@nauth-toolkit/core 0.1.0

package/dist/services/adaptive-mfa-decision.service.js

@@ -0,0 +1,223 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AdaptiveMFADecisionService = void 0;
+const auth_audit_event_type_enum_1 = require("../enums/auth-audit-event-type.enum");
+const risk_factor_enum_1 = require("../enums/risk-factor.enum");
+class AdaptiveMFADecisionService {
+    riskDetectionService;
+    riskScoringService;
+    storageAdapter;
+    clientInfoService;
+    config;
+    logger;
+    auditService;
+    defaultRiskLevels = {
+        low: {
+            maxScore: 20,
+            action: 'allow',
+            notifyUser: false,
+        },
+        medium: {
+            maxScore: 50,
+            action: 'require_mfa',
+            notifyUser: true,
+        },
+        high: {
+            maxScore: 100,
+            action: 'require_mfa',
+            notifyUser: true,
+        },
+    };
+    constructor(riskDetectionService, riskScoringService, storageAdapter, clientInfoService, config, logger, auditService) {
+        this.riskDetectionService = riskDetectionService;
+        this.riskScoringService = riskScoringService;
+        this.storageAdapter = storageAdapter;
+        this.clientInfoService = clientInfoService;
+        this.config = config;
+        this.logger = logger;
+        this.auditService = auditService;
+    }
+    async evaluateAdaptiveMFA(user, authMethod) {
+        if (!user.email) {
+            this.logger?.error?.(`User ${user.sub} missing email - cannot evaluate adaptive MFA`, {
+                userId: user.id,
+                userSub: user.sub,
+            });
+            throw new Error(`User email is required for adaptive MFA evaluation`);
+        }
+        const clientInfo = this.clientInfoService.get();
+        const riskFactors = await this.riskDetectionService.detectRiskFactors(user, clientInfo);
+        const riskScore = this.riskScoringService.calculateRiskScore(riskFactors);
+        const riskLevels = this.config.mfa?.adaptive?.riskLevels || this.defaultRiskLevels;
+        const { level, action, notifyUser } = this.determineRiskLevelAndAction(riskScore, riskLevels);
+        this.logger?.log?.(`Adaptive MFA evaluation: user=${user.sub}, score=${riskScore}, level=${level}, action=${action}, notify=${notifyUser}, factors=[${riskFactors.join(', ')}]`);
+        const payload = {
+            user: {
+                sub: user.sub,
+                email: user.email,
+                username: user.username || undefined,
+                phoneNumber: user.phone || undefined,
+            },
+            riskScore,
+            riskLevel: level,
+            riskFactors,
+            action,
+            clientInfo: {
+                ipAddress: clientInfo.ipAddress,
+                ipCountry: clientInfo.ipCountry,
+                ipCity: clientInfo.ipCity,
+                deviceId: clientInfo.deviceToken,
+                deviceName: clientInfo.deviceName,
+                deviceType: clientInfo.deviceType,
+                userAgent: clientInfo.userAgent,
+                platform: clientInfo.platform,
+                browser: clientInfo.browser,
+            },
+            authMethod,
+            timestamp: new Date(),
+        };
+        let hookOverride = false;
+        if (notifyUser && this.config.hooks?.onAdaptiveMFATriggered) {
+            try {
+                const result = await this.config.hooks.onAdaptiveMFATriggered(payload);
+                if (result === false) {
+                    hookOverride = true;
+                    this.logger?.warn?.(`Adaptive MFA action overridden by hook: user=${user.sub}`);
+                }
+            }
+            catch (error) {
+                const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                this.logger?.error?.(`Adaptive MFA hook failed: ${errorMessage}`, { error, userId: user.sub });
+            }
+        }
+        const hasSuspiciousFactors = riskFactors.includes(risk_factor_enum_1.RiskFactor.SUSPICIOUS_ACTIVITY) ||
+            riskFactors.includes(risk_factor_enum_1.RiskFactor.IMPOSSIBLE_TRAVEL) ||
+            level === 'high';
+        const eventStatus = action === 'block_signin'
+            ? 'SUSPICIOUS'
+            : action === 'require_mfa' && hasSuspiciousFactors
+                ? 'SUSPICIOUS'
+                : 'INFO';
+        this.auditService
+            ?.recordEvent({
+            userId: user.id,
+            eventType: auth_audit_event_type_enum_1.AuthAuditEventType.ADAPTIVE_MFA_RISK_ASSESSED,
+            eventStatus,
+            riskFactor: riskScore,
+            riskFactors,
+            adaptiveMfaTriggered: action !== 'allow',
+            description: `Adaptive MFA risk assessment: ${action} (score: ${riskScore}, level: ${level})`,
+            authMethod,
+            metadata: {
+                riskScore,
+                riskLevel: level,
+                action,
+                riskFactors,
+            },
+        })
+            .catch((err) => {
+            this.logger?.warn?.(`Failed to record ADAPTIVE_MFA_RISK_ASSESSED audit: ${err.message}`);
+        });
+        return {
+            action: hookOverride ? 'allow' : action,
+            riskScore,
+            riskLevel: level,
+            riskFactors,
+            notifyUser,
+            hookOverride,
+            payload: action === 'block_signin' || notifyUser ? payload : undefined,
+        };
+    }
+    determineRiskLevelAndAction(riskScore, riskLevels) {
+        if (riskScore <= (riskLevels.low?.maxScore ?? 20)) {
+            return {
+                level: 'low',
+                action: riskLevels.low?.action ?? 'allow',
+                notifyUser: riskLevels.low?.notifyUser ?? false,
+            };
+        }
+        if (riskScore <= (riskLevels.medium?.maxScore ?? 50)) {
+            return {
+                level: 'medium',
+                action: riskLevels.medium?.action ?? 'require_mfa',
+                notifyUser: riskLevels.medium?.notifyUser ?? true,
+            };
+        }
+        return {
+            level: 'high',
+            action: riskLevels.high?.action ?? 'require_mfa',
+            notifyUser: riskLevels.high?.notifyUser ?? true,
+        };
+    }
+    async isUserBlocked(userId) {
+        try {
+            const blockKey = `adaptive_mfa_block:${userId}`;
+            const blockData = await this.storageAdapter.get(blockKey);
+            if (!blockData) {
+                return { blocked: false };
+            }
+            const parsed = JSON.parse(blockData);
+            const expiresAt = parsed.expiresAt ? new Date(parsed.expiresAt) : undefined;
+            if (expiresAt && expiresAt < new Date()) {
+                await this.storageAdapter.del(blockKey);
+                return { blocked: false };
+            }
+            return {
+                blocked: true,
+                expiresAt,
+                message: parsed.message,
+            };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            this.logger?.warn?.(`Failed to check user block status: ${errorMessage}`, { error, userId });
+            return { blocked: false };
+        }
+    }
+    async blockUserSignIn(user, payload) {
+        const blockConfig = this.config.mfa?.adaptive?.blockedSignIn;
+        const blockDuration = blockConfig?.blockDuration;
+        const message = blockConfig?.message || 'Sign-in blocked due to suspicious activity. Please contact support.';
+        const blockKey = `adaptive_mfa_block:${user.id}`;
+        const blockData = {
+            userId: user.id,
+            userSub: user.sub,
+            message,
+            riskScore: payload.riskScore,
+            riskFactors: payload.riskFactors,
+            blockedAt: new Date().toISOString(),
+            expiresAt: blockDuration ? new Date(Date.now() + blockDuration * 60 * 1000).toISOString() : undefined,
+        };
+        const ttl = blockDuration ? blockDuration * 60 : undefined;
+        await this.storageAdapter.set(blockKey, JSON.stringify(blockData), ttl);
+        this.logger?.warn?.(`User sign-in blocked: user=${user.sub}, score=${payload.riskScore}, duration=${blockDuration ? `${blockDuration}min` : 'permanent'}`);
+        if (this.config.hooks?.onSignInBlocked) {
+            const blockedPayload = {
+                ...payload,
+                blockDuration,
+                blockExpiresAt: blockDuration ? new Date(Date.now() + blockDuration * 60 * 1000) : undefined,
+                message,
+            };
+            try {
+                await this.config.hooks.onSignInBlocked(blockedPayload);
+            }
+            catch (error) {
+                const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                this.logger?.error?.(`Sign-in blocked hook failed: ${errorMessage}`, { error, userId: user.sub });
+            }
+        }
+    }
+    async clearUserBlock(userId) {
+        try {
+            const blockKey = `adaptive_mfa_block:${userId}`;
+            await this.storageAdapter.del(blockKey);
+            this.logger?.log?.(`User block cleared: userId=${userId}`);
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            this.logger?.warn?.(`Failed to clear user block: ${errorMessage}`, { error, userId });
+        }
+    }
+}
+exports.AdaptiveMFADecisionService = AdaptiveMFADecisionService;
+//# sourceMappingURL=adaptive-mfa-decision.service.js.map

package/dist/services/adaptive-mfa-decision.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"adaptive-mfa-decision.service.js","sourceRoot":"","sources":["../../src/services/adaptive-mfa-decision.service.ts"],"names":[],"mappings":";;;AAGA,oFAAyE;AACzE,gEAAuD;AAkFvD,MAAa,0BAA0B;IAgClB;IACA;IACA;IACA;IACA;IACA;IACA;IA7BF,iBAAiB,GAI9B;QACF,GAAG,EAAE;YACH,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,OAAO;YACf,UAAU,EAAE,KAAK;SAClB;QACD,MAAM,EAAE;YACN,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,aAAa;YACrB,UAAU,EAAE,IAAI;SACjB;QACD,IAAI,EAAE;YACJ,QAAQ,EAAE,GAAG;YACb,MAAM,EAAE,aAAa;YACrB,UAAU,EAAE,IAAI;SACjB;KACF,CAAC;IAEF,YACmB,oBAA0C,EAC1C,kBAAsC,EACtC,cAA8B,EAC9B,iBAAoC,EACpC,MAAmB,EACnB,MAAmB,EACnB,YAA+B;QAN/B,yBAAoB,GAApB,oBAAoB,CAAsB;QAC1C,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,mBAAc,GAAd,cAAc,CAAgB;QAC9B,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAa;QACnB,iBAAY,GAAZ,YAAY,CAAmB;IAC/C,CAAC;IAoBJ,KAAK,CAAC,mBAAmB,CAAC,IAAW,EAAE,UAAkB;QAEvD,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,QAAQ,IAAI,CAAC,GAAG,+CAA+C,EAAE;gBACpF,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,OAAO,EAAE,IAAI,CAAC,GAAG;aAClB,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;QAGD,MAAM,UAAU,GAAe,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC;QAG5D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAGxF,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAG1E,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,UAAU,IAAI,IAAI,CAAC,iBAAiB,CAAC;QACnF,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,2BAA2B,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAE9F,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAChB,iCAAiC,IAAI,CAAC,GAAG,WAAW,SAAS,WAAW,KAAK,YAAY,MAAM,YAAY,UAAU,cAAc,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC7J,CAAC;QAIF,MAAM,OAAO,GAAgC;YAC3C,IAAI,EAAE;gBACJ,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,SAAS;gBACpC,WAAW,EAAE,IAAI,CAAC,KAAK,IAAI,SAAS;aACrC;YACD,SAAS;YACT,SAAS,EAAE,KAAK;YAChB,WAAW;YACX,MAAM;YACN,UAAU,EAAE;gBACV,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,QAAQ,EAAE,UAAU,CAAC,WAAW;gBAChC,UAAU,EAAE,UAAU,CAAC,UAAU;gBACjC,UAAU,EAAE,UAAU,CAAC,UAAU;gBACjC,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,QAAQ,EAAE,UAAU,CAAC,QAAQ;gBAC7B,OAAO,EAAE,UAAU,CAAC,OAAO;aAC5B;YACD,UAAU;YACV,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;QAGF,IAAI,YAAY,GAAG,KAAK,CAAC;QACzB,IAAI,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,sBAAsB,EAAE,CAAC;YAC5D,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;gBAEvE,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;oBACrB,YAAY,GAAG,IAAI,CAAC;oBACpB,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,gDAAgD,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBAClF,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAEf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,6BAA6B,YAAY,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACjG,CAAC;QACH,CAAC;QASD,MAAM,oBAAoB,GACxB,WAAW,CAAC,QAAQ,CAAC,6BAAU,CAAC,mBAAmB,CAAC;YACpD,WAAW,CAAC,QAAQ,CAAC,6BAAU,CAAC,iBAAiB,CAAC;YAClD,KAAK,KAAK,MAAM,CAAC;QACnB,MAAM,WAAW,GACf,MAAM,KAAK,cAAc;YACvB,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,MAAM,KAAK,aAAa,IAAI,oBAAoB;gBAChD,CAAC,CAAC,YAAY;gBACd,CAAC,CAAC,MAAM,CAAC;QAEf,IAAI,CAAC,YAAY;YACf,EAAE,WAAW,CAAC;YACZ,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,SAAS,EAAE,+CAAkB,CAAC,0BAA0B;YACxD,WAAW;YACX,UAAU,EAAE,SAAS;YACrB,WAAW;YACX,oBAAoB,EAAE,MAAM,KAAK,OAAO;YACxC,WAAW,EAAE,iCAAiC,MAAM,YAAY,SAAS,YAAY,KAAK,GAAG;YAC7F,UAAU;YACV,QAAQ,EAAE;gBACR,SAAS;gBACT,SAAS,EAAE,KAAK;gBAChB,MAAM;gBACN,WAAW;aACZ;SAEF,CAAC;aACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,sDAAsD,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3F,CAAC,CAAC,CAAC;QAEL,OAAO;YACL,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;YACvC,SAAS;YACT,SAAS,EAAE,KAAK;YAChB,WAAW;YACX,UAAU;YACV,YAAY;YAGZ,OAAO,EAAE,MAAM,KAAK,cAAc,IAAI,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;SACvE,CAAC;IACJ,CAAC;IAaO,2BAA2B,CACjC,SAAiB,EACjB,UAIC;QAOD,IAAI,SAAS,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,IAAI,EAAE,CAAC,EAAE,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,UAAU,CAAC,GAAG,EAAE,MAAM,IAAI,OAAO;gBACzC,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE,UAAU,IAAI,KAAK;aAChD,CAAC;QACJ,CAAC;QAED,IAAI,SAAS,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,QAAQ,IAAI,EAAE,CAAC,EAAE,CAAC;YACrD,OAAO;gBACL,KAAK,EAAE,QAAQ;gBACf,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,MAAM,IAAI,aAAa;gBAClD,UAAU,EAAE,UAAU,CAAC,MAAM,EAAE,UAAU,IAAI,IAAI;aAClD,CAAC;QACJ,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM;YACb,MAAM,EAAE,UAAU,CAAC,IAAI,EAAE,MAAM,IAAI,aAAa;YAChD,UAAU,EAAE,UAAU,CAAC,IAAI,EAAE,UAAU,IAAI,IAAI;SAChD,CAAC;IACJ,CAAC;IAmBD,KAAK,CAAC,aAAa,CAAC,MAAc;QAKhC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,sBAAsB,MAAM,EAAE,CAAC;YAChD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAE1D,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;YAC5B,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACrC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAG5E,IAAI,SAAS,IAAI,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAExC,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACxC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;YAC5B,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,SAAS;gBACT,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,sCAAsC,YAAY,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7F,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAqBD,KAAK,CAAC,eAAe,CAAC,IAAW,EAAE,OAAoC;QACrE,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,aAAa,CAAC;QAC7D,MAAM,aAAa,GAAG,WAAW,EAAE,aAAa,CAAC;QACjD,MAAM,OAAO,GAAG,WAAW,EAAE,OAAO,IAAI,qEAAqE,CAAC;QAG9G,MAAM,QAAQ,GAAG,sBAAsB,IAAI,CAAC,EAAE,EAAE,CAAC;QACjD,MAAM,SAAS,GAAG;YAChB,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,OAAO,EAAE,IAAI,CAAC,GAAG;YACjB,OAAO;YACP,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;SACtG,CAAC;QAEF,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3D,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,GAAG,CAAC,CAAC;QAExE,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CACjB,8BAA8B,IAAI,CAAC,GAAG,WAAW,OAAO,CAAC,SAAS,cAAc,aAAa,CAAC,CAAC,CAAC,GAAG,aAAa,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CACtI,CAAC;QAGF,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,eAAe,EAAE,CAAC;YACvC,MAAM,cAAc,GAAyB;gBAC3C,GAAG,OAAO;gBACV,aAAa;gBACb,cAAc,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC5F,OAAO;aACR,CAAC;YAEF,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAEf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gCAAgC,YAAY,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACpG,CAAC;QACH,CAAC;IACH,CAAC;IAeD,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,sBAAsB,MAAM,EAAE,CAAC;YAChD,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,8BAA8B,MAAM,EAAE,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,+BAA+B,YAAY,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;CACF;AAlXD,gEAkXC"}

package/dist/services/auth-audit.service.d.ts

@@ -0,0 +1,44 @@
+import { Repository } from 'typeorm';
+import { BaseAuthAudit, BaseUser } from '../entities';
+import { IAuthAudit } from '../interfaces/entities.interface';
+import { AuthAuditEventType } from '../enums/auth-audit-event-type.enum';
+import { AuthAuditEventStatus } from '../entities/auth-audit.entity';
+import { NAuthLogger } from '../utils/nauth-logger';
+import { ClientInfoService } from './client-info.service';
+import { RiskFactor } from '../enums/risk-factor.enum';
+import { GetUserAuthHistoryDTO, GetUserAuthHistoryResponseDTO } from '../dto/get-user-auth-history.dto';
+import { GetEventsByTypeDTO, GetEventsByTypeResponseDTO } from '../dto/get-events-by-type.dto';
+import { GetSuspiciousActivityDTO, GetSuspiciousActivityResponseDTO } from '../dto/get-suspicious-activity.dto';
+import { GetRiskAssessmentHistoryDTO, GetRiskAssessmentHistoryResponseDTO } from '../dto/get-risk-assessment-history.dto';
+export interface CreateAuthAuditEventDTO {
+    userId?: number;
+    userSub?: string;
+    eventType: AuthAuditEventType;
+    eventStatus: AuthAuditEventStatus;
+    riskFactor?: number | null;
+    riskFactors?: RiskFactor[] | null;
+    adaptiveMfaTriggered?: boolean | null;
+    deviceId?: string | null;
+    sessionId?: number | null;
+    challengeSessionId?: number | null;
+    authMethod?: string | null;
+    performedBy?: string | null;
+    reason?: string | null;
+    description?: string | null;
+    metadata?: Record<string, unknown> | null;
+}
+export declare class AuthAuditService {
+    protected readonly auditRepository: Repository<BaseAuthAudit>;
+    protected readonly userRepository: Repository<BaseUser>;
+    protected readonly logger: NAuthLogger;
+    protected readonly clientInfoService?: ClientInfoService | undefined;
+    constructor(auditRepository: Repository<BaseAuthAudit>, userRepository: Repository<BaseUser>, logger: NAuthLogger, clientInfoService?: ClientInfoService | undefined);
+    getUserAuthHistory(request: GetUserAuthHistoryDTO): Promise<GetUserAuthHistoryResponseDTO>;
+    getEventsByType(request: GetEventsByTypeDTO): Promise<GetEventsByTypeResponseDTO>;
+    getSuspiciousActivity(request: GetSuspiciousActivityDTO): Promise<GetSuspiciousActivityResponseDTO>;
+    getRiskAssessmentHistory(request: GetRiskAssessmentHistoryDTO): Promise<GetRiskAssessmentHistoryResponseDTO>;
+}
+export declare class InternalAuthAuditService extends AuthAuditService {
+    recordEvent(data: CreateAuthAuditEventDTO): Promise<IAuthAudit | null>;
+}
+//# sourceMappingURL=auth-audit.service.d.ts.map

package/dist/services/auth-audit.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-audit.service.d.ts","sourceRoot":"","sources":["../../src/services/auth-audit.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,UAAU,EAAS,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAGpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AACxG,OAAO,EAAE,kBAAkB,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC;AAC/F,OAAO,EAAE,wBAAwB,EAAE,gCAAgC,EAAE,MAAM,oCAAoC,CAAC;AAChH,OAAO,EACL,2BAA2B,EAC3B,mCAAmC,EACpC,MAAM,wCAAwC,CAAC;AAShD,MAAM,WAAW,uBAAuB;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,kBAAkB,CAAC;IAC9B,WAAW,EAAE,oBAAoB,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;IAClC,oBAAoB,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IAItC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC3C;AAiCD,qBAAa,gBAAgB;IAEzB,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,UAAU,CAAC,aAAa,CAAC;IAC7D,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC;IACvD,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW;IACtC,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB;gBAHrC,eAAe,EAAE,UAAU,CAAC,aAAa,CAAC,EAC1C,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,MAAM,EAAE,WAAW,EACnB,iBAAiB,CAAC,EAAE,iBAAiB,YAAA;IA4BpD,kBAAkB,CAAC,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,6BAA6B,CAAC;IAmE1F,eAAe,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAmDjF,qBAAqB,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,gCAAgC,CAAC;IA+CnG,wBAAwB,CAAC,OAAO,EAAE,2BAA2B,GAAG,OAAO,CAAC,mCAAmC,CAAC;CA6BnH;AAiCD,qBAAa,wBAAyB,SAAQ,gBAAgB;IAyDtD,WAAW,CAAC,IAAI,EAAE,uBAAuB,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;CAmK7E"}

package/dist/services/auth-audit.service.js

@@ -0,0 +1,241 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InternalAuthAuditService = exports.AuthAuditService = void 0;
+const auth_audit_event_type_enum_1 = require("../enums/auth-audit-event-type.enum");
+const nauth_exception_1 = require("../exceptions/nauth.exception");
+const error_codes_enum_1 = require("../enums/error-codes.enum");
+const get_user_auth_history_dto_1 = require("../dto/get-user-auth-history.dto");
+const get_events_by_type_dto_1 = require("../dto/get-events-by-type.dto");
+const get_suspicious_activity_dto_1 = require("../dto/get-suspicious-activity.dto");
+const get_risk_assessment_history_dto_1 = require("../dto/get-risk-assessment-history.dto");
+class AuthAuditService {
+    auditRepository;
+    userRepository;
+    logger;
+    clientInfoService;
+    constructor(auditRepository, userRepository, logger, clientInfoService) {
+        this.auditRepository = auditRepository;
+        this.userRepository = userRepository;
+        this.logger = logger;
+        this.clientInfoService = clientInfoService;
+    }
+    async getUserAuthHistory(request) {
+        const user = (await this.userRepository.findOne({ where: { sub: request.userSub } }));
+        if (!user) {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.NOT_FOUND, 'User not found');
+        }
+        const page = request.page || 1;
+        const limit = request.limit || 50;
+        const skip = (page - 1) * limit;
+        const queryBuilder = this.auditRepository
+            .createQueryBuilder('audit')
+            .where('audit.userId = :userId', { userId: user.id });
+        if (request.startDate) {
+            queryBuilder.andWhere('audit.createdAt >= :startDate', { startDate: request.startDate });
+        }
+        if (request.endDate) {
+            queryBuilder.andWhere('audit.createdAt <= :endDate', { endDate: request.endDate });
+        }
+        if (request.eventTypes && request.eventTypes.length > 0) {
+            queryBuilder.andWhere('audit.eventType IN (:...eventTypes)', { eventTypes: request.eventTypes });
+        }
+        if (request.eventStatus && request.eventStatus.length > 0) {
+            queryBuilder.andWhere('audit.eventStatus IN (:...eventStatus)', { eventStatus: request.eventStatus });
+        }
+        queryBuilder.orderBy('audit.createdAt', 'DESC');
+        queryBuilder.skip(skip).take(limit);
+        const [data, total] = await queryBuilder.getManyAndCount();
+        const response = new get_user_auth_history_dto_1.GetUserAuthHistoryResponseDTO();
+        response.data = data;
+        response.total = total;
+        response.page = page;
+        response.limit = limit;
+        response.totalPages = Math.ceil(total / limit);
+        return response;
+    }
+    async getEventsByType(request) {
+        const page = request.page || 1;
+        const limit = request.limit || 50;
+        const skip = (page - 1) * limit;
+        const queryBuilder = this.auditRepository.createQueryBuilder('audit').where('audit.eventType = :eventType', {
+            eventType: request.eventType,
+        });
+        if (request.startDate) {
+            queryBuilder.andWhere('audit.createdAt >= :startDate', { startDate: request.startDate });
+        }
+        if (request.endDate) {
+            queryBuilder.andWhere('audit.createdAt <= :endDate', { endDate: request.endDate });
+        }
+        queryBuilder.orderBy('audit.createdAt', 'DESC').skip(skip).take(limit);
+        const [data, total] = await queryBuilder.getManyAndCount();
+        const response = new get_events_by_type_dto_1.GetEventsByTypeResponseDTO();
+        response.data = data;
+        response.total = total;
+        response.page = page;
+        response.limit = limit;
+        response.totalPages = Math.ceil(total / limit);
+        return response;
+    }
+    async getSuspiciousActivity(request) {
+        const limit = request.limit || 100;
+        const queryBuilder = this.auditRepository
+            .createQueryBuilder('audit')
+            .where('(audit.eventStatus = :status OR audit.eventType = :eventType)', {
+            status: 'SUSPICIOUS',
+            eventType: auth_audit_event_type_enum_1.AuthAuditEventType.SUSPICIOUS_ACTIVITY,
+        });
+        if (request.userSub) {
+            const user = (await this.userRepository.findOne({ where: { sub: request.userSub } }));
+            if (!user) {
+                throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.NOT_FOUND, 'User not found');
+            }
+            queryBuilder.andWhere('audit.userId = :userId', { userId: user.id });
+        }
+        queryBuilder.orderBy('audit.createdAt', 'DESC').take(limit);
+        const data = await queryBuilder.getMany();
+        const response = new get_suspicious_activity_dto_1.GetSuspiciousActivityResponseDTO();
+        response.data = data;
+        return response;
+    }
+    async getRiskAssessmentHistory(request) {
+        const limit = request.limit || 100;
+        const user = (await this.userRepository.findOne({ where: { sub: request.userSub } }));
+        if (!user) {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.NOT_FOUND, 'User not found');
+        }
+        const queryBuilder = this.auditRepository
+            .createQueryBuilder('audit')
+            .where('audit.userId = :userId', { userId: user.id })
+            .andWhere('audit.eventType IN (:...eventTypes)', {
+            eventTypes: [
+                auth_audit_event_type_enum_1.AuthAuditEventType.ADAPTIVE_MFA_RISK_ASSESSED,
+                auth_audit_event_type_enum_1.AuthAuditEventType.ADAPTIVE_MFA_TRIGGERED,
+                auth_audit_event_type_enum_1.AuthAuditEventType.ADAPTIVE_MFA_BYPASSED,
+            ],
+        })
+            .orderBy('audit.createdAt', 'DESC')
+            .take(limit);
+        const data = await queryBuilder.getMany();
+        const response = new get_risk_assessment_history_dto_1.GetRiskAssessmentHistoryResponseDTO();
+        response.data = data;
+        return response;
+    }
+}
+exports.AuthAuditService = AuthAuditService;
+class InternalAuthAuditService extends AuthAuditService {
+    async recordEvent(data) {
+        try {
+            let userId = data.userId;
+            if (!userId && data.userSub) {
+                const user = (await this.userRepository.findOne({ where: { sub: data.userSub } }));
+                if (!user) {
+                    this.logger?.warn?.(`Cannot record audit event - user not found: ${data.userSub}`);
+                    return null;
+                }
+                userId = user.id;
+            }
+            if (!userId) {
+                this.logger?.warn?.('Cannot record audit event - userId or userSub required');
+                return null;
+            }
+            let clientInfo = {};
+            if (this.clientInfoService) {
+                try {
+                    const clientInfoFromContext = this.clientInfoService.get();
+                    if (!clientInfoFromContext.ipLatitude || !clientInfoFromContext.ipLongitude) {
+                        this.logger?.warn?.(`[AuthAuditService] Creating audit WITHOUT coordinates from context: ` +
+                            `IP=${clientInfoFromContext.ipAddress}, country=${clientInfoFromContext.ipCountry}, ` +
+                            `city=${clientInfoFromContext.ipCity}, lat=${clientInfoFromContext.ipLatitude}, ` +
+                            `lon=${clientInfoFromContext.ipLongitude}`);
+                    }
+                    else {
+                        this.logger?.debug?.(`[AuthAuditService] Creating audit WITH coordinates from context: ` +
+                            `IP=${clientInfoFromContext.ipAddress}, ${clientInfoFromContext.ipCity}, ` +
+                            `${clientInfoFromContext.ipCountry} (${clientInfoFromContext.ipLatitude}, ${clientInfoFromContext.ipLongitude})`);
+                    }
+                    clientInfo = {
+                        ipAddress: clientInfoFromContext.ipAddress || null,
+                        ipCountry: clientInfoFromContext.ipCountry || null,
+                        ipCity: clientInfoFromContext.ipCity || null,
+                        ipLatitude: clientInfoFromContext.ipLatitude || null,
+                        ipLongitude: clientInfoFromContext.ipLongitude || null,
+                        userAgent: clientInfoFromContext.userAgent || null,
+                        platform: clientInfoFromContext.platform || null,
+                        browser: clientInfoFromContext.browser || null,
+                        deviceId: clientInfoFromContext.deviceToken || null,
+                        deviceName: clientInfoFromContext.deviceName || null,
+                        deviceType: clientInfoFromContext.deviceType || null,
+                        sessionId: clientInfoFromContext.sessionId || null,
+                    };
+                }
+                catch (error) {
+                    this.logger?.debug?.(`Failed to extract client info for audit: ${error instanceof Error ? error.message : 'Unknown error'}`);
+                }
+            }
+            const mergedData = {
+                ipAddress: clientInfo.ipAddress ?? null,
+                ipCountry: clientInfo.ipCountry ?? null,
+                ipCity: clientInfo.ipCity ?? null,
+                ipLatitude: clientInfo.ipLatitude ?? null,
+                ipLongitude: clientInfo.ipLongitude ?? null,
+                userAgent: clientInfo.userAgent ?? null,
+                platform: clientInfo.platform ?? null,
+                browser: clientInfo.browser ?? null,
+                deviceId: data.deviceId ?? clientInfo.deviceId ?? null,
+                deviceName: clientInfo.deviceName ?? null,
+                deviceType: clientInfo.deviceType ?? null,
+                sessionId: data.sessionId ?? clientInfo.sessionId ?? null,
+            };
+            let performedBy = data.performedBy ?? null;
+            if (!performedBy && this.clientInfoService) {
+                try {
+                    const clientInfo = this.clientInfoService.get();
+                    if (clientInfo?.userId) {
+                        performedBy = String(clientInfo.userId);
+                    }
+                }
+                catch (error) {
+                    this.logger?.debug?.(`Failed to get userId from client info for performedBy: ${error instanceof Error ? error.message : 'Unknown error'}`);
+                }
+            }
+            if (!performedBy && userId) {
+                performedBy = String(userId);
+            }
+            const auditRecord = this.auditRepository.create({
+                userId,
+                eventType: data.eventType,
+                eventStatus: data.eventStatus,
+                riskFactor: data.riskFactor ?? null,
+                riskFactors: data.riskFactors ?? null,
+                adaptiveMfaTriggered: data.adaptiveMfaTriggered ?? null,
+                ipAddress: mergedData.ipAddress,
+                ipCountry: mergedData.ipCountry,
+                ipCity: mergedData.ipCity,
+                ipLatitude: mergedData.ipLatitude,
+                ipLongitude: mergedData.ipLongitude,
+                userAgent: mergedData.userAgent,
+                platform: mergedData.platform,
+                browser: mergedData.browser,
+                deviceId: mergedData.deviceId,
+                deviceName: mergedData.deviceName,
+                deviceType: mergedData.deviceType,
+                sessionId: mergedData.sessionId,
+                challengeSessionId: data.challengeSessionId ?? null,
+                authMethod: data.authMethod ?? null,
+                performedBy,
+                reason: data.reason ?? null,
+                description: data.description ?? null,
+                metadata: data.metadata ?? null,
+            });
+            const saved = await this.auditRepository.save(auditRecord);
+            return saved;
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            this.logger?.error?.(`Failed to record audit event: ${errorMessage}`, { eventType: data.eventType, error });
+            return null;
+        }
+    }
+}
+exports.InternalAuthAuditService = InternalAuthAuditService;
+//# sourceMappingURL=auth-audit.service.js.map

package/dist/services/auth-audit.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-audit.service.js","sourceRoot":"","sources":["../../src/services/auth-audit.service.ts"],"names":[],"mappings":";;;AAGA,oFAAyE;AAGzE,mEAA+D;AAC/D,gEAA0D;AAG1D,gFAAwG;AACxG,0EAA+F;AAC/F,oFAAgH;AAChH,4FAGgD;AA6DhD,MAAa,gBAAgB;IAEN;IACA;IACA;IACA;IAJrB,YACqB,eAA0C,EAC1C,cAAoC,EACpC,MAAmB,EACnB,iBAAqC;QAHrC,oBAAe,GAAf,eAAe,CAA2B;QAC1C,mBAAc,GAAd,cAAc,CAAsB;QACpC,WAAM,GAAN,MAAM,CAAa;QACnB,sBAAiB,GAAjB,iBAAiB,CAAoB;IACvD,CAAC;IA2BJ,KAAK,CAAC,kBAAkB,CAAC,OAA8B;QAErD,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAiB,CAAC;QACtG,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC;QAGhC,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe;aACtC,kBAAkB,CAAC,OAAO,CAAC;aAC3B,KAAK,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAGxD,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,YAAY,CAAC,QAAQ,CAAC,+BAA+B,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,YAAY,CAAC,QAAQ,CAAC,6BAA6B,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QACrF,CAAC;QAGD,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxD,YAAY,CAAC,QAAQ,CAAC,qCAAqC,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QACnG,CAAC;QAGD,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,YAAY,CAAC,QAAQ,CAAC,wCAAwC,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QACxG,CAAC;QAGD,YAAY,CAAC,OAAO,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;QAGhD,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEpC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAC;QAE3D,MAAM,QAAQ,GAAG,IAAI,yDAA6B,EAAE,CAAC;QACrD,QAAQ,CAAC,IAAI,GAAG,IAA+B,CAAC;QAChD,QAAQ,CAAC,KAAK,GAAG,KAAK,CAAC;QACvB,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;QACrB,QAAQ,CAAC,KAAK,GAAG,KAAK,CAAC;QACvB,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC;QAE/C,OAAO,QAAQ,CAAC;IAClB,CAAC;IAiBD,KAAK,CAAC,eAAe,CAAC,OAA2B;QAC/C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC;QAEhC,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,8BAA8B,EAAE;YAC1G,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B,CAAC,CAAC;QAGH,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,YAAY,CAAC,QAAQ,CAAC,+BAA+B,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,YAAY,CAAC,QAAQ,CAAC,6BAA6B,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QACrF,CAAC;QAED,YAAY,CAAC,OAAO,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEvE,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAC;QAE3D,MAAM,QAAQ,GAAG,IAAI,mDAA0B,EAAE,CAAC;QAClD,QAAQ,CAAC,IAAI,GAAG,IAA+B,CAAC;QAChD,QAAQ,CAAC,KAAK,GAAG,KAAK,CAAC;QACvB,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;QACrB,QAAQ,CAAC,KAAK,GAAG,KAAK,CAAC;QACvB,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC;QAE/C,OAAO,QAAQ,CAAC;IAClB,CAAC;IAsBD,KAAK,CAAC,qBAAqB,CAAC,OAAiC;QAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,GAAG,CAAC;QAEnC,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe;aACtC,kBAAkB,CAAC,OAAO,CAAC;aAC3B,KAAK,CAAC,+DAA+D,EAAE;YACtE,MAAM,EAAE,YAAY;YACpB,SAAS,EAAE,+CAAkB,CAAC,mBAAmB;SAClD,CAAC,CAAC;QAGL,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAiB,CAAC;YACtG,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YACtE,CAAC;YACD,YAAY,CAAC,QAAQ,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,YAAY,CAAC,OAAO,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAE5D,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QAE1C,MAAM,QAAQ,GAAG,IAAI,8DAAgC,EAAE,CAAC;QACxD,QAAQ,CAAC,IAAI,GAAG,IAA+B,CAAC;QAEhD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAoBD,KAAK,CAAC,wBAAwB,CAAC,OAAoC;QACjE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,GAAG,CAAC;QAGnC,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAiB,CAAC;QACtG,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe;aACtC,kBAAkB,CAAC,OAAO,CAAC;aAC3B,KAAK,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;aACpD,QAAQ,CAAC,qCAAqC,EAAE;YAC/C,UAAU,EAAE;gBACV,+CAAkB,CAAC,0BAA0B;gBAC7C,+CAAkB,CAAC,sBAAsB;gBACzC,+CAAkB,CAAC,qBAAqB;aACzC;SACF,CAAC;aACD,OAAO,CAAC,iBAAiB,EAAE,MAAM,CAAC;aAClC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEf,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QAE1C,MAAM,QAAQ,GAAG,IAAI,qEAAmC,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,GAAG,IAA+B,CAAC;QAEhD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAnOD,4CAmOC;AAiCD,MAAa,wBAAyB,SAAQ,gBAAgB;IAyD5D,KAAK,CAAC,WAAW,CAAC,IAA6B;QAC7C,IAAI,CAAC;YAEH,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACzB,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,CAAiB,CAAC;gBACnG,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,+CAA+C,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;oBACnF,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;YACnB,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,wDAAwD,CAAC,CAAC;gBAC9E,OAAO,IAAI,CAAC;YACd,CAAC;YAMD,IAAI,UAAU,GAaV,EAAE,CAAC;YAEP,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC3B,IAAI,CAAC;oBACH,MAAM,qBAAqB,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC;oBAG3D,IAAI,CAAC,qBAAqB,CAAC,UAAU,IAAI,CAAC,qBAAqB,CAAC,WAAW,EAAE,CAAC;wBAC5E,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CACjB,sEAAsE;4BACtE,MAAM,qBAAqB,CAAC,SAAS,aAAa,qBAAqB,CAAC,SAAS,IAAI;4BACrF,QAAQ,qBAAqB,CAAC,MAAM,SAAS,qBAAqB,CAAC,UAAU,IAAI;4BACjF,OAAO,qBAAqB,CAAC,WAAW,EAAE,CAC3C,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,mEAAmE;4BACnE,MAAM,qBAAqB,CAAC,SAAS,KAAK,qBAAqB,CAAC,MAAM,IAAI;4BAC1E,GAAG,qBAAqB,CAAC,SAAS,KAAK,qBAAqB,CAAC,UAAU,KAAK,qBAAqB,CAAC,WAAW,GAAG,CACjH,CAAC;oBACJ,CAAC;oBAGD,UAAU,GAAG;wBACX,SAAS,EAAE,qBAAqB,CAAC,SAAS,IAAI,IAAI;wBAClD,SAAS,EAAE,qBAAqB,CAAC,SAAS,IAAI,IAAI;wBAClD,MAAM,EAAE,qBAAqB,CAAC,MAAM,IAAI,IAAI;wBAC5C,UAAU,EAAE,qBAAqB,CAAC,UAAU,IAAI,IAAI;wBACpD,WAAW,EAAE,qBAAqB,CAAC,WAAW,IAAI,IAAI;wBACtD,SAAS,EAAE,qBAAqB,CAAC,SAAS,IAAI,IAAI;wBAClD,QAAQ,EAAE,qBAAqB,CAAC,QAAQ,IAAI,IAAI;wBAChD,OAAO,EAAE,qBAAqB,CAAC,OAAO,IAAI,IAAI;wBAC9C,QAAQ,EAAE,qBAAqB,CAAC,WAAW,IAAI,IAAI;wBACnD,UAAU,EAAE,qBAAqB,CAAC,UAAU,IAAI,IAAI;wBACpD,UAAU,EAAE,qBAAqB,CAAC,UAAU,IAAI,IAAI;wBACpD,SAAS,EAAE,qBAAqB,CAAC,SAAS,IAAI,IAAI;qBACnD,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBAGf,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,4CAA4C,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACvG,CAAC;gBACJ,CAAC;YACH,CAAC;YAKD,MAAM,UAAU,GAAG;gBACjB,SAAS,EAAE,UAAU,CAAC,SAAS,IAAI,IAAI;gBACvC,SAAS,EAAE,UAAU,CAAC,SAAS,IAAI,IAAI;gBACvC,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,IAAI;gBACjC,UAAU,EAAE,UAAU,CAAC,UAAU,IAAI,IAAI;gBACzC,WAAW,EAAE,UAAU,CAAC,WAAW,IAAI,IAAI;gBAC3C,SAAS,EAAE,UAAU,CAAC,SAAS,IAAI,IAAI;gBACvC,QAAQ,EAAE,UAAU,CAAC,QAAQ,IAAI,IAAI;gBACrC,OAAO,EAAE,UAAU,CAAC,OAAO,IAAI,IAAI;gBACnC,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,IAAI,IAAI;gBACtD,UAAU,EAAE,UAAU,CAAC,UAAU,IAAI,IAAI;gBACzC,UAAU,EAAE,UAAU,CAAC,UAAU,IAAI,IAAI;gBACzC,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,UAAU,CAAC,SAAS,IAAI,IAAI;aAC1D,CAAC;YAKF,IAAI,WAAW,GAAkB,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;YAC1D,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC3C,IAAI,CAAC;oBAEH,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC;oBAChD,IAAI,UAAU,EAAE,MAAM,EAAE,CAAC;wBAGvB,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;oBAC1C,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBAEf,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,0DAA0D,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACrH,CAAC;gBACJ,CAAC;YACH,CAAC;YAID,IAAI,CAAC,WAAW,IAAI,MAAM,EAAE,CAAC;gBAC3B,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;YAC/B,CAAC;YAGD,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;gBAC9C,MAAM;gBACN,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;gBACnC,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI;gBACrC,oBAAoB,EAAE,IAAI,CAAC,oBAAoB,IAAI,IAAI;gBACvD,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,UAAU,EAAE,UAAU,CAAC,UAAU;gBACjC,WAAW,EAAE,UAAU,CAAC,WAAW;gBACnC,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,QAAQ,EAAE,UAAU,CAAC,QAAQ;gBAC7B,OAAO,EAAE,UAAU,CAAC,OAAO;gBAC3B,QAAQ,EAAE,UAAU,CAAC,QAAQ;gBAC7B,UAAU,EAAE,UAAU,CAAC,UAAU;gBACjC,UAAU,EAAE,UAAU,CAAC,UAAU;gBACjC,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,IAAI,IAAI;gBACnD,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;gBACnC,WAAW;gBACX,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,IAAI;gBAC3B,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI;gBACrC,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI;aAChC,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC3D,OAAO,KAA8B,CAAC;QACxC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,iCAAiC,YAAY,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;YAC5G,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF;AA5ND,4DA4NC"}

package/dist/services/auth-challenge-helper.service.d.ts

@@ -0,0 +1,48 @@
+import { Repository } from 'typeorm';
+import { BaseMFADevice } from '../entities';
+import { AuthResponseDTO } from '../dto/auth-response.dto';
+import { AuthChallenge } from '../dto/auth-challenge.dto';
+import { IUser } from '../interfaces/entities.interface';
+import { ChallengeService } from './challenge.service';
+import { JwtService } from './jwt.service';
+import { SessionService } from './session.service';
+import { EmailVerificationService } from './email-verification.service';
+import { PhoneVerificationService } from './phone-verification.service';
+import { ClientInfoService } from './client-info.service';
+import { NAuthConfig } from '../interfaces/config.interface';
+import { NAuthLogger } from '../utils/nauth-logger';
+import { AuthFlowStateMachineService } from './auth-flow-state-machine.service';
+import { AuthFlowContextBuilder } from './auth-flow-context-builder.service';
+export declare class AuthChallengeHelperService {
+    private readonly challengeService;
+    private readonly jwtService;
+    private readonly sessionService;
+    private readonly mfaDeviceRepository;
+    private readonly logger;
+    private readonly stateMachine;
+    private readonly contextBuilder;
+    private readonly clientInfoService;
+    private readonly emailVerificationService?;
+    private readonly phoneVerificationService?;
+    constructor(challengeService: ChallengeService, jwtService: JwtService, sessionService: SessionService, mfaDeviceRepository: Repository<BaseMFADevice>, logger: NAuthLogger, stateMachine: AuthFlowStateMachineService, contextBuilder: AuthFlowContextBuilder, clientInfoService: ClientInfoService, emailVerificationService?: EmailVerificationService | undefined, phoneVerificationService?: PhoneVerificationService | undefined);
+    createChallengeResponse(user: IUser, challengeName: AuthChallenge, config: NAuthConfig, authMethod?: 'password' | 'social', authProvider?: string, skipAutoSend?: boolean): Promise<AuthResponseDTO>;
+    createMFASetupChallengeResponse(user: IUser, config: NAuthConfig, authMethod?: 'password' | 'social', authProvider?: string): Promise<AuthResponseDTO>;
+    createMFAChallengeResponse(user: IUser): Promise<AuthResponseDTO>;
+    createSuccessResponse(user: IUser, deviceToken?: string, isTrusted?: boolean, _isSocialLogin?: boolean, _metadata?: {
+        gracePeriodEndsAt?: Date;
+        riskScore?: number;
+        riskLevel?: 'low' | 'medium' | 'high';
+        blockedUntil?: Date;
+        reason?: string;
+    }): Promise<AuthResponseDTO>;
+    determineAuthResponse(params: {
+        user: IUser;
+        config: NAuthConfig;
+        deviceToken?: string;
+        isSocialLogin?: boolean;
+        skipMFAVerification?: boolean;
+        authProvider?: string;
+    }): Promise<AuthResponseDTO>;
+    private stateToResponse;
+}
+//# sourceMappingURL=auth-challenge-helper.service.d.ts.map

package/dist/services/auth-challenge-helper.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-challenge-helper.service.d.ts","sourceRoot":"","sources":["../../src/services/auth-challenge-helper.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAG1D,OAAO,EAAE,KAAK,EAAc,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAIpD,OAAO,EAAE,2BAA2B,EAAE,MAAM,mCAAmC,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAmB7E,qBAAa,0BAA0B;IAEnC,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IAC1C,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;gBATzB,gBAAgB,EAAE,gBAAgB,EAClC,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,cAAc,EAC9B,mBAAmB,EAAE,UAAU,CAAC,aAAa,CAAC,EAC9C,MAAM,EAAE,WAAW,EACnB,YAAY,EAAE,2BAA2B,EACzC,cAAc,EAAE,sBAAsB,EACtC,iBAAiB,EAAE,iBAAiB,EACpC,wBAAwB,CAAC,EAAE,wBAAwB,YAAA,EACnD,wBAAwB,CAAC,EAAE,wBAAwB,YAAA;IAmChE,uBAAuB,CAC3B,IAAI,EAAE,KAAK,EACX,aAAa,EAAE,aAAa,EAC5B,MAAM,EAAE,WAAW,EACnB,UAAU,GAAE,UAAU,GAAG,QAAqB,EAC9C,YAAY,CAAC,EAAE,MAAM,EACrB,YAAY,CAAC,EAAE,OAAO,GACrB,OAAO,CAAC,eAAe,CAAC;IAkKrB,+BAA+B,CACnC,IAAI,EAAE,KAAK,EACX,MAAM,EAAE,WAAW,EACnB,UAAU,GAAE,UAAU,GAAG,QAAqB,EAC9C,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,eAAe,CAAC;IA0DrB,0BAA0B,CAAC,IAAI,EAAE,KAAK,GAAG,OAAO,CAAC,eAAe,CAAC;IA6OjE,qBAAqB,CACzB,IAAI,EAAE,KAAK,EACX,WAAW,CAAC,EAAE,MAAM,EACpB,SAAS,CAAC,EAAE,OAAO,EACnB,cAAc,UAAQ,EACtB,SAAS,CAAC,EAAE;QAEV,iBAAiB,CAAC,EAAE,IAAI,CAAC;QACzB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;QACtC,YAAY,CAAC,EAAE,IAAI,CAAC;QACpB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,GACA,OAAO,CAAC,eAAe,CAAC;IAqHrB,qBAAqB,CAAC,MAAM,EAAE;QAClC,IAAI,EAAE,KAAK,CAAC;QACZ,MAAM,EAAE,WAAW,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC,eAAe,CAAC;YAoDd,eAAe;CAkF9B"}