@element-hq/element-web-playwright-common 1.0.0

package/lib/testcontainers/mas.js

@@ -0,0 +1,311 @@
+/*
+Copyright 2024-2025 New Vector Ltd.
+
+SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+Please see LICENSE files in the repository root for full details.
+*/
+import { AbstractStartedContainer, GenericContainer, Wait, } from "testcontainers";
+import * as YAML from "yaml";
+import { getFreePort } from "../utils/port.js";
+import { deepCopy } from "../utils/object.js";
+const DEFAULT_CONFIG = {
+    http: {
+        listeners: [
+            {
+                name: "web",
+                resources: [
+                    { name: "discovery" },
+                    { name: "human" },
+                    { name: "oauth" },
+                    { name: "compat" },
+                    {
+                        name: "graphql",
+                        playground: true,
+                    },
+                    {
+                        name: "assets",
+                        path: "/usr/local/share/mas-cli/assets/",
+                    },
+                ],
+                binds: [
+                    {
+                        address: "[::]:8080",
+                    },
+                ],
+                proxy_protocol: false,
+            },
+            {
+                name: "internal",
+                resources: [
+                    {
+                        name: "health",
+                    },
+                ],
+                binds: [
+                    {
+                        address: "[::]:8081",
+                    },
+                ],
+                proxy_protocol: false,
+            },
+        ],
+        trusted_proxies: ["192.128.0.0/16", "172.16.0.0/12", "10.0.0.0/10", "127.0.0.1/8", "fd00::/8", "::1/128"],
+        public_base: "", // Needs to be set
+        issuer: "", // Needs to be set
+    },
+    database: {
+        host: "postgres",
+        port: 5432,
+        database: "postgres",
+        username: "postgres",
+        password: "p4S5w0rD",
+        max_connections: 10,
+        min_connections: 0,
+        connect_timeout: 30,
+        idle_timeout: 600,
+        max_lifetime: 1800,
+    },
+    telemetry: {
+        tracing: {
+            exporter: "none",
+            propagators: [],
+        },
+        metrics: {
+            exporter: "none",
+        },
+        sentry: {
+            dsn: null,
+        },
+    },
+    templates: {
+        path: "/usr/local/share/mas-cli/templates/",
+        assets_manifest: "/usr/local/share/mas-cli/manifest.json",
+        translations_path: "/usr/local/share/mas-cli/translations/",
+    },
+    email: {
+        from: '"Authentication Service" <root@localhost>',
+        reply_to: '"Authentication Service" <root@localhost>',
+        transport: "smtp",
+        mode: "plain",
+        hostname: "mailpit",
+        port: 1025,
+        username: "username",
+        password: "password",
+    },
+    secrets: {
+        encryption: "984b18e207c55ad5fbb2a49b217481a722917ee87b2308d4cf314c83fed8e3b5",
+        keys: [
+            {
+                kid: "YEAhzrKipJ",
+                key: "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAuIV+AW5vx52I4CuumgSxp6yvKfIAnRdALeZZCoFkIGxUli1B\nS79NJ3ls46oLh1pSD9RrhaMp6HTNoi4K3hnP9Q9v77pD7KwdFKG3UdG1zksIB0s/\n+/Ey/DmX4LPluwBBS7r/LkQ1jk745lENA++oiDqZf2D/uP8jCHlvaSNyVKTqi1ki\nOXPd4T4xBUjzuas9ze5jQVSYtfOidgnv1EzUipbIxgvH1jNt4raRlmP8mOq7xEnW\nR+cF5x6n/g17PdSEfrwO4kz6aKGZuMP5lVlDEEnMHKabFSQDBl7+Mpok6jXutbtA\nuiBnsKEahF9eoj4na4fpbRNPdIVyoaN5eGvm5wIDAQABAoIBAApyFCYEmHNWaa83\nCdVSOrRhRDE9r+c0r79pcNT1ajOjrk4qFa4yEC4R46YntCtfY5Hd1pBkIjU0l4d8\nz8Su9WTMEOwjQUEepS7L0NLi6kXZXYT8L40VpGs+32grBvBFHW0qEtQNrHJ36gMv\nx2rXoFTF7HaXiSJx3wvVxAbRqOE9tBXLsmNHaWaAdWQG5o77V9+zvMri3cAeEg2w\nVkKokb0dza7es7xG3tqS26k69SrwGeeuKo7qCHPH2cfyWmY5Yhv8iOoA59JzzbiK\nUdxyzCHskrPSpRKVkVVwmY3RBt282TmSRG7td7e5ESSj50P2e5BI5uu1Hp/dvU4F\nvYjV7kECgYEA6WqYoUpVsgQiqhvJwJIc/8gRm0mUy8TenI36z4Iim01Nt7fibWH7\nXnsFqLGjXtYNVWvBcCrUl9doEnRbJeG2eRGbGKYAWVrOeFvwM4fYvw9GoOiJdDj4\ncgWDe7eHbHE+UTqR7Nnr/UBfipoNWDh6X68HRBuXowh0Q6tOfxsrRFECgYEAyl/V\n4b8bFp3pKZZCb+KPSYsQf793cRmrBexPcLWcDPYbMZQADEZ/VLjbrNrpTOWxUWJT\nhr8MrWswnHO+l5AFu5CNO+QgV2dHLk+2w8qpdpFRPJCfXfo2D3wZ0c4cv3VCwv1V\n5y7f6XWVjDWZYV4wj6c3shxZJjZ+9Hbhf3/twbcCgYA6fuRRR3fCbRbi2qPtBrEN\nyO3gpMgNaQEA6vP4HPzfPrhDWmn8T5nXS61XYW03zxz4U1De81zj0K/cMBzHmZFJ\nNghQXQmpWwBzWVcREvJWr1Vb7erEnaJlsMwKrSvbGWYspSj82oAxr3hCG+lMOpsw\nb4S6pM+TpAK/EqdRY1WsgQKBgQCGoMaaTRXqL9bC0bEU2XVVCWxKb8c3uEmrwQ7/\n/fD4NmjUzI5TnDps1CVfkqoNe+hAKddDFqmKXHqUOfOaxDbsFje+lf5l5tDVoDYH\nfjTKKdYPIm7CiAeauYY7qpA5Vfq52Opixy4yEwUPp0CII67OggFtPaqY3zwJyWQt\n+57hdQKBgGCXM/KKt7ceUDcNJxSGjvu0zD9D5Sv2ihYlEBT/JLaTCCJdvzREevaJ\n1d+mpUAt0Lq6A8NWOMq8HPaxAik3rMQ0WtM5iG+XgsUqvTSb7NcshArDLuWGnW3m\nMC4rM0UBYAS4QweduUSH1imrwH/1Gu5+PxbiecceRMMggWpzu0Bq\n-----END RSA PRIVATE KEY-----\n",
+            },
+            {
+                kid: "8J1AxrlNZT",
+                key: "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIF1cjfIOEdy3BXJ72x6fKpEB8WP1ddZAUJAaqqr/6CpToAoGCCqGSM49\nAwEHoUQDQgAEfHdNuI1Yeh3/uOq2PlnW2vymloOVpwBYebbw4VVsna9xhnutIdQW\ndE8hkX8Yb0pIDasrDiwllVLzSvsWJAI0Kw==\n-----END EC PRIVATE KEY-----\n",
+            },
+            {
+                kid: "3BW6un1EBi",
+                key: "-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDA+3ZV17r8TsiMdw1cpbTSNbyEd5SMy3VS1Mk/kz6O2Ev/3QZut8GE2\nq3eGtLBoVQigBwYFK4EEACKhZANiAASs8Wxjk/uRimRKXnPr2/wDaXkN9wMDjYQK\nmZULb+0ZP1/cXmuXuri8hUGhQvIU8KWY9PkpV+LMPEdpE54mHPKSLjq5CDXoSZ/P\n9f7cdRaOZ000KQPZfIFR9ujJTtDN7Vs=\n-----END EC PRIVATE KEY-----\n",
+            },
+            {
+                kid: "pkZ0pTKK0X",
+                key: "-----BEGIN EC PRIVATE KEY-----\nMHQCAQEEIHenfsXYPc5yzjZKUfvmydDR1YRwdsfZYvwHf/2wsYxooAcGBSuBBAAK\noUQDQgAEON1x7Vlu+nA0KvC5vYSOHhDUkfLYNZwYSLPFVT02h9E13yFFMIJegIBl\nAer+6PMZpPc8ycyeH9N+U9NAyliBhQ==\n-----END EC PRIVATE KEY-----\n",
+            },
+        ],
+    },
+    passwords: {
+        enabled: true,
+        schemes: [
+            {
+                version: 1,
+                algorithm: "argon2id",
+            },
+        ],
+        minimum_complexity: 0,
+    },
+    policy: {
+        wasm_module: "/usr/local/share/mas-cli/policy.wasm",
+        client_registration_entrypoint: "client_registration/violation",
+        register_entrypoint: "register/violation",
+        authorization_grant_entrypoint: "authorization_grant/violation",
+        password_entrypoint: "password/violation",
+        email_entrypoint: "email/violation",
+        data: {
+            client_registration: {
+                // allow non-SSL and localhost URIs
+                allow_insecure_uris: true,
+                // EW doesn't have contacts at this time
+                allow_missing_contacts: true,
+            },
+        },
+    },
+    upstream_oauth2: {
+        providers: [],
+    },
+    branding: {
+        service_name: null,
+        policy_uri: null,
+        tos_uri: null,
+        imprint: null,
+        logo_uri: null,
+    },
+    account: {
+        password_registration_enabled: true,
+    },
+    experimental: {
+        access_token_ttl: 300,
+        compat_token_ttl: 300,
+    },
+    rate_limiting: {
+        login: {
+            burst: 10,
+            per_second: 1,
+        },
+        registration: {
+            burst: 10,
+            per_second: 1,
+        },
+    },
+};
+/**
+ * A container running the Matrix Authentication Service.
+ *
+ * Exposes the MAS API on port 8080 and the health check on port 8081.
+ * Waits for HTTP /health on port 8081 to be available.
+ */
+export class MatrixAuthenticationServiceContainer extends GenericContainer {
+    config;
+    args = ["-c", "/config/config.yaml"];
+    constructor(db) {
+        // We rely on `mas-cli manage add-email` which isn't in a release yet
+        // https://github.com/element-hq/matrix-authentication-service/pull/3235
+        super("ghcr.io/element-hq/matrix-authentication-service:sha-0b90c33");
+        this.config = deepCopy(DEFAULT_CONFIG);
+        this.config.database.username = db.getUsername();
+        this.config.database.password = db.getPassword();
+        this.withExposedPorts(8080, 8081)
+            .withWaitStrategy(Wait.forHttp("/health", 8081))
+            .withCommand(["server", ...this.args]);
+    }
+    /**
+     * Adds additional configuration to the MAS config.
+     * @param config - additional config fields to add
+     */
+    withConfig(config) {
+        this.config = {
+            ...this.config,
+            ...config,
+        };
+        return this;
+    }
+    /**
+     * Starts the MAS container
+     */
+    async start() {
+        // MAS config issuer needs to know what URL it'll be accessed from, so we have to map the port manually
+        const port = await getFreePort();
+        this.config.http.public_base = `http://localhost:${port}/`;
+        this.config.http.issuer = `http://localhost:${port}/`;
+        this.withExposedPorts({
+            container: 8080,
+            host: port,
+        }).withCopyContentToContainer([
+            {
+                target: "/config/config.yaml",
+                content: YAML.stringify(this.config),
+            },
+        ]);
+        return new StartedMatrixAuthenticationServiceContainer(await super.start(), `http://localhost:${port}`, this.args);
+    }
+}
+/**
+ * A started Matrix Authentication Service container.
+ */
+export class StartedMatrixAuthenticationServiceContainer extends AbstractStartedContainer {
+    baseUrl;
+    args;
+    adminTokenPromise;
+    constructor(container, baseUrl, args) {
+        super(container);
+        this.baseUrl = baseUrl;
+        this.args = args;
+    }
+    /**
+     * Retrieves a valid HS admin token
+     */
+    async getAdminToken() {
+        if (this.adminTokenPromise === undefined) {
+            this.adminTokenPromise = this.registerUserInternal("admin", "totalyinsecureadminpassword", undefined, true).then((res) => res.accessToken);
+        }
+        return this.adminTokenPromise;
+    }
+    async manage(cmd, ...args) {
+        const result = await this.exec(["mas-cli", "manage", cmd, ...this.args, ...args]);
+        if (result.exitCode !== 0) {
+            throw new Error(`Failed mas-cli manage ${cmd}: ${result.output}`);
+        }
+        return result;
+    }
+    async manageRegisterUser(username, password, displayName, admin = false) {
+        const args = [];
+        if (admin)
+            args.push("-a");
+        const result = await this.manage("register-user", ...args, "-y", "-p", password, "-d", displayName ?? "", username);
+        const registerLines = result.output.trim().split("\n");
+        const userId = registerLines
+            .find((line) => line.includes("Matrix ID: "))
+            ?.split(": ")
+            .pop();
+        if (!userId) {
+            throw new Error(`Failed to register user: ${result.output}`);
+        }
+        return userId;
+    }
+    async manageIssueCompatibilityToken(username, admin = false) {
+        const args = [];
+        if (admin)
+            args.push("--yes-i-want-to-grant-synapse-admin-privileges");
+        const result = await this.manage("issue-compatibility-token", ...args, username);
+        const parts = result.output.trim().split(/\s+/);
+        const accessToken = parts.find((part) => part.startsWith("mct_"));
+        const deviceId = parts.find((part) => part.startsWith("compat_session.device="))?.split("=")[1];
+        if (!accessToken || !deviceId) {
+            throw new Error(`Failed to issue compatibility token: ${result.output}`);
+        }
+        return { accessToken, deviceId };
+    }
+    async registerUserInternal(username, password, displayName, admin = false) {
+        const userId = await this.manageRegisterUser(username, password, displayName, admin);
+        const { deviceId, accessToken } = await this.manageIssueCompatibilityToken(username, admin);
+        return {
+            userId,
+            accessToken,
+            deviceId,
+            homeServer: userId.slice(1).split(":").slice(1).join(":"),
+            displayName,
+            username,
+            password,
+        };
+    }
+    /**
+     * Registers a user
+     * @param username - the username of the user to register
+     * @param password - the password of the user to register
+     * @param displayName - optional display name to set on the newly registered user
+     */
+    async registerUser(username, password, displayName) {
+        return this.registerUserInternal(username, password, displayName, false);
+    }
+    /**
+     * Binds a 3pid
+     * @param username - the username of the user to bind the 3pid to
+     * @param medium - the medium of the 3pid to bind
+     * @param address - the address of the 3pid to bind
+     */
+    async setThreepid(username, medium, address) {
+        if (medium !== "email") {
+            throw new Error("Only email threepids are supported by MAS");
+        }
+        await this.manage("add-email", username, address);
+    }
+}

package/lib/testcontainers/synapse.d.ts

@@ -0,0 +1,229 @@
+import { AbstractStartedContainer, GenericContainer, type RestartOptions, type StartedTestContainer } from "testcontainers";
+import { type APIRequestContext, type TestInfo } from "@playwright/test";
+import { type HomeserverContainer, type StartedHomeserverContainer } from "./HomeserverContainer.js";
+import { type StartedMatrixAuthenticationServiceContainer } from "./mas.js";
+import { Api, ClientServerApi, type Credentials } from "../utils/api.js";
+import { StartedMailpitContainer } from "./mailpit.js";
+declare const DEFAULT_CONFIG: {
+    server_name: string;
+    public_baseurl: string;
+    pid_file: string;
+    web_client: boolean;
+    soft_file_limit: number;
+    log_config: string;
+    listeners: {
+        port: number;
+        tls: boolean;
+        bind_addresses: string[];
+        type: string;
+        x_forwarded: boolean;
+        resources: {
+            names: string[];
+            compress: boolean;
+        }[];
+    }[];
+    database: {
+        name: string;
+        args: {
+            database: string;
+        };
+    };
+    rc_messages_per_second: number;
+    rc_message_burst_count: number;
+    rc_registration: {
+        per_second: number;
+        burst_count: number;
+    };
+    rc_joins: {
+        local: {
+            per_second: number;
+            burst_count: number;
+        };
+        remote: {
+            per_second: number;
+            burst_count: number;
+        };
+    };
+    rc_joins_per_room: {
+        per_second: number;
+        burst_count: number;
+    };
+    rc_3pid_validation: {
+        per_second: number;
+        burst_count: number;
+    };
+    rc_invites: {
+        per_room: {
+            per_second: number;
+            burst_count: number;
+        };
+        per_user: {
+            per_second: number;
+            burst_count: number;
+        };
+    };
+    rc_login: {
+        address: {
+            per_second: number;
+            burst_count: number;
+        };
+        account: {
+            per_second: number;
+            burst_count: number;
+        };
+        failed_attempts: {
+            per_second: number;
+            burst_count: number;
+        };
+    };
+    media_store_path: string;
+    max_upload_size: string;
+    max_image_pixels: string;
+    dynamic_thumbnails: boolean;
+    enable_registration: boolean;
+    enable_registration_without_verification: boolean;
+    disable_msisdn_registration: boolean;
+    registrations_require_3pid: never[];
+    enable_metrics: boolean;
+    report_stats: boolean;
+    registration_shared_secret: string;
+    macaroon_secret_key: string;
+    form_secret: string;
+    signing_key_path: string;
+    trusted_key_servers: never[];
+    password_config: {
+        enabled: boolean;
+    };
+    ui_auth: {};
+    background_updates: {
+        min_batch_size: number;
+        sleep_duration_ms: number;
+    };
+    enable_authenticated_media: boolean;
+    email: undefined | {
+        enable_notifs: boolean;
+        smtp_host: string;
+        smtp_port: number;
+        smtp_user: string;
+        smtp_pass: string;
+        require_transport_security: false;
+        notif_from: string;
+        app_name: string;
+        notif_template_html: string;
+        notif_template_text: string;
+        notif_for_new_users: boolean;
+        client_base_url: string;
+    };
+    user_consent: undefined | {
+        template_dir: string;
+        version: string;
+        server_notice_content: Record<string, unknown>;
+        send_server_notice_to_guests: boolean;
+        block_events_error: string;
+        require_at_registration: boolean;
+    };
+    server_notices: undefined | {
+        system_mxid_localpart: string;
+        system_mxid_display_name: string;
+        system_mxid_avatar_url: string;
+        room_name: string;
+    };
+    allow_guest_access: boolean;
+    experimental_features: {};
+    oidc_providers: never[];
+    serve_server_wellknown: boolean;
+    presence: {
+        enabled: boolean;
+        include_offline_users_on_sync: boolean;
+    };
+    room_list_publication_rules: {
+        action: string;
+    }[];
+};
+/**
+ * Incomplete type describing the configuration for a Synapse homeserver
+ */
+export type SynapseConfig = typeof DEFAULT_CONFIG;
+/**
+ * A Synapse testcontainer
+ *
+ * Exposes port 8008.
+ * Waits for HTTP /health 8008 to 200.
+ */
+export declare class SynapseContainer extends GenericContainer implements HomeserverContainer<SynapseConfig> {
+    private config;
+    private mas?;
+    constructor();
+    withConfigField(key: string, value: unknown): this;
+    withConfig(config: Partial<SynapseConfig>): this;
+    withSmtpServer(mailpit: StartedMailpitContainer): this;
+    withMatrixAuthenticationService(mas?: StartedMatrixAuthenticationServiceContainer): this;
+    start(): Promise<StartedSynapseContainer>;
+}
+/**
+ * A started Synapse testcontainer
+ */
+export declare class StartedSynapseContainer extends AbstractStartedContainer implements StartedHomeserverContainer {
+    readonly baseUrl: string;
+    private readonly registrationSharedSecret;
+    protected adminTokenPromise?: Promise<string>;
+    protected readonly adminApi: Api;
+    readonly csApi: ClientServerApi;
+    constructor(container: StartedTestContainer, baseUrl: string, registrationSharedSecret: string);
+    /**
+     * Restart the container
+     * Useful to reset the state of the homeserver between tests
+     * @param options - options to pass to the restart
+     */
+    restart(options?: Partial<RestartOptions>): Promise<void>;
+    setRequest(request: APIRequestContext): void;
+    onTestFinished(testInfo: TestInfo): Promise<void>;
+    protected deletePublicRooms(): Promise<void>;
+    private registerUserInternal;
+    protected getAdminToken(): Promise<string>;
+    private adminRequest;
+    /**
+     * Register a user on the given Homeserver using the shared registration secret.
+     * @param username - the username of the user to register
+     * @param password - the password of the user to register
+     * @param displayName - optional display name to set on the newly registered user
+     */
+    registerUser(username: string, password: string, displayName?: string): Promise<Credentials>;
+    /**
+     * Logs into synapse with the given username/password
+     * @param userId - login username
+     * @param password - login password
+     */
+    loginUser(userId: string, password: string): Promise<Credentials>;
+    /**
+     * Binds a 3pid
+     * @param userId - the username of the user to bind the 3pid to
+     * @param medium - the medium of the 3pid to bind
+     * @param address - the address of the 3pid to bind
+     */
+    setThreepid(userId: string, medium: string, address: string): Promise<void>;
+}
+/**
+ * A started Synapse container when delegating auth to MAS
+ */
+export declare class StartedSynapseWithMasContainer extends StartedSynapseContainer {
+    private readonly mas;
+    constructor(container: StartedTestContainer, baseUrl: string, registrationSharedSecret: string, mas: StartedMatrixAuthenticationServiceContainer);
+    protected getAdminToken(): Promise<string>;
+    /**
+     * Register a user on the given Homeserver using the shared registration secret.
+     * @param username - the username of the user to register
+     * @param password - the password of the user to register
+     * @param displayName - optional display name to set on the newly registered user
+     */
+    registerUser(username: string, password: string, displayName?: string): Promise<Credentials>;
+    /**
+     * Binds a 3pid
+     * @param userId - the username of the user to bind the 3pid to
+     * @param medium - the medium of the 3pid to bind
+     * @param address - the address of the 3pid to bind
+     */
+    setThreepid(userId: string, medium: string, address: string): Promise<void>;
+}
+export {};
+//# sourceMappingURL=synapse.d.ts.map

package/lib/testcontainers/synapse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"synapse.d.ts","sourceRoot":"","sources":["../../src/testcontainers/synapse.ts"],"names":[],"mappings":"AAOA,OAAO,EACH,wBAAwB,EACxB,gBAAgB,EAChB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EAE5B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,KAAK,iBAAiB,EAAE,KAAK,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAQzE,OAAO,EAAE,KAAK,mBAAmB,EAAE,KAAK,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACrG,OAAO,EAAE,KAAK,2CAA2C,EAAE,MAAM,UAAU,CAAC;AAC5E,OAAO,EAAE,GAAG,EAAE,eAAe,EAAa,KAAK,WAAW,EAAE,MAAM,iBAAiB,CAAC;AACpF,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAIvD,QAAA,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA2GV,SAAS,GACT;QACI,aAAa,EAAE,OAAO,CAAC;QACvB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,0BAA0B,EAAE,KAAK,CAAC;QAClC,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,mBAAmB,EAAE,MAAM,CAAC;QAC5B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,eAAe,EAAE,MAAM,CAAC;KAC3B;kBAED,SAAS,GACT;QACI,YAAY,EAAE,MAAM,CAAC;QACrB,OAAO,EAAE,MAAM,CAAC;QAChB,qBAAqB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC/C,4BAA4B,EAAE,OAAO,CAAC;QACtC,kBAAkB,EAAE,MAAM,CAAC;QAC3B,uBAAuB,EAAE,OAAO,CAAC;KACpC;oBAED,SAAS,GACT;QACI,qBAAqB,EAAE,MAAM,CAAC;QAC9B,wBAAwB,EAAE,MAAM,CAAC;QACjC,sBAAsB,EAAE,MAAM,CAAC;QAC/B,SAAS,EAAE,MAAM,CAAC;KACrB;;;;;;;;;;;;CAUV,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,OAAO,cAAc,CAAC;AAElD;;;;;GAKG;AACH,qBAAa,gBAAiB,SAAQ,gBAAiB,YAAW,mBAAmB,CAAC,aAAa,CAAC;IAChG,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,GAAG,CAAC,CAA8C;;IA+CnD,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI;IAKlD,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG,IAAI;IAQhD,cAAc,CAAC,OAAO,EAAE,uBAAuB,GAAG,IAAI;IAkBtD,+BAA+B,CAAC,GAAG,CAAC,EAAE,2CAA2C,GAAG,IAAI;IAKzE,KAAK,IAAI,OAAO,CAAC,uBAAuB,CAAC;CA+BlE;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,wBAAyB,YAAW,0BAA0B;aAOnF,OAAO,EAAE,MAAM;IAC/B,OAAO,CAAC,QAAQ,CAAC,wBAAwB;IAP7C,SAAS,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9C,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC;IACjC,SAAgB,KAAK,EAAE,eAAe,CAAC;gBAGnC,SAAS,EAAE,oBAAoB,EACf,OAAO,EAAE,MAAM,EACd,wBAAwB,EAAE,MAAM;IAOrD;;;;OAIG;IACI,OAAO,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAKzD,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,IAAI;IAKtC,cAAc,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;cAK9C,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC;YAapC,oBAAoB;cAqClB,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;YAYlC,YAAY;IAO1B;;;;;OAKG;IACI,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAInG;;;;OAIG;IACU,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAI9E;;;;;OAKG;IACU,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAU3F;AAED;;GAEG;AACH,qBAAa,8BAA+B,SAAQ,uBAAuB;IAKnE,OAAO,CAAC,QAAQ,CAAC,GAAG;gBAHpB,SAAS,EAAE,oBAAoB,EAC/B,OAAO,EAAE,MAAM,EACf,wBAAwB,EAAE,MAAM,EACf,GAAG,EAAE,2CAA2C;cAKrD,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAOhD;;;;;OAKG;IACI,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAInG;;;;;OAKG;IACU,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG3F"}