = $use(reactBrowserOptions);\n\n protected getRootElement() {\n const root = this.document.getElementById(this.env.REACT_ROOT_ID);\n if (root) {\n return root;\n }\n\n const div = this.document.createElement(\"div\");\n div.id = this.env.REACT_ROOT_ID;\n\n this.document.body.prepend(div);\n\n return div;\n }\n\n public transitioning?: {\n to: string;\n from?: string;\n };\n\n public get state(): ReactRouterState {\n return this.alepha.state.get(\"alepha.react.router.state\")!;\n }\n\n /**\n * Accessor for Document DOM API.\n */\n public get document() {\n return window.document;\n }\n\n /**\n * Accessor for History DOM API.\n */\n public get history() {\n return window.history;\n }\n\n /**\n * Accessor for Location DOM API.\n */\n public get location() {\n return window.location;\n }\n\n public get base() {\n const base = import.meta.env?.BASE_URL;\n if (!base || base === \"/\") {\n return \"\";\n }\n\n return base;\n }\n\n public get url(): string {\n const url = this.location.pathname + this.location.search;\n if (this.base) {\n return url.replace(this.base, \"\");\n }\n return url;\n }\n\n public pushState(path: string, replace?: boolean) {\n const url = this.base + path;\n\n if (replace) {\n this.history.replaceState({}, \"\", url);\n } else {\n this.history.pushState({}, \"\", url);\n }\n }\n\n public async invalidate(props?: Record<string, any>) {\n const previous: PreviousLayerData[] = [];\n\n this.log.trace(\"Invalidating layers\");\n\n if (props) {\n const [key] = Object.keys(props);\n const value = props[key];\n\n for (const layer of this.state.layers) {\n if (layer.props?.[key]) {\n previous.push({\n ...layer,\n props: {\n ...layer.props,\n [key]: value,\n },\n });\n break;\n }\n previous.push(layer);\n }\n }\n\n await this.render({ previous });\n }\n\n public async go(url: string, options: RouterGoOptions = {}): Promise<void> {\n this.log.trace(`Going to ${url}`, {\n url,\n options,\n });\n\n await this.render({\n url,\n previous: options.force ? [] : this.state.layers,\n meta: options.meta,\n });\n\n // when redirecting in browser\n if (this.state.url.pathname + this.state.url.search !== url) {\n this.pushState(this.state.url.pathname + this.state.url.search);\n return;\n }\n\n this.pushState(url, options.replace);\n }\n\n protected async render(options: RouterRenderOptions = {}): Promise<void> {\n const previous = options.previous ?? this.state.layers;\n const url = options.url ?? this.url;\n const start = this.dateTimeProvider.now();\n\n this.transitioning = {\n to: url,\n from: this.state?.url.pathname,\n };\n\n this.log.debug(\"Transitioning...\", {\n to: url,\n });\n\n const redirect = await this.router.transition(\n new URL(`http://localhost${url}`),\n previous,\n options.meta,\n );\n\n if (redirect) {\n this.log.info(\"Redirecting to\", {\n redirect,\n });\n\n // if redirect is an absolute URL, use window.location.href (full page reload)\n if (redirect.startsWith(\"http\")) {\n window.location.href = redirect;\n } else {\n // if redirect is a relative URL, use render() (single page app)\n return await this.render({ url: redirect });\n }\n }\n\n const ms = this.dateTimeProvider.now().diff(start);\n this.log.info(`Transition OK [${ms}ms]`, this.transitioning);\n\n this.transitioning = undefined;\n }\n\n /**\n * Get embedded layers from the server.\n */\n protected getHydrationState(): ReactHydrationState | undefined {\n try {\n if (\"__ssr\" in window && typeof window.__ssr === \"object\") {\n return window.__ssr as ReactHydrationState;\n }\n } catch (error) {\n console.error(error);\n }\n }\n\n // -------------------------------------------------------------------------------------------------------------------\n\n protected readonly onTransitionEnd = $hook({\n on: \"react:transition:end\",\n handler: () => {\n if (\n this.options.scrollRestoration === \"top\" &&\n typeof window !== \"undefined\" &&\n !this.alepha.isTest()\n ) {\n this.log.trace(\"Restoring scroll position to top\");\n window.scrollTo(0, 0);\n }\n },\n });\n\n public readonly ready = $hook({\n on: \"ready\",\n handler: async () => {\n const hydration = this.getHydrationState();\n const previous = hydration?.layers ?? [];\n\n if (hydration) {\n // low budget, but works for now\n for (const [key, value] of Object.entries(hydration)) {\n if (key !== \"layers\") {\n this.alepha.state.set(key as keyof State, value);\n }\n }\n }\n\n await this.render({ previous });\n\n const element = this.router.root(this.state);\n\n await this.alepha.events.emit(\"react:browser:render\", {\n element,\n root: this.getRootElement(),\n hydration,\n state: this.state,\n });\n\n window.addEventListener(\"popstate\", () => {\n // when you update silently queryParams or hash, skip rendering\n // if you want to force a rendering, use #go()\n if (this.base + this.state.url.pathname === this.location.pathname) {\n return;\n }\n\n this.log.debug(\"Popstate event triggered - rendering new state\", {\n url: this.location.pathname + this.location.search,\n });\n\n this.render();\n });\n },\n });\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface RouterGoOptions {\n replace?: boolean;\n match?: TransitionOptions;\n params?: Record<string, string>;\n query?: Record<string, string>;\n meta?: Record<string, any>;\n\n /**\n * Recreate the whole page, ignoring the current state.\n */\n force?: boolean;\n}\n\nexport type ReactHydrationState = {\n layers?: Array<PreviousLayerData>;\n} & {\n [key: string]: any;\n};\n\nexport interface RouterRenderOptions {\n url?: string;\n previous?: PreviousLayerData[];\n meta?: Record<string, any>;\n}\n","import { $inject, Alepha } from \"alepha\";\nimport type { PageDescriptor } from \"../descriptors/$page.ts\";\nimport {\n ReactBrowserProvider,\n type RouterGoOptions,\n} from \"../providers/ReactBrowserProvider.ts\";\nimport {\n type AnchorProps,\n ReactPageProvider,\n type ReactRouterState,\n} from \"../providers/ReactPageProvider.ts\";\n\nexport class ReactRouter<T extends object> {\n protected readonly alepha = $inject(Alepha);\n protected readonly pageApi = $inject(ReactPageProvider);\n\n public get state(): ReactRouterState {\n return this.alepha.state.get(\"alepha.react.router.state\")!;\n }\n\n public get pages() {\n return this.pageApi.getPages();\n }\n\n public get concretePages() {\n return this.pageApi.getConcretePages();\n }\n\n public get browser(): ReactBrowserProvider | undefined {\n if (this.alepha.isBrowser()) {\n return this.alepha.inject(ReactBrowserProvider);\n }\n // server-side\n return undefined;\n }\n\n public isActive(\n href: string,\n options: {\n startWith?: boolean;\n } = {},\n ): boolean {\n const current = this.state.url.pathname;\n let isActive =\n current === href || current === `${href}/` || `${current}/` === href;\n\n if (options.startWith && !isActive) {\n isActive = current.startsWith(href);\n }\n\n return isActive;\n }\n\n public path(\n name: keyof VirtualRouter<T> | string,\n config: {\n params?: Record<string, any>;\n query?: Record<string, any>;\n } = {},\n ): string {\n return this.pageApi.pathname(name as string, {\n params: {\n ...this.state?.params,\n ...config.params,\n },\n query: config.query,\n });\n }\n\n /**\n * Reload the current page.\n * This is equivalent to calling `go()` with the current pathname and search.\n */\n public async reload() {\n if (!this.browser) {\n return;\n }\n\n await this.go(this.location.pathname + this.location.search, {\n replace: true,\n force: true,\n });\n }\n\n public getURL(): URL {\n if (!this.browser) {\n return this.state.url;\n }\n\n return new URL(this.location.href);\n }\n\n public get location(): Location {\n if (!this.browser) {\n throw new Error(\"Browser is required\");\n }\n\n return this.browser.location;\n }\n\n public get current(): ReactRouterState {\n return this.state;\n }\n\n public get pathname(): string {\n return this.state.url.pathname;\n }\n\n public get query(): Record<string, string> {\n const query: Record<string, string> = {};\n\n for (const [key, value] of new URLSearchParams(\n this.state.url.search,\n ).entries()) {\n query[key] = String(value);\n }\n\n return query;\n }\n\n public async back() {\n this.browser?.history.back();\n }\n\n public async forward() {\n this.browser?.history.forward();\n }\n\n public async invalidate(props?: Record<string, any>) {\n await this.browser?.invalidate(props);\n }\n\n public async go(path: string, options?: RouterGoOptions): Promise<void>;\n public async go(\n path: keyof VirtualRouter<T>,\n options?: RouterGoOptions,\n ): Promise<void>;\n public async go(\n path: string | keyof VirtualRouter<T>,\n options?: RouterGoOptions,\n ): Promise<void> {\n for (const page of this.pages) {\n if (page.name === path) {\n await this.browser?.go(\n this.path(path as keyof VirtualRouter<T>, options),\n options,\n );\n return;\n }\n }\n\n await this.browser?.go(path as string, options);\n }\n\n public anchor(path: string, options?: RouterGoOptions): AnchorProps;\n public anchor(\n path: keyof VirtualRouter<T>,\n options?: RouterGoOptions,\n ): AnchorProps;\n public anchor(\n path: string | keyof VirtualRouter<T>,\n options: RouterGoOptions = {},\n ): AnchorProps {\n let href = path as string;\n\n for (const page of this.pages) {\n if (page.name === path) {\n href = this.path(path as keyof VirtualRouter<T>, options);\n break;\n }\n }\n\n return {\n href: this.base(href),\n onClick: (ev: any) => {\n ev.stopPropagation();\n ev.preventDefault();\n\n this.go(href, options).catch(console.error);\n },\n };\n }\n\n public base(path: string): string {\n const base = import.meta.env?.BASE_URL;\n if (!base || base === \"/\") {\n return path;\n }\n\n return base + path;\n }\n\n /**\n * Set query params.\n *\n * @param record\n * @param options\n */\n public setQueryParams(\n record:\n | Record<string, any>\n | ((queryParams: Record<string, any>) => Record<string, any>),\n options: {\n /**\n * If true, this will add a new entry to the history stack.\n */\n push?: boolean;\n } = {},\n ) {\n const func = typeof record === \"function\" ? record : () => record;\n const search = new URLSearchParams(func(this.query)).toString();\n const state = search ? `${this.pathname}?${search}` : this.pathname;\n\n if (options.push) {\n window.history.pushState({}, \"\", state);\n } else {\n window.history.replaceState({}, \"\", state);\n }\n }\n}\n\nexport type VirtualRouter<T> = {\n [K in keyof T as T[K] extends PageDescriptor ? K : never]: T[K];\n};\n","import { $module } from \"alepha\";\nimport { AlephaDateTime } from \"alepha/datetime\";\nimport { AlephaServer, type ServerRequest } from \"alepha/server\";\nimport { AlephaServerCache } from \"alepha/server/cache\";\nimport { AlephaServerLinks } from \"alepha/server/links\";\nimport type { ReactNode } from \"react\";\nimport { $page, type PageAnimation } from \"./descriptors/$page.ts\";\nimport type { ReactHydrationState } from \"./providers/ReactBrowserProvider.ts\";\nimport {\n ReactPageProvider,\n type ReactRouterState,\n} from \"./providers/ReactPageProvider.ts\";\nimport { ReactServerProvider } from \"./providers/ReactServerProvider.ts\";\nimport { ReactPageServerService } from \"./services/ReactPageServerService.ts\";\nimport { ReactPageService } from \"./services/ReactPageService.ts\";\nimport { ReactRouter } from \"./services/ReactRouter.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./index.shared.ts\";\nexport * from \"./index.shared-router.ts\";\nexport * from \"./providers/ReactBrowserProvider.ts\";\nexport * from \"./providers/ReactPageProvider.ts\";\nexport * from \"./providers/ReactServerProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha\" {\n interface State {\n \"alepha.react.router.state\"?: ReactRouterState;\n }\n\n interface Hooks {\n /**\n * Fires when the React application is starting to be rendered on the server.\n */\n \"react:server:render:begin\": {\n request?: ServerRequest;\n state: ReactRouterState;\n };\n /**\n * Fires when the React application has been rendered on the server.\n */\n \"react:server:render:end\": {\n request?: ServerRequest;\n state: ReactRouterState;\n html: string;\n };\n // -----------------------------------------------------------------------------------------------------------------\n /**\n * Fires when the React application is being rendered on the browser.\n */\n \"react:browser:render\": {\n root: HTMLElement;\n element: ReactNode;\n state: ReactRouterState;\n hydration?: ReactHydrationState;\n };\n // -----------------------------------------------------------------------------------------------------------------\n // TOP LEVEL: All user actions (forms, transitions, custom actions)\n /**\n * Fires when a user action is starting.\n * Action can be a form submission, a route transition, or a custom action.\n */\n \"react:action:begin\": {\n type: string;\n id?: string;\n };\n /**\n * Fires when a user action has succeeded.\n * Action can be a form submission, a route transition, or a custom action.\n */\n \"react:action:success\": {\n type: string;\n id?: string;\n };\n /**\n * Fires when a user action has failed.\n * Action can be a form submission, a route transition, or a custom action.\n */\n \"react:action:error\": {\n type: string;\n id?: string;\n error: Error;\n };\n /**\n * Fires when a user action has completed, regardless of success or failure.\n * Action can be a form submission, a route transition, or a custom action.\n */\n \"react:action:end\": {\n type: string;\n id?: string;\n };\n // -----------------------------------------------------------------------------------------------------------------\n // SPECIFIC: Route transitions\n /**\n * Fires when a route transition is starting.\n */\n \"react:transition:begin\": {\n previous: ReactRouterState;\n state: ReactRouterState;\n animation?: PageAnimation;\n };\n /**\n * Fires when a route transition has succeeded.\n */\n \"react:transition:success\": {\n state: ReactRouterState;\n };\n /**\n * Fires when a route transition has failed.\n */\n \"react:transition:error\": {\n state: ReactRouterState;\n error: Error;\n };\n /**\n * Fires when a route transition has completed, regardless of success or failure.\n */\n \"react:transition:end\": {\n state: ReactRouterState;\n };\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * Provides full-stack React development with declarative routing, server-side rendering, and client-side hydration.\n *\n * The React module enables building modern React applications using the `$page` descriptor on class properties.\n * It delivers seamless server-side rendering, automatic code splitting, and client-side navigation with full\n * type safety and schema validation for route parameters and data.\n *\n * @see {@link $page}\n * @module alepha.react\n */\nexport const AlephaReact = $module({\n name: \"alepha.react\",\n descriptors: [$page],\n services: [\n ReactServerProvider,\n ReactPageProvider,\n ReactRouter,\n ReactPageService,\n ReactPageServerService,\n ],\n register: (alepha) =>\n alepha\n .with(AlephaDateTime)\n .with(AlephaServer)\n .with(AlephaServerCache)\n .with(AlephaServerLinks)\n .with({\n provide: ReactPageService,\n use: ReactPageServerService,\n })\n .with(ReactServerProvider)\n .with(ReactPageProvider)\n .with(ReactRouter),\n});\n","import { $hook, $inject, Alepha } from \"alepha\";\n\nexport class ReactAuthProvider {\n protected readonly alepha = $inject(Alepha);\n\n public readonly onRender = $hook({\n on: \"react:server:render:begin\",\n handler: async ({ request, state }) => {\n if (request?.user) {\n const { token, realm, ...user } = request.user; // do not send token and realm to the client\n this.alepha.state.set(\"alepha.server.request.user\", user); // for hydration, browser, etc...\n state.user = user;\n }\n },\n });\n}\n","import { ReactBrowserProvider, Redirection } from \"@alepha/react\";\nimport { $hook, $inject, Alepha } from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport { HttpClient } from \"alepha/server\";\nimport { alephaServerAuthRoutes, tokenResponseSchema, type Tokens, userinfoResponseSchema } from \"alepha/server/auth\";\n\n/**\n * Browser, SSR friendly, service to handle authentication.\n */\nexport class ReactAuth {\n protected readonly log = $logger();\n protected readonly alepha = $inject(Alepha);\n protected readonly httpClient = $inject(HttpClient);\n\n protected readonly onBeginTransition = $hook({\n on: \"react:transition:begin\",\n handler: async (event) => {\n if (this.alepha.isBrowser()) {\n Object.defineProperty(event.state, \"user\", {\n get: () => this.user,\n });\n }\n },\n });\n\n protected readonly onFetchRequest = $hook({\n on: \"client:onRequest\",\n handler: async ({ request }) => {\n if (this.alepha.isBrowser() && this.user) {\n // ensure cookies are sent with requests and refresh-able\n request.credentials ??= \"include\";\n }\n },\n });\n\n /**\n * Get the current authenticated user.\n *\n * Alias for `alepha.state.get(\"user\")`\n */\n public get user(): UserAccountToken | undefined {\n return this.alepha.state.get(\"alepha.server.request.user\");\n }\n\n public async ping() {\n const { data } = await this.httpClient.fetch(alephaServerAuthRoutes.userinfo, {\n schema: { response: userinfoResponseSchema },\n });\n\n this.alepha.state.set(\"alepha.server.request.apiLinks\", data.api);\n this.alepha.state.set(\"alepha.server.request.user\", data.user);\n\n return data.user;\n }\n\n public async login(\n provider: string,\n options: {\n hostname?: string;\n username?: string;\n password?: string;\n redirect?: string;\n [extra: string]: any;\n },\n ): Promise<Tokens> {\n if (options.username || options.password) {\n const { data } = await this.httpClient.fetch(\n `${options.hostname || \"\"}${alephaServerAuthRoutes.token}?provider=${provider}`,\n {\n method: \"POST\",\n body: JSON.stringify({\n username: options.username,\n password: options.password,\n ...options,\n }),\n schema: { response: tokenResponseSchema },\n },\n );\n\n this.alepha.state.set(\"alepha.server.request.apiLinks\", data.api);\n this.alepha.state.set(\"alepha.server.request.user\", data.user);\n\n return data;\n }\n\n if (this.alepha.isBrowser()) {\n const browser = this.alepha.inject(ReactBrowserProvider);\n const redirect =\n options.redirect ||\n (browser.transitioning\n ? window.location.origin + browser.transitioning.to\n : window.location.href);\n\n const href = `${window.location.origin}${alephaServerAuthRoutes.login}?provider=${provider}&redirect_uri=${encodeURIComponent(redirect)}`;\n\n if (browser.transitioning) {\n throw new Redirection(href);\n } else {\n window.location.href = href;\n return {} as Tokens;\n }\n }\n\n throw new Redirection(\n `${alephaServerAuthRoutes.login}?provider=${provider}&redirect_uri=${options.redirect || \"/\"}`,\n );\n }\n\n public logout() {\n window.location.href = `${alephaServerAuthRoutes.logout}?post_logout_redirect_uri=${encodeURIComponent(window.location.origin)}`;\n }\n}\n","import { useAlepha, useStore } from \"@alepha/react\";\nimport { type HttpVirtualClient, LinkProvider } from \"alepha/server/links\";\nimport { ReactAuth } from \"../services/ReactAuth.ts\";\n\nexport const useAuth = <T extends object = any>() => {\n const alepha = useAlepha();\n const [user] = useStore(\"alepha.server.request.user\");\n\n return {\n user,\n logout: () => {\n alepha.inject(ReactAuth).logout();\n },\n login: async (\n provider: keyof T,\n options: {\n username?: string;\n password?: string;\n redirect?: string;\n [extra: string]: any;\n } = {},\n ) => {\n await alepha.inject(ReactAuth).login(provider as string, options);\n },\n can: <Api extends object = any>(\n name: keyof HttpVirtualClient<Api>,\n ): boolean => {\n return alepha.inject(LinkProvider).can(name as string);\n },\n };\n};\n","import { AlephaReact } from \"@alepha/react\";\nimport { $module } from \"alepha\";\nimport type { UserAccount } from \"alepha/security\";\nimport { ReactAuthProvider } from \"./providers/ReactAuthProvider.ts\";\nimport { ReactAuth } from \"./services/ReactAuth.ts\";\nimport { $auth, AlephaServerAuth } from \"alepha/server/auth\";\nimport { AlephaServerLinks } from \"alepha/server/links\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./index.shared.ts\";\nexport * from \"./providers/ReactAuthProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"@alepha/react\" {\n interface ReactRouterState {\n user?: UserAccount;\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * The ReactAuthModule provides authentication services for React applications.\n *\n * @see {@link ReactAuthProvider}\n * @module alepha.react.auth\n */\nexport const AlephaReactAuth = $module({\n name: \"alepha.react.auth\",\n descriptors: [$auth],\n services: [AlephaReact, AlephaServerLinks, AlephaServerAuth, ReactAuthProvider, ReactAuth],\n});\n"],"mappings":";;;;;;;;;;;;;;;;AAMA,IAAa,mBAAb,MAA8B;CAC5B,AAAO,MACL,UACA,UAAuC,EAAE,EAIxC;AACD,QAAM,IAAI,YAAY,+CAA+C;;CAGvE,AAAO,OACL,MACA,UAAuC,EAAE,EACJ;AACrC,QAAM,IAAI,YAAY,gDAAgD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACoF1E,MAAa,SAKX,YACkD;AAClD,QAAO,iBACL,gBACA,QACD;;AAuMH,IAAa,iBAAb,cAIU,WAAiE;CACzE,AAAmB,mBAAmB,QAAQ,iBAAiB;CAE/D,AAAU,SAAS;AACjB,MAAI,KAAK,QAAQ,OACf,MAAK,QAAQ,UAAU,EACrB,OAAO;GACL,UAAU;GACV,KAAK,CAAC,GAAG,OAAO;GACjB,EACF;;CAIL,IAAW,OAAe;AACxB,SAAO,KAAK,QAAQ,QAAQ,KAAK,OAAO;;;;;;;;CAS1C,MAAa,OACX,SACqC;AACrC,SAAO,KAAK,iBAAiB,OAAO,KAAK,MAAM,QAAQ;;CAGzD,MAAa,MAAM,SAGhB;AACD,SAAO,KAAK,iBAAiB,MAAM,KAAK,QAAQ,QAAQ,IAAI,QAAQ;;CAGtE,AAAO,MAAM,KAAsB;AAEjC,SAAO;;CAGT,AAAO,SAAS,QAAa;AAE3B,SAAO,KAAK,QAAQ,QAAQ;;;AAIhC,MAAM,QAAQ;;;;;;;;;;;;;;ACxVd,MAAM,cAAc,UAA8C;CAChE,MAAM,CAAC,SAAS,cAAc,SAAS,MAAM;AAE7C,iBAAgB,WAAW,KAAK,EAAE,EAAE,CAAC;AAErC,KAAI,MAAM,SACR,QAAO,MAAM;AAGf,QAAO,UAAU,MAAM,WAAW,MAAM;;AAG1C,yBAAe;;;;ACxBf,MAAM,eAAe,EAAE,OAAO,aAA+B;CAC3D,MAAM,CAAC,UAAU,eAAe,SAAS,MAAM;AAI/C,KAHqB,OAAO,cAAc,CAIxC,QAAO,oBAAC,0BAAwB;CAGlC,MAAM,aAAa,MAAM,OAAO,MAAM,KAAK,IAAI,EAAE;CACjD,MAAM,eAAe,WAAW,MAAM,GAAG,EAAE;CAC3C,MAAM,kBAAkB,WAAW,SAAS,aAAa;CAEzD,MAAM,mBAAmB,SAAiB;AACxC,YAAU,UAAU,UAAU,KAAK,CAAC,OAAO,QAAQ;AACjD,WAAQ,MAAM,oBAAoB,IAAI;IACtC;;CAGJ,MAAM,SAAS;EACb,WAAW;GACT,SAAS;GACT,iBAAiB;GACjB,OAAO;GACP,QAAQ;GACR,cAAc;GACd,WAAW;GACX,YAAY;GACZ,UAAU;GACV,QAAQ;GACT;EACD,SAAS;GACP,UAAU;GACV,YAAY;GACZ,cAAc;GACf;EACD,MAAM;GACJ,UAAU;GACV,YAAY;GACb;EACD,SAAS;GACP,UAAU;GACV,cAAc;GACf;EACD,eAAe;GACb,SAAS;GACT,gBAAgB;GAChB,YAAY;GACZ,UAAU;GACV,cAAc;GACd,OAAO;GACR;EACD,YAAY;GACV,UAAU;GACV,OAAO;GACP,YAAY;GACZ,QAAQ;GACR,QAAQ;GACR,gBAAgB;GACjB;EACD,gBAAgB;GACd,iBAAiB;GACjB,SAAS;GACT,cAAc;GACd,UAAU;GACV,YAAY;GACZ,WAAW;GACX,YAAY;GACb;EACD,YAAY;GACV,OAAO;GACP,QAAQ;GACR,WAAW;GACZ;EACF;AAED,QACE,qBAAC;EAAI,OAAO,OAAO;aACjB,qBAAC;GACC,oBAAC;IAAI,OAAO,OAAO;cAAS;KAAc;GAC1C,oBAAC;IAAI,OAAO,OAAO;cAAO,MAAM;KAAW;GAC3C,oBAAC;IAAI,OAAO,OAAO;cAAU,MAAM;KAAc;MAC7C,EAEL,WAAW,SAAS,KACnB,qBAAC,oBACC,qBAAC;GAAI,OAAO,OAAO;cACjB,oBAAC,oBAAK,gBAAkB,EACxB,oBAAC;IACC,MAAK;IACL,eAAe,gBAAgB,MAAM,MAAO;IAC5C,OAAO,OAAO;cACf;KAEQ;IACL,EACN,qBAAC;GAAI,OAAO,OAAO;eACf,WAAW,aAAa,cAAc,KAAK,MAAM,MACjD,oBAAC,mBAAa,QAAJ,EAAe,CACzB,EACD,CAAC,YAAY,kBAAkB,KAC9B,qBAAC;IAAK,OAAO,OAAO;IAAY,eAAe,YAAY,KAAK;;KAAE;KAC7D;KAAgB;;KACf;IAEJ,IACF;GAEJ;;AAIV,0BAAe;AAEf,MAAM,8BAA8B;CAClC,MAAM,SAAS;EACb,WAAW;GACT,SAAS;GACT,iBAAiB;GACjB,OAAO;GACP,QAAQ;GACR,cAAc;GACd,WAAW;GACX,YAAY;GACZ,UAAU;GACV,QAAQ;GACR,WAAW;GACZ;EACD,SAAS;GACP,UAAU;GACV,YAAY;GACZ,cAAc;GACf;EACD,MAAM;GACJ,UAAU;GACV,YAAY;GACZ,cAAc;GACf;EACD,SAAS;GACP,UAAU;GACV,SAAS;GACV;EACF;AAED,QACE,qBAAC;EAAI,OAAO,OAAO;aACjB,oBAAC;GAAI,OAAO,OAAO;aAAS;IAA0B,EACtD,oBAAC;GAAI,OAAO,OAAO;aAAS;IAEtB;GACF;;;;;ACzJV,MAAa,qBAAqB,cAEhC,OAAU;;;;;;;;;ACJZ,IAAa,cAAb,cAAiC,MAAM;CACrC,AAAgB;CAEhB,YAAY,UAAkB;AAC5B,QAAM,cAAc;AACpB,OAAK,WAAW;;;;;;ACPpB,MAAa,gBAAgB,cAAkC,OAAU;;;;;;;;;;;;;;;;ACazE,MAAa,kBAA0B;CACrC,MAAM,SAAS,WAAW,cAAc;AACxC,KAAI,CAAC,OACH,OAAM,IAAI,YACR,mEACD;AAGH,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACGT,MAAa,aAAa,MAAiB,SAAyB;CAClE,MAAM,SAAS,WAAW;AAE1B,iBAAgB;AACd,MAAI,CAAC,OAAO,WAAW,CACrB;EAGF,MAAMA,OAAmB,EAAE;AAC3B,OAAK,MAAM,CAAC,MAAM,SAAS,OAAO,QAAQ,KAAK,CAC7C,MAAK,KAAK,OAAO,OAAO,GAAG,MAAa,KAAY,CAAC;AAGvD,eAAa;AACX,QAAK,MAAM,SAAS,KAClB,QAAO;;IAGV,KAAK;;;;;AC7BV,SAAS,SAAS,QAAa,cAAyB;CACtD,MAAM,SAAS,WAAW;AAE1B,eAAc;AACZ,MAAI,gBAAgB,QAAQ,OAAO,MAAM,IAAI,OAAO,IAAI,KACtD,QAAO,MAAM,IAAI,QAAQ,aAAa;IAEvC,CAAC,aAAa,CAAC;CAElB,MAAM,CAAC,OAAO,YAAY,SAAS,OAAO,MAAM,IAAI,OAAO,CAAC;AAE5D,iBAAgB;AACd,MAAI,CAAC,OAAO,WAAW,CACrB;EAGF,MAAM,MAAM,kBAAkB,OAAO,OAAO,MAAM;AAElD,SAAO,OAAO,OAAO,GAAG,iBAAiB,OAAO;AAC9C,OAAI,GAAG,QAAQ,IACb,UAAS,GAAG,MAAM;IAEpB;IACD,EAAE,CAAC;AAEN,QAAO,CACL,QACC,UAAe;AACd,SAAO,MAAM,IAAI,QAAQ,MAAM;GAElC;;;;;AC1CH,MAAa,uBAAyC;CACpD,MAAM,CAAC,SAAS,SAAS,4BAA4B;AACrD,KAAI,CAAC,MACH,OAAM,IAAI,YAAY,6BAA6B;AAErD,QAAO;;;;;;;;;ACyBT,IAAa,gBAAb,cAAmC,MAAM,UAGvC;CACA,YAAY,OAA2B;AACrC,QAAM,MAAM;AACZ,OAAK,QAAQ,EAAE;;;;;CAMjB,OAAO,yBAAyB,OAAkC;AAChE,SAAO,EACL,OACD;;;;;;CAOH,kBAAkB,OAAc,MAAuB;AACrD,MAAI,KAAK,MAAM,QACb,MAAK,MAAM,QAAQ,OAAO,KAAK;;CAInC,SAAoB;AAClB,MAAI,KAAK,MAAM,MACb,QAAO,KAAK,MAAM,SAAS,KAAK,MAAM,MAAM;AAG9C,SAAO,KAAK,MAAM;;;AAItB,4BAAe;;;;;;;;;;;;;;;;;;;;;;;;;ACpCf,MAAM,cAAc,UAA2B;CAC7C,MAAM,QAAQ,IAAI,mBAAmB,EAAE,SAAS;CAChD,MAAM,QAAQ,gBAAgB;CAE9B,MAAM,CAAC,MAAM,WAAW,SACtB,MAAM,OAAO,QAAQ,QACtB;CAED,MAAM,CAAC,WAAW,gBAAgB,SAAS,GAAG;CAC9C,MAAM,wBAAwB,OAAe,EAAE;CAC/C,MAAM,mBAAmB,OAAe,EAAE;AAE1C,WACE;EACE,0BAA0B,OAAO,EAAE,UAAU,qBAAY;GAEvD,MAAM,QAAQ,SAAS,OAAO;AAC9B,OAAI,GAAGC,QAAM,IAAI,SAAS,GAAG,WAAW,GAAG,OAAO,KAAK,GAAG,CACxD;GAGF,MAAM,gBAAgB,eACpB,MAAM,OAAO,WACbA,SACA,OACD;AAED,OAAI,eAAe;IACjB,MAAM,WAAW,cAAc,YAAY;AAC3C,qBAAiB,UAAU,KAAK,KAAK;AACrC,0BAAsB,UAAU;AAChC,iBAAa,cAAc,UAAU;UAChC;AACL,qBAAiB,UAAU;AAC3B,0BAAsB,UAAU;AAChC,iBAAa,GAAG;;;EAIpB,wBAAwB,OAAO,EAAE,qBAAY;GAC3C,MAAM,QAAQA,QAAM,OAAO;AAG3B,OAAI,iBAAiB,SAAS;IAC5B,MAAM,WAAW,sBAAsB;IACvC,MAAM,OAAO,KAAK,KAAK,GAAG,iBAAiB;AAC3C,QAAI,OAAO,SACT,OAAM,IAAI,SAAS,YACjB,WAAW,SAAS,WAAW,KAAK,CACrC;;AAKL,OAAI,CAAC,OAAO,OAAO;AACjB,YAAQ,OAAO,QAAQ;IAGvB,MAAM,iBAAiB,eACrB,OAAO,OAAO,WACdA,SACA,QACD;AAED,QAAI,eACF,cAAa,eAAe,UAAU;QAEtC,cAAa,GAAG;;;EAKvB,EACD,EAAE,CACH;CAED,IAAI,UAAU,QAAQ,MAAM,YAAY;AAGxC,KAAI,UACF,WACE,oBAAC;EACC,OAAO;GACL,SAAS;GACT,MAAM;GACN,QAAQ;GACR,OAAO;GACP,UAAU;GACV,UAAU;GACX;YAED,oBAAC;GACC,OAAO;IAAE,QAAQ;IAAQ,OAAO;IAAQ,SAAS;IAAQ;IAAW;aAEnE;IACG;GACF;AAKV,KAAI,MAAM,kBAAkB,MAC1B,QAAO,0CAAG,UAAW;AAGvB,KAAI,MAAM,cACR,QACE,oBAACC;EAAc,UAAU,MAAM;YAAgB;GAAwB;AAI3E,QACE,oBAACA;EACC,WAAW,UAAU;GACnB,MAAM,SAAS,MAAM,QAAQ,OAAO,MAAM;AAC1C,OAAI,kBAAkB,YACpB,QAAO;AAET,UAAO;;YAGR;GACa;;AAIpB,yBAAe,KAAK,WAAW;AAE/B,SAAS,eACP,eACA,OACA,OAAyB,SAMb;AACZ,KAAI,CAAC,cACH;CAGF,MAAM,mBAAmB;CAEzB,MAAM,YACJ,OAAO,kBAAkB,aAAa,cAAc,MAAM,GAAG;AAE/D,KAAI,OAAO,cAAc,UAAU;AACjC,MAAI,SAAS,OACX;AAEF,SAAO;GACL,UAAU;GACV,WAAW,GAAG,iBAAiB,KAAK;GACrC;;AAGH,KAAI,OAAO,cAAc,UAAU;EACjC,MAAM,OAAO,UAAU;EACvB,MAAM,WACJ,OAAO,SAAS,WACX,KAAK,YAAY,mBAClB;EACN,MAAM,OAAO,OAAO,SAAS,WAAW,KAAK,OAAO;AAEpD,MAAI,SAAS,OAEX,QAAO;GACL;GACA,WAAW,GAAG,SAAS,KAHV,OAAO,SAAS,WAAY,KAAK,UAAU,KAAM,GAG3B,GAAG;GACvC;AAKH,SAAO;GACL;GACA,WAAW,GAAG,SAAS,KAJV,OAAO,SAAS,WAAY,KAAK,UAAU,KAAM,GAI3B,GAAG;GACvC;;;;;;ACnNL,SAAwB,aAAa,OAAkC;AACrE,QACE,oBAAC;EACC,OAAO;GACL,QAAQ;GACR,SAAS;GACT,eAAe;GACf,gBAAgB;GAChB,YAAY;GACZ,WAAW;GACX,YAAY;GACZ,SAAS;GACT,GAAG,MAAM;GACV;YAED,oBAAC;GAAG,OAAO;IAAE,UAAU;IAAQ,cAAc;IAAU;aAAE;IAEpD;GACD;;;;;ACMV,MAAMC,cAAY,EAAE,OAAO,EACzB,mBAAmB,EAAE,QAAQ,EAAE,SAAS,MAAM,CAAC,EAChD,CAAC;AAMF,IAAa,oBAAb,MAA+B;CAC7B,AAAmB,MAAM,SAAS;CAClC,AAAmB,MAAM,KAAKA,YAAU;CACxC,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,QAAqB,EAAE;CAE1C,AAAO,WAAwB;AAC7B,SAAO,KAAK;;CAGd,AAAO,mBAAgC;EACrC,MAAMC,QAAqB,EAAE;AAC7B,OAAK,MAAM,QAAQ,KAAK,OAAO;AAC7B,OAAI,KAAK,YAAY,KAAK,SAAS,SAAS,EAC1C;GAEF,MAAM,WAAW,KAAK,SAAS,KAAK,KAAK;AACzC,OAAI,SAAS,SAAS,IAAI,IAAI,SAAS,SAAS,IAAI,EAAE;AACpD,QAAI,OAAO,KAAK,WAAW,UAAU;KACnC,MAAM,UAAU,KAAK,OAAO;AAC5B,SAAI,WAAW,QAAQ,SAAS,EAC9B,MAAK,MAAM,SAAS,SAAS;MAC3B,MAAM,SAAS,MAAM;MACrB,MAAM,OAAO,KAAK,QAAQ,KAAK,QAAQ,IAAI,OAAO;AAClD,UAAI,CAAC,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,SAAS,IAAI,CAC5C,OAAM,KAAK;OACT,GAAG;OACH,MAAM,OAAO,OAAO,KAAK,OAAO,CAAC;OACjC;OACA,GAAG;OACJ,CAAC;;;AAMV;;AAEF,SAAM,KAAK,KAAK;;AAElB,SAAO;;CAGT,AAAO,KAAK,MAAyB;AACnC,OAAK,MAAM,QAAQ,KAAK,MACtB,KAAI,KAAK,SAAS,KAChB,QAAO;AAIX,QAAM,IAAI,YAAY,SAAS,KAAK,aAAa;;CAGnD,AAAO,SACL,MACA,UAGI,EAAE,EACN;EACA,MAAM,OAAO,KAAK,KAAK,KAAK;AAC5B,MAAI,CAAC,KACH,OAAM,IAAI,MAAM,QAAQ,KAAK,YAAY;EAG3C,IAAI,MAAM,KAAK,QAAQ;EACvB,IAAI,SAAS,KAAK;AAClB,SAAO,QAAQ;AACb,SAAM,GAAG,OAAO,QAAQ,GAAG,GAAG;AAC9B,YAAS,OAAO;;AAGlB,QAAM,KAAK,QAAQ,KAAK,QAAQ,UAAU,EAAE,CAAC;AAE7C,MAAI,QAAQ,OAAO;GACjB,MAAM,QAAQ,IAAI,gBAAgB,QAAQ,MAAM;AAChD,OAAI,MAAM,UAAU,CAClB,QAAO,IAAI,MAAM,UAAU;;AAI/B,SAAO,IAAI,QAAQ,UAAU,IAAI,IAAI;;CAGvC,AAAO,IACL,MACA,UAA8D,EAAE,EAC3D;AACL,SAAO,IAAI,IACT,KAAK,SAAS,MAAM,QAAQ,EAE5B,QAAQ,QAAQ,mBACjB;;CAGH,AAAO,KAAK,OAAoC;EAC9C,MAAM,OAAO,cACX,cAAc,UACd,EAAE,OAAO,KAAK,QAAQ,EACtB,cAAcC,oBAAY,EAAE,EAAE,MAAM,OAAO,IAAI,QAAQ,CACxD;AAED,MAAI,KAAK,IAAI,kBACX,QAAO,cAAc,YAAY,EAAE,EAAE,KAAK;AAG5C,SAAO;;CAGT,AAAU,+BACR,QACA,UACQ;AACR,MAAI,EAAE,OAAO,SAAS,OAAO,IAAI,OAAO,UAAU,UAChD;QAAK,MAAM,OAAO,OAAO,WACvB,KACE,EAAE,OAAO,SAAS,OAAO,WAAW,KAAK,IACzC,OAAO,MAAM,SAAS,SAEtB,KAAI;AACF,UAAM,OAAO,KAAK,OAAO,MAAM,OAC7B,OAAO,WAAW,MAClB,mBAAmB,MAAM,KAAK,CAC/B;YACM,GAAG;;AAMlB,SAAO;;;;;;;CAQT,MAAa,aACX,OACA,OACA,WAAgC,EAAE,EACL;EAC7B,IAAIC,UAA+B,EAAE;EACrC,MAAMC,QAAgC,CAAC,EAAE,OAAO,CAAC;EAEjD,IAAI,SAAS,MAAM;AACnB,SAAO,QAAQ;AACb,SAAM,QAAQ,EAAE,OAAO,QAAQ,CAAC;AAChC,YAAS,OAAO;;EAGlB,IAAI,eAAe;AAEnB,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;GACrC,MAAM,KAAK,MAAM;GACjB,MAAMC,UAAQ,GAAG;GACjB,MAAMC,SAA8B,EAAE;AAEtC,OAAI;AACF,SAAK,4BAA4BD,QAAM,QAAQ,OAAO,MAAM,MAAM;AAClE,WAAO,QAAQA,QAAM,QAAQ,QACzB,KAAK,OAAO,MAAM,OAAOA,QAAM,OAAO,OAAO,MAAM,MAAM,GACzD,EAAE;YACC,GAAG;AACV,OAAG,QAAQ;AACX;;AAGF,OAAI;AACF,WAAO,SAASA,QAAM,QAAQ,SAC1B,KAAK,OAAO,MAAM,OAAOA,QAAM,OAAO,QAAQ,MAAM,OAAO,GAC3D,EAAE;YACC,GAAG;AACV,OAAG,QAAQ;AACX;;AAIF,MAAG,SAAS,EACV,GAAG,QACJ;AAGD,OAAI,WAAW,MAAM,CAAC,gBAAgB,SAAS,GAAG,SAASA,QAAM,MAAM;IACrE,MAAM,OAAO,QAAkB,MAAM,IAAI,QAAQ,UAAU,IAAI,GAAG;AAYlE,QAVa,KAAK,UAAU;KAC1B,MAAM,IAAI,SAAS,GAAG,KAAK;KAC3B,QAAQ,SAAS,GAAG,QAAQ,UAAU,EAAE;KACzC,CAAC,KAEW,KAAK,UAAU;KAC1B,MAAM,IAAIA,QAAM,KAAK;KACrB,QAAQ,OAAO,UAAU,EAAE;KAC5B,CAAC,EAEiB;AAEjB,QAAG,QAAQ,SAAS,GAAG;AACvB,QAAG,QAAQ,SAAS,GAAG;AACvB,QAAG,QAAQ;AACX,eAAU;MACR,GAAG;MACH,GAAG,GAAG;MACP;AACD;;AAIF,mBAAe;;AAIjB,OAAI,CAACA,QAAM,QACT;AAGF,OAAI;IACF,MAAM,OAAO,OAAO,OAAO,MAAM;AACjC,WAAO,OAAO,MAAM,QAAQ,QAAQ;IACpC,MAAM,QAAS,MAAMA,QAAM,UAAU,KAAK,IAAK,EAAE;AAGjD,OAAG,QAAQ,EACT,GAAG,OACJ;AAGD,cAAU;KACR,GAAG;KACH,GAAG;KACJ;YACM,GAAG;AAEV,QAAI,aAAa,YACf,QAAO,EACL,UAAU,EAAE,UACb;AAGH,SAAK,IAAI,MAAM,4BAA4B,EAAE;AAE7C,OAAG,QAAQ;AACX;;;EAIJ,IAAI,MAAM;AACV,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;GACrC,MAAM,KAAK,MAAM;GACjB,MAAM,QAAQ,GAAG,SAAS,EAAE;GAE5B,MAAM,SAAS,EAAE,GAAG,GAAG,QAAQ,QAAQ;AACvC,QAAK,MAAM,OAAO,OAAO,KAAK,OAAO,CACnC,QAAO,OAAO,OAAO,OAAO,KAAK;AAGnC,UAAO;AACP,UAAO,GAAG,MAAM,OAAO,KAAK,QAAQ,GAAG,MAAM,MAAM,OAAO,GAAG;GAC7D,MAAM,OAAO,IAAI,QAAQ,OAAO,IAAI;GACpC,MAAM,oBAAoB,KAAK,gBAAgB,GAAG,MAAM;AACxD,OAAI,mBAAmB;IACrB,MAAM,gBAAgB,MAAM;AAC5B,UAAM,WAAW,OAAO,cAAY;KAClC,MAAM,SAAS,kBAAkB,OAAOE,UAAQ;AAEhD,SAAI,WAAW,OACb,QAAO,cAAc,OAAOA,UAAQ;AAEtC,YAAO;;;AAKX,OAAI,CAAC,GAAG,MACN,KAAI;IACF,MAAM,UAAU,MAAM,KAAK,cAAc,GAAG,OAAO;KACjD,GAAG;KACH,GAAG;KACJ,CAAC;AAEF,UAAM,OAAO,KAAK;KAChB,MAAM,GAAG,MAAM;KACf;KACA,MAAM,GAAG,MAAM;KACf,QAAQ,GAAG;KACX,SAAS,KAAK,WAAW,IAAI,GAAG,MAAM,SAAS,GAAG,MAAM;KACxD,OAAO,IAAI;KACX;KACA,OAAO,GAAG;KACV,OAAO,GAAG;KACX,CAAC;YACK,GAAG;AACV,OAAG,QAAQ;;AAKf,OAAI,GAAG,MACL,KAAI;IACF,IAAIC,UACF,MAAM,MAAM,QAAQ,GAAG,OAAO,MAAM;AAEtC,QAAI,YAAY,OACd,OAAM,GAAG;AAGX,QAAI,mBAAmB,YACrB,QAAO,EACL,UAAU,QAAQ,UACnB;AAGH,QAAI,YAAY,KACd,WAAU,KAAK,YAAY,GAAG,MAAM;AAGtC,UAAM,OAAO,KAAK;KAChB;KACA,OAAO,GAAG;KACV,MAAM,GAAG,MAAM;KACf,MAAM,GAAG,MAAM;KACf,QAAQ,GAAG;KACX,SAAS,KAAK,WAAW,IAAI,GAAG,MAAM,SAAS,GAAG,MAAM;KACxD,OAAO,IAAI;KACX;KACA,OAAO,GAAG;KACX,CAAC;AACF;YACO,GAAG;AACV,QAAI,aAAa,YACf,QAAO,EACL,UAAU,EAAE,UACb;AAEH,UAAM;;;AAKZ,SAAO,EAAE,OAAO;;CAGlB,AAAU,uBAAuB,UAAsC;AACrE,SAAO,EACL,UACD;;CAGH,AAAU,gBAAgB,OAA4C;AACpE,MAAI,MAAM,aAAc,QAAO,MAAM;EACrC,IAAI,SAAS,MAAM;AACnB,SAAO,QAAQ;AACb,OAAI,OAAO,aAAc,QAAO,OAAO;AACvC,YAAS,OAAO;;;CAIpB,MAAgB,cACd,MACA,OACoB;AACpB,MAAI,KAAK,QAAQ,KAAK,UACpB,MAAK,IAAI,KACP,QAAQ,KAAK,KAAK,yDACnB;AAGH,MAAI,KAAK,KAEP,QAAO,eADW,MAAM,KAAK,MAAM,EACJ,SAAS,MAAM;AAGhD,MAAI,KAAK,UACP,QAAO,cAAc,KAAK,WAAW,MAAM;;CAM/C,AAAO,YAAY,OAAyB;AAC1C,SAAO,cAAcC,qBAAa;GAAE;GAAO,QAAQ,KAAK;GAAQ,CAAC;;CAGnE,AAAO,kBAA6B;AAClC,SAAO,cAAcP,oBAAY,EAAE,CAAC;;CAGtC,AAAO,KACL,MACA,SAA8B,EAAE,EACxB;EACR,MAAM,QAAQ,KAAK,MAAM,MAAM,OAAO,GAAG,SAAS,KAAK,QAAQ,KAAK;AACpE,MAAI,CAAC,MACH,OAAM,IAAI,MAAM,QAAQ,KAAK,QAAQ,KAAK,YAAY;EAGxD,IAAI,MAAM,MAAM,QAAQ;EACxB,IAAI,SAAS,MAAM;AACnB,SAAO,QAAQ;AACb,SAAM,GAAG,OAAO,QAAQ,GAAG,GAAG;AAC9B,YAAS,OAAO;;AAGlB,QAAM,KAAK,QAAQ,KAAK,OAAO;AAE/B,SAAO,IAAI,QAAQ,UAAU,IAAI,IAAI;;CAGvC,AAAO,QAAQ,MAAc,SAAiC,EAAE,EAAE;AAChE,OAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,OAAO,CAC/C,QAAO,KAAK,QAAQ,IAAI,OAAO,MAAM;AAEvC,SAAO;;CAGT,AAAU,WACR,OACA,MACA,MACA,MACW;AACX,WAAS,KAAK,iBAAiB;EAE/B,MAAM,UAAU,KAAK,SACjB,cACEQ,oBACA,OAAO,KAAK,WAAW,WAAW,KAAK,SAAS,EAAE,EAClD,KACD,GACD;AAEJ,SAAO,cACL,mBAAmB,UACnB,EACE,OAAO;GACL;GACA;GACD,EACF,EACD,QACD;;CAGH,AAAmB,YAAY,MAAM;EACnC,IAAI;EACJ,eAAe;GACb,IAAI,qBAAqB;GACzB,MAAM,QAAQ,KAAK,OAAO,YAAY,MAAM;GAE5C,MAAM,aAAa,OAAuB;AACxC,QAAI,GAAG,QAAQ,OACb,QAAO;AAGT,SAAK,MAAM,QAAQ,MAMjB,MALiB,KAAK,QAAQ,WAC1B,MAAM,QAAQ,KAAK,QAAQ,SAAS,GAClC,KAAK,QAAQ,WACb,KAAK,QAAQ,UAAU,GACzB,EAAE,EACO,SAAS,GAAG,CACvB,QAAO;;AAKb,QAAK,MAAM,QAAQ,OAAO;AACxB,QAAI,KAAK,QAAQ,SAAS,KACxB,sBAAqB;AAIvB,QAAI,UAAU,KAAK,CACjB;AAGF,SAAK,IAAI,KAAK,IAAI,OAAO,KAAK,CAAC;;AAGjC,OAAI,CAAC,sBAAsB,MAAM,SAAS,EAExC,MAAK,IAAI;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,WAAW;IACX,mBAAmB,EAAE,YAAY;AAC/B,WAAM,SAAS;;IAElB,CAAC;;EAGP,CAAC;CAEF,AAAU,IACR,OACA,QACgB;EAChB,MAAM,WAAW,OAAO,QAAQ,WAC5B,MAAM,QAAQ,OAAO,QAAQ,SAAS,GACpC,OAAO,QAAQ,WACf,OAAO,QAAQ,UAAU,GAC3B,EAAE;EAEN,MAAM,yBAAyB,OAAyC;GACtE,MAAMC,aAAW,EAAE;AACnB,QAAK,MAAM,QAAQ,MACjB,KAAI,KAAK,QAAQ,WAAW,GAC1B,YAAS,KAAK,KAAK;AAGvB,UAAOA;;AAGT,WAAS,KAAK,GAAG,sBAAsB,OAAO,CAAC;AAE/C,SAAO;GACL,GAAG,OAAO;GACV,MAAM,OAAO;GACb,QAAQ;GACR,UAAU,SAAS,KAAK,OAAO,KAAK,IAAI,OAAO,GAAG,CAAC;GACpD;;CAGH,AAAO,IAAI,OAAuB;AAChC,MAAI,KAAK,OAAO,SAAS,CACvB,OAAM,IAAI,YAAY,gCAAgC;AAGxD,QAAM,SAAS,KAAK,QAAQ;EAC5B,MAAM,OAAO;AAEb,OAAK,QAAQ,KAAK,YAAY,KAAK;AACnC,OAAK,MAAM,KAAK,KAAK;AAErB,MAAI,KAAK,SACP,MAAK,MAAM,SAAS,KAAK,UAAU;AACjC,GAAC,MAAoB,SAAS;AAC9B,QAAK,IAAI,MAAM;;;CAKrB,AAAU,YAAY,MAAyB;EAC7C,IAAI,MAAM,KAAK,QAAQ;EACvB,IAAI,SAAS,KAAK;AAClB,SAAO,QAAQ;AACb,SAAM,GAAG,OAAO,QAAQ,GAAG,GAAG;AAC9B,YAAS,OAAO;;EAGlB,IAAI,OAAO,IAAI,QAAQ,UAAU,IAAI;AAErC,MAAI,KAAK,SAAS,IAAI,IAAI,SAAS,IAEjC,QAAO,KAAK,MAAM,GAAG,GAAG;AAG1B,SAAO;;CAGT,AAAU,QAAQ;CAElB,AAAU,SAAiB;AACzB,OAAK,SAAS;AACd,SAAO,IAAI,KAAK;;;AAIpB,MAAa,eAAe,OAA6B;AACvD,QACE,MACA,OAAO,OAAO,YACd,OAAO,GAAG,SAAS,YACnB,OAAO,GAAG,SAAS;;;;;AC5jBvB,MAAMC,cAAY,EAAE,OAAO;CACzB,mBAAmB,EAAE,SAAS,EAAE,SAAS,CAAC;CAC1C,eAAe,EAAE,KAAK,EAAE,SAAS,QAAQ,CAAC;CAC1C,uBAAuB,EAAE,SACvB,EAAE,KAAK,EACL,MAAM,QACP,CAAC,CACH;CACF,CAAC;;;;AAYF,MAAa,qBAAqB,MAAM;CACtC,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,WAAW,EAAE,QAAQ;EACrB,cAAc,EAAE,OAAO;GACrB,UAAU,EAAE,SAAS;GACrB,MAAM,EAAE,OAAO,EACb,aAAa,+CACd,CAAC;GACH,CAAC;EACH,CAAC;CACF,SAAS;EACP,WAAW;EACX,cAAc;GACZ,UAAU;GACV,MAAM;GACP;EACF;CACF,CAAC;AAcF,IAAa,sBAAb,MAAiC;CAC/B,AAAmB,MAAM,SAAS;CAClC,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,MAAM,KAAKA,YAAU;CACxC,AAAmB,UAAU,QAAQ,kBAAkB;CACvD,AAAmB,iBAAiB,QAAQ,eAAe;CAC3D,AAAmB,uBAAuB,QAAQ,qBAAqB;CACvE,AAAmB,uBAAuB,QAAQ,qBAAqB;CACvE,AAAmB,uBAAuB,QAAQ,qBAAqB;CAEvE,AAAgB,iBAAiB,IAAI,OACnC,yBAAyB,KAAK,IAAI,cAAc,4BAChD,KACD;CACD,AAAU,uBAAoD;CAE9D,AAAmB,UAAU,KAAK,mBAAmB;;;;CAKrD,AAAgB,cAAc,MAAM;EAClC,IAAI;EACJ,SAAS,YAAY;GAGnB,MAAM,aAFQ,KAAK,OAAO,YAAY,MAAM,CAGpC,SAAS,KAAK,KAAK,IAAI,sBAAsB;AAErD,QAAK,OAAO,MAAM,IAAI,2BAA2B,WAAW;AAG5D,OAAI,KAAK,OAAO,WAAW,EAAE;AAC3B,UAAM,KAAK,cAAc,WAAW;AACpC;;GAIF,IAAI,OAAO;AAGX,OAAI,CAAC,KAAK,OAAO,cAAc,EAAE;AAC/B,WAAO,KAAK,oBAAoB;AAChC,QAAI,CAAC,KACH,MAAK,IAAI,KACP,4DACD;SACI;AACL,UAAK,IAAI,MAAM,4BAA4B,OAAO;AAClD,WAAM,KAAK,sBAAsB,KAAK;;;AAI1C,OAAI,YAAY;AACd,UAAM,KAAK,cAAc,YAAY,KAAK,SAAS;AACnD,SAAK,IAAI,KAAK,SAAS;AACvB;;AAIF,QAAK,IAAI,KAAK,4CAA4C;AAC1D,QAAK,qBAAqB,YAAY;IACpC,MAAM;IACN,SAAS,OAAO,EAAE,KAAK,YAAY;AACjC,SAAI,IAAI,SAAS,SAAS,IAAI,EAAE;AAE9B,YAAM,QAAQ,kBAAkB;AAChC,YAAM,OAAO;AACb,YAAM,SAAS;AACf;;AAGF,WAAM,QAAQ,kBAAkB;AAGhC,YAAO,KAAK;;IAEf,CAAC;;EAEL,CAAC;CAEF,IAAW,WAAW;AACpB,SACE,KAAK,OAAO,IAAI,yBAChB;;CAIJ,MAAgB,cAAc,gBAAgC;EAE5D,MAAM,WAAW,MAAM,gBAAgB;AACvC,MAAI,SACF,MAAK,uBAAuB,KAAK,mBAAmB,SAAS;AAG/D,OAAK,MAAM,QAAQ,KAAK,QAAQ,UAAU,EAAE;AAC1C,OAAI,KAAK,UAAU,OACjB;AAGF,QAAK,IAAI,MAAM,KAAK,KAAK,MAAM,MAAM,KAAK,OAAO;AAEjD,QAAK,qBAAqB,YAAY;IACpC,GAAG;IACH,QAAQ;IACR,QAAQ;IACR,MAAM,KAAK;IACX,SAAS,KAAK,cAAc,MAAM,eAAe;IAClD,CAAC;;;;;;CAON,AAAU,qBAA6B;EACrC,MAAM,QAAQ,CACZ,KAAK,QAAQ,KAAK,EAAE,QAAQ,KAAK,QAAQ,YAAY,EACrD,KAAK,QAAQ,KAAK,EAAE,KAAK,QAAQ,UAAU,CAC5C;AAED,OAAK,MAAM,MAAM,MACf,KAAI,WAAW,GAAG,CAChB,QAAO;AAIX,SAAO;;;;;CAMT,MAAgB,sBAAsB,MAAc;AAClD,QAAM,KAAK,qBAAqB,mBAAmB;GACjD;GACA,cAAc;IACZ,QAAQ;IACR,WAAW;IACZ;GACD,GAAG,KAAK,QAAQ;GACjB,CAAC;;;;;CAMJ,MAAgB,cAAc,YAAqB;AACjD,MAAI,CAAC,WAEH;AAGF,OAAK,IAAI,KAAK,eAAe;EAE7B,MAAM,MAAM,UAAU,QAAQ,IAAI,YAAY,GAAG,QAAQ,IAAI;AAE7D,QAAM,KAAK,oBACT,MAAM,GAAG,IAAI,aAAa,CACvB,MAAM,OAAO,GAAG,MAAM,CAAC,CACvB,YAAY,OAAU,CAC1B;;;;;CAMH,MAAa,OACX,MACA,UAAuC,EAAE,EACJ;EACrC,MAAM,OAAO,KAAK,QAAQ,KAAK,KAAK;EACpC,MAAM,MAAM,IAAI,IAAI,KAAK,QAAQ,IAAI,MAAM,QAAQ,CAAC;EASpD,MAAM,QARmC;GACvC;GACA,QAAQ,QAAQ,UAAU,EAAE;GAC5B,OAAO,QAAQ,SAAS,EAAE;GAC1B,eAAe;GACf,QAAQ,EAAE;GACV,MAAM,EAAE;GACT;AAGD,OAAK,IAAI,MAAM,aAAa,EAC1B,KACD,CAAC;AAEF,QAAM,KAAK,OAAO,OAAO,KAAK,6BAA6B,EACzD,OACD,CAAC;EAEF,MAAM,EAAE,aAAa,MAAM,KAAK,QAAQ,aACtC,MACA,MACD;AAED,MAAI,SACF,QAAO;GAAE;GAAO,MAAM;GAAI;GAAU;AAGtC,MAAI,CAAC,QAAQ,MAAM;AACjB,QAAK,OAAO,MAAM,IAAI,6BAA6B,MAAM;AAEzD,UAAO;IACL;IACA,MAAM,eAAe,KAAK,QAAQ,KAAK,MAAM,CAAC;IAC/C;;EAGH,MAAM,WAAW,KAAK,YAAY;EAClC,MAAM,OAAO,KAAK,aAAa,UAAU,OAAO,QAAQ,UAAU;AAElE,MAAI,gBAAgB,YAClB,QAAO;GAAE;GAAO,MAAM;GAAI;GAAU;EAGtC,MAAM,SAAS;GACb;GACA;GACD;AAED,QAAM,KAAK,OAAO,OAAO,KAAK,2BAA2B,OAAO;AAEhE,SAAO;;CAGT,AAAU,cACR,OACA,gBACe;AACf,SAAO,OAAO,kBAAkB;GAC9B,MAAM,EAAE,KAAK,OAAO,OAAO,WAAW;GACtC,MAAM,WAAW,MAAM,gBAAgB;AACvC,OAAI,CAAC,SACH,OAAM,IAAI,YAAY,qCAAqC;AAG7D,QAAK,IAAI,MAAM,kBAAkB,EAC/B,MAAM,MAAM,MACb,CAAC;GAUF,MAAM,QARmC;IACvC;IACA;IACA;IACA,eAAe;IACf,QAAQ,EAAE;IACX;AAID,OAAI,KAAK,OAAO,IAAI,oBAAoB,CACtC,MAAK,OAAO,MAAM,IAChB,kCACA,MAAM,KAAK,OAAO,OAAO,oBAAoB,CAAC,gBAAgB;IAC5D,MAAO,cAAsB;IAC7B,eAAe,cAAc,QAAQ;IACtC,CAAC,CACH;GAGH,IAAIC,SAAgC;AACpC,UAAO,QAAQ;AACb,QAAI,MAAM,OAAO,CAAC,MAAM,KAAK,EAAE;AAE7B,WAAM,SAAS;AACf,WAAM,QAAQ,kBAAkB;AAChC,YAAO;;AAET,aAAS,OAAO;;AAclB,SAAM,KAAK,OAAO,OAAO,KAAK,6BAA6B;IACzD,SAAS;IACT;IACD,CAAC;AAEF,QAAK,qBAAqB,YAAY,eAAe;GAErD,MAAM,EAAE,aAAa,MAAM,KAAK,QAAQ,aAAa,OAAO,MAAM;AAElE,QAAK,qBAAqB,UAAU,eAAe;AAEnD,OAAI,SACF,QAAO,MAAM,SAAS,SAAS;AAGjC,SAAM,QAAQ,kBAAkB;AAIhC,SAAM,QAAQ,mBACZ;AACF,SAAM,QAAQ,SAAS;AACvB,SAAM,QAAQ,UAAU;GAExB,MAAM,OAAO,KAAK,aAAa,UAAU,MAAM;AAC/C,OAAI,gBAAgB,aAAa;AAC/B,UAAM,SACJ,OAAO,KAAK,aAAa,WACrB,KAAK,WACL,KAAK,QAAQ,KAAK,KAAK,SAAS,CACrC;AACD;;GAGF,MAAM,QAAQ;IACZ,SAAS;IACT;IACA;IACD;AAED,SAAM,KAAK,OAAO,OAAO,KAAK,2BAA2B,MAAM;AAE/D,SAAM,mBAAmB,cAAc;AAEvC,QAAK,IAAI,MAAM,iBAAiB,EAC9B,MAAM,MAAM,MACb,CAAC;AAEF,UAAO,MAAM;;;CAIjB,AAAO,aACL,UACA,OACA,YAAY,MACU;EACtB,MAAM,UAAU,KAAK,QAAQ,KAAK,MAAM;AAGxC,OAAK,OAAO,MAAM,IAAI,6BAA6B,MAAM;AAEzD,OAAK,qBAAqB,YAAY,iBAAiB;EACvD,IAAI,MAAM;AACV,MAAI;AACF,SAAM,eAAe,QAAQ;WACtB,OAAO;AACd,QAAK,IAAI,MACP,wDACA,MACD;GACD,MAAMC,YAAU,MAAM,QAAQ,OAAgB,MAAM;AACpD,OAAIA,qBAAmB,YAErB,QAAOA;AAGT,SAAM,eAAeA,UAAQ;AAC7B,QAAK,IAAI,MAAM,2CAA2C;;AAE5D,OAAK,qBAAqB,UAAU,iBAAiB;EAErD,MAAM,WAAW,EACf,MAAM,UACP;AAED,MAAI,WAAW;GACb,MAAM,EAAE,SAAS,SAAS,GAAG,UAC3B,KAAK,OAAO,QAAQ,KAAK,UAAU,IAAI,EAAE;GAE3C,MAAMC,gBAAqC;IACzC,GAAG;IAEH,6BAA6B;IAC7B,QAAQ,MAAM,OAAO,KAAK,QAAQ;KAChC,GAAG;KACH,OAAO,GAAG,QACN;MACE,GAAG,GAAG;MACN,MAAM,GAAG,MAAM;MACf,SAAS,GAAG,MAAM;MAClB,OAAO,CAAC,KAAK,OAAO,cAAc,GAAG,GAAG,MAAM,QAAQ;MACvD,GACD;KACJ,OAAO;KACP,MAAM;KACN,SAAS;KACT,OAAO;KACR,EAAE;IACJ;GAGD,MAAM,SAAS,wBAAwB,KAAK,UAAU,cAAc,CAAC;AAGrE,QAAK,aAAa,UAAU,KAAK,OAAO;;AAG1C,SAAO,SAAS;;CAGlB,AAAU,mBAAmB,UAAwC;EAGnE,MAAM,iBADiB,SAAS,MAAM,YAAY,EACX,SAAS,SAAS;EAEzD,MAAM,eAAe,SAAS,UAAU,GAAG,eAAe;EAC1D,MAAM,cAAc,SAAS,UAAU,eAAe;EAGtD,MAAM,eAAe,aAAa,MAAM,KAAK,eAAe;AAE5D,MAAI,cAAc;GAEhB,MAAM,YAAY,aAAa,UAAU,GAAG,aAAa,MAAO;GAChE,MAAM,gBAAgB,aAAa,QAAS,aAAa,GAAG;GAC5D,MAAM,WAAW,aAAa,UAAU,cAAc;AAKtD,UAAO;IAAE,WAHS,GAAG,UAAU,MAAM,aAAa,GAAG,OAAO,KAAK,IAAI,cAAc,GAAG,aAAa,GAAG;IAGlF,UAFH,SAAS;IAEI,cAAc;IAAI;IAAa;;EAI/D,MAAM,YAAY,aAAa,MAAM,iBAAiB;AACtD,MAAI,WAAW;GACb,MAAM,aAAa,aAAa,UAC9B,GACA,UAAU,QAAS,UAAU,GAAG,OACjC;GACD,MAAM,YAAY,aAAa,UAC7B,UAAU,QAAS,UAAU,GAAG,OACjC;AAKD,UAAO;IAAE,WAHS,GAAG,WAAW,WAAW,KAAK,IAAI,cAAc;IAG9C,UAFH,SAAS;IAEI,cAAc;IAAI;IAAa;;AAI/D,SAAO;GACL,WAAW,YAAY,KAAK,IAAI,cAAc;GAC9C,UAAU;GACV;GACA;GACD;;CAGH,AAAU,aACR,UACA,KACA,QACA;AACA,MAAI,CAAC,KAAK,qBAER,MAAK,uBAAuB,KAAK,mBAAmB,SAAS,KAAK;AAIpE,WAAS,OACP,KAAK,qBAAqB,YAC1B,MACA,KAAK,qBAAqB,WAC1B,SACA,KAAK,qBAAqB;;;;;;ACtiBhC,IAAa,yBAAb,cAA4C,iBAAiB;CAC3D,AAAmB,sBAAsB,QAAQ,oBAAoB;CACrE,AAAmB,iBAAiB,QAAQ,eAAe;CAE3D,MAAa,OACX,MACA,UAAuC,EAAE,EACJ;AACrC,SAAO,KAAK,oBAAoB,OAAO,MAAM,QAAQ;;CAGvD,MAAa,MACX,UACA,UAAuC,EAAE,EAIxC;EACD,MAAM,WAAW,MAAM,MAAM,GAAG,KAAK,eAAe,SAAS,GAAG,WAAW;EAE3E,MAAM,OAAO,MAAM,SAAS,MAAM;AAClC,MAAI,SAAS,KACX,QAAO;GAAE;GAAM;GAAU;EAI3B,MAAM,QAAQ,KAAK,MAAM,KAAK,oBAAoB,eAAe;AACjE,MAAI,MACF,QAAO;GAAE,MAAM,MAAM;GAAI;GAAU;AAGrC,QAAM,IAAI,YAAY,wBAAwB;;;;;;ACtBlD,IAAa,6BAAb,cAAgD,eAA6B;CAC3E,AAAmB,MAAM,SAAS;CAClC,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,UAAU,QAAQ,kBAAkB;CAEvD,AAAO,IAAI,OAAuB;AAChC,OAAK,QAAQ,IAAI,MAAM;;CAGzB,AAAmB,YAAY,MAAM;EACnC,IAAI;EACJ,SAAS,YAAY;AACnB,QAAK,MAAM,QAAQ,KAAK,QAAQ,UAAU,CAExC,KAAI,KAAK,aAAa,KAAK,KACzB,MAAK,KAAK;IACR,MAAM,KAAK;IACX;IACD,CAAC;;EAIT,CAAC;CAEF,MAAa,WACX,KACA,WAAgC,EAAE,EAClC,OAAO,EAAE,EACe;EACxB,MAAM,EAAE,UAAU,WAAW;EAW7B,MAAM,QATmC;GACvC;GACA,OAAO,EAAE;GACT,QAAQ,EAAE;GACV,QAAQ,EAAE;GACV,eAAe;GACf;GACD;AAKD,QAAM,KAAK,OAAO,OAAO,KAAK,sBAAsB,EAClD,MAAM,cACP,CAAC;AACF,QAAM,KAAK,OAAO,OAAO,KAAK,0BAA0B;GACtD,UAAU,KAAK,OAAO,MAAM,IAAI,4BAA4B;GAC5D;GACD,CAAC;AAEF,MAAI;GACF,MAAM,EAAE,OAAO,WAAW,KAAK,MAAM,SAAS;GAE9C,MAAMC,QAAgC,EAAE;AACxC,OAAI,OACF,MAAK,MAAM,CAAC,KAAK,UAAU,IAAI,gBAAgB,OAAO,CAAC,SAAS,CAC9D,OAAM,OAAO,OAAO,MAAM;AAI9B,SAAM,QAAQ;AACd,SAAM,SAAS,UAAU,EAAE;AAE3B,OAAI,YAAY,MAAM,EAAE;IACtB,MAAM,EAAE,aAAa,MAAM,KAAK,QAAQ,aACtC,MAAM,MACN,OACA,SACD;AACD,QAAI,SACF,QAAO;;AAIX,OAAI,MAAM,OAAO,WAAW,EAC1B,OAAM,OAAO,KAAK;IAChB,MAAM;IACN,SAAS,cAAc,aAAa;IACpC,OAAO;IACP,MAAM;IACP,CAAC;AAGJ,SAAM,KAAK,OAAO,OAAO,KAAK,wBAAwB,EACpD,MAAM,cACP,CAAC;AACF,SAAM,KAAK,OAAO,OAAO,KAAK,4BAA4B,EAAE,OAAO,CAAC;WAC7D,GAAG;AACV,QAAK,IAAI,MAAM,yBAAyB,EAAE;AAC1C,SAAM,SAAS,CACb;IACE,MAAM;IACN,SAAS,KAAK,QAAQ,YAAY,EAAW;IAC7C,OAAO;IACP,MAAM;IACP,CACF;AAED,SAAM,KAAK,OAAO,OAAO,KAAK,sBAAsB;IAClD,MAAM;IACN,OAAO;IACR,CAAC;AACF,SAAM,KAAK,OAAO,OAAO,KAAK,0BAA0B;IACtD,OAAO;IACP;IACD,CAAC;;AAIJ,MAAI,SACF,MAAK,IAAI,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;GACxC,MAAM,QAAQ,SAAS;AACvB,OAAI,MAAM,OAAO,IAAI,SAAS,MAAM,KAClC,MAAK,QAAQ,KAAK,MAAM,KAAK,EAAE,WAAW;;AAKhD,OAAK,OAAO,MAAM,IAAI,6BAA6B,MAAM;AAEzD,QAAM,KAAK,OAAO,OAAO,KAAK,oBAAoB,EAChD,MAAM,cACP,CAAC;AACF,QAAM,KAAK,OAAO,OAAO,KAAK,wBAAwB,EACpD,OACD,CAAC;;CAGJ,AAAO,KAAK,OAAoC;AAC9C,SAAO,KAAK,QAAQ,KAAK,MAAM;;;;;;AC7HnC,MAAM,YAAY,EAAE,OAAO,EACzB,eAAe,EAAE,KAAK,EAAE,SAAS,QAAQ,CAAC,EAC3C,CAAC;;;;AASF,MAAa,sBAAsB,MAAM;CACvC,MAAM;CACN,QAAQ,EAAE,OAAO,EACf,mBAAmB,EAAE,KAAK,CAAC,OAAO,SAAS,CAAC,EAC7C,CAAC;CACF,SAAS,EACP,mBAAmB,OACpB;CACF,CAAC;AAcF,IAAa,uBAAb,MAAkC;CAChC,AAAmB,MAAM,KAAK,UAAU;CACxC,AAAmB,MAAM,SAAS;CAClC,AAAmB,SAAS,QAAQ,aAAa;CACjD,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,SAAS,QAAQ,2BAA2B;CAC/D,AAAmB,mBAAmB,QAAQ,iBAAiB;CAE/D,AAAmB,UAAU,KAAK,oBAAoB;CAEtD,AAAU,iBAAiB;EACzB,MAAM,OAAO,KAAK,SAAS,eAAe,KAAK,IAAI,cAAc;AACjE,MAAI,KACF,QAAO;EAGT,MAAM,MAAM,KAAK,SAAS,cAAc,MAAM;AAC9C,MAAI,KAAK,KAAK,IAAI;AAElB,OAAK,SAAS,KAAK,QAAQ,IAAI;AAE/B,SAAO;;CAGT,AAAO;CAKP,IAAW,QAA0B;AACnC,SAAO,KAAK,OAAO,MAAM,IAAI,4BAA4B;;;;;CAM3D,IAAW,WAAW;AACpB,SAAO,OAAO;;;;;CAMhB,IAAW,UAAU;AACnB,SAAO,OAAO;;;;;CAMhB,IAAW,WAAW;AACpB,SAAO,OAAO;;CAGhB,IAAW,OAAO;EAChB,MAAM,OAAO,OAAO,KAAK,KAAK;AAC9B,MAAI,CAAC,QAAQ,SAAS,IACpB,QAAO;AAGT,SAAO;;CAGT,IAAW,MAAc;EACvB,MAAM,MAAM,KAAK,SAAS,WAAW,KAAK,SAAS;AACnD,MAAI,KAAK,KACP,QAAO,IAAI,QAAQ,KAAK,MAAM,GAAG;AAEnC,SAAO;;CAGT,AAAO,UAAU,MAAc,SAAmB;EAChD,MAAM,MAAM,KAAK,OAAO;AAExB,MAAI,QACF,MAAK,QAAQ,aAAa,EAAE,EAAE,IAAI,IAAI;MAEtC,MAAK,QAAQ,UAAU,EAAE,EAAE,IAAI,IAAI;;CAIvC,MAAa,WAAW,OAA6B;EACnD,MAAMC,WAAgC,EAAE;AAExC,OAAK,IAAI,MAAM,sBAAsB;AAErC,MAAI,OAAO;GACT,MAAM,CAAC,OAAO,OAAO,KAAK,MAAM;GAChC,MAAM,QAAQ,MAAM;AAEpB,QAAK,MAAM,SAAS,KAAK,MAAM,QAAQ;AACrC,QAAI,MAAM,QAAQ,MAAM;AACtB,cAAS,KAAK;MACZ,GAAG;MACH,OAAO;OACL,GAAG,MAAM;QACR,MAAM;OACR;MACF,CAAC;AACF;;AAEF,aAAS,KAAK,MAAM;;;AAIxB,QAAM,KAAK,OAAO,EAAE,UAAU,CAAC;;CAGjC,MAAa,GAAG,KAAa,UAA2B,EAAE,EAAiB;AACzE,OAAK,IAAI,MAAM,YAAY,OAAO;GAChC;GACA;GACD,CAAC;AAEF,QAAM,KAAK,OAAO;GAChB;GACA,UAAU,QAAQ,QAAQ,EAAE,GAAG,KAAK,MAAM;GAC1C,MAAM,QAAQ;GACf,CAAC;AAGF,MAAI,KAAK,MAAM,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK;AAC3D,QAAK,UAAU,KAAK,MAAM,IAAI,WAAW,KAAK,MAAM,IAAI,OAAO;AAC/D;;AAGF,OAAK,UAAU,KAAK,QAAQ,QAAQ;;CAGtC,MAAgB,OAAO,UAA+B,EAAE,EAAiB;EACvE,MAAM,WAAW,QAAQ,YAAY,KAAK,MAAM;EAChD,MAAM,MAAM,QAAQ,OAAO,KAAK;EAChC,MAAM,QAAQ,KAAK,iBAAiB,KAAK;AAEzC,OAAK,gBAAgB;GACnB,IAAI;GACJ,MAAM,KAAK,OAAO,IAAI;GACvB;AAED,OAAK,IAAI,MAAM,oBAAoB,EACjC,IAAI,KACL,CAAC;EAEF,MAAM,WAAW,MAAM,KAAK,OAAO,WACjC,IAAI,IAAI,mBAAmB,MAAM,EACjC,UACA,QAAQ,KACT;AAED,MAAI,UAAU;AACZ,QAAK,IAAI,KAAK,kBAAkB,EAC9B,UACD,CAAC;AAGF,OAAI,SAAS,WAAW,OAAO,CAC7B,QAAO,SAAS,OAAO;OAGvB,QAAO,MAAM,KAAK,OAAO,EAAE,KAAK,UAAU,CAAC;;EAI/C,MAAM,KAAK,KAAK,iBAAiB,KAAK,CAAC,KAAK,MAAM;AAClD,OAAK,IAAI,KAAK,kBAAkB,GAAG,MAAM,KAAK,cAAc;AAE5D,OAAK,gBAAgB;;;;;CAMvB,AAAU,oBAAqD;AAC7D,MAAI;AACF,OAAI,WAAW,UAAU,OAAO,OAAO,UAAU,SAC/C,QAAO,OAAO;WAET,OAAO;AACd,WAAQ,MAAM,MAAM;;;CAMxB,AAAmB,kBAAkB,MAAM;EACzC,IAAI;EACJ,eAAe;AACb,OACE,KAAK,QAAQ,sBAAsB,SACnC,OAAO,WAAW,eAClB,CAAC,KAAK,OAAO,QAAQ,EACrB;AACA,SAAK,IAAI,MAAM,mCAAmC;AAClD,WAAO,SAAS,GAAG,EAAE;;;EAG1B,CAAC;CAEF,AAAgB,QAAQ,MAAM;EAC5B,IAAI;EACJ,SAAS,YAAY;GACnB,MAAM,YAAY,KAAK,mBAAmB;GAC1C,MAAM,WAAW,WAAW,UAAU,EAAE;AAExC,OAAI,WAEF;SAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,UAAU,CAClD,KAAI,QAAQ,SACV,MAAK,OAAO,MAAM,IAAI,KAAoB,MAAM;;AAKtD,SAAM,KAAK,OAAO,EAAE,UAAU,CAAC;GAE/B,MAAM,UAAU,KAAK,OAAO,KAAK,KAAK,MAAM;AAE5C,SAAM,KAAK,OAAO,OAAO,KAAK,wBAAwB;IACpD;IACA,MAAM,KAAK,gBAAgB;IAC3B;IACA,OAAO,KAAK;IACb,CAAC;AAEF,UAAO,iBAAiB,kBAAkB;AAGxC,QAAI,KAAK,OAAO,KAAK,MAAM,IAAI,aAAa,KAAK,SAAS,SACxD;AAGF,SAAK,IAAI,MAAM,kDAAkD,EAC/D,KAAK,KAAK,SAAS,WAAW,KAAK,SAAS,QAC7C,CAAC;AAEF,SAAK,QAAQ;KACb;;EAEL,CAAC;;;;;AC1RJ,IAAa,cAAb,MAA2C;CACzC,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,UAAU,QAAQ,kBAAkB;CAEvD,IAAW,QAA0B;AACnC,SAAO,KAAK,OAAO,MAAM,IAAI,4BAA4B;;CAG3D,IAAW,QAAQ;AACjB,SAAO,KAAK,QAAQ,UAAU;;CAGhC,IAAW,gBAAgB;AACzB,SAAO,KAAK,QAAQ,kBAAkB;;CAGxC,IAAW,UAA4C;AACrD,MAAI,KAAK,OAAO,WAAW,CACzB,QAAO,KAAK,OAAO,OAAO,qBAAqB;;CAMnD,AAAO,SACL,MACA,UAEI,EAAE,EACG;EACT,MAAM,UAAU,KAAK,MAAM,IAAI;EAC/B,IAAI,WACF,YAAY,QAAQ,YAAY,GAAG,KAAK,MAAM,GAAG,QAAQ,OAAO;AAElE,MAAI,QAAQ,aAAa,CAAC,SACxB,YAAW,QAAQ,WAAW,KAAK;AAGrC,SAAO;;CAGT,AAAO,KACL,MACA,SAGI,EAAE,EACE;AACR,SAAO,KAAK,QAAQ,SAAS,MAAgB;GAC3C,QAAQ;IACN,GAAG,KAAK,OAAO;IACf,GAAG,OAAO;IACX;GACD,OAAO,OAAO;GACf,CAAC;;;;;;CAOJ,MAAa,SAAS;AACpB,MAAI,CAAC,KAAK,QACR;AAGF,QAAM,KAAK,GAAG,KAAK,SAAS,WAAW,KAAK,SAAS,QAAQ;GAC3D,SAAS;GACT,OAAO;GACR,CAAC;;CAGJ,AAAO,SAAc;AACnB,MAAI,CAAC,KAAK,QACR,QAAO,KAAK,MAAM;AAGpB,SAAO,IAAI,IAAI,KAAK,SAAS,KAAK;;CAGpC,IAAW,WAAqB;AAC9B,MAAI,CAAC,KAAK,QACR,OAAM,IAAI,MAAM,sBAAsB;AAGxC,SAAO,KAAK,QAAQ;;CAGtB,IAAW,UAA4B;AACrC,SAAO,KAAK;;CAGd,IAAW,WAAmB;AAC5B,SAAO,KAAK,MAAM,IAAI;;CAGxB,IAAW,QAAgC;EACzC,MAAMC,QAAgC,EAAE;AAExC,OAAK,MAAM,CAAC,KAAK,UAAU,IAAI,gBAC7B,KAAK,MAAM,IAAI,OAChB,CAAC,SAAS,CACT,OAAM,OAAO,OAAO,MAAM;AAG5B,SAAO;;CAGT,MAAa,OAAO;AAClB,OAAK,SAAS,QAAQ,MAAM;;CAG9B,MAAa,UAAU;AACrB,OAAK,SAAS,QAAQ,SAAS;;CAGjC,MAAa,WAAW,OAA6B;AACnD,QAAM,KAAK,SAAS,WAAW,MAAM;;CAQvC,MAAa,GACX,MACA,SACe;AACf,OAAK,MAAM,QAAQ,KAAK,MACtB,KAAI,KAAK,SAAS,MAAM;AACtB,SAAM,KAAK,SAAS,GAClB,KAAK,KAAK,MAAgC,QAAQ,EAClD,QACD;AACD;;AAIJ,QAAM,KAAK,SAAS,GAAG,MAAgB,QAAQ;;CAQjD,AAAO,OACL,MACA,UAA2B,EAAE,EAChB;EACb,IAAI,OAAO;AAEX,OAAK,MAAM,QAAQ,KAAK,MACtB,KAAI,KAAK,SAAS,MAAM;AACtB,UAAO,KAAK,KAAK,MAAgC,QAAQ;AACzD;;AAIJ,SAAO;GACL,MAAM,KAAK,KAAK,KAAK;GACrB,UAAU,OAAY;AACpB,OAAG,iBAAiB;AACpB,OAAG,gBAAgB;AAEnB,SAAK,GAAG,MAAM,QAAQ,CAAC,MAAM,QAAQ,MAAM;;GAE9C;;CAGH,AAAO,KAAK,MAAsB;EAChC,MAAM,OAAO,OAAO,KAAK,KAAK;AAC9B,MAAI,CAAC,QAAQ,SAAS,IACpB,QAAO;AAGT,SAAO,OAAO;;;;;;;;CAShB,AAAO,eACL,QAGA,UAKI,EAAE,EACN;EACA,MAAM,OAAO,OAAO,WAAW,aAAa,eAAe;EAC3D,MAAM,SAAS,IAAI,gBAAgB,KAAK,KAAK,MAAM,CAAC,CAAC,UAAU;EAC/D,MAAM,QAAQ,SAAS,GAAG,KAAK,SAAS,GAAG,WAAW,KAAK;AAE3D,MAAI,QAAQ,KACV,QAAO,QAAQ,UAAU,EAAE,EAAE,IAAI,MAAM;MAEvC,QAAO,QAAQ,aAAa,EAAE,EAAE,IAAI,MAAM;;;;;;;;;;;;;;;;AC/EhD,MAAa,cAAc,QAAQ;CACjC,MAAM;CACN,aAAa,CAAC,MAAM;CACpB,UAAU;EACR;EACA;EACA;EACA;EACA;EACD;CACD,WAAW,WACT,OACG,KAAK,eAAe,CACpB,KAAK,aAAa,CAClB,KAAK,kBAAkB,CACvB,KAAK,kBAAkB,CACvB,KAAK;EACJ,SAAS;EACT,KAAK;EACN,CAAC,CACD,KAAK,oBAAoB,CACzB,KAAK,kBAAkB,CACvB,KAAK,YAAY;CACvB,CAAC;;;;AC9JF,IAAa,oBAAb,MAA+B;CAC7B,AAAmB,SAAS,QAAQ,OAAO;CAE3C,AAAgB,WAAW,MAAM;EAC/B,IAAI;EACJ,SAAS,OAAO,EAAE,SAAS,YAAY;AACrC,OAAI,SAAS,MAAM;IACjB,MAAM,EAAE,OAAO,OAAO,GAAG,SAAS,QAAQ;AAC1C,SAAK,OAAO,MAAM,IAAI,8BAA8B,KAAK;AACzD,UAAM,OAAO;;;EAGlB,CAAC;;;;;;;;ACJJ,IAAa,YAAb,MAAuB;CACrB,AAAmB,MAAM,SAAS;CAClC,AAAmB,SAAS,QAAQ,OAAO;CAC3C,AAAmB,aAAa,QAAQ,WAAW;CAEnD,AAAmB,oBAAoB,MAAM;EAC3C,IAAI;EACJ,SAAS,OAAO,UAAU;AACxB,OAAI,KAAK,OAAO,WAAW,CACzB,QAAO,eAAe,MAAM,OAAO,QAAQ,EACzC,WAAW,KAAK,MACjB,CAAC;;EAGP,CAAC;CAEF,AAAmB,iBAAiB,MAAM;EACxC,IAAI;EACJ,SAAS,OAAO,EAAE,cAAc;AAC9B,OAAI,KAAK,OAAO,WAAW,IAAI,KAAK,KAElC,SAAQ,gBAAgB;;EAG7B,CAAC;;;;;;CAOF,IAAW,OAAqC;AAC9C,SAAO,KAAK,OAAO,MAAM,IAAI,6BAA6B;;CAG5D,MAAa,OAAO;EAClB,MAAM,EAAE,SAAS,MAAM,KAAK,WAAW,MAAM,uBAAuB,UAAU,EAC5E,QAAQ,EAAE,UAAU,wBAAwB,EAC7C,CAAC;AAEF,OAAK,OAAO,MAAM,IAAI,kCAAkC,KAAK,IAAI;AACjE,OAAK,OAAO,MAAM,IAAI,8BAA8B,KAAK,KAAK;AAE9D,SAAO,KAAK;;CAGd,MAAa,MACX,UACA,SAOiB;AACjB,MAAI,QAAQ,YAAY,QAAQ,UAAU;GACxC,MAAM,EAAE,SAAS,MAAM,KAAK,WAAW,MACrC,GAAG,QAAQ,YAAY,KAAK,uBAAuB,MAAM,YAAY,YACrE;IACE,QAAQ;IACR,MAAM,KAAK,UAAU;KACnB,UAAU,QAAQ;KAClB,UAAU,QAAQ;KAClB,GAAG;KACJ,CAAC;IACF,QAAQ,EAAE,UAAU,qBAAqB;IAC1C,CACF;AAED,QAAK,OAAO,MAAM,IAAI,kCAAkC,KAAK,IAAI;AACjE,QAAK,OAAO,MAAM,IAAI,8BAA8B,KAAK,KAAK;AAE9D,UAAO;;AAGT,MAAI,KAAK,OAAO,WAAW,EAAE;GAC3B,MAAM,UAAU,KAAK,OAAO,OAAO,qBAAqB;GACxD,MAAM,WACJ,QAAQ,aACP,QAAQ,gBACL,OAAO,SAAS,SAAS,QAAQ,cAAc,KAC/C,OAAO,SAAS;GAEtB,MAAM,OAAO,GAAG,OAAO,SAAS,SAAS,uBAAuB,MAAM,YAAY,SAAS,gBAAgB,mBAAmB,SAAS;AAEvI,OAAI,QAAQ,cACV,OAAM,IAAI,YAAY,KAAK;QACtB;AACL,WAAO,SAAS,OAAO;AACvB,WAAO,EAAE;;;AAIb,QAAM,IAAI,YACR,GAAG,uBAAuB,MAAM,YAAY,SAAS,gBAAgB,QAAQ,YAAY,MAC1F;;CAGH,AAAO,SAAS;AACd,SAAO,SAAS,OAAO,GAAG,uBAAuB,OAAO,4BAA4B,mBAAmB,OAAO,SAAS,OAAO;;;;;;AC1GlI,MAAa,gBAAwC;CACnD,MAAM,SAAS,WAAW;CAC1B,MAAM,CAAC,QAAQ,SAAS,6BAA6B;AAErD,QAAO;EACL;EACA,cAAc;AACZ,UAAO,OAAO,UAAU,CAAC,QAAQ;;EAEnC,OAAO,OACL,UACA,UAKI,EAAE,KACH;AACH,SAAM,OAAO,OAAO,UAAU,CAAC,MAAM,UAAoB,QAAQ;;EAEnE,MACE,SACY;AACZ,UAAO,OAAO,OAAO,aAAa,CAAC,IAAI,KAAe;;EAEzD;;;;;;;;;;;ACAH,MAAa,kBAAkB,QAAQ;CACrC,MAAM;CACN,aAAa,CAAC,MAAM;CACpB,UAAU;EAAC;EAAa;EAAmB;EAAkB;EAAmB;EAAU;CAC3F,CAAC"}