@rockcarver/frodo-lib 2.0.0-13 → 2.0.0-15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (403) hide show
  1. package/build.zip +0 -0
  2. package/cjs/api/AgentApi.js.map +1 -1
  3. package/cjs/api/AuthenticateApi.js.map +1 -1
  4. package/cjs/api/BaseApi.js +1 -1
  5. package/cjs/api/BaseApi.js.map +1 -1
  6. package/cjs/api/CirclesOfTrustApi.js.map +1 -1
  7. package/cjs/api/IdmConfigApi.js.map +1 -1
  8. package/cjs/api/IdmSystemApi.js.map +1 -1
  9. package/cjs/api/ManagedObjectApi.js.map +1 -1
  10. package/cjs/api/NodeApi.js.map +1 -1
  11. package/cjs/api/OAuth2ClientApi.js.map +1 -1
  12. package/cjs/api/OAuth2OIDCApi.js.map +1 -1
  13. package/cjs/api/OAuth2OIDCApi.test.js +2 -2
  14. package/cjs/api/OAuth2OIDCApi.test.js.map +1 -1
  15. package/cjs/api/OAuth2ProviderApi.js.map +1 -1
  16. package/cjs/api/PoliciesApi.js.map +1 -1
  17. package/cjs/api/PolicySetApi.js.map +1 -1
  18. package/cjs/api/RealmApi.js.map +1 -1
  19. package/cjs/api/ResourceTypesApi.js.map +1 -1
  20. package/cjs/api/Saml2Api.js.map +1 -1
  21. package/cjs/api/ScriptApi.js.map +1 -1
  22. package/cjs/api/ServerInfoApi.js.map +1 -1
  23. package/cjs/api/ServiceApi.js.map +1 -1
  24. package/cjs/api/SocialIdentityProvidersApi.js.map +1 -1
  25. package/cjs/api/TreeApi.js.map +1 -1
  26. package/cjs/api/cloud/AdminFederationProvidersApi.js.map +1 -1
  27. package/cjs/api/cloud/EnvInfoApi.js.map +1 -1
  28. package/cjs/api/cloud/FeatureApi.js.map +1 -1
  29. package/cjs/api/cloud/LogApi.js.map +1 -1
  30. package/cjs/api/cloud/SecretsApi.js.map +1 -1
  31. package/cjs/api/cloud/StartupApi.js.map +1 -1
  32. package/cjs/api/cloud/VariablesApi.js.map +1 -1
  33. package/cjs/api/utils/ApiUtils.js.map +1 -1
  34. package/cjs/api/utils/Base64.js +4 -4
  35. package/cjs/api/utils/Base64.js.map +1 -1
  36. package/cjs/index.js +12 -10
  37. package/cjs/index.js.map +1 -1
  38. package/cjs/lib/FrodoLib.js +181 -22
  39. package/cjs/lib/FrodoLib.js.map +1 -1
  40. package/cjs/lib/FrodoLib.test.js +9 -9
  41. package/cjs/lib/FrodoLib.test.js.map +1 -1
  42. package/cjs/ops/AdminOps.js.map +1 -1
  43. package/cjs/ops/AgentOps.js +35 -35
  44. package/cjs/ops/AgentOps.js.map +1 -1
  45. package/cjs/ops/AuthenticateOps.js +10 -12
  46. package/cjs/ops/AuthenticateOps.js.map +1 -1
  47. package/cjs/ops/CirclesOfTrustOps.js +14 -14
  48. package/cjs/ops/CirclesOfTrustOps.js.map +1 -1
  49. package/cjs/ops/ConnectionProfileOps.js +2 -2
  50. package/cjs/ops/ConnectionProfileOps.js.map +1 -1
  51. package/cjs/ops/ConnectionProfileOps.test.js +5 -5
  52. package/cjs/ops/ConnectionProfileOps.test.js.map +1 -1
  53. package/cjs/ops/EmailTemplateOps.js.map +1 -1
  54. package/cjs/ops/IdmOps.js.map +1 -1
  55. package/cjs/ops/IdpOps.js.map +1 -1
  56. package/cjs/ops/InfoOps.js +3 -4
  57. package/cjs/ops/InfoOps.js.map +1 -1
  58. package/cjs/ops/JoseOps.js +30 -0
  59. package/cjs/ops/JoseOps.js.map +1 -1
  60. package/cjs/ops/JourneyOps.js +41 -43
  61. package/cjs/ops/JourneyOps.js.map +1 -1
  62. package/cjs/ops/JourneyOps.test.js +3 -2
  63. package/cjs/ops/JourneyOps.test.js.map +1 -1
  64. package/cjs/ops/ManagedObjectOps.js.map +1 -1
  65. package/cjs/ops/NodeOps.js.map +1 -1
  66. package/cjs/ops/OAuth2ClientOps.js +19 -19
  67. package/cjs/ops/OAuth2ClientOps.js.map +1 -1
  68. package/cjs/ops/OAuth2OidcOps.js.map +1 -1
  69. package/cjs/ops/OAuth2ProviderOps.js.map +1 -1
  70. package/cjs/ops/OpsTypes.js.map +1 -1
  71. package/cjs/ops/OrganizationOps.js.map +1 -1
  72. package/cjs/ops/PolicyOps.js +29 -29
  73. package/cjs/ops/PolicyOps.js.map +1 -1
  74. package/cjs/ops/PolicySetOps.js +27 -27
  75. package/cjs/ops/PolicySetOps.js.map +1 -1
  76. package/cjs/ops/RealmOps.js.map +1 -1
  77. package/cjs/ops/ResourceTypeOps.js +23 -23
  78. package/cjs/ops/ResourceTypeOps.js.map +1 -1
  79. package/cjs/ops/Saml2Ops.js +11 -11
  80. package/cjs/ops/Saml2Ops.js.map +1 -1
  81. package/cjs/ops/Saml2Ops.test.js +3 -2
  82. package/cjs/ops/Saml2Ops.test.js.map +1 -1
  83. package/cjs/ops/ScriptOps.js +3 -3
  84. package/cjs/ops/ScriptOps.js.map +1 -1
  85. package/cjs/ops/ServiceOps.js.map +1 -1
  86. package/cjs/ops/ThemeOps.js.map +1 -1
  87. package/cjs/ops/cloud/AdminFederationOps.js.map +1 -1
  88. package/cjs/ops/cloud/FeatureOps.js.map +1 -1
  89. package/cjs/ops/cloud/LogOps.js.map +1 -1
  90. package/cjs/ops/cloud/SecretsOps.js.map +1 -1
  91. package/cjs/ops/cloud/ServiceAccountOps.js +1 -1
  92. package/cjs/ops/cloud/ServiceAccountOps.js.map +1 -1
  93. package/cjs/ops/cloud/StartupOps.js.map +1 -1
  94. package/cjs/ops/cloud/VariablesOps.js.map +1 -1
  95. package/cjs/ops/utils/Console.js.map +1 -1
  96. package/cjs/ops/utils/DataProtection.js +3 -3
  97. package/cjs/ops/utils/DataProtection.js.map +1 -1
  98. package/cjs/ops/utils/DataProtection.test.js +1 -1
  99. package/cjs/ops/utils/DataProtection.test.js.map +1 -1
  100. package/cjs/ops/utils/ExportImportUtils.js +2 -2
  101. package/cjs/ops/utils/ExportImportUtils.js.map +1 -1
  102. package/cjs/ops/utils/OpsUtils.js +105 -25
  103. package/cjs/ops/utils/OpsUtils.js.map +1 -1
  104. package/cjs/ops/utils/OpsUtils.test.js +6 -5
  105. package/cjs/ops/utils/OpsUtils.test.js.map +1 -1
  106. package/cjs/ops/utils/ScriptValidationUtils.js +33 -2
  107. package/cjs/ops/utils/ScriptValidationUtils.js.map +1 -1
  108. package/cjs/ops/utils/ScriptValidationUtils.test.js +1 -1
  109. package/cjs/ops/utils/ScriptValidationUtils.test.js.map +1 -1
  110. package/cjs/ops/utils/{Version.js → VersionUtils.js} +1 -1
  111. package/cjs/ops/utils/VersionUtils.js.map +1 -0
  112. package/cjs/ops/utils/{Version.test.js → VersionUtils.test.js} +3 -3
  113. package/cjs/ops/utils/VersionUtils.test.js.map +1 -0
  114. package/cjs/shared/Constants.js +34 -0
  115. package/cjs/shared/Constants.js.map +1 -0
  116. package/cjs/shared/State.js +477 -220
  117. package/cjs/shared/State.js.map +1 -1
  118. package/cjs/utils/SetupPollyForFrodoLib.js.map +1 -1
  119. package/esm/api/AgentApi.js.map +1 -1
  120. package/esm/api/AuthenticateApi.js.map +1 -1
  121. package/esm/api/BaseApi.js +2 -2
  122. package/esm/api/BaseApi.js.map +1 -1
  123. package/esm/api/CirclesOfTrustApi.js.map +1 -1
  124. package/esm/api/IdmConfigApi.js.map +1 -1
  125. package/esm/api/IdmSystemApi.js.map +1 -1
  126. package/esm/api/ManagedObjectApi.js.map +1 -1
  127. package/esm/api/NodeApi.js.map +1 -1
  128. package/esm/api/OAuth2ClientApi.js.map +1 -1
  129. package/esm/api/OAuth2OIDCApi.js.map +1 -1
  130. package/esm/api/OAuth2OIDCApi.test.js +2 -2
  131. package/esm/api/OAuth2OIDCApi.test.js.map +1 -1
  132. package/esm/api/OAuth2ProviderApi.js.map +1 -1
  133. package/esm/api/PoliciesApi.js.map +1 -1
  134. package/esm/api/PolicySetApi.js.map +1 -1
  135. package/esm/api/RealmApi.js.map +1 -1
  136. package/esm/api/ResourceTypesApi.js.map +1 -1
  137. package/esm/api/Saml2Api.js.map +1 -1
  138. package/esm/api/ScriptApi.js.map +1 -1
  139. package/esm/api/ServerInfoApi.js.map +1 -1
  140. package/esm/api/ServiceApi.js.map +1 -1
  141. package/esm/api/SocialIdentityProvidersApi.js.map +1 -1
  142. package/esm/api/TreeApi.js.map +1 -1
  143. package/esm/api/cloud/AdminFederationProvidersApi.js.map +1 -1
  144. package/esm/api/cloud/EnvInfoApi.js.map +1 -1
  145. package/esm/api/cloud/FeatureApi.js.map +1 -1
  146. package/esm/api/cloud/LogApi.js.map +1 -1
  147. package/esm/api/cloud/SecretsApi.js.map +1 -1
  148. package/esm/api/cloud/StartupApi.js.map +1 -1
  149. package/esm/api/cloud/VariablesApi.js.map +1 -1
  150. package/esm/api/utils/ApiUtils.js.map +1 -1
  151. package/esm/api/utils/Base64.js +4 -4
  152. package/esm/api/utils/Base64.js.map +1 -1
  153. package/esm/index.js +2 -1
  154. package/esm/index.js.map +1 -1
  155. package/esm/lib/FrodoLib.js +164 -19
  156. package/esm/lib/FrodoLib.js.map +1 -1
  157. package/esm/lib/FrodoLib.test.js +10 -10
  158. package/esm/lib/FrodoLib.test.js.map +1 -1
  159. package/esm/ops/AdminOps.js.map +1 -1
  160. package/esm/ops/AgentOps.js.map +1 -1
  161. package/esm/ops/AuthenticateOps.js +10 -10
  162. package/esm/ops/AuthenticateOps.js.map +1 -1
  163. package/esm/ops/CirclesOfTrustOps.js.map +1 -1
  164. package/esm/ops/ConnectionProfileOps.js +2 -2
  165. package/esm/ops/ConnectionProfileOps.js.map +1 -1
  166. package/esm/ops/ConnectionProfileOps.test.js +5 -5
  167. package/esm/ops/ConnectionProfileOps.test.js.map +1 -1
  168. package/esm/ops/EmailTemplateOps.js.map +1 -1
  169. package/esm/ops/IdmOps.js.map +1 -1
  170. package/esm/ops/IdpOps.js.map +1 -1
  171. package/esm/ops/InfoOps.js +2 -2
  172. package/esm/ops/InfoOps.js.map +1 -1
  173. package/esm/ops/JoseOps.js +20 -0
  174. package/esm/ops/JoseOps.js.map +1 -1
  175. package/esm/ops/JourneyOps.js +10 -11
  176. package/esm/ops/JourneyOps.js.map +1 -1
  177. package/esm/ops/JourneyOps.test.js +2 -2
  178. package/esm/ops/JourneyOps.test.js.map +1 -1
  179. package/esm/ops/ManagedObjectOps.js.map +1 -1
  180. package/esm/ops/NodeOps.js.map +1 -1
  181. package/esm/ops/OAuth2ClientOps.js.map +1 -1
  182. package/esm/ops/OAuth2OidcOps.js.map +1 -1
  183. package/esm/ops/OAuth2ProviderOps.js.map +1 -1
  184. package/esm/ops/OpsTypes.js.map +1 -1
  185. package/esm/ops/OrganizationOps.js.map +1 -1
  186. package/esm/ops/PolicyOps.js.map +1 -1
  187. package/esm/ops/PolicySetOps.js.map +1 -1
  188. package/esm/ops/RealmOps.js.map +1 -1
  189. package/esm/ops/ResourceTypeOps.js.map +1 -1
  190. package/esm/ops/Saml2Ops.js.map +1 -1
  191. package/esm/ops/Saml2Ops.test.js +2 -2
  192. package/esm/ops/Saml2Ops.test.js.map +1 -1
  193. package/esm/ops/ScriptOps.js.map +1 -1
  194. package/esm/ops/ServiceOps.js.map +1 -1
  195. package/esm/ops/ThemeOps.js.map +1 -1
  196. package/esm/ops/cloud/AdminFederationOps.js.map +1 -1
  197. package/esm/ops/cloud/FeatureOps.js.map +1 -1
  198. package/esm/ops/cloud/LogOps.js.map +1 -1
  199. package/esm/ops/cloud/SecretsOps.js.map +1 -1
  200. package/esm/ops/cloud/ServiceAccountOps.js +1 -1
  201. package/esm/ops/cloud/ServiceAccountOps.js.map +1 -1
  202. package/esm/ops/cloud/StartupOps.js.map +1 -1
  203. package/esm/ops/cloud/VariablesOps.js.map +1 -1
  204. package/esm/ops/utils/Console.js.map +1 -1
  205. package/esm/ops/utils/DataProtection.js +3 -3
  206. package/esm/ops/utils/DataProtection.js.map +1 -1
  207. package/esm/ops/utils/DataProtection.test.js +2 -2
  208. package/esm/ops/utils/DataProtection.test.js.map +1 -1
  209. package/esm/ops/utils/ExportImportUtils.js +2 -2
  210. package/esm/ops/utils/ExportImportUtils.js.map +1 -1
  211. package/esm/ops/utils/OpsUtils.js +96 -22
  212. package/esm/ops/utils/OpsUtils.js.map +1 -1
  213. package/esm/ops/utils/OpsUtils.test.js +5 -5
  214. package/esm/ops/utils/OpsUtils.test.js.map +1 -1
  215. package/esm/ops/utils/ScriptValidationUtils.js +28 -0
  216. package/esm/ops/utils/ScriptValidationUtils.js.map +1 -1
  217. package/esm/ops/utils/ScriptValidationUtils.test.js +2 -2
  218. package/esm/ops/utils/ScriptValidationUtils.test.js.map +1 -1
  219. package/esm/ops/utils/{Version.js → VersionUtils.js} +1 -1
  220. package/esm/ops/utils/VersionUtils.js.map +1 -0
  221. package/esm/ops/utils/{Version.test.js → VersionUtils.test.js} +2 -2
  222. package/esm/ops/utils/VersionUtils.test.js.map +1 -0
  223. package/esm/shared/Constants.js +27 -0
  224. package/esm/shared/Constants.js.map +1 -0
  225. package/esm/shared/State.js +481 -226
  226. package/esm/shared/State.js.map +1 -1
  227. package/esm/utils/SetupPollyForFrodoLib.js.map +1 -1
  228. package/package.json +5 -2
  229. package/types/api/AgentApi.d.ts +1 -1
  230. package/types/api/AgentApi.d.ts.map +1 -1
  231. package/types/api/AuthenticateApi.d.ts +1 -1
  232. package/types/api/AuthenticateApi.d.ts.map +1 -1
  233. package/types/api/BaseApi.d.ts +1 -1
  234. package/types/api/BaseApi.d.ts.map +1 -1
  235. package/types/api/CirclesOfTrustApi.d.ts +1 -1
  236. package/types/api/CirclesOfTrustApi.d.ts.map +1 -1
  237. package/types/api/IdmConfigApi.d.ts +1 -1
  238. package/types/api/IdmConfigApi.d.ts.map +1 -1
  239. package/types/api/IdmSystemApi.d.ts +1 -1
  240. package/types/api/IdmSystemApi.d.ts.map +1 -1
  241. package/types/api/ManagedObjectApi.d.ts +1 -1
  242. package/types/api/ManagedObjectApi.d.ts.map +1 -1
  243. package/types/api/NodeApi.d.ts +1 -1
  244. package/types/api/NodeApi.d.ts.map +1 -1
  245. package/types/api/OAuth2ClientApi.d.ts +1 -1
  246. package/types/api/OAuth2ClientApi.d.ts.map +1 -1
  247. package/types/api/OAuth2OIDCApi.d.ts +1 -1
  248. package/types/api/OAuth2OIDCApi.d.ts.map +1 -1
  249. package/types/api/OAuth2ProviderApi.d.ts +1 -1
  250. package/types/api/OAuth2ProviderApi.d.ts.map +1 -1
  251. package/types/api/PoliciesApi.d.ts +1 -1
  252. package/types/api/PoliciesApi.d.ts.map +1 -1
  253. package/types/api/PolicySetApi.d.ts +1 -1
  254. package/types/api/PolicySetApi.d.ts.map +1 -1
  255. package/types/api/RealmApi.d.ts +1 -1
  256. package/types/api/RealmApi.d.ts.map +1 -1
  257. package/types/api/ResourceTypesApi.d.ts +1 -1
  258. package/types/api/ResourceTypesApi.d.ts.map +1 -1
  259. package/types/api/Saml2Api.d.ts +1 -1
  260. package/types/api/Saml2Api.d.ts.map +1 -1
  261. package/types/api/ScriptApi.d.ts +1 -1
  262. package/types/api/ScriptApi.d.ts.map +1 -1
  263. package/types/api/ServerInfoApi.d.ts +1 -1
  264. package/types/api/ServerInfoApi.d.ts.map +1 -1
  265. package/types/api/ServiceApi.d.ts +1 -1
  266. package/types/api/ServiceApi.d.ts.map +1 -1
  267. package/types/api/SocialIdentityProvidersApi.d.ts +1 -1
  268. package/types/api/SocialIdentityProvidersApi.d.ts.map +1 -1
  269. package/types/api/TreeApi.d.ts +1 -1
  270. package/types/api/TreeApi.d.ts.map +1 -1
  271. package/types/api/cloud/AdminFederationProvidersApi.d.ts +1 -1
  272. package/types/api/cloud/AdminFederationProvidersApi.d.ts.map +1 -1
  273. package/types/api/cloud/EnvInfoApi.d.ts +1 -1
  274. package/types/api/cloud/EnvInfoApi.d.ts.map +1 -1
  275. package/types/api/cloud/FeatureApi.d.ts +1 -1
  276. package/types/api/cloud/FeatureApi.d.ts.map +1 -1
  277. package/types/api/cloud/LogApi.d.ts +1 -1
  278. package/types/api/cloud/LogApi.d.ts.map +1 -1
  279. package/types/api/cloud/SecretsApi.d.ts +1 -1
  280. package/types/api/cloud/SecretsApi.d.ts.map +1 -1
  281. package/types/api/cloud/StartupApi.d.ts +1 -1
  282. package/types/api/cloud/StartupApi.d.ts.map +1 -1
  283. package/types/api/cloud/VariablesApi.d.ts +1 -1
  284. package/types/api/cloud/VariablesApi.d.ts.map +1 -1
  285. package/types/api/utils/ApiUtils.d.ts +1 -1
  286. package/types/api/utils/ApiUtils.d.ts.map +1 -1
  287. package/types/api/utils/Base64.d.ts +6 -6
  288. package/types/api/utils/Base64.d.ts.map +1 -1
  289. package/types/index.d.ts +2 -1
  290. package/types/index.d.ts.map +1 -1
  291. package/types/lib/FrodoLib.d.ts +224 -370
  292. package/types/lib/FrodoLib.d.ts.map +1 -1
  293. package/types/ops/AdminOps.d.ts +3 -2
  294. package/types/ops/AdminOps.d.ts.map +1 -1
  295. package/types/ops/AgentOps.d.ts +3 -2
  296. package/types/ops/AgentOps.d.ts.map +1 -1
  297. package/types/ops/AuthenticateOps.d.ts +3 -2
  298. package/types/ops/AuthenticateOps.d.ts.map +1 -1
  299. package/types/ops/CirclesOfTrustOps.d.ts +3 -2
  300. package/types/ops/CirclesOfTrustOps.d.ts.map +1 -1
  301. package/types/ops/ConnectionProfileOps.d.ts +3 -2
  302. package/types/ops/ConnectionProfileOps.d.ts.map +1 -1
  303. package/types/ops/EmailTemplateOps.d.ts +3 -2
  304. package/types/ops/EmailTemplateOps.d.ts.map +1 -1
  305. package/types/ops/IdmOps.d.ts +3 -2
  306. package/types/ops/IdmOps.d.ts.map +1 -1
  307. package/types/ops/IdpOps.d.ts +3 -2
  308. package/types/ops/IdpOps.d.ts.map +1 -1
  309. package/types/ops/InfoOps.d.ts +3 -2
  310. package/types/ops/InfoOps.d.ts.map +1 -1
  311. package/types/ops/JoseOps.d.ts +17 -1
  312. package/types/ops/JoseOps.d.ts.map +1 -1
  313. package/types/ops/JourneyOps.d.ts +16 -10
  314. package/types/ops/JourneyOps.d.ts.map +1 -1
  315. package/types/ops/ManagedObjectOps.d.ts +3 -2
  316. package/types/ops/ManagedObjectOps.d.ts.map +1 -1
  317. package/types/ops/NodeOps.d.ts +3 -2
  318. package/types/ops/NodeOps.d.ts.map +1 -1
  319. package/types/ops/OAuth2ClientOps.d.ts +3 -2
  320. package/types/ops/OAuth2ClientOps.d.ts.map +1 -1
  321. package/types/ops/OAuth2OidcOps.d.ts +6 -5
  322. package/types/ops/OAuth2OidcOps.d.ts.map +1 -1
  323. package/types/ops/OAuth2ProviderOps.d.ts +3 -2
  324. package/types/ops/OAuth2ProviderOps.d.ts.map +1 -1
  325. package/types/ops/OpsTypes.d.ts +1 -1
  326. package/types/ops/OpsTypes.d.ts.map +1 -1
  327. package/types/ops/OrganizationOps.d.ts +3 -2
  328. package/types/ops/OrganizationOps.d.ts.map +1 -1
  329. package/types/ops/PolicyOps.d.ts +3 -2
  330. package/types/ops/PolicyOps.d.ts.map +1 -1
  331. package/types/ops/PolicySetOps.d.ts +3 -2
  332. package/types/ops/PolicySetOps.d.ts.map +1 -1
  333. package/types/ops/RealmOps.d.ts +3 -2
  334. package/types/ops/RealmOps.d.ts.map +1 -1
  335. package/types/ops/ResourceTypeOps.d.ts +3 -2
  336. package/types/ops/ResourceTypeOps.d.ts.map +1 -1
  337. package/types/ops/Saml2Ops.d.ts +3 -2
  338. package/types/ops/Saml2Ops.d.ts.map +1 -1
  339. package/types/ops/ScriptOps.d.ts +3 -2
  340. package/types/ops/ScriptOps.d.ts.map +1 -1
  341. package/types/ops/ServiceOps.d.ts +4 -3
  342. package/types/ops/ServiceOps.d.ts.map +1 -1
  343. package/types/ops/ThemeOps.d.ts +3 -2
  344. package/types/ops/ThemeOps.d.ts.map +1 -1
  345. package/types/ops/cloud/AdminFederationOps.d.ts +3 -2
  346. package/types/ops/cloud/AdminFederationOps.d.ts.map +1 -1
  347. package/types/ops/cloud/FeatureOps.d.ts +3 -2
  348. package/types/ops/cloud/FeatureOps.d.ts.map +1 -1
  349. package/types/ops/cloud/LogOps.d.ts +3 -2
  350. package/types/ops/cloud/LogOps.d.ts.map +1 -1
  351. package/types/ops/cloud/SecretsOps.d.ts +3 -2
  352. package/types/ops/cloud/SecretsOps.d.ts.map +1 -1
  353. package/types/ops/cloud/ServiceAccountOps.d.ts +7 -6
  354. package/types/ops/cloud/ServiceAccountOps.d.ts.map +1 -1
  355. package/types/ops/cloud/StartupOps.d.ts +3 -2
  356. package/types/ops/cloud/StartupOps.d.ts.map +1 -1
  357. package/types/ops/cloud/VariablesOps.d.ts +3 -2
  358. package/types/ops/cloud/VariablesOps.d.ts.map +1 -1
  359. package/types/ops/utils/Console.d.ts +1 -1
  360. package/types/ops/utils/Console.d.ts.map +1 -1
  361. package/types/ops/utils/DataProtection.d.ts +1 -1
  362. package/types/ops/utils/DataProtection.d.ts.map +1 -1
  363. package/types/ops/utils/ExportImportUtils.d.ts +3 -2
  364. package/types/ops/utils/ExportImportUtils.d.ts.map +1 -1
  365. package/types/ops/utils/OpsUtils.d.ts +73 -17
  366. package/types/ops/utils/OpsUtils.d.ts.map +1 -1
  367. package/types/ops/utils/ScriptValidationUtils.d.ts +20 -1
  368. package/types/ops/utils/ScriptValidationUtils.d.ts.map +1 -1
  369. package/types/ops/utils/{Version.d.ts → VersionUtils.d.ts} +4 -4
  370. package/types/ops/utils/VersionUtils.d.ts.map +1 -0
  371. package/types/shared/Constants.d.ts +34 -0
  372. package/types/shared/Constants.d.ts.map +1 -0
  373. package/types/shared/State.d.ts +38 -38
  374. package/types/shared/State.d.ts.map +1 -1
  375. package/types/utils/SetupPollyForFrodoLib.d.ts +1 -1
  376. package/types/utils/SetupPollyForFrodoLib.d.ts.map +1 -1
  377. package/cjs/lib/Frodo.js +0 -85
  378. package/cjs/lib/Frodo.js.map +0 -1
  379. package/cjs/ops/utils/Version.js.map +0 -1
  380. package/cjs/ops/utils/Version.test.js.map +0 -1
  381. package/cjs/ops/utils/Wordwrap.js +0 -12
  382. package/cjs/ops/utils/Wordwrap.js.map +0 -1
  383. package/cjs/ops/utils/Wordwrap.test.js +0 -22
  384. package/cjs/ops/utils/Wordwrap.test.js.map +0 -1
  385. package/cjs/storage/StaticStorage.js +0 -31
  386. package/cjs/storage/StaticStorage.js.map +0 -1
  387. package/esm/lib/Frodo.js +0 -59
  388. package/esm/lib/Frodo.js.map +0 -1
  389. package/esm/ops/utils/Version.js.map +0 -1
  390. package/esm/ops/utils/Version.test.js.map +0 -1
  391. package/esm/ops/utils/Wordwrap.js +0 -5
  392. package/esm/ops/utils/Wordwrap.js.map +0 -1
  393. package/esm/ops/utils/Wordwrap.test.js +0 -19
  394. package/esm/ops/utils/Wordwrap.test.js.map +0 -1
  395. package/esm/storage/StaticStorage.js +0 -15
  396. package/esm/storage/StaticStorage.js.map +0 -1
  397. package/types/lib/Frodo.d.ts +0 -1159
  398. package/types/lib/Frodo.d.ts.map +0 -1
  399. package/types/ops/utils/Version.d.ts.map +0 -1
  400. package/types/ops/utils/Wordwrap.d.ts +0 -2
  401. package/types/ops/utils/Wordwrap.d.ts.map +0 -1
  402. package/types/storage/StaticStorage.d.ts +0 -15
  403. package/types/storage/StaticStorage.d.ts.map +0 -1
package/esm/ops/AdminOps.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AdminOps.js","names":["fs","_","getOAuth2Clients","getOAuth2Client","putOAuth2Client","getConfigEntity","putConfigEntity","isEqualJson","getRealmManagedUser","getRealmManagedOrganization","getOAuth2Provider","putSecret","clientCredentialsGrant","printMessage","path","fileURLToPath","state","listOAuth2CustomClients","listOAuth2AdminClients","listNonOAuth2AdminStaticUserMappings","showProtected","addAutoIdStaticUserMapping","grantOAuth2ClientAdminPrivileges","clientId","revokeOAuth2ClientAdminPrivileges","createOAuth2ClientWithAdminPrivileges","clientSecret","createLongLivedToken","scope","secret","lifetime","removeStaticUserMapping","subject","hideGenericExtensionAttributes","includeCustomized","dryRun","showGenericExtensionAttributes","repairOrgModel","excludeCustomized","extendPermissions","__dirname","dirname","import","meta","url","OAUTH2_CLIENT","JSON","parse","readFileSync","resolve","GENERIC_EXTENSION_ATTRIBUTES","protectedClients","protectedSubjects","privilegedScopes","privilegedRoles","adminScopes","adminDefaultScopes","adminRoles","autoIdRoles","clients","clientIds","map","client","_id","filter","includes","authentication","entityId","subjects","rsFilter","staticUserMapping","mapping","adminClients","isPrivileged","coreOAuth2ClientConfig","scopes","forEach","roles","role","adminSubjects","getDynamicClientRegistrationScope","provider","clientDynamicRegistrationConfig","dynamicClientRegistrationScope","addAdminScopes","modClient","allAdminScopes","concat","addScopes","value","add","addDefaultScope","defaultScopes","length","message","addClientCredentialsGrantType","modified","advancedOAuth2ClientConfig","grantTypes","push","inherited","addAdminStaticUserMapping","name","error","type","needsAdminMapping","addRoles","mappings","newMapping","localUser","userRoles","entityData","putConfigEntityError","clientName","descriptions","startsWith","Date","toLocaleString","clientData","removeAdminScopes","finalScopes","finalDefaultScopes","removeClientCredentialsGrantType","finalGrantTypes","grantType","removeAdminStaticUserMapping","finalRoles","removeMapping","userpassword","rememberedLifetime","accessTokenLifetime","response","amBaseUrl","getHost","expires","getTime","expires_in","expires_on","description","secretId","access_token","get","newSecret","managed","propertyNames","Object","keys","updatedObjects","objects","object","schema","properties","viewable","repairOrgModelUser","RDVPs","repairData","queryConfig","flattenProperties","repairOrgModelOrg","repairOrgModelData","extendOrgModelPermissins"],"sources":["../../src/ops/AdminOps.ts"],"sourcesContent":["import fs from 'fs';\nimport _ from 'lodash';\nimport {\n getOAuth2Clients,\n getOAuth2Client,\n putOAuth2Client,\n} from '../ops/OAuth2ClientOps';\nimport { getConfigEntity, putConfigEntity } from '../api/IdmConfigApi';\nimport { isEqualJson, getRealmManagedUser } from './utils/OpsUtils';\nimport { getRealmManagedOrganization } from './OrganizationOps';\nimport { getOAuth2Provider } from '../ops/OAuth2ProviderOps';\nimport { putSecret } from '../api/cloud/SecretsApi';\nimport { clientCredentialsGrant } from '../api/OAuth2OIDCApi';\nimport { printMessage } from './utils/Console';\nimport path from 'path';\nimport { fileURLToPath } from 'url';\nimport State from '../shared/State';\nimport {\n OAuth2ClientSkeleton,\n ReadableStrings,\n WritableStrings,\n} from '../api/ApiTypes';\n\nexport default (state: State) => {\n return {\n /*\n * List all oauth2 clients, which have a corresponding staticUserMapping\n * in the IDM authentication.json:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"someOauth2ClientID\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n },\n {\n \"subject\": \"RCSClient\",\n \"localUser\": \"internal/user/idm-provisioning\"\n }\n ]\n }\n }\n */\n async listOAuth2CustomClients() {\n return listOAuth2CustomClients({ state });\n },\n\n /*\n * List all oauth2 clients, which have the fr:idm:* scope and a \n * corresponding staticUserMapping in the IDM authentication.json\n * and are assigned admin privileges:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"someOauth2ClientID\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\n async listOAuth2AdminClients() {\n return listOAuth2AdminClients({ state });\n },\n\n /*\n * List all static user mappings that are not oauth2 clients in authentication.json\n * and are assigned admin privileges:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"amadmin\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n },\n {\n \"subject\": \"idm-provisioning\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\"\n ]\n },\n {\n \"subject\": \"RCSClient\",\n \"localUser\": \"internal/user/idm-provisioning\"\n },\n {\n \"subject\": \"autoid-resource-server\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\",\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\n async listNonOAuth2AdminStaticUserMappings(showProtected: boolean) {\n return listNonOAuth2AdminStaticUserMappings({\n showProtected,\n state,\n });\n },\n\n /*\n * Add AutoId static user mapping to authentication.json to enable dashboards and other AutoId-based functionality.\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n ...\n {\n \"subject\": \"autoid-resource-server\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\",\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\n async addAutoIdStaticUserMapping() {\n return addAutoIdStaticUserMapping({ state });\n },\n\n async grantOAuth2ClientAdminPrivileges(clientId: string) {\n return grantOAuth2ClientAdminPrivileges({ clientId, state });\n },\n\n async revokeOAuth2ClientAdminPrivileges(clientId: string) {\n return revokeOAuth2ClientAdminPrivileges({ clientId, state });\n },\n\n async createOAuth2ClientWithAdminPrivileges(\n clientId: string,\n clientSecret: string\n ) {\n return createOAuth2ClientWithAdminPrivileges({\n clientId,\n clientSecret,\n state,\n });\n },\n\n async createLongLivedToken(\n clientId: string,\n clientSecret: string,\n scope: string,\n secret: string | boolean,\n lifetime: number\n ) {\n return createLongLivedToken({\n clientId,\n clientSecret,\n scope,\n secret,\n lifetime,\n state,\n });\n },\n\n async removeStaticUserMapping(subject: string) {\n return removeStaticUserMapping({ subject, state });\n },\n\n async hideGenericExtensionAttributes(\n includeCustomized: boolean,\n dryRun: boolean\n ) {\n return hideGenericExtensionAttributes({\n includeCustomized,\n dryRun,\n state,\n });\n },\n\n async showGenericExtensionAttributes(\n includeCustomized: boolean,\n dryRun: boolean\n ) {\n return showGenericExtensionAttributes({\n includeCustomized,\n dryRun,\n state,\n });\n },\n\n async repairOrgModel(\n excludeCustomized: boolean,\n extendPermissions: boolean,\n dryRun: boolean\n ) {\n return repairOrgModel({\n excludeCustomized,\n extendPermissions,\n dryRun,\n state,\n });\n },\n };\n};\n\nconst __dirname = path.dirname(fileURLToPath(import.meta.url));\n\nconst OAUTH2_CLIENT = JSON.parse(\n fs.readFileSync(\n path.resolve(__dirname, './templates/OAuth2ClientTemplate.json'),\n 'utf8'\n )\n);\nconst GENERIC_EXTENSION_ATTRIBUTES = JSON.parse(\n fs.readFileSync(\n path.resolve(\n __dirname,\n './templates/cloud/GenericExtensionAttributesTemplate.json'\n ),\n 'utf8'\n )\n);\n\nconst protectedClients = ['ui', 'idm-provisioning'];\nconst protectedSubjects = ['amadmin', 'autoid-resource-server'];\n\nconst privilegedScopes = [\n 'am-introspect-all-tokens',\n 'fr:idm:*',\n 'fr:idc:esv:*',\n];\n// const privilegedUsers = ['openidm-admin'];\nconst privilegedRoles = [\n 'internal/role/openidm-authorized',\n 'internal/role/openidm-admin',\n];\n\nconst adminScopes = ['fr:idm:*', 'fr:idc:esv:*'];\nconst adminDefaultScopes = ['fr:idm:*'];\nconst adminRoles = [\n 'internal/role/openidm-authorized',\n 'internal/role/openidm-admin',\n];\nconst autoIdRoles = [\n 'internal/role/platform-provisioning',\n 'internal/role/openidm-authorized',\n 'internal/role/openidm-admin',\n];\n\n/*\n * List all oauth2 clients, which have a corresponding staticUserMapping\n * in the IDM authentication.json:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"someOauth2ClientID\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n },\n {\n \"subject\": \"RCSClient\",\n \"localUser\": \"internal/user/idm-provisioning\"\n }\n ]\n }\n }\n */\nexport async function listOAuth2CustomClients({ state }: { state: State }) {\n const clients = await getOAuth2Clients({ state });\n const clientIds = clients\n .map((client) => client._id)\n .filter((client) => !protectedClients.includes(client));\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n const subjects = authentication.rsFilter.staticUserMapping\n .map((mapping) => mapping.subject)\n .filter((subject) => !protectedSubjects.includes(subject));\n const adminClients = subjects.filter((subject) =>\n clientIds.includes(subject)\n );\n return adminClients;\n}\n\n/*\n * List all oauth2 clients, which have the fr:idm:* scope and a \n * corresponding staticUserMapping in the IDM authentication.json\n * and are assigned admin privileges:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"someOauth2ClientID\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\nexport async function listOAuth2AdminClients({ state }: { state: State }) {\n const clients = await getOAuth2Clients({ state });\n const clientIds = clients\n .filter((client) => {\n // printMessage({ message: client, type: 'error', state });\n let isPrivileged = false;\n if (client.coreOAuth2ClientConfig.scopes) {\n (client.coreOAuth2ClientConfig.scopes as ReadableStrings).forEach(\n (scope) => {\n if (privilegedScopes.includes(scope)) {\n isPrivileged = true;\n }\n }\n );\n }\n return isPrivileged;\n })\n .map((client) => client._id)\n .filter((clientId) => !protectedClients.includes(clientId));\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n const subjects = authentication.rsFilter.staticUserMapping\n .filter((mapping) => {\n let isPrivileged = false;\n if (mapping.roles) {\n mapping.roles.forEach((role) => {\n if (privilegedRoles.includes(role)) {\n isPrivileged = true;\n }\n });\n }\n return isPrivileged;\n })\n .map((mapping) => mapping.subject)\n .filter((subject) => !protectedSubjects.includes(subject));\n const adminClients = subjects.filter((subject) =>\n clientIds.includes(subject)\n );\n return adminClients;\n}\n\n/*\n * List all static user mappings that are not oauth2 clients in authentication.json\n * and are assigned admin privileges:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"amadmin\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n },\n {\n \"subject\": \"idm-provisioning\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\"\n ]\n },\n {\n \"subject\": \"RCSClient\",\n \"localUser\": \"internal/user/idm-provisioning\"\n },\n {\n \"subject\": \"autoid-resource-server\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\",\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\nexport async function listNonOAuth2AdminStaticUserMappings({\n showProtected,\n state,\n}: {\n showProtected: boolean;\n state: State;\n}) {\n const clients = await getOAuth2Clients({ state });\n const clientIds = clients\n .map((client) => client._id)\n .filter((client) => !protectedClients.includes(client));\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n let subjects = authentication.rsFilter.staticUserMapping\n .filter((mapping) => {\n let isPrivileged = false;\n if (mapping.roles) {\n mapping.roles.forEach((role) => {\n if (privilegedRoles.includes(role)) {\n isPrivileged = true;\n }\n });\n }\n return isPrivileged;\n })\n .map((mapping) => mapping.subject);\n if (!showProtected) {\n subjects = subjects.filter(\n (subject) => !protectedSubjects.includes(subject)\n );\n }\n const adminSubjects = subjects.filter(\n (subject) => !clientIds.includes(subject)\n );\n return adminSubjects;\n}\n\nasync function getDynamicClientRegistrationScope({ state }: { state: State }) {\n const provider = await getOAuth2Provider({ state });\n return provider.clientDynamicRegistrationConfig\n .dynamicClientRegistrationScope;\n}\n\nasync function addAdminScopes({\n clientId,\n client,\n state,\n}: {\n clientId: string;\n client: OAuth2ClientSkeleton;\n state: State;\n}) {\n const modClient = client;\n const allAdminScopes = adminScopes.concat([\n await getDynamicClientRegistrationScope({ state }),\n ]);\n let addScopes = [];\n if (\n modClient.coreOAuth2ClientConfig.scopes &&\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value\n ) {\n addScopes = allAdminScopes.filter((scope) => {\n let add = false;\n if (\n !(\n modClient.coreOAuth2ClientConfig.scopes as WritableStrings\n ).value.includes(scope)\n ) {\n add = true;\n }\n return add;\n });\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value = (\n modClient.coreOAuth2ClientConfig.scopes as WritableStrings\n ).value.concat(addScopes);\n } else {\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value =\n allAdminScopes;\n }\n let addDefaultScope = false;\n if (\n modClient.coreOAuth2ClientConfig.defaultScopes &&\n modClient.coreOAuth2ClientConfig.defaultScopes.value\n ) {\n if (modClient.coreOAuth2ClientConfig.defaultScopes.value.length === 0) {\n addDefaultScope = true;\n modClient.coreOAuth2ClientConfig.defaultScopes.value = adminDefaultScopes;\n } else {\n printMessage({\n message: `Client \"${clientId}\" already has default scopes configured, not adding admin default scope.`,\n state,\n });\n }\n }\n if (addScopes.length > 0 || addDefaultScope) {\n printMessage({\n message: `Adding admin scopes to client \"${clientId}\"...`,\n state,\n });\n } else {\n printMessage({\n message: `Client \"${clientId}\" already has admin scopes.`,\n state,\n });\n }\n return modClient;\n}\n\nfunction addClientCredentialsGrantType({\n clientId,\n client,\n state,\n}: {\n clientId: string;\n client: OAuth2ClientSkeleton;\n state: State;\n}) {\n const modClient = client;\n let modified = false;\n if (\n modClient.advancedOAuth2ClientConfig.grantTypes &&\n (modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings).value\n ) {\n if (\n !(\n modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings\n ).value.includes('client_credentials')\n ) {\n modified = true;\n (\n modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings\n ).value.push('client_credentials');\n }\n } else {\n (modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings).value =\n ['client_credentials'];\n }\n (\n modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings\n ).inherited = false;\n if (modified) {\n printMessage({\n message: `Adding client credentials grant type to client \"${clientId}\"...`,\n state,\n });\n } else {\n printMessage({\n message: `Client \"${clientId}\" already has client credentials grant type.`,\n state,\n });\n }\n return modClient;\n}\n\nasync function addAdminStaticUserMapping({\n name,\n state,\n}: {\n name: string;\n state: State;\n}) {\n let authentication = {};\n try {\n authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n } catch (error) {\n printMessage({\n message: `Error reading IDM authentication configuration: ${error.message}`,\n type: 'error',\n state,\n });\n }\n let needsAdminMapping = true;\n let addRoles = [];\n const mappings = authentication['rsFilter']['staticUserMapping'].map(\n (mapping) => {\n // ignore mappings for other subjects\n if (mapping.subject !== name) {\n return mapping;\n }\n needsAdminMapping = false;\n addRoles = adminRoles.filter((role) => {\n let add = false;\n if (!mapping.roles.includes(role)) {\n add = true;\n }\n return add;\n });\n const newMapping = mapping;\n newMapping.roles = newMapping.roles.concat(addRoles);\n return newMapping;\n }\n );\n if (needsAdminMapping) {\n printMessage({\n message: `Creating static user mapping for client \"${name}\"...`,\n state,\n });\n mappings.push({\n subject: name,\n localUser: 'internal/user/openidm-admin',\n userRoles: 'authzRoles/*',\n roles: adminRoles,\n });\n }\n authentication['rsFilter']['staticUserMapping'] = mappings;\n if (addRoles.length > 0 || needsAdminMapping) {\n printMessage({\n message: `Adding admin roles to static user mapping for client \"${name}\"...`,\n state,\n });\n try {\n await putConfigEntity({\n entityId: 'authentication',\n entityData: authentication,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n } else {\n printMessage({\n message: `Static user mapping for client \"${name}\" already has admin roles.`,\n state,\n });\n }\n}\n\n/*\n * Add AutoId static user mapping to authentication.json to enable dashboards and other AutoId-based functionality.\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n ...\n {\n \"subject\": \"autoid-resource-server\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\",\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\nexport async function addAutoIdStaticUserMapping({ state }: { state: State }) {\n const name = 'autoid-resource-server';\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n let needsAdminMapping = true;\n let addRoles = [];\n const mappings = authentication.rsFilter.staticUserMapping.map((mapping) => {\n // ignore mappings for other subjects\n if (mapping.subject !== name) {\n return mapping;\n }\n needsAdminMapping = false;\n addRoles = autoIdRoles.filter((role) => {\n let add = false;\n if (!mapping.roles.includes(role)) {\n add = true;\n }\n return add;\n });\n const newMapping = mapping;\n newMapping.roles = newMapping.roles.concat(addRoles);\n return newMapping;\n });\n if (needsAdminMapping) {\n printMessage({\n message: `Creating static user mapping for AutoId client \"${name}\"...`,\n state,\n });\n mappings.push({\n subject: name,\n localUser: 'internal/user/idm-provisioning',\n userRoles: 'authzRoles/*',\n roles: autoIdRoles,\n });\n }\n authentication.rsFilter.staticUserMapping = mappings;\n if (addRoles.length > 0 || needsAdminMapping) {\n printMessage({\n message: `Adding required roles to static user mapping for AutoId client \"${name}\"...`,\n state,\n });\n try {\n await putConfigEntity({\n entityId: 'authentication',\n entityData: authentication,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n } else {\n printMessage({\n message: `Static user mapping for AutoId client \"${name}\" already has all required roles.`,\n state,\n });\n }\n}\n\nexport async function grantOAuth2ClientAdminPrivileges({\n clientId,\n state,\n}: {\n clientId: string;\n state: State;\n}) {\n let client = await getOAuth2Client({ clientId, state });\n if (client.coreOAuth2ClientConfig.clientName.value.length === 0) {\n client.coreOAuth2ClientConfig.clientName.value = [clientId];\n }\n if (\n client.advancedOAuth2ClientConfig.descriptions.value.length === 0 ||\n client.advancedOAuth2ClientConfig.descriptions.value[0].startsWith(\n 'Modified by Frodo'\n ) ||\n client.advancedOAuth2ClientConfig.descriptions.value[0].startsWith(\n 'Created by Frodo'\n )\n ) {\n client.advancedOAuth2ClientConfig.descriptions.value = [\n `Modified by Frodo on ${new Date().toLocaleString()}`,\n ];\n }\n client = await addAdminScopes({ clientId, client, state });\n client = addClientCredentialsGrantType({ clientId, client, state });\n await putOAuth2Client({ clientId, clientData: client, state });\n await addAdminStaticUserMapping({ name: clientId, state });\n}\n\nasync function removeAdminScopes({\n name,\n client,\n state,\n}: {\n name: string;\n client: OAuth2ClientSkeleton;\n state: State;\n}) {\n const modClient = client;\n const allAdminScopes = adminScopes.concat([\n await getDynamicClientRegistrationScope({ state }),\n ]);\n let finalScopes = [];\n if (\n modClient.coreOAuth2ClientConfig.scopes &&\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value\n ) {\n finalScopes = (\n modClient.coreOAuth2ClientConfig.scopes as WritableStrings\n ).value.filter((scope) => !allAdminScopes.includes(scope));\n }\n if (\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value.length >\n finalScopes.length\n ) {\n printMessage({\n message: `Removing admin scopes from client \"${name}\"...`,\n state,\n });\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value =\n finalScopes;\n } else {\n printMessage({ message: `Client \"${name}\" has no admin scopes.`, state });\n }\n let finalDefaultScopes = [];\n if (\n modClient.coreOAuth2ClientConfig.defaultScopes &&\n modClient.coreOAuth2ClientConfig.defaultScopes.value\n ) {\n finalDefaultScopes =\n modClient.coreOAuth2ClientConfig.defaultScopes.value.filter(\n (scope) => !adminDefaultScopes.includes(scope)\n );\n }\n if (\n modClient.coreOAuth2ClientConfig.defaultScopes.value.length >\n finalDefaultScopes.length\n ) {\n printMessage({\n message: `Removing admin default scopes from client \"${name}\"...`,\n state,\n });\n modClient.coreOAuth2ClientConfig.defaultScopes.value = finalDefaultScopes;\n } else {\n printMessage({\n message: `Client \"${name}\" has no admin default scopes.`,\n state,\n });\n }\n return modClient;\n}\n\nfunction removeClientCredentialsGrantType({\n clientId,\n client,\n state,\n}: {\n clientId: string;\n client: OAuth2ClientSkeleton;\n state: State;\n}) {\n const modClient = client;\n let modified = false;\n let finalGrantTypes = [];\n if (\n modClient.advancedOAuth2ClientConfig.grantTypes &&\n (modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings).value\n ) {\n finalGrantTypes = (\n modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings\n ).value.filter((grantType) => grantType !== 'client_credentials');\n modified =\n (modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings).value\n .length > finalGrantTypes.length;\n }\n if (modified) {\n printMessage({\n message: `Removing client credentials grant type from client \"${clientId}\"...`,\n state,\n });\n (modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings).value =\n finalGrantTypes;\n } else {\n printMessage({\n message: `Client \"${clientId}\" does not allow client credentials grant type.`,\n state,\n });\n }\n return modClient;\n}\n\nasync function removeAdminStaticUserMapping({\n name,\n state,\n}: {\n name: string;\n state: State;\n}) {\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n let finalRoles = [];\n let removeMapping = false;\n let modified = false;\n const mappings = authentication.rsFilter.staticUserMapping\n .map((mapping) => {\n // ignore mappings for other subjects\n if (mapping.subject !== name) {\n return mapping;\n }\n finalRoles = mapping.roles.filter((role) => !adminRoles.includes(role));\n const newMapping = mapping;\n removeMapping = finalRoles.length === 0; // if there are no more roles left on this mapping, flag it for removal\n modified = mapping.roles.length > finalRoles.length; // if there were roles removed, set modified flag\n newMapping.roles = finalRoles;\n return newMapping;\n })\n .filter((mapping) => mapping.subject !== name || !removeMapping);\n authentication.rsFilter.staticUserMapping = mappings;\n if (modified || removeMapping) {\n if (removeMapping) {\n printMessage({\n message: `Removing static user mapping for client \"${name}\"...`,\n state,\n });\n } else {\n printMessage({\n message: `Removing admin roles from static user mapping for client \"${name}\"...`,\n state,\n });\n }\n try {\n await putConfigEntity({\n entityId: 'authentication',\n entityData: authentication,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n } else {\n printMessage({\n message: `Static user mapping for client \"${name}\" has no admin roles.`,\n state,\n });\n }\n}\n\nexport async function revokeOAuth2ClientAdminPrivileges({\n clientId,\n state,\n}: {\n clientId: string;\n state: State;\n}) {\n let client = await getOAuth2Client({ clientId, state });\n if (client.coreOAuth2ClientConfig.clientName.value.length === 0) {\n client.coreOAuth2ClientConfig.clientName.value = [clientId];\n }\n if (\n client.advancedOAuth2ClientConfig.descriptions.value.length === 0 ||\n client.advancedOAuth2ClientConfig.descriptions.value[0].startsWith(\n 'Modified by Frodo'\n ) ||\n client.advancedOAuth2ClientConfig.descriptions.value[0].startsWith(\n 'Created by Frodo'\n )\n ) {\n client.advancedOAuth2ClientConfig.descriptions.value = [\n `Modified by Frodo on ${new Date().toLocaleString()}`,\n ];\n }\n client = await removeAdminScopes({ name: clientId, client, state });\n client = removeClientCredentialsGrantType({ clientId, client, state });\n await putOAuth2Client({ clientId, clientData: client, state });\n await removeAdminStaticUserMapping({ name: clientId, state });\n}\n\nexport async function createOAuth2ClientWithAdminPrivileges({\n clientId,\n clientSecret,\n state,\n}: {\n clientId: string;\n clientSecret: string;\n state: State;\n}) {\n let client = OAUTH2_CLIENT;\n client.coreOAuth2ClientConfig.userpassword = clientSecret;\n client.coreOAuth2ClientConfig.clientName.value = [clientId];\n client.advancedOAuth2ClientConfig.descriptions.value = [\n `Created by Frodo on ${new Date().toLocaleString()}`,\n ];\n try {\n client = await addAdminScopes({ clientId, client, state });\n await putOAuth2Client({ clientId, clientData: client, state });\n await addAdminStaticUserMapping({ name: clientId, state });\n } catch (error) {\n printMessage({\n message: `Error creating oauth2 client: ${error.message}`,\n state,\n type: 'error',\n });\n }\n}\n\nexport async function createLongLivedToken({\n clientId,\n clientSecret,\n scope,\n secret,\n lifetime,\n state,\n}: {\n clientId: string;\n clientSecret: string;\n scope: string;\n secret: string | boolean;\n lifetime: number;\n state: State;\n}) {\n // get oauth2 client\n const client = await getOAuth2Client({ clientId, state });\n client.userpassword = clientSecret;\n // remember current lifetime\n const rememberedLifetime =\n client.coreOAuth2ClientConfig.accessTokenLifetime.value || 3600;\n // set long token lifetime\n client.coreOAuth2ClientConfig.accessTokenLifetime.value = lifetime;\n await putOAuth2Client({ clientId, clientData: client, state });\n const response = await clientCredentialsGrant({\n amBaseUrl: state.getHost(),\n clientId,\n clientSecret,\n scope,\n state,\n });\n const expires = new Date().getTime() + 1000 * response.expires_in;\n response.expires_on = new Date(expires).toLocaleString();\n // reset token lifetime\n client.coreOAuth2ClientConfig.accessTokenLifetime.value = rememberedLifetime;\n await putOAuth2Client({ clientId, clientData: client, state });\n // create secret with token as value\n if (secret) {\n const description = 'Long-lived admin token';\n try {\n await putSecret({\n secretId: secret as string,\n value: response.access_token,\n description,\n state,\n });\n response.secret = secret;\n } catch (error) {\n if (\n _.get(error, 'response.data.code') === 400 &&\n _.get(error, 'response.data.message') ===\n 'Failed to create secret, the secret already exists'\n ) {\n const newSecret = `${secret}-${expires}`;\n printMessage({\n message: `esv '${secret}' already exists, using ${newSecret}`,\n type: 'warn',\n state,\n });\n await putSecret({\n secretId: newSecret,\n value: response.access_token,\n description,\n state,\n });\n response.secret = newSecret;\n }\n }\n delete response.access_token;\n }\n return response;\n}\n\nexport async function removeStaticUserMapping({\n subject,\n state,\n}: {\n subject: string;\n state: State;\n}) {\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n let removeMapping = false;\n const mappings = authentication.rsFilter.staticUserMapping.filter(\n (mapping) => {\n // find the subject and flag it\n if (mapping.subject === subject) {\n removeMapping = true;\n }\n // ignore mappings for other subjects\n return mapping.subject !== subject;\n }\n );\n authentication.rsFilter.staticUserMapping = mappings;\n if (removeMapping) {\n printMessage({\n message: `Removing static user mapping for subject \"${subject}\"...`,\n state,\n });\n try {\n await putConfigEntity({\n entityId: 'authentication',\n entityData: authentication,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n } else {\n printMessage({\n message: `No static user mapping for subject \"${subject}\" found.`,\n state,\n });\n }\n}\n\nexport async function hideGenericExtensionAttributes({\n includeCustomized,\n dryRun,\n state,\n}: {\n includeCustomized: boolean;\n dryRun: boolean;\n state: State;\n}) {\n const managed = await getConfigEntity({ entityId: 'managed', state });\n const propertyNames = Object.keys(GENERIC_EXTENSION_ATTRIBUTES);\n const updatedObjects = managed.objects.map((object) => {\n // ignore all other objects\n if (object.name !== getRealmManagedUser({ state })) {\n return object;\n }\n propertyNames.forEach((name) => {\n if (\n isEqualJson(\n GENERIC_EXTENSION_ATTRIBUTES[name],\n object.schema.properties[name],\n ['viewable', 'usageDescription']\n ) ||\n includeCustomized\n ) {\n if (object.schema.properties[name].viewable) {\n printMessage({ message: `${name}: hide`, state });\n // eslint-disable-next-line no-param-reassign\n object.schema.properties[name].viewable = false;\n } else {\n printMessage({ message: `${name}: ignore (already hidden)`, state });\n }\n } else {\n printMessage({ message: `${name}: skip (customized)`, state });\n }\n });\n return object;\n });\n managed.objects = updatedObjects;\n if (dryRun) {\n printMessage({ message: 'Dry-run only. Changes are not saved.', state });\n } else {\n try {\n await putConfigEntity({\n entityId: 'managed',\n entityData: managed,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n }\n}\n\nexport async function showGenericExtensionAttributes({\n includeCustomized,\n dryRun,\n state,\n}: {\n includeCustomized: boolean;\n dryRun: boolean;\n state: State;\n}) {\n const managed = await getConfigEntity({ entityId: 'managed', state });\n const propertyNames = Object.keys(GENERIC_EXTENSION_ATTRIBUTES);\n const updatedObjects = managed.objects.map((object) => {\n // ignore all other objects\n if (object.name !== getRealmManagedUser({ state })) {\n return object;\n }\n propertyNames.forEach((name) => {\n if (\n isEqualJson(\n GENERIC_EXTENSION_ATTRIBUTES[name],\n object.schema.properties[name],\n ['viewable', 'usageDescription']\n ) ||\n includeCustomized\n ) {\n if (!object.schema.properties[name].viewable) {\n printMessage({ message: `${name}: show`, state });\n // eslint-disable-next-line no-param-reassign\n object.schema.properties[name].viewable = true;\n } else {\n printMessage({ message: `${name}: ignore (already showing)`, state });\n }\n } else {\n printMessage({ message: `${name}: skip (customized)`, state });\n }\n });\n return object;\n });\n managed.objects = updatedObjects;\n if (dryRun) {\n printMessage({ message: 'Dry-run only. Changes are not saved.', state });\n } else {\n try {\n await putConfigEntity({\n entityId: 'managed',\n entityData: managed,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n }\n}\n\nasync function repairOrgModelUser({\n dryRun,\n state,\n}: {\n dryRun: boolean;\n state: State;\n}) {\n const managed = await getConfigEntity({ entityId: 'managed', state });\n const RDVPs = ['memberOfOrgIDs'];\n let repairData = false;\n const updatedObjects = managed.objects.map((object) => {\n // ignore all other objects\n if (object.name !== getRealmManagedUser({ state })) {\n return object;\n }\n printMessage({ message: `${object.name}: checking...`, state });\n RDVPs.forEach((name) => {\n if (!object.schema.properties[name].queryConfig.flattenProperties) {\n printMessage({\n message: `- ${name}: repairing - needs flattening`,\n type: 'warn',\n state,\n });\n // eslint-disable-next-line no-param-reassign\n object.schema.properties[name].queryConfig.flattenProperties = true;\n repairData = true;\n } else {\n printMessage({ message: `- ${name}: OK`, state });\n }\n });\n return object;\n });\n managed.objects = updatedObjects;\n if (!dryRun) {\n try {\n await putConfigEntity({\n entityId: 'managed',\n entityData: managed,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n }\n return repairData;\n}\n\nasync function repairOrgModelOrg({\n dryRun,\n state,\n}: {\n dryRun: boolean;\n state: State;\n}) {\n const managed = await getConfigEntity({ entityId: 'managed', state });\n const RDVPs = [\n 'adminIDs',\n 'ownerIDs',\n 'parentAdminIDs',\n 'parentOwnerIDs',\n 'parentIDs',\n ];\n let repairData = false;\n const updatedObjects = managed.objects.map((object) => {\n // ignore all other objects\n if (object.name !== getRealmManagedOrganization({ state })) {\n return object;\n }\n printMessage({ message: `${object.name}: checking...`, state });\n RDVPs.forEach((name) => {\n if (!object.schema.properties[name].queryConfig.flattenProperties) {\n printMessage({\n message: `- ${name}: repairing - needs flattening`,\n type: 'warn',\n state,\n });\n // eslint-disable-next-line no-param-reassign\n object.schema.properties[name].queryConfig.flattenProperties = true;\n repairData = true;\n } else {\n printMessage({ message: `- ${name}: OK`, state });\n }\n });\n return object;\n });\n managed.objects = updatedObjects;\n if (!dryRun) {\n try {\n await putConfigEntity({\n entityId: 'managed',\n entityData: managed,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n }\n return repairData;\n}\n\nasync function repairOrgModelData(dryRun = false) {\n if (!dryRun) {\n // const rootOrgs = await findRootOrganizations();\n }\n}\n\nasync function extendOrgModelPermissins(dryRun = false) {\n if (!dryRun) {\n // const rootOrgs = await findRootOrganizations();\n }\n}\n\nexport async function repairOrgModel({\n excludeCustomized,\n extendPermissions,\n dryRun,\n state,\n}: {\n excludeCustomized: boolean;\n extendPermissions: boolean;\n dryRun: boolean;\n state: State;\n}) {\n let repairData = false;\n repairData = repairData || (await repairOrgModelUser({ dryRun, state }));\n repairData = repairData || (await repairOrgModelOrg({ dryRun, state }));\n if (excludeCustomized) {\n //\n }\n if (repairData) {\n await repairOrgModelData(dryRun);\n }\n if (extendPermissions) {\n await extendOrgModelPermissins(dryRun);\n }\n if (dryRun) {\n printMessage({\n message: 'Dry-run only. Changes are not saved.',\n type: 'warn',\n state,\n });\n }\n}\n\n// suggested by John K.\n// export async function removeRealmNameFromManagedObjectLabels() {}\n// export async function addRealmNameToManagedObjectLabels() {}\n// export async function cleanUpPostmanArtifacts() {}\n// export async function createSampleThemes() {}\n"],"mappings":"AAAA,OAAOA,EAAE,MAAM,IAAI;AACnB,OAAOC,CAAC,MAAM,QAAQ;AAAC,SAErBC,gBAAgB,EAChBC,eAAe,EACfC,eAAe;AAAA,SAERC,eAAe,EAAEC,eAAe;AAAA,SAChCC,WAAW,EAAEC,mBAAmB;AAAA,SAChCC,2BAA2B;AAAA,SAC3BC,iBAAiB;AAAA,SACjBC,SAAS;AAAA,SACTC,sBAAsB;AAAA,SACtBC,YAAY;AACrB,OAAOC,IAAI,MAAM,MAAM;AACvB,SAASC,aAAa,QAAQ,KAAK;AAQnC,gBAAgBC,KAAY,IAAK;EAC/B,OAAO;IACL;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACI,MAAMC,uBAAuBA,CAAA,EAAG;MAC9B,OAAOA,uBAAuB,CAAC;QAAED;MAAM,CAAC,CAAC;IAC3C,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACI,MAAME,sBAAsBA,CAAA,EAAG;MAC7B,OAAOA,sBAAsB,CAAC;QAAEF;MAAM,CAAC,CAAC;IAC1C,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACI,MAAMG,oCAAoCA,CAACC,aAAsB,EAAE;MACjE,OAAOD,oCAAoC,CAAC;QAC1CC,aAAa;QACbJ;MACF,CAAC,CAAC;IACJ,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACI,MAAMK,0BAA0BA,CAAA,EAAG;MACjC,OAAOA,0BAA0B,CAAC;QAAEL;MAAM,CAAC,CAAC;IAC9C,CAAC;IAED,MAAMM,gCAAgCA,CAACC,QAAgB,EAAE;MACvD,OAAOD,gCAAgC,CAAC;QAAEC,QAAQ;QAAEP;MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,MAAMQ,iCAAiCA,CAACD,QAAgB,EAAE;MACxD,OAAOC,iCAAiC,CAAC;QAAED,QAAQ;QAAEP;MAAM,CAAC,CAAC;IAC/D,CAAC;IAED,MAAMS,qCAAqCA,CACzCF,QAAgB,EAChBG,YAAoB,EACpB;MACA,OAAOD,qCAAqC,CAAC;QAC3CF,QAAQ;QACRG,YAAY;QACZV;MACF,CAAC,CAAC;IACJ,CAAC;IAED,MAAMW,oBAAoBA,CACxBJ,QAAgB,EAChBG,YAAoB,EACpBE,KAAa,EACbC,MAAwB,EACxBC,QAAgB,EAChB;MACA,OAAOH,oBAAoB,CAAC;QAC1BJ,QAAQ;QACRG,YAAY;QACZE,KAAK;QACLC,MAAM;QACNC,QAAQ;QACRd;MACF,CAAC,CAAC;IACJ,CAAC;IAED,MAAMe,uBAAuBA,CAACC,OAAe,EAAE;MAC7C,OAAOD,uBAAuB,CAAC;QAAEC,OAAO;QAAEhB;MAAM,CAAC,CAAC;IACpD,CAAC;IAED,MAAMiB,8BAA8BA,CAClCC,iBAA0B,EAC1BC,MAAe,EACf;MACA,OAAOF,8BAA8B,CAAC;QACpCC,iBAAiB;QACjBC,MAAM;QACNnB;MACF,CAAC,CAAC;IACJ,CAAC;IAED,MAAMoB,8BAA8BA,CAClCF,iBAA0B,EAC1BC,MAAe,EACf;MACA,OAAOC,8BAA8B,CAAC;QACpCF,iBAAiB;QACjBC,MAAM;QACNnB;MACF,CAAC,CAAC;IACJ,CAAC;IAED,MAAMqB,cAAcA,CAClBC,iBAA0B,EAC1BC,iBAA0B,EAC1BJ,MAAe,EACf;MACA,OAAOE,cAAc,CAAC;QACpBC,iBAAiB;QACjBC,iBAAiB;QACjBJ,MAAM;QACNnB;MACF,CAAC,CAAC;IACJ;EACF,CAAC;AACH,CAAC;AAED,MAAMwB,SAAS,GAAG1B,IAAI,CAAC2B,OAAO,CAAC1B,aAAa,CAAC2B,MAAM,CAACC,IAAI,CAACC,GAAG,CAAC,CAAC;AAE9D,MAAMC,aAAa,GAAGC,IAAI,CAACC,KAAK,CAC9B/C,EAAE,CAACgD,YAAY,CACblC,IAAI,CAACmC,OAAO,CAACT,SAAS,EAAE,uCAAuC,CAAC,EAChE,MACF,CACF,CAAC;AACD,MAAMU,4BAA4B,GAAGJ,IAAI,CAACC,KAAK,CAC7C/C,EAAE,CAACgD,YAAY,CACblC,IAAI,CAACmC,OAAO,CACVT,SAAS,EACT,2DACF,CAAC,EACD,MACF,CACF,CAAC;AAED,MAAMW,gBAAgB,GAAG,CAAC,IAAI,EAAE,kBAAkB,CAAC;AACnD,MAAMC,iBAAiB,GAAG,CAAC,SAAS,EAAE,wBAAwB,CAAC;AAE/D,MAAMC,gBAAgB,GAAG,CACvB,0BAA0B,EAC1B,UAAU,EACV,cAAc,CACf;AACD;AACA,MAAMC,eAAe,GAAG,CACtB,kCAAkC,EAClC,6BAA6B,CAC9B;AAED,MAAMC,WAAW,GAAG,CAAC,UAAU,EAAE,cAAc,CAAC;AAChD,MAAMC,kBAAkB,GAAG,CAAC,UAAU,CAAC;AACvC,MAAMC,UAAU,GAAG,CACjB,kCAAkC,EAClC,6BAA6B,CAC9B;AACD,MAAMC,WAAW,GAAG,CAClB,qCAAqC,EACrC,kCAAkC,EAClC,6BAA6B,CAC9B;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAezC,uBAAuBA,CAAC;EAAED;AAAwB,CAAC,EAAE;EACzE,MAAM2C,OAAO,GAAG,MAAMzD,gBAAgB,CAAC;IAAEc;EAAM,CAAC,CAAC;EACjD,MAAM4C,SAAS,GAAGD,OAAO,CACtBE,GAAG,CAAEC,MAAM,IAAKA,MAAM,CAACC,GAAG,CAAC,CAC3BC,MAAM,CAAEF,MAAM,IAAK,CAACX,gBAAgB,CAACc,QAAQ,CAACH,MAAM,CAAC,CAAC;EACzD,MAAMI,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,MAAMoD,QAAQ,GAAGF,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CACvDT,GAAG,CAAEU,OAAO,IAAKA,OAAO,CAACvC,OAAO,CAAC,CACjCgC,MAAM,CAAEhC,OAAO,IAAK,CAACoB,iBAAiB,CAACa,QAAQ,CAACjC,OAAO,CAAC,CAAC;EAC5D,MAAMwC,YAAY,GAAGJ,QAAQ,CAACJ,MAAM,CAAEhC,OAAO,IAC3C4B,SAAS,CAACK,QAAQ,CAACjC,OAAO,CAC5B,CAAC;EACD,OAAOwC,YAAY;AACrB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAetD,sBAAsBA,CAAC;EAAEF;AAAwB,CAAC,EAAE;EACxE,MAAM2C,OAAO,GAAG,MAAMzD,gBAAgB,CAAC;IAAEc;EAAM,CAAC,CAAC;EACjD,MAAM4C,SAAS,GAAGD,OAAO,CACtBK,MAAM,CAAEF,MAAM,IAAK;IAClB;IACA,IAAIW,YAAY,GAAG,KAAK;IACxB,IAAIX,MAAM,CAACY,sBAAsB,CAACC,MAAM,EAAE;MACvCb,MAAM,CAACY,sBAAsB,CAACC,MAAM,CAAqBC,OAAO,CAC9DhD,KAAK,IAAK;QACT,IAAIyB,gBAAgB,CAACY,QAAQ,CAACrC,KAAK,CAAC,EAAE;UACpC6C,YAAY,GAAG,IAAI;QACrB;MACF,CACF,CAAC;IACH;IACA,OAAOA,YAAY;EACrB,CAAC,CAAC,CACDZ,GAAG,CAAEC,MAAM,IAAKA,MAAM,CAACC,GAAG,CAAC,CAC3BC,MAAM,CAAEzC,QAAQ,IAAK,CAAC4B,gBAAgB,CAACc,QAAQ,CAAC1C,QAAQ,CAAC,CAAC;EAC7D,MAAM2C,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,MAAMoD,QAAQ,GAAGF,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CACvDN,MAAM,CAAEO,OAAO,IAAK;IACnB,IAAIE,YAAY,GAAG,KAAK;IACxB,IAAIF,OAAO,CAACM,KAAK,EAAE;MACjBN,OAAO,CAACM,KAAK,CAACD,OAAO,CAAEE,IAAI,IAAK;QAC9B,IAAIxB,eAAe,CAACW,QAAQ,CAACa,IAAI,CAAC,EAAE;UAClCL,YAAY,GAAG,IAAI;QACrB;MACF,CAAC,CAAC;IACJ;IACA,OAAOA,YAAY;EACrB,CAAC,CAAC,CACDZ,GAAG,CAAEU,OAAO,IAAKA,OAAO,CAACvC,OAAO,CAAC,CACjCgC,MAAM,CAAEhC,OAAO,IAAK,CAACoB,iBAAiB,CAACa,QAAQ,CAACjC,OAAO,CAAC,CAAC;EAC5D,MAAMwC,YAAY,GAAGJ,QAAQ,CAACJ,MAAM,CAAEhC,OAAO,IAC3C4B,SAAS,CAACK,QAAQ,CAACjC,OAAO,CAC5B,CAAC;EACD,OAAOwC,YAAY;AACrB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAerD,oCAAoCA,CAAC;EACzDC,aAAa;EACbJ;AAIF,CAAC,EAAE;EACD,MAAM2C,OAAO,GAAG,MAAMzD,gBAAgB,CAAC;IAAEc;EAAM,CAAC,CAAC;EACjD,MAAM4C,SAAS,GAAGD,OAAO,CACtBE,GAAG,CAAEC,MAAM,IAAKA,MAAM,CAACC,GAAG,CAAC,CAC3BC,MAAM,CAAEF,MAAM,IAAK,CAACX,gBAAgB,CAACc,QAAQ,CAACH,MAAM,CAAC,CAAC;EACzD,MAAMI,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,IAAIoD,QAAQ,GAAGF,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CACrDN,MAAM,CAAEO,OAAO,IAAK;IACnB,IAAIE,YAAY,GAAG,KAAK;IACxB,IAAIF,OAAO,CAACM,KAAK,EAAE;MACjBN,OAAO,CAACM,KAAK,CAACD,OAAO,CAAEE,IAAI,IAAK;QAC9B,IAAIxB,eAAe,CAACW,QAAQ,CAACa,IAAI,CAAC,EAAE;UAClCL,YAAY,GAAG,IAAI;QACrB;MACF,CAAC,CAAC;IACJ;IACA,OAAOA,YAAY;EACrB,CAAC,CAAC,CACDZ,GAAG,CAAEU,OAAO,IAAKA,OAAO,CAACvC,OAAO,CAAC;EACpC,IAAI,CAACZ,aAAa,EAAE;IAClBgD,QAAQ,GAAGA,QAAQ,CAACJ,MAAM,CACvBhC,OAAO,IAAK,CAACoB,iBAAiB,CAACa,QAAQ,CAACjC,OAAO,CAClD,CAAC;EACH;EACA,MAAM+C,aAAa,GAAGX,QAAQ,CAACJ,MAAM,CAClChC,OAAO,IAAK,CAAC4B,SAAS,CAACK,QAAQ,CAACjC,OAAO,CAC1C,CAAC;EACD,OAAO+C,aAAa;AACtB;AAEA,eAAeC,iCAAiCA,CAAC;EAAEhE;AAAwB,CAAC,EAAE;EAC5E,MAAMiE,QAAQ,GAAG,MAAMvE,iBAAiB,CAAC;IAAEM;EAAM,CAAC,CAAC;EACnD,OAAOiE,QAAQ,CAACC,+BAA+B,CAC5CC,8BAA8B;AACnC;AAEA,eAAeC,cAAcA,CAAC;EAC5B7D,QAAQ;EACRuC,MAAM;EACN9C;AAKF,CAAC,EAAE;EACD,MAAMqE,SAAS,GAAGvB,MAAM;EACxB,MAAMwB,cAAc,GAAG/B,WAAW,CAACgC,MAAM,CAAC,CACxC,MAAMP,iCAAiC,CAAC;IAAEhE;EAAM,CAAC,CAAC,CACnD,CAAC;EACF,IAAIwE,SAAS,GAAG,EAAE;EAClB,IACEH,SAAS,CAACX,sBAAsB,CAACC,MAAM,IACtCU,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,EAClE;IACAD,SAAS,GAAGF,cAAc,CAACtB,MAAM,CAAEpC,KAAK,IAAK;MAC3C,IAAI8D,GAAG,GAAG,KAAK;MACf,IACE,CACEL,SAAS,CAACX,sBAAsB,CAACC,MAAM,CACvCc,KAAK,CAACxB,QAAQ,CAACrC,KAAK,CAAC,EACvB;QACA8D,GAAG,GAAG,IAAI;MACZ;MACA,OAAOA,GAAG;IACZ,CAAC,CAAC;IACDL,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,GAChEJ,SAAS,CAACX,sBAAsB,CAACC,MAAM,CACvCc,KAAK,CAACF,MAAM,CAACC,SAAS,CAAC;EAC3B,CAAC,MAAM;IACJH,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,GAChEH,cAAc;EAClB;EACA,IAAIK,eAAe,GAAG,KAAK;EAC3B,IACEN,SAAS,CAACX,sBAAsB,CAACkB,aAAa,IAC9CP,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,EACpD;IACA,IAAIJ,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,CAACI,MAAM,KAAK,CAAC,EAAE;MACrEF,eAAe,GAAG,IAAI;MACtBN,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,GAAGjC,kBAAkB;IAC3E,CAAC,MAAM;MACL3C,YAAY,CAAC;QACXiF,OAAO,EAAG,WAAUvE,QAAS,0EAAyE;QACtGP;MACF,CAAC,CAAC;IACJ;EACF;EACA,IAAIwE,SAAS,CAACK,MAAM,GAAG,CAAC,IAAIF,eAAe,EAAE;IAC3C9E,YAAY,CAAC;MACXiF,OAAO,EAAG,kCAAiCvE,QAAS,MAAK;MACzDP;IACF,CAAC,CAAC;EACJ,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,WAAUvE,QAAS,6BAA4B;MACzDP;IACF,CAAC,CAAC;EACJ;EACA,OAAOqE,SAAS;AAClB;AAEA,SAASU,6BAA6BA,CAAC;EACrCxE,QAAQ;EACRuC,MAAM;EACN9C;AAKF,CAAC,EAAE;EACD,MAAMqE,SAAS,GAAGvB,MAAM;EACxB,IAAIkC,QAAQ,GAAG,KAAK;EACpB,IACEX,SAAS,CAACY,0BAA0B,CAACC,UAAU,IAC9Cb,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAAqBT,KAAK,EAC1E;IACA,IACE,CACEJ,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAC/CT,KAAK,CAACxB,QAAQ,CAAC,oBAAoB,CAAC,EACtC;MACA+B,QAAQ,GAAG,IAAI;MAEbX,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAC/CT,KAAK,CAACU,IAAI,CAAC,oBAAoB,CAAC;IACpC;EACF,CAAC,MAAM;IACJd,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAAqBT,KAAK,GACxE,CAAC,oBAAoB,CAAC;EAC1B;EAEEJ,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAC/CE,SAAS,GAAG,KAAK;EACnB,IAAIJ,QAAQ,EAAE;IACZnF,YAAY,CAAC;MACXiF,OAAO,EAAG,mDAAkDvE,QAAS,MAAK;MAC1EP;IACF,CAAC,CAAC;EACJ,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,WAAUvE,QAAS,8CAA6C;MAC1EP;IACF,CAAC,CAAC;EACJ;EACA,OAAOqE,SAAS;AAClB;AAEA,eAAegB,yBAAyBA,CAAC;EACvCC,IAAI;EACJtF;AAIF,CAAC,EAAE;EACD,IAAIkD,cAAc,GAAG,CAAC,CAAC;EACvB,IAAI;IACFA,cAAc,GAAG,MAAM7D,eAAe,CAAC;MACrC8D,QAAQ,EAAE,gBAAgB;MAC1BnD;IACF,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOuF,KAAK,EAAE;IACd1F,YAAY,CAAC;MACXiF,OAAO,EAAG,mDAAkDS,KAAK,CAACT,OAAQ,EAAC;MAC3EU,IAAI,EAAE,OAAO;MACbxF;IACF,CAAC,CAAC;EACJ;EACA,IAAIyF,iBAAiB,GAAG,IAAI;EAC5B,IAAIC,QAAQ,GAAG,EAAE;EACjB,MAAMC,QAAQ,GAAGzC,cAAc,CAAC,UAAU,CAAC,CAAC,mBAAmB,CAAC,CAACL,GAAG,CACjEU,OAAO,IAAK;IACX;IACA,IAAIA,OAAO,CAACvC,OAAO,KAAKsE,IAAI,EAAE;MAC5B,OAAO/B,OAAO;IAChB;IACAkC,iBAAiB,GAAG,KAAK;IACzBC,QAAQ,GAAGjD,UAAU,CAACO,MAAM,CAAEc,IAAI,IAAK;MACrC,IAAIY,GAAG,GAAG,KAAK;MACf,IAAI,CAACnB,OAAO,CAACM,KAAK,CAACZ,QAAQ,CAACa,IAAI,CAAC,EAAE;QACjCY,GAAG,GAAG,IAAI;MACZ;MACA,OAAOA,GAAG;IACZ,CAAC,CAAC;IACF,MAAMkB,UAAU,GAAGrC,OAAO;IAC1BqC,UAAU,CAAC/B,KAAK,GAAG+B,UAAU,CAAC/B,KAAK,CAACU,MAAM,CAACmB,QAAQ,CAAC;IACpD,OAAOE,UAAU;EACnB,CACF,CAAC;EACD,IAAIH,iBAAiB,EAAE;IACrB5F,YAAY,CAAC;MACXiF,OAAO,EAAG,4CAA2CQ,IAAK,MAAK;MAC/DtF;IACF,CAAC,CAAC;IACF2F,QAAQ,CAACR,IAAI,CAAC;MACZnE,OAAO,EAAEsE,IAAI;MACbO,SAAS,EAAE,6BAA6B;MACxCC,SAAS,EAAE,cAAc;MACzBjC,KAAK,EAAEpB;IACT,CAAC,CAAC;EACJ;EACAS,cAAc,CAAC,UAAU,CAAC,CAAC,mBAAmB,CAAC,GAAGyC,QAAQ;EAC1D,IAAID,QAAQ,CAACb,MAAM,GAAG,CAAC,IAAIY,iBAAiB,EAAE;IAC5C5F,YAAY,CAAC;MACXiF,OAAO,EAAG,yDAAwDQ,IAAK,MAAK;MAC5EtF;IACF,CAAC,CAAC;IACF,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,gBAAgB;QAC1B4C,UAAU,EAAE7C,cAAc;QAC1BlD;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,mCAAkCQ,IAAK,4BAA2B;MAC5EtF;IACF,CAAC,CAAC;EACJ;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeK,0BAA0BA,CAAC;EAAEL;AAAwB,CAAC,EAAE;EAC5E,MAAMsF,IAAI,GAAG,wBAAwB;EACrC,MAAMpC,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,IAAIyF,iBAAiB,GAAG,IAAI;EAC5B,IAAIC,QAAQ,GAAG,EAAE;EACjB,MAAMC,QAAQ,GAAGzC,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CAACT,GAAG,CAAEU,OAAO,IAAK;IAC1E;IACA,IAAIA,OAAO,CAACvC,OAAO,KAAKsE,IAAI,EAAE;MAC5B,OAAO/B,OAAO;IAChB;IACAkC,iBAAiB,GAAG,KAAK;IACzBC,QAAQ,GAAGhD,WAAW,CAACM,MAAM,CAAEc,IAAI,IAAK;MACtC,IAAIY,GAAG,GAAG,KAAK;MACf,IAAI,CAACnB,OAAO,CAACM,KAAK,CAACZ,QAAQ,CAACa,IAAI,CAAC,EAAE;QACjCY,GAAG,GAAG,IAAI;MACZ;MACA,OAAOA,GAAG;IACZ,CAAC,CAAC;IACF,MAAMkB,UAAU,GAAGrC,OAAO;IAC1BqC,UAAU,CAAC/B,KAAK,GAAG+B,UAAU,CAAC/B,KAAK,CAACU,MAAM,CAACmB,QAAQ,CAAC;IACpD,OAAOE,UAAU;EACnB,CAAC,CAAC;EACF,IAAIH,iBAAiB,EAAE;IACrB5F,YAAY,CAAC;MACXiF,OAAO,EAAG,mDAAkDQ,IAAK,MAAK;MACtEtF;IACF,CAAC,CAAC;IACF2F,QAAQ,CAACR,IAAI,CAAC;MACZnE,OAAO,EAAEsE,IAAI;MACbO,SAAS,EAAE,gCAAgC;MAC3CC,SAAS,EAAE,cAAc;MACzBjC,KAAK,EAAEnB;IACT,CAAC,CAAC;EACJ;EACAQ,cAAc,CAACG,QAAQ,CAACC,iBAAiB,GAAGqC,QAAQ;EACpD,IAAID,QAAQ,CAACb,MAAM,GAAG,CAAC,IAAIY,iBAAiB,EAAE;IAC5C5F,YAAY,CAAC;MACXiF,OAAO,EAAG,mEAAkEQ,IAAK,MAAK;MACtFtF;IACF,CAAC,CAAC;IACF,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,gBAAgB;QAC1B4C,UAAU,EAAE7C,cAAc;QAC1BlD;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,0CAAyCQ,IAAK,mCAAkC;MAC1FtF;IACF,CAAC,CAAC;EACJ;AACF;AAEA,OAAO,eAAeM,gCAAgCA,CAAC;EACrDC,QAAQ;EACRP;AAIF,CAAC,EAAE;EACD,IAAI8C,MAAM,GAAG,MAAM3D,eAAe,CAAC;IAAEoB,QAAQ;IAAEP;EAAM,CAAC,CAAC;EACvD,IAAI8C,MAAM,CAACY,sBAAsB,CAACuC,UAAU,CAACxB,KAAK,CAACI,MAAM,KAAK,CAAC,EAAE;IAC/D/B,MAAM,CAACY,sBAAsB,CAACuC,UAAU,CAACxB,KAAK,GAAG,CAAClE,QAAQ,CAAC;EAC7D;EACA,IACEuC,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAACI,MAAM,KAAK,CAAC,IACjE/B,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAAC,CAAC,CAAC,CAAC0B,UAAU,CAChE,mBACF,CAAC,IACDrD,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAAC,CAAC,CAAC,CAAC0B,UAAU,CAChE,kBACF,CAAC,EACD;IACArD,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,GAAG,CACpD,wBAAuB,IAAI2B,IAAI,CAAC,CAAC,CAACC,cAAc,CAAC,CAAE,EAAC,CACtD;EACH;EACAvD,MAAM,GAAG,MAAMsB,cAAc,CAAC;IAAE7D,QAAQ;IAAEuC,MAAM;IAAE9C;EAAM,CAAC,CAAC;EAC1D8C,MAAM,GAAGiC,6BAA6B,CAAC;IAAExE,QAAQ;IAAEuC,MAAM;IAAE9C;EAAM,CAAC,CAAC;EACnE,MAAMZ,eAAe,CAAC;IAAEmB,QAAQ;IAAE+F,UAAU,EAAExD,MAAM;IAAE9C;EAAM,CAAC,CAAC;EAC9D,MAAMqF,yBAAyB,CAAC;IAAEC,IAAI,EAAE/E,QAAQ;IAAEP;EAAM,CAAC,CAAC;AAC5D;AAEA,eAAeuG,iBAAiBA,CAAC;EAC/BjB,IAAI;EACJxC,MAAM;EACN9C;AAKF,CAAC,EAAE;EACD,MAAMqE,SAAS,GAAGvB,MAAM;EACxB,MAAMwB,cAAc,GAAG/B,WAAW,CAACgC,MAAM,CAAC,CACxC,MAAMP,iCAAiC,CAAC;IAAEhE;EAAM,CAAC,CAAC,CACnD,CAAC;EACF,IAAIwG,WAAW,GAAG,EAAE;EACpB,IACEnC,SAAS,CAACX,sBAAsB,CAACC,MAAM,IACtCU,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,EAClE;IACA+B,WAAW,GACTnC,SAAS,CAACX,sBAAsB,CAACC,MAAM,CACvCc,KAAK,CAACzB,MAAM,CAAEpC,KAAK,IAAK,CAAC0D,cAAc,CAACrB,QAAQ,CAACrC,KAAK,CAAC,CAAC;EAC5D;EACA,IACGyD,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,CAACI,MAAM,GACzE2B,WAAW,CAAC3B,MAAM,EAClB;IACAhF,YAAY,CAAC;MACXiF,OAAO,EAAG,sCAAqCQ,IAAK,MAAK;MACzDtF;IACF,CAAC,CAAC;IACDqE,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,GAChE+B,WAAW;EACf,CAAC,MAAM;IACL3G,YAAY,CAAC;MAAEiF,OAAO,EAAG,WAAUQ,IAAK,wBAAuB;MAAEtF;IAAM,CAAC,CAAC;EAC3E;EACA,IAAIyG,kBAAkB,GAAG,EAAE;EAC3B,IACEpC,SAAS,CAACX,sBAAsB,CAACkB,aAAa,IAC9CP,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,EACpD;IACAgC,kBAAkB,GAChBpC,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,CAACzB,MAAM,CACxDpC,KAAK,IAAK,CAAC4B,kBAAkB,CAACS,QAAQ,CAACrC,KAAK,CAC/C,CAAC;EACL;EACA,IACEyD,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,CAACI,MAAM,GAC3D4B,kBAAkB,CAAC5B,MAAM,EACzB;IACAhF,YAAY,CAAC;MACXiF,OAAO,EAAG,8CAA6CQ,IAAK,MAAK;MACjEtF;IACF,CAAC,CAAC;IACFqE,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,GAAGgC,kBAAkB;EAC3E,CAAC,MAAM;IACL5G,YAAY,CAAC;MACXiF,OAAO,EAAG,WAAUQ,IAAK,gCAA+B;MACxDtF;IACF,CAAC,CAAC;EACJ;EACA,OAAOqE,SAAS;AAClB;AAEA,SAASqC,gCAAgCA,CAAC;EACxCnG,QAAQ;EACRuC,MAAM;EACN9C;AAKF,CAAC,EAAE;EACD,MAAMqE,SAAS,GAAGvB,MAAM;EACxB,IAAIkC,QAAQ,GAAG,KAAK;EACpB,IAAI2B,eAAe,GAAG,EAAE;EACxB,IACEtC,SAAS,CAACY,0BAA0B,CAACC,UAAU,IAC9Cb,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAAqBT,KAAK,EAC1E;IACAkC,eAAe,GACbtC,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAC/CT,KAAK,CAACzB,MAAM,CAAE4D,SAAS,IAAKA,SAAS,KAAK,oBAAoB,CAAC;IACjE5B,QAAQ,GACLX,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAAqBT,KAAK,CACvEI,MAAM,GAAG8B,eAAe,CAAC9B,MAAM;EACtC;EACA,IAAIG,QAAQ,EAAE;IACZnF,YAAY,CAAC;MACXiF,OAAO,EAAG,uDAAsDvE,QAAS,MAAK;MAC9EP;IACF,CAAC,CAAC;IACDqE,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAAqBT,KAAK,GACxEkC,eAAe;EACnB,CAAC,MAAM;IACL9G,YAAY,CAAC;MACXiF,OAAO,EAAG,WAAUvE,QAAS,iDAAgD;MAC7EP;IACF,CAAC,CAAC;EACJ;EACA,OAAOqE,SAAS;AAClB;AAEA,eAAewC,4BAA4BA,CAAC;EAC1CvB,IAAI;EACJtF;AAIF,CAAC,EAAE;EACD,MAAMkD,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,IAAI8G,UAAU,GAAG,EAAE;EACnB,IAAIC,aAAa,GAAG,KAAK;EACzB,IAAI/B,QAAQ,GAAG,KAAK;EACpB,MAAMW,QAAQ,GAAGzC,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CACvDT,GAAG,CAAEU,OAAO,IAAK;IAChB;IACA,IAAIA,OAAO,CAACvC,OAAO,KAAKsE,IAAI,EAAE;MAC5B,OAAO/B,OAAO;IAChB;IACAuD,UAAU,GAAGvD,OAAO,CAACM,KAAK,CAACb,MAAM,CAAEc,IAAI,IAAK,CAACrB,UAAU,CAACQ,QAAQ,CAACa,IAAI,CAAC,CAAC;IACvE,MAAM8B,UAAU,GAAGrC,OAAO;IAC1BwD,aAAa,GAAGD,UAAU,CAACjC,MAAM,KAAK,CAAC,CAAC,CAAC;IACzCG,QAAQ,GAAGzB,OAAO,CAACM,KAAK,CAACgB,MAAM,GAAGiC,UAAU,CAACjC,MAAM,CAAC,CAAC;IACrDe,UAAU,CAAC/B,KAAK,GAAGiD,UAAU;IAC7B,OAAOlB,UAAU;EACnB,CAAC,CAAC,CACD5C,MAAM,CAAEO,OAAO,IAAKA,OAAO,CAACvC,OAAO,KAAKsE,IAAI,IAAI,CAACyB,aAAa,CAAC;EAClE7D,cAAc,CAACG,QAAQ,CAACC,iBAAiB,GAAGqC,QAAQ;EACpD,IAAIX,QAAQ,IAAI+B,aAAa,EAAE;IAC7B,IAAIA,aAAa,EAAE;MACjBlH,YAAY,CAAC;QACXiF,OAAO,EAAG,4CAA2CQ,IAAK,MAAK;QAC/DtF;MACF,CAAC,CAAC;IACJ,CAAC,MAAM;MACLH,YAAY,CAAC;QACXiF,OAAO,EAAG,6DAA4DQ,IAAK,MAAK;QAChFtF;MACF,CAAC,CAAC;IACJ;IACA,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,gBAAgB;QAC1B4C,UAAU,EAAE7C,cAAc;QAC1BlD;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,mCAAkCQ,IAAK,uBAAsB;MACvEtF;IACF,CAAC,CAAC;EACJ;AACF;AAEA,OAAO,eAAeQ,iCAAiCA,CAAC;EACtDD,QAAQ;EACRP;AAIF,CAAC,EAAE;EACD,IAAI8C,MAAM,GAAG,MAAM3D,eAAe,CAAC;IAAEoB,QAAQ;IAAEP;EAAM,CAAC,CAAC;EACvD,IAAI8C,MAAM,CAACY,sBAAsB,CAACuC,UAAU,CAACxB,KAAK,CAACI,MAAM,KAAK,CAAC,EAAE;IAC/D/B,MAAM,CAACY,sBAAsB,CAACuC,UAAU,CAACxB,KAAK,GAAG,CAAClE,QAAQ,CAAC;EAC7D;EACA,IACEuC,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAACI,MAAM,KAAK,CAAC,IACjE/B,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAAC,CAAC,CAAC,CAAC0B,UAAU,CAChE,mBACF,CAAC,IACDrD,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAAC,CAAC,CAAC,CAAC0B,UAAU,CAChE,kBACF,CAAC,EACD;IACArD,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,GAAG,CACpD,wBAAuB,IAAI2B,IAAI,CAAC,CAAC,CAACC,cAAc,CAAC,CAAE,EAAC,CACtD;EACH;EACAvD,MAAM,GAAG,MAAMyD,iBAAiB,CAAC;IAAEjB,IAAI,EAAE/E,QAAQ;IAAEuC,MAAM;IAAE9C;EAAM,CAAC,CAAC;EACnE8C,MAAM,GAAG4D,gCAAgC,CAAC;IAAEnG,QAAQ;IAAEuC,MAAM;IAAE9C;EAAM,CAAC,CAAC;EACtE,MAAMZ,eAAe,CAAC;IAAEmB,QAAQ;IAAE+F,UAAU,EAAExD,MAAM;IAAE9C;EAAM,CAAC,CAAC;EAC9D,MAAM6G,4BAA4B,CAAC;IAAEvB,IAAI,EAAE/E,QAAQ;IAAEP;EAAM,CAAC,CAAC;AAC/D;AAEA,OAAO,eAAeS,qCAAqCA,CAAC;EAC1DF,QAAQ;EACRG,YAAY;EACZV;AAKF,CAAC,EAAE;EACD,IAAI8C,MAAM,GAAGjB,aAAa;EAC1BiB,MAAM,CAACY,sBAAsB,CAACsD,YAAY,GAAGtG,YAAY;EACzDoC,MAAM,CAACY,sBAAsB,CAACuC,UAAU,CAACxB,KAAK,GAAG,CAAClE,QAAQ,CAAC;EAC3DuC,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,GAAG,CACpD,uBAAsB,IAAI2B,IAAI,CAAC,CAAC,CAACC,cAAc,CAAC,CAAE,EAAC,CACrD;EACD,IAAI;IACFvD,MAAM,GAAG,MAAMsB,cAAc,CAAC;MAAE7D,QAAQ;MAAEuC,MAAM;MAAE9C;IAAM,CAAC,CAAC;IAC1D,MAAMZ,eAAe,CAAC;MAAEmB,QAAQ;MAAE+F,UAAU,EAAExD,MAAM;MAAE9C;IAAM,CAAC,CAAC;IAC9D,MAAMqF,yBAAyB,CAAC;MAAEC,IAAI,EAAE/E,QAAQ;MAAEP;IAAM,CAAC,CAAC;EAC5D,CAAC,CAAC,OAAOuF,KAAK,EAAE;IACd1F,YAAY,CAAC;MACXiF,OAAO,EAAG,iCAAgCS,KAAK,CAACT,OAAQ,EAAC;MACzD9E,KAAK;MACLwF,IAAI,EAAE;IACR,CAAC,CAAC;EACJ;AACF;AAEA,OAAO,eAAe7E,oBAAoBA,CAAC;EACzCJ,QAAQ;EACRG,YAAY;EACZE,KAAK;EACLC,MAAM;EACNC,QAAQ;EACRd;AAQF,CAAC,EAAE;EACD;EACA,MAAM8C,MAAM,GAAG,MAAM3D,eAAe,CAAC;IAAEoB,QAAQ;IAAEP;EAAM,CAAC,CAAC;EACzD8C,MAAM,CAACkE,YAAY,GAAGtG,YAAY;EAClC;EACA,MAAMuG,kBAAkB,GACtBnE,MAAM,CAACY,sBAAsB,CAACwD,mBAAmB,CAACzC,KAAK,IAAI,IAAI;EACjE;EACA3B,MAAM,CAACY,sBAAsB,CAACwD,mBAAmB,CAACzC,KAAK,GAAG3D,QAAQ;EAClE,MAAM1B,eAAe,CAAC;IAAEmB,QAAQ;IAAE+F,UAAU,EAAExD,MAAM;IAAE9C;EAAM,CAAC,CAAC;EAC9D,MAAMmH,QAAQ,GAAG,MAAMvH,sBAAsB,CAAC;IAC5CwH,SAAS,EAAEpH,KAAK,CAACqH,OAAO,CAAC,CAAC;IAC1B9G,QAAQ;IACRG,YAAY;IACZE,KAAK;IACLZ;EACF,CAAC,CAAC;EACF,MAAMsH,OAAO,GAAG,IAAIlB,IAAI,CAAC,CAAC,CAACmB,OAAO,CAAC,CAAC,GAAG,IAAI,GAAGJ,QAAQ,CAACK,UAAU;EACjEL,QAAQ,CAACM,UAAU,GAAG,IAAIrB,IAAI,CAACkB,OAAO,CAAC,CAACjB,cAAc,CAAC,CAAC;EACxD;EACAvD,MAAM,CAACY,sBAAsB,CAACwD,mBAAmB,CAACzC,KAAK,GAAGwC,kBAAkB;EAC5E,MAAM7H,eAAe,CAAC;IAAEmB,QAAQ;IAAE+F,UAAU,EAAExD,MAAM;IAAE9C;EAAM,CAAC,CAAC;EAC9D;EACA,IAAIa,MAAM,EAAE;IACV,MAAM6G,WAAW,GAAG,wBAAwB;IAC5C,IAAI;MACF,MAAM/H,SAAS,CAAC;QACdgI,QAAQ,EAAE9G,MAAgB;QAC1B4D,KAAK,EAAE0C,QAAQ,CAACS,YAAY;QAC5BF,WAAW;QACX1H;MACF,CAAC,CAAC;MACFmH,QAAQ,CAACtG,MAAM,GAAGA,MAAM;IAC1B,CAAC,CAAC,OAAO0E,KAAK,EAAE;MACd,IACEtG,CAAC,CAAC4I,GAAG,CAACtC,KAAK,EAAE,oBAAoB,CAAC,KAAK,GAAG,IAC1CtG,CAAC,CAAC4I,GAAG,CAACtC,KAAK,EAAE,uBAAuB,CAAC,KACnC,oDAAoD,EACtD;QACA,MAAMuC,SAAS,GAAI,GAAEjH,MAAO,IAAGyG,OAAQ,EAAC;QACxCzH,YAAY,CAAC;UACXiF,OAAO,EAAG,QAAOjE,MAAO,2BAA0BiH,SAAU,EAAC;UAC7DtC,IAAI,EAAE,MAAM;UACZxF;QACF,CAAC,CAAC;QACF,MAAML,SAAS,CAAC;UACdgI,QAAQ,EAAEG,SAAS;UACnBrD,KAAK,EAAE0C,QAAQ,CAACS,YAAY;UAC5BF,WAAW;UACX1H;QACF,CAAC,CAAC;QACFmH,QAAQ,CAACtG,MAAM,GAAGiH,SAAS;MAC7B;IACF;IACA,OAAOX,QAAQ,CAACS,YAAY;EAC9B;EACA,OAAOT,QAAQ;AACjB;AAEA,OAAO,eAAepG,uBAAuBA,CAAC;EAC5CC,OAAO;EACPhB;AAIF,CAAC,EAAE;EACD,MAAMkD,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,IAAI+G,aAAa,GAAG,KAAK;EACzB,MAAMpB,QAAQ,GAAGzC,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CAACN,MAAM,CAC9DO,OAAO,IAAK;IACX;IACA,IAAIA,OAAO,CAACvC,OAAO,KAAKA,OAAO,EAAE;MAC/B+F,aAAa,GAAG,IAAI;IACtB;IACA;IACA,OAAOxD,OAAO,CAACvC,OAAO,KAAKA,OAAO;EACpC,CACF,CAAC;EACDkC,cAAc,CAACG,QAAQ,CAACC,iBAAiB,GAAGqC,QAAQ;EACpD,IAAIoB,aAAa,EAAE;IACjBlH,YAAY,CAAC;MACXiF,OAAO,EAAG,6CAA4C9D,OAAQ,MAAK;MACnEhB;IACF,CAAC,CAAC;IACF,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,gBAAgB;QAC1B4C,UAAU,EAAE7C,cAAc;QAC1BlD;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,uCAAsC9D,OAAQ,UAAS;MACjEhB;IACF,CAAC,CAAC;EACJ;AACF;AAEA,OAAO,eAAeiB,8BAA8BA,CAAC;EACnDC,iBAAiB;EACjBC,MAAM;EACNnB;AAKF,CAAC,EAAE;EACD,MAAM+H,OAAO,GAAG,MAAM1I,eAAe,CAAC;IAAE8D,QAAQ,EAAE,SAAS;IAAEnD;EAAM,CAAC,CAAC;EACrE,MAAMgI,aAAa,GAAGC,MAAM,CAACC,IAAI,CAAChG,4BAA4B,CAAC;EAC/D,MAAMiG,cAAc,GAAGJ,OAAO,CAACK,OAAO,CAACvF,GAAG,CAAEwF,MAAM,IAAK;IACrD;IACA,IAAIA,MAAM,CAAC/C,IAAI,KAAK9F,mBAAmB,CAAC;MAAEQ;IAAM,CAAC,CAAC,EAAE;MAClD,OAAOqI,MAAM;IACf;IACAL,aAAa,CAACpE,OAAO,CAAE0B,IAAI,IAAK;MAC9B,IACE/F,WAAW,CACT2C,4BAA4B,CAACoD,IAAI,CAAC,EAClC+C,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,EAC9B,CAAC,UAAU,EAAE,kBAAkB,CACjC,CAAC,IACDpE,iBAAiB,EACjB;QACA,IAAImH,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACkD,QAAQ,EAAE;UAC3C3I,YAAY,CAAC;YAAEiF,OAAO,EAAG,GAAEQ,IAAK,QAAO;YAAEtF;UAAM,CAAC,CAAC;UACjD;UACAqI,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACkD,QAAQ,GAAG,KAAK;QACjD,CAAC,MAAM;UACL3I,YAAY,CAAC;YAAEiF,OAAO,EAAG,GAAEQ,IAAK,2BAA0B;YAAEtF;UAAM,CAAC,CAAC;QACtE;MACF,CAAC,MAAM;QACLH,YAAY,CAAC;UAAEiF,OAAO,EAAG,GAAEQ,IAAK,qBAAoB;UAAEtF;QAAM,CAAC,CAAC;MAChE;IACF,CAAC,CAAC;IACF,OAAOqI,MAAM;EACf,CAAC,CAAC;EACFN,OAAO,CAACK,OAAO,GAAGD,cAAc;EAChC,IAAIhH,MAAM,EAAE;IACVtB,YAAY,CAAC;MAAEiF,OAAO,EAAE,sCAAsC;MAAE9E;IAAM,CAAC,CAAC;EAC1E,CAAC,MAAM;IACL,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,SAAS;QACnB4C,UAAU,EAAEgC,OAAO;QACnB/H;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF;AACF;AAEA,OAAO,eAAeoB,8BAA8BA,CAAC;EACnDF,iBAAiB;EACjBC,MAAM;EACNnB;AAKF,CAAC,EAAE;EACD,MAAM+H,OAAO,GAAG,MAAM1I,eAAe,CAAC;IAAE8D,QAAQ,EAAE,SAAS;IAAEnD;EAAM,CAAC,CAAC;EACrE,MAAMgI,aAAa,GAAGC,MAAM,CAACC,IAAI,CAAChG,4BAA4B,CAAC;EAC/D,MAAMiG,cAAc,GAAGJ,OAAO,CAACK,OAAO,CAACvF,GAAG,CAAEwF,MAAM,IAAK;IACrD;IACA,IAAIA,MAAM,CAAC/C,IAAI,KAAK9F,mBAAmB,CAAC;MAAEQ;IAAM,CAAC,CAAC,EAAE;MAClD,OAAOqI,MAAM;IACf;IACAL,aAAa,CAACpE,OAAO,CAAE0B,IAAI,IAAK;MAC9B,IACE/F,WAAW,CACT2C,4BAA4B,CAACoD,IAAI,CAAC,EAClC+C,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,EAC9B,CAAC,UAAU,EAAE,kBAAkB,CACjC,CAAC,IACDpE,iBAAiB,EACjB;QACA,IAAI,CAACmH,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACkD,QAAQ,EAAE;UAC5C3I,YAAY,CAAC;YAAEiF,OAAO,EAAG,GAAEQ,IAAK,QAAO;YAAEtF;UAAM,CAAC,CAAC;UACjD;UACAqI,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACkD,QAAQ,GAAG,IAAI;QAChD,CAAC,MAAM;UACL3I,YAAY,CAAC;YAAEiF,OAAO,EAAG,GAAEQ,IAAK,4BAA2B;YAAEtF;UAAM,CAAC,CAAC;QACvE;MACF,CAAC,MAAM;QACLH,YAAY,CAAC;UAAEiF,OAAO,EAAG,GAAEQ,IAAK,qBAAoB;UAAEtF;QAAM,CAAC,CAAC;MAChE;IACF,CAAC,CAAC;IACF,OAAOqI,MAAM;EACf,CAAC,CAAC;EACFN,OAAO,CAACK,OAAO,GAAGD,cAAc;EAChC,IAAIhH,MAAM,EAAE;IACVtB,YAAY,CAAC;MAAEiF,OAAO,EAAE,sCAAsC;MAAE9E;IAAM,CAAC,CAAC;EAC1E,CAAC,MAAM;IACL,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,SAAS;QACnB4C,UAAU,EAAEgC,OAAO;QACnB/H;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF;AACF;AAEA,eAAeyI,kBAAkBA,CAAC;EAChCtH,MAAM;EACNnB;AAIF,CAAC,EAAE;EACD,MAAM+H,OAAO,GAAG,MAAM1I,eAAe,CAAC;IAAE8D,QAAQ,EAAE,SAAS;IAAEnD;EAAM,CAAC,CAAC;EACrE,MAAM0I,KAAK,GAAG,CAAC,gBAAgB,CAAC;EAChC,IAAIC,UAAU,GAAG,KAAK;EACtB,MAAMR,cAAc,GAAGJ,OAAO,CAACK,OAAO,CAACvF,GAAG,CAAEwF,MAAM,IAAK;IACrD;IACA,IAAIA,MAAM,CAAC/C,IAAI,KAAK9F,mBAAmB,CAAC;MAAEQ;IAAM,CAAC,CAAC,EAAE;MAClD,OAAOqI,MAAM;IACf;IACAxI,YAAY,CAAC;MAAEiF,OAAO,EAAG,GAAEuD,MAAM,CAAC/C,IAAK,eAAc;MAAEtF;IAAM,CAAC,CAAC;IAC/D0I,KAAK,CAAC9E,OAAO,CAAE0B,IAAI,IAAK;MACtB,IAAI,CAAC+C,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACsD,WAAW,CAACC,iBAAiB,EAAE;QACjEhJ,YAAY,CAAC;UACXiF,OAAO,EAAG,KAAIQ,IAAK,gCAA+B;UAClDE,IAAI,EAAE,MAAM;UACZxF;QACF,CAAC,CAAC;QACF;QACAqI,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACsD,WAAW,CAACC,iBAAiB,GAAG,IAAI;QACnEF,UAAU,GAAG,IAAI;MACnB,CAAC,MAAM;QACL9I,YAAY,CAAC;UAAEiF,OAAO,EAAG,KAAIQ,IAAK,MAAK;UAAEtF;QAAM,CAAC,CAAC;MACnD;IACF,CAAC,CAAC;IACF,OAAOqI,MAAM;EACf,CAAC,CAAC;EACFN,OAAO,CAACK,OAAO,GAAGD,cAAc;EAChC,IAAI,CAAChH,MAAM,EAAE;IACX,IAAI;MACF,MAAM7B,eAAe,CAAC;QACpB6D,QAAQ,EAAE,SAAS;QACnB4C,UAAU,EAAEgC,OAAO;QACnB/H;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF;EACA,OAAO2I,UAAU;AACnB;AAEA,eAAeG,iBAAiBA,CAAC;EAC/B3H,MAAM;EACNnB;AAIF,CAAC,EAAE;EACD,MAAM+H,OAAO,GAAG,MAAM1I,eAAe,CAAC;IAAE8D,QAAQ,EAAE,SAAS;IAAEnD;EAAM,CAAC,CAAC;EACrE,MAAM0I,KAAK,GAAG,CACZ,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,CACZ;EACD,IAAIC,UAAU,GAAG,KAAK;EACtB,MAAMR,cAAc,GAAGJ,OAAO,CAACK,OAAO,CAACvF,GAAG,CAAEwF,MAAM,IAAK;IACrD;IACA,IAAIA,MAAM,CAAC/C,IAAI,KAAK7F,2BAA2B,CAAC;MAAEO;IAAM,CAAC,CAAC,EAAE;MAC1D,OAAOqI,MAAM;IACf;IACAxI,YAAY,CAAC;MAAEiF,OAAO,EAAG,GAAEuD,MAAM,CAAC/C,IAAK,eAAc;MAAEtF;IAAM,CAAC,CAAC;IAC/D0I,KAAK,CAAC9E,OAAO,CAAE0B,IAAI,IAAK;MACtB,IAAI,CAAC+C,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACsD,WAAW,CAACC,iBAAiB,EAAE;QACjEhJ,YAAY,CAAC;UACXiF,OAAO,EAAG,KAAIQ,IAAK,gCAA+B;UAClDE,IAAI,EAAE,MAAM;UACZxF;QACF,CAAC,CAAC;QACF;QACAqI,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACsD,WAAW,CAACC,iBAAiB,GAAG,IAAI;QACnEF,UAAU,GAAG,IAAI;MACnB,CAAC,MAAM;QACL9I,YAAY,CAAC;UAAEiF,OAAO,EAAG,KAAIQ,IAAK,MAAK;UAAEtF;QAAM,CAAC,CAAC;MACnD;IACF,CAAC,CAAC;IACF,OAAOqI,MAAM;EACf,CAAC,CAAC;EACFN,OAAO,CAACK,OAAO,GAAGD,cAAc;EAChC,IAAI,CAAChH,MAAM,EAAE;IACX,IAAI;MACF,MAAM7B,eAAe,CAAC;QACpB6D,QAAQ,EAAE,SAAS;QACnB4C,UAAU,EAAEgC,OAAO;QACnB/H;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF;EACA,OAAO2I,UAAU;AACnB;AAEA,eAAeI,kBAAkBA,CAAC5H,MAAM,GAAG,KAAK,EAAE;EAChD,IAAI,CAACA,MAAM,EAAE;IACX;EAAA;AAEJ;AAEA,eAAe6H,wBAAwBA,CAAC7H,MAAM,GAAG,KAAK,EAAE;EACtD,IAAI,CAACA,MAAM,EAAE;IACX;EAAA;AAEJ;AAEA,OAAO,eAAeE,cAAcA,CAAC;EACnCC,iBAAiB;EACjBC,iBAAiB;EACjBJ,MAAM;EACNnB;AAMF,CAAC,EAAE;EACD,IAAI2I,UAAU,GAAG,KAAK;EACtBA,UAAU,GAAGA,UAAU,KAAK,MAAMF,kBAAkB,CAAC;IAAEtH,MAAM;IAAEnB;EAAM,CAAC,CAAC,CAAC;EACxE2I,UAAU,GAAGA,UAAU,KAAK,MAAMG,iBAAiB,CAAC;IAAE3H,MAAM;IAAEnB;EAAM,CAAC,CAAC,CAAC;EACvE,IAAIsB,iBAAiB,EAAE;IACrB;EAAA;EAEF,IAAIqH,UAAU,EAAE;IACd,MAAMI,kBAAkB,CAAC5H,MAAM,CAAC;EAClC;EACA,IAAII,iBAAiB,EAAE;IACrB,MAAMyH,wBAAwB,CAAC7H,MAAM,CAAC;EACxC;EACA,IAAIA,MAAM,EAAE;IACVtB,YAAY,CAAC;MACXiF,OAAO,EAAE,sCAAsC;MAC/CU,IAAI,EAAE,MAAM;MACZxF;IACF,CAAC,CAAC;EACJ;AACF;;AAEA;AACA;AACA;AACA;AACA"}
1
+ {"version":3,"file":"AdminOps.js","names":["fs","_","getOAuth2Clients","getOAuth2Client","putOAuth2Client","getConfigEntity","putConfigEntity","isEqualJson","getRealmManagedUser","getRealmManagedOrganization","getOAuth2Provider","putSecret","clientCredentialsGrant","printMessage","path","fileURLToPath","state","listOAuth2CustomClients","listOAuth2AdminClients","listNonOAuth2AdminStaticUserMappings","showProtected","addAutoIdStaticUserMapping","grantOAuth2ClientAdminPrivileges","clientId","revokeOAuth2ClientAdminPrivileges","createOAuth2ClientWithAdminPrivileges","clientSecret","createLongLivedToken","scope","secret","lifetime","removeStaticUserMapping","subject","hideGenericExtensionAttributes","includeCustomized","dryRun","showGenericExtensionAttributes","repairOrgModel","excludeCustomized","extendPermissions","__dirname","dirname","import","meta","url","OAUTH2_CLIENT","JSON","parse","readFileSync","resolve","GENERIC_EXTENSION_ATTRIBUTES","protectedClients","protectedSubjects","privilegedScopes","privilegedRoles","adminScopes","adminDefaultScopes","adminRoles","autoIdRoles","clients","clientIds","map","client","_id","filter","includes","authentication","entityId","subjects","rsFilter","staticUserMapping","mapping","adminClients","isPrivileged","coreOAuth2ClientConfig","scopes","forEach","roles","role","adminSubjects","getDynamicClientRegistrationScope","provider","clientDynamicRegistrationConfig","dynamicClientRegistrationScope","addAdminScopes","modClient","allAdminScopes","concat","addScopes","value","add","addDefaultScope","defaultScopes","length","message","addClientCredentialsGrantType","modified","advancedOAuth2ClientConfig","grantTypes","push","inherited","addAdminStaticUserMapping","name","error","type","needsAdminMapping","addRoles","mappings","newMapping","localUser","userRoles","entityData","putConfigEntityError","clientName","descriptions","startsWith","Date","toLocaleString","clientData","removeAdminScopes","finalScopes","finalDefaultScopes","removeClientCredentialsGrantType","finalGrantTypes","grantType","removeAdminStaticUserMapping","finalRoles","removeMapping","userpassword","rememberedLifetime","accessTokenLifetime","response","amBaseUrl","getHost","expires","getTime","expires_in","expires_on","description","secretId","access_token","get","newSecret","managed","propertyNames","Object","keys","updatedObjects","objects","object","schema","properties","viewable","repairOrgModelUser","RDVPs","repairData","queryConfig","flattenProperties","repairOrgModelOrg","repairOrgModelData","extendOrgModelPermissins"],"sources":["../../src/ops/AdminOps.ts"],"sourcesContent":["import fs from 'fs';\nimport _ from 'lodash';\nimport {\n getOAuth2Clients,\n getOAuth2Client,\n putOAuth2Client,\n} from '../ops/OAuth2ClientOps';\nimport { getConfigEntity, putConfigEntity } from '../api/IdmConfigApi';\nimport { isEqualJson, getRealmManagedUser } from './utils/OpsUtils';\nimport { getRealmManagedOrganization } from './OrganizationOps';\nimport { getOAuth2Provider } from '../ops/OAuth2ProviderOps';\nimport { putSecret } from '../api/cloud/SecretsApi';\nimport { clientCredentialsGrant } from '../api/OAuth2OIDCApi';\nimport { printMessage } from './utils/Console';\nimport path from 'path';\nimport { fileURLToPath } from 'url';\nimport { State } from '../shared/State';\nimport {\n OAuth2ClientSkeleton,\n ReadableStrings,\n WritableStrings,\n} from '../api/ApiTypes';\n\nexport type Admin = {\n listOAuth2CustomClients(): Promise<any>;\n listOAuth2AdminClients(): Promise<any>;\n listNonOAuth2AdminStaticUserMappings(showProtected: boolean): Promise<any>;\n addAutoIdStaticUserMapping(): Promise<void>;\n grantOAuth2ClientAdminPrivileges(clientId: string): Promise<void>;\n revokeOAuth2ClientAdminPrivileges(clientId: string): Promise<void>;\n createOAuth2ClientWithAdminPrivileges(\n clientId: string,\n clientSecret: string\n ): Promise<void>;\n createLongLivedToken(\n clientId: string,\n clientSecret: string,\n scope: string,\n secret: string | boolean,\n lifetime: number\n ): Promise<any>;\n removeStaticUserMapping(subject: string): Promise<void>;\n hideGenericExtensionAttributes(\n includeCustomized: boolean,\n dryRun: boolean\n ): Promise<void>;\n showGenericExtensionAttributes(\n includeCustomized: boolean,\n dryRun: boolean\n ): Promise<void>;\n repairOrgModel(\n excludeCustomized: boolean,\n extendPermissions: boolean,\n dryRun: boolean\n ): Promise<void>;\n};\n\nexport default (state: State): Admin => {\n return {\n /*\n * List all oauth2 clients, which have a corresponding staticUserMapping\n * in the IDM authentication.json:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"someOauth2ClientID\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n },\n {\n \"subject\": \"RCSClient\",\n \"localUser\": \"internal/user/idm-provisioning\"\n }\n ]\n }\n }\n */\n async listOAuth2CustomClients() {\n return listOAuth2CustomClients({ state });\n },\n\n /*\n * List all oauth2 clients, which have the fr:idm:* scope and a \n * corresponding staticUserMapping in the IDM authentication.json\n * and are assigned admin privileges:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"someOauth2ClientID\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\n async listOAuth2AdminClients() {\n return listOAuth2AdminClients({ state });\n },\n\n /*\n * List all static user mappings that are not oauth2 clients in authentication.json\n * and are assigned admin privileges:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"amadmin\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n },\n {\n \"subject\": \"idm-provisioning\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\"\n ]\n },\n {\n \"subject\": \"RCSClient\",\n \"localUser\": \"internal/user/idm-provisioning\"\n },\n {\n \"subject\": \"autoid-resource-server\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\",\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\n async listNonOAuth2AdminStaticUserMappings(showProtected: boolean) {\n return listNonOAuth2AdminStaticUserMappings({\n showProtected,\n state,\n });\n },\n\n /*\n * Add AutoId static user mapping to authentication.json to enable dashboards and other AutoId-based functionality.\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n ...\n {\n \"subject\": \"autoid-resource-server\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\",\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\n async addAutoIdStaticUserMapping() {\n return addAutoIdStaticUserMapping({ state });\n },\n\n async grantOAuth2ClientAdminPrivileges(clientId: string) {\n return grantOAuth2ClientAdminPrivileges({ clientId, state });\n },\n\n async revokeOAuth2ClientAdminPrivileges(clientId: string) {\n return revokeOAuth2ClientAdminPrivileges({ clientId, state });\n },\n\n async createOAuth2ClientWithAdminPrivileges(\n clientId: string,\n clientSecret: string\n ) {\n return createOAuth2ClientWithAdminPrivileges({\n clientId,\n clientSecret,\n state,\n });\n },\n\n async createLongLivedToken(\n clientId: string,\n clientSecret: string,\n scope: string,\n secret: string | boolean,\n lifetime: number\n ) {\n return createLongLivedToken({\n clientId,\n clientSecret,\n scope,\n secret,\n lifetime,\n state,\n });\n },\n\n async removeStaticUserMapping(subject: string) {\n return removeStaticUserMapping({ subject, state });\n },\n\n async hideGenericExtensionAttributes(\n includeCustomized: boolean,\n dryRun: boolean\n ) {\n return hideGenericExtensionAttributes({\n includeCustomized,\n dryRun,\n state,\n });\n },\n\n async showGenericExtensionAttributes(\n includeCustomized: boolean,\n dryRun: boolean\n ) {\n return showGenericExtensionAttributes({\n includeCustomized,\n dryRun,\n state,\n });\n },\n\n async repairOrgModel(\n excludeCustomized: boolean,\n extendPermissions: boolean,\n dryRun: boolean\n ) {\n return repairOrgModel({\n excludeCustomized,\n extendPermissions,\n dryRun,\n state,\n });\n },\n };\n};\n\nconst __dirname = path.dirname(fileURLToPath(import.meta.url));\n\nconst OAUTH2_CLIENT = JSON.parse(\n fs.readFileSync(\n path.resolve(__dirname, './templates/OAuth2ClientTemplate.json'),\n 'utf8'\n )\n);\nconst GENERIC_EXTENSION_ATTRIBUTES = JSON.parse(\n fs.readFileSync(\n path.resolve(\n __dirname,\n './templates/cloud/GenericExtensionAttributesTemplate.json'\n ),\n 'utf8'\n )\n);\n\nconst protectedClients = ['ui', 'idm-provisioning'];\nconst protectedSubjects = ['amadmin', 'autoid-resource-server'];\n\nconst privilegedScopes = [\n 'am-introspect-all-tokens',\n 'fr:idm:*',\n 'fr:idc:esv:*',\n];\n// const privilegedUsers = ['openidm-admin'];\nconst privilegedRoles = [\n 'internal/role/openidm-authorized',\n 'internal/role/openidm-admin',\n];\n\nconst adminScopes = ['fr:idm:*', 'fr:idc:esv:*'];\nconst adminDefaultScopes = ['fr:idm:*'];\nconst adminRoles = [\n 'internal/role/openidm-authorized',\n 'internal/role/openidm-admin',\n];\nconst autoIdRoles = [\n 'internal/role/platform-provisioning',\n 'internal/role/openidm-authorized',\n 'internal/role/openidm-admin',\n];\n\n/*\n * List all oauth2 clients, which have a corresponding staticUserMapping\n * in the IDM authentication.json:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"someOauth2ClientID\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n },\n {\n \"subject\": \"RCSClient\",\n \"localUser\": \"internal/user/idm-provisioning\"\n }\n ]\n }\n }\n */\nexport async function listOAuth2CustomClients({ state }: { state: State }) {\n const clients = await getOAuth2Clients({ state });\n const clientIds = clients\n .map((client) => client._id)\n .filter((client) => !protectedClients.includes(client));\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n const subjects = authentication.rsFilter.staticUserMapping\n .map((mapping) => mapping.subject)\n .filter((subject) => !protectedSubjects.includes(subject));\n const adminClients = subjects.filter((subject) =>\n clientIds.includes(subject)\n );\n return adminClients;\n}\n\n/*\n * List all oauth2 clients, which have the fr:idm:* scope and a \n * corresponding staticUserMapping in the IDM authentication.json\n * and are assigned admin privileges:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"someOauth2ClientID\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\nexport async function listOAuth2AdminClients({ state }: { state: State }) {\n const clients = await getOAuth2Clients({ state });\n const clientIds = clients\n .filter((client) => {\n // printMessage({ message: client, type: 'error', state });\n let isPrivileged = false;\n if (client.coreOAuth2ClientConfig.scopes) {\n (client.coreOAuth2ClientConfig.scopes as ReadableStrings).forEach(\n (scope) => {\n if (privilegedScopes.includes(scope)) {\n isPrivileged = true;\n }\n }\n );\n }\n return isPrivileged;\n })\n .map((client) => client._id)\n .filter((clientId) => !protectedClients.includes(clientId));\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n const subjects = authentication.rsFilter.staticUserMapping\n .filter((mapping) => {\n let isPrivileged = false;\n if (mapping.roles) {\n mapping.roles.forEach((role) => {\n if (privilegedRoles.includes(role)) {\n isPrivileged = true;\n }\n });\n }\n return isPrivileged;\n })\n .map((mapping) => mapping.subject)\n .filter((subject) => !protectedSubjects.includes(subject));\n const adminClients = subjects.filter((subject) =>\n clientIds.includes(subject)\n );\n return adminClients;\n}\n\n/*\n * List all static user mappings that are not oauth2 clients in authentication.json\n * and are assigned admin privileges:\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n {\n \"subject\": \"amadmin\",\n \"localUser\": \"internal/user/openidm-admin\",\n \"userRoles\": \"authzRoles/*\",\n \"roles\": [\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n },\n {\n \"subject\": \"idm-provisioning\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\"\n ]\n },\n {\n \"subject\": \"RCSClient\",\n \"localUser\": \"internal/user/idm-provisioning\"\n },\n {\n \"subject\": \"autoid-resource-server\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\",\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\nexport async function listNonOAuth2AdminStaticUserMappings({\n showProtected,\n state,\n}: {\n showProtected: boolean;\n state: State;\n}) {\n const clients = await getOAuth2Clients({ state });\n const clientIds = clients\n .map((client) => client._id)\n .filter((client) => !protectedClients.includes(client));\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n let subjects = authentication.rsFilter.staticUserMapping\n .filter((mapping) => {\n let isPrivileged = false;\n if (mapping.roles) {\n mapping.roles.forEach((role) => {\n if (privilegedRoles.includes(role)) {\n isPrivileged = true;\n }\n });\n }\n return isPrivileged;\n })\n .map((mapping) => mapping.subject);\n if (!showProtected) {\n subjects = subjects.filter(\n (subject) => !protectedSubjects.includes(subject)\n );\n }\n const adminSubjects = subjects.filter(\n (subject) => !clientIds.includes(subject)\n );\n return adminSubjects;\n}\n\nasync function getDynamicClientRegistrationScope({ state }: { state: State }) {\n const provider = await getOAuth2Provider({ state });\n return provider.clientDynamicRegistrationConfig\n .dynamicClientRegistrationScope;\n}\n\nasync function addAdminScopes({\n clientId,\n client,\n state,\n}: {\n clientId: string;\n client: OAuth2ClientSkeleton;\n state: State;\n}) {\n const modClient = client;\n const allAdminScopes = adminScopes.concat([\n await getDynamicClientRegistrationScope({ state }),\n ]);\n let addScopes = [];\n if (\n modClient.coreOAuth2ClientConfig.scopes &&\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value\n ) {\n addScopes = allAdminScopes.filter((scope) => {\n let add = false;\n if (\n !(\n modClient.coreOAuth2ClientConfig.scopes as WritableStrings\n ).value.includes(scope)\n ) {\n add = true;\n }\n return add;\n });\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value = (\n modClient.coreOAuth2ClientConfig.scopes as WritableStrings\n ).value.concat(addScopes);\n } else {\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value =\n allAdminScopes;\n }\n let addDefaultScope = false;\n if (\n modClient.coreOAuth2ClientConfig.defaultScopes &&\n modClient.coreOAuth2ClientConfig.defaultScopes.value\n ) {\n if (modClient.coreOAuth2ClientConfig.defaultScopes.value.length === 0) {\n addDefaultScope = true;\n modClient.coreOAuth2ClientConfig.defaultScopes.value = adminDefaultScopes;\n } else {\n printMessage({\n message: `Client \"${clientId}\" already has default scopes configured, not adding admin default scope.`,\n state,\n });\n }\n }\n if (addScopes.length > 0 || addDefaultScope) {\n printMessage({\n message: `Adding admin scopes to client \"${clientId}\"...`,\n state,\n });\n } else {\n printMessage({\n message: `Client \"${clientId}\" already has admin scopes.`,\n state,\n });\n }\n return modClient;\n}\n\nfunction addClientCredentialsGrantType({\n clientId,\n client,\n state,\n}: {\n clientId: string;\n client: OAuth2ClientSkeleton;\n state: State;\n}) {\n const modClient = client;\n let modified = false;\n if (\n modClient.advancedOAuth2ClientConfig.grantTypes &&\n (modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings).value\n ) {\n if (\n !(\n modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings\n ).value.includes('client_credentials')\n ) {\n modified = true;\n (\n modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings\n ).value.push('client_credentials');\n }\n } else {\n (modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings).value =\n ['client_credentials'];\n }\n (\n modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings\n ).inherited = false;\n if (modified) {\n printMessage({\n message: `Adding client credentials grant type to client \"${clientId}\"...`,\n state,\n });\n } else {\n printMessage({\n message: `Client \"${clientId}\" already has client credentials grant type.`,\n state,\n });\n }\n return modClient;\n}\n\nasync function addAdminStaticUserMapping({\n name,\n state,\n}: {\n name: string;\n state: State;\n}) {\n let authentication = {};\n try {\n authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n } catch (error) {\n printMessage({\n message: `Error reading IDM authentication configuration: ${error.message}`,\n type: 'error',\n state,\n });\n }\n let needsAdminMapping = true;\n let addRoles = [];\n const mappings = authentication['rsFilter']['staticUserMapping'].map(\n (mapping) => {\n // ignore mappings for other subjects\n if (mapping.subject !== name) {\n return mapping;\n }\n needsAdminMapping = false;\n addRoles = adminRoles.filter((role) => {\n let add = false;\n if (!mapping.roles.includes(role)) {\n add = true;\n }\n return add;\n });\n const newMapping = mapping;\n newMapping.roles = newMapping.roles.concat(addRoles);\n return newMapping;\n }\n );\n if (needsAdminMapping) {\n printMessage({\n message: `Creating static user mapping for client \"${name}\"...`,\n state,\n });\n mappings.push({\n subject: name,\n localUser: 'internal/user/openidm-admin',\n userRoles: 'authzRoles/*',\n roles: adminRoles,\n });\n }\n authentication['rsFilter']['staticUserMapping'] = mappings;\n if (addRoles.length > 0 || needsAdminMapping) {\n printMessage({\n message: `Adding admin roles to static user mapping for client \"${name}\"...`,\n state,\n });\n try {\n await putConfigEntity({\n entityId: 'authentication',\n entityData: authentication,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n } else {\n printMessage({\n message: `Static user mapping for client \"${name}\" already has admin roles.`,\n state,\n });\n }\n}\n\n/*\n * Add AutoId static user mapping to authentication.json to enable dashboards and other AutoId-based functionality.\n {\n \"_id\": \"authentication\",\n \"rsFilter\": {\n ...\n \"staticUserMapping\": [\n ...\n {\n \"subject\": \"autoid-resource-server\",\n \"localUser\": \"internal/user/idm-provisioning\",\n \"roles\": [\n \"internal/role/platform-provisioning\",\n \"internal/role/openidm-authorized\",\n \"internal/role/openidm-admin\"\n ]\n }\n ]\n }\n }\n */\nexport async function addAutoIdStaticUserMapping({ state }: { state: State }) {\n const name = 'autoid-resource-server';\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n let needsAdminMapping = true;\n let addRoles = [];\n const mappings = authentication.rsFilter.staticUserMapping.map((mapping) => {\n // ignore mappings for other subjects\n if (mapping.subject !== name) {\n return mapping;\n }\n needsAdminMapping = false;\n addRoles = autoIdRoles.filter((role) => {\n let add = false;\n if (!mapping.roles.includes(role)) {\n add = true;\n }\n return add;\n });\n const newMapping = mapping;\n newMapping.roles = newMapping.roles.concat(addRoles);\n return newMapping;\n });\n if (needsAdminMapping) {\n printMessage({\n message: `Creating static user mapping for AutoId client \"${name}\"...`,\n state,\n });\n mappings.push({\n subject: name,\n localUser: 'internal/user/idm-provisioning',\n userRoles: 'authzRoles/*',\n roles: autoIdRoles,\n });\n }\n authentication.rsFilter.staticUserMapping = mappings;\n if (addRoles.length > 0 || needsAdminMapping) {\n printMessage({\n message: `Adding required roles to static user mapping for AutoId client \"${name}\"...`,\n state,\n });\n try {\n await putConfigEntity({\n entityId: 'authentication',\n entityData: authentication,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n } else {\n printMessage({\n message: `Static user mapping for AutoId client \"${name}\" already has all required roles.`,\n state,\n });\n }\n}\n\nexport async function grantOAuth2ClientAdminPrivileges({\n clientId,\n state,\n}: {\n clientId: string;\n state: State;\n}) {\n let client = await getOAuth2Client({ clientId, state });\n if (client.coreOAuth2ClientConfig.clientName.value.length === 0) {\n client.coreOAuth2ClientConfig.clientName.value = [clientId];\n }\n if (\n client.advancedOAuth2ClientConfig.descriptions.value.length === 0 ||\n client.advancedOAuth2ClientConfig.descriptions.value[0].startsWith(\n 'Modified by Frodo'\n ) ||\n client.advancedOAuth2ClientConfig.descriptions.value[0].startsWith(\n 'Created by Frodo'\n )\n ) {\n client.advancedOAuth2ClientConfig.descriptions.value = [\n `Modified by Frodo on ${new Date().toLocaleString()}`,\n ];\n }\n client = await addAdminScopes({ clientId, client, state });\n client = addClientCredentialsGrantType({ clientId, client, state });\n await putOAuth2Client({ clientId, clientData: client, state });\n await addAdminStaticUserMapping({ name: clientId, state });\n}\n\nasync function removeAdminScopes({\n name,\n client,\n state,\n}: {\n name: string;\n client: OAuth2ClientSkeleton;\n state: State;\n}) {\n const modClient = client;\n const allAdminScopes = adminScopes.concat([\n await getDynamicClientRegistrationScope({ state }),\n ]);\n let finalScopes = [];\n if (\n modClient.coreOAuth2ClientConfig.scopes &&\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value\n ) {\n finalScopes = (\n modClient.coreOAuth2ClientConfig.scopes as WritableStrings\n ).value.filter((scope) => !allAdminScopes.includes(scope));\n }\n if (\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value.length >\n finalScopes.length\n ) {\n printMessage({\n message: `Removing admin scopes from client \"${name}\"...`,\n state,\n });\n (modClient.coreOAuth2ClientConfig.scopes as WritableStrings).value =\n finalScopes;\n } else {\n printMessage({ message: `Client \"${name}\" has no admin scopes.`, state });\n }\n let finalDefaultScopes = [];\n if (\n modClient.coreOAuth2ClientConfig.defaultScopes &&\n modClient.coreOAuth2ClientConfig.defaultScopes.value\n ) {\n finalDefaultScopes =\n modClient.coreOAuth2ClientConfig.defaultScopes.value.filter(\n (scope) => !adminDefaultScopes.includes(scope)\n );\n }\n if (\n modClient.coreOAuth2ClientConfig.defaultScopes.value.length >\n finalDefaultScopes.length\n ) {\n printMessage({\n message: `Removing admin default scopes from client \"${name}\"...`,\n state,\n });\n modClient.coreOAuth2ClientConfig.defaultScopes.value = finalDefaultScopes;\n } else {\n printMessage({\n message: `Client \"${name}\" has no admin default scopes.`,\n state,\n });\n }\n return modClient;\n}\n\nfunction removeClientCredentialsGrantType({\n clientId,\n client,\n state,\n}: {\n clientId: string;\n client: OAuth2ClientSkeleton;\n state: State;\n}) {\n const modClient = client;\n let modified = false;\n let finalGrantTypes = [];\n if (\n modClient.advancedOAuth2ClientConfig.grantTypes &&\n (modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings).value\n ) {\n finalGrantTypes = (\n modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings\n ).value.filter((grantType) => grantType !== 'client_credentials');\n modified =\n (modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings).value\n .length > finalGrantTypes.length;\n }\n if (modified) {\n printMessage({\n message: `Removing client credentials grant type from client \"${clientId}\"...`,\n state,\n });\n (modClient.advancedOAuth2ClientConfig.grantTypes as WritableStrings).value =\n finalGrantTypes;\n } else {\n printMessage({\n message: `Client \"${clientId}\" does not allow client credentials grant type.`,\n state,\n });\n }\n return modClient;\n}\n\nasync function removeAdminStaticUserMapping({\n name,\n state,\n}: {\n name: string;\n state: State;\n}) {\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n let finalRoles = [];\n let removeMapping = false;\n let modified = false;\n const mappings = authentication.rsFilter.staticUserMapping\n .map((mapping) => {\n // ignore mappings for other subjects\n if (mapping.subject !== name) {\n return mapping;\n }\n finalRoles = mapping.roles.filter((role) => !adminRoles.includes(role));\n const newMapping = mapping;\n removeMapping = finalRoles.length === 0; // if there are no more roles left on this mapping, flag it for removal\n modified = mapping.roles.length > finalRoles.length; // if there were roles removed, set modified flag\n newMapping.roles = finalRoles;\n return newMapping;\n })\n .filter((mapping) => mapping.subject !== name || !removeMapping);\n authentication.rsFilter.staticUserMapping = mappings;\n if (modified || removeMapping) {\n if (removeMapping) {\n printMessage({\n message: `Removing static user mapping for client \"${name}\"...`,\n state,\n });\n } else {\n printMessage({\n message: `Removing admin roles from static user mapping for client \"${name}\"...`,\n state,\n });\n }\n try {\n await putConfigEntity({\n entityId: 'authentication',\n entityData: authentication,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n } else {\n printMessage({\n message: `Static user mapping for client \"${name}\" has no admin roles.`,\n state,\n });\n }\n}\n\nexport async function revokeOAuth2ClientAdminPrivileges({\n clientId,\n state,\n}: {\n clientId: string;\n state: State;\n}) {\n let client = await getOAuth2Client({ clientId, state });\n if (client.coreOAuth2ClientConfig.clientName.value.length === 0) {\n client.coreOAuth2ClientConfig.clientName.value = [clientId];\n }\n if (\n client.advancedOAuth2ClientConfig.descriptions.value.length === 0 ||\n client.advancedOAuth2ClientConfig.descriptions.value[0].startsWith(\n 'Modified by Frodo'\n ) ||\n client.advancedOAuth2ClientConfig.descriptions.value[0].startsWith(\n 'Created by Frodo'\n )\n ) {\n client.advancedOAuth2ClientConfig.descriptions.value = [\n `Modified by Frodo on ${new Date().toLocaleString()}`,\n ];\n }\n client = await removeAdminScopes({ name: clientId, client, state });\n client = removeClientCredentialsGrantType({ clientId, client, state });\n await putOAuth2Client({ clientId, clientData: client, state });\n await removeAdminStaticUserMapping({ name: clientId, state });\n}\n\nexport async function createOAuth2ClientWithAdminPrivileges({\n clientId,\n clientSecret,\n state,\n}: {\n clientId: string;\n clientSecret: string;\n state: State;\n}) {\n let client = OAUTH2_CLIENT;\n client.coreOAuth2ClientConfig.userpassword = clientSecret;\n client.coreOAuth2ClientConfig.clientName.value = [clientId];\n client.advancedOAuth2ClientConfig.descriptions.value = [\n `Created by Frodo on ${new Date().toLocaleString()}`,\n ];\n try {\n client = await addAdminScopes({ clientId, client, state });\n await putOAuth2Client({ clientId, clientData: client, state });\n await addAdminStaticUserMapping({ name: clientId, state });\n } catch (error) {\n printMessage({\n message: `Error creating oauth2 client: ${error.message}`,\n state,\n type: 'error',\n });\n }\n}\n\nexport async function createLongLivedToken({\n clientId,\n clientSecret,\n scope,\n secret,\n lifetime,\n state,\n}: {\n clientId: string;\n clientSecret: string;\n scope: string;\n secret: string | boolean;\n lifetime: number;\n state: State;\n}) {\n // get oauth2 client\n const client = await getOAuth2Client({ clientId, state });\n client.userpassword = clientSecret;\n // remember current lifetime\n const rememberedLifetime =\n client.coreOAuth2ClientConfig.accessTokenLifetime.value || 3600;\n // set long token lifetime\n client.coreOAuth2ClientConfig.accessTokenLifetime.value = lifetime;\n await putOAuth2Client({ clientId, clientData: client, state });\n const response = await clientCredentialsGrant({\n amBaseUrl: state.getHost(),\n clientId,\n clientSecret,\n scope,\n state,\n });\n const expires = new Date().getTime() + 1000 * response.expires_in;\n response.expires_on = new Date(expires).toLocaleString();\n // reset token lifetime\n client.coreOAuth2ClientConfig.accessTokenLifetime.value = rememberedLifetime;\n await putOAuth2Client({ clientId, clientData: client, state });\n // create secret with token as value\n if (secret) {\n const description = 'Long-lived admin token';\n try {\n await putSecret({\n secretId: secret as string,\n value: response.access_token,\n description,\n state,\n });\n response.secret = secret;\n } catch (error) {\n if (\n _.get(error, 'response.data.code') === 400 &&\n _.get(error, 'response.data.message') ===\n 'Failed to create secret, the secret already exists'\n ) {\n const newSecret = `${secret}-${expires}`;\n printMessage({\n message: `esv '${secret}' already exists, using ${newSecret}`,\n type: 'warn',\n state,\n });\n await putSecret({\n secretId: newSecret,\n value: response.access_token,\n description,\n state,\n });\n response.secret = newSecret;\n }\n }\n delete response.access_token;\n }\n return response;\n}\n\nexport async function removeStaticUserMapping({\n subject,\n state,\n}: {\n subject: string;\n state: State;\n}) {\n const authentication = await getConfigEntity({\n entityId: 'authentication',\n state,\n });\n let removeMapping = false;\n const mappings = authentication.rsFilter.staticUserMapping.filter(\n (mapping) => {\n // find the subject and flag it\n if (mapping.subject === subject) {\n removeMapping = true;\n }\n // ignore mappings for other subjects\n return mapping.subject !== subject;\n }\n );\n authentication.rsFilter.staticUserMapping = mappings;\n if (removeMapping) {\n printMessage({\n message: `Removing static user mapping for subject \"${subject}\"...`,\n state,\n });\n try {\n await putConfigEntity({\n entityId: 'authentication',\n entityData: authentication,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n } else {\n printMessage({\n message: `No static user mapping for subject \"${subject}\" found.`,\n state,\n });\n }\n}\n\nexport async function hideGenericExtensionAttributes({\n includeCustomized,\n dryRun,\n state,\n}: {\n includeCustomized: boolean;\n dryRun: boolean;\n state: State;\n}) {\n const managed = await getConfigEntity({ entityId: 'managed', state });\n const propertyNames = Object.keys(GENERIC_EXTENSION_ATTRIBUTES);\n const updatedObjects = managed.objects.map((object) => {\n // ignore all other objects\n if (object.name !== getRealmManagedUser({ state })) {\n return object;\n }\n propertyNames.forEach((name) => {\n if (\n isEqualJson(\n GENERIC_EXTENSION_ATTRIBUTES[name],\n object.schema.properties[name],\n ['viewable', 'usageDescription']\n ) ||\n includeCustomized\n ) {\n if (object.schema.properties[name].viewable) {\n printMessage({ message: `${name}: hide`, state });\n // eslint-disable-next-line no-param-reassign\n object.schema.properties[name].viewable = false;\n } else {\n printMessage({ message: `${name}: ignore (already hidden)`, state });\n }\n } else {\n printMessage({ message: `${name}: skip (customized)`, state });\n }\n });\n return object;\n });\n managed.objects = updatedObjects;\n if (dryRun) {\n printMessage({ message: 'Dry-run only. Changes are not saved.', state });\n } else {\n try {\n await putConfigEntity({\n entityId: 'managed',\n entityData: managed,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n }\n}\n\nexport async function showGenericExtensionAttributes({\n includeCustomized,\n dryRun,\n state,\n}: {\n includeCustomized: boolean;\n dryRun: boolean;\n state: State;\n}) {\n const managed = await getConfigEntity({ entityId: 'managed', state });\n const propertyNames = Object.keys(GENERIC_EXTENSION_ATTRIBUTES);\n const updatedObjects = managed.objects.map((object) => {\n // ignore all other objects\n if (object.name !== getRealmManagedUser({ state })) {\n return object;\n }\n propertyNames.forEach((name) => {\n if (\n isEqualJson(\n GENERIC_EXTENSION_ATTRIBUTES[name],\n object.schema.properties[name],\n ['viewable', 'usageDescription']\n ) ||\n includeCustomized\n ) {\n if (!object.schema.properties[name].viewable) {\n printMessage({ message: `${name}: show`, state });\n // eslint-disable-next-line no-param-reassign\n object.schema.properties[name].viewable = true;\n } else {\n printMessage({ message: `${name}: ignore (already showing)`, state });\n }\n } else {\n printMessage({ message: `${name}: skip (customized)`, state });\n }\n });\n return object;\n });\n managed.objects = updatedObjects;\n if (dryRun) {\n printMessage({ message: 'Dry-run only. Changes are not saved.', state });\n } else {\n try {\n await putConfigEntity({\n entityId: 'managed',\n entityData: managed,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n }\n}\n\nasync function repairOrgModelUser({\n dryRun,\n state,\n}: {\n dryRun: boolean;\n state: State;\n}) {\n const managed = await getConfigEntity({ entityId: 'managed', state });\n const RDVPs = ['memberOfOrgIDs'];\n let repairData = false;\n const updatedObjects = managed.objects.map((object) => {\n // ignore all other objects\n if (object.name !== getRealmManagedUser({ state })) {\n return object;\n }\n printMessage({ message: `${object.name}: checking...`, state });\n RDVPs.forEach((name) => {\n if (!object.schema.properties[name].queryConfig.flattenProperties) {\n printMessage({\n message: `- ${name}: repairing - needs flattening`,\n type: 'warn',\n state,\n });\n // eslint-disable-next-line no-param-reassign\n object.schema.properties[name].queryConfig.flattenProperties = true;\n repairData = true;\n } else {\n printMessage({ message: `- ${name}: OK`, state });\n }\n });\n return object;\n });\n managed.objects = updatedObjects;\n if (!dryRun) {\n try {\n await putConfigEntity({\n entityId: 'managed',\n entityData: managed,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n }\n return repairData;\n}\n\nasync function repairOrgModelOrg({\n dryRun,\n state,\n}: {\n dryRun: boolean;\n state: State;\n}) {\n const managed = await getConfigEntity({ entityId: 'managed', state });\n const RDVPs = [\n 'adminIDs',\n 'ownerIDs',\n 'parentAdminIDs',\n 'parentOwnerIDs',\n 'parentIDs',\n ];\n let repairData = false;\n const updatedObjects = managed.objects.map((object) => {\n // ignore all other objects\n if (object.name !== getRealmManagedOrganization({ state })) {\n return object;\n }\n printMessage({ message: `${object.name}: checking...`, state });\n RDVPs.forEach((name) => {\n if (!object.schema.properties[name].queryConfig.flattenProperties) {\n printMessage({\n message: `- ${name}: repairing - needs flattening`,\n type: 'warn',\n state,\n });\n // eslint-disable-next-line no-param-reassign\n object.schema.properties[name].queryConfig.flattenProperties = true;\n repairData = true;\n } else {\n printMessage({ message: `- ${name}: OK`, state });\n }\n });\n return object;\n });\n managed.objects = updatedObjects;\n if (!dryRun) {\n try {\n await putConfigEntity({\n entityId: 'managed',\n entityData: managed,\n state,\n });\n } catch (putConfigEntityError) {\n printMessage({ message: putConfigEntityError, type: 'error', state });\n printMessage({\n message: `Error: ${putConfigEntityError}`,\n type: 'error',\n state,\n });\n }\n }\n return repairData;\n}\n\nasync function repairOrgModelData(dryRun = false) {\n if (!dryRun) {\n // const rootOrgs = await findRootOrganizations();\n }\n}\n\nasync function extendOrgModelPermissins(dryRun = false) {\n if (!dryRun) {\n // const rootOrgs = await findRootOrganizations();\n }\n}\n\nexport async function repairOrgModel({\n excludeCustomized,\n extendPermissions,\n dryRun,\n state,\n}: {\n excludeCustomized: boolean;\n extendPermissions: boolean;\n dryRun: boolean;\n state: State;\n}) {\n let repairData = false;\n repairData = repairData || (await repairOrgModelUser({ dryRun, state }));\n repairData = repairData || (await repairOrgModelOrg({ dryRun, state }));\n if (excludeCustomized) {\n //\n }\n if (repairData) {\n await repairOrgModelData(dryRun);\n }\n if (extendPermissions) {\n await extendOrgModelPermissins(dryRun);\n }\n if (dryRun) {\n printMessage({\n message: 'Dry-run only. Changes are not saved.',\n type: 'warn',\n state,\n });\n }\n}\n\n// suggested by John K.\n// export async function removeRealmNameFromManagedObjectLabels() {}\n// export async function addRealmNameToManagedObjectLabels() {}\n// export async function cleanUpPostmanArtifacts() {}\n// export async function createSampleThemes() {}\n"],"mappings":"AAAA,OAAOA,EAAE,MAAM,IAAI;AACnB,OAAOC,CAAC,MAAM,QAAQ;AAAC,SAErBC,gBAAgB,EAChBC,eAAe,EACfC,eAAe;AAAA,SAERC,eAAe,EAAEC,eAAe;AAAA,SAChCC,WAAW,EAAEC,mBAAmB;AAAA,SAChCC,2BAA2B;AAAA,SAC3BC,iBAAiB;AAAA,SACjBC,SAAS;AAAA,SACTC,sBAAsB;AAAA,SACtBC,YAAY;AACrB,OAAOC,IAAI,MAAM,MAAM;AACvB,SAASC,aAAa,QAAQ,KAAK;AA0CnC,gBAAgBC,KAAY,IAAY;EACtC,OAAO;IACL;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACI,MAAMC,uBAAuBA,CAAA,EAAG;MAC9B,OAAOA,uBAAuB,CAAC;QAAED;MAAM,CAAC,CAAC;IAC3C,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACI,MAAME,sBAAsBA,CAAA,EAAG;MAC7B,OAAOA,sBAAsB,CAAC;QAAEF;MAAM,CAAC,CAAC;IAC1C,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACI,MAAMG,oCAAoCA,CAACC,aAAsB,EAAE;MACjE,OAAOD,oCAAoC,CAAC;QAC1CC,aAAa;QACbJ;MACF,CAAC,CAAC;IACJ,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACI,MAAMK,0BAA0BA,CAAA,EAAG;MACjC,OAAOA,0BAA0B,CAAC;QAAEL;MAAM,CAAC,CAAC;IAC9C,CAAC;IAED,MAAMM,gCAAgCA,CAACC,QAAgB,EAAE;MACvD,OAAOD,gCAAgC,CAAC;QAAEC,QAAQ;QAAEP;MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,MAAMQ,iCAAiCA,CAACD,QAAgB,EAAE;MACxD,OAAOC,iCAAiC,CAAC;QAAED,QAAQ;QAAEP;MAAM,CAAC,CAAC;IAC/D,CAAC;IAED,MAAMS,qCAAqCA,CACzCF,QAAgB,EAChBG,YAAoB,EACpB;MACA,OAAOD,qCAAqC,CAAC;QAC3CF,QAAQ;QACRG,YAAY;QACZV;MACF,CAAC,CAAC;IACJ,CAAC;IAED,MAAMW,oBAAoBA,CACxBJ,QAAgB,EAChBG,YAAoB,EACpBE,KAAa,EACbC,MAAwB,EACxBC,QAAgB,EAChB;MACA,OAAOH,oBAAoB,CAAC;QAC1BJ,QAAQ;QACRG,YAAY;QACZE,KAAK;QACLC,MAAM;QACNC,QAAQ;QACRd;MACF,CAAC,CAAC;IACJ,CAAC;IAED,MAAMe,uBAAuBA,CAACC,OAAe,EAAE;MAC7C,OAAOD,uBAAuB,CAAC;QAAEC,OAAO;QAAEhB;MAAM,CAAC,CAAC;IACpD,CAAC;IAED,MAAMiB,8BAA8BA,CAClCC,iBAA0B,EAC1BC,MAAe,EACf;MACA,OAAOF,8BAA8B,CAAC;QACpCC,iBAAiB;QACjBC,MAAM;QACNnB;MACF,CAAC,CAAC;IACJ,CAAC;IAED,MAAMoB,8BAA8BA,CAClCF,iBAA0B,EAC1BC,MAAe,EACf;MACA,OAAOC,8BAA8B,CAAC;QACpCF,iBAAiB;QACjBC,MAAM;QACNnB;MACF,CAAC,CAAC;IACJ,CAAC;IAED,MAAMqB,cAAcA,CAClBC,iBAA0B,EAC1BC,iBAA0B,EAC1BJ,MAAe,EACf;MACA,OAAOE,cAAc,CAAC;QACpBC,iBAAiB;QACjBC,iBAAiB;QACjBJ,MAAM;QACNnB;MACF,CAAC,CAAC;IACJ;EACF,CAAC;AACH,CAAC;AAED,MAAMwB,SAAS,GAAG1B,IAAI,CAAC2B,OAAO,CAAC1B,aAAa,CAAC2B,MAAM,CAACC,IAAI,CAACC,GAAG,CAAC,CAAC;AAE9D,MAAMC,aAAa,GAAGC,IAAI,CAACC,KAAK,CAC9B/C,EAAE,CAACgD,YAAY,CACblC,IAAI,CAACmC,OAAO,CAACT,SAAS,EAAE,uCAAuC,CAAC,EAChE,MACF,CACF,CAAC;AACD,MAAMU,4BAA4B,GAAGJ,IAAI,CAACC,KAAK,CAC7C/C,EAAE,CAACgD,YAAY,CACblC,IAAI,CAACmC,OAAO,CACVT,SAAS,EACT,2DACF,CAAC,EACD,MACF,CACF,CAAC;AAED,MAAMW,gBAAgB,GAAG,CAAC,IAAI,EAAE,kBAAkB,CAAC;AACnD,MAAMC,iBAAiB,GAAG,CAAC,SAAS,EAAE,wBAAwB,CAAC;AAE/D,MAAMC,gBAAgB,GAAG,CACvB,0BAA0B,EAC1B,UAAU,EACV,cAAc,CACf;AACD;AACA,MAAMC,eAAe,GAAG,CACtB,kCAAkC,EAClC,6BAA6B,CAC9B;AAED,MAAMC,WAAW,GAAG,CAAC,UAAU,EAAE,cAAc,CAAC;AAChD,MAAMC,kBAAkB,GAAG,CAAC,UAAU,CAAC;AACvC,MAAMC,UAAU,GAAG,CACjB,kCAAkC,EAClC,6BAA6B,CAC9B;AACD,MAAMC,WAAW,GAAG,CAClB,qCAAqC,EACrC,kCAAkC,EAClC,6BAA6B,CAC9B;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAezC,uBAAuBA,CAAC;EAAED;AAAwB,CAAC,EAAE;EACzE,MAAM2C,OAAO,GAAG,MAAMzD,gBAAgB,CAAC;IAAEc;EAAM,CAAC,CAAC;EACjD,MAAM4C,SAAS,GAAGD,OAAO,CACtBE,GAAG,CAAEC,MAAM,IAAKA,MAAM,CAACC,GAAG,CAAC,CAC3BC,MAAM,CAAEF,MAAM,IAAK,CAACX,gBAAgB,CAACc,QAAQ,CAACH,MAAM,CAAC,CAAC;EACzD,MAAMI,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,MAAMoD,QAAQ,GAAGF,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CACvDT,GAAG,CAAEU,OAAO,IAAKA,OAAO,CAACvC,OAAO,CAAC,CACjCgC,MAAM,CAAEhC,OAAO,IAAK,CAACoB,iBAAiB,CAACa,QAAQ,CAACjC,OAAO,CAAC,CAAC;EAC5D,MAAMwC,YAAY,GAAGJ,QAAQ,CAACJ,MAAM,CAAEhC,OAAO,IAC3C4B,SAAS,CAACK,QAAQ,CAACjC,OAAO,CAC5B,CAAC;EACD,OAAOwC,YAAY;AACrB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAetD,sBAAsBA,CAAC;EAAEF;AAAwB,CAAC,EAAE;EACxE,MAAM2C,OAAO,GAAG,MAAMzD,gBAAgB,CAAC;IAAEc;EAAM,CAAC,CAAC;EACjD,MAAM4C,SAAS,GAAGD,OAAO,CACtBK,MAAM,CAAEF,MAAM,IAAK;IAClB;IACA,IAAIW,YAAY,GAAG,KAAK;IACxB,IAAIX,MAAM,CAACY,sBAAsB,CAACC,MAAM,EAAE;MACvCb,MAAM,CAACY,sBAAsB,CAACC,MAAM,CAAqBC,OAAO,CAC9DhD,KAAK,IAAK;QACT,IAAIyB,gBAAgB,CAACY,QAAQ,CAACrC,KAAK,CAAC,EAAE;UACpC6C,YAAY,GAAG,IAAI;QACrB;MACF,CACF,CAAC;IACH;IACA,OAAOA,YAAY;EACrB,CAAC,CAAC,CACDZ,GAAG,CAAEC,MAAM,IAAKA,MAAM,CAACC,GAAG,CAAC,CAC3BC,MAAM,CAAEzC,QAAQ,IAAK,CAAC4B,gBAAgB,CAACc,QAAQ,CAAC1C,QAAQ,CAAC,CAAC;EAC7D,MAAM2C,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,MAAMoD,QAAQ,GAAGF,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CACvDN,MAAM,CAAEO,OAAO,IAAK;IACnB,IAAIE,YAAY,GAAG,KAAK;IACxB,IAAIF,OAAO,CAACM,KAAK,EAAE;MACjBN,OAAO,CAACM,KAAK,CAACD,OAAO,CAAEE,IAAI,IAAK;QAC9B,IAAIxB,eAAe,CAACW,QAAQ,CAACa,IAAI,CAAC,EAAE;UAClCL,YAAY,GAAG,IAAI;QACrB;MACF,CAAC,CAAC;IACJ;IACA,OAAOA,YAAY;EACrB,CAAC,CAAC,CACDZ,GAAG,CAAEU,OAAO,IAAKA,OAAO,CAACvC,OAAO,CAAC,CACjCgC,MAAM,CAAEhC,OAAO,IAAK,CAACoB,iBAAiB,CAACa,QAAQ,CAACjC,OAAO,CAAC,CAAC;EAC5D,MAAMwC,YAAY,GAAGJ,QAAQ,CAACJ,MAAM,CAAEhC,OAAO,IAC3C4B,SAAS,CAACK,QAAQ,CAACjC,OAAO,CAC5B,CAAC;EACD,OAAOwC,YAAY;AACrB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAerD,oCAAoCA,CAAC;EACzDC,aAAa;EACbJ;AAIF,CAAC,EAAE;EACD,MAAM2C,OAAO,GAAG,MAAMzD,gBAAgB,CAAC;IAAEc;EAAM,CAAC,CAAC;EACjD,MAAM4C,SAAS,GAAGD,OAAO,CACtBE,GAAG,CAAEC,MAAM,IAAKA,MAAM,CAACC,GAAG,CAAC,CAC3BC,MAAM,CAAEF,MAAM,IAAK,CAACX,gBAAgB,CAACc,QAAQ,CAACH,MAAM,CAAC,CAAC;EACzD,MAAMI,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,IAAIoD,QAAQ,GAAGF,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CACrDN,MAAM,CAAEO,OAAO,IAAK;IACnB,IAAIE,YAAY,GAAG,KAAK;IACxB,IAAIF,OAAO,CAACM,KAAK,EAAE;MACjBN,OAAO,CAACM,KAAK,CAACD,OAAO,CAAEE,IAAI,IAAK;QAC9B,IAAIxB,eAAe,CAACW,QAAQ,CAACa,IAAI,CAAC,EAAE;UAClCL,YAAY,GAAG,IAAI;QACrB;MACF,CAAC,CAAC;IACJ;IACA,OAAOA,YAAY;EACrB,CAAC,CAAC,CACDZ,GAAG,CAAEU,OAAO,IAAKA,OAAO,CAACvC,OAAO,CAAC;EACpC,IAAI,CAACZ,aAAa,EAAE;IAClBgD,QAAQ,GAAGA,QAAQ,CAACJ,MAAM,CACvBhC,OAAO,IAAK,CAACoB,iBAAiB,CAACa,QAAQ,CAACjC,OAAO,CAClD,CAAC;EACH;EACA,MAAM+C,aAAa,GAAGX,QAAQ,CAACJ,MAAM,CAClChC,OAAO,IAAK,CAAC4B,SAAS,CAACK,QAAQ,CAACjC,OAAO,CAC1C,CAAC;EACD,OAAO+C,aAAa;AACtB;AAEA,eAAeC,iCAAiCA,CAAC;EAAEhE;AAAwB,CAAC,EAAE;EAC5E,MAAMiE,QAAQ,GAAG,MAAMvE,iBAAiB,CAAC;IAAEM;EAAM,CAAC,CAAC;EACnD,OAAOiE,QAAQ,CAACC,+BAA+B,CAC5CC,8BAA8B;AACnC;AAEA,eAAeC,cAAcA,CAAC;EAC5B7D,QAAQ;EACRuC,MAAM;EACN9C;AAKF,CAAC,EAAE;EACD,MAAMqE,SAAS,GAAGvB,MAAM;EACxB,MAAMwB,cAAc,GAAG/B,WAAW,CAACgC,MAAM,CAAC,CACxC,MAAMP,iCAAiC,CAAC;IAAEhE;EAAM,CAAC,CAAC,CACnD,CAAC;EACF,IAAIwE,SAAS,GAAG,EAAE;EAClB,IACEH,SAAS,CAACX,sBAAsB,CAACC,MAAM,IACtCU,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,EAClE;IACAD,SAAS,GAAGF,cAAc,CAACtB,MAAM,CAAEpC,KAAK,IAAK;MAC3C,IAAI8D,GAAG,GAAG,KAAK;MACf,IACE,CACEL,SAAS,CAACX,sBAAsB,CAACC,MAAM,CACvCc,KAAK,CAACxB,QAAQ,CAACrC,KAAK,CAAC,EACvB;QACA8D,GAAG,GAAG,IAAI;MACZ;MACA,OAAOA,GAAG;IACZ,CAAC,CAAC;IACDL,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,GAChEJ,SAAS,CAACX,sBAAsB,CAACC,MAAM,CACvCc,KAAK,CAACF,MAAM,CAACC,SAAS,CAAC;EAC3B,CAAC,MAAM;IACJH,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,GAChEH,cAAc;EAClB;EACA,IAAIK,eAAe,GAAG,KAAK;EAC3B,IACEN,SAAS,CAACX,sBAAsB,CAACkB,aAAa,IAC9CP,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,EACpD;IACA,IAAIJ,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,CAACI,MAAM,KAAK,CAAC,EAAE;MACrEF,eAAe,GAAG,IAAI;MACtBN,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,GAAGjC,kBAAkB;IAC3E,CAAC,MAAM;MACL3C,YAAY,CAAC;QACXiF,OAAO,EAAG,WAAUvE,QAAS,0EAAyE;QACtGP;MACF,CAAC,CAAC;IACJ;EACF;EACA,IAAIwE,SAAS,CAACK,MAAM,GAAG,CAAC,IAAIF,eAAe,EAAE;IAC3C9E,YAAY,CAAC;MACXiF,OAAO,EAAG,kCAAiCvE,QAAS,MAAK;MACzDP;IACF,CAAC,CAAC;EACJ,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,WAAUvE,QAAS,6BAA4B;MACzDP;IACF,CAAC,CAAC;EACJ;EACA,OAAOqE,SAAS;AAClB;AAEA,SAASU,6BAA6BA,CAAC;EACrCxE,QAAQ;EACRuC,MAAM;EACN9C;AAKF,CAAC,EAAE;EACD,MAAMqE,SAAS,GAAGvB,MAAM;EACxB,IAAIkC,QAAQ,GAAG,KAAK;EACpB,IACEX,SAAS,CAACY,0BAA0B,CAACC,UAAU,IAC9Cb,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAAqBT,KAAK,EAC1E;IACA,IACE,CACEJ,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAC/CT,KAAK,CAACxB,QAAQ,CAAC,oBAAoB,CAAC,EACtC;MACA+B,QAAQ,GAAG,IAAI;MAEbX,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAC/CT,KAAK,CAACU,IAAI,CAAC,oBAAoB,CAAC;IACpC;EACF,CAAC,MAAM;IACJd,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAAqBT,KAAK,GACxE,CAAC,oBAAoB,CAAC;EAC1B;EAEEJ,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAC/CE,SAAS,GAAG,KAAK;EACnB,IAAIJ,QAAQ,EAAE;IACZnF,YAAY,CAAC;MACXiF,OAAO,EAAG,mDAAkDvE,QAAS,MAAK;MAC1EP;IACF,CAAC,CAAC;EACJ,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,WAAUvE,QAAS,8CAA6C;MAC1EP;IACF,CAAC,CAAC;EACJ;EACA,OAAOqE,SAAS;AAClB;AAEA,eAAegB,yBAAyBA,CAAC;EACvCC,IAAI;EACJtF;AAIF,CAAC,EAAE;EACD,IAAIkD,cAAc,GAAG,CAAC,CAAC;EACvB,IAAI;IACFA,cAAc,GAAG,MAAM7D,eAAe,CAAC;MACrC8D,QAAQ,EAAE,gBAAgB;MAC1BnD;IACF,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOuF,KAAK,EAAE;IACd1F,YAAY,CAAC;MACXiF,OAAO,EAAG,mDAAkDS,KAAK,CAACT,OAAQ,EAAC;MAC3EU,IAAI,EAAE,OAAO;MACbxF;IACF,CAAC,CAAC;EACJ;EACA,IAAIyF,iBAAiB,GAAG,IAAI;EAC5B,IAAIC,QAAQ,GAAG,EAAE;EACjB,MAAMC,QAAQ,GAAGzC,cAAc,CAAC,UAAU,CAAC,CAAC,mBAAmB,CAAC,CAACL,GAAG,CACjEU,OAAO,IAAK;IACX;IACA,IAAIA,OAAO,CAACvC,OAAO,KAAKsE,IAAI,EAAE;MAC5B,OAAO/B,OAAO;IAChB;IACAkC,iBAAiB,GAAG,KAAK;IACzBC,QAAQ,GAAGjD,UAAU,CAACO,MAAM,CAAEc,IAAI,IAAK;MACrC,IAAIY,GAAG,GAAG,KAAK;MACf,IAAI,CAACnB,OAAO,CAACM,KAAK,CAACZ,QAAQ,CAACa,IAAI,CAAC,EAAE;QACjCY,GAAG,GAAG,IAAI;MACZ;MACA,OAAOA,GAAG;IACZ,CAAC,CAAC;IACF,MAAMkB,UAAU,GAAGrC,OAAO;IAC1BqC,UAAU,CAAC/B,KAAK,GAAG+B,UAAU,CAAC/B,KAAK,CAACU,MAAM,CAACmB,QAAQ,CAAC;IACpD,OAAOE,UAAU;EACnB,CACF,CAAC;EACD,IAAIH,iBAAiB,EAAE;IACrB5F,YAAY,CAAC;MACXiF,OAAO,EAAG,4CAA2CQ,IAAK,MAAK;MAC/DtF;IACF,CAAC,CAAC;IACF2F,QAAQ,CAACR,IAAI,CAAC;MACZnE,OAAO,EAAEsE,IAAI;MACbO,SAAS,EAAE,6BAA6B;MACxCC,SAAS,EAAE,cAAc;MACzBjC,KAAK,EAAEpB;IACT,CAAC,CAAC;EACJ;EACAS,cAAc,CAAC,UAAU,CAAC,CAAC,mBAAmB,CAAC,GAAGyC,QAAQ;EAC1D,IAAID,QAAQ,CAACb,MAAM,GAAG,CAAC,IAAIY,iBAAiB,EAAE;IAC5C5F,YAAY,CAAC;MACXiF,OAAO,EAAG,yDAAwDQ,IAAK,MAAK;MAC5EtF;IACF,CAAC,CAAC;IACF,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,gBAAgB;QAC1B4C,UAAU,EAAE7C,cAAc;QAC1BlD;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,mCAAkCQ,IAAK,4BAA2B;MAC5EtF;IACF,CAAC,CAAC;EACJ;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeK,0BAA0BA,CAAC;EAAEL;AAAwB,CAAC,EAAE;EAC5E,MAAMsF,IAAI,GAAG,wBAAwB;EACrC,MAAMpC,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,IAAIyF,iBAAiB,GAAG,IAAI;EAC5B,IAAIC,QAAQ,GAAG,EAAE;EACjB,MAAMC,QAAQ,GAAGzC,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CAACT,GAAG,CAAEU,OAAO,IAAK;IAC1E;IACA,IAAIA,OAAO,CAACvC,OAAO,KAAKsE,IAAI,EAAE;MAC5B,OAAO/B,OAAO;IAChB;IACAkC,iBAAiB,GAAG,KAAK;IACzBC,QAAQ,GAAGhD,WAAW,CAACM,MAAM,CAAEc,IAAI,IAAK;MACtC,IAAIY,GAAG,GAAG,KAAK;MACf,IAAI,CAACnB,OAAO,CAACM,KAAK,CAACZ,QAAQ,CAACa,IAAI,CAAC,EAAE;QACjCY,GAAG,GAAG,IAAI;MACZ;MACA,OAAOA,GAAG;IACZ,CAAC,CAAC;IACF,MAAMkB,UAAU,GAAGrC,OAAO;IAC1BqC,UAAU,CAAC/B,KAAK,GAAG+B,UAAU,CAAC/B,KAAK,CAACU,MAAM,CAACmB,QAAQ,CAAC;IACpD,OAAOE,UAAU;EACnB,CAAC,CAAC;EACF,IAAIH,iBAAiB,EAAE;IACrB5F,YAAY,CAAC;MACXiF,OAAO,EAAG,mDAAkDQ,IAAK,MAAK;MACtEtF;IACF,CAAC,CAAC;IACF2F,QAAQ,CAACR,IAAI,CAAC;MACZnE,OAAO,EAAEsE,IAAI;MACbO,SAAS,EAAE,gCAAgC;MAC3CC,SAAS,EAAE,cAAc;MACzBjC,KAAK,EAAEnB;IACT,CAAC,CAAC;EACJ;EACAQ,cAAc,CAACG,QAAQ,CAACC,iBAAiB,GAAGqC,QAAQ;EACpD,IAAID,QAAQ,CAACb,MAAM,GAAG,CAAC,IAAIY,iBAAiB,EAAE;IAC5C5F,YAAY,CAAC;MACXiF,OAAO,EAAG,mEAAkEQ,IAAK,MAAK;MACtFtF;IACF,CAAC,CAAC;IACF,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,gBAAgB;QAC1B4C,UAAU,EAAE7C,cAAc;QAC1BlD;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,0CAAyCQ,IAAK,mCAAkC;MAC1FtF;IACF,CAAC,CAAC;EACJ;AACF;AAEA,OAAO,eAAeM,gCAAgCA,CAAC;EACrDC,QAAQ;EACRP;AAIF,CAAC,EAAE;EACD,IAAI8C,MAAM,GAAG,MAAM3D,eAAe,CAAC;IAAEoB,QAAQ;IAAEP;EAAM,CAAC,CAAC;EACvD,IAAI8C,MAAM,CAACY,sBAAsB,CAACuC,UAAU,CAACxB,KAAK,CAACI,MAAM,KAAK,CAAC,EAAE;IAC/D/B,MAAM,CAACY,sBAAsB,CAACuC,UAAU,CAACxB,KAAK,GAAG,CAAClE,QAAQ,CAAC;EAC7D;EACA,IACEuC,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAACI,MAAM,KAAK,CAAC,IACjE/B,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAAC,CAAC,CAAC,CAAC0B,UAAU,CAChE,mBACF,CAAC,IACDrD,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAAC,CAAC,CAAC,CAAC0B,UAAU,CAChE,kBACF,CAAC,EACD;IACArD,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,GAAG,CACpD,wBAAuB,IAAI2B,IAAI,CAAC,CAAC,CAACC,cAAc,CAAC,CAAE,EAAC,CACtD;EACH;EACAvD,MAAM,GAAG,MAAMsB,cAAc,CAAC;IAAE7D,QAAQ;IAAEuC,MAAM;IAAE9C;EAAM,CAAC,CAAC;EAC1D8C,MAAM,GAAGiC,6BAA6B,CAAC;IAAExE,QAAQ;IAAEuC,MAAM;IAAE9C;EAAM,CAAC,CAAC;EACnE,MAAMZ,eAAe,CAAC;IAAEmB,QAAQ;IAAE+F,UAAU,EAAExD,MAAM;IAAE9C;EAAM,CAAC,CAAC;EAC9D,MAAMqF,yBAAyB,CAAC;IAAEC,IAAI,EAAE/E,QAAQ;IAAEP;EAAM,CAAC,CAAC;AAC5D;AAEA,eAAeuG,iBAAiBA,CAAC;EAC/BjB,IAAI;EACJxC,MAAM;EACN9C;AAKF,CAAC,EAAE;EACD,MAAMqE,SAAS,GAAGvB,MAAM;EACxB,MAAMwB,cAAc,GAAG/B,WAAW,CAACgC,MAAM,CAAC,CACxC,MAAMP,iCAAiC,CAAC;IAAEhE;EAAM,CAAC,CAAC,CACnD,CAAC;EACF,IAAIwG,WAAW,GAAG,EAAE;EACpB,IACEnC,SAAS,CAACX,sBAAsB,CAACC,MAAM,IACtCU,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,EAClE;IACA+B,WAAW,GACTnC,SAAS,CAACX,sBAAsB,CAACC,MAAM,CACvCc,KAAK,CAACzB,MAAM,CAAEpC,KAAK,IAAK,CAAC0D,cAAc,CAACrB,QAAQ,CAACrC,KAAK,CAAC,CAAC;EAC5D;EACA,IACGyD,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,CAACI,MAAM,GACzE2B,WAAW,CAAC3B,MAAM,EAClB;IACAhF,YAAY,CAAC;MACXiF,OAAO,EAAG,sCAAqCQ,IAAK,MAAK;MACzDtF;IACF,CAAC,CAAC;IACDqE,SAAS,CAACX,sBAAsB,CAACC,MAAM,CAAqBc,KAAK,GAChE+B,WAAW;EACf,CAAC,MAAM;IACL3G,YAAY,CAAC;MAAEiF,OAAO,EAAG,WAAUQ,IAAK,wBAAuB;MAAEtF;IAAM,CAAC,CAAC;EAC3E;EACA,IAAIyG,kBAAkB,GAAG,EAAE;EAC3B,IACEpC,SAAS,CAACX,sBAAsB,CAACkB,aAAa,IAC9CP,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,EACpD;IACAgC,kBAAkB,GAChBpC,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,CAACzB,MAAM,CACxDpC,KAAK,IAAK,CAAC4B,kBAAkB,CAACS,QAAQ,CAACrC,KAAK,CAC/C,CAAC;EACL;EACA,IACEyD,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,CAACI,MAAM,GAC3D4B,kBAAkB,CAAC5B,MAAM,EACzB;IACAhF,YAAY,CAAC;MACXiF,OAAO,EAAG,8CAA6CQ,IAAK,MAAK;MACjEtF;IACF,CAAC,CAAC;IACFqE,SAAS,CAACX,sBAAsB,CAACkB,aAAa,CAACH,KAAK,GAAGgC,kBAAkB;EAC3E,CAAC,MAAM;IACL5G,YAAY,CAAC;MACXiF,OAAO,EAAG,WAAUQ,IAAK,gCAA+B;MACxDtF;IACF,CAAC,CAAC;EACJ;EACA,OAAOqE,SAAS;AAClB;AAEA,SAASqC,gCAAgCA,CAAC;EACxCnG,QAAQ;EACRuC,MAAM;EACN9C;AAKF,CAAC,EAAE;EACD,MAAMqE,SAAS,GAAGvB,MAAM;EACxB,IAAIkC,QAAQ,GAAG,KAAK;EACpB,IAAI2B,eAAe,GAAG,EAAE;EACxB,IACEtC,SAAS,CAACY,0BAA0B,CAACC,UAAU,IAC9Cb,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAAqBT,KAAK,EAC1E;IACAkC,eAAe,GACbtC,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAC/CT,KAAK,CAACzB,MAAM,CAAE4D,SAAS,IAAKA,SAAS,KAAK,oBAAoB,CAAC;IACjE5B,QAAQ,GACLX,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAAqBT,KAAK,CACvEI,MAAM,GAAG8B,eAAe,CAAC9B,MAAM;EACtC;EACA,IAAIG,QAAQ,EAAE;IACZnF,YAAY,CAAC;MACXiF,OAAO,EAAG,uDAAsDvE,QAAS,MAAK;MAC9EP;IACF,CAAC,CAAC;IACDqE,SAAS,CAACY,0BAA0B,CAACC,UAAU,CAAqBT,KAAK,GACxEkC,eAAe;EACnB,CAAC,MAAM;IACL9G,YAAY,CAAC;MACXiF,OAAO,EAAG,WAAUvE,QAAS,iDAAgD;MAC7EP;IACF,CAAC,CAAC;EACJ;EACA,OAAOqE,SAAS;AAClB;AAEA,eAAewC,4BAA4BA,CAAC;EAC1CvB,IAAI;EACJtF;AAIF,CAAC,EAAE;EACD,MAAMkD,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,IAAI8G,UAAU,GAAG,EAAE;EACnB,IAAIC,aAAa,GAAG,KAAK;EACzB,IAAI/B,QAAQ,GAAG,KAAK;EACpB,MAAMW,QAAQ,GAAGzC,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CACvDT,GAAG,CAAEU,OAAO,IAAK;IAChB;IACA,IAAIA,OAAO,CAACvC,OAAO,KAAKsE,IAAI,EAAE;MAC5B,OAAO/B,OAAO;IAChB;IACAuD,UAAU,GAAGvD,OAAO,CAACM,KAAK,CAACb,MAAM,CAAEc,IAAI,IAAK,CAACrB,UAAU,CAACQ,QAAQ,CAACa,IAAI,CAAC,CAAC;IACvE,MAAM8B,UAAU,GAAGrC,OAAO;IAC1BwD,aAAa,GAAGD,UAAU,CAACjC,MAAM,KAAK,CAAC,CAAC,CAAC;IACzCG,QAAQ,GAAGzB,OAAO,CAACM,KAAK,CAACgB,MAAM,GAAGiC,UAAU,CAACjC,MAAM,CAAC,CAAC;IACrDe,UAAU,CAAC/B,KAAK,GAAGiD,UAAU;IAC7B,OAAOlB,UAAU;EACnB,CAAC,CAAC,CACD5C,MAAM,CAAEO,OAAO,IAAKA,OAAO,CAACvC,OAAO,KAAKsE,IAAI,IAAI,CAACyB,aAAa,CAAC;EAClE7D,cAAc,CAACG,QAAQ,CAACC,iBAAiB,GAAGqC,QAAQ;EACpD,IAAIX,QAAQ,IAAI+B,aAAa,EAAE;IAC7B,IAAIA,aAAa,EAAE;MACjBlH,YAAY,CAAC;QACXiF,OAAO,EAAG,4CAA2CQ,IAAK,MAAK;QAC/DtF;MACF,CAAC,CAAC;IACJ,CAAC,MAAM;MACLH,YAAY,CAAC;QACXiF,OAAO,EAAG,6DAA4DQ,IAAK,MAAK;QAChFtF;MACF,CAAC,CAAC;IACJ;IACA,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,gBAAgB;QAC1B4C,UAAU,EAAE7C,cAAc;QAC1BlD;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,mCAAkCQ,IAAK,uBAAsB;MACvEtF;IACF,CAAC,CAAC;EACJ;AACF;AAEA,OAAO,eAAeQ,iCAAiCA,CAAC;EACtDD,QAAQ;EACRP;AAIF,CAAC,EAAE;EACD,IAAI8C,MAAM,GAAG,MAAM3D,eAAe,CAAC;IAAEoB,QAAQ;IAAEP;EAAM,CAAC,CAAC;EACvD,IAAI8C,MAAM,CAACY,sBAAsB,CAACuC,UAAU,CAACxB,KAAK,CAACI,MAAM,KAAK,CAAC,EAAE;IAC/D/B,MAAM,CAACY,sBAAsB,CAACuC,UAAU,CAACxB,KAAK,GAAG,CAAClE,QAAQ,CAAC;EAC7D;EACA,IACEuC,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAACI,MAAM,KAAK,CAAC,IACjE/B,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAAC,CAAC,CAAC,CAAC0B,UAAU,CAChE,mBACF,CAAC,IACDrD,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,CAAC,CAAC,CAAC,CAAC0B,UAAU,CAChE,kBACF,CAAC,EACD;IACArD,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,GAAG,CACpD,wBAAuB,IAAI2B,IAAI,CAAC,CAAC,CAACC,cAAc,CAAC,CAAE,EAAC,CACtD;EACH;EACAvD,MAAM,GAAG,MAAMyD,iBAAiB,CAAC;IAAEjB,IAAI,EAAE/E,QAAQ;IAAEuC,MAAM;IAAE9C;EAAM,CAAC,CAAC;EACnE8C,MAAM,GAAG4D,gCAAgC,CAAC;IAAEnG,QAAQ;IAAEuC,MAAM;IAAE9C;EAAM,CAAC,CAAC;EACtE,MAAMZ,eAAe,CAAC;IAAEmB,QAAQ;IAAE+F,UAAU,EAAExD,MAAM;IAAE9C;EAAM,CAAC,CAAC;EAC9D,MAAM6G,4BAA4B,CAAC;IAAEvB,IAAI,EAAE/E,QAAQ;IAAEP;EAAM,CAAC,CAAC;AAC/D;AAEA,OAAO,eAAeS,qCAAqCA,CAAC;EAC1DF,QAAQ;EACRG,YAAY;EACZV;AAKF,CAAC,EAAE;EACD,IAAI8C,MAAM,GAAGjB,aAAa;EAC1BiB,MAAM,CAACY,sBAAsB,CAACsD,YAAY,GAAGtG,YAAY;EACzDoC,MAAM,CAACY,sBAAsB,CAACuC,UAAU,CAACxB,KAAK,GAAG,CAAClE,QAAQ,CAAC;EAC3DuC,MAAM,CAACmC,0BAA0B,CAACiB,YAAY,CAACzB,KAAK,GAAG,CACpD,uBAAsB,IAAI2B,IAAI,CAAC,CAAC,CAACC,cAAc,CAAC,CAAE,EAAC,CACrD;EACD,IAAI;IACFvD,MAAM,GAAG,MAAMsB,cAAc,CAAC;MAAE7D,QAAQ;MAAEuC,MAAM;MAAE9C;IAAM,CAAC,CAAC;IAC1D,MAAMZ,eAAe,CAAC;MAAEmB,QAAQ;MAAE+F,UAAU,EAAExD,MAAM;MAAE9C;IAAM,CAAC,CAAC;IAC9D,MAAMqF,yBAAyB,CAAC;MAAEC,IAAI,EAAE/E,QAAQ;MAAEP;IAAM,CAAC,CAAC;EAC5D,CAAC,CAAC,OAAOuF,KAAK,EAAE;IACd1F,YAAY,CAAC;MACXiF,OAAO,EAAG,iCAAgCS,KAAK,CAACT,OAAQ,EAAC;MACzD9E,KAAK;MACLwF,IAAI,EAAE;IACR,CAAC,CAAC;EACJ;AACF;AAEA,OAAO,eAAe7E,oBAAoBA,CAAC;EACzCJ,QAAQ;EACRG,YAAY;EACZE,KAAK;EACLC,MAAM;EACNC,QAAQ;EACRd;AAQF,CAAC,EAAE;EACD;EACA,MAAM8C,MAAM,GAAG,MAAM3D,eAAe,CAAC;IAAEoB,QAAQ;IAAEP;EAAM,CAAC,CAAC;EACzD8C,MAAM,CAACkE,YAAY,GAAGtG,YAAY;EAClC;EACA,MAAMuG,kBAAkB,GACtBnE,MAAM,CAACY,sBAAsB,CAACwD,mBAAmB,CAACzC,KAAK,IAAI,IAAI;EACjE;EACA3B,MAAM,CAACY,sBAAsB,CAACwD,mBAAmB,CAACzC,KAAK,GAAG3D,QAAQ;EAClE,MAAM1B,eAAe,CAAC;IAAEmB,QAAQ;IAAE+F,UAAU,EAAExD,MAAM;IAAE9C;EAAM,CAAC,CAAC;EAC9D,MAAMmH,QAAQ,GAAG,MAAMvH,sBAAsB,CAAC;IAC5CwH,SAAS,EAAEpH,KAAK,CAACqH,OAAO,CAAC,CAAC;IAC1B9G,QAAQ;IACRG,YAAY;IACZE,KAAK;IACLZ;EACF,CAAC,CAAC;EACF,MAAMsH,OAAO,GAAG,IAAIlB,IAAI,CAAC,CAAC,CAACmB,OAAO,CAAC,CAAC,GAAG,IAAI,GAAGJ,QAAQ,CAACK,UAAU;EACjEL,QAAQ,CAACM,UAAU,GAAG,IAAIrB,IAAI,CAACkB,OAAO,CAAC,CAACjB,cAAc,CAAC,CAAC;EACxD;EACAvD,MAAM,CAACY,sBAAsB,CAACwD,mBAAmB,CAACzC,KAAK,GAAGwC,kBAAkB;EAC5E,MAAM7H,eAAe,CAAC;IAAEmB,QAAQ;IAAE+F,UAAU,EAAExD,MAAM;IAAE9C;EAAM,CAAC,CAAC;EAC9D;EACA,IAAIa,MAAM,EAAE;IACV,MAAM6G,WAAW,GAAG,wBAAwB;IAC5C,IAAI;MACF,MAAM/H,SAAS,CAAC;QACdgI,QAAQ,EAAE9G,MAAgB;QAC1B4D,KAAK,EAAE0C,QAAQ,CAACS,YAAY;QAC5BF,WAAW;QACX1H;MACF,CAAC,CAAC;MACFmH,QAAQ,CAACtG,MAAM,GAAGA,MAAM;IAC1B,CAAC,CAAC,OAAO0E,KAAK,EAAE;MACd,IACEtG,CAAC,CAAC4I,GAAG,CAACtC,KAAK,EAAE,oBAAoB,CAAC,KAAK,GAAG,IAC1CtG,CAAC,CAAC4I,GAAG,CAACtC,KAAK,EAAE,uBAAuB,CAAC,KACnC,oDAAoD,EACtD;QACA,MAAMuC,SAAS,GAAI,GAAEjH,MAAO,IAAGyG,OAAQ,EAAC;QACxCzH,YAAY,CAAC;UACXiF,OAAO,EAAG,QAAOjE,MAAO,2BAA0BiH,SAAU,EAAC;UAC7DtC,IAAI,EAAE,MAAM;UACZxF;QACF,CAAC,CAAC;QACF,MAAML,SAAS,CAAC;UACdgI,QAAQ,EAAEG,SAAS;UACnBrD,KAAK,EAAE0C,QAAQ,CAACS,YAAY;UAC5BF,WAAW;UACX1H;QACF,CAAC,CAAC;QACFmH,QAAQ,CAACtG,MAAM,GAAGiH,SAAS;MAC7B;IACF;IACA,OAAOX,QAAQ,CAACS,YAAY;EAC9B;EACA,OAAOT,QAAQ;AACjB;AAEA,OAAO,eAAepG,uBAAuBA,CAAC;EAC5CC,OAAO;EACPhB;AAIF,CAAC,EAAE;EACD,MAAMkD,cAAc,GAAG,MAAM7D,eAAe,CAAC;IAC3C8D,QAAQ,EAAE,gBAAgB;IAC1BnD;EACF,CAAC,CAAC;EACF,IAAI+G,aAAa,GAAG,KAAK;EACzB,MAAMpB,QAAQ,GAAGzC,cAAc,CAACG,QAAQ,CAACC,iBAAiB,CAACN,MAAM,CAC9DO,OAAO,IAAK;IACX;IACA,IAAIA,OAAO,CAACvC,OAAO,KAAKA,OAAO,EAAE;MAC/B+F,aAAa,GAAG,IAAI;IACtB;IACA;IACA,OAAOxD,OAAO,CAACvC,OAAO,KAAKA,OAAO;EACpC,CACF,CAAC;EACDkC,cAAc,CAACG,QAAQ,CAACC,iBAAiB,GAAGqC,QAAQ;EACpD,IAAIoB,aAAa,EAAE;IACjBlH,YAAY,CAAC;MACXiF,OAAO,EAAG,6CAA4C9D,OAAQ,MAAK;MACnEhB;IACF,CAAC,CAAC;IACF,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,gBAAgB;QAC1B4C,UAAU,EAAE7C,cAAc;QAC1BlD;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF,CAAC,MAAM;IACLH,YAAY,CAAC;MACXiF,OAAO,EAAG,uCAAsC9D,OAAQ,UAAS;MACjEhB;IACF,CAAC,CAAC;EACJ;AACF;AAEA,OAAO,eAAeiB,8BAA8BA,CAAC;EACnDC,iBAAiB;EACjBC,MAAM;EACNnB;AAKF,CAAC,EAAE;EACD,MAAM+H,OAAO,GAAG,MAAM1I,eAAe,CAAC;IAAE8D,QAAQ,EAAE,SAAS;IAAEnD;EAAM,CAAC,CAAC;EACrE,MAAMgI,aAAa,GAAGC,MAAM,CAACC,IAAI,CAAChG,4BAA4B,CAAC;EAC/D,MAAMiG,cAAc,GAAGJ,OAAO,CAACK,OAAO,CAACvF,GAAG,CAAEwF,MAAM,IAAK;IACrD;IACA,IAAIA,MAAM,CAAC/C,IAAI,KAAK9F,mBAAmB,CAAC;MAAEQ;IAAM,CAAC,CAAC,EAAE;MAClD,OAAOqI,MAAM;IACf;IACAL,aAAa,CAACpE,OAAO,CAAE0B,IAAI,IAAK;MAC9B,IACE/F,WAAW,CACT2C,4BAA4B,CAACoD,IAAI,CAAC,EAClC+C,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,EAC9B,CAAC,UAAU,EAAE,kBAAkB,CACjC,CAAC,IACDpE,iBAAiB,EACjB;QACA,IAAImH,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACkD,QAAQ,EAAE;UAC3C3I,YAAY,CAAC;YAAEiF,OAAO,EAAG,GAAEQ,IAAK,QAAO;YAAEtF;UAAM,CAAC,CAAC;UACjD;UACAqI,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACkD,QAAQ,GAAG,KAAK;QACjD,CAAC,MAAM;UACL3I,YAAY,CAAC;YAAEiF,OAAO,EAAG,GAAEQ,IAAK,2BAA0B;YAAEtF;UAAM,CAAC,CAAC;QACtE;MACF,CAAC,MAAM;QACLH,YAAY,CAAC;UAAEiF,OAAO,EAAG,GAAEQ,IAAK,qBAAoB;UAAEtF;QAAM,CAAC,CAAC;MAChE;IACF,CAAC,CAAC;IACF,OAAOqI,MAAM;EACf,CAAC,CAAC;EACFN,OAAO,CAACK,OAAO,GAAGD,cAAc;EAChC,IAAIhH,MAAM,EAAE;IACVtB,YAAY,CAAC;MAAEiF,OAAO,EAAE,sCAAsC;MAAE9E;IAAM,CAAC,CAAC;EAC1E,CAAC,MAAM;IACL,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,SAAS;QACnB4C,UAAU,EAAEgC,OAAO;QACnB/H;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF;AACF;AAEA,OAAO,eAAeoB,8BAA8BA,CAAC;EACnDF,iBAAiB;EACjBC,MAAM;EACNnB;AAKF,CAAC,EAAE;EACD,MAAM+H,OAAO,GAAG,MAAM1I,eAAe,CAAC;IAAE8D,QAAQ,EAAE,SAAS;IAAEnD;EAAM,CAAC,CAAC;EACrE,MAAMgI,aAAa,GAAGC,MAAM,CAACC,IAAI,CAAChG,4BAA4B,CAAC;EAC/D,MAAMiG,cAAc,GAAGJ,OAAO,CAACK,OAAO,CAACvF,GAAG,CAAEwF,MAAM,IAAK;IACrD;IACA,IAAIA,MAAM,CAAC/C,IAAI,KAAK9F,mBAAmB,CAAC;MAAEQ;IAAM,CAAC,CAAC,EAAE;MAClD,OAAOqI,MAAM;IACf;IACAL,aAAa,CAACpE,OAAO,CAAE0B,IAAI,IAAK;MAC9B,IACE/F,WAAW,CACT2C,4BAA4B,CAACoD,IAAI,CAAC,EAClC+C,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,EAC9B,CAAC,UAAU,EAAE,kBAAkB,CACjC,CAAC,IACDpE,iBAAiB,EACjB;QACA,IAAI,CAACmH,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACkD,QAAQ,EAAE;UAC5C3I,YAAY,CAAC;YAAEiF,OAAO,EAAG,GAAEQ,IAAK,QAAO;YAAEtF;UAAM,CAAC,CAAC;UACjD;UACAqI,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACkD,QAAQ,GAAG,IAAI;QAChD,CAAC,MAAM;UACL3I,YAAY,CAAC;YAAEiF,OAAO,EAAG,GAAEQ,IAAK,4BAA2B;YAAEtF;UAAM,CAAC,CAAC;QACvE;MACF,CAAC,MAAM;QACLH,YAAY,CAAC;UAAEiF,OAAO,EAAG,GAAEQ,IAAK,qBAAoB;UAAEtF;QAAM,CAAC,CAAC;MAChE;IACF,CAAC,CAAC;IACF,OAAOqI,MAAM;EACf,CAAC,CAAC;EACFN,OAAO,CAACK,OAAO,GAAGD,cAAc;EAChC,IAAIhH,MAAM,EAAE;IACVtB,YAAY,CAAC;MAAEiF,OAAO,EAAE,sCAAsC;MAAE9E;IAAM,CAAC,CAAC;EAC1E,CAAC,MAAM;IACL,IAAI;MACF,MAAMV,eAAe,CAAC;QACpB6D,QAAQ,EAAE,SAAS;QACnB4C,UAAU,EAAEgC,OAAO;QACnB/H;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF;AACF;AAEA,eAAeyI,kBAAkBA,CAAC;EAChCtH,MAAM;EACNnB;AAIF,CAAC,EAAE;EACD,MAAM+H,OAAO,GAAG,MAAM1I,eAAe,CAAC;IAAE8D,QAAQ,EAAE,SAAS;IAAEnD;EAAM,CAAC,CAAC;EACrE,MAAM0I,KAAK,GAAG,CAAC,gBAAgB,CAAC;EAChC,IAAIC,UAAU,GAAG,KAAK;EACtB,MAAMR,cAAc,GAAGJ,OAAO,CAACK,OAAO,CAACvF,GAAG,CAAEwF,MAAM,IAAK;IACrD;IACA,IAAIA,MAAM,CAAC/C,IAAI,KAAK9F,mBAAmB,CAAC;MAAEQ;IAAM,CAAC,CAAC,EAAE;MAClD,OAAOqI,MAAM;IACf;IACAxI,YAAY,CAAC;MAAEiF,OAAO,EAAG,GAAEuD,MAAM,CAAC/C,IAAK,eAAc;MAAEtF;IAAM,CAAC,CAAC;IAC/D0I,KAAK,CAAC9E,OAAO,CAAE0B,IAAI,IAAK;MACtB,IAAI,CAAC+C,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACsD,WAAW,CAACC,iBAAiB,EAAE;QACjEhJ,YAAY,CAAC;UACXiF,OAAO,EAAG,KAAIQ,IAAK,gCAA+B;UAClDE,IAAI,EAAE,MAAM;UACZxF;QACF,CAAC,CAAC;QACF;QACAqI,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACsD,WAAW,CAACC,iBAAiB,GAAG,IAAI;QACnEF,UAAU,GAAG,IAAI;MACnB,CAAC,MAAM;QACL9I,YAAY,CAAC;UAAEiF,OAAO,EAAG,KAAIQ,IAAK,MAAK;UAAEtF;QAAM,CAAC,CAAC;MACnD;IACF,CAAC,CAAC;IACF,OAAOqI,MAAM;EACf,CAAC,CAAC;EACFN,OAAO,CAACK,OAAO,GAAGD,cAAc;EAChC,IAAI,CAAChH,MAAM,EAAE;IACX,IAAI;MACF,MAAM7B,eAAe,CAAC;QACpB6D,QAAQ,EAAE,SAAS;QACnB4C,UAAU,EAAEgC,OAAO;QACnB/H;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF;EACA,OAAO2I,UAAU;AACnB;AAEA,eAAeG,iBAAiBA,CAAC;EAC/B3H,MAAM;EACNnB;AAIF,CAAC,EAAE;EACD,MAAM+H,OAAO,GAAG,MAAM1I,eAAe,CAAC;IAAE8D,QAAQ,EAAE,SAAS;IAAEnD;EAAM,CAAC,CAAC;EACrE,MAAM0I,KAAK,GAAG,CACZ,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,CACZ;EACD,IAAIC,UAAU,GAAG,KAAK;EACtB,MAAMR,cAAc,GAAGJ,OAAO,CAACK,OAAO,CAACvF,GAAG,CAAEwF,MAAM,IAAK;IACrD;IACA,IAAIA,MAAM,CAAC/C,IAAI,KAAK7F,2BAA2B,CAAC;MAAEO;IAAM,CAAC,CAAC,EAAE;MAC1D,OAAOqI,MAAM;IACf;IACAxI,YAAY,CAAC;MAAEiF,OAAO,EAAG,GAAEuD,MAAM,CAAC/C,IAAK,eAAc;MAAEtF;IAAM,CAAC,CAAC;IAC/D0I,KAAK,CAAC9E,OAAO,CAAE0B,IAAI,IAAK;MACtB,IAAI,CAAC+C,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACsD,WAAW,CAACC,iBAAiB,EAAE;QACjEhJ,YAAY,CAAC;UACXiF,OAAO,EAAG,KAAIQ,IAAK,gCAA+B;UAClDE,IAAI,EAAE,MAAM;UACZxF;QACF,CAAC,CAAC;QACF;QACAqI,MAAM,CAACC,MAAM,CAACC,UAAU,CAACjD,IAAI,CAAC,CAACsD,WAAW,CAACC,iBAAiB,GAAG,IAAI;QACnEF,UAAU,GAAG,IAAI;MACnB,CAAC,MAAM;QACL9I,YAAY,CAAC;UAAEiF,OAAO,EAAG,KAAIQ,IAAK,MAAK;UAAEtF;QAAM,CAAC,CAAC;MACnD;IACF,CAAC,CAAC;IACF,OAAOqI,MAAM;EACf,CAAC,CAAC;EACFN,OAAO,CAACK,OAAO,GAAGD,cAAc;EAChC,IAAI,CAAChH,MAAM,EAAE;IACX,IAAI;MACF,MAAM7B,eAAe,CAAC;QACpB6D,QAAQ,EAAE,SAAS;QACnB4C,UAAU,EAAEgC,OAAO;QACnB/H;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOgG,oBAAoB,EAAE;MAC7BnG,YAAY,CAAC;QAAEiF,OAAO,EAAEkB,oBAAoB;QAAER,IAAI,EAAE,OAAO;QAAExF;MAAM,CAAC,CAAC;MACrEH,YAAY,CAAC;QACXiF,OAAO,EAAG,UAASkB,oBAAqB,EAAC;QACzCR,IAAI,EAAE,OAAO;QACbxF;MACF,CAAC,CAAC;IACJ;EACF;EACA,OAAO2I,UAAU;AACnB;AAEA,eAAeI,kBAAkBA,CAAC5H,MAAM,GAAG,KAAK,EAAE;EAChD,IAAI,CAACA,MAAM,EAAE;IACX;EAAA;AAEJ;AAEA,eAAe6H,wBAAwBA,CAAC7H,MAAM,GAAG,KAAK,EAAE;EACtD,IAAI,CAACA,MAAM,EAAE;IACX;EAAA;AAEJ;AAEA,OAAO,eAAeE,cAAcA,CAAC;EACnCC,iBAAiB;EACjBC,iBAAiB;EACjBJ,MAAM;EACNnB;AAMF,CAAC,EAAE;EACD,IAAI2I,UAAU,GAAG,KAAK;EACtBA,UAAU,GAAGA,UAAU,KAAK,MAAMF,kBAAkB,CAAC;IAAEtH,MAAM;IAAEnB;EAAM,CAAC,CAAC,CAAC;EACxE2I,UAAU,GAAGA,UAAU,KAAK,MAAMG,iBAAiB,CAAC;IAAE3H,MAAM;IAAEnB;EAAM,CAAC,CAAC,CAAC;EACvE,IAAIsB,iBAAiB,EAAE;IACrB;EAAA;EAEF,IAAIqH,UAAU,EAAE;IACd,MAAMI,kBAAkB,CAAC5H,MAAM,CAAC;EAClC;EACA,IAAII,iBAAiB,EAAE;IACrB,MAAMyH,wBAAwB,CAAC7H,MAAM,CAAC;EACxC;EACA,IAAIA,MAAM,EAAE;IACVtB,YAAY,CAAC;MACXiF,OAAO,EAAE,sCAAsC;MAC/CU,IAAI,EAAE,MAAM;MACZxF;IACF,CAAC,CAAC;EACJ;AACF;;AAEA;AACA;AACA;AACA;AACA"}