@nauth-toolkit/core 0.1.13 → 0.1.17

package/dist/dto/verify-email.dto.js

@@ -12,9 +12,52 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.VerifyEmailResponseDTO = exports.ResendVerificationEmailResponseDTO = exports.ResendVerificationEmailDTO = exports.SendVerificationEmailResponseDTO = exports.SendVerificationEmailDTO = exports.VerifyEmailWithTokenDTO = exports.VerifyEmailWithCodeDTO = void 0;
 const class_validator_1 = require("class-validator");
 const class_transformer_1 = require("class-transformer");
+/**
+ * DTO for verifying email with code (6-digit OTP)
+ *
+ * Security:
+ * - Email must be valid format and match DB limits
+ * - Code must be exactly 6 digits (no more, no less)
+ * - All fields are required (no optional fields to prevent attacks)
+ * - Input sanitization applied automatically
+ */
 class VerifyEmailWithCodeDTO {
+    /**
+     * User's email address
+     * Must match the email used during signup
+     *
+     * Validation:
+     * - Valid email format (RFC 5322)
+     * - Max 255 characters (matches DB column limit)
+     * - Automatically trimmed and lowercased
+     *
+     * Sanitization:
+     * - Removes leading/trailing whitespace
+     * - Converts to lowercase for case-insensitive matching
+     */
     email;
+    /**
+     * 6-digit verification code from email
+     *
+     * Validation:
+     * - Must be numeric string (digits only)
+     * - Exactly 6 characters long
+     * - Fixed length prevents timing attacks
+     *
+     * Sanitization:
+     * - Removes all whitespace (users might copy "123 456")
+     * - Removes non-digit characters
+     */
     code;
+    /**
+     * Challenge session ID (internal use)
+     * Optional - used internally to link verification to specific challenge session.
+     * Provides security by ensuring codes are only valid for the session they were created for.
+     *
+     * Validation:
+     * - Must be a positive integer if provided
+     * - Optional (for backward compatibility and direct verification flows)
+     */
     challengeSessionId;
 }
 exports.VerifyEmailWithCodeDTO = VerifyEmailWithCodeDTO;
@@ -34,8 +77,9 @@ __decorate([
     (0, class_validator_1.MaxLength)(6, { message: 'Verification code must be exactly 6 digits' }),
     (0, class_transformer_1.Transform)(({ value }) => {
         if (typeof value === 'string') {
+            // Remove all whitespace and non-digit characters, then validate length
             const cleaned = value.replace(/\D/g, '');
-            return cleaned.length === 6 ? cleaned : value;
+            return cleaned.length === 6 ? cleaned : value; // Return original if not 6 digits (let validator catch it)
         }
         return value;
     }),
@@ -47,7 +91,28 @@ __decorate([
     (0, class_validator_1.Min)(1, { message: 'challengeSessionId must be a positive integer' }),
     __metadata("design:type", Number)
 ], VerifyEmailWithCodeDTO.prototype, "challengeSessionId", void 0);
+/**
+ * DTO for verifying email with URL token
+ *
+ * Security:
+ * - Token must be valid hex format
+ * - Exact length enforced (64 chars = 32 bytes SHA-256 hash)
+ * - No SQL injection or XSS possible
+ * - Input sanitization prevents malformed tokens
+ */
 class VerifyEmailWithTokenDTO {
+    /**
+     * Verification token from email link
+     *
+     * Validation:
+     * - Exactly 64 hexadecimal characters (SHA-256 hash output)
+     * - Only 0-9 and a-f characters allowed
+     * - Case-insensitive
+     *
+     * Sanitization:
+     * - Removes whitespace
+     * - Converts to lowercase for consistent hashing
+     */
     token;
 }
 exports.VerifyEmailWithTokenDTO = VerifyEmailWithTokenDTO;
@@ -65,10 +130,55 @@ __decorate([
     }),
     __metadata("design:type", String)
 ], VerifyEmailWithTokenDTO.prototype, "token", void 0);
+/**
+ * DTO for sending a verification email
+ *
+ * Security:
+ * - User sub validated as UUID v4
+ * - BaseURL validated as max length
+ * - Skip flag is boolean (prevents injection)
+ */
 class SendVerificationEmailDTO {
+    /**
+     * User identifier (UUID v4)
+     *
+     * Validation:
+     * - Must be valid UUID v4 format
+     *
+     * Sanitization:
+     * - Trimmed and lowercased
+     */
     sub;
+    /**
+     * Base URL for verification link (optional)
+     *
+     * Validation:
+     * - Must be valid URL format (http:// or https://)
+     * - Max 2048 characters (typical URL length limit)
+     * - Optional field
+     *
+     * Sanitization:
+     * - Trimmed
+     */
     baseUrl;
+    /**
+     * Skip the "already verified" check
+     * Used for MFA contexts where codes are needed even if email is verified
+     *
+     * Validation:
+     * - Must be boolean
+     * - Optional (defaults to false)
+     */
     skipAlreadyVerifiedCheck;
+    /**
+     * Challenge session ID to link this verification token to
+     * Optional - for linking verification tokens to specific challenge sessions.
+     * Provides security by preventing old tokens from being used with new sessions.
+     *
+     * Validation:
+     * - Must be a positive integer
+     * - Optional (for backward compatibility and non-challenge flows like password reset)
+     */
     challengeSessionId;
 }
 exports.SendVerificationEmailDTO = SendVerificationEmailDTO;
@@ -105,13 +215,63 @@ __decorate([
     (0, class_validator_1.Min)(1, { message: 'challengeSessionId must be a positive integer' }),
     __metadata("design:type", Number)
 ], SendVerificationEmailDTO.prototype, "challengeSessionId", void 0);
+/**
+ * Response DTO for sendVerificationEmail
+ */
 class SendVerificationEmailResponseDTO {
+    /**
+     * Verification token ID (internal integer)
+     */
     tokenId;
 }
 exports.SendVerificationEmailResponseDTO = SendVerificationEmailResponseDTO;
+/**
+ * DTO for requesting a verification email resend
+ *
+ * Supports both overload patterns:
+ * 1. Resend by user sub (string)
+ * 2. Resend by email address (object with email property)
+ *
+ * Security:
+ * - Either sub or email must be provided (conditional validation)
+ * - Rate limiting applied in service layer
+ * - Input sanitization prevents abuse
+ */
 class ResendVerificationEmailDTO {
+    /**
+     * User identifier (UUID v4) - optional if email provided
+     *
+     * Validation:
+     * - Must be valid UUID v4 format if provided
+     * - Required if email is not provided
+     *
+     * Sanitization:
+     * - Trimmed and lowercased
+     */
     sub;
+    /**
+     * User's email address - optional if sub provided
+     *
+     * Validation:
+     * - Valid email format if provided
+     * - Max 255 characters (DB limit)
+     * - Required if sub is not provided
+     *
+     * Sanitization:
+     * - Trimmed and lowercased
+     */
     email;
+    /**
+     * Base URL for verification link (optional)
+     *
+     * Validation:
+     * - Must be valid URL format (http:// or https://)
+     * - Max 2048 characters
+     * - Optional field
+     *
+     * Sanitization:
+     * - Trimmed
+     */
     baseUrl;
 }
 exports.ResendVerificationEmailDTO = ResendVerificationEmailDTO;
@@ -150,11 +310,23 @@ __decorate([
     }),
     __metadata("design:type", String)
 ], ResendVerificationEmailDTO.prototype, "baseUrl", void 0);
+/**
+ * Response DTO for resendVerificationEmail
+ */
 class ResendVerificationEmailResponseDTO {
+    /**
+     * Verification token ID (internal integer)
+     */
     tokenId;
 }
 exports.ResendVerificationEmailResponseDTO = ResendVerificationEmailResponseDTO;
+/**
+ * Response DTO for verifyEmailWithCode and verifyEmailWithToken
+ */
 class VerifyEmailResponseDTO {
+    /**
+     * Success message
+     */
     message;
 }
 exports.VerifyEmailResponseDTO = VerifyEmailResponseDTO;

package/dist/dto/verify-email.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"verify-email.dto.js","sourceRoot":"","sources":["../../src/dto/verify-email.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAayB;AACzB,yDAA8C;AAW9C,MAAa,sBAAsB;IAsBjC,KAAK,CAAU;IAwBf,IAAI,CAAU;IAcd,kBAAkB,CAAU;CAC7B;AA7DD,wDA6DC;AAvCC;IARC,IAAA,yBAAO,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAChD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACa;AAwBf;IAVC,IAAA,gCAAc,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC;IAC7E,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC;IACvE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAE9B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACzC,OAAO,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;QAChD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;oDACY;AAcd;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IAC3D,IAAA,qBAAG,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;;kEACzC;AAY9B,MAAa,uBAAuB;IAwBlC,KAAK,CAAU;CAChB;AAzBD,0DAyBC;AADC;IAXC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,wBAAM,EAAC,EAAE,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IACnD,IAAA,yBAAO,EAAC,iBAAiB,EAAE;QAC1B,OAAO,EAAE,0CAA0C;KACpD,CAAC;IACD,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACa;AAWjB,MAAa,wBAAwB;IAiBnC,GAAG,CAAU;IAyBb,OAAO,CAAU;IAYjB,wBAAwB,CAAW;IAcnC,kBAAkB,CAAU;CAC7B;AArED,4DAqEC;AApDC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACW;AAyBb;IAZC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EACJ,EAAE,gBAAgB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EACxD,EAAE,OAAO,EAAE,uDAAuD,EAAE,CACrE;IACA,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACe;AAYjB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC;;0EAClC;AAcnC;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IAC3D,IAAA,qBAAG,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;;oEACzC;AAM9B,MAAa,gCAAgC;IAI3C,OAAO,CAAU;CAClB;AALD,4EAKC;AAcD,MAAa,0BAA0B;IAmBrC,GAAG,CAAU;IAsBb,KAAK,CAAU;IAyBf,OAAO,CAAU;CAClB;AAnED,gEAmEC;AAhDC;IARC,IAAA,4BAAU,GAAE;IACZ,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;uDACW;AAsBb;IATC,IAAA,4BAAU,GAAE;IACZ,IAAA,yBAAO,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAChD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACa;AAyBf;IAZC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EACJ,EAAE,gBAAgB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EACxD,EAAE,OAAO,EAAE,uDAAuD,EAAE,CACrE;IACA,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;2DACe;AAMnB,MAAa,kCAAkC;IAI7C,OAAO,CAAU;CAClB;AALD,gFAKC;AAKD,MAAa,sBAAsB;IAIjC,OAAO,CAAU;CAClB;AALD,wDAKC"}
+{"version":3,"file":"verify-email.dto.js","sourceRoot":"","sources":["../../src/dto/verify-email.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAayB;AACzB,yDAA8C;AAE9C;;;;;;;;GAQG;AACH,MAAa,sBAAsB;IACjC;;;;;;;;;;;;OAYG;IASH,KAAK,CAAU;IAEf;;;;;;;;;;;OAWG;IAWH,IAAI,CAAU;IAEd;;;;;;;;OAQG;IAIH,kBAAkB,CAAU;CAC7B;AA7DD,wDA6DC;AAvCC;IARC,IAAA,yBAAO,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAChD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACa;AAwBf;IAVC,IAAA,gCAAc,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC;IAC7E,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC;IACvE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,uEAAuE;YACvE,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACzC,OAAO,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,2DAA2D;QAC5G,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;oDACY;AAcd;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IAC3D,IAAA,qBAAG,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;;kEACzC;AAG9B;;;;;;;;GAQG;AACH,MAAa,uBAAuB;IAClC;;;;;;;;;;;OAWG;IAYH,KAAK,CAAU;CAChB;AAzBD,0DAyBC;AADC;IAXC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,wBAAM,EAAC,EAAE,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IACnD,IAAA,yBAAO,EAAC,iBAAiB,EAAE;QAC1B,OAAO,EAAE,0CAA0C;KACpD,CAAC;IACD,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACa;AAGjB;;;;;;;GAOG;AACH,MAAa,wBAAwB;IACnC;;;;;;;;OAQG;IAQH,GAAG,CAAU;IAEb;;;;;;;;;;OAUG;IAaH,OAAO,CAAU;IAEjB;;;;;;;OAOG;IAGH,wBAAwB,CAAW;IAEnC;;;;;;;;OAQG;IAIH,kBAAkB,CAAU;CAC7B;AArED,4DAqEC;AApDC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACW;AAyBb;IAZC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EACJ,EAAE,gBAAgB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EACxD,EAAE,OAAO,EAAE,uDAAuD,EAAE,CACrE;IACA,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACe;AAYjB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC;;0EAClC;AAcnC;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IAC3D,IAAA,qBAAG,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;;oEACzC;AAG9B;;GAEG;AACH,MAAa,gCAAgC;IAC3C;;OAEG;IACH,OAAO,CAAU;CAClB;AALD,4EAKC;AAED;;;;;;;;;;;GAWG;AACH,MAAa,0BAA0B;IACrC;;;;;;;;;OASG;IASH,GAAG,CAAU;IAEb;;;;;;;;;;OAUG;IAUH,KAAK,CAAU;IAEf;;;;;;;;;;OAUG;IAaH,OAAO,CAAU;CAClB;AAnED,gEAmEC;AAhDC;IARC,IAAA,4BAAU,GAAE;IACZ,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;uDACW;AAsBb;IATC,IAAA,4BAAU,GAAE;IACZ,IAAA,yBAAO,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAChD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACa;AAyBf;IAZC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EACJ,EAAE,gBAAgB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EACxD,EAAE,OAAO,EAAE,uDAAuD,EAAE,CACrE;IACA,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;2DACe;AAGnB;;GAEG;AACH,MAAa,kCAAkC;IAC7C;;OAEG;IACH,OAAO,CAAU;CAClB;AALD,gFAKC;AAED;;GAEG;AACH,MAAa,sBAAsB;IACjC;;OAEG;IACH,OAAO,CAAU;CAClB;AALD,wDAKC"}

package/dist/dto/verify-mfa-code.dto.d.ts

@@ -1,10 +1,75 @@
+/**
+ * DTO for verifying MFA code
+ *
+ * Used to verify MFA code using the appropriate provider.
+ * Routes verification to the correct provider based on method name.
+ *
+ * @example
+ * ```typescript
+ * const isValid = await mfaService.verifyCode({
+ *   sub: 'user-uuid',
+ *   methodName: 'totp',
+ *   code: '123456',
+ *   deviceId: 1
+ * });
+ * ```
+ */
+/**
+ * DTO for verifying MFA code
+ */
 export declare class VerifyMFACodeDTO {
+    /**
+     * User's unique identifier (UUID v4)
+     *
+     * Validation:
+     * - Must be a valid UUID v4 format
+     * - Matches DB constraint: char(36) or uuid
+     *
+     * Sanitization:
+     * - Trimmed
+     * - Lowercased for consistency
+     *
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
+     */
     sub: string;
+    /**
+     * MFA method name
+     *
+     * Validation:
+     * - Must be one of: totp, sms, email, passkey, backup
+     * - Max 50 characters
+     *
+     * Sanitization:
+     * - Trimmed and lowercased
+     *
+     * @example "totp"
+     */
     methodName: string;
+    /**
+     * Verification code or credential (provider-specific)
+     *
+     * Validation:
+     * - Must be a string or object depending on method
+     * - For TOTP/SMS/Email: string code
+     * - For Passkey: credential object
+     * - For Backup: string code
+     */
     code: string | Record<string, unknown>;
+    /**
+     * Optional device ID
+     *
+     * Validation:
+     * - Must be a positive integer if provided
+     */
     deviceId?: number;
 }
+/**
+ * Response DTO for MFA code verification
+ */
 export declare class VerifyMFACodeResponseDTO {
+    /**
+     * Whether verification succeeded
+     */
     valid: boolean;
 }
 //# sourceMappingURL=verify-mfa-code.dto.d.ts.map

package/dist/dto/verify-mfa-code.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"verify-mfa-code.dto.d.ts","sourceRoot":"","sources":["../../src/dto/verify-mfa-code.dto.ts"],"names":[],"mappings":"AAwBA,qBAAa,gBAAgB;IAqB3B,GAAG,EAAG,MAAM,CAAC;IAyBb,UAAU,EAAG,MAAM,CAAC;IAWpB,IAAI,EAAG,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAUxC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAKD,qBAAa,wBAAwB;IAInC,KAAK,EAAG,OAAO,CAAC;CACjB"}
+{"version":3,"file":"verify-mfa-code.dto.d.ts","sourceRoot":"","sources":["../../src/dto/verify-mfa-code.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAMH;;GAEG;AACH,qBAAa,gBAAgB;IAC3B;;;;;;;;;;;;OAYG;IAQH,GAAG,EAAG,MAAM,CAAC;IAEb;;;;;;;;;;;OAWG;IAYH,UAAU,EAAG,MAAM,CAAC;IAEpB;;;;;;;;OAQG;IACH,IAAI,EAAG,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAExC;;;;;OAKG;IAGH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,wBAAwB;IACnC;;OAEG;IACH,KAAK,EAAG,OAAO,CAAC;CACjB"}

package/dist/dto/verify-mfa-code.dto.js

@@ -1,4 +1,20 @@
 "use strict";
+/**
+ * DTO for verifying MFA code
+ *
+ * Used to verify MFA code using the appropriate provider.
+ * Routes verification to the correct provider based on method name.
+ *
+ * @example
+ * ```typescript
+ * const isValid = await mfaService.verifyCode({
+ *   sub: 'user-uuid',
+ *   methodName: 'totp',
+ *   code: '123456',
+ *   deviceId: 1
+ * });
+ * ```
+ */
 var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
     if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -13,10 +29,53 @@ exports.VerifyMFACodeResponseDTO = exports.VerifyMFACodeDTO = void 0;
 const class_validator_1 = require("class-validator");
 const class_transformer_1 = require("class-transformer");
 const mfa_method_enum_1 = require("../enums/mfa-method.enum");
+/**
+ * DTO for verifying MFA code
+ */
 class VerifyMFACodeDTO {
+    /**
+     * User's unique identifier (UUID v4)
+     *
+     * Validation:
+     * - Must be a valid UUID v4 format
+     * - Matches DB constraint: char(36) or uuid
+     *
+     * Sanitization:
+     * - Trimmed
+     * - Lowercased for consistency
+     *
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
+     */
     sub;
+    /**
+     * MFA method name
+     *
+     * Validation:
+     * - Must be one of: totp, sms, email, passkey, backup
+     * - Max 50 characters
+     *
+     * Sanitization:
+     * - Trimmed and lowercased
+     *
+     * @example "totp"
+     */
     methodName;
+    /**
+     * Verification code or credential (provider-specific)
+     *
+     * Validation:
+     * - Must be a string or object depending on method
+     * - For TOTP/SMS/Email: string code
+     * - For Passkey: credential object
+     * - For Backup: string code
+     */
     code;
+    /**
+     * Optional device ID
+     *
+     * Validation:
+     * - Must be a positive integer if provided
+     */
     deviceId;
 }
 exports.VerifyMFACodeDTO = VerifyMFACodeDTO;
@@ -49,7 +108,13 @@ __decorate([
     (0, class_validator_1.IsInt)({ message: 'Device ID must be a number' }),
     __metadata("design:type", Number)
 ], VerifyMFACodeDTO.prototype, "deviceId", void 0);
+/**
+ * Response DTO for MFA code verification
+ */
 class VerifyMFACodeResponseDTO {
+    /**
+     * Whether verification succeeded
+     */
     valid;
 }
 exports.VerifyMFACodeResponseDTO = VerifyMFACodeResponseDTO;

package/dist/dto/verify-mfa-code.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"verify-mfa-code.dto.js","sourceRoot":"","sources":["../../src/dto/verify-mfa-code.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAiBA,qDAAyF;AACzF,yDAA8C;AAC9C,8DAAqD;AAKrD,MAAa,gBAAgB;IAqB3B,GAAG,CAAU;IAyBb,UAAU,CAAU;IAWpB,IAAI,CAAoC;IAUxC,QAAQ,CAAU;CACnB;AApED,4CAoEC;AA/CC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;6CACW;AAyBb;IAXC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IACrD,IAAA,wBAAM,EAAC,CAAC,2BAAS,CAAC,IAAI,EAAE,2BAAS,CAAC,GAAG,EAAE,2BAAS,CAAC,KAAK,EAAE,2BAAS,CAAC,OAAO,EAAE,2BAAS,CAAC,MAAM,CAAC,EAAE;QAC7F,OAAO,EAAE,+DAA+D;KACzE,CAAC;IACD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACvE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;oDACkB;AAqBpB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EAAC,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC;;kDAC/B;AAMpB,MAAa,wBAAwB;IAInC,KAAK,CAAW;CACjB;AALD,4DAKC"}
+{"version":3,"file":"verify-mfa-code.dto.js","sourceRoot":"","sources":["../../src/dto/verify-mfa-code.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;AAEH,qDAAyF;AACzF,yDAA8C;AAC9C,8DAAqD;AAErD;;GAEG;AACH,MAAa,gBAAgB;IAC3B;;;;;;;;;;;;OAYG;IAQH,GAAG,CAAU;IAEb;;;;;;;;;;;OAWG;IAYH,UAAU,CAAU;IAEpB;;;;;;;;OAQG;IACH,IAAI,CAAoC;IAExC;;;;;OAKG;IAGH,QAAQ,CAAU;CACnB;AApED,4CAoEC;AA/CC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;6CACW;AAyBb;IAXC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IACrD,IAAA,wBAAM,EAAC,CAAC,2BAAS,CAAC,IAAI,EAAE,2BAAS,CAAC,GAAG,EAAE,2BAAS,CAAC,KAAK,EAAE,2BAAS,CAAC,OAAO,EAAE,2BAAS,CAAC,MAAM,CAAC,EAAE;QAC7F,OAAO,EAAE,+DAA+D;KACzE,CAAC;IACD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACvE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;oDACkB;AAqBpB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EAAC,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC;;kDAC/B;AAGpB;;GAEG;AACH,MAAa,wBAAwB;IACnC;;OAEG;IACH,KAAK,CAAW;CACjB;AALD,4DAKC"}

package/dist/dto/verify-phone-by-sub.dto.d.ts

@@ -1,6 +1,55 @@
+/**
+ * Verify Phone with Code by User Sub DTO
+ *
+ * Used for phone verification with 6-digit OTP code when allowing duplicate phones.
+ * Requires user sub to identify which user's phone to verify.
+ *
+ * Security:
+ * - UUID format validated (prevents injection)
+ * - Code format validated (6 digits)
+ *
+ * @example
+ * ```typescript
+ * POST /auth/verify-phone/verify-by-sub
+ * {
+ *   "sub": "a21b654c-2746-4168-acee-c175083a65cd",
+ *   "code": "123456"
+ * }
+ * ```
+ */
 export declare class VerifyPhoneWithCodeBySubDTO {
+    /**
+     * User's external identifier (sub/UUID v4)
+     *
+     * Validation:
+     * - Must be a valid UUID v4 format
+     * - Matches DB constraint: char(36) or uuid
+     *
+     * Sanitization:
+     * - Trimmed and lowercased for consistency
+     *
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
+     */
     sub: string;
+    /**
+     * 6-digit verification code
+     *
+     * Validation:
+     * - Must be a numeric string
+     * - Exactly 6 digits
+     *
+     * @example "123456"
+     */
     code: string;
+    /**
+     * Challenge session ID (internal use)
+     * Optional - used internally to link verification to specific challenge session.
+     * Provides security by ensuring codes are only valid for the session they were created for.
+     *
+     * Validation:
+     * - Must be a positive integer if provided
+     * - Optional (for backward compatibility and direct verification flows)
+     */
     challengeSessionId?: number;
 }
 //# sourceMappingURL=verify-phone-by-sub.dto.d.ts.map

package/dist/dto/verify-phone-by-sub.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"verify-phone-by-sub.dto.d.ts","sourceRoot":"","sources":["../../src/dto/verify-phone-by-sub.dto.ts"],"names":[],"mappings":"AAsBA,qBAAa,2BAA2B;IAoBtC,GAAG,EAAG,MAAM,CAAC;IAoBb,IAAI,EAAG,MAAM,CAAC;IAcd,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B"}
+{"version":3,"file":"verify-phone-by-sub.dto.d.ts","sourceRoot":"","sources":["../../src/dto/verify-phone-by-sub.dto.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,2BAA2B;IACtC;;;;;;;;;;;OAWG;IAQH,GAAG,EAAG,MAAM,CAAC;IAEb;;;;;;;;OAQG;IAUH,IAAI,EAAG,MAAM,CAAC;IAEd;;;;;;;;OAQG;IAIH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B"}

package/dist/dto/verify-phone-by-sub.dto.js

@@ -12,9 +12,58 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.VerifyPhoneWithCodeBySubDTO = void 0;
 const class_validator_1 = require("class-validator");
 const class_transformer_1 = require("class-transformer");
+/**
+ * Verify Phone with Code by User Sub DTO
+ *
+ * Used for phone verification with 6-digit OTP code when allowing duplicate phones.
+ * Requires user sub to identify which user's phone to verify.
+ *
+ * Security:
+ * - UUID format validated (prevents injection)
+ * - Code format validated (6 digits)
+ *
+ * @example
+ * ```typescript
+ * POST /auth/verify-phone/verify-by-sub
+ * {
+ *   "sub": "a21b654c-2746-4168-acee-c175083a65cd",
+ *   "code": "123456"
+ * }
+ * ```
+ */
 class VerifyPhoneWithCodeBySubDTO {
+    /**
+     * User's external identifier (sub/UUID v4)
+     *
+     * Validation:
+     * - Must be a valid UUID v4 format
+     * - Matches DB constraint: char(36) or uuid
+     *
+     * Sanitization:
+     * - Trimmed and lowercased for consistency
+     *
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
+     */
     sub;
+    /**
+     * 6-digit verification code
+     *
+     * Validation:
+     * - Must be a numeric string
+     * - Exactly 6 digits
+     *
+     * @example "123456"
+     */
     code;
+    /**
+     * Challenge session ID (internal use)
+     * Optional - used internally to link verification to specific challenge session.
+     * Provides security by ensuring codes are only valid for the session they were created for.
+     *
+     * Validation:
+     * - Must be a positive integer if provided
+     * - Optional (for backward compatibility and direct verification flows)
+     */
     challengeSessionId;
 }
 exports.VerifyPhoneWithCodeBySubDTO = VerifyPhoneWithCodeBySubDTO;

package/dist/dto/verify-phone-by-sub.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"verify-phone-by-sub.dto.js","sourceRoot":"","sources":["../../src/dto/verify-phone-by-sub.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAyF;AACzF,yDAA8C;AAqB9C,MAAa,2BAA2B;IAoBtC,GAAG,CAAU;IAoBb,IAAI,CAAU;IAcd,kBAAkB,CAAU;CAC7B;AAvDD,kEAuDC;AAnCC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,oCAAoC,EAAE,CAAC;IAC9D,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;wDACW;AAoBb;IATC,IAAA,gCAAc,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IAChE,IAAA,wBAAM,EAAC,CAAC,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IAC1D,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACzC,OAAO,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;QAChD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACY;AAcd;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IAC3D,IAAA,qBAAG,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;;uEACzC"}
+{"version":3,"file":"verify-phone-by-sub.dto.js","sourceRoot":"","sources":["../../src/dto/verify-phone-by-sub.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAyF;AACzF,yDAA8C;AAE9C;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAa,2BAA2B;IACtC;;;;;;;;;;;OAWG;IAQH,GAAG,CAAU;IAEb;;;;;;;;OAQG;IAUH,IAAI,CAAU;IAEd;;;;;;;;OAQG;IAIH,kBAAkB,CAAU;CAC7B;AAvDD,kEAuDC;AAnCC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,oCAAoC,EAAE,CAAC;IAC9D,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;wDACW;AAoBb;IATC,IAAA,gCAAc,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IAChE,IAAA,wBAAM,EAAC,CAAC,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IAC1D,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACzC,OAAO,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;QAChD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACY;AAcd;IAHC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IAC3D,IAAA,qBAAG,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;;uEACzC"}