@atproto/pds 0.4.33 → 0.4.35

package/dist/auth-verifier.js

@@ -26,11 +26,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createPublicKeyObject = exports.createSecretKeyObject = exports.parseBasicAuth = exports.AuthVerifier = exports.RoleStatus = exports.AuthScope = void 0;
+exports.createPublicKeyObject = exports.createSecretKeyObject = exports.parseBasicAuth = exports.parseAuthorizationHeader = exports.AuthVerifier = exports.RoleStatus = exports.AuthScope = void 0;
 const node_crypto_1 = require("node:crypto");
+const oauth_provider_1 = require("@atproto/oauth-provider");
 const xrpc_server_1 = require("@atproto/xrpc-server");
 const identity_1 = require("@atproto/identity");
-const ui8 = __importStar(require("uint8arrays"));
 const jose = __importStar(require("jose"));
 const key_encoder_1 = __importDefault(require("key-encoder"));
 const db_1 = require("./db");
@@ -51,7 +51,7 @@ var RoleStatus;
     RoleStatus[RoleStatus["Missing"] = 2] = "Missing";
 })(RoleStatus || (exports.RoleStatus = RoleStatus = {}));
 class AuthVerifier {
-    constructor(accountManager, idResolver, opts) {
+    constructor(accountManager, idResolver, oauthVerifier, opts) {
         Object.defineProperty(this, "accountManager", {
             enumerable: true,
             configurable: true,
@@ -64,6 +64,18 @@ class AuthVerifier {
             writable: true,
             value: idResolver
         });
+        Object.defineProperty(this, "oauthVerifier", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: oauthVerifier
+        });
+        Object.defineProperty(this, "_publicUrl", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
         Object.defineProperty(this, "_jwtKey", {
             enumerable: true,
             configurable: true,
@@ -88,7 +100,7 @@ class AuthVerifier {
             configurable: true,
             writable: true,
             value: (opts = {}) => (ctx) => {
-                return this.validateAccessToken(ctx.req, [
+                return this.validateAccessToken(ctx, [
                     AuthScope.Access,
                     AuthScope.AppPassPrivileged,
                     AuthScope.AppPass,
@@ -101,7 +113,7 @@ class AuthVerifier {
             configurable: true,
             writable: true,
             value: (opts = {}) => (ctx) => {
-                return this.validateAccessToken(ctx.req, [AuthScope.Access, ...(opts.additional ?? [])], opts);
+                return this.validateAccessToken(ctx, [AuthScope.Access, ...(opts.additional ?? [])], opts);
             }
         });
         Object.defineProperty(this, "accessPrivileged", {
@@ -109,7 +121,7 @@ class AuthVerifier {
             configurable: true,
             writable: true,
             value: (opts = {}) => (ctx) => {
-                return this.validateAccessToken(ctx.req, [
+                return this.validateAccessToken(ctx, [
                     AuthScope.Access,
                     AuthScope.AppPassPrivileged,
                     ...(opts.additional ?? []),
@@ -121,20 +133,32 @@ class AuthVerifier {
             configurable: true,
             writable: true,
             value: async (ctx) => {
-                const { did, scope, token, audience, payload } = await this.validateBearerToken(ctx.req, [AuthScope.Refresh], {
-                    // when using entryway, proxying refresh credentials
-                    audience: this.dids.entryway ? this.dids.entryway : this.dids.pds,
-                });
-                if (!payload.jti) {
-                    throw new xrpc_server_1.AuthRequiredError('Unexpected missing refresh token id', 'MissingTokenId');
-                }
+                const { did, scope, token, tokenId, audience } = await this.validateRefreshToken(ctx);
+                return {
+                    credentials: {
+                        type: 'refresh',
+                        did,
+                        scope,
+                        audience,
+                        tokenId,
+                    },
+                    artifacts: token,
+                };
+            }
+        });
+        Object.defineProperty(this, "refreshExpired", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: async (ctx) => {
+                const { did, scope, token, tokenId, audience } = await this.validateRefreshToken(ctx, { clockTolerance: Infinity });
                 return {
                     credentials: {
                         type: 'refresh',
                         did,
                         scope,
                         audience,
-                        tokenId: payload.jti,
+                        tokenId,
                     },
                     artifacts: token,
                 };
@@ -144,16 +168,9 @@ class AuthVerifier {
             enumerable: true,
             configurable: true,
             writable: true,
-            value: (ctx) => {
-                const parsed = (0, exports.parseBasicAuth)(ctx.req.headers.authorization || '');
-                if (!parsed) {
-                    throw new xrpc_server_1.AuthRequiredError();
-                }
-                const { username, password } = parsed;
-                if (username !== 'admin' || password !== this._adminPass) {
-                    throw new xrpc_server_1.AuthRequiredError();
-                }
-                return { credentials: { type: 'admin_token' } };
+            value: async (ctx) => {
+                this.setAuthHeaders(ctx);
+                return this.validateAdminToken(ctx);
             }
         });
         Object.defineProperty(this, "optionalAccessOrAdminToken", {
@@ -161,14 +178,14 @@ class AuthVerifier {
             configurable: true,
             writable: true,
             value: async (ctx) => {
-                if (isBearerToken(ctx.req)) {
+                if (isAccessToken(ctx.req)) {
                     return await this.accessStandard()(ctx);
                 }
                 else if (isBasicToken(ctx.req)) {
                     return await this.adminToken(ctx);
                 }
                 else {
-                    return this.null();
+                    return this.null(ctx);
                 }
             }
         });
@@ -176,8 +193,8 @@ class AuthVerifier {
             enumerable: true,
             configurable: true,
             writable: true,
-            value: async (reqCtx) => {
-                const payload = await this.verifyServiceJwt(reqCtx, {
+            value: async (ctx) => {
+                const payload = await this.verifyServiceJwt(ctx, {
                     aud: this.dids.entryway ?? this.dids.pds,
                     iss: null,
                 });
@@ -194,12 +211,12 @@ class AuthVerifier {
             enumerable: true,
             configurable: true,
             writable: true,
-            value: async (reqCtx) => {
-                if (isBearerToken(reqCtx.req)) {
-                    return await this.userDidAuth(reqCtx);
+            value: async (ctx) => {
+                if (isBearerToken(ctx.req)) {
+                    return await this.userDidAuth(ctx);
                 }
                 else {
-                    return this.null();
+                    return this.null(ctx);
                 }
             }
         });
@@ -207,11 +224,11 @@ class AuthVerifier {
             enumerable: true,
             configurable: true,
             writable: true,
-            value: async (reqCtx) => {
+            value: async (ctx) => {
                 if (!this.dids.modService) {
                     throw new xrpc_server_1.AuthRequiredError('Untrusted issuer', 'UntrustedIss');
                 }
-                const payload = await this.verifyServiceJwt(reqCtx, {
+                const payload = await this.verifyServiceJwt(ctx, {
                     aud: null,
                     iss: [this.dids.modService, `${this.dids.modService}#atproto_labeler`],
                 });
@@ -232,25 +249,57 @@ class AuthVerifier {
             enumerable: true,
             configurable: true,
             writable: true,
-            value: async (reqCtx) => {
-                if (isBearerToken(reqCtx.req)) {
-                    return this.modService(reqCtx);
+            value: async (ctx) => {
+                if (isBearerToken(ctx.req)) {
+                    return this.modService(ctx);
                 }
                 else {
-                    return this.adminToken(reqCtx);
+                    return this.adminToken(ctx);
                 }
             }
         });
+        this._publicUrl = opts.publicUrl;
         this._jwtKey = opts.jwtKey;
         this._adminPass = opts.adminPass;
         this.dids = opts.dids;
     }
-    async validateBearerToken(req, scopes, verifyOptions) {
-        const token = bearerTokenFromReq(req);
+    async validateAdminToken({ req, }) {
+        const parsed = (0, exports.parseBasicAuth)(req.headers.authorization);
+        if (!parsed) {
+            throw new xrpc_server_1.AuthRequiredError();
+        }
+        const { username, password } = parsed;
+        if (username !== 'admin' || password !== this._adminPass) {
+            throw new xrpc_server_1.AuthRequiredError();
+        }
+        return { credentials: { type: 'admin_token' } };
+    }
+    async validateRefreshToken(ctx, verifyOptions) {
+        const result = await this.validateBearerToken(ctx, [AuthScope.Refresh], {
+            ...verifyOptions,
+            // when using entryway, proxying refresh credentials
+            audience: this.dids.entryway ? this.dids.entryway : this.dids.pds,
+        });
+        const tokenId = result.payload.jti;
+        if (!tokenId) {
+            throw new xrpc_server_1.AuthRequiredError('Unexpected missing refresh token id', 'MissingTokenId');
+        }
+        return { ...result, tokenId };
+    }
+    async validateBearerToken(ctx, scopes, verifyOptions) {
+        this.setAuthHeaders(ctx);
+        const token = bearerTokenFromReq(ctx.req);
         if (!token) {
             throw new xrpc_server_1.AuthRequiredError(undefined, 'AuthMissing');
         }
-        const payload = await verifyJwt({ key: this._jwtKey, token, verifyOptions });
+        const { payload, protectedHeader } = await this.jwtVerify(token, verifyOptions);
+        if (protectedHeader.typ === 'dpop+jwt') {
+            // @TODO we should make sure that bearer access tokens do have their "typ"
+            // claim, and allow list the possible value(s) here (typically "at+jwt"),
+            // instead of using a deny list. This would be more secure & future proof
+            // against new token types that would be introduced in the future
+            throw new xrpc_server_1.InvalidRequestError('Malformed token', 'InvalidToken');
+        }
         const { sub, aud, scope } = payload;
         if (typeof sub !== 'string' || !sub.startsWith('did:')) {
             throw new xrpc_server_1.InvalidRequestError('Malformed token', 'InvalidToken');
@@ -259,6 +308,10 @@ class AuthVerifier {
             (typeof aud !== 'string' || !aud.startsWith('did:'))) {
             throw new xrpc_server_1.InvalidRequestError('Malformed token', 'InvalidToken');
         }
+        if (payload.cnf?.jkt) {
+            // DPoP bound tokens must not be usable as regular Bearer tokens
+            throw new xrpc_server_1.InvalidRequestError('Malformed token', 'InvalidToken');
+        }
         if (!isAuthScope(scope) || (scopes.length > 0 && !scopes.includes(scope))) {
             throw new xrpc_server_1.InvalidRequestError('Bad token scope', 'InvalidToken');
         }
@@ -270,11 +323,26 @@ class AuthVerifier {
             payload,
         };
     }
-    async validateAccessToken(req, scopes, opts) {
-        const { did, scope, token, audience } = await this.validateBearerToken(req, scopes, { audience: this.dids.pds });
-        const { checkTakedown = false, checkDeactivated = false } = opts ?? {};
+    async validateAccessToken(ctx, scopes, { checkTakedown = false, checkDeactivated = false, } = {}) {
+        this.setAuthHeaders(ctx);
+        let accessOutput;
+        const [type] = (0, exports.parseAuthorizationHeader)(ctx.req.headers.authorization);
+        switch (type) {
+            case AuthType.BEARER: {
+                accessOutput = await this.validateBearerAccessToken(ctx, scopes);
+                break;
+            }
+            case AuthType.DPOP: {
+                accessOutput = await this.validateDpopAccessToken(ctx, scopes);
+                break;
+            }
+            case null:
+                throw new xrpc_server_1.AuthRequiredError(undefined, 'AuthMissing');
+            default:
+                throw new xrpc_server_1.InvalidRequestError('Unexpected authorization type', 'InvalidToken');
+        }
         if (checkTakedown || checkDeactivated) {
-            const found = await this.accountManager.getAccount(did, {
+            const found = await this.accountManager.getAccount(accessOutput.credentials.did, {
                 includeDeactivated: true,
                 includeTakenDown: true,
             });
@@ -289,6 +357,54 @@ class AuthVerifier {
                 throw new xrpc_server_1.AuthRequiredError('Account is deactivated', 'AccountDeactivated');
             }
         }
+        return accessOutput;
+    }
+    async validateDpopAccessToken(ctx, scopes) {
+        if (!scopes.includes(AuthScope.Access)) {
+            throw new xrpc_server_1.InvalidRequestError('DPoP access token cannot be used for this request', 'InvalidToken');
+        }
+        this.setAuthHeaders(ctx);
+        const { req, res } = ctx;
+        // https://datatracker.ietf.org/doc/html/rfc9449#section-8.2
+        if (res) {
+            const dpopNonce = this.oauthVerifier.nextDpopNonce();
+            if (dpopNonce) {
+                res.setHeader('DPoP-Nonce', dpopNonce);
+                res.appendHeader('Access-Control-Expose-Headers', 'DPoP-Nonce');
+            }
+        }
+        try {
+            const url = new URL(req.originalUrl || req.url, this._publicUrl);
+            const result = await this.oauthVerifier.authenticateRequest(req.method, url, req.headers, { audience: [this.dids.pds] });
+            const { sub } = result.claims;
+            if (typeof sub !== 'string' || !sub.startsWith('did:')) {
+                throw new xrpc_server_1.InvalidRequestError('Malformed token', 'InvalidToken');
+            }
+            return {
+                credentials: {
+                    type: 'access',
+                    did: result.claims.sub,
+                    scope: AuthScope.Access,
+                    audience: this.dids.pds,
+                },
+                artifacts: result.token,
+            };
+        }
+        catch (err) {
+            // Make sure to include any WWW-Authenticate header in the response
+            // (particularly useful for DPoP's "use_dpop_nonce" error)
+            if (res && err instanceof oauth_provider_1.WWWAuthenticateError) {
+                res.setHeader('WWW-Authenticate', err.wwwAuthenticateHeader);
+                res.appendHeader('Access-Control-Expose-Headers', 'WWW-Authenticate');
+            }
+            if (err instanceof oauth_provider_1.OAuthError) {
+                throw new xrpc_server_1.XRPCError(err.status, err.error_description, err.error);
+            }
+            throw err;
+        }
+    }
+    async validateBearerAccessToken(ctx, scopes) {
+        const { did, scope, token, audience } = await this.validateBearerToken(ctx, scopes, { audience: this.dids.pds });
         return {
             credentials: {
                 type: 'access',
@@ -299,7 +415,8 @@ class AuthVerifier {
             artifacts: token,
         };
     }
-    async verifyServiceJwt(reqCtx, opts) {
+    async verifyServiceJwt(ctx, opts) {
+        this.setAuthHeaders(ctx);
         const getSigningKey = async (iss, forceRefresh) => {
             if (opts.iss !== null && !opts.iss.includes(iss)) {
                 throw new xrpc_server_1.AuthRequiredError('Untrusted issuer', 'UntrustedIss');
@@ -320,14 +437,15 @@ class AuthVerifier {
             }
             return didKey;
         };
-        const jwtStr = bearerTokenFromReq(reqCtx.req);
+        const jwtStr = bearerTokenFromReq(ctx.req);
         if (!jwtStr) {
             throw new xrpc_server_1.AuthRequiredError('missing jwt', 'MissingJwt');
         }
         const payload = await (0, xrpc_server_1.verifyJwt)(jwtStr, opts.aud, getSigningKey);
         return { iss: payload.iss, aud: payload.aud };
     }
-    null() {
+    null(ctx) {
+        this.setAuthHeaders(ctx);
         return {
             credentials: null,
         };
@@ -343,52 +461,79 @@ class AuthVerifier {
             return auth.credentials.did === did;
         }
     }
+    async jwtVerify(token, verifyOptions) {
+        try {
+            return await jose.jwtVerify(token, this._jwtKey, verifyOptions);
+        }
+        catch (err) {
+            if (err?.['code'] === 'ERR_JWT_EXPIRED') {
+                throw new xrpc_server_1.InvalidRequestError('Token has expired', 'ExpiredToken');
+            }
+            throw new xrpc_server_1.InvalidRequestError('Token could not be verified', 'InvalidToken');
+        }
+    }
+    setAuthHeaders({ res }) {
+        if (res) {
+            res.setHeader('Cache-Control', 'private');
+            vary(res, 'Authorization');
+        }
+    }
 }
 exports.AuthVerifier = AuthVerifier;
 // HELPERS
 // ---------
-const BEARER = 'Bearer ';
-const BASIC = 'Basic ';
+var AuthType;
+(function (AuthType) {
+    AuthType["BASIC"] = "Basic";
+    AuthType["BEARER"] = "Bearer";
+    AuthType["DPOP"] = "DPoP";
+})(AuthType || (AuthType = {}));
+const parseAuthorizationHeader = (authorization) => {
+    const result = authorization?.split(' ', 3);
+    if (result?.length === 2) {
+        for (const [name, type] of Object.entries(AuthType)) {
+            // authorization type is case-insensitive
+            if (name === result[0].toUpperCase()) {
+                return [type, result[1]];
+            }
+        }
+    }
+    return [null];
+};
+exports.parseAuthorizationHeader = parseAuthorizationHeader;
+const isAccessToken = (req) => {
+    const [type] = (0, exports.parseAuthorizationHeader)(req.headers.authorization);
+    return type === AuthType.BEARER || type === AuthType.DPOP;
+};
 const isBearerToken = (req) => {
-    return req.headers.authorization?.startsWith(BEARER) ?? false;
+    const [type] = (0, exports.parseAuthorizationHeader)(req.headers.authorization);
+    return type === AuthType.BEARER;
 };
 const isBasicToken = (req) => {
-    return req.headers.authorization?.startsWith(BASIC) ?? false;
+    const [type] = (0, exports.parseAuthorizationHeader)(req.headers.authorization);
+    return type === AuthType.BASIC;
 };
 const bearerTokenFromReq = (req) => {
-    const header = req.headers.authorization || '';
-    if (!header.startsWith(BEARER))
-        return null;
-    return header.slice(BEARER.length);
-};
-const verifyJwt = async (params) => {
-    const { key, token, verifyOptions } = params;
-    try {
-        const result = await jose.jwtVerify(token, key, verifyOptions);
-        return result.payload;
-    }
-    catch (err) {
-        if (err?.['code'] === 'ERR_JWT_EXPIRED') {
-            throw new xrpc_server_1.InvalidRequestError('Token has expired', 'ExpiredToken');
-        }
-        throw new xrpc_server_1.InvalidRequestError('Token could not be verified', 'InvalidToken');
-    }
+    const [type, token] = (0, exports.parseAuthorizationHeader)(req.headers.authorization);
+    return type === AuthType.BEARER ? token : null;
 };
-const parseBasicAuth = (token) => {
-    if (!token.startsWith(BASIC))
-        return null;
-    const b64 = token.slice(BASIC.length);
-    let parsed;
+const parseBasicAuth = (authorizationHeader) => {
     try {
-        parsed = ui8.toString(ui8.fromString(b64, 'base64pad'), 'utf8').split(':');
+        const [type, b64] = (0, exports.parseAuthorizationHeader)(authorizationHeader);
+        if (type !== AuthType.BASIC)
+            return null;
+        const decoded = Buffer.from(b64, 'base64').toString('utf8');
+        // We must not use split(':') because the password can contain colons
+        const colon = decoded.indexOf(':');
+        if (colon === -1)
+            return null;
+        const username = decoded.slice(0, colon);
+        const password = decoded.slice(colon + 1);
+        return { username, password };
     }
     catch (err) {
         return null;
     }
-    const [username, password] = parsed;
-    if (!username || !password)
-        return null;
-    return { username, password };
 };
 exports.parseBasicAuth = parseBasicAuth;
 const authScopes = new Set(Object.values(AuthScope));
@@ -405,4 +550,18 @@ const createPublicKeyObject = (publicKeyHex) => {
 };
 exports.createPublicKeyObject = createPublicKeyObject;
 const keyEncoder = new key_encoder_1.default('secp256k1');
+function vary(res, value) {
+    const current = res.getHeader('Vary');
+    if (current == null || typeof current === 'number') {
+        res.setHeader('Vary', value);
+    }
+    else {
+        const alreadyIncluded = Array.isArray(current)
+            ? current.some((value) => value.includes(value))
+            : current.includes(value);
+        if (!alreadyIncluded) {
+            res.appendHeader('Vary', value);
+        }
+    }
+}
 //# sourceMappingURL=auth-verifier.js.map

package/dist/auth-verifier.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-verifier.js","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6CAAyE;AACzE,sDAK6B;AAC7B,gDAAsE;AACtE,iDAAkC;AAElC,2CAA4B;AAC5B,8DAAoC;AAEpC,6BAAkC;AAClC,4CAAyD;AAMzD,sEAAsE;AACtE,IAAY,SAMX;AAND,WAAY,SAAS;IACnB,0CAA6B,CAAA;IAC7B,4CAA+B,CAAA;IAC/B,4CAA+B,CAAA;IAC/B,gEAAmD,CAAA;IACnD,sDAAyC,CAAA;AAC3C,CAAC,EANW,SAAS,yBAAT,SAAS,QAMpB;AAQD,IAAY,UAIX;AAJD,WAAY,UAAU;IACpB,6CAAK,CAAA;IACL,iDAAO,CAAA;IACP,iDAAO,CAAA;AACT,CAAC,EAJW,UAAU,0BAAV,UAAU,QAIrB;AAmED,MAAa,YAAY;IAKvB,YACS,cAA8B,EAC9B,UAAsB,EAC7B,IAAsB;QAFtB;;;;mBAAO,cAAc;WAAgB;QACrC;;;;mBAAO,UAAU;WAAY;QANvB;;;;;WAAkB;QAClB;;;;;WAAkB;QACnB;;;;;WAA8B;QAYrC,0CAA0C;QAE1C;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAC7B,GAAG,CAAC,GAAG,EACP;oBACE,SAAS,CAAC,MAAM;oBAChB,SAAS,CAAC,iBAAiB;oBAC3B,SAAS,CAAC,OAAO;oBACjB,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;iBAC3B,EACD,IAAI,CACL,CAAA;YACH,CAAC;WAAA;QAEH;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAC7B,GAAG,CAAC,GAAG,EACP,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,EAC9C,IAAI,CACL,CAAA;YACH,CAAC;WAAA;QAEH;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,EAAE;oBACvC,SAAS,CAAC,MAAM;oBAChB,SAAS,CAAC,iBAAiB;oBAC3B,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;iBAC3B,CAAC,CAAA;YACJ,CAAC;WAAA;QAEH;;;;mBAAU,KAAK,EAAE,GAAW,EAA0B,EAAE;gBACtD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,GAC5C,MAAM,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE;oBAC3D,oDAAoD;oBACpD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;iBAClE,CAAC,CAAA;gBACJ,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBACjB,MAAM,IAAI,+BAAiB,CACzB,qCAAqC,EACrC,gBAAgB,CACjB,CAAA;gBACH,CAAC;gBACD,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,SAAS;wBACf,GAAG;wBACH,KAAK;wBACL,QAAQ;wBACR,OAAO,EAAE,OAAO,CAAC,GAAG;qBACrB;oBACD,SAAS,EAAE,KAAK;iBACjB,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAa,CAAC,GAAW,EAAoB,EAAE;gBAC7C,MAAM,MAAM,GAAG,IAAA,sBAAc,EAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC,CAAA;gBAClE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,+BAAiB,EAAE,CAAA;gBAC/B,CAAC;gBACD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;gBACrC,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;oBACzD,MAAM,IAAI,+BAAiB,EAAE,CAAA;gBAC/B,CAAC;gBACD,OAAO,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,CAAA;YACjD,CAAC;WAAA;QAED;;;;mBAA6B,KAAK,EAChC,GAAW,EAC4C,EAAE;gBACzD,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3B,OAAO,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC,GAAG,CAAC,CAAA;gBACzC,CAAC;qBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBACnC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;gBACpB,CAAC;YACH,CAAC;WAAA;QAED;;;;mBAAc,KAAK,EAAE,MAAc,EAA0B,EAAE;gBAC7D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;oBAClD,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG;oBACxC,GAAG,EAAE,IAAI;iBACV,CAAC,CAAA;gBACF,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,UAAU;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAsB,KAAK,EACzB,MAAc,EACuB,EAAE;gBACvC,IAAI,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9B,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;gBACvC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;gBACpB,CAAC;YACH,CAAC;WAAA;QAED;;;;mBAAa,KAAK,EAAE,MAAc,EAA6B,EAAE;gBAC/D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC1B,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;gBACjE,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;oBAClD,GAAG,EAAE,IAAI;oBACT,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,kBAAkB,CAAC;iBACvE,CAAC,CAAA;gBACF,IACE,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,GAAG;oBAC7B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAC3D,CAAC;oBACD,MAAM,IAAI,+BAAiB,CACzB,yCAAyC,EACzC,gBAAgB,CACjB,CAAA;gBACH,CAAC;gBACD,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,aAAa;wBACnB,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAY,KAAK,EACf,MAAc,EACgC,EAAE;gBAChD,IAAI,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9B,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;gBAChC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;gBAChC,CAAC;YACH,CAAC;WAAA;QApJC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAA;QAC1B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAA;IACvB,CAAC;IAmJD,KAAK,CAAC,mBAAmB,CACvB,GAAoB,EACpB,MAAmB,EACnB,aAAqC;QAErC,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAA;QACrC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,+BAAiB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;QACvD,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,CAAA;QAC5E,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;QACnC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IACE,GAAG,KAAK,SAAS;YACjB,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EACpD,CAAC;YACD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,OAAO;YACL,GAAG,EAAE,GAAG;YACR,KAAK;YACL,QAAQ,EAAE,GAAG;YACb,KAAK;YACL,OAAO;SACR,CAAA;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,GAAoB,EACpB,MAAmB,EACnB,IAA8D;QAE9D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,mBAAmB,CACpE,GAAG,EACH,MAAM,EACN,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAC5B,CAAA;QACD,MAAM,EAAE,aAAa,GAAG,KAAK,EAAE,gBAAgB,GAAG,KAAK,EAAE,GAAG,IAAI,IAAI,EAAE,CAAA;QACtE,IAAI,aAAa,IAAI,gBAAgB,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACtD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,yEAAyE;gBACzE,MAAM,IAAI,4BAAc,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAA;YAClE,CAAC;YACD,IAAI,aAAa,IAAI,IAAA,gBAAW,EAAC,KAAK,CAAC,EAAE,CAAC;gBACxC,MAAM,IAAI,+BAAiB,CACzB,6BAA6B,EAC7B,iBAAiB,CAClB,CAAA;YACH,CAAC;YACD,IAAI,gBAAgB,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;gBAC5C,MAAM,IAAI,+BAAiB,CACzB,wBAAwB,EACxB,oBAAoB,CACrB,CAAA;YACH,CAAC;QACH,CAAC;QACD,OAAO;YACL,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,GAAG;gBACH,KAAK;gBACL,QAAQ;aACT;YACD,SAAS,EAAE,KAAK;SACjB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,MAAc,EACd,IAAkD;QAElD,MAAM,aAAa,GAAG,KAAK,EACzB,GAAW,EACX,YAAqB,EACJ,EAAE;YACnB,IAAI,IAAI,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjD,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;YACjE,CAAC;YACD,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YACvC,MAAM,KAAK,GACT,SAAS,KAAK,iBAAiB,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAA;YAC/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YACnE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,2BAA2B,CAAC,CAAA;YAC1D,CAAC;YACD,MAAM,SAAS,GAAG,IAAA,gCAAuB,EAAC,MAAM,EAAE,KAAK,CAAC,CAAA;YACxD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,MAAM,MAAM,GAAG,IAAA,iCAAsB,EAAC,SAAS,CAAC,CAAA;YAChD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC,CAAA;QAED,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAC7C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,+BAAiB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAA;QAC1D,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,IAAA,uBAAgB,EAAC,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;QACvE,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAA;IAC/C,CAAC;IAED,IAAI;QACF,OAAO;YACL,WAAW,EAAE,IAAI;SAClB,CAAA;IACH,CAAC;IAED,aAAa,CACX,IAAkD,EAClD,GAAW;QAEX,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,KAAK,CAAA;QACd,CAAC;aAAM,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YACnD,OAAO,IAAI,CAAA;QACb,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,KAAK,GAAG,CAAA;QACrC,CAAC;IACH,CAAC;CACF;AAnSD,oCAmSC;AAED,UAAU;AACV,YAAY;AAEZ,MAAM,MAAM,GAAG,SAAS,CAAA;AACxB,MAAM,KAAK,GAAG,QAAQ,CAAA;AAEtB,MAAM,aAAa,GAAG,CAAC,GAAoB,EAAW,EAAE;IACtD,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,CAAA;AAC/D,CAAC,CAAA;AAED,MAAM,YAAY,GAAG,CAAC,GAAoB,EAAW,EAAE;IACrD,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,UAAU,CAAC,KAAK,CAAC,IAAI,KAAK,CAAA;AAC9D,CAAC,CAAA;AAED,MAAM,kBAAkB,GAAG,CAAC,GAAoB,EAAE,EAAE;IAClD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAA;IAC9C,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAA;IAC3C,OAAO,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;AACpC,CAAC,CAAA;AAED,MAAM,SAAS,GAAG,KAAK,EAAE,MAIxB,EAA4B,EAAE;IAC7B,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,MAAM,CAAA;IAC5C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,aAAa,CAAC,CAAA;QAC9D,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,iBAAiB,EAAE,CAAC;YACxC,MAAM,IAAI,iCAAmB,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAA;QACpE,CAAC;QACD,MAAM,IAAI,iCAAmB,CAAC,6BAA6B,EAAE,cAAc,CAAC,CAAA;IAC9E,CAAC;AACH,CAAC,CAAA;AAEM,MAAM,cAAc,GAAG,CAC5B,KAAa,EACkC,EAAE;IACjD,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACzC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IACrC,IAAI,MAAgB,CAAA;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5E,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,IAAI,CAAA;IACb,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,MAAM,CAAA;IACnC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAA;IACvC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAA;AAC/B,CAAC,CAAA;AAdY,QAAA,cAAc,kBAc1B;AAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAA;AACpD,MAAM,WAAW,GAAG,CAAC,GAAY,EAAoB,EAAE;IACrD,OAAO,UAAU,CAAC,GAAG,CAAC,GAAU,CAAC,CAAA;AACnC,CAAC,CAAA;AAEM,MAAM,qBAAqB,GAAG,CAAC,MAAc,EAAa,EAAE;IACjE,OAAO,IAAA,6BAAe,EAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;AAC7C,CAAC,CAAA;AAFY,QAAA,qBAAqB,yBAEjC;AAEM,MAAM,qBAAqB,GAAG,CAAC,YAAoB,EAAa,EAAE;IACvE,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAC,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;IAC/D,OAAO,IAAA,6BAAe,EAAC,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;AAChD,CAAC,CAAA;AAHY,QAAA,qBAAqB,yBAGjC;AAED,MAAM,UAAU,GAAG,IAAI,qBAAU,CAAC,WAAW,CAAC,CAAA"}
+{"version":3,"file":"auth-verifier.js","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6CAAyE;AAEzE,4DAIgC;AAChC,sDAM6B;AAC7B,gDAAsE;AAEtE,2CAA4B;AAC5B,8DAAoC;AAEpC,6BAAkC;AAClC,4CAAyD;AAQzD,sEAAsE;AACtE,IAAY,SAMX;AAND,WAAY,SAAS;IACnB,0CAA6B,CAAA;IAC7B,4CAA+B,CAAA;IAC/B,4CAA+B,CAAA;IAC/B,gEAAmD,CAAA;IACnD,sDAAyC,CAAA;AAC3C,CAAC,EANW,SAAS,yBAAT,SAAS,QAMpB;AAQD,IAAY,UAIX;AAJD,WAAY,UAAU;IACpB,6CAAK,CAAA;IACL,iDAAO,CAAA;IACP,iDAAO,CAAA;AACT,CAAC,EAJW,UAAU,0BAAV,UAAU,QAIrB;AAwED,MAAa,YAAY;IAMvB,YACS,cAA8B,EAC9B,UAAsB,EACtB,aAA4B,EACnC,IAAsB;QAHtB;;;;mBAAO,cAAc;WAAgB;QACrC;;;;mBAAO,UAAU;WAAY;QAC7B;;;;mBAAO,aAAa;WAAe;QAR7B;;;;;WAAkB;QAClB;;;;;WAAkB;QAClB;;;;;WAAkB;QACnB;;;;;WAA8B;QAcrC,0CAA0C;QAE1C;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAC7B,GAAG,EACH;oBACE,SAAS,CAAC,MAAM;oBAChB,SAAS,CAAC,iBAAiB;oBAC3B,SAAS,CAAC,OAAO;oBACjB,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;iBAC3B,EACD,IAAI,CACL,CAAA;YACH,CAAC;WAAA;QAEH;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAC7B,GAAG,EACH,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,EAC9C,IAAI,CACL,CAAA;YACH,CAAC;WAAA;QAEH;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE;oBACnC,SAAS,CAAC,MAAM;oBAChB,SAAS,CAAC,iBAAiB;oBAC3B,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;iBAC3B,CAAC,CAAA;YACJ,CAAC;WAAA;QAEH;;;;mBAAU,KAAK,EAAE,GAAW,EAA0B,EAAE;gBACtD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,GAC5C,MAAM,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAA;gBAEtC,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,SAAS;wBACf,GAAG;wBACH,KAAK;wBACL,QAAQ;wBACR,OAAO;qBACR;oBACD,SAAS,EAAE,KAAK;iBACjB,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAiB,KAAK,EAAE,GAAW,EAA0B,EAAE;gBAC7D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,GAC5C,MAAM,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAA;gBAEpE,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,SAAS;wBACf,GAAG;wBACH,KAAK;wBACL,QAAQ;wBACR,OAAO;qBACR;oBACD,SAAS,EAAE,KAAK;iBACjB,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAa,KAAK,EAAE,GAAW,EAA6B,EAAE;gBAC5D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;gBACxB,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;YACrC,CAAC;WAAA;QAED;;;;mBAA6B,KAAK,EAChC,GAAW,EAC4C,EAAE;gBACzD,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3B,OAAO,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC,GAAG,CAAC,CAAA;gBACzC,CAAC;qBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBACnC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACvB,CAAC;YACH,CAAC;WAAA;QAED;;;;mBAAc,KAAK,EAAE,GAAW,EAA0B,EAAE;gBAC1D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;oBAC/C,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG;oBACxC,GAAG,EAAE,IAAI;iBACV,CAAC,CAAA;gBACF,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,UAAU;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAsB,KAAK,EACzB,GAAW,EAC0B,EAAE;gBACvC,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3B,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;gBACpC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACvB,CAAC;YACH,CAAC;WAAA;QAED;;;;mBAAa,KAAK,EAAE,GAAW,EAA6B,EAAE;gBAC5D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC1B,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;gBACjE,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;oBAC/C,GAAG,EAAE,IAAI;oBACT,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,kBAAkB,CAAC;iBACvE,CAAC,CAAA;gBACF,IACE,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,GAAG;oBAC7B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAC3D,CAAC;oBACD,MAAM,IAAI,+BAAiB,CACzB,yCAAyC,EACzC,gBAAgB,CACjB,CAAA;gBACH,CAAC;gBACD,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,aAAa;wBACnB,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAY,KAAK,EACf,GAAW,EACmC,EAAE;gBAChD,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBAC7B,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBAC7B,CAAC;YACH,CAAC;WAAA;QAtJC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAA;QAC1B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAA;IACvB,CAAC;IAoJS,KAAK,CAAC,kBAAkB,CAAC,EACjC,GAAG,GACI;QACP,MAAM,MAAM,GAAG,IAAA,sBAAc,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QACxD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,+BAAiB,EAAE,CAAA;QAC/B,CAAC;QACD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;QACrC,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;YACzD,MAAM,IAAI,+BAAiB,EAAE,CAAA;QAC/B,CAAC;QAED,OAAO,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,CAAA;IACjD,CAAC;IAES,KAAK,CAAC,oBAAoB,CAClC,GAAW,EACX,aAAuD;QAEvD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE;YACtE,GAAG,aAAa;YAChB,oDAAoD;YACpD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;SAClE,CAAC,CAAA;QACF,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAA;QAClC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,+BAAiB,CACzB,qCAAqC,EACrC,gBAAgB,CACjB,CAAA;QACH,CAAC;QACD,OAAO,EAAE,GAAG,MAAM,EAAE,OAAO,EAAE,CAAA;IAC/B,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,GAAW,EACX,MAAmB,EACnB,aAAqC;QAErC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;QAExB,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,+BAAiB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;QACvD,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CACvD,KAAK,EACL,aAAa,CACd,CAAA;QAED,IAAI,eAAe,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;YACvC,0EAA0E;YAC1E,yEAAyE;YACzE,yEAAyE;YACzE,iEAAiE;YACjE,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;QACnC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IACE,GAAG,KAAK,SAAS;YACjB,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EACpD,CAAC;YACD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAK,OAAO,CAAC,GAAW,EAAE,GAAG,EAAE,CAAC;YAC9B,gEAAgE;YAChE,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,OAAO;YACL,GAAG,EAAE,GAAG;YACR,KAAK;YACL,QAAQ,EAAE,GAAG;YACb,KAAK;YACL,OAAO;SACR,CAAA;IACH,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,GAAW,EACX,MAAmB,EACnB,EACE,aAAa,GAAG,KAAK,EACrB,gBAAgB,GAAG,KAAK,MACmC,EAAE;QAE/D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;QAExB,IAAI,YAA0B,CAAA;QAE9B,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,gCAAwB,EAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QACtE,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;gBACrB,YAAY,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBAChE,MAAK;YACP,CAAC;YACD,KAAK,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;gBACnB,YAAY,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBAC9D,MAAK;YACP,CAAC;YACD,KAAK,IAAI;gBACP,MAAM,IAAI,+BAAiB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;YACvD;gBACE,MAAM,IAAI,iCAAmB,CAC3B,+BAA+B,EAC/B,cAAc,CACf,CAAA;QACL,CAAC;QAED,IAAI,aAAa,IAAI,gBAAgB,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAChD,YAAY,CAAC,WAAW,CAAC,GAAG,EAC5B;gBACE,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CACF,CAAA;YACD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,yEAAyE;gBACzE,MAAM,IAAI,4BAAc,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAA;YAClE,CAAC;YACD,IAAI,aAAa,IAAI,IAAA,gBAAW,EAAC,KAAK,CAAC,EAAE,CAAC;gBACxC,MAAM,IAAI,+BAAiB,CACzB,6BAA6B,EAC7B,iBAAiB,CAClB,CAAA;YACH,CAAC;YACD,IAAI,gBAAgB,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;gBAC5C,MAAM,IAAI,+BAAiB,CACzB,wBAAwB,EACxB,oBAAoB,CACrB,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,YAAY,CAAA;IACrB,CAAC;IAES,KAAK,CAAC,uBAAuB,CACrC,GAAW,EACX,MAAmB;QAEnB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,iCAAmB,CAC3B,mDAAmD,EACnD,cAAc,CACf,CAAA;QACH,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;QAExB,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,CAAA;QAExB,4DAA4D;QAC5D,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,CAAA;YACpD,IAAI,SAAS,EAAE,CAAC;gBACd,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;gBACtC,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,YAAY,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;YAChE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CACzD,GAAG,CAAC,MAAM,EACV,GAAG,EACH,GAAG,CAAC,OAAO,EACX,EAAE,QAAQ,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAC9B,CAAA;YAED,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,CAAA;YAC7B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACvD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;YAClE,CAAC;YAED,OAAO;gBACL,WAAW,EAAE;oBACX,IAAI,EAAE,QAAQ;oBACd,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;oBACtB,KAAK,EAAE,SAAS,CAAC,MAAM;oBACvB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG;iBACxB;gBACD,SAAS,EAAE,MAAM,CAAC,KAAK;aACxB,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,mEAAmE;YACnE,0DAA0D;YAC1D,IAAI,GAAG,IAAI,GAAG,YAAY,qCAAoB,EAAE,CAAC;gBAC/C,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,GAAG,CAAC,qBAAqB,CAAC,CAAA;gBAC5D,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,kBAAkB,CAAC,CAAA;YACvE,CAAC;YAED,IAAI,GAAG,YAAY,2BAAU,EAAE,CAAC;gBAC9B,MAAM,IAAI,uBAAS,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,iBAAiB,EAAE,GAAG,CAAC,KAAK,CAAC,CAAA;YACnE,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAES,KAAK,CAAC,yBAAyB,CACvC,GAAW,EACX,MAAmB;QAEnB,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,mBAAmB,CACpE,GAAG,EACH,MAAM,EACN,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAC5B,CAAA;QACD,OAAO;YACL,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,GAAG;gBACH,KAAK;gBACL,QAAQ;aACT;YACD,SAAS,EAAE,KAAK;SACjB,CAAA;IACH,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC9B,GAAW,EACX,IAAkD;QAElD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;QAExB,MAAM,aAAa,GAAG,KAAK,EACzB,GAAW,EACX,YAAqB,EACJ,EAAE;YACnB,IAAI,IAAI,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjD,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;YACjE,CAAC;YACD,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YACvC,MAAM,KAAK,GACT,SAAS,KAAK,iBAAiB,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAA;YAC/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YACnE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,2BAA2B,CAAC,CAAA;YAC1D,CAAC;YACD,MAAM,SAAS,GAAG,IAAA,gCAAuB,EAAC,MAAM,EAAE,KAAK,CAAC,CAAA;YACxD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,MAAM,MAAM,GAAG,IAAA,iCAAsB,EAAC,SAAS,CAAC,CAAA;YAChD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC,CAAA;QAED,MAAM,MAAM,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,+BAAiB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAA;QAC1D,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,IAAA,uBAAgB,EAAC,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;QACvE,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAA;IAC/C,CAAC;IAES,IAAI,CAAC,GAAW;QACxB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;QACxB,OAAO;YACL,WAAW,EAAE,IAAI;SAClB,CAAA;IACH,CAAC;IAED,aAAa,CACX,IAAkD,EAClD,GAAW;QAEX,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,KAAK,CAAA;QACd,CAAC;aAAM,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YACnD,OAAO,IAAI,CAAA;QACb,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,KAAK,GAAG,CAAA;QACrC,CAAC;IACH,CAAC;IAES,KAAK,CAAC,SAAS,CACvB,KAAa,EACb,aAAqC;QAErC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,iBAAiB,EAAE,CAAC;gBACxC,MAAM,IAAI,iCAAmB,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAA;YACpE,CAAC;YACD,MAAM,IAAI,iCAAmB,CAC3B,6BAA6B,EAC7B,cAAc,CACf,CAAA;QACH,CAAC;IACH,CAAC;IAES,cAAc,CAAC,EAAE,GAAG,EAAU;QACtC,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;YACzC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAA;QAC5B,CAAC;IACH,CAAC;CACF;AA1dD,oCA0dC;AAED,UAAU;AACV,YAAY;AAEZ,IAAK,QAIJ;AAJD,WAAK,QAAQ;IACX,2BAAe,CAAA;IACf,6BAAiB,CAAA;IACjB,yBAAa,CAAA;AACf,CAAC,EAJI,QAAQ,KAAR,QAAQ,QAIZ;AAEM,MAAM,wBAAwB,GAAG,CACtC,aAAsB,EAC0B,EAAE;IAClD,MAAM,MAAM,GAAG,aAAa,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;IAC3C,IAAI,MAAM,EAAE,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpD,yCAAyC;YACzC,IAAI,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;gBACrC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAoC,CAAA;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,IAAI,CAAiB,CAAA;AAC/B,CAAC,CAAA;AAdY,QAAA,wBAAwB,4BAcpC;AAED,MAAM,aAAa,GAAG,CAAC,GAAoB,EAAW,EAAE;IACtD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,gCAAwB,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAClE,OAAO,IAAI,KAAK,QAAQ,CAAC,MAAM,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI,CAAA;AAC3D,CAAC,CAAA;AAED,MAAM,aAAa,GAAG,CAAC,GAAoB,EAAW,EAAE;IACtD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,gCAAwB,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAClE,OAAO,IAAI,KAAK,QAAQ,CAAC,MAAM,CAAA;AACjC,CAAC,CAAA;AAED,MAAM,YAAY,GAAG,CAAC,GAAoB,EAAW,EAAE;IACrD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,gCAAwB,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAClE,OAAO,IAAI,KAAK,QAAQ,CAAC,KAAK,CAAA;AAChC,CAAC,CAAA;AAED,MAAM,kBAAkB,GAAG,CAAC,GAAoB,EAAE,EAAE;IAClD,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,IAAA,gCAAwB,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IACzE,OAAO,IAAI,KAAK,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAA;AAChD,CAAC,CAAA;AAEM,MAAM,cAAc,GAAG,CAC5B,mBAA4B,EACmB,EAAE;IACjD,IAAI,CAAC;QACH,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,IAAA,gCAAwB,EAAC,mBAAmB,CAAC,CAAA;QACjE,IAAI,IAAI,KAAK,QAAQ,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACxC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAC3D,qEAAqE;QACrE,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAClC,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAA;QAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;QACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAA;QACzC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAA;IAC/B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC,CAAA;AAhBY,QAAA,cAAc,kBAgB1B;AAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAA;AACpD,MAAM,WAAW,GAAG,CAAC,GAAY,EAAoB,EAAE;IACrD,OAAO,UAAU,CAAC,GAAG,CAAC,GAAU,CAAC,CAAA;AACnC,CAAC,CAAA;AAEM,MAAM,qBAAqB,GAAG,CAAC,MAAc,EAAa,EAAE;IACjE,OAAO,IAAA,6BAAe,EAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;AAC7C,CAAC,CAAA;AAFY,QAAA,qBAAqB,yBAEjC;AAEM,MAAM,qBAAqB,GAAG,CAAC,YAAoB,EAAa,EAAE;IACvE,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAC,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;IAC/D,OAAO,IAAA,6BAAe,EAAC,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;AAChD,CAAC,CAAA;AAHY,QAAA,qBAAqB,yBAGjC;AAED,MAAM,UAAU,GAAG,IAAI,qBAAU,CAAC,WAAW,CAAC,CAAA;AAE9C,SAAS,IAAI,CAAC,GAAqB,EAAE,KAAa;IAChD,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;IACrC,IAAI,OAAO,IAAI,IAAI,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QACnD,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAC9B,CAAC;SAAM,CAAC;QACN,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAC5C,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAChD,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAC3B,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QACjC,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/config/config.d.ts

@@ -1,3 +1,4 @@
+import { Customization } from '@atproto/oauth-provider';
 import { ServerEnvironment } from './env';
 export declare const envToCfg: (env: ServerEnvironment) => ServerConfig;
 export type ServerConfig = {
@@ -17,6 +18,8 @@ export type ServerConfig = {
     redis: RedisScratchConfig | null;
     rateLimits: RateLimitsConfig;
     crawlers: string[];
+    fetch: FetchConfig;
+    oauth: OAuthConfig;
 };
 export type ServiceConfig = {
     port: number;
@@ -75,6 +78,15 @@ export type EntrywayConfig = {
     jwtPublicKeyHex: string;
     plcRotationKey: string;
 };
+export type FetchConfig = {
+    disableSsrfProtection: boolean;
+};
+export type OAuthConfig = {
+    issuer: string;
+    provider: false | {
+        customization: Customization;
+    };
+};
 export type InvitesConfig = {
     required: true;
     interval: number | null;

package/dist/config/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config/config.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAA;AAKzC,eAAO,MAAM,QAAQ,QAAS,iBAAiB,KAAG,YAsPjD,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,aAAa,CAAA;IACtB,EAAE,EAAE,cAAc,CAAA;IAClB,UAAU,EAAE,gBAAgB,CAAA;IAC5B,SAAS,EAAE,iBAAiB,GAAG,mBAAmB,CAAA;IAClD,QAAQ,EAAE,cAAc,CAAA;IACxB,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAA;IAC/B,OAAO,EAAE,aAAa,CAAA;IACtB,KAAK,EAAE,WAAW,GAAG,IAAI,CAAA;IACzB,eAAe,EAAE,WAAW,GAAG,IAAI,CAAA;IACnC,YAAY,EAAE,kBAAkB,CAAA;IAChC,WAAW,EAAE,iBAAiB,GAAG,IAAI,CAAA;IACrC,UAAU,EAAE,gBAAgB,GAAG,IAAI,CAAA;IACnC,aAAa,EAAE,mBAAmB,GAAG,IAAI,CAAA;IACzC,KAAK,EAAE,kBAAkB,GAAG,IAAI,CAAA;IAChC,UAAU,EAAE,gBAAgB,CAAA;IAC5B,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,gBAAgB,EAAE,OAAO,CAAA;IACzB,eAAe,EAAE,MAAM,CAAA;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,EAAE,MAAM,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,IAAI,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,WAAW,CAAC,EAAE;QACZ,WAAW,EAAE,MAAM,CAAA;QACnB,eAAe,EAAE,MAAM,CAAA;KACxB,CAAA;CACF,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,eAAe,EAAE,MAAM,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,oBAAoB,EAAE,MAAM,EAAE,CAAA;IAC9B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAA;IAClC,uBAAuB,EAAE,OAAO,CAAA;CACjC,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,eAAe,EAAE,MAAM,CAAA;IACvB,cAAc,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,aAAa,GACrB;IACE,QAAQ,EAAE,IAAI,CAAA;IACd,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,EAAE,MAAM,CAAA;CACd,GACD;IACE,QAAQ,EAAE,KAAK,CAAA;CAChB,CAAA;AAEL,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,mBAAmB,EAAE,MAAM,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,gBAAgB,GACxB;IACE,OAAO,EAAE,IAAI,CAAA;IACb,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAA;IACxB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;CACrB,GACD;IAAE,OAAO,EAAE,KAAK,CAAA;CAAE,CAAA;AAEtB,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config/config.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAA;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAA;AAKzC,eAAO,MAAM,QAAQ,QAAS,iBAAiB,KAAG,YAwSjD,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,aAAa,CAAA;IACtB,EAAE,EAAE,cAAc,CAAA;IAClB,UAAU,EAAE,gBAAgB,CAAA;IAC5B,SAAS,EAAE,iBAAiB,GAAG,mBAAmB,CAAA;IAClD,QAAQ,EAAE,cAAc,CAAA;IACxB,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAA;IAC/B,OAAO,EAAE,aAAa,CAAA;IACtB,KAAK,EAAE,WAAW,GAAG,IAAI,CAAA;IACzB,eAAe,EAAE,WAAW,GAAG,IAAI,CAAA;IACnC,YAAY,EAAE,kBAAkB,CAAA;IAChC,WAAW,EAAE,iBAAiB,GAAG,IAAI,CAAA;IACrC,UAAU,EAAE,gBAAgB,GAAG,IAAI,CAAA;IACnC,aAAa,EAAE,mBAAmB,GAAG,IAAI,CAAA;IACzC,KAAK,EAAE,kBAAkB,GAAG,IAAI,CAAA;IAChC,UAAU,EAAE,gBAAgB,CAAA;IAC5B,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,gBAAgB,EAAE,OAAO,CAAA;IACzB,eAAe,EAAE,MAAM,CAAA;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,EAAE,MAAM,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,IAAI,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,WAAW,CAAC,EAAE;QACZ,WAAW,EAAE,MAAM,CAAA;QACnB,eAAe,EAAE,MAAM,CAAA;KACxB,CAAA;CACF,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,eAAe,EAAE,MAAM,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,oBAAoB,EAAE,MAAM,EAAE,CAAA;IAC9B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAA;IAClC,uBAAuB,EAAE,OAAO,CAAA;CACjC,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,eAAe,EAAE,MAAM,CAAA;IACvB,cAAc,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,qBAAqB,EAAE,OAAO,CAAA;CAC/B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EACJ,KAAK,GACL;QACE,aAAa,EAAE,aAAa,CAAA;KAC7B,CAAA;CACN,CAAA;AAED,MAAM,MAAM,aAAa,GACrB;IACE,QAAQ,EAAE,IAAI,CAAA;IACd,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,EAAE,MAAM,CAAA;CACd,GACD;IACE,QAAQ,EAAE,KAAK,CAAA;CAChB,CAAA;AAEL,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,mBAAmB,EAAE,MAAM,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,gBAAgB,GACxB;IACE,OAAO,EAAE,IAAI,CAAA;IACb,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAA;IACxB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;CACrB,GACD;IAAE,OAAO,EAAE,KAAK,CAAA;CAAE,CAAA;AAEtB,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA"}

package/dist/config/config.js

@@ -199,6 +199,49 @@ const envToCfg = (env) => {
         }
         : { enabled: false };
     const crawlersCfg = env.crawlers ?? [];
+    const fetchCfg = {
+        disableSsrfProtection: env.fetchDisableSsrfProtection ?? false,
+    };
+    const oauthCfg = entrywayCfg
+        ? {
+            issuer: entrywayCfg.url,
+            provider: false,
+        }
+        : {
+            issuer: serviceCfg.publicUrl,
+            provider: {
+                customization: {
+                    name: env.serviceName ?? 'Personal PDS',
+                    logo: env.logoUrl,
+                    colors: {
+                        primary: env.primaryColor,
+                        error: env.errorColor,
+                    },
+                    links: [
+                        {
+                            title: 'Home',
+                            href: env.homeUrl,
+                            rel: 'bookmark',
+                        },
+                        {
+                            title: 'Terms of Service',
+                            href: env.termsOfServiceUrl,
+                            rel: 'terms-of-service',
+                        },
+                        {
+                            title: 'Privacy Policy',
+                            href: env.privacyPolicyUrl,
+                            rel: 'privacy-policy',
+                        },
+                        {
+                            title: 'Support',
+                            href: env.supportUrl,
+                            rel: 'help',
+                        },
+                    ].filter((f) => f.href != null),
+                },
+            },
+        };
     return {
         service: serviceCfg,
         db: dbCfg,
@@ -216,6 +259,8 @@ const envToCfg = (env) => {
         redis: redisCfg,
         rateLimits: rateLimitsCfg,
         crawlers: crawlersCfg,
+        fetch: fetchCfg,
+        oauth: oauthCfg,
     };
 };
 exports.envToCfg = envToCfg;