@digitaldefiance/node-express-suite 3.7.5 → 3.8.0

package/src/services/backup-code.d.ts

@@ -0,0 +1,80 @@
+/**
+ * @fileoverview Backup code service for secure account recovery.
+ * Implements v1.0.0 backup code scheme with Argon2id KDF and HKDF-SHA256 checksums.
+ * @module services/backup-code
+ */
+import { SecureString } from '@digitaldefiance/ecies-lib';
+import { ClientSession } from '@digitaldefiance/mongoose-types';
+import { Member as BackendMember, ECIESService, PlatformID } from '@digitaldefiance/node-ecies-lib';
+import { IBackupCode, ITokenRole } from '@digitaldefiance/suite-core-lib';
+import { IUserDocument } from '../documents';
+import { IApplication } from '../interfaces/application';
+import { BaseService } from './base';
+import { KeyWrappingService } from './index';
+import { RoleService } from './role';
+/**
+ * Service for backup code generation, validation, and key recovery.
+ * Implements secure backup code scheme with constant-time validation and key wrapping.
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TDate - Date type (defaults to Date)
+ * @template TTokenRole - Token role interface type
+ * @template TApplication - Application interface type
+ * @extends {BaseService<TID>}
+ */
+export declare class BackupCodeService<TID extends PlatformID = Buffer, TDate extends Date = Date, TTokenRole extends ITokenRole<TID, TDate> = ITokenRole<TID, TDate>, TApplication extends IApplication<TID> = IApplication<TID>> extends BaseService<TID> {
+    private readonly eciesService;
+    private systemUser?;
+    private readonly keyWrappingService;
+    private readonly roleService;
+    /**
+     * Construct a BackupCodeService.
+     */
+    constructor(application: TApplication, eciesService: ECIESService<TID>, keyWrappingService: KeyWrappingService, roleService: RoleService<TID, TDate, TTokenRole>);
+    /**
+     * Get the lazily-initialized system user for key wrapping/unwrapping.
+     */
+    private getSystemUser;
+    /**
+     * Forcibly set the system user (for database initialization)
+     * @param user
+     */
+    setSystemUser(user: BackendMember<TID>): void;
+    /**
+     * v1: Consume (validate and remove) a backup code via constant-time checksum match.
+     */
+    useBackupCodeV1(encryptedBackupCodes: Array<IBackupCode>, backupCode: string): {
+        newCodesArray: Array<IBackupCode>;
+        code: IBackupCode;
+    };
+    /**
+     * Consume a backup code by first detecting the version and then dispatching to the appropriate handler.
+     */
+    useBackupCode(encryptedBackupCodes: Array<IBackupCode>, backupCode: string): {
+        newCodesArray: Array<IBackupCode>;
+        code: IBackupCode;
+    };
+    /**
+     * v1: Recover a user's private key using a backup code.
+     */
+    recoverKeyWithBackupCodeV1(userDoc: IUserDocument<string, TID>, backupCode: string, newPassword?: SecureString, session?: ClientSession): Promise<{
+        userDoc: IUserDocument<string, TID>;
+        user: BackendMember<TID>;
+        codeCount: number;
+    }>;
+    /**
+     * Recover a user's private key using a backup code (version-dispatched).
+     */
+    recoverKeyWithBackupCode(userDoc: IUserDocument<string, TID>, backupCode: string, newPassword?: SecureString, session?: ClientSession): Promise<{
+        userDoc: IUserDocument<string, TID>;
+        user: BackendMember<TID>;
+        codeCount: number;
+    }>;
+    /**
+     * Rewrap system-wrapped AEAD blobs from old system key to new one without touching inner AEAD.
+     */
+    rewrapAllUsersBackupCodes(fetchBatch: (afterId?: string, limit?: number) => Promise<IUserDocument<string, TID>[]>, saveUser: (user: IUserDocument<string, TID>) => Promise<void>, oldSystem: BackendMember, newSystem: BackendMember, options?: {
+        batchSize?: number;
+        onProgress?: (count: number) => void;
+    }): Promise<number>;
+}
+//# sourceMappingURL=backup-code.d.ts.map

package/src/services/backup-code.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"backup-code.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/backup-code.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAIL,YAAY,EACb,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EACL,MAAM,IAAI,aAAa,EACvB,YAAY,EACZ,UAAU,EACX,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACL,WAAW,EAEX,UAAU,EACX,MAAM,iCAAiC,CAAC;AAIzC,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAIrC;;;;;;;;GAQG;AACH,qBAAa,iBAAiB,CAC5B,GAAG,SAAS,UAAU,GAAG,MAAM,EAC/B,KAAK,SAAS,IAAI,GAAG,IAAI,EACzB,UAAU,SAAS,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,EAClE,YAAY,SAAS,YAAY,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAC1D,SAAQ,WAAW,CAAC,GAAG,CAAC;IACxB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAoB;IACjD,OAAO,CAAC,UAAU,CAAC,CAAqB;IACxC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAqB;IACxD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAsC;IAElE;;OAEG;gBAED,WAAW,EAAE,YAAY,EACzB,YAAY,EAAE,YAAY,CAAC,GAAG,CAAC,EAC/B,kBAAkB,EAAE,kBAAkB,EACtC,WAAW,EAAE,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,UAAU,CAAC;IAQlD;;OAEG;IACH,OAAO,CAAC,aAAa;IAYrB;;;OAGG;IACI,aAAa,CAAC,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,GAAG,IAAI;IAIpD;;OAEG;IACI,eAAe,CACpB,oBAAoB,EAAE,KAAK,CAAC,WAAW,CAAC,EACxC,UAAU,EAAE,MAAM,GACjB;QAAE,aAAa,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QAAC,IAAI,EAAE,WAAW,CAAA;KAAE;IAmC3D;;OAEG;IACI,aAAa,CAClB,oBAAoB,EAAE,KAAK,CAAC,WAAW,CAAC,EACxC,UAAU,EAAE,MAAM,GACjB;QAAE,aAAa,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QAAC,IAAI,EAAE,WAAW,CAAA;KAAE;IAkB3D;;OAEG;IACU,0BAA0B,CACrC,OAAO,EAAE,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,EACnC,UAAU,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE,YAAY,EAC1B,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC;QACT,OAAO,EAAE,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACpC,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IA0EF;;OAEG;IACU,wBAAwB,CACnC,OAAO,EAAE,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,EACnC,UAAU,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE,YAAY,EAC1B,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC;QACT,OAAO,EAAE,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACpC,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IAkBF;;OAEG;IACU,yBAAyB,CACpC,UAAU,EAAE,CACV,OAAO,CAAC,EAAE,MAAM,EAChB,KAAK,CAAC,EAAE,MAAM,KACX,OAAO,CAAC,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC,EAC1C,QAAQ,EAAE,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,EAC7D,SAAS,EAAE,aAAa,EACxB,SAAS,EAAE,aAAa,EACxB,OAAO,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,GACrE,OAAO,CAAC,MAAM,CAAC;CAwCnB"}

package/src/services/backup-code.js

@@ -0,0 +1,189 @@
+"use strict";
+/**
+ * @fileoverview Backup code service for secure account recovery.
+ * Implements v1.0.0 backup code scheme with Argon2id KDF and HKDF-SHA256 checksums.
+ * @module services/backup-code
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BackupCodeService = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const node_ecies_lib_1 = require("@digitaldefiance/node-ecies-lib");
+const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
+const crypto_1 = require("crypto");
+const backup_code_1 = require("../backup-code");
+const constants_1 = require("../constants");
+const invalid_backup_code_version_1 = require("../errors/invalid-backup-code-version");
+const base_1 = require("./base");
+const symmetric_1 = require("./symmetric");
+const system_user_1 = require("./system-user");
+/**
+ * Service for backup code generation, validation, and key recovery.
+ * Implements secure backup code scheme with constant-time validation and key wrapping.
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TDate - Date type (defaults to Date)
+ * @template TTokenRole - Token role interface type
+ * @template TApplication - Application interface type
+ * @extends {BaseService<TID>}
+ */
+class BackupCodeService extends base_1.BaseService {
+    eciesService;
+    systemUser;
+    keyWrappingService;
+    roleService;
+    /**
+     * Construct a BackupCodeService.
+     */
+    constructor(application, eciesService, keyWrappingService, roleService) {
+        super(application);
+        this.eciesService = eciesService;
+        this.keyWrappingService = keyWrappingService;
+        this.roleService = roleService;
+    }
+    /**
+     * Get the lazily-initialized system user for key wrapping/unwrapping.
+     */
+    getSystemUser() {
+        if (!this.systemUser) {
+            // System user is always created with Buffer IDs, but we need to cast to the generic type I
+            // This is safe because the system user's ID type is compatible with all ID types
+            this.systemUser = system_user_1.SystemUserService.getSystemUser(this.application.environment, this.application.constants);
+        }
+        return this.systemUser;
+    }
+    /**
+     * Forcibly set the system user (for database initialization)
+     * @param user
+     */
+    setSystemUser(user) {
+        this.systemUser = user;
+    }
+    /**
+     * v1: Consume (validate and remove) a backup code via constant-time checksum match.
+     */
+    useBackupCodeV1(encryptedBackupCodes, backupCode) {
+        const normalizedCode = backup_code_1.BackupCode.normalizeCode(backupCode);
+        if (!constants_1.LocalhostConstants.BACKUP_CODES.NormalizedHexRegex.test(normalizedCode)) {
+            throw new suite_core_lib_1.InvalidBackupCodeError();
+        }
+        const codeBytes = Buffer.from(normalizedCode, 'utf8');
+        try {
+            for (const code of encryptedBackupCodes) {
+                if (code.version !== backup_code_1.BackupCode.BackupCodeVersion)
+                    continue;
+                const checksumSalt = Buffer.from(code.checksumSalt, 'hex');
+                const expected = backup_code_1.BackupCode.hkdfSha256(codeBytes, checksumSalt, Buffer.from('backup-checksum'), 32);
+                if (code.checksum.length === expected.length * 2 &&
+                    (0, crypto_1.timingSafeEqual)(Buffer.from(code.checksum, 'hex'), expected)) {
+                    const checksumHex = expected.toString('hex');
+                    return {
+                        newCodesArray: encryptedBackupCodes.filter((c) => c.checksum !== checksumHex),
+                        code,
+                    };
+                }
+            }
+            throw new suite_core_lib_1.InvalidBackupCodeError();
+        }
+        finally {
+            codeBytes.fill(0);
+        }
+    }
+    /**
+     * Consume a backup code by first detecting the version and then dispatching to the appropriate handler.
+     */
+    useBackupCode(encryptedBackupCodes, backupCode) {
+        const version = backup_code_1.BackupCode.detectBackupCodeVersion(encryptedBackupCodes, backupCode);
+        switch (version) {
+            case backup_code_1.BackupCode.BackupCodeVersion:
+                return this.useBackupCodeV1(encryptedBackupCodes.filter((c) => c.version === backup_code_1.BackupCode.BackupCodeVersion), backupCode);
+            default:
+                throw new invalid_backup_code_version_1.InvalidBackupCodeVersionError(version);
+        }
+    }
+    /**
+     * v1: Recover a user's private key using a backup code.
+     */
+    async recoverKeyWithBackupCodeV1(userDoc, backupCode, newPassword, session) {
+        const normalizedCode = backup_code_1.BackupCode.normalizeCode(backupCode);
+        return await this.withTransaction(async (sess) => {
+            const { code, newCodesArray } = this.useBackupCodeV1(userDoc.backupCodes, normalizedCode);
+            userDoc.backupCodes = newCodesArray;
+            let decryptionKey;
+            try {
+                const adminMember = this.getSystemUser();
+                decryptionKey = await backup_code_1.BackupCode.getBackupKeyV1(code.checksumSalt, normalizedCode, this.application.constants);
+                const privateKeyUnwrapped = adminMember.decryptData(Buffer.from(code.encrypted, 'hex'));
+                const decryptedPrivateKey = new ecies_lib_1.SecureBuffer(symmetric_1.SymmetricService.decryptBuffer(privateKeyUnwrapped, decryptionKey));
+                const memberType = await this.roleService.getMemberType(userDoc, session);
+                const user = new node_ecies_lib_1.Member(this.eciesService, memberType, userDoc.username, new ecies_lib_1.EmailString(userDoc.email), Buffer.from(userDoc.publicKey, 'hex'), decryptedPrivateKey, undefined, userDoc._id, new Date(userDoc.createdAt), new Date(userDoc.updatedAt));
+                if (!newPassword) {
+                    await userDoc.save({ session: sess });
+                    return {
+                        userDoc,
+                        user,
+                        codeCount: newCodesArray.length,
+                    };
+                }
+                const wrapped = this.keyWrappingService.wrapSecret(decryptedPrivateKey, newPassword, this.application.constants);
+                userDoc.passwordWrappedPrivateKey = wrapped;
+                await userDoc.save({ session: sess });
+                return { userDoc, user, codeCount: newCodesArray.length };
+            }
+            finally {
+                if (decryptionKey)
+                    decryptionKey.fill(0);
+            }
+        }, session, {
+            timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
+        });
+    }
+    /**
+     * Recover a user's private key using a backup code (version-dispatched).
+     */
+    async recoverKeyWithBackupCode(userDoc, backupCode, newPassword, session) {
+        const version = backup_code_1.BackupCode.detectBackupCodeVersion(userDoc.backupCodes, backupCode);
+        switch (version) {
+            case backup_code_1.BackupCode.BackupCodeVersion:
+                return this.recoverKeyWithBackupCodeV1(userDoc, backupCode, newPassword, session);
+            default:
+                throw new invalid_backup_code_version_1.InvalidBackupCodeVersionError(version);
+        }
+    }
+    /**
+     * Rewrap system-wrapped AEAD blobs from old system key to new one without touching inner AEAD.
+     */
+    async rewrapAllUsersBackupCodes(fetchBatch, saveUser, oldSystem, newSystem, options) {
+        const batchSize = options?.batchSize ?? 500;
+        let processed = 0;
+        let afterId;
+        for (;;) {
+            const users = await fetchBatch(afterId, batchSize);
+            if (!users.length)
+                break;
+            for (const user of users) {
+                let modified = false;
+                for (const bc of user.backupCodes ?? []) {
+                    try {
+                        const sealed = oldSystem.decryptData(Buffer.from(bc.encrypted, 'hex'));
+                        const rewrapped = newSystem.encryptData(sealed).toString('hex');
+                        if (rewrapped !== bc.encrypted) {
+                            bc.encrypted = rewrapped;
+                            modified = true;
+                        }
+                    }
+                    catch (e) {
+                        throw new Error(`Failed to rewrap backup code for user ${user._id}: ${e.message}`);
+                    }
+                }
+                if (modified) {
+                    await saveUser(user);
+                    processed++;
+                    options?.onProgress?.(processed);
+                }
+            }
+            afterId = users[users.length - 1]?._id?.toString() ?? undefined;
+        }
+        return processed;
+    }
+}
+exports.BackupCodeService = BackupCodeService;
+//# sourceMappingURL=backup-code.js.map

package/src/services/backup-code.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"backup-code.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/backup-code.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,0DAKoC;AAEpC,oEAIyC;AACzC,oEAIyC;AACzC,mCAAyC;AACzC,gDAA4C;AAC5C,4CAAkE;AAElE,uFAAsF;AAEtF,iCAAqC;AAGrC,2CAA+C;AAC/C,+CAAkD;AAElD;;;;;;;;GAQG;AACH,MAAa,iBAKX,SAAQ,kBAAgB;IACP,YAAY,CAAoB;IACzC,UAAU,CAAsB;IACvB,kBAAkB,CAAqB;IACvC,WAAW,CAAsC;IAElE;;OAEG;IACH,YACE,WAAyB,EACzB,YAA+B,EAC/B,kBAAsC,EACtC,WAAgD;QAEhD,KAAK,CAAC,WAAW,CAAC,CAAC;QACnB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED;;OAEG;IACK,aAAa;QACnB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,2FAA2F;YAC3F,iFAAiF;YACjF,IAAI,CAAC,UAAU,GAAG,+BAAiB,CAAC,aAAa,CAC/C,IAAI,CAAC,WAAW,CAAC,WAAW,EAC5B,IAAI,CAAC,WAAW,CAAC,SAAS,CACM,CAAC;QACrC,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;OAGG;IACI,aAAa,CAAC,IAAwB;QAC3C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACzB,CAAC;IAED;;OAEG;IACI,eAAe,CACpB,oBAAwC,EACxC,UAAkB;QAElB,MAAM,cAAc,GAAG,wBAAU,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAC5D,IAAI,CAAC,8BAAY,CAAC,YAAY,CAAC,kBAAkB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACvE,MAAM,IAAI,uCAAsB,EAAE,CAAC;QACrC,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC;YACH,KAAK,MAAM,IAAI,IAAI,oBAAoB,EAAE,CAAC;gBACxC,IAAI,IAAI,CAAC,OAAO,KAAK,wBAAU,CAAC,iBAAiB;oBAAE,SAAS;gBAC5D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBAC3D,MAAM,QAAQ,GAAG,wBAAU,CAAC,UAAU,CACpC,SAAS,EACT,YAAY,EACZ,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAC9B,EAAE,CACH,CAAC;gBACF,IACE,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,GAAG,CAAC;oBAC5C,IAAA,wBAAe,EAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,EAC5D,CAAC;oBACD,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;oBAC7C,OAAO;wBACL,aAAa,EAAE,oBAAoB,CAAC,MAAM,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW,CAClC;wBACD,IAAI;qBACL,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,MAAM,IAAI,uCAAsB,EAAE,CAAC;QACrC,CAAC;gBAAS,CAAC;YACT,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAED;;OAEG;IACI,aAAa,CAClB,oBAAwC,EACxC,UAAkB;QAElB,MAAM,OAAO,GAAG,wBAAU,CAAC,uBAAuB,CAChD,oBAAoB,EACpB,UAAU,CACX,CAAC;QACF,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,wBAAU,CAAC,iBAAiB;gBAC/B,OAAO,IAAI,CAAC,eAAe,CACzB,oBAAoB,CAAC,MAAM,CACzB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,wBAAU,CAAC,iBAAiB,CAClD,EACD,UAAU,CACX,CAAC;YACJ;gBACE,MAAM,IAAI,2DAA6B,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,0BAA0B,CACrC,OAAmC,EACnC,UAAkB,EAClB,WAA0B,EAC1B,OAAuB;QAMvB,MAAM,cAAc,GAAG,wBAAU,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAC5D,OAAO,MAAM,IAAI,CAAC,eAAe,CAK/B,KAAK,EAAE,IAA+B,EAAE,EAAE;YACxC,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,eAAe,CAClD,OAAO,CAAC,WAAW,EACnB,cAAc,CACf,CAAC;YACF,OAAO,CAAC,WAAW,GAAG,aAAa,CAAC;YAEpC,IAAI,aAAiC,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;gBACzC,aAAa,GAAG,MAAM,wBAAU,CAAC,cAAc,CAC7C,IAAI,CAAC,YAAY,EACjB,cAAc,EACd,IAAI,CAAC,WAAW,CAAC,SAAS,CAC3B,CAAC;gBACF,MAAM,mBAAmB,GAAG,WAAW,CAAC,WAAW,CACjD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CACnC,CAAC;gBACF,MAAM,mBAAmB,GAAG,IAAI,wBAAY,CAC1C,4BAAgB,CAAC,aAAa,CAAC,mBAAmB,EAAE,aAAa,CAAC,CACnE,CAAC;gBAEF,MAAM,UAAU,GAAe,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CACjE,OAAO,EACP,OAAO,CACR,CAAC;gBACF,MAAM,IAAI,GAAG,IAAI,uBAAa,CAC5B,IAAI,CAAC,YAAY,EACjB,UAAU,EACV,OAAO,CAAC,QAAQ,EAChB,IAAI,uBAAW,CAAC,OAAO,CAAC,KAAK,CAAC,EAC9B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,EACrC,mBAAmB,EACnB,SAAS,EACT,OAAO,CAAC,GAAG,EACX,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAC3B,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAC5B,CAAC;gBAEF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;oBACtC,OAAO;wBACL,OAAO;wBACP,IAAI;wBACJ,SAAS,EAAE,aAAa,CAAC,MAAM;qBAChC,CAAC;gBACJ,CAAC;gBAED,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAChD,mBAAmB,EACnB,WAAW,EACX,IAAI,CAAC,WAAW,CAAC,SAAS,CAC3B,CAAC;gBACF,OAAO,CAAC,yBAAyB,GAAG,OAAO,CAAC;gBAC5C,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBACtC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC;YAC5D,CAAC;oBAAS,CAAC;gBACT,IAAI,aAAa;oBAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC,EACD,OAAO,EACP;YACE,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,kBAAkB,GAAG,CAAC;SACrE,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,wBAAwB,CACnC,OAAmC,EACnC,UAAkB,EAClB,WAA0B,EAC1B,OAAuB;QAMvB,MAAM,OAAO,GAAG,wBAAU,CAAC,uBAAuB,CAChD,OAAO,CAAC,WAAW,EACnB,UAAU,CACX,CAAC;QACF,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,wBAAU,CAAC,iBAAiB;gBAC/B,OAAO,IAAI,CAAC,0BAA0B,CACpC,OAAO,EACP,UAAU,EACV,WAAW,EACX,OAAO,CACR,CAAC;YACJ;gBACE,MAAM,IAAI,2DAA6B,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,yBAAyB,CACpC,UAG0C,EAC1C,QAA6D,EAC7D,SAAwB,EACxB,SAAwB,EACxB,OAAsE;QAEtE,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,GAAG,CAAC;QAC5C,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,OAA2B,CAAC;QAEhC,SAAS,CAAC;YACR,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YACnD,IAAI,CAAC,KAAK,CAAC,MAAM;gBAAE,MAAM;YAEzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,QAAQ,GAAG,KAAK,CAAC;gBACrB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;oBACxC,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,CAClC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,CACjC,CAAC;wBACF,MAAM,SAAS,GAAG,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;wBAChE,IAAI,SAAS,KAAK,EAAE,CAAC,SAAS,EAAE,CAAC;4BAC/B,EAAE,CAAC,SAAS,GAAG,SAAS,CAAC;4BACzB,QAAQ,GAAG,IAAI,CAAC;wBAClB,CAAC;oBACH,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,CAAC,GAAG,KAC9C,CAAW,CAAC,OACf,EAAE,CACH,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;oBACrB,SAAS,EAAE,CAAC;oBACZ,OAAO,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,CAAC;gBACnC,CAAC;YACH,CAAC;YAED,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,SAAS,CAAC;QAClE,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AA1RD,8CA0RC"}

package/src/services/base.d.ts

@@ -0,0 +1,22 @@
+/**
+ * @fileoverview Base service class providing common functionality for all services.
+ * Includes transaction management utilities.
+ * @module services/base
+ */
+import { ClientSession } from '@digitaldefiance/mongoose-types';
+import { IApplication } from '../interfaces/application';
+import { TransactionCallback } from '../types';
+import { TransactionOptions } from '../utils';
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+/**
+ * Base service class providing common functionality for all services.
+ * Includes transaction wrapper for database operations.
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TApplication - Application interface type
+ */
+export declare class BaseService<TID extends PlatformID = Buffer, TApplication extends IApplication<TID> = IApplication<TID>> {
+    protected readonly application: TApplication;
+    constructor(application: TApplication);
+    withTransaction<T>(callback: TransactionCallback<T>, session?: ClientSession, options?: TransactionOptions<TID>, ...args: unknown[]): Promise<T>;
+}
+//# sourceMappingURL=base.d.ts.map

package/src/services/base.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/base.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAC/C,OAAO,EACL,kBAAkB,EAEnB,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAElE;;;;;GAKG;AACH,qBAAa,WAAW,CACtB,GAAG,SAAS,UAAU,GAAG,MAAM,EAC/B,YAAY,SAAS,YAAY,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC;IAE1D,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,YAAY,CAAC;gBAEjC,WAAW,EAAE,YAAY;IAGxB,eAAe,CAAC,CAAC,EAC5B,QAAQ,EAAE,mBAAmB,CAAC,CAAC,CAAC,EAChC,OAAO,CAAC,EAAE,aAAa,EACvB,OAAO,CAAC,EAAE,kBAAkB,CAAC,GAAG,CAAC,EACjC,GAAG,IAAI,EAAE,OAAO,EAAE;CAWrB"}

package/src/services/base.js

@@ -0,0 +1,26 @@
+"use strict";
+/**
+ * @fileoverview Base service class providing common functionality for all services.
+ * Includes transaction management utilities.
+ * @module services/base
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseService = void 0;
+const utils_1 = require("../utils");
+/**
+ * Base service class providing common functionality for all services.
+ * Includes transaction wrapper for database operations.
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TApplication - Application interface type
+ */
+class BaseService {
+    application;
+    constructor(application) {
+        this.application = application;
+    }
+    async withTransaction(callback, session, options, ...args) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, session, callback, options ?? {}, ...args);
+    }
+}
+exports.BaseService = BaseService;
+//# sourceMappingURL=base.js.map

package/src/services/base.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/base.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAKH,oCAGkB;AAGlB;;;;;GAKG;AACH,MAAa,WAAW;IAIH,WAAW,CAAe;IAE7C,YAAY,WAAyB;QACnC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IACM,KAAK,CAAC,eAAe,CAC1B,QAAgC,EAChC,OAAuB,EACvB,OAAiC,EACjC,GAAG,IAAe;QAElB,OAAO,MAAM,IAAA,uBAAoB,EAC/B,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,UAAU,EAC9B,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,eAAe,EAClD,OAAO,EACP,QAAQ,EACR,OAAO,IAAI,EAAE,EACb,GAAG,IAAI,CACR,CAAC;IACJ,CAAC;CACF;AAxBD,kCAwBC"}

package/src/services/checksum.d.ts

@@ -0,0 +1,90 @@
+/**
+ * @fileoverview Service for calculating and validating SHA3-512 checksums.
+ * Provides checksum operations for buffers, strings, files, and streams.
+ * @module services/checksum
+ */
+import { ChecksumBuffer, ChecksumString } from '@digitaldefiance/node-ecies-lib';
+import { IChecksumConfig } from '../interfaces/checksum-config';
+import { IChecksumConsts } from '../interfaces/checksum-consts';
+/**
+ * Service for calculating and validating SHA3-512 checksums.
+ * Supports multiple input types including buffers, strings, files, and streams.
+ */
+export declare class ChecksumService {
+    /** Checksum configuration (algorithm and encoding) */
+    private readonly config;
+    /** Checksum constants (buffer lengths and defaults) */
+    protected readonly constants: IChecksumConsts;
+    /**
+     * Creates a new checksum service instance.
+     * @param config Optional configuration overrides
+     * @param constants Checksum constants (defaults to CHECKSUM)
+     */
+    constructor(config?: Partial<IChecksumConfig>, constants?: IChecksumConsts);
+    /**
+     * Calculates a checksum for a buffer.
+     * @param data Buffer to calculate checksum for
+     * @returns Checksum as a Buffer
+     */
+    calculateChecksum(data: Buffer): ChecksumBuffer;
+    /**
+     * Calculates a checksum for multiple buffers.
+     * @param buffers Array of buffers to calculate checksum for
+     * @returns Checksum as a Buffer
+     */
+    calculateChecksumForBuffers(buffers: Buffer[]): ChecksumBuffer;
+    /**
+     * Calculates a checksum for a UTF-8 string.
+     * @param str String to calculate checksum for
+     * @returns Checksum as a Buffer
+     */
+    calculateChecksumForString(str: string): ChecksumBuffer;
+    /**
+     * Compares two checksums for equality.
+     * @param checksum1 First checksum
+     * @param checksum2 Second checksum
+     * @returns True if checksums are equal, false otherwise
+     */
+    compareChecksums(checksum1: ChecksumBuffer, checksum2: ChecksumBuffer): boolean;
+    /**
+     * Converts a checksum buffer to a hex string.
+     * @param checksum Checksum buffer
+     * @returns Checksum as a hex string
+     */
+    checksumToHexString(checksum: ChecksumBuffer): ChecksumString;
+    /**
+     * Converts a hex string to a checksum buffer.
+     * @param hexString Hex string to convert
+     * @returns Checksum as a Buffer
+     * @throws {Error} If hex string length is invalid
+     */
+    hexStringToChecksum(hexString: string): ChecksumBuffer;
+    /**
+     * Validates a checksum buffer length.
+     * @param checksum Checksum buffer to validate
+     * @returns True if checksum length is valid, false otherwise
+     */
+    validateChecksum(checksum: ChecksumBuffer): boolean;
+    /**
+     * Calculates a checksum for a file.
+     * @param filePath Path to the file
+     * @returns Promise resolving to checksum as a Buffer
+     * @throws {Error} If file cannot be read
+     */
+    calculateChecksumForFile(filePath: string): Promise<ChecksumBuffer>;
+    /**
+     * Internal file reading method using fs.promises.
+     * @param filePath Path to the file
+     * @returns Promise resolving to file contents as Buffer
+     * @throws {Error} If file cannot be read
+     * @private
+     */
+    private readFile;
+    /**
+     * Calculates a checksum for a readable stream.
+     * @param stream Readable stream to calculate checksum for
+     * @returns Promise resolving to checksum as a Buffer
+     */
+    calculateChecksumForStream(stream: NodeJS.ReadableStream): Promise<ChecksumBuffer>;
+}
+//# sourceMappingURL=checksum.d.ts.map

package/src/services/checksum.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"checksum.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/checksum.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,cAAc,EACd,cAAc,EACf,MAAM,iCAAiC,CAAC;AAIzC,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE;;;GAGG;AACH,qBAAa,eAAe;IAC1B,sDAAsD;IACtD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,uDAAuD;IACvD,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IAE9C;;;;OAIG;gBAED,MAAM,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,EACjC,SAAS,GAAE,eAA0B;IAUvC;;;;OAIG;IACI,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc;IAOtD;;;;OAIG;IACI,2BAA2B,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,cAAc;IASrE;;;;OAIG;IACI,0BAA0B,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc;IAI9D;;;;;OAKG;IACI,gBAAgB,CACrB,SAAS,EAAE,cAAc,EACzB,SAAS,EAAE,cAAc,GACxB,OAAO;IAUV;;;;OAIG;IACI,mBAAmB,CAAC,QAAQ,EAAE,cAAc,GAAG,cAAc;IAIpE;;;;;OAKG;IACI,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,cAAc;IAO7D;;;;OAIG;IACI,gBAAgB,CAAC,QAAQ,EAAE,cAAc,GAAG,OAAO;IAI1D;;;;;OAKG;IACU,wBAAwB,CACnC,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,CAAC;IAQ1B;;;;;;OAMG;YACW,QAAQ;IAUtB;;;;OAIG;IACI,0BAA0B,CAC/B,MAAM,EAAE,MAAM,CAAC,cAAc,GAC5B,OAAO,CAAC,cAAc,CAAC;CAoB3B"}

package/src/services/checksum.js

@@ -0,0 +1,166 @@
+"use strict";
+/**
+ * @fileoverview Service for calculating and validating SHA3-512 checksums.
+ * Provides checksum operations for buffers, strings, files, and streams.
+ * @module services/checksum
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChecksumService = void 0;
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const constants_1 = require("../constants");
+/**
+ * Service for calculating and validating SHA3-512 checksums.
+ * Supports multiple input types including buffers, strings, files, and streams.
+ */
+class ChecksumService {
+    /** Checksum configuration (algorithm and encoding) */
+    config;
+    /** Checksum constants (buffer lengths and defaults) */
+    constants;
+    /**
+     * Creates a new checksum service instance.
+     * @param config Optional configuration overrides
+     * @param constants Checksum constants (defaults to CHECKSUM)
+     */
+    constructor(config, constants = constants_1.CHECKSUM) {
+        this.config = {
+            algorithm: constants.ALGORITHM,
+            encoding: constants.ENCODING,
+            ...config,
+        };
+        this.constants = constants;
+    }
+    /**
+     * Calculates a checksum for a buffer.
+     * @param data Buffer to calculate checksum for
+     * @returns Checksum as a Buffer
+     */
+    calculateChecksum(data) {
+        const hash = (0, crypto_1.createHash)(this.config.algorithm);
+        hash.update(new Uint8Array(data));
+        const digest = hash.digest();
+        return Buffer.from(digest);
+    }
+    /**
+     * Calculates a checksum for multiple buffers.
+     * @param buffers Array of buffers to calculate checksum for
+     * @returns Checksum as a Buffer
+     */
+    calculateChecksumForBuffers(buffers) {
+        const hash = (0, crypto_1.createHash)(this.config.algorithm);
+        for (const buffer of buffers) {
+            hash.update(new Uint8Array(buffer));
+        }
+        const digest = hash.digest();
+        return Buffer.from(digest);
+    }
+    /**
+     * Calculates a checksum for a UTF-8 string.
+     * @param str String to calculate checksum for
+     * @returns Checksum as a Buffer
+     */
+    calculateChecksumForString(str) {
+        return this.calculateChecksum(Buffer.from(str, 'utf8'));
+    }
+    /**
+     * Compares two checksums for equality.
+     * @param checksum1 First checksum
+     * @param checksum2 Second checksum
+     * @returns True if checksums are equal, false otherwise
+     */
+    compareChecksums(checksum1, checksum2) {
+        if (checksum1.length !== this.constants.SHA3_BUFFER_LENGTH ||
+            checksum2.length !== this.constants.SHA3_BUFFER_LENGTH) {
+            return false;
+        }
+        return checksum1.equals(new Uint8Array(checksum2));
+    }
+    /**
+     * Converts a checksum buffer to a hex string.
+     * @param checksum Checksum buffer
+     * @returns Checksum as a hex string
+     */
+    checksumToHexString(checksum) {
+        return checksum.toString(this.constants.ENCODING);
+    }
+    /**
+     * Converts a hex string to a checksum buffer.
+     * @param hexString Hex string to convert
+     * @returns Checksum as a Buffer
+     * @throws {Error} If hex string length is invalid
+     */
+    hexStringToChecksum(hexString) {
+        if (hexString.length !== this.constants.SHA3_BUFFER_LENGTH * 2) {
+            throw new Error('Invalid checksum hex string length');
+        }
+        return Buffer.from(hexString, this.constants.ENCODING);
+    }
+    /**
+     * Validates a checksum buffer length.
+     * @param checksum Checksum buffer to validate
+     * @returns True if checksum length is valid, false otherwise
+     */
+    validateChecksum(checksum) {
+        return checksum.length === this.constants.SHA3_BUFFER_LENGTH;
+    }
+    /**
+     * Calculates a checksum for a file.
+     * @param filePath Path to the file
+     * @returns Promise resolving to checksum as a Buffer
+     * @throws {Error} If file cannot be read
+     */
+    async calculateChecksumForFile(filePath) {
+        // Removed dynamic import by using the data service to read file data
+        // This is a temporary solution that can be replaced with a proper file service
+        // The implementation now delegates file reading to the caller
+        const buffer = Buffer.from(await this.readFile(filePath));
+        return this.calculateChecksum(buffer);
+    }
+    /**
+     * Internal file reading method using fs.promises.
+     * @param filePath Path to the file
+     * @returns Promise resolving to file contents as Buffer
+     * @throws {Error} If file cannot be read
+     * @private
+     */
+    async readFile(filePath) {
+        // Import fs using a static import that's available at module load time
+        // This solves the dynamic import/require issues
+        try {
+            return await fs_1.promises.readFile(filePath);
+        }
+        catch {
+            throw new Error(`Failed to read file at path: ${filePath}`);
+        }
+    }
+    /**
+     * Calculates a checksum for a readable stream.
+     * @param stream Readable stream to calculate checksum for
+     * @returns Promise resolving to checksum as a Buffer
+     */
+    calculateChecksumForStream(stream) {
+        return new Promise((resolve, reject) => {
+            const hash = (0, crypto_1.createHash)(this.config.algorithm);
+            stream.on('data', (chunk) => {
+                // Ensure chunk is a Buffer before updating hash
+                if (Buffer.isBuffer(chunk)) {
+                    hash.update(new Uint8Array(chunk));
+                }
+                else if (typeof chunk === 'number') {
+                    hash.update(new Uint8Array(Buffer.from([chunk])));
+                }
+                else {
+                    hash.update(new Uint8Array(Buffer.from(chunk)));
+                }
+            });
+            stream.on('end', () => {
+                const digest = hash.digest();
+                resolve(Buffer.from(digest));
+            });
+            stream.on('error', reject);
+        });
+    }
+}
+exports.ChecksumService = ChecksumService;
+//# sourceMappingURL=checksum.js.map

package/src/services/checksum.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checksum.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/checksum.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAMH,mCAAoC;AACpC,2BAAoC;AACpC,4CAAwC;AAIxC;;;GAGG;AACH,MAAa,eAAe;IAC1B,sDAAsD;IACrC,MAAM,CAAkB;IACzC,uDAAuD;IACpC,SAAS,CAAkB;IAE9C;;;;OAIG;IACH,YACE,MAAiC,EACjC,YAA6B,oBAAQ;QAErC,IAAI,CAAC,MAAM,GAAG;YACZ,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,GAAG,MAAM;SACV,CAAC;QACF,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED;;;;OAIG;IACI,iBAAiB,CAAC,IAAY;QACnC,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC7B,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAmB,CAAC;IAC/C,CAAC;IAED;;;;OAIG;IACI,2BAA2B,CAAC,OAAiB;QAClD,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QACtC,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC7B,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAmB,CAAC;IAC/C,CAAC;IAED;;;;OAIG;IACI,0BAA0B,CAAC,GAAW;QAC3C,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;OAKG;IACI,gBAAgB,CACrB,SAAyB,EACzB,SAAyB;QAEzB,IACE,SAAS,CAAC,MAAM,KAAK,IAAI,CAAC,SAAS,CAAC,kBAAkB;YACtD,SAAS,CAAC,MAAM,KAAK,IAAI,CAAC,SAAS,CAAC,kBAAkB,EACtD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,SAAS,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;IACrD,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CAAC,QAAwB;QACjD,OAAO,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAmB,CAAC;IACtE,CAAC;IAED;;;;;OAKG;IACI,mBAAmB,CAAC,SAAiB;QAC1C,IAAI,SAAS,CAAC,MAAM,KAAK,IAAI,CAAC,SAAS,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAmB,CAAC;IAC3E,CAAC;IAED;;;;OAIG;IACI,gBAAgB,CAAC,QAAwB;QAC9C,OAAO,QAAQ,CAAC,MAAM,KAAK,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC;IAC/D,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,wBAAwB,CACnC,QAAgB;QAEhB,qEAAqE;QACrE,+EAA+E;QAC/E,8DAA8D;QAC9D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,QAAQ,CAAC,QAAgB;QACrC,uEAAuE;QACvE,gDAAgD;QAChD,IAAI,CAAC;YACH,OAAO,MAAM,aAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED;;;;OAIG;IACI,0BAA0B,CAC/B,MAA6B;QAE7B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC/C,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC1B,gDAAgD;gBAChD,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrC,CAAC;qBAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACrC,IAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpD,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAClD,CAAC;YACH,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACpB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;gBAC7B,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAmB,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAxKD,0CAwKC"}