@point3/logto-module 1.1.2 → 1.1.3

package/dist/stateless/guard.js

@@ -0,0 +1,69 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LogtoTokenGuard = exports.LogtoTokenGuardToken = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const jose_1 = require("jose");
+const point3_common_tool_1 = require("point3-common-tool");
+const token_1 = require("../token");
+exports.LogtoTokenGuardToken = Symbol('LogtoTokenGuard');
+let LogtoTokenGuard = class LogtoTokenGuard {
+    constructor(tokenVerifier) {
+        this.tokenVerifier = tokenVerifier;
+        this.reflector = new core_1.Reflector();
+    }
+    async canActivate(context) {
+        const requiredScopes = this.reflector.get('requiredScopes', context.getHandler());
+        const requiredRoles = this.reflector.get('requiredRoles', context.getHandler());
+        const request = context.switchToHttp().getRequest();
+        try {
+            const bearerToken = this.extractBearerTokenFrom(request.headers);
+            const result = await this.tokenVerifier.verifyToken(bearerToken, requiredScopes, requiredRoles);
+            request.user = {
+                userId: result.sub,
+                managerId: point3_common_tool_1.p3Values.Guid.parse(result.managerId),
+                clientId: result.clientId ? point3_common_tool_1.p3Values.Guid.parse(result.clientId) : undefined,
+            };
+            return true;
+        }
+        catch (error) {
+            if (error instanceof common_1.UnauthorizedException)
+                throw error;
+            if (error instanceof jose_1.errors.JOSEError)
+                throw new common_1.UnauthorizedException(error);
+            if (error instanceof Error)
+                throw new common_1.InternalServerErrorException("요청을 처리하지 못하였습니다.", `${common_1.HttpStatus.INTERNAL_SERVER_ERROR}`);
+            throw new common_1.UnauthorizedException("접근이 허용되지 않습니다.");
+        }
+    }
+    extractBearerTokenFrom(headers) {
+        const bearerTokenIdentifier = 'Bearer';
+        if (!headers.authorization) {
+            throw new common_1.UnauthorizedException('Authorization header is missing');
+        }
+        if (!headers.authorization.startsWith(bearerTokenIdentifier)) {
+            throw new common_1.UnauthorizedException('Authorization token type not supported');
+        }
+        return headers.authorization.slice(bearerTokenIdentifier.length + 1);
+    }
+    ;
+};
+exports.LogtoTokenGuard = LogtoTokenGuard;
+exports.LogtoTokenGuard = LogtoTokenGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)(token_1.LogtoTokenVerifierToken)),
+    __metadata("design:paramtypes", [token_1.LogtoTokenVerifier])
+], LogtoTokenGuard);
+//# sourceMappingURL=guard.js.map

package/dist/stateless/guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard.js","sourceRoot":"","sources":["../../stateless/guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAQwB;AACxB,uCAAyC;AAGzC,+BAA8B;AAE9B,2DAA8C;AAC9C,oCAAuE;AAE1D,QAAA,oBAAoB,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAGvD,IAAM,eAAe,GAArB,MAAM,eAAe;IAE1B,YAKE,aAAyC;QAAjC,kBAAa,GAAb,aAAa,CAAoB;QANnC,cAAS,GAAc,IAAI,gBAAS,EAAE,CAAC;IAO3C,CAAC;IAEL,KAAK,CAAC,WAAW,CAAC,OAAyB;QAEzC,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAW,gBAAgB,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5F,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAW,eAAe,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QAE1F,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QAGpD,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACjE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,WAAW,EAAE,cAAc,EAAE,aAAa,CAAC,CAAC;YAGhG,OAAO,CAAC,IAAI,GAAG;gBACb,MAAM,EAAE,MAAM,CAAC,GAAG;gBAClB,SAAS,EAAE,6BAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC;gBAChD,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,6BAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;aAC7E,CAAA;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,8BAAqB;gBAAE,MAAM,KAAK,CAAC;YACxD,IAAI,KAAK,YAAY,aAAM,CAAC,SAAS;gBAAE,MAAM,IAAI,8BAAqB,CAAC,KAAK,CAAC,CAAC;YAC9E,IAAI,KAAK,YAAY,KAAK;gBAAE,MAAM,IAAI,qCAA4B,CAAC,kBAAkB,EAAE,GAAG,mBAAU,CAAC,qBAAqB,EAAE,CAAC,CAAC;YAE9H,MAAM,IAAI,8BAAqB,CAAC,gBAAgB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAQO,sBAAsB,CAAC,OAA4B;QACzD,MAAM,qBAAqB,GAAG,QAAQ,CAAC;QAEvC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC3B,MAAM,IAAI,8BAAqB,CAAC,iCAAiC,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;YAC7D,MAAM,IAAI,8BAAqB,CAAC,wCAAwC,CAAC,CAAC;QAC5E,CAAC;QAED,OAAO,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,qBAAqB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACvE,CAAC;IAAA,CAAC;CACH,CAAA;AAzDY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAOR,WAAA,IAAA,eAAM,EAAC,+BAAuB,CAAC,CAAA;qCACT,0BAAkB;GAPhC,eAAe,CAyD3B"}

package/dist/stateless/guard.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/stateless/guard.spec.js

@@ -0,0 +1,210 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const testing_1 = require("@nestjs/testing");
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const guard_1 = require("./guard");
+const token_1 = require("../token");
+const point3_common_tool_1 = require("point3-common-tool");
+const client_1 = require("client");
+describe('LogtoTokenGuard 테스트', () => {
+    let guard;
+    let tokenUtil;
+    let reflector;
+    let logger;
+    const testToken = 'eyJhbGciOiJFUzM4NCIsInR5cCI6ImF0K2p3dCIsImtpZCI6ImxKUjU3SkFqVmV1dHk4eWljVzUtdFFySDM2WFl6NUlzWFhXSDVzeXV0dEEifQ.eyJ1c2VyUm9sZXMiOlsicDMtQ0lTTy0wIl0sIm1hbmFnZXJJZCI6Im1hbmFnZXItMDE5NjQ0NWMtOGVjNy03MDc4LWExNDItNGU3ZGI5YTRhYWVhIiwiY2xpZW50SWQiOiJwb2ludDMtMDE5NjNjODUtNDQ2ZS03NGM5LWFmNzktNDhlMjU0NjVjMzI3IiwianRpIjoiV0RYTmxoTWkwT0tHQ1pTRzFKZnBrIiwic3ViIjoieXVsaXVmdHNvMWQwIiwiaWF0IjoxNzQ5MDI0NzIzLCJleHAiOjE3NDkwMjgzMjMsInNjb3BlIjoiIiwiY2xpZW50X2lkIjoiNXFydmk5eW0wajJ0YTJ6YXBnbHU0IiwiaXNzIjoiaHR0cHM6Ly9sb2d0by5wb2ludDMuaW8vb2lkYyIsImF1ZCI6Imh0dHBzOi8vZGVmYXVsdC5sb2d0by5hcHAvYXBpIn0.nZdzvdxQ74m2oFEklVTfQlcqYBkRrRxtHQEgz1L6DjST9_9Wa7H7J1gKJVEjm8NnjFCQXljYM_hTVx1ABTmUgDrEKVjtHFVKUyPoSzxQitXexwmBZY5l8WdyqJDqAy8d';
+    const mockPayload = {
+        userRoles: ['p3-CISO-0'],
+        managerId: 'manager-0196445c-8ec7-7078-a142-4e7db9a4aaea',
+        clientId: 'point3-019663c85-446e-74c9-af79-48e25465c327',
+        jti: 'WDXNlhMi0OKGCZSG1Jfpk',
+        sub: 'yuliuftso1d0',
+        iat: 1749024723,
+        exp: 1749028323,
+        scope: '',
+        client_id: '5qrvi9ym0j2ta2zapglu4',
+        iss: 'https://logto.point3.io/oidc',
+        aud: 'https://default.logto.app/api'
+    };
+    beforeEach(async () => {
+        const mockTokenUtil = {
+            verifyToken: jest.fn(),
+        };
+        const mockReflector = {
+            get: jest.fn(),
+        };
+        const mockLogger = {
+            warn: jest.fn(),
+            error: jest.fn(),
+            log: jest.fn(),
+        };
+        const module = await testing_1.Test.createTestingModule({
+            providers: [
+                guard_1.LogtoTokenGuard,
+                {
+                    provide: token_1.LogtoTokenVerifierToken,
+                    useValue: mockTokenUtil,
+                },
+                {
+                    provide: core_1.Reflector,
+                    useValue: mockReflector,
+                },
+                {
+                    provide: client_1.LogtoLoggerServiceToken,
+                    useValue: mockLogger,
+                },
+            ],
+        }).compile();
+        guard = module.get(guard_1.LogtoTokenGuard);
+        tokenUtil = module.get(token_1.LogtoTokenVerifierToken);
+        reflector = module.get(core_1.Reflector);
+        logger = module.get(client_1.LogtoLoggerServiceToken);
+        jest.clearAllMocks();
+    });
+    const createMockExecutionContext = (headers = {}, route = { path: '/test' }) => {
+        const mockRequest = {
+            headers,
+            route,
+            user: undefined
+        };
+        return {
+            switchToHttp: () => ({
+                getRequest: () => mockRequest,
+                getResponse: jest.fn(),
+                getNext: jest.fn(),
+            }),
+            getHandler: jest.fn(),
+            getClass: jest.fn(),
+            getArgs: jest.fn(),
+            getArgByIndex: jest.fn(),
+            switchToRpc: jest.fn(),
+            switchToWs: jest.fn(),
+            getType: jest.fn(),
+        };
+    };
+    describe('🔐 성공적인 인증 테스트', () => {
+        it('유효한 토큰이 제공되었을 때 인증하고 사용자 데이터를 설정해야 함', async () => {
+            const context = createMockExecutionContext({
+                authorization: `Bearer ${testToken}`,
+            });
+            reflector.get
+                .mockReturnValueOnce(undefined)
+                .mockReturnValueOnce(['p3-CISO-0']);
+            tokenUtil.verifyToken.mockResolvedValueOnce(mockPayload);
+            const result = await guard.canActivate(context);
+            const request = context.switchToHttp().getRequest();
+            expect(result).toBe(true);
+            expect(tokenUtil.verifyToken).toHaveBeenCalledWith(testToken, undefined, ['p3-CISO-0']);
+            expect(request.user).toEqual({
+                userId: 'yuliuftso1d0',
+                managerId: expect.objectContaining({
+                    toString: expect.any(Function)
+                }),
+                clientId: expect.objectContaining({
+                    toString: expect.any(Function)
+                }),
+            });
+            expect(request.user.managerId.toString()).toContain('manager');
+            expect(request.user.managerId.toString()).toContain('0196445c-8ec7-7078-a142-4e7db9a4aaea');
+            expect(request.user.clientId.toString()).toContain('point3');
+            expect(request.user.clientId.toString()).toContain('019663c85-446e-74c9-af79-48e25465c327');
+        });
+        it('필수 스코프나 역할이 없을 때도 동작해야 함', async () => {
+            const context = createMockExecutionContext({
+                authorization: `Bearer ${testToken}`,
+            });
+            reflector.get
+                .mockReturnValueOnce(undefined)
+                .mockReturnValueOnce(undefined);
+            tokenUtil.verifyToken.mockResolvedValueOnce(mockPayload);
+            const result = await guard.canActivate(context);
+            expect(result).toBe(true);
+            expect(tokenUtil.verifyToken).toHaveBeenCalledWith(testToken, undefined, undefined);
+        });
+    });
+    describe('🚫 토큰 추출 실패 테스트', () => {
+        it('Authorization 헤더가 없을 때 UnauthorizedException을 던져야 함', async () => {
+            const context = createMockExecutionContext({});
+            reflector.get
+                .mockReturnValueOnce(undefined)
+                .mockReturnValueOnce(['p3-CISO-0']);
+            await expect(guard.canActivate(context)).rejects.toThrow(common_1.UnauthorizedException);
+            await expect(guard.canActivate(context)).rejects.toThrow('Authorization header is missing');
+        });
+        it('Authorization 헤더가 Bearer가 아닐 때 UnauthorizedException을 던져야 함', async () => {
+            const context = createMockExecutionContext({
+                authorization: 'Basic sometoken',
+            });
+            reflector.get
+                .mockReturnValueOnce(undefined)
+                .mockReturnValueOnce(['p3-CISO-0']);
+            await expect(guard.canActivate(context)).rejects.toThrow(common_1.UnauthorizedException);
+            await expect(guard.canActivate(context)).rejects.toThrow('Authorization token type not supported');
+        });
+        it('Bearer 헤더에서 토큰을 올바르게 추출해야 함', async () => {
+            const context = createMockExecutionContext({
+                authorization: `Bearer ${testToken}`,
+            });
+            reflector.get
+                .mockReturnValueOnce(undefined)
+                .mockReturnValueOnce(['p3-CISO-0']);
+            tokenUtil.verifyToken.mockResolvedValueOnce(mockPayload);
+            await guard.canActivate(context);
+            expect(tokenUtil.verifyToken).toHaveBeenCalledWith(testToken, undefined, ['p3-CISO-0']);
+        });
+    });
+    describe('❌ 토큰 검증 실패 테스트', () => {
+        it('토큰 검증에서 UnauthorizedException이 발생하면 다시 던져야 함', async () => {
+            const context = createMockExecutionContext({
+                authorization: `Bearer ${testToken}`,
+            });
+            reflector.get
+                .mockReturnValueOnce(undefined)
+                .mockReturnValueOnce(['p3-CISO-0']);
+            const authError = new common_1.UnauthorizedException('Invalid token');
+            tokenUtil.verifyToken.mockRejectedValueOnce(authError);
+            await expect(guard.canActivate(context)).rejects.toThrow(common_1.UnauthorizedException);
+        });
+        it('다른 에러가 발생하면 일반적인 에러 메시지를 던져야 함', async () => {
+            const context = createMockExecutionContext({
+                authorization: `Bearer ${testToken}`,
+            });
+            reflector.get
+                .mockReturnValueOnce(undefined)
+                .mockReturnValueOnce(['p3-CISO-0']);
+            tokenUtil.verifyToken.mockRejectedValueOnce(new Error('Some other error'));
+            await expect(guard.canActivate(context)).rejects.toThrow('요청을 처리하지 못하였습니다.');
+        });
+    });
+    describe('🔍 실제 JWT 토큰 분석', () => {
+        it('제공된 JWT 토큰의 페이로드를 올바르게 디코딩해야 함', () => {
+            const [header, payload, signature] = testToken.split('.');
+            const decodedPayload = JSON.parse(Buffer.from(payload, 'base64url').toString());
+            console.log('🔍 디코딩된 토큰 페이로드:');
+            console.log(JSON.stringify(decodedPayload, null, 2));
+            expect(decodedPayload.userRoles).toEqual(['p3-CISO-0']);
+            expect(decodedPayload.managerId).toBe('manager-0196445c-8ec7-7078-a142-4e7db9a4aaea');
+            expect(decodedPayload.clientId).toBe('point3-01963c85-446e-74c9-af79-48e25465c327');
+            expect(decodedPayload.sub).toBe('yuliuftso1d0');
+            expect(decodedPayload.iss).toBe('https://logto.point3.io/oidc');
+            const expirationDate = new Date(decodedPayload.exp * 1000);
+            const issuedDate = new Date(decodedPayload.iat * 1000);
+            console.log(`📅 토큰 발급 시간: ${issuedDate.toISOString()}`);
+            console.log(`⏰ 토큰 만료 시간: ${expirationDate.toISOString()}`);
+            console.log(`🏢 발급자: ${decodedPayload.iss}`);
+            console.log(`👤 사용자 역할: ${decodedPayload.userRoles.join(', ')}`);
+        });
+        it('토큰에서 추출된 GUID 값들이 올바른 형식인지 확인해야 함', () => {
+            const [header, payload, signature] = testToken.split('.');
+            const decodedPayload = JSON.parse(Buffer.from(payload, 'base64url').toString());
+            const managerId = point3_common_tool_1.p3Values.Guid.parse(decodedPayload.managerId);
+            expect(managerId.Prefix == 'manager');
+            const clientId = point3_common_tool_1.p3Values.Guid.parse(decodedPayload.clientId);
+            expect(clientId.Prefix == 'point3');
+            console.log('✅ GUID 형식 검증 완료:');
+            console.log(`   Manager ID: ${managerId.toString()}`);
+            console.log(`   Client ID: ${clientId.toString()}`);
+        });
+    });
+});
+//# sourceMappingURL=guard.spec.js.map

package/dist/stateless/guard.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard.spec.js","sourceRoot":"","sources":["../../stateless/guard.spec.ts"],"names":[],"mappings":";;AAAA,6CAAsD;AACtD,2CAAwF;AACxF,uCAAyC;AAEzC,mCAA0C;AAC1C,oCAGkB;AAElB,2DAA8C;AAC9C,mCAAiD;AAEjD,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,IAAI,KAAsB,CAAC;IAC3B,IAAI,SAA0C,CAAC;IAC/C,IAAI,SAAiC,CAAC;IACtC,IAAI,MAAkC,CAAC;IAGvC,MAAM,SAAS,GAAG,qsBAAqsB,CAAC;IAGxtB,MAAM,WAAW,GAAuB;QACtC,SAAS,EAAE,CAAC,WAAW,CAAC;QACxB,SAAS,EAAE,8CAA8C;QACzD,QAAQ,EAAE,8CAA8C;QACxD,GAAG,EAAE,uBAAuB;QAC5B,GAAG,EAAE,cAAc;QACnB,GAAG,EAAE,UAAU;QACf,GAAG,EAAE,UAAU;QACf,KAAK,EAAE,EAAE;QACT,SAAS,EAAE,uBAAuB;QAClC,GAAG,EAAE,8BAA8B;QACnC,GAAG,EAAE,+BAA+B;KACrC,CAAC;IAEF,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,MAAM,aAAa,GAAG;YACpB,WAAW,EAAE,IAAI,CAAC,EAAE,EAAE;SACvB,CAAC;QAEF,MAAM,aAAa,GAAG;YACpB,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE;SACf,CAAC;QAEF,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE;YACf,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;YAChB,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE;SACf,CAAC;QAEF,MAAM,MAAM,GAAkB,MAAM,cAAI,CAAC,mBAAmB,CAAC;YAC3D,SAAS,EAAE;gBACT,uBAAe;gBACf;oBACE,OAAO,EAAE,+BAAuB;oBAChC,QAAQ,EAAE,aAAa;iBACxB;gBACD;oBACE,OAAO,EAAE,gBAAS;oBAClB,QAAQ,EAAE,aAAa;iBACxB;gBACD;oBACE,OAAO,EAAE,gCAAuB;oBAChC,QAAQ,EAAE,UAAU;iBACrB;aACF;SACF,CAAC,CAAC,OAAO,EAAE,CAAC;QAEb,KAAK,GAAG,MAAM,CAAC,GAAG,CAAkB,uBAAe,CAAC,CAAC;QACrD,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,+BAAuB,CAAC,CAAC;QAChD,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAS,CAAC,CAAC;QAClC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,gCAAuB,CAAC,CAAC;QAG7C,IAAI,CAAC,aAAa,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,MAAM,0BAA0B,GAAG,CAAC,UAAe,EAAE,EAAE,QAAa,EAAE,IAAI,EAAE,OAAO,EAAE,EAAoB,EAAE;QACzG,MAAM,WAAW,GAAG;YAClB,OAAO;YACP,KAAK;YACL,IAAI,EAAE,SAAS;SAChB,CAAC;QAEF,OAAO;YACL,YAAY,EAAE,GAAG,EAAE,CAAC,CAAC;gBACnB,UAAU,EAAE,GAAG,EAAE,CAAC,WAAW;gBAC7B,WAAW,EAAE,IAAI,CAAC,EAAE,EAAE;gBACtB,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE;aACnB,CAAC;YACF,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE;YACrB,QAAQ,EAAE,IAAI,CAAC,EAAE,EAAE;YACnB,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE;YAClB,aAAa,EAAE,IAAI,CAAC,EAAE,EAAE;YACxB,WAAW,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE;YACrB,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE;SACC,CAAC;IACxB,CAAC,CAAC;IAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YAEpD,MAAM,OAAO,GAAG,0BAA0B,CAAC;gBACzC,aAAa,EAAE,UAAU,SAAS,EAAE;aACrC,CAAC,CAAC;YAGH,SAAS,CAAC,GAAG;iBACV,mBAAmB,CAAC,SAAS,CAAC;iBAC9B,mBAAmB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;YAGtC,SAAS,CAAC,WAAW,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;YAGzD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAChD,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;YAGpD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1B,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,oBAAoB,CAChD,SAAS,EACT,SAAS,EACT,CAAC,WAAW,CAAC,CACd,CAAC;YAGF,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC;gBAC3B,MAAM,EAAE,cAAc;gBACtB,SAAS,EAAE,MAAM,CAAC,gBAAgB,CAAC;oBACjC,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;iBAC/B,CAAC;gBACF,QAAQ,EAAE,MAAM,CAAC,gBAAgB,CAAC;oBAChC,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;iBAC/B,CAAC;aACH,CAAC,CAAC;YAGH,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC/D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,sCAAsC,CAAC,CAAC;YAC5F,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YAC7D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC;QAC9F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;YAExC,MAAM,OAAO,GAAG,0BAA0B,CAAC;gBACzC,aAAa,EAAE,UAAU,SAAS,EAAE;aACrC,CAAC,CAAC;YAGH,SAAS,CAAC,GAAG;iBACV,mBAAmB,CAAC,SAAS,CAAC;iBAC9B,mBAAmB,CAAC,SAAS,CAAC,CAAC;YAGlC,SAAS,CAAC,WAAW,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;YAGzD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAGhD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1B,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,oBAAoB,CAChD,SAAS,EACT,SAAS,EACT,SAAS,CACV,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;YAEnE,MAAM,OAAO,GAAG,0BAA0B,CAAC,EAAE,CAAC,CAAC;YAE/C,SAAS,CAAC,GAAG;iBACV,mBAAmB,CAAC,SAAS,CAAC;iBAC9B,mBAAmB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;YAGtC,MAAM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,8BAAqB,CAAC,CAAC;YAChF,MAAM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC;QAC9F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6DAA6D,EAAE,KAAK,IAAI,EAAE;YAE3E,MAAM,OAAO,GAAG,0BAA0B,CAAC;gBACzC,aAAa,EAAE,iBAAiB;aACjC,CAAC,CAAC;YAEH,SAAS,CAAC,GAAG;iBACV,mBAAmB,CAAC,SAAS,CAAC;iBAC9B,mBAAmB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;YAGtC,MAAM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,8BAAqB,CAAC,CAAC;YAChF,MAAM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,wCAAwC,CAAC,CAAC;QACrG,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YAE3C,MAAM,OAAO,GAAG,0BAA0B,CAAC;gBACzC,aAAa,EAAE,UAAU,SAAS,EAAE;aACrC,CAAC,CAAC;YAEH,SAAS,CAAC,GAAG;iBACV,mBAAmB,CAAC,SAAS,CAAC;iBAC9B,mBAAmB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;YACtC,SAAS,CAAC,WAAW,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;YAGzD,MAAM,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAGjC,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,oBAAoB,CAChD,SAAS,EACT,SAAS,EACT,CAAC,WAAW,CAAC,CACd,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;YAE5D,MAAM,OAAO,GAAG,0BAA0B,CAAC;gBACzC,aAAa,EAAE,UAAU,SAAS,EAAE;aACrC,CAAC,CAAC;YAEH,SAAS,CAAC,GAAG;iBACV,mBAAmB,CAAC,SAAS,CAAC;iBAC9B,mBAAmB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;YAEtC,MAAM,SAAS,GAAG,IAAI,8BAAqB,CAAC,eAAe,CAAC,CAAC;YAC7D,SAAS,CAAC,WAAW,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC;YAGvD,MAAM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,8BAAqB,CAAC,CAAC;QAClF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;YAE9C,MAAM,OAAO,GAAG,0BAA0B,CAAC;gBACzC,aAAa,EAAE,UAAU,SAAS,EAAE;aACrC,CAAC,CAAC;YAEH,SAAS,CAAC,GAAG;iBACV,mBAAmB,CAAC,SAAS,CAAC;iBAC9B,mBAAmB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;YAEtC,SAAS,CAAC,WAAW,CAAC,qBAAqB,CAAC,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAG3E,MAAM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YAExC,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC1D,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEhF,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAGrD,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;YACxD,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YACtF,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;YACpF,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAChD,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YAGhE,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YAC3D,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YAEvD,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,eAAe,cAAc,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,WAAW,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,cAAc,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC1D,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YAGhF,MAAM,SAAS,GAAG,6BAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;YAChE,MAAM,CAAC,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,CAAC;YAGtC,MAAM,QAAQ,GAAG,6BAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,CAAC;YAEpC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,kBAAkB,SAAS,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,iBAAiB,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/stateless/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./guard";
+export * from "./decorator";

package/dist/stateless/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./guard"), exports);
+__exportStar(require("./decorator"), exports);
+//# sourceMappingURL=index.js.map

package/dist/stateless/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../stateless/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwB;AACxB,8CAA4B"}

package/dist/token/access-token.d.ts

@@ -0,0 +1,31 @@
+export declare class AccessToken {
+    static THRESHOLD_TIME: number;
+    accountId: string;
+    token: string;
+    expiresAt: Date;
+    constructor(accountId: string, token: string, expireInSeconds: number);
+    isExpired(): boolean;
+    toString(): string;
+}
+export type AccessTokenPayload = {
+    jti: string;
+    sub: string;
+    iat: number;
+    exp: number;
+    scope: string;
+    client_id: string;
+    iss: string;
+    aud: string;
+    userRoles: string[];
+    clientId: string;
+    managerId: string;
+    userScopes?: string[];
+};
+export type IdTokenPayload = {
+    sub: string;
+    email: string;
+    email_verified: boolean;
+    name: string;
+    phone_number: string;
+    username: string;
+};

package/dist/token/access-token.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessToken = void 0;
+class AccessToken {
+    constructor(accountId, token, expireInSeconds) {
+        this.accountId = accountId;
+        this.token = token;
+        this.expiresAt = new Date(Date.now() + expireInSeconds * 1000 - AccessToken.THRESHOLD_TIME);
+    }
+    isExpired() {
+        return this.expiresAt < new Date();
+    }
+    toString() {
+        return `AccessToken{accountId: ${this.accountId}, expiresAt: ${this.expiresAt}}`;
+    }
+}
+exports.AccessToken = AccessToken;
+AccessToken.THRESHOLD_TIME = 1000 * 60 * 10;
+//# sourceMappingURL=access-token.js.map

package/dist/token/access-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-token.js","sourceRoot":"","sources":["../../token/access-token.ts"],"names":[],"mappings":";;;AACA,MAAa,WAAW;IAOpB,YAAY,SAAiB,EAAE,KAAa,EAAE,eAAuB;QACjE,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,CACrB,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,GAAG,IAAI,GAAG,WAAW,CAAC,cAAc,CACnE,CAAC;IACN,CAAC;IAEM,SAAS;QACZ,OAAO,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IACvC,CAAC;IAEM,QAAQ;QACX,OAAO,0BAA0B,IAAI,CAAC,SAAS,gBAAgB,IAAI,CAAC,SAAS,GAAG,CAAC;IACrF,CAAC;;AArBL,kCAsBC;AArBU,0BAAc,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC"}

package/dist/token/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./access-token";
+export * from "./verifier";

package/dist/token/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./access-token"), exports);
+__exportStar(require("./verifier"), exports);
+//# sourceMappingURL=index.js.map

package/dist/token/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../token/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iDAA+B;AAC/B,6CAA2B"}

package/dist/token/verifier.d.ts

@@ -0,0 +1,13 @@
+import { LogtoVerifierConfig } from "../client/config";
+import * as token from "./access-token";
+export declare const LogtoTokenVerifierToken: unique symbol;
+export declare class LogtoTokenVerifier {
+    private readonly config;
+    constructor(config: LogtoVerifierConfig);
+    verifyToken(token: string): Promise<token.AccessTokenPayload>;
+    verifyToken(token: string, requiredScopes: string[], requiredRoles: string[]): Promise<token.AccessTokenPayload>;
+    verifyIdToken(token: string): Promise<token.IdTokenPayload>;
+    private shouldContainRequiredPrivileges;
+    private hasInsufficientScopes;
+    private hasInsufficientRoles;
+}

package/dist/token/verifier.js

@@ -0,0 +1,56 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LogtoTokenVerifier = exports.LogtoTokenVerifierToken = void 0;
+const common_1 = require("@nestjs/common");
+const jose_1 = require("jose");
+exports.LogtoTokenVerifierToken = Symbol.for("LogtoTokenVerifier");
+let LogtoTokenVerifier = class LogtoTokenVerifier {
+    constructor(config) {
+        this.config = config;
+    }
+    async verifyToken(token, requiredScopes, requiredRoles) {
+        if (!token)
+            throw new common_1.UnauthorizedException('엑세스 토큰이 존재하지 않습니다.');
+        const { payload } = await (0, jose_1.jwtVerify)(token, (0, jose_1.createRemoteJWKSet)(new URL(this.config.jwksUri)), { issuer: this.config.issuer });
+        const tokenPayload = payload;
+        if (requiredScopes || requiredRoles) {
+            this.shouldContainRequiredPrivileges(tokenPayload, requiredScopes, requiredRoles);
+        }
+        return tokenPayload;
+    }
+    async verifyIdToken(token) {
+        const { payload } = await (0, jose_1.jwtVerify)(token, (0, jose_1.createRemoteJWKSet)(new URL(this.config.jwksUri)), { issuer: this.config.issuer });
+        return payload;
+    }
+    shouldContainRequiredPrivileges(payload, requiredScopes, requiredRoles) {
+        const { userScopes, userRoles } = payload;
+        const scopes = userScopes?.flat() ?? [];
+        if (this.hasInsufficientScopes(requiredScopes, scopes)) {
+            throw new common_1.UnauthorizedException({ code: 'auth.insufficient_scope', status: 403 }, { cause: requiredScopes });
+        }
+        if (this.hasInsufficientRoles(requiredRoles, userRoles)) {
+            throw new common_1.UnauthorizedException({ code: 'auth.role_mismatch', status: 403 }, { cause: requiredRoles });
+        }
+    }
+    hasInsufficientScopes(requiredScopes, userScopes) {
+        return !!(requiredScopes && requiredScopes.length > 0 && !requiredScopes.every(scope => userScopes.includes(scope)));
+    }
+    hasInsufficientRoles(requiredRoles, userRoles) {
+        return !!(requiredRoles && requiredRoles.length > 0 && !requiredRoles.some(role => userRoles.includes(role)));
+    }
+};
+exports.LogtoTokenVerifier = LogtoTokenVerifier;
+exports.LogtoTokenVerifier = LogtoTokenVerifier = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [Object])
+], LogtoTokenVerifier);
+//# sourceMappingURL=verifier.js.map

package/dist/token/verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../token/verifier.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAmE;AACnE,+BAAqD;AAKxC,QAAA,uBAAuB,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAGjE,IAAM,kBAAkB,GAAxB,MAAM,kBAAkB;IAC3B,YAA6B,MAA2B;QAA3B,WAAM,GAAN,MAAM,CAAqB;IAAI,CAAC;IAYtD,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,cAAyB,EAAE,aAAwB;QACvF,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,8BAAqB,CAAC,oBAAoB,CAAC,CAAC;QAElE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAC/B,KAAK,EAAE,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,EACvD,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CACjC,CAAC;QAEF,MAAM,YAAY,GAAG,OAAmC,CAAC;QAEzD,IAAI,cAAc,IAAI,aAAa,EAAE,CAAC;YAClC,IAAI,CAAC,+BAA+B,CAChC,YAAY,EAAE,cAAc,EAAE,aAAa,CAAC,CAAC;QACrD,CAAC;QAED,OAAO,YAAY,CAAC;IACxB,CAAC;IAOM,KAAK,CAAC,aAAa,CAAC,KAAa;QACpC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAC/B,KAAK,EACL,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,EAChD,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CACjC,CAAC;QACF,OAAO,OAA+B,CAAC;IAC3C,CAAC;IAQO,+BAA+B,CACnC,OAAiC,EACjC,cAAyB,EACzB,aAAwB;QAExB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC1C,MAAM,MAAM,GAAG,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QAExC,IAAI,IAAI,CAAC,qBAAqB,CAAC,cAAc,EAAE,MAAM,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,8BAAqB,CAC3B,EAAE,IAAI,EAAE,yBAAyB,EAAE,MAAM,EAAE,GAAG,EAAE,EAChD,EAAE,KAAK,EAAE,cAAc,EAAE,CAC5B,CAAC;QACN,CAAC;QAED,IAAI,IAAI,CAAC,oBAAoB,CAAC,aAAa,EAAE,SAAS,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,8BAAqB,CAC3B,EAAE,IAAI,EAAE,oBAAoB,EAAE,MAAM,EAAE,GAAG,EAAE,EAC3C,EAAE,KAAK,EAAE,aAAa,EAAE,CAC3B,CAAC;QACN,CAAC;IACL,CAAC;IAEO,qBAAqB,CAAC,cAAoC,EAAE,UAAoB;QACpF,OAAO,CAAC,CAAC,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzH,CAAC;IAEO,oBAAoB,CAAC,aAAmC,EAAE,SAAmB;QACjF,OAAO,CAAC,CAAC,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClH,CAAC;CACJ,CAAA;AAjFY,gDAAkB;6BAAlB,kBAAkB;IAD9B,IAAA,mBAAU,GAAE;;GACA,kBAAkB,CAiF9B"}