@nauth-toolkit/core 0.1.0

package/dist/services/auth-challenge-helper.service.js

@@ -0,0 +1,425 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthChallengeHelperService = void 0;
+const auth_challenge_dto_1 = require("../dto/auth-challenge.dto");
+const verify_email_dto_1 = require("../dto/verify-email.dto");
+const verify_phone_dto_1 = require("../dto/verify-phone.dto");
+const nauth_exception_1 = require("../exceptions/nauth.exception");
+const error_codes_enum_1 = require("../enums/error-codes.enum");
+const mfa_method_enum_1 = require("../enums/mfa-method.enum");
+const auth_flow_state_machine_types_1 = require("./auth-flow-state-machine.types");
+class AuthChallengeHelperService {
+    challengeService;
+    jwtService;
+    sessionService;
+    mfaDeviceRepository;
+    logger;
+    stateMachine;
+    contextBuilder;
+    clientInfoService;
+    emailVerificationService;
+    phoneVerificationService;
+    constructor(challengeService, jwtService, sessionService, mfaDeviceRepository, logger, stateMachine, contextBuilder, clientInfoService, emailVerificationService, phoneVerificationService) {
+        this.challengeService = challengeService;
+        this.jwtService = jwtService;
+        this.sessionService = sessionService;
+        this.mfaDeviceRepository = mfaDeviceRepository;
+        this.logger = logger;
+        this.stateMachine = stateMachine;
+        this.contextBuilder = contextBuilder;
+        this.clientInfoService = clientInfoService;
+        this.emailVerificationService = emailVerificationService;
+        this.phoneVerificationService = phoneVerificationService;
+    }
+    async createChallengeResponse(user, challengeName, config, authMethod = 'password', authProvider, skipAutoSend) {
+        this.logger?.debug?.(`Creating challenge with authMethod=${authMethod}, authProvider=${authProvider || 'none'} for user ${user.sub}`);
+        const challengeSession = await this.challengeService.createChallengeSession(user, challengeName, {
+            email: user.email,
+            phone: user.phone,
+            authMethod,
+            authProvider,
+        });
+        if (challengeName === auth_challenge_dto_1.AuthChallenge.VERIFY_EMAIL && this.emailVerificationService) {
+            this.logger?.log?.(`📧 Sending verification email to: ${user.email}`);
+            const emailDto = Object.assign(new verify_email_dto_1.SendVerificationEmailDTO(), {
+                sub: user.sub,
+                baseUrl: undefined,
+                challengeSessionId: challengeSession.id,
+            });
+            this.emailVerificationService
+                .sendVerificationEmail(emailDto)
+                .then(() => {
+                this.logger?.log?.(`Verification email sent successfully to: ${user.email}`);
+            })
+                .catch((error) => {
+                const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                this.logger?.error?.(`Failed to send verification email to ${user.email}: ${errorMessage}`);
+            });
+        }
+        if (!skipAutoSend && challengeName === auth_challenge_dto_1.AuthChallenge.VERIFY_PHONE && this.phoneVerificationService && user.phone) {
+            this.logger?.log?.(`Sending verification SMS to: ${user.phone}`);
+            const smsDto = Object.assign(new verify_phone_dto_1.SendVerificationSMSDTO(), {
+                sub: user.sub,
+                challengeSessionId: challengeSession.id,
+            });
+            this.phoneVerificationService
+                .sendVerificationSMS(smsDto)
+                .then(() => {
+                this.logger?.log?.(`Verification SMS sent successfully to: ${user.phone}`);
+            })
+                .catch((error) => {
+                const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                this.logger?.error?.(`Failed to send verification SMS to ${user.phone}: ${errorMessage}`);
+            });
+        }
+        const challengeParameters = {};
+        switch (challengeName) {
+            case auth_challenge_dto_1.AuthChallenge.VERIFY_EMAIL:
+                challengeParameters.email = user.email;
+                challengeParameters.codeDeliveryDestination = this.challengeService.maskEmail(user.email);
+                break;
+            case auth_challenge_dto_1.AuthChallenge.VERIFY_PHONE:
+                challengeParameters.phone = user.phone || undefined;
+                challengeParameters.codeDeliveryDestination = user.phone
+                    ? this.challengeService.maskPhone(user.phone)
+                    : undefined;
+                if (!user.phone) {
+                    challengeParameters.requiresPhoneCollection = 'true';
+                    challengeParameters.instructions = 'You must add a phone number and verify it to continue';
+                }
+                break;
+            case auth_challenge_dto_1.AuthChallenge.MFA_REQUIRED:
+                challengeParameters.instructions = 'Multi-factor authentication is required';
+                if (user.preferredMfaMethod === 'sms' && user.phone) {
+                    challengeParameters.codeDeliveryDestination = this.challengeService.maskPhone(user.phone);
+                }
+                if (user.preferredMfaMethod === 'email' && user.email) {
+                    challengeParameters.codeDeliveryDestination = this.challengeService.maskEmail(user.email);
+                }
+                break;
+            case auth_challenge_dto_1.AuthChallenge.MFA_SETUP_REQUIRED: {
+                const allowedMethods = config.mfa?.allowedMethods || [...mfa_method_enum_1.MFADeviceMethods];
+                challengeParameters.allowedMethods = allowedMethods;
+                challengeParameters.instructions = 'Multi-factor authentication setup is required before you can login';
+                break;
+            }
+            case auth_challenge_dto_1.AuthChallenge.FORCE_CHANGE_PASSWORD:
+                challengeParameters.instructions = 'You must change your password before continuing';
+                break;
+        }
+        const response = {
+            challengeName,
+            session: challengeSession.sessionToken,
+            challengeParameters,
+            userSub: user.sub,
+        };
+        return response;
+    }
+    async createMFASetupChallengeResponse(user, config, authMethod = 'password', authProvider) {
+        this.logger?.log?.(`Creating MFA setup challenge for user: ${user.sub}`);
+        const allowedMethods = config.mfa?.allowedMethods || [...mfa_method_enum_1.MFADeviceMethods];
+        this.logger?.debug?.(`Creating MFA setup challenge with authMethod=${authMethod}, authProvider=${authProvider || 'none'} for user ${user.sub}`);
+        const challengeSession = await this.challengeService.createChallengeSession(user, auth_challenge_dto_1.AuthChallenge.MFA_SETUP_REQUIRED, {
+            allowedMethods,
+            requiresSetup: true,
+            authMethod,
+            authProvider,
+        });
+        this.logger?.log?.(`MFA setup challenge created for user: ${user.sub}`);
+        return {
+            challengeName: auth_challenge_dto_1.AuthChallenge.MFA_SETUP_REQUIRED,
+            session: challengeSession.sessionToken,
+            challengeParameters: {
+                allowedMethods,
+                instructions: 'Multi-factor authentication setup is required before you can login',
+            },
+            userSub: user.sub,
+        };
+    }
+    async createMFAChallengeResponse(user) {
+        this.logger?.log?.(`Creating MFA challenge for user: ${user.sub}`);
+        const devices = (await this.mfaDeviceRepository.find({
+            where: { userId: user.id, isActive: true },
+            order: { isPrimary: 'DESC', lastUsedAt: 'DESC' },
+        }));
+        if (devices.length === 0) {
+            this.logger?.warn?.(`User has MFA enabled but no active devices: ${user.sub}`);
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.INTERNAL_ERROR, 'MFA enabled but no devices configured');
+        }
+        const deviceMethods = [...new Set(devices.map((d) => d.type))];
+        const availableMethods = [...deviceMethods];
+        if (user.backupCodes && user.backupCodes.length > 0) {
+            availableMethods.push(mfa_method_enum_1.MFAMethod.BACKUP);
+        }
+        this.logger?.debug?.(`MFA challenge for user ${user.sub}: preferredMfaMethod=${user.preferredMfaMethod}, deviceMethods=[${deviceMethods.join(', ')}], devices=[${devices.map((d) => `${d.type}${d.isPrimary ? '(primary)' : ''}`).join(', ')}]`);
+        let preferredMethod;
+        const normalizedPreferredMethod = user.preferredMfaMethod?.toLowerCase();
+        if (normalizedPreferredMethod &&
+            (normalizedPreferredMethod === mfa_method_enum_1.MFAMethod.TOTP ||
+                normalizedPreferredMethod === mfa_method_enum_1.MFAMethod.SMS ||
+                normalizedPreferredMethod === mfa_method_enum_1.MFAMethod.EMAIL ||
+                normalizedPreferredMethod === mfa_method_enum_1.MFAMethod.PASSKEY) &&
+            deviceMethods.some((m) => m.toLowerCase() === normalizedPreferredMethod)) {
+            preferredMethod =
+                deviceMethods.find((m) => m.toLowerCase() === normalizedPreferredMethod) || normalizedPreferredMethod;
+            this.logger?.debug?.(`Using user preferred MFA method: ${preferredMethod} (from user.preferredMfaMethod: ${user.preferredMfaMethod})`);
+        }
+        else {
+            const primaryDevice = devices.find((d) => d.isPrimary);
+            preferredMethod = primaryDevice?.type || deviceMethods[0];
+            this.logger?.debug?.(`Using fallback MFA method: ${preferredMethod} (preferred: ${user.preferredMfaMethod}, available: ${deviceMethods.join(', ')})`);
+        }
+        let maskedPhone;
+        const smsDevice = devices.find((d) => d.type === mfa_method_enum_1.MFAMethod.SMS && d.phoneNumber);
+        if (smsDevice?.phoneNumber) {
+            const digits = smsDevice.phoneNumber.replace(/\D/g, '');
+            maskedPhone = digits.length >= 4 ? `***-***-${digits.slice(-4)}` : smsDevice.phoneNumber;
+        }
+        let maskedEmail;
+        const emailDevice = devices.find((d) => d.type === mfa_method_enum_1.MFAMethod.EMAIL && d.email);
+        const emailToMask = emailDevice?.email || user.email;
+        if (emailToMask) {
+            const [localPart, domain] = emailToMask.split('@');
+            if (localPart && domain) {
+                const firstChar = localPart[0];
+                const lastChar = localPart[localPart.length - 1];
+                maskedEmail = localPart.length > 2 ? `${firstChar}***${lastChar}@${domain}` : `${firstChar}***@${domain}`;
+            }
+            else {
+                maskedEmail = emailToMask;
+            }
+        }
+        const challengeSession = await this.challengeService.createChallengeSession(user, auth_challenge_dto_1.AuthChallenge.MFA_REQUIRED, {
+            availableMethods,
+            preferredMethod,
+            maskedPhone,
+            maskedEmail,
+            method: preferredMethod,
+        });
+        this.logger?.log?.(`MFA challenge created for user: ${user.sub}`);
+        const smsIsPreferred = preferredMethod.toLowerCase() === 'sms';
+        const smsIsOnly = deviceMethods.length === 1 && deviceMethods[0].toLowerCase() === 'sms';
+        if ((smsIsPreferred || smsIsOnly) && this.phoneVerificationService && user.phone) {
+            this.logger?.log?.(`Auto-sending MFA SMS code to user ${user.sub} (preferred=${smsIsPreferred}, only=${smsIsOnly})`);
+            const smsDto = Object.assign(new verify_phone_dto_1.SendVerificationSMSDTO(), {
+                sub: user.sub,
+                skipAlreadyVerifiedCheck: true,
+                challengeSessionId: challengeSession.id,
+            });
+            this.phoneVerificationService
+                .sendVerificationSMS(smsDto)
+                .then(() => {
+                this.logger?.log?.(`MFA SMS code sent successfully to user ${user.sub}`);
+            })
+                .catch((error) => {
+                const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                this.logger?.error?.(`Failed to send MFA SMS code to user ${user.sub}: ${errorMessage}`);
+            });
+        }
+        else {
+            this.logger?.debug?.(`Skipped auto-send MFA SMS for user ${user.sub}: ` +
+                `phoneService=${!!this.phoneVerificationService}, ` +
+                `preferredMethod=${preferredMethod}, ` +
+                `smsIsPreferred=${smsIsPreferred}, ` +
+                `smsIsOnly=${smsIsOnly}, ` +
+                `deviceMethods=[${deviceMethods.join(', ')}], ` +
+                `phone=${!!user.phone}`);
+        }
+        const emailIsPreferred = preferredMethod.toLowerCase() === 'email';
+        const emailIsOnly = deviceMethods.length === 1 && deviceMethods[0].toLowerCase() === 'email';
+        if ((emailIsPreferred || emailIsOnly) && this.emailVerificationService && user.email) {
+            this.logger?.log?.(`Auto-sending MFA Email code to user ${user.sub} (preferred=${emailIsPreferred}, only=${emailIsOnly})`);
+            const emailDto = Object.assign(new verify_email_dto_1.SendVerificationEmailDTO(), {
+                sub: user.sub,
+                baseUrl: undefined,
+                skipAlreadyVerifiedCheck: true,
+                challengeSessionId: challengeSession.id,
+            });
+            this.emailVerificationService
+                .sendVerificationEmail(emailDto)
+                .then(() => {
+                this.logger?.log?.(`MFA Email code sent successfully to user ${user.sub}`);
+            })
+                .catch((error) => {
+                const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                this.logger?.error?.(`Failed to send MFA Email code to user ${user.sub}: ${errorMessage}`);
+            });
+        }
+        else {
+            this.logger?.debug?.(`Skipped auto-send MFA Email for user ${user.sub}: ` +
+                `emailService=${!!this.emailVerificationService}, ` +
+                `preferredMethod=${preferredMethod}, ` +
+                `emailIsPreferred=${emailIsPreferred}, ` +
+                `emailIsOnly=${emailIsOnly}, ` +
+                `deviceMethods=[${deviceMethods.join(', ')}], ` +
+                `email=${!!user.email}`);
+        }
+        const challengeParams = {
+            availableMethods,
+            preferredMethod: preferredMethod,
+        };
+        if (maskedPhone) {
+            challengeParams.maskedPhone = maskedPhone;
+        }
+        if (maskedEmail || preferredMethod.toLowerCase() === 'email') {
+            challengeParams.maskedEmail = maskedEmail || user.email || '';
+        }
+        return {
+            challengeName: auth_challenge_dto_1.AuthChallenge.MFA_REQUIRED,
+            session: challengeSession.sessionToken,
+            challengeParameters: challengeParams,
+        };
+    }
+    async createSuccessResponse(user, deviceToken, isTrusted, _isSocialLogin = false, _metadata) {
+        const clientInfo = this.clientInfoService.get();
+        const finalDeviceToken = clientInfo.deviceToken || deviceToken;
+        const tokenFamily = this.jwtService.generateTokenFamily();
+        const tempTokens = await this.jwtService.generateTokenPair({
+            userId: user.sub,
+            email: user.email,
+            sessionId: 'temp',
+            tokenFamily,
+        });
+        let finalDeviceId = finalDeviceToken;
+        if (!finalDeviceId) {
+            const crypto = await Promise.resolve().then(() => __importStar(require('crypto')));
+            finalDeviceId = crypto.randomUUID();
+        }
+        const session = await this.sessionService.createSession({
+            userId: user.id,
+            accessTokenHash: this.jwtService.hashToken(tempTokens.accessToken),
+            refreshTokenHash: this.jwtService.hashToken(tempTokens.refreshToken),
+            tokenFamily,
+            deviceId: finalDeviceId,
+            expiresAt: this.sessionService.getSessionExpirationDate(),
+            authMethod: 'password',
+        });
+        const tokens = await this.jwtService.generateTokenPair({
+            userId: user.sub,
+            email: user.email,
+            sessionId: session.id.toString(),
+            tokenFamily,
+        });
+        await this.sessionService.updateTokens(session.id, this.jwtService.hashToken(tokens.accessToken), this.jwtService.hashToken(tokens.refreshToken));
+        const accessTokenValidation = await this.jwtService.validateAccessToken(tokens.accessToken);
+        const refreshTokenValidation = await this.jwtService.validateRefreshToken(tokens.refreshToken);
+        const response = {
+            accessToken: tokens.accessToken,
+            refreshToken: tokens.refreshToken,
+            accessTokenExpiresAt: accessTokenValidation.payload?.exp || 0,
+            refreshTokenExpiresAt: refreshTokenValidation.payload?.exp || 0,
+            trusted: isTrusted,
+            deviceToken: finalDeviceToken,
+            user: {
+                sub: user.sub,
+                email: user.email,
+                firstName: user.firstName,
+                lastName: user.lastName,
+                phone: user.phone ?? undefined,
+                isEmailVerified: user.isEmailVerified,
+                isPhoneVerified: user.isPhoneVerified ?? undefined,
+                socialProviders: user.socialProviders ?? undefined,
+                hasPasswordHash: !!user.passwordHash,
+            },
+            userSub: user.sub,
+        };
+        return response;
+    }
+    async determineAuthResponse(params) {
+        const { user, config, deviceToken, isSocialLogin = false, skipMFAVerification = false, authProvider } = params;
+        this.logger?.debug?.(`[ChallengeHelper] determineAuthResponse called for user ${user.sub} (isSocialLogin=${isSocialLogin}, skipMFA=${skipMFAVerification}, deviceToken=${deviceToken ? 'present' : 'none'})`);
+        const context = await this.contextBuilder.build({
+            user,
+            config,
+            authMethod: isSocialLogin ? 'social' : 'password',
+            authProvider,
+            deviceToken,
+            skipMFAVerification,
+        });
+        const state = await this.stateMachine.evaluateState(context);
+        const stateDefinition = this.stateMachine.getStateDefinition(state);
+        if (!stateDefinition) {
+            this.logger?.error?.(`No state definition found for state: ${state}`, { state, userId: user.id });
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.INTERNAL_ERROR, 'Invalid authentication state');
+        }
+        const metadata = this.stateMachine.buildMetadata(state, context);
+        const response = await this.stateToResponse(state, stateDefinition, context, metadata);
+        this.logger?.debug?.(`[ChallengeHelper] State ${state} → Challenge: ${response.challengeName || 'SUCCESS'} for user ${user.sub}`);
+        return response;
+    }
+    async stateToResponse(state, stateDefinition, context, metadata) {
+        const clientInfo = this.clientInfoService.get();
+        const deviceToken = clientInfo.deviceToken || context.deviceToken;
+        const authMethod = context.authMethod || 'password';
+        if (stateDefinition.challenge) {
+            if (stateDefinition.challenge === auth_challenge_dto_1.AuthChallenge.MFA_SETUP_REQUIRED) {
+                return this.createMFASetupChallengeResponse(context.user, context.config, authMethod, context.authProvider);
+            }
+            if (stateDefinition.challenge === auth_challenge_dto_1.AuthChallenge.MFA_REQUIRED) {
+                return this.createMFAChallengeResponse(context.user);
+            }
+            return this.createChallengeResponse(context.user, stateDefinition.challenge, context.config, authMethod, context.authProvider);
+        }
+        if (state === auth_flow_state_machine_types_1.AuthFlowState.GRACE_PERIOD_ACTIVE) {
+            const isTrusted = context.computed.isDeviceTrusted;
+            const response = await this.createSuccessResponse(context.user, deviceToken, isTrusted, context.authMethod === 'social', metadata);
+            if (metadata?.gracePeriodEndsAt) {
+                response.gracePeriodEndsAt = metadata.gracePeriodEndsAt;
+            }
+            if (metadata?.riskScore !== undefined) {
+                response.riskScore = metadata.riskScore;
+            }
+            if (metadata?.riskLevel) {
+                response.riskLevel = metadata.riskLevel;
+            }
+            return response;
+        }
+        if (state === auth_flow_state_machine_types_1.AuthFlowState.BLOCKED) {
+            const errorCode = context.config.mfa?.adaptive?.blockedSignIn?.errorCode ||
+                error_codes_enum_1.AuthErrorCode.SIGNIN_BLOCKED_HIGH_RISK;
+            const message = metadata?.reason ||
+                context.config.mfa?.adaptive?.blockedSignIn?.message ||
+                'Sign-in blocked due to suspicious activity';
+            throw new nauth_exception_1.NAuthException(errorCode, message, {
+                expiresAt: metadata?.blockedUntil,
+            });
+        }
+        const isTrusted = context.computed.isDeviceTrusted;
+        return this.createSuccessResponse(context.user, deviceToken, isTrusted, context.authMethod === 'social', metadata);
+    }
+}
+exports.AuthChallengeHelperService = AuthChallengeHelperService;
+//# sourceMappingURL=auth-challenge-helper.service.js.map

package/dist/services/auth-challenge-helper.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-challenge-helper.service.js","sourceRoot":"","sources":["../../src/services/auth-challenge-helper.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGA,kEAA0D;AAC1D,8DAAmE;AACnE,8DAAiE;AAUjE,mEAA+D;AAC/D,gEAA0D;AAC1D,8DAA+G;AAG/G,mFAAiF;AAkBjF,MAAa,0BAA0B;IAElB;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IAVnB,YACmB,gBAAkC,EAClC,UAAsB,EACtB,cAA8B,EAC9B,mBAA8C,EAC9C,MAAmB,EACnB,YAAyC,EACzC,cAAsC,EACtC,iBAAoC,EACpC,wBAAmD,EACnD,wBAAmD;QATnD,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,eAAU,GAAV,UAAU,CAAY;QACtB,mBAAc,GAAd,cAAc,CAAgB;QAC9B,wBAAmB,GAAnB,mBAAmB,CAA2B;QAC9C,WAAM,GAAN,MAAM,CAAa;QACnB,iBAAY,GAAZ,YAAY,CAA6B;QACzC,mBAAc,GAAd,cAAc,CAAwB;QACtC,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,6BAAwB,GAAxB,wBAAwB,CAA2B;QACnD,6BAAwB,GAAxB,wBAAwB,CAA2B;IACnE,CAAC;IAkCJ,KAAK,CAAC,uBAAuB,CAC3B,IAAW,EACX,aAA4B,EAC5B,MAAmB,EACnB,aAAoC,UAAU,EAC9C,YAAqB,EACrB,YAAsB;QAUtB,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,sCAAsC,UAAU,kBAAkB,YAAY,IAAI,MAAM,aAAa,IAAI,CAAC,GAAG,EAAE,CAChH,CAAC;QAGF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,IAAI,EAAE,aAAa,EAAE;YAC/F,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,UAAU;YACV,YAAY;SACb,CAAC,CAAC;QAUH,IAAI,aAAa,KAAK,kCAAa,CAAC,YAAY,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;YAClF,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,qCAAqC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YAEtE,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,2CAAwB,EAAE,EAAE;gBAC7D,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,OAAO,EAAE,SAAS;gBAClB,kBAAkB,EAAE,gBAAgB,CAAC,EAAE;aACxC,CAAC,CAAC;YACH,IAAI,CAAC,wBAAwB;iBAC1B,qBAAqB,CAAC,QAAQ,CAAC;iBAC/B,IAAI,CAAC,GAAG,EAAE;gBACT,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,4CAA4C,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YAC/E,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACxB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,wCAAwC,IAAI,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC,CAAC;YAC9F,CAAC,CAAC,CAAC;QACP,CAAC;QAGD,IAAI,CAAC,YAAY,IAAI,aAAa,KAAK,kCAAa,CAAC,YAAY,IAAI,IAAI,CAAC,wBAAwB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACjH,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,gCAAgC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YAEjE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,yCAAsB,EAAE,EAAE;gBACzD,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,kBAAkB,EAAE,gBAAgB,CAAC,EAAE;aACxC,CAAC,CAAC;YACH,IAAI,CAAC,wBAAwB;iBAC1B,mBAAmB,CAAC,MAAM,CAAC;iBAC3B,IAAI,CAAC,GAAG,EAAE;gBACT,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,0CAA0C,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YAC7E,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACxB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,sCAAsC,IAAI,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC,CAAC;YAC5F,CAAC,CAAC,CAAC;QACP,CAAC;QAcD,MAAM,mBAAmB,GAA4B,EAAE,CAAC;QAExD,QAAQ,aAAa,EAAE,CAAC;YACtB,KAAK,kCAAa,CAAC,YAAY;gBAC7B,mBAAmB,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;gBACvC,mBAAmB,CAAC,uBAAuB,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC1F,MAAM;YAER,KAAK,kCAAa,CAAC,YAAY;gBAC7B,mBAAmB,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,SAAS,CAAC;gBACpD,mBAAmB,CAAC,uBAAuB,GAAG,IAAI,CAAC,KAAK;oBACtD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC;oBAC7C,CAAC,CAAC,SAAS,CAAC;gBAEd,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;oBAChB,mBAAmB,CAAC,uBAAuB,GAAG,MAAM,CAAC;oBACrD,mBAAmB,CAAC,YAAY,GAAG,uDAAuD,CAAC;gBAC7F,CAAC;gBACD,MAAM;YAER,KAAK,kCAAa,CAAC,YAAY;gBAC7B,mBAAmB,CAAC,YAAY,GAAG,yCAAyC,CAAC;gBAE7E,IAAI,IAAI,CAAC,kBAAkB,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACpD,mBAAmB,CAAC,uBAAuB,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC5F,CAAC;gBAED,IAAI,IAAI,CAAC,kBAAkB,KAAK,OAAO,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACtD,mBAAmB,CAAC,uBAAuB,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC5F,CAAC;gBACD,MAAM;YAER,KAAK,kCAAa,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBACtC,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,EAAE,cAAc,IAAI,CAAC,GAAG,kCAAgB,CAAC,CAAC;gBAC3E,mBAAmB,CAAC,cAAc,GAAG,cAAc,CAAC;gBACpD,mBAAmB,CAAC,YAAY,GAAG,oEAAoE,CAAC;gBACxG,MAAM;YACR,CAAC;YAED,KAAK,kCAAa,CAAC,qBAAqB;gBACtC,mBAAmB,CAAC,YAAY,GAAG,iDAAiD,CAAC;gBACrF,MAAM;QACV,CAAC;QAED,MAAM,QAAQ,GAAoB;YAChC,aAAa;YACb,OAAO,EAAE,gBAAgB,CAAC,YAAY;YACtC,mBAAmB;YACnB,OAAO,EAAE,IAAI,CAAC,GAAG;SAClB,CAAC;QAEF,OAAO,QAAQ,CAAC;IAClB,CAAC;IA+BD,KAAK,CAAC,+BAA+B,CACnC,IAAW,EACX,MAAmB,EACnB,aAAoC,UAAU,EAC9C,YAAqB;QAIrB,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,0CAA0C,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAEzE,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,EAAE,cAAc,IAAI,CAAC,GAAG,kCAAgB,CAAC,CAAC;QAG3E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,gDAAgD,UAAU,kBAAkB,YAAY,IAAI,MAAM,aAAa,IAAI,CAAC,GAAG,EAAE,CAC1H,CAAC;QAGF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,sBAAsB,CACzE,IAAI,EACJ,kCAAa,CAAC,kBAAkB,EAChC;YACE,cAAc;YACd,aAAa,EAAE,IAAI;YACnB,UAAU;YACV,YAAY;SACb,CACF,CAAC;QAEF,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,yCAAyC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAGxE,OAAO;YACL,aAAa,EAAE,kCAAa,CAAC,kBAAkB;YAC/C,OAAO,EAAE,gBAAgB,CAAC,YAAY;YACtC,mBAAmB,EAAE;gBACnB,cAAc;gBACd,YAAY,EAAE,oEAAoE;aACnF;YACD,OAAO,EAAE,IAAI,CAAC,GAAG;SACC,CAAC;IACvB,CAAC;IAsBD,KAAK,CAAC,0BAA0B,CAAC,IAAW;QAG1C,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,oCAAoC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAGnE,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YACnD,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC1C,KAAK,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE;SACjD,CAAC,CAA4B,CAAC;QAE/B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,+CAA+C,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAG/E,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,cAAc,EAAE,uCAAuC,CAAC,CAAC;QAClG,CAAC;QAGD,MAAM,aAAa,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAsB,CAAC;QAGpF,MAAM,gBAAgB,GAA4B,CAAC,GAAG,aAAa,CAAC,CAAC;QACrE,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpD,gBAAgB,CAAC,IAAI,CAAC,2BAAS,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;QAGD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,0BAA0B,IAAI,CAAC,GAAG,wBAAwB,IAAI,CAAC,kBAAkB,oBAAoB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC3N,CAAC;QAIF,IAAI,eAAuB,CAAC;QAG5B,MAAM,yBAAyB,GAAG,IAAI,CAAC,kBAAkB,EAAE,WAAW,EAAE,CAAC;QAGzE,IACE,yBAAyB;YACzB,CAAC,yBAAyB,KAAK,2BAAS,CAAC,IAAI;gBAC3C,yBAAyB,KAAK,2BAAS,CAAC,GAAG;gBAC3C,yBAAyB,KAAK,2BAAS,CAAC,KAAK;gBAC7C,yBAAyB,KAAK,2BAAS,CAAC,OAAO,CAAC;YAClD,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,yBAAyB,CAAC,EACxE,CAAC;YAGD,eAAe;gBACb,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,yBAAyB,CAAC,IAAI,yBAAyB,CAAC;YACxG,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,oCAAoC,eAAe,mCAAmC,IAAI,CAAC,kBAAkB,GAAG,CACjH,CAAC;QACJ,CAAC;aAAM,CAAC;YAEN,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YACvD,eAAe,GAAG,aAAa,EAAE,IAAI,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC;YAC1D,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,8BAA8B,eAAe,gBAAgB,IAAI,CAAC,kBAAkB,gBAAgB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAChI,CAAC;QACJ,CAAC;QAGD,IAAI,WAA+B,CAAC;QACpC,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,2BAAS,CAAC,GAAG,IAAI,CAAC,CAAC,WAAW,CAAC,CAAC;QACjF,IAAI,SAAS,EAAE,WAAW,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxD,WAAW,GAAG,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC;QAC3F,CAAC;QAGD,IAAI,WAA+B,CAAC;QACpC,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,2BAAS,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;QAC/E,MAAM,WAAW,GAAG,WAAW,EAAE,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC;QACrD,IAAI,WAAW,EAAE,CAAC;YAEhB,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,SAAS,IAAI,MAAM,EAAE,CAAC;gBACxB,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;gBAC/B,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACjD,WAAW,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,MAAM,QAAQ,IAAI,MAAM,EAAE,CAAC,CAAC,CAAC,GAAG,SAAS,OAAO,MAAM,EAAE,CAAC;YAC5G,CAAC;iBAAM,CAAC;gBACN,WAAW,GAAG,WAAW,CAAC;YAC5B,CAAC;QACH,CAAC;QAKD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,IAAI,EAAE,kCAAa,CAAC,YAAY,EAAE;YAC5G,gBAAgB;YAChB,eAAe;YACf,WAAW;YACX,WAAW;YACX,MAAM,EAAE,eAAe;SACxB,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,mCAAmC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAUlE,MAAM,cAAc,GAAG,eAAe,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC;QAC/D,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC;QAEzF,IAAI,CAAC,cAAc,IAAI,SAAS,CAAC,IAAI,IAAI,CAAC,wBAAwB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACjF,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAChB,qCAAqC,IAAI,CAAC,GAAG,eAAe,cAAc,UAAU,SAAS,GAAG,CACjG,CAAC;YAIF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,yCAAsB,EAAE,EAAE;gBACzD,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,wBAAwB,EAAE,IAAI;gBAC9B,kBAAkB,EAAE,gBAAgB,CAAC,EAAE;aACxC,CAAC,CAAC;YACH,IAAI,CAAC,wBAAwB;iBAC1B,mBAAmB,CAAC,MAAM,CAAC;iBAC3B,IAAI,CAAC,GAAG,EAAE;gBACT,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,0CAA0C,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAC3E,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACxB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,uCAAuC,IAAI,CAAC,GAAG,KAAK,YAAY,EAAE,CAAC,CAAC;YAC3F,CAAC,CAAC,CAAC;QACP,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,sCAAsC,IAAI,CAAC,GAAG,IAAI;gBAChD,gBAAgB,CAAC,CAAC,IAAI,CAAC,wBAAwB,IAAI;gBACnD,mBAAmB,eAAe,IAAI;gBACtC,kBAAkB,cAAc,IAAI;gBACpC,aAAa,SAAS,IAAI;gBAC1B,kBAAkB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;gBAC/C,SAAS,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,CAC1B,CAAC;QACJ,CAAC;QAUD,MAAM,gBAAgB,GAAG,eAAe,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC;QACnE,MAAM,WAAW,GAAG,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC;QAE7F,IAAI,CAAC,gBAAgB,IAAI,WAAW,CAAC,IAAI,IAAI,CAAC,wBAAwB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACrF,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAChB,uCAAuC,IAAI,CAAC,GAAG,eAAe,gBAAgB,UAAU,WAAW,GAAG,CACvG,CAAC;YAIF,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,2CAAwB,EAAE,EAAE;gBAC7D,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,OAAO,EAAE,SAAS;gBAClB,wBAAwB,EAAE,IAAI;gBAC9B,kBAAkB,EAAE,gBAAgB,CAAC,EAAE;aACxC,CAAC,CAAC;YACH,IAAI,CAAC,wBAAwB;iBAC1B,qBAAqB,CAAC,QAAQ,CAAC;iBAC/B,IAAI,CAAC,GAAG,EAAE;gBACT,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,4CAA4C,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAC7E,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;gBACxB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,yCAAyC,IAAI,CAAC,GAAG,KAAK,YAAY,EAAE,CAAC,CAAC;YAC7F,CAAC,CAAC,CAAC;QACP,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,wCAAwC,IAAI,CAAC,GAAG,IAAI;gBAClD,gBAAgB,CAAC,CAAC,IAAI,CAAC,wBAAwB,IAAI;gBACnD,mBAAmB,eAAe,IAAI;gBACtC,oBAAoB,gBAAgB,IAAI;gBACxC,eAAe,WAAW,IAAI;gBAC9B,kBAAkB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;gBAC/C,SAAS,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,CAC1B,CAAC;QACJ,CAAC;QAID,MAAM,eAAe,GAA4B;YAC/C,gBAAgB;YAChB,eAAe,EAAE,eAAkC;SACpD,CAAC;QACF,IAAI,WAAW,EAAE,CAAC;YAChB,eAAe,CAAC,WAAW,GAAG,WAAW,CAAC;QAC5C,CAAC;QACD,IAAI,WAAW,IAAI,eAAe,CAAC,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;YAE7D,eAAe,CAAC,WAAW,GAAG,WAAW,IAAI,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QAChE,CAAC;QAED,OAAO;YACL,aAAa,EAAE,kCAAa,CAAC,YAAY;YACzC,OAAO,EAAE,gBAAgB,CAAC,YAAY;YACtC,mBAAmB,EAAE,eAAe;SAClB,CAAC;IACvB,CAAC;IA4BD,KAAK,CAAC,qBAAqB,CACzB,IAAW,EACX,WAAoB,EACpB,SAAmB,EACnB,cAAc,GAAG,KAAK,EACtB,SAOC;QAGD,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC;QAChD,MAAM,gBAAgB,GAAG,UAAU,CAAC,WAAW,IAAI,WAAW,CAAC;QAS/D,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,mBAAmB,EAAE,CAAC;QAI1D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;YACzD,MAAM,EAAE,IAAI,CAAC,GAAG;YAChB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS,EAAE,MAAM;YACjB,WAAW;SACZ,CAAC,CAAC;QAGH,IAAI,aAAa,GAAG,gBAAgB,CAAC;QACrC,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,MAAM,GAAG,wDAAa,QAAQ,GAAC,CAAC;YACtC,aAAa,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACtC,CAAC;QAID,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;YACtD,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,eAAe,EAAE,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,CAAC,WAAW,CAAC;YAClE,gBAAgB,EAAE,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC;YACpE,WAAW;YACX,QAAQ,EAAE,aAAa;YACvB,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,wBAAwB,EAAE;YACzD,UAAU,EAAE,UAAU;SACvB,CAAC,CAAC;QAIH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;YACrD,MAAM,EAAE,IAAI,CAAC,GAAG;YAChB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE;YAChC,WAAW;SACZ,CAAC,CAAC;QAGH,MAAM,IAAI,CAAC,cAAc,CAAC,YAAY,CACpC,OAAO,CAAC,EAAE,EACV,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,EAC7C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAC/C,CAAC;QAGF,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC5F,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAE/F,MAAM,QAAQ,GAAoB;YAChC,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,oBAAoB,EAAE,qBAAqB,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAC7D,qBAAqB,EAAE,sBAAsB,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAC/D,OAAO,EAAE,SAAS;YAOlB,WAAW,EAAE,gBAAgB;YAC7B,IAAI,EAAE;gBACJ,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,SAAS;gBAC9B,eAAe,EAAE,IAAI,CAAC,eAAe;gBACrC,eAAe,EAAE,IAAI,CAAC,eAAe,IAAI,SAAS;gBAClD,eAAe,EAAE,IAAI,CAAC,eAAe,IAAI,SAAS;gBAClD,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,YAAY;aACrC;YACD,OAAO,EAAE,IAAI,CAAC,GAAG;SAClB,CAAC;QAEF,OAAO,QAAQ,CAAC;IAClB,CAAC;IA2BD,KAAK,CAAC,qBAAqB,CAAC,MAO3B;QACC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,GAAG,KAAK,EAAE,mBAAmB,GAAG,KAAK,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;QAE/G,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,2DAA2D,IAAI,CAAC,GAAG,mBAAmB,aAAa,aAAa,mBAAmB,iBAAiB,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,GAAG,CACxL,CAAC;QAGF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC;YAC9C,IAAI;YACJ,MAAM;YACN,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU;YACjD,YAAY;YACZ,WAAW;YACX,mBAAmB;SACpB,CAAC,CAAC;QAGH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAG7D,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACpE,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,wCAAwC,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YAClG,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,cAAc,EAAE,8BAA8B,CAAC,CAAC;QACzF,CAAC;QAGD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAGjE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,eAAe,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEvF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,2BAA2B,KAAK,iBAAiB,QAAQ,CAAC,aAAa,IAAI,SAAS,aAAa,IAAI,CAAC,GAAG,EAAE,CAC5G,CAAC;QAEF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAcO,KAAK,CAAC,eAAe,CAC3B,KAAoB,EACpB,eAA8C,EAC9C,OAAwB,EACxB,QAMC;QAGD,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC;QAChD,MAAM,WAAW,GAAG,UAAU,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC;QAElE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,UAAU,CAAC;QAGpD,IAAI,eAAe,CAAC,SAAS,EAAE,CAAC;YAE9B,IAAI,eAAe,CAAC,SAAS,KAAK,kCAAa,CAAC,kBAAkB,EAAE,CAAC;gBACnE,OAAO,IAAI,CAAC,+BAA+B,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;YAC9G,CAAC;YAGD,IAAI,eAAe,CAAC,SAAS,KAAK,kCAAa,CAAC,YAAY,EAAE,CAAC;gBAC7D,OAAO,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACvD,CAAC;YAGD,OAAO,IAAI,CAAC,uBAAuB,CACjC,OAAO,CAAC,IAAI,EACZ,eAAe,CAAC,SAAS,EACzB,OAAO,CAAC,MAAM,EACd,UAAU,EACV,OAAO,CAAC,YAAY,CACrB,CAAC;QACJ,CAAC;QAGD,IAAI,KAAK,KAAK,6CAAa,CAAC,mBAAmB,EAAE,CAAC;YAEhD,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;YACnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAC/C,OAAO,CAAC,IAAI,EACZ,WAAW,EACX,SAAS,EACT,OAAO,CAAC,UAAU,KAAK,QAAQ,EAC/B,QAAQ,CACT,CAAC;YAEF,IAAI,QAAQ,EAAE,iBAAiB,EAAE,CAAC;gBAC/B,QAA2D,CAAC,iBAAiB,GAAG,QAAQ,CAAC,iBAAiB,CAAC;YAC9G,CAAC;YACD,IAAI,QAAQ,EAAE,SAAS,KAAK,SAAS,EAAE,CAAC;gBACrC,QAAqD,CAAC,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC;YACxF,CAAC;YACD,IAAI,QAAQ,EAAE,SAAS,EAAE,CAAC;gBACvB,QAAwE,CAAC,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC;YAC3G,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,IAAI,KAAK,KAAK,6CAAa,CAAC,OAAO,EAAE,CAAC;YAEpC,MAAM,SAAS,GACZ,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,aAAa,EAAE,SAA2B;gBACzE,gCAAa,CAAC,wBAAwB,CAAC;YACzC,MAAM,OAAO,GACX,QAAQ,EAAE,MAAM;gBAChB,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,aAAa,EAAE,OAAO;gBACpD,4CAA4C,CAAC;YAC/C,MAAM,IAAI,gCAAc,CAAC,SAAS,EAAE,OAAO,EAAE;gBAC3C,SAAS,EAAE,QAAQ,EAAE,YAAY;aAClC,CAAC,CAAC;QACL,CAAC;QAGD,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;QACnD,OAAO,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,UAAU,KAAK,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACrH,CAAC;CACF;AAlxBD,gEAkxBC"}

package/dist/services/auth-flow-context-builder.service.d.ts

@@ -0,0 +1,31 @@
+import { IUser } from '../interfaces/entities.interface';
+import { NAuthConfig } from '../interfaces/config.interface';
+import { TrustedDeviceService } from './trusted-device.service';
+import { AdaptiveMFADecisionService } from './adaptive-mfa-decision.service';
+import { ClientInfoService } from './client-info.service';
+import { NAuthLogger } from '../utils/nauth-logger';
+import { AuthFlowContext } from './auth-flow-state-machine.types';
+export declare class AuthFlowContextBuilder {
+    private readonly trustedDeviceService?;
+    private readonly adaptiveMFADecisionService?;
+    private readonly logger?;
+    constructor(trustedDeviceService?: TrustedDeviceService | undefined, adaptiveMFADecisionService?: AdaptiveMFADecisionService | undefined, _clientInfoService?: ClientInfoService, logger?: NAuthLogger | undefined);
+    build(params: {
+        user: IUser;
+        config: NAuthConfig;
+        authMethod?: 'password' | 'social';
+        authProvider?: string;
+        deviceToken?: string;
+        skipMFAVerification?: boolean;
+    }): Promise<AuthFlowContext>;
+    private isEmailVerificationRequired;
+    private isPhoneVerificationRequired;
+    private isPhoneCollectionNeeded;
+    private checkMFAExempt;
+    private isMFASetupRequired;
+    private checkDeviceTrust;
+    private calculateGracePeriod;
+    private checkBlocked;
+    private checkMFAVerification;
+}
+//# sourceMappingURL=auth-flow-context-builder.service.d.ts.map

package/dist/services/auth-flow-context-builder.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-flow-context-builder.service.d.ts","sourceRoot":"","sources":["../../src/services/auth-flow-context-builder.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,kCAAkC,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAmBlE,qBAAa,sBAAsB;IAE/B,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IAE5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAHP,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAC3C,0BAA0B,CAAC,EAAE,0BAA0B,YAAA,EACxE,kBAAkB,CAAC,EAAE,iBAAiB,EACrB,MAAM,CAAC,EAAE,WAAW,YAAA;IAyBjC,KAAK,CAAC,MAAM,EAAE;QAClB,IAAI,EAAE,KAAK,CAAC;QACZ,MAAM,EAAE,WAAW,CAAC;QACpB,UAAU,CAAC,EAAE,UAAU,GAAG,QAAQ,CAAC;QACnC,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,mBAAmB,CAAC,EAAE,OAAO,CAAC;KAC/B,GAAG,OAAO,CAAC,eAAe,CAAC;IAyE5B,OAAO,CAAC,2BAA2B;IA8BnC,OAAO,CAAC,2BAA2B;IAwCnC,OAAO,CAAC,uBAAuB;IAiC/B,OAAO,CAAC,cAAc;IActB,OAAO,CAAC,kBAAkB;YAsDZ,gBAAgB;IA2B9B,OAAO,CAAC,oBAAoB;YAmCd,YAAY;YA8BZ,oBAAoB;CAyHnC"}