npm - @naylence/advanced-security - Versions diffs - 0.3.0 - Mend

@naylence/advanced-security 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (304) hide show

package/dist/cjs/naylence/fame/stickiness/aft-verifier.js ADDED Viewed

@@ -0,0 +1,297 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SidOnlyAFTVerifier = exports.SignedOptionalAFTVerifier = exports.StrictAFTVerifier = void 0;
+exports.createAftVerifier = createAftVerifier;
+const jose_1 = require("jose");
+const runtime_1 = require("@naylence/runtime");
+const aft_utils_js_1 = require("./aft-utils.js");
+const stickiness_mode_js_1 = require("./stickiness-mode.js");
+const logger = (0, runtime_1.getLogger)("naylence.fame.stickiness.aft_verifier");
+function decodeToken(token) {
+    const parts = token.split(".");
+    if (parts.length !== 3) {
+        return null;
+    }
+    const [headerB64, payloadB64] = parts;
+    if (!headerB64 || !payloadB64) {
+        return null;
+    }
+    try {
+        const headerJson = (0, aft_utils_js_1.utf8Decode)((0, aft_utils_js_1.base64UrlDecode)(headerB64));
+        const payloadJson = (0, aft_utils_js_1.utf8Decode)((0, aft_utils_js_1.base64UrlDecode)(payloadB64));
+        const headerData = JSON.parse(headerJson);
+        const payloadData = JSON.parse(payloadJson);
+        const header = {
+            alg: String(headerData.alg ?? ""),
+            kid: String(headerData.kid ?? ""),
+        };
+        const claims = {
+            sid: String(payloadData.sid ?? ""),
+            exp: Number(payloadData.exp ?? 0),
+        };
+        if (typeof payloadData.scp === "string" && payloadData.scp.length > 0) {
+            claims.scp = payloadData.scp;
+        }
+        if (typeof payloadData.client_sid === "string" &&
+            payloadData.client_sid.length > 0) {
+            claims.client_sid = payloadData.client_sid;
+        }
+        return { header, claims };
+    }
+    catch (error) {
+        logger.debug("aft_decoding_failed", {
+            error: error instanceof Error ? error.message : String(error),
+        });
+        return null;
+    }
+}
+class BaseAFTVerifier {
+    constructor(defaultTtlSec = 30) {
+        this.defaultTtlSec = defaultTtlSec;
+    }
+    async verify(token, expectedSid) {
+        const decoded = decodeToken(token);
+        if (!decoded) {
+            return {
+                valid: false,
+                trustLevel: "untrusted",
+                error: "Invalid token format - expected 3 parts",
+            };
+        }
+        const { header, claims } = decoded;
+        if (!header.alg || !header.kid) {
+            return {
+                valid: false,
+                trustLevel: "untrusted",
+                error: "Missing algorithm or key ID",
+            };
+        }
+        if (!claims.sid || !Number.isFinite(claims.exp)) {
+            return {
+                valid: false,
+                trustLevel: "untrusted",
+                error: "Token missing required claims",
+            };
+        }
+        const currentTime = Math.floor(Date.now() / 1000);
+        if (claims.exp <= currentTime) {
+            return {
+                valid: false,
+                sid: claims.sid,
+                exp: claims.exp,
+                scope: claims.scp ?? undefined,
+                clientSid: claims.client_sid ?? undefined,
+                trustLevel: "untrusted",
+                error: "Token expired",
+            };
+        }
+        if (expectedSid && claims.sid !== expectedSid) {
+            return {
+                valid: false,
+                sid: claims.sid,
+                exp: claims.exp,
+                scope: claims.scp ?? undefined,
+                clientSid: claims.client_sid ?? undefined,
+                trustLevel: "untrusted",
+                error: `SID mismatch: expected ${expectedSid}, got ${claims.sid}`,
+            };
+        }
+        let signatureValid = false;
+        try {
+            signatureValid = await this.verifySignature(token, header, claims);
+        }
+        catch (error) {
+            logger.debug("aft_signature_verification_failed", {
+                kid: header.kid,
+                algorithm: header.alg,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            signatureValid = false;
+        }
+        if (!signatureValid) {
+            return {
+                valid: false,
+                sid: claims.sid,
+                exp: claims.exp,
+                scope: claims.scp ?? undefined,
+                clientSid: claims.client_sid ?? undefined,
+                trustLevel: "untrusted",
+                error: "Invalid signature",
+            };
+        }
+        const trustLevel = header.alg === "none" ? "low-trust" : "trusted";
+        return {
+            valid: true,
+            sid: claims.sid,
+            exp: claims.exp,
+            scope: claims.scp ?? undefined,
+            clientSid: claims.client_sid ?? undefined,
+            trustLevel,
+        };
+    }
+}
+class StrictAFTVerifier extends BaseAFTVerifier {
+    constructor(keyProvider, defaultTtlSec = 30) {
+        super(defaultTtlSec);
+        this.keyProvider = keyProvider;
+    }
+    get securityLevel() {
+        return stickiness_mode_js_1.StickinessMode.STRICT;
+    }
+    async verifySignature(token, header) {
+        if (header.alg === "none") {
+            return false;
+        }
+        let keyRecord;
+        try {
+            keyRecord = await this.keyProvider.getKey(header.kid);
+        }
+        catch (error) {
+            logger.debug("aft_public_key_missing", {
+                kid: header.kid,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return false;
+        }
+        const key = await resolveVerificationKey(keyRecord, header.alg);
+        if (!key) {
+            return false;
+        }
+        try {
+            const { protectedHeader } = await (0, jose_1.compactVerify)(token, key);
+            return protectedHeader.alg === header.alg;
+        }
+        catch (error) {
+            logger.debug("aft_jws_verification_failed", {
+                kid: header.kid,
+                algorithm: header.alg,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return false;
+        }
+    }
+}
+exports.StrictAFTVerifier = StrictAFTVerifier;
+class SignedOptionalAFTVerifier extends BaseAFTVerifier {
+    constructor(keyProvider, defaultTtlSec = 30) {
+        super(defaultTtlSec);
+        this.keyProvider = keyProvider;
+    }
+    get securityLevel() {
+        return stickiness_mode_js_1.StickinessMode.SIGNED_OPTIONAL;
+    }
+    async verifySignature(token, header) {
+        if (header.alg === "none") {
+            return true;
+        }
+        if (!this.keyProvider) {
+            return false;
+        }
+        let keyRecord;
+        try {
+            keyRecord = await this.keyProvider.getKey(header.kid);
+        }
+        catch (error) {
+            logger.debug("aft_public_key_missing", {
+                kid: header.kid,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return false;
+        }
+        const key = await resolveVerificationKey(keyRecord, header.alg);
+        if (!key) {
+            return false;
+        }
+        try {
+            const { protectedHeader } = await (0, jose_1.compactVerify)(token, key);
+            return protectedHeader.alg === header.alg;
+        }
+        catch (error) {
+            logger.debug("aft_jws_verification_failed", {
+                kid: header.kid,
+                algorithm: header.alg,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return false;
+        }
+    }
+}
+exports.SignedOptionalAFTVerifier = SignedOptionalAFTVerifier;
+class SidOnlyAFTVerifier extends BaseAFTVerifier {
+    constructor(defaultTtlSec = 30) {
+        super(defaultTtlSec);
+    }
+    get securityLevel() {
+        return stickiness_mode_js_1.StickinessMode.SID_ONLY;
+    }
+    async verify(_token, _expectedSid) {
+        return {
+            valid: false,
+            trustLevel: "untrusted",
+            error: "SID-only mode ignores AFTs",
+        };
+    }
+    async verifySignature() {
+        return false;
+    }
+}
+exports.SidOnlyAFTVerifier = SidOnlyAFTVerifier;
+async function resolveVerificationKey(keyRecord, algorithm) {
+    const jwkCandidate = keyRecord;
+    if (typeof jwkCandidate.kty === "string") {
+        try {
+            const key = await (0, jose_1.importJWK)(jwkCandidate, algorithm);
+            return key;
+        }
+        catch (error) {
+            logger.debug("aft_jwk_import_failed", {
+                kid: keyRecord.kid,
+                algorithm,
+                error: error instanceof Error ? error.message : String(error),
+            });
+        }
+    }
+    let pem = null;
+    const record = keyRecord;
+    if (typeof record.public_key_pem === "string") {
+        pem = record.public_key_pem;
+    }
+    else if (typeof record.publicKeyPem === "string") {
+        pem = record.publicKeyPem;
+    }
+    if (typeof pem === "string" && pem.length > 0) {
+        try {
+            const key = await (0, jose_1.importSPKI)(pem, algorithm);
+            return key;
+        }
+        catch (error) {
+            logger.debug("aft_spki_import_failed", {
+                kid: keyRecord.kid,
+                algorithm,
+                error: error instanceof Error ? error.message : String(error),
+            });
+        }
+    }
+    logger.debug("aft_verification_key_unavailable", {
+        kid: keyRecord.kid,
+        algorithm,
+    });
+    return null;
+}
+function createAftVerifier(options) {
+    const { securityLevel, keyProvider, defaultTtlSec = 30 } = options;
+    switch (securityLevel) {
+        case stickiness_mode_js_1.StickinessMode.STRICT:
+            if (!keyProvider) {
+                throw new Error("StrictAFTVerifier requires a KeyProvider instance");
+            }
+            return new StrictAFTVerifier(keyProvider, defaultTtlSec);
+        case stickiness_mode_js_1.StickinessMode.SIGNED_OPTIONAL:
+            return new SignedOptionalAFTVerifier(keyProvider, defaultTtlSec);
+        case stickiness_mode_js_1.StickinessMode.SID_ONLY:
+            return new SidOnlyAFTVerifier(defaultTtlSec);
+        default:
+            throw new Error(`Unknown security level: ${securityLevel}`);
+    }
+}
+//# sourceMappingURL=aft-verifier.js.map

package/dist/cjs/naylence/fame/stickiness/aft-verifier.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"aft-verifier.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/aft-verifier.ts"],"names":[],"mappings":";;;AAiYA,8CAkBC;AAnZD,+BAA4D;AAG5D,+CAA8C;AAG9C,iDAA6D;AAC7D,6DAAsD;AAEtD,MAAM,MAAM,GAAG,IAAA,mBAAS,EAAC,uCAAuC,CAAC,CAAC;AA+BlE,SAAS,WAAW,CAAC,KAAa;IAChC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,KAAK,CAAC;IACtC,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAA,yBAAU,EAAC,IAAA,8BAAe,EAAC,SAAS,CAAC,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,IAAA,yBAAU,EAAC,IAAA,8BAAe,EAAC,UAAU,CAAC,CAAC,CAAC;QAE5D,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAA4B,CAAC;QACrE,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAA4B,CAAC;QAEvE,MAAM,MAAM,GAAc;YACxB,GAAG,EAAE,MAAM,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,CAAC;YACjC,GAAG,EAAE,MAAM,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,CAAC;SAClC,CAAC;QAEF,MAAM,MAAM,GAAc;YACxB,GAAG,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,CAAC;YAClC,GAAG,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;SAClC,CAAC;QAEF,IAAI,OAAO,WAAW,CAAC,GAAG,KAAK,QAAQ,IAAI,WAAW,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtE,MAAM,CAAC,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC;QAC/B,CAAC;QAED,IACE,OAAO,WAAW,CAAC,UAAU,KAAK,QAAQ;YAC1C,WAAW,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EACjC,CAAC;YACD,MAAM,CAAC,UAAU,GAAG,WAAW,CAAC,UAAU,CAAC;QAC7C,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC5B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;YAClC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAe,eAAe;IAG5B,YAAsB,gBAAwB,EAAE;QAC9C,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACrC,CAAC;IAUM,KAAK,CAAC,MAAM,CACjB,KAAa,EACb,WAA2B;QAE3B,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,UAAU,EAAE,WAAW;gBACvB,KAAK,EAAE,yCAAyC;aACjD,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;QAEnC,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAC/B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,UAAU,EAAE,WAAW;gBACvB,KAAK,EAAE,6BAA6B;aACrC,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,UAAU,EAAE,WAAW;gBACvB,KAAK,EAAE,+BAA+B;aACvC,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAClD,IAAI,MAAM,CAAC,GAAG,IAAI,WAAW,EAAE,CAAC;YAC9B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,KAAK,EAAE,MAAM,CAAC,GAAG,IAAI,SAAS;gBAC9B,SAAS,EAAE,MAAM,CAAC,UAAU,IAAI,SAAS;gBACzC,UAAU,EAAE,WAAW;gBACvB,KAAK,EAAE,eAAe;aACvB,CAAC;QACJ,CAAC;QAED,IAAI,WAAW,IAAI,MAAM,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;YAC9C,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,KAAK,EAAE,MAAM,CAAC,GAAG,IAAI,SAAS;gBAC9B,SAAS,EAAE,MAAM,CAAC,UAAU,IAAI,SAAS;gBACzC,UAAU,EAAE,WAAW;gBACvB,KAAK,EAAE,0BAA0B,WAAW,SAAS,MAAM,CAAC,GAAG,EAAE;aAClE,CAAC;QACJ,CAAC;QAED,IAAI,cAAc,GAAG,KAAK,CAAC;QAC3B,IAAI,CAAC;YACH,cAAc,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACrE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE;gBAChD,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,SAAS,EAAE,MAAM,CAAC,GAAG;gBACrB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,cAAc,GAAG,KAAK,CAAC;QACzB,CAAC;QAED,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,KAAK,EAAE,MAAM,CAAC,GAAG,IAAI,SAAS;gBAC9B,SAAS,EAAE,MAAM,CAAC,UAAU,IAAI,SAAS;gBACzC,UAAU,EAAE,WAAW;gBACvB,KAAK,EAAE,mBAAmB;aAC3B,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GACd,MAAM,CAAC,GAAG,KAAK,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;QAElD,OAAO;YACL,KAAK,EAAE,IAAI;YACX,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,KAAK,EAAE,MAAM,CAAC,GAAG,IAAI,SAAS;YAC9B,SAAS,EAAE,MAAM,CAAC,UAAU,IAAI,SAAS;YACzC,UAAU;SACX,CAAC;IACJ,CAAC;CACF;AAED,MAAa,iBAAkB,SAAQ,eAAe;IAGpD,YAAmB,WAAwB,EAAE,gBAAwB,EAAE;QACrE,KAAK,CAAC,aAAa,CAAC,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,mCAAc,CAAC,MAAM,CAAC;IAC/B,CAAC;IAES,KAAK,CAAC,eAAe,CAC7B,KAAa,EACb,MAAiB;QAEjB,IAAI,MAAM,CAAC,GAAG,KAAK,MAAM,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,SAAoB,CAAC;QACzB,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;gBACrC,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,IAAA,oBAAa,EAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC5D,OAAO,eAAe,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG,CAAC;QAC5C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;gBAC1C,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,SAAS,EAAE,MAAM,CAAC,GAAG;gBACrB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAhDD,8CAgDC;AAED,MAAa,yBAA0B,SAAQ,eAAe;IAG5D,YACE,WAA+B,EAC/B,gBAAwB,EAAE;QAE1B,KAAK,CAAC,aAAa,CAAC,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,mCAAc,CAAC,eAAe,CAAC;IACxC,CAAC;IAES,KAAK,CAAC,eAAe,CAC7B,KAAa,EACb,MAAiB;QAEjB,IAAI,MAAM,CAAC,GAAG,KAAK,MAAM,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,SAAoB,CAAC;QACzB,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;gBACrC,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,IAAA,oBAAa,EAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC5D,OAAO,eAAe,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG,CAAC;QAC5C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;gBAC1C,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,SAAS,EAAE,MAAM,CAAC,GAAG;gBACrB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAvDD,8DAuDC;AAED,MAAa,kBAAmB,SAAQ,eAAe;IACrD,YAAmB,gBAAwB,EAAE;QAC3C,KAAK,CAAC,aAAa,CAAC,CAAC;IACvB,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,mCAAc,CAAC,QAAQ,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,MAAc,EACd,YAA4B;QAE5B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,UAAU,EAAE,WAAW;YACvB,KAAK,EAAE,4BAA4B;SACpC,CAAC;IACJ,CAAC;IAES,KAAK,CAAC,eAAe;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAvBD,gDAuBC;AAED,KAAK,UAAU,sBAAsB,CACnC,SAAoB,EACpB,SAAiB;IAEjB,MAAM,YAAY,GAAG,SAA+C,CAAC;IAErE,IAAI,OAAO,YAAY,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAS,EACzB,YAAqC,EACrC,SAAS,CACV,CAAC;YACF,OAAO,GAAsB,CAAC;QAChC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE;gBACpC,GAAG,EAAE,SAAS,CAAC,GAAG;gBAClB,SAAS;gBACT,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,GAAG,GAAkB,IAAI,CAAC;IAC9B,MAAM,MAAM,GAAG,SAAoC,CAAC;IACpD,IAAI,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;QAC9C,GAAG,GAAG,MAAM,CAAC,cAAc,CAAC;IAC9B,CAAC;SAAM,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;QACnD,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC;IAC5B,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAA,iBAAU,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAC7C,OAAO,GAAsB,CAAC;QAChC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;gBACrC,GAAG,EAAE,SAAS,CAAC,GAAG;gBAClB,SAAS;gBACT,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kCAAkC,EAAE;QAC/C,GAAG,EAAE,SAAS,CAAC,GAAG;QAClB,SAAS;KACV,CAAC,CAAC;IACH,OAAO,IAAI,CAAC;AACd,CAAC;AAQD,SAAgB,iBAAiB,CAC/B,OAAiC;IAEjC,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,aAAa,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;IAEnE,QAAQ,aAAa,EAAE,CAAC;QACtB,KAAK,mCAAc,CAAC,MAAM;YACxB,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YACD,OAAO,IAAI,iBAAiB,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QAC3D,KAAK,mCAAc,CAAC,eAAe;YACjC,OAAO,IAAI,yBAAyB,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QACnE,KAAK,mCAAc,CAAC,QAAQ;YAC1B,OAAO,IAAI,kBAAkB,CAAC,aAAa,CAAC,CAAC;QAC/C;YACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,aAAa,EAAE,CAAC,CAAC;IAChE,CAAC;AACH,CAAC"}

package/dist/cjs/naylence/fame/stickiness/index.js ADDED Viewed

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AFT_REPLICA_FACTORY_META = exports.AFTReplicaStickinessManagerFactory = exports.createAftReplicaStickinessManager = exports.AFTReplicaStickinessManager = exports.AFT_LOAD_BALANCER_FACTORY_META = exports.AFTLoadBalancerStickinessManagerFactory = exports.AFTLoadBalancerStickinessManager = exports.SidOnlyAFTVerifier = exports.SignedOptionalAFTVerifier = exports.StrictAFTVerifier = exports.createAftVerifier = exports.DEFAULT_STICKINESS_SECURITY_LEVEL = exports.createAftHelper = exports.AFTHelper = exports.NoAFTSigner = exports.SignedAFTSigner = exports.UnsignedAFTSigner = exports.createAftSigner = exports.utf8Decode = exports.base64UrlDecode = exports.base64UrlEncode = exports.serializeAftHeader = exports.serializeAftClaims = exports.createAftPayload = exports.normalizeStickinessMode = exports.StickinessMode = void 0;
+var stickiness_mode_js_1 = require("./stickiness-mode.js");
+Object.defineProperty(exports, "StickinessMode", { enumerable: true, get: function () { return stickiness_mode_js_1.StickinessMode; } });
+Object.defineProperty(exports, "normalizeStickinessMode", { enumerable: true, get: function () { return stickiness_mode_js_1.normalizeStickinessMode; } });
+var aft_model_js_1 = require("./aft-model.js");
+Object.defineProperty(exports, "createAftPayload", { enumerable: true, get: function () { return aft_model_js_1.createAftPayload; } });
+Object.defineProperty(exports, "serializeAftClaims", { enumerable: true, get: function () { return aft_model_js_1.serializeAftClaims; } });
+Object.defineProperty(exports, "serializeAftHeader", { enumerable: true, get: function () { return aft_model_js_1.serializeAftHeader; } });
+var aft_utils_js_1 = require("./aft-utils.js");
+Object.defineProperty(exports, "base64UrlEncode", { enumerable: true, get: function () { return aft_utils_js_1.base64UrlEncode; } });
+Object.defineProperty(exports, "base64UrlDecode", { enumerable: true, get: function () { return aft_utils_js_1.base64UrlDecode; } });
+Object.defineProperty(exports, "utf8Decode", { enumerable: true, get: function () { return aft_utils_js_1.utf8Decode; } });
+var aft_signer_js_1 = require("./aft-signer.js");
+Object.defineProperty(exports, "createAftSigner", { enumerable: true, get: function () { return aft_signer_js_1.createAftSigner; } });
+Object.defineProperty(exports, "UnsignedAFTSigner", { enumerable: true, get: function () { return aft_signer_js_1.UnsignedAFTSigner; } });
+Object.defineProperty(exports, "SignedAFTSigner", { enumerable: true, get: function () { return aft_signer_js_1.SignedAFTSigner; } });
+Object.defineProperty(exports, "NoAFTSigner", { enumerable: true, get: function () { return aft_signer_js_1.NoAFTSigner; } });
+var aft_helper_js_1 = require("./aft-helper.js");
+Object.defineProperty(exports, "AFTHelper", { enumerable: true, get: function () { return aft_helper_js_1.AFTHelper; } });
+Object.defineProperty(exports, "createAftHelper", { enumerable: true, get: function () { return aft_helper_js_1.createAftHelper; } });
+Object.defineProperty(exports, "DEFAULT_STICKINESS_SECURITY_LEVEL", { enumerable: true, get: function () { return aft_helper_js_1.DEFAULT_STICKINESS_SECURITY_LEVEL; } });
+var aft_verifier_js_1 = require("./aft-verifier.js");
+Object.defineProperty(exports, "createAftVerifier", { enumerable: true, get: function () { return aft_verifier_js_1.createAftVerifier; } });
+Object.defineProperty(exports, "StrictAFTVerifier", { enumerable: true, get: function () { return aft_verifier_js_1.StrictAFTVerifier; } });
+Object.defineProperty(exports, "SignedOptionalAFTVerifier", { enumerable: true, get: function () { return aft_verifier_js_1.SignedOptionalAFTVerifier; } });
+Object.defineProperty(exports, "SidOnlyAFTVerifier", { enumerable: true, get: function () { return aft_verifier_js_1.SidOnlyAFTVerifier; } });
+var aft_load_balancer_stickiness_manager_js_1 = require("./aft-load-balancer-stickiness-manager.js");
+Object.defineProperty(exports, "AFTLoadBalancerStickinessManager", { enumerable: true, get: function () { return aft_load_balancer_stickiness_manager_js_1.AFTLoadBalancerStickinessManager; } });
+var aft_load_balancer_stickiness_manager_factory_js_1 = require("./aft-load-balancer-stickiness-manager-factory.js");
+Object.defineProperty(exports, "AFTLoadBalancerStickinessManagerFactory", { enumerable: true, get: function () { return aft_load_balancer_stickiness_manager_factory_js_1.AFTLoadBalancerStickinessManagerFactory; } });
+Object.defineProperty(exports, "AFT_LOAD_BALANCER_FACTORY_META", { enumerable: true, get: function () { return aft_load_balancer_stickiness_manager_factory_js_1.FACTORY_META; } });
+var aft_replica_stickiness_manager_js_1 = require("./aft-replica-stickiness-manager.js");
+Object.defineProperty(exports, "AFTReplicaStickinessManager", { enumerable: true, get: function () { return aft_replica_stickiness_manager_js_1.AFTReplicaStickinessManager; } });
+Object.defineProperty(exports, "createAftReplicaStickinessManager", { enumerable: true, get: function () { return aft_replica_stickiness_manager_js_1.createAftReplicaStickinessManager; } });
+var aft_replica_stickiness_manager_factory_js_1 = require("./aft-replica-stickiness-manager-factory.js");
+Object.defineProperty(exports, "AFTReplicaStickinessManagerFactory", { enumerable: true, get: function () { return aft_replica_stickiness_manager_factory_js_1.AFTReplicaStickinessManagerFactory; } });
+Object.defineProperty(exports, "AFT_REPLICA_FACTORY_META", { enumerable: true, get: function () { return aft_replica_stickiness_manager_factory_js_1.FACTORY_META; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/naylence/fame/stickiness/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/index.ts"],"names":[],"mappings":";;;AAAA,2DAA+E;AAAtE,oHAAA,cAAc,OAAA;AAAE,6HAAA,uBAAuB,OAAA;AAEhD,+CAIwB;AAHtB,gHAAA,gBAAgB,OAAA;AAChB,kHAAA,kBAAkB,OAAA;AAClB,kHAAA,kBAAkB,OAAA;AAEpB,+CAA8E;AAArE,+GAAA,eAAe,OAAA;AAAE,+GAAA,eAAe,OAAA;AAAE,0GAAA,UAAU,OAAA;AAErD,iDAKyB;AAJvB,gHAAA,eAAe,OAAA;AACf,kHAAA,iBAAiB,OAAA;AACjB,gHAAA,eAAe,OAAA;AACf,4GAAA,WAAW,OAAA;AAGb,iDAIyB;AAHvB,0GAAA,SAAS,OAAA;AACT,gHAAA,eAAe,OAAA;AACf,kIAAA,iCAAiC,OAAA;AAGnC,qDAK2B;AAJzB,oHAAA,iBAAiB,OAAA;AACjB,oHAAA,iBAAiB,OAAA;AACjB,4HAAA,yBAAyB,OAAA;AACzB,qHAAA,kBAAkB,OAAA;AAEpB,qGAA6F;AAApF,2JAAA,gCAAgC,OAAA;AACzC,qHAG2D;AAFzD,0KAAA,uCAAuC,OAAA;AACvC,iKAAA,YAAY,OAAkC;AAEhD,yFAG6C;AAF3C,gJAAA,2BAA2B,OAAA;AAC3B,sJAAA,iCAAiC,OAAA;AAEnC,yGAGqD;AAFnD,+JAAA,kCAAkC,OAAA;AAClC,qJAAA,YAAY,OAA4B"}

package/dist/cjs/naylence/fame/stickiness/stickiness-mode.js ADDED Viewed

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.StickinessMode = void 0;
+exports.normalizeStickinessMode = normalizeStickinessMode;
+var StickinessMode;
+(function (StickinessMode) {
+    StickinessMode["STRICT"] = "strict";
+    StickinessMode["SIGNED_OPTIONAL"] = "signed-optional";
+    StickinessMode["SID_ONLY"] = "sid-only";
+})(StickinessMode || (exports.StickinessMode = StickinessMode = {}));
+function normalizeStickinessMode(value) {
+    switch (value) {
+        case StickinessMode.STRICT:
+        case "strict":
+            return StickinessMode.STRICT;
+        case StickinessMode.SIGNED_OPTIONAL:
+        case "signed-optional":
+        case "signed_optional":
+            return StickinessMode.SIGNED_OPTIONAL;
+        case StickinessMode.SID_ONLY:
+        case "sid-only":
+        case "sid_only":
+            return StickinessMode.SID_ONLY;
+        default:
+            throw new Error(`Unknown stickiness mode: ${value}`);
+    }
+}
+//# sourceMappingURL=stickiness-mode.js.map

package/dist/cjs/naylence/fame/stickiness/stickiness-mode.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"stickiness-mode.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/stickiness-mode.ts"],"names":[],"mappings":";;;AAMA,0DAkBC;AAxBD,IAAY,cAIX;AAJD,WAAY,cAAc;IACxB,mCAAiB,CAAA;IACjB,qDAAmC,CAAA;IACnC,uCAAqB,CAAA;AACvB,CAAC,EAJW,cAAc,8BAAd,cAAc,QAIzB;AAED,SAAgB,uBAAuB,CACrC,KAA8B;IAE9B,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,cAAc,CAAC,MAAM,CAAC;QAC3B,KAAK,QAAQ;YACX,OAAO,cAAc,CAAC,MAAM,CAAC;QAC/B,KAAK,cAAc,CAAC,eAAe,CAAC;QACpC,KAAK,iBAAiB,CAAC;QACvB,KAAK,iBAAiB;YACpB,OAAO,cAAc,CAAC,eAAe,CAAC;QACxC,KAAK,cAAc,CAAC,QAAQ,CAAC;QAC7B,KAAK,UAAU,CAAC;QAChB,KAAK,UAAU;YACb,OAAO,cAAc,CAAC,QAAQ,CAAC;QACjC;YACE,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC"}

package/dist/cjs/naylence/fame/welcome/advanced-welcome-service-factory.js ADDED Viewed

@@ -0,0 +1,97 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AdvancedWelcomeServiceFactory = exports.FACTORY_META = void 0;
+const runtime_1 = require("@naylence/runtime");
+const advanced_welcome_service_js_1 = require("./advanced-welcome-service.js");
+exports.FACTORY_META = {
+    base: runtime_1.WELCOME_SERVICE_FACTORY_BASE_TYPE,
+    key: "AdvancedWelcomeService",
+    priority: 100,
+    isDefault: true,
+};
+class AdvancedWelcomeServiceFactory extends runtime_1.WelcomeServiceFactory {
+    constructor() {
+        super(...arguments);
+        this.type = exports.FACTORY_META.key;
+        this.isDefault = exports.FACTORY_META.isDefault;
+        this.priority = exports.FACTORY_META.priority;
+    }
+    async create(config, ...factoryArgs) {
+        const normalized = normalizeConfig(config);
+        // Crypto provider should be passed from upstream (node-welcome-server)
+        // Do not create it here - downstream components should use what's passed in factoryArgs
+        const placementStrategy = await runtime_1.NodePlacementStrategyFactory.createNodePlacementStrategy(normalized.placementConfig ?? null, factoryArgs.length > 0 ? { factoryArgs } : undefined);
+        const transportProvisioner = await runtime_1.TransportProvisionerFactory.createTransportProvisioner(normalized.transportConfig ?? null, factoryArgs.length > 0 ? { factoryArgs } : undefined);
+        const tokenIssuer = await runtime_1.TokenIssuerFactory.createTokenIssuer(normalized.tokenIssuerConfig ?? null, factoryArgs.length > 0 ? { factoryArgs } : undefined);
+        let authorizer = null;
+        if (normalized.authorizerConfig) {
+            authorizer =
+                (await runtime_1.AuthorizerFactory.createAuthorizer(normalized.authorizerConfig, {
+                    factoryArgs,
+                })) ?? null;
+        }
+        const options = {
+            placementStrategy,
+            transportProvisioner,
+            tokenIssuer,
+            authorizer,
+            caServiceUrl: normalized.caServiceUrl,
+        };
+        if (normalized.ttlSec !== undefined) {
+            options.ttlSec = normalized.ttlSec;
+        }
+        return new advanced_welcome_service_js_1.AdvancedWelcomeService(options);
+    }
+}
+exports.AdvancedWelcomeServiceFactory = AdvancedWelcomeServiceFactory;
+function normalizeConfig(config) {
+    if (!config) {
+        throw new Error("AdvancedWelcomeService requires configuration");
+    }
+    const source = config;
+    const ttlCandidate = typeof source.ttlSec === "number"
+        ? source.ttlSec
+        : typeof source.ttl_sec === "number"
+            ? source.ttl_sec
+            : undefined;
+    const caServiceUrlCandidate = typeof source.caServiceUrl === "string" &&
+        source.caServiceUrl.trim().length > 0
+        ? source.caServiceUrl.trim()
+        : typeof source.ca_service_url === "string" &&
+            source.ca_service_url.trim().length > 0
+            ? source.ca_service_url.trim()
+            : undefined;
+    if (!caServiceUrlCandidate) {
+        throw new Error("AdvancedWelcomeService configuration requires caServiceUrl");
+    }
+    const normalized = {
+        caServiceUrl: caServiceUrlCandidate,
+    };
+    if (source.placement !== undefined) {
+        normalized.placementConfig =
+            source.placement ?? null;
+    }
+    if (source.transport !== undefined) {
+        normalized.transportConfig =
+            source.transport ?? null;
+    }
+    const tokenIssuerConfig = source.tokenIssuer !== undefined
+        ? source.tokenIssuer
+        : source.token_issuer !== undefined
+            ? source.token_issuer
+            : undefined;
+    if (tokenIssuerConfig !== undefined) {
+        normalized.tokenIssuerConfig =
+            tokenIssuerConfig ?? null;
+    }
+    if (source.authorizer !== undefined) {
+        normalized.authorizerConfig =
+            source.authorizer ?? null;
+    }
+    if (ttlCandidate !== undefined && Number.isFinite(ttlCandidate)) {
+        normalized.ttlSec = ttlCandidate;
+    }
+    return normalized;
+}
+exports.default = AdvancedWelcomeServiceFactory;
+//# sourceMappingURL=advanced-welcome-service-factory.js.map

package/dist/cjs/naylence/fame/welcome/advanced-welcome-service-factory.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"advanced-welcome-service-factory.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/welcome/advanced-welcome-service-factory.ts"],"names":[],"mappings":";;;AAOA,+CAQ2B;AAE3B,+EAGuC;AAkB1B,QAAA,YAAY,GAAG;IAC1B,IAAI,EAAE,2CAAiC;IACvC,GAAG,EAAE,wBAAwB;IAC7B,QAAQ,EAAE,GAAG;IACb,SAAS,EAAE,IAAI;CACP,CAAC;AAEX,MAAa,6BAA8B,SAAQ,+BAAmD;IAAtG;;QACkB,SAAI,GAAG,oBAAY,CAAC,GAAG,CAAC;QACxB,cAAS,GAAG,oBAAY,CAAC,SAAS,CAAC;QACnC,aAAQ,GAAG,oBAAY,CAAC,QAAQ,CAAC;IAkDnD,CAAC;IAhDQ,KAAK,CAAC,MAAM,CACjB,MAAsE,EACtE,GAAG,WAAsB;QAEzB,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAE3C,uEAAuE;QACvE,wFAAwF;QAExF,MAAM,iBAAiB,GACrB,MAAM,sCAA4B,CAAC,2BAA2B,CAC5D,UAAU,CAAC,eAAe,IAAI,IAAI,EAClC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;QAEJ,MAAM,oBAAoB,GACxB,MAAM,qCAA2B,CAAC,0BAA0B,CAC1D,UAAU,CAAC,eAAe,IAAI,IAAI,EAClC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;QAEJ,MAAM,WAAW,GAAG,MAAM,4BAAkB,CAAC,iBAAiB,CAC5D,UAAU,CAAC,iBAAiB,IAAI,IAAI,EACpC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;QAEF,IAAI,UAAU,GAAG,IAAI,CAAC;QACtB,IAAI,UAAU,CAAC,gBAAgB,EAAE,CAAC;YAChC,UAAU;gBACR,CAAC,MAAM,2BAAiB,CAAC,gBAAgB,CAAC,UAAU,CAAC,gBAAgB,EAAE;oBACrE,WAAW;iBACZ,CAAC,CAAC,IAAI,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,OAAO,GAAkC;YAC7C,iBAAiB;YACjB,oBAAoB;YACpB,WAAW;YACX,UAAU;YACV,YAAY,EAAE,UAAU,CAAC,YAAY;SACtC,CAAC;QAEF,IAAI,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;QACrC,CAAC;QAED,OAAO,IAAI,oDAAsB,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC;CACF;AArDD,sEAqDC;AAED,SAAS,eAAe,CACtB,MAAsE;IAEtE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,MAAM,GAAG,MACU,CAAC;IAE1B,MAAM,YAAY,GAChB,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ;QAC/B,CAAC,CAAC,MAAM,CAAC,MAAM;QACf,CAAC,CAAC,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ;YAClC,CAAC,CAAC,MAAM,CAAC,OAAO;YAChB,CAAC,CAAC,SAAS,CAAC;IAElB,MAAM,qBAAqB,GACzB,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ;QACvC,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QACnC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE;QAC5B,CAAC,CAAC,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ;YACvC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;YACzC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE;YAC9B,CAAC,CAAC,SAAS,CAAC;IAElB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,4DAA4D,CAC7D,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAoC;QAClD,YAAY,EAAE,qBAAqB;KACpC,CAAC;IAEF,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACnC,UAAU,CAAC,eAAe;YACvB,MAAM,CAAC,SAGC,IAAI,IAAI,CAAC;IACtB,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACnC,UAAU,CAAC,eAAe;YACvB,MAAM,CAAC,SAGC,IAAI,IAAI,CAAC;IACtB,CAAC;IAED,MAAM,iBAAiB,GACrB,MAAM,CAAC,WAAW,KAAK,SAAS;QAC9B,CAAC,CAAC,MAAM,CAAC,WAAW;QACpB,CAAC,CAAC,MAAM,CAAC,YAAY,KAAK,SAAS;YACjC,CAAC,CAAC,MAAM,CAAC,YAAY;YACrB,CAAC,CAAC,SAAS,CAAC;IAElB,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;QACpC,UAAU,CAAC,iBAAiB;YACzB,iBAGQ,IAAI,IAAI,CAAC;IACtB,CAAC;IAED,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACpC,UAAU,CAAC,gBAAgB;YACxB,MAAM,CAAC,UAGC,IAAI,IAAI,CAAC;IACtB,CAAC;IAED,IAAI,YAAY,KAAK,SAAS,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAChE,UAAU,CAAC,MAAM,GAAG,YAAY,CAAC;IACnC,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,kBAAe,6BAA6B,CAAC"}