@originals/auth 1.8.1 → 1.8.2

package/dist/server/jwt.js

@@ -1,113 +0,0 @@
-/**
- * JWT Authentication Module
- * Implements secure token issuance and validation with HTTP-only cookies
- */
-import jwt from 'jsonwebtoken';
-// 7 days in seconds
-const DEFAULT_JWT_EXPIRES_IN = 7 * 24 * 60 * 60;
-/**
- * Get JWT secret from config or environment
- */
-function getJwtSecret(configSecret) {
-    const secret = configSecret ?? process.env.JWT_SECRET;
-    if (!secret) {
-        throw new Error('JWT_SECRET environment variable is required');
-    }
-    return secret;
-}
-/**
- * Sign a JWT token for a user
- * @param subOrgId - Turnkey sub-organization ID (stable identifier)
- * @param email - User email (metadata)
- * @param sessionToken - Optional Turnkey session token for user authentication
- * @param options - Additional options
- * @returns Signed JWT token string
- */
-export function signToken(subOrgId, email, sessionToken, options) {
-    if (!subOrgId) {
-        throw new Error('Sub-organization ID is required for token signing');
-    }
-    const secret = getJwtSecret(options?.secret);
-    const payload = {
-        sub: subOrgId,
-        email,
-    };
-    if (sessionToken) {
-        payload.sessionToken = sessionToken;
-    }
-    const signOptions = {
-        expiresIn: options?.expiresIn ?? DEFAULT_JWT_EXPIRES_IN,
-        issuer: options?.issuer ?? 'originals-auth',
-        audience: options?.audience ?? 'originals-api',
-    };
-    return jwt.sign(payload, secret, signOptions);
-}
-/**
- * Verify and decode a JWT token
- * @param token - JWT token string
- * @param options - Additional options
- * @returns Decoded token payload
- * @throws Error if token is invalid or expired
- */
-export function verifyToken(token, options) {
-    const secret = getJwtSecret(options?.secret);
-    try {
-        const payload = jwt.verify(token, secret, {
-            issuer: options?.issuer ?? 'originals-auth',
-            audience: options?.audience ?? 'originals-api',
-        });
-        if (!payload.sub) {
-            throw new Error('Token missing sub-organization ID');
-        }
-        return payload;
-    }
-    catch (error) {
-        if (error instanceof jwt.TokenExpiredError) {
-            throw new Error('Token has expired');
-        }
-        if (error instanceof jwt.JsonWebTokenError) {
-            throw new Error('Invalid token');
-        }
-        throw error;
-    }
-}
-/**
- * Generate a secure cookie configuration for authentication tokens
- * @param token - JWT token to set in cookie
- * @param options - Cookie options
- * @returns Cookie configuration object
- */
-export function getAuthCookieConfig(token, options) {
-    const isProduction = process.env.NODE_ENV === 'production';
-    return {
-        name: options?.cookieName ?? 'auth_token',
-        value: token,
-        options: {
-            httpOnly: true, // Cannot be accessed by JavaScript (XSS protection)
-            secure: options?.secure ?? isProduction, // HTTPS only in production
-            sameSite: 'strict', // CSRF protection
-            maxAge: options?.maxAge ?? 7 * 24 * 60 * 60 * 1000, // 7 days in milliseconds
-            path: '/', // Available for all routes
-        },
-    };
-}
-/**
- * Get cookie configuration for logout (clears the auth cookie)
- * @param cookieName - Name of the cookie to clear
- * @returns Cookie configuration for clearing
- */
-export function getClearAuthCookieConfig(cookieName) {
-    const isProduction = process.env.NODE_ENV === 'production';
-    return {
-        name: cookieName ?? 'auth_token',
-        value: '',
-        options: {
-            httpOnly: true,
-            secure: isProduction,
-            sameSite: 'strict',
-            maxAge: 0, // Expire immediately
-            path: '/',
-        },
-    };
-}
-//# sourceMappingURL=jwt.js.map

package/dist/server/jwt.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/server/jwt.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,GAAG,MAAM,cAAc,CAAC;AAG/B,oBAAoB;AACpB,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAEhD;;GAEG;AACH,SAAS,YAAY,CAAC,YAAqB;IACzC,MAAM,MAAM,GAAG,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IACtD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,SAAS,CACvB,QAAgB,EAChB,KAAa,EACb,YAAqB,EACrB,OAKC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAE7C,MAAM,OAAO,GAA4B;QACvC,GAAG,EAAE,QAAQ;QACb,KAAK;KACN,CAAC;IAEF,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC;IACtC,CAAC;IAED,MAAM,WAAW,GAAoB;QACnC,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,sBAAsB;QACvD,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,gBAAgB;QAC3C,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,eAAe;KAC/C,CAAC;IAEF,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;AAChD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CACzB,KAAa,EACb,OAIC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE;YACxC,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,gBAAgB;YAC3C,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,eAAe;SAC/C,CAAiB,CAAC;QAEnB,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,KAAK,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACnC,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,KAAa,EACb,OAIC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IAE3D,OAAO;QACL,IAAI,EAAE,OAAO,EAAE,UAAU,IAAI,YAAY;QACzC,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE;YACP,QAAQ,EAAE,IAAI,EAAE,oDAAoD;YACpE,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,YAAY,EAAE,2BAA2B;YACpE,QAAQ,EAAE,QAAQ,EAAE,kBAAkB;YACtC,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,yBAAyB;YAC7E,IAAI,EAAE,GAAG,EAAE,2BAA2B;SACvC;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,wBAAwB,CAAC,UAAmB;IAC1D,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IAE3D,OAAO;QACL,IAAI,EAAE,UAAU,IAAI,YAAY;QAChC,KAAK,EAAE,EAAE;QACT,OAAO,EAAE;YACP,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,YAAY;YACpB,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,CAAC,EAAE,qBAAqB;YAChC,IAAI,EAAE,GAAG;SACV;KACF,CAAC;AACJ,CAAC"}

package/dist/server/middleware.d.ts

@@ -1,39 +0,0 @@
-/**
- * Express authentication middleware factory
- */
-import type { Request, Response, NextFunction } from 'express';
-import type { AuthMiddlewareOptions } from '../types';
-/**
- * Create an authentication middleware for Express
- *
- * @example
- * ```typescript
- * import { createAuthMiddleware } from '@originals/auth/server';
- *
- * const authenticateUser = createAuthMiddleware({
- *   getUserByTurnkeyId: async (turnkeyId) => {
- *     return db.query.users.findFirst({
- *       where: eq(users.turnkeySubOrgId, turnkeyId)
- *     });
- *   },
- *   createUser: async (turnkeyId, email, temporaryDid) => {
- *     return db.insert(users).values({
- *       turnkeySubOrgId: turnkeyId,
- *       email,
- *       did: temporaryDid,
- *     }).returning().then(rows => rows[0]);
- *   }
- * });
- *
- * app.get('/api/protected', authenticateUser, (req, res) => {
- *   res.json({ user: req.user });
- * });
- * ```
- */
-export declare function createAuthMiddleware(options: AuthMiddlewareOptions): (req: Request, res: Response, next: NextFunction) => Promise<void | Response>;
-/**
- * Optional authentication middleware - doesn't fail if not authenticated
- * Attaches user to request if valid token exists, otherwise continues without user
- */
-export declare function createOptionalAuthMiddleware(options: AuthMiddlewareOptions): (req: Request, res: Response, next: NextFunction) => Promise<void>;
-//# sourceMappingURL=middleware.d.ts.map

package/dist/server/middleware.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/server/middleware.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE/D,OAAO,KAAK,EAAE,qBAAqB,EAAkC,MAAM,UAAU,CAAC;AAEtF;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,qBAAqB,GAC7B,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,GAAG,QAAQ,CAAC,CAsD/E;AAED;;;GAGG;AACH,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,qBAAqB,GAC7B,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAmCpE"}

package/dist/server/middleware.js

@@ -1,112 +0,0 @@
-/**
- * Express authentication middleware factory
- */
-import { verifyToken } from './jwt.js';
-/**
- * Create an authentication middleware for Express
- *
- * @example
- * ```typescript
- * import { createAuthMiddleware } from '@originals/auth/server';
- *
- * const authenticateUser = createAuthMiddleware({
- *   getUserByTurnkeyId: async (turnkeyId) => {
- *     return db.query.users.findFirst({
- *       where: eq(users.turnkeySubOrgId, turnkeyId)
- *     });
- *   },
- *   createUser: async (turnkeyId, email, temporaryDid) => {
- *     return db.insert(users).values({
- *       turnkeySubOrgId: turnkeyId,
- *       email,
- *       did: temporaryDid,
- *     }).returning().then(rows => rows[0]);
- *   }
- * });
- *
- * app.get('/api/protected', authenticateUser, (req, res) => {
- *   res.json({ user: req.user });
- * });
- * ```
- */
-export function createAuthMiddleware(options) {
-    const cookieName = options.cookieName ?? 'auth_token';
-    return async (req, res, next) => {
-        try {
-            // Get JWT token from HTTP-only cookie
-            const cookies = req.cookies;
-            const token = cookies?.[cookieName];
-            if (!token) {
-                return res.status(401).json({ error: 'Not authenticated' });
-            }
-            // Verify JWT token
-            const payload = verifyToken(token, { secret: options.jwtSecret });
-            const turnkeySubOrgId = payload.sub;
-            const email = payload.email;
-            // Check if user already exists
-            let user = await options.getUserByTurnkeyId(turnkeySubOrgId);
-            // If user doesn't exist and createUser is provided, create user
-            if (!user && options.createUser) {
-                console.log(`Creating user record for ${email}...`);
-                // Use temporary DID as placeholder until user creates real DID
-                const temporaryDid = `temp:turnkey:${turnkeySubOrgId}`;
-                user = await options.createUser(turnkeySubOrgId, email, temporaryDid);
-                console.log(`✅ User created: ${email}`);
-                console.log(`   Turnkey sub-org ID: ${turnkeySubOrgId}`);
-                console.log(`   Temporary DID: ${temporaryDid}`);
-            }
-            if (!user) {
-                return res.status(401).json({ error: 'User not found' });
-            }
-            // Add user info to request
-            req.user = {
-                id: user.id,
-                turnkeySubOrgId,
-                email,
-                did: user.did,
-                sessionToken: payload.sessionToken,
-            };
-            next();
-        }
-        catch (error) {
-            console.error('Authentication error:', error);
-            return res.status(401).json({ error: 'Invalid or expired token' });
-        }
-    };
-}
-/**
- * Optional authentication middleware - doesn't fail if not authenticated
- * Attaches user to request if valid token exists, otherwise continues without user
- */
-export function createOptionalAuthMiddleware(options) {
-    const cookieName = options.cookieName ?? 'auth_token';
-    return async (req, res, next) => {
-        try {
-            const cookies = req.cookies;
-            const token = cookies?.[cookieName];
-            if (!token) {
-                next();
-                return;
-            }
-            const payload = verifyToken(token, { secret: options.jwtSecret });
-            const turnkeySubOrgId = payload.sub;
-            const email = payload.email;
-            const user = await options.getUserByTurnkeyId(turnkeySubOrgId);
-            if (user) {
-                req.user = {
-                    id: user.id,
-                    turnkeySubOrgId,
-                    email,
-                    did: user.did,
-                    sessionToken: payload.sessionToken,
-                };
-            }
-            next();
-        }
-        catch {
-            // Token invalid or expired, continue without user
-            next();
-        }
-    };
-}
-//# sourceMappingURL=middleware.js.map

package/dist/server/middleware.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/server/middleware.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAGvC;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAA8B;IAE9B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,YAAY,CAAC;IAEtD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAA4B,EAAE;QACzF,IAAI,CAAC;YACH,sCAAsC;YACtC,MAAM,OAAO,GAAG,GAAG,CAAC,OAA6C,CAAC;YAClE,MAAM,KAAK,GAAG,OAAO,EAAE,CAAC,UAAU,CAAC,CAAC;YAEpC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAC9D,CAAC;YAED,mBAAmB;YACnB,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;YAClE,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC;YACpC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;YAE5B,+BAA+B;YAC/B,IAAI,IAAI,GAAoB,MAAM,OAAO,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC;YAE9E,gEAAgE;YAChE,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,4BAA4B,KAAK,KAAK,CAAC,CAAC;gBAEpD,+DAA+D;gBAC/D,MAAM,YAAY,GAAG,gBAAgB,eAAe,EAAE,CAAC;gBAEvD,IAAI,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,eAAe,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;gBAEtE,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,0BAA0B,eAAe,EAAE,CAAC,CAAC;gBACzD,OAAO,CAAC,GAAG,CAAC,qBAAqB,YAAY,EAAE,CAAC,CAAC;YACnD,CAAC;YAED,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC3D,CAAC;YAED,2BAA2B;YAC1B,GAAsC,CAAC,IAAI,GAAG;gBAC7C,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,eAAe;gBACf,KAAK;gBACL,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,YAAY,EAAE,OAAO,CAAC,YAAY;aACnC,CAAC;YAEF,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;YAC9C,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,4BAA4B,CAC1C,OAA8B;IAE9B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,YAAY,CAAC;IAEtD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;QAC9E,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,GAAG,CAAC,OAA6C,CAAC;YAClE,MAAM,KAAK,GAAG,OAAO,EAAE,CAAC,UAAU,CAAC,CAAC;YAEpC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,IAAI,EAAE,CAAC;gBACP,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;YAClE,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC;YACpC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;YAE5B,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC;YAE/D,IAAI,IAAI,EAAE,CAAC;gBACR,GAAsC,CAAC,IAAI,GAAG;oBAC7C,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,eAAe;oBACf,KAAK;oBACL,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,YAAY,EAAE,OAAO,CAAC,YAAY;iBACnC,CAAC;YACJ,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,MAAM,CAAC;YACP,kDAAkD;YAClD,IAAI,EAAE,CAAC;QACT,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/server/turnkey-client.d.ts

@@ -1,24 +0,0 @@
-/**
- * Server-side Turnkey client utilities
- */
-import { Turnkey } from '@turnkey/sdk-server';
-export interface TurnkeyClientConfig {
-    /** Turnkey API base URL (default: https://api.turnkey.com) */
-    apiBaseUrl?: string;
-    /** Turnkey API public key */
-    apiPublicKey: string;
-    /** Turnkey API private key */
-    apiPrivateKey: string;
-    /** Default organization ID */
-    organizationId: string;
-}
-/**
- * Create a Turnkey server client
- */
-export declare function createTurnkeyClient(config?: Partial<TurnkeyClientConfig>): Turnkey;
-/**
- * Get or create a Turnkey sub-organization for a user
- * Creates sub-org with email-only root user and required wallet accounts
- */
-export declare function getOrCreateTurnkeySubOrg(email: string, turnkeyClient: Turnkey): Promise<string>;
-//# sourceMappingURL=turnkey-client.d.ts.map

package/dist/server/turnkey-client.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"turnkey-client.d.ts","sourceRoot":"","sources":["../../src/server/turnkey-client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAE9C,MAAM,WAAW,mBAAmB;IAClC,8DAA8D;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6BAA6B;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,8BAA8B;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,8BAA8B;IAC9B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GAAG,OAAO,CAqBlF;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,MAAM,CAAC,CAkGjB"}

package/dist/server/turnkey-client.js

@@ -1,118 +0,0 @@
-/**
- * Server-side Turnkey client utilities
- */
-import { Turnkey } from '@turnkey/sdk-server';
-/**
- * Create a Turnkey server client
- */
-export function createTurnkeyClient(config) {
-    const apiPublicKey = config?.apiPublicKey ?? process.env.TURNKEY_API_PUBLIC_KEY;
-    const apiPrivateKey = config?.apiPrivateKey ?? process.env.TURNKEY_API_PRIVATE_KEY;
-    const organizationId = config?.organizationId ?? process.env.TURNKEY_ORGANIZATION_ID;
-    if (!apiPublicKey) {
-        throw new Error('TURNKEY_API_PUBLIC_KEY is required');
-    }
-    if (!apiPrivateKey) {
-        throw new Error('TURNKEY_API_PRIVATE_KEY is required');
-    }
-    if (!organizationId) {
-        throw new Error('TURNKEY_ORGANIZATION_ID is required');
-    }
-    return new Turnkey({
-        apiBaseUrl: config?.apiBaseUrl ?? 'https://api.turnkey.com',
-        apiPublicKey,
-        apiPrivateKey,
-        defaultOrganizationId: organizationId,
-    });
-}
-/**
- * Get or create a Turnkey sub-organization for a user
- * Creates sub-org with email-only root user and required wallet accounts
- */
-export async function getOrCreateTurnkeySubOrg(email, turnkeyClient) {
-    const organizationId = process.env.TURNKEY_ORGANIZATION_ID;
-    if (!organizationId) {
-        throw new Error('TURNKEY_ORGANIZATION_ID is required');
-    }
-    // Generate a consistent base name for lookup
-    const baseSubOrgName = `user-${email.replace(/[^a-z0-9]/gi, '-').toLowerCase()}`;
-    console.log(`🔍 Checking for existing sub-organization for ${email}...`);
-    try {
-        // Try to get existing sub-organizations by email filter
-        const subOrgs = await turnkeyClient.apiClient().getSubOrgIds({
-            organizationId,
-            filterType: 'EMAIL',
-            filterValue: email,
-        });
-        const subOrgIds = subOrgs.organizationIds || [];
-        const existingSubOrgId = subOrgIds.length > 0 ? subOrgIds[0] : null;
-        if (existingSubOrgId) {
-            console.log(`✅ Found existing sub-organization: ${existingSubOrgId}`);
-            // Check if this sub-org has a wallet
-            try {
-                const walletsCheck = await turnkeyClient.apiClient().getWallets({
-                    organizationId: existingSubOrgId,
-                });
-                const walletCount = walletsCheck.wallets?.length || 0;
-                if (walletCount > 0) {
-                    return existingSubOrgId;
-                }
-                console.log(`⚠️ Sub-org has no wallet, creating new sub-org with wallet...`);
-            }
-            catch (walletCheckErr) {
-                console.error('Could not check wallet in sub-org:', walletCheckErr);
-                return existingSubOrgId;
-            }
-        }
-    }
-    catch {
-        console.log(`📝 No existing sub-org found, will create new one`);
-    }
-    // Generate a unique name for the new sub-org
-    const subOrgName = `${baseSubOrgName}-${Date.now()}`;
-    console.log(`📧 Creating new Turnkey sub-organization for ${email}...`);
-    // Create sub-organization with wallet containing required keys
-    const result = await turnkeyClient.apiClient().createSubOrganization({
-        subOrganizationName: subOrgName,
-        rootUsers: [
-            {
-                userName: email,
-                userEmail: email,
-                apiKeys: [],
-                authenticators: [],
-                oauthProviders: [],
-            },
-        ],
-        rootQuorumThreshold: 1,
-        wallet: {
-            walletName: 'default-wallet',
-            accounts: [
-                {
-                    curve: 'CURVE_SECP256K1',
-                    pathFormat: 'PATH_FORMAT_BIP32',
-                    path: "m/44'/0'/0'/0/0", // Bitcoin path for auth-key
-                    addressFormat: 'ADDRESS_FORMAT_ETHEREUM',
-                },
-                {
-                    curve: 'CURVE_ED25519',
-                    pathFormat: 'PATH_FORMAT_BIP32',
-                    path: "m/44'/501'/0'/0'", // Ed25519 for assertion-key
-                    addressFormat: 'ADDRESS_FORMAT_SOLANA',
-                },
-                {
-                    curve: 'CURVE_ED25519',
-                    pathFormat: 'PATH_FORMAT_BIP32',
-                    path: "m/44'/501'/1'/0'", // Ed25519 for update-key
-                    addressFormat: 'ADDRESS_FORMAT_SOLANA',
-                },
-            ],
-        },
-    });
-    const subOrgId = result.activity?.result?.createSubOrganizationResultV7?.subOrganizationId;
-    if (!subOrgId) {
-        throw new Error('No sub-organization ID returned from Turnkey');
-    }
-    console.log(`✅ Created sub-organization: ${subOrgId}`);
-    return subOrgId;
-}
-//# sourceMappingURL=turnkey-client.js.map

package/dist/server/turnkey-client.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"turnkey-client.js","sourceRoot":"","sources":["../../src/server/turnkey-client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAa9C;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAqC;IACvE,MAAM,YAAY,GAAG,MAAM,EAAE,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAChF,MAAM,aAAa,GAAG,MAAM,EAAE,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACnF,MAAM,cAAc,GAAG,MAAM,EAAE,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAErF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,OAAO,IAAI,OAAO,CAAC;QACjB,UAAU,EAAE,MAAM,EAAE,UAAU,IAAI,yBAAyB;QAC3D,YAAY;QACZ,aAAa;QACb,qBAAqB,EAAE,cAAc;KACtC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAAa,EACb,aAAsB;IAEtB,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAC3D,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,6CAA6C;IAC7C,MAAM,cAAc,GAAG,QAAQ,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;IAEjF,OAAO,CAAC,GAAG,CAAC,iDAAiD,KAAK,KAAK,CAAC,CAAC;IAEzE,IAAI,CAAC;QACH,wDAAwD;QACxD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC,YAAY,CAAC;YAC3D,cAAc;YACd,UAAU,EAAE,OAAO;YACnB,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC;QAChD,MAAM,gBAAgB,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEpE,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,sCAAsC,gBAAgB,EAAE,CAAC,CAAC;YAEtE,qCAAqC;YACrC,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC;oBAC9D,cAAc,EAAE,gBAAgB;iBACjC,CAAC,CAAC;gBACH,MAAM,WAAW,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC;gBAEtD,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;oBACpB,OAAO,gBAAgB,CAAC;gBAC1B,CAAC;gBAED,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,cAAc,EAAE,CAAC;gBACxB,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,cAAc,CAAC,CAAC;gBACpE,OAAO,gBAAgB,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IACnE,CAAC;IAED,6CAA6C;IAC7C,MAAM,UAAU,GAAG,GAAG,cAAc,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAErD,OAAO,CAAC,GAAG,CAAC,gDAAgD,KAAK,KAAK,CAAC,CAAC;IAExE,+DAA+D;IAC/D,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC,qBAAqB,CAAC;QACnE,mBAAmB,EAAE,UAAU;QAC/B,SAAS,EAAE;YACT;gBACE,QAAQ,EAAE,KAAK;gBACf,SAAS,EAAE,KAAK;gBAChB,OAAO,EAAE,EAAE;gBACX,cAAc,EAAE,EAAE;gBAClB,cAAc,EAAE,EAAE;aACnB;SACF;QACD,mBAAmB,EAAE,CAAC;QACtB,MAAM,EAAE;YACN,UAAU,EAAE,gBAAgB;YAC5B,QAAQ,EAAE;gBACR;oBACE,KAAK,EAAE,iBAAiB;oBACxB,UAAU,EAAE,mBAAmB;oBAC/B,IAAI,EAAE,iBAAiB,EAAE,4BAA4B;oBACrD,aAAa,EAAE,yBAAyB;iBACzC;gBACD;oBACE,KAAK,EAAE,eAAe;oBACtB,UAAU,EAAE,mBAAmB;oBAC/B,IAAI,EAAE,kBAAkB,EAAE,4BAA4B;oBACtD,aAAa,EAAE,uBAAuB;iBACvC;gBACD;oBACE,KAAK,EAAE,eAAe;oBACtB,UAAU,EAAE,mBAAmB;oBAC/B,IAAI,EAAE,kBAAkB,EAAE,yBAAyB;oBACnD,aAAa,EAAE,uBAAuB;iBACvC;aACF;SACF;KACF,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,6BAA6B,EAAE,iBAAiB,CAAC;IAE3F,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,+BAA+B,QAAQ,EAAE,CAAC,CAAC;IAEvD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/server/turnkey-signer.d.ts

@@ -1,40 +0,0 @@
-/**
- * Turnkey Signer - Integration between Turnkey key management and Originals SDK
- *
- * Provides an ExternalSigner implementation that works with Turnkey-managed
- * keys for use with the Originals SDK's DID creation and signing operations.
- */
-import { Turnkey } from '@turnkey/sdk-server';
-import { ExternalSigner, ExternalVerifier } from '@originals/sdk';
-/**
- * Turnkey-based signer for use with Originals SDK
- * Implements the ExternalSigner and ExternalVerifier interfaces
- */
-export declare class TurnkeyWebVHSigner implements ExternalSigner, ExternalVerifier {
-    private subOrgId;
-    private keyId;
-    private publicKeyMultibase;
-    private turnkeyClient;
-    private verificationMethodId;
-    constructor(subOrgId: string, keyId: string, publicKeyMultibase: string, turnkeyClient: Turnkey, verificationMethodId: string);
-    /**
-     * Sign data using Turnkey's API
-     */
-    sign(input: {
-        document: Record<string, unknown>;
-        proof: Record<string, unknown>;
-    }): Promise<{
-        proofValue: string;
-    }>;
-    /**
-     * Verify a signature
-     */
-    verify(signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array): Promise<boolean>;
-    getVerificationMethodId(): string;
-    getPublicKeyMultibase(): string;
-}
-/**
- * Create a Turnkey signer for use with the Originals SDK
- */
-export declare function createTurnkeySigner(subOrgId: string, keyId: string, turnkeyClient: Turnkey, verificationMethodId: string, publicKeyMultibase: string): TurnkeyWebVHSigner;
-//# sourceMappingURL=turnkey-signer.d.ts.map

package/dist/server/turnkey-signer.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"turnkey-signer.d.ts","sourceRoot":"","sources":["../../src/server/turnkey-signer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAA0B,MAAM,gBAAgB,CAAC;AAwB1F;;;GAGG;AACH,qBAAa,kBAAmB,YAAW,cAAc,EAAE,gBAAgB;IACzE,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,aAAa,CAAU;IAC/B,OAAO,CAAC,oBAAoB,CAAS;gBAGnC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,kBAAkB,EAAE,MAAM,EAC1B,aAAa,EAAE,OAAO,EACtB,oBAAoB,EAAE,MAAM;IAS9B;;OAEG;IACG,IAAI,CAAC,KAAK,EAAE;QAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAClC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAChC,GAAG,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAgDnC;;OAEG;IACG,MAAM,CACV,SAAS,EAAE,UAAU,EACrB,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC;IAwBnB,uBAAuB,IAAI,MAAM;IAIjC,qBAAqB,IAAI,MAAM;CAGhC;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,OAAO,EACtB,oBAAoB,EAAE,MAAM,EAC5B,kBAAkB,EAAE,MAAM,GACzB,kBAAkB,CAQpB"}

package/dist/server/turnkey-signer.js

@@ -1,121 +0,0 @@
-/**
- * Turnkey Signer - Integration between Turnkey key management and Originals SDK
- *
- * Provides an ExternalSigner implementation that works with Turnkey-managed
- * keys for use with the Originals SDK's DID creation and signing operations.
- */
-import { multikey, OriginalsSDK } from '@originals/sdk';
-import { sha512 } from '@noble/hashes/sha2.js';
-import { concatBytes, bytesToHex } from '@noble/hashes/utils.js';
-import * as ed25519 from '@noble/ed25519';
-// Configure @noble/ed25519 with required SHA-512 function
-const sha512Fn = (...msgs) => sha512(concatBytes(...msgs));
-// Initialize Ed25519 configuration
-try {
-    const ed25519Module = ed25519;
-    if (ed25519Module.utils) {
-        ed25519Module.utils.sha512Sync = sha512Fn;
-    }
-    if (ed25519Module.etc) {
-        ed25519Module.etc.sha512Sync = sha512Fn;
-    }
-}
-catch (error) {
-    console.warn('Failed to configure ed25519 utils:', error);
-}
-/**
- * Turnkey-based signer for use with Originals SDK
- * Implements the ExternalSigner and ExternalVerifier interfaces
- */
-export class TurnkeyWebVHSigner {
-    subOrgId;
-    keyId;
-    publicKeyMultibase;
-    turnkeyClient;
-    verificationMethodId;
-    constructor(subOrgId, keyId, publicKeyMultibase, turnkeyClient, verificationMethodId) {
-        this.subOrgId = subOrgId;
-        this.keyId = keyId;
-        this.publicKeyMultibase = publicKeyMultibase;
-        this.turnkeyClient = turnkeyClient;
-        this.verificationMethodId = verificationMethodId;
-    }
-    /**
-     * Sign data using Turnkey's API
-     */
-    async sign(input) {
-        try {
-            // Prepare the data for signing using the SDK's canonical approach
-            const dataToSign = await OriginalsSDK.prepareDIDDataForSigning(input.document, input.proof);
-            // Convert canonical data to hex format for Turnkey's sign API
-            const dataHex = `0x${bytesToHex(dataToSign)}`;
-            // Sign using Turnkey's API
-            const result = await this.turnkeyClient.apiClient().signRawPayload({
-                organizationId: this.subOrgId,
-                signWith: this.keyId,
-                payload: dataHex,
-                encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',
-                hashFunction: 'HASH_FUNCTION_NO_OP',
-            });
-            const signRawResult = result.activity?.result?.signRawPayloadResult;
-            if (!signRawResult?.r || !signRawResult?.s) {
-                throw new Error('No signature returned from Turnkey');
-            }
-            const signature = signRawResult.r + signRawResult.s;
-            // Convert signature to bytes
-            const cleanSig = signature.startsWith('0x') ? signature.slice(2) : signature;
-            let signatureBytes = Buffer.from(cleanSig, 'hex');
-            // Ed25519 signatures should be exactly 64 bytes
-            if (signatureBytes.length === 65) {
-                signatureBytes = signatureBytes.slice(0, 64);
-            }
-            else if (signatureBytes.length !== 64) {
-                throw new Error(`Invalid Ed25519 signature length: ${signatureBytes.length} (expected 64 bytes)`);
-            }
-            // Encode signature as multibase
-            const proofValue = multikey.encodeMultibase(signatureBytes);
-            return { proofValue };
-        }
-        catch (error) {
-            console.error('Error signing with Turnkey:', error);
-            throw new Error(`Failed to sign with Turnkey: ${error instanceof Error ? error.message : String(error)}`);
-        }
-    }
-    /**
-     * Verify a signature
-     */
-    async verify(signature, message, publicKey) {
-        try {
-            // Ed25519 public keys must be exactly 32 bytes
-            let ed25519PublicKey = publicKey;
-            if (publicKey.length === 33) {
-                ed25519PublicKey = publicKey.slice(1);
-            }
-            else if (publicKey.length !== 32) {
-                return false;
-            }
-            const ed25519Module = ed25519;
-            if (typeof ed25519Module.utils?.sha512Sync !== 'function') {
-                ed25519Module.utils.sha512Sync = sha512Fn;
-            }
-            return await ed25519.verifyAsync(signature, message, ed25519PublicKey);
-        }
-        catch (error) {
-            console.error('Error verifying signature:', error);
-            return false;
-        }
-    }
-    getVerificationMethodId() {
-        return this.verificationMethodId;
-    }
-    getPublicKeyMultibase() {
-        return this.publicKeyMultibase;
-    }
-}
-/**
- * Create a Turnkey signer for use with the Originals SDK
- */
-export function createTurnkeySigner(subOrgId, keyId, turnkeyClient, verificationMethodId, publicKeyMultibase) {
-    return new TurnkeyWebVHSigner(subOrgId, keyId, publicKeyMultibase, turnkeyClient, verificationMethodId);
-}
-//# sourceMappingURL=turnkey-signer.js.map

package/dist/server/turnkey-signer.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"turnkey-signer.js","sourceRoot":"","sources":["../../src/server/turnkey-signer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAoC,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC1F,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACjE,OAAO,KAAK,OAAO,MAAM,gBAAgB,CAAC;AAE1C,0DAA0D;AAC1D,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAkB,EAAc,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;AAErF,mCAAmC;AACnC,IAAI,CAAC;IACH,MAAM,aAAa,GAAG,OAGrB,CAAC;IACF,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;QACxB,aAAa,CAAC,KAAK,CAAC,UAAU,GAAG,QAAQ,CAAC;IAC5C,CAAC;IACD,IAAI,aAAa,CAAC,GAAG,EAAE,CAAC;QACtB,aAAa,CAAC,GAAG,CAAC,UAAU,GAAG,QAAQ,CAAC;IAC1C,CAAC;AACH,CAAC;AAAC,OAAO,KAAK,EAAE,CAAC;IACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;AAC5D,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,kBAAkB;IACrB,QAAQ,CAAS;IACjB,KAAK,CAAS;IACd,kBAAkB,CAAS;IAC3B,aAAa,CAAU;IACvB,oBAAoB,CAAS;IAErC,YACE,QAAgB,EAChB,KAAa,EACb,kBAA0B,EAC1B,aAAsB,EACtB,oBAA4B;QAE5B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,KAGV;QACC,IAAI,CAAC;YACH,kEAAkE;YAClE,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,wBAAwB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAE5F,8DAA8D;YAC9D,MAAM,OAAO,GAAG,KAAK,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAE9C,2BAA2B;YAC3B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC;gBACjE,cAAc,EAAE,IAAI,CAAC,QAAQ;gBAC7B,QAAQ,EAAE,IAAI,CAAC,KAAK;gBACpB,OAAO,EAAE,OAAO;gBAChB,QAAQ,EAAE,8BAA8B;gBACxC,YAAY,EAAE,qBAAqB;aACpC,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,oBAAoB,CAAC;YACpE,IAAI,CAAC,aAAa,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,CAAC;YAED,MAAM,SAAS,GAAG,aAAa,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC;YAEpD,6BAA6B;YAC7B,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC7E,IAAI,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAElD,gDAAgD;YAChD,IAAI,cAAc,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACjC,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC/C,CAAC;iBAAM,IAAI,cAAc,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CACb,qCAAqC,cAAc,CAAC,MAAM,sBAAsB,CACjF,CAAC;YACJ,CAAC;YAED,gCAAgC;YAChC,MAAM,UAAU,GAAG,QAAQ,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;YAC5D,OAAO,EAAE,UAAU,EAAE,CAAC;QACxB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,gCAAgC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACzF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,SAAqB,EACrB,OAAmB,EACnB,SAAqB;QAErB,IAAI,CAAC;YACH,+CAA+C;YAC/C,IAAI,gBAAgB,GAAG,SAAS,CAAC;YACjC,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBAC5B,gBAAgB,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACxC,CAAC;iBAAM,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,aAAa,GAAG,OAErB,CAAC;YACF,IAAI,OAAO,aAAa,CAAC,KAAK,EAAE,UAAU,KAAK,UAAU,EAAE,CAAC;gBAC1D,aAAa,CAAC,KAAM,CAAC,UAAU,GAAG,QAAQ,CAAC;YAC7C,CAAC;YAED,OAAO,MAAM,OAAO,CAAC,WAAW,CAAC,SAAS,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC;QACzE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;YACnD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,uBAAuB;QACrB,OAAO,IAAI,CAAC,oBAAoB,CAAC;IACnC,CAAC;IAED,qBAAqB;QACnB,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgB,EAChB,KAAa,EACb,aAAsB,EACtB,oBAA4B,EAC5B,kBAA0B;IAE1B,OAAO,IAAI,kBAAkB,CAC3B,QAAQ,EACR,KAAK,EACL,kBAAkB,EAClB,aAAa,EACb,oBAAoB,CACrB,CAAC;AACJ,CAAC"}