@rockcarver/frodo-lib 2.0.0-66 → 2.0.0-67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/build.zip +0 -0
  2. package/cjs/ops/AuthenticateOps.js +5 -1
  3. package/cjs/ops/AuthenticateOps.js.map +1 -1
  4. package/esm/ops/AuthenticateOps.js +6 -2
  5. package/esm/ops/AuthenticateOps.js.map +1 -1
  6. package/package.json +1 -1
  7. package/types/ops/AuthenticateOps.d.ts.map +1 -1
package/build.zip CHANGED
Binary file
package/cjs/ops/AuthenticateOps.js CHANGED
@@ -892,7 +892,11 @@ function scheduleAutoRefresh(forceLoginAsUser, autoRefresh, state) {
892
892
  var expires = state.getDeploymentType() === _Constants.default.CLASSIC_DEPLOYMENT_TYPE_KEY ? (_state$getUserSession = state.getUserSessionTokenMeta()) === null || _state$getUserSession === void 0 ? void 0 : _state$getUserSession.expires : state.getUseBearerTokenForAmApis() ? (_state$getBearerToken = state.getBearerTokenMeta()) === null || _state$getBearerToken === void 0 ? void 0 : _state$getBearerToken.expires : Math.min((_state$getBearerToken2 = state.getBearerTokenMeta()) === null || _state$getBearerToken2 === void 0 ? void 0 : _state$getBearerToken2.expires, (_state$getUserSession2 = state.getUserSessionTokenMeta()) === null || _state$getUserSession2 === void 0 ? void 0 : _state$getUserSession2.expires);
893
893
  var timeout = expires - Date.now() - 1000 * 25;
894
894
  if (timeout < 1000 * 30) {
895
- throw new Error("Auto-refresh scheduling error: timeout below threshold of 30 seconds: ".concat(Math.ceil(timeout)));
895
+ (0, _Console.debugMessage)({
896
+ message: "Timeout below threshold of 30 seconds (".concat(Math.ceil(timeout / 1000), "), resetting timeout to 10ms."),
897
+ state
898
+ });
899
+ if (timeout < 10) timeout = 10;
896
900
  }
897
901
  (0, _Console.debugMessage)({
898
902
  message: "AuthenticateOps.scheduleAutoRefresh: set new timer [".concat(Math.floor(timeout / 1000), "s (").concat(new Date(timeout).getMinutes(), "m ").concat(new Date(timeout).getSeconds(), "s)]"),
package/cjs/ops/AuthenticateOps.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AuthenticateOps.js","names":["_crypto","require","_readlineSync","_interopRequireDefault","_url","_uuid","_AuthenticateApi","_ServerInfoApi","_Constants","_Base64Utils","_Console","_ExportImportUtils","_ServiceAccountOps","_ConnectionProfileOps","_JoseOps","_OAuth2OidcOps","_SessionOps","_TokenCacheOps","obj","__esModule","default","asyncGeneratorStep","gen","resolve","reject","_next","_throw","key","arg","info","value","error","done","Promise","then","_asyncToGenerator","fn","self","args","arguments","apply","err","undefined","_default","state","getTokens","_arguments","forceLoginAsUser","length","autoRefresh","getAccessTokenForServiceAccount","_arguments2","saId","saJwk","access_token","getFreshSaBearerToken","exports","adminClientPassword","redirectUrlTemplate","cloudIdmAdminScopes","forgeopsIdmAdminScopes","serviceAccountScopes","fidcClientId","forgeopsClientId","adminClientId","determineCookieName","_x","_determineCookieName","data","getServerInfo","debugMessage","message","concat","cookieName","checkAndHandle2FA","payload","callback","callbacks","type","localAuth","output","provider","input","includes","nextStep","need2fa","factor","supported","printMessage","code","readlineSync","question","getUsername","getPassword","determineDefaultRealm","getRealm","Constants","DEFAULT_REALM_KEY","setRealm","DEPLOYMENT_TYPE_REALM_MAP","getDeploymentType","determineDeploymentType","_x2","_determineDeploymentType","cookieValue","getCookieValue","deploymentType","CLOUD_DEPLOYMENT_TYPE_KEY","FORGEOPS_DEPLOYMENT_TYPE_KEY","CLASSIC_DEPLOYMENT_TYPE_KEY","getUseBearerTokenForAmApis","verifier","encodeBase64Url","randomBytes","challenge","createHash","update","digest","challengeMethod","redirectURL","url","getHost","config","maxRedirects","headers","getCookieName","bodyFormData","authorize","amBaseUrl","e","_e$response","_e$response$headers","response","status","location","indexOf","verboseMessage","ex","_ex$response","_ex$response$headers","getSemanticVersion","versionInfo","versionString","version","rx","match","Error","getFreshUserSessionToken","_x3","_getFreshUserSessionToken","_ref","step","body","skip2FA","steps","maxSteps","sessionInfo","getSessionInfo","tokenId","Date","parse","maxIdleExpirationTime","getUserSessionToken","_x4","_getUserSessionToken","token","getUseTokenCache","hasUserSessionToken","readUserSessionToken","from_cache","saveUserSessionToken","getAuthCode","_x5","_x6","_x7","_x8","_getAuthCode","codeChallenge","codeChallengeMethod","_response$headers","redirectLocationURL","queryObject","query","_error$response","stack","getFreshUserBearerToken","_x9","_getFreshUserBearerToken","_ref2","authCode","auth","username","password","accessToken","_error$response2","getUserBearerToken","_x10","_getUserBearerToken","hasUserBearerToken","readUserBearerToken","saveUserBearerToken","createPayload","serviceAccountId","host","u","parseUrl","aud","origin","port","protocol","pathname","exp","Math","floor","getTime","jti","v4","iss","sub","_x11","_getFreshSaBearerToken","_ref3","getServiceAccountId","getServiceAccountJwk","jwt","createSignedJwtToken","getSaBearerToken","_x12","_getSaBearerToken","_ref4","hasSaBearerToken","readSaBearerToken","saveSaBearerToken","determineDeploymentTypeAndDefaultRealmAndVersion","_x13","_determineDeploymentTypeAndDefaultRealmAndVersion","setDeploymentType","getServerVersionInfo","fullVersion","setAmVersion","getLoggedInSubject","_x14","_getLoggedInSubject","subjectString","name","getServiceAccount","scheduleAutoRefresh","timer","getAutoRefreshTimer","clearTimeout","_state$getUserSession","_state$getBearerToken","_state$getBearerToken2","_state$getUserSession2","expires","getUserSessionTokenMeta","getBearerTokenMeta","min","timeout","now","ceil","getMinutes","getSeconds","setTimeout","setAutoRefreshTimer","unref","_x15","_getTokens","_ref5","conn","getConnectionProfile","setHost","tenant","setUsername","setPassword","setAuthenticationService","authenticationService","setAuthenticationHeaderOverrides","authenticationHeaderOverrides","setServiceAccountId","svcacctId","setServiceAccountJwk","svcacctJwk","isValidUrl","setCookieName","setBearerTokenMeta","setUseBearerTokenForAmApis","saErr","_saErr$response","_saErr$response2","_saErr$response3","getState","error_description","setUserSessionTokenMeta","getBearerToken","_state$getBearerToken3","_state$getUserSession3","_error$response3","_error$response4","_error$response5"],"sources":["../../src/ops/AuthenticateOps.ts"],"sourcesContent":["import { createHash, randomBytes } from 'crypto';\nimport readlineSync from 'readline-sync';\nimport url from 'url';\nimport { v4 } from 'uuid';\n\nimport { step } from '../api/AuthenticateApi';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport Constants from '../shared/Constants';\nimport { State } from '../shared/State';\nimport { encodeBase64Url } from '../utils/Base64Utils';\nimport { debugMessage, printMessage, verboseMessage } from '../utils/Console';\nimport { isValidUrl, parseUrl } from '../utils/ExportImportUtils';\nimport { getServiceAccount } from './cloud/ServiceAccountOps';\nimport { getConnectionProfile } from './ConnectionProfileOps';\nimport { createSignedJwtToken, JwkRsa } from './JoseOps';\nimport {\n accessToken,\n type AccessTokenMetaType,\n authorize,\n} from './OAuth2OidcOps';\nimport { getSessionInfo } from './SessionOps';\nimport {\n hasSaBearerToken,\n hasUserBearerToken,\n hasUserSessionToken,\n readSaBearerToken,\n readUserBearerToken,\n readUserSessionToken,\n saveSaBearerToken,\n saveUserBearerToken,\n saveUserSessionToken,\n} from './TokenCacheOps';\n\nexport type Authenticate = {\n /**\n * Get tokens and stores them in State\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\n getTokens(\n forceLoginAsUser?: boolean,\n autoRefresh?: boolean\n ): Promise<boolean>;\n\n // Deprecated\n /**\n * Get access token for service account\n * @param {string} saId optional service account id\n * @param {JwkRsa} saJwk optional service account JWK\n * @returns {string | null} Access token or null\n * @deprecated since v2.0.0 use {@link Authenticate.getTokens | getTokens} instead\n * ```javascript\n * getTokens(): Promise<boolean>\n * ```\n * @group Deprecated\n */\n getAccessTokenForServiceAccount(\n saId?: string,\n saJwk?: JwkRsa\n ): Promise<string | null>;\n};\n\nexport default (state: State): Authenticate => {\n return {\n async getTokens(forceLoginAsUser = false, autoRefresh = true) {\n return getTokens({ forceLoginAsUser, autoRefresh, state });\n },\n\n // Deprecated\n async getAccessTokenForServiceAccount(\n saId: string = undefined,\n saJwk: JwkRsa = undefined\n ): Promise<string | null> {\n const { access_token } = await getFreshSaBearerToken({\n saId,\n saJwk,\n state,\n });\n return access_token;\n },\n };\n};\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst cloudIdmAdminScopes = 'openid fr:idm:* fr:idc:esv:*';\nconst forgeopsIdmAdminScopes = 'openid fr:idm:*';\nconst serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';\n\nconst fidcClientId = 'idmAdminClient';\nconst forgeopsClientId = 'idm-admin-ui';\nlet adminClientId = fidcClientId;\n\n/**\n * Helper function to get cookie name\n * @param {State} state library state\n * @returns {string} cookie name\n */\nasync function determineCookieName(state: State) {\n const data = await getServerInfo({ state });\n debugMessage({\n message: `AuthenticateOps.determineCookieName: cookieName=${data.cookieName}`,\n state,\n });\n return data.cookieName;\n}\n\n/**\n * Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @param {State} state library state\n * @returns {Object} an object indicating if 2fa is required and the original payload\n */\nfunction checkAndHandle2FA(payload, state: State) {\n debugMessage({ message: `AuthenticateOps.checkAndHandle2FA: start`, state });\n // let skippable = false;\n if ('callbacks' in payload) {\n for (const callback of payload.callbacks) {\n // select localAuthentication if Admin Federation is enabled\n if (callback.type === 'SelectIdPCallback') {\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: Admin federation enabled. Allowed providers:`,\n state,\n });\n let localAuth = false;\n for (const value of callback.output[0].value) {\n debugMessage({ message: `${value.provider}`, state });\n if (value.provider === 'localAuthentication') {\n localAuth = true;\n }\n }\n if (localAuth) {\n debugMessage({ message: `local auth allowed`, state });\n callback.input[0].value = 'localAuthentication';\n } else {\n debugMessage({ message: `local auth NOT allowed`, state });\n }\n }\n if (callback.type === 'HiddenValueCallback') {\n if (callback.input[0].value.includes('skip')) {\n // skippable = true;\n callback.input[0].value = 'Skip';\n // debugMessage(\n // `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=true]`\n // );\n // return {\n // nextStep: true,\n // need2fa: true,\n // factor: 'None',\n // supported: true,\n // payload,\n // };\n }\n if (callback.input[0].value.includes('webAuthnOutcome')) {\n // webauthn!!!\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, unsupported factor: webauthn]`,\n state,\n });\n return {\n nextStep: false,\n need2fa: true,\n factor: 'WebAuthN',\n supported: false,\n payload,\n };\n }\n }\n if (callback.type === 'NameCallback') {\n if (callback.output[0].value.includes('code')) {\n // skippable = false;\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: need2fa=true, skippable=false`,\n state,\n });\n printMessage({\n message: '2FA is enabled and required for this user...',\n state,\n });\n const code = readlineSync.question(`${callback.output[0].value}: `);\n callback.input[0].value = code;\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=false, factor=Code]`,\n state,\n });\n return {\n nextStep: true,\n need2fa: true,\n factor: 'Code',\n supported: true,\n payload,\n };\n } else {\n // answer callback\n callback.input[0].value = state.getUsername();\n }\n }\n if (callback.type === 'PasswordCallback') {\n // answer callback\n callback.input[0].value = state.getPassword();\n }\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: true,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: false,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n}\n\n/**\n * Helper function to set the default realm by deployment type\n * @param {State} state library state\n */\nfunction determineDefaultRealm(state: State) {\n if (!state.getRealm() || state.getRealm() === Constants.DEFAULT_REALM_KEY) {\n state.setRealm(\n Constants.DEPLOYMENT_TYPE_REALM_MAP[state.getDeploymentType()]\n );\n }\n}\n\n/**\n * Helper function to determine the deployment type\n * @param {State} state library state\n * @returns {Promise<string>} deployment type\n */\nasync function determineDeploymentType(state: State): Promise<string> {\n const cookieValue = state.getCookieValue();\n let deploymentType = state.getDeploymentType();\n\n switch (deploymentType) {\n case Constants.CLOUD_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n case Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY:\n adminClientId = forgeopsClientId;\n return deploymentType;\n\n case Constants.CLASSIC_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n // detect deployment type\n default: {\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${cloudIdmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n deploymentType = Constants.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage({\n message: `ForgeRock Identity Cloud`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${forgeopsIdmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage({\n message: `ForgeOps deployment`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage({\n message: `Classic deployment`['brightCyan'] + ` detected.`,\n state,\n });\n }\n }\n }\n }\n return deploymentType;\n }\n }\n}\n\n/**\n * Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n */\nfunction getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d])*)/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\nexport type UserSessionMetaType = {\n tokenId: string;\n successUrl: string;\n realm: string;\n expires: number;\n from_cache?: boolean;\n};\n\n/**\n * Helper function to authenticate and obtain and store session cookie\n * @param {State} state library state\n * @returns {string} Session token or null\n */\nasync function getFreshUserSessionToken({\n state,\n}: {\n state: State;\n}): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: start`,\n state,\n });\n const config = {\n headers: {\n 'X-OpenAM-Username': state.getUsername(),\n 'X-OpenAM-Password': state.getPassword(),\n },\n };\n let response = await step({ body: {}, config, state });\n\n let skip2FA = null;\n let steps = 0;\n const maxSteps = 3;\n do {\n skip2FA = checkAndHandle2FA(response, state);\n\n // throw exception if 2fa required but factor not supported by frodo (e.g. WebAuthN)\n if (!skip2FA.supported) {\n throw new Error(`Unsupported 2FA factor: ${skip2FA.factor}`);\n }\n\n if (skip2FA.nextStep) {\n steps++;\n response = await step({ body: skip2FA.payload, state });\n }\n\n if ('tokenId' in response) {\n response['from_cache'] = false;\n // get session expiration\n const sessionInfo = await getSessionInfo({\n tokenId: response['tokenId'],\n state,\n });\n response['expires'] = Date.parse(sessionInfo.maxIdleExpirationTime);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [tokenId=${response['tokenId']}]`,\n state,\n });\n debugMessage({\n message: response,\n state,\n });\n return response as UserSessionMetaType;\n }\n } while (skip2FA.nextStep && steps < maxSteps);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [no session]`,\n state,\n });\n return null;\n}\n\n/**\n * Helper function to obtain user session token\n * @param {State} state library state\n * @returns {Promise<UserSessionMetaType>} session token or null\n */\nasync function getUserSessionToken(state: State): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: start`,\n state,\n });\n let token: UserSessionMetaType = null;\n if (state.getUseTokenCache() && (await hasUserSessionToken({ state }))) {\n try {\n token = await readUserSessionToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: cached`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: failed cache read`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserSessionToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: fresh`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserSessionToken({ token, state });\n }\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: end`,\n state,\n });\n return token;\n}\n\n/**\n * Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @param {State} state library state\n * @returns {string} oauth2 authorization code or null\n */\nasync function getAuthCode(\n redirectURL: string,\n codeChallenge: string,\n codeChallengeMethod: string,\n state: State\n) {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${\n state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY\n ? cloudIdmAdminScopes\n : forgeopsIdmAdminScopes\n }&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (error) {\n response = error.response;\n if (response.status < 200 || response.status > 399) {\n printMessage({\n message: 'error getting auth code',\n type: 'error',\n state,\n });\n printMessage({\n message: response.data,\n type: 'error',\n state,\n });\n return null;\n }\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code;\n }\n printMessage({ message: 'auth code not found', type: 'error', state });\n return null;\n } catch (error) {\n printMessage({\n message: `error getting auth code - ${error.message}`,\n type: 'error',\n state,\n });\n printMessage({ message: error.response?.data, type: 'error', state });\n debugMessage({ message: error.stack, state });\n return null;\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getFreshUserBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: start`,\n state,\n });\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(\n redirectURL,\n challenge,\n challengeMethod,\n state\n );\n if (authCode == null) {\n printMessage({\n message: 'error getting auth code',\n type: 'error',\n state,\n });\n return null;\n }\n let response: AccessTokenMetaType = null;\n if (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n }\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: end with token`,\n state,\n });\n return response;\n }\n printMessage({\n message: 'No access token in response.',\n type: 'error',\n state,\n });\n } catch (error) {\n debugMessage({\n message: `Error getting access token for user: ${error}`,\n state,\n });\n debugMessage({ message: error.response?.data, state });\n }\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: end without token`,\n state,\n });\n return null;\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getUserBearerToken(state: State): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasUserBearerToken({ state }))) {\n try {\n token = await readUserBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserBearerToken({ token, state });\n }\n return token;\n}\n\nfunction createPayload(serviceAccountId: string, host: string) {\n const u = parseUrl(host);\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/**\n * Get fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getFreshSaBearerToken({\n saId = undefined,\n saJwk = undefined,\n state,\n}: {\n saId?: string;\n saJwk?: JwkRsa;\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: start`,\n state,\n });\n saId = saId ? saId : state.getServiceAccountId();\n saJwk = saJwk ? saJwk : state.getServiceAccountJwk();\n const payload = createPayload(saId, state.getHost());\n const jwt = await createSignedJwtToken(payload, saJwk);\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;\n const response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end`,\n state,\n });\n return response;\n }\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end [No access token in response]`,\n state,\n });\n return null;\n}\n\n/**\n * Get cached or fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getSaBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasSaBearerToken({ state }))) {\n try {\n token = await readSaBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshSaBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveSaBearerToken({ token, state });\n }\n return token;\n}\n\n/**\n * Helper function to determine deployment type, default realm, and version and update library state\n * @param state library state\n */\nasync function determineDeploymentTypeAndDefaultRealmAndVersion(\n state: State\n): Promise<void> {\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`,\n state,\n });\n state.setDeploymentType(await determineDeploymentType(state));\n determineDefaultRealm(state);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`,\n state,\n });\n\n const versionInfo = await getServerVersionInfo({ state });\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage({ message: `Full version: ${versionInfo.fullVersion}`, state });\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`,\n state,\n });\n}\n\n/**\n * Get logged-in subject\n * @param {State} state library state\n * @returns {string} a string identifying subject type and id\n */\nasync function getLoggedInSubject(state: State): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n try {\n const name = (\n await getServiceAccount({\n serviceAccountId: state.getServiceAccountId(),\n state,\n })\n ).name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n } catch (error) {\n subjectString = `service account ${state.getServiceAccountId()}`;\n }\n }\n return subjectString;\n}\n\n/**\n * Helper method to set, reset, or cancel timer to auto refresh tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n */\nfunction scheduleAutoRefresh(\n forceLoginAsUser: boolean,\n autoRefresh: boolean,\n state: State\n) {\n let timer = state.getAutoRefreshTimer();\n // clear existing timer\n if (timer) {\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: cancel existing timer`,\n state,\n });\n clearTimeout(timer);\n }\n // new timer\n if (autoRefresh) {\n const expires =\n state.getDeploymentType() === Constants.CLASSIC_DEPLOYMENT_TYPE_KEY\n ? state.getUserSessionTokenMeta()?.expires\n : state.getUseBearerTokenForAmApis()\n ? state.getBearerTokenMeta()?.expires\n : Math.min(\n state.getBearerTokenMeta()?.expires,\n state.getUserSessionTokenMeta()?.expires\n );\n const timeout = expires - Date.now() - 1000 * 25;\n if (timeout < 1000 * 30) {\n throw new Error(\n `Auto-refresh scheduling error: timeout below threshold of 30 seconds: ${Math.ceil(\n timeout\n )}`\n );\n }\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: set new timer [${Math.floor(\n timeout / 1000\n )}s (${new Date(timeout).getMinutes()}m ${new Date(\n timeout\n ).getSeconds()}s)]`,\n state,\n });\n timer = setTimeout(getTokens, timeout, {\n forceLoginAsUser,\n autoRefresh,\n state,\n // Volker's Visual Studio Code doesn't want to have it any other way.\n }) as unknown as NodeJS.Timeout;\n state.setAutoRefreshTimer(timer);\n timer.unref();\n }\n}\n\n/**\n * Get tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\nexport async function getTokens({\n forceLoginAsUser = false,\n autoRefresh = true,\n state,\n}: {\n forceLoginAsUser?: boolean;\n autoRefresh?: boolean;\n state: State;\n}): Promise<boolean> {\n debugMessage({ message: `AuthenticateOps.getTokens: start`, state });\n if (!state.getHost()) {\n printMessage({\n message: `No host specified and FRODO_HOST env variable not set!`,\n type: 'error',\n state,\n });\n return false;\n }\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile({ state });\n if (conn) {\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n } else {\n return false;\n }\n }\n\n // if host is not a valid URL, try to locate a valid URL and deployment type from connections.json\n if (!isValidUrl(state.getHost())) {\n const conn = await getConnectionProfile({ state });\n if (conn) {\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n } else {\n return false;\n }\n }\n\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName(state));\n\n // use service account to login?\n if (\n !forceLoginAsUser &&\n state.getServiceAccountId() &&\n state.getServiceAccountJwk()\n ) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`,\n state,\n });\n try {\n const token = await getSaBearerToken({ state });\n state.setBearerTokenMeta(token);\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n } catch (saErr) {\n debugMessage({ message: saErr.response?.data || saErr, state });\n debugMessage({ message: state.getState(), state });\n throw new Error(\n `Service account login error: ${\n saErr.response?.data?.error_description ||\n saErr.response?.data?.message ||\n saErr\n }`\n );\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`,\n state,\n });\n const token = await getUserSessionToken(state);\n if (token) state.setUserSessionTokenMeta(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n if (\n state.getCookieValue() &&\n // !state.getBearerToken() &&\n (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY ||\n state.getDeploymentType() === Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getUserBearerToken(state);\n if (accessToken) state.setBearerTokenMeta(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n printMessage({\n message: `Incomplete or no credentials!`,\n type: 'error',\n state,\n });\n return false;\n }\n if (\n state.getCookieValue() ||\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n if (state.getBearerTokenMeta()?.from_cache) {\n verboseMessage({ message: `Using cached bearer token.`, state });\n }\n if (\n !state.getUseBearerTokenForAmApis() &&\n state.getUserSessionTokenMeta()?.from_cache\n ) {\n verboseMessage({ message: `Using cached session token.`, state });\n }\n printMessage({\n message: `Connected to ${state.getHost()} [${\n state.getRealm() ? state.getRealm() : 'root'\n }] as ${await getLoggedInSubject(state)}`,\n type: 'info',\n state,\n });\n scheduleAutoRefresh(forceLoginAsUser, autoRefresh, state);\n debugMessage({\n message: `AuthenticateOps.getTokens: end with tokens`,\n state,\n });\n return true;\n }\n } catch (error) {\n // regular error\n printMessage({ message: error.message, type: 'error', state });\n // axios error am api\n printMessage({\n message: error.response?.data?.message,\n type: 'error',\n state,\n });\n // axios error am oauth2 api\n printMessage({\n message: error.response?.data?.error_description,\n type: 'error',\n state,\n });\n // axios error data\n debugMessage({ message: error.response?.data, state });\n // stack trace\n debugMessage({ message: error.stack || new Error().stack, state });\n }\n debugMessage({\n message: `AuthenticateOps.getTokens: end without tokens`,\n state,\n });\n return false;\n}\n"],"mappings":";;;;;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,aAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,IAAA,GAAAD,sBAAA,CAAAF,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAA0B,IAAAK,gBAAA,GAAAL,OAAA;AAAA,IAAAM,cAAA,GAAAN,OAAA;AAAA,IAAAO,UAAA,GAAAL,sBAAA,CAAAF,OAAA;AAAA,IAAAQ,YAAA,GAAAR,OAAA;AAAA,IAAAS,QAAA,GAAAT,OAAA;AAAA,IAAAU,kBAAA,GAAAV,OAAA;AAAA,IAAAW,kBAAA,GAAAX,OAAA;AAAA,IAAAY,qBAAA,GAAAZ,OAAA;AAAA,IAAAa,QAAA,GAAAb,OAAA;AAAA,IAAAc,cAAA,GAAAd,OAAA;AAAA,IAAAe,WAAA,GAAAf,OAAA;AAAA,IAAAgB,cAAA,GAAAhB,OAAA;AAAA,SAAAE,uBAAAe,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,mBAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,GAAA,EAAAC,GAAA,cAAAC,IAAA,GAAAP,GAAA,CAAAK,GAAA,EAAAC,GAAA,OAAAE,KAAA,GAAAD,IAAA,CAAAC,KAAA,WAAAC,KAAA,IAAAP,MAAA,CAAAO,KAAA,iBAAAF,IAAA,CAAAG,IAAA,IAAAT,OAAA,CAAAO,KAAA,YAAAG,OAAA,CAAAV,OAAA,CAAAO,KAAA,EAAAI,IAAA,CAAAT,KAAA,EAAAC,MAAA;AAAA,SAAAS,kBAAAC,EAAA,6BAAAC,IAAA,SAAAC,IAAA,GAAAC,SAAA,aAAAN,OAAA,WAAAV,OAAA,EAAAC,MAAA,QAAAF,GAAA,GAAAc,EAAA,CAAAI,KAAA,CAAAH,IAAA,EAAAC,IAAA,YAAAb,MAAAK,KAAA,IAAAT,kBAAA,CAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,UAAAI,KAAA,cAAAJ,OAAAe,GAAA,IAAApB,kBAAA,CAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,WAAAe,GAAA,KAAAhB,KAAA,CAAAiB,SAAA;AAAA,IAAAC,QAAA,GA4DVC,KAAY,IAAmB;EAC7C,OAAO;IACCC,SAASA,CAAA,EAA+C;MAAA,IAAAC,UAAA,GAAAP,SAAA;MAAA,OAAAJ,iBAAA;QAAA,IAA9CY,gBAAgB,GAAAD,UAAA,CAAAE,MAAA,QAAAF,UAAA,QAAAJ,SAAA,GAAAI,UAAA,MAAG,KAAK;QAAA,IAAEG,WAAW,GAAAH,UAAA,CAAAE,MAAA,QAAAF,UAAA,QAAAJ,SAAA,GAAAI,UAAA,MAAG,IAAI;QAC1D,OAAOD,SAAS,CAAC;UAAEE,gBAAgB;UAAEE,WAAW;UAAEL;QAAM,CAAC,CAAC;MAAC;IAC7D,CAAC;IAED;IACMM,+BAA+BA,CAAA,EAGX;MAAA,IAAAC,WAAA,GAAAZ,SAAA;MAAA,OAAAJ,iBAAA;QAAA,IAFxBiB,IAAY,GAAAD,WAAA,CAAAH,MAAA,QAAAG,WAAA,QAAAT,SAAA,GAAAS,WAAA,MAAGT,SAAS;QAAA,IACxBW,KAAa,GAAAF,WAAA,CAAAH,MAAA,QAAAG,WAAA,QAAAT,SAAA,GAAAS,WAAA,MAAGT,SAAS;QAEzB,IAAM;UAAEY;QAAa,CAAC,SAASC,qBAAqB,CAAC;UACnDH,IAAI;UACJC,KAAK;UACLT;QACF,CAAC,CAAC;QACF,OAAOU,YAAY;MAAC;IACtB;EACF,CAAC;AACH,CAAC;AAAAE,OAAA,CAAApC,OAAA,GAAAuB,QAAA;AAED,IAAMc,mBAAmB,GAAG,eAAe;AAC3C,IAAMC,mBAAmB,GAAG,sCAAsC;AAElE,IAAMC,mBAAmB,GAAG,8BAA8B;AAC1D,IAAMC,sBAAsB,GAAG,iBAAiB;AAChD,IAAMC,oBAAoB,GAAG,+BAA+B;AAE5D,IAAMC,YAAY,GAAG,gBAAgB;AACrC,IAAMC,gBAAgB,GAAG,cAAc;AACvC,IAAIC,aAAa,GAAGF,YAAY;;AAEhC;AACA;AACA;AACA;AACA;AAJA,SAKeG,mBAAmBA,CAAAC,EAAA;EAAA,OAAAC,oBAAA,CAAA3B,KAAA,OAAAD,SAAA;AAAA;AASlC;AACA;AACA;AACA;AACA;AACA;AALA,SAAA4B,qBAAA;EAAAA,oBAAA,GAAAhC,iBAAA,CATA,WAAmCS,KAAY,EAAE;IAC/C,IAAMwB,IAAI,SAAS,IAAAC,4BAAa,EAAC;MAAEzB;IAAM,CAAC,CAAC;IAC3C,IAAA0B,qBAAY,EAAC;MACXC,OAAO,qDAAAC,MAAA,CAAqDJ,IAAI,CAACK,UAAU,CAAE;MAC7E7B;IACF,CAAC,CAAC;IACF,OAAOwB,IAAI,CAACK,UAAU;EACxB,CAAC;EAAA,OAAAN,oBAAA,CAAA3B,KAAA,OAAAD,SAAA;AAAA;AAQD,SAASmC,iBAAiBA,CAACC,OAAO,EAAE/B,KAAY,EAAE;EAChD,IAAA0B,qBAAY,EAAC;IAAEC,OAAO,4CAA4C;IAAE3B;EAAM,CAAC,CAAC;EAC5E;EACA,IAAI,WAAW,IAAI+B,OAAO,EAAE;IAC1B,KAAK,IAAMC,QAAQ,IAAID,OAAO,CAACE,SAAS,EAAE;MACxC;MACA,IAAID,QAAQ,CAACE,IAAI,KAAK,mBAAmB,EAAE;QACzC,IAAAR,qBAAY,EAAC;UACXC,OAAO,mFAAmF;UAC1F3B;QACF,CAAC,CAAC;QACF,IAAImC,SAAS,GAAG,KAAK;QACrB,KAAK,IAAMjD,KAAK,IAAI8C,QAAQ,CAACI,MAAM,CAAC,CAAC,CAAC,CAAClD,KAAK,EAAE;UAC5C,IAAAwC,qBAAY,EAAC;YAAEC,OAAO,KAAAC,MAAA,CAAK1C,KAAK,CAACmD,QAAQ,CAAE;YAAErC;UAAM,CAAC,CAAC;UACrD,IAAId,KAAK,CAACmD,QAAQ,KAAK,qBAAqB,EAAE;YAC5CF,SAAS,GAAG,IAAI;UAClB;QACF;QACA,IAAIA,SAAS,EAAE;UACb,IAAAT,qBAAY,EAAC;YAAEC,OAAO,sBAAsB;YAAE3B;UAAM,CAAC,CAAC;UACtDgC,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,GAAG,qBAAqB;QACjD,CAAC,MAAM;UACL,IAAAwC,qBAAY,EAAC;YAAEC,OAAO,0BAA0B;YAAE3B;UAAM,CAAC,CAAC;QAC5D;MACF;MACA,IAAIgC,QAAQ,CAACE,IAAI,KAAK,qBAAqB,EAAE;QAC3C,IAAIF,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,CAACqD,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC5C;UACAP,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,GAAG,MAAM;UAChC;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;QACF;QACA,IAAI8C,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,CAACqD,QAAQ,CAAC,iBAAiB,CAAC,EAAE;UACvD;UACA,IAAAb,qBAAY,EAAC;YACXC,OAAO,uFAAuF;YAC9F3B;UACF,CAAC,CAAC;UACF,OAAO;YACLwC,QAAQ,EAAE,KAAK;YACfC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,UAAU;YAClBC,SAAS,EAAE,KAAK;YAChBZ;UACF,CAAC;QACH;MACF;MACA,IAAIC,QAAQ,CAACE,IAAI,KAAK,cAAc,EAAE;QACpC,IAAIF,QAAQ,CAACI,MAAM,CAAC,CAAC,CAAC,CAAClD,KAAK,CAACqD,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC7C;UACA,IAAAb,qBAAY,EAAC;YACXC,OAAO,oEAAoE;YAC3E3B;UACF,CAAC,CAAC;UACF,IAAA4C,qBAAY,EAAC;YACXjB,OAAO,EAAE,8CAA8C;YACvD3B;UACF,CAAC,CAAC;UACF,IAAM6C,IAAI,GAAGC,qBAAY,CAACC,QAAQ,IAAAnB,MAAA,CAAII,QAAQ,CAACI,MAAM,CAAC,CAAC,CAAC,CAAClD,KAAK,OAAI,CAAC;UACnE8C,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,GAAG2D,IAAI;UAC9B,IAAAnB,qBAAY,EAAC;YACXC,OAAO,uFAAuF;YAC9F3B;UACF,CAAC,CAAC;UACF,OAAO;YACLwC,QAAQ,EAAE,IAAI;YACdC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,MAAM;YACdC,SAAS,EAAE,IAAI;YACfZ;UACF,CAAC;QACH,CAAC,MAAM;UACL;UACAC,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,GAAGc,KAAK,CAACgD,WAAW,CAAC,CAAC;QAC/C;MACF;MACA,IAAIhB,QAAQ,CAACE,IAAI,KAAK,kBAAkB,EAAE;QACxC;QACAF,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,GAAGc,KAAK,CAACiD,WAAW,CAAC,CAAC;MAC/C;IACF;IACA,IAAAvB,qBAAY,EAAC;MACXC,OAAO,0DAA0D;MACjE3B;IACF,CAAC,CAAC;IACF;IACA,OAAO;MACLwC,QAAQ,EAAE,IAAI;MACdC,OAAO,EAAE,KAAK;MACdC,MAAM,EAAE,MAAM;MACdC,SAAS,EAAE,IAAI;MACfZ;IACF,CAAC;EACH;EACA,IAAAL,qBAAY,EAAC;IACXC,OAAO,0DAA0D;IACjE3B;EACF,CAAC,CAAC;EACF;EACA,OAAO;IACLwC,QAAQ,EAAE,KAAK;IACfC,OAAO,EAAE,KAAK;IACdC,MAAM,EAAE,MAAM;IACdC,SAAS,EAAE,IAAI;IACfZ;EACF,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA,SAASmB,qBAAqBA,CAAClD,KAAY,EAAE;EAC3C,IAAI,CAACA,KAAK,CAACmD,QAAQ,CAAC,CAAC,IAAInD,KAAK,CAACmD,QAAQ,CAAC,CAAC,KAAKC,kBAAS,CAACC,iBAAiB,EAAE;IACzErD,KAAK,CAACsD,QAAQ,CACZF,kBAAS,CAACG,yBAAyB,CAACvD,KAAK,CAACwD,iBAAiB,CAAC,CAAC,CAC/D,CAAC;EACH;AACF;;AAEA;AACA;AACA;AACA;AACA;AAJA,SAKeC,uBAAuBA,CAAAC,GAAA;EAAA,OAAAC,wBAAA,CAAA/D,KAAA,OAAAD,SAAA;AAAA;AAyFtC;AACA;AACA;AACA;AACA;AAJA,SAAAgE,yBAAA;EAAAA,wBAAA,GAAApE,iBAAA,CAzFA,WAAuCS,KAAY,EAAmB;IACpE,IAAM4D,WAAW,GAAG5D,KAAK,CAAC6D,cAAc,CAAC,CAAC;IAC1C,IAAIC,cAAc,GAAG9D,KAAK,CAACwD,iBAAiB,CAAC,CAAC;IAE9C,QAAQM,cAAc;MACpB,KAAKV,kBAAS,CAACW,yBAAyB;QACtC,OAAOD,cAAc;MAEvB,KAAKV,kBAAS,CAACY,4BAA4B;QACzC5C,aAAa,GAAGD,gBAAgB;QAChC,OAAO2C,cAAc;MAEvB,KAAKV,kBAAS,CAACa,2BAA2B;QACxC,OAAOH,cAAc;;MAEvB;MACA;QAAS;UACP;UACA,IAAI9D,KAAK,CAACkE,0BAA0B,CAAC,CAAC,EACpC,OAAOd,kBAAS,CAACW,yBAAyB;UAE5C,IAAMI,QAAQ,GAAG,IAAAC,4BAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;UACjD,IAAMC,SAAS,GAAG,IAAAF,4BAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,CAAC,CAC/C,CAAC;UACD,IAAMC,eAAe,GAAG,MAAM;UAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACjG,OAAO,CAACqB,KAAK,CAAC6E,OAAO,CAAC,CAAC,EAAE/D,mBAAmB,CAAC;UAErE,IAAMgE,MAAM,GAAG;YACbC,YAAY,EAAE,CAAC;YACfC,OAAO,EAAE;cACP,CAAChF,KAAK,CAACiF,aAAa,CAAC,CAAC,GAAGjF,KAAK,CAAC6D,cAAc,CAAC;YAChD;UACF,CAAC;UACD,IAAIqB,YAAY,mBAAAtD,MAAA,CAAmB+C,WAAW,aAAA/C,MAAA,CAAUb,mBAAmB,oCAAAa,MAAA,CAAiCV,YAAY,YAAAU,MAAA,CAASgC,WAAW,qCAAAhC,MAAA,CAAkC0C,SAAS,6BAAA1C,MAAA,CAA0B8C,eAAe,CAAE;UAElOZ,cAAc,GAAGV,kBAAS,CAACa,2BAA2B;UACtD,IAAI;YACF,MAAM,IAAAkB,wBAAS,EAAC;cACdC,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;cAC1BrD,IAAI,EAAE0D,YAAY;cAClBJ,MAAM;cACN9E;YACF,CAAC,CAAC;UACJ,CAAC,CAAC,OAAOqF,CAAC,EAAE;YAAA,IAAAC,WAAA,EAAAC,mBAAA;YACV;YACA,IACE,EAAAD,WAAA,GAAAD,CAAC,CAACG,QAAQ,cAAAF,WAAA,uBAAVA,WAAA,CAAYG,MAAM,MAAK,GAAG,IAC1B,EAAAF,mBAAA,GAAAF,CAAC,CAACG,QAAQ,CAACR,OAAO,cAAAO,mBAAA,gBAAAA,mBAAA,GAAlBA,mBAAA,CAAoBG,QAAQ,cAAAH,mBAAA,uBAA5BA,mBAAA,CAA8BI,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACnD;cACA,IAAAC,uBAAc,EAAC;gBACbjE,OAAO,EAAE,2BAA2B,YAAY,CAAC,eAAe;gBAChE3B;cACF,CAAC,CAAC;cACF8D,cAAc,GAAGV,kBAAS,CAACW,yBAAyB;YACtD,CAAC,MAAM;cACL,IAAI;gBACFmB,YAAY,mBAAAtD,MAAA,CAAmB+C,WAAW,aAAA/C,MAAA,CAAUZ,sBAAsB,oCAAAY,MAAA,CAAiCT,gBAAgB,YAAAS,MAAA,CAAS5B,KAAK,CAAC6D,cAAc,CAAC,CAAC,qCAAAjC,MAAA,CAAkC0C,SAAS,6BAAA1C,MAAA,CAA0B8C,eAAe,CAAE;gBAChP,MAAM,IAAAS,wBAAS,EAAC;kBACdC,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;kBAC1BrD,IAAI,EAAE0D,YAAY;kBAClBJ,MAAM;kBACN9E;gBACF,CAAC,CAAC;cACJ,CAAC,CAAC,OAAO6F,EAAE,EAAE;gBAAA,IAAAC,YAAA,EAAAC,oBAAA;gBACX,IACE,EAAAD,YAAA,GAAAD,EAAE,CAACL,QAAQ,cAAAM,YAAA,uBAAXA,YAAA,CAAaL,MAAM,MAAK,GAAG,IAC3B,EAAAM,oBAAA,GAAAF,EAAE,CAACL,QAAQ,CAACR,OAAO,cAAAe,oBAAA,gBAAAA,oBAAA,GAAnBA,oBAAA,CAAqBL,QAAQ,cAAAK,oBAAA,uBAA7BA,oBAAA,CAA+BJ,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACpD;kBACAvE,aAAa,GAAGD,gBAAgB;kBAChC,IAAAyE,uBAAc,EAAC;oBACbjE,OAAO,EAAE,sBAAsB,YAAY,CAAC,eAAe;oBAC3D3B;kBACF,CAAC,CAAC;kBACF8D,cAAc,GAAGV,kBAAS,CAACY,4BAA4B;gBACzD,CAAC,MAAM;kBACL,IAAA4B,uBAAc,EAAC;oBACbjE,OAAO,EAAE,qBAAqB,YAAY,CAAC,eAAe;oBAC1D3B;kBACF,CAAC,CAAC;gBACJ;cACF;YACF;UACF;UACA,OAAO8D,cAAc;QACvB;IACF;EACF,CAAC;EAAA,OAAAH,wBAAA,CAAA/D,KAAA,OAAAD,SAAA;AAAA;AAOD,SAASqG,kBAAkBA,CAACC,WAAW,EAAE;EACvC,IAAI,SAAS,IAAIA,WAAW,EAAE;IAC5B,IAAMC,aAAa,GAAGD,WAAW,CAACE,OAAO;IACzC,IAAMC,EAAE,GAAG,8BAA8B;IACzC,IAAMD,OAAO,GAAGD,aAAa,CAACG,KAAK,CAACD,EAAE,CAAC;IACvC,OAAOD,OAAO,CAAC,CAAC,CAAC;EACnB;EACA,MAAM,IAAIG,KAAK,CAAC,2DAA2D,CAAC;AAC9E;AAUA;AACA;AACA;AACA;AACA;AAJA,SAKeC,wBAAwBA,CAAAC,GAAA;EAAA,OAAAC,yBAAA,CAAA7G,KAAA,OAAAD,SAAA;AAAA;AA2DvC;AACA;AACA;AACA;AACA;AAJA,SAAA8G,0BAAA;EAAAA,yBAAA,GAAAlH,iBAAA,CA3DA,WAAAmH,IAAA,EAIiC;IAAA,IAJO;MACtC1G;IAGF,CAAC,GAAA0G,IAAA;IACC,IAAAhF,qBAAY,EAAC;MACXC,OAAO,mDAAmD;MAC1D3B;IACF,CAAC,CAAC;IACF,IAAM8E,MAAM,GAAG;MACbE,OAAO,EAAE;QACP,mBAAmB,EAAEhF,KAAK,CAACgD,WAAW,CAAC,CAAC;QACxC,mBAAmB,EAAEhD,KAAK,CAACiD,WAAW,CAAC;MACzC;IACF,CAAC;IACD,IAAIuC,QAAQ,SAAS,IAAAmB,qBAAI,EAAC;MAAEC,IAAI,EAAE,CAAC,CAAC;MAAE9B,MAAM;MAAE9E;IAAM,CAAC,CAAC;IAEtD,IAAI6G,OAAO,GAAG,IAAI;IAClB,IAAIC,KAAK,GAAG,CAAC;IACb,IAAMC,QAAQ,GAAG,CAAC;IAClB,GAAG;MACDF,OAAO,GAAG/E,iBAAiB,CAAC0D,QAAQ,EAAExF,KAAK,CAAC;;MAE5C;MACA,IAAI,CAAC6G,OAAO,CAAClE,SAAS,EAAE;QACtB,MAAM,IAAI2D,KAAK,4BAAA1E,MAAA,CAA4BiF,OAAO,CAACnE,MAAM,CAAE,CAAC;MAC9D;MAEA,IAAImE,OAAO,CAACrE,QAAQ,EAAE;QACpBsE,KAAK,EAAE;QACPtB,QAAQ,SAAS,IAAAmB,qBAAI,EAAC;UAAEC,IAAI,EAAEC,OAAO,CAAC9E,OAAO;UAAE/B;QAAM,CAAC,CAAC;MACzD;MAEA,IAAI,SAAS,IAAIwF,QAAQ,EAAE;QACzBA,QAAQ,CAAC,YAAY,CAAC,GAAG,KAAK;QAC9B;QACA,IAAMwB,WAAW,SAAS,IAAAC,0BAAc,EAAC;UACvCC,OAAO,EAAE1B,QAAQ,CAAC,SAAS,CAAC;UAC5BxF;QACF,CAAC,CAAC;QACFwF,QAAQ,CAAC,SAAS,CAAC,GAAG2B,IAAI,CAACC,KAAK,CAACJ,WAAW,CAACK,qBAAqB,CAAC;QACnE,IAAA3F,qBAAY,EAAC;UACXC,OAAO,4DAAAC,MAAA,CAA4D4D,QAAQ,CAAC,SAAS,CAAC,MAAG;UACzFxF;QACF,CAAC,CAAC;QACF,IAAA0B,qBAAY,EAAC;UACXC,OAAO,EAAE6D,QAAQ;UACjBxF;QACF,CAAC,CAAC;QACF,OAAOwF,QAAQ;MACjB;IACF,CAAC,QAAQqB,OAAO,CAACrE,QAAQ,IAAIsE,KAAK,GAAGC,QAAQ;IAC7C,IAAArF,qBAAY,EAAC;MACXC,OAAO,8DAA8D;MACrE3B;IACF,CAAC,CAAC;IACF,OAAO,IAAI;EACb,CAAC;EAAA,OAAAyG,yBAAA,CAAA7G,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOc2H,mBAAmBA,CAAAC,GAAA;EAAA,OAAAC,oBAAA,CAAA5H,KAAA,OAAAD,SAAA;AAAA;AAuClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPA,SAAA6H,qBAAA;EAAAA,oBAAA,GAAAjI,iBAAA,CAvCA,WAAmCS,KAAY,EAAgC;IAC7E,IAAA0B,qBAAY,EAAC;MACXC,OAAO,8CAA8C;MACrD3B;IACF,CAAC,CAAC;IACF,IAAIyH,KAA0B,GAAG,IAAI;IACrC,IAAIzH,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,WAAW,IAAAC,kCAAmB,EAAC;MAAE3H;IAAM,CAAC,CAAC,CAAC,EAAE;MACtE,IAAI;QACFyH,KAAK,SAAS,IAAAG,mCAAoB,EAAC;UAAE5H;QAAM,CAAC,CAAC;QAC7CyH,KAAK,CAACI,UAAU,GAAG,IAAI;QACvB,IAAAnG,qBAAY,EAAC;UACXC,OAAO,+CAA+C;UACtD3B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACd,IAAAuC,qBAAY,EAAC;UACXC,OAAO,0DAA0D;UACjE3B;QACF,CAAC,CAAC;MACJ;IACF;IACA,IAAI,CAACyH,KAAK,EAAE;MACVA,KAAK,SAASlB,wBAAwB,CAAC;QAAEvG;MAAM,CAAC,CAAC;MACjDyH,KAAK,CAACI,UAAU,GAAG,KAAK;MACxB,IAAAnG,qBAAY,EAAC;QACXC,OAAO,8CAA8C;QACrD3B;MACF,CAAC,CAAC;IACJ;IACA,IAAIA,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,EAAE;MAC5B,MAAM,IAAAI,mCAAoB,EAAC;QAAEL,KAAK;QAAEzH;MAAM,CAAC,CAAC;IAC9C;IACA,IAAA0B,qBAAY,EAAC;MACXC,OAAO,4CAA4C;MACnD3B;IACF,CAAC,CAAC;IACF,OAAOyH,KAAK;EACd,CAAC;EAAA,OAAAD,oBAAA,CAAA5H,KAAA,OAAAD,SAAA;AAAA;AAAA,SAUcoI,WAAWA,CAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,YAAA,CAAAxI,KAAA,OAAAD,SAAA;AAAA;AA6D1B;AACA;AACA;AACA;AACA;AAJA,SAAAyI,aAAA;EAAAA,YAAA,GAAA7I,iBAAA,CA7DA,WACEoF,WAAmB,EACnB0D,aAAqB,EACrBC,mBAA2B,EAC3BtI,KAAY,EACZ;IACA,IAAI;MAAA,IAAAuI,iBAAA;MACF,IAAMrD,YAAY,mBAAAtD,MAAA,CAAmB+C,WAAW,aAAA/C,MAAA,CAC9C5B,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,GAC7DhD,mBAAmB,GACnBC,sBAAsB,oCAAAY,MAAA,CACKR,aAAa,YAAAQ,MAAA,CAAS5B,KAAK,CAAC6D,cAAc,CAAC,CAAC,qCAAAjC,MAAA,CAAkCyG,aAAa,6BAAAzG,MAAA,CAA0B0G,mBAAmB,CAAE;MAC3K,IAAMxD,MAAM,GAAG;QACbE,OAAO,EAAE;UACP,cAAc,EAAE;QAClB,CAAC;QACDD,YAAY,EAAE;MAChB,CAAC;MACD,IAAIS,QAAQ,GAAG1F,SAAS;MACxB,IAAI;QACF0F,QAAQ,SAAS,IAAAL,wBAAS,EAAC;UACzBC,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;UAC1BrD,IAAI,EAAE0D,YAAY;UAClBJ,MAAM;UACN9E;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACdqG,QAAQ,GAAGrG,KAAK,CAACqG,QAAQ;QACzB,IAAIA,QAAQ,CAACC,MAAM,GAAG,GAAG,IAAID,QAAQ,CAACC,MAAM,GAAG,GAAG,EAAE;UAClD,IAAA7C,qBAAY,EAAC;YACXjB,OAAO,EAAE,yBAAyB;YAClCO,IAAI,EAAE,OAAO;YACblC;UACF,CAAC,CAAC;UACF,IAAA4C,qBAAY,EAAC;YACXjB,OAAO,EAAE6D,QAAQ,CAAChE,IAAI;YACtBU,IAAI,EAAE,OAAO;YACblC;UACF,CAAC,CAAC;UACF,OAAO,IAAI;QACb;MACF;MACA,IAAMwI,mBAAmB,IAAAD,iBAAA,GAAG/C,QAAQ,CAACR,OAAO,cAAAuD,iBAAA,uBAAhBA,iBAAA,CAAkB7C,QAAQ;MACtD,IAAM+C,WAAW,GAAG7D,YAAG,CAACwC,KAAK,CAACoB,mBAAmB,EAAE,IAAI,CAAC,CAACE,KAAK;MAC9D,IAAI,MAAM,IAAID,WAAW,EAAE;QACzB,OAAOA,WAAW,CAAC5F,IAAI;MACzB;MACA,IAAAD,qBAAY,EAAC;QAAEjB,OAAO,EAAE,qBAAqB;QAAEO,IAAI,EAAE,OAAO;QAAElC;MAAM,CAAC,CAAC;MACtE,OAAO,IAAI;IACb,CAAC,CAAC,OAAOb,KAAK,EAAE;MAAA,IAAAwJ,eAAA;MACd,IAAA/F,qBAAY,EAAC;QACXjB,OAAO,+BAAAC,MAAA,CAA+BzC,KAAK,CAACwC,OAAO,CAAE;QACrDO,IAAI,EAAE,OAAO;QACblC;MACF,CAAC,CAAC;MACF,IAAA4C,qBAAY,EAAC;QAAEjB,OAAO,GAAAgH,eAAA,GAAExJ,KAAK,CAACqG,QAAQ,cAAAmD,eAAA,uBAAdA,eAAA,CAAgBnH,IAAI;QAAEU,IAAI,EAAE,OAAO;QAAElC;MAAM,CAAC,CAAC;MACrE,IAAA0B,qBAAY,EAAC;QAAEC,OAAO,EAAExC,KAAK,CAACyJ,KAAK;QAAE5I;MAAM,CAAC,CAAC;MAC7C,OAAO,IAAI;IACb;EACF,CAAC;EAAA,OAAAoI,YAAA,CAAAxI,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOckJ,uBAAuBA,CAAAC,GAAA;EAAA,OAAAC,wBAAA,CAAAnJ,KAAA,OAAAD,SAAA;AAAA;AAgFtC;AACA;AACA;AACA;AACA;AAJA,SAAAoJ,yBAAA;EAAAA,wBAAA,GAAAxJ,iBAAA,CAhFA,WAAAyJ,KAAA,EAIiC;IAAA,IAJM;MACrChJ;IAGF,CAAC,GAAAgJ,KAAA;IACC,IAAAtH,qBAAY,EAAC;MACXC,OAAO,gDAAgD;MACvD3B;IACF,CAAC,CAAC;IACF,IAAI;MACF,IAAMmE,QAAQ,GAAG,IAAAC,4BAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;MACjD,IAAMC,SAAS,GAAG,IAAAF,4BAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,CAAC,CAC/C,CAAC;MACD,IAAMC,eAAe,GAAG,MAAM;MAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACjG,OAAO,CAACqB,KAAK,CAAC6E,OAAO,CAAC,CAAC,EAAE/D,mBAAmB,CAAC;MACrE,IAAMmI,QAAQ,SAASlB,WAAW,CAChCpD,WAAW,EACXL,SAAS,EACTI,eAAe,EACf1E,KACF,CAAC;MACD,IAAIiJ,QAAQ,IAAI,IAAI,EAAE;QACpB,IAAArG,qBAAY,EAAC;UACXjB,OAAO,EAAE,yBAAyB;UAClCO,IAAI,EAAE,OAAO;UACblC;QACF,CAAC,CAAC;QACF,OAAO,IAAI;MACb;MACA,IAAIwF,QAA6B,GAAG,IAAI;MACxC,IAAIxF,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,EAAE;QACrE,IAAMe,MAAM,GAAG;UACboE,IAAI,EAAE;YACJC,QAAQ,EAAE/H,aAAa;YACvBgI,QAAQ,EAAEvI;UACZ;QACF,CAAC;QACD,IAAMqE,YAAY,mBAAAtD,MAAA,CAAmB+C,WAAW,0CAAA/C,MAAA,CAAuCqH,QAAQ,qBAAArH,MAAA,CAAkBuC,QAAQ,CAAE;QAC3HqB,QAAQ,SAAS,IAAA6D,0BAAW,EAAC;UAC3BjE,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;UAC1BrD,IAAI,EAAE0D,YAAY;UAClBJ,MAAM;UACN9E;QACF,CAAC,CAAC;MACJ,CAAC,MAAM;QACL,IAAMkF,aAAY,gBAAAtD,MAAA,CAAgBR,aAAa,oBAAAQ,MAAA,CAAiB+C,WAAW,0CAAA/C,MAAA,CAAuCqH,QAAQ,qBAAArH,MAAA,CAAkBuC,QAAQ,CAAE;QACtJqB,QAAQ,SAAS,IAAA6D,0BAAW,EAAC;UAC3BjE,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;UAC1BrD,IAAI,EAAE0D,aAAY;UAClBJ,MAAM,EAAE,CAAC,CAAC;UACV9E;QACF,CAAC,CAAC;MACJ;MACA,IAAI,cAAc,IAAIwF,QAAQ,EAAE;QAC9B,IAAA9D,qBAAY,EAAC;UACXC,OAAO,yDAAyD;UAChE3B;QACF,CAAC,CAAC;QACF,OAAOwF,QAAQ;MACjB;MACA,IAAA5C,qBAAY,EAAC;QACXjB,OAAO,EAAE,8BAA8B;QACvCO,IAAI,EAAE,OAAO;QACblC;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;MAAA,IAAAmK,gBAAA;MACd,IAAA5H,qBAAY,EAAC;QACXC,OAAO,0CAAAC,MAAA,CAA0CzC,KAAK,CAAE;QACxDa;MACF,CAAC,CAAC;MACF,IAAA0B,qBAAY,EAAC;QAAEC,OAAO,GAAA2H,gBAAA,GAAEnK,KAAK,CAACqG,QAAQ,cAAA8D,gBAAA,uBAAdA,gBAAA,CAAgB9H,IAAI;QAAExB;MAAM,CAAC,CAAC;IACxD;IACA,IAAA0B,qBAAY,EAAC;MACXC,OAAO,4DAA4D;MACnE3B;IACF,CAAC,CAAC;IACF,OAAO,IAAI;EACb,CAAC;EAAA,OAAA+I,wBAAA,CAAAnJ,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOc4J,kBAAkBA,CAAAC,IAAA;EAAA,OAAAC,mBAAA,CAAA7J,KAAA,OAAAD,SAAA;AAAA;AAAA,SAAA8J,oBAAA;EAAAA,mBAAA,GAAAlK,iBAAA,CAAjC,WAAkCS,KAAY,EAAgC;IAC5E,IAAA0B,qBAAY,EAAC;MACXC,OAAO,6CAA6C;MACpD3B;IACF,CAAC,CAAC;IACF,IAAIyH,KAA0B,GAAG,IAAI;IACrC,IAAIzH,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,WAAW,IAAAgC,iCAAkB,EAAC;MAAE1J;IAAM,CAAC,CAAC,CAAC,EAAE;MACrE,IAAI;QACFyH,KAAK,SAAS,IAAAkC,kCAAmB,EAAC;UAAE3J;QAAM,CAAC,CAAC;QAC5CyH,KAAK,CAACI,UAAU,GAAG,IAAI;QACvB,IAAAnG,qBAAY,EAAC;UACXC,OAAO,oDAAoD;UAC3D3B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACd,IAAAuC,qBAAY,EAAC;UACXC,OAAO,+DAA+D;UACtE3B;QACF,CAAC,CAAC;MACJ;IACF;IACA,IAAI,CAACyH,KAAK,EAAE;MACVA,KAAK,SAASoB,uBAAuB,CAAC;QAAE7I;MAAM,CAAC,CAAC;MAChDyH,KAAK,CAACI,UAAU,GAAG,KAAK;MACxB,IAAAnG,qBAAY,EAAC;QACXC,OAAO,mDAAmD;QAC1D3B;MACF,CAAC,CAAC;IACJ;IACA,IAAIA,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,EAAE;MAC5B,MAAM,IAAAkC,kCAAmB,EAAC;QAAEnC,KAAK;QAAEzH;MAAM,CAAC,CAAC;IAC7C;IACA,OAAOyH,KAAK;EACd,CAAC;EAAA,OAAAgC,mBAAA,CAAA7J,KAAA,OAAAD,SAAA;AAAA;AAED,SAASkK,aAAaA,CAACC,gBAAwB,EAAEC,IAAY,EAAE;EAC7D,IAAMC,CAAC,GAAG,IAAAC,2BAAQ,EAACF,IAAI,CAAC;EACxB,IAAMG,GAAG,MAAAtI,MAAA,CAAMoI,CAAC,CAACG,MAAM,OAAAvI,MAAA,CACrBoI,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACK,QAAQ,KAAK,OAAO,GAAG,KAAK,GAAG,IAAI,EAAAzI,MAAA,CACtDoI,CAAC,CAACM,QAAQ,yBAAsB;;EAEnC;EACA,IAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAAC,IAAItD,IAAI,CAAC,CAAC,CAACuD,OAAO,CAAC,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC;;EAEzD;EACA,IAAMC,GAAG,GAAG,IAAAC,QAAE,EAAC,CAAC;EAEhB,IAAMC,GAAG,GAAGf,gBAAgB;EAC5B,IAAMgB,GAAG,GAAGhB,gBAAgB;;EAE5B;EACA,IAAM/H,OAAO,GAAG;IAAE8I,GAAG;IAAEC,GAAG;IAAEZ,GAAG;IAAEK,GAAG;IAAEI;EAAI,CAAC;EAE3C,OAAO5I,OAAO;AAChB;;AAEA;AACA;AACA;AACA;AACA;AAJA,SAKsBpB,qBAAqBA,CAAAoK,IAAA;EAAA,OAAAC,sBAAA,CAAApL,KAAA,OAAAD,SAAA;AAAA;AAsC3C;AACA;AACA;AACA;AACA;AAJA,SAAAqL,uBAAA;EAAAA,sBAAA,GAAAzL,iBAAA,CAtCO,WAAA0L,KAAA,EAQ0B;IAAA,IARW;MAC1CzK,IAAI,GAAGV,SAAS;MAChBW,KAAK,GAAGX,SAAS;MACjBE;IAKF,CAAC,GAAAiL,KAAA;IACC,IAAAvJ,qBAAY,EAAC;MACXC,OAAO,gDAAgD;MACvD3B;IACF,CAAC,CAAC;IACFQ,IAAI,GAAGA,IAAI,GAAGA,IAAI,GAAGR,KAAK,CAACkL,mBAAmB,CAAC,CAAC;IAChDzK,KAAK,GAAGA,KAAK,GAAGA,KAAK,GAAGT,KAAK,CAACmL,oBAAoB,CAAC,CAAC;IACpD,IAAMpJ,OAAO,GAAG8H,aAAa,CAACrJ,IAAI,EAAER,KAAK,CAAC6E,OAAO,CAAC,CAAC,CAAC;IACpD,IAAMuG,GAAG,SAAS,IAAAC,6BAAoB,EAACtJ,OAAO,EAAEtB,KAAK,CAAC;IACtD,IAAMyE,YAAY,gBAAAtD,MAAA,CAAgBwJ,GAAG,8FAAAxJ,MAAA,CAA2FX,oBAAoB,CAAE;IACtJ,IAAMuE,QAAQ,SAAS,IAAA6D,0BAAW,EAAC;MACjCjE,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;MAC1BrD,IAAI,EAAE0D,YAAY;MAClBJ,MAAM,EAAE,CAAC,CAAC;MACV9E;IACF,CAAC,CAAC;IACF,IAAI,cAAc,IAAIwF,QAAQ,EAAE;MAC9B,IAAA9D,qBAAY,EAAC;QACXC,OAAO,8CAA8C;QACrD3B;MACF,CAAC,CAAC;MACF,OAAOwF,QAAQ;IACjB;IACA,IAAA9D,qBAAY,EAAC;MACXC,OAAO,4EAA4E;MACnF3B;IACF,CAAC,CAAC;IACF,OAAO,IAAI;EACb,CAAC;EAAA,OAAAgL,sBAAA,CAAApL,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOqB2L,gBAAgBA,CAAAC,IAAA;EAAA,OAAAC,iBAAA,CAAA5L,KAAA,OAAAD,SAAA;AAAA;AAuCtC;AACA;AACA;AACA;AAHA,SAAA6L,kBAAA;EAAAA,iBAAA,GAAAjM,iBAAA,CAvCO,WAAAkM,KAAA,EAI0B;IAAA,IAJM;MACrCzL;IAGF,CAAC,GAAAyL,KAAA;IACC,IAAA/J,qBAAY,EAAC;MACXC,OAAO,2CAA2C;MAClD3B;IACF,CAAC,CAAC;IACF,IAAIyH,KAA0B,GAAG,IAAI;IACrC,IAAIzH,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,WAAW,IAAAgE,+BAAgB,EAAC;MAAE1L;IAAM,CAAC,CAAC,CAAC,EAAE;MACnE,IAAI;QACFyH,KAAK,SAAS,IAAAkE,gCAAiB,EAAC;UAAE3L;QAAM,CAAC,CAAC;QAC1CyH,KAAK,CAACI,UAAU,GAAG,IAAI;QACvB,IAAAnG,qBAAY,EAAC;UACXC,OAAO,kDAAkD;UACzD3B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACd,IAAAuC,qBAAY,EAAC;UACXC,OAAO,6DAA6D;UACpE3B;QACF,CAAC,CAAC;MACJ;IACF;IACA,IAAI,CAACyH,KAAK,EAAE;MACVA,KAAK,SAAS9G,qBAAqB,CAAC;QAAEX;MAAM,CAAC,CAAC;MAC9CyH,KAAK,CAACI,UAAU,GAAG,KAAK;MACxB,IAAAnG,qBAAY,EAAC;QACXC,OAAO,iDAAiD;QACxD3B;MACF,CAAC,CAAC;IACJ;IACA,IAAIA,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,EAAE;MAC5B,MAAM,IAAAkE,gCAAiB,EAAC;QAAEnE,KAAK;QAAEzH;MAAM,CAAC,CAAC;IAC3C;IACA,OAAOyH,KAAK;EACd,CAAC;EAAA,OAAA+D,iBAAA,CAAA5L,KAAA,OAAAD,SAAA;AAAA;AAAA,SAMckM,gDAAgDA,CAAAC,IAAA;EAAA,OAAAC,iDAAA,CAAAnM,KAAA,OAAAD,SAAA;AAAA;AA2B/D;AACA;AACA;AACA;AACA;AAJA,SAAAoM,kDAAA;EAAAA,iDAAA,GAAAxM,iBAAA,CA3BA,WACES,KAAY,EACG;IACf,IAAA0B,qBAAY,EAAC;MACXC,OAAO,2EAA2E;MAClF3B;IACF,CAAC,CAAC;IACFA,KAAK,CAACgM,iBAAiB,OAAOvI,uBAAuB,CAACzD,KAAK,CAAC,CAAC;IAC7DkD,qBAAqB,CAAClD,KAAK,CAAC;IAC5B,IAAA0B,qBAAY,EAAC;MACXC,OAAO,6EAAAC,MAAA,CAA6E5B,KAAK,CAACmD,QAAQ,CAAC,CAAC,aAAAvB,MAAA,CAAU5B,KAAK,CAACwD,iBAAiB,CAAC,CAAC,CAAE;MACzIxD;IACF,CAAC,CAAC;IAEF,IAAMiG,WAAW,SAAS,IAAAgG,mCAAoB,EAAC;MAAEjM;IAAM,CAAC,CAAC;;IAEzD;IACA,IAAA0B,qBAAY,EAAC;MAAEC,OAAO,mBAAAC,MAAA,CAAmBqE,WAAW,CAACiG,WAAW,CAAE;MAAElM;IAAM,CAAC,CAAC;IAE5E,IAAMmG,OAAO,SAASH,kBAAkB,CAACC,WAAW,CAAC;IACrDjG,KAAK,CAACmM,YAAY,CAAChG,OAAO,CAAC;IAC3B,IAAAzE,qBAAY,EAAC;MACXC,OAAO,yEAAyE;MAChF3B;IACF,CAAC,CAAC;EACJ,CAAC;EAAA,OAAA+L,iDAAA,CAAAnM,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOcyM,kBAAkBA,CAAAC,IAAA;EAAA,OAAAC,mBAAA,CAAA1M,KAAA,OAAAD,SAAA;AAAA;AAkBjC;AACA;AACA;AACA;AACA;AACA;AALA,SAAA2M,oBAAA;EAAAA,mBAAA,GAAA/M,iBAAA,CAlBA,WAAkCS,KAAY,EAAmB;IAC/D,IAAIuM,aAAa,WAAA3K,MAAA,CAAW5B,KAAK,CAACgD,WAAW,CAAC,CAAC,CAAE;IACjD,IAAIhD,KAAK,CAACkE,0BAA0B,CAAC,CAAC,EAAE;MACtC,IAAI;QACF,IAAMsI,IAAI,GAAG,OACL,IAAAC,oCAAiB,EAAC;UACtB3C,gBAAgB,EAAE9J,KAAK,CAACkL,mBAAmB,CAAC,CAAC;UAC7ClL;QACF,CAAC,CAAC,EACFwM,IAAI;QACND,aAAa,sBAAA3K,MAAA,CAAsB4K,IAAI,QAAA5K,MAAA,CAAK5B,KAAK,CAACkL,mBAAmB,CAAC,CAAC,MAAG;MAC5E,CAAC,CAAC,OAAO/L,KAAK,EAAE;QACdoN,aAAa,sBAAA3K,MAAA,CAAsB5B,KAAK,CAACkL,mBAAmB,CAAC,CAAC,CAAE;MAClE;IACF;IACA,OAAOqB,aAAa;EACtB,CAAC;EAAA,OAAAD,mBAAA,CAAA1M,KAAA,OAAAD,SAAA;AAAA;AAQD,SAAS+M,mBAAmBA,CAC1BvM,gBAAyB,EACzBE,WAAoB,EACpBL,KAAY,EACZ;EACA,IAAI2M,KAAK,GAAG3M,KAAK,CAAC4M,mBAAmB,CAAC,CAAC;EACvC;EACA,IAAID,KAAK,EAAE;IACT,IAAAjL,qBAAY,EAAC;MACXC,OAAO,8DAA8D;MACrE3B;IACF,CAAC,CAAC;IACF6M,YAAY,CAACF,KAAK,CAAC;EACrB;EACA;EACA,IAAItM,WAAW,EAAE;IAAA,IAAAyM,qBAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,sBAAA;IACf,IAAMC,OAAO,GACXlN,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACa,2BAA2B,IAAA6I,qBAAA,GAC/D9M,KAAK,CAACmN,uBAAuB,CAAC,CAAC,cAAAL,qBAAA,uBAA/BA,qBAAA,CAAiCI,OAAO,GACxClN,KAAK,CAACkE,0BAA0B,CAAC,CAAC,IAAA6I,qBAAA,GAChC/M,KAAK,CAACoN,kBAAkB,CAAC,CAAC,cAAAL,qBAAA,uBAA1BA,qBAAA,CAA4BG,OAAO,GACnC1C,IAAI,CAAC6C,GAAG,EAAAL,sBAAA,GACNhN,KAAK,CAACoN,kBAAkB,CAAC,CAAC,cAAAJ,sBAAA,uBAA1BA,sBAAA,CAA4BE,OAAO,GAAAD,sBAAA,GACnCjN,KAAK,CAACmN,uBAAuB,CAAC,CAAC,cAAAF,sBAAA,uBAA/BA,sBAAA,CAAiCC,OACnC,CAAC;IACT,IAAMI,OAAO,GAAGJ,OAAO,GAAG/F,IAAI,CAACoG,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE;IAChD,IAAID,OAAO,GAAG,IAAI,GAAG,EAAE,EAAE;MACvB,MAAM,IAAIhH,KAAK,0EAAA1E,MAAA,CAC4D4I,IAAI,CAACgD,IAAI,CAChFF,OACF,CAAC,CACH,CAAC;IACH;IACA,IAAA5L,qBAAY,EAAC;MACXC,OAAO,yDAAAC,MAAA,CAAyD4I,IAAI,CAACC,KAAK,CACxE6C,OAAO,GAAG,IACZ,CAAC,SAAA1L,MAAA,CAAM,IAAIuF,IAAI,CAACmG,OAAO,CAAC,CAACG,UAAU,CAAC,CAAC,QAAA7L,MAAA,CAAK,IAAIuF,IAAI,CAChDmG,OACF,CAAC,CAACI,UAAU,CAAC,CAAC,QAAK;MACnB1N;IACF,CAAC,CAAC;IACF2M,KAAK,GAAGgB,UAAU,CAAC1N,SAAS,EAAEqN,OAAO,EAAE;MACrCnN,gBAAgB;MAChBE,WAAW;MACXL;MACA;IACF,CAAC,CAA8B;IAC/BA,KAAK,CAAC4N,mBAAmB,CAACjB,KAAK,CAAC;IAChCA,KAAK,CAACkB,KAAK,CAAC,CAAC;EACf;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AANA,SAOsB5N,SAASA,CAAA6N,IAAA;EAAA,OAAAC,UAAA,CAAAnO,KAAA,OAAAD,SAAA;AAAA;AAAA,SAAAoO,WAAA;EAAAA,UAAA,GAAAxO,iBAAA,CAAxB,WAAAyO,KAAA,EAQc;IAAA,IARW;MAC9B7N,gBAAgB,GAAG,KAAK;MACxBE,WAAW,GAAG,IAAI;MAClBL;IAKF,CAAC,GAAAgO,KAAA;IACC,IAAAtM,qBAAY,EAAC;MAAEC,OAAO,oCAAoC;MAAE3B;IAAM,CAAC,CAAC;IACpE,IAAI,CAACA,KAAK,CAAC6E,OAAO,CAAC,CAAC,EAAE;MACpB,IAAAjC,qBAAY,EAAC;QACXjB,OAAO,0DAA0D;QACjEO,IAAI,EAAE,OAAO;QACblC;MACF,CAAC,CAAC;MACF,OAAO,KAAK;IACd;IACA,IAAI;MACF;MACA,IACEA,KAAK,CAACgD,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3BhD,KAAK,CAACiD,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3B,CAACjD,KAAK,CAACkL,mBAAmB,CAAC,CAAC,IAC5B,CAAClL,KAAK,CAACmL,oBAAoB,CAAC,CAAC,EAC7B;QACA,IAAM8C,IAAI,SAAS,IAAAC,0CAAoB,EAAC;UAAElO;QAAM,CAAC,CAAC;QAClD,IAAIiO,IAAI,EAAE;UACRjO,KAAK,CAACmO,OAAO,CAACF,IAAI,CAACG,MAAM,CAAC;UAC1BpO,KAAK,CAACgM,iBAAiB,CAACiC,IAAI,CAACnK,cAAc,CAAC;UAC5C9D,KAAK,CAACqO,WAAW,CAACJ,IAAI,CAAC9E,QAAQ,CAAC;UAChCnJ,KAAK,CAACsO,WAAW,CAACL,IAAI,CAAC7E,QAAQ,CAAC;UAChCpJ,KAAK,CAACuO,wBAAwB,CAACN,IAAI,CAACO,qBAAqB,CAAC;UAC1DxO,KAAK,CAACyO,gCAAgC,CACpCR,IAAI,CAACS,6BACP,CAAC;UACD1O,KAAK,CAAC2O,mBAAmB,CAACV,IAAI,CAACW,SAAS,CAAC;UACzC5O,KAAK,CAAC6O,oBAAoB,CAACZ,IAAI,CAACa,UAAU,CAAC;QAC7C,CAAC,MAAM;UACL,OAAO,KAAK;QACd;MACF;;MAEA;MACA,IAAI,CAAC,IAAAC,6BAAU,EAAC/O,KAAK,CAAC6E,OAAO,CAAC,CAAC,CAAC,EAAE;QAChC,IAAMoJ,KAAI,SAAS,IAAAC,0CAAoB,EAAC;UAAElO;QAAM,CAAC,CAAC;QAClD,IAAIiO,KAAI,EAAE;UACRjO,KAAK,CAACmO,OAAO,CAACF,KAAI,CAACG,MAAM,CAAC;UAC1BpO,KAAK,CAACgM,iBAAiB,CAACiC,KAAI,CAACnK,cAAc,CAAC;QAC9C,CAAC,MAAM;UACL,OAAO,KAAK;QACd;MACF;;MAEA;MACA9D,KAAK,CAACgP,aAAa,OAAO3N,mBAAmB,CAACrB,KAAK,CAAC,CAAC;;MAErD;MACA,IACE,CAACG,gBAAgB,IACjBH,KAAK,CAACkL,mBAAmB,CAAC,CAAC,IAC3BlL,KAAK,CAACmL,oBAAoB,CAAC,CAAC,EAC5B;QACA,IAAAzJ,qBAAY,EAAC;UACXC,OAAO,oEAAAC,MAAA,CAAoE5B,KAAK,CAACkL,mBAAmB,CAAC,CAAC,CAAE;UACxGlL;QACF,CAAC,CAAC;QACF,IAAI;UACF,IAAMyH,KAAK,SAAS6D,gBAAgB,CAAC;YAAEtL;UAAM,CAAC,CAAC;UAC/CA,KAAK,CAACiP,kBAAkB,CAACxH,KAAK,CAAC;UAC/BzH,KAAK,CAACkP,0BAA0B,CAAC,IAAI,CAAC;UACtC,MAAMrD,gDAAgD,CAAC7L,KAAK,CAAC;QAC/D,CAAC,CAAC,OAAOmP,KAAK,EAAE;UAAA,IAAAC,eAAA,EAAAC,gBAAA,EAAAC,gBAAA;UACd,IAAA5N,qBAAY,EAAC;YAAEC,OAAO,EAAE,EAAAyN,eAAA,GAAAD,KAAK,CAAC3J,QAAQ,cAAA4J,eAAA,uBAAdA,eAAA,CAAgB5N,IAAI,KAAI2N,KAAK;YAAEnP;UAAM,CAAC,CAAC;UAC/D,IAAA0B,qBAAY,EAAC;YAAEC,OAAO,EAAE3B,KAAK,CAACuP,QAAQ,CAAC,CAAC;YAAEvP;UAAM,CAAC,CAAC;UAClD,MAAM,IAAIsG,KAAK,iCAAA1E,MAAA,CAEX,EAAAyN,gBAAA,GAAAF,KAAK,CAAC3J,QAAQ,cAAA6J,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgB7N,IAAI,cAAA6N,gBAAA,uBAApBA,gBAAA,CAAsBG,iBAAiB,OAAAF,gBAAA,GACvCH,KAAK,CAAC3J,QAAQ,cAAA8J,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgB9N,IAAI,cAAA8N,gBAAA,uBAApBA,gBAAA,CAAsB3N,OAAO,KAC7BwN,KAAK,CAET,CAAC;QACH;MACF;MACA;MAAA,KACK,IAAInP,KAAK,CAACgD,WAAW,CAAC,CAAC,IAAIhD,KAAK,CAACiD,WAAW,CAAC,CAAC,EAAE;QACnD,IAAAvB,qBAAY,EAAC;UACXC,OAAO,iEAAAC,MAAA,CAAiE5B,KAAK,CAACgD,WAAW,CAAC,CAAC,CAAE;UAC7FhD;QACF,CAAC,CAAC;QACF,IAAMyH,MAAK,SAASH,mBAAmB,CAACtH,KAAK,CAAC;QAC9C,IAAIyH,MAAK,EAAEzH,KAAK,CAACyP,uBAAuB,CAAChI,MAAK,CAAC;QAC/C,MAAMoE,gDAAgD,CAAC7L,KAAK,CAAC;QAC7D,IACEA,KAAK,CAAC6D,cAAc,CAAC,CAAC;QACtB;QACC7D,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,IAChE/D,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACY,4BAA4B,CAAC,EACvE;UACA,IAAMqF,YAAW,SAASE,kBAAkB,CAACvJ,KAAK,CAAC;UACnD,IAAIqJ,YAAW,EAAErJ,KAAK,CAACiP,kBAAkB,CAAC5F,YAAW,CAAC;QACxD;MACF;MACA;MAAA,KACK;QACH,IAAAzG,qBAAY,EAAC;UACXjB,OAAO,iCAAiC;UACxCO,IAAI,EAAE,OAAO;UACblC;QACF,CAAC,CAAC;QACF,OAAO,KAAK;MACd;MACA,IACEA,KAAK,CAAC6D,cAAc,CAAC,CAAC,IACrB7D,KAAK,CAACkE,0BAA0B,CAAC,CAAC,IAAIlE,KAAK,CAAC0P,cAAc,CAAC,CAAE,EAC9D;QAAA,IAAAC,sBAAA,EAAAC,sBAAA;QACA,KAAAD,sBAAA,GAAI3P,KAAK,CAACoN,kBAAkB,CAAC,CAAC,cAAAuC,sBAAA,eAA1BA,sBAAA,CAA4B9H,UAAU,EAAE;UAC1C,IAAAjC,uBAAc,EAAC;YAAEjE,OAAO,8BAA8B;YAAE3B;UAAM,CAAC,CAAC;QAClE;QACA,IACE,CAACA,KAAK,CAACkE,0BAA0B,CAAC,CAAC,KAAA0L,sBAAA,GACnC5P,KAAK,CAACmN,uBAAuB,CAAC,CAAC,cAAAyC,sBAAA,eAA/BA,sBAAA,CAAiC/H,UAAU,EAC3C;UACA,IAAAjC,uBAAc,EAAC;YAAEjE,OAAO,+BAA+B;YAAE3B;UAAM,CAAC,CAAC;QACnE;QACA,IAAA4C,qBAAY,EAAC;UACXjB,OAAO,kBAAAC,MAAA,CAAkB5B,KAAK,CAAC6E,OAAO,CAAC,CAAC,QAAAjD,MAAA,CACtC5B,KAAK,CAACmD,QAAQ,CAAC,CAAC,GAAGnD,KAAK,CAACmD,QAAQ,CAAC,CAAC,GAAG,MAAM,WAAAvB,MAAA,OAChCwK,kBAAkB,CAACpM,KAAK,CAAC,CAAE;UACzCkC,IAAI,EAAE,MAAM;UACZlC;QACF,CAAC,CAAC;QACF0M,mBAAmB,CAACvM,gBAAgB,EAAEE,WAAW,EAAEL,KAAK,CAAC;QACzD,IAAA0B,qBAAY,EAAC;UACXC,OAAO,8CAA8C;UACrD3B;QACF,CAAC,CAAC;QACF,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOb,KAAK,EAAE;MAAA,IAAA0Q,gBAAA,EAAAC,gBAAA,EAAAC,gBAAA;MACd;MACA,IAAAnN,qBAAY,EAAC;QAAEjB,OAAO,EAAExC,KAAK,CAACwC,OAAO;QAAEO,IAAI,EAAE,OAAO;QAAElC;MAAM,CAAC,CAAC;MAC9D;MACA,IAAA4C,qBAAY,EAAC;QACXjB,OAAO,GAAAkO,gBAAA,GAAE1Q,KAAK,CAACqG,QAAQ,cAAAqK,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgBrO,IAAI,cAAAqO,gBAAA,uBAApBA,gBAAA,CAAsBlO,OAAO;QACtCO,IAAI,EAAE,OAAO;QACblC;MACF,CAAC,CAAC;MACF;MACA,IAAA4C,qBAAY,EAAC;QACXjB,OAAO,GAAAmO,gBAAA,GAAE3Q,KAAK,CAACqG,QAAQ,cAAAsK,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgBtO,IAAI,cAAAsO,gBAAA,uBAApBA,gBAAA,CAAsBN,iBAAiB;QAChDtN,IAAI,EAAE,OAAO;QACblC;MACF,CAAC,CAAC;MACF;MACA,IAAA0B,qBAAY,EAAC;QAAEC,OAAO,GAAAoO,gBAAA,GAAE5Q,KAAK,CAACqG,QAAQ,cAAAuK,gBAAA,uBAAdA,gBAAA,CAAgBvO,IAAI;QAAExB;MAAM,CAAC,CAAC;MACtD;MACA,IAAA0B,qBAAY,EAAC;QAAEC,OAAO,EAAExC,KAAK,CAACyJ,KAAK,IAAI,IAAItC,KAAK,CAAC,CAAC,CAACsC,KAAK;QAAE5I;MAAM,CAAC,CAAC;IACpE;IACA,IAAA0B,qBAAY,EAAC;MACXC,OAAO,iDAAiD;MACxD3B;IACF,CAAC,CAAC;IACF,OAAO,KAAK;EACd,CAAC;EAAA,OAAA+N,UAAA,CAAAnO,KAAA,OAAAD,SAAA;AAAA"}
1
+ {"version":3,"file":"AuthenticateOps.js","names":["_crypto","require","_readlineSync","_interopRequireDefault","_url","_uuid","_AuthenticateApi","_ServerInfoApi","_Constants","_Base64Utils","_Console","_ExportImportUtils","_ServiceAccountOps","_ConnectionProfileOps","_JoseOps","_OAuth2OidcOps","_SessionOps","_TokenCacheOps","obj","__esModule","default","asyncGeneratorStep","gen","resolve","reject","_next","_throw","key","arg","info","value","error","done","Promise","then","_asyncToGenerator","fn","self","args","arguments","apply","err","undefined","_default","state","getTokens","_arguments","forceLoginAsUser","length","autoRefresh","getAccessTokenForServiceAccount","_arguments2","saId","saJwk","access_token","getFreshSaBearerToken","exports","adminClientPassword","redirectUrlTemplate","cloudIdmAdminScopes","forgeopsIdmAdminScopes","serviceAccountScopes","fidcClientId","forgeopsClientId","adminClientId","determineCookieName","_x","_determineCookieName","data","getServerInfo","debugMessage","message","concat","cookieName","checkAndHandle2FA","payload","callback","callbacks","type","localAuth","output","provider","input","includes","nextStep","need2fa","factor","supported","printMessage","code","readlineSync","question","getUsername","getPassword","determineDefaultRealm","getRealm","Constants","DEFAULT_REALM_KEY","setRealm","DEPLOYMENT_TYPE_REALM_MAP","getDeploymentType","determineDeploymentType","_x2","_determineDeploymentType","cookieValue","getCookieValue","deploymentType","CLOUD_DEPLOYMENT_TYPE_KEY","FORGEOPS_DEPLOYMENT_TYPE_KEY","CLASSIC_DEPLOYMENT_TYPE_KEY","getUseBearerTokenForAmApis","verifier","encodeBase64Url","randomBytes","challenge","createHash","update","digest","challengeMethod","redirectURL","url","getHost","config","maxRedirects","headers","getCookieName","bodyFormData","authorize","amBaseUrl","e","_e$response","_e$response$headers","response","status","location","indexOf","verboseMessage","ex","_ex$response","_ex$response$headers","getSemanticVersion","versionInfo","versionString","version","rx","match","Error","getFreshUserSessionToken","_x3","_getFreshUserSessionToken","_ref","step","body","skip2FA","steps","maxSteps","sessionInfo","getSessionInfo","tokenId","Date","parse","maxIdleExpirationTime","getUserSessionToken","_x4","_getUserSessionToken","token","getUseTokenCache","hasUserSessionToken","readUserSessionToken","from_cache","saveUserSessionToken","getAuthCode","_x5","_x6","_x7","_x8","_getAuthCode","codeChallenge","codeChallengeMethod","_response$headers","redirectLocationURL","queryObject","query","_error$response","stack","getFreshUserBearerToken","_x9","_getFreshUserBearerToken","_ref2","authCode","auth","username","password","accessToken","_error$response2","getUserBearerToken","_x10","_getUserBearerToken","hasUserBearerToken","readUserBearerToken","saveUserBearerToken","createPayload","serviceAccountId","host","u","parseUrl","aud","origin","port","protocol","pathname","exp","Math","floor","getTime","jti","v4","iss","sub","_x11","_getFreshSaBearerToken","_ref3","getServiceAccountId","getServiceAccountJwk","jwt","createSignedJwtToken","getSaBearerToken","_x12","_getSaBearerToken","_ref4","hasSaBearerToken","readSaBearerToken","saveSaBearerToken","determineDeploymentTypeAndDefaultRealmAndVersion","_x13","_determineDeploymentTypeAndDefaultRealmAndVersion","setDeploymentType","getServerVersionInfo","fullVersion","setAmVersion","getLoggedInSubject","_x14","_getLoggedInSubject","subjectString","name","getServiceAccount","scheduleAutoRefresh","timer","getAutoRefreshTimer","clearTimeout","_state$getUserSession","_state$getBearerToken","_state$getBearerToken2","_state$getUserSession2","expires","getUserSessionTokenMeta","getBearerTokenMeta","min","timeout","now","ceil","getMinutes","getSeconds","setTimeout","setAutoRefreshTimer","unref","_x15","_getTokens","_ref5","conn","getConnectionProfile","setHost","tenant","setUsername","setPassword","setAuthenticationService","authenticationService","setAuthenticationHeaderOverrides","authenticationHeaderOverrides","setServiceAccountId","svcacctId","setServiceAccountJwk","svcacctJwk","isValidUrl","setCookieName","setBearerTokenMeta","setUseBearerTokenForAmApis","saErr","_saErr$response","_saErr$response2","_saErr$response3","getState","error_description","setUserSessionTokenMeta","getBearerToken","_state$getBearerToken3","_state$getUserSession3","_error$response3","_error$response4","_error$response5"],"sources":["../../src/ops/AuthenticateOps.ts"],"sourcesContent":["import { createHash, randomBytes } from 'crypto';\nimport readlineSync from 'readline-sync';\nimport url from 'url';\nimport { v4 } from 'uuid';\n\nimport { step } from '../api/AuthenticateApi';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport Constants from '../shared/Constants';\nimport { State } from '../shared/State';\nimport { encodeBase64Url } from '../utils/Base64Utils';\nimport { debugMessage, printMessage, verboseMessage } from '../utils/Console';\nimport { isValidUrl, parseUrl } from '../utils/ExportImportUtils';\nimport { getServiceAccount } from './cloud/ServiceAccountOps';\nimport { getConnectionProfile } from './ConnectionProfileOps';\nimport { createSignedJwtToken, JwkRsa } from './JoseOps';\nimport {\n accessToken,\n type AccessTokenMetaType,\n authorize,\n} from './OAuth2OidcOps';\nimport { getSessionInfo } from './SessionOps';\nimport {\n hasSaBearerToken,\n hasUserBearerToken,\n hasUserSessionToken,\n readSaBearerToken,\n readUserBearerToken,\n readUserSessionToken,\n saveSaBearerToken,\n saveUserBearerToken,\n saveUserSessionToken,\n} from './TokenCacheOps';\n\nexport type Authenticate = {\n /**\n * Get tokens and stores them in State\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\n getTokens(\n forceLoginAsUser?: boolean,\n autoRefresh?: boolean\n ): Promise<boolean>;\n\n // Deprecated\n /**\n * Get access token for service account\n * @param {string} saId optional service account id\n * @param {JwkRsa} saJwk optional service account JWK\n * @returns {string | null} Access token or null\n * @deprecated since v2.0.0 use {@link Authenticate.getTokens | getTokens} instead\n * ```javascript\n * getTokens(): Promise<boolean>\n * ```\n * @group Deprecated\n */\n getAccessTokenForServiceAccount(\n saId?: string,\n saJwk?: JwkRsa\n ): Promise<string | null>;\n};\n\nexport default (state: State): Authenticate => {\n return {\n async getTokens(forceLoginAsUser = false, autoRefresh = true) {\n return getTokens({ forceLoginAsUser, autoRefresh, state });\n },\n\n // Deprecated\n async getAccessTokenForServiceAccount(\n saId: string = undefined,\n saJwk: JwkRsa = undefined\n ): Promise<string | null> {\n const { access_token } = await getFreshSaBearerToken({\n saId,\n saJwk,\n state,\n });\n return access_token;\n },\n };\n};\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst cloudIdmAdminScopes = 'openid fr:idm:* fr:idc:esv:*';\nconst forgeopsIdmAdminScopes = 'openid fr:idm:*';\nconst serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';\n\nconst fidcClientId = 'idmAdminClient';\nconst forgeopsClientId = 'idm-admin-ui';\nlet adminClientId = fidcClientId;\n\n/**\n * Helper function to get cookie name\n * @param {State} state library state\n * @returns {string} cookie name\n */\nasync function determineCookieName(state: State) {\n const data = await getServerInfo({ state });\n debugMessage({\n message: `AuthenticateOps.determineCookieName: cookieName=${data.cookieName}`,\n state,\n });\n return data.cookieName;\n}\n\n/**\n * Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @param {State} state library state\n * @returns {Object} an object indicating if 2fa is required and the original payload\n */\nfunction checkAndHandle2FA(payload, state: State) {\n debugMessage({ message: `AuthenticateOps.checkAndHandle2FA: start`, state });\n // let skippable = false;\n if ('callbacks' in payload) {\n for (const callback of payload.callbacks) {\n // select localAuthentication if Admin Federation is enabled\n if (callback.type === 'SelectIdPCallback') {\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: Admin federation enabled. Allowed providers:`,\n state,\n });\n let localAuth = false;\n for (const value of callback.output[0].value) {\n debugMessage({ message: `${value.provider}`, state });\n if (value.provider === 'localAuthentication') {\n localAuth = true;\n }\n }\n if (localAuth) {\n debugMessage({ message: `local auth allowed`, state });\n callback.input[0].value = 'localAuthentication';\n } else {\n debugMessage({ message: `local auth NOT allowed`, state });\n }\n }\n if (callback.type === 'HiddenValueCallback') {\n if (callback.input[0].value.includes('skip')) {\n // skippable = true;\n callback.input[0].value = 'Skip';\n // debugMessage(\n // `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=true]`\n // );\n // return {\n // nextStep: true,\n // need2fa: true,\n // factor: 'None',\n // supported: true,\n // payload,\n // };\n }\n if (callback.input[0].value.includes('webAuthnOutcome')) {\n // webauthn!!!\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, unsupported factor: webauthn]`,\n state,\n });\n return {\n nextStep: false,\n need2fa: true,\n factor: 'WebAuthN',\n supported: false,\n payload,\n };\n }\n }\n if (callback.type === 'NameCallback') {\n if (callback.output[0].value.includes('code')) {\n // skippable = false;\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: need2fa=true, skippable=false`,\n state,\n });\n printMessage({\n message: '2FA is enabled and required for this user...',\n state,\n });\n const code = readlineSync.question(`${callback.output[0].value}: `);\n callback.input[0].value = code;\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=false, factor=Code]`,\n state,\n });\n return {\n nextStep: true,\n need2fa: true,\n factor: 'Code',\n supported: true,\n payload,\n };\n } else {\n // answer callback\n callback.input[0].value = state.getUsername();\n }\n }\n if (callback.type === 'PasswordCallback') {\n // answer callback\n callback.input[0].value = state.getPassword();\n }\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: true,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: false,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n}\n\n/**\n * Helper function to set the default realm by deployment type\n * @param {State} state library state\n */\nfunction determineDefaultRealm(state: State) {\n if (!state.getRealm() || state.getRealm() === Constants.DEFAULT_REALM_KEY) {\n state.setRealm(\n Constants.DEPLOYMENT_TYPE_REALM_MAP[state.getDeploymentType()]\n );\n }\n}\n\n/**\n * Helper function to determine the deployment type\n * @param {State} state library state\n * @returns {Promise<string>} deployment type\n */\nasync function determineDeploymentType(state: State): Promise<string> {\n const cookieValue = state.getCookieValue();\n let deploymentType = state.getDeploymentType();\n\n switch (deploymentType) {\n case Constants.CLOUD_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n case Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY:\n adminClientId = forgeopsClientId;\n return deploymentType;\n\n case Constants.CLASSIC_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n // detect deployment type\n default: {\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${cloudIdmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n deploymentType = Constants.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage({\n message: `ForgeRock Identity Cloud`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${forgeopsIdmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage({\n message: `ForgeOps deployment`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage({\n message: `Classic deployment`['brightCyan'] + ` detected.`,\n state,\n });\n }\n }\n }\n }\n return deploymentType;\n }\n }\n}\n\n/**\n * Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n */\nfunction getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d])*)/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\nexport type UserSessionMetaType = {\n tokenId: string;\n successUrl: string;\n realm: string;\n expires: number;\n from_cache?: boolean;\n};\n\n/**\n * Helper function to authenticate and obtain and store session cookie\n * @param {State} state library state\n * @returns {string} Session token or null\n */\nasync function getFreshUserSessionToken({\n state,\n}: {\n state: State;\n}): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: start`,\n state,\n });\n const config = {\n headers: {\n 'X-OpenAM-Username': state.getUsername(),\n 'X-OpenAM-Password': state.getPassword(),\n },\n };\n let response = await step({ body: {}, config, state });\n\n let skip2FA = null;\n let steps = 0;\n const maxSteps = 3;\n do {\n skip2FA = checkAndHandle2FA(response, state);\n\n // throw exception if 2fa required but factor not supported by frodo (e.g. WebAuthN)\n if (!skip2FA.supported) {\n throw new Error(`Unsupported 2FA factor: ${skip2FA.factor}`);\n }\n\n if (skip2FA.nextStep) {\n steps++;\n response = await step({ body: skip2FA.payload, state });\n }\n\n if ('tokenId' in response) {\n response['from_cache'] = false;\n // get session expiration\n const sessionInfo = await getSessionInfo({\n tokenId: response['tokenId'],\n state,\n });\n response['expires'] = Date.parse(sessionInfo.maxIdleExpirationTime);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [tokenId=${response['tokenId']}]`,\n state,\n });\n debugMessage({\n message: response,\n state,\n });\n return response as UserSessionMetaType;\n }\n } while (skip2FA.nextStep && steps < maxSteps);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [no session]`,\n state,\n });\n return null;\n}\n\n/**\n * Helper function to obtain user session token\n * @param {State} state library state\n * @returns {Promise<UserSessionMetaType>} session token or null\n */\nasync function getUserSessionToken(state: State): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: start`,\n state,\n });\n let token: UserSessionMetaType = null;\n if (state.getUseTokenCache() && (await hasUserSessionToken({ state }))) {\n try {\n token = await readUserSessionToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: cached`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: failed cache read`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserSessionToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: fresh`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserSessionToken({ token, state });\n }\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: end`,\n state,\n });\n return token;\n}\n\n/**\n * Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @param {State} state library state\n * @returns {string} oauth2 authorization code or null\n */\nasync function getAuthCode(\n redirectURL: string,\n codeChallenge: string,\n codeChallengeMethod: string,\n state: State\n) {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${\n state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY\n ? cloudIdmAdminScopes\n : forgeopsIdmAdminScopes\n }&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (error) {\n response = error.response;\n if (response.status < 200 || response.status > 399) {\n printMessage({\n message: 'error getting auth code',\n type: 'error',\n state,\n });\n printMessage({\n message: response.data,\n type: 'error',\n state,\n });\n return null;\n }\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code;\n }\n printMessage({ message: 'auth code not found', type: 'error', state });\n return null;\n } catch (error) {\n printMessage({\n message: `error getting auth code - ${error.message}`,\n type: 'error',\n state,\n });\n printMessage({ message: error.response?.data, type: 'error', state });\n debugMessage({ message: error.stack, state });\n return null;\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getFreshUserBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: start`,\n state,\n });\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(\n redirectURL,\n challenge,\n challengeMethod,\n state\n );\n if (authCode == null) {\n printMessage({\n message: 'error getting auth code',\n type: 'error',\n state,\n });\n return null;\n }\n let response: AccessTokenMetaType = null;\n if (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n }\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: end with token`,\n state,\n });\n return response;\n }\n printMessage({\n message: 'No access token in response.',\n type: 'error',\n state,\n });\n } catch (error) {\n debugMessage({\n message: `Error getting access token for user: ${error}`,\n state,\n });\n debugMessage({ message: error.response?.data, state });\n }\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: end without token`,\n state,\n });\n return null;\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getUserBearerToken(state: State): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasUserBearerToken({ state }))) {\n try {\n token = await readUserBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserBearerToken({ token, state });\n }\n return token;\n}\n\nfunction createPayload(serviceAccountId: string, host: string) {\n const u = parseUrl(host);\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/**\n * Get fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getFreshSaBearerToken({\n saId = undefined,\n saJwk = undefined,\n state,\n}: {\n saId?: string;\n saJwk?: JwkRsa;\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: start`,\n state,\n });\n saId = saId ? saId : state.getServiceAccountId();\n saJwk = saJwk ? saJwk : state.getServiceAccountJwk();\n const payload = createPayload(saId, state.getHost());\n const jwt = await createSignedJwtToken(payload, saJwk);\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;\n const response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end`,\n state,\n });\n return response;\n }\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end [No access token in response]`,\n state,\n });\n return null;\n}\n\n/**\n * Get cached or fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getSaBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasSaBearerToken({ state }))) {\n try {\n token = await readSaBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshSaBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveSaBearerToken({ token, state });\n }\n return token;\n}\n\n/**\n * Helper function to determine deployment type, default realm, and version and update library state\n * @param state library state\n */\nasync function determineDeploymentTypeAndDefaultRealmAndVersion(\n state: State\n): Promise<void> {\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`,\n state,\n });\n state.setDeploymentType(await determineDeploymentType(state));\n determineDefaultRealm(state);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`,\n state,\n });\n\n const versionInfo = await getServerVersionInfo({ state });\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage({ message: `Full version: ${versionInfo.fullVersion}`, state });\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`,\n state,\n });\n}\n\n/**\n * Get logged-in subject\n * @param {State} state library state\n * @returns {string} a string identifying subject type and id\n */\nasync function getLoggedInSubject(state: State): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n try {\n const name = (\n await getServiceAccount({\n serviceAccountId: state.getServiceAccountId(),\n state,\n })\n ).name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n } catch (error) {\n subjectString = `service account ${state.getServiceAccountId()}`;\n }\n }\n return subjectString;\n}\n\n/**\n * Helper method to set, reset, or cancel timer to auto refresh tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n */\nfunction scheduleAutoRefresh(\n forceLoginAsUser: boolean,\n autoRefresh: boolean,\n state: State\n) {\n let timer = state.getAutoRefreshTimer();\n // clear existing timer\n if (timer) {\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: cancel existing timer`,\n state,\n });\n clearTimeout(timer);\n }\n // new timer\n if (autoRefresh) {\n const expires =\n state.getDeploymentType() === Constants.CLASSIC_DEPLOYMENT_TYPE_KEY\n ? state.getUserSessionTokenMeta()?.expires\n : state.getUseBearerTokenForAmApis()\n ? state.getBearerTokenMeta()?.expires\n : Math.min(\n state.getBearerTokenMeta()?.expires,\n state.getUserSessionTokenMeta()?.expires\n );\n let timeout = expires - Date.now() - 1000 * 25;\n if (timeout < 1000 * 30) {\n debugMessage({\n message: `Timeout below threshold of 30 seconds (${Math.ceil(\n timeout / 1000\n )}), resetting timeout to 10ms.`,\n state,\n });\n if (timeout < 10) timeout = 10;\n }\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: set new timer [${Math.floor(\n timeout / 1000\n )}s (${new Date(timeout).getMinutes()}m ${new Date(\n timeout\n ).getSeconds()}s)]`,\n state,\n });\n timer = setTimeout(getTokens, timeout, {\n forceLoginAsUser,\n autoRefresh,\n state,\n // Volker's Visual Studio Code doesn't want to have it any other way.\n }) as unknown as NodeJS.Timeout;\n state.setAutoRefreshTimer(timer);\n timer.unref();\n }\n}\n\n/**\n * Get tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\nexport async function getTokens({\n forceLoginAsUser = false,\n autoRefresh = true,\n state,\n}: {\n forceLoginAsUser?: boolean;\n autoRefresh?: boolean;\n state: State;\n}): Promise<boolean> {\n debugMessage({ message: `AuthenticateOps.getTokens: start`, state });\n if (!state.getHost()) {\n printMessage({\n message: `No host specified and FRODO_HOST env variable not set!`,\n type: 'error',\n state,\n });\n return false;\n }\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile({ state });\n if (conn) {\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n } else {\n return false;\n }\n }\n\n // if host is not a valid URL, try to locate a valid URL and deployment type from connections.json\n if (!isValidUrl(state.getHost())) {\n const conn = await getConnectionProfile({ state });\n if (conn) {\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n } else {\n return false;\n }\n }\n\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName(state));\n\n // use service account to login?\n if (\n !forceLoginAsUser &&\n state.getServiceAccountId() &&\n state.getServiceAccountJwk()\n ) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`,\n state,\n });\n try {\n const token = await getSaBearerToken({ state });\n state.setBearerTokenMeta(token);\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n } catch (saErr) {\n debugMessage({ message: saErr.response?.data || saErr, state });\n debugMessage({ message: state.getState(), state });\n throw new Error(\n `Service account login error: ${\n saErr.response?.data?.error_description ||\n saErr.response?.data?.message ||\n saErr\n }`\n );\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`,\n state,\n });\n const token = await getUserSessionToken(state);\n if (token) state.setUserSessionTokenMeta(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n if (\n state.getCookieValue() &&\n // !state.getBearerToken() &&\n (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY ||\n state.getDeploymentType() === Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getUserBearerToken(state);\n if (accessToken) state.setBearerTokenMeta(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n printMessage({\n message: `Incomplete or no credentials!`,\n type: 'error',\n state,\n });\n return false;\n }\n if (\n state.getCookieValue() ||\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n if (state.getBearerTokenMeta()?.from_cache) {\n verboseMessage({ message: `Using cached bearer token.`, state });\n }\n if (\n !state.getUseBearerTokenForAmApis() &&\n state.getUserSessionTokenMeta()?.from_cache\n ) {\n verboseMessage({ message: `Using cached session token.`, state });\n }\n printMessage({\n message: `Connected to ${state.getHost()} [${\n state.getRealm() ? state.getRealm() : 'root'\n }] as ${await getLoggedInSubject(state)}`,\n type: 'info',\n state,\n });\n scheduleAutoRefresh(forceLoginAsUser, autoRefresh, state);\n debugMessage({\n message: `AuthenticateOps.getTokens: end with tokens`,\n state,\n });\n return true;\n }\n } catch (error) {\n // regular error\n printMessage({ message: error.message, type: 'error', state });\n // axios error am api\n printMessage({\n message: error.response?.data?.message,\n type: 'error',\n state,\n });\n // axios error am oauth2 api\n printMessage({\n message: error.response?.data?.error_description,\n type: 'error',\n state,\n });\n // axios error data\n debugMessage({ message: error.response?.data, state });\n // stack trace\n debugMessage({ message: error.stack || new Error().stack, state });\n }\n debugMessage({\n message: `AuthenticateOps.getTokens: end without tokens`,\n state,\n });\n return false;\n}\n"],"mappings":";;;;;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,aAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,IAAA,GAAAD,sBAAA,CAAAF,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAA0B,IAAAK,gBAAA,GAAAL,OAAA;AAAA,IAAAM,cAAA,GAAAN,OAAA;AAAA,IAAAO,UAAA,GAAAL,sBAAA,CAAAF,OAAA;AAAA,IAAAQ,YAAA,GAAAR,OAAA;AAAA,IAAAS,QAAA,GAAAT,OAAA;AAAA,IAAAU,kBAAA,GAAAV,OAAA;AAAA,IAAAW,kBAAA,GAAAX,OAAA;AAAA,IAAAY,qBAAA,GAAAZ,OAAA;AAAA,IAAAa,QAAA,GAAAb,OAAA;AAAA,IAAAc,cAAA,GAAAd,OAAA;AAAA,IAAAe,WAAA,GAAAf,OAAA;AAAA,IAAAgB,cAAA,GAAAhB,OAAA;AAAA,SAAAE,uBAAAe,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,mBAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,GAAA,EAAAC,GAAA,cAAAC,IAAA,GAAAP,GAAA,CAAAK,GAAA,EAAAC,GAAA,OAAAE,KAAA,GAAAD,IAAA,CAAAC,KAAA,WAAAC,KAAA,IAAAP,MAAA,CAAAO,KAAA,iBAAAF,IAAA,CAAAG,IAAA,IAAAT,OAAA,CAAAO,KAAA,YAAAG,OAAA,CAAAV,OAAA,CAAAO,KAAA,EAAAI,IAAA,CAAAT,KAAA,EAAAC,MAAA;AAAA,SAAAS,kBAAAC,EAAA,6BAAAC,IAAA,SAAAC,IAAA,GAAAC,SAAA,aAAAN,OAAA,WAAAV,OAAA,EAAAC,MAAA,QAAAF,GAAA,GAAAc,EAAA,CAAAI,KAAA,CAAAH,IAAA,EAAAC,IAAA,YAAAb,MAAAK,KAAA,IAAAT,kBAAA,CAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,UAAAI,KAAA,cAAAJ,OAAAe,GAAA,IAAApB,kBAAA,CAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,WAAAe,GAAA,KAAAhB,KAAA,CAAAiB,SAAA;AAAA,IAAAC,QAAA,GA4DVC,KAAY,IAAmB;EAC7C,OAAO;IACCC,SAASA,CAAA,EAA+C;MAAA,IAAAC,UAAA,GAAAP,SAAA;MAAA,OAAAJ,iBAAA;QAAA,IAA9CY,gBAAgB,GAAAD,UAAA,CAAAE,MAAA,QAAAF,UAAA,QAAAJ,SAAA,GAAAI,UAAA,MAAG,KAAK;QAAA,IAAEG,WAAW,GAAAH,UAAA,CAAAE,MAAA,QAAAF,UAAA,QAAAJ,SAAA,GAAAI,UAAA,MAAG,IAAI;QAC1D,OAAOD,SAAS,CAAC;UAAEE,gBAAgB;UAAEE,WAAW;UAAEL;QAAM,CAAC,CAAC;MAAC;IAC7D,CAAC;IAED;IACMM,+BAA+BA,CAAA,EAGX;MAAA,IAAAC,WAAA,GAAAZ,SAAA;MAAA,OAAAJ,iBAAA;QAAA,IAFxBiB,IAAY,GAAAD,WAAA,CAAAH,MAAA,QAAAG,WAAA,QAAAT,SAAA,GAAAS,WAAA,MAAGT,SAAS;QAAA,IACxBW,KAAa,GAAAF,WAAA,CAAAH,MAAA,QAAAG,WAAA,QAAAT,SAAA,GAAAS,WAAA,MAAGT,SAAS;QAEzB,IAAM;UAAEY;QAAa,CAAC,SAASC,qBAAqB,CAAC;UACnDH,IAAI;UACJC,KAAK;UACLT;QACF,CAAC,CAAC;QACF,OAAOU,YAAY;MAAC;IACtB;EACF,CAAC;AACH,CAAC;AAAAE,OAAA,CAAApC,OAAA,GAAAuB,QAAA;AAED,IAAMc,mBAAmB,GAAG,eAAe;AAC3C,IAAMC,mBAAmB,GAAG,sCAAsC;AAElE,IAAMC,mBAAmB,GAAG,8BAA8B;AAC1D,IAAMC,sBAAsB,GAAG,iBAAiB;AAChD,IAAMC,oBAAoB,GAAG,+BAA+B;AAE5D,IAAMC,YAAY,GAAG,gBAAgB;AACrC,IAAMC,gBAAgB,GAAG,cAAc;AACvC,IAAIC,aAAa,GAAGF,YAAY;;AAEhC;AACA;AACA;AACA;AACA;AAJA,SAKeG,mBAAmBA,CAAAC,EAAA;EAAA,OAAAC,oBAAA,CAAA3B,KAAA,OAAAD,SAAA;AAAA;AASlC;AACA;AACA;AACA;AACA;AACA;AALA,SAAA4B,qBAAA;EAAAA,oBAAA,GAAAhC,iBAAA,CATA,WAAmCS,KAAY,EAAE;IAC/C,IAAMwB,IAAI,SAAS,IAAAC,4BAAa,EAAC;MAAEzB;IAAM,CAAC,CAAC;IAC3C,IAAA0B,qBAAY,EAAC;MACXC,OAAO,qDAAAC,MAAA,CAAqDJ,IAAI,CAACK,UAAU,CAAE;MAC7E7B;IACF,CAAC,CAAC;IACF,OAAOwB,IAAI,CAACK,UAAU;EACxB,CAAC;EAAA,OAAAN,oBAAA,CAAA3B,KAAA,OAAAD,SAAA;AAAA;AAQD,SAASmC,iBAAiBA,CAACC,OAAO,EAAE/B,KAAY,EAAE;EAChD,IAAA0B,qBAAY,EAAC;IAAEC,OAAO,4CAA4C;IAAE3B;EAAM,CAAC,CAAC;EAC5E;EACA,IAAI,WAAW,IAAI+B,OAAO,EAAE;IAC1B,KAAK,IAAMC,QAAQ,IAAID,OAAO,CAACE,SAAS,EAAE;MACxC;MACA,IAAID,QAAQ,CAACE,IAAI,KAAK,mBAAmB,EAAE;QACzC,IAAAR,qBAAY,EAAC;UACXC,OAAO,mFAAmF;UAC1F3B;QACF,CAAC,CAAC;QACF,IAAImC,SAAS,GAAG,KAAK;QACrB,KAAK,IAAMjD,KAAK,IAAI8C,QAAQ,CAACI,MAAM,CAAC,CAAC,CAAC,CAAClD,KAAK,EAAE;UAC5C,IAAAwC,qBAAY,EAAC;YAAEC,OAAO,KAAAC,MAAA,CAAK1C,KAAK,CAACmD,QAAQ,CAAE;YAAErC;UAAM,CAAC,CAAC;UACrD,IAAId,KAAK,CAACmD,QAAQ,KAAK,qBAAqB,EAAE;YAC5CF,SAAS,GAAG,IAAI;UAClB;QACF;QACA,IAAIA,SAAS,EAAE;UACb,IAAAT,qBAAY,EAAC;YAAEC,OAAO,sBAAsB;YAAE3B;UAAM,CAAC,CAAC;UACtDgC,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,GAAG,qBAAqB;QACjD,CAAC,MAAM;UACL,IAAAwC,qBAAY,EAAC;YAAEC,OAAO,0BAA0B;YAAE3B;UAAM,CAAC,CAAC;QAC5D;MACF;MACA,IAAIgC,QAAQ,CAACE,IAAI,KAAK,qBAAqB,EAAE;QAC3C,IAAIF,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,CAACqD,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC5C;UACAP,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,GAAG,MAAM;UAChC;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;QACF;QACA,IAAI8C,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,CAACqD,QAAQ,CAAC,iBAAiB,CAAC,EAAE;UACvD;UACA,IAAAb,qBAAY,EAAC;YACXC,OAAO,uFAAuF;YAC9F3B;UACF,CAAC,CAAC;UACF,OAAO;YACLwC,QAAQ,EAAE,KAAK;YACfC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,UAAU;YAClBC,SAAS,EAAE,KAAK;YAChBZ;UACF,CAAC;QACH;MACF;MACA,IAAIC,QAAQ,CAACE,IAAI,KAAK,cAAc,EAAE;QACpC,IAAIF,QAAQ,CAACI,MAAM,CAAC,CAAC,CAAC,CAAClD,KAAK,CAACqD,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC7C;UACA,IAAAb,qBAAY,EAAC;YACXC,OAAO,oEAAoE;YAC3E3B;UACF,CAAC,CAAC;UACF,IAAA4C,qBAAY,EAAC;YACXjB,OAAO,EAAE,8CAA8C;YACvD3B;UACF,CAAC,CAAC;UACF,IAAM6C,IAAI,GAAGC,qBAAY,CAACC,QAAQ,IAAAnB,MAAA,CAAII,QAAQ,CAACI,MAAM,CAAC,CAAC,CAAC,CAAClD,KAAK,OAAI,CAAC;UACnE8C,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,GAAG2D,IAAI;UAC9B,IAAAnB,qBAAY,EAAC;YACXC,OAAO,uFAAuF;YAC9F3B;UACF,CAAC,CAAC;UACF,OAAO;YACLwC,QAAQ,EAAE,IAAI;YACdC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,MAAM;YACdC,SAAS,EAAE,IAAI;YACfZ;UACF,CAAC;QACH,CAAC,MAAM;UACL;UACAC,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,GAAGc,KAAK,CAACgD,WAAW,CAAC,CAAC;QAC/C;MACF;MACA,IAAIhB,QAAQ,CAACE,IAAI,KAAK,kBAAkB,EAAE;QACxC;QACAF,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACpD,KAAK,GAAGc,KAAK,CAACiD,WAAW,CAAC,CAAC;MAC/C;IACF;IACA,IAAAvB,qBAAY,EAAC;MACXC,OAAO,0DAA0D;MACjE3B;IACF,CAAC,CAAC;IACF;IACA,OAAO;MACLwC,QAAQ,EAAE,IAAI;MACdC,OAAO,EAAE,KAAK;MACdC,MAAM,EAAE,MAAM;MACdC,SAAS,EAAE,IAAI;MACfZ;IACF,CAAC;EACH;EACA,IAAAL,qBAAY,EAAC;IACXC,OAAO,0DAA0D;IACjE3B;EACF,CAAC,CAAC;EACF;EACA,OAAO;IACLwC,QAAQ,EAAE,KAAK;IACfC,OAAO,EAAE,KAAK;IACdC,MAAM,EAAE,MAAM;IACdC,SAAS,EAAE,IAAI;IACfZ;EACF,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA,SAASmB,qBAAqBA,CAAClD,KAAY,EAAE;EAC3C,IAAI,CAACA,KAAK,CAACmD,QAAQ,CAAC,CAAC,IAAInD,KAAK,CAACmD,QAAQ,CAAC,CAAC,KAAKC,kBAAS,CAACC,iBAAiB,EAAE;IACzErD,KAAK,CAACsD,QAAQ,CACZF,kBAAS,CAACG,yBAAyB,CAACvD,KAAK,CAACwD,iBAAiB,CAAC,CAAC,CAC/D,CAAC;EACH;AACF;;AAEA;AACA;AACA;AACA;AACA;AAJA,SAKeC,uBAAuBA,CAAAC,GAAA;EAAA,OAAAC,wBAAA,CAAA/D,KAAA,OAAAD,SAAA;AAAA;AAyFtC;AACA;AACA;AACA;AACA;AAJA,SAAAgE,yBAAA;EAAAA,wBAAA,GAAApE,iBAAA,CAzFA,WAAuCS,KAAY,EAAmB;IACpE,IAAM4D,WAAW,GAAG5D,KAAK,CAAC6D,cAAc,CAAC,CAAC;IAC1C,IAAIC,cAAc,GAAG9D,KAAK,CAACwD,iBAAiB,CAAC,CAAC;IAE9C,QAAQM,cAAc;MACpB,KAAKV,kBAAS,CAACW,yBAAyB;QACtC,OAAOD,cAAc;MAEvB,KAAKV,kBAAS,CAACY,4BAA4B;QACzC5C,aAAa,GAAGD,gBAAgB;QAChC,OAAO2C,cAAc;MAEvB,KAAKV,kBAAS,CAACa,2BAA2B;QACxC,OAAOH,cAAc;;MAEvB;MACA;QAAS;UACP;UACA,IAAI9D,KAAK,CAACkE,0BAA0B,CAAC,CAAC,EACpC,OAAOd,kBAAS,CAACW,yBAAyB;UAE5C,IAAMI,QAAQ,GAAG,IAAAC,4BAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;UACjD,IAAMC,SAAS,GAAG,IAAAF,4BAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,CAAC,CAC/C,CAAC;UACD,IAAMC,eAAe,GAAG,MAAM;UAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACjG,OAAO,CAACqB,KAAK,CAAC6E,OAAO,CAAC,CAAC,EAAE/D,mBAAmB,CAAC;UAErE,IAAMgE,MAAM,GAAG;YACbC,YAAY,EAAE,CAAC;YACfC,OAAO,EAAE;cACP,CAAChF,KAAK,CAACiF,aAAa,CAAC,CAAC,GAAGjF,KAAK,CAAC6D,cAAc,CAAC;YAChD;UACF,CAAC;UACD,IAAIqB,YAAY,mBAAAtD,MAAA,CAAmB+C,WAAW,aAAA/C,MAAA,CAAUb,mBAAmB,oCAAAa,MAAA,CAAiCV,YAAY,YAAAU,MAAA,CAASgC,WAAW,qCAAAhC,MAAA,CAAkC0C,SAAS,6BAAA1C,MAAA,CAA0B8C,eAAe,CAAE;UAElOZ,cAAc,GAAGV,kBAAS,CAACa,2BAA2B;UACtD,IAAI;YACF,MAAM,IAAAkB,wBAAS,EAAC;cACdC,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;cAC1BrD,IAAI,EAAE0D,YAAY;cAClBJ,MAAM;cACN9E;YACF,CAAC,CAAC;UACJ,CAAC,CAAC,OAAOqF,CAAC,EAAE;YAAA,IAAAC,WAAA,EAAAC,mBAAA;YACV;YACA,IACE,EAAAD,WAAA,GAAAD,CAAC,CAACG,QAAQ,cAAAF,WAAA,uBAAVA,WAAA,CAAYG,MAAM,MAAK,GAAG,IAC1B,EAAAF,mBAAA,GAAAF,CAAC,CAACG,QAAQ,CAACR,OAAO,cAAAO,mBAAA,gBAAAA,mBAAA,GAAlBA,mBAAA,CAAoBG,QAAQ,cAAAH,mBAAA,uBAA5BA,mBAAA,CAA8BI,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACnD;cACA,IAAAC,uBAAc,EAAC;gBACbjE,OAAO,EAAE,2BAA2B,YAAY,CAAC,eAAe;gBAChE3B;cACF,CAAC,CAAC;cACF8D,cAAc,GAAGV,kBAAS,CAACW,yBAAyB;YACtD,CAAC,MAAM;cACL,IAAI;gBACFmB,YAAY,mBAAAtD,MAAA,CAAmB+C,WAAW,aAAA/C,MAAA,CAAUZ,sBAAsB,oCAAAY,MAAA,CAAiCT,gBAAgB,YAAAS,MAAA,CAAS5B,KAAK,CAAC6D,cAAc,CAAC,CAAC,qCAAAjC,MAAA,CAAkC0C,SAAS,6BAAA1C,MAAA,CAA0B8C,eAAe,CAAE;gBAChP,MAAM,IAAAS,wBAAS,EAAC;kBACdC,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;kBAC1BrD,IAAI,EAAE0D,YAAY;kBAClBJ,MAAM;kBACN9E;gBACF,CAAC,CAAC;cACJ,CAAC,CAAC,OAAO6F,EAAE,EAAE;gBAAA,IAAAC,YAAA,EAAAC,oBAAA;gBACX,IACE,EAAAD,YAAA,GAAAD,EAAE,CAACL,QAAQ,cAAAM,YAAA,uBAAXA,YAAA,CAAaL,MAAM,MAAK,GAAG,IAC3B,EAAAM,oBAAA,GAAAF,EAAE,CAACL,QAAQ,CAACR,OAAO,cAAAe,oBAAA,gBAAAA,oBAAA,GAAnBA,oBAAA,CAAqBL,QAAQ,cAAAK,oBAAA,uBAA7BA,oBAAA,CAA+BJ,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACpD;kBACAvE,aAAa,GAAGD,gBAAgB;kBAChC,IAAAyE,uBAAc,EAAC;oBACbjE,OAAO,EAAE,sBAAsB,YAAY,CAAC,eAAe;oBAC3D3B;kBACF,CAAC,CAAC;kBACF8D,cAAc,GAAGV,kBAAS,CAACY,4BAA4B;gBACzD,CAAC,MAAM;kBACL,IAAA4B,uBAAc,EAAC;oBACbjE,OAAO,EAAE,qBAAqB,YAAY,CAAC,eAAe;oBAC1D3B;kBACF,CAAC,CAAC;gBACJ;cACF;YACF;UACF;UACA,OAAO8D,cAAc;QACvB;IACF;EACF,CAAC;EAAA,OAAAH,wBAAA,CAAA/D,KAAA,OAAAD,SAAA;AAAA;AAOD,SAASqG,kBAAkBA,CAACC,WAAW,EAAE;EACvC,IAAI,SAAS,IAAIA,WAAW,EAAE;IAC5B,IAAMC,aAAa,GAAGD,WAAW,CAACE,OAAO;IACzC,IAAMC,EAAE,GAAG,8BAA8B;IACzC,IAAMD,OAAO,GAAGD,aAAa,CAACG,KAAK,CAACD,EAAE,CAAC;IACvC,OAAOD,OAAO,CAAC,CAAC,CAAC;EACnB;EACA,MAAM,IAAIG,KAAK,CAAC,2DAA2D,CAAC;AAC9E;AAUA;AACA;AACA;AACA;AACA;AAJA,SAKeC,wBAAwBA,CAAAC,GAAA;EAAA,OAAAC,yBAAA,CAAA7G,KAAA,OAAAD,SAAA;AAAA;AA2DvC;AACA;AACA;AACA;AACA;AAJA,SAAA8G,0BAAA;EAAAA,yBAAA,GAAAlH,iBAAA,CA3DA,WAAAmH,IAAA,EAIiC;IAAA,IAJO;MACtC1G;IAGF,CAAC,GAAA0G,IAAA;IACC,IAAAhF,qBAAY,EAAC;MACXC,OAAO,mDAAmD;MAC1D3B;IACF,CAAC,CAAC;IACF,IAAM8E,MAAM,GAAG;MACbE,OAAO,EAAE;QACP,mBAAmB,EAAEhF,KAAK,CAACgD,WAAW,CAAC,CAAC;QACxC,mBAAmB,EAAEhD,KAAK,CAACiD,WAAW,CAAC;MACzC;IACF,CAAC;IACD,IAAIuC,QAAQ,SAAS,IAAAmB,qBAAI,EAAC;MAAEC,IAAI,EAAE,CAAC,CAAC;MAAE9B,MAAM;MAAE9E;IAAM,CAAC,CAAC;IAEtD,IAAI6G,OAAO,GAAG,IAAI;IAClB,IAAIC,KAAK,GAAG,CAAC;IACb,IAAMC,QAAQ,GAAG,CAAC;IAClB,GAAG;MACDF,OAAO,GAAG/E,iBAAiB,CAAC0D,QAAQ,EAAExF,KAAK,CAAC;;MAE5C;MACA,IAAI,CAAC6G,OAAO,CAAClE,SAAS,EAAE;QACtB,MAAM,IAAI2D,KAAK,4BAAA1E,MAAA,CAA4BiF,OAAO,CAACnE,MAAM,CAAE,CAAC;MAC9D;MAEA,IAAImE,OAAO,CAACrE,QAAQ,EAAE;QACpBsE,KAAK,EAAE;QACPtB,QAAQ,SAAS,IAAAmB,qBAAI,EAAC;UAAEC,IAAI,EAAEC,OAAO,CAAC9E,OAAO;UAAE/B;QAAM,CAAC,CAAC;MACzD;MAEA,IAAI,SAAS,IAAIwF,QAAQ,EAAE;QACzBA,QAAQ,CAAC,YAAY,CAAC,GAAG,KAAK;QAC9B;QACA,IAAMwB,WAAW,SAAS,IAAAC,0BAAc,EAAC;UACvCC,OAAO,EAAE1B,QAAQ,CAAC,SAAS,CAAC;UAC5BxF;QACF,CAAC,CAAC;QACFwF,QAAQ,CAAC,SAAS,CAAC,GAAG2B,IAAI,CAACC,KAAK,CAACJ,WAAW,CAACK,qBAAqB,CAAC;QACnE,IAAA3F,qBAAY,EAAC;UACXC,OAAO,4DAAAC,MAAA,CAA4D4D,QAAQ,CAAC,SAAS,CAAC,MAAG;UACzFxF;QACF,CAAC,CAAC;QACF,IAAA0B,qBAAY,EAAC;UACXC,OAAO,EAAE6D,QAAQ;UACjBxF;QACF,CAAC,CAAC;QACF,OAAOwF,QAAQ;MACjB;IACF,CAAC,QAAQqB,OAAO,CAACrE,QAAQ,IAAIsE,KAAK,GAAGC,QAAQ;IAC7C,IAAArF,qBAAY,EAAC;MACXC,OAAO,8DAA8D;MACrE3B;IACF,CAAC,CAAC;IACF,OAAO,IAAI;EACb,CAAC;EAAA,OAAAyG,yBAAA,CAAA7G,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOc2H,mBAAmBA,CAAAC,GAAA;EAAA,OAAAC,oBAAA,CAAA5H,KAAA,OAAAD,SAAA;AAAA;AAuClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPA,SAAA6H,qBAAA;EAAAA,oBAAA,GAAAjI,iBAAA,CAvCA,WAAmCS,KAAY,EAAgC;IAC7E,IAAA0B,qBAAY,EAAC;MACXC,OAAO,8CAA8C;MACrD3B;IACF,CAAC,CAAC;IACF,IAAIyH,KAA0B,GAAG,IAAI;IACrC,IAAIzH,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,WAAW,IAAAC,kCAAmB,EAAC;MAAE3H;IAAM,CAAC,CAAC,CAAC,EAAE;MACtE,IAAI;QACFyH,KAAK,SAAS,IAAAG,mCAAoB,EAAC;UAAE5H;QAAM,CAAC,CAAC;QAC7CyH,KAAK,CAACI,UAAU,GAAG,IAAI;QACvB,IAAAnG,qBAAY,EAAC;UACXC,OAAO,+CAA+C;UACtD3B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACd,IAAAuC,qBAAY,EAAC;UACXC,OAAO,0DAA0D;UACjE3B;QACF,CAAC,CAAC;MACJ;IACF;IACA,IAAI,CAACyH,KAAK,EAAE;MACVA,KAAK,SAASlB,wBAAwB,CAAC;QAAEvG;MAAM,CAAC,CAAC;MACjDyH,KAAK,CAACI,UAAU,GAAG,KAAK;MACxB,IAAAnG,qBAAY,EAAC;QACXC,OAAO,8CAA8C;QACrD3B;MACF,CAAC,CAAC;IACJ;IACA,IAAIA,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,EAAE;MAC5B,MAAM,IAAAI,mCAAoB,EAAC;QAAEL,KAAK;QAAEzH;MAAM,CAAC,CAAC;IAC9C;IACA,IAAA0B,qBAAY,EAAC;MACXC,OAAO,4CAA4C;MACnD3B;IACF,CAAC,CAAC;IACF,OAAOyH,KAAK;EACd,CAAC;EAAA,OAAAD,oBAAA,CAAA5H,KAAA,OAAAD,SAAA;AAAA;AAAA,SAUcoI,WAAWA,CAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,YAAA,CAAAxI,KAAA,OAAAD,SAAA;AAAA;AA6D1B;AACA;AACA;AACA;AACA;AAJA,SAAAyI,aAAA;EAAAA,YAAA,GAAA7I,iBAAA,CA7DA,WACEoF,WAAmB,EACnB0D,aAAqB,EACrBC,mBAA2B,EAC3BtI,KAAY,EACZ;IACA,IAAI;MAAA,IAAAuI,iBAAA;MACF,IAAMrD,YAAY,mBAAAtD,MAAA,CAAmB+C,WAAW,aAAA/C,MAAA,CAC9C5B,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,GAC7DhD,mBAAmB,GACnBC,sBAAsB,oCAAAY,MAAA,CACKR,aAAa,YAAAQ,MAAA,CAAS5B,KAAK,CAAC6D,cAAc,CAAC,CAAC,qCAAAjC,MAAA,CAAkCyG,aAAa,6BAAAzG,MAAA,CAA0B0G,mBAAmB,CAAE;MAC3K,IAAMxD,MAAM,GAAG;QACbE,OAAO,EAAE;UACP,cAAc,EAAE;QAClB,CAAC;QACDD,YAAY,EAAE;MAChB,CAAC;MACD,IAAIS,QAAQ,GAAG1F,SAAS;MACxB,IAAI;QACF0F,QAAQ,SAAS,IAAAL,wBAAS,EAAC;UACzBC,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;UAC1BrD,IAAI,EAAE0D,YAAY;UAClBJ,MAAM;UACN9E;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACdqG,QAAQ,GAAGrG,KAAK,CAACqG,QAAQ;QACzB,IAAIA,QAAQ,CAACC,MAAM,GAAG,GAAG,IAAID,QAAQ,CAACC,MAAM,GAAG,GAAG,EAAE;UAClD,IAAA7C,qBAAY,EAAC;YACXjB,OAAO,EAAE,yBAAyB;YAClCO,IAAI,EAAE,OAAO;YACblC;UACF,CAAC,CAAC;UACF,IAAA4C,qBAAY,EAAC;YACXjB,OAAO,EAAE6D,QAAQ,CAAChE,IAAI;YACtBU,IAAI,EAAE,OAAO;YACblC;UACF,CAAC,CAAC;UACF,OAAO,IAAI;QACb;MACF;MACA,IAAMwI,mBAAmB,IAAAD,iBAAA,GAAG/C,QAAQ,CAACR,OAAO,cAAAuD,iBAAA,uBAAhBA,iBAAA,CAAkB7C,QAAQ;MACtD,IAAM+C,WAAW,GAAG7D,YAAG,CAACwC,KAAK,CAACoB,mBAAmB,EAAE,IAAI,CAAC,CAACE,KAAK;MAC9D,IAAI,MAAM,IAAID,WAAW,EAAE;QACzB,OAAOA,WAAW,CAAC5F,IAAI;MACzB;MACA,IAAAD,qBAAY,EAAC;QAAEjB,OAAO,EAAE,qBAAqB;QAAEO,IAAI,EAAE,OAAO;QAAElC;MAAM,CAAC,CAAC;MACtE,OAAO,IAAI;IACb,CAAC,CAAC,OAAOb,KAAK,EAAE;MAAA,IAAAwJ,eAAA;MACd,IAAA/F,qBAAY,EAAC;QACXjB,OAAO,+BAAAC,MAAA,CAA+BzC,KAAK,CAACwC,OAAO,CAAE;QACrDO,IAAI,EAAE,OAAO;QACblC;MACF,CAAC,CAAC;MACF,IAAA4C,qBAAY,EAAC;QAAEjB,OAAO,GAAAgH,eAAA,GAAExJ,KAAK,CAACqG,QAAQ,cAAAmD,eAAA,uBAAdA,eAAA,CAAgBnH,IAAI;QAAEU,IAAI,EAAE,OAAO;QAAElC;MAAM,CAAC,CAAC;MACrE,IAAA0B,qBAAY,EAAC;QAAEC,OAAO,EAAExC,KAAK,CAACyJ,KAAK;QAAE5I;MAAM,CAAC,CAAC;MAC7C,OAAO,IAAI;IACb;EACF,CAAC;EAAA,OAAAoI,YAAA,CAAAxI,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOckJ,uBAAuBA,CAAAC,GAAA;EAAA,OAAAC,wBAAA,CAAAnJ,KAAA,OAAAD,SAAA;AAAA;AAgFtC;AACA;AACA;AACA;AACA;AAJA,SAAAoJ,yBAAA;EAAAA,wBAAA,GAAAxJ,iBAAA,CAhFA,WAAAyJ,KAAA,EAIiC;IAAA,IAJM;MACrChJ;IAGF,CAAC,GAAAgJ,KAAA;IACC,IAAAtH,qBAAY,EAAC;MACXC,OAAO,gDAAgD;MACvD3B;IACF,CAAC,CAAC;IACF,IAAI;MACF,IAAMmE,QAAQ,GAAG,IAAAC,4BAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;MACjD,IAAMC,SAAS,GAAG,IAAAF,4BAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,CAAC,CAC/C,CAAC;MACD,IAAMC,eAAe,GAAG,MAAM;MAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACjG,OAAO,CAACqB,KAAK,CAAC6E,OAAO,CAAC,CAAC,EAAE/D,mBAAmB,CAAC;MACrE,IAAMmI,QAAQ,SAASlB,WAAW,CAChCpD,WAAW,EACXL,SAAS,EACTI,eAAe,EACf1E,KACF,CAAC;MACD,IAAIiJ,QAAQ,IAAI,IAAI,EAAE;QACpB,IAAArG,qBAAY,EAAC;UACXjB,OAAO,EAAE,yBAAyB;UAClCO,IAAI,EAAE,OAAO;UACblC;QACF,CAAC,CAAC;QACF,OAAO,IAAI;MACb;MACA,IAAIwF,QAA6B,GAAG,IAAI;MACxC,IAAIxF,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,EAAE;QACrE,IAAMe,MAAM,GAAG;UACboE,IAAI,EAAE;YACJC,QAAQ,EAAE/H,aAAa;YACvBgI,QAAQ,EAAEvI;UACZ;QACF,CAAC;QACD,IAAMqE,YAAY,mBAAAtD,MAAA,CAAmB+C,WAAW,0CAAA/C,MAAA,CAAuCqH,QAAQ,qBAAArH,MAAA,CAAkBuC,QAAQ,CAAE;QAC3HqB,QAAQ,SAAS,IAAA6D,0BAAW,EAAC;UAC3BjE,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;UAC1BrD,IAAI,EAAE0D,YAAY;UAClBJ,MAAM;UACN9E;QACF,CAAC,CAAC;MACJ,CAAC,MAAM;QACL,IAAMkF,aAAY,gBAAAtD,MAAA,CAAgBR,aAAa,oBAAAQ,MAAA,CAAiB+C,WAAW,0CAAA/C,MAAA,CAAuCqH,QAAQ,qBAAArH,MAAA,CAAkBuC,QAAQ,CAAE;QACtJqB,QAAQ,SAAS,IAAA6D,0BAAW,EAAC;UAC3BjE,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;UAC1BrD,IAAI,EAAE0D,aAAY;UAClBJ,MAAM,EAAE,CAAC,CAAC;UACV9E;QACF,CAAC,CAAC;MACJ;MACA,IAAI,cAAc,IAAIwF,QAAQ,EAAE;QAC9B,IAAA9D,qBAAY,EAAC;UACXC,OAAO,yDAAyD;UAChE3B;QACF,CAAC,CAAC;QACF,OAAOwF,QAAQ;MACjB;MACA,IAAA5C,qBAAY,EAAC;QACXjB,OAAO,EAAE,8BAA8B;QACvCO,IAAI,EAAE,OAAO;QACblC;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;MAAA,IAAAmK,gBAAA;MACd,IAAA5H,qBAAY,EAAC;QACXC,OAAO,0CAAAC,MAAA,CAA0CzC,KAAK,CAAE;QACxDa;MACF,CAAC,CAAC;MACF,IAAA0B,qBAAY,EAAC;QAAEC,OAAO,GAAA2H,gBAAA,GAAEnK,KAAK,CAACqG,QAAQ,cAAA8D,gBAAA,uBAAdA,gBAAA,CAAgB9H,IAAI;QAAExB;MAAM,CAAC,CAAC;IACxD;IACA,IAAA0B,qBAAY,EAAC;MACXC,OAAO,4DAA4D;MACnE3B;IACF,CAAC,CAAC;IACF,OAAO,IAAI;EACb,CAAC;EAAA,OAAA+I,wBAAA,CAAAnJ,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOc4J,kBAAkBA,CAAAC,IAAA;EAAA,OAAAC,mBAAA,CAAA7J,KAAA,OAAAD,SAAA;AAAA;AAAA,SAAA8J,oBAAA;EAAAA,mBAAA,GAAAlK,iBAAA,CAAjC,WAAkCS,KAAY,EAAgC;IAC5E,IAAA0B,qBAAY,EAAC;MACXC,OAAO,6CAA6C;MACpD3B;IACF,CAAC,CAAC;IACF,IAAIyH,KAA0B,GAAG,IAAI;IACrC,IAAIzH,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,WAAW,IAAAgC,iCAAkB,EAAC;MAAE1J;IAAM,CAAC,CAAC,CAAC,EAAE;MACrE,IAAI;QACFyH,KAAK,SAAS,IAAAkC,kCAAmB,EAAC;UAAE3J;QAAM,CAAC,CAAC;QAC5CyH,KAAK,CAACI,UAAU,GAAG,IAAI;QACvB,IAAAnG,qBAAY,EAAC;UACXC,OAAO,oDAAoD;UAC3D3B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACd,IAAAuC,qBAAY,EAAC;UACXC,OAAO,+DAA+D;UACtE3B;QACF,CAAC,CAAC;MACJ;IACF;IACA,IAAI,CAACyH,KAAK,EAAE;MACVA,KAAK,SAASoB,uBAAuB,CAAC;QAAE7I;MAAM,CAAC,CAAC;MAChDyH,KAAK,CAACI,UAAU,GAAG,KAAK;MACxB,IAAAnG,qBAAY,EAAC;QACXC,OAAO,mDAAmD;QAC1D3B;MACF,CAAC,CAAC;IACJ;IACA,IAAIA,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,EAAE;MAC5B,MAAM,IAAAkC,kCAAmB,EAAC;QAAEnC,KAAK;QAAEzH;MAAM,CAAC,CAAC;IAC7C;IACA,OAAOyH,KAAK;EACd,CAAC;EAAA,OAAAgC,mBAAA,CAAA7J,KAAA,OAAAD,SAAA;AAAA;AAED,SAASkK,aAAaA,CAACC,gBAAwB,EAAEC,IAAY,EAAE;EAC7D,IAAMC,CAAC,GAAG,IAAAC,2BAAQ,EAACF,IAAI,CAAC;EACxB,IAAMG,GAAG,MAAAtI,MAAA,CAAMoI,CAAC,CAACG,MAAM,OAAAvI,MAAA,CACrBoI,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACK,QAAQ,KAAK,OAAO,GAAG,KAAK,GAAG,IAAI,EAAAzI,MAAA,CACtDoI,CAAC,CAACM,QAAQ,yBAAsB;;EAEnC;EACA,IAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAAC,IAAItD,IAAI,CAAC,CAAC,CAACuD,OAAO,CAAC,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC;;EAEzD;EACA,IAAMC,GAAG,GAAG,IAAAC,QAAE,EAAC,CAAC;EAEhB,IAAMC,GAAG,GAAGf,gBAAgB;EAC5B,IAAMgB,GAAG,GAAGhB,gBAAgB;;EAE5B;EACA,IAAM/H,OAAO,GAAG;IAAE8I,GAAG;IAAEC,GAAG;IAAEZ,GAAG;IAAEK,GAAG;IAAEI;EAAI,CAAC;EAE3C,OAAO5I,OAAO;AAChB;;AAEA;AACA;AACA;AACA;AACA;AAJA,SAKsBpB,qBAAqBA,CAAAoK,IAAA;EAAA,OAAAC,sBAAA,CAAApL,KAAA,OAAAD,SAAA;AAAA;AAsC3C;AACA;AACA;AACA;AACA;AAJA,SAAAqL,uBAAA;EAAAA,sBAAA,GAAAzL,iBAAA,CAtCO,WAAA0L,KAAA,EAQ0B;IAAA,IARW;MAC1CzK,IAAI,GAAGV,SAAS;MAChBW,KAAK,GAAGX,SAAS;MACjBE;IAKF,CAAC,GAAAiL,KAAA;IACC,IAAAvJ,qBAAY,EAAC;MACXC,OAAO,gDAAgD;MACvD3B;IACF,CAAC,CAAC;IACFQ,IAAI,GAAGA,IAAI,GAAGA,IAAI,GAAGR,KAAK,CAACkL,mBAAmB,CAAC,CAAC;IAChDzK,KAAK,GAAGA,KAAK,GAAGA,KAAK,GAAGT,KAAK,CAACmL,oBAAoB,CAAC,CAAC;IACpD,IAAMpJ,OAAO,GAAG8H,aAAa,CAACrJ,IAAI,EAAER,KAAK,CAAC6E,OAAO,CAAC,CAAC,CAAC;IACpD,IAAMuG,GAAG,SAAS,IAAAC,6BAAoB,EAACtJ,OAAO,EAAEtB,KAAK,CAAC;IACtD,IAAMyE,YAAY,gBAAAtD,MAAA,CAAgBwJ,GAAG,8FAAAxJ,MAAA,CAA2FX,oBAAoB,CAAE;IACtJ,IAAMuE,QAAQ,SAAS,IAAA6D,0BAAW,EAAC;MACjCjE,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;MAC1BrD,IAAI,EAAE0D,YAAY;MAClBJ,MAAM,EAAE,CAAC,CAAC;MACV9E;IACF,CAAC,CAAC;IACF,IAAI,cAAc,IAAIwF,QAAQ,EAAE;MAC9B,IAAA9D,qBAAY,EAAC;QACXC,OAAO,8CAA8C;QACrD3B;MACF,CAAC,CAAC;MACF,OAAOwF,QAAQ;IACjB;IACA,IAAA9D,qBAAY,EAAC;MACXC,OAAO,4EAA4E;MACnF3B;IACF,CAAC,CAAC;IACF,OAAO,IAAI;EACb,CAAC;EAAA,OAAAgL,sBAAA,CAAApL,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOqB2L,gBAAgBA,CAAAC,IAAA;EAAA,OAAAC,iBAAA,CAAA5L,KAAA,OAAAD,SAAA;AAAA;AAuCtC;AACA;AACA;AACA;AAHA,SAAA6L,kBAAA;EAAAA,iBAAA,GAAAjM,iBAAA,CAvCO,WAAAkM,KAAA,EAI0B;IAAA,IAJM;MACrCzL;IAGF,CAAC,GAAAyL,KAAA;IACC,IAAA/J,qBAAY,EAAC;MACXC,OAAO,2CAA2C;MAClD3B;IACF,CAAC,CAAC;IACF,IAAIyH,KAA0B,GAAG,IAAI;IACrC,IAAIzH,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,WAAW,IAAAgE,+BAAgB,EAAC;MAAE1L;IAAM,CAAC,CAAC,CAAC,EAAE;MACnE,IAAI;QACFyH,KAAK,SAAS,IAAAkE,gCAAiB,EAAC;UAAE3L;QAAM,CAAC,CAAC;QAC1CyH,KAAK,CAACI,UAAU,GAAG,IAAI;QACvB,IAAAnG,qBAAY,EAAC;UACXC,OAAO,kDAAkD;UACzD3B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACd,IAAAuC,qBAAY,EAAC;UACXC,OAAO,6DAA6D;UACpE3B;QACF,CAAC,CAAC;MACJ;IACF;IACA,IAAI,CAACyH,KAAK,EAAE;MACVA,KAAK,SAAS9G,qBAAqB,CAAC;QAAEX;MAAM,CAAC,CAAC;MAC9CyH,KAAK,CAACI,UAAU,GAAG,KAAK;MACxB,IAAAnG,qBAAY,EAAC;QACXC,OAAO,iDAAiD;QACxD3B;MACF,CAAC,CAAC;IACJ;IACA,IAAIA,KAAK,CAAC0H,gBAAgB,CAAC,CAAC,EAAE;MAC5B,MAAM,IAAAkE,gCAAiB,EAAC;QAAEnE,KAAK;QAAEzH;MAAM,CAAC,CAAC;IAC3C;IACA,OAAOyH,KAAK;EACd,CAAC;EAAA,OAAA+D,iBAAA,CAAA5L,KAAA,OAAAD,SAAA;AAAA;AAAA,SAMckM,gDAAgDA,CAAAC,IAAA;EAAA,OAAAC,iDAAA,CAAAnM,KAAA,OAAAD,SAAA;AAAA;AA2B/D;AACA;AACA;AACA;AACA;AAJA,SAAAoM,kDAAA;EAAAA,iDAAA,GAAAxM,iBAAA,CA3BA,WACES,KAAY,EACG;IACf,IAAA0B,qBAAY,EAAC;MACXC,OAAO,2EAA2E;MAClF3B;IACF,CAAC,CAAC;IACFA,KAAK,CAACgM,iBAAiB,OAAOvI,uBAAuB,CAACzD,KAAK,CAAC,CAAC;IAC7DkD,qBAAqB,CAAClD,KAAK,CAAC;IAC5B,IAAA0B,qBAAY,EAAC;MACXC,OAAO,6EAAAC,MAAA,CAA6E5B,KAAK,CAACmD,QAAQ,CAAC,CAAC,aAAAvB,MAAA,CAAU5B,KAAK,CAACwD,iBAAiB,CAAC,CAAC,CAAE;MACzIxD;IACF,CAAC,CAAC;IAEF,IAAMiG,WAAW,SAAS,IAAAgG,mCAAoB,EAAC;MAAEjM;IAAM,CAAC,CAAC;;IAEzD;IACA,IAAA0B,qBAAY,EAAC;MAAEC,OAAO,mBAAAC,MAAA,CAAmBqE,WAAW,CAACiG,WAAW,CAAE;MAAElM;IAAM,CAAC,CAAC;IAE5E,IAAMmG,OAAO,SAASH,kBAAkB,CAACC,WAAW,CAAC;IACrDjG,KAAK,CAACmM,YAAY,CAAChG,OAAO,CAAC;IAC3B,IAAAzE,qBAAY,EAAC;MACXC,OAAO,yEAAyE;MAChF3B;IACF,CAAC,CAAC;EACJ,CAAC;EAAA,OAAA+L,iDAAA,CAAAnM,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOcyM,kBAAkBA,CAAAC,IAAA;EAAA,OAAAC,mBAAA,CAAA1M,KAAA,OAAAD,SAAA;AAAA;AAkBjC;AACA;AACA;AACA;AACA;AACA;AALA,SAAA2M,oBAAA;EAAAA,mBAAA,GAAA/M,iBAAA,CAlBA,WAAkCS,KAAY,EAAmB;IAC/D,IAAIuM,aAAa,WAAA3K,MAAA,CAAW5B,KAAK,CAACgD,WAAW,CAAC,CAAC,CAAE;IACjD,IAAIhD,KAAK,CAACkE,0BAA0B,CAAC,CAAC,EAAE;MACtC,IAAI;QACF,IAAMsI,IAAI,GAAG,OACL,IAAAC,oCAAiB,EAAC;UACtB3C,gBAAgB,EAAE9J,KAAK,CAACkL,mBAAmB,CAAC,CAAC;UAC7ClL;QACF,CAAC,CAAC,EACFwM,IAAI;QACND,aAAa,sBAAA3K,MAAA,CAAsB4K,IAAI,QAAA5K,MAAA,CAAK5B,KAAK,CAACkL,mBAAmB,CAAC,CAAC,MAAG;MAC5E,CAAC,CAAC,OAAO/L,KAAK,EAAE;QACdoN,aAAa,sBAAA3K,MAAA,CAAsB5B,KAAK,CAACkL,mBAAmB,CAAC,CAAC,CAAE;MAClE;IACF;IACA,OAAOqB,aAAa;EACtB,CAAC;EAAA,OAAAD,mBAAA,CAAA1M,KAAA,OAAAD,SAAA;AAAA;AAQD,SAAS+M,mBAAmBA,CAC1BvM,gBAAyB,EACzBE,WAAoB,EACpBL,KAAY,EACZ;EACA,IAAI2M,KAAK,GAAG3M,KAAK,CAAC4M,mBAAmB,CAAC,CAAC;EACvC;EACA,IAAID,KAAK,EAAE;IACT,IAAAjL,qBAAY,EAAC;MACXC,OAAO,8DAA8D;MACrE3B;IACF,CAAC,CAAC;IACF6M,YAAY,CAACF,KAAK,CAAC;EACrB;EACA;EACA,IAAItM,WAAW,EAAE;IAAA,IAAAyM,qBAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,sBAAA;IACf,IAAMC,OAAO,GACXlN,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACa,2BAA2B,IAAA6I,qBAAA,GAC/D9M,KAAK,CAACmN,uBAAuB,CAAC,CAAC,cAAAL,qBAAA,uBAA/BA,qBAAA,CAAiCI,OAAO,GACxClN,KAAK,CAACkE,0BAA0B,CAAC,CAAC,IAAA6I,qBAAA,GAChC/M,KAAK,CAACoN,kBAAkB,CAAC,CAAC,cAAAL,qBAAA,uBAA1BA,qBAAA,CAA4BG,OAAO,GACnC1C,IAAI,CAAC6C,GAAG,EAAAL,sBAAA,GACNhN,KAAK,CAACoN,kBAAkB,CAAC,CAAC,cAAAJ,sBAAA,uBAA1BA,sBAAA,CAA4BE,OAAO,GAAAD,sBAAA,GACnCjN,KAAK,CAACmN,uBAAuB,CAAC,CAAC,cAAAF,sBAAA,uBAA/BA,sBAAA,CAAiCC,OACnC,CAAC;IACT,IAAII,OAAO,GAAGJ,OAAO,GAAG/F,IAAI,CAACoG,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE;IAC9C,IAAID,OAAO,GAAG,IAAI,GAAG,EAAE,EAAE;MACvB,IAAA5L,qBAAY,EAAC;QACXC,OAAO,4CAAAC,MAAA,CAA4C4I,IAAI,CAACgD,IAAI,CAC1DF,OAAO,GAAG,IACZ,CAAC,kCAA+B;QAChCtN;MACF,CAAC,CAAC;MACF,IAAIsN,OAAO,GAAG,EAAE,EAAEA,OAAO,GAAG,EAAE;IAChC;IACA,IAAA5L,qBAAY,EAAC;MACXC,OAAO,yDAAAC,MAAA,CAAyD4I,IAAI,CAACC,KAAK,CACxE6C,OAAO,GAAG,IACZ,CAAC,SAAA1L,MAAA,CAAM,IAAIuF,IAAI,CAACmG,OAAO,CAAC,CAACG,UAAU,CAAC,CAAC,QAAA7L,MAAA,CAAK,IAAIuF,IAAI,CAChDmG,OACF,CAAC,CAACI,UAAU,CAAC,CAAC,QAAK;MACnB1N;IACF,CAAC,CAAC;IACF2M,KAAK,GAAGgB,UAAU,CAAC1N,SAAS,EAAEqN,OAAO,EAAE;MACrCnN,gBAAgB;MAChBE,WAAW;MACXL;MACA;IACF,CAAC,CAA8B;IAC/BA,KAAK,CAAC4N,mBAAmB,CAACjB,KAAK,CAAC;IAChCA,KAAK,CAACkB,KAAK,CAAC,CAAC;EACf;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AANA,SAOsB5N,SAASA,CAAA6N,IAAA;EAAA,OAAAC,UAAA,CAAAnO,KAAA,OAAAD,SAAA;AAAA;AAAA,SAAAoO,WAAA;EAAAA,UAAA,GAAAxO,iBAAA,CAAxB,WAAAyO,KAAA,EAQc;IAAA,IARW;MAC9B7N,gBAAgB,GAAG,KAAK;MACxBE,WAAW,GAAG,IAAI;MAClBL;IAKF,CAAC,GAAAgO,KAAA;IACC,IAAAtM,qBAAY,EAAC;MAAEC,OAAO,oCAAoC;MAAE3B;IAAM,CAAC,CAAC;IACpE,IAAI,CAACA,KAAK,CAAC6E,OAAO,CAAC,CAAC,EAAE;MACpB,IAAAjC,qBAAY,EAAC;QACXjB,OAAO,0DAA0D;QACjEO,IAAI,EAAE,OAAO;QACblC;MACF,CAAC,CAAC;MACF,OAAO,KAAK;IACd;IACA,IAAI;MACF;MACA,IACEA,KAAK,CAACgD,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3BhD,KAAK,CAACiD,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3B,CAACjD,KAAK,CAACkL,mBAAmB,CAAC,CAAC,IAC5B,CAAClL,KAAK,CAACmL,oBAAoB,CAAC,CAAC,EAC7B;QACA,IAAM8C,IAAI,SAAS,IAAAC,0CAAoB,EAAC;UAAElO;QAAM,CAAC,CAAC;QAClD,IAAIiO,IAAI,EAAE;UACRjO,KAAK,CAACmO,OAAO,CAACF,IAAI,CAACG,MAAM,CAAC;UAC1BpO,KAAK,CAACgM,iBAAiB,CAACiC,IAAI,CAACnK,cAAc,CAAC;UAC5C9D,KAAK,CAACqO,WAAW,CAACJ,IAAI,CAAC9E,QAAQ,CAAC;UAChCnJ,KAAK,CAACsO,WAAW,CAACL,IAAI,CAAC7E,QAAQ,CAAC;UAChCpJ,KAAK,CAACuO,wBAAwB,CAACN,IAAI,CAACO,qBAAqB,CAAC;UAC1DxO,KAAK,CAACyO,gCAAgC,CACpCR,IAAI,CAACS,6BACP,CAAC;UACD1O,KAAK,CAAC2O,mBAAmB,CAACV,IAAI,CAACW,SAAS,CAAC;UACzC5O,KAAK,CAAC6O,oBAAoB,CAACZ,IAAI,CAACa,UAAU,CAAC;QAC7C,CAAC,MAAM;UACL,OAAO,KAAK;QACd;MACF;;MAEA;MACA,IAAI,CAAC,IAAAC,6BAAU,EAAC/O,KAAK,CAAC6E,OAAO,CAAC,CAAC,CAAC,EAAE;QAChC,IAAMoJ,KAAI,SAAS,IAAAC,0CAAoB,EAAC;UAAElO;QAAM,CAAC,CAAC;QAClD,IAAIiO,KAAI,EAAE;UACRjO,KAAK,CAACmO,OAAO,CAACF,KAAI,CAACG,MAAM,CAAC;UAC1BpO,KAAK,CAACgM,iBAAiB,CAACiC,KAAI,CAACnK,cAAc,CAAC;QAC9C,CAAC,MAAM;UACL,OAAO,KAAK;QACd;MACF;;MAEA;MACA9D,KAAK,CAACgP,aAAa,OAAO3N,mBAAmB,CAACrB,KAAK,CAAC,CAAC;;MAErD;MACA,IACE,CAACG,gBAAgB,IACjBH,KAAK,CAACkL,mBAAmB,CAAC,CAAC,IAC3BlL,KAAK,CAACmL,oBAAoB,CAAC,CAAC,EAC5B;QACA,IAAAzJ,qBAAY,EAAC;UACXC,OAAO,oEAAAC,MAAA,CAAoE5B,KAAK,CAACkL,mBAAmB,CAAC,CAAC,CAAE;UACxGlL;QACF,CAAC,CAAC;QACF,IAAI;UACF,IAAMyH,KAAK,SAAS6D,gBAAgB,CAAC;YAAEtL;UAAM,CAAC,CAAC;UAC/CA,KAAK,CAACiP,kBAAkB,CAACxH,KAAK,CAAC;UAC/BzH,KAAK,CAACkP,0BAA0B,CAAC,IAAI,CAAC;UACtC,MAAMrD,gDAAgD,CAAC7L,KAAK,CAAC;QAC/D,CAAC,CAAC,OAAOmP,KAAK,EAAE;UAAA,IAAAC,eAAA,EAAAC,gBAAA,EAAAC,gBAAA;UACd,IAAA5N,qBAAY,EAAC;YAAEC,OAAO,EAAE,EAAAyN,eAAA,GAAAD,KAAK,CAAC3J,QAAQ,cAAA4J,eAAA,uBAAdA,eAAA,CAAgB5N,IAAI,KAAI2N,KAAK;YAAEnP;UAAM,CAAC,CAAC;UAC/D,IAAA0B,qBAAY,EAAC;YAAEC,OAAO,EAAE3B,KAAK,CAACuP,QAAQ,CAAC,CAAC;YAAEvP;UAAM,CAAC,CAAC;UAClD,MAAM,IAAIsG,KAAK,iCAAA1E,MAAA,CAEX,EAAAyN,gBAAA,GAAAF,KAAK,CAAC3J,QAAQ,cAAA6J,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgB7N,IAAI,cAAA6N,gBAAA,uBAApBA,gBAAA,CAAsBG,iBAAiB,OAAAF,gBAAA,GACvCH,KAAK,CAAC3J,QAAQ,cAAA8J,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgB9N,IAAI,cAAA8N,gBAAA,uBAApBA,gBAAA,CAAsB3N,OAAO,KAC7BwN,KAAK,CAET,CAAC;QACH;MACF;MACA;MAAA,KACK,IAAInP,KAAK,CAACgD,WAAW,CAAC,CAAC,IAAIhD,KAAK,CAACiD,WAAW,CAAC,CAAC,EAAE;QACnD,IAAAvB,qBAAY,EAAC;UACXC,OAAO,iEAAAC,MAAA,CAAiE5B,KAAK,CAACgD,WAAW,CAAC,CAAC,CAAE;UAC7FhD;QACF,CAAC,CAAC;QACF,IAAMyH,MAAK,SAASH,mBAAmB,CAACtH,KAAK,CAAC;QAC9C,IAAIyH,MAAK,EAAEzH,KAAK,CAACyP,uBAAuB,CAAChI,MAAK,CAAC;QAC/C,MAAMoE,gDAAgD,CAAC7L,KAAK,CAAC;QAC7D,IACEA,KAAK,CAAC6D,cAAc,CAAC,CAAC;QACtB;QACC7D,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,IAChE/D,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACY,4BAA4B,CAAC,EACvE;UACA,IAAMqF,YAAW,SAASE,kBAAkB,CAACvJ,KAAK,CAAC;UACnD,IAAIqJ,YAAW,EAAErJ,KAAK,CAACiP,kBAAkB,CAAC5F,YAAW,CAAC;QACxD;MACF;MACA;MAAA,KACK;QACH,IAAAzG,qBAAY,EAAC;UACXjB,OAAO,iCAAiC;UACxCO,IAAI,EAAE,OAAO;UACblC;QACF,CAAC,CAAC;QACF,OAAO,KAAK;MACd;MACA,IACEA,KAAK,CAAC6D,cAAc,CAAC,CAAC,IACrB7D,KAAK,CAACkE,0BAA0B,CAAC,CAAC,IAAIlE,KAAK,CAAC0P,cAAc,CAAC,CAAE,EAC9D;QAAA,IAAAC,sBAAA,EAAAC,sBAAA;QACA,KAAAD,sBAAA,GAAI3P,KAAK,CAACoN,kBAAkB,CAAC,CAAC,cAAAuC,sBAAA,eAA1BA,sBAAA,CAA4B9H,UAAU,EAAE;UAC1C,IAAAjC,uBAAc,EAAC;YAAEjE,OAAO,8BAA8B;YAAE3B;UAAM,CAAC,CAAC;QAClE;QACA,IACE,CAACA,KAAK,CAACkE,0BAA0B,CAAC,CAAC,KAAA0L,sBAAA,GACnC5P,KAAK,CAACmN,uBAAuB,CAAC,CAAC,cAAAyC,sBAAA,eAA/BA,sBAAA,CAAiC/H,UAAU,EAC3C;UACA,IAAAjC,uBAAc,EAAC;YAAEjE,OAAO,+BAA+B;YAAE3B;UAAM,CAAC,CAAC;QACnE;QACA,IAAA4C,qBAAY,EAAC;UACXjB,OAAO,kBAAAC,MAAA,CAAkB5B,KAAK,CAAC6E,OAAO,CAAC,CAAC,QAAAjD,MAAA,CACtC5B,KAAK,CAACmD,QAAQ,CAAC,CAAC,GAAGnD,KAAK,CAACmD,QAAQ,CAAC,CAAC,GAAG,MAAM,WAAAvB,MAAA,OAChCwK,kBAAkB,CAACpM,KAAK,CAAC,CAAE;UACzCkC,IAAI,EAAE,MAAM;UACZlC;QACF,CAAC,CAAC;QACF0M,mBAAmB,CAACvM,gBAAgB,EAAEE,WAAW,EAAEL,KAAK,CAAC;QACzD,IAAA0B,qBAAY,EAAC;UACXC,OAAO,8CAA8C;UACrD3B;QACF,CAAC,CAAC;QACF,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOb,KAAK,EAAE;MAAA,IAAA0Q,gBAAA,EAAAC,gBAAA,EAAAC,gBAAA;MACd;MACA,IAAAnN,qBAAY,EAAC;QAAEjB,OAAO,EAAExC,KAAK,CAACwC,OAAO;QAAEO,IAAI,EAAE,OAAO;QAAElC;MAAM,CAAC,CAAC;MAC9D;MACA,IAAA4C,qBAAY,EAAC;QACXjB,OAAO,GAAAkO,gBAAA,GAAE1Q,KAAK,CAACqG,QAAQ,cAAAqK,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgBrO,IAAI,cAAAqO,gBAAA,uBAApBA,gBAAA,CAAsBlO,OAAO;QACtCO,IAAI,EAAE,OAAO;QACblC;MACF,CAAC,CAAC;MACF;MACA,IAAA4C,qBAAY,EAAC;QACXjB,OAAO,GAAAmO,gBAAA,GAAE3Q,KAAK,CAACqG,QAAQ,cAAAsK,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgBtO,IAAI,cAAAsO,gBAAA,uBAApBA,gBAAA,CAAsBN,iBAAiB;QAChDtN,IAAI,EAAE,OAAO;QACblC;MACF,CAAC,CAAC;MACF;MACA,IAAA0B,qBAAY,EAAC;QAAEC,OAAO,GAAAoO,gBAAA,GAAE5Q,KAAK,CAACqG,QAAQ,cAAAuK,gBAAA,uBAAdA,gBAAA,CAAgBvO,IAAI;QAAExB;MAAM,CAAC,CAAC;MACtD;MACA,IAAA0B,qBAAY,EAAC;QAAEC,OAAO,EAAExC,KAAK,CAACyJ,KAAK,IAAI,IAAItC,KAAK,CAAC,CAAC,CAACsC,KAAK;QAAE5I;MAAM,CAAC,CAAC;IACpE;IACA,IAAA0B,qBAAY,EAAC;MACXC,OAAO,iDAAiD;MACxD3B;IACF,CAAC,CAAC;IACF,OAAO,KAAK;EACd,CAAC;EAAA,OAAA+N,UAAA,CAAAnO,KAAA,OAAAD,SAAA;AAAA"}
package/esm/ops/AuthenticateOps.js CHANGED
@@ -807,9 +807,13 @@ function scheduleAutoRefresh(forceLoginAsUser, autoRefresh, state) {
807
807
  if (autoRefresh) {
808
808
  var _state$getUserSession, _state$getBearerToken, _state$getBearerToken2, _state$getUserSession2;
809
809
  const expires = state.getDeploymentType() === Constants.CLASSIC_DEPLOYMENT_TYPE_KEY ? (_state$getUserSession = state.getUserSessionTokenMeta()) === null || _state$getUserSession === void 0 ? void 0 : _state$getUserSession.expires : state.getUseBearerTokenForAmApis() ? (_state$getBearerToken = state.getBearerTokenMeta()) === null || _state$getBearerToken === void 0 ? void 0 : _state$getBearerToken.expires : Math.min((_state$getBearerToken2 = state.getBearerTokenMeta()) === null || _state$getBearerToken2 === void 0 ? void 0 : _state$getBearerToken2.expires, (_state$getUserSession2 = state.getUserSessionTokenMeta()) === null || _state$getUserSession2 === void 0 ? void 0 : _state$getUserSession2.expires);
810
- const timeout = expires - Date.now() - 1000 * 25;
810
+ let timeout = expires - Date.now() - 1000 * 25;
811
811
  if (timeout < 1000 * 30) {
812
- throw new Error(`Auto-refresh scheduling error: timeout below threshold of 30 seconds: ${Math.ceil(timeout)}`);
812
+ debugMessage({
813
+ message: `Timeout below threshold of 30 seconds (${Math.ceil(timeout / 1000)}), resetting timeout to 10ms.`,
814
+ state
815
+ });
816
+ if (timeout < 10) timeout = 10;
813
817
  }
814
818
  debugMessage({
815
819
  message: `AuthenticateOps.scheduleAutoRefresh: set new timer [${Math.floor(timeout / 1000)}s (${new Date(timeout).getMinutes()}m ${new Date(timeout).getSeconds()}s)]`,
package/esm/ops/AuthenticateOps.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AuthenticateOps.js","names":["createHash","randomBytes","readlineSync","url","v4","step","getServerInfo","getServerVersionInfo","Constants","encodeBase64Url","debugMessage","printMessage","verboseMessage","isValidUrl","parseUrl","getServiceAccount","getConnectionProfile","createSignedJwtToken","accessToken","authorize","getSessionInfo","hasSaBearerToken","hasUserBearerToken","hasUserSessionToken","readSaBearerToken","readUserBearerToken","readUserSessionToken","saveSaBearerToken","saveUserBearerToken","saveUserSessionToken","state","getTokens","forceLoginAsUser","autoRefresh","getAccessTokenForServiceAccount","saId","undefined","saJwk","access_token","getFreshSaBearerToken","adminClientPassword","redirectUrlTemplate","cloudIdmAdminScopes","forgeopsIdmAdminScopes","serviceAccountScopes","fidcClientId","forgeopsClientId","adminClientId","determineCookieName","data","message","cookieName","checkAndHandle2FA","payload","callback","callbacks","type","localAuth","value","output","provider","input","includes","nextStep","need2fa","factor","supported","code","question","getUsername","getPassword","determineDefaultRealm","getRealm","DEFAULT_REALM_KEY","setRealm","DEPLOYMENT_TYPE_REALM_MAP","getDeploymentType","determineDeploymentType","cookieValue","getCookieValue","deploymentType","CLOUD_DEPLOYMENT_TYPE_KEY","FORGEOPS_DEPLOYMENT_TYPE_KEY","CLASSIC_DEPLOYMENT_TYPE_KEY","getUseBearerTokenForAmApis","verifier","challenge","update","digest","challengeMethod","redirectURL","resolve","getHost","config","maxRedirects","headers","getCookieName","bodyFormData","amBaseUrl","e","_e$response","_e$response$headers","response","status","location","indexOf","ex","_ex$response","_ex$response$headers","getSemanticVersion","versionInfo","versionString","version","rx","match","Error","getFreshUserSessionToken","body","skip2FA","steps","maxSteps","sessionInfo","tokenId","Date","parse","maxIdleExpirationTime","getUserSessionToken","token","getUseTokenCache","from_cache","error","getAuthCode","codeChallenge","codeChallengeMethod","_response$headers","redirectLocationURL","queryObject","query","_error$response","stack","getFreshUserBearerToken","authCode","auth","username","password","_error$response2","getUserBearerToken","createPayload","serviceAccountId","host","u","aud","origin","port","protocol","pathname","exp","Math","floor","getTime","jti","iss","sub","getServiceAccountId","getServiceAccountJwk","jwt","getSaBearerToken","determineDeploymentTypeAndDefaultRealmAndVersion","setDeploymentType","fullVersion","setAmVersion","getLoggedInSubject","subjectString","name","scheduleAutoRefresh","timer","getAutoRefreshTimer","clearTimeout","_state$getUserSession","_state$getBearerToken","_state$getBearerToken2","_state$getUserSession2","expires","getUserSessionTokenMeta","getBearerTokenMeta","min","timeout","now","ceil","getMinutes","getSeconds","setTimeout","setAutoRefreshTimer","unref","conn","setHost","tenant","setUsername","setPassword","setAuthenticationService","authenticationService","setAuthenticationHeaderOverrides","authenticationHeaderOverrides","setServiceAccountId","svcacctId","setServiceAccountJwk","svcacctJwk","setCookieName","setBearerTokenMeta","setUseBearerTokenForAmApis","saErr","_saErr$response","_saErr$response2","_saErr$response3","getState","error_description","setUserSessionTokenMeta","getBearerToken","_state$getBearerToken3","_state$getUserSession3","_error$response3","_error$response4","_error$response5"],"sources":["../../src/ops/AuthenticateOps.ts"],"sourcesContent":["import { createHash, randomBytes } from 'crypto';\nimport readlineSync from 'readline-sync';\nimport url from 'url';\nimport { v4 } from 'uuid';\n\nimport { step } from '../api/AuthenticateApi';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport Constants from '../shared/Constants';\nimport { State } from '../shared/State';\nimport { encodeBase64Url } from '../utils/Base64Utils';\nimport { debugMessage, printMessage, verboseMessage } from '../utils/Console';\nimport { isValidUrl, parseUrl } from '../utils/ExportImportUtils';\nimport { getServiceAccount } from './cloud/ServiceAccountOps';\nimport { getConnectionProfile } from './ConnectionProfileOps';\nimport { createSignedJwtToken, JwkRsa } from './JoseOps';\nimport {\n accessToken,\n type AccessTokenMetaType,\n authorize,\n} from './OAuth2OidcOps';\nimport { getSessionInfo } from './SessionOps';\nimport {\n hasSaBearerToken,\n hasUserBearerToken,\n hasUserSessionToken,\n readSaBearerToken,\n readUserBearerToken,\n readUserSessionToken,\n saveSaBearerToken,\n saveUserBearerToken,\n saveUserSessionToken,\n} from './TokenCacheOps';\n\nexport type Authenticate = {\n /**\n * Get tokens and stores them in State\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\n getTokens(\n forceLoginAsUser?: boolean,\n autoRefresh?: boolean\n ): Promise<boolean>;\n\n // Deprecated\n /**\n * Get access token for service account\n * @param {string} saId optional service account id\n * @param {JwkRsa} saJwk optional service account JWK\n * @returns {string | null} Access token or null\n * @deprecated since v2.0.0 use {@link Authenticate.getTokens | getTokens} instead\n * ```javascript\n * getTokens(): Promise<boolean>\n * ```\n * @group Deprecated\n */\n getAccessTokenForServiceAccount(\n saId?: string,\n saJwk?: JwkRsa\n ): Promise<string | null>;\n};\n\nexport default (state: State): Authenticate => {\n return {\n async getTokens(forceLoginAsUser = false, autoRefresh = true) {\n return getTokens({ forceLoginAsUser, autoRefresh, state });\n },\n\n // Deprecated\n async getAccessTokenForServiceAccount(\n saId: string = undefined,\n saJwk: JwkRsa = undefined\n ): Promise<string | null> {\n const { access_token } = await getFreshSaBearerToken({\n saId,\n saJwk,\n state,\n });\n return access_token;\n },\n };\n};\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst cloudIdmAdminScopes = 'openid fr:idm:* fr:idc:esv:*';\nconst forgeopsIdmAdminScopes = 'openid fr:idm:*';\nconst serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';\n\nconst fidcClientId = 'idmAdminClient';\nconst forgeopsClientId = 'idm-admin-ui';\nlet adminClientId = fidcClientId;\n\n/**\n * Helper function to get cookie name\n * @param {State} state library state\n * @returns {string} cookie name\n */\nasync function determineCookieName(state: State) {\n const data = await getServerInfo({ state });\n debugMessage({\n message: `AuthenticateOps.determineCookieName: cookieName=${data.cookieName}`,\n state,\n });\n return data.cookieName;\n}\n\n/**\n * Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @param {State} state library state\n * @returns {Object} an object indicating if 2fa is required and the original payload\n */\nfunction checkAndHandle2FA(payload, state: State) {\n debugMessage({ message: `AuthenticateOps.checkAndHandle2FA: start`, state });\n // let skippable = false;\n if ('callbacks' in payload) {\n for (const callback of payload.callbacks) {\n // select localAuthentication if Admin Federation is enabled\n if (callback.type === 'SelectIdPCallback') {\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: Admin federation enabled. Allowed providers:`,\n state,\n });\n let localAuth = false;\n for (const value of callback.output[0].value) {\n debugMessage({ message: `${value.provider}`, state });\n if (value.provider === 'localAuthentication') {\n localAuth = true;\n }\n }\n if (localAuth) {\n debugMessage({ message: `local auth allowed`, state });\n callback.input[0].value = 'localAuthentication';\n } else {\n debugMessage({ message: `local auth NOT allowed`, state });\n }\n }\n if (callback.type === 'HiddenValueCallback') {\n if (callback.input[0].value.includes('skip')) {\n // skippable = true;\n callback.input[0].value = 'Skip';\n // debugMessage(\n // `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=true]`\n // );\n // return {\n // nextStep: true,\n // need2fa: true,\n // factor: 'None',\n // supported: true,\n // payload,\n // };\n }\n if (callback.input[0].value.includes('webAuthnOutcome')) {\n // webauthn!!!\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, unsupported factor: webauthn]`,\n state,\n });\n return {\n nextStep: false,\n need2fa: true,\n factor: 'WebAuthN',\n supported: false,\n payload,\n };\n }\n }\n if (callback.type === 'NameCallback') {\n if (callback.output[0].value.includes('code')) {\n // skippable = false;\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: need2fa=true, skippable=false`,\n state,\n });\n printMessage({\n message: '2FA is enabled and required for this user...',\n state,\n });\n const code = readlineSync.question(`${callback.output[0].value}: `);\n callback.input[0].value = code;\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=false, factor=Code]`,\n state,\n });\n return {\n nextStep: true,\n need2fa: true,\n factor: 'Code',\n supported: true,\n payload,\n };\n } else {\n // answer callback\n callback.input[0].value = state.getUsername();\n }\n }\n if (callback.type === 'PasswordCallback') {\n // answer callback\n callback.input[0].value = state.getPassword();\n }\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: true,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: false,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n}\n\n/**\n * Helper function to set the default realm by deployment type\n * @param {State} state library state\n */\nfunction determineDefaultRealm(state: State) {\n if (!state.getRealm() || state.getRealm() === Constants.DEFAULT_REALM_KEY) {\n state.setRealm(\n Constants.DEPLOYMENT_TYPE_REALM_MAP[state.getDeploymentType()]\n );\n }\n}\n\n/**\n * Helper function to determine the deployment type\n * @param {State} state library state\n * @returns {Promise<string>} deployment type\n */\nasync function determineDeploymentType(state: State): Promise<string> {\n const cookieValue = state.getCookieValue();\n let deploymentType = state.getDeploymentType();\n\n switch (deploymentType) {\n case Constants.CLOUD_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n case Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY:\n adminClientId = forgeopsClientId;\n return deploymentType;\n\n case Constants.CLASSIC_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n // detect deployment type\n default: {\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${cloudIdmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n deploymentType = Constants.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage({\n message: `ForgeRock Identity Cloud`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${forgeopsIdmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage({\n message: `ForgeOps deployment`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage({\n message: `Classic deployment`['brightCyan'] + ` detected.`,\n state,\n });\n }\n }\n }\n }\n return deploymentType;\n }\n }\n}\n\n/**\n * Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n */\nfunction getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d])*)/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\nexport type UserSessionMetaType = {\n tokenId: string;\n successUrl: string;\n realm: string;\n expires: number;\n from_cache?: boolean;\n};\n\n/**\n * Helper function to authenticate and obtain and store session cookie\n * @param {State} state library state\n * @returns {string} Session token or null\n */\nasync function getFreshUserSessionToken({\n state,\n}: {\n state: State;\n}): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: start`,\n state,\n });\n const config = {\n headers: {\n 'X-OpenAM-Username': state.getUsername(),\n 'X-OpenAM-Password': state.getPassword(),\n },\n };\n let response = await step({ body: {}, config, state });\n\n let skip2FA = null;\n let steps = 0;\n const maxSteps = 3;\n do {\n skip2FA = checkAndHandle2FA(response, state);\n\n // throw exception if 2fa required but factor not supported by frodo (e.g. WebAuthN)\n if (!skip2FA.supported) {\n throw new Error(`Unsupported 2FA factor: ${skip2FA.factor}`);\n }\n\n if (skip2FA.nextStep) {\n steps++;\n response = await step({ body: skip2FA.payload, state });\n }\n\n if ('tokenId' in response) {\n response['from_cache'] = false;\n // get session expiration\n const sessionInfo = await getSessionInfo({\n tokenId: response['tokenId'],\n state,\n });\n response['expires'] = Date.parse(sessionInfo.maxIdleExpirationTime);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [tokenId=${response['tokenId']}]`,\n state,\n });\n debugMessage({\n message: response,\n state,\n });\n return response as UserSessionMetaType;\n }\n } while (skip2FA.nextStep && steps < maxSteps);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [no session]`,\n state,\n });\n return null;\n}\n\n/**\n * Helper function to obtain user session token\n * @param {State} state library state\n * @returns {Promise<UserSessionMetaType>} session token or null\n */\nasync function getUserSessionToken(state: State): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: start`,\n state,\n });\n let token: UserSessionMetaType = null;\n if (state.getUseTokenCache() && (await hasUserSessionToken({ state }))) {\n try {\n token = await readUserSessionToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: cached`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: failed cache read`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserSessionToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: fresh`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserSessionToken({ token, state });\n }\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: end`,\n state,\n });\n return token;\n}\n\n/**\n * Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @param {State} state library state\n * @returns {string} oauth2 authorization code or null\n */\nasync function getAuthCode(\n redirectURL: string,\n codeChallenge: string,\n codeChallengeMethod: string,\n state: State\n) {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${\n state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY\n ? cloudIdmAdminScopes\n : forgeopsIdmAdminScopes\n }&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (error) {\n response = error.response;\n if (response.status < 200 || response.status > 399) {\n printMessage({\n message: 'error getting auth code',\n type: 'error',\n state,\n });\n printMessage({\n message: response.data,\n type: 'error',\n state,\n });\n return null;\n }\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code;\n }\n printMessage({ message: 'auth code not found', type: 'error', state });\n return null;\n } catch (error) {\n printMessage({\n message: `error getting auth code - ${error.message}`,\n type: 'error',\n state,\n });\n printMessage({ message: error.response?.data, type: 'error', state });\n debugMessage({ message: error.stack, state });\n return null;\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getFreshUserBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: start`,\n state,\n });\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(\n redirectURL,\n challenge,\n challengeMethod,\n state\n );\n if (authCode == null) {\n printMessage({\n message: 'error getting auth code',\n type: 'error',\n state,\n });\n return null;\n }\n let response: AccessTokenMetaType = null;\n if (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n }\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: end with token`,\n state,\n });\n return response;\n }\n printMessage({\n message: 'No access token in response.',\n type: 'error',\n state,\n });\n } catch (error) {\n debugMessage({\n message: `Error getting access token for user: ${error}`,\n state,\n });\n debugMessage({ message: error.response?.data, state });\n }\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: end without token`,\n state,\n });\n return null;\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getUserBearerToken(state: State): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasUserBearerToken({ state }))) {\n try {\n token = await readUserBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserBearerToken({ token, state });\n }\n return token;\n}\n\nfunction createPayload(serviceAccountId: string, host: string) {\n const u = parseUrl(host);\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/**\n * Get fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getFreshSaBearerToken({\n saId = undefined,\n saJwk = undefined,\n state,\n}: {\n saId?: string;\n saJwk?: JwkRsa;\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: start`,\n state,\n });\n saId = saId ? saId : state.getServiceAccountId();\n saJwk = saJwk ? saJwk : state.getServiceAccountJwk();\n const payload = createPayload(saId, state.getHost());\n const jwt = await createSignedJwtToken(payload, saJwk);\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;\n const response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end`,\n state,\n });\n return response;\n }\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end [No access token in response]`,\n state,\n });\n return null;\n}\n\n/**\n * Get cached or fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getSaBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasSaBearerToken({ state }))) {\n try {\n token = await readSaBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshSaBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveSaBearerToken({ token, state });\n }\n return token;\n}\n\n/**\n * Helper function to determine deployment type, default realm, and version and update library state\n * @param state library state\n */\nasync function determineDeploymentTypeAndDefaultRealmAndVersion(\n state: State\n): Promise<void> {\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`,\n state,\n });\n state.setDeploymentType(await determineDeploymentType(state));\n determineDefaultRealm(state);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`,\n state,\n });\n\n const versionInfo = await getServerVersionInfo({ state });\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage({ message: `Full version: ${versionInfo.fullVersion}`, state });\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`,\n state,\n });\n}\n\n/**\n * Get logged-in subject\n * @param {State} state library state\n * @returns {string} a string identifying subject type and id\n */\nasync function getLoggedInSubject(state: State): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n try {\n const name = (\n await getServiceAccount({\n serviceAccountId: state.getServiceAccountId(),\n state,\n })\n ).name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n } catch (error) {\n subjectString = `service account ${state.getServiceAccountId()}`;\n }\n }\n return subjectString;\n}\n\n/**\n * Helper method to set, reset, or cancel timer to auto refresh tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n */\nfunction scheduleAutoRefresh(\n forceLoginAsUser: boolean,\n autoRefresh: boolean,\n state: State\n) {\n let timer = state.getAutoRefreshTimer();\n // clear existing timer\n if (timer) {\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: cancel existing timer`,\n state,\n });\n clearTimeout(timer);\n }\n // new timer\n if (autoRefresh) {\n const expires =\n state.getDeploymentType() === Constants.CLASSIC_DEPLOYMENT_TYPE_KEY\n ? state.getUserSessionTokenMeta()?.expires\n : state.getUseBearerTokenForAmApis()\n ? state.getBearerTokenMeta()?.expires\n : Math.min(\n state.getBearerTokenMeta()?.expires,\n state.getUserSessionTokenMeta()?.expires\n );\n const timeout = expires - Date.now() - 1000 * 25;\n if (timeout < 1000 * 30) {\n throw new Error(\n `Auto-refresh scheduling error: timeout below threshold of 30 seconds: ${Math.ceil(\n timeout\n )}`\n );\n }\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: set new timer [${Math.floor(\n timeout / 1000\n )}s (${new Date(timeout).getMinutes()}m ${new Date(\n timeout\n ).getSeconds()}s)]`,\n state,\n });\n timer = setTimeout(getTokens, timeout, {\n forceLoginAsUser,\n autoRefresh,\n state,\n // Volker's Visual Studio Code doesn't want to have it any other way.\n }) as unknown as NodeJS.Timeout;\n state.setAutoRefreshTimer(timer);\n timer.unref();\n }\n}\n\n/**\n * Get tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\nexport async function getTokens({\n forceLoginAsUser = false,\n autoRefresh = true,\n state,\n}: {\n forceLoginAsUser?: boolean;\n autoRefresh?: boolean;\n state: State;\n}): Promise<boolean> {\n debugMessage({ message: `AuthenticateOps.getTokens: start`, state });\n if (!state.getHost()) {\n printMessage({\n message: `No host specified and FRODO_HOST env variable not set!`,\n type: 'error',\n state,\n });\n return false;\n }\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile({ state });\n if (conn) {\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n } else {\n return false;\n }\n }\n\n // if host is not a valid URL, try to locate a valid URL and deployment type from connections.json\n if (!isValidUrl(state.getHost())) {\n const conn = await getConnectionProfile({ state });\n if (conn) {\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n } else {\n return false;\n }\n }\n\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName(state));\n\n // use service account to login?\n if (\n !forceLoginAsUser &&\n state.getServiceAccountId() &&\n state.getServiceAccountJwk()\n ) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`,\n state,\n });\n try {\n const token = await getSaBearerToken({ state });\n state.setBearerTokenMeta(token);\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n } catch (saErr) {\n debugMessage({ message: saErr.response?.data || saErr, state });\n debugMessage({ message: state.getState(), state });\n throw new Error(\n `Service account login error: ${\n saErr.response?.data?.error_description ||\n saErr.response?.data?.message ||\n saErr\n }`\n );\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`,\n state,\n });\n const token = await getUserSessionToken(state);\n if (token) state.setUserSessionTokenMeta(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n if (\n state.getCookieValue() &&\n // !state.getBearerToken() &&\n (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY ||\n state.getDeploymentType() === Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getUserBearerToken(state);\n if (accessToken) state.setBearerTokenMeta(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n printMessage({\n message: `Incomplete or no credentials!`,\n type: 'error',\n state,\n });\n return false;\n }\n if (\n state.getCookieValue() ||\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n if (state.getBearerTokenMeta()?.from_cache) {\n verboseMessage({ message: `Using cached bearer token.`, state });\n }\n if (\n !state.getUseBearerTokenForAmApis() &&\n state.getUserSessionTokenMeta()?.from_cache\n ) {\n verboseMessage({ message: `Using cached session token.`, state });\n }\n printMessage({\n message: `Connected to ${state.getHost()} [${\n state.getRealm() ? state.getRealm() : 'root'\n }] as ${await getLoggedInSubject(state)}`,\n type: 'info',\n state,\n });\n scheduleAutoRefresh(forceLoginAsUser, autoRefresh, state);\n debugMessage({\n message: `AuthenticateOps.getTokens: end with tokens`,\n state,\n });\n return true;\n }\n } catch (error) {\n // regular error\n printMessage({ message: error.message, type: 'error', state });\n // axios error am api\n printMessage({\n message: error.response?.data?.message,\n type: 'error',\n state,\n });\n // axios error am oauth2 api\n printMessage({\n message: error.response?.data?.error_description,\n type: 'error',\n state,\n });\n // axios error data\n debugMessage({ message: error.response?.data, state });\n // stack trace\n debugMessage({ message: error.stack || new Error().stack, state });\n }\n debugMessage({\n message: `AuthenticateOps.getTokens: end without tokens`,\n state,\n });\n return false;\n}\n"],"mappings":"AAAA,SAASA,UAAU,EAAEC,WAAW,QAAQ,QAAQ;AAChD,OAAOC,YAAY,MAAM,eAAe;AACxC,OAAOC,GAAG,MAAM,KAAK;AACrB,SAASC,EAAE,QAAQ,MAAM;AAAC,SAEjBC,IAAI;AAAA,SACJC,aAAa,EAAEC,oBAAoB;AAAA,OACrCC,SAAS;AAAA,SAEPC,eAAe;AAAA,SACfC,YAAY,EAAEC,YAAY,EAAEC,cAAc;AAAA,SAC1CC,UAAU,EAAEC,QAAQ;AAAA,SACpBC,iBAAiB;AAAA,SACjBC,oBAAoB;AAAA,SACpBC,oBAAoB;AAAA,SAE3BC,WAAW,EAEXC,SAAS;AAAA,SAEFC,cAAc;AAAA,SAErBC,gBAAgB,EAChBC,kBAAkB,EAClBC,mBAAmB,EACnBC,iBAAiB,EACjBC,mBAAmB,EACnBC,oBAAoB,EACpBC,iBAAiB,EACjBC,mBAAmB,EACnBC,oBAAoB;AAiCtB,gBAAgBC,KAAY,IAAmB;EAC7C,OAAO;IACL,MAAMC,SAASA,CAACC,gBAAgB,GAAG,KAAK,EAAEC,WAAW,GAAG,IAAI,EAAE;MAC5D,OAAOF,SAAS,CAAC;QAAEC,gBAAgB;QAAEC,WAAW;QAAEH;MAAM,CAAC,CAAC;IAC5D,CAAC;IAED;IACA,MAAMI,+BAA+BA,CACnCC,IAAY,GAAGC,SAAS,EACxBC,KAAa,GAAGD,SAAS,EACD;MACxB,MAAM;QAAEE;MAAa,CAAC,GAAG,MAAMC,qBAAqB,CAAC;QACnDJ,IAAI;QACJE,KAAK;QACLP;MACF,CAAC,CAAC;MACF,OAAOQ,YAAY;IACrB;EACF,CAAC;AACH,CAAC;AAED,MAAME,mBAAmB,GAAG,eAAe;AAC3C,MAAMC,mBAAmB,GAAG,sCAAsC;AAElE,MAAMC,mBAAmB,GAAG,8BAA8B;AAC1D,MAAMC,sBAAsB,GAAG,iBAAiB;AAChD,MAAMC,oBAAoB,GAAG,+BAA+B;AAE5D,MAAMC,YAAY,GAAG,gBAAgB;AACrC,MAAMC,gBAAgB,GAAG,cAAc;AACvC,IAAIC,aAAa,GAAGF,YAAY;;AAEhC;AACA;AACA;AACA;AACA;AACA,eAAeG,mBAAmBA,CAAClB,KAAY,EAAE;EAC/C,MAAMmB,IAAI,GAAG,MAAM3C,aAAa,CAAC;IAAEwB;EAAM,CAAC,CAAC;EAC3CpB,YAAY,CAAC;IACXwC,OAAO,EAAG,mDAAkDD,IAAI,CAACE,UAAW,EAAC;IAC7ErB;EACF,CAAC,CAAC;EACF,OAAOmB,IAAI,CAACE,UAAU;AACxB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASC,iBAAiBA,CAACC,OAAO,EAAEvB,KAAY,EAAE;EAChDpB,YAAY,CAAC;IAAEwC,OAAO,EAAG,0CAAyC;IAAEpB;EAAM,CAAC,CAAC;EAC5E;EACA,IAAI,WAAW,IAAIuB,OAAO,EAAE;IAC1B,KAAK,MAAMC,QAAQ,IAAID,OAAO,CAACE,SAAS,EAAE;MACxC;MACA,IAAID,QAAQ,CAACE,IAAI,KAAK,mBAAmB,EAAE;QACzC9C,YAAY,CAAC;UACXwC,OAAO,EAAG,iFAAgF;UAC1FpB;QACF,CAAC,CAAC;QACF,IAAI2B,SAAS,GAAG,KAAK;QACrB,KAAK,MAAMC,KAAK,IAAIJ,QAAQ,CAACK,MAAM,CAAC,CAAC,CAAC,CAACD,KAAK,EAAE;UAC5ChD,YAAY,CAAC;YAAEwC,OAAO,EAAG,GAAEQ,KAAK,CAACE,QAAS,EAAC;YAAE9B;UAAM,CAAC,CAAC;UACrD,IAAI4B,KAAK,CAACE,QAAQ,KAAK,qBAAqB,EAAE;YAC5CH,SAAS,GAAG,IAAI;UAClB;QACF;QACA,IAAIA,SAAS,EAAE;UACb/C,YAAY,CAAC;YAAEwC,OAAO,EAAG,oBAAmB;YAAEpB;UAAM,CAAC,CAAC;UACtDwB,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,GAAG,qBAAqB;QACjD,CAAC,MAAM;UACLhD,YAAY,CAAC;YAAEwC,OAAO,EAAG,wBAAuB;YAAEpB;UAAM,CAAC,CAAC;QAC5D;MACF;MACA,IAAIwB,QAAQ,CAACE,IAAI,KAAK,qBAAqB,EAAE;QAC3C,IAAIF,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,CAACI,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC5C;UACAR,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,GAAG,MAAM;UAChC;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;QACF;QACA,IAAIJ,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,CAACI,QAAQ,CAAC,iBAAiB,CAAC,EAAE;UACvD;UACApD,YAAY,CAAC;YACXwC,OAAO,EAAG,qFAAoF;YAC9FpB;UACF,CAAC,CAAC;UACF,OAAO;YACLiC,QAAQ,EAAE,KAAK;YACfC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,UAAU;YAClBC,SAAS,EAAE,KAAK;YAChBb;UACF,CAAC;QACH;MACF;MACA,IAAIC,QAAQ,CAACE,IAAI,KAAK,cAAc,EAAE;QACpC,IAAIF,QAAQ,CAACK,MAAM,CAAC,CAAC,CAAC,CAACD,KAAK,CAACI,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC7C;UACApD,YAAY,CAAC;YACXwC,OAAO,EAAG,kEAAiE;YAC3EpB;UACF,CAAC,CAAC;UACFnB,YAAY,CAAC;YACXuC,OAAO,EAAE,8CAA8C;YACvDpB;UACF,CAAC,CAAC;UACF,MAAMqC,IAAI,GAAGjE,YAAY,CAACkE,QAAQ,CAAE,GAAEd,QAAQ,CAACK,MAAM,CAAC,CAAC,CAAC,CAACD,KAAM,IAAG,CAAC;UACnEJ,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,GAAGS,IAAI;UAC9BzD,YAAY,CAAC;YACXwC,OAAO,EAAG,qFAAoF;YAC9FpB;UACF,CAAC,CAAC;UACF,OAAO;YACLiC,QAAQ,EAAE,IAAI;YACdC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,MAAM;YACdC,SAAS,EAAE,IAAI;YACfb;UACF,CAAC;QACH,CAAC,MAAM;UACL;UACAC,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,GAAG5B,KAAK,CAACuC,WAAW,CAAC,CAAC;QAC/C;MACF;MACA,IAAIf,QAAQ,CAACE,IAAI,KAAK,kBAAkB,EAAE;QACxC;QACAF,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,GAAG5B,KAAK,CAACwC,WAAW,CAAC,CAAC;MAC/C;IACF;IACA5D,YAAY,CAAC;MACXwC,OAAO,EAAG,wDAAuD;MACjEpB;IACF,CAAC,CAAC;IACF;IACA,OAAO;MACLiC,QAAQ,EAAE,IAAI;MACdC,OAAO,EAAE,KAAK;MACdC,MAAM,EAAE,MAAM;MACdC,SAAS,EAAE,IAAI;MACfb;IACF,CAAC;EACH;EACA3C,YAAY,CAAC;IACXwC,OAAO,EAAG,wDAAuD;IACjEpB;EACF,CAAC,CAAC;EACF;EACA,OAAO;IACLiC,QAAQ,EAAE,KAAK;IACfC,OAAO,EAAE,KAAK;IACdC,MAAM,EAAE,MAAM;IACdC,SAAS,EAAE,IAAI;IACfb;EACF,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA,SAASkB,qBAAqBA,CAACzC,KAAY,EAAE;EAC3C,IAAI,CAACA,KAAK,CAAC0C,QAAQ,CAAC,CAAC,IAAI1C,KAAK,CAAC0C,QAAQ,CAAC,CAAC,KAAKhE,SAAS,CAACiE,iBAAiB,EAAE;IACzE3C,KAAK,CAAC4C,QAAQ,CACZlE,SAAS,CAACmE,yBAAyB,CAAC7C,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,CAC/D,CAAC;EACH;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAeC,uBAAuBA,CAAC/C,KAAY,EAAmB;EACpE,MAAMgD,WAAW,GAAGhD,KAAK,CAACiD,cAAc,CAAC,CAAC;EAC1C,IAAIC,cAAc,GAAGlD,KAAK,CAAC8C,iBAAiB,CAAC,CAAC;EAE9C,QAAQI,cAAc;IACpB,KAAKxE,SAAS,CAACyE,yBAAyB;MACtC,OAAOD,cAAc;IAEvB,KAAKxE,SAAS,CAAC0E,4BAA4B;MACzCnC,aAAa,GAAGD,gBAAgB;MAChC,OAAOkC,cAAc;IAEvB,KAAKxE,SAAS,CAAC2E,2BAA2B;MACxC,OAAOH,cAAc;;IAEvB;IACA;MAAS;QACP;QACA,IAAIlD,KAAK,CAACsD,0BAA0B,CAAC,CAAC,EACpC,OAAO5E,SAAS,CAACyE,yBAAyB;QAE5C,MAAMI,QAAQ,GAAG5E,eAAe,CAACR,WAAW,CAAC,EAAE,CAAC,CAAC;QACjD,MAAMqF,SAAS,GAAG7E,eAAe,CAC/BT,UAAU,CAAC,QAAQ,CAAC,CAACuF,MAAM,CAACF,QAAQ,CAAC,CAACG,MAAM,CAAC,CAC/C,CAAC;QACD,MAAMC,eAAe,GAAG,MAAM;QAC9B,MAAMC,WAAW,GAAGvF,GAAG,CAACwF,OAAO,CAAC7D,KAAK,CAAC8D,OAAO,CAAC,CAAC,EAAEnD,mBAAmB,CAAC;QAErE,MAAMoD,MAAM,GAAG;UACbC,YAAY,EAAE,CAAC;UACfC,OAAO,EAAE;YACP,CAACjE,KAAK,CAACkE,aAAa,CAAC,CAAC,GAAGlE,KAAK,CAACiD,cAAc,CAAC;UAChD;QACF,CAAC;QACD,IAAIkB,YAAY,GAAI,gBAAeP,WAAY,UAAShD,mBAAoB,iCAAgCG,YAAa,SAAQiC,WAAY,kCAAiCQ,SAAU,0BAAyBG,eAAgB,EAAC;QAElOT,cAAc,GAAGxE,SAAS,CAAC2E,2BAA2B;QACtD,IAAI;UACF,MAAMhE,SAAS,CAAC;YACd+E,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;YAC1B3C,IAAI,EAAEgD,YAAY;YAClBJ,MAAM;YACN/D;UACF,CAAC,CAAC;QACJ,CAAC,CAAC,OAAOqE,CAAC,EAAE;UAAA,IAAAC,WAAA,EAAAC,mBAAA;UACV;UACA,IACE,EAAAD,WAAA,GAAAD,CAAC,CAACG,QAAQ,cAAAF,WAAA,uBAAVA,WAAA,CAAYG,MAAM,MAAK,GAAG,IAC1B,EAAAF,mBAAA,GAAAF,CAAC,CAACG,QAAQ,CAACP,OAAO,cAAAM,mBAAA,gBAAAA,mBAAA,GAAlBA,mBAAA,CAAoBG,QAAQ,cAAAH,mBAAA,uBAA5BA,mBAAA,CAA8BI,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACnD;YACA7F,cAAc,CAAC;cACbsC,OAAO,EAAG,0BAAyB,CAAC,YAAY,CAAC,GAAI,YAAW;cAChEpB;YACF,CAAC,CAAC;YACFkD,cAAc,GAAGxE,SAAS,CAACyE,yBAAyB;UACtD,CAAC,MAAM;YACL,IAAI;cACFgB,YAAY,GAAI,gBAAeP,WAAY,UAAS/C,sBAAuB,iCAAgCG,gBAAiB,SAAQhB,KAAK,CAACiD,cAAc,CAAC,CAAE,kCAAiCO,SAAU,0BAAyBG,eAAgB,EAAC;cAChP,MAAMtE,SAAS,CAAC;gBACd+E,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;gBAC1B3C,IAAI,EAAEgD,YAAY;gBAClBJ,MAAM;gBACN/D;cACF,CAAC,CAAC;YACJ,CAAC,CAAC,OAAO4E,EAAE,EAAE;cAAA,IAAAC,YAAA,EAAAC,oBAAA;cACX,IACE,EAAAD,YAAA,GAAAD,EAAE,CAACJ,QAAQ,cAAAK,YAAA,uBAAXA,YAAA,CAAaJ,MAAM,MAAK,GAAG,IAC3B,EAAAK,oBAAA,GAAAF,EAAE,CAACJ,QAAQ,CAACP,OAAO,cAAAa,oBAAA,gBAAAA,oBAAA,GAAnBA,oBAAA,CAAqBJ,QAAQ,cAAAI,oBAAA,uBAA7BA,oBAAA,CAA+BH,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACpD;gBACA1D,aAAa,GAAGD,gBAAgB;gBAChClC,cAAc,CAAC;kBACbsC,OAAO,EAAG,qBAAoB,CAAC,YAAY,CAAC,GAAI,YAAW;kBAC3DpB;gBACF,CAAC,CAAC;gBACFkD,cAAc,GAAGxE,SAAS,CAAC0E,4BAA4B;cACzD,CAAC,MAAM;gBACLtE,cAAc,CAAC;kBACbsC,OAAO,EAAG,oBAAmB,CAAC,YAAY,CAAC,GAAI,YAAW;kBAC1DpB;gBACF,CAAC,CAAC;cACJ;YACF;UACF;QACF;QACA,OAAOkD,cAAc;MACvB;EACF;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA,SAAS6B,kBAAkBA,CAACC,WAAW,EAAE;EACvC,IAAI,SAAS,IAAIA,WAAW,EAAE;IAC5B,MAAMC,aAAa,GAAGD,WAAW,CAACE,OAAO;IACzC,MAAMC,EAAE,GAAG,8BAA8B;IACzC,MAAMD,OAAO,GAAGD,aAAa,CAACG,KAAK,CAACD,EAAE,CAAC;IACvC,OAAOD,OAAO,CAAC,CAAC,CAAC;EACnB;EACA,MAAM,IAAIG,KAAK,CAAC,2DAA2D,CAAC;AAC9E;AAUA;AACA;AACA;AACA;AACA;AACA,eAAeC,wBAAwBA,CAAC;EACtCtF;AAGF,CAAC,EAAgC;EAC/BpB,YAAY,CAAC;IACXwC,OAAO,EAAG,iDAAgD;IAC1DpB;EACF,CAAC,CAAC;EACF,MAAM+D,MAAM,GAAG;IACbE,OAAO,EAAE;MACP,mBAAmB,EAAEjE,KAAK,CAACuC,WAAW,CAAC,CAAC;MACxC,mBAAmB,EAAEvC,KAAK,CAACwC,WAAW,CAAC;IACzC;EACF,CAAC;EACD,IAAIgC,QAAQ,GAAG,MAAMjG,IAAI,CAAC;IAAEgH,IAAI,EAAE,CAAC,CAAC;IAAExB,MAAM;IAAE/D;EAAM,CAAC,CAAC;EAEtD,IAAIwF,OAAO,GAAG,IAAI;EAClB,IAAIC,KAAK,GAAG,CAAC;EACb,MAAMC,QAAQ,GAAG,CAAC;EAClB,GAAG;IACDF,OAAO,GAAGlE,iBAAiB,CAACkD,QAAQ,EAAExE,KAAK,CAAC;;IAE5C;IACA,IAAI,CAACwF,OAAO,CAACpD,SAAS,EAAE;MACtB,MAAM,IAAIiD,KAAK,CAAE,2BAA0BG,OAAO,CAACrD,MAAO,EAAC,CAAC;IAC9D;IAEA,IAAIqD,OAAO,CAACvD,QAAQ,EAAE;MACpBwD,KAAK,EAAE;MACPjB,QAAQ,GAAG,MAAMjG,IAAI,CAAC;QAAEgH,IAAI,EAAEC,OAAO,CAACjE,OAAO;QAAEvB;MAAM,CAAC,CAAC;IACzD;IAEA,IAAI,SAAS,IAAIwE,QAAQ,EAAE;MACzBA,QAAQ,CAAC,YAAY,CAAC,GAAG,KAAK;MAC9B;MACA,MAAMmB,WAAW,GAAG,MAAMrG,cAAc,CAAC;QACvCsG,OAAO,EAAEpB,QAAQ,CAAC,SAAS,CAAC;QAC5BxE;MACF,CAAC,CAAC;MACFwE,QAAQ,CAAC,SAAS,CAAC,GAAGqB,IAAI,CAACC,KAAK,CAACH,WAAW,CAACI,qBAAqB,CAAC;MACnEnH,YAAY,CAAC;QACXwC,OAAO,EAAG,0DAAyDoD,QAAQ,CAAC,SAAS,CAAE,GAAE;QACzFxE;MACF,CAAC,CAAC;MACFpB,YAAY,CAAC;QACXwC,OAAO,EAAEoD,QAAQ;QACjBxE;MACF,CAAC,CAAC;MACF,OAAOwE,QAAQ;IACjB;EACF,CAAC,QAAQgB,OAAO,CAACvD,QAAQ,IAAIwD,KAAK,GAAGC,QAAQ;EAC7C9G,YAAY,CAAC;IACXwC,OAAO,EAAG,4DAA2D;IACrEpB;EACF,CAAC,CAAC;EACF,OAAO,IAAI;AACb;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAegG,mBAAmBA,CAAChG,KAAY,EAAgC;EAC7EpB,YAAY,CAAC;IACXwC,OAAO,EAAG,4CAA2C;IACrDpB;EACF,CAAC,CAAC;EACF,IAAIiG,KAA0B,GAAG,IAAI;EACrC,IAAIjG,KAAK,CAACkG,gBAAgB,CAAC,CAAC,KAAK,MAAMzG,mBAAmB,CAAC;IAAEO;EAAM,CAAC,CAAC,CAAC,EAAE;IACtE,IAAI;MACFiG,KAAK,GAAG,MAAMrG,oBAAoB,CAAC;QAAEI;MAAM,CAAC,CAAC;MAC7CiG,KAAK,CAACE,UAAU,GAAG,IAAI;MACvBvH,YAAY,CAAC;QACXwC,OAAO,EAAG,6CAA4C;QACtDpB;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOoG,KAAK,EAAE;MACdxH,YAAY,CAAC;QACXwC,OAAO,EAAG,wDAAuD;QACjEpB;MACF,CAAC,CAAC;IACJ;EACF;EACA,IAAI,CAACiG,KAAK,EAAE;IACVA,KAAK,GAAG,MAAMX,wBAAwB,CAAC;MAAEtF;IAAM,CAAC,CAAC;IACjDiG,KAAK,CAACE,UAAU,GAAG,KAAK;IACxBvH,YAAY,CAAC;MACXwC,OAAO,EAAG,4CAA2C;MACrDpB;IACF,CAAC,CAAC;EACJ;EACA,IAAIA,KAAK,CAACkG,gBAAgB,CAAC,CAAC,EAAE;IAC5B,MAAMnG,oBAAoB,CAAC;MAAEkG,KAAK;MAAEjG;IAAM,CAAC,CAAC;EAC9C;EACApB,YAAY,CAAC;IACXwC,OAAO,EAAG,0CAAyC;IACnDpB;EACF,CAAC,CAAC;EACF,OAAOiG,KAAK;AACd;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeI,WAAWA,CACxBzC,WAAmB,EACnB0C,aAAqB,EACrBC,mBAA2B,EAC3BvG,KAAY,EACZ;EACA,IAAI;IAAA,IAAAwG,iBAAA;IACF,MAAMrC,YAAY,GAAI,gBAAeP,WAAY,UAC/C5D,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,KAAKpE,SAAS,CAACyE,yBAAyB,GAC7DvC,mBAAmB,GACnBC,sBACL,iCAAgCI,aAAc,SAAQjB,KAAK,CAACiD,cAAc,CAAC,CAAE,kCAAiCqD,aAAc,0BAAyBC,mBAAoB,EAAC;IAC3K,MAAMxC,MAAM,GAAG;MACbE,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDD,YAAY,EAAE;IAChB,CAAC;IACD,IAAIQ,QAAQ,GAAGlE,SAAS;IACxB,IAAI;MACFkE,QAAQ,GAAG,MAAMnF,SAAS,CAAC;QACzB+E,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;QAC1B3C,IAAI,EAAEgD,YAAY;QAClBJ,MAAM;QACN/D;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOoG,KAAK,EAAE;MACd5B,QAAQ,GAAG4B,KAAK,CAAC5B,QAAQ;MACzB,IAAIA,QAAQ,CAACC,MAAM,GAAG,GAAG,IAAID,QAAQ,CAACC,MAAM,GAAG,GAAG,EAAE;QAClD5F,YAAY,CAAC;UACXuC,OAAO,EAAE,yBAAyB;UAClCM,IAAI,EAAE,OAAO;UACb1B;QACF,CAAC,CAAC;QACFnB,YAAY,CAAC;UACXuC,OAAO,EAAEoD,QAAQ,CAACrD,IAAI;UACtBO,IAAI,EAAE,OAAO;UACb1B;QACF,CAAC,CAAC;QACF,OAAO,IAAI;MACb;IACF;IACA,MAAMyG,mBAAmB,IAAAD,iBAAA,GAAGhC,QAAQ,CAACP,OAAO,cAAAuC,iBAAA,uBAAhBA,iBAAA,CAAkB9B,QAAQ;IACtD,MAAMgC,WAAW,GAAGrI,GAAG,CAACyH,KAAK,CAACW,mBAAmB,EAAE,IAAI,CAAC,CAACE,KAAK;IAC9D,IAAI,MAAM,IAAID,WAAW,EAAE;MACzB,OAAOA,WAAW,CAACrE,IAAI;IACzB;IACAxD,YAAY,CAAC;MAAEuC,OAAO,EAAE,qBAAqB;MAAEM,IAAI,EAAE,OAAO;MAAE1B;IAAM,CAAC,CAAC;IACtE,OAAO,IAAI;EACb,CAAC,CAAC,OAAOoG,KAAK,EAAE;IAAA,IAAAQ,eAAA;IACd/H,YAAY,CAAC;MACXuC,OAAO,EAAG,6BAA4BgF,KAAK,CAAChF,OAAQ,EAAC;MACrDM,IAAI,EAAE,OAAO;MACb1B;IACF,CAAC,CAAC;IACFnB,YAAY,CAAC;MAAEuC,OAAO,GAAAwF,eAAA,GAAER,KAAK,CAAC5B,QAAQ,cAAAoC,eAAA,uBAAdA,eAAA,CAAgBzF,IAAI;MAAEO,IAAI,EAAE,OAAO;MAAE1B;IAAM,CAAC,CAAC;IACrEpB,YAAY,CAAC;MAAEwC,OAAO,EAAEgF,KAAK,CAACS,KAAK;MAAE7G;IAAM,CAAC,CAAC;IAC7C,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAe8G,uBAAuBA,CAAC;EACrC9G;AAGF,CAAC,EAAgC;EAC/BpB,YAAY,CAAC;IACXwC,OAAO,EAAG,8CAA6C;IACvDpB;EACF,CAAC,CAAC;EACF,IAAI;IACF,MAAMuD,QAAQ,GAAG5E,eAAe,CAACR,WAAW,CAAC,EAAE,CAAC,CAAC;IACjD,MAAMqF,SAAS,GAAG7E,eAAe,CAC/BT,UAAU,CAAC,QAAQ,CAAC,CAACuF,MAAM,CAACF,QAAQ,CAAC,CAACG,MAAM,CAAC,CAC/C,CAAC;IACD,MAAMC,eAAe,GAAG,MAAM;IAC9B,MAAMC,WAAW,GAAGvF,GAAG,CAACwF,OAAO,CAAC7D,KAAK,CAAC8D,OAAO,CAAC,CAAC,EAAEnD,mBAAmB,CAAC;IACrE,MAAMoG,QAAQ,GAAG,MAAMV,WAAW,CAChCzC,WAAW,EACXJ,SAAS,EACTG,eAAe,EACf3D,KACF,CAAC;IACD,IAAI+G,QAAQ,IAAI,IAAI,EAAE;MACpBlI,YAAY,CAAC;QACXuC,OAAO,EAAE,yBAAyB;QAClCM,IAAI,EAAE,OAAO;QACb1B;MACF,CAAC,CAAC;MACF,OAAO,IAAI;IACb;IACA,IAAIwE,QAA6B,GAAG,IAAI;IACxC,IAAIxE,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,KAAKpE,SAAS,CAACyE,yBAAyB,EAAE;MACrE,MAAMY,MAAM,GAAG;QACbiD,IAAI,EAAE;UACJC,QAAQ,EAAEhG,aAAa;UACvBiG,QAAQ,EAAExG;QACZ;MACF,CAAC;MACD,MAAMyD,YAAY,GAAI,gBAAeP,WAAY,uCAAsCmD,QAAS,kBAAiBxD,QAAS,EAAC;MAC3HiB,QAAQ,GAAG,MAAMpF,WAAW,CAAC;QAC3BgF,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;QAC1B3C,IAAI,EAAEgD,YAAY;QAClBJ,MAAM;QACN/D;MACF,CAAC,CAAC;IACJ,CAAC,MAAM;MACL,MAAMmE,YAAY,GAAI,aAAYlD,aAAc,iBAAgB2C,WAAY,uCAAsCmD,QAAS,kBAAiBxD,QAAS,EAAC;MACtJiB,QAAQ,GAAG,MAAMpF,WAAW,CAAC;QAC3BgF,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;QAC1B3C,IAAI,EAAEgD,YAAY;QAClBJ,MAAM,EAAE,CAAC,CAAC;QACV/D;MACF,CAAC,CAAC;IACJ;IACA,IAAI,cAAc,IAAIwE,QAAQ,EAAE;MAC9B5F,YAAY,CAAC;QACXwC,OAAO,EAAG,uDAAsD;QAChEpB;MACF,CAAC,CAAC;MACF,OAAOwE,QAAQ;IACjB;IACA3F,YAAY,CAAC;MACXuC,OAAO,EAAE,8BAA8B;MACvCM,IAAI,EAAE,OAAO;MACb1B;IACF,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOoG,KAAK,EAAE;IAAA,IAAAe,gBAAA;IACdvI,YAAY,CAAC;MACXwC,OAAO,EAAG,wCAAuCgF,KAAM,EAAC;MACxDpG;IACF,CAAC,CAAC;IACFpB,YAAY,CAAC;MAAEwC,OAAO,GAAA+F,gBAAA,GAAEf,KAAK,CAAC5B,QAAQ,cAAA2C,gBAAA,uBAAdA,gBAAA,CAAgBhG,IAAI;MAAEnB;IAAM,CAAC,CAAC;EACxD;EACApB,YAAY,CAAC;IACXwC,OAAO,EAAG,0DAAyD;IACnEpB;EACF,CAAC,CAAC;EACF,OAAO,IAAI;AACb;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAeoH,kBAAkBA,CAACpH,KAAY,EAAgC;EAC5EpB,YAAY,CAAC;IACXwC,OAAO,EAAG,2CAA0C;IACpDpB;EACF,CAAC,CAAC;EACF,IAAIiG,KAA0B,GAAG,IAAI;EACrC,IAAIjG,KAAK,CAACkG,gBAAgB,CAAC,CAAC,KAAK,MAAM1G,kBAAkB,CAAC;IAAEQ;EAAM,CAAC,CAAC,CAAC,EAAE;IACrE,IAAI;MACFiG,KAAK,GAAG,MAAMtG,mBAAmB,CAAC;QAAEK;MAAM,CAAC,CAAC;MAC5CiG,KAAK,CAACE,UAAU,GAAG,IAAI;MACvBvH,YAAY,CAAC;QACXwC,OAAO,EAAG,kDAAiD;QAC3DpB;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOoG,KAAK,EAAE;MACdxH,YAAY,CAAC;QACXwC,OAAO,EAAG,6DAA4D;QACtEpB;MACF,CAAC,CAAC;IACJ;EACF;EACA,IAAI,CAACiG,KAAK,EAAE;IACVA,KAAK,GAAG,MAAMa,uBAAuB,CAAC;MAAE9G;IAAM,CAAC,CAAC;IAChDiG,KAAK,CAACE,UAAU,GAAG,KAAK;IACxBvH,YAAY,CAAC;MACXwC,OAAO,EAAG,iDAAgD;MAC1DpB;IACF,CAAC,CAAC;EACJ;EACA,IAAIA,KAAK,CAACkG,gBAAgB,CAAC,CAAC,EAAE;IAC5B,MAAMpG,mBAAmB,CAAC;MAAEmG,KAAK;MAAEjG;IAAM,CAAC,CAAC;EAC7C;EACA,OAAOiG,KAAK;AACd;AAEA,SAASoB,aAAaA,CAACC,gBAAwB,EAAEC,IAAY,EAAE;EAC7D,MAAMC,CAAC,GAAGxI,QAAQ,CAACuI,IAAI,CAAC;EACxB,MAAME,GAAG,GAAI,GAAED,CAAC,CAACE,MAAO,IACtBF,CAAC,CAACG,IAAI,GAAGH,CAAC,CAACG,IAAI,GAAGH,CAAC,CAACI,QAAQ,KAAK,OAAO,GAAG,KAAK,GAAG,IACpD,GAAEJ,CAAC,CAACK,QAAS,sBAAqB;;EAEnC;EACA,MAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAAC,IAAInC,IAAI,CAAC,CAAC,CAACoC,OAAO,CAAC,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC;;EAEzD;EACA,MAAMC,GAAG,GAAG5J,EAAE,CAAC,CAAC;EAEhB,MAAM6J,GAAG,GAAGb,gBAAgB;EAC5B,MAAMc,GAAG,GAAGd,gBAAgB;;EAE5B;EACA,MAAM/F,OAAO,GAAG;IAAE4G,GAAG;IAAEC,GAAG;IAAEX,GAAG;IAAEK,GAAG;IAAEI;EAAI,CAAC;EAE3C,OAAO3G,OAAO;AAChB;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAed,qBAAqBA,CAAC;EAC1CJ,IAAI,GAAGC,SAAS;EAChBC,KAAK,GAAGD,SAAS;EACjBN;AAKF,CAAC,EAAgC;EAC/BpB,YAAY,CAAC;IACXwC,OAAO,EAAG,8CAA6C;IACvDpB;EACF,CAAC,CAAC;EACFK,IAAI,GAAGA,IAAI,GAAGA,IAAI,GAAGL,KAAK,CAACqI,mBAAmB,CAAC,CAAC;EAChD9H,KAAK,GAAGA,KAAK,GAAGA,KAAK,GAAGP,KAAK,CAACsI,oBAAoB,CAAC,CAAC;EACpD,MAAM/G,OAAO,GAAG8F,aAAa,CAAChH,IAAI,EAAEL,KAAK,CAAC8D,OAAO,CAAC,CAAC,CAAC;EACpD,MAAMyE,GAAG,GAAG,MAAMpJ,oBAAoB,CAACoC,OAAO,EAAEhB,KAAK,CAAC;EACtD,MAAM4D,YAAY,GAAI,aAAYoE,GAAI,2FAA0FzH,oBAAqB,EAAC;EACtJ,MAAM0D,QAAQ,GAAG,MAAMpF,WAAW,CAAC;IACjCgF,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;IAC1B3C,IAAI,EAAEgD,YAAY;IAClBJ,MAAM,EAAE,CAAC,CAAC;IACV/D;EACF,CAAC,CAAC;EACF,IAAI,cAAc,IAAIwE,QAAQ,EAAE;IAC9B5F,YAAY,CAAC;MACXwC,OAAO,EAAG,4CAA2C;MACrDpB;IACF,CAAC,CAAC;IACF,OAAOwE,QAAQ;EACjB;EACA5F,YAAY,CAAC;IACXwC,OAAO,EAAG,0EAAyE;IACnFpB;EACF,CAAC,CAAC;EACF,OAAO,IAAI;AACb;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAewI,gBAAgBA,CAAC;EACrCxI;AAGF,CAAC,EAAgC;EAC/BpB,YAAY,CAAC;IACXwC,OAAO,EAAG,yCAAwC;IAClDpB;EACF,CAAC,CAAC;EACF,IAAIiG,KAA0B,GAAG,IAAI;EACrC,IAAIjG,KAAK,CAACkG,gBAAgB,CAAC,CAAC,KAAK,MAAM3G,gBAAgB,CAAC;IAAES;EAAM,CAAC,CAAC,CAAC,EAAE;IACnE,IAAI;MACFiG,KAAK,GAAG,MAAMvG,iBAAiB,CAAC;QAAEM;MAAM,CAAC,CAAC;MAC1CiG,KAAK,CAACE,UAAU,GAAG,IAAI;MACvBvH,YAAY,CAAC;QACXwC,OAAO,EAAG,gDAA+C;QACzDpB;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOoG,KAAK,EAAE;MACdxH,YAAY,CAAC;QACXwC,OAAO,EAAG,2DAA0D;QACpEpB;MACF,CAAC,CAAC;IACJ;EACF;EACA,IAAI,CAACiG,KAAK,EAAE;IACVA,KAAK,GAAG,MAAMxF,qBAAqB,CAAC;MAAET;IAAM,CAAC,CAAC;IAC9CiG,KAAK,CAACE,UAAU,GAAG,KAAK;IACxBvH,YAAY,CAAC;MACXwC,OAAO,EAAG,+CAA8C;MACxDpB;IACF,CAAC,CAAC;EACJ;EACA,IAAIA,KAAK,CAACkG,gBAAgB,CAAC,CAAC,EAAE;IAC5B,MAAMrG,iBAAiB,CAAC;MAAEoG,KAAK;MAAEjG;IAAM,CAAC,CAAC;EAC3C;EACA,OAAOiG,KAAK;AACd;;AAEA;AACA;AACA;AACA;AACA,eAAewC,gDAAgDA,CAC7DzI,KAAY,EACG;EACfpB,YAAY,CAAC;IACXwC,OAAO,EAAG,yEAAwE;IAClFpB;EACF,CAAC,CAAC;EACFA,KAAK,CAAC0I,iBAAiB,CAAC,MAAM3F,uBAAuB,CAAC/C,KAAK,CAAC,CAAC;EAC7DyC,qBAAqB,CAACzC,KAAK,CAAC;EAC5BpB,YAAY,CAAC;IACXwC,OAAO,EAAG,2EAA0EpB,KAAK,CAAC0C,QAAQ,CAAC,CAAE,UAAS1C,KAAK,CAAC8C,iBAAiB,CAAC,CAAE,EAAC;IACzI9C;EACF,CAAC,CAAC;EAEF,MAAMgF,WAAW,GAAG,MAAMvG,oBAAoB,CAAC;IAAEuB;EAAM,CAAC,CAAC;;EAEzD;EACApB,YAAY,CAAC;IAAEwC,OAAO,EAAG,iBAAgB4D,WAAW,CAAC2D,WAAY,EAAC;IAAE3I;EAAM,CAAC,CAAC;EAE5E,MAAMkF,OAAO,GAAG,MAAMH,kBAAkB,CAACC,WAAW,CAAC;EACrDhF,KAAK,CAAC4I,YAAY,CAAC1D,OAAO,CAAC;EAC3BtG,YAAY,CAAC;IACXwC,OAAO,EAAG,uEAAsE;IAChFpB;EACF,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAe6I,kBAAkBA,CAAC7I,KAAY,EAAmB;EAC/D,IAAI8I,aAAa,GAAI,QAAO9I,KAAK,CAACuC,WAAW,CAAC,CAAE,EAAC;EACjD,IAAIvC,KAAK,CAACsD,0BAA0B,CAAC,CAAC,EAAE;IACtC,IAAI;MACF,MAAMyF,IAAI,GAAG,CACX,MAAM9J,iBAAiB,CAAC;QACtBqI,gBAAgB,EAAEtH,KAAK,CAACqI,mBAAmB,CAAC,CAAC;QAC7CrI;MACF,CAAC,CAAC,EACF+I,IAAI;MACND,aAAa,GAAI,mBAAkBC,IAAK,KAAI/I,KAAK,CAACqI,mBAAmB,CAAC,CAAE,GAAE;IAC5E,CAAC,CAAC,OAAOjC,KAAK,EAAE;MACd0C,aAAa,GAAI,mBAAkB9I,KAAK,CAACqI,mBAAmB,CAAC,CAAE,EAAC;IAClE;EACF;EACA,OAAOS,aAAa;AACtB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASE,mBAAmBA,CAC1B9I,gBAAyB,EACzBC,WAAoB,EACpBH,KAAY,EACZ;EACA,IAAIiJ,KAAK,GAAGjJ,KAAK,CAACkJ,mBAAmB,CAAC,CAAC;EACvC;EACA,IAAID,KAAK,EAAE;IACTrK,YAAY,CAAC;MACXwC,OAAO,EAAG,4DAA2D;MACrEpB;IACF,CAAC,CAAC;IACFmJ,YAAY,CAACF,KAAK,CAAC;EACrB;EACA;EACA,IAAI9I,WAAW,EAAE;IAAA,IAAAiJ,qBAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,sBAAA;IACf,MAAMC,OAAO,GACXxJ,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,KAAKpE,SAAS,CAAC2E,2BAA2B,IAAA+F,qBAAA,GAC/DpJ,KAAK,CAACyJ,uBAAuB,CAAC,CAAC,cAAAL,qBAAA,uBAA/BA,qBAAA,CAAiCI,OAAO,GACxCxJ,KAAK,CAACsD,0BAA0B,CAAC,CAAC,IAAA+F,qBAAA,GAChCrJ,KAAK,CAAC0J,kBAAkB,CAAC,CAAC,cAAAL,qBAAA,uBAA1BA,qBAAA,CAA4BG,OAAO,GACnCzB,IAAI,CAAC4B,GAAG,EAAAL,sBAAA,GACNtJ,KAAK,CAAC0J,kBAAkB,CAAC,CAAC,cAAAJ,sBAAA,uBAA1BA,sBAAA,CAA4BE,OAAO,GAAAD,sBAAA,GACnCvJ,KAAK,CAACyJ,uBAAuB,CAAC,CAAC,cAAAF,sBAAA,uBAA/BA,sBAAA,CAAiCC,OACnC,CAAC;IACT,MAAMI,OAAO,GAAGJ,OAAO,GAAG3D,IAAI,CAACgE,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE;IAChD,IAAID,OAAO,GAAG,IAAI,GAAG,EAAE,EAAE;MACvB,MAAM,IAAIvE,KAAK,CACZ,yEAAwE0C,IAAI,CAAC+B,IAAI,CAChFF,OACF,CAAE,EACJ,CAAC;IACH;IACAhL,YAAY,CAAC;MACXwC,OAAO,EAAG,uDAAsD2G,IAAI,CAACC,KAAK,CACxE4B,OAAO,GAAG,IACZ,CAAE,MAAK,IAAI/D,IAAI,CAAC+D,OAAO,CAAC,CAACG,UAAU,CAAC,CAAE,KAAI,IAAIlE,IAAI,CAChD+D,OACF,CAAC,CAACI,UAAU,CAAC,CAAE,KAAI;MACnBhK;IACF,CAAC,CAAC;IACFiJ,KAAK,GAAGgB,UAAU,CAAChK,SAAS,EAAE2J,OAAO,EAAE;MACrC1J,gBAAgB;MAChBC,WAAW;MACXH;MACA;IACF,CAAC,CAA8B;IAC/BA,KAAK,CAACkK,mBAAmB,CAACjB,KAAK,CAAC;IAChCA,KAAK,CAACkB,KAAK,CAAC,CAAC;EACf;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAelK,SAASA,CAAC;EAC9BC,gBAAgB,GAAG,KAAK;EACxBC,WAAW,GAAG,IAAI;EAClBH;AAKF,CAAC,EAAoB;EACnBpB,YAAY,CAAC;IAAEwC,OAAO,EAAG,kCAAiC;IAAEpB;EAAM,CAAC,CAAC;EACpE,IAAI,CAACA,KAAK,CAAC8D,OAAO,CAAC,CAAC,EAAE;IACpBjF,YAAY,CAAC;MACXuC,OAAO,EAAG,wDAAuD;MACjEM,IAAI,EAAE,OAAO;MACb1B;IACF,CAAC,CAAC;IACF,OAAO,KAAK;EACd;EACA,IAAI;IACF;IACA,IACEA,KAAK,CAACuC,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3BvC,KAAK,CAACwC,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3B,CAACxC,KAAK,CAACqI,mBAAmB,CAAC,CAAC,IAC5B,CAACrI,KAAK,CAACsI,oBAAoB,CAAC,CAAC,EAC7B;MACA,MAAM8B,IAAI,GAAG,MAAMlL,oBAAoB,CAAC;QAAEc;MAAM,CAAC,CAAC;MAClD,IAAIoK,IAAI,EAAE;QACRpK,KAAK,CAACqK,OAAO,CAACD,IAAI,CAACE,MAAM,CAAC;QAC1BtK,KAAK,CAAC0I,iBAAiB,CAAC0B,IAAI,CAAClH,cAAc,CAAC;QAC5ClD,KAAK,CAACuK,WAAW,CAACH,IAAI,CAACnD,QAAQ,CAAC;QAChCjH,KAAK,CAACwK,WAAW,CAACJ,IAAI,CAAClD,QAAQ,CAAC;QAChClH,KAAK,CAACyK,wBAAwB,CAACL,IAAI,CAACM,qBAAqB,CAAC;QAC1D1K,KAAK,CAAC2K,gCAAgC,CACpCP,IAAI,CAACQ,6BACP,CAAC;QACD5K,KAAK,CAAC6K,mBAAmB,CAACT,IAAI,CAACU,SAAS,CAAC;QACzC9K,KAAK,CAAC+K,oBAAoB,CAACX,IAAI,CAACY,UAAU,CAAC;MAC7C,CAAC,MAAM;QACL,OAAO,KAAK;MACd;IACF;;IAEA;IACA,IAAI,CAACjM,UAAU,CAACiB,KAAK,CAAC8D,OAAO,CAAC,CAAC,CAAC,EAAE;MAChC,MAAMsG,IAAI,GAAG,MAAMlL,oBAAoB,CAAC;QAAEc;MAAM,CAAC,CAAC;MAClD,IAAIoK,IAAI,EAAE;QACRpK,KAAK,CAACqK,OAAO,CAACD,IAAI,CAACE,MAAM,CAAC;QAC1BtK,KAAK,CAAC0I,iBAAiB,CAAC0B,IAAI,CAAClH,cAAc,CAAC;MAC9C,CAAC,MAAM;QACL,OAAO,KAAK;MACd;IACF;;IAEA;IACAlD,KAAK,CAACiL,aAAa,CAAC,MAAM/J,mBAAmB,CAAClB,KAAK,CAAC,CAAC;;IAErD;IACA,IACE,CAACE,gBAAgB,IACjBF,KAAK,CAACqI,mBAAmB,CAAC,CAAC,IAC3BrI,KAAK,CAACsI,oBAAoB,CAAC,CAAC,EAC5B;MACA1J,YAAY,CAAC;QACXwC,OAAO,EAAG,kEAAiEpB,KAAK,CAACqI,mBAAmB,CAAC,CAAE,EAAC;QACxGrI;MACF,CAAC,CAAC;MACF,IAAI;QACF,MAAMiG,KAAK,GAAG,MAAMuC,gBAAgB,CAAC;UAAExI;QAAM,CAAC,CAAC;QAC/CA,KAAK,CAACkL,kBAAkB,CAACjF,KAAK,CAAC;QAC/BjG,KAAK,CAACmL,0BAA0B,CAAC,IAAI,CAAC;QACtC,MAAM1C,gDAAgD,CAACzI,KAAK,CAAC;MAC/D,CAAC,CAAC,OAAOoL,KAAK,EAAE;QAAA,IAAAC,eAAA,EAAAC,gBAAA,EAAAC,gBAAA;QACd3M,YAAY,CAAC;UAAEwC,OAAO,EAAE,EAAAiK,eAAA,GAAAD,KAAK,CAAC5G,QAAQ,cAAA6G,eAAA,uBAAdA,eAAA,CAAgBlK,IAAI,KAAIiK,KAAK;UAAEpL;QAAM,CAAC,CAAC;QAC/DpB,YAAY,CAAC;UAAEwC,OAAO,EAAEpB,KAAK,CAACwL,QAAQ,CAAC,CAAC;UAAExL;QAAM,CAAC,CAAC;QAClD,MAAM,IAAIqF,KAAK,CACZ,gCACC,EAAAiG,gBAAA,GAAAF,KAAK,CAAC5G,QAAQ,cAAA8G,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgBnK,IAAI,cAAAmK,gBAAA,uBAApBA,gBAAA,CAAsBG,iBAAiB,OAAAF,gBAAA,GACvCH,KAAK,CAAC5G,QAAQ,cAAA+G,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgBpK,IAAI,cAAAoK,gBAAA,uBAApBA,gBAAA,CAAsBnK,OAAO,KAC7BgK,KACD,EACH,CAAC;MACH;IACF;IACA;IAAA,KACK,IAAIpL,KAAK,CAACuC,WAAW,CAAC,CAAC,IAAIvC,KAAK,CAACwC,WAAW,CAAC,CAAC,EAAE;MACnD5D,YAAY,CAAC;QACXwC,OAAO,EAAG,+DAA8DpB,KAAK,CAACuC,WAAW,CAAC,CAAE,EAAC;QAC7FvC;MACF,CAAC,CAAC;MACF,MAAMiG,KAAK,GAAG,MAAMD,mBAAmB,CAAChG,KAAK,CAAC;MAC9C,IAAIiG,KAAK,EAAEjG,KAAK,CAAC0L,uBAAuB,CAACzF,KAAK,CAAC;MAC/C,MAAMwC,gDAAgD,CAACzI,KAAK,CAAC;MAC7D,IACEA,KAAK,CAACiD,cAAc,CAAC,CAAC;MACtB;MACCjD,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,KAAKpE,SAAS,CAACyE,yBAAyB,IAChEnD,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,KAAKpE,SAAS,CAAC0E,4BAA4B,CAAC,EACvE;QACA,MAAMhE,WAAW,GAAG,MAAMgI,kBAAkB,CAACpH,KAAK,CAAC;QACnD,IAAIZ,WAAW,EAAEY,KAAK,CAACkL,kBAAkB,CAAC9L,WAAW,CAAC;MACxD;IACF;IACA;IAAA,KACK;MACHP,YAAY,CAAC;QACXuC,OAAO,EAAG,+BAA8B;QACxCM,IAAI,EAAE,OAAO;QACb1B;MACF,CAAC,CAAC;MACF,OAAO,KAAK;IACd;IACA,IACEA,KAAK,CAACiD,cAAc,CAAC,CAAC,IACrBjD,KAAK,CAACsD,0BAA0B,CAAC,CAAC,IAAItD,KAAK,CAAC2L,cAAc,CAAC,CAAE,EAC9D;MAAA,IAAAC,sBAAA,EAAAC,sBAAA;MACA,KAAAD,sBAAA,GAAI5L,KAAK,CAAC0J,kBAAkB,CAAC,CAAC,cAAAkC,sBAAA,eAA1BA,sBAAA,CAA4BzF,UAAU,EAAE;QAC1CrH,cAAc,CAAC;UAAEsC,OAAO,EAAG,4BAA2B;UAAEpB;QAAM,CAAC,CAAC;MAClE;MACA,IACE,CAACA,KAAK,CAACsD,0BAA0B,CAAC,CAAC,KAAAuI,sBAAA,GACnC7L,KAAK,CAACyJ,uBAAuB,CAAC,CAAC,cAAAoC,sBAAA,eAA/BA,sBAAA,CAAiC1F,UAAU,EAC3C;QACArH,cAAc,CAAC;UAAEsC,OAAO,EAAG,6BAA4B;UAAEpB;QAAM,CAAC,CAAC;MACnE;MACAnB,YAAY,CAAC;QACXuC,OAAO,EAAG,gBAAepB,KAAK,CAAC8D,OAAO,CAAC,CAAE,KACvC9D,KAAK,CAAC0C,QAAQ,CAAC,CAAC,GAAG1C,KAAK,CAAC0C,QAAQ,CAAC,CAAC,GAAG,MACvC,QAAO,MAAMmG,kBAAkB,CAAC7I,KAAK,CAAE,EAAC;QACzC0B,IAAI,EAAE,MAAM;QACZ1B;MACF,CAAC,CAAC;MACFgJ,mBAAmB,CAAC9I,gBAAgB,EAAEC,WAAW,EAAEH,KAAK,CAAC;MACzDpB,YAAY,CAAC;QACXwC,OAAO,EAAG,4CAA2C;QACrDpB;MACF,CAAC,CAAC;MACF,OAAO,IAAI;IACb;EACF,CAAC,CAAC,OAAOoG,KAAK,EAAE;IAAA,IAAA0F,gBAAA,EAAAC,gBAAA,EAAAC,gBAAA;IACd;IACAnN,YAAY,CAAC;MAAEuC,OAAO,EAAEgF,KAAK,CAAChF,OAAO;MAAEM,IAAI,EAAE,OAAO;MAAE1B;IAAM,CAAC,CAAC;IAC9D;IACAnB,YAAY,CAAC;MACXuC,OAAO,GAAA0K,gBAAA,GAAE1F,KAAK,CAAC5B,QAAQ,cAAAsH,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgB3K,IAAI,cAAA2K,gBAAA,uBAApBA,gBAAA,CAAsB1K,OAAO;MACtCM,IAAI,EAAE,OAAO;MACb1B;IACF,CAAC,CAAC;IACF;IACAnB,YAAY,CAAC;MACXuC,OAAO,GAAA2K,gBAAA,GAAE3F,KAAK,CAAC5B,QAAQ,cAAAuH,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgB5K,IAAI,cAAA4K,gBAAA,uBAApBA,gBAAA,CAAsBN,iBAAiB;MAChD/J,IAAI,EAAE,OAAO;MACb1B;IACF,CAAC,CAAC;IACF;IACApB,YAAY,CAAC;MAAEwC,OAAO,GAAA4K,gBAAA,GAAE5F,KAAK,CAAC5B,QAAQ,cAAAwH,gBAAA,uBAAdA,gBAAA,CAAgB7K,IAAI;MAAEnB;IAAM,CAAC,CAAC;IACtD;IACApB,YAAY,CAAC;MAAEwC,OAAO,EAAEgF,KAAK,CAACS,KAAK,IAAI,IAAIxB,KAAK,CAAC,CAAC,CAACwB,KAAK;MAAE7G;IAAM,CAAC,CAAC;EACpE;EACApB,YAAY,CAAC;IACXwC,OAAO,EAAG,+CAA8C;IACxDpB;EACF,CAAC,CAAC;EACF,OAAO,KAAK;AACd"}
1
+ {"version":3,"file":"AuthenticateOps.js","names":["createHash","randomBytes","readlineSync","url","v4","step","getServerInfo","getServerVersionInfo","Constants","encodeBase64Url","debugMessage","printMessage","verboseMessage","isValidUrl","parseUrl","getServiceAccount","getConnectionProfile","createSignedJwtToken","accessToken","authorize","getSessionInfo","hasSaBearerToken","hasUserBearerToken","hasUserSessionToken","readSaBearerToken","readUserBearerToken","readUserSessionToken","saveSaBearerToken","saveUserBearerToken","saveUserSessionToken","state","getTokens","forceLoginAsUser","autoRefresh","getAccessTokenForServiceAccount","saId","undefined","saJwk","access_token","getFreshSaBearerToken","adminClientPassword","redirectUrlTemplate","cloudIdmAdminScopes","forgeopsIdmAdminScopes","serviceAccountScopes","fidcClientId","forgeopsClientId","adminClientId","determineCookieName","data","message","cookieName","checkAndHandle2FA","payload","callback","callbacks","type","localAuth","value","output","provider","input","includes","nextStep","need2fa","factor","supported","code","question","getUsername","getPassword","determineDefaultRealm","getRealm","DEFAULT_REALM_KEY","setRealm","DEPLOYMENT_TYPE_REALM_MAP","getDeploymentType","determineDeploymentType","cookieValue","getCookieValue","deploymentType","CLOUD_DEPLOYMENT_TYPE_KEY","FORGEOPS_DEPLOYMENT_TYPE_KEY","CLASSIC_DEPLOYMENT_TYPE_KEY","getUseBearerTokenForAmApis","verifier","challenge","update","digest","challengeMethod","redirectURL","resolve","getHost","config","maxRedirects","headers","getCookieName","bodyFormData","amBaseUrl","e","_e$response","_e$response$headers","response","status","location","indexOf","ex","_ex$response","_ex$response$headers","getSemanticVersion","versionInfo","versionString","version","rx","match","Error","getFreshUserSessionToken","body","skip2FA","steps","maxSteps","sessionInfo","tokenId","Date","parse","maxIdleExpirationTime","getUserSessionToken","token","getUseTokenCache","from_cache","error","getAuthCode","codeChallenge","codeChallengeMethod","_response$headers","redirectLocationURL","queryObject","query","_error$response","stack","getFreshUserBearerToken","authCode","auth","username","password","_error$response2","getUserBearerToken","createPayload","serviceAccountId","host","u","aud","origin","port","protocol","pathname","exp","Math","floor","getTime","jti","iss","sub","getServiceAccountId","getServiceAccountJwk","jwt","getSaBearerToken","determineDeploymentTypeAndDefaultRealmAndVersion","setDeploymentType","fullVersion","setAmVersion","getLoggedInSubject","subjectString","name","scheduleAutoRefresh","timer","getAutoRefreshTimer","clearTimeout","_state$getUserSession","_state$getBearerToken","_state$getBearerToken2","_state$getUserSession2","expires","getUserSessionTokenMeta","getBearerTokenMeta","min","timeout","now","ceil","getMinutes","getSeconds","setTimeout","setAutoRefreshTimer","unref","conn","setHost","tenant","setUsername","setPassword","setAuthenticationService","authenticationService","setAuthenticationHeaderOverrides","authenticationHeaderOverrides","setServiceAccountId","svcacctId","setServiceAccountJwk","svcacctJwk","setCookieName","setBearerTokenMeta","setUseBearerTokenForAmApis","saErr","_saErr$response","_saErr$response2","_saErr$response3","getState","error_description","setUserSessionTokenMeta","getBearerToken","_state$getBearerToken3","_state$getUserSession3","_error$response3","_error$response4","_error$response5"],"sources":["../../src/ops/AuthenticateOps.ts"],"sourcesContent":["import { createHash, randomBytes } from 'crypto';\nimport readlineSync from 'readline-sync';\nimport url from 'url';\nimport { v4 } from 'uuid';\n\nimport { step } from '../api/AuthenticateApi';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport Constants from '../shared/Constants';\nimport { State } from '../shared/State';\nimport { encodeBase64Url } from '../utils/Base64Utils';\nimport { debugMessage, printMessage, verboseMessage } from '../utils/Console';\nimport { isValidUrl, parseUrl } from '../utils/ExportImportUtils';\nimport { getServiceAccount } from './cloud/ServiceAccountOps';\nimport { getConnectionProfile } from './ConnectionProfileOps';\nimport { createSignedJwtToken, JwkRsa } from './JoseOps';\nimport {\n accessToken,\n type AccessTokenMetaType,\n authorize,\n} from './OAuth2OidcOps';\nimport { getSessionInfo } from './SessionOps';\nimport {\n hasSaBearerToken,\n hasUserBearerToken,\n hasUserSessionToken,\n readSaBearerToken,\n readUserBearerToken,\n readUserSessionToken,\n saveSaBearerToken,\n saveUserBearerToken,\n saveUserSessionToken,\n} from './TokenCacheOps';\n\nexport type Authenticate = {\n /**\n * Get tokens and stores them in State\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\n getTokens(\n forceLoginAsUser?: boolean,\n autoRefresh?: boolean\n ): Promise<boolean>;\n\n // Deprecated\n /**\n * Get access token for service account\n * @param {string} saId optional service account id\n * @param {JwkRsa} saJwk optional service account JWK\n * @returns {string | null} Access token or null\n * @deprecated since v2.0.0 use {@link Authenticate.getTokens | getTokens} instead\n * ```javascript\n * getTokens(): Promise<boolean>\n * ```\n * @group Deprecated\n */\n getAccessTokenForServiceAccount(\n saId?: string,\n saJwk?: JwkRsa\n ): Promise<string | null>;\n};\n\nexport default (state: State): Authenticate => {\n return {\n async getTokens(forceLoginAsUser = false, autoRefresh = true) {\n return getTokens({ forceLoginAsUser, autoRefresh, state });\n },\n\n // Deprecated\n async getAccessTokenForServiceAccount(\n saId: string = undefined,\n saJwk: JwkRsa = undefined\n ): Promise<string | null> {\n const { access_token } = await getFreshSaBearerToken({\n saId,\n saJwk,\n state,\n });\n return access_token;\n },\n };\n};\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst cloudIdmAdminScopes = 'openid fr:idm:* fr:idc:esv:*';\nconst forgeopsIdmAdminScopes = 'openid fr:idm:*';\nconst serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';\n\nconst fidcClientId = 'idmAdminClient';\nconst forgeopsClientId = 'idm-admin-ui';\nlet adminClientId = fidcClientId;\n\n/**\n * Helper function to get cookie name\n * @param {State} state library state\n * @returns {string} cookie name\n */\nasync function determineCookieName(state: State) {\n const data = await getServerInfo({ state });\n debugMessage({\n message: `AuthenticateOps.determineCookieName: cookieName=${data.cookieName}`,\n state,\n });\n return data.cookieName;\n}\n\n/**\n * Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @param {State} state library state\n * @returns {Object} an object indicating if 2fa is required and the original payload\n */\nfunction checkAndHandle2FA(payload, state: State) {\n debugMessage({ message: `AuthenticateOps.checkAndHandle2FA: start`, state });\n // let skippable = false;\n if ('callbacks' in payload) {\n for (const callback of payload.callbacks) {\n // select localAuthentication if Admin Federation is enabled\n if (callback.type === 'SelectIdPCallback') {\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: Admin federation enabled. Allowed providers:`,\n state,\n });\n let localAuth = false;\n for (const value of callback.output[0].value) {\n debugMessage({ message: `${value.provider}`, state });\n if (value.provider === 'localAuthentication') {\n localAuth = true;\n }\n }\n if (localAuth) {\n debugMessage({ message: `local auth allowed`, state });\n callback.input[0].value = 'localAuthentication';\n } else {\n debugMessage({ message: `local auth NOT allowed`, state });\n }\n }\n if (callback.type === 'HiddenValueCallback') {\n if (callback.input[0].value.includes('skip')) {\n // skippable = true;\n callback.input[0].value = 'Skip';\n // debugMessage(\n // `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=true]`\n // );\n // return {\n // nextStep: true,\n // need2fa: true,\n // factor: 'None',\n // supported: true,\n // payload,\n // };\n }\n if (callback.input[0].value.includes('webAuthnOutcome')) {\n // webauthn!!!\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, unsupported factor: webauthn]`,\n state,\n });\n return {\n nextStep: false,\n need2fa: true,\n factor: 'WebAuthN',\n supported: false,\n payload,\n };\n }\n }\n if (callback.type === 'NameCallback') {\n if (callback.output[0].value.includes('code')) {\n // skippable = false;\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: need2fa=true, skippable=false`,\n state,\n });\n printMessage({\n message: '2FA is enabled and required for this user...',\n state,\n });\n const code = readlineSync.question(`${callback.output[0].value}: `);\n callback.input[0].value = code;\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=false, factor=Code]`,\n state,\n });\n return {\n nextStep: true,\n need2fa: true,\n factor: 'Code',\n supported: true,\n payload,\n };\n } else {\n // answer callback\n callback.input[0].value = state.getUsername();\n }\n }\n if (callback.type === 'PasswordCallback') {\n // answer callback\n callback.input[0].value = state.getPassword();\n }\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: true,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: false,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n}\n\n/**\n * Helper function to set the default realm by deployment type\n * @param {State} state library state\n */\nfunction determineDefaultRealm(state: State) {\n if (!state.getRealm() || state.getRealm() === Constants.DEFAULT_REALM_KEY) {\n state.setRealm(\n Constants.DEPLOYMENT_TYPE_REALM_MAP[state.getDeploymentType()]\n );\n }\n}\n\n/**\n * Helper function to determine the deployment type\n * @param {State} state library state\n * @returns {Promise<string>} deployment type\n */\nasync function determineDeploymentType(state: State): Promise<string> {\n const cookieValue = state.getCookieValue();\n let deploymentType = state.getDeploymentType();\n\n switch (deploymentType) {\n case Constants.CLOUD_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n case Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY:\n adminClientId = forgeopsClientId;\n return deploymentType;\n\n case Constants.CLASSIC_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n // detect deployment type\n default: {\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${cloudIdmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n deploymentType = Constants.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage({\n message: `ForgeRock Identity Cloud`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${forgeopsIdmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage({\n message: `ForgeOps deployment`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage({\n message: `Classic deployment`['brightCyan'] + ` detected.`,\n state,\n });\n }\n }\n }\n }\n return deploymentType;\n }\n }\n}\n\n/**\n * Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n */\nfunction getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d])*)/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\nexport type UserSessionMetaType = {\n tokenId: string;\n successUrl: string;\n realm: string;\n expires: number;\n from_cache?: boolean;\n};\n\n/**\n * Helper function to authenticate and obtain and store session cookie\n * @param {State} state library state\n * @returns {string} Session token or null\n */\nasync function getFreshUserSessionToken({\n state,\n}: {\n state: State;\n}): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: start`,\n state,\n });\n const config = {\n headers: {\n 'X-OpenAM-Username': state.getUsername(),\n 'X-OpenAM-Password': state.getPassword(),\n },\n };\n let response = await step({ body: {}, config, state });\n\n let skip2FA = null;\n let steps = 0;\n const maxSteps = 3;\n do {\n skip2FA = checkAndHandle2FA(response, state);\n\n // throw exception if 2fa required but factor not supported by frodo (e.g. WebAuthN)\n if (!skip2FA.supported) {\n throw new Error(`Unsupported 2FA factor: ${skip2FA.factor}`);\n }\n\n if (skip2FA.nextStep) {\n steps++;\n response = await step({ body: skip2FA.payload, state });\n }\n\n if ('tokenId' in response) {\n response['from_cache'] = false;\n // get session expiration\n const sessionInfo = await getSessionInfo({\n tokenId: response['tokenId'],\n state,\n });\n response['expires'] = Date.parse(sessionInfo.maxIdleExpirationTime);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [tokenId=${response['tokenId']}]`,\n state,\n });\n debugMessage({\n message: response,\n state,\n });\n return response as UserSessionMetaType;\n }\n } while (skip2FA.nextStep && steps < maxSteps);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [no session]`,\n state,\n });\n return null;\n}\n\n/**\n * Helper function to obtain user session token\n * @param {State} state library state\n * @returns {Promise<UserSessionMetaType>} session token or null\n */\nasync function getUserSessionToken(state: State): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: start`,\n state,\n });\n let token: UserSessionMetaType = null;\n if (state.getUseTokenCache() && (await hasUserSessionToken({ state }))) {\n try {\n token = await readUserSessionToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: cached`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: failed cache read`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserSessionToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: fresh`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserSessionToken({ token, state });\n }\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: end`,\n state,\n });\n return token;\n}\n\n/**\n * Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @param {State} state library state\n * @returns {string} oauth2 authorization code or null\n */\nasync function getAuthCode(\n redirectURL: string,\n codeChallenge: string,\n codeChallengeMethod: string,\n state: State\n) {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${\n state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY\n ? cloudIdmAdminScopes\n : forgeopsIdmAdminScopes\n }&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (error) {\n response = error.response;\n if (response.status < 200 || response.status > 399) {\n printMessage({\n message: 'error getting auth code',\n type: 'error',\n state,\n });\n printMessage({\n message: response.data,\n type: 'error',\n state,\n });\n return null;\n }\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code;\n }\n printMessage({ message: 'auth code not found', type: 'error', state });\n return null;\n } catch (error) {\n printMessage({\n message: `error getting auth code - ${error.message}`,\n type: 'error',\n state,\n });\n printMessage({ message: error.response?.data, type: 'error', state });\n debugMessage({ message: error.stack, state });\n return null;\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getFreshUserBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: start`,\n state,\n });\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(\n redirectURL,\n challenge,\n challengeMethod,\n state\n );\n if (authCode == null) {\n printMessage({\n message: 'error getting auth code',\n type: 'error',\n state,\n });\n return null;\n }\n let response: AccessTokenMetaType = null;\n if (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n }\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: end with token`,\n state,\n });\n return response;\n }\n printMessage({\n message: 'No access token in response.',\n type: 'error',\n state,\n });\n } catch (error) {\n debugMessage({\n message: `Error getting access token for user: ${error}`,\n state,\n });\n debugMessage({ message: error.response?.data, state });\n }\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: end without token`,\n state,\n });\n return null;\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getUserBearerToken(state: State): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasUserBearerToken({ state }))) {\n try {\n token = await readUserBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserBearerToken({ token, state });\n }\n return token;\n}\n\nfunction createPayload(serviceAccountId: string, host: string) {\n const u = parseUrl(host);\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/**\n * Get fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getFreshSaBearerToken({\n saId = undefined,\n saJwk = undefined,\n state,\n}: {\n saId?: string;\n saJwk?: JwkRsa;\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: start`,\n state,\n });\n saId = saId ? saId : state.getServiceAccountId();\n saJwk = saJwk ? saJwk : state.getServiceAccountJwk();\n const payload = createPayload(saId, state.getHost());\n const jwt = await createSignedJwtToken(payload, saJwk);\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;\n const response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end`,\n state,\n });\n return response;\n }\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end [No access token in response]`,\n state,\n });\n return null;\n}\n\n/**\n * Get cached or fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getSaBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasSaBearerToken({ state }))) {\n try {\n token = await readSaBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshSaBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveSaBearerToken({ token, state });\n }\n return token;\n}\n\n/**\n * Helper function to determine deployment type, default realm, and version and update library state\n * @param state library state\n */\nasync function determineDeploymentTypeAndDefaultRealmAndVersion(\n state: State\n): Promise<void> {\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`,\n state,\n });\n state.setDeploymentType(await determineDeploymentType(state));\n determineDefaultRealm(state);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`,\n state,\n });\n\n const versionInfo = await getServerVersionInfo({ state });\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage({ message: `Full version: ${versionInfo.fullVersion}`, state });\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`,\n state,\n });\n}\n\n/**\n * Get logged-in subject\n * @param {State} state library state\n * @returns {string} a string identifying subject type and id\n */\nasync function getLoggedInSubject(state: State): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n try {\n const name = (\n await getServiceAccount({\n serviceAccountId: state.getServiceAccountId(),\n state,\n })\n ).name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n } catch (error) {\n subjectString = `service account ${state.getServiceAccountId()}`;\n }\n }\n return subjectString;\n}\n\n/**\n * Helper method to set, reset, or cancel timer to auto refresh tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n */\nfunction scheduleAutoRefresh(\n forceLoginAsUser: boolean,\n autoRefresh: boolean,\n state: State\n) {\n let timer = state.getAutoRefreshTimer();\n // clear existing timer\n if (timer) {\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: cancel existing timer`,\n state,\n });\n clearTimeout(timer);\n }\n // new timer\n if (autoRefresh) {\n const expires =\n state.getDeploymentType() === Constants.CLASSIC_DEPLOYMENT_TYPE_KEY\n ? state.getUserSessionTokenMeta()?.expires\n : state.getUseBearerTokenForAmApis()\n ? state.getBearerTokenMeta()?.expires\n : Math.min(\n state.getBearerTokenMeta()?.expires,\n state.getUserSessionTokenMeta()?.expires\n );\n let timeout = expires - Date.now() - 1000 * 25;\n if (timeout < 1000 * 30) {\n debugMessage({\n message: `Timeout below threshold of 30 seconds (${Math.ceil(\n timeout / 1000\n )}), resetting timeout to 10ms.`,\n state,\n });\n if (timeout < 10) timeout = 10;\n }\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: set new timer [${Math.floor(\n timeout / 1000\n )}s (${new Date(timeout).getMinutes()}m ${new Date(\n timeout\n ).getSeconds()}s)]`,\n state,\n });\n timer = setTimeout(getTokens, timeout, {\n forceLoginAsUser,\n autoRefresh,\n state,\n // Volker's Visual Studio Code doesn't want to have it any other way.\n }) as unknown as NodeJS.Timeout;\n state.setAutoRefreshTimer(timer);\n timer.unref();\n }\n}\n\n/**\n * Get tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\nexport async function getTokens({\n forceLoginAsUser = false,\n autoRefresh = true,\n state,\n}: {\n forceLoginAsUser?: boolean;\n autoRefresh?: boolean;\n state: State;\n}): Promise<boolean> {\n debugMessage({ message: `AuthenticateOps.getTokens: start`, state });\n if (!state.getHost()) {\n printMessage({\n message: `No host specified and FRODO_HOST env variable not set!`,\n type: 'error',\n state,\n });\n return false;\n }\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile({ state });\n if (conn) {\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n } else {\n return false;\n }\n }\n\n // if host is not a valid URL, try to locate a valid URL and deployment type from connections.json\n if (!isValidUrl(state.getHost())) {\n const conn = await getConnectionProfile({ state });\n if (conn) {\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n } else {\n return false;\n }\n }\n\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName(state));\n\n // use service account to login?\n if (\n !forceLoginAsUser &&\n state.getServiceAccountId() &&\n state.getServiceAccountJwk()\n ) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`,\n state,\n });\n try {\n const token = await getSaBearerToken({ state });\n state.setBearerTokenMeta(token);\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n } catch (saErr) {\n debugMessage({ message: saErr.response?.data || saErr, state });\n debugMessage({ message: state.getState(), state });\n throw new Error(\n `Service account login error: ${\n saErr.response?.data?.error_description ||\n saErr.response?.data?.message ||\n saErr\n }`\n );\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`,\n state,\n });\n const token = await getUserSessionToken(state);\n if (token) state.setUserSessionTokenMeta(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n if (\n state.getCookieValue() &&\n // !state.getBearerToken() &&\n (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY ||\n state.getDeploymentType() === Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getUserBearerToken(state);\n if (accessToken) state.setBearerTokenMeta(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n printMessage({\n message: `Incomplete or no credentials!`,\n type: 'error',\n state,\n });\n return false;\n }\n if (\n state.getCookieValue() ||\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n if (state.getBearerTokenMeta()?.from_cache) {\n verboseMessage({ message: `Using cached bearer token.`, state });\n }\n if (\n !state.getUseBearerTokenForAmApis() &&\n state.getUserSessionTokenMeta()?.from_cache\n ) {\n verboseMessage({ message: `Using cached session token.`, state });\n }\n printMessage({\n message: `Connected to ${state.getHost()} [${\n state.getRealm() ? state.getRealm() : 'root'\n }] as ${await getLoggedInSubject(state)}`,\n type: 'info',\n state,\n });\n scheduleAutoRefresh(forceLoginAsUser, autoRefresh, state);\n debugMessage({\n message: `AuthenticateOps.getTokens: end with tokens`,\n state,\n });\n return true;\n }\n } catch (error) {\n // regular error\n printMessage({ message: error.message, type: 'error', state });\n // axios error am api\n printMessage({\n message: error.response?.data?.message,\n type: 'error',\n state,\n });\n // axios error am oauth2 api\n printMessage({\n message: error.response?.data?.error_description,\n type: 'error',\n state,\n });\n // axios error data\n debugMessage({ message: error.response?.data, state });\n // stack trace\n debugMessage({ message: error.stack || new Error().stack, state });\n }\n debugMessage({\n message: `AuthenticateOps.getTokens: end without tokens`,\n state,\n });\n return false;\n}\n"],"mappings":"AAAA,SAASA,UAAU,EAAEC,WAAW,QAAQ,QAAQ;AAChD,OAAOC,YAAY,MAAM,eAAe;AACxC,OAAOC,GAAG,MAAM,KAAK;AACrB,SAASC,EAAE,QAAQ,MAAM;AAAC,SAEjBC,IAAI;AAAA,SACJC,aAAa,EAAEC,oBAAoB;AAAA,OACrCC,SAAS;AAAA,SAEPC,eAAe;AAAA,SACfC,YAAY,EAAEC,YAAY,EAAEC,cAAc;AAAA,SAC1CC,UAAU,EAAEC,QAAQ;AAAA,SACpBC,iBAAiB;AAAA,SACjBC,oBAAoB;AAAA,SACpBC,oBAAoB;AAAA,SAE3BC,WAAW,EAEXC,SAAS;AAAA,SAEFC,cAAc;AAAA,SAErBC,gBAAgB,EAChBC,kBAAkB,EAClBC,mBAAmB,EACnBC,iBAAiB,EACjBC,mBAAmB,EACnBC,oBAAoB,EACpBC,iBAAiB,EACjBC,mBAAmB,EACnBC,oBAAoB;AAiCtB,gBAAgBC,KAAY,IAAmB;EAC7C,OAAO;IACL,MAAMC,SAASA,CAACC,gBAAgB,GAAG,KAAK,EAAEC,WAAW,GAAG,IAAI,EAAE;MAC5D,OAAOF,SAAS,CAAC;QAAEC,gBAAgB;QAAEC,WAAW;QAAEH;MAAM,CAAC,CAAC;IAC5D,CAAC;IAED;IACA,MAAMI,+BAA+BA,CACnCC,IAAY,GAAGC,SAAS,EACxBC,KAAa,GAAGD,SAAS,EACD;MACxB,MAAM;QAAEE;MAAa,CAAC,GAAG,MAAMC,qBAAqB,CAAC;QACnDJ,IAAI;QACJE,KAAK;QACLP;MACF,CAAC,CAAC;MACF,OAAOQ,YAAY;IACrB;EACF,CAAC;AACH,CAAC;AAED,MAAME,mBAAmB,GAAG,eAAe;AAC3C,MAAMC,mBAAmB,GAAG,sCAAsC;AAElE,MAAMC,mBAAmB,GAAG,8BAA8B;AAC1D,MAAMC,sBAAsB,GAAG,iBAAiB;AAChD,MAAMC,oBAAoB,GAAG,+BAA+B;AAE5D,MAAMC,YAAY,GAAG,gBAAgB;AACrC,MAAMC,gBAAgB,GAAG,cAAc;AACvC,IAAIC,aAAa,GAAGF,YAAY;;AAEhC;AACA;AACA;AACA;AACA;AACA,eAAeG,mBAAmBA,CAAClB,KAAY,EAAE;EAC/C,MAAMmB,IAAI,GAAG,MAAM3C,aAAa,CAAC;IAAEwB;EAAM,CAAC,CAAC;EAC3CpB,YAAY,CAAC;IACXwC,OAAO,EAAG,mDAAkDD,IAAI,CAACE,UAAW,EAAC;IAC7ErB;EACF,CAAC,CAAC;EACF,OAAOmB,IAAI,CAACE,UAAU;AACxB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASC,iBAAiBA,CAACC,OAAO,EAAEvB,KAAY,EAAE;EAChDpB,YAAY,CAAC;IAAEwC,OAAO,EAAG,0CAAyC;IAAEpB;EAAM,CAAC,CAAC;EAC5E;EACA,IAAI,WAAW,IAAIuB,OAAO,EAAE;IAC1B,KAAK,MAAMC,QAAQ,IAAID,OAAO,CAACE,SAAS,EAAE;MACxC;MACA,IAAID,QAAQ,CAACE,IAAI,KAAK,mBAAmB,EAAE;QACzC9C,YAAY,CAAC;UACXwC,OAAO,EAAG,iFAAgF;UAC1FpB;QACF,CAAC,CAAC;QACF,IAAI2B,SAAS,GAAG,KAAK;QACrB,KAAK,MAAMC,KAAK,IAAIJ,QAAQ,CAACK,MAAM,CAAC,CAAC,CAAC,CAACD,KAAK,EAAE;UAC5ChD,YAAY,CAAC;YAAEwC,OAAO,EAAG,GAAEQ,KAAK,CAACE,QAAS,EAAC;YAAE9B;UAAM,CAAC,CAAC;UACrD,IAAI4B,KAAK,CAACE,QAAQ,KAAK,qBAAqB,EAAE;YAC5CH,SAAS,GAAG,IAAI;UAClB;QACF;QACA,IAAIA,SAAS,EAAE;UACb/C,YAAY,CAAC;YAAEwC,OAAO,EAAG,oBAAmB;YAAEpB;UAAM,CAAC,CAAC;UACtDwB,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,GAAG,qBAAqB;QACjD,CAAC,MAAM;UACLhD,YAAY,CAAC;YAAEwC,OAAO,EAAG,wBAAuB;YAAEpB;UAAM,CAAC,CAAC;QAC5D;MACF;MACA,IAAIwB,QAAQ,CAACE,IAAI,KAAK,qBAAqB,EAAE;QAC3C,IAAIF,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,CAACI,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC5C;UACAR,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,GAAG,MAAM;UAChC;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;QACF;QACA,IAAIJ,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,CAACI,QAAQ,CAAC,iBAAiB,CAAC,EAAE;UACvD;UACApD,YAAY,CAAC;YACXwC,OAAO,EAAG,qFAAoF;YAC9FpB;UACF,CAAC,CAAC;UACF,OAAO;YACLiC,QAAQ,EAAE,KAAK;YACfC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,UAAU;YAClBC,SAAS,EAAE,KAAK;YAChBb;UACF,CAAC;QACH;MACF;MACA,IAAIC,QAAQ,CAACE,IAAI,KAAK,cAAc,EAAE;QACpC,IAAIF,QAAQ,CAACK,MAAM,CAAC,CAAC,CAAC,CAACD,KAAK,CAACI,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC7C;UACApD,YAAY,CAAC;YACXwC,OAAO,EAAG,kEAAiE;YAC3EpB;UACF,CAAC,CAAC;UACFnB,YAAY,CAAC;YACXuC,OAAO,EAAE,8CAA8C;YACvDpB;UACF,CAAC,CAAC;UACF,MAAMqC,IAAI,GAAGjE,YAAY,CAACkE,QAAQ,CAAE,GAAEd,QAAQ,CAACK,MAAM,CAAC,CAAC,CAAC,CAACD,KAAM,IAAG,CAAC;UACnEJ,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,GAAGS,IAAI;UAC9BzD,YAAY,CAAC;YACXwC,OAAO,EAAG,qFAAoF;YAC9FpB;UACF,CAAC,CAAC;UACF,OAAO;YACLiC,QAAQ,EAAE,IAAI;YACdC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,MAAM;YACdC,SAAS,EAAE,IAAI;YACfb;UACF,CAAC;QACH,CAAC,MAAM;UACL;UACAC,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,GAAG5B,KAAK,CAACuC,WAAW,CAAC,CAAC;QAC/C;MACF;MACA,IAAIf,QAAQ,CAACE,IAAI,KAAK,kBAAkB,EAAE;QACxC;QACAF,QAAQ,CAACO,KAAK,CAAC,CAAC,CAAC,CAACH,KAAK,GAAG5B,KAAK,CAACwC,WAAW,CAAC,CAAC;MAC/C;IACF;IACA5D,YAAY,CAAC;MACXwC,OAAO,EAAG,wDAAuD;MACjEpB;IACF,CAAC,CAAC;IACF;IACA,OAAO;MACLiC,QAAQ,EAAE,IAAI;MACdC,OAAO,EAAE,KAAK;MACdC,MAAM,EAAE,MAAM;MACdC,SAAS,EAAE,IAAI;MACfb;IACF,CAAC;EACH;EACA3C,YAAY,CAAC;IACXwC,OAAO,EAAG,wDAAuD;IACjEpB;EACF,CAAC,CAAC;EACF;EACA,OAAO;IACLiC,QAAQ,EAAE,KAAK;IACfC,OAAO,EAAE,KAAK;IACdC,MAAM,EAAE,MAAM;IACdC,SAAS,EAAE,IAAI;IACfb;EACF,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA,SAASkB,qBAAqBA,CAACzC,KAAY,EAAE;EAC3C,IAAI,CAACA,KAAK,CAAC0C,QAAQ,CAAC,CAAC,IAAI1C,KAAK,CAAC0C,QAAQ,CAAC,CAAC,KAAKhE,SAAS,CAACiE,iBAAiB,EAAE;IACzE3C,KAAK,CAAC4C,QAAQ,CACZlE,SAAS,CAACmE,yBAAyB,CAAC7C,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,CAC/D,CAAC;EACH;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAeC,uBAAuBA,CAAC/C,KAAY,EAAmB;EACpE,MAAMgD,WAAW,GAAGhD,KAAK,CAACiD,cAAc,CAAC,CAAC;EAC1C,IAAIC,cAAc,GAAGlD,KAAK,CAAC8C,iBAAiB,CAAC,CAAC;EAE9C,QAAQI,cAAc;IACpB,KAAKxE,SAAS,CAACyE,yBAAyB;MACtC,OAAOD,cAAc;IAEvB,KAAKxE,SAAS,CAAC0E,4BAA4B;MACzCnC,aAAa,GAAGD,gBAAgB;MAChC,OAAOkC,cAAc;IAEvB,KAAKxE,SAAS,CAAC2E,2BAA2B;MACxC,OAAOH,cAAc;;IAEvB;IACA;MAAS;QACP;QACA,IAAIlD,KAAK,CAACsD,0BAA0B,CAAC,CAAC,EACpC,OAAO5E,SAAS,CAACyE,yBAAyB;QAE5C,MAAMI,QAAQ,GAAG5E,eAAe,CAACR,WAAW,CAAC,EAAE,CAAC,CAAC;QACjD,MAAMqF,SAAS,GAAG7E,eAAe,CAC/BT,UAAU,CAAC,QAAQ,CAAC,CAACuF,MAAM,CAACF,QAAQ,CAAC,CAACG,MAAM,CAAC,CAC/C,CAAC;QACD,MAAMC,eAAe,GAAG,MAAM;QAC9B,MAAMC,WAAW,GAAGvF,GAAG,CAACwF,OAAO,CAAC7D,KAAK,CAAC8D,OAAO,CAAC,CAAC,EAAEnD,mBAAmB,CAAC;QAErE,MAAMoD,MAAM,GAAG;UACbC,YAAY,EAAE,CAAC;UACfC,OAAO,EAAE;YACP,CAACjE,KAAK,CAACkE,aAAa,CAAC,CAAC,GAAGlE,KAAK,CAACiD,cAAc,CAAC;UAChD;QACF,CAAC;QACD,IAAIkB,YAAY,GAAI,gBAAeP,WAAY,UAAShD,mBAAoB,iCAAgCG,YAAa,SAAQiC,WAAY,kCAAiCQ,SAAU,0BAAyBG,eAAgB,EAAC;QAElOT,cAAc,GAAGxE,SAAS,CAAC2E,2BAA2B;QACtD,IAAI;UACF,MAAMhE,SAAS,CAAC;YACd+E,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;YAC1B3C,IAAI,EAAEgD,YAAY;YAClBJ,MAAM;YACN/D;UACF,CAAC,CAAC;QACJ,CAAC,CAAC,OAAOqE,CAAC,EAAE;UAAA,IAAAC,WAAA,EAAAC,mBAAA;UACV;UACA,IACE,EAAAD,WAAA,GAAAD,CAAC,CAACG,QAAQ,cAAAF,WAAA,uBAAVA,WAAA,CAAYG,MAAM,MAAK,GAAG,IAC1B,EAAAF,mBAAA,GAAAF,CAAC,CAACG,QAAQ,CAACP,OAAO,cAAAM,mBAAA,gBAAAA,mBAAA,GAAlBA,mBAAA,CAAoBG,QAAQ,cAAAH,mBAAA,uBAA5BA,mBAAA,CAA8BI,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACnD;YACA7F,cAAc,CAAC;cACbsC,OAAO,EAAG,0BAAyB,CAAC,YAAY,CAAC,GAAI,YAAW;cAChEpB;YACF,CAAC,CAAC;YACFkD,cAAc,GAAGxE,SAAS,CAACyE,yBAAyB;UACtD,CAAC,MAAM;YACL,IAAI;cACFgB,YAAY,GAAI,gBAAeP,WAAY,UAAS/C,sBAAuB,iCAAgCG,gBAAiB,SAAQhB,KAAK,CAACiD,cAAc,CAAC,CAAE,kCAAiCO,SAAU,0BAAyBG,eAAgB,EAAC;cAChP,MAAMtE,SAAS,CAAC;gBACd+E,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;gBAC1B3C,IAAI,EAAEgD,YAAY;gBAClBJ,MAAM;gBACN/D;cACF,CAAC,CAAC;YACJ,CAAC,CAAC,OAAO4E,EAAE,EAAE;cAAA,IAAAC,YAAA,EAAAC,oBAAA;cACX,IACE,EAAAD,YAAA,GAAAD,EAAE,CAACJ,QAAQ,cAAAK,YAAA,uBAAXA,YAAA,CAAaJ,MAAM,MAAK,GAAG,IAC3B,EAAAK,oBAAA,GAAAF,EAAE,CAACJ,QAAQ,CAACP,OAAO,cAAAa,oBAAA,gBAAAA,oBAAA,GAAnBA,oBAAA,CAAqBJ,QAAQ,cAAAI,oBAAA,uBAA7BA,oBAAA,CAA+BH,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACpD;gBACA1D,aAAa,GAAGD,gBAAgB;gBAChClC,cAAc,CAAC;kBACbsC,OAAO,EAAG,qBAAoB,CAAC,YAAY,CAAC,GAAI,YAAW;kBAC3DpB;gBACF,CAAC,CAAC;gBACFkD,cAAc,GAAGxE,SAAS,CAAC0E,4BAA4B;cACzD,CAAC,MAAM;gBACLtE,cAAc,CAAC;kBACbsC,OAAO,EAAG,oBAAmB,CAAC,YAAY,CAAC,GAAI,YAAW;kBAC1DpB;gBACF,CAAC,CAAC;cACJ;YACF;UACF;QACF;QACA,OAAOkD,cAAc;MACvB;EACF;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA,SAAS6B,kBAAkBA,CAACC,WAAW,EAAE;EACvC,IAAI,SAAS,IAAIA,WAAW,EAAE;IAC5B,MAAMC,aAAa,GAAGD,WAAW,CAACE,OAAO;IACzC,MAAMC,EAAE,GAAG,8BAA8B;IACzC,MAAMD,OAAO,GAAGD,aAAa,CAACG,KAAK,CAACD,EAAE,CAAC;IACvC,OAAOD,OAAO,CAAC,CAAC,CAAC;EACnB;EACA,MAAM,IAAIG,KAAK,CAAC,2DAA2D,CAAC;AAC9E;AAUA;AACA;AACA;AACA;AACA;AACA,eAAeC,wBAAwBA,CAAC;EACtCtF;AAGF,CAAC,EAAgC;EAC/BpB,YAAY,CAAC;IACXwC,OAAO,EAAG,iDAAgD;IAC1DpB;EACF,CAAC,CAAC;EACF,MAAM+D,MAAM,GAAG;IACbE,OAAO,EAAE;MACP,mBAAmB,EAAEjE,KAAK,CAACuC,WAAW,CAAC,CAAC;MACxC,mBAAmB,EAAEvC,KAAK,CAACwC,WAAW,CAAC;IACzC;EACF,CAAC;EACD,IAAIgC,QAAQ,GAAG,MAAMjG,IAAI,CAAC;IAAEgH,IAAI,EAAE,CAAC,CAAC;IAAExB,MAAM;IAAE/D;EAAM,CAAC,CAAC;EAEtD,IAAIwF,OAAO,GAAG,IAAI;EAClB,IAAIC,KAAK,GAAG,CAAC;EACb,MAAMC,QAAQ,GAAG,CAAC;EAClB,GAAG;IACDF,OAAO,GAAGlE,iBAAiB,CAACkD,QAAQ,EAAExE,KAAK,CAAC;;IAE5C;IACA,IAAI,CAACwF,OAAO,CAACpD,SAAS,EAAE;MACtB,MAAM,IAAIiD,KAAK,CAAE,2BAA0BG,OAAO,CAACrD,MAAO,EAAC,CAAC;IAC9D;IAEA,IAAIqD,OAAO,CAACvD,QAAQ,EAAE;MACpBwD,KAAK,EAAE;MACPjB,QAAQ,GAAG,MAAMjG,IAAI,CAAC;QAAEgH,IAAI,EAAEC,OAAO,CAACjE,OAAO;QAAEvB;MAAM,CAAC,CAAC;IACzD;IAEA,IAAI,SAAS,IAAIwE,QAAQ,EAAE;MACzBA,QAAQ,CAAC,YAAY,CAAC,GAAG,KAAK;MAC9B;MACA,MAAMmB,WAAW,GAAG,MAAMrG,cAAc,CAAC;QACvCsG,OAAO,EAAEpB,QAAQ,CAAC,SAAS,CAAC;QAC5BxE;MACF,CAAC,CAAC;MACFwE,QAAQ,CAAC,SAAS,CAAC,GAAGqB,IAAI,CAACC,KAAK,CAACH,WAAW,CAACI,qBAAqB,CAAC;MACnEnH,YAAY,CAAC;QACXwC,OAAO,EAAG,0DAAyDoD,QAAQ,CAAC,SAAS,CAAE,GAAE;QACzFxE;MACF,CAAC,CAAC;MACFpB,YAAY,CAAC;QACXwC,OAAO,EAAEoD,QAAQ;QACjBxE;MACF,CAAC,CAAC;MACF,OAAOwE,QAAQ;IACjB;EACF,CAAC,QAAQgB,OAAO,CAACvD,QAAQ,IAAIwD,KAAK,GAAGC,QAAQ;EAC7C9G,YAAY,CAAC;IACXwC,OAAO,EAAG,4DAA2D;IACrEpB;EACF,CAAC,CAAC;EACF,OAAO,IAAI;AACb;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAegG,mBAAmBA,CAAChG,KAAY,EAAgC;EAC7EpB,YAAY,CAAC;IACXwC,OAAO,EAAG,4CAA2C;IACrDpB;EACF,CAAC,CAAC;EACF,IAAIiG,KAA0B,GAAG,IAAI;EACrC,IAAIjG,KAAK,CAACkG,gBAAgB,CAAC,CAAC,KAAK,MAAMzG,mBAAmB,CAAC;IAAEO;EAAM,CAAC,CAAC,CAAC,EAAE;IACtE,IAAI;MACFiG,KAAK,GAAG,MAAMrG,oBAAoB,CAAC;QAAEI;MAAM,CAAC,CAAC;MAC7CiG,KAAK,CAACE,UAAU,GAAG,IAAI;MACvBvH,YAAY,CAAC;QACXwC,OAAO,EAAG,6CAA4C;QACtDpB;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOoG,KAAK,EAAE;MACdxH,YAAY,CAAC;QACXwC,OAAO,EAAG,wDAAuD;QACjEpB;MACF,CAAC,CAAC;IACJ;EACF;EACA,IAAI,CAACiG,KAAK,EAAE;IACVA,KAAK,GAAG,MAAMX,wBAAwB,CAAC;MAAEtF;IAAM,CAAC,CAAC;IACjDiG,KAAK,CAACE,UAAU,GAAG,KAAK;IACxBvH,YAAY,CAAC;MACXwC,OAAO,EAAG,4CAA2C;MACrDpB;IACF,CAAC,CAAC;EACJ;EACA,IAAIA,KAAK,CAACkG,gBAAgB,CAAC,CAAC,EAAE;IAC5B,MAAMnG,oBAAoB,CAAC;MAAEkG,KAAK;MAAEjG;IAAM,CAAC,CAAC;EAC9C;EACApB,YAAY,CAAC;IACXwC,OAAO,EAAG,0CAAyC;IACnDpB;EACF,CAAC,CAAC;EACF,OAAOiG,KAAK;AACd;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeI,WAAWA,CACxBzC,WAAmB,EACnB0C,aAAqB,EACrBC,mBAA2B,EAC3BvG,KAAY,EACZ;EACA,IAAI;IAAA,IAAAwG,iBAAA;IACF,MAAMrC,YAAY,GAAI,gBAAeP,WAAY,UAC/C5D,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,KAAKpE,SAAS,CAACyE,yBAAyB,GAC7DvC,mBAAmB,GACnBC,sBACL,iCAAgCI,aAAc,SAAQjB,KAAK,CAACiD,cAAc,CAAC,CAAE,kCAAiCqD,aAAc,0BAAyBC,mBAAoB,EAAC;IAC3K,MAAMxC,MAAM,GAAG;MACbE,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDD,YAAY,EAAE;IAChB,CAAC;IACD,IAAIQ,QAAQ,GAAGlE,SAAS;IACxB,IAAI;MACFkE,QAAQ,GAAG,MAAMnF,SAAS,CAAC;QACzB+E,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;QAC1B3C,IAAI,EAAEgD,YAAY;QAClBJ,MAAM;QACN/D;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOoG,KAAK,EAAE;MACd5B,QAAQ,GAAG4B,KAAK,CAAC5B,QAAQ;MACzB,IAAIA,QAAQ,CAACC,MAAM,GAAG,GAAG,IAAID,QAAQ,CAACC,MAAM,GAAG,GAAG,EAAE;QAClD5F,YAAY,CAAC;UACXuC,OAAO,EAAE,yBAAyB;UAClCM,IAAI,EAAE,OAAO;UACb1B;QACF,CAAC,CAAC;QACFnB,YAAY,CAAC;UACXuC,OAAO,EAAEoD,QAAQ,CAACrD,IAAI;UACtBO,IAAI,EAAE,OAAO;UACb1B;QACF,CAAC,CAAC;QACF,OAAO,IAAI;MACb;IACF;IACA,MAAMyG,mBAAmB,IAAAD,iBAAA,GAAGhC,QAAQ,CAACP,OAAO,cAAAuC,iBAAA,uBAAhBA,iBAAA,CAAkB9B,QAAQ;IACtD,MAAMgC,WAAW,GAAGrI,GAAG,CAACyH,KAAK,CAACW,mBAAmB,EAAE,IAAI,CAAC,CAACE,KAAK;IAC9D,IAAI,MAAM,IAAID,WAAW,EAAE;MACzB,OAAOA,WAAW,CAACrE,IAAI;IACzB;IACAxD,YAAY,CAAC;MAAEuC,OAAO,EAAE,qBAAqB;MAAEM,IAAI,EAAE,OAAO;MAAE1B;IAAM,CAAC,CAAC;IACtE,OAAO,IAAI;EACb,CAAC,CAAC,OAAOoG,KAAK,EAAE;IAAA,IAAAQ,eAAA;IACd/H,YAAY,CAAC;MACXuC,OAAO,EAAG,6BAA4BgF,KAAK,CAAChF,OAAQ,EAAC;MACrDM,IAAI,EAAE,OAAO;MACb1B;IACF,CAAC,CAAC;IACFnB,YAAY,CAAC;MAAEuC,OAAO,GAAAwF,eAAA,GAAER,KAAK,CAAC5B,QAAQ,cAAAoC,eAAA,uBAAdA,eAAA,CAAgBzF,IAAI;MAAEO,IAAI,EAAE,OAAO;MAAE1B;IAAM,CAAC,CAAC;IACrEpB,YAAY,CAAC;MAAEwC,OAAO,EAAEgF,KAAK,CAACS,KAAK;MAAE7G;IAAM,CAAC,CAAC;IAC7C,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAe8G,uBAAuBA,CAAC;EACrC9G;AAGF,CAAC,EAAgC;EAC/BpB,YAAY,CAAC;IACXwC,OAAO,EAAG,8CAA6C;IACvDpB;EACF,CAAC,CAAC;EACF,IAAI;IACF,MAAMuD,QAAQ,GAAG5E,eAAe,CAACR,WAAW,CAAC,EAAE,CAAC,CAAC;IACjD,MAAMqF,SAAS,GAAG7E,eAAe,CAC/BT,UAAU,CAAC,QAAQ,CAAC,CAACuF,MAAM,CAACF,QAAQ,CAAC,CAACG,MAAM,CAAC,CAC/C,CAAC;IACD,MAAMC,eAAe,GAAG,MAAM;IAC9B,MAAMC,WAAW,GAAGvF,GAAG,CAACwF,OAAO,CAAC7D,KAAK,CAAC8D,OAAO,CAAC,CAAC,EAAEnD,mBAAmB,CAAC;IACrE,MAAMoG,QAAQ,GAAG,MAAMV,WAAW,CAChCzC,WAAW,EACXJ,SAAS,EACTG,eAAe,EACf3D,KACF,CAAC;IACD,IAAI+G,QAAQ,IAAI,IAAI,EAAE;MACpBlI,YAAY,CAAC;QACXuC,OAAO,EAAE,yBAAyB;QAClCM,IAAI,EAAE,OAAO;QACb1B;MACF,CAAC,CAAC;MACF,OAAO,IAAI;IACb;IACA,IAAIwE,QAA6B,GAAG,IAAI;IACxC,IAAIxE,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,KAAKpE,SAAS,CAACyE,yBAAyB,EAAE;MACrE,MAAMY,MAAM,GAAG;QACbiD,IAAI,EAAE;UACJC,QAAQ,EAAEhG,aAAa;UACvBiG,QAAQ,EAAExG;QACZ;MACF,CAAC;MACD,MAAMyD,YAAY,GAAI,gBAAeP,WAAY,uCAAsCmD,QAAS,kBAAiBxD,QAAS,EAAC;MAC3HiB,QAAQ,GAAG,MAAMpF,WAAW,CAAC;QAC3BgF,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;QAC1B3C,IAAI,EAAEgD,YAAY;QAClBJ,MAAM;QACN/D;MACF,CAAC,CAAC;IACJ,CAAC,MAAM;MACL,MAAMmE,YAAY,GAAI,aAAYlD,aAAc,iBAAgB2C,WAAY,uCAAsCmD,QAAS,kBAAiBxD,QAAS,EAAC;MACtJiB,QAAQ,GAAG,MAAMpF,WAAW,CAAC;QAC3BgF,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;QAC1B3C,IAAI,EAAEgD,YAAY;QAClBJ,MAAM,EAAE,CAAC,CAAC;QACV/D;MACF,CAAC,CAAC;IACJ;IACA,IAAI,cAAc,IAAIwE,QAAQ,EAAE;MAC9B5F,YAAY,CAAC;QACXwC,OAAO,EAAG,uDAAsD;QAChEpB;MACF,CAAC,CAAC;MACF,OAAOwE,QAAQ;IACjB;IACA3F,YAAY,CAAC;MACXuC,OAAO,EAAE,8BAA8B;MACvCM,IAAI,EAAE,OAAO;MACb1B;IACF,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOoG,KAAK,EAAE;IAAA,IAAAe,gBAAA;IACdvI,YAAY,CAAC;MACXwC,OAAO,EAAG,wCAAuCgF,KAAM,EAAC;MACxDpG;IACF,CAAC,CAAC;IACFpB,YAAY,CAAC;MAAEwC,OAAO,GAAA+F,gBAAA,GAAEf,KAAK,CAAC5B,QAAQ,cAAA2C,gBAAA,uBAAdA,gBAAA,CAAgBhG,IAAI;MAAEnB;IAAM,CAAC,CAAC;EACxD;EACApB,YAAY,CAAC;IACXwC,OAAO,EAAG,0DAAyD;IACnEpB;EACF,CAAC,CAAC;EACF,OAAO,IAAI;AACb;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAeoH,kBAAkBA,CAACpH,KAAY,EAAgC;EAC5EpB,YAAY,CAAC;IACXwC,OAAO,EAAG,2CAA0C;IACpDpB;EACF,CAAC,CAAC;EACF,IAAIiG,KAA0B,GAAG,IAAI;EACrC,IAAIjG,KAAK,CAACkG,gBAAgB,CAAC,CAAC,KAAK,MAAM1G,kBAAkB,CAAC;IAAEQ;EAAM,CAAC,CAAC,CAAC,EAAE;IACrE,IAAI;MACFiG,KAAK,GAAG,MAAMtG,mBAAmB,CAAC;QAAEK;MAAM,CAAC,CAAC;MAC5CiG,KAAK,CAACE,UAAU,GAAG,IAAI;MACvBvH,YAAY,CAAC;QACXwC,OAAO,EAAG,kDAAiD;QAC3DpB;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOoG,KAAK,EAAE;MACdxH,YAAY,CAAC;QACXwC,OAAO,EAAG,6DAA4D;QACtEpB;MACF,CAAC,CAAC;IACJ;EACF;EACA,IAAI,CAACiG,KAAK,EAAE;IACVA,KAAK,GAAG,MAAMa,uBAAuB,CAAC;MAAE9G;IAAM,CAAC,CAAC;IAChDiG,KAAK,CAACE,UAAU,GAAG,KAAK;IACxBvH,YAAY,CAAC;MACXwC,OAAO,EAAG,iDAAgD;MAC1DpB;IACF,CAAC,CAAC;EACJ;EACA,IAAIA,KAAK,CAACkG,gBAAgB,CAAC,CAAC,EAAE;IAC5B,MAAMpG,mBAAmB,CAAC;MAAEmG,KAAK;MAAEjG;IAAM,CAAC,CAAC;EAC7C;EACA,OAAOiG,KAAK;AACd;AAEA,SAASoB,aAAaA,CAACC,gBAAwB,EAAEC,IAAY,EAAE;EAC7D,MAAMC,CAAC,GAAGxI,QAAQ,CAACuI,IAAI,CAAC;EACxB,MAAME,GAAG,GAAI,GAAED,CAAC,CAACE,MAAO,IACtBF,CAAC,CAACG,IAAI,GAAGH,CAAC,CAACG,IAAI,GAAGH,CAAC,CAACI,QAAQ,KAAK,OAAO,GAAG,KAAK,GAAG,IACpD,GAAEJ,CAAC,CAACK,QAAS,sBAAqB;;EAEnC;EACA,MAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAAC,IAAInC,IAAI,CAAC,CAAC,CAACoC,OAAO,CAAC,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC;;EAEzD;EACA,MAAMC,GAAG,GAAG5J,EAAE,CAAC,CAAC;EAEhB,MAAM6J,GAAG,GAAGb,gBAAgB;EAC5B,MAAMc,GAAG,GAAGd,gBAAgB;;EAE5B;EACA,MAAM/F,OAAO,GAAG;IAAE4G,GAAG;IAAEC,GAAG;IAAEX,GAAG;IAAEK,GAAG;IAAEI;EAAI,CAAC;EAE3C,OAAO3G,OAAO;AAChB;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAed,qBAAqBA,CAAC;EAC1CJ,IAAI,GAAGC,SAAS;EAChBC,KAAK,GAAGD,SAAS;EACjBN;AAKF,CAAC,EAAgC;EAC/BpB,YAAY,CAAC;IACXwC,OAAO,EAAG,8CAA6C;IACvDpB;EACF,CAAC,CAAC;EACFK,IAAI,GAAGA,IAAI,GAAGA,IAAI,GAAGL,KAAK,CAACqI,mBAAmB,CAAC,CAAC;EAChD9H,KAAK,GAAGA,KAAK,GAAGA,KAAK,GAAGP,KAAK,CAACsI,oBAAoB,CAAC,CAAC;EACpD,MAAM/G,OAAO,GAAG8F,aAAa,CAAChH,IAAI,EAAEL,KAAK,CAAC8D,OAAO,CAAC,CAAC,CAAC;EACpD,MAAMyE,GAAG,GAAG,MAAMpJ,oBAAoB,CAACoC,OAAO,EAAEhB,KAAK,CAAC;EACtD,MAAM4D,YAAY,GAAI,aAAYoE,GAAI,2FAA0FzH,oBAAqB,EAAC;EACtJ,MAAM0D,QAAQ,GAAG,MAAMpF,WAAW,CAAC;IACjCgF,SAAS,EAAEpE,KAAK,CAAC8D,OAAO,CAAC,CAAC;IAC1B3C,IAAI,EAAEgD,YAAY;IAClBJ,MAAM,EAAE,CAAC,CAAC;IACV/D;EACF,CAAC,CAAC;EACF,IAAI,cAAc,IAAIwE,QAAQ,EAAE;IAC9B5F,YAAY,CAAC;MACXwC,OAAO,EAAG,4CAA2C;MACrDpB;IACF,CAAC,CAAC;IACF,OAAOwE,QAAQ;EACjB;EACA5F,YAAY,CAAC;IACXwC,OAAO,EAAG,0EAAyE;IACnFpB;EACF,CAAC,CAAC;EACF,OAAO,IAAI;AACb;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAewI,gBAAgBA,CAAC;EACrCxI;AAGF,CAAC,EAAgC;EAC/BpB,YAAY,CAAC;IACXwC,OAAO,EAAG,yCAAwC;IAClDpB;EACF,CAAC,CAAC;EACF,IAAIiG,KAA0B,GAAG,IAAI;EACrC,IAAIjG,KAAK,CAACkG,gBAAgB,CAAC,CAAC,KAAK,MAAM3G,gBAAgB,CAAC;IAAES;EAAM,CAAC,CAAC,CAAC,EAAE;IACnE,IAAI;MACFiG,KAAK,GAAG,MAAMvG,iBAAiB,CAAC;QAAEM;MAAM,CAAC,CAAC;MAC1CiG,KAAK,CAACE,UAAU,GAAG,IAAI;MACvBvH,YAAY,CAAC;QACXwC,OAAO,EAAG,gDAA+C;QACzDpB;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOoG,KAAK,EAAE;MACdxH,YAAY,CAAC;QACXwC,OAAO,EAAG,2DAA0D;QACpEpB;MACF,CAAC,CAAC;IACJ;EACF;EACA,IAAI,CAACiG,KAAK,EAAE;IACVA,KAAK,GAAG,MAAMxF,qBAAqB,CAAC;MAAET;IAAM,CAAC,CAAC;IAC9CiG,KAAK,CAACE,UAAU,GAAG,KAAK;IACxBvH,YAAY,CAAC;MACXwC,OAAO,EAAG,+CAA8C;MACxDpB;IACF,CAAC,CAAC;EACJ;EACA,IAAIA,KAAK,CAACkG,gBAAgB,CAAC,CAAC,EAAE;IAC5B,MAAMrG,iBAAiB,CAAC;MAAEoG,KAAK;MAAEjG;IAAM,CAAC,CAAC;EAC3C;EACA,OAAOiG,KAAK;AACd;;AAEA;AACA;AACA;AACA;AACA,eAAewC,gDAAgDA,CAC7DzI,KAAY,EACG;EACfpB,YAAY,CAAC;IACXwC,OAAO,EAAG,yEAAwE;IAClFpB;EACF,CAAC,CAAC;EACFA,KAAK,CAAC0I,iBAAiB,CAAC,MAAM3F,uBAAuB,CAAC/C,KAAK,CAAC,CAAC;EAC7DyC,qBAAqB,CAACzC,KAAK,CAAC;EAC5BpB,YAAY,CAAC;IACXwC,OAAO,EAAG,2EAA0EpB,KAAK,CAAC0C,QAAQ,CAAC,CAAE,UAAS1C,KAAK,CAAC8C,iBAAiB,CAAC,CAAE,EAAC;IACzI9C;EACF,CAAC,CAAC;EAEF,MAAMgF,WAAW,GAAG,MAAMvG,oBAAoB,CAAC;IAAEuB;EAAM,CAAC,CAAC;;EAEzD;EACApB,YAAY,CAAC;IAAEwC,OAAO,EAAG,iBAAgB4D,WAAW,CAAC2D,WAAY,EAAC;IAAE3I;EAAM,CAAC,CAAC;EAE5E,MAAMkF,OAAO,GAAG,MAAMH,kBAAkB,CAACC,WAAW,CAAC;EACrDhF,KAAK,CAAC4I,YAAY,CAAC1D,OAAO,CAAC;EAC3BtG,YAAY,CAAC;IACXwC,OAAO,EAAG,uEAAsE;IAChFpB;EACF,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAe6I,kBAAkBA,CAAC7I,KAAY,EAAmB;EAC/D,IAAI8I,aAAa,GAAI,QAAO9I,KAAK,CAACuC,WAAW,CAAC,CAAE,EAAC;EACjD,IAAIvC,KAAK,CAACsD,0BAA0B,CAAC,CAAC,EAAE;IACtC,IAAI;MACF,MAAMyF,IAAI,GAAG,CACX,MAAM9J,iBAAiB,CAAC;QACtBqI,gBAAgB,EAAEtH,KAAK,CAACqI,mBAAmB,CAAC,CAAC;QAC7CrI;MACF,CAAC,CAAC,EACF+I,IAAI;MACND,aAAa,GAAI,mBAAkBC,IAAK,KAAI/I,KAAK,CAACqI,mBAAmB,CAAC,CAAE,GAAE;IAC5E,CAAC,CAAC,OAAOjC,KAAK,EAAE;MACd0C,aAAa,GAAI,mBAAkB9I,KAAK,CAACqI,mBAAmB,CAAC,CAAE,EAAC;IAClE;EACF;EACA,OAAOS,aAAa;AACtB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASE,mBAAmBA,CAC1B9I,gBAAyB,EACzBC,WAAoB,EACpBH,KAAY,EACZ;EACA,IAAIiJ,KAAK,GAAGjJ,KAAK,CAACkJ,mBAAmB,CAAC,CAAC;EACvC;EACA,IAAID,KAAK,EAAE;IACTrK,YAAY,CAAC;MACXwC,OAAO,EAAG,4DAA2D;MACrEpB;IACF,CAAC,CAAC;IACFmJ,YAAY,CAACF,KAAK,CAAC;EACrB;EACA;EACA,IAAI9I,WAAW,EAAE;IAAA,IAAAiJ,qBAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,sBAAA;IACf,MAAMC,OAAO,GACXxJ,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,KAAKpE,SAAS,CAAC2E,2BAA2B,IAAA+F,qBAAA,GAC/DpJ,KAAK,CAACyJ,uBAAuB,CAAC,CAAC,cAAAL,qBAAA,uBAA/BA,qBAAA,CAAiCI,OAAO,GACxCxJ,KAAK,CAACsD,0BAA0B,CAAC,CAAC,IAAA+F,qBAAA,GAChCrJ,KAAK,CAAC0J,kBAAkB,CAAC,CAAC,cAAAL,qBAAA,uBAA1BA,qBAAA,CAA4BG,OAAO,GACnCzB,IAAI,CAAC4B,GAAG,EAAAL,sBAAA,GACNtJ,KAAK,CAAC0J,kBAAkB,CAAC,CAAC,cAAAJ,sBAAA,uBAA1BA,sBAAA,CAA4BE,OAAO,GAAAD,sBAAA,GACnCvJ,KAAK,CAACyJ,uBAAuB,CAAC,CAAC,cAAAF,sBAAA,uBAA/BA,sBAAA,CAAiCC,OACnC,CAAC;IACT,IAAII,OAAO,GAAGJ,OAAO,GAAG3D,IAAI,CAACgE,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE;IAC9C,IAAID,OAAO,GAAG,IAAI,GAAG,EAAE,EAAE;MACvBhL,YAAY,CAAC;QACXwC,OAAO,EAAG,0CAAyC2G,IAAI,CAAC+B,IAAI,CAC1DF,OAAO,GAAG,IACZ,CAAE,+BAA8B;QAChC5J;MACF,CAAC,CAAC;MACF,IAAI4J,OAAO,GAAG,EAAE,EAAEA,OAAO,GAAG,EAAE;IAChC;IACAhL,YAAY,CAAC;MACXwC,OAAO,EAAG,uDAAsD2G,IAAI,CAACC,KAAK,CACxE4B,OAAO,GAAG,IACZ,CAAE,MAAK,IAAI/D,IAAI,CAAC+D,OAAO,CAAC,CAACG,UAAU,CAAC,CAAE,KAAI,IAAIlE,IAAI,CAChD+D,OACF,CAAC,CAACI,UAAU,CAAC,CAAE,KAAI;MACnBhK;IACF,CAAC,CAAC;IACFiJ,KAAK,GAAGgB,UAAU,CAAChK,SAAS,EAAE2J,OAAO,EAAE;MACrC1J,gBAAgB;MAChBC,WAAW;MACXH;MACA;IACF,CAAC,CAA8B;IAC/BA,KAAK,CAACkK,mBAAmB,CAACjB,KAAK,CAAC;IAChCA,KAAK,CAACkB,KAAK,CAAC,CAAC;EACf;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAelK,SAASA,CAAC;EAC9BC,gBAAgB,GAAG,KAAK;EACxBC,WAAW,GAAG,IAAI;EAClBH;AAKF,CAAC,EAAoB;EACnBpB,YAAY,CAAC;IAAEwC,OAAO,EAAG,kCAAiC;IAAEpB;EAAM,CAAC,CAAC;EACpE,IAAI,CAACA,KAAK,CAAC8D,OAAO,CAAC,CAAC,EAAE;IACpBjF,YAAY,CAAC;MACXuC,OAAO,EAAG,wDAAuD;MACjEM,IAAI,EAAE,OAAO;MACb1B;IACF,CAAC,CAAC;IACF,OAAO,KAAK;EACd;EACA,IAAI;IACF;IACA,IACEA,KAAK,CAACuC,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3BvC,KAAK,CAACwC,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3B,CAACxC,KAAK,CAACqI,mBAAmB,CAAC,CAAC,IAC5B,CAACrI,KAAK,CAACsI,oBAAoB,CAAC,CAAC,EAC7B;MACA,MAAM8B,IAAI,GAAG,MAAMlL,oBAAoB,CAAC;QAAEc;MAAM,CAAC,CAAC;MAClD,IAAIoK,IAAI,EAAE;QACRpK,KAAK,CAACqK,OAAO,CAACD,IAAI,CAACE,MAAM,CAAC;QAC1BtK,KAAK,CAAC0I,iBAAiB,CAAC0B,IAAI,CAAClH,cAAc,CAAC;QAC5ClD,KAAK,CAACuK,WAAW,CAACH,IAAI,CAACnD,QAAQ,CAAC;QAChCjH,KAAK,CAACwK,WAAW,CAACJ,IAAI,CAAClD,QAAQ,CAAC;QAChClH,KAAK,CAACyK,wBAAwB,CAACL,IAAI,CAACM,qBAAqB,CAAC;QAC1D1K,KAAK,CAAC2K,gCAAgC,CACpCP,IAAI,CAACQ,6BACP,CAAC;QACD5K,KAAK,CAAC6K,mBAAmB,CAACT,IAAI,CAACU,SAAS,CAAC;QACzC9K,KAAK,CAAC+K,oBAAoB,CAACX,IAAI,CAACY,UAAU,CAAC;MAC7C,CAAC,MAAM;QACL,OAAO,KAAK;MACd;IACF;;IAEA;IACA,IAAI,CAACjM,UAAU,CAACiB,KAAK,CAAC8D,OAAO,CAAC,CAAC,CAAC,EAAE;MAChC,MAAMsG,IAAI,GAAG,MAAMlL,oBAAoB,CAAC;QAAEc;MAAM,CAAC,CAAC;MAClD,IAAIoK,IAAI,EAAE;QACRpK,KAAK,CAACqK,OAAO,CAACD,IAAI,CAACE,MAAM,CAAC;QAC1BtK,KAAK,CAAC0I,iBAAiB,CAAC0B,IAAI,CAAClH,cAAc,CAAC;MAC9C,CAAC,MAAM;QACL,OAAO,KAAK;MACd;IACF;;IAEA;IACAlD,KAAK,CAACiL,aAAa,CAAC,MAAM/J,mBAAmB,CAAClB,KAAK,CAAC,CAAC;;IAErD;IACA,IACE,CAACE,gBAAgB,IACjBF,KAAK,CAACqI,mBAAmB,CAAC,CAAC,IAC3BrI,KAAK,CAACsI,oBAAoB,CAAC,CAAC,EAC5B;MACA1J,YAAY,CAAC;QACXwC,OAAO,EAAG,kEAAiEpB,KAAK,CAACqI,mBAAmB,CAAC,CAAE,EAAC;QACxGrI;MACF,CAAC,CAAC;MACF,IAAI;QACF,MAAMiG,KAAK,GAAG,MAAMuC,gBAAgB,CAAC;UAAExI;QAAM,CAAC,CAAC;QAC/CA,KAAK,CAACkL,kBAAkB,CAACjF,KAAK,CAAC;QAC/BjG,KAAK,CAACmL,0BAA0B,CAAC,IAAI,CAAC;QACtC,MAAM1C,gDAAgD,CAACzI,KAAK,CAAC;MAC/D,CAAC,CAAC,OAAOoL,KAAK,EAAE;QAAA,IAAAC,eAAA,EAAAC,gBAAA,EAAAC,gBAAA;QACd3M,YAAY,CAAC;UAAEwC,OAAO,EAAE,EAAAiK,eAAA,GAAAD,KAAK,CAAC5G,QAAQ,cAAA6G,eAAA,uBAAdA,eAAA,CAAgBlK,IAAI,KAAIiK,KAAK;UAAEpL;QAAM,CAAC,CAAC;QAC/DpB,YAAY,CAAC;UAAEwC,OAAO,EAAEpB,KAAK,CAACwL,QAAQ,CAAC,CAAC;UAAExL;QAAM,CAAC,CAAC;QAClD,MAAM,IAAIqF,KAAK,CACZ,gCACC,EAAAiG,gBAAA,GAAAF,KAAK,CAAC5G,QAAQ,cAAA8G,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgBnK,IAAI,cAAAmK,gBAAA,uBAApBA,gBAAA,CAAsBG,iBAAiB,OAAAF,gBAAA,GACvCH,KAAK,CAAC5G,QAAQ,cAAA+G,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgBpK,IAAI,cAAAoK,gBAAA,uBAApBA,gBAAA,CAAsBnK,OAAO,KAC7BgK,KACD,EACH,CAAC;MACH;IACF;IACA;IAAA,KACK,IAAIpL,KAAK,CAACuC,WAAW,CAAC,CAAC,IAAIvC,KAAK,CAACwC,WAAW,CAAC,CAAC,EAAE;MACnD5D,YAAY,CAAC;QACXwC,OAAO,EAAG,+DAA8DpB,KAAK,CAACuC,WAAW,CAAC,CAAE,EAAC;QAC7FvC;MACF,CAAC,CAAC;MACF,MAAMiG,KAAK,GAAG,MAAMD,mBAAmB,CAAChG,KAAK,CAAC;MAC9C,IAAIiG,KAAK,EAAEjG,KAAK,CAAC0L,uBAAuB,CAACzF,KAAK,CAAC;MAC/C,MAAMwC,gDAAgD,CAACzI,KAAK,CAAC;MAC7D,IACEA,KAAK,CAACiD,cAAc,CAAC,CAAC;MACtB;MACCjD,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,KAAKpE,SAAS,CAACyE,yBAAyB,IAChEnD,KAAK,CAAC8C,iBAAiB,CAAC,CAAC,KAAKpE,SAAS,CAAC0E,4BAA4B,CAAC,EACvE;QACA,MAAMhE,WAAW,GAAG,MAAMgI,kBAAkB,CAACpH,KAAK,CAAC;QACnD,IAAIZ,WAAW,EAAEY,KAAK,CAACkL,kBAAkB,CAAC9L,WAAW,CAAC;MACxD;IACF;IACA;IAAA,KACK;MACHP,YAAY,CAAC;QACXuC,OAAO,EAAG,+BAA8B;QACxCM,IAAI,EAAE,OAAO;QACb1B;MACF,CAAC,CAAC;MACF,OAAO,KAAK;IACd;IACA,IACEA,KAAK,CAACiD,cAAc,CAAC,CAAC,IACrBjD,KAAK,CAACsD,0BAA0B,CAAC,CAAC,IAAItD,KAAK,CAAC2L,cAAc,CAAC,CAAE,EAC9D;MAAA,IAAAC,sBAAA,EAAAC,sBAAA;MACA,KAAAD,sBAAA,GAAI5L,KAAK,CAAC0J,kBAAkB,CAAC,CAAC,cAAAkC,sBAAA,eAA1BA,sBAAA,CAA4BzF,UAAU,EAAE;QAC1CrH,cAAc,CAAC;UAAEsC,OAAO,EAAG,4BAA2B;UAAEpB;QAAM,CAAC,CAAC;MAClE;MACA,IACE,CAACA,KAAK,CAACsD,0BAA0B,CAAC,CAAC,KAAAuI,sBAAA,GACnC7L,KAAK,CAACyJ,uBAAuB,CAAC,CAAC,cAAAoC,sBAAA,eAA/BA,sBAAA,CAAiC1F,UAAU,EAC3C;QACArH,cAAc,CAAC;UAAEsC,OAAO,EAAG,6BAA4B;UAAEpB;QAAM,CAAC,CAAC;MACnE;MACAnB,YAAY,CAAC;QACXuC,OAAO,EAAG,gBAAepB,KAAK,CAAC8D,OAAO,CAAC,CAAE,KACvC9D,KAAK,CAAC0C,QAAQ,CAAC,CAAC,GAAG1C,KAAK,CAAC0C,QAAQ,CAAC,CAAC,GAAG,MACvC,QAAO,MAAMmG,kBAAkB,CAAC7I,KAAK,CAAE,EAAC;QACzC0B,IAAI,EAAE,MAAM;QACZ1B;MACF,CAAC,CAAC;MACFgJ,mBAAmB,CAAC9I,gBAAgB,EAAEC,WAAW,EAAEH,KAAK,CAAC;MACzDpB,YAAY,CAAC;QACXwC,OAAO,EAAG,4CAA2C;QACrDpB;MACF,CAAC,CAAC;MACF,OAAO,IAAI;IACb;EACF,CAAC,CAAC,OAAOoG,KAAK,EAAE;IAAA,IAAA0F,gBAAA,EAAAC,gBAAA,EAAAC,gBAAA;IACd;IACAnN,YAAY,CAAC;MAAEuC,OAAO,EAAEgF,KAAK,CAAChF,OAAO;MAAEM,IAAI,EAAE,OAAO;MAAE1B;IAAM,CAAC,CAAC;IAC9D;IACAnB,YAAY,CAAC;MACXuC,OAAO,GAAA0K,gBAAA,GAAE1F,KAAK,CAAC5B,QAAQ,cAAAsH,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgB3K,IAAI,cAAA2K,gBAAA,uBAApBA,gBAAA,CAAsB1K,OAAO;MACtCM,IAAI,EAAE,OAAO;MACb1B;IACF,CAAC,CAAC;IACF;IACAnB,YAAY,CAAC;MACXuC,OAAO,GAAA2K,gBAAA,GAAE3F,KAAK,CAAC5B,QAAQ,cAAAuH,gBAAA,gBAAAA,gBAAA,GAAdA,gBAAA,CAAgB5K,IAAI,cAAA4K,gBAAA,uBAApBA,gBAAA,CAAsBN,iBAAiB;MAChD/J,IAAI,EAAE,OAAO;MACb1B;IACF,CAAC,CAAC;IACF;IACApB,YAAY,CAAC;MAAEwC,OAAO,GAAA4K,gBAAA,GAAE5F,KAAK,CAAC5B,QAAQ,cAAAwH,gBAAA,uBAAdA,gBAAA,CAAgB7K,IAAI;MAAEnB;IAAM,CAAC,CAAC;IACtD;IACApB,YAAY,CAAC;MAAEwC,OAAO,EAAEgF,KAAK,CAACS,KAAK,IAAI,IAAIxB,KAAK,CAAC,CAAC,CAACwB,KAAK;MAAE7G;IAAM,CAAC,CAAC;EACpE;EACApB,YAAY,CAAC;IACXwC,OAAO,EAAG,+CAA8C;IACxDpB;EACF,CAAC,CAAC;EACF,OAAO,KAAK;AACd"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rockcarver/frodo-lib",
3
- "version": "2.0.0-66",
3
+ "version": "2.0.0-67",
4
4
  "type": "commonjs",
5
5
  "main": "./cjs/index.js",
6
6
  "module": "./esm/index.js",
package/types/ops/AuthenticateOps.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AuthenticateOps.d.ts","sourceRoot":"","sources":["../../src/ops/AuthenticateOps.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAMxC,OAAO,EAAwB,MAAM,EAAE,MAAM,WAAW,CAAC;AACzD,OAAO,EAEL,KAAK,mBAAmB,EAEzB,MAAM,iBAAiB,CAAC;AAczB,MAAM,MAAM,YAAY,GAAG;IACzB;;;;;OAKG;IACH,SAAS,CACP,gBAAgB,CAAC,EAAE,OAAO,EAC1B,WAAW,CAAC,EAAE,OAAO,GACpB,OAAO,CAAC,OAAO,CAAC,CAAC;IAGpB;;;;;;;;;;OAUG;IACH,+BAA+B,CAC7B,IAAI,CAAC,EAAE,MAAM,EACb,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CAC3B,CAAC;gCAEqB,KAAK,KAAG,YAAY;AAA3C,wBAmBE;AA8QF,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,CAAC;AAqUF;;;;GAIG;AACH,wBAAsB,qBAAqB,CAAC,EAC1C,IAAgB,EAChB,KAAiB,EACjB,KAAK,GACN,EAAE;IACD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,KAAK,CAAC;CACd,GAAG,OAAO,CAAC,mBAAmB,CAAC,CA4B/B;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,CAAC,EACrC,KAAK,GACN,EAAE;IACD,KAAK,EAAE,KAAK,CAAC;CACd,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAiC/B;AAkHD;;;;;;GAMG;AACH,wBAAsB,SAAS,CAAC,EAC9B,gBAAwB,EACxB,WAAkB,EAClB,KAAK,GACN,EAAE;IACD,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,KAAK,EAAE,KAAK,CAAC;CACd,GAAG,OAAO,CAAC,OAAO,CAAC,CA4JnB"}
1
+ {"version":3,"file":"AuthenticateOps.d.ts","sourceRoot":"","sources":["../../src/ops/AuthenticateOps.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAMxC,OAAO,EAAwB,MAAM,EAAE,MAAM,WAAW,CAAC;AACzD,OAAO,EAEL,KAAK,mBAAmB,EAEzB,MAAM,iBAAiB,CAAC;AAczB,MAAM,MAAM,YAAY,GAAG;IACzB;;;;;OAKG;IACH,SAAS,CACP,gBAAgB,CAAC,EAAE,OAAO,EAC1B,WAAW,CAAC,EAAE,OAAO,GACpB,OAAO,CAAC,OAAO,CAAC,CAAC;IAGpB;;;;;;;;;;OAUG;IACH,+BAA+B,CAC7B,IAAI,CAAC,EAAE,MAAM,EACb,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CAC3B,CAAC;gCAEqB,KAAK,KAAG,YAAY;AAA3C,wBAmBE;AA8QF,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,CAAC;AAqUF;;;;GAIG;AACH,wBAAsB,qBAAqB,CAAC,EAC1C,IAAgB,EAChB,KAAiB,EACjB,KAAK,GACN,EAAE;IACD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,KAAK,CAAC;CACd,GAAG,OAAO,CAAC,mBAAmB,CAAC,CA4B/B;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,CAAC,EACrC,KAAK,GACN,EAAE;IACD,KAAK,EAAE,KAAK,CAAC;CACd,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAiC/B;AAoHD;;;;;;GAMG;AACH,wBAAsB,SAAS,CAAC,EAC9B,gBAAwB,EACxB,WAAkB,EAClB,KAAK,GACN,EAAE;IACD,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,KAAK,EAAE,KAAK,CAAC;CACd,GAAG,OAAO,CAAC,OAAO,CAAC,CA4JnB"}