@nauth-toolkit/mfa-sms 0.1.3

package/LICENSE

@@ -0,0 +1,90 @@
+NAUTH TOOLKIT EARLY ACCESS LICENSE
+Version 1.0 (December 2025)
+
+================================================================================
+FUTURE OPEN SOURCE NOTICE
+================================================================================
+NAuth Toolkit will transition to an open-source license (MIT or Apache 2.0) for
+core authentication features once the project reaches production readiness.
+
+This Early Access License is temporary and designed to:
+• Allow developers to build with nauth-toolkit during preview/beta
+• Provide clear expectations during the pre-release phase
+• Enable feedback and real-world testing before GA
+
+We're committed to keeping core auth free and open source. Premium features
+(enterprise SSO, advanced compliance, hosted options) will be offered separately
+under fair commercial terms.
+
+================================================================================
+EARLY ACCESS LICENSE TERMS
+================================================================================
+
+1. Grant of Use
+   You are granted a free, non-exclusive, non-transferable license to:
+   - Install and use nauth-toolkit packages in development, testing, staging,
+     and production environments
+   - Modify the code for your own internal use
+   - Deploy applications using nauth-toolkit to serve your users
+
+   You may NOT:
+   - Redistribute NAuth Toolkit as a standalone product or service
+   - Sell, sublicense, or offer NAuth Toolkit as part of a competing auth
+     platform or toolkit
+   - Remove or alter copyright notices
+
+2. No Fees During Early Access
+   There are no license fees, subscription costs, or usage charges during the
+   Early Access period. You may use nauth-toolkit freely for commercial and
+   non-commercial purposes within the terms of this license.
+
+3. Production Use
+   Production use is permitted but comes with standard early-access caveats:
+   - Features and APIs may change between preview releases
+   - Support is community-based (GitHub issues/discussions)
+   - No SLA or guaranteed uptime (you run it on your infrastructure)
+
+   We recommend thorough testing and having rollback plans for critical systems.
+
+4. Future Transition
+   When nauth-toolkit releases v1.0 GA:
+   - Core packages will adopt an open-source license (MIT or Apache 2.0)
+   - Your existing deployments will continue to work
+   - Premium features (if any) will be clearly documented with separate licensing
+   - No forced upgrades or surprise fees
+
+5. Ownership
+   NAuth Toolkit is developed and maintained by Noorix Digital Solutions.
+   You retain full ownership of your applications and data.
+
+6. Data and Privacy
+   NAuth Toolkit runs in YOUR infrastructure and database. You control all data.
+   You are responsible for compliance with applicable data protection laws.
+
+7. Disclaimer of Warranty
+   THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
+
+8. Limitation of Liability
+   IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
+   SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS
+   OF PROFITS, REVENUE, DATA, OR USE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+   DAMAGES.
+
+9. Termination
+   This license remains in effect until:
+   - You stop using nauth-toolkit, or
+   - The project transitions to open source (at which point the new license applies)
+
+   If you breach these terms, your license terminates and you must stop using the
+   software.
+
+10. Contact and Support
+    - Documentation: https://nauth.dev
+    - Issues/Discussions: GitHub (when public repository launches)
+    - Commercial inquiries: Contact admin@noorix.com
+
+================================================================================
+Thank you for being an early adopter. Your feedback shapes the future of NAuth.
+================================================================================

package/README.md

@@ -0,0 +1,30 @@
+# @nauth-toolkit/mfa-sms
+
+SMS MFA provider for nauth-toolkit
+
+## ⚠️ Preview Release Notice
+
+**This is a preview release for internal testing. Do not use in production yet.**
+
+This package is part of nauth-toolkit and is currently in early access/preview. Features and APIs may change between releases. For production use, please wait for the stable v1.0 release.
+
+## Installation
+
+```bash
+npm install @nauth-toolkit/mfa-sms@preview
+# or
+yarn add @nauth-toolkit/mfa-sms@preview
+```
+
+## License
+
+See LICENSE file in the package root for full license terms.
+
+## Documentation
+
+Full documentation: https://nauth.dev
+
+## Support
+
+- Issues/Discussions: GitHub (when repository is public)
+- Documentation: https://nauth.dev

package/dist/nestjs/index.d.ts

@@ -0,0 +1,4 @@
+export { SMSMFAModule } from './sms-mfa.module';
+export * from '../src/sms-mfa-provider.service';
+export * from '../src/dto/mfa.dto';
+//# sourceMappingURL=index.d.ts.map

package/dist/nestjs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../nestjs/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAGhD,cAAc,iCAAiC,CAAC;AAChD,cAAc,oBAAoB,CAAC"}

package/dist/nestjs/index.js

@@ -0,0 +1,22 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SMSMFAModule = void 0;
+var sms_mfa_module_1 = require("./sms-mfa.module");
+Object.defineProperty(exports, "SMSMFAModule", { enumerable: true, get: function () { return sms_mfa_module_1.SMSMFAModule; } });
+__exportStar(require("../src/sms-mfa-provider.service"), exports);
+__exportStar(require("../src/dto/mfa.dto"), exports);
+//# sourceMappingURL=index.js.map

package/dist/nestjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../nestjs/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAMA,mDAAgD;AAAvC,8GAAA,YAAY,OAAA;AAGrB,kEAAgD;AAChD,qDAAmC"}

package/dist/nestjs/sms-mfa.module.d.ts

@@ -0,0 +1,10 @@
+import { OnModuleInit } from '@nestjs/common';
+import { SMSMFAProviderService } from '../src/sms-mfa-provider.service';
+import { MFAService } from '@nauth-toolkit/core';
+export declare class SMSMFAModule implements OnModuleInit {
+    private readonly smsMFAProvider;
+    private readonly mfaService;
+    constructor(smsMFAProvider: SMSMFAProviderService, mfaService: MFAService);
+    onModuleInit(): void;
+}
+//# sourceMappingURL=sms-mfa.module.d.ts.map

package/dist/nestjs/sms-mfa.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sms-mfa.module.d.ts","sourceRoot":"","sources":["../../nestjs/sms-mfa.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AAExE,OAAO,EAAE,UAAU,EAAyE,MAAM,qBAAqB,CAAC;AA0BxH,qBA2Ca,YAAa,YAAW,YAAY;IAE7C,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;gBADV,cAAc,EAAE,qBAAqB,EACrC,UAAU,EAAE,UAAU;IAMzC,YAAY,IAAI,IAAI;CAMrB"}

package/dist/nestjs/sms-mfa.module.js

@@ -0,0 +1,58 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SMSMFAModule = void 0;
+const common_1 = require("@nestjs/common");
+const sms_mfa_provider_service_1 = require("../src/sms-mfa-provider.service");
+const core_1 = require("@nauth-toolkit/core");
+const internal_1 = require("@nauth-toolkit/core/internal");
+let SMSMFAModule = class SMSMFAModule {
+    smsMFAProvider;
+    mfaService;
+    constructor(smsMFAProvider, mfaService) {
+        this.smsMFAProvider = smsMFAProvider;
+        this.mfaService = mfaService;
+    }
+    onModuleInit() {
+        if (!this.mfaService) {
+            throw new Error('MFAService is not available. Ensure AuthModule.forRoot() is imported before SMSMFAModule.');
+        }
+        this.mfaService.registerProvider(this.smsMFAProvider);
+    }
+};
+exports.SMSMFAModule = SMSMFAModule;
+exports.SMSMFAModule = SMSMFAModule = __decorate([
+    (0, common_1.Module)({
+        providers: [
+            {
+                provide: sms_mfa_provider_service_1.SMSMFAProviderService,
+                useFactory: (mfaDeviceRepository, userRepository, config, logger, passwordService, phoneVerificationService, challengeService, auditService, clientInfoService) => {
+                    return new sms_mfa_provider_service_1.SMSMFAProviderService(mfaDeviceRepository, userRepository, config, logger, passwordService, phoneVerificationService, challengeService, auditService, clientInfoService);
+                },
+                inject: [
+                    'MFADeviceRepository',
+                    'UserRepository',
+                    'NAUTH_CONFIG',
+                    'NAUTH_LOGGER',
+                    { token: internal_1.PasswordService, optional: true },
+                    { token: core_1.PhoneVerificationService, optional: true },
+                    { token: 'ChallengeService', optional: true },
+                    { token: internal_1.AuthAuditService, optional: true },
+                    { token: core_1.ClientInfoService, optional: true },
+                ],
+            },
+        ],
+        exports: [sms_mfa_provider_service_1.SMSMFAProviderService],
+    }),
+    __metadata("design:paramtypes", [sms_mfa_provider_service_1.SMSMFAProviderService,
+        core_1.MFAService])
+], SMSMFAModule);
+//# sourceMappingURL=sms-mfa.module.js.map

package/dist/nestjs/sms-mfa.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sms-mfa.module.js","sourceRoot":"","sources":["../../nestjs/sms-mfa.module.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAsD;AACtD,8EAAwE;AAExE,8CAAwH;AAExH,2DAA6G;AAmEtG,IAAM,YAAY,GAAlB,MAAM,YAAY;IAEJ;IACA;IAFnB,YACmB,cAAqC,EACrC,UAAsB;QADtB,mBAAc,GAAd,cAAc,CAAuB;QACrC,eAAU,GAAV,UAAU,CAAY;IACtC,CAAC;IAKJ,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,2FAA2F,CAAC,CAAC;QAC/G,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACxD,CAAC;CACF,CAAA;AAfY,oCAAY;uBAAZ,YAAY;IA3CxB,IAAA,eAAM,EAAC;QACN,SAAS,EAAE;YAET;gBACE,OAAO,EAAE,gDAAqB;gBAC9B,UAAU,EAAE,CACV,mBAA8C,EAC9C,cAAoC,EACpC,MAAmB,EACnB,MAAmB,EACnB,eAAgC,EAChC,wBAA8D,EAC9D,gBAAqB,EACrB,YAAiB,EACjB,iBAAsB,EACtB,EAAE;oBACF,OAAO,IAAI,gDAAqB,CAC9B,mBAAmB,EACnB,cAAc,EACd,MAAM,EACN,MAAM,EACN,eAAe,EACf,wBAAwB,EACxB,gBAAgB,EAChB,YAAY,EACZ,iBAAiB,CAClB,CAAC;gBACJ,CAAC;gBACD,MAAM,EAAE;oBACN,qBAAqB;oBACrB,gBAAgB;oBAChB,cAAc;oBACd,cAAc;oBACd,EAAE,KAAK,EAAE,0BAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;oBAC1C,EAAE,KAAK,EAAE,+BAAwB,EAAE,QAAQ,EAAE,IAAI,EAAE;oBACnD,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,IAAI,EAAE;oBAC7C,EAAE,KAAK,EAAE,2BAAwB,EAAE,QAAQ,EAAE,IAAI,EAAE;oBACnD,EAAE,KAAK,EAAE,wBAAiB,EAAE,QAAQ,EAAE,IAAI,EAAE;iBAC7C;aACF;SACF;QACD,OAAO,EAAE,CAAC,gDAAqB,CAAC;KACjC,CAAC;qCAGmC,gDAAqB;QACzB,iBAAU;GAH9B,YAAY,CAexB"}

package/dist/src/dto/mfa.dto.d.ts

@@ -0,0 +1,143 @@
+export interface MFAChallengeResponseDTO {
+    challengeName: 'MFA_REQUIRED';
+    session: string;
+    challengeParameters: {
+        availableMethods: Array<'totp' | 'sms' | 'passkey' | 'backup'>;
+        preferredMethod?: 'totp' | 'sms' | 'passkey';
+        maskedPhone?: string;
+    };
+}
+export interface VerifyMFACodeDTO {
+    session: string;
+    method: 'totp' | 'sms' | 'backup';
+    code: string;
+    trustDevice?: boolean;
+    deviceId?: string;
+}
+export interface VerifyPasskeyDTO {
+    session: string;
+    credential: {
+        id: string;
+        rawId: string;
+        response: {
+            clientDataJSON: string;
+            authenticatorData: string;
+            signature: string;
+            userHandle?: string;
+        };
+        type: 'public-key';
+    };
+    trustDevice?: boolean;
+}
+export interface SetupTOTPResponseDTO {
+    secret: string;
+    qrCode: string;
+    manualEntryKey: string;
+    issuer: string;
+    accountName: string;
+}
+export interface VerifyTOTPSetupDTO {
+    secret: string;
+    code: string;
+    deviceName?: string;
+}
+export interface SetupSMSMFADTO {
+    phoneNumber: string;
+    deviceName?: string;
+}
+export interface VerifySMSMFASetupDTO {
+    phoneNumber: string;
+    code: string;
+}
+export interface SendSMSMFACodeDTO {
+    session: string;
+}
+export interface SetupPasskeyResponseDTO {
+    options: {
+        challenge: string;
+        rp: {
+            name: string;
+            id: string;
+        };
+        user: {
+            id: string;
+            name: string;
+            displayName: string;
+        };
+        pubKeyCredParams: Array<{
+            type: 'public-key';
+            alg: number;
+        }>;
+        timeout: number;
+        attestation: 'none' | 'indirect' | 'direct';
+        authenticatorSelection?: {
+            authenticatorAttachment?: 'platform' | 'cross-platform';
+            requireResidentKey?: boolean;
+            userVerification?: 'required' | 'preferred' | 'discouraged';
+        };
+        excludeCredentials?: Array<{
+            id: string;
+            type: 'public-key';
+            transports?: string[];
+        }>;
+    };
+}
+export interface VerifyPasskeySetupDTO {
+    credential: {
+        id: string;
+        rawId: string;
+        response: {
+            clientDataJSON: string;
+            attestationObject: string;
+        };
+        type: 'public-key';
+    };
+    deviceName?: string;
+}
+export interface GetPasskeyChallengeResponseDTO {
+    options: {
+        challenge: string;
+        timeout: number;
+        rpId: string;
+        allowCredentials: Array<{
+            id: string;
+            type: 'public-key';
+            transports?: string[];
+        }>;
+        userVerification: 'required' | 'preferred' | 'discouraged';
+    };
+}
+export interface GenerateBackupCodesResponseDTO {
+    codes: string[];
+    generated: string;
+}
+export interface MFADeviceDTO {
+    id: number;
+    type: 'totp' | 'sms' | 'passkey';
+    name: string;
+    isActive: boolean;
+    isPrimary: boolean;
+    lastUsedAt?: string;
+    createdAt: string;
+    maskedPhone?: string;
+}
+export interface ListMFADevicesResponseDTO {
+    devices: MFADeviceDTO[];
+    hasBackupCodes: boolean;
+}
+export interface UpdateMFADeviceDTO {
+    name?: string;
+    isPrimary?: boolean;
+}
+export interface DisableMFADeviceDTO {
+    password: string;
+}
+export interface MFAStatusResponseDTO {
+    enabled: boolean;
+    required: boolean;
+    gracePeriodEnds?: string;
+    configuredMethods: Array<'totp' | 'sms' | 'passkey'>;
+    preferredMethod?: 'totp' | 'sms' | 'passkey';
+    hasBackupCodes: boolean;
+}
+//# sourceMappingURL=mfa.dto.d.ts.map

package/dist/src/dto/mfa.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa.dto.d.ts","sourceRoot":"","sources":["../../../src/dto/mfa.dto.ts"],"names":[],"mappings":"AAiCA,MAAM,WAAW,uBAAuB;IAItC,aAAa,EAAE,cAAc,CAAC;IAM9B,OAAO,EAAE,MAAM,CAAC;IAKhB,mBAAmB,EAAE;QAInB,gBAAgB,EAAE,KAAK,CAAC,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,QAAQ,CAAC,CAAC;QAK/D,eAAe,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;QAM7C,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AA6BD,MAAM,WAAW,gBAAgB;IAI/B,OAAO,EAAE,MAAM,CAAC;IAKhB,MAAM,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAC;IAKlC,IAAI,EAAE,MAAM,CAAC;IAQb,WAAW,CAAC,EAAE,OAAO,CAAC;IAMtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AA0BD,MAAM,WAAW,gBAAgB;IAI/B,OAAO,EAAE,MAAM,CAAC;IAKhB,UAAU,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE;YACR,cAAc,EAAE,MAAM,CAAC;YACvB,iBAAiB,EAAE,MAAM,CAAC;YAC1B,SAAS,EAAE,MAAM,CAAC;YAClB,UAAU,CAAC,EAAE,MAAM,CAAC;SACrB,CAAC;QACF,IAAI,EAAE,YAAY,CAAC;KACpB,CAAC;IAMF,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAuBD,MAAM,WAAW,oBAAoB;IAKnC,MAAM,EAAE,MAAM,CAAC;IAMf,MAAM,EAAE,MAAM,CAAC;IAOf,cAAc,EAAE,MAAM,CAAC;IAKvB,MAAM,EAAE,MAAM,CAAC;IAKf,WAAW,EAAE,MAAM,CAAC;CACrB;AAiBD,MAAM,WAAW,kBAAkB;IAIjC,MAAM,EAAE,MAAM,CAAC;IAKf,IAAI,EAAE,MAAM,CAAC;IAMb,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAoBD,MAAM,WAAW,cAAc;IAK7B,WAAW,EAAE,MAAM,CAAC;IAMpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAeD,MAAM,WAAW,oBAAoB;IAInC,WAAW,EAAE,MAAM,CAAC;IAKpB,IAAI,EAAE,MAAM,CAAC;CACd;AAcD,MAAM,WAAW,iBAAiB;IAIhC,OAAO,EAAE,MAAM,CAAC;CACjB;AA4BD,MAAM,WAAW,uBAAuB;IAKtC,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,EAAE,EAAE;YACF,IAAI,EAAE,MAAM,CAAC;YACb,EAAE,EAAE,MAAM,CAAC;SACZ,CAAC;QACF,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,WAAW,EAAE,MAAM,CAAC;SACrB,CAAC;QACF,gBAAgB,EAAE,KAAK,CAAC;YACtB,IAAI,EAAE,YAAY,CAAC;YACnB,GAAG,EAAE,MAAM,CAAC;SACb,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,GAAG,UAAU,GAAG,QAAQ,CAAC;QAC5C,sBAAsB,CAAC,EAAE;YACvB,uBAAuB,CAAC,EAAE,UAAU,GAAG,gBAAgB,CAAC;YACxD,kBAAkB,CAAC,EAAE,OAAO,CAAC;YAC7B,gBAAgB,CAAC,EAAE,UAAU,GAAG,WAAW,GAAG,aAAa,CAAC;SAC7D,CAAC;QACF,kBAAkB,CAAC,EAAE,KAAK,CAAC;YACzB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,YAAY,CAAC;YACnB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;SACvB,CAAC,CAAC;KACJ,CAAC;CACH;AAuBD,MAAM,WAAW,qBAAqB;IAIpC,UAAU,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE;YACR,cAAc,EAAE,MAAM,CAAC;YACvB,iBAAiB,EAAE,MAAM,CAAC;SAC3B,CAAC;QACF,IAAI,EAAE,YAAY,CAAC;KACpB,CAAC;IAMF,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAoBD,MAAM,WAAW,8BAA8B;IAK7C,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,gBAAgB,EAAE,KAAK,CAAC;YACtB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,YAAY,CAAC;YACnB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;SACvB,CAAC,CAAC;QACH,gBAAgB,EAAE,UAAU,GAAG,WAAW,GAAG,aAAa,CAAC;KAC5D,CAAC;CACH;AAwBD,MAAM,WAAW,8BAA8B;IAK7C,KAAK,EAAE,MAAM,EAAE,CAAC;IAKhB,SAAS,EAAE,MAAM,CAAC;CACnB;AAwBD,MAAM,WAAW,YAAY;IAI3B,EAAE,EAAE,MAAM,CAAC;IAKX,IAAI,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;IAKjC,IAAI,EAAE,MAAM,CAAC;IAKb,QAAQ,EAAE,OAAO,CAAC;IAKlB,SAAS,EAAE,OAAO,CAAC;IAKnB,UAAU,CAAC,EAAE,MAAM,CAAC;IAKpB,SAAS,EAAE,MAAM,CAAC;IAKlB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAkBD,MAAM,WAAW,yBAAyB;IAIxC,OAAO,EAAE,YAAY,EAAE,CAAC;IAKxB,cAAc,EAAE,OAAO,CAAC;CACzB;AAeD,MAAM,WAAW,kBAAkB;IAIjC,IAAI,CAAC,EAAE,MAAM,CAAC;IAKd,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAcD,MAAM,WAAW,mBAAmB;IAIlC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAuBD,MAAM,WAAW,oBAAoB;IAInC,OAAO,EAAE,OAAO,CAAC;IAKjB,QAAQ,EAAE,OAAO,CAAC;IAMlB,eAAe,CAAC,EAAE,MAAM,CAAC;IAKzB,iBAAiB,EAAE,KAAK,CAAC,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC,CAAC;IAKrD,eAAe,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;IAK7C,cAAc,EAAE,OAAO,CAAC;CACzB"}

package/dist/src/dto/mfa.dto.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=mfa.dto.js.map

package/dist/src/dto/mfa.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa.dto.js","sourceRoot":"","sources":["../../../src/dto/mfa.dto.ts"],"names":[],"mappings":""}

package/dist/src/index.d.ts

@@ -0,0 +1,3 @@
+export { SMSMFAProviderService } from './sms-mfa-provider.service';
+export * from './dto/mfa.dto';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,cAAc,eAAe,CAAC"}

package/dist/src/index.js

@@ -0,0 +1,21 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SMSMFAProviderService = void 0;
+var sms_mfa_provider_service_1 = require("./sms-mfa-provider.service");
+Object.defineProperty(exports, "SMSMFAProviderService", { enumerable: true, get: function () { return sms_mfa_provider_service_1.SMSMFAProviderService; } });
+__exportStar(require("./dto/mfa.dto"), exports);
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAOA,uEAAmE;AAA1D,iIAAA,qBAAqB,OAAA;AAC9B,gDAA8B"}

package/dist/src/sms-mfa-provider.service.d.ts

@@ -0,0 +1,18 @@
+import { Repository } from 'typeorm';
+import { BaseMFADevice, BaseUser, IUser, NAuthConfig, NAuthLogger, PhoneVerificationService, MFAMethod } from '@nauth-toolkit/core';
+import { BaseMFAProviderService } from '@nauth-toolkit/core/internal';
+export declare class SMSMFAProviderService extends BaseMFAProviderService {
+    private readonly phoneVerificationService?;
+    readonly methodName = MFAMethod.SMS;
+    constructor(mfaDeviceRepository: Repository<BaseMFADevice>, userRepository: Repository<BaseUser>, config: NAuthConfig, logger: NAuthLogger, passwordService: unknown, phoneVerificationService?: PhoneVerificationService | undefined, challengeService?: unknown, auditService?: unknown, clientInfoService?: unknown);
+    setup(user: IUser, setupData?: unknown): Promise<{
+        deviceId: number;
+        autoCompleted: true;
+    } | {
+        maskedPhone: string;
+    }>;
+    verifySetup(user: IUser, verificationData: unknown, deviceName?: string): Promise<number>;
+    verify(user: IUser, code: unknown, deviceId?: number): Promise<boolean>;
+    sendChallenge(user: IUser): Promise<string>;
+}
+//# sourceMappingURL=sms-mfa-provider.service.d.ts.map

package/dist/src/sms-mfa-provider.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sms-mfa-provider.service.d.ts","sourceRoot":"","sources":["../../src/sms-mfa-provider.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EACL,aAAa,EACb,QAAQ,EACR,KAAK,EACL,WAAW,EACX,WAAW,EAGX,wBAAwB,EACxB,SAAS,EAGV,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAyBtE,qBAAa,qBAAsB,SAAQ,sBAAsB;IAS7D,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IAR5C,QAAQ,CAAC,UAAU,iBAAiB;gBAGlC,mBAAmB,EAAE,UAAU,CAAC,aAAa,CAAC,EAC9C,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW,EACnB,eAAe,EAAE,OAAO,EACP,wBAAwB,CAAC,EAAE,wBAAwB,YAAA,EACpE,gBAAgB,CAAC,EAAE,OAAO,EAC1B,YAAY,CAAC,EAAE,OAAO,EACtB,iBAAiB,CAAC,EAAE,OAAO;IAmCvB,KAAK,CACT,IAAI,EAAE,KAAK,EACX,SAAS,CAAC,EAAE,OAAO,GAClB,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,IAAI,CAAA;KAAE,GAAG;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IAkGzE,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwFzF,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAkFvE,aAAa,CAAC,IAAI,EAAE,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC;CA2ClD"}

package/dist/src/sms-mfa-provider.service.js

@@ -0,0 +1,157 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SMSMFAProviderService = void 0;
+const core_1 = require("@nauth-toolkit/core");
+const internal_1 = require("@nauth-toolkit/core/internal");
+class SMSMFAProviderService extends internal_1.BaseMFAProviderService {
+    phoneVerificationService;
+    methodName = core_1.MFAMethod.SMS;
+    constructor(mfaDeviceRepository, userRepository, config, logger, passwordService, phoneVerificationService, challengeService, auditService, clientInfoService) {
+        super(mfaDeviceRepository, userRepository, config, logger, passwordService, challengeService, auditService, clientInfoService);
+        this.phoneVerificationService = phoneVerificationService;
+    }
+    async setup(user, setupData) {
+        this.logger?.log?.(`Setting up SMS MFA for user: ${user.sub}`);
+        if (!this.isMethodAllowed()) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'SMS MFA is not enabled', { feature: 'sms-mfa' });
+        }
+        const dto = setupData;
+        const userEntity = user;
+        const isPhoneVerified = userEntity.isPhoneVerified || false;
+        const phoneNumber = dto?.phoneNumber || userEntity.phone;
+        if (!phoneNumber) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.PHONE_REQUIRED, 'Phone number is required for SMS MFA setup. Please provide a phone number.');
+        }
+        if (isPhoneVerified) {
+            this.logger?.log?.(`Phone already verified for user ${user.sub}, auto-completing SMS MFA setup`);
+            const deviceId = await this.verifySetup(user, {
+                phoneNumber,
+                code: '',
+            }, dto?.deviceName);
+            return { deviceId, autoCompleted: true };
+        }
+        if (!this.phoneVerificationService) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Phone verification service is not available. SMS provider must be configured.');
+        }
+        const sendDto = new core_1.SendVerificationSMSDTO();
+        sendDto.sub = user.sub;
+        const setupDataWithSession = setupData;
+        if (setupDataWithSession?.challengeSessionId) {
+            sendDto.challengeSessionId = setupDataWithSession.challengeSessionId;
+            this.logger?.debug?.(`Linking SMS verification token to challenge session: challengeSessionId=${setupDataWithSession.challengeSessionId}`);
+        }
+        else {
+            this.logger?.warn?.(`No challengeSessionId provided in setupData for SMS MFA setup. Token will not be linked to challenge session.`);
+        }
+        await this.phoneVerificationService.sendVerificationSMS(sendDto);
+        const maskedPhone = this.maskPhone(phoneNumber);
+        this.logger?.log?.(`SMS MFA code sent to: ${maskedPhone}`);
+        return { maskedPhone };
+    }
+    async verifySetup(user, verificationData, deviceName) {
+        this.logger?.log?.(`Verifying SMS MFA setup for user: ${user.sub}`);
+        const dto = verificationData;
+        const userEntity = user;
+        const userId = userEntity.id;
+        const userMfaEnabled = userEntity.mfaEnabled || false;
+        const isPhoneVerified = userEntity.isPhoneVerified || false;
+        if (!isPhoneVerified) {
+            if (!this.phoneVerificationService) {
+                throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Phone verification service is not available. SMS provider must be configured.');
+            }
+            if (!dto.code || dto.code.trim() === '') {
+                throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Verification code is required');
+            }
+            try {
+                const verifyDto = new core_1.VerifyPhoneWithCodeBySubDTO();
+                verifyDto.sub = user.sub;
+                verifyDto.code = dto.code;
+                await this.phoneVerificationService.verifyPhoneWithCodeBySub(verifyDto);
+                this.logger?.log?.(`Phone verified during SMS MFA setup for user ${user.sub} - phone is now marked as verified in database`);
+            }
+            catch (error) {
+                const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                this.logger?.error?.(`Failed to verify phone during SMS MFA setup for user ${user.sub}: ${errorMessage}`, error);
+                throw new core_1.NAuthException(core_1.AuthErrorCode.VERIFICATION_CODE_INVALID, 'Invalid SMS code');
+            }
+        }
+        else {
+            this.logger?.log?.(`Phone already verified for user ${user.sub}, skipping SMS code verification during MFA setup`);
+        }
+        const device = await this.createDevice(userId, {
+            name: deviceName || 'SMS Phone',
+            phoneNumber: dto.phoneNumber,
+            isActive: true,
+            isPrimary: !userMfaEnabled,
+        });
+        await this.enableMFAForUser(user);
+        this.logger?.log?.(`SMS MFA setup completed for user: ${user.sub}`);
+        return device.id;
+    }
+    async verify(user, code, deviceId) {
+        this.logger?.log?.(`Verifying SMS code for user: ${user.sub}`);
+        if (!this.phoneVerificationService) {
+            this.logger?.warn?.('SMS verification attempted but phone verification service is not available');
+            return false;
+        }
+        const smsCode = code;
+        if (!smsCode || typeof smsCode !== 'string') {
+            this.logger?.warn?.('Invalid SMS code format');
+            return false;
+        }
+        const userEntity = user;
+        const userId = userEntity.id;
+        const isPhoneVerified = userEntity.isPhoneVerified || false;
+        const device = deviceId ? await this.findDevice(userId, deviceId) : null;
+        try {
+            const verifyDto = new core_1.VerifyPhoneWithCodeBySubDTO();
+            verifyDto.sub = user.sub;
+            verifyDto.code = smsCode;
+            await this.phoneVerificationService.verifyPhoneWithCodeBySub(verifyDto);
+            if (!isPhoneVerified) {
+                this.logger?.log?.(`SMS code verified and phone marked as verified during MFA for user: ${user.sub}`);
+            }
+            else {
+                this.logger?.log?.(`SMS code verified for MFA (phone already verified) for user: ${user.sub}`);
+            }
+            if (device) {
+                await this.updateDeviceUsage(device.id);
+            }
+            this.logger?.log?.(`SMS code verified successfully for user: ${user.sub}`);
+            return true;
+        }
+        catch (error) {
+            if (error instanceof core_1.NAuthException) {
+                throw error;
+            }
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            const errorCode = error?.code || 'UNKNOWN';
+            this.logger?.warn?.(`SMS code verification failed for user: ${user.sub}, code: ${smsCode}, error: ${errorCode} - ${errorMessage}`);
+            return false;
+        }
+    }
+    async sendChallenge(user) {
+        this.logger?.log?.(`Sending SMS MFA code for user: ${user.sub}`);
+        const userEntity = user;
+        const userId = userEntity.id;
+        const device = await this.findDevice(userId);
+        if (!device) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.NOT_FOUND, 'No SMS device registered', { deviceType: 'sms' });
+        }
+        const phoneNumber = device.phoneNumber || userEntity.phone;
+        if (!phoneNumber) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'No phone number found for SMS MFA. Please update your profile or re-setup SMS MFA.', { deviceType: 'sms' });
+        }
+        if (!this.phoneVerificationService) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.VALIDATION_FAILED, 'Phone verification service is not available. SMS provider must be configured.');
+        }
+        const sendDto = new core_1.SendVerificationSMSDTO();
+        sendDto.sub = user.sub;
+        sendDto.skipAlreadyVerifiedCheck = true;
+        await this.phoneVerificationService.sendVerificationSMS(sendDto);
+        this.logger?.log?.(`SMS MFA code sent for user: ${user.sub}`);
+        return this.maskPhone(phoneNumber);
+    }
+}
+exports.SMSMFAProviderService = SMSMFAProviderService;
+//# sourceMappingURL=sms-mfa-provider.service.js.map

package/dist/src/sms-mfa-provider.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sms-mfa-provider.service.js","sourceRoot":"","sources":["../../src/sms-mfa-provider.service.ts"],"names":[],"mappings":";;;AAEA,8CAY6B;AAE7B,2DAAsE;AAyBtE,MAAa,qBAAsB,SAAQ,iCAAsB;IAS5C;IARV,UAAU,GAAG,gBAAS,CAAC,GAAG,CAAC;IAEpC,YACE,mBAA8C,EAC9C,cAAoC,EACpC,MAAmB,EACnB,MAAmB,EACnB,eAAwB,EACP,wBAAmD,EACpE,gBAA0B,EAC1B,YAAsB,EACtB,iBAA2B;QAE3B,KAAK,CACH,mBAAmB,EACnB,cAAc,EACd,MAAM,EACN,MAAM,EACN,eAAe,EACf,gBAAuB,EACvB,YAAmB,EACnB,iBAAwB,CACzB,CAAC;QAde,6BAAwB,GAAxB,wBAAwB,CAA2B;IAetE,CAAC;IAuBD,KAAK,CAAC,KAAK,CACT,IAAW,EACX,SAAmB;QAEnB,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,gCAAgC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAG/D,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC5B,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,iBAAiB,EAAE,wBAAwB,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9G,CAAC;QAED,MAAM,GAAG,GAAG,SAAuC,CAAC;QACpD,MAAM,UAAU,GAAG,IAA0C,CAAC;QAC9D,MAAM,eAAe,GAAI,UAAU,CAAC,eAA2B,IAAI,KAAK,CAAC;QAGzE,MAAM,WAAW,GAAG,GAAG,EAAE,WAAW,IAAK,UAAU,CAAC,KAA4B,CAAC;QAEjF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,cAAc,EAC5B,4EAA4E,CAC7E,CAAC;QACJ,CAAC;QAMD,IAAI,eAAe,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,mCAAmC,IAAI,CAAC,GAAG,iCAAiC,CAAC,CAAC;YAEjG,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CACrC,IAAI,EACJ;gBACE,WAAW;gBACX,IAAI,EAAE,EAAE;aACT,EACD,GAAG,EAAE,UAAU,CAChB,CAAC;YACF,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QAC3C,CAAC;QAID,IAAI,CAAC,IAAI,CAAC,wBAAwB,EAAE,CAAC;YACnC,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,iBAAiB,EAC/B,+EAA+E,CAChF,CAAC;QACJ,CAAC;QAID,MAAM,OAAO,GAAG,IAAI,6BAAsB,EAAE,CAAC;QAC7C,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACvB,MAAM,oBAAoB,GAAG,SAA2E,CAAC;QACzG,IAAI,oBAAoB,EAAE,kBAAkB,EAAE,CAAC;YAC7C,OAAO,CAAC,kBAAkB,GAAG,oBAAoB,CAAC,kBAAkB,CAAC;YACrE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,2EAA2E,oBAAoB,CAAC,kBAAkB,EAAE,CACrH,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CACjB,+GAA+G,CAChH,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,CAAC,wBAAwB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAEjE,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,yBAAyB,WAAW,EAAE,CAAC,CAAC;QAG3D,OAAO,EAAE,WAAW,EAAE,CAAC;IACzB,CAAC;IA2BD,KAAK,CAAC,WAAW,CAAC,IAAW,EAAE,gBAAyB,EAAE,UAAmB;QAC3E,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,qCAAqC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAEpE,MAAM,GAAG,GAAG,gBAAwC,CAAC;QACrD,MAAM,UAAU,GAAG,IAA0C,CAAC;QAC9D,MAAM,MAAM,GAAG,UAAU,CAAC,EAAY,CAAC;QACvC,MAAM,cAAc,GAAI,UAAU,CAAC,UAAsB,IAAI,KAAK,CAAC;QACnE,MAAM,eAAe,GAAI,UAAU,CAAC,eAA2B,IAAI,KAAK,CAAC;QAMzE,IAAI,CAAC,eAAe,EAAE,CAAC;YAErB,IAAI,CAAC,IAAI,CAAC,wBAAwB,EAAE,CAAC;gBACnC,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,iBAAiB,EAC/B,+EAA+E,CAChF,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBACxC,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,iBAAiB,EAAE,+BAA+B,CAAC,CAAC;YAC7F,CAAC;YAED,IAAI,CAAC;gBAEH,MAAM,SAAS,GAAG,IAAI,kCAA2B,EAAE,CAAC;gBACpD,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;gBACzB,SAAS,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;gBAC1B,MAAM,IAAI,CAAC,wBAAwB,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC;gBACxE,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAChB,gDAAgD,IAAI,CAAC,GAAG,gDAAgD,CACzG,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAEf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,wDAAwD,IAAI,CAAC,GAAG,KAAK,YAAY,EAAE,EACnF,KAAK,CACN,CAAC;gBACF,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,yBAAyB,EAAE,kBAAkB,CAAC,CAAC;YACxF,CAAC;QACH,CAAC;aAAM,CAAC;YAEN,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAChB,mCAAmC,IAAI,CAAC,GAAG,mDAAmD,CAC/F,CAAC;QACJ,CAAC;QAQD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE;YAC7C,IAAI,EAAE,UAAU,IAAI,WAAW;YAC/B,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,CAAC,cAAc;SAC3B,CAAC,CAAC;QAGH,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAElC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,qCAAqC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAEpE,OAAO,MAAM,CAAC,EAAE,CAAC;IACnB,CAAC;IAkBD,KAAK,CAAC,MAAM,CAAC,IAAW,EAAE,IAAa,EAAE,QAAiB;QACxD,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,gCAAgC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAG/D,IAAI,CAAC,IAAI,CAAC,wBAAwB,EAAE,CAAC;YACnC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,4EAA4E,CAAC,CAAC;YAClG,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,OAAO,GAAG,IAAc,CAAC;QAC/B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,yBAAyB,CAAC,CAAC;YAC/C,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,MAAM,UAAU,GAAG,IAA0C,CAAC;QAC9D,MAAM,MAAM,GAAG,UAAU,CAAC,EAAY,CAAC;QACvC,MAAM,eAAe,GAAI,UAAU,CAAC,eAA2B,IAAI,KAAK,CAAC;QAGzE,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAGzE,IAAI,CAAC;YAQH,MAAM,SAAS,GAAG,IAAI,kCAA2B,EAAE,CAAC;YACpD,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;YACzB,SAAS,CAAC,IAAI,GAAG,OAAO,CAAC;YACzB,MAAM,IAAI,CAAC,wBAAwB,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC;YAExE,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,uEAAuE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACxG,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,gEAAgE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACjG,CAAC;YAGD,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC1C,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,4CAA4C,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAC3E,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAGf,IAAI,KAAK,YAAY,qBAAc,EAAE,CAAC;gBACpC,MAAM,KAAK,CAAC;YACd,CAAC;YAGD,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5E,MAAM,SAAS,GAAI,KAAa,EAAE,IAAI,IAAI,SAAS,CAAC;YACpD,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CACjB,0CAA0C,IAAI,CAAC,GAAG,WAAW,OAAO,YAAY,SAAS,MAAM,YAAY,EAAE,CAC9G,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAiBD,KAAK,CAAC,aAAa,CAAC,IAAW;QAC7B,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,kCAAkC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAGjE,MAAM,UAAU,GAAG,IAA0C,CAAC;QAC9D,MAAM,MAAM,GAAG,UAAU,CAAC,EAAY,CAAC;QAGvC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,SAAS,EAAE,0BAA0B,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;QACvG,CAAC;QAID,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAK,UAAU,CAAC,KAA4B,CAAC;QACnF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,iBAAiB,EAC/B,oFAAoF,EACpF,EAAE,UAAU,EAAE,KAAK,EAAE,CACtB,CAAC;QACJ,CAAC;QAGD,IAAI,CAAC,IAAI,CAAC,wBAAwB,EAAE,CAAC;YACnC,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,iBAAiB,EAC/B,+EAA+E,CAChF,CAAC;QACJ,CAAC;QAID,MAAM,OAAO,GAAG,IAAI,6BAAsB,EAAE,CAAC;QAC7C,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC;QACxC,MAAM,IAAI,CAAC,wBAAwB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAEjE,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,+BAA+B,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAE9D,OAAO,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACrC,CAAC;CACF;AAzWD,sDAyWC"}