@hmcts/opal-frontend-common-node 0.0.13 → 0.0.14

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@hmcts/opal-frontend-common-node",
   "type": "module",
-  "version": "0.0.13",
+  "version": "0.0.14",
   "license": "MIT",
   "description": "Common nodejs library components for opal",
   "main": "dist/index",
@@ -45,8 +45,8 @@
     "@types/luxon": "^3.4.2",
     "@types/node": "^22.0.0",
     "@types/session-file-store": "^1.2.5",
-    "@typescript-eslint/eslint-plugin": "8.44.0",
-    "@typescript-eslint/parser": "8.44.0",
+    "@typescript-eslint/eslint-plugin": "8.44.1",
+    "@typescript-eslint/parser": "8.44.1",
     "eslint": "^9.0.0",
     "eslint-plugin-prettier": "^5.2.6",
     "typescript": "~5.9.0",

package/sso/sso-authenticated.d.ts

@@ -1,13 +1,27 @@
 import { Request, Response } from 'express';
 /**
- * Express middleware to check if the user is authenticated via SSO.
+ * Express handler that verifies whether the current session has a valid (non-expired) access token.
  *
- * Sets appropriate cache control headers to prevent caching of sensitive authentication responses.
- * Reads the access token from the session and checks if it is present and not expired.
- * Responds with HTTP 401 and `false` if the token is missing or expired, otherwise responds with HTTP 200 and `true`.
+ * Behavior:
+ * - Reads the access token from `req.session.securityToken?.access_token`.
+ * - Prevents caching of the endpoint by setting the `Cache-Control: no-store, must-revalidate` header.
+ * - If the token is missing or expired (determined by `Jwt.isJwtExpired`), responds with HTTP 401 and sends `false`.
+ * - If the token is present and not expired, responds with HTTP 200 and sends `true`.
  *
- * @param req - Express request object, expected to have a session with a securityToken containing an access_token.
- * @param res - Express response object used to send the authentication status.
+ * @param req - Express Request; expected to contain `session.securityToken?.access_token` (string).
+ * @param res - Express Response used to set headers, status code, and send a boolean result.
+ * @returns void
+ *
+ * @remarks
+ * This endpoint is a lightweight authentication status check and has the side-effect of modifying response headers
+ * and sending an HTTP status and boolean payload. It relies on `Jwt.isJwtExpired` for token expiry checks.
+ *
+ * @example
+ * // GET /sso/authenticated
+ * // -> 200 true   (valid token)
+ * // -> 401 false  (missing or expired token)
+ *
+ * @see Jwt.isJwtExpired
  */
 declare const _default: (req: Request, res: Response) => void;
 export default _default;

package/sso/sso-authenticated.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-authenticated.d.ts","sourceRoot":"","sources":["../../src/sso/sso-authenticated.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAG5C;;;;;;;;;GASG;yBACa,KAAK,OAAO,EAAE,KAAK,QAAQ;AAA3C,wBAcE"}
+{"version":3,"file":"sso-authenticated.d.ts","sourceRoot":"","sources":["../../src/sso/sso-authenticated.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAG5C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;yBACa,KAAK,OAAO,EAAE,KAAK,QAAQ;AAA3C,wBAWE"}

package/sso/sso-authenticated.js

@@ -1,22 +1,33 @@
 import { Jwt } from '../utils';
 /**
- * Express middleware to check if the user is authenticated via SSO.
+ * Express handler that verifies whether the current session has a valid (non-expired) access token.
  *
- * Sets appropriate cache control headers to prevent caching of sensitive authentication responses.
- * Reads the access token from the session and checks if it is present and not expired.
- * Responds with HTTP 401 and `false` if the token is missing or expired, otherwise responds with HTTP 200 and `true`.
+ * Behavior:
+ * - Reads the access token from `req.session.securityToken?.access_token`.
+ * - Prevents caching of the endpoint by setting the `Cache-Control: no-store, must-revalidate` header.
+ * - If the token is missing or expired (determined by `Jwt.isJwtExpired`), responds with HTTP 401 and sends `false`.
+ * - If the token is present and not expired, responds with HTTP 200 and sends `true`.
  *
- * @param req - Express request object, expected to have a session with a securityToken containing an access_token.
- * @param res - Express response object used to send the authentication status.
+ * @param req - Express Request; expected to contain `session.securityToken?.access_token` (string).
+ * @param res - Express Response used to set headers, status code, and send a boolean result.
+ * @returns void
+ *
+ * @remarks
+ * This endpoint is a lightweight authentication status check and has the side-effect of modifying response headers
+ * and sending an HTTP status and boolean payload. It relies on `Jwt.isJwtExpired` for token expiry checks.
+ *
+ * @example
+ * // GET /sso/authenticated
+ * // -> 200 true   (valid token)
+ * // -> 401 false  (missing or expired token)
+ *
+ * @see Jwt.isJwtExpired
  */
 export default (req, res) => {
-    res.set('Cache-Control', 'no-store, no-cache, private');
-    res.set('Pragma', 'no-cache');
-    // Read the access token from the session (set during the SSO login callback).
     const accessToken = req.session.securityToken?.access_token;
-    // Validate expiry without decoding secrets; returns true when token is missing or expired.
-    const isJwtExpired = Jwt.isJwtExpired(accessToken);
-    if (!accessToken || isJwtExpired) {
+    // Don't allow caching of this endpoint
+    res.header('Cache-Control', 'no-store, must-revalidate');
+    if (!accessToken || Jwt.isJwtExpired(accessToken)) {
         res.status(401).send(false);
     }
     else {

package/sso/sso-authenticated.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-authenticated.js","sourceRoot":"","sources":["../../src/sso/sso-authenticated.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B;;;;;;;;;GASG;AACH,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7C,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,6BAA6B,CAAC,CAAC;IACxD,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAE9B,8EAA8E;IAC9E,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC;IAC5D,2FAA2F;IAC3F,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IAEnD,IAAI,CAAC,WAAW,IAAI,YAAY,EAAE,CAAC;QACjC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"file":"sso-authenticated.js","sourceRoot":"","sources":["../../src/sso/sso-authenticated.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC;IAE5D,uCAAuC;IACvC,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,2BAA2B,CAAC,CAAC;IAEzD,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;QAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC,CAAC"}

package/stubs/sso/sso-authenticated.stub.d.ts

@@ -1,14 +1,21 @@
 import { Request, Response } from 'express';
 /**
- * Express middleware that checks if the current session has a valid, non-expired access token.
+ * Middleware stub that validates whether the current request is authenticated via a JWT stored on the session.
  *
- * - Sets the `Cache-Control` header to prevent caching of the endpoint.
- * - Retrieves the `access_token` from the session.
- * - If the token is missing or expired (as determined by `Jwt.isJwtExpired`), responds with HTTP 401 and `false`.
- * - Otherwise, responds with HTTP 200 and `true`.
+ * This handler:
+ * - Reads the access token from req.session.securityToken?.access_token.
+ * - Prevents caching of the response by setting the "Cache-Control" header to "no-store, must-revalidate".
+ * - If there is no access token or the token is expired (via Jwt.isJwtExpired), it responds with HTTP 401 and a body of false.
+ * - If the token exists and is valid, it responds with HTTP 200 and a body of true.
  *
- * @param req - The Express request object, expected to have a `session.securityToken.access_token` property.
- * @param res - The Express response object used to send the HTTP response.
+ * The function writes the response directly to the provided Express Response object and does not return a value.
+ *
+ * @param req - The incoming Express Request. Expects a session object with an optional securityToken containing access_token.
+ * @param res - The Express Response used to set headers, status, and send the boolean authentication result.
+ *
+ * @remarks
+ * - This is a simple stub intended for testing or service-mocking; it performs no additional authentication logic beyond token existence and expiry check.
+ * - Side effects: sets Cache-Control header and sends an HTTP response (status + boolean body).
  */
 declare const _default: (req: Request, res: Response) => void;
 export default _default;

package/stubs/sso/sso-authenticated.stub.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-authenticated.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-authenticated.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAG5C;;;;;;;;;;GAUG;yBACa,KAAK,OAAO,EAAE,KAAK,QAAQ;AAA3C,wBAWE"}
+{"version":3,"file":"sso-authenticated.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-authenticated.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAG5C;;;;;;;;;;;;;;;;;GAiBG;yBACa,KAAK,OAAO,EAAE,KAAK,QAAQ;AAA3C,wBAWE"}

package/stubs/sso/sso-authenticated.stub.js

@@ -1,22 +1,31 @@
 import { Jwt } from '../../utils';
 /**
- * Express middleware that checks if the current session has a valid, non-expired access token.
+ * Middleware stub that validates whether the current request is authenticated via a JWT stored on the session.
  *
- * - Sets the `Cache-Control` header to prevent caching of the endpoint.
- * - Retrieves the `access_token` from the session.
- * - If the token is missing or expired (as determined by `Jwt.isJwtExpired`), responds with HTTP 401 and `false`.
- * - Otherwise, responds with HTTP 200 and `true`.
+ * This handler:
+ * - Reads the access token from req.session.securityToken?.access_token.
+ * - Prevents caching of the response by setting the "Cache-Control" header to "no-store, must-revalidate".
+ * - If there is no access token or the token is expired (via Jwt.isJwtExpired), it responds with HTTP 401 and a body of false.
+ * - If the token exists and is valid, it responds with HTTP 200 and a body of true.
  *
- * @param req - The Express request object, expected to have a `session.securityToken.access_token` property.
- * @param res - The Express response object used to send the HTTP response.
+ * The function writes the response directly to the provided Express Response object and does not return a value.
+ *
+ * @param req - The incoming Express Request. Expects a session object with an optional securityToken containing access_token.
+ * @param res - The Express Response used to set headers, status, and send the boolean authentication result.
+ *
+ * @remarks
+ * - This is a simple stub intended for testing or service-mocking; it performs no additional authentication logic beyond token existence and expiry check.
+ * - Side effects: sets Cache-Control header and sends an HTTP response (status + boolean body).
  */
 export default (req, res) => {
+    const accessToken = req.session.securityToken?.access_token;
     // Don't allow caching of this endpoint
     res.header('Cache-Control', 'no-store, must-revalidate');
-    const accessToken = req.session.securityToken?.access_token;
     if (!accessToken || Jwt.isJwtExpired(accessToken)) {
         res.status(401).send(false);
     }
-    res.status(200).send(true);
+    else {
+        res.status(200).send(true);
+    }
 };
 //# sourceMappingURL=sso-authenticated.stub.js.map

package/stubs/sso/sso-authenticated.stub.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-authenticated.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-authenticated.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAElC;;;;;;;;;;GAUG;AACH,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7C,uCAAuC;IACvC,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,2BAA2B,CAAC,CAAC;IAEzD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC;IAE5D,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;QAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC,CAAC"}
+{"version":3,"file":"sso-authenticated.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-authenticated.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAElC;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC;IAE5D,uCAAuC;IACvC,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,2BAA2B,CAAC,CAAC;IAEzD,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;QAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC,CAAC"}

package/stubs/sso/sso-login-callback.stub.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-login-callback.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login-callback.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAI1D;;;;;;;;;;;;;;;;GAgBG;yBACmB,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,EAAE,YAAY,MAAM;AAAzF,wBA2CE"}
+{"version":3,"file":"sso-login-callback.stub.d.ts","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login-callback.stub.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAI1D;;;;;;;;;;;;;;;;GAgBG;yBACmB,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,EAAE,YAAY,MAAM;AAAzF,wBA0CE"}

package/stubs/sso/sso-login-callback.stub.js

@@ -46,7 +46,6 @@ export default async (req, res, next, opalApiUrl) => {
                 logger.error('Error saving session', err);
                 return next(err);
             }
-            logger.info('Session saved (access token only)');
             return res.redirect('/');
         });
     }

package/stubs/sso/sso-login-callback.stub.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-login-callback.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login-callback.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B;;;;;;;;;;;;;;;;GAgBG;AACH,eAAe,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,UAAkB,EAAE,EAAE;IAC3F,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,KAAK,GAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAwB,EAAE,IAAI,EAAE,CAAC;QACjE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAChE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAED,MAAM,cAAc,GAAG,GAAG,UAAU,6BAA6B,CAAC;QAElE,6DAA6D;QAC7D,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE;YAC7C,OAAO,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE;SACnC,CAAC,CAAC;QAEH,4EAA4E;QAC5E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACzB,MAAM,YAAY,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,YAAY,CAAC;QAE1E,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACvE,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAED,iDAAiD;QACjD,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;QAEpE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACvB,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;gBAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;YACjD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"file":"sso-login-callback.stub.js","sourceRoot":"","sources":["../../../src/stubs/sso/sso-login-callback.stub.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B;;;;;;;;;;;;;;;;GAgBG;AACH,eAAe,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,UAAkB,EAAE,EAAE;IAC3F,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,KAAK,GAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAwB,EAAE,IAAI,EAAE,CAAC;QACjE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAChE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAED,MAAM,cAAc,GAAG,GAAG,UAAU,6BAA6B,CAAC;QAElE,6DAA6D;QAC7D,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE;YAC7C,OAAO,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE;SACnC,CAAC,CAAC;QAEH,4EAA4E;QAC5E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACzB,MAAM,YAAY,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,YAAY,CAAC;QAE1E,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACvE,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAED,iDAAiD;QACjD,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;QAEpE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACvB,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;gBAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;YACD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;AACH,CAAC,CAAC"}