@revisium/core 2.8.0 → 2.9.0

package/dist/src/features/oauth/oauth-token.service.js

@@ -0,0 +1,190 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthTokenService = void 0;
+const common_1 = require("@nestjs/common");
+const config_1 = require("@nestjs/config");
+const node_crypto_1 = require("node:crypto");
+const prisma_service_1 = require("../../infrastructure/database/prisma.service");
+const ACCESS_TOKEN_PREFIX = 'oat_';
+const REFRESH_TOKEN_PREFIX = 'ort_';
+const ACCESS_TOKEN_EXPIRY_HOURS = 1;
+const REFRESH_TOKEN_EXPIRY_DAYS = 30;
+const DEFAULT_MCP_ACCESS_TOKEN_EXPIRY_DAYS = 30;
+const MCP_REFRESH_TOKEN_EXPIRY_DAYS = 90;
+let OAuthTokenService = class OAuthTokenService {
+    constructor(prisma, configService) {
+        this.prisma = prisma;
+        this.configService = configService;
+        const parsed = Number.parseInt(this.configService.get('MCP_ACCESS_TOKEN_EXPIRY_DAYS') ?? '', 10);
+        this.mcpAccessTokenExpiryDays =
+            parsed > 0 ? parsed : DEFAULT_MCP_ACCESS_TOKEN_EXPIRY_DAYS;
+    }
+    async createTokens(clientId, userId, scope) {
+        const accessToken = ACCESS_TOKEN_PREFIX + (0, node_crypto_1.randomBytes)(36).toString('hex');
+        const refreshToken = REFRESH_TOKEN_PREFIX + (0, node_crypto_1.randomBytes)(36).toString('hex');
+        const isMcpScope = scope?.split(' ').includes('mcp') ?? false;
+        const accessExpiresAt = new Date();
+        if (isMcpScope) {
+            accessExpiresAt.setDate(accessExpiresAt.getDate() + this.mcpAccessTokenExpiryDays);
+        }
+        else {
+            accessExpiresAt.setHours(accessExpiresAt.getHours() + ACCESS_TOKEN_EXPIRY_HOURS);
+        }
+        const refreshExpiryDays = isMcpScope
+            ? MCP_REFRESH_TOKEN_EXPIRY_DAYS
+            : REFRESH_TOKEN_EXPIRY_DAYS;
+        const refreshExpiresAt = new Date();
+        refreshExpiresAt.setDate(refreshExpiresAt.getDate() + refreshExpiryDays);
+        const expiresIn = isMcpScope
+            ? this.mcpAccessTokenExpiryDays * 86400
+            : ACCESS_TOKEN_EXPIRY_HOURS * 3600;
+        await this.prisma.$transaction([
+            this.prisma.oAuthAccessToken.create({
+                data: {
+                    tokenHash: this.hashToken(accessToken),
+                    clientId,
+                    userId,
+                    scope: scope ?? null,
+                    expiresAt: accessExpiresAt,
+                },
+            }),
+            this.prisma.oAuthRefreshToken.create({
+                data: {
+                    tokenHash: this.hashToken(refreshToken),
+                    clientId,
+                    userId,
+                    scope: scope ?? null,
+                    expiresAt: refreshExpiresAt,
+                },
+            }),
+        ]);
+        return {
+            accessToken,
+            refreshToken,
+            expiresIn,
+            tokenType: 'Bearer',
+        };
+    }
+    async validateAccessToken(token) {
+        const tokenHash = this.hashToken(token);
+        const accessToken = await this.prisma.oAuthAccessToken.findUnique({
+            where: { tokenHash },
+            include: {
+                user: {
+                    select: {
+                        id: true,
+                        username: true,
+                        email: true,
+                        roleId: true,
+                    },
+                },
+            },
+        });
+        if (!accessToken) {
+            throw new common_1.UnauthorizedException('Invalid access token');
+        }
+        if (accessToken.revokedAt) {
+            throw new common_1.UnauthorizedException('Access token has been revoked');
+        }
+        if (accessToken.expiresAt < new Date()) {
+            throw new common_1.UnauthorizedException('Access token expired');
+        }
+        return {
+            userId: accessToken.user.id,
+            username: accessToken.user.username ?? '',
+            email: accessToken.user.email ?? '',
+            roleId: accessToken.user.roleId,
+        };
+    }
+    async refreshTokens(refreshToken, clientId) {
+        const tokenHash = this.hashToken(refreshToken);
+        const result = await this.prisma.oAuthRefreshToken.updateMany({
+            where: {
+                tokenHash,
+                clientId,
+                revokedAt: null,
+                expiresAt: { gt: new Date() },
+            },
+            data: { revokedAt: new Date() },
+        });
+        if (result.count === 0) {
+            throw new common_1.UnauthorizedException('Invalid or expired refresh token');
+        }
+        const existing = await this.prisma.oAuthRefreshToken.findUnique({
+            where: { tokenHash },
+        });
+        if (!existing) {
+            throw new common_1.UnauthorizedException('Invalid refresh token');
+        }
+        return this.createTokens(clientId, existing.userId, existing.scope ?? undefined);
+    }
+    async revokeToken(token, tokenTypeHint, clientId) {
+        const tokenHash = this.hashToken(token);
+        if (tokenTypeHint === 'refresh_token' ||
+            token.startsWith(REFRESH_TOKEN_PREFIX)) {
+            const revoked = await this.revokeRefreshTokenWithCascade(tokenHash, clientId);
+            if (revoked) {
+                return;
+            }
+        }
+        if (tokenTypeHint === 'access_token' ||
+            token.startsWith(ACCESS_TOKEN_PREFIX)) {
+            await this.revokeAccessToken(tokenHash, clientId);
+            return;
+        }
+        const accessResult = await this.revokeAccessToken(tokenHash, clientId);
+        if (accessResult.count === 0) {
+            await this.revokeRefreshTokenWithCascade(tokenHash, clientId);
+        }
+    }
+    async revokeAccessToken(tokenHash, clientId) {
+        return this.prisma.oAuthAccessToken.updateMany({
+            where: { tokenHash, clientId, revokedAt: null },
+            data: { revokedAt: new Date() },
+        });
+    }
+    async revokeRefreshTokenWithCascade(tokenHash, clientId) {
+        return this.prisma.$transaction(async (tx) => {
+            const result = await tx.oAuthRefreshToken.updateMany({
+                where: { tokenHash, clientId, revokedAt: null },
+                data: { revokedAt: new Date() },
+            });
+            if (result.count === 0) {
+                return false;
+            }
+            const refreshToken = await tx.oAuthRefreshToken.findUnique({
+                where: { tokenHash },
+            });
+            if (refreshToken) {
+                await tx.oAuthAccessToken.updateMany({
+                    where: {
+                        clientId: refreshToken.clientId,
+                        userId: refreshToken.userId,
+                        revokedAt: null,
+                    },
+                    data: { revokedAt: new Date() },
+                });
+            }
+            return true;
+        });
+    }
+    hashToken(token) {
+        return (0, node_crypto_1.createHash)('sha256').update(token).digest('hex');
+    }
+};
+exports.OAuthTokenService = OAuthTokenService;
+exports.OAuthTokenService = OAuthTokenService = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [prisma_service_1.PrismaService,
+        config_1.ConfigService])
+], OAuthTokenService);
+//# sourceMappingURL=oauth-token.service.js.map

package/dist/src/features/oauth/oauth-token.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-token.service.js","sourceRoot":"","sources":["../../../../src/features/oauth/oauth-token.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAmE;AACnE,2CAA+C;AAC/C,6CAAsD;AACtD,iFAA2E;AAE3E,MAAM,mBAAmB,GAAG,MAAM,CAAC;AACnC,MAAM,oBAAoB,GAAG,MAAM,CAAC;AACpC,MAAM,yBAAyB,GAAG,CAAC,CAAC;AACpC,MAAM,yBAAyB,GAAG,EAAE,CAAC;AACrC,MAAM,oCAAoC,GAAG,EAAE,CAAC;AAChD,MAAM,6BAA6B,GAAG,EAAE,CAAC;AAiBlC,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAG5B,YACmB,MAAqB,EACrB,aAA4B;QAD5B,WAAM,GAAN,MAAM,CAAe;QACrB,kBAAa,GAAb,aAAa,CAAe;QAE7C,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAC5B,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,8BAA8B,CAAC,IAAI,EAAE,EACpE,EAAE,CACH,CAAC;QACF,IAAI,CAAC,wBAAwB;YAC3B,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,oCAAoC,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,MAAc,EACd,KAAc;QAEd,MAAM,WAAW,GAAG,mBAAmB,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC1E,MAAM,YAAY,GAAG,oBAAoB,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE5E,MAAM,UAAU,GAAG,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC;QAC9D,MAAM,eAAe,GAAG,IAAI,IAAI,EAAE,CAAC;QAEnC,IAAI,UAAU,EAAE,CAAC;YACf,eAAe,CAAC,OAAO,CACrB,eAAe,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,wBAAwB,CAC1D,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,eAAe,CAAC,QAAQ,CACtB,eAAe,CAAC,QAAQ,EAAE,GAAG,yBAAyB,CACvD,CAAC;QACJ,CAAC;QAED,MAAM,iBAAiB,GAAG,UAAU;YAClC,CAAC,CAAC,6BAA6B;YAC/B,CAAC,CAAC,yBAAyB,CAAC;QAC9B,MAAM,gBAAgB,GAAG,IAAI,IAAI,EAAE,CAAC;QACpC,gBAAgB,CAAC,OAAO,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,iBAAiB,CAAC,CAAC;QAEzE,MAAM,SAAS,GAAG,UAAU;YAC1B,CAAC,CAAC,IAAI,CAAC,wBAAwB,GAAG,KAAK;YACvC,CAAC,CAAC,yBAAyB,GAAG,IAAI,CAAC;QAErC,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC;gBAClC,IAAI,EAAE;oBACJ,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC;oBACtC,QAAQ;oBACR,MAAM;oBACN,KAAK,EAAE,KAAK,IAAI,IAAI;oBACpB,SAAS,EAAE,eAAe;iBAC3B;aACF,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC;gBACnC,IAAI,EAAE;oBACJ,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;oBACvC,QAAQ;oBACR,MAAM;oBACN,KAAK,EAAE,KAAK,IAAI,IAAI;oBACpB,SAAS,EAAE,gBAAgB;iBAC5B;aACF,CAAC;SACH,CAAC,CAAC;QAEH,OAAO;YACL,WAAW;YACX,YAAY;YACZ,SAAS;YACT,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,KAAa;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAExC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,UAAU,CAAC;YAChE,KAAK,EAAE,EAAE,SAAS,EAAE;YACpB,OAAO,EAAE;gBACP,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,EAAE,EAAE,IAAI;wBACR,QAAQ,EAAE,IAAI;wBACd,KAAK,EAAE,IAAI;wBACX,MAAM,EAAE,IAAI;qBACb;iBACF;aACF;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,8BAAqB,CAAC,sBAAsB,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,8BAAqB,CAAC,+BAA+B,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,WAAW,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,8BAAqB,CAAC,sBAAsB,CAAC,CAAC;QAC1D,CAAC;QAED,OAAO;YACL,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,EAAE;YAC3B,QAAQ,EAAE,WAAW,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE;YACzC,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE;YACnC,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM;SAChC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,YAAoB,EACpB,QAAgB;QAEhB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAE/C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,UAAU,CAAC;YAC5D,KAAK,EAAE;gBACL,SAAS;gBACT,QAAQ;gBACR,SAAS,EAAE,IAAI;gBACf,SAAS,EAAE,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,EAAE;aAC9B;YACD,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SAChC,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,8BAAqB,CAAC,kCAAkC,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,UAAU,CAAC;YAC9D,KAAK,EAAE,EAAE,SAAS,EAAE;SACrB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO,IAAI,CAAC,YAAY,CACtB,QAAQ,EACR,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,KAAK,IAAI,SAAS,CAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CACf,KAAa,EACb,aAAiC,EACjC,QAAgB;QAEhB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAExC,IACE,aAAa,KAAK,eAAe;YACjC,KAAK,CAAC,UAAU,CAAC,oBAAoB,CAAC,EACtC,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,6BAA6B,CACtD,SAAS,EACT,QAAQ,CACT,CAAC;YACF,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO;YACT,CAAC;QACH,CAAC;QAED,IACE,aAAa,KAAK,cAAc;YAChC,KAAK,CAAC,UAAU,CAAC,mBAAmB,CAAC,EACrC,CAAC;YACD,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAClD,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEvE,IAAI,YAAY,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,CAAC,6BAA6B,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,SAAiB,EAAE,QAAgB;QACjE,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE;YAC/C,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,6BAA6B,CACzC,SAAiB,EACjB,QAAgB;QAEhB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE;YAC3C,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC;gBACnD,KAAK,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE;gBAC/C,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;aAChC,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC;gBACzD,KAAK,EAAE,EAAE,SAAS,EAAE;aACrB,CAAC,CAAC;YAEH,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC;oBACnC,KAAK,EAAE;wBACL,QAAQ,EAAE,YAAY,CAAC,QAAQ;wBAC/B,MAAM,EAAE,YAAY,CAAC,MAAM;wBAC3B,SAAS,EAAE,IAAI;qBAChB;oBACD,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,SAAS,CAAC,KAAa;QAC7B,OAAO,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;CACF,CAAA;AAjOY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;qCAKgB,8BAAa;QACN,sBAAa;GALpC,iBAAiB,CAiO7B"}

package/dist/src/features/oauth/oauth.controller.d.ts

@@ -0,0 +1,88 @@
+import { ConfigService } from '@nestjs/config';
+import { JwtService } from '@nestjs/jwt';
+import { Request, Response } from 'express';
+import { JwtSecretService } from '../../features/auth/jwt-secret.service';
+import { OAuthClientService } from './oauth-client.service';
+import { OAuthAuthorizationService } from './oauth-authorization.service';
+import { OAuthTokenService } from './oauth-token.service';
+export declare class OAuthController {
+    private readonly configService;
+    private readonly jwtService;
+    private readonly jwtSecret;
+    private readonly clientService;
+    private readonly authorizationService;
+    private readonly tokenService;
+    private readonly publicUrl;
+    constructor(configService: ConfigService, jwtService: JwtService, jwtSecret: JwtSecretService, clientService: OAuthClientService, authorizationService: OAuthAuthorizationService, tokenService: OAuthTokenService);
+    getAuthorizationServerMetadata(): {
+        issuer: string;
+        authorization_endpoint: string;
+        token_endpoint: string;
+        registration_endpoint: string;
+        response_types_supported: string[];
+        grant_types_supported: string[];
+        code_challenge_methods_supported: string[];
+        token_endpoint_auth_methods_supported: string[];
+        revocation_endpoint: string;
+        revocation_endpoint_auth_methods_supported: string[];
+        scopes_supported: string[];
+    };
+    getProtectedResourceMetadata(): {
+        resource: string;
+        authorization_servers: string[];
+        bearer_methods_supported: string[];
+        scopes_supported: string[];
+    };
+    registerClient(body: {
+        client_name: string;
+        redirect_uris: string[];
+        grant_types?: string[];
+    }): Promise<{
+        client_id: string;
+        client_secret: string;
+        client_name: string;
+        redirect_uris: string[];
+        grant_types: string[];
+    }>;
+    handleAuthorizeGet(query: {
+        client_id: string;
+        redirect_uri: string;
+        code_challenge: string;
+        code_challenge_method: string;
+        response_type: string;
+        state: string;
+        scope?: string;
+    }, res: Response): Promise<void>;
+    handleAuthorize(req: Request, body: {
+        client_id: string;
+        redirect_uri: string;
+        code_challenge: string;
+        state: string;
+        scope?: string;
+    }): Promise<{
+        redirect_uri: string;
+    }>;
+    revokeToken(body: {
+        token: string;
+        token_type_hint?: string;
+        client_id?: string;
+        client_secret?: string;
+    }): Promise<{}>;
+    exchangeToken(body: {
+        grant_type: string;
+        code?: string;
+        client_id?: string;
+        client_secret?: string;
+        code_verifier?: string;
+        redirect_uri?: string;
+        refresh_token?: string;
+    }): Promise<{
+        access_token: string;
+        token_type: string;
+        expires_in: number;
+        refresh_token: string;
+    }>;
+    private handleAuthorizationCodeGrant;
+    private handleRefreshTokenGrant;
+    private extractUserIdFromBearer;
+}

package/dist/src/features/oauth/oauth.controller.js

@@ -0,0 +1,285 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthController = void 0;
+const common_1 = require("@nestjs/common");
+const config_1 = require("@nestjs/config");
+const jwt_1 = require("@nestjs/jwt");
+const swagger_1 = require("@nestjs/swagger");
+const jwt_secret_service_1 = require("../auth/jwt-secret.service");
+const oauth_client_service_1 = require("./oauth-client.service");
+const oauth_authorization_service_1 = require("./oauth-authorization.service");
+const oauth_token_service_1 = require("./oauth-token.service");
+let OAuthController = class OAuthController {
+    constructor(configService, jwtService, jwtSecret, clientService, authorizationService, tokenService) {
+        this.configService = configService;
+        this.jwtService = jwtService;
+        this.jwtSecret = jwtSecret;
+        this.clientService = clientService;
+        this.authorizationService = authorizationService;
+        this.tokenService = tokenService;
+        this.publicUrl =
+            this.configService.get('PUBLIC_URL') || 'http://localhost:8080';
+    }
+    getAuthorizationServerMetadata() {
+        return {
+            issuer: this.publicUrl,
+            authorization_endpoint: `${this.publicUrl}/oauth/authorize`,
+            token_endpoint: `${this.publicUrl}/oauth/token`,
+            registration_endpoint: `${this.publicUrl}/oauth/register`,
+            response_types_supported: ['code'],
+            grant_types_supported: ['authorization_code', 'refresh_token'],
+            code_challenge_methods_supported: ['S256'],
+            token_endpoint_auth_methods_supported: ['client_secret_post'],
+            revocation_endpoint: `${this.publicUrl}/oauth/revoke`,
+            revocation_endpoint_auth_methods_supported: ['client_secret_post'],
+            scopes_supported: ['mcp'],
+        };
+    }
+    getProtectedResourceMetadata() {
+        return {
+            resource: this.publicUrl,
+            authorization_servers: [this.publicUrl],
+            bearer_methods_supported: ['header'],
+            scopes_supported: ['mcp'],
+        };
+    }
+    async registerClient(body) {
+        if (!body.client_name) {
+            throw new common_1.BadRequestException('client_name is required');
+        }
+        if (!body.redirect_uris || body.redirect_uris.length === 0) {
+            throw new common_1.BadRequestException('redirect_uris is required');
+        }
+        const result = await this.clientService.registerClient({
+            clientName: body.client_name,
+            redirectUris: body.redirect_uris,
+            grantTypes: body.grant_types,
+        });
+        return {
+            client_id: result.clientId,
+            client_secret: result.clientSecret,
+            client_name: result.clientName,
+            redirect_uris: body.redirect_uris,
+            grant_types: body.grant_types ?? ['authorization_code', 'refresh_token'],
+        };
+    }
+    async handleAuthorizeGet(query, res) {
+        const { client_id: clientId, redirect_uri: redirectUri, code_challenge: codeChallenge, code_challenge_method: codeChallengeMethod, response_type: responseType, state, scope, } = query;
+        if (!clientId || !redirectUri || !codeChallenge || !state) {
+            throw new common_1.BadRequestException('Missing required parameters');
+        }
+        if (!responseType || responseType !== 'code') {
+            throw new common_1.BadRequestException('response_type is required and must be "code"');
+        }
+        if (!codeChallengeMethod || codeChallengeMethod !== 'S256') {
+            throw new common_1.BadRequestException('code_challenge_method is required and must be "S256"');
+        }
+        const client = await this.clientService.findClient(clientId);
+        if (!client) {
+            throw new common_1.BadRequestException('Unknown client_id');
+        }
+        if (!client.redirectUris.includes(redirectUri)) {
+            throw new common_1.BadRequestException('Invalid redirect_uri');
+        }
+        const params = new URLSearchParams({
+            client_id: clientId,
+            client_name: client.clientName,
+            redirect_uri: redirectUri,
+            code_challenge: codeChallenge,
+            state,
+        });
+        if (scope) {
+            params.set('scope', scope);
+        }
+        res.redirect(302, `${this.publicUrl}/authorize?${params.toString()}`);
+    }
+    async handleAuthorize(req, body) {
+        const { client_id, redirect_uri, code_challenge, state, scope } = body;
+        if (!client_id || !redirect_uri || !code_challenge || !state) {
+            throw new common_1.BadRequestException('Missing required fields');
+        }
+        const client = await this.clientService.findClient(client_id);
+        if (!client) {
+            throw new common_1.BadRequestException('Unknown client_id');
+        }
+        if (!client.redirectUris.includes(redirect_uri)) {
+            throw new common_1.BadRequestException('Invalid redirect_uri');
+        }
+        const userId = this.extractUserIdFromBearer(req);
+        const code = await this.authorizationService.createAuthorizationCode({
+            clientId: client_id,
+            userId,
+            redirectUri: redirect_uri,
+            codeChallenge: code_challenge,
+            scope,
+        });
+        const redirectUrl = new URL(redirect_uri);
+        redirectUrl.searchParams.set('code', code);
+        redirectUrl.searchParams.set('state', state);
+        return {
+            redirect_uri: redirectUrl.toString(),
+        };
+    }
+    async revokeToken(body) {
+        const { token, token_type_hint, client_id, client_secret } = body;
+        if (!token) {
+            throw new common_1.BadRequestException('token is required');
+        }
+        if (!client_id || !client_secret) {
+            throw new common_1.BadRequestException('Client authentication required');
+        }
+        const validSecret = await this.clientService.validateClientSecret(client_id, client_secret);
+        if (!validSecret) {
+            throw new common_1.BadRequestException('Invalid client credentials');
+        }
+        await this.tokenService.revokeToken(token, token_type_hint, client_id);
+        return {};
+    }
+    async exchangeToken(body) {
+        const grantType = body.grant_type;
+        if (grantType === 'authorization_code') {
+            return this.handleAuthorizationCodeGrant(body);
+        }
+        if (grantType === 'refresh_token') {
+            return this.handleRefreshTokenGrant(body);
+        }
+        throw new common_1.BadRequestException(`Unsupported grant_type: ${grantType}`);
+    }
+    async handleAuthorizationCodeGrant(body) {
+        const { code, client_id, client_secret, code_verifier, redirect_uri } = body;
+        if (!code ||
+            !client_id ||
+            !client_secret ||
+            !code_verifier ||
+            !redirect_uri) {
+            throw new common_1.BadRequestException('Missing required parameters for authorization_code grant');
+        }
+        const validSecret = await this.clientService.validateClientSecret(client_id, client_secret);
+        if (!validSecret) {
+            throw new common_1.BadRequestException('Invalid client credentials');
+        }
+        const { userId, scope } = await this.authorizationService.exchangeCode({
+            code,
+            clientId: client_id,
+            codeVerifier: code_verifier,
+            redirectUri: redirect_uri,
+        });
+        const tokens = await this.tokenService.createTokens(client_id, userId, scope ?? undefined);
+        return {
+            access_token: tokens.accessToken,
+            token_type: tokens.tokenType,
+            expires_in: tokens.expiresIn,
+            refresh_token: tokens.refreshToken,
+        };
+    }
+    async handleRefreshTokenGrant(body) {
+        const { client_id, client_secret, refresh_token } = body;
+        if (!client_id || !client_secret || !refresh_token) {
+            throw new common_1.BadRequestException('Missing required parameters for refresh_token grant');
+        }
+        const validSecret = await this.clientService.validateClientSecret(client_id, client_secret);
+        if (!validSecret) {
+            throw new common_1.BadRequestException('Invalid client credentials');
+        }
+        const tokens = await this.tokenService.refreshTokens(refresh_token, client_id);
+        return {
+            access_token: tokens.accessToken,
+            token_type: tokens.tokenType,
+            expires_in: tokens.expiresIn,
+            refresh_token: tokens.refreshToken,
+        };
+    }
+    extractUserIdFromBearer(req) {
+        const authHeader = req.headers['authorization'];
+        if (!authHeader?.startsWith('Bearer ')) {
+            throw new common_1.UnauthorizedException('Missing Authorization header');
+        }
+        const token = authHeader.slice(7);
+        try {
+            const decoded = this.jwtService.verify(token, {
+                secret: this.jwtSecret.secret,
+            });
+            if (!decoded?.sub) {
+                throw new common_1.UnauthorizedException('Invalid token');
+            }
+            return decoded.sub;
+        }
+        catch {
+            throw new common_1.UnauthorizedException('Invalid or expired token');
+        }
+    }
+};
+exports.OAuthController = OAuthController;
+__decorate([
+    (0, common_1.Get)('.well-known/oauth-authorization-server'),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", []),
+    __metadata("design:returntype", void 0)
+], OAuthController.prototype, "getAuthorizationServerMetadata", null);
+__decorate([
+    (0, common_1.Get)('.well-known/oauth-protected-resource'),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", []),
+    __metadata("design:returntype", void 0)
+], OAuthController.prototype, "getProtectedResourceMetadata", null);
+__decorate([
+    (0, common_1.Post)('oauth/register'),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], OAuthController.prototype, "registerClient", null);
+__decorate([
+    (0, common_1.Get)('oauth/authorize'),
+    __param(0, (0, common_1.Query)()),
+    __param(1, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], OAuthController.prototype, "handleAuthorizeGet", null);
+__decorate([
+    (0, common_1.Post)('oauth/authorize'),
+    __param(0, (0, common_1.Req)()),
+    __param(1, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], OAuthController.prototype, "handleAuthorize", null);
+__decorate([
+    (0, common_1.Post)('oauth/revoke'),
+    (0, common_1.HttpCode)(200),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], OAuthController.prototype, "revokeToken", null);
+__decorate([
+    (0, common_1.Post)('oauth/token'),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], OAuthController.prototype, "exchangeToken", null);
+exports.OAuthController = OAuthController = __decorate([
+    (0, swagger_1.ApiExcludeController)(),
+    (0, common_1.Controller)(),
+    __metadata("design:paramtypes", [config_1.ConfigService,
+        jwt_1.JwtService,
+        jwt_secret_service_1.JwtSecretService,
+        oauth_client_service_1.OAuthClientService,
+        oauth_authorization_service_1.OAuthAuthorizationService,
+        oauth_token_service_1.OAuthTokenService])
+], OAuthController);
+//# sourceMappingURL=oauth.controller.js.map

package/dist/src/features/oauth/oauth.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.controller.js","sourceRoot":"","sources":["../../../../src/features/oauth/oauth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAWwB;AACxB,2CAA+C;AAC/C,qCAAyC;AACzC,6CAAuD;AAEvD,mEAAwE;AACxE,iEAA4D;AAC5D,+EAA0E;AAC1E,+DAA0D;AAInD,IAAM,eAAe,GAArB,MAAM,eAAe;IAG1B,YACmB,aAA4B,EAC5B,UAAsB,EACtB,SAA2B,EAC3B,aAAiC,EACjC,oBAA+C,EAC/C,YAA+B;QAL/B,kBAAa,GAAb,aAAa,CAAe;QAC5B,eAAU,GAAV,UAAU,CAAY;QACtB,cAAS,GAAT,SAAS,CAAkB;QAC3B,kBAAa,GAAb,aAAa,CAAoB;QACjC,yBAAoB,GAApB,oBAAoB,CAA2B;QAC/C,iBAAY,GAAZ,YAAY,CAAmB;QAEhD,IAAI,CAAC,SAAS;YACZ,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,YAAY,CAAC,IAAI,uBAAuB,CAAC;IAC5E,CAAC;IAGD,8BAA8B;QAC5B,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,SAAS;YACtB,sBAAsB,EAAE,GAAG,IAAI,CAAC,SAAS,kBAAkB;YAC3D,cAAc,EAAE,GAAG,IAAI,CAAC,SAAS,cAAc;YAC/C,qBAAqB,EAAE,GAAG,IAAI,CAAC,SAAS,iBAAiB;YACzD,wBAAwB,EAAE,CAAC,MAAM,CAAC;YAClC,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YAC9D,gCAAgC,EAAE,CAAC,MAAM,CAAC;YAC1C,qCAAqC,EAAE,CAAC,oBAAoB,CAAC;YAC7D,mBAAmB,EAAE,GAAG,IAAI,CAAC,SAAS,eAAe;YACrD,0CAA0C,EAAE,CAAC,oBAAoB,CAAC;YAClE,gBAAgB,EAAE,CAAC,KAAK,CAAC;SAC1B,CAAC;IACJ,CAAC;IAGD,4BAA4B;QAC1B,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,qBAAqB,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;YACvC,wBAAwB,EAAE,CAAC,QAAQ,CAAC;YACpC,gBAAgB,EAAE,CAAC,KAAK,CAAC;SAC1B,CAAC;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,cAAc,CAElB,IAIC;QAED,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,4BAAmB,CAAC,yBAAyB,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3D,MAAM,IAAI,4BAAmB,CAAC,2BAA2B,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;YACrD,UAAU,EAAE,IAAI,CAAC,WAAW;YAC5B,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,UAAU,EAAE,IAAI,CAAC,WAAW;SAC7B,CAAC,CAAC;QAEH,OAAO;YACL,SAAS,EAAE,MAAM,CAAC,QAAQ;YAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;YAClC,WAAW,EAAE,MAAM,CAAC,UAAU;YAC9B,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,CAAC,oBAAoB,EAAE,eAAe,CAAC;SACzE,CAAC;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,kBAAkB,CAEtB,KAQC,EACM,GAAa;QAEpB,MAAM,EACJ,SAAS,EAAE,QAAQ,EACnB,YAAY,EAAE,WAAW,EACzB,cAAc,EAAE,aAAa,EAC7B,qBAAqB,EAAE,mBAAmB,EAC1C,aAAa,EAAE,YAAY,EAC3B,KAAK,EACL,KAAK,GACN,GAAG,KAAK,CAAC;QAEV,IAAI,CAAC,QAAQ,IAAI,CAAC,WAAW,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,EAAE,CAAC;YAC1D,MAAM,IAAI,4BAAmB,CAAC,6BAA6B,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,CAAC,YAAY,IAAI,YAAY,KAAK,MAAM,EAAE,CAAC;YAC7C,MAAM,IAAI,4BAAmB,CAC3B,8CAA8C,CAC/C,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,mBAAmB,IAAI,mBAAmB,KAAK,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,4BAAmB,CAC3B,sDAAsD,CACvD,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,4BAAmB,CAAC,mBAAmB,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,4BAAmB,CAAC,sBAAsB,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,QAAQ;YACnB,WAAW,EAAE,MAAM,CAAC,UAAU;YAC9B,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,aAAa;YAC7B,KAAK;SACN,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC7B,CAAC;QAED,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,cAAc,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACxE,CAAC;IAGK,AAAN,KAAK,CAAC,eAAe,CACZ,GAAY,EAEnB,IAMC;QAED,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;QAEvE,IAAI,CAAC,SAAS,IAAI,CAAC,YAAY,IAAI,CAAC,cAAc,IAAI,CAAC,KAAK,EAAE,CAAC;YAC7D,MAAM,IAAI,4BAAmB,CAAC,yBAAyB,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,4BAAmB,CAAC,mBAAmB,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,4BAAmB,CAAC,sBAAsB,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAEjD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,uBAAuB,CAAC;YACnE,QAAQ,EAAE,SAAS;YACnB,MAAM;YACN,WAAW,EAAE,YAAY;YACzB,aAAa,EAAE,cAAc;YAC7B,KAAK;SACN,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;QAC1C,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3C,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAE7C,OAAO;YACL,YAAY,EAAE,WAAW,CAAC,QAAQ,EAAE;SACrC,CAAC;IACJ,CAAC;IAIK,AAAN,KAAK,CAAC,WAAW,CAEf,IAKC;QAED,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;QAElE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,4BAAmB,CAAC,mBAAmB,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,CAAC,SAAS,IAAI,CAAC,aAAa,EAAE,CAAC;YACjC,MAAM,IAAI,4BAAmB,CAAC,gCAAgC,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAC/D,SAAS,EACT,aAAa,CACd,CAAC;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,4BAAmB,CAAC,4BAA4B,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE,eAAe,EAAE,SAAS,CAAC,CAAC;QAEvE,OAAO,EAAE,CAAC;IACZ,CAAC;IAGK,AAAN,KAAK,CAAC,aAAa,CAEjB,IAQC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC;QAElC,IAAI,SAAS,KAAK,oBAAoB,EAAE,CAAC;YACvC,OAAO,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,IAAI,4BAAmB,CAAC,2BAA2B,SAAS,EAAE,CAAC,CAAC;IACxE,CAAC;IAEO,KAAK,CAAC,4BAA4B,CAAC,IAM1C;QACC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,GACnE,IAAI,CAAC;QAEP,IACE,CAAC,IAAI;YACL,CAAC,SAAS;YACV,CAAC,aAAa;YACd,CAAC,aAAa;YACd,CAAC,YAAY,EACb,CAAC;YACD,MAAM,IAAI,4BAAmB,CAC3B,0DAA0D,CAC3D,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAC/D,SAAS,EACT,aAAa,CACd,CAAC;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,4BAAmB,CAAC,4BAA4B,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,YAAY,CAAC;YACrE,IAAI;YACJ,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,aAAa;YAC3B,WAAW,EAAE,YAAY;SAC1B,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,CACjD,SAAS,EACT,MAAM,EACN,KAAK,IAAI,SAAS,CACnB,CAAC;QAEF,OAAO;YACL,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,UAAU,EAAE,MAAM,CAAC,SAAS;YAC5B,UAAU,EAAE,MAAM,CAAC,SAAS;YAC5B,aAAa,EAAE,MAAM,CAAC,YAAY;SACnC,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,IAIrC;QACC,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;QAEzD,IAAI,CAAC,SAAS,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,EAAE,CAAC;YACnD,MAAM,IAAI,4BAAmB,CAC3B,qDAAqD,CACtD,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAC/D,SAAS,EACT,aAAa,CACd,CAAC;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,4BAAmB,CAAC,4BAA4B,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,CAClD,aAAa,EACb,SAAS,CACV,CAAC;QAEF,OAAO;YACL,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,UAAU,EAAE,MAAM,CAAC,SAAS;YAC5B,UAAU,EAAE,MAAM,CAAC,SAAS;YAC5B,aAAa,EAAE,MAAM,CAAC,YAAY;SACnC,CAAC;IACJ,CAAC;IAEO,uBAAuB,CAAC,GAAY;QAC1C,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAChD,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,8BAAqB,CAAC,8BAA8B,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAElC,IAAI,CAAC;YACH,MAAM,OAAO,GAAqB,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE;gBAC9D,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;aAC9B,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC;gBAClB,MAAM,IAAI,8BAAqB,CAAC,eAAe,CAAC,CAAC;YACnD,CAAC;YAED,OAAO,OAAO,CAAC,GAAG,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,0BAA0B,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;CACF,CAAA;AA9VY,0CAAe;AAgB1B;IADC,IAAA,YAAG,EAAC,wCAAwC,CAAC;;;;qEAe7C;AAGD;IADC,IAAA,YAAG,EAAC,sCAAsC,CAAC;;;;mEAQ3C;AAGK;IADL,IAAA,aAAI,EAAC,gBAAgB,CAAC;IAEpB,WAAA,IAAA,aAAI,GAAE,CAAA;;;;qDA2BR;AAGK;IADL,IAAA,YAAG,EAAC,iBAAiB,CAAC;IAEpB,WAAA,IAAA,cAAK,GAAE,CAAA;IAUP,WAAA,IAAA,YAAG,GAAE,CAAA;;;;yDAkDP;AAGK;IADL,IAAA,aAAI,EAAC,iBAAiB,CAAC;IAErB,WAAA,IAAA,YAAG,GAAE,CAAA;IACL,WAAA,IAAA,aAAI,GAAE,CAAA;;;;sDAyCR;AAIK;IAFL,IAAA,aAAI,EAAC,cAAc,CAAC;IACpB,IAAA,iBAAQ,EAAC,GAAG,CAAC;IAEX,WAAA,IAAA,aAAI,GAAE,CAAA;;;;kDA6BR;AAGK;IADL,IAAA,aAAI,EAAC,aAAa,CAAC;IAEjB,WAAA,IAAA,aAAI,GAAE,CAAA;;;;oDAsBR;0BAjPU,eAAe;IAF3B,IAAA,8BAAoB,GAAE;IACtB,IAAA,mBAAU,GAAE;qCAKuB,sBAAa;QAChB,gBAAU;QACX,qCAAgB;QACZ,yCAAkB;QACX,uDAAyB;QACjC,uCAAiB;GATvC,eAAe,CA8V3B"}

package/dist/src/features/oauth/oauth.module.d.ts

@@ -0,0 +1,2 @@
+export declare class OAuthModule {
+}

package/dist/src/features/oauth/oauth.module.js

@@ -0,0 +1,29 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthModule = void 0;
+const common_1 = require("@nestjs/common");
+const config_1 = require("@nestjs/config");
+const auth_module_1 = require("../auth/auth.module");
+const database_module_1 = require("../../infrastructure/database/database.module");
+const oauth_client_service_1 = require("./oauth-client.service");
+const oauth_authorization_service_1 = require("./oauth-authorization.service");
+const oauth_token_service_1 = require("./oauth-token.service");
+const oauth_controller_1 = require("./oauth.controller");
+let OAuthModule = class OAuthModule {
+};
+exports.OAuthModule = OAuthModule;
+exports.OAuthModule = OAuthModule = __decorate([
+    (0, common_1.Module)({
+        imports: [config_1.ConfigModule, database_module_1.DatabaseModule, auth_module_1.AuthModule],
+        controllers: [oauth_controller_1.OAuthController],
+        providers: [oauth_client_service_1.OAuthClientService, oauth_authorization_service_1.OAuthAuthorizationService, oauth_token_service_1.OAuthTokenService],
+        exports: [oauth_token_service_1.OAuthTokenService],
+    })
+], OAuthModule);
+//# sourceMappingURL=oauth.module.js.map

package/dist/src/features/oauth/oauth.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.module.js","sourceRoot":"","sources":["../../../../src/features/oauth/oauth.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAwC;AACxC,2CAA8C;AAC9C,qDAA2D;AAC3D,mFAA6E;AAC7E,iEAA4D;AAC5D,+EAA0E;AAC1E,+DAA0D;AAC1D,yDAAqD;AAQ9C,IAAM,WAAW,GAAjB,MAAM,WAAW;CAAG,CAAA;AAAd,kCAAW;sBAAX,WAAW;IANvB,IAAA,eAAM,EAAC;QACN,OAAO,EAAE,CAAC,qBAAY,EAAE,gCAAc,EAAE,wBAAU,CAAC;QACnD,WAAW,EAAE,CAAC,kCAAe,CAAC;QAC9B,SAAS,EAAE,CAAC,yCAAkB,EAAE,uDAAyB,EAAE,uCAAiB,CAAC;QAC7E,OAAO,EAAE,CAAC,uCAAiB,CAAC;KAC7B,CAAC;GACW,WAAW,CAAG"}

package/dist/src/features/plugin/file/file.plugin.js.map

@@ -1 +1 @@
-{"version":3,"file":"file.plugin.js","sourceRoot":"","sources":["../../../../../src/features/plugin/file/file.plugin.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4C;AAC5C,2CAA+C;AAC/C,mCAAgC;AAChC,qCAAwE;AAExE,2DAA4E;AAC5E,2FAA2G;AAQ3G,sDAAoE;AAEpE,4EAAmE;AAG5D,IAAM,UAAU,GAAhB,MAAM,UAAU;IAGrB,YACmB,SAAoB,EACrC,aAA4B;QADX,cAAS,GAAT,SAAS,CAAW;QAGrC,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAElE,IAAI,CAAC,cAAc,GAAG,QAAQ,IAAI,EAAE,CAAC;IACvC,CAAC;IAED,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC;IACpC,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,OAAsC;QAEtC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,IAAA,4BAAW,EAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBACvC,IAAA,2DAA0B,EAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;gBACrD,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,IAAA,4BAAW,EAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBACvC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtB,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;YAC9B,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,OAAsC;QAEtC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,IAAA,4BAAW,EAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBACvC,IAAA,2DAA0B,EAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;gBACrD,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,aAAa,GAAgC,IAAI,GAAG,EAAE,CAAC;YAE7D,IAAA,4BAAW,EAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC/C,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACvC,CAAC,CAAC,CAAC;YAEH,IAAA,4BAAW,EAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBACvC,MAAM,YAAY,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAEpD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;oBAChB,IAAI,CAAC,YAAY,EAAE,CAAC;wBAClB,MAAM,IAAI,KAAK,CAAC,QAAQ,IAAI,CAAC,MAAM,iBAAiB,CAAC,CAAC;oBACxD,CAAC;oBAED,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;oBAClC,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,cAAc,EAAE,CAAC;oBACtB,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,OAAmC;QAC1D,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAA,0BAAoB,EACrC,OAAO,CAAC,WAAW,EACnB,EAAE,EACF,GAAG,CAAC,IAAI,CACT,CAAC;YAEF,IAAA,4BAAW,EAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC/B,IAAI,IAAI,CAAC,MAAM,KAAK,mBAAU,CAAC,QAAQ,EAAE,CAAC;oBACxC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,IAAI,GAAG,UAAU,CAAC,aAAa,EAAE,CAAC;QACxC,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAC3B,OAAwC;QAExC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAA,0BAAoB,EACrC,OAAO,CAAC,WAAW,EACnB,EAAE,EACF,GAAG,CAAC,IAAI,CACT,CAAC;YAEF,IAAA,4BAAW,EAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC/B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;oBACjB,IAAI,CAAC,cAAc,EAAE,CAAC;oBACtB,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,IAAI,GAAG,UAAU,CAAC,aAAa,EAAE,CAAC;QACxC,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,EACtB,UAAU,EACV,MAAM,EACN,IAAI,GAKL;QACC,MAAM,KAAK,GAAqB,EAAE,CAAC;QAEnC,IAAA,4BAAW,EAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACjC,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,MAAM,CAAC,IAAY;QACxB,OAAO,SAAS,CAAC,GAAG,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAEM,WAAW,CAAC,IAAY;QAC7B,OAAO,SAAS,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAEO,gBAAgB,CAAC,KAAqB;QAC5C,KAAK,CAAC,MAAM,GAAG,mBAAU,CAAC,KAAK,CAAC;QAChC,KAAK,CAAC,MAAM,GAAG,IAAA,eAAM,EAAC,kBAAS,CAAC,CAAC;IACnC,CAAC;CACF,CAAA;AA9IY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;qCAKmB,sBAAS;QACtB,sBAAa;GALnB,UAAU,CA8ItB"}
+{"version":3,"file":"file.plugin.js","sourceRoot":"","sources":["../../../../../src/features/plugin/file/file.plugin.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4C;AAC5C,2CAA+C;AAC/C,mCAAgC;AAChC,qCAAwE;AAExE,2DAA4E;AAC5E,2FAA2G;AAQ3G,sDAAoE;AAGpE,4EAAmE;AAG5D,IAAM,UAAU,GAAhB,MAAM,UAAU;IAGrB,YACmB,SAAoB,EACrC,aAA4B;QADX,cAAS,GAAT,SAAS,CAAW;QAGrC,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAElE,IAAI,CAAC,cAAc,GAAG,QAAQ,IAAI,EAAE,CAAC;IACvC,CAAC;IAED,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC;IACpC,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,OAAsC;QAEtC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,IAAA,4BAAW,EAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBACvC,IAAA,2DAA0B,EAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;gBACrD,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,IAAA,4BAAW,EAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBACvC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtB,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;YAC9B,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,OAAsC;QAEtC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,IAAA,4BAAW,EAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBACvC,IAAA,2DAA0B,EAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;gBACrD,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,aAAa,GAAgC,IAAI,GAAG,EAAE,CAAC;YAE7D,IAAA,4BAAW,EAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC/C,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACvC,CAAC,CAAC,CAAC;YAEH,IAAA,4BAAW,EAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBACvC,MAAM,YAAY,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAEpD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;oBAChB,IAAI,CAAC,YAAY,EAAE,CAAC;wBAClB,MAAM,IAAI,KAAK,CAAC,QAAQ,IAAI,CAAC,MAAM,iBAAiB,CAAC,CAAC;oBACxD,CAAC;oBAED,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;oBAClC,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,cAAc,EAAE,CAAC;oBACtB,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,OAAmC;QAC1D,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAA,0BAAoB,EACrC,OAAO,CAAC,WAAW,EACnB,EAAE,EACF,GAAG,CAAC,IAAiB,CACtB,CAAC;YAEF,IAAA,4BAAW,EAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC/B,IAAI,IAAI,CAAC,MAAM,KAAK,mBAAU,CAAC,QAAQ,EAAE,CAAC;oBACxC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,IAAI,GAAG,UAAU,CAAC,aAAa,EAAE,CAAC;QACxC,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAC3B,OAAwC;QAExC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAA,0BAAoB,EACrC,OAAO,CAAC,WAAW,EACnB,EAAE,EACF,GAAG,CAAC,IAAiB,CACtB,CAAC;YAEF,IAAA,4BAAW,EAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC/B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;oBACjB,IAAI,CAAC,cAAc,EAAE,CAAC;oBACtB,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,IAAI,GAAG,UAAU,CAAC,aAAa,EAAE,CAAC;QACxC,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,EACtB,UAAU,EACV,MAAM,EACN,IAAI,GAKL;QACC,MAAM,KAAK,GAAqB,EAAE,CAAC;QAEnC,IAAA,4BAAW,EAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACjC,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,MAAM,CAAC,IAAY;QACxB,OAAO,SAAS,CAAC,GAAG,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAEM,WAAW,CAAC,IAAY;QAC7B,OAAO,SAAS,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAEO,gBAAgB,CAAC,KAAqB;QAC5C,KAAK,CAAC,MAAM,GAAG,mBAAU,CAAC,KAAK,CAAC;QAChC,KAAK,CAAC,MAAM,GAAG,IAAA,eAAM,EAAC,kBAAS,CAAC,CAAC;IACnC,CAAC;CACF,CAAA;AA9IY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;qCAKmB,sBAAS;QACtB,sBAAa;GALnB,UAAU,CA8ItB"}