npm - @baseplate-dev/plugin-auth - Versions diffs - 4.0.1 → 4.0.2 - Mend

@baseplate-dev/plugin-auth 4.0.1 → 4.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (268) hide show

package/dist/local-auth/core/generators/auth-email-password/generated/typed-templates.js CHANGED Viewed

@@ -1,5 +1,7 @@
 import { createTsTemplateFile } from '@baseplate-dev/core-generators';
-import { errorHandlerServiceImportsProvider, passwordHasherServiceImportsProvider, pothosImportsProvider, prismaGeneratedImportsProvider, prismaImportsProvider, requestServiceContextImportsProvider, userSessionServiceImportsProvider, userSessionTypesImportsProvider, } from '@baseplate-dev/fastify-generators';
+import { configServiceImportsProvider, errorHandlerServiceImportsProvider, passwordHasherServiceImportsProvider, pothosImportsProvider, prismaGeneratedImportsProvider, prismaImportsProvider, requestServiceContextImportsProvider, userSessionServiceImportsProvider, userSessionTypesImportsProvider, } from '@baseplate-dev/fastify-generators';
+import { emailModuleImportsProvider } from '@baseplate-dev/plugin-email';
+import { rateLimitImportsProvider } from '@baseplate-dev/plugin-rate-limit';
 import path from 'node:path';
 import { authModuleImportsProvider } from '#src/local-auth/core/generators/auth-module/generated/ts-import-providers.js';
 const constantsPassword = createTsTemplateFile({
@@ -7,12 +9,27 @@ const constantsPassword = createTsTemplateFile({
     group: 'module',
     importMapProviders: {},
     name: 'constants-password',
-    projectExports: { PASSWORD_MIN_LENGTH: {} },
+    projectExports: {
+        PASSWORD_MAX_LENGTH: {},
+        PASSWORD_MIN_LENGTH: {},
+        PASSWORD_RESET_TOKEN_EXPIRY_SEC: {},
+    },
     source: {
         path: path.join(import.meta.dirname, '../templates/module/constants/password.constants.ts'),
     },
     variables: {},
 });
+const schemaPasswordResetMutations = createTsTemplateFile({
+    fileOptions: { kind: 'singleton' },
+    group: 'module',
+    importMapProviders: { pothosImports: pothosImportsProvider },
+    name: 'schema-password-reset-mutations',
+    referencedGeneratorTemplates: { servicesPasswordReset: {} },
+    source: {
+        path: path.join(import.meta.dirname, '../templates/module/schema/password-reset.mutations.ts'),
+    },
+    variables: {},
+});
 const schemaUserPasswordMutations = createTsTemplateFile({
     fileOptions: { kind: 'singleton' },
     group: 'module',
@@ -27,6 +44,34 @@ const schemaUserPasswordMutations = createTsTemplateFile({
     },
     variables: { TPL_ADMIN_ROLES: {}, TPL_USER_OBJECT_TYPE: {} },
 });
+const servicesPasswordReset = createTsTemplateFile({
+    fileOptions: { kind: 'singleton' },
+    group: 'module',
+    importMapProviders: {
+        configServiceImports: configServiceImportsProvider,
+        emailModuleImports: emailModuleImportsProvider,
+        errorHandlerServiceImports: errorHandlerServiceImportsProvider,
+        passwordHasherServiceImports: passwordHasherServiceImportsProvider,
+        prismaImports: prismaImportsProvider,
+        rateLimitImports: rateLimitImportsProvider,
+        requestServiceContextImports: requestServiceContextImportsProvider,
+    },
+    name: 'services-password-reset',
+    projectExports: {
+        cleanupExpiredPasswordResetTokens: { isTypeOnly: false },
+        completePasswordReset: { isTypeOnly: false },
+        requestPasswordReset: { isTypeOnly: false },
+        validatePasswordResetToken: { isTypeOnly: false },
+    },
+    referencedGeneratorTemplates: {
+        constantsPassword: {},
+        servicesAuthVerification: {},
+    },
+    source: {
+        path: path.join(import.meta.dirname, '../templates/module/services/password-reset.service.ts'),
+    },
+    variables: {},
+});
 const servicesUserPassword = createTsTemplateFile({
     fileOptions: { kind: 'singleton' },
     group: 'module',
@@ -35,6 +80,7 @@ const servicesUserPassword = createTsTemplateFile({
         passwordHasherServiceImports: passwordHasherServiceImportsProvider,
         prismaGeneratedImports: prismaGeneratedImportsProvider,
         prismaImports: prismaImportsProvider,
+        rateLimitImports: rateLimitImportsProvider,
         requestServiceContextImports: requestServiceContextImportsProvider,
         userSessionServiceImports: userSessionServiceImportsProvider,
         userSessionTypesImports: userSessionTypesImportsProvider,
@@ -45,7 +91,10 @@ const servicesUserPassword = createTsTemplateFile({
         createUserWithEmailAndPassword: {},
         registerUserWithEmailAndPassword: {},
     },
-    referencedGeneratorTemplates: { constantsPassword: {} },
+    referencedGeneratorTemplates: {
+        constantsPassword: {},
+        servicesEmailVerification: {},
+    },
     source: {
         path: path.join(import.meta.dirname, '../templates/module/services/user-password.service.ts'),
     },
@@ -53,8 +102,57 @@ const servicesUserPassword = createTsTemplateFile({
 });
 export const moduleGroup = {
     constantsPassword,
+    schemaPasswordResetMutations,
     schemaUserPasswordMutations,
+    servicesPasswordReset,
     servicesUserPassword,
 };
-export const LOCAL_AUTH_CORE_AUTH_EMAIL_PASSWORD_TEMPLATES = { moduleGroup };
+const schemaEmailVerificationMutations = createTsTemplateFile({
+    fileOptions: { kind: 'singleton' },
+    importMapProviders: { pothosImports: pothosImportsProvider },
+    name: 'schema-email-verification-mutations',
+    referencedGeneratorTemplates: { servicesEmailVerification: {} },
+    source: {
+        path: path.join(import.meta.dirname, '../templates/module/schema/email-verification.mutations.ts'),
+    },
+    variables: {},
+});
+const servicesAuthVerification = createTsTemplateFile({
+    fileOptions: { kind: 'singleton' },
+    importMapProviders: {
+        prismaGeneratedImports: prismaGeneratedImportsProvider,
+        prismaImports: prismaImportsProvider,
+    },
+    name: 'services-auth-verification',
+    source: {
+        path: path.join(import.meta.dirname, '../templates/module/services/auth-verification.service.ts'),
+    },
+    variables: {},
+});
+const servicesEmailVerification = createTsTemplateFile({
+    fileOptions: { kind: 'singleton' },
+    importMapProviders: {
+        configServiceImports: configServiceImportsProvider,
+        emailModuleImports: emailModuleImportsProvider,
+        errorHandlerServiceImports: errorHandlerServiceImportsProvider,
+        prismaImports: prismaImportsProvider,
+        rateLimitImports: rateLimitImportsProvider,
+        requestServiceContextImports: requestServiceContextImportsProvider,
+    },
+    name: 'services-email-verification',
+    referencedGeneratorTemplates: {
+        constantsPassword: {},
+        servicesAuthVerification: {},
+    },
+    source: {
+        path: path.join(import.meta.dirname, '../templates/module/services/email-verification.service.ts'),
+    },
+    variables: {},
+});
+export const LOCAL_AUTH_CORE_AUTH_EMAIL_PASSWORD_TEMPLATES = {
+    moduleGroup,
+    schemaEmailVerificationMutations,
+    servicesAuthVerification,
+    servicesEmailVerification,
+};
 //# sourceMappingURL=typed-templates.js.map

package/dist/local-auth/core/generators/auth-email-password/generated/typed-templates.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"typed-templates.js","sourceRoot":"","sources":["../../../../../../src/local-auth/core/generators/auth-email-password/generated/typed-templates.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EACL,kCAAkC,EAClC,oCAAoC,EACpC,qBAAqB,EACrB,8BAA8B,EAC9B,qBAAqB,EACrB,oCAAoC,EACpC,iCAAiC,EACjC,+BAA+B,GAChC,MAAM,mCAAmC,CAAC;AAC3C,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,yBAAyB,EAAE,MAAM,8EAA8E,CAAC;AAEzH,MAAM,iBAAiB,GAAG,oBAAoB,CAAC;IAC7C,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;IAClC,KAAK,EAAE,QAAQ;IACf,kBAAkB,EAAE,EAAE;IACtB,IAAI,EAAE,oBAAoB;IAC1B,cAAc,EAAE,EAAE,mBAAmB,EAAE,EAAE,EAAE;~~IAC3C~~,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,CAAC,IAAI,CAAC,OAAO,EACnB,qDAAqD,CACtD;KACF;IACD,SAAS,EAAE,EAAE;CACd,CAAC,CAAC;AAEH,MAAM,2BAA2B,GAAG,oBAAoB,CAAC;IACvD,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;IAClC,KAAK,EAAE,QAAQ;IACf,kBAAkB,EAAE;QAClB,iBAAiB,EAAE,yBAAyB;QAC5C,aAAa,EAAE,qBAAqB;KACrC;IACD,IAAI,EAAE,gCAAgC;IACtC,4BAA4B,EAAE,EAAE,oBAAoB,EAAE,EAAE,EAAE;IAC1D,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,CAAC,IAAI,CAAC,OAAO,EACnB,uDAAuD,CACxD;KACF;IACD,SAAS,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,oBAAoB,EAAE,EAAE,EAAE;CAC7D,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG,oBAAoB,CAAC;IAChD,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;IAClC,KAAK,EAAE,QAAQ;IACf,kBAAkB,EAAE;QAClB,0BAA0B,EAAE,kCAAkC;QAC9D,4BAA4B,EAAE,oCAAoC;QAClE,sBAAsB,EAAE,8BAA8B;QACtD,aAAa,EAAE,qBAAqB;QACpC,4BAA4B,EAAE,oCAAoC;QAClE,yBAAyB,EAAE,iCAAiC;QAC5D,uBAAuB,EAAE,+BAA+B;KACzD;IACD,IAAI,EAAE,wBAAwB;IAC9B,cAAc,EAAE;QACd,oCAAoC,EAAE,EAAE;QACxC,8BAA8B,EAAE,EAAE;QAClC,gCAAgC,EAAE,EAAE;KACrC;IACD,4BAA4B,EAAE,~~EAAE,~~iBAAiB,EAAE,EAAE,EAAE;~~IACvD~~,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,CAAC,IAAI,CAAC,OAAO,EACnB,uDAAuD,CACxD;KACF;IACD,SAAS,EAAE,EAAE;CACd,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,iBAAiB;IACjB,2BAA2B;IAC3B,oBAAoB;CACrB,CAAC;AAEF,MAAM,CAAC,MAAM,~~6CAA6C~~,GAAG,EAAE,WAAW,EAAE,CAAC"}
1	+ {"version":3,"file":"typed-templates.js","sourceRoot":"","sources":["../../../../../../src/local-auth/core/generators/auth-email-password/generated/typed-templates.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EACL,4BAA4B,EAC5B,kCAAkC,EAClC,oCAAoC,EACpC,qBAAqB,EACrB,8BAA8B,EAC9B,qBAAqB,EACrB,oCAAoC,EACpC,iCAAiC,EACjC,+BAA+B,GAChC,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AACzE,OAAO,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAC5E,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,yBAAyB,EAAE,MAAM,8EAA8E,CAAC;AAEzH,MAAM,iBAAiB,GAAG,oBAAoB,CAAC;IAC7C,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;IAClC,KAAK,EAAE,QAAQ;IACf,kBAAkB,EAAE,EAAE;IACtB,IAAI,EAAE,oBAAoB;IAC1B,cAAc,EAAE;QACd,mBAAmB,EAAE,EAAE;QACvB,mBAAmB,EAAE,EAAE;QACvB,+BAA+B,EAAE,EAAE;KACpC;IACD,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,CAAC,IAAI,CAAC,OAAO,EACnB,qDAAqD,CACtD;KACF;IACD,SAAS,EAAE,EAAE;CACd,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,oBAAoB,CAAC;IACxD,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;IAClC,KAAK,EAAE,QAAQ;IACf,kBAAkB,EAAE,EAAE,aAAa,EAAE,qBAAqB,EAAE;IAC5D,IAAI,EAAE,iCAAiC;IACvC,4BAA4B,EAAE,EAAE,qBAAqB,EAAE,EAAE,EAAE;IAC3D,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,CAAC,IAAI,CAAC,OAAO,EACnB,wDAAwD,CACzD;KACF;IACD,SAAS,EAAE,EAAE;CACd,CAAC,CAAC;AAEH,MAAM,2BAA2B,GAAG,oBAAoB,CAAC;IACvD,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;IAClC,KAAK,EAAE,QAAQ;IACf,kBAAkB,EAAE;QAClB,iBAAiB,EAAE,yBAAyB;QAC5C,aAAa,EAAE,qBAAqB;KACrC;IACD,IAAI,EAAE,gCAAgC;IACtC,4BAA4B,EAAE,EAAE,oBAAoB,EAAE,EAAE,EAAE;IAC1D,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,CAAC,IAAI,CAAC,OAAO,EACnB,uDAAuD,CACxD;KACF;IACD,SAAS,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,oBAAoB,EAAE,EAAE,EAAE;CAC7D,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,oBAAoB,CAAC;IACjD,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;IAClC,KAAK,EAAE,QAAQ;IACf,kBAAkB,EAAE;QAClB,oBAAoB,EAAE,4BAA4B;QAClD,kBAAkB,EAAE,0BAA0B;QAC9C,0BAA0B,EAAE,kCAAkC;QAC9D,4BAA4B,EAAE,oCAAoC;QAClE,aAAa,EAAE,qBAAqB;QACpC,gBAAgB,EAAE,wBAAwB;QAC1C,4BAA4B,EAAE,oCAAoC;KACnE;IACD,IAAI,EAAE,yBAAyB;IAC/B,cAAc,EAAE;QACd,iCAAiC,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE;QACxD,qBAAqB,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE;QAC5C,oBAAoB,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE;QAC3C,0BAA0B,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE;KAClD;IACD,4BAA4B,EAAE;QAC5B,iBAAiB,EAAE,EAAE;QACrB,wBAAwB,EAAE,EAAE;KAC7B;IACD,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,CAAC,IAAI,CAAC,OAAO,EACnB,wDAAwD,CACzD;KACF;IACD,SAAS,EAAE,EAAE;CACd,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG,oBAAoB,CAAC;IAChD,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;IAClC,KAAK,EAAE,QAAQ;IACf,kBAAkB,EAAE;QAClB,0BAA0B,EAAE,kCAAkC;QAC9D,4BAA4B,EAAE,oCAAoC;QAClE,sBAAsB,EAAE,8BAA8B;QACtD,aAAa,EAAE,qBAAqB;QACpC,gBAAgB,EAAE,wBAAwB;QAC1C,4BAA4B,EAAE,oCAAoC;QAClE,yBAAyB,EAAE,iCAAiC;QAC5D,uBAAuB,EAAE,+BAA+B;KACzD;IACD,IAAI,EAAE,wBAAwB;IAC9B,cAAc,EAAE;QACd,oCAAoC,EAAE,EAAE;QACxC,8BAA8B,EAAE,EAAE;QAClC,gCAAgC,EAAE,EAAE;KACrC;IACD,4BAA4B,EAAE;QAC5B,iBAAiB,EAAE,EAAE;QACrB,yBAAyB,EAAE,EAAE;KAC9B;IACD,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,CAAC,IAAI,CAAC,OAAO,EACnB,uDAAuD,CACxD;KACF;IACD,SAAS,EAAE,EAAE;CACd,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,iBAAiB;IACjB,4BAA4B;IAC5B,2BAA2B;IAC3B,qBAAqB;IACrB,oBAAoB;CACrB,CAAC;AAEF,MAAM,gCAAgC,GAAG,oBAAoB,CAAC;IAC5D,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;IAClC,kBAAkB,EAAE,EAAE,aAAa,EAAE,qBAAqB,EAAE;IAC5D,IAAI,EAAE,qCAAqC;IAC3C,4BAA4B,EAAE,EAAE,yBAAyB,EAAE,EAAE,EAAE;IAC/D,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,CAAC,IAAI,CAAC,OAAO,EACnB,4DAA4D,CAC7D;KACF;IACD,SAAS,EAAE,EAAE;CACd,CAAC,CAAC;AAEH,MAAM,wBAAwB,GAAG,oBAAoB,CAAC;IACpD,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;IAClC,kBAAkB,EAAE;QAClB,sBAAsB,EAAE,8BAA8B;QACtD,aAAa,EAAE,qBAAqB;KACrC;IACD,IAAI,EAAE,4BAA4B;IAClC,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,CAAC,IAAI,CAAC,OAAO,EACnB,2DAA2D,CAC5D;KACF;IACD,SAAS,EAAE,EAAE;CACd,CAAC,CAAC;AAEH,MAAM,yBAAyB,GAAG,oBAAoB,CAAC;IACrD,WAAW,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;IAClC,kBAAkB,EAAE;QAClB,oBAAoB,EAAE,4BAA4B;QAClD,kBAAkB,EAAE,0BAA0B;QAC9C,0BAA0B,EAAE,kCAAkC;QAC9D,aAAa,EAAE,qBAAqB;QACpC,gBAAgB,EAAE,wBAAwB;QAC1C,4BAA4B,EAAE,oCAAoC;KACnE;IACD,IAAI,EAAE,6BAA6B;IACnC,4BAA4B,EAAE;QAC5B,iBAAiB,EAAE,EAAE;QACrB,wBAAwB,EAAE,EAAE;KAC7B;IACD,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,CAAC,IAAI,CAAC,OAAO,EACnB,4DAA4D,CAC7D;KACF;IACD,SAAS,EAAE,EAAE;CACd,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,6CAA6C,GAAG;IAC3D,WAAW;IACX,gCAAgC;IAChC,wBAAwB;IACxB,yBAAyB;CAC1B,CAAC"}

package/dist/local-auth/core/generators/auth-email-password/templates/module/constants/password.constants.d.ts CHANGED Viewed

@@ -1,2 +1,17 @@
+/**
+ * Minimum password length
+ */
 export declare const PASSWORD_MIN_LENGTH = 8;
+/**
+ * Maximum password length (prevents DoS attacks via excessive bcrypt/argon2 computation)
+ */
+export declare const PASSWORD_MAX_LENGTH = 255;
+/**
+ * Password reset token expiration time in seconds (1 hour per OWASP recommendations)
+ */
+export declare const PASSWORD_RESET_TOKEN_EXPIRY_SEC: number;
+/**
+ * Email verification token expiration time in seconds (24 hours)
+ */
+export declare const EMAIL_VERIFICATION_TOKEN_EXPIRY_SEC: number;
 //# sourceMappingURL=password.constants.d.ts.map

package/dist/local-auth/core/generators/auth-email-password/templates/module/constants/password.constants.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"password.constants.d.ts","sourceRoot":"","sources":["../../../../../../../../src/local-auth/core/generators/auth-email-password/templates/module/constants/password.constants.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,mBAAmB,IAAI,CAAC"}
1	+ {"version":3,"file":"password.constants.d.ts","sourceRoot":"","sources":["../../../../../../../../src/local-auth/core/generators/auth-email-password/templates/module/constants/password.constants.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,mBAAmB,IAAI,CAAC;AAErC;;GAEG;AACH,eAAO,MAAM,mBAAmB,MAAM,CAAC;AAEvC;;GAEG;AACH,eAAO,MAAM,+BAA+B,QAAU,CAAC;AAEvD;;GAEG;AACH,eAAO,MAAM,mCAAmC,QAAe,CAAC"}

package/dist/local-auth/core/generators/auth-email-password/templates/module/constants/password.constants.js CHANGED Viewed

@@ -1,3 +1,18 @@
 // @ts-nocheck
+/**
+ * Minimum password length
+ */
 export const PASSWORD_MIN_LENGTH = 8;
+/**
+ * Maximum password length (prevents DoS attacks via excessive bcrypt/argon2 computation)
+ */
+export const PASSWORD_MAX_LENGTH = 255;
+/**
+ * Password reset token expiration time in seconds (1 hour per OWASP recommendations)
+ */
+export const PASSWORD_RESET_TOKEN_EXPIRY_SEC = 60 * 60;
+/**
+ * Email verification token expiration time in seconds (24 hours)
+ */
+export const EMAIL_VERIFICATION_TOKEN_EXPIRY_SEC = 60 * 60 * 24;
 //# sourceMappingURL=password.constants.js.map

package/dist/local-auth/core/generators/auth-email-password/templates/module/constants/password.constants.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"password.constants.js","sourceRoot":"","sources":["../../../../../../../../src/local-auth/core/generators/auth-email-password/templates/module/constants/password.constants.ts"],"names":[],"mappings":"AAAA,cAAc;AAEd,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC"}
1	+ {"version":3,"file":"password.constants.js","sourceRoot":"","sources":["../../../../../../../../src/local-auth/core/generators/auth-email-password/templates/module/constants/password.constants.ts"],"names":[],"mappings":"AAAA,cAAc;AAEd;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AAErC;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEvC;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG,EAAE,GAAG,EAAE,CAAC;AAEvD;;GAEG;AACH,MAAM,CAAC,MAAM,mCAAmC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC"}

package/dist/local-auth/core/generators/auth-email-password/templates/module/constants/password.constants.ts CHANGED Viewed

@@ -1,3 +1,21 @@
 // @ts-nocheck
+/**
+ * Minimum password length
+ */
 export const PASSWORD_MIN_LENGTH = 8;
+/**
+ * Maximum password length (prevents DoS attacks via excessive bcrypt/argon2 computation)
+ */
+export const PASSWORD_MAX_LENGTH = 255;
+/**
+ * Password reset token expiration time in seconds (1 hour per OWASP recommendations)
+ */
+export const PASSWORD_RESET_TOKEN_EXPIRY_SEC = 60 * 60;
+/**
+ * Email verification token expiration time in seconds (24 hours)
+ */
+export const EMAIL_VERIFICATION_TOKEN_EXPIRY_SEC = 60 * 60 * 24;

package/dist/local-auth/core/generators/auth-email-password/templates/module/schema/email-verification.mutations.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=email-verification.mutations.d.ts.map

package/dist/local-auth/core/generators/auth-email-password/templates/module/schema/email-verification.mutations.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"email-verification.mutations.d.ts","sourceRoot":"","sources":["../../../../../../../../src/local-auth/core/generators/auth-email-password/templates/module/schema/email-verification.mutations.ts"],"names":[],"mappings":""}

package/dist/local-auth/core/generators/auth-email-password/templates/module/schema/email-verification.mutations.js ADDED Viewed

@@ -0,0 +1,24 @@
+// @ts-nocheck
+import { requestEmailVerification, verifyEmail, } from '$servicesEmailVerification';
+import { builder } from '%pothosImports';
+builder.mutationField('requestEmailVerification', (t) => t.fieldWithInputPayload({
+    authorize: ['user'],
+    payload: {
+        success: t.payload.field({ type: 'Boolean' }),
+    },
+    resolve: async (_root, _args, context) => requestEmailVerification({
+        userId: context.auth.userIdOrThrow(),
+        context,
+    }),
+}));
+builder.mutationField('verifyEmail', (t) => t.fieldWithInputPayload({
+    authorize: ['public'],
+    payload: {
+        success: t.payload.field({ type: 'Boolean' }),
+    },
+    input: {
+        token: t.input.field({ required: true, type: 'String' }),
+    },
+    resolve: async (_root, { input }, context) => verifyEmail({ token: input.token, context }),
+}));
+//# sourceMappingURL=email-verification.mutations.js.map

package/dist/local-auth/core/generators/auth-email-password/templates/module/schema/email-verification.mutations.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"email-verification.mutations.js","sourceRoot":"","sources":["../../../../../../../../src/local-auth/core/generators/auth-email-password/templates/module/schema/email-verification.mutations.ts"],"names":[],"mappings":"AAAA,cAAc;AAEd,OAAO,EACL,wBAAwB,EACxB,WAAW,GACZ,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAEzC,OAAO,CAAC,aAAa,CAAC,0BAA0B,EAAE,CAAC,CAAC,EAAE,EAAE,CACtD,CAAC,CAAC,qBAAqB,CAAC;IACtB,SAAS,EAAE,CAAC,MAAM,CAAC;IACnB,OAAO,EAAE;QACP,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;KAC9C;IACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CACvC,wBAAwB,CAAC;QACvB,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE;QACpC,OAAO;KACR,CAAC;CACL,CAAC,CACH,CAAC;AAEF,OAAO,CAAC,aAAa,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CACzC,CAAC,CAAC,qBAAqB,CAAC;IACtB,SAAS,EAAE,CAAC,QAAQ,CAAC;IACrB,OAAO,EAAE;QACP,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;KAC9C;IACD,KAAK,EAAE;QACL,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;KACzD;IACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,CAC3C,WAAW,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;CAC/C,CAAC,CACH,CAAC"}

package/dist/local-auth/core/generators/auth-email-password/templates/module/schema/email-verification.mutations.ts ADDED Viewed

@@ -0,0 +1,35 @@
+// @ts-nocheck
+import {
+  requestEmailVerification,
+  verifyEmail,
+} from '$servicesEmailVerification';
+import { builder } from '%pothosImports';
+builder.mutationField('requestEmailVerification', (t) =>
+  t.fieldWithInputPayload({
+    authorize: ['user'],
+    payload: {
+      success: t.payload.field({ type: 'Boolean' }),
+    },
+    resolve: async (_root, _args, context) =>
+      requestEmailVerification({
+        userId: context.auth.userIdOrThrow(),
+        context,
+      }),
+  }),
+);
+builder.mutationField('verifyEmail', (t) =>
+  t.fieldWithInputPayload({
+    authorize: ['public'],
+    payload: {
+      success: t.payload.field({ type: 'Boolean' }),
+    },
+    input: {
+      token: t.input.field({ required: true, type: 'String' }),
+    },
+    resolve: async (_root, { input }, context) =>
+      verifyEmail({ token: input.token, context }),
+  }),
+);

package/dist/local-auth/core/generators/auth-email-password/templates/module/schema/password-reset.mutations.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=password-reset.mutations.d.ts.map

package/dist/local-auth/core/generators/auth-email-password/templates/module/schema/password-reset.mutations.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"password-reset.mutations.d.ts","sourceRoot":"","sources":["../../../../../../../../src/local-auth/core/generators/auth-email-password/templates/module/schema/password-reset.mutations.ts"],"names":[],"mappings":""}

package/dist/local-auth/core/generators/auth-email-password/templates/module/schema/password-reset.mutations.js ADDED Viewed

@@ -0,0 +1,38 @@
+// @ts-nocheck
+import { completePasswordReset, requestPasswordReset, validatePasswordResetToken, } from '$servicesPasswordReset';
+import { builder } from '%pothosImports';
+builder.mutationField('requestPasswordReset', (t) => t.fieldWithInputPayload({
+    authorize: ['public'],
+    payload: {
+        success: t.payload.field({ type: 'Boolean' }),
+    },
+    input: {
+        email: t.input.field({ required: true, type: 'String' }),
+    },
+    resolve: async (_root, { input }, context) => requestPasswordReset({ email: input.email, context }),
+}));
+builder.mutationField('validatePasswordResetToken', (t) => t.fieldWithInputPayload({
+    authorize: ['public'],
+    payload: {
+        valid: t.payload.field({ type: 'Boolean' }),
+    },
+    input: {
+        token: t.input.field({ required: true, type: 'String' }),
+    },
+    resolve: async (_root, { input }) => validatePasswordResetToken({ token: input.token }),
+}));
+builder.mutationField('resetPasswordWithToken', (t) => t.fieldWithInputPayload({
+    authorize: ['public'],
+    payload: {
+        success: t.payload.field({ type: 'Boolean' }),
+    },
+    input: {
+        token: t.input.field({ required: true, type: 'String' }),
+        newPassword: t.input.field({ required: true, type: 'String' }),
+    },
+    resolve: async (_root, { input }) => completePasswordReset({
+        token: input.token,
+        newPassword: input.newPassword,
+    }),
+}));
+//# sourceMappingURL=password-reset.mutations.js.map

package/dist/local-auth/core/generators/auth-email-password/templates/module/schema/password-reset.mutations.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"password-reset.mutations.js","sourceRoot":"","sources":["../../../../../../../../src/local-auth/core/generators/auth-email-password/templates/module/schema/password-reset.mutations.ts"],"names":[],"mappings":"AAAA,cAAc;AAEd,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,0BAA0B,GAC3B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAEzC,OAAO,CAAC,aAAa,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE,CAClD,CAAC,CAAC,qBAAqB,CAAC;IACtB,SAAS,EAAE,CAAC,QAAQ,CAAC;IACrB,OAAO,EAAE;QACP,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;KAC9C;IACD,KAAK,EAAE;QACL,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;KACzD;IACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,CAC3C,oBAAoB,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;CACxD,CAAC,CACH,CAAC;AAEF,OAAO,CAAC,aAAa,CAAC,4BAA4B,EAAE,CAAC,CAAC,EAAE,EAAE,CACxD,CAAC,CAAC,qBAAqB,CAAC;IACtB,SAAS,EAAE,CAAC,QAAQ,CAAC;IACrB,OAAO,EAAE;QACP,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;KAC5C;IACD,KAAK,EAAE;QACL,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;KACzD;IACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAClC,0BAA0B,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC;CACrD,CAAC,CACH,CAAC;AAEF,OAAO,CAAC,aAAa,CAAC,wBAAwB,EAAE,CAAC,CAAC,EAAE,EAAE,CACpD,CAAC,CAAC,qBAAqB,CAAC;IACtB,SAAS,EAAE,CAAC,QAAQ,CAAC;IACrB,OAAO,EAAE;QACP,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;KAC9C;IACD,KAAK,EAAE;QACL,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACxD,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;KAC/D;IACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAClC,qBAAqB,CAAC;QACpB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,WAAW,EAAE,KAAK,CAAC,WAAW;KAC/B,CAAC;CACL,CAAC,CACH,CAAC"}

package/dist/local-auth/core/generators/auth-email-password/templates/module/schema/password-reset.mutations.ts ADDED Viewed

@@ -0,0 +1,54 @@
+// @ts-nocheck
+import {
+  completePasswordReset,
+  requestPasswordReset,
+  validatePasswordResetToken,
+} from '$servicesPasswordReset';
+import { builder } from '%pothosImports';
+builder.mutationField('requestPasswordReset', (t) =>
+  t.fieldWithInputPayload({
+    authorize: ['public'],
+    payload: {
+      success: t.payload.field({ type: 'Boolean' }),
+    },
+    input: {
+      email: t.input.field({ required: true, type: 'String' }),
+    },
+    resolve: async (_root, { input }, context) =>
+      requestPasswordReset({ email: input.email, context }),
+  }),
+);
+builder.mutationField('validatePasswordResetToken', (t) =>
+  t.fieldWithInputPayload({
+    authorize: ['public'],
+    payload: {
+      valid: t.payload.field({ type: 'Boolean' }),
+    },
+    input: {
+      token: t.input.field({ required: true, type: 'String' }),
+    },
+    resolve: async (_root, { input }) =>
+      validatePasswordResetToken({ token: input.token }),
+  }),
+);
+builder.mutationField('resetPasswordWithToken', (t) =>
+  t.fieldWithInputPayload({
+    authorize: ['public'],
+    payload: {
+      success: t.payload.field({ type: 'Boolean' }),
+    },
+    input: {
+      token: t.input.field({ required: true, type: 'String' }),
+      newPassword: t.input.field({ required: true, type: 'String' }),
+    },
+    resolve: async (_root, { input }) =>
+      completePasswordReset({
+        token: input.token,
+        newPassword: input.newPassword,
+      }),
+  }),
+);

package/dist/local-auth/core/generators/auth-email-password/templates/module/services/auth-verification.service.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import type { AuthVerification, Prisma } from '%prismaGeneratedImports';
+/**
+ * Creates a new auth verification using the split-token pattern.
+ *
+ * @param type - Verification type (e.g., "password-reset", "email-verify")
+ * @param userId - Optional user ID to associate with the token
+ * @param expiresInSec - Token lifetime in seconds
+ * @param metadata - Optional JSON metadata to store with the token
+ * @returns The combined token (`{selector}.{verifier}`) to send to the user
+ */
+export declare function createAuthVerification({ type, userId, expiresInSec, metadata, }: {
+    type: string;
+    userId?: string;
+    expiresInSec: number;
+    metadata?: Prisma.JsonValue;
+}): Promise<{
+    token: string;
+}>;
+/**
+ * Validates an auth verification token without consuming it.
+ * Returns the full record if valid so the caller can delete it
+ * as part of their own transaction.
+ *
+ * Security: If the selector matches but the verifier is wrong or expired,
+ * the token is deleted to prevent brute-force attempts.
+ *
+ * @throws BadRequestError if token is invalid, expired, or malformed
+ */
+export declare function validateAuthVerification({ type, token, }: {
+    type: string;
+    token: string;
+}): Promise<AuthVerification | null>;
+/**
+ * Cleanup job to delete expired auth verification tokens.
+ * Should be called periodically (e.g., via cron job or queue).
+ */
+export declare function cleanupExpiredAuthVerifications(): Promise<{
+    deletedCount: number;
+}>;
+//# sourceMappingURL=auth-verification.service.d.ts.map

package/dist/local-auth/core/generators/auth-email-password/templates/module/services/auth-verification.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth-verification.service.d.ts","sourceRoot":"","sources":["../../../../../../../../src/local-auth/core/generators/auth-email-password/templates/module/services/auth-verification.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAiDxE;;;;;;;;GAQG;AACH,wBAAsB,sBAAsB,CAAC,EAC3C,IAAI,EACJ,MAAM,EACN,YAAY,EACZ,QAAQ,GACT,EAAE;IACD,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC,SAAS,CAAC;CAC7B,GAAG,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAiB7B;AAED;;;;;;;;;GASG;AACH,wBAAsB,wBAAwB,CAAC,EAC7C,IAAI,EACJ,KAAK,GACN,EAAE;IACD,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAwBnC;AAED;;;GAGG;AACH,wBAAsB,+BAA+B,IAAI,OAAO,CAAC;IAC/D,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC,CAQD"}

package/dist/local-auth/core/generators/auth-email-password/templates/module/services/auth-verification.service.js ADDED Viewed

@@ -0,0 +1,106 @@
+// @ts-nocheck
+import { prisma } from '%prismaImports';
+import * as crypto from 'node:crypto';
+/**
+ * Split-token pattern for secure verification flows.
+ *
+ * - selector: random identifier used for DB lookup (stored as `identifier`)
+ * - verifier: random secret, hashed before storage (stored as `value`)
+ * - token: `{selector}.{verifier}` — the value sent to the user
+ */
+function generateSplitToken() {
+    return {
+        selector: crypto.randomBytes(16).toString('base64url'),
+        verifier: crypto.randomBytes(16).toString('base64url'),
+    };
+}
+function hashVerifier(verifier) {
+    return crypto.createHash('sha256').update(verifier).digest('hex');
+}
+/**
+ * Constant-time comparison of two hex strings to prevent timing attacks.
+ */
+function safeCompare(a, b) {
+    if (a.length !== b.length)
+        return false;
+    return crypto.timingSafeEqual(Buffer.from(a, 'hex'), Buffer.from(b, 'hex'));
+}
+function encodeToken(selector, verifier) {
+    return `${selector}.${verifier}`;
+}
+function decodeToken(token) {
+    const dotIndex = token.indexOf('.');
+    if (dotIndex === -1) {
+        return null;
+    }
+    return {
+        selector: token.slice(0, dotIndex),
+        verifier: token.slice(dotIndex + 1),
+    };
+}
+/**
+ * Creates a new auth verification using the split-token pattern.
+ *
+ * @param type - Verification type (e.g., "password-reset", "email-verify")
+ * @param userId - Optional user ID to associate with the token
+ * @param expiresInSec - Token lifetime in seconds
+ * @param metadata - Optional JSON metadata to store with the token
+ * @returns The combined token (`{selector}.{verifier}`) to send to the user
+ */
+export async function createAuthVerification({ type, userId, expiresInSec, metadata, }) {
+    const { selector, verifier } = generateSplitToken();
+    const value = hashVerifier(verifier);
+    const expiresAt = new Date(Date.now() + expiresInSec * 1000);
+    await prisma.authVerification.create({
+        data: {
+            type,
+            identifier: selector,
+            value,
+            userId,
+            metadata: metadata ?? undefined,
+            expiresAt,
+        },
+    });
+    return { token: encodeToken(selector, verifier) };
+}
+/**
+ * Validates an auth verification token without consuming it.
+ * Returns the full record if valid so the caller can delete it
+ * as part of their own transaction.
+ *
+ * Security: If the selector matches but the verifier is wrong or expired,
+ * the token is deleted to prevent brute-force attempts.
+ *
+ * @throws BadRequestError if token is invalid, expired, or malformed
+ */
+export async function validateAuthVerification({ type, token, }) {
+    const decoded = decodeToken(token);
+    if (!decoded) {
+        return null;
+    }
+    const record = await prisma.authVerification.findUnique({
+        where: { type_identifier: { type, identifier: decoded.selector } },
+    });
+    if (!record) {
+        return null;
+    }
+    if (!safeCompare(record.value, hashVerifier(decoded.verifier)) ||
+        record.expiresAt < new Date()) {
+        await prisma.authVerification.delete({ where: { id: record.id } });
+        return null;
+    }
+    return record;
+}
+/**
+ * Cleanup job to delete expired auth verification tokens.
+ * Should be called periodically (e.g., via cron job or queue).
+ */
+export async function cleanupExpiredAuthVerifications() {
+    const result = await prisma.authVerification.deleteMany({
+        where: {
+            expiresAt: { lt: new Date() },
+        },
+    });
+    return { deletedCount: result.count };
+}
+//# sourceMappingURL=auth-verification.service.js.map

package/dist/local-auth/core/generators/auth-email-password/templates/module/services/auth-verification.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth-verification.service.js","sourceRoot":"","sources":["../../../../../../../../src/local-auth/core/generators/auth-email-password/templates/module/services/auth-verification.service.ts"],"names":[],"mappings":"AAAA,cAAc;AAId,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACxC,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC;;;;;;GAMG;AAEH,SAAS,kBAAkB;IACzB,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;QACtD,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;KACvD,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB;IACpC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,CAAS,EAAE,CAAS;IACvC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB,EAAE,QAAgB;IACrD,OAAO,GAAG,QAAQ,IAAI,QAAQ,EAAE,CAAC;AACnC,CAAC;AAED,SAAS,WAAW,CAClB,KAAa;IAEb,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC;QAClC,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC;KACpC,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,EAC3C,IAAI,EACJ,MAAM,EACN,YAAY,EACZ,QAAQ,GAMT;IACC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,kBAAkB,EAAE,CAAC;IACpD,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,GAAG,IAAI,CAAC,CAAC;IAE7D,MAAM,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC;QACnC,IAAI,EAAE;YACJ,IAAI;YACJ,UAAU,EAAE,QAAQ;YACpB,KAAK;YACL,MAAM;YACN,QAAQ,EAAE,QAAQ,IAAI,SAAS;YAC/B,SAAS;SACV;KACF,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,WAAW,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC;AACpD,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,EAC7C,IAAI,EACJ,KAAK,GAIN;IACC,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAEnC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,UAAU,CAAC;QACtD,KAAK,EAAE,EAAE,eAAe,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE;KACnE,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IACE,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC1D,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAC7B,CAAC;QACD,MAAM,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACnE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,+BAA+B;IAGnD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,UAAU,CAAC;QACtD,KAAK,EAAE;YACL,SAAS,EAAE,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,EAAE;SAC9B;KACF,CAAC,CAAC;IAEH,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;AACxC,CAAC"}