@kaapi/oauth2-auth-design 0.0.14 → 0.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/kaukau.config.mjs +20 -0
  2. package/lib/cli.js +6 -6
  3. package/lib/flows/auth-code/authorization-route.d.ts +58 -7
  4. package/lib/flows/auth-code/authorization-route.js +139 -52
  5. package/lib/flows/auth-code/authorization-route.js.map +1 -1
  6. package/lib/flows/auth-code/authorization-utils.d.ts +35 -0
  7. package/lib/flows/auth-code/authorization-utils.js +44 -0
  8. package/lib/flows/auth-code/authorization-utils.js.map +1 -0
  9. package/lib/flows/auth-code/token-route.d.ts +10 -18
  10. package/lib/flows/auth-code/token-route.js +6 -15
  11. package/lib/flows/auth-code/token-route.js.map +1 -1
  12. package/lib/flows/authorization-code.d.ts +112 -0
  13. package/lib/flows/authorization-code.js +570 -0
  14. package/lib/flows/authorization-code.js.map +1 -0
  15. package/lib/flows/client-credentials.d.ts +79 -39
  16. package/lib/flows/client-credentials.js +324 -257
  17. package/lib/flows/client-credentials.js.map +1 -1
  18. package/lib/flows/client-creds/token-route.d.ts +23 -0
  19. package/lib/flows/client-creds/token-route.js +52 -0
  20. package/lib/flows/client-creds/token-route.js.map +1 -0
  21. package/lib/flows/common.d.ts +265 -28
  22. package/lib/flows/common.js +293 -29
  23. package/lib/flows/common.js.map +1 -1
  24. package/lib/flows/device-auth/authorization-route.d.ts +83 -0
  25. package/lib/flows/device-auth/authorization-route.js +68 -0
  26. package/lib/flows/device-auth/authorization-route.js.map +1 -0
  27. package/lib/flows/device-auth/token-route.d.ts +29 -0
  28. package/lib/flows/device-auth/token-route.js +49 -0
  29. package/lib/flows/device-auth/token-route.js.map +1 -0
  30. package/lib/flows/device-authorization.d.ts +112 -0
  31. package/lib/flows/device-authorization.js +523 -0
  32. package/lib/flows/device-authorization.js.map +1 -0
  33. package/lib/flows/oidc-multiple-flows.d.ts +59 -0
  34. package/lib/flows/oidc-multiple-flows.js +268 -0
  35. package/lib/flows/oidc-multiple-flows.js.map +1 -0
  36. package/lib/index.d.ts +12 -6
  37. package/lib/index.js +12 -6
  38. package/lib/index.js.map +1 -1
  39. package/lib/utils/client-auth-methods.d.ts +2 -2
  40. package/lib/utils/client-auth-methods.js +5 -6
  41. package/lib/utils/client-auth-methods.js.map +1 -1
  42. package/lib/utils/in-memory-key-store.d.ts +12 -0
  43. package/lib/utils/in-memory-key-store.js +46 -0
  44. package/lib/utils/in-memory-key-store.js.map +1 -0
  45. package/lib/utils/jwt-authority.d.ts +81 -0
  46. package/lib/utils/jwt-authority.js +186 -0
  47. package/lib/utils/jwt-authority.js.map +1 -0
  48. package/lib/utils/jwt-utils.d.ts +33 -0
  49. package/lib/utils/jwt-utils.js +24 -0
  50. package/lib/utils/jwt-utils.js.map +1 -0
  51. package/lib/utils/replay-store.d.ts +13 -0
  52. package/lib/utils/{cache-set.js → replay-store.js} +8 -4
  53. package/lib/utils/replay-store.js.map +1 -0
  54. package/lib/utils/token-types.d.ts +6 -3
  55. package/lib/utils/token-types.js +13 -10
  56. package/lib/utils/token-types.js.map +1 -1
  57. package/lib/utils/verify-code-verifier.d.ts +4 -0
  58. package/lib/utils/verify-code-verifier.js +18 -0
  59. package/lib/utils/verify-code-verifier.js.map +1 -0
  60. package/package.json +6 -7
  61. package/lib/flows/auth-code/open-id.d.ts +0 -53
  62. package/lib/flows/auth-code/open-id.js +0 -199
  63. package/lib/flows/auth-code/open-id.js.map +0 -1
  64. package/lib/flows/auth-code.ts/open-id.d.ts +0 -52
  65. package/lib/flows/auth-code.ts/open-id.js +0 -169
  66. package/lib/flows/auth-code.ts/open-id.js.map +0 -1
  67. package/lib/flows/authentication-code.d.ts +0 -53
  68. package/lib/flows/authentication-code.js +0 -380
  69. package/lib/flows/authentication-code.js.map +0 -1
  70. package/lib/utils/cache-set.d.ts +0 -12
  71. package/lib/utils/cache-set.js.map +0 -1
  72. package/lib/utils/in-memory-cache.d.ts +0 -5
  73. package/lib/utils/in-memory-cache.js +0 -30
  74. package/lib/utils/in-memory-cache.js.map +0 -1
  75. package/lib/utils/in-memory-jwks-store.d.ts +0 -12
  76. package/lib/utils/in-memory-jwks-store.js +0 -46
  77. package/lib/utils/in-memory-jwks-store.js.map +0 -1
  78. package/lib/utils/jwks-generator.d.ts +0 -58
  79. package/lib/utils/jwks-generator.js +0 -141
  80. package/lib/utils/jwks-generator.js.map +0 -1
  81. package/lib/utils/jwks-store.d.ts +0 -13
  82. package/lib/utils/jwks-store.js +0 -3
  83. package/lib/utils/jwks-store.js.map +0 -1
package/lib/flows/authorization-code.js ADDED
@@ -0,0 +1,570 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.OIDCAuthorizationCodeBuilder = exports.OAuth2AuthorizationCodeBuilder = exports.OIDCAuthorizationCode = exports.OAuth2AuthorizationCode = void 0;
4
+ const tslib_1 = require("tslib");
5
+ const api_doc_generator_1 = require("@novice1/api-doc-generator");
6
+ const common_1 = require("./common");
7
+ const jwt_utils_1 = require("../utils/jwt-utils");
8
+ const authorization_route_1 = require("./auth-code/authorization-route");
9
+ const token_route_1 = require("./auth-code/token-route");
10
+ const client_auth_methods_1 = require("../utils/client-auth-methods");
11
+ const verify_code_verifier_1 = require("../utils/verify-code-verifier");
12
+ class OAuth2AuthorizationCode extends common_1.OAuth2AuthDesign {
13
+ get grantType() {
14
+ return api_doc_generator_1.GrantType.authorizationCode;
15
+ }
16
+ constructor(_a) {
17
+ var { authorizationRoute, tokenRoute, refreshTokenRoute } = _a, props = tslib_1.__rest(_a, ["authorizationRoute", "tokenRoute", "refreshTokenRoute"]);
18
+ super(Object.assign(Object.assign({}, props), { strategyName: props.strategyName || 'oauth2-authorization-code' }));
19
+ this.pkce = false;
20
+ this.authorizationRoute = authorizationRoute;
21
+ this.tokenRoute = tokenRoute;
22
+ this.refreshTokenRoute = refreshTokenRoute;
23
+ }
24
+ withPkce() {
25
+ this.pkce = true;
26
+ return super.noneAuthenticationMethod();
27
+ }
28
+ withoutPkce() {
29
+ this.pkce = false;
30
+ this._clientAuthMethods.none = undefined;
31
+ return this;
32
+ }
33
+ isWithPkce() {
34
+ return this.pkce;
35
+ }
36
+ noneAuthenticationMethod() {
37
+ return this.withPkce();
38
+ }
39
+ handleAuthorization(_t, request, h) {
40
+ return tslib_1.__awaiter(this, void 0, void 0, function* () {
41
+ const sr = {
42
+ handle: (req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
43
+ // validating query
44
+ if (req.query.client_id && typeof req.query.client_id === 'string' &&
45
+ req.query.response_type === 'code' &&
46
+ req.query.redirect_uri && typeof req.query.redirect_uri === 'string') {
47
+ const params = {
48
+ clientId: req.query.client_id,
49
+ redirectUri: req.query.redirect_uri,
50
+ responseType: req.query.response_type
51
+ };
52
+ if (req.query.scope && typeof req.query.scope === 'string') {
53
+ params.scope = req.query.scope;
54
+ }
55
+ if (req.query.state && typeof req.query.state === 'string') {
56
+ params.state = req.query.state;
57
+ }
58
+ if (req.query.code_challenge && typeof req.query.code_challenge === 'string') {
59
+ params.codeChallenge = req.query.code_challenge;
60
+ }
61
+ if (req.query.nonce && typeof req.query.nonce === 'string') {
62
+ params.nonce = req.query.nonce;
63
+ }
64
+ if (req.method.toLowerCase() === 'get') {
65
+ return this.authorizationRoute.handler(params, req, h);
66
+ }
67
+ else {
68
+ return this.authorizationRoute.postHandler(params, req, h);
69
+ }
70
+ }
71
+ else {
72
+ let errorDescription = '';
73
+ if (!(req.query.client_id && typeof req.query.client_id === 'string')) {
74
+ errorDescription = 'Request was missing the \'client_id\' parameter.';
75
+ }
76
+ else if (!(req.query.response_type === 'code')) {
77
+ errorDescription = `Request does not support the 'response_type' '${req.query.response_type}'.`;
78
+ }
79
+ else if (!(req.query.redirect_uri && typeof req.query.redirect_uri === 'string')) {
80
+ errorDescription = 'Request was missing the \'redirect_uri\' parameter.';
81
+ }
82
+ return h.response({ error: common_1.OAuth2ErrorCode.INVALID_REQUEST, error_description: errorDescription }).code(400);
83
+ }
84
+ })
85
+ };
86
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
87
+ return sr.handle(request, h);
88
+ });
89
+ }
90
+ registerAuthorizationEndpoint(t) {
91
+ t
92
+ .route({
93
+ options: {
94
+ plugins: {
95
+ kaapi: {
96
+ docs: false
97
+ }
98
+ }
99
+ },
100
+ path: this.authorizationRoute.path,
101
+ method: ['GET', 'POST'],
102
+ handler: (req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
103
+ return yield this.handleAuthorization(t, req, h);
104
+ })
105
+ });
106
+ }
107
+ handleToken(t, request, h) {
108
+ return tslib_1.__awaiter(this, void 0, void 0, function* () {
109
+ const hasOpenIDScope = () => { var _a; return typeof ((_a = this.getScopes()) === null || _a === void 0 ? void 0 : _a['openid']) != 'undefined'; };
110
+ const tokenTypeInstance = this._tokenType;
111
+ const supported = this.getTokenEndpointAuthMethods();
112
+ const authMethodsInstances = this.clientAuthMethods;
113
+ const jwtAuthority = this.getJwtAuthority();
114
+ const sr = {
115
+ handle: (req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
116
+ var _a;
117
+ // Grant validation
118
+ const supportedGrants = ['authorization_code'];
119
+ if (this.tokenRoute.path == ((_a = this.refreshTokenRoute) === null || _a === void 0 ? void 0 : _a.path)) {
120
+ supportedGrants.push('refresh_token');
121
+ }
122
+ if (!(typeof req.payload.grant_type === 'string' && supportedGrants.includes(req.payload.grant_type))) {
123
+ return h.response({ error: common_1.OAuth2ErrorCode.UNSUPPORTED_GRANT_TYPE, error_description: `Request does not support the 'grant_type' '${req.payload.grant_type}'.` }).code(400);
124
+ }
125
+ // Client authentication is present?
126
+ const { clientId, clientSecret, error, errorDescription } = yield this._extractClientParams(req, authMethodsInstances, supported);
127
+ if (error) {
128
+ return h.response({ error: error, error_description: errorDescription || undefined }).code(400);
129
+ }
130
+ if (!clientId) {
131
+ return h
132
+ .response({
133
+ error: common_1.OAuth2ErrorCode.INVALID_REQUEST,
134
+ error_description: `Supported token endpoint authentication methods: ${supported.join(', ')}`
135
+ }).code(400);
136
+ }
137
+ if (clientId &&
138
+ req.payload.code && typeof req.payload.code === 'string' &&
139
+ req.payload.grant_type === 'authorization_code') {
140
+ const params = {
141
+ clientId,
142
+ grantType: req.payload.grant_type,
143
+ tokenType: tokenTypeInstance.prefix,
144
+ code: req.payload.code,
145
+ verifyCodeVerifier: verify_code_verifier_1.verifyCodeVerifier,
146
+ ttl: this.tokenTTL,
147
+ createJwtAccessToken: jwtAuthority ? ((payload) => tslib_1.__awaiter(this, void 0, void 0, function* () {
148
+ var _a, _b;
149
+ return yield (0, jwt_utils_1.createJwtAccessToken)(jwtAuthority, Object.assign({ aud: ((_a = t.postman) === null || _a === void 0 ? void 0 : _a.getHost()[0]) || '', iss: ((_b = t.postman) === null || _b === void 0 ? void 0 : _b.getHost()[0]) || '', sub: clientId }, payload), this.tokenTTL);
150
+ })) : undefined,
151
+ createIdToken: jwtAuthority && hasOpenIDScope() ? ((payload) => tslib_1.__awaiter(this, void 0, void 0, function* () {
152
+ var _a;
153
+ return yield (0, jwt_utils_1.createIdToken)(jwtAuthority, Object.assign({ aud: clientId, iss: ((_a = t.postman) === null || _a === void 0 ? void 0 : _a.getHost()[0]) || '' }, payload), this.tokenTTL);
154
+ })) : undefined
155
+ };
156
+ if (clientSecret) {
157
+ params.clientSecret = clientSecret;
158
+ }
159
+ if (req.payload.code_verifier && typeof req.payload.code_verifier === 'string') {
160
+ params.codeVerifier = req.payload.code_verifier;
161
+ }
162
+ if (req.payload.redirect_uri && typeof req.payload.redirect_uri === 'string') {
163
+ params.redirectUri = req.payload.redirect_uri;
164
+ }
165
+ const ttR = tokenTypeInstance.isValidTokenRequest ? (yield tokenTypeInstance.isValidTokenRequest(req)) : { isValid: true };
166
+ if (!ttR.isValid) {
167
+ return h.response({ error: common_1.OAuth2ErrorCode.INVALID_REQUEST, error_description: ttR.message || '' }).code(400);
168
+ }
169
+ return this.tokenRoute.handler(params, req, h);
170
+ }
171
+ else {
172
+ let error = common_1.OAuth2ErrorCode.UNAUTHORIZED_CLIENT;
173
+ let errorDescription = '';
174
+ if (!clientId) {
175
+ error = common_1.OAuth2ErrorCode.INVALID_REQUEST;
176
+ errorDescription = 'Request was missing the \'client_id\' parameter.';
177
+ }
178
+ else if (!(req.payload.code && typeof req.payload.code === 'string')) {
179
+ error = common_1.OAuth2ErrorCode.INVALID_REQUEST;
180
+ errorDescription = 'Request was missing the \'code\' parameter.';
181
+ }
182
+ return h.response({ error, error_description: errorDescription }).code(400);
183
+ }
184
+ })
185
+ };
186
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
187
+ return sr.handle(request, h);
188
+ });
189
+ }
190
+ handleRefreshToken(t, request, h) {
191
+ return tslib_1.__awaiter(this, void 0, void 0, function* () {
192
+ const supported = this.getTokenEndpointAuthMethods();
193
+ const authMethodsInstances = this.clientAuthMethods;
194
+ const jwtAuthority = this.getJwtAuthority();
195
+ const tokenTypePrefix = this.tokenType;
196
+ const hasOpenIDScope = () => { var _a; return typeof ((_a = this.getScopes()) === null || _a === void 0 ? void 0 : _a['openid']) != 'undefined'; };
197
+ const sr = {
198
+ handle: (req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
199
+ var _a;
200
+ // Grant validation
201
+ const supportedGrants = ['refresh_token'];
202
+ if (!(typeof req.payload.grant_type === 'string' && supportedGrants.includes(req.payload.grant_type))) {
203
+ return h.response({ error: common_1.OAuth2ErrorCode.UNSUPPORTED_GRANT_TYPE, error_description: `Request does not support the 'grant_type' '${req.payload.grant_type}'.` }).code(400);
204
+ }
205
+ // Client authentication is present?
206
+ const { clientId, clientSecret, error, errorDescription } = yield this._extractClientParams(req, authMethodsInstances, supported);
207
+ if (error) {
208
+ return h.response({ error: error, error_description: errorDescription || undefined }).code(400);
209
+ }
210
+ if (!clientId) {
211
+ return h
212
+ .response({
213
+ error: common_1.OAuth2ErrorCode.INVALID_REQUEST,
214
+ error_description: `Supported token endpoint authentication methods: ${supported.join(', ')}`
215
+ }).code(400);
216
+ }
217
+ const hasRefreshToken = req.payload.refresh_token && typeof req.payload.refresh_token === 'string';
218
+ const isRefreshTokenGrantType = req.payload.grant_type === 'refresh_token';
219
+ if (clientId &&
220
+ hasRefreshToken &&
221
+ isRefreshTokenGrantType) {
222
+ const scope = req.payload.scope && typeof req.payload.scope === 'string' ? req.payload.scope : undefined;
223
+ const params = {
224
+ clientId,
225
+ clientSecret,
226
+ grantType: `${req.payload.grant_type}`,
227
+ tokenType: tokenTypePrefix,
228
+ refreshToken: `${req.payload.refresh_token}`,
229
+ ttl: this.tokenTTL,
230
+ createJwtAccessToken: jwtAuthority ? ((payload) => tslib_1.__awaiter(this, void 0, void 0, function* () {
231
+ var _a, _b;
232
+ return yield (0, jwt_utils_1.createJwtAccessToken)(jwtAuthority, Object.assign({ aud: ((_a = t.postman) === null || _a === void 0 ? void 0 : _a.getHost()[0]) || '', iss: ((_b = t.postman) === null || _b === void 0 ? void 0 : _b.getHost()[0]) || '', sub: clientId, scope }, payload), this.tokenTTL);
233
+ })) : undefined,
234
+ createIdToken: jwtAuthority && hasOpenIDScope() ? ((payload) => tslib_1.__awaiter(this, void 0, void 0, function* () {
235
+ var _a;
236
+ return yield (0, jwt_utils_1.createIdToken)(jwtAuthority, Object.assign({ aud: clientId, iss: ((_a = t.postman) === null || _a === void 0 ? void 0 : _a.getHost()[0]) || '' }, payload), this.tokenTTL);
237
+ })) : undefined,
238
+ verifyJwt: jwtAuthority ? ((token) => tslib_1.__awaiter(this, void 0, void 0, function* () {
239
+ return yield (0, jwt_utils_1.verifyJwt)(jwtAuthority, token);
240
+ })) : undefined
241
+ };
242
+ if (scope) {
243
+ params.scope = scope;
244
+ }
245
+ return (_a = this.refreshTokenRoute) === null || _a === void 0 ? void 0 : _a.handler(params, req, h);
246
+ }
247
+ else {
248
+ let error = common_1.OAuth2ErrorCode.UNAUTHORIZED_CLIENT;
249
+ let errorDescription = '';
250
+ if (!clientId) {
251
+ error = common_1.OAuth2ErrorCode.INVALID_REQUEST;
252
+ errorDescription = 'Request was missing the \'client_id\' parameter.';
253
+ }
254
+ else if (!(req.payload.refresh_token && typeof req.payload.refresh_token === 'string')) {
255
+ error = common_1.OAuth2ErrorCode.INVALID_REQUEST;
256
+ errorDescription = 'Request was missing the \'refresh_token\' parameter.';
257
+ }
258
+ return h.response({ error, error_description: errorDescription }).code(400);
259
+ }
260
+ })
261
+ };
262
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
263
+ return sr.handle(request, h);
264
+ });
265
+ }
266
+ docs() {
267
+ var _a;
268
+ const docs = new api_doc_generator_1.OAuth2Util(this.strategyName)
269
+ .setGrantType(this.isWithPkce() ? api_doc_generator_1.GrantType.authorizationCodeWithPkce : api_doc_generator_1.GrantType.authorizationCode)
270
+ .setScopes(this.getScopes() || {})
271
+ .setAuthUrl(this.authorizationRoute.path)
272
+ .setAccessTokenUrl(this.tokenRoute.path || '');
273
+ const supported = this.getTokenEndpointAuthMethods();
274
+ if (supported.includes('client_secret_post')) {
275
+ docs.setClientAuthentication(api_doc_generator_1.ClientAuthentication.body);
276
+ }
277
+ else if (supported.includes('client_secret_basic')) {
278
+ docs.setClientAuthentication(api_doc_generator_1.ClientAuthentication.header);
279
+ }
280
+ if ((_a = this.refreshTokenRoute) === null || _a === void 0 ? void 0 : _a.path) {
281
+ docs.setRefreshUrl(this.refreshTokenRoute.path);
282
+ }
283
+ if (this.description) {
284
+ docs.setDescription(this.description);
285
+ }
286
+ return docs;
287
+ }
288
+ integrateHook(t) {
289
+ var _a;
290
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
291
+ const routesOptions = {
292
+ plugins: {
293
+ kaapi: {
294
+ docs: false
295
+ }
296
+ }
297
+ };
298
+ // authorization
299
+ this.registerAuthorizationEndpoint(t);
300
+ // token
301
+ t
302
+ .route({
303
+ options: routesOptions,
304
+ path: this.tokenRoute.path,
305
+ method: 'POST',
306
+ handler: (req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
307
+ var _a;
308
+ if (req.payload.grant_type === this.grantType) {
309
+ return yield this.handleToken(t, req, h);
310
+ }
311
+ else if (req.payload.grant_type === 'refresh_token' &&
312
+ ((_a = this.refreshTokenRoute) === null || _a === void 0 ? void 0 : _a.path) == this.tokenRoute.path) {
313
+ const result = yield this.handleRefreshToken(t, req, h);
314
+ if (result === h.continue) {
315
+ return h.response({ error: common_1.OAuth2ErrorCode.INVALID_GRANT, error_description: 'Token was not validated by any handler.' }).code(400);
316
+ }
317
+ return result;
318
+ }
319
+ return h.response({ error: common_1.OAuth2ErrorCode.UNSUPPORTED_GRANT_TYPE, error_description: `Request does not support the 'grant_type' '${req.payload.grant_type}'.` }).code(400);
320
+ })
321
+ });
322
+ // refreshToken
323
+ if (((_a = this.refreshTokenRoute) === null || _a === void 0 ? void 0 : _a.path) && this.refreshTokenRoute.path != this.tokenRoute.path) {
324
+ t.route({
325
+ options: routesOptions,
326
+ path: this.refreshTokenRoute.path,
327
+ method: 'POST',
328
+ handler: (req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
329
+ const result = yield this.handleRefreshToken(t, req, h);
330
+ if (result === h.continue) {
331
+ return h.response({ error: common_1.OAuth2ErrorCode.INVALID_GRANT, error_description: 'Token was not validated by any handler.' }).code(400);
332
+ }
333
+ return result;
334
+ })
335
+ });
336
+ }
337
+ // jwks
338
+ this.createJwksEndpoint(t);
339
+ }
340
+ }
341
+ exports.OAuth2AuthorizationCode = OAuth2AuthorizationCode;
342
+ class OIDCAuthorizationCode extends OAuth2AuthorizationCode {
343
+ constructor(params) {
344
+ super(params);
345
+ this.openidConfiguration = {};
346
+ if (params.openidConfiguration)
347
+ this.openidConfiguration = params.openidConfiguration;
348
+ }
349
+ getDiscoveryConfiguration(t) {
350
+ var _a, _b, _c, _d, _e, _f;
351
+ const supported = this.getTokenEndpointAuthMethods();
352
+ const host = ((_a = t.postman) === null || _a === void 0 ? void 0 : _a.getHost()[0]) || '';
353
+ const scopes = this.getScopes() || {};
354
+ const wellKnownOpenIDConfig = {
355
+ issuer: host,
356
+ authorization_endpoint: `${host}${this.authorizationRoute.path}`,
357
+ token_endpoint: `${host}${this.tokenRoute.path}`,
358
+ jwks_uri: ((_b = this.jwksRoute) === null || _b === void 0 ? void 0 : _b.path) ? `${host}${this.jwksRoute.path}` : undefined,
359
+ claims_supported: [
360
+ 'aud',
361
+ 'exp',
362
+ 'iat',
363
+ 'iss',
364
+ 'sub'
365
+ ],
366
+ grant_types_supported: [
367
+ api_doc_generator_1.GrantType.authorizationCode
368
+ ],
369
+ response_types_supported: ['code'],
370
+ scopes_supported: Object.keys(scopes),
371
+ subject_types_supported: [
372
+ 'public'
373
+ ],
374
+ id_token_signing_alg_values_supported: [
375
+ 'RS256'
376
+ ],
377
+ token_endpoint_auth_methods_supported: supported
378
+ };
379
+ if ((_d = (_c = this.clientAuthMethods.client_secret_jwt) === null || _c === void 0 ? void 0 : _c.algorithms) === null || _d === void 0 ? void 0 : _d.length) {
380
+ wellKnownOpenIDConfig.token_endpoint_auth_signing_alg_values_supported = wellKnownOpenIDConfig.token_endpoint_auth_signing_alg_values_supported || [];
381
+ wellKnownOpenIDConfig.token_endpoint_auth_signing_alg_values_supported = [
382
+ ...wellKnownOpenIDConfig.token_endpoint_auth_signing_alg_values_supported,
383
+ ...this.clientAuthMethods.client_secret_jwt.algorithms
384
+ ];
385
+ }
386
+ if ((_f = (_e = this.clientAuthMethods.private_key_jwt) === null || _e === void 0 ? void 0 : _e.algorithms) === null || _f === void 0 ? void 0 : _f.length) {
387
+ wellKnownOpenIDConfig.token_endpoint_auth_signing_alg_values_supported = wellKnownOpenIDConfig.token_endpoint_auth_signing_alg_values_supported || [];
388
+ wellKnownOpenIDConfig.token_endpoint_auth_signing_alg_values_supported = [
389
+ ...wellKnownOpenIDConfig.token_endpoint_auth_signing_alg_values_supported,
390
+ ...this.clientAuthMethods.private_key_jwt.algorithms
391
+ ];
392
+ }
393
+ return Object.assign(Object.assign({}, wellKnownOpenIDConfig), this.openidConfiguration);
394
+ }
395
+ integrateHook(t) {
396
+ super.integrateHook(t);
397
+ const discoveryConfiguration = this.getDiscoveryConfiguration(t);
398
+ t.route({
399
+ path: '/.well-known/openid-configuration',
400
+ method: 'GET',
401
+ options: {
402
+ plugins: {
403
+ kaapi: {
404
+ docs: false
405
+ }
406
+ }
407
+ },
408
+ handler: () => {
409
+ return discoveryConfiguration;
410
+ }
411
+ });
412
+ }
413
+ }
414
+ exports.OIDCAuthorizationCode = OIDCAuthorizationCode;
415
+ class OAuth2AuthorizationCodeBuilder {
416
+ constructor(params) {
417
+ this.clientAuthMethods = {
418
+ client_secret_basic: undefined,
419
+ client_secret_post: undefined,
420
+ client_secret_jwt: undefined,
421
+ private_key_jwt: undefined,
422
+ none: undefined
423
+ };
424
+ this.params = params;
425
+ }
426
+ static create(params) {
427
+ const paramsComplete = Object.assign({ authorizationRoute: params && params.authorizationRoute || authorization_route_1.OAuth2ACAuthorizationRoute.buildDefault(), tokenRoute: params && params.tokenRoute || token_route_1.OAuth2ACTokenRoute.buildDefault() }, (params || {}));
428
+ return new OAuth2AuthorizationCodeBuilder(paramsComplete);
429
+ }
430
+ build() {
431
+ const result = new OAuth2AuthorizationCode(this.params);
432
+ result.setTokenTTL(this.tokenTTL);
433
+ if (typeof this.description !== 'undefined') {
434
+ result.setDescription(this.description);
435
+ }
436
+ if (typeof this.scopes !== 'undefined') {
437
+ result.setScopes(this.scopes);
438
+ }
439
+ if (typeof this.tokenType !== 'undefined') {
440
+ result.setTokenType(this.tokenType);
441
+ }
442
+ for (const method of Object.values(this.clientAuthMethods)) {
443
+ if (method) {
444
+ result.addClientAuthenticationMethod(method);
445
+ }
446
+ }
447
+ return result;
448
+ }
449
+ setTokenTTL(ttlSeconds) {
450
+ this.tokenTTL = ttlSeconds;
451
+ return this;
452
+ }
453
+ setDescription(description) {
454
+ this.description = description;
455
+ return this;
456
+ }
457
+ setScopes(scopes) {
458
+ this.scopes = scopes;
459
+ return this;
460
+ }
461
+ setTokenType(value) {
462
+ this.tokenType = value;
463
+ return this;
464
+ }
465
+ addClientAuthenticationMethod(value) {
466
+ if (value == 'client_secret_basic') {
467
+ this.clientAuthMethods.client_secret_basic = new client_auth_methods_1.ClientSecretBasic();
468
+ }
469
+ else if (value == 'client_secret_post') {
470
+ this.clientAuthMethods.client_secret_post = new client_auth_methods_1.ClientSecretPost();
471
+ }
472
+ else if (value == 'none') {
473
+ this.clientAuthMethods.none = new client_auth_methods_1.NoneAuthMethod();
474
+ }
475
+ else {
476
+ this.clientAuthMethods[value.method] = value;
477
+ }
478
+ return this;
479
+ }
480
+ strategyName(name) {
481
+ this.params.strategyName = name;
482
+ return this;
483
+ }
484
+ setJwksKeyStore(keyStore) {
485
+ this.params.jwksOptions = this.params.jwksOptions || {};
486
+ this.params.jwksOptions.keyStore = keyStore;
487
+ return this;
488
+ }
489
+ /**
490
+ *
491
+ * @param ttl seconds
492
+ */
493
+ setPublicKeyExpiry(ttl) {
494
+ this.params.jwksOptions = this.params.jwksOptions || {};
495
+ this.params.jwksOptions.ttl = ttl;
496
+ return this;
497
+ }
498
+ setJwksRotatorOptions(jwksRotatorOptions) {
499
+ this.params.jwksOptions = this.params.jwksOptions || {};
500
+ this.params.jwksOptions.rotation = jwksRotatorOptions;
501
+ return this;
502
+ }
503
+ validate(handler) {
504
+ this.params.options = Object.assign(Object.assign({}, (this.params.options || {})), { validate: handler });
505
+ return this;
506
+ }
507
+ /**
508
+ * Auto-verifies the access token JWT using the configured JWKS before running user validation.
509
+ */
510
+ useAccessTokenJwks(active) {
511
+ this.params.options = Object.assign(Object.assign({}, (this.params.options || {})), { useAccessTokenJwks: active });
512
+ return this;
513
+ }
514
+ jwksRoute(handler) {
515
+ this.params.jwksRoute = this.params.jwksRoute || common_1.JWKSRoute.buildDefault();
516
+ handler(this.params.jwksRoute);
517
+ return this;
518
+ }
519
+ authorizationRoute(handler) {
520
+ handler(this.params.authorizationRoute);
521
+ return this;
522
+ }
523
+ tokenRoute(handler) {
524
+ handler(this.params.tokenRoute);
525
+ return this;
526
+ }
527
+ refreshTokenRoute(handler) {
528
+ this.params.refreshTokenRoute = this.params.refreshTokenRoute || common_1.OAuth2RefreshTokenRoute.buildDefault();
529
+ handler(this.params.refreshTokenRoute);
530
+ return this;
531
+ }
532
+ }
533
+ exports.OAuth2AuthorizationCodeBuilder = OAuth2AuthorizationCodeBuilder;
534
+ class OIDCAuthorizationCodeBuilder extends OAuth2AuthorizationCodeBuilder {
535
+ constructor(params) {
536
+ super(params);
537
+ this.openidConfiguration = {};
538
+ }
539
+ static create(params) {
540
+ const paramsComplete = Object.assign({ authorizationRoute: params && params.authorizationRoute || authorization_route_1.OAuth2ACAuthorizationRoute.buildDefault(), tokenRoute: params && params.tokenRoute || token_route_1.OAuth2ACTokenRoute.buildDefault() }, (params || {}));
541
+ return new OIDCAuthorizationCodeBuilder(paramsComplete);
542
+ }
543
+ additionalConfiguration(openidConfiguration) {
544
+ this.openidConfiguration = openidConfiguration;
545
+ return this;
546
+ }
547
+ build() {
548
+ if (!this.params.jwksRoute) {
549
+ this.params.jwksRoute = common_1.JWKSRoute.buildDefault();
550
+ }
551
+ const result = new OIDCAuthorizationCode(Object.assign(Object.assign({}, this.params), { openidConfiguration: this.openidConfiguration }));
552
+ result.setTokenTTL(this.tokenTTL);
553
+ if (typeof this.description !== 'undefined') {
554
+ result.setDescription(this.description);
555
+ }
556
+ result.setScopes(Object.assign({ openid: 'enable OpenID Connect' }, (this.scopes || {})));
557
+ if (typeof this.tokenType !== 'undefined') {
558
+ result.setTokenType(this.tokenType);
559
+ }
560
+ for (const method of Object.values(this.clientAuthMethods)) {
561
+ if (method) {
562
+ result.addClientAuthenticationMethod(method);
563
+ }
564
+ }
565
+ return result;
566
+ }
567
+ }
568
+ exports.OIDCAuthorizationCodeBuilder = OIDCAuthorizationCodeBuilder;
569
+ //#endregion OIDC builder
570
+ //# sourceMappingURL=authorization-code.js.map
package/lib/flows/authorization-code.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"authorization-code.js","sourceRoot":"","sources":["../../src/flows/authorization-code.ts"],"names":[],"mappings":";;;;AASA,kEAAwF;AACxF,qCAeiB;AACjB,kDAAmF;AACnF,yEAKwC;AACxC,yDAAiI;AAGjI,sEAA6I;AAC7I,wEAAkE;AAclE,MAAa,uBAAwB,SAAQ,yBAAgB;IAEzD,IAAI,SAAS;QACT,OAAO,6BAAS,CAAC,iBAAiB,CAAA;IACtC,CAAC;IAWD,YACI,EAK6B;YAL7B,EACI,kBAAkB,EAClB,UAAU,EACV,iBAAiB,OAEQ,EADtB,KAAK,sBAJZ,yDAKC,CADW;QAGZ,KAAK,iCAAM,KAAK,KAAE,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,2BAA2B,IAAG,CAAC;QAjB/E,SAAI,GAAY,KAAK,CAAA;QAmB3B,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAA;QAC5C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAA;IAC9C,CAAC;IAED,QAAQ;QACJ,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;QAChB,OAAO,KAAK,CAAC,wBAAwB,EAAE,CAAA;IAC3C,CAAC;IAED,WAAW;QACP,IAAI,CAAC,IAAI,GAAG,KAAK,CAAA;QACjB,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,SAAS,CAAA;QACxC,OAAO,IAAI,CAAA;IACf,CAAC;IAED,UAAU;QACN,OAAO,IAAI,CAAC,IAAI,CAAA;IACpB,CAAC;IAED,wBAAwB;QACpB,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAA;IAC1B,CAAC;IAEe,mBAAmB,CAC/B,EAAc,EACd,OAAsB,EACtB,CAAwB;;YAExB,MAAM,EAAE,GAEJ;gBACA,MAAM,EAAE,CAAO,GAAG,EAAE,CAAC,EAAE,EAAE;oBACrB,mBAAmB;oBACnB,IACI,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,OAAO,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,QAAQ;wBAC9D,GAAG,CAAC,KAAK,CAAC,aAAa,KAAK,MAAM;wBAClC,GAAG,CAAC,KAAK,CAAC,YAAY,IAAI,OAAO,GAAG,CAAC,KAAK,CAAC,YAAY,KAAK,QAAQ,EACtE,CAAC;wBACC,MAAM,MAAM,GAAgC;4BACxC,QAAQ,EAAE,GAAG,CAAC,KAAK,CAAC,SAAS;4BAC7B,WAAW,EAAE,GAAG,CAAC,KAAK,CAAC,YAAY;4BACnC,YAAY,EAAE,GAAG,CAAC,KAAK,CAAC,aAAa;yBACxC,CAAA;wBACD,IAAI,GAAG,CAAC,KAAK,CAAC,KAAK,IAAI,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;4BACzD,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAA;wBAClC,CAAC;wBACD,IAAI,GAAG,CAAC,KAAK,CAAC,KAAK,IAAI,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;4BACzD,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAA;wBAClC,CAAC;wBACD,IAAI,GAAG,CAAC,KAAK,CAAC,cAAc,IAAI,OAAO,GAAG,CAAC,KAAK,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;4BAC3E,MAAM,CAAC,aAAa,GAAG,GAAG,CAAC,KAAK,CAAC,cAAc,CAAA;wBACnD,CAAC;wBACD,IAAI,GAAG,CAAC,KAAK,CAAC,KAAK,IAAI,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;4BACzD,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAA;wBAClC,CAAC;wBAED,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,KAAK,EAAE,CAAC;4BACrC,OAAO,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;wBAC1D,CAAC;6BAAM,CAAC;4BACJ,OAAO,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;wBAC9D,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACJ,IAAI,gBAAgB,GAAG,EAAE,CAAA;wBACzB,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,OAAO,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,EAAE,CAAC;4BACpE,gBAAgB,GAAG,kDAAkD,CAAA;wBACzE,CAAC;6BAAM,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,KAAK,MAAM,CAAC,EAAE,CAAC;4BAC/C,gBAAgB,GAAG,iDAAiD,GAAG,CAAC,KAAK,CAAC,aAAa,IAAI,CAAA;wBACnG,CAAC;6BAAM,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,IAAI,OAAO,GAAG,CAAC,KAAK,CAAC,YAAY,KAAK,QAAQ,CAAC,EAAE,CAAC;4BACjF,gBAAgB,GAAG,qDAAqD,CAAA;wBAC5E,CAAC;wBAED,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAG,wBAAe,CAAC,eAAe,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBACjH,CAAC;gBACL,CAAC,CAAA;aACJ,CAAC;YAEF,8DAA8D;YAC9D,OAAO,EAAE,CAAC,MAAM,CAAC,OAAuB,EAAE,CAAyB,CAAC,CAAA;QACxE,CAAC;KAAA;IAED,6BAA6B,CAAC,CAAa;QACvC,CAAC;aACI,KAAK,CAAC;YACH,OAAO,EAAE;gBACL,OAAO,EAAE;oBACL,KAAK,EAAE;wBACH,IAAI,EAAE,KAAK;qBACd;iBACJ;aACJ;YACD,IAAI,EAAE,IAAI,CAAC,kBAAkB,CAAC,IAAI;YAClC,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;YACvB,OAAO,EAAE,CAAO,GAAG,EAAE,CAAC,EAAE,EAAE;gBACtB,OAAO,MAAM,IAAI,CAAC,mBAAmB,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;YACpD,CAAC,CAAA;SACJ,CAAC,CAAC;IACX,CAAC;IAEK,WAAW,CACb,CAAa,EACb,OAAsB,EACtB,CAAwB;;YAExB,MAAM,cAAc,GAAG,GAAG,EAAE,WAAC,OAAA,OAAO,CAAA,MAAA,IAAI,CAAC,SAAS,EAAE,0CAAG,QAAQ,CAAC,CAAA,IAAI,WAAW,CAAA,EAAA,CAAA;YAE/E,MAAM,iBAAiB,GAAG,IAAI,CAAC,UAAU,CAAA;YAEzC,MAAM,SAAS,GAAG,IAAI,CAAC,2BAA2B,EAAE,CAAC;YACrD,MAAM,oBAAoB,GAAG,IAAI,CAAC,iBAAiB,CAAC;YACpD,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YAE5C,MAAM,EAAE,GAIJ;gBACA,MAAM,EAAE,CAAO,GAAG,EAAE,CAAC,EAAE,EAAE;;oBACrB,mBAAmB;oBACnB,MAAM,eAAe,GAAG,CAAC,oBAAoB,CAAC,CAAA;oBAC9C,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,KAAI,MAAA,IAAI,CAAC,iBAAiB,0CAAE,IAAI,CAAA,EAAE,CAAC;wBACvD,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;oBACzC,CAAC;oBACD,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC,OAAO,CAAC,UAAU,KAAK,QAAQ,IAAI,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;wBACpG,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,wBAAe,CAAC,sBAAsB,EAAE,iBAAiB,EAAE,8CAA8C,GAAG,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAC/K,CAAC;oBAED,oCAAoC;oBACpC,MAAM,EACF,QAAQ,EACR,YAAY,EACZ,KAAK,EACL,gBAAgB,EACnB,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,GAAyC,EAAE,oBAAoB,EAAE,SAAS,CAAC,CAAC;oBAEhH,IAAI,KAAK,EAAE,CAAC;wBACR,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,IAAI,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBACnG,CAAC;oBAED,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACZ,OAAO,CAAC;6BACH,QAAQ,CAAC;4BACN,KAAK,EAAG,wBAAe,CAAC,eAAe;4BACvC,iBAAiB,EAAE,oDAAoD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;yBAChG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBACpB,CAAC;oBAED,IACI,QAAQ;wBACR,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ;wBACxD,GAAG,CAAC,OAAO,CAAC,UAAU,KAAK,oBAAoB,EACjD,CAAC;wBAEC,MAAM,MAAM,GAAwB;4BAChC,QAAQ;4BACR,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,UAAU;4BACjC,SAAS,EAAE,iBAAiB,CAAC,MAAM;4BACnC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI;4BACtB,kBAAkB,EAAlB,yCAAkB;4BAElB,GAAG,EAAE,IAAI,CAAC,QAAQ;4BAClB,oBAAoB,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,CAAO,OAAO,EAAE,EAAE;;gCACpD,OAAO,MAAM,IAAA,gCAAoB,EAAC,YAAY,kBAC1C,GAAG,EAAE,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,OAAO,GAAG,CAAC,CAAC,KAAI,EAAE,EAClC,GAAG,EAAE,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,OAAO,GAAG,CAAC,CAAC,KAAI,EAAE,EAClC,GAAG,EAAE,QAAQ,IACV,OAAO,GACX,IAAI,CAAC,QAAQ,CAAC,CAAA;4BACrB,CAAC,CAAA,CAAC,CAAC,CAAC,CAAC,SAAS;4BACd,aAAa,EAAE,YAAY,IAAI,cAAc,EAAE,CAAC,CAAC,CAAC,CAAC,CAAO,OAAO,EAAE,EAAE;;gCACjE,OAAO,MAAM,IAAA,yBAAa,EAAC,YAAY,kBACnC,GAAG,EAAE,QAAQ,EACb,GAAG,EAAE,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,OAAO,GAAG,CAAC,CAAC,KAAI,EAAE,IAC/B,OAAO,GACX,IAAI,CAAC,QAAQ,CAAC,CAAA;4BACrB,CAAC,CAAA,CAAC,CAAC,CAAC,CAAC,SAAS;yBACjB,CAAA;wBACD,IAAI,YAAY,EAAE,CAAC;4BACf,MAAM,CAAC,YAAY,GAAG,YAAY,CAAA;wBACtC,CAAC;wBACD,IAAI,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;4BAC7E,MAAM,CAAC,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAA;wBACnD,CAAC;wBACD,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;4BAC3E,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,YAAY,CAAA;wBACjD,CAAC;wBAED,MAAM,GAAG,GAAgC,iBAAiB,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,MAAM,iBAAiB,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;wBACvJ,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;4BACf,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,wBAAe,CAAC,eAAe,EAAE,iBAAiB,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;wBACjH,CAAC;wBAED,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;oBAClD,CAAC;yBAAM,CAAC;wBACJ,IAAI,KAAK,GAA2B,wBAAe,CAAC,mBAAmB,CAAC;wBACxE,IAAI,gBAAgB,GAAG,EAAE,CAAA;wBACzB,IAAI,CAAC,QAAQ,EAAE,CAAC;4BACZ,KAAK,GAAG,wBAAe,CAAC,eAAe,CAAA;4BACvC,gBAAgB,GAAG,kDAAkD,CAAA;wBACzE,CAAC;6BAAM,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;4BACrE,KAAK,GAAG,wBAAe,CAAC,eAAe,CAAA;4BACvC,gBAAgB,GAAG,6CAA6C,CAAA;wBACpE,CAAC;wBACD,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAC/E,CAAC;gBACL,CAAC,CAAA;aACJ,CAAC;YAEF,8DAA8D;YAC9D,OAAO,EAAE,CAAC,MAAM,CAAC,OAAuB,EAAE,CAAyB,CAAC,CAAA;QACxE,CAAC;KAAA;IAEK,kBAAkB,CACpB,CAAa,EACb,OAAsB,EACtB,CAAwB;;YAExB,MAAM,SAAS,GAAG,IAAI,CAAC,2BAA2B,EAAE,CAAC;YACrD,MAAM,oBAAoB,GAAG,IAAI,CAAC,iBAAiB,CAAC;YACpD,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YAC5C,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC;YAEvC,MAAM,cAAc,GAAG,GAAG,EAAE,WAAC,OAAA,OAAO,CAAA,MAAA,IAAI,CAAC,SAAS,EAAE,0CAAG,QAAQ,CAAC,CAAA,IAAI,WAAW,CAAA,EAAA,CAAC;YAEhF,MAAM,EAAE,GAIJ;gBACA,MAAM,EAAE,CAAO,GAAG,EAAE,CAAC,EAAE,EAAE;;oBACrB,mBAAmB;oBACnB,MAAM,eAAe,GAAG,CAAC,eAAe,CAAC,CAAA;oBACzC,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC,OAAO,CAAC,UAAU,KAAK,QAAQ,IAAI,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;wBACpG,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,wBAAe,CAAC,sBAAsB,EAAE,iBAAiB,EAAE,8CAA8C,GAAG,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAC/K,CAAC;oBAED,oCAAoC;oBACpC,MAAM,EACF,QAAQ,EACR,YAAY,EACZ,KAAK,EACL,gBAAgB,EACnB,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,GAAyC,EAAE,oBAAoB,EAAE,SAAS,CAAC,CAAC;oBAEhH,IAAI,KAAK,EAAE,CAAC;wBACR,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,IAAI,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBACnG,CAAC;oBAED,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACZ,OAAO,CAAC;6BACH,QAAQ,CAAC;4BACN,KAAK,EAAG,wBAAe,CAAC,eAAe;4BACvC,iBAAiB,EAAE,oDAAoD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;yBAChG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBACpB,CAAC;oBAED,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,KAAK,QAAQ,CAAA;oBAClG,MAAM,uBAAuB,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,KAAK,eAAe,CAAA;oBAC1E,IACI,QAAQ;wBACR,eAAe;wBACf,uBAAuB,EACzB,CAAC;wBACC,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAA;wBACxG,MAAM,MAAM,GAA6B;4BACrC,QAAQ;4BACR,YAAY;4BACZ,SAAS,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE;4BACtC,SAAS,EAAE,eAAe;4BAC1B,YAAY,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE;4BAC5C,GAAG,EAAE,IAAI,CAAC,QAAQ;4BAClB,oBAAoB,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,CAAO,OAAO,EAAE,EAAE;;gCACpD,OAAO,MAAM,IAAA,gCAAoB,EAAC,YAAY,kBAC1C,GAAG,EAAE,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,OAAO,GAAG,CAAC,CAAC,KAAI,EAAE,EAClC,GAAG,EAAE,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,OAAO,GAAG,CAAC,CAAC,KAAI,EAAE,EAClC,GAAG,EAAE,QAAQ,EACb,KAAK,IACF,OAAO,GACX,IAAI,CAAC,QAAQ,CAAC,CAAA;4BACrB,CAAC,CAAA,CAAC,CAAC,CAAC,CAAC,SAAS;4BACd,aAAa,EAAE,YAAY,IAAI,cAAc,EAAE,CAAC,CAAC,CAAC,CAAC,CAAO,OAAO,EAAE,EAAE;;gCACjE,OAAO,MAAM,IAAA,yBAAa,EAAC,YAAY,kBACnC,GAAG,EAAE,QAAQ,EACb,GAAG,EAAE,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,OAAO,GAAG,CAAC,CAAC,KAAI,EAAE,IAC/B,OAAO,GACX,IAAI,CAAC,QAAQ,CAAC,CAAA;4BACrB,CAAC,CAAA,CAAC,CAAC,CAAC,CAAC,SAAS;4BACd,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,CAAO,KAAK,EAAE,EAAE;gCACvC,OAAO,MAAM,IAAA,qBAAS,EAAC,YAAY,EAAE,KAAK,CAAC,CAAA;4BAC/C,CAAC,CAAA,CAAC,CAAC,CAAC,CAAC,SAAS;yBACjB,CAAA;wBAED,IAAI,KAAK,EAAE,CAAC;4BACR,MAAM,CAAC,KAAK,GAAG,KAAK,CAAA;wBACxB,CAAC;wBAED,OAAO,MAAA,IAAI,CAAC,iBAAiB,0CAAE,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;oBAC1D,CAAC;yBAAM,CAAC;wBACJ,IAAI,KAAK,GAA4B,wBAAe,CAAC,mBAAmB,CAAC;wBACzE,IAAI,gBAAgB,GAAG,EAAE,CAAA;wBACzB,IAAI,CAAC,QAAQ,EAAE,CAAC;4BACZ,KAAK,GAAI,wBAAe,CAAC,eAAe,CAAA;4BACxC,gBAAgB,GAAG,kDAAkD,CAAA;wBACzE,CAAC;6BAAM,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,KAAK,QAAQ,CAAC,EAAE,CAAC;4BACvF,KAAK,GAAI,wBAAe,CAAC,eAAe,CAAA;4BACxC,gBAAgB,GAAG,sDAAsD,CAAA;wBAC7E,CAAC;wBACD,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAC/E,CAAC;gBACL,CAAC,CAAA;aACJ,CAAA;YAED,8DAA8D;YAC9D,OAAO,EAAE,CAAC,MAAM,CAAC,OAAuB,EAAE,CAAyB,CAAC,CAAA;QACxE,CAAC;KAAA;IAED,IAAI;;QACA,MAAM,IAAI,GAAG,IAAI,8BAAU,CAAC,IAAI,CAAC,YAAY,CAAC;aACzC,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,6BAAS,CAAC,yBAAyB,CAAC,CAAC,CAAC,6BAAS,CAAC,iBAAiB,CAAC;aACnG,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;aACjC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC;aACxC,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QAEnD,MAAM,SAAS,GAAG,IAAI,CAAC,2BAA2B,EAAE,CAAA;QAEpD,IAAI,SAAS,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3C,IAAI,CAAC,uBAAuB,CAAC,wCAAoB,CAAC,IAAI,CAAC,CAAA;QAC3D,CAAC;aAAM,IACH,SAAS,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAC3C,CAAC;YACC,IAAI,CAAC,uBAAuB,CAAC,wCAAoB,CAAC,MAAM,CAAC,CAAA;QAC7D,CAAC;QAED,IAAI,MAAA,IAAI,CAAC,iBAAiB,0CAAE,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAA;QACnD,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QACzC,CAAC;QAED,OAAO,IAAI,CAAA;IACf,CAAC;IAED,aAAa,CAAC,CAAa;;QACvB,8DAA8D;QAC9D,MAAM,aAAa,GAAsB;YACrC,OAAO,EAAE;gBACL,KAAK,EAAE;oBACH,IAAI,EAAE,KAAK;iBACd;aACJ;SACJ,CAAC;QAEF,gBAAgB;QAChB,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAA;QAErC,QAAQ;QACR,CAAC;aACI,KAAK,CAAC;YACH,OAAO,EAAE,aAAa;YACtB,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI;YAC1B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,CAAO,GAAG,EAAE,CAAC,EAAE,EAAE;;gBACtB,IAAI,GAAG,CAAC,OAAO,CAAC,UAAU,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;oBAC5C,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;gBAC5C,CAAC;qBAAM,IACH,GAAG,CAAC,OAAO,CAAC,UAAU,KAAK,eAAe;oBAC1C,CAAA,MAAA,IAAI,CAAC,iBAAiB,0CAAE,IAAI,KAAI,IAAI,CAAC,UAAU,CAAC,IAAI,EACtD,CAAC;oBACC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;oBAEvD,IAAI,MAAM,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC;wBACxB,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,wBAAe,CAAC,aAAa,EAAE,iBAAiB,EAAE,yCAAyC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBACvI,CAAC;oBAED,OAAO,MAAM,CAAA;gBACjB,CAAC;gBACD,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,wBAAe,CAAC,sBAAsB,EAAE,iBAAiB,EAAE,8CAA8C,GAAG,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAC/K,CAAC,CAAA;SACJ,CAAC,CAAA;QAEN,eAAe;QACf,IAAI,CAAA,MAAA,IAAI,CAAC,iBAAiB,0CAAE,IAAI,KAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;YACtF,CAAC,CAAC,KAAK,CAEJ;gBACC,OAAO,EAAE,aAAa;gBACtB,IAAI,EAAE,IAAI,CAAC,iBAAiB,CAAC,IAAI;gBACjC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,CAAO,GAAG,EAAE,CAAC,EAAE,EAAE;oBACtB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;oBAEvD,IAAI,MAAM,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC;wBACxB,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,wBAAe,CAAC,aAAa,EAAE,iBAAiB,EAAE,yCAAyC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBACvI,CAAC;oBAED,OAAO,MAAM,CAAA;gBACjB,CAAC,CAAA;aACJ,CAAC,CAAA;QACN,CAAC;QAED,OAAO;QACP,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAA;IAC9B,CAAC;CAEJ;AA/aD,0DA+aC;AASD,MAAa,qBAAsB,SAAQ,uBAAuB;IAG9D,YAAY,MAAgC;QACxC,KAAK,CAAC,MAAM,CAAC,CAAC;QAHR,wBAAmB,GAA4B,EAAE,CAAA;QAKvD,IAAI,MAAM,CAAC,mBAAmB;YAC1B,IAAI,CAAC,mBAAmB,GAAG,MAAM,CAAC,mBAAmB,CAAA;IAC7D,CAAC;IAED,yBAAyB,CAAC,CAAa;;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,2BAA2B,EAAE,CAAC;QACrD,MAAM,IAAI,GAAG,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,OAAO,GAAG,CAAC,CAAC,KAAI,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;QAEtC,MAAM,qBAAqB,GAAkD;YACzE,MAAM,EAAE,IAAI;YACZ,sBAAsB,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE;YAChE,cAAc,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;YAChD,QAAQ,EAAE,CAAA,MAAA,IAAI,CAAC,SAAS,0CAAE,IAAI,EAAC,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;YAC5E,gBAAgB,EAAE;gBACd,KAAK;gBACL,KAAK;gBACL,KAAK;gBACL,KAAK;gBACL,KAAK;aACR;YACD,qBAAqB,EAAE;gBACnB,6BAAS,CAAC,iBAAiB;aAC9B;YACD,wBAAwB,EAAE,CAAC,MAAM,CAAC;YAClC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YACrC,uBAAuB,EAAE;gBACrB,QAAQ;aACX;YACD,qCAAqC,EAAE;gBACnC,OAAO;aACV;YACD,qCAAqC,EAAE,SAAS;SACnD,CAAA;QAED,IAAI,MAAA,MAAA,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,0CAAE,UAAU,0CAAE,MAAM,EAAE,CAAC;YAC/D,qBAAqB,CAAC,gDAAgD,GAAG,qBAAqB,CAAC,gDAAgD,IAAI,EAAE,CAAA;YACrJ,qBAAqB,CAAC,gDAAgD,GAAG;gBACrE,GAAG,qBAAqB,CAAC,gDAAgD;gBACzE,GAAG,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,UAAU;aACzD,CAAA;QACL,CAAC;QACD,IAAI,MAAA,MAAA,IAAI,CAAC,iBAAiB,CAAC,eAAe,0CAAE,UAAU,0CAAE,MAAM,EAAE,CAAC;YAC7D,qBAAqB,CAAC,gDAAgD,GAAG,qBAAqB,CAAC,gDAAgD,IAAI,EAAE,CAAA;YACrJ,qBAAqB,CAAC,gDAAgD,GAAG;gBACrE,GAAG,qBAAqB,CAAC,gDAAgD;gBACzE,GAAG,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,UAAU;aACvD,CAAA;QACL,CAAC;QAED,uCAAY,qBAAqB,GAAK,IAAI,CAAC,mBAAmB,EAAE;IACpE,CAAC;IAGD,aAAa,CAAC,CAAa;QACvB,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAEvB,MAAM,sBAAsB,GAAG,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC;QAEjE,CAAC,CAAC,KAAK,CAAC;YACJ,IAAI,EAAE,mCAAmC;YACzC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACL,OAAO,EAAE;oBACL,KAAK,EAAE;wBACH,IAAI,EAAE,KAAK;qBACd;iBACJ;aACJ;YACD,OAAO,EAAE,GAAG,EAAE;gBACV,OAAO,sBAAsB,CAAA;YACjC,CAAC;SACJ,CAAC,CAAA;IACN,CAAC;CAEJ;AAjFD,sDAiFC;AAmBD,MAAa,8BAA8B;IAgBvC,YAAY,MAAyC;QAR3C,sBAAiB,GAAkE;YACzF,mBAAmB,EAAE,SAAS;YAC9B,kBAAkB,EAAE,SAAS;YAC7B,iBAAiB,EAAE,SAAS;YAC5B,eAAe,EAAE,SAAS;YAC1B,IAAI,EAAE,SAAS;SAClB,CAAA;QAGG,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACxB,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,MAAmD;QAC7D,MAAM,cAAc,mBAChB,kBAAkB,EAAE,MAAM,IAAI,MAAM,CAAC,kBAAkB,IAAI,gDAA0B,CAAC,YAAY,EAAE,EACpG,UAAU,EAAE,MAAM,IAAI,MAAM,CAAC,UAAU,IAAI,gCAAkB,CAAC,YAAY,EAAE,IACzE,CAAC,MAAM,IAAI,EAAE,CAAC,CACpB,CAAC;QACF,OAAO,IAAI,8BAA8B,CAAC,cAAc,CAAC,CAAA;IAC7D,CAAC;IAED,KAAK;QACD,MAAM,MAAM,GAAG,IAAI,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAEvD,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAEjC,IAAI,OAAO,IAAI,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;YAC1C,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAC3C,CAAC;QACD,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACrC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACjC,CAAC;QACD,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC;YACxC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACvC,CAAC;QACD,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACzD,IAAI,MAAM,EAAE,CAAC;gBACT,MAAM,CAAC,6BAA6B,CAAC,MAAM,CAAC,CAAA;YAChD,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAA;IACjB,CAAC;IAED,WAAW,CAAC,UAAmB;QAC3B,IAAI,CAAC,QAAQ,GAAG,UAAU,CAAA;QAC1B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,cAAc,CAAC,WAAmB;QAC9B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,SAAS,CAAC,MAA8B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,YAAY,CAAuC,KAAsB;QACrE,IAAI,CAAC,SAAS,GAAG,KAAK,CAAA;QACtB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,6BAA6B,CAAC,KAA+E;QACzG,IAAI,KAAK,IAAI,qBAAqB,EAAE,CAAC;YACjC,IAAI,CAAC,iBAAiB,CAAC,mBAAmB,GAAG,IAAI,uCAAiB,EAAE,CAAA;QACxE,CAAC;aAAM,IAAI,KAAK,IAAI,oBAAoB,EAAE,CAAC;YACvC,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,GAAG,IAAI,sCAAgB,EAAE,CAAA;QACtE,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YACzB,IAAI,CAAC,iBAAiB,CAAC,IAAI,GAAG,IAAI,oCAAc,EAAE,CAAA;QACtD,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;QAChD,CAAC;QACD,OAAO,IAAI,CAAA;IACf,CAAC;IAED,YAAY,CAAC,IAAY;QACrB,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,IAAI,CAAA;QAC/B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,eAAe,CAAC,QAAsB;QAClC,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAA;QACvD,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,GAAG,QAAQ,CAAA;QAC3C,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;OAGG;IACH,kBAAkB,CAAC,GAAW;QAC1B,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAA;QACvD,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,GAAG,GAAG,CAAA;QACjC,OAAO,IAAI,CAAA;IACf,CAAC;IAED,qBAAqB,CAAC,kBAAiD;QACnE,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAA;QACvD,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,GAAG,kBAAkB,CAAA;QACrD,OAAO,IAAI,CAAA;IACf,CAAC;IAED,QAAQ,CAAuC,OAA4C;QACvF,IAAI,CAAC,MAAM,CAAC,OAAO,mCAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,KAAE,QAAQ,EAAE,OAAO,GAAE,CAAA;QAC3E,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,MAAe;QAC9B,IAAI,CAAC,MAAM,CAAC,OAAO,mCAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,KAAE,kBAAkB,EAAE,MAAM,GAAE,CAAA;QACpF,OAAO,IAAI,CAAA;IACf,CAAC;IAED,SAAS,CAAuC,OAAgD;QAC5F,IAAI,CAAC,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,kBAAS,CAAC,YAAY,EAAE,CAAC;QAC1E,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAC9B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,kBAAkB,CAGhB,OAA8E;QAC5E,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAA;QACvC,OAAO,IAAI,CAAA;IACf,CAAC;IAED,UAAU,CAAuC,OAAyD;QACtG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;QAC/B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,iBAAiB,CAAuC,OAA8D;QAClH,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,gCAAuB,CAAC,YAAY,EAAE,CAAC;QACxG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAA;QACtC,OAAO,IAAI,CAAA;IACf,CAAC;CACJ;AApJD,wEAoJC;AAaD,MAAa,4BAA6B,SAAQ,8BAA8B;IAI5E,YAAY,MAAuC;QAC/C,KAAK,CAAC,MAAM,CAAC,CAAC;QAHR,wBAAmB,GAA4B,EAAE,CAAA;IAI3D,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,MAAiD;QAC3D,MAAM,cAAc,mBAChB,kBAAkB,EAAE,MAAM,IAAI,MAAM,CAAC,kBAAkB,IAAI,gDAA0B,CAAC,YAAY,EAAE,EACpG,UAAU,EAAE,MAAM,IAAI,MAAM,CAAC,UAAU,IAAI,gCAAkB,CAAC,YAAY,EAAE,IACzE,CAAC,MAAM,IAAI,EAAE,CAAC,CACpB,CAAC;QACF,OAAO,IAAI,4BAA4B,CAAC,cAAc,CAAC,CAAA;IAC3D,CAAC;IAED,uBAAuB,CAAC,mBAA4C;QAChE,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAA;QAC9C,OAAO,IAAI,CAAA;IACf,CAAC;IAED,KAAK;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,CAAC,SAAS,GAAG,kBAAS,CAAC,YAAY,EAAE,CAAA;QACpD,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,qBAAqB,iCAAM,IAAI,CAAC,MAAM,KAAE,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAG,CAAA;QAE3G,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAEjC,IAAI,OAAO,IAAI,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;YAC1C,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAC3C,CAAC;QACD,MAAM,CAAC,SAAS,iBACZ,MAAM,EAAE,uBAAuB,IAC5B,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,EACxB,CAAC;QACH,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC;YACxC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACvC,CAAC;QACD,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACzD,IAAI,MAAM,EAAE,CAAC;gBACT,MAAM,CAAC,6BAA6B,CAAC,MAAM,CAAC,CAAA;YAChD,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;CACJ;AAjDD,oEAiDC;AAED,yBAAyB"}