@nauth-toolkit/mfa-passkey 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +90 -0
- package/README.md +30 -0
- package/dist/nestjs/index.d.ts +5 -0
- package/dist/nestjs/index.d.ts.map +1 -0
- package/dist/nestjs/index.js +23 -0
- package/dist/nestjs/index.js.map +1 -0
- package/dist/nestjs/passkey-mfa.module.d.ts +10 -0
- package/dist/nestjs/passkey-mfa.module.d.ts.map +1 -0
- package/dist/nestjs/passkey-mfa.module.js +66 -0
- package/dist/nestjs/passkey-mfa.module.js.map +1 -0
- package/dist/src/dto/mfa.dto.d.ts +143 -0
- package/dist/src/dto/mfa.dto.d.ts.map +1 -0
- package/dist/src/dto/mfa.dto.js +3 -0
- package/dist/src/dto/mfa.dto.js.map +1 -0
- package/dist/src/index.d.ts +4 -0
- package/dist/src/index.d.ts.map +1 -0
- package/dist/src/index.js +23 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/passkey-mfa-provider.service.d.ts +15 -0
- package/dist/src/passkey-mfa-provider.service.d.ts.map +1 -0
- package/dist/src/passkey-mfa-provider.service.js +137 -0
- package/dist/src/passkey-mfa-provider.service.js.map +1 -0
- package/dist/src/passkey.service.d.ts +26 -0
- package/dist/src/passkey.service.d.ts.map +1 -0
- package/dist/src/passkey.service.js +222 -0
- package/dist/src/passkey.service.js.map +1 -0
- package/dist/tsconfig.tsbuildinfo +1 -0
- package/package.json +59 -0
|
@@ -0,0 +1,222 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.PasskeyService = void 0;
|
|
4
|
+
const server_1 = require("@simplewebauthn/server");
|
|
5
|
+
const core_1 = require("@nauth-toolkit/core");
|
|
6
|
+
class PasskeyService {
|
|
7
|
+
config;
|
|
8
|
+
logger;
|
|
9
|
+
defaultConfig = {
|
|
10
|
+
timeout: 60000,
|
|
11
|
+
userVerification: 'preferred',
|
|
12
|
+
};
|
|
13
|
+
constructor(config, logger) {
|
|
14
|
+
this.config = config;
|
|
15
|
+
this.logger = logger;
|
|
16
|
+
}
|
|
17
|
+
getPasskeyConfig() {
|
|
18
|
+
const passkeyConfig = this.config.mfa?.passkey;
|
|
19
|
+
if (!passkeyConfig?.rpName || !passkeyConfig?.rpId) {
|
|
20
|
+
throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Passkey configuration (rpName, rpId) is required');
|
|
21
|
+
}
|
|
22
|
+
let origin = passkeyConfig.origin;
|
|
23
|
+
if (!origin) {
|
|
24
|
+
origin = passkeyConfig.rpId === 'localhost' ? 'http://localhost:4200' : `https://${passkeyConfig.rpId}`;
|
|
25
|
+
}
|
|
26
|
+
return {
|
|
27
|
+
...this.defaultConfig,
|
|
28
|
+
...passkeyConfig,
|
|
29
|
+
origin,
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
async generateRegistrationOptions(userId, userEmail, userName, existingDevices = []) {
|
|
33
|
+
this.logger?.log?.(`Generating passkey registration options for user: ${userEmail}`);
|
|
34
|
+
const passkeyConfig = this.getPasskeyConfig();
|
|
35
|
+
const excludeCredentials = existingDevices
|
|
36
|
+
.filter((device) => device.type === core_1.MFAMethod.PASSKEY && device.isActive && device.credentialId)
|
|
37
|
+
.map((device) => ({
|
|
38
|
+
id: device.credentialId,
|
|
39
|
+
type: 'public-key',
|
|
40
|
+
transports: device.transports || undefined,
|
|
41
|
+
}));
|
|
42
|
+
const options = await (0, server_1.generateRegistrationOptions)({
|
|
43
|
+
rpName: passkeyConfig.rpName,
|
|
44
|
+
rpID: passkeyConfig.rpId,
|
|
45
|
+
userID: new TextEncoder().encode(userId),
|
|
46
|
+
userName: userEmail,
|
|
47
|
+
userDisplayName: userName || userEmail,
|
|
48
|
+
timeout: passkeyConfig.timeout,
|
|
49
|
+
attestationType: 'none',
|
|
50
|
+
excludeCredentials: excludeCredentials.length > 0 ? excludeCredentials : undefined,
|
|
51
|
+
authenticatorSelection: {
|
|
52
|
+
authenticatorAttachment: passkeyConfig.authenticatorAttachment,
|
|
53
|
+
requireResidentKey: false,
|
|
54
|
+
userVerification: passkeyConfig.userVerification,
|
|
55
|
+
},
|
|
56
|
+
supportedAlgorithmIDs: [-7, -257],
|
|
57
|
+
});
|
|
58
|
+
this.logger?.log?.(`Passkey registration options generated for: ${userEmail}`);
|
|
59
|
+
return {
|
|
60
|
+
options: options,
|
|
61
|
+
};
|
|
62
|
+
}
|
|
63
|
+
async verifyRegistration(credential, expectedChallenge, transports) {
|
|
64
|
+
this.logger?.log?.('Verifying passkey registration');
|
|
65
|
+
const passkeyConfig = this.getPasskeyConfig();
|
|
66
|
+
let verification;
|
|
67
|
+
try {
|
|
68
|
+
verification = await (0, server_1.verifyRegistrationResponse)({
|
|
69
|
+
response: credential,
|
|
70
|
+
expectedChallenge,
|
|
71
|
+
expectedOrigin: Array.isArray(passkeyConfig.origin) ? passkeyConfig.origin : [passkeyConfig.origin],
|
|
72
|
+
expectedRPID: passkeyConfig.rpId,
|
|
73
|
+
requireUserVerification: passkeyConfig.userVerification === 'required',
|
|
74
|
+
});
|
|
75
|
+
}
|
|
76
|
+
catch (error) {
|
|
77
|
+
const errorMessage = error instanceof Error ? error.message : 'Unknown error';
|
|
78
|
+
this.logger?.error?.('Passkey registration verification failed', {
|
|
79
|
+
error: errorMessage,
|
|
80
|
+
expectedRPID: passkeyConfig.rpId,
|
|
81
|
+
expectedOrigins: Array.isArray(passkeyConfig.origin) ? passkeyConfig.origin : [passkeyConfig.origin],
|
|
82
|
+
});
|
|
83
|
+
throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, `Failed to verify passkey registration: ${errorMessage}`);
|
|
84
|
+
}
|
|
85
|
+
if (!verification.verified || !verification.registrationInfo) {
|
|
86
|
+
throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Passkey registration failed verification');
|
|
87
|
+
}
|
|
88
|
+
const { credentialID, credentialPublicKey, counter } = verification.registrationInfo;
|
|
89
|
+
let finalTransports = transports || [];
|
|
90
|
+
if (finalTransports.length === 0) {
|
|
91
|
+
const verifUnknown = verification;
|
|
92
|
+
const regInfo = verifUnknown.registrationInfo;
|
|
93
|
+
if (regInfo.transports && Array.isArray(regInfo.transports)) {
|
|
94
|
+
finalTransports = regInfo.transports;
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
const frontendCredentialId = credential.id || credential.rawId;
|
|
98
|
+
let storedCredentialId;
|
|
99
|
+
if (frontendCredentialId) {
|
|
100
|
+
storedCredentialId = frontendCredentialId;
|
|
101
|
+
}
|
|
102
|
+
else {
|
|
103
|
+
const credentialIdBuffer = Buffer.isBuffer(credentialID)
|
|
104
|
+
? credentialID
|
|
105
|
+
: Buffer.from(credentialID);
|
|
106
|
+
storedCredentialId = credentialIdBuffer.toString('base64url');
|
|
107
|
+
}
|
|
108
|
+
this.logger?.log?.('Passkey registration verified successfully', {
|
|
109
|
+
hasTransports: finalTransports.length > 0,
|
|
110
|
+
transports: finalTransports,
|
|
111
|
+
});
|
|
112
|
+
return {
|
|
113
|
+
verified: true,
|
|
114
|
+
credentialId: storedCredentialId,
|
|
115
|
+
publicKey: Buffer.from(credentialPublicKey).toString('base64url'),
|
|
116
|
+
counter,
|
|
117
|
+
transports: finalTransports,
|
|
118
|
+
};
|
|
119
|
+
}
|
|
120
|
+
async generateAuthenticationOptions(userDevices) {
|
|
121
|
+
this.logger?.log?.('Generating passkey authentication options');
|
|
122
|
+
const passkeyConfig = this.getPasskeyConfig();
|
|
123
|
+
const allowCredentials = userDevices
|
|
124
|
+
.filter((device) => device.type === core_1.MFAMethod.PASSKEY && device.isActive && device.credentialId)
|
|
125
|
+
.map((device) => {
|
|
126
|
+
let credentialId = device.credentialId;
|
|
127
|
+
if (credentialId.includes('+') || credentialId.includes('/')) {
|
|
128
|
+
const decoded = Buffer.from(credentialId, 'base64');
|
|
129
|
+
credentialId = decoded.toString('base64url');
|
|
130
|
+
}
|
|
131
|
+
return {
|
|
132
|
+
id: credentialId,
|
|
133
|
+
type: 'public-key',
|
|
134
|
+
transports: device.transports || undefined,
|
|
135
|
+
};
|
|
136
|
+
});
|
|
137
|
+
if (allowCredentials.length === 0) {
|
|
138
|
+
throw new core_1.NAuthException(core_1.AuthErrorCode.NOT_FOUND, 'No passkey devices registered');
|
|
139
|
+
}
|
|
140
|
+
const options = await (0, server_1.generateAuthenticationOptions)({
|
|
141
|
+
rpID: passkeyConfig.rpId,
|
|
142
|
+
timeout: passkeyConfig.timeout,
|
|
143
|
+
allowCredentials: allowCredentials.length > 0 ? allowCredentials : undefined,
|
|
144
|
+
userVerification: passkeyConfig.userVerification,
|
|
145
|
+
});
|
|
146
|
+
this.logger?.log?.('Passkey authentication options generated');
|
|
147
|
+
return {
|
|
148
|
+
options: options,
|
|
149
|
+
};
|
|
150
|
+
}
|
|
151
|
+
async verifyAuthentication(credential, expectedChallenge, device) {
|
|
152
|
+
this.logger?.log?.(`Verifying passkey authentication for device: ${device.name}`);
|
|
153
|
+
if (!device.credentialId || !device.publicKey || device.counter === null || device.counter === undefined) {
|
|
154
|
+
throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Invalid passkey device data');
|
|
155
|
+
}
|
|
156
|
+
const passkeyConfig = this.getPasskeyConfig();
|
|
157
|
+
let verification;
|
|
158
|
+
try {
|
|
159
|
+
let credentialIDBuffer;
|
|
160
|
+
try {
|
|
161
|
+
credentialIDBuffer = Buffer.from(device.credentialId, 'base64url');
|
|
162
|
+
}
|
|
163
|
+
catch {
|
|
164
|
+
credentialIDBuffer = Buffer.from(device.credentialId, 'base64');
|
|
165
|
+
}
|
|
166
|
+
let publicKeyBuffer;
|
|
167
|
+
try {
|
|
168
|
+
publicKeyBuffer = Buffer.from(device.publicKey, 'base64url');
|
|
169
|
+
}
|
|
170
|
+
catch {
|
|
171
|
+
publicKeyBuffer = Buffer.from(device.publicKey, 'base64');
|
|
172
|
+
}
|
|
173
|
+
verification = await (0, server_1.verifyAuthenticationResponse)({
|
|
174
|
+
response: credential,
|
|
175
|
+
expectedChallenge,
|
|
176
|
+
expectedOrigin: Array.isArray(passkeyConfig.origin) ? passkeyConfig.origin : [passkeyConfig.origin],
|
|
177
|
+
expectedRPID: passkeyConfig.rpId,
|
|
178
|
+
authenticator: {
|
|
179
|
+
credentialID: new Uint8Array(credentialIDBuffer),
|
|
180
|
+
credentialPublicKey: new Uint8Array(publicKeyBuffer),
|
|
181
|
+
counter: device.counter,
|
|
182
|
+
transports: device.transports || undefined,
|
|
183
|
+
},
|
|
184
|
+
requireUserVerification: passkeyConfig.userVerification === 'required',
|
|
185
|
+
});
|
|
186
|
+
}
|
|
187
|
+
catch (error) {
|
|
188
|
+
const errorMessage = error instanceof Error ? error.message : 'Unknown error';
|
|
189
|
+
this.logger?.error?.('Passkey authentication verification failed', {
|
|
190
|
+
error: errorMessage,
|
|
191
|
+
expectedRPID: passkeyConfig.rpId,
|
|
192
|
+
credentialId: `${credential.id.substring(0, 8)}...`,
|
|
193
|
+
});
|
|
194
|
+
throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, `Failed to verify passkey authentication: ${errorMessage}`);
|
|
195
|
+
}
|
|
196
|
+
if (!verification.verified) {
|
|
197
|
+
throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Passkey authentication failed verification');
|
|
198
|
+
}
|
|
199
|
+
this.logger?.log?.('Passkey authentication verified successfully');
|
|
200
|
+
return {
|
|
201
|
+
verified: true,
|
|
202
|
+
newCounter: verification.authenticationInfo.newCounter,
|
|
203
|
+
};
|
|
204
|
+
}
|
|
205
|
+
isSupported() {
|
|
206
|
+
try {
|
|
207
|
+
this.getPasskeyConfig();
|
|
208
|
+
return true;
|
|
209
|
+
}
|
|
210
|
+
catch {
|
|
211
|
+
return false;
|
|
212
|
+
}
|
|
213
|
+
}
|
|
214
|
+
maskCredentialId(credentialId) {
|
|
215
|
+
if (credentialId.length <= 8) {
|
|
216
|
+
return credentialId;
|
|
217
|
+
}
|
|
218
|
+
return `${credentialId.slice(0, 4)}...${credentialId.slice(-4)}`;
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
exports.PasskeyService = PasskeyService;
|
|
222
|
+
//# sourceMappingURL=passkey.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"passkey.service.js","sourceRoot":"","sources":["../../src/passkey.service.ts"],"names":[],"mappings":";;;AAAA,mDAOgC;AAMhC,8CAQ6B;AAe7B,MAAa,cAAc;IAON;IACA;IAPF,aAAa,GAA2B;QACvD,OAAO,EAAE,KAAK;QACd,gBAAgB,EAAE,WAAW;KAC9B,CAAC;IAEF,YACmB,MAAmB,EACnB,MAAmB;QADnB,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAa;IACnC,CAAC;IASI,gBAAgB;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC;QAE/C,IAAI,CAAC,aAAa,EAAE,MAAM,IAAI,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;YACnD,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,iBAAiB,EAAE,kDAAkD,CAAC,CAAC;QAChH,CAAC;QAGD,IAAI,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC;QAClC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,aAAa,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,WAAW,aAAa,CAAC,IAAI,EAAE,CAAC;QAC1G,CAAC;QAED,OAAO;YACL,GAAG,IAAI,CAAC,aAAa;YACrB,GAAG,aAAa;YAChB,MAAM;SACoB,CAAC;IAC/B,CAAC;IAWD,KAAK,CAAC,2BAA2B,CAC/B,MAAc,EACd,SAAiB,EACjB,QAAgB,EAChB,kBAAgC,EAAE;QAElC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,qDAAqD,SAAS,EAAE,CAAC,CAAC;QAErF,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAG9C,MAAM,kBAAkB,GAAG,eAAe;aACvC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAS,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,YAAY,CAAC;aAC/F,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAChB,EAAE,EAAE,MAAM,CAAC,YAAa;YACxB,IAAI,EAAE,YAAqB;YAC3B,UAAU,EAAG,MAAM,CAAC,UAA6C,IAAI,SAAS;SAC/E,CAAC,CAAC,CAAC;QAEN,MAAM,OAAO,GAAG,MAAM,IAAA,oCAA2B,EAAC;YAChD,MAAM,EAAE,aAAa,CAAC,MAAM;YAC5B,IAAI,EAAE,aAAa,CAAC,IAAI;YACxB,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;YACxC,QAAQ,EAAE,SAAS;YACnB,eAAe,EAAE,QAAQ,IAAI,SAAS;YACtC,OAAO,EAAE,aAAa,CAAC,OAAO;YAC9B,eAAe,EAAE,MAAM;YACvB,kBAAkB,EAAE,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS;YAClF,sBAAsB,EAAE;gBACtB,uBAAuB,EAAE,aAAa,CAAC,uBAAuB;gBAC9D,kBAAkB,EAAE,KAAK;gBACzB,gBAAgB,EAAE,aAAa,CAAC,gBAAgB;aACjD;YACD,qBAAqB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,+CAA+C,SAAS,EAAE,CAAC,CAAC;QAE/E,OAAO;YACL,OAAO,EAAE,OAAc;SACxB,CAAC;IACJ,CAAC;IAWD,KAAK,CAAC,kBAAkB,CACtB,UAAoC,EACpC,iBAAyB,EACzB,UAAqB;QAQrB,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,gCAAgC,CAAC,CAAC;QAErD,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAE9C,IAAI,YAA0C,CAAC;QAC/C,IAAI,CAAC;YACH,YAAY,GAAG,MAAM,IAAA,mCAA0B,EAAC;gBAC9C,QAAQ,EAAE,UAAU;gBACpB,iBAAiB;gBACjB,cAAc,EAAE,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC;gBACnG,YAAY,EAAE,aAAa,CAAC,IAAI;gBAChC,uBAAuB,EAAE,aAAa,CAAC,gBAAgB,KAAK,UAAU;aACvE,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,0CAA0C,EAAE;gBAC/D,KAAK,EAAE,YAAY;gBACnB,YAAY,EAAE,aAAa,CAAC,IAAI;gBAChC,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC;aACrG,CAAC,CAAC;YACH,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,iBAAiB,EAC/B,0CAA0C,YAAY,EAAE,CACzD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;YAC7D,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,iBAAiB,EAAE,0CAA0C,CAAC,CAAC;QACxG,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,mBAAmB,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC,gBAAgB,CAAC;QAGrF,IAAI,eAAe,GAAa,UAAU,IAAI,EAAE,CAAC;QACjD,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,YAAY,GAAG,YAAkD,CAAC;YACxE,MAAM,OAAO,GAAG,YAAY,CAAC,gBAA2C,CAAC;YACzE,IAAI,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC5D,eAAe,GAAG,OAAO,CAAC,UAAsB,CAAC;YACnD,CAAC;QACH,CAAC;QAID,MAAM,oBAAoB,GAAI,UAAkB,CAAC,EAAE,IAAK,UAAkB,CAAC,KAAK,CAAC;QAGjF,IAAI,kBAA0B,CAAC;QAC/B,IAAI,oBAAoB,EAAE,CAAC;YACzB,kBAAkB,GAAG,oBAAoB,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM,kBAAkB,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACtD,CAAC,CAAC,YAAY;gBACd,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,YAA4C,CAAC,CAAC;YAC9D,kBAAkB,GAAG,kBAAkB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,4CAA4C,EAAE;YAC/D,aAAa,EAAE,eAAe,CAAC,MAAM,GAAG,CAAC;YACzC,UAAU,EAAE,eAAe;SAC5B,CAAC,CAAC;QAEH,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,YAAY,EAAE,kBAAkB;YAChC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAW;YAC3E,OAAO;YACP,UAAU,EAAE,eAAe;SAC5B,CAAC;IACJ,CAAC;IAQD,KAAK,CAAC,6BAA6B,CAAC,WAAyB;QAC3D,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,2CAA2C,CAAC,CAAC;QAEhE,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAM9C,MAAM,gBAAgB,GAAG,WAAW;aACjC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAS,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,YAAY,CAAC;aAC/F,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;YACd,IAAI,YAAY,GAAG,MAAM,CAAC,YAAa,CAAC;YAGxC,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAE7D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;gBACpD,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC/C,CAAC;YAGD,OAAO;gBACL,EAAE,EAAE,YAAY;gBAChB,IAAI,EAAE,YAAqB;gBAC3B,UAAU,EAAG,MAAM,CAAC,UAA6C,IAAI,SAAS;aAC/E,CAAC;QACJ,CAAC,CAAC,CAAC;QAEL,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,SAAS,EAAE,+BAA+B,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAA,sCAA6B,EAAC;YAClD,IAAI,EAAE,aAAa,CAAC,IAAI;YACxB,OAAO,EAAE,aAAa,CAAC,OAAO;YAC9B,gBAAgB,EAAE,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;YAC5E,gBAAgB,EAAE,aAAa,CAAC,gBAAgB;SACjD,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,0CAA0C,CAAC,CAAC;QAE/D,OAAO;YACL,OAAO,EAAE,OAAc;SACxB,CAAC;IACJ,CAAC;IAWD,KAAK,CAAC,oBAAoB,CACxB,UAAsC,EACtC,iBAAyB,EACzB,MAAkB;QAKlB,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,gDAAgD,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAElF,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,OAAO,KAAK,IAAI,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACzG,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,iBAAiB,EAAE,6BAA6B,CAAC,CAAC;QAC3F,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAE9C,IAAI,YAA4C,CAAC;QACjD,IAAI,CAAC;YAGH,IAAI,kBAA0B,CAAC;YAC/B,IAAI,CAAC;gBAEH,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;YACrE,CAAC;YAAC,MAAM,CAAC;gBAEP,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;YAClE,CAAC;YAED,IAAI,eAAuB,CAAC;YAC5B,IAAI,CAAC;gBAEH,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;YAC/D,CAAC;YAAC,MAAM,CAAC;gBAEP,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC5D,CAAC;YAED,YAAY,GAAG,MAAM,IAAA,qCAA4B,EAAC;gBAChD,QAAQ,EAAE,UAAU;gBACpB,iBAAiB;gBACjB,cAAc,EAAE,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC;gBACnG,YAAY,EAAE,aAAa,CAAC,IAAI;gBAChC,aAAa,EAAE;oBACb,YAAY,EAAE,IAAI,UAAU,CAAC,kBAAkB,CAAC;oBAChD,mBAAmB,EAAE,IAAI,UAAU,CAAC,eAAe,CAAC;oBACpD,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,UAAU,EAAG,MAAM,CAAC,UAA6C,IAAI,SAAS;iBACxE;gBACR,uBAAuB,EAAE,aAAa,CAAC,gBAAgB,KAAK,UAAU;aACvE,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,4CAA4C,EAAE;gBACjE,KAAK,EAAE,YAAY;gBACnB,YAAY,EAAE,aAAa,CAAC,IAAI;gBAChC,YAAY,EAAE,GAAG,UAAU,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK;aACpD,CAAC,CAAC;YAEH,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,iBAAiB,EAC/B,4CAA4C,YAAY,EAAE,CAC3D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC3B,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,iBAAiB,EAAE,4CAA4C,CAAC,CAAC;QAC1G,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,8CAA8C,CAAC,CAAC;QAEnE,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,YAAY,CAAC,kBAAkB,CAAC,UAAU;SACvD,CAAC;IACJ,CAAC;IAOD,WAAW;QACT,IAAI,CAAC;YACH,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAQD,gBAAgB,CAAC,YAAoB;QACnC,IAAI,YAAY,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACnE,CAAC;CACF;AA1VD,wCA0VC"}
|