@sd-angular/core 19.0.0-beta.79 → 19.0.0-beta.80
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/fesm2022/sd-angular-core-components-table.mjs +2 -2
- package/fesm2022/sd-angular-core-components-table.mjs.map +1 -1
- package/fesm2022/sd-angular-core-modules-authom.mjs +359 -0
- package/fesm2022/sd-angular-core-modules-authom.mjs.map +1 -0
- package/fesm2022/sd-angular-core-modules-layout.mjs +266 -13
- package/fesm2022/sd-angular-core-modules-layout.mjs.map +1 -1
- package/fesm2022/sd-angular-core-modules.mjs +1 -0
- package/fesm2022/sd-angular-core-modules.mjs.map +1 -1
- package/modules/authom/authom.configuration.d.ts +17 -0
- package/modules/authom/authom.interceptor.d.ts +3 -0
- package/modules/authom/authom.module.d.ts +16 -0
- package/modules/authom/authom.service.d.ts +32 -0
- package/modules/authom/index.d.ts +35 -0
- package/modules/index.d.ts +1 -0
- package/modules/layout/components/index.d.ts +2 -0
- package/modules/layout/components/layout-main/layout-main.component.d.ts +1 -0
- package/modules/layout/components/sidebar-mobile-v1/components/sidebar/sidebar.component.d.ts +35 -0
- package/modules/layout/components/sidebar-mobile-v1/components/user/user.component.d.ts +24 -0
- package/modules/layout/components/sidebar-mobile-v1/main.component.d.ts +21 -0
- package/modules/layout/services/menu/menu.model.d.ts +1 -1
- package/package.json +47 -43
- package/sd-angular-core-19.0.0-beta.80.tgz +0 -0
- package/sd-angular-core-19.0.0-beta.79.tgz +0 -0
|
@@ -0,0 +1,359 @@
|
|
|
1
|
+
import * as i0 from '@angular/core';
|
|
2
|
+
import { InjectionToken, inject, PLATFORM_ID, signal, computed, Injectable, provideAppInitializer, makeEnvironmentProviders, APP_INITIALIZER, NgModule } from '@angular/core';
|
|
3
|
+
import { isPlatformBrowser } from '@angular/common';
|
|
4
|
+
import { StringUtilities } from '@sd-angular/core/utilities/extensions';
|
|
5
|
+
|
|
6
|
+
const SD_AUTHOM_CONFIGURATION = new InjectionToken('sd-authom.configuration');
|
|
7
|
+
|
|
8
|
+
const STORAGE_KEY_STATE = 'authom_state';
|
|
9
|
+
const STORAGE_KEY_CODE_VERIFIER = 'authom_code_verifier';
|
|
10
|
+
const STORAGE_KEY_RETURN_TO = 'authom_return_to';
|
|
11
|
+
const DEFAULT_SCOPE = 'openid profile email';
|
|
12
|
+
const DEFAULT_REFRESH_THRESHOLD_SECONDS = 30;
|
|
13
|
+
const DEFAULT_AUTHORIZE_TIMEOUT_SECONDS = 5;
|
|
14
|
+
class SdAuthOmService {
|
|
15
|
+
platformId = inject(PLATFORM_ID);
|
|
16
|
+
isBrowser = isPlatformBrowser(this.platformId);
|
|
17
|
+
accessToken = signal(null);
|
|
18
|
+
idTokenClaims = signal(null);
|
|
19
|
+
isAuthenticated = computed(() => this.accessToken() !== null);
|
|
20
|
+
config;
|
|
21
|
+
refreshTimer = null;
|
|
22
|
+
getAccessToken() {
|
|
23
|
+
return this.accessToken();
|
|
24
|
+
}
|
|
25
|
+
base64UrlEncode(bytes) {
|
|
26
|
+
let binary = '';
|
|
27
|
+
for (let i = 0; i < bytes.length; i++)
|
|
28
|
+
binary += String.fromCharCode(bytes[i]);
|
|
29
|
+
return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
|
|
30
|
+
}
|
|
31
|
+
generateCodeVerifier() {
|
|
32
|
+
const bytes = new Uint8Array(32);
|
|
33
|
+
crypto.getRandomValues(bytes);
|
|
34
|
+
return this.base64UrlEncode(bytes);
|
|
35
|
+
}
|
|
36
|
+
async generateCodeChallenge(verifier) {
|
|
37
|
+
return StringUtilities.sha256(verifier);
|
|
38
|
+
}
|
|
39
|
+
buildAuthorizeUrl(params) {
|
|
40
|
+
const search = new URLSearchParams({
|
|
41
|
+
response_type: 'code',
|
|
42
|
+
client_id: this.config.clientId,
|
|
43
|
+
redirect_uri: params.redirectUri,
|
|
44
|
+
state: params.state,
|
|
45
|
+
code_challenge: params.codeChallenge,
|
|
46
|
+
code_challenge_method: 'S256',
|
|
47
|
+
scope: this.config.scope || DEFAULT_SCOPE,
|
|
48
|
+
});
|
|
49
|
+
if (this.config.audience)
|
|
50
|
+
search.set('audience', this.config.audience);
|
|
51
|
+
if (this.config.organization)
|
|
52
|
+
search.set('organization', this.config.organization);
|
|
53
|
+
if (params.prompt)
|
|
54
|
+
search.set('prompt', params.prompt);
|
|
55
|
+
return `https://${this.config.domain}/authorize?${search.toString()}`;
|
|
56
|
+
}
|
|
57
|
+
getDefaultRedirectUri() {
|
|
58
|
+
return this.config.redirectUri || window.location.origin;
|
|
59
|
+
}
|
|
60
|
+
getSilentRedirectUri() {
|
|
61
|
+
return this.config.silentRefreshRedirectUri || `${window.location.origin}/silent-authom.html`;
|
|
62
|
+
}
|
|
63
|
+
decodeJwtPayload(token) {
|
|
64
|
+
try {
|
|
65
|
+
const parts = token.split('.');
|
|
66
|
+
if (parts.length !== 3)
|
|
67
|
+
return null;
|
|
68
|
+
const padded = parts[1].replace(/-/g, '+').replace(/_/g, '/');
|
|
69
|
+
const json = atob(padded + '==='.slice((padded.length + 3) % 4));
|
|
70
|
+
return JSON.parse(json);
|
|
71
|
+
}
|
|
72
|
+
catch {
|
|
73
|
+
return null;
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
async login(options) {
|
|
77
|
+
if (!this.isBrowser)
|
|
78
|
+
return;
|
|
79
|
+
const state = crypto.randomUUID();
|
|
80
|
+
const codeVerifier = this.generateCodeVerifier();
|
|
81
|
+
const codeChallenge = await this.generateCodeChallenge(codeVerifier);
|
|
82
|
+
const returnTo = options?.returnTo || (window.location.pathname + window.location.search);
|
|
83
|
+
sessionStorage.setItem(STORAGE_KEY_STATE, state);
|
|
84
|
+
sessionStorage.setItem(STORAGE_KEY_CODE_VERIFIER, codeVerifier);
|
|
85
|
+
sessionStorage.setItem(STORAGE_KEY_RETURN_TO, returnTo);
|
|
86
|
+
window.location.href = this.buildAuthorizeUrl({
|
|
87
|
+
state,
|
|
88
|
+
codeChallenge,
|
|
89
|
+
redirectUri: this.getDefaultRedirectUri(),
|
|
90
|
+
});
|
|
91
|
+
}
|
|
92
|
+
logout(options) {
|
|
93
|
+
if (!this.isBrowser)
|
|
94
|
+
return;
|
|
95
|
+
this.accessToken.set(null);
|
|
96
|
+
this.idTokenClaims.set(null);
|
|
97
|
+
if (this.refreshTimer) {
|
|
98
|
+
clearTimeout(this.refreshTimer);
|
|
99
|
+
this.refreshTimer = null;
|
|
100
|
+
}
|
|
101
|
+
const returnTo = options?.returnTo || window.location.origin;
|
|
102
|
+
const search = new URLSearchParams({
|
|
103
|
+
client_id: this.config.clientId,
|
|
104
|
+
returnTo,
|
|
105
|
+
});
|
|
106
|
+
window.location.href = `https://${this.config.domain}/v2/logout?${search.toString()}`;
|
|
107
|
+
}
|
|
108
|
+
async exchangeCode(code, codeVerifier, redirectUri) {
|
|
109
|
+
try {
|
|
110
|
+
const body = new URLSearchParams({
|
|
111
|
+
grant_type: 'authorization_code',
|
|
112
|
+
code,
|
|
113
|
+
code_verifier: codeVerifier,
|
|
114
|
+
redirect_uri: redirectUri,
|
|
115
|
+
client_id: this.config.clientId,
|
|
116
|
+
});
|
|
117
|
+
const res = await fetch(`https://${this.config.domain}/oauth/token`, {
|
|
118
|
+
method: 'POST',
|
|
119
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
120
|
+
body: body.toString(),
|
|
121
|
+
});
|
|
122
|
+
if (!res.ok)
|
|
123
|
+
return false;
|
|
124
|
+
const data = await res.json();
|
|
125
|
+
if (!data.access_token)
|
|
126
|
+
return false;
|
|
127
|
+
this.accessToken.set(data.access_token);
|
|
128
|
+
if (data.id_token) {
|
|
129
|
+
this.idTokenClaims.set(this.decodeJwtPayload(data.id_token));
|
|
130
|
+
}
|
|
131
|
+
this.scheduleRefresh(data.access_token);
|
|
132
|
+
return true;
|
|
133
|
+
}
|
|
134
|
+
catch {
|
|
135
|
+
return false;
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
scheduleRefresh(token) {
|
|
139
|
+
if (this.refreshTimer) {
|
|
140
|
+
clearTimeout(this.refreshTimer);
|
|
141
|
+
this.refreshTimer = null;
|
|
142
|
+
}
|
|
143
|
+
const claims = this.decodeJwtPayload(token);
|
|
144
|
+
const exp = claims?.['exp'];
|
|
145
|
+
if (typeof exp !== 'number') {
|
|
146
|
+
console.warn('[SdAuthOmService] Token không có exp — bỏ qua auto-refresh');
|
|
147
|
+
return;
|
|
148
|
+
}
|
|
149
|
+
const threshold = this.config.refreshThresholdSeconds ?? DEFAULT_REFRESH_THRESHOLD_SECONDS;
|
|
150
|
+
const nowSeconds = Math.floor(Date.now() / 1000);
|
|
151
|
+
const delayMs = Math.max(0, (exp - nowSeconds - threshold) * 1000);
|
|
152
|
+
this.refreshTimer = setTimeout(() => {
|
|
153
|
+
this.silentRefresh();
|
|
154
|
+
}, delayMs);
|
|
155
|
+
}
|
|
156
|
+
silentRefresh() {
|
|
157
|
+
if (!this.isBrowser)
|
|
158
|
+
return Promise.resolve(false);
|
|
159
|
+
return new Promise(async (resolve) => {
|
|
160
|
+
const state = crypto.randomUUID();
|
|
161
|
+
const codeVerifier = this.generateCodeVerifier();
|
|
162
|
+
const codeChallenge = await this.generateCodeChallenge(codeVerifier);
|
|
163
|
+
const redirectUri = this.getSilentRedirectUri();
|
|
164
|
+
const timeoutMs = (this.config.authorizeTimeoutInSeconds ?? DEFAULT_AUTHORIZE_TIMEOUT_SECONDS) * 1000;
|
|
165
|
+
const iframe = document.createElement('iframe');
|
|
166
|
+
iframe.style.display = 'none';
|
|
167
|
+
let done = false;
|
|
168
|
+
const finish = (success) => {
|
|
169
|
+
if (done)
|
|
170
|
+
return;
|
|
171
|
+
done = true;
|
|
172
|
+
clearTimeout(timer);
|
|
173
|
+
iframe.remove();
|
|
174
|
+
window.removeEventListener('message', onMessage);
|
|
175
|
+
resolve(success);
|
|
176
|
+
};
|
|
177
|
+
const timer = setTimeout(() => finish(false), timeoutMs);
|
|
178
|
+
const onMessage = async (event) => {
|
|
179
|
+
if (event.origin !== window.location.origin)
|
|
180
|
+
return;
|
|
181
|
+
const data = event.data;
|
|
182
|
+
if (!data || typeof data !== 'object')
|
|
183
|
+
return;
|
|
184
|
+
if (data.type === 'AUTHOM_SILENT_SUCCESS' && data.code && data.state === state) {
|
|
185
|
+
const ok = await this.exchangeCode(data.code, codeVerifier, redirectUri);
|
|
186
|
+
if (!ok) {
|
|
187
|
+
this.accessToken.set(null);
|
|
188
|
+
this.idTokenClaims.set(null);
|
|
189
|
+
}
|
|
190
|
+
finish(ok);
|
|
191
|
+
}
|
|
192
|
+
else if (data.type === 'AUTHOM_SILENT_ERROR') {
|
|
193
|
+
this.accessToken.set(null);
|
|
194
|
+
this.idTokenClaims.set(null);
|
|
195
|
+
finish(false);
|
|
196
|
+
}
|
|
197
|
+
};
|
|
198
|
+
window.addEventListener('message', onMessage);
|
|
199
|
+
iframe.src = this.buildAuthorizeUrl({
|
|
200
|
+
state,
|
|
201
|
+
codeChallenge,
|
|
202
|
+
redirectUri,
|
|
203
|
+
prompt: 'none',
|
|
204
|
+
});
|
|
205
|
+
document.body.appendChild(iframe);
|
|
206
|
+
});
|
|
207
|
+
}
|
|
208
|
+
async handleCallback() {
|
|
209
|
+
if (!this.isBrowser)
|
|
210
|
+
return false;
|
|
211
|
+
const params = new URLSearchParams(window.location.search);
|
|
212
|
+
const code = params.get('code');
|
|
213
|
+
const state = params.get('state');
|
|
214
|
+
if (!code)
|
|
215
|
+
return false;
|
|
216
|
+
const savedState = sessionStorage.getItem(STORAGE_KEY_STATE);
|
|
217
|
+
const codeVerifier = sessionStorage.getItem(STORAGE_KEY_CODE_VERIFIER);
|
|
218
|
+
const returnTo = sessionStorage.getItem(STORAGE_KEY_RETURN_TO);
|
|
219
|
+
sessionStorage.removeItem(STORAGE_KEY_STATE);
|
|
220
|
+
sessionStorage.removeItem(STORAGE_KEY_CODE_VERIFIER);
|
|
221
|
+
if (state !== savedState || !codeVerifier) {
|
|
222
|
+
window.history.replaceState({}, '', window.location.pathname);
|
|
223
|
+
sessionStorage.removeItem(STORAGE_KEY_RETURN_TO);
|
|
224
|
+
return false;
|
|
225
|
+
}
|
|
226
|
+
const redirectUri = this.getDefaultRedirectUri();
|
|
227
|
+
const ok = await this.exchangeCode(code, codeVerifier, redirectUri);
|
|
228
|
+
if (returnTo) {
|
|
229
|
+
sessionStorage.removeItem(STORAGE_KEY_RETURN_TO);
|
|
230
|
+
window.history.replaceState({}, '', returnTo);
|
|
231
|
+
}
|
|
232
|
+
else {
|
|
233
|
+
window.history.replaceState({}, '', window.location.pathname);
|
|
234
|
+
}
|
|
235
|
+
return ok;
|
|
236
|
+
}
|
|
237
|
+
async init(config) {
|
|
238
|
+
this.config = config;
|
|
239
|
+
if (!this.isBrowser)
|
|
240
|
+
return false;
|
|
241
|
+
const hasCode = new URLSearchParams(window.location.search).has('code');
|
|
242
|
+
if (hasCode) {
|
|
243
|
+
const ok = await this.handleCallback();
|
|
244
|
+
if (ok)
|
|
245
|
+
return true;
|
|
246
|
+
}
|
|
247
|
+
return this.silentRefresh();
|
|
248
|
+
}
|
|
249
|
+
static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: SdAuthOmService, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
|
|
250
|
+
static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: SdAuthOmService, providedIn: 'root' });
|
|
251
|
+
}
|
|
252
|
+
i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: SdAuthOmService, decorators: [{
|
|
253
|
+
type: Injectable,
|
|
254
|
+
args: [{ providedIn: 'root' }]
|
|
255
|
+
}] });
|
|
256
|
+
|
|
257
|
+
const escapeRegExp = (str) => str.replace(/[.+?^${}()|[\]\\]/g, '\\$&');
|
|
258
|
+
const matchGlob = (pattern, url) => {
|
|
259
|
+
const regexBody = pattern.split('*').map(escapeRegExp).join('.*');
|
|
260
|
+
return new RegExp(`^${regexBody}$`).test(url);
|
|
261
|
+
};
|
|
262
|
+
const SdAuthOmInterceptor = (req, next) => {
|
|
263
|
+
const authom = inject(SdAuthOmService);
|
|
264
|
+
const token = authom.getAccessToken();
|
|
265
|
+
const config = authom.config;
|
|
266
|
+
if (!token || !config)
|
|
267
|
+
return next(req);
|
|
268
|
+
const isSecure = config.secureRoutes?.some(pattern => matchGlob(pattern, req.url));
|
|
269
|
+
if (!isSecure)
|
|
270
|
+
return next(req);
|
|
271
|
+
const authReq = req.clone({
|
|
272
|
+
headers: req.headers.set('Authorization', `Bearer ${token}`),
|
|
273
|
+
});
|
|
274
|
+
return next(authReq);
|
|
275
|
+
};
|
|
276
|
+
|
|
277
|
+
function provideSdAuthOm(options) {
|
|
278
|
+
const providers = [SdAuthOmService];
|
|
279
|
+
if (options.useFactory) {
|
|
280
|
+
providers.push({ provide: SD_AUTHOM_CONFIGURATION, useFactory: options.useFactory, deps: options.deps || [] });
|
|
281
|
+
}
|
|
282
|
+
else if (options.useClass) {
|
|
283
|
+
providers.push({ provide: SD_AUTHOM_CONFIGURATION, useClass: options.useClass });
|
|
284
|
+
}
|
|
285
|
+
providers.push(provideAppInitializer(() => {
|
|
286
|
+
const configLoader = inject(SD_AUTHOM_CONFIGURATION);
|
|
287
|
+
const authom = inject(SdAuthOmService);
|
|
288
|
+
return configLoader.loadTenantConfig().then((config) => authom.init(config));
|
|
289
|
+
}));
|
|
290
|
+
return makeEnvironmentProviders(providers);
|
|
291
|
+
}
|
|
292
|
+
class SdAuthOmModule {
|
|
293
|
+
static forRoot(options) {
|
|
294
|
+
return {
|
|
295
|
+
ngModule: SdAuthOmModule,
|
|
296
|
+
providers: [
|
|
297
|
+
SdAuthOmService,
|
|
298
|
+
...(options.useFactory
|
|
299
|
+
? [{ provide: SD_AUTHOM_CONFIGURATION, useFactory: options.useFactory, deps: options.deps || [] }]
|
|
300
|
+
: [{ provide: SD_AUTHOM_CONFIGURATION, useClass: options.useClass }]),
|
|
301
|
+
{
|
|
302
|
+
provide: APP_INITIALIZER,
|
|
303
|
+
multi: true,
|
|
304
|
+
useFactory: () => {
|
|
305
|
+
const configLoader = inject(SD_AUTHOM_CONFIGURATION);
|
|
306
|
+
const authom = inject(SdAuthOmService);
|
|
307
|
+
return () => configLoader.loadTenantConfig().then((config) => authom.init(config));
|
|
308
|
+
},
|
|
309
|
+
},
|
|
310
|
+
],
|
|
311
|
+
};
|
|
312
|
+
}
|
|
313
|
+
static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: SdAuthOmModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule });
|
|
314
|
+
static ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "14.0.0", version: "19.2.17", ngImport: i0, type: SdAuthOmModule });
|
|
315
|
+
static ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: SdAuthOmModule });
|
|
316
|
+
}
|
|
317
|
+
i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: SdAuthOmModule, decorators: [{
|
|
318
|
+
type: NgModule,
|
|
319
|
+
args: [{}]
|
|
320
|
+
}] });
|
|
321
|
+
|
|
322
|
+
/**
|
|
323
|
+
* Module `authom` — OAuth 2.0 + PKCE authentication client cho AuthOM (Auth0-based).
|
|
324
|
+
*
|
|
325
|
+
* Cách dùng (standalone):
|
|
326
|
+
* ```ts
|
|
327
|
+
* import { provideHttpClient, withInterceptors } from '@angular/common/http';
|
|
328
|
+
* import { provideSdAuthOm, SdAuthOmInterceptor } from '@sd-angular/core/modules/authom';
|
|
329
|
+
*
|
|
330
|
+
* export const appConfig: ApplicationConfig = {
|
|
331
|
+
* providers: [
|
|
332
|
+
* provideHttpClient(withInterceptors([SdAuthOmInterceptor])),
|
|
333
|
+
* provideSdAuthOm({
|
|
334
|
+
* useFactory: () => ({
|
|
335
|
+
* loadTenantConfig: () => Promise.resolve({
|
|
336
|
+
* domain: 'login.example.com',
|
|
337
|
+
* clientId: 'YOUR_CLIENT_ID',
|
|
338
|
+
* audience: 'https://api.example.com',
|
|
339
|
+
* organization: 'org_xxx',
|
|
340
|
+
* scope: 'openid profile email offline_access',
|
|
341
|
+
* secureRoutes: ['https://api.example.com/*'],
|
|
342
|
+
* }),
|
|
343
|
+
* }),
|
|
344
|
+
* }),
|
|
345
|
+
* ],
|
|
346
|
+
* };
|
|
347
|
+
* ```
|
|
348
|
+
*
|
|
349
|
+
* Yêu cầu setup thêm:
|
|
350
|
+
* 1. Copy file `silent-authom.html` từ source module này vào thư mục `public/` của app.
|
|
351
|
+
* 2. App phải chạy trên HTTPS (hoặc localhost) — Web Crypto API yêu cầu secure context.
|
|
352
|
+
*/
|
|
353
|
+
|
|
354
|
+
/**
|
|
355
|
+
* Generated bundle index. Do not edit.
|
|
356
|
+
*/
|
|
357
|
+
|
|
358
|
+
export { SD_AUTHOM_CONFIGURATION, SdAuthOmInterceptor, SdAuthOmModule, SdAuthOmService, matchGlob, provideSdAuthOm };
|
|
359
|
+
//# sourceMappingURL=sd-angular-core-modules-authom.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sd-angular-core-modules-authom.mjs","sources":["../../../projects/sd-angular/modules/authom/authom.configuration.ts","../../../projects/sd-angular/modules/authom/authom.service.ts","../../../projects/sd-angular/modules/authom/authom.interceptor.ts","../../../projects/sd-angular/modules/authom/authom.module.ts","../../../projects/sd-angular/modules/authom/index.ts","../../../projects/sd-angular/modules/authom/sd-angular-core-modules-authom.ts"],"sourcesContent":["import { InjectionToken } from '@angular/core';\n\nexport interface SdAuthOmTenantConfig {\n domain: string;\n clientId: string;\n\n redirectUri?: string;\n audience?: string;\n organization?: string;\n scope?: string;\n\n secureRoutes?: string[];\n\n silentRefreshRedirectUri?: string;\n refreshThresholdSeconds?: number;\n authorizeTimeoutInSeconds?: number;\n}\n\nexport interface ISdAuthOmConfiguration {\n loadTenantConfig: () => Promise<SdAuthOmTenantConfig>;\n}\n\nexport const SD_AUTHOM_CONFIGURATION = new InjectionToken<ISdAuthOmConfiguration>('sd-authom.configuration');\n","import { Injectable, PLATFORM_ID, computed, inject, signal } from '@angular/core';\nimport { isPlatformBrowser } from '@angular/common';\nimport { SdAuthOmTenantConfig } from './authom.configuration';\nimport { StringUtilities } from '@sd-angular/core/utilities/extensions';\n\nconst STORAGE_KEY_STATE = 'authom_state';\nconst STORAGE_KEY_CODE_VERIFIER = 'authom_code_verifier';\nconst STORAGE_KEY_RETURN_TO = 'authom_return_to';\n\nconst DEFAULT_SCOPE = 'openid profile email';\nconst DEFAULT_REFRESH_THRESHOLD_SECONDS = 30;\nconst DEFAULT_AUTHORIZE_TIMEOUT_SECONDS = 5;\n\n@Injectable({ providedIn: 'root' })\nexport class SdAuthOmService {\n private readonly platformId = inject(PLATFORM_ID);\n private readonly isBrowser = isPlatformBrowser(this.platformId);\n\n readonly accessToken = signal<string | null>(null);\n readonly idTokenClaims = signal<Record<string, unknown> | null>(null);\n readonly isAuthenticated = computed(() => this.accessToken() !== null);\n\n config!: SdAuthOmTenantConfig;\n private refreshTimer: ReturnType<typeof setTimeout> | null = null;\n\n getAccessToken(): string | null {\n return this.accessToken();\n }\n\n private base64UrlEncode(bytes: Uint8Array): string {\n let binary = '';\n for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n }\n\n private generateCodeVerifier(): string {\n const bytes = new Uint8Array(32);\n crypto.getRandomValues(bytes);\n return this.base64UrlEncode(bytes);\n }\n\n private async generateCodeChallenge(verifier: string): Promise<string> {\n return StringUtilities.sha256(verifier);\n }\n\n private buildAuthorizeUrl(params: {\n state: string;\n codeChallenge: string;\n redirectUri: string;\n prompt?: 'none';\n }): string {\n const search = new URLSearchParams({\n response_type: 'code',\n client_id: this.config.clientId,\n redirect_uri: params.redirectUri,\n state: params.state,\n code_challenge: params.codeChallenge,\n code_challenge_method: 'S256',\n scope: this.config.scope || DEFAULT_SCOPE,\n });\n if (this.config.audience) search.set('audience', this.config.audience);\n if (this.config.organization) search.set('organization', this.config.organization);\n if (params.prompt) search.set('prompt', params.prompt);\n return `https://${this.config.domain}/authorize?${search.toString()}`;\n }\n\n private getDefaultRedirectUri(): string {\n return this.config.redirectUri || window.location.origin;\n }\n\n private getSilentRedirectUri(): string {\n return this.config.silentRefreshRedirectUri || `${window.location.origin}/silent-authom.html`;\n }\n\n private decodeJwtPayload(token: string): Record<string, unknown> | null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) return null;\n const padded = parts[1].replace(/-/g, '+').replace(/_/g, '/');\n const json = atob(padded + '==='.slice((padded.length + 3) % 4));\n return JSON.parse(json);\n } catch {\n return null;\n }\n }\n\n async login(options?: { returnTo?: string }): Promise<void> {\n if (!this.isBrowser) return;\n\n const state = crypto.randomUUID();\n const codeVerifier = this.generateCodeVerifier();\n const codeChallenge = await this.generateCodeChallenge(codeVerifier);\n const returnTo = options?.returnTo || (window.location.pathname + window.location.search);\n\n sessionStorage.setItem(STORAGE_KEY_STATE, state);\n sessionStorage.setItem(STORAGE_KEY_CODE_VERIFIER, codeVerifier);\n sessionStorage.setItem(STORAGE_KEY_RETURN_TO, returnTo);\n\n window.location.href = this.buildAuthorizeUrl({\n state,\n codeChallenge,\n redirectUri: this.getDefaultRedirectUri(),\n });\n }\n\n logout(options?: { returnTo?: string }): void {\n if (!this.isBrowser) return;\n\n this.accessToken.set(null);\n this.idTokenClaims.set(null);\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.refreshTimer = null;\n }\n\n const returnTo = options?.returnTo || window.location.origin;\n const search = new URLSearchParams({\n client_id: this.config.clientId,\n returnTo,\n });\n window.location.href = `https://${this.config.domain}/v2/logout?${search.toString()}`;\n }\n\n private async exchangeCode(code: string, codeVerifier: string, redirectUri: string): Promise<boolean> {\n try {\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: codeVerifier,\n redirect_uri: redirectUri,\n client_id: this.config.clientId,\n });\n const res = await fetch(`https://${this.config.domain}/oauth/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body: body.toString(),\n });\n if (!res.ok) return false;\n const data = await res.json() as { access_token?: string; id_token?: string };\n if (!data.access_token) return false;\n\n this.accessToken.set(data.access_token);\n if (data.id_token) {\n this.idTokenClaims.set(this.decodeJwtPayload(data.id_token));\n }\n this.scheduleRefresh(data.access_token);\n return true;\n } catch {\n return false;\n }\n }\n\n private scheduleRefresh(token: string): void {\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.refreshTimer = null;\n }\n const claims = this.decodeJwtPayload(token);\n const exp = claims?.['exp'];\n if (typeof exp !== 'number') {\n console.warn('[SdAuthOmService] Token không có exp — bỏ qua auto-refresh');\n return;\n }\n const threshold = this.config.refreshThresholdSeconds ?? DEFAULT_REFRESH_THRESHOLD_SECONDS;\n const nowSeconds = Math.floor(Date.now() / 1000);\n const delayMs = Math.max(0, (exp - nowSeconds - threshold) * 1000);\n this.refreshTimer = setTimeout(() => {\n this.silentRefresh();\n }, delayMs);\n }\n\n silentRefresh(): Promise<boolean> {\n if (!this.isBrowser) return Promise.resolve(false);\n\n return new Promise(async (resolve) => {\n const state = crypto.randomUUID();\n const codeVerifier = this.generateCodeVerifier();\n const codeChallenge = await this.generateCodeChallenge(codeVerifier);\n const redirectUri = this.getSilentRedirectUri();\n const timeoutMs = (this.config.authorizeTimeoutInSeconds ?? DEFAULT_AUTHORIZE_TIMEOUT_SECONDS) * 1000;\n\n const iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n\n let done = false;\n const finish = (success: boolean) => {\n if (done) return;\n done = true;\n clearTimeout(timer);\n iframe.remove();\n window.removeEventListener('message', onMessage);\n resolve(success);\n };\n\n const timer = setTimeout(() => finish(false), timeoutMs);\n\n const onMessage = async (event: MessageEvent) => {\n if (event.origin !== window.location.origin) return;\n const data = event.data as { type?: string; code?: string; state?: string } | null;\n if (!data || typeof data !== 'object') return;\n\n if (data.type === 'AUTHOM_SILENT_SUCCESS' && data.code && data.state === state) {\n const ok = await this.exchangeCode(data.code, codeVerifier, redirectUri);\n if (!ok) {\n this.accessToken.set(null);\n this.idTokenClaims.set(null);\n }\n finish(ok);\n } else if (data.type === 'AUTHOM_SILENT_ERROR') {\n this.accessToken.set(null);\n this.idTokenClaims.set(null);\n finish(false);\n }\n };\n\n window.addEventListener('message', onMessage);\n\n iframe.src = this.buildAuthorizeUrl({\n state,\n codeChallenge,\n redirectUri,\n prompt: 'none',\n });\n document.body.appendChild(iframe);\n });\n }\n\n async handleCallback(): Promise<boolean> {\n if (!this.isBrowser) return false;\n\n const params = new URLSearchParams(window.location.search);\n const code = params.get('code');\n const state = params.get('state');\n if (!code) return false;\n\n const savedState = sessionStorage.getItem(STORAGE_KEY_STATE);\n const codeVerifier = sessionStorage.getItem(STORAGE_KEY_CODE_VERIFIER);\n const returnTo = sessionStorage.getItem(STORAGE_KEY_RETURN_TO);\n sessionStorage.removeItem(STORAGE_KEY_STATE);\n sessionStorage.removeItem(STORAGE_KEY_CODE_VERIFIER);\n\n if (state !== savedState || !codeVerifier) {\n window.history.replaceState({}, '', window.location.pathname);\n sessionStorage.removeItem(STORAGE_KEY_RETURN_TO);\n return false;\n }\n\n const redirectUri = this.getDefaultRedirectUri();\n const ok = await this.exchangeCode(code, codeVerifier, redirectUri);\n\n if (returnTo) {\n sessionStorage.removeItem(STORAGE_KEY_RETURN_TO);\n window.history.replaceState({}, '', returnTo);\n } else {\n window.history.replaceState({}, '', window.location.pathname);\n }\n\n return ok;\n }\n\n async init(config: SdAuthOmTenantConfig): Promise<boolean> {\n this.config = config;\n if (!this.isBrowser) return false;\n\n const hasCode = new URLSearchParams(window.location.search).has('code');\n if (hasCode) {\n const ok = await this.handleCallback();\n if (ok) return true;\n }\n\n return this.silentRefresh();\n }\n}\n","import { HttpInterceptorFn } from '@angular/common/http';\nimport { inject } from '@angular/core';\nimport { SdAuthOmService } from './authom.service';\n\nconst escapeRegExp = (str: string): string => str.replace(/[.+?^${}()|[\\]\\\\]/g, '\\\\$&');\n\nexport const matchGlob = (pattern: string, url: string): boolean => {\n const regexBody = pattern.split('*').map(escapeRegExp).join('.*');\n return new RegExp(`^${regexBody}$`).test(url);\n};\n\nexport const SdAuthOmInterceptor: HttpInterceptorFn = (req, next) => {\n const authom = inject(SdAuthOmService);\n const token = authom.getAccessToken();\n const config = authom.config;\n\n if (!token || !config) return next(req);\n\n const isSecure = config.secureRoutes?.some(pattern => matchGlob(pattern, req.url));\n if (!isSecure) return next(req);\n\n const authReq = req.clone({\n headers: req.headers.set('Authorization', `Bearer ${token}`),\n });\n return next(authReq);\n};\n","import {\n ModuleWithProviders,\n NgModule,\n Provider,\n Type,\n EnvironmentProviders,\n makeEnvironmentProviders,\n provideAppInitializer,\n inject,\n APP_INITIALIZER,\n} from '@angular/core';\nimport { ISdAuthOmConfiguration, SD_AUTHOM_CONFIGURATION } from './authom.configuration';\nimport { SdAuthOmService } from './authom.service';\n\ninterface ProvideOptions {\n useClass?: Type<ISdAuthOmConfiguration>;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n useFactory?: (...args: any[]) => ISdAuthOmConfiguration;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n deps?: any[];\n}\n\nexport function provideSdAuthOm(options: ProvideOptions): EnvironmentProviders {\n const providers: Array<Provider | EnvironmentProviders> = [SdAuthOmService];\n\n if (options.useFactory) {\n providers.push({ provide: SD_AUTHOM_CONFIGURATION, useFactory: options.useFactory, deps: options.deps || [] });\n } else if (options.useClass) {\n providers.push({ provide: SD_AUTHOM_CONFIGURATION, useClass: options.useClass });\n }\n\n providers.push(\n provideAppInitializer(() => {\n const configLoader = inject(SD_AUTHOM_CONFIGURATION);\n const authom = inject(SdAuthOmService);\n return configLoader.loadTenantConfig().then((config) => authom.init(config));\n })\n );\n\n return makeEnvironmentProviders(providers);\n}\n\n@NgModule({})\nexport class SdAuthOmModule {\n static forRoot(options: ProvideOptions): ModuleWithProviders<SdAuthOmModule> {\n return {\n ngModule: SdAuthOmModule,\n providers: [\n SdAuthOmService,\n ...(options.useFactory\n ? [{ provide: SD_AUTHOM_CONFIGURATION, useFactory: options.useFactory, deps: options.deps || [] }]\n : [{ provide: SD_AUTHOM_CONFIGURATION, useClass: options.useClass! }]\n ),\n {\n provide: APP_INITIALIZER,\n multi: true,\n useFactory: () => {\n const configLoader = inject(SD_AUTHOM_CONFIGURATION);\n const authom = inject(SdAuthOmService);\n return () => configLoader.loadTenantConfig().then((config) => authom.init(config));\n },\n },\n ],\n };\n }\n}\n","/**\n * Module `authom` — OAuth 2.0 + PKCE authentication client cho AuthOM (Auth0-based).\n *\n * Cách dùng (standalone):\n * ```ts\n * import { provideHttpClient, withInterceptors } from '@angular/common/http';\n * import { provideSdAuthOm, SdAuthOmInterceptor } from '@sd-angular/core/modules/authom';\n *\n * export const appConfig: ApplicationConfig = {\n * providers: [\n * provideHttpClient(withInterceptors([SdAuthOmInterceptor])),\n * provideSdAuthOm({\n * useFactory: () => ({\n * loadTenantConfig: () => Promise.resolve({\n * domain: 'login.example.com',\n * clientId: 'YOUR_CLIENT_ID',\n * audience: 'https://api.example.com',\n * organization: 'org_xxx',\n * scope: 'openid profile email offline_access',\n * secureRoutes: ['https://api.example.com/*'],\n * }),\n * }),\n * }),\n * ],\n * };\n * ```\n *\n * Yêu cầu setup thêm:\n * 1. Copy file `silent-authom.html` từ source module này vào thư mục `public/` của app.\n * 2. App phải chạy trên HTTPS (hoặc localhost) — Web Crypto API yêu cầu secure context.\n */\nexport * from './authom.configuration';\nexport * from './authom.service';\nexport * from './authom.interceptor';\nexport * from './authom.module';\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './index';\n"],"names":[],"mappings":";;;;;MAsBa,uBAAuB,GAAG,IAAI,cAAc,CAAyB,yBAAyB;;ACjB3G,MAAM,iBAAiB,GAAG,cAAc;AACxC,MAAM,yBAAyB,GAAG,sBAAsB;AACxD,MAAM,qBAAqB,GAAG,kBAAkB;AAEhD,MAAM,aAAa,GAAG,sBAAsB;AAC5C,MAAM,iCAAiC,GAAG,EAAE;AAC5C,MAAM,iCAAiC,GAAG,CAAC;MAG9B,eAAe,CAAA;AACT,IAAA,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC;AAChC,IAAA,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC;AAEtD,IAAA,WAAW,GAAG,MAAM,CAAgB,IAAI,CAAC;AACzC,IAAA,aAAa,GAAG,MAAM,CAAiC,IAAI,CAAC;AAC5D,IAAA,eAAe,GAAG,QAAQ,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC;AAEtE,IAAA,MAAM;IACE,YAAY,GAAyC,IAAI;IAEjE,cAAc,GAAA;AACZ,QAAA,OAAO,IAAI,CAAC,WAAW,EAAE;IAC3B;AAEQ,IAAA,eAAe,CAAC,KAAiB,EAAA;QACvC,IAAI,MAAM,GAAG,EAAE;AACf,QAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9E,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;IAChF;IAEQ,oBAAoB,GAAA;AAC1B,QAAA,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC;AAChC,QAAA,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC;AAC7B,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC;IACpC;IAEQ,MAAM,qBAAqB,CAAC,QAAgB,EAAA;AAClD,QAAA,OAAO,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC;IACzC;AAEQ,IAAA,iBAAiB,CAAC,MAKzB,EAAA;AACC,QAAA,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;AACjC,YAAA,aAAa,EAAE,MAAM;AACrB,YAAA,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,aAAa;AACpC,YAAA,qBAAqB,EAAE,MAAM;AAC7B,YAAA,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,aAAa;AAC1C,SAAA,CAAC;AACF,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ;YAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;AACtE,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,MAAM,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;QAClF,IAAI,MAAM,CAAC,MAAM;YAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC;AACtD,QAAA,OAAO,CAAA,QAAA,EAAW,IAAI,CAAC,MAAM,CAAC,MAAM,CAAA,WAAA,EAAc,MAAM,CAAC,QAAQ,EAAE,CAAA,CAAE;IACvE;IAEQ,qBAAqB,GAAA;QAC3B,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;IAC1D;IAEQ,oBAAoB,GAAA;AAC1B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,wBAAwB,IAAI,CAAA,EAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,qBAAqB;IAC/F;AAEQ,IAAA,gBAAgB,CAAC,KAAa,EAAA;AACpC,QAAA,IAAI;YACF,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;AAC9B,YAAA,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;AAAE,gBAAA,OAAO,IAAI;YACnC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;YAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;AAChE,YAAA,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;QACzB;AAAE,QAAA,MAAM;AACN,YAAA,OAAO,IAAI;QACb;IACF;IAEA,MAAM,KAAK,CAAC,OAA+B,EAAA;QACzC,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE;AAErB,QAAA,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE;AACjC,QAAA,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,EAAE;QAChD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC;AACpE,QAAA,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,KAAK,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;AAEzF,QAAA,cAAc,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC;AAChD,QAAA,cAAc,CAAC,OAAO,CAAC,yBAAyB,EAAE,YAAY,CAAC;AAC/D,QAAA,cAAc,CAAC,OAAO,CAAC,qBAAqB,EAAE,QAAQ,CAAC;QAEvD,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC;YAC5C,KAAK;YACL,aAAa;AACb,YAAA,WAAW,EAAE,IAAI,CAAC,qBAAqB,EAAE;AAC1C,SAAA,CAAC;IACJ;AAEA,IAAA,MAAM,CAAC,OAA+B,EAAA;QACpC,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE;AAErB,QAAA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC;AAC1B,QAAA,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC;AAC5B,QAAA,IAAI,IAAI,CAAC,YAAY,EAAE;AACrB,YAAA,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;AAC/B,YAAA,IAAI,CAAC,YAAY,GAAG,IAAI;QAC1B;QAEA,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;AAC5D,QAAA,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;AACjC,YAAA,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,QAAQ;AACT,SAAA,CAAC;AACF,QAAA,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,IAAI,CAAC,MAAM,CAAC,MAAM,CAAA,WAAA,EAAc,MAAM,CAAC,QAAQ,EAAE,EAAE;IACvF;AAEQ,IAAA,MAAM,YAAY,CAAC,IAAY,EAAE,YAAoB,EAAE,WAAmB,EAAA;AAChF,QAAA,IAAI;AACF,YAAA,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;AAC/B,gBAAA,UAAU,EAAE,oBAAoB;gBAChC,IAAI;AACJ,gBAAA,aAAa,EAAE,YAAY;AAC3B,gBAAA,YAAY,EAAE,WAAW;AACzB,gBAAA,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;AAChC,aAAA,CAAC;AACF,YAAA,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,CAAA,QAAA,EAAW,IAAI,CAAC,MAAM,CAAC,MAAM,CAAA,YAAA,CAAc,EAAE;AACnE,gBAAA,MAAM,EAAE,MAAM;AACd,gBAAA,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;AAChE,gBAAA,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;AACtB,aAAA,CAAC;YACF,IAAI,CAAC,GAAG,CAAC,EAAE;AAAE,gBAAA,OAAO,KAAK;AACzB,YAAA,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAkD;YAC7E,IAAI,CAAC,IAAI,CAAC,YAAY;AAAE,gBAAA,OAAO,KAAK;YAEpC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC;AACvC,YAAA,IAAI,IAAI,CAAC,QAAQ,EAAE;AACjB,gBAAA,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9D;AACA,YAAA,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC;AACvC,YAAA,OAAO,IAAI;QACb;AAAE,QAAA,MAAM;AACN,YAAA,OAAO,KAAK;QACd;IACF;AAEQ,IAAA,eAAe,CAAC,KAAa,EAAA;AACnC,QAAA,IAAI,IAAI,CAAC,YAAY,EAAE;AACrB,YAAA,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;AAC/B,YAAA,IAAI,CAAC,YAAY,GAAG,IAAI;QAC1B;QACA,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC;AAC3C,QAAA,MAAM,GAAG,GAAG,MAAM,GAAG,KAAK,CAAC;AAC3B,QAAA,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;AAC3B,YAAA,OAAO,CAAC,IAAI,CAAC,4DAA4D,CAAC;YAC1E;QACF;QACA,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,uBAAuB,IAAI,iCAAiC;AAC1F,QAAA,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAChD,QAAA,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,UAAU,GAAG,SAAS,IAAI,IAAI,CAAC;AAClE,QAAA,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,MAAK;YAClC,IAAI,CAAC,aAAa,EAAE;QACtB,CAAC,EAAE,OAAO,CAAC;IACb;IAEA,aAAa,GAAA;QACX,IAAI,CAAC,IAAI,CAAC,SAAS;AAAE,YAAA,OAAO,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC;AAElD,QAAA,OAAO,IAAI,OAAO,CAAC,OAAO,OAAO,KAAI;AACnC,YAAA,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE;AACjC,YAAA,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,EAAE;YAChD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC;AACpE,YAAA,MAAM,WAAW,GAAG,IAAI,CAAC,oBAAoB,EAAE;AAC/C,YAAA,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,yBAAyB,IAAI,iCAAiC,IAAI,IAAI;YAErG,MAAM,MAAM,GAAG,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC;AAC/C,YAAA,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,MAAM;YAE7B,IAAI,IAAI,GAAG,KAAK;AAChB,YAAA,MAAM,MAAM,GAAG,CAAC,OAAgB,KAAI;AAClC,gBAAA,IAAI,IAAI;oBAAE;gBACV,IAAI,GAAG,IAAI;gBACX,YAAY,CAAC,KAAK,CAAC;gBACnB,MAAM,CAAC,MAAM,EAAE;AACf,gBAAA,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,SAAS,CAAC;gBAChD,OAAO,CAAC,OAAO,CAAC;AAClB,YAAA,CAAC;AAED,YAAA,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;AAExD,YAAA,MAAM,SAAS,GAAG,OAAO,KAAmB,KAAI;gBAC9C,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM;oBAAE;AAC7C,gBAAA,MAAM,IAAI,GAAG,KAAK,CAAC,IAA+D;AAClF,gBAAA,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;oBAAE;AAEvC,gBAAA,IAAI,IAAI,CAAC,IAAI,KAAK,uBAAuB,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK,EAAE;AAC9E,oBAAA,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,CAAC;oBACxE,IAAI,CAAC,EAAE,EAAE;AACP,wBAAA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC;AAC1B,wBAAA,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC;oBAC9B;oBACA,MAAM,CAAC,EAAE,CAAC;gBACZ;AAAO,qBAAA,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,EAAE;AAC9C,oBAAA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC;AAC1B,oBAAA,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC;oBAC5B,MAAM,CAAC,KAAK,CAAC;gBACf;AACF,YAAA,CAAC;AAED,YAAA,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,SAAS,CAAC;AAE7C,YAAA,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC;gBAClC,KAAK;gBACL,aAAa;gBACb,WAAW;AACX,gBAAA,MAAM,EAAE,MAAM;AACf,aAAA,CAAC;AACF,YAAA,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;AACnC,QAAA,CAAC,CAAC;IACJ;AAEA,IAAA,MAAM,cAAc,GAAA;QAClB,IAAI,CAAC,IAAI,CAAC,SAAS;AAAE,YAAA,OAAO,KAAK;QAEjC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC1D,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;QAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;AACjC,QAAA,IAAI,CAAC,IAAI;AAAE,YAAA,OAAO,KAAK;QAEvB,MAAM,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC;QAC5D,MAAM,YAAY,GAAG,cAAc,CAAC,OAAO,CAAC,yBAAyB,CAAC;QACtE,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,qBAAqB,CAAC;AAC9D,QAAA,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC;AAC5C,QAAA,cAAc,CAAC,UAAU,CAAC,yBAAyB,CAAC;AAEpD,QAAA,IAAI,KAAK,KAAK,UAAU,IAAI,CAAC,YAAY,EAAE;AACzC,YAAA,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;AAC7D,YAAA,cAAc,CAAC,UAAU,CAAC,qBAAqB,CAAC;AAChD,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,MAAM,WAAW,GAAG,IAAI,CAAC,qBAAqB,EAAE;AAChD,QAAA,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,CAAC;QAEnE,IAAI,QAAQ,EAAE;AACZ,YAAA,cAAc,CAAC,UAAU,CAAC,qBAAqB,CAAC;YAChD,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC;QAC/C;aAAO;AACL,YAAA,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC/D;AAEA,QAAA,OAAO,EAAE;IACX;IAEA,MAAM,IAAI,CAAC,MAA4B,EAAA;AACrC,QAAA,IAAI,CAAC,MAAM,GAAG,MAAM;QACpB,IAAI,CAAC,IAAI,CAAC,SAAS;AAAE,YAAA,OAAO,KAAK;AAEjC,QAAA,MAAM,OAAO,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACvE,IAAI,OAAO,EAAE;AACX,YAAA,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE;AACtC,YAAA,IAAI,EAAE;AAAE,gBAAA,OAAO,IAAI;QACrB;AAEA,QAAA,OAAO,IAAI,CAAC,aAAa,EAAE;IAC7B;wGAjQW,eAAe,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;AAAf,IAAA,OAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,eAAe,cADF,MAAM,EAAA,CAAA;;4FACnB,eAAe,EAAA,UAAA,EAAA,CAAA;kBAD3B,UAAU;mBAAC,EAAE,UAAU,EAAE,MAAM,EAAE;;;ACTlC,MAAM,YAAY,GAAG,CAAC,GAAW,KAAa,GAAG,CAAC,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC;MAE1E,SAAS,GAAG,CAAC,OAAe,EAAE,GAAW,KAAa;AACjE,IAAA,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;AACjE,IAAA,OAAO,IAAI,MAAM,CAAC,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA,CAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;AAC/C;MAEa,mBAAmB,GAAsB,CAAC,GAAG,EAAE,IAAI,KAAI;AAClE,IAAA,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC;AACtC,IAAA,MAAM,KAAK,GAAG,MAAM,CAAC,cAAc,EAAE;AACrC,IAAA,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM;AAE5B,IAAA,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM;AAAE,QAAA,OAAO,IAAI,CAAC,GAAG,CAAC;IAEvC,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;AAClF,IAAA,IAAI,CAAC,QAAQ;AAAE,QAAA,OAAO,IAAI,CAAC,GAAG,CAAC;AAE/B,IAAA,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC;AACxB,QAAA,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAAC;AAC7D,KAAA,CAAC;AACF,IAAA,OAAO,IAAI,CAAC,OAAO,CAAC;AACtB;;ACHM,SAAU,eAAe,CAAC,OAAuB,EAAA;AACrD,IAAA,MAAM,SAAS,GAA2C,CAAC,eAAe,CAAC;AAE3E,IAAA,IAAI,OAAO,CAAC,UAAU,EAAE;QACtB,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;IAChH;AAAO,SAAA,IAAI,OAAO,CAAC,QAAQ,EAAE;AAC3B,QAAA,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;IAClF;AAEA,IAAA,SAAS,CAAC,IAAI,CACZ,qBAAqB,CAAC,MAAK;AACzB,QAAA,MAAM,YAAY,GAAG,MAAM,CAAC,uBAAuB,CAAC;AACpD,QAAA,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC;AACtC,QAAA,OAAO,YAAY,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9E,CAAC,CAAC,CACH;AAED,IAAA,OAAO,wBAAwB,CAAC,SAAS,CAAC;AAC5C;MAGa,cAAc,CAAA;IACzB,OAAO,OAAO,CAAC,OAAuB,EAAA;QACpC,OAAO;AACL,YAAA,QAAQ,EAAE,cAAc;AACxB,YAAA,SAAS,EAAE;gBACT,eAAe;gBACf,IAAI,OAAO,CAAC;sBACR,CAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,EAAE,EAAE;AACjG,sBAAE,CAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAS,EAAE,CAAC,CACtE;AACD,gBAAA;AACE,oBAAA,OAAO,EAAE,eAAe;AACxB,oBAAA,KAAK,EAAE,IAAI;oBACX,UAAU,EAAE,MAAK;AACf,wBAAA,MAAM,YAAY,GAAG,MAAM,CAAC,uBAAuB,CAAC;AACpD,wBAAA,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC;wBACtC,OAAO,MAAM,YAAY,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBACpF,CAAC;AACF,iBAAA;AACF,aAAA;SACF;IACH;wGArBW,cAAc,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,QAAA,EAAA,CAAA;yGAAd,cAAc,EAAA,CAAA;yGAAd,cAAc,EAAA,CAAA;;4FAAd,cAAc,EAAA,UAAA,EAAA,CAAA;kBAD1B,QAAQ;mBAAC,EAAE;;;AC1CZ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BG;;AC9BH;;AAEG;;;;"}
|