@codefox-inc/oauth-provider 0.2.0

package/dist/component/mutations.d.ts

@@ -0,0 +1,111 @@
+/**
+ * Check if a URI is a loopback address (localhost, 127.0.0.1, ::1)
+ * RFC 8252 Section 7.3: Loopback redirect URIs with variable ports
+ */
+export declare function isLoopbackRedirectUri(uri: string): boolean;
+/**
+ * Match redirect URI with registered URIs
+ * RFC 6749 Section 3.1.2.3: Exact string matching required
+ * RFC 8252 Section 7.3: Exception for loopback URIs (variable ports allowed)
+ */
+export declare function matchRedirectUri(requested: string, registered: string[]): boolean;
+/**
+ * Issue Authorization Code
+ * RFC 7636: PKCE validation
+ * RFC 6749 Section 3.1.2.3: Redirect URI validation
+ */
+export declare const issueAuthorizationCode: import("convex/server").RegisteredMutation<"public", {
+    nonce?: string | undefined;
+    clientId: string;
+    userId: string;
+    scopes: string[];
+    redirectUri: string;
+    codeChallenge: string;
+    codeChallengeMethod: string;
+}, Promise<string>>;
+/**
+ * Validate and Consume Authorization Code
+ * Returns code data if valid, throws otherwise.
+ * Marks the code as used (not deleted) to detect replay attacks.
+ * RFC Line 1136: SHOULD revoke all tokens if code is reused.
+ * RFC Section 10.2: OAuth 2.1 - redirect_uri is OPTIONAL
+ */
+export declare const consumeAuthCode: import("convex/server").RegisteredMutation<"public", {
+    redirectUri?: string | undefined;
+    clientId: string;
+    code: string;
+    codeVerifier: string;
+}, Promise<any>>;
+/**
+ * Save Tokens
+ *
+ * Note: Tokens are stored as SHA-256 hashes for security.
+ * The original token value should be returned to the client, not stored.
+ */
+export declare const saveTokens: import("convex/server").RegisteredMutation<"public", {
+    refreshToken?: string | undefined;
+    refreshTokenExpiresAt?: number | undefined;
+    authorizationCode?: string | undefined;
+    clientId: string;
+    userId: string;
+    scopes: string[];
+    expiresAt: number;
+    accessToken: string;
+}, Promise<void>>;
+/**
+ * Rotate Refresh Token (Delete old, Insert new)
+ * RFC 4.3.3: New refresh token MUST have identical scope as the old one
+ *
+ * Note: Tokens are stored as SHA-256 hashes for security.
+ */
+export declare const rotateRefreshToken: import("convex/server").RegisteredMutation<"public", {
+    refreshToken?: string | undefined;
+    refreshTokenExpiresAt?: number | undefined;
+    clientId: string;
+    userId: string;
+    scopes: string[];
+    expiresAt: number;
+    accessToken: string;
+    oldRefreshToken: string;
+}, Promise<void>>;
+/**
+ * Delete Client
+ */
+export declare const deleteClient: import("convex/server").RegisteredMutation<"public", {
+    clientId: string;
+}, Promise<void>>;
+/**
+ * Clean up expired codes/tokens (utility)
+ * RFC Line 1136: Also cleanup used codes after retention period
+ */
+export declare const cleanupExpired: import("convex/server").RegisteredMutation<"internal", {}, Promise<{
+    deletedCodes: number;
+    deletedTokens: number;
+}>>;
+/**
+ * Create or update authorization (upsert)
+ * Called when user grants consent
+ */
+export declare const upsertAuthorization: import("convex/server").RegisteredMutation<"public", {
+    clientId: string;
+    userId: string;
+    scopes: string[];
+}, Promise<import("convex/values").GenericId<"oauthAuthorizations">>>;
+/**
+ * Update lastUsedAt when tokens are issued
+ */
+export declare const updateAuthorizationLastUsed: import("convex/server").RegisteredMutation<"public", {
+    clientId: string;
+    userId: string;
+}, Promise<void>>;
+/**
+ * Revoke authorization and delete all associated tokens
+ */
+export declare const revokeAuthorization: import("convex/server").RegisteredMutation<"public", {
+    clientId: string;
+    userId: string;
+}, Promise<{
+    authorizationDeleted: boolean;
+    tokensDeleted: number;
+}>>;
+//# sourceMappingURL=mutations.d.ts.map

package/dist/component/mutations.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mutations.d.ts","sourceRoot":"","sources":["../../src/component/mutations.ts"],"names":[],"mappings":"AAUA;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAW1D;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CA4BjF;AAMD;;;;GAIG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;mBA4DjC,CAAC;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,eAAe;;;;;gBA0G1B,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,UAAU;;;;;;;;;iBAsBrB,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;iBAmF7B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,YAAY;;iBAgBvB,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,cAAc;;;GA8BzB,CAAC;AAMH;;;GAGG;AACH,eAAO,MAAM,mBAAmB;;;;qEAmC9B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,2BAA2B;;;iBAiBtC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;GAkC9B,CAAC"}

package/dist/component/mutations.js

@@ -0,0 +1,459 @@
+import { v } from "convex/values";
+import { mutation, internalMutation } from "./_generated/server";
+import { generateCode } from "../lib/oauth.js";
+import { OAUTH_CONSTANTS } from "./constants";
+import { hashToken, isHashedToken } from "./token_security";
+// --------------------------------------------------------------------------
+// Helper Functions
+// --------------------------------------------------------------------------
+/**
+ * Check if a URI is a loopback address (localhost, 127.0.0.1, ::1)
+ * RFC 8252 Section 7.3: Loopback redirect URIs with variable ports
+ */
+export function isLoopbackRedirectUri(uri) {
+    try {
+        const parsed = new URL(uri);
+        return (parsed.hostname === "127.0.0.1" ||
+            parsed.hostname === "::1" ||
+            parsed.hostname === "localhost");
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Match redirect URI with registered URIs
+ * RFC 6749 Section 3.1.2.3: Exact string matching required
+ * RFC 8252 Section 7.3: Exception for loopback URIs (variable ports allowed)
+ */
+export function matchRedirectUri(requested, registered) {
+    // 厳密一致チェック
+    if (registered.includes(requested)) {
+        return true;
+    }
+    // localhost/127.0.0.1の可変ポート例外（RFC 8252 Section 7.3）
+    if (isLoopbackRedirectUri(requested)) {
+        try {
+            const reqUrl = new URL(requested);
+            for (const regUri of registered) {
+                if (isLoopbackRedirectUri(regUri)) {
+                    const regUrl = new URL(regUri);
+                    // ホストとパスが一致すればポート違いを許容
+                    if (reqUrl.hostname === regUrl.hostname &&
+                        reqUrl.pathname === regUrl.pathname) {
+                        return true;
+                    }
+                }
+            }
+        }
+        catch {
+            return false;
+        }
+    }
+    return false;
+}
+// --------------------------------------------------------------------------
+// Authorization Code Flow
+// --------------------------------------------------------------------------
+/**
+ * Issue Authorization Code
+ * RFC 7636: PKCE validation
+ * RFC 6749 Section 3.1.2.3: Redirect URI validation
+ */
+export const issueAuthorizationCode = mutation({
+    args: {
+        clientId: v.string(),
+        userId: v.string(), // Convex users table Id (string, passed from app)
+        scopes: v.array(v.string()),
+        redirectUri: v.string(),
+        codeChallenge: v.string(),
+        codeChallengeMethod: v.string(),
+        nonce: v.optional(v.string()),
+    },
+    handler: async (ctx, args) => {
+        // 1. PKCE検証（RFC 7636）
+        if (!args.codeChallenge || args.codeChallenge.trim() === "") {
+            throw new Error("code_challenge required");
+        }
+        if (args.codeChallengeMethod !== "S256") {
+            throw new Error("plain code_challenge_method is not supported, use S256");
+        }
+        // 2. クライアント取得
+        const client = await ctx.db
+            .query("oauthClients")
+            .withIndex("by_client_id", (q) => q.eq("clientId", args.clientId))
+            .unique();
+        if (!client) {
+            throw new Error("invalid_client");
+        }
+        // 3. リダイレクトURI検証（RFC 6749 + RFC 8252）
+        if (!matchRedirectUri(args.redirectUri, client.redirectUris)) {
+            throw new Error("redirect_uri_mismatch");
+        }
+        // 4. スコープ検証
+        const invalidScopes = args.scopes.filter((scope) => !client.allowedScopes.includes(scope));
+        if (invalidScopes.length > 0) {
+            throw new Error(`invalid_scope: ${invalidScopes.join(", ")}`);
+        }
+        // 5. Generate Code
+        const code = generateCode(OAUTH_CONSTANTS.AUTH_CODE_LENGTH);
+        // 6. Save Code (hashed for security)
+        await ctx.db.insert("oauthCodes", {
+            code: await hashToken(code),
+            clientId: args.clientId,
+            userId: args.userId,
+            scopes: args.scopes,
+            redirectUri: args.redirectUri,
+            codeChallenge: args.codeChallenge,
+            codeChallengeMethod: args.codeChallengeMethod,
+            nonce: args.nonce,
+            expiresAt: Date.now() + OAUTH_CONSTANTS.CODE_EXPIRY_MS,
+        });
+        return code;
+    },
+});
+/**
+ * Validate and Consume Authorization Code
+ * Returns code data if valid, throws otherwise.
+ * Marks the code as used (not deleted) to detect replay attacks.
+ * RFC Line 1136: SHOULD revoke all tokens if code is reused.
+ * RFC Section 10.2: OAuth 2.1 - redirect_uri is OPTIONAL
+ */
+export const consumeAuthCode = mutation({
+    args: {
+        code: v.string(),
+        clientId: v.string(),
+        redirectUri: v.optional(v.string()), // OAuth 2.1: optional
+        codeVerifier: v.string(),
+    },
+    handler: async (ctx, args) => {
+        // 1. Find Code (by hash)
+        const codeHash = await hashToken(args.code);
+        let authCode = await ctx.db
+            .query("oauthCodes")
+            .withIndex("by_code", (q) => q.eq("code", codeHash))
+            .unique();
+        // Backward compatibility: try plaintext lookup if hash lookup fails
+        if (!authCode && !isHashedToken(args.code)) {
+            authCode = await ctx.db
+                .query("oauthCodes")
+                .withIndex("by_code", (q) => q.eq("code", args.code))
+                .unique();
+        }
+        if (!authCode) {
+            throw new Error("invalid_grant");
+        }
+        // RFC Line 1136: Detect authorization code reuse (replay attack)
+        if (authCode.usedAt !== undefined) {
+            // Code was already used - this is a replay attack
+            // Revoke all tokens issued with this code
+            const tokensToRevoke = await ctx.db
+                .query("oauthTokens")
+                .withIndex("by_authorization_code", (q) => q.eq("authorizationCode", codeHash))
+                .collect();
+            for (const token of tokensToRevoke) {
+                await ctx.db.delete(token._id);
+            }
+            // Delete the code
+            await ctx.db.delete(authCode._id);
+            // Return error status (cannot throw because it would rollback token deletion)
+            return {
+                error: "authorization_code_reuse_detected",
+                revokedTokens: tokensToRevoke.length,
+            };
+        }
+        // 2. Validation
+        if (authCode.clientId !== args.clientId) {
+            throw new Error("invalid_client");
+        }
+        if (authCode.expiresAt < Date.now()) {
+            await ctx.db.delete(authCode._id);
+            throw new Error("invalid_grant");
+        }
+        // redirect_uri validation: 発行時に設定されている場合は必須
+        // RFC 6749 Section 4.1.3: redirect_uri REQUIRED if included in authorization request
+        if (authCode.redirectUri) {
+            if (!args.redirectUri) {
+                throw new Error("redirect_uri_required");
+            }
+            if (authCode.redirectUri !== args.redirectUri) {
+                throw new Error("redirect_uri_mismatch");
+            }
+        }
+        // PKCE検証（エラーメッセージ改善）
+        if (authCode.codeChallengeMethod === "S256") {
+            const encoder = new TextEncoder();
+            const data = encoder.encode(args.codeVerifier);
+            const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+            const hashArray = Array.from(new Uint8Array(hashBuffer));
+            const hashBase64 = btoa(String.fromCharCode(...hashArray))
+                .replace(/\+/g, "-")
+                .replace(/\//g, "_")
+                .replace(/=+$/, "");
+            if (hashBase64 !== authCode.codeChallenge) {
+                throw new Error("invalid_code_verifier");
+            }
+        }
+        else if (authCode.codeChallengeMethod === "plain") {
+            if (args.codeVerifier !== authCode.codeChallenge) {
+                throw new Error("invalid_code_verifier");
+            }
+        }
+        else {
+            throw new Error("unsupported_code_challenge_method");
+        }
+        // 3. Mark Code as Used (RFC Line 1136: detect replay)
+        await ctx.db.patch(authCode._id, { usedAt: Date.now() });
+        return {
+            userId: authCode.userId,
+            scopes: authCode.scopes,
+            codeChallenge: authCode.codeChallenge,
+            codeChallengeMethod: authCode.codeChallengeMethod,
+            redirectUri: authCode.redirectUri,
+            nonce: authCode.nonce,
+            codeHash, // Return code hash to link tokens
+        };
+    },
+});
+/**
+ * Save Tokens
+ *
+ * Note: Tokens are stored as SHA-256 hashes for security.
+ * The original token value should be returned to the client, not stored.
+ */
+export const saveTokens = mutation({
+    args: {
+        accessToken: v.string(),
+        refreshToken: v.optional(v.string()),
+        clientId: v.string(),
+        userId: v.string(),
+        scopes: v.array(v.string()),
+        expiresAt: v.number(),
+        refreshTokenExpiresAt: v.optional(v.number()),
+        authorizationCode: v.optional(v.string()), // Hashed code for replay detection (RFC Line 1136)
+    },
+    handler: async (ctx, args) => {
+        // Hash tokens before storing for security
+        // The original tokens are returned to the client, hashes are stored
+        await ctx.db.insert("oauthTokens", {
+            ...args,
+            accessToken: await hashToken(args.accessToken),
+            refreshToken: args.refreshToken
+                ? await hashToken(args.refreshToken)
+                : undefined,
+        });
+    },
+});
+/**
+ * Rotate Refresh Token (Delete old, Insert new)
+ * RFC 4.3.3: New refresh token MUST have identical scope as the old one
+ *
+ * Note: Tokens are stored as SHA-256 hashes for security.
+ */
+export const rotateRefreshToken = mutation({
+    args: {
+        oldRefreshToken: v.string(),
+        // New Token Data
+        accessToken: v.string(),
+        refreshToken: v.optional(v.string()),
+        clientId: v.string(),
+        userId: v.string(),
+        scopes: v.array(v.string()),
+        expiresAt: v.number(),
+        refreshTokenExpiresAt: v.optional(v.number()),
+    },
+    handler: async (ctx, args) => {
+        // Hash the old refresh token for lookup
+        const oldRefreshTokenHash = await hashToken(args.oldRefreshToken);
+        // 1. Verify Old Token Exists (lookup by hash)
+        let oldToken = await ctx.db
+            .query("oauthTokens")
+            .withIndex("by_refresh_token", (q) => q.eq("refreshToken", oldRefreshTokenHash))
+            .unique();
+        // Backward compatibility: try plaintext lookup if hash lookup fails
+        if (!oldToken && !isHashedToken(args.oldRefreshToken)) {
+            oldToken = await ctx.db
+                .query("oauthTokens")
+                .withIndex("by_refresh_token", (q) => q.eq("refreshToken", args.oldRefreshToken))
+                .unique();
+        }
+        if (!oldToken) {
+            throw new Error("invalid_grant");
+        }
+        // 2. Validate Client/User consistency
+        if (oldToken.clientId !== args.clientId || oldToken.userId !== args.userId) {
+            throw new Error("invalid_grant");
+        }
+        // 3. RFC 4.3.3: 新RTのスコープは元RTと完全一致が必須
+        // スコープの完全一致を検証（エスカレーションも縮小も不可）
+        const scopesMatch = args.scopes.length === oldToken.scopes.length &&
+            args.scopes.every((scope) => oldToken.scopes.includes(scope)) &&
+            oldToken.scopes.every((scope) => args.scopes.includes(scope));
+        if (!scopesMatch) {
+            throw new Error("scope_change_not_allowed: Refresh token scope must remain identical");
+        }
+        // 4. クライアントの許可スコープ検証
+        const client = await ctx.db
+            .query("oauthClients")
+            .withIndex("by_client_id", (q) => q.eq("clientId", args.clientId))
+            .unique();
+        if (!client) {
+            throw new Error("invalid_client");
+        }
+        const invalidScopes = args.scopes.filter((scope) => !client.allowedScopes.includes(scope));
+        if (invalidScopes.length > 0) {
+            throw new Error(`invalid_scope: ${invalidScopes.join(", ")}`);
+        }
+        // 5. Delete Old Token
+        await ctx.db.delete(oldToken._id);
+        // 6. Insert New Token (with hashed values)
+        await ctx.db.insert("oauthTokens", {
+            accessToken: await hashToken(args.accessToken),
+            refreshToken: args.refreshToken ? await hashToken(args.refreshToken) : undefined,
+            clientId: args.clientId,
+            userId: args.userId,
+            scopes: args.scopes,
+            expiresAt: args.expiresAt,
+            refreshTokenExpiresAt: args.refreshTokenExpiresAt,
+        });
+    },
+});
+/**
+ * Delete Client
+ */
+export const deleteClient = mutation({
+    args: {
+        clientId: v.string(),
+    },
+    handler: async (ctx, args) => {
+        const client = await ctx.db
+            .query("oauthClients")
+            .withIndex("by_client_id", (q) => q.eq("clientId", args.clientId))
+            .unique();
+        if (!client) {
+            throw new Error("Client not found");
+        }
+        await ctx.db.delete(client._id);
+    },
+});
+/**
+ * Clean up expired codes/tokens (utility)
+ * RFC Line 1136: Also cleanup used codes after retention period
+ */
+export const cleanupExpired = internalMutation({
+    args: {},
+    handler: async (ctx) => {
+        const now = Date.now();
+        // Cleanup expired codes (both unused and used codes past retention period)
+        const expiredCodes = await ctx.db
+            .query("oauthCodes")
+            .filter(q => q.lt(q.field("expiresAt"), now))
+            .take(100);
+        for (const code of expiredCodes) {
+            await ctx.db.delete(code._id);
+        }
+        // Cleanup expired tokens
+        const expiredTokens = await ctx.db
+            .query("oauthTokens")
+            .filter(q => q.lt(q.field("expiresAt"), now))
+            .take(100);
+        for (const token of expiredTokens) {
+            await ctx.db.delete(token._id);
+        }
+        return {
+            deletedCodes: expiredCodes.length,
+            deletedTokens: expiredTokens.length,
+        };
+    }
+});
+// --------------------------------------------------------------------------
+// Authorization Management
+// --------------------------------------------------------------------------
+/**
+ * Create or update authorization (upsert)
+ * Called when user grants consent
+ */
+export const upsertAuthorization = mutation({
+    args: {
+        userId: v.string(),
+        clientId: v.string(),
+        scopes: v.array(v.string()),
+    },
+    handler: async (ctx, args) => {
+        const existing = await ctx.db
+            .query("oauthAuthorizations")
+            .withIndex("by_user_client", (q) => q.eq("userId", args.userId).eq("clientId", args.clientId))
+            .unique();
+        const now = Date.now();
+        if (existing) {
+            // Update: merge scopes, update lastUsedAt
+            const mergedScopes = [...new Set([...existing.scopes, ...args.scopes])];
+            await ctx.db.patch(existing._id, {
+                scopes: mergedScopes,
+                lastUsedAt: now,
+            });
+            return existing._id;
+        }
+        else {
+            // Create new authorization
+            return await ctx.db.insert("oauthAuthorizations", {
+                userId: args.userId,
+                clientId: args.clientId,
+                scopes: args.scopes,
+                authorizedAt: now,
+                lastUsedAt: now,
+            });
+        }
+    },
+});
+/**
+ * Update lastUsedAt when tokens are issued
+ */
+export const updateAuthorizationLastUsed = mutation({
+    args: {
+        userId: v.string(),
+        clientId: v.string(),
+    },
+    handler: async (ctx, args) => {
+        const auth = await ctx.db
+            .query("oauthAuthorizations")
+            .withIndex("by_user_client", (q) => q.eq("userId", args.userId).eq("clientId", args.clientId))
+            .unique();
+        if (auth) {
+            await ctx.db.patch(auth._id, { lastUsedAt: Date.now() });
+        }
+    },
+});
+/**
+ * Revoke authorization and delete all associated tokens
+ */
+export const revokeAuthorization = mutation({
+    args: {
+        userId: v.string(),
+        clientId: v.string(),
+    },
+    handler: async (ctx, args) => {
+        // 1. Delete authorization record
+        const auth = await ctx.db
+            .query("oauthAuthorizations")
+            .withIndex("by_user_client", (q) => q.eq("userId", args.userId).eq("clientId", args.clientId))
+            .unique();
+        if (auth) {
+            await ctx.db.delete(auth._id);
+        }
+        // 2. Delete all tokens for this user-client pair
+        const tokens = await ctx.db
+            .query("oauthTokens")
+            .withIndex("by_user", (q) => q.eq("userId", args.userId))
+            .collect();
+        const toDelete = tokens.filter(t => t.clientId === args.clientId);
+        for (const token of toDelete) {
+            await ctx.db.delete(token._id);
+        }
+        return {
+            authorizationDeleted: !!auth,
+            tokensDeleted: toDelete.length,
+        };
+    },
+});
+//# sourceMappingURL=mutations.js.map

package/dist/component/mutations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mutations.js","sourceRoot":"","sources":["../../src/component/mutations.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAE5D,6EAA6E;AAC7E,mBAAmB;AACnB,6EAA6E;AAE7E;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,GAAW;IAC/C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,CACL,MAAM,CAAC,QAAQ,KAAK,WAAW;YAC/B,MAAM,CAAC,QAAQ,KAAK,KAAK;YACzB,MAAM,CAAC,QAAQ,KAAK,WAAW,CAChC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB,EAAE,UAAoB;IACtE,WAAW;IACX,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oDAAoD;IACpD,IAAI,qBAAqB,CAAC,SAAS,CAAC,EAAE,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;YAClC,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;gBAChC,IAAI,qBAAqB,CAAC,MAAM,CAAC,EAAE,CAAC;oBAClC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC/B,uBAAuB;oBACvB,IACE,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ;wBACnC,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EACnC,CAAC;wBACD,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,6EAA6E;AAC7E,0BAA0B;AAC1B,6EAA6E;AAE7E;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,QAAQ,CAAC;IAC3C,IAAI,EAAE;QACF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,kDAAkD;QACtE,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC3B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;QACvB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;QACzB,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE;QAC/B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KAChC;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,sBAAsB;QACtB,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,IAAI,CAAC,mBAAmB,KAAK,MAAM,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC9E,CAAC;QAED,cAAc;QACd,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,cAAc,CAAC;aACrB,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACjE,MAAM,EAAE,CAAC;QAEd,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACtC,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC7C,CAAC;QAED,YAAY;QACZ,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CACpC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CACnD,CAAC;QACF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,kBAAkB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,mBAAmB;QACnB,MAAM,IAAI,GAAG,YAAY,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;QAE5D,qCAAqC;QACrC,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,EAAE;YAC9B,IAAI,EAAE,MAAM,SAAS,CAAC,IAAI,CAAC;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;YAC7C,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC,cAAc;SACzD,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC;IAChB,CAAC;CACJ,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAC;IACpC,IAAI,EAAE;QACF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,sBAAsB;QAC3D,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;KAC3B;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,yBAAyB;QACzB,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,QAAQ,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,YAAY,CAAC;aACnB,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACnD,MAAM,EAAE,CAAC;QAEd,oEAAoE;QACpE,IAAI,CAAC,QAAQ,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,QAAQ,GAAG,MAAM,GAAG,CAAC,EAAE;iBAClB,KAAK,CAAC,YAAY,CAAC;iBACnB,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;iBACpD,MAAM,EAAE,CAAC;QAClB,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACrC,CAAC;QAED,iEAAiE;QACjE,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,kDAAkD;YAClD,0CAA0C;YAC1C,MAAM,cAAc,GAAG,MAAM,GAAG,CAAC,EAAE;iBAC9B,KAAK,CAAC,aAAa,CAAC;iBACpB,SAAS,CAAC,uBAAuB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;iBAC9E,OAAO,EAAE,CAAC;YAEf,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;gBACjC,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnC,CAAC;YAED,kBAAkB;YAClB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAElC,8EAA8E;YAC9E,OAAO;gBACH,KAAK,EAAE,mCAAmC;gBAC1C,aAAa,EAAE,cAAc,CAAC,MAAM;aAChC,CAAC;QACb,CAAC;QAED,gBAAgB;QAChB,IAAI,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACtC,CAAC;QAED,IAAI,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAClC,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACrC,CAAC;QAED,4CAA4C;QAC5C,qFAAqF;QACrF,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC7C,CAAC;YACD,IAAI,QAAQ,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC7C,CAAC;QACL,CAAC;QAED,qBAAqB;QACrB,IAAI,QAAQ,CAAC,mBAAmB,KAAK,MAAM,EAAE,CAAC;YAC1C,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC/C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC/D,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;YACzD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,CAAC;iBACrD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;iBACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;iBACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAExB,IAAI,UAAU,KAAK,QAAQ,CAAC,aAAa,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC7C,CAAC;QACL,CAAC;aAAM,IAAI,QAAQ,CAAC,mBAAmB,KAAK,OAAO,EAAE,CAAC;YAClD,IAAI,IAAI,CAAC,YAAY,KAAK,QAAQ,CAAC,aAAa,EAAE,CAAC;gBAC/C,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC7C,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACzD,CAAC;QAED,sDAAsD;QACtD,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEzD,OAAO;YACH,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,aAAa,EAAE,QAAQ,CAAC,aAAa;YACrC,mBAAmB,EAAE,QAAQ,CAAC,mBAAmB;YACjD,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,QAAQ,EAAE,kCAAkC;SAC/C,CAAC;IACN,CAAC;CACJ,CAAC,CAAC;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,QAAQ,CAAC;IAC/B,IAAI,EAAE;QACF,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;QACvB,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACpC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC3B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7C,iBAAiB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,mDAAmD;KACjG;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,0CAA0C;QAC1C,oEAAoE;QACpE,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,aAAa,EAAE;YAC/B,GAAG,IAAI;YACP,WAAW,EAAE,MAAM,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC;YAC9C,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC3B,CAAC,CAAC,MAAM,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC;gBACpC,CAAC,CAAC,SAAS;SAClB,CAAC,CAAC;IACP,CAAC;CACJ,CAAC,CAAC;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,QAAQ,CAAC;IACvC,IAAI,EAAE;QACF,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE;QAC3B,iBAAiB;QACjB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;QACvB,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACpC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC3B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KAChD;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,wCAAwC;QACxC,MAAM,mBAAmB,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAElE,8CAA8C;QAC9C,IAAI,QAAQ,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,aAAa,CAAC;aACpB,SAAS,CAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC;aAC/E,MAAM,EAAE,CAAC;QAEd,oEAAoE;QACpE,IAAI,CAAC,QAAQ,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YACpD,QAAQ,GAAG,MAAM,GAAG,CAAC,EAAE;iBAClB,KAAK,CAAC,aAAa,CAAC;iBACpB,SAAS,CAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;iBAChF,MAAM,EAAE,CAAC;QAClB,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACrC,CAAC;QAED,sCAAsC;QACtC,IAAI,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YACzE,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACrC,CAAC;QAED,qCAAqC;QACrC,+BAA+B;QAC/B,MAAM,WAAW,GACb,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,CAAC,MAAM;YAC7C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC7D,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QAElE,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACX,qEAAqE,CACxE,CAAC;QACN,CAAC;QAED,qBAAqB;QACrB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,cAAc,CAAC;aACrB,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACjE,MAAM,EAAE,CAAC;QAEd,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CACpC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CACnD,CAAC;QACF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,kBAAkB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,sBAAsB;QACtB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAElC,2CAA2C;QAC3C,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,aAAa,EAAE;YAC/B,WAAW,EAAE,MAAM,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC;YAC9C,YAAY,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS;YAChF,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,qBAAqB,EAAE,IAAI,CAAC,qBAAqB;SACpD,CAAC,CAAC;IACP,CAAC;CACJ,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,QAAQ,CAAC;IACjC,IAAI,EAAE;QACF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;KACvB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,cAAc,CAAC;aACrB,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;aACjE,MAAM,EAAE,CAAC;QAEd,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QAED,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC;CACJ,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,gBAAgB,CAAC;IAC3C,IAAI,EAAE,EAAE;IACR,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,2EAA2E;QAC3E,MAAM,YAAY,GAAG,MAAM,GAAG,CAAC,EAAE;aAC5B,KAAK,CAAC,YAAY,CAAC;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC;aAC5C,IAAI,CAAC,GAAG,CAAC,CAAC;QAEf,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;YAC9B,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;QAED,yBAAyB;QACzB,MAAM,aAAa,GAAG,MAAM,GAAG,CAAC,EAAE;aAC7B,KAAK,CAAC,aAAa,CAAC;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC;aAC5C,IAAI,CAAC,GAAG,CAAC,CAAC;QAEf,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;YAChC,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAED,OAAO;YACH,YAAY,EAAE,YAAY,CAAC,MAAM;YACjC,aAAa,EAAE,aAAa,CAAC,MAAM;SACtC,CAAC;IACN,CAAC;CACJ,CAAC,CAAC;AAEH,6EAA6E;AAC7E,2BAA2B;AAC3B,6EAA6E;AAE7E;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CAAC;IACxC,IAAI,EAAE;QACF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KAC9B;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,EAAE;aACxB,KAAK,CAAC,qBAAqB,CAAC;aAC5B,SAAS,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAAE,EAAE,CAC/B,CAAC,CAAC,EAAE,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAC5D;aACA,MAAM,EAAE,CAAC;QAEd,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,IAAI,QAAQ,EAAE,CAAC;YACX,0CAA0C;YAC1C,MAAM,YAAY,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACxE,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE;gBAC7B,MAAM,EAAE,YAAY;gBACpB,UAAU,EAAE,GAAG;aAClB,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC,GAAG,CAAC;QACxB,CAAC;aAAM,CAAC;YACJ,2BAA2B;YAC3B,OAAO,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,qBAAqB,EAAE;gBAC9C,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,YAAY,EAAE,GAAG;gBACjB,UAAU,EAAE,GAAG;aAClB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;CACJ,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,QAAQ,CAAC;IAChD,IAAI,EAAE;QACF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;KACvB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,EAAE;aACpB,KAAK,CAAC,qBAAqB,CAAC;aAC5B,SAAS,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAAE,EAAE,CAC/B,CAAC,CAAC,EAAE,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAC5D;aACA,MAAM,EAAE,CAAC;QAEd,IAAI,IAAI,EAAE,CAAC;YACP,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC7D,CAAC;IACL,CAAC;CACJ,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CAAC;IACxC,IAAI,EAAE;QACF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;KACvB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,iCAAiC;QACjC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,EAAE;aACpB,KAAK,CAAC,qBAAqB,CAAC;aAC5B,SAAS,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAAE,EAAE,CAC/B,CAAC,CAAC,EAAE,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAC5D;aACA,MAAM,EAAE,CAAC;QAEd,IAAI,IAAI,EAAE,CAAC;YACP,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;QAED,iDAAiD;QACjD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,aAAa,CAAC;aACpB,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;aACxD,OAAO,EAAE,CAAC;QAEf,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClE,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC3B,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAED,OAAO;YACH,oBAAoB,EAAE,CAAC,CAAC,IAAI;YAC5B,aAAa,EAAE,QAAQ,CAAC,MAAM;SACjC,CAAC;IACN,CAAC;CACJ,CAAC,CAAC"}