@electr0zed/auth-gateway-cf 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +59 -0
- package/dist/auth/index.d.ts +84 -0
- package/dist/auth/index.d.ts.map +1 -0
- package/dist/auth/index.js +609 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/pkceState.d.ts +40 -0
- package/dist/auth/pkceState.d.ts.map +1 -0
- package/dist/auth/pkceState.js +75 -0
- package/dist/auth/pkceState.js.map +1 -0
- package/dist/config.example.d.ts +2 -0
- package/dist/config.example.d.ts.map +1 -0
- package/dist/config.example.js +83 -0
- package/dist/config.example.js.map +1 -0
- package/dist/core/gateway.d.ts +11 -0
- package/dist/core/gateway.d.ts.map +1 -0
- package/dist/core/gateway.js +97 -0
- package/dist/core/gateway.js.map +1 -0
- package/dist/do/sessionDo.d.ts +11 -0
- package/dist/do/sessionDo.d.ts.map +1 -0
- package/dist/do/sessionDo.js +96 -0
- package/dist/do/sessionDo.js.map +1 -0
- package/dist/index.d.ts +7 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +16 -0
- package/dist/index.js.map +1 -0
- package/dist/providers/baseProvider.d.ts +22 -0
- package/dist/providers/baseProvider.d.ts.map +1 -0
- package/dist/providers/baseProvider.js +129 -0
- package/dist/providers/baseProvider.js.map +1 -0
- package/dist/providers/google.d.ts +9 -0
- package/dist/providers/google.d.ts.map +1 -0
- package/dist/providers/google.js +27 -0
- package/dist/providers/google.js.map +1 -0
- package/dist/providers/index.d.ts +3 -0
- package/dist/providers/index.d.ts.map +1 -0
- package/dist/providers/index.js +5 -0
- package/dist/providers/index.js.map +1 -0
- package/dist/routing/routeMatcher.d.ts +15 -0
- package/dist/routing/routeMatcher.d.ts.map +1 -0
- package/dist/routing/routeMatcher.js +83 -0
- package/dist/routing/routeMatcher.js.map +1 -0
- package/dist/sessions/durableObjectSession.d.ts +25 -0
- package/dist/sessions/durableObjectSession.d.ts.map +1 -0
- package/dist/sessions/durableObjectSession.js +90 -0
- package/dist/sessions/durableObjectSession.js.map +1 -0
- package/dist/sessions/index.d.ts +19 -0
- package/dist/sessions/index.d.ts.map +1 -0
- package/dist/sessions/index.js +32 -0
- package/dist/sessions/index.js.map +1 -0
- package/dist/sessions/jwtSession.d.ts +19 -0
- package/dist/sessions/jwtSession.d.ts.map +1 -0
- package/dist/sessions/jwtSession.js +49 -0
- package/dist/sessions/jwtSession.js.map +1 -0
- package/dist/stores/index.d.ts +3 -0
- package/dist/stores/index.d.ts.map +1 -0
- package/dist/stores/index.js +10 -0
- package/dist/stores/index.js.map +1 -0
- package/dist/stores/postgres.d.ts +74 -0
- package/dist/stores/postgres.d.ts.map +1 -0
- package/dist/stores/postgres.js +231 -0
- package/dist/stores/postgres.js.map +1 -0
- package/dist/types.d.ts +247 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +5 -0
- package/dist/types.js.map +1 -0
- package/dist/utils/csrf.d.ts +13 -0
- package/dist/utils/csrf.d.ts.map +1 -0
- package/dist/utils/csrf.js +42 -0
- package/dist/utils/csrf.js.map +1 -0
- package/dist/utils/helpers.d.ts +8 -0
- package/dist/utils/helpers.d.ts.map +1 -0
- package/dist/utils/helpers.js +22 -0
- package/dist/utils/helpers.js.map +1 -0
- package/dist/utils/http.d.ts +9 -0
- package/dist/utils/http.d.ts.map +1 -0
- package/dist/utils/http.js +23 -0
- package/dist/utils/http.js.map +1 -0
- package/dist/utils/jwt.d.ts +22 -0
- package/dist/utils/jwt.d.ts.map +1 -0
- package/dist/utils/jwt.js +96 -0
- package/dist/utils/jwt.js.map +1 -0
- package/dist/utils/passwordPolicy.d.ts +9 -0
- package/dist/utils/passwordPolicy.d.ts.map +1 -0
- package/dist/utils/passwordPolicy.js +29 -0
- package/dist/utils/passwordPolicy.js.map +1 -0
- package/dist/utils/passwords.d.ts +33 -0
- package/dist/utils/passwords.d.ts.map +1 -0
- package/dist/utils/passwords.js +139 -0
- package/dist/utils/passwords.js.map +1 -0
- package/dist/utils/propagation.d.ts +30 -0
- package/dist/utils/propagation.d.ts.map +1 -0
- package/dist/utils/propagation.js +60 -0
- package/dist/utils/propagation.js.map +1 -0
- package/dist/utils/returnTo.d.ts +2 -0
- package/dist/utils/returnTo.d.ts.map +1 -0
- package/dist/utils/returnTo.js +21 -0
- package/dist/utils/returnTo.js.map +1 -0
- package/dist/utils/roles.d.ts +3 -0
- package/dist/utils/roles.d.ts.map +1 -0
- package/dist/utils/roles.js +25 -0
- package/dist/utils/roles.js.map +1 -0
- package/dist/utils/turnstile.d.ts +12 -0
- package/dist/utils/turnstile.d.ts.map +1 -0
- package/dist/utils/turnstile.js +40 -0
- package/dist/utils/turnstile.js.map +1 -0
- package/dist/utils/verifyInternal.d.ts +8 -0
- package/dist/utils/verifyInternal.d.ts.map +1 -0
- package/dist/utils/verifyInternal.js +69 -0
- package/dist/utils/verifyInternal.js.map +1 -0
- package/package.json +48 -0
|
@@ -0,0 +1,609 @@
|
|
|
1
|
+
import { makePkceState, saveShortState, consumeShortState } from './pkceState';
|
|
2
|
+
import { ProviderRegistry } from '../providers';
|
|
3
|
+
import { generateUsername, normEmail, normUsername, validateEmail, validateUsername } from '../utils/helpers';
|
|
4
|
+
import { safeReturnTo } from '../utils/returnTo';
|
|
5
|
+
import { json } from '../utils/http';
|
|
6
|
+
import { makeCsrfToken, csrfCookie, sameOrigin, requireCsrfJson } from '../utils/csrf';
|
|
7
|
+
import { getPeppers, hashPassword, verifyPasswordWithPepperRotation, needsRehash, verifyPassword, getFakeStoredHash, } from '../utils/passwords';
|
|
8
|
+
import { getPasswordPolicy, validatePassword } from '../utils/passwordPolicy';
|
|
9
|
+
import { getTurnstileTokenField, verifyTurnstile } from '../utils/turnstile';
|
|
10
|
+
export class AuthRouter {
|
|
11
|
+
cfg;
|
|
12
|
+
env;
|
|
13
|
+
store;
|
|
14
|
+
strat;
|
|
15
|
+
constructor(cfg, env, store, strat) {
|
|
16
|
+
this.cfg = cfg;
|
|
17
|
+
this.env = env;
|
|
18
|
+
this.store = store;
|
|
19
|
+
this.strat = strat;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Handles incoming authentication requests.
|
|
23
|
+
*
|
|
24
|
+
* @async
|
|
25
|
+
* @param {Request} request
|
|
26
|
+
* @returns {Promise<Response>}
|
|
27
|
+
*/
|
|
28
|
+
async handle(request) {
|
|
29
|
+
if (!this.authFeatureEnabled()) {
|
|
30
|
+
return new Response('Not Found', { status: 404 });
|
|
31
|
+
}
|
|
32
|
+
const url = new URL(request.url);
|
|
33
|
+
if (!/^\/auth(\/|$)/.test(url.pathname)) {
|
|
34
|
+
return new Response('Not Found', { status: 404 });
|
|
35
|
+
}
|
|
36
|
+
// Preliminary checks
|
|
37
|
+
switch (url.pathname) {
|
|
38
|
+
case '/auth/login':
|
|
39
|
+
case '/auth/signin':
|
|
40
|
+
case '/auth/link':
|
|
41
|
+
case '/auth/callback':
|
|
42
|
+
if (!this.oauthEnabled())
|
|
43
|
+
return new Response('Not Found', { status: 404 });
|
|
44
|
+
break;
|
|
45
|
+
case '/auth/csrf':
|
|
46
|
+
if (!this.passwordEnabled())
|
|
47
|
+
return new Response('Not Found', { status: 404 });
|
|
48
|
+
break;
|
|
49
|
+
case '/auth/password/signup':
|
|
50
|
+
case '/auth/password/register':
|
|
51
|
+
case '/auth/password/login':
|
|
52
|
+
case '/auth/password/signin':
|
|
53
|
+
case '/auth/password/change':
|
|
54
|
+
if (!this.passwordEnabled())
|
|
55
|
+
return new Response('Not Found', { status: 404 });
|
|
56
|
+
if (request.method !== 'POST')
|
|
57
|
+
return new Response('Method Not Allowed', { status: 405, headers: { Allow: 'POST' } });
|
|
58
|
+
break;
|
|
59
|
+
}
|
|
60
|
+
switch (url.pathname) {
|
|
61
|
+
case '/auth/login':
|
|
62
|
+
case '/auth/signin':
|
|
63
|
+
case '/auth/link':
|
|
64
|
+
return this.loginOrLink(request, url);
|
|
65
|
+
case '/auth/callback':
|
|
66
|
+
return this.callback(request, url);
|
|
67
|
+
case '/auth/logout':
|
|
68
|
+
return this.logout(request);
|
|
69
|
+
case '/auth/csrf':
|
|
70
|
+
return this.csrf();
|
|
71
|
+
case '/auth/password/signup':
|
|
72
|
+
case '/auth/password/register':
|
|
73
|
+
return this.passwordRegister(request, url);
|
|
74
|
+
case '/auth/password/login':
|
|
75
|
+
case '/auth/password/signin':
|
|
76
|
+
return this.passwordLogin(request, url);
|
|
77
|
+
case '/auth/password/change':
|
|
78
|
+
return this.passwordChange(request);
|
|
79
|
+
default:
|
|
80
|
+
return new Response('Not Found', { status: 404 });
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
/**
|
|
84
|
+
* Handles login or linking of new oauth providers.
|
|
85
|
+
*
|
|
86
|
+
* @private
|
|
87
|
+
* @async
|
|
88
|
+
* @param {Request} request
|
|
89
|
+
* @param {URL} url
|
|
90
|
+
* @returns {Promise<Response>}
|
|
91
|
+
*/
|
|
92
|
+
async loginOrLink(request, url) {
|
|
93
|
+
const mode = url.pathname.endsWith('/link') ? 'link' : 'login';
|
|
94
|
+
let picked;
|
|
95
|
+
try {
|
|
96
|
+
picked = this.pickProvider(url.searchParams.get('provider') ?? undefined);
|
|
97
|
+
}
|
|
98
|
+
catch {
|
|
99
|
+
return this.redirectError('provider_unavailable', url.searchParams.get('returnTo') ?? undefined);
|
|
100
|
+
}
|
|
101
|
+
const { impl, cfg } = picked;
|
|
102
|
+
const rawReturnTo = url.searchParams.get('returnTo') ?? undefined;
|
|
103
|
+
const returnTo = safeReturnTo(rawReturnTo, this.cfg.publicBaseUrl);
|
|
104
|
+
const { session } = await this.strat.resolve(request, this.env);
|
|
105
|
+
if (mode === 'link' && !session) {
|
|
106
|
+
return this.redirectError('link_requires_login', returnTo);
|
|
107
|
+
}
|
|
108
|
+
const { state, codeChallenge, verifier } = await makePkceState();
|
|
109
|
+
await saveShortState(this.cfg.userStore.shortStateKV, state, verifier, 300, {
|
|
110
|
+
mode,
|
|
111
|
+
returnTo,
|
|
112
|
+
provider: cfg.id,
|
|
113
|
+
});
|
|
114
|
+
const loginUrl = impl.loginURL(cfg, this.cfg.publicBaseUrl, state, codeChallenge);
|
|
115
|
+
return Response.redirect(loginUrl, 302);
|
|
116
|
+
}
|
|
117
|
+
/**
|
|
118
|
+
* Handles the OAuth callback.
|
|
119
|
+
*
|
|
120
|
+
* @private
|
|
121
|
+
* @async
|
|
122
|
+
* @param {Request} request
|
|
123
|
+
* @param {URL} url
|
|
124
|
+
* @returns {Promise<Response>}
|
|
125
|
+
*/
|
|
126
|
+
async callback(request, url) {
|
|
127
|
+
const providerParam = url.searchParams.get('provider') ?? undefined;
|
|
128
|
+
const returnTo = safeReturnTo(url.searchParams.get('returnTo') ?? undefined, this.cfg.publicBaseUrl);
|
|
129
|
+
let picked;
|
|
130
|
+
try {
|
|
131
|
+
picked = this.pickProvider(providerParam);
|
|
132
|
+
}
|
|
133
|
+
catch {
|
|
134
|
+
return this.redirectError('provider_unavailable', returnTo);
|
|
135
|
+
}
|
|
136
|
+
const { impl, cfg } = picked;
|
|
137
|
+
const oauthError = url.searchParams.get('error');
|
|
138
|
+
if (oauthError) {
|
|
139
|
+
return this.redirectError('oauth_denied', returnTo);
|
|
140
|
+
}
|
|
141
|
+
const code = url.searchParams.get('code');
|
|
142
|
+
const state = url.searchParams.get('state');
|
|
143
|
+
if (!code || !state) {
|
|
144
|
+
return this.redirectError('invalid_callback', returnTo);
|
|
145
|
+
}
|
|
146
|
+
let consumedState;
|
|
147
|
+
try {
|
|
148
|
+
consumedState = await consumeShortState(this.cfg.userStore.shortStateKV, state);
|
|
149
|
+
}
|
|
150
|
+
catch {
|
|
151
|
+
return this.redirectError('state_invalid_or_expired', returnTo);
|
|
152
|
+
}
|
|
153
|
+
if (consumedState.info.provider && consumedState.info.provider !== cfg.id) {
|
|
154
|
+
return this.redirectError('provider_mismatch', safeReturnTo(consumedState.info.returnTo, this.cfg.publicBaseUrl));
|
|
155
|
+
}
|
|
156
|
+
const shortStateReturnTo = safeReturnTo(consumedState.info.returnTo, this.cfg.publicBaseUrl);
|
|
157
|
+
const successRedirectUrl = this.cfg.oAuth.enabled ? this.cfg.oAuth.successRedirectUrl : undefined;
|
|
158
|
+
const redirectUri = `${this.cfg.publicBaseUrl}/auth/callback`;
|
|
159
|
+
const identity = await impl.exchangeCode(cfg, this.env, code, consumedState.verifier, redirectUri);
|
|
160
|
+
const resolved = await this.strat.resolve(request, this.env);
|
|
161
|
+
const activeSession = resolved.session;
|
|
162
|
+
const email = normEmail(identity.email);
|
|
163
|
+
if (!email) {
|
|
164
|
+
return this.redirectError('email_required', shortStateReturnTo);
|
|
165
|
+
}
|
|
166
|
+
// Link flow
|
|
167
|
+
if (consumedState.info.mode === 'link') {
|
|
168
|
+
if (!activeSession) {
|
|
169
|
+
return this.redirectError('link_requires_login', shortStateReturnTo);
|
|
170
|
+
}
|
|
171
|
+
try {
|
|
172
|
+
await this.store.addIdentityToUser(activeSession.userId, {
|
|
173
|
+
provider: identity.provider,
|
|
174
|
+
issuer: identity.issuer,
|
|
175
|
+
subject: identity.subject,
|
|
176
|
+
});
|
|
177
|
+
}
|
|
178
|
+
catch (e) {
|
|
179
|
+
const code = e?.message === 'identity_taken' ? 'identity_taken' : 'link_failed';
|
|
180
|
+
return this.redirectError(code, shortStateReturnTo);
|
|
181
|
+
}
|
|
182
|
+
return new Response(null, {
|
|
183
|
+
status: 302,
|
|
184
|
+
headers: { Location: shortStateReturnTo || successRedirectUrl || '/' },
|
|
185
|
+
});
|
|
186
|
+
}
|
|
187
|
+
const byIdentity = await this.store.findUserIdByIdentity(identity.issuer, identity.subject);
|
|
188
|
+
// Sign-up flow
|
|
189
|
+
if (!byIdentity) {
|
|
190
|
+
const byEmail = await this.store.findUserIdByEmail(email);
|
|
191
|
+
if (byEmail) {
|
|
192
|
+
return this.redirectError('account_exists', shortStateReturnTo);
|
|
193
|
+
}
|
|
194
|
+
let generateUsernameFunc = undefined;
|
|
195
|
+
if (this.cfg.overrides?.captureUsername?.enabled) {
|
|
196
|
+
if (this.cfg.overrides.captureUsername.required) {
|
|
197
|
+
generateUsernameFunc = this.cfg.overrides?.captureUsername.generateFunction || generateUsername;
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
let userId;
|
|
201
|
+
try {
|
|
202
|
+
userId = await this.store.createUserWithIdentity(email, {
|
|
203
|
+
provider: identity.provider,
|
|
204
|
+
issuer: identity.issuer,
|
|
205
|
+
subject: identity.subject,
|
|
206
|
+
}, generateUsernameFunc);
|
|
207
|
+
}
|
|
208
|
+
catch (e) {
|
|
209
|
+
const code = e?.message;
|
|
210
|
+
if (['email_in_use', 'username_in_use', 'account_exists', 'username_generation_failed'].includes(code)) {
|
|
211
|
+
return this.redirectError(code, shortStateReturnTo);
|
|
212
|
+
}
|
|
213
|
+
return this.redirectError('signup_failed', shortStateReturnTo);
|
|
214
|
+
}
|
|
215
|
+
// Auto-login after signup if enabled and no further steps required (like email verification or account approval)
|
|
216
|
+
const canAutoLogin = this.canAutoLoginAfterSignup();
|
|
217
|
+
if (!canAutoLogin) {
|
|
218
|
+
const requiresEmailVerification = this.cfg.overrides?.emailVerification?.enabled && this.cfg.overrides?.emailVerification?.requiredForLogin;
|
|
219
|
+
const requiresAccountApproval = this.cfg.overrides?.accountApproval?.enabled;
|
|
220
|
+
const redirectUrl = successRedirectUrl || '/';
|
|
221
|
+
const sep = redirectUrl.includes('?') ? '&' : '?';
|
|
222
|
+
return new Response(null, {
|
|
223
|
+
status: 302,
|
|
224
|
+
headers: {
|
|
225
|
+
Location: redirectUrl +
|
|
226
|
+
(requiresEmailVerification
|
|
227
|
+
? `${sep}next=verify_email`
|
|
228
|
+
: requiresAccountApproval
|
|
229
|
+
? `${sep}next=awaiting_approval`
|
|
230
|
+
: ''),
|
|
231
|
+
},
|
|
232
|
+
});
|
|
233
|
+
}
|
|
234
|
+
const response = new Response(null, {
|
|
235
|
+
status: 302,
|
|
236
|
+
headers: { Location: shortStateReturnTo || successRedirectUrl || '/' },
|
|
237
|
+
});
|
|
238
|
+
await this.applyIssuedCookies(response, { userId, email, systemRoles: [] });
|
|
239
|
+
return response;
|
|
240
|
+
}
|
|
241
|
+
const checkStates = await this.checkUserStates(byIdentity);
|
|
242
|
+
if (!checkStates.success) {
|
|
243
|
+
return this.redirectError(checkStates.reason, shortStateReturnTo);
|
|
244
|
+
}
|
|
245
|
+
// Login flow
|
|
246
|
+
const response = new Response(null, {
|
|
247
|
+
status: 302,
|
|
248
|
+
headers: { Location: shortStateReturnTo || successRedirectUrl || '/' },
|
|
249
|
+
});
|
|
250
|
+
const systemRoles = await this.store.getUserRoles(byIdentity);
|
|
251
|
+
const issued = await this.strat.issue?.({ userId: byIdentity, email: email, systemRoles }, this.env);
|
|
252
|
+
if (issued?.cookie)
|
|
253
|
+
response.headers.append('Set-Cookie', issued.cookie);
|
|
254
|
+
if (issued?.accessJwt)
|
|
255
|
+
response.headers.append('Set-Cookie', `__Host-access=${issued.accessJwt}; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=900`);
|
|
256
|
+
return response;
|
|
257
|
+
}
|
|
258
|
+
/**
|
|
259
|
+
* Handles user logout.
|
|
260
|
+
*
|
|
261
|
+
* @private
|
|
262
|
+
* @returns {Response}
|
|
263
|
+
*/
|
|
264
|
+
async logout(request) {
|
|
265
|
+
const r = new Response(null, {
|
|
266
|
+
status: 302,
|
|
267
|
+
headers: { Location: '/' },
|
|
268
|
+
});
|
|
269
|
+
const cleared = await this.strat.clear?.(request, this.env);
|
|
270
|
+
if (cleared?.cookie)
|
|
271
|
+
r.headers.append('Set-Cookie', cleared.cookie);
|
|
272
|
+
return r;
|
|
273
|
+
}
|
|
274
|
+
/**
|
|
275
|
+
* Selects the OAuth provider implementation and configuration.
|
|
276
|
+
*
|
|
277
|
+
* @private
|
|
278
|
+
* @param {?string} [explicit]
|
|
279
|
+
* @returns {{ impl: any; cfg: any; }}
|
|
280
|
+
*/
|
|
281
|
+
pickProvider(explicit) {
|
|
282
|
+
if (!this.cfg.oAuth.enabled)
|
|
283
|
+
throw new Error('OAuth is disabled');
|
|
284
|
+
const providers = this.cfg.oAuth.providers ?? [];
|
|
285
|
+
const id = explicit || this.cfg.oAuth.defaultProvider || providers.find((p) => p.enabled)?.id;
|
|
286
|
+
const cfg = providers.find((p) => p.id === id && p.enabled);
|
|
287
|
+
if (!cfg)
|
|
288
|
+
throw new Error('No provider available');
|
|
289
|
+
const impl = ProviderRegistry[cfg.id];
|
|
290
|
+
if (!impl)
|
|
291
|
+
throw new Error(`No adapter for provider ${cfg.id}`);
|
|
292
|
+
return { impl, cfg };
|
|
293
|
+
}
|
|
294
|
+
/**
|
|
295
|
+
* Handles error redirection during auth flow.
|
|
296
|
+
*
|
|
297
|
+
* @private
|
|
298
|
+
* @param {string} code
|
|
299
|
+
* @param {?string} [returnTo]
|
|
300
|
+
* @returns {*}
|
|
301
|
+
*/
|
|
302
|
+
redirectError(code, returnTo) {
|
|
303
|
+
const failureRedirectUrl = this.cfg.oAuth.enabled ? this.cfg.oAuth.failureRedirectUrl : undefined;
|
|
304
|
+
if (failureRedirectUrl) {
|
|
305
|
+
const sep = failureRedirectUrl.includes('?') ? '&' : '?';
|
|
306
|
+
return Response.redirect(`${failureRedirectUrl}${sep}auth_error=${code}`, 302);
|
|
307
|
+
}
|
|
308
|
+
if (returnTo) {
|
|
309
|
+
const sep = returnTo.includes('?') ? '&' : '?';
|
|
310
|
+
return Response.redirect(`${returnTo}${sep}auth_error=${code}`, 302);
|
|
311
|
+
}
|
|
312
|
+
return new Response(null, {
|
|
313
|
+
status: 302,
|
|
314
|
+
headers: { Location: `/?auth_error=${code}` },
|
|
315
|
+
});
|
|
316
|
+
}
|
|
317
|
+
csrf() {
|
|
318
|
+
const token = makeCsrfToken();
|
|
319
|
+
const res = json({ csrf: token });
|
|
320
|
+
res.headers.append('Set-Cookie', csrfCookie(token));
|
|
321
|
+
return res;
|
|
322
|
+
}
|
|
323
|
+
async passwordRegister(request, url) {
|
|
324
|
+
// Reject if signup is disabled
|
|
325
|
+
if (!this.cfg.passwordAuth.enabled || !this.cfg.passwordAuth.allowSignup) {
|
|
326
|
+
return new Response('Not Found', { status: 404 });
|
|
327
|
+
}
|
|
328
|
+
// Enforce same-origin policy for signup - currently required to read cookies (such as CSRF)
|
|
329
|
+
if (!sameOrigin(request, this.cfg.publicBaseUrl)) {
|
|
330
|
+
return new Response('Forbidden', { status: 403 });
|
|
331
|
+
}
|
|
332
|
+
// Parse and validate request body
|
|
333
|
+
const parsed = await requireCsrfJson(request);
|
|
334
|
+
if (!parsed.ok)
|
|
335
|
+
return json({ error: parsed.code }, { status: 400 });
|
|
336
|
+
// Verify turnstile if enabled, will pass if disabled
|
|
337
|
+
const ts = await this.requireTurnstile(request, parsed.body);
|
|
338
|
+
if (!ts.ok)
|
|
339
|
+
return json({ error: ts.code }, { status: 401 });
|
|
340
|
+
// Extract fields
|
|
341
|
+
const usernameRaw = parsed.body.username;
|
|
342
|
+
const emailRaw = parsed.body.email;
|
|
343
|
+
const password = parsed.body.password;
|
|
344
|
+
// Basic validation
|
|
345
|
+
if (typeof emailRaw !== 'string' || typeof password !== 'string' || password.length === 0) {
|
|
346
|
+
return json({ error: 'invalid_request' }, { status: 400 });
|
|
347
|
+
}
|
|
348
|
+
const username = typeof usernameRaw === 'string' ? normUsername(usernameRaw) : null;
|
|
349
|
+
// Conditional username validation
|
|
350
|
+
if (this.cfg.overrides?.captureUsername?.enabled) {
|
|
351
|
+
if (this.cfg.overrides.captureUsername.required && (!username || username.length === 0)) {
|
|
352
|
+
return json({ error: 'username_required' }, { status: 400 });
|
|
353
|
+
}
|
|
354
|
+
if (username && username.length < (this.cfg.overrides.captureUsername.minLength || 0)) {
|
|
355
|
+
return json({ error: 'username_too_short' }, { status: 400 });
|
|
356
|
+
}
|
|
357
|
+
if (username) {
|
|
358
|
+
const isUsernameValid = validateUsername(username);
|
|
359
|
+
if (!isUsernameValid) {
|
|
360
|
+
return json({ error: 'invalid_username' }, { status: 400 });
|
|
361
|
+
}
|
|
362
|
+
}
|
|
363
|
+
}
|
|
364
|
+
// Normalize and validate email
|
|
365
|
+
const email = normEmail(emailRaw);
|
|
366
|
+
const isEmailValid = validateEmail(email);
|
|
367
|
+
if (!isEmailValid) {
|
|
368
|
+
return json({ error: 'invalid_email' }, { status: 400 });
|
|
369
|
+
}
|
|
370
|
+
// Validate password against policy
|
|
371
|
+
const policy = getPasswordPolicy(this.cfg.passwordAuth?.policy);
|
|
372
|
+
const check = validatePassword(password, policy);
|
|
373
|
+
if (!check.ok) {
|
|
374
|
+
// Keep generic unless you explicitly want to expose reasons
|
|
375
|
+
return json({ error: 'password_policy_violation' }, { status: 400 });
|
|
376
|
+
}
|
|
377
|
+
// Hash password with pepper
|
|
378
|
+
const peppers = getPeppers(this.env, this.pepperEnvName());
|
|
379
|
+
const primaryPepper = peppers[0];
|
|
380
|
+
const passwordHash = await hashPassword(password, primaryPepper ? { pepper: primaryPepper } : undefined);
|
|
381
|
+
// Create user account
|
|
382
|
+
let userId;
|
|
383
|
+
try {
|
|
384
|
+
userId = await this.store.createUserWithPassword(email, passwordHash, username);
|
|
385
|
+
}
|
|
386
|
+
catch (err) {
|
|
387
|
+
const errorMessage = err.message;
|
|
388
|
+
if (['email_in_use', 'username_in_use', 'account_exists'].includes(errorMessage)) {
|
|
389
|
+
return json({ error: errorMessage }, { status: 400 });
|
|
390
|
+
}
|
|
391
|
+
return json({ error: 'signup_failed' }, { status: 500 });
|
|
392
|
+
}
|
|
393
|
+
// Auto-login after signup if enabled and no further steps required (like email verification or account approval)
|
|
394
|
+
const canAutoLogin = this.canAutoLoginAfterSignup();
|
|
395
|
+
if (!canAutoLogin) {
|
|
396
|
+
return json({
|
|
397
|
+
success: true,
|
|
398
|
+
requiresEmailVerification: this.cfg.overrides?.emailVerification?.enabled && this.cfg.overrides?.emailVerification?.requiredForLogin,
|
|
399
|
+
requiresAccountApproval: this.cfg.overrides?.accountApproval?.enabled,
|
|
400
|
+
}, { status: 200 });
|
|
401
|
+
}
|
|
402
|
+
// Issue session and redirect to returnTo
|
|
403
|
+
const returnTo = safeReturnTo(url.searchParams.get('returnTo') || '/', this.cfg.publicBaseUrl);
|
|
404
|
+
const res = new Response(null, {
|
|
405
|
+
status: 302,
|
|
406
|
+
headers: { Location: returnTo || '/' },
|
|
407
|
+
});
|
|
408
|
+
await this.applyIssuedCookies(res, { userId, email, systemRoles: [] });
|
|
409
|
+
return res;
|
|
410
|
+
}
|
|
411
|
+
async passwordLogin(request, url) {
|
|
412
|
+
if (!sameOrigin(request, this.cfg.publicBaseUrl)) {
|
|
413
|
+
return new Response('Forbidden', { status: 403 });
|
|
414
|
+
}
|
|
415
|
+
const parsed = await requireCsrfJson(request);
|
|
416
|
+
if (!parsed.ok)
|
|
417
|
+
return json({ error: parsed.code }, { status: 400 });
|
|
418
|
+
const ts = await this.requireTurnstile(request, parsed.body);
|
|
419
|
+
if (!ts.ok)
|
|
420
|
+
return json({ error: ts.code }, { status: 401 });
|
|
421
|
+
const emailRaw = parsed.body.email;
|
|
422
|
+
const password = parsed.body.password;
|
|
423
|
+
if (typeof emailRaw !== 'string' || typeof password !== 'string' || password.length === 0) {
|
|
424
|
+
return json({ error: 'invalid_request' }, { status: 400 });
|
|
425
|
+
}
|
|
426
|
+
const email = normEmail(emailRaw);
|
|
427
|
+
const returnTo = safeReturnTo(url.searchParams.get('returnTo') || '/', this.cfg.publicBaseUrl);
|
|
428
|
+
const row = await this.store.getUserIdByEmailForPassword(email);
|
|
429
|
+
const peppers = getPeppers(this.env, this.pepperEnvName());
|
|
430
|
+
const primaryPepper = peppers[0];
|
|
431
|
+
// Reduce timing differences: always verify against some hash
|
|
432
|
+
if (!row) {
|
|
433
|
+
await verifyPassword(password, getFakeStoredHash(), primaryPepper);
|
|
434
|
+
return json({ error: 'invalid_credentials' }, { status: 401 });
|
|
435
|
+
}
|
|
436
|
+
const storedHash = row.passwordHash;
|
|
437
|
+
const verify = await verifyPasswordWithPepperRotation(password, storedHash, peppers);
|
|
438
|
+
if (!verify.ok) {
|
|
439
|
+
return json({ error: 'invalid_credentials' }, { status: 401 });
|
|
440
|
+
}
|
|
441
|
+
// Rotate pepper/params on successful login
|
|
442
|
+
if (verify.usedPepperIndex > 0 || needsRehash(row.passwordHash)) {
|
|
443
|
+
try {
|
|
444
|
+
const newHash = await hashPassword(password, primaryPepper ? { pepper: primaryPepper } : undefined);
|
|
445
|
+
await this.store.setPasswordHash(row.userId, newHash);
|
|
446
|
+
}
|
|
447
|
+
catch (err) {
|
|
448
|
+
console.error('Failed to update password hash during login for user', row.userId, err);
|
|
449
|
+
}
|
|
450
|
+
}
|
|
451
|
+
const checkStates = await this.checkUserStates(row.userId);
|
|
452
|
+
if (!checkStates.success) {
|
|
453
|
+
return json({ error: checkStates.reason }, { status: 403 });
|
|
454
|
+
}
|
|
455
|
+
const res = new Response(null, {
|
|
456
|
+
status: 302,
|
|
457
|
+
headers: { Location: returnTo || '/' },
|
|
458
|
+
});
|
|
459
|
+
const systemRoles = await this.store.getUserRoles(row.userId);
|
|
460
|
+
await this.applyIssuedCookies(res, { userId: row.userId, email, systemRoles });
|
|
461
|
+
return res;
|
|
462
|
+
}
|
|
463
|
+
async passwordChange(request) {
|
|
464
|
+
if (!sameOrigin(request, this.cfg.publicBaseUrl)) {
|
|
465
|
+
return new Response('Forbidden', { status: 403 });
|
|
466
|
+
}
|
|
467
|
+
const resolved = await this.strat.resolve(request, this.env);
|
|
468
|
+
const session = resolved.session;
|
|
469
|
+
if (!session)
|
|
470
|
+
return json({ error: 'unauthorized' }, { status: 401 });
|
|
471
|
+
const parsed = await requireCsrfJson(request);
|
|
472
|
+
if (!parsed.ok)
|
|
473
|
+
return json({ error: parsed.code }, { status: 400 });
|
|
474
|
+
const ts = await this.requireTurnstile(request, parsed.body);
|
|
475
|
+
if (!ts.ok)
|
|
476
|
+
return json({ error: ts.code }, { status: 401 });
|
|
477
|
+
const currentPassword = parsed.body.currentPassword;
|
|
478
|
+
const newPassword = parsed.body.newPassword;
|
|
479
|
+
if (typeof currentPassword !== 'string' || typeof newPassword !== 'string') {
|
|
480
|
+
return json({ error: 'invalid_request' }, { status: 400 });
|
|
481
|
+
}
|
|
482
|
+
const policy = this.passwordPolicy();
|
|
483
|
+
const check = validatePassword(newPassword, policy);
|
|
484
|
+
if (!check.ok) {
|
|
485
|
+
return json({ error: 'password_policy_violation' }, { status: 400 });
|
|
486
|
+
}
|
|
487
|
+
const existingHash = await this.store.getPasswordHashByUserId(session.userId);
|
|
488
|
+
if (!existingHash)
|
|
489
|
+
return json({ error: 'password_not_set' }, { status: 400 });
|
|
490
|
+
const peppers = getPeppers(this.env, this.pepperEnvName());
|
|
491
|
+
const verify = await verifyPasswordWithPepperRotation(currentPassword, existingHash, peppers);
|
|
492
|
+
if (!verify.ok)
|
|
493
|
+
return json({ error: 'invalid_credentials' }, { status: 401 });
|
|
494
|
+
const newHash = await hashPassword(newPassword, { pepper: peppers[0] });
|
|
495
|
+
await this.store.setPasswordHash(session.userId, newHash);
|
|
496
|
+
// Rotate session after password change (recommended)
|
|
497
|
+
const res = json({ ok: true }, { status: 200 });
|
|
498
|
+
await this.applyIssuedCookies(res, { userId: session.userId, email: session.email, systemRoles: session.systemRoles });
|
|
499
|
+
return res;
|
|
500
|
+
}
|
|
501
|
+
async checkUserStates(userId) {
|
|
502
|
+
const userStates = await this.store.getUserStates(userId);
|
|
503
|
+
// Reject disabled accounts always
|
|
504
|
+
if (userStates?.is_disabled) {
|
|
505
|
+
return { success: false, reason: 'account_disabled' };
|
|
506
|
+
}
|
|
507
|
+
// Check if approval is enabled and user is unapproved then reject login
|
|
508
|
+
if (this.cfg.overrides?.accountApproval?.enabled) {
|
|
509
|
+
if (userStates?.is_approved === false) {
|
|
510
|
+
return { success: false, reason: 'account_unapproved' };
|
|
511
|
+
}
|
|
512
|
+
}
|
|
513
|
+
// Reject login when email verification is enabled, required for login, and the user's email is unverified
|
|
514
|
+
if (this.cfg.overrides?.emailVerification?.enabled) {
|
|
515
|
+
if (userStates?.is_email_verified === false && this.cfg.overrides?.emailVerification?.requiredForLogin) {
|
|
516
|
+
return { success: false, reason: 'email_unverified' };
|
|
517
|
+
}
|
|
518
|
+
}
|
|
519
|
+
return { success: true };
|
|
520
|
+
}
|
|
521
|
+
async applyIssuedCookies(res, session) {
|
|
522
|
+
const issued = await this.strat.issue?.(session, this.env);
|
|
523
|
+
if (issued?.cookie)
|
|
524
|
+
res.headers.append('Set-Cookie', issued.cookie);
|
|
525
|
+
if (issued?.accessJwt) {
|
|
526
|
+
res.headers.append('Set-Cookie', `__Host-access=${issued.accessJwt}; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=900`);
|
|
527
|
+
}
|
|
528
|
+
}
|
|
529
|
+
oauthEnabled() {
|
|
530
|
+
return this.cfg.oAuth?.enabled === true;
|
|
531
|
+
}
|
|
532
|
+
passwordEnabled() {
|
|
533
|
+
return this.cfg.passwordAuth?.enabled === true;
|
|
534
|
+
}
|
|
535
|
+
authFeatureEnabled() {
|
|
536
|
+
return this.oauthEnabled() || this.passwordEnabled();
|
|
537
|
+
}
|
|
538
|
+
pepperEnvName() {
|
|
539
|
+
if (!this.cfg.passwordAuth?.enabled)
|
|
540
|
+
return 'PASSWORD_PEPPERS';
|
|
541
|
+
return this.cfg.passwordAuth?.pepperEnv ?? 'PASSWORD_PEPPERS';
|
|
542
|
+
}
|
|
543
|
+
passwordPolicy() {
|
|
544
|
+
if (!this.cfg.passwordAuth?.enabled)
|
|
545
|
+
return getPasswordPolicy();
|
|
546
|
+
return getPasswordPolicy(this.cfg.passwordAuth?.policy);
|
|
547
|
+
}
|
|
548
|
+
turnstileEnabled() {
|
|
549
|
+
if (!this.cfg.passwordAuth?.enabled)
|
|
550
|
+
return false;
|
|
551
|
+
return this.cfg.passwordAuth?.turnstile?.enabled === true;
|
|
552
|
+
}
|
|
553
|
+
turnstileSecret() {
|
|
554
|
+
if (!this.cfg.passwordAuth?.enabled)
|
|
555
|
+
return null;
|
|
556
|
+
if (!this.cfg.passwordAuth?.turnstile?.enabled)
|
|
557
|
+
return null;
|
|
558
|
+
const key = this.cfg.passwordAuth?.turnstile?.secretEnv;
|
|
559
|
+
if (!key)
|
|
560
|
+
return null;
|
|
561
|
+
const v = this.env[key];
|
|
562
|
+
return typeof v === 'string' && v.length > 0 ? v : null;
|
|
563
|
+
}
|
|
564
|
+
turnstileTokenField() {
|
|
565
|
+
if (!this.cfg.passwordAuth?.enabled)
|
|
566
|
+
return 'turnstileToken';
|
|
567
|
+
if (!this.cfg.passwordAuth?.turnstile?.enabled)
|
|
568
|
+
return 'turnstileToken';
|
|
569
|
+
return getTurnstileTokenField(this.cfg.passwordAuth?.turnstile);
|
|
570
|
+
}
|
|
571
|
+
async requireTurnstile(request, body) {
|
|
572
|
+
if (!this.turnstileEnabled())
|
|
573
|
+
return { ok: true };
|
|
574
|
+
const secret = this.turnstileSecret();
|
|
575
|
+
if (!secret)
|
|
576
|
+
return { ok: false, code: 'turnstile_misconfigured' };
|
|
577
|
+
const field = this.turnstileTokenField();
|
|
578
|
+
const token = body[field];
|
|
579
|
+
if (typeof token !== 'string' || token.trim().length === 0) {
|
|
580
|
+
return { ok: false, code: 'turnstile_missing' };
|
|
581
|
+
}
|
|
582
|
+
const ip = request.headers.get('CF-Connecting-IP') ?? undefined; // optional
|
|
583
|
+
const result = await verifyTurnstile(token, secret, ip);
|
|
584
|
+
if (!result.ok)
|
|
585
|
+
return { ok: false, code: result.code };
|
|
586
|
+
return { ok: true };
|
|
587
|
+
}
|
|
588
|
+
canAutoLoginAfterSignup() {
|
|
589
|
+
const overrides = this.cfg.overrides;
|
|
590
|
+
if (overrides?.autoLoginAfterSignup === false)
|
|
591
|
+
return false;
|
|
592
|
+
if (overrides?.accountApproval?.enabled)
|
|
593
|
+
return false;
|
|
594
|
+
const ev = overrides?.emailVerification;
|
|
595
|
+
if (ev?.enabled && ev.requiredForLogin)
|
|
596
|
+
return false;
|
|
597
|
+
return true;
|
|
598
|
+
}
|
|
599
|
+
getGlobalUnauthenticatedRedirectUrl() {
|
|
600
|
+
return this.cfg.overrides?.globalUnauthenticatedRedirectUrl || '/auth/login';
|
|
601
|
+
}
|
|
602
|
+
createUnauthenticatedRedirect(base, returnTo, redirectTo) {
|
|
603
|
+
const target = new URL(redirectTo || this.getGlobalUnauthenticatedRedirectUrl(), base);
|
|
604
|
+
if (returnTo)
|
|
605
|
+
target.searchParams.set('returnTo', returnTo);
|
|
606
|
+
return Response.redirect(target.toString(), 302);
|
|
607
|
+
}
|
|
608
|
+
}
|
|
609
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC9G,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AACvF,OAAO,EACN,UAAU,EACV,YAAY,EACZ,gCAAgC,EAChC,WAAW,EACX,cAAc,EACd,iBAAiB,GACjB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC9E,OAAO,EAAE,sBAAsB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAE7E,MAAM,OAAO,UAAU;IAEb;IACA;IACA;IACA;IAJT,YACS,GAAkB,EAClB,GAAQ,EACR,KAAgB,EAChB,KAAsB;QAHtB,QAAG,GAAH,GAAG,CAAe;QAClB,QAAG,GAAH,GAAG,CAAK;QACR,UAAK,GAAL,KAAK,CAAW;QAChB,UAAK,GAAL,KAAK,CAAiB;IAC5B,CAAC;IAEJ;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CAAC,OAAgB;QAC5B,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAChC,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzC,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,qBAAqB;QACrB,QAAQ,GAAG,CAAC,QAAQ,EAAE,CAAC;YACtB,KAAK,aAAa,CAAC;YACnB,KAAK,cAAc,CAAC;YACpB,KAAK,YAAY,CAAC;YAClB,KAAK,gBAAgB;gBACpB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE;oBAAE,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC5E,MAAM;YACP,KAAK,YAAY;gBAChB,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;oBAAE,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC/E,MAAM;YACP,KAAK,uBAAuB,CAAC;YAC7B,KAAK,yBAAyB,CAAC;YAC/B,KAAK,sBAAsB,CAAC;YAC5B,KAAK,uBAAuB,CAAC;YAC7B,KAAK,uBAAuB;gBAC3B,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;oBAAE,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC/E,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM;oBAAE,OAAO,IAAI,QAAQ,CAAC,oBAAoB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;gBACtH,MAAM;QACR,CAAC;QAED,QAAQ,GAAG,CAAC,QAAQ,EAAE,CAAC;YACtB,KAAK,aAAa,CAAC;YACnB,KAAK,cAAc,CAAC;YACpB,KAAK,YAAY;gBAChB,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,KAAK,gBAAgB;gBACpB,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACpC,KAAK,cAAc;gBAClB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC7B,KAAK,YAAY;gBAChB,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC;YACpB,KAAK,uBAAuB,CAAC;YAC7B,KAAK,yBAAyB;gBAC7B,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAC5C,KAAK,sBAAsB,CAAC;YAC5B,KAAK,uBAAuB;gBAC3B,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACzC,KAAK,uBAAuB;gBAC3B,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACrC;gBACC,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACpD,CAAC;IACF,CAAC;IAED;;;;;;;;OAQG;IACK,KAAK,CAAC,WAAW,CAAC,OAAgB,EAAE,GAAQ;QACnD,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;QAE/D,IAAI,MAAmD,CAAC;QACxD,IAAI,CAAC;YACJ,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,CAAC;QAC3E,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,IAAI,CAAC,aAAa,CAAC,sBAAsB,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,CAAC;QAClG,CAAC;QACD,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC;QAE7B,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC;QAClE,MAAM,QAAQ,GAAG,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAEnE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAEhE,IAAI,IAAI,KAAK,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,aAAa,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,MAAM,aAAa,EAAE,CAAC;QACjE,MAAM,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE;YAC3E,IAAI;YACJ,QAAQ;YACR,QAAQ,EAAE,GAAG,CAAC,EAAE;SAChB,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;QAClF,OAAO,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IAED;;;;;;;;OAQG;IACK,KAAK,CAAC,QAAQ,CAAC,OAAgB,EAAE,GAAQ;QAChD,MAAM,aAAa,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC;QACpE,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAErG,IAAI,MAAmD,CAAC;QACxD,IAAI,CAAC;YACJ,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,IAAI,CAAC,aAAa,CAAC,sBAAsB,EAAE,QAAQ,CAAC,CAAC;QAC7D,CAAC;QACD,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC;QAE7B,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,aAAa,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,aAAa,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,aAAa,CAAC;QAClB,IAAI,CAAC;YACJ,aAAa,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QACjF,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,IAAI,CAAC,aAAa,CAAC,0BAA0B,EAAE,QAAQ,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,CAAC,EAAE,EAAE,CAAC;YAC3E,OAAO,IAAI,CAAC,aAAa,CAAC,mBAAmB,EAAE,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;QACnH,CAAC;QAED,MAAM,kBAAkB,GAAG,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC7F,MAAM,kBAAkB,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;QAElG,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,gBAAgB,CAAC;QAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,aAAa,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAEnG,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC;QAEvC,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,aAAa,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CAAC;QACjE,CAAC;QAED,YAAY;QACZ,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACxC,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC,aAAa,CAAC,qBAAqB,EAAE,kBAAkB,CAAC,CAAC;YACtE,CAAC;YACD,IAAI,CAAC;gBACJ,MAAM,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,aAAa,CAAC,MAAM,EAAE;oBACxD,QAAQ,EAAE,QAAQ,CAAC,QAAQ;oBAC3B,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,OAAO,EAAE,QAAQ,CAAC,OAAO;iBACzB,CAAC,CAAC;YACJ,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACrB,MAAM,IAAI,GAAI,CAAW,EAAE,OAAO,KAAK,gBAAgB,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,aAAa,CAAC;gBAC3F,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;YACrD,CAAC;YACD,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;gBACzB,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,IAAI,kBAAkB,IAAI,GAAG,EAAE;aACtE,CAAC,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;QAE5F,eAAe;QACf,IAAI,CAAC,UAAU,EAAE,CAAC;YACjB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAC1D,IAAI,OAAO,EAAE,CAAC;gBACb,OAAO,IAAI,CAAC,aAAa,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CAAC;YACjE,CAAC;YAED,IAAI,oBAAoB,GAA4C,SAAS,CAAC;YAC9E,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC;gBAClD,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;oBACjD,oBAAoB,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,eAAe,CAAC,gBAAgB,IAAI,gBAAgB,CAAC;gBACjG,CAAC;YACF,CAAC;YAED,IAAI,MAAc,CAAC;YACnB,IAAI,CAAC;gBACJ,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAC/C,KAAK,EACL;oBACC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;oBAC3B,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,OAAO,EAAE,QAAQ,CAAC,OAAO;iBACzB,EACD,oBAAoB,CACpB,CAAC;YACH,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACrB,MAAM,IAAI,GAAI,CAAW,EAAE,OAAO,CAAC;gBACnC,IAAI,CAAC,cAAc,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,4BAA4B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxG,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;gBACrD,CAAC;gBACD,OAAO,IAAI,CAAC,aAAa,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;YAChE,CAAC;YAED,iHAAiH;YACjH,MAAM,YAAY,GAAG,IAAI,CAAC,uBAAuB,EAAE,CAAC;YACpD,IAAI,CAAC,YAAY,EAAE,CAAC;gBACnB,MAAM,yBAAyB,GAC9B,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,EAAE,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,EAAE,gBAAgB,CAAC;gBAC3G,MAAM,uBAAuB,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,eAAe,EAAE,OAAO,CAAC;gBAC7E,MAAM,WAAW,GAAG,kBAAkB,IAAI,GAAG,CAAC;gBAC9C,MAAM,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBAClD,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;oBACzB,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE;wBACR,QAAQ,EACP,WAAW;4BACX,CAAC,yBAAyB;gCACzB,CAAC,CAAC,GAAG,GAAG,mBAAmB;gCAC3B,CAAC,CAAC,uBAAuB;oCACxB,CAAC,CAAC,GAAG,GAAG,wBAAwB;oCAChC,CAAC,CAAC,EAAE,CAAC;qBACR;iBACD,CAAC,CAAC;YACJ,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE;gBACnC,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,IAAI,kBAAkB,IAAI,GAAG,EAAE;aACtE,CAAC,CAAC;YACH,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC;YAC5E,OAAO,QAAQ,CAAC;QACjB,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;QACnE,CAAC;QAED,aAAa;QACb,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE;YACnC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,IAAI,kBAAkB,IAAI,GAAG,EAAE;SACtE,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QACrG,IAAI,MAAM,EAAE,MAAM;YAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACzE,IAAI,MAAM,EAAE,SAAS;YACpB,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,iBAAiB,MAAM,CAAC,SAAS,uDAAuD,CAAC,CAAC;QACjI,OAAO,QAAQ,CAAC;IACjB,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,MAAM,CAAC,OAAgB;QACpC,MAAM,CAAC,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE;YAC5B,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE;SAC1B,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE,MAAM;YAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACpE,OAAO,CAAC,CAAC;IACV,CAAC;IAED;;;;;;OAMG;IACK,YAAY,CAAC,QAAiB;QACrC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAClE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC;QACjD,MAAM,EAAE,GAAG,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAE9F,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC;QAC5D,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAEnD,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QAEhE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IACtB,CAAC;IAED;;;;;;;OAOG;IACK,aAAa,CAAC,IAAY,EAAE,QAAiB;QACpD,MAAM,kBAAkB,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;QAClG,IAAI,kBAAkB,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,kBAAkB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACzD,OAAO,QAAQ,CAAC,QAAQ,CAAC,GAAG,kBAAkB,GAAG,GAAG,cAAc,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACd,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YAC/C,OAAO,QAAQ,CAAC,QAAQ,CAAC,GAAG,QAAQ,GAAG,GAAG,cAAc,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;YACzB,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,QAAQ,EAAE,gBAAgB,IAAI,EAAE,EAAE;SAC7C,CAAC,CAAC;IACJ,CAAC;IAEO,IAAI;QACX,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAClC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QACpD,OAAO,GAAG,CAAC;IACZ,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAAgB,EAAE,GAAQ;QACxD,+BAA+B;QAC/B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;YAC1E,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,4FAA4F;QAC5F,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YAClD,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,kCAAkC;QAClC,MAAM,MAAM,GAAG,MAAM,eAAe,CAA0B,OAAO,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAErE,qDAAqD;QACrD,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAC7D,IAAI,CAAC,EAAE,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAE7D,iBAAiB;QACjB,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;QACzC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;QACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;QAEtC,mBAAmB;QACnB,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3F,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEpF,kCAAkC;QAClC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC;YAClD,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;gBACzF,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YAC9D,CAAC;YACD,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,IAAI,CAAC,CAAC,EAAE,CAAC;gBACvF,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YAC/D,CAAC;YACD,IAAI,QAAQ,EAAE,CAAC;gBACd,MAAM,eAAe,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBACnD,IAAI,CAAC,eAAe,EAAE,CAAC;oBACtB,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC7D,CAAC;YACF,CAAC;QACF,CAAC;QAED,+BAA+B;QAC/B,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QAC1C,IAAI,CAAC,YAAY,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,mCAAmC;QACnC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACjD,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;YACf,4DAA4D;YAC5D,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,4BAA4B;QAC5B,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAEzG,sBAAsB;QACtB,IAAI,MAAc,CAAC;QACnB,IAAI,CAAC;YACJ,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC,KAAK,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QACjF,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACvB,MAAM,YAAY,GAAI,GAAa,CAAC,OAAO,CAAC;YAC5C,IAAI,CAAC,cAAc,EAAE,iBAAiB,EAAE,gBAAgB,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBAClF,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACvD,CAAC;YAED,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,iHAAiH;QACjH,MAAM,YAAY,GAAG,IAAI,CAAC,uBAAuB,EAAE,CAAC;QACpD,IAAI,CAAC,YAAY,EAAE,CAAC;YACnB,OAAO,IAAI,CACV;gBACC,OAAO,EAAE,IAAI;gBACb,yBAAyB,EACxB,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,EAAE,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,EAAE,gBAAgB;gBAC1G,uBAAuB,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,eAAe,EAAE,OAAO;aACrE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CACf,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAE/F,MAAM,GAAG,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE;YAC9B,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,IAAI,GAAG,EAAE;SACtC,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC;QACvE,OAAO,GAAG,CAAC;IACZ,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,OAAgB,EAAE,GAAQ;QACrD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YAClD,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,eAAe,CAAuD,OAAO,CAAC,CAAC;QACpG,IAAI,CAAC,MAAM,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAErE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAC7D,IAAI,CAAC,EAAE,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAE7D,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;QACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;QAEtC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3F,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAE/F,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,KAAK,CAAC,CAAC;QAEhE,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAEjC,6DAA6D;QAC7D,IAAI,CAAC,GAAG,EAAE,CAAC;YACV,MAAM,cAAc,CAAC,QAAQ,EAAE,iBAAiB,EAAE,EAAE,aAAa,CAAC,CAAC;YACnE,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,gCAAgC,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAErF,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,2CAA2C;QAC3C,IAAI,MAAM,CAAC,eAAe,GAAG,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACjE,IAAI,CAAC;gBACJ,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;gBACpG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,OAAO,CAAC,KAAK,CAAC,sDAAsD,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACxF,CAAC;QACF,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE;YAC9B,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,IAAI,GAAG,EAAE;SACtC,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QAC/E,OAAO,GAAG,CAAC;IACZ,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,OAAgB;QAC5C,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YAClD,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC;QACjC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAEtE,MAAM,MAAM,GAAG,MAAM,eAAe,CAAoE,OAAO,CAAC,CAAC;QACjH,IAAI,CAAC,MAAM,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAErE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAC7D,IAAI,CAAC,EAAE,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAE7D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC;QACpD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC;QAE5C,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC5E,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,gBAAgB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAEpD,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9E,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAE/E,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,gCAAgC,CAAC,eAAe,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;QAC9F,IAAI,CAAC,MAAM,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAE/E,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE1D,qDAAqD;QACrD,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QACvH,OAAO,GAAG,CAAC;IACZ,CAAC;IAED,KAAK,CAAC,eAAe,CACpB,MAAc;QAEd,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAE1D,kCAAkC;QAClC,IAAI,UAAU,EAAE,WAAW,EAAE,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;QACvD,CAAC;QAED,wEAAwE;QACxE,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC;YAClD,IAAI,UAAU,EAAE,WAAW,KAAK,KAAK,EAAE,CAAC;gBACvC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;YACzD,CAAC;QACF,CAAC;QAED,0GAA0G;QAC1G,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,EAAE,OAAO,EAAE,CAAC;YACpD,IAAI,UAAU,EAAE,iBAAiB,KAAK,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,CAAC;gBACxG,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;YACvD,CAAC;QACF,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,GAAa,EAAE,OAAgB;QAC/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3D,IAAI,MAAM,EAAE,MAAM;YAAE,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACpE,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;YACvB,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,iBAAiB,MAAM,CAAC,SAAS,uDAAuD,CAAC,CAAC;QAC5H,CAAC;IACF,CAAC;IAEO,YAAY;QACnB,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IACzC,CAAC;IAEO,eAAe;QACtB,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,KAAK,IAAI,CAAC;IAChD,CAAC;IAED,kBAAkB;QACjB,OAAO,IAAI,CAAC,YAAY,EAAE,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;IACtD,CAAC;IAEO,aAAa;QACpB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO;YAAE,OAAO,kBAAkB,CAAC;QAC/D,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,IAAI,kBAAkB,CAAC;IAC/D,CAAC;IAEO,cAAc;QACrB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO;YAAE,OAAO,iBAAiB,EAAE,CAAC;QAChE,OAAO,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACzD,CAAC;IAEO,gBAAgB;QACvB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO;YAAE,OAAO,KAAK,CAAC;QAClD,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE,OAAO,KAAK,IAAI,CAAC;IAC3D,CAAC;IAEO,eAAe;QACtB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO;YAAE,OAAO,IAAI,CAAC;QACjD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE,OAAO;YAAE,OAAO,IAAI,CAAC;QAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE,SAAS,CAAC;QACxD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxB,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACzD,CAAC;IAEO,mBAAmB;QAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO;YAAE,OAAO,gBAAgB,CAAC;QAC7D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE,OAAO;YAAE,OAAO,gBAAgB,CAAC;QACxE,OAAO,sBAAsB,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACjE,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAAgB,EAAE,IAA6B;QAC7E,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE;YAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QAElD,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,yBAAyB,EAAE,CAAC;QAEnE,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5D,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC;QACjD,CAAC;QAED,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,SAAS,CAAC,CAAC,WAAW;QAC5E,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAExD,IAAI,CAAC,MAAM,CAAC,EAAE;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;QACxD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACrB,CAAC;IAEO,uBAAuB;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC;QAErC,IAAI,SAAS,EAAE,oBAAoB,KAAK,KAAK;YAAE,OAAO,KAAK,CAAC;QAC5D,IAAI,SAAS,EAAE,eAAe,EAAE,OAAO;YAAE,OAAO,KAAK,CAAC;QAEtD,MAAM,EAAE,GAAG,SAAS,EAAE,iBAAiB,CAAC;QACxC,IAAI,EAAE,EAAE,OAAO,IAAI,EAAE,CAAC,gBAAgB;YAAE,OAAO,KAAK,CAAC;QAErD,OAAO,IAAI,CAAC;IACb,CAAC;IAED,mCAAmC;QAClC,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,gCAAgC,IAAI,aAAa,CAAC;IAC9E,CAAC;IAED,6BAA6B,CAAC,IAAY,EAAE,QAAiB,EAAE,UAAmB;QACjF,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,mCAAmC,EAAE,EAAE,IAAI,CAAC,CAAC;QACvF,IAAI,QAAQ;YAAE,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC5D,OAAO,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC;IAClD,CAAC;CACD"}
|