@arcblock/did-connect-service 4.0.5 → 4.0.7

package/dist/oauth-handler.js

@@ -1,423 +0,0 @@
-/**
- * OAuthHandler — OAuth login/bind/unbind for Cloudflare Workers.
- *
- * Supports pluggable adapters (Google, GitHub, Apple, etc.).
- * OAuth configs are stored in D1 settings table as `oauth:{provider}` JSON.
- *
- * Routes (under /.well-known/service):
- *   GET  /api/oauth/configs                — list configured providers
- *   GET  /api/oauth/:provider/login         — redirect to OAuth provider
- *   GET  /oauth/callback/:provider         — handle OAuth callback
- *   POST /oauth/callback/:provider         — handle Apple POST callback
- *   POST /api/oauth/login                  — API-based code exchange + login
- *   POST /api/oauth/bind                   — bind OAuth to existing account
- *   POST /api/oauth/unbind                 — unbind OAuth from account
- */
-import { deriveDID } from "./identity/federation.js";
-import { signJWT, verifyJWT } from "./identity/jwt.js";
-import { AppleAdapter } from "./oauth-adapters/apple.js";
-import { Auth0Adapter } from "./oauth-adapters/auth0.js";
-import { Auth0LegacyAdapter } from "./oauth-adapters/auth0-legacy.js";
-import { FacebookAdapter } from "./oauth-adapters/facebook.js";
-import { GitHubAdapter } from "./oauth-adapters/github.js";
-import { GoogleAdapter } from "./oauth-adapters/google.js";
-import { TwitterAdapter } from "./oauth-adapters/twitter.js";
-import { renderOAuthCallbackPage } from "./pages/oauth-callback-page.js";
-/** Map of provider name → adapter instance. */
-const ADAPTERS = {
-    google: new GoogleAdapter(),
-    github: new GitHubAdapter(),
-    apple: new AppleAdapter(),
-    twitter: new TwitterAdapter(),
-    facebook: new FacebookAdapter(),
-    auth0: new Auth0Adapter(),
-    "auth0-legacy": new Auth0LegacyAdapter(),
-};
-export class OAuthHandler {
-    options;
-    constructor(options) {
-        this.options = options;
-    }
-    /** Register additional adapters (for Phase 2e providers). */
-    static registerAdapter(adapter) {
-        ADAPTERS[adapter.name] = adapter;
-    }
-    /**
-     * Handle an incoming request. Returns Response if matched, null otherwise.
-     */
-    async fetch(request) {
-        const url = new URL(request.url);
-        const path = url.pathname;
-        const method = request.method;
-        // GET /api/oauth/configs
-        if (path === "/.well-known/service/api/oauth/configs" && method === "GET") {
-            return this.handleGetConfigs();
-        }
-        // GET /api/oauth/:provider/login
-        const loginMatch = path.match(/^\/\.well-known\/service\/api\/oauth\/([a-z0-9_-]+)\/login$/);
-        if (loginMatch && method === "GET") {
-            return this.handleLogin(request, loginMatch[1]);
-        }
-        // GET or POST /oauth/callback/:provider
-        const callbackMatch = path.match(/^\/\.well-known\/service\/oauth\/callback\/([a-z0-9_-]+)$/);
-        if (callbackMatch && (method === "GET" || method === "POST")) {
-            return this.handleCallback(request, callbackMatch[1]);
-        }
-        // POST /api/oauth/login
-        if (path === "/.well-known/service/api/oauth/login" && method === "POST") {
-            return this.handleApiLogin(request);
-        }
-        // POST /api/oauth/bind
-        if (path === "/.well-known/service/api/oauth/bind" && method === "POST") {
-            return this.handleBind(request);
-        }
-        // POST /api/oauth/unbind
-        if (path === "/.well-known/service/api/oauth/unbind" && method === "POST") {
-            return this.handleUnbind(request);
-        }
-        return null;
-    }
-    /** GET /api/oauth/configs — list enabled providers (public, no secrets). */
-    async handleGetConfigs() {
-        const configs = await this.loadAllConfigs();
-        const providers = Object.keys(configs)
-            .map((name) => {
-            const cfg = configs[name];
-            return {
-                name,
-                clientId: cfg.clientId ?? "",
-                enabled: cfg.enabled ?? true,
-                order: cfg.order ?? 999,
-            };
-        })
-            .filter((p) => p.enabled !== false)
-            .sort((a, b) => a.order - b.order)
-            .map(({ name, clientId }) => ({ name, clientId }));
-        return jsonResponse({ providers });
-    }
-    /** GET /api/oauth/:provider/login — redirect to OAuth authorization URL. */
-    async handleLogin(request, provider) {
-        const config = await this.loadProviderConfig(provider);
-        if (!config)
-            return jsonResponse({ error: `Provider "${provider}" not configured` }, 404);
-        const adapter = ADAPTERS[provider];
-        if (!adapter)
-            return jsonResponse({ error: `Provider "${provider}" not supported` }, 404);
-        const url = new URL(request.url);
-        const returnUrl = url.searchParams.get("returnUrl") || "/";
-        const redirectUri = this.getCallbackUrl(request, provider);
-        // Generate CSRF state and store in KV
-        const nonce = crypto.randomUUID();
-        const statePayload = { nonce, returnUrl, provider };
-        const stateStr = JSON.stringify(statePayload);
-        if (this.options.kv) {
-            await this.options.kv.put(`oauth-state:${nonce}`, stateStr, { expirationTtl: 600 });
-        }
-        const authUrl = adapter.getAuthorizationUrl({
-            config,
-            redirectUri,
-            state: stateStr,
-        });
-        // Render an intermediate page instead of a raw 302 redirect.
-        // This avoids the jarring blank-page flash in popup mode and gives
-        // the user a moment to see where they're being sent.
-        const providerName = provider.charAt(0).toUpperCase() + provider.slice(1);
-        const html = `<!DOCTYPE html>
-<html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
-<style>
-  body{margin:0;min-height:100vh;display:flex;align-items:center;justify-content:center;background:#0a0a0b;color:#f5f5f7;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;font-size:14px}
-  .wrap{text-align:center}
-  @keyframes spin{to{transform:rotate(360deg)}}
-  .spinner{display:inline-block;width:24px;height:24px;border:2.5px solid rgba(255,255,255,0.12);border-top-color:#9280ff;border-radius:50%;animation:spin .6s linear infinite;margin-bottom:16px}
-  p{color:#9394a1;margin:0}
-</style></head><body>
-  <div class="wrap">
-    <div class="spinner"></div>
-    <p>Redirecting to ${providerName}...</p>
-  </div>
-  <script>location.replace(${JSON.stringify(authUrl)});</script>
-</body></html>`;
-        return new Response(html, { headers: { "Content-Type": "text/html; charset=utf-8" } });
-    }
-    /** GET/POST /oauth/callback/:provider — handle OAuth callback. */
-    async handleCallback(request, provider) {
-        const url = new URL(request.url);
-        // For POST callbacks (Apple), read form body
-        let code;
-        let stateParam;
-        if (request.method === "POST") {
-            const formData = await request.formData();
-            code = formData.get("code");
-            stateParam = formData.get("state");
-        }
-        else {
-            code = url.searchParams.get("code");
-            stateParam = url.searchParams.get("state");
-        }
-        // Check for error response
-        const error = url.searchParams.get("error");
-        if (error) {
-            return renderCallbackError(url.origin, error);
-        }
-        if (!code || !stateParam) {
-            return renderCallbackError(url.origin, "Missing code or state");
-        }
-        // Validate CSRF state
-        let statePayload;
-        try {
-            statePayload = JSON.parse(stateParam);
-        }
-        catch {
-            return renderCallbackError(url.origin, "Invalid state");
-        }
-        if (this.options.kv) {
-            const stored = await this.options.kv.get(`oauth-state:${statePayload.nonce}`);
-            if (!stored) {
-                return renderCallbackError(url.origin, "Invalid or expired OAuth state");
-            }
-            await this.options.kv.delete(`oauth-state:${statePayload.nonce}`); // single-use
-        }
-        // Send callback page that posts back to opener
-        return new Response(renderOAuthCallbackPage(url.origin), {
-            headers: { "Content-Type": "text/html" },
-        });
-    }
-    /** POST /api/oauth/login — exchange code for JWT cookie. */
-    async handleApiLogin(request) {
-        const result = await this.exchangeOAuthCode(request);
-        if (result instanceof Response)
-            return result;
-        const { provider, profile, wallet } = result;
-        const userDid = wallet.address;
-        const userPk = wallet.publicKey;
-        // Create or update user
-        const { store } = this.options;
-        const existingUser = await store.getUserByDid(userDid);
-        const isNewUser = !existingUser;
-        if (isNewUser) {
-            await store.createUser({
-                did: userDid,
-                pk: userPk,
-                fullName: profile.name,
-                email: profile.email,
-                sourceProvider: provider,
-            });
-            const userCount = await store.getUserCount();
-            if (userCount === 1) {
-                await store.updateUserRole(userDid, "owner");
-            }
-        }
-        else {
-            await store.updateLastLogin(userDid);
-        }
-        // Upsert connected account
-        await store.upsertConnectedAccount({
-            did: userDid,
-            pk: userPk,
-            userDid,
-            provider,
-            id: profile.sub,
-            userInfo: JSON.stringify({
-                name: profile.name,
-                email: profile.email,
-                avatar: profile.avatar,
-            }),
-        });
-        // Audit log
-        await store.createAuditLog({
-            action: isNewUser ? "user.register" : "user.login",
-            operatorDid: userDid,
-            metadata: { provider },
-        });
-        // Sign JWT and set cookie
-        const user = await store.getUserByDid(userDid);
-        const payload = { did: userDid, pk: userPk };
-        if (user?.fullName)
-            payload.displayName = user.fullName;
-        if (user?.role)
-            payload.role = user.role;
-        const jwt = await signJWT(payload, this.options.jwtSecret, this.options.jwtExpiresIn);
-        let cookie = `${this.options.cookieName}=${jwt}; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=${this.options.jwtExpiresIn}`;
-        const cookieDomain = typeof this.options.rpID === "string" ? this.options.rpID : undefined;
-        if (cookieDomain?.includes("."))
-            cookie += `; Domain=${cookieDomain}`;
-        return new Response(JSON.stringify({ ok: true, did: userDid }), {
-            status: 200,
-            headers: {
-                "Content-Type": "application/json",
-                "Set-Cookie": cookie,
-                "Cache-Control": "private, no-store",
-            },
-        });
-    }
-    /** POST /api/oauth/bind — bind OAuth provider to current user. */
-    async handleBind(request) {
-        const caller = await this.verifyCaller(request);
-        if (!caller)
-            return jsonResponse({ error: "Authentication required" }, 401);
-        const result = await this.exchangeOAuthCode(request);
-        if (result instanceof Response)
-            return result;
-        const { provider, profile, wallet } = result;
-        await this.options.store.upsertConnectedAccount({
-            did: wallet.address,
-            pk: wallet.publicKey,
-            userDid: caller.did,
-            provider,
-            id: profile.sub,
-            userInfo: JSON.stringify({
-                name: profile.name,
-                email: profile.email,
-                avatar: profile.avatar,
-            }),
-        });
-        await this.options.store.createAuditLog({
-            action: "oauth.bind",
-            operatorDid: caller.did,
-            metadata: { provider },
-        });
-        return jsonResponse({ ok: true, provider });
-    }
-    /** POST /api/oauth/unbind — unbind OAuth provider from current user. */
-    async handleUnbind(request) {
-        const caller = await this.verifyCaller(request);
-        if (!caller)
-            return jsonResponse({ error: "Authentication required" }, 401);
-        let body;
-        try {
-            body = await request.json();
-        }
-        catch {
-            return jsonResponse({ error: "Invalid request body" }, 400);
-        }
-        const { provider } = body;
-        if (!provider)
-            return jsonResponse({ error: "Missing provider" }, 400);
-        // Prevent unbinding the user's registration provider
-        const user = await this.options.store.getUserByDid(caller.did);
-        if (user?.sourceProvider === provider) {
-            return jsonResponse({ error: "Cannot unbind your registration provider" }, 403);
-        }
-        const account = await this.options.store.getConnectedAccountByProviderAndUser(provider, caller.did);
-        if (!account)
-            return jsonResponse({ error: "Account not bound" }, 404);
-        await this.options.store.deleteConnectedAccount(account.did);
-        await this.options.store.createAuditLog({
-            action: "oauth.unbind",
-            operatorDid: caller.did,
-            metadata: { provider },
-        });
-        return jsonResponse({ ok: true, provider });
-    }
-    // ─── Helpers ─────────────────────────────────────────────────────────────
-    /**
-     * Parse request body, resolve provider config/adapter, and exchange OAuth code.
-     * Returns a Response on validation/exchange error, or the resolved result.
-     */
-    async exchangeOAuthCode(request) {
-        let body;
-        try {
-            body = await request.json();
-        }
-        catch {
-            return jsonResponse({ error: "Invalid request body" }, 400);
-        }
-        const { provider, code, redirectUri } = body;
-        if (!provider || !code) {
-            return jsonResponse({ error: "Missing provider or code" }, 400);
-        }
-        const config = await this.loadProviderConfig(provider);
-        if (!config)
-            return jsonResponse({ error: `Provider "${provider}" not configured` }, 404);
-        const adapter = ADAPTERS[provider];
-        if (!adapter)
-            return jsonResponse({ error: `Provider "${provider}" not supported` }, 404);
-        const callbackUrl = redirectUri || this.getCallbackUrl(request, provider);
-        let profile;
-        try {
-            profile = await adapter.exchangeCode({
-                config,
-                code,
-                redirectUri: callbackUrl,
-                kv: this.options.kv,
-            });
-        }
-        catch (err) {
-            const message = err instanceof Error ? err.message : "OAuth exchange failed";
-            return jsonResponse({ error: message }, 400);
-        }
-        const wallet = await deriveDID(profile.sub, {
-            appSk: this.options.appSk,
-            authMaster: this.options.authMaster,
-        });
-        return { provider, profile, wallet: { address: wallet.did, publicKey: wallet.pk } };
-    }
-    /** Resolve the instance DID to use for settings lookup. */
-    get instanceDid() {
-        return this.options.instanceDid ?? "_global_";
-    }
-    /** Load all OAuth configs from D1 settings. */
-    async loadAllConfigs() {
-        const settings = await this.options.store.listSettings(this.instanceDid);
-        const configs = {};
-        for (const s of settings) {
-            if (s.key.startsWith("oauth:") && s.value) {
-                const provider = s.key.slice(6);
-                try {
-                    configs[provider] = JSON.parse(s.value);
-                }
-                catch {
-                    // Skip invalid config
-                }
-            }
-        }
-        return configs;
-    }
-    /** Load a single provider's config from D1 settings. */
-    async loadProviderConfig(provider) {
-        const raw = await this.options.store.getSetting(this.instanceDid, `oauth:${provider}`);
-        if (!raw)
-            return null;
-        try {
-            return JSON.parse(raw);
-        }
-        catch {
-            return null;
-        }
-    }
-    /** Build the callback URL for a provider. In federated mode, uses master origin. */
-    getCallbackUrl(request, provider) {
-        const origin = this.options.masterOAuthOrigin || new URL(request.url).origin;
-        return `${origin}/.well-known/service/oauth/callback/${provider}`;
-    }
-    /** Verify JWT from cookie — returns caller identity or null. */
-    async verifyCaller(request) {
-        const cookies = request.headers.get("Cookie") || "";
-        const match = cookies.match(new RegExp(`${this.options.cookieName}=([^;]+)`));
-        if (!match)
-            return null;
-        const payload = await verifyJWT(match[1], this.options.jwtSecret);
-        if (!payload || typeof payload.did !== "string" || typeof payload.pk !== "string")
-            return null;
-        return { did: payload.did, pk: payload.pk };
-    }
-}
-function jsonResponse(data, status = 200) {
-    return new Response(JSON.stringify(data), {
-        status,
-        headers: { "Content-Type": "application/json", "Cache-Control": "private, no-store" },
-    });
-}
-function renderCallbackError(origin, error) {
-    const html = `<!DOCTYPE html><html><body><script>
-    if (window.opener) {
-      window.opener.postMessage({
-        type: 'authorization_response',
-        error: ${JSON.stringify(error)}
-      }, '${origin}');
-    }
-    window.close();
-  </script></body></html>`;
-    return new Response(html, { headers: { "Content-Type": "text/html" } });
-}
-//# sourceMappingURL=oauth-handler.js.map

package/dist/oauth-handler.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-handler.js","sourceRoot":"","sources":["../src/oauth-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAE7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AAoBzE,+CAA+C;AAC/C,MAAM,QAAQ,GAAiC;IAC7C,MAAM,EAAE,IAAI,aAAa,EAAE;IAC3B,MAAM,EAAE,IAAI,aAAa,EAAE;IAC3B,KAAK,EAAE,IAAI,YAAY,EAAE;IACzB,OAAO,EAAE,IAAI,cAAc,EAAE;IAC7B,QAAQ,EAAE,IAAI,eAAe,EAAE;IAC/B,KAAK,EAAE,IAAI,YAAY,EAAE;IACzB,cAAc,EAAE,IAAI,kBAAkB,EAAE;CACzC,CAAC;AAEF,MAAM,OAAO,YAAY;IACf,OAAO,CAAsB;IAErC,YAAY,OAA4B;QACtC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,6DAA6D;IAC7D,MAAM,CAAC,eAAe,CAAC,OAAqB;QAC1C,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CAAC,OAAgB;QAC1B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC;QAC1B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE9B,yBAAyB;QACzB,IAAI,IAAI,KAAK,wCAAwC,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC1E,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACjC,CAAC;QAED,iCAAiC;QACjC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAC3B,6DAA6D,CAC9D,CAAC;QACF,IAAI,UAAU,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAE,CAAC,CAAC;QACnD,CAAC;QAED,wCAAwC;QACxC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAC9B,2DAA2D,CAC5D,CAAC;QACF,IAAI,aAAa,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,CAAC,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC,CAAE,CAAC,CAAC;QACzD,CAAC;QAED,wBAAwB;QACxB,IAAI,IAAI,KAAK,sCAAsC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACzE,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QACtC,CAAC;QAED,uBAAuB;QACvB,IAAI,IAAI,KAAK,qCAAqC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACxE,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC;QAED,yBAAyB;QACzB,IAAI,IAAI,KAAK,uCAAuC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1E,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4EAA4E;IACpE,KAAK,CAAC,gBAAgB;QAC5B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5C,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;aACnC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACZ,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAwC,CAAC;YACjE,OAAO;gBACL,IAAI;gBACJ,QAAQ,EAAG,GAAG,CAAC,QAAmB,IAAI,EAAE;gBACxC,OAAO,EAAG,GAAG,CAAC,OAAmB,IAAI,IAAI;gBACzC,KAAK,EAAG,GAAG,CAAC,KAAgB,IAAI,GAAG;aACpC,CAAC;QACJ,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC;aAClC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;aACjC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;QACrD,OAAO,YAAY,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,4EAA4E;IACpE,KAAK,CAAC,WAAW,CAAC,OAAgB,EAAE,QAAgB;QAC1D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM;YAAE,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,aAAa,QAAQ,kBAAkB,EAAE,EAAE,GAAG,CAAC,CAAC;QAE1F,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACnC,IAAI,CAAC,OAAO;YAAE,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,aAAa,QAAQ,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAC;QAE1F,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC;QAC3D,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE3D,sCAAsC;QACtC,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAClC,MAAM,YAAY,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAE9C,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,eAAe,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,mBAAmB,CAAC;YAC1C,MAAM;YACN,WAAW;YACX,KAAK,EAAE,QAAQ;SAChB,CAAC,CAAC;QAEH,6DAA6D;QAC7D,mEAAmE;QACnE,qDAAqD;QACrD,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC1E,MAAM,IAAI,GAAG;;;;;;;;;;;wBAWO,YAAY;;6BAEP,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;eACrC,CAAC;QACZ,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,kEAAkE;IAC1D,KAAK,CAAC,cAAc,CAAC,OAAgB,EAAE,QAAgB;QAC7D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAEjC,6CAA6C;QAC7C,IAAI,IAAmB,CAAC;QACxB,IAAI,UAAyB,CAAC;QAC9B,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC1C,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAkB,CAAC;YAC7C,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAkB,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACpC,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7C,CAAC;QAED,2BAA2B;QAC3B,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACzB,OAAO,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAC;QAClE,CAAC;QAED,sBAAsB;QACtB,IAAI,YAAsE,CAAC;QAC3E,IAAI,CAAC;YACH,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,eAAe,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;YAC9E,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,gCAAgC,CAAC,CAAC;YAC3E,CAAC;YACD,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,eAAe,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,aAAa;QAClF,CAAC;QAED,+CAA+C;QAC/C,OAAO,IAAI,QAAQ,CAAC,uBAAuB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;YACvD,OAAO,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE;SACzC,CAAC,CAAC;IACL,CAAC;IAED,4DAA4D;IACpD,KAAK,CAAC,cAAc,CAAC,OAAgB;QAC3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACrD,IAAI,MAAM,YAAY,QAAQ;YAAE,OAAO,MAAM,CAAC;QAE9C,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC;QAEhC,wBAAwB;QACxB,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QAC/B,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,CAAC,YAAY,CAAC;QAEhC,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,KAAK,CAAC,UAAU,CAAC;gBACrB,GAAG,EAAE,OAAO;gBACZ,EAAE,EAAE,MAAM;gBACV,QAAQ,EAAE,OAAO,CAAC,IAAI;gBACtB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,cAAc,EAAE,QAAQ;aACzB,CAAC,CAAC;YAEH,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,YAAY,EAAE,CAAC;YAC7C,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;gBACpB,MAAM,KAAK,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC;QAED,2BAA2B;QAC3B,MAAM,KAAK,CAAC,sBAAsB,CAAC;YACjC,GAAG,EAAE,OAAO;YACZ,EAAE,EAAE,MAAM;YACV,OAAO;YACP,QAAQ;YACR,EAAE,EAAE,OAAO,CAAC,GAAG;YACf,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;gBACvB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC;SACH,CAAC,CAAC;QAEH,YAAY;QACZ,MAAM,KAAK,CAAC,cAAc,CAAC;YACzB,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,YAAY;YAClD,WAAW,EAAE,OAAO;YACpB,QAAQ,EAAE,EAAE,QAAQ,EAAE;SACvB,CAAC,CAAC;QAEH,0BAA0B;QAC1B,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAC/C,MAAM,OAAO,GAA4B,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;QACtE,IAAI,IAAI,EAAE,QAAQ;YAAE,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC;QACxD,IAAI,IAAI,EAAE,IAAI;YAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACzC,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAEtF,IAAI,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,GAAG,qDAAqD,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QAC/H,MAAM,YAAY,GAAG,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3F,IAAI,YAAY,EAAE,QAAQ,CAAC,GAAG,CAAC;YAAE,MAAM,IAAI,YAAY,YAAY,EAAE,CAAC;QAEtE,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE;YAC9D,MAAM,EAAE,GAAG;YACX,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,YAAY,EAAE,MAAM;gBACpB,eAAe,EAAE,mBAAmB;aACrC;SACF,CAAC,CAAC;IACL,CAAC;IAED,kEAAkE;IAC1D,KAAK,CAAC,UAAU,CAAC,OAAgB;QACvC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM;YAAE,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,GAAG,CAAC,CAAC;QAE5E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACrD,IAAI,MAAM,YAAY,QAAQ;YAAE,OAAO,MAAM,CAAC;QAE9C,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;QAE7C,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC;YAC9C,GAAG,EAAE,MAAM,CAAC,OAAO;YACnB,EAAE,EAAE,MAAM,CAAC,SAAS;YACpB,OAAO,EAAE,MAAM,CAAC,GAAG;YACnB,QAAQ;YACR,EAAE,EAAE,OAAO,CAAC,GAAG;YACf,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;gBACvB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC;YACtC,MAAM,EAAE,YAAY;YACpB,WAAW,EAAE,MAAM,CAAC,GAAG;YACvB,QAAQ,EAAE,EAAE,QAAQ,EAAE;SACvB,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,wEAAwE;IAChE,KAAK,CAAC,YAAY,CAAC,OAAgB;QACzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM;YAAE,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,GAAG,CAAC,CAAC;QAE5E,IAAI,IAA2B,CAAC;QAChC,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;QAC1B,IAAI,CAAC,QAAQ;YAAE,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,GAAG,CAAC,CAAC;QAEvE,qDAAqD;QACrD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/D,IAAI,IAAI,EAAE,cAAc,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,0CAA0C,EAAE,EAAE,GAAG,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAC3E,QAAQ,EACR,MAAM,CAAC,GAAG,CACX,CAAC;QACF,IAAI,CAAC,OAAO;YAAE,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE,GAAG,CAAC,CAAC;QAEvE,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAE7D,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC;YACtC,MAAM,EAAE,cAAc;YACtB,WAAW,EAAE,MAAM,CAAC,GAAG;YACvB,QAAQ,EAAE,EAAE,QAAQ,EAAE;SACvB,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,4EAA4E;IAE5E;;;OAGG;IACK,KAAK,CAAC,iBAAiB,CAC7B,OAAgB;QAEhB,IAAI,IAAgE,CAAC;QACrE,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;QAC7C,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YACvB,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,EAAE,GAAG,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM;YAAE,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,aAAa,QAAQ,kBAAkB,EAAE,EAAE,GAAG,CAAC,CAAC;QAE1F,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACnC,IAAI,CAAC,OAAO;YAAE,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,aAAa,QAAQ,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAC;QAE1F,MAAM,WAAW,GAAG,WAAW,IAAI,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE1E,IAAI,OAAqB,CAAC;QAC1B,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC;gBACnC,MAAM;gBACN,IAAI;gBACJ,WAAW,EAAE,WAAW;gBACxB,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;aACpB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC;YAC7E,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE;YAC1C,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK;YACzB,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;SACpC,CAAC,CAAC;QACH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,CAAC,EAAE,EAAE,EAAE,CAAC;IACtF,CAAC;IAED,2DAA2D;IAC3D,IAAY,WAAW;QACrB,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,IAAI,UAAU,CAAC;IAChD,CAAC;IAED,+CAA+C;IACvC,KAAK,CAAC,cAAc;QAC1B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACzE,MAAM,OAAO,GAAwC,EAAE,CAAC;QACxD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;gBAC1C,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAChC,IAAI,CAAC;oBACH,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAC1C,CAAC;gBAAC,MAAM,CAAC;oBACP,sBAAsB;gBACxB,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,wDAAwD;IAChD,KAAK,CAAC,kBAAkB,CAAC,QAAgB;QAC/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,QAAQ,EAAE,CAAC,CAAC;QACvF,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,oFAAoF;IAC5E,cAAc,CAAC,OAAgB,EAAE,QAAgB;QACvD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QAC7E,OAAO,GAAG,MAAM,uCAAuC,QAAQ,EAAE,CAAC;IACpE,CAAC;IAED,gEAAgE;IACxD,KAAK,CAAC,YAAY,CAAC,OAAgB;QACzC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,UAAU,CAAC,CAAC,CAAC;QAC9E,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACnE,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,OAAO,CAAC,EAAE,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC/F,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC;IAC9C,CAAC;CACF;AAED,SAAS,YAAY,CAAC,IAAa,EAAE,MAAM,GAAG,GAAG;IAC/C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,mBAAmB,EAAE;KACtF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAc,EAAE,KAAa;IACxD,MAAM,IAAI,GAAG;;;;iBAIE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;YAC1B,MAAM;;;0BAGQ,CAAC;IACzB,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;AAC1E,CAAC"}

package/dist/page.d.ts

@@ -1,33 +0,0 @@
-/**
- * Auth page HTML — self-contained login page with passkey and DID Wallet flows.
- *
- * CSS comes from @arcblock/did-connect-core/ui (single source of truth).
- * JS uses a pre-built IIFE bundle from core/ui (LoginPage + runPasskeyAuth).
- */
-export interface RenderLoginPageConfig {
-    /** API prefix for DID Connect endpoints */
-    apiPrefix: string;
-    /** Application name displayed on login page */
-    appName?: string;
-    /** Application PID for DID Wallet deep link */
-    appPid?: string;
-    /** Auth methods to show (default: ['passkey', 'did-connect']) */
-    methods?: string[];
-    /** OAuth provider list */
-    oauthProviders?: Array<{
-        name: string;
-        icon?: string;
-    }>;
-    /** Locale (default: 'en') */
-    locale?: string;
-    /** Application logo URL */
-    appLogo?: string;
-    /** Privacy policy URL */
-    privacyUrl?: string;
-    /** Terms of service URL */
-    termsUrl?: string;
-    /** Color theme */
-    theme?: 'light' | 'dark' | 'auto';
-}
-export declare function renderLoginPage(config: RenderLoginPageConfig): string;
-//# sourceMappingURL=page.d.ts.map

package/dist/page.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"page.d.ts","sourceRoot":"","sources":["../src/page.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,WAAW,qBAAqB;IACpC,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iEAAiE;IACjE,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,0BAA0B;IAC1B,cAAc,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxD,6BAA6B;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2BAA2B;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,2BAA2B;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB;IAClB,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;CACnC;AAOD,wBAAgB,eAAe,CAAC,MAAM,EAAE,qBAAqB,GAAG,MAAM,CAgDrE"}

package/dist/page.js

@@ -1,59 +0,0 @@
-/**
- * Auth page HTML — self-contained login page with passkey and DID Wallet flows.
- *
- * CSS comes from @arcblock/did-connect-core/ui (single source of truth).
- * JS uses a pre-built IIFE bundle from core/ui (LoginPage + runPasskeyAuth).
- */
-import { LOGIN_PAGE_STYLES } from "@arcblock/did-connect-core/ui";
-import loginBundle from "./_generated/login-bundle-string.js";
-/** Escape string for safe embedding inside <script> — prevents XSS. */
-function escapeForScript(s) {
-    return s.replace(/<\/(script)/gi, "<\\/$1");
-}
-export function renderLoginPage(config) {
-    const connectConfig = {
-        apiPrefix: config.apiPrefix,
-        appName: config.appName,
-        appPid: config.appPid,
-    };
-    const options = {
-        methods: config.methods || ["passkey", "did-connect"],
-        oauthProviders: config.oauthProviders,
-        locale: config.locale || "en",
-        onSuccess: "__reload__",
-        appName: config.appName,
-        appLogo: config.appLogo,
-        privacyUrl: config.privacyUrl,
-        termsUrl: config.termsUrl,
-        theme: config.theme,
-    };
-    const configJSON = escapeForScript(JSON.stringify(connectConfig));
-    const optionsJSON = escapeForScript(JSON.stringify(options));
-    return /* html */ `<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="utf-8" />
-  <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <title>Sign In</title>
-  <style>${LOGIN_PAGE_STYLES}</style>
-</head>
-<body>
-  <div id="login-root"></div>
-<script>
-${loginBundle}
-;(function() {
-  var LB = __LoginBundle;
-  var config = ${configJSON};
-  var options = ${optionsJSON};
-  if (options.onSuccess === "__reload__") {
-    options.onSuccess = function() { setTimeout(function() { location.reload(); }, 300); };
-  }
-  var http = new LB.FetchHttpAdapter({ prefix: config.apiPrefix });
-  var page = new LB.LoginPage(document.getElementById("login-root"), config, http, options);
-  page.mount();
-})();
-</script>
-</body>
-</html>`;
-}
-//# sourceMappingURL=page.js.map

package/dist/page.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"page.js","sourceRoot":"","sources":["../src/page.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAElE,OAAO,WAAW,MAAM,qCAAqC,CAAC;AAyB9D,uEAAuE;AACvE,SAAS,eAAe,CAAC,CAAS;IAChC,OAAO,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAA6B;IAC3D,MAAM,aAAa,GAA2B;QAC5C,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC;IAEF,MAAM,OAAO,GAAG;QACd,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC;QACrD,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,IAAI;QAC7B,SAAS,EAAE,YAAY;QACvB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC;IAEF,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;IAClE,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IAE7D,OAAO,UAAU,CAAC;;;;;;WAMT,iBAAiB;;;;;EAK1B,WAAW;;;iBAGI,UAAU;kBACT,WAAW;;;;;;;;;;QAUrB,CAAC;AACT,CAAC"}

package/dist/pages/auth-script.d.ts

@@ -1,18 +0,0 @@
-/**
- * Shared passkey auth script — extracted from login page for reuse.
- *
- * Exposes `runPasskeyAuth(options)` which handles the full passkey flow:
- *   1. GET /auth → authentication challenge options
- *   2. Try credentials.get() (authentication)
- *   3. Fallback: GET /register → registration challenge options
- *   4. credentials.create() (registration)
- *   5. POST /auth or POST /register to verify
- *
- * Used by invite page (inline JS string for SSR).
- *
- * @deprecated Use `runPasskeyAuth` from `@arcblock/did-connect-core/ui` instead.
- * This inline JS string is kept for invite-page.ts backward compatibility.
- * The canonical TS module is `packages/connect-core/src/ui/webauthn-browser.ts`.
- */
-export declare const AUTH_SCRIPT = "\nfunction b64urlEncode(buf) {\n  const bytes = new Uint8Array(buf);\n  let str = \"\";\n  for (let i = 0; i < bytes.length; i++) str += String.fromCharCode(bytes[i]);\n  return btoa(str).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\n\nfunction b64urlDecode(str) {\n  str = str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n  const bin = atob(str);\n  const arr = new Uint8Array(bin.length);\n  for (let i = 0; i < bin.length; i++) arr[i] = bin.charCodeAt(i);\n  return arr.buffer;\n}\n\nfunction serializeRegistration(cred) {\n  return {\n    id: cred.id,\n    rawId: b64urlEncode(cred.rawId),\n    type: cred.type,\n    response: {\n      attestationObject: b64urlEncode(cred.response.attestationObject),\n      clientDataJSON: b64urlEncode(cred.response.clientDataJSON),\n    },\n    clientExtensionResults: cred.getClientExtensionResults(),\n    authenticatorAttachment: cred.authenticatorAttachment,\n  };\n}\n\nfunction serializeAuthentication(cred) {\n  return {\n    id: cred.id,\n    rawId: b64urlEncode(cred.rawId),\n    type: cred.type,\n    response: {\n      authenticatorData: b64urlEncode(cred.response.authenticatorData),\n      clientDataJSON: b64urlEncode(cred.response.clientDataJSON),\n      signature: b64urlEncode(cred.response.signature),\n      userHandle: cred.response.userHandle ? b64urlEncode(cred.response.userHandle) : undefined,\n    },\n    clientExtensionResults: cred.getClientExtensionResults(),\n    authenticatorAttachment: cred.authenticatorAttachment,\n  };\n}\n\n/**\n * Run the full passkey auth flow.\n * @param {Object} options\n * @param {string} options.prefix - API base path (default: '/.well-known/service/api/passkey')\n * @param {string} [options.name] - User display name for registration\n * @param {boolean} [options.authOnly] - If true, only try authentication (no registration fallback)\n * @param {boolean} [options.registerOnly] - If true, skip authentication and go straight to registration\n * @param {function} options.onStatus - Status callback: (message, isError) => void\n * @returns {Promise<{success: boolean, error?: string}>}\n */\nasync function runPasskeyAuth(options) {\n  const prefix = options.prefix || \"/.well-known/service/api/passkey\";\n  const onStatus = options.onStatus || function() {};\n  const authOnly = options.authOnly || false;\n  const registerOnly = options.registerOnly || false;\n  const invitationId = options.invitationId || undefined;\n\n  async function fetchAuthChallenge() {\n    const res = await fetch(prefix + \"/auth\", { method: \"GET\" });\n    if (!res.ok) throw new Error(\"Failed to get auth challenge\");\n    return res.json();\n  }\n\n  async function fetchRegisterChallenge(name) {\n    var params = [];\n    if (name) params.push(\"name=\" + encodeURIComponent(name));\n    if (invitationId) params.push(\"invitationId=\" + encodeURIComponent(invitationId));\n    var qs = params.length ? \"?\" + params.join(\"&\") : \"\";\n    const res = await fetch(prefix + \"/register\" + qs, { method: \"GET\" });\n    if (!res.ok) throw new Error(\"Failed to get register challenge\");\n    return res.json();\n  }\n\n  async function verifyAuth(challengeId, credential) {\n    const res = await fetch(prefix + \"/auth\", {\n      method: \"POST\",\n      headers: { \"Content-Type\": \"application/json\" },\n      body: JSON.stringify({ challengeId: challengeId, credential: credential }),\n    });\n    if (!res.ok) {\n      const errData = await res.json().catch(function() { return {}; });\n      throw new Error(errData.error || \"Authentication failed\");\n    }\n    return res.json();\n  }\n\n  async function verifyRegister(challengeId, credential, name) {\n    const res = await fetch(prefix + \"/register\", {\n      method: \"POST\",\n      headers: { \"Content-Type\": \"application/json\" },\n      body: JSON.stringify({ challengeId: challengeId, credential: credential, name: name || undefined }),\n    });\n    if (!res.ok) {\n      const errData = await res.json().catch(function() { return {}; });\n      throw new Error(errData.error || \"Registration failed\");\n    }\n    return res.json();\n  }\n\n  // Phase 1: try authentication (skip if registerOnly)\n  if (!registerOnly) {\n  onStatus(\"Waiting for passkey...\", false);\n  try {\n    const { challengeId, authentication } = await fetchAuthChallenge();\n    const authOpts = {\n      publicKey: {\n        ...authentication,\n        challenge: b64urlDecode(authentication.challenge),\n        allowCredentials: (authentication.allowCredentials || []).map(function(c) {\n          return { ...c, id: b64urlDecode(c.id) };\n        }),\n      },\n    };\n    const raw = await navigator.credentials.get(authOpts);\n    const credential = serializeAuthentication(raw);\n\n    onStatus(\"Verifying...\", false);\n    await verifyAuth(challengeId, credential);\n    return { success: true };\n  } catch (authErr) {\n    // Auth failed \u2014 if authOnly, return failure so caller can show name input\n    if (authOnly) {\n      return { success: false, error: \"no_passkey\" };\n    }\n  }\n  } // end if (!registerOnly)\n\n  // Phase 2: registration \u2014 check if server allows it\n  var challengeData = await fetchRegisterChallenge(options.name || \"\");\n  if (!challengeData.registrationAllowed) {\n    onStatus(\"Registration requires an invitation.\", true);\n    return { success: false, error: \"registration_closed\" };\n  }\n\n  onStatus(\"No existing passkey found. Creating new one...\", false);\n  try {\n    var regOpts = {\n      publicKey: {\n        ...challengeData.registration,\n        challenge: b64urlDecode(challengeData.registration.challenge),\n        user: {\n          ...challengeData.registration.user,\n          id: b64urlDecode(challengeData.registration.user.id),\n        },\n        excludeCredentials: (challengeData.registration.excludeCredentials || []).map(function(c) {\n          return { ...c, id: b64urlDecode(c.id) };\n        }),\n      },\n    };\n    var raw = await navigator.credentials.create(regOpts);\n    var credential = serializeRegistration(raw);\n\n    onStatus(\"Verifying...\", false);\n    await verifyRegister(challengeData.challengeId, credential, options.name || \"\");\n    return { success: true };\n  } catch (regErr) {\n    var errMsg = regErr.message || \"Passkey setup failed\";\n    onStatus(errMsg, true);\n    return { success: false, error: errMsg };\n  }\n}\n";
-//# sourceMappingURL=auth-script.d.ts.map

package/dist/pages/auth-script.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-script.d.ts","sourceRoot":"","sources":["../../src/pages/auth-script.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,WAAW,6yMAuKvB,CAAC"}