@anarchitects/auth-nest 0.4.2 → 0.5.0

package/src/application/services/resource-authorization.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.assertCanAccessResource = exports.toPolicySubject = void 0;
+const ability_1 = require("@casl/ability");
+const common_1 = require("@nestjs/common");
+const toPolicySubject = (subjectType, resource) => (0, ability_1.subject)(subjectType, resource);
+exports.toPolicySubject = toPolicySubject;
+const assertCanAccessResource = (ability, action, subjectType, resource, field) => {
+    const policySubject = (0, exports.toPolicySubject)(subjectType, resource);
+    const isAllowed = field
+        ? ability.can(action, policySubject, field)
+        : ability.can(action, policySubject);
+    if (!isAllowed) {
+        throw new common_1.ForbiddenException();
+    }
+};
+exports.assertCanAccessResource = assertCanAccessResource;
+//# sourceMappingURL=resource-authorization.js.map

package/src/application/services/resource-authorization.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource-authorization.js","sourceRoot":"","sources":["../../../../../../../libs/auth/nest/src/application/services/resource-authorization.ts"],"names":[],"mappings":";;;AACA,2CAAwC;AACxC,2CAAoD;AAI7C,MAAM,eAAe,GAAG,CAC7B,WAAoB,EACpB,QAAW,EACX,EAAE,CAAC,IAAA,iBAAO,EAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;AAHvB,QAAA,eAAe,mBAGQ;AAE7B,MAAM,uBAAuB,GAAG,CACrC,OAAmB,EACnB,MAAc,EACd,WAAoB,EACpB,QAAW,EACX,KAAc,EACR,EAAE;IACR,MAAM,aAAa,GAAG,IAAA,uBAAe,EAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,SAAS,GAAG,KAAK;QACrB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE,KAAK,CAAC;QAC3C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAEvC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,2BAAkB,EAAE,CAAC;IACjC,CAAC;AACH,CAAC,CAAC;AAfW,QAAA,uBAAuB,2BAelC"}

package/src/application/strategies/{jwt/strategy.d.ts → jwt-strategy.d.ts}

@@ -1,10 +1,11 @@
 import { Role } from '@anarchitects/auth-ts/models';
 import { Strategy } from 'passport-jwt';
+import { AuthConfig } from '../../config';
 declare const JwtStrategy_base: new (...args: [opt: import("passport-jwt").StrategyOptionsWithRequest] | [opt: import("passport-jwt").StrategyOptionsWithoutRequest]) => Strategy & {
     validate(...args: any[]): unknown;
 };
 export declare class JwtStrategy extends JwtStrategy_base {
-    constructor();
+    constructor(authConfig: AuthConfig);
     validate(payload: {
         sub: string;
         roles: Role[];

package/src/application/strategies/{jwt/strategy.js → jwt-strategy.js}

@@ -5,12 +5,13 @@ const tslib_1 = require("tslib");
 const common_1 = require("@nestjs/common");
 const passport_1 = require("@nestjs/passport");
 const passport_jwt_1 = require("passport-jwt");
+const config_1 = require("../../config");
 let JwtStrategy = class JwtStrategy extends (0, passport_1.PassportStrategy)(passport_jwt_1.Strategy) {
-    constructor() {
+    constructor(authConfig) {
         super({
             jwtFromRequest: passport_jwt_1.ExtractJwt.fromAuthHeaderAsBearerToken(),
             ignoreExpiration: false,
-            secretOrKey: process.env['JWT_SECRET'] || 'defaultSecret',
+            secretOrKey: authConfig.jwtSecret,
         });
     }
     async validate(payload) {
@@ -20,6 +21,7 @@ let JwtStrategy = class JwtStrategy extends (0, passport_1.PassportStrategy)(pas
 exports.JwtStrategy = JwtStrategy;
 exports.JwtStrategy = JwtStrategy = tslib_1.__decorate([
     (0, common_1.Injectable)(),
-    tslib_1.__metadata("design:paramtypes", [])
+    tslib_1.__param(0, (0, config_1.InjectAuthConfig)()),
+    tslib_1.__metadata("design:paramtypes", [Object])
 ], JwtStrategy);
-//# sourceMappingURL=strategy.js.map
+//# sourceMappingURL=jwt-strategy.js.map

package/src/application/strategies/jwt-strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-strategy.js","sourceRoot":"","sources":["../../../../../../../libs/auth/nest/src/application/strategies/jwt-strategy.ts"],"names":[],"mappings":";;;;AACA,2CAA4C;AAC5C,+CAAoD;AACpD,+CAAoD;AACpD,yCAA4D;AAGrD,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,CAAC;IACzD,YAAgC,UAAsB;QACpD,KAAK,CAAC;YACJ,cAAc,EAAE,yBAAU,CAAC,2BAA2B,EAAE;YACxD,gBAAgB,EAAE,KAAK;YACvB,WAAW,EAAE,UAAU,CAAC,SAAS;SAClC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAuC;QACpD,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC;IACvD,CAAC;CACF,CAAA;AAZY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;IAEE,mBAAA,IAAA,yBAAgB,GAAE,CAAA;;GADpB,WAAW,CAYvB"}

package/src/auth.module.d.ts

@@ -1,14 +1,7 @@
 import { DynamicModule } from '@nestjs/common';
-import { AuthApplicationModule } from './application';
-import { AuthPersistenceModule } from './infrastructure-persistence';
-export type AuthModuleFeatures = {
-    mailer?: boolean;
-};
-export type AuthModuleOptions = {
-    application: Parameters<typeof AuthApplicationModule.forRoot>[0];
-    persistence: Parameters<typeof AuthPersistenceModule.forRoot>[0];
-    features?: AuthModuleFeatures;
-};
+import type { AuthModuleOptions } from './config';
+export type { AuthModuleFeatures, AuthModuleOptions } from './config';
 export declare class AuthModule {
-    static forRoot(options: AuthModuleOptions): DynamicModule;
+    static forRoot(options?: AuthModuleOptions): DynamicModule;
+    static forRootFromConfig(overrides?: AuthModuleOptions): DynamicModule;
 }

package/src/auth.module.js

@@ -5,35 +5,51 @@ exports.AuthModule = void 0;
 const tslib_1 = require("tslib");
 const common_1 = require("@nestjs/common");
 const config_1 = require("@nestjs/config");
-const application_1 = require("./application");
-const config_2 = require("./config");
 const infrastructure_mailer_1 = require("./infrastructure-mailer");
-const infrastructure_persistence_1 = require("./infrastructure-persistence");
 const presentation_1 = require("./presentation");
+const config_2 = require("./config");
 let AuthModule = AuthModule_1 = class AuthModule {
-    static forRoot(options) {
-        const mailerEnabled = options.features?.mailer ?? true;
-        const applicationModule = application_1.AuthApplicationModule.forRoot(options.application);
-        const persistenceModule = infrastructure_persistence_1.AuthPersistenceModule.forRoot(options.persistence);
-        const imports = [
-            config_1.ConfigModule.forFeature(config_2.authConfig),
-            applicationModule,
-            persistenceModule,
-            presentation_1.AuthPresentationModule,
-        ];
-        const exports = [
-            applicationModule,
-            persistenceModule,
-            presentation_1.AuthPresentationModule,
-        ];
-        if (mailerEnabled) {
-            imports.push(infrastructure_mailer_1.AuthMailerModule);
-            exports.push(infrastructure_mailer_1.AuthMailerModule);
-        }
+    static forRoot(options = {}) {
+        const presentationModule = presentation_1.AuthPresentationModule.forRoot(options.presentation);
+        const mailerModule = infrastructure_mailer_1.AuthMailerModule.forRoot(options.mailer);
         return {
             module: AuthModule_1,
-            imports,
-            exports,
+            imports: [presentationModule, mailerModule],
+            exports: [presentationModule, mailerModule],
+        };
+    }
+    static forRootFromConfig(overrides = {}) {
+        const configOptions = (0, config_2.mapAuthConfigToAuthModuleOptions)((0, config_2.authConfig)());
+        const moduleDefinition = this.forRoot({
+            ...configOptions,
+            ...overrides,
+            presentation: {
+                ...configOptions.presentation,
+                ...overrides.presentation,
+                application: {
+                    ...configOptions.presentation?.application,
+                    ...overrides.presentation?.application,
+                    encryption: {
+                        ...configOptions.presentation?.application?.encryption,
+                        ...overrides.presentation?.application?.encryption,
+                    },
+                    persistence: {
+                        ...configOptions.presentation?.application?.persistence,
+                        ...overrides.presentation?.application?.persistence,
+                    },
+                },
+            },
+            mailer: {
+                ...configOptions.mailer,
+                ...overrides.mailer,
+            },
+        });
+        return {
+            ...moduleDefinition,
+            imports: [
+                config_1.ConfigModule.forFeature(config_2.authConfig),
+                ...(moduleDefinition.imports ?? []),
+            ],
         };
     }
 };

package/src/auth.module.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.module.js","sourceRoot":"","sources":["../../../../../libs/auth/nest/src/auth.module.ts"],"names":[],"mappings":";;;;;AAAA,2CAAuD;AACvD,2CAA8C;AAC9C,+CAAsD;AACtD,qCAAsC;AACtC,mEAA2D;AAC3D,6EAAqE;AACrE,iDAAwD;AAajD,IAAM,UAAU,kBAAhB,MAAM,UAAU;IACrB,MAAM,CAAC,OAAO,CAAC,OAA0B;QACvC,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,EAAE,MAAM,IAAI,IAAI,CAAC;QACvD,MAAM,iBAAiB,GAAG,mCAAqB,CAAC,OAAO,CACrD,OAAO,CAAC,WAAW,CACpB,CAAC;QACF,MAAM,iBAAiB,GAAG,kDAAqB,CAAC,OAAO,CACrD,OAAO,CAAC,WAAW,CACpB,CAAC;QACF,MAAM,OAAO,GAAG;YACd,qBAAY,CAAC,UAAU,CAAC,mBAAU,CAAC;YACnC,iBAAiB;YACjB,iBAAiB;YACjB,qCAAsB;SACvB,CAAC;QACF,MAAM,OAAO,GAAG;YACd,iBAAiB;YACjB,iBAAiB;YACjB,qCAAsB;SACvB,CAAC;QAEF,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,wCAAgB,CAAC,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,wCAAgB,CAAC,CAAC;QACjC,CAAC;QAED,OAAO;YACL,MAAM,EAAE,YAAU;YAClB,OAAO;YACP,OAAO;SACR,CAAC;IACJ,CAAC;CACF,CAAA;AAhCY,gCAAU;qBAAV,UAAU;IADtB,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,UAAU,CAgCtB"}
+{"version":3,"file":"auth.module.js","sourceRoot":"","sources":["../../../../../libs/auth/nest/src/auth.module.ts"],"names":[],"mappings":";;;;;AAAA,2CAAuD;AACvD,2CAA8C;AAC9C,mEAA2D;AAC3D,iDAAwD;AACxD,qCAAwE;AAMjE,IAAM,UAAU,kBAAhB,MAAM,UAAU;IACrB,MAAM,CAAC,OAAO,CAAC,UAA6B,EAAE;QAC5C,MAAM,kBAAkB,GAAG,qCAAsB,CAAC,OAAO,CACvD,OAAO,CAAC,YAAY,CACrB,CAAC;QACF,MAAM,YAAY,GAAG,wCAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9D,OAAO;YACL,MAAM,EAAE,YAAU;YAClB,OAAO,EAAE,CAAC,kBAAkB,EAAE,YAAY,CAAC;YAC3C,OAAO,EAAE,CAAC,kBAAkB,EAAE,YAAY,CAAC;SAC5C,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,iBAAiB,CAAC,YAA+B,EAAE;QACxD,MAAM,aAAa,GAAG,IAAA,yCAAgC,EAAC,IAAA,mBAAU,GAAE,CAAC,CAAC;QACrE,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC;YACpC,GAAG,aAAa;YAChB,GAAG,SAAS;YACZ,YAAY,EAAE;gBACZ,GAAG,aAAa,CAAC,YAAY;gBAC7B,GAAG,SAAS,CAAC,YAAY;gBACzB,WAAW,EAAE;oBACX,GAAG,aAAa,CAAC,YAAY,EAAE,WAAW;oBAC1C,GAAG,SAAS,CAAC,YAAY,EAAE,WAAW;oBACtC,UAAU,EAAE;wBACV,GAAG,aAAa,CAAC,YAAY,EAAE,WAAW,EAAE,UAAU;wBACtD,GAAG,SAAS,CAAC,YAAY,EAAE,WAAW,EAAE,UAAU;qBACnD;oBACD,WAAW,EAAE;wBACX,GAAG,aAAa,CAAC,YAAY,EAAE,WAAW,EAAE,WAAW;wBACvD,GAAG,SAAS,CAAC,YAAY,EAAE,WAAW,EAAE,WAAW;qBACpD;iBACF;aACF;YACD,MAAM,EAAE;gBACN,GAAG,aAAa,CAAC,MAAM;gBACvB,GAAG,SAAS,CAAC,MAAM;aACpB;SACF,CAAC,CAAC;QAEH,OAAO;YACL,GAAG,gBAAgB;YACnB,OAAO,EAAE;gBACP,qBAAY,CAAC,UAAU,CAAC,mBAAU,CAAC;gBACnC,GAAG,CAAC,gBAAgB,CAAC,OAAO,IAAI,EAAE,CAAC;aACpC;SACF,CAAC;IACJ,CAAC;CACF,CAAA;AAhDY,gCAAU;qBAAV,UAAU;IADtB,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,UAAU,CAgDtB"}

package/src/config/auth.config.d.ts

@@ -1,4 +1,16 @@
 import { ConfigType } from '@nestjs/config';
+import type { CommonMailerProvider } from '@anarchitects/common-nest-mailer';
+export declare const DEFAULT_AUTH_JWT_SECRET = "default_jwt_secret";
+export declare const DEFAULT_AUTH_JWT_EXPIRATION = "3600s";
+export declare const DEFAULT_AUTH_JWT_AUDIENCE = "your_audience";
+export declare const DEFAULT_AUTH_JWT_ISSUER = "your_issuer";
+export declare const DEFAULT_AUTH_ENCRYPTION_ALGORITHM = "bcrypt";
+export declare const DEFAULT_AUTH_ENCRYPTION_KEY = "default_encryption_key";
+export declare const DEFAULT_AUTH_PERSISTENCE = "typeorm";
+export declare const DEFAULT_AUTH_MAILER_PROVIDER = "node";
+export declare const DEFAULT_AUTH_STRATEGIES: readonly ["jwt"];
+export declare const DEFAULT_AUTH_ENGINE = "legacy-jwt";
+export declare const DEFAULT_AUTH_SESSION_MODE = "jwt";
 export declare const authConfig: (() => {
     jwtSecret: string;
     jwtExpiration: string;
@@ -6,6 +18,32 @@ export declare const authConfig: (() => {
     jwtIssuer: string;
     encryptionAlgorithm: string;
     encryptionKey: string;
+    persistence: string;
+    mailerProvider: CommonMailerProvider;
+    authStrategies: string[];
+    engine: "legacy-jwt" | "better-auth";
+    sessionMode: "jwt" | "session";
+    features: {
+        passkeys: boolean;
+        social: boolean;
+        oidc: boolean;
+    };
+    spike: {
+        baseUrl: string;
+        secret: string;
+        proofHarnessEnabled: boolean;
+        socialProviders: {
+            github: {
+                clientId: string | undefined;
+                clientSecret: string | undefined;
+            };
+        };
+        passkeys: {
+            rpID: string;
+            rpName: string;
+            origin: string | undefined;
+        };
+    };
 }) & import("@nestjs/config").ConfigFactoryKeyHost<{
     jwtSecret: string;
     jwtExpiration: string;
@@ -13,6 +51,32 @@ export declare const authConfig: (() => {
     jwtIssuer: string;
     encryptionAlgorithm: string;
     encryptionKey: string;
+    persistence: string;
+    mailerProvider: CommonMailerProvider;
+    authStrategies: string[];
+    engine: "legacy-jwt" | "better-auth";
+    sessionMode: "jwt" | "session";
+    features: {
+        passkeys: boolean;
+        social: boolean;
+        oidc: boolean;
+    };
+    spike: {
+        baseUrl: string;
+        secret: string;
+        proofHarnessEnabled: boolean;
+        socialProviders: {
+            github: {
+                clientId: string | undefined;
+                clientSecret: string | undefined;
+            };
+        };
+        passkeys: {
+            rpID: string;
+            rpName: string;
+            origin: string | undefined;
+        };
+    };
 }>;
 export type AuthConfig = ConfigType<typeof authConfig>;
 export declare const InjectAuthConfig: () => PropertyDecorator & ParameterDecorator;

package/src/config/auth.config.js

@@ -1,16 +1,124 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InjectAuthConfig = exports.authConfig = void 0;
+exports.InjectAuthConfig = exports.authConfig = exports.DEFAULT_AUTH_SESSION_MODE = exports.DEFAULT_AUTH_ENGINE = exports.DEFAULT_AUTH_STRATEGIES = exports.DEFAULT_AUTH_MAILER_PROVIDER = exports.DEFAULT_AUTH_PERSISTENCE = exports.DEFAULT_AUTH_ENCRYPTION_KEY = exports.DEFAULT_AUTH_ENCRYPTION_ALGORITHM = exports.DEFAULT_AUTH_JWT_ISSUER = exports.DEFAULT_AUTH_JWT_AUDIENCE = exports.DEFAULT_AUTH_JWT_EXPIRATION = exports.DEFAULT_AUTH_JWT_SECRET = void 0;
 const common_1 = require("@nestjs/common");
 const config_1 = require("@nestjs/config");
 const AUTH_CONFIG_KEY = 'auth';
+exports.DEFAULT_AUTH_JWT_SECRET = 'default_jwt_secret';
+exports.DEFAULT_AUTH_JWT_EXPIRATION = '3600s';
+exports.DEFAULT_AUTH_JWT_AUDIENCE = 'your_audience';
+exports.DEFAULT_AUTH_JWT_ISSUER = 'your_issuer';
+exports.DEFAULT_AUTH_ENCRYPTION_ALGORITHM = 'bcrypt';
+exports.DEFAULT_AUTH_ENCRYPTION_KEY = 'default_encryption_key';
+exports.DEFAULT_AUTH_PERSISTENCE = 'typeorm';
+exports.DEFAULT_AUTH_MAILER_PROVIDER = 'node';
+exports.DEFAULT_AUTH_STRATEGIES = ['jwt'];
+exports.DEFAULT_AUTH_ENGINE = 'legacy-jwt';
+exports.DEFAULT_AUTH_SESSION_MODE = 'jwt';
+const parseBoolean = (value, fallback = false) => {
+    if (value === undefined) {
+        return fallback;
+    }
+    switch (value.trim().toLowerCase()) {
+        case '1':
+        case 'true':
+        case 'yes':
+        case 'on':
+            return true;
+        case '0':
+        case 'false':
+        case 'no':
+        case 'off':
+            return false;
+        default:
+            throw new Error(`Unsupported boolean value: ${value}`);
+    }
+};
+const parseMailerProvider = () => {
+    const value = process.env['AUTH_MAILER_PROVIDER'];
+    if (value === undefined) {
+        return exports.DEFAULT_AUTH_MAILER_PROVIDER;
+    }
+    switch (value) {
+        case 'node':
+        case 'noop':
+            return value;
+        default:
+            throw new Error(`Unsupported mailer provider: ${value}`);
+    }
+};
+const parseAuthStrategies = () => {
+    const raw = process.env['AUTH_STRATEGIES'];
+    if (!raw) {
+        return [...exports.DEFAULT_AUTH_STRATEGIES];
+    }
+    const parsed = raw
+        .split(',')
+        .map((strategy) => strategy.trim())
+        .filter((strategy) => strategy.length > 0);
+    return parsed.length > 0 ? parsed : [...exports.DEFAULT_AUTH_STRATEGIES];
+};
+const parseAuthEngine = () => {
+    const value = process.env['AUTH_ENGINE'];
+    if (value === undefined) {
+        return exports.DEFAULT_AUTH_ENGINE;
+    }
+    switch (value) {
+        case 'legacy-jwt':
+        case 'better-auth':
+            return value;
+        default:
+            throw new Error(`Unsupported auth engine: ${value}`);
+    }
+};
+const parseSessionMode = () => {
+    const value = process.env['AUTH_SESSION_MODE'];
+    if (value === undefined) {
+        return exports.DEFAULT_AUTH_SESSION_MODE;
+    }
+    switch (value) {
+        case 'jwt':
+        case 'session':
+            return value;
+        default:
+            throw new Error(`Unsupported auth session mode: ${value}`);
+    }
+};
 exports.authConfig = (0, config_1.registerAs)(AUTH_CONFIG_KEY, () => ({
-    jwtSecret: process.env['AUTH_JWT_SECRET'] || 'default_jwt_secret',
-    jwtExpiration: process.env['AUTH_JWT_EXPIRATION'] || '3600s',
-    jwtAudience: process.env['AUTH_JWT_AUDIENCE'] || 'your_audience',
-    jwtIssuer: process.env['AUTH_JWT_ISSUER'] || 'your_issuer',
-    encryptionAlgorithm: process.env['AUTH_ENCRYPTION_ALGORITHM'] || 'bcrypt',
-    encryptionKey: process.env['AUTH_ENCRYPTION_KEY'] || 'default_encryption_key',
+    jwtSecret: process.env['AUTH_JWT_SECRET'] ?? exports.DEFAULT_AUTH_JWT_SECRET,
+    jwtExpiration: process.env['AUTH_JWT_EXPIRATION'] ?? exports.DEFAULT_AUTH_JWT_EXPIRATION,
+    jwtAudience: process.env['AUTH_JWT_AUDIENCE'] ?? exports.DEFAULT_AUTH_JWT_AUDIENCE,
+    jwtIssuer: process.env['AUTH_JWT_ISSUER'] ?? exports.DEFAULT_AUTH_JWT_ISSUER,
+    encryptionAlgorithm: process.env['AUTH_ENCRYPTION_ALGORITHM'] ??
+        exports.DEFAULT_AUTH_ENCRYPTION_ALGORITHM,
+    encryptionKey: process.env['AUTH_ENCRYPTION_KEY'] ?? exports.DEFAULT_AUTH_ENCRYPTION_KEY,
+    persistence: process.env['AUTH_PERSISTENCE'] ?? exports.DEFAULT_AUTH_PERSISTENCE,
+    mailerProvider: parseMailerProvider(),
+    authStrategies: parseAuthStrategies(),
+    engine: parseAuthEngine(),
+    sessionMode: parseSessionMode(),
+    features: {
+        passkeys: parseBoolean(process.env['AUTH_FEATURE_PASSKEYS']),
+        social: parseBoolean(process.env['AUTH_FEATURE_SOCIAL']),
+        oidc: parseBoolean(process.env['AUTH_FEATURE_OIDC']),
+    },
+    spike: {
+        baseUrl: process.env['AUTH_SPIKE_BASE_URL'] ?? 'http://localhost:3000/api/auth',
+        secret: process.env['AUTH_SPIKE_SECRET'] ??
+            'better-auth-spike-secret-32-chars-minimum',
+        proofHarnessEnabled: parseBoolean(process.env['AUTH_SPIKE_PROOF_HARNESS']),
+        socialProviders: {
+            github: {
+                clientId: process.env['AUTH_SOCIAL_GITHUB_CLIENT_ID'],
+                clientSecret: process.env['AUTH_SOCIAL_GITHUB_CLIENT_SECRET'],
+            },
+        },
+        passkeys: {
+            rpID: process.env['AUTH_PASSKEY_RP_ID'] ?? 'localhost',
+            rpName: process.env['AUTH_PASSKEY_RP_NAME'] ?? 'Anarchitecture Auth Spike',
+            origin: process.env['AUTH_PASSKEY_ORIGIN'],
+        },
+    },
 }));
 const InjectAuthConfig = () => (0, common_1.Inject)(exports.authConfig.KEY);
 exports.InjectAuthConfig = InjectAuthConfig;

package/src/config/auth.config.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.config.js","sourceRoot":"","sources":["../../../../../../libs/auth/nest/src/config/auth.config.ts"],"names":[],"mappings":";;;AAAA,2CAAwC;AACxC,2CAAwD;AAExD,MAAM,eAAe,GAAG,MAAM,CAAC;AAElB,QAAA,UAAU,GAAG,IAAA,mBAAU,EAAC,eAAe,EAAE,GAAG,EAAE,CAAC,CAAC;IAC3D,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,oBAAoB;IACjE,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,OAAO;IAC5D,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,eAAe;IAChE,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,aAAa;IAC1D,mBAAmB,EAAE,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,IAAI,QAAQ;IACzE,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,wBAAwB;CAC9E,CAAC,CAAC,CAAC;AAIG,MAAM,gBAAgB,GAAG,GAAG,EAAE,CAAC,IAAA,eAAM,EAAC,kBAAU,CAAC,GAAG,CAAC,CAAC;AAAhD,QAAA,gBAAgB,oBAAgC"}
+{"version":3,"file":"auth.config.js","sourceRoot":"","sources":["../../../../../../libs/auth/nest/src/config/auth.config.ts"],"names":[],"mappings":";;;AAAA,2CAAwC;AACxC,2CAAwD;AAGxD,MAAM,eAAe,GAAG,MAAM,CAAC;AAClB,QAAA,uBAAuB,GAAG,oBAAoB,CAAC;AAC/C,QAAA,2BAA2B,GAAG,OAAO,CAAC;AACtC,QAAA,yBAAyB,GAAG,eAAe,CAAC;AAC5C,QAAA,uBAAuB,GAAG,aAAa,CAAC;AACxC,QAAA,iCAAiC,GAAG,QAAQ,CAAC;AAC7C,QAAA,2BAA2B,GAAG,wBAAwB,CAAC;AACvD,QAAA,wBAAwB,GAAG,SAAS,CAAC;AACrC,QAAA,4BAA4B,GAAG,MAAM,CAAC;AACtC,QAAA,uBAAuB,GAAG,CAAC,KAAK,CAAU,CAAC;AAC3C,QAAA,mBAAmB,GAAG,YAAY,CAAC;AACnC,QAAA,yBAAyB,GAAG,KAAK,CAAC;AAE/C,MAAM,YAAY,GAAG,CAAC,KAAyB,EAAE,QAAQ,GAAG,KAAK,EAAW,EAAE;IAC5E,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;QACnC,KAAK,GAAG,CAAC;QACT,KAAK,MAAM,CAAC;QACZ,KAAK,KAAK,CAAC;QACX,KAAK,IAAI;YACP,OAAO,IAAI,CAAC;QACd,KAAK,GAAG,CAAC;QACT,KAAK,OAAO,CAAC;QACb,KAAK,IAAI,CAAC;QACV,KAAK,KAAK;YACR,OAAO,KAAK,CAAC;QACf;YACE,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,GAAyB,EAAE;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAClD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,oCAA4B,CAAC;IACtC,CAAC;IAED,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,MAAM;YACT,OAAO,KAAK,CAAC;QACf;YACE,MAAM,IAAI,KAAK,CAAC,gCAAgC,KAAK,EAAE,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,GAAa,EAAE;IACzC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAC3C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,CAAC,GAAG,+BAAuB,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,MAAM,GAAG,GAAG;SACf,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;SAClC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE7C,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,+BAAuB,CAAC,CAAC;AACnE,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,GAAiC,EAAE;IACzD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACzC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,2BAAmB,CAAC;IAC7B,CAAC;IAED,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,YAAY,CAAC;QAClB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf;YACE,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,GAAsB,EAAE;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAC/C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,iCAAyB,CAAC;IACnC,CAAC;IAED,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,KAAK,CAAC;QACX,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC;QACf;YACE,MAAM,IAAI,KAAK,CAAC,kCAAkC,KAAK,EAAE,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC,CAAC;AAEW,QAAA,UAAU,GAAG,IAAA,mBAAU,EAAC,eAAe,EAAE,GAAG,EAAE,CAAC,CAAC;IAC3D,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,+BAAuB;IACpE,aAAa,EACX,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,mCAA2B;IACnE,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,iCAAyB;IAC1E,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,+BAAuB;IACpE,mBAAmB,EACjB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;QACxC,yCAAiC;IACnC,aAAa,EACX,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,mCAA2B;IACnE,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,gCAAwB;IACxE,cAAc,EAAE,mBAAmB,EAAE;IACrC,cAAc,EAAE,mBAAmB,EAAE;IACrC,MAAM,EAAE,eAAe,EAAE;IACzB,WAAW,EAAE,gBAAgB,EAAE;IAC/B,QAAQ,EAAE;QACR,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;QAC5D,MAAM,EAAE,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACxD,IAAI,EAAE,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;KACrD;IACD,KAAK,EAAE;QACL,OAAO,EACL,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,gCAAgC;QACxE,MAAM,EACJ,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;YAChC,2CAA2C;QAC7C,mBAAmB,EAAE,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QAC1E,eAAe,EAAE;YACf,MAAM,EAAE;gBACN,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC;gBACrD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC;aAC9D;SACF;QACD,QAAQ,EAAE;YACR,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,WAAW;YACtD,MAAM,EACJ,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,2BAA2B;YACpE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;SAC3C;KACF;CACF,CAAC,CAAC,CAAC;AAIG,MAAM,gBAAgB,GAAG,GAAG,EAAE,CAAC,IAAA,eAAM,EAAC,kBAAU,CAAC,GAAG,CAAC,CAAC;AAAhD,QAAA,gBAAgB,oBAAgC"}

package/src/config/index.d.ts

@@ -1 +1,2 @@
 export * from './auth.config';
+export * from './module-options';

package/src/config/index.js

@@ -2,4 +2,5 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const tslib_1 = require("tslib");
 tslib_1.__exportStar(require("./auth.config"), exports);
+tslib_1.__exportStar(require("./module-options"), exports);
 //# sourceMappingURL=index.js.map

package/src/config/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../libs/auth/nest/src/config/index.ts"],"names":[],"mappings":";;;AAAA,wDAA8B"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../libs/auth/nest/src/config/index.ts"],"names":[],"mappings":";;;AAAA,wDAA8B;AAC9B,2DAAiC"}

package/src/config/module-options.d.ts

@@ -0,0 +1,108 @@
+import type { CommonMailerProvider } from '@anarchitects/common-nest-mailer';
+import type { AuthConfig } from './auth.config';
+import type { ResourceAuthorizationOptions } from '../application/resource-authorization.types';
+export type AuthEngine = 'legacy-jwt' | 'better-auth';
+export type AuthSessionMode = 'jwt' | 'session';
+export type AuthSpikeSocialProviderConfig = {
+    clientId?: string;
+    clientSecret?: string;
+};
+export type AuthSpikeOptions = {
+    baseUrl?: string;
+    secret?: string;
+    proofHarnessEnabled?: boolean;
+    socialProviders?: {
+        github?: AuthSpikeSocialProviderConfig;
+    };
+    passkeys?: {
+        rpID?: string;
+        rpName?: string;
+        origin?: string;
+    };
+};
+export type ResolvedAuthSpikeOptions = {
+    baseUrl: string;
+    secret: string;
+    proofHarnessEnabled: boolean;
+    socialProviders: {
+        github?: AuthSpikeSocialProviderConfig;
+    };
+    passkeys: {
+        rpID: string;
+        rpName: string;
+        origin?: string;
+    };
+};
+export type AuthPersistenceModuleOptions = {
+    persistence?: string;
+};
+export type ResolvedAuthPersistenceModuleOptions = {
+    persistence: string;
+};
+export type AuthMailerModuleOptions = {
+    provider?: CommonMailerProvider;
+};
+export type ResolvedAuthMailerModuleOptions = {
+    provider: CommonMailerProvider;
+};
+export type AuthApplicationModuleOptions = {
+    authStrategies?: string[];
+    engine?: AuthEngine;
+    sessionMode?: AuthSessionMode;
+    features?: {
+        passkeys?: boolean;
+        social?: boolean;
+        oidc?: boolean;
+    };
+    spike?: AuthSpikeOptions;
+    encryption?: {
+        algorithm?: 'bcrypt' | 'argon2';
+        key?: string;
+    };
+    persistence?: AuthPersistenceModuleOptions;
+    resourceAuthorization?: ResourceAuthorizationOptions;
+};
+export type ResolvedAuthApplicationModuleOptions = {
+    authStrategies: string[];
+    engine: AuthEngine;
+    sessionMode: AuthSessionMode;
+    features: {
+        passkeys: boolean;
+        social: boolean;
+        oidc: boolean;
+    };
+    spike: ResolvedAuthSpikeOptions;
+    encryption: {
+        algorithm: 'bcrypt' | 'argon2';
+        key: string;
+    };
+    persistence: ResolvedAuthPersistenceModuleOptions;
+    resourceAuthorization: Required<ResourceAuthorizationOptions>;
+};
+export type AuthPresentationModuleOptions = {
+    application?: AuthApplicationModuleOptions;
+};
+export type ResolvedAuthPresentationModuleOptions = {
+    application: ResolvedAuthApplicationModuleOptions;
+};
+export type AuthModuleFeatures = {
+    provider?: CommonMailerProvider;
+};
+export type AuthModuleOptions = {
+    presentation?: AuthPresentationModuleOptions;
+    mailer?: AuthMailerModuleOptions;
+};
+export type ResolvedAuthModuleOptions = {
+    presentation: ResolvedAuthPresentationModuleOptions;
+    mailer: ResolvedAuthMailerModuleOptions;
+};
+export declare const resolveAuthPersistenceModuleOptions: (options?: AuthPersistenceModuleOptions) => ResolvedAuthPersistenceModuleOptions;
+export declare const resolveAuthMailerModuleOptions: (options?: AuthMailerModuleOptions) => ResolvedAuthMailerModuleOptions;
+export declare const resolveAuthApplicationModuleOptions: (options?: AuthApplicationModuleOptions) => ResolvedAuthApplicationModuleOptions;
+export declare const resolveAuthPresentationModuleOptions: (options?: AuthPresentationModuleOptions) => ResolvedAuthPresentationModuleOptions;
+export declare const resolveAuthModuleOptions: (options?: AuthModuleOptions) => ResolvedAuthModuleOptions;
+export declare const mapAuthConfigToPersistenceModuleOptions: (config: AuthConfig) => AuthPersistenceModuleOptions;
+export declare const mapAuthConfigToMailerModuleOptions: (config: AuthConfig) => AuthMailerModuleOptions;
+export declare const mapAuthConfigToApplicationModuleOptions: (config: AuthConfig) => AuthApplicationModuleOptions;
+export declare const mapAuthConfigToPresentationModuleOptions: (config: AuthConfig) => AuthPresentationModuleOptions;
+export declare const mapAuthConfigToAuthModuleOptions: (config: AuthConfig) => AuthModuleOptions;

package/src/config/module-options.js

@@ -0,0 +1,111 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.mapAuthConfigToAuthModuleOptions = exports.mapAuthConfigToPresentationModuleOptions = exports.mapAuthConfigToApplicationModuleOptions = exports.mapAuthConfigToMailerModuleOptions = exports.mapAuthConfigToPersistenceModuleOptions = exports.resolveAuthModuleOptions = exports.resolveAuthPresentationModuleOptions = exports.resolveAuthApplicationModuleOptions = exports.resolveAuthMailerModuleOptions = exports.resolveAuthPersistenceModuleOptions = void 0;
+const auth_config_1 = require("./auth.config");
+const resolveAuthPersistenceModuleOptions = (options = {}) => ({
+    persistence: options.persistence ?? auth_config_1.DEFAULT_AUTH_PERSISTENCE,
+});
+exports.resolveAuthPersistenceModuleOptions = resolveAuthPersistenceModuleOptions;
+const resolveAuthMailerModuleOptions = (options = {}) => ({
+    provider: options.provider ?? auth_config_1.DEFAULT_AUTH_MAILER_PROVIDER,
+});
+exports.resolveAuthMailerModuleOptions = resolveAuthMailerModuleOptions;
+const resolveAuthApplicationModuleOptions = (options = {}) => ({
+    authStrategies: options.authStrategies ?? [...auth_config_1.DEFAULT_AUTH_STRATEGIES],
+    engine: options.engine ?? 'legacy-jwt',
+    sessionMode: options.sessionMode ?? 'jwt',
+    features: {
+        passkeys: options.features?.passkeys ?? false,
+        social: options.features?.social ?? false,
+        oidc: options.features?.oidc ?? false,
+    },
+    spike: {
+        baseUrl: options.spike?.baseUrl ?? 'http://localhost:3000/api/auth',
+        secret: options.spike?.secret ?? 'better-auth-spike-secret-32-chars-minimum',
+        proofHarnessEnabled: options.spike?.proofHarnessEnabled ?? false,
+        socialProviders: {
+            github: options.spike?.socialProviders?.github
+                ? {
+                    clientId: options.spike.socialProviders.github.clientId,
+                    clientSecret: options.spike.socialProviders.github.clientSecret,
+                }
+                : undefined,
+        },
+        passkeys: {
+            rpID: options.spike?.passkeys?.rpID ?? 'localhost',
+            rpName: options.spike?.passkeys?.rpName ?? 'Anarchitecture Auth Spike',
+            origin: options.spike?.passkeys?.origin,
+        },
+    },
+    encryption: {
+        algorithm: options.encryption?.algorithm ??
+            auth_config_1.DEFAULT_AUTH_ENCRYPTION_ALGORITHM,
+        key: options.encryption?.key ?? auth_config_1.DEFAULT_AUTH_ENCRYPTION_KEY,
+    },
+    persistence: (0, exports.resolveAuthPersistenceModuleOptions)(options.persistence),
+    resourceAuthorization: {
+        loaders: { ...(options.resourceAuthorization?.loaders ?? {}) },
+    },
+});
+exports.resolveAuthApplicationModuleOptions = resolveAuthApplicationModuleOptions;
+const resolveAuthPresentationModuleOptions = (options = {}) => ({
+    application: (0, exports.resolveAuthApplicationModuleOptions)(options.application),
+});
+exports.resolveAuthPresentationModuleOptions = resolveAuthPresentationModuleOptions;
+const resolveAuthModuleOptions = (options = {}) => ({
+    presentation: (0, exports.resolveAuthPresentationModuleOptions)(options.presentation),
+    mailer: (0, exports.resolveAuthMailerModuleOptions)(options.mailer),
+});
+exports.resolveAuthModuleOptions = resolveAuthModuleOptions;
+const mapAuthConfigToPersistenceModuleOptions = (config) => ({
+    persistence: config.persistence ?? auth_config_1.DEFAULT_AUTH_PERSISTENCE,
+});
+exports.mapAuthConfigToPersistenceModuleOptions = mapAuthConfigToPersistenceModuleOptions;
+const mapAuthConfigToMailerModuleOptions = (config) => ({
+    provider: config.mailerProvider ?? auth_config_1.DEFAULT_AUTH_MAILER_PROVIDER,
+});
+exports.mapAuthConfigToMailerModuleOptions = mapAuthConfigToMailerModuleOptions;
+const mapAuthConfigToApplicationModuleOptions = (config) => ({
+    authStrategies: config.authStrategies ?? [...auth_config_1.DEFAULT_AUTH_STRATEGIES],
+    engine: config.engine ?? 'legacy-jwt',
+    sessionMode: config.sessionMode ?? 'jwt',
+    features: {
+        passkeys: config.features?.passkeys ?? false,
+        social: config.features?.social ?? false,
+        oidc: config.features?.oidc ?? false,
+    },
+    spike: {
+        baseUrl: config.spike?.baseUrl ?? 'http://localhost:3000/api/auth',
+        secret: config.spike?.secret ?? 'better-auth-spike-secret-32-chars-minimum',
+        proofHarnessEnabled: config.spike?.proofHarnessEnabled ?? false,
+        socialProviders: {
+            github: config.spike?.socialProviders?.github
+                ? {
+                    clientId: config.spike.socialProviders.github.clientId,
+                    clientSecret: config.spike.socialProviders.github.clientSecret,
+                }
+                : undefined,
+        },
+        passkeys: {
+            rpID: config.spike?.passkeys?.rpID ?? 'localhost',
+            rpName: config.spike?.passkeys?.rpName ?? 'Anarchitecture Auth Spike',
+            origin: config.spike?.passkeys?.origin,
+        },
+    },
+    encryption: {
+        algorithm: config.encryptionAlgorithm,
+        key: config.encryptionKey ?? auth_config_1.DEFAULT_AUTH_ENCRYPTION_KEY,
+    },
+    persistence: (0, exports.mapAuthConfigToPersistenceModuleOptions)(config),
+});
+exports.mapAuthConfigToApplicationModuleOptions = mapAuthConfigToApplicationModuleOptions;
+const mapAuthConfigToPresentationModuleOptions = (config) => ({
+    application: (0, exports.mapAuthConfigToApplicationModuleOptions)(config),
+});
+exports.mapAuthConfigToPresentationModuleOptions = mapAuthConfigToPresentationModuleOptions;
+const mapAuthConfigToAuthModuleOptions = (config) => ({
+    presentation: (0, exports.mapAuthConfigToPresentationModuleOptions)(config),
+    mailer: (0, exports.mapAuthConfigToMailerModuleOptions)(config),
+});
+exports.mapAuthConfigToAuthModuleOptions = mapAuthConfigToAuthModuleOptions;
+//# sourceMappingURL=module-options.js.map

package/src/config/module-options.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"module-options.js","sourceRoot":"","sources":["../../../../../../libs/auth/nest/src/config/module-options.ts"],"names":[],"mappings":";;;AAAA,+CAMuB;AAmHhB,MAAM,mCAAmC,GAAG,CACjD,UAAwC,EAAE,EACJ,EAAE,CAAC,CAAC;IAC1C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,sCAAwB;CAC7D,CAAC,CAAC;AAJU,QAAA,mCAAmC,uCAI7C;AAEI,MAAM,8BAA8B,GAAG,CAC5C,UAAmC,EAAE,EACJ,EAAE,CAAC,CAAC;IACrC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,0CAA4B;CAC3D,CAAC,CAAC;AAJU,QAAA,8BAA8B,kCAIxC;AAEI,MAAM,mCAAmC,GAAG,CACjD,UAAwC,EAAE,EACJ,EAAE,CAAC,CAAC;IAC1C,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,CAAC,GAAG,qCAAuB,CAAC;IACtE,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,YAAY;IACtC,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,KAAK;IACzC,QAAQ,EAAE;QACR,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,QAAQ,IAAI,KAAK;QAC7C,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,MAAM,IAAI,KAAK;QACzC,IAAI,EAAE,OAAO,CAAC,QAAQ,EAAE,IAAI,IAAI,KAAK;KACtC;IACD,KAAK,EAAE;QACL,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,IAAI,gCAAgC;QACnE,MAAM,EACJ,OAAO,CAAC,KAAK,EAAE,MAAM,IAAI,2CAA2C;QACtE,mBAAmB,EAAE,OAAO,CAAC,KAAK,EAAE,mBAAmB,IAAI,KAAK;QAChE,eAAe,EAAE;YACf,MAAM,EAAE,OAAO,CAAC,KAAK,EAAE,eAAe,EAAE,MAAM;gBAC5C,CAAC,CAAC;oBACE,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,QAAQ;oBACvD,YAAY,EAAE,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,YAAY;iBAChE;gBACH,CAAC,CAAC,SAAS;SACd;QACD,QAAQ,EAAE;YACR,IAAI,EAAE,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,IAAI,IAAI,WAAW;YAClD,MAAM,EAAE,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,IAAI,2BAA2B;YACtE,MAAM,EAAE,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM;SACxC;KACF;IACD,UAAU,EAAE;QACV,SAAS,EACP,OAAO,CAAC,UAAU,EAAE,SAAS;YAC5B,+CAAyD;QAC5D,GAAG,EAAE,OAAO,CAAC,UAAU,EAAE,GAAG,IAAI,yCAA2B;KAC5D;IACD,WAAW,EAAE,IAAA,2CAAmC,EAAC,OAAO,CAAC,WAAW,CAAC;IACrE,qBAAqB,EAAE;QACrB,OAAO,EAAE,EAAE,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,OAAO,IAAI,EAAE,CAAC,EAAE;KAC/D;CACF,CAAC,CAAC;AAxCU,QAAA,mCAAmC,uCAwC7C;AAEI,MAAM,oCAAoC,GAAG,CAClD,UAAyC,EAAE,EACJ,EAAE,CAAC,CAAC;IAC3C,WAAW,EAAE,IAAA,2CAAmC,EAAC,OAAO,CAAC,WAAW,CAAC;CACtE,CAAC,CAAC;AAJU,QAAA,oCAAoC,wCAI9C;AAEI,MAAM,wBAAwB,GAAG,CACtC,UAA6B,EAAE,EACJ,EAAE,CAAC,CAAC;IAC/B,YAAY,EAAE,IAAA,4CAAoC,EAAC,OAAO,CAAC,YAAY,CAAC;IACxE,MAAM,EAAE,IAAA,sCAA8B,EAAC,OAAO,CAAC,MAAM,CAAC;CACvD,CAAC,CAAC;AALU,QAAA,wBAAwB,4BAKlC;AAEI,MAAM,uCAAuC,GAAG,CACrD,MAAkB,EACY,EAAE,CAAC,CAAC;IAClC,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,sCAAwB;CAC5D,CAAC,CAAC;AAJU,QAAA,uCAAuC,2CAIjD;AAEI,MAAM,kCAAkC,GAAG,CAChD,MAAkB,EACO,EAAE,CAAC,CAAC;IAC7B,QAAQ,EAAE,MAAM,CAAC,cAAc,IAAI,0CAA4B;CAChE,CAAC,CAAC;AAJU,QAAA,kCAAkC,sCAI5C;AAEI,MAAM,uCAAuC,GAAG,CACrD,MAAkB,EACY,EAAE,CAAC,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,CAAC,GAAG,qCAAuB,CAAC;IACrE,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,YAAY;IACrC,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,KAAK;IACxC,QAAQ,EAAE;QACR,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,QAAQ,IAAI,KAAK;QAC5C,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,KAAK;QACxC,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,IAAI,KAAK;KACrC;IACD,KAAK,EAAE;QACL,OAAO,EAAE,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,gCAAgC;QAClE,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,IAAI,2CAA2C;QAC3E,mBAAmB,EAAE,MAAM,CAAC,KAAK,EAAE,mBAAmB,IAAI,KAAK;QAC/D,eAAe,EAAE;YACf,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,eAAe,EAAE,MAAM;gBAC3C,CAAC,CAAC;oBACE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,QAAQ;oBACtD,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,YAAY;iBAC/D;gBACH,CAAC,CAAC,SAAS;SACd;QACD,QAAQ,EAAE;YACR,IAAI,EAAE,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,IAAI,IAAI,WAAW;YACjD,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,IAAI,2BAA2B;YACrE,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM;SACvC;KACF;IACD,UAAU,EAAE;QACV,SAAS,EAAE,MAAM,CAAC,mBAA0C;QAC5D,GAAG,EAAE,MAAM,CAAC,aAAa,IAAI,yCAA2B;KACzD;IACD,WAAW,EAAE,IAAA,+CAAuC,EAAC,MAAM,CAAC;CAC7D,CAAC,CAAC;AAlCU,QAAA,uCAAuC,2CAkCjD;AAEI,MAAM,wCAAwC,GAAG,CACtD,MAAkB,EACa,EAAE,CAAC,CAAC;IACnC,WAAW,EAAE,IAAA,+CAAuC,EAAC,MAAM,CAAC;CAC7D,CAAC,CAAC;AAJU,QAAA,wCAAwC,4CAIlD;AAEI,MAAM,gCAAgC,GAAG,CAC9C,MAAkB,EACC,EAAE,CAAC,CAAC;IACvB,YAAY,EAAE,IAAA,gDAAwC,EAAC,MAAM,CAAC;IAC9D,MAAM,EAAE,IAAA,0CAAkC,EAAC,MAAM,CAAC;CACnD,CAAC,CAAC;AALU,QAAA,gCAAgC,oCAK1C"}