npm - @rudderjs/passport - Versions diffs - 1.1.1 → 1.1.2 - Mend

@rudderjs/passport 1.1.1 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

package/README.md +96 -15
package/dist/grants/authorization-code.d.ts.map +1 -1
package/dist/grants/authorization-code.js +4 -17
package/dist/grants/authorization-code.js.map +1 -1
package/dist/grants/client-credentials.d.ts.map +1 -1
package/dist/grants/client-credentials.js +4 -17
package/dist/grants/client-credentials.js.map +1 -1
package/dist/grants/device-code.d.ts.map +1 -1
package/dist/grants/device-code.js +2 -1
package/dist/grants/device-code.js.map +1 -1
package/dist/grants/parse-scopes.d.ts +15 -0
package/dist/grants/parse-scopes.d.ts.map +1 -0
package/dist/grants/parse-scopes.js +17 -0
package/dist/grants/parse-scopes.js.map +1 -0
package/dist/grants/refresh-token.d.ts.map +1 -1
package/dist/grants/refresh-token.js +5 -18
package/dist/grants/refresh-token.js.map +1 -1
package/dist/grants/verify-client.d.ts +29 -0
package/dist/grants/verify-client.d.ts.map +1 -0
package/dist/grants/verify-client.js +43 -0
package/dist/grants/verify-client.js.map +1 -0
package/dist/middleware/bearer.d.ts.map +1 -1
package/dist/middleware/bearer.js +98 -103
package/dist/middleware/bearer.js.map +1 -1
package/dist/models/AccessToken.d.ts +3 -3
package/dist/models/AuthCode.d.ts +3 -3
package/dist/models/DeviceCode.d.ts +3 -3
package/dist/models/RefreshToken.d.ts +3 -3
package/dist/models/helpers.d.ts +27 -9
package/dist/models/helpers.d.ts.map +1 -1
package/dist/models/helpers.js +12 -6
package/dist/models/helpers.js.map +1 -1
package/dist/personal-access-tokens.d.ts.map +1 -1
package/dist/personal-access-tokens.js.map +1 -1
package/dist/routes/authorize.d.ts +17 -0
package/dist/routes/authorize.d.ts.map +1 -0
package/dist/routes/authorize.js +107 -0
package/dist/routes/authorize.js.map +1 -0
package/dist/routes/device.d.ts +23 -0
package/dist/routes/device.d.ts.map +1 -0
package/dist/routes/device.js +69 -0
package/dist/routes/device.js.map +1 -0
package/dist/routes/helpers.d.ts +64 -0
package/dist/routes/helpers.d.ts.map +1 -0
package/dist/routes/helpers.js +154 -0
package/dist/routes/helpers.js.map +1 -0
package/dist/routes/revoke.d.ts +16 -0
package/dist/routes/revoke.d.ts.map +1 -0
package/dist/routes/revoke.js +33 -0
package/dist/routes/revoke.js.map +1 -0
package/dist/routes/scopes.d.ts +9 -0
package/dist/routes/scopes.d.ts.map +1 -0
package/dist/routes/scopes.js +13 -0
package/dist/routes/scopes.js.map +1 -0
package/dist/routes/token.d.ts +24 -0
package/dist/routes/token.d.ts.map +1 -0
package/dist/routes/token.js +121 -0
package/dist/routes/token.js.map +1 -0
package/dist/routes/types.d.ts +132 -0
package/dist/routes/types.d.ts.map +1 -0
package/dist/routes/types.js +2 -0
package/dist/routes/types.js.map +1 -0
package/dist/routes.d.ts +2 -120
package/dist/routes.d.ts.map +1 -1
package/dist/routes.js +16 -411
package/dist/routes.js.map +1 -1
package/package.json +3 -3

package/dist/routes.js CHANGED Viewed

@@ -1,143 +1,10 @@
-import { config, report } from '@rudderjs/core';
 import { Passport } from './Passport.js';
-import { clientHelpers } from './models/helpers.js';
-import { RequireBearer } from './middleware/bearer.js';
-import { validateAuthorizationRequest, issueAuthCode, exchangeAuthCode, clientCredentialsGrant, refreshTokenGrant, requestDeviceCode, pollDeviceCode, approveDeviceCode, OAuthError, } from './grants/index.js';
-/**
- * Re-validate that `redirect_uri` is on the requesting client's whitelist.
- * The consent UI sees the validated URI from `GET /oauth/authorize`, but the
- * subsequent POST/DELETE bodies are attacker-controlled and must be
- * re-checked — otherwise the response leaks an authorization code (POST) or
- * an open redirect (DELETE) to a host the client never registered.
- * Throws `OAuthError` so the surrounding try/catch returns the correct
- * status + payload.
- */
-async function validateClientRedirect(clientId, redirectUri) {
-    if (typeof clientId !== 'string' || !clientId) {
-        throw new OAuthError('invalid_request', 'client_id is required.');
-    }
-    if (typeof redirectUri !== 'string' || !redirectUri) {
-        throw new OAuthError('invalid_request', 'redirect_uri is required.');
-    }
-    const ClientCls = await Passport.clientModel();
-    const client = await ClientCls.where('id', clientId).first();
-    if (!client || client.revoked) {
-        throw new OAuthError('invalid_client', 'Client not found.');
-    }
-    if (!clientHelpers.hasRedirectUri(client, redirectUri)) {
-        throw new OAuthError('invalid_request', 'Invalid redirect_uri.');
-    }
-    return client;
-}
-/**
- * Resolve client credentials at the token endpoint per RFC 6749 §2.3.
- *
- * Confidential clients can authenticate via:
- *   1. `Authorization: Basic base64(client_id:client_secret)` (§2.3.1, MUST support)
- *   2. `client_id` + `client_secret` in the request body (alternative)
- *
- * §2.3 forbids using both at once — clients MUST NOT pass credentials in
- * the body when the header is present. We reject that combination with
- * `invalid_request` so SDK bugs surface loudly instead of silently
- * accepting one set and ignoring the other.
- *
- * Public clients send only `client_id` in the body; both Basic creds and
- * a body `client_id` mismatch is also rejected.
- */
-function resolveClientCredentials(req, body) {
-    const authHeader = req.headers?.['authorization'];
-    const bodyClientId = body['client_id'];
-    const bodyClientSecret = body['client_secret'];
-    if (typeof authHeader === 'string' && authHeader.length >= 6 && authHeader.slice(0, 6).toLowerCase() === 'basic ') {
-        const encoded = authHeader.slice(6).trim();
-        let decoded;
-        try {
-            decoded = Buffer.from(encoded, 'base64').toString('utf8');
-        }
-        catch {
-            throw new OAuthError('invalid_request', 'Malformed HTTP Basic credentials.', 401);
-        }
-        const sep = decoded.indexOf(':');
-        if (sep === -1) {
-            throw new OAuthError('invalid_request', 'Malformed HTTP Basic credentials.', 401);
-        }
-        // RFC 6749 §2.3.1 — client_id and client_secret in Basic are
-        // application/x-www-form-urlencoded-encoded before base64. SDKs in
-        // the wild often skip the percent-encoding step; we accept the raw
-        // form because requiring percent-decoding here would reject every
-        // ASCII-only credential pair (which is the overwhelming majority).
-        const headerClientId = decoded.slice(0, sep);
-        const headerClientSecret = decoded.slice(sep + 1);
-        if (!headerClientId) {
-            throw new OAuthError('invalid_request', 'Malformed HTTP Basic credentials.', 401);
-        }
-        if (bodyClientSecret !== undefined) {
-            throw new OAuthError('invalid_request', 'client_secret must not be sent in both Authorization header and request body.', 401);
-        }
-        if (bodyClientId !== undefined && bodyClientId !== headerClientId) {
-            throw new OAuthError('invalid_request', 'client_id in Authorization header does not match request body.', 401);
-        }
-        return { clientId: headerClientId, clientSecret: headerClientSecret };
-    }
-    if (typeof bodyClientId !== 'string' || !bodyClientId) {
-        throw new OAuthError('invalid_request', 'client_id is required.');
-    }
-    return bodyClientSecret !== undefined
-        ? { clientId: bodyClientId, clientSecret: bodyClientSecret }
-        : { clientId: bodyClientId };
-}
-/**
- * Resolve the device-flow verification URI in this priority order:
- *
- *   1. `opts.verificationUri` — explicit caller override.
- *   2. `config('app.url')` — `${appUrl}${prefix}/device`. Trailing slash on
- *      the configured value is tolerated.
- *   3. `req.protocol` + `req.hostname` — last-resort fallback for dev / when
- *      neither knob is configured. The `Host` header is attacker-controlled
- *      behind a reverse proxy without trust-proxy, so we emit a one-shot
- *      warning the first time we land here. Documented in CLAUDE.md.
- */
-let _hostHeaderFallbackWarned = false;
-function resolveVerificationUri(opts, req, prefix) {
-    if (opts.verificationUri)
-        return opts.verificationUri;
-    const appUrl = config('app.url', undefined);
-    if (typeof appUrl === 'string' && appUrl) {
-        return `${appUrl.replace(/\/$/, '')}${prefix}/device`;
-    }
-    if (!_hostHeaderFallbackWarned) {
-        _hostHeaderFallbackWarned = true;
-        console.warn('[@rudderjs/passport] Falling back to req.protocol/req.hostname for the device-flow verification URI. ' +
-            'The Host header is attacker-controlled behind a reverse proxy without trust-proxy. ' +
-            'Set APP_URL (config(\'app.url\')) or pass an explicit `verificationUri` to registerPassportRoutes() to silence this.');
-    }
-    return `${req.protocol}://${req.hostname}${prefix}/device`;
-}
-/**
- * Render an error response from a `/oauth/authorize` handler. RFC 6749
- * §4.1.2.1 requires that `state` is echoed back on errors (so the client
- * can reconcile the response against its own session) — independent of
- * whether the response shape is a redirect or JSON, and independent of
- * the underlying error code.
- *
- * We additionally call `report()` on non-`OAuthError` throws so the root
- * cause surfaces through the configured exception reporter instead of
- * being silently collapsed under `server_error`.
- */
-function authErrorResponse(res, err, state) {
-    const stateEcho = typeof state === 'string' && state ? { state } : {};
-    if (err instanceof OAuthError) {
-        res.status(err.statusCode).json({ ...err.toJSON(), ...stateEcho });
-        return;
-    }
-    report(err);
-    res.status(500).json({ error: 'server_error', error_description: 'Internal server error.', ...stateEcho });
-}
-function asMiddlewareArray(input) {
-    if (!input)
-        return [];
-    return Array.isArray(input) ? input : [input];
-}
+import { asMiddlewareArray } from './routes/helpers.js';
+import { registerAuthorizeRoutes } from './routes/authorize.js';
+import { registerTokenRoute } from './routes/token.js';
+import { registerRevokeRoute } from './routes/revoke.js';
+import { registerScopesRoute } from './routes/scopes.js';
+import { registerDeviceRoutes } from './routes/device.js';
 /**
  * Register all Passport OAuth routes on the given router.
  *
@@ -160,278 +27,16 @@ export function registerPassportRoutes(router, opts = {}) {
     const tokenMiddleware = asMiddlewareArray(opts.tokenMiddleware);
     const authorizeMiddleware = asMiddlewareArray(opts.authorizeMiddleware);
     const deviceMiddleware = asMiddlewareArray(opts.deviceMiddleware);
-    // ── /oauth/authorize ─────────────────────────────────────
-    if (!skip.has('authorize')) {
-        // GET /oauth/authorize — show consent (returns JSON or renders custom view)
-        router.get(`${prefix}/authorize`, async (req, res) => {
-            const query = req.query ?? {};
-            try {
-                const validated = await validateAuthorizationRequest({
-                    clientId: query['client_id'] ?? '',
-                    redirectUri: query['redirect_uri'] ?? '',
-                    responseType: query['response_type'] ?? '',
-                    scope: query['scope'] ?? '',
-                    state: query['state'],
-                    codeChallenge: query['code_challenge'],
-                    codeChallengeMethod: query['code_challenge_method'],
-                });
-                const ctx = {
-                    client: {
-                        id: validated.client.id,
-                        name: validated.client.name,
-                    },
-                    scopes: validated.scopes,
-                    redirectUri: validated.redirectUri,
-                    ...(validated.state !== undefined ? { state: validated.state } : {}),
-                    ...(validated.codeChallenge !== undefined ? { codeChallenge: validated.codeChallenge } : {}),
-                    ...(validated.codeChallengeMethod !== undefined ? { codeChallengeMethod: validated.codeChallengeMethod } : {}),
-                    request: req,
-                };
-                const viewFn = Passport.authorizationViewFn();
-                if (viewFn) {
-                    return await viewFn(ctx);
-                }
-                // Default: JSON response — the app's consent screen reads this
-                res.json({
-                    client: ctx.client,
-                    scopes: ctx.scopes,
-                    state: ctx.state,
-                    redirectUri: ctx.redirectUri,
-                });
-            }
-            catch (e) {
-                authErrorResponse(res, e, query['state']);
-            }
-        }, authorizeMiddleware);
-        // POST /oauth/authorize — user approves
-        router.post(`${prefix}/authorize`, async (req, res) => {
-            const body = req.body ?? {};
-            try {
-                const userId = req.raw?.__rjs_user?.id ?? req.user?.id;
-                if (!userId) {
-                    // Echo state on the unauthenticated branch too — the consent UI
-                    // round-trips the same payload regardless of the auth gate result.
-                    const stateEcho = typeof body['state'] === 'string' && body['state'] ? { state: body['state'] } : {};
-                    res.status(401).json({ error: 'unauthenticated', error_description: 'User must be signed in.', ...stateEcho });
-                    return;
-                }
-                await validateClientRedirect(body['client_id'], body['redirect_uri']);
-                const code = await issueAuthCode({
-                    userId,
-                    clientId: body['client_id'],
-                    scopes: body['scopes'] ?? [],
-                    redirectUri: body['redirect_uri'],
-                    codeChallenge: body['code_challenge'],
-                    codeChallengeMethod: body['code_challenge_method'],
-                });
-                const redirectUri = new URL(body['redirect_uri']);
-                redirectUri.searchParams.set('code', code);
-                if (body['state'])
-                    redirectUri.searchParams.set('state', body['state']);
-                res.json({ redirect_uri: redirectUri.toString() });
-            }
-            catch (e) {
-                authErrorResponse(res, e, body['state']);
-            }
-        }, authorizeMiddleware);
-        // DELETE /oauth/authorize — user denies
-        router.delete(`${prefix}/authorize`, async (req, res) => {
-            const body = req.body ?? {};
-            try {
-                await validateClientRedirect(body['client_id'], body['redirect_uri']);
-                const redirectUri = new URL(body['redirect_uri']);
-                redirectUri.searchParams.set('error', 'access_denied');
-                redirectUri.searchParams.set('error_description', 'The user denied the request.');
-                if (body['state'])
-                    redirectUri.searchParams.set('state', body['state']);
-                res.json({ redirect_uri: redirectUri.toString() });
-            }
-            catch (e) {
-                authErrorResponse(res, e, body['state']);
-            }
-        }, authorizeMiddleware);
-    }
-    // ── POST /oauth/token ────────────────────────────────────
-    if (!skip.has('token')) {
-        // `tokenMiddleware` runs ahead of the handler — primary intended use is
-        // a per-route rate limiter so client_secret guessing can't churn through
-        // the registry without backoff. See PassportRouteOptions.tokenMiddleware
-        // jsdoc for the recommended config.
-        router.post(`${prefix}/token`, async (req, res) => {
-            try {
-                const body = req.body ?? {};
-                const grantType = body['grant_type'];
-                // RFC 6749 §2.3.1 — confidential clients MUST be able to
-                // authenticate via HTTP Basic; body params are an alternative.
-                // §2.3 forbids using both at once. Resolve credentials once for
-                // all grants instead of repeating the parsing in each branch.
-                const credentials = resolveClientCredentials(req, body);
-                let result;
-                switch (grantType) {
-                    case 'authorization_code':
-                        result = await exchangeAuthCode({
-                            grantType,
-                            code: body['code'],
-                            ...credentials,
-                            redirectUri: body['redirect_uri'],
-                            codeVerifier: body['code_verifier'],
-                        });
-                        break;
-                    case 'client_credentials':
-                        // ClientCredentialsRequest requires clientSecret (the grant
-                        // is confidential-only by spec). Surface the missing-secret
-                        // case as invalid_request rather than letting it surface
-                        // downstream as "Invalid client secret."
-                        if (credentials.clientSecret === undefined) {
-                            throw new OAuthError('invalid_request', 'client_secret is required for the client_credentials grant.', 401);
-                        }
-                        result = await clientCredentialsGrant({
-                            grantType,
-                            clientId: credentials.clientId,
-                            clientSecret: credentials.clientSecret,
-                            scope: body['scope'],
-                        });
-                        break;
-                    case 'refresh_token':
-                        result = await refreshTokenGrant({
-                            grantType,
-                            refreshToken: body['refresh_token'],
-                            ...credentials,
-                            scope: body['scope'],
-                        });
-                        break;
-                    case 'urn:ietf:params:oauth:grant-type:device_code': {
-                        const pollResult = await pollDeviceCode({
-                            grantType,
-                            deviceCode: body['device_code'],
-                            clientId: credentials.clientId,
-                        });
-                        if (pollResult.status === 'authorized') {
-                            result = pollResult.tokens;
-                        }
-                        else {
-                            // RFC 8628 §3.5 — device-flow polling errors (including
-                            // slow_down) are §5.2-shaped errors and MUST return HTTP
-                            // 400. 429 is for transport-level rate-limiting, not the
-                            // OAuth `slow_down` signal.
-                            //
-                            // On slow_down, forward the escalated `interval` so a
-                            // well-behaved client uses the new value instead of having
-                            // to add 5 itself. Other variants don't need it.
-                            if (pollResult.status === 'slow_down') {
-                                res.status(400).json({ error: 'slow_down', interval: pollResult.interval });
-                            }
-                            else {
-                                res.status(400).json({ error: pollResult.status });
-                            }
-                            return;
-                        }
-                        break;
-                    }
-                    default:
-                        res.status(400).json({
-                            error: 'unsupported_grant_type',
-                            error_description: `Grant type "${grantType}" is not supported.`,
-                        });
-                        return;
-                }
-                res.json(result);
-            }
-            catch (e) {
-                if (e instanceof OAuthError) {
-                    // RFC 6749 §5.2 — client-auth failures at the token endpoint
-                    // are signalled with WWW-Authenticate alongside the 401 status.
-                    if (e.statusCode === 401 && typeof res.header === 'function') {
-                        res.header('WWW-Authenticate', 'Basic realm="oauth"');
-                    }
-                    res.status(e.statusCode).json(e.toJSON());
-                }
-                else {
-                    report(e);
-                    res.status(500).json({ error: 'server_error', error_description: 'Internal server error.' });
-                }
-            }
-        }, tokenMiddleware);
-    }
-    // ── DELETE /oauth/tokens/:id — revoke a specific token ──
-    // Requires a valid bearer token AND ownership of the token being revoked.
-    // Token ids appear in JWT `jti` claims (semi-public), so without an
-    // ownership check anyone with a single captured JWT could DoS arbitrary
-    // users. Returns 404 (not 403) on ownership mismatch to avoid leaking
-    // whether a given id exists.
-    if (!skip.has('revoke')) {
-        router.delete(`${prefix}/tokens/:id`, async (req, res) => {
-            const tokenId = req.params?.['id'] ?? '';
-            const AccessTokenCls = await Passport.tokenModel();
-            const token = await AccessTokenCls.where('id', tokenId).first();
-            const requesterId = req.raw?.__rjs_user?.id ?? req.user?.id;
-            if (!token || !requesterId || token.userId !== requesterId) {
-                res.status(404).json({ error: 'not_found', error_description: 'Token not found.' });
-                return;
-            }
-            // QueryBuilder.updateAll() bypasses the mass-assignment filter;
-            // `revoked` is no longer in `AccessToken.fillable`.
-            await AccessTokenCls.where('id', token.id)
-                .updateAll({ revoked: true });
-            res.status(204).send();
-        }, [RequireBearer(), ...authorizeMiddleware]);
-    }
-    // ── GET /oauth/scopes ────────────────────────────────────
-    if (!skip.has('scopes')) {
-        router.get(`${prefix}/scopes`, async (_req, res) => {
-            res.json(Passport.scopes());
-        });
-    }
-    // ── /oauth/device ────────────────────────────────────────
-    if (!skip.has('device')) {
-        // POST /oauth/device/code — request device authorization
-        // `deviceMiddleware` runs ahead of the handler — primary intended use is
-        // a per-route rate limiter tighter than the api-group default. See
-        // PassportRouteOptions.deviceMiddleware jsdoc.
-        router.post(`${prefix}/device/code`, async (req, res) => {
-            try {
-                const body = req.body ?? {};
-                const verificationUri = resolveVerificationUri(opts, req, prefix);
-                const result = await requestDeviceCode({
-                    clientId: body['client_id'],
-                    scope: body['scope'],
-                    verificationUri,
-                });
-                res.json(result);
-            }
-            catch (e) {
-                if (e instanceof OAuthError) {
-                    res.status(e.statusCode).json(e.toJSON());
-                }
-                else {
-                    report(e);
-                    res.status(500).json({ error: 'server_error', error_description: 'Internal server error.' });
-                }
-            }
-        }, deviceMiddleware);
-        // POST /oauth/device/approve — user approves/denies device
-        router.post(`${prefix}/device/approve`, async (req, res) => {
-            try {
-                const body = req.body ?? {};
-                const userId = req.raw?.__rjs_user?.id ?? req.user?.id;
-                if (!userId) {
-                    res.status(401).json({ error: 'unauthenticated', error_description: 'User must be signed in.' });
-                    return;
-                }
-                await approveDeviceCode(body['user_code'], userId, body['approved'] !== false);
-                res.json({ status: 'ok' });
-            }
-            catch (e) {
-                if (e instanceof OAuthError) {
-                    res.status(e.statusCode).json(e.toJSON());
-                }
-                else {
-                    report(e);
-                    res.status(500).json({ error: 'server_error', error_description: 'Internal server error.' });
-                }
-            }
-        }, deviceMiddleware);
-    }
+    if (!skip.has('authorize'))
+        registerAuthorizeRoutes(router, prefix, authorizeMiddleware);
+    if (!skip.has('token'))
+        registerTokenRoute(router, prefix, tokenMiddleware);
+    if (!skip.has('revoke'))
+        registerRevokeRoute(router, prefix, authorizeMiddleware);
+    if (!skip.has('scopes'))
+        registerScopesRoute(router, prefix);
+    if (!skip.has('device'))
+        registerDeviceRoutes(router, opts, prefix, deviceMiddleware);
 }
 /**
  * Register the **web-group** Passport routes — `GET/POST/DELETE

package/dist/routes.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"routes.js","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAE/C,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAGxC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACtD,OAAO,EACL,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,UAAU,GACX,MAAM,mBAAmB,CAAA;AAE1B;;;;;;;;GAQG;AACH,KAAK,UAAU,sBAAsB,CAAC,QAAiB,EAAE,WAAoB;IAC3E,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,wBAAwB,CAAC,CAAA;IACnE,CAAC;IACD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,CAAC,WAAW,EAAE,CAAC;QACpD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,2BAA2B,CAAC,CAAA;IACtE,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;IAC9C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,KAAK,EAAwB,CAAA;IAClF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,CAAA;IAC7D,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,MAAa,EAAE,WAAW,CAAC,EAAE,CAAC;QAC9D,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,uBAAuB,CAAC,CAAA;IAClE,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAS,wBAAwB,CAC/B,GAA0C,EAC1C,IAA6B;IAE7B,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,eAAe,CAAC,CAAA;IACjD,MAAM,YAAY,GAAO,IAAI,CAAC,WAAW,CAA2B,CAAA;IACpE,MAAM,gBAAgB,GAAG,IAAI,CAAC,eAAe,CAAuB,CAAA;IAEpE,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;QAClH,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QAC1C,IAAI,OAAe,CAAA;QACnB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,mCAAmC,EAAE,GAAG,CAAC,CAAA;QACnF,CAAC;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAChC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;YACf,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,mCAAmC,EAAE,GAAG,CAAC,CAAA;QACnF,CAAC;QACD,6DAA6D;QAC7D,mEAAmE;QACnE,mEAAmE;QACnE,kEAAkE;QAClE,mEAAmE;QACnE,MAAM,cAAc,GAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;QAChD,MAAM,kBAAkB,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAA;QAEjD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,mCAAmC,EAAE,GAAG,CAAC,CAAA;QACnF,CAAC;QACD,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,+EAA+E,EAAE,GAAG,CAAC,CAAA;QAC/H,CAAC;QACD,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,cAAc,EAAE,CAAC;YAClE,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,gEAAgE,EAAE,GAAG,CAAC,CAAA;QAChH,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAA;IACvE,CAAC;IAED,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;QACtD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,wBAAwB,CAAC,CAAA;IACnE,CAAC;IACD,OAAO,gBAAgB,KAAK,SAAS;QACnC,CAAC,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE;QAC5D,CAAC,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAA;AAChC,CAAC;AAED;;;;;;;;;;GAUG;AACH,IAAI,yBAAyB,GAAG,KAAK,CAAA;AACrC,SAAS,sBAAsB,CAAC,IAA0B,EAAE,GAA6C,EAAE,MAAc;IACvH,IAAI,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC,eAAe,CAAA;IAErD,MAAM,MAAM,GAAG,MAAM,CAAqB,SAAS,EAAE,SAAS,CAAC,CAAA;IAC/D,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,EAAE,CAAC;QACzC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,MAAM,SAAS,CAAA;IACvD,CAAC;IAED,IAAI,CAAC,yBAAyB,EAAE,CAAC;QAC/B,yBAAyB,GAAG,IAAI,CAAA;QAChC,OAAO,CAAC,IAAI,CACV,uGAAuG;YACvG,qFAAqF;YACrF,sHAAsH,CACvH,CAAA;IACH,CAAC;IACD,OAAO,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,GAAG,MAAM,SAAS,CAAA;AAC5D,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,iBAAiB,CAAC,GAAQ,EAAE,GAAY,EAAE,KAAc;IAC/D,MAAM,SAAS,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;IACrE,IAAI,GAAG,YAAY,UAAU,EAAE,CAAC;QAC9B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,SAAS,EAAE,CAAC,CAAA;QAClE,OAAM;IACR,CAAC;IACD,MAAM,CAAC,GAAG,CAAC,CAAA;IACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,GAAG,SAAS,EAAE,CAAC,CAAA;AAC5G,CAAC;AAiID,SAAS,iBAAiB,CAAC,KAA0D;IACnF,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAA;IACrB,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;AAC/C,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAc,EAAE,OAA6B,EAAE;IACpF,IAAI,QAAQ,CAAC,aAAa,EAAE;QAAE,OAAM;IAEpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,QAAQ,CAAA;IACtC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAA;IACvC,MAAM,eAAe,GAAO,iBAAiB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IACnE,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;IACvE,MAAM,gBAAgB,GAAM,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;IAEpE,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3B,4EAA4E;QAC5E,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,YAAY,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC7D,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,IAAI,EAAE,CAAA;YAC7B,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAAC;oBACnD,QAAQ,EAAa,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE;oBAC7C,WAAW,EAAU,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE;oBAChD,YAAY,EAAS,KAAK,CAAC,eAAe,CAAC,IAAI,EAAE;oBACjD,KAAK,EAAgB,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE;oBACzC,KAAK,EAAgB,KAAK,CAAC,OAAO,CAAC;oBACnC,aAAa,EAAQ,KAAK,CAAC,gBAAgB,CAAC;oBAC5C,mBAAmB,EAAE,KAAK,CAAC,uBAAuB,CAAC;iBACpD,CAAC,CAAA;gBAEF,MAAM,GAAG,GAAG;oBACV,MAAM,EAAE;wBACN,EAAE,EAAI,SAAS,CAAC,MAAM,CAAC,EAAE;wBACzB,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC,IAAI;qBAC5B;oBACD,MAAM,EAAO,SAAS,CAAC,MAAM;oBAC7B,WAAW,EAAE,SAAS,CAAC,WAAW;oBAClC,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACpE,GAAG,CAAC,SAAS,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,SAAS,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5F,GAAG,CAAC,SAAS,CAAC,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,SAAS,CAAC,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC9G,OAAO,EAAE,GAAG;iBACb,CAAA;gBAED,MAAM,MAAM,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAA;gBAC7C,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,MAAM,MAAM,CAAC,GAAG,CAAC,CAAA;gBAC1B,CAAC;gBAED,+DAA+D;gBAC/D,GAAG,CAAC,IAAI,CAAC;oBACP,MAAM,EAAO,GAAG,CAAC,MAAM;oBACvB,MAAM,EAAO,GAAG,CAAC,MAAM;oBACvB,KAAK,EAAQ,GAAG,CAAC,KAAK;oBACtB,WAAW,EAAE,GAAG,CAAC,WAAW;iBAC7B,CAAC,CAAA;YACJ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,iBAAiB,CAAC,GAAG,EAAE,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAA;YAC3C,CAAC;QACH,CAAC,EAAE,mBAAmB,CAAC,CAAA;QAEvB,wCAAwC;QACxC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,YAAY,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC9D,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;YAC3B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAI,GAAG,CAAC,GAAW,EAAE,UAAU,EAAE,EAAE,IAAK,GAAW,CAAC,IAAI,EAAE,EAAE,CAAA;gBACxE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,gEAAgE;oBAChE,mEAAmE;oBACnE,MAAM,SAAS,GAAG,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;oBACpG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,GAAG,SAAS,EAAE,CAAC,CAAA;oBAC9G,OAAM;gBACR,CAAC;gBAED,MAAM,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,CAAA;gBAErE,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC;oBAC/B,MAAM;oBACN,QAAQ,EAAa,IAAI,CAAC,WAAW,CAAC;oBACtC,MAAM,EAAe,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE;oBACzC,WAAW,EAAU,IAAI,CAAC,cAAc,CAAC;oBACzC,aAAa,EAAQ,IAAI,CAAC,gBAAgB,CAAC;oBAC3C,mBAAmB,EAAE,IAAI,CAAC,uBAAuB,CAAC;iBACnD,CAAC,CAAA;gBAEF,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAA;gBACjD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;gBAC1C,IAAI,IAAI,CAAC,OAAO,CAAC;oBAAE,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;gBAEvE,GAAG,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,WAAW,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACpD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,iBAAiB,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;YAC1C,CAAC;QACH,CAAC,EAAE,mBAAmB,CAAC,CAAA;QAEvB,wCAAwC;QACxC,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,YAAY,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAChE,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;YAC3B,IAAI,CAAC;gBACH,MAAM,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,CAAA;gBAErE,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAA;gBACjD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,CAAA;gBACtD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,8BAA8B,CAAC,CAAA;gBACjF,IAAI,IAAI,CAAC,OAAO,CAAC;oBAAE,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;gBAEvE,GAAG,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,WAAW,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACpD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,iBAAiB,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;YAC1C,CAAC;QACH,CAAC,EAAE,mBAAmB,CAAC,CAAA;IACzB,CAAC;IAED,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QACvB,wEAAwE;QACxE,yEAAyE;QACzE,yEAAyE;QACzE,oCAAoC;QACpC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,QAAQ,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC1D,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;gBAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAW,CAAA;gBAE9C,yDAAyD;gBACzD,+DAA+D;gBAC/D,gEAAgE;gBAChE,8DAA8D;gBAC9D,MAAM,WAAW,GAAG,wBAAwB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;gBAEvD,IAAI,MAAM,CAAA;gBAEV,QAAQ,SAAS,EAAE,CAAC;oBAClB,KAAK,oBAAoB;wBACvB,MAAM,GAAG,MAAM,gBAAgB,CAAC;4BAC9B,SAAS;4BACT,IAAI,EAAW,IAAI,CAAC,MAAM,CAAC;4BAC3B,GAAG,WAAW;4BACd,WAAW,EAAI,IAAI,CAAC,cAAc,CAAC;4BACnC,YAAY,EAAG,IAAI,CAAC,eAAe,CAAC;yBACrC,CAAC,CAAA;wBACF,MAAK;oBAEP,KAAK,oBAAoB;wBACvB,4DAA4D;wBAC5D,4DAA4D;wBAC5D,yDAAyD;wBACzD,yCAAyC;wBACzC,IAAI,WAAW,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;4BAC3C,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,6DAA6D,EAAE,GAAG,CAAC,CAAA;wBAC7G,CAAC;wBACD,MAAM,GAAG,MAAM,sBAAsB,CAAC;4BACpC,SAAS;4BACT,QAAQ,EAAM,WAAW,CAAC,QAAQ;4BAClC,YAAY,EAAE,WAAW,CAAC,YAAY;4BACtC,KAAK,EAAS,IAAI,CAAC,OAAO,CAAC;yBAC5B,CAAC,CAAA;wBACF,MAAK;oBAEP,KAAK,eAAe;wBAClB,MAAM,GAAG,MAAM,iBAAiB,CAAC;4BAC/B,SAAS;4BACT,YAAY,EAAE,IAAI,CAAC,eAAe,CAAC;4BACnC,GAAG,WAAW;4BACd,KAAK,EAAS,IAAI,CAAC,OAAO,CAAC;yBAC5B,CAAC,CAAA;wBACF,MAAK;oBAEP,KAAK,8CAA8C,CAAC,CAAC,CAAC;wBACpD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC;4BACtC,SAAS;4BACT,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC;4BAC/B,QAAQ,EAAI,WAAW,CAAC,QAAQ;yBACjC,CAAC,CAAA;wBACF,IAAI,UAAU,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;4BACvC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAA;wBAC5B,CAAC;6BAAM,CAAC;4BACN,wDAAwD;4BACxD,yDAAyD;4BACzD,yDAAyD;4BACzD,4BAA4B;4BAC5B,EAAE;4BACF,sDAAsD;4BACtD,2DAA2D;4BAC3D,iDAAiD;4BACjD,IAAI,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;gCACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAA;4BAC7E,CAAC;iCAAM,CAAC;gCACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;4BACpD,CAAC;4BACD,OAAM;wBACR,CAAC;wBACD,MAAK;oBACP,CAAC;oBAED;wBACE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;4BACnB,KAAK,EAAE,wBAAwB;4BAC/B,iBAAiB,EAAE,eAAe,SAAS,qBAAqB;yBACjE,CAAC,CAAA;wBACF,OAAM;gBACV,CAAC;gBAED,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAClB,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;oBAC5B,6DAA6D;oBAC7D,gEAAgE;oBAChE,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;wBAC7D,GAAG,CAAC,MAAM,CAAC,kBAAkB,EAAE,qBAAqB,CAAC,CAAA;oBACvD,CAAC;oBACD,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3C,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC,CAAC,CAAA;oBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,EAAE,eAAe,CAAC,CAAA;IACrB,CAAC;IAED,2DAA2D;IAC3D,0EAA0E;IAC1E,oEAAoE;IACpE,wEAAwE;IACxE,sEAAsE;IACtE,6BAA6B;IAC7B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,aAAa,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YACjE,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAA;YACxC,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;YAClD,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,EAAwB,CAAA;YAErF,MAAM,WAAW,GAAI,GAAG,CAAC,GAAW,EAAE,UAAU,EAAE,EAAE,IAAK,GAAW,CAAC,IAAI,EAAE,EAAE,CAAA;YAC7E,IAAI,CAAC,KAAK,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;gBAC3D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,CAAC,CAAA;gBACnF,OAAM;YACR,CAAC;YAED,gEAAgE;YAChE,oDAAoD;YACpD,MAAM,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;iBACvC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAA6B,CAAC,CAAA;YAC1D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;QACxB,CAAC,EAAE,CAAC,aAAa,EAAE,EAAE,GAAG,mBAAmB,CAAC,CAAC,CAAA;IAC/C,CAAC;IAED,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,SAAS,EAAE,KAAK,EAAE,IAAS,EAAE,GAAQ,EAAE,EAAE;YAC3D,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAC7B,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,yDAAyD;QACzD,yEAAyE;QACzE,mEAAmE;QACnE,+CAA+C;QAC/C,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,cAAc,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAChE,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;gBAC3B,MAAM,eAAe,GAAG,sBAAsB,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;gBACjE,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC;oBACrC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;oBAC3B,KAAK,EAAK,IAAI,CAAC,OAAO,CAAC;oBACvB,eAAe;iBAChB,CAAC,CAAA;gBACF,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAClB,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;oBAC5B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3C,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC,CAAC,CAAA;oBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,EAAE,gBAAgB,CAAC,CAAA;QAEpB,2DAA2D;QAC3D,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,iBAAiB,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YACnE,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;gBAC3B,MAAM,MAAM,GAAI,GAAG,CAAC,GAAW,EAAE,UAAU,EAAE,EAAE,IAAK,GAAW,CAAC,IAAI,EAAE,EAAE,CAAA;gBACxE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,CAAC,CAAA;oBAChG,OAAM;gBACR,CAAC;gBACD,MAAM,iBAAiB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK,KAAK,CAAC,CAAA;gBAC9E,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;YAC5B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;oBAC5B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3C,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC,CAAC,CAAA;oBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,EAAE,gBAAgB,CAAC,CAAA;IACtB,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAAc,EAAE,OAA6B,EAAE;IACvF,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAyB,CAAC,CAAA;IACrG,sBAAsB,CAAC,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;AACzE,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAAc,EAAE,OAA6B,EAAE;IACvF,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAyB,CAAC,CAAA;IAC/F,sBAAsB,CAAC,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;AACzE,CAAC"}
1	+ {"version":3,"file":"routes.js","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAExC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAA;AAC/D,OAAO,EAAE,kBAAkB,EAAE,MAAU,mBAAmB,CAAA;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAS,oBAAoB,CAAA;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAS,oBAAoB,CAAA;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAQ,oBAAoB,CAAA;AAI3D;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAc,EAAE,OAA6B,EAAE;IACpF,IAAI,QAAQ,CAAC,aAAa,EAAE;QAAE,OAAM;IAEpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,QAAQ,CAAA;IACtC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAA;IACvC,MAAM,eAAe,GAAO,iBAAiB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IACnE,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;IACvE,MAAM,gBAAgB,GAAM,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;IAEpE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;QAAE,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,mBAAmB,CAAC,CAAA;IACxF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC;QAAM,kBAAkB,CAAK,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAA;IACnF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;QAAK,mBAAmB,CAAI,MAAM,EAAE,MAAM,EAAE,mBAAmB,CAAC,CAAA;IACvF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;QAAK,mBAAmB,CAAI,MAAM,EAAE,MAAM,CAAC,CAAA;IAClE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;QAAK,oBAAoB,CAAG,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAA;AAC5F,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAAc,EAAE,OAA6B,EAAE;IACvF,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAyB,CAAC,CAAA;IACrG,sBAAsB,CAAC,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;AACzE,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAAc,EAAE,OAA6B,EAAE;IACvF,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAyB,CAAC,CAAA;IAC/F,sBAAsB,CAAC,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;AACzE,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rudderjs/passport",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "rudderjs": {
     "provider": "PassportProvider",
     "stage": "infrastructure",
@@ -35,8 +35,8 @@
   },
   "dependencies": {
     "@rudderjs/core": "^1.1.3",
-    "@rudderjs/contracts": "^1.4.0",
-    "@rudderjs/orm": "^1.8.1"
+    "@rudderjs/contracts": "^1.6.0",
+    "@rudderjs/orm": "^1.9.1"
   },
   "devDependencies": {
     "@types/node": "^20.0.0",