@brightchain/brightchain-api-lib 0.24.1 → 0.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +4 -3
- package/src/lib/application.d.ts +3 -14
- package/src/lib/application.d.ts.map +1 -1
- package/src/lib/application.js +121 -44
- package/src/lib/application.js.map +1 -1
- package/src/lib/auth/aclDocumentStore.d.ts +90 -0
- package/src/lib/auth/aclDocumentStore.d.ts.map +1 -0
- package/src/lib/auth/aclDocumentStore.js +155 -0
- package/src/lib/auth/aclDocumentStore.js.map +1 -0
- package/src/lib/auth/index.d.ts +4 -0
- package/src/lib/auth/index.d.ts.map +1 -1
- package/src/lib/auth/index.js +4 -0
- package/src/lib/auth/index.js.map +1 -1
- package/src/lib/auth/writeAclApiRouter.d.ts +32 -0
- package/src/lib/auth/writeAclApiRouter.d.ts.map +1 -0
- package/src/lib/auth/writeAclApiRouter.js +348 -0
- package/src/lib/auth/writeAclApiRouter.js.map +1 -0
- package/src/lib/auth/writeAclAuditLogger.d.ts +94 -0
- package/src/lib/auth/writeAclAuditLogger.d.ts.map +1 -0
- package/src/lib/auth/writeAclAuditLogger.js +143 -0
- package/src/lib/auth/writeAclAuditLogger.js.map +1 -0
- package/src/lib/auth/writeProofMiddleware.d.ts +39 -0
- package/src/lib/auth/writeProofMiddleware.d.ts.map +1 -0
- package/src/lib/auth/writeProofMiddleware.js +56 -0
- package/src/lib/auth/writeProofMiddleware.js.map +1 -0
- package/src/lib/availability/aclDocumentSyncHandler.d.ts +39 -0
- package/src/lib/availability/aclDocumentSyncHandler.d.ts.map +1 -0
- package/src/lib/availability/aclDocumentSyncHandler.js +81 -0
- package/src/lib/availability/aclDocumentSyncHandler.js.map +1 -0
- package/src/lib/availability/gossipService.d.ts +4 -1
- package/src/lib/availability/gossipService.d.ts.map +1 -1
- package/src/lib/availability/gossipService.js +15 -1
- package/src/lib/availability/gossipService.js.map +1 -1
- package/src/lib/availability/headUpdateSyncHandler.d.ts +32 -0
- package/src/lib/availability/headUpdateSyncHandler.d.ts.map +1 -0
- package/src/lib/availability/headUpdateSyncHandler.js +78 -0
- package/src/lib/availability/headUpdateSyncHandler.js.map +1 -0
- package/src/lib/availability/index.d.ts +2 -0
- package/src/lib/availability/index.d.ts.map +1 -1
- package/src/lib/availability/index.js +2 -0
- package/src/lib/availability/index.js.map +1 -1
- package/src/lib/constants.d.ts.map +1 -1
- package/src/lib/constants.js +2 -0
- package/src/lib/constants.js.map +1 -1
- package/src/lib/controllers/api/brighthub/connectionController.d.ts +6 -0
- package/src/lib/controllers/api/brighthub/connectionController.d.ts.map +1 -1
- package/src/lib/controllers/api/brighthub/connectionController.js +158 -11
- package/src/lib/controllers/api/brighthub/connectionController.js.map +1 -1
- package/src/lib/controllers/api/brighthub/messagingController.d.ts +6 -0
- package/src/lib/controllers/api/brighthub/messagingController.d.ts.map +1 -1
- package/src/lib/controllers/api/brighthub/messagingController.js +190 -58
- package/src/lib/controllers/api/brighthub/messagingController.js.map +1 -1
- package/src/lib/controllers/api/brighthub/postController.d.ts +12 -3
- package/src/lib/controllers/api/brighthub/postController.d.ts.map +1 -1
- package/src/lib/controllers/api/brighthub/postController.js +60 -0
- package/src/lib/controllers/api/brighthub/postController.js.map +1 -1
- package/src/lib/controllers/api/brighthub/timelineController.d.ts +19 -0
- package/src/lib/controllers/api/brighthub/timelineController.d.ts.map +1 -1
- package/src/lib/controllers/api/brighthub/timelineController.js +133 -0
- package/src/lib/controllers/api/brighthub/timelineController.js.map +1 -1
- package/src/lib/controllers/api/emails.d.ts +4 -1
- package/src/lib/controllers/api/emails.d.ts.map +1 -1
- package/src/lib/controllers/api/emails.js +28 -1
- package/src/lib/controllers/api/emails.js.map +1 -1
- package/src/lib/controllers/api/user.d.ts.map +1 -1
- package/src/lib/controllers/api/user.js +10 -0
- package/src/lib/controllers/api/user.js.map +1 -1
- package/src/lib/databaseInit.d.ts +7 -11
- package/src/lib/databaseInit.d.ts.map +1 -1
- package/src/lib/databaseInit.js +41 -97
- package/src/lib/databaseInit.js.map +1 -1
- package/src/lib/datastore/block-document-store-factory.d.ts +3 -0
- package/src/lib/datastore/block-document-store-factory.d.ts.map +1 -1
- package/src/lib/datastore/block-document-store-factory.js +15 -18
- package/src/lib/datastore/block-document-store-factory.js.map +1 -1
- package/src/lib/datastore/block-document-store.d.ts +2 -191
- package/src/lib/datastore/block-document-store.d.ts.map +1 -1
- package/src/lib/datastore/block-document-store.js +4 -628
- package/src/lib/datastore/block-document-store.js.map +1 -1
- package/src/lib/datastore/document-store.d.ts +1 -62
- package/src/lib/datastore/document-store.d.ts.map +1 -1
- package/src/lib/datastore/memory-document-store.d.ts +1 -8
- package/src/lib/datastore/memory-document-store.d.ts.map +1 -1
- package/src/lib/datastore/memory-document-store.js +3 -214
- package/src/lib/datastore/memory-document-store.js.map +1 -1
- package/src/lib/environment.d.ts +3 -20
- package/src/lib/environment.d.ts.map +1 -1
- package/src/lib/environment.js +2 -45
- package/src/lib/environment.js.map +1 -1
- package/src/lib/factories/blockStoreFactory.d.ts.map +1 -1
- package/src/lib/factories/blockStoreFactory.js +4 -1
- package/src/lib/factories/blockStoreFactory.js.map +1 -1
- package/src/lib/interfaces/environment.d.ts +23 -2
- package/src/lib/interfaces/environment.d.ts.map +1 -1
- package/src/lib/interfaces/responses/brighthub/api-post-response.d.ts +8 -1
- package/src/lib/interfaces/responses/brighthub/api-post-response.d.ts.map +1 -1
- package/src/lib/middleware/index.d.ts +1 -1
- package/src/lib/middleware/index.d.ts.map +1 -1
- package/src/lib/middleware/index.js +3 -2
- package/src/lib/middleware/index.js.map +1 -1
- package/src/lib/middleware/validateBody.d.ts +1 -12
- package/src/lib/middleware/validateBody.d.ts.map +1 -1
- package/src/lib/middleware/validateBody.js +4 -32
- package/src/lib/middleware/validateBody.js.map +1 -1
- package/src/lib/middlewares.d.ts.map +1 -1
- package/src/lib/middlewares.js +7 -1
- package/src/lib/middlewares.js.map +1 -1
- package/src/lib/plugins/brightchain-database-plugin.d.ts +27 -79
- package/src/lib/plugins/brightchain-database-plugin.d.ts.map +1 -1
- package/src/lib/plugins/brightchain-database-plugin.js +27 -97
- package/src/lib/plugins/brightchain-database-plugin.js.map +1 -1
- package/src/lib/routers/api.d.ts +18 -1
- package/src/lib/routers/api.d.ts.map +1 -1
- package/src/lib/routers/api.js +24 -1
- package/src/lib/routers/api.js.map +1 -1
- package/src/lib/routers/app.d.ts.map +1 -1
- package/src/lib/routers/app.js +5 -2
- package/src/lib/routers/app.js.map +1 -1
- package/src/lib/services/auth.d.ts.map +1 -1
- package/src/lib/services/auth.js +37 -3
- package/src/lib/services/auth.js.map +1 -1
- package/src/lib/services/blockStore.d.ts +8 -1
- package/src/lib/services/blockStore.d.ts.map +1 -1
- package/src/lib/services/blockStore.js +19 -7
- package/src/lib/services/blockStore.js.map +1 -1
- package/src/lib/services/brightChainBackupCodeService.d.ts +42 -39
- package/src/lib/services/brightChainBackupCodeService.d.ts.map +1 -1
- package/src/lib/services/brightChainBackupCodeService.js +86 -61
- package/src/lib/services/brightChainBackupCodeService.js.map +1 -1
- package/src/lib/services/brighthub/collectionAdapter.d.ts +81 -0
- package/src/lib/services/brighthub/collectionAdapter.d.ts.map +1 -0
- package/src/lib/services/brighthub/collectionAdapter.js +127 -0
- package/src/lib/services/brighthub/collectionAdapter.js.map +1 -0
- package/src/lib/services/brighthub/connectionService.d.ts.map +1 -1
- package/src/lib/services/brighthub/connectionService.js +3 -0
- package/src/lib/services/brighthub/connectionService.js.map +1 -1
- package/src/lib/services/brighthub/messagingService.d.ts +4 -0
- package/src/lib/services/brighthub/messagingService.d.ts.map +1 -1
- package/src/lib/services/brighthub/messagingService.js +25 -4
- package/src/lib/services/brighthub/messagingService.js.map +1 -1
- package/src/lib/services/brighthub/notificationService.d.ts.map +1 -1
- package/src/lib/services/brighthub/notificationService.js +35 -20
- package/src/lib/services/brighthub/notificationService.js.map +1 -1
- package/src/lib/services/brighthub/postService.d.ts +7 -1
- package/src/lib/services/brighthub/postService.d.ts.map +1 -1
- package/src/lib/services/brighthub/postService.js +22 -1
- package/src/lib/services/brighthub/postService.js.map +1 -1
- package/src/lib/services/brighthub/userProfileService.d.ts +19 -1
- package/src/lib/services/brighthub/userProfileService.d.ts.map +1 -1
- package/src/lib/services/brighthub/userProfileService.js +74 -0
- package/src/lib/services/brighthub/userProfileService.js.map +1 -1
- package/src/lib/services/emailGateway/antiSpamFilter.d.ts +229 -0
- package/src/lib/services/emailGateway/antiSpamFilter.d.ts.map +1 -0
- package/src/lib/services/emailGateway/antiSpamFilter.js +325 -0
- package/src/lib/services/emailGateway/antiSpamFilter.js.map +1 -0
- package/src/lib/services/emailGateway/bounceProcessor.d.ts +171 -0
- package/src/lib/services/emailGateway/bounceProcessor.d.ts.map +1 -0
- package/src/lib/services/emailGateway/bounceProcessor.js +378 -0
- package/src/lib/services/emailGateway/bounceProcessor.js.map +1 -0
- package/src/lib/services/emailGateway/emailAuthVerifier.d.ts +99 -0
- package/src/lib/services/emailGateway/emailAuthVerifier.d.ts.map +1 -0
- package/src/lib/services/emailGateway/emailAuthVerifier.js +202 -0
- package/src/lib/services/emailGateway/emailAuthVerifier.js.map +1 -0
- package/src/lib/services/emailGateway/emailGatewayConfig.d.ts +73 -0
- package/src/lib/services/emailGateway/emailGatewayConfig.d.ts.map +1 -0
- package/src/lib/services/emailGateway/emailGatewayConfig.js +107 -0
- package/src/lib/services/emailGateway/emailGatewayConfig.js.map +1 -0
- package/src/lib/services/emailGateway/emailGatewayService.d.ts +152 -0
- package/src/lib/services/emailGateway/emailGatewayService.d.ts.map +1 -0
- package/src/lib/services/emailGateway/emailGatewayService.js +201 -0
- package/src/lib/services/emailGateway/emailGatewayService.js.map +1 -0
- package/src/lib/services/emailGateway/gatewayObservability.d.ts +123 -0
- package/src/lib/services/emailGateway/gatewayObservability.d.ts.map +1 -0
- package/src/lib/services/emailGateway/gatewayObservability.js +186 -0
- package/src/lib/services/emailGateway/gatewayObservability.js.map +1 -0
- package/src/lib/services/emailGateway/inboundProcessor.d.ts +113 -0
- package/src/lib/services/emailGateway/inboundProcessor.d.ts.map +1 -0
- package/src/lib/services/emailGateway/inboundProcessor.js +298 -0
- package/src/lib/services/emailGateway/inboundProcessor.js.map +1 -0
- package/src/lib/services/emailGateway/index.d.ts +23 -0
- package/src/lib/services/emailGateway/index.d.ts.map +1 -0
- package/src/lib/services/emailGateway/index.js +26 -0
- package/src/lib/services/emailGateway/index.js.map +1 -0
- package/src/lib/services/emailGateway/outboundDeliveryWorker.d.ts +111 -0
- package/src/lib/services/emailGateway/outboundDeliveryWorker.d.ts.map +1 -0
- package/src/lib/services/emailGateway/outboundDeliveryWorker.js +97 -0
- package/src/lib/services/emailGateway/outboundDeliveryWorker.js.map +1 -0
- package/src/lib/services/emailGateway/outboundQueue.d.ts +135 -0
- package/src/lib/services/emailGateway/outboundQueue.d.ts.map +1 -0
- package/src/lib/services/emailGateway/outboundQueue.js +227 -0
- package/src/lib/services/emailGateway/outboundQueue.js.map +1 -0
- package/src/lib/services/emailGateway/outboundQueueStore.d.ts +110 -0
- package/src/lib/services/emailGateway/outboundQueueStore.d.ts.map +1 -0
- package/src/lib/services/emailGateway/outboundQueueStore.js +131 -0
- package/src/lib/services/emailGateway/outboundQueueStore.js.map +1 -0
- package/src/lib/services/emailGateway/recipientLookupService.d.ts +135 -0
- package/src/lib/services/emailGateway/recipientLookupService.d.ts.map +1 -0
- package/src/lib/services/emailGateway/recipientLookupService.js +294 -0
- package/src/lib/services/emailGateway/recipientLookupService.js.map +1 -0
- package/src/lib/services/emailGateway/retryBackoff.d.ts +79 -0
- package/src/lib/services/emailGateway/retryBackoff.d.ts.map +1 -0
- package/src/lib/services/emailGateway/retryBackoff.js +77 -0
- package/src/lib/services/emailGateway/retryBackoff.js.map +1 -0
- package/src/lib/services/eventNotificationSystem.d.ts.map +1 -1
- package/src/lib/services/eventNotificationSystem.js.map +1 -1
- package/src/lib/services/index.d.ts +2 -1
- package/src/lib/services/index.d.ts.map +1 -1
- package/src/lib/services/index.js +2 -1
- package/src/lib/services/index.js.map +1 -1
- package/src/lib/services/quorumDatabaseAdapter.d.ts +7 -1
- package/src/lib/services/quorumDatabaseAdapter.d.ts.map +1 -1
- package/src/lib/services/quorumDatabaseAdapter.js +83 -0
- package/src/lib/services/quorumDatabaseAdapter.js.map +1 -1
- package/src/lib/services/sessionAdapter.d.ts +2 -61
- package/src/lib/services/sessionAdapter.d.ts.map +1 -1
- package/src/lib/services/sessionAdapter.js +2 -102
- package/src/lib/services/sessionAdapter.js.map +1 -1
- package/src/lib/shared-types.d.ts +7 -15
- package/src/lib/shared-types.d.ts.map +1 -1
- package/src/lib/stores/availabilityAwareBlockStore.d.ts +4 -3
- package/src/lib/stores/availabilityAwareBlockStore.d.ts.map +1 -1
- package/src/lib/stores/availabilityAwareBlockStore.js +5 -2
- package/src/lib/stores/availabilityAwareBlockStore.js.map +1 -1
- package/src/lib/stores/cloudBlockStoreBase.d.ts +2 -1
- package/src/lib/stores/cloudBlockStoreBase.d.ts.map +1 -1
- package/src/lib/stores/cloudBlockStoreBase.js +34 -13
- package/src/lib/stores/cloudBlockStoreBase.js.map +1 -1
- package/src/lib/stores/diskBlockAsyncStore.d.ts +21 -1
- package/src/lib/stores/diskBlockAsyncStore.d.ts.map +1 -1
- package/src/lib/stores/diskBlockAsyncStore.js +48 -17
- package/src/lib/stores/diskBlockAsyncStore.js.map +1 -1
- package/src/lib/stores/diskBlockStore.d.ts +10 -2
- package/src/lib/stores/diskBlockStore.d.ts.map +1 -1
- package/src/lib/stores/diskBlockStore.js +43 -19
- package/src/lib/stores/diskBlockStore.js.map +1 -1
- package/src/lib/types/backend-id.d.ts +1 -2
- package/src/lib/types/backend-id.d.ts.map +1 -1
- package/src/lib/utils/emailValidation.d.ts.map +1 -1
- package/src/lib/utils/emailValidation.js +2 -1
- package/src/lib/utils/emailValidation.js.map +1 -1
- package/src/lib/validation/userValidation.d.ts +2 -43
- package/src/lib/validation/userValidation.d.ts.map +1 -1
- package/src/lib/validation/userValidation.js +6 -144
- package/src/lib/validation/userValidation.js.map +1 -1
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* ACL Document Store - stores and retrieves Write ACL documents as signed blocks.
|
|
4
|
+
*
|
|
5
|
+
* Follows the PoolACLStore pattern: each ACL document is serialized to JSON
|
|
6
|
+
* (without creatorSignature), signed with the admin's ECDSA key, and stored
|
|
7
|
+
* as a block. On retrieval, the signature is verified against the signer's
|
|
8
|
+
* public key before the document is returned.
|
|
9
|
+
*
|
|
10
|
+
* Version chaining: each update references the previous ACL block ID via
|
|
11
|
+
* `previousVersionBlockId`, forming an auditable linked list.
|
|
12
|
+
*
|
|
13
|
+
* @see Requirements 2.1, 2.2, 2.3, 2.4, 2.5, 2.6
|
|
14
|
+
*/
|
|
15
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
|
+
exports.AclDocumentStore = void 0;
|
|
17
|
+
const tslib_1 = require("tslib");
|
|
18
|
+
const brightchain_lib_1 = require("@brightchain/brightchain-lib");
|
|
19
|
+
const crypto = tslib_1.__importStar(require("crypto"));
|
|
20
|
+
const ecdsaNodeAuthenticator_1 = require("./ecdsaNodeAuthenticator");
|
|
21
|
+
/**
|
|
22
|
+
* Stores and retrieves Write ACL documents as signed blocks.
|
|
23
|
+
*
|
|
24
|
+
* Uses an in-memory Map for block storage, following the PoolACLStore
|
|
25
|
+
* pattern. Block IDs are SHA-256 hashes of the stored content.
|
|
26
|
+
*
|
|
27
|
+
* @see Requirements 2.1, 2.2, 2.3, 2.4, 2.5, 2.6
|
|
28
|
+
*/
|
|
29
|
+
class AclDocumentStore {
|
|
30
|
+
blocks = new Map();
|
|
31
|
+
authenticator;
|
|
32
|
+
constructor(authenticator) {
|
|
33
|
+
this.authenticator = authenticator ?? new ecdsaNodeAuthenticator_1.ECDSANodeAuthenticator();
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Serialize an ACL document to JSON, sign it, and store as a block.
|
|
37
|
+
* Returns the block ID (SHA-256 hex of the stored content).
|
|
38
|
+
*
|
|
39
|
+
* The document is serialized using the shared serializeAclDocument helper
|
|
40
|
+
* (which handles Date → ISO string and Uint8Array → hex encoding).
|
|
41
|
+
* The creatorSignature field is excluded from the signed payload;
|
|
42
|
+
* the signature is stored separately in the SignedAclDocumentBlock envelope.
|
|
43
|
+
*
|
|
44
|
+
* @param doc - The ACL document to store (creatorSignature is ignored; a fresh signature is computed)
|
|
45
|
+
* @param signerPrivateKey - The admin's raw 32-byte secp256k1 private key
|
|
46
|
+
* @returns The block ID (SHA-256 hex digest)
|
|
47
|
+
* @see Requirements 2.1, 2.2, 2.3
|
|
48
|
+
*/
|
|
49
|
+
async storeAclDocument(doc, signerPrivateKey) {
|
|
50
|
+
// Serialize the document (the serialization includes creatorSignature,
|
|
51
|
+
// but we strip it for signing to match the PoolACLStore pattern)
|
|
52
|
+
const docForSigning = {
|
|
53
|
+
...doc,
|
|
54
|
+
creatorSignature: new Uint8Array(0), // zero-length placeholder for signing
|
|
55
|
+
};
|
|
56
|
+
const aclJson = (0, brightchain_lib_1.serializeAclDocument)(docForSigning);
|
|
57
|
+
const aclBytes = new TextEncoder().encode(aclJson);
|
|
58
|
+
// Sign the serialized JSON
|
|
59
|
+
const signature = await this.authenticator.signChallenge(aclBytes, signerPrivateKey);
|
|
60
|
+
// Derive the signer's public key
|
|
61
|
+
const ecdh = crypto.createECDH('secp256k1');
|
|
62
|
+
ecdh.setPrivateKey(Buffer.from(signerPrivateKey));
|
|
63
|
+
const publicKey = new Uint8Array(ecdh.getPublicKey());
|
|
64
|
+
const publicKeyHex = Buffer.from(publicKey).toString('hex');
|
|
65
|
+
const signedBlock = {
|
|
66
|
+
aclJson,
|
|
67
|
+
signatures: [
|
|
68
|
+
{
|
|
69
|
+
publicKeyHex,
|
|
70
|
+
signature: Buffer.from(signature).toString('hex'),
|
|
71
|
+
},
|
|
72
|
+
],
|
|
73
|
+
};
|
|
74
|
+
const blockBytes = new TextEncoder().encode(JSON.stringify(signedBlock));
|
|
75
|
+
const blockId = this.computeBlockId(blockBytes);
|
|
76
|
+
this.blocks.set(blockId, blockBytes);
|
|
77
|
+
return blockId;
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* Load an ACL document from a stored block, verifying the signature.
|
|
81
|
+
* Throws if the block doesn't exist or the signature is invalid.
|
|
82
|
+
*
|
|
83
|
+
* @param blockId - The block ID to load
|
|
84
|
+
* @returns The deserialized and verified ACL document
|
|
85
|
+
* @throws AclSignatureVerificationError if signature verification fails
|
|
86
|
+
* @see Requirements 2.3, 2.4
|
|
87
|
+
*/
|
|
88
|
+
async loadAclDocument(blockId) {
|
|
89
|
+
const blockBytes = this.blocks.get(blockId);
|
|
90
|
+
if (!blockBytes) {
|
|
91
|
+
throw new Error(`ACL document block not found: ${blockId}`);
|
|
92
|
+
}
|
|
93
|
+
const signedBlock = JSON.parse(new TextDecoder().decode(blockBytes));
|
|
94
|
+
if (signedBlock.signatures.length === 0) {
|
|
95
|
+
throw new brightchain_lib_1.AclSignatureVerificationError(blockId, 'ACL document block has no signatures');
|
|
96
|
+
}
|
|
97
|
+
// Verify the first signature
|
|
98
|
+
const firstSig = signedBlock.signatures[0];
|
|
99
|
+
const publicKey = new Uint8Array(Buffer.from(firstSig.publicKeyHex, 'hex'));
|
|
100
|
+
const signatureBytes = new Uint8Array(Buffer.from(firstSig.signature, 'hex'));
|
|
101
|
+
const aclBytes = new TextEncoder().encode(signedBlock.aclJson);
|
|
102
|
+
const isValid = await this.authenticator.verifySignature(aclBytes, signatureBytes, publicKey);
|
|
103
|
+
if (!isValid) {
|
|
104
|
+
throw new brightchain_lib_1.AclSignatureVerificationError(blockId, 'Signature verification failed');
|
|
105
|
+
}
|
|
106
|
+
// Deserialize the ACL document
|
|
107
|
+
const doc = (0, brightchain_lib_1.deserializeAclDocument)(signedBlock.aclJson);
|
|
108
|
+
// Attach the verified signature as the creatorSignature
|
|
109
|
+
doc.creatorSignature = signatureBytes;
|
|
110
|
+
return doc;
|
|
111
|
+
}
|
|
112
|
+
/**
|
|
113
|
+
* Update an ACL document: validates version increment, sets
|
|
114
|
+
* previousVersionBlockId to the current block ID, and stores
|
|
115
|
+
* the new version.
|
|
116
|
+
*
|
|
117
|
+
* @param currentBlockId - The block ID of the current ACL document
|
|
118
|
+
* @param updatedDoc - The updated ACL document
|
|
119
|
+
* @param signerPrivateKey - The admin's raw 32-byte secp256k1 private key
|
|
120
|
+
* @returns The new block ID
|
|
121
|
+
* @throws AclVersionConflictError if version is not strictly greater
|
|
122
|
+
* @see Requirements 2.5, 2.6
|
|
123
|
+
*/
|
|
124
|
+
async updateAclDocument(currentBlockId, updatedDoc, signerPrivateKey) {
|
|
125
|
+
// Load and verify the current document
|
|
126
|
+
const currentDoc = await this.loadAclDocument(currentBlockId);
|
|
127
|
+
// Validate version increment (must be strictly greater)
|
|
128
|
+
if (updatedDoc.version <= currentDoc.version) {
|
|
129
|
+
throw new brightchain_lib_1.AclVersionConflictError(currentDoc.version, updatedDoc.version, updatedDoc.scope.dbName, updatedDoc.scope.collectionName);
|
|
130
|
+
}
|
|
131
|
+
// Set chain reference to the current block
|
|
132
|
+
const chainedDoc = {
|
|
133
|
+
...updatedDoc,
|
|
134
|
+
previousVersionBlockId: currentBlockId,
|
|
135
|
+
};
|
|
136
|
+
return this.storeAclDocument(chainedDoc, signerPrivateKey);
|
|
137
|
+
}
|
|
138
|
+
/**
|
|
139
|
+
* Check whether a block exists in the store.
|
|
140
|
+
*/
|
|
141
|
+
hasBlock(blockId) {
|
|
142
|
+
return this.blocks.has(blockId);
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* Compute a block ID as the SHA-256 hex digest of the content.
|
|
146
|
+
*/
|
|
147
|
+
computeBlockId(content) {
|
|
148
|
+
return crypto
|
|
149
|
+
.createHash('sha256')
|
|
150
|
+
.update(Buffer.from(content))
|
|
151
|
+
.digest('hex');
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
exports.AclDocumentStore = AclDocumentStore;
|
|
155
|
+
//# sourceMappingURL=aclDocumentStore.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aclDocumentStore.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/auth/aclDocumentStore.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;;AAEH,kEAMsC;AACtC,uDAAiC;AAEjC,qEAAkE;AAelE;;;;;;;GAOG;AACH,MAAa,gBAAgB;IACR,MAAM,GAAG,IAAI,GAAG,EAAsB,CAAC;IACzC,aAAa,CAAyB;IAEvD,YAAY,aAAsC;QAChD,IAAI,CAAC,aAAa,GAAG,aAAa,IAAI,IAAI,+CAAsB,EAAE,CAAC;IACrE,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,gBAAgB,CACpB,GAAiB,EACjB,gBAA4B;QAE5B,uEAAuE;QACvE,iEAAiE;QACjE,MAAM,aAAa,GAAiB;YAClC,GAAG,GAAG;YACN,gBAAgB,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,sCAAsC;SAC5E,CAAC;QACF,MAAM,OAAO,GAAG,IAAA,sCAAoB,EAAC,aAAa,CAAC,CAAC;QACpD,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnD,2BAA2B;QAC3B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CACtD,QAAQ,EACR,gBAAgB,CACjB,CAAC;QAEF,iCAAiC;QACjC,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAC5C,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;QACtD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE5D,MAAM,WAAW,GAA2B;YAC1C,OAAO;YACP,UAAU,EAAE;gBACV;oBACE,YAAY;oBACZ,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;iBAClD;aACF;SACF,CAAC;QAEF,MAAM,UAAU,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAErC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,eAAe,CAAC,OAAe;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,iCAAiC,OAAO,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,WAAW,GAA2B,IAAI,CAAC,KAAK,CACpD,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CACrC,CAAC;QAEF,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,+CAA6B,CACrC,OAAO,EACP,sCAAsC,CACvC,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,MAAM,QAAQ,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;QAC5E,MAAM,cAAc,GAAG,IAAI,UAAU,CACnC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,KAAK,CAAC,CACvC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAE/D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,CACtD,QAAQ,EACR,cAAc,EACd,SAAS,CACV,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,+CAA6B,CACrC,OAAO,EACP,+BAA+B,CAChC,CAAC;QACJ,CAAC;QAED,+BAA+B;QAC/B,MAAM,GAAG,GAAG,IAAA,wCAAsB,EAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAExD,wDAAwD;QACxD,GAAG,CAAC,gBAAgB,GAAG,cAAc,CAAC;QAEtC,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,iBAAiB,CACrB,cAAsB,EACtB,UAAwB,EACxB,gBAA4B;QAE5B,uCAAuC;QACvC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;QAE9D,wDAAwD;QACxD,IAAI,UAAU,CAAC,OAAO,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YAC7C,MAAM,IAAI,yCAAuB,CAC/B,UAAU,CAAC,OAAO,EAClB,UAAU,CAAC,OAAO,EAClB,UAAU,CAAC,KAAK,CAAC,MAAM,EACvB,UAAU,CAAC,KAAK,CAAC,cAAc,CAChC,CAAC;QACJ,CAAC;QAED,2CAA2C;QAC3C,MAAM,UAAU,GAAiB;YAC/B,GAAG,UAAU;YACb,sBAAsB,EAAE,cAAc;SACvC,CAAC;QAEF,OAAO,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAe;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,OAAmB;QACxC,OAAO,MAAM;aACV,UAAU,CAAC,QAAQ,CAAC;aACpB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;aAC5B,MAAM,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;CACF;AA/KD,4CA+KC"}
|
package/src/lib/auth/index.d.ts
CHANGED
|
@@ -1,7 +1,11 @@
|
|
|
1
|
+
export * from './aclDocumentStore';
|
|
1
2
|
export * from './aclEnforcedAvailability';
|
|
2
3
|
export * from './aclEnforcedBlockStore';
|
|
3
4
|
export * from './ecdsaNodeAuthenticator';
|
|
4
5
|
export * from './poolAclBootstrap';
|
|
5
6
|
export * from './poolAclStore';
|
|
6
7
|
export { InsufficientQuorumError, PoolACLUpdater, type ACLUpdateProposal, } from './poolAclUpdater';
|
|
8
|
+
export * from './writeAclApiRouter';
|
|
9
|
+
export * from './writeAclAuditLogger';
|
|
10
|
+
export * from './writeProofMiddleware';
|
|
7
11
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC;AACzC,cAAc,oBAAoB,CAAC;AACnC,cAAc,gBAAgB,CAAC;AAC/B,OAAO,EACL,uBAAuB,EACvB,cAAc,EACd,KAAK,iBAAiB,GACvB,MAAM,kBAAkB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC;AACzC,cAAc,oBAAoB,CAAC;AACnC,cAAc,gBAAgB,CAAC;AAC/B,OAAO,EACL,uBAAuB,EACvB,cAAc,EACd,KAAK,iBAAiB,GACvB,MAAM,kBAAkB,CAAC;AAC1B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,wBAAwB,CAAC"}
|
package/src/lib/auth/index.js
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.PoolACLUpdater = exports.InsufficientQuorumError = void 0;
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
|
+
tslib_1.__exportStar(require("./aclDocumentStore"), exports);
|
|
5
6
|
tslib_1.__exportStar(require("./aclEnforcedAvailability"), exports);
|
|
6
7
|
tslib_1.__exportStar(require("./aclEnforcedBlockStore"), exports);
|
|
7
8
|
tslib_1.__exportStar(require("./ecdsaNodeAuthenticator"), exports);
|
|
@@ -10,4 +11,7 @@ tslib_1.__exportStar(require("./poolAclStore"), exports);
|
|
|
10
11
|
var poolAclUpdater_1 = require("./poolAclUpdater");
|
|
11
12
|
Object.defineProperty(exports, "InsufficientQuorumError", { enumerable: true, get: function () { return poolAclUpdater_1.InsufficientQuorumError; } });
|
|
12
13
|
Object.defineProperty(exports, "PoolACLUpdater", { enumerable: true, get: function () { return poolAclUpdater_1.PoolACLUpdater; } });
|
|
14
|
+
tslib_1.__exportStar(require("./writeAclApiRouter"), exports);
|
|
15
|
+
tslib_1.__exportStar(require("./writeAclAuditLogger"), exports);
|
|
16
|
+
tslib_1.__exportStar(require("./writeProofMiddleware"), exports);
|
|
13
17
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/auth/index.ts"],"names":[],"mappings":";;;;AAAA,oEAA0C;AAC1C,kEAAwC;AACxC,mEAAyC;AACzC,6DAAmC;AACnC,yDAA+B;AAC/B,mDAI0B;AAHxB,yHAAA,uBAAuB,OAAA;AACvB,gHAAA,cAAc,OAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/auth/index.ts"],"names":[],"mappings":";;;;AAAA,6DAAmC;AACnC,oEAA0C;AAC1C,kEAAwC;AACxC,mEAAyC;AACzC,6DAAmC;AACnC,yDAA+B;AAC/B,mDAI0B;AAHxB,yHAAA,uBAAuB,OAAA;AACvB,gHAAA,cAAc,OAAA;AAGhB,8DAAoC;AACpC,gEAAsC;AACtC,iEAAuC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview WriteAclApiRouter - Express router for Write ACL management endpoints.
|
|
3
|
+
*
|
|
4
|
+
* Provides REST API endpoints for managing Write ACLs, mounted alongside
|
|
5
|
+
* the existing `createDbRouter`. All mutating endpoints require
|
|
6
|
+
* `X-Acl-Admin-Signature` (hex-encoded ECDSA signature) and
|
|
7
|
+
* `X-Acl-Admin-PublicKey` headers from an ACL administrator.
|
|
8
|
+
*
|
|
9
|
+
* @see BrightDB Write ACLs design, WriteAclApiRouter section
|
|
10
|
+
* @see Requirements 9.1, 9.2, 9.3, 9.4, 9.5, 9.6
|
|
11
|
+
*/
|
|
12
|
+
import type { IAclDocument, ICapabilityToken, IWriteAclAuditLogger, IWriteAclService } from '@brightchain/brightchain-lib';
|
|
13
|
+
import { Router } from 'express';
|
|
14
|
+
/**
|
|
15
|
+
* Interface for the ACL manager operations needed by the router.
|
|
16
|
+
* Extends IWriteAclService with mutation methods.
|
|
17
|
+
*/
|
|
18
|
+
export interface IWriteAclApiManager extends IWriteAclService {
|
|
19
|
+
setAcl(aclDoc: IAclDocument, adminSignature: Uint8Array, adminPublicKey: Uint8Array): Promise<string>;
|
|
20
|
+
addWriter(dbName: string, collectionName: string | undefined, writerPublicKey: Uint8Array, adminSignature: Uint8Array, adminPublicKey: Uint8Array): Promise<string>;
|
|
21
|
+
removeWriter(dbName: string, collectionName: string | undefined, writerPublicKey: Uint8Array, adminSignature: Uint8Array, adminPublicKey: Uint8Array): Promise<string>;
|
|
22
|
+
issueCapabilityToken(token: ICapabilityToken, adminSignature: Uint8Array): Promise<ICapabilityToken>;
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Factory function that creates an Express router for Write ACL management.
|
|
26
|
+
*
|
|
27
|
+
* @param aclManager - The WriteAclManager (or any IWriteAclApiManager) to delegate to
|
|
28
|
+
* @param auditLogger - Optional WriteAclAuditLogger for logging ACL events
|
|
29
|
+
* @returns An Express Router with ACL management endpoints
|
|
30
|
+
*/
|
|
31
|
+
export declare function createWriteAclApiRouter(aclManager: IWriteAclApiManager, auditLogger?: IWriteAclAuditLogger): Router;
|
|
32
|
+
//# sourceMappingURL=writeAclApiRouter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"writeAclApiRouter.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/auth/writeAclApiRouter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EACjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAqB,MAAM,EAAE,MAAM,SAAS,CAAC;AAEpD;;;GAGG;AACH,MAAM,WAAW,mBAAoB,SAAQ,gBAAgB;IAC3D,MAAM,CACJ,MAAM,EAAE,YAAY,EACpB,cAAc,EAAE,UAAU,EAC1B,cAAc,EAAE,UAAU,GACzB,OAAO,CAAC,MAAM,CAAC,CAAC;IACnB,SAAS,CACP,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,GAAG,SAAS,EAClC,eAAe,EAAE,UAAU,EAC3B,cAAc,EAAE,UAAU,EAC1B,cAAc,EAAE,UAAU,GACzB,OAAO,CAAC,MAAM,CAAC,CAAC;IACnB,YAAY,CACV,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,GAAG,SAAS,EAClC,eAAe,EAAE,UAAU,EAC3B,cAAc,EAAE,UAAU,EAC1B,cAAc,EAAE,UAAU,GACzB,OAAO,CAAC,MAAM,CAAC,CAAC;IACnB,oBAAoB,CAClB,KAAK,EAAE,gBAAgB,EACvB,cAAc,EAAE,UAAU,GACzB,OAAO,CAAC,gBAAgB,CAAC,CAAC;CAC9B;AAyCD;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,UAAU,EAAE,mBAAmB,EAC/B,WAAW,CAAC,EAAE,oBAAoB,GACjC,MAAM,CA2WR"}
|
|
@@ -0,0 +1,348 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* @fileoverview WriteAclApiRouter - Express router for Write ACL management endpoints.
|
|
4
|
+
*
|
|
5
|
+
* Provides REST API endpoints for managing Write ACLs, mounted alongside
|
|
6
|
+
* the existing `createDbRouter`. All mutating endpoints require
|
|
7
|
+
* `X-Acl-Admin-Signature` (hex-encoded ECDSA signature) and
|
|
8
|
+
* `X-Acl-Admin-PublicKey` headers from an ACL administrator.
|
|
9
|
+
*
|
|
10
|
+
* @see BrightDB Write ACLs design, WriteAclApiRouter section
|
|
11
|
+
* @see Requirements 9.1, 9.2, 9.3, 9.4, 9.5, 9.6
|
|
12
|
+
*/
|
|
13
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
|
+
exports.createWriteAclApiRouter = createWriteAclApiRouter;
|
|
15
|
+
const express_1 = require("express");
|
|
16
|
+
/**
|
|
17
|
+
* Extract and validate admin credentials from request headers.
|
|
18
|
+
* Returns the admin signature and public key as Uint8Arrays, or
|
|
19
|
+
* sends HTTP 403 and returns undefined.
|
|
20
|
+
*/
|
|
21
|
+
function extractAdminCredentials(req, res) {
|
|
22
|
+
const signatureHex = req.headers['x-acl-admin-signature'];
|
|
23
|
+
const publicKeyHex = req.headers['x-acl-admin-publickey'];
|
|
24
|
+
if (!signatureHex || !publicKeyHex) {
|
|
25
|
+
res.status(403).json({
|
|
26
|
+
error: 'Missing admin credentials',
|
|
27
|
+
message: 'X-Acl-Admin-Signature and X-Acl-Admin-PublicKey headers are required for this operation',
|
|
28
|
+
});
|
|
29
|
+
return undefined;
|
|
30
|
+
}
|
|
31
|
+
try {
|
|
32
|
+
const adminSignature = Uint8Array.from(Buffer.from(signatureHex, 'hex'));
|
|
33
|
+
const adminPublicKey = Uint8Array.from(Buffer.from(publicKeyHex, 'hex'));
|
|
34
|
+
return { adminSignature, adminPublicKey };
|
|
35
|
+
}
|
|
36
|
+
catch {
|
|
37
|
+
res.status(403).json({
|
|
38
|
+
error: 'Invalid admin credentials',
|
|
39
|
+
message: 'X-Acl-Admin-Signature and X-Acl-Admin-PublicKey must be valid hex-encoded values',
|
|
40
|
+
});
|
|
41
|
+
return undefined;
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Factory function that creates an Express router for Write ACL management.
|
|
46
|
+
*
|
|
47
|
+
* @param aclManager - The WriteAclManager (or any IWriteAclApiManager) to delegate to
|
|
48
|
+
* @param auditLogger - Optional WriteAclAuditLogger for logging ACL events
|
|
49
|
+
* @returns An Express Router with ACL management endpoints
|
|
50
|
+
*/
|
|
51
|
+
function createWriteAclApiRouter(aclManager, auditLogger) {
|
|
52
|
+
const router = (0, express_1.Router)();
|
|
53
|
+
// ─── GET endpoints: Retrieve current Write_ACL ──────────────────────
|
|
54
|
+
/** GET /acl/:dbName — Get database-level Write_ACL. @see Requirement 9.1 */
|
|
55
|
+
router.get('/acl/:dbName', (req, res) => {
|
|
56
|
+
try {
|
|
57
|
+
const dbName = req.params['dbName'];
|
|
58
|
+
const aclDoc = aclManager.getAclDocument(dbName);
|
|
59
|
+
if (!aclDoc) {
|
|
60
|
+
res.status(404).json({
|
|
61
|
+
error: 'ACL not found',
|
|
62
|
+
message: `No Write_ACL configured for database "${dbName}"`,
|
|
63
|
+
});
|
|
64
|
+
return;
|
|
65
|
+
}
|
|
66
|
+
res.json(serializeAclForResponse(aclDoc));
|
|
67
|
+
}
|
|
68
|
+
catch (error) {
|
|
69
|
+
res.status(500).json({ error: error.message });
|
|
70
|
+
}
|
|
71
|
+
});
|
|
72
|
+
/** GET /acl/:dbName/:collectionName — Get collection-level Write_ACL. @see Requirement 9.1 */
|
|
73
|
+
router.get('/acl/:dbName/:collectionName', (req, res) => {
|
|
74
|
+
try {
|
|
75
|
+
const dbName = req.params['dbName'];
|
|
76
|
+
const collectionName = req.params['collectionName'];
|
|
77
|
+
const aclDoc = aclManager.getAclDocument(dbName, collectionName);
|
|
78
|
+
if (!aclDoc) {
|
|
79
|
+
res.status(404).json({
|
|
80
|
+
error: 'ACL not found',
|
|
81
|
+
message: `No Write_ACL configured for "${dbName}/${collectionName}"`,
|
|
82
|
+
});
|
|
83
|
+
return;
|
|
84
|
+
}
|
|
85
|
+
res.json(serializeAclForResponse(aclDoc));
|
|
86
|
+
}
|
|
87
|
+
catch (error) {
|
|
88
|
+
res.status(500).json({ error: error.message });
|
|
89
|
+
}
|
|
90
|
+
});
|
|
91
|
+
// ─── PUT endpoints: Set/update Write_ACL ────────────────────────────
|
|
92
|
+
/** PUT /acl/:dbName — Set/update database-level Write_ACL. @see Requirements 9.2, 9.6 */
|
|
93
|
+
router.put('/acl/:dbName', async (req, res) => {
|
|
94
|
+
const credentials = extractAdminCredentials(req, res);
|
|
95
|
+
if (!credentials)
|
|
96
|
+
return;
|
|
97
|
+
try {
|
|
98
|
+
const dbName = req.params['dbName'];
|
|
99
|
+
const aclDoc = parseAclFromRequest(req.body, dbName);
|
|
100
|
+
const key = await aclManager.setAcl(aclDoc, credentials.adminSignature, credentials.adminPublicKey);
|
|
101
|
+
if (auditLogger) {
|
|
102
|
+
auditLogger.logAclModification(Buffer.from(credentials.adminPublicKey).toString('hex'), 'setAcl', 'database', dbName);
|
|
103
|
+
}
|
|
104
|
+
res.json({ success: true, key });
|
|
105
|
+
}
|
|
106
|
+
catch (error) {
|
|
107
|
+
handleAclError(error, res);
|
|
108
|
+
}
|
|
109
|
+
});
|
|
110
|
+
/** PUT /acl/:dbName/:collectionName — Set/update collection-level Write_ACL. @see Requirements 9.2, 9.6 */
|
|
111
|
+
router.put('/acl/:dbName/:collectionName', async (req, res) => {
|
|
112
|
+
const credentials = extractAdminCredentials(req, res);
|
|
113
|
+
if (!credentials)
|
|
114
|
+
return;
|
|
115
|
+
try {
|
|
116
|
+
const dbName = req.params['dbName'];
|
|
117
|
+
const collectionName = req.params['collectionName'];
|
|
118
|
+
const aclDoc = parseAclFromRequest(req.body, dbName, collectionName);
|
|
119
|
+
const key = await aclManager.setAcl(aclDoc, credentials.adminSignature, credentials.adminPublicKey);
|
|
120
|
+
if (auditLogger) {
|
|
121
|
+
auditLogger.logAclModification(Buffer.from(credentials.adminPublicKey).toString('hex'), 'setAcl', 'collection', dbName, collectionName);
|
|
122
|
+
}
|
|
123
|
+
res.json({ success: true, key });
|
|
124
|
+
}
|
|
125
|
+
catch (error) {
|
|
126
|
+
handleAclError(error, res);
|
|
127
|
+
}
|
|
128
|
+
});
|
|
129
|
+
// ─── POST endpoints: Add authorized writer ──────────────────────────
|
|
130
|
+
/** POST /acl/:dbName/writers — Add an Authorized_Writer (database). @see Requirements 9.3, 9.6 */
|
|
131
|
+
router.post('/acl/:dbName/writers', async (req, res) => {
|
|
132
|
+
const credentials = extractAdminCredentials(req, res);
|
|
133
|
+
if (!credentials)
|
|
134
|
+
return;
|
|
135
|
+
try {
|
|
136
|
+
const dbName = req.params['dbName'];
|
|
137
|
+
const writerPublicKeyHex = req.body?.publicKeyHex;
|
|
138
|
+
if (!writerPublicKeyHex) {
|
|
139
|
+
res
|
|
140
|
+
.status(400)
|
|
141
|
+
.json({ error: 'Missing publicKeyHex in request body' });
|
|
142
|
+
return;
|
|
143
|
+
}
|
|
144
|
+
const writerPublicKey = Uint8Array.from(Buffer.from(writerPublicKeyHex, 'hex'));
|
|
145
|
+
const key = await aclManager.addWriter(dbName, undefined, writerPublicKey, credentials.adminSignature, credentials.adminPublicKey);
|
|
146
|
+
if (auditLogger) {
|
|
147
|
+
auditLogger.logAclModification(Buffer.from(credentials.adminPublicKey).toString('hex'), 'addWriter', writerPublicKeyHex, dbName);
|
|
148
|
+
}
|
|
149
|
+
res.json({ success: true, key });
|
|
150
|
+
}
|
|
151
|
+
catch (error) {
|
|
152
|
+
handleAclError(error, res);
|
|
153
|
+
}
|
|
154
|
+
});
|
|
155
|
+
/** POST /acl/:dbName/:collectionName/writers — Add an Authorized_Writer (collection). @see Requirements 9.3, 9.6 */
|
|
156
|
+
router.post('/acl/:dbName/:collectionName/writers', async (req, res) => {
|
|
157
|
+
const credentials = extractAdminCredentials(req, res);
|
|
158
|
+
if (!credentials)
|
|
159
|
+
return;
|
|
160
|
+
try {
|
|
161
|
+
const dbName = req.params['dbName'];
|
|
162
|
+
const collectionName = req.params['collectionName'];
|
|
163
|
+
const writerPublicKeyHex = req.body?.publicKeyHex;
|
|
164
|
+
if (!writerPublicKeyHex) {
|
|
165
|
+
res
|
|
166
|
+
.status(400)
|
|
167
|
+
.json({ error: 'Missing publicKeyHex in request body' });
|
|
168
|
+
return;
|
|
169
|
+
}
|
|
170
|
+
const writerPublicKey = Uint8Array.from(Buffer.from(writerPublicKeyHex, 'hex'));
|
|
171
|
+
const key = await aclManager.addWriter(dbName, collectionName, writerPublicKey, credentials.adminSignature, credentials.adminPublicKey);
|
|
172
|
+
if (auditLogger) {
|
|
173
|
+
auditLogger.logAclModification(Buffer.from(credentials.adminPublicKey).toString('hex'), 'addWriter', writerPublicKeyHex, dbName, collectionName);
|
|
174
|
+
}
|
|
175
|
+
res.json({ success: true, key });
|
|
176
|
+
}
|
|
177
|
+
catch (error) {
|
|
178
|
+
handleAclError(error, res);
|
|
179
|
+
}
|
|
180
|
+
});
|
|
181
|
+
// ─── DELETE endpoints: Remove authorized writer ─────────────────────
|
|
182
|
+
/** DELETE /acl/:dbName/writers/:publicKeyHex — Remove an Authorized_Writer (database). @see Requirements 9.4, 9.6 */
|
|
183
|
+
router.delete('/acl/:dbName/writers/:publicKeyHex', async (req, res) => {
|
|
184
|
+
const credentials = extractAdminCredentials(req, res);
|
|
185
|
+
if (!credentials)
|
|
186
|
+
return;
|
|
187
|
+
try {
|
|
188
|
+
const dbName = req.params['dbName'];
|
|
189
|
+
const publicKeyHex = req.params['publicKeyHex'];
|
|
190
|
+
const writerPublicKey = Uint8Array.from(Buffer.from(publicKeyHex, 'hex'));
|
|
191
|
+
const key = await aclManager.removeWriter(dbName, undefined, writerPublicKey, credentials.adminSignature, credentials.adminPublicKey);
|
|
192
|
+
if (auditLogger) {
|
|
193
|
+
auditLogger.logAclModification(Buffer.from(credentials.adminPublicKey).toString('hex'), 'removeWriter', publicKeyHex, dbName);
|
|
194
|
+
}
|
|
195
|
+
res.json({ success: true, key });
|
|
196
|
+
}
|
|
197
|
+
catch (error) {
|
|
198
|
+
handleAclError(error, res);
|
|
199
|
+
}
|
|
200
|
+
});
|
|
201
|
+
/** DELETE /acl/:dbName/:collectionName/writers/:publicKeyHex — Remove an Authorized_Writer (collection). @see Requirements 9.4, 9.6 */
|
|
202
|
+
router.delete('/acl/:dbName/:collectionName/writers/:publicKeyHex', async (req, res) => {
|
|
203
|
+
const credentials = extractAdminCredentials(req, res);
|
|
204
|
+
if (!credentials)
|
|
205
|
+
return;
|
|
206
|
+
try {
|
|
207
|
+
const dbName = req.params['dbName'];
|
|
208
|
+
const collectionName = req.params['collectionName'];
|
|
209
|
+
const publicKeyHex = req.params['publicKeyHex'];
|
|
210
|
+
const writerPublicKey = Uint8Array.from(Buffer.from(publicKeyHex, 'hex'));
|
|
211
|
+
const key = await aclManager.removeWriter(dbName, collectionName, writerPublicKey, credentials.adminSignature, credentials.adminPublicKey);
|
|
212
|
+
if (auditLogger) {
|
|
213
|
+
auditLogger.logAclModification(Buffer.from(credentials.adminPublicKey).toString('hex'), 'removeWriter', publicKeyHex, dbName, collectionName);
|
|
214
|
+
}
|
|
215
|
+
res.json({ success: true, key });
|
|
216
|
+
}
|
|
217
|
+
catch (error) {
|
|
218
|
+
handleAclError(error, res);
|
|
219
|
+
}
|
|
220
|
+
});
|
|
221
|
+
// ─── POST endpoints: Issue capability token ─────────────────────────
|
|
222
|
+
/** POST /acl/:dbName/tokens — Issue a Capability_Token (database). @see Requirements 9.5, 9.6 */
|
|
223
|
+
router.post('/acl/:dbName/tokens', async (req, res) => {
|
|
224
|
+
const credentials = extractAdminCredentials(req, res);
|
|
225
|
+
if (!credentials)
|
|
226
|
+
return;
|
|
227
|
+
try {
|
|
228
|
+
const dbName = req.params['dbName'];
|
|
229
|
+
const token = parseCapabilityTokenFromRequest(req.body, dbName);
|
|
230
|
+
const issuedToken = await aclManager.issueCapabilityToken(token, credentials.adminSignature);
|
|
231
|
+
if (auditLogger) {
|
|
232
|
+
auditLogger.logCapabilityTokenIssued(Buffer.from(token.granteePublicKey).toString('hex'), token.scope, token.expiresAt, Buffer.from(credentials.adminPublicKey).toString('hex'));
|
|
233
|
+
}
|
|
234
|
+
res.json({
|
|
235
|
+
success: true,
|
|
236
|
+
token: serializeTokenForResponse(issuedToken),
|
|
237
|
+
});
|
|
238
|
+
}
|
|
239
|
+
catch (error) {
|
|
240
|
+
handleAclError(error, res);
|
|
241
|
+
}
|
|
242
|
+
});
|
|
243
|
+
/** POST /acl/:dbName/:collectionName/tokens — Issue a Capability_Token (collection). @see Requirements 9.5, 9.6 */
|
|
244
|
+
router.post('/acl/:dbName/:collectionName/tokens', async (req, res) => {
|
|
245
|
+
const credentials = extractAdminCredentials(req, res);
|
|
246
|
+
if (!credentials)
|
|
247
|
+
return;
|
|
248
|
+
try {
|
|
249
|
+
const dbName = req.params['dbName'];
|
|
250
|
+
const collectionName = req.params['collectionName'];
|
|
251
|
+
const token = parseCapabilityTokenFromRequest(req.body, dbName, collectionName);
|
|
252
|
+
const issuedToken = await aclManager.issueCapabilityToken(token, credentials.adminSignature);
|
|
253
|
+
if (auditLogger) {
|
|
254
|
+
auditLogger.logCapabilityTokenIssued(Buffer.from(token.granteePublicKey).toString('hex'), token.scope, token.expiresAt, Buffer.from(credentials.adminPublicKey).toString('hex'));
|
|
255
|
+
}
|
|
256
|
+
res.json({
|
|
257
|
+
success: true,
|
|
258
|
+
token: serializeTokenForResponse(issuedToken),
|
|
259
|
+
});
|
|
260
|
+
}
|
|
261
|
+
catch (error) {
|
|
262
|
+
handleAclError(error, res);
|
|
263
|
+
}
|
|
264
|
+
});
|
|
265
|
+
return router;
|
|
266
|
+
}
|
|
267
|
+
// ─── Helper functions ───────────────────────────────────────────────
|
|
268
|
+
/** Map known ACL error types to appropriate HTTP status codes. */
|
|
269
|
+
function handleAclError(error, res) {
|
|
270
|
+
const name = error.constructor.name;
|
|
271
|
+
if (name === 'AclAdminRequiredError' ||
|
|
272
|
+
name === 'CapabilityTokenInvalidError' ||
|
|
273
|
+
name === 'CapabilityTokenExpiredError' ||
|
|
274
|
+
name === 'AclSignatureVerificationError') {
|
|
275
|
+
res.status(403).json({ error: name, message: error.message });
|
|
276
|
+
return;
|
|
277
|
+
}
|
|
278
|
+
if (name === 'AclVersionConflictError') {
|
|
279
|
+
res.status(409).json({ error: name, message: error.message });
|
|
280
|
+
return;
|
|
281
|
+
}
|
|
282
|
+
if (name === 'LastAdministratorError' || name === 'WriterNotInPoolError') {
|
|
283
|
+
res.status(400).json({ error: name, message: error.message });
|
|
284
|
+
return;
|
|
285
|
+
}
|
|
286
|
+
res.status(500).json({ error: 'InternalError', message: error.message });
|
|
287
|
+
}
|
|
288
|
+
/** Parse an ACL document from a request body, injecting scope from URL params. */
|
|
289
|
+
function parseAclFromRequest(body, dbName, collectionName) {
|
|
290
|
+
return {
|
|
291
|
+
documentId: body['documentId'] ?? '',
|
|
292
|
+
writeMode: body['writeMode'],
|
|
293
|
+
authorizedWriters: (body['authorizedWriters'] ?? []).map((hex) => Uint8Array.from(Buffer.from(hex, 'hex'))),
|
|
294
|
+
aclAdministrators: (body['aclAdministrators'] ?? []).map((hex) => Uint8Array.from(Buffer.from(hex, 'hex'))),
|
|
295
|
+
scope: { dbName, collectionName },
|
|
296
|
+
version: body['version'] ?? 1,
|
|
297
|
+
createdAt: body['createdAt']
|
|
298
|
+
? new Date(body['createdAt'])
|
|
299
|
+
: new Date(),
|
|
300
|
+
updatedAt: body['updatedAt']
|
|
301
|
+
? new Date(body['updatedAt'])
|
|
302
|
+
: new Date(),
|
|
303
|
+
creatorPublicKey: body['creatorPublicKey']
|
|
304
|
+
? Uint8Array.from(Buffer.from(body['creatorPublicKey'], 'hex'))
|
|
305
|
+
: new Uint8Array(0),
|
|
306
|
+
creatorSignature: body['creatorSignature']
|
|
307
|
+
? Uint8Array.from(Buffer.from(body['creatorSignature'], 'hex'))
|
|
308
|
+
: new Uint8Array(0),
|
|
309
|
+
previousVersionBlockId: body['previousVersionBlockId'],
|
|
310
|
+
};
|
|
311
|
+
}
|
|
312
|
+
/** Parse a capability token from a request body, injecting scope from URL params. */
|
|
313
|
+
function parseCapabilityTokenFromRequest(body, dbName, collectionName) {
|
|
314
|
+
return {
|
|
315
|
+
granteePublicKey: Uint8Array.from(Buffer.from(body['granteePublicKey'] ?? '', 'hex')),
|
|
316
|
+
scope: { dbName, collectionName },
|
|
317
|
+
expiresAt: new Date(body['expiresAt'] ?? new Date().toISOString()),
|
|
318
|
+
grantorSignature: Uint8Array.from(Buffer.from(body['grantorSignature'] ?? '', 'hex')),
|
|
319
|
+
grantorPublicKey: Uint8Array.from(Buffer.from(body['grantorPublicKey'] ?? '', 'hex')),
|
|
320
|
+
};
|
|
321
|
+
}
|
|
322
|
+
/** Serialize an ACL document for JSON response (Uint8Array → hex strings). */
|
|
323
|
+
function serializeAclForResponse(aclDoc) {
|
|
324
|
+
return {
|
|
325
|
+
documentId: aclDoc.documentId,
|
|
326
|
+
writeMode: aclDoc.writeMode,
|
|
327
|
+
authorizedWriters: aclDoc.authorizedWriters.map((w) => Buffer.from(w).toString('hex')),
|
|
328
|
+
aclAdministrators: aclDoc.aclAdministrators.map((a) => Buffer.from(a).toString('hex')),
|
|
329
|
+
scope: aclDoc.scope,
|
|
330
|
+
version: aclDoc.version,
|
|
331
|
+
createdAt: aclDoc.createdAt.toISOString(),
|
|
332
|
+
updatedAt: aclDoc.updatedAt.toISOString(),
|
|
333
|
+
creatorPublicKey: Buffer.from(aclDoc.creatorPublicKey).toString('hex'),
|
|
334
|
+
creatorSignature: Buffer.from(aclDoc.creatorSignature).toString('hex'),
|
|
335
|
+
previousVersionBlockId: aclDoc.previousVersionBlockId,
|
|
336
|
+
};
|
|
337
|
+
}
|
|
338
|
+
/** Serialize a capability token for JSON response (Uint8Array → hex strings). */
|
|
339
|
+
function serializeTokenForResponse(token) {
|
|
340
|
+
return {
|
|
341
|
+
granteePublicKey: Buffer.from(token.granteePublicKey).toString('hex'),
|
|
342
|
+
scope: token.scope,
|
|
343
|
+
expiresAt: token.expiresAt.toISOString(),
|
|
344
|
+
grantorSignature: Buffer.from(token.grantorSignature).toString('hex'),
|
|
345
|
+
grantorPublicKey: Buffer.from(token.grantorPublicKey).toString('hex'),
|
|
346
|
+
};
|
|
347
|
+
}
|
|
348
|
+
//# sourceMappingURL=writeAclApiRouter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"writeAclApiRouter.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/auth/writeAclApiRouter.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;AAsFH,0DA8WC;AA5bD,qCAAoD;AAgCpD;;;;GAIG;AACH,SAAS,uBAAuB,CAC9B,GAAY,EACZ,GAAa;IAEb,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,CAE3C,CAAC;IACd,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,CAE3C,CAAC;IAEd,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,EAAE,CAAC;QACnC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,2BAA2B;YAClC,OAAO,EACL,yFAAyF;SAC5F,CAAC,CAAC;QACH,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;QACzE,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;QACzE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,2BAA2B;YAClC,OAAO,EACL,kFAAkF;SACrF,CAAC,CAAC;QACH,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,UAA+B,EAC/B,WAAkC;IAElC,MAAM,MAAM,GAAG,IAAA,gBAAM,GAAE,CAAC;IAExB,uEAAuE;IAEvE,4EAA4E;IAC5E,MAAM,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,GAAY,EAAE,GAAa,EAAQ,EAAE;QAC/D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAW,CAAC;YAC9C,MAAM,MAAM,GAAG,UAAU,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,eAAe;oBACtB,OAAO,EAAE,yCAAyC,MAAM,GAAG;iBAC5D,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,8FAA8F;IAC9F,MAAM,CAAC,GAAG,CACR,8BAA8B,EAC9B,CAAC,GAAY,EAAE,GAAa,EAAQ,EAAE;QACpC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAW,CAAC;YAC9C,MAAM,cAAc,GAAG,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAW,CAAC;YAC9D,MAAM,MAAM,GAAG,UAAU,CAAC,cAAc,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;YACjE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,eAAe;oBACtB,OAAO,EAAE,gCAAgC,MAAM,IAAI,cAAc,GAAG;iBACrE,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CACF,CAAC;IAEF,uEAAuE;IAEvE,yFAAyF;IACzF,MAAM,CAAC,GAAG,CACR,cAAc,EACd,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QACnD,MAAM,WAAW,GAAG,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW;YAAE,OAAO;QAEzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAW,CAAC;YAC9C,MAAM,MAAM,GAAG,mBAAmB,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACrD,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CACjC,MAAM,EACN,WAAW,CAAC,cAAc,EAC1B,WAAW,CAAC,cAAc,CAC3B,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,kBAAkB,CAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EACvD,QAAQ,EACR,UAAU,EACV,MAAM,CACP,CAAC;YACJ,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,cAAc,CAAC,KAAc,EAAE,GAAG,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CACF,CAAC;IAEF,2GAA2G;IAC3G,MAAM,CAAC,GAAG,CACR,8BAA8B,EAC9B,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QACnD,MAAM,WAAW,GAAG,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW;YAAE,OAAO;QAEzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAW,CAAC;YAC9C,MAAM,cAAc,GAAG,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAW,CAAC;YAC9D,MAAM,MAAM,GAAG,mBAAmB,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;YACrE,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CACjC,MAAM,EACN,WAAW,CAAC,cAAc,EAC1B,WAAW,CAAC,cAAc,CAC3B,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,kBAAkB,CAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EACvD,QAAQ,EACR,YAAY,EACZ,MAAM,EACN,cAAc,CACf,CAAC;YACJ,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,cAAc,CAAC,KAAc,EAAE,GAAG,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CACF,CAAC;IAEF,uEAAuE;IAEvE,kGAAkG;IAClG,MAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QACnD,MAAM,WAAW,GAAG,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW;YAAE,OAAO;QAEzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAW,CAAC;YAC9C,MAAM,kBAAkB,GAAG,GAAG,CAAC,IAAI,EAAE,YAAsB,CAAC;YAC5D,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,GAAG;qBACA,MAAM,CAAC,GAAG,CAAC;qBACX,IAAI,CAAC,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC,CAAC;gBAC3D,OAAO;YACT,CAAC;YACD,MAAM,eAAe,GAAG,UAAU,CAAC,IAAI,CACrC,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,CAAC,CACvC,CAAC;YAEF,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,SAAS,CACpC,MAAM,EACN,SAAS,EACT,eAAe,EACf,WAAW,CAAC,cAAc,EAC1B,WAAW,CAAC,cAAc,CAC3B,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,kBAAkB,CAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EACvD,WAAW,EACX,kBAAkB,EAClB,MAAM,CACP,CAAC;YACJ,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,cAAc,CAAC,KAAc,EAAE,GAAG,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CACF,CAAC;IAEF,oHAAoH;IACpH,MAAM,CAAC,IAAI,CACT,sCAAsC,EACtC,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QACnD,MAAM,WAAW,GAAG,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW;YAAE,OAAO;QAEzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAW,CAAC;YAC9C,MAAM,cAAc,GAAG,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAW,CAAC;YAC9D,MAAM,kBAAkB,GAAG,GAAG,CAAC,IAAI,EAAE,YAAsB,CAAC;YAC5D,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,GAAG;qBACA,MAAM,CAAC,GAAG,CAAC;qBACX,IAAI,CAAC,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC,CAAC;gBAC3D,OAAO;YACT,CAAC;YACD,MAAM,eAAe,GAAG,UAAU,CAAC,IAAI,CACrC,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,CAAC,CACvC,CAAC;YAEF,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,SAAS,CACpC,MAAM,EACN,cAAc,EACd,eAAe,EACf,WAAW,CAAC,cAAc,EAC1B,WAAW,CAAC,cAAc,CAC3B,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,kBAAkB,CAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EACvD,WAAW,EACX,kBAAkB,EAClB,MAAM,EACN,cAAc,CACf,CAAC;YACJ,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,cAAc,CAAC,KAAc,EAAE,GAAG,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CACF,CAAC;IAEF,uEAAuE;IAEvE,qHAAqH;IACrH,MAAM,CAAC,MAAM,CACX,oCAAoC,EACpC,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QACnD,MAAM,WAAW,GAAG,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW;YAAE,OAAO;QAEzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAW,CAAC;YAC9C,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,cAAc,CAAW,CAAC;YAC1D,MAAM,eAAe,GAAG,UAAU,CAAC,IAAI,CACrC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CACjC,CAAC;YAEF,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,YAAY,CACvC,MAAM,EACN,SAAS,EACT,eAAe,EACf,WAAW,CAAC,cAAc,EAC1B,WAAW,CAAC,cAAc,CAC3B,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,kBAAkB,CAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EACvD,cAAc,EACd,YAAY,EACZ,MAAM,CACP,CAAC;YACJ,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,cAAc,CAAC,KAAc,EAAE,GAAG,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CACF,CAAC;IAEF,uIAAuI;IACvI,MAAM,CAAC,MAAM,CACX,oDAAoD,EACpD,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QACnD,MAAM,WAAW,GAAG,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW;YAAE,OAAO;QAEzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAW,CAAC;YAC9C,MAAM,cAAc,GAAG,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAW,CAAC;YAC9D,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,cAAc,CAAW,CAAC;YAC1D,MAAM,eAAe,GAAG,UAAU,CAAC,IAAI,CACrC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CACjC,CAAC;YAEF,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,YAAY,CACvC,MAAM,EACN,cAAc,EACd,eAAe,EACf,WAAW,CAAC,cAAc,EAC1B,WAAW,CAAC,cAAc,CAC3B,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,kBAAkB,CAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EACvD,cAAc,EACd,YAAY,EACZ,MAAM,EACN,cAAc,CACf,CAAC;YACJ,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,cAAc,CAAC,KAAc,EAAE,GAAG,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CACF,CAAC;IAEF,uEAAuE;IAEvE,iGAAiG;IACjG,MAAM,CAAC,IAAI,CACT,qBAAqB,EACrB,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QACnD,MAAM,WAAW,GAAG,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW;YAAE,OAAO;QAEzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAW,CAAC;YAC9C,MAAM,KAAK,GAAG,+BAA+B,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAEhE,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,oBAAoB,CACvD,KAAK,EACL,WAAW,CAAC,cAAc,CAC3B,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,wBAAwB,CAClC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EACnD,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,SAAS,EACf,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CACxD,CAAC;YACJ,CAAC;YAED,GAAG,CAAC,IAAI,CAAC;gBACP,OAAO,EAAE,IAAI;gBACb,KAAK,EAAE,yBAAyB,CAAC,WAAW,CAAC;aAC9C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,cAAc,CAAC,KAAc,EAAE,GAAG,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CACF,CAAC;IAEF,mHAAmH;IACnH,MAAM,CAAC,IAAI,CACT,qCAAqC,EACrC,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QACnD,MAAM,WAAW,GAAG,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW;YAAE,OAAO;QAEzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAW,CAAC;YAC9C,MAAM,cAAc,GAAG,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAW,CAAC;YAC9D,MAAM,KAAK,GAAG,+BAA+B,CAC3C,GAAG,CAAC,IAAI,EACR,MAAM,EACN,cAAc,CACf,CAAC;YAEF,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,oBAAoB,CACvD,KAAK,EACL,WAAW,CAAC,cAAc,CAC3B,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,wBAAwB,CAClC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EACnD,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,SAAS,EACf,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CACxD,CAAC;YACJ,CAAC;YAED,GAAG,CAAC,IAAI,CAAC;gBACP,OAAO,EAAE,IAAI;gBACb,KAAK,EAAE,yBAAyB,CAAC,WAAW,CAAC;aAC9C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,cAAc,CAAC,KAAc,EAAE,GAAG,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CACF,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uEAAuE;AAEvE,kEAAkE;AAClE,SAAS,cAAc,CAAC,KAAY,EAAE,GAAa;IACjD,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC;IACpC,IACE,IAAI,KAAK,uBAAuB;QAChC,IAAI,KAAK,6BAA6B;QACtC,IAAI,KAAK,6BAA6B;QACtC,IAAI,KAAK,+BAA+B,EACxC,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IACD,IAAI,IAAI,KAAK,yBAAyB,EAAE,CAAC;QACvC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IACD,IAAI,IAAI,KAAK,wBAAwB,IAAI,IAAI,KAAK,sBAAsB,EAAE,CAAC;QACzE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,kFAAkF;AAClF,SAAS,mBAAmB,CAC1B,IAA6B,EAC7B,MAAc,EACd,cAAuB;IAEvB,OAAO;QACL,UAAU,EAAG,IAAI,CAAC,YAAY,CAAY,IAAI,EAAE;QAChD,SAAS,EAAE,IAAI,CAAC,WAAW,CAA8B;QACzD,iBAAiB,EAAE,CAAE,IAAI,CAAC,mBAAmB,CAAc,IAAI,EAAE,CAAC,CAAC,GAAG,CACpE,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAClD;QACD,iBAAiB,EAAE,CAAE,IAAI,CAAC,mBAAmB,CAAc,IAAI,EAAE,CAAC,CAAC,GAAG,CACpE,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAClD;QACD,KAAK,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE;QACjC,OAAO,EAAG,IAAI,CAAC,SAAS,CAAY,IAAI,CAAC;QACzC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC;YAC1B,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAW,CAAC;YACvC,CAAC,CAAC,IAAI,IAAI,EAAE;QACd,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC;YAC1B,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAW,CAAC;YACvC,CAAC,CAAC,IAAI,IAAI,EAAE;QACd,gBAAgB,EAAE,IAAI,CAAC,kBAAkB,CAAC;YACxC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAW,EAAE,KAAK,CAAC,CAAC;YACzE,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC;QACrB,gBAAgB,EAAE,IAAI,CAAC,kBAAkB,CAAC;YACxC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAW,EAAE,KAAK,CAAC,CAAC;YACzE,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC;QACrB,sBAAsB,EAAE,IAAI,CAAC,wBAAwB,CAExC;KACd,CAAC;AACJ,CAAC;AAED,qFAAqF;AACrF,SAAS,+BAA+B,CACtC,IAA6B,EAC7B,MAAc,EACd,cAAuB;IAEvB,OAAO;QACL,gBAAgB,EAAE,UAAU,CAAC,IAAI,CAC/B,MAAM,CAAC,IAAI,CAAE,IAAI,CAAC,kBAAkB,CAAY,IAAI,EAAE,EAAE,KAAK,CAAC,CAC/D;QACD,KAAK,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE;QACjC,SAAS,EAAE,IAAI,IAAI,CAChB,IAAI,CAAC,WAAW,CAAY,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAC1D;QACD,gBAAgB,EAAE,UAAU,CAAC,IAAI,CAC/B,MAAM,CAAC,IAAI,CAAE,IAAI,CAAC,kBAAkB,CAAY,IAAI,EAAE,EAAE,KAAK,CAAC,CAC/D;QACD,gBAAgB,EAAE,UAAU,CAAC,IAAI,CAC/B,MAAM,CAAC,IAAI,CAAE,IAAI,CAAC,kBAAkB,CAAY,IAAI,EAAE,EAAE,KAAK,CAAC,CAC/D;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,SAAS,uBAAuB,CAC9B,MAAoB;IAEpB,OAAO;QACL,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACpD,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAC/B;QACD,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACpD,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAC/B;QACD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE;QACzC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE;QACzC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;QACtE,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;QACtE,sBAAsB,EAAE,MAAM,CAAC,sBAAsB;KACtD,CAAC;AACJ,CAAC;AAED,iFAAiF;AACjF,SAAS,yBAAyB,CAChC,KAAuB;IAEvB,OAAO;QACL,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrE,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;QACxC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrE,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;KACtE,CAAC;AACJ,CAAC"}
|