@revealui/core 0.0.1-pre.4 → 0.2.0

package/dist/security/audit.js

@@ -0,0 +1,431 @@
+/**
+ * Audit Logging System
+ *
+ * Track security-relevant events and user actions for compliance
+ */
+/**
+ * Audit logging system
+ */
+export class AuditSystem {
+    storage;
+    filters = [];
+    constructor(storage) {
+        this.storage = storage;
+    }
+    /**
+     * Log audit event
+     */
+    async log(event) {
+        const fullEvent = {
+            ...event,
+            id: crypto.randomUUID(),
+            timestamp: new Date().toISOString(),
+        };
+        // Apply filters
+        const shouldLog = this.filters.every((filter) => filter(fullEvent));
+        if (!shouldLog) {
+            return;
+        }
+        await this.storage.write(fullEvent);
+    }
+    /**
+     * Log authentication event
+     */
+    async logAuth(type, actorId, result, metadata) {
+        await this.log({
+            type,
+            severity: result === 'failure' ? 'medium' : 'low',
+            actor: {
+                id: actorId,
+                type: 'user',
+            },
+            action: type.replace('auth.', ''),
+            result,
+            metadata,
+        });
+    }
+    /**
+     * Log data access event
+     */
+    async logDataAccess(action, actorId, resourceType, resourceId, result, changes) {
+        await this.log({
+            type: `data.${action}`,
+            severity: action === 'delete' ? 'high' : 'medium',
+            actor: {
+                id: actorId,
+                type: 'user',
+            },
+            resource: {
+                type: resourceType,
+                id: resourceId,
+            },
+            action,
+            result,
+            changes,
+        });
+    }
+    /**
+     * Log permission change
+     */
+    async logPermissionChange(action, actorId, targetUserId, permission, result) {
+        await this.log({
+            type: `permission.${action}`,
+            severity: 'high',
+            actor: {
+                id: actorId,
+                type: 'user',
+            },
+            resource: {
+                type: 'user',
+                id: targetUserId,
+            },
+            action,
+            result,
+            metadata: {
+                permission,
+            },
+        });
+    }
+    /**
+     * Log security event
+     */
+    async logSecurityEvent(type, severity, actorId, message, metadata) {
+        await this.log({
+            type: `security.${type}`,
+            severity,
+            actor: {
+                id: actorId,
+                type: 'user',
+            },
+            action: type,
+            result: 'failure',
+            message,
+            metadata,
+        });
+    }
+    /**
+     * Log GDPR event
+     */
+    async logGDPREvent(type, actorId, result, metadata) {
+        await this.log({
+            type: `gdpr.${type}`,
+            severity: 'high',
+            actor: {
+                id: actorId,
+                type: 'user',
+            },
+            action: type,
+            result,
+            metadata,
+        });
+    }
+    /**
+     * Query audit logs
+     */
+    async query(query) {
+        return this.storage.query(query);
+    }
+    /**
+     * Count audit logs
+     */
+    async count(query) {
+        return this.storage.count(query);
+    }
+    /**
+     * Add filter
+     */
+    addFilter(filter) {
+        this.filters.push(filter);
+    }
+    /**
+     * Remove filter
+     */
+    removeFilter(filter) {
+        const index = this.filters.indexOf(filter);
+        if (index > -1) {
+            this.filters.splice(index, 1);
+        }
+    }
+}
+/**
+ * In-memory audit storage (for development)
+ */
+export class InMemoryAuditStorage {
+    events = [];
+    maxEvents;
+    constructor(maxEvents = 10000) {
+        this.maxEvents = maxEvents;
+    }
+    async write(event) {
+        this.events.push(event);
+        // Trim old events
+        if (this.events.length > this.maxEvents) {
+            this.events.shift();
+        }
+    }
+    async query(query) {
+        let results = [...this.events];
+        // Filter by type
+        if (query.types && query.types.length > 0) {
+            results = results.filter((e) => query.types?.includes(e.type));
+        }
+        // Filter by actor
+        if (query.actorId) {
+            results = results.filter((e) => e.actor.id === query.actorId);
+        }
+        // Filter by resource
+        if (query.resourceType) {
+            results = results.filter((e) => e.resource?.type === query.resourceType);
+        }
+        if (query.resourceId) {
+            results = results.filter((e) => e.resource?.id === query.resourceId);
+        }
+        // Filter by date range
+        if (query.startDate) {
+            results = results.filter((e) => new Date(e.timestamp) >= query.startDate);
+        }
+        if (query.endDate) {
+            results = results.filter((e) => new Date(e.timestamp) <= query.endDate);
+        }
+        // Filter by severity
+        if (query.severity && query.severity.length > 0) {
+            results = results.filter((e) => query.severity?.includes(e.severity));
+        }
+        // Filter by result
+        if (query.result && query.result.length > 0) {
+            results = results.filter((e) => query.result?.includes(e.result));
+        }
+        // Sort by timestamp (newest first)
+        results.sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime());
+        // Apply pagination
+        const offset = query.offset || 0;
+        const limit = query.limit || 100;
+        return results.slice(offset, offset + limit);
+    }
+    async count(query) {
+        const results = await this.query({ ...query, limit: undefined, offset: undefined });
+        return results.length;
+    }
+    /**
+     * Clear all events
+     */
+    clear() {
+        this.events = [];
+    }
+    /**
+     * Get all events
+     */
+    getAll() {
+        return [...this.events];
+    }
+}
+/**
+ * Audit trail decorator
+ */
+export function AuditTrail(type, action, options) {
+    return (_target, _propertyKey, descriptor) => {
+        const originalMethod = descriptor.value;
+        descriptor.value = async function (...args) {
+            const actorId = this.user?.id || 'system';
+            const before = options?.captureChanges ? args[0] : undefined;
+            let result = 'success';
+            let error;
+            try {
+                const returnValue = await originalMethod.apply(this, args);
+                // Log audit event
+                if (this.audit) {
+                    await this.audit.log({
+                        type,
+                        severity: options?.severity || 'medium',
+                        actor: {
+                            id: actorId,
+                            type: 'user',
+                        },
+                        resource: options?.resourceType
+                            ? {
+                                type: options.resourceType,
+                                id: args[0]?.id || 'unknown',
+                            }
+                            : undefined,
+                        action,
+                        result,
+                        changes: options?.captureChanges
+                            ? {
+                                before: before,
+                                after: returnValue,
+                            }
+                            : undefined,
+                    });
+                }
+                return returnValue;
+            }
+            catch (err) {
+                result = 'failure';
+                error = err;
+                // Log failure
+                if (this.audit) {
+                    await this.audit.log({
+                        type,
+                        severity: 'high',
+                        actor: {
+                            id: actorId,
+                            type: 'user',
+                        },
+                        resource: options?.resourceType
+                            ? {
+                                type: options.resourceType,
+                                id: args[0]?.id || 'unknown',
+                            }
+                            : undefined,
+                        action,
+                        result,
+                        message: error.message,
+                    });
+                }
+                throw error;
+            }
+        };
+        return descriptor;
+    };
+}
+/**
+ * Audit middleware
+ */
+export function createAuditMiddleware(audit, getUser) {
+    return async (request, next) => {
+        const user = getUser(request);
+        const startTime = Date.now();
+        try {
+            const response = await next();
+            // Log successful request
+            await audit.log({
+                type: 'data.read',
+                severity: 'low',
+                actor: {
+                    id: user.id,
+                    type: 'user',
+                    ip: user.ip,
+                    userAgent: user.userAgent,
+                },
+                action: request.method,
+                result: 'success',
+                metadata: {
+                    path: request.url,
+                    duration: Date.now() - startTime,
+                    status: response.status,
+                },
+            });
+            return response;
+        }
+        catch (error) {
+            // Log failed request
+            await audit.log({
+                type: 'data.read',
+                severity: 'medium',
+                actor: {
+                    id: user.id,
+                    type: 'user',
+                    ip: user.ip,
+                    userAgent: user.userAgent,
+                },
+                action: request.method,
+                result: 'failure',
+                message: error instanceof Error ? error.message : 'Unknown error',
+                metadata: {
+                    path: request.url,
+                    duration: Date.now() - startTime,
+                },
+            });
+            throw error;
+        }
+    };
+}
+/**
+ * Audit report generator
+ */
+export class AuditReportGenerator {
+    audit;
+    constructor(audit) {
+        this.audit = audit;
+    }
+    /**
+     * Generate security report
+     */
+    async generateSecurityReport(startDate, endDate) {
+        const allEvents = await this.audit.query({
+            startDate,
+            endDate,
+        });
+        const securityViolations = allEvents.filter((e) => e.type.startsWith('security.')).length;
+        const failedLogins = allEvents.filter((e) => e.type === 'auth.failed_login').length;
+        const permissionChanges = allEvents.filter((e) => e.type.startsWith('permission.')).length;
+        const dataExports = allEvents.filter((e) => e.type === 'data.export').length;
+        const criticalEvents = allEvents.filter((e) => e.severity === 'critical');
+        return {
+            totalEvents: allEvents.length,
+            securityViolations,
+            failedLogins,
+            permissionChanges,
+            dataExports,
+            criticalEvents,
+        };
+    }
+    /**
+     * Generate user activity report
+     */
+    async generateUserActivityReport(userId, startDate, endDate) {
+        const events = await this.audit.query({
+            actorId: userId,
+            startDate,
+            endDate,
+        });
+        const actionsByType = events.reduce((acc, event) => {
+            acc[event.type] = (acc[event.type] || 0) + 1;
+            return acc;
+        }, {});
+        const failedActions = events.filter((e) => e.result === 'failure').length;
+        return {
+            totalActions: events.length,
+            actionsByType,
+            failedActions,
+            recentActions: events.slice(0, 10),
+        };
+    }
+    /**
+     * Generate compliance report
+     */
+    async generateComplianceReport(startDate, endDate) {
+        const events = await this.audit.query({
+            startDate,
+            endDate,
+        });
+        const dataAccesses = events.filter((e) => e.type === 'data.read').length;
+        const dataModifications = events.filter((e) => e.type === 'data.update' || e.type === 'data.create').length;
+        const dataDeletions = events.filter((e) => e.type === 'data.delete').length;
+        const gdprRequests = events.filter((e) => e.type.startsWith('gdpr.')).length;
+        // Check if audit trail is complete (no gaps)
+        const auditTrailComplete = this.checkAuditTrailContinuity(events);
+        return {
+            dataAccesses,
+            dataModifications,
+            dataDeletions,
+            gdprRequests,
+            auditTrailComplete,
+        };
+    }
+    /**
+     * Check audit trail continuity
+     */
+    checkAuditTrailContinuity(events) {
+        if (events.length === 0)
+            return true;
+        // Sort by timestamp
+        const sorted = events.sort((a, b) => new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime());
+        // Check for gaps (simplified - just check if we have events)
+        return sorted.length > 0;
+    }
+}
+/**
+ * Global audit system
+ */
+export const audit = new AuditSystem(new InMemoryAuditStorage());

package/dist/security/auth.d.ts

@@ -0,0 +1,241 @@
+/**
+ * Authentication System
+ *
+ * JWT-based authentication with session management, token refresh, and OAuth support
+ */
+export interface User {
+    id: string;
+    email: string;
+    username?: string;
+    roles: string[];
+    permissions: string[];
+    metadata?: Record<string, unknown>;
+}
+export interface AuthToken {
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt: number;
+    tokenType: 'Bearer' | 'JWT';
+}
+export interface AuthSession {
+    user: User;
+    token: AuthToken;
+    createdAt: number;
+    lastActivity: number;
+    expiresAt: number;
+    deviceInfo?: {
+        userAgent: string;
+        ip: string;
+        device: string;
+    };
+}
+export interface JWTPayload {
+    sub: string;
+    email: string;
+    roles: string[];
+    permissions: string[];
+    iat: number;
+    exp: number;
+    iss?: string;
+    aud?: string;
+    [key: string]: unknown;
+}
+export interface AuthConfig {
+    jwtSecret: string;
+    jwtAlgorithm?: 'HS256' | 'HS384' | 'HS512' | 'RS256';
+    accessTokenExpiry?: number;
+    refreshTokenExpiry?: number;
+    issuer?: string;
+    audience?: string;
+    sessionTimeout?: number;
+    refreshThreshold?: number;
+}
+/**
+ * Authentication system
+ */
+export declare class AuthSystem {
+    private static readonly MAX_SESSIONS;
+    private config;
+    private sessions;
+    private refreshTokens;
+    private sessionCleanupInterval?;
+    constructor(config: AuthConfig);
+    /**
+     * Authenticate user with credentials
+     */
+    authenticate(_email: string, _password: string, _deviceInfo?: AuthSession['deviceInfo']): Promise<{
+        user: User;
+        token: AuthToken;
+        session: AuthSession;
+    }>;
+    /**
+     * Create JWT token
+     */
+    createToken(user: User, expiresIn?: number): Promise<AuthToken>;
+    /**
+     * Verify and decode JWT token
+     */
+    verifyToken(token: string): Promise<JWTPayload>;
+    /**
+     * Refresh access token
+     */
+    refreshAccessToken(refreshToken: string): Promise<AuthToken>;
+    /**
+     * Create session
+     */
+    createSession(user: User, token: AuthToken, deviceInfo?: AuthSession['deviceInfo']): AuthSession;
+    /**
+     * Get session
+     */
+    getSession(userId: string): AuthSession | undefined;
+    /**
+     * Update session activity
+     */
+    updateSessionActivity(userId: string): void;
+    /**
+     * Destroy session
+     */
+    destroySession(userId: string): void;
+    /**
+     * Destroy all sessions for user
+     */
+    destroyAllSessions(userId: string): void;
+    /**
+     * Check if token needs refresh
+     */
+    shouldRefreshToken(token: AuthToken): boolean;
+    /**
+     * Get user from token
+     */
+    getUserFromToken(token: string): Promise<User | null>;
+    /**
+     * Encode JWT using jose library (Web Crypto API)
+     */
+    private encodeJWT;
+    /**
+     * Decode and verify JWT using jose library (Web Crypto API)
+     */
+    private decodeJWT;
+    /**
+     * Generate cryptographically secure refresh token
+     */
+    private generateRefreshToken;
+    /**
+     * Start session cleanup interval
+     */
+    private startSessionCleanup;
+    /**
+     * Stop session cleanup
+     */
+    destroy(): void;
+}
+/**
+ * OAuth configuration
+ */
+export interface OAuthConfig {
+    provider: 'google' | 'github' | 'microsoft' | 'custom';
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+    scope?: string[];
+    authorizationUrl?: string;
+    tokenUrl?: string;
+    userInfoUrl?: string;
+}
+/**
+ * OAuth provider configurations
+ */
+export declare const OAuthProviders: {
+    google: {
+        authorizationUrl: string;
+        tokenUrl: string;
+        userInfoUrl: string;
+        scope: string[];
+    };
+    github: {
+        authorizationUrl: string;
+        tokenUrl: string;
+        userInfoUrl: string;
+        scope: string[];
+    };
+    microsoft: {
+        authorizationUrl: string;
+        tokenUrl: string;
+        userInfoUrl: string;
+        scope: string[];
+    };
+};
+/**
+ * OAuth client
+ */
+export declare class OAuthClient {
+    private config;
+    constructor(config: OAuthConfig);
+    /**
+     * Get authorization URL
+     */
+    getAuthorizationUrl(state?: string): string;
+    /**
+     * Exchange code for token
+     */
+    exchangeCodeForToken(code: string): Promise<{
+        access_token: string;
+        refresh_token?: string;
+        expires_in: number;
+        token_type: string;
+    }>;
+    /**
+     * Get user info
+     */
+    getUserInfo(accessToken: string): Promise<{
+        id: string;
+        email: string;
+        name?: string;
+        picture?: string;
+    }>;
+}
+/**
+ * Password hashing utilities
+ *
+ * Uses PBKDF2 with a random salt for secure password hashing.
+ * For even stronger hashing, use bcryptjs (available in @revealui/auth).
+ */
+export declare class PasswordHasher {
+    private static readonly ITERATIONS;
+    private static readonly KEY_LENGTH;
+    private static readonly DIGEST;
+    /**
+     * Hash password with PBKDF2 and random salt
+     */
+    static hash(password: string): Promise<string>;
+    /**
+     * Verify password against stored hash
+     */
+    static verify(password: string, storedHash: string): Promise<boolean>;
+}
+/**
+ * Two-factor authentication
+ */
+export declare class TwoFactorAuth {
+    /**
+     * Generate TOTP secret
+     */
+    static generateSecret(): string;
+    /**
+     * Generate TOTP code
+     */
+    static generateCode(secret: string, timestamp?: number): string;
+    /**
+     * Verify TOTP code
+     */
+    static verifyCode(secret: string, code: string, window?: number): boolean;
+    /**
+     * Base32 encode
+     */
+    private static base32Encode;
+    /**
+     * HMAC-SHA1 implementation for TOTP
+     */
+    private static hmac;
+}
+//# sourceMappingURL=auth.d.ts.map

package/dist/security/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/security/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC;AAED,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,QAAQ,GAAG,KAAK,CAAA;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,IAAI,CAAA;IACV,KAAK,EAAE,SAAS,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE;QACX,SAAS,EAAE,MAAM,CAAA;QACjB,EAAE,EAAE,MAAM,CAAA;QACV,MAAM,EAAE,MAAM,CAAA;KACf,CAAA;CACF;AAED,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,CAAA;IACpD,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B;AAYD;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAS;IAC7C,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,QAAQ,CAAsC;IACtD,OAAO,CAAC,aAAa,CAAiC;IACtD,OAAO,CAAC,sBAAsB,CAAC,CAAgB;gBAEnC,MAAM,EAAE,UAAU;IAK9B;;OAEG;IACG,YAAY,CAChB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,WAAW,CAAC,EAAE,WAAW,CAAC,YAAY,CAAC,GACtC,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,KAAK,EAAE,SAAS,CAAC;QAAC,OAAO,EAAE,WAAW,CAAA;KAAE,CAAC;IAMlE;;OAEG;IACG,WAAW,CACf,IAAI,EAAE,IAAI,EACV,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,SAAS,CAAC;IA4BrB;;OAEG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IA4BrD;;OAEG;IACG,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAkBlE;;OAEG;IACH,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,WAAW,CAAC,YAAY,CAAC,GAAG,WAAW;IAoChG;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAgBnD;;OAEG;IACH,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAS3C;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAUpC;;OAEG;IACH,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAIxC;;OAEG;IACH,kBAAkB,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO;IAK7C;;OAEG;IACG,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAe3D;;OAEG;YACW,SAAS;IAoBvB;;OAEG;YACW,SAAS;IAMvB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAK5B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAY3B;;OAEG;IACH,OAAO,IAAI,IAAI;CAKhB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,WAAW,GAAG,QAAQ,CAAA;IACtD,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED;;GAEG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;CAmB1B,CAAA;AAED;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAa;gBAEf,MAAM,EAAE,WAAW;IAO/B;;OAEG;IACH,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM;IAe3C;;OAEG;IACG,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAChD,YAAY,EAAE,MAAM,CAAA;QACpB,aAAa,CAAC,EAAE,MAAM,CAAA;QACtB,UAAU,EAAE,MAAM,CAAA;QAClB,UAAU,EAAE,MAAM,CAAA;KACnB,CAAC;IAsBF;;OAEG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;QAC9C,EAAE,EAAE,MAAM,CAAA;QACV,KAAK,EAAE,MAAM,CAAA;QACb,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,OAAO,CAAC,EAAE,MAAM,CAAA;KACjB,CAAC;CAaH;AAED;;;;;GAKG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAS;IAC3C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAK;IACvC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAW;IAEzC;;OAEG;WACU,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAmBpD;;OAEG;WACU,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CA8B5E;AAED;;GAEG;AACH,qBAAa,aAAa;IACxB;;OAEG;IACH,MAAM,CAAC,cAAc,IAAI,MAAM;IAW/B;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM;IAc/D;;OAEG;IACH,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,GAAE,MAAU,GAAG,OAAO;IAgB5E;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,YAAY;IAwB3B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,IAAI;CAIpB"}