@kuadrant/kuadrant-backstage-plugin-backend 0.0.2-dev-21b2773 → 0.0.2-dev-79ae340
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -93,8 +93,8 @@ class APIProductEntityProvider {
|
|
|
93
93
|
"kuadrant.io/apiproduct": name,
|
|
94
94
|
// add httproute annotation if we can infer it (usually same as apiproduct name without -api suffix)
|
|
95
95
|
"kuadrant.io/httproute": name.endsWith("-api") ? name.slice(0, -4) : name,
|
|
96
|
-
...product.spec.documentation?.
|
|
97
|
-
"kuadrant.io/openapi-spec-url": product.spec.documentation.
|
|
96
|
+
...product.spec.documentation?.openAPISpecURL && {
|
|
97
|
+
"kuadrant.io/openapi-spec-url": product.spec.documentation.openAPISpecURL
|
|
98
98
|
},
|
|
99
99
|
...product.spec.documentation?.docsURL && {
|
|
100
100
|
"kuadrant.io/docs-url": product.spec.documentation.docsURL
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"APIProductEntityProvider.cjs.js","sources":["../../src/providers/APIProductEntityProvider.ts"],"sourcesContent":["import { ApiEntity } from '@backstage/catalog-model';\nimport { EntityProvider, EntityProviderConnection } from '@backstage/plugin-catalog-node';\nimport { RootConfigService } from '@backstage/backend-plugin-api';\nimport { KuadrantK8sClient } from '../k8s-client';\n\ninterface APIProduct {\n apiVersion: string;\n kind: string;\n metadata: {\n name: string;\n namespace: string;\n uid: string;\n resourceVersion: string;\n creationTimestamp: string;\n annotations?: Record<string, string>;\n labels?: Record<string, string>;\n };\n spec: {\n displayName?: string;\n description?: string;\n version?: string;\n tags?: string[];\n publishStatus?: 'Draft' | 'Published';\n plans?: Array<{\n tier: string;\n description?: string;\n limits?: any;\n }>;\n planPolicyRef?: {\n name: string;\n namespace: string;\n };\n documentation?: {\n openAPISpec?: string;\n docsURL?: string;\n gitRepository?: string;\n techdocsRef?: string;\n };\n contact?: {\n team?: string;\n email?: string;\n slack?: string;\n };\n };\n status: {\n openapi?: {\n raw?: string;\n lastSyncTime?: string;\n };\n }\n}\n\nexport class APIProductEntityProvider implements EntityProvider {\n private readonly k8sClient: KuadrantK8sClient;\n private connection?: EntityProviderConnection;\n private readonly providerId = 'kuadrant-apiproduct-provider';\n\n constructor(config: RootConfigService) {\n console.log('apiproduct provider: constructor called');\n this.k8sClient = new KuadrantK8sClient(config);\n }\n\n getProviderName(): string {\n return this.providerId;\n }\n\n async connect(connection: EntityProviderConnection): Promise<void> {\n console.log('apiproduct provider: connect called');\n this.connection = connection;\n\n console.log('apiproduct provider: starting initial sync');\n // initial full sync\n await this.refresh();\n\n // schedule periodic refresh (every 30 seconds for development)\n // note: in production, consider 5-10 minutes to reduce api load\n console.log('apiproduct provider: scheduling periodic refresh every 30 seconds');\n setInterval(async () => {\n await this.refresh();\n }, 30 * 1000);\n }\n\n public async refresh(): Promise<void> {\n console.log('apiproduct provider: refresh called');\n if (!this.connection) {\n console.log('apiproduct provider: no connection, skipping refresh');\n return;\n }\n\n try {\n console.log('apiproduct provider: fetching apiproducts from kubernetes');\n // fetch all apiproducts from kubernetes\n const response = await this.k8sClient.listCustomResources(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n 'apiproducts'\n );\n\n const apiProducts = (response.items || []) as APIProduct[];\n console.log(`apiproduct provider: found ${apiProducts.length} apiproducts`);\n\n // filter out Draft API products - only include Published ones\n const publishedProducts = apiProducts.filter(product => {\n const publishStatus = product.spec.publishStatus || 'Draft'; // default to Draft if not specified\n return publishStatus === 'Published';\n });\n console.log(`apiproduct provider: filtered to ${publishedProducts.length} published apiproducts (${apiProducts.length - publishedProducts.length} drafts excluded)`);\n\n // transform apiproducts to backstage api entities\n const entities = publishedProducts\n .map(product => this.transformToEntity(product))\n .filter((entity): entity is ApiEntity => entity !== null);\n console.log(`apiproduct provider: transformed ${entities.length} entities`);\n\n // submit entities to catalog\n console.log('apiproduct provider: submitting entities to catalog');\n await this.connection.applyMutation({\n type: 'full',\n entities: entities.map(entity => ({\n entity,\n locationKey: `kuadrant-apiproduct:${entity.metadata.namespace}/${entity.metadata.name}`,\n })),\n });\n\n console.log(`apiproduct provider: synced ${entities.length} api products`);\n } catch (error) {\n console.error('error refreshing apiproduct entities:', error);\n }\n }\n\n private transformToEntity(product: APIProduct): ApiEntity | null {\n const namespace = product.metadata.namespace || 'default';\n const name = product.metadata.name;\n const displayName = product.spec.displayName || name;\n const description = product.spec.description || `api product: ${displayName}`;\n\n // determine lifecycle from labels or default to production\n const lifecycle = product.metadata.labels?.lifecycle || 'production';\n\n // owner must be set via backstage ownership annotation\n // if missing, skip this apiproduct (created outside backstage or invalid)\n const owner = product.metadata.annotations?.['backstage.io/owner'];\n if (!owner) {\n console.warn(`apiproduct ${namespace}/${name} has no backstage.io/owner annotation, skipping catalog sync`);\n return null;\n }\n\n // build tags from product tags\n const tags = product.spec.tags || [];\n\n // OpenAPI spec URL\n const definition = product.status?.openapi?.raw ? `${product.status.openapi.raw}`\n : `# no openapi spec configured\n openapi: 3.0.0\n info:\n title: ${displayName}\n version: ${product.spec.version || '1.0.0'}\n description: ${description}\n `;\n\n // create entity with proper backstage structure\n const entity: ApiEntity = {\n apiVersion: 'backstage.io/v1alpha1',\n kind: 'API',\n metadata: {\n name: `${name}`,\n namespace: 'default',\n title: displayName,\n description,\n annotations: {\n 'backstage.io/managed-by-location': `kuadrant:${namespace}/${name}`,\n 'backstage.io/managed-by-origin-location': `kuadrant:${namespace}/${name}`,\n 'backstage.io/orphan-strategy': 'keep',\n 'kuadrant.io/namespace': namespace,\n 'kuadrant.io/apiproduct': name,\n // add httproute annotation if we can infer it (usually same as apiproduct name without -api suffix)\n 'kuadrant.io/httproute': name.endsWith('-api') ? name.slice(0, -4) : name,\n ...(product.spec.documentation?.openAPISpec && {\n 'kuadrant.io/openapi-spec-url': product.spec.documentation.openAPISpec,\n }),\n ...(product.spec.documentation?.docsURL && {\n 'kuadrant.io/docs-url': product.spec.documentation.docsURL,\n }),\n ...(product.spec.documentation?.gitRepository && {\n 'backstage.io/source-location': `url:${product.spec.documentation.gitRepository}`,\n }),\n ...(product.spec.documentation?.techdocsRef && {\n 'backstage.io/techdocs-ref': product.spec.documentation.techdocsRef,\n }),\n ...(product.spec.contact?.email && {\n 'kuadrant.io/contact-email': product.spec.contact.email,\n }),\n ...(product.spec.contact?.slack && {\n 'kuadrant.io/contact-slack': product.spec.contact.slack,\n }),\n },\n tags: [...tags, 'kuadrant', 'apiproduct'],\n labels: {\n 'kuadrant.io/synced': 'true',\n ...(product.metadata.labels || {}),\n },\n },\n spec: {\n type: 'openapi',\n lifecycle,\n owner,\n definition: definition,\n },\n };\n\n return entity;\n }\n}\n"],"names":["KuadrantK8sClient"],"mappings":";;;;AAoDO,MAAM,wBAAmD,CAAA;AAAA,EAC7C,SAAA;AAAA,EACT,UAAA;AAAA,EACS,UAAa,GAAA,8BAAA;AAAA,EAE9B,YAAY,MAA2B,EAAA;AACrC,IAAA,OAAA,CAAQ,IAAI,yCAAyC,CAAA;AACrD,IAAK,IAAA,CAAA,SAAA,GAAY,IAAIA,2BAAA,CAAkB,MAAM,CAAA;AAAA;AAC/C,EAEA,eAA0B,GAAA;AACxB,IAAA,OAAO,IAAK,CAAA,UAAA;AAAA;AACd,EAEA,MAAM,QAAQ,UAAqD,EAAA;AACjE,IAAA,OAAA,CAAQ,IAAI,qCAAqC,CAAA;AACjD,IAAA,IAAA,CAAK,UAAa,GAAA,UAAA;AAElB,IAAA,OAAA,CAAQ,IAAI,4CAA4C,CAAA;AAExD,IAAA,MAAM,KAAK,OAAQ,EAAA;AAInB,IAAA,OAAA,CAAQ,IAAI,mEAAmE,CAAA;AAC/E,IAAA,WAAA,CAAY,YAAY;AACtB,MAAA,MAAM,KAAK,OAAQ,EAAA;AAAA,KACrB,EAAG,KAAK,GAAI,CAAA;AAAA;AACd,EAEA,MAAa,OAAyB,GAAA;AACpC,IAAA,OAAA,CAAQ,IAAI,qCAAqC,CAAA;AACjD,IAAI,IAAA,CAAC,KAAK,UAAY,EAAA;AACpB,MAAA,OAAA,CAAQ,IAAI,sDAAsD,CAAA;AAClE,MAAA;AAAA;AAGF,IAAI,IAAA;AACF,MAAA,OAAA,CAAQ,IAAI,2DAA2D,CAAA;AAEvE,MAAM,MAAA,QAAA,GAAW,MAAM,IAAA,CAAK,SAAU,CAAA,mBAAA;AAAA,QACpC,uBAAA;AAAA,QACA,UAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAM,MAAA,WAAA,GAAe,QAAS,CAAA,KAAA,IAAS,EAAC;AACxC,MAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,2BAAA,EAA8B,WAAY,CAAA,MAAM,CAAc,YAAA,CAAA,CAAA;AAG1E,MAAM,MAAA,iBAAA,GAAoB,WAAY,CAAA,MAAA,CAAO,CAAW,OAAA,KAAA;AACtD,QAAM,MAAA,aAAA,GAAgB,OAAQ,CAAA,IAAA,CAAK,aAAiB,IAAA,OAAA;AACpD,QAAA,OAAO,aAAkB,KAAA,WAAA;AAAA,OAC1B,CAAA;AACD,MAAQ,OAAA,CAAA,GAAA,CAAI,oCAAoC,iBAAkB,CAAA,MAAM,2BAA2B,WAAY,CAAA,MAAA,GAAS,iBAAkB,CAAA,MAAM,CAAmB,iBAAA,CAAA,CAAA;AAGnK,MAAA,MAAM,QAAW,GAAA,iBAAA,CACd,GAAI,CAAA,CAAA,OAAA,KAAW,IAAK,CAAA,iBAAA,CAAkB,OAAO,CAAC,CAC9C,CAAA,MAAA,CAAO,CAAC,MAAA,KAAgC,WAAW,IAAI,CAAA;AAC1D,MAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,iCAAA,EAAoC,QAAS,CAAA,MAAM,CAAW,SAAA,CAAA,CAAA;AAG1E,MAAA,OAAA,CAAQ,IAAI,qDAAqD,CAAA;AACjE,MAAM,MAAA,IAAA,CAAK,WAAW,aAAc,CAAA;AAAA,QAClC,IAAM,EAAA,MAAA;AAAA,QACN,QAAA,EAAU,QAAS,CAAA,GAAA,CAAI,CAAW,MAAA,MAAA;AAAA,UAChC,MAAA;AAAA,UACA,WAAA,EAAa,uBAAuB,MAAO,CAAA,QAAA,CAAS,SAAS,CAAI,CAAA,EAAA,MAAA,CAAO,SAAS,IAAI,CAAA;AAAA,SACrF,CAAA;AAAA,OACH,CAAA;AAED,MAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,4BAAA,EAA+B,QAAS,CAAA,MAAM,CAAe,aAAA,CAAA,CAAA;AAAA,aAClE,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,yCAAyC,KAAK,CAAA;AAAA;AAC9D;AACF,EAEQ,kBAAkB,OAAuC,EAAA;AAC/D,IAAM,MAAA,SAAA,GAAY,OAAQ,CAAA,QAAA,CAAS,SAAa,IAAA,SAAA;AAChD,IAAM,MAAA,IAAA,GAAO,QAAQ,QAAS,CAAA,IAAA;AAC9B,IAAM,MAAA,WAAA,GAAc,OAAQ,CAAA,IAAA,CAAK,WAAe,IAAA,IAAA;AAChD,IAAA,MAAM,WAAc,GAAA,OAAA,CAAQ,IAAK,CAAA,WAAA,IAAe,gBAAgB,WAAW,CAAA,CAAA;AAG3E,IAAA,MAAM,SAAY,GAAA,OAAA,CAAQ,QAAS,CAAA,MAAA,EAAQ,SAAa,IAAA,YAAA;AAIxD,IAAA,MAAM,KAAQ,GAAA,OAAA,CAAQ,QAAS,CAAA,WAAA,GAAc,oBAAoB,CAAA;AACjE,IAAA,IAAI,CAAC,KAAO,EAAA;AACV,MAAA,OAAA,CAAQ,IAAK,CAAA,CAAA,WAAA,EAAc,SAAS,CAAA,CAAA,EAAI,IAAI,CAA8D,4DAAA,CAAA,CAAA;AAC1G,MAAO,OAAA,IAAA;AAAA;AAIT,IAAA,MAAM,IAAO,GAAA,OAAA,CAAQ,IAAK,CAAA,IAAA,IAAQ,EAAC;AAGnC,IAAM,MAAA,UAAA,GAAa,OAAQ,CAAA,MAAA,EAAQ,OAAS,EAAA,GAAA,GAAM,GAAG,OAAQ,CAAA,MAAA,CAAO,OAAQ,CAAA,GAAG,CAC3E,CAAA,GAAA,CAAA;AAAA;AAAA;AAAA,eAAA,EAGS,WAAW;AAAA,iBACT,EAAA,OAAA,CAAQ,IAAK,CAAA,OAAA,IAAW,OAAO;AAAA,qBAAA,EAC3B,WAAW;AAAA,IAAA,CAAA;AAI9B,IAAA,MAAM,MAAoB,GAAA;AAAA,MACxB,UAAY,EAAA,uBAAA;AAAA,MACZ,IAAM,EAAA,KAAA;AAAA,MACN,QAAU,EAAA;AAAA,QACR,IAAA,EAAM,GAAG,IAAI,CAAA,CAAA;AAAA,QACb,SAAW,EAAA,SAAA;AAAA,QACX,KAAO,EAAA,WAAA;AAAA,QACP,WAAA;AAAA,QACA,WAAa,EAAA;AAAA,UACX,kCAAoC,EAAA,CAAA,SAAA,EAAY,SAAS,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAAA,UACjE,yCAA2C,EAAA,CAAA,SAAA,EAAY,SAAS,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAAA,UACxE,8BAAgC,EAAA,MAAA;AAAA,UAChC,uBAAyB,EAAA,SAAA;AAAA,UACzB,wBAA0B,EAAA,IAAA;AAAA;AAAA,UAE1B,uBAAA,EAAyB,KAAK,QAAS,CAAA,MAAM,IAAI,IAAK,CAAA,KAAA,CAAM,CAAG,EAAA,EAAE,CAAI,GAAA,IAAA;AAAA,UACrE,GAAI,OAAA,CAAQ,IAAK,CAAA,aAAA,EAAe,WAAe,IAAA;AAAA,YAC7C,8BAAA,EAAgC,OAAQ,CAAA,IAAA,CAAK,aAAc,CAAA;AAAA,WAC7D;AAAA,UACA,GAAI,OAAA,CAAQ,IAAK,CAAA,aAAA,EAAe,OAAW,IAAA;AAAA,YACzC,sBAAA,EAAwB,OAAQ,CAAA,IAAA,CAAK,aAAc,CAAA;AAAA,WACrD;AAAA,UACA,GAAI,OAAA,CAAQ,IAAK,CAAA,aAAA,EAAe,aAAiB,IAAA;AAAA,YAC/C,8BAAgC,EAAA,CAAA,IAAA,EAAO,OAAQ,CAAA,IAAA,CAAK,cAAc,aAAa,CAAA;AAAA,WACjF;AAAA,UACA,GAAI,OAAA,CAAQ,IAAK,CAAA,aAAA,EAAe,WAAe,IAAA;AAAA,YAC7C,2BAAA,EAA6B,OAAQ,CAAA,IAAA,CAAK,aAAc,CAAA;AAAA,WAC1D;AAAA,UACA,GAAI,OAAA,CAAQ,IAAK,CAAA,OAAA,EAAS,KAAS,IAAA;AAAA,YACjC,2BAAA,EAA6B,OAAQ,CAAA,IAAA,CAAK,OAAQ,CAAA;AAAA,WACpD;AAAA,UACA,GAAI,OAAA,CAAQ,IAAK,CAAA,OAAA,EAAS,KAAS,IAAA;AAAA,YACjC,2BAAA,EAA6B,OAAQ,CAAA,IAAA,CAAK,OAAQ,CAAA;AAAA;AACpD,SACF;AAAA,QACA,IAAM,EAAA,CAAC,GAAG,IAAA,EAAM,YAAY,YAAY,CAAA;AAAA,QACxC,MAAQ,EAAA;AAAA,UACN,oBAAsB,EAAA,MAAA;AAAA,UACtB,GAAI,OAAA,CAAQ,QAAS,CAAA,MAAA,IAAU;AAAC;AAClC,OACF;AAAA,MACA,IAAM,EAAA;AAAA,QACJ,IAAM,EAAA,SAAA;AAAA,QACN,SAAA;AAAA,QACA,KAAA;AAAA,QACA;AAAA;AACF,KACF;AAEA,IAAO,OAAA,MAAA;AAAA;AAEX;;;;"}
|
|
1
|
+
{"version":3,"file":"APIProductEntityProvider.cjs.js","sources":["../../src/providers/APIProductEntityProvider.ts"],"sourcesContent":["import { ApiEntity } from '@backstage/catalog-model';\nimport { EntityProvider, EntityProviderConnection } from '@backstage/plugin-catalog-node';\nimport { RootConfigService } from '@backstage/backend-plugin-api';\nimport { KuadrantK8sClient } from '../k8s-client';\n\ninterface APIProduct {\n apiVersion: string;\n kind: string;\n metadata: {\n name: string;\n namespace: string;\n uid: string;\n resourceVersion: string;\n creationTimestamp: string;\n annotations?: Record<string, string>;\n labels?: Record<string, string>;\n };\n spec: {\n displayName: string;\n description?: string;\n version?: string;\n tags?: string[];\n targetRef: {\n group: string;\n kind: string;\n name: string;\n };\n approvalMode: 'automatic' | 'manual';\n publishStatus: 'Draft' | 'Published';\n documentation?: {\n openAPISpecURL?: string;\n docsURL?: string;\n gitRepository?: string;\n techdocsRef?: string;\n };\n contact?: {\n team?: string;\n email?: string;\n slack?: string;\n };\n };\n status?: {\n discoveredPlans?: Array<{\n tier: string;\n limits?: any;\n }>;\n openapi?: {\n raw?: string;\n lastSyncTime?: string;\n };\n };\n}\n\nexport class APIProductEntityProvider implements EntityProvider {\n private readonly k8sClient: KuadrantK8sClient;\n private connection?: EntityProviderConnection;\n private readonly providerId = 'kuadrant-apiproduct-provider';\n\n constructor(config: RootConfigService) {\n console.log('apiproduct provider: constructor called');\n this.k8sClient = new KuadrantK8sClient(config);\n }\n\n getProviderName(): string {\n return this.providerId;\n }\n\n async connect(connection: EntityProviderConnection): Promise<void> {\n console.log('apiproduct provider: connect called');\n this.connection = connection;\n\n console.log('apiproduct provider: starting initial sync');\n // initial full sync\n await this.refresh();\n\n // schedule periodic refresh (every 30 seconds for development)\n // note: in production, consider 5-10 minutes to reduce api load\n console.log('apiproduct provider: scheduling periodic refresh every 30 seconds');\n setInterval(async () => {\n await this.refresh();\n }, 30 * 1000);\n }\n\n public async refresh(): Promise<void> {\n console.log('apiproduct provider: refresh called');\n if (!this.connection) {\n console.log('apiproduct provider: no connection, skipping refresh');\n return;\n }\n\n try {\n console.log('apiproduct provider: fetching apiproducts from kubernetes');\n // fetch all apiproducts from kubernetes\n const response = await this.k8sClient.listCustomResources(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n 'apiproducts'\n );\n\n const apiProducts = (response.items || []) as APIProduct[];\n console.log(`apiproduct provider: found ${apiProducts.length} apiproducts`);\n\n // filter out Draft API products - only include Published ones\n const publishedProducts = apiProducts.filter(product => {\n const publishStatus = product.spec.publishStatus || 'Draft'; // default to Draft if not specified\n return publishStatus === 'Published';\n });\n console.log(`apiproduct provider: filtered to ${publishedProducts.length} published apiproducts (${apiProducts.length - publishedProducts.length} drafts excluded)`);\n\n // transform apiproducts to backstage api entities\n const entities = publishedProducts\n .map(product => this.transformToEntity(product))\n .filter((entity): entity is ApiEntity => entity !== null);\n console.log(`apiproduct provider: transformed ${entities.length} entities`);\n\n // submit entities to catalog\n console.log('apiproduct provider: submitting entities to catalog');\n await this.connection.applyMutation({\n type: 'full',\n entities: entities.map(entity => ({\n entity,\n locationKey: `kuadrant-apiproduct:${entity.metadata.namespace}/${entity.metadata.name}`,\n })),\n });\n\n console.log(`apiproduct provider: synced ${entities.length} api products`);\n } catch (error) {\n console.error('error refreshing apiproduct entities:', error);\n }\n }\n\n private transformToEntity(product: APIProduct): ApiEntity | null {\n const namespace = product.metadata.namespace || 'default';\n const name = product.metadata.name;\n const displayName = product.spec.displayName || name;\n const description = product.spec.description || `api product: ${displayName}`;\n\n // determine lifecycle from labels or default to production\n const lifecycle = product.metadata.labels?.lifecycle || 'production';\n\n // owner must be set via backstage ownership annotation\n // if missing, skip this apiproduct (created outside backstage or invalid)\n const owner = product.metadata.annotations?.['backstage.io/owner'];\n if (!owner) {\n console.warn(`apiproduct ${namespace}/${name} has no backstage.io/owner annotation, skipping catalog sync`);\n return null;\n }\n\n // build tags from product tags\n const tags = product.spec.tags || [];\n\n // OpenAPI spec URL\n const definition = product.status?.openapi?.raw ? `${product.status.openapi.raw}`\n : `# no openapi spec configured\n openapi: 3.0.0\n info:\n title: ${displayName}\n version: ${product.spec.version || '1.0.0'}\n description: ${description}\n `;\n\n // create entity with proper backstage structure\n const entity: ApiEntity = {\n apiVersion: 'backstage.io/v1alpha1',\n kind: 'API',\n metadata: {\n name: `${name}`,\n namespace: 'default',\n title: displayName,\n description,\n annotations: {\n 'backstage.io/managed-by-location': `kuadrant:${namespace}/${name}`,\n 'backstage.io/managed-by-origin-location': `kuadrant:${namespace}/${name}`,\n 'backstage.io/orphan-strategy': 'keep',\n 'kuadrant.io/namespace': namespace,\n 'kuadrant.io/apiproduct': name,\n // add httproute annotation if we can infer it (usually same as apiproduct name without -api suffix)\n 'kuadrant.io/httproute': name.endsWith('-api') ? name.slice(0, -4) : name,\n ...(product.spec.documentation?.openAPISpecURL && {\n 'kuadrant.io/openapi-spec-url': product.spec.documentation.openAPISpecURL,\n }),\n ...(product.spec.documentation?.docsURL && {\n 'kuadrant.io/docs-url': product.spec.documentation.docsURL,\n }),\n ...(product.spec.documentation?.gitRepository && {\n 'backstage.io/source-location': `url:${product.spec.documentation.gitRepository}`,\n }),\n ...(product.spec.documentation?.techdocsRef && {\n 'backstage.io/techdocs-ref': product.spec.documentation.techdocsRef,\n }),\n ...(product.spec.contact?.email && {\n 'kuadrant.io/contact-email': product.spec.contact.email,\n }),\n ...(product.spec.contact?.slack && {\n 'kuadrant.io/contact-slack': product.spec.contact.slack,\n }),\n },\n tags: [...tags, 'kuadrant', 'apiproduct'],\n labels: {\n 'kuadrant.io/synced': 'true',\n ...(product.metadata.labels || {}),\n },\n },\n spec: {\n type: 'openapi',\n lifecycle,\n owner,\n definition: definition,\n },\n };\n\n return entity;\n }\n}\n"],"names":["KuadrantK8sClient"],"mappings":";;;;AAqDO,MAAM,wBAAmD,CAAA;AAAA,EAC7C,SAAA;AAAA,EACT,UAAA;AAAA,EACS,UAAa,GAAA,8BAAA;AAAA,EAE9B,YAAY,MAA2B,EAAA;AACrC,IAAA,OAAA,CAAQ,IAAI,yCAAyC,CAAA;AACrD,IAAK,IAAA,CAAA,SAAA,GAAY,IAAIA,2BAAA,CAAkB,MAAM,CAAA;AAAA;AAC/C,EAEA,eAA0B,GAAA;AACxB,IAAA,OAAO,IAAK,CAAA,UAAA;AAAA;AACd,EAEA,MAAM,QAAQ,UAAqD,EAAA;AACjE,IAAA,OAAA,CAAQ,IAAI,qCAAqC,CAAA;AACjD,IAAA,IAAA,CAAK,UAAa,GAAA,UAAA;AAElB,IAAA,OAAA,CAAQ,IAAI,4CAA4C,CAAA;AAExD,IAAA,MAAM,KAAK,OAAQ,EAAA;AAInB,IAAA,OAAA,CAAQ,IAAI,mEAAmE,CAAA;AAC/E,IAAA,WAAA,CAAY,YAAY;AACtB,MAAA,MAAM,KAAK,OAAQ,EAAA;AAAA,KACrB,EAAG,KAAK,GAAI,CAAA;AAAA;AACd,EAEA,MAAa,OAAyB,GAAA;AACpC,IAAA,OAAA,CAAQ,IAAI,qCAAqC,CAAA;AACjD,IAAI,IAAA,CAAC,KAAK,UAAY,EAAA;AACpB,MAAA,OAAA,CAAQ,IAAI,sDAAsD,CAAA;AAClE,MAAA;AAAA;AAGF,IAAI,IAAA;AACF,MAAA,OAAA,CAAQ,IAAI,2DAA2D,CAAA;AAEvE,MAAM,MAAA,QAAA,GAAW,MAAM,IAAA,CAAK,SAAU,CAAA,mBAAA;AAAA,QACpC,uBAAA;AAAA,QACA,UAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAM,MAAA,WAAA,GAAe,QAAS,CAAA,KAAA,IAAS,EAAC;AACxC,MAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,2BAAA,EAA8B,WAAY,CAAA,MAAM,CAAc,YAAA,CAAA,CAAA;AAG1E,MAAM,MAAA,iBAAA,GAAoB,WAAY,CAAA,MAAA,CAAO,CAAW,OAAA,KAAA;AACtD,QAAM,MAAA,aAAA,GAAgB,OAAQ,CAAA,IAAA,CAAK,aAAiB,IAAA,OAAA;AACpD,QAAA,OAAO,aAAkB,KAAA,WAAA;AAAA,OAC1B,CAAA;AACD,MAAQ,OAAA,CAAA,GAAA,CAAI,oCAAoC,iBAAkB,CAAA,MAAM,2BAA2B,WAAY,CAAA,MAAA,GAAS,iBAAkB,CAAA,MAAM,CAAmB,iBAAA,CAAA,CAAA;AAGnK,MAAA,MAAM,QAAW,GAAA,iBAAA,CACd,GAAI,CAAA,CAAA,OAAA,KAAW,IAAK,CAAA,iBAAA,CAAkB,OAAO,CAAC,CAC9C,CAAA,MAAA,CAAO,CAAC,MAAA,KAAgC,WAAW,IAAI,CAAA;AAC1D,MAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,iCAAA,EAAoC,QAAS,CAAA,MAAM,CAAW,SAAA,CAAA,CAAA;AAG1E,MAAA,OAAA,CAAQ,IAAI,qDAAqD,CAAA;AACjE,MAAM,MAAA,IAAA,CAAK,WAAW,aAAc,CAAA;AAAA,QAClC,IAAM,EAAA,MAAA;AAAA,QACN,QAAA,EAAU,QAAS,CAAA,GAAA,CAAI,CAAW,MAAA,MAAA;AAAA,UAChC,MAAA;AAAA,UACA,WAAA,EAAa,uBAAuB,MAAO,CAAA,QAAA,CAAS,SAAS,CAAI,CAAA,EAAA,MAAA,CAAO,SAAS,IAAI,CAAA;AAAA,SACrF,CAAA;AAAA,OACH,CAAA;AAED,MAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,4BAAA,EAA+B,QAAS,CAAA,MAAM,CAAe,aAAA,CAAA,CAAA;AAAA,aAClE,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,yCAAyC,KAAK,CAAA;AAAA;AAC9D;AACF,EAEQ,kBAAkB,OAAuC,EAAA;AAC/D,IAAM,MAAA,SAAA,GAAY,OAAQ,CAAA,QAAA,CAAS,SAAa,IAAA,SAAA;AAChD,IAAM,MAAA,IAAA,GAAO,QAAQ,QAAS,CAAA,IAAA;AAC9B,IAAM,MAAA,WAAA,GAAc,OAAQ,CAAA,IAAA,CAAK,WAAe,IAAA,IAAA;AAChD,IAAA,MAAM,WAAc,GAAA,OAAA,CAAQ,IAAK,CAAA,WAAA,IAAe,gBAAgB,WAAW,CAAA,CAAA;AAG3E,IAAA,MAAM,SAAY,GAAA,OAAA,CAAQ,QAAS,CAAA,MAAA,EAAQ,SAAa,IAAA,YAAA;AAIxD,IAAA,MAAM,KAAQ,GAAA,OAAA,CAAQ,QAAS,CAAA,WAAA,GAAc,oBAAoB,CAAA;AACjE,IAAA,IAAI,CAAC,KAAO,EAAA;AACV,MAAA,OAAA,CAAQ,IAAK,CAAA,CAAA,WAAA,EAAc,SAAS,CAAA,CAAA,EAAI,IAAI,CAA8D,4DAAA,CAAA,CAAA;AAC1G,MAAO,OAAA,IAAA;AAAA;AAIT,IAAA,MAAM,IAAO,GAAA,OAAA,CAAQ,IAAK,CAAA,IAAA,IAAQ,EAAC;AAGnC,IAAM,MAAA,UAAA,GAAa,OAAQ,CAAA,MAAA,EAAQ,OAAS,EAAA,GAAA,GAAM,GAAG,OAAQ,CAAA,MAAA,CAAO,OAAQ,CAAA,GAAG,CAC3E,CAAA,GAAA,CAAA;AAAA;AAAA;AAAA,eAAA,EAGS,WAAW;AAAA,iBACT,EAAA,OAAA,CAAQ,IAAK,CAAA,OAAA,IAAW,OAAO;AAAA,qBAAA,EAC3B,WAAW;AAAA,IAAA,CAAA;AAI9B,IAAA,MAAM,MAAoB,GAAA;AAAA,MACxB,UAAY,EAAA,uBAAA;AAAA,MACZ,IAAM,EAAA,KAAA;AAAA,MACN,QAAU,EAAA;AAAA,QACR,IAAA,EAAM,GAAG,IAAI,CAAA,CAAA;AAAA,QACb,SAAW,EAAA,SAAA;AAAA,QACX,KAAO,EAAA,WAAA;AAAA,QACP,WAAA;AAAA,QACA,WAAa,EAAA;AAAA,UACX,kCAAoC,EAAA,CAAA,SAAA,EAAY,SAAS,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAAA,UACjE,yCAA2C,EAAA,CAAA,SAAA,EAAY,SAAS,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA;AAAA,UACxE,8BAAgC,EAAA,MAAA;AAAA,UAChC,uBAAyB,EAAA,SAAA;AAAA,UACzB,wBAA0B,EAAA,IAAA;AAAA;AAAA,UAE1B,uBAAA,EAAyB,KAAK,QAAS,CAAA,MAAM,IAAI,IAAK,CAAA,KAAA,CAAM,CAAG,EAAA,EAAE,CAAI,GAAA,IAAA;AAAA,UACrE,GAAI,OAAA,CAAQ,IAAK,CAAA,aAAA,EAAe,cAAkB,IAAA;AAAA,YAChD,8BAAA,EAAgC,OAAQ,CAAA,IAAA,CAAK,aAAc,CAAA;AAAA,WAC7D;AAAA,UACA,GAAI,OAAA,CAAQ,IAAK,CAAA,aAAA,EAAe,OAAW,IAAA;AAAA,YACzC,sBAAA,EAAwB,OAAQ,CAAA,IAAA,CAAK,aAAc,CAAA;AAAA,WACrD;AAAA,UACA,GAAI,OAAA,CAAQ,IAAK,CAAA,aAAA,EAAe,aAAiB,IAAA;AAAA,YAC/C,8BAAgC,EAAA,CAAA,IAAA,EAAO,OAAQ,CAAA,IAAA,CAAK,cAAc,aAAa,CAAA;AAAA,WACjF;AAAA,UACA,GAAI,OAAA,CAAQ,IAAK,CAAA,aAAA,EAAe,WAAe,IAAA;AAAA,YAC7C,2BAAA,EAA6B,OAAQ,CAAA,IAAA,CAAK,aAAc,CAAA;AAAA,WAC1D;AAAA,UACA,GAAI,OAAA,CAAQ,IAAK,CAAA,OAAA,EAAS,KAAS,IAAA;AAAA,YACjC,2BAAA,EAA6B,OAAQ,CAAA,IAAA,CAAK,OAAQ,CAAA;AAAA,WACpD;AAAA,UACA,GAAI,OAAA,CAAQ,IAAK,CAAA,OAAA,EAAS,KAAS,IAAA;AAAA,YACjC,2BAAA,EAA6B,OAAQ,CAAA,IAAA,CAAK,OAAQ,CAAA;AAAA;AACpD,SACF;AAAA,QACA,IAAM,EAAA,CAAC,GAAG,IAAA,EAAM,YAAY,YAAY,CAAA;AAAA,QACxC,MAAQ,EAAA;AAAA,UACN,oBAAsB,EAAA,MAAA;AAAA,UACtB,GAAI,OAAA,CAAQ,QAAS,CAAA,MAAA,IAAU;AAAC;AAClC,OACF;AAAA,MACA,IAAM,EAAA;AAAA,QACJ,IAAM,EAAA,SAAA;AAAA,QACN,SAAA;AAAA,QACA,KAAA;AAAA,QACA;AAAA;AACF,KACF;AAEA,IAAO,OAAA,MAAA;AAAA;AAEX;;;;"}
|
package/dist/router.cjs.js
CHANGED
|
@@ -18,9 +18,6 @@ var express__default = /*#__PURE__*/_interopDefaultCompat(express);
|
|
|
18
18
|
var Router__default = /*#__PURE__*/_interopDefaultCompat(Router);
|
|
19
19
|
var cors__default = /*#__PURE__*/_interopDefaultCompat(cors);
|
|
20
20
|
|
|
21
|
-
function generateApiKey() {
|
|
22
|
-
return crypto.randomBytes(32).toString("hex");
|
|
23
|
-
}
|
|
24
21
|
function extractNameFromEntityRef(entityRef) {
|
|
25
22
|
const parts = entityRef.split("/");
|
|
26
23
|
return parts[parts.length - 1];
|
|
@@ -150,32 +147,6 @@ async function createRouter({
|
|
|
150
147
|
apiProduct.metadata.annotations = {};
|
|
151
148
|
}
|
|
152
149
|
apiProduct.metadata.annotations["backstage.io/owner"] = userEntityRef;
|
|
153
|
-
const httpRouteNamespace = namespace;
|
|
154
|
-
const httpRouteName = targetRef.name;
|
|
155
|
-
try {
|
|
156
|
-
const planPoliciesResponse = await k8sClient$1.listCustomResources(
|
|
157
|
-
"extensions.kuadrant.io",
|
|
158
|
-
"v1alpha1",
|
|
159
|
-
"planpolicies",
|
|
160
|
-
httpRouteNamespace
|
|
161
|
-
);
|
|
162
|
-
const planPolicy = (planPoliciesResponse.items || []).find((pp) => {
|
|
163
|
-
const ref = pp.spec?.targetRef;
|
|
164
|
-
return ref?.kind === "HTTPRoute" && ref?.name === httpRouteName && (!ref?.namespace || ref?.namespace === httpRouteNamespace);
|
|
165
|
-
});
|
|
166
|
-
if (planPolicy && planPolicy.spec?.plans) {
|
|
167
|
-
apiProduct.spec.plans = planPolicy.spec.plans.map((plan) => ({
|
|
168
|
-
tier: plan.tier,
|
|
169
|
-
description: plan.description,
|
|
170
|
-
limits: plan.limits
|
|
171
|
-
}));
|
|
172
|
-
console.log(`copied ${apiProduct.spec.plans.length} plans from planpolicy ${planPolicy.metadata.name}`);
|
|
173
|
-
} else {
|
|
174
|
-
console.log(`no planpolicy found for httproute ${httpRouteNamespace}/${httpRouteName}`);
|
|
175
|
-
}
|
|
176
|
-
} catch (error) {
|
|
177
|
-
console.warn("failed to populate plans from planpolicy:", error);
|
|
178
|
-
}
|
|
179
150
|
const created = await k8sClient$1.createCustomResource(
|
|
180
151
|
"devportal.kuadrant.io",
|
|
181
152
|
"v1alpha1",
|
|
@@ -223,50 +194,32 @@ async function createRouter({
|
|
|
223
194
|
throw new errors.NotAllowedError("you can only delete your own api products");
|
|
224
195
|
}
|
|
225
196
|
}
|
|
226
|
-
console.log(`cascading delete: finding
|
|
197
|
+
console.log(`cascading delete: finding apikeys for ${namespace}/${name}`);
|
|
227
198
|
let allRequests;
|
|
228
199
|
try {
|
|
229
200
|
allRequests = await k8sClient$1.listCustomResources(
|
|
230
|
-
"
|
|
201
|
+
"devportal.kuadrant.io",
|
|
231
202
|
"v1alpha1",
|
|
232
|
-
"
|
|
203
|
+
"apikeys",
|
|
233
204
|
namespace
|
|
234
205
|
);
|
|
235
206
|
} catch (error) {
|
|
236
|
-
console.warn("failed to list
|
|
207
|
+
console.warn("failed to list apikeys during cascade delete:", error);
|
|
237
208
|
allRequests = { items: [] };
|
|
238
209
|
}
|
|
239
210
|
const relatedRequests = (allRequests.items || []).filter(
|
|
240
|
-
(req2) => req2.spec?.
|
|
211
|
+
(req2) => req2.spec?.apiProductRef?.name === name
|
|
241
212
|
);
|
|
242
|
-
console.log(`found ${relatedRequests.length}
|
|
213
|
+
console.log(`found ${relatedRequests.length} apikeys to delete`);
|
|
243
214
|
const deletionResults = await Promise.allSettled(
|
|
244
215
|
relatedRequests.map(async (request) => {
|
|
245
216
|
const requestName = request.metadata.name;
|
|
246
|
-
|
|
247
|
-
const planTier = request.spec?.planTier;
|
|
248
|
-
console.log(`deleting apikeyrequest: ${namespace}/${requestName}`);
|
|
249
|
-
if (request.status?.phase === "Approved") {
|
|
250
|
-
try {
|
|
251
|
-
console.log(`finding secret for approved request: ${namespace}/${requestName}`);
|
|
252
|
-
const secrets = await k8sClient$1.listSecrets(namespace);
|
|
253
|
-
const matchingSecret = secrets.items?.find((s) => {
|
|
254
|
-
const annotations = s.metadata?.annotations || {};
|
|
255
|
-
return annotations["secret.kuadrant.io/user-id"] === requestUserId && annotations["secret.kuadrant.io/plan-id"] === planTier && s.metadata?.labels?.app === name;
|
|
256
|
-
});
|
|
257
|
-
if (matchingSecret) {
|
|
258
|
-
console.log(`deleting secret: ${namespace}/${matchingSecret.metadata.name}`);
|
|
259
|
-
await k8sClient$1.deleteSecret(namespace, matchingSecret.metadata.name);
|
|
260
|
-
}
|
|
261
|
-
} catch (error) {
|
|
262
|
-
console.warn(`failed to delete secret for request ${requestName}:`, error);
|
|
263
|
-
}
|
|
264
|
-
}
|
|
217
|
+
console.log(`deleting apikey: ${namespace}/${requestName}`);
|
|
265
218
|
await k8sClient$1.deleteCustomResource(
|
|
266
|
-
"
|
|
219
|
+
"devportal.kuadrant.io",
|
|
267
220
|
"v1alpha1",
|
|
268
221
|
namespace,
|
|
269
|
-
"
|
|
222
|
+
"apikeys",
|
|
270
223
|
requestName
|
|
271
224
|
);
|
|
272
225
|
})
|
|
@@ -274,7 +227,7 @@ async function createRouter({
|
|
|
274
227
|
const failures = deletionResults.filter((r) => r.status === "rejected");
|
|
275
228
|
if (failures.length > 0) {
|
|
276
229
|
console.warn(
|
|
277
|
-
`${failures.length}
|
|
230
|
+
`${failures.length} apikeys failed to delete:`,
|
|
278
231
|
failures.map((f) => f.reason)
|
|
279
232
|
);
|
|
280
233
|
}
|
|
@@ -515,82 +468,6 @@ async function createRouter({
|
|
|
515
468
|
"apikeys",
|
|
516
469
|
request
|
|
517
470
|
);
|
|
518
|
-
try {
|
|
519
|
-
const apiProduct = await k8sClient$1.getCustomResource(
|
|
520
|
-
"devportal.kuadrant.io",
|
|
521
|
-
"v1alpha1",
|
|
522
|
-
namespace,
|
|
523
|
-
"apiproducts",
|
|
524
|
-
apiProductName
|
|
525
|
-
);
|
|
526
|
-
if (apiProduct.spec?.approvalMode === "automatic") {
|
|
527
|
-
const apiKey = generateApiKey();
|
|
528
|
-
const timestamp = Date.now();
|
|
529
|
-
const userName2 = extractNameFromEntityRef(userEntityRef);
|
|
530
|
-
const secretName = `${userName2}-${apiProductName}-${timestamp}`.toLowerCase().replace(/[^a-z0-9-]/g, "-");
|
|
531
|
-
const secret = {
|
|
532
|
-
apiVersion: "v1",
|
|
533
|
-
kind: "Secret",
|
|
534
|
-
metadata: {
|
|
535
|
-
name: secretName,
|
|
536
|
-
namespace,
|
|
537
|
-
labels: {
|
|
538
|
-
app: apiProductName
|
|
539
|
-
},
|
|
540
|
-
annotations: {
|
|
541
|
-
"secret.kuadrant.io/plan-id": planTier,
|
|
542
|
-
"secret.kuadrant.io/user-id": userEntityRef
|
|
543
|
-
}
|
|
544
|
-
},
|
|
545
|
-
stringData: {
|
|
546
|
-
api_key: apiKey
|
|
547
|
-
},
|
|
548
|
-
type: "Opaque"
|
|
549
|
-
};
|
|
550
|
-
await k8sClient$1.createSecret(namespace, secret);
|
|
551
|
-
let planLimits = null;
|
|
552
|
-
const plan = apiProduct.spec?.plans?.find((p) => p.tier === planTier);
|
|
553
|
-
if (plan) {
|
|
554
|
-
planLimits = plan.limits;
|
|
555
|
-
}
|
|
556
|
-
let apiHostname = `${apiProductName}.apps.example.com`;
|
|
557
|
-
try {
|
|
558
|
-
const httproute = await k8sClient$1.getCustomResource(
|
|
559
|
-
"gateway.networking.k8s.io",
|
|
560
|
-
"v1",
|
|
561
|
-
namespace,
|
|
562
|
-
"httproutes",
|
|
563
|
-
apiProductName
|
|
564
|
-
);
|
|
565
|
-
if (httproute.spec?.hostnames && httproute.spec.hostnames.length > 0) {
|
|
566
|
-
apiHostname = httproute.spec.hostnames[0];
|
|
567
|
-
}
|
|
568
|
-
} catch (error) {
|
|
569
|
-
console.warn("could not fetch httproute for hostname, using default:", error);
|
|
570
|
-
}
|
|
571
|
-
const status = {
|
|
572
|
-
phase: "Approved",
|
|
573
|
-
reviewedBy: "system",
|
|
574
|
-
reviewedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
575
|
-
reason: "automatic approval",
|
|
576
|
-
apiKey,
|
|
577
|
-
apiHostname,
|
|
578
|
-
apiBasePath: "/api/v1",
|
|
579
|
-
apiDescription: `${apiProductName} api`,
|
|
580
|
-
planLimits
|
|
581
|
-
};
|
|
582
|
-
await k8sClient$1.patchCustomResourceStatus(
|
|
583
|
-
"devportal.kuadrant.io",
|
|
584
|
-
"v1alpha1",
|
|
585
|
-
namespace,
|
|
586
|
-
"apikeys",
|
|
587
|
-
requestName,
|
|
588
|
-
status
|
|
589
|
-
);
|
|
590
|
-
}
|
|
591
|
-
} catch (error) {
|
|
592
|
-
console.warn("could not check approval mode or auto-approve:", error);
|
|
593
|
-
}
|
|
594
471
|
res.status(201).json(created);
|
|
595
472
|
} catch (error) {
|
|
596
473
|
console.error("error creating api key request:", error);
|
|
@@ -622,9 +499,9 @@ async function createRouter({
|
|
|
622
499
|
const namespace = req.query.namespace;
|
|
623
500
|
let data;
|
|
624
501
|
if (namespace) {
|
|
625
|
-
data = await k8sClient$1.listCustomResources("devportal.kuadrant.io", "v1alpha1", "
|
|
502
|
+
data = await k8sClient$1.listCustomResources("devportal.kuadrant.io", "v1alpha1", "apikeys", namespace);
|
|
626
503
|
} else {
|
|
627
|
-
data = await k8sClient$1.listCustomResources("devportal.kuadrant.io", "v1alpha1", "
|
|
504
|
+
data = await k8sClient$1.listCustomResources("devportal.kuadrant.io", "v1alpha1", "apikeys");
|
|
628
505
|
}
|
|
629
506
|
let filteredItems = data.items || [];
|
|
630
507
|
if (!canReadAll) {
|
|
@@ -635,7 +512,7 @@ async function createRouter({
|
|
|
635
512
|
return owner === userEntityRef;
|
|
636
513
|
}).map((product) => product.metadata.name);
|
|
637
514
|
filteredItems = filteredItems.filter(
|
|
638
|
-
(req2) => ownedApiProducts.includes(req2.spec?.
|
|
515
|
+
(req2) => ownedApiProducts.includes(req2.spec?.apiProductRef?.name)
|
|
639
516
|
);
|
|
640
517
|
}
|
|
641
518
|
if (status) {
|
|
@@ -685,6 +562,47 @@ async function createRouter({
|
|
|
685
562
|
}
|
|
686
563
|
}
|
|
687
564
|
});
|
|
565
|
+
router.get("/requests/:namespace/:name/secret", async (req, res) => {
|
|
566
|
+
try {
|
|
567
|
+
const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);
|
|
568
|
+
const { namespace, name } = req.params;
|
|
569
|
+
const apiKey = await k8sClient$1.getCustomResource(
|
|
570
|
+
"devportal.kuadrant.io",
|
|
571
|
+
"v1alpha1",
|
|
572
|
+
namespace,
|
|
573
|
+
"apikeys",
|
|
574
|
+
name
|
|
575
|
+
);
|
|
576
|
+
const requestUserId = apiKey.spec?.requestedBy?.userId;
|
|
577
|
+
if (requestUserId !== userEntityRef) {
|
|
578
|
+
throw new errors.NotAllowedError("you can only read your own api key secrets");
|
|
579
|
+
}
|
|
580
|
+
if (apiKey.status?.phase !== "Approved") {
|
|
581
|
+
res.status(400).json({ error: "api key request is not approved" });
|
|
582
|
+
return;
|
|
583
|
+
}
|
|
584
|
+
const secretRef = apiKey.status?.secretRef;
|
|
585
|
+
if (!secretRef?.name || !secretRef?.key) {
|
|
586
|
+
res.status(404).json({ error: "secret not yet created by controller" });
|
|
587
|
+
return;
|
|
588
|
+
}
|
|
589
|
+
const secret = await k8sClient$1.getSecret(namespace, secretRef.name);
|
|
590
|
+
const apiKeyValue = secret.data?.[secretRef.key];
|
|
591
|
+
if (!apiKeyValue) {
|
|
592
|
+
res.status(404).json({ error: "api key not found in secret" });
|
|
593
|
+
return;
|
|
594
|
+
}
|
|
595
|
+
const decodedKey = Buffer.from(apiKeyValue, "base64").toString("utf-8");
|
|
596
|
+
res.json({ apiKey: decodedKey });
|
|
597
|
+
} catch (error) {
|
|
598
|
+
console.error("error fetching api key secret:", error);
|
|
599
|
+
if (error instanceof errors.NotAllowedError) {
|
|
600
|
+
res.status(403).json({ error: error.message });
|
|
601
|
+
} else {
|
|
602
|
+
res.status(500).json({ error: "failed to fetch api key secret" });
|
|
603
|
+
}
|
|
604
|
+
}
|
|
605
|
+
});
|
|
688
606
|
const approveRejectSchema = zod.z.object({
|
|
689
607
|
comment: zod.z.string().optional()
|
|
690
608
|
});
|
|
@@ -697,7 +615,6 @@ async function createRouter({
|
|
|
697
615
|
const credentials = await httpAuth.credentials(req);
|
|
698
616
|
const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);
|
|
699
617
|
const { namespace, name } = req.params;
|
|
700
|
-
const { comment } = parsed.data;
|
|
701
618
|
const reviewedBy = userEntityRef;
|
|
702
619
|
const request = await k8sClient$1.getCustomResource(
|
|
703
620
|
"devportal.kuadrant.io",
|
|
@@ -735,87 +652,10 @@ async function createRouter({
|
|
|
735
652
|
throw new errors.NotAllowedError("you can only approve requests for your own api products");
|
|
736
653
|
}
|
|
737
654
|
}
|
|
738
|
-
const apiKey = generateApiKey();
|
|
739
|
-
const timestamp = Date.now();
|
|
740
|
-
const userName = extractNameFromEntityRef(spec.requestedBy.userId);
|
|
741
|
-
const secretName = `${userName}-${apiProductName}-${timestamp}`.toLowerCase().replace(/[^a-z0-9-]/g, "-");
|
|
742
|
-
const secret = {
|
|
743
|
-
apiVersion: "v1",
|
|
744
|
-
kind: "Secret",
|
|
745
|
-
metadata: {
|
|
746
|
-
name: secretName,
|
|
747
|
-
namespace,
|
|
748
|
-
labels: {
|
|
749
|
-
app: apiProductName
|
|
750
|
-
},
|
|
751
|
-
annotations: {
|
|
752
|
-
"secret.kuadrant.io/plan-id": spec.planTier,
|
|
753
|
-
"secret.kuadrant.io/user-id": spec.requestedBy.userId
|
|
754
|
-
}
|
|
755
|
-
},
|
|
756
|
-
stringData: {
|
|
757
|
-
api_key: apiKey
|
|
758
|
-
},
|
|
759
|
-
type: "Opaque"
|
|
760
|
-
};
|
|
761
|
-
await k8sClient$1.createSecret(namespace, secret);
|
|
762
|
-
let planLimits = null;
|
|
763
|
-
try {
|
|
764
|
-
const products = await k8sClient$1.listCustomResources("devportal.kuadrant.io", "v1alpha1", "apiproducts");
|
|
765
|
-
const product = (products.items || []).find(
|
|
766
|
-
(p) => p.metadata.name.includes(apiProductName) || p.spec?.displayName?.toLowerCase().includes(apiProductName.toLowerCase())
|
|
767
|
-
);
|
|
768
|
-
if (product) {
|
|
769
|
-
const plan = product.spec?.plans?.find((p) => p.tier === spec.planTier);
|
|
770
|
-
if (plan) {
|
|
771
|
-
planLimits = plan.limits;
|
|
772
|
-
}
|
|
773
|
-
}
|
|
774
|
-
} catch (e) {
|
|
775
|
-
console.warn("could not fetch apiproduct for plan limits:", e);
|
|
776
|
-
}
|
|
777
|
-
if (!planLimits) {
|
|
778
|
-
try {
|
|
779
|
-
const policy = await k8sClient$1.getCustomResource(
|
|
780
|
-
"extensions.kuadrant.io",
|
|
781
|
-
"v1alpha1",
|
|
782
|
-
namespace,
|
|
783
|
-
"planpolicies",
|
|
784
|
-
`${apiProductName}-plan`
|
|
785
|
-
);
|
|
786
|
-
const plan = policy.spec?.plans?.find((p) => p.tier === spec.planTier);
|
|
787
|
-
if (plan) {
|
|
788
|
-
planLimits = plan.limits;
|
|
789
|
-
}
|
|
790
|
-
} catch (e) {
|
|
791
|
-
console.warn("could not fetch planpolicy for plan limits:", e);
|
|
792
|
-
}
|
|
793
|
-
}
|
|
794
|
-
let apiHostname = `${apiProductName}.apps.example.com`;
|
|
795
|
-
try {
|
|
796
|
-
const httproute = await k8sClient$1.getCustomResource(
|
|
797
|
-
"gateway.networking.k8s.io",
|
|
798
|
-
"v1",
|
|
799
|
-
namespace,
|
|
800
|
-
"httproutes",
|
|
801
|
-
apiProductName
|
|
802
|
-
);
|
|
803
|
-
if (httproute.spec?.hostnames && httproute.spec.hostnames.length > 0) {
|
|
804
|
-
apiHostname = httproute.spec.hostnames[0];
|
|
805
|
-
}
|
|
806
|
-
} catch (error) {
|
|
807
|
-
console.warn("could not fetch httproute for hostname, using default:", error);
|
|
808
|
-
}
|
|
809
655
|
const status = {
|
|
810
656
|
phase: "Approved",
|
|
811
657
|
reviewedBy,
|
|
812
|
-
reviewedAt: (/* @__PURE__ */ new Date()).toISOString()
|
|
813
|
-
reason: comment || "approved",
|
|
814
|
-
apiKey,
|
|
815
|
-
apiHostname,
|
|
816
|
-
apiBasePath: "/api/v1",
|
|
817
|
-
apiDescription: `${apiProductName} api`,
|
|
818
|
-
planLimits
|
|
658
|
+
reviewedAt: (/* @__PURE__ */ new Date()).toISOString()
|
|
819
659
|
};
|
|
820
660
|
await k8sClient$1.patchCustomResourceStatus(
|
|
821
661
|
"devportal.kuadrant.io",
|
|
@@ -825,7 +665,7 @@ async function createRouter({
|
|
|
825
665
|
name,
|
|
826
666
|
status
|
|
827
667
|
);
|
|
828
|
-
res.json({
|
|
668
|
+
res.json({ success: true });
|
|
829
669
|
} catch (error) {
|
|
830
670
|
console.error("error approving api key request:", error);
|
|
831
671
|
if (error instanceof errors.NotAllowedError) {
|
|
@@ -844,7 +684,6 @@ async function createRouter({
|
|
|
844
684
|
const credentials = await httpAuth.credentials(req);
|
|
845
685
|
const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);
|
|
846
686
|
const { namespace, name } = req.params;
|
|
847
|
-
const { comment } = parsed.data;
|
|
848
687
|
const reviewedBy = userEntityRef;
|
|
849
688
|
const request = await k8sClient$1.getCustomResource(
|
|
850
689
|
"devportal.kuadrant.io",
|
|
@@ -885,8 +724,7 @@ async function createRouter({
|
|
|
885
724
|
const status = {
|
|
886
725
|
phase: "Rejected",
|
|
887
726
|
reviewedBy,
|
|
888
|
-
reviewedAt: (/* @__PURE__ */ new Date()).toISOString()
|
|
889
|
-
reason: comment || "rejected"
|
|
727
|
+
reviewedAt: (/* @__PURE__ */ new Date()).toISOString()
|
|
890
728
|
};
|
|
891
729
|
await k8sClient$1.patchCustomResourceStatus(
|
|
892
730
|
"devportal.kuadrant.io",
|
|
@@ -928,124 +766,15 @@ async function createRouter({
|
|
|
928
766
|
if (decision[0].result !== pluginPermissionCommon.AuthorizeResult.ALLOW) {
|
|
929
767
|
throw new errors.NotAllowedError("unauthorised");
|
|
930
768
|
}
|
|
931
|
-
const { requests
|
|
769
|
+
const { requests } = parsed.data;
|
|
932
770
|
const reviewedBy = userEntityRef;
|
|
933
771
|
const results = [];
|
|
934
772
|
for (const reqRef of requests) {
|
|
935
773
|
try {
|
|
936
|
-
const request = await k8sClient$1.getCustomResource(
|
|
937
|
-
"devportal.kuadrant.io",
|
|
938
|
-
"v1alpha1",
|
|
939
|
-
reqRef.namespace,
|
|
940
|
-
"apikeys",
|
|
941
|
-
reqRef.name
|
|
942
|
-
);
|
|
943
|
-
const spec = request.spec;
|
|
944
|
-
const apiProduct = await k8sClient$1.getCustomResource(
|
|
945
|
-
"devportal.kuadrant.io",
|
|
946
|
-
"v1alpha1",
|
|
947
|
-
spec.apiNamespace,
|
|
948
|
-
"apiproducts",
|
|
949
|
-
spec.apiName
|
|
950
|
-
);
|
|
951
|
-
const owner = apiProduct.metadata?.annotations?.["backstage.io/owner"];
|
|
952
|
-
const updateAllDecision = await permissions$1.authorize(
|
|
953
|
-
[{ permission: permissions.kuadrantApiProductUpdateAllPermission }],
|
|
954
|
-
{ credentials }
|
|
955
|
-
);
|
|
956
|
-
if (updateAllDecision[0].result !== pluginPermissionCommon.AuthorizeResult.ALLOW) {
|
|
957
|
-
const updateOwnDecision = await permissions$1.authorize(
|
|
958
|
-
[{ permission: permissions.kuadrantApiProductUpdateOwnPermission }],
|
|
959
|
-
{ credentials }
|
|
960
|
-
);
|
|
961
|
-
if (updateOwnDecision[0].result !== pluginPermissionCommon.AuthorizeResult.ALLOW) {
|
|
962
|
-
throw new errors.NotAllowedError("unauthorised");
|
|
963
|
-
}
|
|
964
|
-
if (owner !== userEntityRef) {
|
|
965
|
-
throw new errors.NotAllowedError("you can only approve requests for your own api products");
|
|
966
|
-
}
|
|
967
|
-
}
|
|
968
|
-
const apiKey = generateApiKey();
|
|
969
|
-
const timestamp = Date.now();
|
|
970
|
-
const userName = extractNameFromEntityRef(spec.requestedBy.userId);
|
|
971
|
-
const secretName = `${userName}-${spec.apiName}-${timestamp}`.toLowerCase().replace(/[^a-z0-9-]/g, "-");
|
|
972
|
-
const secret = {
|
|
973
|
-
apiVersion: "v1",
|
|
974
|
-
kind: "Secret",
|
|
975
|
-
metadata: {
|
|
976
|
-
name: secretName,
|
|
977
|
-
namespace: spec.apiNamespace,
|
|
978
|
-
labels: {
|
|
979
|
-
app: spec.apiName
|
|
980
|
-
},
|
|
981
|
-
annotations: {
|
|
982
|
-
"secret.kuadrant.io/plan-id": spec.planTier,
|
|
983
|
-
"secret.kuadrant.io/user-id": spec.requestedBy.userId
|
|
984
|
-
}
|
|
985
|
-
},
|
|
986
|
-
stringData: {
|
|
987
|
-
api_key: apiKey
|
|
988
|
-
},
|
|
989
|
-
type: "Opaque"
|
|
990
|
-
};
|
|
991
|
-
await k8sClient$1.createSecret(spec.apiNamespace, secret);
|
|
992
|
-
let planLimits = null;
|
|
993
|
-
try {
|
|
994
|
-
const products = await k8sClient$1.listCustomResources("devportal.kuadrant.io", "v1alpha1", "apiproducts");
|
|
995
|
-
const product = (products.items || []).find(
|
|
996
|
-
(p) => p.metadata.name.includes(spec.apiName) || p.spec?.displayName?.toLowerCase().includes(spec.apiName.toLowerCase())
|
|
997
|
-
);
|
|
998
|
-
if (product) {
|
|
999
|
-
const plan = product.spec?.plans?.find((p) => p.tier === spec.planTier);
|
|
1000
|
-
if (plan) {
|
|
1001
|
-
planLimits = plan.limits;
|
|
1002
|
-
}
|
|
1003
|
-
}
|
|
1004
|
-
} catch (e) {
|
|
1005
|
-
console.warn("could not fetch apiproduct for plan limits:", e);
|
|
1006
|
-
}
|
|
1007
|
-
if (!planLimits) {
|
|
1008
|
-
try {
|
|
1009
|
-
const policy = await k8sClient$1.getCustomResource(
|
|
1010
|
-
"devportal.kuadrant.io",
|
|
1011
|
-
"v1alpha1",
|
|
1012
|
-
spec.apiNamespace,
|
|
1013
|
-
"planpolicies",
|
|
1014
|
-
`${spec.apiName}-plan`
|
|
1015
|
-
);
|
|
1016
|
-
const plan = policy.spec?.plans?.find((p) => p.tier === spec.planTier);
|
|
1017
|
-
if (plan) {
|
|
1018
|
-
planLimits = plan.limits;
|
|
1019
|
-
}
|
|
1020
|
-
} catch (e) {
|
|
1021
|
-
console.warn("could not fetch planpolicy for plan limits:", e);
|
|
1022
|
-
}
|
|
1023
|
-
}
|
|
1024
|
-
let apiHostname = `${spec.apiName}.apps.example.com`;
|
|
1025
|
-
try {
|
|
1026
|
-
const httproute = await k8sClient$1.getCustomResource(
|
|
1027
|
-
"gateway.networking.k8s.io",
|
|
1028
|
-
"v1",
|
|
1029
|
-
spec.apiNamespace,
|
|
1030
|
-
"httproutes",
|
|
1031
|
-
spec.apiName
|
|
1032
|
-
);
|
|
1033
|
-
if (httproute.spec?.hostnames && httproute.spec.hostnames.length > 0) {
|
|
1034
|
-
apiHostname = httproute.spec.hostnames[0];
|
|
1035
|
-
}
|
|
1036
|
-
} catch (error) {
|
|
1037
|
-
console.warn("could not fetch httproute for hostname, using default:", error);
|
|
1038
|
-
}
|
|
1039
774
|
const status = {
|
|
1040
775
|
phase: "Approved",
|
|
1041
776
|
reviewedBy,
|
|
1042
|
-
reviewedAt: (/* @__PURE__ */ new Date()).toISOString()
|
|
1043
|
-
reason: comment || "approved",
|
|
1044
|
-
apiKey,
|
|
1045
|
-
apiHostname,
|
|
1046
|
-
apiBasePath: "/api/v1",
|
|
1047
|
-
apiDescription: `${spec.apiName} api`,
|
|
1048
|
-
planLimits
|
|
777
|
+
reviewedAt: (/* @__PURE__ */ new Date()).toISOString()
|
|
1049
778
|
};
|
|
1050
779
|
await k8sClient$1.patchCustomResourceStatus(
|
|
1051
780
|
"devportal.kuadrant.io",
|
|
@@ -1055,7 +784,7 @@ async function createRouter({
|
|
|
1055
784
|
reqRef.name,
|
|
1056
785
|
status
|
|
1057
786
|
);
|
|
1058
|
-
results.push({ namespace: reqRef.namespace, name: reqRef.name, success: true
|
|
787
|
+
results.push({ namespace: reqRef.namespace, name: reqRef.name, success: true });
|
|
1059
788
|
} catch (error) {
|
|
1060
789
|
console.error(`error approving request ${reqRef.namespace}/${reqRef.name}:`, error);
|
|
1061
790
|
results.push({
|
|
@@ -1091,7 +820,7 @@ async function createRouter({
|
|
|
1091
820
|
if (decision[0].result !== pluginPermissionCommon.AuthorizeResult.ALLOW) {
|
|
1092
821
|
throw new errors.NotAllowedError("unauthorised");
|
|
1093
822
|
}
|
|
1094
|
-
const { requests
|
|
823
|
+
const { requests } = parsed.data;
|
|
1095
824
|
const reviewedBy = userEntityRef;
|
|
1096
825
|
const results = [];
|
|
1097
826
|
for (const reqRef of requests) {
|
|
@@ -1107,9 +836,9 @@ async function createRouter({
|
|
|
1107
836
|
const apiProduct = await k8sClient$1.getCustomResource(
|
|
1108
837
|
"devportal.kuadrant.io",
|
|
1109
838
|
"v1alpha1",
|
|
1110
|
-
|
|
839
|
+
reqRef.namespace,
|
|
1111
840
|
"apiproducts",
|
|
1112
|
-
spec.
|
|
841
|
+
spec.apiProductRef?.name
|
|
1113
842
|
);
|
|
1114
843
|
const owner = apiProduct.metadata?.annotations?.["backstage.io/owner"];
|
|
1115
844
|
const updateAllDecision = await permissions$1.authorize(
|
|
@@ -1131,8 +860,7 @@ async function createRouter({
|
|
|
1131
860
|
const status = {
|
|
1132
861
|
phase: "Rejected",
|
|
1133
862
|
reviewedBy,
|
|
1134
|
-
reviewedAt: (/* @__PURE__ */ new Date()).toISOString()
|
|
1135
|
-
reason: comment || "rejected"
|
|
863
|
+
reviewedAt: (/* @__PURE__ */ new Date()).toISOString()
|
|
1136
864
|
};
|
|
1137
865
|
await k8sClient$1.patchCustomResourceStatus(
|
|
1138
866
|
"devportal.kuadrant.io",
|
|
@@ -1193,23 +921,6 @@ async function createRouter({
|
|
|
1193
921
|
throw new errors.NotAllowedError("you can only delete your own api key requests");
|
|
1194
922
|
}
|
|
1195
923
|
}
|
|
1196
|
-
if (request.status?.phase === "Approved") {
|
|
1197
|
-
try {
|
|
1198
|
-
const apiNamespace = request.spec?.apiNamespace;
|
|
1199
|
-
const apiName = request.spec?.apiName;
|
|
1200
|
-
const planTier = request.spec?.planTier;
|
|
1201
|
-
const secrets = await k8sClient$1.listSecrets(apiNamespace);
|
|
1202
|
-
const matchingSecret = secrets.items?.find((s) => {
|
|
1203
|
-
const annotations = s.metadata?.annotations || {};
|
|
1204
|
-
return annotations["secret.kuadrant.io/user-id"] === requestUserId && annotations["secret.kuadrant.io/plan-id"] === planTier && s.metadata?.labels?.app === apiName;
|
|
1205
|
-
});
|
|
1206
|
-
if (matchingSecret) {
|
|
1207
|
-
await k8sClient$1.deleteSecret(apiNamespace, matchingSecret.metadata.name);
|
|
1208
|
-
}
|
|
1209
|
-
} catch (error) {
|
|
1210
|
-
console.warn("failed to delete associated secret:", error);
|
|
1211
|
-
}
|
|
1212
|
-
}
|
|
1213
924
|
await k8sClient$1.deleteCustomResource(
|
|
1214
925
|
"devportal.kuadrant.io",
|
|
1215
926
|
"v1alpha1",
|
package/dist/router.cjs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"router.cjs.js","sources":["../src/router.ts"],"sourcesContent":["import { HttpAuthService, RootConfigService, UserInfoService, PermissionsService } from '@backstage/backend-plugin-api';\nimport { InputError, NotAllowedError } from '@backstage/errors';\nimport { AuthorizeResult } from '@backstage/plugin-permission-common';\nimport { createPermissionIntegrationRouter } from '@backstage/plugin-permission-node';\nimport { z } from 'zod';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport cors from 'cors';\nimport { randomBytes } from 'crypto';\nimport { KuadrantK8sClient } from './k8s-client';\nimport { getAPIProductEntityProvider } from './module';\nimport {\n kuadrantPermissions,\n kuadrantPlanPolicyListPermission,\n kuadrantPlanPolicyReadPermission,\n kuadrantApiProductListPermission,\n kuadrantApiProductReadOwnPermission,\n kuadrantApiProductReadAllPermission,\n kuadrantApiProductCreatePermission,\n kuadrantApiProductUpdateOwnPermission,\n kuadrantApiProductUpdateAllPermission,\n kuadrantApiProductDeleteOwnPermission,\n kuadrantApiProductDeleteAllPermission,\n kuadrantApiKeyRequestCreatePermission,\n kuadrantApiKeyRequestReadOwnPermission,\n kuadrantApiKeyRequestReadAllPermission,\n kuadrantApiKeyRequestUpdateOwnPermission,\n kuadrantApiKeyRequestUpdateAllPermission,\n kuadrantApiKeyRequestDeleteOwnPermission,\n kuadrantApiKeyRequestDeleteAllPermission,\n} from './permissions';\n\nfunction generateApiKey(): string {\n return randomBytes(32).toString('hex');\n}\n\n/**\n * Extract a kubernetes-safe name from entity ref\n * e.g., \"user:default/alice\" -> \"alice\"\n * e.g., \"group:platform/api-owners\" -> \"api-owners\"\n */\nfunction extractNameFromEntityRef(entityRef: string): string {\n const parts = entityRef.split('/');\n return parts[parts.length - 1];\n}\n\nasync function getUserIdentity(req: express.Request, httpAuth: HttpAuthService, userInfo: UserInfoService): Promise<{\n userEntityRef: string;\n groups: string[];\n}> {\n const credentials = await httpAuth.credentials(req);\n\n if (!credentials || !credentials.principal) {\n throw new NotAllowedError('authentication required');\n }\n\n // get user info from credentials\n const info = await userInfo.getUserInfo(credentials);\n const groups = info.ownershipEntityRefs || [];\n\n console.log(`user identity resolved: userEntityRef=${info.userEntityRef}, groups=${groups.join(',')}`);\n return {\n userEntityRef: info.userEntityRef,\n groups\n };\n}\n\nexport async function createRouter({\n httpAuth,\n userInfo,\n config,\n permissions,\n}: {\n httpAuth: HttpAuthService;\n userInfo: UserInfoService;\n config: RootConfigService;\n permissions: PermissionsService;\n}): Promise<express.Router> {\n const router = Router();\n\n // enable cors for dev mode (allows frontend on :3000 to call backend on :7007)\n router.use(cors({\n origin: 'http://localhost:3000',\n credentials: true,\n }));\n\n router.use(express.json());\n\n const k8sClient = new KuadrantK8sClient(config);\n\n // apiproduct endpoints\n router.get('/apiproducts', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const listDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductListPermission }],\n { credentials }\n );\n\n if (listDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const data = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apiproducts');\n\n // check if user has read all permission\n const readAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductReadAllPermission }],\n { credentials }\n );\n\n if (readAllDecision[0].result === AuthorizeResult.ALLOW) {\n // admin - return all apiproducts\n res.json(data);\n } else {\n // owner - check read own permission and filter\n const readOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductReadOwnPermission }],\n { credentials }\n );\n\n if (readOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // filter to only owned apiproducts\n const ownedItems = (data.items || []).filter((item: any) => {\n const owner = item.metadata?.annotations?.['backstage.io/owner'];\n return owner === userEntityRef;\n });\n\n res.json({ ...data, items: ownedItems });\n }\n } catch (error) {\n console.error('error fetching apiproducts:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch apiproducts' });\n }\n }\n });\n\n router.get('/apiproducts/:namespace/:name', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n const { namespace, name } = req.params;\n\n // try read all permission first (admin)\n const readAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductReadAllPermission }],\n { credentials }\n );\n\n if (readAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to read own permission\n const readOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductReadOwnPermission }],\n { credentials }\n );\n\n if (readOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const data = await k8sClient.getCustomResource('devportal.kuadrant.io', 'v1alpha1', namespace, 'apiproducts', name);\n const owner = data.metadata?.annotations?.['backstage.io/owner'];\n // owner is already in entity ref format\n\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only read your own api products');\n }\n\n res.json(data);\n } else {\n // admin - read any apiproduct\n const data = await k8sClient.getCustomResource('devportal.kuadrant.io', 'v1alpha1', namespace, 'apiproducts', name);\n res.json(data);\n }\n } catch (error) {\n console.error('error fetching apiproduct:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch apiproduct' });\n }\n }\n });\n\n router.post('/apiproducts', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantApiProductCreatePermission }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const apiProduct = req.body;\n const targetRef = apiProduct.spec?.targetRef;\n\n if (!targetRef?.name || !targetRef?.kind || !targetRef?.namespace) {\n throw new InputError('targetRef with name, kind, and namespace is required');\n }\n\n // derive namespace from httproute - apiproduct lives in same namespace as httproute\n const namespace = targetRef.namespace;\n apiProduct.metadata.namespace = namespace;\n\n // set ownership annotation (backstage-specific metadata)\n // note: creationTimestamp is automatically set by kubernetes api server\n if (!apiProduct.metadata.annotations) {\n apiProduct.metadata.annotations = {};\n }\n apiProduct.metadata.annotations['backstage.io/owner'] = userEntityRef;\n\n // temporary: populate plans from planpolicy until controller implements this\n // look up httproute and find planpolicy targeting it\n const httpRouteNamespace = namespace;\n const httpRouteName = targetRef.name;\n\n try {\n // list all planpolicies in the httproute's namespace\n const planPoliciesResponse = await k8sClient.listCustomResources(\n 'extensions.kuadrant.io',\n 'v1alpha1',\n 'planpolicies',\n httpRouteNamespace\n );\n\n // find planpolicy targeting this httproute\n const planPolicy = (planPoliciesResponse.items || []).find((pp: any) => {\n const ref = pp.spec?.targetRef;\n return ref?.kind === 'HTTPRoute' &&\n ref?.name === httpRouteName &&\n (!ref?.namespace || ref?.namespace === httpRouteNamespace);\n });\n\n if (planPolicy && planPolicy.spec?.plans) {\n // copy plans from planpolicy to apiproduct spec\n apiProduct.spec.plans = planPolicy.spec.plans.map((plan: any) => ({\n tier: plan.tier,\n description: plan.description,\n limits: plan.limits\n }));\n console.log(`copied ${apiProduct.spec.plans.length} plans from planpolicy ${planPolicy.metadata.name}`);\n } else {\n console.log(`no planpolicy found for httproute ${httpRouteNamespace}/${httpRouteName}`);\n }\n } catch (error) {\n console.warn('failed to populate plans from planpolicy:', error);\n // continue without plans rather than failing the creation\n }\n\n const created = await k8sClient.createCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apiproducts',\n apiProduct,\n );\n\n // trigger immediate catalog sync\n const provider = getAPIProductEntityProvider();\n if (provider) {\n await provider.refresh();\n }\n\n res.status(201).json(created);\n } catch (error) {\n console.error('error creating apiproduct:', error);\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else if (error instanceof InputError) {\n res.status(400).json({ error: error.message });\n } else {\n // pass the detailed error message to the frontend\n res.status(500).json({ error: errorMessage });\n }\n }\n });\n\n router.delete('/apiproducts/:namespace/:name', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n const { namespace, name } = req.params;\n\n // try delete all permission first (admin)\n const deleteAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductDeleteAllPermission }],\n { credentials }\n );\n\n if (deleteAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to delete own permission\n const deleteOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductDeleteOwnPermission }],\n { credentials }\n );\n\n if (deleteOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership before deleting\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const existing = await k8sClient.getCustomResource('devportal.kuadrant.io', 'v1alpha1', namespace, 'apiproducts', name);\n const owner = existing.metadata?.annotations?.['backstage.io/owner'];\n // owner is already in entity ref format\n\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only delete your own api products');\n }\n }\n console.log(`cascading delete: finding apikeyrequests for ${namespace}/${name}`);\n\n let allRequests;\n try {\n allRequests = await k8sClient.listCustomResources(\n 'extensions.kuadrant.io',\n 'v1alpha1',\n 'apikeyrequests',\n namespace\n );\n } catch (error) {\n console.warn('failed to list apikeyrequests during cascade delete:', error);\n allRequests = { items: [] };\n }\n\n // filter requests that belong to this APIProduct\n const relatedRequests = (allRequests.items || []).filter((req: any) =>\n req.spec?.apiName === name && req.spec?.apiNamespace === namespace\n );\n\n console.log(`found ${relatedRequests.length} apikeyrequests to delete`);\n\n // delete each APIKeyRequest and its associated Secret\n const deletionResults = await Promise.allSettled(\n relatedRequests.map(async (request: any) => {\n const requestName = request.metadata.name;\n const requestUserId = request.spec?.requestedBy?.userId;\n const planTier = request.spec?.planTier;\n\n console.log(`deleting apikeyrequest: ${namespace}/${requestName}`);\n\n // iff request is approved, delete the associated secret first\n if (request.status?.phase === 'Approved') {\n try {\n console.log(`finding secret for approved request: ${namespace}/${requestName}`);\n const secrets = await k8sClient.listSecrets(namespace);\n const matchingSecret = secrets.items?.find((s: any) => {\n const annotations = s.metadata?.annotations || {};\n return (\n annotations['secret.kuadrant.io/user-id'] === requestUserId &&\n annotations['secret.kuadrant.io/plan-id'] === planTier &&\n s.metadata?.labels?.app === name\n );\n });\n\n if (matchingSecret) {\n console.log(`deleting secret: ${namespace}/${matchingSecret.metadata.name}`);\n await k8sClient.deleteSecret(namespace, matchingSecret.metadata.name);\n }\n } catch (error) {\n console.warn(`failed to delete secret for request ${requestName}:`, error);\n // continue with request deletion even if secret deletion fails\n }\n }\n\n // delete the ApiKeyRequest\n await k8sClient.deleteCustomResource(\n 'extensions.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeyrequests',\n requestName\n );\n })\n );\n\n // log any failures (but don't block APIProduct deletion)\n const failures = deletionResults.filter(r => r.status === 'rejected');\n if (failures.length > 0) {\n console.warn(`${failures.length} apikeyrequests/secret failed to delete:`,\n failures.map((f: any) => f.reason)\n );\n }\n await k8sClient.deleteCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apiproducts',\n name\n );\n\n // trigger immediate catalog sync\n const provider = getAPIProductEntityProvider();\n if (provider) {\n await provider.refresh();\n }\n\n res.status(204).send();\n } catch (error) {\n console.error('error deleting apiproduct:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to delete apiproduct' });\n }\n }\n });\n\n // httproute endpoints\n router.get('/httproutes', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantApiProductListPermission }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const data = await k8sClient.listCustomResources('gateway.networking.k8s.io', 'v1', 'httproutes');\n\n res.json(data);\n } catch (error) {\n console.error('error fetching httproutes:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch httproutes' });\n }\n }\n });\n\n router.patch('/apiproducts/:namespace/:name', async (req, res) => {\n // whitelist allowed fields for patching\n const patchSchema = z.object({\n spec: z.object({\n displayName: z.string().optional(),\n description: z.string().optional(),\n version: z.string().optional(),\n publishStatus: z.enum(['Draft', 'Published']).optional(),\n approvalMode: z.enum(['automatic', 'manual']).optional(),\n tags: z.array(z.string()).optional(),\n contact: z.object({\n email: z.string().optional(),\n team: z.string().optional(),\n slack: z.string().optional(),\n }).partial().optional(),\n documentation: z.object({\n docsURL: z.string().optional(),\n openAPISpec: z.string().optional(),\n }).partial().optional(),\n }).partial(),\n });\n\n const parsed = patchSchema.safeParse(req.body);\n if (!parsed.success) {\n return res.status(400).json({ error: 'invalid patch: ' + parsed.error.toString() });\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n\n if (!credentials || !credentials.principal) {\n throw new NotAllowedError('authentication required');\n }\n\n const { namespace, name } = req.params;\n\n // try update all permission first (admin)\n const updateAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductUpdateAllPermission }],\n { credentials }\n );\n\n if (updateAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to update own permission\n const updateOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductUpdateOwnPermission }],\n { credentials }\n );\n\n if (updateOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const existing = await k8sClient.getCustomResource('devportal.kuadrant.io', 'v1alpha1', namespace, 'apiproducts', name);\n const owner = existing.metadata?.annotations?.['backstage.io/owner'];\n // owner is already in entity ref format\n\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only update your own api products');\n }\n }\n\n // prevent modification of ownership annotation\n if (req.body.metadata?.annotations) {\n delete req.body.metadata.annotations['backstage.io/owner'];\n }\n\n const updated = await k8sClient.patchCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apiproducts',\n name,\n parsed.data,\n );\n\n return res.json(updated);\n } catch (error) {\n console.error('error updating apiproduct:', error);\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (error instanceof NotAllowedError) {\n return res.status(403).json({ error: error.message });\n } else if (error instanceof InputError) {\n return res.status(400).json({ error: error.message });\n } else {\n return res.status(500).json({ error: errorMessage });\n }\n }\n });\n\n // planpolicy endpoints\n router.get('/planpolicies', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantPlanPolicyListPermission }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const data = await k8sClient.listCustomResources('extensions.kuadrant.io', 'v1alpha1', 'planpolicies');\n\n // only expose minimal info needed for UI association\n const filtered = {\n items: (data.items || []).map((policy: any) => ({\n metadata: {\n name: policy.metadata.name,\n namespace: policy.metadata.namespace,\n },\n // only expose targetRef to allow UI to match PlanPolicy -> HTTPRoute\n targetRef: policy.spec?.targetRef ? {\n kind: policy.spec.targetRef.kind,\n name: policy.spec.targetRef.name,\n namespace: policy.spec.targetRef.namespace,\n } : undefined,\n // only expose plan tier info, no other spec details\n plans: (policy.spec?.plans || []).map((plan: any) => ({\n tier: plan.tier,\n description: plan.description,\n limits: plan.limits,\n })),\n })),\n };\n\n res.json(filtered);\n } catch (error) {\n console.error('error fetching planpolicies:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch planpolicies' });\n }\n }\n });\n\n router.get('/planpolicies/:namespace/:name', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantPlanPolicyReadPermission }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const { namespace, name } = req.params;\n const data = await k8sClient.getCustomResource('extensions.kuadrant.io', 'v1alpha1', namespace, 'planpolicies', name);\n res.json(data);\n } catch (error) {\n console.error('error fetching planpolicy:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch planpolicy' });\n }\n }\n });\n\n // apikey crud endpoints\n const requestSchema = z.object({\n apiProductName: z.string(), // name of the APIProduct\n namespace: z.string(), // namespace where both APIProduct and APIKey live\n planTier: z.string(),\n useCase: z.string().optional(),\n userEmail: z.string().optional(),\n });\n\n router.post('/requests', async (req, res) => {\n const parsed = requestSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError(parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { apiProductName, namespace, planTier, useCase, userEmail } = parsed.data;\n\n // extract userId from authenticated credentials, not from request body\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n // check permission with resource reference (per-apiproduct access control)\n const resourceRef = `apiproduct:${namespace}/${apiProductName}`;\n const decision = await permissions.authorize(\n [{\n permission: kuadrantApiKeyRequestCreatePermission,\n resourceRef,\n }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError(`not authorised to request access to ${apiProductName}`);\n }\n const randomSuffix = randomBytes(4).toString('hex');\n const userName = extractNameFromEntityRef(userEntityRef);\n const requestName = `${userName}-${apiProductName}-${randomSuffix}`.toLowerCase().replace(/[^a-z0-9-]/g, '-');\n\n const requestedBy: any = { userId: userEntityRef };\n if (userEmail) {\n requestedBy.email = userEmail;\n }\n\n const request = {\n apiVersion: 'devportal.kuadrant.io/v1alpha1',\n kind: 'APIKey',\n metadata: {\n name: requestName,\n namespace,\n },\n spec: {\n apiProductRef: {\n name: apiProductName,\n },\n planTier,\n useCase: useCase || '',\n requestedBy,\n },\n };\n\n const created = await k8sClient.createCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n request,\n );\n\n // check if apiproduct has automatic approval mode\n try {\n const apiProduct = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apiproducts',\n apiProductName,\n );\n\n if (apiProduct.spec?.approvalMode === 'automatic') {\n // automatically approve and create secret\n const apiKey = generateApiKey();\n const timestamp = Date.now();\n const userName = extractNameFromEntityRef(userEntityRef);\n const secretName = `${userName}-${apiProductName}-${timestamp}`\n .toLowerCase()\n .replace(/[^a-z0-9-]/g, '-');\n\n const secret = {\n apiVersion: 'v1',\n kind: 'Secret',\n metadata: {\n name: secretName,\n namespace,\n labels: {\n app: apiProductName,\n },\n annotations: {\n 'secret.kuadrant.io/plan-id': planTier,\n 'secret.kuadrant.io/user-id': userEntityRef,\n },\n },\n stringData: {\n api_key: apiKey,\n },\n type: 'Opaque',\n };\n\n await k8sClient.createSecret(namespace, secret);\n\n // get plan limits\n let planLimits: any = null;\n const plan = apiProduct.spec?.plans?.find((p: any) => p.tier === planTier);\n if (plan) {\n planLimits = plan.limits;\n }\n\n // fetch httproute to get hostname\n let apiHostname = `${apiProductName}.apps.example.com`;\n try {\n const httproute = await k8sClient.getCustomResource(\n 'gateway.networking.k8s.io',\n 'v1',\n namespace,\n 'httproutes',\n apiProductName,\n );\n if (httproute.spec?.hostnames && httproute.spec.hostnames.length > 0) {\n apiHostname = httproute.spec.hostnames[0];\n }\n } catch (error) {\n console.warn('could not fetch httproute for hostname, using default:', error);\n }\n\n // update request status to approved\n const status = {\n phase: 'Approved',\n reviewedBy: 'system',\n reviewedAt: new Date().toISOString(),\n reason: 'automatic approval',\n apiKey,\n apiHostname,\n apiBasePath: '/api/v1',\n apiDescription: `${apiProductName} api`,\n planLimits,\n };\n\n await k8sClient.patchCustomResourceStatus(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n requestName,\n status,\n );\n }\n } catch (error) {\n console.warn('could not check approval mode or auto-approve:', error);\n // continue anyway - request was created successfully\n }\n\n res.status(201).json(created);\n } catch (error) {\n console.error('error creating api key request:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to create api key request' });\n }\n }\n });\n\n router.get('/requests', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n // check if user can read all requests or only own\n const readAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestReadAllPermission }],\n { credentials }\n );\n\n const canReadAll = readAllDecision[0].result === AuthorizeResult.ALLOW;\n\n if (!canReadAll) {\n // try read own permission\n const readOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestReadOwnPermission }],\n { credentials }\n );\n\n if (readOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n }\n\n const status = req.query.status as string;\n const namespace = req.query.namespace as string;\n\n let data;\n if (namespace) {\n data = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'aPIKeys', namespace);\n } else {\n data = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'aPIKeys');\n }\n\n let filteredItems = data.items || [];\n\n // if user only has read.own permission, filter by api product ownership\n if (!canReadAll) {\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n // get all apiproducts owned by this user\n const apiproducts = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apiproducts');\n const ownedApiProducts = (apiproducts.items || [])\n .filter((product: any) => {\n const owner = product.metadata?.annotations?.['backstage.io/owner'];\n return owner === userEntityRef;\n })\n .map((product: any) => product.metadata.name);\n\n // filter requests to only those for owned api products\n filteredItems = filteredItems.filter((req: any) =>\n ownedApiProducts.includes(req.spec?.apiName)\n );\n }\n\n if (status) {\n filteredItems = filteredItems.filter((req: any) => {\n const phase = req.status?.phase || 'Pending';\n return phase === status;\n });\n }\n\n res.json({ items: filteredItems });\n } catch (error) {\n console.error('error fetching api key requests:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch api key requests' });\n }\n }\n });\n\n router.get('/requests/my', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestReadOwnPermission }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // extract userId from authenticated credentials, not from query params\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const namespace = req.query.namespace as string;\n\n let data;\n if (namespace) {\n data = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apikeys', namespace);\n } else {\n data = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apikeys');\n }\n\n const filteredItems = (data.items || []).filter(\n (req: any) => req.spec?.requestedBy?.userId === userEntityRef\n );\n\n res.json({ items: filteredItems });\n } catch (error) {\n console.error('error fetching user api key requests:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch user api key requests' });\n }\n }\n });\n\n const approveRejectSchema = z.object({\n comment: z.string().optional(),\n });\n\n router.post('/requests/:namespace/:name/approve', async (req, res) => {\n const parsed = approveRejectSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError(parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n const { namespace, name } = req.params;\n const { comment } = parsed.data;\n const reviewedBy = userEntityRef;\n\n const request = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n );\n\n const spec = request.spec as any;\n const apiProductName = spec.apiProductRef?.name;\n\n if (!apiProductName) {\n throw new InputError('apiProductRef.name is required in APIKey spec');\n }\n\n // verify user owns/admins the apiproduct this request is for\n const apiProduct = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apiproducts',\n apiProductName,\n );\n\n const owner = apiProduct.metadata?.annotations?.['backstage.io/owner'];\n // owner is already in entity ref format\n\n // try update all permission first (admin)\n const updateAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateAllPermission }],\n { credentials },\n );\n\n if (updateAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to update own permission\n const updateOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateOwnPermission }],\n { credentials },\n );\n\n if (updateOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership of the apiproduct\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only approve requests for your own api products');\n }\n }\n const apiKey = generateApiKey();\n const timestamp = Date.now();\n const userName = extractNameFromEntityRef(spec.requestedBy.userId);\n const secretName = `${userName}-${apiProductName}-${timestamp}`\n .toLowerCase()\n .replace(/[^a-z0-9-]/g, '-');\n\n const secret = {\n apiVersion: 'v1',\n kind: 'Secret',\n metadata: {\n name: secretName,\n namespace,\n labels: {\n app: apiProductName,\n },\n annotations: {\n 'secret.kuadrant.io/plan-id': spec.planTier,\n 'secret.kuadrant.io/user-id': spec.requestedBy.userId,\n },\n },\n stringData: {\n api_key: apiKey,\n },\n type: 'Opaque',\n };\n\n await k8sClient.createSecret(namespace, secret);\n\n // try to get plan limits from apiproduct or planpolicy\n let planLimits: any = null;\n try {\n const products = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apiproducts');\n const product = (products.items || []).find((p: any) =>\n p.metadata.name.includes(apiProductName) || p.spec?.displayName?.toLowerCase().includes(apiProductName.toLowerCase())\n );\n if (product) {\n const plan = product.spec?.plans?.find((p: any) => p.tier === spec.planTier);\n if (plan) {\n planLimits = plan.limits;\n }\n }\n } catch (e) {\n console.warn('could not fetch apiproduct for plan limits:', e);\n }\n\n if (!planLimits) {\n try {\n const policy = await k8sClient.getCustomResource(\n 'extensions.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'planpolicies',\n `${apiProductName}-plan`,\n );\n const plan = policy.spec?.plans?.find((p: any) => p.tier === spec.planTier);\n if (plan) {\n planLimits = plan.limits;\n }\n } catch (e) {\n console.warn('could not fetch planpolicy for plan limits:', e);\n }\n }\n\n // fetch httproute to get hostname\n let apiHostname = `${apiProductName}.apps.example.com`;\n try {\n const httproute = await k8sClient.getCustomResource(\n 'gateway.networking.k8s.io',\n 'v1',\n namespace,\n 'httproutes',\n apiProductName,\n );\n if (httproute.spec?.hostnames && httproute.spec.hostnames.length > 0) {\n apiHostname = httproute.spec.hostnames[0];\n }\n } catch (error) {\n console.warn('could not fetch httproute for hostname, using default:', error);\n }\n\n const status = {\n phase: 'Approved',\n reviewedBy,\n reviewedAt: new Date().toISOString(),\n reason: comment || 'approved',\n apiKey,\n apiHostname,\n apiBasePath: '/api/v1',\n apiDescription: `${apiProductName} api`,\n planLimits,\n };\n\n await k8sClient.patchCustomResourceStatus(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n status,\n );\n\n res.json({ secretName });\n } catch (error) {\n console.error('error approving api key request:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to approve api key request' });\n }\n }\n });\n\n router.post('/requests/:namespace/:name/reject', async (req, res) => {\n const parsed = approveRejectSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError(parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n const { namespace, name } = req.params;\n const { comment } = parsed.data;\n const reviewedBy = userEntityRef;\n\n // fetch request to get apiproduct info\n const request = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n );\n\n const spec = request.spec as any;\n const apiProductName = spec.apiProductRef?.name;\n\n if (!apiProductName) {\n throw new InputError('apiProductRef.name is required in APIKey spec');\n }\n\n // verify user owns/admins the apiproduct this request is for\n const apiProduct = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apiproducts',\n apiProductName,\n );\n\n const owner = apiProduct.metadata?.annotations?.['backstage.io/owner'];\n // owner is already in entity ref format\n\n // try update all permission first (admin)\n const updateAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateAllPermission }],\n { credentials },\n );\n\n if (updateAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to update own permission\n const updateOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateOwnPermission }],\n { credentials },\n );\n\n if (updateOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership of the apiproduct\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only reject requests for your own api products');\n }\n }\n\n const status = {\n phase: 'Rejected',\n reviewedBy,\n reviewedAt: new Date().toISOString(),\n reason: comment || 'rejected',\n };\n\n await k8sClient.patchCustomResourceStatus(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n status,\n );\n\n res.status(204).send();\n } catch (error) {\n console.error('error rejecting api key request:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to reject api key request' });\n }\n }\n });\n\n const bulkApproveSchema = z.object({\n requests: z.array(z.object({\n namespace: z.string(),\n name: z.string(),\n })),\n comment: z.string().optional(),\n });\n\n router.post('/requests/bulk-approve', async (req, res) => {\n const parsed = bulkApproveSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError(parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateAllPermission }],\n { credentials },\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const { requests, comment } = parsed.data;\n const reviewedBy = userEntityRef;\n const results = [];\n\n for (const reqRef of requests) {\n try {\n const request = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n reqRef.namespace,\n 'apikeys',\n reqRef.name,\n );\n\n const spec = request.spec as any;\n\n // verify user owns/admins the apiproduct this request is for\n const apiProduct = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n spec.apiNamespace,\n 'apiproducts',\n spec.apiName,\n );\n\n const owner = apiProduct.metadata?.annotations?.['backstage.io/owner'];\n // owner is already in entity ref format\n\n // try update all permission first (admin)\n const updateAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductUpdateAllPermission }],\n { credentials },\n );\n\n if (updateAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to update own permission\n const updateOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductUpdateOwnPermission }],\n { credentials },\n );\n\n if (updateOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership of the apiproduct\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only approve requests for your own api products');\n }\n }\n const apiKey = generateApiKey();\n const timestamp = Date.now();\n const userName = extractNameFromEntityRef(spec.requestedBy.userId);\n const secretName = `${userName}-${spec.apiName}-${timestamp}`\n .toLowerCase()\n .replace(/[^a-z0-9-]/g, '-');\n\n const secret = {\n apiVersion: 'v1',\n kind: 'Secret',\n metadata: {\n name: secretName,\n namespace: spec.apiNamespace,\n labels: {\n app: spec.apiName,\n },\n annotations: {\n 'secret.kuadrant.io/plan-id': spec.planTier,\n 'secret.kuadrant.io/user-id': spec.requestedBy.userId,\n },\n },\n stringData: {\n api_key: apiKey,\n },\n type: 'Opaque',\n };\n\n await k8sClient.createSecret(spec.apiNamespace, secret);\n\n // try to get plan limits from apiproduct or planpolicy\n let planLimits: any = null;\n try {\n const products = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apiproducts');\n const product = (products.items || []).find((p: any) =>\n p.metadata.name.includes(spec.apiName) || p.spec?.displayName?.toLowerCase().includes(spec.apiName.toLowerCase())\n );\n if (product) {\n const plan = product.spec?.plans?.find((p: any) => p.tier === spec.planTier);\n if (plan) {\n planLimits = plan.limits;\n }\n }\n } catch (e) {\n console.warn('could not fetch apiproduct for plan limits:', e);\n }\n\n if (!planLimits) {\n try {\n const policy = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n spec.apiNamespace,\n 'planpolicies',\n `${spec.apiName}-plan`,\n );\n const plan = policy.spec?.plans?.find((p: any) => p.tier === spec.planTier);\n if (plan) {\n planLimits = plan.limits;\n }\n } catch (e) {\n console.warn('could not fetch planpolicy for plan limits:', e);\n }\n }\n\n // fetch httproute to get hostname\n let apiHostname = `${spec.apiName}.apps.example.com`;\n try {\n const httproute = await k8sClient.getCustomResource(\n 'gateway.networking.k8s.io',\n 'v1',\n spec.apiNamespace,\n 'httproutes',\n spec.apiName,\n );\n if (httproute.spec?.hostnames && httproute.spec.hostnames.length > 0) {\n apiHostname = httproute.spec.hostnames[0];\n }\n } catch (error) {\n console.warn('could not fetch httproute for hostname, using default:', error);\n }\n\n const status = {\n phase: 'Approved',\n reviewedBy,\n reviewedAt: new Date().toISOString(),\n reason: comment || 'approved',\n apiKey,\n apiHostname,\n apiBasePath: '/api/v1',\n apiDescription: `${spec.apiName} api`,\n planLimits,\n };\n\n await k8sClient.patchCustomResourceStatus(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n reqRef.namespace,\n 'apikeys',\n reqRef.name,\n status,\n );\n\n results.push({ namespace: reqRef.namespace, name: reqRef.name, success: true, secretName });\n } catch (error) {\n console.error(`error approving request ${reqRef.namespace}/${reqRef.name}:`, error);\n results.push({\n namespace: reqRef.namespace,\n name: reqRef.name,\n success: false,\n error: error instanceof Error ? error.message : 'unknown error'\n });\n }\n }\n\n res.json({ results });\n } catch (error) {\n console.error('error in bulk approve:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to bulk approve api key requests' });\n }\n }\n });\n\n router.post('/requests/bulk-reject', async (req, res) => {\n const parsed = bulkApproveSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError(parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateAllPermission }],\n { credentials },\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const { requests, comment } = parsed.data;\n const reviewedBy = userEntityRef;\n const results = [];\n\n for (const reqRef of requests) {\n try {\n // fetch request to get apiproduct info\n const request = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n reqRef.namespace,\n 'apikeys',\n reqRef.name,\n );\n\n const spec = request.spec as any;\n\n // verify user owns/admins the apiproduct this request is for\n const apiProduct = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n spec.apiNamespace,\n 'apiproducts',\n spec.apiName,\n );\n\n const owner = apiProduct.metadata?.annotations?.['backstage.io/owner'];\n // owner is already in entity ref format\n\n // try update all permission first (admin)\n const updateAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductUpdateAllPermission }],\n { credentials },\n );\n\n if (updateAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to update own permission\n const updateOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductUpdateOwnPermission }],\n { credentials },\n );\n\n if (updateOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership of the apiproduct\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only reject requests for your own api products');\n }\n }\n\n const status = {\n phase: 'Rejected',\n reviewedBy,\n reviewedAt: new Date().toISOString(),\n reason: comment || 'rejected',\n };\n\n await k8sClient.patchCustomResourceStatus(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n reqRef.namespace,\n 'apikeys',\n reqRef.name,\n status,\n );\n\n results.push({ namespace: reqRef.namespace, name: reqRef.name, success: true });\n } catch (error) {\n console.error(`error rejecting request ${reqRef.namespace}/${reqRef.name}:`, error);\n results.push({\n namespace: reqRef.namespace,\n name: reqRef.name,\n success: false,\n error: error instanceof Error ? error.message : 'unknown error'\n });\n }\n }\n\n res.json({ results });\n } catch (error) {\n console.error('error in bulk reject:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to bulk reject api key requests' });\n }\n }\n });\n\n router.delete('/requests/:namespace/:name', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const { namespace, name } = req.params;\n\n // get request to verify ownership\n const request = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n );\n\n const requestUserId = request.spec?.requestedBy?.userId;\n\n // check if user can delete all requests or just their own\n const deleteAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestDeleteAllPermission }],\n { credentials }\n );\n\n const canDeleteAll = deleteAllDecision[0].result === AuthorizeResult.ALLOW;\n\n if (!canDeleteAll) {\n // check if user can delete their own requests\n const deleteOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestDeleteOwnPermission }],\n { credentials }\n );\n\n if (deleteOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership\n if (requestUserId !== userEntityRef) {\n throw new NotAllowedError('you can only delete your own api key requests');\n }\n }\n\n // if request is approved, find and delete associated secret\n if (request.status?.phase === 'Approved') {\n try {\n const apiNamespace = request.spec?.apiNamespace;\n const apiName = request.spec?.apiName;\n const planTier = request.spec?.planTier;\n\n // list secrets in the api namespace and find the one with matching annotations\n const secrets = await k8sClient.listSecrets(apiNamespace);\n const matchingSecret = secrets.items?.find((s: any) => {\n const annotations = s.metadata?.annotations || {};\n return (\n annotations['secret.kuadrant.io/user-id'] === requestUserId &&\n annotations['secret.kuadrant.io/plan-id'] === planTier &&\n s.metadata?.labels?.app === apiName\n );\n });\n\n if (matchingSecret) {\n await k8sClient.deleteSecret(apiNamespace, matchingSecret.metadata.name);\n }\n } catch (error) {\n console.warn('failed to delete associated secret:', error);\n // continue with request deletion even if secret deletion fails\n }\n }\n\n await k8sClient.deleteCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n );\n res.status(204).send();\n } catch (error) {\n console.error('error deleting api key request:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to delete api key request' });\n }\n }\n });\n\n router.patch('/requests/:namespace/:name', async (req, res) => {\n // whitelist allowed fields for patching\n const patchSchema = z.object({\n spec: z.object({\n useCase: z.string().optional(),\n planTier: z.string().optional(),\n }).partial(),\n });\n\n const parsed = patchSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError('invalid patch: ' + parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const { namespace, name } = req.params;\n\n // get existing request to check ownership and status\n const existing = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n );\n\n const requestUserId = existing.spec?.requestedBy?.userId;\n const currentPhase = existing.status?.phase || 'Pending';\n\n // only pending requests can be edited\n if (currentPhase !== 'Pending') {\n throw new NotAllowedError('only pending requests can be edited');\n }\n\n // check if user can update all requests or just their own\n const updateAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateAllPermission }],\n { credentials }\n );\n\n if (updateAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // check if user can update their own requests\n const updateOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateOwnPermission }],\n { credentials }\n );\n\n if (updateOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership\n if (requestUserId !== userEntityRef) {\n throw new NotAllowedError('you can only update your own api key requests');\n }\n }\n\n // apply validated patch\n const updated = await k8sClient.patchCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n parsed.data,\n );\n\n res.json(updated);\n } catch (error) {\n console.error('error updating api key request:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else if (error instanceof InputError) {\n res.status(400).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to update api key request' });\n }\n }\n });\n\n // expose permissions for backstage permission framework\n router.use(createPermissionIntegrationRouter({\n permissions: kuadrantPermissions,\n }));\n\n return router;\n}\n"],"names":["randomBytes","NotAllowedError","permissions","Router","cors","express","k8sClient","KuadrantK8sClient","kuadrantApiProductListPermission","AuthorizeResult","kuadrantApiProductReadAllPermission","kuadrantApiProductReadOwnPermission","kuadrantApiProductCreatePermission","InputError","getAPIProductEntityProvider","kuadrantApiProductDeleteAllPermission","kuadrantApiProductDeleteOwnPermission","req","z","kuadrantApiProductUpdateAllPermission","kuadrantApiProductUpdateOwnPermission","kuadrantPlanPolicyListPermission","kuadrantPlanPolicyReadPermission","kuadrantApiKeyRequestCreatePermission","userName","kuadrantApiKeyRequestReadAllPermission","kuadrantApiKeyRequestReadOwnPermission","kuadrantApiKeyRequestUpdateAllPermission","kuadrantApiKeyRequestUpdateOwnPermission","kuadrantApiKeyRequestDeleteAllPermission","kuadrantApiKeyRequestDeleteOwnPermission","createPermissionIntegrationRouter","kuadrantPermissions"],"mappings":";;;;;;;;;;;;;;;;;;;;AAgCA,SAAS,cAAyB,GAAA;AAChC,EAAA,OAAOA,kBAAY,CAAA,EAAE,CAAE,CAAA,QAAA,CAAS,KAAK,CAAA;AACvC;AAOA,SAAS,yBAAyB,SAA2B,EAAA;AAC3D,EAAM,MAAA,KAAA,GAAQ,SAAU,CAAA,KAAA,CAAM,GAAG,CAAA;AACjC,EAAO,OAAA,KAAA,CAAM,KAAM,CAAA,MAAA,GAAS,CAAC,CAAA;AAC/B;AAEA,eAAe,eAAA,CAAgB,GAAsB,EAAA,QAAA,EAA2B,QAG7E,EAAA;AACD,EAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,EAAA,IAAI,CAAC,WAAA,IAAe,CAAC,WAAA,CAAY,SAAW,EAAA;AAC1C,IAAM,MAAA,IAAIC,uBAAgB,yBAAyB,CAAA;AAAA;AAIrD,EAAA,MAAM,IAAO,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,WAAW,CAAA;AACnD,EAAM,MAAA,MAAA,GAAS,IAAK,CAAA,mBAAA,IAAuB,EAAC;AAE5C,EAAQ,OAAA,CAAA,GAAA,CAAI,yCAAyC,IAAK,CAAA,aAAa,YAAY,MAAO,CAAA,IAAA,CAAK,GAAG,CAAC,CAAE,CAAA,CAAA;AACrG,EAAO,OAAA;AAAA,IACL,eAAe,IAAK,CAAA,aAAA;AAAA,IACpB;AAAA,GACF;AACF;AAEA,eAAsB,YAAa,CAAA;AAAA,EACjC,QAAA;AAAA,EACA,QAAA;AAAA,EACA,MAAA;AAAA,eACAC;AACF,CAK4B,EAAA;AAC1B,EAAA,MAAM,SAASC,uBAAO,EAAA;AAGtB,EAAA,MAAA,CAAO,IAAIC,qBAAK,CAAA;AAAA,IACd,MAAQ,EAAA,uBAAA;AAAA,IACR,WAAa,EAAA;AAAA,GACd,CAAC,CAAA;AAEF,EAAO,MAAA,CAAA,GAAA,CAAIC,wBAAQ,CAAA,IAAA,EAAM,CAAA;AAEzB,EAAM,MAAAC,WAAA,GAAY,IAAIC,2BAAA,CAAkB,MAAM,CAAA;AAG9C,EAAA,MAAA,CAAO,GAAI,CAAA,cAAA,EAAgB,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC7C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,YAAA,GAAe,MAAML,aAAY,CAAA,SAAA;AAAA,QACrC,CAAC,EAAE,UAAY,EAAAM,4CAAA,EAAkC,CAAA;AAAA,QACjD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,YAAa,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWC,uCAAgB,KAAO,EAAA;AACpD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,MAAA,MAAM,OAAO,MAAMK,WAAA,CAAU,mBAAoB,CAAA,uBAAA,EAAyB,YAAY,aAAa,CAAA;AAGnG,MAAM,MAAA,eAAA,GAAkB,MAAMJ,aAAY,CAAA,SAAA;AAAA,QACxC,CAAC,EAAE,UAAY,EAAAQ,+CAAA,EAAqC,CAAA;AAAA,QACpD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,eAAgB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWD,uCAAgB,KAAO,EAAA;AAEvD,QAAA,GAAA,CAAI,KAAK,IAAI,CAAA;AAAA,OACR,MAAA;AAEL,QAAM,MAAA,eAAA,GAAkB,MAAMP,aAAY,CAAA,SAAA;AAAA,UACxC,CAAC,EAAE,UAAY,EAAAS,+CAAA,EAAqC,CAAA;AAAA,UACpD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,eAAgB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWF,uCAAgB,KAAO,EAAA;AACvD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,MAAM,cAAc,IAAK,CAAA,KAAA,IAAS,EAAI,EAAA,MAAA,CAAO,CAAC,IAAc,KAAA;AAC1D,UAAA,MAAM,KAAQ,GAAA,IAAA,CAAK,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAC/D,UAAA,OAAO,KAAU,KAAA,aAAA;AAAA,SAClB,CAAA;AAED,QAAA,GAAA,CAAI,KAAK,EAAE,GAAG,IAAM,EAAA,KAAA,EAAO,YAAY,CAAA;AAAA;AACzC,aACO,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,+BAA+B,KAAK,CAAA;AAClD,MAAA,IAAI,iBAAiBA,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,+BAA+B,CAAA;AAAA;AAC/D;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,GAAI,CAAA,+BAAA,EAAiC,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC9D,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAGhC,MAAM,MAAA,eAAA,GAAkB,MAAMC,aAAY,CAAA,SAAA;AAAA,QACxC,CAAC,EAAE,UAAY,EAAAQ,+CAAA,EAAqC,CAAA;AAAA,QACpD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,eAAgB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWD,uCAAgB,KAAO,EAAA;AAEvD,QAAM,MAAA,eAAA,GAAkB,MAAMP,aAAY,CAAA,SAAA;AAAA,UACxC,CAAC,EAAE,UAAY,EAAAS,+CAAA,EAAqC,CAAA;AAAA,UACpD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,eAAgB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWF,uCAAgB,KAAO,EAAA;AACvD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,QAAM,MAAA,IAAA,GAAO,MAAMK,WAAU,CAAA,iBAAA,CAAkB,yBAAyB,UAAY,EAAA,SAAA,EAAW,eAAe,IAAI,CAAA;AAClH,QAAA,MAAM,KAAQ,GAAA,IAAA,CAAK,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAG/D,QAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,UAAM,MAAA,IAAIL,uBAAgB,yCAAyC,CAAA;AAAA;AAGrE,QAAA,GAAA,CAAI,KAAK,IAAI,CAAA;AAAA,OACR,MAAA;AAEL,QAAM,MAAA,IAAA,GAAO,MAAMK,WAAU,CAAA,iBAAA,CAAkB,yBAAyB,UAAY,EAAA,SAAA,EAAW,eAAe,IAAI,CAAA;AAClH,QAAA,GAAA,CAAI,KAAK,IAAI,CAAA;AAAA;AACf,aACO,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,8BAA8B,CAAA;AAAA;AAC9D;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,cAAA,EAAgB,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,QAAA,GAAW,MAAMC,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAU,8CAAA,EAAoC,CAAA;AAAA,QACnD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWH,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,MAAA,MAAM,aAAa,GAAI,CAAA,IAAA;AACvB,MAAM,MAAA,SAAA,GAAY,WAAW,IAAM,EAAA,SAAA;AAEnC,MAAI,IAAA,CAAC,WAAW,IAAQ,IAAA,CAAC,WAAW,IAAQ,IAAA,CAAC,WAAW,SAAW,EAAA;AACjE,QAAM,MAAA,IAAIY,kBAAW,sDAAsD,CAAA;AAAA;AAI7E,MAAA,MAAM,YAAY,SAAU,CAAA,SAAA;AAC5B,MAAA,UAAA,CAAW,SAAS,SAAY,GAAA,SAAA;AAIhC,MAAI,IAAA,CAAC,UAAW,CAAA,QAAA,CAAS,WAAa,EAAA;AACpC,QAAW,UAAA,CAAA,QAAA,CAAS,cAAc,EAAC;AAAA;AAErC,MAAW,UAAA,CAAA,QAAA,CAAS,WAAY,CAAA,oBAAoB,CAAI,GAAA,aAAA;AAIxD,MAAA,MAAM,kBAAqB,GAAA,SAAA;AAC3B,MAAA,MAAM,gBAAgB,SAAU,CAAA,IAAA;AAEhC,MAAI,IAAA;AAEF,QAAM,MAAA,oBAAA,GAAuB,MAAMP,WAAU,CAAA,mBAAA;AAAA,UAC3C,wBAAA;AAAA,UACA,UAAA;AAAA,UACA,cAAA;AAAA,UACA;AAAA,SACF;AAGA,QAAA,MAAM,cAAc,oBAAqB,CAAA,KAAA,IAAS,EAAI,EAAA,IAAA,CAAK,CAAC,EAAY,KAAA;AACtE,UAAM,MAAA,GAAA,GAAM,GAAG,IAAM,EAAA,SAAA;AACrB,UAAO,OAAA,GAAA,EAAK,IAAS,KAAA,WAAA,IACd,GAAK,EAAA,IAAA,KAAS,kBACb,CAAC,GAAA,EAAK,SAAa,IAAA,GAAA,EAAK,SAAc,KAAA,kBAAA,CAAA;AAAA,SAC/C,CAAA;AAED,QAAI,IAAA,UAAA,IAAc,UAAW,CAAA,IAAA,EAAM,KAAO,EAAA;AAExC,UAAA,UAAA,CAAW,KAAK,KAAQ,GAAA,UAAA,CAAW,KAAK,KAAM,CAAA,GAAA,CAAI,CAAC,IAAe,MAAA;AAAA,YAChE,MAAM,IAAK,CAAA,IAAA;AAAA,YACX,aAAa,IAAK,CAAA,WAAA;AAAA,YAClB,QAAQ,IAAK,CAAA;AAAA,WACb,CAAA,CAAA;AACF,UAAQ,OAAA,CAAA,GAAA,CAAI,CAAU,OAAA,EAAA,UAAA,CAAW,IAAK,CAAA,KAAA,CAAM,MAAM,CAA0B,uBAAA,EAAA,UAAA,CAAW,QAAS,CAAA,IAAI,CAAE,CAAA,CAAA;AAAA,SACjG,MAAA;AACL,UAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,kCAAA,EAAqC,kBAAkB,CAAA,CAAA,EAAI,aAAa,CAAE,CAAA,CAAA;AAAA;AACxF,eACO,KAAO,EAAA;AACd,QAAQ,OAAA,CAAA,IAAA,CAAK,6CAA6C,KAAK,CAAA;AAAA;AAIjE,MAAM,MAAA,OAAA,GAAU,MAAMA,WAAU,CAAA,oBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA;AAAA,OACF;AAGA,MAAA,MAAM,WAAWQ,iCAA4B,EAAA;AAC7C,MAAA,IAAI,QAAU,EAAA;AACZ,QAAA,MAAM,SAAS,OAAQ,EAAA;AAAA;AAGzB,MAAA,GAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,OAAO,CAAA;AAAA,aACrB,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,MAAM,eAAe,KAAiB,YAAA,KAAA,GAAQ,KAAM,CAAA,OAAA,GAAU,OAAO,KAAK,CAAA;AAE1E,MAAA,IAAI,iBAAiBb,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OAC/C,MAAA,IAAW,iBAAiBY,iBAAY,EAAA;AACtC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AAEL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,cAAc,CAAA;AAAA;AAC9C;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,MAAO,CAAA,+BAAA,EAAiC,OAAO,GAAA,EAAK,GAAQ,KAAA;AACjE,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAGhC,MAAM,MAAA,iBAAA,GAAoB,MAAMX,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAAa,iDAAA,EAAuC,CAAA;AAAA,QACtD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWN,uCAAgB,KAAO,EAAA;AAEzD,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAAc,iDAAA,EAAuC,CAAA;AAAA,UACtD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWP,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,QAAM,MAAA,QAAA,GAAW,MAAMK,WAAU,CAAA,iBAAA,CAAkB,yBAAyB,UAAY,EAAA,SAAA,EAAW,eAAe,IAAI,CAAA;AACtH,QAAA,MAAM,KAAQ,GAAA,QAAA,CAAS,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAGnE,QAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,UAAM,MAAA,IAAIL,uBAAgB,2CAA2C,CAAA;AAAA;AACvE;AAEF,MAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,6CAAA,EAAgD,SAAS,CAAA,CAAA,EAAI,IAAI,CAAE,CAAA,CAAA;AAE/E,MAAI,IAAA,WAAA;AACJ,MAAI,IAAA;AACF,QAAA,WAAA,GAAc,MAAMK,WAAU,CAAA,mBAAA;AAAA,UAC5B,wBAAA;AAAA,UACA,UAAA;AAAA,UACA,gBAAA;AAAA,UACA;AAAA,SACF;AAAA,eACO,KAAO,EAAA;AACd,QAAQ,OAAA,CAAA,IAAA,CAAK,wDAAwD,KAAK,CAAA;AAC1E,QAAc,WAAA,GAAA,EAAE,KAAO,EAAA,EAAG,EAAA;AAAA;AAI5B,MAAA,MAAM,eAAmB,GAAA,CAAA,WAAA,CAAY,KAAS,IAAA,EAAI,EAAA,MAAA;AAAA,QAAO,CAACW,SACxDA,IAAI,CAAA,IAAA,EAAM,YAAY,IAAQA,IAAAA,IAAAA,CAAI,MAAM,YAAiB,KAAA;AAAA,OAC3D;AAEA,MAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,MAAA,EAAS,eAAgB,CAAA,MAAM,CAA2B,yBAAA,CAAA,CAAA;AAGtE,MAAM,MAAA,eAAA,GAAkB,MAAM,OAAQ,CAAA,UAAA;AAAA,QACpC,eAAA,CAAgB,GAAI,CAAA,OAAO,OAAiB,KAAA;AAC1C,UAAM,MAAA,WAAA,GAAc,QAAQ,QAAS,CAAA,IAAA;AACrC,UAAM,MAAA,aAAA,GAAgB,OAAQ,CAAA,IAAA,EAAM,WAAa,EAAA,MAAA;AACjD,UAAM,MAAA,QAAA,GAAW,QAAQ,IAAM,EAAA,QAAA;AAE/B,UAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,wBAAA,EAA2B,SAAS,CAAA,CAAA,EAAI,WAAW,CAAE,CAAA,CAAA;AAGjE,UAAI,IAAA,OAAA,CAAQ,MAAQ,EAAA,KAAA,KAAU,UAAY,EAAA;AACxC,YAAI,IAAA;AACF,cAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,qCAAA,EAAwC,SAAS,CAAA,CAAA,EAAI,WAAW,CAAE,CAAA,CAAA;AAC9E,cAAA,MAAM,OAAU,GAAA,MAAMX,WAAU,CAAA,WAAA,CAAY,SAAS,CAAA;AACrD,cAAA,MAAM,cAAiB,GAAA,OAAA,CAAQ,KAAO,EAAA,IAAA,CAAK,CAAC,CAAW,KAAA;AACrD,gBAAA,MAAM,WAAc,GAAA,CAAA,CAAE,QAAU,EAAA,WAAA,IAAe,EAAC;AAChD,gBACE,OAAA,WAAA,CAAY,4BAA4B,CAAA,KAAM,aAC9C,IAAA,WAAA,CAAY,4BAA4B,CAAA,KAAM,QAC9C,IAAA,CAAA,CAAE,QAAU,EAAA,MAAA,EAAQ,GAAQ,KAAA,IAAA;AAAA,eAE/B,CAAA;AAED,cAAA,IAAI,cAAgB,EAAA;AAClB,gBAAA,OAAA,CAAQ,IAAI,CAAoB,iBAAA,EAAA,SAAS,IAAI,cAAe,CAAA,QAAA,CAAS,IAAI,CAAE,CAAA,CAAA;AAC3E,gBAAA,MAAMA,WAAU,CAAA,YAAA,CAAa,SAAW,EAAA,cAAA,CAAe,SAAS,IAAI,CAAA;AAAA;AACtE,qBACO,KAAO,EAAA;AACd,cAAA,OAAA,CAAQ,IAAK,CAAA,CAAA,oCAAA,EAAuC,WAAW,CAAA,CAAA,CAAA,EAAK,KAAK,CAAA;AAAA;AAE3E;AAIF,UAAA,MAAMA,WAAU,CAAA,oBAAA;AAAA,YACd,wBAAA;AAAA,YACA,UAAA;AAAA,YACA,SAAA;AAAA,YACA,gBAAA;AAAA,YACA;AAAA,WACF;AAAA,SACD;AAAA,OACH;AAGA,MAAA,MAAM,WAAW,eAAgB,CAAA,MAAA,CAAO,CAAK,CAAA,KAAA,CAAA,CAAE,WAAW,UAAU,CAAA;AACpE,MAAI,IAAA,QAAA,CAAS,SAAS,CAAG,EAAA;AACvB,QAAQ,OAAA,CAAA,IAAA;AAAA,UAAK,CAAA,EAAG,SAAS,MAAM,CAAA,wCAAA,CAAA;AAAA,UAC7B,QAAS,CAAA,GAAA,CAAI,CAAC,CAAA,KAAW,EAAE,MAAM;AAAA,SACnC;AAAA;AAEF,MAAA,MAAMA,WAAU,CAAA,oBAAA;AAAA,QACd,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA;AAAA,OACF;AAGA,MAAA,MAAM,WAAWQ,iCAA4B,EAAA;AAC7C,MAAA,IAAI,QAAU,EAAA;AACZ,QAAA,MAAM,SAAS,OAAQ,EAAA;AAAA;AAGzB,MAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,EAAA;AAAA,aACd,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,IAAI,iBAAiBb,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,+BAA+B,CAAA;AAAA;AAC/D;AACF,GACD,CAAA;AAGD,EAAA,MAAA,CAAO,GAAI,CAAA,aAAA,EAAe,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC5C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,QAAA,GAAW,MAAMC,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAM,4CAAA,EAAkC,CAAA;AAAA,QACjD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWC,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,OAAO,MAAMK,WAAA,CAAU,mBAAoB,CAAA,2BAAA,EAA6B,MAAM,YAAY,CAAA;AAEhG,MAAA,GAAA,CAAI,KAAK,IAAI,CAAA;AAAA,aACN,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,8BAA8B,CAAA;AAAA;AAC9D;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,KAAM,CAAA,+BAAA,EAAiC,OAAO,GAAA,EAAK,GAAQ,KAAA;AAEhE,IAAM,MAAA,WAAA,GAAciB,MAAE,MAAO,CAAA;AAAA,MAC3B,IAAA,EAAMA,MAAE,MAAO,CAAA;AAAA,QACb,WAAa,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,QACjC,WAAa,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,QACjC,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,QAC7B,aAAA,EAAeA,MAAE,IAAK,CAAA,CAAC,SAAS,WAAW,CAAC,EAAE,QAAS,EAAA;AAAA,QACvD,YAAA,EAAcA,MAAE,IAAK,CAAA,CAAC,aAAa,QAAQ,CAAC,EAAE,QAAS,EAAA;AAAA,QACvD,MAAMA,KAAE,CAAA,KAAA,CAAMA,MAAE,MAAO,EAAC,EAAE,QAAS,EAAA;AAAA,QACnC,OAAA,EAASA,MAAE,MAAO,CAAA;AAAA,UAChB,KAAO,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,UAC3B,IAAM,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,UAC1B,KAAO,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,SAC5B,CAAA,CAAE,OAAQ,EAAA,CAAE,QAAS,EAAA;AAAA,QACtB,aAAA,EAAeA,MAAE,MAAO,CAAA;AAAA,UACtB,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,UAC7B,WAAa,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,SAClC,CAAA,CAAE,OAAQ,EAAA,CAAE,QAAS;AAAA,OACvB,EAAE,OAAQ;AAAA,KACZ,CAAA;AAED,IAAA,MAAM,MAAS,GAAA,WAAA,CAAY,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AAC7C,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,OAAO,GAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA,EAAE,KAAO,EAAA,iBAAA,GAAoB,MAAO,CAAA,KAAA,CAAM,QAAS,EAAA,EAAG,CAAA;AAAA;AAGpF,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAA,IAAI,CAAC,WAAA,IAAe,CAAC,WAAA,CAAY,SAAW,EAAA;AAC1C,QAAM,MAAA,IAAIjB,uBAAgB,yBAAyB,CAAA;AAAA;AAGrD,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAGhC,MAAM,MAAA,iBAAA,GAAoB,MAAMC,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAAiB,iDAAA,EAAuC,CAAA;AAAA,QACtD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWV,uCAAgB,KAAO,EAAA;AAEzD,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAAkB,iDAAA,EAAuC,CAAA;AAAA,UACtD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWX,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,QAAM,MAAA,QAAA,GAAW,MAAMK,WAAU,CAAA,iBAAA,CAAkB,yBAAyB,UAAY,EAAA,SAAA,EAAW,eAAe,IAAI,CAAA;AACtH,QAAA,MAAM,KAAQ,GAAA,QAAA,CAAS,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAGnE,QAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,UAAM,MAAA,IAAIL,uBAAgB,2CAA2C,CAAA;AAAA;AACvE;AAIF,MAAI,IAAA,GAAA,CAAI,IAAK,CAAA,QAAA,EAAU,WAAa,EAAA;AAClC,QAAA,OAAO,GAAI,CAAA,IAAA,CAAK,QAAS,CAAA,WAAA,CAAY,oBAAoB,CAAA;AAAA;AAG3D,MAAM,MAAA,OAAA,GAAU,MAAMK,WAAU,CAAA,mBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA,IAAA;AAAA,QACA,MAAO,CAAA;AAAA,OACT;AAEA,MAAO,OAAA,GAAA,CAAI,KAAK,OAAO,CAAA;AAAA,aAChB,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,MAAM,eAAe,KAAiB,YAAA,KAAA,GAAQ,KAAM,CAAA,OAAA,GAAU,OAAO,KAAK,CAAA;AAE1E,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAO,OAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,KAAM,CAAA,OAAA,EAAS,CAAA;AAAA,OACtD,MAAA,IAAW,iBAAiBY,iBAAY,EAAA;AACtC,QAAO,OAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,KAAM,CAAA,OAAA,EAAS,CAAA;AAAA,OAC/C,MAAA;AACL,QAAO,OAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,cAAc,CAAA;AAAA;AACrD;AACF,GACD,CAAA;AAGD,EAAA,MAAA,CAAO,GAAI,CAAA,eAAA,EAAiB,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,QAAA,GAAW,MAAMX,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAmB,4CAAA,EAAkC,CAAA;AAAA,QACjD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWZ,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,OAAO,MAAMK,WAAA,CAAU,mBAAoB,CAAA,wBAAA,EAA0B,YAAY,cAAc,CAAA;AAGrG,MAAA,MAAM,QAAW,GAAA;AAAA,QACf,QAAQ,IAAK,CAAA,KAAA,IAAS,EAAI,EAAA,GAAA,CAAI,CAAC,MAAiB,MAAA;AAAA,UAC9C,QAAU,EAAA;AAAA,YACR,IAAA,EAAM,OAAO,QAAS,CAAA,IAAA;AAAA,YACtB,SAAA,EAAW,OAAO,QAAS,CAAA;AAAA,WAC7B;AAAA;AAAA,UAEA,SAAA,EAAW,MAAO,CAAA,IAAA,EAAM,SAAY,GAAA;AAAA,YAClC,IAAA,EAAM,MAAO,CAAA,IAAA,CAAK,SAAU,CAAA,IAAA;AAAA,YAC5B,IAAA,EAAM,MAAO,CAAA,IAAA,CAAK,SAAU,CAAA,IAAA;AAAA,YAC5B,SAAA,EAAW,MAAO,CAAA,IAAA,CAAK,SAAU,CAAA;AAAA,WAC/B,GAAA,KAAA,CAAA;AAAA;AAAA,UAEJ,KAAA,EAAA,CAAQ,OAAO,IAAM,EAAA,KAAA,IAAS,EAAI,EAAA,GAAA,CAAI,CAAC,IAAe,MAAA;AAAA,YACpD,MAAM,IAAK,CAAA,IAAA;AAAA,YACX,aAAa,IAAK,CAAA,WAAA;AAAA,YAClB,QAAQ,IAAK,CAAA;AAAA,WACb,CAAA;AAAA,SACF,CAAA;AAAA,OACJ;AAEA,MAAA,GAAA,CAAI,KAAK,QAAQ,CAAA;AAAA,aACV,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,gCAAgC,KAAK,CAAA;AACnD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gCAAgC,CAAA;AAAA;AAChE;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,GAAI,CAAA,gCAAA,EAAkC,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC/D,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,QAAA,GAAW,MAAMC,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAoB,4CAAA,EAAkC,CAAA;AAAA,QACjD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWb,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAChC,MAAM,MAAA,IAAA,GAAO,MAAMK,WAAU,CAAA,iBAAA,CAAkB,0BAA0B,UAAY,EAAA,SAAA,EAAW,gBAAgB,IAAI,CAAA;AACpH,MAAA,GAAA,CAAI,KAAK,IAAI,CAAA;AAAA,aACN,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,8BAA8B,CAAA;AAAA;AAC9D;AACF,GACD,CAAA;AAGD,EAAM,MAAA,aAAA,GAAgBiB,MAAE,MAAO,CAAA;AAAA,IAC7B,cAAA,EAAgBA,MAAE,MAAO,EAAA;AAAA;AAAA,IACzB,SAAA,EAAWA,MAAE,MAAO,EAAA;AAAA;AAAA,IACpB,QAAA,EAAUA,MAAE,MAAO,EAAA;AAAA,IACnB,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,IAC7B,SAAW,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,GAChC,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,WAAA,EAAa,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC3C,IAAA,MAAM,MAAS,GAAA,aAAA,CAAc,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AAC/C,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIL,iBAAA,CAAW,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAG9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,cAAgB,EAAA,SAAA,EAAW,UAAU,OAAS,EAAA,SAAA,KAAc,MAAO,CAAA,IAAA;AAG3E,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAGvE,MAAA,MAAM,WAAc,GAAA,CAAA,WAAA,EAAc,SAAS,CAAA,CAAA,EAAI,cAAc,CAAA,CAAA;AAC7D,MAAM,MAAA,QAAA,GAAW,MAAMX,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC;AAAA,UACC,UAAY,EAAAqB,iDAAA;AAAA,UACZ;AAAA,SACD,CAAA;AAAA,QACD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWd,uCAAgB,KAAO,EAAA;AAChD,QAAA,MAAM,IAAIR,sBAAA,CAAgB,CAAuC,oCAAA,EAAA,cAAc,CAAE,CAAA,CAAA;AAAA;AAEnF,MAAA,MAAM,YAAe,GAAAD,kBAAA,CAAY,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AAClD,MAAM,MAAA,QAAA,GAAW,yBAAyB,aAAa,CAAA;AACvD,MAAA,MAAM,WAAc,GAAA,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,cAAc,CAAA,CAAA,EAAI,YAAY,CAAA,CAAA,CAAG,WAAY,EAAA,CAAE,OAAQ,CAAA,aAAA,EAAe,GAAG,CAAA;AAE5G,MAAM,MAAA,WAAA,GAAmB,EAAE,MAAA,EAAQ,aAAc,EAAA;AACjD,MAAA,IAAI,SAAW,EAAA;AACb,QAAA,WAAA,CAAY,KAAQ,GAAA,SAAA;AAAA;AAGtB,MAAA,MAAM,OAAU,GAAA;AAAA,QACd,UAAY,EAAA,gCAAA;AAAA,QACZ,IAAM,EAAA,QAAA;AAAA,QACN,QAAU,EAAA;AAAA,UACR,IAAM,EAAA,WAAA;AAAA,UACN;AAAA,SACF;AAAA,QACA,IAAM,EAAA;AAAA,UACJ,aAAe,EAAA;AAAA,YACb,IAAM,EAAA;AAAA,WACR;AAAA,UACA,QAAA;AAAA,UACA,SAAS,OAAW,IAAA,EAAA;AAAA,UACpB;AAAA;AACF,OACF;AAEA,MAAM,MAAA,OAAA,GAAU,MAAMM,WAAU,CAAA,oBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AAGA,MAAI,IAAA;AACF,QAAM,MAAA,UAAA,GAAa,MAAMA,WAAU,CAAA,iBAAA;AAAA,UACjC,uBAAA;AAAA,UACA,UAAA;AAAA,UACA,SAAA;AAAA,UACA,aAAA;AAAA,UACA;AAAA,SACF;AAEA,QAAI,IAAA,UAAA,CAAW,IAAM,EAAA,YAAA,KAAiB,WAAa,EAAA;AAEjD,UAAA,MAAM,SAAS,cAAe,EAAA;AAC9B,UAAM,MAAA,SAAA,GAAY,KAAK,GAAI,EAAA;AAC3B,UAAMkB,MAAAA,SAAAA,GAAW,yBAAyB,aAAa,CAAA;AACvD,UAAA,MAAM,UAAa,GAAA,CAAA,EAAGA,SAAQ,CAAA,CAAA,EAAI,cAAc,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA,CAC1D,WAAY,EAAA,CACZ,OAAQ,CAAA,aAAA,EAAe,GAAG,CAAA;AAE7B,UAAA,MAAM,MAAS,GAAA;AAAA,YACb,UAAY,EAAA,IAAA;AAAA,YACZ,IAAM,EAAA,QAAA;AAAA,YACN,QAAU,EAAA;AAAA,cACR,IAAM,EAAA,UAAA;AAAA,cACN,SAAA;AAAA,cACA,MAAQ,EAAA;AAAA,gBACN,GAAK,EAAA;AAAA,eACP;AAAA,cACA,WAAa,EAAA;AAAA,gBACX,4BAA8B,EAAA,QAAA;AAAA,gBAC9B,4BAA8B,EAAA;AAAA;AAChC,aACF;AAAA,YACA,UAAY,EAAA;AAAA,cACV,OAAS,EAAA;AAAA,aACX;AAAA,YACA,IAAM,EAAA;AAAA,WACR;AAEA,UAAM,MAAAlB,WAAA,CAAU,YAAa,CAAA,SAAA,EAAW,MAAM,CAAA;AAG9C,UAAA,IAAI,UAAkB,GAAA,IAAA;AACtB,UAAM,MAAA,IAAA,GAAO,WAAW,IAAM,EAAA,KAAA,EAAO,KAAK,CAAC,CAAA,KAAW,CAAE,CAAA,IAAA,KAAS,QAAQ,CAAA;AACzE,UAAA,IAAI,IAAM,EAAA;AACR,YAAA,UAAA,GAAa,IAAK,CAAA,MAAA;AAAA;AAIpB,UAAI,IAAA,WAAA,GAAc,GAAG,cAAc,CAAA,iBAAA,CAAA;AACnC,UAAI,IAAA;AACF,YAAM,MAAA,SAAA,GAAY,MAAMA,WAAU,CAAA,iBAAA;AAAA,cAChC,2BAAA;AAAA,cACA,IAAA;AAAA,cACA,SAAA;AAAA,cACA,YAAA;AAAA,cACA;AAAA,aACF;AACA,YAAA,IAAI,UAAU,IAAM,EAAA,SAAA,IAAa,UAAU,IAAK,CAAA,SAAA,CAAU,SAAS,CAAG,EAAA;AACpE,cAAc,WAAA,GAAA,SAAA,CAAU,IAAK,CAAA,SAAA,CAAU,CAAC,CAAA;AAAA;AAC1C,mBACO,KAAO,EAAA;AACd,YAAQ,OAAA,CAAA,IAAA,CAAK,0DAA0D,KAAK,CAAA;AAAA;AAI9E,UAAA,MAAM,MAAS,GAAA;AAAA,YACb,KAAO,EAAA,UAAA;AAAA,YACP,UAAY,EAAA,QAAA;AAAA,YACZ,UAAY,EAAA,iBAAA,IAAI,IAAK,EAAA,EAAE,WAAY,EAAA;AAAA,YACnC,MAAQ,EAAA,oBAAA;AAAA,YACR,MAAA;AAAA,YACA,WAAA;AAAA,YACA,WAAa,EAAA,SAAA;AAAA,YACb,cAAA,EAAgB,GAAG,cAAc,CAAA,IAAA,CAAA;AAAA,YACjC;AAAA,WACF;AAEA,UAAA,MAAMA,WAAU,CAAA,yBAAA;AAAA,YACd,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,SAAA;AAAA,YACA,SAAA;AAAA,YACA,WAAA;AAAA,YACA;AAAA,WACF;AAAA;AACF,eACO,KAAO,EAAA;AACd,QAAQ,OAAA,CAAA,IAAA,CAAK,kDAAkD,KAAK,CAAA;AAAA;AAItE,MAAA,GAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,OAAO,CAAA;AAAA,aACrB,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,mCAAmC,KAAK,CAAA;AACtD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,oCAAoC,CAAA;AAAA;AACpE;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,GAAI,CAAA,WAAA,EAAa,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC1C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAGlD,MAAM,MAAA,eAAA,GAAkB,MAAMC,aAAY,CAAA,SAAA;AAAA,QACxC,CAAC,EAAE,UAAY,EAAAuB,kDAAA,EAAwC,CAAA;AAAA,QACvD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,MAAM,UAAa,GAAA,eAAA,CAAgB,CAAC,CAAA,CAAE,WAAWhB,sCAAgB,CAAA,KAAA;AAEjE,MAAA,IAAI,CAAC,UAAY,EAAA;AAEf,QAAM,MAAA,eAAA,GAAkB,MAAMP,aAAY,CAAA,SAAA;AAAA,UACxC,CAAC,EAAE,UAAY,EAAAwB,kDAAA,EAAwC,CAAA;AAAA,UACvD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,eAAgB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWjB,uCAAgB,KAAO,EAAA;AACvD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAC1C;AAGF,MAAM,MAAA,MAAA,GAAS,IAAI,KAAM,CAAA,MAAA;AACzB,MAAM,MAAA,SAAA,GAAY,IAAI,KAAM,CAAA,SAAA;AAE5B,MAAI,IAAA,IAAA;AACJ,MAAA,IAAI,SAAW,EAAA;AACb,QAAA,IAAA,GAAO,MAAMK,WAAU,CAAA,mBAAA,CAAoB,uBAAyB,EAAA,UAAA,EAAY,WAAW,SAAS,CAAA;AAAA,OAC/F,MAAA;AACL,QAAA,IAAA,GAAO,MAAMA,WAAA,CAAU,mBAAoB,CAAA,uBAAA,EAAyB,YAAY,SAAS,CAAA;AAAA;AAG3F,MAAI,IAAA,aAAA,GAAgB,IAAK,CAAA,KAAA,IAAS,EAAC;AAGnC,MAAA,IAAI,CAAC,UAAY,EAAA;AACf,QAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAGvE,QAAA,MAAM,cAAc,MAAMA,WAAA,CAAU,mBAAoB,CAAA,uBAAA,EAAyB,YAAY,aAAa,CAAA;AAC1G,QAAA,MAAM,oBAAoB,WAAY,CAAA,KAAA,IAAS,EAC5C,EAAA,MAAA,CAAO,CAAC,OAAiB,KAAA;AACxB,UAAA,MAAM,KAAQ,GAAA,OAAA,CAAQ,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAClE,UAAA,OAAO,KAAU,KAAA,aAAA;AAAA,SAClB,CACA,CAAA,GAAA,CAAI,CAAC,OAAiB,KAAA,OAAA,CAAQ,SAAS,IAAI,CAAA;AAG9C,QAAA,aAAA,GAAgB,aAAc,CAAA,MAAA;AAAA,UAAO,CAACW,IACpC,KAAA,gBAAA,CAAiB,QAASA,CAAAA,IAAAA,CAAI,MAAM,OAAO;AAAA,SAC7C;AAAA;AAGF,MAAA,IAAI,MAAQ,EAAA;AACV,QAAgB,aAAA,GAAA,aAAA,CAAc,MAAO,CAAA,CAACA,IAAa,KAAA;AACjD,UAAM,MAAA,KAAA,GAAQA,IAAI,CAAA,MAAA,EAAQ,KAAS,IAAA,SAAA;AACnC,UAAA,OAAO,KAAU,KAAA,MAAA;AAAA,SAClB,CAAA;AAAA;AAGH,MAAA,GAAA,CAAI,IAAK,CAAA,EAAE,KAAO,EAAA,aAAA,EAAe,CAAA;AAAA,aAC1B,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,oCAAoC,KAAK,CAAA;AACvD,MAAA,IAAI,iBAAiBhB,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,oCAAoC,CAAA;AAAA;AACpE;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,GAAI,CAAA,cAAA,EAAgB,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC7C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,QAAA,GAAW,MAAMC,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAwB,kDAAA,EAAwC,CAAA;AAAA,QACvD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWjB,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,MAAM,MAAA,SAAA,GAAY,IAAI,KAAM,CAAA,SAAA;AAE5B,MAAI,IAAA,IAAA;AACJ,MAAA,IAAI,SAAW,EAAA;AACb,QAAA,IAAA,GAAO,MAAMK,WAAU,CAAA,mBAAA,CAAoB,uBAAyB,EAAA,UAAA,EAAY,WAAW,SAAS,CAAA;AAAA,OAC/F,MAAA;AACL,QAAA,IAAA,GAAO,MAAMA,WAAA,CAAU,mBAAoB,CAAA,uBAAA,EAAyB,YAAY,SAAS,CAAA;AAAA;AAG3F,MAAA,MAAM,aAAiB,GAAA,CAAA,IAAA,CAAK,KAAS,IAAA,EAAI,EAAA,MAAA;AAAA,QACvC,CAACW,IAAAA,KAAaA,IAAI,CAAA,IAAA,EAAM,aAAa,MAAW,KAAA;AAAA,OAClD;AAEA,MAAA,GAAA,CAAI,IAAK,CAAA,EAAE,KAAO,EAAA,aAAA,EAAe,CAAA;AAAA,aAC1B,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,yCAAyC,KAAK,CAAA;AAC5D,MAAA,IAAI,iBAAiBhB,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,yCAAyC,CAAA;AAAA;AACzE;AACF,GACD,CAAA;AAED,EAAM,MAAA,mBAAA,GAAsBiB,MAAE,MAAO,CAAA;AAAA,IACnC,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,GAC9B,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,oCAAA,EAAsC,OAAO,GAAA,EAAK,GAAQ,KAAA;AACpE,IAAA,MAAM,MAAS,GAAA,mBAAA,CAAoB,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AACrD,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIL,iBAAA,CAAW,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAG9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAEvE,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAChC,MAAM,MAAA,EAAE,OAAQ,EAAA,GAAI,MAAO,CAAA,IAAA;AAC3B,MAAA,MAAM,UAAa,GAAA,aAAA;AAEnB,MAAM,MAAA,OAAA,GAAU,MAAMP,WAAU,CAAA,iBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,MAAM,OAAO,OAAQ,CAAA,IAAA;AACrB,MAAM,MAAA,cAAA,GAAiB,KAAK,aAAe,EAAA,IAAA;AAE3C,MAAA,IAAI,CAAC,cAAgB,EAAA;AACnB,QAAM,MAAA,IAAIO,kBAAW,+CAA+C,CAAA;AAAA;AAItE,MAAM,MAAA,UAAA,GAAa,MAAMP,WAAU,CAAA,iBAAA;AAAA,QACjC,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,MAAM,KAAQ,GAAA,UAAA,CAAW,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAIrE,MAAM,MAAA,iBAAA,GAAoB,MAAMJ,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAAyB,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWlB,uCAAgB,KAAO,EAAA;AAEzD,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAA0B,oDAAA,EAA0C,CAAA;AAAA,UACzD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWnB,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,UAAM,MAAA,IAAIA,uBAAgB,yDAAyD,CAAA;AAAA;AACrF;AAEF,MAAA,MAAM,SAAS,cAAe,EAAA;AAC9B,MAAM,MAAA,SAAA,GAAY,KAAK,GAAI,EAAA;AAC3B,MAAA,MAAM,QAAW,GAAA,wBAAA,CAAyB,IAAK,CAAA,WAAA,CAAY,MAAM,CAAA;AACjE,MAAA,MAAM,UAAa,GAAA,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,cAAc,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA,CAC1D,WAAY,EAAA,CACZ,OAAQ,CAAA,aAAA,EAAe,GAAG,CAAA;AAE7B,MAAA,MAAM,MAAS,GAAA;AAAA,QACb,UAAY,EAAA,IAAA;AAAA,QACZ,IAAM,EAAA,QAAA;AAAA,QACN,QAAU,EAAA;AAAA,UACR,IAAM,EAAA,UAAA;AAAA,UACN,SAAA;AAAA,UACA,MAAQ,EAAA;AAAA,YACN,GAAK,EAAA;AAAA,WACP;AAAA,UACA,WAAa,EAAA;AAAA,YACX,8BAA8B,IAAK,CAAA,QAAA;AAAA,YACnC,4BAAA,EAA8B,KAAK,WAAY,CAAA;AAAA;AACjD,SACF;AAAA,QACA,UAAY,EAAA;AAAA,UACV,OAAS,EAAA;AAAA,SACX;AAAA,QACA,IAAM,EAAA;AAAA,OACR;AAEA,MAAM,MAAAK,WAAA,CAAU,YAAa,CAAA,SAAA,EAAW,MAAM,CAAA;AAG9C,MAAA,IAAI,UAAkB,GAAA,IAAA;AACtB,MAAI,IAAA;AACF,QAAA,MAAM,WAAW,MAAMA,WAAA,CAAU,mBAAoB,CAAA,uBAAA,EAAyB,YAAY,aAAa,CAAA;AACvG,QAAA,MAAM,OAAW,GAAA,CAAA,QAAA,CAAS,KAAS,IAAA,EAAI,EAAA,IAAA;AAAA,UAAK,CAAC,CAC3C,KAAA,CAAA,CAAE,QAAS,CAAA,IAAA,CAAK,SAAS,cAAc,CAAA,IAAK,CAAE,CAAA,IAAA,EAAM,aAAa,WAAY,EAAA,CAAE,QAAS,CAAA,cAAA,CAAe,aAAa;AAAA,SACtH;AACA,QAAA,IAAI,OAAS,EAAA;AACX,UAAM,MAAA,IAAA,GAAO,OAAQ,CAAA,IAAA,EAAM,KAAO,EAAA,IAAA,CAAK,CAAC,CAAW,KAAA,CAAA,CAAE,IAAS,KAAA,IAAA,CAAK,QAAQ,CAAA;AAC3E,UAAA,IAAI,IAAM,EAAA;AACR,YAAA,UAAA,GAAa,IAAK,CAAA,MAAA;AAAA;AACpB;AACF,eACO,CAAG,EAAA;AACV,QAAQ,OAAA,CAAA,IAAA,CAAK,+CAA+C,CAAC,CAAA;AAAA;AAG/D,MAAA,IAAI,CAAC,UAAY,EAAA;AACf,QAAI,IAAA;AACF,UAAM,MAAA,MAAA,GAAS,MAAMA,WAAU,CAAA,iBAAA;AAAA,YAC7B,wBAAA;AAAA,YACA,UAAA;AAAA,YACA,SAAA;AAAA,YACA,cAAA;AAAA,YACA,GAAG,cAAc,CAAA,KAAA;AAAA,WACnB;AACA,UAAM,MAAA,IAAA,GAAO,MAAO,CAAA,IAAA,EAAM,KAAO,EAAA,IAAA,CAAK,CAAC,CAAW,KAAA,CAAA,CAAE,IAAS,KAAA,IAAA,CAAK,QAAQ,CAAA;AAC1E,UAAA,IAAI,IAAM,EAAA;AACR,YAAA,UAAA,GAAa,IAAK,CAAA,MAAA;AAAA;AACpB,iBACO,CAAG,EAAA;AACV,UAAQ,OAAA,CAAA,IAAA,CAAK,+CAA+C,CAAC,CAAA;AAAA;AAC/D;AAIF,MAAI,IAAA,WAAA,GAAc,GAAG,cAAc,CAAA,iBAAA,CAAA;AACnC,MAAI,IAAA;AACF,QAAM,MAAA,SAAA,GAAY,MAAMA,WAAU,CAAA,iBAAA;AAAA,UAChC,2BAAA;AAAA,UACA,IAAA;AAAA,UACA,SAAA;AAAA,UACA,YAAA;AAAA,UACA;AAAA,SACF;AACA,QAAA,IAAI,UAAU,IAAM,EAAA,SAAA,IAAa,UAAU,IAAK,CAAA,SAAA,CAAU,SAAS,CAAG,EAAA;AACpE,UAAc,WAAA,GAAA,SAAA,CAAU,IAAK,CAAA,SAAA,CAAU,CAAC,CAAA;AAAA;AAC1C,eACO,KAAO,EAAA;AACd,QAAQ,OAAA,CAAA,IAAA,CAAK,0DAA0D,KAAK,CAAA;AAAA;AAG9E,MAAA,MAAM,MAAS,GAAA;AAAA,QACb,KAAO,EAAA,UAAA;AAAA,QACP,UAAA;AAAA,QACA,UAAY,EAAA,iBAAA,IAAI,IAAK,EAAA,EAAE,WAAY,EAAA;AAAA,QACnC,QAAQ,OAAW,IAAA,UAAA;AAAA,QACnB,MAAA;AAAA,QACA,WAAA;AAAA,QACA,WAAa,EAAA,SAAA;AAAA,QACb,cAAA,EAAgB,GAAG,cAAc,CAAA,IAAA,CAAA;AAAA,QACjC;AAAA,OACF;AAEA,MAAA,MAAMA,WAAU,CAAA,yBAAA;AAAA,QACd,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA,IAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAI,GAAA,CAAA,IAAA,CAAK,EAAE,UAAA,EAAY,CAAA;AAAA,aAChB,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,oCAAoC,KAAK,CAAA;AACvD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qCAAqC,CAAA;AAAA;AACrE;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,mCAAA,EAAqC,OAAO,GAAA,EAAK,GAAQ,KAAA;AACnE,IAAA,MAAM,MAAS,GAAA,mBAAA,CAAoB,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AACrD,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIY,iBAAA,CAAW,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAG9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAEvE,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAChC,MAAM,MAAA,EAAE,OAAQ,EAAA,GAAI,MAAO,CAAA,IAAA;AAC3B,MAAA,MAAM,UAAa,GAAA,aAAA;AAGnB,MAAM,MAAA,OAAA,GAAU,MAAMP,WAAU,CAAA,iBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,MAAM,OAAO,OAAQ,CAAA,IAAA;AACrB,MAAM,MAAA,cAAA,GAAiB,KAAK,aAAe,EAAA,IAAA;AAE3C,MAAA,IAAI,CAAC,cAAgB,EAAA;AACnB,QAAM,MAAA,IAAIO,kBAAW,+CAA+C,CAAA;AAAA;AAItE,MAAM,MAAA,UAAA,GAAa,MAAMP,WAAU,CAAA,iBAAA;AAAA,QACjC,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,MAAM,KAAQ,GAAA,UAAA,CAAW,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAIrE,MAAM,MAAA,iBAAA,GAAoB,MAAMJ,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAAyB,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWlB,uCAAgB,KAAO,EAAA;AAEzD,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAA0B,oDAAA,EAA0C,CAAA;AAAA,UACzD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWnB,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,UAAM,MAAA,IAAIA,uBAAgB,wDAAwD,CAAA;AAAA;AACpF;AAGF,MAAA,MAAM,MAAS,GAAA;AAAA,QACb,KAAO,EAAA,UAAA;AAAA,QACP,UAAA;AAAA,QACA,UAAY,EAAA,iBAAA,IAAI,IAAK,EAAA,EAAE,WAAY,EAAA;AAAA,QACnC,QAAQ,OAAW,IAAA;AAAA,OACrB;AAEA,MAAA,MAAMK,WAAU,CAAA,yBAAA;AAAA,QACd,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA,IAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,EAAA;AAAA,aACd,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,oCAAoC,KAAK,CAAA;AACvD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,oCAAoC,CAAA;AAAA;AACpE;AACF,GACD,CAAA;AAED,EAAM,MAAA,iBAAA,GAAoBiB,MAAE,MAAO,CAAA;AAAA,IACjC,QAAU,EAAAA,KAAA,CAAE,KAAM,CAAAA,KAAA,CAAE,MAAO,CAAA;AAAA,MACzB,SAAA,EAAWA,MAAE,MAAO,EAAA;AAAA,MACpB,IAAA,EAAMA,MAAE,MAAO;AAAA,KAChB,CAAC,CAAA;AAAA,IACF,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,GAC9B,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,wBAAA,EAA0B,OAAO,GAAA,EAAK,GAAQ,KAAA;AACxD,IAAA,MAAM,MAAS,GAAA,iBAAA,CAAkB,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AACnD,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIL,iBAAA,CAAW,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAG9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAEvE,MAAM,MAAA,QAAA,GAAW,MAAMX,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAyB,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWlB,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,EAAE,QAAA,EAAU,OAAQ,EAAA,GAAI,MAAO,CAAA,IAAA;AACrC,MAAA,MAAM,UAAa,GAAA,aAAA;AACnB,MAAA,MAAM,UAAU,EAAC;AAEjB,MAAA,KAAA,MAAW,UAAU,QAAU,EAAA;AAC7B,QAAI,IAAA;AACF,UAAM,MAAA,OAAA,GAAU,MAAMK,WAAU,CAAA,iBAAA;AAAA,YAC9B,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,MAAO,CAAA,SAAA;AAAA,YACP,SAAA;AAAA,YACA,MAAO,CAAA;AAAA,WACT;AAEA,UAAA,MAAM,OAAO,OAAQ,CAAA,IAAA;AAGrB,UAAM,MAAA,UAAA,GAAa,MAAMA,WAAU,CAAA,iBAAA;AAAA,YACjC,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,IAAK,CAAA,YAAA;AAAA,YACL,aAAA;AAAA,YACA,IAAK,CAAA;AAAA,WACP;AAEA,UAAA,MAAM,KAAQ,GAAA,UAAA,CAAW,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAIrE,UAAM,MAAA,iBAAA,GAAoB,MAAMJ,aAAY,CAAA,SAAA;AAAA,YAC1C,CAAC,EAAE,UAAY,EAAAiB,iDAAA,EAAuC,CAAA;AAAA,YACtD,EAAE,WAAY;AAAA,WAChB;AAEA,UAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWV,uCAAgB,KAAO,EAAA;AAEzD,YAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,cAC1C,CAAC,EAAE,UAAY,EAAAkB,iDAAA,EAAuC,CAAA;AAAA,cACtD,EAAE,WAAY;AAAA,aAChB;AAEA,YAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWX,uCAAgB,KAAO,EAAA;AACzD,cAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,YAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,cAAM,MAAA,IAAIA,uBAAgB,yDAAyD,CAAA;AAAA;AACrF;AAEF,UAAA,MAAM,SAAS,cAAe,EAAA;AAC9B,UAAM,MAAA,SAAA,GAAY,KAAK,GAAI,EAAA;AAC3B,UAAA,MAAM,QAAW,GAAA,wBAAA,CAAyB,IAAK,CAAA,WAAA,CAAY,MAAM,CAAA;AACjE,UAAA,MAAM,UAAa,GAAA,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,IAAK,CAAA,OAAO,CAAI,CAAA,EAAA,SAAS,CACxD,CAAA,CAAA,WAAA,EACA,CAAA,OAAA,CAAQ,eAAe,GAAG,CAAA;AAE7B,UAAA,MAAM,MAAS,GAAA;AAAA,YACb,UAAY,EAAA,IAAA;AAAA,YACZ,IAAM,EAAA,QAAA;AAAA,YACN,QAAU,EAAA;AAAA,cACR,IAAM,EAAA,UAAA;AAAA,cACN,WAAW,IAAK,CAAA,YAAA;AAAA,cAChB,MAAQ,EAAA;AAAA,gBACN,KAAK,IAAK,CAAA;AAAA,eACZ;AAAA,cACA,WAAa,EAAA;AAAA,gBACX,8BAA8B,IAAK,CAAA,QAAA;AAAA,gBACnC,4BAAA,EAA8B,KAAK,WAAY,CAAA;AAAA;AACjD,aACF;AAAA,YACA,UAAY,EAAA;AAAA,cACV,OAAS,EAAA;AAAA,aACX;AAAA,YACA,IAAM,EAAA;AAAA,WACR;AAEA,UAAA,MAAMK,WAAU,CAAA,YAAA,CAAa,IAAK,CAAA,YAAA,EAAc,MAAM,CAAA;AAGtD,UAAA,IAAI,UAAkB,GAAA,IAAA;AACtB,UAAI,IAAA;AACF,YAAA,MAAM,WAAW,MAAMA,WAAA,CAAU,mBAAoB,CAAA,uBAAA,EAAyB,YAAY,aAAa,CAAA;AACvG,YAAA,MAAM,OAAW,GAAA,CAAA,QAAA,CAAS,KAAS,IAAA,EAAI,EAAA,IAAA;AAAA,cAAK,CAAC,CAC3C,KAAA,CAAA,CAAE,SAAS,IAAK,CAAA,QAAA,CAAS,KAAK,OAAO,CAAA,IAAK,CAAE,CAAA,IAAA,EAAM,aAAa,WAAY,EAAA,CAAE,SAAS,IAAK,CAAA,OAAA,CAAQ,aAAa;AAAA,aAClH;AACA,YAAA,IAAI,OAAS,EAAA;AACX,cAAM,MAAA,IAAA,GAAO,OAAQ,CAAA,IAAA,EAAM,KAAO,EAAA,IAAA,CAAK,CAAC,CAAW,KAAA,CAAA,CAAE,IAAS,KAAA,IAAA,CAAK,QAAQ,CAAA;AAC3E,cAAA,IAAI,IAAM,EAAA;AACR,gBAAA,UAAA,GAAa,IAAK,CAAA,MAAA;AAAA;AACpB;AACF,mBACO,CAAG,EAAA;AACV,YAAQ,OAAA,CAAA,IAAA,CAAK,+CAA+C,CAAC,CAAA;AAAA;AAG/D,UAAA,IAAI,CAAC,UAAY,EAAA;AACf,YAAI,IAAA;AACF,cAAM,MAAA,MAAA,GAAS,MAAMA,WAAU,CAAA,iBAAA;AAAA,gBAC7B,uBAAA;AAAA,gBACA,UAAA;AAAA,gBACA,IAAK,CAAA,YAAA;AAAA,gBACL,cAAA;AAAA,gBACA,CAAA,EAAG,KAAK,OAAO,CAAA,KAAA;AAAA,eACjB;AACA,cAAM,MAAA,IAAA,GAAO,MAAO,CAAA,IAAA,EAAM,KAAO,EAAA,IAAA,CAAK,CAAC,CAAW,KAAA,CAAA,CAAE,IAAS,KAAA,IAAA,CAAK,QAAQ,CAAA;AAC1E,cAAA,IAAI,IAAM,EAAA;AACR,gBAAA,UAAA,GAAa,IAAK,CAAA,MAAA;AAAA;AACpB,qBACO,CAAG,EAAA;AACV,cAAQ,OAAA,CAAA,IAAA,CAAK,+CAA+C,CAAC,CAAA;AAAA;AAC/D;AAIF,UAAI,IAAA,WAAA,GAAc,CAAG,EAAA,IAAA,CAAK,OAAO,CAAA,iBAAA,CAAA;AACjC,UAAI,IAAA;AACF,YAAM,MAAA,SAAA,GAAY,MAAMA,WAAU,CAAA,iBAAA;AAAA,cAChC,2BAAA;AAAA,cACA,IAAA;AAAA,cACA,IAAK,CAAA,YAAA;AAAA,cACL,YAAA;AAAA,cACA,IAAK,CAAA;AAAA,aACP;AACA,YAAA,IAAI,UAAU,IAAM,EAAA,SAAA,IAAa,UAAU,IAAK,CAAA,SAAA,CAAU,SAAS,CAAG,EAAA;AACpE,cAAc,WAAA,GAAA,SAAA,CAAU,IAAK,CAAA,SAAA,CAAU,CAAC,CAAA;AAAA;AAC1C,mBACO,KAAO,EAAA;AACd,YAAQ,OAAA,CAAA,IAAA,CAAK,0DAA0D,KAAK,CAAA;AAAA;AAG9E,UAAA,MAAM,MAAS,GAAA;AAAA,YACb,KAAO,EAAA,UAAA;AAAA,YACP,UAAA;AAAA,YACA,UAAY,EAAA,iBAAA,IAAI,IAAK,EAAA,EAAE,WAAY,EAAA;AAAA,YACnC,QAAQ,OAAW,IAAA,UAAA;AAAA,YACnB,MAAA;AAAA,YACA,WAAA;AAAA,YACA,WAAa,EAAA,SAAA;AAAA,YACb,cAAA,EAAgB,CAAG,EAAA,IAAA,CAAK,OAAO,CAAA,IAAA,CAAA;AAAA,YAC/B;AAAA,WACF;AAEA,UAAA,MAAMA,WAAU,CAAA,yBAAA;AAAA,YACd,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,MAAO,CAAA,SAAA;AAAA,YACP,SAAA;AAAA,YACA,MAAO,CAAA,IAAA;AAAA,YACP;AAAA,WACF;AAEA,UAAQ,OAAA,CAAA,IAAA,CAAK,EAAE,SAAA,EAAW,MAAO,CAAA,SAAA,EAAW,IAAM,EAAA,MAAA,CAAO,IAAM,EAAA,OAAA,EAAS,IAAM,EAAA,UAAA,EAAY,CAAA;AAAA,iBACnF,KAAO,EAAA;AACd,UAAQ,OAAA,CAAA,KAAA,CAAM,2BAA2B,MAAO,CAAA,SAAS,IAAI,MAAO,CAAA,IAAI,KAAK,KAAK,CAAA;AAClF,UAAA,OAAA,CAAQ,IAAK,CAAA;AAAA,YACX,WAAW,MAAO,CAAA,SAAA;AAAA,YAClB,MAAM,MAAO,CAAA,IAAA;AAAA,YACb,OAAS,EAAA,KAAA;AAAA,YACT,KAAO,EAAA,KAAA,YAAiB,KAAQ,GAAA,KAAA,CAAM,OAAU,GAAA;AAAA,WACjD,CAAA;AAAA;AACH;AAGF,MAAI,GAAA,CAAA,IAAA,CAAK,EAAE,OAAA,EAAS,CAAA;AAAA,aACb,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,0BAA0B,KAAK,CAAA;AAC7C,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2CAA2C,CAAA;AAAA;AAC3E;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,uBAAA,EAAyB,OAAO,GAAA,EAAK,GAAQ,KAAA;AACvD,IAAA,MAAM,MAAS,GAAA,iBAAA,CAAkB,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AACnD,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIY,iBAAA,CAAW,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAG9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAEvE,MAAM,MAAA,QAAA,GAAW,MAAMX,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAyB,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWlB,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,EAAE,QAAA,EAAU,OAAQ,EAAA,GAAI,MAAO,CAAA,IAAA;AACrC,MAAA,MAAM,UAAa,GAAA,aAAA;AACnB,MAAA,MAAM,UAAU,EAAC;AAEjB,MAAA,KAAA,MAAW,UAAU,QAAU,EAAA;AAC7B,QAAI,IAAA;AAEF,UAAM,MAAA,OAAA,GAAU,MAAMK,WAAU,CAAA,iBAAA;AAAA,YAC9B,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,MAAO,CAAA,SAAA;AAAA,YACP,SAAA;AAAA,YACA,MAAO,CAAA;AAAA,WACT;AAEA,UAAA,MAAM,OAAO,OAAQ,CAAA,IAAA;AAGrB,UAAM,MAAA,UAAA,GAAa,MAAMA,WAAU,CAAA,iBAAA;AAAA,YACjC,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,IAAK,CAAA,YAAA;AAAA,YACL,aAAA;AAAA,YACA,IAAK,CAAA;AAAA,WACP;AAEA,UAAA,MAAM,KAAQ,GAAA,UAAA,CAAW,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAIrE,UAAM,MAAA,iBAAA,GAAoB,MAAMJ,aAAY,CAAA,SAAA;AAAA,YAC1C,CAAC,EAAE,UAAY,EAAAiB,iDAAA,EAAuC,CAAA;AAAA,YACtD,EAAE,WAAY;AAAA,WAChB;AAEA,UAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWV,uCAAgB,KAAO,EAAA;AAEzD,YAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,cAC1C,CAAC,EAAE,UAAY,EAAAkB,iDAAA,EAAuC,CAAA;AAAA,cACtD,EAAE,WAAY;AAAA,aAChB;AAEA,YAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWX,uCAAgB,KAAO,EAAA;AACzD,cAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,YAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,cAAM,MAAA,IAAIA,uBAAgB,wDAAwD,CAAA;AAAA;AACpF;AAGF,UAAA,MAAM,MAAS,GAAA;AAAA,YACb,KAAO,EAAA,UAAA;AAAA,YACP,UAAA;AAAA,YACA,UAAY,EAAA,iBAAA,IAAI,IAAK,EAAA,EAAE,WAAY,EAAA;AAAA,YACnC,QAAQ,OAAW,IAAA;AAAA,WACrB;AAEA,UAAA,MAAMK,WAAU,CAAA,yBAAA;AAAA,YACd,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,MAAO,CAAA,SAAA;AAAA,YACP,SAAA;AAAA,YACA,MAAO,CAAA,IAAA;AAAA,YACP;AAAA,WACF;AAEA,UAAQ,OAAA,CAAA,IAAA,CAAK,EAAE,SAAA,EAAW,MAAO,CAAA,SAAA,EAAW,MAAM,MAAO,CAAA,IAAA,EAAM,OAAS,EAAA,IAAA,EAAM,CAAA;AAAA,iBACvE,KAAO,EAAA;AACd,UAAQ,OAAA,CAAA,KAAA,CAAM,2BAA2B,MAAO,CAAA,SAAS,IAAI,MAAO,CAAA,IAAI,KAAK,KAAK,CAAA;AAClF,UAAA,OAAA,CAAQ,IAAK,CAAA;AAAA,YACX,WAAW,MAAO,CAAA,SAAA;AAAA,YAClB,MAAM,MAAO,CAAA,IAAA;AAAA,YACb,OAAS,EAAA,KAAA;AAAA,YACT,KAAO,EAAA,KAAA,YAAiB,KAAQ,GAAA,KAAA,CAAM,OAAU,GAAA;AAAA,WACjD,CAAA;AAAA;AACH;AAGF,MAAI,GAAA,CAAA,IAAA,CAAK,EAAE,OAAA,EAAS,CAAA;AAAA,aACb,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,yBAAyB,KAAK,CAAA;AAC5C,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,0CAA0C,CAAA;AAAA;AAC1E;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,MAAO,CAAA,4BAAA,EAA8B,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC9D,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAGhC,MAAM,MAAA,OAAA,GAAU,MAAMK,WAAU,CAAA,iBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAM,MAAA,aAAA,GAAgB,OAAQ,CAAA,IAAA,EAAM,WAAa,EAAA,MAAA;AAGjD,MAAM,MAAA,iBAAA,GAAoB,MAAMJ,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAA2B,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,MAAM,YAAe,GAAA,iBAAA,CAAkB,CAAC,CAAA,CAAE,WAAWpB,sCAAgB,CAAA,KAAA;AAErE,MAAA,IAAI,CAAC,YAAc,EAAA;AAEjB,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAA4B,oDAAA,EAA0C,CAAA;AAAA,UACzD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWrB,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,IAAI,kBAAkB,aAAe,EAAA;AACnC,UAAM,MAAA,IAAIA,uBAAgB,+CAA+C,CAAA;AAAA;AAC3E;AAIF,MAAI,IAAA,OAAA,CAAQ,MAAQ,EAAA,KAAA,KAAU,UAAY,EAAA;AACxC,QAAI,IAAA;AACF,UAAM,MAAA,YAAA,GAAe,QAAQ,IAAM,EAAA,YAAA;AACnC,UAAM,MAAA,OAAA,GAAU,QAAQ,IAAM,EAAA,OAAA;AAC9B,UAAM,MAAA,QAAA,GAAW,QAAQ,IAAM,EAAA,QAAA;AAG/B,UAAA,MAAM,OAAU,GAAA,MAAMK,WAAU,CAAA,WAAA,CAAY,YAAY,CAAA;AACxD,UAAA,MAAM,cAAiB,GAAA,OAAA,CAAQ,KAAO,EAAA,IAAA,CAAK,CAAC,CAAW,KAAA;AACrD,YAAA,MAAM,WAAc,GAAA,CAAA,CAAE,QAAU,EAAA,WAAA,IAAe,EAAC;AAChD,YACE,OAAA,WAAA,CAAY,4BAA4B,CAAA,KAAM,aAC9C,IAAA,WAAA,CAAY,4BAA4B,CAAA,KAAM,QAC9C,IAAA,CAAA,CAAE,QAAU,EAAA,MAAA,EAAQ,GAAQ,KAAA,OAAA;AAAA,WAE/B,CAAA;AAED,UAAA,IAAI,cAAgB,EAAA;AAClB,YAAA,MAAMA,WAAU,CAAA,YAAA,CAAa,YAAc,EAAA,cAAA,CAAe,SAAS,IAAI,CAAA;AAAA;AACzE,iBACO,KAAO,EAAA;AACd,UAAQ,OAAA,CAAA,IAAA,CAAK,uCAAuC,KAAK,CAAA;AAAA;AAE3D;AAGF,MAAA,MAAMA,WAAU,CAAA,oBAAA;AAAA,QACd,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AACA,MAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,EAAA;AAAA,aACd,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,mCAAmC,KAAK,CAAA;AACtD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,oCAAoC,CAAA;AAAA;AACpE;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,KAAM,CAAA,4BAAA,EAA8B,OAAO,GAAA,EAAK,GAAQ,KAAA;AAE7D,IAAM,MAAA,WAAA,GAAciB,MAAE,MAAO,CAAA;AAAA,MAC3B,IAAA,EAAMA,MAAE,MAAO,CAAA;AAAA,QACb,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,QAC7B,QAAU,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,OAC/B,EAAE,OAAQ;AAAA,KACZ,CAAA;AAED,IAAA,MAAM,MAAS,GAAA,WAAA,CAAY,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AAC7C,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIL,iBAAW,CAAA,iBAAA,GAAoB,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAGlE,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAGhC,MAAM,MAAA,QAAA,GAAW,MAAMP,WAAU,CAAA,iBAAA;AAAA,QAC/B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAM,MAAA,aAAA,GAAgB,QAAS,CAAA,IAAA,EAAM,WAAa,EAAA,MAAA;AAClD,MAAM,MAAA,YAAA,GAAe,QAAS,CAAA,MAAA,EAAQ,KAAS,IAAA,SAAA;AAG/C,MAAA,IAAI,iBAAiB,SAAW,EAAA;AAC9B,QAAM,MAAA,IAAIL,uBAAgB,qCAAqC,CAAA;AAAA;AAIjE,MAAM,MAAA,iBAAA,GAAoB,MAAMC,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAAyB,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWlB,uCAAgB,KAAO,EAAA;AAEzD,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAA0B,oDAAA,EAA0C,CAAA;AAAA,UACzD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWnB,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,IAAI,kBAAkB,aAAe,EAAA;AACnC,UAAM,MAAA,IAAIA,uBAAgB,+CAA+C,CAAA;AAAA;AAC3E;AAIF,MAAM,MAAA,OAAA,GAAU,MAAMK,WAAU,CAAA,mBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA,IAAA;AAAA,QACA,MAAO,CAAA;AAAA,OACT;AAEA,MAAA,GAAA,CAAI,KAAK,OAAO,CAAA;AAAA,aACT,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,mCAAmC,KAAK,CAAA;AACtD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OAC/C,MAAA,IAAW,iBAAiBY,iBAAY,EAAA;AACtC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,oCAAoC,CAAA;AAAA;AACpE;AACF,GACD,CAAA;AAGD,EAAA,MAAA,CAAO,IAAIkB,sDAAkC,CAAA;AAAA,IAC3C,WAAa,EAAAC;AAAA,GACd,CAAC,CAAA;AAEF,EAAO,OAAA,MAAA;AACT;;;;"}
|
|
1
|
+
{"version":3,"file":"router.cjs.js","sources":["../src/router.ts"],"sourcesContent":["import { HttpAuthService, RootConfigService, UserInfoService, PermissionsService } from '@backstage/backend-plugin-api';\nimport { InputError, NotAllowedError } from '@backstage/errors';\nimport { AuthorizeResult } from '@backstage/plugin-permission-common';\nimport { createPermissionIntegrationRouter } from '@backstage/plugin-permission-node';\nimport { z } from 'zod';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport cors from 'cors';\nimport { randomBytes } from 'crypto';\nimport { KuadrantK8sClient } from './k8s-client';\nimport { getAPIProductEntityProvider } from './module';\nimport {\n kuadrantPermissions,\n kuadrantPlanPolicyListPermission,\n kuadrantPlanPolicyReadPermission,\n kuadrantApiProductListPermission,\n kuadrantApiProductReadOwnPermission,\n kuadrantApiProductReadAllPermission,\n kuadrantApiProductCreatePermission,\n kuadrantApiProductUpdateOwnPermission,\n kuadrantApiProductUpdateAllPermission,\n kuadrantApiProductDeleteOwnPermission,\n kuadrantApiProductDeleteAllPermission,\n kuadrantApiKeyRequestCreatePermission,\n kuadrantApiKeyRequestReadOwnPermission,\n kuadrantApiKeyRequestReadAllPermission,\n kuadrantApiKeyRequestUpdateOwnPermission,\n kuadrantApiKeyRequestUpdateAllPermission,\n kuadrantApiKeyRequestDeleteOwnPermission,\n kuadrantApiKeyRequestDeleteAllPermission,\n} from './permissions';\n\n/**\n * Extract a kubernetes-safe name from entity ref\n * e.g., \"user:default/alice\" -> \"alice\"\n * e.g., \"group:platform/api-owners\" -> \"api-owners\"\n */\nfunction extractNameFromEntityRef(entityRef: string): string {\n const parts = entityRef.split('/');\n return parts[parts.length - 1];\n}\n\nasync function getUserIdentity(req: express.Request, httpAuth: HttpAuthService, userInfo: UserInfoService): Promise<{\n userEntityRef: string;\n groups: string[];\n}> {\n const credentials = await httpAuth.credentials(req);\n\n if (!credentials || !credentials.principal) {\n throw new NotAllowedError('authentication required');\n }\n\n // get user info from credentials\n const info = await userInfo.getUserInfo(credentials);\n const groups = info.ownershipEntityRefs || [];\n\n console.log(`user identity resolved: userEntityRef=${info.userEntityRef}, groups=${groups.join(',')}`);\n return {\n userEntityRef: info.userEntityRef,\n groups\n };\n}\n\nexport async function createRouter({\n httpAuth,\n userInfo,\n config,\n permissions,\n}: {\n httpAuth: HttpAuthService;\n userInfo: UserInfoService;\n config: RootConfigService;\n permissions: PermissionsService;\n}): Promise<express.Router> {\n const router = Router();\n\n // enable cors for dev mode (allows frontend on :3000 to call backend on :7007)\n router.use(cors({\n origin: 'http://localhost:3000',\n credentials: true,\n }));\n\n router.use(express.json());\n\n const k8sClient = new KuadrantK8sClient(config);\n\n // apiproduct endpoints\n router.get('/apiproducts', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const listDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductListPermission }],\n { credentials }\n );\n\n if (listDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const data = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apiproducts');\n\n // check if user has read all permission\n const readAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductReadAllPermission }],\n { credentials }\n );\n\n if (readAllDecision[0].result === AuthorizeResult.ALLOW) {\n // admin - return all apiproducts\n res.json(data);\n } else {\n // owner - check read own permission and filter\n const readOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductReadOwnPermission }],\n { credentials }\n );\n\n if (readOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // filter to only owned apiproducts\n const ownedItems = (data.items || []).filter((item: any) => {\n const owner = item.metadata?.annotations?.['backstage.io/owner'];\n return owner === userEntityRef;\n });\n\n res.json({ ...data, items: ownedItems });\n }\n } catch (error) {\n console.error('error fetching apiproducts:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch apiproducts' });\n }\n }\n });\n\n router.get('/apiproducts/:namespace/:name', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n const { namespace, name } = req.params;\n\n // try read all permission first (admin)\n const readAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductReadAllPermission }],\n { credentials }\n );\n\n if (readAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to read own permission\n const readOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductReadOwnPermission }],\n { credentials }\n );\n\n if (readOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const data = await k8sClient.getCustomResource('devportal.kuadrant.io', 'v1alpha1', namespace, 'apiproducts', name);\n const owner = data.metadata?.annotations?.['backstage.io/owner'];\n\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only read your own api products');\n }\n\n res.json(data);\n } else {\n // admin - read any apiproduct\n const data = await k8sClient.getCustomResource('devportal.kuadrant.io', 'v1alpha1', namespace, 'apiproducts', name);\n res.json(data);\n }\n } catch (error) {\n console.error('error fetching apiproduct:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch apiproduct' });\n }\n }\n });\n\n router.post('/apiproducts', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantApiProductCreatePermission }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const apiProduct = req.body;\n const targetRef = apiProduct.spec?.targetRef;\n\n if (!targetRef?.name || !targetRef?.kind || !targetRef?.namespace) {\n throw new InputError('targetRef with name, kind, and namespace is required');\n }\n\n // derive namespace from httproute - apiproduct lives in same namespace as httproute\n const namespace = targetRef.namespace;\n apiProduct.metadata.namespace = namespace;\n\n // set ownership annotation (backstage-specific metadata)\n // note: creationTimestamp is automatically set by kubernetes api server\n if (!apiProduct.metadata.annotations) {\n apiProduct.metadata.annotations = {};\n }\n apiProduct.metadata.annotations['backstage.io/owner'] = userEntityRef;\n\n const created = await k8sClient.createCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apiproducts',\n apiProduct,\n );\n\n // trigger immediate catalog sync\n const provider = getAPIProductEntityProvider();\n if (provider) {\n await provider.refresh();\n }\n\n res.status(201).json(created);\n } catch (error) {\n console.error('error creating apiproduct:', error);\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else if (error instanceof InputError) {\n res.status(400).json({ error: error.message });\n } else {\n // pass the detailed error message to the frontend\n res.status(500).json({ error: errorMessage });\n }\n }\n });\n\n router.delete('/apiproducts/:namespace/:name', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n const { namespace, name } = req.params;\n\n // try delete all permission first (admin)\n const deleteAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductDeleteAllPermission }],\n { credentials }\n );\n\n if (deleteAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to delete own permission\n const deleteOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductDeleteOwnPermission }],\n { credentials }\n );\n\n if (deleteOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership before deleting\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const existing = await k8sClient.getCustomResource('devportal.kuadrant.io', 'v1alpha1', namespace, 'apiproducts', name);\n const owner = existing.metadata?.annotations?.['backstage.io/owner'];\n\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only delete your own api products');\n }\n }\n console.log(`cascading delete: finding apikeys for ${namespace}/${name}`);\n\n let allRequests;\n try {\n allRequests = await k8sClient.listCustomResources(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n 'apikeys',\n namespace\n );\n } catch (error) {\n console.warn('failed to list apikeys during cascade delete:', error);\n allRequests = { items: [] };\n }\n\n // filter requests that belong to this APIProduct\n const relatedRequests = (allRequests.items || []).filter((req: any) =>\n req.spec?.apiProductRef?.name === name\n );\n\n console.log(`found ${relatedRequests.length} apikeys to delete`);\n\n // delete each APIKey - controller's OwnerReference handles Secret cleanup\n const deletionResults = await Promise.allSettled(\n relatedRequests.map(async (request: any) => {\n const requestName = request.metadata.name;\n console.log(`deleting apikey: ${namespace}/${requestName}`);\n await k8sClient.deleteCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n requestName\n );\n })\n );\n\n const failures = deletionResults.filter(r => r.status === 'rejected');\n if (failures.length > 0) {\n console.warn(`${failures.length} apikeys failed to delete:`,\n failures.map((f: any) => f.reason)\n );\n }\n await k8sClient.deleteCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apiproducts',\n name\n );\n\n // trigger immediate catalog sync\n const provider = getAPIProductEntityProvider();\n if (provider) {\n await provider.refresh();\n }\n\n res.status(204).send();\n } catch (error) {\n console.error('error deleting apiproduct:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to delete apiproduct' });\n }\n }\n });\n\n // httproute endpoints\n router.get('/httproutes', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantApiProductListPermission }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const data = await k8sClient.listCustomResources('gateway.networking.k8s.io', 'v1', 'httproutes');\n\n res.json(data);\n } catch (error) {\n console.error('error fetching httproutes:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch httproutes' });\n }\n }\n });\n\n router.patch('/apiproducts/:namespace/:name', async (req, res) => {\n // whitelist allowed fields for patching\n const patchSchema = z.object({\n spec: z.object({\n displayName: z.string().optional(),\n description: z.string().optional(),\n version: z.string().optional(),\n publishStatus: z.enum(['Draft', 'Published']).optional(),\n approvalMode: z.enum(['automatic', 'manual']).optional(),\n tags: z.array(z.string()).optional(),\n contact: z.object({\n email: z.string().optional(),\n team: z.string().optional(),\n slack: z.string().optional(),\n }).partial().optional(),\n documentation: z.object({\n docsURL: z.string().optional(),\n openAPISpec: z.string().optional(),\n }).partial().optional(),\n }).partial(),\n });\n\n const parsed = patchSchema.safeParse(req.body);\n if (!parsed.success) {\n return res.status(400).json({ error: 'invalid patch: ' + parsed.error.toString() });\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n\n if (!credentials || !credentials.principal) {\n throw new NotAllowedError('authentication required');\n }\n\n const { namespace, name } = req.params;\n\n // try update all permission first (admin)\n const updateAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductUpdateAllPermission }],\n { credentials }\n );\n\n if (updateAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to update own permission\n const updateOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductUpdateOwnPermission }],\n { credentials }\n );\n\n if (updateOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const existing = await k8sClient.getCustomResource('devportal.kuadrant.io', 'v1alpha1', namespace, 'apiproducts', name);\n const owner = existing.metadata?.annotations?.['backstage.io/owner'];\n\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only update your own api products');\n }\n }\n\n // prevent modification of ownership annotation\n if (req.body.metadata?.annotations) {\n delete req.body.metadata.annotations['backstage.io/owner'];\n }\n\n const updated = await k8sClient.patchCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apiproducts',\n name,\n parsed.data,\n );\n\n return res.json(updated);\n } catch (error) {\n console.error('error updating apiproduct:', error);\n const errorMessage = error instanceof Error ? error.message : String(error);\n\n if (error instanceof NotAllowedError) {\n return res.status(403).json({ error: error.message });\n } else if (error instanceof InputError) {\n return res.status(400).json({ error: error.message });\n } else {\n return res.status(500).json({ error: errorMessage });\n }\n }\n });\n\n // planpolicy endpoints\n router.get('/planpolicies', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantPlanPolicyListPermission }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const data = await k8sClient.listCustomResources('extensions.kuadrant.io', 'v1alpha1', 'planpolicies');\n\n // only expose minimal info needed for UI association\n const filtered = {\n items: (data.items || []).map((policy: any) => ({\n metadata: {\n name: policy.metadata.name,\n namespace: policy.metadata.namespace,\n },\n // only expose targetRef to allow UI to match PlanPolicy -> HTTPRoute\n targetRef: policy.spec?.targetRef ? {\n kind: policy.spec.targetRef.kind,\n name: policy.spec.targetRef.name,\n namespace: policy.spec.targetRef.namespace,\n } : undefined,\n // only expose plan tier info, no other spec details\n plans: (policy.spec?.plans || []).map((plan: any) => ({\n tier: plan.tier,\n description: plan.description,\n limits: plan.limits,\n })),\n })),\n };\n\n res.json(filtered);\n } catch (error) {\n console.error('error fetching planpolicies:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch planpolicies' });\n }\n }\n });\n\n router.get('/planpolicies/:namespace/:name', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantPlanPolicyReadPermission }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const { namespace, name } = req.params;\n const data = await k8sClient.getCustomResource('extensions.kuadrant.io', 'v1alpha1', namespace, 'planpolicies', name);\n res.json(data);\n } catch (error) {\n console.error('error fetching planpolicy:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch planpolicy' });\n }\n }\n });\n\n // apikey crud endpoints\n const requestSchema = z.object({\n apiProductName: z.string(), // name of the APIProduct\n namespace: z.string(), // namespace where both APIProduct and APIKey live\n planTier: z.string(),\n useCase: z.string().optional(),\n userEmail: z.string().optional(),\n });\n\n router.post('/requests', async (req, res) => {\n const parsed = requestSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError(parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { apiProductName, namespace, planTier, useCase, userEmail } = parsed.data;\n\n // extract userId from authenticated credentials, not from request body\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n // check permission with resource reference (per-apiproduct access control)\n const resourceRef = `apiproduct:${namespace}/${apiProductName}`;\n const decision = await permissions.authorize(\n [{\n permission: kuadrantApiKeyRequestCreatePermission,\n resourceRef,\n }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError(`not authorised to request access to ${apiProductName}`);\n }\n const randomSuffix = randomBytes(4).toString('hex');\n const userName = extractNameFromEntityRef(userEntityRef);\n const requestName = `${userName}-${apiProductName}-${randomSuffix}`.toLowerCase().replace(/[^a-z0-9-]/g, '-');\n\n const requestedBy: any = { userId: userEntityRef };\n if (userEmail) {\n requestedBy.email = userEmail;\n }\n\n const request = {\n apiVersion: 'devportal.kuadrant.io/v1alpha1',\n kind: 'APIKey',\n metadata: {\n name: requestName,\n namespace,\n },\n spec: {\n apiProductRef: {\n name: apiProductName,\n },\n planTier,\n useCase: useCase || '',\n requestedBy,\n },\n };\n\n const created = await k8sClient.createCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n request,\n );\n\n // controller handles automatic approval and secret creation\n // we just create the APIKey resource and let the controller reconcile\n\n res.status(201).json(created);\n } catch (error) {\n console.error('error creating api key request:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to create api key request' });\n }\n }\n });\n\n router.get('/requests', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n // check if user can read all requests or only own\n const readAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestReadAllPermission }],\n { credentials }\n );\n\n const canReadAll = readAllDecision[0].result === AuthorizeResult.ALLOW;\n\n if (!canReadAll) {\n // try read own permission\n const readOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestReadOwnPermission }],\n { credentials }\n );\n\n if (readOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n }\n\n const status = req.query.status as string;\n const namespace = req.query.namespace as string;\n\n let data;\n if (namespace) {\n data = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apikeys', namespace);\n } else {\n data = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apikeys');\n }\n\n let filteredItems = data.items || [];\n\n // if user only has read.own permission, filter by api product ownership\n if (!canReadAll) {\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n // get all apiproducts owned by this user\n const apiproducts = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apiproducts');\n const ownedApiProducts = (apiproducts.items || [])\n .filter((product: any) => {\n const owner = product.metadata?.annotations?.['backstage.io/owner'];\n return owner === userEntityRef;\n })\n .map((product: any) => product.metadata.name);\n\n // filter requests to only those for owned api products\n filteredItems = filteredItems.filter((req: any) =>\n ownedApiProducts.includes(req.spec?.apiProductRef?.name)\n );\n }\n\n if (status) {\n filteredItems = filteredItems.filter((req: any) => {\n const phase = req.status?.phase || 'Pending';\n return phase === status;\n });\n }\n\n res.json({ items: filteredItems });\n } catch (error) {\n console.error('error fetching api key requests:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch api key requests' });\n }\n }\n });\n\n router.get('/requests/my', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestReadOwnPermission }],\n { credentials }\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // extract userId from authenticated credentials, not from query params\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const namespace = req.query.namespace as string;\n\n let data;\n if (namespace) {\n data = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apikeys', namespace);\n } else {\n data = await k8sClient.listCustomResources('devportal.kuadrant.io', 'v1alpha1', 'apikeys');\n }\n\n const filteredItems = (data.items || []).filter(\n (req: any) => req.spec?.requestedBy?.userId === userEntityRef\n );\n\n res.json({ items: filteredItems });\n } catch (error) {\n console.error('error fetching user api key requests:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch user api key requests' });\n }\n }\n });\n\n // fetch api key value from secret - only for own approved requests\n router.get('/requests/:namespace/:name/secret', async (req, res) => {\n try {\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const { namespace, name } = req.params;\n\n // get the APIKey resource\n const apiKey = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n );\n\n // verify ownership - users can only read their own api key secrets\n const requestUserId = apiKey.spec?.requestedBy?.userId;\n if (requestUserId !== userEntityRef) {\n throw new NotAllowedError('you can only read your own api key secrets');\n }\n\n // check if approved and has secretRef\n if (apiKey.status?.phase !== 'Approved') {\n res.status(400).json({ error: 'api key request is not approved' });\n return;\n }\n\n const secretRef = apiKey.status?.secretRef;\n if (!secretRef?.name || !secretRef?.key) {\n res.status(404).json({ error: 'secret not yet created by controller' });\n return;\n }\n\n // fetch the secret\n const secret = await k8sClient.getSecret(namespace, secretRef.name);\n const apiKeyValue = secret.data?.[secretRef.key];\n\n if (!apiKeyValue) {\n res.status(404).json({ error: 'api key not found in secret' });\n return;\n }\n\n // secret data is base64 encoded\n const decodedKey = Buffer.from(apiKeyValue, 'base64').toString('utf-8');\n\n res.json({ apiKey: decodedKey });\n } catch (error) {\n console.error('error fetching api key secret:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to fetch api key secret' });\n }\n }\n });\n\n const approveRejectSchema = z.object({\n comment: z.string().optional(),\n });\n\n router.post('/requests/:namespace/:name/approve', async (req, res) => {\n const parsed = approveRejectSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError(parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n const { namespace, name } = req.params;\n const reviewedBy = userEntityRef;\n\n const request = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n );\n\n const spec = request.spec as any;\n const apiProductName = spec.apiProductRef?.name;\n\n if (!apiProductName) {\n throw new InputError('apiProductRef.name is required in APIKey spec');\n }\n\n // verify user owns/admins the apiproduct this request is for\n const apiProduct = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apiproducts',\n apiProductName,\n );\n\n const owner = apiProduct.metadata?.annotations?.['backstage.io/owner'];\n\n // try update all permission first (admin)\n const updateAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateAllPermission }],\n { credentials },\n );\n\n if (updateAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to update own permission\n const updateOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateOwnPermission }],\n { credentials },\n );\n\n if (updateOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership of the apiproduct\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only approve requests for your own api products');\n }\n }\n\n // backend sets phase, controller reconciles and creates Secret\n const status = {\n phase: 'Approved',\n reviewedBy,\n reviewedAt: new Date().toISOString(),\n };\n\n await k8sClient.patchCustomResourceStatus(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n status,\n );\n\n res.json({ success: true });\n } catch (error) {\n console.error('error approving api key request:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to approve api key request' });\n }\n }\n });\n\n router.post('/requests/:namespace/:name/reject', async (req, res) => {\n const parsed = approveRejectSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError(parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n const { namespace, name } = req.params;\n const reviewedBy = userEntityRef;\n\n // fetch request to get apiproduct info\n const request = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n );\n\n const spec = request.spec as any;\n const apiProductName = spec.apiProductRef?.name;\n\n if (!apiProductName) {\n throw new InputError('apiProductRef.name is required in APIKey spec');\n }\n\n // verify user owns/admins the apiproduct this request is for\n const apiProduct = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apiproducts',\n apiProductName,\n );\n\n const owner = apiProduct.metadata?.annotations?.['backstage.io/owner'];\n // owner is already in entity ref format\n\n // try update all permission first (admin)\n const updateAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateAllPermission }],\n { credentials },\n );\n\n if (updateAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to update own permission\n const updateOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateOwnPermission }],\n { credentials },\n );\n\n if (updateOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership of the apiproduct\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only reject requests for your own api products');\n }\n }\n\n const status = {\n phase: 'Rejected',\n reviewedBy,\n reviewedAt: new Date().toISOString(),\n };\n\n await k8sClient.patchCustomResourceStatus(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n status,\n );\n\n res.status(204).send();\n } catch (error) {\n console.error('error rejecting api key request:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to reject api key request' });\n }\n }\n });\n\n const bulkApproveSchema = z.object({\n requests: z.array(z.object({\n namespace: z.string(),\n name: z.string(),\n })),\n comment: z.string().optional(),\n });\n\n router.post('/requests/bulk-approve', async (req, res) => {\n const parsed = bulkApproveSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError(parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateAllPermission }],\n { credentials },\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const { requests } = parsed.data;\n const reviewedBy = userEntityRef;\n const results = [];\n\n for (const reqRef of requests) {\n try {\n // backend sets phase, controller reconciles and creates Secret\n const status = {\n phase: 'Approved',\n reviewedBy,\n reviewedAt: new Date().toISOString(),\n };\n\n await k8sClient.patchCustomResourceStatus(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n reqRef.namespace,\n 'apikeys',\n reqRef.name,\n status,\n );\n\n results.push({ namespace: reqRef.namespace, name: reqRef.name, success: true });\n } catch (error) {\n console.error(`error approving request ${reqRef.namespace}/${reqRef.name}:`, error);\n results.push({\n namespace: reqRef.namespace,\n name: reqRef.name,\n success: false,\n error: error instanceof Error ? error.message : 'unknown error'\n });\n }\n }\n\n res.json({ results });\n } catch (error) {\n console.error('error in bulk approve:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to bulk approve api key requests' });\n }\n }\n });\n\n router.post('/requests/bulk-reject', async (req, res) => {\n const parsed = bulkApproveSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError(parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n\n const decision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateAllPermission }],\n { credentials },\n );\n\n if (decision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n const { requests } = parsed.data;\n const reviewedBy = userEntityRef;\n const results = [];\n\n for (const reqRef of requests) {\n try {\n // fetch request to get apiproduct info\n const request = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n reqRef.namespace,\n 'apikeys',\n reqRef.name,\n );\n\n const spec = request.spec as any;\n\n // verify user owns/admins the apiproduct this request is for\n // apikey and apiproduct are in the same namespace\n const apiProduct = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n reqRef.namespace,\n 'apiproducts',\n spec.apiProductRef?.name,\n );\n\n const owner = apiProduct.metadata?.annotations?.['backstage.io/owner'];\n // owner is already in entity ref format\n\n // try update all permission first (admin)\n const updateAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductUpdateAllPermission }],\n { credentials },\n );\n\n if (updateAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // fallback to update own permission\n const updateOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiProductUpdateOwnPermission }],\n { credentials },\n );\n\n if (updateOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership of the apiproduct\n if (owner !== userEntityRef) {\n throw new NotAllowedError('you can only reject requests for your own api products');\n }\n }\n\n const status = {\n phase: 'Rejected',\n reviewedBy,\n reviewedAt: new Date().toISOString(),\n };\n\n await k8sClient.patchCustomResourceStatus(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n reqRef.namespace,\n 'apikeys',\n reqRef.name,\n status,\n );\n\n results.push({ namespace: reqRef.namespace, name: reqRef.name, success: true });\n } catch (error) {\n console.error(`error rejecting request ${reqRef.namespace}/${reqRef.name}:`, error);\n results.push({\n namespace: reqRef.namespace,\n name: reqRef.name,\n success: false,\n error: error instanceof Error ? error.message : 'unknown error'\n });\n }\n }\n\n res.json({ results });\n } catch (error) {\n console.error('error in bulk reject:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to bulk reject api key requests' });\n }\n }\n });\n\n router.delete('/requests/:namespace/:name', async (req, res) => {\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const { namespace, name } = req.params;\n\n // get request to verify ownership\n const request = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n );\n\n const requestUserId = request.spec?.requestedBy?.userId;\n\n // check if user can delete all requests or just their own\n const deleteAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestDeleteAllPermission }],\n { credentials }\n );\n\n const canDeleteAll = deleteAllDecision[0].result === AuthorizeResult.ALLOW;\n\n if (!canDeleteAll) {\n // check if user can delete their own requests\n const deleteOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestDeleteOwnPermission }],\n { credentials }\n );\n\n if (deleteOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership\n if (requestUserId !== userEntityRef) {\n throw new NotAllowedError('you can only delete your own api key requests');\n }\n }\n\n // controller owns the Secret via OwnerReference - it will be garbage collected\n await k8sClient.deleteCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n );\n res.status(204).send();\n } catch (error) {\n console.error('error deleting api key request:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to delete api key request' });\n }\n }\n });\n\n router.patch('/requests/:namespace/:name', async (req, res) => {\n // whitelist allowed fields for patching\n const patchSchema = z.object({\n spec: z.object({\n useCase: z.string().optional(),\n planTier: z.string().optional(),\n }).partial(),\n });\n\n const parsed = patchSchema.safeParse(req.body);\n if (!parsed.success) {\n throw new InputError('invalid patch: ' + parsed.error.toString());\n }\n\n try {\n const credentials = await httpAuth.credentials(req);\n const { userEntityRef } = await getUserIdentity(req, httpAuth, userInfo);\n const { namespace, name } = req.params;\n\n // get existing request to check ownership and status\n const existing = await k8sClient.getCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n );\n\n const requestUserId = existing.spec?.requestedBy?.userId;\n const currentPhase = existing.status?.phase || 'Pending';\n\n // only pending requests can be edited\n if (currentPhase !== 'Pending') {\n throw new NotAllowedError('only pending requests can be edited');\n }\n\n // check if user can update all requests or just their own\n const updateAllDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateAllPermission }],\n { credentials }\n );\n\n if (updateAllDecision[0].result !== AuthorizeResult.ALLOW) {\n // check if user can update their own requests\n const updateOwnDecision = await permissions.authorize(\n [{ permission: kuadrantApiKeyRequestUpdateOwnPermission }],\n { credentials }\n );\n\n if (updateOwnDecision[0].result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('unauthorised');\n }\n\n // verify ownership\n if (requestUserId !== userEntityRef) {\n throw new NotAllowedError('you can only update your own api key requests');\n }\n }\n\n // apply validated patch\n const updated = await k8sClient.patchCustomResource(\n 'devportal.kuadrant.io',\n 'v1alpha1',\n namespace,\n 'apikeys',\n name,\n parsed.data,\n );\n\n res.json(updated);\n } catch (error) {\n console.error('error updating api key request:', error);\n if (error instanceof NotAllowedError) {\n res.status(403).json({ error: error.message });\n } else if (error instanceof InputError) {\n res.status(400).json({ error: error.message });\n } else {\n res.status(500).json({ error: 'failed to update api key request' });\n }\n }\n });\n\n // expose permissions for backstage permission framework\n router.use(createPermissionIntegrationRouter({\n permissions: kuadrantPermissions,\n }));\n\n return router;\n}\n"],"names":["NotAllowedError","permissions","Router","cors","express","k8sClient","KuadrantK8sClient","kuadrantApiProductListPermission","AuthorizeResult","kuadrantApiProductReadAllPermission","kuadrantApiProductReadOwnPermission","kuadrantApiProductCreatePermission","InputError","getAPIProductEntityProvider","kuadrantApiProductDeleteAllPermission","kuadrantApiProductDeleteOwnPermission","req","z","kuadrantApiProductUpdateAllPermission","kuadrantApiProductUpdateOwnPermission","kuadrantPlanPolicyListPermission","kuadrantPlanPolicyReadPermission","kuadrantApiKeyRequestCreatePermission","randomBytes","kuadrantApiKeyRequestReadAllPermission","kuadrantApiKeyRequestReadOwnPermission","kuadrantApiKeyRequestUpdateAllPermission","kuadrantApiKeyRequestUpdateOwnPermission","kuadrantApiKeyRequestDeleteAllPermission","kuadrantApiKeyRequestDeleteOwnPermission","createPermissionIntegrationRouter","kuadrantPermissions"],"mappings":";;;;;;;;;;;;;;;;;;;;AAqCA,SAAS,yBAAyB,SAA2B,EAAA;AAC3D,EAAM,MAAA,KAAA,GAAQ,SAAU,CAAA,KAAA,CAAM,GAAG,CAAA;AACjC,EAAO,OAAA,KAAA,CAAM,KAAM,CAAA,MAAA,GAAS,CAAC,CAAA;AAC/B;AAEA,eAAe,eAAA,CAAgB,GAAsB,EAAA,QAAA,EAA2B,QAG7E,EAAA;AACD,EAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,EAAA,IAAI,CAAC,WAAA,IAAe,CAAC,WAAA,CAAY,SAAW,EAAA;AAC1C,IAAM,MAAA,IAAIA,uBAAgB,yBAAyB,CAAA;AAAA;AAIrD,EAAA,MAAM,IAAO,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,WAAW,CAAA;AACnD,EAAM,MAAA,MAAA,GAAS,IAAK,CAAA,mBAAA,IAAuB,EAAC;AAE5C,EAAQ,OAAA,CAAA,GAAA,CAAI,yCAAyC,IAAK,CAAA,aAAa,YAAY,MAAO,CAAA,IAAA,CAAK,GAAG,CAAC,CAAE,CAAA,CAAA;AACrG,EAAO,OAAA;AAAA,IACL,eAAe,IAAK,CAAA,aAAA;AAAA,IACpB;AAAA,GACF;AACF;AAEA,eAAsB,YAAa,CAAA;AAAA,EACjC,QAAA;AAAA,EACA,QAAA;AAAA,EACA,MAAA;AAAA,eACAC;AACF,CAK4B,EAAA;AAC1B,EAAA,MAAM,SAASC,uBAAO,EAAA;AAGtB,EAAA,MAAA,CAAO,IAAIC,qBAAK,CAAA;AAAA,IACd,MAAQ,EAAA,uBAAA;AAAA,IACR,WAAa,EAAA;AAAA,GACd,CAAC,CAAA;AAEF,EAAO,MAAA,CAAA,GAAA,CAAIC,wBAAQ,CAAA,IAAA,EAAM,CAAA;AAEzB,EAAM,MAAAC,WAAA,GAAY,IAAIC,2BAAA,CAAkB,MAAM,CAAA;AAG9C,EAAA,MAAA,CAAO,GAAI,CAAA,cAAA,EAAgB,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC7C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,YAAA,GAAe,MAAML,aAAY,CAAA,SAAA;AAAA,QACrC,CAAC,EAAE,UAAY,EAAAM,4CAAA,EAAkC,CAAA;AAAA,QACjD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,YAAa,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWC,uCAAgB,KAAO,EAAA;AACpD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,MAAA,MAAM,OAAO,MAAMK,WAAA,CAAU,mBAAoB,CAAA,uBAAA,EAAyB,YAAY,aAAa,CAAA;AAGnG,MAAM,MAAA,eAAA,GAAkB,MAAMJ,aAAY,CAAA,SAAA;AAAA,QACxC,CAAC,EAAE,UAAY,EAAAQ,+CAAA,EAAqC,CAAA;AAAA,QACpD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,eAAgB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWD,uCAAgB,KAAO,EAAA;AAEvD,QAAA,GAAA,CAAI,KAAK,IAAI,CAAA;AAAA,OACR,MAAA;AAEL,QAAM,MAAA,eAAA,GAAkB,MAAMP,aAAY,CAAA,SAAA;AAAA,UACxC,CAAC,EAAE,UAAY,EAAAS,+CAAA,EAAqC,CAAA;AAAA,UACpD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,eAAgB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWF,uCAAgB,KAAO,EAAA;AACvD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,MAAM,cAAc,IAAK,CAAA,KAAA,IAAS,EAAI,EAAA,MAAA,CAAO,CAAC,IAAc,KAAA;AAC1D,UAAA,MAAM,KAAQ,GAAA,IAAA,CAAK,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAC/D,UAAA,OAAO,KAAU,KAAA,aAAA;AAAA,SAClB,CAAA;AAED,QAAA,GAAA,CAAI,KAAK,EAAE,GAAG,IAAM,EAAA,KAAA,EAAO,YAAY,CAAA;AAAA;AACzC,aACO,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,+BAA+B,KAAK,CAAA;AAClD,MAAA,IAAI,iBAAiBA,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,+BAA+B,CAAA;AAAA;AAC/D;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,GAAI,CAAA,+BAAA,EAAiC,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC9D,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAGhC,MAAM,MAAA,eAAA,GAAkB,MAAMC,aAAY,CAAA,SAAA;AAAA,QACxC,CAAC,EAAE,UAAY,EAAAQ,+CAAA,EAAqC,CAAA;AAAA,QACpD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,eAAgB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWD,uCAAgB,KAAO,EAAA;AAEvD,QAAM,MAAA,eAAA,GAAkB,MAAMP,aAAY,CAAA,SAAA;AAAA,UACxC,CAAC,EAAE,UAAY,EAAAS,+CAAA,EAAqC,CAAA;AAAA,UACpD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,eAAgB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWF,uCAAgB,KAAO,EAAA;AACvD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,QAAM,MAAA,IAAA,GAAO,MAAMK,WAAU,CAAA,iBAAA,CAAkB,yBAAyB,UAAY,EAAA,SAAA,EAAW,eAAe,IAAI,CAAA;AAClH,QAAA,MAAM,KAAQ,GAAA,IAAA,CAAK,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAE/D,QAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,UAAM,MAAA,IAAIL,uBAAgB,yCAAyC,CAAA;AAAA;AAGrE,QAAA,GAAA,CAAI,KAAK,IAAI,CAAA;AAAA,OACR,MAAA;AAEL,QAAM,MAAA,IAAA,GAAO,MAAMK,WAAU,CAAA,iBAAA,CAAkB,yBAAyB,UAAY,EAAA,SAAA,EAAW,eAAe,IAAI,CAAA;AAClH,QAAA,GAAA,CAAI,KAAK,IAAI,CAAA;AAAA;AACf,aACO,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,8BAA8B,CAAA;AAAA;AAC9D;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,cAAA,EAAgB,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,QAAA,GAAW,MAAMC,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAU,8CAAA,EAAoC,CAAA;AAAA,QACnD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWH,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,MAAA,MAAM,aAAa,GAAI,CAAA,IAAA;AACvB,MAAM,MAAA,SAAA,GAAY,WAAW,IAAM,EAAA,SAAA;AAEnC,MAAI,IAAA,CAAC,WAAW,IAAQ,IAAA,CAAC,WAAW,IAAQ,IAAA,CAAC,WAAW,SAAW,EAAA;AACjE,QAAM,MAAA,IAAIY,kBAAW,sDAAsD,CAAA;AAAA;AAI7E,MAAA,MAAM,YAAY,SAAU,CAAA,SAAA;AAC5B,MAAA,UAAA,CAAW,SAAS,SAAY,GAAA,SAAA;AAIhC,MAAI,IAAA,CAAC,UAAW,CAAA,QAAA,CAAS,WAAa,EAAA;AACpC,QAAW,UAAA,CAAA,QAAA,CAAS,cAAc,EAAC;AAAA;AAErC,MAAW,UAAA,CAAA,QAAA,CAAS,WAAY,CAAA,oBAAoB,CAAI,GAAA,aAAA;AAExD,MAAM,MAAA,OAAA,GAAU,MAAMP,WAAU,CAAA,oBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA;AAAA,OACF;AAGA,MAAA,MAAM,WAAWQ,iCAA4B,EAAA;AAC7C,MAAA,IAAI,QAAU,EAAA;AACZ,QAAA,MAAM,SAAS,OAAQ,EAAA;AAAA;AAGzB,MAAA,GAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,OAAO,CAAA;AAAA,aACrB,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,MAAM,eAAe,KAAiB,YAAA,KAAA,GAAQ,KAAM,CAAA,OAAA,GAAU,OAAO,KAAK,CAAA;AAE1E,MAAA,IAAI,iBAAiBb,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OAC/C,MAAA,IAAW,iBAAiBY,iBAAY,EAAA;AACtC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AAEL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,cAAc,CAAA;AAAA;AAC9C;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,MAAO,CAAA,+BAAA,EAAiC,OAAO,GAAA,EAAK,GAAQ,KAAA;AACjE,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAGhC,MAAM,MAAA,iBAAA,GAAoB,MAAMX,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAAa,iDAAA,EAAuC,CAAA;AAAA,QACtD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWN,uCAAgB,KAAO,EAAA;AAEzD,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAAc,iDAAA,EAAuC,CAAA;AAAA,UACtD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWP,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,QAAM,MAAA,QAAA,GAAW,MAAMK,WAAU,CAAA,iBAAA,CAAkB,yBAAyB,UAAY,EAAA,SAAA,EAAW,eAAe,IAAI,CAAA;AACtH,QAAA,MAAM,KAAQ,GAAA,QAAA,CAAS,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAEnE,QAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,UAAM,MAAA,IAAIL,uBAAgB,2CAA2C,CAAA;AAAA;AACvE;AAEF,MAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,sCAAA,EAAyC,SAAS,CAAA,CAAA,EAAI,IAAI,CAAE,CAAA,CAAA;AAExE,MAAI,IAAA,WAAA;AACJ,MAAI,IAAA;AACF,QAAA,WAAA,GAAc,MAAMK,WAAU,CAAA,mBAAA;AAAA,UAC5B,uBAAA;AAAA,UACA,UAAA;AAAA,UACA,SAAA;AAAA,UACA;AAAA,SACF;AAAA,eACO,KAAO,EAAA;AACd,QAAQ,OAAA,CAAA,IAAA,CAAK,iDAAiD,KAAK,CAAA;AACnE,QAAc,WAAA,GAAA,EAAE,KAAO,EAAA,EAAG,EAAA;AAAA;AAI5B,MAAA,MAAM,eAAmB,GAAA,CAAA,WAAA,CAAY,KAAS,IAAA,EAAI,EAAA,MAAA;AAAA,QAAO,CAACW,IAAAA,KACxDA,IAAI,CAAA,IAAA,EAAM,eAAe,IAAS,KAAA;AAAA,OACpC;AAEA,MAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,MAAA,EAAS,eAAgB,CAAA,MAAM,CAAoB,kBAAA,CAAA,CAAA;AAG/D,MAAM,MAAA,eAAA,GAAkB,MAAM,OAAQ,CAAA,UAAA;AAAA,QACpC,eAAA,CAAgB,GAAI,CAAA,OAAO,OAAiB,KAAA;AAC1C,UAAM,MAAA,WAAA,GAAc,QAAQ,QAAS,CAAA,IAAA;AACrC,UAAA,OAAA,CAAQ,GAAI,CAAA,CAAA,iBAAA,EAAoB,SAAS,CAAA,CAAA,EAAI,WAAW,CAAE,CAAA,CAAA;AAC1D,UAAA,MAAMX,WAAU,CAAA,oBAAA;AAAA,YACd,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,SAAA;AAAA,YACA,SAAA;AAAA,YACA;AAAA,WACF;AAAA,SACD;AAAA,OACH;AAEA,MAAA,MAAM,WAAW,eAAgB,CAAA,MAAA,CAAO,CAAK,CAAA,KAAA,CAAA,CAAE,WAAW,UAAU,CAAA;AACpE,MAAI,IAAA,QAAA,CAAS,SAAS,CAAG,EAAA;AACvB,QAAQ,OAAA,CAAA,IAAA;AAAA,UAAK,CAAA,EAAG,SAAS,MAAM,CAAA,0BAAA,CAAA;AAAA,UAC7B,QAAS,CAAA,GAAA,CAAI,CAAC,CAAA,KAAW,EAAE,MAAM;AAAA,SACnC;AAAA;AAEF,MAAA,MAAMA,WAAU,CAAA,oBAAA;AAAA,QACd,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA;AAAA,OACF;AAGA,MAAA,MAAM,WAAWQ,iCAA4B,EAAA;AAC7C,MAAA,IAAI,QAAU,EAAA;AACZ,QAAA,MAAM,SAAS,OAAQ,EAAA;AAAA;AAGzB,MAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,EAAA;AAAA,aACd,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,IAAI,iBAAiBb,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,+BAA+B,CAAA;AAAA;AAC/D;AACF,GACD,CAAA;AAGD,EAAA,MAAA,CAAO,GAAI,CAAA,aAAA,EAAe,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC5C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,QAAA,GAAW,MAAMC,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAM,4CAAA,EAAkC,CAAA;AAAA,QACjD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWC,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,OAAO,MAAMK,WAAA,CAAU,mBAAoB,CAAA,2BAAA,EAA6B,MAAM,YAAY,CAAA;AAEhG,MAAA,GAAA,CAAI,KAAK,IAAI,CAAA;AAAA,aACN,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,8BAA8B,CAAA;AAAA;AAC9D;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,KAAM,CAAA,+BAAA,EAAiC,OAAO,GAAA,EAAK,GAAQ,KAAA;AAEhE,IAAM,MAAA,WAAA,GAAciB,MAAE,MAAO,CAAA;AAAA,MAC3B,IAAA,EAAMA,MAAE,MAAO,CAAA;AAAA,QACb,WAAa,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,QACjC,WAAa,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,QACjC,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,QAC7B,aAAA,EAAeA,MAAE,IAAK,CAAA,CAAC,SAAS,WAAW,CAAC,EAAE,QAAS,EAAA;AAAA,QACvD,YAAA,EAAcA,MAAE,IAAK,CAAA,CAAC,aAAa,QAAQ,CAAC,EAAE,QAAS,EAAA;AAAA,QACvD,MAAMA,KAAE,CAAA,KAAA,CAAMA,MAAE,MAAO,EAAC,EAAE,QAAS,EAAA;AAAA,QACnC,OAAA,EAASA,MAAE,MAAO,CAAA;AAAA,UAChB,KAAO,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,UAC3B,IAAM,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,UAC1B,KAAO,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,SAC5B,CAAA,CAAE,OAAQ,EAAA,CAAE,QAAS,EAAA;AAAA,QACtB,aAAA,EAAeA,MAAE,MAAO,CAAA;AAAA,UACtB,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,UAC7B,WAAa,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,SAClC,CAAA,CAAE,OAAQ,EAAA,CAAE,QAAS;AAAA,OACvB,EAAE,OAAQ;AAAA,KACZ,CAAA;AAED,IAAA,MAAM,MAAS,GAAA,WAAA,CAAY,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AAC7C,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,OAAO,GAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA,EAAE,KAAO,EAAA,iBAAA,GAAoB,MAAO,CAAA,KAAA,CAAM,QAAS,EAAA,EAAG,CAAA;AAAA;AAGpF,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAA,IAAI,CAAC,WAAA,IAAe,CAAC,WAAA,CAAY,SAAW,EAAA;AAC1C,QAAM,MAAA,IAAIjB,uBAAgB,yBAAyB,CAAA;AAAA;AAGrD,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAGhC,MAAM,MAAA,iBAAA,GAAoB,MAAMC,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAAiB,iDAAA,EAAuC,CAAA;AAAA,QACtD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWV,uCAAgB,KAAO,EAAA;AAEzD,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAAkB,iDAAA,EAAuC,CAAA;AAAA,UACtD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWX,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,QAAM,MAAA,QAAA,GAAW,MAAMK,WAAU,CAAA,iBAAA,CAAkB,yBAAyB,UAAY,EAAA,SAAA,EAAW,eAAe,IAAI,CAAA;AACtH,QAAA,MAAM,KAAQ,GAAA,QAAA,CAAS,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAEnE,QAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,UAAM,MAAA,IAAIL,uBAAgB,2CAA2C,CAAA;AAAA;AACvE;AAIF,MAAI,IAAA,GAAA,CAAI,IAAK,CAAA,QAAA,EAAU,WAAa,EAAA;AAClC,QAAA,OAAO,GAAI,CAAA,IAAA,CAAK,QAAS,CAAA,WAAA,CAAY,oBAAoB,CAAA;AAAA;AAG3D,MAAM,MAAA,OAAA,GAAU,MAAMK,WAAU,CAAA,mBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA,IAAA;AAAA,QACA,MAAO,CAAA;AAAA,OACT;AAEA,MAAO,OAAA,GAAA,CAAI,KAAK,OAAO,CAAA;AAAA,aAChB,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,MAAM,eAAe,KAAiB,YAAA,KAAA,GAAQ,KAAM,CAAA,OAAA,GAAU,OAAO,KAAK,CAAA;AAE1E,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAO,OAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,KAAM,CAAA,OAAA,EAAS,CAAA;AAAA,OACtD,MAAA,IAAW,iBAAiBY,iBAAY,EAAA;AACtC,QAAO,OAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,KAAM,CAAA,OAAA,EAAS,CAAA;AAAA,OAC/C,MAAA;AACL,QAAO,OAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,cAAc,CAAA;AAAA;AACrD;AACF,GACD,CAAA;AAGD,EAAA,MAAA,CAAO,GAAI,CAAA,eAAA,EAAiB,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,QAAA,GAAW,MAAMX,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAmB,4CAAA,EAAkC,CAAA;AAAA,QACjD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWZ,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,OAAO,MAAMK,WAAA,CAAU,mBAAoB,CAAA,wBAAA,EAA0B,YAAY,cAAc,CAAA;AAGrG,MAAA,MAAM,QAAW,GAAA;AAAA,QACf,QAAQ,IAAK,CAAA,KAAA,IAAS,EAAI,EAAA,GAAA,CAAI,CAAC,MAAiB,MAAA;AAAA,UAC9C,QAAU,EAAA;AAAA,YACR,IAAA,EAAM,OAAO,QAAS,CAAA,IAAA;AAAA,YACtB,SAAA,EAAW,OAAO,QAAS,CAAA;AAAA,WAC7B;AAAA;AAAA,UAEA,SAAA,EAAW,MAAO,CAAA,IAAA,EAAM,SAAY,GAAA;AAAA,YAClC,IAAA,EAAM,MAAO,CAAA,IAAA,CAAK,SAAU,CAAA,IAAA;AAAA,YAC5B,IAAA,EAAM,MAAO,CAAA,IAAA,CAAK,SAAU,CAAA,IAAA;AAAA,YAC5B,SAAA,EAAW,MAAO,CAAA,IAAA,CAAK,SAAU,CAAA;AAAA,WAC/B,GAAA,KAAA,CAAA;AAAA;AAAA,UAEJ,KAAA,EAAA,CAAQ,OAAO,IAAM,EAAA,KAAA,IAAS,EAAI,EAAA,GAAA,CAAI,CAAC,IAAe,MAAA;AAAA,YACpD,MAAM,IAAK,CAAA,IAAA;AAAA,YACX,aAAa,IAAK,CAAA,WAAA;AAAA,YAClB,QAAQ,IAAK,CAAA;AAAA,WACb,CAAA;AAAA,SACF,CAAA;AAAA,OACJ;AAEA,MAAA,GAAA,CAAI,KAAK,QAAQ,CAAA;AAAA,aACV,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,gCAAgC,KAAK,CAAA;AACnD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gCAAgC,CAAA;AAAA;AAChE;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,GAAI,CAAA,gCAAA,EAAkC,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC/D,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,QAAA,GAAW,MAAMC,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAoB,4CAAA,EAAkC,CAAA;AAAA,QACjD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWb,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAChC,MAAM,MAAA,IAAA,GAAO,MAAMK,WAAU,CAAA,iBAAA,CAAkB,0BAA0B,UAAY,EAAA,SAAA,EAAW,gBAAgB,IAAI,CAAA;AACpH,MAAA,GAAA,CAAI,KAAK,IAAI,CAAA;AAAA,aACN,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,8BAA8B,CAAA;AAAA;AAC9D;AACF,GACD,CAAA;AAGD,EAAM,MAAA,aAAA,GAAgBiB,MAAE,MAAO,CAAA;AAAA,IAC7B,cAAA,EAAgBA,MAAE,MAAO,EAAA;AAAA;AAAA,IACzB,SAAA,EAAWA,MAAE,MAAO,EAAA;AAAA;AAAA,IACpB,QAAA,EAAUA,MAAE,MAAO,EAAA;AAAA,IACnB,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,IAC7B,SAAW,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,GAChC,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,WAAA,EAAa,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC3C,IAAA,MAAM,MAAS,GAAA,aAAA,CAAc,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AAC/C,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIL,iBAAA,CAAW,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAG9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,cAAgB,EAAA,SAAA,EAAW,UAAU,OAAS,EAAA,SAAA,KAAc,MAAO,CAAA,IAAA;AAG3E,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAGvE,MAAA,MAAM,WAAc,GAAA,CAAA,WAAA,EAAc,SAAS,CAAA,CAAA,EAAI,cAAc,CAAA,CAAA;AAC7D,MAAM,MAAA,QAAA,GAAW,MAAMX,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC;AAAA,UACC,UAAY,EAAAqB,iDAAA;AAAA,UACZ;AAAA,SACD,CAAA;AAAA,QACD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWd,uCAAgB,KAAO,EAAA;AAChD,QAAA,MAAM,IAAIR,sBAAA,CAAgB,CAAuC,oCAAA,EAAA,cAAc,CAAE,CAAA,CAAA;AAAA;AAEnF,MAAA,MAAM,YAAe,GAAAuB,kBAAA,CAAY,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AAClD,MAAM,MAAA,QAAA,GAAW,yBAAyB,aAAa,CAAA;AACvD,MAAA,MAAM,WAAc,GAAA,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,cAAc,CAAA,CAAA,EAAI,YAAY,CAAA,CAAA,CAAG,WAAY,EAAA,CAAE,OAAQ,CAAA,aAAA,EAAe,GAAG,CAAA;AAE5G,MAAM,MAAA,WAAA,GAAmB,EAAE,MAAA,EAAQ,aAAc,EAAA;AACjD,MAAA,IAAI,SAAW,EAAA;AACb,QAAA,WAAA,CAAY,KAAQ,GAAA,SAAA;AAAA;AAGtB,MAAA,MAAM,OAAU,GAAA;AAAA,QACd,UAAY,EAAA,gCAAA;AAAA,QACZ,IAAM,EAAA,QAAA;AAAA,QACN,QAAU,EAAA;AAAA,UACR,IAAM,EAAA,WAAA;AAAA,UACN;AAAA,SACF;AAAA,QACA,IAAM,EAAA;AAAA,UACJ,aAAe,EAAA;AAAA,YACb,IAAM,EAAA;AAAA,WACR;AAAA,UACA,QAAA;AAAA,UACA,SAAS,OAAW,IAAA,EAAA;AAAA,UACpB;AAAA;AACF,OACF;AAEA,MAAM,MAAA,OAAA,GAAU,MAAMlB,WAAU,CAAA,oBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AAKA,MAAA,GAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,OAAO,CAAA;AAAA,aACrB,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,mCAAmC,KAAK,CAAA;AACtD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,oCAAoC,CAAA;AAAA;AACpE;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,GAAI,CAAA,WAAA,EAAa,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC1C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAGlD,MAAM,MAAA,eAAA,GAAkB,MAAMC,aAAY,CAAA,SAAA;AAAA,QACxC,CAAC,EAAE,UAAY,EAAAuB,kDAAA,EAAwC,CAAA;AAAA,QACvD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,MAAM,UAAa,GAAA,eAAA,CAAgB,CAAC,CAAA,CAAE,WAAWhB,sCAAgB,CAAA,KAAA;AAEjE,MAAA,IAAI,CAAC,UAAY,EAAA;AAEf,QAAM,MAAA,eAAA,GAAkB,MAAMP,aAAY,CAAA,SAAA;AAAA,UACxC,CAAC,EAAE,UAAY,EAAAwB,kDAAA,EAAwC,CAAA;AAAA,UACvD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,eAAgB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWjB,uCAAgB,KAAO,EAAA;AACvD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAC1C;AAGF,MAAM,MAAA,MAAA,GAAS,IAAI,KAAM,CAAA,MAAA;AACzB,MAAM,MAAA,SAAA,GAAY,IAAI,KAAM,CAAA,SAAA;AAE5B,MAAI,IAAA,IAAA;AACJ,MAAA,IAAI,SAAW,EAAA;AACb,QAAA,IAAA,GAAO,MAAMK,WAAU,CAAA,mBAAA,CAAoB,uBAAyB,EAAA,UAAA,EAAY,WAAW,SAAS,CAAA;AAAA,OAC/F,MAAA;AACL,QAAA,IAAA,GAAO,MAAMA,WAAA,CAAU,mBAAoB,CAAA,uBAAA,EAAyB,YAAY,SAAS,CAAA;AAAA;AAG3F,MAAI,IAAA,aAAA,GAAgB,IAAK,CAAA,KAAA,IAAS,EAAC;AAGnC,MAAA,IAAI,CAAC,UAAY,EAAA;AACf,QAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAGvE,QAAA,MAAM,cAAc,MAAMA,WAAA,CAAU,mBAAoB,CAAA,uBAAA,EAAyB,YAAY,aAAa,CAAA;AAC1G,QAAA,MAAM,oBAAoB,WAAY,CAAA,KAAA,IAAS,EAC5C,EAAA,MAAA,CAAO,CAAC,OAAiB,KAAA;AACxB,UAAA,MAAM,KAAQ,GAAA,OAAA,CAAQ,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAClE,UAAA,OAAO,KAAU,KAAA,aAAA;AAAA,SAClB,CACA,CAAA,GAAA,CAAI,CAAC,OAAiB,KAAA,OAAA,CAAQ,SAAS,IAAI,CAAA;AAG9C,QAAA,aAAA,GAAgB,aAAc,CAAA,MAAA;AAAA,UAAO,CAACW,IACpC,KAAA,gBAAA,CAAiB,SAASA,IAAI,CAAA,IAAA,EAAM,eAAe,IAAI;AAAA,SACzD;AAAA;AAGF,MAAA,IAAI,MAAQ,EAAA;AACV,QAAgB,aAAA,GAAA,aAAA,CAAc,MAAO,CAAA,CAACA,IAAa,KAAA;AACjD,UAAM,MAAA,KAAA,GAAQA,IAAI,CAAA,MAAA,EAAQ,KAAS,IAAA,SAAA;AACnC,UAAA,OAAO,KAAU,KAAA,MAAA;AAAA,SAClB,CAAA;AAAA;AAGH,MAAA,GAAA,CAAI,IAAK,CAAA,EAAE,KAAO,EAAA,aAAA,EAAe,CAAA;AAAA,aAC1B,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,oCAAoC,KAAK,CAAA;AACvD,MAAA,IAAI,iBAAiBhB,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,oCAAoC,CAAA;AAAA;AACpE;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,GAAI,CAAA,cAAA,EAAgB,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC7C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAElD,MAAM,MAAA,QAAA,GAAW,MAAMC,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAwB,kDAAA,EAAwC,CAAA;AAAA,QACvD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWjB,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,MAAM,MAAA,SAAA,GAAY,IAAI,KAAM,CAAA,SAAA;AAE5B,MAAI,IAAA,IAAA;AACJ,MAAA,IAAI,SAAW,EAAA;AACb,QAAA,IAAA,GAAO,MAAMK,WAAU,CAAA,mBAAA,CAAoB,uBAAyB,EAAA,UAAA,EAAY,WAAW,SAAS,CAAA;AAAA,OAC/F,MAAA;AACL,QAAA,IAAA,GAAO,MAAMA,WAAA,CAAU,mBAAoB,CAAA,uBAAA,EAAyB,YAAY,SAAS,CAAA;AAAA;AAG3F,MAAA,MAAM,aAAiB,GAAA,CAAA,IAAA,CAAK,KAAS,IAAA,EAAI,EAAA,MAAA;AAAA,QACvC,CAACW,IAAAA,KAAaA,IAAI,CAAA,IAAA,EAAM,aAAa,MAAW,KAAA;AAAA,OAClD;AAEA,MAAA,GAAA,CAAI,IAAK,CAAA,EAAE,KAAO,EAAA,aAAA,EAAe,CAAA;AAAA,aAC1B,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,yCAAyC,KAAK,CAAA;AAC5D,MAAA,IAAI,iBAAiBhB,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,yCAAyC,CAAA;AAAA;AACzE;AACF,GACD,CAAA;AAGD,EAAA,MAAA,CAAO,GAAI,CAAA,mCAAA,EAAqC,OAAO,GAAA,EAAK,GAAQ,KAAA;AAClE,IAAI,IAAA;AACF,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAGhC,MAAM,MAAA,MAAA,GAAS,MAAMK,WAAU,CAAA,iBAAA;AAAA,QAC7B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AAGA,MAAM,MAAA,aAAA,GAAgB,MAAO,CAAA,IAAA,EAAM,WAAa,EAAA,MAAA;AAChD,MAAA,IAAI,kBAAkB,aAAe,EAAA;AACnC,QAAM,MAAA,IAAIL,uBAAgB,4CAA4C,CAAA;AAAA;AAIxE,MAAI,IAAA,MAAA,CAAO,MAAQ,EAAA,KAAA,KAAU,UAAY,EAAA;AACvC,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,mCAAmC,CAAA;AACjE,QAAA;AAAA;AAGF,MAAM,MAAA,SAAA,GAAY,OAAO,MAAQ,EAAA,SAAA;AACjC,MAAA,IAAI,CAAC,SAAA,EAAW,IAAQ,IAAA,CAAC,WAAW,GAAK,EAAA;AACvC,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,wCAAwC,CAAA;AACtE,QAAA;AAAA;AAIF,MAAA,MAAM,SAAS,MAAMK,WAAA,CAAU,SAAU,CAAA,SAAA,EAAW,UAAU,IAAI,CAAA;AAClE,MAAA,MAAM,WAAc,GAAA,MAAA,CAAO,IAAO,GAAA,SAAA,CAAU,GAAG,CAAA;AAE/C,MAAA,IAAI,CAAC,WAAa,EAAA;AAChB,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,+BAA+B,CAAA;AAC7D,QAAA;AAAA;AAIF,MAAA,MAAM,aAAa,MAAO,CAAA,IAAA,CAAK,aAAa,QAAQ,CAAA,CAAE,SAAS,OAAO,CAAA;AAEtE,MAAA,GAAA,CAAI,IAAK,CAAA,EAAE,MAAQ,EAAA,UAAA,EAAY,CAAA;AAAA,aACxB,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,kCAAkC,KAAK,CAAA;AACrD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,kCAAkC,CAAA;AAAA;AAClE;AACF,GACD,CAAA;AAED,EAAM,MAAA,mBAAA,GAAsBiB,MAAE,MAAO,CAAA;AAAA,IACnC,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,GAC9B,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,oCAAA,EAAsC,OAAO,GAAA,EAAK,GAAQ,KAAA;AACpE,IAAA,MAAM,MAAS,GAAA,mBAAA,CAAoB,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AACrD,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIL,iBAAA,CAAW,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAG9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAEvE,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAChC,MAAA,MAAM,UAAa,GAAA,aAAA;AAEnB,MAAM,MAAA,OAAA,GAAU,MAAMP,WAAU,CAAA,iBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,MAAM,OAAO,OAAQ,CAAA,IAAA;AACrB,MAAM,MAAA,cAAA,GAAiB,KAAK,aAAe,EAAA,IAAA;AAE3C,MAAA,IAAI,CAAC,cAAgB,EAAA;AACnB,QAAM,MAAA,IAAIO,kBAAW,+CAA+C,CAAA;AAAA;AAItE,MAAM,MAAA,UAAA,GAAa,MAAMP,WAAU,CAAA,iBAAA;AAAA,QACjC,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,MAAM,KAAQ,GAAA,UAAA,CAAW,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAGrE,MAAM,MAAA,iBAAA,GAAoB,MAAMJ,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAAyB,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWlB,uCAAgB,KAAO,EAAA;AAEzD,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAA0B,oDAAA,EAA0C,CAAA;AAAA,UACzD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWnB,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,UAAM,MAAA,IAAIA,uBAAgB,yDAAyD,CAAA;AAAA;AACrF;AAIF,MAAA,MAAM,MAAS,GAAA;AAAA,QACb,KAAO,EAAA,UAAA;AAAA,QACP,UAAA;AAAA,QACA,UAAY,EAAA,iBAAA,IAAI,IAAK,EAAA,EAAE,WAAY;AAAA,OACrC;AAEA,MAAA,MAAMK,WAAU,CAAA,yBAAA;AAAA,QACd,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA,IAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,GAAA,CAAI,IAAK,CAAA,EAAE,OAAS,EAAA,IAAA,EAAM,CAAA;AAAA,aACnB,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,oCAAoC,KAAK,CAAA;AACvD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qCAAqC,CAAA;AAAA;AACrE;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,mCAAA,EAAqC,OAAO,GAAA,EAAK,GAAQ,KAAA;AACnE,IAAA,MAAM,MAAS,GAAA,mBAAA,CAAoB,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AACrD,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIY,iBAAA,CAAW,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAG9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAEvE,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAChC,MAAA,MAAM,UAAa,GAAA,aAAA;AAGnB,MAAM,MAAA,OAAA,GAAU,MAAMP,WAAU,CAAA,iBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,MAAM,OAAO,OAAQ,CAAA,IAAA;AACrB,MAAM,MAAA,cAAA,GAAiB,KAAK,aAAe,EAAA,IAAA;AAE3C,MAAA,IAAI,CAAC,cAAgB,EAAA;AACnB,QAAM,MAAA,IAAIO,kBAAW,+CAA+C,CAAA;AAAA;AAItE,MAAM,MAAA,UAAA,GAAa,MAAMP,WAAU,CAAA,iBAAA;AAAA,QACjC,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,MAAM,KAAQ,GAAA,UAAA,CAAW,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAIrE,MAAM,MAAA,iBAAA,GAAoB,MAAMJ,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAAyB,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWlB,uCAAgB,KAAO,EAAA;AAEzD,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAA0B,oDAAA,EAA0C,CAAA;AAAA,UACzD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWnB,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,UAAM,MAAA,IAAIA,uBAAgB,wDAAwD,CAAA;AAAA;AACpF;AAGF,MAAA,MAAM,MAAS,GAAA;AAAA,QACb,KAAO,EAAA,UAAA;AAAA,QACP,UAAA;AAAA,QACA,UAAY,EAAA,iBAAA,IAAI,IAAK,EAAA,EAAE,WAAY;AAAA,OACrC;AAEA,MAAA,MAAMK,WAAU,CAAA,yBAAA;AAAA,QACd,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA,IAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,EAAA;AAAA,aACd,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,oCAAoC,KAAK,CAAA;AACvD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,oCAAoC,CAAA;AAAA;AACpE;AACF,GACD,CAAA;AAED,EAAM,MAAA,iBAAA,GAAoBiB,MAAE,MAAO,CAAA;AAAA,IACjC,QAAU,EAAAA,KAAA,CAAE,KAAM,CAAAA,KAAA,CAAE,MAAO,CAAA;AAAA,MACzB,SAAA,EAAWA,MAAE,MAAO,EAAA;AAAA,MACpB,IAAA,EAAMA,MAAE,MAAO;AAAA,KAChB,CAAC,CAAA;AAAA,IACF,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,GAC9B,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,wBAAA,EAA0B,OAAO,GAAA,EAAK,GAAQ,KAAA;AACxD,IAAA,MAAM,MAAS,GAAA,iBAAA,CAAkB,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AACnD,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIL,iBAAA,CAAW,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAG9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAEvE,MAAM,MAAA,QAAA,GAAW,MAAMX,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAyB,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWlB,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAM,MAAA,EAAE,QAAS,EAAA,GAAI,MAAO,CAAA,IAAA;AAC5B,MAAA,MAAM,UAAa,GAAA,aAAA;AACnB,MAAA,MAAM,UAAU,EAAC;AAEjB,MAAA,KAAA,MAAW,UAAU,QAAU,EAAA;AAC7B,QAAI,IAAA;AAEF,UAAA,MAAM,MAAS,GAAA;AAAA,YACb,KAAO,EAAA,UAAA;AAAA,YACP,UAAA;AAAA,YACA,UAAY,EAAA,iBAAA,IAAI,IAAK,EAAA,EAAE,WAAY;AAAA,WACrC;AAEA,UAAA,MAAMK,WAAU,CAAA,yBAAA;AAAA,YACd,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,MAAO,CAAA,SAAA;AAAA,YACP,SAAA;AAAA,YACA,MAAO,CAAA,IAAA;AAAA,YACP;AAAA,WACF;AAEA,UAAQ,OAAA,CAAA,IAAA,CAAK,EAAE,SAAA,EAAW,MAAO,CAAA,SAAA,EAAW,MAAM,MAAO,CAAA,IAAA,EAAM,OAAS,EAAA,IAAA,EAAM,CAAA;AAAA,iBACvE,KAAO,EAAA;AACd,UAAQ,OAAA,CAAA,KAAA,CAAM,2BAA2B,MAAO,CAAA,SAAS,IAAI,MAAO,CAAA,IAAI,KAAK,KAAK,CAAA;AAClF,UAAA,OAAA,CAAQ,IAAK,CAAA;AAAA,YACX,WAAW,MAAO,CAAA,SAAA;AAAA,YAClB,MAAM,MAAO,CAAA,IAAA;AAAA,YACb,OAAS,EAAA,KAAA;AAAA,YACT,KAAO,EAAA,KAAA,YAAiB,KAAQ,GAAA,KAAA,CAAM,OAAU,GAAA;AAAA,WACjD,CAAA;AAAA;AACH;AAGF,MAAI,GAAA,CAAA,IAAA,CAAK,EAAE,OAAA,EAAS,CAAA;AAAA,aACb,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,0BAA0B,KAAK,CAAA;AAC7C,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2CAA2C,CAAA;AAAA;AAC3E;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,IAAK,CAAA,uBAAA,EAAyB,OAAO,GAAA,EAAK,GAAQ,KAAA;AACvD,IAAA,MAAM,MAAS,GAAA,iBAAA,CAAkB,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AACnD,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIY,iBAAA,CAAW,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAG9C,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AAEvE,MAAM,MAAA,QAAA,GAAW,MAAMX,aAAY,CAAA,SAAA;AAAA,QACjC,CAAC,EAAE,UAAY,EAAAyB,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,QAAS,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWlB,uCAAgB,KAAO,EAAA;AAChD,QAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAM,MAAA,EAAE,QAAS,EAAA,GAAI,MAAO,CAAA,IAAA;AAC5B,MAAA,MAAM,UAAa,GAAA,aAAA;AACnB,MAAA,MAAM,UAAU,EAAC;AAEjB,MAAA,KAAA,MAAW,UAAU,QAAU,EAAA;AAC7B,QAAI,IAAA;AAEF,UAAM,MAAA,OAAA,GAAU,MAAMK,WAAU,CAAA,iBAAA;AAAA,YAC9B,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,MAAO,CAAA,SAAA;AAAA,YACP,SAAA;AAAA,YACA,MAAO,CAAA;AAAA,WACT;AAEA,UAAA,MAAM,OAAO,OAAQ,CAAA,IAAA;AAIrB,UAAM,MAAA,UAAA,GAAa,MAAMA,WAAU,CAAA,iBAAA;AAAA,YACjC,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,MAAO,CAAA,SAAA;AAAA,YACP,aAAA;AAAA,YACA,KAAK,aAAe,EAAA;AAAA,WACtB;AAEA,UAAA,MAAM,KAAQ,GAAA,UAAA,CAAW,QAAU,EAAA,WAAA,GAAc,oBAAoB,CAAA;AAIrE,UAAM,MAAA,iBAAA,GAAoB,MAAMJ,aAAY,CAAA,SAAA;AAAA,YAC1C,CAAC,EAAE,UAAY,EAAAiB,iDAAA,EAAuC,CAAA;AAAA,YACtD,EAAE,WAAY;AAAA,WAChB;AAEA,UAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWV,uCAAgB,KAAO,EAAA;AAEzD,YAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,cAC1C,CAAC,EAAE,UAAY,EAAAkB,iDAAA,EAAuC,CAAA;AAAA,cACtD,EAAE,WAAY;AAAA,aAChB;AAEA,YAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWX,uCAAgB,KAAO,EAAA;AACzD,cAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,YAAA,IAAI,UAAU,aAAe,EAAA;AAC3B,cAAM,MAAA,IAAIA,uBAAgB,wDAAwD,CAAA;AAAA;AACpF;AAGF,UAAA,MAAM,MAAS,GAAA;AAAA,YACb,KAAO,EAAA,UAAA;AAAA,YACP,UAAA;AAAA,YACA,UAAY,EAAA,iBAAA,IAAI,IAAK,EAAA,EAAE,WAAY;AAAA,WACrC;AAEA,UAAA,MAAMK,WAAU,CAAA,yBAAA;AAAA,YACd,uBAAA;AAAA,YACA,UAAA;AAAA,YACA,MAAO,CAAA,SAAA;AAAA,YACP,SAAA;AAAA,YACA,MAAO,CAAA,IAAA;AAAA,YACP;AAAA,WACF;AAEA,UAAQ,OAAA,CAAA,IAAA,CAAK,EAAE,SAAA,EAAW,MAAO,CAAA,SAAA,EAAW,MAAM,MAAO,CAAA,IAAA,EAAM,OAAS,EAAA,IAAA,EAAM,CAAA;AAAA,iBACvE,KAAO,EAAA;AACd,UAAQ,OAAA,CAAA,KAAA,CAAM,2BAA2B,MAAO,CAAA,SAAS,IAAI,MAAO,CAAA,IAAI,KAAK,KAAK,CAAA;AAClF,UAAA,OAAA,CAAQ,IAAK,CAAA;AAAA,YACX,WAAW,MAAO,CAAA,SAAA;AAAA,YAClB,MAAM,MAAO,CAAA,IAAA;AAAA,YACb,OAAS,EAAA,KAAA;AAAA,YACT,KAAO,EAAA,KAAA,YAAiB,KAAQ,GAAA,KAAA,CAAM,OAAU,GAAA;AAAA,WACjD,CAAA;AAAA;AACH;AAGF,MAAI,GAAA,CAAA,IAAA,CAAK,EAAE,OAAA,EAAS,CAAA;AAAA,aACb,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,yBAAyB,KAAK,CAAA;AAC5C,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,0CAA0C,CAAA;AAAA;AAC1E;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,MAAO,CAAA,4BAAA,EAA8B,OAAO,GAAA,EAAK,GAAQ,KAAA;AAC9D,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAGhC,MAAM,MAAA,OAAA,GAAU,MAAMK,WAAU,CAAA,iBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAM,MAAA,aAAA,GAAgB,OAAQ,CAAA,IAAA,EAAM,WAAa,EAAA,MAAA;AAGjD,MAAM,MAAA,iBAAA,GAAoB,MAAMJ,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAA2B,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,MAAM,YAAe,GAAA,iBAAA,CAAkB,CAAC,CAAA,CAAE,WAAWpB,sCAAgB,CAAA,KAAA;AAErE,MAAA,IAAI,CAAC,YAAc,EAAA;AAEjB,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAA4B,oDAAA,EAA0C,CAAA;AAAA,UACzD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWrB,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,IAAI,kBAAkB,aAAe,EAAA;AACnC,UAAM,MAAA,IAAIA,uBAAgB,+CAA+C,CAAA;AAAA;AAC3E;AAIF,MAAA,MAAMK,WAAU,CAAA,oBAAA;AAAA,QACd,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AACA,MAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,EAAA;AAAA,aACd,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,mCAAmC,KAAK,CAAA;AACtD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,oCAAoC,CAAA;AAAA;AACpE;AACF,GACD,CAAA;AAED,EAAA,MAAA,CAAO,KAAM,CAAA,4BAAA,EAA8B,OAAO,GAAA,EAAK,GAAQ,KAAA;AAE7D,IAAM,MAAA,WAAA,GAAciB,MAAE,MAAO,CAAA;AAAA,MAC3B,IAAA,EAAMA,MAAE,MAAO,CAAA;AAAA,QACb,OAAS,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,QAC7B,QAAU,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS;AAAA,OAC/B,EAAE,OAAQ;AAAA,KACZ,CAAA;AAED,IAAA,MAAM,MAAS,GAAA,WAAA,CAAY,SAAU,CAAA,GAAA,CAAI,IAAI,CAAA;AAC7C,IAAI,IAAA,CAAC,OAAO,OAAS,EAAA;AACnB,MAAA,MAAM,IAAIL,iBAAW,CAAA,iBAAA,GAAoB,MAAO,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAGlE,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,aAAc,EAAA,GAAI,MAAM,eAAgB,CAAA,GAAA,EAAK,UAAU,QAAQ,CAAA;AACvE,MAAA,MAAM,EAAE,SAAA,EAAW,IAAK,EAAA,GAAI,GAAI,CAAA,MAAA;AAGhC,MAAM,MAAA,QAAA,GAAW,MAAMP,WAAU,CAAA,iBAAA;AAAA,QAC/B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAM,MAAA,aAAA,GAAgB,QAAS,CAAA,IAAA,EAAM,WAAa,EAAA,MAAA;AAClD,MAAM,MAAA,YAAA,GAAe,QAAS,CAAA,MAAA,EAAQ,KAAS,IAAA,SAAA;AAG/C,MAAA,IAAI,iBAAiB,SAAW,EAAA;AAC9B,QAAM,MAAA,IAAIL,uBAAgB,qCAAqC,CAAA;AAAA;AAIjE,MAAM,MAAA,iBAAA,GAAoB,MAAMC,aAAY,CAAA,SAAA;AAAA,QAC1C,CAAC,EAAE,UAAY,EAAAyB,oDAAA,EAA0C,CAAA;AAAA,QACzD,EAAE,WAAY;AAAA,OAChB;AAEA,MAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWlB,uCAAgB,KAAO,EAAA;AAEzD,QAAM,MAAA,iBAAA,GAAoB,MAAMP,aAAY,CAAA,SAAA;AAAA,UAC1C,CAAC,EAAE,UAAY,EAAA0B,oDAAA,EAA0C,CAAA;AAAA,UACzD,EAAE,WAAY;AAAA,SAChB;AAEA,QAAA,IAAI,iBAAkB,CAAA,CAAC,CAAE,CAAA,MAAA,KAAWnB,uCAAgB,KAAO,EAAA;AACzD,UAAM,MAAA,IAAIR,uBAAgB,cAAc,CAAA;AAAA;AAI1C,QAAA,IAAI,kBAAkB,aAAe,EAAA;AACnC,UAAM,MAAA,IAAIA,uBAAgB,+CAA+C,CAAA;AAAA;AAC3E;AAIF,MAAM,MAAA,OAAA,GAAU,MAAMK,WAAU,CAAA,mBAAA;AAAA,QAC9B,uBAAA;AAAA,QACA,UAAA;AAAA,QACA,SAAA;AAAA,QACA,SAAA;AAAA,QACA,IAAA;AAAA,QACA,MAAO,CAAA;AAAA,OACT;AAEA,MAAA,GAAA,CAAI,KAAK,OAAO,CAAA;AAAA,aACT,KAAO,EAAA;AACd,MAAQ,OAAA,CAAA,KAAA,CAAM,mCAAmC,KAAK,CAAA;AACtD,MAAA,IAAI,iBAAiBL,sBAAiB,EAAA;AACpC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OAC/C,MAAA,IAAW,iBAAiBY,iBAAY,EAAA;AACtC,QAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,EAAE,KAAO,EAAA,KAAA,CAAM,SAAS,CAAA;AAAA,OACxC,MAAA;AACL,QAAA,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,oCAAoC,CAAA;AAAA;AACpE;AACF,GACD,CAAA;AAGD,EAAA,MAAA,CAAO,IAAIkB,sDAAkC,CAAA;AAAA,IAC3C,WAAa,EAAAC;AAAA,GACd,CAAC,CAAA;AAEF,EAAO,OAAA,MAAA;AACT;;;;"}
|