@bepalo/router 1.0.3

package/dist/middlewares.d.ts

@@ -0,0 +1,251 @@
+import { CTXAddress } from "./helpers.js";
+import { RouterContext } from "./router.js";
+import { HttpMethod } from "./types.js";
+import { CacheConfig } from "@bepalo/cache";
+import { JWT, JwtPayload, JwtVerifyOptions } from "@bepalo/jwt";
+/**
+ * Creates a rate limiting middleware using token bucket algorithm.
+ * Supports both fixed interval refill and continuous rate-based refill.
+ *
+ * @template Context - Must extend RouterContext & CTXAddress
+ * @param {Object} config - Rate limiting configuration
+ * @param {Function} config.key - Function to generate cache key from request and context
+ * @param {number} [config.refillInterval] - Fixed interval in milliseconds for token refill
+ * @param {number} [config.refillRate] - Continuous refill rate in tokens per second (or custom denominator)
+ * @param {number} config.maxTokens - Maximum number of tokens in the bucket
+ * @param {number} [config.refillTimeSecondsDenominator=1000] - Denominator for time calculations (default: 1000 = seconds)
+ * @param {Function} [config.now=Date.now] - Function returning current timestamp in milliseconds
+ * @param {CacheConfig<string, any>} [config.cacheConfig] - Configuration for the underlying cache
+ * @param {boolean} [config.setXRateLimitHeaders=false] - Whether to set X-RateLimit headers in response
+ * @returns {Function} Middleware function that enforces rate limits
+ *
+ * @example
+ * // Fixed interval rate limiting (10 requests per minute)
+ * const rateLimiter = limitRate({
+ *   key: (req, ctx) => ctx.address.address, // IP-based limiting
+ *   refillInterval: 60 * 1000, // 1 minute
+ *   refillRate: 10, // 10 tokens per interval
+ *   maxTokens: 10,
+ *   setXRateLimitHeaders: true
+ * });
+ *
+ * @example
+ * // Continuous rate limiting (100 requests per hour)
+ * const rateLimiter = limitRate({
+ *   key: (req, ctx) => req.headers.get('x-user-id') || 'anonymous',
+ *   refillRate: 100 / (60 * 60), // 100 tokens per hour
+ *   maxTokens: 100,
+ *   refillTimeSecondsDenominator: 1 // Use seconds as time unit
+ * });
+ *
+ * @throws {Error} If neither refillInterval nor refillRate is provided
+ */
+export declare const limitRate: <Context extends RouterContext & CTXAddress>(config: {
+    key: (req: Request, ctx: Context) => string;
+    refillInterval?: number;
+    refillRate?: number;
+    maxTokens: number;
+    refillTimeSecondsDenominator?: number;
+    now?: () => number;
+    cacheConfig?: CacheConfig<string, any>;
+    setXRateLimitHeaders?: boolean;
+}) => (req: Request, ctx: Context) => Response | undefined;
+/**
+ * Creates a CORS (Cross-Origin Resource Sharing) middleware.
+ * Supports preflight requests and configurable CORS headers.
+ *
+ * @template Context - Must extend RouterContext
+ * @param {Object} [config] - CORS configuration
+ * @param {string|string[]|"*"} [config.origins="*"] - Allowed origins (wildcard "*", single origin, or array)
+ * @param {HttpMethod[]} [config.methods=["GET","HEAD","PUT","PATCH","POST","DELETE"]] - Allowed HTTP methods
+ * @param {string[]} [config.allowedHeaders=["Content-Type","Authorization"]] - Allowed request headers
+ * @param {string[]} [config.exposedHeaders] - Headers exposed to the browser
+ * @param {boolean} [config.credentials=false] - Allow credentials (cookies, authorization headers)
+ * @param {number} [config.maxAge=86400] - Maximum age for preflight cache in seconds
+ * @param {boolean} [config.varyOrigin=false] - Add Vary: Origin header for caching
+ * @returns {Function} Middleware function that handles CORS headers
+ *
+ * @example
+ * // Basic CORS with all defaults
+ * const corsMiddleware = cors();
+ *
+ * @example
+ * // Specific origins with credentials
+ * const corsMiddleware = cors({
+ *   origins: ["https://example.com", "https://api.example.com"],
+ *   credentials: true,
+ *   methods: ["GET", "POST", "PUT", "DELETE"],
+ *   allowedHeaders: ["Content-Type", "Authorization", "X-Custom-Header"]
+ * });
+ *
+ * @throws {Error} If credentials is true with wildcard origin ("*")
+ */
+export declare const cors: <Context extends RouterContext>(config?: {
+    origins: "*" | string | string[];
+    methods?: HttpMethod[] | null;
+    allowedHeaders?: string[] | null;
+    exposedHeaders?: string[] | null;
+    credentials?: boolean | null;
+    maxAge?: number | null;
+    varyOrigin?: boolean;
+}) => (req: Request, ctx: Context) => Response | undefined;
+/**
+ * Context type for Basic Authentication middleware.
+ * @template {string} [prop="basicAuth"] - Property name to store auth data in context
+ * @typedef {RouterContext & {[K in prop]?: {username: string; role: string} & Record<string, any>}} CTXBasicAuth
+ */
+export type CTXBasicAuth<prop extends string = "basicAuth"> = RouterContext & {
+    [K in prop]?: {
+        username: string;
+        role: string;
+    } & Record<string, any>;
+};
+/**
+ * Creates a Basic Authentication middleware.
+ * Supports RFC 7617 Basic Authentication scheme.
+ *
+ * @template Context - Must extend CTXBasicAuth
+ * @template {string} prop - Property name to store auth data in context
+ * @param {Object} config - Basic Authentication configuration
+ * @param {Map<string, {pass: string} & Record<string, any>>} config.credentials - Map of usernames to user data (must include 'pass')
+ * @param {"raw"|"base64"} [config.type="raw"] - Credential encoding type
+ * @param {":"|" "} [config.separator=":"] - Separator between username and password
+ * @param {string} [config.realm="Protected"] - Authentication realm
+ * @param {prop} [config.ctxProp="basicAuth"] - Context property name for auth data
+ * @returns {Function} Middleware function that validates Basic Authentication
+ *
+ * @example
+ * // Simple username/password authentication
+ * const users = new Map();
+ * users.set("admin", { pass: "secret123", role: "admin", permissions: ["read", "write"] });
+ * users.set("user", { pass: "password", role: "user", permissions: ["read"] });
+ *
+ * const basicAuth = authBasic({
+ *   credentials: users,
+ *   realm: "My API",
+ *   ctxProp: "user" // Store in ctx.user instead of ctx.basicAuth
+ * });
+ */
+export declare const authBasic: <Context extends CTXBasicAuth, prop extends string = "basicAuth">({ credentials, type, separator, realm, ctxProp, }: {
+    credentials: Map<string, {
+        pass: string;
+    } & Record<string, any>>;
+    type?: "raw" | "base64";
+    separator?: ":" | " ";
+    realm?: string;
+    ctxProp?: prop;
+}) => (req: Request, ctx: Context) => Response | undefined;
+/**
+ * Context type for API Key Authentication middleware.
+ * @template {string} [prop="apiKeyAuth"] - Property name to store auth data in context
+ * @typedef {RouterContext & {[K in prop]?: {apiKey: string} & Record<string, any>}} CTXAPIKeyAuth
+ */
+export type CTXAPIKeyAuth<prop extends string = "apiKeyAuth"> = RouterContext & {
+    [K in prop]?: {
+        apiKey: string;
+    } & Record<string, any>;
+};
+/**
+ * Creates an API Key Authentication middleware.
+ * Validates API keys from X-API-Key header.
+ *
+ * @template Context - Must extend CTXAPIKeyAuth
+ * @template {string} prop - Property name to store auth data in context
+ * @param {Object} config - API Key Authentication configuration
+ * @param {Function} config.verify - Function to verify API key (returns boolean)
+ * @param {prop} [config.ctxProp="apiKeyAuth"] - Context property name for auth data
+ * @returns {Function} Middleware function that validates API keys
+ *
+ * @example
+ * // API key validation with database lookup
+ * const apiKeys = new Set(["abc123", "def456", "ghi789"]);
+ *
+ * const apiKeyAuth = authAPIKey({
+ *   verify: (apiKey) => apiKeys.has(apiKey),
+ *   ctxProp: "apiClient" // Store in ctx.apiClient
+ * });
+ *
+ * @example
+ * // API key with additional validation
+ * const apiKeyAuth = authAPIKey({
+ *   verify: (apiKey) => {
+ *     // Validate format
+ *     if (!apiKey.startsWith("sk_")) return false;
+ *
+ *     // Check against database
+ *     return db.apiKeys.isValid(apiKey);
+ *   }
+ * });
+ */
+export declare const authAPIKey: <Context extends CTXAPIKeyAuth, prop extends string = "apiKeyAuth">({ verify, ctxProp, }: {
+    verify: (apiKey: string) => boolean;
+    ctxProp?: prop;
+}) => (req: Request, ctx: Context) => Response | undefined;
+/**
+ * Context type for JWT Authentication middleware.
+ * @template {JwtPayload<{}>} Payload - JWT payload type
+ * @template {string} [prop="jwtAuth"] - Property name to store auth data in context
+ * @typedef {RouterContext & {[K in prop]?: {jwt: JWT<Payload>; token: string; payload: Payload} & Record<string, any>}} CTXJWTAuth
+ */
+export type CTXJWTAuth<Payload extends JwtPayload<{}>, prop extends string = "jwtAuth"> = RouterContext & {
+    [K in prop]?: {
+        jwt: JWT<Payload>;
+        token: string;
+        payload: Payload;
+    } & Record<string, any>;
+};
+/**
+ * Creates a JWT (JSON Web Token) Authentication middleware.
+ * Validates Bearer tokens from Authorization header.
+ *
+ * @template {JwtPayload<{}>} Payload - JWT payload type
+ * @template Context - Must extend CTXJWTAuth<Payload, prop>
+ * @template {string} prop - Property name to store auth data in context
+ * @param {Object} config - JWT Authentication configuration
+ * @param {JWT<Payload>} config.jwt - JWT instance for verification
+ * @param {Function} [config.validate] - Additional payload validation function
+ * @param {JwtVerifyOptions} [config.verifyOptions] - JWT verification options
+ * @param {prop} [config.ctxProp="jwtAuth"] - Context property name for auth data
+ * @returns {Function} Middleware function that validates JWT tokens
+ *
+ * @example
+ * // Simple JWT authentication
+ * const jwt = new JWT({ secret: process.env.JWT_SECRET });
+ *
+ * const jwtAuth = authJWT({
+ *   jwt,
+ *   validate: (payload) => payload.exp > Date.now() / 1000, // Check expiration
+ *   ctxProp: "auth" // Store in ctx.auth
+ * });
+ *
+ * @example
+ * // JWT with custom payload validation
+ * interface MyPayload extends JwtPayload<{}> {
+ *   userId: string;
+ *   role: string;
+ *   permissions: string[];
+ * }
+ *
+ * const jwt = new JWT<MyPayload>({ secret: process.env.JWT_SECRET });
+ *
+ * const jwtAuth = authJWT<MyPayload>({
+ *   jwt,
+ *   validate: (payload) => {
+ *     // Custom business logic
+ *     if (!payload.userId) return false;
+ *     if (payload.role !== "admin") return false;
+ *     return true;
+ *   },
+ *   verifyOptions: {
+ *     algorithms: ["HS256"],
+ *     maxAge: "2h"
+ *   }
+ * });
+ */
+export declare const authJWT: <Payload extends JwtPayload<{}>, Context extends CTXJWTAuth<Payload, prop>, prop extends string = "jwtAuth">({ jwt, validate, verifyOptions, ctxProp, }: {
+    jwt: JWT<Payload>;
+    validate?: (payload: Payload) => boolean;
+    verifyOptions?: JwtVerifyOptions;
+    ctxProp?: prop;
+}) => (req: Request, ctx: Context) => Response | undefined;
+//# sourceMappingURL=middlewares.d.ts.map

package/dist/middlewares.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middlewares.d.ts","sourceRoot":"","sources":["../src/middlewares.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAU,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAS,WAAW,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAGhE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,eAAO,MAAM,SAAS,GAAI,OAAO,SAAS,aAAa,GAAG,UAAU,EAAE,QAAQ;IAC5E,GAAG,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC;IAC5C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACvC,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC,WA0BgB,OAAO,OAAO,OAAO,yBA4DrC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,eAAO,MAAM,IAAI,GAAI,OAAO,SAAS,aAAa,EAAE,SAAS;IAC3D,OAAO,EAAE,GAAG,GAAG,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,OAAO,CAAC,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;IAC9B,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACjC,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACjC,WAAW,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,MAcS,KAAK,OAAO,EAAE,KAAK,OAAO,yBA8CnC,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,YAAY,CAAC,IAAI,SAAS,MAAM,GAAG,WAAW,IAAI,aAAa,GAAG;KAC3E,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE;QACZ,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;KACd,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;CACxB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,eAAO,MAAM,SAAS,GACpB,OAAO,SAAS,YAAY,EAC5B,IAAI,SAAS,MAAM,GAAG,WAAW,EACjC,mDAMC;IACD,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;IACjE,IAAI,CAAC,EAAE,KAAK,GAAG,QAAQ,CAAC;IACxB,SAAS,CAAC,EAAE,GAAG,GAAG,GAAG,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,IAAI,CAAC;CAChB,MACS,KAAK,OAAO,EAAE,KAAK,OAAO,yBAwBnC,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,aAAa,CAAC,IAAI,SAAS,MAAM,GAAG,YAAY,IAC1D,aAAa,GAAG;KACb,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE;QACZ,MAAM,EAAE,MAAM,CAAC;KAChB,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;CACxB,CAAC;AAEJ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,eAAO,MAAM,UAAU,GACrB,OAAO,SAAS,aAAa,EAC7B,IAAI,SAAS,MAAM,GAAG,YAAY,EAClC,sBAGC;IACD,MAAM,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;IACpC,OAAO,CAAC,EAAE,IAAI,CAAC;CAChB,MACS,KAAK,OAAO,EAAE,KAAK,OAAO,yBAOnC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,UAAU,CACpB,OAAO,SAAS,UAAU,CAAC,EAAE,CAAC,EAC9B,IAAI,SAAS,MAAM,GAAG,SAAS,IAC7B,aAAa,GAAG;KACjB,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE;QACZ,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAClB,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,OAAO,CAAC;KAClB,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;CACxB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+CG;AACH,eAAO,MAAM,OAAO,GAClB,OAAO,SAAS,UAAU,CAAC,EAAE,CAAC,EAC9B,OAAO,SAAS,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,EACzC,IAAI,SAAS,MAAM,GAAG,SAAS,EAC/B,4CAKC;IACD,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAClB,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC;IACzC,aAAa,CAAC,EAAE,gBAAgB,CAAC;IACjC,OAAO,CAAC,EAAE,IAAI,CAAC;CAChB,MACS,KAAK,OAAO,EAAE,KAAK,OAAO,yBAcnC,CAAC"}

package/dist/middlewares.js

@@ -0,0 +1,359 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authJWT = exports.authAPIKey = exports.authBasic = exports.cors = exports.limitRate = void 0;
+const helpers_js_1 = require("./helpers.js");
+const cache_1 = require("@bepalo/cache");
+const time_1 = require("@bepalo/time");
+/**
+ * Creates a rate limiting middleware using token bucket algorithm.
+ * Supports both fixed interval refill and continuous rate-based refill.
+ *
+ * @template Context - Must extend RouterContext & CTXAddress
+ * @param {Object} config - Rate limiting configuration
+ * @param {Function} config.key - Function to generate cache key from request and context
+ * @param {number} [config.refillInterval] - Fixed interval in milliseconds for token refill
+ * @param {number} [config.refillRate] - Continuous refill rate in tokens per second (or custom denominator)
+ * @param {number} config.maxTokens - Maximum number of tokens in the bucket
+ * @param {number} [config.refillTimeSecondsDenominator=1000] - Denominator for time calculations (default: 1000 = seconds)
+ * @param {Function} [config.now=Date.now] - Function returning current timestamp in milliseconds
+ * @param {CacheConfig<string, any>} [config.cacheConfig] - Configuration for the underlying cache
+ * @param {boolean} [config.setXRateLimitHeaders=false] - Whether to set X-RateLimit headers in response
+ * @returns {Function} Middleware function that enforces rate limits
+ *
+ * @example
+ * // Fixed interval rate limiting (10 requests per minute)
+ * const rateLimiter = limitRate({
+ *   key: (req, ctx) => ctx.address.address, // IP-based limiting
+ *   refillInterval: 60 * 1000, // 1 minute
+ *   refillRate: 10, // 10 tokens per interval
+ *   maxTokens: 10,
+ *   setXRateLimitHeaders: true
+ * });
+ *
+ * @example
+ * // Continuous rate limiting (100 requests per hour)
+ * const rateLimiter = limitRate({
+ *   key: (req, ctx) => req.headers.get('x-user-id') || 'anonymous',
+ *   refillRate: 100 / (60 * 60), // 100 tokens per hour
+ *   maxTokens: 100,
+ *   refillTimeSecondsDenominator: 1 // Use seconds as time unit
+ * });
+ *
+ * @throws {Error} If neither refillInterval nor refillRate is provided
+ */
+const limitRate = (config) => {
+    const { key, refillInterval, refillRate, maxTokens, refillTimeSecondsDenominator = 1000, now = () => Date.now(), cacheConfig = {
+        now: () => Date.now(),
+        // defaultMaxAgse: Time.for(10).seconds._ms,
+        defaultMaxAge: time_1.Time.for(1).hour._ms,
+        cleanupInterval: time_1.Time.every(10).minutes._ms,
+        onGetMiss: (cache, key, reason) => {
+            cache.set(key, { tokens: maxTokens, lastRefill: now() });
+            return true;
+        },
+    }, setXRateLimitHeaders = false, } = config;
+    let rateLimits = new cache_1.Cache(cacheConfig);
+    if (refillInterval) {
+        return (req, ctx) => {
+            var _a;
+            const id = key(req, ctx);
+            const entry = (_a = rateLimits.get(id)) === null || _a === void 0 ? void 0 : _a.value;
+            const timeElapsed = now() - entry.lastRefill;
+            if (timeElapsed >= refillInterval) {
+                if (refillRate) {
+                    const newTokens = entry.tokens +
+                        refillRate * Math.floor(timeElapsed / refillInterval);
+                    entry.tokens = Math.min(newTokens, maxTokens);
+                    entry.lastRefill = now();
+                }
+                else {
+                    entry.tokens = maxTokens;
+                    entry.lastRefill = now();
+                }
+            }
+            if (entry.tokens <= 0) {
+                ctx.headers.set("Retry-After", Math.ceil((refillInterval - timeElapsed) / refillTimeSecondsDenominator).toFixed());
+                return (0, helpers_js_1.status)(429);
+            }
+            else {
+                entry.tokens--;
+            }
+            if (setXRateLimitHeaders) {
+                ctx.headers.set("X-RateLimit-Limit", maxTokens.toFixed());
+                ctx.headers.set("X-RateLimit-Remaining", entry.tokens.toFixed());
+            }
+        };
+    }
+    else if (refillRate) {
+        return (req, ctx) => {
+            var _a;
+            const id = key(req, ctx);
+            const entry = (_a = rateLimits.get(id)) === null || _a === void 0 ? void 0 : _a.value;
+            const timeElapsed = now() - entry.lastRefill;
+            const newTokens = entry.tokens +
+                (refillRate * timeElapsed) / refillTimeSecondsDenominator;
+            entry.tokens = Math.min(newTokens, maxTokens);
+            entry.lastRefill = now();
+            if (entry.tokens <= 0) {
+                ctx.headers.set("Retry-After", Math.ceil(1 / refillRate).toFixed());
+                return (0, helpers_js_1.status)(429);
+            }
+            else {
+                entry.tokens--;
+            }
+            if (setXRateLimitHeaders) {
+                ctx.headers.set("X-RateLimit-Limit", maxTokens.toFixed());
+                ctx.headers.set("X-RateLimit-Remaining", Math.max(0, entry.tokens).toFixed());
+            }
+        };
+    }
+    throw new Error("LIMIT-RATE: `refillInterval` or `refillRate` or both should be set");
+};
+exports.limitRate = limitRate;
+/**
+ * Creates a CORS (Cross-Origin Resource Sharing) middleware.
+ * Supports preflight requests and configurable CORS headers.
+ *
+ * @template Context - Must extend RouterContext
+ * @param {Object} [config] - CORS configuration
+ * @param {string|string[]|"*"} [config.origins="*"] - Allowed origins (wildcard "*", single origin, or array)
+ * @param {HttpMethod[]} [config.methods=["GET","HEAD","PUT","PATCH","POST","DELETE"]] - Allowed HTTP methods
+ * @param {string[]} [config.allowedHeaders=["Content-Type","Authorization"]] - Allowed request headers
+ * @param {string[]} [config.exposedHeaders] - Headers exposed to the browser
+ * @param {boolean} [config.credentials=false] - Allow credentials (cookies, authorization headers)
+ * @param {number} [config.maxAge=86400] - Maximum age for preflight cache in seconds
+ * @param {boolean} [config.varyOrigin=false] - Add Vary: Origin header for caching
+ * @returns {Function} Middleware function that handles CORS headers
+ *
+ * @example
+ * // Basic CORS with all defaults
+ * const corsMiddleware = cors();
+ *
+ * @example
+ * // Specific origins with credentials
+ * const corsMiddleware = cors({
+ *   origins: ["https://example.com", "https://api.example.com"],
+ *   credentials: true,
+ *   methods: ["GET", "POST", "PUT", "DELETE"],
+ *   allowedHeaders: ["Content-Type", "Authorization", "X-Custom-Header"]
+ * });
+ *
+ * @throws {Error} If credentials is true with wildcard origin ("*")
+ */
+const cors = (config) => {
+    const { origins = "*", methods = ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"], allowedHeaders = ["Content-Type", "Authorization"], exposedHeaders, credentials = false, maxAge = 86400, varyOrigin = false, } = config !== null && config !== void 0 ? config : {};
+    const globOrigin = origins === "*" ? "*" : null;
+    const originsSet = new Set(typeof origins !== "string" ? origins : origins !== "*" ? [] : [origins]);
+    return (req, ctx) => {
+        const origin = req.headers.get("origin");
+        let corsOrigin = null;
+        if (!origin) {
+            return;
+        }
+        if (globOrigin) {
+            corsOrigin = "*";
+        }
+        else {
+            corsOrigin = originsSet.has(origin) ? origin : null;
+        }
+        if (!corsOrigin) {
+            if (varyOrigin)
+                ctx.headers.append("Vary", "Origin");
+            return;
+        }
+        ctx.headers.set("Access-Control-Allow-Origin", corsOrigin);
+        if (credentials) {
+            if (corsOrigin === "*")
+                throw new Error("CORS: Cannot use credentials with wildcard origin");
+            ctx.headers.set("Access-Control-Allow-Credentials", "true");
+        }
+        if (exposedHeaders && exposedHeaders.length > 0) {
+            ctx.headers.set("Access-Control-Expose-Headers", exposedHeaders.join(", "));
+        }
+        if (varyOrigin) {
+            ctx.headers.append("Vary", "Origin");
+        }
+        if (req.method === "OPTIONS") {
+            if (methods && methods.length > 0) {
+                ctx.headers.set("Access-Control-Allow-Methods", methods.join(", "));
+            }
+            if (allowedHeaders && allowedHeaders.length > 0) {
+                ctx.headers.set("Access-Control-Allow-Headers", allowedHeaders.join(", "));
+            }
+            if (maxAge) {
+                ctx.headers.set("Access-Control-Max-Age", maxAge.toString());
+            }
+            return (0, helpers_js_1.status)(204, null);
+        }
+    };
+};
+exports.cors = cors;
+/**
+ * Creates a Basic Authentication middleware.
+ * Supports RFC 7617 Basic Authentication scheme.
+ *
+ * @template Context - Must extend CTXBasicAuth
+ * @template {string} prop - Property name to store auth data in context
+ * @param {Object} config - Basic Authentication configuration
+ * @param {Map<string, {pass: string} & Record<string, any>>} config.credentials - Map of usernames to user data (must include 'pass')
+ * @param {"raw"|"base64"} [config.type="raw"] - Credential encoding type
+ * @param {":"|" "} [config.separator=":"] - Separator between username and password
+ * @param {string} [config.realm="Protected"] - Authentication realm
+ * @param {prop} [config.ctxProp="basicAuth"] - Context property name for auth data
+ * @returns {Function} Middleware function that validates Basic Authentication
+ *
+ * @example
+ * // Simple username/password authentication
+ * const users = new Map();
+ * users.set("admin", { pass: "secret123", role: "admin", permissions: ["read", "write"] });
+ * users.set("user", { pass: "password", role: "user", permissions: ["read"] });
+ *
+ * const basicAuth = authBasic({
+ *   credentials: users,
+ *   realm: "My API",
+ *   ctxProp: "user" // Store in ctx.user instead of ctx.basicAuth
+ * });
+ */
+const authBasic = ({ credentials, type = "raw", separator = ":", realm = "Protected", ctxProp = "basicAuth", }) => {
+    return (req, ctx) => {
+        const authorization = req.headers.get("authorization");
+        ctx.headers.set("WWW-Authenticate", `Basic realm="${realm}", charset="UTF-8"`);
+        if (!authorization)
+            return (0, helpers_js_1.status)(401);
+        const [scheme, creds] = authorization.split(" ", 2);
+        if (scheme.toLowerCase() !== "basic" || !creds)
+            return (0, helpers_js_1.status)(401);
+        let xcreds;
+        try {
+            xcreds = type === "base64" ? atob(creds) : creds;
+        }
+        catch (_a) {
+            return (0, helpers_js_1.status)(401);
+        }
+        const [username, password] = xcreds.split(separator, 2);
+        if (!username || !password)
+            return (0, helpers_js_1.status)(401);
+        const user = credentials.get(username);
+        if (!user || password !== user.pass)
+            return (0, helpers_js_1.status)(401);
+        ctx[ctxProp] = {
+            username,
+            role: user.role,
+        };
+    };
+};
+exports.authBasic = authBasic;
+/**
+ * Creates an API Key Authentication middleware.
+ * Validates API keys from X-API-Key header.
+ *
+ * @template Context - Must extend CTXAPIKeyAuth
+ * @template {string} prop - Property name to store auth data in context
+ * @param {Object} config - API Key Authentication configuration
+ * @param {Function} config.verify - Function to verify API key (returns boolean)
+ * @param {prop} [config.ctxProp="apiKeyAuth"] - Context property name for auth data
+ * @returns {Function} Middleware function that validates API keys
+ *
+ * @example
+ * // API key validation with database lookup
+ * const apiKeys = new Set(["abc123", "def456", "ghi789"]);
+ *
+ * const apiKeyAuth = authAPIKey({
+ *   verify: (apiKey) => apiKeys.has(apiKey),
+ *   ctxProp: "apiClient" // Store in ctx.apiClient
+ * });
+ *
+ * @example
+ * // API key with additional validation
+ * const apiKeyAuth = authAPIKey({
+ *   verify: (apiKey) => {
+ *     // Validate format
+ *     if (!apiKey.startsWith("sk_")) return false;
+ *
+ *     // Check against database
+ *     return db.apiKeys.isValid(apiKey);
+ *   }
+ * });
+ */
+const authAPIKey = ({ verify, ctxProp = "apiKeyAuth", }) => {
+    return (req, ctx) => {
+        const apiKey = req.headers.get("X-API-Key");
+        if (!apiKey || !verify(apiKey))
+            return (0, helpers_js_1.status)(401);
+        ctx[ctxProp] = {
+            apiKey,
+        };
+    };
+};
+exports.authAPIKey = authAPIKey;
+/**
+ * Creates a JWT (JSON Web Token) Authentication middleware.
+ * Validates Bearer tokens from Authorization header.
+ *
+ * @template {JwtPayload<{}>} Payload - JWT payload type
+ * @template Context - Must extend CTXJWTAuth<Payload, prop>
+ * @template {string} prop - Property name to store auth data in context
+ * @param {Object} config - JWT Authentication configuration
+ * @param {JWT<Payload>} config.jwt - JWT instance for verification
+ * @param {Function} [config.validate] - Additional payload validation function
+ * @param {JwtVerifyOptions} [config.verifyOptions] - JWT verification options
+ * @param {prop} [config.ctxProp="jwtAuth"] - Context property name for auth data
+ * @returns {Function} Middleware function that validates JWT tokens
+ *
+ * @example
+ * // Simple JWT authentication
+ * const jwt = new JWT({ secret: process.env.JWT_SECRET });
+ *
+ * const jwtAuth = authJWT({
+ *   jwt,
+ *   validate: (payload) => payload.exp > Date.now() / 1000, // Check expiration
+ *   ctxProp: "auth" // Store in ctx.auth
+ * });
+ *
+ * @example
+ * // JWT with custom payload validation
+ * interface MyPayload extends JwtPayload<{}> {
+ *   userId: string;
+ *   role: string;
+ *   permissions: string[];
+ * }
+ *
+ * const jwt = new JWT<MyPayload>({ secret: process.env.JWT_SECRET });
+ *
+ * const jwtAuth = authJWT<MyPayload>({
+ *   jwt,
+ *   validate: (payload) => {
+ *     // Custom business logic
+ *     if (!payload.userId) return false;
+ *     if (payload.role !== "admin") return false;
+ *     return true;
+ *   },
+ *   verifyOptions: {
+ *     algorithms: ["HS256"],
+ *     maxAge: "2h"
+ *   }
+ * });
+ */
+const authJWT = ({ jwt, validate, verifyOptions, ctxProp = "jwtAuth", }) => {
+    return (req, ctx) => {
+        var _a;
+        const authorization = req.headers.get("authorization");
+        if (!authorization)
+            return (0, helpers_js_1.status)(401);
+        const [scheme, token] = authorization.split(" ", 2);
+        if (scheme.toLowerCase() !== "bearer" || !token)
+            return (0, helpers_js_1.status)(401);
+        const result = jwt.verifySync(token, verifyOptions);
+        if (!result.payload)
+            return (0, helpers_js_1.status)(401, (_a = result.error) === null || _a === void 0 ? void 0 : _a.message);
+        if (validate && !validate(result.payload))
+            return (0, helpers_js_1.status)(401);
+        ctx[ctxProp] = {
+            jwt,
+            token,
+            payload: result.payload,
+        };
+    };
+};
+exports.authJWT = authJWT;
+//# sourceMappingURL=middlewares.js.map

package/dist/middlewares.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middlewares.js","sourceRoot":"","sources":["../src/middlewares.ts"],"names":[],"mappings":";;;AAAA,6CAAkD;AAGlD,yCAAmD;AAEnD,uCAAoC;AAEpC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACI,MAAM,SAAS,GAAG,CAA6C,MASrE,EAAE,EAAE;IACH,MAAM,EACJ,GAAG,EACH,cAAc,EACd,UAAU,EACV,SAAS,EACT,4BAA4B,GAAG,IAAI,EACnC,GAAG,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,EACtB,WAAW,GAAG;QACZ,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE;QACrB,4CAA4C;QAC5C,aAAa,EAAE,WAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG;QACnC,eAAe,EAAE,WAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG;QAC3C,SAAS,EAAE,CAAC,KAAyB,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE;YACpD,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACzD,OAAO,IAAI,CAAC;QACd,CAAC;KACF,EACD,oBAAoB,GAAG,KAAK,GAC7B,GAAG,MAAM,CAAC;IAKX,IAAI,UAAU,GAA8B,IAAI,aAAK,CAAC,WAAW,CAAC,CAAC;IACnE,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,CAAC,GAAY,EAAE,GAAY,EAAE,EAAE;;YACpC,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACzB,MAAM,KAAK,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,0CAAE,KAAmB,CAAC;YACtD,MAAM,WAAW,GAAG,GAAG,EAAE,GAAG,KAAK,CAAC,UAAU,CAAC;YAC7C,IAAI,WAAW,IAAI,cAAc,EAAE,CAAC;gBAClC,IAAI,UAAU,EAAE,CAAC;oBACf,MAAM,SAAS,GACb,KAAK,CAAC,MAAM;wBACZ,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,cAAc,CAAC,CAAC;oBACxD,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;oBAC9C,KAAK,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;gBAC3B,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC;oBACzB,KAAK,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;gBAC3B,CAAC;YACH,CAAC;YACD,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACtB,GAAG,CAAC,OAAO,CAAC,GAAG,CACb,aAAa,EACb,IAAI,CAAC,IAAI,CACP,CAAC,cAAc,GAAG,WAAW,CAAC,GAAG,4BAA4B,CAC9D,CAAC,OAAO,EAAE,CACZ,CAAC;gBACF,OAAO,IAAA,mBAAM,EAAC,GAAG,CAAC,CAAC;YACrB,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,CAAC;YACD,IAAI,oBAAoB,EAAE,CAAC;gBACzB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC1D,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;SAAM,IAAI,UAAU,EAAE,CAAC;QACtB,OAAO,CAAC,GAAY,EAAE,GAAY,EAAE,EAAE;;YACpC,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACzB,MAAM,KAAK,GAAG,MAAA,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,0CAAE,KAAmB,CAAC;YACtD,MAAM,WAAW,GAAG,GAAG,EAAE,GAAG,KAAK,CAAC,UAAU,CAAC;YAC7C,MAAM,SAAS,GACb,KAAK,CAAC,MAAM;gBACZ,CAAC,UAAU,GAAG,WAAW,CAAC,GAAG,4BAA4B,CAAC;YAC5D,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YAC9C,KAAK,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;YACzB,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACtB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;gBACpE,OAAO,IAAA,mBAAM,EAAC,GAAG,CAAC,CAAC;YACrB,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,CAAC;YACD,IAAI,oBAAoB,EAAE,CAAC;gBACzB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC1D,GAAG,CAAC,OAAO,CAAC,GAAG,CACb,uBAAuB,EACvB,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,CACpC,CAAC;YACJ,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;AACJ,CAAC,CAAC;AA/FW,QAAA,SAAS,aA+FpB;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACI,MAAM,IAAI,GAAG,CAAgC,MAQnD,EAAE,EAAE;IACH,MAAM,EACJ,OAAO,GAAG,GAAG,EACb,OAAO,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAC3D,cAAc,GAAG,CAAC,cAAc,EAAE,eAAe,CAAC,EAClD,cAAc,EACd,WAAW,GAAG,KAAK,EACnB,MAAM,GAAG,KAAK,EACd,UAAU,GAAG,KAAK,GACnB,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,EAAE,CAAC;IACjB,MAAM,UAAU,GAAG,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IAChD,MAAM,UAAU,GAAG,IAAI,GAAG,CACxB,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CACzE,CAAC;IACF,OAAO,CAAC,GAAY,EAAE,GAAY,EAAE,EAAE;QACpC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,UAAU,GAAkB,IAAI,CAAC;QACrC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;QACT,CAAC;QACD,IAAI,UAAU,EAAE,CAAC;YACf,UAAU,GAAG,GAAG,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;QACtD,CAAC;QACD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,IAAI,UAAU;gBAAE,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrD,OAAO;QACT,CAAC;QACD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,UAAU,CAAC,CAAC;QAC3D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,UAAU,KAAK,GAAG;gBACpB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,kCAAkC,EAAE,MAAM,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,GAAG,CAAC,OAAO,CAAC,GAAG,CACb,+BAA+B,EAC/B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAC1B,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,EAAE,CAAC;YACf,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC7B,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,8BAA8B,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YACtE,CAAC;YACD,IAAI,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChD,GAAG,CAAC,OAAO,CAAC,GAAG,CACb,8BAA8B,EAC9B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAC1B,CAAC;YACJ,CAAC;YACD,IAAI,MAAM,EAAE,CAAC;gBACX,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC/D,CAAC;YACD,OAAO,IAAA,mBAAM,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC;AACJ,CAAC,CAAC;AApEW,QAAA,IAAI,QAoEf;AAcF;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACI,MAAM,SAAS,GAAG,CAGvB,EACA,WAAW,EACX,IAAI,GAAG,KAAK,EACZ,SAAS,GAAG,GAAG,EACf,KAAK,GAAG,WAAW,EACnB,OAAO,GAAG,WAAmB,GAO9B,EAAE,EAAE;IACH,OAAO,CAAC,GAAY,EAAE,GAAY,EAAE,EAAE;QACpC,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACvD,GAAG,CAAC,OAAO,CAAC,GAAG,CACb,kBAAkB,EAClB,gBAAgB,KAAK,oBAAoB,CAC1C,CAAC;QACF,IAAI,CAAC,aAAa;YAAE,OAAO,IAAA,mBAAM,EAAC,GAAG,CAAC,CAAC;QACvC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACpD,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,OAAO,IAAI,CAAC,KAAK;YAAE,OAAO,IAAA,mBAAM,EAAC,GAAG,CAAC,CAAC;QACnE,IAAI,MAAM,CAAC;QACX,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACnD,CAAC;QAAC,WAAM,CAAC;YACP,OAAO,IAAA,mBAAM,EAAC,GAAG,CAAC,CAAC;QACrB,CAAC;QACD,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QACxD,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAA,mBAAM,EAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,IAAI,QAAQ,KAAK,IAAI,CAAC,IAAI;YAAE,OAAO,IAAA,mBAAM,EAAC,GAAG,CAAC,CAAC;QACvD,GAA4B,CAAC,OAAO,CAAC,GAAG;YACvC,QAAQ;YACR,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC;AAxCW,QAAA,SAAS,aAwCpB;AAcF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACI,MAAM,UAAU,GAAG,CAGxB,EACA,MAAM,EACN,OAAO,GAAG,YAAoB,GAI/B,EAAE,EAAE;IACH,OAAO,CAAC,GAAY,EAAE,GAAY,EAAE,EAAE;QACpC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC5C,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;YAAE,OAAO,IAAA,mBAAM,EAAC,GAAG,CAAC,CAAC;QAClD,GAA4B,CAAC,OAAO,CAAC,GAAG;YACvC,MAAM;SACP,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC;AAjBW,QAAA,UAAU,cAiBrB;AAmBF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+CG;AACI,MAAM,OAAO,GAAG,CAIrB,EACA,GAAG,EACH,QAAQ,EACR,aAAa,EACb,OAAO,GAAG,SAAiB,GAM5B,EAAE,EAAE;IACH,OAAO,CAAC,GAAY,EAAE,GAAY,EAAE,EAAE;;QACpC,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACvD,IAAI,CAAC,aAAa;YAAE,OAAO,IAAA,mBAAM,EAAC,GAAG,CAAC,CAAC;QACvC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACpD,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK;YAAE,OAAO,IAAA,mBAAM,EAAC,GAAG,CAAC,CAAC;QACpE,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;QACpD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO,IAAA,mBAAM,EAAC,GAAG,EAAE,MAAA,MAAM,CAAC,KAAK,0CAAE,OAAO,CAAC,CAAC;QAC/D,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC;YAAE,OAAO,IAAA,mBAAM,EAAC,GAAG,CAAC,CAAC;QAC7D,GAA4B,CAAC,OAAO,CAAC,GAAG;YACvC,GAAG;YACH,KAAK;YACL,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC;AA7BW,QAAA,OAAO,WA6BlB"}