@mathrunet/masamune_cloudflare 3.1.6 → 3.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/CHANGELOG.md +1 -1
  2. package/README.md +45 -1
  3. package/dist/index.d.ts +6 -0
  4. package/dist/index.js +6 -0
  5. package/dist/index.js.map +1 -1
  6. package/dist/lib/adapters/rules_middleware.d.ts +45 -0
  7. package/dist/lib/adapters/rules_middleware.js +42 -0
  8. package/dist/lib/adapters/rules_middleware.js.map +1 -0
  9. package/dist/lib/middlewares/index.d.ts +3 -2
  10. package/dist/lib/middlewares/index.js +7 -2
  11. package/dist/lib/middlewares/index.js.map +1 -1
  12. package/dist/lib/middlewares/rules_middleware.d.ts +29 -0
  13. package/dist/lib/middlewares/rules_middleware.js +36 -0
  14. package/dist/lib/middlewares/rules_middleware.js.map +1 -0
  15. package/dist/lib/src/rules/path_matcher.d.ts +33 -0
  16. package/dist/lib/src/rules/path_matcher.js +127 -0
  17. package/dist/lib/src/rules/path_matcher.js.map +1 -0
  18. package/dist/lib/src/rules/rules_engine.d.ts +182 -0
  19. package/dist/lib/src/rules/rules_engine.js +523 -0
  20. package/dist/lib/src/rules/rules_engine.js.map +1 -0
  21. package/dist/lib/src/rules/rules_loader.d.ts +93 -0
  22. package/dist/lib/src/rules/rules_loader.js +125 -0
  23. package/dist/lib/src/rules/rules_loader.js.map +1 -0
  24. package/dist/lib/src/worker_adapter_base.d.ts +14 -0
  25. package/dist/lib/src/worker_adapter_base.js +12 -0
  26. package/dist/lib/src/worker_adapter_base.js.map +1 -0
  27. package/dist/lib/src/workers_auth_adapter_base.d.ts +3 -8
  28. package/dist/lib/src/workers_auth_adapter_base.js +2 -1
  29. package/dist/lib/src/workers_auth_adapter_base.js.map +1 -1
  30. package/dist/lib/src/workers_base.d.ts +32 -0
  31. package/dist/lib/src/workers_base.js +41 -3
  32. package/dist/lib/src/workers_base.js.map +1 -1
  33. package/dist/lib/src/workers_rule_adapter_base.d.ts +27 -0
  34. package/dist/lib/src/workers_rule_adapter_base.js +28 -0
  35. package/dist/lib/src/workers_rule_adapter_base.js.map +1 -0
  36. package/package.json +1 -1
@@ -0,0 +1,523 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.RulesEngine = void 0;
4
+ exports.buildRulesPath = buildRulesPath;
5
+ exports.buildDatabaseRulesPath = buildDatabaseRulesPath;
6
+ exports.normalizeHttpMethodToRulesOperation = normalizeHttpMethodToRulesOperation;
7
+ exports.normalizeRulesOperation = normalizeRulesOperation;
8
+ exports.expandRulesOperation = expandRulesOperation;
9
+ exports.filterAllowedScope = filterAllowedScope;
10
+ exports.resolveDatabaseTokenAccess = resolveDatabaseTokenAccess;
11
+ exports.resolveDatabaseTokenAuthorization = resolveDatabaseTokenAuthorization;
12
+ exports.resolveRulesOperation = resolveRulesOperation;
13
+ const rules_loader_1 = require("./rules_loader");
14
+ const path_matcher_1 = require("./path_matcher");
15
+ /**
16
+ * Rules engine.
17
+ *
18
+ * rules評価エンジン。
19
+ */
20
+ class RulesEngine {
21
+ constructor(config) {
22
+ this.config = (0, rules_loader_1.loadRulesConfig)(config);
23
+ }
24
+ config;
25
+ /**
26
+ * Evaluate rules for the given path and operation.
27
+ *
28
+ * 指定したパスと操作に対してrulesを評価します。
29
+ */
30
+ async evaluate(input) {
31
+ const operation = normalizeRulesOperation(input.operation);
32
+ const matches = Object.keys(this.config.rules)
33
+ .map((rulePath) => (0, path_matcher_1.matchRulePath)(rulePath, input.path))
34
+ .filter((match) => match.matched);
35
+ if (matches.length === 0) {
36
+ return { allowed: false };
37
+ }
38
+ const sortedMatches = (0, path_matcher_1.sortRulePathMatches)(matches);
39
+ const resolved = resolveInheritedRule(sortedMatches.map((match) => {
40
+ return {
41
+ rulePath: match.rulePath,
42
+ entry: this.config.rules[match.rulePath],
43
+ params: match.params,
44
+ };
45
+ }));
46
+ const resolvedAccess = resolveAccessRule(resolved.entry, resolved.params, operation);
47
+ if (!resolvedAccess) {
48
+ return {
49
+ allowed: false,
50
+ rulePath: resolved.rulePath,
51
+ };
52
+ }
53
+ return {
54
+ allowed: await evaluateAccessRule(resolvedAccess.access, input.authentication, input.fetchDocument, resolvedAccess.params, input.server === true),
55
+ rulePath: resolved.rulePath,
56
+ access: resolvedAccess.access,
57
+ params: resolvedAccess.params,
58
+ };
59
+ }
60
+ /**
61
+ * Returns true when a table scoped rule requires server evaluation.
62
+ *
63
+ * テーブル配下ルールにサーバー評価が必要な制約がある場合はtrueを返します。
64
+ */
65
+ hasScopedRestriction({ database, table, operation, }) {
66
+ const normalized = normalizeRulesOperation(operation);
67
+ for (const [rulePath, entry] of Object.entries(this.config.rules)) {
68
+ if (!isRulePathInTableScope(rulePath, database, table)) {
69
+ continue;
70
+ }
71
+ const access = resolveAccessRule(entry, {}, normalized)?.access;
72
+ if (!access || isDirectSafeScopeAccess(access)) {
73
+ continue;
74
+ }
75
+ return true;
76
+ }
77
+ return false;
78
+ }
79
+ /**
80
+ * Returns true when a table scoped rule explicitly denies access.
81
+ *
82
+ * テーブル配下ルールに明示的なdenyがある場合はtrueを返します。
83
+ */
84
+ hasScopedDeny({ database, table, operation, }) {
85
+ const normalized = normalizeRulesOperation(operation);
86
+ for (const [rulePath, entry] of Object.entries(this.config.rules)) {
87
+ if (!isRulePathInTableScope(rulePath, database, table)) {
88
+ continue;
89
+ }
90
+ const access = resolveAccessRule(entry, {}, normalized)?.access;
91
+ if (access === "deny") {
92
+ return true;
93
+ }
94
+ }
95
+ return false;
96
+ }
97
+ }
98
+ exports.RulesEngine = RulesEngine;
99
+ /**
100
+ * Build a normalized rules path.
101
+ *
102
+ * 正規化されたrulesパスを生成します。
103
+ */
104
+ function buildRulesPath({ database, table, indexKey }) {
105
+ return [
106
+ "database",
107
+ encodeRulesPathSegment(database),
108
+ "table",
109
+ encodeRulesPathSegment(table),
110
+ encodeRulesPathSegment(indexKey),
111
+ ].join("/");
112
+ }
113
+ /**
114
+ * Build a normalized database rules path.
115
+ *
116
+ * 正規化されたデータベースrulesパスを生成します。
117
+ */
118
+ function buildDatabaseRulesPath({ database }) {
119
+ return [
120
+ "database",
121
+ encodeRulesPathSegment(database),
122
+ ].join("/");
123
+ }
124
+ /**
125
+ * Normalize HTTP method to rules operation.
126
+ *
127
+ * HTTPメソッドをrules操作に正規化します。
128
+ */
129
+ function normalizeHttpMethodToRulesOperation(method) {
130
+ switch (method.toUpperCase()) {
131
+ case "GET":
132
+ return "get";
133
+ case "POST":
134
+ return "create";
135
+ case "PUT":
136
+ return "update";
137
+ case "DELETE":
138
+ return "delete";
139
+ default:
140
+ throw new Error(`Unsupported HTTP method for rules: ${method}`);
141
+ }
142
+ }
143
+ /**
144
+ * Normalize rules operation aliases.
145
+ *
146
+ * rules操作エイリアスを正規化します。
147
+ */
148
+ function normalizeRulesOperation(operation) {
149
+ switch (operation) {
150
+ case "read":
151
+ return "get";
152
+ case "write":
153
+ return "create";
154
+ case "get":
155
+ case "create":
156
+ case "update":
157
+ case "delete":
158
+ return operation;
159
+ }
160
+ }
161
+ /**
162
+ * Expand operation aliases to concrete operations.
163
+ *
164
+ * 操作エイリアスを具体的な操作へ展開します。
165
+ */
166
+ function expandRulesOperation(operation) {
167
+ switch (operation) {
168
+ case "read":
169
+ return ["get"];
170
+ case "write":
171
+ return ["create", "update", "delete"];
172
+ case "get":
173
+ case "create":
174
+ case "update":
175
+ case "delete":
176
+ return [operation];
177
+ }
178
+ }
179
+ /**
180
+ * Filter token targets by rules.
181
+ *
182
+ * rulesによりトークン対象をフィルタします。
183
+ */
184
+ async function filterAllowedScope({ engine, database, scope, authentication, }) {
185
+ const allowed = [];
186
+ for (const item of scope) {
187
+ const operations = [];
188
+ for (const operationKey of item.operations) {
189
+ const expanded = expandRulesOperation(operationKey);
190
+ const results = await Promise.all(expanded.map((operation) => {
191
+ return engine.evaluate({
192
+ path: buildRulesPath({
193
+ database,
194
+ table: item.table,
195
+ indexKey: "*",
196
+ }),
197
+ operation,
198
+ authentication,
199
+ });
200
+ }));
201
+ if (results.every((result) => result.allowed)) {
202
+ operations.push(operationKey);
203
+ }
204
+ }
205
+ if (operations.length > 0) {
206
+ allowed.push({
207
+ table: item.table,
208
+ operations,
209
+ });
210
+ }
211
+ }
212
+ return allowed;
213
+ }
214
+ /**
215
+ * Resolve database token access from rules.
216
+ *
217
+ * rulesからデータベーストークンアクセスを解決します。
218
+ */
219
+ async function resolveDatabaseTokenAccess({ engine, database, operations, scope = [], authentication, }) {
220
+ const path = buildDatabaseRulesPath({ database });
221
+ const directRead = await engine.evaluate({
222
+ path,
223
+ operation: "read",
224
+ authentication,
225
+ server: false,
226
+ });
227
+ const serverRead = directRead.allowed
228
+ ? directRead
229
+ : await engine.evaluate({
230
+ path,
231
+ operation: "read",
232
+ authentication,
233
+ server: true,
234
+ });
235
+ if (!serverRead.allowed) {
236
+ return undefined;
237
+ }
238
+ const directDatabaseWrite = await evaluateDatabaseWrite({
239
+ engine,
240
+ path,
241
+ authentication,
242
+ server: false,
243
+ });
244
+ const serverDatabaseWrite = directDatabaseWrite
245
+ ? true
246
+ : await evaluateDatabaseWrite({
247
+ engine,
248
+ path,
249
+ authentication,
250
+ server: true,
251
+ });
252
+ const scopes = await resolveScopeModes({
253
+ engine,
254
+ database,
255
+ scope,
256
+ authentication,
257
+ });
258
+ const readScopes = scopes.filter((item) => requiresRead(item.operations));
259
+ const writeScopes = scopes.filter((item) => requiresWrite(item.operations));
260
+ const requestedOperations = operations ?? [];
261
+ const requestsDatabaseRead = requiresRead(requestedOperations);
262
+ const requestsDatabaseWrite = requiresWrite(requestedOperations);
263
+ const hasTargets = scope.length > 0;
264
+ const readMode = resolveOverallMode(readScopes.map((item) => item.readMode ?? "none"), !hasTargets && (requestedOperations.length === 0 || requestsDatabaseRead)
265
+ ? directRead.allowed ? "direct" : "functions"
266
+ : "none");
267
+ let writeMode = resolveOverallMode(writeScopes.map((item) => item.writeMode ?? "none"), !hasTargets && (requestedOperations.length === 0 || requestsDatabaseWrite)
268
+ ? directDatabaseWrite ? "direct" : serverDatabaseWrite ? "functions" : "none"
269
+ : "none");
270
+ if (readMode === "functions" && writeMode === "direct") {
271
+ writeMode = serverDatabaseWrite ? "functions" : "none";
272
+ }
273
+ const authorization = resolveTokenAuthorization(readMode, writeMode);
274
+ return {
275
+ authorization,
276
+ readMode,
277
+ writeMode,
278
+ scopes,
279
+ };
280
+ }
281
+ /**
282
+ * Resolve database token authorization from rules.
283
+ *
284
+ * rulesからデータベーストークン権限を解決します。
285
+ */
286
+ async function resolveDatabaseTokenAuthorization({ engine, database, authentication, }) {
287
+ const access = await resolveDatabaseTokenAccess({
288
+ engine,
289
+ database,
290
+ authentication,
291
+ });
292
+ return access?.authorization;
293
+ }
294
+ /**
295
+ * Resolve operation lookup order.
296
+ *
297
+ * 操作の解決順を取得します。
298
+ */
299
+ function resolveRulesOperation(operation) {
300
+ const normalized = normalizeRulesOperation(operation);
301
+ switch (normalized) {
302
+ case "get":
303
+ return ["get", "read"];
304
+ case "create":
305
+ return ["create", "write"];
306
+ case "update":
307
+ return ["update", "write"];
308
+ case "delete":
309
+ return ["delete", "write"];
310
+ }
311
+ }
312
+ function resolveInheritedRule(matches) {
313
+ const inherited = {};
314
+ const inheritedParams = {};
315
+ let rulePath = matches[0]?.rulePath ?? "";
316
+ for (const match of [...matches].reverse()) {
317
+ if (!match.entry) {
318
+ continue;
319
+ }
320
+ rulePath = match.rulePath;
321
+ for (const [operation, access] of Object.entries(match.entry)) {
322
+ inherited[operation] = access;
323
+ inheritedParams[operation] = match.params;
324
+ }
325
+ }
326
+ return {
327
+ rulePath,
328
+ entry: inherited,
329
+ params: inheritedParams,
330
+ };
331
+ }
332
+ function resolveAccessRule(entry, params, operation) {
333
+ for (const operationKey of resolveRulesOperation(operation)) {
334
+ const access = entry[operationKey];
335
+ if (access) {
336
+ return {
337
+ access,
338
+ params: params[operationKey] ?? {},
339
+ };
340
+ }
341
+ }
342
+ return undefined;
343
+ }
344
+ async function evaluateAccessRule(access, authentication, fetchDocument, params = {}, server = false) {
345
+ switch (access) {
346
+ case "deny":
347
+ return false;
348
+ case "allow":
349
+ return true;
350
+ case "authenticated":
351
+ return !!authentication?.uid;
352
+ case "server":
353
+ return server;
354
+ default:
355
+ break;
356
+ }
357
+ if ("server" in access && access.server === true && !server) {
358
+ return false;
359
+ }
360
+ switch (access.type) {
361
+ case "field":
362
+ case "fieldMatch": {
363
+ const uid = authentication?.uid;
364
+ if (!uid || !fetchDocument) {
365
+ return false;
366
+ }
367
+ const document = await fetchDocument();
368
+ return document?.[access.field] === uid;
369
+ }
370
+ case "path": {
371
+ const uid = authentication?.uid;
372
+ return !!uid && params[access.param] === uid;
373
+ }
374
+ }
375
+ }
376
+ async function resolveScopeModes({ engine, database, scope, authentication, }) {
377
+ const resolved = [];
378
+ for (const item of scope) {
379
+ const readMode = requiresRead(item.operations)
380
+ ? await resolveScopedOperationMode({
381
+ engine,
382
+ database,
383
+ table: item.table,
384
+ operation: "read",
385
+ authentication,
386
+ })
387
+ : undefined;
388
+ const writeMode = requiresWrite(item.operations)
389
+ ? await resolveScopedOperationMode({
390
+ engine,
391
+ database,
392
+ table: item.table,
393
+ operation: "write",
394
+ authentication,
395
+ })
396
+ : undefined;
397
+ resolved.push({
398
+ table: item.table,
399
+ operations: item.operations,
400
+ ...(readMode ? { readMode } : {}),
401
+ ...(writeMode ? { writeMode } : {}),
402
+ });
403
+ }
404
+ return resolved;
405
+ }
406
+ async function resolveScopedOperationMode({ engine, database, table, operation, authentication, }) {
407
+ const path = buildRulesPath({
408
+ database,
409
+ table,
410
+ indexKey: "*",
411
+ });
412
+ const expanded = expandRulesOperation(operation);
413
+ const direct = await Promise.all(expanded.map((item) => engine.evaluate({
414
+ path,
415
+ operation: item,
416
+ authentication,
417
+ server: false,
418
+ })));
419
+ const directAllowed = direct.every((result) => result.allowed);
420
+ const restricted = expanded.some((item) => engine.hasScopedRestriction({
421
+ database,
422
+ table,
423
+ operation: item,
424
+ }));
425
+ if (directAllowed && !restricted) {
426
+ return "direct";
427
+ }
428
+ const denied = expanded.some((item) => engine.hasScopedDeny({
429
+ database,
430
+ table,
431
+ operation: item,
432
+ }));
433
+ if (restricted && !denied) {
434
+ return "functions";
435
+ }
436
+ const server = await Promise.all(expanded.map((item) => engine.evaluate({
437
+ path,
438
+ operation: item,
439
+ authentication,
440
+ server: true,
441
+ })));
442
+ return server.every((result) => result.allowed) ? "functions" : "none";
443
+ }
444
+ function resolveOverallMode(scopedModes, fallback) {
445
+ if (scopedModes.length === 0) {
446
+ return fallback;
447
+ }
448
+ if (scopedModes.every((mode) => mode === "direct")) {
449
+ return "direct";
450
+ }
451
+ if (scopedModes.some((mode) => mode === "none")) {
452
+ return "none";
453
+ }
454
+ return "functions";
455
+ }
456
+ function resolveTokenAuthorization(readMode, writeMode) {
457
+ if (writeMode === "direct") {
458
+ return "full-access";
459
+ }
460
+ if (readMode === "direct") {
461
+ return "read-only";
462
+ }
463
+ return undefined;
464
+ }
465
+ function requiresRead(operations) {
466
+ return operations.some((operation) => expandRulesOperation(operation).includes("get"));
467
+ }
468
+ function requiresWrite(operations) {
469
+ return operations.some((operation) => {
470
+ const expanded = expandRulesOperation(operation);
471
+ return expanded.includes("create") || expanded.includes("update") || expanded.includes("delete");
472
+ });
473
+ }
474
+ async function evaluateDatabaseWrite({ engine, path, authentication, server, }) {
475
+ const results = await Promise.all(expandRulesOperation("write").map((operation) => {
476
+ return engine.evaluate({
477
+ path,
478
+ operation,
479
+ authentication,
480
+ server,
481
+ });
482
+ }));
483
+ return results.every((result) => result.allowed);
484
+ }
485
+ function isRulePathInTableScope(rulePath, database, table) {
486
+ const segments = splitRulesPath(rulePath);
487
+ if (segments.length <= 4) {
488
+ return false;
489
+ }
490
+ return segmentMatches(segments[0], "database") &&
491
+ segmentMatches(segments[1], database) &&
492
+ segmentMatches(segments[2], "table") &&
493
+ segmentMatches(segments[3], table);
494
+ }
495
+ function segmentMatches(ruleSegment, value) {
496
+ if (!ruleSegment) {
497
+ return false;
498
+ }
499
+ if (ruleSegment === "**") {
500
+ return true;
501
+ }
502
+ return ruleSegment === "*" || !!parseNamedPathParam(ruleSegment) || ruleSegment === value;
503
+ }
504
+ function isDirectSafeScopeAccess(access) {
505
+ return access === "allow";
506
+ }
507
+ function splitRulesPath(path) {
508
+ if (path.length === 0 || path.startsWith("/") || path.endsWith("/")) {
509
+ return [];
510
+ }
511
+ return path.split("/");
512
+ }
513
+ function parseNamedPathParam(segment) {
514
+ const match = /^\{([A-Za-z_][A-Za-z0-9_]*)\}$/.exec(segment);
515
+ return match?.[1];
516
+ }
517
+ function encodeRulesPathSegment(segment) {
518
+ if (segment.length === 0 || segment.includes("/")) {
519
+ throw new Error(`Invalid rules path segment: ${segment}`);
520
+ }
521
+ return segment;
522
+ }
523
+ //# sourceMappingURL=rules_engine.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"rules_engine.js","sourceRoot":"","sources":["../../../../src/lib/src/rules/rules_engine.ts"],"names":[],"mappings":";;;AAiNA,wCAQC;AAOD,wDAKC;AAOD,kFAaC;AAOD,0DAYC;AAOD,oDAYC;AAOD,gDAuCC;AAOD,gEA+EC;AAOD,8EAeC;AAOD,sDAYC;AA3cD,iDAOwB;AACxB,iDAAoE;AAoFpE;;;;GAIG;AACH,MAAa,WAAW;IACpB,YAAY,MAA6B;QACrC,IAAI,CAAC,MAAM,GAAG,IAAA,8BAAe,EAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAEgB,MAAM,CAAc;IAErC;;;;OAIG;IACH,KAAK,CAAC,QAAQ,CAAC,KAA2B;QACtC,MAAM,SAAS,GAAG,uBAAuB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;aACzC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAA,4BAAa,EAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;aACtD,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC9B,CAAC;QAED,MAAM,aAAa,GAAG,IAAA,kCAAmB,EAAC,OAAO,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAG,oBAAoB,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;YAC9D,OAAO;gBACH,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC;gBACxC,MAAM,EAAE,KAAK,CAAC,MAAM;aACvB,CAAC;QACN,CAAC,CAAC,CAAC,CAAC;QACJ,MAAM,cAAc,GAAG,iBAAiB,CAAC,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACrF,IAAI,CAAC,cAAc,EAAE,CAAC;YAClB,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,QAAQ,CAAC,QAAQ;aAC9B,CAAC;QACN,CAAC;QACD,OAAO;YACH,OAAO,EAAE,MAAM,kBAAkB,CAC7B,cAAc,CAAC,MAAM,EACrB,KAAK,CAAC,cAAc,EACpB,KAAK,CAAC,aAAa,EACnB,cAAc,CAAC,MAAM,EACrB,KAAK,CAAC,MAAM,KAAK,IAAI,CACxB;YACD,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,MAAM,EAAE,cAAc,CAAC,MAAM;SAChC,CAAC;IACN,CAAC;IAED;;;;OAIG;IACH,oBAAoB,CAAC,EACjB,QAAQ,EACR,KAAK,EACL,SAAS,GAKZ;QACG,MAAM,UAAU,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;QACtD,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;gBACrD,SAAS;YACb,CAAC;YACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC;YAChE,IAAI,CAAC,MAAM,IAAI,uBAAuB,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7C,SAAS;YACb,CAAC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,EACV,QAAQ,EACR,KAAK,EACL,SAAS,GAKZ;QACG,MAAM,UAAU,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;QACtD,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;gBACrD,SAAS;YACb,CAAC;YACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC;YAChE,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC;YAChB,CAAC;QACL,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;CACJ;AAxGD,kCAwGC;AAED;;;;GAIG;AACH,SAAgB,cAAc,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAsB;IAC5E,OAAO;QACH,UAAU;QACV,sBAAsB,CAAC,QAAQ,CAAC;QAChC,OAAO;QACP,sBAAsB,CAAC,KAAK,CAAC;QAC7B,sBAAsB,CAAC,QAAQ,CAAC;KACnC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,SAAgB,sBAAsB,CAAC,EAAE,QAAQ,EAAwB;IACrE,OAAO;QACH,UAAU;QACV,sBAAsB,CAAC,QAAQ,CAAC;KACnC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,SAAgB,mCAAmC,CAAC,MAAc;IAC9D,QAAQ,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3B,KAAK,KAAK;YACN,OAAO,KAAK,CAAC;QACjB,KAAK,MAAM;YACP,OAAO,QAAQ,CAAC;QACpB,KAAK,KAAK;YACN,OAAO,QAAQ,CAAC;QACpB,KAAK,QAAQ;YACT,OAAO,QAAQ,CAAC;QACpB;YACI,MAAM,IAAI,KAAK,CAAC,sCAAsC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,SAA6C;IACjF,QAAQ,SAAS,EAAE,CAAC;QAChB,KAAK,MAAM;YACP,OAAO,KAAK,CAAC;QACjB,KAAK,OAAO;YACR,OAAO,QAAQ,CAAC;QACpB,KAAK,KAAK,CAAC;QACX,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ;YACT,OAAO,SAAS,CAAC;IACzB,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAgB,oBAAoB,CAAC,SAA4B;IAC7D,QAAQ,SAAS,EAAE,CAAC;QAChB,KAAK,MAAM;YACP,OAAO,CAAC,KAAK,CAAC,CAAC;QACnB,KAAK,OAAO;YACR,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC1C,KAAK,KAAK,CAAC;QACX,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ;YACT,OAAO,CAAC,SAAS,CAAC,CAAC;IAC3B,CAAC;AACL,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,kBAAkB,CAAC,EACrC,MAAM,EACN,QAAQ,EACR,KAAK,EACL,cAAc,GAMjB;IACG,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,MAAM,UAAU,GAAwB,EAAE,CAAC;QAC3C,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;gBACzD,OAAO,MAAM,CAAC,QAAQ,CAAC;oBACnB,IAAI,EAAE,cAAc,CAAC;wBACjB,QAAQ;wBACR,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,QAAQ,EAAE,GAAG;qBAChB,CAAC;oBACF,SAAS;oBACT,cAAc;iBACjB,CAAC,CAAC;YACP,CAAC,CAAC,CAAC,CAAC;YACJ,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5C,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAClC,CAAC;QACL,CAAC;QACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC;gBACT,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,UAAU;aACb,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,0BAA0B,CAAC,EAC7C,MAAM,EACN,QAAQ,EACR,UAAU,EACV,KAAK,GAAG,EAAE,EACV,cAAc,GAOjB;IACG,MAAM,IAAI,GAAG,sBAAsB,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC;QACrC,IAAI;QACJ,SAAS,EAAE,MAAM;QACjB,cAAc;QACd,MAAM,EAAE,KAAK;KAChB,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO;QACjC,CAAC,CAAC,UAAU;QACZ,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC;YACpB,IAAI;YACJ,SAAS,EAAE,MAAM;YACjB,cAAc;YACd,MAAM,EAAE,IAAI;SACf,CAAC,CAAC;IACP,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC;IACrB,CAAC;IACD,MAAM,mBAAmB,GAAG,MAAM,qBAAqB,CAAC;QACpD,MAAM;QACN,IAAI;QACJ,cAAc;QACd,MAAM,EAAE,KAAK;KAChB,CAAC,CAAC;IACH,MAAM,mBAAmB,GAAG,mBAAmB;QAC3C,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,qBAAqB,CAAC;YAC1B,MAAM;YACN,IAAI;YACJ,cAAc;YACd,MAAM,EAAE,IAAI;SACf,CAAC,CAAC;IACP,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC;QACnC,MAAM;QACN,QAAQ;QACR,KAAK;QACL,cAAc;KACjB,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAC1E,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAC5E,MAAM,mBAAmB,GAAG,UAAU,IAAI,EAAE,CAAC;IAC7C,MAAM,oBAAoB,GAAG,YAAY,CAAC,mBAAmB,CAAC,CAAC;IAC/D,MAAM,qBAAqB,GAAG,aAAa,CAAC,mBAAmB,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,kBAAkB,CAC/B,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,EACjD,CAAC,UAAU,IAAI,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,IAAI,oBAAoB,CAAC;QACrE,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW;QAC7C,CAAC,CAAC,MAAM,CACf,CAAC;IACF,IAAI,SAAS,GAAG,kBAAkB,CAC9B,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC,EACnD,CAAC,UAAU,IAAI,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,IAAI,qBAAqB,CAAC;QACtE,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM;QAC7E,CAAC,CAAC,MAAM,CACf,CAAC;IACF,IAAI,QAAQ,KAAK,WAAW,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;QACrD,SAAS,GAAG,mBAAmB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC;IAC3D,CAAC;IACD,MAAM,aAAa,GAAG,yBAAyB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACrE,OAAO;QACH,aAAa;QACb,QAAQ;QACR,SAAS;QACT,MAAM;KACT,CAAC;AACN,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,iCAAiC,CAAC,EACpD,MAAM,EACN,QAAQ,EACR,cAAc,GAKjB;IACG,MAAM,MAAM,GAAG,MAAM,0BAA0B,CAAC;QAC5C,MAAM;QACN,QAAQ;QACR,cAAc;KACjB,CAAC,CAAC;IACH,OAAO,MAAM,EAAE,aAAa,CAAC;AACjC,CAAC;AAED;;;;GAIG;AACH,SAAgB,qBAAqB,CAAC,SAA6C;IAC/E,MAAM,UAAU,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACtD,QAAQ,UAAU,EAAE,CAAC;QACjB,KAAK,KAAK;YACN,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC3B,KAAK,QAAQ;YACT,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/B,KAAK,QAAQ;YACT,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/B,KAAK,QAAQ;YACT,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC;AACL,CAAC;AAED,SAAS,oBAAoB,CACzB,OAIG;IAMH,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,MAAM,eAAe,GAA+D,EAAE,CAAC;IACvF,IAAI,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,EAAE,CAAC;IAC1C,KAAK,MAAM,KAAK,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;QACzC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACf,SAAS;QACb,CAAC;QACD,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;QAC1B,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5D,SAAS,CAAC,SAA8B,CAAC,GAAG,MAAM,CAAC;YACnD,eAAe,CAAC,SAA8B,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC;QACnE,CAAC;IACL,CAAC;IACD,OAAO;QACH,QAAQ;QACR,KAAK,EAAE,SAAS;QAChB,MAAM,EAAE,eAAe;KAC1B,CAAC;AACN,CAAC;AAED,SAAS,iBAAiB,CACtB,KAAiB,EACjB,MAAkE,EAClE,SAAyB;IAKzB,KAAK,MAAM,YAAY,IAAI,qBAAqB,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC;QACnC,IAAI,MAAM,EAAE,CAAC;YACT,OAAO;gBACH,MAAM;gBACN,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE;aACrC,CAAC;QACN,CAAC;IACL,CAAC;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC7B,MAAuB,EACvB,cAA+C,EAC/C,aAAuF,EACvF,SAAiC,EAAE,EACnC,MAAM,GAAG,KAAK;IAEd,QAAQ,MAAM,EAAE,CAAC;QACb,KAAK,MAAM;YACP,OAAO,KAAK,CAAC;QACjB,KAAK,OAAO;YACR,OAAO,IAAI,CAAC;QAChB,KAAK,eAAe;YAChB,OAAO,CAAC,CAAC,cAAc,EAAE,GAAG,CAAC;QACjC,KAAK,QAAQ;YACT,OAAO,MAAM,CAAC;QAClB;YACI,MAAM;IACd,CAAC;IACD,IAAI,QAAQ,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAC1D,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,OAAO,CAAC;QACb,KAAK,YAAY,CAAC,CAAC,CAAC;YAChB,MAAM,GAAG,GAAG,cAAc,EAAE,GAAG,CAAC;YAChC,IAAI,CAAC,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;gBACzB,OAAO,KAAK,CAAC;YACjB,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,aAAa,EAAE,CAAC;YACvC,OAAO,QAAQ,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC;QAC5C,CAAC;QACD,KAAK,MAAM,CAAC,CAAC,CAAC;YACV,MAAM,GAAG,GAAG,cAAc,EAAE,GAAG,CAAC;YAChC,OAAO,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC;QACjD,CAAC;IACL,CAAC;AACL,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,EAC7B,MAAM,EACN,QAAQ,EACR,KAAK,EACL,cAAc,GAMjB;IACG,MAAM,QAAQ,GAA6B,EAAE,CAAC;IAC9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC;YAC1C,CAAC,CAAC,MAAM,0BAA0B,CAAC;gBAC/B,MAAM;gBACN,QAAQ;gBACR,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,MAAM;gBACjB,cAAc;aACjB,CAAC;YACF,CAAC,CAAC,SAAS,CAAC;QAChB,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC;YAC5C,CAAC,CAAC,MAAM,0BAA0B,CAAC;gBAC/B,MAAM;gBACN,QAAQ;gBACR,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,OAAO;gBAClB,cAAc;aACjB,CAAC;YACF,CAAC,CAAC,SAAS,CAAC;QAChB,QAAQ,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtC,CAAC,CAAC;IACP,CAAC;IACD,OAAO,QAAQ,CAAC;AACpB,CAAC;AAED,KAAK,UAAU,0BAA0B,CAAC,EACtC,MAAM,EACN,QAAQ,EACR,KAAK,EACL,SAAS,EACT,cAAc,GAOjB;IACG,MAAM,IAAI,GAAG,cAAc,CAAC;QACxB,QAAQ;QACR,KAAK;QACL,QAAQ,EAAE,GAAG;KAChB,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;QACpE,IAAI;QACJ,SAAS,EAAE,IAAI;QACf,cAAc;QACd,MAAM,EAAE,KAAK;KAChB,CAAC,CAAC,CAAC,CAAC;IACL,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACnE,QAAQ;QACR,KAAK;QACL,SAAS,EAAE,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,IAAI,aAAa,IAAI,CAAC,UAAU,EAAE,CAAC;QAC/B,OAAO,QAAQ,CAAC;IACpB,CAAC;IACD,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC;QACxD,QAAQ;QACR,KAAK;QACL,SAAS,EAAE,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,IAAI,UAAU,IAAI,CAAC,MAAM,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC;IACvB,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;QACpE,IAAI;QACJ,SAAS,EAAE,IAAI;QACf,cAAc;QACd,MAAM,EAAE,IAAI;KACf,CAAC,CAAC,CAAC,CAAC;IACL,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC;AAC3E,CAAC;AAED,SAAS,kBAAkB,CACvB,WAA8B,EAC9B,QAAyB;IAEzB,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,QAAQ,CAAC;IACpB,CAAC;IACD,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;QACjD,OAAO,QAAQ,CAAC;IACpB,CAAC;IACD,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,CAAC;QAC9C,OAAO,MAAM,CAAC;IAClB,CAAC;IACD,OAAO,WAAW,CAAC;AACvB,CAAC;AAED,SAAS,yBAAyB,CAC9B,QAAyB,EACzB,SAA0B;IAE1B,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;QACzB,OAAO,aAAa,CAAC;IACzB,CAAC;IACD,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC;IACvB,CAAC;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,SAAS,YAAY,CAAC,UAA+B;IACjD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;AAC3F,CAAC;AAED,SAAS,aAAa,CAAC,UAA+B;IAClD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;QACjC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;QACjD,OAAO,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrG,CAAC,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,EACjC,MAAM,EACN,IAAI,EACJ,cAAc,EACd,MAAM,GAMT;IACG,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC7B,oBAAoB,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;QAC5C,OAAO,MAAM,CAAC,QAAQ,CAAC;YACnB,IAAI;YACJ,SAAS;YACT,cAAc;YACd,MAAM;SACT,CAAC,CAAC;IACP,CAAC,CAAC,CACL,CAAC;IACF,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,sBAAsB,CAC3B,QAAgB,EAChB,QAAgB,EAChB,KAAa;IAEb,MAAM,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,OAAO,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC;QAC1C,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC;QACrC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC;QACpC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,cAAc,CAAC,WAA+B,EAAE,KAAa;IAClE,IAAI,CAAC,WAAW,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,WAAW,KAAK,GAAG,IAAI,CAAC,CAAC,mBAAmB,CAAC,WAAW,CAAC,IAAI,WAAW,KAAK,KAAK,CAAC;AAC9F,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAuB;IACpD,OAAO,MAAM,KAAK,OAAO,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAChC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAClE,OAAO,EAAE,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAe;IACxC,MAAM,KAAK,GAAG,gCAAgC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,sBAAsB,CAAC,OAAe;IAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,+BAA+B,OAAO,EAAE,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC"}
@@ -0,0 +1,93 @@
1
+ /**
2
+ * Operation names supported by rules.json.
3
+ *
4
+ * rules.jsonでサポートする操作名。
5
+ */
6
+ export type RulesOperation = "get" | "create" | "update" | "delete";
7
+ /**
8
+ * Operation aliases supported by rules.json.
9
+ *
10
+ * rules.jsonでサポートする操作エイリアス。
11
+ */
12
+ export type RulesOperationAlias = "read" | "write";
13
+ /**
14
+ * Operation keys accepted in a rule entry.
15
+ *
16
+ * ルール内で指定可能な操作キー。
17
+ */
18
+ export type RulesOperationKey = RulesOperation | RulesOperationAlias;
19
+ /**
20
+ * Access rule for an operation.
21
+ *
22
+ * 操作に対するアクセスルール。
23
+ */
24
+ export type RulesAccessRule = "deny" | "allow" | "authenticated" | "server" | RulesFieldMatchAccessRule | RulesFieldAccessRule | RulesPathAccessRule;
25
+ /**
26
+ * Field match access rule.
27
+ *
28
+ * フィールド一致アクセスルール。
29
+ */
30
+ export interface RulesFieldMatchAccessRule {
31
+ type: "fieldMatch";
32
+ field: string;
33
+ }
34
+ /**
35
+ * Field match access rule.
36
+ *
37
+ * フィールド一致アクセスルール。
38
+ */
39
+ export interface RulesFieldAccessRule {
40
+ type: "field";
41
+ field: string;
42
+ server?: boolean | undefined;
43
+ }
44
+ /**
45
+ * Path parameter access rule.
46
+ *
47
+ * パスパラメーター一致アクセスルール。
48
+ */
49
+ export interface RulesPathAccessRule {
50
+ type: "path";
51
+ param: string;
52
+ server?: boolean | undefined;
53
+ }
54
+ /**
55
+ * Rule entry for a matched path.
56
+ *
57
+ * パスに対応するルール定義。
58
+ */
59
+ export type RulesEntry = Partial<Record<RulesOperationKey, RulesAccessRule>>;
60
+ /**
61
+ * Rule map keyed by path pattern.
62
+ *
63
+ * パスパターンをキーにしたルールマップ。
64
+ */
65
+ export type RulesMap = Record<string, RulesEntry>;
66
+ /**
67
+ * rules.json configuration.
68
+ *
69
+ * rules.json設定。
70
+ */
71
+ export interface RulesConfig {
72
+ version: string;
73
+ rules: RulesMap;
74
+ }
75
+ /**
76
+ * Result of loading and validating rules.
77
+ *
78
+ * rulesの読み込み・検証結果。
79
+ */
80
+ export interface LoadedRulesConfig extends RulesConfig {
81
+ }
82
+ /**
83
+ * Load and validate rules configuration.
84
+ *
85
+ * rules設定を読み込み、検証します。
86
+ */
87
+ export declare function loadRulesConfig(input: unknown): LoadedRulesConfig;
88
+ /**
89
+ * Validate a rule path.
90
+ *
91
+ * ルールパスを検証します。
92
+ */
93
+ export declare function validateRulePath(path: string): void;