@anarchitects/auth-angular 0.0.1

package/README.md

@@ -0,0 +1,107 @@
+# @anarchitects/auth-angular
+
+Angular bricks for the Anarchitecture auth domain. The library is organized into standalone feature slices (config, data-access, feature, state, util, ui) that compose together to provide contract-driven authentication flows for Angular applications.
+
+## Features
+
+- `config`: DI tokens and provider helpers (API base URL, defaults)
+- `data-access`: generated OpenAPI clients plus adapters over the Nest API
+- `state`: signal-based store that drives login/logout, token refresh, and ability hydration
+- `feature`: router policy guard that consumes the shared ability
+- `util`: CASL ability helpers (`createAppAbility`, `AppAbility`)
+- `ui`: presentational components (reserved for future expansions)
+
+## Installation
+
+```bash
+npm install @anarchitects/auth-angular
+# or
+yarn add @anarchitects/auth-angular
+```
+
+Peer dependencies: Angular v20+, `@ngrx/signals`, `@sinclair/typebox`, and the sibling packages `@anarchitects/auth-ts` & `@anarchitects/auth-nest` (for end-to-end flows).
+
+## Usage
+
+### Quick start
+
+```ts
+// app.config.ts
+import { ApplicationConfig } from '@angular/core';
+import { provideAuthConfig } from '@anarchitects/auth-angular/config';
+import { provideAuthDataAccess } from '@anarchitects/auth-angular/data-access';
+
+export const appConfig: ApplicationConfig = {
+  providers: [
+    provideAuthConfig({
+      apiBaseUrl: 'https://api.anarchitects.dev',
+    }),
+    provideAuthDataAccess(),
+  ],
+};
+```
+
+```ts
+// app.component.ts
+import { Component, inject } from '@angular/core';
+import { AuthStore } from '@anarchitects/auth-angular/state';
+
+@Component({
+  selector: 'app-root',
+  template: `
+    <button (click)="login()">Login</button>
+    <p *ngIf="store.isLoggedIn()">Welcome {{ store.loggedInUser()?.email }}</p>
+  `,
+})
+export class AppComponent {
+  readonly store = inject(AuthStore);
+
+  login() {
+    this.store.login({ credential: 'user@example.com', password: 'secret' });
+  }
+}
+```
+
+```ts
+// app.routes.ts
+import { Routes } from '@angular/router';
+import { policyGuard } from '@anarchitects/auth-angular/feature';
+
+export const routes: Routes = [
+  {
+    path: 'admin',
+    canMatch: [policyGuard],
+    data: { action: 'manage', subject: 'admin-section' },
+    loadComponent: () => import('./admin.component').then((m) => m.AdminComponent),
+  },
+];
+```
+
+### Secondary entry points
+
+| Import path                              | Description                              |
+| ---------------------------------------- | ---------------------------------------- |
+| `@anarchitects/auth-angular/config`      | DI tokens and providers                  |
+| `@anarchitects/auth-angular/data-access` | Generated API clients and HTTP adapters  |
+| `@anarchitects/auth-angular/state`       | Signal store and CASL ability sync       |
+| `@anarchitects/auth-angular/feature`     | Router policy guard                      |
+| `@anarchitects/auth-angular/util`        | CASL ability factory and typings         |
+| `@anarchitects/auth-angular/ui`          | Presentational components (if available) |
+
+## Nx scripts
+
+- `nx build auth-angular` – build the Angular package
+- `nx test auth-angular` – execute unit tests (Jest)
+- `nx lint auth-angular` – run ESLint against the library
+
+## Development notes
+
+- DTO contracts live in `@anarchitects/auth-ts`; regenerate them when the API contract changes.
+- Data-access layer should always use the generated OpenAPI clients—no manual HTTP calls.
+- State layer uses Angular signals via `@ngrx/signals` for reactive updates and caches the CASL ability returned by the API.
+- Ability creation is centralised in `@anarchitects/auth-angular/util`; import `createAppAbility` instead of instantiating CASL directly.
+- Keep UI, feature, data-access, state, and config layers decoupled per architecture guidelines.
+
+## License
+
+Licensed under the [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0).

package/config/README.md

@@ -0,0 +1,28 @@
+# @anarchitects/auth-angular/config
+
+Configuration helpers and Angular DI tokens for the auth domain. Import from `@anarchitects/auth-angular/config` to customize how the data-access layer resolves API URLs.
+
+## Exports
+
+- `AUTH_CONFIG` / `AuthConfig`: typed configuration describing the auth API resource path
+- `API_RESOURCE_PATH`: resolved string token used by the data-access `AuthApi`
+- `provideAuthConfig(config)`: helper that registers `AUTH_CONFIG` and `API_RESOURCE_PATH`
+- `provideAuthDefaults()`: registers the library defaults (`apiResourcePath: 'auth'`)
+- `injectAuthConfig()` and `injectApiResourcePath()`: convenience accessors with sane fallbacks
+
+## Usage
+
+```ts
+import { ApplicationConfig } from '@angular/core';
+import { provideAuthConfig } from '@anarchitects/auth-angular/config';
+
+export const appConfig: ApplicationConfig = {
+  providers: [
+    ...provideAuthConfig({
+      apiResourcePath: 'identity/auth',
+    }),
+  ],
+};
+```
+
+Register these providers once (e.g. in `bootstrapApplication`) so all dependent layers resolve the correct API base path.

package/data-access/README.md

@@ -0,0 +1,43 @@
+# @anarchitects/auth-angular/data-access
+
+HTTP adapters that bridge Angular apps to the auth Nest API using the OpenAPI-generated DTOs. Import from `@anarchitects/auth-angular/data-access` when you need to call auth endpoints directly or wire them into feature/state layers.
+
+## Exports
+
+- `AuthApi`: injectable service backed by Angular `HttpClient`
+- `authBearerTokenInterceptor`: adds `Authorization: Bearer <accessToken>` when an access token is stored
+- `authErrorInterceptor`: handles `401/403`, attempts token refresh, retries request, and redirects to login on terminal auth failure
+- `withAuthHttpInterceptors()`: convenience helper for `provideHttpClient(...)`
+- Uses configuration from `@anarchitects/auth-angular/config` to resolve the `/api/{resource}` path
+- Methods map 1:1 to contract operations (`registerUser`, `login`, `logout`, `refreshTokens`, etc.)
+
+## Usage
+
+```ts
+import { Injectable } from '@angular/core';
+import { AuthApi } from '@anarchitects/auth-angular/data-access';
+import { LoginRequestDTO } from '@anarchitects/auth-ts/dtos';
+
+@Injectable({ providedIn: 'root' })
+export class AuthFacade {
+  constructor(private readonly authApi: AuthApi) {}
+
+  login(dto: LoginRequestDTO) {
+    return this.authApi.login(dto);
+  }
+}
+```
+
+Prefer consuming `AuthApi` from orchestrating feature services or signal stores so UI components remain presentation-only.
+
+## Interceptor usage
+
+```ts
+import { ApplicationConfig } from '@angular/core';
+import { provideHttpClient } from '@angular/common/http';
+import { withAuthHttpInterceptors } from '@anarchitects/auth-angular/data-access';
+
+export const appConfig: ApplicationConfig = {
+  providers: [provideHttpClient(withAuthHttpInterceptors())],
+};
+```

package/feature/README.md

@@ -0,0 +1,86 @@
+# @anarchitects/auth-angular/feature
+
+Feature layer for the Angular auth brick. It ships route guards plus standalone form-based feature components that orchestrate auth actions via `AuthStore`.
+
+## Exports
+
+- `policyGuard`: standalone `CanMatchFn` that denies routes unless the logged-in ability can perform the configured action on the configured subject.
+- `AnarchitectsFeatureRegister`
+- `AnarchitectsFeatureLogin`
+- `AnarchitectsFeatureActivateUser`
+- `AnarchitectsFeatureForgotPassword`
+- `AnarchitectsFeatureResetPassword`
+- `AnarchitectsFeatureVerifyEmail`
+- `AnarchitectsFeatureChangePassword`
+- `AnarchitectsFeatureUpdateEmail`
+- `AnarchitectsFeatureLogout`
+- `AnarchitectsFeatureRefreshTokens`
+
+## Usage
+
+```ts
+import { Routes } from '@angular/router';
+import { policyGuard } from '@anarchitects/auth-angular/feature';
+
+export const routes: Routes = [
+  {
+    path: 'admin',
+    canMatch: [policyGuard],
+    data: { action: 'manage', subject: 'admin-section' },
+    loadComponent: () => import('./admin.component').then((m) => m.AdminComponent),
+  },
+];
+```
+
+The guard reads the `AuthStore` ability snapshot. Ensure the state layer is providing abilities by wiring the data-access and util modules in your application bootstrap.
+
+### Token-driven actions
+
+```ts
+import { Component } from '@angular/core';
+import { AnarchitectsFeatureVerifyEmail } from '@anarchitects/auth-angular/feature';
+
+@Component({
+  selector: 'app-verify-email-page',
+  imports: [AnarchitectsFeatureVerifyEmail],
+  template: `<anarchitects-auth-feature-verify-email [token]="token" />`,
+})
+export class VerifyEmailPageComponent {
+  token = 'verification-token-from-route';
+}
+```
+
+### User-id actions
+
+```ts
+import { Component } from '@angular/core';
+import { AnarchitectsFeatureChangePassword } from '@anarchitects/auth-angular/feature';
+
+@Component({
+  selector: 'app-change-password-page',
+  imports: [AnarchitectsFeatureChangePassword],
+  template: `<anarchitects-auth-feature-change-password [userId]="userId" />`,
+})
+export class ChangePasswordPageComponent {
+  userId = 'current-user-id';
+}
+```
+
+### Token refresh/logout
+
+```ts
+import { Component } from '@angular/core';
+import { AnarchitectsFeatureRefreshTokens, AnarchitectsFeatureLogout } from '@anarchitects/auth-angular/feature';
+
+@Component({
+  selector: 'app-session-page',
+  imports: [AnarchitectsFeatureRefreshTokens, AnarchitectsFeatureLogout],
+  template: `
+    <anarchitects-auth-feature-refresh-tokens [userId]="userId" />
+    <anarchitects-auth-feature-logout />
+  `,
+})
+export class SessionPageComponent {
+  userId = 'current-user-id';
+}
+```

package/fesm2022/anarchitects-auth-angular-config.mjs

@@ -0,0 +1,34 @@
+import { InjectionToken, inject } from '@angular/core';
+
+const AUTH_CONFIG = new InjectionToken('AUTH_CONFIG');
+const API_RESOURCE_PATH = new InjectionToken('AUTH_API_RESOURCE_PATH');
+/** Library-level sensible defaults */
+const AUTH_DEFAULTS = {
+    apiResourcePath: 'auth',
+};
+/** Safe injectors that fall back to defaults if no providers are registered */
+function injectAuthConfig() {
+    return inject(AUTH_CONFIG, { optional: true }) ?? AUTH_DEFAULTS;
+}
+function injectApiResourcePath() {
+    return (inject(API_RESOURCE_PATH, { optional: true }) ??
+        AUTH_DEFAULTS.apiResourcePath);
+}
+
+function provideAuthConfig(cfg) {
+    const merged = { ...AUTH_DEFAULTS, ...cfg };
+    return [
+        { provide: AUTH_CONFIG, useValue: merged },
+        { provide: API_RESOURCE_PATH, useValue: merged.apiResourcePath },
+    ];
+}
+function provideAuthDefaults() {
+    return provideAuthConfig({});
+}
+
+/**
+ * Generated bundle index. Do not edit.
+ */
+
+export { API_RESOURCE_PATH, AUTH_CONFIG, AUTH_DEFAULTS, injectApiResourcePath, injectAuthConfig, provideAuthConfig, provideAuthDefaults };
+//# sourceMappingURL=anarchitects-auth-angular-config.mjs.map

package/fesm2022/anarchitects-auth-angular-config.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"anarchitects-auth-angular-config.mjs","sources":["../../../../../libs/auth/angular/config/src/tokens.ts","../../../../../libs/auth/angular/config/src/providers.ts","../../../../../libs/auth/angular/config/src/anarchitects-auth-angular-config.ts"],"sourcesContent":["import { InjectionToken, inject } from '@angular/core';\n\nexport type AuthConfig = {\n  apiResourcePath: string;\n};\n\nexport const AUTH_CONFIG = new InjectionToken<AuthConfig>('AUTH_CONFIG');\nexport const API_RESOURCE_PATH = new InjectionToken<string>(\n  'AUTH_API_RESOURCE_PATH'\n);\n\n/** Library-level sensible defaults */\nexport const AUTH_DEFAULTS: AuthConfig = {\n  apiResourcePath: 'auth',\n};\n\n/** Safe injectors that fall back to defaults if no providers are registered */\nexport function injectAuthConfig(): AuthConfig {\n  return inject(AUTH_CONFIG, { optional: true }) ?? AUTH_DEFAULTS;\n}\n\nexport function injectApiResourcePath(): string {\n  return (\n    inject(API_RESOURCE_PATH, { optional: true }) ??\n    AUTH_DEFAULTS.apiResourcePath\n  );\n}\n","import { Provider } from '@angular/core';\nimport {\n  API_RESOURCE_PATH,\n  AUTH_CONFIG,\n  AUTH_DEFAULTS,\n  AuthConfig,\n} from './tokens';\n\nexport function provideAuthConfig(cfg: Partial<AuthConfig>): Provider[] {\n  const merged: AuthConfig = { ...AUTH_DEFAULTS, ...cfg };\n  return [\n    { provide: AUTH_CONFIG, useValue: merged },\n    { provide: API_RESOURCE_PATH, useValue: merged.apiResourcePath },\n  ];\n}\n\nexport function provideAuthDefaults(): Provider[] {\n  return provideAuthConfig({});\n}\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './index';\n"],"names":[],"mappings":";;MAMa,WAAW,GAAG,IAAI,cAAc,CAAa,aAAa;MAC1D,iBAAiB,GAAG,IAAI,cAAc,CACjD,wBAAwB;AAG1B;AACO,MAAM,aAAa,GAAe;AACvC,IAAA,eAAe,EAAE,MAAM;;AAGzB;SACgB,gBAAgB,GAAA;AAC9B,IAAA,OAAO,MAAM,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,IAAI,aAAa;AACjE;SAEgB,qBAAqB,GAAA;IACnC,QACE,MAAM,CAAC,iBAAiB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC7C,aAAa,CAAC,eAAe;AAEjC;;AClBM,SAAU,iBAAiB,CAAC,GAAwB,EAAA;IACxD,MAAM,MAAM,GAAe,EAAE,GAAG,aAAa,EAAE,GAAG,GAAG,EAAE;IACvD,OAAO;AACL,QAAA,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE;QAC1C,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,CAAC,eAAe,EAAE;KACjE;AACH;SAEgB,mBAAmB,GAAA;AACjC,IAAA,OAAO,iBAAiB,CAAC,EAAE,CAAC;AAC9B;;AClBA;;AAEG;;;;"}

package/fesm2022/anarchitects-auth-angular-data-access.mjs

@@ -0,0 +1,214 @@
+import { injectApiResourcePath } from '@anarchitects/auth-angular/config';
+import { HttpClient, HttpContextToken, HttpErrorResponse, HttpStatusCode, HttpBackend, withInterceptors } from '@angular/common/http';
+import * as i0 from '@angular/core';
+import { inject, Injectable } from '@angular/core';
+import { jwtDecode } from 'jwt-decode';
+import { Router } from '@angular/router';
+import { tap, finalize, shareReplay, catchError, throwError, switchMap } from 'rxjs';
+
+class AuthApi {
+    http = inject(HttpClient);
+    resourceUrl = `/api/${injectApiResourcePath()}`;
+    registerUser(dto) {
+        return this.http.post(`${this.resourceUrl}/register`, dto);
+    }
+    activateUser(dto) {
+        return this.http.patch(`${this.resourceUrl}/activate`, dto);
+    }
+    login(dto) {
+        return this.http.post(`${this.resourceUrl}/login`, dto);
+    }
+    logout(dto) {
+        return this.http.post(`${this.resourceUrl}/logout`, dto);
+    }
+    changePassword(userId, dto) {
+        return this.http.patch(`${this.resourceUrl}/change-password/${userId}`, dto);
+    }
+    forgotPassword(dto) {
+        return this.http.post(`${this.resourceUrl}/forgot-password`, dto);
+    }
+    resetPassword(dto) {
+        return this.http.post(`${this.resourceUrl}/reset-password`, dto);
+    }
+    verifyEmail(dto) {
+        return this.http.post(`${this.resourceUrl}/verify-email`, dto);
+    }
+    updateEmail(userId, dto) {
+        return this.http.patch(`${this.resourceUrl}/update-email/${userId}`, dto);
+    }
+    refreshTokens(userId, dto) {
+        return this.http.post(`${this.resourceUrl}/refresh-tokens/${userId}`, dto);
+    }
+    getLoggedInUserInfo() {
+        return this.http.get(`${this.resourceUrl}/me`);
+    }
+    static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "21.1.6", ngImport: i0, type: AuthApi, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
+    static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "21.1.6", ngImport: i0, type: AuthApi, providedIn: 'root' });
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "21.1.6", ngImport: i0, type: AuthApi, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root',
+                }]
+        }] });
+
+const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';
+const REFRESH_TOKEN_STORAGE_KEY = 'refreshToken';
+function getStoredToken(key) {
+    try {
+        if (typeof localStorage === 'undefined') {
+            return undefined;
+        }
+        return localStorage.getItem(key) ?? undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+function storeTokens(tokens) {
+    try {
+        if (typeof localStorage === 'undefined') {
+            return;
+        }
+        localStorage.setItem(ACCESS_TOKEN_STORAGE_KEY, tokens.accessToken);
+        localStorage.setItem(REFRESH_TOKEN_STORAGE_KEY, tokens.refreshToken);
+    }
+    catch {
+        // noop: storage can be unavailable in non-browser environments
+    }
+}
+function clearStoredTokens() {
+    try {
+        if (typeof localStorage === 'undefined') {
+            return;
+        }
+        localStorage.removeItem(ACCESS_TOKEN_STORAGE_KEY);
+        localStorage.removeItem(REFRESH_TOKEN_STORAGE_KEY);
+    }
+    catch {
+        // noop: storage can be unavailable in non-browser environments
+    }
+}
+function resolveUserIdFromAccessToken(accessToken) {
+    if (!accessToken) {
+        return undefined;
+    }
+    try {
+        const decoded = jwtDecode(accessToken);
+        return decoded.sub;
+    }
+    catch {
+        return undefined;
+    }
+}
+
+const authBearerTokenInterceptor = (req, next) => {
+    const accessToken = getStoredToken(ACCESS_TOKEN_STORAGE_KEY);
+    if (!accessToken || req.headers.has('Authorization')) {
+        return next(req);
+    }
+    return next(req.clone({
+        setHeaders: {
+            Authorization: `Bearer ${accessToken}`,
+        },
+    }));
+};
+
+const AUTH_RETRY_ATTEMPTED = new HttpContextToken(() => false);
+const LOGIN_REDIRECT_PATH = '/login';
+let refreshTokensRequest$ = null;
+function isUnauthorizedError(error) {
+    return (error instanceof HttpErrorResponse &&
+        (error.status === HttpStatusCode.Unauthorized ||
+            error.status === HttpStatusCode.Forbidden));
+}
+function isAuthPublicEndpoint(url, authBaseUrl) {
+    const publicEndpoints = [
+        '/login',
+        '/register',
+        '/activate',
+        '/forgot-password',
+        '/reset-password',
+        '/verify-email',
+    ];
+    return publicEndpoints.some((endpoint) => url.includes(`${authBaseUrl}${endpoint}`));
+}
+function isRefreshEndpoint(url, authBaseUrl) {
+    return url.includes(`${authBaseUrl}/refresh-tokens/`);
+}
+function redirectToLogin(router) {
+    if (router) {
+        void router.navigateByUrl(LOGIN_REDIRECT_PATH);
+        return;
+    }
+    if (typeof window !== 'undefined') {
+        window.location.assign(LOGIN_REDIRECT_PATH);
+    }
+}
+function getRefreshTokensRequest(http, refreshUrl, refreshToken) {
+    if (!refreshTokensRequest$) {
+        refreshTokensRequest$ = http
+            .post(refreshUrl, { refreshToken })
+            .pipe(tap((tokens) => storeTokens(tokens)), finalize(() => {
+            refreshTokensRequest$ = null;
+        }), shareReplay(1));
+    }
+    return refreshTokensRequest$;
+}
+const authErrorInterceptor = (req, next) => {
+    const authBaseUrl = `/api/${injectApiResourcePath()}`;
+    const backend = inject(HttpBackend);
+    const router = inject(Router, { optional: true });
+    const rawHttp = new HttpClient(backend);
+    return next(req).pipe(catchError((error) => {
+        if (!isUnauthorizedError(error)) {
+            return throwError(() => error);
+        }
+        if (req.context.get(AUTH_RETRY_ATTEMPTED) ||
+            isRefreshEndpoint(req.url, authBaseUrl) ||
+            isAuthPublicEndpoint(req.url, authBaseUrl)) {
+            if (req.context.get(AUTH_RETRY_ATTEMPTED)) {
+                clearStoredTokens();
+                redirectToLogin(router ?? null);
+            }
+            return throwError(() => error);
+        }
+        const refreshToken = getStoredToken(REFRESH_TOKEN_STORAGE_KEY);
+        const accessToken = getStoredToken(ACCESS_TOKEN_STORAGE_KEY);
+        const userId = resolveUserIdFromAccessToken(accessToken);
+        if (!refreshToken || !userId) {
+            clearStoredTokens();
+            redirectToLogin(router ?? null);
+            return throwError(() => error);
+        }
+        const refreshUrl = `${authBaseUrl}/refresh-tokens/${userId}`;
+        return getRefreshTokensRequest(rawHttp, refreshUrl, refreshToken).pipe(switchMap(({ accessToken: nextAccessToken }) => {
+            const retryRequest = req.clone({
+                context: req.context.set(AUTH_RETRY_ATTEMPTED, true),
+                setHeaders: {
+                    Authorization: `Bearer ${nextAccessToken}`,
+                },
+            });
+            return next(retryRequest);
+        }), catchError((refreshError) => {
+            clearStoredTokens();
+            redirectToLogin(router ?? null);
+            return throwError(() => refreshError);
+        }));
+    }));
+};
+
+const AUTH_HTTP_INTERCEPTORS = [
+    authBearerTokenInterceptor,
+    authErrorInterceptor,
+];
+function withAuthHttpInterceptors() {
+    return withInterceptors(AUTH_HTTP_INTERCEPTORS);
+}
+
+/**
+ * Generated bundle index. Do not edit.
+ */
+
+export { AUTH_HTTP_INTERCEPTORS, AuthApi, authBearerTokenInterceptor, authErrorInterceptor, withAuthHttpInterceptors };
+//# sourceMappingURL=anarchitects-auth-angular-data-access.mjs.map

package/fesm2022/anarchitects-auth-angular-data-access.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"anarchitects-auth-angular-data-access.mjs","sources":["../../../../../libs/auth/angular/data-access/src/auth-api.ts","../../../../../libs/auth/angular/data-access/src/interceptors/auth-token.utils.ts","../../../../../libs/auth/angular/data-access/src/interceptors/bearer-token.interceptor.ts","../../../../../libs/auth/angular/data-access/src/interceptors/auth-error.interceptor.ts","../../../../../libs/auth/angular/data-access/src/interceptors/index.ts","../../../../../libs/auth/angular/data-access/src/anarchitects-auth-angular-data-access.ts"],"sourcesContent":["import { injectApiResourcePath } from '@anarchitects/auth-angular/config';\nimport {\n  ActivateUserRequestDTO,\n  ChangePasswordRequestDTO,\n  ForgotPasswordRequestDTO,\n  LoginRequestDTO,\n  LoginResponseDTO,\n  LogoutRequestDTO,\n  RefreshTokenRequestDTO,\n  RegisterRequestDTO,\n  RegisterResponseDTO,\n  ResetPasswordRequestDTO,\n  UpdateEmailRequestDTO,\n  VerifyEmailRequestDTO,\n} from '@anarchitects/auth-ts/dtos';\nimport { PolicyRule, User } from '@anarchitects/auth-ts/models';\nimport { HttpClient } from '@angular/common/http';\nimport { inject, Injectable } from '@angular/core';\n\n@Injectable({\n  providedIn: 'root',\n})\nexport class AuthApi {\n  private readonly http = inject(HttpClient);\n  private readonly resourceUrl = `/api/${injectApiResourcePath()}`;\n\n  registerUser(dto: RegisterRequestDTO) {\n    return this.http.post<RegisterResponseDTO>(\n      `${this.resourceUrl}/register`,\n      dto\n    );\n  }\n\n  activateUser(dto: ActivateUserRequestDTO) {\n    return this.http.patch<{ success: boolean }>(\n      `${this.resourceUrl}/activate`,\n      dto\n    );\n  }\n\n  login(dto: LoginRequestDTO) {\n    return this.http.post<LoginResponseDTO>(`${this.resourceUrl}/login`, dto);\n  }\n\n  logout(dto: LogoutRequestDTO) {\n    return this.http.post<{ success: boolean }>(\n      `${this.resourceUrl}/logout`,\n      dto\n    );\n  }\n\n  changePassword(userId: string, dto: ChangePasswordRequestDTO) {\n    return this.http.patch<{ success: boolean }>(\n      `${this.resourceUrl}/change-password/${userId}`,\n      dto\n    );\n  }\n\n  forgotPassword(dto: ForgotPasswordRequestDTO) {\n    return this.http.post<{ success: boolean }>(\n      `${this.resourceUrl}/forgot-password`,\n      dto\n    );\n  }\n\n  resetPassword(dto: ResetPasswordRequestDTO) {\n    return this.http.post<{ success: boolean }>(\n      `${this.resourceUrl}/reset-password`,\n      dto\n    );\n  }\n\n  verifyEmail(dto: VerifyEmailRequestDTO) {\n    return this.http.post<{ success: boolean }>(\n      `${this.resourceUrl}/verify-email`,\n      dto\n    );\n  }\n\n  updateEmail(userId: string, dto: UpdateEmailRequestDTO) {\n    return this.http.patch<{ success: boolean }>(\n      `${this.resourceUrl}/update-email/${userId}`,\n      dto\n    );\n  }\n\n  refreshTokens(userId: string, dto: RefreshTokenRequestDTO) {\n    return this.http.post<LoginResponseDTO>(\n      `${this.resourceUrl}/refresh-tokens/${userId}`,\n      dto\n    );\n  }\n\n  getLoggedInUserInfo() {\n    return this.http.get<{ user: User; rbac: PolicyRule[] }>(\n      `${this.resourceUrl}/me`\n    );\n  }\n}\n","import { jwtDecode } from 'jwt-decode';\n\nexport const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';\nexport const REFRESH_TOKEN_STORAGE_KEY = 'refreshToken';\n\nexport type LoginTokens = {\n  accessToken: string;\n  refreshToken: string;\n};\n\nexport function getStoredToken(key: string): string | undefined {\n  try {\n    if (typeof localStorage === 'undefined') {\n      return undefined;\n    }\n\n    return localStorage.getItem(key) ?? undefined;\n  } catch {\n    return undefined;\n  }\n}\n\nexport function storeTokens(tokens: LoginTokens): void {\n  try {\n    if (typeof localStorage === 'undefined') {\n      return;\n    }\n\n    localStorage.setItem(ACCESS_TOKEN_STORAGE_KEY, tokens.accessToken);\n    localStorage.setItem(REFRESH_TOKEN_STORAGE_KEY, tokens.refreshToken);\n  } catch {\n    // noop: storage can be unavailable in non-browser environments\n  }\n}\n\nexport function clearStoredTokens(): void {\n  try {\n    if (typeof localStorage === 'undefined') {\n      return;\n    }\n\n    localStorage.removeItem(ACCESS_TOKEN_STORAGE_KEY);\n    localStorage.removeItem(REFRESH_TOKEN_STORAGE_KEY);\n  } catch {\n    // noop: storage can be unavailable in non-browser environments\n  }\n}\n\nexport function resolveUserIdFromAccessToken(\n  accessToken: string | undefined\n): string | undefined {\n  if (!accessToken) {\n    return undefined;\n  }\n\n  try {\n    const decoded = jwtDecode<{ sub?: string }>(accessToken);\n    return decoded.sub;\n  } catch {\n    return undefined;\n  }\n}\n","import { HttpInterceptorFn } from '@angular/common/http';\nimport { ACCESS_TOKEN_STORAGE_KEY, getStoredToken } from './auth-token.utils';\n\nexport const authBearerTokenInterceptor: HttpInterceptorFn = (req, next) => {\n  const accessToken = getStoredToken(ACCESS_TOKEN_STORAGE_KEY);\n\n  if (!accessToken || req.headers.has('Authorization')) {\n    return next(req);\n  }\n\n  return next(\n    req.clone({\n      setHeaders: {\n        Authorization: `Bearer ${accessToken}`,\n      },\n    })\n  );\n};\n","import {\n  HttpBackend,\n  HttpClient,\n  HttpContextToken,\n  HttpErrorResponse,\n  HttpInterceptorFn,\n  HttpStatusCode,\n} from '@angular/common/http';\nimport { inject } from '@angular/core';\nimport { injectApiResourcePath } from '@anarchitects/auth-angular/config';\nimport { LoginResponseDTO } from '@anarchitects/auth-ts/dtos';\nimport { Router } from '@angular/router';\nimport {\n  catchError,\n  finalize,\n  Observable,\n  shareReplay,\n  switchMap,\n  tap,\n  throwError,\n} from 'rxjs';\nimport {\n  ACCESS_TOKEN_STORAGE_KEY,\n  REFRESH_TOKEN_STORAGE_KEY,\n  clearStoredTokens,\n  getStoredToken,\n  resolveUserIdFromAccessToken,\n  storeTokens,\n} from './auth-token.utils';\n\nconst AUTH_RETRY_ATTEMPTED = new HttpContextToken<boolean>(() => false);\nconst LOGIN_REDIRECT_PATH = '/login';\n\nlet refreshTokensRequest$: Observable<LoginResponseDTO> | null = null;\n\nfunction isUnauthorizedError(error: unknown): error is HttpErrorResponse {\n  return (\n    error instanceof HttpErrorResponse &&\n    (error.status === HttpStatusCode.Unauthorized ||\n      error.status === HttpStatusCode.Forbidden)\n  );\n}\n\nfunction isAuthPublicEndpoint(url: string, authBaseUrl: string): boolean {\n  const publicEndpoints = [\n    '/login',\n    '/register',\n    '/activate',\n    '/forgot-password',\n    '/reset-password',\n    '/verify-email',\n  ];\n\n  return publicEndpoints.some((endpoint) =>\n    url.includes(`${authBaseUrl}${endpoint}`)\n  );\n}\n\nfunction isRefreshEndpoint(url: string, authBaseUrl: string): boolean {\n  return url.includes(`${authBaseUrl}/refresh-tokens/`);\n}\n\nfunction redirectToLogin(router: Router | null): void {\n  if (router) {\n    void router.navigateByUrl(LOGIN_REDIRECT_PATH);\n    return;\n  }\n\n  if (typeof window !== 'undefined') {\n    window.location.assign(LOGIN_REDIRECT_PATH);\n  }\n}\n\nfunction getRefreshTokensRequest(\n  http: HttpClient,\n  refreshUrl: string,\n  refreshToken: string\n): Observable<LoginResponseDTO> {\n  if (!refreshTokensRequest$) {\n    refreshTokensRequest$ = http\n      .post<LoginResponseDTO>(refreshUrl, { refreshToken })\n      .pipe(\n        tap((tokens) => storeTokens(tokens)),\n        finalize(() => {\n          refreshTokensRequest$ = null;\n        }),\n        shareReplay(1)\n      );\n  }\n\n  return refreshTokensRequest$;\n}\n\nexport const authErrorInterceptor: HttpInterceptorFn = (req, next) => {\n  const authBaseUrl = `/api/${injectApiResourcePath()}`;\n  const backend = inject(HttpBackend);\n  const router = inject(Router, { optional: true });\n  const rawHttp = new HttpClient(backend);\n\n  return next(req).pipe(\n    catchError((error) => {\n      if (!isUnauthorizedError(error)) {\n        return throwError(() => error);\n      }\n\n      if (\n        req.context.get(AUTH_RETRY_ATTEMPTED) ||\n        isRefreshEndpoint(req.url, authBaseUrl) ||\n        isAuthPublicEndpoint(req.url, authBaseUrl)\n      ) {\n        if (req.context.get(AUTH_RETRY_ATTEMPTED)) {\n          clearStoredTokens();\n          redirectToLogin(router ?? null);\n        }\n\n        return throwError(() => error);\n      }\n\n      const refreshToken = getStoredToken(REFRESH_TOKEN_STORAGE_KEY);\n      const accessToken = getStoredToken(ACCESS_TOKEN_STORAGE_KEY);\n      const userId = resolveUserIdFromAccessToken(accessToken);\n\n      if (!refreshToken || !userId) {\n        clearStoredTokens();\n        redirectToLogin(router ?? null);\n        return throwError(() => error);\n      }\n\n      const refreshUrl = `${authBaseUrl}/refresh-tokens/${userId}`;\n\n      return getRefreshTokensRequest(rawHttp, refreshUrl, refreshToken).pipe(\n        switchMap(({ accessToken: nextAccessToken }) => {\n          const retryRequest = req.clone({\n            context: req.context.set(AUTH_RETRY_ATTEMPTED, true),\n            setHeaders: {\n              Authorization: `Bearer ${nextAccessToken}`,\n            },\n          });\n\n          return next(retryRequest);\n        }),\n        catchError((refreshError) => {\n          clearStoredTokens();\n          redirectToLogin(router ?? null);\n          return throwError(() => refreshError);\n        })\n      );\n    })\n  );\n};\n","import { HttpInterceptorFn, withInterceptors } from '@angular/common/http';\nimport { authBearerTokenInterceptor } from './bearer-token.interceptor';\nimport { authErrorInterceptor } from './auth-error.interceptor';\n\nexport const AUTH_HTTP_INTERCEPTORS: HttpInterceptorFn[] = [\n  authBearerTokenInterceptor,\n  authErrorInterceptor,\n];\n\nexport function withAuthHttpInterceptors() {\n  return withInterceptors(AUTH_HTTP_INTERCEPTORS);\n}\n\nexport * from './bearer-token.interceptor';\nexport * from './auth-error.interceptor';\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './index';\n"],"names":[],"mappings":";;;;;;;;MAsBa,OAAO,CAAA;AACD,IAAA,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC;AACzB,IAAA,WAAW,GAAG,CAAA,KAAA,EAAQ,qBAAqB,EAAE,EAAE;AAEhE,IAAA,YAAY,CAAC,GAAuB,EAAA;AAClC,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CACnB,CAAA,EAAG,IAAI,CAAC,WAAW,CAAA,SAAA,CAAW,EAC9B,GAAG,CACJ;IACH;AAEA,IAAA,YAAY,CAAC,GAA2B,EAAA;AACtC,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CACpB,CAAA,EAAG,IAAI,CAAC,WAAW,CAAA,SAAA,CAAW,EAC9B,GAAG,CACJ;IACH;AAEA,IAAA,KAAK,CAAC,GAAoB,EAAA;AACxB,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAmB,CAAA,EAAG,IAAI,CAAC,WAAW,CAAA,MAAA,CAAQ,EAAE,GAAG,CAAC;IAC3E;AAEA,IAAA,MAAM,CAAC,GAAqB,EAAA;AAC1B,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CACnB,CAAA,EAAG,IAAI,CAAC,WAAW,CAAA,OAAA,CAAS,EAC5B,GAAG,CACJ;IACH;IAEA,cAAc,CAAC,MAAc,EAAE,GAA6B,EAAA;AAC1D,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CACpB,CAAA,EAAG,IAAI,CAAC,WAAW,oBAAoB,MAAM,CAAA,CAAE,EAC/C,GAAG,CACJ;IACH;AAEA,IAAA,cAAc,CAAC,GAA6B,EAAA;AAC1C,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CACnB,CAAA,EAAG,IAAI,CAAC,WAAW,CAAA,gBAAA,CAAkB,EACrC,GAAG,CACJ;IACH;AAEA,IAAA,aAAa,CAAC,GAA4B,EAAA;AACxC,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CACnB,CAAA,EAAG,IAAI,CAAC,WAAW,CAAA,eAAA,CAAiB,EACpC,GAAG,CACJ;IACH;AAEA,IAAA,WAAW,CAAC,GAA0B,EAAA;AACpC,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CACnB,CAAA,EAAG,IAAI,CAAC,WAAW,CAAA,aAAA,CAAe,EAClC,GAAG,CACJ;IACH;IAEA,WAAW,CAAC,MAAc,EAAE,GAA0B,EAAA;AACpD,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CACpB,CAAA,EAAG,IAAI,CAAC,WAAW,iBAAiB,MAAM,CAAA,CAAE,EAC5C,GAAG,CACJ;IACH;IAEA,aAAa,CAAC,MAAc,EAAE,GAA2B,EAAA;AACvD,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CACnB,CAAA,EAAG,IAAI,CAAC,WAAW,mBAAmB,MAAM,CAAA,CAAE,EAC9C,GAAG,CACJ;IACH;IAEA,mBAAmB,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAClB,CAAA,EAAG,IAAI,CAAC,WAAW,CAAA,GAAA,CAAK,CACzB;IACH;uGA3EW,OAAO,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;AAAP,IAAA,OAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,QAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,OAAO,cAFN,MAAM,EAAA,CAAA;;2FAEP,OAAO,EAAA,UAAA,EAAA,CAAA;kBAHnB,UAAU;AAAC,YAAA,IAAA,EAAA,CAAA;AACV,oBAAA,UAAU,EAAE,MAAM;AACnB,iBAAA;;;ACnBM,MAAM,wBAAwB,GAAG,aAAa;AAC9C,MAAM,yBAAyB,GAAG,cAAc;AAOjD,SAAU,cAAc,CAAC,GAAW,EAAA;AACxC,IAAA,IAAI;AACF,QAAA,IAAI,OAAO,YAAY,KAAK,WAAW,EAAE;AACvC,YAAA,OAAO,SAAS;QAClB;QAEA,OAAO,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,SAAS;IAC/C;AAAE,IAAA,MAAM;AACN,QAAA,OAAO,SAAS;IAClB;AACF;AAEM,SAAU,WAAW,CAAC,MAAmB,EAAA;AAC7C,IAAA,IAAI;AACF,QAAA,IAAI,OAAO,YAAY,KAAK,WAAW,EAAE;YACvC;QACF;QAEA,YAAY,CAAC,OAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,WAAW,CAAC;QAClE,YAAY,CAAC,OAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,YAAY,CAAC;IACtE;AAAE,IAAA,MAAM;;IAER;AACF;SAEgB,iBAAiB,GAAA;AAC/B,IAAA,IAAI;AACF,QAAA,IAAI,OAAO,YAAY,KAAK,WAAW,EAAE;YACvC;QACF;AAEA,QAAA,YAAY,CAAC,UAAU,CAAC,wBAAwB,CAAC;AACjD,QAAA,YAAY,CAAC,UAAU,CAAC,yBAAyB,CAAC;IACpD;AAAE,IAAA,MAAM;;IAER;AACF;AAEM,SAAU,4BAA4B,CAC1C,WAA+B,EAAA;IAE/B,IAAI,CAAC,WAAW,EAAE;AAChB,QAAA,OAAO,SAAS;IAClB;AAEA,IAAA,IAAI;AACF,QAAA,MAAM,OAAO,GAAG,SAAS,CAAmB,WAAW,CAAC;QACxD,OAAO,OAAO,CAAC,GAAG;IACpB;AAAE,IAAA,MAAM;AACN,QAAA,OAAO,SAAS;IAClB;AACF;;MC1Da,0BAA0B,GAAsB,CAAC,GAAG,EAAE,IAAI,KAAI;AACzE,IAAA,MAAM,WAAW,GAAG,cAAc,CAAC,wBAAwB,CAAC;AAE5D,IAAA,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE;AACpD,QAAA,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB;AAEA,IAAA,OAAO,IAAI,CACT,GAAG,CAAC,KAAK,CAAC;AACR,QAAA,UAAU,EAAE;YACV,aAAa,EAAE,CAAA,OAAA,EAAU,WAAW,CAAA,CAAE;AACvC,SAAA;AACF,KAAA,CAAC,CACH;AACH;;ACaA,MAAM,oBAAoB,GAAG,IAAI,gBAAgB,CAAU,MAAM,KAAK,CAAC;AACvE,MAAM,mBAAmB,GAAG,QAAQ;AAEpC,IAAI,qBAAqB,GAAwC,IAAI;AAErE,SAAS,mBAAmB,CAAC,KAAc,EAAA;IACzC,QACE,KAAK,YAAY,iBAAiB;AAClC,SAAC,KAAK,CAAC,MAAM,KAAK,cAAc,CAAC,YAAY;YAC3C,KAAK,CAAC,MAAM,KAAK,cAAc,CAAC,SAAS,CAAC;AAEhD;AAEA,SAAS,oBAAoB,CAAC,GAAW,EAAE,WAAmB,EAAA;AAC5D,IAAA,MAAM,eAAe,GAAG;QACtB,QAAQ;QACR,WAAW;QACX,WAAW;QACX,kBAAkB;QAClB,iBAAiB;QACjB,eAAe;KAChB;IAED,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,KACnC,GAAG,CAAC,QAAQ,CAAC,GAAG,WAAW,CAAA,EAAG,QAAQ,CAAA,CAAE,CAAC,CAC1C;AACH;AAEA,SAAS,iBAAiB,CAAC,GAAW,EAAE,WAAmB,EAAA;IACzD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,WAAW,CAAA,gBAAA,CAAkB,CAAC;AACvD;AAEA,SAAS,eAAe,CAAC,MAAqB,EAAA;IAC5C,IAAI,MAAM,EAAE;AACV,QAAA,KAAK,MAAM,CAAC,aAAa,CAAC,mBAAmB,CAAC;QAC9C;IACF;AAEA,IAAA,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;AACjC,QAAA,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,mBAAmB,CAAC;IAC7C;AACF;AAEA,SAAS,uBAAuB,CAC9B,IAAgB,EAChB,UAAkB,EAClB,YAAoB,EAAA;IAEpB,IAAI,CAAC,qBAAqB,EAAE;AAC1B,QAAA,qBAAqB,GAAG;AACrB,aAAA,IAAI,CAAmB,UAAU,EAAE,EAAE,YAAY,EAAE;AACnD,aAAA,IAAI,CACH,GAAG,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,CAAC,CAAC,EACpC,QAAQ,CAAC,MAAK;YACZ,qBAAqB,GAAG,IAAI;AAC9B,QAAA,CAAC,CAAC,EACF,WAAW,CAAC,CAAC,CAAC,CACf;IACL;AAEA,IAAA,OAAO,qBAAqB;AAC9B;MAEa,oBAAoB,GAAsB,CAAC,GAAG,EAAE,IAAI,KAAI;AACnE,IAAA,MAAM,WAAW,GAAG,CAAA,KAAA,EAAQ,qBAAqB,EAAE,EAAE;AACrD,IAAA,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,CAAC;AACnC,IAAA,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AACjD,IAAA,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;AAEvC,IAAA,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CACnB,UAAU,CAAC,CAAC,KAAK,KAAI;AACnB,QAAA,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE;AAC/B,YAAA,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC;QAChC;AAEA,QAAA,IACE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;AACrC,YAAA,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC;YACvC,oBAAoB,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC,EAC1C;YACA,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE;AACzC,gBAAA,iBAAiB,EAAE;AACnB,gBAAA,eAAe,CAAC,MAAM,IAAI,IAAI,CAAC;YACjC;AAEA,YAAA,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC;QAChC;AAEA,QAAA,MAAM,YAAY,GAAG,cAAc,CAAC,yBAAyB,CAAC;AAC9D,QAAA,MAAM,WAAW,GAAG,cAAc,CAAC,wBAAwB,CAAC;AAC5D,QAAA,MAAM,MAAM,GAAG,4BAA4B,CAAC,WAAW,CAAC;AAExD,QAAA,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,EAAE;AAC5B,YAAA,iBAAiB,EAAE;AACnB,YAAA,eAAe,CAAC,MAAM,IAAI,IAAI,CAAC;AAC/B,YAAA,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC;QAChC;AAEA,QAAA,MAAM,UAAU,GAAG,CAAA,EAAG,WAAW,CAAA,gBAAA,EAAmB,MAAM,EAAE;QAE5D,OAAO,uBAAuB,CAAC,OAAO,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC,IAAI,CACpE,SAAS,CAAC,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,KAAI;AAC7C,YAAA,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC;gBAC7B,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,IAAI,CAAC;AACpD,gBAAA,UAAU,EAAE;oBACV,aAAa,EAAE,CAAA,OAAA,EAAU,eAAe,CAAA,CAAE;AAC3C,iBAAA;AACF,aAAA,CAAC;AAEF,YAAA,OAAO,IAAI,CAAC,YAAY,CAAC;AAC3B,QAAA,CAAC,CAAC,EACF,UAAU,CAAC,CAAC,YAAY,KAAI;AAC1B,YAAA,iBAAiB,EAAE;AACnB,YAAA,eAAe,CAAC,MAAM,IAAI,IAAI,CAAC;AAC/B,YAAA,OAAO,UAAU,CAAC,MAAM,YAAY,CAAC;QACvC,CAAC,CAAC,CACH;IACH,CAAC,CAAC,CACH;AACH;;ACjJO,MAAM,sBAAsB,GAAwB;IACzD,0BAA0B;IAC1B,oBAAoB;;SAGN,wBAAwB,GAAA;AACtC,IAAA,OAAO,gBAAgB,CAAC,sBAAsB,CAAC;AACjD;;ACXA;;AAEG;;;;"}