@lockerpm/desktop-service 1.0.0

package/lib/esm/services/grpc.service.js

@@ -0,0 +1,119 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GRPCService = void 0;
+const grpc_js_1 = require("@grpc/grpc-js");
+const locker_service_grpc_1 = require("../proto/locker-service-grpc");
+const find_process_1 = __importDefault(require("find-process"));
+const utils_1 = require("../misc/utils");
+const axios_1 = __importDefault(require("axios"));
+const config_1 = require("../misc/config");
+class GRPCService {
+    client;
+    currentPort = 0;
+    logger;
+    crypto;
+    api;
+    serviceChecksums = [];
+    credentials;
+    unsafe;
+    serviceAlias = '';
+    constructor(services, options) {
+        const { logger, cryptoService, apiService } = services;
+        const { ssl, unsafe, serviceAlias } = options;
+        this.logger = logger;
+        this.crypto = cryptoService;
+        this.api = apiService;
+        this.unsafe = !!unsafe;
+        if (serviceAlias) {
+            this.serviceAlias = serviceAlias;
+        }
+        const cred = ssl ? grpc_js_1.credentials.createSsl(ssl.rootCert) : grpc_js_1.credentials.createInsecure();
+        this.credentials = cred;
+        this.client = new locker_service_grpc_1.locker_service_grpc.LockerServiceClient(`localhost:${this.currentPort}`, cred);
+        this.initConnection();
+    }
+    get isReady() {
+        return this.currentPort !== 0;
+    }
+    async initConnection() {
+        this.currentPort = 0;
+        if (!this.unsafe) {
+            await this.loadServiceChecksums();
+        }
+        for (const httpPort of config_1.HTTP_PORTS) {
+            this.logger.debug(`Ping background service on port ${httpPort}`);
+            const { success, res } = await this.pingService(httpPort);
+            if (success && res) {
+                const port = res.tcpPort;
+                const client = await this.testConnection(port);
+                if (client) {
+                    const isValidated = this.unsafe ? true : await this.validateConnection(port);
+                    if (isValidated) {
+                        this.client = client;
+                        this.currentPort = port;
+                        this.logger.debug(`GRPC server connected on port ${port}`);
+                        return;
+                    }
+                }
+            }
+        }
+        this.logger.error('Cannot connect to GRPC server');
+    }
+    // ---------------------- PRIVATE METHODS ----------------------
+    async pingService(port) {
+        try {
+            const url = `http://localhost:${port}/ping-locker-service`;
+            const res = await axios_1.default.get(url, {
+                timeout: config_1.GRPC_PING_TIMEOUT,
+            });
+            const data = res.data;
+            return {
+                success: data.message === 'pong' && data.alias === this.serviceAlias,
+                res: data,
+            };
+        }
+        catch (e) {
+            return {
+                success: false,
+            };
+        }
+    }
+    testConnection(port) {
+        return new Promise((resolve) => {
+            const client = new locker_service_grpc_1.locker_service_grpc.LockerServiceClient(`localhost:${port}`, this.credentials);
+            client.waitForReady(Date.now() + config_1.GRPC_CONNECTION_TIMEOUT, (error) => {
+                if (error) {
+                    resolve(null);
+                }
+                else {
+                    resolve(client);
+                }
+            });
+        });
+    }
+    async validateConnection(port) {
+        try {
+            const list = await (0, find_process_1.default)('port', port, true);
+            const service = list.find((s) => s.name === 'locker-service');
+            if (!service) {
+                return false;
+            }
+            // TODO: somehow, service.bin does not exist in type but exists in returned value when testing on MacOS
+            // @ts-ignore
+            const checksum = await this.crypto.getFileChecksum(service.bin);
+            return this.serviceChecksums.includes(checksum);
+        }
+        catch (error) {
+            return false;
+        }
+    }
+    async loadServiceChecksums() {
+        const _os = utils_1.Utils.getCurrentOS();
+        const res = await this.api.getReleases(_os);
+        this.serviceChecksums = res.map((version) => version.checksum.service);
+    }
+}
+exports.GRPCService = GRPCService;

package/lib/esm/services/log.service.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LogService = exports.LogLevel = void 0;
+var LogLevel;
+(function (LogLevel) {
+    LogLevel[LogLevel["NONE"] = 0] = "NONE";
+    LogLevel[LogLevel["ERROR"] = 1] = "ERROR";
+    LogLevel[LogLevel["DEBUG"] = 2] = "DEBUG";
+})(LogLevel || (exports.LogLevel = LogLevel = {}));
+class LogService {
+    logLevel;
+    constructor(logLevel) {
+        this.logLevel = logLevel || LogLevel.ERROR;
+    }
+    setLogLevel(level) {
+        this.logLevel = level;
+    }
+    debug(e) {
+        if (this.logLevel >= LogLevel.DEBUG) {
+            console.log(new Date());
+            console.log(e);
+        }
+    }
+    error(e) {
+        if (this.logLevel >= LogLevel.ERROR) {
+            console.log(new Date());
+            console.error(e);
+        }
+    }
+}
+exports.LogService = LogService;

package/lib/esm/services/pairing.service.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PairingService = void 0;
+const errors_1 = require("../abstractions/errors");
+const socket_service_1 = require("../abstractions/socket.service");
+const locker_service_grpc_1 = require("../proto/locker-service-grpc");
+const STORAGE_KEY = 'service_paired_clients';
+class PairingService {
+    crypto;
+    storage;
+    events;
+    logger;
+    grpc;
+    clients = {};
+    isReady = false;
+    constructor(services) {
+        const { cryptoService, eventService, storageService, grpcService, logger } = services;
+        this.crypto = cryptoService;
+        this.events = eventService;
+        this.storage = storageService;
+        this.grpc = grpcService;
+        this.logger = logger;
+        this.loadFromStore().then(() => (this.isReady = true));
+    }
+    getClient(clientId) {
+        return this.clients[clientId];
+    }
+    isClientConfirmed(clientId) {
+        return this.clients[clientId]?.confirmed;
+    }
+    async getResponseForPairingRequest(clientId, publicKey, clientType) {
+        const keyPair = await this.crypto.createECDHKeyPair();
+        const sharedKey = await this.crypto.createEncKey(publicKey, keyPair.privateKey);
+        this.clients[clientId] = {
+            encKey: sharedKey.encKey,
+            confirmed: false,
+        };
+        await this.saveToStore();
+        this.events.emit('pairingConfirmation', {
+            clientId,
+            approveCode: sharedKey.approveCode,
+            clientType,
+        });
+        return (0, socket_service_1.buildOutgoingSocketMessage)('pairingResponse', {
+            key: keyPair.publicKey,
+        });
+    }
+    async confirmPairingClient(clientId, keepInKeyring) {
+        if (!this.clients[clientId]) {
+            this.logger.debug(`Pairing client with id ${clientId} not found`);
+            return;
+        }
+        this.clients[clientId].confirmed = true;
+        await Promise.all([this.saveToStore(), this.registerClientOnService(clientId, keepInKeyring)]);
+    }
+    async encryptDataForClient(clientId, data) {
+        const client = this.clients[clientId];
+        if (!client?.confirmed) {
+            throw new errors_1.ServiceError('3001');
+        }
+        const res = await this.crypto.aesEncrypt(data, client.encKey);
+        return res;
+    }
+    async decryptDataFromClient(clientId, data) {
+        const client = this.clients[clientId];
+        if (!client?.confirmed) {
+            throw new errors_1.ServiceError('3001');
+        }
+        const res = await this.crypto.aesDecrypt(data, client.encKey);
+        return res;
+    }
+    registerClientOnService(clientId, keepInKeyring = false) {
+        const client = this.clients[clientId];
+        const req = new locker_service_grpc_1.locker_service_grpc.WebCredRequest();
+        req.message = 'forwardingWebCred';
+        req.client_id = clientId;
+        req.enc_key = client.encKey;
+        req.save_to_keyring = keepInKeyring;
+        return new Promise((resolve, reject) => {
+            this.grpc.client.WebCredChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                resolve();
+            });
+        });
+    }
+    async loadFromStore() {
+        const data = await this.storage.getSecure(STORAGE_KEY);
+        if (data) {
+            // Remove unconfirmed client
+            const res = {};
+            Object.keys(data).forEach((k) => {
+                if (data[k].confirmed) {
+                    res[k] = data[k];
+                }
+            });
+            this.clients = res;
+        }
+    }
+    saveToStore() {
+        return this.storage.setSecure(STORAGE_KEY, this.clients);
+    }
+}
+exports.PairingService = PairingService;

package/lib/esm/services/socket.service.js

@@ -0,0 +1,265 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SocketService = void 0;
+const ws_1 = require("ws");
+const socket_service_1 = require("../abstractions/socket.service");
+const errors_1 = require("../abstractions/errors");
+const https_1 = __importDefault(require("https"));
+const http_1 = __importDefault(require("http"));
+const config_1 = require("../misc/config");
+class SocketService {
+    logger;
+    pairingService;
+    userService;
+    eventService;
+    sslConfig = undefined;
+    server = undefined;
+    clients = {};
+    serviceAlias = '';
+    currentPort = 0;
+    currentSslPort = 0;
+    constructor(params) {
+        const { logger, pairingService, userService, eventService, ssl } = params;
+        this.logger = logger;
+        this.pairingService = pairingService;
+        this.userService = userService;
+        this.eventService = eventService;
+        if (ssl) {
+            this.sslConfig = ssl;
+            this.initSslSocket();
+        }
+        this.initSocket();
+    }
+    get isReady() {
+        const isWsReady = this.currentPort !== 0;
+        const isWssReady = this.currentSslPort !== 0;
+        return this.sslConfig ? isWsReady && isWssReady : isWsReady;
+    }
+    async sendMessageToClient(clientId, envelop) {
+        const ws = this.clients[clientId];
+        if (!ws) {
+            throw new errors_1.ServiceError('4001');
+        }
+        let data = envelop.data;
+        if (envelop.secure) {
+            if (!this.pairingService.isClientConfirmed(clientId)) {
+                this.sendMessage(ws, (0, socket_service_1.buildOutgoingSocketMessage)('requestPairing', undefined));
+                return;
+            }
+            try {
+                data = await this.pairingService.encryptDataForClient(clientId, JSON.stringify(data));
+            }
+            catch (error) {
+                this.logger.debug(error);
+                this.sendMessage(ws, (0, socket_service_1.buildOutgoingSocketMessage)('requestPairing', undefined));
+                return;
+            }
+        }
+        this.sendMessage(ws, { ...envelop, data });
+    }
+    broadcastMessageToAll(envelop) {
+        if (envelop.secure) {
+            throw new errors_1.ServiceError('4002');
+        }
+        this.server?.clients?.forEach((ws) => {
+            if (ws.readyState === ws_1.WebSocket.OPEN) {
+                this.sendMessage(ws, envelop);
+            }
+        });
+    }
+    broadcastToAllExcept(clientId, envelop) {
+        if (envelop.secure) {
+            throw new errors_1.ServiceError('4002');
+        }
+        Object.keys(this.clients)
+            .filter((id) => id !== clientId)
+            .forEach((id) => {
+            if (this.clients[id].readyState === ws_1.WebSocket.OPEN) {
+                this.sendMessage(this.clients[id], envelop);
+            }
+        });
+    }
+    async initSocket() {
+        this.currentPort = 0;
+        for (const port of config_1.WEBSOCKET_PORTS) {
+            try {
+                const isSuccess = await this.initSocketOnPort(port);
+                if (isSuccess) {
+                    this.currentPort = port;
+                    return;
+                }
+            }
+            catch (error) {
+                //
+            }
+        }
+    }
+    async initSslSocket() {
+        this.currentSslPort = 0;
+        for (const port of config_1.WEBSOCKET_SSL_PORTS) {
+            try {
+                const isSuccess = await this.initSocketOnPort(port, true);
+                if (isSuccess) {
+                    this.currentSslPort = port;
+                    return;
+                }
+            }
+            catch (error) {
+                this.logger.debug(error);
+            }
+        }
+    }
+    // ---------------------- PRIVATE METHODS ----------------------
+    initSocketOnPort(port, enableSsl) {
+        return new Promise((resolve) => {
+            // Host API server
+            const apiHandler = (req, res) => {
+                if (req.method === 'GET' && req.url === '/ping-locker-desktop') {
+                    res.writeHead(200, { 'Content-Type': 'application/json' });
+                    res.end(JSON.stringify({
+                        message: 'pong',
+                        alias: this.serviceAlias,
+                        port: this.currentPort,
+                        sslPort: this.currentSslPort,
+                    }));
+                }
+                else {
+                    res.writeHead(404, { 'Content-Type': 'text/plain' });
+                    res.end('Not Found');
+                }
+            };
+            const server = enableSsl && this.sslConfig
+                ? https_1.default.createServer(this.sslConfig, apiHandler)
+                : http_1.default.createServer(apiHandler);
+            server.listen(port);
+            // Init socket
+            const wss = new ws_1.WebSocketServer({ server });
+            const debugName = `Socket${enableSsl ? ' with SSL' : ''}`;
+            wss.on('listening', () => {
+                this.logger.debug(`${debugName} listening at :${port}`);
+                resolve(true);
+            });
+            wss.on('error', (err) => {
+                server.close();
+                resolve(false);
+            });
+            // Setup handler
+            wss.on('connection', (ws) => {
+                this.logger.debug(`${debugName} connected at :${port}`);
+                ws.on('error', (err) => {
+                    this.logger.error(err);
+                });
+                ws.on('message', async (data) => {
+                    this.logger.debug(`Received from ${debugName}: ${data}`);
+                    try {
+                        const envelop = JSON.parse(data.toString());
+                        // Decrypt message if needed
+                        if (envelop.secure) {
+                            if (!this.pairingService.isClientConfirmed(envelop.clientId)) {
+                                this.sendMessage(ws, (0, socket_service_1.buildOutgoingSocketMessage)('requestPairing', undefined));
+                                return;
+                            }
+                            try {
+                                const decData = await this.pairingService.decryptDataFromClient(envelop.clientId, envelop.data);
+                                envelop.data = JSON.parse(decData);
+                            }
+                            catch (error) {
+                                this.logger.debug(error);
+                                this.sendMessage(ws, (0, socket_service_1.buildOutgoingSocketMessage)('requestPairing', undefined));
+                                return;
+                            }
+                        }
+                        this.handleMessage(ws, envelop);
+                    }
+                    catch (error) {
+                        this.logger.debug(`Invalid message: ${JSON.stringify(data)} - Error: ${error}`);
+                    }
+                });
+            });
+            this.server = wss;
+        });
+    }
+    sendMessage(ws, envelop) {
+        this.logger.debug(`Send ${envelop.message}: ${JSON.stringify(envelop.data)}`);
+        ws.send(JSON.stringify(envelop));
+    }
+    async handleMessage(ws, envelop) {
+        if (envelop.clientId) {
+            this.clients[envelop.clientId] = ws;
+        }
+        switch (envelop.message) {
+            // Ping
+            case 'ping':
+                this.sendMessage(ws, (0, socket_service_1.buildOutgoingSocketMessage)('pingResponse', envelop.data));
+                this.eventService.emit('clientPing', envelop.data);
+                break;
+            // Pairing request
+            case 'pairingRequest': {
+                const d = envelop.data;
+                const res = await this.pairingService.getResponseForPairingRequest(envelop.clientId, d.key, d.clientType || 'web');
+                this.sendMessage(ws, res);
+                break;
+            }
+            // When a user login in any client
+            case 'userLogin': {
+                // Ignore unconfirmed client
+                if (!this.pairingService.isClientConfirmed(envelop.clientId)) {
+                    break;
+                }
+                const d = envelop.data;
+                if (d.email !== this.userService.currentUser?.email) {
+                    const cred = await this.userService.getCurrentUser();
+                    if (cred) {
+                        this.eventService.emit('userLogin', cred);
+                    }
+                }
+                // Notify other clients
+                this.broadcastToAllExcept(envelop.clientId, (0, socket_service_1.buildOutgoingSocketMessage)('userLogin', { email: d.email }));
+                break;
+            }
+            // When a user logout in any client
+            case 'userLogout': {
+                // Ignore unconfirmed client
+                if (!this.pairingService.isClientConfirmed(envelop.clientId)) {
+                    break;
+                }
+                const d = envelop.data;
+                if (d.email === this.userService.currentUser?.email) {
+                    await this.userService.logout(true);
+                    this.eventService.emit('userLogout', { email: d.email });
+                }
+                // Notify other clients
+                this.broadcastToAllExcept(envelop.clientId, (0, socket_service_1.buildOutgoingSocketMessage)('userLogout', { email: d.email }));
+                break;
+            }
+            // When a user lock in any client
+            case 'userLock': {
+                // Ignore unconfirmed client
+                if (!this.pairingService.isClientConfirmed(envelop.clientId)) {
+                    break;
+                }
+                const d = envelop.data;
+                if (d.email === this.userService.currentUser?.email) {
+                    await this.userService.lock(true);
+                    this.eventService.emit('userLock', { email: d.email });
+                }
+                // Notify other clients
+                this.broadcastToAllExcept(envelop.clientId, (0, socket_service_1.buildOutgoingSocketMessage)('userLock', { email: d.email }));
+                break;
+            }
+            // Custom message
+            case 'customMessage': {
+                const d = envelop.data;
+                this.eventService.emit('customMessageReceived', d);
+                this.broadcastToAllExcept(envelop.clientId, (0, socket_service_1.buildOutgoingSocketMessage)('customMessage', d));
+                break;
+            }
+            default:
+                this.logger.debug(`Invalid message: ${envelop.message} - data: ${envelop.data}`);
+        }
+    }
+}
+exports.SocketService = SocketService;

package/lib/esm/services/user.service.js

@@ -0,0 +1,116 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserService = void 0;
+const errors_1 = require("../abstractions/errors");
+const locker_service_grpc_1 = require("../proto/locker-service-grpc");
+const STORAGE_KEY = 'service_current_user';
+var LoginSyncMessage;
+(function (LoginSyncMessage) {
+    LoginSyncMessage["LOGIN"] = "loginSuccess";
+    LoginSyncMessage["LOGOUT"] = "logoutSuccess";
+    LoginSyncMessage["GET_USER"] = "storedCredRequest";
+})(LoginSyncMessage || (LoginSyncMessage = {}));
+class UserService {
+    logger;
+    storage;
+    grpc;
+    currentUser = null;
+    isLocked = true;
+    isReady = false;
+    constructor(services) {
+        const { logger, storageService, grpcService } = services;
+        this.logger = logger;
+        this.storage = storageService;
+        this.grpc = grpcService;
+        this.loadFromStore().then(() => (this.isReady = true));
+    }
+    async login(data) {
+        await Promise.all([this.loginService(data), this.setUser(data)]);
+        this.isLocked = false;
+    }
+    async logout(localOnly) {
+        if (localOnly) {
+            await this.setUser(null);
+        }
+        else {
+            await Promise.all([this.logoutService(), this.setUser(null)]);
+        }
+        this.isLocked = true;
+    }
+    async lock(localOnly) {
+        // TODO
+        this.isLocked = true;
+    }
+    async getCurrentUser() {
+        const res = await this.getCurrentUserFromService();
+        await this.setUser(res);
+        return res;
+    }
+    // ---------------------- PRIVATE METHODS ----------------------
+    getCurrentUserFromService() {
+        const req = new locker_service_grpc_1.locker_service_grpc.LoginSyncRequest();
+        req.message = LoginSyncMessage.GET_USER;
+        return new Promise((resolve, reject) => {
+            this.grpc.client.LoginSyncChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                resolve(res?.email
+                    ? {
+                        email: res.email,
+                        key: res.key,
+                        hashedPassword: res.hashed_pass,
+                    }
+                    : null);
+            });
+        });
+    }
+    loginService(data) {
+        const req = new locker_service_grpc_1.locker_service_grpc.LoginSyncRequest();
+        req.message = LoginSyncMessage.LOGIN;
+        req.email = data.email;
+        req.key = data.key;
+        req.hashed_pass = data.hashedPassword;
+        return new Promise((resolve, reject) => {
+            this.grpc.client.LoginSyncChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                resolve();
+            });
+        });
+    }
+    logoutService() {
+        const req = new locker_service_grpc_1.locker_service_grpc.LoginSyncRequest();
+        req.message = LoginSyncMessage.LOGOUT;
+        return new Promise((resolve, reject) => {
+            this.grpc.client.LoginSyncChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                resolve();
+            });
+        });
+    }
+    async setUser(data) {
+        this.currentUser = data;
+        await this.saveToStore();
+    }
+    async loadFromStore() {
+        const data = await this.storage.getSecure(STORAGE_KEY);
+        if (data) {
+            this.currentUser = data;
+        }
+        this.isLocked = !data?.key;
+    }
+    saveToStore() {
+        return this.storage.setSecure(STORAGE_KEY, this.currentUser);
+    }
+}
+exports.UserService = UserService;

package/lib/esm/types/abstractions/api.service.d.ts

@@ -0,0 +1,40 @@
+import { OS, OmitKeys } from '../misc/utils';
+export type PasswordlessType = 'prf' | 'hmac';
+export type GetPublicPwlCredentialResponse = {
+    credential_id: string | null;
+    random: string | null;
+    name: string | null;
+    creation_date: number | null;
+    last_use_date: number | null;
+    type: PasswordlessType;
+    backup_keys: {
+        name: string;
+        credential_id: string;
+        random: string;
+        creation_date: number | null;
+        last_use_date: number | null;
+        type: PasswordlessType;
+    }[];
+};
+export type BackupKey = {
+    id: string;
+    name: string;
+    creation_date: number | null;
+    last_use_date: number | null;
+    master_password_hash: string;
+    key: string;
+    fd_credential_id: string;
+    fd_random: string;
+    type: PasswordlessType;
+};
+export type GetReleasesResponse = {
+    version: string;
+    environment: string;
+    platform: OS;
+    checksum: {
+        desktop: string;
+        service: string;
+    };
+}[];
+export type SetBackupPwlParams = OmitKeys<BackupKey, 'creation_date' | 'last_use_date' | 'id'>;
+//# sourceMappingURL=api.service.d.ts.map

package/lib/esm/types/abstractions/api.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.service.d.ts","sourceRoot":"","sources":["../../../../src/abstractions/api.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAE5C,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,MAAM,CAAA;AAE7C,MAAM,MAAM,8BAA8B,GAAG;IAC3C,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IACnB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,IAAI,EAAE,gBAAgB,CAAA;IACtB,WAAW,EAAE;QACX,IAAI,EAAE,MAAM,CAAA;QACZ,aAAa,EAAE,MAAM,CAAA;QACrB,MAAM,EAAE,MAAM,CAAA;QACd,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;QAC5B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;QAC5B,IAAI,EAAE,gBAAgB,CAAA;KACvB,EAAE,CAAA;CACJ,CAAA;AAED,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,oBAAoB,EAAE,MAAM,CAAA;IAC5B,GAAG,EAAE,MAAM,CAAA;IACX,gBAAgB,EAAE,MAAM,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE,gBAAgB,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,EAAE,CAAA;IACZ,QAAQ,EAAE;QACR,OAAO,EAAE,MAAM,CAAA;QACf,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;CACF,EAAE,CAAA;AAEH,MAAM,MAAM,kBAAkB,GAAG,QAAQ,CAAC,SAAS,EAAE,eAAe,GAAG,eAAe,GAAG,IAAI,CAAC,CAAA"}