@jazzmind/busibox-app 3.0.18 → 3.0.19

package/dist/lib/auth/auth-helper.d.ts

@@ -1,167 +0,0 @@
-/**
- * Authentication Helper Utilities
- *
- * Provides JWT token management including:
- * - Token extraction from requests (Next.js compatible)
- * - Token validation and parsing
- * - Header generation
- * - Role and scope checking
- *
- * @example
- * ```typescript
- * import {
- *   getTokenFromRequest,
- *   parseJWTPayload,
- *   getUserIdFromToken
- * } from '@jazzmind/busibox-app/lib/auth';
- *
- * // In an API route
- * const token = getTokenFromRequest(request);
- * const userId = getUserIdFromToken(token);
- * ```
- */
-/**
- * Minimal request interface compatible with Next.js NextRequest
- */
-interface RequestLike {
-    headers: {
-        get(name: string): string | null;
-    };
-    cookies: {
-        get(name: string): {
-            value: string;
-        } | undefined;
-    };
-}
-/**
- * Extract session JWT from request
- *
- * Zero Trust Architecture:
- * - Checks Authorization header first (Bearer token)
- * - Then checks app-specific auth token cookie (e.g., "myapp-auth-token")
- * - Falls back to generic auth_token cookie (legacy, may be polluted by other apps)
- * - Falls back to busibox-session cookie (portal token - may not validate for app-specific checks)
- *
- * IMPORTANT: Each app should use its own cookie name (${appName}-auth-token) to prevent
- * cross-app token pollution when multiple apps are hosted on the same domain.
- *
- * @param request - Next.js NextRequest or compatible request object
- * @param appName - Optional app name for cookie lookup (default: APP_NAME env or "app")
- * @returns Token string or undefined if not found
- */
-/**
- * Sanitize app name for use in cookie names
- *
- * Converts to lowercase, replaces spaces with hyphens, removes special characters.
- * This ensures consistent cookie naming across all Busibox apps.
- *
- * @example
- * sanitizeAppName("Data Analysis") // "data-analysis"
- * sanitizeAppName("Agent Manager") // "busibox-agents"
- * sanitizeAppName("my-app") // "my-app"
- */
-export declare function sanitizeAppName(name: string): string;
-export declare function getTokenFromRequest(request: RequestLike, appName?: string): string | undefined;
-/**
- * Get session data from app-session cookie
- *
- * @param request - Next.js NextRequest or compatible request object
- * @param appName - App name for cookie lookup (default: APP_NAME env or "app")
- */
-export declare function getSessionFromRequest(request: RequestLike, appName?: string): {
-    userId: string;
-    email: string;
-    roles: string[];
-    displayName?: string;
-    firstName?: string;
-    lastName?: string;
-    avatarUrl?: string;
-    favoriteColor?: string;
-} | null;
-/**
- * Require token or throw authentication error
- */
-export declare function requireToken(request: RequestLike): string;
-/**
- * Generate authorization headers for API requests
- */
-export declare function getAuthHeaders(token?: string): Record<string, string>;
-/**
- * Generate headers for SSE (Server-Sent Events) requests
- */
-export declare function getSSEHeaders(token?: string): Record<string, string>;
-/**
- * Check if token is present (basic validation)
- */
-export declare function hasToken(request: RequestLike): boolean;
-/**
- * Parse JWT token payload (without verification)
- *
- * WARNING: This does NOT verify the signature. Use only for reading claims.
- * For verified validation, use validateSSOToken from './sso'.
- */
-export declare function parseJWTPayload(token: string): Record<string, unknown> | null;
-/**
- * Check if token is expired (based on exp claim)
- *
- * WARNING: This does NOT verify the signature.
- */
-export declare function isTokenExpired(token: string): boolean;
-/**
- * Get token expiration time
- */
-export declare function getTokenExpiration(token: string): Date | null;
-/**
- * Get user ID from token (sub or user_id claim)
- */
-export declare function getUserIdFromToken(token: string): string | null;
-/**
- * Get user email from token
- */
-export declare function getUserEmailFromToken(token: string): string | null;
-/**
- * Get user roles from token
- *
- * Handles various role formats:
- * - Array of strings: ["Admin", "User"]
- * - Array of objects: [{ name: "Admin" }, { name: "User" }]
- * - Single string: "Admin"
- */
-export declare function getUserRolesFromToken(token: string): string[];
-/**
- * Check if token user has specific role
- *
- * Note: For RBAC role checks against the authz service, use hasRole from '@jazzmind/busibox-app/lib/rbac'.
- * This function is for quick client-side checks based on token claims.
- */
-export declare function tokenHasRole(token: string, role: string): boolean;
-/**
- * Check if token user is admin
- *
- * Note: For RBAC admin checks against the authz service, use isAdmin from '@jazzmind/busibox-app/lib/rbac'.
- * This function is for quick client-side checks based on token claims.
- */
-export declare function tokenIsAdmin(token: string): boolean;
-/**
- * Check if token needs refresh (within buffer time of expiration)
- *
- * @param token - JWT token string
- * @param bufferMinutes - Minutes before expiration to trigger refresh (default: 5)
- */
-export declare function shouldRefreshToken(token: string, bufferMinutes?: number): boolean;
-/**
- * Get scopes from token
- *
- * Handles both space-separated string (OAuth2 standard) and array formats.
- */
-export declare function getScopesFromToken(token: string): string[];
-/**
- * Check if token has specific scope
- */
-export declare function hasScope(token: string, scope: string): boolean;
-/**
- * Check if token has all required scopes
- */
-export declare function hasAllScopes(token: string, requiredScopes: string[]): boolean;
-export {};
-//# sourceMappingURL=auth-helper.d.ts.map

package/dist/lib/auth/auth-helper.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-helper.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/auth-helper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAMH;;GAEG;AACH,UAAU,WAAW;IACnB,OAAO,EAAE;QACP,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;KAClC,CAAC;IACF,OAAO,EAAE;QACP,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,GAAG,SAAS,CAAC;KAClD,CAAC;CACH;AAMD;;;;;;;;;;;;;;;GAeG;AACH;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAqC9F;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,MAAM,GACf;IACD,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GAAG,IAAI,CAuBP;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAMzD;AAMD;;GAEG;AACH,wBAAgB,cAAc,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAUrE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAYpE;AAMD;;GAEG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAEtD;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAsB7E;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAQrD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAO7D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAY/D;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAQlE;AAED;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAqB7D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAGjE;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAEnD;AAMD;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,MAAM,EACb,aAAa,GAAE,MAAU,GACxB,OAAO,CAQT;AAMD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAc1D;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAG9D;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,OAAO,CAG7E"}

package/dist/lib/auth/auth-helper.js

@@ -1,345 +0,0 @@
-/**
- * Authentication Helper Utilities
- *
- * Provides JWT token management including:
- * - Token extraction from requests (Next.js compatible)
- * - Token validation and parsing
- * - Header generation
- * - Role and scope checking
- *
- * @example
- * ```typescript
- * import {
- *   getTokenFromRequest,
- *   parseJWTPayload,
- *   getUserIdFromToken
- * } from '@jazzmind/busibox-app/lib/auth';
- *
- * // In an API route
- * const token = getTokenFromRequest(request);
- * const userId = getUserIdFromToken(token);
- * ```
- */
-// ==========================================================================
-// TOKEN EXTRACTION
-// ==========================================================================
-/**
- * Extract session JWT from request
- *
- * Zero Trust Architecture:
- * - Checks Authorization header first (Bearer token)
- * - Then checks app-specific auth token cookie (e.g., "myapp-auth-token")
- * - Falls back to generic auth_token cookie (legacy, may be polluted by other apps)
- * - Falls back to busibox-session cookie (portal token - may not validate for app-specific checks)
- *
- * IMPORTANT: Each app should use its own cookie name (${appName}-auth-token) to prevent
- * cross-app token pollution when multiple apps are hosted on the same domain.
- *
- * @param request - Next.js NextRequest or compatible request object
- * @param appName - Optional app name for cookie lookup (default: APP_NAME env or "app")
- * @returns Token string or undefined if not found
- */
-/**
- * Sanitize app name for use in cookie names
- *
- * Converts to lowercase, replaces spaces with hyphens, removes special characters.
- * This ensures consistent cookie naming across all Busibox apps.
- *
- * @example
- * sanitizeAppName("Data Analysis") // "data-analysis"
- * sanitizeAppName("Agent Manager") // "busibox-agents"
- * sanitizeAppName("my-app") // "my-app"
- */
-export function sanitizeAppName(name) {
-    return name.toLowerCase().replace(/\s+/g, '-').replace(/[^a-z0-9-]/g, '');
-}
-export function getTokenFromRequest(request, appName) {
-    // Check Authorization header (Bearer token)
-    const authHeader = request.headers.get("authorization");
-    if (authHeader?.startsWith("Bearer ")) {
-        return authHeader.substring(7);
-    }
-    // IMPORTANT: Check app-specific auth_token FIRST
-    // Each app has its own cookie (e.g., "estimator-auth-token") to prevent
-    // cross-app token pollution when multiple apps are on the same domain
-    // Sanitize the name to handle spaces and special characters
-    const rawName = appName || process.env.APP_NAME || "app";
-    const name = sanitizeAppName(rawName);
-    const appTokenCookie = request.cookies.get(`${name}-auth-token`);
-    if (appTokenCookie) {
-        return appTokenCookie.value;
-    }
-    // Legacy fallback: generic auth_token (may be polluted by other apps on same domain)
-    const tokenCookie = request.cookies.get("auth_token");
-    if (tokenCookie) {
-        return tokenCookie.value;
-    }
-    // Fallback to busibox-session (shared portal token)
-    // Note: This will have audience "portal" which may not validate for app-specific checks
-    const sessionCookie = request.cookies.get("busibox-session");
-    if (sessionCookie) {
-        return sessionCookie.value;
-    }
-    const accessTokenCookie = request.cookies.get("access_token");
-    if (accessTokenCookie) {
-        return accessTokenCookie.value;
-    }
-    return undefined;
-}
-/**
- * Get session data from app-session cookie
- *
- * @param request - Next.js NextRequest or compatible request object
- * @param appName - App name for cookie lookup (default: APP_NAME env or "app")
- */
-export function getSessionFromRequest(request, appName) {
-    const rawName = appName || process.env.APP_NAME || "app";
-    const name = sanitizeAppName(rawName);
-    const sessionCookie = request.cookies.get(`${name}-session`);
-    if (!sessionCookie) {
-        return null;
-    }
-    try {
-        const session = JSON.parse(sessionCookie.value);
-        return {
-            userId: session.userId || session.user_id,
-            email: session.email,
-            roles: session.roles || [],
-            displayName: session.displayName,
-            firstName: session.firstName,
-            lastName: session.lastName,
-            avatarUrl: session.avatarUrl,
-            favoriteColor: session.favoriteColor,
-        };
-    }
-    catch {
-        return null;
-    }
-}
-/**
- * Require token or throw authentication error
- */
-export function requireToken(request) {
-    const token = getTokenFromRequest(request);
-    if (!token) {
-        throw new Error("Authentication token required");
-    }
-    return token;
-}
-// ==========================================================================
-// HEADER GENERATION
-// ==========================================================================
-/**
- * Generate authorization headers for API requests
- */
-export function getAuthHeaders(token) {
-    const headers = {
-        "Content-Type": "application/json",
-    };
-    if (token) {
-        headers["Authorization"] = `Bearer ${token}`;
-    }
-    return headers;
-}
-/**
- * Generate headers for SSE (Server-Sent Events) requests
- */
-export function getSSEHeaders(token) {
-    const headers = {
-        Accept: "text/event-stream",
-        "Cache-Control": "no-cache",
-        Connection: "keep-alive",
-    };
-    if (token) {
-        headers["Authorization"] = `Bearer ${token}`;
-    }
-    return headers;
-}
-// ==========================================================================
-// TOKEN VALIDATION (without cryptographic verification)
-// ==========================================================================
-/**
- * Check if token is present (basic validation)
- */
-export function hasToken(request) {
-    return getTokenFromRequest(request) !== undefined;
-}
-/**
- * Parse JWT token payload (without verification)
- *
- * WARNING: This does NOT verify the signature. Use only for reading claims.
- * For verified validation, use validateSSOToken from './sso'.
- */
-export function parseJWTPayload(token) {
-    try {
-        const parts = token.split(".");
-        if (parts.length !== 3) {
-            return null;
-        }
-        const payload = parts[1];
-        // Use atob for browser compatibility, Buffer for Node.js
-        let decoded;
-        if (typeof Buffer !== 'undefined') {
-            decoded = Buffer.from(payload, "base64").toString("utf-8");
-        }
-        else if (typeof atob !== 'undefined') {
-            decoded = atob(payload);
-        }
-        else {
-            return null;
-        }
-        return JSON.parse(decoded);
-    }
-    catch (error) {
-        console.error("Failed to parse JWT payload:", error);
-        return null;
-    }
-}
-/**
- * Check if token is expired (based on exp claim)
- *
- * WARNING: This does NOT verify the signature.
- */
-export function isTokenExpired(token) {
-    const payload = parseJWTPayload(token);
-    if (!payload || typeof payload.exp !== "number") {
-        return true;
-    }
-    const expirationTime = payload.exp * 1000;
-    return Date.now() >= expirationTime;
-}
-/**
- * Get token expiration time
- */
-export function getTokenExpiration(token) {
-    const payload = parseJWTPayload(token);
-    if (!payload || typeof payload.exp !== "number") {
-        return null;
-    }
-    return new Date(payload.exp * 1000);
-}
-/**
- * Get user ID from token (sub or user_id claim)
- */
-export function getUserIdFromToken(token) {
-    const payload = parseJWTPayload(token);
-    if (!payload) {
-        return null;
-    }
-    const sub = payload.sub;
-    const userId = payload.user_id;
-    if (typeof sub === "string")
-        return sub;
-    if (typeof userId === "string")
-        return userId;
-    return null;
-}
-/**
- * Get user email from token
- */
-export function getUserEmailFromToken(token) {
-    const payload = parseJWTPayload(token);
-    if (!payload) {
-        return null;
-    }
-    const email = payload.email || payload.preferred_username || payload.name;
-    return typeof email === "string" ? email : null;
-}
-/**
- * Get user roles from token
- *
- * Handles various role formats:
- * - Array of strings: ["Admin", "User"]
- * - Array of objects: [{ name: "Admin" }, { name: "User" }]
- * - Single string: "Admin"
- */
-export function getUserRolesFromToken(token) {
-    const payload = parseJWTPayload(token);
-    if (!payload) {
-        return [];
-    }
-    const roles = payload.roles || payload.role || [];
-    if (!Array.isArray(roles)) {
-        return typeof roles === "string" ? [roles] : [];
-    }
-    return roles.map((role) => {
-        if (typeof role === "string") {
-            return role;
-        }
-        if (role && typeof role === "object" && "name" in role) {
-            return String(role.name);
-        }
-        return String(role);
-    });
-}
-/**
- * Check if token user has specific role
- *
- * Note: For RBAC role checks against the authz service, use hasRole from '@jazzmind/busibox-app/lib/rbac'.
- * This function is for quick client-side checks based on token claims.
- */
-export function tokenHasRole(token, role) {
-    const roles = getUserRolesFromToken(token);
-    return roles.includes(role);
-}
-/**
- * Check if token user is admin
- *
- * Note: For RBAC admin checks against the authz service, use isAdmin from '@jazzmind/busibox-app/lib/rbac'.
- * This function is for quick client-side checks based on token claims.
- */
-export function tokenIsAdmin(token) {
-    return tokenHasRole(token, "admin") || tokenHasRole(token, "Admin");
-}
-// ==========================================================================
-// TOKEN REFRESH
-// ==========================================================================
-/**
- * Check if token needs refresh (within buffer time of expiration)
- *
- * @param token - JWT token string
- * @param bufferMinutes - Minutes before expiration to trigger refresh (default: 5)
- */
-export function shouldRefreshToken(token, bufferMinutes = 5) {
-    const expiration = getTokenExpiration(token);
-    if (!expiration) {
-        return false;
-    }
-    const bufferMs = bufferMinutes * 60 * 1000;
-    return Date.now() >= expiration.getTime() - bufferMs;
-}
-// ==========================================================================
-// SCOPE VALIDATION
-// ==========================================================================
-/**
- * Get scopes from token
- *
- * Handles both space-separated string (OAuth2 standard) and array formats.
- */
-export function getScopesFromToken(token) {
-    const payload = parseJWTPayload(token);
-    if (!payload) {
-        return [];
-    }
-    const scopes = payload.scope || payload.scopes || [];
-    // Handle space-separated string (OAuth2 standard)
-    if (typeof scopes === "string") {
-        return scopes.split(" ").filter(Boolean);
-    }
-    return Array.isArray(scopes) ? scopes.map(String) : [];
-}
-/**
- * Check if token has specific scope
- */
-export function hasScope(token, scope) {
-    const scopes = getScopesFromToken(token);
-    return scopes.includes(scope);
-}
-/**
- * Check if token has all required scopes
- */
-export function hasAllScopes(token, requiredScopes) {
-    const scopes = getScopesFromToken(token);
-    return requiredScopes.every((scope) => scopes.includes(scope));
-}
-//# sourceMappingURL=auth-helper.js.map

package/dist/lib/auth/auth-helper.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-helper.js","sourceRoot":"","sources":["../../../src/lib/auth/auth-helper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAkBH,6EAA6E;AAC7E,mBAAmB;AACnB,6EAA6E;AAE7E;;;;;;;;;;;;;;;GAeG;AACH;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAoB,EAAE,OAAgB;IACxE,4CAA4C;IAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACxD,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,iDAAiD;IACjD,wEAAwE;IACxE,sEAAsE;IACtE,4DAA4D;IAC5D,MAAM,OAAO,GAAG,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,KAAK,CAAC;IACzD,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,aAAa,CAAC,CAAC;IACjE,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,cAAc,CAAC,KAAK,CAAC;IAC9B,CAAC;IAED,qFAAqF;IACrF,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACtD,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,WAAW,CAAC,KAAK,CAAC;IAC3B,CAAC;IAED,oDAAoD;IACpD,wFAAwF;IACxF,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAC7D,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC,KAAK,CAAC;IAC7B,CAAC;IAED,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC9D,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAO,iBAAiB,CAAC,KAAK,CAAC;IACjC,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAoB,EACpB,OAAgB;IAWhB,MAAM,OAAO,GAAG,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,KAAK,CAAC;IACzD,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,UAAU,CAAC,CAAC;IAC7D,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAChD,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,OAAO;YACzC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,OAAoB;IAC/C,MAAM,KAAK,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,6EAA6E;AAC7E,oBAAoB;AACpB,6EAA6E;AAE7E;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAc;IAC3C,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;KACnC,CAAC;IAEF,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IAC/C,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,MAAM,OAAO,GAA2B;QACtC,MAAM,EAAE,mBAAmB;QAC3B,eAAe,EAAE,UAAU;QAC3B,UAAU,EAAE,YAAY;KACzB,CAAC;IAEF,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IAC/C,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,6EAA6E;AAC7E,wDAAwD;AACxD,6EAA6E;AAE7E;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAoB;IAC3C,OAAO,mBAAmB,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,yDAAyD;QACzD,IAAI,OAAe,CAAC;QACpB,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7D,CAAC;aAAM,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;YACvC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;IAC1C,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,cAAc,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAE/B,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC;IAC9C,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAa;IACjD,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC;IAC1E,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAClD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAa;IACjD,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;IAElD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAClD,CAAC;IAED,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAa,EAAE,EAAE;QACjC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;YACvD,OAAO,MAAM,CAAE,IAA0B,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,IAAY;IACtD,MAAM,KAAK,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;IAC3C,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,OAAO,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;AACtE,CAAC;AAED,6EAA6E;AAC7E,gBAAgB;AAChB,6EAA6E;AAE7E;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAa,EACb,gBAAwB,CAAC;IAEzB,MAAM,UAAU,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,QAAQ,GAAG,aAAa,GAAG,EAAE,GAAG,IAAI,CAAC;IAC3C,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,EAAE,GAAG,QAAQ,CAAC;AACvD,CAAC;AAED,6EAA6E;AAC7E,mBAAmB;AACnB,6EAA6E;AAE7E;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;IAErD,kDAAkD;IAClD,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,KAAa,EAAE,KAAa;IACnD,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACzC,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,cAAwB;IAClE,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACzC,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;AACjE,CAAC"}