@astrox/authentication 0.0.24 → 0.0.30

package/lib/cjs/index.d.ts

@@ -0,0 +1,73 @@
+import { PublicKey } from '@astrox/agent';
+import { DelegationChain } from '@astrox/identity';
+import { Principal } from '@astrox/principal';
+/**
+ * Options for {@link createAuthenticationRequestUrl}. All these options may be limited
+ * further by the identity provider, or an error can happen.
+ */
+export interface CreateUrlOptions {
+    /**
+     * The public key to delegate to. This should be the public key of the session key.
+     */
+    publicKey: PublicKey;
+    /**
+     * The scope of the delegation. This must contain at least one key and a maximum
+     * of four. This is validated in {@link createAuthenticationRequestUrl} but also
+     * will be validated as part of the identity provider.
+     */
+    scope: Array<string | Principal>;
+    /**
+     * The URI to redirect to, after authentication. By default, `window.location.origin`.
+     */
+    redirectUri?: string;
+    /**
+     * The URL base to use for the identity provider.
+     * By default, this is "https://auth.ic0.app/authorize".
+     */
+    identityProvider?: URL | string;
+}
+/**
+ * List of things to check for a delegation chain validity.
+ */
+export interface DelegationValidChecks {
+    /**
+     * Check that the scope is amongst the scopes that this delegation has access to.
+     */
+    scope?: Principal | string | Array<Principal | string>;
+}
+/**
+ * A parsed access token.
+ */
+export declare type AccessToken = string & {
+    _BRAND: 'access_token';
+};
+/**
+ * Create a URL that can be used to redirect the browser to request authentication (e.g. using
+ * the authentication provider). Will throw if some options are invalid.
+ * @param options An option with all options for the authentication request.
+ */
+export declare function createAuthenticationRequestUrl(options: CreateUrlOptions): URL;
+/**
+ * Returns an AccessToken from the Window object. This cannot be used in Node, instead use
+ * the {@link getAccessTokenFromURL} function.
+ *
+ * An access token is needed to create a DelegationChain object.
+ */
+export declare function getAccessTokenFromWindow(): AccessToken | null;
+/**
+ * Analyze a URL and try to extract an AccessToken from it.
+ * @param url The URL to look into.
+ */
+export declare function getAccessTokenFromURL(url: URL | string): AccessToken | null;
+/**
+ * Create a DelegationChain from an AccessToken extracted from a redirect URL.
+ * @param accessToken The access token extracted from a redirect URL.
+ */
+export declare function createDelegationChainFromAccessToken(accessToken: AccessToken): DelegationChain;
+/**
+ * Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
+ * scope.
+ * @param chain The chain to validate.
+ * @param checks Various checks to validate on the chain.
+ */
+export declare function isDelegationValid(chain: DelegationChain, checks?: DelegationValidChecks): boolean;

package/lib/cjs/index.js

@@ -0,0 +1,132 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isDelegationValid = exports.createDelegationChainFromAccessToken = exports.getAccessTokenFromURL = exports.getAccessTokenFromWindow = exports.createAuthenticationRequestUrl = void 0;
+const identity_1 = require("@astrox/identity");
+const principal_1 = require("@astrox/principal");
+const DEFAULT_IDENTITY_PROVIDER_URL = 'https://auth.ic0.app/authorize';
+function toHexString(bytes) {
+    return new Uint8Array(bytes).reduce((str, byte) => str + byte.toString(16).padStart(2, '0'), '');
+}
+function _getDefaultLocation() {
+    if (typeof window === 'undefined') {
+        throw new Error('Could not find default location.');
+    }
+    return window.location.origin;
+}
+/**
+ * Create a URL that can be used to redirect the browser to request authentication (e.g. using
+ * the authentication provider). Will throw if some options are invalid.
+ * @param options An option with all options for the authentication request.
+ */
+function createAuthenticationRequestUrl(options) {
+    var _a, _b, _c;
+    const url = new URL((_b = (_a = options.identityProvider) === null || _a === void 0 ? void 0 : _a.toString()) !== null && _b !== void 0 ? _b : DEFAULT_IDENTITY_PROVIDER_URL);
+    url.searchParams.set('response_type', 'token');
+    url.searchParams.set('login_hint', toHexString(options.publicKey.toDer()));
+    url.searchParams.set('redirect_uri', (_c = options.redirectUri) !== null && _c !== void 0 ? _c : _getDefaultLocation());
+    url.searchParams.set('scope', options.scope
+        .map(p => {
+        if (typeof p === 'string') {
+            return principal_1.Principal.fromText(p);
+        }
+        else {
+            return p;
+        }
+    })
+        .map(p => p.toString())
+        .join(' '));
+    url.searchParams.set('state', '');
+    return url;
+}
+exports.createAuthenticationRequestUrl = createAuthenticationRequestUrl;
+/**
+ * Returns an AccessToken from the Window object. This cannot be used in Node, instead use
+ * the {@link getAccessTokenFromURL} function.
+ *
+ * An access token is needed to create a DelegationChain object.
+ */
+function getAccessTokenFromWindow() {
+    if (typeof window === 'undefined') {
+        return null;
+    }
+    return getAccessTokenFromURL(new URL(window.location.href));
+}
+exports.getAccessTokenFromWindow = getAccessTokenFromWindow;
+/**
+ * Analyze a URL and try to extract an AccessToken from it.
+ * @param url The URL to look into.
+ */
+function getAccessTokenFromURL(url) {
+    // Remove the `#` at the start.
+    const hashParams = new URLSearchParams(new URL(url.toString()).hash.substr(1));
+    return hashParams.get('access_token');
+}
+exports.getAccessTokenFromURL = getAccessTokenFromURL;
+/**
+ * Create a DelegationChain from an AccessToken extracted from a redirect URL.
+ * @param accessToken The access token extracted from a redirect URL.
+ */
+function createDelegationChainFromAccessToken(accessToken) {
+    // Transform the HEXADECIMAL string into the JSON it represents.
+    if (/[^0-9a-fA-F]/.test(accessToken) || accessToken.length % 2) {
+        throw new Error('Invalid hexadecimal string for accessToken.');
+    }
+    const chainJson = [...accessToken]
+        .reduce((acc, curr, i) => {
+        // tslint:disable-next-line:no-bitwise
+        acc[(i / 2) | 0] = (acc[(i / 2) | 0] || '') + curr;
+        return acc;
+    }, [])
+        .map(x => Number.parseInt(x, 16))
+        .map(x => String.fromCharCode(x))
+        .join('');
+    return identity_1.DelegationChain.fromJSON(chainJson);
+}
+exports.createDelegationChainFromAccessToken = createDelegationChainFromAccessToken;
+/**
+ * Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
+ * scope.
+ * @param chain The chain to validate.
+ * @param checks Various checks to validate on the chain.
+ */
+function isDelegationValid(chain, checks) {
+    // Verify that the no delegation is expired. If any are in the chain, returns false.
+    for (const { delegation } of chain.delegations) {
+        // prettier-ignore
+        if (+new Date(Number(delegation.expiration / BigInt(1000000))) <= +Date.now()) {
+            return false;
+        }
+    }
+    // Check the scopes.
+    const scopes = [];
+    const maybeScope = checks === null || checks === void 0 ? void 0 : checks.scope;
+    if (maybeScope) {
+        if (Array.isArray(maybeScope)) {
+            scopes.push(...maybeScope.map(s => (typeof s === 'string' ? principal_1.Principal.fromText(s) : s)));
+        }
+        else {
+            scopes.push(typeof maybeScope === 'string' ? principal_1.Principal.fromText(maybeScope) : maybeScope);
+        }
+    }
+    for (const s of scopes) {
+        const scope = s.toText();
+        for (const { delegation } of chain.delegations) {
+            if (delegation.targets === undefined) {
+                continue;
+            }
+            let none = true;
+            for (const target of delegation.targets) {
+                if (target.toText() === scope) {
+                    none = false;
+                    break;
+                }
+            }
+            if (none) {
+                return false;
+            }
+        }
+    }
+    return true;
+}
+exports.isDelegationValid = isDelegationValid;
+//# sourceMappingURL=index.js.map

package/lib/cjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AACA,+CAAmD;AACnD,iDAA8C;AAE9C,MAAM,6BAA6B,GAAG,gCAAgC,CAAC;AAEvE,SAAS,WAAW,CAAC,KAAkB;IACrC,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AACnG,CAAC;AAED,SAAS,mBAAmB;IAC1B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;KACrD;IAED,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;AAChC,CAAC;AA8CD;;;;GAIG;AACH,SAAgB,8BAA8B,CAAC,OAAyB;;IACtE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAA,MAAA,OAAO,CAAC,gBAAgB,0CAAE,QAAQ,EAAE,mCAAI,6BAA6B,CAAC,CAAC;IAC3F,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IAC/C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC3E,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAA,OAAO,CAAC,WAAW,mCAAI,mBAAmB,EAAE,CAAC,CAAC;IACnF,GAAG,CAAC,YAAY,CAAC,GAAG,CAClB,OAAO,EACP,OAAO,CAAC,KAAK;SACV,GAAG,CAAC,CAAC,CAAC,EAAE;QACP,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE;YACzB,OAAO,qBAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;SAC9B;aAAM;YACL,OAAO,CAAC,CAAC;SACV;IACH,CAAC,CAAC;SACD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;SACtB,IAAI,CAAC,GAAG,CAAC,CACb,CAAC;IACF,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAElC,OAAO,GAAG,CAAC;AACb,CAAC;AArBD,wEAqBC;AAED;;;;;GAKG;AACH,SAAgB,wBAAwB;IACtC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,OAAO,IAAI,CAAC;KACb;IACD,OAAO,qBAAqB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AAC9D,CAAC;AALD,4DAKC;AAED;;;GAGG;AACH,SAAgB,qBAAqB,CAAC,GAAiB;IACrD,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,OAAO,UAAU,CAAC,GAAG,CAAC,cAAc,CAAuB,CAAC;AAC9D,CAAC;AAJD,sDAIC;AAED;;;GAGG;AACH,SAAgB,oCAAoC,CAAC,WAAwB;IAC3E,gEAAgE;IAChE,IAAI,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;QAC9D,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;KAChE;IACD,MAAM,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC;SAC/B,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE;QACvB,sCAAsC;QACtC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACnD,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAc,CAAC;SACjB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;SAChC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,OAAO,0BAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AAC7C,CAAC;AAhBD,oFAgBC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,KAAsB,EAAE,MAA8B;IACtF,oFAAoF;IACpF,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;QAC9C,kBAAkB;QAClB,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE;YAC7E,OAAO,KAAK,CAAC;SACd;KACF;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,CAAC;IACjC,IAAI,UAAU,EAAE;QACd,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YAC7B,MAAM,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,qBAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC1F;aAAM;YACL,MAAM,CAAC,IAAI,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,qBAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;SAC3F;KACF;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;QACtB,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;QACzB,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;YAC9C,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE;gBACpC,SAAS;aACV;YAED,IAAI,IAAI,GAAG,IAAI,CAAC;YAChB,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE;gBACvC,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,KAAK,EAAE;oBAC7B,IAAI,GAAG,KAAK,CAAC;oBACb,MAAM;iBACP;aACF;YACD,IAAI,IAAI,EAAE;gBACR,OAAO,KAAK,CAAC;aACd;SACF;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAzCD,8CAyCC"}

package/lib/esm/index.d.ts

@@ -0,0 +1,73 @@
+import { PublicKey } from '@astrox/agent';
+import { DelegationChain } from '@astrox/identity';
+import { Principal } from '@astrox/principal';
+/**
+ * Options for {@link createAuthenticationRequestUrl}. All these options may be limited
+ * further by the identity provider, or an error can happen.
+ */
+export interface CreateUrlOptions {
+    /**
+     * The public key to delegate to. This should be the public key of the session key.
+     */
+    publicKey: PublicKey;
+    /**
+     * The scope of the delegation. This must contain at least one key and a maximum
+     * of four. This is validated in {@link createAuthenticationRequestUrl} but also
+     * will be validated as part of the identity provider.
+     */
+    scope: Array<string | Principal>;
+    /**
+     * The URI to redirect to, after authentication. By default, `window.location.origin`.
+     */
+    redirectUri?: string;
+    /**
+     * The URL base to use for the identity provider.
+     * By default, this is "https://auth.ic0.app/authorize".
+     */
+    identityProvider?: URL | string;
+}
+/**
+ * List of things to check for a delegation chain validity.
+ */
+export interface DelegationValidChecks {
+    /**
+     * Check that the scope is amongst the scopes that this delegation has access to.
+     */
+    scope?: Principal | string | Array<Principal | string>;
+}
+/**
+ * A parsed access token.
+ */
+export declare type AccessToken = string & {
+    _BRAND: 'access_token';
+};
+/**
+ * Create a URL that can be used to redirect the browser to request authentication (e.g. using
+ * the authentication provider). Will throw if some options are invalid.
+ * @param options An option with all options for the authentication request.
+ */
+export declare function createAuthenticationRequestUrl(options: CreateUrlOptions): URL;
+/**
+ * Returns an AccessToken from the Window object. This cannot be used in Node, instead use
+ * the {@link getAccessTokenFromURL} function.
+ *
+ * An access token is needed to create a DelegationChain object.
+ */
+export declare function getAccessTokenFromWindow(): AccessToken | null;
+/**
+ * Analyze a URL and try to extract an AccessToken from it.
+ * @param url The URL to look into.
+ */
+export declare function getAccessTokenFromURL(url: URL | string): AccessToken | null;
+/**
+ * Create a DelegationChain from an AccessToken extracted from a redirect URL.
+ * @param accessToken The access token extracted from a redirect URL.
+ */
+export declare function createDelegationChainFromAccessToken(accessToken: AccessToken): DelegationChain;
+/**
+ * Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
+ * scope.
+ * @param chain The chain to validate.
+ * @param checks Various checks to validate on the chain.
+ */
+export declare function isDelegationValid(chain: DelegationChain, checks?: DelegationValidChecks): boolean;

package/lib/esm/index.js

@@ -0,0 +1,124 @@
+import { DelegationChain } from '@astrox/identity';
+import { Principal } from '@astrox/principal';
+const DEFAULT_IDENTITY_PROVIDER_URL = 'https://auth.ic0.app/authorize';
+function toHexString(bytes) {
+    return new Uint8Array(bytes).reduce((str, byte) => str + byte.toString(16).padStart(2, '0'), '');
+}
+function _getDefaultLocation() {
+    if (typeof window === 'undefined') {
+        throw new Error('Could not find default location.');
+    }
+    return window.location.origin;
+}
+/**
+ * Create a URL that can be used to redirect the browser to request authentication (e.g. using
+ * the authentication provider). Will throw if some options are invalid.
+ * @param options An option with all options for the authentication request.
+ */
+export function createAuthenticationRequestUrl(options) {
+    var _a, _b, _c;
+    const url = new URL((_b = (_a = options.identityProvider) === null || _a === void 0 ? void 0 : _a.toString()) !== null && _b !== void 0 ? _b : DEFAULT_IDENTITY_PROVIDER_URL);
+    url.searchParams.set('response_type', 'token');
+    url.searchParams.set('login_hint', toHexString(options.publicKey.toDer()));
+    url.searchParams.set('redirect_uri', (_c = options.redirectUri) !== null && _c !== void 0 ? _c : _getDefaultLocation());
+    url.searchParams.set('scope', options.scope
+        .map(p => {
+        if (typeof p === 'string') {
+            return Principal.fromText(p);
+        }
+        else {
+            return p;
+        }
+    })
+        .map(p => p.toString())
+        .join(' '));
+    url.searchParams.set('state', '');
+    return url;
+}
+/**
+ * Returns an AccessToken from the Window object. This cannot be used in Node, instead use
+ * the {@link getAccessTokenFromURL} function.
+ *
+ * An access token is needed to create a DelegationChain object.
+ */
+export function getAccessTokenFromWindow() {
+    if (typeof window === 'undefined') {
+        return null;
+    }
+    return getAccessTokenFromURL(new URL(window.location.href));
+}
+/**
+ * Analyze a URL and try to extract an AccessToken from it.
+ * @param url The URL to look into.
+ */
+export function getAccessTokenFromURL(url) {
+    // Remove the `#` at the start.
+    const hashParams = new URLSearchParams(new URL(url.toString()).hash.substr(1));
+    return hashParams.get('access_token');
+}
+/**
+ * Create a DelegationChain from an AccessToken extracted from a redirect URL.
+ * @param accessToken The access token extracted from a redirect URL.
+ */
+export function createDelegationChainFromAccessToken(accessToken) {
+    // Transform the HEXADECIMAL string into the JSON it represents.
+    if (/[^0-9a-fA-F]/.test(accessToken) || accessToken.length % 2) {
+        throw new Error('Invalid hexadecimal string for accessToken.');
+    }
+    const chainJson = [...accessToken]
+        .reduce((acc, curr, i) => {
+        // tslint:disable-next-line:no-bitwise
+        acc[(i / 2) | 0] = (acc[(i / 2) | 0] || '') + curr;
+        return acc;
+    }, [])
+        .map(x => Number.parseInt(x, 16))
+        .map(x => String.fromCharCode(x))
+        .join('');
+    return DelegationChain.fromJSON(chainJson);
+}
+/**
+ * Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
+ * scope.
+ * @param chain The chain to validate.
+ * @param checks Various checks to validate on the chain.
+ */
+export function isDelegationValid(chain, checks) {
+    // Verify that the no delegation is expired. If any are in the chain, returns false.
+    for (const { delegation } of chain.delegations) {
+        // prettier-ignore
+        if (+new Date(Number(delegation.expiration / BigInt(1000000))) <= +Date.now()) {
+            return false;
+        }
+    }
+    // Check the scopes.
+    const scopes = [];
+    const maybeScope = checks === null || checks === void 0 ? void 0 : checks.scope;
+    if (maybeScope) {
+        if (Array.isArray(maybeScope)) {
+            scopes.push(...maybeScope.map(s => (typeof s === 'string' ? Principal.fromText(s) : s)));
+        }
+        else {
+            scopes.push(typeof maybeScope === 'string' ? Principal.fromText(maybeScope) : maybeScope);
+        }
+    }
+    for (const s of scopes) {
+        const scope = s.toText();
+        for (const { delegation } of chain.delegations) {
+            if (delegation.targets === undefined) {
+                continue;
+            }
+            let none = true;
+            for (const target of delegation.targets) {
+                if (target.toText() === scope) {
+                    none = false;
+                    break;
+                }
+            }
+            if (none) {
+                return false;
+            }
+        }
+    }
+    return true;
+}
+//# sourceMappingURL=index.js.map

package/lib/esm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C,MAAM,6BAA6B,GAAG,gCAAgC,CAAC;AAEvE,SAAS,WAAW,CAAC,KAAkB;IACrC,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AACnG,CAAC;AAED,SAAS,mBAAmB;IAC1B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;KACrD;IAED,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;AAChC,CAAC;AA8CD;;;;GAIG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAyB;;IACtE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAA,MAAA,OAAO,CAAC,gBAAgB,0CAAE,QAAQ,EAAE,mCAAI,6BAA6B,CAAC,CAAC;IAC3F,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IAC/C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC3E,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAA,OAAO,CAAC,WAAW,mCAAI,mBAAmB,EAAE,CAAC,CAAC;IACnF,GAAG,CAAC,YAAY,CAAC,GAAG,CAClB,OAAO,EACP,OAAO,CAAC,KAAK;SACV,GAAG,CAAC,CAAC,CAAC,EAAE;QACP,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE;YACzB,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;SAC9B;aAAM;YACL,OAAO,CAAC,CAAC;SACV;IACH,CAAC,CAAC;SACD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;SACtB,IAAI,CAAC,GAAG,CAAC,CACb,CAAC;IACF,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAElC,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB;IACtC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,OAAO,IAAI,CAAC;KACb;IACD,OAAO,qBAAqB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,GAAiB;IACrD,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,OAAO,UAAU,CAAC,GAAG,CAAC,cAAc,CAAuB,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oCAAoC,CAAC,WAAwB;IAC3E,gEAAgE;IAChE,IAAI,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;QAC9D,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;KAChE;IACD,MAAM,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC;SAC/B,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE;QACvB,sCAAsC;QACtC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACnD,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAc,CAAC;SACjB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;SAChC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,OAAO,eAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAsB,EAAE,MAA8B;IACtF,oFAAoF;IACpF,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;QAC9C,kBAAkB;QAClB,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE;YAC7E,OAAO,KAAK,CAAC;SACd;KACF;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,CAAC;IACjC,IAAI,UAAU,EAAE;QACd,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YAC7B,MAAM,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC1F;aAAM;YACL,MAAM,CAAC,IAAI,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;SAC3F;KACF;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;QACtB,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;QACzB,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;YAC9C,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE;gBACpC,SAAS;aACV;YAED,IAAI,IAAI,GAAG,IAAI,CAAC;YAChB,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE;gBACvC,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,KAAK,EAAE;oBAC7B,IAAI,GAAG,KAAK,CAAC;oBACb,MAAM;iBACP;aACF;YACD,IAAI,IAAI,EAAE;gBACR,OAAO,KAAK,CAAC;aACd;SACF;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}