@atproto/pds 0.4.34 → 0.4.36

Sign up to get free protection for your applications and to get access to all the features.
Files changed (179) hide show
  1. package/CHANGELOG.md +17 -0
  2. package/dist/account-manager/db/migrations/004-oauth.d.ts +4 -0
  3. package/dist/account-manager/db/migrations/004-oauth.d.ts.map +1 -0
  4. package/dist/account-manager/db/migrations/004-oauth.js +106 -0
  5. package/dist/account-manager/db/migrations/004-oauth.js.map +1 -0
  6. package/dist/account-manager/db/migrations/index.d.ts +2 -0
  7. package/dist/account-manager/db/migrations/index.d.ts.map +1 -1
  8. package/dist/account-manager/db/migrations/index.js +2 -0
  9. package/dist/account-manager/db/migrations/index.js.map +1 -1
  10. package/dist/account-manager/db/schema/authorization-request.d.ts +19 -0
  11. package/dist/account-manager/db/schema/authorization-request.d.ts.map +1 -0
  12. package/dist/account-manager/db/schema/authorization-request.js +5 -0
  13. package/dist/account-manager/db/schema/authorization-request.js.map +1 -0
  14. package/dist/account-manager/db/schema/device-account.d.ts +14 -0
  15. package/dist/account-manager/db/schema/device-account.d.ts.map +1 -0
  16. package/dist/account-manager/db/schema/device-account.js +5 -0
  17. package/dist/account-manager/db/schema/device-account.js.map +1 -0
  18. package/dist/account-manager/db/schema/device.d.ts +16 -0
  19. package/dist/account-manager/db/schema/device.d.ts.map +1 -0
  20. package/dist/account-manager/db/schema/device.js +5 -0
  21. package/dist/account-manager/db/schema/device.js.map +1 -0
  22. package/dist/account-manager/db/schema/index.d.ts +11 -1
  23. package/dist/account-manager/db/schema/index.d.ts.map +1 -1
  24. package/dist/account-manager/db/schema/token.d.ts +24 -0
  25. package/dist/account-manager/db/schema/token.d.ts.map +1 -0
  26. package/dist/account-manager/db/schema/token.js +5 -0
  27. package/dist/account-manager/db/schema/token.js.map +1 -0
  28. package/dist/account-manager/db/schema/used-refresh-token.d.ts +12 -0
  29. package/dist/account-manager/db/schema/used-refresh-token.d.ts.map +1 -0
  30. package/dist/account-manager/db/schema/used-refresh-token.js +5 -0
  31. package/dist/account-manager/db/schema/used-refresh-token.js.map +1 -0
  32. package/dist/account-manager/helpers/account.d.ts +27 -5
  33. package/dist/account-manager/helpers/account.d.ts.map +1 -1
  34. package/dist/account-manager/helpers/account.js +15 -14
  35. package/dist/account-manager/helpers/account.js.map +1 -1
  36. package/dist/account-manager/helpers/authorization-request.d.ts +12 -0
  37. package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -0
  38. package/dist/account-manager/helpers/authorization-request.js +59 -0
  39. package/dist/account-manager/helpers/authorization-request.js.map +1 -0
  40. package/dist/account-manager/helpers/device-account.d.ts +108 -0
  41. package/dist/account-manager/helpers/device-account.d.ts.map +1 -0
  42. package/dist/account-manager/helpers/device-account.js +82 -0
  43. package/dist/account-manager/helpers/device-account.js.map +1 -0
  44. package/dist/account-manager/helpers/device.d.ts +9 -0
  45. package/dist/account-manager/helpers/device.d.ts.map +1 -0
  46. package/dist/account-manager/helpers/device.js +32 -0
  47. package/dist/account-manager/helpers/device.js.map +1 -0
  48. package/dist/account-manager/helpers/token.d.ts +485 -0
  49. package/dist/account-manager/helpers/token.d.ts.map +1 -0
  50. package/dist/account-manager/helpers/token.js +123 -0
  51. package/dist/account-manager/helpers/token.js.map +1 -0
  52. package/dist/account-manager/helpers/used-refresh-token.d.ts +10 -0
  53. package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -0
  54. package/dist/account-manager/helpers/used-refresh-token.js +25 -0
  55. package/dist/account-manager/helpers/used-refresh-token.js.map +1 -0
  56. package/dist/account-manager/index.d.ts +36 -6
  57. package/dist/account-manager/index.d.ts.map +1 -1
  58. package/dist/account-manager/index.js +223 -22
  59. package/dist/account-manager/index.js.map +1 -1
  60. package/dist/actor-store/preference/reader.js.map +1 -1
  61. package/dist/actor-store/record/reader.d.ts +1 -1
  62. package/dist/api/app/bsky/util/resolver.d.ts +1 -1
  63. package/dist/api/com/atproto/server/createSession.d.ts.map +1 -1
  64. package/dist/api/com/atproto/server/createSession.js +7 -31
  65. package/dist/api/com/atproto/server/createSession.js.map +1 -1
  66. package/dist/api/com/atproto/server/deleteSession.d.ts.map +1 -1
  67. package/dist/api/com/atproto/server/deleteSession.js +14 -13
  68. package/dist/api/com/atproto/server/deleteSession.js.map +1 -1
  69. package/dist/api/com/atproto/server/getSession.d.ts.map +1 -1
  70. package/dist/api/com/atproto/server/getSession.js +4 -2
  71. package/dist/api/com/atproto/server/getSession.js.map +1 -1
  72. package/dist/api/com/atproto/server/refreshSession.d.ts.map +1 -1
  73. package/dist/api/com/atproto/server/refreshSession.js +4 -2
  74. package/dist/api/com/atproto/server/refreshSession.js.map +1 -1
  75. package/dist/api/com/atproto/sync/getRepoStatus.d.ts.map +1 -1
  76. package/dist/api/com/atproto/sync/getRepoStatus.js +2 -1
  77. package/dist/api/com/atproto/sync/getRepoStatus.js.map +1 -1
  78. package/dist/api/com/atproto/sync/listRepos.js +2 -2
  79. package/dist/api/com/atproto/sync/listRepos.js.map +1 -1
  80. package/dist/api/proxy.d.ts.map +1 -1
  81. package/dist/api/proxy.js +15 -2
  82. package/dist/api/proxy.js.map +1 -1
  83. package/dist/auth-routes.d.ts +4 -0
  84. package/dist/auth-routes.d.ts.map +1 -0
  85. package/dist/auth-routes.js +24 -0
  86. package/dist/auth-routes.js.map +1 -0
  87. package/dist/auth-verifier.d.ts +32 -11
  88. package/dist/auth-verifier.d.ts.map +1 -1
  89. package/dist/auth-verifier.js +238 -79
  90. package/dist/auth-verifier.js.map +1 -1
  91. package/dist/config/config.d.ts +12 -0
  92. package/dist/config/config.d.ts.map +1 -1
  93. package/dist/config/config.js +45 -0
  94. package/dist/config/config.js.map +1 -1
  95. package/dist/config/env.d.ts +8 -0
  96. package/dist/config/env.d.ts.map +1 -1
  97. package/dist/config/env.js +10 -0
  98. package/dist/config/env.js.map +1 -1
  99. package/dist/config/secrets.d.ts +1 -0
  100. package/dist/config/secrets.d.ts.map +1 -1
  101. package/dist/config/secrets.js +1 -0
  102. package/dist/config/secrets.js.map +1 -1
  103. package/dist/context.d.ts +6 -0
  104. package/dist/context.d.ts.map +1 -1
  105. package/dist/context.js +71 -13
  106. package/dist/context.js.map +1 -1
  107. package/dist/db/cast.d.ts +15 -0
  108. package/dist/db/cast.d.ts.map +1 -0
  109. package/dist/db/cast.js +66 -0
  110. package/dist/db/cast.js.map +1 -0
  111. package/dist/db/db.d.ts +2 -2
  112. package/dist/db/db.d.ts.map +1 -1
  113. package/dist/db/db.js +9 -7
  114. package/dist/db/db.js.map +1 -1
  115. package/dist/db/index.d.ts +1 -0
  116. package/dist/db/index.d.ts.map +1 -1
  117. package/dist/db/index.js +1 -0
  118. package/dist/db/index.js.map +1 -1
  119. package/dist/error.d.ts.map +1 -1
  120. package/dist/error.js +5 -0
  121. package/dist/error.js.map +1 -1
  122. package/dist/index.d.ts.map +1 -1
  123. package/dist/index.js +2 -0
  124. package/dist/index.js.map +1 -1
  125. package/dist/logger.d.ts +13 -11
  126. package/dist/logger.d.ts.map +1 -1
  127. package/dist/logger.js +80 -64
  128. package/dist/logger.js.map +1 -1
  129. package/dist/oauth/detailed-account-store.d.ts +27 -0
  130. package/dist/oauth/detailed-account-store.d.ts.map +1 -0
  131. package/dist/oauth/detailed-account-store.js +76 -0
  132. package/dist/oauth/detailed-account-store.js.map +1 -0
  133. package/dist/oauth/provider.d.ts +16 -0
  134. package/dist/oauth/provider.d.ts.map +1 -0
  135. package/dist/oauth/provider.js +45 -0
  136. package/dist/oauth/provider.js.map +1 -0
  137. package/dist/pipethrough.d.ts.map +1 -1
  138. package/dist/pipethrough.js.map +1 -1
  139. package/dist/sequencer/events.d.ts +2 -2
  140. package/example.env +21 -3
  141. package/package.json +9 -7
  142. package/src/account-manager/db/migrations/004-oauth.ts +122 -0
  143. package/src/account-manager/db/migrations/index.ts +2 -0
  144. package/src/account-manager/db/schema/authorization-request.ts +26 -0
  145. package/src/account-manager/db/schema/device-account.ts +15 -0
  146. package/src/account-manager/db/schema/device.ts +18 -0
  147. package/src/account-manager/db/schema/index.ts +15 -0
  148. package/src/account-manager/db/schema/token.ts +34 -0
  149. package/src/account-manager/db/schema/used-refresh-token.ts +13 -0
  150. package/src/account-manager/helpers/account.ts +16 -21
  151. package/src/account-manager/helpers/authorization-request.ts +82 -0
  152. package/src/account-manager/helpers/device-account.ts +135 -0
  153. package/src/account-manager/helpers/device.ts +45 -0
  154. package/src/account-manager/helpers/token.ts +185 -0
  155. package/src/account-manager/helpers/used-refresh-token.ts +30 -0
  156. package/src/account-manager/index.ts +325 -20
  157. package/src/actor-store/preference/reader.ts +1 -1
  158. package/src/api/com/atproto/server/createSession.ts +8 -44
  159. package/src/api/com/atproto/server/deleteSession.ts +14 -20
  160. package/src/api/com/atproto/server/getSession.ts +7 -2
  161. package/src/api/com/atproto/server/refreshSession.ts +6 -2
  162. package/src/api/com/atproto/sync/getRepoStatus.ts +3 -1
  163. package/src/api/com/atproto/sync/listRepos.ts +1 -1
  164. package/src/api/proxy.ts +18 -2
  165. package/src/auth-routes.ts +27 -0
  166. package/src/auth-verifier.ts +312 -92
  167. package/src/config/config.ts +66 -0
  168. package/src/config/env.ts +24 -0
  169. package/src/config/secrets.ts +2 -0
  170. package/src/context.ts +80 -14
  171. package/src/db/cast.ts +59 -0
  172. package/src/db/db.ts +15 -12
  173. package/src/db/index.ts +1 -0
  174. package/src/error.ts +7 -0
  175. package/src/index.ts +2 -0
  176. package/src/logger.ts +83 -38
  177. package/src/oauth/detailed-account-store.ts +96 -0
  178. package/src/oauth/provider.ts +77 -0
  179. package/src/pipethrough.ts +3 -2
@@ -0,0 +1,59 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.findByCodeQB = exports.removeByIdQB = exports.removeOldExpiredQB = exports.updateQB = exports.readQB = exports.createQB = exports.rowToFoundRequestResult = exports.rowToRequestData = void 0;
4
+ const db_1 = require("../../db");
5
+ const rowToRequestData = (row) => ({
6
+ clientId: row.clientId,
7
+ clientAuth: (0, db_1.fromJsonObject)(row.clientAuth),
8
+ parameters: (0, db_1.fromJsonObject)(row.parameters),
9
+ expiresAt: (0, db_1.fromDateISO)(row.expiresAt),
10
+ deviceId: row.deviceId,
11
+ sub: row.did,
12
+ code: row.code,
13
+ });
14
+ exports.rowToRequestData = rowToRequestData;
15
+ const rowToFoundRequestResult = (row) => ({
16
+ id: row.id,
17
+ data: (0, exports.rowToRequestData)(row),
18
+ });
19
+ exports.rowToFoundRequestResult = rowToFoundRequestResult;
20
+ const requestDataToRow = (id, data) => ({
21
+ id,
22
+ did: data.sub,
23
+ deviceId: data.deviceId,
24
+ clientId: data.clientId,
25
+ clientAuth: (0, db_1.toJsonObject)(data.clientAuth),
26
+ parameters: (0, db_1.toJsonObject)(data.parameters),
27
+ expiresAt: (0, db_1.toDateISO)(data.expiresAt),
28
+ code: data.code,
29
+ });
30
+ const createQB = (db, id, data) => db.db.insertInto('authorization_request').values(requestDataToRow(id, data));
31
+ exports.createQB = createQB;
32
+ const readQB = (db, id) => db.db.selectFrom('authorization_request').where('id', '=', id).selectAll();
33
+ exports.readQB = readQB;
34
+ const updateQB = (db, id, { code, sub, deviceId, expiresAt }) => db.db
35
+ .updateTable('authorization_request')
36
+ .if(code !== undefined, (qb) => qb.set({ code }))
37
+ .if(sub !== undefined, (qb) => qb.set({ did: sub }))
38
+ .if(deviceId !== undefined, (qb) => qb.set({ deviceId }))
39
+ .if(expiresAt != null, (qb) => qb.set({ expiresAt: (0, db_1.toDateISO)(expiresAt) }))
40
+ .where('id', '=', id);
41
+ exports.updateQB = updateQB;
42
+ const removeOldExpiredQB = (db, delay = 600e3) =>
43
+ // We allow some delay for the expiration time so that expired requests
44
+ // can still be returned to the OAuthProvider library for error handling.
45
+ db.db
46
+ .deleteFrom('authorization_request')
47
+ // uses "authorization_request_expires_at_idx" index
48
+ .where('expiresAt', '<', (0, db_1.toDateISO)(new Date(Date.now() - delay)));
49
+ exports.removeOldExpiredQB = removeOldExpiredQB;
50
+ const removeByIdQB = (db, id) => db.db.deleteFrom('authorization_request').where('id', '=', id);
51
+ exports.removeByIdQB = removeByIdQB;
52
+ const findByCodeQB = (db, code) => db.db
53
+ .selectFrom('authorization_request')
54
+ // uses "authorization_request_code_idx" partial index (hence the null check)
55
+ .where('code', '=', code)
56
+ .where('code', 'is not', null)
57
+ .selectAll();
58
+ exports.findByCodeQB = findByCodeQB;
59
+ //# sourceMappingURL=authorization-request.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"authorization-request.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/authorization-request.ts"],"names":[],"mappings":";;;AAQA,iCAA+E;AAGxE,MAAM,gBAAgB,GAAG,CAC9B,GAAqC,EACxB,EAAE,CAAC,CAAC;IACjB,QAAQ,EAAE,GAAG,CAAC,QAAQ;IACtB,UAAU,EAAE,IAAA,mBAAc,EAAC,GAAG,CAAC,UAAU,CAAC;IAC1C,UAAU,EAAE,IAAA,mBAAc,EAAC,GAAG,CAAC,UAAU,CAAC;IAC1C,SAAS,EAAE,IAAA,gBAAW,EAAC,GAAG,CAAC,SAAS,CAAC;IACrC,QAAQ,EAAE,GAAG,CAAC,QAAQ;IACtB,GAAG,EAAE,GAAG,CAAC,GAAG;IACZ,IAAI,EAAE,GAAG,CAAC,IAAI;CACf,CAAC,CAAA;AAVW,QAAA,gBAAgB,oBAU3B;AAEK,MAAM,uBAAuB,GAAG,CACrC,GAAqC,EACjB,EAAE,CAAC,CAAC;IACxB,EAAE,EAAE,GAAG,CAAC,EAAE;IACV,IAAI,EAAE,IAAA,wBAAgB,EAAC,GAAG,CAAC;CAC5B,CAAC,CAAA;AALW,QAAA,uBAAuB,2BAKlC;AAEF,MAAM,gBAAgB,GAAG,CACvB,EAAa,EACb,IAAiB,EACiB,EAAE,CAAC,CAAC;IACtC,EAAE;IACF,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;IAEvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;IACvB,UAAU,EAAE,IAAA,iBAAY,EAAC,IAAI,CAAC,UAAU,CAAC;IACzC,UAAU,EAAE,IAAA,iBAAY,EAAC,IAAI,CAAC,UAAU,CAAC;IACzC,SAAS,EAAE,IAAA,cAAS,EAAC,IAAI,CAAC,SAAS,CAAC;IACpC,IAAI,EAAE,IAAI,CAAC,IAAI;CAChB,CAAC,CAAA;AAEK,MAAM,QAAQ,GAAG,CAAC,EAAa,EAAE,EAAa,EAAE,IAAiB,EAAE,EAAE,CAC1E,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAA;AADjE,QAAA,QAAQ,YACyD;AAEvE,MAAM,MAAM,GAAG,CAAC,EAAa,EAAE,EAAa,EAAE,EAAE,CACrD,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,CAAA;AAD/D,QAAA,MAAM,UACyD;AAErE,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,EAAa,EACb,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAqB,EACrD,EAAE,CACF,EAAE,CAAC,EAAE;KACF,WAAW,CAAC,uBAAuB,CAAC;KACpC,EAAE,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;KAChD,EAAE,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;KACnD,EAAE,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;KACxD,EAAE,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,IAAA,cAAS,EAAC,SAAU,CAAC,EAAE,CAAC,CAAC;KAC3E,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;AAXZ,QAAA,QAAQ,YAWI;AAElB,MAAM,kBAAkB,GAAG,CAAC,EAAa,EAAE,KAAK,GAAG,KAAK,EAAE,EAAE;AACjE,uEAAuE;AACvE,yEAAyE;AACzE,EAAE,CAAC,EAAE;KACF,UAAU,CAAC,uBAAuB,CAAC;IACpC,oDAAoD;KACnD,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,IAAA,cAAS,EAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;AANxD,QAAA,kBAAkB,sBAMsC;AAE9D,MAAM,YAAY,GAAG,CAAC,EAAa,EAAE,EAAa,EAAE,EAAE,CAC3D,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;AADnD,QAAA,YAAY,gBACuC;AAEzD,MAAM,YAAY,GAAG,CAAC,EAAa,EAAE,IAAU,EAAE,EAAE,CACxD,EAAE,CAAC,EAAE;KACF,UAAU,CAAC,uBAAuB,CAAC;IACpC,6EAA6E;KAC5E,KAAK,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC;KACxB,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,CAAC;KAC7B,SAAS,EAAE,CAAA;AANH,QAAA,YAAY,gBAMT"}
@@ -0,0 +1,108 @@
1
+ import { Account, DeviceAccountInfo, DeviceId, OAuthClientId } from '@atproto/oauth-provider';
2
+ import { Selectable } from 'kysely';
3
+ import { AccountDb } from '../db';
4
+ import { DeviceAccount } from '../db/schema/device-account';
5
+ import { ActorAccount } from './account';
6
+ export type SelectableDeviceAccount = Pick<Selectable<DeviceAccount>, 'authenticatedAt' | 'authorizedClients' | 'remember'>;
7
+ export type InsertableField = {
8
+ authenticatedAt: Date;
9
+ authorizedClients: OAuthClientId[];
10
+ remember: boolean;
11
+ };
12
+ export declare function toDeviceAccountInfo(row: SelectableDeviceAccount): DeviceAccountInfo;
13
+ export declare function toAccount(row: Selectable<ActorAccount>, audience: string): Account;
14
+ export declare const readQB: (db: AccountDb, deviceId: DeviceId, did: string) => import("kysely/dist/cjs/parser/select-parser").QueryBuilderWithSelection<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "device_account">, "device_account", {}, "authenticatedAt" | "remember" | "authorizedClients">;
15
+ export declare const updateQB: (db: AccountDb, deviceId: DeviceId, did: string, entry: {
16
+ authenticatedAt?: Date;
17
+ authorizedClients?: OAuthClientId[];
18
+ remember?: boolean;
19
+ }) => import("kysely").UpdateQueryBuilder<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "device_account">, "device_account", "device_account", import("kysely").UpdateResult>;
20
+ export declare const createOrUpdateQB: (db: AccountDb, deviceId: DeviceId, did: string, remember: boolean) => import("kysely").InsertQueryBuilder<import("../db").DatabaseSchema, "device_account", import("kysely").InsertResult>;
21
+ export declare const getAccountInfoQB: (db: AccountDb, deviceId: DeviceId, did: string) => import("kysely").SelectQueryBuilder<{
22
+ account: import("kysely/dist/cjs/util/type-utils").Nullable<import("../db").Account>;
23
+ token: import("../db").Token;
24
+ actor: import("../db").Actor;
25
+ device: import("../db").Device;
26
+ device_account: DeviceAccount;
27
+ authorization_request: import("../db").AuthorizationRequest;
28
+ used_refresh_token: import("../db").UsedRefreshToken;
29
+ repo_root: import("../db").RepoRoot;
30
+ refresh_token: import("../db").RefreshToken;
31
+ app_password: import("../db").AppPassword;
32
+ invite_code: import("../db").InviteCode;
33
+ invite_code_use: import("../db").InviteCodeUse;
34
+ email_token: import("../db").EmailToken;
35
+ }, "account" | "actor" | "device" | "device_account", Partial<Omit<{}, never>> & Partial<Omit<Partial<Omit<{}, never>>, never>> & import("kysely").Selection<{
36
+ account: import("kysely/dist/cjs/util/type-utils").Nullable<import("../db").Account>;
37
+ token: import("../db").Token;
38
+ actor: import("../db").Actor;
39
+ device: import("../db").Device;
40
+ device_account: DeviceAccount;
41
+ authorization_request: import("../db").AuthorizationRequest;
42
+ used_refresh_token: import("../db").UsedRefreshToken;
43
+ repo_root: import("../db").RepoRoot;
44
+ refresh_token: import("../db").RefreshToken;
45
+ app_password: import("../db").AppPassword;
46
+ invite_code: import("../db").InviteCode;
47
+ invite_code_use: import("../db").InviteCodeUse;
48
+ email_token: import("../db").EmailToken;
49
+ }, "account" | "actor", "actor.did" | "account.email" | "account.invitesDisabled" | "account.emailConfirmedAt" | "actor.handle" | "actor.createdAt" | "actor.takedownRef" | "actor.deactivatedAt" | "actor.deleteAfter"> & import("kysely").Selection<{
50
+ account: import("kysely/dist/cjs/util/type-utils").Nullable<import("../db").Account>;
51
+ token: import("../db").Token;
52
+ actor: import("../db").Actor;
53
+ device: import("../db").Device;
54
+ device_account: DeviceAccount;
55
+ authorization_request: import("../db").AuthorizationRequest;
56
+ used_refresh_token: import("../db").UsedRefreshToken;
57
+ repo_root: import("../db").RepoRoot;
58
+ refresh_token: import("../db").RefreshToken;
59
+ app_password: import("../db").AppPassword;
60
+ invite_code: import("../db").InviteCode;
61
+ invite_code_use: import("../db").InviteCodeUse;
62
+ email_token: import("../db").EmailToken;
63
+ }, "account" | "actor" | "device" | "device_account", "device_account.authenticatedAt" | "device_account.remember" | "device_account.authorizedClients">>;
64
+ export declare const listRememberedQB: (db: AccountDb, deviceId: DeviceId) => import("kysely").SelectQueryBuilder<{
65
+ account: import("kysely/dist/cjs/util/type-utils").Nullable<import("../db").Account>;
66
+ token: import("../db").Token;
67
+ actor: import("../db").Actor;
68
+ device: import("../db").Device;
69
+ device_account: DeviceAccount;
70
+ authorization_request: import("../db").AuthorizationRequest;
71
+ used_refresh_token: import("../db").UsedRefreshToken;
72
+ repo_root: import("../db").RepoRoot;
73
+ refresh_token: import("../db").RefreshToken;
74
+ app_password: import("../db").AppPassword;
75
+ invite_code: import("../db").InviteCode;
76
+ invite_code_use: import("../db").InviteCodeUse;
77
+ email_token: import("../db").EmailToken;
78
+ }, "account" | "actor" | "device" | "device_account", Partial<Omit<{}, never>> & Partial<Omit<Partial<Omit<{}, never>>, never>> & import("kysely").Selection<{
79
+ account: import("kysely/dist/cjs/util/type-utils").Nullable<import("../db").Account>;
80
+ token: import("../db").Token;
81
+ actor: import("../db").Actor;
82
+ device: import("../db").Device;
83
+ device_account: DeviceAccount;
84
+ authorization_request: import("../db").AuthorizationRequest;
85
+ used_refresh_token: import("../db").UsedRefreshToken;
86
+ repo_root: import("../db").RepoRoot;
87
+ refresh_token: import("../db").RefreshToken;
88
+ app_password: import("../db").AppPassword;
89
+ invite_code: import("../db").InviteCode;
90
+ invite_code_use: import("../db").InviteCodeUse;
91
+ email_token: import("../db").EmailToken;
92
+ }, "account" | "actor", "actor.did" | "account.email" | "account.invitesDisabled" | "account.emailConfirmedAt" | "actor.handle" | "actor.createdAt" | "actor.takedownRef" | "actor.deactivatedAt" | "actor.deleteAfter"> & import("kysely").Selection<{
93
+ account: import("kysely/dist/cjs/util/type-utils").Nullable<import("../db").Account>;
94
+ token: import("../db").Token;
95
+ actor: import("../db").Actor;
96
+ device: import("../db").Device;
97
+ device_account: DeviceAccount;
98
+ authorization_request: import("../db").AuthorizationRequest;
99
+ used_refresh_token: import("../db").UsedRefreshToken;
100
+ repo_root: import("../db").RepoRoot;
101
+ refresh_token: import("../db").RefreshToken;
102
+ app_password: import("../db").AppPassword;
103
+ invite_code: import("../db").InviteCode;
104
+ invite_code_use: import("../db").InviteCodeUse;
105
+ email_token: import("../db").EmailToken;
106
+ }, "account" | "actor" | "device" | "device_account", "device_account.authenticatedAt" | "device_account.remember" | "device_account.authorizedClients">>;
107
+ export declare const removeQB: (db: AccountDb, deviceId: DeviceId, did: string) => import("kysely").DeleteQueryBuilder<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "device_account">, "device_account", import("kysely").DeleteResult>;
108
+ //# sourceMappingURL=device-account.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"device-account.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/device-account.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,OAAO,EACP,iBAAiB,EACjB,QAAQ,EACR,aAAa,EACd,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAc,UAAU,EAAE,MAAM,QAAQ,CAAA;AAG/C,OAAO,EAAE,SAAS,EAAE,MAAM,OAAO,CAAA;AACjC,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAA;AAC3D,OAAO,EAAE,YAAY,EAAmB,MAAM,WAAW,CAAA;AAEzD,MAAM,MAAM,uBAAuB,GAAG,IAAI,CACxC,UAAU,CAAC,aAAa,CAAC,EACzB,iBAAiB,GAAG,mBAAmB,GAAG,UAAU,CACrD,CAAA;AAcD,MAAM,MAAM,eAAe,GAAG;IAC5B,eAAe,EAAE,IAAI,CAAA;IACrB,iBAAiB,EAAE,aAAa,EAAE,CAAA;IAClC,QAAQ,EAAE,OAAO,CAAA;CAClB,CAAA;AAqBD,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,uBAAuB,GAC3B,iBAAiB,CAMnB;AAED,wBAAgB,SAAS,CACvB,GAAG,EAAE,UAAU,CAAC,YAAY,CAAC,EAC7B,QAAQ,EAAE,MAAM,GACf,OAAO,CAQT;AAED,eAAO,MAAM,MAAM,4BAA6B,QAAQ,OAAO,MAAM,+PAKJ,CAAA;AAEjE,eAAO,MAAM,QAAQ,4BAET,QAAQ,OACb,MAAM,SACJ;IACL,eAAe,CAAC,EAAE,IAAI,CAAA;IACtB,iBAAiB,CAAC,EAAE,aAAa,EAAE,CAAA;IACnC,QAAQ,CAAC,EAAE,OAAO,CAAA;CACnB,iNAMkC,CAAA;AAErC,eAAO,MAAM,gBAAgB,4BAEjB,QAAQ,OACb,MAAM,YACD,OAAO,yHAYlB,CAAA;AAED,eAAO,MAAM,gBAAgB,4BAEjB,QAAQ,OACb,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yJAGZ,CAAA;AAED,eAAO,MAAM,gBAAgB,4BAA6B,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yJACU,CAAA;AAE5E,eAAO,MAAM,QAAQ,4BAA6B,QAAQ,OAAO,MAAM,+LAI5C,CAAA"}
@@ -0,0 +1,82 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.removeQB = exports.listRememberedQB = exports.getAccountInfoQB = exports.createOrUpdateQB = exports.updateQB = exports.readQB = exports.toAccount = exports.toDeviceAccountInfo = void 0;
4
+ const db_1 = require("../../db");
5
+ const account_1 = require("./account");
6
+ const selectAccountInfoQB = (db, deviceId) => (0, account_1.selectAccountQB)(db, { includeDeactivated: true })
7
+ // note: query planner should use "device_account_pk" index
8
+ .innerJoin('device_account', 'device_account.did', 'actor.did')
9
+ .innerJoin('device', 'device.id', 'device_account.deviceId')
10
+ .where('device.id', '=', deviceId)
11
+ .select([
12
+ 'device_account.authenticatedAt',
13
+ 'device_account.remember',
14
+ 'device_account.authorizedClients',
15
+ ]);
16
+ function toInsertable(values) {
17
+ const row = {};
18
+ if (values.authenticatedAt) {
19
+ row.authenticatedAt = (0, db_1.toDateISO)(values.authenticatedAt);
20
+ }
21
+ if (values.remember !== undefined) {
22
+ row.remember = values.remember === true ? 1 : 0;
23
+ }
24
+ if (values.authorizedClients) {
25
+ row.authorizedClients = (0, db_1.toJsonArray)(values.authorizedClients);
26
+ }
27
+ return row;
28
+ }
29
+ function toDeviceAccountInfo(row) {
30
+ return {
31
+ remembered: row.remember === 1,
32
+ authenticatedAt: (0, db_1.fromDateISO)(row.authenticatedAt),
33
+ authorizedClients: (0, db_1.fromJsonArray)(row.authorizedClients),
34
+ };
35
+ }
36
+ exports.toDeviceAccountInfo = toDeviceAccountInfo;
37
+ function toAccount(row, audience) {
38
+ return {
39
+ sub: row.did,
40
+ aud: audience,
41
+ email: row.email || undefined,
42
+ email_verified: row.email ? row.emailConfirmedAt != null : undefined,
43
+ preferred_username: row.handle || undefined,
44
+ };
45
+ }
46
+ exports.toAccount = toAccount;
47
+ const readQB = (db, deviceId, did) => db.db
48
+ .selectFrom('device_account')
49
+ .where('did', '=', did)
50
+ .where('deviceId', '=', deviceId)
51
+ .select(['remember', 'authorizedClients', 'authenticatedAt']);
52
+ exports.readQB = readQB;
53
+ const updateQB = (db, deviceId, did, entry) => db.db
54
+ .updateTable('device_account')
55
+ .set(toInsertable(entry))
56
+ .where('did', '=', did)
57
+ .where('deviceId', '=', deviceId);
58
+ exports.updateQB = updateQB;
59
+ const createOrUpdateQB = (db, deviceId, did, remember) => {
60
+ const { authorizedClients, ...values } = toInsertable({
61
+ remember,
62
+ authenticatedAt: new Date(),
63
+ authorizedClients: [],
64
+ });
65
+ return db.db
66
+ .insertInto('device_account')
67
+ .values({ did, deviceId, authorizedClients, ...values })
68
+ .onConflict((oc) => oc.columns(['deviceId', 'did']).doUpdateSet(values));
69
+ };
70
+ exports.createOrUpdateQB = createOrUpdateQB;
71
+ const getAccountInfoQB = (db, deviceId, did) => {
72
+ return selectAccountInfoQB(db, deviceId).where('actor.did', '=', did);
73
+ };
74
+ exports.getAccountInfoQB = getAccountInfoQB;
75
+ const listRememberedQB = (db, deviceId) => selectAccountInfoQB(db, deviceId).where('device_account.remember', '=', 1);
76
+ exports.listRememberedQB = listRememberedQB;
77
+ const removeQB = (db, deviceId, did) => db.db
78
+ .deleteFrom('device_account')
79
+ .where('deviceId', '=', deviceId)
80
+ .where('did', '=', did);
81
+ exports.removeQB = removeQB;
82
+ //# sourceMappingURL=device-account.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"device-account.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/device-account.ts"],"names":[],"mappings":";;;AAQA,iCAA6E;AAG7E,uCAAyD;AAOzD,MAAM,mBAAmB,GAAG,CAAC,EAAa,EAAE,QAAkB,EAAE,EAAE,CAChE,IAAA,yBAAe,EAAC,EAAE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC;IAC/C,2DAA2D;KAC1D,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,EAAE,WAAW,CAAC;KAC9D,SAAS,CAAC,QAAQ,EAAE,WAAW,EAAE,yBAAyB,CAAC;KAC3D,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,QAAQ,CAAC;KACjC,MAAM,CAAC;IACN,gCAAgC;IAChC,yBAAyB;IACzB,kCAAkC;CACnC,CAAC,CAAA;AAWN,SAAS,YAAY,CACnB,MAAgC;IAEhC,MAAM,GAAG,GAAuC,EAAE,CAAA;IAClD,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3B,GAAG,CAAC,eAAe,GAAG,IAAA,cAAS,EAAC,MAAM,CAAC,eAAe,CAAC,CAAA;IACzD,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACjD,CAAC;IACD,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC7B,GAAG,CAAC,iBAAiB,GAAG,IAAA,gBAAW,EAAC,MAAM,CAAC,iBAAiB,CAAC,CAAA;IAC/D,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAgB,mBAAmB,CACjC,GAA4B;IAE5B,OAAO;QACL,UAAU,EAAE,GAAG,CAAC,QAAQ,KAAK,CAAC;QAC9B,eAAe,EAAE,IAAA,gBAAW,EAAC,GAAG,CAAC,eAAe,CAAC;QACjD,iBAAiB,EAAE,IAAA,kBAAa,EAAgB,GAAG,CAAC,iBAAiB,CAAC;KACvE,CAAA;AACH,CAAC;AARD,kDAQC;AAED,SAAgB,SAAS,CACvB,GAA6B,EAC7B,QAAgB;IAEhB,OAAO;QACL,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,GAAG,EAAE,QAAQ;QACb,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,SAAS;QAC7B,cAAc,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS;QACpE,kBAAkB,EAAE,GAAG,CAAC,MAAM,IAAI,SAAS;KAC5C,CAAA;AACH,CAAC;AAXD,8BAWC;AAEM,MAAM,MAAM,GAAG,CAAC,EAAa,EAAE,QAAkB,EAAE,GAAW,EAAE,EAAE,CACvE,EAAE,CAAC,EAAE;KACF,UAAU,CAAC,gBAAgB,CAAC;KAC5B,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;KACtB,KAAK,CAAC,UAAU,EAAE,GAAG,EAAE,QAAQ,CAAC;KAChC,MAAM,CAAC,CAAC,UAAU,EAAE,mBAAmB,EAAE,iBAAiB,CAAC,CAAC,CAAA;AALpD,QAAA,MAAM,UAK8C;AAE1D,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,QAAkB,EAClB,GAAW,EACX,KAIC,EACD,EAAE,CACF,EAAE,CAAC,EAAE;KACF,WAAW,CAAC,gBAAgB,CAAC;KAC7B,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;KACxB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;KACtB,KAAK,CAAC,UAAU,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAA;AAdxB,QAAA,QAAQ,YAcgB;AAE9B,MAAM,gBAAgB,GAAG,CAC9B,EAAa,EACb,QAAkB,EAClB,GAAW,EACX,QAAiB,EACjB,EAAE;IACF,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,EAAE,GAAG,YAAY,CAAC;QACpD,QAAQ;QACR,eAAe,EAAE,IAAI,IAAI,EAAE;QAC3B,iBAAiB,EAAE,EAAE;KACtB,CAAC,CAAA;IAEF,OAAO,EAAE,CAAC,EAAE;SACT,UAAU,CAAC,gBAAgB,CAAC;SAC5B,MAAM,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,MAAM,EAAE,CAAC;SACvD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAA;AAC5E,CAAC,CAAA;AAhBY,QAAA,gBAAgB,oBAgB5B;AAEM,MAAM,gBAAgB,GAAG,CAC9B,EAAa,EACb,QAAkB,EAClB,GAAW,EACX,EAAE;IACF,OAAO,mBAAmB,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;AACvE,CAAC,CAAA;AANY,QAAA,gBAAgB,oBAM5B;AAEM,MAAM,gBAAgB,GAAG,CAAC,EAAa,EAAE,QAAkB,EAAE,EAAE,CACpE,mBAAmB,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC,yBAAyB,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;AAD/D,QAAA,gBAAgB,oBAC+C;AAErE,MAAM,QAAQ,GAAG,CAAC,EAAa,EAAE,QAAkB,EAAE,GAAW,EAAE,EAAE,CACzE,EAAE,CAAC,EAAE;KACF,UAAU,CAAC,gBAAgB,CAAC;KAC5B,KAAK,CAAC,UAAU,EAAE,GAAG,EAAE,QAAQ,CAAC;KAChC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;AAJd,QAAA,QAAQ,YAIM"}
@@ -0,0 +1,9 @@
1
+ import { DeviceId, DeviceData } from '@atproto/oauth-provider';
2
+ import { AccountDb, Device } from '../db';
3
+ import { Selectable } from 'kysely';
4
+ export declare const rowToDeviceData: (row: Selectable<Device>) => DeviceData;
5
+ export declare const createQB: (db: AccountDb, deviceId: DeviceId, { sessionId, userAgent, ipAddress, lastSeenAt }: DeviceData) => import("kysely").InsertQueryBuilder<import("../db").DatabaseSchema, "device", import("kysely").InsertResult>;
6
+ export declare const readQB: (db: AccountDb, deviceId: DeviceId) => import("kysely/dist/cjs/parser/select-parser").SelectAllQueryBuilder<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "device">, "device", {}, "device">;
7
+ export declare const updateQB: (db: AccountDb, deviceId: DeviceId, { sessionId, userAgent, ipAddress, lastSeenAt }: Partial<DeviceData>) => import("kysely").UpdateQueryBuilder<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "device">, "device", "device", import("kysely").UpdateResult>;
8
+ export declare const removeQB: (db: AccountDb, deviceId: DeviceId) => import("kysely").DeleteQueryBuilder<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "device">, "device", import("kysely").DeleteResult>;
9
+ //# sourceMappingURL=device.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"device.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/device.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,OAAO,CAAA;AAEzC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AAEnC,eAAO,MAAM,eAAe,QAAS,WAAW,MAAM,CAAC,KAAG,UAKxD,CAAA;AAEF,eAAO,MAAM,QAAQ,4BAET,QAAQ,mDAC+B,UAAU,iHAQzD,CAAA;AAEJ,eAAO,MAAM,MAAM,4BAA6B,QAAQ,+LACW,CAAA;AAEnE,eAAO,MAAM,QAAQ,4BAET,QAAQ,mDAC+B,QAAQ,UAAU,CAAC,yLAUvC,CAAA;AAE/B,eAAO,MAAM,QAAQ,4BAA6B,QAAQ,+KACH,CAAA"}
@@ -0,0 +1,32 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.removeQB = exports.updateQB = exports.readQB = exports.createQB = exports.rowToDeviceData = void 0;
4
+ const db_1 = require("../../db");
5
+ const rowToDeviceData = (row) => ({
6
+ sessionId: row.sessionId,
7
+ userAgent: row.userAgent,
8
+ ipAddress: row.ipAddress,
9
+ lastSeenAt: (0, db_1.fromDateISO)(row.lastSeenAt),
10
+ });
11
+ exports.rowToDeviceData = rowToDeviceData;
12
+ const createQB = (db, deviceId, { sessionId, userAgent, ipAddress, lastSeenAt }) => db.db.insertInto('device').values({
13
+ id: deviceId,
14
+ sessionId,
15
+ userAgent,
16
+ ipAddress,
17
+ lastSeenAt: (0, db_1.toDateISO)(lastSeenAt),
18
+ });
19
+ exports.createQB = createQB;
20
+ const readQB = (db, deviceId) => db.db.selectFrom('device').where('id', '=', deviceId).selectAll();
21
+ exports.readQB = readQB;
22
+ const updateQB = (db, deviceId, { sessionId, userAgent, ipAddress, lastSeenAt }) => db.db
23
+ .updateTable('device')
24
+ .if(sessionId != null, (qb) => qb.set({ sessionId }))
25
+ .if(userAgent != null, (qb) => qb.set({ userAgent }))
26
+ .if(ipAddress != null, (qb) => qb.set({ ipAddress }))
27
+ .if(lastSeenAt != null, (qb) => qb.set({ lastSeenAt: (0, db_1.toDateISO)(lastSeenAt) }))
28
+ .where('id', '=', deviceId);
29
+ exports.updateQB = updateQB;
30
+ const removeQB = (db, deviceId) => db.db.deleteFrom('device').where('id', '=', deviceId);
31
+ exports.removeQB = removeQB;
32
+ //# sourceMappingURL=device.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"device.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/device.ts"],"names":[],"mappings":";;;AAEA,iCAAiD;AAG1C,MAAM,eAAe,GAAG,CAAC,GAAuB,EAAc,EAAE,CAAC,CAAC;IACvE,SAAS,EAAE,GAAG,CAAC,SAAS;IACxB,SAAS,EAAE,GAAG,CAAC,SAAS;IACxB,SAAS,EAAE,GAAG,CAAC,SAAS;IACxB,UAAU,EAAE,IAAA,gBAAW,EAAC,GAAG,CAAC,UAAU,CAAC;CACxC,CAAC,CAAA;AALW,QAAA,eAAe,mBAK1B;AAEK,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,QAAkB,EAClB,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAc,EAC3D,EAAE,CACF,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;IAChC,EAAE,EAAE,QAAQ;IACZ,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU,EAAE,IAAA,cAAS,EAAC,UAAU,CAAC;CAClC,CAAC,CAAA;AAXS,QAAA,QAAQ,YAWjB;AAEG,MAAM,MAAM,GAAG,CAAC,EAAa,EAAE,QAAkB,EAAE,EAAE,CAC1D,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC,SAAS,EAAE,CAAA;AADtD,QAAA,MAAM,UACgD;AAE5D,MAAM,QAAQ,GAAG,CACtB,EAAa,EACb,QAAkB,EAClB,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAuB,EACpE,EAAE,CACF,EAAE,CAAC,EAAE;KACF,WAAW,CAAC,QAAQ,CAAC;KACrB,EAAE,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;KACpD,EAAE,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;KACpD,EAAE,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;KACpD,EAAE,CAAC,UAAU,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAC7B,EAAE,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,IAAA,cAAS,EAAC,UAAW,CAAC,EAAE,CAAC,CAC/C;KACA,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAA;AAblB,QAAA,QAAQ,YAaU;AAExB,MAAM,QAAQ,GAAG,CAAC,EAAa,EAAE,QAAkB,EAAE,EAAE,CAC5D,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAA;AAD1C,QAAA,QAAQ,YACkC"}