@culturefy/shared 1.0.32 → 1.0.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/build/cjs/middlewares/token-validation.js +4 -2
  2. package/build/cjs/middlewares/token-validation.js.map +1 -1
  3. package/build/cjs/models/user.model.js +272 -366
  4. package/build/cjs/models/user.model.js.map +1 -1
  5. package/build/cjs/service/user.service.js +89 -84
  6. package/build/cjs/service/user.service.js.map +1 -1
  7. package/build/esm/middlewares/token-validation.js +4 -2
  8. package/build/esm/middlewares/token-validation.js.map +1 -1
  9. package/build/esm/models/user.model.js +272 -366
  10. package/build/esm/models/user.model.js.map +1 -1
  11. package/build/esm/service/user.service.js +89 -85
  12. package/build/esm/service/user.service.js.map +1 -1
  13. package/build/src/middlewares/token-validation.js +4 -2
  14. package/build/src/middlewares/token-validation.js.map +1 -1
  15. package/build/src/models/user.model.d.ts +0 -5
  16. package/build/src/models/user.model.js +266 -263
  17. package/build/src/models/user.model.js.map +1 -1
  18. package/build/src/service/user.service.d.ts +0 -6
  19. package/build/src/service/user.service.js +1 -107
  20. package/build/src/service/user.service.js.map +1 -1
  21. package/package.json +1 -1
  22. package/src/middlewares/token-validation.ts +4 -2
  23. package/src/models/user.model.ts +265 -265
  24. package/src/service/user.service.ts +79 -77
package/build/cjs/middlewares/token-validation.js CHANGED
@@ -389,7 +389,8 @@ async function validateUserByRealm(realm, email, context) {
389
389
  let user = null;
390
390
  context.log("Getting user by realm:", realm);
391
391
  try {
392
- user = await userService.getUserByBusinessId(realm, email);
392
+ // user = await userService.getUserByBusinessId(realm, email);
393
+ user = '';
393
394
  } catch (err) {
394
395
  context.error(`Failed to get user by realm:`, err);
395
396
  return {
@@ -423,7 +424,8 @@ async function validateUserByEmail(email, context) {
423
424
  let user = null;
424
425
  context.log("Getting user by email:", email);
425
426
  try {
426
- user = await userService.getUserByEmail(email);
427
+ // user = await userService.getUserByEmail(email);
428
+ user = '';
427
429
  } catch (err) {
428
430
  context.error(`Failed to get user by email:`, err);
429
431
  return {
package/build/cjs/middlewares/token-validation.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"token-validation.js","names":["_enums","require","_user","_keycloak","_utils","tokenValidation","request","domain","context","cookies","parseCookies","accessToken","refreshToken","expiresIn","refreshExpiresIn","status","message","keycloakService","initializeKeycloakService","validateToken","success","expired","data","userId","clientId","realm","email","log","JSON","stringify","refreshTokenResponse","handleTokenRefresh","refreshTokenData","access_token","refresh_token","expires_in","refresh_expires_in","verifyFromDb","userInfo","introspectionValid","validateTokenIntrospection","getUserByToken","validateUserByEmail","validateUserByRealm","user","businessId","toString","updatedCookies","error","keycloakBaseUrl","keycloakAdminClientId","keycloakAdminClientSecret","Promise","all","getAzureVaultSecretByKey","process","env","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","KEYCLOAK_BASE_URL","KEYCLOAK_ADMIN_CLIENT_ID","KEYCLOAK_ADMIN_CLIENT_SECRET","KeycloakAdminService","baseUrl","adminClientId","adminClientSecret","currentTime","Math","floor","Date","now","decoded","verifyJsonWebToken","iat","exp","sub","azp","iss","split","length","info","refreshTokenDecoded","refreshIss","refreshIat","refreshExp","refreshUserId","refreshClientId","refreshEmail","newToken","newTokenDecoded","newIat","newExp","newUserId","newClientId","newIss","newEmail","authDbUrl","DB_CONNECTING_STRING_USER","userService","UserService","getUserByBusinessId","err","disconnect","getUserByEmail","token","introspection","introspectToken","active","warn","_error$message","_error$message2","_error$message3","includes"],"sources":["../../../src/middlewares/token-validation.ts"],"sourcesContent":["\nimport IUser from \"../models/user.model\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { UserService } from \"../service/user.service\";\nimport { HttpRequest, InvocationContext } from \"@azure/functions\";\nimport { KeycloakAdminService } from \"../service/keycloak.service\";\nimport { getAzureVaultSecretByKey, parseCookies, verifyJsonWebToken } from \"../utils\";\n\ninterface TokenValidationResult {\n status: boolean;\n message: string;\n data?: {\n cookies: {\n access_token: string;\n refresh_token: string;\n expires_in?: number;\n refresh_expires_in?: number;\n };\n user: IUser;\n };\n}\n\ninterface TokenClaims {\n iat?: number;\n exp?: number;\n sub: string;\n azp: string;\n iss: string;\n email: string;\n}\n\nexport async function tokenValidation(request: HttpRequest, domain: string, context: InvocationContext): Promise<TokenValidationResult> {\n try {\n let cookies = parseCookies(request, context);\n let accessToken = cookies[\"culturefy-auth-token\"];\n let refreshToken = cookies[\"culturefy-refresh-token\"];\n\n let expiresIn, refreshExpiresIn;\n\n if (!accessToken) return { status: false, message: \"Access token is required\" };\n\n const keycloakService = await initializeKeycloakService(context);\n\n const tokenValidation = await validateToken(accessToken, context);\n\n if (!tokenValidation.success) {\n if (tokenValidation.expired) {\n const { data } = tokenValidation;\n if (!data) return { status: false, message: \"Invalid access token.\" };\n\n let { userId, clientId, realm, email } = data;\n\n if (!clientId) return { status: false, message: \"Invalid access token provided\" };\n if (!userId) return { status: false, message: \"Invalid access token provided\" };\n if (!realm) return { status: false, message: \"Invalid access token provided\" };\n\n context.log(\"Refreshing token for user:\", JSON.stringify({ userId, clientId, realm, email }));\n\n const refreshTokenResponse = await handleTokenRefresh(keycloakService, refreshToken, userId, clientId, realm, email, domain, context);\n if (!refreshTokenResponse.success) return { status: false, message: refreshTokenResponse.message };\n\n const { data: refreshTokenData } = refreshTokenResponse;\n if (!refreshTokenData) return { status: false, message: \"Invalid refresh token.\" };\n \n context.log(\"Refreshed token for user:\", JSON.stringify({ userId, clientId, realm, email }));\n\n accessToken = refreshTokenData.access_token;\n refreshToken = refreshTokenData.refresh_token;\n expiresIn = refreshTokenData.expires_in;\n refreshExpiresIn = refreshTokenData.refresh_expires_in;\n\n } else {\n return { status: false, message: tokenValidation.message };\n }\n }\n\n const { data } = tokenValidation;\n\n if (!data) return { status: false, message: \"Invalid access token.\" };\n\n let { userId, clientId, realm, email } = data;\n\n if (!clientId) return { status: false, message: \"Invalid access token provided\" };\n if (!userId) return { status: false, message: \"Invalid access token provided\" };\n if (!realm) return { status: false, message: \"Invalid access token provided\" };\n if (!email) return { status: false, message: \"Invalid access token provided\" };\n\n context.log(\"Validating user:\", JSON.stringify({ userId, clientId, realm, email }));\n\n let verifyFromDb;\n let userInfo;\n\n if(domain === \"accounts.culturefy.app\") {\n const introspectionValid = await validateTokenIntrospection(\n keycloakService,\n accessToken,\n realm,\n clientId,\n domain,\n context\n );\n \n if (!introspectionValid) return { status: false, message: \"Token introspection failed\" };\n context.log(\"Token introspection successful\");\n \n realm = \"superadmin\";\n clientId = \"cfy-superadmin-web\";\n \n userInfo = await keycloakService.getUserByToken(realm, accessToken);\n context.log(\"User info-1:\", JSON.stringify(userInfo));\n\n if(!userInfo.email) return { status: false, message: \"User email not found\" };\n if(userInfo.email !== email) return { status: false, message: \"User email does not match\" };\n email = userInfo.email;\n verifyFromDb = await validateUserByEmail(email, context);\n if (!verifyFromDb.success) return { status: false, message: verifyFromDb.message };\n } else {\n clientId = \"cfy-web\";\n verifyFromDb = await validateUserByRealm(realm, email, context);\n }\n\n if (!verifyFromDb.success) return { status: false, message: verifyFromDb.message };\n\n const user = verifyFromDb.user;\n\n if (!user) return { status: false, message: \"User not found.\" };\n context.log(\"User:\", JSON.stringify(user));\n\n const introspectionValid = await validateTokenIntrospection(\n keycloakService,\n accessToken,\n realm,\n clientId,\n domain,\n context\n );\n\n if (!introspectionValid) return { status: false, message: \"Token introspection failed\" };\n context.log(\"Token introspection successful\");\n\n if (domain === \"accounts.culturefy.app\") {\n realm = \"superadmin\";\n clientId = \"cfy-superadmin-web\";\n } else {\n if(!user.businessId) return { status: false, message: \"User not found\" };\n realm = user.businessId.toString();\n clientId = \"cfy-web\";\n }\n\n if(!userInfo) {\n userInfo = await keycloakService.getUserByToken(realm, accessToken);\n context.log(\"User info-2:\", JSON.stringify(userInfo));\n }\n\n if(!userInfo) return { status: false, message: \"User info not found\" };\n\n let updatedCookies: {\n access_token: string;\n refresh_token: string;\n expires_in?: number;\n refresh_expires_in?: number;\n } = {\n access_token: accessToken,\n refresh_token: refreshToken,\n };\n\n if(expiresIn) updatedCookies.expires_in = expiresIn;\n if(refreshExpiresIn) updatedCookies.refresh_expires_in = refreshExpiresIn;\n\n return {\n status: true,\n message: \"Token is valid\",\n data: {\n cookies: updatedCookies,\n user: user\n }\n };\n\n } catch (error) {\n context.error(\"Culturefy token validation error:\", error);\n return { status: false, message: \"Internal server error during culturefy token validation\" };\n }\n}\n\nasync function initializeKeycloakService(context: InvocationContext): Promise<KeycloakAdminService> {\n const [keycloakBaseUrl, keycloakAdminClientId, keycloakAdminClientSecret] = await Promise.all([\n getAzureVaultSecretByKey(\n context,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.KEYCLOAK_BASE_URL\n ),\n getAzureVaultSecretByKey(\n context,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.KEYCLOAK_ADMIN_CLIENT_ID\n ),\n getAzureVaultSecretByKey(\n context,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.KEYCLOAK_ADMIN_CLIENT_SECRET\n )\n ]);\n\n return new KeycloakAdminService(context, {\n baseUrl: keycloakBaseUrl as string,\n adminClientId: keycloakAdminClientId as string,\n adminClientSecret: keycloakAdminClientSecret as string\n });\n}\n\nasync function validateToken(\n accessToken: string,\n context: InvocationContext\n): Promise<{\n success: boolean;\n message: string;\n expired?: boolean;\n data?: {\n userId: string;\n clientId: string;\n realm: string;\n email: string;\n };\n}> {\n const currentTime = Math.floor(Date.now() / 1000);\n\n const decoded = verifyJsonWebToken(accessToken);\n\n if (!decoded) return { success: false, message: \"Invalid access token format\" };\n\n let { iat, exp, sub: userId, azp: clientId, iss, email } = decoded as TokenClaims;\n \n if (!userId || !clientId || !iss) return { success: false, message: \"Access token missing required claims (sub or azp or iss)\" };\n context.log(\"Access token claims:\", JSON.stringify(decoded));\n \n let realm = iss.split(\"/\")[iss.split(\"/\").length - 1];\n if(!realm) return { success: false, message: \"Access token missing required claims (iss)\" };\n\n if (exp && exp < currentTime) return { success: false, message: \"Access token expired and refresh token not provided\", expired: true, data: { userId, clientId, realm, email } };\n \n if (iat && iat > currentTime) return { success: false, message: \"Invalid token issuance time\" };\n\n return {\n success: true,\n message: \"Token is valid\",\n data: { userId, clientId, realm, email }\n };\n}\n\nasync function handleTokenRefresh(\n keycloakService: KeycloakAdminService,\n refreshToken: string,\n userId: string,\n clientId: string,\n realm: string,\n email: string,\n domain: string,\n context: InvocationContext\n): Promise<{\n success: boolean;\n message: string;\n data?: {\n access_token: string;\n expires_in: number;\n refresh_token: string;\n refresh_expires_in: number;\n };\n}> {\n const currentTime = Math.floor(Date.now() / 1000);\n\n if(!clientId) return { success: false, message: \"Client ID is missing\" };\n if(!userId) return { success: false, message: \"User ID is missing\" };\n if(!realm) return { success: false, message: \"Realm is missing\" };\n if(!refreshToken) return { success: false, message: \"Refresh token is missing\" };\n if(!email) return { success: false, message: \"Email is missing\" };\n if(!domain) return { success: false, message: \"Domain is missing\" };\n\n context.info(\"values:\", {clientId, userId, realm, email, domain});\n\n const refreshTokenDecoded = verifyJsonWebToken(refreshToken);\n if (!refreshTokenDecoded) return { success: false, message: \"Invalid refresh token format\" };\n\n let { iss: refreshIss } = refreshTokenDecoded as TokenClaims;\n refreshIss = refreshIss.split(\"/\")[refreshIss.split(\"/\").length - 1];\n\n const { iat: refreshIat, exp: refreshExp, sub: refreshUserId, azp: refreshClientId, email: refreshEmail } = refreshTokenDecoded as TokenClaims;\n\n context.info(\"refreshTokenDecoded:\", JSON.stringify({refreshUserId, refreshClientId, refreshIss, refreshEmail}));\n\n if (!refreshUserId || !refreshClientId || !refreshIss) return { success: false, message: \"Refresh token missing required claims (sub or azp or iss)\" };\n\n if (refreshExp && refreshExp < currentTime) return { success: false, message: \"Refresh token has expired\" };\n\n if (refreshIat && refreshIat > currentTime) return { success: false, message: \"Invalid refresh token issuance time\" };\n\n if (refreshUserId !== userId || refreshClientId !== clientId || refreshIss !== realm || refreshEmail !== email) return { success: false, message: \"Refresh token does not match access token user\" };\n\n if(domain === \"accounts.culturefy.app\") {\n realm = \"superadmin\";\n clientId = \"cfy-superadmin-web\";\n } else {\n realm = realm;\n clientId = \"cfy-web\";\n }\n\n const newToken = await keycloakService.refreshToken(realm, clientId, refreshToken);\n if (!newToken) return { success: false, message: \"Failed to refresh access token\" };\n\n const newTokenDecoded = verifyJsonWebToken(newToken.access_token);\n if (!newTokenDecoded) return { success: false, message: \"Invalid new token format\" };\n\n const { iat: newIat, exp: newExp, sub: newUserId, azp: newClientId, iss: newIss, email: newEmail } = newTokenDecoded as TokenClaims;\n\n if (!newUserId || !newClientId || !newIss || !newEmail) return { success: false, message: \"New token missing required claims (sub or azp or iss or email)\" };\n\n if (newExp && newExp < currentTime) return { success: false, message: \"New token has expired\" };\n\n if (newIat && newIat > currentTime) return { success: false, message: \"Invalid new token issuance time\" };\n\n context.info(\"Token refreshed successfully for user:\", userId);\n\n return {\n success: true,\n message: \"Token refreshed successfully\",\n data: {\n access_token: newToken.access_token, expires_in: newToken.expires_in,\n refresh_token: newToken.refresh_token, refresh_expires_in: newToken.refresh_expires_in\n }\n };\n}\n\nasync function validateUserByRealm(\n realm: string,\n email: string,\n context: InvocationContext\n): Promise<{\n success: boolean;\n message: string;\n user?: any;\n}> {\n try {\n const authDbUrl = await getAzureVaultSecretByKey(\n context,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n const userService = new UserService(context, authDbUrl);\n\n let user = null;\n context.log(\"Getting user by realm:\", realm);\n try {\n user = await userService.getUserByBusinessId(realm, email);\n } catch (err: any) {\n context.error(`Failed to get user by realm:`, err);\n return { success: false, message: \"User not found..\" };\n }\n context.log(\"User:\", JSON.stringify(user));\n\n if (!user) return { success: false, message: \"User not found...\" };\n\n await userService.disconnect();\n\n return { success: true, message: \"User validation successful\", user };\n\n } catch (error) {\n context.error(\"User validation error:\", error);\n return { success: false, message: \"Error validating user information\" };\n }\n}\n\nasync function validateUserByEmail(\n email: string,\n context: InvocationContext\n): Promise<{\n success: boolean;\n message: string;\n user?: any;\n}> {\n try {\n const authDbUrl = await getAzureVaultSecretByKey(\n context,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n const userService = new UserService(context, authDbUrl);\n\n let user = null;\n context.log(\"Getting user by email:\", email);\n try {\n user = await userService.getUserByEmail(email);\n } catch (err: any) {\n context.error(`Failed to get user by email:`, err);\n return { success: false, message: \"User not found..\" };\n }\n context.log(\"User:\", JSON.stringify(user));\n\n if (!user) return { success: false, message: \"User not found...\" };\n\n await userService.disconnect();\n\n return { success: true, message: \"User validation successful\", user };\n\n } catch (error) {\n context.error(\"User validation error:\", error);\n return { success: false, message: \"Error validating user information\" };\n }\n}\n\nasync function validateTokenIntrospection(\n keycloakService: KeycloakAdminService,\n token: string,\n realm: string,\n clientId: string,\n domain: string,\n context: InvocationContext\n): Promise<boolean> {\n try {\n if(!realm) return false;\n if(!clientId) return false;\n if(!token) return false;\n \n if (domain === \"accounts.culturefy.app\") {\n realm = \"superadmin\";\n clientId = \"cfy-superadmin-web\";\n } else {\n realm = realm;\n clientId = \"cfy-web\";\n }\n\n context.info(\"Validating token with Keycloak introspection\");\n const introspection = await keycloakService.introspectToken(realm, clientId, token);\n\n if (!introspection.active) {\n context.warn(\"Token introspection returned inactive token\");\n return false;\n }\n\n context.info(\"Token introspection successful - token is active\");\n return true;\n } catch (error: any) {\n context.error(\"Token introspection error:\", error);\n\n if (error.message?.includes('Client not allowed')) {\n context.warn(\"Admin-cli client does not have introspection permissions - this is expected\");\n return true;\n }\n\n if (error.message?.includes('Invalid token')) return false;\n\n if (error.message?.includes('Token is not active')) return false;\n\n return false;\n }\n}"],"mappings":";;;;AAEA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,SAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAyBO,eAAeI,eAAeA,CAACC,OAAoB,EAAEC,MAAc,EAAEC,OAA0B,EAAkC;EACpI,IAAI;IACA,IAAIC,OAAO,GAAG,IAAAC,mBAAY,EAACJ,OAAO,EAAEE,OAAO,CAAC;IAC5C,IAAIG,WAAW,GAAGF,OAAO,CAAC,sBAAsB,CAAC;IACjD,IAAIG,YAAY,GAAGH,OAAO,CAAC,yBAAyB,CAAC;IAErD,IAAII,SAAS,EAAEC,gBAAgB;IAE/B,IAAI,CAACH,WAAW,EAAE,OAAO;MAAEI,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAA2B,CAAC;IAE/E,MAAMC,eAAe,GAAG,MAAMC,yBAAyB,CAACV,OAAO,CAAC;IAEhE,MAAMH,eAAe,GAAG,MAAMc,aAAa,CAACR,WAAW,EAAEH,OAAO,CAAC;IAEjE,IAAI,CAACH,eAAe,CAACe,OAAO,EAAE;MAC1B,IAAIf,eAAe,CAACgB,OAAO,EAAE;QACzB,MAAM;UAAEC;QAAK,CAAC,GAAGjB,eAAe;QAChC,IAAI,CAACiB,IAAI,EAAE,OAAO;UAAEP,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAE;QAAwB,CAAC;QAErE,IAAI;UAAEO,MAAM;UAAEC,QAAQ;UAAEC,KAAK;UAAEC;QAAM,CAAC,GAAGJ,IAAI;QAE7C,IAAI,CAACE,QAAQ,EAAE,OAAO;UAAET,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAE;QAAgC,CAAC;QACjF,IAAI,CAACO,MAAM,EAAE,OAAO;UAAER,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAE;QAAgC,CAAC;QAC/E,IAAI,CAACS,KAAK,EAAE,OAAO;UAAEV,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAE;QAAgC,CAAC;QAE9ER,OAAO,CAACmB,GAAG,CAAC,4BAA4B,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEN,MAAM;UAAEC,QAAQ;UAAEC,KAAK;UAAEC;QAAM,CAAC,CAAC,CAAC;QAE7F,MAAMI,oBAAoB,GAAG,MAAMC,kBAAkB,CAACd,eAAe,EAAEL,YAAY,EAAEW,MAAM,EAAEC,QAAQ,EAAEC,KAAK,EAAEC,KAAK,EAAEnB,MAAM,EAAEC,OAAO,CAAC;QACrI,IAAI,CAACsB,oBAAoB,CAACV,OAAO,EAAE,OAAO;UAAEL,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAEc,oBAAoB,CAACd;QAAQ,CAAC;QAElG,MAAM;UAAEM,IAAI,EAAEU;QAAiB,CAAC,GAAGF,oBAAoB;QACvD,IAAI,CAACE,gBAAgB,EAAE,OAAO;UAAEjB,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAE;QAAyB,CAAC;QAElFR,OAAO,CAACmB,GAAG,CAAC,2BAA2B,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEN,MAAM;UAAEC,QAAQ;UAAEC,KAAK;UAAEC;QAAM,CAAC,CAAC,CAAC;QAE5Ff,WAAW,GAAGqB,gBAAgB,CAACC,YAAY;QAC3CrB,YAAY,GAAGoB,gBAAgB,CAACE,aAAa;QAC7CrB,SAAS,GAAGmB,gBAAgB,CAACG,UAAU;QACvCrB,gBAAgB,GAAGkB,gBAAgB,CAACI,kBAAkB;MAE1D,CAAC,MAAM;QACH,OAAO;UAAErB,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAEX,eAAe,CAACW;QAAQ,CAAC;MAC9D;IACJ;IAEA,MAAM;MAAEM;IAAK,CAAC,GAAGjB,eAAe;IAEhC,IAAI,CAACiB,IAAI,EAAE,OAAO;MAAEP,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAwB,CAAC;IAErE,IAAI;MAAEO,MAAM;MAAEC,QAAQ;MAAEC,KAAK;MAAEC;IAAM,CAAC,GAAGJ,IAAI;IAE7C,IAAI,CAACE,QAAQ,EAAE,OAAO;MAAET,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAgC,CAAC;IACjF,IAAI,CAACO,MAAM,EAAE,OAAO;MAAER,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAgC,CAAC;IAC/E,IAAI,CAACS,KAAK,EAAE,OAAO;MAAEV,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAgC,CAAC;IAC9E,IAAI,CAACU,KAAK,EAAE,OAAO;MAAEX,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAgC,CAAC;IAE9ER,OAAO,CAACmB,GAAG,CAAC,kBAAkB,EAAEC,IAAI,CAACC,SAAS,CAAC;MAAEN,MAAM;MAAEC,QAAQ;MAAEC,KAAK;MAAEC;IAAM,CAAC,CAAC,CAAC;IAEnF,IAAIW,YAAY;IAChB,IAAIC,QAAQ;IAEZ,IAAG/B,MAAM,KAAK,wBAAwB,EAAE;MACpC,MAAMgC,kBAAkB,GAAG,MAAMC,0BAA0B,CACvDvB,eAAe,EACfN,WAAW,EACXc,KAAK,EACLD,QAAQ,EACRjB,MAAM,EACNC,OACJ,CAAC;MAED,IAAI,CAAC+B,kBAAkB,EAAE,OAAO;QAAExB,MAAM,EAAE,KAAK;QAAEC,OAAO,EAAE;MAA6B,CAAC;MACxFR,OAAO,CAACmB,GAAG,CAAC,gCAAgC,CAAC;MAE7CF,KAAK,GAAG,YAAY;MACpBD,QAAQ,GAAG,oBAAoB;MAE/Bc,QAAQ,GAAG,MAAMrB,eAAe,CAACwB,cAAc,CAAChB,KAAK,EAAEd,WAAW,CAAC;MACnEH,OAAO,CAACmB,GAAG,CAAC,cAAc,EAAEC,IAAI,CAACC,SAAS,CAACS,QAAQ,CAAC,CAAC;MAErD,IAAG,CAACA,QAAQ,CAACZ,KAAK,EAAE,OAAO;QAAEX,MAAM,EAAE,KAAK;QAAEC,OAAO,EAAE;MAAuB,CAAC;MAC7E,IAAGsB,QAAQ,CAACZ,KAAK,KAAKA,KAAK,EAAE,OAAO;QAAEX,MAAM,EAAE,KAAK;QAAEC,OAAO,EAAE;MAA4B,CAAC;MAC3FU,KAAK,GAAGY,QAAQ,CAACZ,KAAK;MACtBW,YAAY,GAAG,MAAMK,mBAAmB,CAAChB,KAAK,EAAElB,OAAO,CAAC;MACxD,IAAI,CAAC6B,YAAY,CAACjB,OAAO,EAAE,OAAO;QAAEL,MAAM,EAAE,KAAK;QAAEC,OAAO,EAAEqB,YAAY,CAACrB;MAAQ,CAAC;IACtF,CAAC,MAAM;MACHQ,QAAQ,GAAG,SAAS;MACpBa,YAAY,GAAG,MAAMM,mBAAmB,CAAClB,KAAK,EAAEC,KAAK,EAAElB,OAAO,CAAC;IACnE;IAEA,IAAI,CAAC6B,YAAY,CAACjB,OAAO,EAAE,OAAO;MAAEL,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAEqB,YAAY,CAACrB;IAAQ,CAAC;IAElF,MAAM4B,IAAI,GAAGP,YAAY,CAACO,IAAI;IAE9B,IAAI,CAACA,IAAI,EAAE,OAAO;MAAE7B,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAkB,CAAC;IAC/DR,OAAO,CAACmB,GAAG,CAAC,OAAO,EAAEC,IAAI,CAACC,SAAS,CAACe,IAAI,CAAC,CAAC;IAE1C,MAAML,kBAAkB,GAAG,MAAMC,0BAA0B,CACvDvB,eAAe,EACfN,WAAW,EACXc,KAAK,EACLD,QAAQ,EACRjB,MAAM,EACNC,OACJ,CAAC;IAED,IAAI,CAAC+B,kBAAkB,EAAE,OAAO;MAAExB,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAA6B,CAAC;IACxFR,OAAO,CAACmB,GAAG,CAAC,gCAAgC,CAAC;IAE7C,IAAIpB,MAAM,KAAK,wBAAwB,EAAE;MACrCkB,KAAK,GAAG,YAAY;MACpBD,QAAQ,GAAG,oBAAoB;IACnC,CAAC,MAAM;MACH,IAAG,CAACoB,IAAI,CAACC,UAAU,EAAE,OAAO;QAAE9B,MAAM,EAAE,KAAK;QAAEC,OAAO,EAAE;MAAiB,CAAC;MACxES,KAAK,GAAGmB,IAAI,CAACC,UAAU,CAACC,QAAQ,CAAC,CAAC;MAClCtB,QAAQ,GAAG,SAAS;IACxB;IAEA,IAAG,CAACc,QAAQ,EAAE;MACVA,QAAQ,GAAG,MAAMrB,eAAe,CAACwB,cAAc,CAAChB,KAAK,EAAEd,WAAW,CAAC;MACnEH,OAAO,CAACmB,GAAG,CAAC,cAAc,EAAEC,IAAI,CAACC,SAAS,CAACS,QAAQ,CAAC,CAAC;IACzD;IAEA,IAAG,CAACA,QAAQ,EAAE,OAAO;MAAEvB,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAsB,CAAC;IAEtE,IAAI+B,cAKH,GAAG;MACAd,YAAY,EAAEtB,WAAW;MACzBuB,aAAa,EAAEtB;IACnB,CAAC;IAED,IAAGC,SAAS,EAAEkC,cAAc,CAACZ,UAAU,GAAGtB,SAAS;IACnD,IAAGC,gBAAgB,EAAEiC,cAAc,CAACX,kBAAkB,GAAGtB,gBAAgB;IAEzE,OAAO;MACHC,MAAM,EAAE,IAAI;MACZC,OAAO,EAAE,gBAAgB;MACzBM,IAAI,EAAE;QACFb,OAAO,EAAEsC,cAAc;QACvBH,IAAI,EAAEA;MACV;IACJ,CAAC;EAEL,CAAC,CAAC,OAAOI,KAAK,EAAE;IACZxC,OAAO,CAACwC,KAAK,CAAC,mCAAmC,EAAEA,KAAK,CAAC;IACzD,OAAO;MAAEjC,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAA0D,CAAC;EAChG;AACJ;AAEA,eAAeE,yBAAyBA,CAACV,OAA0B,EAAiC;EAChG,MAAM,CAACyC,eAAe,EAAEC,qBAAqB,EAAEC,yBAAyB,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CAC1F,IAAAC,+BAAwB,EACpB9C,OAAO,EACP+C,OAAO,CAACC,GAAG,CAACC,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,iBACxB,CAAC,EACD,IAAAL,+BAAwB,EACpB9C,OAAO,EACP+C,OAAO,CAACC,GAAG,CAACC,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACE,wBACxB,CAAC,EACD,IAAAN,+BAAwB,EACpB9C,OAAO,EACP+C,OAAO,CAACC,GAAG,CAACC,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACG,4BACxB,CAAC,CACJ,CAAC;EAEF,OAAO,IAAIC,8BAAoB,CAACtD,OAAO,EAAE;IACrCuD,OAAO,EAAEd,eAAyB;IAClCe,aAAa,EAAEd,qBAA+B;IAC9Ce,iBAAiB,EAAEd;EACvB,CAAC,CAAC;AACN;AAEA,eAAehC,aAAaA,CACxBR,WAAmB,EACnBH,OAA0B,EAW3B;EACC,MAAM0D,WAAW,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EAEjD,MAAMC,OAAO,GAAG,IAAAC,yBAAkB,EAAC7D,WAAW,CAAC;EAE/C,IAAI,CAAC4D,OAAO,EAAE,OAAO;IAAEnD,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA8B,CAAC;EAE/E,IAAI;IAAEyD,GAAG;IAAEC,GAAG;IAAEC,GAAG,EAAEpD,MAAM;IAAEqD,GAAG,EAAEpD,QAAQ;IAAEqD,GAAG;IAAEnD;EAAM,CAAC,GAAG6C,OAAsB;EAEjF,IAAI,CAAChD,MAAM,IAAI,CAACC,QAAQ,IAAI,CAACqD,GAAG,EAAE,OAAO;IAAEzD,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA2D,CAAC;EAChIR,OAAO,CAACmB,GAAG,CAAC,sBAAsB,EAAEC,IAAI,CAACC,SAAS,CAAC0C,OAAO,CAAC,CAAC;EAE5D,IAAI9C,KAAK,GAAGoD,GAAG,CAACC,KAAK,CAAC,GAAG,CAAC,CAACD,GAAG,CAACC,KAAK,CAAC,GAAG,CAAC,CAACC,MAAM,GAAG,CAAC,CAAC;EACrD,IAAG,CAACtD,KAAK,EAAE,OAAO;IAAEL,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA6C,CAAC;EAE3F,IAAI0D,GAAG,IAAIA,GAAG,GAAGR,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE,qDAAqD;IAAEK,OAAO,EAAE,IAAI;IAAEC,IAAI,EAAE;MAAEC,MAAM;MAAEC,QAAQ;MAAEC,KAAK;MAAEC;IAAM;EAAE,CAAC;EAEhL,IAAI+C,GAAG,IAAIA,GAAG,GAAGP,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA8B,CAAC;EAE/F,OAAO;IACHI,OAAO,EAAE,IAAI;IACbJ,OAAO,EAAE,gBAAgB;IACzBM,IAAI,EAAE;MAAEC,MAAM;MAAEC,QAAQ;MAAEC,KAAK;MAAEC;IAAM;EAC3C,CAAC;AACL;AAEA,eAAeK,kBAAkBA,CAC7Bd,eAAqC,EACrCL,YAAoB,EACpBW,MAAc,EACdC,QAAgB,EAChBC,KAAa,EACbC,KAAa,EACbnB,MAAc,EACdC,OAA0B,EAU3B;EACC,MAAM0D,WAAW,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EAEjD,IAAG,CAAC9C,QAAQ,EAAE,OAAO;IAAEJ,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAuB,CAAC;EACxE,IAAG,CAACO,MAAM,EAAE,OAAO;IAAEH,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAqB,CAAC;EACpE,IAAG,CAACS,KAAK,EAAE,OAAO;IAAEL,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAmB,CAAC;EACjE,IAAG,CAACJ,YAAY,EAAE,OAAO;IAAEQ,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA2B,CAAC;EAChF,IAAG,CAACU,KAAK,EAAE,OAAO;IAAEN,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAmB,CAAC;EACjE,IAAG,CAACT,MAAM,EAAE,OAAO;IAAEa,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAoB,CAAC;EAEnER,OAAO,CAACwE,IAAI,CAAC,SAAS,EAAE;IAACxD,QAAQ;IAAED,MAAM;IAAEE,KAAK;IAAEC,KAAK;IAAEnB;EAAM,CAAC,CAAC;EAEjE,MAAM0E,mBAAmB,GAAG,IAAAT,yBAAkB,EAAC5D,YAAY,CAAC;EAC5D,IAAI,CAACqE,mBAAmB,EAAE,OAAO;IAAE7D,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA+B,CAAC;EAE5F,IAAI;IAAE6D,GAAG,EAAEK;EAAW,CAAC,GAAGD,mBAAkC;EAC5DC,UAAU,GAAGA,UAAU,CAACJ,KAAK,CAAC,GAAG,CAAC,CAACI,UAAU,CAACJ,KAAK,CAAC,GAAG,CAAC,CAACC,MAAM,GAAG,CAAC,CAAC;EAEpE,MAAM;IAAEN,GAAG,EAAEU,UAAU;IAAET,GAAG,EAAEU,UAAU;IAAET,GAAG,EAAEU,aAAa;IAAET,GAAG,EAAEU,eAAe;IAAE5D,KAAK,EAAE6D;EAAa,CAAC,GAAGN,mBAAkC;EAE9IzE,OAAO,CAACwE,IAAI,CAAC,sBAAsB,EAAEpD,IAAI,CAACC,SAAS,CAAC;IAACwD,aAAa;IAAEC,eAAe;IAAEJ,UAAU;IAAEK;EAAY,CAAC,CAAC,CAAC;EAEhH,IAAI,CAACF,aAAa,IAAI,CAACC,eAAe,IAAI,CAACJ,UAAU,EAAE,OAAO;IAAE9D,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA4D,CAAC;EAEtJ,IAAIoE,UAAU,IAAIA,UAAU,GAAGlB,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA4B,CAAC;EAE3G,IAAImE,UAAU,IAAIA,UAAU,GAAGjB,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAsC,CAAC;EAErH,IAAIqE,aAAa,KAAK9D,MAAM,IAAI+D,eAAe,KAAK9D,QAAQ,IAAI0D,UAAU,KAAKzD,KAAK,IAAI8D,YAAY,KAAK7D,KAAK,EAAE,OAAO;IAAEN,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAiD,CAAC;EAEpM,IAAGT,MAAM,KAAK,wBAAwB,EAAE;IACpCkB,KAAK,GAAG,YAAY;IACpBD,QAAQ,GAAG,oBAAoB;EACnC,CAAC,MAAM;IACHC,KAAK,GAAGA,KAAK;IACbD,QAAQ,GAAG,SAAS;EACxB;EAEA,MAAMgE,QAAQ,GAAG,MAAMvE,eAAe,CAACL,YAAY,CAACa,KAAK,EAAED,QAAQ,EAAEZ,YAAY,CAAC;EAClF,IAAI,CAAC4E,QAAQ,EAAE,OAAO;IAAEpE,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAiC,CAAC;EAEnF,MAAMyE,eAAe,GAAG,IAAAjB,yBAAkB,EAACgB,QAAQ,CAACvD,YAAY,CAAC;EACjE,IAAI,CAACwD,eAAe,EAAE,OAAO;IAAErE,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA2B,CAAC;EAEpF,MAAM;IAAEyD,GAAG,EAAEiB,MAAM;IAAEhB,GAAG,EAAEiB,MAAM;IAAEhB,GAAG,EAAEiB,SAAS;IAAEhB,GAAG,EAAEiB,WAAW;IAAEhB,GAAG,EAAEiB,MAAM;IAAEpE,KAAK,EAAEqE;EAAS,CAAC,GAAGN,eAA8B;EAEnI,IAAI,CAACG,SAAS,IAAI,CAACC,WAAW,IAAI,CAACC,MAAM,IAAI,CAACC,QAAQ,EAAE,OAAO;IAAE3E,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAiE,CAAC;EAE5J,IAAI2E,MAAM,IAAIA,MAAM,GAAGzB,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAwB,CAAC;EAE/F,IAAI0E,MAAM,IAAIA,MAAM,GAAGxB,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAkC,CAAC;EAEzGR,OAAO,CAACwE,IAAI,CAAC,wCAAwC,EAAEzD,MAAM,CAAC;EAE9D,OAAO;IACHH,OAAO,EAAE,IAAI;IACbJ,OAAO,EAAE,8BAA8B;IACvCM,IAAI,EAAE;MACFW,YAAY,EAAEuD,QAAQ,CAACvD,YAAY;MAAEE,UAAU,EAAEqD,QAAQ,CAACrD,UAAU;MACpED,aAAa,EAAEsD,QAAQ,CAACtD,aAAa;MAAEE,kBAAkB,EAAEoD,QAAQ,CAACpD;IACxE;EACJ,CAAC;AACL;AAEA,eAAeO,mBAAmBA,CAC9BlB,KAAa,EACbC,KAAa,EACblB,OAA0B,EAK3B;EACC,IAAI;IACA,MAAMwF,SAAS,GAAG,MAAM,IAAA1C,+BAAwB,EAC5C9C,OAAO,EACP+C,OAAO,CAACC,GAAG,CAACC,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACuC,yBACxB,CAAC;IAED,MAAMC,WAAW,GAAG,IAAIC,iBAAW,CAAC3F,OAAO,EAAEwF,SAAS,CAAC;IAEvD,IAAIpD,IAAI,GAAG,IAAI;IACfpC,OAAO,CAACmB,GAAG,CAAC,wBAAwB,EAAEF,KAAK,CAAC;IAC5C,IAAI;MACAmB,IAAI,GAAG,MAAMsD,WAAW,CAACE,mBAAmB,CAAC3E,KAAK,EAAEC,KAAK,CAAC;IAC9D,CAAC,CAAC,OAAO2E,GAAQ,EAAE;MACf7F,OAAO,CAACwC,KAAK,CAAC,8BAA8B,EAAEqD,GAAG,CAAC;MAClD,OAAO;QAAEjF,OAAO,EAAE,KAAK;QAAEJ,OAAO,EAAE;MAAmB,CAAC;IAC1D;IACAR,OAAO,CAACmB,GAAG,CAAC,OAAO,EAAEC,IAAI,CAACC,SAAS,CAACe,IAAI,CAAC,CAAC;IAE1C,IAAI,CAACA,IAAI,EAAE,OAAO;MAAExB,OAAO,EAAE,KAAK;MAAEJ,OAAO,EAAE;IAAoB,CAAC;IAElE,MAAMkF,WAAW,CAACI,UAAU,CAAC,CAAC;IAE9B,OAAO;MAAElF,OAAO,EAAE,IAAI;MAAEJ,OAAO,EAAE,4BAA4B;MAAE4B;IAAK,CAAC;EAEzE,CAAC,CAAC,OAAOI,KAAK,EAAE;IACZxC,OAAO,CAACwC,KAAK,CAAC,wBAAwB,EAAEA,KAAK,CAAC;IAC9C,OAAO;MAAE5B,OAAO,EAAE,KAAK;MAAEJ,OAAO,EAAE;IAAoC,CAAC;EAC3E;AACJ;AAEA,eAAe0B,mBAAmBA,CAC9BhB,KAAa,EACblB,OAA0B,EAK3B;EACC,IAAI;IACA,MAAMwF,SAAS,GAAG,MAAM,IAAA1C,+BAAwB,EAC5C9C,OAAO,EACP+C,OAAO,CAACC,GAAG,CAACC,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACuC,yBACxB,CAAC;IAED,MAAMC,WAAW,GAAG,IAAIC,iBAAW,CAAC3F,OAAO,EAAEwF,SAAS,CAAC;IAEvD,IAAIpD,IAAI,GAAG,IAAI;IACfpC,OAAO,CAACmB,GAAG,CAAC,wBAAwB,EAAED,KAAK,CAAC;IAC5C,IAAI;MACAkB,IAAI,GAAG,MAAMsD,WAAW,CAACK,cAAc,CAAC7E,KAAK,CAAC;IAClD,CAAC,CAAC,OAAO2E,GAAQ,EAAE;MACf7F,OAAO,CAACwC,KAAK,CAAC,8BAA8B,EAAEqD,GAAG,CAAC;MAClD,OAAO;QAAEjF,OAAO,EAAE,KAAK;QAAEJ,OAAO,EAAE;MAAmB,CAAC;IAC1D;IACAR,OAAO,CAACmB,GAAG,CAAC,OAAO,EAAEC,IAAI,CAACC,SAAS,CAACe,IAAI,CAAC,CAAC;IAE1C,IAAI,CAACA,IAAI,EAAE,OAAO;MAAExB,OAAO,EAAE,KAAK;MAAEJ,OAAO,EAAE;IAAoB,CAAC;IAElE,MAAMkF,WAAW,CAACI,UAAU,CAAC,CAAC;IAE9B,OAAO;MAAElF,OAAO,EAAE,IAAI;MAAEJ,OAAO,EAAE,4BAA4B;MAAE4B;IAAK,CAAC;EAEzE,CAAC,CAAC,OAAOI,KAAK,EAAE;IACZxC,OAAO,CAACwC,KAAK,CAAC,wBAAwB,EAAEA,KAAK,CAAC;IAC9C,OAAO;MAAE5B,OAAO,EAAE,KAAK;MAAEJ,OAAO,EAAE;IAAoC,CAAC;EAC3E;AACJ;AAEA,eAAewB,0BAA0BA,CACrCvB,eAAqC,EACrCuF,KAAa,EACb/E,KAAa,EACbD,QAAgB,EAChBjB,MAAc,EACdC,OAA0B,EACV;EAChB,IAAI;IACA,IAAG,CAACiB,KAAK,EAAE,OAAO,KAAK;IACvB,IAAG,CAACD,QAAQ,EAAE,OAAO,KAAK;IAC1B,IAAG,CAACgF,KAAK,EAAE,OAAO,KAAK;IAEvB,IAAIjG,MAAM,KAAK,wBAAwB,EAAE;MACrCkB,KAAK,GAAG,YAAY;MACpBD,QAAQ,GAAG,oBAAoB;IACnC,CAAC,MAAM;MACHC,KAAK,GAAGA,KAAK;MACbD,QAAQ,GAAG,SAAS;IACxB;IAEAhB,OAAO,CAACwE,IAAI,CAAC,8CAA8C,CAAC;IAC5D,MAAMyB,aAAa,GAAG,MAAMxF,eAAe,CAACyF,eAAe,CAACjF,KAAK,EAAED,QAAQ,EAAEgF,KAAK,CAAC;IAEnF,IAAI,CAACC,aAAa,CAACE,MAAM,EAAE;MACvBnG,OAAO,CAACoG,IAAI,CAAC,6CAA6C,CAAC;MAC3D,OAAO,KAAK;IAChB;IAEApG,OAAO,CAACwE,IAAI,CAAC,kDAAkD,CAAC;IAChE,OAAO,IAAI;EACf,CAAC,CAAC,OAAOhC,KAAU,EAAE;IAAA,IAAA6D,cAAA,EAAAC,eAAA,EAAAC,eAAA;IACjBvG,OAAO,CAACwC,KAAK,CAAC,4BAA4B,EAAEA,KAAK,CAAC;IAElD,KAAA6D,cAAA,GAAI7D,KAAK,CAAChC,OAAO,aAAb6F,cAAA,CAAeG,QAAQ,CAAC,oBAAoB,CAAC,EAAE;MAC/CxG,OAAO,CAACoG,IAAI,CAAC,6EAA6E,CAAC;MAC3F,OAAO,IAAI;IACf;IAEA,KAAAE,eAAA,GAAI9D,KAAK,CAAChC,OAAO,aAAb8F,eAAA,CAAeE,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,KAAK;IAE1D,KAAAD,eAAA,GAAI/D,KAAK,CAAChC,OAAO,aAAb+F,eAAA,CAAeC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,KAAK;IAEhE,OAAO,KAAK;EAChB;AACJ","ignoreList":[]}
1
+ {"version":3,"file":"token-validation.js","names":["_enums","require","_user","_keycloak","_utils","tokenValidation","request","domain","context","cookies","parseCookies","accessToken","refreshToken","expiresIn","refreshExpiresIn","status","message","keycloakService","initializeKeycloakService","validateToken","success","expired","data","userId","clientId","realm","email","log","JSON","stringify","refreshTokenResponse","handleTokenRefresh","refreshTokenData","access_token","refresh_token","expires_in","refresh_expires_in","verifyFromDb","userInfo","introspectionValid","validateTokenIntrospection","getUserByToken","validateUserByEmail","validateUserByRealm","user","businessId","toString","updatedCookies","error","keycloakBaseUrl","keycloakAdminClientId","keycloakAdminClientSecret","Promise","all","getAzureVaultSecretByKey","process","env","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","KEYCLOAK_BASE_URL","KEYCLOAK_ADMIN_CLIENT_ID","KEYCLOAK_ADMIN_CLIENT_SECRET","KeycloakAdminService","baseUrl","adminClientId","adminClientSecret","currentTime","Math","floor","Date","now","decoded","verifyJsonWebToken","iat","exp","sub","azp","iss","split","length","info","refreshTokenDecoded","refreshIss","refreshIat","refreshExp","refreshUserId","refreshClientId","refreshEmail","newToken","newTokenDecoded","newIat","newExp","newUserId","newClientId","newIss","newEmail","authDbUrl","DB_CONNECTING_STRING_USER","userService","UserService","err","disconnect","token","introspection","introspectToken","active","warn","_error$message","_error$message2","_error$message3","includes"],"sources":["../../../src/middlewares/token-validation.ts"],"sourcesContent":["\nimport IUser from \"../models/user.model\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { UserService } from \"../service/user.service\";\nimport { HttpRequest, InvocationContext } from \"@azure/functions\";\nimport { KeycloakAdminService } from \"../service/keycloak.service\";\nimport { getAzureVaultSecretByKey, parseCookies, verifyJsonWebToken } from \"../utils\";\n\ninterface TokenValidationResult {\n status: boolean;\n message: string;\n data?: {\n cookies: {\n access_token: string;\n refresh_token: string;\n expires_in?: number;\n refresh_expires_in?: number;\n };\n user: IUser;\n };\n}\n\ninterface TokenClaims {\n iat?: number;\n exp?: number;\n sub: string;\n azp: string;\n iss: string;\n email: string;\n}\n\nexport async function tokenValidation(request: HttpRequest, domain: string, context: InvocationContext): Promise<TokenValidationResult> {\n try {\n let cookies = parseCookies(request, context);\n let accessToken = cookies[\"culturefy-auth-token\"];\n let refreshToken = cookies[\"culturefy-refresh-token\"];\n\n let expiresIn, refreshExpiresIn;\n\n if (!accessToken) return { status: false, message: \"Access token is required\" };\n\n const keycloakService = await initializeKeycloakService(context);\n\n const tokenValidation = await validateToken(accessToken, context);\n\n if (!tokenValidation.success) {\n if (tokenValidation.expired) {\n const { data } = tokenValidation;\n if (!data) return { status: false, message: \"Invalid access token.\" };\n\n let { userId, clientId, realm, email } = data;\n\n if (!clientId) return { status: false, message: \"Invalid access token provided\" };\n if (!userId) return { status: false, message: \"Invalid access token provided\" };\n if (!realm) return { status: false, message: \"Invalid access token provided\" };\n\n context.log(\"Refreshing token for user:\", JSON.stringify({ userId, clientId, realm, email }));\n\n const refreshTokenResponse = await handleTokenRefresh(keycloakService, refreshToken, userId, clientId, realm, email, domain, context);\n if (!refreshTokenResponse.success) return { status: false, message: refreshTokenResponse.message };\n\n const { data: refreshTokenData } = refreshTokenResponse;\n if (!refreshTokenData) return { status: false, message: \"Invalid refresh token.\" };\n \n context.log(\"Refreshed token for user:\", JSON.stringify({ userId, clientId, realm, email }));\n\n accessToken = refreshTokenData.access_token;\n refreshToken = refreshTokenData.refresh_token;\n expiresIn = refreshTokenData.expires_in;\n refreshExpiresIn = refreshTokenData.refresh_expires_in;\n\n } else {\n return { status: false, message: tokenValidation.message };\n }\n }\n\n const { data } = tokenValidation;\n\n if (!data) return { status: false, message: \"Invalid access token.\" };\n\n let { userId, clientId, realm, email } = data;\n\n if (!clientId) return { status: false, message: \"Invalid access token provided\" };\n if (!userId) return { status: false, message: \"Invalid access token provided\" };\n if (!realm) return { status: false, message: \"Invalid access token provided\" };\n if (!email) return { status: false, message: \"Invalid access token provided\" };\n\n context.log(\"Validating user:\", JSON.stringify({ userId, clientId, realm, email }));\n\n let verifyFromDb;\n let userInfo;\n\n if(domain === \"accounts.culturefy.app\") {\n const introspectionValid = await validateTokenIntrospection(\n keycloakService,\n accessToken,\n realm,\n clientId,\n domain,\n context\n );\n \n if (!introspectionValid) return { status: false, message: \"Token introspection failed\" };\n context.log(\"Token introspection successful\");\n \n realm = \"superadmin\";\n clientId = \"cfy-superadmin-web\";\n \n userInfo = await keycloakService.getUserByToken(realm, accessToken);\n context.log(\"User info-1:\", JSON.stringify(userInfo));\n\n if(!userInfo.email) return { status: false, message: \"User email not found\" };\n if(userInfo.email !== email) return { status: false, message: \"User email does not match\" };\n email = userInfo.email;\n verifyFromDb = await validateUserByEmail(email, context);\n if (!verifyFromDb.success) return { status: false, message: verifyFromDb.message };\n } else {\n clientId = \"cfy-web\";\n verifyFromDb = await validateUserByRealm(realm, email, context);\n }\n\n if (!verifyFromDb.success) return { status: false, message: verifyFromDb.message };\n\n const user = verifyFromDb.user;\n\n if (!user) return { status: false, message: \"User not found.\" };\n context.log(\"User:\", JSON.stringify(user));\n\n const introspectionValid = await validateTokenIntrospection(\n keycloakService,\n accessToken,\n realm,\n clientId,\n domain,\n context\n );\n\n if (!introspectionValid) return { status: false, message: \"Token introspection failed\" };\n context.log(\"Token introspection successful\");\n\n if (domain === \"accounts.culturefy.app\") {\n realm = \"superadmin\";\n clientId = \"cfy-superadmin-web\";\n } else {\n if(!user.businessId) return { status: false, message: \"User not found\" };\n realm = user.businessId.toString();\n clientId = \"cfy-web\";\n }\n\n if(!userInfo) {\n userInfo = await keycloakService.getUserByToken(realm, accessToken);\n context.log(\"User info-2:\", JSON.stringify(userInfo));\n }\n\n if(!userInfo) return { status: false, message: \"User info not found\" };\n\n let updatedCookies: {\n access_token: string;\n refresh_token: string;\n expires_in?: number;\n refresh_expires_in?: number;\n } = {\n access_token: accessToken,\n refresh_token: refreshToken,\n };\n\n if(expiresIn) updatedCookies.expires_in = expiresIn;\n if(refreshExpiresIn) updatedCookies.refresh_expires_in = refreshExpiresIn;\n\n return {\n status: true,\n message: \"Token is valid\",\n data: {\n cookies: updatedCookies,\n user: user\n }\n };\n\n } catch (error) {\n context.error(\"Culturefy token validation error:\", error);\n return { status: false, message: \"Internal server error during culturefy token validation\" };\n }\n}\n\nasync function initializeKeycloakService(context: InvocationContext): Promise<KeycloakAdminService> {\n const [keycloakBaseUrl, keycloakAdminClientId, keycloakAdminClientSecret] = await Promise.all([\n getAzureVaultSecretByKey(\n context,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.KEYCLOAK_BASE_URL\n ),\n getAzureVaultSecretByKey(\n context,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.KEYCLOAK_ADMIN_CLIENT_ID\n ),\n getAzureVaultSecretByKey(\n context,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.KEYCLOAK_ADMIN_CLIENT_SECRET\n )\n ]);\n\n return new KeycloakAdminService(context, {\n baseUrl: keycloakBaseUrl as string,\n adminClientId: keycloakAdminClientId as string,\n adminClientSecret: keycloakAdminClientSecret as string\n });\n}\n\nasync function validateToken(\n accessToken: string,\n context: InvocationContext\n): Promise<{\n success: boolean;\n message: string;\n expired?: boolean;\n data?: {\n userId: string;\n clientId: string;\n realm: string;\n email: string;\n };\n}> {\n const currentTime = Math.floor(Date.now() / 1000);\n\n const decoded = verifyJsonWebToken(accessToken);\n\n if (!decoded) return { success: false, message: \"Invalid access token format\" };\n\n let { iat, exp, sub: userId, azp: clientId, iss, email } = decoded as TokenClaims;\n \n if (!userId || !clientId || !iss) return { success: false, message: \"Access token missing required claims (sub or azp or iss)\" };\n context.log(\"Access token claims:\", JSON.stringify(decoded));\n \n let realm = iss.split(\"/\")[iss.split(\"/\").length - 1];\n if(!realm) return { success: false, message: \"Access token missing required claims (iss)\" };\n\n if (exp && exp < currentTime) return { success: false, message: \"Access token expired and refresh token not provided\", expired: true, data: { userId, clientId, realm, email } };\n \n if (iat && iat > currentTime) return { success: false, message: \"Invalid token issuance time\" };\n\n return {\n success: true,\n message: \"Token is valid\",\n data: { userId, clientId, realm, email }\n };\n}\n\nasync function handleTokenRefresh(\n keycloakService: KeycloakAdminService,\n refreshToken: string,\n userId: string,\n clientId: string,\n realm: string,\n email: string,\n domain: string,\n context: InvocationContext\n): Promise<{\n success: boolean;\n message: string;\n data?: {\n access_token: string;\n expires_in: number;\n refresh_token: string;\n refresh_expires_in: number;\n };\n}> {\n const currentTime = Math.floor(Date.now() / 1000);\n\n if(!clientId) return { success: false, message: \"Client ID is missing\" };\n if(!userId) return { success: false, message: \"User ID is missing\" };\n if(!realm) return { success: false, message: \"Realm is missing\" };\n if(!refreshToken) return { success: false, message: \"Refresh token is missing\" };\n if(!email) return { success: false, message: \"Email is missing\" };\n if(!domain) return { success: false, message: \"Domain is missing\" };\n\n context.info(\"values:\", {clientId, userId, realm, email, domain});\n\n const refreshTokenDecoded = verifyJsonWebToken(refreshToken);\n if (!refreshTokenDecoded) return { success: false, message: \"Invalid refresh token format\" };\n\n let { iss: refreshIss } = refreshTokenDecoded as TokenClaims;\n refreshIss = refreshIss.split(\"/\")[refreshIss.split(\"/\").length - 1];\n\n const { iat: refreshIat, exp: refreshExp, sub: refreshUserId, azp: refreshClientId, email: refreshEmail } = refreshTokenDecoded as TokenClaims;\n\n context.info(\"refreshTokenDecoded:\", JSON.stringify({refreshUserId, refreshClientId, refreshIss, refreshEmail}));\n\n if (!refreshUserId || !refreshClientId || !refreshIss) return { success: false, message: \"Refresh token missing required claims (sub or azp or iss)\" };\n\n if (refreshExp && refreshExp < currentTime) return { success: false, message: \"Refresh token has expired\" };\n\n if (refreshIat && refreshIat > currentTime) return { success: false, message: \"Invalid refresh token issuance time\" };\n\n if (refreshUserId !== userId || refreshClientId !== clientId || refreshIss !== realm || refreshEmail !== email) return { success: false, message: \"Refresh token does not match access token user\" };\n\n if(domain === \"accounts.culturefy.app\") {\n realm = \"superadmin\";\n clientId = \"cfy-superadmin-web\";\n } else {\n realm = realm;\n clientId = \"cfy-web\";\n }\n\n const newToken = await keycloakService.refreshToken(realm, clientId, refreshToken);\n if (!newToken) return { success: false, message: \"Failed to refresh access token\" };\n\n const newTokenDecoded = verifyJsonWebToken(newToken.access_token);\n if (!newTokenDecoded) return { success: false, message: \"Invalid new token format\" };\n\n const { iat: newIat, exp: newExp, sub: newUserId, azp: newClientId, iss: newIss, email: newEmail } = newTokenDecoded as TokenClaims;\n\n if (!newUserId || !newClientId || !newIss || !newEmail) return { success: false, message: \"New token missing required claims (sub or azp or iss or email)\" };\n\n if (newExp && newExp < currentTime) return { success: false, message: \"New token has expired\" };\n\n if (newIat && newIat > currentTime) return { success: false, message: \"Invalid new token issuance time\" };\n\n context.info(\"Token refreshed successfully for user:\", userId);\n\n return {\n success: true,\n message: \"Token refreshed successfully\",\n data: {\n access_token: newToken.access_token, expires_in: newToken.expires_in,\n refresh_token: newToken.refresh_token, refresh_expires_in: newToken.refresh_expires_in\n }\n };\n}\n\nasync function validateUserByRealm(\n realm: string,\n email: string,\n context: InvocationContext\n): Promise<{\n success: boolean;\n message: string;\n user?: any;\n}> {\n try {\n const authDbUrl = await getAzureVaultSecretByKey(\n context,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n const userService = new UserService(context, authDbUrl);\n\n let user = null;\n context.log(\"Getting user by realm:\", realm);\n try {\n // user = await userService.getUserByBusinessId(realm, email);\n user = '';\n } catch (err: any) {\n context.error(`Failed to get user by realm:`, err);\n return { success: false, message: \"User not found..\" };\n }\n context.log(\"User:\", JSON.stringify(user));\n\n if (!user) return { success: false, message: \"User not found...\" };\n\n await userService.disconnect();\n\n return { success: true, message: \"User validation successful\", user };\n\n } catch (error) {\n context.error(\"User validation error:\", error);\n return { success: false, message: \"Error validating user information\" };\n }\n}\n\nasync function validateUserByEmail(\n email: string,\n context: InvocationContext\n): Promise<{\n success: boolean;\n message: string;\n user?: any;\n}> {\n try {\n const authDbUrl = await getAzureVaultSecretByKey(\n context,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n const userService = new UserService(context, authDbUrl);\n\n let user = null;\n context.log(\"Getting user by email:\", email);\n try {\n // user = await userService.getUserByEmail(email);\n user = '';\n } catch (err: any) {\n context.error(`Failed to get user by email:`, err);\n return { success: false, message: \"User not found..\" };\n }\n context.log(\"User:\", JSON.stringify(user));\n\n if (!user) return { success: false, message: \"User not found...\" };\n\n await userService.disconnect();\n\n return { success: true, message: \"User validation successful\", user };\n\n } catch (error) {\n context.error(\"User validation error:\", error);\n return { success: false, message: \"Error validating user information\" };\n }\n}\n\nasync function validateTokenIntrospection(\n keycloakService: KeycloakAdminService,\n token: string,\n realm: string,\n clientId: string,\n domain: string,\n context: InvocationContext\n): Promise<boolean> {\n try {\n if(!realm) return false;\n if(!clientId) return false;\n if(!token) return false;\n \n if (domain === \"accounts.culturefy.app\") {\n realm = \"superadmin\";\n clientId = \"cfy-superadmin-web\";\n } else {\n realm = realm;\n clientId = \"cfy-web\";\n }\n\n context.info(\"Validating token with Keycloak introspection\");\n const introspection = await keycloakService.introspectToken(realm, clientId, token);\n\n if (!introspection.active) {\n context.warn(\"Token introspection returned inactive token\");\n return false;\n }\n\n context.info(\"Token introspection successful - token is active\");\n return true;\n } catch (error: any) {\n context.error(\"Token introspection error:\", error);\n\n if (error.message?.includes('Client not allowed')) {\n context.warn(\"Admin-cli client does not have introspection permissions - this is expected\");\n return true;\n }\n\n if (error.message?.includes('Invalid token')) return false;\n\n if (error.message?.includes('Token is not active')) return false;\n\n return false;\n }\n}"],"mappings":";;;;AAEA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,SAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAyBO,eAAeI,eAAeA,CAACC,OAAoB,EAAEC,MAAc,EAAEC,OAA0B,EAAkC;EACpI,IAAI;IACA,IAAIC,OAAO,GAAG,IAAAC,mBAAY,EAACJ,OAAO,EAAEE,OAAO,CAAC;IAC5C,IAAIG,WAAW,GAAGF,OAAO,CAAC,sBAAsB,CAAC;IACjD,IAAIG,YAAY,GAAGH,OAAO,CAAC,yBAAyB,CAAC;IAErD,IAAII,SAAS,EAAEC,gBAAgB;IAE/B,IAAI,CAACH,WAAW,EAAE,OAAO;MAAEI,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAA2B,CAAC;IAE/E,MAAMC,eAAe,GAAG,MAAMC,yBAAyB,CAACV,OAAO,CAAC;IAEhE,MAAMH,eAAe,GAAG,MAAMc,aAAa,CAACR,WAAW,EAAEH,OAAO,CAAC;IAEjE,IAAI,CAACH,eAAe,CAACe,OAAO,EAAE;MAC1B,IAAIf,eAAe,CAACgB,OAAO,EAAE;QACzB,MAAM;UAAEC;QAAK,CAAC,GAAGjB,eAAe;QAChC,IAAI,CAACiB,IAAI,EAAE,OAAO;UAAEP,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAE;QAAwB,CAAC;QAErE,IAAI;UAAEO,MAAM;UAAEC,QAAQ;UAAEC,KAAK;UAAEC;QAAM,CAAC,GAAGJ,IAAI;QAE7C,IAAI,CAACE,QAAQ,EAAE,OAAO;UAAET,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAE;QAAgC,CAAC;QACjF,IAAI,CAACO,MAAM,EAAE,OAAO;UAAER,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAE;QAAgC,CAAC;QAC/E,IAAI,CAACS,KAAK,EAAE,OAAO;UAAEV,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAE;QAAgC,CAAC;QAE9ER,OAAO,CAACmB,GAAG,CAAC,4BAA4B,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEN,MAAM;UAAEC,QAAQ;UAAEC,KAAK;UAAEC;QAAM,CAAC,CAAC,CAAC;QAE7F,MAAMI,oBAAoB,GAAG,MAAMC,kBAAkB,CAACd,eAAe,EAAEL,YAAY,EAAEW,MAAM,EAAEC,QAAQ,EAAEC,KAAK,EAAEC,KAAK,EAAEnB,MAAM,EAAEC,OAAO,CAAC;QACrI,IAAI,CAACsB,oBAAoB,CAACV,OAAO,EAAE,OAAO;UAAEL,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAEc,oBAAoB,CAACd;QAAQ,CAAC;QAElG,MAAM;UAAEM,IAAI,EAAEU;QAAiB,CAAC,GAAGF,oBAAoB;QACvD,IAAI,CAACE,gBAAgB,EAAE,OAAO;UAAEjB,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAE;QAAyB,CAAC;QAElFR,OAAO,CAACmB,GAAG,CAAC,2BAA2B,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEN,MAAM;UAAEC,QAAQ;UAAEC,KAAK;UAAEC;QAAM,CAAC,CAAC,CAAC;QAE5Ff,WAAW,GAAGqB,gBAAgB,CAACC,YAAY;QAC3CrB,YAAY,GAAGoB,gBAAgB,CAACE,aAAa;QAC7CrB,SAAS,GAAGmB,gBAAgB,CAACG,UAAU;QACvCrB,gBAAgB,GAAGkB,gBAAgB,CAACI,kBAAkB;MAE1D,CAAC,MAAM;QACH,OAAO;UAAErB,MAAM,EAAE,KAAK;UAAEC,OAAO,EAAEX,eAAe,CAACW;QAAQ,CAAC;MAC9D;IACJ;IAEA,MAAM;MAAEM;IAAK,CAAC,GAAGjB,eAAe;IAEhC,IAAI,CAACiB,IAAI,EAAE,OAAO;MAAEP,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAwB,CAAC;IAErE,IAAI;MAAEO,MAAM;MAAEC,QAAQ;MAAEC,KAAK;MAAEC;IAAM,CAAC,GAAGJ,IAAI;IAE7C,IAAI,CAACE,QAAQ,EAAE,OAAO;MAAET,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAgC,CAAC;IACjF,IAAI,CAACO,MAAM,EAAE,OAAO;MAAER,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAgC,CAAC;IAC/E,IAAI,CAACS,KAAK,EAAE,OAAO;MAAEV,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAgC,CAAC;IAC9E,IAAI,CAACU,KAAK,EAAE,OAAO;MAAEX,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAgC,CAAC;IAE9ER,OAAO,CAACmB,GAAG,CAAC,kBAAkB,EAAEC,IAAI,CAACC,SAAS,CAAC;MAAEN,MAAM;MAAEC,QAAQ;MAAEC,KAAK;MAAEC;IAAM,CAAC,CAAC,CAAC;IAEnF,IAAIW,YAAY;IAChB,IAAIC,QAAQ;IAEZ,IAAG/B,MAAM,KAAK,wBAAwB,EAAE;MACpC,MAAMgC,kBAAkB,GAAG,MAAMC,0BAA0B,CACvDvB,eAAe,EACfN,WAAW,EACXc,KAAK,EACLD,QAAQ,EACRjB,MAAM,EACNC,OACJ,CAAC;MAED,IAAI,CAAC+B,kBAAkB,EAAE,OAAO;QAAExB,MAAM,EAAE,KAAK;QAAEC,OAAO,EAAE;MAA6B,CAAC;MACxFR,OAAO,CAACmB,GAAG,CAAC,gCAAgC,CAAC;MAE7CF,KAAK,GAAG,YAAY;MACpBD,QAAQ,GAAG,oBAAoB;MAE/Bc,QAAQ,GAAG,MAAMrB,eAAe,CAACwB,cAAc,CAAChB,KAAK,EAAEd,WAAW,CAAC;MACnEH,OAAO,CAACmB,GAAG,CAAC,cAAc,EAAEC,IAAI,CAACC,SAAS,CAACS,QAAQ,CAAC,CAAC;MAErD,IAAG,CAACA,QAAQ,CAACZ,KAAK,EAAE,OAAO;QAAEX,MAAM,EAAE,KAAK;QAAEC,OAAO,EAAE;MAAuB,CAAC;MAC7E,IAAGsB,QAAQ,CAACZ,KAAK,KAAKA,KAAK,EAAE,OAAO;QAAEX,MAAM,EAAE,KAAK;QAAEC,OAAO,EAAE;MAA4B,CAAC;MAC3FU,KAAK,GAAGY,QAAQ,CAACZ,KAAK;MACtBW,YAAY,GAAG,MAAMK,mBAAmB,CAAChB,KAAK,EAAElB,OAAO,CAAC;MACxD,IAAI,CAAC6B,YAAY,CAACjB,OAAO,EAAE,OAAO;QAAEL,MAAM,EAAE,KAAK;QAAEC,OAAO,EAAEqB,YAAY,CAACrB;MAAQ,CAAC;IACtF,CAAC,MAAM;MACHQ,QAAQ,GAAG,SAAS;MACpBa,YAAY,GAAG,MAAMM,mBAAmB,CAAClB,KAAK,EAAEC,KAAK,EAAElB,OAAO,CAAC;IACnE;IAEA,IAAI,CAAC6B,YAAY,CAACjB,OAAO,EAAE,OAAO;MAAEL,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAEqB,YAAY,CAACrB;IAAQ,CAAC;IAElF,MAAM4B,IAAI,GAAGP,YAAY,CAACO,IAAI;IAE9B,IAAI,CAACA,IAAI,EAAE,OAAO;MAAE7B,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAkB,CAAC;IAC/DR,OAAO,CAACmB,GAAG,CAAC,OAAO,EAAEC,IAAI,CAACC,SAAS,CAACe,IAAI,CAAC,CAAC;IAE1C,MAAML,kBAAkB,GAAG,MAAMC,0BAA0B,CACvDvB,eAAe,EACfN,WAAW,EACXc,KAAK,EACLD,QAAQ,EACRjB,MAAM,EACNC,OACJ,CAAC;IAED,IAAI,CAAC+B,kBAAkB,EAAE,OAAO;MAAExB,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAA6B,CAAC;IACxFR,OAAO,CAACmB,GAAG,CAAC,gCAAgC,CAAC;IAE7C,IAAIpB,MAAM,KAAK,wBAAwB,EAAE;MACrCkB,KAAK,GAAG,YAAY;MACpBD,QAAQ,GAAG,oBAAoB;IACnC,CAAC,MAAM;MACH,IAAG,CAACoB,IAAI,CAACC,UAAU,EAAE,OAAO;QAAE9B,MAAM,EAAE,KAAK;QAAEC,OAAO,EAAE;MAAiB,CAAC;MACxES,KAAK,GAAGmB,IAAI,CAACC,UAAU,CAACC,QAAQ,CAAC,CAAC;MAClCtB,QAAQ,GAAG,SAAS;IACxB;IAEA,IAAG,CAACc,QAAQ,EAAE;MACVA,QAAQ,GAAG,MAAMrB,eAAe,CAACwB,cAAc,CAAChB,KAAK,EAAEd,WAAW,CAAC;MACnEH,OAAO,CAACmB,GAAG,CAAC,cAAc,EAAEC,IAAI,CAACC,SAAS,CAACS,QAAQ,CAAC,CAAC;IACzD;IAEA,IAAG,CAACA,QAAQ,EAAE,OAAO;MAAEvB,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAAsB,CAAC;IAEtE,IAAI+B,cAKH,GAAG;MACAd,YAAY,EAAEtB,WAAW;MACzBuB,aAAa,EAAEtB;IACnB,CAAC;IAED,IAAGC,SAAS,EAAEkC,cAAc,CAACZ,UAAU,GAAGtB,SAAS;IACnD,IAAGC,gBAAgB,EAAEiC,cAAc,CAACX,kBAAkB,GAAGtB,gBAAgB;IAEzE,OAAO;MACHC,MAAM,EAAE,IAAI;MACZC,OAAO,EAAE,gBAAgB;MACzBM,IAAI,EAAE;QACFb,OAAO,EAAEsC,cAAc;QACvBH,IAAI,EAAEA;MACV;IACJ,CAAC;EAEL,CAAC,CAAC,OAAOI,KAAK,EAAE;IACZxC,OAAO,CAACwC,KAAK,CAAC,mCAAmC,EAAEA,KAAK,CAAC;IACzD,OAAO;MAAEjC,MAAM,EAAE,KAAK;MAAEC,OAAO,EAAE;IAA0D,CAAC;EAChG;AACJ;AAEA,eAAeE,yBAAyBA,CAACV,OAA0B,EAAiC;EAChG,MAAM,CAACyC,eAAe,EAAEC,qBAAqB,EAAEC,yBAAyB,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CAC1F,IAAAC,+BAAwB,EACpB9C,OAAO,EACP+C,OAAO,CAACC,GAAG,CAACC,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,iBACxB,CAAC,EACD,IAAAL,+BAAwB,EACpB9C,OAAO,EACP+C,OAAO,CAACC,GAAG,CAACC,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACE,wBACxB,CAAC,EACD,IAAAN,+BAAwB,EACpB9C,OAAO,EACP+C,OAAO,CAACC,GAAG,CAACC,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACG,4BACxB,CAAC,CACJ,CAAC;EAEF,OAAO,IAAIC,8BAAoB,CAACtD,OAAO,EAAE;IACrCuD,OAAO,EAAEd,eAAyB;IAClCe,aAAa,EAAEd,qBAA+B;IAC9Ce,iBAAiB,EAAEd;EACvB,CAAC,CAAC;AACN;AAEA,eAAehC,aAAaA,CACxBR,WAAmB,EACnBH,OAA0B,EAW3B;EACC,MAAM0D,WAAW,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EAEjD,MAAMC,OAAO,GAAG,IAAAC,yBAAkB,EAAC7D,WAAW,CAAC;EAE/C,IAAI,CAAC4D,OAAO,EAAE,OAAO;IAAEnD,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA8B,CAAC;EAE/E,IAAI;IAAEyD,GAAG;IAAEC,GAAG;IAAEC,GAAG,EAAEpD,MAAM;IAAEqD,GAAG,EAAEpD,QAAQ;IAAEqD,GAAG;IAAEnD;EAAM,CAAC,GAAG6C,OAAsB;EAEjF,IAAI,CAAChD,MAAM,IAAI,CAACC,QAAQ,IAAI,CAACqD,GAAG,EAAE,OAAO;IAAEzD,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA2D,CAAC;EAChIR,OAAO,CAACmB,GAAG,CAAC,sBAAsB,EAAEC,IAAI,CAACC,SAAS,CAAC0C,OAAO,CAAC,CAAC;EAE5D,IAAI9C,KAAK,GAAGoD,GAAG,CAACC,KAAK,CAAC,GAAG,CAAC,CAACD,GAAG,CAACC,KAAK,CAAC,GAAG,CAAC,CAACC,MAAM,GAAG,CAAC,CAAC;EACrD,IAAG,CAACtD,KAAK,EAAE,OAAO;IAAEL,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA6C,CAAC;EAE3F,IAAI0D,GAAG,IAAIA,GAAG,GAAGR,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE,qDAAqD;IAAEK,OAAO,EAAE,IAAI;IAAEC,IAAI,EAAE;MAAEC,MAAM;MAAEC,QAAQ;MAAEC,KAAK;MAAEC;IAAM;EAAE,CAAC;EAEhL,IAAI+C,GAAG,IAAIA,GAAG,GAAGP,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA8B,CAAC;EAE/F,OAAO;IACHI,OAAO,EAAE,IAAI;IACbJ,OAAO,EAAE,gBAAgB;IACzBM,IAAI,EAAE;MAAEC,MAAM;MAAEC,QAAQ;MAAEC,KAAK;MAAEC;IAAM;EAC3C,CAAC;AACL;AAEA,eAAeK,kBAAkBA,CAC7Bd,eAAqC,EACrCL,YAAoB,EACpBW,MAAc,EACdC,QAAgB,EAChBC,KAAa,EACbC,KAAa,EACbnB,MAAc,EACdC,OAA0B,EAU3B;EACC,MAAM0D,WAAW,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EAEjD,IAAG,CAAC9C,QAAQ,EAAE,OAAO;IAAEJ,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAuB,CAAC;EACxE,IAAG,CAACO,MAAM,EAAE,OAAO;IAAEH,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAqB,CAAC;EACpE,IAAG,CAACS,KAAK,EAAE,OAAO;IAAEL,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAmB,CAAC;EACjE,IAAG,CAACJ,YAAY,EAAE,OAAO;IAAEQ,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA2B,CAAC;EAChF,IAAG,CAACU,KAAK,EAAE,OAAO;IAAEN,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAmB,CAAC;EACjE,IAAG,CAACT,MAAM,EAAE,OAAO;IAAEa,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAoB,CAAC;EAEnER,OAAO,CAACwE,IAAI,CAAC,SAAS,EAAE;IAACxD,QAAQ;IAAED,MAAM;IAAEE,KAAK;IAAEC,KAAK;IAAEnB;EAAM,CAAC,CAAC;EAEjE,MAAM0E,mBAAmB,GAAG,IAAAT,yBAAkB,EAAC5D,YAAY,CAAC;EAC5D,IAAI,CAACqE,mBAAmB,EAAE,OAAO;IAAE7D,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA+B,CAAC;EAE5F,IAAI;IAAE6D,GAAG,EAAEK;EAAW,CAAC,GAAGD,mBAAkC;EAC5DC,UAAU,GAAGA,UAAU,CAACJ,KAAK,CAAC,GAAG,CAAC,CAACI,UAAU,CAACJ,KAAK,CAAC,GAAG,CAAC,CAACC,MAAM,GAAG,CAAC,CAAC;EAEpE,MAAM;IAAEN,GAAG,EAAEU,UAAU;IAAET,GAAG,EAAEU,UAAU;IAAET,GAAG,EAAEU,aAAa;IAAET,GAAG,EAAEU,eAAe;IAAE5D,KAAK,EAAE6D;EAAa,CAAC,GAAGN,mBAAkC;EAE9IzE,OAAO,CAACwE,IAAI,CAAC,sBAAsB,EAAEpD,IAAI,CAACC,SAAS,CAAC;IAACwD,aAAa;IAAEC,eAAe;IAAEJ,UAAU;IAAEK;EAAY,CAAC,CAAC,CAAC;EAEhH,IAAI,CAACF,aAAa,IAAI,CAACC,eAAe,IAAI,CAACJ,UAAU,EAAE,OAAO;IAAE9D,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA4D,CAAC;EAEtJ,IAAIoE,UAAU,IAAIA,UAAU,GAAGlB,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA4B,CAAC;EAE3G,IAAImE,UAAU,IAAIA,UAAU,GAAGjB,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAsC,CAAC;EAErH,IAAIqE,aAAa,KAAK9D,MAAM,IAAI+D,eAAe,KAAK9D,QAAQ,IAAI0D,UAAU,KAAKzD,KAAK,IAAI8D,YAAY,KAAK7D,KAAK,EAAE,OAAO;IAAEN,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAiD,CAAC;EAEpM,IAAGT,MAAM,KAAK,wBAAwB,EAAE;IACpCkB,KAAK,GAAG,YAAY;IACpBD,QAAQ,GAAG,oBAAoB;EACnC,CAAC,MAAM;IACHC,KAAK,GAAGA,KAAK;IACbD,QAAQ,GAAG,SAAS;EACxB;EAEA,MAAMgE,QAAQ,GAAG,MAAMvE,eAAe,CAACL,YAAY,CAACa,KAAK,EAAED,QAAQ,EAAEZ,YAAY,CAAC;EAClF,IAAI,CAAC4E,QAAQ,EAAE,OAAO;IAAEpE,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAiC,CAAC;EAEnF,MAAMyE,eAAe,GAAG,IAAAjB,yBAAkB,EAACgB,QAAQ,CAACvD,YAAY,CAAC;EACjE,IAAI,CAACwD,eAAe,EAAE,OAAO;IAAErE,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAA2B,CAAC;EAEpF,MAAM;IAAEyD,GAAG,EAAEiB,MAAM;IAAEhB,GAAG,EAAEiB,MAAM;IAAEhB,GAAG,EAAEiB,SAAS;IAAEhB,GAAG,EAAEiB,WAAW;IAAEhB,GAAG,EAAEiB,MAAM;IAAEpE,KAAK,EAAEqE;EAAS,CAAC,GAAGN,eAA8B;EAEnI,IAAI,CAACG,SAAS,IAAI,CAACC,WAAW,IAAI,CAACC,MAAM,IAAI,CAACC,QAAQ,EAAE,OAAO;IAAE3E,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAiE,CAAC;EAE5J,IAAI2E,MAAM,IAAIA,MAAM,GAAGzB,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAwB,CAAC;EAE/F,IAAI0E,MAAM,IAAIA,MAAM,GAAGxB,WAAW,EAAE,OAAO;IAAE9C,OAAO,EAAE,KAAK;IAAEJ,OAAO,EAAE;EAAkC,CAAC;EAEzGR,OAAO,CAACwE,IAAI,CAAC,wCAAwC,EAAEzD,MAAM,CAAC;EAE9D,OAAO;IACHH,OAAO,EAAE,IAAI;IACbJ,OAAO,EAAE,8BAA8B;IACvCM,IAAI,EAAE;MACFW,YAAY,EAAEuD,QAAQ,CAACvD,YAAY;MAAEE,UAAU,EAAEqD,QAAQ,CAACrD,UAAU;MACpED,aAAa,EAAEsD,QAAQ,CAACtD,aAAa;MAAEE,kBAAkB,EAAEoD,QAAQ,CAACpD;IACxE;EACJ,CAAC;AACL;AAEA,eAAeO,mBAAmBA,CAC9BlB,KAAa,EACbC,KAAa,EACblB,OAA0B,EAK3B;EACC,IAAI;IACA,MAAMwF,SAAS,GAAG,MAAM,IAAA1C,+BAAwB,EAC5C9C,OAAO,EACP+C,OAAO,CAACC,GAAG,CAACC,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACuC,yBACxB,CAAC;IAED,MAAMC,WAAW,GAAG,IAAIC,iBAAW,CAAC3F,OAAO,EAAEwF,SAAS,CAAC;IAEvD,IAAIpD,IAAI,GAAG,IAAI;IACfpC,OAAO,CAACmB,GAAG,CAAC,wBAAwB,EAAEF,KAAK,CAAC;IAC5C,IAAI;MACA;MACAmB,IAAI,GAAG,EAAE;IACb,CAAC,CAAC,OAAOwD,GAAQ,EAAE;MACf5F,OAAO,CAACwC,KAAK,CAAC,8BAA8B,EAAEoD,GAAG,CAAC;MAClD,OAAO;QAAEhF,OAAO,EAAE,KAAK;QAAEJ,OAAO,EAAE;MAAmB,CAAC;IAC1D;IACAR,OAAO,CAACmB,GAAG,CAAC,OAAO,EAAEC,IAAI,CAACC,SAAS,CAACe,IAAI,CAAC,CAAC;IAE1C,IAAI,CAACA,IAAI,EAAE,OAAO;MAAExB,OAAO,EAAE,KAAK;MAAEJ,OAAO,EAAE;IAAoB,CAAC;IAElE,MAAMkF,WAAW,CAACG,UAAU,CAAC,CAAC;IAE9B,OAAO;MAAEjF,OAAO,EAAE,IAAI;MAAEJ,OAAO,EAAE,4BAA4B;MAAE4B;IAAK,CAAC;EAEzE,CAAC,CAAC,OAAOI,KAAK,EAAE;IACZxC,OAAO,CAACwC,KAAK,CAAC,wBAAwB,EAAEA,KAAK,CAAC;IAC9C,OAAO;MAAE5B,OAAO,EAAE,KAAK;MAAEJ,OAAO,EAAE;IAAoC,CAAC;EAC3E;AACJ;AAEA,eAAe0B,mBAAmBA,CAC9BhB,KAAa,EACblB,OAA0B,EAK3B;EACC,IAAI;IACA,MAAMwF,SAAS,GAAG,MAAM,IAAA1C,+BAAwB,EAC5C9C,OAAO,EACP+C,OAAO,CAACC,GAAG,CAACC,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACuC,yBACxB,CAAC;IAED,MAAMC,WAAW,GAAG,IAAIC,iBAAW,CAAC3F,OAAO,EAAEwF,SAAS,CAAC;IAEvD,IAAIpD,IAAI,GAAG,IAAI;IACfpC,OAAO,CAACmB,GAAG,CAAC,wBAAwB,EAAED,KAAK,CAAC;IAC5C,IAAI;MACA;MACAkB,IAAI,GAAG,EAAE;IACb,CAAC,CAAC,OAAOwD,GAAQ,EAAE;MACf5F,OAAO,CAACwC,KAAK,CAAC,8BAA8B,EAAEoD,GAAG,CAAC;MAClD,OAAO;QAAEhF,OAAO,EAAE,KAAK;QAAEJ,OAAO,EAAE;MAAmB,CAAC;IAC1D;IACAR,OAAO,CAACmB,GAAG,CAAC,OAAO,EAAEC,IAAI,CAACC,SAAS,CAACe,IAAI,CAAC,CAAC;IAE1C,IAAI,CAACA,IAAI,EAAE,OAAO;MAAExB,OAAO,EAAE,KAAK;MAAEJ,OAAO,EAAE;IAAoB,CAAC;IAElE,MAAMkF,WAAW,CAACG,UAAU,CAAC,CAAC;IAE9B,OAAO;MAAEjF,OAAO,EAAE,IAAI;MAAEJ,OAAO,EAAE,4BAA4B;MAAE4B;IAAK,CAAC;EAEzE,CAAC,CAAC,OAAOI,KAAK,EAAE;IACZxC,OAAO,CAACwC,KAAK,CAAC,wBAAwB,EAAEA,KAAK,CAAC;IAC9C,OAAO;MAAE5B,OAAO,EAAE,KAAK;MAAEJ,OAAO,EAAE;IAAoC,CAAC;EAC3E;AACJ;AAEA,eAAewB,0BAA0BA,CACrCvB,eAAqC,EACrCqF,KAAa,EACb7E,KAAa,EACbD,QAAgB,EAChBjB,MAAc,EACdC,OAA0B,EACV;EAChB,IAAI;IACA,IAAG,CAACiB,KAAK,EAAE,OAAO,KAAK;IACvB,IAAG,CAACD,QAAQ,EAAE,OAAO,KAAK;IAC1B,IAAG,CAAC8E,KAAK,EAAE,OAAO,KAAK;IAEvB,IAAI/F,MAAM,KAAK,wBAAwB,EAAE;MACrCkB,KAAK,GAAG,YAAY;MACpBD,QAAQ,GAAG,oBAAoB;IACnC,CAAC,MAAM;MACHC,KAAK,GAAGA,KAAK;MACbD,QAAQ,GAAG,SAAS;IACxB;IAEAhB,OAAO,CAACwE,IAAI,CAAC,8CAA8C,CAAC;IAC5D,MAAMuB,aAAa,GAAG,MAAMtF,eAAe,CAACuF,eAAe,CAAC/E,KAAK,EAAED,QAAQ,EAAE8E,KAAK,CAAC;IAEnF,IAAI,CAACC,aAAa,CAACE,MAAM,EAAE;MACvBjG,OAAO,CAACkG,IAAI,CAAC,6CAA6C,CAAC;MAC3D,OAAO,KAAK;IAChB;IAEAlG,OAAO,CAACwE,IAAI,CAAC,kDAAkD,CAAC;IAChE,OAAO,IAAI;EACf,CAAC,CAAC,OAAOhC,KAAU,EAAE;IAAA,IAAA2D,cAAA,EAAAC,eAAA,EAAAC,eAAA;IACjBrG,OAAO,CAACwC,KAAK,CAAC,4BAA4B,EAAEA,KAAK,CAAC;IAElD,KAAA2D,cAAA,GAAI3D,KAAK,CAAChC,OAAO,aAAb2F,cAAA,CAAeG,QAAQ,CAAC,oBAAoB,CAAC,EAAE;MAC/CtG,OAAO,CAACkG,IAAI,CAAC,6EAA6E,CAAC;MAC3F,OAAO,IAAI;IACf;IAEA,KAAAE,eAAA,GAAI5D,KAAK,CAAChC,OAAO,aAAb4F,eAAA,CAAeE,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,KAAK;IAE1D,KAAAD,eAAA,GAAI7D,KAAK,CAAChC,OAAO,aAAb6F,eAAA,CAAeC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,KAAK;IAEhE,OAAO,KAAK;EAChB;AACJ","ignoreList":[]}