@pawells/nestjs-auth 1.0.0-dev.3052c75

package/build/admin/client/services/base-service.js

@@ -0,0 +1,107 @@
+import { AppLogger, getErrorMessage } from '@pawells/nestjs-shared/common';
+import { withRetry } from '../utils/index.js';
+import { KeycloakClientError, AuthenticationError, AuthorizationError, NotFoundError, ValidationError, TimeoutError, NetworkError, } from '../errors/index.js';
+import { KeycloakAdminScopeError } from '../../permissions/keycloak-admin.permissions.js';
+const HTTP_STATUS_UNAUTHORIZED = 401;
+const HTTP_STATUS_FORBIDDEN = 403;
+const HTTP_STATUS_NOT_FOUND = 404;
+const HTTP_STATUS_BAD_REQUEST = 400;
+const HTTP_STATUS_REQUEST_TIMEOUT = 408;
+/**
+ * Base service class for Keycloak admin API client services.
+ *
+ * Provides shared functionality for all admin sub-services: error handling with classified
+ * exceptions, retry logic for transient failures, and scope-based access control.
+ * All Keycloak admin operations (user, role, client, group management, etc.) inherit from this class.
+ *
+ * Subclasses must call {@link requireScope} before API operations to enforce permission control.
+ *
+ * @abstract
+ */
+export class BaseService {
+    logger;
+    adminClient;
+    grantedScopes;
+    loggerConfig;
+    retryConfig;
+    constructor(adminClient, grantedScopes, loggerConfig, retryConfig) {
+        this.adminClient = adminClient;
+        this.grantedScopes = grantedScopes;
+        this.loggerConfig = loggerConfig;
+        this.retryConfig = retryConfig;
+        this.logger = new AppLogger(undefined, this.constructor.name);
+    }
+    /**
+     * Asserts that the given scope is granted. Throws {@link KeycloakAdminScopeError}
+     * synchronously if not, before any network request is made.
+     * All mutation operations ({@link KeycloakAdminScope} ending in `:write`) are
+     * audit-logged at INFO level when the check passes.
+     */
+    requireScope(scope) {
+        if (!this.grantedScopes.has(scope)) {
+            this.logger.warn(`Keycloak admin scope blocked: '${scope}' not granted`);
+            throw new KeycloakAdminScopeError(scope);
+        }
+        if (scope.endsWith(':write')) {
+            this.logger.info(`Keycloak admin mutation: scope '${scope}' invoked`);
+        }
+    }
+    /**
+     * Execute a function with retry logic
+     */
+    async withRetry(fn, options) {
+        const config = {
+            ...this.retryConfig,
+            ...options,
+            ...(this.loggerConfig && { logger: this.loggerConfig }),
+        };
+        const result = await withRetry(fn, config);
+        return result;
+    }
+    /**
+     * Handle and transform errors from Keycloak admin client
+     */
+    handleError(error) {
+        // Re-throw scope errors without wrapping
+        if (error instanceof KeycloakAdminScopeError) {
+            throw error;
+        }
+        // If already our error type, re-throw
+        if (error instanceof KeycloakClientError) {
+            throw error;
+        }
+        // Handle axios errors from admin client
+        if (error && typeof error === 'object' && 'response' in error) {
+            const axiosError = error;
+            const status = axiosError.response?.status;
+            const message = axiosError.message ?? 'Unknown error';
+            const data = axiosError.response?.data;
+            if (status === HTTP_STATUS_UNAUTHORIZED) {
+                throw new AuthenticationError(message, status, data);
+            }
+            if (status === HTTP_STATUS_FORBIDDEN) {
+                throw new AuthorizationError(message, status, data);
+            }
+            if (status === HTTP_STATUS_NOT_FOUND) {
+                throw new NotFoundError(message, data);
+            }
+            if (status === HTTP_STATUS_BAD_REQUEST) {
+                throw new ValidationError(message, data);
+            }
+            if (status === HTTP_STATUS_REQUEST_TIMEOUT) {
+                throw new TimeoutError(message);
+            }
+            if (axiosError.code === 'ECONNREFUSED' || axiosError.code === 'ETIMEDOUT') {
+                throw new NetworkError(message, error instanceof Error ? error : undefined);
+            }
+            // Generic error with status code
+            if (status) {
+                throw new KeycloakClientError(message, status, data);
+            }
+        }
+        // Generic error
+        const message = getErrorMessage(error);
+        throw new KeycloakClientError(message, undefined, undefined, error instanceof Error ? error : undefined);
+    }
+}
+//# sourceMappingURL=base-service.js.map

package/build/admin/client/services/base-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-service.js","sourceRoot":"","sources":["../../../../src/admin/client/services/base-service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAE3E,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EACN,mBAAmB,EACnB,mBAAmB,EACnB,kBAAkB,EAClB,aAAa,EACb,eAAe,EACf,YAAY,EACZ,YAAY,GACZ,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,uBAAuB,EAAE,MAAM,iDAAiD,CAAC;AAE1F,MAAM,wBAAwB,GAAG,GAAG,CAAC;AACrC,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,uBAAuB,GAAG,GAAG,CAAC;AACpC,MAAM,2BAA2B,GAAG,GAAG,CAAC;AAExC;;;;;;;;;;GAUG;AACH,MAAM,OAAgB,WAAW;IACf,MAAM,CAAY;IAEzB,WAAW,CAAgB;IAE3B,aAAa,CAAkC;IAE/C,YAAY,CAAU;IAEtB,WAAW,CAAe;IAEpC,YACC,WAA0B,EAC1B,aAA8C,EAC9C,YAAqB,EACrB,WAAyB;QAEzB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,IAAI,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC/D,CAAC;IAED;;;;;OAKG;IACO,YAAY,CAAC,KAAyB;QAC/C,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,KAAK,eAAe,CAAC,CAAC;YACzE,MAAM,IAAI,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,KAAK,WAAW,CAAC,CAAC;QACvE,CAAC;IACF,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,SAAS,CACxB,EAAoB,EACpB,OAAqB;QAErB,MAAM,MAAM,GAAG;YACd,GAAG,IAAI,CAAC,WAAW;YACnB,GAAG,OAAO;YACV,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;SACvD,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QAC3C,OAAO,MAAM,CAAC;IACf,CAAC;IAED;;OAEG;IACO,WAAW,CAAC,KAAc;QACnC,yCAAyC;QACzC,IAAI,KAAK,YAAY,uBAAuB,EAAE,CAAC;YAC9C,MAAM,KAAK,CAAC;QACb,CAAC;QAED,sCAAsC;QACtC,IAAI,KAAK,YAAY,mBAAmB,EAAE,CAAC;YAC1C,MAAM,KAAK,CAAC;QACb,CAAC;QAED,wCAAwC;QACxC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,UAAU,IAAI,KAAK,EAAE,CAAC;YAC/D,MAAM,UAAU,GAAG,KAIlB,CAAC;YAEF,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;YAC3C,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,IAAI,eAAe,CAAC;YACtD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC;YAEvC,IAAI,MAAM,KAAK,wBAAwB,EAAE,CAAC;gBACzC,MAAM,IAAI,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;YACtD,CAAC;YAED,IAAI,MAAM,KAAK,qBAAqB,EAAE,CAAC;gBACtC,MAAM,IAAI,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;YACrD,CAAC;YAED,IAAI,MAAM,KAAK,qBAAqB,EAAE,CAAC;gBACtC,MAAM,IAAI,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YACxC,CAAC;YAED,IAAI,MAAM,KAAK,uBAAuB,EAAE,CAAC;gBACxC,MAAM,IAAI,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAC1C,CAAC;YAED,IAAI,MAAM,KAAK,2BAA2B,EAAE,CAAC;gBAC5C,MAAM,IAAI,YAAY,CAAC,OAAO,CAAC,CAAC;YACjC,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,IAAI,UAAU,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;gBAC3E,MAAM,IAAI,YAAY,CAAC,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAC7E,CAAC;YAED,iCAAiC;YACjC,IAAI,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;YACtD,CAAC;QACF,CAAC;QAED,gBAAgB;QAChB,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QACvC,MAAM,IAAI,mBAAmB,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC1G,CAAC;CACD"}

package/build/admin/client/services/client.service.d.ts

@@ -0,0 +1,86 @@
+import type { ClientRepresentation, RoleRepresentation, ProtocolMapperRepresentation } from '../types/index.js';
+import { BaseService } from './base-service.js';
+/**
+ * Service for managing Keycloak OAuth/OIDC clients.
+ *
+ * Provides methods for CRUD operations on OAuth/OIDC clients, including client creation,
+ * configuration, secret rotation, client scope management, and protocol mapper setup.
+ * Requires `clients:read` and `clients:write` scopes depending on the operation.
+ *
+ * Part of {@link KeycloakAdminService.clients | KeycloakAdminService#clients}.
+ *
+ * @example
+ * ```typescript
+ * const clients = await keycloak.clients.list('my-realm');
+ * const client = await keycloak.clients.findByClientId('my-realm', 'my-app');
+ * await keycloak.clients.create('my-realm', {
+ *   clientId: 'my-app',
+ *   enabled: true,
+ *   redirectUris: ['http://localhost:3000/callback'],
+ * });
+ * ```
+ */
+export declare class ClientService extends BaseService {
+    /**
+     * List all clients in a realm
+     */
+    list(realm: string): Promise<ClientRepresentation[]>;
+    /**
+     * Get a client by ID (internal Keycloak ID, not clientId)
+     */
+    get(realm: string, id: string): Promise<ClientRepresentation>;
+    /**
+     * Find a client by clientId (the public client identifier)
+     */
+    findByClientId(realm: string, clientId: string): Promise<ClientRepresentation | undefined>;
+    /**
+     * Create a new client
+     */
+    create(realm: string, client: ClientRepresentation): Promise<{
+        id: string;
+    }>;
+    /**
+     * Update a client
+     */
+    update(realm: string, id: string, client: ClientRepresentation): Promise<void>;
+    /**
+     * Delete a client
+     */
+    delete(realm: string, id: string): Promise<void>;
+    /**
+     * Get client secret
+     */
+    getSecret(realm: string, id: string): Promise<{
+        type?: string;
+        value?: string;
+    }>;
+    /**
+     * Create a protocol mapper for a client
+     */
+    createProtocolMapper(realm: string, id: string, mapper: ProtocolMapperRepresentation): Promise<void>;
+    /**
+     * List protocol mappers for a client
+     */
+    listProtocolMappers(realm: string, id: string): Promise<ProtocolMapperRepresentation[]>;
+    /**
+     * Delete a protocol mapper
+     */
+    deleteProtocolMapper(realm: string, id: string, mapperId: string): Promise<void>;
+    /**
+     * Create a client role
+     */
+    createRole(realm: string, id: string, role: RoleRepresentation): Promise<void>;
+    /**
+     * List roles for a client
+     */
+    listRoles(realm: string, id: string): Promise<RoleRepresentation[]>;
+    /**
+     * Find a client role by name
+     */
+    findRole(realm: string, id: string, roleName: string): Promise<RoleRepresentation>;
+    /**
+     * Delete a client role
+     */
+    deleteRole(realm: string, id: string, roleName: string): Promise<void>;
+}
+//# sourceMappingURL=client.service.d.ts.map

package/build/admin/client/services/client.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.service.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/services/client.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACX,oBAAoB,EACpB,kBAAkB,EAClB,4BAA4B,EAC5B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,aAAc,SAAQ,WAAW;IAC7C;;OAEG;IACU,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IASjE;;OAEG;IACU,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAW1E;;OAEG;IACU,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAYvG;;OAEG;IACU,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAWzF;;OAEG;IACU,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IAW3F;;OAEG;IACU,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAS7D;;OAEG;IACU,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAW7F;;OAEG;IACU,oBAAoB,CAChC,KAAK,EAAE,MAAM,EACb,EAAE,EAAE,MAAM,EACV,MAAM,EAAE,4BAA4B,GAClC,OAAO,CAAC,IAAI,CAAC;IAWhB;;OAEG;IACU,mBAAmB,CAC/B,KAAK,EAAE,MAAM,EACb,EAAE,EAAE,MAAM,GACR,OAAO,CAAC,4BAA4B,EAAE,CAAC;IAW1C;;OAEG;IACU,oBAAoB,CAChC,KAAK,EAAE,MAAM,EACb,EAAE,EAAE,MAAM,EACV,QAAQ,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC;IAWhB;;OAEG;IACU,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAW3F;;OAEG;IACU,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAWhF;;OAEG;IACU,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAW/F;;OAEG;IACU,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAUnF"}

package/build/admin/client/services/client.service.js

@@ -0,0 +1,193 @@
+import { BaseService } from './base-service.js';
+/**
+ * Service for managing Keycloak OAuth/OIDC clients.
+ *
+ * Provides methods for CRUD operations on OAuth/OIDC clients, including client creation,
+ * configuration, secret rotation, client scope management, and protocol mapper setup.
+ * Requires `clients:read` and `clients:write` scopes depending on the operation.
+ *
+ * Part of {@link KeycloakAdminService.clients | KeycloakAdminService#clients}.
+ *
+ * @example
+ * ```typescript
+ * const clients = await keycloak.clients.list('my-realm');
+ * const client = await keycloak.clients.findByClientId('my-realm', 'my-app');
+ * await keycloak.clients.create('my-realm', {
+ *   clientId: 'my-app',
+ *   enabled: true,
+ *   redirectUris: ['http://localhost:3000/callback'],
+ * });
+ * ```
+ */
+export class ClientService extends BaseService {
+    /**
+     * List all clients in a realm
+     */
+    async list(realm) {
+        this.requireScope('clients:read');
+        try {
+            return (await this.withRetry(() => this.adminClient.clients.find({ realm })));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Get a client by ID (internal Keycloak ID, not clientId)
+     */
+    async get(realm, id) {
+        this.requireScope('clients:read');
+        try {
+            return (await this.withRetry(() => this.adminClient.clients.findOne({ realm, id })));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Find a client by clientId (the public client identifier)
+     */
+    async findByClientId(realm, clientId) {
+        this.requireScope('clients:read');
+        try {
+            const clients = (await this.withRetry(() => this.adminClient.clients.find({ realm, clientId })));
+            return clients[0];
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Create a new client
+     */
+    async create(realm, client) {
+        this.requireScope('clients:write');
+        try {
+            return await this.withRetry(() => this.adminClient.clients.create({ ...client, realm }));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Update a client
+     */
+    async update(realm, id, client) {
+        this.requireScope('clients:write');
+        try {
+            await this.withRetry(() => this.adminClient.clients.update({ realm, id }, client));
+        }
+        catch (error) {
+            this.handleError(error);
+        }
+    }
+    /**
+     * Delete a client
+     */
+    async delete(realm, id) {
+        this.requireScope('clients:write');
+        try {
+            await this.withRetry(() => this.adminClient.clients.del({ realm, id }));
+        }
+        catch (error) {
+            this.handleError(error);
+        }
+    }
+    /**
+     * Get client secret
+     */
+    async getSecret(realm, id) {
+        this.requireScope('clients:read');
+        try {
+            return await this.withRetry(() => this.adminClient.clients.getClientSecret({ realm, id }));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Create a protocol mapper for a client
+     */
+    async createProtocolMapper(realm, id, mapper) {
+        this.requireScope('clients:write');
+        try {
+            await this.withRetry(() => this.adminClient.clients.addProtocolMapper({ realm, id }, mapper));
+        }
+        catch (error) {
+            this.handleError(error);
+        }
+    }
+    /**
+     * List protocol mappers for a client
+     */
+    async listProtocolMappers(realm, id) {
+        this.requireScope('clients:read');
+        try {
+            return (await this.withRetry(() => this.adminClient.clients.listProtocolMappers({ realm, id })));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Delete a protocol mapper
+     */
+    async deleteProtocolMapper(realm, id, mapperId) {
+        this.requireScope('clients:write');
+        try {
+            await this.withRetry(() => this.adminClient.clients.delProtocolMapper({ realm, id, mapperId }));
+        }
+        catch (error) {
+            this.handleError(error);
+        }
+    }
+    /**
+     * Create a client role
+     */
+    async createRole(realm, id, role) {
+        this.requireScope('clients:write');
+        try {
+            await this.withRetry(() => this.adminClient.clients.createRole({ realm, id }, role));
+        }
+        catch (error) {
+            this.handleError(error);
+        }
+    }
+    /**
+     * List roles for a client
+     */
+    async listRoles(realm, id) {
+        this.requireScope('clients:read');
+        try {
+            return (await this.withRetry(() => this.adminClient.clients.listRoles({ realm, id })));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Find a client role by name
+     */
+    async findRole(realm, id, roleName) {
+        this.requireScope('clients:read');
+        try {
+            return (await this.withRetry(() => this.adminClient.clients.findRole({ realm, id, roleName })));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Delete a client role
+     */
+    async deleteRole(realm, id, roleName) {
+        this.requireScope('clients:write');
+        try {
+            await this.withRetry(() => this.adminClient.clients.delRole({ realm, id, roleName }));
+        }
+        catch (error) {
+            this.handleError(error);
+        }
+    }
+}
+//# sourceMappingURL=client.service.js.map

package/build/admin/client/services/client.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.service.js","sourceRoot":"","sources":["../../../../src/admin/client/services/client.service.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,OAAO,aAAc,SAAQ,WAAW;IAC7C;;OAEG;IACI,KAAK,CAAC,IAAI,CAAC,KAAa;QAC9B,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAQ,CAAC;QACtF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,GAAG,CAAC,KAAa,EAAE,EAAU;QACzC,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAC/C,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc,CAAC,KAAa,EAAE,QAAgB;QAC1D,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC;YACJ,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAC1C,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAClD,CAAQ,CAAC;YACV,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAA4B;QAC9D,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;QACnC,IAAI,CAAC;YACJ,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAChC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,CAAC,CACrD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,EAAU,EAAE,MAA4B;QAC1E,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;QACnC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,CACtD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,EAAU;QAC5C,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;QACnC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QACzE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,SAAS,CAAC,KAAa,EAAE,EAAU;QAC/C,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC;YACJ,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAChC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CACvD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,oBAAoB,CAChC,KAAa,EACb,EAAU,EACV,MAAoC;QAEpC,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;QACnC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,CACjE,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAC/B,KAAa,EACb,EAAU;QAEV,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAC3D,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,oBAAoB,CAChC,KAAa,EACb,EAAU,EACV,QAAgB;QAEhB,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;QACnC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CACnE,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU,CAAC,KAAa,EAAE,EAAU,EAAE,IAAwB;QAC1E,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;QACnC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,IAAW,CAAC,CAC/D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,SAAS,CAAC,KAAa,EAAE,EAAU;QAC/C,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CACjD,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,QAAQ,CAAC,KAAa,EAAE,EAAU,EAAE,QAAgB;QAChE,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAC1D,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU,CAAC,KAAa,EAAE,EAAU,EAAE,QAAgB;QAClE,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;QACnC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CACzD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;CACD"}

package/build/admin/client/services/event.service.d.ts

@@ -0,0 +1,84 @@
+import type { AdminEventQuery, AccessEventQuery, KeycloakAdminEvent, KeycloakAccessEvent } from '../types/event.types.js';
+import { BaseService } from './base-service.js';
+/**
+ * Event Service
+ *
+ * Wraps Keycloak's event query endpoints for polling admin and access events.
+ * Intended for audit logging, monitoring, and event-driven integrations.
+ *
+ * Results are returned newest-first by default. Pagination is supported via `first` and `max` parameters.
+ *
+ * @example
+ * ```typescript
+ * // Audit user deletions
+ * const events = await keycloakAdmin.events.getAdminEvents('master', {
+ *   operationTypes: ['DELETE'],
+ *   resourceTypes: ['USER'],
+ *   max: 100
+ * });
+ *
+ * // Monitor failed logins
+ * const accessEvents = await keycloakAdmin.events.getAccessEvents('master', {
+ *   type: ['LOGIN_ERROR'],
+ *   max: 50
+ * });
+ * ```
+ */
+export declare class EventService extends BaseService {
+    /**
+     * Get admin events for a realm
+     *
+     * Queries administrative events (user creation, role assignment, client updates, etc.).
+     * Results are newest-first. Use pagination via `first` and `max` to limit results.
+     *
+     * Note: Keycloak caps `max` at 100; larger values are silently truncated.
+     *
+     * @param realm - The realm name to query events for
+     * @param query - Optional filters and pagination parameters
+     * @returns Array of admin events (may be empty if no matches)
+     *
+     * @example
+     * ```typescript
+     * const events = await this.events.getAdminEvents('master', {
+     *   operationTypes: ['CREATE', 'UPDATE'],
+     *   resourceTypes: ['USER', 'CLIENT'],
+     *   dateFrom: new Date('2024-01-01'),
+     *   dateTo: new Date(),
+     *   max: 50
+     * });
+     * ```
+     */
+    getAdminEvents(realm: string, query?: AdminEventQuery): Promise<KeycloakAdminEvent[]>;
+    /**
+     * Get access events for a realm
+     *
+     * Queries authentication and authorization events (logins, logouts, permission checks, etc.).
+     * Results are newest-first. Use pagination via `first` and `max` to limit results.
+     *
+     * Note: Keycloak caps `max` at 100; larger values are silently truncated.
+     *
+     * @param realm - The realm name to query events for
+     * @param query - Optional filters and pagination parameters
+     * @returns Array of access events (may be empty if no matches)
+     *
+     * @example
+     * ```typescript
+     * const events = await this.events.getAccessEvents('master', {
+     *   type: ['LOGIN', 'LOGIN_ERROR'],
+     *   client: 'my-client',
+     *   dateFrom: new Date('2024-01-01'),
+     *   max: 50
+     * });
+     * ```
+     */
+    getAccessEvents(realm: string, query?: AccessEventQuery): Promise<KeycloakAccessEvent[]>;
+    /**
+     * Build query parameters for admin events
+     */
+    private buildAdminEventQuery;
+    /**
+     * Build query parameters for access events
+     */
+    private buildAccessEventQuery;
+}
+//# sourceMappingURL=event.service.d.ts.map

package/build/admin/client/services/event.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"event.service.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/services/event.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACX,eAAe,EACf,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,YAAa,SAAQ,WAAW;IAC5C;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACU,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAalG;;;;;;;;;;;;;;;;;;;;;OAqBG;IACU,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAarG;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAwC5B;;OAEG;IACH,OAAO,CAAC,qBAAqB;CAuC7B"}

package/build/admin/client/services/event.service.js

@@ -0,0 +1,155 @@
+import { BaseService } from './base-service.js';
+/**
+ * Event Service
+ *
+ * Wraps Keycloak's event query endpoints for polling admin and access events.
+ * Intended for audit logging, monitoring, and event-driven integrations.
+ *
+ * Results are returned newest-first by default. Pagination is supported via `first` and `max` parameters.
+ *
+ * @example
+ * ```typescript
+ * // Audit user deletions
+ * const events = await keycloakAdmin.events.getAdminEvents('master', {
+ *   operationTypes: ['DELETE'],
+ *   resourceTypes: ['USER'],
+ *   max: 100
+ * });
+ *
+ * // Monitor failed logins
+ * const accessEvents = await keycloakAdmin.events.getAccessEvents('master', {
+ *   type: ['LOGIN_ERROR'],
+ *   max: 50
+ * });
+ * ```
+ */
+export class EventService extends BaseService {
+    /**
+     * Get admin events for a realm
+     *
+     * Queries administrative events (user creation, role assignment, client updates, etc.).
+     * Results are newest-first. Use pagination via `first` and `max` to limit results.
+     *
+     * Note: Keycloak caps `max` at 100; larger values are silently truncated.
+     *
+     * @param realm - The realm name to query events for
+     * @param query - Optional filters and pagination parameters
+     * @returns Array of admin events (may be empty if no matches)
+     *
+     * @example
+     * ```typescript
+     * const events = await this.events.getAdminEvents('master', {
+     *   operationTypes: ['CREATE', 'UPDATE'],
+     *   resourceTypes: ['USER', 'CLIENT'],
+     *   dateFrom: new Date('2024-01-01'),
+     *   dateTo: new Date(),
+     *   max: 50
+     * });
+     * ```
+     */
+    async getAdminEvents(realm, query) {
+        this.requireScope('events:read');
+        try {
+            const params = this.buildAdminEventQuery(query);
+            return (await this.withRetry(() => this.adminClient.realms.findAdminEvents({ realm, ...params })));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Get access events for a realm
+     *
+     * Queries authentication and authorization events (logins, logouts, permission checks, etc.).
+     * Results are newest-first. Use pagination via `first` and `max` to limit results.
+     *
+     * Note: Keycloak caps `max` at 100; larger values are silently truncated.
+     *
+     * @param realm - The realm name to query events for
+     * @param query - Optional filters and pagination parameters
+     * @returns Array of access events (may be empty if no matches)
+     *
+     * @example
+     * ```typescript
+     * const events = await this.events.getAccessEvents('master', {
+     *   type: ['LOGIN', 'LOGIN_ERROR'],
+     *   client: 'my-client',
+     *   dateFrom: new Date('2024-01-01'),
+     *   max: 50
+     * });
+     * ```
+     */
+    async getAccessEvents(realm, query) {
+        this.requireScope('events:read');
+        try {
+            const params = this.buildAccessEventQuery(query);
+            return (await this.withRetry(() => this.adminClient.realms.findEvents({ realm, ...params })));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Build query parameters for admin events
+     */
+    buildAdminEventQuery(query) {
+        const params = {};
+        if (!query) {
+            return params;
+        }
+        if (query.operationTypes && query.operationTypes.length > 0) {
+            params.operationTypes = query.operationTypes;
+        }
+        if (query.resourceTypes && query.resourceTypes.length > 0) {
+            params.resourceTypes = query.resourceTypes;
+        }
+        if (query.resourcePath) {
+            params.resourcePath = query.resourcePath;
+        }
+        if (query.dateFrom) {
+            params.dateFrom = query.dateFrom.toISOString();
+        }
+        if (query.dateTo) {
+            params.dateTo = query.dateTo.toISOString();
+        }
+        if (query.first !== undefined) {
+            params.first = query.first;
+        }
+        if (query.max !== undefined) {
+            params.max = query.max;
+        }
+        return params;
+    }
+    /**
+     * Build query parameters for access events
+     */
+    buildAccessEventQuery(query) {
+        const params = {};
+        if (!query) {
+            return params;
+        }
+        if (query.type && query.type.length > 0) {
+            params.type = query.type;
+        }
+        if (query.client) {
+            params.client = query.client;
+        }
+        if (query.user) {
+            params.user = query.user;
+        }
+        if (query.dateFrom) {
+            params.dateFrom = query.dateFrom.toISOString();
+        }
+        if (query.dateTo) {
+            params.dateTo = query.dateTo.toISOString();
+        }
+        if (query.first !== undefined) {
+            params.first = query.first;
+        }
+        if (query.max !== undefined) {
+            params.max = query.max;
+        }
+        return params;
+    }
+}
+//# sourceMappingURL=event.service.js.map

package/build/admin/client/services/event.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"event.service.js","sourceRoot":"","sources":["../../../../src/admin/client/services/event.service.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,OAAO,YAAa,SAAQ,WAAW;IAC5C;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACI,KAAK,CAAC,cAAc,CAAC,KAAa,EAAE,KAAuB;QACjE,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YAEhD,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,KAAK,EAAE,GAAG,MAAM,EAAE,CAAC,CAC7D,CAAyB,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;OAqBG;IACI,KAAK,CAAC,eAAe,CAAC,KAAa,EAAE,KAAwB;QACnE,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YAEjD,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,GAAG,MAAM,EAAE,CAAC,CACxD,CAA0B,CAAC;QAC7B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACK,oBAAoB,CAC3B,KAAuB;QAEvB,MAAM,MAAM,GAA2D,EAAE,CAAC;QAE1E,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,OAAO,MAAM,CAAC;QACf,CAAC;QAED,IAAI,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7D,MAAM,CAAC,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC;QAC9C,CAAC;QAED,IAAI,KAAK,CAAC,aAAa,IAAI,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3D,MAAM,CAAC,aAAa,GAAG,KAAK,CAAC,aAAa,CAAC;QAC5C,CAAC;QAED,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YACxB,MAAM,CAAC,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC;QAC1C,CAAC;QAED,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACpB,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAChD,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QAC5C,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC/B,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;QAC5B,CAAC;QAED,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,CAAC,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;QACxB,CAAC;QAED,OAAO,MAAM,CAAC;IACf,CAAC;IAED;;OAEG;IACK,qBAAqB,CAC5B,KAAwB;QAExB,MAAM,MAAM,GAA2D,EAAE,CAAC;QAE1E,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,OAAO,MAAM,CAAC;QACf,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QAC1B,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QAC9B,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QAC1B,CAAC;QAED,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACpB,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAChD,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QAC5C,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC/B,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;QAC5B,CAAC;QAED,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,CAAC,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;QACxB,CAAC;QAED,OAAO,MAAM,CAAC;IACf,CAAC;CACD"}