@grackle-ai/server 0.33.0 → 0.34.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/index.d.ts.map +1 -1
  2. package/dist/index.js +356 -7
  3. package/dist/index.js.map +1 -1
  4. package/dist/oauth.d.ts +100 -0
  5. package/dist/oauth.d.ts.map +1 -0
  6. package/dist/oauth.js +225 -0
  7. package/dist/oauth.js.map +1 -0
  8. package/package.json +4 -4
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AA2BA,OAAO,SAAS,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAkCA,OAAO,SAAS,CAAC"}
package/dist/index.js CHANGED
@@ -21,6 +21,8 @@ import { loadOrCreateApiKey, verifyApiKey } from "./api-key.js";
21
21
  import { createSession, validateSessionCookie } from "./session.js";
22
22
  import { startSessionCleanup, stopSessionCleanup } from "./session.js";
23
23
  import { generatePairingCode, redeemPairingCode, startPairingCleanup, stopPairingCleanup } from "./pairing.js";
24
+ import { registerClient, getClient, createAuthorizationCode, consumeAuthorizationCode, createRefreshToken, consumeRefreshToken, startOAuthCleanup, stopOAuthCleanup, } from "./oauth.js";
25
+ import { createOAuthAccessToken, OAUTH_ACCESS_TOKEN_TTL_MS } from "@grackle-ai/mcp";
24
26
  import { logger } from "./logger.js";
25
27
  import { exec } from "./utils/exec.js";
26
28
  import { detectLanIp } from "./utils/network.js";
@@ -66,6 +68,94 @@ function renderPairingPage(error) {
66
68
  </form>
67
69
  </div></body></html>`;
68
70
  }
71
+ /** Shared card styles used by both pairing and authorize pages. */
72
+ const CARD_STYLES = `*{box-sizing:border-box;margin:0;padding:0}
73
+ body{font-family:system-ui,sans-serif;display:flex;align-items:center;justify-content:center;min-height:100vh;background:#0f172a;color:#e2e8f0}
74
+ .card{background:#1e293b;border-radius:12px;padding:2.5rem;max-width:400px;width:100%;text-align:center;box-shadow:0 4px 24px rgba(0,0,0,.3)}
75
+ h1{font-size:1.5rem;margin-bottom:.5rem}
76
+ p{color:#94a3b8;margin-bottom:1.5rem;font-size:.95rem}
77
+ input{width:100%;padding:.75rem 1rem;font-size:1.25rem;letter-spacing:.3em;text-align:center;border:2px solid #334155;border-radius:8px;background:#0f172a;color:#e2e8f0;text-transform:uppercase;font-family:monospace;margin-bottom:.5rem}
78
+ input:focus{outline:none;border-color:#3b82f6}
79
+ button{margin-top:1rem;width:100%;padding:.75rem;font-size:1rem;border:none;border-radius:8px;background:#3b82f6;color:#fff;cursor:pointer;font-weight:600}
80
+ button:hover{background:#2563eb}
81
+ .btn-deny{background:#475569;margin-top:.5rem}
82
+ .btn-deny:hover{background:#334155}
83
+ .client-name{color:#3b82f6;font-weight:600}`;
84
+ /**
85
+ * Render the OAuth authorize page.
86
+ *
87
+ * If the user has a valid session, shows a simple "Authorize" / "Deny" form.
88
+ * If not paired, adds a pairing code input so the user can pair and authorize in one step.
89
+ */
90
+ function renderAuthorizePage(clientName, oauthParams, hasPairedSession, error) {
91
+ const errorHtml = error ? `<p style="color:#e74c3c;margin-bottom:1rem">${error}</p>` : "";
92
+ const pairingField = hasPairedSession
93
+ ? ""
94
+ : `<p>Enter the pairing code shown in your terminal to pair and authorize.</p>
95
+ <input name="pairing_code" type="text" maxlength="6" pattern="[A-Za-z0-9]{6}" autocomplete="off" autofocus placeholder="ABC123" required>`;
96
+ const buttonLabel = hasPairedSession ? "Authorize" : "Pair &amp; Authorize";
97
+ return `<!DOCTYPE html>
98
+ <html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
99
+ <title>Grackle — Authorize MCP Client</title>
100
+ <style>${CARD_STYLES}</style></head><body>
101
+ <div class="card">
102
+ <h1>Authorize MCP Client</h1>
103
+ <p><span class="client-name">${escapeHtml(clientName)}</span> wants to connect to Grackle.</p>
104
+ ${errorHtml}
105
+ <form method="POST" action="/authorize">
106
+ ${pairingField}
107
+ <input type="hidden" name="oauth_params" value="${escapeHtml(oauthParams)}">
108
+ <button type="submit" name="action" value="approve">${buttonLabel}</button>
109
+ <button type="submit" name="action" value="deny" class="btn-deny">Deny</button>
110
+ </form>
111
+ </div></body></html>`;
112
+ }
113
+ /** Escape HTML special characters for safe embedding in attributes and text content. */
114
+ function escapeHtml(str) {
115
+ return str
116
+ .replace(/&/g, "&amp;")
117
+ .replace(/</g, "&lt;")
118
+ .replace(/>/g, "&gt;")
119
+ .replace(/"/g, "&quot;")
120
+ .replace(/'/g, "&#x27;");
121
+ }
122
+ /** Maximum size for form/JSON request bodies: 16 KB. */
123
+ const MAX_BODY_SIZE = 16_384;
124
+ /**
125
+ * Read the raw body string from an HTTP request with size limit enforcement.
126
+ *
127
+ * @param req - The incoming HTTP request.
128
+ * @returns The raw body as a UTF-8 string.
129
+ */
130
+ function readBody(req) {
131
+ return new Promise((resolve, reject) => {
132
+ const chunks = [];
133
+ let totalSize = 0;
134
+ req.on("data", (chunk) => {
135
+ totalSize += chunk.length;
136
+ if (totalSize > MAX_BODY_SIZE) {
137
+ req.destroy();
138
+ reject(new Error("Body too large"));
139
+ return;
140
+ }
141
+ chunks.push(chunk);
142
+ });
143
+ req.on("end", () => {
144
+ resolve(Buffer.concat(chunks).toString("utf8"));
145
+ });
146
+ req.on("error", reject);
147
+ });
148
+ }
149
+ /**
150
+ * Parse a URL-encoded form body from an HTTP request.
151
+ *
152
+ * @param req - The incoming HTTP request.
153
+ * @returns Parsed key-value pairs from the form body.
154
+ */
155
+ async function parseFormBody(req) {
156
+ const raw = await readBody(req);
157
+ return new URLSearchParams(raw);
158
+ }
69
159
  /**
70
160
  * Serve a static file from the web dist directory.
71
161
  * Always writes a response (200, 403, 404, or 500).
@@ -112,11 +202,16 @@ function getRemoteIp(req) {
112
202
  /**
113
203
  * Create the HTTP request handler for the web server.
114
204
  *
115
- * All routes are gated by session cookie authentication.
116
- * The /pair endpoint handles pairing code exchange.
205
+ * Serves OAuth authorization server endpoints (no auth),
206
+ * the pairing endpoint, and session-gated static files.
117
207
  */
118
- function createWebHandler(apiKey) {
119
- return (req, res) => {
208
+ function createWebHandler(apiKey, webPort, bindHost) {
209
+ /** Map wildcard bind hosts to a dialable host for OAuth URLs. */
210
+ const dialableHost = isWildcardAddress(bindHost) ? "127.0.0.1" : bindHost;
211
+ const urlHost = dialableHost.includes(":") ? `[${dialableHost}]` : dialableHost;
212
+ const webBaseUrl = `http://${urlHost}:${webPort}`;
213
+ // eslint-disable-next-line @typescript-eslint/no-misused-promises
214
+ return async (req, res) => {
120
215
  let rawPath;
121
216
  let queryString = "";
122
217
  try {
@@ -129,6 +224,254 @@ function createWebHandler(apiKey) {
129
224
  res.end("Bad Request");
130
225
  return;
131
226
  }
227
+ // --- OAuth Authorization Server Metadata (no auth) ---
228
+ if (rawPath === "/.well-known/oauth-authorization-server") {
229
+ res.writeHead(200, { "Content-Type": "application/json" });
230
+ res.end(JSON.stringify({
231
+ issuer: webBaseUrl,
232
+ authorization_endpoint: `${webBaseUrl}/authorize`,
233
+ token_endpoint: `${webBaseUrl}/token`,
234
+ registration_endpoint: `${webBaseUrl}/register`,
235
+ response_types_supported: ["code"],
236
+ grant_types_supported: ["authorization_code", "refresh_token"],
237
+ code_challenge_methods_supported: ["S256"],
238
+ token_endpoint_auth_methods_supported: ["none"],
239
+ }));
240
+ return;
241
+ }
242
+ // --- Dynamic Client Registration (no auth, JSON body) ---
243
+ if (rawPath === "/register" && req.method === "POST") {
244
+ try {
245
+ const raw = await readBody(req);
246
+ const parsed = JSON.parse(raw);
247
+ const redirectUris = parsed.redirect_uris;
248
+ const clientName = parsed.client_name;
249
+ if (!Array.isArray(redirectUris) || redirectUris.length === 0) {
250
+ res.writeHead(400, { "Content-Type": "application/json" });
251
+ res.end(JSON.stringify({ error: "invalid_request", error_description: "redirect_uris is required" }));
252
+ return;
253
+ }
254
+ // Validate each redirect URI — only allow http(s) on loopback to prevent open redirects
255
+ for (const uri of redirectUris) {
256
+ try {
257
+ const parsed = new URL(uri);
258
+ const isLoopback = parsed.hostname === "127.0.0.1" || parsed.hostname === "localhost" || parsed.hostname === "::1";
259
+ const isHttpOrHttps = parsed.protocol === "http:" || parsed.protocol === "https:";
260
+ if (!isLoopback || !isHttpOrHttps) {
261
+ res.writeHead(400, { "Content-Type": "application/json" });
262
+ res.end(JSON.stringify({ error: "invalid_client_metadata", error_description: "redirect_uris must use http(s) on loopback (127.0.0.1 or localhost)" }));
263
+ return;
264
+ }
265
+ }
266
+ catch {
267
+ res.writeHead(400, { "Content-Type": "application/json" });
268
+ res.end(JSON.stringify({ error: "invalid_client_metadata", error_description: "Invalid redirect_uri" }));
269
+ return;
270
+ }
271
+ }
272
+ const client = registerClient(redirectUris, clientName);
273
+ if (!client) {
274
+ res.writeHead(503, { "Content-Type": "application/json" });
275
+ res.end(JSON.stringify({ error: "temporarily_unavailable", error_description: "Too many registered clients" }));
276
+ return;
277
+ }
278
+ res.writeHead(201, { "Content-Type": "application/json" });
279
+ res.end(JSON.stringify({
280
+ client_id: client.clientId,
281
+ redirect_uris: client.redirectUris,
282
+ client_name: client.clientName,
283
+ }));
284
+ }
285
+ catch {
286
+ res.writeHead(400, { "Content-Type": "application/json" });
287
+ res.end(JSON.stringify({ error: "invalid_request" }));
288
+ }
289
+ return;
290
+ }
291
+ // --- OAuth Authorize (GET — render page, no auth required) ---
292
+ if (rawPath === "/authorize" && req.method === "GET") {
293
+ const params = new URLSearchParams(queryString);
294
+ const clientId = params.get("client_id") || "";
295
+ const responseType = params.get("response_type") || "";
296
+ const redirectUri = params.get("redirect_uri") || "";
297
+ const codeChallenge = params.get("code_challenge") || "";
298
+ const codeChallengeMethod = params.get("code_challenge_method") || "";
299
+ const state = params.get("state") || "";
300
+ const resource = params.get("resource") || "";
301
+ // Validate required params
302
+ if (responseType !== "code") {
303
+ res.writeHead(400, { "Content-Type": "application/json" });
304
+ res.end(JSON.stringify({ error: "unsupported_response_type" }));
305
+ return;
306
+ }
307
+ if (!clientId || !redirectUri || !codeChallenge) {
308
+ res.writeHead(400, { "Content-Type": "application/json" });
309
+ res.end(JSON.stringify({ error: "invalid_request", error_description: "Missing required parameters" }));
310
+ return;
311
+ }
312
+ if (codeChallengeMethod && codeChallengeMethod !== "S256") {
313
+ res.writeHead(400, { "Content-Type": "application/json" });
314
+ res.end(JSON.stringify({ error: "invalid_request", error_description: "Only S256 code challenge method is supported" }));
315
+ return;
316
+ }
317
+ const client = getClient(clientId);
318
+ if (!client) {
319
+ res.writeHead(400, { "Content-Type": "application/json" });
320
+ res.end(JSON.stringify({ error: "invalid_request", error_description: "Unknown client_id" }));
321
+ return;
322
+ }
323
+ if (!client.redirectUris.includes(redirectUri)) {
324
+ res.writeHead(400, { "Content-Type": "application/json" });
325
+ res.end(JSON.stringify({ error: "invalid_request", error_description: "redirect_uri not registered" }));
326
+ return;
327
+ }
328
+ // Serialize OAuth params for the hidden form field
329
+ const oauthParams = new URLSearchParams({
330
+ client_id: clientId,
331
+ redirect_uri: redirectUri,
332
+ code_challenge: codeChallenge,
333
+ state,
334
+ resource,
335
+ }).toString();
336
+ const cookieHeader = req.headers.cookie || "";
337
+ const hasPairedSession = validateSessionCookie(cookieHeader, apiKey);
338
+ const html = renderAuthorizePage(client.clientName, oauthParams, hasPairedSession);
339
+ res.writeHead(200, { "Content-Type": "text/html" });
340
+ res.end(html);
341
+ return;
342
+ }
343
+ // --- OAuth Authorize (POST — process approval/denial) ---
344
+ if (rawPath === "/authorize" && req.method === "POST") {
345
+ try {
346
+ const formData = await parseFormBody(req);
347
+ const action = formData.get("action") || "";
348
+ const oauthParamsStr = formData.get("oauth_params") || "";
349
+ const pairingCode = formData.get("pairing_code") || "";
350
+ const oauthParams = new URLSearchParams(oauthParamsStr);
351
+ const clientId = oauthParams.get("client_id") || "";
352
+ const redirectUri = oauthParams.get("redirect_uri") || "";
353
+ const codeChallenge = oauthParams.get("code_challenge") || "";
354
+ const state = oauthParams.get("state") || "";
355
+ const resource = oauthParams.get("resource") || "";
356
+ // Validate client and redirect URI before any redirect to prevent open redirect
357
+ const client = getClient(clientId);
358
+ if (!client?.redirectUris.includes(redirectUri)) {
359
+ res.writeHead(400, { "Content-Type": "application/json" });
360
+ res.end(JSON.stringify({ error: "invalid_request" }));
361
+ return;
362
+ }
363
+ // Build redirect URL using URL API to safely merge query params
364
+ const buildRedirect = (params) => {
365
+ const url = new URL(redirectUri);
366
+ for (const [key, value] of Object.entries(params)) {
367
+ url.searchParams.set(key, value);
368
+ }
369
+ if (state) {
370
+ url.searchParams.set("state", state);
371
+ }
372
+ return url.toString();
373
+ };
374
+ // Deny action
375
+ if (action === "deny") {
376
+ res.writeHead(302, { Location: buildRedirect({ error: "access_denied" }) });
377
+ res.end();
378
+ return;
379
+ }
380
+ // Check session — if no session, require pairing code
381
+ const cookieHeader = req.headers.cookie || "";
382
+ let hasPairedSession = validateSessionCookie(cookieHeader, apiKey);
383
+ const responseHeaders = {};
384
+ if (!hasPairedSession) {
385
+ if (!pairingCode) {
386
+ const html = renderAuthorizePage(client.clientName, oauthParamsStr, false, "Pairing code is required.");
387
+ res.writeHead(200, { "Content-Type": "text/html" });
388
+ res.end(html);
389
+ return;
390
+ }
391
+ const remoteIp = getRemoteIp(req);
392
+ if (!redeemPairingCode(pairingCode, remoteIp)) {
393
+ const html = renderAuthorizePage(client.clientName, oauthParamsStr, false, "Invalid or expired pairing code.");
394
+ res.writeHead(200, { "Content-Type": "text/html" });
395
+ res.end(html);
396
+ return;
397
+ }
398
+ // Pairing succeeded — also create a browser session
399
+ const setCookie = createSession(apiKey);
400
+ responseHeaders["Set-Cookie"] = setCookie;
401
+ hasPairedSession = true;
402
+ }
403
+ // Approved — create authorization code
404
+ const authCode = createAuthorizationCode(clientId, redirectUri, codeChallenge, resource);
405
+ const redirectUrl = buildRedirect({ code: authCode });
406
+ res.writeHead(302, {
407
+ ...responseHeaders,
408
+ Location: redirectUrl,
409
+ });
410
+ res.end();
411
+ }
412
+ catch {
413
+ res.writeHead(400);
414
+ res.end("Bad Request");
415
+ }
416
+ return;
417
+ }
418
+ // --- OAuth Token endpoint ---
419
+ if (rawPath === "/token" && req.method === "POST") {
420
+ try {
421
+ const formData = await parseFormBody(req);
422
+ const grantType = formData.get("grant_type") || "";
423
+ if (grantType === "authorization_code") {
424
+ const code = formData.get("code") || "";
425
+ const clientId = formData.get("client_id") || "";
426
+ const redirectUri = formData.get("redirect_uri") || "";
427
+ const codeVerifier = formData.get("code_verifier") || "";
428
+ const resource = formData.get("resource") || "";
429
+ const authCodeRecord = consumeAuthorizationCode(code, clientId, redirectUri, codeVerifier, resource);
430
+ if (!authCodeRecord) {
431
+ res.writeHead(400, { "Content-Type": "application/json" });
432
+ res.end(JSON.stringify({ error: "invalid_grant" }));
433
+ return;
434
+ }
435
+ const accessToken = createOAuthAccessToken(clientId, resource, apiKey);
436
+ const refreshToken = createRefreshToken(clientId, resource);
437
+ res.writeHead(200, { "Content-Type": "application/json", "Cache-Control": "no-store" });
438
+ res.end(JSON.stringify({
439
+ access_token: accessToken,
440
+ token_type: "Bearer",
441
+ expires_in: Math.floor(OAUTH_ACCESS_TOKEN_TTL_MS / 1000),
442
+ refresh_token: refreshToken,
443
+ }));
444
+ return;
445
+ }
446
+ if (grantType === "refresh_token") {
447
+ const refreshToken = formData.get("refresh_token") || "";
448
+ const clientId = formData.get("client_id") || "";
449
+ const refreshRecord = consumeRefreshToken(refreshToken, clientId);
450
+ if (!refreshRecord) {
451
+ res.writeHead(400, { "Content-Type": "application/json" });
452
+ res.end(JSON.stringify({ error: "invalid_grant" }));
453
+ return;
454
+ }
455
+ const accessToken = createOAuthAccessToken(clientId, refreshRecord.resource, apiKey);
456
+ const newRefreshToken = createRefreshToken(clientId, refreshRecord.resource);
457
+ res.writeHead(200, { "Content-Type": "application/json", "Cache-Control": "no-store" });
458
+ res.end(JSON.stringify({
459
+ access_token: accessToken,
460
+ token_type: "Bearer",
461
+ expires_in: Math.floor(OAUTH_ACCESS_TOKEN_TTL_MS / 1000),
462
+ refresh_token: newRefreshToken,
463
+ }));
464
+ return;
465
+ }
466
+ res.writeHead(400, { "Content-Type": "application/json" });
467
+ res.end(JSON.stringify({ error: "unsupported_grant_type" }));
468
+ }
469
+ catch {
470
+ res.writeHead(400, { "Content-Type": "application/json" });
471
+ res.end(JSON.stringify({ error: "invalid_request" }));
472
+ }
473
+ return;
474
+ }
132
475
  // --- Pairing endpoint ---
133
476
  if (rawPath === "/pair") {
134
477
  const params = new URLSearchParams(queryString);
@@ -206,6 +549,7 @@ function main() {
206
549
  // Start periodic cleanup timers
207
550
  startPairingCleanup();
208
551
  startSessionCleanup();
552
+ startOAuthCleanup();
209
553
  // --- gRPC server (HTTP/2) ---
210
554
  const grpcPort = parseInt(process.env.GRACKLE_PORT || String(DEFAULT_SERVER_PORT), 10);
211
555
  const bindHost = process.env.GRACKLE_HOST || "127.0.0.1";
@@ -241,7 +585,8 @@ function main() {
241
585
  });
242
586
  // --- Web + WebSocket server (HTTP/1.1) ---
243
587
  const webPort = parseInt(process.env.GRACKLE_WEB_PORT || String(DEFAULT_WEB_PORT), 10);
244
- const webServer = http.createServer(createWebHandler(apiKey));
588
+ const mcpPort = parseInt(process.env.GRACKLE_MCP_PORT || String(DEFAULT_MCP_PORT), 10);
589
+ const webServer = http.createServer(createWebHandler(apiKey, webPort, bindHost));
245
590
  createWsBridge(webServer, verifyApiKey, (cookieHeader) => validateSessionCookie(cookieHeader, apiKey));
246
591
  webServer.on("error", (err) => {
247
592
  if (err.code === "EADDRINUSE") {
@@ -286,8 +631,11 @@ function main() {
286
631
  }
287
632
  });
288
633
  // --- MCP server (HTTP/1.1, Streamable HTTP) ---
289
- const mcpPort = parseInt(process.env.GRACKLE_MCP_PORT || String(DEFAULT_MCP_PORT), 10);
290
- const mcpServer = createMcpServer({ bindHost, mcpPort, grpcPort, apiKey });
634
+ // Use dialable host for OAuth URLs (wildcard → 127.0.0.1)
635
+ const dialableHost = isWildcardAddress(bindHost) ? "127.0.0.1" : bindHost;
636
+ const dialableUrlHost = dialableHost.includes(":") ? `[${dialableHost}]` : dialableHost;
637
+ const authServerUrl = `http://${dialableUrlHost}:${webPort}`;
638
+ const mcpServer = createMcpServer({ bindHost, mcpPort, grpcPort, apiKey, authorizationServerUrl: authServerUrl });
291
639
  mcpServer.on("error", (err) => {
292
640
  if (err.code === "EADDRINUSE") {
293
641
  logger.fatal({ port: mcpPort }, "Port %d is already in use. Is another Grackle server running?", mcpPort);
@@ -307,6 +655,7 @@ function main() {
307
655
  logger.info("Shutting down...");
308
656
  stopPairingCleanup();
309
657
  stopSessionCleanup();
658
+ stopOAuthCleanup();
310
659
  const forceExit = setTimeout(() => {
311
660
  logger.warn("Shutdown timed out, forcing exit");
312
661
  process.exit(1);
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,MAAM,YAAY,CAAC;AAC/B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC7F,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAC/G,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,yCAAyC;AACzC,OAAO,SAAS,CAAC;AAEjB,MAAM,UAAU,GAA2B;IACzC,OAAO,EAAE,WAAW;IACpB,KAAK,EAAE,wBAAwB;IAC/B,MAAM,EAAE,UAAU;IAClB,OAAO,EAAE,kBAAkB;IAC3B,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,WAAW;IACnB,MAAM,EAAE,cAAc;CACvB,CAAC;AAEF,kEAAkE;AAClE,MAAM,UAAU,GAAgB,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/D,MAAM,YAAY,GAAW,OAAO,CAClC,OAAO,CAAC,GAAG,CAAC,eAAe;OACtB,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC,EAAE,MAAM,CAAC,CAC/E,CAAC;AAEF,2EAA2E;AAC3E,SAAS,iBAAiB,CAAC,KAAc;IACvC,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,+CAA+C,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1F,OAAO;;;;;;;;;;;;;;;;;IAiBL,SAAS;;;;;qBAKQ,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CACtB,GAAyB,EACzB,GAAwB,EACxB,OAAe;IAEf,MAAM,MAAM,GAAG,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,EAAE,CAAC;IACjD,IAAI,QAAQ,GAAG,MAAM;QACnB,CAAC,CAAC,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC;QAClC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,SAAS,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC;IAEpD,6EAA6E;IAC7E,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC7C,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,KAAK,QAAQ,EAAE,CAAC;QACpE,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,eAAe;QACf,QAAQ,GAAG,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC9B,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,0BAA0B,CAAC;IAElE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;QACvC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;QACpD,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,sDAAsD;AACtD,SAAS,WAAW,CAAC,GAAyB;IAC5C,OAAO,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;AAC/C,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,MAAc;IACtC,OAAO,CAAC,GAAyB,EAAE,GAAwB,EAAE,EAAE;QAC7D,IAAI,OAAe,CAAC;QACpB,IAAI,WAAW,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7C,OAAO,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACvB,OAAO;QACT,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACxB,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,WAAW,CAAC,CAAC;YAChD,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEhC,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;gBAClC,IAAI,iBAAiB,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;oBACtC,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;oBACxC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;wBACjB,QAAQ,EAAE,GAAG;wBACb,YAAY,EAAE,SAAS;qBACxB,CAAC,CAAC;oBACH,GAAG,CAAC,GAAG,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC;gBACD,yDAAyD;gBACzD,MAAM,IAAI,GAAG,iBAAiB,CAAC,6CAA6C,CAAC,CAAC;gBAC9E,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBACd,OAAO;YACT,CAAC;YAED,2CAA2C;YAC3C,MAAM,IAAI,GAAG,iBAAiB,EAAE,CAAC;YACjC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACd,OAAO;QACT,CAAC;QAED,0DAA0D;QAC1D,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC,qBAAqB,CAAC,YAAY,EAAE,MAAM,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,GAAG,CAAC,GAAG,EAAE,CAAC;YACV,OAAO;QACT,CAAC;QAED,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC,CAAC;AACJ,CAAC;AAED,mEAAmE;AACnE,SAAS,iBAAiB,CAAC,IAAY;IACrC,OAAO,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,iBAAiB,CAAC;AAC3E,CAAC;AAED,SAAS,IAAI;IACX,6EAA6E;IAC7E,gBAAgB,EAAE,CAAC;IAEnB,4CAA4C;IAC5C,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;IAEpC,oBAAoB;IACpB,eAAe,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC;IACrC,eAAe,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;IACpC,eAAe,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;IAClC,eAAe,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IAExC,6DAA6D;IAC7D,MAAM,mBAAmB,GAAW,KAAK,CAAC;IAC1C,IAAI,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SACtD,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACf,MAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,EACzC,sBAAsB,CACvB,CAAC;IACJ,CAAC,CAAC;SACD,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;QACtB,MAAM,UAAU,GACd,GAAG,YAAY,KAAK;YACpB,CAAC,MAAM,IAAI,GAAG;gBACZ,CAAC,CAAE,GAAiC,CAAC,IAAI,KAAK,QAAQ;gBACtD,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACtC,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CACT,kHAAkH,CACnH,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,EACP,6EAA6E,CAC9E,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,kBAAkB;IAClB,cAAc,CAAC,CAAC,aAAa,EAAE,EAAE;QAC/B,uBAAuB,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;QACvD,qBAAqB,EAAE,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,gCAAgC;IAChC,mBAAmB,EAAE,CAAC;IACtB,mBAAmB,EAAE,CAAC;IAEtB,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,MAAM,CAAC,mBAAmB,CAAC,EAAE,EAAE,CAAC,CAAC;IACvF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,WAAW,CAAC;IACzD,MAAM,YAAY,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAEjD,yFAAyF;IACzF,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;IACpE,MAAM,WAAW,GAAG,kBAAkB,CAAC;QACrC,MAAM,EAAE,qBAAqB;QAC7B,YAAY,EAAE;YACZ,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBACtB,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;gBACzD,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;gBACpD,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;oBACzB,MAAM,IAAI,YAAY,CAAC,cAAc,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;gBAC/D,CAAC;gBACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;SACF;KACF,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IAEnD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACpD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,+DAA+D,EAAE,QAAQ,CAAC,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,UAAU,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE;QACzC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,uCAAuC,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC9G,CAAC,CAAC,CAAC;IAEH,4CAA4C;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC;IAE9D,cAAc,CAAC,SAAS,EAAE,YAAY,EAAE,CAAC,YAAoB,EAAE,EAAE,CAC/D,qBAAqB,CAAC,YAAY,EAAE,MAAM,CAAC,CAC5C,CAAC;IAEF,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACnD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,+DAA+D,EAAE,OAAO,CAAC,CAAC;QAC5G,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,oCAAoC,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAEvG,sDAAsD;QACtD,MAAM,IAAI,GAAG,mBAAmB,EAAE,CAAC;QACnC,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,WAAW,GAAG,iBAAiB,CAAC,QAAQ,CAAC;gBAC7C,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,WAAW,CAAC;gBAChC,CAAC,CAAC,QAAQ,CAAC;YACb,MAAM,UAAU,GAAG,UAAU,WAAW,IAAI,OAAO,cAAc,IAAI,EAAE,CAAC;YAExE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;YAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,UAAU,IAAI,CAAC,CAAC;YAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAE3B,yEAAyE;YACzE,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC;oBACH,iEAAiE;oBACjE,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAwF,CAAC;oBAC3H,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;yBAC3D,IAAI,CAAC,CAAC,EAAU,EAAE,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;yBACnD,KAAK,CAAC,GAAG,EAAE,GAA4C,CAAC,CAAC,CAAC;gBAC/D,CAAC;gBAAC,MAAM,CAAC;oBACP,iCAAiC;gBACnC,CAAC;YACH,CAAC;YAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAC/D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAE3B,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,uBAAuB,CAAC,CAAC;QAE5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,iDAAiD;IACjD,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,eAAe,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;IAE3E,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACnD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,+DAA+D,EAAE,OAAO,CAAC,CAAC;QAC5G,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,gCAAgC,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACrG,CAAC,CAAC,CAAC;IAEH,qFAAqF;IACrF,MAAM,mBAAmB,GAAW,KAAK,CAAC;IAE1C,KAAK,UAAU,QAAQ;QACrB,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAChC,kBAAkB,EAAE,CAAC;QACrB,kBAAkB,EAAE,CAAC;QACrB,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;YAChC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,EAAE,mBAAmB,CAAC,CAAC;QAExB,MAAM,eAAe,EAAE,CAAC;QAExB,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,UAAU,CAAC,KAAK,CAAC,CAAC,GAAW,EAAE,EAAE;gBAC/B,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,iCAAiC,CAAC,CAAC;gBAC3D,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,SAAS,CAAC,KAAK,CAAC,CAAC,GAAW,EAAE,EAAE;gBAC9B,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,gCAAgC,CAAC,CAAC;gBAC1D,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,SAAS,CAAC,KAAK,CAAC,CAAC,GAAW,EAAE,EAAE;gBAC9B,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,gCAAgC,CAAC,CAAC;gBAC1D,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,kEAAkE;IAClE,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,kEAAkE;IAClE,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC;AAED,IAAI,EAAE,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,MAAM,YAAY,CAAC;AAC/B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC7F,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAC/G,OAAO,EACL,cAAc,EAAE,SAAS,EACzB,uBAAuB,EAAE,wBAAwB,EACjD,kBAAkB,EAAE,mBAAmB,EACvC,iBAAiB,EAAE,gBAAgB,GACpC,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAC;AACpF,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,yCAAyC;AACzC,OAAO,SAAS,CAAC;AAEjB,MAAM,UAAU,GAA2B;IACzC,OAAO,EAAE,WAAW;IACpB,KAAK,EAAE,wBAAwB;IAC/B,MAAM,EAAE,UAAU;IAClB,OAAO,EAAE,kBAAkB;IAC3B,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,WAAW;IACnB,MAAM,EAAE,cAAc;CACvB,CAAC;AAEF,kEAAkE;AAClE,MAAM,UAAU,GAAgB,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/D,MAAM,YAAY,GAAW,OAAO,CAClC,OAAO,CAAC,GAAG,CAAC,eAAe;OACtB,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC,EAAE,MAAM,CAAC,CAC/E,CAAC;AAEF,2EAA2E;AAC3E,SAAS,iBAAiB,CAAC,KAAc;IACvC,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,+CAA+C,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1F,OAAO;;;;;;;;;;;;;;;;;IAiBL,SAAS;;;;;qBAKQ,CAAC;AACtB,CAAC;AAED,mEAAmE;AACnE,MAAM,WAAW,GAAW;;;;;;;;;;;8CAWkB,CAAC;AAE/C;;;;;GAKG;AACH,SAAS,mBAAmB,CAC1B,UAAkB,EAClB,WAAmB,EACnB,gBAAyB,EACzB,KAAc;IAEd,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,+CAA+C,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1F,MAAM,YAAY,GAAG,gBAAgB;QACnC,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC;iJAC2I,CAAC;IAChJ,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,sBAAsB,CAAC;IAE5E,OAAO;;;SAGA,WAAW;;;iCAGa,UAAU,CAAC,UAAU,CAAC;IACnD,SAAS;;MAEP,YAAY;sDACoC,UAAU,CAAC,WAAW,CAAC;0DACnB,WAAW;;;qBAGhD,CAAC;AACtB,CAAC;AAED,wFAAwF;AACxF,SAAS,UAAU,CAAC,GAAW;IAC7B,OAAO,GAAG;SACP,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AAC7B,CAAC;AAED,wDAAwD;AACxD,MAAM,aAAa,GAAW,MAAM,CAAC;AAErC;;;;;GAKG;AACH,SAAS,QAAQ,CAAC,GAAyB;IACzC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,SAAS,GAAW,CAAC,CAAC;QAC1B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC;YAC1B,IAAI,SAAS,GAAG,aAAa,EAAE,CAAC;gBAC9B,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC;gBACpC,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,aAAa,CAAC,GAAyB;IACpD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;IAChC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CACtB,GAAyB,EACzB,GAAwB,EACxB,OAAe;IAEf,MAAM,MAAM,GAAG,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,EAAE,CAAC;IACjD,IAAI,QAAQ,GAAG,MAAM;QACnB,CAAC,CAAC,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC;QAClC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,SAAS,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC;IAEpD,6EAA6E;IAC7E,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC7C,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,KAAK,QAAQ,EAAE,CAAC;QACpE,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,eAAe;QACf,QAAQ,GAAG,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC9B,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,0BAA0B,CAAC;IAElE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;QACvC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;QACpD,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,sDAAsD;AACtD,SAAS,WAAW,CAAC,GAAyB;IAC5C,OAAO,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;AAC/C,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CACvB,MAAc,EACd,OAAe,EACf,QAAgB;IAEhB,iEAAiE;IACjE,MAAM,YAAY,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;IAC1E,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,YAAY,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC;IAChF,MAAM,UAAU,GAAG,UAAU,OAAO,IAAI,OAAO,EAAE,CAAC;IAElD,kEAAkE;IAClE,OAAO,KAAK,EAAE,GAAyB,EAAE,GAAwB,EAAE,EAAE;QACnE,IAAI,OAAe,CAAC;QACpB,IAAI,WAAW,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7C,OAAO,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACvB,OAAO;QACT,CAAC;QAED,wDAAwD;QACxD,IAAI,OAAO,KAAK,yCAAyC,EAAE,CAAC;YAC1D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;gBACrB,MAAM,EAAE,UAAU;gBAClB,sBAAsB,EAAE,GAAG,UAAU,YAAY;gBACjD,cAAc,EAAE,GAAG,UAAU,QAAQ;gBACrC,qBAAqB,EAAE,GAAG,UAAU,WAAW;gBAC/C,wBAAwB,EAAE,CAAC,MAAM,CAAC;gBAClC,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;gBAC9D,gCAAgC,EAAE,CAAC,MAAM,CAAC;gBAC1C,qCAAqC,EAAE,CAAC,MAAM,CAAC;aAChD,CAAC,CAAC,CAAC;YACJ,OAAO;QACT,CAAC;QAED,2DAA2D;QAC3D,IAAI,OAAO,KAAK,WAAW,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACrD,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAChC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAuD,CAAC;gBACrF,MAAM,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC;gBAC1C,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC;gBAEtC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC9D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,2BAA2B,EAAE,CAAC,CAAC,CAAC;oBACtG,OAAO;gBACT,CAAC;gBAED,wFAAwF;gBACxF,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;oBAC/B,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;wBAC5B,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,KAAK,KAAK,CAAC;wBACnH,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;wBAClF,IAAI,CAAC,UAAU,IAAI,CAAC,aAAa,EAAE,CAAC;4BAClC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;4BAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,iBAAiB,EAAE,qEAAqE,EAAE,CAAC,CAAC,CAAC;4BACxJ,OAAO;wBACT,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;wBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,CAAC,CAAC,CAAC;wBACzG,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,MAAM,MAAM,GAAG,cAAc,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;gBACxD,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,iBAAiB,EAAE,6BAA6B,EAAE,CAAC,CAAC,CAAC;oBAChH,OAAO;gBACT,CAAC;gBACD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;oBACrB,SAAS,EAAE,MAAM,CAAC,QAAQ;oBAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;oBAClC,WAAW,EAAE,MAAM,CAAC,UAAU;iBAC/B,CAAC,CAAC,CAAC;YACN,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC;YACxD,CAAC;YACD,OAAO;QACT,CAAC;QAED,gEAAgE;QAChE,IAAI,OAAO,KAAK,YAAY,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACrD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,WAAW,CAAC,CAAC;YAChD,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;YACvD,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YACrD,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;YACzD,MAAM,mBAAmB,GAAG,MAAM,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC;YACtE,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;YAE9C,2BAA2B;YAC3B,IAAI,YAAY,KAAK,MAAM,EAAE,CAAC;gBAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC,CAAC;gBAChE,OAAO;YACT,CAAC;YAED,IAAI,CAAC,QAAQ,IAAI,CAAC,WAAW,IAAI,CAAC,aAAa,EAAE,CAAC;gBAChD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,6BAA6B,EAAE,CAAC,CAAC,CAAC;gBACxG,OAAO;YACT,CAAC;YAED,IAAI,mBAAmB,IAAI,mBAAmB,KAAK,MAAM,EAAE,CAAC;gBAC1D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,8CAA8C,EAAE,CAAC,CAAC,CAAC;gBACzH,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;gBAC9F,OAAO;YACT,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC/C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,6BAA6B,EAAE,CAAC,CAAC,CAAC;gBACxG,OAAO;YACT,CAAC;YAED,mDAAmD;YACnD,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC;gBACtC,SAAS,EAAE,QAAQ;gBACnB,YAAY,EAAE,WAAW;gBACzB,cAAc,EAAE,aAAa;gBAC7B,KAAK;gBACL,QAAQ;aACT,CAAC,CAAC,QAAQ,EAAE,CAAC;YAEd,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YAC9C,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YAErE,MAAM,IAAI,GAAG,mBAAmB,CAAC,MAAM,CAAC,UAAU,EAAE,WAAW,EAAE,gBAAgB,CAAC,CAAC;YACnF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACd,OAAO;QACT,CAAC;QAED,2DAA2D;QAC3D,IAAI,OAAO,KAAK,YAAY,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACtD,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;gBAC1C,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC5C,MAAM,cAAc,GAAG,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;gBAC1D,MAAM,WAAW,GAAG,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;gBAEvD,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,cAAc,CAAC,CAAC;gBACxD,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;gBACpD,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;gBAC1D,MAAM,aAAa,GAAG,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;gBAC9D,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAC7C,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;gBAEnD,gFAAgF;gBAChF,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;gBACnC,IAAI,CAAC,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;oBAChD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC;oBACtD,OAAO;gBACT,CAAC;gBAED,gEAAgE;gBAChE,MAAM,aAAa,GAAG,CAAC,MAA8B,EAAU,EAAE;oBAC/D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;oBACjC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;wBAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBACnC,CAAC;oBACD,IAAI,KAAK,EAAE,CAAC;wBACV,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBACvC,CAAC;oBACD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACxB,CAAC,CAAC;gBAEF,cAAc;gBACd,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;oBACtB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,aAAa,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC,CAAC;oBAC5E,GAAG,CAAC,GAAG,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC;gBAED,sDAAsD;gBACtD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;gBAC9C,IAAI,gBAAgB,GAAG,qBAAqB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;gBACnE,MAAM,eAAe,GAAsC,EAAE,CAAC;gBAE9D,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACtB,IAAI,CAAC,WAAW,EAAE,CAAC;wBACjB,MAAM,IAAI,GAAG,mBAAmB,CAC9B,MAAM,CAAC,UAAU,EAAE,cAAc,EAAE,KAAK,EAAE,2BAA2B,CACtE,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;wBACd,OAAO;oBACT,CAAC;oBAED,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;oBAClC,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,QAAQ,CAAC,EAAE,CAAC;wBAC9C,MAAM,IAAI,GAAG,mBAAmB,CAC9B,MAAM,CAAC,UAAU,EAAE,cAAc,EAAE,KAAK,EAAE,kCAAkC,CAC7E,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;wBACd,OAAO;oBACT,CAAC;oBAED,oDAAoD;oBACpD,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;oBACxC,eAAe,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC;oBAC1C,gBAAgB,GAAG,IAAI,CAAC;gBAC1B,CAAC;gBAED,uCAAuC;gBACvC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC;gBACzF,MAAM,WAAW,GAAG,aAAa,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;gBAEtD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;oBACjB,GAAG,eAAe;oBAClB,QAAQ,EAAE,WAAW;iBACtB,CAAC,CAAC;gBACH,GAAG,CAAC,GAAG,EAAE,CAAC;YACZ,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACzB,CAAC;YACD,OAAO;QACT,CAAC;QAED,+BAA+B;QAC/B,IAAI,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAClD,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;gBAC1C,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;gBAEnD,IAAI,SAAS,KAAK,oBAAoB,EAAE,CAAC;oBACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;oBACxC,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;oBACjD,MAAM,WAAW,GAAG,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;oBACvD,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;oBACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;oBAEhD,MAAM,cAAc,GAAG,wBAAwB,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;oBACrG,IAAI,CAAC,cAAc,EAAE,CAAC;wBACpB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;wBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC;wBACpD,OAAO;oBACT,CAAC;oBAED,MAAM,WAAW,GAAG,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;oBACvE,MAAM,YAAY,GAAG,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;oBAE5D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,UAAU,EAAE,CAAC,CAAC;oBACxF,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;wBACrB,YAAY,EAAE,WAAW;wBACzB,UAAU,EAAE,QAAQ;wBACpB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,yBAAyB,GAAG,IAAI,CAAC;wBACxD,aAAa,EAAE,YAAY;qBAC5B,CAAC,CAAC,CAAC;oBACJ,OAAO;gBACT,CAAC;gBAED,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;oBAClC,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;oBACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;oBAEjD,MAAM,aAAa,GAAG,mBAAmB,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;oBAClE,IAAI,CAAC,aAAa,EAAE,CAAC;wBACnB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;wBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC;wBACpD,OAAO;oBACT,CAAC;oBAED,MAAM,WAAW,GAAG,sBAAsB,CAAC,QAAQ,EAAE,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;oBACrF,MAAM,eAAe,GAAG,kBAAkB,CAAC,QAAQ,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAC;oBAE7E,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,UAAU,EAAE,CAAC,CAAC;oBACxF,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;wBACrB,YAAY,EAAE,WAAW;wBACzB,UAAU,EAAE,QAAQ;wBACpB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,yBAAyB,GAAG,IAAI,CAAC;wBACxD,aAAa,EAAE,eAAe;qBAC/B,CAAC,CAAC,CAAC;oBACJ,OAAO;gBACT,CAAC;gBAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC,CAAC;YAC/D,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC;YACxD,CAAC;YACD,OAAO;QACT,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACxB,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,WAAW,CAAC,CAAC;YAChD,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEhC,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;gBAClC,IAAI,iBAAiB,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;oBACtC,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;oBACxC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;wBACjB,QAAQ,EAAE,GAAG;wBACb,YAAY,EAAE,SAAS;qBACxB,CAAC,CAAC;oBACH,GAAG,CAAC,GAAG,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC;gBACD,yDAAyD;gBACzD,MAAM,IAAI,GAAG,iBAAiB,CAAC,6CAA6C,CAAC,CAAC;gBAC9E,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBACd,OAAO;YACT,CAAC;YAED,2CAA2C;YAC3C,MAAM,IAAI,GAAG,iBAAiB,EAAE,CAAC;YACjC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACd,OAAO;QACT,CAAC;QAED,0DAA0D;QAC1D,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC,qBAAqB,CAAC,YAAY,EAAE,MAAM,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,GAAG,CAAC,GAAG,EAAE,CAAC;YACV,OAAO;QACT,CAAC;QAED,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC,CAAC;AACJ,CAAC;AAED,mEAAmE;AACnE,SAAS,iBAAiB,CAAC,IAAY;IACrC,OAAO,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,iBAAiB,CAAC;AAC3E,CAAC;AAED,SAAS,IAAI;IACX,6EAA6E;IAC7E,gBAAgB,EAAE,CAAC;IAEnB,4CAA4C;IAC5C,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;IAEpC,oBAAoB;IACpB,eAAe,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC;IACrC,eAAe,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;IACpC,eAAe,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;IAClC,eAAe,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IAExC,6DAA6D;IAC7D,MAAM,mBAAmB,GAAW,KAAK,CAAC;IAC1C,IAAI,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SACtD,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACf,MAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,EACzC,sBAAsB,CACvB,CAAC;IACJ,CAAC,CAAC;SACD,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;QACtB,MAAM,UAAU,GACd,GAAG,YAAY,KAAK;YACpB,CAAC,MAAM,IAAI,GAAG;gBACZ,CAAC,CAAE,GAAiC,CAAC,IAAI,KAAK,QAAQ;gBACtD,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACtC,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CACT,kHAAkH,CACnH,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,EACP,6EAA6E,CAC9E,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,kBAAkB;IAClB,cAAc,CAAC,CAAC,aAAa,EAAE,EAAE;QAC/B,uBAAuB,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;QACvD,qBAAqB,EAAE,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,gCAAgC;IAChC,mBAAmB,EAAE,CAAC;IACtB,mBAAmB,EAAE,CAAC;IACtB,iBAAiB,EAAE,CAAC;IAEpB,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,MAAM,CAAC,mBAAmB,CAAC,EAAE,EAAE,CAAC,CAAC;IACvF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,WAAW,CAAC;IACzD,MAAM,YAAY,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAEjD,yFAAyF;IACzF,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;IACpE,MAAM,WAAW,GAAG,kBAAkB,CAAC;QACrC,MAAM,EAAE,qBAAqB;QAC7B,YAAY,EAAE;YACZ,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBACtB,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;gBACzD,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;gBACpD,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;oBACzB,MAAM,IAAI,YAAY,CAAC,cAAc,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;gBAC/D,CAAC;gBACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;SACF;KACF,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IAEnD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACpD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,+DAA+D,EAAE,QAAQ,CAAC,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,UAAU,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE;QACzC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,uCAAuC,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC9G,CAAC,CAAC,CAAC;IAEH,4CAA4C;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC,CAAC;IACvF,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEjF,cAAc,CAAC,SAAS,EAAE,YAAY,EAAE,CAAC,YAAoB,EAAE,EAAE,CAC/D,qBAAqB,CAAC,YAAY,EAAE,MAAM,CAAC,CAC5C,CAAC;IAEF,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACnD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,+DAA+D,EAAE,OAAO,CAAC,CAAC;QAC5G,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,oCAAoC,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAEvG,sDAAsD;QACtD,MAAM,IAAI,GAAG,mBAAmB,EAAE,CAAC;QACnC,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,WAAW,GAAG,iBAAiB,CAAC,QAAQ,CAAC;gBAC7C,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,WAAW,CAAC;gBAChC,CAAC,CAAC,QAAQ,CAAC;YACb,MAAM,UAAU,GAAG,UAAU,WAAW,IAAI,OAAO,cAAc,IAAI,EAAE,CAAC;YAExE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;YAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,UAAU,IAAI,CAAC,CAAC;YAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAE3B,yEAAyE;YACzE,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC;oBACH,iEAAiE;oBACjE,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAwF,CAAC;oBAC3H,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;yBAC3D,IAAI,CAAC,CAAC,EAAU,EAAE,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;yBACnD,KAAK,CAAC,GAAG,EAAE,GAA4C,CAAC,CAAC,CAAC;gBAC/D,CAAC;gBAAC,MAAM,CAAC;oBACP,iCAAiC;gBACnC,CAAC;YACH,CAAC;YAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAC/D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAE3B,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,uBAAuB,CAAC,CAAC;QAE5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,iDAAiD;IACjD,0DAA0D;IAC1D,MAAM,YAAY,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;IAC1E,MAAM,eAAe,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,YAAY,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC;IACxF,MAAM,aAAa,GAAG,UAAU,eAAe,IAAI,OAAO,EAAE,CAAC;IAC7D,MAAM,SAAS,GAAG,eAAe,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,sBAAsB,EAAE,aAAa,EAAE,CAAC,CAAC;IAElH,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACnD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,+DAA+D,EAAE,OAAO,CAAC,CAAC;QAC5G,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,gCAAgC,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACrG,CAAC,CAAC,CAAC;IAEH,qFAAqF;IACrF,MAAM,mBAAmB,GAAW,KAAK,CAAC;IAE1C,KAAK,UAAU,QAAQ;QACrB,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAChC,kBAAkB,EAAE,CAAC;QACrB,kBAAkB,EAAE,CAAC;QACrB,gBAAgB,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;YAChC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,EAAE,mBAAmB,CAAC,CAAC;QAExB,MAAM,eAAe,EAAE,CAAC;QAExB,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,UAAU,CAAC,KAAK,CAAC,CAAC,GAAW,EAAE,EAAE;gBAC/B,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,iCAAiC,CAAC,CAAC;gBAC3D,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,SAAS,CAAC,KAAK,CAAC,CAAC,GAAW,EAAE,EAAE;gBAC9B,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,gCAAgC,CAAC,CAAC;gBAC1D,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,SAAS,CAAC,KAAK,CAAC,CAAC,GAAW,EAAE,EAAE;gBAC9B,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,gCAAgC,CAAC,CAAC;gBAC1D,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,kEAAkE;IAClE,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,kEAAkE;IAClE,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC;AAED,IAAI,EAAE,CAAC"}
package/dist/oauth.d.ts ADDED
@@ -0,0 +1,100 @@
1
+ interface ClientRecord {
2
+ clientId: string;
3
+ redirectUris: string[];
4
+ clientName: string;
5
+ createdAt: number;
6
+ }
7
+ /**
8
+ * Register a new OAuth client with dynamic client registration.
9
+ *
10
+ * @param redirectUris - List of allowed redirect URIs for this client.
11
+ * @param clientName - Human-readable name for the client (optional).
12
+ * @returns The newly registered client record.
13
+ */
14
+ export declare function registerClient(redirectUris: string[], clientName?: string): ClientRecord | undefined;
15
+ /**
16
+ * Look up a registered client by ID.
17
+ *
18
+ * @param clientId - The client ID to look up.
19
+ * @returns The client record, or undefined if not found.
20
+ */
21
+ export declare function getClient(clientId: string): ClientRecord | undefined;
22
+ interface AuthCodeRecord {
23
+ code: string;
24
+ clientId: string;
25
+ redirectUri: string;
26
+ codeChallenge: string;
27
+ resource: string;
28
+ createdAt: number;
29
+ expiresAt: number;
30
+ }
31
+ /**
32
+ * Create a single-use authorization code bound to the given parameters.
33
+ *
34
+ * @param clientId - The client that requested authorization.
35
+ * @param redirectUri - The redirect URI for this authorization.
36
+ * @param codeChallenge - PKCE S256 code challenge.
37
+ * @param resource - The resource URL the client wants to access.
38
+ * @returns The generated authorization code string.
39
+ */
40
+ export declare function createAuthorizationCode(clientId: string, redirectUri: string, codeChallenge: string, resource: string): string;
41
+ /**
42
+ * Compute the S256 code challenge from a code verifier.
43
+ *
44
+ * @param codeVerifier - The PKCE code verifier string.
45
+ * @returns The base64url-encoded SHA-256 hash.
46
+ */
47
+ export declare function computeCodeChallenge(codeVerifier: string): string;
48
+ /**
49
+ * Verify that a code verifier matches a code challenge using S256.
50
+ *
51
+ * @param codeVerifier - The PKCE code verifier from the token request.
52
+ * @param codeChallenge - The code challenge stored at authorization time.
53
+ * @returns True if the verifier matches the challenge.
54
+ */
55
+ export declare function verifyCodeChallenge(codeVerifier: string, codeChallenge: string): boolean;
56
+ /**
57
+ * Consume an authorization code, validating all parameters.
58
+ *
59
+ * The code is deleted regardless of whether validation succeeds (single-use).
60
+ *
61
+ * @param code - The authorization code to consume.
62
+ * @param clientId - The client ID making the token request.
63
+ * @param redirectUri - The redirect URI from the token request.
64
+ * @param codeVerifier - The PKCE code verifier.
65
+ * @param resource - The resource URL from the token request.
66
+ * @returns The auth code record if valid, or undefined.
67
+ */
68
+ export declare function consumeAuthorizationCode(code: string, clientId: string, redirectUri: string, codeVerifier: string, resource: string): AuthCodeRecord | undefined;
69
+ interface RefreshTokenRecord {
70
+ token: string;
71
+ clientId: string;
72
+ resource: string;
73
+ createdAt: number;
74
+ expiresAt: number;
75
+ }
76
+ /**
77
+ * Create a new refresh token for the given client and resource.
78
+ *
79
+ * @param clientId - The client this refresh token is issued to.
80
+ * @param resource - The resource URL this refresh token is scoped to.
81
+ * @returns The generated refresh token string.
82
+ */
83
+ export declare function createRefreshToken(clientId: string, resource: string): string;
84
+ /**
85
+ * Consume a refresh token with rotation — the old token is invalidated and
86
+ * a new one must be issued in its place.
87
+ *
88
+ * @param token - The refresh token to consume.
89
+ * @param clientId - The client ID making the refresh request.
90
+ * @returns The refresh token record if valid, or undefined.
91
+ */
92
+ export declare function consumeRefreshToken(token: string, clientId: string): RefreshTokenRecord | undefined;
93
+ /** Start the periodic OAuth state cleanup timer. Call once on server startup. */
94
+ export declare function startOAuthCleanup(): void;
95
+ /** Stop the periodic OAuth state cleanup timer. */
96
+ export declare function stopOAuthCleanup(): void;
97
+ /** Clear all OAuth state. Intended for testing only. */
98
+ export declare function clearOAuthState(): void;
99
+ export {};
100
+ //# sourceMappingURL=oauth.d.ts.map
package/dist/oauth.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAuBA,UAAU,YAAY;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,YAAY,EAAE,MAAM,EAAE,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAwBpG;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAEpE;AAID,UAAU,cAAc;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,MAAM,GACf,MAAM,CAeR;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAEjE;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAGxF;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,GACf,cAAc,GAAG,SAAS,CA+B5B;AAID,UAAU,kBAAkB;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAW7E;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,kBAAkB,GAAG,SAAS,CAmBnG;AAMD,iFAAiF;AACjF,wBAAgB,iBAAiB,IAAI,IAAI,CAuBxC;AAED,mDAAmD;AACnD,wBAAgB,gBAAgB,IAAI,IAAI,CAKvC;AAED,wDAAwD;AACxD,wBAAgB,eAAe,IAAI,IAAI,CAItC"}
package/dist/oauth.js ADDED
@@ -0,0 +1,225 @@
1
+ import { randomUUID, randomBytes, createHash } from "node:crypto";
2
+ import { logger } from "./logger.js";
3
+ /** Time-to-live for authorization codes: 30 seconds. */
4
+ const AUTH_CODE_TTL_MS = 30 * 1000;
5
+ /** Time-to-live for refresh tokens: 30 days. */
6
+ const REFRESH_TOKEN_TTL_MS = 30 * 24 * 60 * 60 * 1000;
7
+ /** Interval at which expired OAuth state is cleaned up. */
8
+ const CLEANUP_INTERVAL_MS = 60 * 1000;
9
+ /** Byte length of generated tokens (authorization codes, refresh tokens). */
10
+ const TOKEN_BYTE_LENGTH = 32;
11
+ /** Maximum number of registered OAuth clients to prevent unbounded growth. */
12
+ const MAX_CLIENTS = 100;
13
+ /** Time-to-live for client registrations: 7 days. */
14
+ const CLIENT_TTL_MS = 7 * 24 * 60 * 60 * 1000;
15
+ /** Registered OAuth clients keyed by client ID. */
16
+ const clients = new Map();
17
+ /**
18
+ * Register a new OAuth client with dynamic client registration.
19
+ *
20
+ * @param redirectUris - List of allowed redirect URIs for this client.
21
+ * @param clientName - Human-readable name for the client (optional).
22
+ * @returns The newly registered client record.
23
+ */
24
+ export function registerClient(redirectUris, clientName) {
25
+ // Evict expired clients before checking capacity
26
+ const now = Date.now();
27
+ for (const [id, rec] of clients) {
28
+ if (now - rec.createdAt > CLIENT_TTL_MS) {
29
+ clients.delete(id);
30
+ }
31
+ }
32
+ if (clients.size >= MAX_CLIENTS) {
33
+ logger.warn("Maximum registered OAuth clients reached (%d)", MAX_CLIENTS);
34
+ return undefined;
35
+ }
36
+ const clientId = randomUUID();
37
+ const record = {
38
+ clientId,
39
+ redirectUris,
40
+ clientName: clientName || "Unknown Client",
41
+ createdAt: now,
42
+ };
43
+ clients.set(clientId, record);
44
+ logger.info({ clientId, clientName: record.clientName }, "OAuth client registered");
45
+ return record;
46
+ }
47
+ /**
48
+ * Look up a registered client by ID.
49
+ *
50
+ * @param clientId - The client ID to look up.
51
+ * @returns The client record, or undefined if not found.
52
+ */
53
+ export function getClient(clientId) {
54
+ return clients.get(clientId);
55
+ }
56
+ /** Active authorization codes keyed by code string. */
57
+ const authCodes = new Map();
58
+ /**
59
+ * Create a single-use authorization code bound to the given parameters.
60
+ *
61
+ * @param clientId - The client that requested authorization.
62
+ * @param redirectUri - The redirect URI for this authorization.
63
+ * @param codeChallenge - PKCE S256 code challenge.
64
+ * @param resource - The resource URL the client wants to access.
65
+ * @returns The generated authorization code string.
66
+ */
67
+ export function createAuthorizationCode(clientId, redirectUri, codeChallenge, resource) {
68
+ const code = randomBytes(TOKEN_BYTE_LENGTH).toString("base64url");
69
+ const now = Date.now();
70
+ const record = {
71
+ code,
72
+ clientId,
73
+ redirectUri,
74
+ codeChallenge,
75
+ resource,
76
+ createdAt: now,
77
+ expiresAt: now + AUTH_CODE_TTL_MS,
78
+ };
79
+ authCodes.set(code, record);
80
+ logger.info({ clientId }, "Authorization code created");
81
+ return code;
82
+ }
83
+ /**
84
+ * Compute the S256 code challenge from a code verifier.
85
+ *
86
+ * @param codeVerifier - The PKCE code verifier string.
87
+ * @returns The base64url-encoded SHA-256 hash.
88
+ */
89
+ export function computeCodeChallenge(codeVerifier) {
90
+ return createHash("sha256").update(codeVerifier).digest("base64url");
91
+ }
92
+ /**
93
+ * Verify that a code verifier matches a code challenge using S256.
94
+ *
95
+ * @param codeVerifier - The PKCE code verifier from the token request.
96
+ * @param codeChallenge - The code challenge stored at authorization time.
97
+ * @returns True if the verifier matches the challenge.
98
+ */
99
+ export function verifyCodeChallenge(codeVerifier, codeChallenge) {
100
+ const computed = computeCodeChallenge(codeVerifier);
101
+ return computed === codeChallenge;
102
+ }
103
+ /**
104
+ * Consume an authorization code, validating all parameters.
105
+ *
106
+ * The code is deleted regardless of whether validation succeeds (single-use).
107
+ *
108
+ * @param code - The authorization code to consume.
109
+ * @param clientId - The client ID making the token request.
110
+ * @param redirectUri - The redirect URI from the token request.
111
+ * @param codeVerifier - The PKCE code verifier.
112
+ * @param resource - The resource URL from the token request.
113
+ * @returns The auth code record if valid, or undefined.
114
+ */
115
+ export function consumeAuthorizationCode(code, clientId, redirectUri, codeVerifier, resource) {
116
+ const record = authCodes.get(code);
117
+ // Always delete to prevent replay — even if validation fails
118
+ authCodes.delete(code);
119
+ if (!record) {
120
+ return undefined;
121
+ }
122
+ const now = Date.now();
123
+ if (now > record.expiresAt) {
124
+ return undefined;
125
+ }
126
+ if (record.clientId !== clientId) {
127
+ return undefined;
128
+ }
129
+ if (record.redirectUri !== redirectUri) {
130
+ return undefined;
131
+ }
132
+ if (record.resource !== resource) {
133
+ return undefined;
134
+ }
135
+ if (!verifyCodeChallenge(codeVerifier, record.codeChallenge)) {
136
+ return undefined;
137
+ }
138
+ return record;
139
+ }
140
+ /** Active refresh tokens keyed by token string. */
141
+ const refreshTokens = new Map();
142
+ /**
143
+ * Create a new refresh token for the given client and resource.
144
+ *
145
+ * @param clientId - The client this refresh token is issued to.
146
+ * @param resource - The resource URL this refresh token is scoped to.
147
+ * @returns The generated refresh token string.
148
+ */
149
+ export function createRefreshToken(clientId, resource) {
150
+ const token = randomBytes(TOKEN_BYTE_LENGTH).toString("base64url");
151
+ const now = Date.now();
152
+ refreshTokens.set(token, {
153
+ token,
154
+ clientId,
155
+ resource,
156
+ createdAt: now,
157
+ expiresAt: now + REFRESH_TOKEN_TTL_MS,
158
+ });
159
+ return token;
160
+ }
161
+ /**
162
+ * Consume a refresh token with rotation — the old token is invalidated and
163
+ * a new one must be issued in its place.
164
+ *
165
+ * @param token - The refresh token to consume.
166
+ * @param clientId - The client ID making the refresh request.
167
+ * @returns The refresh token record if valid, or undefined.
168
+ */
169
+ export function consumeRefreshToken(token, clientId) {
170
+ const record = refreshTokens.get(token);
171
+ // Always delete to enforce rotation
172
+ refreshTokens.delete(token);
173
+ if (!record) {
174
+ return undefined;
175
+ }
176
+ const now = Date.now();
177
+ if (now > record.expiresAt) {
178
+ return undefined;
179
+ }
180
+ if (record.clientId !== clientId) {
181
+ return undefined;
182
+ }
183
+ return record;
184
+ }
185
+ // ─── Cleanup ──────────────────────────────────────────────────────────
186
+ let cleanupTimer;
187
+ /** Start the periodic OAuth state cleanup timer. Call once on server startup. */
188
+ export function startOAuthCleanup() {
189
+ if (cleanupTimer) {
190
+ return;
191
+ }
192
+ cleanupTimer = setInterval(() => {
193
+ const now = Date.now();
194
+ for (const [id, record] of clients) {
195
+ if (now - record.createdAt > CLIENT_TTL_MS) {
196
+ clients.delete(id);
197
+ }
198
+ }
199
+ for (const [code, record] of authCodes) {
200
+ if (now > record.expiresAt) {
201
+ authCodes.delete(code);
202
+ }
203
+ }
204
+ for (const [token, record] of refreshTokens) {
205
+ if (now > record.expiresAt) {
206
+ refreshTokens.delete(token);
207
+ }
208
+ }
209
+ }, CLEANUP_INTERVAL_MS);
210
+ cleanupTimer.unref();
211
+ }
212
+ /** Stop the periodic OAuth state cleanup timer. */
213
+ export function stopOAuthCleanup() {
214
+ if (cleanupTimer) {
215
+ clearInterval(cleanupTimer);
216
+ cleanupTimer = undefined;
217
+ }
218
+ }
219
+ /** Clear all OAuth state. Intended for testing only. */
220
+ export function clearOAuthState() {
221
+ clients.clear();
222
+ authCodes.clear();
223
+ refreshTokens.clear();
224
+ }
225
+ //# sourceMappingURL=oauth.js.map
package/dist/oauth.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth.js","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,wDAAwD;AACxD,MAAM,gBAAgB,GAAW,EAAE,GAAG,IAAI,CAAC;AAE3C,gDAAgD;AAChD,MAAM,oBAAoB,GAAW,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE9D,2DAA2D;AAC3D,MAAM,mBAAmB,GAAW,EAAE,GAAG,IAAI,CAAC;AAE9C,6EAA6E;AAC7E,MAAM,iBAAiB,GAAW,EAAE,CAAC;AAErC,8EAA8E;AAC9E,MAAM,WAAW,GAAW,GAAG,CAAC;AAEhC,qDAAqD;AACrD,MAAM,aAAa,GAAW,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAWtD,mDAAmD;AACnD,MAAM,OAAO,GAA8B,IAAI,GAAG,EAAE,CAAC;AAErD;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,YAAsB,EAAE,UAAmB;IACxE,iDAAiD;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;QAChC,IAAI,GAAG,GAAG,GAAG,CAAC,SAAS,GAAG,aAAa,EAAE,CAAC;YACxC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE,WAAW,CAAC,CAAC;QAC1E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,UAAU,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAiB;QAC3B,QAAQ;QACR,YAAY;QACZ,UAAU,EAAE,UAAU,IAAI,gBAAgB;QAC1C,SAAS,EAAE,GAAG;KACf,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,EAAE,yBAAyB,CAAC,CAAC;IACpF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,SAAS,CAAC,QAAgB;IACxC,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAcD,uDAAuD;AACvD,MAAM,SAAS,GAAgC,IAAI,GAAG,EAAE,CAAC;AAEzD;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CACrC,QAAgB,EAChB,WAAmB,EACnB,aAAqB,EACrB,QAAgB;IAEhB,MAAM,IAAI,GAAG,WAAW,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAClE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAmB;QAC7B,IAAI;QACJ,QAAQ;QACR,WAAW;QACX,aAAa;QACb,QAAQ;QACR,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG,GAAG,gBAAgB;KAClC,CAAC;IACF,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5B,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,4BAA4B,CAAC,CAAC;IACxD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,YAAoB;IACvD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AACvE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,YAAoB,EAAE,aAAqB;IAC7E,MAAM,QAAQ,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;IACpD,OAAO,QAAQ,KAAK,aAAa,CAAC;AACpC,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,wBAAwB,CACtC,IAAY,EACZ,QAAgB,EAChB,WAAmB,EACnB,YAAoB,EACpB,QAAgB;IAEhB,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnC,6DAA6D;IAC7D,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAEvB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;QAC3B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,MAAM,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;QACvC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC;QAC7D,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAYD,mDAAmD;AACnD,MAAM,aAAa,GAAoC,IAAI,GAAG,EAAE,CAAC;AAEjE;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB,EAAE,QAAgB;IACnE,MAAM,KAAK,GAAG,WAAW,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACnE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE;QACvB,KAAK;QACL,QAAQ;QACR,QAAQ;QACR,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG,GAAG,oBAAoB;KACtC,CAAC,CAAC;IACH,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAa,EAAE,QAAgB;IACjE,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACxC,oCAAoC;IACpC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE5B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;QAC3B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,yEAAyE;AAEzE,IAAI,YAAwD,CAAC;AAE7D,iFAAiF;AACjF,MAAM,UAAU,iBAAiB;IAC/B,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;IACT,CAAC;IACD,YAAY,GAAG,WAAW,CAAC,GAAG,EAAE;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACnC,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,GAAG,aAAa,EAAE,CAAC;gBAC3C,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YACvC,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3B,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;YAC5C,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3B,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC,EAAE,mBAAmB,CAAC,CAAC;IACxB,YAAY,CAAC,KAAK,EAAE,CAAC;AACvB,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,gBAAgB;IAC9B,IAAI,YAAY,EAAE,CAAC;QACjB,aAAa,CAAC,YAAY,CAAC,CAAC;QAC5B,YAAY,GAAG,SAAS,CAAC;IAC3B,CAAC;AACH,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,eAAe;IAC7B,OAAO,CAAC,KAAK,EAAE,CAAC;IAChB,SAAS,CAAC,KAAK,EAAE,CAAC;IAClB,aAAa,CAAC,KAAK,EAAE,CAAC;AACxB,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@grackle-ai/server",
3
- "version": "0.33.0",
3
+ "version": "0.34.0",
4
4
  "description": "Central gRPC server with SQLite storage and WebSocket bridge for Grackle",
5
5
  "license": "MIT",
6
6
  "repository": {
@@ -34,9 +34,9 @@
34
34
  "qrcode": "^1.5.4",
35
35
  "uuid": "^11.0.0",
36
36
  "ws": "^8.0.0",
37
- "@grackle-ai/mcp": "0.33.0",
38
- "@grackle-ai/web": "0.33.0",
39
- "@grackle-ai/common": "0.33.0"
37
+ "@grackle-ai/mcp": "0.34.0",
38
+ "@grackle-ai/common": "0.34.0",
39
+ "@grackle-ai/web": "0.34.0"
40
40
  },
41
41
  "devDependencies": {
42
42
  "@rushstack/heft": "1.2.4",