@postman/test-mcp-server 1.0.0

package/dist/oauth/routes.js

@@ -0,0 +1,476 @@
+import { Router } from "express";
+import express from "express";
+import { oauthLogger } from "../logger.js";
+import { OAUTH_CONFIG } from "./config.js";
+import { tokenStore, authCodeStore, refreshTokenStore, clientStore } from "./stores.js";
+import { generateClientId, generateClientSecret, validateClient, getClient, generateAuthorizationCode, generateRefreshToken, verifyCodeChallenge, createToken, validateToken, } from "./helpers.js";
+/**
+ * OAuth2 Express Routes
+ *
+ * Provides all OAuth2 endpoints:
+ * - GET  /.well-known/oauth-authorization-server (RFC 8414)
+ * - POST /oauth/register (RFC 7591)
+ * - GET  /oauth/authorize
+ * - POST /oauth/token
+ * - POST /oauth/introspect (RFC 7662)
+ * - POST /oauth/revoke (RFC 7009)
+ */
+const log = oauthLogger;
+const router = Router();
+// Body parsers for OAuth routes only
+const jsonParser = express.json();
+const urlencodedParser = express.urlencoded({ extended: true });
+// ============================================
+// Helper to get base URL
+// ============================================
+function getBaseUrl(req) {
+    const protocol = req.protocol;
+    const host = req.get("host") || `localhost:${OAUTH_CONFIG.port}`;
+    return `${protocol}://${host}`;
+}
+// ============================================
+// OAuth2 Authorization Server Metadata (RFC 8414)
+// ============================================
+router.get("/.well-known/oauth-authorization-server", (req, res) => {
+    const baseUrl = getBaseUrl(req);
+    log.debug({ baseUrl }, "Authorization server metadata requested");
+    const metadata = {
+        issuer: baseUrl,
+        authorization_endpoint: `${baseUrl}/oauth/authorize`,
+        token_endpoint: `${baseUrl}/oauth/token`,
+        registration_endpoint: `${baseUrl}/oauth/register`,
+        introspection_endpoint: `${baseUrl}/oauth/introspect`,
+        revocation_endpoint: `${baseUrl}/oauth/revoke`,
+        response_types_supported: ["code"],
+        response_modes_supported: ["query"],
+        grant_types_supported: ["authorization_code", "client_credentials", "refresh_token"],
+        token_endpoint_auth_methods_supported: ["client_secret_post", "client_secret_basic", "none"],
+        introspection_endpoint_auth_methods_supported: ["none"],
+        revocation_endpoint_auth_methods_supported: ["none"],
+        code_challenge_methods_supported: ["plain", "S256"],
+        scopes_supported: ["mcp:read", "mcp:write"],
+        service_documentation: "https://modelcontextprotocol.io",
+    };
+    res.setHeader("Content-Type", "application/json");
+    res.json(metadata);
+});
+// ============================================
+// Dynamic Client Registration (RFC 7591)
+// ============================================
+router.post("/oauth/register", jsonParser, (req, res) => {
+    log.debug("Client registration request received");
+    const { client_name, redirect_uris, grant_types = ["client_credentials"], token_endpoint_auth_method = "client_secret_post", scope, } = req.body;
+    // Normalize and validate grant types
+    const grantTypeAliases = {
+        authorization_code_with_pkce: "authorization_code",
+    };
+    const supportedGrantTypes = ["client_credentials", "authorization_code", "refresh_token"];
+    const rawGrantTypes = Array.isArray(grant_types) ? grant_types : [grant_types];
+    const requestedGrantTypes = [
+        ...new Set(rawGrantTypes.map((gt) => grantTypeAliases[gt] || gt)),
+    ];
+    const invalidGrantTypes = requestedGrantTypes.filter((gt) => !supportedGrantTypes.includes(gt));
+    if (invalidGrantTypes.length > 0) {
+        log.warn({ invalidGrantTypes }, "Unsupported grant types requested");
+        res.status(400).json({
+            error: "invalid_client_metadata",
+            error_description: `Unsupported grant types: ${invalidGrantTypes.join(", ")}. Supported: ${supportedGrantTypes.join(", ")}, authorization_code_with_pkce (alias for authorization_code)`,
+        });
+        return;
+    }
+    if (requestedGrantTypes.includes("authorization_code") &&
+        (!redirect_uris || redirect_uris.length === 0)) {
+        res.status(400).json({
+            error: "invalid_client_metadata",
+            error_description: "redirect_uris is required for authorization_code grant type",
+        });
+        return;
+    }
+    const supportedAuthMethods = ["client_secret_post", "client_secret_basic", "none"];
+    if (!supportedAuthMethods.includes(token_endpoint_auth_method)) {
+        log.warn({ token_endpoint_auth_method }, "Unsupported auth method");
+        res.status(400).json({
+            error: "invalid_client_metadata",
+            error_description: `Unsupported token_endpoint_auth_method. Supported: ${supportedAuthMethods.join(", ")}`,
+        });
+        return;
+    }
+    const requestedScope = scope
+        ? typeof scope === "string"
+            ? scope.split(" ")
+            : scope
+        : ["mcp:read", "mcp:write"];
+    const clientId = generateClientId();
+    const clientSecret = generateClientSecret();
+    const client = {
+        clientId,
+        clientSecret,
+        clientName: client_name,
+        redirectUris: redirect_uris,
+        grantTypes: requestedGrantTypes,
+        tokenEndpointAuthMethod: token_endpoint_auth_method,
+        scope: requestedScope,
+        createdAt: Date.now(),
+    };
+    clientStore.set(clientId, client);
+    log.info({ clientId, clientName: client_name }, "Client registered successfully");
+    res.status(201).json({
+        client_id: clientId,
+        client_secret: clientSecret,
+        client_id_issued_at: Math.floor(client.createdAt / 1000),
+        client_secret_expires_at: 0,
+        client_name: client_name,
+        redirect_uris: redirect_uris,
+        grant_types: requestedGrantTypes,
+        token_endpoint_auth_method: token_endpoint_auth_method,
+        scope: requestedScope.join(" "),
+    });
+});
+// ============================================
+// Authorization Endpoint
+// ============================================
+router.get("/oauth/authorize", (req, res) => {
+    const { response_type, client_id, redirect_uri, scope, state, code_challenge, code_challenge_method = "plain", } = req.query;
+    log.debug({ client_id, redirect_uri }, "Authorization request received");
+    if (response_type !== "code") {
+        res.status(400).json({
+            error: "unsupported_response_type",
+            error_description: "Only response_type=code is supported",
+        });
+        return;
+    }
+    const client = getClient(client_id);
+    if (!client) {
+        res.status(400).json({
+            error: "invalid_client",
+            error_description: "Unknown client_id",
+        });
+        return;
+    }
+    if (!redirect_uri) {
+        res.status(400).json({
+            error: "invalid_request",
+            error_description: "redirect_uri is required",
+        });
+        return;
+    }
+    if (client.redirectUris && !client.redirectUris.includes(redirect_uri)) {
+        res.status(400).json({
+            error: "invalid_request",
+            error_description: "redirect_uri not registered for this client",
+        });
+        return;
+    }
+    if (!client.grantTypes.includes("authorization_code")) {
+        res.status(400).json({
+            error: "unauthorized_client",
+            error_description: "Client is not authorized for authorization_code grant",
+        });
+        return;
+    }
+    if (code_challenge && !["plain", "S256"].includes(code_challenge_method)) {
+        res.status(400).json({
+            error: "invalid_request",
+            error_description: "code_challenge_method must be plain or S256",
+        });
+        return;
+    }
+    const requestedScope = scope ? scope.split(" ") : client.scope;
+    const code = generateAuthorizationCode();
+    const authCode = {
+        code,
+        clientId: client_id,
+        redirectUri: redirect_uri,
+        scope: requestedScope,
+        codeChallenge: code_challenge,
+        codeChallengeMethod: code_challenge ? code_challenge_method : undefined,
+        createdAt: Date.now(),
+        expiresAt: Date.now() + 10 * 60 * 1000,
+        used: false,
+    };
+    authCodeStore.set(code, authCode);
+    log.info({ clientId: client_id, hasPkce: !!code_challenge }, "Authorization code generated");
+    const redirectUrl = new URL(redirect_uri);
+    redirectUrl.searchParams.set("code", code);
+    if (state) {
+        redirectUrl.searchParams.set("state", state);
+    }
+    res.redirect(302, redirectUrl.toString());
+});
+// ============================================
+// Token Endpoint
+// ============================================
+router.post("/oauth/token", jsonParser, urlencodedParser, (req, res) => {
+    log.debug({
+        body: req.body,
+        headers: { authorization: req.headers.authorization ? "[present]" : "[absent]" },
+    }, "OAuth token request received");
+    let client_id = req.body.client_id;
+    let client_secret = req.body.client_secret;
+    const authHeader = req.headers.authorization;
+    if (authHeader && authHeader.startsWith("Basic ")) {
+        try {
+            const base64Credentials = authHeader.slice(6);
+            const credentials = Buffer.from(base64Credentials, "base64").toString("utf-8");
+            const [headerClientId, headerClientSecret] = credentials.split(":");
+            if (!client_id && headerClientId)
+                client_id = headerClientId;
+            if (!client_secret && headerClientSecret)
+                client_secret = headerClientSecret;
+            log.debug({ headerClientId }, "Extracted client_id from Basic auth header");
+        }
+        catch {
+            log.warn("Failed to parse Basic auth header");
+        }
+    }
+    const { grant_type } = req.body;
+    // Handle client_credentials grant
+    if (grant_type === "client_credentials") {
+        const client = validateClient(client_id, client_secret);
+        if (!client) {
+            log.warn({ client_id }, "Invalid client credentials");
+            res.status(401).json({
+                error: "invalid_client",
+                error_description: "Invalid client credentials",
+            });
+            return;
+        }
+        if (!client.grantTypes.includes("client_credentials")) {
+            res.status(400).json({
+                error: "unauthorized_client",
+                error_description: "Client is not authorized for client_credentials grant",
+            });
+            return;
+        }
+        const requestedScope = req.body.scope ? req.body.scope.split(" ") : client.scope;
+        const tokenInfo = createToken(client_id, requestedScope);
+        log.info({ clientId: client_id }, "Token generated (client_credentials)");
+        res.json({
+            access_token: tokenInfo.accessToken,
+            token_type: "Bearer",
+            expires_in: OAUTH_CONFIG.tokenExpiry,
+            scope: requestedScope.join(" "),
+        });
+        return;
+    }
+    // Handle authorization_code grant
+    if (grant_type === "authorization_code") {
+        const { code, redirect_uri, code_verifier } = req.body;
+        if (!code) {
+            res.status(400).json({
+                error: "invalid_request",
+                error_description: "code is required",
+            });
+            return;
+        }
+        const authCode = authCodeStore.get(code);
+        if (!authCode) {
+            res.status(400).json({
+                error: "invalid_grant",
+                error_description: "Invalid or expired authorization code",
+            });
+            return;
+        }
+        if (authCode.used) {
+            authCodeStore.delete(code);
+            res.status(400).json({
+                error: "invalid_grant",
+                error_description: "Authorization code has already been used",
+            });
+            return;
+        }
+        if (Date.now() > authCode.expiresAt) {
+            authCodeStore.delete(code);
+            res.status(400).json({
+                error: "invalid_grant",
+                error_description: "Authorization code has expired",
+            });
+            return;
+        }
+        if (authCode.clientId !== client_id) {
+            log.warn({
+                storedClientId: authCode.clientId,
+                providedClientId: client_id,
+                hasClientId: !!client_id,
+            }, "client_id mismatch in authorization code exchange");
+            res.status(400).json({
+                error: "invalid_grant",
+                error_description: `client_id does not match. Expected: ${authCode.clientId}, Got: ${client_id || "(not provided)"}`,
+            });
+            return;
+        }
+        if (authCode.redirectUri !== redirect_uri) {
+            res.status(400).json({
+                error: "invalid_grant",
+                error_description: "redirect_uri does not match",
+            });
+            return;
+        }
+        if (authCode.codeChallenge) {
+            if (!code_verifier) {
+                res.status(400).json({
+                    error: "invalid_grant",
+                    error_description: "code_verifier is required for PKCE",
+                });
+                return;
+            }
+            if (!verifyCodeChallenge(code_verifier, authCode.codeChallenge, authCode.codeChallengeMethod)) {
+                res.status(400).json({
+                    error: "invalid_grant",
+                    error_description: "code_verifier does not match code_challenge",
+                });
+                return;
+            }
+        }
+        else {
+            const client = getClient(client_id);
+            if (client && client.tokenEndpointAuthMethod !== "none") {
+                if (!validateClient(client_id, client_secret)) {
+                    res.status(401).json({
+                        error: "invalid_client",
+                        error_description: "Invalid client credentials",
+                    });
+                    return;
+                }
+            }
+        }
+        authCode.used = true;
+        const tokenInfo = createToken(client_id, authCode.scope);
+        const refreshToken = generateRefreshToken();
+        refreshTokenStore.set(refreshToken, {
+            refreshToken,
+            clientId: client_id,
+            scope: authCode.scope,
+            createdAt: Date.now(),
+        });
+        authCodeStore.delete(code);
+        log.info({ clientId: client_id }, "Token generated (authorization_code)");
+        res.json({
+            access_token: tokenInfo.accessToken,
+            token_type: "Bearer",
+            expires_in: OAUTH_CONFIG.tokenExpiry,
+            refresh_token: refreshToken,
+            scope: authCode.scope.join(" "),
+        });
+        return;
+    }
+    // Handle refresh_token grant
+    if (grant_type === "refresh_token") {
+        const { refresh_token, scope } = req.body;
+        if (!refresh_token) {
+            res.status(400).json({
+                error: "invalid_request",
+                error_description: "refresh_token is required",
+            });
+            return;
+        }
+        const storedRefreshToken = refreshTokenStore.get(refresh_token);
+        if (!storedRefreshToken) {
+            res.status(400).json({
+                error: "invalid_grant",
+                error_description: "Invalid refresh token",
+            });
+            return;
+        }
+        if (storedRefreshToken.clientId !== client_id) {
+            res.status(400).json({
+                error: "invalid_grant",
+                error_description: "Refresh token was not issued to this client",
+            });
+            return;
+        }
+        const client = getClient(client_id);
+        if (client && client.tokenEndpointAuthMethod !== "none") {
+            if (!validateClient(client_id, client_secret)) {
+                res.status(401).json({
+                    error: "invalid_client",
+                    error_description: "Invalid client credentials",
+                });
+                return;
+            }
+        }
+        if (client && !client.grantTypes.includes("refresh_token")) {
+            res.status(400).json({
+                error: "unauthorized_client",
+                error_description: "Client is not authorized for refresh_token grant",
+            });
+            return;
+        }
+        let requestedScope = storedRefreshToken.scope;
+        if (scope) {
+            const newScope = scope.split(" ");
+            const isSubset = newScope.every((s) => storedRefreshToken.scope.includes(s));
+            if (!isSubset) {
+                res.status(400).json({
+                    error: "invalid_scope",
+                    error_description: "Requested scope exceeds original scope",
+                });
+                return;
+            }
+            requestedScope = newScope;
+        }
+        const tokenInfo = createToken(client_id, requestedScope);
+        const newRefreshToken = generateRefreshToken();
+        refreshTokenStore.delete(refresh_token);
+        refreshTokenStore.set(newRefreshToken, {
+            refreshToken: newRefreshToken,
+            clientId: client_id,
+            scope: requestedScope,
+            createdAt: Date.now(),
+        });
+        log.info({ clientId: client_id }, "Token refreshed");
+        res.json({
+            access_token: tokenInfo.accessToken,
+            token_type: "Bearer",
+            expires_in: OAUTH_CONFIG.tokenExpiry,
+            refresh_token: newRefreshToken,
+            scope: requestedScope.join(" "),
+        });
+        return;
+    }
+    log.warn({ grant_type }, "Unsupported grant type");
+    res.status(400).json({
+        error: "unsupported_grant_type",
+        error_description: "Supported grant types: client_credentials, authorization_code, refresh_token",
+    });
+});
+// ============================================
+// Token Introspection (RFC 7662)
+// ============================================
+router.post("/oauth/introspect", jsonParser, urlencodedParser, (req, res) => {
+    const { token } = req.body;
+    if (!token) {
+        res.status(400).json({
+            error: "invalid_request",
+            error_description: "Token is required",
+        });
+        return;
+    }
+    const tokenInfo = validateToken(token);
+    if (!tokenInfo) {
+        log.debug("Token introspection: inactive token");
+        res.json({ active: false });
+        return;
+    }
+    log.debug({ clientId: tokenInfo.clientId }, "Token introspection: active token");
+    res.json({
+        active: true,
+        client_id: tokenInfo.clientId,
+        scope: tokenInfo.scope.join(" "),
+        exp: Math.floor(tokenInfo.expiresAt / 1000),
+        iat: Math.floor(tokenInfo.createdAt / 1000),
+    });
+});
+// ============================================
+// Token Revocation (RFC 7009)
+// ============================================
+router.post("/oauth/revoke", jsonParser, urlencodedParser, (req, res) => {
+    const { token } = req.body;
+    if (token) {
+        tokenStore.delete(token);
+        log.info("Token revoked");
+    }
+    res.status(200).send();
+});
+export { router as oauthRouter };
+//# sourceMappingURL=routes.js.map

package/dist/oauth/routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes.js","sourceRoot":"","sources":["../../src/oauth/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AACpD,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACxF,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,cAAc,EACd,SAAS,EACT,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,WAAW,EACX,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB;;;;;;;;;;GAUG;AACH,MAAM,GAAG,GAAG,WAAW,CAAC;AACxB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;AAExB,qCAAqC;AACrC,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;AAClC,MAAM,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;AAEhE,+CAA+C;AAC/C,yBAAyB;AACzB,+CAA+C;AAE/C,SAAS,UAAU,CAAC,GAAY;IAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC9B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,aAAa,YAAY,CAAC,IAAI,EAAE,CAAC;IACjE,OAAO,GAAG,QAAQ,MAAM,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,+CAA+C;AAC/C,kDAAkD;AAClD,+CAA+C;AAE/C,MAAM,CAAC,GAAG,CAAC,yCAAyC,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IACpF,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAEhC,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,EAAE,yCAAyC,CAAC,CAAC;IAElE,MAAM,QAAQ,GAAG;QACf,MAAM,EAAE,OAAO;QACf,sBAAsB,EAAE,GAAG,OAAO,kBAAkB;QACpD,cAAc,EAAE,GAAG,OAAO,cAAc;QACxC,qBAAqB,EAAE,GAAG,OAAO,iBAAiB;QAClD,sBAAsB,EAAE,GAAG,OAAO,mBAAmB;QACrD,mBAAmB,EAAE,GAAG,OAAO,eAAe;QAC9C,wBAAwB,EAAE,CAAC,MAAM,CAAC;QAClC,wBAAwB,EAAE,CAAC,OAAO,CAAC;QACnC,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,oBAAoB,EAAE,eAAe,CAAC;QACpF,qCAAqC,EAAE,CAAC,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,CAAC;QAC5F,6CAA6C,EAAE,CAAC,MAAM,CAAC;QACvD,0CAA0C,EAAE,CAAC,MAAM,CAAC;QACpD,gCAAgC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;QACnD,gBAAgB,EAAE,CAAC,UAAU,EAAE,WAAW,CAAC;QAC3C,qBAAqB,EAAE,iCAAiC;KACzD,CAAC;IAEF,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IAClD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACrB,CAAC,CAAC,CAAC;AAEH,+CAA+C;AAC/C,yCAAyC;AACzC,+CAA+C;AAE/C,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,UAAU,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IACzE,GAAG,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAElD,MAAM,EACJ,WAAW,EACX,aAAa,EACb,WAAW,GAAG,CAAC,oBAAoB,CAAC,EACpC,0BAA0B,GAAG,oBAAoB,EACjD,KAAK,GACN,GAAG,GAAG,CAAC,IAAI,CAAC;IAEb,qCAAqC;IACrC,MAAM,gBAAgB,GAA2B;QAC/C,4BAA4B,EAAE,oBAAoB;KACnD,CAAC;IAEF,MAAM,mBAAmB,GAAG,CAAC,oBAAoB,EAAE,oBAAoB,EAAE,eAAe,CAAC,CAAC;IAC1F,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IAE/E,MAAM,mBAAmB,GAAG;QAC1B,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,EAAU,EAAE,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;KAC1E,CAAC;IAEF,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,MAAM,CAClD,CAAC,EAAU,EAAE,EAAE,CAAC,CAAC,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAClD,CAAC;IAEF,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,IAAI,CAAC,EAAE,iBAAiB,EAAE,EAAE,mCAAmC,CAAC,CAAC;QACrE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,yBAAyB;YAChC,iBAAiB,EAAE,4BAA4B,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,+DAA+D;SACzL,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IACE,mBAAmB,CAAC,QAAQ,CAAC,oBAAoB,CAAC;QAClD,CAAC,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,CAAC,EAC9C,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,yBAAyB;YAChC,iBAAiB,EAAE,6DAA6D;SACjF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,oBAAoB,GAAG,CAAC,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,CAAC,CAAC;IACnF,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;QAC/D,GAAG,CAAC,IAAI,CAAC,EAAE,0BAA0B,EAAE,EAAE,yBAAyB,CAAC,CAAC;QACpE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,yBAAyB;YAChC,iBAAiB,EAAE,sDAAsD,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SAC3G,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,cAAc,GAAG,KAAK;QAC1B,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ;YACzB,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;YAClB,CAAC,CAAC,KAAK;QACT,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAE9B,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;IAE5C,MAAM,MAAM,GAAqB;QAC/B,QAAQ;QACR,YAAY;QACZ,UAAU,EAAE,WAAW;QACvB,YAAY,EAAE,aAAa;QAC3B,UAAU,EAAE,mBAAmB;QAC/B,uBAAuB,EAAE,0BAA0B;QACnD,KAAK,EAAE,cAAc;QACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC;IAEF,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAElC,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,EAAE,gCAAgC,CAAC,CAAC;IAElF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,SAAS,EAAE,QAAQ;QACnB,aAAa,EAAE,YAAY;QAC3B,mBAAmB,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC;QACxD,wBAAwB,EAAE,CAAC;QAC3B,WAAW,EAAE,WAAW;QACxB,aAAa,EAAE,aAAa;QAC5B,WAAW,EAAE,mBAAmB;QAChC,0BAA0B,EAAE,0BAA0B;QACtD,KAAK,EAAE,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC;KAChC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,+CAA+C;AAC/C,yBAAyB;AACzB,+CAA+C;AAE/C,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7D,MAAM,EACJ,aAAa,EACb,SAAS,EACT,YAAY,EACZ,KAAK,EACL,KAAK,EACL,cAAc,EACd,qBAAqB,GAAG,OAAO,GAChC,GAAG,GAAG,CAAC,KAA+B,CAAC;IAExC,GAAG,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,EAAE,gCAAgC,CAAC,CAAC;IAEzE,IAAI,aAAa,KAAK,MAAM,EAAE,CAAC;QAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,2BAA2B;YAClC,iBAAiB,EAAE,sCAAsC;SAC1D,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;IACpC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,gBAAgB;YACvB,iBAAiB,EAAE,mBAAmB;SACvC,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EAAE,0BAA0B;SAC9C,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,YAAY,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACvE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EAAE,6CAA6C;SACjE,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,qBAAqB;YAC5B,iBAAiB,EAAE,uDAAuD;SAC3E,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,cAAc,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACzE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EAAE,6CAA6C;SACjE,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;IAE/D,MAAM,IAAI,GAAG,yBAAyB,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAsB;QAClC,IAAI;QACJ,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,YAAY;QACzB,KAAK,EAAE,cAAc;QACrB,aAAa,EAAE,cAAc;QAC7B,mBAAmB,EAAE,cAAc,CAAC,CAAC,CAAE,qBAA0C,CAAC,CAAC,CAAC,SAAS;QAC7F,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;QACtC,IAAI,EAAE,KAAK;KACZ,CAAC;IAEF,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAElC,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC,cAAc,EAAE,EAAE,8BAA8B,CAAC,CAAC;IAE7F,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;IAC1C,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC3C,IAAI,KAAK,EAAE,CAAC;QACV,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;AAC5C,CAAC,CAAC,CAAC;AAEH,+CAA+C;AAC/C,iBAAiB;AACjB,+CAA+C;AAE/C,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,UAAU,EAAE,gBAAgB,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IACxF,GAAG,CAAC,KAAK,CACP;QACE,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,OAAO,EAAE,EAAE,aAAa,EAAE,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,EAAE;KACjF,EACD,8BAA8B,CAC/B,CAAC;IAEF,IAAI,SAAS,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;IACnC,IAAI,aAAa,GAAG,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC;IAE3C,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAC7C,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,iBAAiB,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC/E,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACpE,IAAI,CAAC,SAAS,IAAI,cAAc;gBAAE,SAAS,GAAG,cAAc,CAAC;YAC7D,IAAI,CAAC,aAAa,IAAI,kBAAkB;gBAAE,aAAa,GAAG,kBAAkB,CAAC;YAC7E,GAAG,CAAC,KAAK,CAAC,EAAE,cAAc,EAAE,EAAE,4CAA4C,CAAC,CAAC;QAC9E,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;IAEhC,kCAAkC;IAClC,IAAI,UAAU,KAAK,oBAAoB,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,EAAE,4BAA4B,CAAC,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,gBAAgB;gBACvB,iBAAiB,EAAE,4BAA4B;aAChD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,qBAAqB;gBAC5B,iBAAiB,EAAE,uDAAuD;aAC3E,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,cAAc,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACjF,MAAM,SAAS,GAAG,WAAW,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAEzD,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,sCAAsC,CAAC,CAAC;QAE1E,GAAG,CAAC,IAAI,CAAC;YACP,YAAY,EAAE,SAAS,CAAC,WAAW;YACnC,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,YAAY,CAAC,WAAW;YACpC,KAAK,EAAE,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC;SAChC,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,kCAAkC;IAClC,IAAI,UAAU,KAAK,oBAAoB,EAAE,CAAC;QACxC,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAEvD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,iBAAiB;gBACxB,iBAAiB,EAAE,kBAAkB;aACtC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,uCAAuC;aAC3D,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAClB,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,0CAA0C;aAC9D,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;YACpC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,gCAAgC;aACpD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACpC,GAAG,CAAC,IAAI,CACN;gBACE,cAAc,EAAE,QAAQ,CAAC,QAAQ;gBACjC,gBAAgB,EAAE,SAAS;gBAC3B,WAAW,EAAE,CAAC,CAAC,SAAS;aACzB,EACD,mDAAmD,CACpD,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,uCAAuC,QAAQ,CAAC,QAAQ,UAAU,SAAS,IAAI,gBAAgB,EAAE;aACrH,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;YAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,6BAA6B;aACjD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC3B,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,eAAe;oBACtB,iBAAiB,EAAE,oCAAoC;iBACxD,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,IACE,CAAC,mBAAmB,CAAC,aAAa,EAAE,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAC,mBAAoB,CAAC,EAC1F,CAAC;gBACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,eAAe;oBACtB,iBAAiB,EAAE,6CAA6C;iBACjE,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;YACpC,IAAI,MAAM,IAAI,MAAM,CAAC,uBAAuB,KAAK,MAAM,EAAE,CAAC;gBACxD,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,aAAa,CAAC,EAAE,CAAC;oBAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,KAAK,EAAE,gBAAgB;wBACvB,iBAAiB,EAAE,4BAA4B;qBAChD,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC;QAED,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;QAErB,MAAM,SAAS,GAAG,WAAW,CAAC,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;QAE5C,iBAAiB,CAAC,GAAG,CAAC,YAAY,EAAE;YAClC,YAAY;YACZ,QAAQ,EAAE,SAAS;YACnB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC,CAAC;QAEH,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAE3B,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,sCAAsC,CAAC,CAAC;QAE1E,GAAG,CAAC,IAAI,CAAC;YACP,YAAY,EAAE,SAAS,CAAC,WAAW;YACnC,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,YAAY,CAAC,WAAW;YACpC,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;SAChC,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,6BAA6B;IAC7B,IAAI,UAAU,KAAK,eAAe,EAAE,CAAC;QACnC,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAE1C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,iBAAiB;gBACxB,iBAAiB,EAAE,2BAA2B;aAC/C,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAChE,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,uBAAuB;aAC3C,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,kBAAkB,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,6CAA6C;aACjE,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;QACpC,IAAI,MAAM,IAAI,MAAM,CAAC,uBAAuB,KAAK,MAAM,EAAE,CAAC;YACxD,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,aAAa,CAAC,EAAE,CAAC;gBAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,gBAAgB;oBACvB,iBAAiB,EAAE,4BAA4B;iBAChD,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;QACH,CAAC;QAED,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YAC3D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,qBAAqB;gBAC5B,iBAAiB,EAAE,kDAAkD;aACtE,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,cAAc,GAAG,kBAAkB,CAAC,KAAK,CAAC;QAC9C,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACrF,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,eAAe;oBACtB,iBAAiB,EAAE,wCAAwC;iBAC5D,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,cAAc,GAAG,QAAQ,CAAC;QAC5B,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAEzD,MAAM,eAAe,GAAG,oBAAoB,EAAE,CAAC;QAC/C,iBAAiB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACxC,iBAAiB,CAAC,GAAG,CAAC,eAAe,EAAE;YACrC,YAAY,EAAE,eAAe;YAC7B,QAAQ,EAAE,SAAS;YACnB,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,iBAAiB,CAAC,CAAC;QAErD,GAAG,CAAC,IAAI,CAAC;YACP,YAAY,EAAE,SAAS,CAAC,WAAW;YACnC,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,YAAY,CAAC,WAAW;YACpC,aAAa,EAAE,eAAe;YAC9B,KAAK,EAAE,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC;SAChC,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,EAAE,wBAAwB,CAAC,CAAC;IACnD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,KAAK,EAAE,wBAAwB;QAC/B,iBAAiB,EACf,8EAA8E;KACjF,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,+CAA+C;AAC/C,iCAAiC;AACjC,+CAA+C;AAE/C,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,UAAU,EAAE,gBAAgB,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7F,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;IAE3B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EAAE,mBAAmB;SACvC,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAEvC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACjD,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,GAAG,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,EAAE,mCAAmC,CAAC,CAAC;IACjF,GAAG,CAAC,IAAI,CAAC;QACP,MAAM,EAAE,IAAI;QACZ,SAAS,EAAE,SAAS,CAAC,QAAQ;QAC7B,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;QAChC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC;QAC3C,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC;KAC5C,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,+CAA+C;AAC/C,8BAA8B;AAC9B,+CAA+C;AAE/C,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,UAAU,EAAE,gBAAgB,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IACzF,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;IAE3B,IAAI,KAAK,EAAE,CAAC;QACV,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5B,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,OAAO,EAAE,MAAM,IAAI,WAAW,EAAE,CAAC"}

package/dist/oauth/stores.d.ts

@@ -0,0 +1,6 @@
+import type { TokenInfo, AuthorizationCode, RefreshTokenInfo, RegisteredClient } from "./types.js";
+export declare const tokenStore: Map<string, TokenInfo>;
+export declare const authCodeStore: Map<string, AuthorizationCode>;
+export declare const refreshTokenStore: Map<string, RefreshTokenInfo>;
+export declare const clientStore: Map<string, RegisteredClient>;
+//# sourceMappingURL=stores.d.ts.map

package/dist/oauth/stores.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stores.d.ts","sourceRoot":"","sources":["../../src/oauth/stores.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAGnG,eAAO,MAAM,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,SAAS,CAAa,CAAC;AAC5D,eAAO,MAAM,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAa,CAAC;AACvE,eAAO,MAAM,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAa,CAAC;AAC1E,eAAO,MAAM,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAa,CAAC"}

package/dist/oauth/stores.js

@@ -0,0 +1,20 @@
+import { OAUTH_CONFIG } from "./config.js";
+export const tokenStore = new Map();
+export const authCodeStore = new Map();
+export const refreshTokenStore = new Map();
+export const clientStore = new Map();
+// Pre-register the default test client
+clientStore.set(OAUTH_CONFIG.clientId, {
+    clientId: OAUTH_CONFIG.clientId,
+    clientSecret: OAUTH_CONFIG.clientSecret,
+    clientName: "Default Test Client",
+    redirectUris: [
+        `http://localhost:${OAUTH_CONFIG.port}/callback`,
+        `http://127.0.0.1:${OAUTH_CONFIG.port}/callback`,
+    ],
+    grantTypes: ["client_credentials", "authorization_code", "refresh_token"],
+    tokenEndpointAuthMethod: "client_secret_post",
+    scope: ["mcp:read", "mcp:write"],
+    createdAt: Date.now(),
+});
+//# sourceMappingURL=stores.js.map

package/dist/oauth/stores.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stores.js","sourceRoot":"","sources":["../../src/oauth/stores.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,MAAM,CAAC,MAAM,UAAU,GAA2B,IAAI,GAAG,EAAE,CAAC;AAC5D,MAAM,CAAC,MAAM,aAAa,GAAmC,IAAI,GAAG,EAAE,CAAC;AACvE,MAAM,CAAC,MAAM,iBAAiB,GAAkC,IAAI,GAAG,EAAE,CAAC;AAC1E,MAAM,CAAC,MAAM,WAAW,GAAkC,IAAI,GAAG,EAAE,CAAC;AAEpE,uCAAuC;AACvC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,QAAQ,EAAE;IACrC,QAAQ,EAAE,YAAY,CAAC,QAAQ;IAC/B,YAAY,EAAE,YAAY,CAAC,YAAY;IACvC,UAAU,EAAE,qBAAqB;IACjC,YAAY,EAAE;QACZ,oBAAoB,YAAY,CAAC,IAAI,WAAW;QAChD,oBAAoB,YAAY,CAAC,IAAI,WAAW;KACjD;IACD,UAAU,EAAE,CAAC,oBAAoB,EAAE,oBAAoB,EAAE,eAAe,CAAC;IACzE,uBAAuB,EAAE,oBAAoB;IAC7C,KAAK,EAAE,CAAC,UAAU,EAAE,WAAW,CAAC;IAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;CACtB,CAAC,CAAC"}

package/dist/oauth/types.d.ts

@@ -0,0 +1,46 @@
+/**
+ * OAuth2 Type Definitions
+ */
+export interface TokenInfo {
+    accessToken: string;
+    refreshToken?: string;
+    clientId: string;
+    createdAt: number;
+    expiresAt: number;
+    scope: string[];
+}
+export interface AuthorizationCode {
+    code: string;
+    clientId: string;
+    redirectUri: string;
+    scope: string[];
+    codeChallenge?: string;
+    codeChallengeMethod?: "plain" | "S256";
+    createdAt: number;
+    expiresAt: number;
+    used: boolean;
+}
+export interface RefreshTokenInfo {
+    refreshToken: string;
+    clientId: string;
+    scope: string[];
+    createdAt: number;
+}
+export interface RegisteredClient {
+    clientId: string;
+    clientSecret: string;
+    clientName?: string;
+    redirectUris?: string[];
+    grantTypes: string[];
+    tokenEndpointAuthMethod: string;
+    scope: string[];
+    createdAt: number;
+}
+export interface OAuthConfig {
+    clientId: string;
+    clientSecret: string;
+    tokenSecret: string;
+    tokenExpiry: number;
+    port: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/oauth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/oauth/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,OAAO,CAAC;CACf;AAED,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,uBAAuB,EAAE,MAAM,CAAC;IAChC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;CACd"}

package/dist/oauth/types.js

@@ -0,0 +1,5 @@
+/**
+ * OAuth2 Type Definitions
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/oauth/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/oauth/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}