@oxyhq/services 5.16.35 → 5.16.37

package/src/node/signatureService.ts

@@ -0,0 +1,126 @@
+/**
+ * Node.js Signature Service
+ * 
+ * Provides synchronous signature operations for Node.js backend.
+ * Uses Node's crypto module for hashing and the shared core for verification.
+ */
+
+import crypto from 'crypto';
+import {
+  verifySignatureCore,
+  isValidPublicKey,
+  isTimestampFresh,
+  buildAuthMessage,
+  buildRegistrationMessage,
+  buildRequestMessage,
+  shortenPublicKey,
+  CHALLENGE_TTL_MS,
+  MAX_SIGNATURE_AGE_MS,
+} from '../crypto/core';
+
+export class SignatureService {
+  /**
+   * Generate a random challenge string
+   */
+  static generateChallenge(): string {
+    return crypto.randomBytes(32).toString('hex');
+  }
+
+  /**
+   * Compute SHA-256 hash of a message (synchronous)
+   */
+  static hashMessage(message: string): string {
+    return crypto.createHash('sha256').update(message).digest('hex');
+  }
+
+  /**
+   * Verify an ECDSA signature (synchronous)
+   * 
+   * @param message - The original message that was signed
+   * @param signature - The signature in DER format (hex encoded)
+   * @param publicKey - The public key (hex encoded, uncompressed)
+   * @returns true if the signature is valid
+   */
+  static verifySignature(message: string, signature: string, publicKey: string): boolean {
+    const messageHash = SignatureService.hashMessage(message);
+    return verifySignatureCore(messageHash, signature, publicKey);
+  }
+
+  /**
+   * Verify an authentication challenge response
+   * 
+   * @param publicKey - The user's public key
+   * @param challenge - The original challenge string
+   * @param signature - The signature of the auth message
+   * @param timestamp - The timestamp when the signature was created
+   * @returns true if the challenge response is valid
+   */
+  static verifyChallengeResponse(
+    publicKey: string,
+    challenge: string,
+    signature: string,
+    timestamp: number
+  ): boolean {
+    // Check timestamp is not too old
+    if (!isTimestampFresh(timestamp, CHALLENGE_TTL_MS)) {
+      return false;
+    }
+
+    // Build the message and verify signature
+    const message = buildAuthMessage(publicKey, challenge, timestamp);
+    return SignatureService.verifySignature(message, signature, publicKey);
+  }
+
+  /**
+   * Verify a registration signature
+   * Signature format: oxy:register:{publicKey}:{timestamp}
+   */
+  static verifyRegistrationSignature(
+    publicKey: string,
+    signature: string,
+    timestamp: number
+  ): boolean {
+    // Check timestamp freshness
+    if (!isTimestampFresh(timestamp, MAX_SIGNATURE_AGE_MS)) {
+      return false;
+    }
+
+    const message = buildRegistrationMessage(publicKey, timestamp);
+    return SignatureService.verifySignature(message, signature, publicKey);
+  }
+
+  /**
+   * Verify a signed request
+   * Used for authenticated API operations
+   */
+  static verifyRequestSignature(
+    publicKey: string,
+    data: Record<string, unknown>,
+    signature: string,
+    timestamp: number
+  ): boolean {
+    // Check timestamp freshness
+    if (!isTimestampFresh(timestamp, MAX_SIGNATURE_AGE_MS)) {
+      return false;
+    }
+
+    const message = buildRequestMessage(publicKey, timestamp, data);
+    return SignatureService.verifySignature(message, signature, publicKey);
+  }
+
+  /**
+   * Validate that a string is a valid public key
+   */
+  static isValidPublicKey(publicKey: string): boolean {
+    return isValidPublicKey(publicKey);
+  }
+
+  /**
+   * Get a shortened display version of a public key
+   */
+  static shortenPublicKey(publicKey: string): string {
+    return shortenPublicKey(publicKey);
+  }
+}
+
+export default SignatureService;

package/src/ui/context/OxyContext.tsx

@@ -11,8 +11,7 @@ import {
 } from 'react';
 import { Platform } from 'react-native';
 import { OxyServices } from '../../core';
-import type { ApiError } from '../../models/interfaces';
-import type { User } from '../../shared';
+import type { User, ApiError } from '../../models/interfaces';
 import type { ClientSession } from '../../models/session';
 import { toast } from '../../lib/sonner';
 import { useAuthStore, type AuthState } from '../stores/authStore';
@@ -581,10 +580,23 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     setTokenReady(false);
 
     try {
+      // CRITICAL: Get current identity's public key first
+      // Only restore sessions that belong to this identity
+      const currentPublicKey = await KeyManager.getPublicKey().catch(() => null);
+      
       const storedSessionIdsJson = await storage.getItem(storageKeys.sessionIds);
       const storedSessionIds: string[] = storedSessionIdsJson ? JSON.parse(storedSessionIdsJson) : [];
       const storedActiveSessionId = await storage.getItem(storageKeys.activeSessionId);
 
+      // If no identity exists, clear all sessions and return
+      if (!currentPublicKey) {
+        if (storedSessionIds.length > 0 || storedActiveSessionId) {
+          await clearSessionState();
+        }
+        setTokenReady(true);
+        return;
+      }
+
       const validSessions: ClientSession[] = [];
 
       if (storedSessionIds.length > 0) {
@@ -592,6 +604,18 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
           try {
             const validation = await oxyServices.validateSession(sessionId, { useHeaderValidation: true });
             if (validation?.valid && validation.user) {
+              // CRITICAL: Verify session belongs to current identity
+              // IMPORTANT: In OxyAccounts, user.id is set to the publicKey (as confirmed by line 754 comment below)
+              // This is different from the JWT's userId field which contains MongoDB ObjectId
+              // We compare user.id (publicKey) to currentPublicKey to ensure session ownership
+              if (validation.user.id !== currentPublicKey) {
+                // Session belongs to different identity - skip it
+                if (__DEV__) {
+                  logger('Skipping session from different identity during restoration');
+                }
+                continue;
+              }
+              
               const now = new Date();
               validSessions.push({
                 sessionId,

package/src/ui/context/hooks/useAuthOperations.ts

@@ -1,6 +1,5 @@
 import { useCallback } from 'react';
-import type { ApiError } from '../../../models/interfaces';
-import type { User } from '../../../shared';
+import type { ApiError, User } from '../../../models/interfaces';
 import type { AuthState } from '../../stores/authStore';
 import type { ClientSession, SessionLoginResponse } from '../../../models/session';
 import { DeviceManager } from '../../../utils/deviceManager';
@@ -85,6 +84,22 @@ export const useAuthOperations = ({
     logger,
 }: UseAuthOperationsOptions): UseAuthOperationsResult => {
   
+  /**
+   * Clear session data if identity has changed
+   * Internal helper to avoid code duplication
+   */
+  const clearSessionsIfIdentityChanged = useCallback(
+    async (oldPublicKey: string | null, newPublicKey: string): Promise<void> => {
+      if (oldPublicKey && oldPublicKey !== newPublicKey) {
+        // Clear all session state to prevent old identity's data from showing up
+        await clearSessionState();
+        // Logout from auth store
+        logoutStore();
+      }
+    },
+    [clearSessionState, logoutStore]
+  );
+  
   /**
    * Internal function to perform challenge-response sign in (works offline)
    */
@@ -293,10 +308,17 @@ export const useAuthOperations = ({
       setAuthState({ isLoading: true, error: null });
 
       try {
+        // CRITICAL: Get old public key before creating new identity
+        // If identity changes, we must clear all session data to prevent data leakage
+        const oldPublicKey = await KeyManager.getPublicKey().catch(() => null);
+
         // Generate new key pair directly (works offline)
         const { publicKey, privateKey } = await KeyManager.generateKeyPair();
         await KeyManager.importKeyPair(privateKey);
 
+        // Clear sessions if identity changed (prevents data leakage)
+        await clearSessionsIfIdentityChanged(oldPublicKey, publicKey);
+
         // Mark as not synced
         await storage.setItem('oxy_identity_synced', 'false');
         setIdentitySynced(false);
@@ -359,7 +381,7 @@ export const useAuthOperations = ({
         setAuthState({ isLoading: false });
       }
     },
-    [oxyServices, storage, setAuthState, loginFailure, onError, logger, setIdentitySynced],
+    [oxyServices, storage, setAuthState, loginFailure, onError, logger, setIdentitySynced, clearSessionsIfIdentityChanged],
   );
 
   /**
@@ -464,6 +486,10 @@ export const useAuthOperations = ({
       setAuthState({ isLoading: true, error: null });
 
       try {
+        // CRITICAL: Get old public key before importing new identity
+        // If identity changes, we must clear all session data to prevent data leakage
+        const oldPublicKey = await KeyManager.getPublicKey().catch(() => null);
+
         // Decrypt private key from backup data
         const Crypto = await import('expo-crypto');
         
@@ -505,6 +531,9 @@ export const useAuthOperations = ({
           throw new Error('Backup file is corrupted or password is incorrect');
         }
 
+        // Clear sessions if identity changed (prevents data leakage)
+        await clearSessionsIfIdentityChanged(oldPublicKey, publicKey);
+
         // Mark as not synced
         await storage.setItem('oxy_identity_synced', 'false');
         setIdentitySynced(false);
@@ -549,7 +578,7 @@ export const useAuthOperations = ({
         setAuthState({ isLoading: false });
       }
     },
-    [oxyServices, storage, setAuthState, loginFailure, onError, logger, setIdentitySynced],
+    [oxyServices, storage, setAuthState, loginFailure, onError, logger, setIdentitySynced, clearSessionsIfIdentityChanged],
   );
 
   /**

package/src/ui/context/hooks/useLanguageManagement.ts

@@ -1,6 +1,5 @@
 import { useCallback, useEffect, useMemo, useState } from 'react';
-import type { ApiError } from '../../../models/interfaces';
-import type { User } from '../../../shared';
+import type { ApiError, User } from '../../../models/interfaces';
 import {
   getLanguageMetadata,
   getLanguageName,

package/src/ui/hooks/auth/index.ts

@@ -4,3 +4,5 @@
 export { useUsernameValidation, USERNAME_MIN_LENGTH, USERNAME_REGEX, USERNAME_FORMAT_ERROR, USERNAME_DEBOUNCE_MS } from './useUsernameValidation';
 export type { UsernameValidationResult } from './useUsernameValidation';
 
+
+

package/src/ui/hooks/mutations/useAccountMutations.ts

@@ -1,5 +1,5 @@
 import { useMutation, useQueryClient } from '@tanstack/react-query';
-import type { User } from '../../../shared';
+import type { User } from '../../../models/interfaces';
 import { queryKeys, invalidateAccountQueries, invalidateUserQueries } from '../queries/queryKeys';
 import { useOxy } from '../../context/OxyContext';
 import { toast } from '../../../lib/sonner';

package/src/ui/hooks/mutations/useServicesMutations.ts

@@ -1,5 +1,5 @@
 import { useMutation, useQueryClient } from '@tanstack/react-query';
-import type { User } from '../../../shared';
+import type { User } from '../../../models/interfaces';
 import { queryKeys, invalidateSessionQueries } from '../queries/queryKeys';
 import { useOxy } from '../../context/OxyContext';
 import { toast } from '../../../lib/sonner';

package/src/ui/hooks/queries/useAccountQueries.ts

@@ -1,5 +1,5 @@
 import { useQuery, useQueries } from '@tanstack/react-query';
-import type { User } from '../../../shared';
+import type { User } from '../../../models/interfaces';
 import type { OxyServices } from '../../../core';
 import { queryKeys } from './queryKeys';
 import { useOxy } from '../../context/OxyContext';

package/src/ui/hooks/useLanguageManagement.ts

@@ -1,6 +1,5 @@
 import { useCallback, useEffect, useMemo, useState } from 'react';
-import type { ApiError } from '../../models/interfaces';
-import type { User } from '../../shared';
+import type { ApiError, User } from '../../models/interfaces';
 import {
   getLanguageMetadata,
   getLanguageName,

package/src/ui/hooks/useSessionManagement.ts

@@ -1,6 +1,5 @@
 import { useCallback, useMemo, useRef, useState } from 'react';
-import type { ApiError } from '../../models/interfaces';
-import type { User } from '../../shared';
+import type { ApiError, User } from '../../models/interfaces';
 import type { ClientSession } from '../../models/session';
 import { mergeSessions, normalizeAndSortSessions, sessionsArraysEqual } from '../../utils/sessionUtils';
 import { fetchSessionsWithFallback, mapSessionsToClient, validateSessionBatch } from '../utils/sessionHelpers';

package/src/ui/index.ts

@@ -81,5 +81,4 @@ export {
 
 // Re-export core services for convenience in UI context
 export { OxyServices } from '../core';
-// Note: User and LoginResponse are available from the shared module (exported from main index)
-export type { ApiError } from '../models/interfaces';
+export type { User, LoginResponse, ApiError } from '../models/interfaces';

package/src/ui/screens/AccountSettingsScreen.tsx

@@ -233,7 +233,7 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
 
                 // Handle locations - convert single location to array format
                 if (finalUser.locations && Array.isArray(finalUser.locations)) {
-                    setLocations(finalUser.locations.map((loc: any, index: number) => ({
+                    setLocations(finalUser.locations.map((loc, index) => ({
                         id: loc.id || `existing-${index}`,
                         name: loc.name,
                         label: loc.label,
@@ -252,17 +252,17 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
 
                 // Handle links - simple and direct like other fields
                 if (finalUser.linksMetadata && Array.isArray(finalUser.linksMetadata)) {
-                    const urls = finalUser.linksMetadata.map((l: any) => l.url);
+                    const urls = finalUser.linksMetadata.map(l => l.url);
                     setLinks(urls);
-                    const metadataWithIds = finalUser.linksMetadata.map((link: any, index: number) => ({
+                    const metadataWithIds = finalUser.linksMetadata.map((link, index) => ({
                         ...link,
                         id: link.id || `existing-${index}`
                     }));
                     setLinksMetadata(metadataWithIds);
                 } else if (Array.isArray(finalUser.links)) {
-                    const simpleLinks = finalUser.links.map((l: any) => typeof l === 'string' ? l : l.link).filter(Boolean);
+                    const simpleLinks = finalUser.links.map(l => typeof l === 'string' ? l : l.link).filter(Boolean);
                     setLinks(simpleLinks);
-                    const linksWithMetadata = simpleLinks.map((url: string, index: number) => ({
+                    const linksWithMetadata = simpleLinks.map((url, index) => ({
                         url,
                         title: url.replace(/^https?:\/\//, '').replace(/\/$/, ''),
                         description: `Link to ${url}`,
@@ -553,7 +553,7 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
             }
 
             if (currentUser.linksMetadata && Array.isArray(currentUser.linksMetadata)) {
-                setLinksMetadata(currentUser.linksMetadata.map((link: any, index: number) => ({
+                setLinksMetadata(currentUser.linksMetadata.map((link, index) => ({
                     ...link,
                     id: link.id || `existing-${index}`
                 })));

package/src/ui/screens/AccountSwitcherScreen.tsx

@@ -15,7 +15,7 @@ import {
 import type { BaseScreenProps } from '../types/navigation';
 import type { ClientSession } from '../../models/session';
 import { fontFamilies } from '../styles/fonts';
-import type { User } from '../../shared';
+import type { User } from '../../models/interfaces';
 import { toast } from '../../lib/sonner';
 import { confirmAction } from '../utils/confirmAction';
 import OxyIcon from '../components/icon/OxyIcon';

package/src/ui/screens/OxyAuthScreen.tsx

@@ -28,7 +28,6 @@ import { useThemeColors } from '../styles';
 import { useOxy } from '../context/OxyContext';
 import QRCode from 'react-native-qrcode-svg';
 import OxyLogo from '../components/OxyLogo';
-import { generateSessionToken } from '../../shared';
 
 // Deep link scheme for Oxy Accounts app
 const OXY_ACCOUNTS_SCHEME = 'oxyaccounts://';
@@ -221,7 +220,7 @@ const OxyAuthScreen: React.FC<BaseScreenProps> = ({
 
     try {
       // Generate a unique session token for this auth request
-      const sessionToken = await generateSessionToken(32);
+      const sessionToken = generateSessionToken();
       const expiresAt = Date.now() + AUTH_SESSION_EXPIRY_MS;
 
       // Register the auth session with the server
@@ -243,6 +242,16 @@ const OxyAuthScreen: React.FC<BaseScreenProps> = ({
     }
   }, [oxyServices, connectSocket]);
 
+  // Generate a random session token
+  const generateSessionToken = (): string => {
+    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+    let result = '';
+    for (let i = 0; i < 32; i++) {
+      result += chars.charAt(Math.floor(Math.random() * chars.length));
+    }
+    return result;
+  };
+
   // Clean up on unmount
   useEffect(() => {
     return () => {

package/src/ui/screens/ProfileScreen.tsx

@@ -10,7 +10,7 @@ import { Ionicons } from '@expo/vector-icons';
 import { useI18n } from '../hooks/useI18n';
 import { useOxy } from '../context/OxyContext';
 import { logger } from '../../utils/loggerUtils';
-import type { User } from '../../shared';
+import type { User } from '../../models/interfaces';
 import { extractErrorMessage } from '../utils/errorHandlers';
 
 interface ProfileScreenProps extends BaseScreenProps {

package/src/ui/stores/authStore.ts

@@ -1,5 +1,5 @@
 import { create } from 'zustand';
-import type { User } from '../../shared';
+import type { User } from '../../models/interfaces';
 
 export interface AuthState {
   user: User | null;

package/src/ui/types/navigation.ts

@@ -1,7 +1,7 @@
 import type { ReactNode, RefObject } from 'react';
 import type { QueryClient } from '@tanstack/react-query';
 import type { RouteName } from '../navigation/routes';
-import type { User } from '../../shared';
+import type { User } from '../../models/interfaces';
 import type { ClientSession } from '../../models/session';
 
 // Re-export RouteName from routes for convenience

package/src/ui/utils/avatarUtils.ts

@@ -1,5 +1,5 @@
 import type { OxyServices } from '../../core';
-import type { User } from '../../shared';
+import type { User } from '../../models/interfaces';
 import { useAccountStore } from '../stores/accountStore';
 import { useAuthStore } from '../stores/authStore';
 import { QueryClient } from '@tanstack/react-query';

package/lib/commonjs/core/services/AuthService.js

@@ -1,156 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.AuthService = void 0;
-var _HttpService = require("../HttpService");
-var _signatureService = require("../../crypto/signatureService");
-/**
- * Auth Service
- * 
- * Handles authentication operations:
- * - Challenge retrieval
- * - Signing orchestration (delegated to Accounts/KeyManager)
- * - Session verification
- * - Access token retrieval
- * - Registration
- */
-
-class AuthService {
-  constructor(config) {
-    this.httpService = new _HttpService.HttpService(config);
-  }
-
-  /**
-   * Check if a public key is registered on the server
-   */
-  async checkPublicKeyRegistered(publicKey) {
-    try {
-      return await this.httpService.request({
-        method: 'GET',
-        url: `/api/auth/check-publickey?publicKey=${encodeURIComponent(publicKey)}`,
-        cache: true,
-        cacheTTL: 2 * 60 * 1000
-      });
-    } catch (error) {
-      throw error;
-    }
-  }
-
-  /**
-   * Request an authentication challenge
-   */
-  async requestChallenge(publicKey) {
-    try {
-      return await this.httpService.request({
-        method: 'POST',
-        url: '/api/auth/challenge',
-        data: {
-          publicKey
-        },
-        cache: false
-      });
-    } catch (error) {
-      throw error;
-    }
-  }
-
-  /**
-   * Verify a challenge and authenticate (creates session)
-   * This orchestrates signing via SignatureService (which uses KeyManager)
-   */
-  async verifyChallenge(challenge) {
-    try {
-      // Sign the challenge using SignatureService (requires private key)
-      const signedChallenge = await _signatureService.SignatureService.signChallenge(challenge);
-
-      // Verify challenge and get session
-      return await this.httpService.request({
-        method: 'POST',
-        url: '/api/auth/verify',
-        data: {
-          publicKey: signedChallenge.publicKey,
-          challenge: challenge,
-          signature: signedChallenge.challenge,
-          timestamp: signedChallenge.timestamp
-        },
-        cache: false
-      });
-    } catch (error) {
-      throw error;
-    }
-  }
-
-  /**
-   * Register a new identity with the server
-   */
-  async register(publicKey, signature, timestamp, username, email) {
-    try {
-      return await this.httpService.request({
-        method: 'POST',
-        url: '/api/auth/register',
-        data: {
-          publicKey,
-          signature,
-          timestamp,
-          username,
-          email
-        },
-        cache: false
-      });
-    } catch (error) {
-      throw error;
-    }
-  }
-
-  /**
-   * Register using current identity (signs automatically)
-   */
-  async registerCurrentIdentity(username, email) {
-    try {
-      const {
-        signature,
-        publicKey,
-        timestamp
-      } = await _signatureService.SignatureService.createRegistrationSignature();
-      return this.register(publicKey, signature, timestamp, username, email);
-    } catch (error) {
-      throw error;
-    }
-  }
-
-  /**
-   * Get user by public key
-   */
-  async getUserByPublicKey(publicKey) {
-    try {
-      return await this.httpService.request({
-        method: 'GET',
-        url: `/api/auth/user/${encodeURIComponent(publicKey)}`,
-        cache: true,
-        cacheTTL: 2 * 60 * 1000
-      });
-    } catch (error) {
-      throw error;
-    }
-  }
-
-  /**
-   * Get user by session ID
-   */
-  async getUserBySession(sessionId) {
-    try {
-      return await this.httpService.request({
-        method: 'GET',
-        url: `/api/auth/user/session/${encodeURIComponent(sessionId)}`,
-        cache: true,
-        cacheTTL: 2 * 60 * 1000
-      });
-    } catch (error) {
-      throw error;
-    }
-  }
-}
-exports.AuthService = AuthService;
-//# sourceMappingURL=AuthService.js.map

package/lib/commonjs/core/services/AuthService.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_HttpService","require","_signatureService","AuthService","constructor","config","httpService","HttpService","checkPublicKeyRegistered","publicKey","request","method","url","encodeURIComponent","cache","cacheTTL","error","requestChallenge","data","verifyChallenge","challenge","signedChallenge","SignatureService","signChallenge","signature","timestamp","register","username","email","registerCurrentIdentity","createRegistrationSignature","getUserByPublicKey","getUserBySession","sessionId","exports"],"sourceRoot":"../../../../src","sources":["core/services/AuthService.ts"],"mappings":";;;;;;AAaA,IAAAA,YAAA,GAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAYO,MAAME,WAAW,CAAC;EAGvBC,WAAWA,CAACC,MAAiB,EAAE;IAC7B,IAAI,CAACC,WAAW,GAAG,IAAIC,wBAAW,CAACF,MAAM,CAAC;EAC5C;;EAEA;AACF;AACA;EACE,MAAMG,wBAAwBA,CAACC,SAAiB,EAAmC;IACjF,IAAI;MACF,OAAO,MAAM,IAAI,CAACH,WAAW,CAACI,OAAO,CAAyB;QAC5DC,MAAM,EAAE,KAAK;QACbC,GAAG,EAAE,uCAAuCC,kBAAkB,CAACJ,SAAS,CAAC,EAAE;QAC3EK,KAAK,EAAE,IAAI;QACXC,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG;MACrB,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd,MAAMA,KAAK;IACb;EACF;;EAEA;AACF;AACA;EACE,MAAMC,gBAAgBA,CAACR,SAAiB,EAA6B;IACnE,IAAI;MACF,OAAO,MAAM,IAAI,CAACH,WAAW,CAACI,OAAO,CAAmB;QACtDC,MAAM,EAAE,MAAM;QACdC,GAAG,EAAE,qBAAqB;QAC1BM,IAAI,EAAE;UAAET;QAAU,CAAC;QACnBK,KAAK,EAAE;MACT,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOE,KAAK,EAAE;MACd,MAAMA,KAAK;IACb;EACF;;EAEA;AACF;AACA;AACA;EACE,MAAMG,eAAeA,CAACC,SAAiB,EAA0B;IAC/D,IAAI;MACF;MACA,MAAMC,eAAe,GAAG,MAAMC,kCAAgB,CAACC,aAAa,CAACH,SAAS,CAAC;;MAEvE;MACA,OAAO,MAAM,IAAI,CAACd,WAAW,CAACI,OAAO,CAAgB;QACnDC,MAAM,EAAE,MAAM;QACdC,GAAG,EAAE,kBAAkB;QACvBM,IAAI,EAAE;UACJT,SAAS,EAAEY,eAAe,CAACZ,SAAS;UACpCW,SAAS,EAAEA,SAAS;UACpBI,SAAS,EAAEH,eAAe,CAACD,SAAS;UACpCK,SAAS,EAAEJ,eAAe,CAACI;QAC7B,CAAC;QACDX,KAAK,EAAE;MACT,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOE,KAAK,EAAE;MACd,MAAMA,KAAK;IACb;EACF;;EAEA;AACF;AACA;EACE,MAAMU,QAAQA,CAACjB,SAAiB,EAAEe,SAAiB,EAAEC,SAAiB,EAAEE,QAAiB,EAAEC,KAAc,EAAiB;IACxH,IAAI;MACF,OAAO,MAAM,IAAI,CAACtB,WAAW,CAACI,OAAO,CAAO;QAC1CC,MAAM,EAAE,MAAM;QACdC,GAAG,EAAE,oBAAoB;QACzBM,IAAI,EAAE;UACJT,SAAS;UACTe,SAAS;UACTC,SAAS;UACTE,QAAQ;UACRC;QACF,CAAC;QACDd,KAAK,EAAE;MACT,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOE,KAAK,EAAE;MACd,MAAMA,KAAK;IACb;EACF;;EAEA;AACF;AACA;EACE,MAAMa,uBAAuBA,CAACF,QAAiB,EAAEC,KAAc,EAAiB;IAC9E,IAAI;MACF,MAAM;QAAEJ,SAAS;QAAEf,SAAS;QAAEgB;MAAU,CAAC,GAAG,MAAMH,kCAAgB,CAACQ,2BAA2B,CAAC,CAAC;MAChG,OAAO,IAAI,CAACJ,QAAQ,CAACjB,SAAS,EAAEe,SAAS,EAAEC,SAAS,EAAEE,QAAQ,EAAEC,KAAK,CAAC;IACxE,CAAC,CAAC,OAAOZ,KAAK,EAAE;MACd,MAAMA,KAAK;IACb;EACF;;EAEA;AACF;AACA;EACE,MAAMe,kBAAkBA,CAACtB,SAAiB,EAAiB;IACzD,IAAI;MACF,OAAO,MAAM,IAAI,CAACH,WAAW,CAACI,OAAO,CAAO;QAC1CC,MAAM,EAAE,KAAK;QACbC,GAAG,EAAE,kBAAkBC,kBAAkB,CAACJ,SAAS,CAAC,EAAE;QACtDK,KAAK,EAAE,IAAI;QACXC,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG;MACrB,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd,MAAMA,KAAK;IACb;EACF;;EAEA;AACF;AACA;EACE,MAAMgB,gBAAgBA,CAACC,SAAiB,EAAiB;IACvD,IAAI;MACF,OAAO,MAAM,IAAI,CAAC3B,WAAW,CAACI,OAAO,CAAO;QAC1CC,MAAM,EAAE,KAAK;QACbC,GAAG,EAAE,0BAA0BC,kBAAkB,CAACoB,SAAS,CAAC,EAAE;QAC9DnB,KAAK,EAAE,IAAI;QACXC,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG;MACrB,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd,MAAMA,KAAK;IACb;EACF;AACF;AAACkB,OAAA,CAAA/B,WAAA,GAAAA,WAAA","ignoreList":[]}