@nauth-toolkit/core 0.1.0

package/dist/services/jwt.service.js

@@ -0,0 +1,261 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtService = void 0;
+const jose = __importStar(require("jose"));
+const nauth_exception_1 = require("../exceptions/nauth.exception");
+const error_codes_enum_1 = require("../enums/error-codes.enum");
+const crypto = __importStar(require("crypto"));
+class JwtService {
+    config;
+    accessTokenKey = null;
+    refreshTokenKey = null;
+    constructor(jwtConfig) {
+        this.config = jwtConfig;
+        this.prepareKeys();
+    }
+    prepareKeys() {
+        if (this.config.accessToken.privateKey) {
+            this.accessTokenKey = crypto.createPrivateKey(this.config.accessToken.privateKey);
+        }
+        else if (this.config.accessToken.secret) {
+            this.accessTokenKey = new TextEncoder().encode(this.config.accessToken.secret);
+        }
+        if (this.config.refreshToken.secret) {
+            this.refreshTokenKey = new TextEncoder().encode(this.config.refreshToken.secret);
+        }
+    }
+    getAlgorithm() {
+        return this.config.algorithm || 'HS256';
+    }
+    getRefreshTokenAlgorithm() {
+        const configuredAlgorithm = this.config.algorithm || 'HS256';
+        if (configuredAlgorithm === 'HS256' || configuredAlgorithm === 'HS384' || configuredAlgorithm === 'HS512') {
+            return configuredAlgorithm;
+        }
+        return 'HS256';
+    }
+    async generateTokenPair(data) {
+        const tokenFamily = data.tokenFamily || this.generateTokenFamily();
+        const accessToken = await this.generateAccessToken({
+            ...data,
+            tokenFamily,
+        });
+        const refreshToken = await this.generateRefreshToken({
+            ...data,
+            tokenFamily,
+        });
+        const expiresIn = this.parseExpiresIn(this.config.accessToken.expiresIn);
+        return {
+            accessToken,
+            refreshToken,
+            expiresIn,
+        };
+    }
+    async generateAccessToken(data) {
+        if (!this.accessTokenKey) {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.INTERNAL_ERROR, 'Access token key not configured. Provide secret or privateKey.');
+        }
+        const algorithm = this.getAlgorithm();
+        let jwt = new jose.SignJWT({
+            sub: data.userId,
+            email: data.email,
+            type: 'access',
+            sessionId: data.sessionId,
+            tokenFamily: data.tokenFamily,
+        })
+            .setProtectedHeader({ alg: algorithm })
+            .setIssuedAt()
+            .setExpirationTime(this.config.accessToken.expiresIn);
+        if (this.config.issuer) {
+            jwt = jwt.setIssuer(this.config.issuer);
+        }
+        if (this.config.audience) {
+            if (Array.isArray(this.config.audience)) {
+                jwt = jwt.setAudience(this.config.audience);
+            }
+            else {
+                jwt = jwt.setAudience(this.config.audience);
+            }
+        }
+        return await jwt.sign(this.accessTokenKey);
+    }
+    async generateRefreshToken(data) {
+        if (!this.refreshTokenKey) {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.INTERNAL_ERROR, 'Refresh token secret not configured.');
+        }
+        const algorithm = this.getRefreshTokenAlgorithm();
+        const jwt = new jose.SignJWT({
+            sub: data.userId,
+            email: data.email,
+            type: 'refresh',
+            sessionId: data.sessionId,
+            tokenFamily: data.tokenFamily,
+        })
+            .setProtectedHeader({ alg: algorithm })
+            .setIssuedAt()
+            .setExpirationTime(this.config.refreshToken.expiresIn);
+        return await jwt.sign(this.refreshTokenKey);
+    }
+    async validateAccessToken(token) {
+        try {
+            let verificationKey;
+            if (this.config.accessToken.publicKey) {
+                verificationKey = crypto.createPublicKey(this.config.accessToken.publicKey);
+            }
+            else if (this.accessTokenKey) {
+                verificationKey = this.accessTokenKey;
+            }
+            else {
+                throw new Error('No verification key available');
+            }
+            const { payload } = await jose.jwtVerify(token, verificationKey, {
+                issuer: this.config.issuer,
+                audience: this.config.audience,
+            });
+            const jwtPayload = payload;
+            if (jwtPayload.type !== 'access') {
+                return {
+                    valid: false,
+                    error: 'Invalid token type',
+                    errorType: 'invalid',
+                };
+            }
+            return {
+                valid: true,
+                payload: jwtPayload,
+            };
+        }
+        catch (error) {
+            return this.handleValidationError(error);
+        }
+    }
+    async validateRefreshToken(token) {
+        try {
+            if (!this.refreshTokenKey) {
+                throw new Error('Refresh token key not configured');
+            }
+            const { payload } = await jose.jwtVerify(token, this.refreshTokenKey);
+            const jwtPayload = payload;
+            if (jwtPayload.type !== 'refresh') {
+                return {
+                    valid: false,
+                    error: 'Invalid token type',
+                    errorType: 'invalid',
+                };
+            }
+            return {
+                valid: true,
+                payload: jwtPayload,
+            };
+        }
+        catch (error) {
+            return this.handleValidationError(error);
+        }
+    }
+    decodeToken(token) {
+        try {
+            const payload = jose.decodeJwt(token);
+            return payload;
+        }
+        catch {
+            return null;
+        }
+    }
+    generateTokenFamily() {
+        return crypto.randomBytes(32).toString('hex');
+    }
+    hashToken(token) {
+        return crypto.createHash('sha256').update(token).digest('hex');
+    }
+    getAccessTokenExpiry() {
+        return this.parseExpiresIn(this.config.accessToken.expiresIn);
+    }
+    getRefreshTokenTTL() {
+        return this.parseExpiresIn(this.config.refreshToken.expiresIn);
+    }
+    extractTokenFromHeader(authHeader) {
+        if (!authHeader)
+            return null;
+        const [type, token] = authHeader.split(' ');
+        if (type !== 'Bearer')
+            return null;
+        return token || null;
+    }
+    parseExpiresIn(expiresIn) {
+        if (typeof expiresIn === 'number') {
+            return expiresIn;
+        }
+        const units = {
+            s: 1,
+            m: 60,
+            h: 3600,
+            d: 86400,
+        };
+        const match = expiresIn.match(/^(\d+)([smhd])$/);
+        if (!match) {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.VALIDATION_FAILED, `Invalid expiresIn format: ${expiresIn}`);
+        }
+        const [, value, unit] = match;
+        return parseInt(value, 10) * units[unit];
+    }
+    handleValidationError(error) {
+        if (error instanceof Error) {
+            const errorWithCode = error;
+            const errorCode = errorWithCode.code;
+            if (error.message.includes('expired') || errorCode === 'ERR_JWT_EXPIRED') {
+                return {
+                    valid: false,
+                    error: 'Token has expired',
+                    errorType: 'expired',
+                };
+            }
+            if (error.message.includes('signature') || error.message.includes('invalid') || errorCode === 'ERR_JWT_INVALID') {
+                return {
+                    valid: false,
+                    error: 'Invalid token',
+                    errorType: 'invalid',
+                };
+            }
+        }
+        return {
+            valid: false,
+            error: 'Token validation failed',
+            errorType: 'malformed',
+        };
+    }
+}
+exports.JwtService = JwtService;
+//# sourceMappingURL=jwt.service.js.map

package/dist/services/jwt.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.service.js","sourceRoot":"","sources":["../../src/services/jwt.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,mEAA+D;AAC/D,gEAA0D;AAC1D,+CAAiC;AA2GjC,MAAa,UAAU;IAEJ,MAAM,CAAY;IAG3B,cAAc,GAAyC,IAAI,CAAC;IAG5D,eAAe,GAAyC,IAAI,CAAC;IAErE,YAAY,SAAoB;QAC9B,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QACxB,IAAI,CAAC,WAAW,EAAE,CAAC;IACrB,CAAC;IAUO,WAAW;QAEjB,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC;YAEvC,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QACpF,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;YAE1C,IAAI,CAAC,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACjF,CAAC;QAGD,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;YACpC,IAAI,CAAC,eAAe,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;IAWO,YAAY;QAElB,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC;IAC1C,CAAC;IAeO,wBAAwB;QAC9B,MAAM,mBAAmB,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC;QAI7D,IAAI,mBAAmB,KAAK,OAAO,IAAI,mBAAmB,KAAK,OAAO,IAAI,mBAAmB,KAAK,OAAO,EAAE,CAAC;YAC1G,OAAO,mBAAmB,CAAC;QAC7B,CAAC;QAID,OAAO,OAAO,CAAC;IACjB,CAAC;IA+BD,KAAK,CAAC,iBAAiB,CAAC,IAKvB;QAEC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAGnE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC;YACjD,GAAG,IAAI;YACP,WAAW;SACZ,CAAC,CAAC;QAGH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC;YACnD,GAAG,IAAI;YACP,WAAW;SACZ,CAAC,CAAC;QAGH,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAEzE,OAAO;YACL,WAAW;YACX,YAAY;YACZ,SAAS;SACV,CAAC;IACJ,CAAC;IAWD,KAAK,CAAC,mBAAmB,CAAC,IAKzB;QACC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,gCAAc,CACtB,gCAAa,CAAC,cAAc,EAC5B,gEAAgE,CACjE,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,IAAI,GAAG,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC;YACzB,GAAG,EAAE,IAAI,CAAC,MAAM;YAChB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;aACtC,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAGxD,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACvB,GAAG,GAAG,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;QAGD,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACxC,GAAG,GAAG,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,GAAG,GAAG,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC7C,CAAC;IAeD,KAAK,CAAC,oBAAoB,CAAC,IAK1B;QACC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YAC1B,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,cAAc,EAAE,sCAAsC,CAAC,CAAC;QACjG,CAAC;QAGD,MAAM,SAAS,GAAG,IAAI,CAAC,wBAAwB,EAAE,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC;YAC3B,GAAG,EAAE,IAAI,CAAC,MAAM;YAChB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,SAAS;YACf,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;aACtC,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAEzD,OAAO,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC9C,CAAC;IA+BD,KAAK,CAAC,mBAAmB,CAAC,KAAa;QACrC,IAAI,CAAC;YAEH,IAAI,eAA8C,CAAC;YAEnD,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,CAAC;gBAEtC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YAC9E,CAAC;iBAAM,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBAE/B,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC;YACxC,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;YAGD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,eAAe,EAAE;gBAC/D,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;gBAC1B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;aAC/B,CAAC,CAAC;YAGH,MAAM,UAAU,GAAG,OAAgC,CAAC;YAGpD,IAAI,UAAU,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACjC,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,oBAAoB;oBAC3B,SAAS,EAAE,SAAS;iBACrB,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,UAAU;aACpB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAWD,KAAK,CAAC,oBAAoB,CAAC,KAAa;QACtC,IAAI,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;YACtD,CAAC;YAGD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;YAGtE,MAAM,UAAU,GAAG,OAAgC,CAAC;YAGpD,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAClC,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,oBAAoB;oBAC3B,SAAS,EAAE,SAAS;iBACrB,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,UAAU;aACpB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAWD,WAAW,CAAC,KAAa;QACvB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAEtC,OAAO,OAAgC,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAgBD,mBAAmB;QACjB,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAWD,SAAS,CAAC,KAAa;QACrB,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjE,CAAC;IAaD,oBAAoB;QAClB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IAChE,CAAC;IASD,kBAAkB;QAChB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;IACjE,CAAC;IAgBD,sBAAsB,CAAC,UAAmB;QACxC,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAE7B,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAG5C,IAAI,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAEnC,OAAO,KAAK,IAAI,IAAI,CAAC;IACvB,CAAC;IAWO,cAAc,CAAC,SAA0B;QAC/C,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO,SAAS,CAAC;QACnB,CAAC;QAGD,MAAM,KAAK,GAA2B;YACpC,CAAC,EAAE,CAAC;YACJ,CAAC,EAAE,EAAE;YACL,CAAC,EAAE,IAAI;YACP,CAAC,EAAE,KAAK;SACT,CAAC;QAEF,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACjD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,iBAAiB,EAAE,6BAA6B,SAAS,EAAE,CAAC,CAAC;QACtG,CAAC;QAED,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC;QAC9B,OAAO,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAOO,qBAAqB,CAAC,KAAc;QAC1C,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAE3B,MAAM,aAAa,GAAG,KAAkC,CAAC;YACzD,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC;YAGrC,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,KAAK,iBAAiB,EAAE,CAAC;gBACzE,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,mBAAmB;oBAC1B,SAAS,EAAE,SAAS;iBACrB,CAAC;YACJ,CAAC;YAGD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,KAAK,iBAAiB,EAAE,CAAC;gBAChH,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,eAAe;oBACtB,SAAS,EAAE,SAAS;iBACrB,CAAC;YACJ,CAAC;QACH,CAAC;QAGD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,yBAAyB;YAChC,SAAS,EAAE,WAAW;SACvB,CAAC;IACJ,CAAC;CACF;AA7fD,gCA6fC"}

package/dist/services/mfa-base.service.d.ts

@@ -0,0 +1,37 @@
+import { Repository } from 'typeorm';
+import { BaseMFADevice, BaseUser } from '../entities';
+import { IUser, IMFADevice } from '../interfaces/entities.interface';
+import { NAuthConfig } from '../interfaces/config.interface';
+import { NAuthLogger } from '../utils/nauth-logger';
+import { InternalAuthAuditService as AuthAuditService } from './auth-audit.service';
+import { ClientInfoService } from './client-info.service';
+import { IMFAProviderService } from '../interfaces/mfa-provider.interface';
+import { ChallengeService } from './challenge.service';
+export declare abstract class BaseMFAProviderService implements IMFAProviderService {
+    protected readonly mfaDeviceRepository: Repository<BaseMFADevice>;
+    protected readonly userRepository: Repository<BaseUser>;
+    protected readonly config: NAuthConfig;
+    protected readonly logger: NAuthLogger;
+    protected readonly passwordService?: unknown | undefined;
+    protected readonly challengeService?: ChallengeService | undefined;
+    protected readonly auditService?: AuthAuditService | undefined;
+    protected readonly clientInfoService?: ClientInfoService | undefined;
+    abstract readonly methodName: string;
+    constructor(mfaDeviceRepository: Repository<BaseMFADevice>, userRepository: Repository<BaseUser>, config: NAuthConfig, logger: NAuthLogger, passwordService?: unknown | undefined, challengeService?: ChallengeService | undefined, auditService?: AuthAuditService | undefined, clientInfoService?: ClientInfoService | undefined);
+    isMethodAllowed(): boolean;
+    abstract setup(user: IUser, setupData?: unknown): Promise<unknown>;
+    abstract verifySetup(user: IUser, verificationData: unknown, deviceName?: string): Promise<number>;
+    abstract verify(user: IUser, code: unknown, deviceId?: number): Promise<boolean>;
+    protected getUserDevices(userId: number): Promise<IMFADevice[]>;
+    protected createDevice(userId: number, deviceData: Partial<IMFADevice>): Promise<IMFADevice>;
+    protected findDevice(userId: number, deviceId?: number): Promise<IMFADevice | null>;
+    protected updateDeviceUsage(deviceId: number): Promise<void>;
+    protected enableMFAForUser(user: IUser): Promise<void>;
+    generateBackupCodes(user: IUser): Promise<string[]>;
+    protected verifyBackupCode(user: IUser, code: string): Promise<boolean>;
+    protected generateRandomCode(length: number): string;
+    protected maskPhone(phone: string): string;
+    protected maskEmail(email: string): string;
+    protected isMFARequired(user: IUser): Promise<boolean>;
+}
+//# sourceMappingURL=mfa-base.service.d.ts.map

package/dist/services/mfa-base.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa-base.service.d.ts","sourceRoot":"","sources":["../../src/services/mfa-base.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEtD,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAEpF,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAG1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAE3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AA6CvD,8BAAsB,sBAAuB,YAAW,mBAAmB;IAIvE,SAAS,CAAC,QAAQ,CAAC,mBAAmB,EAAE,UAAU,CAAC,aAAa,CAAC;IACjE,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC;IACvD,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW;IACtC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW;IACtC,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO;IAC5C,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,gBAAgB;IACtD,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,gBAAgB;IAClD,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB;IAV1D,QAAQ,CAAC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAGhB,mBAAmB,EAAE,UAAU,CAAC,aAAa,CAAC,EAC9C,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW,EACnB,eAAe,CAAC,EAAE,OAAO,YAAA,EACzB,gBAAgB,CAAC,EAAE,gBAAgB,YAAA,EACnC,YAAY,CAAC,EAAE,gBAAgB,YAAA,EAC/B,iBAAiB,CAAC,EAAE,iBAAiB,YAAA;IAQ1D,eAAe,IAAI,OAAO;IAM1B,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAClE,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAClG,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;cAgBhE,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;cA0CrD,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;cAuFlF,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;cAyBzE,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;cAmBlD,gBAAgB,CAAC,IAAI,EAAE,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC;IAmFtD,mBAAmB,CAAC,IAAI,EAAE,KAAK,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;cAkEzC,gBAAgB,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA4E7E,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAiBpD,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAsB1C,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;cAwB1B,aAAa,CAAC,IAAI,EAAE,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC;CAgD7D"}

package/dist/services/mfa-base.service.js

@@ -0,0 +1,297 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseMFAProviderService = void 0;
+const crypto_1 = require("crypto");
+const auth_audit_event_type_enum_1 = require("../enums/auth-audit-event-type.enum");
+const nauth_exception_1 = require("../exceptions/nauth.exception");
+const error_codes_enum_1 = require("../enums/error-codes.enum");
+const mfa_method_enum_1 = require("../enums/mfa-method.enum");
+class BaseMFAProviderService {
+    mfaDeviceRepository;
+    userRepository;
+    config;
+    logger;
+    passwordService;
+    challengeService;
+    auditService;
+    clientInfoService;
+    constructor(mfaDeviceRepository, userRepository, config, logger, passwordService, challengeService, auditService, clientInfoService) {
+        this.mfaDeviceRepository = mfaDeviceRepository;
+        this.userRepository = userRepository;
+        this.config = config;
+        this.logger = logger;
+        this.passwordService = passwordService;
+        this.challengeService = challengeService;
+        this.auditService = auditService;
+        this.clientInfoService = clientInfoService;
+    }
+    isMethodAllowed() {
+        const allowedMethods = this.config.mfa?.allowedMethods || [...mfa_method_enum_1.MFADeviceMethods];
+        return allowedMethods.includes(this.methodName);
+    }
+    async getUserDevices(userId) {
+        const devices = await this.mfaDeviceRepository.find({
+            where: { userId },
+            order: { isPrimary: 'DESC', createdAt: 'DESC' },
+        });
+        return devices;
+    }
+    async createDevice(userId, deviceData) {
+        const device = await this.userRepository.manager.transaction(async (transactionalEntityManager) => {
+            await transactionalEntityManager
+                .createQueryBuilder()
+                .select('user.id')
+                .from(this.userRepository.target, 'user')
+                .where('user.id = :userId', { userId })
+                .setLock('pessimistic_write')
+                .getOne();
+            const existingDevice = await transactionalEntityManager
+                .getRepository(this.mfaDeviceRepository.target)
+                .createQueryBuilder('device')
+                .where('device.userId = :userId', { userId })
+                .andWhere('device.type = :type', { type: this.methodName })
+                .getOne();
+            if (existingDevice) {
+                this.logger?.log?.(`MFA device of type '${this.methodName}' already exists for user ${userId}, returning existing device`);
+                return existingDevice;
+            }
+            const newDevice = transactionalEntityManager.getRepository(this.mfaDeviceRepository.target).create({
+                userId,
+                type: this.methodName,
+                ...deviceData,
+            });
+            const saved = await transactionalEntityManager.getRepository(this.mfaDeviceRepository.target).save(newDevice);
+            this.logger?.log?.(`Created new MFA device: type='${this.methodName}', userId=${userId}, deviceId=${saved.id}`);
+            return saved;
+        });
+        if (this.auditService && this.clientInfoService) {
+            try {
+                await this.auditService.recordEvent({
+                    userId,
+                    eventType: auth_audit_event_type_enum_1.AuthAuditEventType.MFA_DEVICE_ADDED,
+                    eventStatus: 'SUCCESS',
+                    metadata: {
+                        mfaMethod: this.methodName,
+                        deviceId: device.id,
+                        deviceName: device.name,
+                        isPrimary: device.isPrimary,
+                    },
+                });
+            }
+            catch (auditError) {
+                const errorMessage = auditError instanceof Error ? auditError.message : 'Unknown error';
+                this.logger?.error?.(`Failed to record MFA_DEVICE_ADDED audit event: ${errorMessage}`, {
+                    error: auditError,
+                    userId,
+                    methodName: this.methodName,
+                });
+            }
+        }
+        return device;
+    }
+    async findDevice(userId, deviceId) {
+        const where = {
+            userId,
+            type: this.methodName,
+            isActive: true,
+        };
+        if (deviceId) {
+            where.id = deviceId;
+        }
+        const device = await this.mfaDeviceRepository.findOne({
+            where,
+            order: { isPrimary: 'DESC', lastUsedAt: 'DESC' },
+        });
+        return device ? device : null;
+    }
+    async updateDeviceUsage(deviceId) {
+        const device = await this.mfaDeviceRepository.findOne({ where: { id: deviceId } });
+        if (device) {
+            device.lastUsedAt = new Date();
+            device.usageCount = (device.usageCount || 0) + 1;
+            await this.mfaDeviceRepository.save(device);
+        }
+    }
+    async enableMFAForUser(user) {
+        const userId = user.id;
+        const userEntity = await this.userRepository.findOne({ where: { id: userId } });
+        if (!userEntity) {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.NOT_FOUND, 'User not found when enabling MFA');
+        }
+        const userEntityRecord = userEntity;
+        const isFirstDevice = !userEntityRecord.mfaEnabled;
+        if (!userEntityRecord.mfaEnabled) {
+            userEntityRecord.mfaEnabled = true;
+            userEntityRecord.mfaEnforcedAt = new Date();
+        }
+        const devices = await this.getUserDevices(userId);
+        const methods = [...new Set(devices.filter((d) => d.isActive).map((d) => d.type))];
+        userEntityRecord.mfaMethods = methods;
+        if (!userEntityRecord.preferredMfaMethod && methods.length > 0) {
+            const primaryDevice = devices.find((d) => d.isPrimary && d.isActive);
+            userEntityRecord.preferredMfaMethod = primaryDevice?.type || methods[0];
+        }
+        await this.userRepository.save(userEntity);
+        if (isFirstDevice && this.auditService && this.clientInfoService) {
+            try {
+                await this.auditService?.recordEvent({
+                    userId: user.id,
+                    eventType: auth_audit_event_type_enum_1.AuthAuditEventType.MFA_ENABLED,
+                    eventStatus: 'SUCCESS',
+                    metadata: {
+                        mfaMethod: this.methodName,
+                        mfaMethods: methods,
+                    },
+                });
+            }
+            catch (auditError) {
+                const errorMessage = auditError instanceof Error ? auditError.message : 'Unknown error';
+                this.logger?.error?.(`Failed to record MFA_ENABLED audit event: ${errorMessage}`, {
+                    error: auditError,
+                    userId: user.id,
+                    methodName: this.methodName,
+                });
+            }
+        }
+    }
+    async generateBackupCodes(user) {
+        const userEntity = user;
+        const config = this.config.mfa?.backup;
+        const codeCount = config?.codeCount || 10;
+        const codeLength = config?.codeLength || 8;
+        const codes = [];
+        for (let i = 0; i < codeCount; i++) {
+            const code = this.generateRandomCode(codeLength);
+            codes.push(code);
+        }
+        if (!this.passwordService || typeof this.passwordService.hashPassword !== 'function') {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.VALIDATION_FAILED, 'Password service is not available');
+        }
+        const passwordService = this.passwordService;
+        const hashedCodes = await Promise.all(codes.map((code) => passwordService.hashPassword(code)));
+        userEntity.backupCodes = hashedCodes;
+        await this.userRepository.save(userEntity);
+        this.logger?.log?.(`Generated ${codeCount} backup codes for user: ${user.sub}`);
+        if (this.auditService && this.clientInfoService) {
+            try {
+                await this.auditService?.recordEvent({
+                    userId: user.id,
+                    eventType: auth_audit_event_type_enum_1.AuthAuditEventType.MFA_BACKUP_CODES_GENERATED,
+                    eventStatus: 'INFO',
+                    metadata: {
+                        codeCount,
+                        codeLength,
+                    },
+                });
+            }
+            catch (auditError) {
+                const errorMessage = auditError instanceof Error ? auditError.message : 'Unknown error';
+                this.logger?.error?.(`Failed to record MFA_BACKUP_CODES_GENERATED audit event: ${errorMessage}`, {
+                    error: auditError,
+                    userId: user.id,
+                });
+            }
+        }
+        return codes;
+    }
+    async verifyBackupCode(user, code) {
+        const userEntity = user;
+        const backupCodes = userEntity.backupCodes;
+        if (!backupCodes || backupCodes.length === 0) {
+            this.logger?.warn?.('No backup codes available');
+            return false;
+        }
+        if (!this.passwordService ||
+            typeof this.passwordService.verifyPassword !== 'function') {
+            this.logger?.warn?.('Backup code verification attempted but password service is not available');
+            return false;
+        }
+        const passwordService = this.passwordService;
+        for (let i = 0; i < backupCodes.length; i++) {
+            const isValid = await passwordService.verifyPassword(code, backupCodes[i]);
+            if (isValid) {
+                backupCodes.splice(i, 1);
+                userEntity.backupCodes = backupCodes;
+                await this.userRepository.save(userEntity);
+                this.logger?.log?.(`Backup code verified and removed for user: ${user.sub}`);
+                if (this.auditService && this.clientInfoService) {
+                    try {
+                        await this.auditService?.recordEvent({
+                            userId: user.id,
+                            eventType: auth_audit_event_type_enum_1.AuthAuditEventType.MFA_BACKUP_CODE_USED,
+                            eventStatus: 'SUCCESS',
+                            authMethod: 'backup',
+                            metadata: {
+                                remainingCodes: backupCodes.length,
+                            },
+                        });
+                    }
+                    catch (auditError) {
+                        const errorMessage = auditError instanceof Error ? auditError.message : 'Unknown error';
+                        this.logger?.error?.(`Failed to record MFA_BACKUP_CODE_USED audit event: ${errorMessage}`, {
+                            error: auditError,
+                            userId: user.id,
+                        });
+                    }
+                }
+                return true;
+            }
+        }
+        this.logger?.warn?.('Backup code verification failed');
+        return false;
+    }
+    generateRandomCode(length) {
+        const chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789';
+        let code = '';
+        const bytes = (0, crypto_1.randomBytes)(length);
+        for (let i = 0; i < length; i++) {
+            code += chars[bytes[i] % chars.length];
+        }
+        return code;
+    }
+    maskPhone(phone) {
+        const digits = phone.replace(/\D/g, '');
+        if (digits.length < 4)
+            return phone;
+        return `***-***-${digits.slice(-4)}`;
+    }
+    maskEmail(email) {
+        const [localPart, domain] = email.split('@');
+        if (!localPart || !domain)
+            return email;
+        if (localPart.length <= 2) {
+            return `${localPart[0]}***@${domain}`;
+        }
+        return `${localPart[0]}***${localPart[localPart.length - 1]}@${domain}`;
+    }
+    async isMFARequired(user) {
+        const mfaExempt = user.mfaExempt;
+        if (mfaExempt === true || mfaExempt === 1) {
+            return false;
+        }
+        const mfaConfig = this.config.mfa;
+        if (!mfaConfig?.enabled) {
+            return false;
+        }
+        const enforcement = mfaConfig.enforcement || 'OPTIONAL';
+        if (enforcement === 'OPTIONAL') {
+            return false;
+        }
+        if (enforcement === 'REQUIRED' || enforcement === 'ADAPTIVE') {
+            const gracePeriod = mfaConfig.gracePeriod || 7;
+            const gracePeriodEnd = new Date();
+            gracePeriodEnd.setDate(gracePeriodEnd.getDate() - gracePeriod);
+            const userWithDates = user;
+            if (userWithDates.mfaEnforcedAt) {
+                return userWithDates.mfaEnforcedAt <= gracePeriodEnd;
+            }
+            if (userWithDates.createdAt) {
+                return userWithDates.createdAt <= gracePeriodEnd;
+            }
+            return true;
+        }
+        return false;
+    }
+}
+exports.BaseMFAProviderService = BaseMFAProviderService;
+//# sourceMappingURL=mfa-base.service.js.map

package/dist/services/mfa-base.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa-base.service.js","sourceRoot":"","sources":["../../src/services/mfa-base.service.ts"],"names":[],"mappings":";;;AAEA,mCAAqC;AAKrC,oFAAyE;AAEzE,mEAA+D;AAC/D,gEAA0D;AAE1D,8DAA6E;AA8C7E,MAAsB,sBAAsB;IAIrB;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IARrB,YACqB,mBAA8C,EAC9C,cAAoC,EACpC,MAAmB,EACnB,MAAmB,EACnB,eAAyB,EACzB,gBAAmC,EACnC,YAA+B,EAC/B,iBAAqC;QAPrC,wBAAmB,GAAnB,mBAAmB,CAA2B;QAC9C,mBAAc,GAAd,cAAc,CAAsB;QACpC,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAa;QACnB,oBAAe,GAAf,eAAe,CAAU;QACzB,qBAAgB,GAAhB,gBAAgB,CAAmB;QACnC,iBAAY,GAAZ,YAAY,CAAmB;QAC/B,sBAAiB,GAAjB,iBAAiB,CAAoB;IACvD,CAAC;IAOJ,eAAe;QACb,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,cAAc,IAAI,CAAC,GAAG,kCAAgB,CAAC,CAAC;QAChF,OAAO,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,UAA6B,CAAC,CAAC;IACrE,CAAC;IAqBS,KAAK,CAAC,cAAc,CAAC,MAAc;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YAClD,KAAK,EAAE,EAAE,MAAM,EAAE;YACjB,KAAK,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE;SACrB,CAAC,CAAC;QAE9B,OAAO,OAAkC,CAAC;IAC5C,CAAC;IAmCS,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,UAA+B;QAM1E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,EAAE,0BAA0B,EAAE,EAAE;YAGhG,MAAM,0BAA0B;iBAC7B,kBAAkB,EAAE;iBACpB,MAAM,CAAC,SAAS,CAAC;iBACjB,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC;iBACxC,KAAK,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,CAAC;iBACtC,OAAO,CAAC,mBAAmB,CAAC;iBAC5B,MAAM,EAAE,CAAC;YAIZ,MAAM,cAAc,GAAG,MAAM,0BAA0B;iBACpD,aAAa,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC;iBAC9C,kBAAkB,CAAC,QAAQ,CAAC;iBAC5B,KAAK,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,CAAC;iBAC5C,QAAQ,CAAC,qBAAqB,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;iBAC1D,MAAM,EAAE,CAAC;YAEZ,IAAI,cAAc,EAAE,CAAC;gBACnB,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAChB,uBAAuB,IAAI,CAAC,UAAU,6BAA6B,MAAM,6BAA6B,CACvG,CAAC;gBACF,OAAO,cAAuC,CAAC;YACjD,CAAC;YAGD,MAAM,SAAS,GAAG,0BAA0B,CAAC,aAAa,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;gBACjG,MAAM;gBACN,IAAI,EAAE,IAAI,CAAC,UAAU;gBACrB,GAAG,UAAU;aACa,CAAC,CAAC;YAG9B,MAAM,KAAK,GAAG,MAAM,0BAA0B,CAAC,aAAa,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAE9G,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,iCAAiC,IAAI,CAAC,UAAU,aAAa,MAAM,cAAc,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YAEhH,OAAO,KAA8B,CAAC;QACxC,CAAC,CAAC,CAAC;QAKH,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAChD,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC;oBAClC,MAAM;oBACN,SAAS,EAAE,+CAAkB,CAAC,gBAAgB;oBAC9C,WAAW,EAAE,SAAS;oBACtB,QAAQ,EAAE;wBAER,SAAS,EAAE,IAAI,CAAC,UAAU;wBAC1B,QAAQ,EAAE,MAAM,CAAC,EAAE;wBACnB,UAAU,EAAE,MAAM,CAAC,IAAI;wBACvB,SAAS,EAAE,MAAM,CAAC,SAAS;qBAC5B;iBACF,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBAEpB,MAAM,YAAY,GAAG,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBACxF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,kDAAkD,YAAY,EAAE,EAAE;oBACrF,KAAK,EAAE,UAAU;oBACjB,MAAM;oBACN,UAAU,EAAE,IAAI,CAAC,UAAU;iBAC5B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAUS,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,QAAiB;QAC1D,MAAM,KAAK,GAA4B;YACrC,MAAM;YACN,IAAI,EAAE,IAAI,CAAC,UAAU;YACrB,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,IAAI,QAAQ,EAAE,CAAC;YACb,KAAK,CAAC,EAAE,GAAG,QAAQ,CAAC;QACtB,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC;YACpD,KAAK;YACL,KAAK,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE;SACtB,CAAC,CAAC;QAE9B,OAAO,MAAM,CAAC,CAAC,CAAE,MAAgC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC3D,CAAC;IAQS,KAAK,CAAC,iBAAiB,CAAC,QAAgB;QAChD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QACnF,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;YAC/B,MAAM,CAAC,UAAU,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAYS,KAAK,CAAC,gBAAgB,CAAC,IAAW;QAI1C,MAAM,MAAM,GAAI,IAA2C,CAAC,EAAY,CAAC;QACzE,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAChF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,SAAS,EAAE,kCAAkC,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,gBAAgB,GAAG,UAAgD,CAAC;QAC1E,MAAM,aAAa,GAAG,CAAC,gBAAgB,CAAC,UAAU,CAAC;QAEnD,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC;YACjC,gBAAgB,CAAC,UAAU,GAAG,IAAI,CAAC;YACnC,gBAAgB,CAAC,aAAa,GAAG,IAAI,IAAI,EAAE,CAAC;QAC9C,CAAC;QAGD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACnF,gBAAgB,CAAC,UAAU,GAAG,OAAO,CAAC;QAGtC,IAAI,CAAC,gBAAgB,CAAC,kBAAkB,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/D,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC;YACrE,gBAAgB,CAAC,kBAAkB,GAAG,aAAa,EAAE,IAAI,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC;QAC1E,CAAC;QAED,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAiB3C,IAAI,aAAa,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACjE,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC;oBACnC,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,SAAS,EAAE,+CAAkB,CAAC,WAAW;oBACzC,WAAW,EAAE,SAAS;oBACtB,QAAQ,EAAE;wBAER,SAAS,EAAE,IAAI,CAAC,UAAU;wBAC1B,UAAU,EAAE,OAAO;qBACpB;iBACF,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBAEpB,MAAM,YAAY,GAAG,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBACxF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,6CAA6C,YAAY,EAAE,EAAE;oBAChF,KAAK,EAAE,UAAU;oBACjB,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,UAAU,EAAE,IAAI,CAAC,UAAU;iBAC5B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAeD,KAAK,CAAC,mBAAmB,CAAC,IAAW;QACnC,MAAM,UAAU,GAAG,IAA0C,CAAC;QAC9D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC;QACvC,MAAM,SAAS,GAAG,MAAM,EAAE,SAAS,IAAI,EAAE,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,EAAE,UAAU,IAAI,CAAC,CAAC;QAG3C,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;QAGD,IAAI,CAAC,IAAI,CAAC,eAAe,IAAI,OAAQ,IAAI,CAAC,eAA2C,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;YAClH,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,iBAAiB,EAAE,mCAAmC,CAAC,CAAC;QACjG,CAAC;QAGD,MAAM,eAAe,GAAG,IAAI,CAAC,eAA0E,CAAC;QACxG,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAG/F,UAAU,CAAC,WAAW,GAAG,WAAW,CAAC;QACrC,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,aAAa,SAAS,2BAA2B,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAKhF,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAChD,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC;oBACnC,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,SAAS,EAAE,+CAAkB,CAAC,0BAA0B;oBACxD,WAAW,EAAE,MAAM;oBACnB,QAAQ,EAAE;wBAER,SAAS;wBACT,UAAU;qBACX;iBACF,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBAEpB,MAAM,YAAY,GAAG,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBACxF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,4DAA4D,YAAY,EAAE,EAAE;oBAC/F,KAAK,EAAE,UAAU;oBACjB,MAAM,EAAE,IAAI,CAAC,EAAE;iBAChB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAYS,KAAK,CAAC,gBAAgB,CAAC,IAAW,EAAE,IAAY;QACxD,MAAM,UAAU,GAAG,IAA0C,CAAC;QAE9D,MAAM,WAAW,GAAG,UAAU,CAAC,WAAmC,CAAC;QACnE,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,2BAA2B,CAAC,CAAC;YACjD,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,IACE,CAAC,IAAI,CAAC,eAAe;YACrB,OAAQ,IAAI,CAAC,eAA2C,CAAC,cAAc,KAAK,UAAU,EACtF,CAAC;YACD,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,0EAA0E,CAAC,CAAC;YAChG,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,MAAM,eAAe,GAAG,IAAI,CAAC,eAE5B,CAAC;QACF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3E,IAAI,OAAO,EAAE,CAAC;gBAEZ,WAAW,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBACzB,UAAU,CAAC,WAAW,GAAG,WAAW,CAAC;gBACrC,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBAE3C,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,8CAA8C,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBAK7E,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAChD,IAAI,CAAC;wBACH,MAAM,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC;4BACnC,MAAM,EAAE,IAAI,CAAC,EAAE;4BACf,SAAS,EAAE,+CAAkB,CAAC,oBAAoB;4BAClD,WAAW,EAAE,SAAS;4BACtB,UAAU,EAAE,QAAQ;4BACpB,QAAQ,EAAE;gCAER,cAAc,EAAE,WAAW,CAAC,MAAM;6BACnC;yBACF,CAAC,CAAC;oBACL,CAAC;oBAAC,OAAO,UAAU,EAAE,CAAC;wBAEpB,MAAM,YAAY,GAAG,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;wBACxF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,sDAAsD,YAAY,EAAE,EAAE;4BACzF,KAAK,EAAE,UAAU;4BACjB,MAAM,EAAE,IAAI,CAAC,EAAE;yBAChB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,iCAAiC,CAAC,CAAC;QACvD,OAAO,KAAK,CAAC;IACf,CAAC;IAaS,kBAAkB,CAAC,MAAc;QACzC,MAAM,KAAK,GAAG,kCAAkC,CAAC;QACjD,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,MAAM,KAAK,GAAG,IAAA,oBAAW,EAAC,MAAM,CAAC,CAAC;QAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChC,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IASS,SAAS,CAAC,KAAa;QAC/B,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACxC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QACpC,OAAO,WAAW,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACvC,CAAC;IAkBS,SAAS,CAAC,KAAa;QAC/B,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACxC,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC1B,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,OAAO,MAAM,EAAE,CAAC;QACxC,CAAC;QACD,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC;IAC1E,CAAC;IAiBS,KAAK,CAAC,aAAa,CAAC,IAAW;QAOvC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAEjC,IAAI,SAAS,KAAK,IAAI,IAAK,SAAqB,KAAK,CAAC,EAAE,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;QAElC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,WAAW,GAAG,SAAS,CAAC,WAAW,IAAI,UAAU,CAAC;QAExD,IAAI,WAAW,KAAK,UAAU,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,WAAW,KAAK,UAAU,IAAI,WAAW,KAAK,UAAU,EAAE,CAAC;YAE7D,MAAM,WAAW,GAAG,SAAS,CAAC,WAAW,IAAI,CAAC,CAAC;YAC/C,MAAM,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC;YAClC,cAAc,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,EAAE,GAAG,WAAW,CAAC,CAAC;YAG/D,MAAM,aAAa,GAAG,IAAyD,CAAC;YAChF,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;gBAChC,OAAO,aAAa,CAAC,aAAa,IAAI,cAAc,CAAC;YACvD,CAAC;YAGD,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;gBAC5B,OAAO,aAAa,CAAC,SAAS,IAAI,cAAc,CAAC;YACnD,CAAC;YAGD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAxiBD,wDAwiBC"}