@softtechai/quickmcp 1.0.16 → 1.1.1

package/dist/auth/auth-utils.js

@@ -0,0 +1,600 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthUtils = void 0;
+exports.normalizeStringArray = normalizeStringArray;
+exports.resolveLiteAdminUsernames = resolveLiteAdminUsernames;
+exports.normalizeRuleMap = normalizeRuleMap;
+exports.getMcpTokenRecord = getMcpTokenRecord;
+exports.isMcpAuthorizedGlobally = isMcpAuthorizedGlobally;
+exports.parseServerOwner = parseServerOwner;
+exports.isServerOwnedByCurrentIdentity = isServerOwnedByCurrentIdentity;
+exports.getServerRequireMcpToken = getServerRequireMcpToken;
+exports.isServerAuthorized = isServerAuthorized;
+exports.isToolAuthorized = isToolAuthorized;
+exports.isResourceAuthorized = isResourceAuthorized;
+const crypto_1 = __importDefault(require("crypto"));
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const token_utils_1 = require("./token-utils");
+const jwks_provider_1 = require("./jwks-provider");
+class AuthUtils {
+    constructor(config) {
+        this.authMode = config.authMode;
+        this.authDefaultUsername = config.authDefaultUsername;
+        this.authCookieSecret = config.authCookieSecret;
+        this.authAccessTtlSec = config.authAccessTtlSec;
+        this.authRefreshTtlSec = config.authRefreshTtlSec;
+        this.accessCookieName = config.accessCookieName;
+        this.refreshCookieName = config.refreshCookieName;
+        this.authAdminUsers = config.authAdminUsers;
+        this.cookieSecure = config.cookieSecure;
+        this.ensureDataStore = config.ensureDataStore;
+    }
+    normalizeUsername(value) {
+        return typeof value === 'string' ? value.trim() : '';
+    }
+    isNoneMode() {
+        return this.authMode === 'NONE';
+    }
+    hashPassword(password) {
+        return crypto_1.default.createHash('sha256').update(password).digest('hex');
+    }
+    verifyPassword(password, expectedHash) {
+        return this.hashPassword(password) === expectedHash;
+    }
+    createMcpToken(username, workspaceId, role, ttlSec, audience, issuer, scope) {
+        const nowSec = Math.floor(Date.now() / 1000);
+        const tokenId = crypto_1.default.randomUUID();
+        const hasExpiry = typeof ttlSec === 'number' && Number.isFinite(ttlSec) && ttlSec > 0;
+        const payload = {
+            jti: tokenId,
+            sub: username,
+            ws: workspaceId,
+            role,
+            ...(issuer ? { iss: issuer } : {}),
+            ...(audience ? { aud: audience } : {}),
+            ...(scope ? { scope } : {}),
+            iat: nowSec,
+            ...(hasExpiry ? { exp: nowSec + Number(ttlSec) } : {})
+        };
+        // Produce a standard 3-part JWT (header.payload.signature) signed with RS256
+        const header = this.base64UrlEncode(JSON.stringify({ alg: 'RS256', typ: 'JWT', kid: (0, jwks_provider_1.getKid)() }));
+        const payloadEncoded = this.base64UrlEncode(JSON.stringify(payload));
+        const signingInput = `${header}.${payloadEncoded}`;
+        const signature = crypto_1.default.sign('sha256', Buffer.from(signingInput), (0, jwks_provider_1.getRsaPrivateKey)()).toString('base64url');
+        const token = `${header}.${payloadEncoded}.${signature}`;
+        return {
+            token,
+            expiresAt: hasExpiry ? new Date((nowSec + Number(ttlSec)) * 1000).toISOString() : null,
+            tokenHash: crypto_1.default.createHash('sha256').update(token).digest('hex'),
+            tokenId
+        };
+    }
+    getUserRole(username, workspaceId) {
+        if (!username)
+            return 'user';
+        if (this.authMode === 'NONE')
+            return 'admin';
+        void workspaceId;
+        return this.authAdminUsers.some((item) => item.username === username) ? 'admin' : 'user';
+    }
+    isAdminUser(username, workspaceId) {
+        return this.getUserRole(username, workspaceId) === 'admin';
+    }
+    parseCookies(req) {
+        const cookieHeader = req.headers.cookie;
+        if (!cookieHeader)
+            return {};
+        return cookieHeader.split(';').reduce((acc, cookie) => {
+            const [rawName, ...rest] = cookie.trim().split('=');
+            if (!rawName)
+                return acc;
+            acc[rawName] = decodeURIComponent(rest.join('='));
+            return acc;
+        }, {});
+    }
+    setCookie(res, name, value, maxAgeSec) {
+        const parts = [
+            `${name}=${encodeURIComponent(value)}`,
+            'Path=/',
+            'HttpOnly',
+            'SameSite=Lax',
+            `Max-Age=${maxAgeSec}`
+        ];
+        if (this.cookieSecure) {
+            parts.push('Secure');
+        }
+        res.append('Set-Cookie', parts.join('; '));
+    }
+    clearCookie(res, name) {
+        const parts = [`${name}=`, 'Path=/', 'HttpOnly', 'SameSite=Lax', 'Max-Age=0'];
+        if (this.cookieSecure) {
+            parts.push('Secure');
+        }
+        res.append('Set-Cookie', parts.join('; '));
+    }
+    getEffectiveUsername(req) {
+        if (this.authMode === 'NONE')
+            return this.authDefaultUsername;
+        return req.authWorkspace || req.authUser || '';
+    }
+    getNoneModeAuthContext() {
+        return {
+            username: this.authDefaultUsername,
+            workspaceId: this.authDefaultUsername,
+            role: 'admin'
+        };
+    }
+    applyNoneModeAuth(req) {
+        const ctx = this.getNoneModeAuthContext();
+        req.authUser = ctx.username;
+        req.authWorkspace = ctx.workspaceId;
+        req.authRole = ctx.role;
+    }
+    resolvePublicDir(currentDir) {
+        const candidates = [
+            path_1.default.join(process.cwd(), 'src', 'web', 'public'),
+            path_1.default.join(process.cwd(), 'dist', 'web', 'public'),
+            path_1.default.join(currentDir, 'public'),
+            path_1.default.join(currentDir, '..', 'web', 'public'),
+            path_1.default.join(currentDir, '..', '..', 'src', 'web', 'public')
+        ];
+        for (const dir of candidates) {
+            if (fs_1.default.existsSync(dir)) {
+                return dir;
+            }
+        }
+        return candidates[0];
+    }
+    buildServerId(ownerUsername, serverName) {
+        return `${ownerUsername}__${serverName}`;
+    }
+    isPublicPath(pathname) {
+        if (pathname.startsWith('/api/auth'))
+            return true;
+        if (pathname.startsWith('/oauth'))
+            return true;
+        if (pathname === '/.well-known/oauth-authorization-server')
+            return true;
+        if (pathname === '/.well-known/oauth-authorization-server/mcp')
+            return true;
+        if (pathname === '/mcp/.well-known/oauth-authorization-server')
+            return true;
+        if (pathname === '/.well-known/oauth-protected-resource')
+            return true;
+        if (pathname === '/.well-known/oauth-protected-resource/mcp')
+            return true;
+        if (pathname === '/mcp/.well-known/oauth-protected-resource')
+            return true;
+        if (pathname === '/.well-known/openid-configuration')
+            return true;
+        if (pathname === '/.well-known/openid-configuration/mcp')
+            return true;
+        if (pathname === '/mcp/.well-known/openid-configuration')
+            return true;
+        // MCP transport endpoints must be reachable with bearer token auth,
+        // not blocked by web-session redirects to /login.
+        if (pathname === '/mcp')
+            return true;
+        if (pathname === '/sse')
+            return true;
+        if (pathname === '/messages')
+            return true;
+        if (pathname === '/ws')
+            return true;
+        if (pathname === '/api/mcp-stdio')
+            return true;
+        if (pathname === '/login')
+            return true;
+        if (pathname === '/' || pathname === '/landing' || pathname === '/pricing')
+            return true;
+        if (pathname.startsWith('/images/'))
+            return true;
+        if (pathname.endsWith('.js') ||
+            pathname.endsWith('.css') ||
+            pathname.endsWith('.png') ||
+            pathname.endsWith('.jpg') ||
+            pathname.endsWith('.svg') ||
+            pathname.endsWith('.ico')) {
+            return true;
+        }
+        return false;
+    }
+    getAuthenticatedUser(req) {
+        if (this.authMode === 'NONE')
+            return this.authDefaultUsername;
+        const cookies = this.parseCookies(req);
+        const accessToken = cookies[this.accessCookieName];
+        if (!accessToken)
+            return null;
+        const payload = (0, token_utils_1.verifyAccessToken)(accessToken, this.authCookieSecret);
+        return payload?.sub || null;
+    }
+    async getUserRoleAsync(username, workspaceId) {
+        if (!username)
+            return 'user';
+        if (this.authMode === 'NONE')
+            return 'admin';
+        try {
+            const user = workspaceId
+                ? await this.ensureDataStore().getUserInWorkspace(username, workspaceId)
+                : await this.ensureDataStore().getUser(username);
+            if (user?.role === 'admin')
+                return 'admin';
+        }
+        catch { }
+        return this.authAdminUsers.some((item) => item.username === username) ? 'admin' : 'user';
+    }
+    async seedLiteAdminsAsync() {
+        if (this.authMode !== 'LITE')
+            return;
+        if (this.authAdminUsers.length === 0)
+            return;
+        const store = this.ensureDataStore();
+        for (const admin of this.authAdminUsers) {
+            const username = this.normalizeUsername(admin.username);
+            if (!username || !admin.password)
+                continue;
+            await store.upsertUser(username, this.hashPassword(admin.password), 'admin', username);
+        }
+    }
+    async tryRefreshAuthAsync(req, res) {
+        if (this.authMode === 'NONE') {
+            return null;
+        }
+        const cookies = this.parseCookies(req);
+        const refreshToken = cookies[this.refreshCookieName];
+        const currentAccessToken = cookies[this.accessCookieName];
+        const currentPayload = currentAccessToken
+            ? ((0, token_utils_1.verifyAccessToken)(currentAccessToken, this.authCookieSecret)
+                || (0, token_utils_1.verifyAccessTokenAllowExpired)(currentAccessToken, this.authCookieSecret))
+            : null;
+        if (!refreshToken) {
+            return null;
+        }
+        const refreshTokenHash = (0, token_utils_1.hashRefreshToken)(refreshToken, this.authCookieSecret);
+        const store = this.ensureDataStore();
+        const record = await store.getRefreshToken(refreshTokenHash);
+        if (!record) {
+            return null;
+        }
+        if (record.revokedAt || new Date(record.expiresAt).getTime() <= Date.now()) {
+            if (!record.revokedAt) {
+                await store.revokeRefreshToken(refreshTokenHash);
+            }
+            this.clearCookie(res, this.accessCookieName);
+            this.clearCookie(res, this.refreshCookieName);
+            return null;
+        }
+        await store.revokeRefreshToken(refreshTokenHash);
+        const newRefreshToken = (0, token_utils_1.createRefreshToken)();
+        const newRefreshHash = (0, token_utils_1.hashRefreshToken)(newRefreshToken, this.authCookieSecret);
+        const refreshExpiresAt = new Date(Date.now() + this.authRefreshTtlSec * 1000).toISOString();
+        await store.saveRefreshToken(newRefreshHash, record.username, refreshExpiresAt);
+        const refreshedUser = await store.getUser(record.username);
+        const refreshedWorkspaceId = refreshedUser?.workspaceId || record.username;
+        const refreshedRole = refreshedUser?.role || await this.getUserRoleAsync(record.username, refreshedWorkspaceId);
+        const newAccessToken = (0, token_utils_1.createAccessToken)(record.username, this.authCookieSecret, this.authAccessTtlSec, refreshedWorkspaceId, refreshedRole, currentPayload?.displayName || record.username, currentPayload?.email, currentPayload?.avatarUrl, currentPayload?.createdDate, currentPayload?.lastSignInDate);
+        this.setCookie(res, this.accessCookieName, newAccessToken, this.authAccessTtlSec);
+        this.setCookie(res, this.refreshCookieName, newRefreshToken, this.authRefreshTtlSec);
+        return record.username;
+    }
+    async resolveAuthContextAsync(req, res) {
+        if (this.authMode === 'NONE') {
+            return this.getNoneModeAuthContext();
+        }
+        const username = req.authUser
+            || this.getAuthenticatedUser(req)
+            || (res ? await this.tryRefreshAuthAsync(req, res) : null)
+            || '';
+        if (!username)
+            return null;
+        const payload = (() => {
+            const cookies = this.parseCookies(req);
+            const accessToken = cookies[this.accessCookieName];
+            return accessToken ? (0, token_utils_1.verifyAccessToken)(accessToken, this.authCookieSecret) : null;
+        })();
+        const user = await this.ensureDataStore().getUser(username);
+        if (!user) {
+            if (res) {
+                this.clearCookie(res, this.accessCookieName);
+                this.clearCookie(res, this.refreshCookieName);
+            }
+            return null;
+        }
+        const workspaceId = (payload?.ws || user?.workspaceId || username).trim();
+        const role = await this.getUserRoleAsync(username, workspaceId);
+        return { username, workspaceId, role };
+    }
+    async requireAdminApiAsync(req, res) {
+        const ctx = await this.resolveAuthContextAsync(req, res);
+        if (!ctx) {
+            res.status(401).json({ success: false, error: 'Unauthorized' });
+            return null;
+        }
+        if (ctx.role !== 'admin') {
+            res.status(403).json({ success: false, error: 'Admin role is required' });
+            return null;
+        }
+        return ctx;
+    }
+    async applyAuthenticatedRequestContextAsync(req, res) {
+        const username = this.getAuthenticatedUser(req);
+        const effectiveUser = username || await this.tryRefreshAuthAsync(req, res);
+        if (!effectiveUser) {
+            if (req.path.startsWith('/api/')) {
+                res.status(401).json({ success: false, error: 'Unauthorized' });
+            }
+            else {
+                res.redirect('/login');
+            }
+            return false;
+        }
+        req.authUser = effectiveUser;
+        const ctx = await this.resolveAuthContextAsync(req, res);
+        if (!ctx) {
+            if (req.path.startsWith('/api/')) {
+                res.status(401).json({ success: false, error: 'Unauthorized' });
+            }
+            else {
+                res.redirect('/login');
+            }
+            return false;
+        }
+        req.authWorkspace = ctx.workspaceId;
+        req.authRole = ctx.role;
+        return true;
+    }
+    base64UrlEncode(input) {
+        return Buffer.from(input, 'utf8').toString('base64url');
+    }
+    signMcpToken(payloadEncoded) {
+        const secret = process.env.QUICKMCP_TOKEN_SECRET || this.authCookieSecret;
+        return crypto_1.default.createHmac('sha256', secret).update(payloadEncoded).digest('base64url');
+    }
+}
+exports.AuthUtils = AuthUtils;
+function normalizeStringArray(value) {
+    if (Array.isArray(value))
+        return value.map((v) => String(v));
+    if (typeof value === 'string') {
+        try {
+            const parsed = JSON.parse(value);
+            return Array.isArray(parsed) ? parsed.map((v) => String(v)) : [];
+        }
+        catch {
+            return [];
+        }
+    }
+    return [];
+}
+function resolveLiteAdminUsernames() {
+    const raw = String(process.env.AUTH_ADMIN_USERS || '').trim();
+    if (!raw)
+        return new Set();
+    try {
+        const parsed = JSON.parse(raw);
+        if (!Array.isArray(parsed))
+            return new Set();
+        return new Set(parsed
+            .map((item) => String(item?.username || '').trim().toLowerCase())
+            .filter((username) => username.length > 0));
+    }
+    catch {
+        return new Set();
+    }
+}
+function normalizeRuleMap(value) {
+    let obj = {};
+    if (value && typeof value === 'object') {
+        obj = value;
+    }
+    else if (typeof value === 'string') {
+        try {
+            const parsed = JSON.parse(value);
+            obj = parsed && typeof parsed === 'object' ? parsed : {};
+        }
+        catch {
+            obj = {};
+        }
+    }
+    const out = {};
+    for (const [k, v] of Object.entries(obj)) {
+        const key = String(k || '').trim();
+        if (!key)
+            continue;
+        if (v === true || v === 'allow' || v === 'true' || v === 1 || v === '1')
+            out[key] = true;
+        else if (v === false || v === 'deny' || v === 'false' || v === -1 || v === '-1')
+            out[key] = false;
+        else
+            out[key] = null;
+    }
+    return out;
+}
+function getMcpTokenRecord(dataStore, mcpAuthMode, mcpTokenHash) {
+    if (mcpAuthMode === 'NONE')
+        return null;
+    if (!mcpTokenHash || typeof dataStore.getMcpTokenByHash !== 'function')
+        return null;
+    try {
+        const row = dataStore.getMcpTokenByHash(mcpTokenHash);
+        if (!row)
+            return null;
+        return {
+            id: row.id,
+            tokenName: String(row.tokenName || row.token_name || ''),
+            workspaceId: String(row.workspaceId || row.workspace_id || ''),
+            subjectUsername: String(row.subjectUsername || row.subject_username || ''),
+            allowAllServers: row.allowAllServers === true || Number(row.allow_all_servers) === 1,
+            allowAllTools: row.allowAllTools === true || Number(row.allow_all_tools) === 1,
+            allowAllResources: row.allowAllResources === true || Number(row.allow_all_resources) === 1,
+            serverIds: normalizeStringArray(row.serverIds || row.server_ids_json),
+            allowedTools: normalizeStringArray(row.allowedTools || row.allowed_tools_json),
+            allowedResources: normalizeStringArray(row.allowedResources || row.allowed_resources_json),
+            serverRules: normalizeRuleMap(row.serverRules || row.server_rules_json || {}),
+            toolRules: normalizeRuleMap(row.toolRules || row.tool_rules_json || {}),
+            resourceRules: normalizeRuleMap(row.resourceRules || row.resource_rules_json || {}),
+            neverExpires: row.neverExpires === true || Number(row.never_expires) === 1,
+            expiresAt: row.expiresAt ? String(row.expiresAt) : (row.expires_at ? String(row.expires_at) : null),
+            revokedAt: row.revokedAt ? String(row.revokedAt) : (row.revoked_at ? String(row.revoked_at) : null)
+        };
+    }
+    catch {
+        return null;
+    }
+}
+function isMcpAuthorizedGlobally(mcpAuthMode, mcpIdentity, mcpTokenRecord) {
+    if (mcpAuthMode === 'NONE')
+        return true;
+    if (!mcpIdentity || !mcpTokenRecord)
+        return false;
+    if (mcpTokenRecord.revokedAt)
+        return false;
+    if (mcpTokenRecord.id && mcpIdentity.tokenId && mcpTokenRecord.id !== mcpIdentity.tokenId)
+        return false;
+    if (mcpTokenRecord.subjectUsername !== mcpIdentity.username)
+        return false;
+    if (mcpTokenRecord.workspaceId !== mcpIdentity.workspace)
+        return false;
+    if (!mcpTokenRecord.neverExpires && mcpTokenRecord.expiresAt) {
+        const expiresMs = Date.parse(mcpTokenRecord.expiresAt);
+        if (Number.isFinite(expiresMs) && expiresMs <= Date.now())
+            return false;
+    }
+    return true;
+}
+function parseServerOwner(serverId) {
+    const idx = String(serverId || '').indexOf('__');
+    if (idx <= 0)
+        return '';
+    return String(serverId).slice(0, idx);
+}
+function isServerOwnedByCurrentIdentity(mcpAuthMode, mcpIdentity, mcpTokenRecord, serverId) {
+    if (mcpAuthMode === 'NONE')
+        return true;
+    if (!mcpIdentity || !mcpTokenRecord)
+        return false;
+    const owner = parseServerOwner(serverId);
+    return owner === mcpIdentity.workspace || owner === mcpIdentity.username;
+}
+function getServerRequireMcpToken(mcpAuthMode, dataStore, serverId) {
+    if (mcpAuthMode === 'NONE')
+        return false;
+    let requireToken = true;
+    try {
+        const globalCfg = typeof dataStore.getMcpTokenPolicy === 'function'
+            ? dataStore.getMcpTokenPolicy('global', '*')
+            : null;
+        if (globalCfg) {
+            requireToken = globalCfg.requireMcpToken !== false;
+        }
+        const owner = parseServerOwner(serverId);
+        if (owner && typeof dataStore.getMcpTokenPolicy === 'function') {
+            const userCfg = dataStore.getMcpTokenPolicy('user', owner);
+            if (userCfg) {
+                requireToken = userCfg.requireMcpToken !== false;
+            }
+        }
+        if (typeof dataStore.getMcpTokenPolicy === 'function') {
+            const serverCfg = dataStore.getMcpTokenPolicy('server', serverId);
+            if (serverCfg) {
+                return serverCfg.requireMcpToken !== false;
+            }
+        }
+        if (typeof dataStore.getServerAuthConfig === 'function') {
+            const legacyCfg = dataStore.getServerAuthConfig(serverId);
+            if (legacyCfg) {
+                return legacyCfg.requireMcpToken !== false;
+            }
+        }
+    }
+    catch { }
+    return requireToken;
+}
+function getToolRequireMcpToken(mcpAuthMode, dataStore, serverId, toolName) {
+    const inherited = getServerRequireMcpToken(mcpAuthMode, dataStore, serverId);
+    if (mcpAuthMode === 'NONE')
+        return false;
+    if (typeof dataStore.getMcpTokenPolicy !== 'function')
+        return inherited;
+    try {
+        const toolCfg = dataStore.getMcpTokenPolicy('tool', `${serverId}__${toolName}`);
+        if (!toolCfg)
+            return inherited;
+        return toolCfg.requireMcpToken !== false;
+    }
+    catch {
+        return inherited;
+    }
+}
+function isServerAuthorized(mcpAuthMode, dataStore, mcpIdentity, mcpTokenRecord, serverId) {
+    if (mcpAuthMode === 'NONE')
+        return true;
+    const requireToken = getServerRequireMcpToken(mcpAuthMode, dataStore, serverId);
+    if (!requireToken)
+        return true;
+    if (!isMcpAuthorizedGlobally(mcpAuthMode, mcpIdentity, mcpTokenRecord))
+        return false;
+    if (!isServerOwnedByCurrentIdentity(mcpAuthMode, mcpIdentity, mcpTokenRecord, serverId))
+        return false;
+    if (mcpTokenRecord && mcpTokenRecord.serverRules && Object.prototype.hasOwnProperty.call(mcpTokenRecord.serverRules, serverId)) {
+        const decision = mcpTokenRecord.serverRules[serverId];
+        if (decision === false)
+            return false;
+        if (decision === true)
+            return true;
+    }
+    if (mcpTokenRecord && !mcpTokenRecord.allowAllServers) {
+        if (!mcpTokenRecord.serverIds.includes(serverId))
+            return false;
+    }
+    return true;
+}
+function isToolAuthorized(mcpAuthMode, dataStore, mcpIdentity, mcpTokenRecord, serverId, toolName) {
+    const requireToken = getToolRequireMcpToken(mcpAuthMode, dataStore, serverId, toolName);
+    if (!requireToken)
+        return true;
+    if (!isMcpAuthorizedGlobally(mcpAuthMode, mcpIdentity, mcpTokenRecord))
+        return false;
+    if (!isServerOwnedByCurrentIdentity(mcpAuthMode, mcpIdentity, mcpTokenRecord, serverId))
+        return false;
+    const full = `${serverId}__${toolName}`;
+    if (mcpAuthMode !== 'NONE' && mcpTokenRecord) {
+        if (mcpTokenRecord.toolRules && Object.prototype.hasOwnProperty.call(mcpTokenRecord.toolRules, full)) {
+            const decision = mcpTokenRecord.toolRules[full];
+            if (decision === false)
+                return false;
+            if (decision === true)
+                return true;
+        }
+        if (!mcpTokenRecord.allowAllTools) {
+            return mcpTokenRecord.allowedTools.includes(full);
+        }
+        return true;
+    }
+    return true;
+}
+function isResourceAuthorized(mcpAuthMode, dataStore, mcpIdentity, mcpTokenRecord, serverId, resourceName) {
+    if (!isServerAuthorized(mcpAuthMode, dataStore, mcpIdentity, mcpTokenRecord, serverId))
+        return false;
+    const full = `${serverId}__${resourceName}`;
+    if (mcpAuthMode !== 'NONE' && mcpTokenRecord) {
+        if (mcpTokenRecord.resourceRules && Object.prototype.hasOwnProperty.call(mcpTokenRecord.resourceRules, full)) {
+            const decision = mcpTokenRecord.resourceRules[full];
+            if (decision === false)
+                return false;
+            if (decision === true)
+                return true;
+        }
+        if (!mcpTokenRecord.allowAllResources) {
+            return mcpTokenRecord.allowedResources.includes(full);
+        }
+        return true;
+    }
+    return true;
+}
+//# sourceMappingURL=auth-utils.js.map

package/dist/auth/auth-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-utils.js","sourceRoot":"","sources":["../../src/auth/auth-utils.ts"],"names":[],"mappings":";;;;;;AAwbA,oDAWC;AAED,8DAcC;AAED,4CAqBC;AAED,8CA+BC;AAED,0DAgBC;AAED,4CAIC;AAED,wEAUC;AAED,4DAsCC;AAuBD,gDAyBC;AAED,4CA4BC;AAED,oDAyBC;AAhsBD,oDAA4B;AAE5B,4CAAwB;AACxB,gDAAwB;AAGxB,+CAA0I;AAC1I,mDAA2D;AAmD3D,MAAa,SAAS;IAYpB,YAAY,MAAuB;QACjC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,mBAAmB,GAAG,MAAM,CAAC,mBAAmB,CAAC;QACtD,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAChD,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAChD,IAAI,CAAC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,CAAC;QAClD,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAChD,IAAI,CAAC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,CAAC;QAClD,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;QAC5C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QACxC,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;IAChD,CAAC;IAED,iBAAiB,CAAC,KAAc;QAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACvD,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC;IAClC,CAAC;IAED,YAAY,CAAC,QAAgB;QAC3B,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACpE,CAAC;IAED,cAAc,CAAC,QAAgB,EAAE,YAAoB;QACnD,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC;IACtD,CAAC;IAED,cAAc,CACZ,QAAgB,EAChB,WAAmB,EACnB,IAAiB,EACjB,MAAe,EACf,QAAiB,EACjB,MAAe,EACf,KAAc;QAEd,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,gBAAM,CAAC,UAAU,EAAE,CAAC;QACpC,MAAM,SAAS,GAAG,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,CAAC;QACtF,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,QAAQ;YACb,EAAE,EAAE,WAAW;YACf,IAAI;YACJ,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3B,GAAG,EAAE,MAAM;YACX,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvD,CAAC;QAEF,6EAA6E;QAC7E,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAA,sBAAM,GAAE,EAAE,CAAC,CAAC,CAAC;QACjG,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QACrE,MAAM,YAAY,GAAG,GAAG,MAAM,IAAI,cAAc,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,gBAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,IAAA,gCAAgB,GAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC7G,MAAM,KAAK,GAAG,GAAG,MAAM,IAAI,cAAc,IAAI,SAAS,EAAE,CAAC;QACzD,OAAO;YACL,KAAK;YACL,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;YACtF,SAAS,EAAE,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;YAClE,OAAO;SACR,CAAC;IACJ,CAAC;IAED,WAAW,CAAC,QAAgB,EAAE,WAAoB;QAChD,IAAI,CAAC,QAAQ;YAAE,OAAO,MAAM,CAAC;QAC7B,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;YAAE,OAAO,OAAO,CAAC;QAC7C,KAAK,WAAW,CAAC;QACjB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;IAC3F,CAAC;IAED,WAAW,CAAC,QAAgB,EAAE,WAAoB;QAChD,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,KAAK,OAAO,CAAC;IAC7D,CAAC;IAED,YAAY,CAAC,GAAoB;QAC/B,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;QACxC,IAAI,CAAC,YAAY;YAAE,OAAO,EAAE,CAAC;QAC7B,OAAO,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE;YACpD,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACpD,IAAI,CAAC,OAAO;gBAAE,OAAO,GAAG,CAAC;YACzB,GAAG,CAAC,OAAO,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAClD,OAAO,GAAG,CAAC;QACb,CAAC,EAAE,EAA4B,CAAC,CAAC;IACnC,CAAC;IAED,SAAS,CAAC,GAAqB,EAAE,IAAY,EAAE,KAAa,EAAE,SAAiB;QAC7E,MAAM,KAAK,GAAG;YACZ,GAAG,IAAI,IAAI,kBAAkB,CAAC,KAAK,CAAC,EAAE;YACtC,QAAQ;YACR,UAAU;YACV,cAAc;YACd,WAAW,SAAS,EAAE;SACvB,CAAC;QACF,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,WAAW,CAAC,GAAqB,EAAE,IAAY;QAC7C,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC;QAC9E,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,oBAAoB,CAAC,GAAkD;QACrE,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC,mBAAmB,CAAC;QAC9D,OAAO,GAAG,CAAC,aAAa,IAAI,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;IACjD,CAAC;IAED,sBAAsB;QACpB,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,mBAAmB;YAClC,WAAW,EAAE,IAAI,CAAC,mBAAmB;YACrC,IAAI,EAAE,OAAO;SACd,CAAC;IACJ,CAAC;IAED,iBAAiB,CAAC,GAA0E;QAC1F,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC1C,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QAC5B,GAAG,CAAC,aAAa,GAAG,GAAG,CAAC,WAAW,CAAC;QACpC,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC;IAC1B,CAAC;IAED,gBAAgB,CAAC,UAAkB;QACjC,MAAM,UAAU,GAAG;YACjB,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC;YAChD,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC;YACjD,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC;YAC/B,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC;YAC5C,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC;SAC1D,CAAC;QAEF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,YAAM,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC3B,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IAED,aAAa,CAAC,aAAqB,EAAE,UAAkB;QACrD,OAAO,GAAG,aAAa,KAAK,UAAU,EAAE,CAAC;IAC3C,CAAC;IAED,YAAY,CAAC,QAAgB;QAC3B,IAAI,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QAClD,IAAI,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QAC/C,IAAI,QAAQ,KAAK,yCAAyC;YAAE,OAAO,IAAI,CAAC;QACxE,IAAI,QAAQ,KAAK,6CAA6C;YAAE,OAAO,IAAI,CAAC;QAC5E,IAAI,QAAQ,KAAK,6CAA6C;YAAE,OAAO,IAAI,CAAC;QAC5E,IAAI,QAAQ,KAAK,uCAAuC;YAAE,OAAO,IAAI,CAAC;QACtE,IAAI,QAAQ,KAAK,2CAA2C;YAAE,OAAO,IAAI,CAAC;QAC1E,IAAI,QAAQ,KAAK,2CAA2C;YAAE,OAAO,IAAI,CAAC;QAC1E,IAAI,QAAQ,KAAK,mCAAmC;YAAE,OAAO,IAAI,CAAC;QAClE,IAAI,QAAQ,KAAK,uCAAuC;YAAE,OAAO,IAAI,CAAC;QACtE,IAAI,QAAQ,KAAK,uCAAuC;YAAE,OAAO,IAAI,CAAC;QACtE,oEAAoE;QACpE,kDAAkD;QAClD,IAAI,QAAQ,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC;QACrC,IAAI,QAAQ,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC;QACrC,IAAI,QAAQ,KAAK,WAAW;YAAE,OAAO,IAAI,CAAC;QAC1C,IAAI,QAAQ,KAAK,KAAK;YAAE,OAAO,IAAI,CAAC;QACpC,IAAI,QAAQ,KAAK,gBAAgB;YAAE,OAAO,IAAI,CAAC;QAC/C,IAAI,QAAQ,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACvC,IAAI,QAAQ,KAAK,GAAG,IAAI,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,UAAU;YAAE,OAAO,IAAI,CAAC;QACxF,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QACjD,IACE,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;YACxB,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EACzB,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,oBAAoB,CAAC,GAAoB;QACvC,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC,mBAAmB,CAAC;QAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACnD,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAC9B,MAAM,OAAO,GAAG,IAAA,+BAAiB,EAAC,WAAW,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACtE,OAAO,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,QAAgB,EAAE,WAAoB;QAC3D,IAAI,CAAC,QAAQ;YAAE,OAAO,MAAM,CAAC;QAC7B,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;YAAE,OAAO,OAAO,CAAC;QAE7C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,WAAW;gBACtB,CAAC,CAAC,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC,kBAAkB,CAAC,QAAQ,EAAE,WAAW,CAAC;gBACxE,CAAC,CAAC,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnD,IAAI,IAAI,EAAE,IAAI,KAAK,OAAO;gBAAE,OAAO,OAAO,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;IAC3F,CAAC;IAED,KAAK,CAAC,mBAAmB;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;YAAE,OAAO;QACrC,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAE7C,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACrC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ;gBAAE,SAAS;YAC3C,MAAM,KAAK,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,GAAoB,EAAE,GAAqB;QACnE,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACrD,MAAM,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC1D,MAAM,cAAc,GAAG,kBAAkB;YACvC,CAAC,CAAC,CAAC,IAAA,+BAAiB,EAAC,kBAAkB,EAAE,IAAI,CAAC,gBAAgB,CAAC;mBAC1D,IAAA,2CAA6B,EAAC,kBAAkB,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC9E,CAAC,CAAC,IAAI,CAAC;QACT,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAA,8BAAgB,EAAC,YAAY,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC/E,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,MAAM,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC3E,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACtB,MAAM,KAAK,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;YACnD,CAAC;YACD,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC7C,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,KAAK,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;QACjD,MAAM,eAAe,GAAG,IAAA,gCAAkB,GAAE,CAAC;QAC7C,MAAM,cAAc,GAAG,IAAA,8BAAgB,EAAC,eAAe,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAChF,MAAM,gBAAgB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5F,MAAM,KAAK,CAAC,gBAAgB,CAAC,cAAc,EAAE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAEhF,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC3D,MAAM,oBAAoB,GAAG,aAAa,EAAE,WAAW,IAAI,MAAM,CAAC,QAAQ,CAAC;QAC3E,MAAM,aAAa,GAAG,aAAa,EAAE,IAAI,IAAI,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,EAAE,oBAAoB,CAAC,CAAC;QAChH,MAAM,cAAc,GAAG,IAAA,+BAAiB,EACtC,MAAM,CAAC,QAAQ,EACf,IAAI,CAAC,gBAAgB,EACrB,IAAI,CAAC,gBAAgB,EACrB,oBAAoB,EACpB,aAAa,EACb,cAAc,EAAE,WAAW,IAAI,MAAM,CAAC,QAAQ,EAC9C,cAAc,EAAE,KAAK,EACrB,cAAc,EAAE,SAAS,EACzB,cAAc,EAAE,WAAW,EAC3B,cAAc,EAAE,cAAc,CAC/B,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,gBAAgB,EAAE,cAAc,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAClF,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,EAAE,eAAe,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACrF,OAAO,MAAM,CAAC,QAAQ,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,GAA4C,EAC5C,GAAsB;QAEtB,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,sBAAsB,EAAE,CAAC;QACvC,CAAC;QAED,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ;eACxB,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC;eAC9B,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;eACvD,EAAE,CAAC;QACR,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAE3B,MAAM,OAAO,GAAG,CAAC,GAAG,EAAE;YACpB,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YACvC,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACnD,OAAO,WAAW,CAAC,CAAC,CAAC,IAAA,+BAAiB,EAAC,WAAW,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACpF,CAAC,CAAC,EAAE,CAAC;QAEL,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC5D,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBAC7C,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;YAChD,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,WAAW,GAAG,CAAC,OAAO,EAAE,EAAE,IAAI,IAAI,EAAE,WAAW,IAAI,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAChE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,GAA4C,EAC5C,GAAqB;QAErB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACzD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACzB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;YAC1E,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,qCAAqC,CACzC,GAA4F,EAC5F,GAAqB;QAErB,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAChD,MAAM,aAAa,GAAG,QAAQ,IAAI,MAAM,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3E,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAClE,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,GAAG,CAAC,QAAQ,GAAG,aAAa,CAAC;QAC7B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACzD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAClE,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,GAAG,CAAC,aAAa,GAAG,GAAG,CAAC,WAAW,CAAC;QACpC,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,eAAe,CAAC,KAAa;QACnC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC1D,CAAC;IAEO,YAAY,CAAC,cAAsB;QACzC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,IAAI,CAAC,gBAAgB,CAAC;QAC1E,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxF,CAAC;CACF;AA5XD,8BA4XC;AAED,SAAgB,oBAAoB,CAAC,KAAc;IACjD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACjC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAgB,yBAAyB;IACvC,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9D,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,GAAG,EAAU,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,GAAG,EAAU,CAAC;QACrD,OAAO,IAAI,GAAG,CACZ,MAAM;aACH,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;aACrE,MAAM,CAAC,CAAC,QAAgB,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CACrD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,GAAG,EAAU,CAAC;IAC3B,CAAC;AACH,CAAC;AAED,SAAgB,gBAAgB,CAAC,KAAc;IAC7C,IAAI,GAAG,GAA4B,EAAE,CAAC;IACtC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,GAAG,GAAG,KAAgC,CAAC;IACzC,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACjC,GAAG,GAAG,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAiC,CAAC,CAAC,CAAC,EAAE,CAAC;QACtF,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,GAAG,EAAE,CAAC;QACX,CAAC;IACH,CAAC;IACD,MAAM,GAAG,GAAmC,EAAE,CAAC;IAC/C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,OAAO,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG;YAAE,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;aACpF,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI;YAAE,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;;YAC7F,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;IACvB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAgB,iBAAiB,CAC/B,SAA6D,EAC7D,WAAqB,EACrB,YAAoB;IAEpB,IAAI,WAAW,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,YAAY,IAAI,OAAO,SAAS,CAAC,iBAAiB,KAAK,UAAU;QAAE,OAAO,IAAI,CAAC;IACpF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;QACtD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;YACxD,WAAW,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;YAC9D,eAAe,EAAE,MAAM,CAAC,GAAG,CAAC,eAAe,IAAI,GAAG,CAAC,gBAAgB,IAAI,EAAE,CAAC;YAC1E,eAAe,EAAE,GAAG,CAAC,eAAe,KAAK,IAAI,IAAI,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC;YACpF,aAAa,EAAE,GAAG,CAAC,aAAa,KAAK,IAAI,IAAI,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,CAAC;YAC9E,iBAAiB,EAAE,GAAG,CAAC,iBAAiB,KAAK,IAAI,IAAI,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,CAAC;YAC1F,SAAS,EAAE,oBAAoB,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,eAAe,CAAC;YACrE,YAAY,EAAE,oBAAoB,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,kBAAkB,CAAC;YAC9E,gBAAgB,EAAE,oBAAoB,CAAC,GAAG,CAAC,gBAAgB,IAAI,GAAG,CAAC,sBAAsB,CAAC;YAC1F,WAAW,EAAE,gBAAgB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,iBAAiB,IAAI,EAAE,CAAC;YAC7E,SAAS,EAAE,gBAAgB,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;YACvE,aAAa,EAAE,gBAAgB,CAAC,GAAG,CAAC,aAAa,IAAI,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;YACnF,YAAY,EAAE,GAAG,CAAC,YAAY,KAAK,IAAI,IAAI,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC;YAC1E,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACnG,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;SACpG,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,uBAAuB,CACrC,WAAqB,EACrB,WAA+B,EAC/B,cAAyC;IAEzC,IAAI,WAAW,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,WAAW,IAAI,CAAC,cAAc;QAAE,OAAO,KAAK,CAAC;IAClD,IAAI,cAAc,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,cAAc,CAAC,EAAE,IAAI,WAAW,CAAC,OAAO,IAAI,cAAc,CAAC,EAAE,KAAK,WAAW,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IACxG,IAAI,cAAc,CAAC,eAAe,KAAK,WAAW,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC1E,IAAI,cAAc,CAAC,WAAW,KAAK,WAAW,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IACvE,IAAI,CAAC,cAAc,CAAC,YAAY,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;QAC7D,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE;YAAE,OAAO,KAAK,CAAC;IAC1E,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjD,IAAI,GAAG,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC;IACxB,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC;AAED,SAAgB,8BAA8B,CAC5C,WAAqB,EACrB,WAA+B,EAC/B,cAAyC,EACzC,QAAgB;IAEhB,IAAI,WAAW,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,WAAW,IAAI,CAAC,cAAc;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACzC,OAAO,KAAK,KAAK,WAAW,CAAC,SAAS,IAAI,KAAK,KAAK,WAAW,CAAC,QAAQ,CAAC;AAC3E,CAAC;AAED,SAAgB,wBAAwB,CACtC,WAAqB,EACrB,SAGC,EACD,QAAgB;IAEhB,IAAI,WAAW,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IACzC,IAAI,YAAY,GAAG,IAAI,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,OAAO,SAAS,CAAC,iBAAiB,KAAK,UAAU;YACjE,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,QAAQ,EAAE,GAAG,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC;QACT,IAAI,SAAS,EAAE,CAAC;YACd,YAAY,GAAG,SAAS,CAAC,eAAe,KAAK,KAAK,CAAC;QACrD,CAAC;QACD,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,KAAK,IAAI,OAAO,SAAS,CAAC,iBAAiB,KAAK,UAAU,EAAE,CAAC;YAC/D,MAAM,OAAO,GAAG,SAAS,CAAC,iBAAiB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC3D,IAAI,OAAO,EAAE,CAAC;gBACZ,YAAY,GAAG,OAAO,CAAC,eAAe,KAAK,KAAK,CAAC;YACnD,CAAC;QACH,CAAC;QACD,IAAI,OAAO,SAAS,CAAC,iBAAiB,KAAK,UAAU,EAAE,CAAC;YACtD,MAAM,SAAS,GAAG,SAAS,CAAC,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAClE,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,SAAS,CAAC,eAAe,KAAK,KAAK,CAAC;YAC7C,CAAC;QACH,CAAC;QACD,IAAI,OAAO,SAAS,CAAC,mBAAmB,KAAK,UAAU,EAAE,CAAC;YACxD,MAAM,SAAS,GAAG,SAAS,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAC1D,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,SAAS,CAAC,eAAe,KAAK,KAAK,CAAC;YAC7C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IACV,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,sBAAsB,CAC7B,WAAqB,EACrB,SAGC,EACD,QAAgB,EAChB,QAAgB;IAEhB,MAAM,SAAS,GAAG,wBAAwB,CAAC,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC7E,IAAI,WAAW,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IACzC,IAAI,OAAO,SAAS,CAAC,iBAAiB,KAAK,UAAU;QAAE,OAAO,SAAS,CAAC;IACxE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,SAAS,CAAC,iBAAiB,CAAC,MAAM,EAAE,GAAG,QAAQ,KAAK,QAAQ,EAAE,CAAC,CAAC;QAChF,IAAI,CAAC,OAAO;YAAE,OAAO,SAAS,CAAC;QAC/B,OAAO,OAAO,CAAC,eAAe,KAAK,KAAK,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAgB,kBAAkB,CAChC,WAAqB,EACrB,SAGC,EACD,WAA+B,EAC/B,cAAyC,EACzC,QAAgB;IAEhB,IAAI,WAAW,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACxC,MAAM,YAAY,GAAG,wBAAwB,CAAC,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAChF,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAE/B,IAAI,CAAC,uBAAuB,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,CAAC;QAAE,OAAO,KAAK,CAAC;IACrF,IAAI,CAAC,8BAA8B,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACtG,IAAI,cAAc,IAAI,cAAc,CAAC,WAAW,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC/H,MAAM,QAAQ,GAAG,cAAc,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,KAAK;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,QAAQ,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;IACrC,CAAC;IACD,IAAI,cAAc,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC;QACtD,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;IACjE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,gBAAgB,CAC9B,WAAqB,EACrB,SAGC,EACD,WAA+B,EAC/B,cAAyC,EACzC,QAAgB,EAChB,QAAgB;IAEhB,MAAM,YAAY,GAAG,sBAAsB,CAAC,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACxF,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,CAAC,uBAAuB,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,CAAC;QAAE,OAAO,KAAK,CAAC;IACrF,IAAI,CAAC,8BAA8B,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACtG,MAAM,IAAI,GAAG,GAAG,QAAQ,KAAK,QAAQ,EAAE,CAAC;IACxC,IAAI,WAAW,KAAK,MAAM,IAAI,cAAc,EAAE,CAAC;QAC7C,IAAI,cAAc,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC;YACrG,MAAM,QAAQ,GAAG,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,QAAQ,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;YACrC,IAAI,QAAQ,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC;QACrC,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC;YAClC,OAAO,cAAc,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,oBAAoB,CAClC,WAAqB,EACrB,SAGC,EACD,WAA+B,EAC/B,cAAyC,EACzC,QAAgB,EAChB,YAAoB;IAEpB,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACrG,MAAM,IAAI,GAAG,GAAG,QAAQ,KAAK,YAAY,EAAE,CAAC;IAC5C,IAAI,WAAW,KAAK,MAAM,IAAI,cAAc,EAAE,CAAC;QAC7C,IAAI,cAAc,CAAC,aAAa,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,EAAE,CAAC;YAC7G,MAAM,QAAQ,GAAG,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YACpD,IAAI,QAAQ,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;YACrC,IAAI,QAAQ,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC;QACrC,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAC;YACtC,OAAO,cAAc,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/auth/jwks-provider.d.ts

@@ -0,0 +1,9 @@
+import crypto from 'crypto';
+export type JwkSet = {
+    keys: object[];
+};
+export declare function getRsaPrivateKey(): crypto.KeyObject;
+export declare function getRsaPublicKey(): crypto.KeyObject;
+export declare function getKid(): string;
+export declare function getJwks(): JwkSet;
+//# sourceMappingURL=jwks-provider.d.ts.map

package/dist/auth/jwks-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwks-provider.d.ts","sourceRoot":"","sources":["../../src/auth/jwks-provider.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAG5B,MAAM,MAAM,MAAM,GAAG;IAAE,IAAI,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC;AAmCxC,wBAAgB,gBAAgB,IAAI,MAAM,CAAC,SAAS,CAEnD;AAED,wBAAgB,eAAe,IAAI,MAAM,CAAC,SAAS,CAElD;AAED,wBAAgB,MAAM,IAAI,MAAM,CAE/B;AAED,wBAAgB,OAAO,IAAI,MAAM,CAKhC"}