@package-broker/core 0.7.1 → 0.8.0

package/dist/modules/auth/auth.handlers.js

@@ -0,0 +1,278 @@
+/*
+ * PACKAGE.broker
+ * Copyright (C) 2025 Łukasz Bajsarowicz
+ * Licensed under AGPL-3.0
+ */
+import { UserService } from '../../services/UserService';
+import { getAnalytics } from '../../utils/analytics';
+// Generate a session token
+function generateSessionToken() {
+    const bytes = crypto.getRandomValues(new Uint8Array(32));
+    return btoa(String.fromCharCode(...bytes))
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=/g, '');
+}
+/**
+ * POST /api/auth/login
+ * Authenticate admin user and return session token
+ */
+export const loginHandler = async (c) => {
+    const db = c.get('database');
+    const userService = new UserService(db);
+    const body = c.req.valid('json');
+    const { email, password } = body;
+    const user = await userService.verifyCredentials(email, password);
+    const requestId = c.get('requestId');
+    const analytics = getAnalytics();
+    if (!user) {
+        analytics.trackAuthLogin({
+            requestId,
+            userId: 'unknown',
+            success: false,
+        });
+        return c.json({ error: 'Invalid credentials' }, 401);
+    }
+    // Check 2FA
+    if (user.two_factor_enabled) {
+        const { code } = body;
+        if (!code) {
+            return c.json({ error: '2FA required', code: '2fa_required' }, 403);
+        }
+        const isValid = await userService.validateTwoFactorLogin(user.id, code);
+        if (!isValid) {
+            analytics.trackAuthLogin({
+                requestId,
+                userId: user.id,
+                success: false,
+            });
+            return c.json({ error: 'Invalid 2FA code' }, 401);
+        }
+    }
+    // Generate session token
+    const sessionToken = generateSessionToken();
+    analytics.trackAuthLogin({
+        requestId,
+        userId: user.id,
+        success: true,
+    });
+    // Store session in cache (expires in 24 hours)
+    // Use injected cache driver (Node.js) or fall back to c.env.KV (Cloudflare)
+    const cache = c.get('cache') || c.env?.KV;
+    if (!cache) {
+        throw new Error('No session storage available (cache driver or KV not configured)');
+    }
+    await cache.put(`session:${sessionToken}`, JSON.stringify({
+        userId: user.id,
+        email: user.email,
+        role: user.role,
+        createdAt: Date.now(),
+    }), {
+        expirationTtl: 86400, // 24 hours
+    });
+    return c.json({
+        token: sessionToken,
+        user: {
+            id: user.id,
+            email: user.email,
+            role: user.role,
+            two_factor_enabled: user.two_factor_enabled,
+        },
+    });
+};
+/**
+ * POST /api/auth/logout
+ * Invalidate session token
+ */
+export const logoutHandler = async (c) => {
+    const authHeader = c.req.header('Authorization');
+    if (authHeader?.startsWith('Bearer ')) {
+        const token = authHeader.slice(7);
+        const cache = c.get('cache') || c.env?.KV;
+        if (cache) {
+            await cache.delete(`session:${token}`);
+        }
+    }
+    return c.json({ message: 'Logged out' });
+};
+/**
+ * GET /api/auth/me
+ * Get current authenticated user
+ */
+export const meHandler = async (c) => {
+    const session = c.get('session');
+    if (!session) {
+        return c.json({ error: 'Not authenticated' }, 401);
+    }
+    // Refresh user data from DB to get latest status
+    const db = c.get('database');
+    const userService = new UserService(db);
+    const user = await userService.findById(session.userId);
+    if (!user) {
+        return c.json({ error: 'User not found' }, 404);
+    }
+    return c.json({
+        user: {
+            id: user.id,
+            email: user.email,
+            role: user.role,
+            two_factor_enabled: user.two_factor_enabled
+        }
+    });
+};
+/**
+ * GET /api/auth/check
+ * Check if auth is required / setup is needed
+ */
+export const checkAuthRequiredHandler = async (c) => {
+    const db = c.get('database');
+    const userService = new UserService(db);
+    const count = await userService.count();
+    return c.json({
+        auth_required: count > 0,
+    });
+};
+/**
+ * POST /api/setup
+ * Create initial admin user
+ */
+export async function setupHandler(c) {
+    const db = c.get('database');
+    const userService = new UserService(db);
+    // Check if any user exists
+    const count = await userService.count();
+    if (count > 0) {
+        return c.json({ error: 'Setup already completed' }, 403);
+    }
+    let body;
+    try {
+        body = await c.req.json();
+    }
+    catch {
+        return c.json({ error: 'Invalid JSON' }, 400);
+    }
+    const { email, password } = body;
+    if (!email || !password) {
+        return c.json({ error: 'Email and password required' }, 400);
+    }
+    // Create first admin
+    const user = await userService.create({
+        email,
+        password,
+        role: 'admin'
+    });
+    return c.json({
+        message: 'Setup complete',
+        user: {
+            id: user?.id,
+            email: user?.email
+        }
+    });
+}
+/**
+ * POST /api/auth/2fa/setup
+ * Start 2FA setup flow
+ */
+export async function setup2FAHandler(c) {
+    const db = c.get('database');
+    const userService = new UserService(db);
+    const session = c.get('session');
+    // Generate new secret
+    const secret = await userService.setupTwoFactor(session.userId);
+    const qrCode = await userService.generateTwoFactorQrCode(session.email, secret);
+    return c.json({ secret, qrCode });
+}
+/**
+ * POST /api/auth/2fa/enable
+ * Confirm 2FA setup with code
+ */
+export async function enable2FAHandler(c) {
+    const db = c.get('database');
+    const userService = new UserService(db);
+    const session = c.get('session');
+    let body;
+    try {
+        body = await c.req.json();
+    }
+    catch {
+        return c.json({ error: 'Invalid JSON' }, 400);
+    }
+    const { secret, code } = body;
+    if (!secret || !code) {
+        return c.json({ error: 'Secret and code required' }, 400);
+    }
+    try {
+        const recoveryCodes = await userService.enableTwoFactor(session.userId, secret, code);
+        return c.json({ recoveryCodes });
+    }
+    catch (err) {
+        return c.json({ error: err.message }, 400);
+    }
+}
+/**
+ * POST /api/auth/2fa/disable
+ * Disable 2FA
+ */
+export async function disable2FAHandler(c) {
+    const db = c.get('database');
+    const userService = new UserService(db);
+    const session = c.get('session');
+    await userService.disableTwoFactor(session.userId);
+    return c.json({ message: '2FA disabled' });
+}
+/**
+ * POST /api/auth/invite/accept
+ * Accept invite and set password
+ */
+export async function acceptInviteHandler(c) {
+    const db = c.get('database');
+    const userService = new UserService(db);
+    let body;
+    try {
+        body = await c.req.json();
+    }
+    catch {
+        return c.json({ error: 'Invalid JSON' }, 400);
+    }
+    const { token, password } = body;
+    if (!token || !password) {
+        return c.json({ error: 'Token and password required' }, 400);
+    }
+    try {
+        const user = await userService.acceptInvite(token, password);
+        return c.json({ message: 'Invite accepted', user: { email: user.email } });
+    }
+    catch (err) {
+        return c.json({ error: err.message }, 400);
+    }
+}
+/**
+ * Middleware to verify session token
+ */
+export async function sessionMiddleware(c, next) {
+    const authHeader = c.req.header('Authorization');
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+        return c.json({ error: 'Unauthorized', message: 'Session token required' }, 401);
+    }
+    const token = authHeader.slice(7);
+    // Check cache for session (use injected cache or fall back to c.env.KV)
+    const cache = c.get('cache') || c.env?.KV;
+    if (!cache) {
+        return c.json({ error: 'Server Error', message: 'Session storage not configured' }, 500);
+    }
+    // Try to get session - handle both CachePort (getJson) and KV (get with 'json' type)
+    let sessionData;
+    if (typeof cache.getJson === 'function') {
+        sessionData = await cache.getJson(`session:${token}`);
+    }
+    else {
+        sessionData = await cache.get(`session:${token}`, 'json');
+    }
+    if (!sessionData) {
+        return c.json({ error: 'Unauthorized', message: 'Invalid or expired session' }, 401);
+    }
+    // Attach session to context
+    c.set('session', sessionData);
+    return await next();
+}
+//# sourceMappingURL=auth.handlers.js.map

package/dist/modules/auth/auth.handlers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.handlers.js","sourceRoot":"","sources":["../../../src/modules/auth/auth.handlers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAQrD,2BAA2B;AAC3B,SAAS,oBAAoB;IACzB,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC;SACrC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,CAAM,EAAqB,EAAE;IAC5D,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;IAEjC,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAClE,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAuB,CAAC;IAC3D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IAEjC,IAAI,CAAC,IAAI,EAAE,CAAC;QACR,SAAS,CAAC,cAAc,CAAC;YACrB,SAAS;YACT,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,KAAK;SACjB,CAAC,CAAC;QACH,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,GAAG,CAAC,CAAC;IACzD,CAAC;IAED,YAAY;IACZ,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC1B,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;QACtB,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QACxE,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,SAAS,CAAC,cAAc,CAAC;gBACrB,SAAS;gBACT,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,OAAO,EAAE,KAAK;aACjB,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,GAAG,CAAC,CAAC;QACtD,CAAC;IACL,CAAC;IAED,yBAAyB;IACzB,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;IAE5C,SAAS,CAAC,cAAc,CAAC;QACrB,SAAS;QACT,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,OAAO,EAAE,IAAI;KAChB,CAAC,CAAC;IAEH,+CAA+C;IAC/C,4EAA4E;IAC5E,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC;IAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;IACxF,CAAC;IACD,MAAM,KAAK,CAAC,GAAG,CAAC,WAAW,YAAY,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC;QACtD,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACxB,CAAC,EAAE;QACA,aAAa,EAAE,KAAK,EAAE,WAAW;KACpC,CAAC,CAAC;IAEH,OAAO,CAAC,CAAC,IAAI,CAAC;QACV,KAAK,EAAE,YAAY;QACnB,IAAI,EAAE;YACF,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;SAC9C;KACJ,CAAC,CAAC;AACP,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,CAAM,EAAqB,EAAE;IAC7D,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACjD,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC;QAC1C,IAAI,KAAK,EAAE,CAAC;YACR,MAAM,KAAK,CAAC,MAAM,CAAC,WAAW,KAAK,EAAE,CAAC,CAAC;QAC3C,CAAC;IACL,CAAC;IACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;AAC7C,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,KAAK,EAAE,CAAU,EAAqB,EAAE;IAC7D,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACjC,IAAI,CAAC,OAAO,EAAE,CAAC;QACX,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE,GAAG,CAAC,CAAC;IACvD,CAAC;IAED,iDAAiD;IACjD,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAExD,IAAI,CAAC,IAAI,EAAE,CAAC;QACR,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,EAAE,GAAG,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,CAAC,CAAC,IAAI,CAAC;QACV,IAAI,EAAE;YACF,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;SAC9C;KACJ,CAAC,CAAC;AACP,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,KAAK,EAAE,CAAM,EAAqB,EAAE;IACxE,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAExC,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;IAExC,OAAO,CAAC,CAAC,IAAI,CAAC;QACV,aAAa,EAAE,KAAK,GAAG,CAAC;KAC3B,CAAC,CAAC;AACP,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,CAAU;IACzC,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAExC,2BAA2B;IAC3B,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;IACxC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACZ,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,GAAG,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACD,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;IAEjC,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;QACtB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,EAAE,GAAG,CAAC,CAAC;IACjE,CAAC;IAED,qBAAqB;IACrB,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC;QAClC,KAAK;QACL,QAAQ;QACR,IAAI,EAAE,OAAO;KAChB,CAAC,CAAC;IAEH,OAAO,CAAC,CAAC,IAAI,CAAC;QACV,OAAO,EAAE,gBAAgB;QACzB,IAAI,EAAE;YACF,EAAE,EAAE,IAAI,EAAE,EAAE;YACZ,KAAK,EAAE,IAAI,EAAE,KAAK;SACrB;KACJ,CAAC,CAAC;AACP,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,CAAU;IAC5C,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAEjC,sBAAsB;IACtB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAEhF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,CAAU;IAC7C,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAEjC,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACD,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;IAE9B,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QACnB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,EAAE,GAAG,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,CAAC;QACD,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QACtF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAChB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;IAC/C,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,CAAU;IAC9C,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAEjC,MAAM,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACnD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,CAAU;IAChD,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAExC,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACD,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;IAEjC,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;QACtB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,EAAE,GAAG,CAAC,CAAC;IACjE,CAAC;IAED,IAAI,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC7D,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC/E,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAChB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;IAC/C,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,CAAU,EAAE,IAAyB;IACzE,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAEjD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,wBAAwB,EAAE,EAAE,GAAG,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAElC,wEAAwE;IACxE,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC;IAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;QACT,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,gCAAgC,EAAE,EAAE,GAAG,CAAC,CAAC;IAC7F,CAAC;IAED,qFAAqF;IACrF,IAAI,WAAW,CAAC;IAChB,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;QACtC,WAAW,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,WAAW,KAAK,EAAE,CAAC,CAAC;IAC1D,CAAC;SAAM,CAAC;QACJ,WAAW,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,WAAW,KAAK,EAAE,EAAE,MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QACf,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAE,GAAG,CAAC,CAAC;IACzF,CAAC;IAED,4BAA4B;IAC5B,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAE9B,OAAO,MAAM,IAAI,EAAE,CAAC;AACxB,CAAC"}

package/dist/modules/auth/auth.routes.d.ts

@@ -0,0 +1,187 @@
+import { z } from '@hono/zod-openapi';
+export declare const loginRouteDef: {
+    method: "post";
+    path: "/login";
+    summary: string;
+    description: string;
+    request: {
+        body: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        email: z.ZodString;
+                        password: z.ZodString;
+                        code: z.ZodOptional<z.ZodString>;
+                    }, z.core.$strip>;
+                };
+            };
+        };
+    };
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        token: z.ZodString;
+                        user: z.ZodObject<{
+                            id: z.ZodString;
+                            email: z.ZodString;
+                            role: z.ZodEnum<{
+                                admin: "admin";
+                                viewer: "viewer";
+                            }>;
+                            two_factor_enabled: z.ZodBoolean;
+                        }, z.core.$strip>;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+        400: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        error: z.ZodString;
+                        message: z.ZodOptional<z.ZodString>;
+                        code: z.ZodOptional<z.ZodString>;
+                        requestId: z.ZodOptional<z.ZodString>;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+        401: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        error: z.ZodString;
+                        message: z.ZodOptional<z.ZodString>;
+                        code: z.ZodOptional<z.ZodString>;
+                        requestId: z.ZodOptional<z.ZodString>;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+        403: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        error: z.ZodString;
+                        message: z.ZodOptional<z.ZodString>;
+                        requestId: z.ZodOptional<z.ZodString>;
+                        code: z.ZodString;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+    };
+    tags: string[];
+} & {
+    getRoutingPath(): "/login";
+};
+export declare const logoutRouteDef: {
+    method: "post";
+    path: "/logout";
+    summary: string;
+    description: string;
+    security: {
+        Bearer: never[];
+    }[];
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        message: z.ZodString;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+    };
+    tags: string[];
+} & {
+    getRoutingPath(): "/logout";
+};
+export declare const meRouteDef: {
+    method: "get";
+    path: "/me";
+    summary: string;
+    description: string;
+    security: {
+        Bearer: never[];
+    }[];
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        user: z.ZodObject<{
+                            id: z.ZodString;
+                            email: z.ZodString;
+                            role: z.ZodEnum<{
+                                admin: "admin";
+                                viewer: "viewer";
+                            }>;
+                            two_factor_enabled: z.ZodBoolean;
+                        }, z.core.$strip>;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+        401: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        error: z.ZodString;
+                        message: z.ZodOptional<z.ZodString>;
+                        code: z.ZodOptional<z.ZodString>;
+                        requestId: z.ZodOptional<z.ZodString>;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+        404: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        error: z.ZodString;
+                        message: z.ZodOptional<z.ZodString>;
+                        code: z.ZodOptional<z.ZodString>;
+                        requestId: z.ZodOptional<z.ZodString>;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+    };
+    tags: string[];
+} & {
+    getRoutingPath(): "/me";
+};
+export declare const checkAuthRequiredRouteDef: {
+    method: "get";
+    path: "/check";
+    summary: string;
+    description: string;
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        auth_required: z.ZodBoolean;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+    };
+    tags: string[];
+} & {
+    getRoutingPath(): "/check";
+};
+//# sourceMappingURL=auth.routes.d.ts.map

package/dist/modules/auth/auth.routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.routes.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/auth.routes.ts"],"names":[],"mappings":"AAMA,OAAO,EAAe,CAAC,EAAE,MAAM,mBAAmB,CAAC;AASnD,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmDxB,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;CAmBzB,CAAC;AAEH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmCrB,CAAC;AAEH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;CAkBpC,CAAC"}

package/dist/modules/auth/auth.routes.js

@@ -0,0 +1,136 @@
+/*
+ * PACKAGE.broker
+ * Copyright (C) 2025 Łukasz Bajsarowicz
+ * Licensed under AGPL-3.0
+ */
+import { createRoute, z } from '@hono/zod-openapi';
+import { loginRequestSchema, loginResponseSchema, userResponseSchema, errorResponseSchema, } from '@package-broker/shared';
+// Route paths are relative to module mount at /api/auth
+export const loginRouteDef = createRoute({
+    method: 'post',
+    path: '/login',
+    summary: 'Authenticate user',
+    description: 'Authenticate admin user and return session token',
+    request: {
+        body: {
+            content: {
+                'application/json': {
+                    schema: loginRequestSchema,
+                },
+            },
+        },
+    },
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: loginResponseSchema,
+                },
+            },
+            description: 'Login successful',
+        },
+        400: {
+            content: {
+                'application/json': {
+                    schema: errorResponseSchema,
+                },
+            },
+            description: 'Invalid request',
+        },
+        401: {
+            content: {
+                'application/json': {
+                    schema: errorResponseSchema,
+                },
+            },
+            description: 'Invalid credentials',
+        },
+        403: {
+            content: {
+                'application/json': {
+                    schema: errorResponseSchema.extend({
+                        code: z.string(),
+                    }),
+                },
+            },
+            description: '2FA required',
+        },
+    },
+    tags: ['Authentication'],
+});
+export const logoutRouteDef = createRoute({
+    method: 'post',
+    path: '/logout',
+    summary: 'Logout user',
+    description: 'Invalidate session token',
+    security: [{ Bearer: [] }],
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.object({
+                        message: z.string(),
+                    }),
+                },
+            },
+            description: 'Logged out successfully',
+        },
+    },
+    tags: ['Authentication'],
+});
+export const meRouteDef = createRoute({
+    method: 'get',
+    path: '/me',
+    summary: 'Get current user',
+    description: 'Get current authenticated user information',
+    security: [{ Bearer: [] }],
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.object({
+                        user: userResponseSchema,
+                    }),
+                },
+            },
+            description: 'User information',
+        },
+        401: {
+            content: {
+                'application/json': {
+                    schema: errorResponseSchema,
+                },
+            },
+            description: 'Not authenticated',
+        },
+        404: {
+            content: {
+                'application/json': {
+                    schema: errorResponseSchema,
+                },
+            },
+            description: 'User not found',
+        },
+    },
+    tags: ['Authentication'],
+});
+export const checkAuthRequiredRouteDef = createRoute({
+    method: 'get',
+    path: '/check',
+    summary: 'Check if authentication is required',
+    description: 'Check if the instance requires authentication',
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.object({
+                        auth_required: z.boolean(),
+                    }),
+                },
+            },
+            description: 'Authentication requirement status',
+        },
+    },
+    tags: ['Authentication'],
+});
+//# sourceMappingURL=auth.routes.js.map

package/dist/modules/auth/auth.routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.routes.js","sourceRoot":"","sources":["../../../src/modules/auth/auth.routes.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,CAAC,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EACH,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,GACtB,MAAM,wBAAwB,CAAC;AAEhC,wDAAwD;AACxD,MAAM,CAAC,MAAM,aAAa,GAAG,WAAW,CAAC;IACrC,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,mBAAmB;IAC5B,WAAW,EAAE,kDAAkD;IAC/D,OAAO,EAAE;QACL,IAAI,EAAE;YACF,OAAO,EAAE;gBACL,kBAAkB,EAAE;oBAChB,MAAM,EAAE,kBAAkB;iBAC7B;aACJ;SACJ;KACJ;IACD,SAAS,EAAE;QACP,GAAG,EAAE;YACD,OAAO,EAAE;gBACL,kBAAkB,EAAE;oBAChB,MAAM,EAAE,mBAAmB;iBAC9B;aACJ;YACD,WAAW,EAAE,kBAAkB;SAClC;QACD,GAAG,EAAE;YACD,OAAO,EAAE;gBACL,kBAAkB,EAAE;oBAChB,MAAM,EAAE,mBAAmB;iBAC9B;aACJ;YACD,WAAW,EAAE,iBAAiB;SACjC;QACD,GAAG,EAAE;YACD,OAAO,EAAE;gBACL,kBAAkB,EAAE;oBAChB,MAAM,EAAE,mBAAmB;iBAC9B;aACJ;YACD,WAAW,EAAE,qBAAqB;SACrC;QACD,GAAG,EAAE;YACD,OAAO,EAAE;gBACL,kBAAkB,EAAE;oBAChB,MAAM,EAAE,mBAAmB,CAAC,MAAM,CAAC;wBAC/B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;qBACnB,CAAC;iBACL;aACJ;YACD,WAAW,EAAE,cAAc;SAC9B;KACJ;IACD,IAAI,EAAE,CAAC,gBAAgB,CAAC;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,WAAW,CAAC;IACtC,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,aAAa;IACtB,WAAW,EAAE,0BAA0B;IACvC,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IAC1B,SAAS,EAAE;QACP,GAAG,EAAE;YACD,OAAO,EAAE;gBACL,kBAAkB,EAAE;oBAChB,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;wBACb,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;qBACtB,CAAC;iBACL;aACJ;YACD,WAAW,EAAE,yBAAyB;SACzC;KACJ;IACD,IAAI,EAAE,CAAC,gBAAgB,CAAC;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,WAAW,CAAC;IAClC,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,KAAK;IACX,OAAO,EAAE,kBAAkB;IAC3B,WAAW,EAAE,4CAA4C;IACzD,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IAC1B,SAAS,EAAE;QACP,GAAG,EAAE;YACD,OAAO,EAAE;gBACL,kBAAkB,EAAE;oBAChB,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;wBACb,IAAI,EAAE,kBAAkB;qBAC3B,CAAC;iBACL;aACJ;YACD,WAAW,EAAE,kBAAkB;SAClC;QACD,GAAG,EAAE;YACD,OAAO,EAAE;gBACL,kBAAkB,EAAE;oBAChB,MAAM,EAAE,mBAAmB;iBAC9B;aACJ;YACD,WAAW,EAAE,mBAAmB;SACnC;QACD,GAAG,EAAE;YACD,OAAO,EAAE;gBACL,kBAAkB,EAAE;oBAChB,MAAM,EAAE,mBAAmB;iBAC9B;aACJ;YACD,WAAW,EAAE,gBAAgB;SAChC;KACJ;IACD,IAAI,EAAE,CAAC,gBAAgB,CAAC;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,WAAW,CAAC;IACjD,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,qCAAqC;IAC9C,WAAW,EAAE,+CAA+C;IAC5D,SAAS,EAAE;QACP,GAAG,EAAE;YACD,OAAO,EAAE;gBACL,kBAAkB,EAAE;oBAChB,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;wBACb,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE;qBAC7B,CAAC;iBACL;aACJ;YACD,WAAW,EAAE,mCAAmC;SACnD;KACJ;IACD,IAAI,EAAE,CAAC,gBAAgB,CAAC;CAC3B,CAAC,CAAC"}

package/dist/modules/auth/index.d.ts

@@ -0,0 +1,11 @@
+import { OpenAPIHono } from '@hono/zod-openapi';
+import type { AppBindings, AppVariables } from '../../factory';
+declare const authModule: OpenAPIHono<{
+    Bindings: AppBindings;
+    Variables: AppVariables;
+}, {}, "/">;
+export { authMiddleware } from '../../middleware/auth';
+export { sessionMiddleware } from './auth.handlers';
+export { setupHandler } from './auth.handlers';
+export default authModule;
+//# sourceMappingURL=index.d.ts.map

package/dist/modules/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAI/D,QAAA,MAAM,UAAU;cAA+B,WAAW;eAAa,YAAY;WAAK,CAAC;AAyBzF,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAGvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAGpD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,eAAe,UAAU,CAAC"}

package/dist/modules/auth/index.js

@@ -0,0 +1,34 @@
+/*
+ * PACKAGE.broker
+ * Copyright (C) 2025 Łukasz Bajsarowicz
+ * Licensed under AGPL-3.0
+ */
+import { OpenAPIHono } from '@hono/zod-openapi';
+import * as routes from './auth.routes';
+import * as handlers from './auth.handlers';
+const authModule = new OpenAPIHono();
+// Public routes (no session required)
+authModule.openapi(routes.loginRouteDef, handlers.loginHandler);
+authModule.openapi(routes.checkAuthRequiredRouteDef, handlers.checkAuthRequiredHandler);
+// Non-OpenAPI public routes
+// Note: /invite/accept is mounted at /api/auth/invite/accept
+authModule.post('/invite/accept', handlers.acceptInviteHandler);
+// Protected routes (session required)
+// Apply session middleware to all routes registered below
+authModule.use('*', async (c, next) => {
+    return handlers.sessionMiddleware(c, next);
+});
+authModule.openapi(routes.logoutRouteDef, handlers.logoutHandler);
+authModule.openapi(routes.meRouteDef, handlers.meHandler);
+// Non-OpenAPI protected routes
+authModule.post('/2fa/setup', handlers.setup2FAHandler);
+authModule.post('/2fa/enable', handlers.enable2FAHandler);
+authModule.post('/2fa/disable', handlers.disable2FAHandler);
+// Re-export authMiddleware for use by other modules (e.g., composer/dist)
+export { authMiddleware } from '../../middleware/auth';
+// Export sessionMiddleware for use by other protected route groups
+export { sessionMiddleware } from './auth.handlers';
+// Export setup handler separately since it needs to be mounted at /api/setup (not /api/auth/setup)
+export { setupHandler } from './auth.handlers';
+export default authModule;
+//# sourceMappingURL=index.js.map

package/dist/modules/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/modules/auth/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,KAAK,MAAM,MAAM,eAAe,CAAC;AACxC,OAAO,KAAK,QAAQ,MAAM,iBAAiB,CAAC;AAE5C,MAAM,UAAU,GAAG,IAAI,WAAW,EAAsD,CAAC;AAEzF,sCAAsC;AACtC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,YAAmB,CAAC,CAAC;AACvE,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,yBAAyB,EAAE,QAAQ,CAAC,wBAA+B,CAAC,CAAC;AAE/F,4BAA4B;AAC5B,6DAA6D;AAC7D,UAAU,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,mBAAmB,CAAC,CAAC;AAEhE,sCAAsC;AACtC,0DAA0D;AAC1D,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;IAClC,OAAO,QAAQ,CAAC,iBAAiB,CAAC,CAAQ,EAAE,IAAW,CAAC,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,QAAQ,CAAC,aAAoB,CAAC,CAAC;AACzE,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,SAAgB,CAAC,CAAC;AAEjE,+BAA+B;AAC/B,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;AACxD,UAAU,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,gBAAgB,CAAC,CAAC;AAC1D,UAAU,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,iBAAiB,CAAC,CAAC;AAE5D,0EAA0E;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,mEAAmE;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEpD,mGAAmG;AACnG,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,eAAe,UAAU,CAAC"}