@microsoft/agents-hosting 1.1.0-alpha.9.g154c2c8a32 → 1.1.4-g8d884129e7

package/dist/src/app/auth/handlers/azureBotAuthorization.js

@@ -0,0 +1,429 @@
+"use strict";
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AzureBotAuthorization = void 0;
+const logger_1 = require("@microsoft/agents-activity/logger");
+const types_1 = require("../types");
+const messageFactory_1 = require("../../../messageFactory");
+const cards_1 = require("../../../cards");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const handlerStorage_1 = require("../handlerStorage");
+const agents_activity_1 = require("@microsoft/agents-activity");
+const logger = (0, logger_1.debug)('agents:authorization:azurebot');
+const DEFAULT_SIGN_IN_ATTEMPTS = 2;
+var Category;
+(function (Category) {
+    Category["SIGNIN"] = "signin";
+    Category["UNKNOWN"] = "unknown";
+})(Category || (Category = {}));
+/**
+ * Default implementation of an authorization handler using Azure Bot Service.
+ */
+class AzureBotAuthorization {
+    /**
+     * Creates an instance of the AzureBotAuthorization.
+     * @param id The unique identifier for the handler.
+     * @param options The settings for the handler.
+     * @param app The agent application instance.
+     */
+    constructor(id, options, settings) {
+        this.id = id;
+        this.settings = settings;
+        this._key = `${AzureBotAuthorization.name}/${this.id}`;
+        /**
+         * Predefined messages with dynamic placeholders.
+         */
+        this.messages = {
+            invalidCode: (code) => {
+                var _a, _b;
+                const message = (_b = (_a = this._options.messages) === null || _a === void 0 ? void 0 : _a.invalidCode) !== null && _b !== void 0 ? _b : 'Invalid **{code}** code entered. Please try again with a new sign-in request.';
+                return message.replaceAll('{code}', code);
+            },
+            invalidCodeFormat: (attemptsLeft) => {
+                var _a, _b;
+                const message = (_b = (_a = this._options.messages) === null || _a === void 0 ? void 0 : _a.invalidCodeFormat) !== null && _b !== void 0 ? _b : 'Please enter a valid **6-digit** code format (_e.g. 123456_).\r\n**{attemptsLeft} attempt(s) left...**';
+                return message.replaceAll('{attemptsLeft}', attemptsLeft.toString());
+            },
+            maxAttemptsExceeded: (maxAttempts) => {
+                var _a, _b;
+                const message = (_b = (_a = this._options.messages) === null || _a === void 0 ? void 0 : _a.maxAttemptsExceeded) !== null && _b !== void 0 ? _b : 'You have exceeded the maximum number of sign-in attempts ({maxAttempts}). Please try again with a new sign-in request.';
+                return message.replaceAll('{maxAttempts}', maxAttempts.toString());
+            },
+        };
+        if (!this.settings.storage) {
+            throw new Error(this.prefix('The \'storage\' option is not available in the app options. Ensure that the app is properly configured.'));
+        }
+        if (!this.settings.connections) {
+            throw new Error(this.prefix('The \'connections\' option is not available in the app options. Ensure that the app is properly configured.'));
+        }
+        this._options = this.loadOptions(options);
+    }
+    /**
+     * Loads and validates the authorization handler options.
+     */
+    loadOptions(settings) {
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r;
+        const result = {
+            name: (_a = settings.name) !== null && _a !== void 0 ? _a : (process.env[`${this.id}_connectionName`]),
+            title: (_c = (_b = settings.title) !== null && _b !== void 0 ? _b : (process.env[`${this.id}_connectionTitle`])) !== null && _c !== void 0 ? _c : 'Sign-in',
+            text: (_e = (_d = settings.text) !== null && _d !== void 0 ? _d : (process.env[`${this.id}_connectionText`])) !== null && _e !== void 0 ? _e : 'Please sign-in to continue',
+            maxAttempts: (_f = settings.maxAttempts) !== null && _f !== void 0 ? _f : parseInt(process.env[`${this.id}_maxAttempts`]),
+            messages: {
+                invalidCode: (_h = (_g = settings.messages) === null || _g === void 0 ? void 0 : _g.invalidCode) !== null && _h !== void 0 ? _h : process.env[`${this.id}_messages_invalidCode`],
+                invalidCodeFormat: (_k = (_j = settings.messages) === null || _j === void 0 ? void 0 : _j.invalidCodeFormat) !== null && _k !== void 0 ? _k : process.env[`${this.id}_messages_invalidCodeFormat`],
+                maxAttemptsExceeded: (_m = (_l = settings.messages) === null || _l === void 0 ? void 0 : _l.maxAttemptsExceeded) !== null && _m !== void 0 ? _m : process.env[`${this.id}_messages_maxAttemptsExceeded`],
+            },
+            obo: {
+                connection: (_p = (_o = settings.obo) === null || _o === void 0 ? void 0 : _o.connection) !== null && _p !== void 0 ? _p : process.env[`${this.id}_obo_connection`],
+                scopes: (_r = (_q = settings.obo) === null || _q === void 0 ? void 0 : _q.scopes) !== null && _r !== void 0 ? _r : this.loadScopes(process.env[`${this.id}_obo_scopes`]),
+            },
+            enableSso: process.env[`${this.id}_enableSso`] !== 'false' // default value is true
+        };
+        if (!result.name) {
+            throw new Error(this.prefix(`The 'name' property or '${this.id}_connectionName' env variable is required to initialize the handler.`));
+        }
+        return result;
+    }
+    /**
+     * Maximum number of attempts for magic code entry.
+     */
+    get maxAttempts() {
+        const attempts = this._options.maxAttempts;
+        const result = typeof attempts === 'number' && Number.isFinite(attempts) ? Math.round(attempts) : NaN;
+        return result > 0 ? result : DEFAULT_SIGN_IN_ATTEMPTS;
+    }
+    /**
+     * Sets a handler to be called when a user successfully signs in.
+     * @param callback The callback function to be invoked on successful sign-in.
+     */
+    onSuccess(callback) {
+        this._onSuccess = callback;
+    }
+    /**
+     * Sets a handler to be called when a user fails to sign in.
+     * @param callback The callback function to be invoked on sign-in failure.
+     */
+    onFailure(callback) {
+        this._onFailure = callback;
+    }
+    /**
+     * Retrieves the token for the user, optionally using on-behalf-of flow for specified scopes.
+     * @param context The turn context.
+     * @param options Optional options for token acquisition, including connection and scopes for on-behalf-of flow.
+     * @returns The token response containing the token or undefined if not available.
+     */
+    async token(context, options) {
+        var _a;
+        let { token } = this.getContext(context);
+        if (!(token === null || token === void 0 ? void 0 : token.trim())) {
+            const { activity } = context;
+            const userTokenClient = await this.getUserTokenClient(context);
+            // Using getTokenOrSignInResource instead of getUserToken to avoid HTTP 404 errors.
+            const { tokenResponse } = await userTokenClient.getTokenOrSignInResource((_a = activity.from) === null || _a === void 0 ? void 0 : _a.id, this._options.name, activity.channelId, activity.getConversationReference(), activity.relatesTo, '');
+            token = tokenResponse === null || tokenResponse === void 0 ? void 0 : tokenResponse.token;
+        }
+        if (!(token === null || token === void 0 ? void 0 : token.trim())) {
+            return { token: undefined };
+        }
+        return await this.handleOBO(token, options);
+    }
+    /**
+     * Signs out the user from the service.
+     * @param context The turn context.
+     * @returns True if the signout was successful, false otherwise.
+     */
+    async signout(context) {
+        var _a;
+        const user = (_a = context.activity.from) === null || _a === void 0 ? void 0 : _a.id;
+        const channel = context.activity.channelId;
+        const connection = this._options.name;
+        if (!channel || !user) {
+            throw new Error(this.prefix('Both \'activity.channelId\' and \'activity.from.id\' are required to perform signout.'));
+        }
+        logger.debug(this.prefix(`Signing out User '${user}' from => Channel: '${channel}', Connection: '${connection}'`), context.activity);
+        const userTokenClient = await this.getUserTokenClient(context);
+        await userTokenClient.signOut(user, connection, channel);
+        return true;
+    }
+    /**
+     * Initiates the sign-in process for the handler.
+     * @param context The turn context.
+     * @param active Optional active handler data.
+     * @returns The status of the sign-in attempt.
+     */
+    async signin(context, active) {
+        var _a, _b, _c, _d, _e;
+        const { activity } = context;
+        const [category] = (_b = (_a = activity.name) === null || _a === void 0 ? void 0 : _a.split('/')) !== null && _b !== void 0 ? _b : [Category.UNKNOWN];
+        const storage = new handlerStorage_1.HandlerStorage(this.settings.storage, context);
+        if (!active) {
+            return this.setToken(storage, context);
+        }
+        logger.debug(this.prefix('Sign-in active session detected'), active.activity);
+        if (((_c = active.activity.conversation) === null || _c === void 0 ? void 0 : _c.id) !== ((_d = activity.conversation) === null || _d === void 0 ? void 0 : _d.id)) {
+            await this.sendInvokeResponse(context, { status: 400 });
+            logger.warn(this.prefix('Discarding the active session due to the conversation has changed during an active sign-in process'), activity);
+            return types_1.AuthorizationHandlerStatus.IGNORED;
+        }
+        if (active.attemptsLeft <= 0) {
+            logger.warn(this.prefix('Maximum sign-in attempts exceeded'), activity);
+            await context.sendActivity(messageFactory_1.MessageFactory.text(this.messages.maxAttemptsExceeded(this.maxAttempts)));
+            return types_1.AuthorizationHandlerStatus.REJECTED;
+        }
+        if (category === Category.SIGNIN) {
+            await storage.write({ ...active, category });
+            const status = await this.handleSignInActivities(context);
+            if (status !== types_1.AuthorizationHandlerStatus.IGNORED) {
+                return status;
+            }
+        }
+        else if (active.category === Category.SIGNIN) {
+            // This is only for safety in case of unexpected behaviors during the MS Teams sign-in process,
+            // e.g., user interrupts the flow by clicking the Consent Cancel button.
+            logger.warn(this.prefix('The incoming activity will be revalidated due to a change in the sign-in flow'), activity);
+            return types_1.AuthorizationHandlerStatus.REVALIDATE;
+        }
+        const { status, code } = await this.codeVerification(storage, context, active);
+        if (status !== types_1.AuthorizationHandlerStatus.APPROVED) {
+            return status;
+        }
+        try {
+            const result = await this.setToken(storage, context, active, code);
+            if (result !== types_1.AuthorizationHandlerStatus.APPROVED) {
+                await this.sendInvokeResponse(context, { status: 404 });
+                return result;
+            }
+            await this.sendInvokeResponse(context, { status: 200 });
+            await ((_e = this._onSuccess) === null || _e === void 0 ? void 0 : _e.call(this, context));
+            return result;
+        }
+        catch (error) {
+            await this.sendInvokeResponse(context, { status: 500 });
+            if (error instanceof Error) {
+                error.message = this.prefix(error.message);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Handles on-behalf-of token acquisition.
+     */
+    async handleOBO(token, options) {
+        var _a, _b, _c;
+        const oboConnection = (_a = options === null || options === void 0 ? void 0 : options.connection) !== null && _a !== void 0 ? _a : (_b = this._options.obo) === null || _b === void 0 ? void 0 : _b.connection;
+        const oboScopes = (options === null || options === void 0 ? void 0 : options.scopes) && options.scopes.length > 0 ? options.scopes : (_c = this._options.obo) === null || _c === void 0 ? void 0 : _c.scopes;
+        if (!oboScopes || oboScopes.length === 0) {
+            return { token };
+        }
+        if (!this.isExchangeable(token)) {
+            throw new Error(this.prefix('The current token is not exchangeable for an on-behalf-of flow. Ensure the token audience starts with \'api://\'.'));
+        }
+        try {
+            const provider = oboConnection ? this.settings.connections.getConnection(oboConnection) : this.settings.connections.getDefaultConnection();
+            const newToken = await provider.acquireTokenOnBehalfOf(oboScopes, token);
+            logger.debug(this.prefix('Successfully acquired on-behalf-of token'), { connection: oboConnection, scopes: oboScopes });
+            return { token: newToken };
+        }
+        catch (error) {
+            logger.error(this.prefix('Failed to exchange on-behalf-of token'), { connection: oboConnection, scopes: oboScopes }, error);
+            return { token: undefined };
+        }
+    }
+    /**
+     * Checks if a token is exchangeable for an on-behalf-of flow.
+     */
+    isExchangeable(token) {
+        if (!token || typeof token !== 'string') {
+            return false;
+        }
+        const payload = jsonwebtoken_1.default.decode(token);
+        const audiences = Array.isArray(payload.aud) ? payload.aud : [payload.aud];
+        return audiences.some(aud => typeof aud === 'string' && aud.startsWith('api://'));
+    }
+    /**
+     * Sets the token from the token response or initiates the sign-in flow.
+     */
+    async setToken(storage, context, active, code) {
+        var _a;
+        const { activity } = context;
+        const userTokenClient = await this.getUserTokenClient(context);
+        const { tokenResponse, signInResource } = await userTokenClient.getTokenOrSignInResource((_a = activity.from) === null || _a === void 0 ? void 0 : _a.id, this._options.name, activity.channelId, activity.getConversationReference(), activity.relatesTo, code !== null && code !== void 0 ? code : '');
+        if (!tokenResponse && active) {
+            logger.warn(this.prefix('Invalid code entered. Restarting sign-in flow'), activity);
+            await context.sendActivity(messageFactory_1.MessageFactory.text(this.messages.invalidCode(code !== null && code !== void 0 ? code : '')));
+            return types_1.AuthorizationHandlerStatus.REJECTED;
+        }
+        if (!tokenResponse) {
+            logger.debug(this.prefix('Cannot find token. Sending sign-in card'), activity);
+            const oCard = cards_1.CardFactory.oauthCard(this._options.name, this._options.title, this._options.text, signInResource, this._options.enableSso);
+            await context.sendActivity(messageFactory_1.MessageFactory.attachment(oCard));
+            await storage.write({ activity, id: this.id, ...(active !== null && active !== void 0 ? active : {}), attemptsLeft: this.maxAttempts });
+            return types_1.AuthorizationHandlerStatus.PENDING;
+        }
+        logger.debug(this.prefix('Successfully acquired token'), activity);
+        this.setContext(context, { token: tokenResponse.token });
+        return types_1.AuthorizationHandlerStatus.APPROVED;
+    }
+    /**
+     * Handles sign-in related activities.
+     */
+    async handleSignInActivities(context) {
+        var _a, _b, _c, _d;
+        const { activity } = context;
+        // Ignore signin/verifyState here (handled in codeVerification).
+        if (activity.name === 'signin/verifyState') {
+            return types_1.AuthorizationHandlerStatus.IGNORED;
+        }
+        const userTokenClient = await this.getUserTokenClient(context);
+        if (activity.name === 'signin/tokenExchange') {
+            const tokenExchangeInvokeRequest = activity.value;
+            const tokenExchangeRequest = { token: tokenExchangeInvokeRequest.token };
+            if (!(tokenExchangeRequest === null || tokenExchangeRequest === void 0 ? void 0 : tokenExchangeRequest.token)) {
+                const reason = 'The Agent received an InvokeActivity that is missing a TokenExchangeInvokeRequest value. This is required to be sent with the InvokeActivity.';
+                await this.sendInvokeResponse(context, {
+                    status: 400,
+                    body: { connectionName: this._options.name, failureDetail: reason }
+                });
+                logger.error(this.prefix(reason));
+                await ((_a = this._onFailure) === null || _a === void 0 ? void 0 : _a.call(this, context, reason));
+                return types_1.AuthorizationHandlerStatus.REJECTED;
+            }
+            if (tokenExchangeInvokeRequest.connectionName !== this._options.name) {
+                const reason = `The Agent received an InvokeActivity with a TokenExchangeInvokeRequest for a different connection name ('${tokenExchangeInvokeRequest.connectionName}') than expected ('${this._options.name}').`;
+                await this.sendInvokeResponse(context, {
+                    status: 400,
+                    body: { id: tokenExchangeInvokeRequest.id, connectionName: this._options.name, failureDetail: reason }
+                });
+                logger.error(this.prefix(reason));
+                await ((_b = this._onFailure) === null || _b === void 0 ? void 0 : _b.call(this, context, reason));
+                return types_1.AuthorizationHandlerStatus.REJECTED;
+            }
+            const { token } = await userTokenClient.exchangeTokenAsync((_c = activity.from) === null || _c === void 0 ? void 0 : _c.id, this._options.name, activity.channelId, tokenExchangeRequest);
+            if (!token) {
+                const reason = 'The MS Teams token service didn\'t send back the exchanged token. Waiting for MS Teams to send another signin/tokenExchange request. After multiple failed attempts, the user will be asked to enter the magic code.';
+                await this.sendInvokeResponse(context, {
+                    status: 412,
+                    body: { id: tokenExchangeInvokeRequest.id, connectionName: this._options.name, failureDetail: reason }
+                });
+                logger.debug(this.prefix(reason));
+                return types_1.AuthorizationHandlerStatus.PENDING;
+            }
+            await this.sendInvokeResponse(context, {
+                status: 200,
+                body: { id: tokenExchangeInvokeRequest.id, connectionName: this._options.name }
+            });
+            logger.debug(this.prefix('Successfully exchanged token'));
+            this.setContext(context, { token });
+            await ((_d = this._onSuccess) === null || _d === void 0 ? void 0 : _d.call(this, context));
+            return types_1.AuthorizationHandlerStatus.APPROVED;
+        }
+        if (activity.name === 'signin/failure') {
+            await this.sendInvokeResponse(context, { status: 200 });
+            const reason = 'Failed to sign-in';
+            const value = activity.value;
+            logger.error(this.prefix(reason), value, activity);
+            if (this._onFailure) {
+                await this._onFailure(context, value.message || reason);
+            }
+            else {
+                await context.sendActivity(messageFactory_1.MessageFactory.text(`${reason}. Please try again.`));
+            }
+            return types_1.AuthorizationHandlerStatus.REJECTED;
+        }
+        logger.error(this.prefix(`Unknown sign-in activity name: ${activity.name}`), activity);
+        return types_1.AuthorizationHandlerStatus.REJECTED;
+    }
+    /**
+     * Verifies the magic code provided by the user.
+     */
+    async codeVerification(storage, context, active) {
+        if (!active) {
+            logger.debug(this.prefix('No active session found. Skipping code verification.'), context.activity);
+            return { status: types_1.AuthorizationHandlerStatus.IGNORED };
+        }
+        const { activity } = context;
+        let state = activity.text;
+        if (activity.name === 'signin/verifyState') {
+            logger.debug(this.prefix('Getting code from activity.value'), activity);
+            const { state: teamsState } = activity.value;
+            state = teamsState;
+        }
+        if (state === 'CancelledByUser') {
+            await this.sendInvokeResponse(context, { status: 200 });
+            logger.warn(this.prefix('Sign-in process was cancelled by the user'), activity);
+            return { status: types_1.AuthorizationHandlerStatus.REJECTED };
+        }
+        if (!(state === null || state === void 0 ? void 0 : state.match(/^\d{6}$/))) {
+            logger.warn(this.prefix(`Invalid magic code entered. Attempts left: ${active.attemptsLeft}`), activity);
+            await context.sendActivity(messageFactory_1.MessageFactory.text(this.messages.invalidCodeFormat(active.attemptsLeft)));
+            await storage.write({ ...active, attemptsLeft: active.attemptsLeft - 1 });
+            return { status: types_1.AuthorizationHandlerStatus.PENDING };
+        }
+        await this.sendInvokeResponse(context, { status: 200 });
+        logger.debug(this.prefix('Code verification successful'), activity);
+        return { status: types_1.AuthorizationHandlerStatus.APPROVED, code: state };
+    }
+    /**
+     * Sets the authorization context in the turn state.
+     */
+    setContext(context, data) {
+        return context.turnState.set(this._key, () => data);
+    }
+    /**
+     * Gets the authorization context from the turn state.
+     */
+    getContext(context) {
+        var _a;
+        const result = context.turnState.get(this._key);
+        return (_a = result === null || result === void 0 ? void 0 : result()) !== null && _a !== void 0 ? _a : { token: undefined };
+    }
+    /**
+     * Gets the user token client from the turn context.
+     */
+    async getUserTokenClient(context) {
+        const userTokenClient = context.turnState.get(context.adapter.UserTokenClientKey);
+        if (!userTokenClient) {
+            throw new Error(this.prefix('The \'userTokenClient\' is not available in the adapter. Ensure that the adapter supports user token operations.'));
+        }
+        return userTokenClient;
+    }
+    /**
+     * Sends an InvokeResponse activity if the channel is Microsoft Teams.
+     */
+    sendInvokeResponse(context, response) {
+        if (context.activity.channelId !== agents_activity_1.Channels.Msteams) {
+            return Promise.resolve();
+        }
+        return context.sendActivity(agents_activity_1.Activity.fromObject({
+            type: agents_activity_1.ActivityTypes.InvokeResponse,
+            value: response
+        }));
+    }
+    /**
+     * Prefixes a message with the handler ID.
+     */
+    prefix(message) {
+        return `[handler:${this.id}] ${message}`;
+    }
+    /**
+     * Loads the OAuth scopes from the environment variables.
+     */
+    loadScopes(value) {
+        var _a;
+        return (_a = value === null || value === void 0 ? void 0 : value.split(',').reduce((acc, scope) => {
+            const trimmed = scope.trim();
+            if (trimmed) {
+                acc.push(trimmed);
+            }
+            return acc;
+        }, [])) !== null && _a !== void 0 ? _a : [];
+    }
+}
+exports.AzureBotAuthorization = AzureBotAuthorization;
+//# sourceMappingURL=azureBotAuthorization.js.map

package/dist/src/app/auth/handlers/azureBotAuthorization.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"azureBotAuthorization.js","sourceRoot":"","sources":["../../../../../src/app/auth/handlers/azureBotAuthorization.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;AAEH,8DAAyD;AACzD,oCAAuK;AACvK,4DAAwD;AACxD,0CAA4C;AAG5C,gEAA8C;AAC9C,sDAAkD;AAClD,gEAA8E;AAG9E,MAAM,MAAM,GAAG,IAAA,cAAK,EAAC,+BAA+B,CAAC,CAAA;AAErD,MAAM,wBAAwB,GAAG,CAAC,CAAA;AAElC,IAAK,QAGJ;AAHD,WAAK,QAAQ;IACX,6BAAiB,CAAA;IACjB,+BAAmB,CAAA;AACrB,CAAC,EAHI,QAAQ,KAAR,QAAQ,QAGZ;AAoID;;GAEG;AACH,MAAa,qBAAqB;IAKhC;;;;;OAKG;IACH,YAA6B,EAAU,EAAE,OAAqC,EAAU,QAAuC;QAAlG,OAAE,GAAF,EAAE,CAAQ;QAAiD,aAAQ,GAAR,QAAQ,CAA+B;QAqWvH,SAAI,GAAG,GAAG,qBAAqB,CAAC,IAAI,IAAI,IAAI,CAAC,EAAE,EAAE,CAAA;QAiDzD;;WAEG;QACK,aAAQ,GAAG;YACjB,WAAW,EAAE,CAAC,IAAY,EAAE,EAAE;;gBAC5B,MAAM,OAAO,GAAG,MAAA,MAAA,IAAI,CAAC,QAAQ,CAAC,QAAQ,0CAAE,WAAW,mCAAI,+EAA+E,CAAA;gBACtI,OAAO,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;YAC3C,CAAC;YACD,iBAAiB,EAAE,CAAC,YAAoB,EAAE,EAAE;;gBAC1C,MAAM,OAAO,GAAG,MAAA,MAAA,IAAI,CAAC,QAAQ,CAAC,QAAQ,0CAAE,iBAAiB,mCAAI,wGAAwG,CAAA;gBACrK,OAAO,OAAO,CAAC,UAAU,CAAC,gBAAgB,EAAE,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAA;YACtE,CAAC;YACD,mBAAmB,EAAE,CAAC,WAAmB,EAAE,EAAE;;gBAC3C,MAAM,OAAO,GAAG,MAAA,MAAA,IAAI,CAAC,QAAQ,CAAC,QAAQ,0CAAE,mBAAmB,mCAAI,wHAAwH,CAAA;gBACvL,OAAO,OAAO,CAAC,UAAU,CAAC,eAAe,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAA;YACpE,CAAC;SACF,CAAA;QAraC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,yGAAyG,CAAC,CAAC,CAAA;QACzI,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,6GAA6G,CAAC,CAAC,CAAA;QAC7I,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;IAC3C,CAAC;IAED;;OAEG;IACK,WAAW,CAAE,QAAsC;;QACzD,MAAM,MAAM,GAAiC;YAC3C,IAAI,EAAE,MAAA,QAAQ,CAAC,IAAI,mCAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,iBAAiB,CAAC,CAAC;YACjE,KAAK,EAAE,MAAA,MAAA,QAAQ,CAAC,KAAK,mCAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,kBAAkB,CAAC,CAAC,mCAAI,SAAS;YACjF,IAAI,EAAE,MAAA,MAAA,QAAQ,CAAC,IAAI,mCAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,iBAAiB,CAAC,CAAC,mCAAI,4BAA4B;YACjG,WAAW,EAAE,MAAA,QAAQ,CAAC,WAAW,mCAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,cAAc,CAAE,CAAC;YACrF,QAAQ,EAAE;gBACR,WAAW,EAAE,MAAA,MAAA,QAAQ,CAAC,QAAQ,0CAAE,WAAW,mCAAI,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,uBAAuB,CAAC;gBAC7F,iBAAiB,EAAE,MAAA,MAAA,QAAQ,CAAC,QAAQ,0CAAE,iBAAiB,mCAAI,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,6BAA6B,CAAC;gBAC/G,mBAAmB,EAAE,MAAA,MAAA,QAAQ,CAAC,QAAQ,0CAAE,mBAAmB,mCAAI,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,+BAA+B,CAAC;aACtH;YACD,GAAG,EAAE;gBACH,UAAU,EAAE,MAAA,MAAA,QAAQ,CAAC,GAAG,0CAAE,UAAU,mCAAI,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,iBAAiB,CAAC;gBAChF,MAAM,EAAE,MAAA,MAAA,QAAQ,CAAC,GAAG,0CAAE,MAAM,mCAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,aAAa,CAAC,CAAC;aACtF;YACD,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,YAAY,CAAC,KAAK,OAAO,CAAC,wBAAwB;SACpF,CAAA;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,2BAA2B,IAAI,CAAC,EAAE,sEAAsE,CAAC,CAAC,CAAA;QACxI,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;OAEG;IACH,IAAY,WAAW;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAA;QAC1C,MAAM,MAAM,GAAG,OAAO,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;QACrG,OAAO,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,wBAAwB,CAAA;IACvD,CAAC;IAED;;;OAGG;IACH,SAAS,CAAE,QAAwD;QACjE,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAA;IAC5B,CAAC;IAED;;;OAGG;IACH,SAAS,CAAE,QAAyE;QAClF,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAA;IAC5B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,KAAK,CAAE,OAAoB,EAAE,OAA0C;;QAC3E,IAAI,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QAExC,IAAI,CAAC,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,EAAE,CAAA,EAAE,CAAC;YACnB,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAA;YAE5B,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAA;YAC9D,mFAAmF;YACnF,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,eAAe,CAAC,wBAAwB,CAAC,MAAA,QAAQ,CAAC,IAAI,0CAAE,EAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAK,EAAE,QAAQ,CAAC,SAAU,EAAE,QAAQ,CAAC,wBAAwB,EAAE,EAAE,QAAQ,CAAC,SAAU,EAAE,EAAE,CAAC,CAAA;YACpM,KAAK,GAAG,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,KAAK,CAAA;QAC9B,CAAC;QAED,IAAI,CAAC,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,EAAE,CAAA,EAAE,CAAC;YACnB,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;QAC7B,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;IAC7C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CAAE,OAAoB;;QACjC,MAAM,IAAI,GAAG,MAAA,OAAO,CAAC,QAAQ,CAAC,IAAI,0CAAE,EAAE,CAAA;QACtC,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAA;QAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAK,CAAA;QAEtC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,uFAAuF,CAAC,CAAC,CAAA;QACvH,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,qBAAqB,IAAI,uBAAuB,OAAO,mBAAmB,UAAU,GAAG,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAA;QACpI,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAA;QAC9D,MAAM,eAAe,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;QACxD,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,MAAM,CAAE,OAAoB,EAAE,MAA8B;;QAChE,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAA;QAC5B,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAA,MAAA,QAAQ,CAAC,IAAI,0CAAE,KAAK,CAAC,GAAG,CAAC,mCAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;QAElE,MAAM,OAAO,GAAG,IAAI,+BAAc,CAAwB,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAEzF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QACxC,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,iCAAiC,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;QAE7E,IAAI,CAAA,MAAA,MAAM,CAAC,QAAQ,CAAC,YAAY,0CAAE,EAAE,OAAK,MAAA,QAAQ,CAAC,YAAY,0CAAE,EAAE,CAAA,EAAE,CAAC;YACnE,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;YACvD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,oGAAoG,CAAC,EAAE,QAAQ,CAAC,CAAA;YACxI,OAAO,kCAA0B,CAAC,OAAO,CAAA;QAC3C,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,mCAAmC,CAAC,EAAE,QAAQ,CAAC,CAAA;YACvE,MAAM,OAAO,CAAC,YAAY,CAAC,+BAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAA;YACpG,OAAO,kCAA0B,CAAC,QAAQ,CAAA;QAC5C,CAAC;QAED,IAAI,QAAQ,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;YACjC,MAAM,OAAO,CAAC,KAAK,CAAC,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAA;YAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAA;YACzD,IAAI,MAAM,KAAK,kCAA0B,CAAC,OAAO,EAAE,CAAC;gBAClD,OAAO,MAAM,CAAA;YACf,CAAC;QACH,CAAC;aAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC/C,+FAA+F;YAC/F,wEAAwE;YACxE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,+EAA+E,CAAC,EAAE,QAAQ,CAAC,CAAA;YACnH,OAAO,kCAA0B,CAAC,UAAU,CAAA;QAC9C,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAA;QAC9E,IAAI,MAAM,KAAK,kCAA0B,CAAC,QAAQ,EAAE,CAAC;YACnD,OAAO,MAAM,CAAA;QACf,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAA;YAClE,IAAI,MAAM,KAAK,kCAA0B,CAAC,QAAQ,EAAE,CAAC;gBACnD,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;gBACvD,OAAO,MAAM,CAAA;YACf,CAAC;YAED,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;YACvD,MAAM,CAAA,MAAA,IAAI,CAAC,UAAU,qDAAG,OAAO,CAAC,CAAA,CAAA;YAChC,OAAO,MAAM,CAAA;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;YACvD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;YAC5C,CAAC;YACD,MAAM,KAAK,CAAA;QACb,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,SAAS,CAAE,KAAY,EAAE,OAA0C;;QAC/E,MAAM,aAAa,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,UAAU,mCAAI,MAAA,IAAI,CAAC,QAAQ,CAAC,GAAG,0CAAE,UAAU,CAAA;QAC1E,MAAM,SAAS,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,KAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,MAAA,IAAI,CAAC,QAAQ,CAAC,GAAG,0CAAE,MAAM,CAAA;QAE3G,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzC,OAAO,EAAE,KAAK,EAAE,CAAA;QAClB,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,mHAAmH,CAAC,CAAC,CAAA;QACnJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,oBAAoB,EAAE,CAAA;YAC1I,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;YACxE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,0CAA0C,CAAC,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;YACvH,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAA;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,uCAAuC,CAAC,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,KAAK,CAAC,CAAA;YAC3H,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;QAC7B,CAAC;IACH,CAAC;IAED;;OAEG;IACK,cAAc,CAAE,KAAyB;QAC/C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,OAAO,KAAK,CAAA;QACd,CAAC;QACD,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,CAAe,CAAA;QAC/C,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC1E,OAAO,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAA;IACnF,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,QAAQ,CAAE,OAA8C,EAAE,OAAoB,EAAE,MAA8B,EAAE,IAAa;;QACzI,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAA;QAE5B,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAA;QAC9D,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,MAAM,eAAe,CAAC,wBAAwB,CAAC,MAAA,QAAQ,CAAC,IAAI,0CAAE,EAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAK,EAAE,QAAQ,CAAC,SAAU,EAAE,QAAQ,CAAC,wBAAwB,EAAE,EAAE,QAAQ,CAAC,SAAU,EAAE,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,EAAE,CAAC,CAAA;QAE5N,IAAI,CAAC,aAAa,IAAI,MAAM,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,+CAA+C,CAAC,EAAE,QAAQ,CAAC,CAAA;YACnF,MAAM,OAAO,CAAC,YAAY,CAAC,+BAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACtF,OAAO,kCAA0B,CAAC,QAAQ,CAAA;QAC5C,CAAC;QAED,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,yCAAyC,CAAC,EAAE,QAAQ,CAAC,CAAA;YAE9E,MAAM,KAAK,GAAG,mBAAW,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAK,EAAE,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;YAC5I,MAAM,OAAO,CAAC,YAAY,CAAC,+BAAc,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAA;YAC5D,MAAM,OAAO,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAA;YACjG,OAAO,kCAA0B,CAAC,OAAO,CAAA;QAC3C,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,6BAA6B,CAAC,EAAE,QAAQ,CAAC,CAAA;QAClE,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,aAAa,CAAC,KAAK,EAAE,CAAC,CAAA;QACxD,OAAO,kCAA0B,CAAC,QAAQ,CAAA;IAC5C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAE,OAAoB;;QACxD,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAA;QAE5B,gEAAgE;QAChE,IAAI,QAAQ,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;YAC3C,OAAO,kCAA0B,CAAC,OAAO,CAAA;QAC3C,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAA;QAE9D,IAAI,QAAQ,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;YAC7C,MAAM,0BAA0B,GAAG,QAAQ,CAAC,KAAmC,CAAA;YAC/E,MAAM,oBAAoB,GAAyB,EAAE,KAAK,EAAE,0BAA0B,CAAC,KAAK,EAAE,CAAA;YAE9F,IAAI,CAAC,CAAA,oBAAoB,aAApB,oBAAoB,uBAApB,oBAAoB,CAAE,KAAK,CAAA,EAAE,CAAC;gBACjC,MAAM,MAAM,GAAG,+IAA+I,CAAA;gBAC9J,MAAM,IAAI,CAAC,kBAAkB,CAA8B,OAAO,EAAE;oBAClE,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,EAAE,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAK,EAAE,aAAa,EAAE,MAAM,EAAE;iBACrE,CAAC,CAAA;gBACF,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA;gBACjC,MAAM,CAAA,MAAA,IAAI,CAAC,UAAU,qDAAG,OAAO,EAAE,MAAM,CAAC,CAAA,CAAA;gBACxC,OAAO,kCAA0B,CAAC,QAAQ,CAAA;YAC5C,CAAC;YAED,IAAI,0BAA0B,CAAC,cAAc,KAAK,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACrE,MAAM,MAAM,GAAG,4GAA4G,0BAA0B,CAAC,cAAc,sBAAsB,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAA;gBACjN,MAAM,IAAI,CAAC,kBAAkB,CAA8B,OAAO,EAAE;oBAClE,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,EAAE,EAAE,EAAE,0BAA0B,CAAC,EAAE,EAAE,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAK,EAAE,aAAa,EAAE,MAAM,EAAE;iBACxG,CAAC,CAAA;gBACF,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA;gBACjC,MAAM,CAAA,MAAA,IAAI,CAAC,UAAU,qDAAG,OAAO,EAAE,MAAM,CAAC,CAAA,CAAA;gBACxC,OAAO,kCAA0B,CAAC,QAAQ,CAAA;YAC5C,CAAC;YAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,eAAe,CAAC,kBAAkB,CAAC,MAAA,QAAQ,CAAC,IAAI,0CAAE,EAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAK,EAAE,QAAQ,CAAC,SAAU,EAAE,oBAAoB,CAAC,CAAA;YAC9I,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,MAAM,GAAG,sNAAsN,CAAA;gBACrO,MAAM,IAAI,CAAC,kBAAkB,CAA8B,OAAO,EAAE;oBAClE,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,EAAE,EAAE,EAAE,0BAA0B,CAAC,EAAE,EAAE,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAK,EAAE,aAAa,EAAE,MAAM,EAAE;iBACxG,CAAC,CAAA;gBACF,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA;gBACjC,OAAO,kCAA0B,CAAC,OAAO,CAAA;YAC3C,CAAC;YAED,MAAM,IAAI,CAAC,kBAAkB,CAA8B,OAAO,EAAE;gBAClE,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,EAAE,EAAE,0BAA0B,CAAC,EAAE,EAAE,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAK,EAAE;aACjF,CAAC,CAAA;YACF,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,CAAC,CAAA;YACzD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;YACnC,MAAM,CAAA,MAAA,IAAI,CAAC,UAAU,qDAAG,OAAO,CAAC,CAAA,CAAA;YAChC,OAAO,kCAA0B,CAAC,QAAQ,CAAA;QAC5C,CAAC;QAED,IAAI,QAAQ,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACvC,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;YACvD,MAAM,MAAM,GAAG,mBAAmB,CAAA;YAClC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAA2B,CAAA;YAClD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAA;YAClD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACpB,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,MAAM,CAAC,CAAA;YACzD,CAAC;iBAAM,CAAC;gBACN,MAAM,OAAO,CAAC,YAAY,CAAC,+BAAc,CAAC,IAAI,CAAC,GAAG,MAAM,qBAAqB,CAAC,CAAC,CAAA;YACjF,CAAC;YACD,OAAO,kCAA0B,CAAC,QAAQ,CAAA;QAC5C,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,kCAAkC,QAAQ,CAAC,IAAI,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAA;QACtF,OAAO,kCAA0B,CAAC,QAAQ,CAAA;IAC5C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAAE,OAA8C,EAAE,OAAoB,EAAE,MAA8B;QAClI,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,sDAAsD,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAA;YACnG,OAAO,EAAE,MAAM,EAAE,kCAA0B,CAAC,OAAO,EAAE,CAAA;QACvD,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAA;QAC5B,IAAI,KAAK,GAAuB,QAAQ,CAAC,IAAI,CAAA;QAE7C,IAAI,QAAQ,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;YAC3C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,kCAAkC,CAAC,EAAE,QAAQ,CAAC,CAAA;YACvE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC,KAAyB,CAAA;YAChE,KAAK,GAAG,UAAU,CAAA;QACpB,CAAC;QAED,IAAI,KAAK,KAAK,iBAAiB,EAAE,CAAC;YAChC,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;YACvD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,2CAA2C,CAAC,EAAE,QAAQ,CAAC,CAAA;YAC/E,OAAO,EAAE,MAAM,EAAE,kCAA0B,CAAC,QAAQ,EAAE,CAAA;QACxD,CAAC;QAED,IAAI,CAAC,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CAAC,SAAS,CAAC,CAAA,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,8CAA8C,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAA;YACvG,MAAM,OAAO,CAAC,YAAY,CAAC,+BAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;YACrG,MAAM,OAAO,CAAC,KAAK,CAAC,EAAE,GAAG,MAAM,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC,CAAA;YACzE,OAAO,EAAE,MAAM,EAAE,kCAA0B,CAAC,OAAO,EAAE,CAAA;QACvD,CAAC;QAED,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QACvD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,8BAA8B,CAAC,EAAE,QAAQ,CAAC,CAAA;QACnE,OAAO,EAAE,MAAM,EAAE,kCAA0B,CAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAA;IACrE,CAAC;IAID;;OAEG;IACK,UAAU,CAAE,OAAoB,EAAE,IAAmB;QAC3D,OAAO,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;IACrD,CAAC;IAED;;OAEG;IACK,UAAU,CAAE,OAAoB;;QACtC,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/C,OAAO,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,EAAI,mCAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;IAC3C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAAE,OAAoB;QACpD,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,CAAkB,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAA;QAClG,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,kHAAkH,CAAC,CAAC,CAAA;QAClJ,CAAC;QACD,OAAO,eAAe,CAAA;IACxB,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAK,OAAoB,EAAE,QAA2B;QAC9E,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,KAAK,0BAAQ,CAAC,OAAO,EAAE,CAAC;YACpD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAA;QAC1B,CAAC;QAED,OAAO,OAAO,CAAC,YAAY,CAAC,0BAAQ,CAAC,UAAU,CAAC;YAC9C,IAAI,EAAE,+BAAa,CAAC,cAAc;YAClC,KAAK,EAAE,QAAQ;SAChB,CAAC,CAAC,CAAA;IACL,CAAC;IAED;;OAEG;IACK,MAAM,CAAE,OAAe;QAC7B,OAAO,YAAY,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAA;IAC1C,CAAC;IAoBD;;OAEG;IACK,UAAU,CAAE,KAAwB;;QAC1C,OAAO,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CAAC,GAAG,EAAE,MAAM,CAAW,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;YACvD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAA;YAC5B,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YACnB,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC,EAAE,EAAE,CAAC,mCAAI,EAAE,CAAA;IACd,CAAC;CACF;AA/bD,sDA+bC"}

package/dist/src/app/auth/handlers/index.d.ts

@@ -0,0 +1,2 @@
+export * from './azureBotAuthorization';
+export * from './agenticAuthorization';

package/dist/src/app/auth/handlers/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./azureBotAuthorization"), exports);
+__exportStar(require("./agenticAuthorization"), exports);
+//# sourceMappingURL=index.js.map

package/dist/src/app/auth/handlers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/app/auth/handlers/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0DAAuC;AACvC,yDAAsC"}

package/dist/src/app/auth/index.d.ts

@@ -0,0 +1,2 @@
+export * from './authorization';
+export * from './authorizationManager';

package/dist/src/app/auth/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./authorization"), exports);
+__exportStar(require("./authorizationManager"), exports);
+//# sourceMappingURL=index.js.map

package/dist/src/app/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/app/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kDAA+B;AAC/B,yDAAsC"}

package/dist/src/app/auth/types.d.ts

@@ -0,0 +1,104 @@
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+import { Activity } from '@microsoft/agents-activity';
+import { Storage, StoreItem } from '../../storage';
+import { TurnContext } from '../../turnContext';
+import { AgenticAuthorizationOptions, AzureBotAuthorizationOptions } from './handlers';
+import { TokenResponse } from '../../oauth';
+import { Connections } from '../../auth/connections';
+/**
+ * Authorization configuration options.
+ */
+export type AuthorizationOptions = Record<string, AzureBotAuthorizationOptions | AgenticAuthorizationOptions>;
+/**
+ * Represents the status of a handler registration attempt.
+ */
+export declare enum AuthorizationHandlerStatus {
+    /** The handler has approved the request - validation passed */
+    APPROVED = "approved",
+    /** The handler registration is pending further action */
+    PENDING = "pending",
+    /** The handler has rejected the request - validation failed */
+    REJECTED = "rejected",
+    /** The handler has ignored the request - no action taken */
+    IGNORED = "ignored",
+    /** The handler requires revalidation */
+    REVALIDATE = "revalidate"
+}
+/**
+ * Active handler manager information.
+ */
+export interface ActiveAuthorizationHandler extends StoreItem {
+    /**
+     * Unique identifier for the handler.
+     */
+    readonly id: string;
+    /**
+     * The current activity associated with the handler.
+     */
+    activity: Activity;
+}
+export interface AuthorizationHandler {
+    /**
+     * Unique identifier for the handler.
+     */
+    readonly id: string;
+    /**
+     * Initiates the sign-in process for the handler.
+     * @param context The turn context.
+     * @param active Optional active handler data.
+     * @returns The status of the sign-in attempt.
+     */
+    signin(context: TurnContext, active?: ActiveAuthorizationHandler): Promise<AuthorizationHandlerStatus>;
+    /**
+     * Initiates the sign-out process for the handler.
+     * @param context The turn context.
+     * @returns A promise that resolves to a boolean indicating the success of the sign-out attempt.
+     */
+    signout(context: TurnContext): Promise<boolean>;
+    /**
+     * Retrieves an access token for the specified scopes.
+     * @param context The turn context.
+     * @param options Optional token request options.
+     * @returns The access token response.
+     */
+    token(context: TurnContext, options?: AuthorizationHandlerTokenOptions): Promise<TokenResponse>;
+    /**
+     * Registers a callback to be invoked when the sign-in process is successful.
+     * @param callback The callback to invoke on success.
+     */
+    onSuccess(callback: (context: TurnContext) => Promise<void> | void): void;
+    /**
+     * Registers a callback to be invoked when the sign-in process fails.
+     * @param callback The callback to invoke on failure.
+     */
+    onFailure(callback: (context: TurnContext, reason?: string) => Promise<void> | void): void;
+}
+/**
+ * Common settings required by authorization handlers.
+ */
+export interface AuthorizationHandlerSettings {
+    /**
+     * Storage instance for persisting handler state.
+     */
+    storage: Storage;
+    /**
+     * Connections instance for managing authentication connections.
+     */
+    connections: Connections;
+}
+/**
+ * Options for token requests in authorization handlers.
+ */
+export interface AuthorizationHandlerTokenOptions {
+    /**
+     * Optional name of the connection to use for the token request. Usually used for OBO flows.
+     */
+    connection?: string;
+    /**
+     * Optional scopes to request in the token. Usually used for OBO flows.
+     */
+    scopes?: string[];
+}

package/dist/src/app/auth/types.js

@@ -0,0 +1,24 @@
+"use strict";
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationHandlerStatus = void 0;
+/**
+ * Represents the status of a handler registration attempt.
+ */
+var AuthorizationHandlerStatus;
+(function (AuthorizationHandlerStatus) {
+    /** The handler has approved the request - validation passed */
+    AuthorizationHandlerStatus["APPROVED"] = "approved";
+    /** The handler registration is pending further action */
+    AuthorizationHandlerStatus["PENDING"] = "pending";
+    /** The handler has rejected the request - validation failed */
+    AuthorizationHandlerStatus["REJECTED"] = "rejected";
+    /** The handler has ignored the request - no action taken */
+    AuthorizationHandlerStatus["IGNORED"] = "ignored";
+    /** The handler requires revalidation */
+    AuthorizationHandlerStatus["REVALIDATE"] = "revalidate";
+})(AuthorizationHandlerStatus || (exports.AuthorizationHandlerStatus = AuthorizationHandlerStatus = {}));
+//# sourceMappingURL=types.js.map

package/dist/src/app/auth/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/app/auth/types.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAcH;;GAEG;AACH,IAAY,0BAWX;AAXD,WAAY,0BAA0B;IACpC,+DAA+D;IAC/D,mDAAqB,CAAA;IACrB,yDAAyD;IACzD,iDAAmB,CAAA;IACnB,+DAA+D;IAC/D,mDAAqB,CAAA;IACrB,4DAA4D;IAC5D,iDAAmB,CAAA;IACnB,wCAAwC;IACxC,uDAAyB,CAAA;AAC3B,CAAC,EAXW,0BAA0B,0CAA1B,0BAA0B,QAWrC"}