@de-otio/trellis 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/env.d.ts +21 -0
- package/dist/env.d.ts.map +1 -1
- package/dist/env.js +12 -0
- package/dist/env.js.map +1 -1
- package/dist/lambda/nightly-cron.d.ts.map +1 -1
- package/dist/lambda/nightly-cron.js +5 -2
- package/dist/lambda/nightly-cron.js.map +1 -1
- package/dist/lambda/post-confirmation.d.ts +30 -0
- package/dist/lambda/post-confirmation.d.ts.map +1 -1
- package/dist/lambda/post-confirmation.js +333 -29
- package/dist/lambda/post-confirmation.js.map +1 -1
- package/dist/lambda/pre-token-generation.d.ts +20 -0
- package/dist/lambda/pre-token-generation.d.ts.map +1 -1
- package/dist/lambda/pre-token-generation.js +233 -48
- package/dist/lambda/pre-token-generation.js.map +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
- package/dist/lib/activitypub/activity-processor.js +2 -1
- package/dist/lib/activitypub/activity-processor.js.map +1 -1
- package/dist/lib/activitypub/group-service.d.ts +2 -2
- package/dist/lib/activitypub/group-service.d.ts.map +1 -1
- package/dist/lib/activitypub/group-service.js +5 -2
- package/dist/lib/activitypub/group-service.js.map +1 -1
- package/dist/lib/age-tier-transition.d.ts.map +1 -1
- package/dist/lib/age-tier-transition.js +19 -10
- package/dist/lib/age-tier-transition.js.map +1 -1
- package/dist/lib/audit/csv-export.d.ts +25 -0
- package/dist/lib/audit/csv-export.d.ts.map +1 -0
- package/dist/lib/audit/csv-export.js +54 -0
- package/dist/lib/audit/csv-export.js.map +1 -0
- package/dist/lib/audit/emit.d.ts +56 -0
- package/dist/lib/audit/emit.d.ts.map +1 -0
- package/dist/lib/audit/emit.js +124 -0
- package/dist/lib/audit/emit.js.map +1 -0
- package/dist/lib/audit/event-types.d.ts +36 -0
- package/dist/lib/audit/event-types.d.ts.map +1 -0
- package/dist/lib/audit/event-types.js +69 -0
- package/dist/lib/audit/event-types.js.map +1 -0
- package/dist/lib/audit/pii-filter.d.ts +22 -0
- package/dist/lib/audit/pii-filter.d.ts.map +1 -0
- package/dist/lib/audit/pii-filter.js +51 -0
- package/dist/lib/audit/pii-filter.js.map +1 -0
- package/dist/lib/audit-logger.js +1 -1
- package/dist/lib/audit-logger.js.map +1 -1
- package/dist/lib/auth/auth-context.d.ts +34 -0
- package/dist/lib/auth/auth-context.d.ts.map +1 -0
- package/dist/lib/auth/auth-context.js +10 -0
- package/dist/lib/auth/auth-context.js.map +1 -0
- package/dist/lib/auth/auth-middleware.d.ts +50 -0
- package/dist/lib/auth/auth-middleware.d.ts.map +1 -0
- package/dist/lib/auth/auth-middleware.js +153 -0
- package/dist/lib/auth/auth-middleware.js.map +1 -0
- package/dist/lib/auth/capabilities.d.ts +40 -0
- package/dist/lib/auth/capabilities.d.ts.map +1 -0
- package/dist/lib/auth/capabilities.js +44 -0
- package/dist/lib/auth/capabilities.js.map +1 -0
- package/dist/lib/auth/claims-cache.d.ts +70 -0
- package/dist/lib/auth/claims-cache.d.ts.map +1 -0
- package/dist/lib/auth/claims-cache.js +139 -0
- package/dist/lib/auth/claims-cache.js.map +1 -0
- package/dist/lib/auth/cognito-jwt.d.ts +6 -0
- package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
- package/dist/lib/auth/cognito-jwt.js.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts +43 -0
- package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -0
- package/dist/lib/auth/idp-redirect-builder.js +48 -0
- package/dist/lib/auth/idp-redirect-builder.js.map +1 -0
- package/dist/lib/auth/require.d.ts +51 -0
- package/dist/lib/auth/require.d.ts.map +1 -0
- package/dist/lib/auth/require.js +99 -0
- package/dist/lib/auth/require.js.map +1 -0
- package/dist/lib/auth/role-grants.d.ts +18 -0
- package/dist/lib/auth/role-grants.d.ts.map +1 -0
- package/dist/lib/auth/role-grants.js +62 -0
- package/dist/lib/auth/role-grants.js.map +1 -0
- package/dist/lib/cognito/idp-sdk.d.ts +80 -0
- package/dist/lib/cognito/idp-sdk.d.ts.map +1 -0
- package/dist/lib/cognito/idp-sdk.js +186 -0
- package/dist/lib/cognito/idp-sdk.js.map +1 -0
- package/dist/lib/cognito/issuer-probe.d.ts +47 -0
- package/dist/lib/cognito/issuer-probe.d.ts.map +1 -0
- package/dist/lib/cognito/issuer-probe.js +319 -0
- package/dist/lib/cognito/issuer-probe.js.map +1 -0
- package/dist/lib/comment-handler.d.ts +7 -7
- package/dist/lib/comment-handler.d.ts.map +1 -1
- package/dist/lib/comment-handler.js +23 -20
- package/dist/lib/comment-handler.js.map +1 -1
- package/dist/lib/compliance/baseline.d.ts +15 -0
- package/dist/lib/compliance/baseline.d.ts.map +1 -0
- package/dist/lib/compliance/baseline.js +205 -0
- package/dist/lib/compliance/baseline.js.map +1 -0
- package/dist/lib/compliance/tenant-merge.d.ts +35 -0
- package/dist/lib/compliance/tenant-merge.d.ts.map +1 -0
- package/dist/lib/compliance/tenant-merge.js +80 -0
- package/dist/lib/compliance/tenant-merge.js.map +1 -0
- package/dist/lib/compliance/types.d.ts +135 -0
- package/dist/lib/compliance/types.d.ts.map +1 -0
- package/dist/lib/compliance/types.js +9 -0
- package/dist/lib/compliance/types.js.map +1 -0
- package/dist/lib/connection-code-handler.d.ts +4 -4
- package/dist/lib/connection-code-handler.d.ts.map +1 -1
- package/dist/lib/connection-code-handler.js +21 -11
- package/dist/lib/connection-code-handler.js.map +1 -1
- package/dist/lib/feed-handler.d.ts +2 -2
- package/dist/lib/feed-handler.d.ts.map +1 -1
- package/dist/lib/feed-handler.js +5 -9
- package/dist/lib/feed-handler.js.map +1 -1
- package/dist/lib/middleware/idempotency-store.d.ts +86 -0
- package/dist/lib/middleware/idempotency-store.d.ts.map +1 -0
- package/dist/lib/middleware/idempotency-store.js +109 -0
- package/dist/lib/middleware/idempotency-store.js.map +1 -0
- package/dist/lib/middleware/idempotency.d.ts +37 -0
- package/dist/lib/middleware/idempotency.d.ts.map +1 -0
- package/dist/lib/middleware/idempotency.js +358 -0
- package/dist/lib/middleware/idempotency.js.map +1 -0
- package/dist/lib/net/trusted-client-ip.d.ts +39 -0
- package/dist/lib/net/trusted-client-ip.d.ts.map +1 -0
- package/dist/lib/net/trusted-client-ip.js +100 -0
- package/dist/lib/net/trusted-client-ip.js.map +1 -0
- package/dist/lib/notification-handler.d.ts +5 -5
- package/dist/lib/notification-handler.d.ts.map +1 -1
- package/dist/lib/notification-handler.js +11 -9
- package/dist/lib/notification-handler.js.map +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts +34 -0
- package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -0
- package/dist/lib/oauth/cognito-issuer.js +53 -0
- package/dist/lib/oauth/cognito-issuer.js.map +1 -0
- package/dist/lib/oauth/device-authorization.d.ts +145 -0
- package/dist/lib/oauth/device-authorization.d.ts.map +1 -0
- package/dist/lib/oauth/device-authorization.js +312 -0
- package/dist/lib/oauth/device-authorization.js.map +1 -0
- package/dist/lib/oauth/envelope-crypto.d.ts +101 -0
- package/dist/lib/oauth/envelope-crypto.d.ts.map +1 -0
- package/dist/lib/oauth/envelope-crypto.js +223 -0
- package/dist/lib/oauth/envelope-crypto.js.map +1 -0
- package/dist/lib/oauth/refresh-detection.d.ts +126 -0
- package/dist/lib/oauth/refresh-detection.d.ts.map +1 -0
- package/dist/lib/oauth/refresh-detection.js +248 -0
- package/dist/lib/oauth/refresh-detection.js.map +1 -0
- package/dist/lib/openapi/generator.d.ts +78 -0
- package/dist/lib/openapi/generator.d.ts.map +1 -0
- package/dist/lib/openapi/generator.js +201 -0
- package/dist/lib/openapi/generator.js.map +1 -0
- package/dist/lib/post-handler.d.ts +1 -1
- package/dist/lib/post-handler.d.ts.map +1 -1
- package/dist/lib/post-handler.js +4 -15
- package/dist/lib/post-handler.js.map +1 -1
- package/dist/lib/rate-limit.d.ts.map +1 -1
- package/dist/lib/rate-limit.js +11 -3
- package/dist/lib/rate-limit.js.map +1 -1
- package/dist/lib/routes/agent-authorize.d.ts +32 -0
- package/dist/lib/routes/agent-authorize.d.ts.map +1 -0
- package/dist/lib/routes/agent-authorize.js +479 -0
- package/dist/lib/routes/agent-authorize.js.map +1 -0
- package/dist/lib/routes/agent-sessions.d.ts +20 -0
- package/dist/lib/routes/agent-sessions.d.ts.map +1 -0
- package/dist/lib/routes/agent-sessions.js +124 -0
- package/dist/lib/routes/agent-sessions.js.map +1 -0
- package/dist/lib/routes/agent-surface.d.ts +37 -0
- package/dist/lib/routes/agent-surface.d.ts.map +1 -0
- package/dist/lib/routes/agent-surface.js +208 -0
- package/dist/lib/routes/agent-surface.js.map +1 -0
- package/dist/lib/routes/auth-discover.d.ts +18 -0
- package/dist/lib/routes/auth-discover.d.ts.map +1 -0
- package/dist/lib/routes/auth-discover.js +177 -0
- package/dist/lib/routes/auth-discover.js.map +1 -0
- package/dist/lib/routes/comments.d.ts.map +1 -1
- package/dist/lib/routes/comments.js +36 -7
- package/dist/lib/routes/comments.js.map +1 -1
- package/dist/lib/routes/connection-codes.d.ts.map +1 -1
- package/dist/lib/routes/connection-codes.js +21 -4
- package/dist/lib/routes/connection-codes.js.map +1 -1
- package/dist/lib/routes/content-discovery.d.ts.map +1 -1
- package/dist/lib/routes/content-discovery.js +18 -13
- package/dist/lib/routes/content-discovery.js.map +1 -1
- package/dist/lib/routes/dashboard.js +1 -1
- package/dist/lib/routes/dashboard.js.map +1 -1
- package/dist/lib/routes/employees.d.ts.map +1 -1
- package/dist/lib/routes/employees.js +57 -15
- package/dist/lib/routes/employees.js.map +1 -1
- package/dist/lib/routes/entities.d.ts.map +1 -1
- package/dist/lib/routes/entities.js +35 -19
- package/dist/lib/routes/entities.js.map +1 -1
- package/dist/lib/routes/errors.d.ts +34 -0
- package/dist/lib/routes/errors.d.ts.map +1 -0
- package/dist/lib/routes/errors.js +57 -0
- package/dist/lib/routes/errors.js.map +1 -0
- package/dist/lib/routes/feeds.d.ts.map +1 -1
- package/dist/lib/routes/feeds.js +12 -2
- package/dist/lib/routes/feeds.js.map +1 -1
- package/dist/lib/routes/index.d.ts.map +1 -1
- package/dist/lib/routes/index.js +50 -0
- package/dist/lib/routes/index.js.map +1 -1
- package/dist/lib/routes/mfa.d.ts.map +1 -1
- package/dist/lib/routes/mfa.js +1 -0
- package/dist/lib/routes/mfa.js.map +1 -1
- package/dist/lib/routes/notifications.d.ts.map +1 -1
- package/dist/lib/routes/notifications.js +21 -4
- package/dist/lib/routes/notifications.js.map +1 -1
- package/dist/lib/routes/oauth.d.ts +15 -0
- package/dist/lib/routes/oauth.d.ts.map +1 -0
- package/dist/lib/routes/oauth.js +139 -0
- package/dist/lib/routes/oauth.js.map +1 -0
- package/dist/lib/routes/posts.d.ts.map +1 -1
- package/dist/lib/routes/posts.js +30 -19
- package/dist/lib/routes/posts.js.map +1 -1
- package/dist/lib/routes/products.d.ts.map +1 -1
- package/dist/lib/routes/products.js +19 -22
- package/dist/lib/routes/products.js.map +1 -1
- package/dist/lib/routes/setup-status.d.ts +34 -0
- package/dist/lib/routes/setup-status.d.ts.map +1 -0
- package/dist/lib/routes/setup-status.js +87 -0
- package/dist/lib/routes/setup-status.js.map +1 -0
- package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.js +15 -14
- package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
- package/dist/lib/routes/taxonomy.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy.js +19 -16
- package/dist/lib/routes/taxonomy.js.map +1 -1
- package/dist/lib/routes/tenant-audit.d.ts +19 -0
- package/dist/lib/routes/tenant-audit.d.ts.map +1 -0
- package/dist/lib/routes/tenant-audit.js +244 -0
- package/dist/lib/routes/tenant-audit.js.map +1 -0
- package/dist/lib/routes/tenant-compliance.d.ts +21 -0
- package/dist/lib/routes/tenant-compliance.d.ts.map +1 -0
- package/dist/lib/routes/tenant-compliance.js +122 -0
- package/dist/lib/routes/tenant-compliance.js.map +1 -0
- package/dist/lib/routes/tenant-domains.d.ts +11 -0
- package/dist/lib/routes/tenant-domains.d.ts.map +1 -0
- package/dist/lib/routes/tenant-domains.js +95 -0
- package/dist/lib/routes/tenant-domains.js.map +1 -0
- package/dist/lib/routes/tenant-idp.d.ts +3 -0
- package/dist/lib/routes/tenant-idp.d.ts.map +1 -0
- package/dist/lib/routes/tenant-idp.js +89 -0
- package/dist/lib/routes/tenant-idp.js.map +1 -0
- package/dist/lib/routes/tenant-members.d.ts +13 -0
- package/dist/lib/routes/tenant-members.d.ts.map +1 -0
- package/dist/lib/routes/tenant-members.js +75 -0
- package/dist/lib/routes/tenant-members.js.map +1 -0
- package/dist/lib/routes/tenant-role-mappings.d.ts +11 -0
- package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -0
- package/dist/lib/routes/tenant-role-mappings.js +90 -0
- package/dist/lib/routes/tenant-role-mappings.js.map +1 -0
- package/dist/lib/routes/tenants.d.ts +13 -0
- package/dist/lib/routes/tenants.d.ts.map +1 -0
- package/dist/lib/routes/tenants.js +121 -0
- package/dist/lib/routes/tenants.js.map +1 -0
- package/dist/lib/routes/types.d.ts +9 -0
- package/dist/lib/routes/types.d.ts.map +1 -1
- package/dist/lib/schemas.d.ts +2 -2
- package/dist/lib/secrets/idp-secrets.d.ts +51 -0
- package/dist/lib/secrets/idp-secrets.d.ts.map +1 -0
- package/dist/lib/secrets/idp-secrets.js +111 -0
- package/dist/lib/secrets/idp-secrets.js.map +1 -0
- package/dist/lib/security-monitor.d.ts.map +1 -1
- package/dist/lib/security-monitor.js +6 -1
- package/dist/lib/security-monitor.js.map +1 -1
- package/dist/lib/session-manager.d.ts +1 -0
- package/dist/lib/session-manager.d.ts.map +1 -1
- package/dist/lib/session-manager.js.map +1 -1
- package/dist/lib/taxonomy-handler-factory.d.ts +4 -2
- package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler-factory.js +8 -7
- package/dist/lib/taxonomy-handler-factory.js.map +1 -1
- package/dist/lib/tenant/audit-emit.d.ts +18 -0
- package/dist/lib/tenant/audit-emit.d.ts.map +1 -0
- package/dist/lib/tenant/audit-emit.js +16 -0
- package/dist/lib/tenant/audit-emit.js.map +1 -0
- package/dist/lib/tenant/derive-domain.d.ts +19 -0
- package/dist/lib/tenant/derive-domain.d.ts.map +1 -0
- package/dist/lib/tenant/derive-domain.js +38 -0
- package/dist/lib/tenant/derive-domain.js.map +1 -0
- package/dist/lib/tenant/domain-handler.d.ts +42 -0
- package/dist/lib/tenant/domain-handler.d.ts.map +1 -0
- package/dist/lib/tenant/domain-handler.js +344 -0
- package/dist/lib/tenant/domain-handler.js.map +1 -0
- package/dist/lib/tenant/domain-validator.d.ts +28 -0
- package/dist/lib/tenant/domain-validator.d.ts.map +1 -0
- package/dist/lib/tenant/domain-validator.js +145 -0
- package/dist/lib/tenant/domain-validator.js.map +1 -0
- package/dist/lib/tenant/domain-verifier.d.ts +30 -0
- package/dist/lib/tenant/domain-verifier.d.ts.map +1 -0
- package/dist/lib/tenant/domain-verifier.js +53 -0
- package/dist/lib/tenant/domain-verifier.js.map +1 -0
- package/dist/lib/tenant/idp-handler.d.ts +29 -0
- package/dist/lib/tenant/idp-handler.d.ts.map +1 -0
- package/dist/lib/tenant/idp-handler.js +693 -0
- package/dist/lib/tenant/idp-handler.js.map +1 -0
- package/dist/lib/tenant/idp-name.d.ts +2 -0
- package/dist/lib/tenant/idp-name.d.ts.map +1 -0
- package/dist/lib/tenant/idp-name.js +20 -0
- package/dist/lib/tenant/idp-name.js.map +1 -0
- package/dist/lib/tenant/member-handler.d.ts +31 -0
- package/dist/lib/tenant/member-handler.d.ts.map +1 -0
- package/dist/lib/tenant/member-handler.js +343 -0
- package/dist/lib/tenant/member-handler.js.map +1 -0
- package/dist/lib/tenant/reserved-slugs.d.ts +37 -0
- package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -0
- package/dist/lib/tenant/reserved-slugs.js +116 -0
- package/dist/lib/tenant/reserved-slugs.js.map +1 -0
- package/dist/lib/tenant/resolve-role.d.ts +39 -0
- package/dist/lib/tenant/resolve-role.d.ts.map +1 -0
- package/dist/lib/tenant/resolve-role.js +60 -0
- package/dist/lib/tenant/resolve-role.js.map +1 -0
- package/dist/lib/tenant/role-mapping-handler.d.ts +26 -0
- package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -0
- package/dist/lib/tenant/role-mapping-handler.js +260 -0
- package/dist/lib/tenant/role-mapping-handler.js.map +1 -0
- package/dist/lib/tenant/setup-status.d.ts +83 -0
- package/dist/lib/tenant/setup-status.d.ts.map +1 -0
- package/dist/lib/tenant/setup-status.js +201 -0
- package/dist/lib/tenant/setup-status.js.map +1 -0
- package/dist/lib/tenant/slug-validator.d.ts +31 -0
- package/dist/lib/tenant/slug-validator.d.ts.map +1 -0
- package/dist/lib/tenant/slug-validator.js +42 -0
- package/dist/lib/tenant/slug-validator.js.map +1 -0
- package/dist/lib/tenant/tenant-handler.d.ts +49 -0
- package/dist/lib/tenant/tenant-handler.d.ts.map +1 -0
- package/dist/lib/tenant/tenant-handler.js +377 -0
- package/dist/lib/tenant/tenant-handler.js.map +1 -0
- package/dist/lib/tenant/transfer-ownership.d.ts +39 -0
- package/dist/lib/tenant/transfer-ownership.d.ts.map +1 -0
- package/dist/lib/tenant/transfer-ownership.js +66 -0
- package/dist/lib/tenant/transfer-ownership.js.map +1 -0
- package/dist/lib/user/derive-handle.d.ts +29 -0
- package/dist/lib/user/derive-handle.d.ts.map +1 -0
- package/dist/lib/user/derive-handle.js +65 -0
- package/dist/lib/user/derive-handle.js.map +1 -0
- package/dist/lib/user-deprovisioning.d.ts +11 -1
- package/dist/lib/user-deprovisioning.d.ts.map +1 -1
- package/dist/lib/user-deprovisioning.js +46 -2
- package/dist/lib/user-deprovisioning.js.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.d.ts +10 -10
- package/package.json +6 -3
- package/prisma/migrations/20260502094501_add_tenancy_model/migration.sql +334 -0
- package/prisma/migrations/20260503000000_add_tenant_region/migration.sql +4 -0
- package/prisma/schema.prisma +324 -74
- package/src/lambda/nightly-cron.ts +4 -1
- package/src/lambda/post-confirmation.ts +405 -29
- package/src/lambda/pre-token-generation.ts +300 -59
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"idp-handler.js","sourceRoot":"","sources":["../../../src/lib/tenant/idp-handler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuBA,gGAA0F;AAG1F,6DAAgF;AAChF,6CAAgE;AAChE,uDAAgE;AAChE,wCAAkD;AAClD,sDAAsD;AACtD,yCAA4C;AAC5C,gDAK4B;AAC5B,0DAA0D;AAC1D,wDAA0D;AAC1D,4EAAuE;AAEvE,MAAM,YAAY,GAAG,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;AAE5D,SAAS,YAAY,CAAC,MAAc,EAAE,IAAa;IACjD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,IAAI,GAAG,kBAAkB;IAC5D,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,aAAa,CAAC,OAAe,EAAE,WAAoB;IAC1D,OAAO,YAAY,CAAC,GAAG,EAAE;QACvB,KAAK,EAAE,eAAe;QACtB,OAAO;QACP,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,YAAY,CAAC,GAAG,EAAE;QACvB,KAAK,EAAE,eAAe;QACtB,OAAO,EAAE,uEAAuE;KACjF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ;IACf,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC,CAAC;AAC3F,CAAC;AAED,MAAM,YAAY,GAAG,IAAI,wBAAiB,EAAE,CAAC;AAmC7C,MAAa,UAAU;IACQ;IAA7B,YAA6B,OAA+B,EAAE;QAAjC,SAAI,GAAJ,IAAI,CAA6B;IAAG,CAAC;IAElE,8EAA8E;IACtE,MAAM,CAAC,GAAQ;QACrB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QACxC,OAAO,IAAI,uBAAa,CACtB,IAAI,gEAA6B,CAAC;YAChC,MAAM,EAAE,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU;SACrD,CAAC,CACH,CAAC;IACJ,CAAC;IAEO,UAAU,CAAC,GAAQ;QACzB,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;QAChD,OAAO,IAAI,8BAAgB,CACzB,IAAI,6CAAoB,CAAC;YACvB,MAAM,EAAE,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU;SACrD,CAAC,CACH,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,yBAAyB,CAAC,QAAgB,EAAE,GAAQ;QAChE,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;QAClD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;YAC7C,KAAK,EAAE,EAAE,QAAQ,EAAE;YACnB,MAAM,EAAE,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE;SACnD,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACnF,IAAI,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAC9B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAA,uCAAwB,GAAE,CAAC;YACzC,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACjF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,MAAM;gBACb,GAAG,EAAE,oCAAoC;gBACzC,QAAQ;gBACR,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC;aACnB,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,OAAgB,EAChB,IAAiB,EACjB,GAAQ;QAER,MAAM,MAAM,GACV,IAAA,qCAAmB,EAAC,IAAI,EAAE,QAAQ,CAAC;YACnC,IAAA,2BAAiB,EAAC,IAAI,EAAE,oBAAU,CAAC,YAAY,CAAC,CAAC;QACnD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,EAAE,CAAC,EAAE,GAAG,wDAAa,KAAK,GAAC,CAAC;QAClC,IAAI,GAAY,CAAC;QACjB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,UAAU,CAAC,yBAAyB,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,IAAI,GAAI,GAAgC,EAAE,IAAI,CAAC;QACrD,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACpB,OAAO,YAAY,CAAC,GAAG,EAAE;gBACvB,KAAK,EAAE,2BAA2B;gBAClC,OAAO,EAAE,6DAA6D;aACvE,CAAC,CAAC;QACL,CAAC;QACD,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACpB,OAAO,UAAU,CAAC,qBAAqB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;YACvB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;YACrC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;YACpC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;YACzC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;YAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;YACvC,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;SAC9D,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,IAAI,eAAe,CAAC,CAAC;QACxE,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAsB,CAAC;QAE3C,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;QAClD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAE7B,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC;YACxC,KAAK,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE;YACvB,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;SACrB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,QAAQ,EAAE,CAAC;QAE/B,MAAM,eAAe,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;YACrD,KAAK,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YAC9C,MAAM,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;YACxB,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;SAC3B,CAAC,CAAC;QACH,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,OAAO,aAAa,CAClB,wEAAwE,EACxE,qBAAqB,QAAQ,UAAU,CACxC,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,sBAAsB,CAAC,UAAU,CAAC;YAC1D,KAAK,EAAE,EAAE,QAAQ,EAAE;YACnB,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;SACrB,CAAC,CAAC;QACH,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,YAAY,CAAC,GAAG,EAAE;gBACvB,KAAK,EAAE,YAAY;gBACnB,OAAO,EAAE,yCAAyC;gBAClD,WAAW,EAAE,gCAAgC,QAAQ,oBAAoB;aAC1E,CAAC,CAAC;QACL,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,8BAAe,EAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACpD,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;YACd,OAAO,YAAY,CAAC,GAAG,EAAE;gBACvB,KAAK,EAAE,oBAAoB;gBAC3B,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,WAAW,EACT,mGAAmG;aACtG,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAG,GAAG,CAAC,oBAAoB,CAAC;QAC5C,MAAM,gBAAgB,GAAG,GAAG,CAAC,qBAAqB,CAAC;QACnD,IAAI,CAAC,UAAU,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACrC,OAAO,UAAU,EAAE,CAAC;QACtB,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,yBAAc,EAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,gBAAgB,GAAwB;YAC5C,GAAG,IAAA,qCAA2B,GAAE;YAChC,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC;SACjC,CAAC;QACF,MAAM,cAAc,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAE7B,IAAI,SAAiB,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YACjE,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC;QACzB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAI,GAAyB,CAAC,IAAI,CAAC;YAChD,IAAI,OAAO,KAAK,yBAAyB,EAAE,CAAC;gBAC1C,OAAO,YAAY,CAAC,GAAG,EAAE;oBACvB,KAAK,EAAE,YAAY;oBACnB,OAAO,EAAE,8CAA8C;oBACvD,WAAW,EAAE,gCAAgC,QAAQ,oBAAoB;iBAC1E,CAAC,CAAC;YACL,CAAC;YACD,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,MAAM;gBACb,GAAG,EAAE,0BAA0B;gBAC/B,QAAQ;gBACR,OAAO;aACR,CAAC,CACH,CAAC;YACF,OAAO,UAAU,EAAE,CAAC;QACtB,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,kBAAkB,CAAC;gBAC3B,UAAU;gBACV,YAAY;gBACZ,OAAO,EAAE;oBACP,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,YAAY,EAAE,IAAI,CAAC,YAAY;oBAC/B,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAChD;gBACD,gBAAgB;gBAChB,cAAc;aACf,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;YACtD,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,MAAM;gBACb,GAAG,EAAE,2DAA2D;gBAChE,QAAQ;gBACR,OAAO,EAAG,GAAyB,CAAC,IAAI;aACzC,CAAC,CACH,CAAC;YACF,OAAO,UAAU,EAAE,CAAC;QACtB,CAAC;QAED,IAAI,GAgBF,CAAC;QACH,IAAI,CAAC;YACH,uEAAuE;YACvE,mEAAmE;YACnE,sDAAsD;YACtD,GAAG,GAAG,MAAM,EAAE,CAAC,YAAY,CACzB,KAAK,EAAE,EAAE,EAAE,EAAE;gBACX,MAAM,IAAA,gCAAsB,EAAC,EAAE,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE;oBACtD,MAAM,GAAG,CAAC,4BAA4B,CACpC,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,KAAK,CACN,CAAC;gBACJ,CAAC,CAAC,CAAC;gBACH,OAAO,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC;oBACtC,IAAI,EAAE;wBACJ,QAAQ;wBACR,IAAI,EAAE,MAAiB;wBACvB,cAAc,EAAE,YAAY;wBAC5B,SAAS,EAAE,IAAI,CAAC,SAAS;wBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,eAAe,EAAE,SAAS;wBAC1B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,6BAA6B;wBACpD,gBAAgB,EAAE,gBAAyC;wBAC3D,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI;wBACrC,MAAM,EAAE,QAAqB;wBAC7B,SAAS,EAAE,IAAI,IAAI,EAAE;qBACtB;oBACD,MAAM,EAAE;wBACN,EAAE,EAAE,IAAI;wBACR,QAAQ,EAAE,IAAI;wBACd,IAAI,EAAE,IAAI;wBACV,MAAM,EAAE,IAAI;wBACZ,cAAc,EAAE,IAAI;wBACpB,SAAS,EAAE,IAAI;wBACf,QAAQ,EAAE,IAAI;wBACd,WAAW,EAAE,IAAI;wBACjB,gBAAgB,EAAE,IAAI;wBACtB,MAAM,EAAE,IAAI;wBACZ,SAAS,EAAE,IAAI;wBACf,SAAS,EAAE,IAAI;wBACf,SAAS,EAAE,IAAI;qBAChB;iBACF,CAAC,CAAC;YACL,CAAC,EACD,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;YAC1E,MAAM,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;YACtD,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,MAAM;gBACb,GAAG,EAAE,iDAAiD;gBACtD,QAAQ;gBACR,OAAO,EAAG,GAAyB,CAAC,IAAI;aACzC,CAAC,CACH,CAAC;YACF,OAAO,UAAU,EAAE,CAAC;QACtB,CAAC;QAED,KAAK,YAAY;aACd,IAAI,CACH;YACE,IAAI,EAAE,4BAAc,CAAC,oBAAoB;YACzC,QAAQ;YACR,WAAW,EAAE,IAAI,CAAC,MAAM;YACxB,OAAO,EAAE;gBACP,OAAO,EAAE,MAAM;gBACf,MAAM,EAAE,IAAI,CAAC,SAAS;gBACtB,SAAS,EAAE,QAAQ;aACpB;SACF,EACD,EAAE,CACH;aACA,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE,CACtB,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,mBAAmB;YAC1B,KAAK,EAAG,GAA4B,EAAE,OAAO,IAAI,SAAS;SAC3D,CAAC,CACH,CACF,CAAC;QAEJ,OAAO,YAAY,CAAC,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,8EAA8E;IAC9E,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,IAAiB,EAAE,GAAQ;QAC3D,MAAM,MAAM,GACV,IAAA,kCAAgB,EAAC,IAAI,EAAE,QAAQ,CAAC;YAChC,IAAA,2BAAiB,EAAC,IAAI,EAAE,oBAAU,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;QAClD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAE7B,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,sBAAsB,CAAC,UAAU,CAAC;YACrD,KAAK,EAAE,EAAE,QAAQ,EAAE;YACnB,MAAM,EAAE;gBACN,EAAE,EAAE,IAAI;gBACR,QAAQ,EAAE,IAAI;gBACd,IAAI,EAAE,IAAI;gBACV,MAAM,EAAE,IAAI;gBACZ,cAAc,EAAE,IAAI;gBACpB,SAAS,EAAE,IAAI;gBACf,QAAQ,EAAE,IAAI;gBACd,WAAW,EAAE,IAAI;gBACjB,gBAAgB,EAAE,IAAI;gBACtB,MAAM,EAAE,IAAI;gBACZ,SAAS,EAAE,IAAI;gBACf,SAAS,EAAE,IAAI;gBACf,SAAS,EAAE,IAAI;aAChB;SACF,CAAC,CAAC;QACH,IAAI,CAAC,GAAG;YAAE,OAAO,QAAQ,EAAE,CAAC;QAC5B,OAAO,YAAY,CAAC,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,8EAA8E;IAC9E,KAAK,CAAC,WAAW,CACf,QAAgB,EAChB,OAAgB,EAChB,IAAiB,EACjB,GAAQ;QAER,MAAM,MAAM,GACV,IAAA,qCAAmB,EAAC,IAAI,EAAE,QAAQ,CAAC;YACnC,IAAA,2BAAiB,EAAC,IAAI,EAAE,oBAAU,CAAC,YAAY,CAAC,CAAC;QACnD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,EAAE,CAAC,EAAE,GAAG,wDAAa,KAAK,GAAC,CAAC;QAClC,IAAI,GAAY,CAAC;QACjB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,UAAU,CAAC,yBAAyB,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,QAAQ,GAAG,OAAQ,GAA4B,EAAE,MAAM,KAAK,QAAQ,CAAC;QAE3E,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC;YACpE,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,UAAU,CAAC,mCAAmC,CAAC,CAAC;YACzD,CAAC;YACD,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAuB,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;YACtB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;YACpD,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;YAC7D,WAAW,EAAE,CAAC;iBACX,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;iBAClC,QAAQ,EAAE;iBACV,QAAQ,EAAE;YACb,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;SACxC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,IAAI,eAAe,CAAC,CAAC;QACxE,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAuB,CAAC;QAE5C,IACE,IAAI,CAAC,YAAY,KAAK,SAAS;YAC/B,IAAI,CAAC,gBAAgB,KAAK,SAAS;YACnC,IAAI,CAAC,WAAW,KAAK,SAAS;YAC9B,IAAI,CAAC,MAAM,KAAK,SAAS,EACzB,CAAC;YACD,OAAO,UAAU,CAAC,mFAAmF,CAAC,CAAC;QACzG,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;IACrD,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,QAAgB,EAChB,IAAqB,EACrB,IAAiB,EACjB,GAAQ;QAER,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;QAClD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAE7B,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,sBAAsB,CAAC,UAAU,CAAC;YACrD,KAAK,EAAE,EAAE,QAAQ,EAAE;YACnB,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE;SACzD,CAAC,CAAC;QACH,IAAI,CAAC,GAAG;YAAE,OAAO,QAAQ,EAAE,CAAC;QAE5B,IAAI,GAAG,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YAC/B,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,UAAU,GAAG,GAAG,CAAC,oBAAoB,CAAC;QAC5C,MAAM,gBAAgB,GAAG,GAAG,CAAC,qBAAqB,CAAC;QACnD,IAAI,CAAC,UAAU,IAAI,CAAC,gBAAgB;YAAE,OAAO,UAAU,EAAE,CAAC;QAE1D,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC;QACvD,IAAI,CAAC;YACH,gEAAgE;YAChE,gDAAgD;YAChD,MAAM,EAAE,CAAC,YAAY,CACnB,KAAK,EAAE,EAAE,EAAE,EAAE;gBACX,MAAM,IAAA,gCAAsB,EAAC,EAAE,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE;oBACtD,MAAM,GAAG,CAAC,4BAA4B,CACpC,UAAU,EACV,gBAAgB,EAChB,GAAG,CAAC,cAAc,EAClB,EAAE,CACH,CAAC;gBACJ,CAAC,CAAC,CAAC;gBACH,MAAM,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC;oBACrC,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE;oBACrB,IAAI,EAAE;wBACJ,MAAM,EAAE,IAAI,CAAC,MAAmB;wBAChC,GAAG,CAAC,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;qBAC/D;iBACF,CAAC,CAAC;YACL,CAAC,EACD,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,MAAM;gBACb,GAAG,EAAE,0BAA0B;gBAC/B,QAAQ;gBACR,OAAO,EAAG,GAAyB,CAAC,IAAI;aACzC,CAAC,CACH,CAAC;YACF,OAAO,UAAU,EAAE,CAAC;QACtB,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/B,MAAM,IAAI,CAAC,yBAAyB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACtD,CAAC;QAED,KAAK,YAAY;aACd,IAAI,CACH;YACE,IAAI,EACF,IAAI,CAAC,MAAM,KAAK,UAAU;gBACxB,CAAC,CAAC,4BAAc,CAAC,mBAAmB;gBACpC,CAAC,CAAC,4BAAc,CAAC,mBAAmB;YACxC,QAAQ;YACR,WAAW,EAAE,IAAI,CAAC,MAAM;YACxB,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE;SACpC,EACD,EAAE,CACH;aACA,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE,CACtB,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,mBAAmB;YAC1B,KAAK,EAAG,GAA4B,EAAE,OAAO,IAAI,SAAS;SAC3D,CAAC,CACH,CACF,CAAC;QAEJ,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAChE,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,QAAgB,EAChB,IAAqB,EACrB,IAAiB,EACjB,GAAQ;QAER,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;QAClD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAE7B,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,sBAAsB,CAAC,UAAU,CAAC;YACrD,KAAK,EAAE,EAAE,QAAQ,EAAE;YACnB,MAAM,EAAE;gBACN,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,IAAI;gBACV,cAAc,EAAE,IAAI;gBACpB,gBAAgB,EAAE,IAAI;gBACtB,MAAM,EAAE,IAAI;aACb;SACF,CAAC,CAAC;QACH,IAAI,CAAC,GAAG;YAAE,OAAO,QAAQ,EAAE,CAAC;QAC5B,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACxB,OAAO,YAAY,CAAC,GAAG,EAAE;gBACvB,KAAK,EAAE,2BAA2B;gBAClC,OAAO,EAAE,0CAA0C;aACpD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAG,GAAG,CAAC,oBAAoB,CAAC;QAC5C,IAAI,CAAC,UAAU;YAAE,OAAO,UAAU,EAAE,CAAC;QAErC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAErC,MAAM,mBAAmB,GAAG,IAAI,CAAC,gBAAgB;YAC/C,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,CAAC;YACpE,CAAC,CAAC,SAAS,CAAC;QAEd,0EAA0E;QAC1E,0EAA0E;QAC1E,qEAAqE;QACrE,0EAA0E;QAC1E,uBAAuB;QACvB,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,kBAAkB,CAAC;gBAC3B,UAAU;gBACV,YAAY,EAAE,GAAG,CAAC,cAAc;gBAChC,GAAG,CAAC,IAAI,CAAC,YAAY,KAAK,SAAS;oBACjC,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;oBACnG,CAAC,CAAC,IAAI,CAAC,MAAM;wBACX,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE;wBACtC,CAAC,CAAC,EAAE,CAAC;gBACT,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC1E,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,MAAM;gBACb,GAAG,EAAE,uCAAuC;gBAC5C,QAAQ;gBACR,OAAO,EAAG,GAAyB,CAAC,IAAI;aACzC,CAAC,CACH,CAAC;YACF,OAAO,UAAU,EAAE,CAAC;QACtB,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YACpD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;oBACb,KAAK,EAAE,MAAM;oBACb,GAAG,EAAE,0BAA0B;oBAC/B,QAAQ;oBACR,OAAO,EAAG,GAAyB,CAAC,IAAI;iBACzC,CAAC,CACH,CAAC;gBACF,OAAO,UAAU,EAAE,CAAC;YACtB,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAA6C,EAAE,CAAC;QAC1D,IAAI,mBAAmB;YAAE,IAAI,CAAC,gBAAgB,GAAG,mBAA4C,CAAC;QAC9F,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS;YAAE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;QACxE,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAEzD,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC;YACrD,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE;YACrB,IAAI;YACJ,MAAM,EAAE;gBACN,EAAE,EAAE,IAAI;gBACR,QAAQ,EAAE,IAAI;gBACd,IAAI,EAAE,IAAI;gBACV,MAAM,EAAE,IAAI;gBACZ,cAAc,EAAE,IAAI;gBACpB,SAAS,EAAE,IAAI;gBACf,QAAQ,EAAE,IAAI;gBACd,WAAW,EAAE,IAAI;gBACjB,gBAAgB,EAAE,IAAI;gBACtB,MAAM,EAAE,IAAI;gBACZ,SAAS,EAAE,IAAI;gBACf,SAAS,EAAE,IAAI;gBACf,SAAS,EAAE,IAAI;aAChB;SACF,CAAC,CAAC;QAEH,KAAK,YAAY;aACd,IAAI,CACH;YACE,IAAI,EAAE,4BAAc,CAAC,mBAAmB;YACxC,QAAQ;YACR,WAAW,EAAE,IAAI,CAAC,MAAM;YACxB,OAAO,EAAE;gBACP,OAAO,EAAE,GAAG,CAAC,IAAI;gBACjB,iBAAiB,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;aACrC;SACF,EACD,EAAE,CACH;aACA,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE,CACtB,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,mBAAmB;YAC1B,KAAK,EAAG,GAA4B,EAAE,OAAO,IAAI,SAAS;SAC3D,CAAC,CACH,CACF,CAAC;QAEJ,OAAO,YAAY,CAAC,GAAG,EAAE,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,8EAA8E;IAC9E,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,GAAQ,EACR,IAAiB,EACjB,GAAQ;QAER,MAAM,MAAM,GACV,IAAA,qCAAmB,EAAC,IAAI,EAAE,QAAQ,CAAC;YACnC,IAAA,2BAAiB,EAAC,IAAI,EAAE,oBAAU,CAAC,YAAY,CAAC,CAAC;QACnD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,MAAM,EAAE,CAAC;YAC/C,OAAO,YAAY,CAAC,GAAG,EAAE;gBACvB,KAAK,EAAE,kBAAkB;gBACzB,OAAO,EAAE,4CAA4C;gBACrD,WAAW,EAAE,uBAAuB,QAAQ,iCAAiC;aAC9E,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;QAClD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAE7B,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,sBAAsB,CAAC,UAAU,CAAC;YACrD,KAAK,EAAE,EAAE,QAAQ,EAAE;YACnB,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;SACvD,CAAC,CAAC;QACH,IAAI,CAAC,GAAG;YAAE,OAAO,QAAQ,EAAE,CAAC;QAE5B,MAAM,UAAU,GAAG,GAAG,CAAC,oBAAoB,CAAC;QAC5C,MAAM,gBAAgB,GAAG,GAAG,CAAC,qBAAqB,CAAC;QACnD,IAAI,CAAC,UAAU,IAAI,CAAC,gBAAgB;YAAE,OAAO,UAAU,EAAE,CAAC;QAE1D,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC;YACH,uEAAuE;YACvE,2CAA2C;YAC3C,MAAM,EAAE,CAAC,YAAY,CACnB,KAAK,EAAE,EAAE,EAAE,EAAE;gBACX,MAAM,IAAA,gCAAsB,EAAC,EAAE,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE;oBACtD,MAAM,GAAG,CAAC,4BAA4B,CACpC,UAAU,EACV,gBAAgB,EAChB,GAAG,CAAC,cAAc,EAClB,QAAQ,CACT,CAAC;gBACJ,CAAC,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,EAAE,GAAG,CAAC,cAAc,CAAC,CAAC;gBACzD,MAAM,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;YACpE,CAAC,EACD,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,MAAM;gBACb,GAAG,EAAE,mBAAmB;gBACxB,QAAQ;gBACR,OAAO,EAAG,GAAyB,CAAC,IAAI;aACzC,CAAC,CACH,CAAC;YACF,OAAO,UAAU,EAAE,CAAC;QACtB,CAAC;QAED,MAAM,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,IAAI,CAAC,yBAAyB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAEpD,MAAM,iCAAiC,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QAE3D,KAAK,YAAY;aACd,IAAI,CACH;YACE,IAAI,EAAE,4BAAc,CAAC,kBAAkB;YACvC,QAAQ;YACR,WAAW,EAAE,IAAI,CAAC,MAAM;YACxB,OAAO,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,EAAE;SAC/B,EACD,EAAE,CACH;aACA,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE,CACtB,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,mBAAmB;YAC1B,KAAK,EAAG,GAA4B,EAAE,OAAO,IAAI,SAAS;SAC3D,CAAC,CACH,CACF,CAAC;QAEJ,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;CACF;AAvsBD,gCAusBC;AAED,SAAS,qBAAqB,CAC5B,QAAiB,EACjB,QAA6B;IAE7B,MAAM,IAAI,GACR,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;QAClE,CAAC,CAAE,QAAgC;QACnC,CAAC,CAAC,IAAA,qCAA2B,GAAE,CAAC;IACpC,OAAO,EAAE,GAAG,IAAI,EAAE,GAAG,QAAQ,EAAE,CAAC;AAClC,CAAC;AAkBD,SAAS,eAAe,CAAC,GAAiB;IACxC,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,cAAc,EAAE,GAAG,CAAC,cAAc;QAClC,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,gBAAgB,EAAE,GAAG,CAAC,gBAAgB;QACtC,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;KACzB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iCAAiC,CAC9C,GAAQ,EACR,QAAgB,EAChB,EAAgB;IAEhB,MAAM,UAAU,GAAG,GAAG,CAAC,oBAAoB,CAAC;IAC5C,IAAI,CAAC,UAAU;QAAE,OAAO;IACxB,IAAI,SAAS,GAAa,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;YAC7C,KAAK,EAAE,EAAE,QAAQ,EAAE;YACnB,MAAM,EAAE,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE;SAC9C,CAAC,CAAC;QACH,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IACnC,IAAI,CAAC;QACH,MAAM,EAAE,6BAA6B,EAAE,GAAG,EAAE,6BAA6B,EAAE,GACzE,wDAAa,2CAA2C,GAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC;YACrB,MAAM,EAAE,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU;SACrD,CAAC,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CACf,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAClB,MAAM;aACH,IAAI,CAAC,IAAI,6BAA6B,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;aAChF,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,MAAM;gBACb,GAAG,EAAE,6CAA6C;gBAClD,QAAQ;gBACR,OAAO,EAAG,GAAyB,CAAC,IAAI;aACzC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CACL,CACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"idp-name.d.ts","sourceRoot":"","sources":["../../../src/lib/tenant/idp-name.ts"],"names":[],"mappings":"AAaA,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAGvD"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.cognitoIdpName = cognitoIdpName;
|
|
4
|
+
/**
|
|
5
|
+
* Cognito IdP-name derivation. Cognito's user-pool quota limits provider names
|
|
6
|
+
* to 32 characters. We use `tenant-{cuid}` so each tenant gets a unique
|
|
7
|
+
* Cognito identity-provider name. cuid v1 is 25 chars which fits the 32-char
|
|
8
|
+
* limit (`tenant-` is 7 chars). Tenants whose IDs exceed 25 chars are
|
|
9
|
+
* truncated to 25 — collision is theoretically possible only between IDs
|
|
10
|
+
* sharing a 25-char prefix, which is astronomically unlikely for cuid.
|
|
11
|
+
*
|
|
12
|
+
* T5 (IdP CRUD) consumes this to populate `ProviderName` on `CreateIdentityProviderCommand`;
|
|
13
|
+
* T8 (sign-in discovery) consumes it to build the Cognito Hosted UI redirect URL.
|
|
14
|
+
*/
|
|
15
|
+
const TENANT_ID_MAX = 25;
|
|
16
|
+
function cognitoIdpName(tenantId) {
|
|
17
|
+
const id = tenantId.length > TENANT_ID_MAX ? tenantId.slice(0, TENANT_ID_MAX) : tenantId;
|
|
18
|
+
return `tenant-${id}`;
|
|
19
|
+
}
|
|
20
|
+
//# sourceMappingURL=idp-name.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"idp-name.js","sourceRoot":"","sources":["../../../src/lib/tenant/idp-name.ts"],"names":[],"mappings":";;AAaA,wCAGC;AAhBD;;;;;;;;;;GAUG;AACH,MAAM,aAAa,GAAG,EAAE,CAAC;AAEzB,SAAgB,cAAc,CAAC,QAAgB;IAC7C,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IACzF,OAAO,UAAU,EAAE,EAAE,CAAC;AACxB,CAAC"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Member CRUD handler — list, change role, delete.
|
|
3
|
+
*
|
|
4
|
+
* Endpoints (wired in routes/tenant-members.ts):
|
|
5
|
+
* GET /api/tenants/:id/members
|
|
6
|
+
* PATCH /api/tenants/:id/members/:memberId { role }
|
|
7
|
+
* DELETE /api/tenants/:id/members/:memberId
|
|
8
|
+
* POST /api/tenants/:id/transfer-ownership { newOwnerUserId }
|
|
9
|
+
*
|
|
10
|
+
* Invariants enforced here:
|
|
11
|
+
* - Cross-tenant: every Prisma query includes `tenantId: auth.activeTenantId`.
|
|
12
|
+
* - Single-OWNER: PATCH cannot promote anyone to OWNER (transfer-ownership only).
|
|
13
|
+
* - Self-demotion: OWNER cannot lose their own role via PATCH or DELETE.
|
|
14
|
+
* - Cache invalidation: every mutation invalidates the affected user's claims
|
|
15
|
+
* cache before returning.
|
|
16
|
+
* - AdminUserGlobalSignOut on member removal is best-effort; log + continue.
|
|
17
|
+
* - Audit emit: stub call site for T7 to replace.
|
|
18
|
+
*/
|
|
19
|
+
import type { Env } from "../../env";
|
|
20
|
+
import type { AuthContext } from "../auth/auth-context";
|
|
21
|
+
export declare class MemberHandler {
|
|
22
|
+
/** GET /api/tenants/:id/members — paginated. */
|
|
23
|
+
handleList(tenantId: string, request: Request, auth: AuthContext, env: Env): Promise<Response>;
|
|
24
|
+
/** PATCH /api/tenants/:id/members/:memberId — change role. */
|
|
25
|
+
handlePatchRole(tenantId: string, memberId: string, request: Request, auth: AuthContext, env: Env): Promise<Response>;
|
|
26
|
+
/** DELETE /api/tenants/:id/members/:memberId — soft-delete + sign-out. */
|
|
27
|
+
handleRemove(tenantId: string, memberId: string, auth: AuthContext, env: Env): Promise<Response>;
|
|
28
|
+
/** POST /api/tenants/:id/transfer-ownership { newOwnerUserId }. */
|
|
29
|
+
handleTransferOwnership(tenantId: string, request: Request, auth: AuthContext, env: Env): Promise<Response>;
|
|
30
|
+
}
|
|
31
|
+
//# sourceMappingURL=member-handler.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"member-handler.d.ts","sourceRoot":"","sources":["../../../src/lib/tenant/member-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAOH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAqExD,qBAAa,aAAa;IACxB,gDAAgD;IAC1C,UAAU,CACd,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,WAAW,EACjB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,QAAQ,CAAC;IAkDpB,8DAA8D;IACxD,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,WAAW,EACjB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,QAAQ,CAAC;IAyFpB,0EAA0E;IACpE,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,WAAW,EACjB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,QAAQ,CAAC;IA8DpB,mEAAmE;IAC7D,uBAAuB,CAC3B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,WAAW,EACjB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,QAAQ,CAAC;CA2ErB"}
|
|
@@ -0,0 +1,343 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Member CRUD handler — list, change role, delete.
|
|
4
|
+
*
|
|
5
|
+
* Endpoints (wired in routes/tenant-members.ts):
|
|
6
|
+
* GET /api/tenants/:id/members
|
|
7
|
+
* PATCH /api/tenants/:id/members/:memberId { role }
|
|
8
|
+
* DELETE /api/tenants/:id/members/:memberId
|
|
9
|
+
* POST /api/tenants/:id/transfer-ownership { newOwnerUserId }
|
|
10
|
+
*
|
|
11
|
+
* Invariants enforced here:
|
|
12
|
+
* - Cross-tenant: every Prisma query includes `tenantId: auth.activeTenantId`.
|
|
13
|
+
* - Single-OWNER: PATCH cannot promote anyone to OWNER (transfer-ownership only).
|
|
14
|
+
* - Self-demotion: OWNER cannot lose their own role via PATCH or DELETE.
|
|
15
|
+
* - Cache invalidation: every mutation invalidates the affected user's claims
|
|
16
|
+
* cache before returning.
|
|
17
|
+
* - AdminUserGlobalSignOut on member removal is best-effort; log + continue.
|
|
18
|
+
* - Audit emit: stub call site for T7 to replace.
|
|
19
|
+
*/
|
|
20
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
21
|
+
if (k2 === undefined) k2 = k;
|
|
22
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
23
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
24
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
25
|
+
}
|
|
26
|
+
Object.defineProperty(o, k2, desc);
|
|
27
|
+
}) : (function(o, m, k, k2) {
|
|
28
|
+
if (k2 === undefined) k2 = k;
|
|
29
|
+
o[k2] = m[k];
|
|
30
|
+
}));
|
|
31
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
32
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
33
|
+
}) : function(o, v) {
|
|
34
|
+
o["default"] = v;
|
|
35
|
+
});
|
|
36
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
37
|
+
var ownKeys = function(o) {
|
|
38
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
39
|
+
var ar = [];
|
|
40
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
41
|
+
return ar;
|
|
42
|
+
};
|
|
43
|
+
return ownKeys(o);
|
|
44
|
+
};
|
|
45
|
+
return function (mod) {
|
|
46
|
+
if (mod && mod.__esModule) return mod;
|
|
47
|
+
var result = {};
|
|
48
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
49
|
+
__setModuleDefault(result, mod);
|
|
50
|
+
return result;
|
|
51
|
+
};
|
|
52
|
+
})();
|
|
53
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
54
|
+
exports.MemberHandler = void 0;
|
|
55
|
+
const client_cognito_identity_provider_1 = require("@aws-sdk/client-cognito-identity-provider");
|
|
56
|
+
const auth_middleware_1 = require("../auth/auth-middleware");
|
|
57
|
+
const require_1 = require("../auth/require");
|
|
58
|
+
const claims_cache_1 = require("../auth/claims-cache");
|
|
59
|
+
const audit_emit_1 = require("./audit-emit");
|
|
60
|
+
const transfer_ownership_1 = require("./transfer-ownership");
|
|
61
|
+
const JSON_HEADERS = { "content-type": "application/json" };
|
|
62
|
+
function jsonResponse(status, body) {
|
|
63
|
+
return new Response(JSON.stringify(body), { status, headers: JSON_HEADERS });
|
|
64
|
+
}
|
|
65
|
+
function unprocessable(message, remediation) {
|
|
66
|
+
return jsonResponse(422, {
|
|
67
|
+
error: "UNPROCESSABLE",
|
|
68
|
+
message,
|
|
69
|
+
...(remediation ? { remediation } : {}),
|
|
70
|
+
});
|
|
71
|
+
}
|
|
72
|
+
async function invalidateCache(env, cognitoSub) {
|
|
73
|
+
if (!cognitoSub)
|
|
74
|
+
return;
|
|
75
|
+
try {
|
|
76
|
+
const cache = (0, claims_cache_1.createClaimsCacheFromEnv)();
|
|
77
|
+
await cache.invalidate(cognitoSub);
|
|
78
|
+
}
|
|
79
|
+
catch (err) {
|
|
80
|
+
console.warn(JSON.stringify({
|
|
81
|
+
level: "warn",
|
|
82
|
+
msg: "Cache invalidation failed",
|
|
83
|
+
cognitoSub,
|
|
84
|
+
error: String(err),
|
|
85
|
+
}));
|
|
86
|
+
}
|
|
87
|
+
// env is unused but kept in the signature in case T7 wants to read DDB
|
|
88
|
+
// table name from env directly rather than via the factory.
|
|
89
|
+
void env;
|
|
90
|
+
}
|
|
91
|
+
async function bestEffortGlobalSignOut(env, username) {
|
|
92
|
+
const userPoolId = env.COGNITO_USER_POOL_ID;
|
|
93
|
+
if (!userPoolId || !username)
|
|
94
|
+
return;
|
|
95
|
+
try {
|
|
96
|
+
const client = new client_cognito_identity_provider_1.CognitoIdentityProviderClient({
|
|
97
|
+
region: env.COGNITO_REGION ?? process.env.AWS_REGION,
|
|
98
|
+
});
|
|
99
|
+
await client.send(new client_cognito_identity_provider_1.AdminUserGlobalSignOutCommand({
|
|
100
|
+
UserPoolId: userPoolId,
|
|
101
|
+
Username: username,
|
|
102
|
+
}));
|
|
103
|
+
}
|
|
104
|
+
catch (err) {
|
|
105
|
+
console.warn(JSON.stringify({
|
|
106
|
+
level: "warn",
|
|
107
|
+
msg: "AdminUserGlobalSignOut failed",
|
|
108
|
+
username,
|
|
109
|
+
error: String(err),
|
|
110
|
+
}));
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
class MemberHandler {
|
|
114
|
+
/** GET /api/tenants/:id/members — paginated. */
|
|
115
|
+
async handleList(tenantId, request, auth, env) {
|
|
116
|
+
const denied = (0, auth_middleware_1.requireActiveTenant)(auth, tenantId) ??
|
|
117
|
+
(0, require_1.requireCapability)(auth, require_1.Capability.MemberView);
|
|
118
|
+
if (denied)
|
|
119
|
+
return denied;
|
|
120
|
+
const url = new URL(request.url);
|
|
121
|
+
const limit = Math.min(Math.max(Number(url.searchParams.get("limit") ?? "50"), 1), 200);
|
|
122
|
+
const cursor = url.searchParams.get("cursor") ?? undefined;
|
|
123
|
+
const { createPrisma } = await Promise.resolve().then(() => __importStar(require("../../db")));
|
|
124
|
+
const db = createPrisma(env);
|
|
125
|
+
const where = { tenantId };
|
|
126
|
+
const members = await db.tenantMember.findMany({
|
|
127
|
+
where,
|
|
128
|
+
take: limit + 1,
|
|
129
|
+
...(cursor ? { cursor: { id: cursor }, skip: 1 } : {}),
|
|
130
|
+
orderBy: { id: "asc" },
|
|
131
|
+
select: {
|
|
132
|
+
id: true,
|
|
133
|
+
userId: true,
|
|
134
|
+
role: true,
|
|
135
|
+
status: true,
|
|
136
|
+
joinedAt: true,
|
|
137
|
+
invitedAt: true,
|
|
138
|
+
lastActiveAt: true,
|
|
139
|
+
user: { select: { id: true, email: true, handle: true } },
|
|
140
|
+
},
|
|
141
|
+
});
|
|
142
|
+
const hasMore = members.length > limit;
|
|
143
|
+
const page = hasMore ? members.slice(0, limit) : members;
|
|
144
|
+
const nextCursor = hasMore ? page[page.length - 1]?.id : null;
|
|
145
|
+
return jsonResponse(200, {
|
|
146
|
+
members: page.map((m) => ({
|
|
147
|
+
id: m.id,
|
|
148
|
+
userId: m.userId,
|
|
149
|
+
role: m.role,
|
|
150
|
+
status: m.status,
|
|
151
|
+
joinedAt: m.joinedAt,
|
|
152
|
+
invitedAt: m.invitedAt,
|
|
153
|
+
lastActiveAt: m.lastActiveAt,
|
|
154
|
+
user: m.user,
|
|
155
|
+
})),
|
|
156
|
+
nextCursor,
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
/** PATCH /api/tenants/:id/members/:memberId — change role. */
|
|
160
|
+
async handlePatchRole(tenantId, memberId, request, auth, env) {
|
|
161
|
+
const denied = (0, auth_middleware_1.requireActiveTenant)(auth, tenantId) ??
|
|
162
|
+
(0, require_1.requireCapability)(auth, require_1.Capability.MemberChangeRole);
|
|
163
|
+
if (denied)
|
|
164
|
+
return denied;
|
|
165
|
+
const { z } = await Promise.resolve().then(() => __importStar(require("zod")));
|
|
166
|
+
let body;
|
|
167
|
+
try {
|
|
168
|
+
body = await request.json();
|
|
169
|
+
}
|
|
170
|
+
catch {
|
|
171
|
+
return jsonResponse(400, { error: "INVALID_JSON", message: "Body must be valid JSON" });
|
|
172
|
+
}
|
|
173
|
+
const schema = z.object({
|
|
174
|
+
role: z.enum(["ADMIN", "MEMBER", "GUEST"]),
|
|
175
|
+
});
|
|
176
|
+
const parsed = schema.safeParse(body);
|
|
177
|
+
if (!parsed.success) {
|
|
178
|
+
const msg = parsed.error.issues[0]?.message ?? "Invalid role";
|
|
179
|
+
const isOwner = typeof body === "object" &&
|
|
180
|
+
body !== null &&
|
|
181
|
+
body.role === "OWNER";
|
|
182
|
+
if (isOwner) {
|
|
183
|
+
return unprocessable("OWNER cannot be assigned via PATCH", `POST /api/tenants/${tenantId}/transfer-ownership`);
|
|
184
|
+
}
|
|
185
|
+
return jsonResponse(400, { error: "VALIDATION_ERROR", message: msg });
|
|
186
|
+
}
|
|
187
|
+
const { createPrisma } = await Promise.resolve().then(() => __importStar(require("../../db")));
|
|
188
|
+
const db = createPrisma(env);
|
|
189
|
+
const target = await db.tenantMember.findFirst({
|
|
190
|
+
where: { id: memberId, tenantId },
|
|
191
|
+
select: {
|
|
192
|
+
id: true,
|
|
193
|
+
userId: true,
|
|
194
|
+
role: true,
|
|
195
|
+
status: true,
|
|
196
|
+
user: { select: { cognitoSub: true } },
|
|
197
|
+
},
|
|
198
|
+
});
|
|
199
|
+
if (!target) {
|
|
200
|
+
return jsonResponse(404, { error: "NOT_FOUND", message: "Member not found" });
|
|
201
|
+
}
|
|
202
|
+
if (target.role === "OWNER") {
|
|
203
|
+
return unprocessable("Cannot demote OWNER via PATCH", `POST /api/tenants/${tenantId}/transfer-ownership`);
|
|
204
|
+
}
|
|
205
|
+
if (target.userId === auth.userId && auth.tenantRole === "OWNER") {
|
|
206
|
+
return unprocessable("OWNER cannot self-demote", `POST /api/tenants/${tenantId}/transfer-ownership`);
|
|
207
|
+
}
|
|
208
|
+
if (target.role === parsed.data.role) {
|
|
209
|
+
return jsonResponse(200, { id: target.id, role: target.role, unchanged: true });
|
|
210
|
+
}
|
|
211
|
+
const updated = await db.tenantMember.update({
|
|
212
|
+
where: { id: target.id },
|
|
213
|
+
data: { role: parsed.data.role },
|
|
214
|
+
select: { id: true, userId: true, role: true, status: true },
|
|
215
|
+
});
|
|
216
|
+
await invalidateCache(env, target.user.cognitoSub);
|
|
217
|
+
(0, audit_emit_1.emitTenantAudit)({
|
|
218
|
+
tenantId,
|
|
219
|
+
actorUserId: auth.userId,
|
|
220
|
+
action: "member.change_role",
|
|
221
|
+
targetType: "member",
|
|
222
|
+
targetId: target.id,
|
|
223
|
+
metadata: { previousRole: target.role, newRole: updated.role },
|
|
224
|
+
});
|
|
225
|
+
return jsonResponse(200, updated);
|
|
226
|
+
}
|
|
227
|
+
/** DELETE /api/tenants/:id/members/:memberId — soft-delete + sign-out. */
|
|
228
|
+
async handleRemove(tenantId, memberId, auth, env) {
|
|
229
|
+
const denied = (0, auth_middleware_1.requireActiveTenant)(auth, tenantId) ??
|
|
230
|
+
(0, require_1.requireCapability)(auth, require_1.Capability.MemberRemove);
|
|
231
|
+
if (denied)
|
|
232
|
+
return denied;
|
|
233
|
+
const { createPrisma } = await Promise.resolve().then(() => __importStar(require("../../db")));
|
|
234
|
+
const db = createPrisma(env);
|
|
235
|
+
const target = await db.tenantMember.findFirst({
|
|
236
|
+
where: { id: memberId, tenantId },
|
|
237
|
+
select: {
|
|
238
|
+
id: true,
|
|
239
|
+
userId: true,
|
|
240
|
+
role: true,
|
|
241
|
+
status: true,
|
|
242
|
+
user: { select: { cognitoSub: true, email: true } },
|
|
243
|
+
},
|
|
244
|
+
});
|
|
245
|
+
if (!target) {
|
|
246
|
+
return jsonResponse(404, { error: "NOT_FOUND", message: "Member not found" });
|
|
247
|
+
}
|
|
248
|
+
if (target.role === "OWNER") {
|
|
249
|
+
return unprocessable("OWNER cannot be removed", `POST /api/tenants/${tenantId}/transfer-ownership`);
|
|
250
|
+
}
|
|
251
|
+
if (target.userId === auth.userId && auth.tenantRole === "OWNER") {
|
|
252
|
+
return unprocessable("OWNER cannot remove themselves", `POST /api/tenants/${tenantId}/transfer-ownership`);
|
|
253
|
+
}
|
|
254
|
+
if (target.status === "REMOVED") {
|
|
255
|
+
return jsonResponse(200, { id: target.id, status: "REMOVED", unchanged: true });
|
|
256
|
+
}
|
|
257
|
+
await db.tenantMember.update({
|
|
258
|
+
where: { id: target.id },
|
|
259
|
+
data: { status: "REMOVED", removedAt: new Date() },
|
|
260
|
+
});
|
|
261
|
+
await invalidateCache(env, target.user.cognitoSub);
|
|
262
|
+
await bestEffortGlobalSignOut(env, target.user.email);
|
|
263
|
+
(0, audit_emit_1.emitTenantAudit)({
|
|
264
|
+
tenantId,
|
|
265
|
+
actorUserId: auth.userId,
|
|
266
|
+
action: "member.remove",
|
|
267
|
+
targetType: "member",
|
|
268
|
+
targetId: target.id,
|
|
269
|
+
metadata: { userId: target.userId },
|
|
270
|
+
});
|
|
271
|
+
return jsonResponse(200, { id: target.id, status: "REMOVED" });
|
|
272
|
+
}
|
|
273
|
+
/** POST /api/tenants/:id/transfer-ownership { newOwnerUserId }. */
|
|
274
|
+
async handleTransferOwnership(tenantId, request, auth, env) {
|
|
275
|
+
const denied = (0, auth_middleware_1.requireActiveTenant)(auth, tenantId);
|
|
276
|
+
if (denied)
|
|
277
|
+
return denied;
|
|
278
|
+
if (auth.tenantRole !== "OWNER" && auth.globalRole !== "SUPER_ADMIN") {
|
|
279
|
+
return jsonResponse(403, {
|
|
280
|
+
error: "FORBIDDEN",
|
|
281
|
+
message: "Only the current OWNER can transfer ownership",
|
|
282
|
+
});
|
|
283
|
+
}
|
|
284
|
+
const { z } = await Promise.resolve().then(() => __importStar(require("zod")));
|
|
285
|
+
let body;
|
|
286
|
+
try {
|
|
287
|
+
body = await request.json();
|
|
288
|
+
}
|
|
289
|
+
catch {
|
|
290
|
+
return jsonResponse(400, { error: "INVALID_JSON", message: "Body must be valid JSON" });
|
|
291
|
+
}
|
|
292
|
+
const parsed = z.object({ newOwnerUserId: z.string().min(1) }).safeParse(body);
|
|
293
|
+
if (!parsed.success) {
|
|
294
|
+
return jsonResponse(400, {
|
|
295
|
+
error: "VALIDATION_ERROR",
|
|
296
|
+
message: "newOwnerUserId is required",
|
|
297
|
+
});
|
|
298
|
+
}
|
|
299
|
+
if (parsed.data.newOwnerUserId === auth.userId) {
|
|
300
|
+
return jsonResponse(400, {
|
|
301
|
+
error: "VALIDATION_ERROR",
|
|
302
|
+
message: "New owner must be a different user",
|
|
303
|
+
});
|
|
304
|
+
}
|
|
305
|
+
const { createPrisma } = await Promise.resolve().then(() => __importStar(require("../../db")));
|
|
306
|
+
const db = createPrisma(env);
|
|
307
|
+
const result = await (0, transfer_ownership_1.transferOwnership)({
|
|
308
|
+
db,
|
|
309
|
+
tenantId,
|
|
310
|
+
currentOwnerUserId: auth.userId,
|
|
311
|
+
newOwnerUserId: parsed.data.newOwnerUserId,
|
|
312
|
+
});
|
|
313
|
+
if (!result.ok) {
|
|
314
|
+
const code = result.code;
|
|
315
|
+
if (code === "NOT_MEMBER" || code === "INACTIVE") {
|
|
316
|
+
return jsonResponse(404, {
|
|
317
|
+
error: "NOT_FOUND",
|
|
318
|
+
message: "New owner must be an active member of this tenant",
|
|
319
|
+
});
|
|
320
|
+
}
|
|
321
|
+
if (code === "ALREADY_OWNER") {
|
|
322
|
+
return jsonResponse(400, {
|
|
323
|
+
error: "VALIDATION_ERROR",
|
|
324
|
+
message: "New owner must be a different user",
|
|
325
|
+
});
|
|
326
|
+
}
|
|
327
|
+
return jsonResponse(409, { error: "CONFLICT", message: "OWNER row not found" });
|
|
328
|
+
}
|
|
329
|
+
await invalidateCache(env, result.oldOwnerCognitoSub);
|
|
330
|
+
await invalidateCache(env, result.newOwnerCognitoSub);
|
|
331
|
+
(0, audit_emit_1.emitTenantAudit)({
|
|
332
|
+
tenantId,
|
|
333
|
+
actorUserId: auth.userId,
|
|
334
|
+
action: "tenant.transfer_ownership",
|
|
335
|
+
targetType: "tenant",
|
|
336
|
+
targetId: tenantId,
|
|
337
|
+
metadata: { newOwnerUserId: parsed.data.newOwnerUserId },
|
|
338
|
+
});
|
|
339
|
+
return jsonResponse(200, { ok: true, newOwnerId: parsed.data.newOwnerUserId });
|
|
340
|
+
}
|
|
341
|
+
}
|
|
342
|
+
exports.MemberHandler = MemberHandler;
|
|
343
|
+
//# sourceMappingURL=member-handler.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"member-handler.js","sourceRoot":"","sources":["../../../src/lib/tenant/member-handler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGH,gGAGmD;AAGnD,6DAA8D;AAC9D,6CAAgE;AAChE,uDAAgE;AAChE,6CAA+C;AAC/C,6DAAyD;AAEzD,MAAM,YAAY,GAAG,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;AAE5D,SAAS,YAAY,CAAC,MAAc,EAAE,IAAa;IACjD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,aAAa,CAAC,OAAe,EAAE,WAAoB;IAC1D,OAAO,YAAY,CAAC,GAAG,EAAE;QACvB,KAAK,EAAE,eAAe;QACtB,OAAO;QACP,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,GAAQ,EAAE,UAAqC;IAC5E,IAAI,CAAC,UAAU;QAAE,OAAO;IACxB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAA,uCAAwB,GAAE,CAAC;QACzC,MAAM,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,MAAM;YACb,GAAG,EAAE,2BAA2B;YAChC,UAAU;YACV,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC;SACnB,CAAC,CACH,CAAC;IACJ,CAAC;IACD,uEAAuE;IACvE,4DAA4D;IAC5D,KAAK,GAAG,CAAC;AACX,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,GAAQ,EACR,QAAgB;IAEhB,MAAM,UAAU,GAAG,GAAG,CAAC,oBAAoB,CAAC;IAC5C,IAAI,CAAC,UAAU,IAAI,CAAC,QAAQ;QAAE,OAAO;IACrC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,gEAA6B,CAAC;YAC/C,MAAM,EAAE,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU;SACrD,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CACf,IAAI,gEAA6B,CAAC;YAChC,UAAU,EAAE,UAAU;YACtB,QAAQ,EAAE,QAAQ;SACnB,CAAC,CACH,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,MAAM;YACb,GAAG,EAAE,+BAA+B;YACpC,QAAQ;YACR,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC;SACnB,CAAC,CACH,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAa,aAAa;IACxB,gDAAgD;IAChD,KAAK,CAAC,UAAU,CACd,QAAgB,EAChB,OAAgB,EAChB,IAAiB,EACjB,GAAQ;QAER,MAAM,MAAM,GACV,IAAA,qCAAmB,EAAC,IAAI,EAAE,QAAQ,CAAC;YACnC,IAAA,2BAAiB,EAAC,IAAI,EAAE,oBAAU,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACxF,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;QAE3D,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;QAClD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAE7B,MAAM,KAAK,GAAkC,EAAE,QAAQ,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;YAC7C,KAAK;YACL,IAAI,EAAE,KAAK,GAAG,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE;YACtB,MAAM,EAAE;gBACN,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,IAAI;gBACZ,IAAI,EAAE,IAAI;gBACV,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,IAAI;gBACd,SAAS,EAAE,IAAI;gBACf,YAAY,EAAE,IAAI;gBAClB,IAAI,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;aAC1D;SACF,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,GAAG,KAAK,CAAC;QACvC,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QACzD,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAE9D,OAAO,YAAY,CAAC,GAAG,EAAE;YACvB,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACxB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,YAAY,EAAE,CAAC,CAAC,YAAY;gBAC5B,IAAI,EAAE,CAAC,CAAC,IAAI;aACb,CAAC,CAAC;YACH,UAAU;SACX,CAAC,CAAC;IACL,CAAC;IAED,8DAA8D;IAC9D,KAAK,CAAC,eAAe,CACnB,QAAgB,EAChB,QAAgB,EAChB,OAAgB,EAChB,IAAiB,EACjB,GAAQ;QAER,MAAM,MAAM,GACV,IAAA,qCAAmB,EAAC,IAAI,EAAE,QAAQ,CAAC;YACnC,IAAA,2BAAiB,EAAC,IAAI,EAAE,oBAAU,CAAC,gBAAgB,CAAC,CAAC;QACvD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,EAAE,CAAC,EAAE,GAAG,wDAAa,KAAK,GAAC,CAAC;QAClC,IAAI,IAAa,CAAC;QAClB,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;QAC1F,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;SAC3C,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,IAAI,cAAc,CAAC;YAC9D,MAAM,OAAO,GACX,OAAO,IAAI,KAAK,QAAQ;gBACxB,IAAI,KAAK,IAAI;gBACZ,IAA0B,CAAC,IAAI,KAAK,OAAO,CAAC;YAC/C,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,aAAa,CAClB,oCAAoC,EACpC,qBAAqB,QAAQ,qBAAqB,CACnD,CAAC;YACJ,CAAC;YACD,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,kBAAkB,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;QAClD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAE7B,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC;YAC7C,KAAK,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE;YACjC,MAAM,EAAE;gBACN,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,IAAI;gBACZ,IAAI,EAAE,IAAI;gBACV,MAAM,EAAE,IAAI;gBACZ,IAAI,EAAE,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE;aACvC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC5B,OAAO,aAAa,CAClB,+BAA+B,EAC/B,qBAAqB,QAAQ,qBAAqB,CACnD,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,UAAU,KAAK,OAAO,EAAE,CAAC;YACjE,OAAO,aAAa,CAClB,0BAA0B,EAC1B,qBAAqB,QAAQ,qBAAqB,CACnD,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACrC,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC3C,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE;YACxB,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAkB,EAAE;YAC9C,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;SAC7D,CAAC,CAAC;QAEH,MAAM,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEnD,IAAA,4BAAe,EAAC;YACd,QAAQ;YACR,WAAW,EAAE,IAAI,CAAC,MAAM;YACxB,MAAM,EAAE,oBAAoB;YAC5B,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,QAAQ,EAAE,EAAE,YAAY,EAAE,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE;SAC/D,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,0EAA0E;IAC1E,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,QAAgB,EAChB,IAAiB,EACjB,GAAQ;QAER,MAAM,MAAM,GACV,IAAA,qCAAmB,EAAC,IAAI,EAAE,QAAQ,CAAC;YACnC,IAAA,2BAAiB,EAAC,IAAI,EAAE,oBAAU,CAAC,YAAY,CAAC,CAAC;QACnD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;QAClD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAE7B,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC;YAC7C,KAAK,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE;YACjC,MAAM,EAAE;gBACN,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,IAAI;gBACZ,IAAI,EAAE,IAAI;gBACV,MAAM,EAAE,IAAI;gBACZ,IAAI,EAAE,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;aACpD;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC5B,OAAO,aAAa,CAClB,yBAAyB,EACzB,qBAAqB,QAAQ,qBAAqB,CACnD,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,UAAU,KAAK,OAAO,EAAE,CAAC;YACjE,OAAO,aAAa,CAClB,gCAAgC,EAChC,qBAAqB,QAAQ,qBAAqB,CACnD,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAM,SAAuC,EAAE,CAAC;YAC/D,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC3B,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE;YACxB,IAAI,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SACnD,CAAC,CAAC;QAEH,MAAM,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnD,MAAM,uBAAuB,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEtD,IAAA,4BAAe,EAAC;YACd,QAAQ;YACR,WAAW,EAAE,IAAI,CAAC,MAAM;YACxB,MAAM,EAAE,eAAe;YACvB,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE;SACpC,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,mEAAmE;IACnE,KAAK,CAAC,uBAAuB,CAC3B,QAAgB,EAChB,OAAgB,EAChB,IAAiB,EACjB,GAAQ;QAER,MAAM,MAAM,GAAG,IAAA,qCAAmB,EAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACnD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,IAAI,IAAI,CAAC,UAAU,KAAK,OAAO,IAAI,IAAI,CAAC,UAAU,KAAK,aAAa,EAAE,CAAC;YACrE,OAAO,YAAY,CAAC,GAAG,EAAE;gBACvB,KAAK,EAAE,WAAW;gBAClB,OAAO,EAAE,+CAA+C;aACzD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,CAAC,EAAE,GAAG,wDAAa,KAAK,GAAC,CAAC;QAClC,IAAI,IAAa,CAAC;QAClB,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;QAC1F,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC/E,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,YAAY,CAAC,GAAG,EAAE;gBACvB,KAAK,EAAE,kBAAkB;gBACzB,OAAO,EAAE,4BAA4B;aACtC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,CAAC,cAAc,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YAC/C,OAAO,YAAY,CAAC,GAAG,EAAE;gBACvB,KAAK,EAAE,kBAAkB;gBACzB,OAAO,EAAE,oCAAoC;aAC9C,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;QAClD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAE7B,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAiB,EAAC;YACrC,EAAE;YACF,QAAQ;YACR,kBAAkB,EAAE,IAAI,CAAC,MAAM;YAC/B,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc;SAC3C,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;YACzB,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;gBACjD,OAAO,YAAY,CAAC,GAAG,EAAE;oBACvB,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,mDAAmD;iBAC7D,CAAC,CAAC;YACL,CAAC;YACD,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;gBAC7B,OAAO,YAAY,CAAC,GAAG,EAAE;oBACvB,KAAK,EAAE,kBAAkB;oBACzB,OAAO,EAAE,oCAAoC;iBAC9C,CAAC,CAAC;YACL,CAAC;YACD,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACtD,MAAM,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAEtD,IAAA,4BAAe,EAAC;YACd,QAAQ;YACR,WAAW,EAAE,IAAI,CAAC,MAAM;YACxB,MAAM,EAAE,2BAA2B;YACnC,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,EAAE,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE;SACzD,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;IACjF,CAAC;CACF;AA9SD,sCA8SC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Reserved tenant slugs — values that may not be used as a Tenant.slug.
|
|
3
|
+
*
|
|
4
|
+
* Categories:
|
|
5
|
+
* - Platform terms (paths reachable on api.skybber.com / app.skybber.com).
|
|
6
|
+
* - Brand-protection placeholders (top consumer brands and the trellis-org).
|
|
7
|
+
* - Generic legal / system terms.
|
|
8
|
+
*
|
|
9
|
+
* The list is conservative; expand over time. Slugs that pass {@link SLUG_REGEX}
|
|
10
|
+
* but appear in this set are rejected at tenant-creation time.
|
|
11
|
+
*
|
|
12
|
+
* See plans/mvp/10-trellis-stages/01-schema-migration.md §slug-reservation-list.
|
|
13
|
+
*/
|
|
14
|
+
export declare const RESERVED_SLUGS: ReadonlySet<string>;
|
|
15
|
+
/**
|
|
16
|
+
* Validates the *format* of a tenant slug.
|
|
17
|
+
*
|
|
18
|
+
* Rules:
|
|
19
|
+
* - 3–40 characters.
|
|
20
|
+
* - Lowercase ASCII letters, digits, and hyphens only.
|
|
21
|
+
* - Must start and end with an alphanumeric character (no leading/trailing hyphens).
|
|
22
|
+
* - No two consecutive hyphens (avoids confusion with punycode `xn--`).
|
|
23
|
+
*
|
|
24
|
+
* The 40-char ceiling accommodates auto-generated personal-tenant slugs of
|
|
25
|
+
* the form `personal-{userId}` where userId is a 25-char cuid (T2 — JIT
|
|
26
|
+
* provisioning). User-claimed organization slugs typically stay well under
|
|
27
|
+
* the Cognito `tenantSlug` claim limit of 32 chars.
|
|
28
|
+
*
|
|
29
|
+
* Format-only — does not check the reserved list. Combine with
|
|
30
|
+
* {@link isReservedSlug} for the full admission test.
|
|
31
|
+
*/
|
|
32
|
+
export declare const SLUG_REGEX: RegExp;
|
|
33
|
+
/** Returns true if `slug` exactly matches a reserved value (case-insensitive). */
|
|
34
|
+
export declare function isReservedSlug(slug: string): boolean;
|
|
35
|
+
/** Combined check: format + reservation. Returns null if valid, an error code otherwise. */
|
|
36
|
+
export declare function validateSlug(slug: string): "INVALID_FORMAT" | "RESERVED" | null;
|
|
37
|
+
//# sourceMappingURL=reserved-slugs.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"reserved-slugs.d.ts","sourceRoot":"","sources":["../../../src/lib/tenant/reserved-slugs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,cAAc,EAAE,WAAW,CAAC,MAAM,CAqE7C,CAAC;AAEH;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,UAAU,QAA8C,CAAC;AAEtE,kFAAkF;AAClF,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEpD;AAED,4FAA4F;AAC5F,wBAAgB,YAAY,CAC1B,IAAI,EAAE,MAAM,GACX,gBAAgB,GAAG,UAAU,GAAG,IAAI,CAItC"}
|
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.SLUG_REGEX = exports.RESERVED_SLUGS = void 0;
|
|
4
|
+
exports.isReservedSlug = isReservedSlug;
|
|
5
|
+
exports.validateSlug = validateSlug;
|
|
6
|
+
/**
|
|
7
|
+
* Reserved tenant slugs — values that may not be used as a Tenant.slug.
|
|
8
|
+
*
|
|
9
|
+
* Categories:
|
|
10
|
+
* - Platform terms (paths reachable on api.skybber.com / app.skybber.com).
|
|
11
|
+
* - Brand-protection placeholders (top consumer brands and the trellis-org).
|
|
12
|
+
* - Generic legal / system terms.
|
|
13
|
+
*
|
|
14
|
+
* The list is conservative; expand over time. Slugs that pass {@link SLUG_REGEX}
|
|
15
|
+
* but appear in this set are rejected at tenant-creation time.
|
|
16
|
+
*
|
|
17
|
+
* See plans/mvp/10-trellis-stages/01-schema-migration.md §slug-reservation-list.
|
|
18
|
+
*/
|
|
19
|
+
exports.RESERVED_SLUGS = new Set([
|
|
20
|
+
// Platform / routing terms
|
|
21
|
+
"admin",
|
|
22
|
+
"agent",
|
|
23
|
+
"agents",
|
|
24
|
+
"api",
|
|
25
|
+
"app",
|
|
26
|
+
"apps",
|
|
27
|
+
"auth",
|
|
28
|
+
"billing",
|
|
29
|
+
"cdn",
|
|
30
|
+
"console",
|
|
31
|
+
"dashboard",
|
|
32
|
+
"docs",
|
|
33
|
+
"help",
|
|
34
|
+
"login",
|
|
35
|
+
"logout",
|
|
36
|
+
"mail",
|
|
37
|
+
"media",
|
|
38
|
+
"oauth",
|
|
39
|
+
"openid",
|
|
40
|
+
"register",
|
|
41
|
+
"settings",
|
|
42
|
+
"signin",
|
|
43
|
+
"signup",
|
|
44
|
+
"sso",
|
|
45
|
+
"staff",
|
|
46
|
+
"static",
|
|
47
|
+
"status",
|
|
48
|
+
"support",
|
|
49
|
+
"system",
|
|
50
|
+
"team",
|
|
51
|
+
"test",
|
|
52
|
+
"tenant",
|
|
53
|
+
"tenants",
|
|
54
|
+
"user",
|
|
55
|
+
"users",
|
|
56
|
+
"well-known",
|
|
57
|
+
"www",
|
|
58
|
+
// Skybber / de otio / trellis specific
|
|
59
|
+
"deotio",
|
|
60
|
+
"de-otio",
|
|
61
|
+
"skybber",
|
|
62
|
+
"trellis",
|
|
63
|
+
// Top consumer brands (illustrative — extend as squatting attempts surface)
|
|
64
|
+
"amazon",
|
|
65
|
+
"apple",
|
|
66
|
+
"facebook",
|
|
67
|
+
"google",
|
|
68
|
+
"instagram",
|
|
69
|
+
"meta",
|
|
70
|
+
"microsoft",
|
|
71
|
+
"openai",
|
|
72
|
+
"twitter",
|
|
73
|
+
"whatsapp",
|
|
74
|
+
"youtube",
|
|
75
|
+
// Note: 1-char brand "x" is not listed — SLUG_REGEX enforces a 3-char minimum,
|
|
76
|
+
// so 1-char slugs are unclaimable by format anyway.
|
|
77
|
+
// Generic legal/product terms
|
|
78
|
+
"about",
|
|
79
|
+
"contact",
|
|
80
|
+
"legal",
|
|
81
|
+
"privacy",
|
|
82
|
+
"security",
|
|
83
|
+
"terms",
|
|
84
|
+
"tos",
|
|
85
|
+
]);
|
|
86
|
+
/**
|
|
87
|
+
* Validates the *format* of a tenant slug.
|
|
88
|
+
*
|
|
89
|
+
* Rules:
|
|
90
|
+
* - 3–40 characters.
|
|
91
|
+
* - Lowercase ASCII letters, digits, and hyphens only.
|
|
92
|
+
* - Must start and end with an alphanumeric character (no leading/trailing hyphens).
|
|
93
|
+
* - No two consecutive hyphens (avoids confusion with punycode `xn--`).
|
|
94
|
+
*
|
|
95
|
+
* The 40-char ceiling accommodates auto-generated personal-tenant slugs of
|
|
96
|
+
* the form `personal-{userId}` where userId is a 25-char cuid (T2 — JIT
|
|
97
|
+
* provisioning). User-claimed organization slugs typically stay well under
|
|
98
|
+
* the Cognito `tenantSlug` claim limit of 32 chars.
|
|
99
|
+
*
|
|
100
|
+
* Format-only — does not check the reserved list. Combine with
|
|
101
|
+
* {@link isReservedSlug} for the full admission test.
|
|
102
|
+
*/
|
|
103
|
+
exports.SLUG_REGEX = /^(?!.*--)[a-z0-9][a-z0-9-]{1,38}[a-z0-9]$/;
|
|
104
|
+
/** Returns true if `slug` exactly matches a reserved value (case-insensitive). */
|
|
105
|
+
function isReservedSlug(slug) {
|
|
106
|
+
return exports.RESERVED_SLUGS.has(slug.toLowerCase());
|
|
107
|
+
}
|
|
108
|
+
/** Combined check: format + reservation. Returns null if valid, an error code otherwise. */
|
|
109
|
+
function validateSlug(slug) {
|
|
110
|
+
if (!exports.SLUG_REGEX.test(slug))
|
|
111
|
+
return "INVALID_FORMAT";
|
|
112
|
+
if (isReservedSlug(slug))
|
|
113
|
+
return "RESERVED";
|
|
114
|
+
return null;
|
|
115
|
+
}
|
|
116
|
+
//# sourceMappingURL=reserved-slugs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"reserved-slugs.js","sourceRoot":"","sources":["../../../src/lib/tenant/reserved-slugs.ts"],"names":[],"mappings":";;;AAwGA,wCAEC;AAGD,oCAMC;AAnHD;;;;;;;;;;;;GAYG;AACU,QAAA,cAAc,GAAwB,IAAI,GAAG,CAAC;IACzD,2BAA2B;IAC3B,OAAO;IACP,OAAO;IACP,QAAQ;IACR,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,SAAS;IACT,KAAK;IACL,SAAS;IACT,WAAW;IACX,MAAM;IACN,MAAM;IACN,OAAO;IACP,QAAQ;IACR,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,UAAU;IACV,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,KAAK;IACL,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,MAAM;IACN,MAAM;IACN,QAAQ;IACR,SAAS;IACT,MAAM;IACN,OAAO;IACP,YAAY;IACZ,KAAK;IAEL,uCAAuC;IACvC,QAAQ;IACR,SAAS;IACT,SAAS;IACT,SAAS;IAET,4EAA4E;IAC5E,QAAQ;IACR,OAAO;IACP,UAAU;IACV,QAAQ;IACR,WAAW;IACX,MAAM;IACN,WAAW;IACX,QAAQ;IACR,SAAS;IACT,UAAU;IACV,SAAS;IACT,+EAA+E;IAC/E,oDAAoD;IAEpD,8BAA8B;IAC9B,OAAO;IACP,SAAS;IACT,OAAO;IACP,SAAS;IACT,UAAU;IACV,OAAO;IACP,KAAK;CACN,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;;GAgBG;AACU,QAAA,UAAU,GAAG,2CAA2C,CAAC;AAEtE,kFAAkF;AAClF,SAAgB,cAAc,CAAC,IAAY;IACzC,OAAO,sBAAc,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;AAChD,CAAC;AAED,4FAA4F;AAC5F,SAAgB,YAAY,CAC1B,IAAY;IAEZ,IAAI,CAAC,kBAAU,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACpD,IAAI,cAAc,CAAC,IAAI,CAAC;QAAE,OAAO,UAAU,CAAC;IAC5C,OAAO,IAAI,CAAC;AACd,CAAC"}
|