@arcblock/did-connect-service 4.0.5 → 4.0.6

package/dist/handler.js

@@ -1,591 +0,0 @@
-/**
- * Auth — Core auth handler for Cloudflare Workers.
- *
- * Routes (prefix-stripped, under /.well-known/service/api/passkey):
- *   GET  /register  — Generate registration challenge options
- *   POST /register  — Verify registration credential, create user, issue JWT
- *   GET  /auth      — Generate authentication challenge options
- *   POST /auth      — Verify authentication credential, issue JWT
- *
- * Session and logout are handled by auth-handler at /did/session and /did/logout.
- */
-import { deriveAccessKeyId, isAccessKeyToken } from "./access/access-key-util.js";
-import { LOGIN_PROVIDER } from "./constants.js";
-import { derivePasskeyDID } from "./identity/passkey-did.js";
-import { signJWT, verifyJWT } from "./identity/jwt.js";
-import { renderLoginPage } from "./pages/login-page.js";
-import { generateChallengeOptions, verifyAuthentication, verifyRegistration } from "./identity/webauthn.js";
-const DEFAULT_COOKIE_NAME = "login_token";
-const DEFAULT_EXPIRES_IN = 7 * 24 * 60 * 60; // 7 days
-const MAX_NAME_LENGTH = 64;
-/** Sanitize and validate user-provided name. */
-function sanitizeName(raw) {
-    if (!raw)
-        return undefined;
-    // Strip control chars (C0 range + DEL), trim, limit length
-    let clean = "";
-    for (const ch of raw) {
-        const code = ch.charCodeAt(0);
-        if (code >= 0x20 && code !== 0x7f)
-            clean += ch;
-    }
-    clean = clean.trim().slice(0, MAX_NAME_LENGTH);
-    return clean || undefined;
-}
-function jsonResponse(data, status = 200, headers) {
-    return new Response(JSON.stringify(data), {
-        status,
-        headers: {
-            "Content-Type": "application/json",
-            "Cache-Control": "private, no-store",
-            ...headers,
-        },
-    });
-}
-function errorResponse(message, status = 400) {
-    return jsonResponse({ error: message }, status);
-}
-/**
- * Extract Bearer token from Authorization header and resolve access key caller.
- * Returns null if no access key token or if validation fails.
- */
-export async function resolveAccessKeyCaller(request, store, instanceDid) {
-    const authHeader = request.headers.get("Authorization");
-    if (!authHeader)
-        return null;
-    const token = authHeader.replace(/^Bearer\s+/i, "").trim();
-    if (!isAccessKeyToken(token))
-        return null;
-    const accessKeyId = deriveAccessKeyId(token);
-    if (!accessKeyId)
-        return null;
-    const key = await store.getAccessKeyById(accessKeyId);
-    if (!key)
-        return null;
-    // Check expiration
-    if (key.expireAt && new Date(key.expireAt) < new Date())
-        return null;
-    // Instance ownership check (D7): instance-scoped key must match instanceDid
-    if (instanceDid && key.instanceDid && key.instanceDid !== instanceDid) {
-        return null; // key belongs to a different instance
-    }
-    // Check creator exists and is not blocked
-    const creator = await store.getUserByDid(key.createdBy);
-    if (!creator)
-        return null;
-    // Fire-and-forget: update lastUsedAt
-    store.refreshAccessKeyLastUsed(accessKeyId).catch(() => { });
-    return {
-        did: creator.did,
-        pk: creator.pk,
-        role: key.role,
-        displayName: creator.fullName ?? undefined,
-        blocked: !creator.approved,
-        accessKeyId,
-    };
-}
-export class Auth {
-    store;
-    jwtSecret;
-    rpName;
-    rpID;
-    jwtExpiresIn;
-    cookieName;
-    constructor(options) {
-        this.store = options.store;
-        this.jwtSecret = options.jwtSecret;
-        this.rpName = options.rpName;
-        this.rpID = options.rpID;
-        this.jwtExpiresIn = options.jwtExpiresIn ?? DEFAULT_EXPIRES_IN;
-        this.cookieName = options.cookieName ?? DEFAULT_COOKIE_NAME;
-    }
-    /** Expose the store for sharing with TeamHandler. */
-    getStore() {
-        return this.store;
-    }
-    /**
-     * Handle auth API requests. Expects the prefix to be already stripped —
-     * internally matches /register (GET/POST) and /auth (GET/POST).
-     */
-    async fetch(request) {
-        const url = new URL(request.url);
-        // Strip the well-known prefix to get internal route
-        const path = url.pathname.replace("/.well-known/service/api/passkey", "");
-        if (path === "/register" && request.method === "GET") {
-            return this.handleRegisterRequest(request);
-        }
-        if (path === "/register" && request.method === "POST") {
-            return this.handleRegisterResponse(request);
-        }
-        if (path === "/auth" && request.method === "GET") {
-            return this.handleAuthRequest(request);
-        }
-        if (path === "/auth" && request.method === "POST") {
-            return this.handleAuthResponse(request);
-        }
-        return errorResponse("Not found", 404);
-    }
-    /** Verify JWT from cookie — hot path, pure crypto, no D1. */
-    async verify(request) {
-        const cookie = request.headers.get("Cookie");
-        if (!cookie)
-            return null;
-        const token = this.extractCookie(cookie);
-        if (!token)
-            return null;
-        const payload = await verifyJWT(token, this.jwtSecret);
-        if (!payload || !payload.did || !payload.pk)
-            return null;
-        return {
-            did: payload.did,
-            pk: payload.pk,
-            displayName: payload.displayName,
-        };
-    }
-    /**
-     * Full verification: access key (Bearer) first, then JWT + DB check.
-     * Returns null if neither auth method succeeds, or if user is blocked/deleted.
-     */
-    async verifyFull(request) {
-        // Try access key auth first
-        const akCaller = await this.verifyAccessKey(request);
-        if (akCaller)
-            return akCaller;
-        // Fall back to JWT auth
-        const caller = await this.verify(request);
-        if (!caller)
-            return null;
-        const user = await this.store.getUserByDid(caller.did);
-        if (!user || !user.approved)
-            return null;
-        return {
-            ...caller,
-            displayName: user.fullName ?? caller.displayName,
-            role: user.role ?? "guest",
-        };
-    }
-    /**
-     * Verify access key from Authorization: Bearer header.
-     * Returns CallerIdentity with the key's role, or null.
-     */
-    async verifyAccessKey(request) {
-        const resolved = await resolveAccessKeyCaller(request, this.store);
-        if (!resolved || resolved.blocked)
-            return null;
-        return {
-            did: resolved.did,
-            pk: resolved.pk,
-            displayName: resolved.displayName,
-            role: resolved.role,
-        };
-    }
-    /** Return the login page HTML, filtering methods by builtin-providers settings. */
-    async getLoginPage(instanceDid, overrides) {
-        // Read builtin-providers config to filter methods
-        let methods = overrides?.methods;
-        if (instanceDid) {
-            try {
-                const raw = await this.store.getSetting(instanceDid, "auth:builtin-providers");
-                if (raw) {
-                    const config = JSON.parse(raw);
-                    // Build methods based on what's enabled, keeping existing order
-                    const methodMap = { passkey: "passkey", "did-connect": "wallet", email: "email" };
-                    if (methods) {
-                        methods = methods.filter((m) => {
-                            const configKey = methodMap[m];
-                            if (!configKey)
-                                return true; // oauth and unknown methods pass through
-                            const entry = config[configKey];
-                            return !entry || entry.enabled !== false;
-                        });
-                    }
-                }
-            }
-            catch {
-                // On error, keep all methods enabled (safe degradation)
-            }
-        }
-        // Read branding data (name + logo) from D1
-        let appName = this.rpName;
-        let appLogo;
-        if (instanceDid) {
-            try {
-                const [brandingRaw, logosRaw] = await Promise.all([
-                    this.store.getSetting(instanceDid, "app:branding"),
-                    this.store.getSetting(instanceDid, "app:logos"),
-                ]);
-                if (brandingRaw) {
-                    const branding = JSON.parse(brandingRaw);
-                    if (branding.name)
-                        appName = branding.name;
-                }
-                if (logosRaw) {
-                    const logos = JSON.parse(logosRaw);
-                    if (logos.square)
-                        appLogo = "/.well-known/service/blocklet/logo";
-                }
-            }
-            catch {
-                // On error, use defaults
-            }
-        }
-        const html = renderLoginPage({
-            apiPrefix: "/.well-known/service/api/did",
-            appName,
-            appLogo,
-            methods,
-            oauthProviders: overrides?.oauthProviders,
-        });
-        return new Response(html, {
-            headers: {
-                "Content-Type": "text/html; charset=utf-8",
-                "Cache-Control": "private, no-store",
-            },
-        });
-    }
-    // ─── Internal route handlers ────────────────────────────────────────
-    /** GET /register — Generate registration challenge options.
-     *  Always returns options (even when registration is gated) because:
-     *  - Re-registration of existing passkeys bypasses the gate
-     *  - The registrationAllowed flag lets the client show/hide UI
-     *  - The actual gate is enforced at POST /register time */
-    async handleRegisterRequest(request) {
-        const rpID = this.getRPID(request);
-        const challengeId = crypto.randomUUID();
-        const challenge = crypto.randomUUID();
-        const url = new URL(request.url);
-        const userName = sanitizeName(url.searchParams.get("name") ?? undefined);
-        const invitationId = url.searchParams.get("invitationId") ?? undefined;
-        const registrationAllowed = await this.checkRegistrationEligibility(invitationId);
-        await this.store.saveChallenge(challengeId, challenge, invitationId);
-        this.store.purgeExpiredChallenges().catch(() => { });
-        const options = await generateChallengeOptions({
-            rpID,
-            rpName: this.rpName,
-            challenge,
-            userName,
-        });
-        return jsonResponse({
-            challengeId,
-            registration: options.registration,
-            registrationAllowed,
-        });
-    }
-    /** POST /register — Verify registration credential, create user, issue JWT. */
-    async handleRegisterResponse(request) {
-        const body = (await request.json());
-        const { challengeId, credential } = body;
-        if (!challengeId || !credential) {
-            return errorResponse("Missing required fields");
-        }
-        const userName = sanitizeName(body.name);
-        const stored = await this.store.getChallenge(challengeId);
-        if (!stored) {
-            return errorResponse("Invalid or expired challenge");
-        }
-        await this.store.deleteChallenge(challengeId);
-        const { challenge, invitationId } = stored;
-        const rpID = this.getRPID(request);
-        const requestUrl = new URL(request.url);
-        const origin = request.headers.get("Origin") || requestUrl.origin;
-        const ip = request.headers.get("CF-Connecting-IP") ?? undefined;
-        const hostname = requestUrl.hostname;
-        const cookieDomain = this.rpID ? rpID : undefined;
-        const ctx = {
-            expectedChallenge: challenge,
-            expectedOrigin: origin,
-            expectedRPID: rpID,
-            ip,
-            hostname,
-            cookieDomain,
-            request,
-        };
-        try {
-            return await this.handleRegistrationVerify(credential, ctx, userName, invitationId ?? undefined);
-        }
-        catch (err) {
-            const message = err instanceof Error ? err.message : "Registration verification failed";
-            return errorResponse(message);
-        }
-    }
-    /** GET /auth — Generate authentication challenge options. */
-    async handleAuthRequest(request) {
-        const rpID = this.getRPID(request);
-        const challengeId = crypto.randomUUID();
-        const challenge = crypto.randomUUID();
-        await this.store.saveChallenge(challengeId, challenge);
-        this.store.purgeExpiredChallenges().catch(() => { });
-        const options = await generateChallengeOptions({
-            rpID,
-            rpName: this.rpName,
-            challenge,
-        });
-        return jsonResponse({
-            challengeId,
-            authentication: options.authentication,
-        });
-    }
-    /** POST /auth — Verify authentication credential, issue JWT. */
-    async handleAuthResponse(request) {
-        const body = (await request.json());
-        const { challengeId, credential } = body;
-        if (!challengeId || !credential) {
-            return errorResponse("Missing required fields");
-        }
-        const stored = await this.store.getChallenge(challengeId);
-        if (!stored) {
-            return errorResponse("Invalid or expired challenge");
-        }
-        await this.store.deleteChallenge(challengeId);
-        const { challenge } = stored;
-        const rpID = this.getRPID(request);
-        const requestUrl = new URL(request.url);
-        const origin = request.headers.get("Origin") || requestUrl.origin;
-        const ip = request.headers.get("CF-Connecting-IP") ?? undefined;
-        const hostname = requestUrl.hostname;
-        const cookieDomain = this.rpID ? rpID : undefined;
-        const ctx = {
-            expectedChallenge: challenge,
-            expectedOrigin: origin,
-            expectedRPID: rpID,
-            ip,
-            hostname,
-            cookieDomain,
-            request,
-        };
-        try {
-            return await this.handleAuthenticationVerify(credential, ctx);
-        }
-        catch (err) {
-            const message = err instanceof Error ? err.message : "Authentication verification failed";
-            return errorResponse(message);
-        }
-    }
-    async handleRegistrationVerify(credential, ctx, userName, invitationId) {
-        const { expectedChallenge, expectedOrigin, expectedRPID, ip, hostname, cookieDomain, request } = ctx;
-        const verification = await verifyRegistration({
-            response: credential,
-            expectedChallenge,
-            expectedOrigin,
-            expectedRPID,
-        });
-        if (!verification.verified || !verification.registrationInfo) {
-            return errorResponse("Registration verification failed");
-        }
-        const { credential: regCredential, credentialDeviceType, credentialBackedUp, } = verification.registrationInfo;
-        const publicKeyBytes = regCredential.publicKey;
-        const credentialId = regCredential.id;
-        // Derive DID from passkey public key
-        const passkeyDid = derivePasskeyDID(publicKeyBytes);
-        const pkBase64 = uint8ArrayToBase64(publicKeyBytes);
-        // Check if this passkey already exists (re-registration)
-        const existing = await this.store.getConnectedAccountByDid(passkeyDid);
-        if (existing) {
-            // Treat as login for existing passkey
-            await this.store.updateLastLogin(existing.userDid, ip, hostname);
-            const user = await this.store.getUserByDid(existing.userDid);
-            // Audit log: re-registration login
-            await this.store.createAuditLog({
-                action: "user.login",
-                operatorDid: existing.userDid,
-                metadata: { source: "passkey", type: "re-registration", domain: hostname },
-                ip,
-            });
-            return this.issueJWT(existing.userDid, existing.pk ?? pkBase64, user?.fullName ?? undefined, user?.role ?? undefined, cookieDomain, request);
-        }
-        // Server-side registration gate (L2 defense)
-        const eligible = await this.checkRegistrationEligibility(invitationId);
-        if (!eligible) {
-            await this.store.createAuditLog({
-                action: "user.register_blocked",
-                operatorDid: passkeyDid,
-                metadata: {
-                    source: "passkey",
-                    reason: "registration_closed",
-                    invitationId: invitationId ?? null,
-                    domain: hostname,
-                },
-                ip,
-            });
-            return errorResponse("Registration is not allowed. An invitation is required.", 403);
-        }
-        // New registration: user DID = first passkey DID
-        const userDid = passkeyDid;
-        await this.store.createUser({
-            did: userDid,
-            pk: pkBase64,
-            fullName: userName,
-            sourceProvider: LOGIN_PROVIDER.PASSKEY,
-            ip,
-            domain: hostname,
-        });
-        const transports = credential?.response
-            ?.transports;
-        await this.store.createConnectedAccount({
-            did: passkeyDid,
-            pk: pkBase64,
-            userDid,
-            provider: "passkey",
-            id: credentialId,
-            extra: JSON.stringify({
-                transports,
-                rpID: expectedRPID,
-                credentialDeviceType,
-                credentialBackedUp,
-            }),
-            userInfo: JSON.stringify({ name: userName || "Passkey User" }),
-            ip,
-        });
-        await this.store.incrementPasskeyCount(userDid);
-        // First-user-is-owner: check if this is the only user
-        const userCount = await this.store.getUserCount();
-        let role;
-        if (userCount === 1) {
-            await this.store.updateUserRole(userDid, "owner");
-            role = "owner";
-        }
-        // Audit log: new registration
-        await this.store.createAuditLog({
-            action: "user.register",
-            operatorDid: userDid,
-            metadata: { role: role ?? "guest", source: "passkey", domain: hostname },
-            ip,
-        });
-        return this.issueJWT(userDid, pkBase64, userName, role, cookieDomain, request);
-    }
-    async handleAuthenticationVerify(credential, ctx) {
-        const { expectedChallenge, expectedOrigin, expectedRPID, ip, hostname, cookieDomain, request } = ctx;
-        const credentialData = credential;
-        const credentialId = credentialData.id;
-        // Look up stored passkey by credential ID
-        const stored = await this.store.getConnectedAccountById(credentialId);
-        if (!stored || !stored.extra) {
-            return errorResponse("Unknown credential");
-        }
-        const extra = JSON.parse(stored.extra);
-        // Reconstruct public key from base64
-        const publicKey = base64ToUint8Array(stored.pk ?? "");
-        const verification = await verifyAuthentication({
-            response: credential,
-            expectedChallenge,
-            expectedOrigin,
-            expectedRPID,
-            credential: {
-                id: credentialId,
-                publicKey,
-                counter: stored.counter,
-                transports: extra.transports,
-            },
-        });
-        if (!verification.verified) {
-            return errorResponse("Authentication verification failed");
-        }
-        // Update counter and last login
-        await this.store.updateCounter(stored.did, verification.authenticationInfo.newCounter);
-        await this.store.updateLastLogin(stored.userDid, ip, hostname);
-        const user = await this.store.getUserByDid(stored.userDid);
-        // Audit log: login
-        await this.store.createAuditLog({
-            action: "user.login",
-            operatorDid: stored.userDid,
-            metadata: { source: "passkey", domain: hostname },
-            ip,
-        });
-        return this.issueJWT(stored.userDid, stored.pk ?? "", user?.fullName ?? undefined, user?.role ?? undefined, cookieDomain, request);
-    }
-    /** Clear auth cookie. GET → redirect to /, POST → JSON response. */
-    logout(request) {
-        const cookieDomain = this.rpID ? this.getRPID(request) : undefined;
-        const isSecure = new URL(request.url).protocol === "https:";
-        const securePart = isSecure ? " Secure;" : "";
-        let clearCookie = `${this.cookieName}=; Path=/; HttpOnly;${securePart} SameSite=Lax; Max-Age=0`;
-        if (cookieDomain?.includes("."))
-            clearCookie += `; Domain=${cookieDomain}`;
-        if (request.method === "GET") {
-            return new Response('<html><head><meta http-equiv="refresh" content="0;url=/"></head></html>', {
-                headers: {
-                    "Set-Cookie": clearCookie,
-                    "Content-Type": "text/html; charset=utf-8",
-                },
-            });
-        }
-        return jsonResponse({ ok: true }, 200, { "Set-Cookie": clearCookie });
-    }
-    // ─── Registration eligibility ──────────────────────────────────────
-    /**
-     * Determine if passkey registration should be allowed.
-     *
-     * Returns true if ANY of:
-     *   1. No users exist (first user becomes owner)
-     *   2. Default access policy is "public"
-     *   3. A valid invitation is presented
-     */
-    async checkRegistrationEligibility(invitationId) {
-        const userCount = await this.store.getUserCount();
-        if (userCount === 0)
-            return true;
-        const isOpen = await this.store.isRegistrationOpen();
-        if (isOpen)
-            return true;
-        if (invitationId) {
-            const invitation = await this.store.getInvitation(invitationId);
-            if (invitation &&
-                invitation.status === "active" &&
-                new Date(invitation.expireAt) > new Date() &&
-                invitation.useCount < invitation.maxUses) {
-                return true;
-            }
-        }
-        return false;
-    }
-    // ─── Helpers ────────────────────────────────────────────────────────
-    async issueJWT(did, pk, displayName, role, cookieDomain, request) {
-        const payload = { did, pk };
-        if (displayName)
-            payload.displayName = displayName;
-        if (role)
-            payload.role = role;
-        const token = await signJWT(payload, this.jwtSecret, this.jwtExpiresIn);
-        const maxAge = this.jwtExpiresIn;
-        const isSecure = !request || new URL(request.url).protocol === "https:";
-        const securePart = isSecure ? " Secure;" : "";
-        let cookie = `${this.cookieName}=${token}; Path=/; HttpOnly;${securePart} SameSite=Lax; Max-Age=${maxAge}`;
-        if (cookieDomain?.includes("."))
-            cookie += `; Domain=${cookieDomain}`;
-        return jsonResponse({ ok: true, did }, 200, { "Set-Cookie": cookie });
-    }
-    getRPID(request) {
-        if (typeof this.rpID === "function")
-            return this.rpID(request);
-        if (this.rpID)
-            return this.rpID;
-        return new URL(request.url).hostname;
-    }
-    extractCookie(cookieHeader) {
-        const prefix = `${this.cookieName}=`;
-        const cookies = cookieHeader.split(";");
-        for (const cookie of cookies) {
-            const trimmed = cookie.trim();
-            if (trimmed.startsWith(prefix)) {
-                return trimmed.slice(prefix.length);
-            }
-        }
-        return null;
-    }
-}
-function uint8ArrayToBase64(bytes) {
-    let binary = "";
-    for (let i = 0; i < bytes.length; i++) {
-        binary += String.fromCharCode(bytes[i]);
-    }
-    return btoa(binary);
-}
-function base64ToUint8Array(base64) {
-    const binary = atob(base64);
-    const bytes = new Uint8Array(binary.length);
-    for (let i = 0; i < binary.length; i++) {
-        bytes[i] = binary.charCodeAt(i);
-    }
-    return bytes;
-}
-//# sourceMappingURL=handler.js.map

package/dist/handler.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"handler.js","sourceRoot":"","sources":["../src/handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAClF,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAGxD,OAAO,EAAE,wBAAwB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAE5G,MAAM,mBAAmB,GAAG,aAAa,CAAC;AAC1C,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,SAAS;AACtD,MAAM,eAAe,GAAG,EAAE,CAAC;AAa3B,gDAAgD;AAChD,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,2DAA2D;IAC3D,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC9B,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,KAAK,IAAI;YAAE,KAAK,IAAI,EAAE,CAAC;IACjD,CAAC;IACD,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;IAC/C,OAAO,KAAK,IAAI,SAAS,CAAC;AAC5B,CAAC;AAED,SAAS,YAAY,CAAC,IAAa,EAAE,MAAM,GAAG,GAAG,EAAE,OAAgC;IACjF,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,eAAe,EAAE,mBAAmB;YACpC,GAAG,OAAO;SACX;KACF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa,CAAC,OAAe,EAAE,MAAM,GAAG,GAAG;IAClD,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAgB,EAChB,KAAc,EACd,WAAoB;IASpB,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACxD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAE7B,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC3D,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1C,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC7C,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;IACtD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,mBAAmB;IACnB,IAAI,GAAG,CAAC,QAAQ,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IAErE,4EAA4E;IAC5E,IAAI,WAAW,IAAI,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC,CAAC,sCAAsC;IACrD,CAAC;IAED,0CAA0C;IAC1C,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACxD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,qCAAqC;IACrC,KAAK,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAE5D,OAAO;QACL,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,WAAW,EAAE,OAAO,CAAC,QAAQ,IAAI,SAAS;QAC1C,OAAO,EAAE,CAAC,OAAO,CAAC,QAAQ;QAC1B,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,IAAI;IACP,KAAK,CAAU;IACf,SAAS,CAAS;IAClB,MAAM,CAAS;IACf,IAAI,CAA2C;IAC/C,YAAY,CAAS;IACrB,UAAU,CAAS;IAE3B,YAAY,OAAoB;QAC9B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,kBAAkB,CAAC;QAC/D,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,mBAAmB,CAAC;IAC9D,CAAC;IAED,qDAAqD;IACrD,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CAAC,OAAgB;QAC1B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,oDAAoD;QACpD,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,kCAAkC,EAAE,EAAE,CAAC,CAAC;QAE1E,IAAI,IAAI,KAAK,WAAW,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACrD,OAAO,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,IAAI,KAAK,WAAW,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,IAAI,KAAK,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,KAAK,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAClD,OAAO,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC1C,CAAC;QAED,OAAO,aAAa,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,6DAA6D;IAC7D,KAAK,CAAC,MAAM,CAAC,OAAgB;QAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAEzD,OAAO;YACL,GAAG,EAAE,OAAO,CAAC,GAAa;YAC1B,EAAE,EAAE,OAAO,CAAC,EAAY;YACxB,WAAW,EAAE,OAAO,CAAC,WAAiC;SACvD,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,OAAgB;QAC/B,4BAA4B;QAC5B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACrD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,wBAAwB;QACxB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACvD,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAEzC,OAAO;YACL,GAAG,MAAM;YACT,WAAW,EAAE,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,WAAW;YAChD,IAAI,EAAG,IAAI,CAAC,IAAa,IAAI,OAAO;SACrC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,OAAgB;QACpC,MAAM,QAAQ,GAAG,MAAM,sBAAsB,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE/C,OAAO;YACL,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,IAAI,EAAE,QAAQ,CAAC,IAAI;SACpB,CAAC;IACJ,CAAC;IAED,mFAAmF;IACnF,KAAK,CAAC,YAAY,CAAC,WAAoB,EAAE,SAA2F;QAClI,kDAAkD;QAClD,IAAI,OAAO,GAAG,SAAS,EAAE,OAAO,CAAC;QACjC,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,WAAW,EAAE,wBAAwB,CAAC,CAAC;gBAC/E,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA0C,CAAC;oBACxE,gEAAgE;oBAChE,MAAM,SAAS,GAA2B,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;oBAC1G,IAAI,OAAO,EAAE,CAAC;wBACZ,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;4BAC7B,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;4BAC/B,IAAI,CAAC,SAAS;gCAAE,OAAO,IAAI,CAAC,CAAC,yCAAyC;4BACtE,MAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;4BAChC,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,KAAK,CAAC;wBAC3C,CAAC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,wDAAwD;YAC1D,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1B,IAAI,OAA2B,CAAC;QAChC,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC;gBACH,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;oBAChD,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,WAAW,EAAE,cAAc,CAAC;oBAClD,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,WAAW,EAAE,WAAW,CAAC;iBAChD,CAAC,CAAC;gBACH,IAAI,WAAW,EAAE,CAAC;oBAChB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;oBACzC,IAAI,QAAQ,CAAC,IAAI;wBAAE,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC;gBAC7C,CAAC;gBACD,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBACnC,IAAI,KAAK,CAAC,MAAM;wBAAE,OAAO,GAAG,oCAAoC,CAAC;gBACnE,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,yBAAyB;YAC3B,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAAG,eAAe,CAAC;YAC3B,SAAS,EAAE,8BAA8B;YACzC,OAAO;YACP,OAAO;YACP,OAAO;YACP,cAAc,EAAE,SAAS,EAAE,cAAc;SAC1C,CAAC,CAAC;QACH,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;YACxB,OAAO,EAAE;gBACP,cAAc,EAAE,0BAA0B;gBAC1C,eAAe,EAAE,mBAAmB;aACrC;SACF,CAAC,CAAC;IACL,CAAC;IAED,uEAAuE;IAEvE;;;;+DAI2D;IACnD,KAAK,CAAC,qBAAqB,CAAC,OAAgB;QAClD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACxC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEtC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,CAAC;QACzE,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC;QAEvE,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,4BAA4B,CAAC,YAAY,CAAC,CAAC;QAElF,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,WAAW,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;QACrE,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAEpD,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC;YAC7C,IAAI;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS;YACT,QAAQ;SACT,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC;YAClB,WAAW;YACX,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,mBAAmB;SACpB,CAAC,CAAC;IACL,CAAC;IAED,+EAA+E;IACvE,KAAK,CAAC,sBAAsB,CAAC,OAAgB;QACnD,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAIjC,CAAC;QAEF,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC,WAAW,IAAI,CAAC,UAAU,EAAE,CAAC;YAChC,OAAO,aAAa,CAAC,yBAAyB,CAAC,CAAC;QAClD,CAAC;QACD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC1D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,aAAa,CAAC,8BAA8B,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAC9C,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;QAE3C,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC;QAClE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,SAAS,CAAC;QAChE,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;QACrC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAElD,MAAM,GAAG,GAAkB;YACzB,iBAAiB,EAAE,SAAS;YAC5B,cAAc,EAAE,MAAM;YACtB,YAAY,EAAE,IAAI;YAClB,EAAE;YACF,QAAQ;YACR,YAAY;YACZ,OAAO;SACR,CAAC;QAEF,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,wBAAwB,CACxC,UAAU,EACV,GAAG,EACH,QAAQ,EACR,YAAY,IAAI,SAAS,CAC1B,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,kCAAkC,CAAC;YACxF,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,6DAA6D;IACrD,KAAK,CAAC,iBAAiB,CAAC,OAAgB;QAC9C,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACxC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEtC,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAEpD,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC;YAC7C,IAAI;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS;SACV,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC;YAClB,WAAW;YACX,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC,CAAC;IACL,CAAC;IAED,gEAAgE;IACxD,KAAK,CAAC,kBAAkB,CAAC,OAAgB;QAC/C,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAGjC,CAAC;QAEF,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC,WAAW,IAAI,CAAC,UAAU,EAAE,CAAC;YAChC,OAAO,aAAa,CAAC,yBAAyB,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC1D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,aAAa,CAAC,8BAA8B,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAC9C,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;QAE7B,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC;QAClE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,SAAS,CAAC;QAChE,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;QACrC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAElD,MAAM,GAAG,GAAkB;YACzB,iBAAiB,EAAE,SAAS;YAC5B,cAAc,EAAE,MAAM;YACtB,YAAY,EAAE,IAAI;YAClB,EAAE;YACF,QAAQ;YACR,YAAY;YACZ,OAAO;SACR,CAAC;QAEF,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,0BAA0B,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,oCAAoC,CAAC;YAC1F,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,wBAAwB,CACpC,UAAmB,EACnB,GAAkB,EAClB,QAAiB,EACjB,YAAqB;QAErB,MAAM,EAAE,iBAAiB,EAAE,cAAc,EAAE,YAAY,EAAE,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;QAErG,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAAC;YAC5C,QAAQ,EAAE,UAAkE;YAC5E,iBAAiB;YACjB,cAAc;YACd,YAAY;SACb,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;YAC7D,OAAO,aAAa,CAAC,kCAAkC,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,EACJ,UAAU,EAAE,aAAa,EACzB,oBAAoB,EACpB,kBAAkB,GACnB,GAAG,YAAY,CAAC,gBAAgB,CAAC;QAClC,MAAM,cAAc,GAAG,aAAa,CAAC,SAAS,CAAC;QAC/C,MAAM,YAAY,GAAG,aAAa,CAAC,EAAE,CAAC;QAEtC,qCAAqC;QACrC,MAAM,UAAU,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;QACpD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,cAAc,CAAC,CAAC;QAEpD,yDAAyD;QACzD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC;QACvE,IAAI,QAAQ,EAAE,CAAC;YACb,sCAAsC;YACtC,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;YACjE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC7D,mCAAmC;YACnC,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC;gBAC9B,MAAM,EAAE,YAAY;gBACpB,WAAW,EAAE,QAAQ,CAAC,OAAO;gBAC7B,QAAQ,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC1E,EAAE;aACH,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,QAAQ,CAClB,QAAQ,CAAC,OAAO,EAChB,QAAQ,CAAC,EAAE,IAAI,QAAQ,EACvB,IAAI,EAAE,QAAQ,IAAI,SAAS,EAC1B,IAAI,EAAE,IAAa,IAAI,SAAS,EACjC,YAAY,EACZ,OAAO,CACR,CAAC;QACJ,CAAC;QAED,6CAA6C;QAC7C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,4BAA4B,CAAC,YAAY,CAAC,CAAC;QACvE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC;gBAC9B,MAAM,EAAE,uBAAuB;gBAC/B,WAAW,EAAE,UAAU;gBACvB,QAAQ,EAAE;oBACR,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,qBAAqB;oBAC7B,YAAY,EAAE,YAAY,IAAI,IAAI;oBAClC,MAAM,EAAE,QAAQ;iBACjB;gBACD,EAAE;aACH,CAAC,CAAC;YACH,OAAO,aAAa,CAAC,yDAAyD,EAAE,GAAG,CAAC,CAAC;QACvF,CAAC;QAED,iDAAiD;QACjD,MAAM,OAAO,GAAG,UAAU,CAAC;QAC3B,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;YAC1B,GAAG,EAAE,OAAO;YACZ,EAAE,EAAE,QAAQ;YACZ,QAAQ,EAAE,QAAQ;YAClB,cAAc,EAAE,cAAc,CAAC,OAAO;YACtC,EAAE;YACF,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAC;QAEH,MAAM,UAAU,GAAI,UAAuD,EAAE,QAAQ;YACnF,EAAE,UAAU,CAAC;QACf,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC;YACtC,GAAG,EAAE,UAAU;YACf,EAAE,EAAE,QAAQ;YACZ,OAAO;YACP,QAAQ,EAAE,SAAS;YACnB,EAAE,EAAE,YAAY;YAChB,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC;gBACpB,UAAU;gBACV,IAAI,EAAE,YAAY;gBAClB,oBAAoB;gBACpB,kBAAkB;aACnB,CAAC;YACF,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,IAAI,cAAc,EAAE,CAAC;YAC9D,EAAE;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAEhD,sDAAsD;QACtD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QAClD,IAAI,IAAsB,CAAC;QAC3B,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;YACpB,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAClD,IAAI,GAAG,OAAO,CAAC;QACjB,CAAC;QAED,8BAA8B;QAC9B,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC;YAC9B,MAAM,EAAE,eAAe;YACvB,WAAW,EAAE,OAAO;YACpB,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,IAAI,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE;YACxE,EAAE;SACH,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;IACjF,CAAC;IAEO,KAAK,CAAC,0BAA0B,CACtC,UAAmB,EACnB,GAAkB;QAElB,MAAM,EAAE,iBAAiB,EAAE,cAAc,EAAE,YAAY,EAAE,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;QACrG,MAAM,cAAc,GAAG,UAA4B,CAAC;QACpD,MAAM,YAAY,GAAG,cAAc,CAAC,EAAE,CAAC;QAEvC,0CAA0C;QAC1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,YAAY,CAAC,CAAC;QACtE,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAC7B,OAAO,aAAa,CAAC,oBAAoB,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAGpC,CAAC;QAEF,qCAAqC;QACrC,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtD,MAAM,YAAY,GAAG,MAAM,oBAAoB,CAAC;YAC9C,QAAQ,EAAE,UAAoE;YAC9E,iBAAiB;YACjB,cAAc;YACd,YAAY;YACZ,UAAU,EAAE;gBACV,EAAE,EAAE,YAAY;gBAChB,SAAS;gBACT,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,UAAU,EAAE,KAAK,CAAC,UAEc;aACjC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC3B,OAAO,aAAa,CAAC,oCAAoC,CAAC,CAAC;QAC7D,CAAC;QAED,gCAAgC;QAChC,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACvF,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC/D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAE3D,mBAAmB;QACnB,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC;YAC9B,MAAM,EAAE,YAAY;YACpB,WAAW,EAAE,MAAM,CAAC,OAAO;YAC3B,QAAQ,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE;YACjD,EAAE;SACH,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,QAAQ,CAClB,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,EAAE,IAAI,EAAE,EACf,IAAI,EAAE,QAAQ,IAAI,SAAS,EAC1B,IAAI,EAAE,IAAa,IAAI,SAAS,EACjC,YAAY,EACZ,OAAO,CACR,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,MAAM,CAAC,OAAgB;QACrB,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACnE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAC5D,MAAM,UAAU,GAAG,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9C,IAAI,WAAW,GAAG,GAAG,IAAI,CAAC,UAAU,uBAAuB,UAAU,0BAA0B,CAAC;QAChG,IAAI,YAAY,EAAE,QAAQ,CAAC,GAAG,CAAC;YAAE,WAAW,IAAI,YAAY,YAAY,EAAE,CAAC;QAC3E,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC7B,OAAO,IAAI,QAAQ,CACjB,yEAAyE,EACzE;gBACE,OAAO,EAAE;oBACP,YAAY,EAAE,WAAW;oBACzB,cAAc,EAAE,0BAA0B;iBAC3C;aACF,CACF,CAAC;QACJ,CAAC;QACD,OAAO,YAAY,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,sEAAsE;IAEtE;;;;;;;OAOG;IACK,KAAK,CAAC,4BAA4B,CAAC,YAAqB;QAC9D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QAClD,IAAI,SAAS,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC;QACrD,IAAI,MAAM;YAAE,OAAO,IAAI,CAAC;QAExB,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YAChE,IACE,UAAU;gBACV,UAAU,CAAC,MAAM,KAAK,QAAQ;gBAC9B,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,IAAI,IAAI,EAAE;gBAC1C,UAAU,CAAC,QAAQ,GAAG,UAAU,CAAC,OAAO,EACxC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uEAAuE;IAE/D,KAAK,CAAC,QAAQ,CACpB,GAAW,EACX,EAAU,EACV,WAAoB,EACpB,IAAW,EACX,YAAqB,EACrB,OAAiB;QAEjB,MAAM,OAAO,GAA4B,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC;QACrD,IAAI,WAAW;YAAE,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC;QACnD,IAAI,IAAI;YAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;QAC9B,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QACxE,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;QACjC,MAAM,QAAQ,GAAG,CAAC,OAAO,IAAI,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;QACxE,MAAM,UAAU,GAAG,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9C,IAAI,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,IAAI,KAAK,sBAAsB,UAAU,0BAA0B,MAAM,EAAE,CAAC;QAC3G,IAAI,YAAY,EAAE,QAAQ,CAAC,GAAG,CAAC;YAAE,MAAM,IAAI,YAAY,YAAY,EAAE,CAAC;QAEtE,OAAO,YAAY,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;IAEO,OAAO,CAAC,OAAgB;QAC9B,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UAAU;YAAE,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/D,IAAI,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC,IAAI,CAAC;QAChC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACvC,CAAC;IAEO,aAAa,CAAC,YAAoB;QACxC,MAAM,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,GAAG,CAAC;QACrC,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACxC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC/B,OAAO,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,SAAS,kBAAkB,CAAC,KAAiB;IAC3C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAc;IACxC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/identity/invitation-util.d.ts

@@ -1,7 +0,0 @@
-import type { D1Store } from "../store/d1-store.js";
-import type { Role } from "../types.js";
-export declare function processPendingInvitation(store: D1Store, userDid: string, invitationId: string | undefined, currentInstanceDid: string | undefined, ip?: string): Promise<{
-    role?: Role;
-    inviterDid?: string;
-} | undefined>;
-//# sourceMappingURL=invitation-util.d.ts.map

package/dist/identity/invitation-util.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"invitation-util.d.ts","sourceRoot":"","sources":["../../src/identity/invitation-util.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAExC,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,OAAO,EACd,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,kBAAkB,EAAE,MAAM,GAAG,SAAS,EACtC,EAAE,CAAC,EAAE,MAAM,GACV,OAAO,CAAC;IAAE,IAAI,CAAC,EAAE,IAAI,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CAiE3D"}