@atcute/client 4.2.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/README.md +52 -26
  2. package/dist/client.d.ts +12 -21
  3. package/dist/client.d.ts.map +1 -1
  4. package/dist/client.js +1 -21
  5. package/dist/client.js.map +1 -1
  6. package/dist/fetch-handler.d.ts.map +1 -1
  7. package/dist/fetch-handler.js.map +1 -1
  8. package/dist/index.d.ts +2 -3
  9. package/dist/index.d.ts.map +1 -1
  10. package/dist/index.js +0 -1
  11. package/dist/index.js.map +1 -1
  12. package/dist/utils/jwt.d.ts.map +1 -1
  13. package/dist/utils/jwt.js +2 -2
  14. package/dist/utils/jwt.js.map +1 -1
  15. package/lib/client.ts +11 -30
  16. package/lib/env.d.ts +1 -0
  17. package/lib/index.ts +2 -3
  18. package/lib/utils/jwt.ts +2 -2
  19. package/package.json +18 -14
  20. package/dist/credential-manager.d.ts +0 -109
  21. package/dist/credential-manager.d.ts.map +0 -1
  22. package/dist/credential-manager.js +0 -250
  23. package/dist/credential-manager.js.map +0 -1
  24. package/lib/credential-manager.ts +0 -413
package/dist/credential-manager.d.ts DELETED
@@ -1,109 +0,0 @@
1
- import type { Did } from '@atcute/lexicons';
2
- import { type FetchHandlerObject } from './fetch-handler.js';
3
- /**
4
- * represents the decoded access token, for convenience
5
- * @deprecated
6
- */
7
- export interface AtpAccessJwt {
8
- /** access token scope */
9
- scope: 'com.atproto.access' | 'com.atproto.appPass' | 'com.atproto.appPassPrivileged' | 'com.atproto.signupQueued' | 'com.atproto.takendown';
10
- /** account DID */
11
- sub: Did;
12
- /** expiration time in Unix seconds */
13
- exp: number;
14
- /** token issued time in Unix seconds */
15
- iat: number;
16
- }
17
- /**
18
- * represents the the decoded refresh token, for convenience
19
- * @deprecated
20
- */
21
- export interface AtpRefreshJwt {
22
- /** refresh token scope */
23
- scope: 'com.atproto.refresh';
24
- /** unique identifier for this session */
25
- jti: string;
26
- /** account DID */
27
- sub: Did;
28
- /** intended audience of this refresh token, in DID */
29
- aud: Did;
30
- /** token expiration time in seconds */
31
- exp: number;
32
- /** token issued time in seconds */
33
- iat: number;
34
- }
35
- /** session data, can be persisted and reused */
36
- export interface AtpSessionData {
37
- /** refresh token */
38
- refreshJwt: string;
39
- /** access token */
40
- accessJwt: string;
41
- /** account handle */
42
- handle: string;
43
- /** account DID */
44
- did: Did;
45
- /** PDS endpoint found in the DID document, this will be used as the service URI if provided */
46
- pdsUri?: string;
47
- /** email address of the account, might not be available if on app password */
48
- email?: string;
49
- /** whether the email address has been confirmed or not */
50
- emailConfirmed?: boolean;
51
- /** whether the account has email-based two-factor authentication enabled */
52
- emailAuthFactor?: boolean;
53
- /** whether the account is active (not deactivated, taken down, or suspended) */
54
- active: boolean;
55
- /** possible reason for why the account is inactive */
56
- inactiveStatus?: string;
57
- }
58
- export interface CredentialManagerOptions {
59
- /** PDS server URL */
60
- service: string;
61
- /** custom fetch function */
62
- fetch?: typeof fetch;
63
- /** function called when the session expires and can't be refreshed */
64
- onExpired?: (session: AtpSessionData) => void;
65
- /** function called after a successful session refresh */
66
- onRefresh?: (session: AtpSessionData) => void;
67
- /** function called whenever the session object is updated (login, resume, refresh) */
68
- onSessionUpdate?: (session: AtpSessionData) => void;
69
- }
70
- export declare class CredentialManager implements FetchHandlerObject {
71
- #private;
72
- /** service URL to make authentication requests with */
73
- readonly serviceUrl: string;
74
- /** fetch implementation */
75
- fetch: typeof fetch;
76
- /** current active session, undefined if not authenticated */
77
- session?: AtpSessionData;
78
- constructor({ service, onExpired, onRefresh, onSessionUpdate, fetch: _fetch }: CredentialManagerOptions);
79
- /** service URL to make actual API requests with */
80
- get dispatchUrl(): string;
81
- handle(pathname: string, init: RequestInit): Promise<Response>;
82
- /**
83
- * resume from a persisted session
84
- * @param session session data, taken from `AtpAuth#session` after login
85
- */
86
- resume(session: AtpSessionData): Promise<AtpSessionData>;
87
- /**
88
- * sign in to an account
89
- * @param options credential options
90
- * @returns session data
91
- */
92
- login(options: AuthLoginOptions): Promise<AtpSessionData>;
93
- /**
94
- * sign out of the current session, invalidating it server-side
95
- */
96
- logout(): Promise<void>;
97
- }
98
- /** credentials */
99
- export interface AuthLoginOptions {
100
- /** what account to login as, this could be domain handle, DID, or email address */
101
- identifier: string;
102
- /** account password */
103
- password: string;
104
- /** two-factor authentication code, if email TOTP is enabled */
105
- code?: string;
106
- /** allow signing in even if the account has been taken down */
107
- allowTakendown?: boolean;
108
- }
109
- //# sourceMappingURL=credential-manager.d.ts.map
package/dist/credential-manager.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"credential-manager.d.ts","sourceRoot":"","sources":["../lib/credential-manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAK5C,OAAO,EAAsB,KAAK,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAIjF;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC5B,yBAAyB;IACzB,KAAK,EACF,oBAAoB,GACpB,qBAAqB,GACrB,+BAA+B,GAC/B,0BAA0B,GAC1B,uBAAuB,CAAC;IAC3B,kBAAkB;IAClB,GAAG,EAAE,GAAG,CAAC;IACT,sCAAsC;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,wCAAwC;IACxC,GAAG,EAAE,MAAM,CAAC;CACZ;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC7B,0BAA0B;IAC1B,KAAK,EAAE,qBAAqB,CAAC;IAC7B,yCAAyC;IACzC,GAAG,EAAE,MAAM,CAAC;IACZ,kBAAkB;IAClB,GAAG,EAAE,GAAG,CAAC;IACT,sDAAsD;IACtD,GAAG,EAAE,GAAG,CAAC;IACT,uCAAuC;IACvC,GAAG,EAAE,MAAM,CAAC;IACZ,mCAAmC;IACnC,GAAG,EAAE,MAAM,CAAC;CACZ;AAED,gDAAgD;AAChD,MAAM,WAAW,cAAc;IAC9B,oBAAoB;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,mBAAmB;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,kBAAkB;IAClB,GAAG,EAAE,GAAG,CAAC;IACT,+FAA+F;IAC/F,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,0DAA0D;IAC1D,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,4EAA4E;IAC5E,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,gFAAgF;IAChF,MAAM,EAAE,OAAO,CAAC;IAChB,sDAAsD;IACtD,cAAc,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,wBAAwB;IACxC,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAEhB,4BAA4B;IAC5B,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IAErB,sEAAsE;IACtE,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;IAC9C,yDAAyD;IACzD,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;IAC9C,sFAAsF;IACtF,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,IAAI,CAAC;CACpD;AAED,qBAAa,iBAAkB,YAAW,kBAAkB;;IAC3D,uDAAuD;IACvD,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,2BAA2B;IAC3B,KAAK,EAAE,OAAO,KAAK,CAAC;IAcpB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,cAAc,CAAC;IAEzB,YAAY,EACX,OAAO,EACP,SAAS,EACT,SAAS,EACT,eAAe,EACf,KAAK,EAAE,MAAc,EACrB,EAAE,wBAAwB,EAS1B;IAED,mDAAmD;IACnD,IAAI,WAAW,WAEd;IAEK,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,CA6CnE;IA6ED;;;OAGG;IACG,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC,CA2D7D;IAED;;;;OAIG;IACG,KAAK,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,cAAc,CAAC,CAiB9D;IAED;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAmB5B;CACD;AAED,kBAAkB;AAClB,MAAM,WAAW,gBAAgB;IAChC,mFAAmF;IACnF,UAAU,EAAE,MAAM,CAAC;IACnB,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,+DAA+D;IAC/D,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,cAAc,CAAC,EAAE,OAAO,CAAC;CACzB"}
package/dist/credential-manager.js DELETED
@@ -1,250 +0,0 @@
1
- import { getPdsEndpoint } from '@atcute/identity';
2
- import { Client, ClientResponseError, isXRPCErrorPayload, ok } from './client.js';
3
- import { simpleFetchHandler } from './fetch-handler.js';
4
- import { decodeJwt } from './utils/jwt.js';
5
- export class CredentialManager {
6
- /** service URL to make authentication requests with */
7
- serviceUrl;
8
- /** fetch implementation */
9
- fetch;
10
- /** internal client instance for making authentication requests */
11
- #server;
12
- /** holds a promise for the current refresh operation, used for debouncing */
13
- #refreshSessionPromise;
14
- /** callback for session expiration */
15
- #onExpired;
16
- /** callback for successful session refresh */
17
- #onRefresh;
18
- /** callback for session updates */
19
- #onSessionUpdate;
20
- /** current active session, undefined if not authenticated */
21
- session;
22
- constructor({ service, onExpired, onRefresh, onSessionUpdate, fetch: _fetch = fetch, }) {
23
- this.serviceUrl = service;
24
- this.fetch = _fetch;
25
- this.#server = new Client({ handler: simpleFetchHandler({ service, fetch: _fetch }) });
26
- this.#onRefresh = onRefresh;
27
- this.#onExpired = onExpired;
28
- this.#onSessionUpdate = onSessionUpdate;
29
- }
30
- /** service URL to make actual API requests with */
31
- get dispatchUrl() {
32
- return this.session?.pdsUri ?? this.serviceUrl;
33
- }
34
- async handle(pathname, init) {
35
- await this.#refreshSessionPromise;
36
- const url = new URL(pathname, this.dispatchUrl);
37
- const headers = new Headers(init.headers);
38
- if (!this.session || headers.has('authorization')) {
39
- return (0, this.fetch)(url, init);
40
- }
41
- const initialToken = this.session.accessJwt;
42
- headers.set('authorization', `Bearer ${initialToken}`);
43
- const initialResponse = await (0, this.fetch)(url, { ...init, headers });
44
- if (initialResponse.status !== 401 && !(await isExpiredTokenResponse(initialResponse))) {
45
- return initialResponse;
46
- }
47
- try {
48
- await this.#refreshSession();
49
- }
50
- catch {
51
- return initialResponse;
52
- }
53
- // return initial response if:
54
- // - request was aborted
55
- // - refresh failed and cleared the session
56
- // - token didn't actually change (refresh failed silently)
57
- // - request body was a stream (can't be resent)
58
- const updatedToken = this.session?.accessJwt;
59
- if (init.signal?.aborted ||
60
- !updatedToken ||
61
- updatedToken === initialToken ||
62
- init.body instanceof ReadableStream) {
63
- return initialResponse;
64
- }
65
- // cancel initial response to avoid resource leaks (Node.js)
66
- await initialResponse.body?.cancel();
67
- headers.set('authorization', `Bearer ${updatedToken}`);
68
- return await (0, this.fetch)(url, { ...init, headers });
69
- }
70
- #refreshSession() {
71
- return (this.#refreshSessionPromise ||= this.#refreshSessionInner().finally(() => (this.#refreshSessionPromise = undefined)));
72
- }
73
- async #refreshSessionInner() {
74
- const currentSession = this.session;
75
- if (!currentSession) {
76
- return;
77
- }
78
- const response = await this.#server.post('com.atproto.server.refreshSession', {
79
- headers: {
80
- authorization: `Bearer ${currentSession.refreshJwt}`,
81
- },
82
- });
83
- if (!response.ok) {
84
- const isExpired = response.status === 401 ||
85
- response.data.error === 'ExpiredToken' ||
86
- response.data.error === 'InvalidToken';
87
- if (isExpired) {
88
- this.session = undefined;
89
- this.#onExpired?.(currentSession);
90
- }
91
- throw new ClientResponseError(response);
92
- }
93
- // DID must not change during refresh
94
- if (response.data.did !== currentSession.did) {
95
- this.session = undefined;
96
- this.#onExpired?.(currentSession);
97
- throw new ClientResponseError({ status: 401, data: { error: 'InvalidDID' } });
98
- }
99
- // protect against concurrent session updates
100
- if (this.session !== currentSession) {
101
- throw new Error('concurrent session update detected');
102
- }
103
- this.#updateSession({ ...currentSession, ...response.data });
104
- this.#onRefresh?.(this.session);
105
- }
106
- #updateSession(raw) {
107
- const didDoc = raw.didDoc;
108
- let pdsUri;
109
- if (didDoc) {
110
- pdsUri = getPdsEndpoint(didDoc);
111
- }
112
- const newSession = {
113
- accessJwt: raw.accessJwt,
114
- refreshJwt: raw.refreshJwt,
115
- handle: raw.handle,
116
- did: raw.did,
117
- pdsUri: pdsUri,
118
- email: raw.email,
119
- emailConfirmed: raw.emailConfirmed,
120
- emailAuthFactor: raw.emailAuthFactor,
121
- active: raw.active ?? true,
122
- inactiveStatus: raw.status,
123
- };
124
- this.session = newSession;
125
- this.#onSessionUpdate?.(newSession);
126
- return newSession;
127
- }
128
- /**
129
- * resume from a persisted session
130
- * @param session session data, taken from `AtpAuth#session` after login
131
- */
132
- async resume(session) {
133
- // protect against concurrent resume of the same session
134
- if (session.refreshJwt === this.session?.refreshJwt) {
135
- await this.#refreshSessionPromise;
136
- if (!this.session || session.did !== this.session.did) {
137
- throw new ClientResponseError({ status: 401, data: { error: 'InvalidToken' } });
138
- }
139
- return this.session;
140
- }
141
- const now = Date.now() / 1_000 + 60 * 5;
142
- const refreshToken = decodeJwt(session.refreshJwt);
143
- if (now >= refreshToken.exp || refreshToken.sub !== session.did) {
144
- throw new ClientResponseError({ status: 401, data: { error: 'InvalidToken' } });
145
- }
146
- const accessToken = decodeJwt(session.accessJwt);
147
- if (accessToken.sub !== session.did) {
148
- throw new ClientResponseError({ status: 401, data: { error: 'InvalidToken' } });
149
- }
150
- // set the session and clear any stale refresh promise
151
- this.session = session;
152
- this.#refreshSessionPromise = undefined;
153
- if (now >= accessToken.exp) {
154
- // access token expired, need to refresh
155
- await this.#refreshSession();
156
- }
157
- else {
158
- // access token still valid, fetch session info in background
159
- const promise = ok(this.#server.get('com.atproto.server.getSession', {
160
- headers: {
161
- authorization: `Bearer ${session.accessJwt}`,
162
- },
163
- }));
164
- promise.then((next) => {
165
- const existing = this.session;
166
- if (!existing || existing.did !== next.did) {
167
- return;
168
- }
169
- this.#updateSession({ ...existing, ...next });
170
- }, (_err) => {
171
- // ignore error
172
- });
173
- }
174
- if (!this.session) {
175
- throw new ClientResponseError({ status: 401, data: { error: 'InvalidToken' } });
176
- }
177
- return this.session;
178
- }
179
- /**
180
- * sign in to an account
181
- * @param options credential options
182
- * @returns session data
183
- */
184
- async login(options) {
185
- // reset the session
186
- this.session = undefined;
187
- this.#refreshSessionPromise = undefined;
188
- const session = await ok(this.#server.post('com.atproto.server.createSession', {
189
- input: {
190
- identifier: options.identifier,
191
- password: options.password,
192
- authFactorToken: options.code,
193
- allowTakendown: options.allowTakendown,
194
- },
195
- }));
196
- return this.#updateSession(session);
197
- }
198
- /**
199
- * sign out of the current session, invalidating it server-side
200
- */
201
- async logout() {
202
- const currentSession = this.session;
203
- if (!currentSession) {
204
- return;
205
- }
206
- this.session = undefined;
207
- this.#refreshSessionPromise = undefined;
208
- try {
209
- await this.#server.post('com.atproto.server.deleteSession', {
210
- as: null,
211
- headers: {
212
- authorization: `Bearer ${currentSession.refreshJwt}`,
213
- },
214
- });
215
- }
216
- catch {
217
- // ignore errors - session is already cleared locally
218
- }
219
- }
220
- }
221
- const isExpiredTokenResponse = async (response) => {
222
- if (response.status !== 400) {
223
- return false;
224
- }
225
- if (extractContentType(response.headers) !== 'application/json') {
226
- return false;
227
- }
228
- // this is nasty as it relies heavily on what the PDS returns, but avoiding
229
- // cloning and reading the request as much as possible is better.
230
- // {"error":"ExpiredToken","message":"Token has expired"}
231
- // {"error":"ExpiredToken","message":"Token is expired"}
232
- if (extractContentLength(response.headers) > 54 * 1.5) {
233
- return false;
234
- }
235
- try {
236
- const data = await response.clone().json();
237
- if (isXRPCErrorPayload(data)) {
238
- return data.error === 'ExpiredToken';
239
- }
240
- }
241
- catch { }
242
- return false;
243
- };
244
- const extractContentType = (headers) => {
245
- return headers.get('content-type')?.split(';')[0]?.trim();
246
- };
247
- const extractContentLength = (headers) => {
248
- return Number(headers.get('content-length') ?? ';');
249
- };
250
- //# sourceMappingURL=credential-manager.js.map
package/dist/credential-manager.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"credential-manager.js","sourceRoot":"","sources":["../lib/credential-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAoB,MAAM,kBAAkB,CAAC;AAKpE,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AAClF,OAAO,EAAE,kBAAkB,EAA2B,MAAM,oBAAoB,CAAC;AAEjF,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAgF3C,MAAM,OAAO,iBAAiB;IAC7B,uDAAuD;IAC9C,UAAU,CAAS;IAC5B,2BAA2B;IAC3B,KAAK,CAAe;IAEpB,kEAAkE;IAClE,OAAO,CAAS;IAChB,6EAA6E;IAC7E,sBAAsB,CAA4B;IAElD,sCAAsC;IACtC,UAAU,CAAwC;IAClD,8CAA8C;IAC9C,UAAU,CAAwC;IAClD,mCAAmC;IACnC,gBAAgB,CAA8C;IAE9D,6DAA6D;IAC7D,OAAO,CAAkB;IAEzB,YAAY,EACX,OAAO,EACP,SAAS,EACT,SAAS,EACT,eAAe,EACf,KAAK,EAAE,MAAM,GAAG,KAAK,GACK,EAAE;QAC5B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC;QAC1B,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC;QAEpB,IAAI,CAAC,OAAO,GAAG,IAAI,MAAM,CAAC,EAAE,OAAO,EAAE,kBAAkB,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;QAEvF,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,gBAAgB,GAAG,eAAe,CAAC;IAAA,CACxC;IAED,mDAAmD;IACnD,IAAI,WAAW,GAAG;QACjB,OAAO,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC;IAAA,CAC/C;IAED,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAiB,EAAqB;QACpE,MAAM,IAAI,CAAC,sBAAsB,CAAC;QAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE1C,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;YACnD,OAAO,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,YAAY,EAAE,CAAC,CAAC;QAEvD,MAAM,eAAe,GAAG,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAEzE,IAAI,eAAe,CAAC,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,MAAM,sBAAsB,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC;YACxF,OAAO,eAAe,CAAC;QACxB,CAAC;QAED,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,eAAe,CAAC;QACxB,CAAC;QAED,8BAA8B;QAC9B,wBAAwB;QACxB,2CAA2C;QAC3C,2DAA2D;QAC3D,gDAAgD;QAChD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC;QAC7C,IACC,IAAI,CAAC,MAAM,EAAE,OAAO;YACpB,CAAC,YAAY;YACb,YAAY,KAAK,YAAY;YAC7B,IAAI,CAAC,IAAI,YAAY,cAAc,EAClC,CAAC;YACF,OAAO,eAAe,CAAC;QACxB,CAAC;QAED,4DAA4D;QAC5D,MAAM,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;QAErC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,YAAY,EAAE,CAAC,CAAC;QACvD,OAAO,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IAAA,CACxD;IAED,eAAe,GAAG;QACjB,OAAO,CAAC,IAAI,CAAC,sBAAsB,KAAK,IAAI,CAAC,oBAAoB,EAAE,CAAC,OAAO,CAC1E,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,sBAAsB,GAAG,SAAS,CAAC,CAC/C,CAAC,CAAC;IAAA,CACH;IAED,KAAK,CAAC,oBAAoB,GAAkB;QAC3C,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC;QACpC,IAAI,CAAC,cAAc,EAAE,CAAC;YACrB,OAAO;QACR,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,mCAAmC,EAAE;YAC7E,OAAO,EAAE;gBACR,aAAa,EAAE,UAAU,cAAc,CAAC,UAAU,EAAE;aACpD;SACD,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,SAAS,GACd,QAAQ,CAAC,MAAM,KAAK,GAAG;gBACvB,QAAQ,CAAC,IAAI,CAAC,KAAK,KAAK,cAAc;gBACtC,QAAQ,CAAC,IAAI,CAAC,KAAK,KAAK,cAAc,CAAC;YAExC,IAAI,SAAS,EAAE,CAAC;gBACf,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;gBACzB,IAAI,CAAC,UAAU,EAAE,CAAC,cAAc,CAAC,CAAC;YACnC,CAAC;YAED,MAAM,IAAI,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QACzC,CAAC;QAED,qCAAqC;QACrC,IAAI,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,cAAc,CAAC,GAAG,EAAE,CAAC;YAC9C,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;YACzB,IAAI,CAAC,UAAU,EAAE,CAAC,cAAc,CAAC,CAAC;YAClC,MAAM,IAAI,mBAAmB,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;QAC/E,CAAC;QAED,6CAA6C;QAC7C,IAAI,IAAI,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,EAAE,GAAG,cAAc,EAAE,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,UAAU,EAAE,CAAC,IAAI,CAAC,OAAQ,CAAC,CAAC;IAAA,CACjC;IAED,cAAc,CAAC,GAA0C,EAAkB;QAC1E,MAAM,MAAM,GAAG,GAAG,CAAC,MAAiC,CAAC;QAErD,IAAI,MAA0B,CAAC;QAC/B,IAAI,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;QAED,MAAM,UAAU,GAAmB;YAClC,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,MAAM,EAAE,MAAM;YACd,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,cAAc,EAAE,GAAG,CAAC,cAAc;YAClC,eAAe,EAAE,GAAG,CAAC,eAAe;YACpC,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,IAAI;YAC1B,cAAc,EAAE,GAAG,CAAC,MAAM;SAC1B,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,UAAU,CAAC;QAC1B,IAAI,CAAC,gBAAgB,EAAE,CAAC,UAAU,CAAC,CAAC;QAEpC,OAAO,UAAU,CAAC;IAAA,CAClB;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,OAAuB,EAA2B;QAC9D,wDAAwD;QACxD,IAAI,OAAO,CAAC,UAAU,KAAK,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;YACrD,MAAM,IAAI,CAAC,sBAAsB,CAAC;YAClC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBACvD,MAAM,IAAI,mBAAmB,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;YACjF,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC;QACrB,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,EAAE,GAAG,CAAC,CAAC;QAExC,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,UAAU,CAAkB,CAAC;QACpE,IAAI,GAAG,IAAI,YAAY,CAAC,GAAG,IAAI,YAAY,CAAC,GAAG,KAAK,OAAO,CAAC,GAAG,EAAE,CAAC;YACjE,MAAM,IAAI,mBAAmB,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,CAAiB,CAAC;QACjE,IAAI,WAAW,CAAC,GAAG,KAAK,OAAO,CAAC,GAAG,EAAE,CAAC;YACrC,MAAM,IAAI,mBAAmB,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,sDAAsD;QACtD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,sBAAsB,GAAG,SAAS,CAAC;QAExC,IAAI,GAAG,IAAI,WAAW,CAAC,GAAG,EAAE,CAAC;YAC5B,wCAAwC;YACxC,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC9B,CAAC;aAAM,CAAC;YACP,6DAA6D;YAC7D,MAAM,OAAO,GAAG,EAAE,CACjB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE;gBACjD,OAAO,EAAE;oBACR,aAAa,EAAE,UAAU,OAAO,CAAC,SAAS,EAAE;iBAC5C;aACD,CAAC,CACF,CAAC;YAEF,OAAO,CAAC,IAAI,CACX,CAAC,IAAI,EAAE,EAAE,CAAC;gBACT,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC;gBAC9B,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,GAAG,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;oBAC5C,OAAO;gBACR,CAAC;gBAED,IAAI,CAAC,cAAc,CAAC,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;YAAA,CAC9C,EACD,CAAC,IAAI,EAAE,EAAE,CAAC;gBACT,eAAe;YADL,CAEV,CACD,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACnB,MAAM,IAAI,mBAAmB,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC;IAAA,CACpB;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK,CAAC,OAAyB,EAA2B;QAC/D,oBAAoB;QACpB,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QACzB,IAAI,CAAC,sBAAsB,GAAG,SAAS,CAAC;QAExC,MAAM,OAAO,GAAG,MAAM,EAAE,CACvB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kCAAkC,EAAE;YACrD,KAAK,EAAE;gBACN,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,eAAe,EAAE,OAAO,CAAC,IAAI;gBAC7B,cAAc,EAAE,OAAO,CAAC,cAAc;aACtC;SACD,CAAC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IAAA,CACpC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,GAAkB;QAC7B,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC;QACpC,IAAI,CAAC,cAAc,EAAE,CAAC;YACrB,OAAO;QACR,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QACzB,IAAI,CAAC,sBAAsB,GAAG,SAAS,CAAC;QAExC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBAC3D,EAAE,EAAE,IAAI;gBACR,OAAO,EAAE;oBACR,aAAa,EAAE,UAAU,cAAc,CAAC,UAAU,EAAE;iBACpD;aACD,CAAC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACR,qDAAqD;QACtD,CAAC;IAAA,CACD;CACD;AAcD,MAAM,sBAAsB,GAAG,KAAK,EAAE,QAAkB,EAAoB,EAAE,CAAC;IAC9E,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACd,CAAC;IAED,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QACjE,OAAO,KAAK,CAAC;IACd,CAAC;IAED,2EAA2E;IAC3E,iEAAiE;IAEjE,yDAAyD;IACzD,wDAAwD;IACxD,IAAI,oBAAoB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC;QACvD,OAAO,KAAK,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACJ,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;QAC3C,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,KAAK,KAAK,cAAc,CAAC;QACtC,CAAC;IACF,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAEV,OAAO,KAAK,CAAC;AAAA,CACb,CAAC;AAEF,MAAM,kBAAkB,GAAG,CAAC,OAAgB,EAAE,EAAE,CAAC;IAChD,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;AAAA,CAC1D,CAAC;AACF,MAAM,oBAAoB,GAAG,CAAC,OAAgB,EAAE,EAAE,CAAC;IAClD,OAAO,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,GAAG,CAAC,CAAC;AAAA,CACpD,CAAC"}