@crossauth/common 0.0.1

package/dist/interfaces.d.ts

@@ -0,0 +1,262 @@
+/**
+ * A key (eg session ID, email reset token) as stored in a database table.
+ *
+ * The fields defined here are the ones used by Crossauth.  You may add
+ * others.
+ */
+export interface Key {
+    /** The value of the keykey.
+     *
+     * In a cookie, the value part of cookiename=value; options...
+     */
+    value: string;
+    /** The date/time the key was created, in local time on the server */
+    created: Date;
+    /** The date/time the key expires */
+    expires: Date | undefined;
+    /** the user this key is for (or undefined for an anonymous session ID)
+     *
+     * It accepts the value null as usually this is the value stored in the
+     * database, rather than undefined.  Some functions need to differentiate
+     * between a null value as opposed to the value not being defined (eg for
+     * a partial update).
+     */
+    userid: string | number | undefined | null;
+    /** The date/time key was last used (eg last time a request was made
+     * with this value as a session ID)
+     */
+    lastactive?: Date;
+    /** Additional key-specific data (eg new email address for email change).
+     *
+     * While application specific, any data Crossauth puts in this field
+     * is a stringified JSON, with its own key so it can co-exist with
+     * other data.
+     */
+    data?: string;
+    /** This allows users to add additional fields, which if present in the
+     * database will be loaded into this object.
+     */
+    [key: string]: any;
+}
+/**
+ * An API key is a string that can be used in place of a username and
+ * password.  These are not automatically created, like OAuth access tokens.
+ */
+export interface ApiKey extends Key {
+    /** A name for the key, unique to the user */
+    name: string;
+}
+/**
+ * Given a key object, parses JSON data in the `data` field anmd returns
+ * it as an object
+ * @param key the key object containing the data to parse in `data`.
+ * @returns an object with the parsed JSON data.
+ */
+export declare function getJsonData(key: Key): {
+    [key: string]: any;
+};
+/**
+ * Describes a user as fetched from the user storage (eg, database table),
+ * excluding auto-generated fields such as an auto-generated ID
+ *
+ * This is extendible with additional fields - provide them to the
+ * {@link @crossauth/backend!UserStorage} class as `extraFields`.
+ *
+ * You may want to do this if you want to pass additional user data back to the
+ * caller, eg real name.
+ *
+ * The fields defined here are the ones used by Crossauth.  You may add
+ * others.
+ */
+export interface UserInputFields {
+    /** The username.  This may be an email address or anything else,
+     * application-specific.
+     */
+    username: string;
+    /**
+     * You are free to define your own states.  The ones Crossauth recognises
+     * are defined in {@link UserState}.
+     */
+    state: string;
+    /**
+     * You can optionally include an email address field in your user table.
+     * If your username is an email address, you do not need a separate field.
+     */
+    email?: string;
+    /**
+     * Whether or not the user has administrator priviledges (and can acess
+     * admin-only functions).
+     */
+    admin?: boolean;
+    /**
+     * This is included as any other fields in your user table will
+     * automatically be added to the user object if they are included in
+     * `extraFields` in {@link @crossauth/backend!UserStorage}.
+     */
+    [key: string]: any;
+}
+/**
+ * This adds ID to {@link UserInputFields}.
+ *
+ * If your `username` field is
+ * unique and immutable, you can omit ID (passing username anywhere an ID)
+ * is expected.  However, if you want users to be able to change their username,
+ * you should include ID field and make that immutable instead.
+ */
+export interface User extends UserInputFields {
+    /** ID fied, which may be auto-generated */
+    id: string | number;
+}
+/**
+ * Secrets, such as a password, are not in the User object to prevent them
+ * accidentally being leaked to the frontend.  All functions that return
+ * secrets return them in this separate object.
+ *
+ * The fields in this class are the ones that are not autogenerated by the
+ * database.
+ */
+export interface UserSecretsInputFields {
+    password?: string;
+    totpsecret?: string;
+    otp?: string;
+    expiry?: number;
+    [key: string]: any;
+}
+/**
+ * This adds the user ID toi {@link UserSecretsInputFields}.
+ */
+export interface UserSecrets extends UserSecretsInputFields {
+    userid: string | number;
+}
+/** OAuth client data as stored in a database table */
+export interface OAuthClient {
+    /** The client_id, which is auto-generated and immutable */
+    client_id: string;
+    /** Whether or not the client is confidential (and can therefore
+     * keep the client secret secret) */
+    confidential: boolean;
+    /**
+     * A user-friendly name for the client (not used as part of the OAuth
+     * API).
+     */
+    client_name: string;
+    /**
+     * Client secret, which is autogenerated.
+     *
+     * If there is no client secret, it should be set to `undefined`.
+     *
+     * This field allows `null` as well as `undefined` this is used, for
+     * example, when partially updating a client and you specifically
+     * want to set the secret to undefined, as opposed to just not wishing
+     * to change the value.  Other than that, this value is always either
+     * a string or `undefined`.
+     */
+    client_secret?: string | null;
+    /**
+     * An array of value redirect URIs for the client.
+     */
+    redirect_uri: string[];
+    /**
+     * An array of OAuth flows allowed for this client.
+     *
+     * See {@link @crossauth/common!OAuthFlows}.
+     */
+    valid_flow: string[];
+    /**
+     * ID of the user who owns this client, which may be `undefined`
+     * for not being owned by a specific user.
+     *
+     * This field allows `null` as well as `undefined` this is used, for
+     * example, when partially updating a client and you specifically
+     * want to set the user ID to undefined, as opposed to just not wishing
+     * to change the value.  Other than that, this value is always either
+     * a string or number (depending on the ID type in your user storage)
+     * or `undefined`.
+     */
+    userid?: string | number | null;
+    [key: string]: any;
+}
+/**
+ * Although the `state` field in {@link User} can be any string, these
+ * are the values recognised and used by Crossauth.
+ */
+export declare class UserState {
+    /** Ordinary, active user who can log in freely */
+    static readonly active = "active";
+    /** Deactivated account.  User cannot log in */
+    static readonly disabled = "disabled";
+    /** Two factor authentication has been actived for this user
+     * but has not yet been configured.  Once a user logs in,
+     * they will be directed to a page to configure 2FA and will
+     * not be able to do anything else (that requires login) until
+     * they have done so.
+     */
+    static readonly awaitingTwoFactorSetup = "awaitingtwofactorsetup";
+    /** Email verification has been turned on but user has not
+     * verified his or her email address.  Cannot log on until it has
+     * been verified.
+     */
+    static readonly awaitingEmailVerification = "awaitingemailverification";
+    /**
+     * If the state is set to this, the user may not access any
+     * login-required functions unless he or she has changed their password.
+     *
+     * Upon login, the user is redirected to the change password page.
+     */
+    static readonly passwordChangeNeeded = "passwordchangeneeded";
+    /**
+     * If the state is set to this, the user may not access any
+     * login-required functions unless he or she has reset their password.
+     *
+     * Upon login, the user is redirected to the reset password page.
+     */
+    static readonly passwordResetNeeded = "passwordresetneeded";
+    /**
+     * If the state is set to this, the user may not access any
+     * login-required functions unless he or she has reset their second
+     * factor configuration.
+     *
+     * Upon login, the user is redirected to the 2FA configuration page.
+     *
+     * If you create a user and 2FA is mandatory, you can set state to
+     * this value and the user will then be prompted to configure 2FA
+     * upon login.
+     */
+    static readonly factor2ResetNeeded = "factor2resetneeded";
+    /**
+     * If the state is set to this, the user may not access any
+     * login-required functions unless he or she has reset their password
+     * and then resets factor2.
+     *
+     * Upon login, the user is redirected to the reset password page.
+     */
+    static readonly passwordAndFactor2ResetNeeded = "passwordandfactor2resetneeded";
+}
+/**
+ * You can have one key table for everything or separate key tables for
+ * different types of keys.  So that different types of keys can
+ * coexist, their values are prefixed by these strings
+ */
+export declare class KeyPrefix {
+    /** Session ID */
+    static readonly session = "s:";
+    /** Password Reset Token */
+    static readonly passwordResetToken = "p:";
+    /** Email verification token */
+    static readonly emailVerificationToken = "e:";
+    /** API key */
+    static readonly apiKey = "api:";
+    /** OAuth authorization code */
+    static readonly authorizationCode = "authz:";
+    /** OAuth access token */
+    static readonly accessToken = "access:";
+    /** OAuth refresh token */
+    static readonly refreshToken = "refresh:";
+    /** OAuth MFA key (used by the password MFA flow) */
+    static readonly mfaToken = "omfa:";
+    /** Device code device code */
+    static readonly deviceCode = "dc:";
+    /** Device code flow user code */
+    static readonly userCode = "uc:";
+}
+//# sourceMappingURL=interfaces.d.ts.map

package/dist/interfaces.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../src/interfaces.ts"],"names":[],"mappings":"AACA;;;;;GAKG;AACH,MAAM,WAAW,GAAG;IAEhB;;;OAGG;IACH,KAAK,EAAG,MAAM,CAAC;IAEf,qEAAqE;IACrE,OAAO,EAAG,IAAI,CAAC;IAEf,oCAAoC;IACpC,OAAO,EAAG,IAAI,GAAG,SAAS,CAAC;IAE3B;;;;;;OAMG;IACH,MAAM,EAAG,MAAM,GAAG,MAAM,GAAG,SAAS,GAAG,IAAI,CAAC;IAE5C;;OAEG;IACH,UAAU,CAAC,EAAG,IAAI,CAAC;IAEnB;;;;;OAKG;IACH,IAAI,CAAC,EAAG,MAAM,CAAC;IAEf;;OAEG;IACH,CAAE,GAAG,EAAG,MAAM,GAAK,GAAG,CAAC;CAE1B;AAED;;;GAGG;AACH,MAAM,WAAW,MAAO,SAAQ,GAAG;IAE/B,6CAA6C;IAC7C,IAAI,EAAG,MAAM,CAAC;CACjB;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAG,GAAG,GAAI;IAAC,CAAC,GAAG,EAAC,MAAM,GAAE,GAAG,CAAA;CAAC,CAO1D;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,eAAe;IAE5B;;OAEG;IACH,QAAQ,EAAG,MAAM,CAAC;IAElB;;;OAGG;IACH,KAAK,EAAG,MAAM,CAAC;IAEf;;;OAGG;IACH,KAAK,CAAC,EAAG,MAAM,CAAC;IAEhB;;;OAGG;IACH,KAAK,CAAC,EAAG,OAAO,CAAC;IAEjB;;;;OAIG;IACH,CAAE,GAAG,EAAG,MAAM,GAAK,GAAG,CAAC;CAC1B;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,IAAK,SAAQ,eAAe;IAEzC,2CAA2C;IAC3C,EAAE,EAAG,MAAM,GAAG,MAAM,CAAC;CACxB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,sBAAsB;IACnC,QAAQ,CAAC,EAAG,MAAM,CAAC;IACnB,UAAU,CAAC,EAAG,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,CAAC,GAAG,EAAC,MAAM,GAAI,GAAG,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,WAAY,SAAQ,sBAAsB;IACvD,MAAM,EAAG,MAAM,GAAC,MAAM,CAAC;CAC1B;AAED,sDAAsD;AACtD,MAAM,WAAW,WAAW;IAExB,2DAA2D;IAC3D,SAAS,EAAG,MAAM,CAAC;IAEnB;wCACoC;IACpC,YAAY,EAAG,OAAO,CAAC;IAEvB;;;OAGG;IACH,WAAW,EAAG,MAAM,CAAC;IAErB;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAG,MAAM,GAAC,IAAI,CAAC;IAE7B;;OAEG;IACH,YAAY,EAAG,MAAM,EAAE,CAAC;IAExB;;;;OAIG;IACH,UAAU,EAAG,MAAM,EAAE,CAAC;IAGtB;;;;;;;;;;OAUG;IACH,MAAM,CAAC,EAAG,MAAM,GAAC,MAAM,GAAC,IAAI,CAAC;IAC7B,CAAE,GAAG,EAAG,MAAM,GAAK,GAAG,CAAC;CAC1B;AAED;;;GAGG;AACH,qBAAa,SAAS;IAElB,kDAAkD;IAClD,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY;IAElC,+CAA+C;IAC/C,MAAM,CAAC,QAAQ,CAAC,QAAQ,cAAc;IAEtC;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,sBAAsB,4BAA4B;IAElE;;;OAGG;IACH,MAAM,CAAC,QAAQ,CAAC,yBAAyB,+BAA+B;IAExE;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,oBAAoB,0BAA0B;IAE9D;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,mBAAmB,yBAAyB;IAE5D;;;;;;;;;;OAUG;IACH,MAAM,CAAC,QAAQ,CAAC,kBAAkB,wBAAwB;IAE1D;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,6BAA6B,mCAAmC;CACnF;AAED;;;;GAIG;AACH,qBAAa,SAAS;IAElB,iBAAiB;IACjB,MAAM,CAAC,QAAQ,CAAC,OAAO,QAAO;IAE9B,2BAA2B;IAC3B,MAAM,CAAC,QAAQ,CAAC,kBAAkB,QAAO;IAEzC,+BAA+B;IAC/B,MAAM,CAAC,QAAQ,CAAC,sBAAsB,QAAO;IAE7C,cAAc;IACd,MAAM,CAAC,QAAQ,CAAC,MAAM,UAAS;IAE/B,+BAA+B;IAC/B,MAAM,CAAC,QAAQ,CAAC,iBAAiB,YAAY;IAE7C,yBAAyB;IACzB,MAAM,CAAC,QAAQ,CAAC,WAAW,aAAa;IAExC,0BAA0B;IAC1B,MAAM,CAAC,QAAQ,CAAC,YAAY,cAAc;IAE1C,oDAAoD;IACpD,MAAM,CAAC,QAAQ,CAAC,QAAQ,WAAW;IAEnC,8BAA8B;IAC9B,MAAM,CAAC,QAAQ,CAAC,UAAU,SAAQ;IAElC,iCAAiC;IACjC,MAAM,CAAC,QAAQ,CAAC,QAAQ,SAAQ;CACnC"}

package/dist/jwt.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Encapsulates the payload of a JWT, with both the token and
+ * decoded JSON payload.
+ */
+export declare class JWT {
+    /** The string representation of the JWT */
+    token: string | undefined;
+    /** The decoded payload from the token */
+    payload: {
+        [key: string]: any;
+    };
+    /**
+     * Constructor.  Pass either `token` or `payload`.
+     * @param token the string JWT token - the payload will be parsed from it
+     * @param payload the JSON payload.  The payload will be set but not
+     *        the string `token`.
+     */
+    constructor({ token, payload }: {
+        token?: string;
+        payload?: {
+            [key: string]: any;
+        };
+    });
+}
+//# sourceMappingURL=jwt.d.ts.map

package/dist/jwt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,qBAAa,GAAG;IAEZ,2CAA2C;IAC3C,KAAK,EAAG,MAAM,GAAC,SAAS,CAAC;IAEzB,yCAAyC;IACzC,OAAO,EAAG;QAAC,CAAC,GAAG,EAAC,MAAM,GAAG,GAAG,CAAA;KAAC,CAAC;IAE9B;;;;;OAKG;gBACS,EAAC,KAAK,EAAE,OAAO,EAAC,EAAG;QAC3B,KAAK,CAAC,EAAG,MAAM,CAAC;QAChB,OAAO,CAAC,EAAG;YAAC,CAAC,GAAG,EAAC,MAAM,GAAG,GAAG,CAAA;SAAC,CAAC;KAClC;CAoBJ"}

package/dist/logger.d.ts

@@ -0,0 +1,148 @@
+/**
+ * You can implement your own logger.  Crossauth only needs these functions
+ * and variables to be present.
+ */
+export interface CrossauthLoggerInterface {
+    error(output: any): void;
+    warn(output: any): void;
+    info(output: any): void;
+    debug(output: any): void;
+    level?: number | string;
+}
+/**
+ *
+ * A very simple logging class with no dependencies.
+ *
+ * Logs to console.
+ *
+ * The logging API is designed so that you can replace this with other common loggers, eg Pino.
+ * To change it, use the global {@link setLogger} function.  This has a parameter to tell
+ * Crossauth whether your logger accepts JSON input or not.
+ *
+ * When writing logs, we use the helper function {@link j} to send JSON to the logger if it is
+ * supprted, and a stringified JSON otherwise.
+ *
+ * <b>Crossauth logs<b>
+ *
+ * All Crossauth log messages are JSON (or stringified JSON, depending on whether the logger supports
+ * JSON input - this one does).  The following fields may be present depending on context
+ * (`msg` is always present):
+ *
+ * - `msg` : main contents of the log
+ * - `err` : an error object.  If a subclass of Error, it wil contain at least `message` and
+ *           a stack trace in `stack`.  If the error is of type{@link @crossauth/common!CrossauthError}
+ *           it also will also contain `code` and `httpStatus`.
+ * - `hashedSessionCookie` : for security reasons, session cookies are not included in logs.
+ *                           However, so that errors can be correlated with each other, a hash
+ *                           of it is included in errors originating from a session.
+ * - `hashedCsrfCookie`    : for security reasons, csrf cookies are not included in logs.
+ *                           However, so that errors can be correlated with each other, a hash
+ *                           of it is included in errors originating from a session.
+ * - `user` : username
+ * - `emailMessageId` : internal id of any email that is sent
+ * - `email` : email address
+ * - `userid` : sometimes provided in addition to username, or when username not available
+ * - `hahedApiKey` : a hash of an API key.  The unhashed version is not logged for security,
+ *                   but a hash of it is logged for correlation purposes.
+ * - `header`      : an HTTP header that relates to an error (eg `Authorization`), only if
+ *                   it is non-secret or invalid
+ * - `accessTokenHash` : hash of the JTI of an access token.  For security reasons, the
+ *                       unhashed version is not logged.
+ * - `method`: request method (GET, PUT etc)
+ * - `url` : relevant URL
+ * - `ip`  : relevant IP address
+ * - `scope` : OAuth scope
+ * - `errorCode` : Crossauth error code
+ * - `errorCodeName` : String version of Crossauth error code
+ * - `httpStatus` : HTTP status that will be returned
+ * - `port` port service is running on (only for starting a service)
+ * - `prefix` prefix for endpoints (only when starting a service)
+ * - `authorized` whether or not a valid OAuth access token was provided
+ *
+ */
+export declare class CrossauthLogger {
+    /** Don't log anything */
+    static readonly None = 0;
+    /** Only log errors */
+    static readonly Error = 1;
+    /** Log errors and warning */
+    static readonly Warn = 2;
+    /** Log errors, warnings and info messages */
+    static readonly Info = 3;
+    /** Log everything */
+    static readonly Debug = 4;
+    /**
+     * Return the singleton instance of the logger.
+     * @returns the logger
+     */
+    static get logger(): CrossauthLoggerInterface;
+    /** the log level. This can be set dynamically */
+    level: 0 | 1 | 2 | 3 | 4;
+    static levelName: string[];
+    /**
+     * Create a logger with the given level
+     * @param level the level to report to
+     */
+    constructor(level?: 0 | 1 | 2 | 3 | 4);
+    setLevel(level: 0 | 1 | 2 | 3 | 4): void;
+    private log;
+    /**
+     * Report an error
+     * @param output object to output
+     */
+    error(output: any): void;
+    /**
+     * Report an warning
+     * @param output object to output
+     */
+    warn(output: any): void;
+    /**
+     * Report information
+     * @param output object to output
+     */
+    info(output: any): void;
+    /**
+     * Print a debugging message
+     * @param output object to output
+     */
+    debug(output: any): void;
+    /**
+     * Override the default logger.
+     *
+     * The only requirement is that the logger has the functions `error()`, `warn()`, `info()` and `debug()`.
+     * These functions must accept either an object or a string.  If they can only accept a string,
+     * set `acceptsJson` to false.
+     *
+     * @param logger a new logger instance of any supported class
+     * @param acceptsJson set this to false if the logger can only take strings.
+     */
+    static setLogger(logger: CrossauthLoggerInterface, acceptsJson: boolean): void;
+}
+/**
+ * This is a helper function to allow you to use logger that either do or
+ * do not accept.
+ *
+ * If your logger does accept JSON (as defined in
+ * `globalThis.crossauthLoggerAcceptsJson`), this will return the object
+ * that was passed, including the stack trace in `stack` if the object
+ * passed in `err` is an exception.  Otherwise, it returns a stringified
+ * version.
+ *
+ * All Crossauth error calls are made with this helper.
+ *
+ * @param arg put the key/value pairs you want to log in here.  `err` will
+ *        be treated as an `Error` instance if it is one, and a stack trace
+ *        will be placed in `stack`.
+ * @returns either an object or a stringified JSON, depending on
+ *          `globalThis.crossauthLoggerAcceptsJson`.
+ */
+export declare function j(arg: {
+    [key: string]: any;
+} | string): string | {
+    [key: string]: any;
+};
+declare global {
+    var crossauthLogger: CrossauthLoggerInterface;
+    var crossauthLoggerAcceptsJson: boolean;
+}
+//# sourceMappingURL=logger.d.ts.map

package/dist/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AACA;;;GAGG;AACH,MAAM,WAAW,wBAAwB;IACrC,KAAK,CAAC,MAAM,EAAE,GAAG,GAAI,IAAI,CAAC;IAC1B,IAAI,CAAC,MAAM,EAAE,GAAG,GAAI,IAAI,CAAC;IACzB,IAAI,CAAC,MAAM,EAAE,GAAG,GAAI,IAAI,CAAC;IACzB,KAAK,CAAC,MAAM,EAAE,GAAG,GAAI,IAAI,CAAC;IAC1B,KAAK,CAAC,EAAG,MAAM,GAAC,MAAM,CAAC;CAC1B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AACH,qBAAa,eAAe;IAGxB,yBAAyB;IACzB,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK;IAEzB,sBAAsB;IACtB,MAAM,CAAC,QAAQ,CAAC,KAAK,KAAK;IAE1B,6BAA6B;IAC7B,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK;IAEzB,6CAA6C;IAC7C,MAAM,CAAE,QAAQ,CAAC,IAAI,KAAK;IAE1B,qBAAqB;IACrB,MAAM,CAAC,QAAQ,CAAC,KAAK,KAAK;IAE1B;;;OAGG;IACH,MAAM,KAAK,MAAM,IAAK,wBAAwB,CAM7C;IAED,iDAAiD;IACjD,KAAK,EAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC1B,MAAM,CAAC,SAAS,WAA8C;IAE9D;;;OAGG;gBACS,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;IAerC,QAAQ,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;IAIjC,OAAO,CAAC,GAAG;IAUX;;;OAGG;IACH,KAAK,CAAC,MAAM,EAAE,GAAG;IAIjB;;;OAGG;IACH,IAAI,CAAC,MAAM,EAAE,GAAG;IAIhB;;;OAGG;IACH,IAAI,CAAC,MAAM,EAAE,GAAG;IAIhB;;;OAGG;IACH,KAAK,CAAC,MAAM,EAAE,GAAG;IAIjB;;;;;;;;;OASG;IACH,MAAM,CAAC,SAAS,CAAC,MAAM,EAAG,wBAAwB,EAAE,WAAW,EAAG,OAAO;CAI5E;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,CAAC,CAAC,GAAG,EAAG;IAAC,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CAAC,GAAC,MAAM,GAAI,MAAM,GAAC;IAAC,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CAAC,CAUjF;AAED,OAAO,CAAC,MAAM,CAAC;IACX,IAAI,eAAe,EAAG,wBAAwB,CAAC;IAC/C,IAAI,0BAA0B,EAAG,OAAO,CAAC;CAC5C"}