@aranzatech/aranza-auth 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -2
- package/README.md +16 -8
- package/dist/{chunk-DKYNHXY2.js → chunk-JLRBMDLH.js} +5 -5
- package/dist/chunk-JLRBMDLH.js.map +1 -0
- package/dist/index.cjs +127 -118
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +5 -3
- package/dist/index.d.ts +5 -3
- package/dist/index.js +127 -118
- package/dist/index.js.map +1 -1
- package/dist/mongo/index.cjs +10 -10
- package/dist/mongo/index.cjs.map +1 -1
- package/dist/mongo/index.js +9 -9
- package/dist/mongo/index.js.map +1 -1
- package/package.json +4 -4
- package/dist/chunk-DKYNHXY2.js.map +0 -1
package/dist/index.d.cts
CHANGED
|
@@ -9,9 +9,10 @@ declare class AuthModule {
|
|
|
9
9
|
static forRootAsync(options: AuthModuleAsyncOptions): DynamicModule;
|
|
10
10
|
}
|
|
11
11
|
|
|
12
|
-
|
|
13
|
-
declare const
|
|
14
|
-
declare const
|
|
12
|
+
/** String tokens — stable across tsup entry points (index + mongo). */
|
|
13
|
+
declare const AUTH_MODULE_OPTIONS = "AUTH_MODULE_OPTIONS";
|
|
14
|
+
declare const AUTH_HOOKS = "AUTH_HOOKS";
|
|
15
|
+
declare const AUTH_REPOSITORY = "AUTH_REPOSITORY";
|
|
15
16
|
|
|
16
17
|
declare const CurrentUser: (...dataOrPipes: unknown[]) => ParameterDecorator;
|
|
17
18
|
|
|
@@ -55,6 +56,7 @@ declare class VerifyEmailDto {
|
|
|
55
56
|
|
|
56
57
|
declare const JwtAuthGuard_base: _nestjs_passport.Type<_nestjs_passport.IAuthGuard>;
|
|
57
58
|
declare class JwtAuthGuard extends JwtAuthGuard_base {
|
|
59
|
+
handleRequest<TUser>(err: Error | null, user: TUser, _info: unknown): TUser;
|
|
58
60
|
}
|
|
59
61
|
|
|
60
62
|
declare class DefaultAuthHooks implements AuthHooks {
|
package/dist/index.d.ts
CHANGED
|
@@ -9,9 +9,10 @@ declare class AuthModule {
|
|
|
9
9
|
static forRootAsync(options: AuthModuleAsyncOptions): DynamicModule;
|
|
10
10
|
}
|
|
11
11
|
|
|
12
|
-
|
|
13
|
-
declare const
|
|
14
|
-
declare const
|
|
12
|
+
/** String tokens — stable across tsup entry points (index + mongo). */
|
|
13
|
+
declare const AUTH_MODULE_OPTIONS = "AUTH_MODULE_OPTIONS";
|
|
14
|
+
declare const AUTH_HOOKS = "AUTH_HOOKS";
|
|
15
|
+
declare const AUTH_REPOSITORY = "AUTH_REPOSITORY";
|
|
15
16
|
|
|
16
17
|
declare const CurrentUser: (...dataOrPipes: unknown[]) => ParameterDecorator;
|
|
17
18
|
|
|
@@ -55,6 +56,7 @@ declare class VerifyEmailDto {
|
|
|
55
56
|
|
|
56
57
|
declare const JwtAuthGuard_base: _nestjs_passport.Type<_nestjs_passport.IAuthGuard>;
|
|
57
58
|
declare class JwtAuthGuard extends JwtAuthGuard_base {
|
|
59
|
+
handleRequest<TUser>(err: Error | null, user: TUser, _info: unknown): TUser;
|
|
58
60
|
}
|
|
59
61
|
|
|
60
62
|
declare class DefaultAuthHooks implements AuthHooks {
|
package/dist/index.js
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { __decorateClass, __decorateParam,
|
|
2
|
-
export { AUTH_HOOKS, AUTH_MODULE_OPTIONS, AUTH_REPOSITORY } from './chunk-
|
|
3
|
-
import { createParamDecorator, Injectable, Post, Body, HttpCode, HttpStatus, UseGuards, Get, Controller,
|
|
4
|
-
import { JwtModule } from '@nestjs/jwt';
|
|
1
|
+
import { __decorateClass, __decorateParam, AUTH_MODULE_OPTIONS, AUTH_REPOSITORY, AUTH_HOOKS, normalizeIdentifier, resolveRegisterIdentifier, readAccountIdentifier } from './chunk-JLRBMDLH.js';
|
|
2
|
+
export { AUTH_HOOKS, AUTH_MODULE_OPTIONS, AUTH_REPOSITORY } from './chunk-JLRBMDLH.js';
|
|
3
|
+
import { createParamDecorator, UnauthorizedException, Injectable, Inject, Post, Body, HttpCode, HttpStatus, UseGuards, Get, Controller, Module, BadRequestException, NotFoundException } from '@nestjs/common';
|
|
4
|
+
import { JwtService, JwtModule } from '@nestjs/jwt';
|
|
5
5
|
import { AuthGuard, PassportStrategy, PassportModule } from '@nestjs/passport';
|
|
6
|
-
import * as
|
|
6
|
+
import * as bcrypt2 from 'bcryptjs';
|
|
7
7
|
import { createHash, randomBytes } from 'crypto';
|
|
8
8
|
import { Strategy, ExtractJwt } from 'passport-jwt';
|
|
9
9
|
import { IsEmail, IsOptional, IsString, Length, IsNotEmpty, Matches } from 'class-validator';
|
|
@@ -15,83 +15,16 @@ var CurrentUser = createParamDecorator(
|
|
|
15
15
|
}
|
|
16
16
|
);
|
|
17
17
|
var JwtAuthGuard = class extends AuthGuard("jwt") {
|
|
18
|
+
handleRequest(err, user, _info) {
|
|
19
|
+
if (err != null || user == null) {
|
|
20
|
+
throw err ?? new UnauthorizedException();
|
|
21
|
+
}
|
|
22
|
+
return user;
|
|
23
|
+
}
|
|
18
24
|
};
|
|
19
25
|
JwtAuthGuard = __decorateClass([
|
|
20
26
|
Injectable()
|
|
21
27
|
], JwtAuthGuard);
|
|
22
|
-
|
|
23
|
-
// src/controllers/auth.controller.ts
|
|
24
|
-
var AuthController = class {
|
|
25
|
-
constructor(authService) {
|
|
26
|
-
this.authService = authService;
|
|
27
|
-
}
|
|
28
|
-
register(dto) {
|
|
29
|
-
return this.authService.register(dto);
|
|
30
|
-
}
|
|
31
|
-
login(dto) {
|
|
32
|
-
return this.authService.login(dto);
|
|
33
|
-
}
|
|
34
|
-
refresh(dto) {
|
|
35
|
-
return this.authService.refresh(dto.refreshToken);
|
|
36
|
-
}
|
|
37
|
-
logout(user) {
|
|
38
|
-
return this.authService.logout(user.sub);
|
|
39
|
-
}
|
|
40
|
-
me(user) {
|
|
41
|
-
return this.authService.me(user.sub);
|
|
42
|
-
}
|
|
43
|
-
verifyEmail(dto) {
|
|
44
|
-
return this.authService.verifyEmail(dto.token);
|
|
45
|
-
}
|
|
46
|
-
forgotPassword(dto) {
|
|
47
|
-
return this.authService.forgotPassword(dto.email);
|
|
48
|
-
}
|
|
49
|
-
resetPassword(dto) {
|
|
50
|
-
return this.authService.resetPassword(dto.token, dto.newPassword);
|
|
51
|
-
}
|
|
52
|
-
};
|
|
53
|
-
__decorateClass([
|
|
54
|
-
Post("register"),
|
|
55
|
-
__decorateParam(0, Body())
|
|
56
|
-
], AuthController.prototype, "register", 1);
|
|
57
|
-
__decorateClass([
|
|
58
|
-
Post("login"),
|
|
59
|
-
__decorateParam(0, Body())
|
|
60
|
-
], AuthController.prototype, "login", 1);
|
|
61
|
-
__decorateClass([
|
|
62
|
-
Post("refresh"),
|
|
63
|
-
HttpCode(HttpStatus.OK),
|
|
64
|
-
__decorateParam(0, Body())
|
|
65
|
-
], AuthController.prototype, "refresh", 1);
|
|
66
|
-
__decorateClass([
|
|
67
|
-
Post("logout"),
|
|
68
|
-
UseGuards(JwtAuthGuard),
|
|
69
|
-
HttpCode(HttpStatus.OK),
|
|
70
|
-
__decorateParam(0, CurrentUser())
|
|
71
|
-
], AuthController.prototype, "logout", 1);
|
|
72
|
-
__decorateClass([
|
|
73
|
-
Get("me"),
|
|
74
|
-
UseGuards(JwtAuthGuard),
|
|
75
|
-
__decorateParam(0, CurrentUser())
|
|
76
|
-
], AuthController.prototype, "me", 1);
|
|
77
|
-
__decorateClass([
|
|
78
|
-
Post("verify-email"),
|
|
79
|
-
HttpCode(HttpStatus.OK),
|
|
80
|
-
__decorateParam(0, Body())
|
|
81
|
-
], AuthController.prototype, "verifyEmail", 1);
|
|
82
|
-
__decorateClass([
|
|
83
|
-
Post("forgot-password"),
|
|
84
|
-
HttpCode(HttpStatus.OK),
|
|
85
|
-
__decorateParam(0, Body())
|
|
86
|
-
], AuthController.prototype, "forgotPassword", 1);
|
|
87
|
-
__decorateClass([
|
|
88
|
-
Post("reset-password"),
|
|
89
|
-
HttpCode(HttpStatus.OK),
|
|
90
|
-
__decorateParam(0, Body())
|
|
91
|
-
], AuthController.prototype, "resetPassword", 1);
|
|
92
|
-
AuthController = __decorateClass([
|
|
93
|
-
Controller("auth")
|
|
94
|
-
], AuthController);
|
|
95
28
|
var DefaultAuthHooks = class {
|
|
96
29
|
async buildJwtPayload(account) {
|
|
97
30
|
return {
|
|
@@ -138,6 +71,49 @@ function expiresAtFromTtlMs(ttlMs) {
|
|
|
138
71
|
}
|
|
139
72
|
var DEFAULT_EMAIL_VERIFICATION_TTL_MS = 24 * 60 * 60 * 1e3;
|
|
140
73
|
var DEFAULT_PASSWORD_RESET_TTL_MS = 15 * 60 * 1e3;
|
|
74
|
+
var TokenService = class {
|
|
75
|
+
constructor(jwtService, options) {
|
|
76
|
+
this.jwtService = jwtService;
|
|
77
|
+
this.options = options;
|
|
78
|
+
}
|
|
79
|
+
async signTokens(payload) {
|
|
80
|
+
const accessExpiresIn = this.options.expiresIn ?? "1h";
|
|
81
|
+
const refreshExpiresIn = this.options.refreshExpiresIn ?? "7d";
|
|
82
|
+
const [accessToken, refreshToken] = await Promise.all([
|
|
83
|
+
this.jwtService.signAsync(
|
|
84
|
+
payload,
|
|
85
|
+
{
|
|
86
|
+
secret: this.options.secret,
|
|
87
|
+
expiresIn: accessExpiresIn
|
|
88
|
+
}
|
|
89
|
+
),
|
|
90
|
+
this.jwtService.signAsync(
|
|
91
|
+
payload,
|
|
92
|
+
{
|
|
93
|
+
secret: this.options.refreshSecret,
|
|
94
|
+
expiresIn: refreshExpiresIn
|
|
95
|
+
}
|
|
96
|
+
)
|
|
97
|
+
]);
|
|
98
|
+
return { accessToken, refreshToken };
|
|
99
|
+
}
|
|
100
|
+
async verifyRefreshToken(refreshToken) {
|
|
101
|
+
return this.jwtService.verifyAsync(refreshToken, {
|
|
102
|
+
secret: this.options.refreshSecret
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
async hashRefreshToken(refreshToken) {
|
|
106
|
+
return bcrypt2.hash(refreshToken, 10);
|
|
107
|
+
}
|
|
108
|
+
async compareRefreshToken(refreshToken, hash3) {
|
|
109
|
+
return bcrypt2.compare(refreshToken, hash3);
|
|
110
|
+
}
|
|
111
|
+
};
|
|
112
|
+
TokenService = __decorateClass([
|
|
113
|
+
Injectable(),
|
|
114
|
+
__decorateParam(0, Inject(JwtService)),
|
|
115
|
+
__decorateParam(1, Inject(AUTH_MODULE_OPTIONS))
|
|
116
|
+
], TokenService);
|
|
141
117
|
|
|
142
118
|
// src/services/auth.service.ts
|
|
143
119
|
var AuthService = class {
|
|
@@ -176,7 +152,7 @@ var AuthService = class {
|
|
|
176
152
|
await this.hooks.onBeforeRegister?.(input);
|
|
177
153
|
resolveRegisterIdentifier(input, this.identifierField);
|
|
178
154
|
this.assertRegisterEmailWhenVerificationEnabled(input);
|
|
179
|
-
const passwordHash = await
|
|
155
|
+
const passwordHash = await bcrypt2.hash(dto.password, 10);
|
|
180
156
|
try {
|
|
181
157
|
const account = await this.authRepository.create({
|
|
182
158
|
...input,
|
|
@@ -204,7 +180,7 @@ var AuthService = class {
|
|
|
204
180
|
throw new UnauthorizedException("Invalid credentials");
|
|
205
181
|
}
|
|
206
182
|
this.assertAccountActive(account);
|
|
207
|
-
const passwordMatches = await
|
|
183
|
+
const passwordMatches = await bcrypt2.compare(
|
|
208
184
|
dto.password,
|
|
209
185
|
account.passwordHash
|
|
210
186
|
);
|
|
@@ -281,7 +257,7 @@ var AuthService = class {
|
|
|
281
257
|
if (account == null) {
|
|
282
258
|
throw new BadRequestException("TOKEN_INVALID_OR_EXPIRED");
|
|
283
259
|
}
|
|
284
|
-
const passwordHash = await
|
|
260
|
+
const passwordHash = await bcrypt2.hash(newPassword, 10);
|
|
285
261
|
await this.authRepository.updatePasswordHash(account.id, passwordHash);
|
|
286
262
|
await this.authRepository.clearResetToken(account.id);
|
|
287
263
|
await this.authRepository.updateRefreshTokenHash(account.id, null);
|
|
@@ -375,50 +351,83 @@ AuthService = __decorateClass([
|
|
|
375
351
|
Injectable(),
|
|
376
352
|
__decorateParam(0, Inject(AUTH_REPOSITORY)),
|
|
377
353
|
__decorateParam(1, Inject(AUTH_MODULE_OPTIONS)),
|
|
378
|
-
__decorateParam(2, Inject(AUTH_HOOKS))
|
|
354
|
+
__decorateParam(2, Inject(AUTH_HOOKS)),
|
|
355
|
+
__decorateParam(3, Inject(TokenService))
|
|
379
356
|
], AuthService);
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
357
|
+
|
|
358
|
+
// src/controllers/auth.controller.ts
|
|
359
|
+
var AuthController = class {
|
|
360
|
+
constructor(authService) {
|
|
361
|
+
this.authService = authService;
|
|
384
362
|
}
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
const refreshExpiresIn = this.options.refreshExpiresIn ?? "7d";
|
|
388
|
-
const [accessToken, refreshToken] = await Promise.all([
|
|
389
|
-
this.jwtService.signAsync(
|
|
390
|
-
payload,
|
|
391
|
-
{
|
|
392
|
-
secret: this.options.secret,
|
|
393
|
-
expiresIn: accessExpiresIn
|
|
394
|
-
}
|
|
395
|
-
),
|
|
396
|
-
this.jwtService.signAsync(
|
|
397
|
-
payload,
|
|
398
|
-
{
|
|
399
|
-
secret: this.options.refreshSecret,
|
|
400
|
-
expiresIn: refreshExpiresIn
|
|
401
|
-
}
|
|
402
|
-
)
|
|
403
|
-
]);
|
|
404
|
-
return { accessToken, refreshToken };
|
|
363
|
+
register(dto) {
|
|
364
|
+
return this.authService.register(dto);
|
|
405
365
|
}
|
|
406
|
-
|
|
407
|
-
return this.
|
|
408
|
-
secret: this.options.refreshSecret
|
|
409
|
-
});
|
|
366
|
+
login(dto) {
|
|
367
|
+
return this.authService.login(dto);
|
|
410
368
|
}
|
|
411
|
-
|
|
412
|
-
return
|
|
369
|
+
refresh(dto) {
|
|
370
|
+
return this.authService.refresh(dto.refreshToken);
|
|
413
371
|
}
|
|
414
|
-
|
|
415
|
-
return
|
|
372
|
+
logout(user) {
|
|
373
|
+
return this.authService.logout(user.sub);
|
|
374
|
+
}
|
|
375
|
+
me(user) {
|
|
376
|
+
return this.authService.me(user.sub);
|
|
377
|
+
}
|
|
378
|
+
verifyEmail(dto) {
|
|
379
|
+
return this.authService.verifyEmail(dto.token);
|
|
380
|
+
}
|
|
381
|
+
forgotPassword(dto) {
|
|
382
|
+
return this.authService.forgotPassword(dto.email);
|
|
383
|
+
}
|
|
384
|
+
resetPassword(dto) {
|
|
385
|
+
return this.authService.resetPassword(dto.token, dto.newPassword);
|
|
416
386
|
}
|
|
417
387
|
};
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
__decorateParam(
|
|
421
|
-
],
|
|
388
|
+
__decorateClass([
|
|
389
|
+
Post("register"),
|
|
390
|
+
__decorateParam(0, Body())
|
|
391
|
+
], AuthController.prototype, "register", 1);
|
|
392
|
+
__decorateClass([
|
|
393
|
+
Post("login"),
|
|
394
|
+
__decorateParam(0, Body())
|
|
395
|
+
], AuthController.prototype, "login", 1);
|
|
396
|
+
__decorateClass([
|
|
397
|
+
Post("refresh"),
|
|
398
|
+
HttpCode(HttpStatus.OK),
|
|
399
|
+
__decorateParam(0, Body())
|
|
400
|
+
], AuthController.prototype, "refresh", 1);
|
|
401
|
+
__decorateClass([
|
|
402
|
+
Post("logout"),
|
|
403
|
+
UseGuards(JwtAuthGuard),
|
|
404
|
+
HttpCode(HttpStatus.OK),
|
|
405
|
+
__decorateParam(0, CurrentUser())
|
|
406
|
+
], AuthController.prototype, "logout", 1);
|
|
407
|
+
__decorateClass([
|
|
408
|
+
Get("me"),
|
|
409
|
+
UseGuards(JwtAuthGuard),
|
|
410
|
+
__decorateParam(0, CurrentUser())
|
|
411
|
+
], AuthController.prototype, "me", 1);
|
|
412
|
+
__decorateClass([
|
|
413
|
+
Post("verify-email"),
|
|
414
|
+
HttpCode(HttpStatus.OK),
|
|
415
|
+
__decorateParam(0, Body())
|
|
416
|
+
], AuthController.prototype, "verifyEmail", 1);
|
|
417
|
+
__decorateClass([
|
|
418
|
+
Post("forgot-password"),
|
|
419
|
+
HttpCode(HttpStatus.OK),
|
|
420
|
+
__decorateParam(0, Body())
|
|
421
|
+
], AuthController.prototype, "forgotPassword", 1);
|
|
422
|
+
__decorateClass([
|
|
423
|
+
Post("reset-password"),
|
|
424
|
+
HttpCode(HttpStatus.OK),
|
|
425
|
+
__decorateParam(0, Body())
|
|
426
|
+
], AuthController.prototype, "resetPassword", 1);
|
|
427
|
+
AuthController = __decorateClass([
|
|
428
|
+
Controller("auth"),
|
|
429
|
+
__decorateParam(0, Inject(AuthService))
|
|
430
|
+
], AuthController);
|
|
422
431
|
var JwtStrategy = class extends PassportStrategy(Strategy) {
|
|
423
432
|
constructor(options, authRepository) {
|
|
424
433
|
super({
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/decorators/current-user.decorator.ts","../src/guards/jwt-auth.guard.ts","../src/controllers/auth.controller.ts","../src/hooks/default-auth.hooks.ts","../src/utils/duplicate-key.util.ts","../src/utils/token.util.ts","../src/services/auth.service.ts","../src/services/token.service.ts","../src/strategies/jwt.strategy.ts","../src/auth.module.ts","../src/dto/auth-tokens.dto.ts","../src/dto/forgot-password.dto.ts","../src/dto/login.dto.ts","../src/dto/refresh-token.dto.ts","../src/dto/register-ack.dto.ts","../src/dto/register.dto.ts","../src/dto/reset-password.dto.ts","../src/dto/verify-email.dto.ts"],"names":["Injectable","bcrypt2","hash","Inject","UnauthorizedException","IsString","IsNotEmpty","IsOptional","Length"],"mappings":";;;;;;;;;;AAIO,IAAM,WAAA,GAAc,oBAAA;AAAA,EACzB,CAAC,OAAgB,GAAA,KAA0C;AACzD,IAAA,MAAM,OAAA,GAAU,GAAA,CAAI,YAAA,EAAa,CAAE,UAAA,EAAqC;AACxE,IAAA,OAAO,OAAA,CAAQ,IAAA;AAAA,EACjB;AACF;ACLO,IAAM,YAAA,GAAN,cAA2B,SAAA,CAAU,KAAK,CAAA,CAAE;AAAC;AAAvC,YAAA,GAAN,eAAA,CAAA;AAAA,EADN,UAAA;AAAW,CAAA,EACC,YAAA,CAAA;;;ACoBN,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,WAAA,EAA0B;AAA1B,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AAAA,EAA2B;AAAA,EAGxD,SAAiB,GAAA,EAA2C;AAC1D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,QAAA,CAAS,GAAG,CAAA;AAAA,EACtC;AAAA,EAGA,MAAc,GAAA,EAAuC;AACnD,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA;AAAA,EACnC;AAAA,EAIA,QAAgB,GAAA,EAA8C;AAC5D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAAA,EAClD;AAAA,EAKA,OAAsB,IAAA,EAAoD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,EACzC;AAAA,EAIA,GAAkB,IAAA,EAAwD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,EAAA,CAAG,IAAA,CAAK,GAAG,CAAA;AAAA,EACrC;AAAA,EAKA,YAAoB,GAAA,EAAkD;AACpE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,WAAA,CAAY,GAAA,CAAI,KAAK,CAAA;AAAA,EAC/C;AAAA,EAKA,eAAuB,GAAA,EAAiD;AACtE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,cAAA,CAAe,GAAA,CAAI,KAAK,CAAA;AAAA,EAClD;AAAA,EAKA,cAAsB,GAAA,EAAiD;AACrE,IAAA,OAAO,KAAK,WAAA,CAAY,aAAA,CAAc,GAAA,CAAI,KAAA,EAAO,IAAI,WAAW,CAAA;AAAA,EAClE;AACF,CAAA;AAhDE,eAAA,CAAA;AAAA,EADC,KAAK,UAAU,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAJJ,cAAA,CAIX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EADC,KAAK,OAAO,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EATD,cAAA,CASX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFC,KAAK,SAAS,CAAA;AAAA,EACd,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACd,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAfH,cAAA,CAeX,SAAA,EAAA,SAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAHC,KAAK,QAAQ,CAAA;AAAA,EACb,UAAU,YAAY,CAAA;AAAA,EACtB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACf,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EAtBT,cAAA,CAsBX,SAAA,EAAA,QAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFC,IAAI,IAAI,CAAA;AAAA,EACR,UAAU,YAAY,CAAA;AAAA,EACnB,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EA5BL,cAAA,CA4BX,SAAA,EAAA,IAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,cAAc,CAAA;AAAA,EACnB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACV,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAnCP,cAAA,CAmCX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,iBAAiB,CAAA;AAAA,EACtB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACP,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EA1CV,cAAA,CA0CX,SAAA,EAAA,gBAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,gBAAgB,CAAA;AAAA,EACrB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACR,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAjDT,cAAA,CAiDX,SAAA,EAAA,eAAA,EAAA,CAAA,CAAA;AAjDW,cAAA,GAAN,eAAA,CAAA;AAAA,EADN,WAAW,MAAM;AAAA,CAAA,EACL,cAAA,CAAA;ACfN,IAAM,mBAAN,MAA4C;AAAA,EACjD,MAAM,gBACJ,OAAA,EACkC;AAClC,IAAA,OAAO;AAAA,MACL,KAAK,OAAA,CAAQ,EAAA;AAAA,MACb,GAAI,QAAQ,KAAA,IAAS,IAAA,GAAO,EAAE,KAAA,EAAO,OAAA,CAAQ,KAAA,EAAM,GAAI,EAAC;AAAA,MACxD,GAAI,QAAQ,QAAA,IAAY,IAAA,GAAO,EAAE,QAAA,EAAU,OAAA,CAAQ,QAAA,EAAS,GAAI;AAAC,KACnE;AAAA,EACF;AAAA,EAEA,MAAM,SAAS,OAAA,EAA4D;AACzE,IAAA,OAAO;AAAA,MACL,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,UAAU,OAAA,CAAQ,QAAA;AAAA,MAClB,eAAe,OAAA,CAAQ,aAAA;AAAA,MACvB,UAAU,OAAA,CAAQ;AAAA,KACpB;AAAA,EACF;AAAA,EAEA,MAAM,iBAAiB,MAAA,EAAsC;AAC3D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,QAAA,EAA0C;AAC9D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,QAAA,EAA0C;AAC3D,IAAA;AAAA,EACF;AACF;AAhCa,gBAAA,GAAN,eAAA,CAAA;AAAA,EADNA,UAAAA;AAAW,CAAA,EACC,gBAAA,CAAA;;;ACTN,SAAS,oBAAoB,KAAA,EAAyB;AAC3D,EAAA,OACE,CAAC,CAAC,KAAA,IACF,OAAO,UAAU,QAAA,IACjB,MAAA,IAAU,KAAA,IACT,KAAA,CAA2B,IAAA,KAAS,IAAA;AAEzC;ACLO,SAAS,gBAAA,CAAiB,aAAa,EAAA,EAAY;AACxD,EAAA,OAAO,WAAA,CAAY,UAAU,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAC/C;AAEO,SAAS,UAAU,KAAA,EAAuB;AAC/C,EAAA,OAAO,WAAW,QAAQ,CAAA,CAAE,OAAO,KAAK,CAAA,CAAE,OAAO,KAAK,CAAA;AACxD;AAEO,SAAS,mBAAmB,KAAA,EAAqB;AACtD,EAAA,OAAO,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,KAAK,CAAA;AACpC;AAGO,IAAM,iCAAA,GAAoC,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAGzD,IAAM,6BAAA,GAAgC,KAAK,EAAA,GAAK,GAAA;;;ACuBhD,IAAM,cAAN,MAAkB;AAAA,EACvB,WAAA,CAEmB,cAAA,EAEA,OAAA,EAEA,KAAA,EACA,YAAA,EACjB;AANiB,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AACA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AAAA,EAChB;AAAA,EAEH,IAAY,eAAA,GAAkB;AAC5B,IAAA,OAAO,IAAA,CAAK,QAAQ,eAAA,IAAmB,OAAA;AAAA,EACzC;AAAA,EAEA,IAAY,wBAAA,GAA2B;AACrC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,iBAAA,KAAsB,IAAA;AAAA,EACtD;AAAA,EAEA,IAAY,oBAAA,GAAuB;AACjC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,aAAA,KAAkB,IAAA;AAAA,EAClD;AAAA,EAEA,IAAY,kBAAA,GAAqB;AAC/B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,oBAAA,KAAyB,KAAA;AAAA,EACzD;AAAA,EAEQ,uBAAuB,GAAA,EAAuB;AACpD,IAAA,MAAM,QACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GAAU,GAAA,CAAI,QAAQ,GAAA,CAAI,QAAA;AACrD,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR,CAAA,EAAG,KAAK,eAAe,CAAA,sBAAA;AAAA,OACzB;AAAA,IACF;AACA,IAAA,OAAO,oBAAoB,KAAK,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,SAAS,GAAA,EAAiD;AAC9D,IAAA,IAAA,CAAK,sCAAA,EAAuC;AAE5C,IAAA,MAAM,KAAA,GAAuB,EAAE,QAAA,EAAU,GAAA,CAAI,QAAA,EAAS;AACtD,IAAA,IAAI,GAAA,CAAI,KAAA,IAAS,IAAA,EAAM,KAAA,CAAM,QAAQ,GAAA,CAAI,KAAA;AACzC,IAAA,IAAI,GAAA,CAAI,QAAA,IAAY,IAAA,EAAM,KAAA,CAAM,WAAW,GAAA,CAAI,QAAA;AAE/C,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAA,GAAmB,KAAK,CAAA;AAEzC,IAAA,yBAAA,CAA0B,KAAA,EAAO,KAAK,eAAe,CAAA;AACrD,IAAA,IAAA,CAAK,2CAA2C,KAAK,CAAA;AAErD,IAAA,MAAM,YAAA,GAAe,MAAa,MAAA,CAAA,IAAA,CAAK,GAAA,CAAI,UAAU,EAAE,CAAA;AAEvD,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAA,CAAO;AAAA,QAC/C,GAAG,KAAA;AAAA,QACH,YAAA;AAAA,QACA,aAAA,EAAe,CAAC,IAAA,CAAK;AAAA,OACtB,CAAA;AAED,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,eAAA,GAAkB,OAAO,CAAA;AAE1C,MAAA,IAAI,KAAK,wBAAA,EAA0B;AACjC,QAAA,MAAM,IAAA,CAAK,sBAAsB,OAAO,CAAA;AAAA,MAC1C;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC9B,QAAA,MAAM,IAAI,qBAAA,CAAsB,CAAA,EAAG,IAAA,CAAK,eAAe,CAAA,eAAA,CAAiB,CAAA;AAAA,MAC1E;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAEA,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,MAAM,GAAA,EAAoC;AAC9C,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,sBAAA,CAAuB,GAAG,CAAA;AAClD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,2BAAA;AAAA,MACxC;AAAA,KACF;AAEA,IAAA,IAAI,OAAA,EAAS,gBAAgB,IAAA,EAAM;AACjC,MAAA,MAAM,IAAI,sBAAsB,qBAAqB,CAAA;AAAA,IACvD;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,MAAM,kBAAkB,MAAa,MAAA,CAAA,OAAA;AAAA,MACnC,GAAA,CAAI,QAAA;AAAA,MACJ,OAAA,CAAQ;AAAA,KACV;AACA,IAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,MAAA,MAAM,IAAI,sBAAsB,qBAAqB,CAAA;AAAA,IACvD;AAEA,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,QAAQ,YAAA,EAA2C;AACvD,IAAA,IAAI,OAAA;AACJ,IAAA,IAAI;AACF,MAAA,OAAA,GAAU,MAAM,IAAA,CAAK,YAAA,CAAa,kBAAA,CAAmB,YAAY,CAAA;AAAA,IACnE,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAI,sBAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,mBAAA,CAAoB,QAAQ,GAAG,CAAA;AACzE,IAAA,IAAI,OAAA,EAAS,oBAAoB,IAAA,EAAM;AACrC,MAAA,MAAM,IAAI,sBAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,YAAA,CAAa,mBAAA;AAAA,MAC3C,YAAA;AAAA,MACA,OAAA,CAAQ;AAAA,KACV;AACA,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,MAAM,IAAI,sBAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,OAAO,MAAA,EAA8C;AACzD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,MAAA,EAAQ,IAAI,CAAA;AAC7D,IAAA,OAAO,EAAE,WAAW,IAAA,EAAK;AAAA,EAC3B;AAAA,EAEA,MAAM,GAAG,MAAA,EAAkD;AACzD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,MAAM,CAAA;AACzD,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAI,sBAAsB,mBAAmB,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI,IAAA,CAAK,KAAA,CAAM,QAAA,IAAY,IAAA,EAAM;AAC/B,MAAA,OAAO,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,OAAO,CAAA;AAAA,IACpC;AAEA,IAAA,OAAO,IAAI,gBAAA,EAAiB,CAAE,QAAA,CAAS,OAAO,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,YAAY,KAAA,EAA4C;AAC5D,IAAA,IAAA,CAAK,8BAAA,EAA+B;AAEpC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GACJ,MAAM,IAAA,CAAK,cAAA,CAAe,iCAAiC,SAAS,CAAA;AACtE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAI,oBAAoB,0BAA0B,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,iBAAA,CAAkB,OAAA,CAAQ,EAAE,CAAA;AACtD,IAAA,OAAO,EAAE,UAAU,IAAA,EAAK;AAAA,EAC1B;AAAA,EAEA,MAAM,eAAe,KAAA,EAAwC;AAC3D,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAChC,IAAA,IAAA,CAAK,uCAAA,EAAwC;AAE7C,IAAA,MAAM,eAAA,GAAkB,oBAAoB,KAAK,CAAA;AACjD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,YAAY,eAAe,CAAA;AAErE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,MAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,MAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,QAChB,IAAA,CAAK,QAAQ,uBAAA,IAA2B;AAAA,OAC1C;AAEA,MAAA,MAAM,KAAK,cAAA,CAAe,aAAA,CAAc,OAAA,CAAQ,EAAA,EAAI,WAAW,SAAS,CAAA;AACxE,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,OAAA,EAAS,iBAAiB,QAAQ,CAAA;AAAA,IAChE;AAEA,IAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,EACtB;AAAA,EAEA,MAAM,aAAA,CACJ,KAAA,EACA,WAAA,EAC0B;AAC1B,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAEhC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,qBAAqB,SAAS,CAAA;AACxE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAI,oBAAoB,0BAA0B,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,YAAA,GAAe,MAAa,MAAA,CAAA,IAAA,CAAK,WAAA,EAAa,EAAE,CAAA;AACtD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,kBAAA,CAAmB,OAAA,CAAQ,IAAI,YAAY,CAAA;AACrE,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,eAAA,CAAgB,OAAA,CAAQ,EAAE,CAAA;AACpD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,OAAA,CAAQ,IAAI,IAAI,CAAA;AAEjE,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AAAA,EAEQ,oBAAoB,OAAA,EAAgC;AAC1D,IAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,MAAA,MAAM,IAAI,sBAAsB,kBAAkB,CAAA;AAAA,IACpD;AAEA,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,CAAC,OAAA,CAAQ,aAAA,EAAe;AAC3D,MAAA,MAAM,IAAI,sBAAsB,oBAAoB,CAAA;AAAA,IACtD;AAAA,EACF;AAAA,EAEA,MAAc,YAAY,OAAA,EAA+C;AACvE,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAgB,OAAO,CAAA;AACxD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,UAAA,CAAW;AAAA,MAChD,GAAG,OAAA;AAAA,MACH,KAAK,OAAA,CAAQ;AAAA,KACd,CAAA;AAED,IAAA,IAAI,KAAK,kBAAA,EAAoB;AAC3B,MAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,YAAA,CAAa,gBAAA;AAAA,QAC/C,MAAA,CAAO;AAAA,OACT;AACA,MAAA,MAAM,KAAK,cAAA,CAAe,sBAAA;AAAA,QACxB,OAAA,CAAQ,EAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,YAAA,GAAe,OAAO,CAAA;AACvC,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAc,sBAAsB,OAAA,EAAyC;AAC3E,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,mBAAA,CAAoB,OAAO,CAAA;AAC9C,IAAA,IAAI,SAAS,IAAA,EAAM;AAEnB,IAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,IAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,IAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,MAChB,IAAA,CAAK,QAAQ,2BAAA,IACX;AAAA,KACJ;AAEA,IAAA,MAAM,KAAK,cAAA,CAAe,yBAAA;AAAA,MACxB,OAAA,CAAQ,EAAA;AAAA,MACR,SAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,QAAA,EAAU,OAAO,QAAQ,CAAA;AAAA,EACvD;AAAA,EAEQ,oBAAoB,OAAA,EAAyC;AACnE,IAAA,IAAI,QAAQ,KAAA,IAAS,IAAA,IAAQ,QAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxD,MAAA,OAAO,mBAAA,CAAoB,QAAQ,KAAK,CAAA;AAAA,IAC1C;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEQ,2CAA2C,KAAA,EAA4B;AAC7E,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAEpC,IAAA,MAAM,KAAA,GACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GACrB,0BAA0B,KAAA,EAAO,OAAO,CAAA,GACxC,KAAA,CAAM,KAAA,IAAS,IAAA,GACb,mBAAA,CAAoB,KAAA,CAAM,KAAK,CAAA,GAC/B,IAAA;AAER,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,sCAAA,GAA+C;AACrD,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AACjE,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,uCAAA,GAAgD;AACtD,IAAA,IAAI,IAAA,CAAK,oBAAA,IAAwB,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AAC7D,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,8BAAA,GAAuC;AAC7C,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAClC,MAAA,MAAM,IAAI,iBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEQ,0BAAA,GAAmC;AACzC,IAAA,IAAI,CAAC,KAAK,oBAAA,EAAsB;AAC9B,MAAA,MAAM,IAAI,iBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEA,wBAAwB,OAAA,EAA8C;AACpE,IAAA,OAAO,qBAAA,CAAsB,OAAA,EAAS,IAAA,CAAK,eAAe,CAAA;AAAA,EAC5D;AACF;AA7Sa,WAAA,GAAN,eAAA,CAAA;AAAA,EADNA,UAAAA,EAAW;AAAA,EAGP,0BAAO,eAAe,CAAA,CAAA;AAAA,EAEtB,0BAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,0BAAO,UAAU,CAAA;AAAA,CAAA,EANT,WAAA,CAAA;AC/BN,IAAM,eAAN,MAAmB;AAAA,EACxB,WAAA,CACmB,YAEA,OAAA,EACjB;AAHiB,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA,EAEH,MAAM,WAAW,OAAA,EAA8C;AAC7D,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,OAAA,CAAQ,SAAA,IAAa,IAAA;AAClD,IAAA,MAAM,gBAAA,GAAmB,IAAA,CAAK,OAAA,CAAQ,gBAAA,IAAoB,IAAA;AAE1D,IAAA,MAAM,CAAC,WAAA,EAAa,YAAY,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MACpD,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,MAAA;AAAA,UACrB,SAAA,EAAW;AAAA;AACb,OACF;AAAA,MACA,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,aAAA;AAAA,UACrB,SAAA,EAAW;AAAA;AACb;AACF,KACD,CAAA;AAED,IAAA,OAAO,EAAE,aAAa,YAAA,EAAa;AAAA,EACrC;AAAA,EAEA,MAAM,mBAAmB,YAAA,EAA+C;AACtE,IAAA,OAAO,IAAA,CAAK,UAAA,CAAW,WAAA,CAA4B,YAAA,EAAc;AAAA,MAC/D,MAAA,EAAQ,KAAK,OAAA,CAAQ;AAAA,KACtB,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,iBAAiB,YAAA,EAAuC;AAC5D,IAAA,OAAcC,MAAA,CAAA,IAAA,CAAK,cAAc,EAAE,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,mBAAA,CACJ,YAAA,EACAC,KAAAA,EACkB;AAClB,IAAA,OAAcD,MAAA,CAAA,OAAA,CAAQ,cAAcC,KAAI,CAAA;AAAA,EAC1C;AACF;AA/Ca,YAAA,GAAN,eAAA,CAAA;AAAA,EADNF,UAAAA,EAAW;AAAA,EAIP,eAAA,CAAA,CAAA,EAAAG,OAAO,mBAAmB,CAAA;AAAA,CAAA,EAHlB,YAAA,CAAA;ACAN,IAAM,WAAA,GAAN,cAA0B,gBAAA,CAAiB,QAAQ,CAAA,CAAE;AAAA,EAC1D,WAAA,CAEE,SAEiB,cAAA,EACjB;AACA,IAAA,KAAA,CAAM;AAAA,MACJ,cAAA,EAAgB,WAAW,2BAAA,EAA4B;AAAA,MACvD,gBAAA,EAAkB,KAAA;AAAA,MAClB,aAAa,OAAA,CAAQ;AAAA,KACtB,CAAA;AANgB,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAAA,EAOnB;AAAA,EAEA,MAAM,SAAS,OAAA,EAAkD;AAC/D,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,QAAA,CAAS,QAAQ,GAAG,CAAA;AAC9D,IAAA,IAAI,OAAA,IAAW,IAAA,IAAQ,OAAA,CAAQ,QAAA,EAAU;AACvC,MAAA,MAAM,IAAIC,sBAAsB,+BAA+B,CAAA;AAAA,IACjE;AACA,IAAA,OAAO,OAAA;AAAA,EACT;AACF,CAAA;AArBa,WAAA,GAAN,eAAA,CAAA;AAAA,EADNJ,UAAAA,EAAW;AAAA,EAGP,eAAA,CAAA,CAAA,EAAAG,OAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,eAAA,CAAA,CAAA,EAAAA,OAAO,eAAe,CAAA;AAAA,CAAA,EAJd,WAAA,CAAA;;;ACQb,SAAS,oBAAoB,OAAA,EAAwC;AACnE,EAAA,OAAO;AAAA,IACL;AAAA,MACE,OAAA,EAAS,mBAAA;AAAA,MACT,QAAA,EAAU;AAAA,KACZ;AAAA,IACA;AAAA,MACE,OAAA,EAAS,UAAA;AAAA,MACT,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,MAC5B,UAAA,EAAY,CAAC,IAAA,KAA4B;AACvC,QAAA,MAAM,UAAA,GAAa,KAAK,KAAA,IAAS,gBAAA;AACjC,QAAA,OAAO,IAAI,UAAA,EAAW;AAAA,MACxB;AAAA,KACF;AAAA,IACA,WAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAA;AAAA,IACA;AAAA,GACF;AACF;AAEA,SAAS,iBAAA,GAAmC;AAC1C,EAAA,OAAO;AAAA,IACL,cAAA,CAAe,QAAA,CAAS,EAAE,eAAA,EAAiB,OAAO,CAAA;AAAA,IAClD,UAAU,aAAA,CAAc;AAAA,MACtB,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,MAC5B,UAAA,EAAY,CAAC,IAAA,MACV;AAAA,QACC,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,WAAA,EAAa,EAAE,SAAA,EAAW,IAAA,CAAK,aAAa,IAAA;AAAK,OACnD;AAAA,KACH;AAAA,GACH;AACF;AAEA,SAAS,aAAa,WAAA,EAAsC;AAC1D,EAAA,MAAM,MAAA,GAAwB,CAAC,GAAG,iBAAA,EAAmB,CAAA;AACrD,EAAA,IAAI,eAAe,IAAA,EAAM;AACvB,IAAA,MAAA,CAAO,OAAA,CAAQ,GAAI,WAA6B,CAAA;AAAA,EAClD;AACA,EAAA,OAAO,MAAA;AACT;AAGO,IAAM,aAAN,MAAiB;AAAA,EACtB,OAAO,QAAQ,OAAA,EAA2C;AACxD,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,UAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,SAAS,iBAAA,EAAkB;AAAA,MAC3B,WAAA,EAAa,CAAC,cAAc,CAAA;AAAA,MAC5B,SAAA,EAAW,oBAAoB,OAAO,CAAA;AAAA,MACtC,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA,YAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,OAAA,EAAgD;AAClE,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,UAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,YAAA,CAAa,OAAA,CAAQ,OAAO,CAAA;AAAA,MACrC,WAAA,EAAa,CAAC,cAAc,CAAA;AAAA,MAC5B,SAAA,EAAW;AAAA,QACT;AAAA,UACE,OAAA,EAAS,mBAAA;AAAA,UACT,MAAA,EAAS,OAAA,CAAQ,MAAA,IAAU,EAAC;AAAA,UAC5B,YAAY,OAAA,CAAQ;AAAA,SACtB;AAAA,QACA;AAAA,UACE,OAAA,EAAS,UAAA;AAAA,UACT,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,UAC5B,UAAA,EAAY,CAAC,IAAA,KAA4B;AACvC,YAAA,MAAM,UAAA,GAAa,KAAK,KAAA,IAAS,gBAAA;AACjC,YAAA,OAAO,IAAI,UAAA,EAAW;AAAA,UACxB;AAAA,SACF;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA;AAAA,OACF;AAAA,MACA,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA,YAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AACF;AAxDa,UAAA,GAAN,eAAA,CAAA;AAAA,EADN,MAAA,CAAO,EAAE;AAAA,CAAA,EACG,UAAA,CAAA;;;AC9DN,IAAM,gBAAN,MAAoB;AAG3B;ACDO,IAAM,oBAAN,MAAwB;AAG/B;AADE,eAAA,CAAA;AAAA,EADC,OAAA;AAAQ,CAAA,EADE,iBAAA,CAEX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;ACFK,IAAM,WAAN,MAAe;AAetB;AAXE,eAAA,CAAA;AAAA,EAHC,UAAA,EAAW;AAAA,EACX,QAAA,EAAS;AAAA,EACT,MAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAHH,QAAA,CAIX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHC,UAAA,EAAW;AAAA,EACX,QAAA,EAAS;AAAA,EACT,MAAA,CAAO,GAAG,EAAE;AAAA,CAAA,EARF,QAAA,CASX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHC,QAAA,EAAS;AAAA,EACT,UAAA,EAAW;AAAA,EACX,MAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAbH,QAAA,CAcX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;ACdK,IAAM,kBAAN,MAAsB;AAI7B;AADE,eAAA,CAAA;AAAA,EAFCE,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,eAAA,CAGX,SAAA,EAAA,cAAA,EAAA,CAAA,CAAA;;;ACLK,IAAM,iBAAN,MAAqB;AAE5B;ACAO,IAAM,cAAN,MAAkB;AAgBzB;AAZE,eAAA,CAAA;AAAA,EAHCC,UAAAA,EAAW;AAAA,EACXF,QAAAA,EAAS;AAAA,EACTG,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAHH,WAAA,CAIX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAJCD,UAAAA,EAAW;AAAA,EACXF,QAAAA,EAAS;AAAA,EACTG,MAAAA,CAAO,GAAG,EAAE,CAAA;AAAA,EACZ,QAAQ,mBAAmB;AAAA,CAAA,EATjB,WAAA,CAUX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCH,QAAAA,EAAS;AAAA,EACTC,UAAAA,EAAW;AAAA,EACXE,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAdH,WAAA,CAeX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;ACfK,IAAM,mBAAN,MAAuB;AAS9B;AANE,eAAA,CAAA;AAAA,EAFCH,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,gBAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCD,QAAAA,EAAS;AAAA,EACTC,UAAAA,EAAW;AAAA,EACXE,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAPH,gBAAA,CAQX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;ACRK,IAAM,iBAAN,MAAqB;AAI5B;AADE,eAAA,CAAA;AAAA,EAFCH,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,cAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA","file":"index.js","sourcesContent":["import { createParamDecorator, type ExecutionContext } from \"@nestjs/common\";\n\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\nexport const CurrentUser = createParamDecorator(\n (_data: unknown, ctx: ExecutionContext): AuthJwtPayload => {\n const request = ctx.switchToHttp().getRequest<{ user: AuthJwtPayload }>();\n return request.user;\n },\n);\n","import { Injectable } from \"@nestjs/common\";\nimport { AuthGuard } from \"@nestjs/passport\";\n\n@Injectable()\nexport class JwtAuthGuard extends AuthGuard(\"jwt\") {}\n","import {\n Body,\n Controller,\n Get,\n HttpCode,\n HttpStatus,\n Post,\n UseGuards,\n} from \"@nestjs/common\";\n\nimport { AuthTokensDto } from \"../dto/auth-tokens.dto\";\nimport { ForgotPasswordDto } from \"../dto/forgot-password.dto\";\nimport { LoginDto } from \"../dto/login.dto\";\nimport { RefreshTokenDto } from \"../dto/refresh-token.dto\";\nimport { RegisterAckDto } from \"../dto/register-ack.dto\";\nimport { RegisterDto } from \"../dto/register.dto\";\nimport { ResetPasswordDto } from \"../dto/reset-password.dto\";\nimport { VerifyEmailDto } from \"../dto/verify-email.dto\";\nimport { CurrentUser } from \"../decorators/current-user.decorator\";\nimport { JwtAuthGuard } from \"../guards/jwt-auth.guard\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\nimport { AuthService } from \"../services/auth.service\";\n\n@Controller(\"auth\")\nexport class AuthController {\n constructor(private readonly authService: AuthService) {}\n\n @Post(\"register\")\n register(@Body() dto: RegisterDto): Promise<RegisterAckDto> {\n return this.authService.register(dto);\n }\n\n @Post(\"login\")\n login(@Body() dto: LoginDto): Promise<AuthTokensDto> {\n return this.authService.login(dto);\n }\n\n @Post(\"refresh\")\n @HttpCode(HttpStatus.OK)\n refresh(@Body() dto: RefreshTokenDto): Promise<AuthTokensDto> {\n return this.authService.refresh(dto.refreshToken);\n }\n\n @Post(\"logout\")\n @UseGuards(JwtAuthGuard)\n @HttpCode(HttpStatus.OK)\n logout(@CurrentUser() user: AuthJwtPayload): Promise<{ loggedOut: true }> {\n return this.authService.logout(user.sub);\n }\n\n @Get(\"me\")\n @UseGuards(JwtAuthGuard)\n me(@CurrentUser() user: AuthJwtPayload): Promise<Record<string, unknown>> {\n return this.authService.me(user.sub);\n }\n\n /** Available only when `features.emailVerification` is enabled. */\n @Post(\"verify-email\")\n @HttpCode(HttpStatus.OK)\n verifyEmail(@Body() dto: VerifyEmailDto): Promise<{ verified: true }> {\n return this.authService.verifyEmail(dto.token);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"forgot-password\")\n @HttpCode(HttpStatus.OK)\n forgotPassword(@Body() dto: ForgotPasswordDto): Promise<{ sent: true }> {\n return this.authService.forgotPassword(dto.email);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"reset-password\")\n @HttpCode(HttpStatus.OK)\n resetPassword(@Body() dto: ResetPasswordDto): Promise<{ reset: true }> {\n return this.authService.resetPassword(dto.token, dto.newPassword);\n }\n}\n","import { Injectable } from \"@nestjs/common\";\n\nimport type {\n AuthHooks,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\n\n@Injectable()\nexport class DefaultAuthHooks implements AuthHooks {\n async buildJwtPayload(\n account: BaseAuthAccount,\n ): Promise<Record<string, unknown>> {\n return {\n sub: account.id,\n ...(account.email != null ? { email: account.email } : {}),\n ...(account.username != null ? { username: account.username } : {}),\n };\n }\n\n async enrichMe(account: BaseAuthAccount): Promise<Record<string, unknown>> {\n return {\n id: account.id,\n email: account.email,\n username: account.username,\n emailVerified: account.emailVerified,\n disabled: account.disabled,\n };\n }\n\n async onBeforeRegister(_input: RegisterInput): Promise<void> {\n return;\n }\n\n async onAfterRegister(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n\n async onAfterLogin(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n}\n","export function isDuplicateKeyError(error: unknown): boolean {\n return (\n !!error &&\n typeof error === \"object\" &&\n \"code\" in error &&\n (error as { code: number }).code === 11000\n );\n}\n","import { createHash, randomBytes } from \"crypto\";\n\nexport function generateRawToken(byteLength = 32): string {\n return randomBytes(byteLength).toString(\"hex\");\n}\n\nexport function hashToken(token: string): string {\n return createHash(\"sha256\").update(token).digest(\"hex\");\n}\n\nexport function expiresAtFromTtlMs(ttlMs: number): Date {\n return new Date(Date.now() + ttlMs);\n}\n\n/** Default: 24 hours */\nexport const DEFAULT_EMAIL_VERIFICATION_TTL_MS = 24 * 60 * 60 * 1000;\n\n/** Default: 15 minutes */\nexport const DEFAULT_PASSWORD_RESET_TTL_MS = 15 * 60 * 1000;\n","import {\n BadRequestException,\n Inject,\n Injectable,\n NotFoundException,\n UnauthorizedException,\n} from \"@nestjs/common\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport {\n AUTH_HOOKS,\n AUTH_MODULE_OPTIONS,\n AUTH_REPOSITORY,\n} from \"../constants/tokens\";\nimport type { LoginDto } from \"../dto/login.dto\";\nimport type { RegisterDto } from \"../dto/register.dto\";\nimport { DefaultAuthHooks } from \"../hooks/default-auth.hooks\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type {\n AuthHooks,\n AuthTokens,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport { isDuplicateKeyError } from \"../utils/duplicate-key.util\";\nimport {\n normalizeIdentifier,\n readAccountIdentifier,\n resolveRegisterIdentifier,\n} from \"../utils/identifier.util\";\nimport {\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n DEFAULT_PASSWORD_RESET_TTL_MS,\n expiresAtFromTtlMs,\n generateRawToken,\n hashToken,\n} from \"../utils/token.util\";\nimport { TokenService } from \"./token.service\";\n\n@Injectable()\nexport class AuthService {\n constructor(\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n @Inject(AUTH_HOOKS)\n private readonly hooks: AuthHooks,\n private readonly tokenService: TokenService,\n ) {}\n\n private get identifierField() {\n return this.options.identifierField ?? \"email\";\n }\n\n private get emailVerificationEnabled() {\n return this.options.features?.emailVerification === true;\n }\n\n private get passwordResetEnabled() {\n return this.options.features?.passwordReset === true;\n }\n\n private get rotateRefreshToken() {\n return this.options.features?.refreshTokenRotation !== false;\n }\n\n private resolveLoginIdentifier(dto: LoginDto): string {\n const value =\n this.identifierField === \"email\" ? dto.email : dto.username;\n if (value == null || value.trim() === \"\") {\n throw new BadRequestException(\n `${this.identifierField} is required for login`,\n );\n }\n return normalizeIdentifier(value);\n }\n\n async register(dto: RegisterDto): Promise<{ registered: true }> {\n this.assertEmailHookWhenVerificationEnabled();\n\n const input: RegisterInput = { password: dto.password };\n if (dto.email != null) input.email = dto.email;\n if (dto.username != null) input.username = dto.username;\n\n await this.hooks.onBeforeRegister?.(input);\n\n resolveRegisterIdentifier(input, this.identifierField);\n this.assertRegisterEmailWhenVerificationEnabled(input);\n\n const passwordHash = await bcrypt.hash(dto.password, 10);\n\n try {\n const account = await this.authRepository.create({\n ...input,\n passwordHash,\n emailVerified: !this.emailVerificationEnabled,\n });\n\n await this.hooks.onAfterRegister?.(account);\n\n if (this.emailVerificationEnabled) {\n await this.sendVerificationEmail(account);\n }\n } catch (error) {\n if (isDuplicateKeyError(error)) {\n throw new UnauthorizedException(`${this.identifierField} already exists`);\n }\n throw error;\n }\n\n return { registered: true };\n }\n\n async login(dto: LoginDto): Promise<AuthTokens> {\n const identifier = this.resolveLoginIdentifier(dto);\n const account = await this.authRepository.findByIdentifierWithSecrets(\n identifier,\n );\n\n if (account?.passwordHash == null) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n this.assertAccountActive(account);\n\n const passwordMatches = await bcrypt.compare(\n dto.password,\n account.passwordHash,\n );\n if (!passwordMatches) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n return this.issueTokens(account);\n }\n\n async refresh(refreshToken: string): Promise<AuthTokens> {\n let payload;\n try {\n payload = await this.tokenService.verifyRefreshToken(refreshToken);\n } catch {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n const account = await this.authRepository.findByIdWithSecrets(payload.sub);\n if (account?.refreshTokenHash == null) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n this.assertAccountActive(account);\n\n const tokenMatches = await this.tokenService.compareRefreshToken(\n refreshToken,\n account.refreshTokenHash,\n );\n if (!tokenMatches) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n return this.issueTokens(account);\n }\n\n async logout(authId: string): Promise<{ loggedOut: true }> {\n await this.authRepository.updateRefreshTokenHash(authId, null);\n return { loggedOut: true };\n }\n\n async me(authId: string): Promise<Record<string, unknown>> {\n const account = await this.authRepository.findById(authId);\n if (account == null) {\n throw new UnauthorizedException(\"Account not found\");\n }\n\n if (this.hooks.enrichMe != null) {\n return this.hooks.enrichMe(account);\n }\n\n return new DefaultAuthHooks().enrichMe(account);\n }\n\n async verifyEmail(token: string): Promise<{ verified: true }> {\n this.assertEmailVerificationEnabled();\n\n const tokenHash = hashToken(token);\n const account =\n await this.authRepository.findByEmailVerificationTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(\"TOKEN_INVALID_OR_EXPIRED\");\n }\n\n await this.authRepository.markEmailVerified(account.id);\n return { verified: true };\n }\n\n async forgotPassword(email: string): Promise<{ sent: true }> {\n this.assertPasswordResetEnabled();\n this.assertEmailHookWhenPasswordResetEnabled();\n\n const normalizedEmail = normalizeIdentifier(email);\n const account = await this.authRepository.findByEmail(normalizedEmail);\n\n if (account != null) {\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.passwordResetTokenTtlMs ?? DEFAULT_PASSWORD_RESET_TTL_MS,\n );\n\n await this.authRepository.setResetToken(account.id, tokenHash, expiresAt);\n await this.hooks.sendEmail!(\"reset\", normalizedEmail, rawToken);\n }\n\n return { sent: true };\n }\n\n async resetPassword(\n token: string,\n newPassword: string,\n ): Promise<{ reset: true }> {\n this.assertPasswordResetEnabled();\n\n const tokenHash = hashToken(token);\n const account = await this.authRepository.findByResetTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(\"TOKEN_INVALID_OR_EXPIRED\");\n }\n\n const passwordHash = await bcrypt.hash(newPassword, 10);\n await this.authRepository.updatePasswordHash(account.id, passwordHash);\n await this.authRepository.clearResetToken(account.id);\n await this.authRepository.updateRefreshTokenHash(account.id, null);\n\n return { reset: true };\n }\n\n private assertAccountActive(account: BaseAuthAccount): void {\n if (account.disabled) {\n throw new UnauthorizedException(\"ACCOUNT_DISABLED\");\n }\n\n if (this.emailVerificationEnabled && !account.emailVerified) {\n throw new UnauthorizedException(\"EMAIL_NOT_VERIFIED\");\n }\n }\n\n private async issueTokens(account: BaseAuthAccount): Promise<AuthTokens> {\n const payload = await this.hooks.buildJwtPayload(account);\n const tokens = await this.tokenService.signTokens({\n ...payload,\n sub: account.id,\n });\n\n if (this.rotateRefreshToken) {\n const refreshTokenHash = await this.tokenService.hashRefreshToken(\n tokens.refreshToken,\n );\n await this.authRepository.updateRefreshTokenHash(\n account.id,\n refreshTokenHash,\n );\n }\n\n await this.hooks.onAfterLogin?.(account);\n return tokens;\n }\n\n private async sendVerificationEmail(account: BaseAuthAccount): Promise<void> {\n const email = this.resolveAccountEmail(account);\n if (email == null) return;\n\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.emailVerificationTokenTtlMs ??\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n );\n\n await this.authRepository.setEmailVerificationToken(\n account.id,\n tokenHash,\n expiresAt,\n );\n await this.hooks.sendEmail!(\"verify\", email, rawToken);\n }\n\n private resolveAccountEmail(account: BaseAuthAccount): string | null {\n if (account.email != null && account.email.trim() !== \"\") {\n return normalizeIdentifier(account.email);\n }\n return null;\n }\n\n private assertRegisterEmailWhenVerificationEnabled(input: RegisterInput): void {\n if (!this.emailVerificationEnabled) return;\n\n const email =\n this.identifierField === \"email\"\n ? resolveRegisterIdentifier(input, \"email\")\n : input.email != null\n ? normalizeIdentifier(input.email)\n : null;\n\n if (email == null || email.trim() === \"\") {\n throw new BadRequestException(\n \"email is required when emailVerification feature is enabled\",\n );\n }\n }\n\n private assertEmailHookWhenVerificationEnabled(): void {\n if (this.emailVerificationEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"emailVerification is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailHookWhenPasswordResetEnabled(): void {\n if (this.passwordResetEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"passwordReset is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailVerificationEnabled(): void {\n if (!this.emailVerificationEnabled) {\n throw new NotFoundException();\n }\n }\n\n private assertPasswordResetEnabled(): void {\n if (!this.passwordResetEnabled) {\n throw new NotFoundException();\n }\n }\n\n getIdentifierForAccount(account: BaseAuthAccount): string | undefined {\n return readAccountIdentifier(account, this.identifierField);\n }\n}\n","import { Inject, Injectable } from \"@nestjs/common\";\nimport { JwtService, type JwtSignOptions } from \"@nestjs/jwt\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport { AUTH_MODULE_OPTIONS } from \"../constants/tokens\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { AuthTokens } from \"../interfaces/auth-hooks.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\n@Injectable()\nexport class TokenService {\n constructor(\n private readonly jwtService: JwtService,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n ) {}\n\n async signTokens(payload: AuthJwtPayload): Promise<AuthTokens> {\n const accessExpiresIn = this.options.expiresIn ?? \"1h\";\n const refreshExpiresIn = this.options.refreshExpiresIn ?? \"7d\";\n\n const [accessToken, refreshToken] = await Promise.all([\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.secret,\n expiresIn: accessExpiresIn,\n } as JwtSignOptions,\n ),\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.refreshSecret,\n expiresIn: refreshExpiresIn,\n } as JwtSignOptions,\n ),\n ]);\n\n return { accessToken, refreshToken };\n }\n\n async verifyRefreshToken(refreshToken: string): Promise<AuthJwtPayload> {\n return this.jwtService.verifyAsync<AuthJwtPayload>(refreshToken, {\n secret: this.options.refreshSecret,\n });\n }\n\n async hashRefreshToken(refreshToken: string): Promise<string> {\n return bcrypt.hash(refreshToken, 10);\n }\n\n async compareRefreshToken(\n refreshToken: string,\n hash: string,\n ): Promise<boolean> {\n return bcrypt.compare(refreshToken, hash);\n }\n}\n","import { Inject, Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { PassportStrategy } from \"@nestjs/passport\";\nimport { ExtractJwt, Strategy } from \"passport-jwt\";\n\nimport { AUTH_MODULE_OPTIONS, AUTH_REPOSITORY } from \"../constants/tokens\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\n@Injectable()\nexport class JwtStrategy extends PassportStrategy(Strategy) {\n constructor(\n @Inject(AUTH_MODULE_OPTIONS)\n options: AuthModuleOptions,\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n ) {\n super({\n jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),\n ignoreExpiration: false,\n secretOrKey: options.secret,\n });\n }\n\n async validate(payload: AuthJwtPayload): Promise<AuthJwtPayload> {\n const account = await this.authRepository.findById(payload.sub);\n if (account == null || account.disabled) {\n throw new UnauthorizedException(\"Account not found or inactive\");\n }\n return payload;\n }\n}\n","import { DynamicModule, Module, Provider } from \"@nestjs/common\";\nimport { JwtModule, type JwtModuleOptions } from \"@nestjs/jwt\";\nimport { PassportModule } from \"@nestjs/passport\";\n\nimport { AuthController } from \"./controllers/auth.controller\";\nimport { AUTH_HOOKS, AUTH_MODULE_OPTIONS } from \"./constants/tokens\";\nimport { DefaultAuthHooks } from \"./hooks/default-auth.hooks\";\nimport type {\n AuthModuleAsyncOptions,\n AuthModuleOptions,\n} from \"./interfaces/auth-config.interface\";\nimport { AuthService } from \"./services/auth.service\";\nimport { TokenService } from \"./services/token.service\";\nimport { JwtAuthGuard } from \"./guards/jwt-auth.guard\";\nimport { JwtStrategy } from \"./strategies/jwt.strategy\";\n\ntype ModuleImports = NonNullable<DynamicModule[\"imports\"]>;\n\nfunction createAuthProviders(options: AuthModuleOptions): Provider[] {\n return [\n {\n provide: AUTH_MODULE_OPTIONS,\n useValue: options,\n },\n {\n provide: AUTH_HOOKS,\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) => {\n const HooksClass = opts.hooks ?? DefaultAuthHooks;\n return new HooksClass();\n },\n },\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ];\n}\n\nfunction createAuthImports(): ModuleImports {\n return [\n PassportModule.register({ defaultStrategy: \"jwt\" }),\n JwtModule.registerAsync({\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) =>\n ({\n secret: opts.secret,\n signOptions: { expiresIn: opts.expiresIn ?? \"1h\" },\n }) as JwtModuleOptions,\n }),\n ];\n}\n\nfunction mergeImports(userImports?: unknown): ModuleImports {\n const merged: ModuleImports = [...createAuthImports()];\n if (userImports != null) {\n merged.unshift(...(userImports as ModuleImports));\n }\n return merged;\n}\n\n@Module({})\nexport class AuthModule {\n static forRoot(options: AuthModuleOptions): DynamicModule {\n return {\n module: AuthModule,\n global: true,\n imports: createAuthImports(),\n controllers: [AuthController],\n providers: createAuthProviders(options),\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n\n static forRootAsync(options: AuthModuleAsyncOptions): DynamicModule {\n return {\n module: AuthModule,\n global: true,\n imports: mergeImports(options.imports),\n controllers: [AuthController],\n providers: [\n {\n provide: AUTH_MODULE_OPTIONS,\n inject: (options.inject ?? []) as never[],\n useFactory: options.useFactory,\n },\n {\n provide: AUTH_HOOKS,\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) => {\n const HooksClass = opts.hooks ?? DefaultAuthHooks;\n return new HooksClass();\n },\n },\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ],\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n}\n","export class AuthTokensDto {\n accessToken!: string;\n refreshToken!: string;\n}\n","import { IsEmail } from \"class-validator\";\n\nexport class ForgotPasswordDto {\n @IsEmail()\n email!: string;\n}\n","import { IsNotEmpty, IsOptional, IsString, Length } from \"class-validator\";\n\nexport class LoginDto {\n @IsOptional()\n @IsString()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class RefreshTokenDto {\n @IsString()\n @IsNotEmpty()\n refreshToken!: string;\n}\n","export class RegisterAckDto {\n registered!: true;\n}\n","import { IsNotEmpty, IsOptional, IsString, Length, Matches } from \"class-validator\";\n\nexport class RegisterDto {\n @IsOptional()\n @IsString()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n @Matches(/^[a-zA-Z0-9._-]+$/)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString, Length } from \"class-validator\";\n\nexport class ResetPasswordDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n newPassword!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class VerifyEmailDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/decorators/current-user.decorator.ts","../src/guards/jwt-auth.guard.ts","../src/hooks/default-auth.hooks.ts","../src/utils/duplicate-key.util.ts","../src/utils/token.util.ts","../src/services/token.service.ts","../src/services/auth.service.ts","../src/controllers/auth.controller.ts","../src/strategies/jwt.strategy.ts","../src/auth.module.ts","../src/dto/auth-tokens.dto.ts","../src/dto/forgot-password.dto.ts","../src/dto/login.dto.ts","../src/dto/refresh-token.dto.ts","../src/dto/register-ack.dto.ts","../src/dto/register.dto.ts","../src/dto/reset-password.dto.ts","../src/dto/verify-email.dto.ts"],"names":["Injectable","bcrypt","hash","UnauthorizedException","Inject","IsString","IsNotEmpty","IsOptional","Length"],"mappings":";;;;;;;;;;AAIO,IAAM,WAAA,GAAc,oBAAA;AAAA,EACzB,CAAC,OAAgB,GAAA,KAA0C;AACzD,IAAA,MAAM,OAAA,GAAU,GAAA,CAAI,YAAA,EAAa,CAAE,UAAA,EAAqC;AACxE,IAAA,OAAO,OAAA,CAAQ,IAAA;AAAA,EACjB;AACF;ACLO,IAAM,YAAA,GAAN,cAA2B,SAAA,CAAU,KAAK,CAAA,CAAE;AAAA,EACjD,aAAA,CACE,GAAA,EACA,IAAA,EACA,KAAA,EACO;AACP,IAAA,IAAI,GAAA,IAAO,IAAA,IAAQ,IAAA,IAAQ,IAAA,EAAM;AAC/B,MAAA,MAAM,GAAA,IAAO,IAAI,qBAAA,EAAsB;AAAA,IACzC;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAXa,YAAA,GAAN,eAAA,CAAA;AAAA,EADN,UAAA;AAAW,CAAA,EACC,YAAA,CAAA;ACKN,IAAM,mBAAN,MAA4C;AAAA,EACjD,MAAM,gBACJ,OAAA,EACkC;AAClC,IAAA,OAAO;AAAA,MACL,KAAK,OAAA,CAAQ,EAAA;AAAA,MACb,GAAI,QAAQ,KAAA,IAAS,IAAA,GAAO,EAAE,KAAA,EAAO,OAAA,CAAQ,KAAA,EAAM,GAAI,EAAC;AAAA,MACxD,GAAI,QAAQ,QAAA,IAAY,IAAA,GAAO,EAAE,QAAA,EAAU,OAAA,CAAQ,QAAA,EAAS,GAAI;AAAC,KACnE;AAAA,EACF;AAAA,EAEA,MAAM,SAAS,OAAA,EAA4D;AACzE,IAAA,OAAO;AAAA,MACL,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,UAAU,OAAA,CAAQ,QAAA;AAAA,MAClB,eAAe,OAAA,CAAQ,aAAA;AAAA,MACvB,UAAU,OAAA,CAAQ;AAAA,KACpB;AAAA,EACF;AAAA,EAEA,MAAM,iBAAiB,MAAA,EAAsC;AAC3D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,QAAA,EAA0C;AAC9D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,QAAA,EAA0C;AAC3D,IAAA;AAAA,EACF;AACF;AAhCa,gBAAA,GAAN,eAAA,CAAA;AAAA,EADNA,UAAAA;AAAW,CAAA,EACC,gBAAA,CAAA;;;ACTN,SAAS,oBAAoB,KAAA,EAAyB;AAC3D,EAAA,OACE,CAAC,CAAC,KAAA,IACF,OAAO,UAAU,QAAA,IACjB,MAAA,IAAU,KAAA,IACT,KAAA,CAA2B,IAAA,KAAS,IAAA;AAEzC;ACLO,SAAS,gBAAA,CAAiB,aAAa,EAAA,EAAY;AACxD,EAAA,OAAO,WAAA,CAAY,UAAU,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAC/C;AAEO,SAAS,UAAU,KAAA,EAAuB;AAC/C,EAAA,OAAO,WAAW,QAAQ,CAAA,CAAE,OAAO,KAAK,CAAA,CAAE,OAAO,KAAK,CAAA;AACxD;AAEO,SAAS,mBAAmB,KAAA,EAAqB;AACtD,EAAA,OAAO,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,KAAK,CAAA;AACpC;AAGO,IAAM,iCAAA,GAAoC,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAGzD,IAAM,6BAAA,GAAgC,KAAK,EAAA,GAAK,GAAA;ACRhD,IAAM,eAAN,MAAmB;AAAA,EACxB,WAAA,CAEmB,YAEA,OAAA,EACjB;AAHiB,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA,EAEH,MAAM,WAAW,OAAA,EAA8C;AAC7D,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,OAAA,CAAQ,SAAA,IAAa,IAAA;AAClD,IAAA,MAAM,gBAAA,GAAmB,IAAA,CAAK,OAAA,CAAQ,gBAAA,IAAoB,IAAA;AAE1D,IAAA,MAAM,CAAC,WAAA,EAAa,YAAY,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MACpD,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,MAAA;AAAA,UACrB,SAAA,EAAW;AAAA;AACb,OACF;AAAA,MACA,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,aAAA;AAAA,UACrB,SAAA,EAAW;AAAA;AACb;AACF,KACD,CAAA;AAED,IAAA,OAAO,EAAE,aAAa,YAAA,EAAa;AAAA,EACrC;AAAA,EAEA,MAAM,mBAAmB,YAAA,EAA+C;AACtE,IAAA,OAAO,IAAA,CAAK,UAAA,CAAW,WAAA,CAA4B,YAAA,EAAc;AAAA,MAC/D,MAAA,EAAQ,KAAK,OAAA,CAAQ;AAAA,KACtB,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,iBAAiB,YAAA,EAAuC;AAC5D,IAAA,OAAcC,OAAA,CAAA,IAAA,CAAK,cAAc,EAAE,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,mBAAA,CACJ,YAAA,EACAC,KAAAA,EACkB;AAClB,IAAA,OAAcD,OAAA,CAAA,OAAA,CAAQ,cAAcC,KAAI,CAAA;AAAA,EAC1C;AACF;AAhDa,YAAA,GAAN,eAAA,CAAA;AAAA,EADNF,UAAAA,EAAW;AAAA,EAGP,0BAAO,UAAU,CAAA,CAAA;AAAA,EAEjB,0BAAO,mBAAmB,CAAA;AAAA,CAAA,EAJlB,YAAA,CAAA;;;AC+BN,IAAM,cAAN,MAAkB;AAAA,EACvB,WAAA,CAEmB,cAAA,EAEA,OAAA,EAEA,KAAA,EAEA,YAAA,EACjB;AAPiB,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAEA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AAAA,EAChB;AAAA,EAEH,IAAY,eAAA,GAAkB;AAC5B,IAAA,OAAO,IAAA,CAAK,QAAQ,eAAA,IAAmB,OAAA;AAAA,EACzC;AAAA,EAEA,IAAY,wBAAA,GAA2B;AACrC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,iBAAA,KAAsB,IAAA;AAAA,EACtD;AAAA,EAEA,IAAY,oBAAA,GAAuB;AACjC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,aAAA,KAAkB,IAAA;AAAA,EAClD;AAAA,EAEA,IAAY,kBAAA,GAAqB;AAC/B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,oBAAA,KAAyB,KAAA;AAAA,EACzD;AAAA,EAEQ,uBAAuB,GAAA,EAAuB;AACpD,IAAA,MAAM,QACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GAAU,GAAA,CAAI,QAAQ,GAAA,CAAI,QAAA;AACrD,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR,CAAA,EAAG,KAAK,eAAe,CAAA,sBAAA;AAAA,OACzB;AAAA,IACF;AACA,IAAA,OAAO,oBAAoB,KAAK,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,SAAS,GAAA,EAAiD;AAC9D,IAAA,IAAA,CAAK,sCAAA,EAAuC;AAE5C,IAAA,MAAM,KAAA,GAAuB,EAAE,QAAA,EAAU,GAAA,CAAI,QAAA,EAAS;AACtD,IAAA,IAAI,GAAA,CAAI,KAAA,IAAS,IAAA,EAAM,KAAA,CAAM,QAAQ,GAAA,CAAI,KAAA;AACzC,IAAA,IAAI,GAAA,CAAI,QAAA,IAAY,IAAA,EAAM,KAAA,CAAM,WAAW,GAAA,CAAI,QAAA;AAE/C,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAA,GAAmB,KAAK,CAAA;AAEzC,IAAA,yBAAA,CAA0B,KAAA,EAAO,KAAK,eAAe,CAAA;AACrD,IAAA,IAAA,CAAK,2CAA2C,KAAK,CAAA;AAErD,IAAA,MAAM,YAAA,GAAe,MAAa,OAAA,CAAA,IAAA,CAAK,GAAA,CAAI,UAAU,EAAE,CAAA;AAEvD,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAA,CAAO;AAAA,QAC/C,GAAG,KAAA;AAAA,QACH,YAAA;AAAA,QACA,aAAA,EAAe,CAAC,IAAA,CAAK;AAAA,OACtB,CAAA;AAED,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,eAAA,GAAkB,OAAO,CAAA;AAE1C,MAAA,IAAI,KAAK,wBAAA,EAA0B;AACjC,QAAA,MAAM,IAAA,CAAK,sBAAsB,OAAO,CAAA;AAAA,MAC1C;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC9B,QAAA,MAAM,IAAIG,qBAAAA,CAAsB,CAAA,EAAG,IAAA,CAAK,eAAe,CAAA,eAAA,CAAiB,CAAA;AAAA,MAC1E;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAEA,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,MAAM,GAAA,EAAoC;AAC9C,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,sBAAA,CAAuB,GAAG,CAAA;AAClD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,2BAAA;AAAA,MACxC;AAAA,KACF;AAEA,IAAA,IAAI,OAAA,EAAS,gBAAgB,IAAA,EAAM;AACjC,MAAA,MAAM,IAAIA,sBAAsB,qBAAqB,CAAA;AAAA,IACvD;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,MAAM,kBAAkB,MAAa,OAAA,CAAA,OAAA;AAAA,MACnC,GAAA,CAAI,QAAA;AAAA,MACJ,OAAA,CAAQ;AAAA,KACV;AACA,IAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,MAAA,MAAM,IAAIA,sBAAsB,qBAAqB,CAAA;AAAA,IACvD;AAEA,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,QAAQ,YAAA,EAA2C;AACvD,IAAA,IAAI,OAAA;AACJ,IAAA,IAAI;AACF,MAAA,OAAA,GAAU,MAAM,IAAA,CAAK,YAAA,CAAa,kBAAA,CAAmB,YAAY,CAAA;AAAA,IACnE,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAIA,sBAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,mBAAA,CAAoB,QAAQ,GAAG,CAAA;AACzE,IAAA,IAAI,OAAA,EAAS,oBAAoB,IAAA,EAAM;AACrC,MAAA,MAAM,IAAIA,sBAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,YAAA,CAAa,mBAAA;AAAA,MAC3C,YAAA;AAAA,MACA,OAAA,CAAQ;AAAA,KACV;AACA,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,MAAM,IAAIA,sBAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,OAAO,MAAA,EAA8C;AACzD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,MAAA,EAAQ,IAAI,CAAA;AAC7D,IAAA,OAAO,EAAE,WAAW,IAAA,EAAK;AAAA,EAC3B;AAAA,EAEA,MAAM,GAAG,MAAA,EAAkD;AACzD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,MAAM,CAAA;AACzD,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAIA,sBAAsB,mBAAmB,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI,IAAA,CAAK,KAAA,CAAM,QAAA,IAAY,IAAA,EAAM;AAC/B,MAAA,OAAO,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,OAAO,CAAA;AAAA,IACpC;AAEA,IAAA,OAAO,IAAI,gBAAA,EAAiB,CAAE,QAAA,CAAS,OAAO,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,YAAY,KAAA,EAA4C;AAC5D,IAAA,IAAA,CAAK,8BAAA,EAA+B;AAEpC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GACJ,MAAM,IAAA,CAAK,cAAA,CAAe,iCAAiC,SAAS,CAAA;AACtE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAI,oBAAoB,0BAA0B,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,iBAAA,CAAkB,OAAA,CAAQ,EAAE,CAAA;AACtD,IAAA,OAAO,EAAE,UAAU,IAAA,EAAK;AAAA,EAC1B;AAAA,EAEA,MAAM,eAAe,KAAA,EAAwC;AAC3D,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAChC,IAAA,IAAA,CAAK,uCAAA,EAAwC;AAE7C,IAAA,MAAM,eAAA,GAAkB,oBAAoB,KAAK,CAAA;AACjD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,YAAY,eAAe,CAAA;AAErE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,MAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,MAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,QAChB,IAAA,CAAK,QAAQ,uBAAA,IAA2B;AAAA,OAC1C;AAEA,MAAA,MAAM,KAAK,cAAA,CAAe,aAAA,CAAc,OAAA,CAAQ,EAAA,EAAI,WAAW,SAAS,CAAA;AACxE,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,OAAA,EAAS,iBAAiB,QAAQ,CAAA;AAAA,IAChE;AAEA,IAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,EACtB;AAAA,EAEA,MAAM,aAAA,CACJ,KAAA,EACA,WAAA,EAC0B;AAC1B,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAEhC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,qBAAqB,SAAS,CAAA;AACxE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAI,oBAAoB,0BAA0B,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,YAAA,GAAe,MAAa,OAAA,CAAA,IAAA,CAAK,WAAA,EAAa,EAAE,CAAA;AACtD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,kBAAA,CAAmB,OAAA,CAAQ,IAAI,YAAY,CAAA;AACrE,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,eAAA,CAAgB,OAAA,CAAQ,EAAE,CAAA;AACpD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,OAAA,CAAQ,IAAI,IAAI,CAAA;AAEjE,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AAAA,EAEQ,oBAAoB,OAAA,EAAgC;AAC1D,IAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,MAAA,MAAM,IAAIA,sBAAsB,kBAAkB,CAAA;AAAA,IACpD;AAEA,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,CAAC,OAAA,CAAQ,aAAA,EAAe;AAC3D,MAAA,MAAM,IAAIA,sBAAsB,oBAAoB,CAAA;AAAA,IACtD;AAAA,EACF;AAAA,EAEA,MAAc,YAAY,OAAA,EAA+C;AACvE,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAgB,OAAO,CAAA;AACxD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,UAAA,CAAW;AAAA,MAChD,GAAG,OAAA;AAAA,MACH,KAAK,OAAA,CAAQ;AAAA,KACd,CAAA;AAED,IAAA,IAAI,KAAK,kBAAA,EAAoB;AAC3B,MAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,YAAA,CAAa,gBAAA;AAAA,QAC/C,MAAA,CAAO;AAAA,OACT;AACA,MAAA,MAAM,KAAK,cAAA,CAAe,sBAAA;AAAA,QACxB,OAAA,CAAQ,EAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,YAAA,GAAe,OAAO,CAAA;AACvC,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAc,sBAAsB,OAAA,EAAyC;AAC3E,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,mBAAA,CAAoB,OAAO,CAAA;AAC9C,IAAA,IAAI,SAAS,IAAA,EAAM;AAEnB,IAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,IAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,IAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,MAChB,IAAA,CAAK,QAAQ,2BAAA,IACX;AAAA,KACJ;AAEA,IAAA,MAAM,KAAK,cAAA,CAAe,yBAAA;AAAA,MACxB,OAAA,CAAQ,EAAA;AAAA,MACR,SAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,QAAA,EAAU,OAAO,QAAQ,CAAA;AAAA,EACvD;AAAA,EAEQ,oBAAoB,OAAA,EAAyC;AACnE,IAAA,IAAI,QAAQ,KAAA,IAAS,IAAA,IAAQ,QAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxD,MAAA,OAAO,mBAAA,CAAoB,QAAQ,KAAK,CAAA;AAAA,IAC1C;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEQ,2CAA2C,KAAA,EAA4B;AAC7E,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAEpC,IAAA,MAAM,KAAA,GACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GACrB,0BAA0B,KAAA,EAAO,OAAO,CAAA,GACxC,KAAA,CAAM,KAAA,IAAS,IAAA,GACb,mBAAA,CAAoB,KAAA,CAAM,KAAK,CAAA,GAC/B,IAAA;AAER,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,sCAAA,GAA+C;AACrD,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AACjE,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,uCAAA,GAAgD;AACtD,IAAA,IAAI,IAAA,CAAK,oBAAA,IAAwB,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AAC7D,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,8BAAA,GAAuC;AAC7C,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAClC,MAAA,MAAM,IAAI,iBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEQ,0BAAA,GAAmC;AACzC,IAAA,IAAI,CAAC,KAAK,oBAAA,EAAsB;AAC9B,MAAA,MAAM,IAAI,iBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEA,wBAAwB,OAAA,EAA8C;AACpE,IAAA,OAAO,qBAAA,CAAsB,OAAA,EAAS,IAAA,CAAK,eAAe,CAAA;AAAA,EAC5D;AACF;AA9Sa,WAAA,GAAN,eAAA,CAAA;AAAA,EADNH,UAAAA,EAAW;AAAA,EAGP,eAAA,CAAA,CAAA,EAAAI,OAAO,eAAe,CAAA,CAAA;AAAA,EAEtB,eAAA,CAAA,CAAA,EAAAA,OAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,eAAA,CAAA,CAAA,EAAAA,OAAO,UAAU,CAAA,CAAA;AAAA,EAEjB,eAAA,CAAA,CAAA,EAAAA,OAAO,YAAY,CAAA;AAAA,CAAA,EARX,WAAA,CAAA;;;AChBN,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAAkD,WAAA,EAA0B;AAA1B,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AAAA,EAA2B;AAAA,EAG7E,SAAiB,GAAA,EAA2C;AAC1D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,QAAA,CAAS,GAAG,CAAA;AAAA,EACtC;AAAA,EAGA,MAAc,GAAA,EAAuC;AACnD,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA;AAAA,EACnC;AAAA,EAIA,QAAgB,GAAA,EAA8C;AAC5D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAAA,EAClD;AAAA,EAKA,OAAsB,IAAA,EAAoD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,EACzC;AAAA,EAIA,GAAkB,IAAA,EAAwD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,EAAA,CAAG,IAAA,CAAK,GAAG,CAAA;AAAA,EACrC;AAAA,EAKA,YAAoB,GAAA,EAAkD;AACpE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,WAAA,CAAY,GAAA,CAAI,KAAK,CAAA;AAAA,EAC/C;AAAA,EAKA,eAAuB,GAAA,EAAiD;AACtE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,cAAA,CAAe,GAAA,CAAI,KAAK,CAAA;AAAA,EAClD;AAAA,EAKA,cAAsB,GAAA,EAAiD;AACrE,IAAA,OAAO,KAAK,WAAA,CAAY,aAAA,CAAc,GAAA,CAAI,KAAA,EAAO,IAAI,WAAW,CAAA;AAAA,EAClE;AACF,CAAA;AAhDE,eAAA,CAAA;AAAA,EADC,KAAK,UAAU,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAJJ,cAAA,CAIX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EADC,KAAK,OAAO,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EATD,cAAA,CASX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFC,KAAK,SAAS,CAAA;AAAA,EACd,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACd,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAfH,cAAA,CAeX,SAAA,EAAA,SAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAHC,KAAK,QAAQ,CAAA;AAAA,EACb,UAAU,YAAY,CAAA;AAAA,EACtB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACf,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EAtBT,cAAA,CAsBX,SAAA,EAAA,QAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFC,IAAI,IAAI,CAAA;AAAA,EACR,UAAU,YAAY,CAAA;AAAA,EACnB,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EA5BL,cAAA,CA4BX,SAAA,EAAA,IAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,cAAc,CAAA;AAAA,EACnB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACV,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAnCP,cAAA,CAmCX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,iBAAiB,CAAA;AAAA,EACtB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACP,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EA1CV,cAAA,CA0CX,SAAA,EAAA,gBAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,gBAAgB,CAAA;AAAA,EACrB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACR,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAjDT,cAAA,CAiDX,SAAA,EAAA,eAAA,EAAA,CAAA,CAAA;AAjDW,cAAA,GAAN,eAAA,CAAA;AAAA,EADN,WAAW,MAAM,CAAA;AAAA,EAEH,eAAA,CAAA,CAAA,EAAAA,OAAO,WAAW,CAAA;AAAA,CAAA,EADpB,cAAA,CAAA;ACfN,IAAM,WAAA,GAAN,cAA0B,gBAAA,CAAiB,QAAQ,CAAA,CAAE;AAAA,EAC1D,WAAA,CAEE,SAEiB,cAAA,EACjB;AACA,IAAA,KAAA,CAAM;AAAA,MACJ,cAAA,EAAgB,WAAW,2BAAA,EAA4B;AAAA,MACvD,gBAAA,EAAkB,KAAA;AAAA,MAClB,aAAa,OAAA,CAAQ;AAAA,KACtB,CAAA;AANgB,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAAA,EAOnB;AAAA,EAEA,MAAM,SAAS,OAAA,EAAkD;AAC/D,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,QAAA,CAAS,QAAQ,GAAG,CAAA;AAC9D,IAAA,IAAI,OAAA,IAAW,IAAA,IAAQ,OAAA,CAAQ,QAAA,EAAU;AACvC,MAAA,MAAM,IAAID,sBAAsB,+BAA+B,CAAA;AAAA,IACjE;AACA,IAAA,OAAO,OAAA;AAAA,EACT;AACF,CAAA;AArBa,WAAA,GAAN,eAAA,CAAA;AAAA,EADNH,UAAAA,EAAW;AAAA,EAGP,eAAA,CAAA,CAAA,EAAAI,OAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,eAAA,CAAA,CAAA,EAAAA,OAAO,eAAe,CAAA;AAAA,CAAA,EAJd,WAAA,CAAA;;;ACQb,SAAS,oBAAoB,OAAA,EAAwC;AACnE,EAAA,OAAO;AAAA,IACL;AAAA,MACE,OAAA,EAAS,mBAAA;AAAA,MACT,QAAA,EAAU;AAAA,KACZ;AAAA,IACA;AAAA,MACE,OAAA,EAAS,UAAA;AAAA,MACT,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,MAC5B,UAAA,EAAY,CAAC,IAAA,KAA4B;AACvC,QAAA,MAAM,UAAA,GAAa,KAAK,KAAA,IAAS,gBAAA;AACjC,QAAA,OAAO,IAAI,UAAA,EAAW;AAAA,MACxB;AAAA,KACF;AAAA,IACA,WAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAA;AAAA,IACA;AAAA,GACF;AACF;AAEA,SAAS,iBAAA,GAAmC;AAC1C,EAAA,OAAO;AAAA,IACL,cAAA,CAAe,QAAA,CAAS,EAAE,eAAA,EAAiB,OAAO,CAAA;AAAA,IAClD,UAAU,aAAA,CAAc;AAAA,MACtB,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,MAC5B,UAAA,EAAY,CAAC,IAAA,MACV;AAAA,QACC,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,WAAA,EAAa,EAAE,SAAA,EAAW,IAAA,CAAK,aAAa,IAAA;AAAK,OACnD;AAAA,KACH;AAAA,GACH;AACF;AAEA,SAAS,aAAa,WAAA,EAAsC;AAC1D,EAAA,MAAM,MAAA,GAAwB,CAAC,GAAG,iBAAA,EAAmB,CAAA;AACrD,EAAA,IAAI,eAAe,IAAA,EAAM;AACvB,IAAA,MAAA,CAAO,OAAA,CAAQ,GAAI,WAA6B,CAAA;AAAA,EAClD;AACA,EAAA,OAAO,MAAA;AACT;AAGO,IAAM,aAAN,MAAiB;AAAA,EACtB,OAAO,QAAQ,OAAA,EAA2C;AACxD,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,UAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,SAAS,iBAAA,EAAkB;AAAA,MAC3B,WAAA,EAAa,CAAC,cAAc,CAAA;AAAA,MAC5B,SAAA,EAAW,oBAAoB,OAAO,CAAA;AAAA,MACtC,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA,YAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,OAAA,EAAgD;AAClE,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,UAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,YAAA,CAAa,OAAA,CAAQ,OAAO,CAAA;AAAA,MACrC,WAAA,EAAa,CAAC,cAAc,CAAA;AAAA,MAC5B,SAAA,EAAW;AAAA,QACT;AAAA,UACE,OAAA,EAAS,mBAAA;AAAA,UACT,MAAA,EAAS,OAAA,CAAQ,MAAA,IAAU,EAAC;AAAA,UAC5B,YAAY,OAAA,CAAQ;AAAA,SACtB;AAAA,QACA;AAAA,UACE,OAAA,EAAS,UAAA;AAAA,UACT,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,UAC5B,UAAA,EAAY,CAAC,IAAA,KAA4B;AACvC,YAAA,MAAM,UAAA,GAAa,KAAK,KAAA,IAAS,gBAAA;AACjC,YAAA,OAAO,IAAI,UAAA,EAAW;AAAA,UACxB;AAAA,SACF;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA;AAAA,OACF;AAAA,MACA,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA,YAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AACF;AAxDa,UAAA,GAAN,eAAA,CAAA;AAAA,EADN,MAAA,CAAO,EAAE;AAAA,CAAA,EACG,UAAA,CAAA;;;AC9DN,IAAM,gBAAN,MAAoB;AAG3B;ACDO,IAAM,oBAAN,MAAwB;AAG/B;AADE,eAAA,CAAA;AAAA,EADC,OAAA;AAAQ,CAAA,EADE,iBAAA,CAEX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;ACFK,IAAM,WAAN,MAAe;AAetB;AAXE,eAAA,CAAA;AAAA,EAHC,UAAA,EAAW;AAAA,EACX,QAAA,EAAS;AAAA,EACT,MAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAHH,QAAA,CAIX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHC,UAAA,EAAW;AAAA,EACX,QAAA,EAAS;AAAA,EACT,MAAA,CAAO,GAAG,EAAE;AAAA,CAAA,EARF,QAAA,CASX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHC,QAAA,EAAS;AAAA,EACT,UAAA,EAAW;AAAA,EACX,MAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAbH,QAAA,CAcX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;ACdK,IAAM,kBAAN,MAAsB;AAI7B;AADE,eAAA,CAAA;AAAA,EAFCC,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,eAAA,CAGX,SAAA,EAAA,cAAA,EAAA,CAAA,CAAA;;;ACLK,IAAM,iBAAN,MAAqB;AAE5B;ACAO,IAAM,cAAN,MAAkB;AAgBzB;AAZE,eAAA,CAAA;AAAA,EAHCC,UAAAA,EAAW;AAAA,EACXF,QAAAA,EAAS;AAAA,EACTG,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAHH,WAAA,CAIX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAJCD,UAAAA,EAAW;AAAA,EACXF,QAAAA,EAAS;AAAA,EACTG,MAAAA,CAAO,GAAG,EAAE,CAAA;AAAA,EACZ,QAAQ,mBAAmB;AAAA,CAAA,EATjB,WAAA,CAUX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCH,QAAAA,EAAS;AAAA,EACTC,UAAAA,EAAW;AAAA,EACXE,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAdH,WAAA,CAeX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;ACfK,IAAM,mBAAN,MAAuB;AAS9B;AANE,eAAA,CAAA;AAAA,EAFCH,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,gBAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCD,QAAAA,EAAS;AAAA,EACTC,UAAAA,EAAW;AAAA,EACXE,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAPH,gBAAA,CAQX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;ACRK,IAAM,iBAAN,MAAqB;AAI5B;AADE,eAAA,CAAA;AAAA,EAFCH,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,cAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA","file":"index.js","sourcesContent":["import { createParamDecorator, type ExecutionContext } from \"@nestjs/common\";\n\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\nexport const CurrentUser = createParamDecorator(\n (_data: unknown, ctx: ExecutionContext): AuthJwtPayload => {\n const request = ctx.switchToHttp().getRequest<{ user: AuthJwtPayload }>();\n return request.user;\n },\n);\n","import { Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { AuthGuard } from \"@nestjs/passport\";\n\n@Injectable()\nexport class JwtAuthGuard extends AuthGuard(\"jwt\") {\n handleRequest<TUser>(\n err: Error | null,\n user: TUser,\n _info: unknown,\n ): TUser {\n if (err != null || user == null) {\n throw err ?? new UnauthorizedException();\n }\n return user;\n }\n}\n","import { Injectable } from \"@nestjs/common\";\n\nimport type {\n AuthHooks,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\n\n@Injectable()\nexport class DefaultAuthHooks implements AuthHooks {\n async buildJwtPayload(\n account: BaseAuthAccount,\n ): Promise<Record<string, unknown>> {\n return {\n sub: account.id,\n ...(account.email != null ? { email: account.email } : {}),\n ...(account.username != null ? { username: account.username } : {}),\n };\n }\n\n async enrichMe(account: BaseAuthAccount): Promise<Record<string, unknown>> {\n return {\n id: account.id,\n email: account.email,\n username: account.username,\n emailVerified: account.emailVerified,\n disabled: account.disabled,\n };\n }\n\n async onBeforeRegister(_input: RegisterInput): Promise<void> {\n return;\n }\n\n async onAfterRegister(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n\n async onAfterLogin(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n}\n","export function isDuplicateKeyError(error: unknown): boolean {\n return (\n !!error &&\n typeof error === \"object\" &&\n \"code\" in error &&\n (error as { code: number }).code === 11000\n );\n}\n","import { createHash, randomBytes } from \"crypto\";\n\nexport function generateRawToken(byteLength = 32): string {\n return randomBytes(byteLength).toString(\"hex\");\n}\n\nexport function hashToken(token: string): string {\n return createHash(\"sha256\").update(token).digest(\"hex\");\n}\n\nexport function expiresAtFromTtlMs(ttlMs: number): Date {\n return new Date(Date.now() + ttlMs);\n}\n\n/** Default: 24 hours */\nexport const DEFAULT_EMAIL_VERIFICATION_TTL_MS = 24 * 60 * 60 * 1000;\n\n/** Default: 15 minutes */\nexport const DEFAULT_PASSWORD_RESET_TTL_MS = 15 * 60 * 1000;\n","import { Inject, Injectable } from \"@nestjs/common\";\nimport { JwtService, type JwtSignOptions } from \"@nestjs/jwt\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport { AUTH_MODULE_OPTIONS } from \"../constants/tokens\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { AuthTokens } from \"../interfaces/auth-hooks.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\n@Injectable()\nexport class TokenService {\n constructor(\n @Inject(JwtService)\n private readonly jwtService: JwtService,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n ) {}\n\n async signTokens(payload: AuthJwtPayload): Promise<AuthTokens> {\n const accessExpiresIn = this.options.expiresIn ?? \"1h\";\n const refreshExpiresIn = this.options.refreshExpiresIn ?? \"7d\";\n\n const [accessToken, refreshToken] = await Promise.all([\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.secret,\n expiresIn: accessExpiresIn,\n } as JwtSignOptions,\n ),\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.refreshSecret,\n expiresIn: refreshExpiresIn,\n } as JwtSignOptions,\n ),\n ]);\n\n return { accessToken, refreshToken };\n }\n\n async verifyRefreshToken(refreshToken: string): Promise<AuthJwtPayload> {\n return this.jwtService.verifyAsync<AuthJwtPayload>(refreshToken, {\n secret: this.options.refreshSecret,\n });\n }\n\n async hashRefreshToken(refreshToken: string): Promise<string> {\n return bcrypt.hash(refreshToken, 10);\n }\n\n async compareRefreshToken(\n refreshToken: string,\n hash: string,\n ): Promise<boolean> {\n return bcrypt.compare(refreshToken, hash);\n }\n}\n","import {\n BadRequestException,\n Inject,\n Injectable,\n NotFoundException,\n UnauthorizedException,\n} from \"@nestjs/common\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport {\n AUTH_HOOKS,\n AUTH_MODULE_OPTIONS,\n AUTH_REPOSITORY,\n} from \"../constants/tokens\";\nimport type { LoginDto } from \"../dto/login.dto\";\nimport type { RegisterDto } from \"../dto/register.dto\";\nimport { DefaultAuthHooks } from \"../hooks/default-auth.hooks\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type {\n AuthHooks,\n AuthTokens,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport { isDuplicateKeyError } from \"../utils/duplicate-key.util\";\nimport {\n normalizeIdentifier,\n readAccountIdentifier,\n resolveRegisterIdentifier,\n} from \"../utils/identifier.util\";\nimport {\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n DEFAULT_PASSWORD_RESET_TTL_MS,\n expiresAtFromTtlMs,\n generateRawToken,\n hashToken,\n} from \"../utils/token.util\";\nimport { TokenService } from \"./token.service\";\n\n@Injectable()\nexport class AuthService {\n constructor(\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n @Inject(AUTH_HOOKS)\n private readonly hooks: AuthHooks,\n @Inject(TokenService)\n private readonly tokenService: TokenService,\n ) {}\n\n private get identifierField() {\n return this.options.identifierField ?? \"email\";\n }\n\n private get emailVerificationEnabled() {\n return this.options.features?.emailVerification === true;\n }\n\n private get passwordResetEnabled() {\n return this.options.features?.passwordReset === true;\n }\n\n private get rotateRefreshToken() {\n return this.options.features?.refreshTokenRotation !== false;\n }\n\n private resolveLoginIdentifier(dto: LoginDto): string {\n const value =\n this.identifierField === \"email\" ? dto.email : dto.username;\n if (value == null || value.trim() === \"\") {\n throw new BadRequestException(\n `${this.identifierField} is required for login`,\n );\n }\n return normalizeIdentifier(value);\n }\n\n async register(dto: RegisterDto): Promise<{ registered: true }> {\n this.assertEmailHookWhenVerificationEnabled();\n\n const input: RegisterInput = { password: dto.password };\n if (dto.email != null) input.email = dto.email;\n if (dto.username != null) input.username = dto.username;\n\n await this.hooks.onBeforeRegister?.(input);\n\n resolveRegisterIdentifier(input, this.identifierField);\n this.assertRegisterEmailWhenVerificationEnabled(input);\n\n const passwordHash = await bcrypt.hash(dto.password, 10);\n\n try {\n const account = await this.authRepository.create({\n ...input,\n passwordHash,\n emailVerified: !this.emailVerificationEnabled,\n });\n\n await this.hooks.onAfterRegister?.(account);\n\n if (this.emailVerificationEnabled) {\n await this.sendVerificationEmail(account);\n }\n } catch (error) {\n if (isDuplicateKeyError(error)) {\n throw new UnauthorizedException(`${this.identifierField} already exists`);\n }\n throw error;\n }\n\n return { registered: true };\n }\n\n async login(dto: LoginDto): Promise<AuthTokens> {\n const identifier = this.resolveLoginIdentifier(dto);\n const account = await this.authRepository.findByIdentifierWithSecrets(\n identifier,\n );\n\n if (account?.passwordHash == null) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n this.assertAccountActive(account);\n\n const passwordMatches = await bcrypt.compare(\n dto.password,\n account.passwordHash,\n );\n if (!passwordMatches) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n return this.issueTokens(account);\n }\n\n async refresh(refreshToken: string): Promise<AuthTokens> {\n let payload;\n try {\n payload = await this.tokenService.verifyRefreshToken(refreshToken);\n } catch {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n const account = await this.authRepository.findByIdWithSecrets(payload.sub);\n if (account?.refreshTokenHash == null) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n this.assertAccountActive(account);\n\n const tokenMatches = await this.tokenService.compareRefreshToken(\n refreshToken,\n account.refreshTokenHash,\n );\n if (!tokenMatches) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n return this.issueTokens(account);\n }\n\n async logout(authId: string): Promise<{ loggedOut: true }> {\n await this.authRepository.updateRefreshTokenHash(authId, null);\n return { loggedOut: true };\n }\n\n async me(authId: string): Promise<Record<string, unknown>> {\n const account = await this.authRepository.findById(authId);\n if (account == null) {\n throw new UnauthorizedException(\"Account not found\");\n }\n\n if (this.hooks.enrichMe != null) {\n return this.hooks.enrichMe(account);\n }\n\n return new DefaultAuthHooks().enrichMe(account);\n }\n\n async verifyEmail(token: string): Promise<{ verified: true }> {\n this.assertEmailVerificationEnabled();\n\n const tokenHash = hashToken(token);\n const account =\n await this.authRepository.findByEmailVerificationTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(\"TOKEN_INVALID_OR_EXPIRED\");\n }\n\n await this.authRepository.markEmailVerified(account.id);\n return { verified: true };\n }\n\n async forgotPassword(email: string): Promise<{ sent: true }> {\n this.assertPasswordResetEnabled();\n this.assertEmailHookWhenPasswordResetEnabled();\n\n const normalizedEmail = normalizeIdentifier(email);\n const account = await this.authRepository.findByEmail(normalizedEmail);\n\n if (account != null) {\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.passwordResetTokenTtlMs ?? DEFAULT_PASSWORD_RESET_TTL_MS,\n );\n\n await this.authRepository.setResetToken(account.id, tokenHash, expiresAt);\n await this.hooks.sendEmail!(\"reset\", normalizedEmail, rawToken);\n }\n\n return { sent: true };\n }\n\n async resetPassword(\n token: string,\n newPassword: string,\n ): Promise<{ reset: true }> {\n this.assertPasswordResetEnabled();\n\n const tokenHash = hashToken(token);\n const account = await this.authRepository.findByResetTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(\"TOKEN_INVALID_OR_EXPIRED\");\n }\n\n const passwordHash = await bcrypt.hash(newPassword, 10);\n await this.authRepository.updatePasswordHash(account.id, passwordHash);\n await this.authRepository.clearResetToken(account.id);\n await this.authRepository.updateRefreshTokenHash(account.id, null);\n\n return { reset: true };\n }\n\n private assertAccountActive(account: BaseAuthAccount): void {\n if (account.disabled) {\n throw new UnauthorizedException(\"ACCOUNT_DISABLED\");\n }\n\n if (this.emailVerificationEnabled && !account.emailVerified) {\n throw new UnauthorizedException(\"EMAIL_NOT_VERIFIED\");\n }\n }\n\n private async issueTokens(account: BaseAuthAccount): Promise<AuthTokens> {\n const payload = await this.hooks.buildJwtPayload(account);\n const tokens = await this.tokenService.signTokens({\n ...payload,\n sub: account.id,\n });\n\n if (this.rotateRefreshToken) {\n const refreshTokenHash = await this.tokenService.hashRefreshToken(\n tokens.refreshToken,\n );\n await this.authRepository.updateRefreshTokenHash(\n account.id,\n refreshTokenHash,\n );\n }\n\n await this.hooks.onAfterLogin?.(account);\n return tokens;\n }\n\n private async sendVerificationEmail(account: BaseAuthAccount): Promise<void> {\n const email = this.resolveAccountEmail(account);\n if (email == null) return;\n\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.emailVerificationTokenTtlMs ??\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n );\n\n await this.authRepository.setEmailVerificationToken(\n account.id,\n tokenHash,\n expiresAt,\n );\n await this.hooks.sendEmail!(\"verify\", email, rawToken);\n }\n\n private resolveAccountEmail(account: BaseAuthAccount): string | null {\n if (account.email != null && account.email.trim() !== \"\") {\n return normalizeIdentifier(account.email);\n }\n return null;\n }\n\n private assertRegisterEmailWhenVerificationEnabled(input: RegisterInput): void {\n if (!this.emailVerificationEnabled) return;\n\n const email =\n this.identifierField === \"email\"\n ? resolveRegisterIdentifier(input, \"email\")\n : input.email != null\n ? normalizeIdentifier(input.email)\n : null;\n\n if (email == null || email.trim() === \"\") {\n throw new BadRequestException(\n \"email is required when emailVerification feature is enabled\",\n );\n }\n }\n\n private assertEmailHookWhenVerificationEnabled(): void {\n if (this.emailVerificationEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"emailVerification is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailHookWhenPasswordResetEnabled(): void {\n if (this.passwordResetEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"passwordReset is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailVerificationEnabled(): void {\n if (!this.emailVerificationEnabled) {\n throw new NotFoundException();\n }\n }\n\n private assertPasswordResetEnabled(): void {\n if (!this.passwordResetEnabled) {\n throw new NotFoundException();\n }\n }\n\n getIdentifierForAccount(account: BaseAuthAccount): string | undefined {\n return readAccountIdentifier(account, this.identifierField);\n }\n}\n","import {\n Body,\n Controller,\n Get,\n HttpCode,\n HttpStatus,\n Inject,\n Post,\n UseGuards,\n} from \"@nestjs/common\";\n\nimport { AuthTokensDto } from \"../dto/auth-tokens.dto\";\nimport { ForgotPasswordDto } from \"../dto/forgot-password.dto\";\nimport { LoginDto } from \"../dto/login.dto\";\nimport { RefreshTokenDto } from \"../dto/refresh-token.dto\";\nimport { RegisterAckDto } from \"../dto/register-ack.dto\";\nimport { RegisterDto } from \"../dto/register.dto\";\nimport { ResetPasswordDto } from \"../dto/reset-password.dto\";\nimport { VerifyEmailDto } from \"../dto/verify-email.dto\";\nimport { CurrentUser } from \"../decorators/current-user.decorator\";\nimport { JwtAuthGuard } from \"../guards/jwt-auth.guard\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\nimport { AuthService } from \"../services/auth.service\";\n\n@Controller(\"auth\")\nexport class AuthController {\n constructor(@Inject(AuthService) private readonly authService: AuthService) {}\n\n @Post(\"register\")\n register(@Body() dto: RegisterDto): Promise<RegisterAckDto> {\n return this.authService.register(dto);\n }\n\n @Post(\"login\")\n login(@Body() dto: LoginDto): Promise<AuthTokensDto> {\n return this.authService.login(dto);\n }\n\n @Post(\"refresh\")\n @HttpCode(HttpStatus.OK)\n refresh(@Body() dto: RefreshTokenDto): Promise<AuthTokensDto> {\n return this.authService.refresh(dto.refreshToken);\n }\n\n @Post(\"logout\")\n @UseGuards(JwtAuthGuard)\n @HttpCode(HttpStatus.OK)\n logout(@CurrentUser() user: AuthJwtPayload): Promise<{ loggedOut: true }> {\n return this.authService.logout(user.sub);\n }\n\n @Get(\"me\")\n @UseGuards(JwtAuthGuard)\n me(@CurrentUser() user: AuthJwtPayload): Promise<Record<string, unknown>> {\n return this.authService.me(user.sub);\n }\n\n /** Available only when `features.emailVerification` is enabled. */\n @Post(\"verify-email\")\n @HttpCode(HttpStatus.OK)\n verifyEmail(@Body() dto: VerifyEmailDto): Promise<{ verified: true }> {\n return this.authService.verifyEmail(dto.token);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"forgot-password\")\n @HttpCode(HttpStatus.OK)\n forgotPassword(@Body() dto: ForgotPasswordDto): Promise<{ sent: true }> {\n return this.authService.forgotPassword(dto.email);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"reset-password\")\n @HttpCode(HttpStatus.OK)\n resetPassword(@Body() dto: ResetPasswordDto): Promise<{ reset: true }> {\n return this.authService.resetPassword(dto.token, dto.newPassword);\n }\n}\n","import { Inject, Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { PassportStrategy } from \"@nestjs/passport\";\nimport { ExtractJwt, Strategy } from \"passport-jwt\";\n\nimport { AUTH_MODULE_OPTIONS, AUTH_REPOSITORY } from \"../constants/tokens\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\n@Injectable()\nexport class JwtStrategy extends PassportStrategy(Strategy) {\n constructor(\n @Inject(AUTH_MODULE_OPTIONS)\n options: AuthModuleOptions,\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n ) {\n super({\n jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),\n ignoreExpiration: false,\n secretOrKey: options.secret,\n });\n }\n\n async validate(payload: AuthJwtPayload): Promise<AuthJwtPayload> {\n const account = await this.authRepository.findById(payload.sub);\n if (account == null || account.disabled) {\n throw new UnauthorizedException(\"Account not found or inactive\");\n }\n return payload;\n }\n}\n","import { DynamicModule, Module, Provider } from \"@nestjs/common\";\nimport { JwtModule, type JwtModuleOptions } from \"@nestjs/jwt\";\nimport { PassportModule } from \"@nestjs/passport\";\n\nimport { AuthController } from \"./controllers/auth.controller\";\nimport { AUTH_HOOKS, AUTH_MODULE_OPTIONS } from \"./constants/tokens\";\nimport { DefaultAuthHooks } from \"./hooks/default-auth.hooks\";\nimport type {\n AuthModuleAsyncOptions,\n AuthModuleOptions,\n} from \"./interfaces/auth-config.interface\";\nimport { AuthService } from \"./services/auth.service\";\nimport { TokenService } from \"./services/token.service\";\nimport { JwtAuthGuard } from \"./guards/jwt-auth.guard\";\nimport { JwtStrategy } from \"./strategies/jwt.strategy\";\n\ntype ModuleImports = NonNullable<DynamicModule[\"imports\"]>;\n\nfunction createAuthProviders(options: AuthModuleOptions): Provider[] {\n return [\n {\n provide: AUTH_MODULE_OPTIONS,\n useValue: options,\n },\n {\n provide: AUTH_HOOKS,\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) => {\n const HooksClass = opts.hooks ?? DefaultAuthHooks;\n return new HooksClass();\n },\n },\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ];\n}\n\nfunction createAuthImports(): ModuleImports {\n return [\n PassportModule.register({ defaultStrategy: \"jwt\" }),\n JwtModule.registerAsync({\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) =>\n ({\n secret: opts.secret,\n signOptions: { expiresIn: opts.expiresIn ?? \"1h\" },\n }) as JwtModuleOptions,\n }),\n ];\n}\n\nfunction mergeImports(userImports?: unknown): ModuleImports {\n const merged: ModuleImports = [...createAuthImports()];\n if (userImports != null) {\n merged.unshift(...(userImports as ModuleImports));\n }\n return merged;\n}\n\n@Module({})\nexport class AuthModule {\n static forRoot(options: AuthModuleOptions): DynamicModule {\n return {\n module: AuthModule,\n global: true,\n imports: createAuthImports(),\n controllers: [AuthController],\n providers: createAuthProviders(options),\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n\n static forRootAsync(options: AuthModuleAsyncOptions): DynamicModule {\n return {\n module: AuthModule,\n global: true,\n imports: mergeImports(options.imports),\n controllers: [AuthController],\n providers: [\n {\n provide: AUTH_MODULE_OPTIONS,\n inject: (options.inject ?? []) as never[],\n useFactory: options.useFactory,\n },\n {\n provide: AUTH_HOOKS,\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) => {\n const HooksClass = opts.hooks ?? DefaultAuthHooks;\n return new HooksClass();\n },\n },\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ],\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n}\n","export class AuthTokensDto {\n accessToken!: string;\n refreshToken!: string;\n}\n","import { IsEmail } from \"class-validator\";\n\nexport class ForgotPasswordDto {\n @IsEmail()\n email!: string;\n}\n","import { IsNotEmpty, IsOptional, IsString, Length } from \"class-validator\";\n\nexport class LoginDto {\n @IsOptional()\n @IsString()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class RefreshTokenDto {\n @IsString()\n @IsNotEmpty()\n refreshToken!: string;\n}\n","export class RegisterAckDto {\n registered!: true;\n}\n","import { IsNotEmpty, IsOptional, IsString, Length, Matches } from \"class-validator\";\n\nexport class RegisterDto {\n @IsOptional()\n @IsString()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n @Matches(/^[a-zA-Z0-9._-]+$/)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString, Length } from \"class-validator\";\n\nexport class ResetPasswordDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n newPassword!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class VerifyEmailDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n}\n"]}
|
package/dist/mongo/index.cjs
CHANGED
|
@@ -16,8 +16,8 @@ var __decorateClass = (decorators, target, key, kind) => {
|
|
|
16
16
|
};
|
|
17
17
|
|
|
18
18
|
// src/constants/tokens.ts
|
|
19
|
-
var AUTH_MODULE_OPTIONS =
|
|
20
|
-
var AUTH_REPOSITORY =
|
|
19
|
+
var AUTH_MODULE_OPTIONS = "AUTH_MODULE_OPTIONS";
|
|
20
|
+
var AUTH_REPOSITORY = "AUTH_REPOSITORY";
|
|
21
21
|
|
|
22
22
|
// src/utils/identifier.util.ts
|
|
23
23
|
function normalizeIdentifier(value) {
|
|
@@ -165,16 +165,16 @@ var BASE_AUTH_ACCOUNT_MODEL = "AuthAccount";
|
|
|
165
165
|
exports.BaseAuthAccountSchema = class BaseAuthAccountSchema {
|
|
166
166
|
};
|
|
167
167
|
__decorateClass([
|
|
168
|
-
mongoose.Prop({ required: false, trim: true, lowercase: true
|
|
168
|
+
mongoose.Prop({ type: String, required: false, trim: true, lowercase: true })
|
|
169
169
|
], exports.BaseAuthAccountSchema.prototype, "email", 2);
|
|
170
170
|
__decorateClass([
|
|
171
|
-
mongoose.Prop({ required: false, trim: true, lowercase: true
|
|
171
|
+
mongoose.Prop({ type: String, required: false, trim: true, lowercase: true })
|
|
172
172
|
], exports.BaseAuthAccountSchema.prototype, "username", 2);
|
|
173
173
|
__decorateClass([
|
|
174
|
-
mongoose.Prop({ required: true, select: false })
|
|
174
|
+
mongoose.Prop({ type: String, required: true, select: false })
|
|
175
175
|
], exports.BaseAuthAccountSchema.prototype, "passwordHash", 2);
|
|
176
176
|
__decorateClass([
|
|
177
|
-
mongoose.Prop({ required: false, select: false })
|
|
177
|
+
mongoose.Prop({ type: String, required: false, select: false, default: null })
|
|
178
178
|
], exports.BaseAuthAccountSchema.prototype, "refreshTokenHash", 2);
|
|
179
179
|
__decorateClass([
|
|
180
180
|
mongoose.Prop({ type: Boolean, default: false })
|
|
@@ -183,16 +183,16 @@ __decorateClass([
|
|
|
183
183
|
mongoose.Prop({ type: Boolean, default: false })
|
|
184
184
|
], exports.BaseAuthAccountSchema.prototype, "disabled", 2);
|
|
185
185
|
__decorateClass([
|
|
186
|
-
mongoose.Prop({ required: false, select: false })
|
|
186
|
+
mongoose.Prop({ type: String, required: false, select: false })
|
|
187
187
|
], exports.BaseAuthAccountSchema.prototype, "emailVerificationTokenHash", 2);
|
|
188
188
|
__decorateClass([
|
|
189
|
-
mongoose.Prop({ required: false })
|
|
189
|
+
mongoose.Prop({ type: Date, required: false })
|
|
190
190
|
], exports.BaseAuthAccountSchema.prototype, "emailVerificationExpiresAt", 2);
|
|
191
191
|
__decorateClass([
|
|
192
|
-
mongoose.Prop({ required: false, select: false })
|
|
192
|
+
mongoose.Prop({ type: String, required: false, select: false })
|
|
193
193
|
], exports.BaseAuthAccountSchema.prototype, "resetTokenHash", 2);
|
|
194
194
|
__decorateClass([
|
|
195
|
-
mongoose.Prop({ required: false })
|
|
195
|
+
mongoose.Prop({ type: Date, required: false })
|
|
196
196
|
], exports.BaseAuthAccountSchema.prototype, "resetTokenExpiresAt", 2);
|
|
197
197
|
exports.BaseAuthAccountSchema = __decorateClass([
|
|
198
198
|
mongoose.Schema({
|