@kyro-cms/core 0.1.5 → 0.1.7

package/dist/chunk-E5X75WNB.js

@@ -0,0 +1,497 @@
+import { createHmac, randomBytes, randomUUID, timingSafeEqual } from 'crypto';
+
+// src/access/types.ts
+async function evaluateAccess(access, args) {
+  if (typeof access === "boolean") {
+    return access;
+  }
+  if (typeof access === "function") {
+    return await access(args);
+  }
+  return true;
+}
+function mergeWhereClauses(...whereClauses) {
+  const result = {};
+  for (const clause of whereClauses) {
+    if (clause && typeof clause === "object") {
+      Object.assign(result, clause);
+    }
+  }
+  return result;
+}
+function getWhereClause(access, args) {
+  return evaluateAccess(access, args).then((result) => {
+    if (result === true) return void 0;
+    if (result === false) return { _id: { $eq: null } };
+    return result;
+  });
+}
+
+// src/webhooks/types.ts
+var WEBHOOK_EVENTS = {
+  COLLECTION_CREATE: "collection.create",
+  COLLECTION_UPDATE: "collection.update",
+  COLLECTION_DELETE: "collection.delete",
+  MEDIA_UPLOAD: "media.upload",
+  MEDIA_DELETE: "media.delete",
+  AUTH_LOGIN: "auth.login",
+  AUTH_REGISTER: "auth.register",
+  AUTH_LOGOUT: "auth.logout",
+  ORDER_CREATED: "order.created",
+  ORDER_PAID: "order.paid",
+  ORDER_SHIPPED: "order.shipped",
+  ORDER_DELIVERED: "order.delivered"
+};
+var ALL_WEBHOOK_EVENTS = Object.values(WEBHOOK_EVENTS);
+var WEBHOOK_COLLECTION = "_webhooks";
+var WEBHOOK_DELIVERY_COLLECTION = "_webhook_deliveries";
+function signPayload(payload, secret) {
+  return `sha256=${createHmac("sha256", secret).update(payload).digest("hex")}`;
+}
+function generateWebhookSecret() {
+  return randomBytes(32).toString("hex");
+}
+async function deliverWebhook(webhook, payload, options = {}) {
+  const timeout = options.timeout || 3e4;
+  const startTime = Date.now();
+  const body = JSON.stringify(payload);
+  const headers = {
+    "Content-Type": "application/json",
+    "User-Agent": "Kyro-CMS-Webhook/1.0",
+    "X-Webhook-Event": payload.event,
+    "X-Webhook-Delivery": payload.id,
+    "X-Webhook-Timestamp": payload.timestamp,
+    ...webhook.headers || {}
+  };
+  if (webhook.secret) {
+    const signature = signPayload(body, webhook.secret);
+    headers["X-Webhook-Signature"] = signature;
+  }
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeout);
+  try {
+    const response = await fetch(webhook.url, {
+      method: "POST",
+      headers,
+      body,
+      signal: controller.signal
+    });
+    clearTimeout(timeoutId);
+    const duration = Date.now() - startTime;
+    let responseBody;
+    try {
+      const text = await response.text();
+      responseBody = text.slice(0, 1e3);
+    } catch {
+    }
+    const result = {
+      success: response.ok,
+      status: response.status,
+      statusText: response.statusText,
+      body: responseBody,
+      duration
+    };
+    if (result.success && options.onSuccess) {
+      options.onSuccess(result);
+    } else if (!result.success && options.onFailure) {
+      options.onFailure(`HTTP ${response.status}: ${response.statusText}`);
+    }
+    return result;
+  } catch (error) {
+    clearTimeout(timeoutId);
+    const duration = Date.now() - startTime;
+    const errorMessage = error.name === "AbortError" ? `Request timed out after ${timeout}ms` : error.message || "Unknown error";
+    if (options.onFailure) {
+      options.onFailure(errorMessage);
+    }
+    return {
+      success: false,
+      status: 0,
+      duration,
+      error: errorMessage
+    };
+  }
+}
+async function deliverWithRetry(webhook, payload, deliveryId, options = {}) {
+  const maxRetries = options.maxRetries ?? 5;
+  const baseDelay = options.retryDelay ?? 1e3;
+  let lastResult = null;
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    if (attempt > 0) {
+      const delay = Math.min(baseDelay * Math.pow(2, attempt - 1), 3e4);
+      if (options.onRetry) {
+        options.onRetry(attempt, `Retrying in ${delay}ms...`);
+      }
+      await sleep(delay);
+    }
+    if (options.onRetry && attempt > 0) {
+      options.onRetry(attempt, `Attempt ${attempt + 1}/${maxRetries + 1}`);
+    }
+    lastResult = await deliverWebhook(webhook, payload, {
+      ...options,
+      onRetry: void 0,
+      onSuccess: void 0,
+      onFailure: void 0
+    });
+    if (lastResult.success) {
+      return lastResult;
+    }
+    if (lastResult.error?.includes("timed out") && attempt < maxRetries) {
+      continue;
+    }
+    if (lastResult.status >= 400 && lastResult.status < 500) {
+      return lastResult;
+    }
+  }
+  return lastResult || {
+    success: false,
+    status: 0,
+    duration: 0,
+    error: "All delivery attempts failed"
+  };
+}
+function buildDeliveryRecord(deliveryId, webhookId, event, payload, attempt, result) {
+  return {
+    id: deliveryId,
+    webhookId,
+    event,
+    payload,
+    attempt,
+    status: result.success ? "success" : "failed",
+    responseStatus: result.status || void 0,
+    responseBody: result.body,
+    duration: result.duration,
+    error: result.error,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    deliveredAt: result.success ? (/* @__PURE__ */ new Date()).toISOString() : void 0
+  };
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function createTestPayload() {
+  return {
+    id: `test_${Date.now()}`,
+    event: "collection.create",
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    collection: "test",
+    operation: "create",
+    data: { message: "This is a test webhook delivery" },
+    user: { id: "system", email: "system@kyro.dev", role: "super_admin" }
+  };
+}
+var WebhookService = class {
+  db;
+  constructor(db) {
+    this.db = db;
+  }
+  async getWebhooks(filters) {
+    const result = await this.db.find({
+      collection: WEBHOOK_COLLECTION,
+      where: filters?.status ? { status: { equals: filters.status } } : {},
+      limit: 100,
+      page: 1
+    });
+    const webhooks = result.docs;
+    if (filters?.event) {
+      return webhooks.filter(
+        (w) => w.events.includes(filters.event)
+      );
+    }
+    return webhooks;
+  }
+  async getWebhookById(id) {
+    return this.db.findByID({
+      collection: WEBHOOK_COLLECTION,
+      id
+    });
+  }
+  async createWebhook(data) {
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const secret = data.secret || generateWebhookSecret();
+    const webhook = {
+      id: randomUUID(),
+      name: data.name,
+      url: data.url,
+      events: data.events,
+      status: data.status || "active",
+      secret,
+      headers: data.headers || {},
+      createdAt: now,
+      updatedAt: now
+    };
+    await this.db.create({
+      collection: WEBHOOK_COLLECTION,
+      data: webhook
+    });
+    return webhook;
+  }
+  async updateWebhook(id, data) {
+    const existing = await this.getWebhookById(id);
+    if (!existing) return null;
+    const updated = {
+      ...existing,
+      ...data,
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    if (data.secret === "" && "secret" in data) {
+      delete updated.secret;
+    }
+    await this.db.update({
+      collection: WEBHOOK_COLLECTION,
+      id,
+      data: updated
+    });
+    return updated;
+  }
+  async deleteWebhook(id) {
+    await this.db.delete({
+      collection: WEBHOOK_COLLECTION,
+      id
+    });
+  }
+  async trigger(event, payloadData) {
+    const webhooks = await this.getWebhooks();
+    const activeWebhooks = webhooks.filter((w) => w.status === "active");
+    const matchingWebhooks = activeWebhooks.filter(
+      (w) => w.events.includes(event)
+    );
+    if (matchingWebhooks.length === 0) {
+      return [];
+    }
+    const payload = {
+      id: `wh_${Date.now()}_${randomUUID().slice(0, 8)}`,
+      event,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      ...payloadData
+    };
+    const results = [];
+    for (const webhook of matchingWebhooks) {
+      const result = await this.triggerWebhook(webhook, payload);
+      results.push(result);
+    }
+    return results;
+  }
+  async triggerWebhook(webhook, payload) {
+    const deliveryId = `dlv_${Date.now()}_${randomUUID().slice(0, 8)}`;
+    try {
+      const result = await deliverWithRetry(webhook, payload, deliveryId, {
+        maxRetries: 5,
+        retryDelay: 1e3
+      });
+      const deliveryRecord = buildDeliveryRecord(
+        deliveryId,
+        webhook.id,
+        webhook.events[0],
+        payload,
+        1,
+        result
+      );
+      try {
+        await this.db.create({
+          collection: WEBHOOK_DELIVERY_COLLECTION,
+          data: deliveryRecord
+        });
+      } catch {
+        console.warn(
+          "[WebhookService] Failed to save delivery record:",
+          deliveryId
+        );
+      }
+      if (!result.success) {
+        await this.updateWebhook(webhook.id, {
+          status: "error",
+          lastError: result.error
+        }).catch(() => {
+        });
+      } else {
+        await this.updateWebhook(webhook.id, {
+          status: "active",
+          lastTriggered: (/* @__PURE__ */ new Date()).toISOString()
+        }).catch(() => {
+        });
+      }
+      return {
+        deliveryId,
+        webhookId: webhook.id,
+        event: webhook.events[0],
+        status: result.success ? "success" : "failed",
+        responseStatus: result.status,
+        duration: result.duration,
+        error: result.error
+      };
+    } catch (error) {
+      return {
+        deliveryId,
+        webhookId: webhook.id,
+        event: webhook.events[0],
+        status: "failed",
+        error: error.message
+      };
+    }
+  }
+  async testWebhook(webhookId) {
+    const webhook = await this.getWebhookById(webhookId);
+    if (!webhook) return null;
+    const payload = {
+      id: `test_${Date.now()}`,
+      event: webhook.events[0] || "collection.create",
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      collection: "test",
+      operation: "create",
+      data: { message: "This is a test webhook delivery from Kyro CMS" },
+      user: {
+        id: "system",
+        email: "system@kyro.dev",
+        role: "super_admin"
+      }
+    };
+    return this.triggerWebhook(webhook, payload);
+  }
+  async getDeliveryHistory(webhookId, limit = 50) {
+    const result = await this.db.find({
+      collection: WEBHOOK_DELIVERY_COLLECTION,
+      where: { webhookId: { equals: webhookId } },
+      sort: "-createdAt",
+      limit,
+      page: 1
+    });
+    return result.docs;
+  }
+  async retryDelivery(deliveryId) {
+    const delivery = await this.db.findByID({
+      collection: WEBHOOK_DELIVERY_COLLECTION,
+      id: deliveryId
+    });
+    if (!delivery) return null;
+    const webhook = await this.getWebhookById(delivery.webhookId);
+    if (!webhook) return null;
+    return this.triggerWebhook(webhook, delivery.payload);
+  }
+};
+function createWebhookService(db) {
+  return new WebhookService(db);
+}
+var API_KEY_COLLECTION = "_api_keys";
+function generateKeyPrefix(key) {
+  return key.substring(0, 8);
+}
+function constantTimeCompare(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  try {
+    return timingSafeEqual(Buffer.from(a), Buffer.from(b));
+  } catch {
+    return false;
+  }
+}
+async function validateApiKey(rawKey, db, userLookup) {
+  if (!rawKey || typeof rawKey !== "string") {
+    return { valid: false, error: "No API key provided" };
+  }
+  if (!rawKey.startsWith("kyro_")) {
+    return { valid: false, error: "Invalid API key format" };
+  }
+  const keyPrefix = generateKeyPrefix(rawKey);
+  try {
+    const result = await db.find({
+      collection: API_KEY_COLLECTION,
+      where: { keyPrefix: { equals: keyPrefix } },
+      limit: 100,
+      page: 1
+    });
+    if (!result.docs || result.docs.length === 0) {
+      return { valid: false, error: "Invalid API key" };
+    }
+    let matchedKey = null;
+    for (const doc of result.docs) {
+      const record = doc;
+      if (constantTimeCompare(record.key, rawKey)) {
+        matchedKey = record;
+        break;
+      }
+    }
+    if (!matchedKey) {
+      return { valid: false, error: "Invalid API key" };
+    }
+    if (matchedKey.expiresAt) {
+      const expiresAt = new Date(matchedKey.expiresAt);
+      if (expiresAt < /* @__PURE__ */ new Date()) {
+        return { valid: false, error: "API key has expired" };
+      }
+    }
+    try {
+      await db.update({
+        collection: API_KEY_COLLECTION,
+        id: matchedKey.id,
+        data: { lastUsedAt: (/* @__PURE__ */ new Date()).toISOString() }
+      });
+    } catch {
+    }
+    const user = {
+      id: matchedKey.userId,
+      role: matchedKey.role || "author",
+      tenantId: matchedKey.tenantId
+    };
+    if (userLookup) {
+      const dbUser = await userLookup(matchedKey.userId);
+      if (dbUser) {
+        Object.assign(user, dbUser);
+      }
+    }
+    return {
+      valid: true,
+      userId: matchedKey.userId,
+      user,
+      permissions: matchedKey.permissions || [],
+      apiKeyId: matchedKey.id,
+      tenantId: user.tenantId,
+      role: user.role
+    };
+  } catch (error) {
+    console.error("[ApiKey] Validation error:", error);
+    return { valid: false, error: "Failed to validate API key" };
+  }
+}
+function extractApiKeyFromRequest(request) {
+  const authHeader = request.headers.get("Authorization");
+  if (authHeader) {
+    if (authHeader.startsWith("ApiKey ")) {
+      return authHeader.slice(7).trim();
+    }
+    if (authHeader.startsWith("Bearer ")) {
+      return null;
+    }
+  }
+  const xApiKey = request.headers.get("X-API-Key");
+  if (xApiKey) {
+    return xApiKey.trim();
+  }
+  return null;
+}
+function createApiKeyContext(result) {
+  if (!result.valid || !result.userId) {
+    return null;
+  }
+  return {
+    userId: result.userId,
+    user: result.user || {},
+    permissions: result.permissions || [],
+    apiKeyId: result.apiKeyId || "",
+    tenantId: result.tenantId,
+    role: result.role
+  };
+}
+function hasApiKeyPermission(permissions, required) {
+  if (permissions.length === 0) return false;
+  if (permissions.includes("*")) return true;
+  if (permissions.includes(required)) return true;
+  const [resource, action] = required.split(":");
+  if (permissions.includes(`${resource}:*`)) return true;
+  return false;
+}
+
+export { ALL_WEBHOOK_EVENTS, WEBHOOK_COLLECTION, WEBHOOK_DELIVERY_COLLECTION, WEBHOOK_EVENTS, WebhookService, buildDeliveryRecord, createApiKeyContext, createTestPayload, createWebhookService, deliverWebhook, deliverWithRetry, evaluateAccess, extractApiKeyFromRequest, generateWebhookSecret, getWhereClause, hasApiKeyPermission, mergeWhereClauses, signPayload, validateApiKey };
+//# sourceMappingURL=chunk-E5X75WNB.js.map
+//# sourceMappingURL=chunk-E5X75WNB.js.map

package/dist/chunk-E5X75WNB.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/access/types.ts","../src/webhooks/types.ts","../src/webhooks/delivery.ts","../src/webhooks/WebhookService.ts","../src/auth/api-key.ts"],"names":[],"mappings":";;;AA+CA,eAAsB,cAAA,CACpB,QACA,IAAA,EACgC;AAChC,EAAA,IAAI,OAAO,WAAW,SAAA,EAAW;AAC/B,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,IAAI,OAAO,WAAW,UAAA,EAAY;AAChC,IAAA,OAAO,MAAM,OAAO,IAAI,CAAA;AAAA,EAC1B;AACA,EAAA,OAAO,IAAA;AACT;AAEO,SAAS,qBACX,YAAA,EACU;AACb,EAAA,MAAM,SAAsB,EAAC;AAC7B,EAAA,KAAA,MAAW,UAAU,YAAA,EAAc;AACjC,IAAA,IAAI,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACxC,MAAA,MAAA,CAAO,MAAA,CAAO,QAAQ,MAAM,CAAA;AAAA,IAC9B;AAAA,EACF;AACA,EAAA,OAAO,MAAA;AACT;AAEO,SAAS,cAAA,CACd,QACA,IAAA,EACkC;AAClC,EAAA,OAAO,cAAA,CAAe,MAAA,EAAQ,IAAI,CAAA,CAAE,KAAK,CAAA,MAAA,KAAU;AACjD,IAAA,IAAI,MAAA,KAAW,MAAM,OAAO,MAAA;AAC5B,IAAA,IAAI,MAAA,KAAW,OAAO,OAAO,EAAE,KAAK,EAAE,GAAA,EAAK,MAAK,EAAE;AAClD,IAAA,OAAO,MAAA;AAAA,EACT,CAAC,CAAA;AACH;;;ACjFO,IAAM,cAAA,GAAiB;AAAA,EAC5B,iBAAA,EAAmB,mBAAA;AAAA,EACnB,iBAAA,EAAmB,mBAAA;AAAA,EACnB,iBAAA,EAAmB,mBAAA;AAAA,EACnB,YAAA,EAAc,cAAA;AAAA,EACd,YAAA,EAAc,cAAA;AAAA,EACd,UAAA,EAAY,YAAA;AAAA,EACZ,aAAA,EAAe,eAAA;AAAA,EACf,WAAA,EAAa,aAAA;AAAA,EACb,aAAA,EAAe,eAAA;AAAA,EACf,UAAA,EAAY,YAAA;AAAA,EACZ,aAAA,EAAe,eAAA;AAAA,EACf,eAAA,EAAiB;AACnB;AAIO,IAAM,kBAAA,GAAqC,MAAA,CAAO,MAAA,CAAO,cAAc;AA+EvE,IAAM,kBAAA,GAAqB;AAC3B,IAAM,2BAAA,GAA8B;ACxEpC,SAAS,WAAA,CAAY,SAAiB,MAAA,EAAwB;AACnE,EAAA,OAAO,CAAA,OAAA,EAAU,UAAA,CAAW,QAAA,EAAU,MAAM,CAAA,CAAE,OAAO,OAAO,CAAA,CAAE,MAAA,CAAO,KAAK,CAAC,CAAA,CAAA;AAC7E;AAEO,SAAS,qBAAA,GAAgC;AAC9C,EAAA,OAAO,WAAA,CAAY,EAAE,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AACvC;AAEA,eAAsB,cAAA,CACpB,OAAA,EACA,OAAA,EACA,OAAA,GAA2B,EAAC,EACH;AACzB,EAAA,MAAM,OAAA,GAAU,QAAQ,OAAA,IAAW,GAAA;AACnC,EAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAE3B,EAAA,MAAM,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA;AAEnC,EAAA,MAAM,OAAA,GAAkC;AAAA,IACtC,cAAA,EAAgB,kBAAA;AAAA,IAChB,YAAA,EAAc,sBAAA;AAAA,IACd,mBAAmB,OAAA,CAAQ,KAAA;AAAA,IAC3B,sBAAsB,OAAA,CAAQ,EAAA;AAAA,IAC9B,uBAAuB,OAAA,CAAQ,SAAA;AAAA,IAC/B,GAAI,OAAA,CAAQ,OAAA,IAAW;AAAC,GAC1B;AAEA,EAAA,IAAI,QAAQ,MAAA,EAAQ;AAClB,IAAA,MAAM,SAAA,GAAY,WAAA,CAAY,IAAA,EAAM,OAAA,CAAQ,MAAM,CAAA;AAClD,IAAA,OAAA,CAAQ,qBAAqB,CAAA,GAAI,SAAA;AAAA,EACnC;AAEA,EAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,EAAA,MAAM,YAAY,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,OAAO,CAAA;AAE9D,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,OAAA,CAAQ,GAAA,EAAK;AAAA,MACxC,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA;AAAA,MACA,IAAA;AAAA,MACA,QAAQ,UAAA,CAAW;AAAA,KACpB,CAAA;AAED,IAAA,YAAA,CAAa,SAAS,CAAA;AAEtB,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAC9B,IAAA,IAAI,YAAA;AAEJ,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,MAAA,YAAA,GAAe,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,GAAI,CAAA;AAAA,IACnC,CAAA,CAAA,MAAQ;AAAA,IAAC;AAET,IAAA,MAAM,MAAA,GAAyB;AAAA,MAC7B,SAAS,QAAA,CAAS,EAAA;AAAA,MAClB,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,YAAY,QAAA,CAAS,UAAA;AAAA,MACrB,IAAA,EAAM,YAAA;AAAA,MACN;AAAA,KACF;AAEA,IAAA,IAAI,MAAA,CAAO,OAAA,IAAW,OAAA,CAAQ,SAAA,EAAW;AACvC,MAAA,OAAA,CAAQ,UAAU,MAAM,CAAA;AAAA,IAC1B,CAAA,MAAA,IAAW,CAAC,MAAA,CAAO,OAAA,IAAW,QAAQ,SAAA,EAAW;AAC/C,MAAA,OAAA,CAAQ,UAAU,CAAA,KAAA,EAAQ,QAAA,CAAS,MAAM,CAAA,EAAA,EAAK,QAAA,CAAS,UAAU,CAAA,CAAE,CAAA;AAAA,IACrE;AAEA,IAAA,OAAO,MAAA;AAAA,EACT,SAAS,KAAA,EAAY;AACnB,IAAA,YAAA,CAAa,SAAS,CAAA;AACtB,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAC9B,IAAA,MAAM,YAAA,GACJ,MAAM,IAAA,KAAS,YAAA,GACX,2BAA2B,OAAO,CAAA,EAAA,CAAA,GAClC,MAAM,OAAA,IAAW,eAAA;AAEvB,IAAA,IAAI,QAAQ,SAAA,EAAW;AACrB,MAAA,OAAA,CAAQ,UAAU,YAAY,CAAA;AAAA,IAChC;AAEA,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ,CAAA;AAAA,MACR,QAAA;AAAA,MACA,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AACF;AAEA,eAAsB,iBACpB,OAAA,EACA,OAAA,EACA,UAAA,EACA,OAAA,GAA2B,EAAC,EACH;AACzB,EAAA,MAAM,UAAA,GAAa,QAAQ,UAAA,IAAc,CAAA;AACzC,EAAA,MAAM,SAAA,GAAY,QAAQ,UAAA,IAAc,GAAA;AACxC,EAAA,IAAI,UAAA,GAAoC,IAAA;AAExC,EAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,OAAA,EAAA,EAAW;AACtD,IAAA,IAAI,UAAU,CAAA,EAAG;AACf,MAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,GAAA,CAAI,SAAA,GAAY,IAAA,CAAK,IAAI,CAAA,EAAG,OAAA,GAAU,CAAC,CAAA,EAAG,GAAK,CAAA;AAClE,MAAA,IAAI,QAAQ,OAAA,EAAS;AACnB,QAAA,OAAA,CAAQ,OAAA,CAAQ,OAAA,EAAS,CAAA,YAAA,EAAe,KAAK,CAAA,KAAA,CAAO,CAAA;AAAA,MACtD;AACA,MAAA,MAAM,MAAM,KAAK,CAAA;AAAA,IACnB;AAEA,IAAA,IAAI,OAAA,CAAQ,OAAA,IAAW,OAAA,GAAU,CAAA,EAAG;AAClC,MAAA,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA,QAAA,EAAW,OAAA,GAAU,CAAC,CAAA,CAAA,EAAI,UAAA,GAAa,CAAC,CAAA,CAAE,CAAA;AAAA,IACrE;AAEA,IAAA,UAAA,GAAa,MAAM,cAAA,CAAe,OAAA,EAAS,OAAA,EAAS;AAAA,MAClD,GAAG,OAAA;AAAA,MACH,OAAA,EAAS,MAAA;AAAA,MACT,SAAA,EAAW,MAAA;AAAA,MACX,SAAA,EAAW;AAAA,KACZ,CAAA;AAED,IAAA,IAAI,WAAW,OAAA,EAAS;AACtB,MAAA,OAAO,UAAA;AAAA,IACT;AAEA,IAAA,IAAI,WAAW,KAAA,EAAO,QAAA,CAAS,WAAW,CAAA,IAAK,UAAU,UAAA,EAAY;AACnE,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,UAAA,CAAW,MAAA,IAAU,GAAA,IAAO,UAAA,CAAW,SAAS,GAAA,EAAK;AACvD,MAAA,OAAO,UAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OACE,UAAA,IAAc;AAAA,IACZ,OAAA,EAAS,KAAA;AAAA,IACT,MAAA,EAAQ,CAAA;AAAA,IACR,QAAA,EAAU,CAAA;AAAA,IACV,KAAA,EAAO;AAAA,GACT;AAEJ;AAEO,SAAS,oBACd,UAAA,EACA,SAAA,EACA,KAAA,EACA,OAAA,EACA,SACA,MAAA,EACiB;AACjB,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,UAAA;AAAA,IACJ,SAAA;AAAA,IACA,KAAA;AAAA,IACA,OAAA;AAAA,IACA,OAAA;AAAA,IACA,MAAA,EAAQ,MAAA,CAAO,OAAA,GAAU,SAAA,GAAY,QAAA;AAAA,IACrC,cAAA,EAAgB,OAAO,MAAA,IAAU,MAAA;AAAA,IACjC,cAAc,MAAA,CAAO,IAAA;AAAA,IACrB,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,OAAO,MAAA,CAAO,KAAA;AAAA,IACd,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,IAClC,aAAa,MAAA,CAAO,OAAA,GAAA,qBAAc,IAAA,EAAK,EAAE,aAAY,GAAI;AAAA,GAC3D;AACF;AAEA,SAAS,MAAM,EAAA,EAA2B;AACxC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AACzD;AAEO,SAAS,iBAAA,GAAoC;AAClD,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,CAAA,KAAA,EAAQ,IAAA,CAAK,GAAA,EAAK,CAAA,CAAA;AAAA,IACtB,KAAA,EAAO,mBAAA;AAAA,IACP,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,IAClC,UAAA,EAAY,MAAA;AAAA,IACZ,SAAA,EAAW,QAAA;AAAA,IACX,IAAA,EAAM,EAAE,OAAA,EAAS,iCAAA,EAAkC;AAAA,IACnD,MAAM,EAAE,EAAA,EAAI,UAAU,KAAA,EAAO,iBAAA,EAAmB,MAAM,aAAA;AAAc,GACtE;AACF;AC1LO,IAAM,iBAAN,MAAqB;AAAA,EAClB,EAAA;AAAA,EAER,YAAY,EAAA,EAAiB;AAC3B,IAAA,IAAA,CAAK,EAAA,GAAK,EAAA;AAAA,EACZ;AAAA,EAEA,MAAM,YAAY,OAAA,EAGW;AAC3B,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,EAAA,CAAG,IAAA,CAAK;AAAA,MAChC,UAAA,EAAY,kBAAA;AAAA,MACZ,KAAA,EAAO,OAAA,EAAS,MAAA,GAAS,EAAE,MAAA,EAAQ,EAAE,MAAA,EAAQ,OAAA,CAAQ,MAAA,EAAO,EAAE,GAAI,EAAC;AAAA,MACnE,KAAA,EAAO,GAAA;AAAA,MACP,IAAA,EAAM;AAAA,KACP,CAAA;AAED,IAAA,MAAM,WAAW,MAAA,CAAO,IAAA;AAExB,IAAA,IAAI,SAAS,KAAA,EAAO;AAClB,MAAA,OAAO,QAAA,CAAS,MAAA;AAAA,QAAO,CAAC,CAAA,KACtB,CAAA,CAAE,MAAA,CAAO,QAAA,CAAS,QAAQ,KAAqB;AAAA,OACjD;AAAA,IACF;AAEA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEA,MAAM,eAAe,EAAA,EAA2C;AAC9D,IAAA,OAAO,IAAA,CAAK,GAAG,QAAA,CAAS;AAAA,MACtB,UAAA,EAAY,kBAAA;AAAA,MACZ;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,cAAc,IAAA,EAAiD;AACnE,IAAA,MAAM,GAAA,GAAA,iBAAM,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AACnC,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,IAAU,qBAAA,EAAsB;AAEpD,IAAA,MAAM,OAAA,GAAU;AAAA,MACd,IAAI,UAAA,EAAW;AAAA,MACf,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,KAAK,IAAA,CAAK,GAAA;AAAA,MACV,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,MAAA,EAAQ,KAAK,MAAA,IAAU,QAAA;AAAA,MACvB,MAAA;AAAA,MACA,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,EAAC;AAAA,MAC1B,SAAA,EAAW,GAAA;AAAA,MACX,SAAA,EAAW;AAAA,KACb;AAEA,IAAA,MAAM,IAAA,CAAK,GAAG,MAAA,CAAO;AAAA,MACnB,UAAA,EAAY,kBAAA;AAAA,MACZ,IAAA,EAAM;AAAA,KACP,CAAA;AAED,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEA,MAAM,aAAA,CACJ,EAAA,EACA,IAAA,EAC+B;AAC/B,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,cAAA,CAAe,EAAE,CAAA;AAC7C,IAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,IAAA,MAAM,OAAA,GAAU;AAAA,MACd,GAAG,QAAA;AAAA,MACH,GAAG,IAAA;AAAA,MACH,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,KACpC;AAEA,IAAA,IAAI,IAAA,CAAK,MAAA,KAAW,EAAA,IAAM,QAAA,IAAY,IAAA,EAAM;AAC1C,MAAA,OAAO,OAAA,CAAQ,MAAA;AAAA,IACjB;AAEA,IAAA,MAAM,IAAA,CAAK,GAAG,MAAA,CAAO;AAAA,MACnB,UAAA,EAAY,kBAAA;AAAA,MACZ,EAAA;AAAA,MACA,IAAA,EAAM;AAAA,KACP,CAAA;AAED,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEA,MAAM,cAAc,EAAA,EAA2B;AAC7C,IAAA,MAAM,IAAA,CAAK,GAAG,MAAA,CAAO;AAAA,MACnB,UAAA,EAAY,kBAAA;AAAA,MACZ;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,OAAA,CACJ,KAAA,EACA,WAAA,EACiC;AACjC,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,WAAA,EAAY;AACxC,IAAA,MAAM,iBAAiB,QAAA,CAAS,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,QAAQ,CAAA;AAEnE,IAAA,MAAM,mBAAmB,cAAA,CAAe,MAAA;AAAA,MAAO,CAAC,CAAA,KAC9C,CAAA,CAAE,MAAA,CAAO,SAAS,KAAK;AAAA,KACzB;AAEA,IAAA,IAAI,gBAAA,CAAiB,WAAW,CAAA,EAAG;AACjC,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,MAAM,OAAA,GAA0B;AAAA,MAC9B,EAAA,EAAI,CAAA,GAAA,EAAM,IAAA,CAAK,GAAA,EAAK,CAAA,CAAA,EAAI,UAAA,EAAW,CAAE,KAAA,CAAM,CAAA,EAAG,CAAC,CAAC,CAAA,CAAA;AAAA,MAChD,KAAA;AAAA,MACA,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,MAClC,GAAG;AAAA,KACL;AAEA,IAAA,MAAM,UAAkC,EAAC;AAEzC,IAAA,KAAA,MAAW,WAAW,gBAAA,EAAkB;AACtC,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,OAAO,CAAA;AACzD,MAAA,OAAA,CAAQ,KAAK,MAAM,CAAA;AAAA,IACrB;AAEA,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEA,MAAM,cAAA,CACJ,OAAA,EACA,OAAA,EAC+B;AAC/B,IAAA,MAAM,UAAA,GAAa,CAAA,IAAA,EAAO,IAAA,CAAK,GAAA,EAAK,CAAA,CAAA,EAAI,UAAA,EAAW,CAAE,KAAA,CAAM,CAAA,EAAG,CAAC,CAAC,CAAA,CAAA;AAEhE,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,gBAAA,CAAiB,OAAA,EAAS,SAAS,UAAA,EAAY;AAAA,QAClE,UAAA,EAAY,CAAA;AAAA,QACZ,UAAA,EAAY;AAAA,OACb,CAAA;AAED,MAAA,MAAM,cAAA,GAAiB,mBAAA;AAAA,QACrB,UAAA;AAAA,QACA,OAAA,CAAQ,EAAA;AAAA,QACR,OAAA,CAAQ,OAAO,CAAC,CAAA;AAAA,QAChB,OAAA;AAAA,QACA,CAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,CAAK,GAAG,MAAA,CAAO;AAAA,UACnB,UAAA,EAAY,2BAAA;AAAA,UACZ,IAAA,EAAM;AAAA,SACP,CAAA;AAAA,MACH,CAAA,CAAA,MAAQ;AACN,QAAA,OAAA,CAAQ,IAAA;AAAA,UACN,kDAAA;AAAA,UACA;AAAA,SACF;AAAA,MACF;AAEA,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,MAAM,IAAA,CAAK,aAAA,CAAc,OAAA,CAAQ,EAAA,EAAI;AAAA,UACnC,MAAA,EAAQ,OAAA;AAAA,UACR,WAAW,MAAA,CAAO;AAAA,SACnB,CAAA,CAAE,KAAA,CAAM,MAAM;AAAA,QAAC,CAAC,CAAA;AAAA,MACnB,CAAA,MAAO;AACL,QAAA,MAAM,IAAA,CAAK,aAAA,CAAc,OAAA,CAAQ,EAAA,EAAI;AAAA,UACnC,MAAA,EAAQ,QAAA;AAAA,UACR,aAAA,EAAA,iBAAe,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,SACvC,CAAA,CAAE,KAAA,CAAM,MAAM;AAAA,QAAC,CAAC,CAAA;AAAA,MACnB;AAEA,MAAA,OAAO;AAAA,QACL,UAAA;AAAA,QACA,WAAW,OAAA,CAAQ,EAAA;AAAA,QACnB,KAAA,EAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA;AAAA,QACvB,MAAA,EAAQ,MAAA,CAAO,OAAA,GAAU,SAAA,GAAY,QAAA;AAAA,QACrC,gBAAgB,MAAA,CAAO,MAAA;AAAA,QACvB,UAAU,MAAA,CAAO,QAAA;AAAA,QACjB,OAAO,MAAA,CAAO;AAAA,OAChB;AAAA,IACF,SAAS,KAAA,EAAY;AACnB,MAAA,OAAO;AAAA,QACL,UAAA;AAAA,QACA,WAAW,OAAA,CAAQ,EAAA;AAAA,QACnB,KAAA,EAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA;AAAA,QACvB,MAAA,EAAQ,QAAA;AAAA,QACR,OAAO,KAAA,CAAM;AAAA,OACf;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,YAAY,SAAA,EAAyD;AACzE,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,CAAA;AACnD,IAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AAErB,IAAA,MAAM,OAAA,GAA0B;AAAA,MAC9B,EAAA,EAAI,CAAA,KAAA,EAAQ,IAAA,CAAK,GAAA,EAAK,CAAA,CAAA;AAAA,MACtB,KAAA,EAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA,IAAK,mBAAA;AAAA,MAC5B,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,MAClC,UAAA,EAAY,MAAA;AAAA,MACZ,SAAA,EAAW,QAAA;AAAA,MACX,IAAA,EAAM,EAAE,OAAA,EAAS,+CAAA,EAAgD;AAAA,MACjE,IAAA,EAAM;AAAA,QACJ,EAAA,EAAI,QAAA;AAAA,QACJ,KAAA,EAAO,iBAAA;AAAA,QACP,IAAA,EAAM;AAAA;AACR,KACF;AAEA,IAAA,OAAO,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS,OAAO,CAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,kBAAA,CACJ,SAAA,EACA,KAAA,GAAgB,EAAA,EACY;AAC5B,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,EAAA,CAAG,IAAA,CAAK;AAAA,MAChC,UAAA,EAAY,2BAAA;AAAA,MACZ,OAAO,EAAE,SAAA,EAAW,EAAE,MAAA,EAAQ,WAAU,EAAE;AAAA,MAC1C,IAAA,EAAM,YAAA;AAAA,MACN,KAAA;AAAA,MACA,IAAA,EAAM;AAAA,KACP,CAAA;AAED,IAAA,OAAO,MAAA,CAAO,IAAA;AAAA,EAChB;AAAA,EAEA,MAAM,cACJ,UAAA,EACsC;AACtC,IAAA,MAAM,QAAA,GAAY,MAAM,IAAA,CAAK,EAAA,CAAG,QAAA,CAAS;AAAA,MACvC,UAAA,EAAY,2BAAA;AAAA,MACZ,EAAA,EAAI;AAAA,KACL,CAAA;AAED,IAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,SAAS,CAAA;AAC5D,IAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AAErB,IAAA,OAAO,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS,QAAA,CAAS,OAAO,CAAA;AAAA,EACtD;AACF;AAEO,SAAS,qBAAqB,EAAA,EAAiC;AACpE,EAAA,OAAO,IAAI,eAAe,EAAE,CAAA;AAC9B;ACpOO,IAAM,kBAAA,GAAqB,WAAA;AAElC,SAAS,kBAAkB,GAAA,EAAqB;AAC9C,EAAA,OAAO,GAAA,CAAI,SAAA,CAAU,CAAA,EAAG,CAAC,CAAA;AAC3B;AAEA,SAAS,mBAAA,CAAoB,GAAW,CAAA,EAAoB;AAC1D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ;AACzB,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI;AACF,IAAA,OAAO,eAAA,CAAgB,OAAO,IAAA,CAAK,CAAC,GAAG,MAAA,CAAO,IAAA,CAAK,CAAC,CAAC,CAAA;AAAA,EACvD,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEA,eAAsB,cAAA,CACpB,MAAA,EACA,EAAA,EACA,UAAA,EACiC;AACjC,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACzC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,qBAAA,EAAsB;AAAA,EACtD;AAEA,EAAA,IAAI,CAAC,MAAA,CAAO,UAAA,CAAW,OAAO,CAAA,EAAG;AAC/B,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,wBAAA,EAAyB;AAAA,EACzD;AAEA,EAAA,MAAM,SAAA,GAAY,kBAAkB,MAAM,CAAA;AAE1C,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAM,EAAA,CAAG,IAAA,CAAK;AAAA,MAC3B,UAAA,EAAY,kBAAA;AAAA,MACZ,OAAO,EAAE,SAAA,EAAW,EAAE,MAAA,EAAQ,WAAU,EAAE;AAAA,MAC1C,KAAA,EAAO,GAAA;AAAA,MACP,IAAA,EAAM;AAAA,KACP,CAAA;AAED,IAAA,IAAI,CAAC,MAAA,CAAO,IAAA,IAAQ,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA,EAAG;AAC5C,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,iBAAA,EAAkB;AAAA,IAClD;AAEA,IAAA,IAAI,UAAA,GAAkC,IAAA;AACtC,IAAA,KAAA,MAAW,GAAA,IAAO,OAAO,IAAA,EAAM;AAC7B,MAAA,MAAM,MAAA,GAAS,GAAA;AACf,MAAA,IAAI,mBAAA,CAAoB,MAAA,CAAO,GAAA,EAAK,MAAM,CAAA,EAAG;AAC3C,QAAA,UAAA,GAAa,MAAA;AACb,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,iBAAA,EAAkB;AAAA,IAClD;AAEA,IAAA,IAAI,WAAW,SAAA,EAAW;AACxB,MAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,UAAA,CAAW,SAAS,CAAA;AAC/C,MAAA,IAAI,SAAA,mBAAY,IAAI,IAAA,EAAK,EAAG;AAC1B,QAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,qBAAA,EAAsB;AAAA,MACtD;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,GAAG,MAAA,CAAO;AAAA,QACd,UAAA,EAAY,kBAAA;AAAA,QACZ,IAAI,UAAA,CAAW,EAAA;AAAA,QACf,MAAM,EAAE,UAAA,EAAA,qBAAgB,IAAA,EAAK,EAAE,aAAY;AAAE,OAC9C,CAAA;AAAA,IACH,CAAA,CAAA,MAAQ;AAAA,IAER;AAEA,IAAA,MAAM,IAAA,GAA0B;AAAA,MAC9B,IAAI,UAAA,CAAW,MAAA;AAAA,MACf,IAAA,EAAO,WAAmB,IAAA,IAAQ,QAAA;AAAA,MAClC,UAAW,UAAA,CAAmB;AAAA,KAChC;AAEA,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,MAAM,MAAA,GAAS,MAAM,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA;AACjD,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,MAAA,CAAO,MAAA,CAAO,MAAM,MAAM,CAAA;AAAA,MAC5B;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,IAAA;AAAA,MACP,QAAQ,UAAA,CAAW,MAAA;AAAA,MACnB,IAAA;AAAA,MACA,WAAA,EAAa,UAAA,CAAW,WAAA,IAAe,EAAC;AAAA,MACxC,UAAU,UAAA,CAAW,EAAA;AAAA,MACrB,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,MAAM,IAAA,CAAK;AAAA,KACb;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,4BAAA,EAA6B;AAAA,EAC7D;AACF;AAEO,SAAS,yBAAyB,OAAA,EAAiC;AACxE,EAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,EAAA,IAAI,UAAA,EAAY;AACd,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AACpC,MAAA,OAAO,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK;AAAA,IAClC;AACA,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AACpC,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA;AAC/C,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,OAAO,QAAQ,IAAA,EAAK;AAAA,EACtB;AAEA,EAAA,OAAO,IAAA;AACT;AAEO,SAAS,oBACd,MAAA,EACsB;AACtB,EAAA,IAAI,CAAC,MAAA,CAAO,KAAA,IAAS,CAAC,OAAO,MAAA,EAAQ;AACnC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,IAAA,EAAM,MAAA,CAAO,IAAA,IAAQ,EAAC;AAAA,IACtB,WAAA,EAAa,MAAA,CAAO,WAAA,IAAe,EAAC;AAAA,IACpC,QAAA,EAAU,OAAO,QAAA,IAAY,EAAA;AAAA,IAC7B,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,MAAM,MAAA,CAAO;AAAA,GACf;AACF;AAEO,SAAS,mBAAA,CACd,aACA,QAAA,EACS;AACT,EAAA,IAAI,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AACrC,EAAA,IAAI,WAAA,CAAY,QAAA,CAAS,GAAG,CAAA,EAAG,OAAO,IAAA;AACtC,EAAA,IAAI,WAAA,CAAY,QAAA,CAAS,QAAQ,CAAA,EAAG,OAAO,IAAA;AAE3C,EAAA,MAAM,CAAC,QAAA,EAAU,MAAM,CAAA,GAAI,QAAA,CAAS,MAAM,GAAG,CAAA;AAC7C,EAAA,IAAI,YAAY,QAAA,CAAS,CAAA,EAAG,QAAQ,CAAA,EAAA,CAAI,GAAG,OAAO,IAAA;AAElD,EAAA,OAAO,KAAA;AACT","file":"chunk-E5X75WNB.js","sourcesContent":["import type { User, Request } from '../hooks/types.js';\n\n// ============================================================================\n// Access Control Types\n// ============================================================================\n\nexport interface WhereClause {\n  [field: string]: any;\n}\n\nexport interface AccessArgs {\n  req: Request;\n  user?: User;\n  data?: any;\n  doc?: any;\n  id?: string;\n  tenantID?: string;\n  context?: Record<string, any>;\n}\n\nexport type AccessControl = boolean | ((args: AccessArgs) => Promise<boolean | WhereClause> | boolean | WhereClause);\n\nexport interface CollectionAccess {\n  create?: AccessControl;\n  read?: AccessControl;\n  update?: AccessControl;\n  delete?: AccessControl;\n  admin?: AccessControl;\n  unlock?: AccessControl;\n  readVersions?: AccessControl;\n}\n\nexport interface GlobalAccess {\n  read?: AccessControl;\n  update?: AccessControl;\n}\n\nexport interface FieldAccess {\n  create?: AccessControl;\n  read?: AccessControl;\n  update?: AccessControl;\n}\n\n// ============================================================================\n// Access Control Evaluation\n// ============================================================================\n\nexport async function evaluateAccess(\n  access: AccessControl,\n  args: AccessArgs\n): Promise<boolean | WhereClause> {\n  if (typeof access === 'boolean') {\n    return access;\n  }\n  if (typeof access === 'function') {\n    return await access(args);\n  }\n  return true;\n}\n\nexport function mergeWhereClauses(\n  ...whereClauses: (WhereClause | boolean | undefined)[]\n): WhereClause {\n  const result: WhereClause = {};\n  for (const clause of whereClauses) {\n    if (clause && typeof clause === 'object') {\n      Object.assign(result, clause);\n    }\n  }\n  return result;\n}\n\nexport function getWhereClause(\n  access: AccessControl,\n  args: AccessArgs\n): Promise<WhereClause | undefined> {\n  return evaluateAccess(access, args).then(result => {\n    if (result === true) return undefined;\n    if (result === false) return { _id: { $eq: null } };\n    return result;\n  });\n}\n","export const WEBHOOK_EVENTS = {\n  COLLECTION_CREATE: \"collection.create\",\n  COLLECTION_UPDATE: \"collection.update\",\n  COLLECTION_DELETE: \"collection.delete\",\n  MEDIA_UPLOAD: \"media.upload\",\n  MEDIA_DELETE: \"media.delete\",\n  AUTH_LOGIN: \"auth.login\",\n  AUTH_REGISTER: \"auth.register\",\n  AUTH_LOGOUT: \"auth.logout\",\n  ORDER_CREATED: \"order.created\",\n  ORDER_PAID: \"order.paid\",\n  ORDER_SHIPPED: \"order.shipped\",\n  ORDER_DELIVERED: \"order.delivered\",\n} as const;\n\nexport type WebhookEvent = (typeof WEBHOOK_EVENTS)[keyof typeof WEBHOOK_EVENTS];\n\nexport const ALL_WEBHOOK_EVENTS: WebhookEvent[] = Object.values(WEBHOOK_EVENTS);\n\nexport interface WebhookConfig {\n  id: string;\n  name: string;\n  url: string;\n  events: WebhookEvent[];\n  status: \"active\" | \"inactive\" | \"error\";\n  secret?: string;\n  headers?: Record<string, string>;\n  lastTriggered?: string;\n  lastError?: string;\n  createdAt: string;\n  updatedAt: string;\n}\n\nexport interface CreateWebhookData {\n  name: string;\n  url: string;\n  events: WebhookEvent[];\n  status?: \"active\" | \"inactive\";\n  secret?: string;\n  headers?: Record<string, string>;\n}\n\nexport interface UpdateWebhookData {\n  name?: string;\n  url?: string;\n  events?: WebhookEvent[];\n  status?: \"active\" | \"inactive\" | \"error\";\n  secret?: string;\n  headers?: Record<string, string>;\n  lastTriggered?: string | null;\n  lastError?: string | null;\n}\n\nexport interface WebhookPayload {\n  id: string;\n  event: WebhookEvent;\n  timestamp: string;\n  collection?: string;\n  operation?: \"create\" | \"update\" | \"delete\";\n  data?: unknown;\n  previousData?: unknown;\n  user?: {\n    id: string;\n    email?: string;\n    role?: string;\n  };\n  tenantId?: string;\n  metadata?: Record<string, unknown>;\n}\n\nexport interface WebhookDelivery {\n  id: string;\n  webhookId: string;\n  event: WebhookEvent;\n  payload: WebhookPayload;\n  attempt: number;\n  status: \"pending\" | \"success\" | \"failed\" | \"retrying\";\n  responseStatus?: number;\n  responseBody?: string;\n  error?: string;\n  duration?: number;\n  createdAt: string;\n  deliveredAt?: string;\n  nextRetryAt?: string;\n}\n\nexport interface WebhookTriggerResult {\n  deliveryId: string;\n  webhookId: string;\n  event: WebhookEvent;\n  status: \"queued\" | \"success\" | \"failed\";\n  responseStatus?: number;\n  duration?: number;\n  error?: string;\n}\n\nexport const WEBHOOK_COLLECTION = \"_webhooks\";\nexport const WEBHOOK_DELIVERY_COLLECTION = \"_webhook_deliveries\";\n","import { createHmac, randomBytes } from \"crypto\";\nimport type {\n  WebhookConfig,\n  WebhookPayload,\n  WebhookDelivery,\n} from \"./types.js\";\n\nexport interface DeliveryResult {\n  success: boolean;\n  status: number;\n  statusText?: string;\n  body?: string;\n  duration: number;\n  error?: string;\n}\n\nexport interface DeliveryOptions {\n  timeout?: number;\n  maxRetries?: number;\n  retryDelay?: number;\n  onRetry?: (attempt: number, error: string) => void;\n  onSuccess?: (result: DeliveryResult) => void;\n  onFailure?: (error: string) => void;\n}\n\nexport function signPayload(payload: string, secret: string): string {\n  return `sha256=${createHmac(\"sha256\", secret).update(payload).digest(\"hex\")}`;\n}\n\nexport function generateWebhookSecret(): string {\n  return randomBytes(32).toString(\"hex\");\n}\n\nexport async function deliverWebhook(\n  webhook: WebhookConfig,\n  payload: WebhookPayload,\n  options: DeliveryOptions = {},\n): Promise<DeliveryResult> {\n  const timeout = options.timeout || 30000;\n  const startTime = Date.now();\n\n  const body = JSON.stringify(payload);\n\n  const headers: Record<string, string> = {\n    \"Content-Type\": \"application/json\",\n    \"User-Agent\": \"Kyro-CMS-Webhook/1.0\",\n    \"X-Webhook-Event\": payload.event,\n    \"X-Webhook-Delivery\": payload.id,\n    \"X-Webhook-Timestamp\": payload.timestamp,\n    ...(webhook.headers || {}),\n  };\n\n  if (webhook.secret) {\n    const signature = signPayload(body, webhook.secret);\n    headers[\"X-Webhook-Signature\"] = signature;\n  }\n\n  const controller = new AbortController();\n  const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n  try {\n    const response = await fetch(webhook.url, {\n      method: \"POST\",\n      headers,\n      body,\n      signal: controller.signal,\n    });\n\n    clearTimeout(timeoutId);\n\n    const duration = Date.now() - startTime;\n    let responseBody: string | undefined;\n\n    try {\n      const text = await response.text();\n      responseBody = text.slice(0, 1000);\n    } catch {}\n\n    const result: DeliveryResult = {\n      success: response.ok,\n      status: response.status,\n      statusText: response.statusText,\n      body: responseBody,\n      duration,\n    };\n\n    if (result.success && options.onSuccess) {\n      options.onSuccess(result);\n    } else if (!result.success && options.onFailure) {\n      options.onFailure(`HTTP ${response.status}: ${response.statusText}`);\n    }\n\n    return result;\n  } catch (error: any) {\n    clearTimeout(timeoutId);\n    const duration = Date.now() - startTime;\n    const errorMessage =\n      error.name === \"AbortError\"\n        ? `Request timed out after ${timeout}ms`\n        : error.message || \"Unknown error\";\n\n    if (options.onFailure) {\n      options.onFailure(errorMessage);\n    }\n\n    return {\n      success: false,\n      status: 0,\n      duration,\n      error: errorMessage,\n    };\n  }\n}\n\nexport async function deliverWithRetry(\n  webhook: WebhookConfig,\n  payload: WebhookPayload,\n  deliveryId: string,\n  options: DeliveryOptions = {},\n): Promise<DeliveryResult> {\n  const maxRetries = options.maxRetries ?? 5;\n  const baseDelay = options.retryDelay ?? 1000;\n  let lastResult: DeliveryResult | null = null;\n\n  for (let attempt = 0; attempt <= maxRetries; attempt++) {\n    if (attempt > 0) {\n      const delay = Math.min(baseDelay * Math.pow(2, attempt - 1), 30000);\n      if (options.onRetry) {\n        options.onRetry(attempt, `Retrying in ${delay}ms...`);\n      }\n      await sleep(delay);\n    }\n\n    if (options.onRetry && attempt > 0) {\n      options.onRetry(attempt, `Attempt ${attempt + 1}/${maxRetries + 1}`);\n    }\n\n    lastResult = await deliverWebhook(webhook, payload, {\n      ...options,\n      onRetry: undefined,\n      onSuccess: undefined,\n      onFailure: undefined,\n    });\n\n    if (lastResult.success) {\n      return lastResult;\n    }\n\n    if (lastResult.error?.includes(\"timed out\") && attempt < maxRetries) {\n      continue;\n    }\n\n    if (lastResult.status >= 400 && lastResult.status < 500) {\n      return lastResult;\n    }\n  }\n\n  return (\n    lastResult || {\n      success: false,\n      status: 0,\n      duration: 0,\n      error: \"All delivery attempts failed\",\n    }\n  );\n}\n\nexport function buildDeliveryRecord(\n  deliveryId: string,\n  webhookId: string,\n  event: string,\n  payload: WebhookPayload,\n  attempt: number,\n  result: DeliveryResult,\n): WebhookDelivery {\n  return {\n    id: deliveryId,\n    webhookId,\n    event: event as any,\n    payload,\n    attempt,\n    status: result.success ? \"success\" : \"failed\",\n    responseStatus: result.status || undefined,\n    responseBody: result.body,\n    duration: result.duration,\n    error: result.error,\n    createdAt: new Date().toISOString(),\n    deliveredAt: result.success ? new Date().toISOString() : undefined,\n  };\n}\n\nfunction sleep(ms: number): Promise<void> {\n  return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\nexport function createTestPayload(): WebhookPayload {\n  return {\n    id: `test_${Date.now()}`,\n    event: \"collection.create\",\n    timestamp: new Date().toISOString(),\n    collection: \"test\",\n    operation: \"create\",\n    data: { message: \"This is a test webhook delivery\" },\n    user: { id: \"system\", email: \"system@kyro.dev\", role: \"super_admin\" },\n  };\n}\n","import { randomUUID } from \"crypto\";\nimport type { BaseAdapter } from \"../registry/types.js\";\nimport {\n  type WebhookConfig,\n  type CreateWebhookData,\n  type UpdateWebhookData,\n  type WebhookPayload,\n  type WebhookDelivery,\n  type WebhookEvent,\n  type WebhookTriggerResult,\n  WEBHOOK_COLLECTION,\n  WEBHOOK_DELIVERY_COLLECTION,\n} from \"./types.js\";\nimport {\n  deliverWithRetry,\n  buildDeliveryRecord,\n  generateWebhookSecret,\n} from \"./delivery.js\";\n\nexport class WebhookService {\n  private db: BaseAdapter;\n\n  constructor(db: BaseAdapter) {\n    this.db = db;\n  }\n\n  async getWebhooks(filters?: {\n    status?: string;\n    event?: WebhookEvent;\n  }): Promise<WebhookConfig[]> {\n    const result = await this.db.find({\n      collection: WEBHOOK_COLLECTION,\n      where: filters?.status ? { status: { equals: filters.status } } : {},\n      limit: 100,\n      page: 1,\n    });\n\n    const webhooks = result.docs as unknown as WebhookConfig[];\n\n    if (filters?.event) {\n      return webhooks.filter((w) =>\n        w.events.includes(filters.event as WebhookEvent),\n      );\n    }\n\n    return webhooks;\n  }\n\n  async getWebhookById(id: string): Promise<WebhookConfig | null> {\n    return this.db.findByID({\n      collection: WEBHOOK_COLLECTION,\n      id,\n    }) as Promise<WebhookConfig | null>;\n  }\n\n  async createWebhook(data: CreateWebhookData): Promise<WebhookConfig> {\n    const now = new Date().toISOString();\n    const secret = data.secret || generateWebhookSecret();\n\n    const webhook = {\n      id: randomUUID(),\n      name: data.name,\n      url: data.url,\n      events: data.events,\n      status: data.status || \"active\",\n      secret,\n      headers: data.headers || {},\n      createdAt: now,\n      updatedAt: now,\n    };\n\n    await this.db.create({\n      collection: WEBHOOK_COLLECTION,\n      data: webhook,\n    });\n\n    return webhook as WebhookConfig;\n  }\n\n  async updateWebhook(\n    id: string,\n    data: UpdateWebhookData,\n  ): Promise<WebhookConfig | null> {\n    const existing = await this.getWebhookById(id);\n    if (!existing) return null;\n\n    const updated = {\n      ...existing,\n      ...data,\n      updatedAt: new Date().toISOString(),\n    };\n\n    if (data.secret === \"\" && \"secret\" in data) {\n      delete updated.secret;\n    }\n\n    await this.db.update({\n      collection: WEBHOOK_COLLECTION,\n      id,\n      data: updated,\n    });\n\n    return updated as WebhookConfig;\n  }\n\n  async deleteWebhook(id: string): Promise<void> {\n    await this.db.delete({\n      collection: WEBHOOK_COLLECTION,\n      id,\n    });\n  }\n\n  async trigger(\n    event: WebhookEvent,\n    payloadData: Omit<WebhookPayload, \"id\" | \"event\" | \"timestamp\">,\n  ): Promise<WebhookTriggerResult[]> {\n    const webhooks = await this.getWebhooks();\n    const activeWebhooks = webhooks.filter((w) => w.status === \"active\");\n\n    const matchingWebhooks = activeWebhooks.filter((w) =>\n      w.events.includes(event),\n    );\n\n    if (matchingWebhooks.length === 0) {\n      return [];\n    }\n\n    const payload: WebhookPayload = {\n      id: `wh_${Date.now()}_${randomUUID().slice(0, 8)}`,\n      event,\n      timestamp: new Date().toISOString(),\n      ...payloadData,\n    };\n\n    const results: WebhookTriggerResult[] = [];\n\n    for (const webhook of matchingWebhooks) {\n      const result = await this.triggerWebhook(webhook, payload);\n      results.push(result);\n    }\n\n    return results;\n  }\n\n  async triggerWebhook(\n    webhook: WebhookConfig,\n    payload: WebhookPayload,\n  ): Promise<WebhookTriggerResult> {\n    const deliveryId = `dlv_${Date.now()}_${randomUUID().slice(0, 8)}`;\n\n    try {\n      const result = await deliverWithRetry(webhook, payload, deliveryId, {\n        maxRetries: 5,\n        retryDelay: 1000,\n      });\n\n      const deliveryRecord = buildDeliveryRecord(\n        deliveryId,\n        webhook.id,\n        webhook.events[0],\n        payload,\n        1,\n        result,\n      );\n\n      try {\n        await this.db.create({\n          collection: WEBHOOK_DELIVERY_COLLECTION,\n          data: deliveryRecord,\n        });\n      } catch {\n        console.warn(\n          \"[WebhookService] Failed to save delivery record:\",\n          deliveryId,\n        );\n      }\n\n      if (!result.success) {\n        await this.updateWebhook(webhook.id, {\n          status: \"error\",\n          lastError: result.error,\n        }).catch(() => {});\n      } else {\n        await this.updateWebhook(webhook.id, {\n          status: \"active\",\n          lastTriggered: new Date().toISOString(),\n        }).catch(() => {});\n      }\n\n      return {\n        deliveryId,\n        webhookId: webhook.id,\n        event: webhook.events[0],\n        status: result.success ? \"success\" : \"failed\",\n        responseStatus: result.status,\n        duration: result.duration,\n        error: result.error,\n      };\n    } catch (error: any) {\n      return {\n        deliveryId,\n        webhookId: webhook.id,\n        event: webhook.events[0],\n        status: \"failed\",\n        error: error.message,\n      };\n    }\n  }\n\n  async testWebhook(webhookId: string): Promise<WebhookTriggerResult | null> {\n    const webhook = await this.getWebhookById(webhookId);\n    if (!webhook) return null;\n\n    const payload: WebhookPayload = {\n      id: `test_${Date.now()}`,\n      event: webhook.events[0] || \"collection.create\",\n      timestamp: new Date().toISOString(),\n      collection: \"test\",\n      operation: \"create\",\n      data: { message: \"This is a test webhook delivery from Kyro CMS\" },\n      user: {\n        id: \"system\",\n        email: \"system@kyro.dev\",\n        role: \"super_admin\",\n      },\n    };\n\n    return this.triggerWebhook(webhook, payload);\n  }\n\n  async getDeliveryHistory(\n    webhookId: string,\n    limit: number = 50,\n  ): Promise<WebhookDelivery[]> {\n    const result = await this.db.find({\n      collection: WEBHOOK_DELIVERY_COLLECTION,\n      where: { webhookId: { equals: webhookId } },\n      sort: \"-createdAt\",\n      limit,\n      page: 1,\n    });\n\n    return result.docs as unknown as WebhookDelivery[];\n  }\n\n  async retryDelivery(\n    deliveryId: string,\n  ): Promise<WebhookTriggerResult | null> {\n    const delivery = (await this.db.findByID({\n      collection: WEBHOOK_DELIVERY_COLLECTION,\n      id: deliveryId,\n    })) as WebhookDelivery | null;\n\n    if (!delivery) return null;\n\n    const webhook = await this.getWebhookById(delivery.webhookId);\n    if (!webhook) return null;\n\n    return this.triggerWebhook(webhook, delivery.payload);\n  }\n}\n\nexport function createWebhookService(db: BaseAdapter): WebhookService {\n  return new WebhookService(db);\n}\n","import { timingSafeEqual } from \"crypto\";\nimport type { BaseAdapter } from \"../registry/types.js\";\nimport type { AuthUser, UserRole } from \"./types.js\";\n\nexport interface ApiKeyRecord {\n  id: string;\n  userId: string;\n  name: string;\n  key: string;\n  keyPrefix: string;\n  permissions: string[];\n  lastUsedAt?: string;\n  expiresAt?: string;\n  createdAt: string;\n}\n\nexport interface ApiKeyValidationResult {\n  valid: boolean;\n  userId?: string;\n  user?: Partial<AuthUser>;\n  permissions?: string[];\n  apiKeyId?: string;\n  error?: string;\n  tenantId?: string;\n  role?: UserRole;\n}\n\nexport interface ApiKeyContext {\n  userId: string;\n  user: Partial<AuthUser>;\n  permissions: string[];\n  apiKeyId: string;\n  tenantId?: string;\n  role?: UserRole;\n}\n\nexport const API_KEY_COLLECTION = \"_api_keys\";\n\nfunction generateKeyPrefix(key: string): string {\n  return key.substring(0, 8);\n}\n\nfunction constantTimeCompare(a: string, b: string): boolean {\n  if (a.length !== b.length) {\n    return false;\n  }\n  try {\n    return timingSafeEqual(Buffer.from(a), Buffer.from(b));\n  } catch {\n    return false;\n  }\n}\n\nexport async function validateApiKey(\n  rawKey: string,\n  db: BaseAdapter,\n  userLookup?: (userId: string) => Promise<Partial<AuthUser> | null>,\n): Promise<ApiKeyValidationResult> {\n  if (!rawKey || typeof rawKey !== \"string\") {\n    return { valid: false, error: \"No API key provided\" };\n  }\n\n  if (!rawKey.startsWith(\"kyro_\")) {\n    return { valid: false, error: \"Invalid API key format\" };\n  }\n\n  const keyPrefix = generateKeyPrefix(rawKey);\n\n  try {\n    const result = await db.find({\n      collection: API_KEY_COLLECTION,\n      where: { keyPrefix: { equals: keyPrefix } },\n      limit: 100,\n      page: 1,\n    });\n\n    if (!result.docs || result.docs.length === 0) {\n      return { valid: false, error: \"Invalid API key\" };\n    }\n\n    let matchedKey: ApiKeyRecord | null = null;\n    for (const doc of result.docs) {\n      const record = doc as unknown as ApiKeyRecord;\n      if (constantTimeCompare(record.key, rawKey)) {\n        matchedKey = record;\n        break;\n      }\n    }\n\n    if (!matchedKey) {\n      return { valid: false, error: \"Invalid API key\" };\n    }\n\n    if (matchedKey.expiresAt) {\n      const expiresAt = new Date(matchedKey.expiresAt);\n      if (expiresAt < new Date()) {\n        return { valid: false, error: \"API key has expired\" };\n      }\n    }\n\n    try {\n      await db.update({\n        collection: API_KEY_COLLECTION,\n        id: matchedKey.id,\n        data: { lastUsedAt: new Date().toISOString() },\n      });\n    } catch {\n      // Non-critical: don't fail if lastUsedAt update fails\n    }\n\n    const user: Partial<AuthUser> = {\n      id: matchedKey.userId,\n      role: (matchedKey as any).role || \"author\",\n      tenantId: (matchedKey as any).tenantId,\n    };\n\n    if (userLookup) {\n      const dbUser = await userLookup(matchedKey.userId);\n      if (dbUser) {\n        Object.assign(user, dbUser);\n      }\n    }\n\n    return {\n      valid: true,\n      userId: matchedKey.userId,\n      user,\n      permissions: matchedKey.permissions || [],\n      apiKeyId: matchedKey.id,\n      tenantId: user.tenantId,\n      role: user.role,\n    };\n  } catch (error) {\n    console.error(\"[ApiKey] Validation error:\", error);\n    return { valid: false, error: \"Failed to validate API key\" };\n  }\n}\n\nexport function extractApiKeyFromRequest(request: Request): string | null {\n  const authHeader = request.headers.get(\"Authorization\");\n  if (authHeader) {\n    if (authHeader.startsWith(\"ApiKey \")) {\n      return authHeader.slice(7).trim();\n    }\n    if (authHeader.startsWith(\"Bearer \")) {\n      return null;\n    }\n  }\n\n  const xApiKey = request.headers.get(\"X-API-Key\");\n  if (xApiKey) {\n    return xApiKey.trim();\n  }\n\n  return null;\n}\n\nexport function createApiKeyContext(\n  result: ApiKeyValidationResult,\n): ApiKeyContext | null {\n  if (!result.valid || !result.userId) {\n    return null;\n  }\n  return {\n    userId: result.userId,\n    user: result.user || {},\n    permissions: result.permissions || [],\n    apiKeyId: result.apiKeyId || \"\",\n    tenantId: result.tenantId,\n    role: result.role,\n  };\n}\n\nexport function hasApiKeyPermission(\n  permissions: string[],\n  required: string,\n): boolean {\n  if (permissions.length === 0) return false;\n  if (permissions.includes(\"*\")) return true;\n  if (permissions.includes(required)) return true;\n\n  const [resource, action] = required.split(\":\");\n  if (permissions.includes(`${resource}:*`)) return true;\n\n  return false;\n}\n\nexport function generateApiKey(): string {\n  const chars = \"abcdefghijklmnopqrstuvwxyz0123456789\";\n  let suffix = \"\";\n  for (let i = 0; i < 28; i++) {\n    suffix += chars[Math.floor(Math.random() * chars.length)];\n  }\n  return `kyro_${suffix}`;\n}\n\nexport function generateApiKeyPrefix(key: string): string {\n  return key.substring(0, 8);\n}\n"]}