@opensaas/stack-auth 0.1.0

package/README.md

@@ -0,0 +1,445 @@
+# @opensaas/stack-auth
+
+Better-auth integration for OpenSaas Stack - Add authentication to your app in minutes.
+
+## Features
+
+- **Auto-generated Auth Tables** - User, Session, Account, and Verification lists created automatically
+- **Session Integration** - Seamless integration with OpenSaas access control system
+- **Pre-built UI Components** - Sign in, sign up, and forgot password forms ready to use
+- **Multiple Auth Methods** - Email/password, OAuth providers (GitHub, Google, etc.)
+- **Email Verification** - Built-in email verification support
+- **Password Reset** - Forgot password flow included
+- **Type-Safe** - Full TypeScript support with automatic type generation
+- **Configurable Sessions** - Choose which user fields to include in session
+
+## Installation
+
+```bash
+pnpm add @opensaas/stack-auth better-auth
+```
+
+## Quick Start
+
+### 1. Update Your Config
+
+Wrap your OpenSaas config with `withAuth()`:
+
+```typescript
+// opensaas.config.ts
+import { config } from '@opensaas/stack-core'
+import { withAuth, authConfig } from '@opensaas/stack-auth'
+
+export default withAuth(
+  config({
+    db: {
+      provider: 'sqlite',
+      url: process.env.DATABASE_URL || 'file:./dev.db',
+    },
+    lists: {
+      // Your custom lists here
+    },
+  }),
+  authConfig({
+    emailAndPassword: { enabled: true },
+    emailVerification: { enabled: true },
+    passwordReset: { enabled: true },
+    sessionFields: ['userId', 'email', 'name'],
+  }),
+)
+```
+
+### 2. Generate Schema and Push to Database
+
+```bash
+pnpm generate  # Generates Prisma schema with auth tables
+pnpm db:push   # Push schema to database
+```
+
+### 3. Create Auth Server Instance
+
+```typescript
+// lib/auth.ts
+import { createAuth } from '@opensaas/stack-auth/server'
+import config from '../opensaas.config'
+
+export const auth = createAuth(config)
+
+// Export auth API for route handlers
+export const GET = auth.handler
+export const POST = auth.handler
+```
+
+### 4. Set Up Auth Route
+
+```typescript
+// app/api/auth/[...all]/route.ts
+export { GET, POST } from '@/lib/auth'
+```
+
+### 5. Create Auth Client
+
+```typescript
+// lib/auth-client.ts
+'use client'
+
+import { createClient } from '@opensaas/stack-auth/client'
+
+export const authClient = createClient({
+  baseURL: process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000',
+})
+```
+
+### 6. Add Sign In Page
+
+```typescript
+// app/sign-in/page.tsx
+import { SignInForm } from '@opensaas/stack-auth/ui'
+import { authClient } from '@/lib/auth-client'
+
+export default function SignInPage() {
+  return (
+    <div className="min-h-screen flex items-center justify-center">
+      <SignInForm authClient={authClient} redirectTo="/admin" />
+    </div>
+  )
+}
+```
+
+### 7. Use Session in Access Control
+
+Sessions are now automatically available in your access control functions:
+
+```typescript
+// opensaas.config.ts
+import { withAuth, authConfig } from '@opensaas/stack-auth'
+
+export default withAuth(
+  config({
+    lists: {
+      Post: list({
+        fields: { title: text(), content: text() },
+        access: {
+          operation: {
+            // Session is automatically populated from better-auth
+            create: ({ session }) => !!session,
+            update: ({ session, item }) => {
+              if (!session) return false
+              return { authorId: { equals: session.userId } }
+            },
+          },
+        },
+      }),
+    },
+  }),
+  authConfig({
+    emailAndPassword: { enabled: true },
+    // Session will contain: { userId, email, name }
+    sessionFields: ['userId', 'email', 'name'],
+  }),
+)
+```
+
+## Configuration
+
+### Auth Config Options
+
+```typescript
+authConfig({
+  // Email/password authentication
+  emailAndPassword: {
+    enabled: true,
+    minPasswordLength: 8,
+    requireConfirmation: true,
+  },
+
+  // Email verification
+  emailVerification: {
+    enabled: true,
+    sendOnSignUp: true,
+    tokenExpiration: 86400, // 24 hours in seconds
+  },
+
+  // Password reset
+  passwordReset: {
+    enabled: true,
+    tokenExpiration: 3600, // 1 hour in seconds
+  },
+
+  // OAuth providers
+  socialProviders: {
+    github: {
+      clientId: process.env.GITHUB_CLIENT_ID!,
+      clientSecret: process.env.GITHUB_CLIENT_SECRET!,
+    },
+    google: {
+      clientId: process.env.GOOGLE_CLIENT_ID!,
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
+    },
+  },
+
+  // Session configuration
+  session: {
+    expiresIn: 604800, // 7 days in seconds
+    updateAge: true, // Refresh session on each request
+  },
+
+  // Fields to include in session object
+  sessionFields: ['userId', 'email', 'name', 'role'],
+
+  // Extend User list with custom fields
+  extendUserList: {
+    fields: {
+      role: text({ defaultValue: 'user' }),
+      company: text(),
+    },
+  },
+
+  // Custom email sending function
+  sendEmail: async ({ to, subject, html }) => {
+    await yourEmailService.send({ to, subject, html })
+  },
+})
+```
+
+## UI Components
+
+### SignInForm
+
+```typescript
+import { SignInForm } from '@opensaas/stack-auth/ui'
+import { authClient } from '@/lib/auth-client'
+
+<SignInForm
+  authClient={authClient}
+  redirectTo="/dashboard"
+  showSocialProviders={true}
+  socialProviders={['github', 'google']}
+  onSuccess={() => console.log('Signed in!')}
+  onError={(error) => console.error(error)}
+/>
+```
+
+### SignUpForm
+
+```typescript
+import { SignUpForm } from '@opensaas/stack-auth/ui'
+import { authClient } from '@/lib/auth-client'
+
+<SignUpForm
+  authClient={authClient}
+  redirectTo="/dashboard"
+  requirePasswordConfirmation={true}
+  onSuccess={() => console.log('Account created!')}
+/>
+```
+
+### ForgotPasswordForm
+
+```typescript
+import { ForgotPasswordForm } from '@opensaas/stack-auth/ui'
+import { authClient } from '@/lib/auth-client'
+
+<ForgotPasswordForm
+  authClient={authClient}
+  onSuccess={() => console.log('Reset email sent!')}
+/>
+```
+
+## Auto-Generated Lists
+
+The following lists are automatically created when you use `withAuth()`:
+
+### User
+
+```typescript
+{
+  id: string
+  name: string
+  email: string (unique)
+  emailVerified: boolean
+  image?: string
+  sessions: Session[] (relationship)
+  accounts: Account[] (relationship)
+  createdAt: Date
+  updatedAt: Date
+  // Plus any custom fields you add via extendUserList
+}
+```
+
+### Session
+
+```typescript
+{
+  id: string
+  token: string (unique)
+  userId: string
+  expiresAt: Date
+  ipAddress?: string
+  userAgent?: string
+  user: User (relationship)
+  createdAt: Date
+  updatedAt: Date
+}
+```
+
+### Account
+
+```typescript
+{
+  id: string
+  userId: string
+  accountId: string
+  providerId: string ('github', 'google', 'credentials', etc.)
+  accessToken?: string
+  refreshToken?: string
+  accessTokenExpiresAt?: Date
+  refreshTokenExpiresAt?: Date
+  scope?: string
+  idToken?: string
+  password?: string
+  user: User (relationship)
+  createdAt: Date
+  updatedAt: Date
+}
+```
+
+### Verification
+
+```typescript
+{
+  id: string
+  identifier: string (e.g., email address)
+  value: string (token)
+  expiresAt: Date
+  createdAt: Date
+  updatedAt: Date
+}
+```
+
+## Extending the User List
+
+Add custom fields to the User model:
+
+```typescript
+authConfig({
+  extendUserList: {
+    fields: {
+      role: select({
+        options: [
+          { label: 'User', value: 'user' },
+          { label: 'Admin', value: 'admin' },
+        ],
+        defaultValue: 'user',
+      }),
+      company: text(),
+      phoneNumber: text(),
+    },
+    // Optionally override access control
+    access: {
+      operation: {
+        query: () => true,
+        create: () => true,
+        update: ({ session, item }) => session?.userId === item?.id,
+        delete: ({ session }) => session?.role === 'admin',
+      },
+    },
+  },
+})
+```
+
+## Session Fields
+
+Control which user fields are included in the session object:
+
+```typescript
+authConfig({
+  sessionFields: ['userId', 'email', 'name', 'role'],
+})
+
+// Now in access control:
+access: {
+  operation: {
+    create: ({ session }) => {
+      console.log(session) // { userId, email, name, role }
+      return session?.role === 'admin'
+    }
+  }
+}
+```
+
+## Client-Side Hooks
+
+Use better-auth hooks in your React components:
+
+```typescript
+'use client'
+
+import { authClient } from '@/lib/auth-client'
+
+function MyComponent() {
+  const { data: session, isPending } = authClient.useSession()
+
+  if (isPending) return <div>Loading...</div>
+
+  if (!session) return <div>Not signed in</div>
+
+  return <div>Welcome, {session.user.name}!</div>
+}
+```
+
+## Server-Side Session
+
+Access the session in server components or actions:
+
+```typescript
+import { getContext } from '@/.opensaas/context'
+
+async function myServerAction() {
+  const context = getContext()
+
+  if (!context.session) {
+    throw new Error('Not authenticated')
+  }
+
+  // Session contains fields you specified in sessionFields
+  console.log(context.session) // { userId, email, name }
+
+  // Use context.db with access control
+  const posts = await context.db.post.findMany()
+}
+```
+
+## Environment Variables
+
+```bash
+# .env
+DATABASE_URL=file:./dev.db
+
+# OAuth providers (optional)
+GITHUB_CLIENT_ID=your_github_client_id
+GITHUB_CLIENT_SECRET=your_github_client_secret
+GOOGLE_CLIENT_ID=your_google_client_id
+GOOGLE_CLIENT_SECRET=your_google_client_secret
+
+# Better-auth
+BETTER_AUTH_SECRET=your_secret_key  # Generate with: openssl rand -base64 32
+BETTER_AUTH_URL=http://localhost:3000
+NEXT_PUBLIC_APP_URL=http://localhost:3000
+```
+
+## Examples
+
+See `examples/auth-demo` for a complete working example.
+
+## How It Works
+
+1. **withAuth()** merges auth lists (User, Session, Account, Verification) with your config
+2. **Generator** creates Prisma schema with all auth tables
+3. **Session Provider** uses better-auth to get current session
+4. **Context** includes session automatically in all access control functions
+5. **UI Components** provide ready-to-use auth forms
+
+## License
+
+MIT

package/dist/client/index.d.ts

@@ -0,0 +1,38 @@
+import { createAuthClient } from 'better-auth/react';
+import type { Session } from 'better-auth/types';
+/**
+ * Create a better-auth client for use in React components
+ * This should be called once and the result exported
+ *
+ * @example
+ * ```typescript
+ * // lib/auth-client.ts
+ * 'use client'
+ * import { createClient } from '@opensaas/stack-auth/client'
+ *
+ * export const authClient = createClient({
+ *   baseURL: process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000'
+ * })
+ * ```
+ */
+export declare function createClient(options: {
+    baseURL: string;
+}): ReturnType<typeof createAuthClient>;
+/**
+ * Re-export useful types from better-auth
+ */
+export type { Session };
+/**
+ * Note: React hooks (useSession, etc.) are accessed from the client instance
+ *
+ * @example
+ * ```typescript
+ * import { authClient } from '@/lib/auth-client'
+ *
+ * function MyComponent() {
+ *   const { data: session } = authClient.useSession()
+ *   // ...
+ * }
+ * ```
+ */
+//# sourceMappingURL=index.d.ts.map

package/dist/client/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AACpD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAA;AAEhD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,UAAU,CAAC,OAAO,gBAAgB,CAAC,CAI9F;AAED;;GAEG;AACH,YAAY,EAAE,OAAO,EAAE,CAAA;AAEvB;;;;;;;;;;;;GAYG"}

package/dist/client/index.js

@@ -0,0 +1,23 @@
+'use client';
+import { createAuthClient } from 'better-auth/react';
+/**
+ * Create a better-auth client for use in React components
+ * This should be called once and the result exported
+ *
+ * @example
+ * ```typescript
+ * // lib/auth-client.ts
+ * 'use client'
+ * import { createClient } from '@opensaas/stack-auth/client'
+ *
+ * export const authClient = createClient({
+ *   baseURL: process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000'
+ * })
+ * ```
+ */
+export function createClient(options) {
+    return createAuthClient({
+        baseURL: options.baseURL,
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/client/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,YAAY,CAAA;AAEZ,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AAGpD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,YAAY,CAAC,OAA4B;IACvD,OAAO,gBAAgB,CAAC;QACtB,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC,CAAA;AACJ,CAAC"}

package/dist/config/index.d.ts

@@ -0,0 +1,50 @@
+import type { OpenSaasConfig } from '@opensaas/stack-core';
+import type { AuthConfig, NormalizedAuthConfig } from './types.js';
+/**
+ * Normalize auth configuration with defaults
+ */
+export declare function normalizeAuthConfig(config: AuthConfig): NormalizedAuthConfig;
+/**
+ * Auth configuration builder
+ * Use this to create an auth configuration object
+ *
+ * @example
+ * ```typescript
+ * import { authConfig } from '@opensaas/stack-auth'
+ *
+ * const auth = authConfig({
+ *   emailAndPassword: { enabled: true },
+ *   emailVerification: { enabled: true },
+ *   socialProviders: {
+ *     github: { clientId: '...', clientSecret: '...' }
+ *   }
+ * })
+ * ```
+ */
+export declare function authConfig(config: AuthConfig): AuthConfig;
+/**
+ * Wrap an OpenSaas config with better-auth integration
+ * This merges the auth lists into the user's config and sets up session handling
+ *
+ * @example
+ * ```typescript
+ * import { config } from '@opensaas/stack-core'
+ * import { withAuth, authConfig } from '@opensaas/stack-auth'
+ *
+ * export default withAuth(
+ *   config({
+ *     db: { provider: 'sqlite', url: 'file:./dev.db' },
+ *     lists: {
+ *       Post: list({ ... })
+ *     }
+ *   }),
+ *   authConfig({
+ *     emailAndPassword: { enabled: true }
+ *   })
+ * )
+ * ```
+ */
+export declare function withAuth(opensaasConfig: OpenSaasConfig, authConfig: AuthConfig): OpenSaasConfig;
+export type { AuthConfig, NormalizedAuthConfig };
+export * from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/config/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAC1D,OAAO,KAAK,EACV,UAAU,EACV,oBAAoB,EAIrB,MAAM,YAAY,CAAA;AAGnB;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,UAAU,GAAG,oBAAoB,CAuD5E;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,UAAU,GAAG,UAAU,CAEzD;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,QAAQ,CAAC,cAAc,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,GAAG,cAAc,CAuB/F;AAED,YAAY,EAAE,UAAU,EAAE,oBAAoB,EAAE,CAAA;AAChD,cAAc,YAAY,CAAA"}

package/dist/config/index.js

@@ -0,0 +1,115 @@
+import { getAuthLists } from '../lists/index.js';
+/**
+ * Normalize auth configuration with defaults
+ */
+export function normalizeAuthConfig(config) {
+    // Email and password defaults
+    const emailAndPassword = config.emailAndPassword?.enabled
+        ? {
+            enabled: true,
+            minPasswordLength: config.emailAndPassword.minPasswordLength ?? 8,
+            requireConfirmation: config.emailAndPassword.requireConfirmation ?? true,
+        }
+        : { enabled: false, minPasswordLength: 8, requireConfirmation: true };
+    // Email verification defaults
+    const emailVerification = config.emailVerification?.enabled
+        ? {
+            enabled: true,
+            sendOnSignUp: config.emailVerification.sendOnSignUp ?? true,
+            tokenExpiration: config.emailVerification.tokenExpiration ?? 86400,
+        }
+        : { enabled: false, sendOnSignUp: true, tokenExpiration: 86400 };
+    // Password reset defaults
+    const passwordReset = config.passwordReset?.enabled
+        ? {
+            enabled: true,
+            tokenExpiration: config.passwordReset.tokenExpiration ?? 3600,
+        }
+        : { enabled: false, tokenExpiration: 3600 };
+    // Session defaults
+    const session = {
+        expiresIn: config.session?.expiresIn || 604800, // 7 days
+        updateAge: config.session?.updateAge ?? true,
+    };
+    // Session fields defaults
+    const sessionFields = config.sessionFields || ['userId', 'email', 'name'];
+    return {
+        emailAndPassword,
+        emailVerification,
+        passwordReset,
+        socialProviders: config.socialProviders || {},
+        session,
+        sessionFields,
+        extendUserList: config.extendUserList || {},
+        sendEmail: config.sendEmail ||
+            (async ({ to, subject, html }) => {
+                console.log('[Auth] Email not sent (no sendEmail configured):');
+                console.log(`To: ${to}`);
+                console.log(`Subject: ${subject}`);
+                console.log(`Body: ${html}`);
+            }),
+    };
+}
+/**
+ * Auth configuration builder
+ * Use this to create an auth configuration object
+ *
+ * @example
+ * ```typescript
+ * import { authConfig } from '@opensaas/stack-auth'
+ *
+ * const auth = authConfig({
+ *   emailAndPassword: { enabled: true },
+ *   emailVerification: { enabled: true },
+ *   socialProviders: {
+ *     github: { clientId: '...', clientSecret: '...' }
+ *   }
+ * })
+ * ```
+ */
+export function authConfig(config) {
+    return config;
+}
+/**
+ * Wrap an OpenSaas config with better-auth integration
+ * This merges the auth lists into the user's config and sets up session handling
+ *
+ * @example
+ * ```typescript
+ * import { config } from '@opensaas/stack-core'
+ * import { withAuth, authConfig } from '@opensaas/stack-auth'
+ *
+ * export default withAuth(
+ *   config({
+ *     db: { provider: 'sqlite', url: 'file:./dev.db' },
+ *     lists: {
+ *       Post: list({ ... })
+ *     }
+ *   }),
+ *   authConfig({
+ *     emailAndPassword: { enabled: true }
+ *   })
+ * )
+ * ```
+ */
+export function withAuth(opensaasConfig, authConfig) {
+    const normalized = normalizeAuthConfig(authConfig);
+    // Get auth lists with user extensions
+    const authLists = getAuthLists(normalized.extendUserList);
+    // Merge auth lists with user lists (auth lists take priority)
+    const mergedLists = {
+        ...opensaasConfig.lists,
+        ...authLists,
+    };
+    // Return merged config with auth config attached
+    // Note: Session integration happens in the generator/context
+    const result = {
+        ...opensaasConfig,
+        lists: mergedLists,
+    };
+    // Store auth config for internal use
+    result.__authConfig = normalized;
+    return result;
+}
+export * from './types.js';
+//# sourceMappingURL=index.js.map

package/dist/config/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAEhD;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAkB;IACpD,8BAA8B;IAC9B,MAAM,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,EAAE,OAAO;QACvD,CAAC,CAAC;YACE,OAAO,EAAE,IAAa;YACtB,iBAAiB,EAAG,MAAM,CAAC,gBAAwC,CAAC,iBAAiB,IAAI,CAAC;YAC1F,mBAAmB,EAChB,MAAM,CAAC,gBAAwC,CAAC,mBAAmB,IAAI,IAAI;SAC/E;QACH,CAAC,CAAC,EAAE,OAAO,EAAE,KAAc,EAAE,iBAAiB,EAAE,CAAC,EAAE,mBAAmB,EAAE,IAAI,EAAE,CAAA;IAEhF,8BAA8B;IAC9B,MAAM,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,EAAE,OAAO;QACzD,CAAC,CAAC;YACE,OAAO,EAAE,IAAa;YACtB,YAAY,EAAG,MAAM,CAAC,iBAA6C,CAAC,YAAY,IAAI,IAAI;YACxF,eAAe,EACZ,MAAM,CAAC,iBAA6C,CAAC,eAAe,IAAI,KAAK;SACjF;QACH,CAAC,CAAC,EAAE,OAAO,EAAE,KAAc,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAA;IAE3E,0BAA0B;IAC1B,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,EAAE,OAAO;QACjD,CAAC,CAAC;YACE,OAAO,EAAE,IAAa;YACtB,eAAe,EAAG,MAAM,CAAC,aAAqC,CAAC,eAAe,IAAI,IAAI;SACvF;QACH,CAAC,CAAC,EAAE,OAAO,EAAE,KAAc,EAAE,eAAe,EAAE,IAAI,EAAE,CAAA;IAEtD,mBAAmB;IACnB,MAAM,OAAO,GAAG;QACd,SAAS,EAAE,MAAM,CAAC,OAAO,EAAE,SAAS,IAAI,MAAM,EAAE,SAAS;QACzD,SAAS,EAAE,MAAM,CAAC,OAAO,EAAE,SAAS,IAAI,IAAI;KAC7C,CAAA;IAED,0BAA0B;IAC1B,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAA;IAEzE,OAAO;QACL,gBAAgB;QAChB,iBAAiB;QACjB,aAAa;QACb,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,EAAE;QAC7C,OAAO;QACP,aAAa;QACb,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,EAAE;QAC3C,SAAS,EACP,MAAM,CAAC,SAAS;YAChB,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE;gBAC/B,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAA;gBAC/D,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;gBACxB,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,EAAE,CAAC,CAAA;gBAClC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,CAAA;YAC9B,CAAC,CAAC;KACL,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,UAAU,CAAC,MAAkB;IAC3C,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,QAAQ,CAAC,cAA8B,EAAE,UAAsB;IAC7E,MAAM,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAA;IAElD,sCAAsC;IACtC,MAAM,SAAS,GAAG,YAAY,CAAC,UAAU,CAAC,cAAc,CAAC,CAAA;IAEzD,8DAA8D;IAC9D,MAAM,WAAW,GAAG;QAClB,GAAG,cAAc,CAAC,KAAK;QACvB,GAAG,SAAS;KACb,CAAA;IAED,iDAAiD;IACjD,6DAA6D;IAC7D,MAAM,MAAM,GAA6D;QACvE,GAAG,cAAc;QACjB,KAAK,EAAE,WAAW;KACnB,CAAA;IAED,qCAAqC;IACrC,MAAM,CAAC,YAAY,GAAG,UAAU,CAAA;IAEhC,OAAO,MAAM,CAAA;AACf,CAAC;AAGD,cAAc,YAAY,CAAA"}