@draftlab/auth 0.15.0 → 0.16.0

package/dist/types/provider/oauth2.d.ts

@@ -0,0 +1,229 @@
+/**
+ * OAuth 2.0 authentication provider for Draft Auth.
+ * Implements the Authorization Code Grant flow with optional PKCE support.
+ *
+ * ## Quick Setup
+ *
+ * ```ts
+ * import { Oauth2Provider } from "@draftlab/auth/provider/oauth2"
+ *
+ * export default issuer({
+ *   providers: {
+ *     github: Oauth2Provider({
+ *       clientID: process.env.GITHUB_CLIENT_ID,
+ *       clientSecret: process.env.GITHUB_CLIENT_SECRET,
+ *       endpoint: {
+ *         authorization: "https://github.com/login/oauth/authorize",
+ *         token: "https://github.com/login/oauth/access_token"
+ *       },
+ *       scopes: ["user:email", "read:user"]
+ *     }),
+ *     discord: Oauth2Provider({
+ *       clientID: process.env.DISCORD_CLIENT_ID,
+ *       clientSecret: process.env.DISCORD_CLIENT_SECRET,
+ *       endpoint: {
+ *         authorization: "https://discord.com/api/oauth2/authorize",
+ *         token: "https://discord.com/api/oauth2/token"
+ *       },
+ *       scopes: ["identify", "email"],
+ *       pkce: true // Required by some providers
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * ## Features
+ *
+ * - **Authorization Code Grant**: Secure server-side OAuth 2.0 flow
+ * - **PKCE Support**: Optional Proof Key for Code Exchange for enhanced security
+ * - **Flexible Endpoints**: Configure custom authorization and token endpoints
+ * - **Custom Parameters**: Support for provider-specific authorization parameters
+ *
+ * ## User Data
+ *
+ * The provider returns access tokens:
+ *
+ * ```ts
+ * success: async (ctx, value) => {
+ *   if (value.provider === "oauth2") {
+ *     // Access token for API calls: value.tokenset.access
+ *     // Refresh token (if provided): value.tokenset.refresh
+ *     // Client ID used: value.clientID
+ *   }
+ * }
+ * ```
+ *
+ * @packageDocumentation
+ */
+import type { Provider } from "./provider";
+/**
+ * Configuration options for the OAuth 2.0 provider.
+ */
+export interface Oauth2Config {
+    /**
+     * Provider type identifier for internal use.
+     * @internal
+     * @default "oauth2"
+     */
+    readonly type?: string;
+    /**
+     * The client ID registered with the OAuth 2.0 provider.
+     * This public identifier is used in authorization requests.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientID: "github-app-12345"
+     * }
+     * ```
+     */
+    readonly clientID: string;
+    /**
+     * The client secret for authenticating with the OAuth 2.0 provider.
+     * This private credential must be kept secure and not exposed to clients.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientSecret: process.env.OAUTH_CLIENT_SECRET
+     * }
+     * ```
+     */
+    readonly clientSecret: string;
+    /**
+     * OAuth 2.0 endpoint URLs for the authorization and token flows.
+     */
+    readonly endpoint: {
+        /**
+         * The authorization endpoint where users are redirected for authentication.
+         *
+         * @example "https://github.com/login/oauth/authorize"
+         */
+        readonly authorization: string;
+        /**
+         * The token endpoint for exchanging authorization codes for access tokens.
+         *
+         * @example "https://github.com/login/oauth/access_token"
+         */
+        readonly token: string;
+        /**
+         * Optional JWKS endpoint for verifying ID tokens.
+         * Required only if the provider returns ID tokens that need verification.
+         *
+         * @example "https://provider.com/.well-known/jwks.json"
+         */
+        readonly jwks?: string;
+    };
+    /**
+     * OAuth 2.0 scopes to request during authorization.
+     * Scopes define the level of access being requested.
+     *
+     * @example
+     * ```ts
+     * {
+     *   scopes: ["user:email", "read:user", "repo"]
+     * }
+     * ```
+     */
+    readonly scopes: string[];
+    /**
+     * Whether to use PKCE (Proof Key for Code Exchange) for enhanced security.
+     * Recommended for public clients and required by some providers.
+     *
+     * @default false
+     *
+     * @example
+     * ```ts
+     * {
+     *   pkce: true // Required for Twitter/X, recommended for mobile apps
+     * }
+     * ```
+     */
+    readonly pkce?: boolean;
+    /**
+     * Additional query parameters to include in the authorization request.
+     * Useful for provider-specific parameters or customizing the auth flow.
+     *
+     * @example
+     * ```ts
+     * {
+     *   query: {
+     *     access_type: "offline",    // Request refresh token
+     *     prompt: "consent",         // Force consent screen
+     *     hd: "mycompany.com"       // Google Workspace domain
+     *   }
+     * }
+     * ```
+     */
+    readonly query?: Record<string, string>;
+}
+/**
+ * OAuth 2.0 configuration without endpoint-specific fields.
+ * Used internally for provider wrapping.
+ * @internal
+ */
+export type Oauth2WrappedConfig = Omit<Oauth2Config, "endpoint" | "name">;
+/**
+ * OAuth 2.0 token response containing access tokens and metadata.
+ * Provides a structured interface for token data with lazy property access.
+ * @internal
+ */
+export interface Oauth2Token {
+    /** Access token for making authenticated API requests */
+    readonly access: string;
+    /** Refresh token for obtaining new access tokens (if provided) */
+    readonly refresh: string;
+    /** Token expiration time in seconds (if provided) */
+    readonly expiry: number;
+    /** Raw token response from the provider */
+    readonly raw: Record<string, unknown>;
+}
+/**
+ * User data returned by successful OAuth 2.0 authentication.
+ */
+export interface Oauth2UserData {
+    /** Token set containing access token, refresh token, and metadata */
+    readonly tokenset: Oauth2Token;
+    /** Client ID used for this authentication */
+    readonly clientID: string;
+}
+/**
+ * Creates an OAuth 2.0 authentication provider.
+ * Implements the Authorization Code Grant flow with optional PKCE support.
+ *
+ * @param config - OAuth 2.0 provider configuration
+ * @returns Provider instance implementing OAuth 2.0 authentication
+ *
+ * @example
+ * ```ts
+ * // GitHub provider with basic configuration
+ * const githubProvider = Oauth2Provider({
+ *   clientID: process.env.GITHUB_CLIENT_ID,
+ *   clientSecret: process.env.GITHUB_CLIENT_SECRET,
+ *   endpoint: {
+ *     authorization: "https://github.com/login/oauth/authorize",
+ *     token: "https://github.com/login/oauth/access_token"
+ *   },
+ *   scopes: ["user:email", "read:user"]
+ * })
+ *
+ * // Provider with PKCE and custom parameters
+ * const customProvider = Oauth2Provider({
+ *   clientID: "my-client-id",
+ *   clientSecret: "my-client-secret",
+ *   endpoint: {
+ *     authorization: "https://provider.com/oauth/authorize",
+ *     token: "https://provider.com/oauth/token",
+ *     jwks: "https://provider.com/.well-known/jwks.json"
+ *   },
+ *   scopes: ["read", "write"],
+ *   pkce: true,
+ *   query: {
+ *     prompt: "consent",
+ *     access_type: "offline"
+ *   }
+ * })
+ * ```
+ */
+export declare const Oauth2Provider: (config: Oauth2Config) => Provider<Oauth2UserData>;
+//# sourceMappingURL=oauth2.d.ts.map

package/dist/types/provider/oauth2.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2.d.ts","sourceRoot":"","sources":["../../../src/provider/oauth2.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwDG;AAQH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAE1C;;GAEG;AACH,MAAM,WAAW,YAAY;IAC5B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;IAEtB;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IAEzB;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAE7B;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE;QAClB;;;;WAIG;QACH,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;QAE9B;;;;WAIG;QACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;QAEtB;;;;;WAKG;QACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KACtB,CAAA;IAED;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,CAAA;IAEzB;;;;;;;;;;;;OAYG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAA;IAEvB;;;;;;;;;;;;;;OAcG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACvC;AAED;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG,IAAI,CAAC,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC,CAAA;AAEzE;;;;GAIG;AACH,MAAM,WAAW,WAAW;IAC3B,yDAAyD;IACzD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,kEAAkE;IAClE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,qDAAqD;IACrD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,2CAA2C;IAC3C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACrC;AAoCD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B,qEAAqE;IACrE,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAA;IAC9B,6CAA6C;IAC7C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;CACzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,eAAO,MAAM,cAAc,GAAI,QAAQ,YAAY,KAAG,QAAQ,CAAC,cAAc,CA2M5E,CAAA"}

package/dist/types/provider/password.d.ts

@@ -0,0 +1,408 @@
+import type { StandardSchemaV1 } from "@standard-schema/spec";
+import type { Provider } from "./provider";
+/**
+ * Password-based authentication provider for Draft Auth.
+ * Supports user registration, login, and password changes with email verification.
+ *
+ * ## Quick Setup
+ *
+ * ```ts
+ * import { PasswordUI } from "@draftlab/auth/ui/password"
+ * import { PasswordProvider } from "@draftlab/auth/provider/password"
+ *
+ * export default issuer({
+ *   providers: {
+ *     password: PasswordProvider(
+ *       PasswordUI({
+ *         copy: {
+ *           error_email_taken: "This email is already taken."
+ *         },
+ *         sendCode: async (email, code) => {
+ *           await sendEmail(email, `Your verification code: ${code}`)
+ *         }
+ *       })
+ *     )
+ *   }
+ * })
+ * ```
+ *
+ * ## Custom UI Implementation
+ *
+ * For full control over the user interface, implement the handlers directly:
+ *
+ * ```ts
+ * PasswordProvider({
+ *   login: async (req, form, error) => {
+ *     return new Response(renderLoginPage(form, error))
+ *   },
+ *   register: async (req, state, form, error) => {
+ *     return new Response(renderRegisterPage(state, form, error))
+ *   },
+ *   change: async (req, state, form, error) => {
+ *     return new Response(renderChangePage(state, form, error))
+ *   },
+ *   sendCode: async (email, code) => {
+ *     await yourEmailService.send(email, code)
+ *   }
+ * })
+ * ```
+ *
+ * ## Features
+ *
+ * - **Email verification**: Secure registration with email confirmation codes
+ * - **Password hashing**: Built-in Scrypt and PBKDF2 support with secure defaults
+ * - **Password validation**: Configurable password strength requirements
+ * - **Password reset**: Secure password change flow with email verification
+ * - **Session management**: Automatic invalidation on password changes
+ *
+ * @packageDocumentation
+ */
+/**
+ * Password hashing interface for secure password storage.
+ * Implement this interface to use custom password hashing algorithms.
+ *
+ * @template T - The hash storage format (usually an object with hash, salt, and params)
+ * @internal
+ */
+export interface PasswordHasher<T> {
+    /**
+     * Hashes a plaintext password for secure storage.
+     *
+     * @param password - The plaintext password to hash
+     * @returns Promise resolving to the hash data structure
+     */
+    hash(password: string): Promise<T>;
+    /**
+     * Verifies a plaintext password against a stored hash.
+     *
+     * @param password - The plaintext password to verify
+     * @param compare - The stored hash data to compare against
+     * @returns Promise resolving to true if password matches
+     */
+    verify(password: string, compare: T): Promise<boolean>;
+}
+/**
+ * Configuration for the password authentication provider.
+ */
+export interface PasswordConfig {
+    /**
+     * Length of verification codes sent to users.
+     * @internal
+     * @default 6
+     */
+    readonly length?: number;
+    /**
+     * Password hashing implementation to use.
+     * @internal
+     * @default ScryptHasher()
+     */
+    readonly hasher?: PasswordHasher<unknown>;
+    /**
+     * Request handler for rendering the login screen.
+     * Receives the request, optional form data, and any login errors.
+     *
+     * @param req - The HTTP request object
+     * @param form - Form data from POST requests (if any)
+     * @param error - Login error to display (if any)
+     * @returns Promise resolving to the login page response
+     *
+     * @example
+     * ```ts
+     * login: async (req, form, error) => {
+     *   const html = renderLoginPage({
+     *     email: form?.get('email'),
+     *     error: error?.type
+     *   })
+     *   return new Response(html, {
+     *     headers: { 'Content-Type': 'text/html' }
+     *   })
+     * }
+     * ```
+     */
+    login: (req: Request, form?: FormData, error?: PasswordLoginError) => Promise<Response>;
+    /**
+     * Request handler for rendering the registration screen.
+     * Handles both initial registration form and email verification.
+     *
+     * @param req - The HTTP request object
+     * @param state - Current registration state (start or code verification)
+     * @param form - Form data from POST requests (if any)
+     * @param error - Registration error to display (if any)
+     * @returns Promise resolving to the registration page response
+     *
+     * @example
+     * ```ts
+     * register: async (req, state, form, error) => {
+     *   if (state.type === 'start') {
+     *     return new Response(renderRegistrationForm(error))
+     *   } else {
+     *     return new Response(renderCodeVerification(state.email, error))
+     *   }
+     * }
+     * ```
+     */
+    register: (req: Request, state: PasswordRegisterState, form?: FormData, error?: PasswordRegisterError) => Promise<Response>;
+    /**
+     * Request handler for rendering the password change screen.
+     * Handles email entry, code verification, and password update steps.
+     *
+     * @param req - The HTTP request object
+     * @param state - Current password change state
+     * @param form - Form data from POST requests (if any)
+     * @param error - Password change error to display (if any)
+     * @returns Promise resolving to the password change page response
+     *
+     * @example
+     * ```ts
+     * change: async (req, state, form, error) => {
+     *   switch (state.type) {
+     *     case 'start':
+     *       return new Response(renderEmailForm(error))
+     *     case 'code':
+     *       return new Response(renderCodeForm(state.email, error))
+     *     case 'update':
+     *       return new Response(renderPasswordForm(error))
+     *   }
+     * }
+     * ```
+     */
+    change: (req: Request, state: PasswordChangeState, form?: FormData, error?: PasswordChangeError) => Promise<Response>;
+    /**
+     * Callback for sending verification codes to users via email.
+     * Implement this to integrate with your email service provider.
+     *
+     * The context parameter indicates why the code is being sent:
+     * - "register": User is registering for the first time
+     * - "register:resend": User requested to resend registration code
+     * - "reset": User is resetting their password
+     * - "reset:resend": User requested to resend password reset code
+     *
+     * @param email - The recipient's email address
+     * @param code - The verification code to send
+     * @param context - The context of why the code is being sent
+     * @returns Promise that resolves when email is sent
+     *
+     * @example
+     * ```ts
+     * sendCode: async (email, code, context) => {
+     *   const templates = {
+     *     "register": {
+     *       subject: "Welcome! Verify your email",
+     *       body: `Welcome! Your verification code is: ${code}`
+     *     },
+     *     "register:resend": {
+     *       subject: "Your verification code (resent)",
+     *       body: `Here's your code again: ${code}`
+     *     },
+     *     "reset": {
+     *       subject: "Reset your password",
+     *       body: `Your password reset code is: ${code}`
+     *     },
+     *     "reset:resend": {
+     *       subject: "Password reset code (resent)",
+     *       body: `Here's your reset code again: ${code}`
+     *     }
+     *   }
+     *
+     *   const template = templates[context]
+     *   await emailService.send({
+     *     to: email,
+     *     subject: template.subject,
+     *     text: template.body
+     *   })
+     * }
+     * ```
+     */
+    sendCode: (email: string, code: string, context: "register" | "register:resend" | "reset" | "reset:resend") => Promise<void>;
+    /**
+     * Optional password validation function or schema.
+     * Can be either a validation function or a standard-schema validator.
+     *
+     * @param password - The password to validate
+     * @returns Error message if invalid, undefined if valid
+     *
+     * @example
+     * ```ts
+     * // Function-based validation
+     * validatePassword: (password) => {
+     *   if (password.length < 8) return "Password must be at least 8 characters"
+     *   if (!/[A-Z]/.test(password)) return "Password must contain uppercase letter"
+     *   return undefined
+     * }
+     *
+     * // Schema-based validation
+     * validatePassword: pipe(
+     *   string(),
+     *   minLength(8, "Password must be at least 8 characters"),
+     *   regex(/[A-Z]/, "Password must contain uppercase letter")
+     * )
+     * ```
+     */
+    readonly validatePassword?: StandardSchemaV1 | ((password: string) => Promise<string | undefined> | string | undefined);
+}
+/**
+ * Registration flow states that determine which UI to show.
+ * The registration process moves through these states sequentially.
+ */
+export type PasswordRegisterState = {
+    /** Initial state: user enters email and password */
+    readonly type: "start";
+} | {
+    /** Code verification state: user enters emailed verification code */
+    readonly type: "code";
+    /** The verification code sent to the user */
+    readonly code: string;
+    /** The user's email address */
+    readonly email: string;
+    /** The hashed password (ready for storage) */
+    readonly password: unknown;
+};
+/**
+ * Possible errors during user registration.
+ */
+export type PasswordRegisterError = {
+    /** The verification code entered is incorrect */
+    readonly type: "invalid_code";
+} | {
+    /** The email address is already registered */
+    readonly type: "email_taken";
+} | {
+    /** The email address format is invalid */
+    readonly type: "invalid_email";
+} | {
+    /** The password does not meet requirements */
+    readonly type: "invalid_password";
+} | {
+    /** Password and confirmation password don't match */
+    readonly type: "password_mismatch";
+} | {
+    /** Custom validation error from validatePassword callback */
+    readonly type: "validation_error";
+    readonly message?: string;
+};
+/**
+ * Password change flow states that determine which UI to show.
+ */
+export type PasswordChangeState = {
+    /** Initial state: user enters their email address */
+    readonly type: "start";
+    /** URL to redirect to after successful password change */
+    readonly redirect: string;
+} | {
+    /** Code verification state: user enters emailed verification code */
+    readonly type: "code";
+    /** The verification code sent to the user */
+    readonly code: string;
+    /** The user's email address */
+    readonly email: string;
+    /** URL to redirect to after completion */
+    readonly redirect: string;
+} | {
+    /** Password update state: user enters new password */
+    readonly type: "update";
+    /** URL to redirect to after completion */
+    readonly redirect: string;
+    /** The verified email address */
+    readonly email: string;
+};
+/**
+ * Possible errors during password changes.
+ */
+export type PasswordChangeError = {
+    /** The email address format is invalid */
+    readonly type: "invalid_email";
+} | {
+    /** The verification code entered is incorrect */
+    readonly type: "invalid_code";
+} | {
+    /** The new password does not meet requirements */
+    readonly type: "invalid_password";
+} | {
+    /** New password and confirmation don't match */
+    readonly type: "password_mismatch";
+} | {
+    /** Custom validation error from validatePassword callback */
+    readonly type: "validation_error";
+    readonly message: string;
+};
+/**
+ * Possible errors during login attempts.
+ */
+export type PasswordLoginError = {
+    /** The email address format is invalid */
+    readonly type: "invalid_email";
+} | {
+    /** The password is incorrect or email not found */
+    readonly type: "invalid_password";
+};
+/**
+ * User data returned by successful password authentication.
+ */
+export interface PasswordUserData {
+    /** The authenticated user's email address */
+    readonly email: string;
+}
+/**
+ * Creates a password authentication provider with email verification.
+ * Implements secure registration, login, and password change flows.
+ *
+ * @param config - Provider configuration including UI handlers and email service
+ * @returns Provider instance implementing password authentication
+ *
+ * @example
+ * ```ts
+ * const provider = PasswordProvider({
+ *   login: async (req, form, error) => {
+ *     return new Response(renderLogin(form, error))
+ *   },
+ *   register: async (req, state, form, error) => {
+ *     return new Response(renderRegister(state, form, error))
+ *   },
+ *   change: async (req, state, form, error) => {
+ *     return new Response(renderChange(state, form, error))
+ *   },
+ *   sendCode: async (email, code) => {
+ *     await emailService.send(email, `Code: ${code}`)
+ *   },
+ *   validatePassword: (pwd) => {
+ *     return pwd.length >= 8 ? undefined : "Too short"
+ *   }
+ * })
+ * ```
+ */
+export declare const PasswordProvider: (config: PasswordConfig) => Provider<PasswordUserData>;
+/**
+ * PBKDF2 password hasher with configurable iterations.
+ * Good choice for compatibility but slower than Scrypt.
+ *
+ * @param opts - Configuration options
+ * @returns Password hasher using PBKDF2 algorithm
+ * @internal
+ */
+export declare const PBKDF2Hasher: (opts?: {
+    iterations?: number;
+}) => PasswordHasher<{
+    hash: string;
+    salt: string;
+    iterations: number;
+}>;
+/**
+ * Scrypt password hasher with secure defaults.
+ * Recommended choice for new applications due to memory-hard properties.
+ *
+ * @param opts - Scrypt parameters (N, r, p)
+ * @returns Password hasher using Scrypt algorithm
+ * @internal
+ */
+export declare const ScryptHasher: (opts?: {
+    N?: number;
+    r?: number;
+    p?: number;
+}) => PasswordHasher<{
+    hash: string;
+    salt: string;
+    N: number;
+    r: number;
+    p: number;
+}>;
+//# sourceMappingURL=password.d.ts.map

package/dist/types/provider/password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../../src/provider/password.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAK7D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwDG;AAEH;;;;;;GAMG;AACH,MAAM,WAAW,cAAc,CAAC,CAAC;IAChC;;;;;OAKG;IACH,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;IAElC;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CACtD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IAExB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,cAAc,CAAC,OAAO,CAAC,CAAA;IAEzC;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,KAAK,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE,kBAAkB,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;IAEvF;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,QAAQ,EAAE,CACT,GAAG,EAAE,OAAO,EACZ,KAAK,EAAE,qBAAqB,EAC5B,IAAI,CAAC,EAAE,QAAQ,EACf,KAAK,CAAC,EAAE,qBAAqB,KACzB,OAAO,CAAC,QAAQ,CAAC,CAAA;IAEtB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,EAAE,CACP,GAAG,EAAE,OAAO,EACZ,KAAK,EAAE,mBAAmB,EAC1B,IAAI,CAAC,EAAE,QAAQ,EACf,KAAK,CAAC,EAAE,mBAAmB,KACvB,OAAO,CAAC,QAAQ,CAAC,CAAA;IAEtB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6CG;IACH,QAAQ,EAAE,CACT,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,UAAU,GAAG,iBAAiB,GAAG,OAAO,GAAG,cAAc,KAC9D,OAAO,CAAC,IAAI,CAAC,CAAA;IAElB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,QAAQ,CAAC,gBAAgB,CAAC,EACvB,gBAAgB,GAChB,CAAC,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC,CAAA;CAC3E;AAED;;;GAGG;AACH,MAAM,MAAM,qBAAqB,GAC9B;IACA,oDAAoD;IACpD,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAA;CACrB,GACD;IACA,qEAAqE;IACrE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,6CAA6C;IAC7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,+BAA+B;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,8CAA8C;IAC9C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;CACzB,CAAA;AAEJ;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAC9B;IACA,iDAAiD;IACjD,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAA;CAC5B,GACD;IACA,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAA;CAC3B,GACD;IACA,0CAA0C;IAC1C,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAA;CAC7B,GACD;IACA,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,EAAE,kBAAkB,CAAA;CAChC,GACD;IACA,qDAAqD;IACrD,QAAQ,CAAC,IAAI,EAAE,mBAAmB,CAAA;CACjC,GACD;IACA,6DAA6D;IAC7D,QAAQ,CAAC,IAAI,EAAE,kBAAkB,CAAA;IACjC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CACxB,CAAA;AAEJ;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAC5B;IACA,qDAAqD;IACrD,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAA;IACtB,0DAA0D;IAC1D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;CACxB,GACD;IACA,qEAAqE;IACrE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,6CAA6C;IAC7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,+BAA+B;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,0CAA0C;IAC1C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;CACxB,GACD;IACA,sDAAsD;IACtD,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAA;IACvB,0CAA0C;IAC1C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,iCAAiC;IACjC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;CACrB,CAAA;AAEJ;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAC5B;IACA,0CAA0C;IAC1C,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAA;CAC7B,GACD;IACA,iDAAiD;IACjD,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAA;CAC5B,GACD;IACA,kDAAkD;IAClD,QAAQ,CAAC,IAAI,EAAE,kBAAkB,CAAA;CAChC,GACD;IACA,gDAAgD;IAChD,QAAQ,CAAC,IAAI,EAAE,mBAAmB,CAAA;CACjC,GACD;IACA,6DAA6D;IAC7D,QAAQ,CAAC,IAAI,EAAE,kBAAkB,CAAA;IACjC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;CACvB,CAAA;AAEJ;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC3B;IACA,0CAA0C;IAC1C,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAA;CAC7B,GACD;IACA,mDAAmD;IACnD,QAAQ,CAAC,IAAI,EAAE,kBAAkB,CAAA;CAChC,CAAA;AAEJ;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAChC,6CAA6C;IAC7C,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;CACtB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,eAAO,MAAM,gBAAgB,GAAI,QAAQ,cAAc,KAAG,QAAQ,CAAC,gBAAgB,CAuVlF,CAAA;AASD;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY,GAAI,OAAO;IACnC,UAAU,CAAC,EAAE,MAAM,CAAA;CACnB,KAAG,cAAc,CAAC;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,MAAM,CAAA;CAClB,CAkEA,CAAA;AAID;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY,GAAI,OAAO;IACnC,CAAC,CAAC,EAAE,MAAM,CAAA;IACV,CAAC,CAAC,EAAE,MAAM,CAAA;IACV,CAAC,CAAC,EAAE,MAAM,CAAA;CACV,KAAG,cAAc,CAAC;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;IACT,CAAC,EAAE,MAAM,CAAA;CACT,CAuDA,CAAA"}