@holo-js/authorization 0.1.8 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/{chunk-WPHPV4WY.mjs → chunk-D3VQVCPX.mjs} +2 -2
  2. package/dist/chunk-D3VQVCPX.mjs.map +1 -0
  3. package/dist/contracts.d.ts +6 -1
  4. package/dist/contracts.mjs +1 -1
  5. package/dist/index.mjs +14 -41
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +1 -1
  8. package/dist/chunk-WPHPV4WY.mjs.map +0 -1
package/dist/{chunk-WPHPV4WY.mjs → chunk-D3VQVCPX.mjs} RENAMED
@@ -78,5 +78,5 @@ function normalizeAuthorizationDecision(outcome, fallbackMessage = "You are not
78
78
  }
79
79
 
80
80
  export { AUTHORIZATION_ABILITY_MARKER, AUTHORIZATION_POLICY_MARKER, AuthorizationAbilityNotFoundError, AuthorizationAuthIntegrationMissingError, AuthorizationError, AuthorizationGuardNotFoundError, AuthorizationPolicyNotFoundError, allow, deny, denyAsNotFound, isAuthorizationAbilityDefinition, isAuthorizationDecision, isAuthorizationPolicyDefinition, normalizeAuthorizationDecision };
81
- //# sourceMappingURL=chunk-WPHPV4WY.mjs.map
82
- //# sourceMappingURL=chunk-WPHPV4WY.mjs.map
81
+ //# sourceMappingURL=chunk-D3VQVCPX.mjs.map
82
+ //# sourceMappingURL=chunk-D3VQVCPX.mjs.map
package/dist/chunk-D3VQVCPX.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/contracts.ts"],"names":[],"mappings":";AAAA,IAAM,2BAAA,mBAA8B,MAAA,CAAO,GAAA,CAAI,8BAA8B;AAC7E,IAAM,4BAAA,mBAA+B,MAAA,CAAO,GAAA,CAAI,+BAA+B;AA6WxE,IAAM,kBAAA,GAAN,cAAiC,KAAA,CAAM;AAAA,EACnC,QAAA;AAAA,EAET,WAAA,CAAY,SAAiB,QAAA,EAAiC;AAC5D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AACZ,IAAA,IAAA,CAAK,QAAA,GAAW,QAAA;AAAA,EAClB;AACF;AAEO,IAAM,gCAAA,GAAN,cAA+C,KAAA,CAAM;AAAA,EAC1D,WAAA,CAAY,UAAU,2DAAA,EAA6D;AACjF,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,kCAAA;AAAA,EACd;AACF;AAEO,IAAM,iCAAA,GAAN,cAAgD,KAAA,CAAM;AAAA,EAC3D,WAAA,CAAY,UAAU,4DAAA,EAA8D;AAClF,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,mCAAA;AAAA,EACd;AACF;AAEO,IAAM,wCAAA,GAAN,cAAuD,KAAA,CAAM;AAAA,EAClE,WAAA,CAAY,UAAU,kEAAA,EAAoE;AACxF,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,0CAAA;AAAA,EACd;AACF;AAEO,IAAM,+BAAA,GAAN,cAA8C,KAAA,CAAM;AAAA,EACzD,WAAA,CAAY,UAAU,+CAAA,EAAiD;AACrE,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,iCAAA;AAAA,EACd;AACF;AAEO,SAAS,MAAM,OAAA,EAAyC;AAC7D,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,OAAA,EAAS,IAAA;AAAA,IACT,MAAA,EAAQ,GAAA;AAAA,IACR,GAAI,OAAA,GAAU,EAAE,OAAA,KAAY;AAAC,GAC9B,CAAA;AACH;AAEO,SAAS,IAAA,CAAK,UAAU,gDAAA,EAAyE;AACtG,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,OAAA,EAAS,KAAA;AAAA,IACT,MAAA,EAAQ,GAAA;AAAA,IACR;AAAA,GACD,CAAA;AACH;AAEO,SAAS,cAAA,CAAe,UAAU,qBAAA,EAA8C;AACrF,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,OAAA,EAAS,KAAA;AAAA,IACT,MAAA,EAAQ,GAAA;AAAA,IACR;AAAA,GACD,CAAA;AACH;AAEO,SAAS,wBAAwB,KAAA,EAAgD;AACtF,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,QAAA,GAAW,KAAA;AACjB,EAAA,OAAO,OAAO,QAAA,CAAS,OAAA,KAAY,SAAA,KAC7B,QAAA,CAAS,MAAA,KAAW,GAAA,IAAO,QAAA,CAAS,MAAA,KAAW,GAAA,IAAO,QAAA,CAAS,MAAA,KAAW,GAAA,CAAA;AAClF;AAEO,SAAS,gCAAgC,KAAA,EAAwD;AACtG,EAAA,OAAO,CAAC,CAAC,KAAA,IACJ,OAAO,UAAU,QAAA,IAChB,KAAA,CAA+D,2BAA2B,CAAA,KAAM,IAAA;AACxG;AAEO,SAAS,iCAAiC,KAAA,EAAyD;AACxG,EAAA,OAAO,CAAC,CAAC,KAAA,IACJ,OAAO,UAAU,QAAA,IAChB,KAAA,CAAgE,4BAA4B,CAAA,KAAM,IAAA;AAC1G;AAEO,SAAS,8BAAA,CACd,OAAA,EACA,eAAA,GAAkB,gDAAA,EACK;AACvB,EAAA,IAAI,OAAO,YAAY,SAAA,EAAW;AAChC,IAAA,OAAO,OAAA,GAAU,KAAA,EAAM,GAAI,IAAA,CAAK,eAAe,CAAA;AAAA,EACjD;AAEA,EAAA,IAAI,uBAAA,CAAwB,OAAO,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,OAAO,KAAK,eAAe,CAAA;AAC7B","file":"chunk-D3VQVCPX.mjs","sourcesContent":["const AUTHORIZATION_POLICY_MARKER = Symbol.for('holo-js.authorization.policy')\nconst AUTHORIZATION_ABILITY_MARKER = Symbol.for('holo-js.authorization.ability')\ndeclare const AUTHORIZATION_POLICY_REGISTRY_MARKER: unique symbol\ndeclare const AUTHORIZATION_ABILITY_REGISTRY_MARKER: unique symbol\ndeclare const AUTHORIZATION_GUARD_REGISTRY_MARKER: unique symbol\n\nexport type AuthorizationDecisionStatus = 200 | 403 | 404\n\nexport interface AuthorizationDecision {\n readonly allowed: boolean\n readonly status: AuthorizationDecisionStatus\n readonly message?: string\n readonly code?: string\n}\n\nexport interface AuthorizationActorContext<TActor = object> {\n readonly user: TActor | null\n readonly authenticated: boolean\n}\n\nexport interface AuthorizationGuardActorContext<TActor = object, TGuardName extends string = string> extends AuthorizationActorContext<TActor> {\n readonly guard: TGuardName\n}\n\nexport interface AuthorizationAuthorizationContext<\n TActor = object,\n TGuardName extends string = string,\n> extends AuthorizationActorContext<TActor> {\n readonly guard?: TGuardName\n}\n\nexport type AuthorizationDecisionInput = AuthorizationDecision | boolean\n\nexport interface AuthorizationTargetConstructor<TInstance = object> {\n readonly prototype: TInstance\n}\n\nexport interface AuthorizationTargetModelDefinition {\n readonly name: string\n readonly table?: {\n readonly tableName?: string\n }\n}\n\nexport interface AuthorizationTargetModel<TInstance extends object = object> {\n readonly definition: AuthorizationTargetModelDefinition\n query(): {\n first(): Promise<TInstance | undefined>\n firstOrFail(): Promise<TInstance>\n }\n}\n\nexport type AuthorizationPolicyTarget<TInstance extends object = object>\n = | AuthorizationTargetConstructor<TInstance>\n | AuthorizationTargetModel<TInstance>\n\ntype AuthorizationQueryTargetInstance<TTarget> = TTarget extends {\n query(): {\n first(): Promise<infer TResult>\n }\n}\n ? NonNullable<TResult> extends object\n ? NonNullable<TResult>\n : object\n : object\n\nexport type AuthorizationTargetInstance<TTarget extends AuthorizationPolicyTarget> = TTarget extends AuthorizationTargetConstructor<infer TInstance>\n ? TInstance\n : TTarget extends AuthorizationTargetModel<infer TInstance>\n ? unknown extends TInstance\n ? AuthorizationQueryTargetInstance<TTarget>\n : TInstance\n : object\n\nexport interface AuthorizationPolicyClassHandler<\n TActor = object,\n TTarget extends AuthorizationPolicyTarget = AuthorizationPolicyTarget,\n> {\n (\n context: AuthorizationAuthorizationContext<TActor>,\n target: TTarget,\n ): AuthorizationDecisionInput | Promise<AuthorizationDecisionInput>\n}\n\nexport interface AuthorizationPolicyRecordHandler<\n TActor = object,\n TTarget extends AuthorizationPolicyTarget = AuthorizationPolicyTarget,\n> {\n (\n context: AuthorizationAuthorizationContext<TActor>,\n target: AuthorizationTargetInstance<TTarget>,\n ): AuthorizationDecisionInput | Promise<AuthorizationDecisionInput>\n}\n\nexport interface AuthorizationPolicyBeforeHandler<\n TActor = object,\n TTarget extends AuthorizationPolicyTarget = AuthorizationPolicyTarget,\n> {\n (\n context: AuthorizationAuthorizationContext<TActor>,\n target: TTarget | AuthorizationTargetInstance<TTarget>,\n ): AuthorizationDecisionInput | void | Promise<AuthorizationDecisionInput | void>\n}\n\nexport interface AuthorizationPolicyDefinition<\n TName extends string = string,\n TTarget extends AuthorizationPolicyTarget = AuthorizationPolicyTarget,\n TClassActions extends string = string,\n TRecordActions extends string = string,\n TActor = object,\n> {\n readonly [AUTHORIZATION_POLICY_MARKER]: true\n readonly name: TName\n readonly target: TTarget\n readonly before?: AuthorizationPolicyBeforeHandler<TActor, TTarget>\n readonly class?: Readonly<Record<TClassActions, AuthorizationPolicyClassHandler<TActor, TTarget>>>\n readonly record?: Readonly<Record<TRecordActions, AuthorizationPolicyRecordHandler<TActor, TTarget>>>\n}\n\nexport interface AuthorizationAbilityDefinition<\n TName extends string = string,\n TInput extends object = object,\n TActor = object,\n> {\n readonly [AUTHORIZATION_ABILITY_MARKER]: true\n readonly name: TName\n readonly handle: AuthorizationAbilityHandler<TActor, TInput>\n}\n\nexport interface AuthorizationAbilityHandler<TActor = object, TInput extends object = object> {\n (\n context: AuthorizationAuthorizationContext<TActor>,\n input: TInput,\n ): AuthorizationDecisionInput | Promise<AuthorizationDecisionInput>\n}\n\nexport interface AuthorizationPolicyRegistryEntry<\n TTarget extends AuthorizationPolicyTarget = AuthorizationPolicyTarget,\n TClassActions extends string = string,\n TRecordActions extends string = string,\n TActor = object,\n> {\n readonly actor?: TActor\n readonly target: TTarget\n readonly classActions: Readonly<Record<TClassActions, AuthorizationPolicyClassHandler<TActor, TTarget>>>\n readonly recordActions: Readonly<Record<TRecordActions, AuthorizationPolicyRecordHandler<TActor, TTarget>>>\n readonly before?: AuthorizationPolicyBeforeHandler<TActor, TTarget>\n}\n\nexport interface AuthorizationPolicyRegistry {\n readonly [AUTHORIZATION_POLICY_REGISTRY_MARKER]?: true\n}\n\nexport interface AuthorizationAbilityRegistryEntry<TInput extends object = object, TActor = object> {\n readonly actor?: TActor\n readonly input: TInput\n readonly handler?: AuthorizationAbilityHandler<TActor, TInput>\n}\n\nexport interface AuthorizationAbilityRegistry {\n readonly [AUTHORIZATION_ABILITY_REGISTRY_MARKER]?: true\n}\n\nexport interface AuthorizationGuardRegistry {\n readonly [AUTHORIZATION_GUARD_REGISTRY_MARKER]?: true\n}\n\ntype FallbackRegistryName<TName extends string> = [TName] extends [never] ? string : TName\ntype FallbackRegistryAction<TAction extends string> = [TAction] extends [never] ? string : TAction\ntype FallbackRegistryInput<TInput extends object> = [TInput] extends [never] ? object : TInput\ntype FallbackRegistryActor<TActor> = [TActor] extends [never] ? object : TActor\n\nexport type HoloPolicyName = FallbackRegistryName<Extract<keyof AuthorizationPolicyRegistry, string>>\nexport type HoloAbilityName = FallbackRegistryName<Extract<keyof AuthorizationAbilityRegistry, string>>\nexport type HoloAuthorizationGuardName = FallbackRegistryName<Extract<keyof AuthorizationGuardRegistry, string>>\n\ntype RegisteredAuthorizationPolicyName = Extract<keyof AuthorizationPolicyRegistry, string>\ntype RegisteredAuthorizationAbilityName = Extract<keyof AuthorizationAbilityRegistry, string>\n\ntype RegisteredAuthorizationPolicyEntry<TPolicyName extends string> = AuthorizationPolicyRegistry[\n Extract<TPolicyName, RegisteredAuthorizationPolicyName>\n]\ntype RegisteredAuthorizationAbilityEntry<TAbilityName extends string> = AuthorizationAbilityRegistry[\n Extract<TAbilityName, RegisteredAuthorizationAbilityName>\n]\n\nexport type PolicyActorForName<TPolicyName extends string> = RegisteredAuthorizationPolicyEntry<TPolicyName> extends {\n actor?: infer TActor\n}\n ? FallbackRegistryActor<TActor>\n : object\n\nexport type AbilityActorForName<TAbilityName extends string> = RegisteredAuthorizationAbilityEntry<TAbilityName> extends {\n actor?: infer TActor\n}\n ? FallbackRegistryActor<TActor>\n : object\n\ntype RegisteredPolicyClassActionFor<TTarget> = {\n [TName in RegisteredAuthorizationPolicyName]: RegisteredAuthorizationPolicyEntry<TName> extends {\n target: infer TRegisteredTarget extends AuthorizationPolicyTarget\n classActions: infer TClassActions extends Record<string, unknown>\n recordActions: infer _TRecordActions extends Record<string, unknown>\n }\n ? TTarget extends AuthorizationPolicyTarget\n ? TTarget extends TRegisteredTarget\n ? FallbackRegistryAction<Extract<keyof TClassActions, string>>\n : never\n : never\n : never\n}[RegisteredAuthorizationPolicyName]\n\ntype RegisteredPolicyRecordActionFor<TTarget> = {\n [TName in RegisteredAuthorizationPolicyName]: RegisteredAuthorizationPolicyEntry<TName> extends {\n target: infer TRegisteredTarget extends AuthorizationPolicyTarget\n classActions: infer _TClassActions extends Record<string, unknown>\n recordActions: infer TRecordActions extends Record<string, unknown>\n }\n ? TTarget extends AuthorizationPolicyTarget\n ? never\n : TTarget extends AuthorizationTargetInstance<TRegisteredTarget>\n ? FallbackRegistryAction<Extract<keyof TRecordActions, string>>\n : never\n : never\n}[RegisteredAuthorizationPolicyName]\n\nexport type PolicyClassActionFor<TTarget> = FallbackRegistryAction<RegisteredPolicyClassActionFor<TTarget>>\n\nexport type PolicyRecordActionFor<TTarget> = FallbackRegistryAction<RegisteredPolicyRecordActionFor<TTarget>>\n\nexport type PolicyActionFor<TTarget> = TTarget extends AuthorizationPolicyTarget\n ? PolicyClassActionFor<TTarget>\n : PolicyRecordActionFor<TTarget>\n\nexport type PolicyActionForPolicy<\n TPolicyName extends HoloPolicyName,\n TTarget,\n> = RegisteredAuthorizationPolicyEntry<TPolicyName> extends {\n target: infer _TRegisteredTarget extends AuthorizationPolicyTarget\n classActions: infer TClassActions extends Record<string, unknown>\n recordActions: infer TRecordActions extends Record<string, unknown>\n}\n ? TTarget extends AuthorizationPolicyTarget\n ? FallbackRegistryAction<Extract<keyof TClassActions, string>>\n : FallbackRegistryAction<Extract<keyof TRecordActions, string>>\n : string\n\nexport type PolicyTargetForPolicy<TPolicyName extends HoloPolicyName> = RegisteredAuthorizationPolicyEntry<TPolicyName> extends {\n target: infer TTarget extends AuthorizationPolicyTarget\n}\n ? TTarget\n : AuthorizationPolicyTarget\n\nexport type PolicyClassActionForPolicy<TPolicyName extends HoloPolicyName> = RegisteredAuthorizationPolicyEntry<TPolicyName> extends {\n classActions: infer TClassActions extends Record<string, unknown>\n}\n ? FallbackRegistryAction<Extract<keyof TClassActions, string>>\n : string\n\nexport type PolicyRecordActionForPolicy<TPolicyName extends HoloPolicyName> = RegisteredAuthorizationPolicyEntry<TPolicyName> extends {\n recordActions: infer TRecordActions extends Record<string, unknown>\n}\n ? FallbackRegistryAction<Extract<keyof TRecordActions, string>>\n : string\n\nexport type PolicyInstanceForPolicy<TPolicyName extends HoloPolicyName> = AuthorizationTargetInstance<PolicyTargetForPolicy<TPolicyName>>\n\nexport type AbilityInput<TAbilityName extends HoloAbilityName> = RegisteredAuthorizationAbilityEntry<TAbilityName> extends AuthorizationAbilityRegistryEntry<\n infer TInput,\n object\n>\n ? FallbackRegistryInput<TInput>\n : object\n\nexport interface AuthorizationPolicyBuilder<TPolicyName extends HoloPolicyName> {\n authorize(action: PolicyClassActionForPolicy<TPolicyName>, target: PolicyTargetForPolicy<TPolicyName>): Promise<void>\n authorize(action: PolicyRecordActionForPolicy<TPolicyName>, target: PolicyInstanceForPolicy<TPolicyName>): Promise<void>\n can(action: PolicyClassActionForPolicy<TPolicyName>, target: PolicyTargetForPolicy<TPolicyName>): Promise<boolean>\n can(action: PolicyRecordActionForPolicy<TPolicyName>, target: PolicyInstanceForPolicy<TPolicyName>): Promise<boolean>\n cannot(action: PolicyClassActionForPolicy<TPolicyName>, target: PolicyTargetForPolicy<TPolicyName>): Promise<boolean>\n cannot(action: PolicyRecordActionForPolicy<TPolicyName>, target: PolicyInstanceForPolicy<TPolicyName>): Promise<boolean>\n inspect(action: PolicyClassActionForPolicy<TPolicyName>, target: PolicyTargetForPolicy<TPolicyName>): Promise<AuthorizationDecision>\n inspect(action: PolicyRecordActionForPolicy<TPolicyName>, target: PolicyInstanceForPolicy<TPolicyName>): Promise<AuthorizationDecision>\n}\n\nexport interface AuthorizationAbilityBuilder<TAbilityName extends HoloAbilityName> {\n authorize(input: AbilityInput<TAbilityName>): Promise<void>\n can(input: AbilityInput<TAbilityName>): Promise<boolean>\n cannot(input: AbilityInput<TAbilityName>): Promise<boolean>\n inspect(input: AbilityInput<TAbilityName>): Promise<AuthorizationDecision>\n}\n\nexport interface AuthorizationActorBuilder {\n authorize<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<void>\n authorize<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<void>\n can<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n can<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n cannot<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n cannot<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n inspect<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<AuthorizationDecision>\n inspect<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<AuthorizationDecision>\n policy<TPolicyName extends HoloPolicyName>(name: TPolicyName): AuthorizationPolicyBuilder<TPolicyName>\n ability<TAbilityName extends HoloAbilityName>(name: TAbilityName): AuthorizationAbilityBuilder<TAbilityName>\n}\n\nexport interface AuthorizationFacade {\n forUser<TActor extends object>(actor: TActor | null): AuthorizationActorBuilder\n guard<TGuardName extends HoloAuthorizationGuardName>(name: TGuardName): AuthorizationActorBuilder\n authorize<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<void>\n authorize<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<void>\n can<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n can<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n cannot<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n cannot<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n inspect<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<AuthorizationDecision>\n inspect<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<AuthorizationDecision>\n}\n\nexport class AuthorizationError extends Error {\n readonly decision: AuthorizationDecision\n\n constructor(message: string, decision: AuthorizationDecision) {\n super(message)\n this.name = 'AuthorizationError'\n this.decision = decision\n }\n}\n\nexport class AuthorizationPolicyNotFoundError extends Error {\n constructor(message = '[@holo-js/authorization] Policy definition was not found.') {\n super(message)\n this.name = 'AuthorizationPolicyNotFoundError'\n }\n}\n\nexport class AuthorizationAbilityNotFoundError extends Error {\n constructor(message = '[@holo-js/authorization] Ability definition was not found.') {\n super(message)\n this.name = 'AuthorizationAbilityNotFoundError'\n }\n}\n\nexport class AuthorizationAuthIntegrationMissingError extends Error {\n constructor(message = '[@holo-js/authorization] Auth integration is not configured yet.') {\n super(message)\n this.name = 'AuthorizationAuthIntegrationMissingError'\n }\n}\n\nexport class AuthorizationGuardNotFoundError extends Error {\n constructor(message = '[@holo-js/authorization] Guard was not found.') {\n super(message)\n this.name = 'AuthorizationGuardNotFoundError'\n }\n}\n\nexport function allow(message?: string): AuthorizationDecision {\n return Object.freeze({\n allowed: true,\n status: 200 as const,\n ...(message ? { message } : {}),\n })\n}\n\nexport function deny(message = 'You are not authorized to perform this action.'): AuthorizationDecision {\n return Object.freeze({\n allowed: false,\n status: 403 as const,\n message,\n })\n}\n\nexport function denyAsNotFound(message = 'Resource not found.'): AuthorizationDecision {\n return Object.freeze({\n allowed: false,\n status: 404 as const,\n message,\n })\n}\n\nexport function isAuthorizationDecision(value: unknown): value is AuthorizationDecision {\n if (!value || typeof value !== 'object') {\n return false\n }\n\n const decision = value as Partial<AuthorizationDecision>\n return typeof decision.allowed === 'boolean'\n && (decision.status === 200 || decision.status === 403 || decision.status === 404)\n}\n\nexport function isAuthorizationPolicyDefinition(value: unknown): value is AuthorizationPolicyDefinition {\n return !!value\n && typeof value === 'object'\n && (value as { readonly [AUTHORIZATION_POLICY_MARKER]?: unknown })[AUTHORIZATION_POLICY_MARKER] === true\n}\n\nexport function isAuthorizationAbilityDefinition(value: unknown): value is AuthorizationAbilityDefinition {\n return !!value\n && typeof value === 'object'\n && (value as { readonly [AUTHORIZATION_ABILITY_MARKER]?: unknown })[AUTHORIZATION_ABILITY_MARKER] === true\n}\n\nexport function normalizeAuthorizationDecision(\n outcome: AuthorizationDecisionInput | undefined,\n fallbackMessage = 'You are not authorized to perform this action.',\n): AuthorizationDecision {\n if (typeof outcome === 'boolean') {\n return outcome ? allow() : deny(fallbackMessage)\n }\n\n if (isAuthorizationDecision(outcome)) {\n return outcome\n }\n\n return deny(fallbackMessage)\n}\n\nexport { AUTHORIZATION_POLICY_MARKER, AUTHORIZATION_ABILITY_MARKER }\n"]}
package/dist/contracts.d.ts CHANGED
@@ -38,7 +38,12 @@ interface AuthorizationTargetModel<TInstance extends object = object> {
38
38
  };
39
39
  }
40
40
  type AuthorizationPolicyTarget<TInstance extends object = object> = AuthorizationTargetConstructor<TInstance> | AuthorizationTargetModel<TInstance>;
41
- type AuthorizationTargetInstance<TTarget extends AuthorizationPolicyTarget> = TTarget extends AuthorizationTargetConstructor<infer TInstance> ? TInstance : TTarget extends AuthorizationTargetModel<infer TInstance> ? TInstance : object;
41
+ type AuthorizationQueryTargetInstance<TTarget> = TTarget extends {
42
+ query(): {
43
+ first(): Promise<infer TResult>;
44
+ };
45
+ } ? NonNullable<TResult> extends object ? NonNullable<TResult> : object : object;
46
+ type AuthorizationTargetInstance<TTarget extends AuthorizationPolicyTarget> = TTarget extends AuthorizationTargetConstructor<infer TInstance> ? TInstance : TTarget extends AuthorizationTargetModel<infer TInstance> ? unknown extends TInstance ? AuthorizationQueryTargetInstance<TTarget> : TInstance : object;
42
47
  interface AuthorizationPolicyClassHandler<TActor = object, TTarget extends AuthorizationPolicyTarget = AuthorizationPolicyTarget> {
43
48
  (context: AuthorizationAuthorizationContext<TActor>, target: TTarget): AuthorizationDecisionInput | Promise<AuthorizationDecisionInput>;
44
49
  }
package/dist/contracts.mjs CHANGED
@@ -1,3 +1,3 @@
1
- export { AUTHORIZATION_ABILITY_MARKER, AUTHORIZATION_POLICY_MARKER, AuthorizationAbilityNotFoundError, AuthorizationAuthIntegrationMissingError, AuthorizationError, AuthorizationGuardNotFoundError, AuthorizationPolicyNotFoundError, allow, deny, denyAsNotFound, isAuthorizationAbilityDefinition, isAuthorizationDecision, isAuthorizationPolicyDefinition, normalizeAuthorizationDecision } from './chunk-WPHPV4WY.mjs';
1
+ export { AUTHORIZATION_ABILITY_MARKER, AUTHORIZATION_POLICY_MARKER, AuthorizationAbilityNotFoundError, AuthorizationAuthIntegrationMissingError, AuthorizationError, AuthorizationGuardNotFoundError, AuthorizationPolicyNotFoundError, allow, deny, denyAsNotFound, isAuthorizationAbilityDefinition, isAuthorizationDecision, isAuthorizationPolicyDefinition, normalizeAuthorizationDecision } from './chunk-D3VQVCPX.mjs';
2
2
  //# sourceMappingURL=contracts.mjs.map
3
3
  //# sourceMappingURL=contracts.mjs.map
package/dist/index.mjs CHANGED
@@ -1,5 +1,5 @@
1
- import { AuthorizationError, deny, AuthorizationGuardNotFoundError, AuthorizationPolicyNotFoundError, AuthorizationAbilityNotFoundError, AuthorizationAuthIntegrationMissingError, AUTHORIZATION_POLICY_MARKER, AUTHORIZATION_ABILITY_MARKER, normalizeAuthorizationDecision } from './chunk-WPHPV4WY.mjs';
2
- export { AuthorizationAbilityNotFoundError, AuthorizationAuthIntegrationMissingError, AuthorizationError, AuthorizationGuardNotFoundError, AuthorizationPolicyNotFoundError, allow, deny, denyAsNotFound, isAuthorizationAbilityDefinition, isAuthorizationDecision, isAuthorizationPolicyDefinition, normalizeAuthorizationDecision } from './chunk-WPHPV4WY.mjs';
1
+ import { AuthorizationError, AuthorizationGuardNotFoundError, AuthorizationPolicyNotFoundError, AuthorizationAbilityNotFoundError, AuthorizationAuthIntegrationMissingError, AUTHORIZATION_POLICY_MARKER, AUTHORIZATION_ABILITY_MARKER, deny, normalizeAuthorizationDecision } from './chunk-D3VQVCPX.mjs';
2
+ export { AuthorizationAbilityNotFoundError, AuthorizationAuthIntegrationMissingError, AuthorizationError, AuthorizationGuardNotFoundError, AuthorizationPolicyNotFoundError, allow, deny, denyAsNotFound, isAuthorizationAbilityDefinition, isAuthorizationDecision, isAuthorizationPolicyDefinition, normalizeAuthorizationDecision } from './chunk-D3VQVCPX.mjs';
3
3
 
4
4
  // src/runtime.ts
5
5
  var HOLO_MODEL_REFERENCE_REGISTRY = /* @__PURE__ */ Symbol.for("holo-js.db.model-reference-registry");
@@ -313,67 +313,40 @@ async function evaluateBeforeHook(before, context, target) {
313
313
  }
314
314
  return normalizeAuthorizationDecision(outcome);
315
315
  }
316
- async function evaluatePolicyByTarget(actor, action, target, guard2) {
317
- const policy = getPolicyByTarget(target);
316
+ async function evaluateResolvedPolicy(policy, actor, action, target, missingActionTarget, guard2) {
318
317
  const context = typeof guard2 === "string" ? resolveContext(actor, guard2) : resolveContext(actor);
319
- if (typeof target === "function" || isAuthorizationTargetModel(target)) {
320
- const beforeDecision2 = await evaluateBeforeHook(policy.before, context, target);
321
- if (beforeDecision2) {
322
- return beforeDecision2;
323
- }
324
- const handler2 = policy.class?.[action];
325
- if (!handler2) {
326
- throw new AuthorizationError(
327
- `[@holo-js/authorization] Policy action "${action}" is not defined for the selected target.`,
328
- deny()
329
- );
330
- }
331
- return await normalizeResult(handler2(context, target));
332
- }
333
318
  const beforeDecision = await evaluateBeforeHook(policy.before, context, target);
334
319
  if (beforeDecision) {
335
320
  return beforeDecision;
336
321
  }
337
- const handler = policy.record?.[action];
338
- if (!handler) {
339
- throw new AuthorizationError(
340
- `[@holo-js/authorization] Policy action "${action}" is not defined for the selected target.`,
341
- deny()
342
- );
343
- }
344
- return await normalizeResult(handler(context, target));
345
- }
346
- async function evaluatePolicyByName(actor, policyName, action, target, guard2) {
347
- const policy = getPolicyByName(policyName);
348
- assertPolicyMatchesTarget(policy, policyName, target);
349
- const context = typeof guard2 === "string" ? resolveContext(actor, guard2) : resolveContext(actor);
350
322
  if (typeof target === "function" || isAuthorizationTargetModel(target)) {
351
- const beforeDecision2 = await evaluateBeforeHook(policy.before, context, target);
352
- if (beforeDecision2) {
353
- return beforeDecision2;
354
- }
355
323
  const handler2 = policy.class?.[action];
356
324
  if (!handler2) {
357
325
  throw new AuthorizationError(
358
- `[@holo-js/authorization] Policy action "${action}" is not defined for policy "${policyName}".`,
326
+ `[@holo-js/authorization] Policy action "${action}" is not defined for ${missingActionTarget}.`,
359
327
  deny()
360
328
  );
361
329
  }
362
330
  return await normalizeResult(handler2(context, target));
363
331
  }
364
- const beforeDecision = await evaluateBeforeHook(policy.before, context, target);
365
- if (beforeDecision) {
366
- return beforeDecision;
367
- }
368
332
  const handler = policy.record?.[action];
369
333
  if (!handler) {
370
334
  throw new AuthorizationError(
371
- `[@holo-js/authorization] Policy action "${action}" is not defined for policy "${policyName}".`,
335
+ `[@holo-js/authorization] Policy action "${action}" is not defined for ${missingActionTarget}.`,
372
336
  deny()
373
337
  );
374
338
  }
375
339
  return await normalizeResult(handler(context, target));
376
340
  }
341
+ async function evaluatePolicyByTarget(actor, action, target, guard2) {
342
+ const policy = getPolicyByTarget(target);
343
+ return await evaluateResolvedPolicy(policy, actor, action, target, "the selected target", guard2);
344
+ }
345
+ async function evaluatePolicyByName(actor, policyName, action, target, guard2) {
346
+ const policy = getPolicyByName(policyName);
347
+ assertPolicyMatchesTarget(policy, policyName, target);
348
+ return await evaluateResolvedPolicy(policy, actor, action, target, `policy "${policyName}"`, guard2);
349
+ }
377
350
  async function evaluateAbility(actor, abilityName, input, guard2) {
378
351
  const ability = getAbilityByName(abilityName);
379
352
  const context = typeof guard2 === "string" ? resolveContext(actor, guard2) : resolveContext(actor);
package/dist/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/runtime.ts","../src/index.ts"],"names":["guard","beforeDecision","handler"],"mappings":";;;;AA6CA,IAAM,6BAAA,mBAAgC,MAAA,CAAO,GAAA,CAAI,qCAAqC,CAAA;AA6BtF,SAAS,+BAAA,GAA6D;AACpE,EAAA,OAAO;AAAA,IACL,cAAA,sBAAoB,GAAA,EAAI;AAAA,IACxB,sBAAA,sBAA4B,OAAA,EAAQ;AAAA,IACpC,uBAAA,sBAA6B,GAAA,EAAI;AAAA,IACjC,eAAA,sBAAqB,GAAA,EAAI;AAAA,IACzB,eAAA,EAAiB;AAAA,GACnB;AACF;AAEA,SAAS,4BAAA,GAA0D;AACjE,EAAA,MAAM,OAAA,GAAU,UAAA;AAIhB,EAAA,OAAA,CAAQ,iCAAiC,+BAAA,EAAgC;AACzE,EAAA,OAAO,OAAA,CAAQ,4BAAA;AACjB;AAEA,SAAS,8BAAA,GAAuC;AAC9C,EAAA,MAAM,OAAA,GAAU,UAAA;AAIhB,EAAA,OAAA,CAAQ,+BAA+B,+BAAA,EAAgC;AACzE;AAEA,SAAS,sCAAsC,WAAA,EAAkD;AAC/F,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,KAAA,CAAM,kBAAkB,WAAA,IAAe,IAAA;AACzC;AAEA,SAAS,iCAAA,GAA0C;AACjD,EAAA,4BAAA,GAA+B,eAAA,GAAkB,IAAA;AACnD;AAEA,SAAS,+BAAA,GAAgE;AACvE,EAAA,MAAM,WAAA,GAAc,8BAA6B,CAAE,eAAA;AACnD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,yCAAyC,kEAAkE,CAAA;AAAA,EACvH;AAEA,EAAA,OAAO,WAAA;AACT;AAEA,SAAS,oBAA0C,IAAA,EAAoB;AACrE,EAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAC1B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,UAAU,kEAAkE,CAAA;AAAA,EACxF;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,qBAA2C,IAAA,EAAoB;AACtE,EAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAC1B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,UAAU,mEAAmE,CAAA;AAAA,EACzF;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,gBAA2D,MAAA,EAA0B;AAC5F,EAAA,IAAI,OAAO,WAAW,UAAA,EAAY;AAChC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAI,UAAU,yFAAyF,CAAA;AAC/G;AAEA,SAAS,mBAAA,CACP,OACA,KAAA,EACU;AACV,EAAA,IAAI,OAAO,UAAU,WAAA,EAAa;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,SAAS,OAAO,KAAA,KAAU,YAAY,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC/D,IAAA,MAAM,IAAI,SAAA,CAAU,CAAA,yBAAA,EAA4B,KAAK,CAAA,sCAAA,CAAwC,CAAA;AAAA,EAC/F;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,kBAAA,CACP,OACA,KAAA,EACM;AACN,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,CAAC,IAAA,EAAM,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnD,IAAA,IAAI,OAAO,YAAY,UAAA,EAAY;AACjC,MAAA,MAAM,IAAI,SAAA,CAAU,CAAA,yBAAA,EAA4B,KAAK,CAAA,CAAA,EAAI,IAAI,CAAA,oBAAA,CAAsB,CAAA;AAAA,IACrF;AAAA,EACF;AACF;AAEA,SAAS,yBAAyB,UAAA,EAA4G;AAC5I,EAAA,kBAAA,CAAmB,UAAA,CAAW,OAAO,cAAc,CAAA;AACnD,EAAA,kBAAA,CAAmB,UAAA,CAAW,QAAQ,eAAe,CAAA;AACrD,EAAA,IAAI,UAAA,CAAW,MAAA,IAAU,OAAO,UAAA,CAAW,WAAW,UAAA,EAAY;AAChE,IAAA,MAAM,IAAI,UAAU,0EAA0E,CAAA;AAAA,EAChG;AACF;AAEA,SAAS,0BAA0B,UAAA,EAA0E;AAC3G,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,KAAW,UAAA,EAAY;AAC3C,IAAA,MAAM,IAAI,UAAU,8DAA8D,CAAA;AAAA,EACpF;AACF;AAEA,SAAS,yBAA+D,UAAA,EAAsC;AAC5G,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,UAAA,CAAW,IAAI,CAAA,EAAG;AAC7C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,iCAAA,EAAoC,UAAA,CAAW,IAAI,CAAA,wBAAA,CAA0B,CAAA;AAAA,EAC/F;AAEA,EAAA,IAAI,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AACvD,IAAA,MAAM,IAAI,MAAM,0EAA0E,CAAA;AAAA,EAC5F;AAEA,EAAA,MAAM,aAAA,GAAgB,yBAAA,CAA0B,UAAA,CAAW,MAAM,CAAA;AACjE,EAAA,IAAI,aAAA,IAAiB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,aAAa,CAAA,EAAG;AACrE,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,+EAAA,EAAkF,aAAa,CAAA,EAAA,CAAI,CAAA;AAAA,EACrH;AAEA,EAAA,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,UAAA,CAAW,IAAA,EAAM,UAAU,CAAA;AACpD,EAAA,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,UAAA,CAAW,MAAA,EAAQ,UAAU,CAAA;AAC9D,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,aAAA,EAAe,UAAU,CAAA;AAAA,EAC7D;AACA,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,0BAAiE,UAAA,EAAsC;AAC9G,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,KAAA,CAAM,eAAA,CAAgB,GAAA,CAAI,UAAA,CAAW,IAAI,CAAA,EAAG;AAC9C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,kCAAA,EAAqC,UAAA,CAAW,IAAI,CAAA,wBAAA,CAA0B,CAAA;AAAA,EAChG;AAEA,EAAA,KAAA,CAAM,eAAA,CAAgB,GAAA,CAAI,UAAA,CAAW,IAAA,EAAM,UAAU,CAAA;AACrD,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,2BAA2B,IAAA,EAAoB;AACtD,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,MAAM,UAAA,GAAa,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,IAAI,CAAA;AAChD,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,CAAM,cAAA,CAAe,OAAO,IAAI,CAAA;AAChC,EAAA,KAAA,CAAM,sBAAA,CAAuB,MAAA,CAAO,UAAA,CAAW,MAAM,CAAA;AACrD,EAAA,MAAM,aAAA,GAAgB,yBAAA,CAA0B,UAAA,CAAW,MAAM,CAAA;AACjE,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,KAAA,CAAM,uBAAA,CAAwB,OAAO,aAAa,CAAA;AAAA,EACpD;AACF;AAEA,SAAS,4BAA4B,IAAA,EAAoB;AACvD,EAAA,4BAAA,EAA6B,CAAE,eAAA,CAAgB,MAAA,CAAO,IAAI,CAAA;AAC5D;AAEA,SAAS,uBAA6D,UAAA,EAAsC;AAC1G,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,GAAG,UAAA;AAAA,IACH,KAAA,EAAO,UAAA,CAAW,KAAA,GAAQ,MAAA,CAAO,MAAA,CAAO,EAAE,GAAG,UAAA,CAAW,KAAA,EAAO,CAAA,GAAI,UAAA,CAAW,KAAA;AAAA,IAC9E,MAAA,EAAQ,UAAA,CAAW,MAAA,GAAS,MAAA,CAAO,MAAA,CAAO,EAAE,GAAG,UAAA,CAAW,MAAA,EAAQ,CAAA,GAAI,UAAA,CAAW;AAAA,GAClF,CAAA;AACH;AAEA,SAAS,wBAA+D,UAAA,EAAsC;AAC5G,EAAA,OAAO,MAAA,CAAO,OAAO,UAAU,CAAA;AACjC;AAEO,SAAS,YAAA,CASd,IAAA,EACA,MAAA,EACA,UAAA,EAWA;AACA,EAAA,MAAM,cAAA,GAAiB,oBAAoB,IAAI,CAAA;AAC/C,EAAA,MAAM,gBAAA,GAAmB,gBAAgB,MAAM,CAAA;AAC/C,EAAA,MAAM,eAAA,GAAkB,mBAAA,CAAoB,UAAA,CAAW,KAAA,EAAO,cAAc,CAAA;AAC5E,EAAA,MAAM,gBAAA,GAAmB,mBAAA,CAAoB,UAAA,CAAW,MAAA,EAAQ,eAAe,CAAA;AAC/E,EAAA,MAAM,iBAAA,GAAoB;AAAA,IACxB,CAAC,2BAA2B,GAAG,IAAA;AAAA,IAC/B,IAAA,EAAM,cAAA;AAAA,IACN,MAAA,EAAQ,gBAAA;AAAA,IACR,QAAQ,UAAA,CAAW,MAAA;AAAA,IACnB,KAAA,EAAO,eAAA;AAAA,IACP,MAAA,EAAQ;AAAA,GACV;AACA,EAAA,wBAAA,CAAyB,iBAAiB,CAAA;AAE1C,EAAA,MAAM,UAAA,GAAa,wBAAA,CAAyB,sBAAA,CAAuB,iBAAiB,CAAC,CAAA;AAErF,EAAA,OAAO,UAAA;AAOT;AAEO,SAAS,aAAA,CAId,MACA,MAAA,EAC+C;AAC/C,EAAA,MAAM,cAAA,GAAiB,qBAAqB,IAAI,CAAA;AAChD,EAAA,MAAM,iBAAA,GAAoB;AAAA,IACxB,CAAC,4BAA4B,GAAG,IAAA;AAAA,IAChC,IAAA,EAAM,cAAA;AAAA,IACN;AAAA,GACF;AACA,EAAA,yBAAA,CAA0B,iBAAiB,CAAA;AAE3C,EAAA,MAAM,UAAA,GAAa,yBAAA,CAA0B,uBAAA,CAAwB,iBAAiB,CAAC,CAAA;AAEvF,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,gBAAgB,IAAA,EAAgC;AACvD,EAAA,MAAM,MAAA,GAAS,4BAAA,EAA6B,CAAE,cAAA,CAAe,IAAI,IAAI,CAAA;AACrE,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,gCAAA,CAAoB,CAAA,iCAAA,EAAoC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EAC1F;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,iBAAiB,IAAA,EAAiC;AACzD,EAAA,MAAM,OAAA,GAAU,4BAAA,EAA6B,CAAE,eAAA,CAAgB,IAAI,IAAI,CAAA;AACvE,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,iCAAA,CAAkC,CAAA,kCAAA,EAAqC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EACzG;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,kBAAkB,MAAA,EAA8D;AACvF,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,OAAO,MAAA,KAAW,UAAA,IAAc,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtE,IAAA,MAAM,YAAA,GAAe,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,MAAM,CAAA;AAC5D,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO,YAAA;AAAA,IACT;AAEA,IAAA,MAAM,mBAAA,GAAsB,0BAA0B,MAAM,CAAA;AAC5D,IAAA,IAAI,mBAAA,EAAqB;AACvB,MAAA,MAAM,gBAAA,GAAmB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,mBAAmB,CAAA;AAC9E,MAAA,IAAI,gBAAA,EAAkB;AACpB,QAAA,OAAO,gBAAA;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,MAAM,iBAAA,GAAoB,qBAAqB,MAAM,CAAA;AACrD,EAAA,IAAI,iBAAA,EAAmB;AACrB,IAAA,MAAM,iBAAA,GAAoB,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,iBAAiB,CAAA;AAC5E,IAAA,IAAI,iBAAA,EAAmB;AACrB,MAAA,OAAO,iBAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,MAAM,qBAAA,GAAwB,kCAAkC,MAAM,CAAA;AACtE,EAAA,IAAI,qBAAA,EAAuB;AACzB,IAAA,MAAM,gBAAA,GAAmB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,qBAAqB,CAAA;AAChF,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,OAAO,gBAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,iCAAoB,0EAA0E,CAAA;AAC1G;AAEA,SAAS,yBAAA,CACP,MAAA,EACA,UAAA,EACA,MAAA,EACM;AACN,EAAA,MAAM,YAAA,GAAe,kBAAkB,MAAM,CAAA;AAC7C,EAAA,IAAI,iBAAiB,MAAA,EAAQ;AAC3B,IAAA,MAAM,IAAI,gCAAA,CAAoB,CAAA,iCAAA,EAAoC,UAAU,CAAA,wCAAA,CAA0C,CAAA;AAAA,EACxH;AACF;AAEA,SAAS,qBAAqB,MAAA,EAAuD;AACnF,EAAA,MAAM,YAAa,MAAA,CAAwE,WAAA;AAC3F,EAAA,OAAO,gCAAA,CAAiC,SAAS,CAAA,GAC7C,SAAA,GACA,IAAA;AACN;AAEA,SAAS,iCAAiC,KAAA,EAAyD;AACjG,EAAA,OAAO,OAAO,KAAA,KAAU,UAAA,IACnB,WAAA,IAAe,KAAA;AACtB;AAEA,SAAS,2BAA2B,KAAA,EAA2D;AAC7F,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,UAAU,QAAA,IAAY,EAAE,gBAAgB,KAAA,CAAA,EAAQ;AACnE,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAA,GAAY,KAAA;AAQlB,EAAA,MAAM,QAAQ,SAAA,CAAU,KAAA;AACxB,EAAA,IAAI,CAAC,oCAAA,CAAqC,SAAA,CAAU,UAAU,CAAA,IAAK,OAAO,UAAU,UAAA,EAAY;AAC9F,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,SAAA,CAAU,aAAA,KAAkB,UAAA,EAAY;AACjD,IAAA,OAAO,6BAAA,EAA8B,CAAE,GAAA,CAAI,KAAK,CAAA,IAC3C,OAAO,SAAA,CAAU,QAAA,KAAa,UAAA,IAC9B,OAAO,SAAA,CAAU,aAAA,KAAkB,UAAA;AAAA,EAC1C;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,WAAA,GAAc,KAAA,CAAM,IAAA,CAAK,SAAS,CAAA;AACxC,IAAA,OAAO,CAAC,CAAC,WAAA,IACJ,OAAO,WAAA,KAAgB,QAAA,IACvB,OAAQ,WAAA,CAAoC,KAAA,KAAU,UAAA,IACtD,OAAQ,WAAA,CAA0C,WAAA,KAAgB,UAAA;AAAA,EACzE,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEA,SAAS,qCAAqC,KAAA,EAA6D;AACzG,EAAA,OAAO,CAAC,CAAC,KAAA,IACJ,OAAO,KAAA,KAAU,YACjB,MAAA,IAAU,KAAA,IACV,OAAQ,KAAA,CAA6B,IAAA,KAAS,QAAA;AACrD;AAEA,SAAS,6BAAA,GAAiD;AACxD,EAAA,MAAM,cAAA,GAAiB,UAAA;AACvB,EAAA,OAAO,cAAA,CAAe,6BAA6B,CAAA,oBAAK,IAAI,OAAA,EAAgB;AAC9E;AAEA,SAAS,0BAA0B,MAAA,EAAkD;AACnF,EAAA,IAAI,CAAC,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACvC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,kBAAA,CAAmB,OAAO,UAAU,CAAA;AAC7C;AAEA,SAAS,kCAAkC,MAAA,EAA+B;AACxE,EAAA,MAAM,SAAA,GAAY,MAAA;AAMlB,EAAA,IAAI,OAAO,SAAA,CAAU,aAAA,KAAkB,UAAA,EAAY;AACjD,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAa,UAAU,aAAA,EAAc;AAC3C,EAAA,IAAI,CAAC,UAAA,IAAc,OAAO,eAAe,QAAA,IAAY,EAAE,gBAAgB,UAAA,CAAA,EAAa;AAClF,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,aAAc,UAAA,CAAwC,UAAA;AAC5D,EAAA,OAAO,oCAAA,CAAqC,UAAU,CAAA,GAClD,kBAAA,CAAmB,UAAU,CAAA,GAC7B,IAAA;AACN;AAEA,SAAS,mBAAmB,UAAA,EAAwD;AAClF,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,KAAA,EAAO,SAAA,EAAW,IAAA,EAAK;AACpD,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,IAAA,CAAK,IAAA,EAAK;AACvC,EAAA,OAAO,SAAA,GACH,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA,GACzB,SAAA;AACN;AAOA,SAAS,cAAA,CACP,OACAA,MAAAA,EACwF;AACxF,EAAA,MAAM,WAAA,GAAc;AAAA,IAClB,IAAA,EAAM,KAAA;AAAA,IACN,eAAe,KAAA,KAAU;AAAA,GAC3B;AAEA,EAAA,IAAI,OAAOA,WAAU,QAAA,EAAU;AAC7B,IAAA,OAAO,OAAO,MAAA,CAAO;AAAA,MACnB,GAAG,WAAA;AAAA,MACH,KAAA,EAAAA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,MAAA,CAAO,OAAO,WAAW,CAAA;AAClC;AAEA,SAAS,yBAAyB,QAAA,EAAwC;AACxE,EAAA,MAAM,WAAA,GAAc,4BAAA,EAA6B,CAAE,eAAA,EAAiB,cAAc,QAAQ,CAAA;AAC1F,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,WAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAI,kBAAA;AAAA,IACT,SAAS,OAAA,IAAW,gDAAA;AAAA,IACpB;AAAA,GACF;AACF;AAEA,SAAS,gBAAgB,OAAA,EAA2G;AAClI,EAAA,OAAO,OAAA,CAAQ,QAAQ,OAAO,CAAA,CAAE,KAAK,CAAA,MAAA,KAAU,8BAAA,CAA+B,MAAM,CAAC,CAAA;AACvF;AAEA,eAAe,kBAAA,CACb,MAAA,EACA,OAAA,EACA,MAAA,EAC4C;AAC5C,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,OAAA,EAAS,MAA4C,CAAA;AAClF,EAAA,IAAI,OAAO,YAAY,WAAA,EAAa;AAClC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,+BAA+B,OAAO,CAAA;AAC/C;AAEA,eAAe,sBAAA,CACb,KAAA,EACA,MAAA,EACA,MAAA,EACAA,MAAAA,EACgC;AAChC,EAAA,MAAM,MAAA,GAAS,kBAAkB,MAAM,CAAA;AACvC,EAAA,MAAM,OAAA,GAAU,OAAOA,MAAAA,KAAU,QAAA,GAC7B,eAAe,KAAA,EAAOA,MAAK,CAAA,GAC3B,cAAA,CAAe,KAAK,CAAA;AACxB,EAAA,IAAI,OAAO,MAAA,KAAW,UAAA,IAAc,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtE,IAAA,MAAMC,kBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,IAAA,IAAIA,eAAAA,EAAgB;AAClB,MAAA,OAAOA,eAAAA;AAAA,IACT;AAEA,IAAA,MAAMC,QAAAA,GAAU,MAAA,CAAO,KAAA,GAAQ,MAAM,CAAA;AACrC,IAAA,IAAI,CAACA,QAAAA,EAAS;AACZ,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,2CAA2C,MAAM,CAAA,yCAAA,CAAA;AAAA,QACjD,IAAA;AAAK,OACP;AAAA,IACF;AAEA,IAAA,OAAO,MAAM,eAAA,CAAgBA,QAAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,iBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,MAAA,GAAS,MAAM,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,2CAA2C,MAAM,CAAA,yCAAA,CAAA;AAAA,MACjD,IAAA;AAAK,KACP;AAAA,EACF;AAEA,EAAA,OAAO,MAAM,eAAA,CAAgB,OAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AACvD;AAEA,eAAe,oBAAA,CACb,KAAA,EACA,UAAA,EACA,MAAA,EACA,QACAF,MAAAA,EACgC;AAChC,EAAA,MAAM,MAAA,GAAS,gBAAgB,UAAU,CAAA;AACzC,EAAA,yBAAA,CAA0B,MAAA,EAAQ,YAAY,MAAM,CAAA;AAEpD,EAAA,MAAM,OAAA,GAAU,OAAOA,MAAAA,KAAU,QAAA,GAC7B,eAAe,KAAA,EAAOA,MAAK,CAAA,GAC3B,cAAA,CAAe,KAAK,CAAA;AACxB,EAAA,IAAI,OAAO,MAAA,KAAW,UAAA,IAAc,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtE,IAAA,MAAMC,kBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,IAAA,IAAIA,eAAAA,EAAgB;AAClB,MAAA,OAAOA,eAAAA;AAAA,IACT;AAEA,IAAA,MAAMC,QAAAA,GAAU,MAAA,CAAO,KAAA,GAAQ,MAAM,CAAA;AACrC,IAAA,IAAI,CAACA,QAAAA,EAAS;AACZ,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,CAAA,wCAAA,EAA2C,MAAM,CAAA,6BAAA,EAAgC,UAAU,CAAA,EAAA,CAAA;AAAA,QAC3F,IAAA;AAAK,OACP;AAAA,IACF;AAEA,IAAA,OAAO,MAAM,eAAA,CAAgBA,QAAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,iBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,MAAA,GAAS,MAAM,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,CAAA,wCAAA,EAA2C,MAAM,CAAA,6BAAA,EAAgC,UAAU,CAAA,EAAA,CAAA;AAAA,MAC3F,IAAA;AAAK,KACP;AAAA,EACF;AAEA,EAAA,OAAO,MAAM,eAAA,CAAgB,OAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AACvD;AAEA,eAAe,eAAA,CACb,KAAA,EACA,WAAA,EACA,KAAA,EACAF,MAAAA,EACgC;AAChC,EAAA,MAAM,OAAA,GAAU,iBAAiB,WAAW,CAAA;AAC5C,EAAA,MAAM,OAAA,GAAU,OAAOA,MAAAA,KAAU,QAAA,GAC7B,eAAe,KAAA,EAAOA,MAAK,CAAA,GAC3B,cAAA,CAAe,KAAK,CAAA;AACxB,EAAA,OAAO,MAAM,eAAA,CAAgB,OAAA,CAAQ,MAAA,CAAO,OAAA,EAAS,KAAK,CAAC,CAAA;AAC7D;AAEA,SAAS,mBAAA,CACP,YAAA,EACA,UAAA,EACAA,MAAAA,EACyC;AACzC,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,SAAA,CAAmB,MAAA,EAAqD,MAAA,EAAgC;AAC5G,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,GAAA,CAAa,MAAA,EAAqD,MAAA,EAAmC;AACzG,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,MAAA,CAAgB,MAAA,EAAqD,MAAA,EAAmC;AAC5G,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,OAAA,CAAiB,MAAA,EAAqD,MAAA,EAAiD;AAC3H,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,GAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAAA,IAClI;AAAA,GACD,CAAA;AACH;AAEA,SAAS,oBAAA,CACP,YAAA,EACA,WAAA,EACAA,MAAAA,EAC2C;AAC3C,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,UAAU,KAAA,EAAkD;AAChE,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,IAAI,KAAA,EAAqD;AAC7D,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,OAAO,KAAA,EAAqD;AAChE,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,QAAQ,KAAA,EAAmE;AAC/E,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAAA,IACvE;AAAA,GACD,CAAA;AACH;AAEA,SAAS,wBAAA,CACP,cACAA,MAAAA,EAC2B;AAC3B,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,SAAA,CAA8D,MAAA,EAAkC,MAAA,EAAgC;AACpI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,GAAA,CAAwD,MAAA,EAAkC,MAAA,EAAmC;AACjI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,MAAA,CAA2D,MAAA,EAAkC,MAAA,EAAmC;AACpI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,OAAA,CAA4D,MAAA,EAAkC,MAAA,EAAiD;AACnJ,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AAAA,IAChH,CAAA;AAAA,IACA,OAA2C,IAAA,EAAmB;AAC5D,MAAA,OAAO,mBAAA,CAAoB,YAAA,EAAc,IAAA,EAAMA,MAAK,CAAA;AAAA,IACtD,CAAA;AAAA,IACA,QAA8C,IAAA,EAAoB;AAChE,MAAA,OAAO,oBAAA,CAAqB,YAAA,EAAc,IAAA,EAAMA,MAAK,CAAA;AAAA,IACvD;AAAA,GACD,CAAA;AACH;AAEO,SAAS,QAA+B,KAAA,EAAiD;AAC9F,EAAA,OAAO,wBAAA,CAAyB,MAAM,OAAA,CAAQ,OAAA,CAAQ,KAAK,CAAC,CAAA;AAC9D;AAEA,SAAS,2BAAA,GAGP;AACA,EAAA,MAAM,cAAc,+BAAA,EAAgC;AACpD,EAAA,OAAO;AAAA,IACL,cAAc,MAAM,OAAA,CAAQ,OAAA,CAAQ,WAAA,CAAY,qBAAqB,CAAA;AAAA,IACrE,KAAA,EAAO;AAAA,GACT;AACF;AAEA,SAAS,iCAAiC,IAAA,EAGxC;AACA,EAAA,MAAM,cAAc,+BAAA,EAAgC;AACpD,EAAA,IAAI,CAAC,WAAA,CAAY,QAAA,CAAS,IAAI,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,+BAAA,CAAgC,CAAA,gCAAA,EAAmC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EACrG;AAEA,EAAA,OAAO;AAAA,IACL,cAAc,MAAM,OAAA,CAAQ,QAAQ,WAAA,CAAY,iBAAA,CAAkB,IAAI,CAAC,CAAA;AAAA,IACvE,KAAA,EAAO;AAAA,GACT;AACF;AAEA,eAAsB,SAAA,CACpB,QACA,MAAA,EACe;AACf,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,IAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,EACzC;AACF;AAEA,eAAsB,GAAA,CACpB,QACA,MAAA,EACkB;AAClB,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,OAAO,QAAA,CAAS,OAAA;AAClB;AAEA,eAAsB,MAAA,CACpB,QACA,MAAA,EACkB;AAClB,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AACnB;AAEA,eAAsB,OAAA,CACpB,QACA,MAAA,EACgC;AAChC,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,OAAO,MAAM,sBAAA,CAAuB,KAAA,EAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACzG;AAEO,SAAS,MAAqD,IAAA,EAA6C;AAChH,EAAA,MAAM,EAAE,cAAc,KAAA,EAAO,aAAA,KAAkB,gCAAA,CAAiC,MAAA,CAAO,IAAI,CAAC,CAAA;AAC5F,EAAA,OAAO,wBAAA,CAAyB,cAAc,aAAa,CAAA;AAC7D;AAEO,IAAM,sBAAA,GAAyB,OAAO,MAAA,CAAO;AAAA,EAClD,4BAAA;AAAA,EACA,8BAAA;AAAA,EACA,qCAAA;AAAA,EACA,iCAAA;AAAA,EACA,+BAAA;AAAA,EACA,eAAA;AAAA,EACA,gBAAA;AAAA,EACA,iBAAA;AAAA,EACA,sBAAA;AAAA,EACA,oBAAA;AAAA,EACA,eAAA;AAAA,EACA,wBAAA;AAAA,EACA,yBAAA;AAAA,EACA,0BAAA;AAAA,EACA;AACF,CAAC;;;AC9vBD,IAAM,aAAA,GAAqC,OAAO,MAAA,CAAO;AAAA,EACvD,OAAA;AAAA,EACA,KAAA;AAAA,EACA,SAAA;AAAA,EACA,GAAA;AAAA,EACA,MAAA;AAAA,EACA;AACF,CAAC,CAAA;AAED,IAAO,WAAA,GAAQ","file":"index.mjs","sourcesContent":["import type {\n AuthorizationAbilityDefinition,\n AuthorizationAbilityBuilder,\n AuthorizationAbilityHandler,\n AuthorizationActorContext,\n AuthorizationActorBuilder,\n AuthorizationDecision,\n AuthorizationDecisionInput,\n AuthorizationGuardActorContext,\n AuthorizationPolicyClassHandler,\n AuthorizationPolicyBeforeHandler,\n AuthorizationPolicyBuilder,\n AuthorizationPolicyDefinition,\n AuthorizationPolicyRecordHandler,\n AuthorizationPolicyTarget,\n AuthorizationTargetModel,\n AuthorizationTargetModelDefinition,\n AuthorizationTargetConstructor,\n AuthorizationAbilityRegistry,\n AuthorizationPolicyRegistry,\n AbilityInput,\n HoloAbilityName,\n HoloPolicyName,\n HoloAuthorizationGuardName,\n PolicyActionFor,\n PolicyActionForPolicy,\n AbilityActorForName,\n PolicyActorForName,\n} from './contracts'\nimport {\n allow,\n deny,\n denyAsNotFound,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationError as AuthorizationErrorClass,\n AuthorizationPolicyNotFoundError as PolicyNotFoundError,\n AuthorizationGuardNotFoundError,\n AUTHORIZATION_POLICY_MARKER,\n AUTHORIZATION_ABILITY_MARKER,\n normalizeAuthorizationDecision,\n} from './contracts'\n\ntype RegisteredPolicy = AuthorizationPolicyDefinition<string, AuthorizationPolicyTarget, string, string, object>\ntype RegisteredAbility = AuthorizationAbilityDefinition<string, object, object>\nconst HOLO_MODEL_REFERENCE_REGISTRY = Symbol.for('holo-js.db.model-reference-registry')\n\ntype FallbackAuthorizationActor<TActor> = [TActor] extends [never]\n ? object\n : Extract<TActor, object>\n\ntype PolicyActorForDefinition<TName extends string> = [Extract<TName, keyof AuthorizationPolicyRegistry & string>] extends [never]\n ? object\n : FallbackAuthorizationActor<PolicyActorForName<Extract<TName, keyof AuthorizationPolicyRegistry & string>>>\n\ntype AbilityActorForDefinition<TName extends string> = [Extract<TName, keyof AuthorizationAbilityRegistry & string>] extends [never]\n ? object\n : FallbackAuthorizationActor<AbilityActorForName<Extract<TName, keyof AuthorizationAbilityRegistry & string>>>\n\ntype AuthorizationAuthIntegration = {\n hasGuard(guardName: string): boolean\n resolveDefaultActor(): Promise<object | null> | object | null\n resolveGuardActor(guardName: string): Promise<object | null> | object | null\n createError?(decision: AuthorizationDecision): Error\n}\n\ntype AuthorizationRuntimeState = {\n policiesByName: Map<string, RegisteredPolicy>\n policiesByTargetObject: WeakMap<object, RegisteredPolicy>\n policiesByDefinitionKey: Map<string, RegisteredPolicy>\n abilitiesByName: Map<string, RegisteredAbility>\n authIntegration: AuthorizationAuthIntegration | null\n}\n\nfunction createAuthorizationRuntimeState(): AuthorizationRuntimeState {\n return {\n policiesByName: new Map(),\n policiesByTargetObject: new WeakMap(),\n policiesByDefinitionKey: new Map(),\n abilitiesByName: new Map(),\n authIntegration: null,\n }\n}\n\nfunction getAuthorizationRuntimeState(): AuthorizationRuntimeState {\n const runtime = globalThis as typeof globalThis & {\n __holoAuthorizationRuntime__?: AuthorizationRuntimeState\n }\n\n runtime.__holoAuthorizationRuntime__ ??= createAuthorizationRuntimeState()\n return runtime.__holoAuthorizationRuntime__\n}\n\nfunction resetAuthorizationRuntimeState(): void {\n const runtime = globalThis as typeof globalThis & {\n __holoAuthorizationRuntime__?: AuthorizationRuntimeState\n }\n\n runtime.__holoAuthorizationRuntime__ = createAuthorizationRuntimeState()\n}\n\nfunction configureAuthorizationAuthIntegration(integration?: AuthorizationAuthIntegration): void {\n const state = getAuthorizationRuntimeState()\n state.authIntegration = integration ?? null\n}\n\nfunction resetAuthorizationAuthIntegration(): void {\n getAuthorizationRuntimeState().authIntegration = null\n}\n\nfunction getAuthorizationAuthIntegration(): AuthorizationAuthIntegration {\n const integration = getAuthorizationRuntimeState().authIntegration\n if (!integration) {\n throw new AuthorizationAuthIntegrationMissingError('[@holo-js/authorization] Auth integration is not configured yet.')\n }\n\n return integration\n}\n\nfunction normalizePolicyName<TName extends string>(name: TName): TName {\n const trimmed = name.trim()\n if (!trimmed) {\n throw new TypeError('[@holo-js/authorization] Policy name must be a non-empty string.')\n }\n\n return trimmed as TName\n}\n\nfunction normalizeAbilityName<TName extends string>(name: TName): TName {\n const trimmed = name.trim()\n if (!trimmed) {\n throw new TypeError('[@holo-js/authorization] Ability name must be a non-empty string.')\n }\n\n return trimmed as TName\n}\n\nfunction normalizeTarget<TTarget extends AuthorizationPolicyTarget>(target: TTarget): TTarget {\n if (typeof target === 'function') {\n return target\n }\n\n if (isAuthorizationTargetModel(target)) {\n return target\n }\n\n throw new TypeError('[@holo-js/authorization] Policy targets must be class constructors or model references.')\n}\n\nfunction normalizeHandlerMap<THandler extends Record<string, unknown> | undefined>(\n value: THandler,\n label: string,\n): THandler {\n if (typeof value === 'undefined') {\n return value\n }\n\n if (!value || typeof value !== 'object' || Array.isArray(value)) {\n throw new TypeError(`[@holo-js/authorization] ${label} must be a plain object when provided.`)\n }\n\n return value\n}\n\nfunction validateHandlerMap(\n value: Readonly<Record<string, unknown>> | undefined,\n label: string,\n): void {\n if (!value) {\n return\n }\n\n for (const [name, handler] of Object.entries(value)) {\n if (typeof handler !== 'function') {\n throw new TypeError(`[@holo-js/authorization] ${label}.${name} must be a function.`)\n }\n }\n}\n\nfunction validatePolicyDefinition(definition: AuthorizationPolicyDefinition<string, AuthorizationPolicyTarget, string, string, object>): void {\n validateHandlerMap(definition.class, 'policy.class')\n validateHandlerMap(definition.record, 'policy.record')\n if (definition.before && typeof definition.before !== 'function') {\n throw new TypeError('[@holo-js/authorization] policy.before must be a function when provided.')\n }\n}\n\nfunction validateAbilityDefinition(definition: AuthorizationAbilityDefinition<string, object, object>): void {\n if (typeof definition.handle !== 'function') {\n throw new TypeError('[@holo-js/authorization] Ability handler must be a function.')\n }\n}\n\nfunction registerPolicyDefinition<TDefinition extends RegisteredPolicy>(definition: TDefinition): TDefinition {\n const state = getAuthorizationRuntimeState()\n if (state.policiesByName.has(definition.name)) {\n throw new Error(`[@holo-js/authorization] Policy \"${definition.name}\" is already registered.`)\n }\n\n if (state.policiesByTargetObject.get(definition.target)) {\n throw new Error('[@holo-js/authorization] A policy is already registered for this target.')\n }\n\n const definitionKey = getDefinitionKeyForTarget(definition.target)\n if (definitionKey && state.policiesByDefinitionKey.has(definitionKey)) {\n throw new Error(`[@holo-js/authorization] A policy is already registered for target definition \"${definitionKey}\".`)\n }\n\n state.policiesByName.set(definition.name, definition)\n state.policiesByTargetObject.set(definition.target, definition)\n if (definitionKey) {\n state.policiesByDefinitionKey.set(definitionKey, definition)\n }\n return definition\n}\n\nfunction registerAbilityDefinition<TDefinition extends RegisteredAbility>(definition: TDefinition): TDefinition {\n const state = getAuthorizationRuntimeState()\n if (state.abilitiesByName.has(definition.name)) {\n throw new Error(`[@holo-js/authorization] Ability \"${definition.name}\" is already registered.`)\n }\n\n state.abilitiesByName.set(definition.name, definition)\n return definition\n}\n\nfunction unregisterPolicyDefinition(name: string): void {\n const state = getAuthorizationRuntimeState()\n const definition = state.policiesByName.get(name)\n if (!definition) {\n return\n }\n\n state.policiesByName.delete(name)\n state.policiesByTargetObject.delete(definition.target)\n const definitionKey = getDefinitionKeyForTarget(definition.target)\n if (definitionKey) {\n state.policiesByDefinitionKey.delete(definitionKey)\n }\n}\n\nfunction unregisterAbilityDefinition(name: string): void {\n getAuthorizationRuntimeState().abilitiesByName.delete(name)\n}\n\nfunction freezePolicyDefinition<TDefinition extends RegisteredPolicy>(definition: TDefinition): TDefinition {\n return Object.freeze({\n ...definition,\n class: definition.class ? Object.freeze({ ...definition.class }) : definition.class,\n record: definition.record ? Object.freeze({ ...definition.record }) : definition.record,\n }) as TDefinition\n}\n\nfunction freezeAbilityDefinition<TDefinition extends RegisteredAbility>(definition: TDefinition): TDefinition {\n return Object.freeze(definition) as TDefinition\n}\n\nexport function definePolicy<\n TName extends string,\n TTarget extends AuthorizationPolicyTarget,\n TDefinition extends {\n readonly before?: AuthorizationPolicyBeforeHandler<PolicyActorForDefinition<TName>, TTarget>\n readonly class?: Readonly<Record<string, AuthorizationPolicyClassHandler<PolicyActorForDefinition<TName>, TTarget>>>\n readonly record?: Readonly<Record<string, AuthorizationPolicyRecordHandler<PolicyActorForDefinition<TName>, TTarget>>>\n },\n>(\n name: TName,\n target: TTarget,\n definition: TDefinition & {\n readonly before?: AuthorizationPolicyBeforeHandler<PolicyActorForDefinition<TName>, TTarget>\n readonly class?: Readonly<Record<string, AuthorizationPolicyClassHandler<PolicyActorForDefinition<TName>, TTarget>>>\n readonly record?: Readonly<Record<string, AuthorizationPolicyRecordHandler<PolicyActorForDefinition<TName>, TTarget>>>\n },\n): AuthorizationPolicyDefinition<\n TName,\n TTarget,\n Extract<keyof NonNullable<TDefinition['class']>, string>,\n Extract<keyof NonNullable<TDefinition['record']>, string>,\n PolicyActorForDefinition<TName>\n> {\n const normalizedName = normalizePolicyName(name)\n const normalizedTarget = normalizeTarget(target)\n const normalizedClass = normalizeHandlerMap(definition.class, 'policy.class')\n const normalizedRecord = normalizeHandlerMap(definition.record, 'policy.record')\n const runtimeDefinition = {\n [AUTHORIZATION_POLICY_MARKER]: true,\n name: normalizedName,\n target: normalizedTarget,\n before: definition.before,\n class: normalizedClass,\n record: normalizedRecord,\n } as RegisteredPolicy\n validatePolicyDefinition(runtimeDefinition)\n\n const registered = registerPolicyDefinition(freezePolicyDefinition(runtimeDefinition))\n\n return registered as AuthorizationPolicyDefinition<\n TName,\n TTarget,\n Extract<keyof NonNullable<TDefinition['class']>, string>,\n Extract<keyof NonNullable<TDefinition['record']>, string>,\n PolicyActorForDefinition<TName>\n >\n}\n\nexport function defineAbility<\n TName extends string,\n TInput extends object,\n>(\n name: TName,\n handle: AuthorizationAbilityHandler<AbilityActorForDefinition<TName>, TInput>,\n): AuthorizationAbilityDefinition<TName, TInput> {\n const normalizedName = normalizeAbilityName(name)\n const runtimeDefinition = {\n [AUTHORIZATION_ABILITY_MARKER]: true,\n name: normalizedName,\n handle,\n } as unknown as RegisteredAbility\n validateAbilityDefinition(runtimeDefinition)\n\n const registered = registerAbilityDefinition(freezeAbilityDefinition(runtimeDefinition))\n\n return registered as unknown as AuthorizationAbilityDefinition<TName, TInput>\n}\n\nfunction getPolicyByName(name: string): RegisteredPolicy {\n const policy = getAuthorizationRuntimeState().policiesByName.get(name)\n if (!policy) {\n throw new PolicyNotFoundError(`[@holo-js/authorization] Policy \"${name}\" was not found.`)\n }\n\n return policy\n}\n\nfunction getAbilityByName(name: string): RegisteredAbility {\n const ability = getAuthorizationRuntimeState().abilitiesByName.get(name)\n if (!ability) {\n throw new AuthorizationAbilityNotFoundError(`[@holo-js/authorization] Ability \"${name}\" was not found.`)\n }\n\n return ability\n}\n\nfunction getPolicyByTarget(target: AuthorizationPolicyTarget | object): RegisteredPolicy {\n const state = getAuthorizationRuntimeState()\n if (typeof target === 'function' || isAuthorizationTargetModel(target)) {\n const directPolicy = state.policiesByTargetObject.get(target)\n if (directPolicy) {\n return directPolicy\n }\n\n const directDefinitionKey = getDefinitionKeyForTarget(target)\n if (directDefinitionKey) {\n const definitionPolicy = state.policiesByDefinitionKey.get(directDefinitionKey)\n if (definitionPolicy) {\n return definitionPolicy\n }\n }\n }\n\n const targetConstructor = getTargetConstructor(target)\n if (targetConstructor) {\n const constructorPolicy = state.policiesByTargetObject.get(targetConstructor)\n if (constructorPolicy) {\n return constructorPolicy\n }\n }\n\n const instanceDefinitionKey = getDefinitionKeyForTargetInstance(target)\n if (instanceDefinitionKey) {\n const definitionPolicy = state.policiesByDefinitionKey.get(instanceDefinitionKey)\n if (definitionPolicy) {\n return definitionPolicy\n }\n }\n\n throw new PolicyNotFoundError('[@holo-js/authorization] Policy definition was not found for the target.')\n}\n\nfunction assertPolicyMatchesTarget(\n policy: RegisteredPolicy,\n policyName: string,\n target: AuthorizationPolicyTarget | object,\n): void {\n const targetPolicy = getPolicyByTarget(target)\n if (targetPolicy !== policy) {\n throw new PolicyNotFoundError(`[@holo-js/authorization] Policy \"${policyName}\" was not found for the selected target.`)\n }\n}\n\nfunction getTargetConstructor(target: object): AuthorizationTargetConstructor | null {\n const candidate = (target as { constructor?: AuthorizationTargetConstructor | undefined }).constructor\n return isAuthorizationTargetConstructor(candidate)\n ? candidate\n : null\n}\n\nfunction isAuthorizationTargetConstructor(value: unknown): value is AuthorizationTargetConstructor {\n return typeof value === 'function'\n && 'prototype' in value\n}\n\nfunction isAuthorizationTargetModel(value: unknown): value is AuthorizationTargetModel<object> {\n if (!value || typeof value !== 'object' || !('definition' in value)) {\n return false\n }\n\n const candidate = value as {\n definition?: unknown\n getRepository?: unknown\n newModelQuery?: unknown\n newQuery?: unknown\n query?: () => unknown\n }\n\n const query = candidate.query\n if (!isAuthorizationTargetModelDefinition(candidate.definition) || typeof query !== 'function') {\n return false\n }\n\n if (typeof candidate.getRepository === 'function') {\n return getHoloModelReferenceRegistry().has(value)\n && typeof candidate.newQuery === 'function'\n && typeof candidate.newModelQuery === 'function'\n }\n\n try {\n const queryFacade = query.call(candidate)\n return !!queryFacade\n && typeof queryFacade === 'object'\n && typeof (queryFacade as { first?: unknown }).first === 'function'\n && typeof (queryFacade as { firstOrFail?: unknown }).firstOrFail === 'function'\n } catch {\n return false\n }\n}\n\nfunction isAuthorizationTargetModelDefinition(value: unknown): value is AuthorizationTargetModelDefinition {\n return !!value\n && typeof value === 'object'\n && 'name' in value\n && typeof (value as { name?: unknown }).name === 'string'\n}\n\nfunction getHoloModelReferenceRegistry(): WeakSet<object> {\n const registryGlobal = globalThis as typeof globalThis & Record<symbol, WeakSet<object> | undefined>\n return registryGlobal[HOLO_MODEL_REFERENCE_REGISTRY] ?? new WeakSet<object>()\n}\n\nfunction getDefinitionKeyForTarget(target: AuthorizationPolicyTarget): string | null {\n if (!isAuthorizationTargetModel(target)) {\n return null\n }\n\n return buildDefinitionKey(target.definition)\n}\n\nfunction getDefinitionKeyForTargetInstance(target: object): string | null {\n const candidate = target as {\n getRepository?: (() => {\n definition?: unknown\n }) | undefined\n }\n\n if (typeof candidate.getRepository !== 'function') {\n return null\n }\n\n const repository = candidate.getRepository()\n if (!repository || typeof repository !== 'object' || !('definition' in repository)) {\n return null\n }\n\n const definition = (repository as { definition?: unknown }).definition\n return isAuthorizationTargetModelDefinition(definition)\n ? buildDefinitionKey(definition)\n : null\n}\n\nfunction buildDefinitionKey(definition: AuthorizationTargetModelDefinition): string {\n const tableName = definition.table?.tableName?.trim()\n const modelName = definition.name.trim()\n return tableName\n ? `${modelName}:${tableName}`\n : modelName\n}\n\nfunction resolveContext<TActor extends object>(actor: TActor | null): AuthorizationActorContext<TActor>\nfunction resolveContext<TActor extends object, TGuardName extends string>(\n actor: TActor | null,\n guard: TGuardName,\n): AuthorizationGuardActorContext<TActor, TGuardName>\nfunction resolveContext<TActor extends object, TGuardName extends string>(\n actor: TActor | null,\n guard?: TGuardName,\n): AuthorizationActorContext<TActor> | AuthorizationGuardActorContext<TActor, TGuardName> {\n const baseContext = {\n user: actor,\n authenticated: actor !== null,\n }\n\n if (typeof guard === 'string') {\n return Object.freeze({\n ...baseContext,\n guard,\n })\n }\n\n return Object.freeze(baseContext)\n}\n\nfunction createAuthorizationError(decision: AuthorizationDecision): Error {\n const customError = getAuthorizationRuntimeState().authIntegration?.createError?.(decision)\n if (customError) {\n return customError\n }\n\n return new AuthorizationErrorClass(\n decision.message ?? 'You are not authorized to perform this action.',\n decision,\n )\n}\n\nfunction normalizeResult(outcome: AuthorizationDecisionInput | Promise<AuthorizationDecisionInput>): Promise<AuthorizationDecision> {\n return Promise.resolve(outcome).then(result => normalizeAuthorizationDecision(result))\n}\n\nasync function evaluateBeforeHook(\n before: AuthorizationPolicyBeforeHandler<object, AuthorizationPolicyTarget> | undefined,\n context: AuthorizationActorContext<object> | AuthorizationGuardActorContext<object, string>,\n target: AuthorizationPolicyTarget | object,\n): Promise<AuthorizationDecision | undefined> {\n if (!before) {\n return undefined\n }\n\n const outcome = await before(context, target as AuthorizationPolicyTarget & object)\n if (typeof outcome === 'undefined') {\n return undefined\n }\n\n return normalizeAuthorizationDecision(outcome)\n}\n\nasync function evaluatePolicyByTarget(\n actor: object | null,\n action: string,\n target: AuthorizationPolicyTarget | object,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const policy = getPolicyByTarget(target)\n const context = typeof guard === 'string'\n ? resolveContext(actor, guard)\n : resolveContext(actor)\n if (typeof target === 'function' || isAuthorizationTargetModel(target)) {\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.class?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for the selected target.`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n }\n\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.record?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for the selected target.`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n}\n\nasync function evaluatePolicyByName(\n actor: object | null,\n policyName: string,\n action: string,\n target: AuthorizationPolicyTarget | object,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const policy = getPolicyByName(policyName)\n assertPolicyMatchesTarget(policy, policyName, target)\n\n const context = typeof guard === 'string'\n ? resolveContext(actor, guard)\n : resolveContext(actor)\n if (typeof target === 'function' || isAuthorizationTargetModel(target)) {\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.class?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for policy \"${policyName}\".`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n }\n\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.record?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for policy \"${policyName}\".`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n}\n\nasync function evaluateAbility<TInput extends object>(\n actor: object | null,\n abilityName: string,\n input: TInput,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const ability = getAbilityByName(abilityName)\n const context = typeof guard === 'string'\n ? resolveContext(actor, guard)\n : resolveContext(actor)\n return await normalizeResult(ability.handle(context, input))\n}\n\nfunction createPolicyBuilder<TPolicyName extends HoloPolicyName>(\n resolveActor: () => Promise<object | null> | object | null,\n policyName: TPolicyName,\n guard?: string,\n): AuthorizationPolicyBuilder<TPolicyName> {\n return Object.freeze({\n async authorize<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n return decision.allowed\n },\n async cannot<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n return !decision.allowed\n },\n async inspect<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n },\n }) as unknown as AuthorizationPolicyBuilder<TPolicyName>\n}\n\nfunction createAbilityBuilder<TAbilityName extends HoloAbilityName>(\n resolveActor: () => Promise<object | null> | object | null,\n abilityName: TAbilityName,\n guard?: string,\n): AuthorizationAbilityBuilder<TAbilityName> {\n return Object.freeze({\n async authorize(input: AbilityInput<TAbilityName>): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can(input: AbilityInput<TAbilityName>): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n return decision.allowed\n },\n async cannot(input: AbilityInput<TAbilityName>): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n return !decision.allowed\n },\n async inspect(input: AbilityInput<TAbilityName>): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluateAbility(actor, String(abilityName), input, guard)\n },\n })\n}\n\nfunction createActorAuthorization(\n resolveActor: () => Promise<object | null> | object | null,\n guard?: string,\n): AuthorizationActorBuilder {\n return Object.freeze({\n async authorize<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n return decision.allowed\n },\n async cannot<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n return !decision.allowed\n },\n async inspect<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n },\n policy<TPolicyName extends HoloPolicyName>(name: TPolicyName) {\n return createPolicyBuilder(resolveActor, name, guard)\n },\n ability<TAbilityName extends HoloAbilityName>(name: TAbilityName) {\n return createAbilityBuilder(resolveActor, name, guard)\n },\n }) as AuthorizationActorBuilder\n}\n\nexport function forUser<TActor extends object>(actor: TActor | null): AuthorizationActorBuilder {\n return createActorAuthorization(() => Promise.resolve(actor))\n}\n\nfunction getResolvedAuthActorContext(): {\n readonly resolveActor: () => Promise<object | null>\n readonly guard: string | undefined\n} {\n const integration = getAuthorizationAuthIntegration()\n return {\n resolveActor: () => Promise.resolve(integration.resolveDefaultActor()),\n guard: undefined,\n }\n}\n\nfunction getResolvedAuthGuardActorContext(name: string): {\n readonly resolveActor: () => Promise<object | null>\n readonly guard: string\n} {\n const integration = getAuthorizationAuthIntegration()\n if (!integration.hasGuard(name)) {\n throw new AuthorizationGuardNotFoundError(`[@holo-js/authorization] Guard \"${name}\" was not found.`)\n }\n\n return {\n resolveActor: () => Promise.resolve(integration.resolveGuardActor(name)),\n guard: name,\n }\n}\n\nexport async function authorize<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<void> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n}\n\nexport async function can<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<boolean> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n return decision.allowed\n}\n\nexport async function cannot<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<boolean> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n return !decision.allowed\n}\n\nexport async function inspect<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<AuthorizationDecision> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n return await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n}\n\nexport function guard<TGuardName extends HoloAuthorizationGuardName>(name: TGuardName): AuthorizationActorBuilder {\n const { resolveActor, guard: resolvedGuard } = getResolvedAuthGuardActorContext(String(name))\n return createActorAuthorization(resolveActor, resolvedGuard)\n}\n\nexport const authorizationInternals = Object.freeze({\n getAuthorizationRuntimeState,\n resetAuthorizationRuntimeState,\n configureAuthorizationAuthIntegration,\n resetAuthorizationAuthIntegration,\n getAuthorizationAuthIntegration,\n getPolicyByName,\n getAbilityByName,\n getPolicyByTarget,\n evaluatePolicyByTarget,\n evaluatePolicyByName,\n evaluateAbility,\n registerPolicyDefinition,\n registerAbilityDefinition,\n unregisterPolicyDefinition,\n unregisterAbilityDefinition,\n})\n\nexport {\n allow,\n deny,\n denyAsNotFound,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationErrorClass as AuthorizationError,\n PolicyNotFoundError as AuthorizationPolicyNotFoundError,\n}\n","import type { AuthorizationFacade } from './contracts'\n\nexport {\n allow,\n deny,\n denyAsNotFound,\n isAuthorizationAbilityDefinition,\n isAuthorizationDecision,\n isAuthorizationPolicyDefinition,\n normalizeAuthorizationDecision,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationError,\n AuthorizationGuardNotFoundError,\n AuthorizationPolicyNotFoundError,\n} from './contracts'\nexport type {\n AbilityInput,\n AuthorizationActorBuilder,\n AuthorizationActorContext,\n AuthorizationAbilityBuilder,\n AuthorizationAbilityHandler,\n AuthorizationAbilityRegistry,\n AuthorizationAbilityRegistryEntry,\n AuthorizationDecision,\n AuthorizationDecisionInput,\n AuthorizationDecisionStatus,\n AuthorizationFacade,\n AuthorizationGuardActorContext,\n AuthorizationPolicyBeforeHandler,\n AuthorizationPolicyBuilder,\n AuthorizationPolicyClassHandler,\n AuthorizationPolicyDefinition,\n AuthorizationPolicyRegistry,\n AuthorizationPolicyRecordHandler,\n AuthorizationPolicyRegistryEntry,\n AuthorizationPolicyTarget,\n AuthorizationTargetConstructor,\n AuthorizationTargetInstance,\n AuthorizationTargetModel,\n AuthorizationTargetModelDefinition,\n HoloAbilityName,\n HoloAuthorizationGuardName,\n HoloPolicyName,\n PolicyActionFor,\n PolicyActionForPolicy,\n PolicyClassActionFor,\n PolicyClassActionForPolicy,\n PolicyInstanceForPolicy,\n PolicyRecordActionFor,\n PolicyRecordActionForPolicy,\n PolicyTargetForPolicy,\n} from './contracts'\nexport {\n authorize,\n authorizationInternals,\n can,\n cannot,\n defineAbility,\n definePolicy,\n forUser,\n guard,\n inspect,\n} from './runtime'\n\nimport { authorize, can, cannot, forUser, guard, inspect } from './runtime'\n\nconst authorization: AuthorizationFacade = Object.freeze({\n forUser,\n guard,\n authorize,\n can,\n cannot,\n inspect,\n})\n\nexport default authorization\n"]}
1
+ {"version":3,"sources":["../src/runtime.ts","../src/index.ts"],"names":["guard","handler"],"mappings":";;;;AA6CA,IAAM,6BAAA,mBAAgC,MAAA,CAAO,GAAA,CAAI,qCAAqC,CAAA;AA6BtF,SAAS,+BAAA,GAA6D;AACpE,EAAA,OAAO;AAAA,IACL,cAAA,sBAAoB,GAAA,EAAI;AAAA,IACxB,sBAAA,sBAA4B,OAAA,EAAQ;AAAA,IACpC,uBAAA,sBAA6B,GAAA,EAAI;AAAA,IACjC,eAAA,sBAAqB,GAAA,EAAI;AAAA,IACzB,eAAA,EAAiB;AAAA,GACnB;AACF;AAEA,SAAS,4BAAA,GAA0D;AACjE,EAAA,MAAM,OAAA,GAAU,UAAA;AAIhB,EAAA,OAAA,CAAQ,iCAAiC,+BAAA,EAAgC;AACzE,EAAA,OAAO,OAAA,CAAQ,4BAAA;AACjB;AAEA,SAAS,8BAAA,GAAuC;AAC9C,EAAA,MAAM,OAAA,GAAU,UAAA;AAIhB,EAAA,OAAA,CAAQ,+BAA+B,+BAAA,EAAgC;AACzE;AAEA,SAAS,sCAAsC,WAAA,EAAkD;AAC/F,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,KAAA,CAAM,kBAAkB,WAAA,IAAe,IAAA;AACzC;AAEA,SAAS,iCAAA,GAA0C;AACjD,EAAA,4BAAA,GAA+B,eAAA,GAAkB,IAAA;AACnD;AAEA,SAAS,+BAAA,GAAgE;AACvE,EAAA,MAAM,WAAA,GAAc,8BAA6B,CAAE,eAAA;AACnD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,yCAAyC,kEAAkE,CAAA;AAAA,EACvH;AAEA,EAAA,OAAO,WAAA;AACT;AAEA,SAAS,oBAA0C,IAAA,EAAoB;AACrE,EAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAC1B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,UAAU,kEAAkE,CAAA;AAAA,EACxF;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,qBAA2C,IAAA,EAAoB;AACtE,EAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAC1B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,UAAU,mEAAmE,CAAA;AAAA,EACzF;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,gBAA2D,MAAA,EAA0B;AAC5F,EAAA,IAAI,OAAO,WAAW,UAAA,EAAY;AAChC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAI,UAAU,yFAAyF,CAAA;AAC/G;AAEA,SAAS,mBAAA,CACP,OACA,KAAA,EACU;AACV,EAAA,IAAI,OAAO,UAAU,WAAA,EAAa;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,SAAS,OAAO,KAAA,KAAU,YAAY,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC/D,IAAA,MAAM,IAAI,SAAA,CAAU,CAAA,yBAAA,EAA4B,KAAK,CAAA,sCAAA,CAAwC,CAAA;AAAA,EAC/F;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,kBAAA,CACP,OACA,KAAA,EACM;AACN,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,CAAC,IAAA,EAAM,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnD,IAAA,IAAI,OAAO,YAAY,UAAA,EAAY;AACjC,MAAA,MAAM,IAAI,SAAA,CAAU,CAAA,yBAAA,EAA4B,KAAK,CAAA,CAAA,EAAI,IAAI,CAAA,oBAAA,CAAsB,CAAA;AAAA,IACrF;AAAA,EACF;AACF;AAEA,SAAS,yBAAyB,UAAA,EAA4G;AAC5I,EAAA,kBAAA,CAAmB,UAAA,CAAW,OAAO,cAAc,CAAA;AACnD,EAAA,kBAAA,CAAmB,UAAA,CAAW,QAAQ,eAAe,CAAA;AACrD,EAAA,IAAI,UAAA,CAAW,MAAA,IAAU,OAAO,UAAA,CAAW,WAAW,UAAA,EAAY;AAChE,IAAA,MAAM,IAAI,UAAU,0EAA0E,CAAA;AAAA,EAChG;AACF;AAEA,SAAS,0BAA0B,UAAA,EAA0E;AAC3G,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,KAAW,UAAA,EAAY;AAC3C,IAAA,MAAM,IAAI,UAAU,8DAA8D,CAAA;AAAA,EACpF;AACF;AAEA,SAAS,yBAA+D,UAAA,EAAsC;AAC5G,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,UAAA,CAAW,IAAI,CAAA,EAAG;AAC7C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,iCAAA,EAAoC,UAAA,CAAW,IAAI,CAAA,wBAAA,CAA0B,CAAA;AAAA,EAC/F;AAEA,EAAA,IAAI,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AACvD,IAAA,MAAM,IAAI,MAAM,0EAA0E,CAAA;AAAA,EAC5F;AAEA,EAAA,MAAM,aAAA,GAAgB,yBAAA,CAA0B,UAAA,CAAW,MAAM,CAAA;AACjE,EAAA,IAAI,aAAA,IAAiB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,aAAa,CAAA,EAAG;AACrE,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,+EAAA,EAAkF,aAAa,CAAA,EAAA,CAAI,CAAA;AAAA,EACrH;AAEA,EAAA,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,UAAA,CAAW,IAAA,EAAM,UAAU,CAAA;AACpD,EAAA,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,UAAA,CAAW,MAAA,EAAQ,UAAU,CAAA;AAC9D,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,aAAA,EAAe,UAAU,CAAA;AAAA,EAC7D;AACA,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,0BAAiE,UAAA,EAAsC;AAC9G,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,KAAA,CAAM,eAAA,CAAgB,GAAA,CAAI,UAAA,CAAW,IAAI,CAAA,EAAG;AAC9C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,kCAAA,EAAqC,UAAA,CAAW,IAAI,CAAA,wBAAA,CAA0B,CAAA;AAAA,EAChG;AAEA,EAAA,KAAA,CAAM,eAAA,CAAgB,GAAA,CAAI,UAAA,CAAW,IAAA,EAAM,UAAU,CAAA;AACrD,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,2BAA2B,IAAA,EAAoB;AACtD,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,MAAM,UAAA,GAAa,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,IAAI,CAAA;AAChD,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,CAAM,cAAA,CAAe,OAAO,IAAI,CAAA;AAChC,EAAA,KAAA,CAAM,sBAAA,CAAuB,MAAA,CAAO,UAAA,CAAW,MAAM,CAAA;AACrD,EAAA,MAAM,aAAA,GAAgB,yBAAA,CAA0B,UAAA,CAAW,MAAM,CAAA;AACjE,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,KAAA,CAAM,uBAAA,CAAwB,OAAO,aAAa,CAAA;AAAA,EACpD;AACF;AAEA,SAAS,4BAA4B,IAAA,EAAoB;AACvD,EAAA,4BAAA,EAA6B,CAAE,eAAA,CAAgB,MAAA,CAAO,IAAI,CAAA;AAC5D;AAEA,SAAS,uBAA6D,UAAA,EAAsC;AAC1G,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,GAAG,UAAA;AAAA,IACH,KAAA,EAAO,UAAA,CAAW,KAAA,GAAQ,MAAA,CAAO,MAAA,CAAO,EAAE,GAAG,UAAA,CAAW,KAAA,EAAO,CAAA,GAAI,UAAA,CAAW,KAAA;AAAA,IAC9E,MAAA,EAAQ,UAAA,CAAW,MAAA,GAAS,MAAA,CAAO,MAAA,CAAO,EAAE,GAAG,UAAA,CAAW,MAAA,EAAQ,CAAA,GAAI,UAAA,CAAW;AAAA,GAClF,CAAA;AACH;AAEA,SAAS,wBAA+D,UAAA,EAAsC;AAC5G,EAAA,OAAO,MAAA,CAAO,OAAO,UAAU,CAAA;AACjC;AAEO,SAAS,YAAA,CASd,IAAA,EACA,MAAA,EACA,UAAA,EAWA;AACA,EAAA,MAAM,cAAA,GAAiB,oBAAoB,IAAI,CAAA;AAC/C,EAAA,MAAM,gBAAA,GAAmB,gBAAgB,MAAM,CAAA;AAC/C,EAAA,MAAM,eAAA,GAAkB,mBAAA,CAAoB,UAAA,CAAW,KAAA,EAAO,cAAc,CAAA;AAC5E,EAAA,MAAM,gBAAA,GAAmB,mBAAA,CAAoB,UAAA,CAAW,MAAA,EAAQ,eAAe,CAAA;AAC/E,EAAA,MAAM,iBAAA,GAAoB;AAAA,IACxB,CAAC,2BAA2B,GAAG,IAAA;AAAA,IAC/B,IAAA,EAAM,cAAA;AAAA,IACN,MAAA,EAAQ,gBAAA;AAAA,IACR,QAAQ,UAAA,CAAW,MAAA;AAAA,IACnB,KAAA,EAAO,eAAA;AAAA,IACP,MAAA,EAAQ;AAAA,GACV;AACA,EAAA,wBAAA,CAAyB,iBAAiB,CAAA;AAE1C,EAAA,MAAM,UAAA,GAAa,wBAAA,CAAyB,sBAAA,CAAuB,iBAAiB,CAAC,CAAA;AAErF,EAAA,OAAO,UAAA;AAOT;AAEO,SAAS,aAAA,CAId,MACA,MAAA,EAC+C;AAC/C,EAAA,MAAM,cAAA,GAAiB,qBAAqB,IAAI,CAAA;AAChD,EAAA,MAAM,iBAAA,GAAoB;AAAA,IACxB,CAAC,4BAA4B,GAAG,IAAA;AAAA,IAChC,IAAA,EAAM,cAAA;AAAA,IACN;AAAA,GACF;AACA,EAAA,yBAAA,CAA0B,iBAAiB,CAAA;AAE3C,EAAA,MAAM,UAAA,GAAa,yBAAA,CAA0B,uBAAA,CAAwB,iBAAiB,CAAC,CAAA;AAEvF,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,gBAAgB,IAAA,EAAgC;AACvD,EAAA,MAAM,MAAA,GAAS,4BAAA,EAA6B,CAAE,cAAA,CAAe,IAAI,IAAI,CAAA;AACrE,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,gCAAA,CAAoB,CAAA,iCAAA,EAAoC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EAC1F;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,iBAAiB,IAAA,EAAiC;AACzD,EAAA,MAAM,OAAA,GAAU,4BAAA,EAA6B,CAAE,eAAA,CAAgB,IAAI,IAAI,CAAA;AACvE,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,iCAAA,CAAkC,CAAA,kCAAA,EAAqC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EACzG;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,kBAAkB,MAAA,EAA8D;AACvF,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,OAAO,MAAA,KAAW,UAAA,IAAc,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtE,IAAA,MAAM,YAAA,GAAe,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,MAAM,CAAA;AAC5D,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO,YAAA;AAAA,IACT;AAEA,IAAA,MAAM,mBAAA,GAAsB,0BAA0B,MAAM,CAAA;AAC5D,IAAA,IAAI,mBAAA,EAAqB;AACvB,MAAA,MAAM,gBAAA,GAAmB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,mBAAmB,CAAA;AAC9E,MAAA,IAAI,gBAAA,EAAkB;AACpB,QAAA,OAAO,gBAAA;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,MAAM,iBAAA,GAAoB,qBAAqB,MAAM,CAAA;AACrD,EAAA,IAAI,iBAAA,EAAmB;AACrB,IAAA,MAAM,iBAAA,GAAoB,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,iBAAiB,CAAA;AAC5E,IAAA,IAAI,iBAAA,EAAmB;AACrB,MAAA,OAAO,iBAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,MAAM,qBAAA,GAAwB,kCAAkC,MAAM,CAAA;AACtE,EAAA,IAAI,qBAAA,EAAuB;AACzB,IAAA,MAAM,gBAAA,GAAmB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,qBAAqB,CAAA;AAChF,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,OAAO,gBAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,iCAAoB,0EAA0E,CAAA;AAC1G;AAEA,SAAS,yBAAA,CACP,MAAA,EACA,UAAA,EACA,MAAA,EACM;AACN,EAAA,MAAM,YAAA,GAAe,kBAAkB,MAAM,CAAA;AAC7C,EAAA,IAAI,iBAAiB,MAAA,EAAQ;AAC3B,IAAA,MAAM,IAAI,gCAAA,CAAoB,CAAA,iCAAA,EAAoC,UAAU,CAAA,wCAAA,CAA0C,CAAA;AAAA,EACxH;AACF;AAEA,SAAS,qBAAqB,MAAA,EAAuD;AACnF,EAAA,MAAM,YAAa,MAAA,CAAwE,WAAA;AAC3F,EAAA,OAAO,gCAAA,CAAiC,SAAS,CAAA,GAC7C,SAAA,GACA,IAAA;AACN;AAEA,SAAS,iCAAiC,KAAA,EAAyD;AACjG,EAAA,OAAO,OAAO,KAAA,KAAU,UAAA,IACnB,WAAA,IAAe,KAAA;AACtB;AAEA,SAAS,2BAA2B,KAAA,EAA2D;AAC7F,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,UAAU,QAAA,IAAY,EAAE,gBAAgB,KAAA,CAAA,EAAQ;AACnE,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAA,GAAY,KAAA;AAQlB,EAAA,MAAM,QAAQ,SAAA,CAAU,KAAA;AACxB,EAAA,IAAI,CAAC,oCAAA,CAAqC,SAAA,CAAU,UAAU,CAAA,IAAK,OAAO,UAAU,UAAA,EAAY;AAC9F,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,SAAA,CAAU,aAAA,KAAkB,UAAA,EAAY;AACjD,IAAA,OAAO,6BAAA,EAA8B,CAAE,GAAA,CAAI,KAAK,CAAA,IAC3C,OAAO,SAAA,CAAU,QAAA,KAAa,UAAA,IAC9B,OAAO,SAAA,CAAU,aAAA,KAAkB,UAAA;AAAA,EAC1C;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,WAAA,GAAc,KAAA,CAAM,IAAA,CAAK,SAAS,CAAA;AACxC,IAAA,OAAO,CAAC,CAAC,WAAA,IACJ,OAAO,WAAA,KAAgB,QAAA,IACvB,OAAQ,WAAA,CAAoC,KAAA,KAAU,UAAA,IACtD,OAAQ,WAAA,CAA0C,WAAA,KAAgB,UAAA;AAAA,EACzE,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEA,SAAS,qCAAqC,KAAA,EAA6D;AACzG,EAAA,OAAO,CAAC,CAAC,KAAA,IACJ,OAAO,KAAA,KAAU,YACjB,MAAA,IAAU,KAAA,IACV,OAAQ,KAAA,CAA6B,IAAA,KAAS,QAAA;AACrD;AAEA,SAAS,6BAAA,GAAiD;AACxD,EAAA,MAAM,cAAA,GAAiB,UAAA;AACvB,EAAA,OAAO,cAAA,CAAe,6BAA6B,CAAA,oBAAK,IAAI,OAAA,EAAgB;AAC9E;AAEA,SAAS,0BAA0B,MAAA,EAAkD;AACnF,EAAA,IAAI,CAAC,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACvC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,kBAAA,CAAmB,OAAO,UAAU,CAAA;AAC7C;AAEA,SAAS,kCAAkC,MAAA,EAA+B;AACxE,EAAA,MAAM,SAAA,GAAY,MAAA;AAMlB,EAAA,IAAI,OAAO,SAAA,CAAU,aAAA,KAAkB,UAAA,EAAY;AACjD,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAa,UAAU,aAAA,EAAc;AAC3C,EAAA,IAAI,CAAC,UAAA,IAAc,OAAO,eAAe,QAAA,IAAY,EAAE,gBAAgB,UAAA,CAAA,EAAa;AAClF,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,aAAc,UAAA,CAAwC,UAAA;AAC5D,EAAA,OAAO,oCAAA,CAAqC,UAAU,CAAA,GAClD,kBAAA,CAAmB,UAAU,CAAA,GAC7B,IAAA;AACN;AAEA,SAAS,mBAAmB,UAAA,EAAwD;AAClF,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,KAAA,EAAO,SAAA,EAAW,IAAA,EAAK;AACpD,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,IAAA,CAAK,IAAA,EAAK;AACvC,EAAA,OAAO,SAAA,GACH,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA,GACzB,SAAA;AACN;AAOA,SAAS,cAAA,CACP,OACAA,MAAAA,EACwF;AACxF,EAAA,MAAM,WAAA,GAAc;AAAA,IAClB,IAAA,EAAM,KAAA;AAAA,IACN,eAAe,KAAA,KAAU;AAAA,GAC3B;AAEA,EAAA,IAAI,OAAOA,WAAU,QAAA,EAAU;AAC7B,IAAA,OAAO,OAAO,MAAA,CAAO;AAAA,MACnB,GAAG,WAAA;AAAA,MACH,KAAA,EAAAA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,MAAA,CAAO,OAAO,WAAW,CAAA;AAClC;AAEA,SAAS,yBAAyB,QAAA,EAAwC;AACxE,EAAA,MAAM,WAAA,GAAc,4BAAA,EAA6B,CAAE,eAAA,EAAiB,cAAc,QAAQ,CAAA;AAC1F,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,WAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAI,kBAAA;AAAA,IACT,SAAS,OAAA,IAAW,gDAAA;AAAA,IACpB;AAAA,GACF;AACF;AAEA,SAAS,gBAAgB,OAAA,EAA2G;AAClI,EAAA,OAAO,OAAA,CAAQ,QAAQ,OAAO,CAAA,CAAE,KAAK,CAAA,MAAA,KAAU,8BAAA,CAA+B,MAAM,CAAC,CAAA;AACvF;AAEA,eAAe,kBAAA,CACb,MAAA,EACA,OAAA,EACA,MAAA,EAC4C;AAC5C,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,OAAA,EAAS,MAA4C,CAAA;AAClF,EAAA,IAAI,OAAO,YAAY,WAAA,EAAa;AAClC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,+BAA+B,OAAO,CAAA;AAC/C;AAEA,eAAe,uBACb,MAAA,EACA,KAAA,EACA,MAAA,EACA,MAAA,EACA,qBACAA,MAAAA,EACgC;AAChC,EAAA,MAAM,OAAA,GAAU,OAAOA,MAAAA,KAAU,QAAA,GAC7B,eAAe,KAAA,EAAOA,MAAK,CAAA,GAC3B,cAAA,CAAe,KAAK,CAAA;AACxB,EAAA,MAAM,iBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,MAAA,KAAW,UAAA,IAAc,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtE,IAAA,MAAMC,QAAAA,GAAU,MAAA,CAAO,KAAA,GAAQ,MAAM,CAAA;AACrC,IAAA,IAAI,CAACA,QAAAA,EAAS;AACZ,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,CAAA,wCAAA,EAA2C,MAAM,CAAA,qBAAA,EAAwB,mBAAmB,CAAA,CAAA,CAAA;AAAA,QAC5F,IAAA;AAAK,OACP;AAAA,IACF;AAEA,IAAA,OAAO,MAAM,eAAA,CAAgBA,QAAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,MAAA,GAAS,MAAM,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,CAAA,wCAAA,EAA2C,MAAM,CAAA,qBAAA,EAAwB,mBAAmB,CAAA,CAAA,CAAA;AAAA,MAC5F,IAAA;AAAK,KACP;AAAA,EACF;AACA,EAAA,OAAO,MAAM,eAAA,CAAgB,OAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AACvD;AAEA,eAAe,sBAAA,CACb,KAAA,EACA,MAAA,EACA,MAAA,EACAD,MAAAA,EACgC;AAChC,EAAA,MAAM,MAAA,GAAS,kBAAkB,MAAM,CAAA;AACvC,EAAA,OAAO,MAAM,sBAAA,CAAuB,MAAA,EAAQ,OAAO,MAAA,EAAQ,MAAA,EAAQ,uBAAuBA,MAAK,CAAA;AACjG;AAEA,eAAe,oBAAA,CACb,KAAA,EACA,UAAA,EACA,MAAA,EACA,QACAA,MAAAA,EACgC;AAChC,EAAA,MAAM,MAAA,GAAS,gBAAgB,UAAU,CAAA;AACzC,EAAA,yBAAA,CAA0B,MAAA,EAAQ,YAAY,MAAM,CAAA;AAEpD,EAAA,OAAO,MAAM,uBAAuB,MAAA,EAAQ,KAAA,EAAO,QAAQ,MAAA,EAAQ,CAAA,QAAA,EAAW,UAAU,CAAA,CAAA,CAAA,EAAKA,MAAK,CAAA;AACpG;AAEA,eAAe,eAAA,CACb,KAAA,EACA,WAAA,EACA,KAAA,EACAA,MAAAA,EACgC;AAChC,EAAA,MAAM,OAAA,GAAU,iBAAiB,WAAW,CAAA;AAC5C,EAAA,MAAM,OAAA,GAAU,OAAOA,MAAAA,KAAU,QAAA,GAC7B,eAAe,KAAA,EAAOA,MAAK,CAAA,GAC3B,cAAA,CAAe,KAAK,CAAA;AACxB,EAAA,OAAO,MAAM,eAAA,CAAgB,OAAA,CAAQ,MAAA,CAAO,OAAA,EAAS,KAAK,CAAC,CAAA;AAC7D;AAEA,SAAS,mBAAA,CACP,YAAA,EACA,UAAA,EACAA,MAAAA,EACyC;AACzC,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,SAAA,CAAmB,MAAA,EAAqD,MAAA,EAAgC;AAC5G,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,GAAA,CAAa,MAAA,EAAqD,MAAA,EAAmC;AACzG,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,MAAA,CAAgB,MAAA,EAAqD,MAAA,EAAmC;AAC5G,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,OAAA,CAAiB,MAAA,EAAqD,MAAA,EAAiD;AAC3H,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,GAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAAA,IAClI;AAAA,GACD,CAAA;AACH;AAEA,SAAS,oBAAA,CACP,YAAA,EACA,WAAA,EACAA,MAAAA,EAC2C;AAC3C,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,UAAU,KAAA,EAAkD;AAChE,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,IAAI,KAAA,EAAqD;AAC7D,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,OAAO,KAAA,EAAqD;AAChE,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,QAAQ,KAAA,EAAmE;AAC/E,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAAA,IACvE;AAAA,GACD,CAAA;AACH;AAEA,SAAS,wBAAA,CACP,cACAA,MAAAA,EAC2B;AAC3B,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,SAAA,CAA8D,MAAA,EAAkC,MAAA,EAAgC;AACpI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,GAAA,CAAwD,MAAA,EAAkC,MAAA,EAAmC;AACjI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,MAAA,CAA2D,MAAA,EAAkC,MAAA,EAAmC;AACpI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,OAAA,CAA4D,MAAA,EAAkC,MAAA,EAAiD;AACnJ,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AAAA,IAChH,CAAA;AAAA,IACA,OAA2C,IAAA,EAAmB;AAC5D,MAAA,OAAO,mBAAA,CAAoB,YAAA,EAAc,IAAA,EAAMA,MAAK,CAAA;AAAA,IACtD,CAAA;AAAA,IACA,QAA8C,IAAA,EAAoB;AAChE,MAAA,OAAO,oBAAA,CAAqB,YAAA,EAAc,IAAA,EAAMA,MAAK,CAAA;AAAA,IACvD;AAAA,GACD,CAAA;AACH;AAEO,SAAS,QAA+B,KAAA,EAAiD;AAC9F,EAAA,OAAO,wBAAA,CAAyB,MAAM,OAAA,CAAQ,OAAA,CAAQ,KAAK,CAAC,CAAA;AAC9D;AAEA,SAAS,2BAAA,GAGP;AACA,EAAA,MAAM,cAAc,+BAAA,EAAgC;AACpD,EAAA,OAAO;AAAA,IACL,cAAc,MAAM,OAAA,CAAQ,OAAA,CAAQ,WAAA,CAAY,qBAAqB,CAAA;AAAA,IACrE,KAAA,EAAO;AAAA,GACT;AACF;AAEA,SAAS,iCAAiC,IAAA,EAGxC;AACA,EAAA,MAAM,cAAc,+BAAA,EAAgC;AACpD,EAAA,IAAI,CAAC,WAAA,CAAY,QAAA,CAAS,IAAI,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,+BAAA,CAAgC,CAAA,gCAAA,EAAmC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EACrG;AAEA,EAAA,OAAO;AAAA,IACL,cAAc,MAAM,OAAA,CAAQ,QAAQ,WAAA,CAAY,iBAAA,CAAkB,IAAI,CAAC,CAAA;AAAA,IACvE,KAAA,EAAO;AAAA,GACT;AACF;AAEA,eAAsB,SAAA,CACpB,QACA,MAAA,EACe;AACf,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,IAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,EACzC;AACF;AAEA,eAAsB,GAAA,CACpB,QACA,MAAA,EACkB;AAClB,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,OAAO,QAAA,CAAS,OAAA;AAClB;AAEA,eAAsB,MAAA,CACpB,QACA,MAAA,EACkB;AAClB,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AACnB;AAEA,eAAsB,OAAA,CACpB,QACA,MAAA,EACgC;AAChC,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,OAAO,MAAM,sBAAA,CAAuB,KAAA,EAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACzG;AAEO,SAAS,MAAqD,IAAA,EAA6C;AAChH,EAAA,MAAM,EAAE,cAAc,KAAA,EAAO,aAAA,KAAkB,gCAAA,CAAiC,MAAA,CAAO,IAAI,CAAC,CAAA;AAC5F,EAAA,OAAO,wBAAA,CAAyB,cAAc,aAAa,CAAA;AAC7D;AAEO,IAAM,sBAAA,GAAyB,OAAO,MAAA,CAAO;AAAA,EAClD,4BAAA;AAAA,EACA,8BAAA;AAAA,EACA,qCAAA;AAAA,EACA,iCAAA;AAAA,EACA,+BAAA;AAAA,EACA,eAAA;AAAA,EACA,gBAAA;AAAA,EACA,iBAAA;AAAA,EACA,sBAAA;AAAA,EACA,oBAAA;AAAA,EACA,eAAA;AAAA,EACA,wBAAA;AAAA,EACA,yBAAA;AAAA,EACA,0BAAA;AAAA,EACA;AACF,CAAC;;;ACluBD,IAAM,aAAA,GAAqC,OAAO,MAAA,CAAO;AAAA,EACvD,OAAA;AAAA,EACA,KAAA;AAAA,EACA,SAAA;AAAA,EACA,GAAA;AAAA,EACA,MAAA;AAAA,EACA;AACF,CAAC,CAAA;AAED,IAAO,WAAA,GAAQ","file":"index.mjs","sourcesContent":["import type {\n AuthorizationAbilityDefinition,\n AuthorizationAbilityBuilder,\n AuthorizationAbilityHandler,\n AuthorizationActorContext,\n AuthorizationActorBuilder,\n AuthorizationDecision,\n AuthorizationDecisionInput,\n AuthorizationGuardActorContext,\n AuthorizationPolicyClassHandler,\n AuthorizationPolicyBeforeHandler,\n AuthorizationPolicyBuilder,\n AuthorizationPolicyDefinition,\n AuthorizationPolicyRecordHandler,\n AuthorizationPolicyTarget,\n AuthorizationTargetModel,\n AuthorizationTargetModelDefinition,\n AuthorizationTargetConstructor,\n AuthorizationAbilityRegistry,\n AuthorizationPolicyRegistry,\n AbilityInput,\n HoloAbilityName,\n HoloPolicyName,\n HoloAuthorizationGuardName,\n PolicyActionFor,\n PolicyActionForPolicy,\n AbilityActorForName,\n PolicyActorForName,\n} from './contracts'\nimport {\n allow,\n deny,\n denyAsNotFound,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationError as AuthorizationErrorClass,\n AuthorizationPolicyNotFoundError as PolicyNotFoundError,\n AuthorizationGuardNotFoundError,\n AUTHORIZATION_POLICY_MARKER,\n AUTHORIZATION_ABILITY_MARKER,\n normalizeAuthorizationDecision,\n} from './contracts'\n\ntype RegisteredPolicy = AuthorizationPolicyDefinition<string, AuthorizationPolicyTarget, string, string, object>\ntype RegisteredAbility = AuthorizationAbilityDefinition<string, object, object>\nconst HOLO_MODEL_REFERENCE_REGISTRY = Symbol.for('holo-js.db.model-reference-registry')\n\ntype FallbackAuthorizationActor<TActor> = [TActor] extends [never]\n ? object\n : Extract<TActor, object>\n\ntype PolicyActorForDefinition<TName extends string> = [Extract<TName, keyof AuthorizationPolicyRegistry & string>] extends [never]\n ? object\n : FallbackAuthorizationActor<PolicyActorForName<Extract<TName, keyof AuthorizationPolicyRegistry & string>>>\n\ntype AbilityActorForDefinition<TName extends string> = [Extract<TName, keyof AuthorizationAbilityRegistry & string>] extends [never]\n ? object\n : FallbackAuthorizationActor<AbilityActorForName<Extract<TName, keyof AuthorizationAbilityRegistry & string>>>\n\ntype AuthorizationAuthIntegration = {\n hasGuard(guardName: string): boolean\n resolveDefaultActor(): Promise<object | null> | object | null\n resolveGuardActor(guardName: string): Promise<object | null> | object | null\n createError?(decision: AuthorizationDecision): Error\n}\n\ntype AuthorizationRuntimeState = {\n policiesByName: Map<string, RegisteredPolicy>\n policiesByTargetObject: WeakMap<object, RegisteredPolicy>\n policiesByDefinitionKey: Map<string, RegisteredPolicy>\n abilitiesByName: Map<string, RegisteredAbility>\n authIntegration: AuthorizationAuthIntegration | null\n}\n\nfunction createAuthorizationRuntimeState(): AuthorizationRuntimeState {\n return {\n policiesByName: new Map(),\n policiesByTargetObject: new WeakMap(),\n policiesByDefinitionKey: new Map(),\n abilitiesByName: new Map(),\n authIntegration: null,\n }\n}\n\nfunction getAuthorizationRuntimeState(): AuthorizationRuntimeState {\n const runtime = globalThis as typeof globalThis & {\n __holoAuthorizationRuntime__?: AuthorizationRuntimeState\n }\n\n runtime.__holoAuthorizationRuntime__ ??= createAuthorizationRuntimeState()\n return runtime.__holoAuthorizationRuntime__\n}\n\nfunction resetAuthorizationRuntimeState(): void {\n const runtime = globalThis as typeof globalThis & {\n __holoAuthorizationRuntime__?: AuthorizationRuntimeState\n }\n\n runtime.__holoAuthorizationRuntime__ = createAuthorizationRuntimeState()\n}\n\nfunction configureAuthorizationAuthIntegration(integration?: AuthorizationAuthIntegration): void {\n const state = getAuthorizationRuntimeState()\n state.authIntegration = integration ?? null\n}\n\nfunction resetAuthorizationAuthIntegration(): void {\n getAuthorizationRuntimeState().authIntegration = null\n}\n\nfunction getAuthorizationAuthIntegration(): AuthorizationAuthIntegration {\n const integration = getAuthorizationRuntimeState().authIntegration\n if (!integration) {\n throw new AuthorizationAuthIntegrationMissingError('[@holo-js/authorization] Auth integration is not configured yet.')\n }\n\n return integration\n}\n\nfunction normalizePolicyName<TName extends string>(name: TName): TName {\n const trimmed = name.trim()\n if (!trimmed) {\n throw new TypeError('[@holo-js/authorization] Policy name must be a non-empty string.')\n }\n\n return trimmed as TName\n}\n\nfunction normalizeAbilityName<TName extends string>(name: TName): TName {\n const trimmed = name.trim()\n if (!trimmed) {\n throw new TypeError('[@holo-js/authorization] Ability name must be a non-empty string.')\n }\n\n return trimmed as TName\n}\n\nfunction normalizeTarget<TTarget extends AuthorizationPolicyTarget>(target: TTarget): TTarget {\n if (typeof target === 'function') {\n return target\n }\n\n if (isAuthorizationTargetModel(target)) {\n return target\n }\n\n throw new TypeError('[@holo-js/authorization] Policy targets must be class constructors or model references.')\n}\n\nfunction normalizeHandlerMap<THandler extends Record<string, unknown> | undefined>(\n value: THandler,\n label: string,\n): THandler {\n if (typeof value === 'undefined') {\n return value\n }\n\n if (!value || typeof value !== 'object' || Array.isArray(value)) {\n throw new TypeError(`[@holo-js/authorization] ${label} must be a plain object when provided.`)\n }\n\n return value\n}\n\nfunction validateHandlerMap(\n value: Readonly<Record<string, unknown>> | undefined,\n label: string,\n): void {\n if (!value) {\n return\n }\n\n for (const [name, handler] of Object.entries(value)) {\n if (typeof handler !== 'function') {\n throw new TypeError(`[@holo-js/authorization] ${label}.${name} must be a function.`)\n }\n }\n}\n\nfunction validatePolicyDefinition(definition: AuthorizationPolicyDefinition<string, AuthorizationPolicyTarget, string, string, object>): void {\n validateHandlerMap(definition.class, 'policy.class')\n validateHandlerMap(definition.record, 'policy.record')\n if (definition.before && typeof definition.before !== 'function') {\n throw new TypeError('[@holo-js/authorization] policy.before must be a function when provided.')\n }\n}\n\nfunction validateAbilityDefinition(definition: AuthorizationAbilityDefinition<string, object, object>): void {\n if (typeof definition.handle !== 'function') {\n throw new TypeError('[@holo-js/authorization] Ability handler must be a function.')\n }\n}\n\nfunction registerPolicyDefinition<TDefinition extends RegisteredPolicy>(definition: TDefinition): TDefinition {\n const state = getAuthorizationRuntimeState()\n if (state.policiesByName.has(definition.name)) {\n throw new Error(`[@holo-js/authorization] Policy \"${definition.name}\" is already registered.`)\n }\n\n if (state.policiesByTargetObject.get(definition.target)) {\n throw new Error('[@holo-js/authorization] A policy is already registered for this target.')\n }\n\n const definitionKey = getDefinitionKeyForTarget(definition.target)\n if (definitionKey && state.policiesByDefinitionKey.has(definitionKey)) {\n throw new Error(`[@holo-js/authorization] A policy is already registered for target definition \"${definitionKey}\".`)\n }\n\n state.policiesByName.set(definition.name, definition)\n state.policiesByTargetObject.set(definition.target, definition)\n if (definitionKey) {\n state.policiesByDefinitionKey.set(definitionKey, definition)\n }\n return definition\n}\n\nfunction registerAbilityDefinition<TDefinition extends RegisteredAbility>(definition: TDefinition): TDefinition {\n const state = getAuthorizationRuntimeState()\n if (state.abilitiesByName.has(definition.name)) {\n throw new Error(`[@holo-js/authorization] Ability \"${definition.name}\" is already registered.`)\n }\n\n state.abilitiesByName.set(definition.name, definition)\n return definition\n}\n\nfunction unregisterPolicyDefinition(name: string): void {\n const state = getAuthorizationRuntimeState()\n const definition = state.policiesByName.get(name)\n if (!definition) {\n return\n }\n\n state.policiesByName.delete(name)\n state.policiesByTargetObject.delete(definition.target)\n const definitionKey = getDefinitionKeyForTarget(definition.target)\n if (definitionKey) {\n state.policiesByDefinitionKey.delete(definitionKey)\n }\n}\n\nfunction unregisterAbilityDefinition(name: string): void {\n getAuthorizationRuntimeState().abilitiesByName.delete(name)\n}\n\nfunction freezePolicyDefinition<TDefinition extends RegisteredPolicy>(definition: TDefinition): TDefinition {\n return Object.freeze({\n ...definition,\n class: definition.class ? Object.freeze({ ...definition.class }) : definition.class,\n record: definition.record ? Object.freeze({ ...definition.record }) : definition.record,\n }) as TDefinition\n}\n\nfunction freezeAbilityDefinition<TDefinition extends RegisteredAbility>(definition: TDefinition): TDefinition {\n return Object.freeze(definition) as TDefinition\n}\n\nexport function definePolicy<\n TName extends string,\n TTarget extends AuthorizationPolicyTarget,\n TDefinition extends {\n readonly before?: AuthorizationPolicyBeforeHandler<PolicyActorForDefinition<TName>, TTarget>\n readonly class?: Readonly<Record<string, AuthorizationPolicyClassHandler<PolicyActorForDefinition<TName>, TTarget>>>\n readonly record?: Readonly<Record<string, AuthorizationPolicyRecordHandler<PolicyActorForDefinition<TName>, TTarget>>>\n },\n>(\n name: TName,\n target: TTarget,\n definition: TDefinition & {\n readonly before?: AuthorizationPolicyBeforeHandler<PolicyActorForDefinition<TName>, TTarget>\n readonly class?: Readonly<Record<string, AuthorizationPolicyClassHandler<PolicyActorForDefinition<TName>, TTarget>>>\n readonly record?: Readonly<Record<string, AuthorizationPolicyRecordHandler<PolicyActorForDefinition<TName>, TTarget>>>\n },\n): AuthorizationPolicyDefinition<\n TName,\n TTarget,\n Extract<keyof NonNullable<TDefinition['class']>, string>,\n Extract<keyof NonNullable<TDefinition['record']>, string>,\n PolicyActorForDefinition<TName>\n> {\n const normalizedName = normalizePolicyName(name)\n const normalizedTarget = normalizeTarget(target)\n const normalizedClass = normalizeHandlerMap(definition.class, 'policy.class')\n const normalizedRecord = normalizeHandlerMap(definition.record, 'policy.record')\n const runtimeDefinition = {\n [AUTHORIZATION_POLICY_MARKER]: true,\n name: normalizedName,\n target: normalizedTarget,\n before: definition.before,\n class: normalizedClass,\n record: normalizedRecord,\n } as RegisteredPolicy\n validatePolicyDefinition(runtimeDefinition)\n\n const registered = registerPolicyDefinition(freezePolicyDefinition(runtimeDefinition))\n\n return registered as AuthorizationPolicyDefinition<\n TName,\n TTarget,\n Extract<keyof NonNullable<TDefinition['class']>, string>,\n Extract<keyof NonNullable<TDefinition['record']>, string>,\n PolicyActorForDefinition<TName>\n >\n}\n\nexport function defineAbility<\n TName extends string,\n TInput extends object,\n>(\n name: TName,\n handle: AuthorizationAbilityHandler<AbilityActorForDefinition<TName>, TInput>,\n): AuthorizationAbilityDefinition<TName, TInput> {\n const normalizedName = normalizeAbilityName(name)\n const runtimeDefinition = {\n [AUTHORIZATION_ABILITY_MARKER]: true,\n name: normalizedName,\n handle,\n } as unknown as RegisteredAbility\n validateAbilityDefinition(runtimeDefinition)\n\n const registered = registerAbilityDefinition(freezeAbilityDefinition(runtimeDefinition))\n\n return registered as unknown as AuthorizationAbilityDefinition<TName, TInput>\n}\n\nfunction getPolicyByName(name: string): RegisteredPolicy {\n const policy = getAuthorizationRuntimeState().policiesByName.get(name)\n if (!policy) {\n throw new PolicyNotFoundError(`[@holo-js/authorization] Policy \"${name}\" was not found.`)\n }\n\n return policy\n}\n\nfunction getAbilityByName(name: string): RegisteredAbility {\n const ability = getAuthorizationRuntimeState().abilitiesByName.get(name)\n if (!ability) {\n throw new AuthorizationAbilityNotFoundError(`[@holo-js/authorization] Ability \"${name}\" was not found.`)\n }\n\n return ability\n}\n\nfunction getPolicyByTarget(target: AuthorizationPolicyTarget | object): RegisteredPolicy {\n const state = getAuthorizationRuntimeState()\n if (typeof target === 'function' || isAuthorizationTargetModel(target)) {\n const directPolicy = state.policiesByTargetObject.get(target)\n if (directPolicy) {\n return directPolicy\n }\n\n const directDefinitionKey = getDefinitionKeyForTarget(target)\n if (directDefinitionKey) {\n const definitionPolicy = state.policiesByDefinitionKey.get(directDefinitionKey)\n if (definitionPolicy) {\n return definitionPolicy\n }\n }\n }\n\n const targetConstructor = getTargetConstructor(target)\n if (targetConstructor) {\n const constructorPolicy = state.policiesByTargetObject.get(targetConstructor)\n if (constructorPolicy) {\n return constructorPolicy\n }\n }\n\n const instanceDefinitionKey = getDefinitionKeyForTargetInstance(target)\n if (instanceDefinitionKey) {\n const definitionPolicy = state.policiesByDefinitionKey.get(instanceDefinitionKey)\n if (definitionPolicy) {\n return definitionPolicy\n }\n }\n\n throw new PolicyNotFoundError('[@holo-js/authorization] Policy definition was not found for the target.')\n}\n\nfunction assertPolicyMatchesTarget(\n policy: RegisteredPolicy,\n policyName: string,\n target: AuthorizationPolicyTarget | object,\n): void {\n const targetPolicy = getPolicyByTarget(target)\n if (targetPolicy !== policy) {\n throw new PolicyNotFoundError(`[@holo-js/authorization] Policy \"${policyName}\" was not found for the selected target.`)\n }\n}\n\nfunction getTargetConstructor(target: object): AuthorizationTargetConstructor | null {\n const candidate = (target as { constructor?: AuthorizationTargetConstructor | undefined }).constructor\n return isAuthorizationTargetConstructor(candidate)\n ? candidate\n : null\n}\n\nfunction isAuthorizationTargetConstructor(value: unknown): value is AuthorizationTargetConstructor {\n return typeof value === 'function'\n && 'prototype' in value\n}\n\nfunction isAuthorizationTargetModel(value: unknown): value is AuthorizationTargetModel<object> {\n if (!value || typeof value !== 'object' || !('definition' in value)) {\n return false\n }\n\n const candidate = value as {\n definition?: unknown\n getRepository?: unknown\n newModelQuery?: unknown\n newQuery?: unknown\n query?: () => unknown\n }\n\n const query = candidate.query\n if (!isAuthorizationTargetModelDefinition(candidate.definition) || typeof query !== 'function') {\n return false\n }\n\n if (typeof candidate.getRepository === 'function') {\n return getHoloModelReferenceRegistry().has(value)\n && typeof candidate.newQuery === 'function'\n && typeof candidate.newModelQuery === 'function'\n }\n\n try {\n const queryFacade = query.call(candidate)\n return !!queryFacade\n && typeof queryFacade === 'object'\n && typeof (queryFacade as { first?: unknown }).first === 'function'\n && typeof (queryFacade as { firstOrFail?: unknown }).firstOrFail === 'function'\n } catch {\n return false\n }\n}\n\nfunction isAuthorizationTargetModelDefinition(value: unknown): value is AuthorizationTargetModelDefinition {\n return !!value\n && typeof value === 'object'\n && 'name' in value\n && typeof (value as { name?: unknown }).name === 'string'\n}\n\nfunction getHoloModelReferenceRegistry(): WeakSet<object> {\n const registryGlobal = globalThis as typeof globalThis & Record<symbol, WeakSet<object> | undefined>\n return registryGlobal[HOLO_MODEL_REFERENCE_REGISTRY] ?? new WeakSet<object>()\n}\n\nfunction getDefinitionKeyForTarget(target: AuthorizationPolicyTarget): string | null {\n if (!isAuthorizationTargetModel(target)) {\n return null\n }\n\n return buildDefinitionKey(target.definition)\n}\n\nfunction getDefinitionKeyForTargetInstance(target: object): string | null {\n const candidate = target as {\n getRepository?: (() => {\n definition?: unknown\n }) | undefined\n }\n\n if (typeof candidate.getRepository !== 'function') {\n return null\n }\n\n const repository = candidate.getRepository()\n if (!repository || typeof repository !== 'object' || !('definition' in repository)) {\n return null\n }\n\n const definition = (repository as { definition?: unknown }).definition\n return isAuthorizationTargetModelDefinition(definition)\n ? buildDefinitionKey(definition)\n : null\n}\n\nfunction buildDefinitionKey(definition: AuthorizationTargetModelDefinition): string {\n const tableName = definition.table?.tableName?.trim()\n const modelName = definition.name.trim()\n return tableName\n ? `${modelName}:${tableName}`\n : modelName\n}\n\nfunction resolveContext<TActor extends object>(actor: TActor | null): AuthorizationActorContext<TActor>\nfunction resolveContext<TActor extends object, TGuardName extends string>(\n actor: TActor | null,\n guard: TGuardName,\n): AuthorizationGuardActorContext<TActor, TGuardName>\nfunction resolveContext<TActor extends object, TGuardName extends string>(\n actor: TActor | null,\n guard?: TGuardName,\n): AuthorizationActorContext<TActor> | AuthorizationGuardActorContext<TActor, TGuardName> {\n const baseContext = {\n user: actor,\n authenticated: actor !== null,\n }\n\n if (typeof guard === 'string') {\n return Object.freeze({\n ...baseContext,\n guard,\n })\n }\n\n return Object.freeze(baseContext)\n}\n\nfunction createAuthorizationError(decision: AuthorizationDecision): Error {\n const customError = getAuthorizationRuntimeState().authIntegration?.createError?.(decision)\n if (customError) {\n return customError\n }\n\n return new AuthorizationErrorClass(\n decision.message ?? 'You are not authorized to perform this action.',\n decision,\n )\n}\n\nfunction normalizeResult(outcome: AuthorizationDecisionInput | Promise<AuthorizationDecisionInput>): Promise<AuthorizationDecision> {\n return Promise.resolve(outcome).then(result => normalizeAuthorizationDecision(result))\n}\n\nasync function evaluateBeforeHook(\n before: AuthorizationPolicyBeforeHandler<object, AuthorizationPolicyTarget> | undefined,\n context: AuthorizationActorContext<object> | AuthorizationGuardActorContext<object, string>,\n target: AuthorizationPolicyTarget | object,\n): Promise<AuthorizationDecision | undefined> {\n if (!before) {\n return undefined\n }\n\n const outcome = await before(context, target as AuthorizationPolicyTarget & object)\n if (typeof outcome === 'undefined') {\n return undefined\n }\n\n return normalizeAuthorizationDecision(outcome)\n}\n\nasync function evaluateResolvedPolicy(\n policy: RegisteredPolicy,\n actor: object | null,\n action: string,\n target: AuthorizationPolicyTarget | object,\n missingActionTarget: string,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const context = typeof guard === 'string'\n ? resolveContext(actor, guard)\n : resolveContext(actor)\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n if (typeof target === 'function' || isAuthorizationTargetModel(target)) {\n const handler = policy.class?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for ${missingActionTarget}.`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n }\n\n const handler = policy.record?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for ${missingActionTarget}.`,\n deny(),\n )\n }\n return await normalizeResult(handler(context, target))\n}\n\nasync function evaluatePolicyByTarget(\n actor: object | null,\n action: string,\n target: AuthorizationPolicyTarget | object,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const policy = getPolicyByTarget(target)\n return await evaluateResolvedPolicy(policy, actor, action, target, 'the selected target', guard)\n}\n\nasync function evaluatePolicyByName(\n actor: object | null,\n policyName: string,\n action: string,\n target: AuthorizationPolicyTarget | object,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const policy = getPolicyByName(policyName)\n assertPolicyMatchesTarget(policy, policyName, target)\n\n return await evaluateResolvedPolicy(policy, actor, action, target, `policy \"${policyName}\"`, guard)\n}\n\nasync function evaluateAbility<TInput extends object>(\n actor: object | null,\n abilityName: string,\n input: TInput,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const ability = getAbilityByName(abilityName)\n const context = typeof guard === 'string'\n ? resolveContext(actor, guard)\n : resolveContext(actor)\n return await normalizeResult(ability.handle(context, input))\n}\n\nfunction createPolicyBuilder<TPolicyName extends HoloPolicyName>(\n resolveActor: () => Promise<object | null> | object | null,\n policyName: TPolicyName,\n guard?: string,\n): AuthorizationPolicyBuilder<TPolicyName> {\n return Object.freeze({\n async authorize<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n return decision.allowed\n },\n async cannot<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n return !decision.allowed\n },\n async inspect<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n },\n }) as unknown as AuthorizationPolicyBuilder<TPolicyName>\n}\n\nfunction createAbilityBuilder<TAbilityName extends HoloAbilityName>(\n resolveActor: () => Promise<object | null> | object | null,\n abilityName: TAbilityName,\n guard?: string,\n): AuthorizationAbilityBuilder<TAbilityName> {\n return Object.freeze({\n async authorize(input: AbilityInput<TAbilityName>): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can(input: AbilityInput<TAbilityName>): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n return decision.allowed\n },\n async cannot(input: AbilityInput<TAbilityName>): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n return !decision.allowed\n },\n async inspect(input: AbilityInput<TAbilityName>): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluateAbility(actor, String(abilityName), input, guard)\n },\n })\n}\n\nfunction createActorAuthorization(\n resolveActor: () => Promise<object | null> | object | null,\n guard?: string,\n): AuthorizationActorBuilder {\n return Object.freeze({\n async authorize<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n return decision.allowed\n },\n async cannot<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n return !decision.allowed\n },\n async inspect<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n },\n policy<TPolicyName extends HoloPolicyName>(name: TPolicyName) {\n return createPolicyBuilder(resolveActor, name, guard)\n },\n ability<TAbilityName extends HoloAbilityName>(name: TAbilityName) {\n return createAbilityBuilder(resolveActor, name, guard)\n },\n }) as AuthorizationActorBuilder\n}\n\nexport function forUser<TActor extends object>(actor: TActor | null): AuthorizationActorBuilder {\n return createActorAuthorization(() => Promise.resolve(actor))\n}\n\nfunction getResolvedAuthActorContext(): {\n readonly resolveActor: () => Promise<object | null>\n readonly guard: string | undefined\n} {\n const integration = getAuthorizationAuthIntegration()\n return {\n resolveActor: () => Promise.resolve(integration.resolveDefaultActor()),\n guard: undefined,\n }\n}\n\nfunction getResolvedAuthGuardActorContext(name: string): {\n readonly resolveActor: () => Promise<object | null>\n readonly guard: string\n} {\n const integration = getAuthorizationAuthIntegration()\n if (!integration.hasGuard(name)) {\n throw new AuthorizationGuardNotFoundError(`[@holo-js/authorization] Guard \"${name}\" was not found.`)\n }\n\n return {\n resolveActor: () => Promise.resolve(integration.resolveGuardActor(name)),\n guard: name,\n }\n}\n\nexport async function authorize<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<void> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n}\n\nexport async function can<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<boolean> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n return decision.allowed\n}\n\nexport async function cannot<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<boolean> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n return !decision.allowed\n}\n\nexport async function inspect<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<AuthorizationDecision> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n return await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n}\n\nexport function guard<TGuardName extends HoloAuthorizationGuardName>(name: TGuardName): AuthorizationActorBuilder {\n const { resolveActor, guard: resolvedGuard } = getResolvedAuthGuardActorContext(String(name))\n return createActorAuthorization(resolveActor, resolvedGuard)\n}\n\nexport const authorizationInternals = Object.freeze({\n getAuthorizationRuntimeState,\n resetAuthorizationRuntimeState,\n configureAuthorizationAuthIntegration,\n resetAuthorizationAuthIntegration,\n getAuthorizationAuthIntegration,\n getPolicyByName,\n getAbilityByName,\n getPolicyByTarget,\n evaluatePolicyByTarget,\n evaluatePolicyByName,\n evaluateAbility,\n registerPolicyDefinition,\n registerAbilityDefinition,\n unregisterPolicyDefinition,\n unregisterAbilityDefinition,\n})\n\nexport {\n allow,\n deny,\n denyAsNotFound,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationErrorClass as AuthorizationError,\n PolicyNotFoundError as AuthorizationPolicyNotFoundError,\n}\n","import type { AuthorizationFacade } from './contracts'\n\nexport {\n allow,\n deny,\n denyAsNotFound,\n isAuthorizationAbilityDefinition,\n isAuthorizationDecision,\n isAuthorizationPolicyDefinition,\n normalizeAuthorizationDecision,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationError,\n AuthorizationGuardNotFoundError,\n AuthorizationPolicyNotFoundError,\n} from './contracts'\nexport type {\n AbilityInput,\n AuthorizationActorBuilder,\n AuthorizationActorContext,\n AuthorizationAbilityBuilder,\n AuthorizationAbilityHandler,\n AuthorizationAbilityRegistry,\n AuthorizationAbilityRegistryEntry,\n AuthorizationDecision,\n AuthorizationDecisionInput,\n AuthorizationDecisionStatus,\n AuthorizationFacade,\n AuthorizationGuardActorContext,\n AuthorizationPolicyBeforeHandler,\n AuthorizationPolicyBuilder,\n AuthorizationPolicyClassHandler,\n AuthorizationPolicyDefinition,\n AuthorizationPolicyRegistry,\n AuthorizationPolicyRecordHandler,\n AuthorizationPolicyRegistryEntry,\n AuthorizationPolicyTarget,\n AuthorizationTargetConstructor,\n AuthorizationTargetInstance,\n AuthorizationTargetModel,\n AuthorizationTargetModelDefinition,\n HoloAbilityName,\n HoloAuthorizationGuardName,\n HoloPolicyName,\n PolicyActionFor,\n PolicyActionForPolicy,\n PolicyClassActionFor,\n PolicyClassActionForPolicy,\n PolicyInstanceForPolicy,\n PolicyRecordActionFor,\n PolicyRecordActionForPolicy,\n PolicyTargetForPolicy,\n} from './contracts'\nexport {\n authorize,\n authorizationInternals,\n can,\n cannot,\n defineAbility,\n definePolicy,\n forUser,\n guard,\n inspect,\n} from './runtime'\n\nimport { authorize, can, cannot, forUser, guard, inspect } from './runtime'\n\nconst authorization: AuthorizationFacade = Object.freeze({\n forUser,\n guard,\n authorize,\n can,\n cannot,\n inspect,\n})\n\nexport default authorization\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@holo-js/authorization",
3
- "version": "0.1.8",
3
+ "version": "0.2.0",
4
4
  "description": "Holo-JS Framework - policy contracts, abilities, and typed authorization surfaces",
5
5
  "type": "module",
6
6
  "license": "MIT",
package/dist/chunk-WPHPV4WY.mjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/contracts.ts"],"names":[],"mappings":";AAAA,IAAM,2BAAA,mBAA8B,MAAA,CAAO,GAAA,CAAI,8BAA8B;AAC7E,IAAM,4BAAA,mBAA+B,MAAA,CAAO,GAAA,CAAI,+BAA+B;AAiWxE,IAAM,kBAAA,GAAN,cAAiC,KAAA,CAAM;AAAA,EACnC,QAAA;AAAA,EAET,WAAA,CAAY,SAAiB,QAAA,EAAiC;AAC5D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AACZ,IAAA,IAAA,CAAK,QAAA,GAAW,QAAA;AAAA,EAClB;AACF;AAEO,IAAM,gCAAA,GAAN,cAA+C,KAAA,CAAM;AAAA,EAC1D,WAAA,CAAY,UAAU,2DAAA,EAA6D;AACjF,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,kCAAA;AAAA,EACd;AACF;AAEO,IAAM,iCAAA,GAAN,cAAgD,KAAA,CAAM;AAAA,EAC3D,WAAA,CAAY,UAAU,4DAAA,EAA8D;AAClF,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,mCAAA;AAAA,EACd;AACF;AAEO,IAAM,wCAAA,GAAN,cAAuD,KAAA,CAAM;AAAA,EAClE,WAAA,CAAY,UAAU,kEAAA,EAAoE;AACxF,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,0CAAA;AAAA,EACd;AACF;AAEO,IAAM,+BAAA,GAAN,cAA8C,KAAA,CAAM;AAAA,EACzD,WAAA,CAAY,UAAU,+CAAA,EAAiD;AACrE,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,iCAAA;AAAA,EACd;AACF;AAEO,SAAS,MAAM,OAAA,EAAyC;AAC7D,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,OAAA,EAAS,IAAA;AAAA,IACT,MAAA,EAAQ,GAAA;AAAA,IACR,GAAI,OAAA,GAAU,EAAE,OAAA,KAAY;AAAC,GAC9B,CAAA;AACH;AAEO,SAAS,IAAA,CAAK,UAAU,gDAAA,EAAyE;AACtG,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,OAAA,EAAS,KAAA;AAAA,IACT,MAAA,EAAQ,GAAA;AAAA,IACR;AAAA,GACD,CAAA;AACH;AAEO,SAAS,cAAA,CAAe,UAAU,qBAAA,EAA8C;AACrF,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,OAAA,EAAS,KAAA;AAAA,IACT,MAAA,EAAQ,GAAA;AAAA,IACR;AAAA,GACD,CAAA;AACH;AAEO,SAAS,wBAAwB,KAAA,EAAgD;AACtF,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,QAAA,GAAW,KAAA;AACjB,EAAA,OAAO,OAAO,QAAA,CAAS,OAAA,KAAY,SAAA,KAC7B,QAAA,CAAS,MAAA,KAAW,GAAA,IAAO,QAAA,CAAS,MAAA,KAAW,GAAA,IAAO,QAAA,CAAS,MAAA,KAAW,GAAA,CAAA;AAClF;AAEO,SAAS,gCAAgC,KAAA,EAAwD;AACtG,EAAA,OAAO,CAAC,CAAC,KAAA,IACJ,OAAO,UAAU,QAAA,IAChB,KAAA,CAA+D,2BAA2B,CAAA,KAAM,IAAA;AACxG;AAEO,SAAS,iCAAiC,KAAA,EAAyD;AACxG,EAAA,OAAO,CAAC,CAAC,KAAA,IACJ,OAAO,UAAU,QAAA,IAChB,KAAA,CAAgE,4BAA4B,CAAA,KAAM,IAAA;AAC1G;AAEO,SAAS,8BAAA,CACd,OAAA,EACA,eAAA,GAAkB,gDAAA,EACK;AACvB,EAAA,IAAI,OAAO,YAAY,SAAA,EAAW;AAChC,IAAA,OAAO,OAAA,GAAU,KAAA,EAAM,GAAI,IAAA,CAAK,eAAe,CAAA;AAAA,EACjD;AAEA,EAAA,IAAI,uBAAA,CAAwB,OAAO,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,OAAO,KAAK,eAAe,CAAA;AAC7B","file":"chunk-WPHPV4WY.mjs","sourcesContent":["const AUTHORIZATION_POLICY_MARKER = Symbol.for('holo-js.authorization.policy')\nconst AUTHORIZATION_ABILITY_MARKER = Symbol.for('holo-js.authorization.ability')\ndeclare const AUTHORIZATION_POLICY_REGISTRY_MARKER: unique symbol\ndeclare const AUTHORIZATION_ABILITY_REGISTRY_MARKER: unique symbol\ndeclare const AUTHORIZATION_GUARD_REGISTRY_MARKER: unique symbol\n\nexport type AuthorizationDecisionStatus = 200 | 403 | 404\n\nexport interface AuthorizationDecision {\n readonly allowed: boolean\n readonly status: AuthorizationDecisionStatus\n readonly message?: string\n readonly code?: string\n}\n\nexport interface AuthorizationActorContext<TActor = object> {\n readonly user: TActor | null\n readonly authenticated: boolean\n}\n\nexport interface AuthorizationGuardActorContext<TActor = object, TGuardName extends string = string> extends AuthorizationActorContext<TActor> {\n readonly guard: TGuardName\n}\n\nexport interface AuthorizationAuthorizationContext<\n TActor = object,\n TGuardName extends string = string,\n> extends AuthorizationActorContext<TActor> {\n readonly guard?: TGuardName\n}\n\nexport type AuthorizationDecisionInput = AuthorizationDecision | boolean\n\nexport interface AuthorizationTargetConstructor<TInstance = object> {\n readonly prototype: TInstance\n}\n\nexport interface AuthorizationTargetModelDefinition {\n readonly name: string\n readonly table?: {\n readonly tableName?: string\n }\n}\n\nexport interface AuthorizationTargetModel<TInstance extends object = object> {\n readonly definition: AuthorizationTargetModelDefinition\n query(): {\n first(): Promise<TInstance | undefined>\n firstOrFail(): Promise<TInstance>\n }\n}\n\nexport type AuthorizationPolicyTarget<TInstance extends object = object>\n = | AuthorizationTargetConstructor<TInstance>\n | AuthorizationTargetModel<TInstance>\n\nexport type AuthorizationTargetInstance<TTarget extends AuthorizationPolicyTarget> = TTarget extends AuthorizationTargetConstructor<infer TInstance>\n ? TInstance\n : TTarget extends AuthorizationTargetModel<infer TInstance>\n ? TInstance\n : object\n\nexport interface AuthorizationPolicyClassHandler<\n TActor = object,\n TTarget extends AuthorizationPolicyTarget = AuthorizationPolicyTarget,\n> {\n (\n context: AuthorizationAuthorizationContext<TActor>,\n target: TTarget,\n ): AuthorizationDecisionInput | Promise<AuthorizationDecisionInput>\n}\n\nexport interface AuthorizationPolicyRecordHandler<\n TActor = object,\n TTarget extends AuthorizationPolicyTarget = AuthorizationPolicyTarget,\n> {\n (\n context: AuthorizationAuthorizationContext<TActor>,\n target: AuthorizationTargetInstance<TTarget>,\n ): AuthorizationDecisionInput | Promise<AuthorizationDecisionInput>\n}\n\nexport interface AuthorizationPolicyBeforeHandler<\n TActor = object,\n TTarget extends AuthorizationPolicyTarget = AuthorizationPolicyTarget,\n> {\n (\n context: AuthorizationAuthorizationContext<TActor>,\n target: TTarget | AuthorizationTargetInstance<TTarget>,\n ): AuthorizationDecisionInput | void | Promise<AuthorizationDecisionInput | void>\n}\n\nexport interface AuthorizationPolicyDefinition<\n TName extends string = string,\n TTarget extends AuthorizationPolicyTarget = AuthorizationPolicyTarget,\n TClassActions extends string = string,\n TRecordActions extends string = string,\n TActor = object,\n> {\n readonly [AUTHORIZATION_POLICY_MARKER]: true\n readonly name: TName\n readonly target: TTarget\n readonly before?: AuthorizationPolicyBeforeHandler<TActor, TTarget>\n readonly class?: Readonly<Record<TClassActions, AuthorizationPolicyClassHandler<TActor, TTarget>>>\n readonly record?: Readonly<Record<TRecordActions, AuthorizationPolicyRecordHandler<TActor, TTarget>>>\n}\n\nexport interface AuthorizationAbilityDefinition<\n TName extends string = string,\n TInput extends object = object,\n TActor = object,\n> {\n readonly [AUTHORIZATION_ABILITY_MARKER]: true\n readonly name: TName\n readonly handle: AuthorizationAbilityHandler<TActor, TInput>\n}\n\nexport interface AuthorizationAbilityHandler<TActor = object, TInput extends object = object> {\n (\n context: AuthorizationAuthorizationContext<TActor>,\n input: TInput,\n ): AuthorizationDecisionInput | Promise<AuthorizationDecisionInput>\n}\n\nexport interface AuthorizationPolicyRegistryEntry<\n TTarget extends AuthorizationPolicyTarget = AuthorizationPolicyTarget,\n TClassActions extends string = string,\n TRecordActions extends string = string,\n TActor = object,\n> {\n readonly actor?: TActor\n readonly target: TTarget\n readonly classActions: Readonly<Record<TClassActions, AuthorizationPolicyClassHandler<TActor, TTarget>>>\n readonly recordActions: Readonly<Record<TRecordActions, AuthorizationPolicyRecordHandler<TActor, TTarget>>>\n readonly before?: AuthorizationPolicyBeforeHandler<TActor, TTarget>\n}\n\nexport interface AuthorizationPolicyRegistry {\n readonly [AUTHORIZATION_POLICY_REGISTRY_MARKER]?: true\n}\n\nexport interface AuthorizationAbilityRegistryEntry<TInput extends object = object, TActor = object> {\n readonly actor?: TActor\n readonly input: TInput\n readonly handler?: AuthorizationAbilityHandler<TActor, TInput>\n}\n\nexport interface AuthorizationAbilityRegistry {\n readonly [AUTHORIZATION_ABILITY_REGISTRY_MARKER]?: true\n}\n\nexport interface AuthorizationGuardRegistry {\n readonly [AUTHORIZATION_GUARD_REGISTRY_MARKER]?: true\n}\n\ntype FallbackRegistryName<TName extends string> = [TName] extends [never] ? string : TName\ntype FallbackRegistryAction<TAction extends string> = [TAction] extends [never] ? string : TAction\ntype FallbackRegistryInput<TInput extends object> = [TInput] extends [never] ? object : TInput\ntype FallbackRegistryActor<TActor> = [TActor] extends [never] ? object : TActor\n\nexport type HoloPolicyName = FallbackRegistryName<Extract<keyof AuthorizationPolicyRegistry, string>>\nexport type HoloAbilityName = FallbackRegistryName<Extract<keyof AuthorizationAbilityRegistry, string>>\nexport type HoloAuthorizationGuardName = FallbackRegistryName<Extract<keyof AuthorizationGuardRegistry, string>>\n\ntype RegisteredAuthorizationPolicyName = Extract<keyof AuthorizationPolicyRegistry, string>\ntype RegisteredAuthorizationAbilityName = Extract<keyof AuthorizationAbilityRegistry, string>\n\ntype RegisteredAuthorizationPolicyEntry<TPolicyName extends string> = AuthorizationPolicyRegistry[\n Extract<TPolicyName, RegisteredAuthorizationPolicyName>\n]\ntype RegisteredAuthorizationAbilityEntry<TAbilityName extends string> = AuthorizationAbilityRegistry[\n Extract<TAbilityName, RegisteredAuthorizationAbilityName>\n]\n\nexport type PolicyActorForName<TPolicyName extends string> = RegisteredAuthorizationPolicyEntry<TPolicyName> extends {\n actor?: infer TActor\n}\n ? FallbackRegistryActor<TActor>\n : object\n\nexport type AbilityActorForName<TAbilityName extends string> = RegisteredAuthorizationAbilityEntry<TAbilityName> extends {\n actor?: infer TActor\n}\n ? FallbackRegistryActor<TActor>\n : object\n\ntype RegisteredPolicyClassActionFor<TTarget> = {\n [TName in RegisteredAuthorizationPolicyName]: RegisteredAuthorizationPolicyEntry<TName> extends {\n target: infer TRegisteredTarget extends AuthorizationPolicyTarget\n classActions: infer TClassActions extends Record<string, unknown>\n recordActions: infer _TRecordActions extends Record<string, unknown>\n }\n ? TTarget extends AuthorizationPolicyTarget\n ? TTarget extends TRegisteredTarget\n ? FallbackRegistryAction<Extract<keyof TClassActions, string>>\n : never\n : never\n : never\n}[RegisteredAuthorizationPolicyName]\n\ntype RegisteredPolicyRecordActionFor<TTarget> = {\n [TName in RegisteredAuthorizationPolicyName]: RegisteredAuthorizationPolicyEntry<TName> extends {\n target: infer TRegisteredTarget extends AuthorizationPolicyTarget\n classActions: infer _TClassActions extends Record<string, unknown>\n recordActions: infer TRecordActions extends Record<string, unknown>\n }\n ? TTarget extends AuthorizationPolicyTarget\n ? never\n : TTarget extends AuthorizationTargetInstance<TRegisteredTarget>\n ? FallbackRegistryAction<Extract<keyof TRecordActions, string>>\n : never\n : never\n}[RegisteredAuthorizationPolicyName]\n\nexport type PolicyClassActionFor<TTarget> = FallbackRegistryAction<RegisteredPolicyClassActionFor<TTarget>>\n\nexport type PolicyRecordActionFor<TTarget> = FallbackRegistryAction<RegisteredPolicyRecordActionFor<TTarget>>\n\nexport type PolicyActionFor<TTarget> = TTarget extends AuthorizationPolicyTarget\n ? PolicyClassActionFor<TTarget>\n : PolicyRecordActionFor<TTarget>\n\nexport type PolicyActionForPolicy<\n TPolicyName extends HoloPolicyName,\n TTarget,\n> = RegisteredAuthorizationPolicyEntry<TPolicyName> extends {\n target: infer _TRegisteredTarget extends AuthorizationPolicyTarget\n classActions: infer TClassActions extends Record<string, unknown>\n recordActions: infer TRecordActions extends Record<string, unknown>\n}\n ? TTarget extends AuthorizationPolicyTarget\n ? FallbackRegistryAction<Extract<keyof TClassActions, string>>\n : FallbackRegistryAction<Extract<keyof TRecordActions, string>>\n : string\n\nexport type PolicyTargetForPolicy<TPolicyName extends HoloPolicyName> = RegisteredAuthorizationPolicyEntry<TPolicyName> extends {\n target: infer TTarget extends AuthorizationPolicyTarget\n}\n ? TTarget\n : AuthorizationPolicyTarget\n\nexport type PolicyClassActionForPolicy<TPolicyName extends HoloPolicyName> = RegisteredAuthorizationPolicyEntry<TPolicyName> extends {\n classActions: infer TClassActions extends Record<string, unknown>\n}\n ? FallbackRegistryAction<Extract<keyof TClassActions, string>>\n : string\n\nexport type PolicyRecordActionForPolicy<TPolicyName extends HoloPolicyName> = RegisteredAuthorizationPolicyEntry<TPolicyName> extends {\n recordActions: infer TRecordActions extends Record<string, unknown>\n}\n ? FallbackRegistryAction<Extract<keyof TRecordActions, string>>\n : string\n\nexport type PolicyInstanceForPolicy<TPolicyName extends HoloPolicyName> = AuthorizationTargetInstance<PolicyTargetForPolicy<TPolicyName>>\n\nexport type AbilityInput<TAbilityName extends HoloAbilityName> = RegisteredAuthorizationAbilityEntry<TAbilityName> extends AuthorizationAbilityRegistryEntry<\n infer TInput,\n object\n>\n ? FallbackRegistryInput<TInput>\n : object\n\nexport interface AuthorizationPolicyBuilder<TPolicyName extends HoloPolicyName> {\n authorize(action: PolicyClassActionForPolicy<TPolicyName>, target: PolicyTargetForPolicy<TPolicyName>): Promise<void>\n authorize(action: PolicyRecordActionForPolicy<TPolicyName>, target: PolicyInstanceForPolicy<TPolicyName>): Promise<void>\n can(action: PolicyClassActionForPolicy<TPolicyName>, target: PolicyTargetForPolicy<TPolicyName>): Promise<boolean>\n can(action: PolicyRecordActionForPolicy<TPolicyName>, target: PolicyInstanceForPolicy<TPolicyName>): Promise<boolean>\n cannot(action: PolicyClassActionForPolicy<TPolicyName>, target: PolicyTargetForPolicy<TPolicyName>): Promise<boolean>\n cannot(action: PolicyRecordActionForPolicy<TPolicyName>, target: PolicyInstanceForPolicy<TPolicyName>): Promise<boolean>\n inspect(action: PolicyClassActionForPolicy<TPolicyName>, target: PolicyTargetForPolicy<TPolicyName>): Promise<AuthorizationDecision>\n inspect(action: PolicyRecordActionForPolicy<TPolicyName>, target: PolicyInstanceForPolicy<TPolicyName>): Promise<AuthorizationDecision>\n}\n\nexport interface AuthorizationAbilityBuilder<TAbilityName extends HoloAbilityName> {\n authorize(input: AbilityInput<TAbilityName>): Promise<void>\n can(input: AbilityInput<TAbilityName>): Promise<boolean>\n cannot(input: AbilityInput<TAbilityName>): Promise<boolean>\n inspect(input: AbilityInput<TAbilityName>): Promise<AuthorizationDecision>\n}\n\nexport interface AuthorizationActorBuilder {\n authorize<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<void>\n authorize<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<void>\n can<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n can<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n cannot<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n cannot<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n inspect<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<AuthorizationDecision>\n inspect<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<AuthorizationDecision>\n policy<TPolicyName extends HoloPolicyName>(name: TPolicyName): AuthorizationPolicyBuilder<TPolicyName>\n ability<TAbilityName extends HoloAbilityName>(name: TAbilityName): AuthorizationAbilityBuilder<TAbilityName>\n}\n\nexport interface AuthorizationFacade {\n forUser<TActor extends object>(actor: TActor | null): AuthorizationActorBuilder\n guard<TGuardName extends HoloAuthorizationGuardName>(name: TGuardName): AuthorizationActorBuilder\n authorize<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<void>\n authorize<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<void>\n can<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n can<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n cannot<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n cannot<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<boolean>\n inspect<TTarget extends AuthorizationPolicyTarget>(\n action: PolicyClassActionFor<TTarget>,\n target: TTarget,\n ): Promise<AuthorizationDecision>\n inspect<TTarget extends object>(\n action: PolicyRecordActionFor<TTarget>,\n target: TTarget,\n ): Promise<AuthorizationDecision>\n}\n\nexport class AuthorizationError extends Error {\n readonly decision: AuthorizationDecision\n\n constructor(message: string, decision: AuthorizationDecision) {\n super(message)\n this.name = 'AuthorizationError'\n this.decision = decision\n }\n}\n\nexport class AuthorizationPolicyNotFoundError extends Error {\n constructor(message = '[@holo-js/authorization] Policy definition was not found.') {\n super(message)\n this.name = 'AuthorizationPolicyNotFoundError'\n }\n}\n\nexport class AuthorizationAbilityNotFoundError extends Error {\n constructor(message = '[@holo-js/authorization] Ability definition was not found.') {\n super(message)\n this.name = 'AuthorizationAbilityNotFoundError'\n }\n}\n\nexport class AuthorizationAuthIntegrationMissingError extends Error {\n constructor(message = '[@holo-js/authorization] Auth integration is not configured yet.') {\n super(message)\n this.name = 'AuthorizationAuthIntegrationMissingError'\n }\n}\n\nexport class AuthorizationGuardNotFoundError extends Error {\n constructor(message = '[@holo-js/authorization] Guard was not found.') {\n super(message)\n this.name = 'AuthorizationGuardNotFoundError'\n }\n}\n\nexport function allow(message?: string): AuthorizationDecision {\n return Object.freeze({\n allowed: true,\n status: 200 as const,\n ...(message ? { message } : {}),\n })\n}\n\nexport function deny(message = 'You are not authorized to perform this action.'): AuthorizationDecision {\n return Object.freeze({\n allowed: false,\n status: 403 as const,\n message,\n })\n}\n\nexport function denyAsNotFound(message = 'Resource not found.'): AuthorizationDecision {\n return Object.freeze({\n allowed: false,\n status: 404 as const,\n message,\n })\n}\n\nexport function isAuthorizationDecision(value: unknown): value is AuthorizationDecision {\n if (!value || typeof value !== 'object') {\n return false\n }\n\n const decision = value as Partial<AuthorizationDecision>\n return typeof decision.allowed === 'boolean'\n && (decision.status === 200 || decision.status === 403 || decision.status === 404)\n}\n\nexport function isAuthorizationPolicyDefinition(value: unknown): value is AuthorizationPolicyDefinition {\n return !!value\n && typeof value === 'object'\n && (value as { readonly [AUTHORIZATION_POLICY_MARKER]?: unknown })[AUTHORIZATION_POLICY_MARKER] === true\n}\n\nexport function isAuthorizationAbilityDefinition(value: unknown): value is AuthorizationAbilityDefinition {\n return !!value\n && typeof value === 'object'\n && (value as { readonly [AUTHORIZATION_ABILITY_MARKER]?: unknown })[AUTHORIZATION_ABILITY_MARKER] === true\n}\n\nexport function normalizeAuthorizationDecision(\n outcome: AuthorizationDecisionInput | undefined,\n fallbackMessage = 'You are not authorized to perform this action.',\n): AuthorizationDecision {\n if (typeof outcome === 'boolean') {\n return outcome ? allow() : deny(fallbackMessage)\n }\n\n if (isAuthorizationDecision(outcome)) {\n return outcome\n }\n\n return deny(fallbackMessage)\n}\n\nexport { AUTHORIZATION_POLICY_MARKER, AUTHORIZATION_ABILITY_MARKER }\n"]}