@scallywag/validation 1.0.0 → 1.0.1

package/dist/middleware.js

@@ -0,0 +1,403 @@
+/**
+ * Validation Middleware
+ *
+ * Next.js API route validation middleware using Zod
+ */
+import { NextResponse } from 'next/server';
+import { SecurityLevel, } from './types';
+import { formatValidationErrors, validateData } from './validators';
+import { MemoryRateLimitStore } from '@scallywag/gateway/middleware/security/RateLimiter';
+import { logger } from '@scallywag/security/logger';
+/**
+ * Helper function to extract request body safely
+ */
+async function extractRequestBody(request) {
+    return await request.json().catch(() => ({}));
+}
+/**
+ * Helper function to safely extract validated data from result
+ * Extracted for better testability
+ */
+export function safeExtractValidatedData(result) {
+    return typeof result === 'object' &&
+        result !== null &&
+        'validatedData' in result
+        ? result['validatedData']
+        : {};
+}
+/**
+ * Helper function to validate request body
+ */
+async function validateRequestBody(config, request, errors, validatedData) {
+    if (!config || request.method === 'GET')
+        return;
+    const body = await extractRequestBody(request);
+    const bodyResult = await validateData(config, body);
+    if (!bodyResult.success) {
+        errors.push(...bodyResult.errors);
+    }
+    else {
+        validatedData['body'] = bodyResult.data;
+    }
+}
+/**
+ * Helper function to validate query parameters
+ */
+async function validateRequestQuery(config, request, errors, validatedData) {
+    if (!config)
+        return;
+    const url = new URL(request.url);
+    const queryParams = Object.fromEntries(url.searchParams.entries());
+    const queryResult = await validateData(config, queryParams);
+    if (!queryResult.success) {
+        errors.push(...queryResult.errors);
+    }
+    else {
+        validatedData['query'] = queryResult.data;
+    }
+}
+/**
+ * Helper function to validate headers
+ */
+async function validateRequestHeaders(config, request, errors, validatedData) {
+    if (!config)
+        return;
+    // Convert Headers to plain object (safely iterate over header entries)
+    const headers = {};
+    request.headers.forEach((value, key) => {
+        // Safe to use bracket notation here since we're creating a new object
+        // and headers from NextRequest are guaranteed to be strings
+        Object.defineProperty(headers, key, {
+            value,
+            enumerable: true,
+            writable: true,
+            configurable: true,
+        });
+    });
+    const headersResult = await validateData(config, headers);
+    if (!headersResult.success) {
+        errors.push(...headersResult.errors);
+    }
+    else {
+        validatedData['headers'] = headersResult.data;
+    }
+}
+/**
+ * Helper function to validate unified input
+ * Merges body, query params, and URL params into a single object
+ * and validates against the input schema.
+ */
+async function validateUnifiedInput(config, request, params, errors, validatedData) {
+    if (!config)
+        return false;
+    // Extract URL query parameters
+    const url = new URL(request.url);
+    const queryParams = Object.fromEntries(url.searchParams.entries());
+    // Extract request body (if not GET)
+    const body = request.method !== 'GET' ? await extractRequestBody(request) : {};
+    // Merge all inputs: query params + URL params + body
+    // Later values override earlier ones (body takes precedence)
+    const mergedInput = Object.assign(Object.assign(Object.assign({}, queryParams), params), (typeof body === 'object' && body !== null ? body : {}));
+    const inputResult = await validateData(config, mergedInput);
+    if (!inputResult.success) {
+        errors.push(...inputResult.errors);
+    }
+    else {
+        // Store validated data at top level for easy access
+        validatedData['input'] = inputResult.data;
+        // Also store in legacy locations for backwards compatibility
+        validatedData['body'] = inputResult.data;
+        validatedData['query'] = queryParams;
+    }
+    return true; // Indicates unified validation was performed
+}
+/**
+ * Create validation middleware for API routes
+ *
+ * Supports two validation modes:
+ * 1. Unified input validation (config.input): Merges body, query, and params
+ *    into a single validated object. Preferred for new endpoints.
+ * 2. Legacy validation (config.body/query/headers): Validates each part
+ *    separately. Maintained for backwards compatibility.
+ */
+export function createValidationMiddleware(config) {
+    return async function validationMiddleware(request, _context, params) {
+        const errors = [];
+        const validatedData = {};
+        const routeParams = params !== null && params !== void 0 ? params : {};
+        try {
+            // Check for unified input validation first (preferred mode)
+            const usedUnifiedValidation = await validateUnifiedInput(config.input, request, routeParams, errors, validatedData);
+            // If unified validation was used, skip legacy body/query validation
+            // but still validate headers if configured
+            if (usedUnifiedValidation) {
+                await validateRequestHeaders(config.headers, request, errors, validatedData);
+            }
+            else {
+                // Fall back to legacy validation for separate body/query/headers
+                await validateRequestBody(config.body, request, errors, validatedData);
+                await validateRequestQuery(config.query, request, errors, validatedData);
+                await validateRequestHeaders(config.headers, request, errors, validatedData);
+            }
+            if (errors.length > 0) {
+                return NextResponse.json({
+                    success: false,
+                    error: 'Validation failed',
+                    details: formatValidationErrors(errors),
+                    timestamp: new Date().toISOString(),
+                }, { status: 400 });
+            }
+            return { validatedData };
+        }
+        catch (error) {
+            logger.error('Validation middleware error', {
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return NextResponse.json({
+                success: false,
+                error: 'Validation error',
+                details: { server: ['Internal validation error'] },
+                timestamp: new Date().toISOString(),
+            }, { status: 500 });
+        }
+    };
+}
+/**
+ * Validation decorator for API route handlers
+ *
+ * Supports unified input validation when config.input is provided.
+ * Extracts route params from the context argument automatically.
+ */
+export function validateRoute(config) {
+    return function (_target, _propertyKey, descriptor) {
+        const originalMethod = descriptor.value;
+        descriptor.value = async function (request, ...args) {
+            const middleware = createValidationMiddleware(config);
+            // Extract params from context (first arg after request in Next.js)
+            const context = args[0];
+            const params = extractParamsFromContext(context);
+            const result = await middleware(request, undefined, params);
+            // Check if result is an error response
+            if ('status' in result && result.status !== 200) {
+                return result;
+            }
+            // Add validated data to the request context
+            const validatedData = safeExtractValidatedData(result);
+            return originalMethod.call(this, request, validatedData, ...args);
+        };
+        return descriptor;
+    };
+}
+/**
+ * Extract route params from Next.js context
+ */
+function extractParamsFromContext(context) {
+    if (typeof context !== 'object' || context === null)
+        return undefined;
+    const ctx = context;
+    if (typeof ctx['params'] !== 'object' || ctx['params'] === null) {
+        return undefined;
+    }
+    // Next.js params can be strings or arrays - normalize to strings
+    const params = ctx['params'];
+    const normalized = {};
+    // Use Object.entries to avoid object injection sink warnings
+    for (const [key, value] of Object.entries(params)) {
+        if (typeof value === 'string') {
+            Object.defineProperty(normalized, key, {
+                value,
+                enumerable: true,
+                writable: true,
+                configurable: true,
+            });
+        }
+        else if (Array.isArray(value) && value.length > 0) {
+            // For catch-all routes, join array segments
+            Object.defineProperty(normalized, key, {
+                value: value.join('/'),
+                enumerable: true,
+                writable: true,
+                configurable: true,
+            });
+        }
+    }
+    return normalized;
+}
+/**
+ * Higher-order function to wrap API route with validation
+ *
+ * Supports unified input validation when config.input is provided.
+ * Extracts route params from Next.js context automatically.
+ */
+export function withValidation(config, handler) {
+    return async function (request, context) {
+        const middleware = createValidationMiddleware(config);
+        const params = extractParamsFromContext(context);
+        const result = await middleware(request, undefined, params);
+        // Check if result is an error response
+        if ('status' in result && result.status !== 200) {
+            return result;
+        }
+        const validatedData = safeExtractValidatedData(result);
+        return handler(request, validatedData, context);
+    };
+}
+/**
+ * Check if user agent indicates a bot
+ */
+function isBotUserAgent(userAgent) {
+    return /bot|crawler|spider/i.test(userAgent);
+}
+/**
+ * Check if user agent indicates automated tools
+ */
+function isAutomatedToolUserAgent(userAgent) {
+    return /bot|crawler|spider|curl|wget/i.test(userAgent);
+}
+/**
+ * Check if user agent indicates scripting languages
+ */
+function isScriptingUserAgent(userAgent) {
+    return /bot|crawler|spider|curl|wget|python|ruby|php/i.test(userAgent);
+}
+/**
+ * Perform security checks based on level
+ */
+function performSecurityCheck(securityLevel, userAgent, origin, hasAuthorization) {
+    switch (securityLevel) {
+        case SecurityLevel.LOW:
+            return true;
+        case SecurityLevel.MEDIUM:
+            return !isBotUserAgent(userAgent);
+        case SecurityLevel.HIGH:
+            return !isAutomatedToolUserAgent(userAgent) && origin.length > 0;
+        case SecurityLevel.CRITICAL:
+            return (!isScriptingUserAgent(userAgent) &&
+                origin.length > 0 &&
+                hasAuthorization);
+        default:
+            return false;
+    }
+}
+/**
+ * Security-focused validation middleware
+ */
+export function createSecurityMiddleware(securityLevel = SecurityLevel.MEDIUM) {
+    return function (request) {
+        var _a, _b;
+        const userAgent = (_a = request.headers.get('user-agent')) !== null && _a !== void 0 ? _a : '';
+        const origin = (_b = request.headers.get('origin')) !== null && _b !== void 0 ? _b : '';
+        const hasAuthorization = request.headers.has('authorization');
+        const passes = performSecurityCheck(securityLevel, userAgent, origin, hasAuthorization);
+        if (!passes) {
+            return NextResponse.json({
+                success: false,
+                error: 'Security check failed',
+                timestamp: new Date().toISOString(),
+            }, { status: 403 });
+        }
+        return null; // Pass security check
+    };
+}
+/**
+ * Rate limiting middleware
+ *
+ * Uses standardized gateway MemoryRateLimitStore for consistent rate limiting across the application.
+ * This maintains backward compatibility with the existing Next.js API route middleware pattern
+ * while using the standardized gateway rate limiting infrastructure.
+ */
+export function createRateLimitMiddleware(requests = 100, windowMs = 60000 // 1 minute
+) {
+    // Use the same store implementation as the gateway for consistency
+    const store = new MemoryRateLimitStore();
+    /**
+     * Extract client IP from request headers
+     */
+    function extractClientIP(request) {
+        var _a, _b;
+        return (((_b = (_a = request.headers.get('x-forwarded-for')) === null || _a === void 0 ? void 0 : _a.split(',')[0]) === null || _b === void 0 ? void 0 : _b.trim()) ||
+            request.headers.get('x-real-ip') ||
+            '127.0.0.1');
+    }
+    return function (request) {
+        const ip = extractClientIP(request);
+        const key = `rate-limit:ip:${ip}`;
+        const now = Date.now();
+        // Get current rate limit info
+        const info = store.get(key);
+        // Check if rate limit exceeded
+        if (info && info.count >= requests) {
+            const retryAfter = Math.max(0, Math.ceil((info.resetTime - now) / 1000));
+            return NextResponse.json({
+                success: false,
+                error: 'Rate limit exceeded',
+                retryAfter,
+                timestamp: new Date().toISOString(),
+            }, {
+                status: 429,
+                headers: {
+                    'X-RateLimit-Limit': requests.toString(),
+                    'X-RateLimit-Remaining': '0',
+                    'X-RateLimit-Reset': new Date(info.resetTime).toISOString(),
+                    'Retry-After': retryAfter.toString(),
+                },
+            });
+        }
+        // Increment the counter (this will create entry if it doesn't exist)
+        store.increment(key, windowMs);
+        // Return null to allow the request (rate limit passed)
+        return null;
+    };
+}
+/**
+ * Combine multiple middleware functions
+ */
+export function combineMiddleware(...middlewares) {
+    return function (request) {
+        for (const middleware of middlewares) {
+            const result = middleware(request);
+            if (result) {
+                return result; // Return error response from first failing middleware
+            }
+        }
+        return null; // All middleware passed
+    };
+}
+/**
+ * Create comprehensive API middleware
+ *
+ * Supports unified input validation when options.validation.input is provided.
+ * Accepts optional context for extracting route params.
+ */
+export function createApiMiddleware(options) {
+    const middlewares = [];
+    // Add security middleware
+    if (options.security) {
+        middlewares.push(createSecurityMiddleware(options.security));
+    }
+    // Add rate limiting
+    if (options.rateLimit) {
+        middlewares.push(createRateLimitMiddleware(options.rateLimit.requests, options.rateLimit.windowMs));
+    }
+    const combinedMiddleware = combineMiddleware(...middlewares);
+    return async function (request, handler, context) {
+        // Run security and rate limiting checks
+        const middlewareResult = combinedMiddleware(request);
+        if (middlewareResult) {
+            return middlewareResult;
+        }
+        // Run validation if configured
+        if (options.validation) {
+            const validationMiddleware = createValidationMiddleware(options.validation);
+            const params = extractParamsFromContext(context);
+            const validationResult = await validationMiddleware(request, undefined, params);
+            if ('status' in validationResult && validationResult.status !== 200) {
+                return validationResult;
+            }
+            const validatedData = safeExtractValidatedData(validationResult);
+            return handler(request, validatedData);
+        }
+        return handler(request);
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../middleware.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAGL,aAAa,GAEd,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oDAAoD,CAAC;AAC1F,OAAO,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAEpD;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,OAAoB;IACpD,OAAO,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,MAAe;IAEf,OAAO,OAAO,MAAM,KAAK,QAAQ;QAC/B,MAAM,KAAK,IAAI;QACf,eAAe,IAAI,MAAM;QACzB,CAAC,CAAG,MAAkC,CAAC,eAAe,CAGlD;QACJ,CAAC,CAAC,EAAE,CAAC;AACT,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAChC,MAAkC,EAClC,OAAoB,EACpB,MAAyB,EACzB,aAAsC;IAEtC,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK;QAAE,OAAO;IAEhD,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEpD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,MAAM,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC;IAC1C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,oBAAoB,CACjC,MAAmC,EACnC,OAAoB,EACpB,MAAyB,EACzB,aAAsC;IAEtC,IAAI,CAAC,MAAM;QAAE,OAAO;IAEpB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC;IACnE,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAE5D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,OAAO,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC;IAC5C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAqC,EACrC,OAAoB,EACpB,MAAyB,EACzB,aAAsC;IAEtC,IAAI,CAAC,MAAM;QAAE,OAAO;IAEpB,uEAAuE;IACvE,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACrC,sEAAsE;QACtE,4DAA4D;QAC5D,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,GAAG,EAAE;YAClC,KAAK;YACL,UAAU,EAAE,IAAI;YAChB,QAAQ,EAAE,IAAI;YACd,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACH,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE1D,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,SAAS,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC;IAChD,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,oBAAoB,CACjC,MAAmC,EACnC,OAAoB,EACpB,MAA8B,EAC9B,MAAyB,EACzB,aAAsC;IAEtC,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAE1B,+BAA+B;IAC/B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC;IAEnE,oCAAoC;IACpC,MAAM,IAAI,GACR,OAAO,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEpE,qDAAqD;IACrD,6DAA6D;IAC7D,MAAM,WAAW,iDACZ,WAAW,GACX,MAAM,GACN,CAAC,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAC3D,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAE5D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,oDAAoD;QACpD,aAAa,CAAC,OAAO,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC;QAC1C,6DAA6D;QAC7D,aAAa,CAAC,MAAM,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC;QACzC,aAAa,CAAC,OAAO,CAAC,GAAG,WAAW,CAAC;IACvC,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,6CAA6C;AAC5D,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,0BAA0B,CAAC,MAA0B;IACnE,OAAO,KAAK,UAAU,oBAAoB,CACxC,OAAoB,EACpB,QAAmC,EACnC,MAA+B;QAE/B,MAAM,MAAM,GAAsB,EAAE,CAAC;QACrC,MAAM,aAAa,GAA4B,EAAE,CAAC;QAClD,MAAM,WAAW,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,EAAE,CAAC;QAEjC,IAAI,CAAC;YACH,4DAA4D;YAC5D,MAAM,qBAAqB,GAAG,MAAM,oBAAoB,CACtD,MAAM,CAAC,KAAK,EACZ,OAAO,EACP,WAAW,EACX,MAAM,EACN,aAAa,CACd,CAAC;YAEF,oEAAoE;YACpE,2CAA2C;YAC3C,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,MAAM,sBAAsB,CAC1B,MAAM,CAAC,OAAO,EACd,OAAO,EACP,MAAM,EACN,aAAa,CACd,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,iEAAiE;gBACjE,MAAM,mBAAmB,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;gBACvE,MAAM,oBAAoB,CACxB,MAAM,CAAC,KAAK,EACZ,OAAO,EACP,MAAM,EACN,aAAa,CACd,CAAC;gBACF,MAAM,sBAAsB,CAC1B,MAAM,CAAC,OAAO,EACd,OAAO,EACP,MAAM,EACN,aAAa,CACd,CAAC;YACJ,CAAC;YAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,OAAO,YAAY,CAAC,IAAI,CACtB;oBACE,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,mBAAmB;oBAC1B,OAAO,EAAE,sBAAsB,CAAC,MAAM,CAAC;oBACvC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,OAAO,EAAE,aAAa,EAAE,CAAC;QAC3B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;gBAC1C,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,kBAAkB;gBACzB,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,2BAA2B,CAAC,EAAE;gBAClD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,MAA0B;IACtD,OAAO,UACL,OAAgB,EAChB,YAAoB,EACpB,UAA8B;QAE9B,MAAM,cAAc,GAAG,UAAU,CAAC,KAAK,CAAC;QAExC,UAAU,CAAC,KAAK,GAAG,KAAK,WACtB,OAAoB,EACpB,GAAG,IAAe;YAElB,MAAM,UAAU,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;YACtD,mEAAmE;YACnE,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,MAAM,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;YACjD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;YAE5D,uCAAuC;YACvC,IAAI,QAAQ,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAChD,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,4CAA4C;YAC5C,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;YAEvD,OAAO,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,CAAC;QACpE,CAAC,CAAC;QAEF,OAAO,UAAU,CAAC;IACpB,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAC/B,OAAgB;IAEhB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,SAAS,CAAC;IACtE,MAAM,GAAG,GAAG,OAAkC,CAAC;IAC/C,IAAI,OAAO,GAAG,CAAC,QAAQ,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;QAChE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,iEAAiE;IACjE,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAsC,CAAC;IAClE,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,6DAA6D;IAC7D,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,GAAG,EAAE;gBACrC,KAAK;gBACL,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,IAAI;gBACd,YAAY,EAAE,IAAI;aACnB,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpD,4CAA4C;YAC5C,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,GAAG,EAAE;gBACrC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtB,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,IAAI;gBACd,YAAY,EAAE,IAAI;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAC5B,MAA0B,EAC1B,OAI0B;IAE1B,OAAO,KAAK,WAAW,OAAoB,EAAE,OAAiB;QAC5D,MAAM,UAAU,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QAE5D,uCAAuC;QACvC,IAAI,QAAQ,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAChD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAEvD,OAAO,OAAO,CAAC,OAAO,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,SAAiB;IACvC,OAAO,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,SAAiB;IACjD,OAAO,+BAA+B,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,SAAiB;IAC7C,OAAO,+CAA+C,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAC3B,aAA4B,EAC5B,SAAiB,EACjB,MAAc,EACd,gBAAyB;IAEzB,QAAQ,aAAa,EAAE,CAAC;QACtB,KAAK,aAAa,CAAC,GAAG;YACpB,OAAO,IAAI,CAAC;QACd,KAAK,aAAa,CAAC,MAAM;YACvB,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACpC,KAAK,aAAa,CAAC,IAAI;YACrB,OAAO,CAAC,wBAAwB,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;QACnE,KAAK,aAAa,CAAC,QAAQ;YACzB,OAAO,CACL,CAAC,oBAAoB,CAAC,SAAS,CAAC;gBAChC,MAAM,CAAC,MAAM,GAAG,CAAC;gBACjB,gBAAgB,CACjB,CAAC;QACJ;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CACtC,gBAA+B,aAAa,CAAC,MAAM;IAEnD,OAAO,UAAU,OAAoB;;QACnC,MAAM,SAAS,GAAG,MAAA,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,mCAAI,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,MAAA,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,EAAE,CAAC;QACnD,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAE9D,MAAM,MAAM,GAAG,oBAAoB,CACjC,aAAa,EACb,SAAS,EACT,MAAM,EACN,gBAAgB,CACjB,CAAC;QAEF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,uBAAuB;gBAC9B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,CAAC,sBAAsB;IACrC,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,yBAAyB,CACvC,WAAmB,GAAG,EACtB,WAAmB,KAAK,CAAC,WAAW;;IAEpC,mEAAmE;IACnE,MAAM,KAAK,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAEzC;;OAEG;IACH,SAAS,eAAe,CAAC,OAAoB;;QAC3C,OAAO,CACL,CAAA,MAAA,MAAA,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,0CAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,0CAAE,IAAI,EAAE;YAC7D,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;YAChC,WAAW,CACZ,CAAC;IACJ,CAAC;IAED,OAAO,UAAU,OAAoB;QACnC,MAAM,EAAE,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,GAAG,GAAG,iBAAiB,EAAE,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,8BAA8B;QAC9B,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5B,+BAA+B;QAC/B,IAAI,IAAI,IAAI,IAAI,CAAC,KAAK,IAAI,QAAQ,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;YACzE,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,qBAAqB;gBAC5B,UAAU;gBACV,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,EACD;gBACE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE;oBACP,mBAAmB,EAAE,QAAQ,CAAC,QAAQ,EAAE;oBACxC,uBAAuB,EAAE,GAAG;oBAC5B,mBAAmB,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;oBAC3D,aAAa,EAAE,UAAU,CAAC,QAAQ,EAAE;iBACrC;aACF,CACF,CAAC;QACJ,CAAC;QAED,qEAAqE;QACrE,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAE/B,uDAAuD;QACvD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,GAAG,WAAiE;IAEpE,OAAO,UAAU,OAAoB;QACnC,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;YACnC,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,MAAM,CAAC,CAAC,sDAAsD;YACvE,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,CAAC,wBAAwB;IACvC,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAInC;IACC,MAAM,WAAW,GAAyD,EAAE,CAAC;IAE7E,0BAA0B;IAC1B,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,WAAW,CAAC,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,oBAAoB;IACpB,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,WAAW,CAAC,IAAI,CACd,yBAAyB,CACvB,OAAO,CAAC,SAAS,CAAC,QAAQ,EAC1B,OAAO,CAAC,SAAS,CAAC,QAAQ,CAC3B,CACF,CAAC;IACJ,CAAC;IAED,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,GAAG,WAAW,CAAC,CAAC;IAE7D,OAAO,KAAK,WACV,OAAoB,EACpB,OAG0B,EAC1B,OAAiB;QAEjB,wCAAwC;QACxC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACrD,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO,gBAAgB,CAAC;QAC1B,CAAC;QAED,+BAA+B;QAC/B,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,MAAM,oBAAoB,GAAG,0BAA0B,CACrD,OAAO,CAAC,UAAU,CACnB,CAAC;YACF,MAAM,MAAM,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;YACjD,MAAM,gBAAgB,GAAG,MAAM,oBAAoB,CACjD,OAAO,EACP,SAAS,EACT,MAAM,CACP,CAAC;YAEF,IAAI,QAAQ,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACpE,OAAO,gBAAgB,CAAC;YAC1B,CAAC;YAED,MAAM,aAAa,GAAG,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;YACjE,OAAO,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACzC,CAAC;QAED,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1B,CAAC,CAAC;AACJ,CAAC"}

package/dist/sanitization.d.ts

@@ -0,0 +1,41 @@
+/**
+ * String Sanitization Utilities
+ *
+ * Centralized XSS/SQL injection protection and string sanitization.
+ * This is the single source of truth for sanitization patterns.
+ */
+import type { SanitizationOptions } from './types';
+/**
+ * XSS detection patterns
+ */
+export declare const XSS_PATTERNS: {
+    readonly scriptTags: RegExp;
+    readonly iframeTags: RegExp;
+    readonly javascriptProtocol: RegExp;
+    readonly vbscriptProtocol: RegExp;
+    readonly eventHandlers: RegExp;
+};
+/**
+ * SQL injection patterns
+ */
+export declare const SQL_PATTERNS: {
+    readonly specialChars: RegExp;
+    readonly keywords: RegExp;
+};
+/**
+ * HTML entity mapping for encoding
+ */
+export declare const HTML_ENTITIES: Record<string, string>;
+/**
+ * Check if a string contains XSS patterns (for validation without modification)
+ */
+export declare function containsXssPatterns(value: string): boolean;
+/**
+ * Sanitize string input by removing/encoding dangerous patterns
+ */
+export declare function sanitizeString(input: string, options?: SanitizationOptions): string;
+/**
+ * Recursively sanitize string fields in an object
+ */
+export declare function sanitizeObjectStrings(obj: unknown): unknown;
+//# sourceMappingURL=sanitization.d.ts.map

package/dist/sanitization.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitization.d.ts","sourceRoot":"","sources":["../sanitization.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAEnD;;GAEG;AACH,eAAO,MAAM,YAAY;;;;;;CAMf,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,YAAY;;;CAGf,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAMhD,CAAC;AAEF;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAK1D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,mBAAwB,GAChC,MAAM,CA0CR;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CA8B3D"}

package/dist/sanitization.js

@@ -0,0 +1,111 @@
+/**
+ * String Sanitization Utilities
+ *
+ * Centralized XSS/SQL injection protection and string sanitization.
+ * This is the single source of truth for sanitization patterns.
+ */
+/**
+ * XSS detection patterns
+ */
+export const XSS_PATTERNS = {
+    scriptTags: /<script[^>]*>.*?<\/script>/gi,
+    iframeTags: /<iframe[^>]*>.*?<\/iframe>/gi,
+    javascriptProtocol: /javascript:/gi,
+    vbscriptProtocol: /vbscript:/gi,
+    eventHandlers: /on\w+=/gi,
+};
+/**
+ * SQL injection patterns
+ */
+export const SQL_PATTERNS = {
+    specialChars: /['";\\]/g,
+    keywords: /\b(union|select|insert|update|delete|drop|exec|execute)\b/gi,
+};
+/**
+ * HTML entity mapping for encoding
+ */
+export const HTML_ENTITIES = {
+    '&': '&amp;',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#x27;',
+};
+/**
+ * Check if a string contains XSS patterns (for validation without modification)
+ */
+export function containsXssPatterns(value) {
+    const hasScriptTag = /<script/i.test(value);
+    const hasEventHandler = /on\w+=/i.test(value);
+    const hasJavascriptProtocol = /javascript:/i.test(value);
+    return hasScriptTag || hasEventHandler || hasJavascriptProtocol;
+}
+/**
+ * Sanitize string input by removing/encoding dangerous patterns
+ */
+export function sanitizeString(input, options = {}) {
+    let sanitized = input;
+    // Trim whitespace
+    if (options.trim !== false) {
+        sanitized = sanitized.trim();
+    }
+    // XSS protection
+    if (options.xss !== false) {
+        sanitized = sanitized
+            .replace(XSS_PATTERNS.scriptTags, '')
+            .replace(XSS_PATTERNS.iframeTags, '')
+            .replace(XSS_PATTERNS.javascriptProtocol, '')
+            .replace(XSS_PATTERNS.vbscriptProtocol, '')
+            .replace(XSS_PATTERNS.eventHandlers, '');
+    }
+    // SQL injection protection
+    if (options.sql !== false) {
+        sanitized = sanitized
+            .replace(SQL_PATTERNS.specialChars, '')
+            .replace(SQL_PATTERNS.keywords, '');
+    }
+    // HTML encoding
+    if (options.html) {
+        sanitized = sanitized.replace(/[&<>"']/g, 
+        // eslint-disable-next-line security/detect-object-injection -- char is from known regex match set
+        (char) => { var _a; return (_a = HTML_ENTITIES[char]) !== null && _a !== void 0 ? _a : char; });
+    }
+    // Case transformations
+    if (options.lowercase) {
+        sanitized = sanitized.toLowerCase();
+    }
+    else if (options.uppercase) {
+        sanitized = sanitized.toUpperCase();
+    }
+    return sanitized;
+}
+/**
+ * Recursively sanitize string fields in an object
+ */
+export function sanitizeObjectStrings(obj) {
+    if (typeof obj === 'string') {
+        return sanitizeString(obj, { xss: true, sql: true, trim: true });
+    }
+    if (Array.isArray(obj)) {
+        return obj.map(sanitizeObjectStrings);
+    }
+    if (typeof obj === 'object' && obj !== null) {
+        const sanitized = {};
+        for (const [key, value] of Object.entries(obj)) {
+            // Type-safe property assignment for security
+            if (typeof key === 'string' &&
+                Object.prototype.hasOwnProperty.call(obj, key)) {
+                // Use Object.defineProperty to safely assign dynamic keys
+                Object.defineProperty(sanitized, key, {
+                    value: sanitizeObjectStrings(value),
+                    writable: true,
+                    enumerable: true,
+                    configurable: true,
+                });
+            }
+        }
+        return sanitized;
+    }
+    return obj;
+}
+//# sourceMappingURL=sanitization.js.map

package/dist/sanitization.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitization.js","sourceRoot":"","sources":["../sanitization.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,UAAU,EAAE,8BAA8B;IAC1C,UAAU,EAAE,8BAA8B;IAC1C,kBAAkB,EAAE,eAAe;IACnC,gBAAgB,EAAE,aAAa;IAC/B,aAAa,EAAE,UAAU;CACjB,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,YAAY,EAAE,UAAU;IACxB,QAAQ,EAAE,6DAA6D;CAC/D,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAA2B;IACnD,GAAG,EAAE,OAAO;IACZ,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,QAAQ;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5C,MAAM,eAAe,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,qBAAqB,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACzD,OAAO,YAAY,IAAI,eAAe,IAAI,qBAAqB,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,KAAa,EACb,UAA+B,EAAE;IAEjC,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,kBAAkB;IAClB,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;QAC3B,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IAC/B,CAAC;IAED,iBAAiB;IACjB,IAAI,OAAO,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;QAC1B,SAAS,GAAG,SAAS;aAClB,OAAO,CAAC,YAAY,CAAC,UAAU,EAAE,EAAE,CAAC;aACpC,OAAO,CAAC,YAAY,CAAC,UAAU,EAAE,EAAE,CAAC;aACpC,OAAO,CAAC,YAAY,CAAC,kBAAkB,EAAE,EAAE,CAAC;aAC5C,OAAO,CAAC,YAAY,CAAC,gBAAgB,EAAE,EAAE,CAAC;aAC1C,OAAO,CAAC,YAAY,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,2BAA2B;IAC3B,IAAI,OAAO,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;QAC1B,SAAS,GAAG,SAAS;aAClB,OAAO,CAAC,YAAY,CAAC,YAAY,EAAE,EAAE,CAAC;aACtC,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,gBAAgB;IAChB,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,SAAS,GAAG,SAAS,CAAC,OAAO,CAC3B,UAAU;QACV,kGAAkG;QAClG,CAAC,IAAI,EAAE,EAAE,WAAC,OAAA,MAAA,aAAa,CAAC,IAAI,CAAC,mCAAI,IAAI,CAAA,EAAA,CACtC,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,SAAS,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IACtC,CAAC;SAAM,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QAC7B,SAAS,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IACtC,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,GAAY;IAChD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,cAAc,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,GAAG,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,SAAS,GAA4B,EAAE,CAAC;QAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,6CAA6C;YAC7C,IACE,OAAO,GAAG,KAAK,QAAQ;gBACvB,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,EAC9C,CAAC;gBACD,0DAA0D;gBAC1D,MAAM,CAAC,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE;oBACpC,KAAK,EAAE,qBAAqB,CAAC,KAAK,CAAC;oBACnC,QAAQ,EAAE,IAAI;oBACd,UAAU,EAAE,IAAI;oBAChB,YAAY,EAAE,IAAI;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}