@managesome/knotr-toolkit 0.8.6 → 0.8.7

package/dist/backend/index.d.ts

@@ -1,8 +1,9 @@
 export { getConfig, getConfigValue, initConfig, isConfigInitialized, type ServiceConfig } from './config.js';
-export { createLogger, logger, type LogEntry, type LogLevel, type Logger } from './logger.js';
+export { createLogger, logger, type LogEntry, type Logger, type LogLevel } from './logger.js';
 export { connectDatabase, disconnectDatabase, getDatabaseConnection, getMongoose, isDatabaseConnected, setMongoose, } from './database.js';
 export { emitNotification, getFirebaseAdmin, getFirebaseAuth, getFirebaseMessaging, getFirebaseStorage, getFirestore, getRealtimeDatabase, initFirebase, isFirebaseInitialized, sendMulticastNotification, sendPushNotification, setFirebaseAdmin, type PushNotificationData, } from './firebase.js';
 export { postWorkerRequest, scheduleWorkerRequest, scheduleWorkerRequestAt, setCloudTasksClient, type WorkerRequestOptions, type WorkerRequestPayload, } from './worker-queue.js';
 export { closeRedisConnections, createRedisClients, getRedisClient, getRedisPubClient, getRedisSubClient, redisDel, redisGet, redisPublish, redisSet, redisSubscribe, setRedisClients, } from './redis.js';
 export { emitChatMessage, emitNewMatch, emitReadReceipt, emitTypingIndicator, getSocketServer, hasSocketServer, ioEmitToAccount, ioEmitToChat, ioEmitToMatch, ioEmitToUser, setSocketServer, subscribeToSocketEvents, type ChatMessagePayload, type NewMatchPayload, } from './socket.js';
+export { clearServiceTokenCache, getServiceToken, setGoogleAuth, validateServiceRequest, verifyServiceToken, } from './service-auth.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/backend/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/backend/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,UAAU,EAAE,mBAAmB,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AAG7G,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,QAAQ,EAAE,KAAK,QAAQ,EAAE,KAAK,MAAM,EAAE,MAAM,aAAa,CAAC;AAG9F,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,WAAW,EACX,mBAAmB,EACnB,WAAW,GACZ,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,kBAAkB,EAClB,YAAY,EACZ,mBAAmB,EACnB,YAAY,EACZ,qBAAqB,EACrB,yBAAyB,EACzB,oBAAoB,EACpB,gBAAgB,EAChB,KAAK,oBAAoB,GAC1B,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,EACnB,KAAK,oBAAoB,EACzB,KAAK,oBAAoB,GAC1B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,YAAY,EACZ,QAAQ,EACR,cAAc,EACd,eAAe,GAChB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,eAAe,EACf,YAAY,EACZ,eAAe,EACf,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,eAAe,EACf,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,eAAe,EACf,uBAAuB,EACvB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/backend/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,UAAU,EAAE,mBAAmB,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AAG7G,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,QAAQ,EAAE,KAAK,MAAM,EAAE,KAAK,QAAQ,EAAE,MAAM,aAAa,CAAC;AAG9F,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,WAAW,EACX,mBAAmB,EACnB,WAAW,GACZ,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,kBAAkB,EAClB,YAAY,EACZ,mBAAmB,EACnB,YAAY,EACZ,qBAAqB,EACrB,yBAAyB,EACzB,oBAAoB,EACpB,gBAAgB,EAChB,KAAK,oBAAoB,GAC1B,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,EACnB,KAAK,oBAAoB,EACzB,KAAK,oBAAoB,GAC1B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,YAAY,EACZ,QAAQ,EACR,cAAc,EACd,eAAe,GAChB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,eAAe,EACf,YAAY,EACZ,eAAe,EACf,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,eAAe,EACf,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,eAAe,EACf,uBAAuB,EACvB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,sBAAsB,EACtB,eAAe,EACf,aAAa,EACb,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,mBAAmB,CAAC"}

package/dist/backend/index.js

@@ -16,4 +16,6 @@ export { postWorkerRequest, scheduleWorkerRequest, scheduleWorkerRequestAt, setC
 export { closeRedisConnections, createRedisClients, getRedisClient, getRedisPubClient, getRedisSubClient, redisDel, redisGet, redisPublish, redisSet, redisSubscribe, setRedisClients, } from './redis.js';
 // Socket.IO
 export { emitChatMessage, emitNewMatch, emitReadReceipt, emitTypingIndicator, getSocketServer, hasSocketServer, ioEmitToAccount, ioEmitToChat, ioEmitToMatch, ioEmitToUser, setSocketServer, subscribeToSocketEvents, } from './socket.js';
+// Service-to-Service Authentication (Google OAuth2)
+export { clearServiceTokenCache, getServiceToken, setGoogleAuth, validateServiceRequest, verifyServiceToken, } from './service-auth.js';
 //# sourceMappingURL=index.js.map

package/dist/backend/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/backend/index.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,oCAAoC;AACpC,gDAAgD;AAChD,+CAA+C;AAE/C,gBAAgB;AAChB,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,UAAU,EAAE,mBAAmB,EAAsB,MAAM,aAAa,CAAC;AAE7G,UAAU;AACV,OAAO,EAAE,YAAY,EAAE,MAAM,EAA6C,MAAM,aAAa,CAAC;AAE9F,WAAW;AACX,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,WAAW,EACX,mBAAmB,EACnB,WAAW,GACZ,MAAM,eAAe,CAAC;AAEvB,WAAW;AACX,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,kBAAkB,EAClB,YAAY,EACZ,mBAAmB,EACnB,YAAY,EACZ,qBAAqB,EACrB,yBAAyB,EACzB,oBAAoB,EACpB,gBAAgB,GAEjB,MAAM,eAAe,CAAC;AAEvB,6BAA6B;AAC7B,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,GAGpB,MAAM,mBAAmB,CAAC;AAE3B,QAAQ;AACR,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,YAAY,EACZ,QAAQ,EACR,cAAc,EACd,eAAe,GAChB,MAAM,YAAY,CAAC;AAEpB,YAAY;AACZ,OAAO,EACL,eAAe,EACf,YAAY,EACZ,eAAe,EACf,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,eAAe,EACf,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,eAAe,EACf,uBAAuB,GAGxB,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/backend/index.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,oCAAoC;AACpC,gDAAgD;AAChD,+CAA+C;AAE/C,gBAAgB;AAChB,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,UAAU,EAAE,mBAAmB,EAAsB,MAAM,aAAa,CAAC;AAE7G,UAAU;AACV,OAAO,EAAE,YAAY,EAAE,MAAM,EAA6C,MAAM,aAAa,CAAC;AAE9F,WAAW;AACX,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,WAAW,EACX,mBAAmB,EACnB,WAAW,GACZ,MAAM,eAAe,CAAC;AAEvB,WAAW;AACX,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,kBAAkB,EAClB,YAAY,EACZ,mBAAmB,EACnB,YAAY,EACZ,qBAAqB,EACrB,yBAAyB,EACzB,oBAAoB,EACpB,gBAAgB,GAEjB,MAAM,eAAe,CAAC;AAEvB,6BAA6B;AAC7B,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,GAGpB,MAAM,mBAAmB,CAAC;AAE3B,QAAQ;AACR,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,YAAY,EACZ,QAAQ,EACR,cAAc,EACd,eAAe,GAChB,MAAM,YAAY,CAAC;AAEpB,YAAY;AACZ,OAAO,EACL,eAAe,EACf,YAAY,EACZ,eAAe,EACf,mBAAmB,EACnB,eAAe,EACf,eAAe,EACf,eAAe,EACf,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,eAAe,EACf,uBAAuB,GAGxB,MAAM,aAAa,CAAC;AAErB,oDAAoD;AACpD,OAAO,EACL,sBAAsB,EACtB,eAAe,EACf,aAAa,EACb,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,mBAAmB,CAAC"}

package/dist/backend/service-auth.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Set the google-auth-library module instance
+ * This should be called before using service auth functions
+ *
+ * @example
+ * import * as googleAuth from 'google-auth-library';
+ * setGoogleAuth(googleAuth);
+ */
+export declare function setGoogleAuth(googleAuth: any): void;
+/**
+ * Get a Google OAuth2 ID token for service-to-service authentication
+ * Uses Application Default Credentials (works on Google Cloud and locally with GOOGLE_APPLICATION_CREDENTIALS)
+ *
+ * @param targetAudience - The audience (typically the receiving service URL)
+ * @returns The ID token string
+ *
+ * @example
+ * const token = await getServiceToken('https://my-service-abc123.run.app');
+ * fetch(url, { headers: { Authorization: `Bearer ${token}` } });
+ */
+export declare function getServiceToken(targetAudience: string): Promise<string>;
+/**
+ * Verify a Google OAuth2 ID token from another service
+ * Used by the receiving service to validate incoming service-to-service calls
+ *
+ * @param token - The ID token to verify
+ * @param expectedAudience - The expected audience (this service's URL)
+ * @returns The decoded token payload if valid
+ */
+export declare function verifyServiceToken(token: string, expectedAudience: string): Promise<{
+    iss: string;
+    sub: string;
+    aud: string;
+    exp: number;
+    iat: number;
+    email?: string;
+    email_verified?: boolean;
+}>;
+/**
+ * Clear the token cache (useful for testing)
+ */
+export declare function clearServiceTokenCache(): void;
+/**
+ * Check if a request has valid service-to-service authentication
+ * Returns the verified payload or null if not a service request
+ *
+ * @param authHeader - The Authorization header value
+ * @param expectedAudience - The expected audience
+ */
+export declare function validateServiceRequest(authHeader: string | undefined, expectedAudience: string): Promise<{
+    isServiceRequest: boolean;
+    payload?: Awaited<ReturnType<typeof verifyServiceToken>>;
+}>;
+//# sourceMappingURL=service-auth.d.ts.map

package/dist/backend/service-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service-auth.d.ts","sourceRoot":"","sources":["../../src/backend/service-auth.ts"],"names":[],"mappings":"AAiBA;;;;;;;GAOG;AAEH,wBAAgB,aAAa,CAAC,UAAU,EAAE,GAAG,GAAG,IAAI,CAEnD;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,eAAe,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA8C7E;AAED;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,MAAM,EACb,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC;IACT,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC,CA+BD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,IAAI,CAE7C;AAED;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC;IAAE,gBAAgB,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC,CAAA;CAAE,CAAC,CAqBlG"}

package/dist/backend/service-auth.js

@@ -0,0 +1,142 @@
+// ============================================
+// Service-to-Service Authentication
+// Google OAuth2 ID Token generation for internal service calls
+// ============================================
+import { logger } from './logger.js';
+// Store google-auth-library instance to avoid hard dependency
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+let googleAuthInstance = null;
+// Cache for ID tokens (keyed by audience)
+const tokenCache = new Map();
+// Buffer time before expiry to refresh token (5 minutes)
+const TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1000;
+/**
+ * Set the google-auth-library module instance
+ * This should be called before using service auth functions
+ *
+ * @example
+ * import * as googleAuth from 'google-auth-library';
+ * setGoogleAuth(googleAuth);
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export function setGoogleAuth(googleAuth) {
+    googleAuthInstance = googleAuth;
+}
+/**
+ * Get a Google OAuth2 ID token for service-to-service authentication
+ * Uses Application Default Credentials (works on Google Cloud and locally with GOOGLE_APPLICATION_CREDENTIALS)
+ *
+ * @param targetAudience - The audience (typically the receiving service URL)
+ * @returns The ID token string
+ *
+ * @example
+ * const token = await getServiceToken('https://my-service-abc123.run.app');
+ * fetch(url, { headers: { Authorization: `Bearer ${token}` } });
+ */
+export async function getServiceToken(targetAudience) {
+    if (!googleAuthInstance) {
+        throw new Error('Google Auth not initialized. Call setGoogleAuth() first.');
+    }
+    // Check cache
+    const cached = tokenCache.get(targetAudience);
+    if (cached && cached.expiresAt > Date.now() + TOKEN_REFRESH_BUFFER_MS) {
+        return cached.token;
+    }
+    try {
+        // Create an IAM-based ID token client
+        const auth = new googleAuthInstance.GoogleAuth();
+        const client = await auth.getIdTokenClient(targetAudience);
+        // Get the ID token
+        const tokenResponse = await client.getRequestHeaders();
+        const authHeader = tokenResponse.Authorization;
+        if (!authHeader || !authHeader.startsWith('Bearer ')) {
+            throw new Error('Invalid token response from Google Auth');
+        }
+        const token = authHeader.replace('Bearer ', '');
+        // Parse token to get expiry (JWT format: header.payload.signature)
+        const payload = JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
+        const expiresAt = (payload.exp || 0) * 1000; // Convert to milliseconds
+        // Cache the token
+        tokenCache.set(targetAudience, { token, expiresAt });
+        logger.debug('Service token generated', {
+            audience: targetAudience,
+            expiresIn: Math.round((expiresAt - Date.now()) / 1000) + 's',
+        });
+        return token;
+    }
+    catch (error) {
+        logger.error('Failed to get service token', {
+            audience: targetAudience,
+            error: error instanceof Error ? error.message : String(error),
+        });
+        throw error;
+    }
+}
+/**
+ * Verify a Google OAuth2 ID token from another service
+ * Used by the receiving service to validate incoming service-to-service calls
+ *
+ * @param token - The ID token to verify
+ * @param expectedAudience - The expected audience (this service's URL)
+ * @returns The decoded token payload if valid
+ */
+export async function verifyServiceToken(token, expectedAudience) {
+    if (!googleAuthInstance) {
+        throw new Error('Google Auth not initialized. Call setGoogleAuth() first.');
+    }
+    try {
+        const client = new googleAuthInstance.OAuth2Client();
+        const ticket = await client.verifyIdToken({
+            idToken: token,
+            audience: expectedAudience,
+        });
+        const payload = ticket.getPayload();
+        if (!payload) {
+            throw new Error('Token payload is empty');
+        }
+        logger.debug('Service token verified', {
+            email: payload.email,
+            audience: payload.aud,
+        });
+        return payload;
+    }
+    catch (error) {
+        logger.error('Failed to verify service token', {
+            error: error instanceof Error ? error.message : String(error),
+        });
+        throw error;
+    }
+}
+/**
+ * Clear the token cache (useful for testing)
+ */
+export function clearServiceTokenCache() {
+    tokenCache.clear();
+}
+/**
+ * Check if a request has valid service-to-service authentication
+ * Returns the verified payload or null if not a service request
+ *
+ * @param authHeader - The Authorization header value
+ * @param expectedAudience - The expected audience
+ */
+export async function validateServiceRequest(authHeader, expectedAudience) {
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+        return { isServiceRequest: false };
+    }
+    const token = authHeader.replace('Bearer ', '');
+    try {
+        const payload = await verifyServiceToken(token, expectedAudience);
+        // Service tokens have specific characteristics
+        // They come from service accounts (email ends with .iam.gserviceaccount.com)
+        if (payload.email && payload.email.endsWith('.iam.gserviceaccount.com')) {
+            return { isServiceRequest: true, payload };
+        }
+        return { isServiceRequest: false };
+    }
+    catch {
+        // If verification fails, it's not a valid service request
+        return { isServiceRequest: false };
+    }
+}
+//# sourceMappingURL=service-auth.js.map

package/dist/backend/service-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"service-auth.js","sourceRoot":"","sources":["../../src/backend/service-auth.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,oCAAoC;AACpC,+DAA+D;AAC/D,+CAA+C;AAE/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,8DAA8D;AAC9D,8DAA8D;AAC9D,IAAI,kBAAkB,GAAQ,IAAI,CAAC;AAEnC,0CAA0C;AAC1C,MAAM,UAAU,GAAsD,IAAI,GAAG,EAAE,CAAC;AAEhF,yDAAyD;AACzD,MAAM,uBAAuB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAE9C;;;;;;;GAOG;AACH,8DAA8D;AAC9D,MAAM,UAAU,aAAa,CAAC,UAAe;IAC3C,kBAAkB,GAAG,UAAU,CAAC;AAClC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,cAAsB;IAC1D,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,cAAc;IACd,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC9C,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,uBAAuB,EAAE,CAAC;QACtE,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,IAAI,CAAC;QACH,sCAAsC;QACtC,MAAM,IAAI,GAAG,IAAI,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC;QAE3D,mBAAmB;QACnB,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACvD,MAAM,UAAU,GAAG,aAAa,CAAC,aAAa,CAAC;QAE/C,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAEhD,mEAAmE;QACnE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAClF,MAAM,SAAS,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,0BAA0B;QAEvE,kBAAkB;QAClB,UAAU,CAAC,GAAG,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAErD,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;YACtC,QAAQ,EAAE,cAAc;YACxB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG;SAC7D,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;YAC1C,QAAQ,EAAE,cAAc;YACxB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,KAAa,EACb,gBAAwB;IAUxB,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,kBAAkB,CAAC,YAAY,EAAE,CAAC;QAErD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC;YACxC,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,gBAAgB;SAC3B,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;YACrC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,GAAG;SACtB,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;YAC7C,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,UAAU,CAAC,KAAK,EAAE,CAAC;AACrB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,UAA8B,EAC9B,gBAAwB;IAExB,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;IACrC,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAEhD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QAElE,+CAA+C;QAC/C,6EAA6E;QAC7E,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;YACxE,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC7C,CAAC;QAED,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,0DAA0D;QAC1D,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;IACrC,CAAC;AACH,CAAC"}