@prosopo/provider 4.8.1 → 4.9.1

package/dist/cjs/tasks/dnsEvent/enrichDnsEvent.cjs

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const enrichDnsEvent = async (dnsEvent, ipInfoService, primaryIp) => {
+  if (!dnsEvent) {
+    return void 0;
+  }
+  const enriched = {
+    peerIp: dnsEvent.peerIp,
+    resolverIp: dnsEvent.resolverIp,
+    pathValid: dnsEvent.pathValid
+  };
+  const lookups = [];
+  const kinds = [];
+  if (dnsEvent.peerIp && dnsEvent.peerIp !== primaryIp) {
+    lookups.push(ipInfoService.lookup(dnsEvent.peerIp));
+    kinds.push("peer");
+  }
+  if (dnsEvent.resolverIp && dnsEvent.resolverIp !== primaryIp) {
+    lookups.push(ipInfoService.lookup(dnsEvent.resolverIp));
+    kinds.push("resolver");
+  }
+  if (lookups.length === 0) {
+    return enriched;
+  }
+  const results = await Promise.all(lookups);
+  kinds.forEach((k, i) => {
+    const info = results[i];
+    if (!info) return;
+    if (k === "peer") enriched.peerIpInfo = info;
+    else enriched.resolverIpInfo = info;
+  });
+  return enriched;
+};
+const getIpInfoAsn = (info) => info?.isValid ? info.asnNumber : void 0;
+const extraIpInfosFromEnrichedDnsEvent = (enriched) => {
+  if (!enriched) return [];
+  const out = [];
+  if (enriched.peerIpInfo) out.push(enriched.peerIpInfo);
+  if (enriched.resolverIpInfo) out.push(enriched.resolverIpInfo);
+  return out;
+};
+const computeDnsAsymmetry = (enriched, clientIpInfo) => {
+  if (!enriched) return 0;
+  let score = 0;
+  if (enriched.pathValid === false) score += 0.3;
+  if (enriched.resolverIpInfo?.isValid) {
+    if (enriched.resolverIpInfo.isDatacenter) score += 0.3;
+    if (enriched.resolverIpInfo.isAbuser) score += 0.2;
+  }
+  if (enriched.peerIpInfo?.isValid) {
+    if (enriched.peerIpInfo.isDatacenter) score += 0.2;
+    if (enriched.peerIpInfo.isAbuser) score += 0.2;
+  }
+  if (clientIpInfo?.isValid && clientIpInfo.providerType === "isp" && enriched.resolverIpInfo?.isValid && enriched.resolverIpInfo.isDatacenter) {
+    score += 0.2;
+  }
+  return Math.min(score, 1);
+};
+exports.computeDnsAsymmetry = computeDnsAsymmetry;
+exports.enrichDnsEvent = enrichDnsEvent;
+exports.extraIpInfosFromEnrichedDnsEvent = extraIpInfosFromEnrichedDnsEvent;
+exports.getIpInfoAsn = getIpInfoAsn;

package/dist/cjs/tasks/imgCaptcha/imgCaptchaTasks.cjs

@@ -13,6 +13,7 @@ const util = require("../../util.cjs");
 const usageCounters = require("../../util/usageCounters.cjs");
 const captchaManager = require("../captchaManager.cjs");
 const decisionMachineRunner = require("../decisionMachine/decisionMachineRunner.cjs");
+const enrichDnsEvent = require("../dnsEvent/enrichDnsEvent.cjs");
 require("../frictionless/frictionlessTasks.cjs");
 const frictionlessTasksUtils = require("../frictionless/frictionlessTasksUtils.cjs");
 const evaluateEmailSpamRules = require("../spam/evaluateEmailSpamRules.cjs");
@@ -174,8 +175,13 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
     );
     if (pendingRequest) {
       const { storedCaptchas, receivedCaptchas, captchaIds } = await this.validateReceivedCaptchasAgainstStoredCaptchas(captchas);
-      const flat = receivedCaptchas.map((c) => util$2.extractData(c.salt));
-      const pairs$1 = flat.map((list) => pairs.constructPairList(list));
+      const rawFlat = receivedCaptchas.map((c) => util$2.extractData(c.salt));
+      const { checkbox: checkboxCoordPair, flat } = pairs.peelCheckboxPrefix(
+        rawFlat,
+        receivedCaptchas.map((c) => c.solution.length)
+      );
+      const shapePairs = flat.map((list) => pairs.constructPairList(list));
+      const pairs$1 = checkboxCoordPair ? [[checkboxCoordPair], ...shapePairs] : shapePairs;
       const { tree, commitmentId } = imgCaptchaTasksUtils.buildTreeAndGetCommitmentId(receivedCaptchas);
       const datasetId = util$2.at(storedCaptchas, 0).datasetId;
       if (!datasetId) {
@@ -236,6 +242,7 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
         userSubmitted: true,
         serverChecked: false,
         requestedAtTimestamp: new Date(timestamp),
+        submittedAtTimestamp: /* @__PURE__ */ new Date(),
         ipAddress: compositeIpAddress.getCompositeIpAddress(ipAddress),
         headers,
         sessionId: pendingRecord.sessionId,
@@ -474,7 +481,8 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
     }
     maxVerifiedTime = maxVerifiedTime || 60 * 1e3;
     const currentTime = Date.now();
-    const timeSinceCompletion = currentTime - solution.requestedAtTimestamp.getTime();
+    const submittedAt = solution.submittedAtTimestamp;
+    const timeSinceCompletion = submittedAt instanceof Date ? currentTime - submittedAt.getTime() : Number.POSITIVE_INFINITY;
     if (timeSinceCompletion > maxVerifiedTime) {
       this.logger.debug(() => ({
         msg: "Not verified - timed out"
@@ -555,17 +563,34 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
         failStatus = types.ResultReason.SPAM_EMAIL_RULE;
       }
     }
+    const sessionRecord = solution.sessionId ? await this.db.getSessionRecordBySessionId(solution.sessionId) : void 0;
+    const enrichedDnsEvent = await enrichDnsEvent.enrichDnsEvent(
+      sessionRecord?.dnsEvent,
+      env.ipInfoService,
+      ip ?? solution.ipInfo?.ip
+    );
     if (!failStatus) {
       const check = await this.resolveTrafficFilterCheck(
         env,
         solution.ipInfo,
         trafficFilter,
-        ip
+        ip,
+        enrichedDnsEvent
       );
       if (check.isBlocked) {
         this.logger.info(() => ({
           msg: "Traffic filter rejected request",
-          data: { commitmentId, dapp, ip, reason: check.reason }
+          data: {
+            commitmentId,
+            dapp,
+            ip,
+            reason: check.reason,
+            dnsPeerIp: enrichedDnsEvent?.peerIp,
+            dnsResolverIp: enrichedDnsEvent?.resolverIp,
+            dnsPeerAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.peerIpInfo),
+            dnsResolverAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.resolverIpInfo),
+            dnsPathValid: enrichedDnsEvent?.pathValid
+          }
         }));
         commitmentUpdates.result = {
           status: types.CaptchaStatus.disapproved,
@@ -588,7 +613,8 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
           solutionIpAddress,
           this.logger,
           env.ipInfoService,
-          ipValidationRules
+          ipValidationRules,
+          enrichedDnsEvent?.peerIp
         );
         if (!ipValidation.isValid) {
           this.logger.error(() => ({
@@ -614,40 +640,48 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
           "solved",
           types.CaptchaType.image,
           ipValue,
-          solution.userAccount
+          solution.userAccount,
+          enrichedDnsEvent?.peerIp
         )
       );
     }
     let score;
-    if (solution.sessionId) {
-      const sessionRecord = await this.db.getSessionRecordBySessionId(
-        solution.sessionId
+    if (sessionRecord) {
+      const dnsAsymmetry = enrichDnsEvent.computeDnsAsymmetry(
+        enrichedDnsEvent,
+        solution.ipInfo
       );
-      if (sessionRecord) {
-        score = frictionlessTasksUtils.computeFrictionlessScore(sessionRecord?.scoreComponents);
+      if (dnsAsymmetry > 0) {
+        sessionRecord.scoreComponents = {
+          ...sessionRecord.scoreComponents,
+          dnsAsymmetry
+        };
+      }
+      score = frictionlessTasksUtils.computeFrictionlessScore(sessionRecord?.scoreComponents);
+      this.logger.info(() => ({
+        data: {
+          scoreComponents: sessionRecord?.scoreComponents,
+          score,
+          dnsPeerAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.peerIpInfo),
+          dnsResolverAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.resolverIpInfo)
+        }
+      }));
+      if (!failStatus && disallowWebView === true && (sessionRecord.webView === true || (sessionRecord.scoreComponents.webView || 0) > 0)) {
         this.logger.info(() => ({
-          data: {
-            scoreComponents: sessionRecord?.scoreComponents,
-            score
-          }
+          msg: "Disallowing webview access - user not verified"
+        }));
+        commitmentUpdates.result = {
+          status: types.CaptchaStatus.disapproved,
+          reason: types.ResultReason.DISALLOWED_WEBVIEW
+        };
+        failStatus = types.ResultReason.DISALLOWED_WEBVIEW;
+        isApproved = false;
+        failureStatus = types.ResultReason.DISALLOWED_WEBVIEW;
+      }
+      if (contextAwareEnabled && sessionRecord.reason === types.FrictionlessReason.CONTEXT_AWARE_VALIDATION_FAILED) {
+        this.logger.info(() => ({
+          msg: "Context aware validation failed"
         }));
-        if (!failStatus && disallowWebView === true && (sessionRecord.webView === true || (sessionRecord.scoreComponents.webView || 0) > 0)) {
-          this.logger.info(() => ({
-            msg: "Disallowing webview access - user not verified"
-          }));
-          commitmentUpdates.result = {
-            status: types.CaptchaStatus.disapproved,
-            reason: types.ResultReason.DISALLOWED_WEBVIEW
-          };
-          failStatus = types.ResultReason.DISALLOWED_WEBVIEW;
-          isApproved = false;
-          failureStatus = types.ResultReason.DISALLOWED_WEBVIEW;
-        }
-        if (contextAwareEnabled && sessionRecord.reason === types.FrictionlessReason.CONTEXT_AWARE_VALIDATION_FAILED) {
-          this.logger.info(() => ({
-            msg: "Context aware validation failed"
-          }));
-        }
       }
     }
     if (isApproved) {
@@ -657,7 +691,9 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
         captchaResult: "passed",
         headers: solution.headers,
         captchaType: types.CaptchaType.image,
-        countryCode: solution.ipInfo?.isValid ? solution.ipInfo.countryCode : void 0
+        countryCode: solution.ipInfo?.isValid ? solution.ipInfo.countryCode : void 0,
+        ipInfo: solution.ipInfo,
+        dnsEvent: enrichedDnsEvent
       };
       try {
         const decision = await this.decisionMachineRunner.decide(

package/dist/cjs/tasks/powCaptcha/powTasks.cjs

@@ -9,6 +9,7 @@ const util$2 = require("../../util.cjs");
 const usageCounters = require("../../util/usageCounters.cjs");
 const captchaManager = require("../captchaManager.cjs");
 const decisionMachineRunner = require("../decisionMachine/decisionMachineRunner.cjs");
+const enrichDnsEvent = require("../dnsEvent/enrichDnsEvent.cjs");
 const frictionlessTasksUtils = require("../frictionless/frictionlessTasksUtils.cjs");
 const routingMachine = require("../frictionless/routingMachine.cjs");
 const evaluateEmailSpamRules = require("../spam/evaluateEmailSpamRules.cjs");
@@ -356,8 +357,9 @@ class PowCaptchaManager extends captchaManager.CaptchaManager {
     const powRecordUpdates = {};
     let failResult;
     let failReason;
-    const recent = util$1.verifyRecency(challenge, timeout);
-    if (!recent) {
+    const submittedAt = challengeRecord.submittedAtTimestamp;
+    const submitToVerifyMs = submittedAt instanceof Date ? Date.now() - submittedAt.getTime() : Number.POSITIVE_INFINITY;
+    if (submitToVerifyMs > timeout) {
       failResult = {
         status: types.CaptchaStatus.disapproved,
         reason: types.ResultReason.TIMESTAMP_TOO_OLD
@@ -434,17 +436,34 @@ class PowCaptchaManager extends captchaManager.CaptchaManager {
         failReason = "API.SPAM_EMAIL_RULE";
       }
     }
+    const sessionRecord = challengeRecord.sessionId ? await this.db.getSessionRecordBySessionId(challengeRecord.sessionId) : void 0;
+    const enrichedDnsEvent = await enrichDnsEvent.enrichDnsEvent(
+      sessionRecord?.dnsEvent,
+      env.ipInfoService,
+      ip ?? challengeRecord.ipInfo?.ip
+    );
     if (!failResult) {
       const check = await this.resolveTrafficFilterCheck(
         env,
         challengeRecord.ipInfo,
         trafficFilter,
-        ip
+        ip,
+        enrichedDnsEvent
       );
       if (check.isBlocked) {
         this.logger.info(() => ({
           msg: "Traffic filter rejected request in PoW verification",
-          data: { challenge, dappAccount, ip, reason: check.reason }
+          data: {
+            challenge,
+            dappAccount,
+            ip,
+            reason: check.reason,
+            dnsPeerIp: enrichedDnsEvent?.peerIp,
+            dnsResolverIp: enrichedDnsEvent?.resolverIp,
+            dnsPeerAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.peerIpInfo),
+            dnsResolverAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.resolverIpInfo),
+            dnsPathValid: enrichedDnsEvent?.pathValid
+          }
         }));
         failResult = {
           status: types.CaptchaStatus.disapproved,
@@ -469,7 +488,8 @@ class PowCaptchaManager extends captchaManager.CaptchaManager {
           challengeIpAddress,
           this.logger,
           env.ipInfoService,
-          ipValidationRules
+          ipValidationRules,
+          enrichedDnsEvent?.peerIp
         );
         if (!ipValidation.isValid) {
           this.logger.error(() => ({
@@ -490,19 +510,26 @@ class PowCaptchaManager extends captchaManager.CaptchaManager {
       }
     }
     let score;
-    if (challengeRecord.sessionId) {
-      const sessionRecord = await this.db.getSessionRecordBySessionId(
-        challengeRecord.sessionId
+    if (sessionRecord) {
+      const dnsAsymmetry = enrichDnsEvent.computeDnsAsymmetry(
+        enrichedDnsEvent,
+        challengeRecord.ipInfo
       );
-      if (sessionRecord) {
-        score = frictionlessTasksUtils.computeFrictionlessScore(sessionRecord?.scoreComponents);
-        this.logger.info(() => ({
-          data: {
-            scoreComponents: { ...sessionRecord?.scoreComponents || {} },
-            score
-          }
-        }));
+      if (dnsAsymmetry > 0) {
+        sessionRecord.scoreComponents = {
+          ...sessionRecord.scoreComponents,
+          dnsAsymmetry
+        };
       }
+      score = frictionlessTasksUtils.computeFrictionlessScore(sessionRecord?.scoreComponents);
+      this.logger.info(() => ({
+        data: {
+          scoreComponents: { ...sessionRecord?.scoreComponents || {} },
+          score,
+          dnsPeerAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.peerIpInfo),
+          dnsResolverAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.resolverIpInfo)
+        }
+      }));
     }
     if (!failResult) {
       try {
@@ -514,7 +541,9 @@ class PowCaptchaManager extends captchaManager.CaptchaManager {
           captchaType: types.CaptchaType.pow,
           behavioralDataPacked: challengeRecord.behavioralDataPacked,
           deviceCapability: challengeRecord.deviceCapability,
-          countryCode: challengeRecord.ipInfo?.isValid ? challengeRecord.ipInfo.countryCode : void 0
+          countryCode: challengeRecord.ipInfo?.isValid ? challengeRecord.ipInfo.countryCode : void 0,
+          ipInfo: challengeRecord.ipInfo,
+          dnsEvent: enrichedDnsEvent
         };
         const decision = await this.decisionMachineRunner.decide(
           decisionInput,

package/dist/cjs/tasks/puzzleCaptcha/puzzleTasks.cjs

@@ -9,6 +9,7 @@ const util$2 = require("../../util.cjs");
 const usageCounters = require("../../util/usageCounters.cjs");
 const captchaManager = require("../captchaManager.cjs");
 const decisionMachineRunner = require("../decisionMachine/decisionMachineRunner.cjs");
+const enrichDnsEvent = require("../dnsEvent/enrichDnsEvent.cjs");
 const frictionlessTasksUtils = require("../frictionless/frictionlessTasksUtils.cjs");
 const powTasksUtils = require("../powCaptcha/powTasksUtils.cjs");
 const puzzleTasksUtils = require("./puzzleTasksUtils.cjs");
@@ -281,8 +282,9 @@ class PuzzleCaptchaManager extends captchaManager.CaptchaManager {
       serverChecked: true,
       lastUpdatedTimestamp: /* @__PURE__ */ new Date()
     });
-    const recent = util$1.verifyRecency(challenge, timeout);
-    if (!recent) {
+    const submittedAt = challengeRecord.submittedAtTimestamp;
+    const submitToVerifyMs = submittedAt instanceof Date ? Date.now() - submittedAt.getTime() : Number.POSITIVE_INFINITY;
+    if (submitToVerifyMs > timeout) {
       const disapprovedResult = {
         status: types.CaptchaStatus.disapproved,
         reason: types.ResultReason.TIMESTAMP_TOO_OLD
@@ -365,17 +367,34 @@ class PuzzleCaptchaManager extends captchaManager.CaptchaManager {
         }));
       }
     }
+    const sessionRecord = challengeRecord.sessionId ? await this.db.getSessionRecordBySessionId(challengeRecord.sessionId) : void 0;
+    const enrichedDnsEvent = await enrichDnsEvent.enrichDnsEvent(
+      sessionRecord?.dnsEvent,
+      env.ipInfoService,
+      ip ?? challengeRecord.ipInfo?.ip
+    );
     {
       const check = await this.resolveTrafficFilterCheck(
         env,
         challengeRecord.ipInfo,
         trafficFilter,
-        ip
+        ip,
+        enrichedDnsEvent
       );
       if (check.isBlocked) {
         this.logger.info(() => ({
           msg: "Traffic filter rejected request in puzzle verification",
-          data: { challenge, dappAccount, ip, reason: check.reason }
+          data: {
+            challenge,
+            dappAccount,
+            ip,
+            reason: check.reason,
+            dnsPeerIp: enrichedDnsEvent?.peerIp,
+            dnsResolverIp: enrichedDnsEvent?.resolverIp,
+            dnsPeerAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.peerIpInfo),
+            dnsResolverAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.resolverIpInfo),
+            dnsPathValid: enrichedDnsEvent?.pathValid
+          }
         }));
         const blockedResult = {
           status: types.CaptchaStatus.disapproved,
@@ -413,7 +432,8 @@ class PuzzleCaptchaManager extends captchaManager.CaptchaManager {
           challengeIpAddress,
           this.logger,
           env.ipInfoService,
-          ipValidationRules
+          ipValidationRules,
+          enrichedDnsEvent?.peerIp
         );
         if (!ipValidation.isValid) {
           this.logger.error(() => ({
@@ -443,19 +463,26 @@ class PuzzleCaptchaManager extends captchaManager.CaptchaManager {
       }
     }
     let score;
-    if (challengeRecord.sessionId) {
-      const sessionRecord = await this.db.getSessionRecordBySessionId(
-        challengeRecord.sessionId
+    if (sessionRecord) {
+      const dnsAsymmetry = enrichDnsEvent.computeDnsAsymmetry(
+        enrichedDnsEvent,
+        challengeRecord.ipInfo
       );
-      if (sessionRecord) {
-        score = frictionlessTasksUtils.computeFrictionlessScore(sessionRecord?.scoreComponents);
-        this.logger.info(() => ({
-          data: {
-            scoreComponents: { ...sessionRecord?.scoreComponents || {} },
-            score
-          }
-        }));
+      if (dnsAsymmetry > 0) {
+        sessionRecord.scoreComponents = {
+          ...sessionRecord.scoreComponents,
+          dnsAsymmetry
+        };
       }
+      score = frictionlessTasksUtils.computeFrictionlessScore(sessionRecord?.scoreComponents);
+      this.logger.info(() => ({
+        data: {
+          scoreComponents: { ...sessionRecord?.scoreComponents || {} },
+          score,
+          dnsPeerAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.peerIpInfo),
+          dnsResolverAsn: enrichDnsEvent.getIpInfoAsn(enrichedDnsEvent?.resolverIpInfo)
+        }
+      }));
     }
     try {
       const decisionInput = {
@@ -466,7 +493,9 @@ class PuzzleCaptchaManager extends captchaManager.CaptchaManager {
         captchaType: types.CaptchaType.puzzle,
         behavioralDataPacked: challengeRecord.behavioralDataPacked,
         deviceCapability: challengeRecord.deviceCapability,
-        countryCode: challengeRecord.ipInfo?.isValid ? challengeRecord.ipInfo.countryCode : void 0
+        countryCode: challengeRecord.ipInfo?.isValid ? challengeRecord.ipInfo.countryCode : void 0,
+        ipInfo: challengeRecord.ipInfo,
+        dnsEvent: enrichedDnsEvent
       };
       const decision = await this.decisionMachineRunner.decide(
         decisionInput,

package/dist/cjs/tasks/spam/checkTrafficFilter.cjs

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const types = require("@prosopo/types");
-const checkTrafficFilter = (ipInfo, trafficFilter) => {
+const evaluateIpInfo = (ipInfo, trafficFilter, options) => {
   if (!ipInfo || !ipInfo.isValid) {
     return { isBlocked: false };
   }
@@ -24,7 +24,7 @@ const checkTrafficFilter = (ipInfo, trafficFilter) => {
       return { isBlocked: true, reason: types.ResultReason.ABUSER_BLOCKED };
     }
   }
-  if (trafficFilter.blockDatacenter && ipInfo.isDatacenter && !(ipInfo.isVPN && !trafficFilter.blockVpn)) {
+  if (trafficFilter.blockDatacenter && ipInfo.isDatacenter && !(options.suppressVpnDatacenterInteraction && ipInfo.isVPN && !trafficFilter.blockVpn)) {
     return { isBlocked: true, reason: types.ResultReason.DATACENTER_BLOCKED };
   }
   if (trafficFilter.blockMobile && ipInfo.isMobile) {
@@ -38,4 +38,21 @@ const checkTrafficFilter = (ipInfo, trafficFilter) => {
   }
   return { isBlocked: false };
 };
+const checkTrafficFilter = (ipInfo, trafficFilter, extraIpInfos) => {
+  const primary = evaluateIpInfo(ipInfo, trafficFilter, {
+    suppressVpnDatacenterInteraction: true
+  });
+  if (primary.isBlocked) {
+    return primary;
+  }
+  for (const extra of extraIpInfos ?? []) {
+    const result = evaluateIpInfo(extra, trafficFilter, {
+      suppressVpnDatacenterInteraction: false
+    });
+    if (result.isBlocked) {
+      return result;
+    }
+  }
+  return { isBlocked: false };
+};
 exports.checkTrafficFilter = checkTrafficFilter;

package/dist/cjs/tasks/tasks.cjs

@@ -15,6 +15,7 @@ let globalWriteQueue = null;
 let flushStarted = false;
 class Tasks {
   constructor(env, logger$1) {
+    this.env = env;
     this.config = env.config;
     this.db = env.getDb();
     this.captchaConfig = env.config.captchas;

package/dist/cjs/util/usageCounters.cjs

@@ -160,7 +160,7 @@ class UsageCounters {
     }
   }
 }
-const buildAllWindowIncrements = (kind, captchaType, ip, userAccount) => {
+const buildAllWindowIncrements = (kind, captchaType, ip, userAccount, peerIp) => {
   const out = [];
   for (const window of [
     "1m",
@@ -177,6 +177,12 @@ const buildAllWindowIncrements = (kind, captchaType, ip, userAccount) => {
         value: userAccount
       }
     );
+    if (peerIp && peerIp !== ip) {
+      out.push({
+        spec: { kind, captchaType, dimension: "peerIp", window },
+        value: peerIp
+      });
+    }
     if (captchaType !== "any") {
       out.push(
         {
@@ -193,6 +199,17 @@ const buildAllWindowIncrements = (kind, captchaType, ip, userAccount) => {
           value: userAccount
         }
       );
+      if (peerIp && peerIp !== ip) {
+        out.push({
+          spec: {
+            kind,
+            captchaType: "any",
+            dimension: "peerIp",
+            window
+          },
+          value: peerIp
+        });
+      }
     }
   }
   return out;

package/dist/cjs/util.cjs

@@ -224,7 +224,17 @@ const evaluateIpValidationRules = (comparison, rules, logger) => {
     shouldFlag
   };
 };
-const deepValidateIpAddress = async (ip, challengeIpAddress, logger, ipInfoService, ipValidationRules) => {
+const deepValidateIpAddress = async (ip, challengeIpAddress, logger, ipInfoService, ipValidationRules, dnsPeerIp) => {
+  if (ipValidationRules?.forceConsistentIp === true && dnsPeerIp && dnsPeerIp !== ip) {
+    logger.info(() => ({
+      msg: "IP validation failed - dnsEvent.peerIp does not match client IP",
+      data: { clientIp: ip, dnsPeerIp }
+    }));
+    return {
+      isValid: false,
+      errorMessage: `Client IP ${ip} does not match dnsEvent.peerIp ${dnsPeerIp}`
+    };
+  }
   const standardValidation = validateIpAddress(ip, challengeIpAddress, logger);
   if (!standardValidation.isValid) {
     if (standardValidation.errorMessage?.includes("Invalid IP address")) {

package/dist/pairs.d.ts

@@ -1,3 +1,7 @@
 export declare const constructPairList: (list: number[]) => [number, number][];
+export declare const peelCheckboxPrefix: (flat: number[][], solutionLengths: number[]) => {
+    checkbox?: [number, number];
+    flat: number[][];
+};
 export declare const containsIdenticalPairs: (pairsLists: [number, number][][]) => boolean;
 //# sourceMappingURL=pairs.d.ts.map

package/dist/pairs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pairs.d.ts","sourceRoot":"","sources":["../src/pairs.ts"],"names":[],"mappings":"AAmBA,eAAO,MAAM,iBAAiB,SAAU,MAAM,EAAE,KAAG,CAAC,MAAM,EAAE,MAAM,CAAC,EAWlE,CAAC;AAMF,eAAO,MAAM,sBAAsB,eAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,YActE,CAAC"}
+{"version":3,"file":"pairs.d.ts","sourceRoot":"","sources":["../src/pairs.ts"],"names":[],"mappings":"AAmBA,eAAO,MAAM,iBAAiB,SAAU,MAAM,EAAE,KAAG,CAAC,MAAM,EAAE,MAAM,CAAC,EAWlE,CAAC;AAEF,eAAO,MAAM,kBAAkB,SACxB,MAAM,EAAE,EAAE,mBACC,MAAM,EAAE,KACvB;IAAE,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;CAYjD,CAAC;AAMF,eAAO,MAAM,sBAAsB,eAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,YActE,CAAC"}

package/dist/pairs.js

@@ -9,6 +9,19 @@ const constructPairList = (list) => {
   }
   return pairList;
 };
+const peelCheckboxPrefix = (flat, solutionLengths) => {
+  const firstFlat = flat[0];
+  const firstLen = solutionLengths[0];
+  if (firstFlat === void 0 || firstLen === void 0) {
+    return { flat };
+  }
+  if (firstFlat.length === 2 * firstLen + 2) {
+    const checkbox = [at(firstFlat, 0), at(firstFlat, 1)];
+    const stripped = [firstFlat.slice(2), ...flat.slice(1)];
+    return { checkbox, flat: stripped };
+  }
+  return { flat };
+};
 const containsIdenticalPairs = (pairsLists) => {
   const set = /* @__PURE__ */ new Set();
   for (const pairList of pairsLists) {
@@ -23,5 +36,6 @@ const containsIdenticalPairs = (pairsLists) => {
 };
 export {
   constructPairList,
-  containsIdenticalPairs
+  containsIdenticalPairs,
+  peelCheckboxPrefix
 };

package/dist/pairs.js.map

@@ -1 +1 @@
-{"version":3,"file":"pairs.js","sourceRoot":"","sources":["../src/pairs.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,EAAE,EAAE,MAAM,eAAe,CAAC;AAKnC,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,IAAc,EAAsB,EAAE;IAEvE,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,QAAQ,GAAuB,EAAE,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAMF,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,UAAgC,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAE9B,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QACnC,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC7B,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YACtB,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACtB,CAAC;IACF,CAAC;IAGD,OAAO,GAAG,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;AACzD,CAAC,CAAC"}
+{"version":3,"file":"pairs.js","sourceRoot":"","sources":["../src/pairs.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,EAAE,EAAE,MAAM,eAAe,CAAC;AAKnC,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,IAAc,EAAsB,EAAE;IAEvE,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,QAAQ,GAAuB,EAAE,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,QAAQ,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,CACjC,IAAgB,EAChB,eAAyB,EAC2B,EAAE;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,QAAQ,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;IACpC,IAAI,SAAS,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QACvD,OAAO,EAAE,IAAI,EAAE,CAAC;IACjB,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,GAAG,QAAQ,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAqB,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;QACxE,MAAM,QAAQ,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IACrC,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,CAAC;AACjB,CAAC,CAAC;AAMF,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,UAAgC,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAE9B,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QACnC,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC7B,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YACtB,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACtB,CAAC;IACF,CAAC;IAGD,OAAO,GAAG,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;AACzD,CAAC,CAAC"}

package/dist/tasks/captchaManager.d.ts

@@ -1,7 +1,7 @@
 import type { RedisWriteQueue } from "@prosopo/database";
 import type { TranslationKey } from "@prosopo/locale";
 import { type Logger } from "@prosopo/logger";
-import { type CaptchaType, type IPInfoResponse, type ITrafficFilter, type KeyringPair, type ProsopoConfigOutput, type RequestHeaders, type Session, type SimdReadingsStage, Tier, type UserCommitment } from "@prosopo/types";
+import { type CaptchaType, type EnrichedDnsEvent, type IPInfoResponse, type ITrafficFilter, type KeyringPair, type ProsopoConfigOutput, type RequestHeaders, type Session, type SimdReadingsStage, Tier, type UserCommitment } from "@prosopo/types";
 import type { ClientRecord, IProviderDatabase, IUserDataSlim, PoWCaptchaRecord, PuzzleCaptchaRecord } from "@prosopo/types-database";
 import type { ProviderEnvironment } from "@prosopo/types-env";
 import { type AccessPolicy, type AccessRulesStorage, type UserScope, type UserScopeRecord } from "@prosopo/user-access-policy";
@@ -46,7 +46,7 @@ export declare class CaptchaManager {
     decryptBehavioralData(encryptedData: string, decryptKeys: (string | undefined)[]): Promise<BehavioralDataResult | null>;
     checkForHardBlock(userAccessRulesStorage: AccessRulesStorage, challengeRecord: PoWCaptchaRecord | PuzzleCaptchaRecord | UserCommitment, userAccount: string, headers: RequestHeaders, coords?: [number, number][][], countryCode?: string, asn?: number): Promise<AccessPolicy | undefined>;
     checkSpamEmail(email: string): Promise<boolean>;
-    resolveTrafficFilterCheck(env: ProviderEnvironment, recordIpInfo: IPInfoResponse | undefined, trafficFilter: Partial<ITrafficFilter> | undefined, currentIp?: string): Promise<TrafficCheckResult>;
+    resolveTrafficFilterCheck(env: ProviderEnvironment, recordIpInfo: IPInfoResponse | undefined, trafficFilter: Partial<ITrafficFilter> | undefined, currentIp?: string, enrichedDnsEvent?: EnrichedDnsEvent): Promise<TrafficCheckResult>;
     static canClientSeeScore(tier: Tier, score?: number): boolean | 0 | undefined;
 }
 //# sourceMappingURL=captchaManager.d.ts.map

package/dist/tasks/captchaManager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"captchaManager.d.ts","sourceRoot":"","sources":["../../src/tasks/captchaManager.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,KAAK,MAAM,EAAa,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAEN,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,cAAc,EAEnB,KAAK,OAAO,EACZ,KAAK,iBAAiB,EACtB,IAAI,EACJ,KAAK,cAAc,EACnB,MAAM,gBAAgB,CAAC;AACxB,OAAO,KAAK,EACX,YAAY,EACZ,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACnB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACN,KAAK,YAAY,EAEjB,KAAK,kBAAkB,EACvB,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAMrC,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAEpE,OAAO,EACN,KAAK,kBAAkB,EAEvB,MAAM,8BAA8B,CAAC;AAetC,qBAAa,cAAc;IAC1B,IAAI,EAAE,WAAW,CAAC;IAClB,EAAE,EAAE,iBAAiB,CAAC;IACtB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,eAAe,GAAG,IAAI,CAAC;gBAGlC,EAAE,EAAE,iBAAiB,EACrB,IAAI,EAAE,WAAW,EACjB,MAAM,EAAE,mBAAmB,EAC3B,MAAM,CAAC,EAAE,MAAM,EACf,UAAU,CAAC,EAAE,eAAe,GAAG,IAAI;IAqBvB,4BAA4B,CACxC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EACzB,eAAe,CAAC,EAAE,OAAO,GACvB,OAAO,CAAC,IAAI,CAAC;IAiBH,4BAA4B,CACxC,sBAAsB,EAAE,MAAM,GAC5B,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,GAAG,SAAS,CAAC;IAe/C,oCAAoC,CAChD,SAAS,EAAE,MAAM,EACjB,sBAAsB,EAAE,MAAM,EAC9B,KAAK,EAAE,iBAAiB,GACtB,OAAO,CAAC,IAAI,CAAC;IAgBH,0CAA0C,CACtD,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,EAC9C,KAAK,EAAE,iBAAiB,GACtB,OAAO,CAAC,IAAI,CAAC;IAgBT,0BAA0B,CAChC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EACzB,eAAe,CAAC,EAAE,OAAO,GACvB,IAAI;IAqBA,+BAA+B,CACrC,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,EAC9C,KAAK,EAAE,iBAAiB,GACtB,IAAI;IAYD,iBAAiB,CACtB,aAAa,EAAE,OAAO,EACtB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,mBAAmB,GACtB,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,cAAc,CAAA;KAAE,CAAC;IAMjD,cAAc,CACnB,cAAc,EAAE,YAAY,GAAG,aAAa,EAC5C,oBAAoB,EAAE,WAAW,EACjC,GAAG,EAAE,mBAAmB,EACxB,SAAS,CAAC,EAAE,MAAM,EAClB,gBAAgB,CAAC,EAAE,YAAY,EAC/B,SAAS,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC;QACV,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,cAAc,CAAC;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,WAAW,CAAC;QAClB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAI3B,MAAM,CAAC,EAAE,cAAc,CAAC;KACxB,CAAC;IAkLF,uBAAuB,CACtB,QAAQ,EAAE,OAAO,EACjB,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EACpC,KAAK,CAAC,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM;;;;;;IAkBV,4BAA4B,CACjC,sBAAsB,EAAE,kBAAkB,EAC1C,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,SAAS,GAAG,eAAe;IASjC,eAAe,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAYpC,mBAAmB,CACxB,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,EAAE,GACjC,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAkC/B,qBAAqB,CAC1B,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,EAAE,GACjC,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IAsEjC,iBAAiB,CACtB,sBAAsB,EAAE,kBAAkB,EAC1C,eAAe,EAAE,gBAAgB,GAAG,mBAAmB,GAAG,cAAc,EACxE,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,cAAc,EACvB,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,EAC7B,WAAW,CAAC,EAAE,MAAM,EACpB,GAAG,CAAC,EAAE,MAAM,GACV,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IA0C9B,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAsB/C,yBAAyB,CAC9B,GAAG,EAAE,mBAAmB,EACxB,YAAY,EAAE,cAAc,GAAG,SAAS,EACxC,aAAa,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,SAAS,EAClD,SAAS,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,kBAAkB,CAAC;IAY9B,MAAM,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,EAAE,MAAM;CAGnD"}
+{"version":3,"file":"captchaManager.d.ts","sourceRoot":"","sources":["../../src/tasks/captchaManager.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,KAAK,MAAM,EAAa,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAEN,KAAK,WAAW,EAChB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,cAAc,EAEnB,KAAK,OAAO,EACZ,KAAK,iBAAiB,EACtB,IAAI,EACJ,KAAK,cAAc,EACnB,MAAM,gBAAgB,CAAC;AACxB,OAAO,KAAK,EACX,YAAY,EACZ,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACnB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACN,KAAK,YAAY,EAEjB,KAAK,kBAAkB,EACvB,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAMrC,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAGpE,OAAO,EACN,KAAK,kBAAkB,EAEvB,MAAM,8BAA8B,CAAC;AA0BtC,qBAAa,cAAc;IAC1B,IAAI,EAAE,WAAW,CAAC;IAClB,EAAE,EAAE,iBAAiB,CAAC;IACtB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,eAAe,GAAG,IAAI,CAAC;gBAGlC,EAAE,EAAE,iBAAiB,EACrB,IAAI,EAAE,WAAW,EACjB,MAAM,EAAE,mBAAmB,EAC3B,MAAM,CAAC,EAAE,MAAM,EACf,UAAU,CAAC,EAAE,eAAe,GAAG,IAAI;IAqBvB,4BAA4B,CACxC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EACzB,eAAe,CAAC,EAAE,OAAO,GACvB,OAAO,CAAC,IAAI,CAAC;IAiBH,4BAA4B,CACxC,sBAAsB,EAAE,MAAM,GAC5B,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,GAAG,SAAS,CAAC;IAe/C,oCAAoC,CAChD,SAAS,EAAE,MAAM,EACjB,sBAAsB,EAAE,MAAM,EAC9B,KAAK,EAAE,iBAAiB,GACtB,OAAO,CAAC,IAAI,CAAC;IAgBH,0CAA0C,CACtD,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,EAC9C,KAAK,EAAE,iBAAiB,GACtB,OAAO,CAAC,IAAI,CAAC;IAgBT,0BAA0B,CAChC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EACzB,eAAe,CAAC,EAAE,OAAO,GACvB,IAAI;IAqBA,+BAA+B,CACrC,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,EAC9C,KAAK,EAAE,iBAAiB,GACtB,IAAI;IAYD,iBAAiB,CACtB,aAAa,EAAE,OAAO,EACtB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,mBAAmB,GACtB,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,cAAc,CAAA;KAAE,CAAC;IAMjD,cAAc,CACnB,cAAc,EAAE,YAAY,GAAG,aAAa,EAC5C,oBAAoB,EAAE,WAAW,EACjC,GAAG,EAAE,mBAAmB,EACxB,SAAS,CAAC,EAAE,MAAM,EAClB,gBAAgB,CAAC,EAAE,YAAY,EAC/B,SAAS,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC;QACV,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,cAAc,CAAC;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,WAAW,CAAC;QAClB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAI3B,MAAM,CAAC,EAAE,cAAc,CAAC;KACxB,CAAC;IAkLF,uBAAuB,CACtB,QAAQ,EAAE,OAAO,EACjB,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,EACpC,KAAK,CAAC,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM;;;;;;IAkBV,4BAA4B,CACjC,sBAAsB,EAAE,kBAAkB,EAC1C,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,SAAS,GAAG,eAAe;IASjC,eAAe,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAYpC,mBAAmB,CACxB,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,EAAE,GACjC,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAkC/B,qBAAqB,CAC1B,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,EAAE,GACjC,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IAsEjC,iBAAiB,CACtB,sBAAsB,EAAE,kBAAkB,EAC1C,eAAe,EAAE,gBAAgB,GAAG,mBAAmB,GAAG,cAAc,EACxE,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,cAAc,EACvB,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,EAC7B,WAAW,CAAC,EAAE,MAAM,EACpB,GAAG,CAAC,EAAE,MAAM,GACV,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IA0C9B,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAwB/C,yBAAyB,CAC9B,GAAG,EAAE,mBAAmB,EACxB,YAAY,EAAE,cAAc,GAAG,SAAS,EACxC,aAAa,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,SAAS,EAClD,SAAS,CAAC,EAAE,MAAM,EAClB,gBAAgB,CAAC,EAAE,gBAAgB,GACjC,OAAO,CAAC,kBAAkB,CAAC;IAkB9B,MAAM,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,EAAE,MAAM;CAGnD"}