@rockcarver/frodo-cli 2.0.0-4 → 2.0.0-41

package/esm/ops/AdminOps.js

@@ -0,0 +1,151 @@
+import { frodo, state } from '@rockcarver/frodo-lib';
+import fs from 'fs';
+import { cleanupProgressIndicators, createKeyValueTable, createProgressIndicator, printMessage, stopProgressIndicator, updateProgressIndicator } from '../utils/Console';
+const {
+  getTypedFilename,
+  saveJsonToFile,
+  getFilePath
+} = frodo.utils;
+const {
+  generateRfc7523AuthZGrantArtefacts: _generateRfc7523AuthZGrantArtefacts,
+  executeRfc7523AuthZGrantFlow: _executeRfc7523AuthZGrantFlow
+} = frodo.admin;
+const {
+  stringify
+} = frodo.utils.json;
+const {
+  readOAuth2TrustedJwtIssuer
+} = frodo.oauth2oidc.issuer;
+function getJwkFilePath(clientId) {
+  return getFilePath(getTypedFilename(clientId + '_private', 'jwk'), true);
+}
+function getJwksFilePath(clientId) {
+  return getFilePath(getTypedFilename(clientId + '_public', 'jwks'), true);
+}
+export async function generateRfc7523AuthZGrantArtefacts(clientId, iss, jwk, sub, scope, options, json) {
+  let artefacts;
+  try {
+    const barId = createProgressIndicator('determinate', options.save ? 3 : 1, 'Generating artefacts...');
+    artefacts = await _generateRfc7523AuthZGrantArtefacts(clientId, iss, jwk, sub, scope, options);
+    updateProgressIndicator(barId, 'Successfully generated artefacts.');
+    let jwkFile;
+    let jwksFile;
+    if (options.save) {
+      const jwkBarId = createProgressIndicator('determinate', 1, 'Saving JWK (private key)...');
+      jwkFile = getJwkFilePath(clientId);
+      saveJsonToFile(artefacts.jwk, jwkFile, false);
+      updateProgressIndicator(jwkBarId, `Saved JWK to ${jwkFile}.`);
+      updateProgressIndicator(barId, 'Successfully saved JWK (private key).');
+      stopProgressIndicator(jwkBarId);
+      const jwksBarId = createProgressIndicator('determinate', 1, 'Saving JWKS (public key)...');
+      jwksFile = getJwksFilePath(clientId);
+      saveJsonToFile(artefacts.jwks, jwksFile, false);
+      updateProgressIndicator(jwksBarId, `Saved JWKS to ${jwksFile}.`);
+      stopProgressIndicator(jwksBarId);
+      updateProgressIndicator(barId, 'Successfully saved JWKS (public key).');
+    }
+    stopProgressIndicator(barId, `Successfully generated ${options.save ? 'and saved artefacts' : 'artefacts'}.`);
+    cleanupProgressIndicators();
+    if (json) {
+      printMessage(artefacts, 'data');
+    } else {
+      var _artefacts$issuer$all, _artefacts$issuer$all2;
+      printMessage(options.save ? `\nCreated oauth2 client in the ${state.getRealm()} realm:` : `\nIn AM, create an OAuth2 client in the ${state.getRealm()} realm with the following information:`);
+      const client = createKeyValueTable();
+      client.push(['Client ID'['brightCyan'], clientId]);
+      client.push(['Client Name'['brightCyan'], clientId]);
+      client.push(['Scopes'['brightCyan'], artefacts.client.coreOAuth2ClientConfig.scopes.value.join(', ')]);
+      client.push(['Client Type'['brightCyan'], artefacts.client.coreOAuth2ClientConfig.clientType.value]);
+      client.push(['Grant Types'['brightCyan'], artefacts.client.advancedOAuth2ClientConfig.grantTypes.value.join(', ')]);
+      client.push(['Implied Consent'['brightCyan'], artefacts.client.advancedOAuth2ClientConfig.isConsentImplied.value]);
+      client.push(['Token Endpoint Authentication '['brightCyan'], artefacts.client.advancedOAuth2ClientConfig.tokenEndpointAuthMethod.value]);
+      client.push(['Public Key Selector'['brightCyan'], artefacts.client.signEncOAuth2ClientConfig.publicKeyLocation.value]);
+      client.push(['JWKS (Public Key)'['brightCyan'], options.save ? `${jwksFile}` : 'See below']);
+      printMessage(`\n${client.toString()}`);
+      printMessage(options.save ? `\nCreated oauth2 trusted issuer in the ${state.getRealm()} realm:` : `\nIn AM, create a trusted issuer in the ${state.getRealm()} realm with the following information:`);
+      const issuer = createKeyValueTable();
+      issuer.push(['Name'['brightCyan'], artefacts.issuer._id]);
+      issuer.push(['JWT Issuer'['brightCyan'], artefacts.issuer.issuer.value]);
+      issuer.push(['Allowed Subjects              '['brightCyan'], (_artefacts$issuer$all = artefacts.issuer.allowedSubjects) !== null && _artefacts$issuer$all !== void 0 && _artefacts$issuer$all.value.length ? (_artefacts$issuer$all2 = artefacts.issuer.allowedSubjects) === null || _artefacts$issuer$all2 === void 0 ? void 0 : _artefacts$issuer$all2.value.join(', ') : `Any ${state.getRealm()} realm user`]);
+      issuer.push(['JWKS (Public Key)'['brightCyan'], options.save ? `${jwksFile}` : 'See below']);
+      printMessage(`\n${issuer.toString()}`);
+      if (!options.save) {
+        printMessage('\nJWK (Private Key)'['brightCyan']);
+        printMessage(stringify(artefacts.jwk));
+        printMessage('\nJWKS (Public Key)'['brightCyan']);
+        printMessage(stringify(artefacts.jwks));
+      }
+    }
+    return true;
+  } catch (error) {
+    printMessage(error, 'error');
+    return false;
+  }
+}
+export async function executeRfc7523AuthZGrantFlow(clientId, iss, jwk, sub, scope, json) {
+  let tokenResponse;
+  let spinnerId;
+  try {
+    let issuer;
+    // make sure we have an issuer
+    if (!iss) {
+      let issSpinnerId;
+      try {
+        issSpinnerId = createProgressIndicator('indeterminate', 0, 'No issuer provided, attempting to find suitable issuer...');
+        if (!issuer) issuer = await readOAuth2TrustedJwtIssuer(clientId + '-issuer');
+        iss = issuer.issuer.value;
+        stopProgressIndicator(issSpinnerId, `Found suitable issuer: ${clientId + '-issuer'} - ${iss}`, 'success');
+      } catch (error) {
+        stopProgressIndicator(issSpinnerId, `No issuer provided and no suitable issuer could be found: ${error.message}`, 'fail');
+      }
+    }
+    // make sure we have a JWK
+    if (!jwk) {
+      let jwkSpinnerId;
+      try {
+        jwkSpinnerId = createProgressIndicator('indeterminate', 0, 'No JWK provided, attempting to locate a suitable JWK...');
+        jwk = JSON.parse(fs.readFileSync(getJwkFilePath(clientId), 'utf8'));
+        stopProgressIndicator(jwkSpinnerId, `Loaded private key JWK from: ${getJwkFilePath(clientId)}`, 'success');
+      } catch (error) {
+        stopProgressIndicator(jwkSpinnerId, `No JWK provided and no suitable JWK could be loaded from file: ${error.message}`, 'fail');
+      }
+    }
+    // make sure we have a subject
+    if (!sub) {
+      let subSpinnerId;
+      try {
+        subSpinnerId = createProgressIndicator('indeterminate', 0, 'Executing rfc7523 authz grant flow...');
+        if (!issuer) issuer = await frodo.oauth2oidc.issuer.readOAuth2TrustedJwtIssuer(clientId + '-issuer');
+        if (issuer.allowedSubjects.value && issuer.allowedSubjects.value.length) sub = issuer.allowedSubjects.value[0];
+      } catch (error) {
+        stopProgressIndicator(subSpinnerId, `No subject provided and no suitable subject could be extracted from the trusted issuer configuration: ${error.message}`, 'fail');
+      }
+      if (sub) {
+        stopProgressIndicator(subSpinnerId, `Using first subject from issuer's allowed subjects: ${sub}`, 'success');
+      } else {
+        stopProgressIndicator(subSpinnerId, `No subject provided and no suitable subject could be extracted from the trusted issuer's list of allowed subjects.`, 'success');
+      }
+    }
+    // we got everything we need, let's get that token
+    spinnerId = createProgressIndicator('indeterminate', 0, 'Executing rfc7523 authz grant flow...');
+    tokenResponse = await _executeRfc7523AuthZGrantFlow(clientId, iss, jwk, sub, scope);
+    stopProgressIndicator(spinnerId, 'Successfully executed rfc7523 authz grant flow.', 'success');
+  } catch (error) {
+    var _error$response;
+    stopProgressIndicator(spinnerId, `Error executing rfc7523 authz grant flow: ${stringify(((_error$response = error.response) === null || _error$response === void 0 ? void 0 : _error$response.data) || error.message)}`, 'fail');
+    return false;
+  }
+  cleanupProgressIndicators();
+  if (json) {
+    printMessage(tokenResponse, 'data');
+  } else {
+    printMessage('\nAccess Token'['brightCyan']);
+    printMessage(tokenResponse.access_token);
+    if (tokenResponse.id_token) {
+      printMessage('\nIdentity Token'['brightCyan']);
+      printMessage(tokenResponse.id_token);
+    }
+  }
+  return true;
+}
+//# sourceMappingURL=AdminOps.js.map

package/esm/ops/AdminOps.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AdminOps.js","names":["frodo","state","fs","cleanupProgressIndicators","createKeyValueTable","createProgressIndicator","printMessage","stopProgressIndicator","updateProgressIndicator","getTypedFilename","saveJsonToFile","getFilePath","utils","generateRfc7523AuthZGrantArtefacts","_generateRfc7523AuthZGrantArtefacts","executeRfc7523AuthZGrantFlow","_executeRfc7523AuthZGrantFlow","admin","stringify","json","readOAuth2TrustedJwtIssuer","oauth2oidc","issuer","getJwkFilePath","clientId","getJwksFilePath","iss","jwk","sub","scope","options","artefacts","barId","save","jwkFile","jwksFile","jwkBarId","jwksBarId","jwks","_artefacts$issuer$all","_artefacts$issuer$all2","getRealm","client","push","coreOAuth2ClientConfig","scopes","value","join","clientType","advancedOAuth2ClientConfig","grantTypes","isConsentImplied","tokenEndpointAuthMethod","signEncOAuth2ClientConfig","publicKeyLocation","toString","_id","allowedSubjects","length","error","tokenResponse","spinnerId","issSpinnerId","message","jwkSpinnerId","JSON","parse","readFileSync","subSpinnerId","_error$response","response","data","access_token","id_token"],"sources":["../../src/ops/AdminOps.ts"],"sourcesContent":["import { frodo, state } from '@rockcarver/frodo-lib';\nimport { Writable } from '@rockcarver/frodo-lib/types/api/ApiTypes';\nimport { OAuth2ClientSkeleton } from '@rockcarver/frodo-lib/types/api/OAuth2ClientApi';\nimport { AccessTokenResponseType } from '@rockcarver/frodo-lib/types/api/OAuth2OIDCApi';\nimport { OAuth2TrustedJwtIssuerSkeleton } from '@rockcarver/frodo-lib/types/api/OAuth2TrustedJwtIssuerApi';\nimport { JwkRsa, JwksInterface } from '@rockcarver/frodo-lib/types/ops/JoseOps';\nimport fs from 'fs';\n\nimport {\n  cleanupProgressIndicators,\n  createKeyValueTable,\n  createProgressIndicator,\n  printMessage,\n  stopProgressIndicator,\n  updateProgressIndicator,\n} from '../utils/Console';\n\nconst { getTypedFilename, saveJsonToFile, getFilePath } = frodo.utils;\nconst {\n  generateRfc7523AuthZGrantArtefacts: _generateRfc7523AuthZGrantArtefacts,\n  executeRfc7523AuthZGrantFlow: _executeRfc7523AuthZGrantFlow,\n} = frodo.admin;\nconst { stringify } = frodo.utils.json;\nconst { readOAuth2TrustedJwtIssuer } = frodo.oauth2oidc.issuer;\n\nfunction getJwkFilePath(clientId: string): string {\n  return getFilePath(getTypedFilename(clientId + '_private', 'jwk'), true);\n}\n\nfunction getJwksFilePath(clientId: string): string {\n  return getFilePath(getTypedFilename(clientId + '_public', 'jwks'), true);\n}\n\nexport async function generateRfc7523AuthZGrantArtefacts(\n  clientId: string,\n  iss: string,\n  jwk?: JwkRsa,\n  sub?: string,\n  scope?: string[],\n  options?: { save: boolean },\n  json?: boolean\n): Promise<boolean> {\n  let artefacts: {\n    jwk: JwkRsa;\n    jwks: JwksInterface;\n    client: OAuth2ClientSkeleton;\n    issuer: OAuth2TrustedJwtIssuerSkeleton;\n  };\n  try {\n    const barId = createProgressIndicator(\n      'determinate',\n      options.save ? 3 : 1,\n      'Generating artefacts...'\n    );\n    artefacts = await _generateRfc7523AuthZGrantArtefacts(\n      clientId,\n      iss,\n      jwk,\n      sub,\n      scope,\n      options\n    );\n    updateProgressIndicator(barId, 'Successfully generated artefacts.');\n    let jwkFile: string;\n    let jwksFile: string;\n    if (options.save) {\n      const jwkBarId = createProgressIndicator(\n        'determinate',\n        1,\n        'Saving JWK (private key)...'\n      );\n      jwkFile = getJwkFilePath(clientId);\n      saveJsonToFile(artefacts.jwk, jwkFile, false);\n      updateProgressIndicator(jwkBarId, `Saved JWK to ${jwkFile}.`);\n      updateProgressIndicator(barId, 'Successfully saved JWK (private key).');\n      stopProgressIndicator(jwkBarId);\n      const jwksBarId = createProgressIndicator(\n        'determinate',\n        1,\n        'Saving JWKS (public key)...'\n      );\n      jwksFile = getJwksFilePath(clientId);\n      saveJsonToFile(artefacts.jwks, jwksFile, false);\n      updateProgressIndicator(jwksBarId, `Saved JWKS to ${jwksFile}.`);\n      stopProgressIndicator(jwksBarId);\n      updateProgressIndicator(barId, 'Successfully saved JWKS (public key).');\n    }\n    stopProgressIndicator(\n      barId,\n      `Successfully generated ${\n        options.save ? 'and saved artefacts' : 'artefacts'\n      }.`\n    );\n    cleanupProgressIndicators();\n\n    if (json) {\n      printMessage(artefacts, 'data');\n    } else {\n      printMessage(\n        options.save\n          ? `\\nCreated oauth2 client in the ${state.getRealm()} realm:`\n          : `\\nIn AM, create an OAuth2 client in the ${state.getRealm()} realm with the following information:`\n      );\n      const client = createKeyValueTable();\n      client.push(['Client ID'['brightCyan'], clientId]);\n      client.push(['Client Name'['brightCyan'], clientId]);\n      client.push([\n        'Scopes'['brightCyan'],\n        (\n          artefacts.client.coreOAuth2ClientConfig.scopes as Writable<string[]>\n        ).value.join(', '),\n      ]);\n      client.push([\n        'Client Type'['brightCyan'],\n        (artefacts.client.coreOAuth2ClientConfig.clientType as Writable<string>)\n          .value,\n      ]);\n      client.push([\n        'Grant Types'['brightCyan'],\n        (\n          artefacts.client.advancedOAuth2ClientConfig.grantTypes as Writable<\n            string[]\n          >\n        ).value.join(', '),\n      ]);\n      client.push([\n        'Implied Consent'['brightCyan'],\n        (\n          artefacts.client.advancedOAuth2ClientConfig\n            .isConsentImplied as Writable<boolean>\n        ).value,\n      ]);\n      client.push([\n        'Token Endpoint Authentication '['brightCyan'],\n        (\n          artefacts.client.advancedOAuth2ClientConfig\n            .tokenEndpointAuthMethod as Writable<string>\n        ).value,\n      ]);\n      client.push([\n        'Public Key Selector'['brightCyan'],\n        (\n          artefacts.client.signEncOAuth2ClientConfig\n            .publicKeyLocation as Writable<string>\n        ).value,\n      ]);\n      client.push([\n        'JWKS (Public Key)'['brightCyan'],\n        options.save ? `${jwksFile}` : 'See below',\n      ]);\n      printMessage(`\\n${client.toString()}`);\n\n      printMessage(\n        options.save\n          ? `\\nCreated oauth2 trusted issuer in the ${state.getRealm()} realm:`\n          : `\\nIn AM, create a trusted issuer in the ${state.getRealm()} realm with the following information:`\n      );\n      const issuer = createKeyValueTable();\n      issuer.push(['Name'['brightCyan'], artefacts.issuer._id]);\n      issuer.push([\n        'JWT Issuer'['brightCyan'],\n        (artefacts.issuer.issuer as Writable<string>).value,\n      ]);\n      issuer.push([\n        'Allowed Subjects              '['brightCyan'],\n        (artefacts.issuer.allowedSubjects as Writable<string[]>)?.value.length\n          ? (\n              artefacts.issuer.allowedSubjects as Writable<string[]>\n            )?.value.join(', ')\n          : `Any ${state.getRealm()} realm user`,\n      ]);\n      issuer.push([\n        'JWKS (Public Key)'['brightCyan'],\n        options.save ? `${jwksFile}` : 'See below',\n      ]);\n      printMessage(`\\n${issuer.toString()}`);\n      if (!options.save) {\n        printMessage('\\nJWK (Private Key)'['brightCyan']);\n        printMessage(stringify(artefacts.jwk));\n        printMessage('\\nJWKS (Public Key)'['brightCyan']);\n        printMessage(stringify(artefacts.jwks));\n      }\n    }\n    return true;\n  } catch (error) {\n    printMessage(error, 'error');\n    return false;\n  }\n}\n\nexport async function executeRfc7523AuthZGrantFlow(\n  clientId: string,\n  iss?: string,\n  jwk?: JwkRsa,\n  sub?: string,\n  scope?: string[],\n  json?: boolean\n): Promise<boolean> {\n  let tokenResponse: AccessTokenResponseType;\n  let spinnerId: string;\n  try {\n    let issuer: OAuth2TrustedJwtIssuerSkeleton;\n    // make sure we have an issuer\n    if (!iss) {\n      let issSpinnerId: string;\n      try {\n        issSpinnerId = createProgressIndicator(\n          'indeterminate',\n          0,\n          'No issuer provided, attempting to find suitable issuer...'\n        );\n        if (!issuer)\n          issuer = await readOAuth2TrustedJwtIssuer(clientId + '-issuer');\n        iss = (issuer.issuer as Writable<string>).value;\n        stopProgressIndicator(\n          issSpinnerId,\n          `Found suitable issuer: ${clientId + '-issuer'} - ${iss}`,\n          'success'\n        );\n      } catch (error) {\n        stopProgressIndicator(\n          issSpinnerId,\n          `No issuer provided and no suitable issuer could be found: ${error.message}`,\n          'fail'\n        );\n      }\n    }\n    // make sure we have a JWK\n    if (!jwk) {\n      let jwkSpinnerId: string;\n      try {\n        jwkSpinnerId = createProgressIndicator(\n          'indeterminate',\n          0,\n          'No JWK provided, attempting to locate a suitable JWK...'\n        );\n        jwk = JSON.parse(fs.readFileSync(getJwkFilePath(clientId), 'utf8'));\n        stopProgressIndicator(\n          jwkSpinnerId,\n          `Loaded private key JWK from: ${getJwkFilePath(clientId)}`,\n          'success'\n        );\n      } catch (error) {\n        stopProgressIndicator(\n          jwkSpinnerId,\n          `No JWK provided and no suitable JWK could be loaded from file: ${error.message}`,\n          'fail'\n        );\n      }\n    }\n    // make sure we have a subject\n    if (!sub) {\n      let subSpinnerId: string;\n      try {\n        subSpinnerId = createProgressIndicator(\n          'indeterminate',\n          0,\n          'Executing rfc7523 authz grant flow...'\n        );\n        if (!issuer)\n          issuer = await frodo.oauth2oidc.issuer.readOAuth2TrustedJwtIssuer(\n            clientId + '-issuer'\n          );\n        if (\n          (issuer.allowedSubjects as Writable<string[]>).value &&\n          (issuer.allowedSubjects as Writable<string[]>).value.length\n        )\n          sub = (issuer.allowedSubjects as Writable<string[]>).value[0];\n      } catch (error) {\n        stopProgressIndicator(\n          subSpinnerId,\n          `No subject provided and no suitable subject could be extracted from the trusted issuer configuration: ${error.message}`,\n          'fail'\n        );\n      }\n      if (sub) {\n        stopProgressIndicator(\n          subSpinnerId,\n          `Using first subject from issuer's allowed subjects: ${sub}`,\n          'success'\n        );\n      } else {\n        stopProgressIndicator(\n          subSpinnerId,\n          `No subject provided and no suitable subject could be extracted from the trusted issuer's list of allowed subjects.`,\n          'success'\n        );\n      }\n    }\n    // we got everything we need, let's get that token\n    spinnerId = createProgressIndicator(\n      'indeterminate',\n      0,\n      'Executing rfc7523 authz grant flow...'\n    );\n    tokenResponse = await _executeRfc7523AuthZGrantFlow(\n      clientId,\n      iss,\n      jwk,\n      sub,\n      scope\n    );\n    stopProgressIndicator(\n      spinnerId,\n      'Successfully executed rfc7523 authz grant flow.',\n      'success'\n    );\n  } catch (error) {\n    stopProgressIndicator(\n      spinnerId,\n      `Error executing rfc7523 authz grant flow: ${stringify(\n        error.response?.data || error.message\n      )}`,\n      'fail'\n    );\n    return false;\n  }\n  cleanupProgressIndicators();\n\n  if (json) {\n    printMessage(tokenResponse, 'data');\n  } else {\n    printMessage('\\nAccess Token'['brightCyan']);\n    printMessage(tokenResponse.access_token);\n    if (tokenResponse.id_token) {\n      printMessage('\\nIdentity Token'['brightCyan']);\n      printMessage(tokenResponse.id_token);\n    }\n  }\n  return true;\n}\n"],"mappings":"AAAA,SAASA,KAAK,EAAEC,KAAK,QAAQ,uBAAuB;AAMpD,OAAOC,EAAE,MAAM,IAAI;AAEnB,SACEC,yBAAyB,EACzBC,mBAAmB,EACnBC,uBAAuB,EACvBC,YAAY,EACZC,qBAAqB,EACrBC,uBAAuB,QAClB,kBAAkB;AAEzB,MAAM;EAAEC,gBAAgB;EAAEC,cAAc;EAAEC;AAAY,CAAC,GAAGX,KAAK,CAACY,KAAK;AACrE,MAAM;EACJC,kCAAkC,EAAEC,mCAAmC;EACvEC,4BAA4B,EAAEC;AAChC,CAAC,GAAGhB,KAAK,CAACiB,KAAK;AACf,MAAM;EAAEC;AAAU,CAAC,GAAGlB,KAAK,CAACY,KAAK,CAACO,IAAI;AACtC,MAAM;EAAEC;AAA2B,CAAC,GAAGpB,KAAK,CAACqB,UAAU,CAACC,MAAM;AAE9D,SAASC,cAAcA,CAACC,QAAgB,EAAU;EAChD,OAAOb,WAAW,CAACF,gBAAgB,CAACe,QAAQ,GAAG,UAAU,EAAE,KAAK,CAAC,EAAE,IAAI,CAAC;AAC1E;AAEA,SAASC,eAAeA,CAACD,QAAgB,EAAU;EACjD,OAAOb,WAAW,CAACF,gBAAgB,CAACe,QAAQ,GAAG,SAAS,EAAE,MAAM,CAAC,EAAE,IAAI,CAAC;AAC1E;AAEA,OAAO,eAAeX,kCAAkCA,CACtDW,QAAgB,EAChBE,GAAW,EACXC,GAAY,EACZC,GAAY,EACZC,KAAgB,EAChBC,OAA2B,EAC3BX,IAAc,EACI;EAClB,IAAIY,SAKH;EACD,IAAI;IACF,MAAMC,KAAK,GAAG3B,uBAAuB,CACnC,aAAa,EACbyB,OAAO,CAACG,IAAI,GAAG,CAAC,GAAG,CAAC,EACpB,yBACF,CAAC;IACDF,SAAS,GAAG,MAAMjB,mCAAmC,CACnDU,QAAQ,EACRE,GAAG,EACHC,GAAG,EACHC,GAAG,EACHC,KAAK,EACLC,OACF,CAAC;IACDtB,uBAAuB,CAACwB,KAAK,EAAE,mCAAmC,CAAC;IACnE,IAAIE,OAAe;IACnB,IAAIC,QAAgB;IACpB,IAAIL,OAAO,CAACG,IAAI,EAAE;MAChB,MAAMG,QAAQ,GAAG/B,uBAAuB,CACtC,aAAa,EACb,CAAC,EACD,6BACF,CAAC;MACD6B,OAAO,GAAGX,cAAc,CAACC,QAAQ,CAAC;MAClCd,cAAc,CAACqB,SAAS,CAACJ,GAAG,EAAEO,OAAO,EAAE,KAAK,CAAC;MAC7C1B,uBAAuB,CAAC4B,QAAQ,EAAG,gBAAeF,OAAQ,GAAE,CAAC;MAC7D1B,uBAAuB,CAACwB,KAAK,EAAE,uCAAuC,CAAC;MACvEzB,qBAAqB,CAAC6B,QAAQ,CAAC;MAC/B,MAAMC,SAAS,GAAGhC,uBAAuB,CACvC,aAAa,EACb,CAAC,EACD,6BACF,CAAC;MACD8B,QAAQ,GAAGV,eAAe,CAACD,QAAQ,CAAC;MACpCd,cAAc,CAACqB,SAAS,CAACO,IAAI,EAAEH,QAAQ,EAAE,KAAK,CAAC;MAC/C3B,uBAAuB,CAAC6B,SAAS,EAAG,iBAAgBF,QAAS,GAAE,CAAC;MAChE5B,qBAAqB,CAAC8B,SAAS,CAAC;MAChC7B,uBAAuB,CAACwB,KAAK,EAAE,uCAAuC,CAAC;IACzE;IACAzB,qBAAqB,CACnByB,KAAK,EACJ,0BACCF,OAAO,CAACG,IAAI,GAAG,qBAAqB,GAAG,WACxC,GACH,CAAC;IACD9B,yBAAyB,CAAC,CAAC;IAE3B,IAAIgB,IAAI,EAAE;MACRb,YAAY,CAACyB,SAAS,EAAE,MAAM,CAAC;IACjC,CAAC,MAAM;MAAA,IAAAQ,qBAAA,EAAAC,sBAAA;MACLlC,YAAY,CACVwB,OAAO,CAACG,IAAI,GACP,kCAAiChC,KAAK,CAACwC,QAAQ,CAAC,CAAE,SAAQ,GAC1D,2CAA0CxC,KAAK,CAACwC,QAAQ,CAAC,CAAE,wCAClE,CAAC;MACD,MAAMC,MAAM,GAAGtC,mBAAmB,CAAC,CAAC;MACpCsC,MAAM,CAACC,IAAI,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,EAAEnB,QAAQ,CAAC,CAAC;MAClDkB,MAAM,CAACC,IAAI,CAAC,CAAC,aAAa,CAAC,YAAY,CAAC,EAAEnB,QAAQ,CAAC,CAAC;MACpDkB,MAAM,CAACC,IAAI,CAAC,CACV,QAAQ,CAAC,YAAY,CAAC,EAEpBZ,SAAS,CAACW,MAAM,CAACE,sBAAsB,CAACC,MAAM,CAC9CC,KAAK,CAACC,IAAI,CAAC,IAAI,CAAC,CACnB,CAAC;MACFL,MAAM,CAACC,IAAI,CAAC,CACV,aAAa,CAAC,YAAY,CAAC,EAC1BZ,SAAS,CAACW,MAAM,CAACE,sBAAsB,CAACI,UAAU,CAChDF,KAAK,CACT,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,aAAa,CAAC,YAAY,CAAC,EAEzBZ,SAAS,CAACW,MAAM,CAACO,0BAA0B,CAACC,UAAU,CAGtDJ,KAAK,CAACC,IAAI,CAAC,IAAI,CAAC,CACnB,CAAC;MACFL,MAAM,CAACC,IAAI,CAAC,CACV,iBAAiB,CAAC,YAAY,CAAC,EAE7BZ,SAAS,CAACW,MAAM,CAACO,0BAA0B,CACxCE,gBAAgB,CACnBL,KAAK,CACR,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,gCAAgC,CAAC,YAAY,CAAC,EAE5CZ,SAAS,CAACW,MAAM,CAACO,0BAA0B,CACxCG,uBAAuB,CAC1BN,KAAK,CACR,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,qBAAqB,CAAC,YAAY,CAAC,EAEjCZ,SAAS,CAACW,MAAM,CAACW,yBAAyB,CACvCC,iBAAiB,CACpBR,KAAK,CACR,CAAC;MACFJ,MAAM,CAACC,IAAI,CAAC,CACV,mBAAmB,CAAC,YAAY,CAAC,EACjCb,OAAO,CAACG,IAAI,GAAI,GAAEE,QAAS,EAAC,GAAG,WAAW,CAC3C,CAAC;MACF7B,YAAY,CAAE,KAAIoC,MAAM,CAACa,QAAQ,CAAC,CAAE,EAAC,CAAC;MAEtCjD,YAAY,CACVwB,OAAO,CAACG,IAAI,GACP,0CAAyChC,KAAK,CAACwC,QAAQ,CAAC,CAAE,SAAQ,GAClE,2CAA0CxC,KAAK,CAACwC,QAAQ,CAAC,CAAE,wCAClE,CAAC;MACD,MAAMnB,MAAM,GAAGlB,mBAAmB,CAAC,CAAC;MACpCkB,MAAM,CAACqB,IAAI,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,EAAEZ,SAAS,CAACT,MAAM,CAACkC,GAAG,CAAC,CAAC;MACzDlC,MAAM,CAACqB,IAAI,CAAC,CACV,YAAY,CAAC,YAAY,CAAC,EACzBZ,SAAS,CAACT,MAAM,CAACA,MAAM,CAAsBwB,KAAK,CACpD,CAAC;MACFxB,MAAM,CAACqB,IAAI,CAAC,CACV,gCAAgC,CAAC,YAAY,CAAC,EAC9C,CAAAJ,qBAAA,GAACR,SAAS,CAACT,MAAM,CAACmC,eAAe,cAAAlB,qBAAA,eAAjCA,qBAAA,CAA0DO,KAAK,CAACY,MAAM,IAAAlB,sBAAA,GAEhET,SAAS,CAACT,MAAM,CAACmC,eAAe,cAAAjB,sBAAA,uBADlCA,sBAAA,CAEGM,KAAK,CAACC,IAAI,CAAC,IAAI,CAAC,GAClB,OAAM9C,KAAK,CAACwC,QAAQ,CAAC,CAAE,aAAY,CACzC,CAAC;MACFnB,MAAM,CAACqB,IAAI,CAAC,CACV,mBAAmB,CAAC,YAAY,CAAC,EACjCb,OAAO,CAACG,IAAI,GAAI,GAAEE,QAAS,EAAC,GAAG,WAAW,CAC3C,CAAC;MACF7B,YAAY,CAAE,KAAIgB,MAAM,CAACiC,QAAQ,CAAC,CAAE,EAAC,CAAC;MACtC,IAAI,CAACzB,OAAO,CAACG,IAAI,EAAE;QACjB3B,YAAY,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QACjDA,YAAY,CAACY,SAAS,CAACa,SAAS,CAACJ,GAAG,CAAC,CAAC;QACtCrB,YAAY,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QACjDA,YAAY,CAACY,SAAS,CAACa,SAAS,CAACO,IAAI,CAAC,CAAC;MACzC;IACF;IACA,OAAO,IAAI;EACb,CAAC,CAAC,OAAOqB,KAAK,EAAE;IACdrD,YAAY,CAACqD,KAAK,EAAE,OAAO,CAAC;IAC5B,OAAO,KAAK;EACd;AACF;AAEA,OAAO,eAAe5C,4BAA4BA,CAChDS,QAAgB,EAChBE,GAAY,EACZC,GAAY,EACZC,GAAY,EACZC,KAAgB,EAChBV,IAAc,EACI;EAClB,IAAIyC,aAAsC;EAC1C,IAAIC,SAAiB;EACrB,IAAI;IACF,IAAIvC,MAAsC;IAC1C;IACA,IAAI,CAACI,GAAG,EAAE;MACR,IAAIoC,YAAoB;MACxB,IAAI;QACFA,YAAY,GAAGzD,uBAAuB,CACpC,eAAe,EACf,CAAC,EACD,2DACF,CAAC;QACD,IAAI,CAACiB,MAAM,EACTA,MAAM,GAAG,MAAMF,0BAA0B,CAACI,QAAQ,GAAG,SAAS,CAAC;QACjEE,GAAG,GAAIJ,MAAM,CAACA,MAAM,CAAsBwB,KAAK;QAC/CvC,qBAAqB,CACnBuD,YAAY,EACX,0BAAyBtC,QAAQ,GAAG,SAAU,MAAKE,GAAI,EAAC,EACzD,SACF,CAAC;MACH,CAAC,CAAC,OAAOiC,KAAK,EAAE;QACdpD,qBAAqB,CACnBuD,YAAY,EACX,6DAA4DH,KAAK,CAACI,OAAQ,EAAC,EAC5E,MACF,CAAC;MACH;IACF;IACA;IACA,IAAI,CAACpC,GAAG,EAAE;MACR,IAAIqC,YAAoB;MACxB,IAAI;QACFA,YAAY,GAAG3D,uBAAuB,CACpC,eAAe,EACf,CAAC,EACD,yDACF,CAAC;QACDsB,GAAG,GAAGsC,IAAI,CAACC,KAAK,CAAChE,EAAE,CAACiE,YAAY,CAAC5C,cAAc,CAACC,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;QACnEjB,qBAAqB,CACnByD,YAAY,EACX,gCAA+BzC,cAAc,CAACC,QAAQ,CAAE,EAAC,EAC1D,SACF,CAAC;MACH,CAAC,CAAC,OAAOmC,KAAK,EAAE;QACdpD,qBAAqB,CACnByD,YAAY,EACX,kEAAiEL,KAAK,CAACI,OAAQ,EAAC,EACjF,MACF,CAAC;MACH;IACF;IACA;IACA,IAAI,CAACnC,GAAG,EAAE;MACR,IAAIwC,YAAoB;MACxB,IAAI;QACFA,YAAY,GAAG/D,uBAAuB,CACpC,eAAe,EACf,CAAC,EACD,uCACF,CAAC;QACD,IAAI,CAACiB,MAAM,EACTA,MAAM,GAAG,MAAMtB,KAAK,CAACqB,UAAU,CAACC,MAAM,CAACF,0BAA0B,CAC/DI,QAAQ,GAAG,SACb,CAAC;QACH,IACGF,MAAM,CAACmC,eAAe,CAAwBX,KAAK,IACnDxB,MAAM,CAACmC,eAAe,CAAwBX,KAAK,CAACY,MAAM,EAE3D9B,GAAG,GAAIN,MAAM,CAACmC,eAAe,CAAwBX,KAAK,CAAC,CAAC,CAAC;MACjE,CAAC,CAAC,OAAOa,KAAK,EAAE;QACdpD,qBAAqB,CACnB6D,YAAY,EACX,yGAAwGT,KAAK,CAACI,OAAQ,EAAC,EACxH,MACF,CAAC;MACH;MACA,IAAInC,GAAG,EAAE;QACPrB,qBAAqB,CACnB6D,YAAY,EACX,uDAAsDxC,GAAI,EAAC,EAC5D,SACF,CAAC;MACH,CAAC,MAAM;QACLrB,qBAAqB,CACnB6D,YAAY,EACX,oHAAmH,EACpH,SACF,CAAC;MACH;IACF;IACA;IACAP,SAAS,GAAGxD,uBAAuB,CACjC,eAAe,EACf,CAAC,EACD,uCACF,CAAC;IACDuD,aAAa,GAAG,MAAM5C,6BAA6B,CACjDQ,QAAQ,EACRE,GAAG,EACHC,GAAG,EACHC,GAAG,EACHC,KACF,CAAC;IACDtB,qBAAqB,CACnBsD,SAAS,EACT,iDAAiD,EACjD,SACF,CAAC;EACH,CAAC,CAAC,OAAOF,KAAK,EAAE;IAAA,IAAAU,eAAA;IACd9D,qBAAqB,CACnBsD,SAAS,EACR,6CAA4C3C,SAAS,CACpD,EAAAmD,eAAA,GAAAV,KAAK,CAACW,QAAQ,cAAAD,eAAA,uBAAdA,eAAA,CAAgBE,IAAI,KAAIZ,KAAK,CAACI,OAChC,CAAE,EAAC,EACH,MACF,CAAC;IACD,OAAO,KAAK;EACd;EACA5D,yBAAyB,CAAC,CAAC;EAE3B,IAAIgB,IAAI,EAAE;IACRb,YAAY,CAACsD,aAAa,EAAE,MAAM,CAAC;EACrC,CAAC,MAAM;IACLtD,YAAY,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;IAC5CA,YAAY,CAACsD,aAAa,CAACY,YAAY,CAAC;IACxC,IAAIZ,aAAa,CAACa,QAAQ,EAAE;MAC1BnE,YAAY,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;MAC9CA,YAAY,CAACsD,aAAa,CAACa,QAAQ,CAAC;IACtC;EACF;EACA,OAAO,IAAI;AACb"}