@solidxai/core 0.1.6-beta.5 → 0.1.6-beta.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.service.d.ts","sourceRoot":"","sources":["../../src/services/authentication.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAY5C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAMzC,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAOjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAE/C,OAAO,EAAE,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAgC,6BAA6B,EAAE,MAAM,qCAAqC,CAAC;AAClH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAavD,qBACa,qBAAqB;IAI1B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IAEnC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IACpC,OAAO,CAAC,QAAQ,CAAC,0BAA0B;IAG3C,OAAO,CAAC,QAAQ,CAAC,UAAU;IApB/B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA0C;gBAG5C,WAAW,EAAE,WAAW,EAExB,cAAc,EAAE,cAAc,EAC9B,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,sBAAsB,EAAE,6BAA6B,EACrD,WAAW,EAAE,WAAW,EAExB,kBAAkB,EAAE,WAAW,EAE/B,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,aAAa,EAC3B,cAAc,EAAE,cAAc,EAC9B,mBAAmB,EAAE,mBAAmB,EACxC,0BAA0B,EAAE,0BAA0B,EAGtD,UAAU,EAAE,UAAU;YAK7B,cAAc;IAItB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAY3C,qBAAqB,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM;IAcrD,8BAA8B,CAAC,KAAK,EAAE,MAAM;YAOpC,4BAA4B;YAY5B,wBAAwB;IAMhC,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,GAAE,cAAqB,GAAG,OAAO,CAAC,IAAI,CAAC;IAgC9E,sBAAsB,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC,SAAS,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,EAAE,iBAAiB,EAAE,UAAU,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;YAuBhJ,iBAAiB;YAwDjB,gBAAgB;IAc9B,gBAAgB,CAAC,MAAM,GAAE,MAAU,GAAG,MAAM;YAiB9B,+BAA+B;YAyB/B,qBAAqB;YAKrB,mBAAmB;YAKnB,kBAAkB;IA4C1B,uBAAuB,CAAC,SAAS,EAAE,YAAY;;;IA2BrD,OAAO,CAAC,4BAA4B;YAStB,4BAA4B;IAU1C,OAAO,CAAC,mCAAmC;YAI7B,4CAA4C;IAe1D,OAAO,CAAC,UAAU;YAWJ,qBAAqB;YAyBrB,mCAAmC;IAyC3C,sBAAsB,CAAC,gBAAgB,EAAE,gBAAgB;;;;YAuBjD,gCAAgC;IAc9C,OAAO,CAAC,uBAAuB;IAiB/B,OAAO,CAAC,oBAAoB;IAY5B,OAAO,CAAC,wBAAwB;YAMlB,uDAAuD;YAevD,GAAG;IAUjB,OAAO,CAAC,kBAAkB;IAgB1B,OAAO,CAAC,gBAAgB;IAalB,MAAM,CAAC,SAAS,EAAE,SAAS;;;;;;;;;;;;IA0BjC,OAAO,CAAC,SAAS;IAajB,OAAO,CAAC,UAAU;IAWZ,gBAAgB,CAAC,SAAS,EAAE,YAAY;;;;;;;;;;IAgB9C,OAAO,CAAC,gBAAgB;YAmBV,gBAAgB;YAqBhB,cAAc;
|
|
1
|
+
{"version":3,"file":"authentication.service.d.ts","sourceRoot":"","sources":["../../src/services/authentication.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAY5C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAMzC,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAOjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAE/C,OAAO,EAAE,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAgC,6BAA6B,EAAE,MAAM,qCAAqC,CAAC;AAClH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAavD,qBACa,qBAAqB;IAI1B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IAEnC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IACpC,OAAO,CAAC,QAAQ,CAAC,0BAA0B;IAG3C,OAAO,CAAC,QAAQ,CAAC,UAAU;IApB/B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA0C;gBAG5C,WAAW,EAAE,WAAW,EAExB,cAAc,EAAE,cAAc,EAC9B,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,sBAAsB,EAAE,6BAA6B,EACrD,WAAW,EAAE,WAAW,EAExB,kBAAkB,EAAE,WAAW,EAE/B,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,aAAa,EAC3B,cAAc,EAAE,cAAc,EAC9B,mBAAmB,EAAE,mBAAmB,EACxC,0BAA0B,EAAE,0BAA0B,EAGtD,UAAU,EAAE,UAAU;YAK7B,cAAc;IAItB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAY3C,qBAAqB,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM;IAcrD,8BAA8B,CAAC,KAAK,EAAE,MAAM;YAOpC,4BAA4B;YAY5B,wBAAwB;IAMhC,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,GAAE,cAAqB,GAAG,OAAO,CAAC,IAAI,CAAC;IAgC9E,sBAAsB,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC,SAAS,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,EAAE,iBAAiB,EAAE,UAAU,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;YAuBhJ,iBAAiB;YAwDjB,gBAAgB;IAc9B,gBAAgB,CAAC,MAAM,GAAE,MAAU,GAAG,MAAM;YAiB9B,+BAA+B;YAyB/B,qBAAqB;YAKrB,mBAAmB;YAKnB,kBAAkB;IA4C1B,uBAAuB,CAAC,SAAS,EAAE,YAAY;;;IA2BrD,OAAO,CAAC,4BAA4B;YAStB,4BAA4B;IAU1C,OAAO,CAAC,mCAAmC;YAI7B,4CAA4C;IAe1D,OAAO,CAAC,UAAU;YAWJ,qBAAqB;YAyBrB,mCAAmC;IAyC3C,sBAAsB,CAAC,gBAAgB,EAAE,gBAAgB;;;;YAuBjD,gCAAgC;IAc9C,OAAO,CAAC,uBAAuB;IAiB/B,OAAO,CAAC,oBAAoB;IAY5B,OAAO,CAAC,wBAAwB;YAMlB,uDAAuD;YAevD,GAAG;IAUjB,OAAO,CAAC,kBAAkB;IAgB1B,OAAO,CAAC,gBAAgB;IAalB,MAAM,CAAC,SAAS,EAAE,SAAS;;;;;;;;;;;;IA0BjC,OAAO,CAAC,SAAS;IAajB,OAAO,CAAC,UAAU;IAWZ,gBAAgB,CAAC,SAAS,EAAE,YAAY;;;;;;;;;;IAgB9C,OAAO,CAAC,gBAAgB;YAmBV,gBAAgB;YAqBhB,cAAc;IAmB5B,OAAO,CAAC,qBAAqB;YAOf,6BAA6B;IA6CrC,eAAe,CAAC,gBAAgB,EAAE,gBAAgB;;;;;;;;;;;;IAoCxD,OAAO,CAAC,gBAAgB;YAaV,aAAa;YAwBb,uBAAuB;IAO/B,cAAc,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,UAAU,EAAE,cAAc;YAuDvE,2BAA2B;IAYnC,sBAAsB,CAAC,yBAAyB,EAAE,yBAAyB;;;;;;;;;;;YAkDnE,0BAA0B;IA4ClC,qBAAqB,CAAC,wBAAwB,EAAE,wBAAwB;;;;;;;YA8ChE,2BAA2B;IA4CnC,cAAc,CAAC,IAAI,EAAE,IAAI;;;;IAazB,mBAAmB,CAAC,IAAI,EAAE,IAAI;IAe9B,oBAAoB,CAAC,IAAI,EAAE,IAAI,EAAE,oBAAoB,CAAC,EAAE,MAAM;IAa9D,aAAa,CAAC,eAAe,EAAE,eAAe;;;;YAmDtC,SAAS;IAqBjB,uBAAuB,CAAC,IAAI,EAAE,IAAI;IAkBlC,iBAAiB,CAAC,UAAU,EAAE,MAAM;;;;;;;;;;;YAqC5B,iCAAiC;IAK/C,OAAO,CAAC,mBAAmB;YAOb,uBAAuB;YAMvB,mBAAmB;IAa3B,MAAM,CAAC,YAAY,EAAE,MAAM;;;IAuC3B,YAAY,CAAC,MAAM,EAAE,MAAM;IAS3B,EAAE,CAAC,UAAU,EAAE,cAAc;;;;;;;;;;CA8BtC"}
|
|
@@ -566,12 +566,19 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
|
|
|
566
566
|
if (type === constants_1.PasswordlessLoginValidateWhatSources.EMAIL) {
|
|
567
567
|
user.emailVerificationTokenOnLogin = token;
|
|
568
568
|
user.emailVerificationTokenOnLoginExpiresAt = expiresAt;
|
|
569
|
+
await this.userRepository.update(user.id, {
|
|
570
|
+
emailVerificationTokenOnLogin: token,
|
|
571
|
+
emailVerificationTokenOnLoginExpiresAt: expiresAt,
|
|
572
|
+
});
|
|
569
573
|
}
|
|
570
574
|
else {
|
|
571
575
|
user.mobileVerificationTokenOnLogin = token;
|
|
572
576
|
user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;
|
|
577
|
+
await this.userRepository.update(user.id, {
|
|
578
|
+
mobileVerificationTokenOnLogin: token,
|
|
579
|
+
mobileVerificationTokenOnLoginExpiresAt: expiresAt,
|
|
580
|
+
});
|
|
573
581
|
}
|
|
574
|
-
await this.userRepository.save(user);
|
|
575
582
|
}
|
|
576
583
|
buildLoginOtpResponse(user, type) {
|
|
577
584
|
const maskedIdentifier = type === constants_1.PasswordlessLoginValidateWhatSources.EMAIL
|
|
@@ -633,10 +640,9 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
|
|
|
633
640
|
await this.incrementFailedAttempts(user);
|
|
634
641
|
throw e;
|
|
635
642
|
}
|
|
636
|
-
this.clearLoginOtp(user, type);
|
|
637
|
-
user.failedLoginAttempts = 0;
|
|
643
|
+
await this.clearLoginOtp(user, type);
|
|
638
644
|
await this.userActivityHistoryService.logEvent('login', user);
|
|
639
|
-
await this.
|
|
645
|
+
await this.resetFailedAttempts(user);
|
|
640
646
|
return this.buildLoginTokenResponse(user);
|
|
641
647
|
}
|
|
642
648
|
validateLoginOtp(user, otp, type) {
|
|
@@ -650,16 +656,28 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
|
|
|
650
656
|
throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.OTP_EXPIRED);
|
|
651
657
|
}
|
|
652
658
|
}
|
|
653
|
-
clearLoginOtp(user, type) {
|
|
659
|
+
async clearLoginOtp(user, type) {
|
|
654
660
|
if (type === constants_1.PasswordlessLoginValidateWhatSources.EMAIL) {
|
|
655
|
-
|
|
661
|
+
const verifiedAt = new Date();
|
|
662
|
+
user.emailVerifiedOnLoginAt = verifiedAt;
|
|
656
663
|
user.emailVerificationTokenOnLogin = null;
|
|
657
664
|
user.emailVerificationTokenOnLoginExpiresAt = null;
|
|
665
|
+
await this.userRepository.update(user.id, {
|
|
666
|
+
emailVerifiedOnLoginAt: verifiedAt,
|
|
667
|
+
emailVerificationTokenOnLogin: null,
|
|
668
|
+
emailVerificationTokenOnLoginExpiresAt: null,
|
|
669
|
+
});
|
|
658
670
|
}
|
|
659
671
|
else {
|
|
660
|
-
|
|
672
|
+
const verifiedAt = new Date();
|
|
673
|
+
user.mobileVerifiedOnLoginAt = verifiedAt;
|
|
661
674
|
user.mobileVerificationTokenOnLogin = null;
|
|
662
675
|
user.mobileVerificationTokenOnLoginExpiresAt = null;
|
|
676
|
+
await this.userRepository.update(user.id, {
|
|
677
|
+
mobileVerifiedOnLoginAt: verifiedAt,
|
|
678
|
+
mobileVerificationTokenOnLogin: null,
|
|
679
|
+
mobileVerificationTokenOnLoginExpiresAt: null,
|
|
680
|
+
});
|
|
663
681
|
}
|
|
664
682
|
}
|
|
665
683
|
async buildLoginTokenResponse(user) {
|
|
@@ -962,14 +980,15 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
|
|
|
962
980
|
}
|
|
963
981
|
}
|
|
964
982
|
async incrementFailedAttempts(user) {
|
|
965
|
-
user.failedLoginAttempts
|
|
966
|
-
|
|
983
|
+
const nextFailedAttempts = (user.failedLoginAttempts ?? 0) + 1;
|
|
984
|
+
user.failedLoginAttempts = nextFailedAttempts;
|
|
985
|
+
await this.userRepository.update(user.id, { failedLoginAttempts: nextFailedAttempts });
|
|
967
986
|
}
|
|
968
987
|
async resetFailedAttempts(user) {
|
|
969
988
|
if (user.failedLoginAttempts === 0)
|
|
970
989
|
return;
|
|
971
990
|
user.failedLoginAttempts = 0;
|
|
972
|
-
await this.userRepository.
|
|
991
|
+
await this.userRepository.update(user.id, { failedLoginAttempts: 0 });
|
|
973
992
|
}
|
|
974
993
|
async logout(refreshToken) {
|
|
975
994
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.service.js","sourceRoot":"","sources":["../../src/services/authentication.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAA4C;AAE5C,2CASwB;AACxB,yDAAsD;AACtD,qCAAyC;AACzC,6CAAmD;AACnD,qDAAsD;AACtD,mCAA+C;AAC/C,gEAA8D;AAC9D,oEAAkE;AAElE,4DAAyD;AACzD,mEAAgE;AAChE,qCAAiD;AACjD,+BAAoC;AACpC,4CAIsB;AAUtB,yDAA+C;AAC/C,8CAAwD;AAExD,uDAAmD;AACnD,2FAAkH;AAClH,mEAA8D;AAC9D,uDAAmD;AACnD,mFAA6E;AAC7E,iDAA6C;AAC7C,0DAAuD;AAEvD,IAAK,aAIJ;AAJD,WAAK,aAAa;IACd,gCAAe,CAAA;IACf,kCAAiB,CAAA;IACjB,4BAAW,CAAA;AACf,CAAC,EAJI,aAAa,KAAb,aAAa,QAIjB;AAQM,IAAM,qBAAqB,6BAA3B,MAAM,qBAAqB;IAG9B,YACqB,WAAwB,EAExB,cAA8B,EAC9B,cAA8B,EAC9B,UAAsB,EACtB,sBAAqD,EACrD,WAAwB,EAExB,kBAA+B,EAE/B,UAAsB,EACtB,YAA2B,EAC3B,cAA8B,EAC9B,mBAAwC,EACxC,0BAAsD,EAGvE,UAAuC;QAjBtB,gBAAW,GAAX,WAAW,CAAa;QAExB,mBAAc,GAAd,cAAc,CAAgB;QAC9B,mBAAc,GAAd,cAAc,CAAgB;QAC9B,eAAU,GAAV,UAAU,CAAY;QACtB,2BAAsB,GAAtB,sBAAsB,CAA+B;QACrD,gBAAW,GAAX,WAAW,CAAa;QAExB,uBAAkB,GAAlB,kBAAkB,CAAa;QAE/B,eAAU,GAAV,UAAU,CAAY;QACtB,iBAAY,GAAZ,YAAY,CAAe;QAC3B,mBAAc,GAAd,cAAc,CAAgB;QAC9B,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,+BAA0B,GAA1B,0BAA0B,CAA4B;QAGtD,eAAU,GAAV,UAAU,CAAY;QApB1B,WAAM,GAAG,IAAI,eAAM,CAAC,uBAAqB,CAAC,IAAI,CAAC,CAAC;IAuBjE,CAAC;IAEO,KAAK,CAAC,cAAc;QACxB,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,aAAa,CAAC,CAAC;IAC/E,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,KAAa;QAC7C,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YACrC,KAAK,EAAE;gBACH,EAAE,QAAQ,EAAE,QAAQ,EAAE;gBACtB,EAAE,KAAK,EAAE,KAAK,EAAE;aACnB;YACD,SAAS,EAAE;gBACP,KAAK,EAAE,IAAI;aACd;SACJ,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAAU,EAAE,WAAmB;QACvD,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC5D,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QACjD,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,CAAC;QAClE,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE;YACtC,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,qBAAqB,EAAE,IAAI,CAAC,qBAAqB;YACjD,UAAU,EAAE,IAAI,CAAC,UAAU;SAC9B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,8BAA8B,CAAC,KAAa;QAC9C,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YACrC,KAAK,EAAE,EAAE,iCAAiC,EAAE,KAAK,EAAE;YACnD,SAAS,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7B,CAAC,CAAC;IACP,CAAC;IAEO,KAAK,CAAC,4BAA4B,CAAC,IAAU,EAAE,QAAgB;QACnE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,eAAe,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACvG,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;QACxE,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,wBAAwB,CAAC,IAAU,EAAE,QAAgB;QAC/D,IAAI,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC;YAC7E,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACrD,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAoB,EAAE,aAA6B,IAAI;QAMhE,IAAI,CAAC;YACD,MAAM,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,iCAAiC,CAAC,CAAC;YACtH,MAAM,0BAA0B,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,4BAA4B,CAAC,CAAC;YACtH,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,aAAa,CAAC,CAAC;YAExF,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,kBAAI,EAAE,EAAE,SAAS,EAAE,0BAA0B,EAAE,qBAAqB,CAAC,CAAC;YAC7I,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEvD,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC;YACxC,IAAI,SAAS,CAAC,QAAQ,KAAK,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC7C,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAChC,CAAC;YACD,MAAM,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,SAAS,EAAE,GAAG,EAAE,gBAAgB,CAAC,CAAC;YAIzE,OAAO,SAAS,CAAC;QACrB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,0BAA0B,GAAG,OAAO,CAAC;YAC3C,IAAI,GAAG,CAAC,IAAI,KAAK,0BAA0B,EAAE,CAAC;gBAC1C,MAAM,IAAI,0BAAiB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YACpE,CAAC;YACD,MAAM,GAAG,CAAC;QACd,CAAC;IACL,CAAC;IAED,KAAK,CAAC,sBAAsB,CAA0C,SAAoB,EAAE,gBAAmB,EAAE,iBAAgC;QAC7I,IAAI,CAAC;YACD,MAAM,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,iCAAiC,CAAC,CAAC;YAGtH,MAAM,aAAa,GAAG,iBAAiB,CAAC,KAAK,CAAC,iBAAiB,CAAC,MAAM,EAAO,EAAE,gBAAgB,CAAC,CAAC;YACjG,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAI,aAAa,EAAE,SAAS,EAAE,gBAAgB,CAAC,MAAM,IAAI,IAAI,EAAE,qBAAqB,CAAC,CAAC;YACxJ,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAErD,MAAM,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,gBAAgB,CAAC,CAAC;YAE/E,OAAO,SAAS,CAAC;QACrB,CAAC;QACD,OAAO,GAAG,EAAE,CAAC;YACT,MAAM,0BAA0B,GAAG,OAAO,CAAC;YAC3C,IAAI,GAAG,CAAC,IAAI,KAAK,0BAA0B,EAAE,CAAC;gBAC1C,MAAM,IAAI,0BAAiB,CAAC,0BAA0B,CAAC,GAAG,CAAC,MAAM,IAAI,+BAAc,CAAC,2BAA2B,CAAC,CAAC,CAAC;YACtH,CAAC;YACD,MAAM,GAAG,CAAC;QACd,CAAC;IACL,CAAC;IAGO,KAAK,CAAC,iBAAiB,CAAiB,IAAO,EAAE,SAAoB,EAAE,eAAwB,IAAI,EAAE,qBAA+B;QAExI,IAAI,0BAA0B,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,0BAA0B,CAAC,CAAC;QAClH,IAAI,SAAS,CAAC,KAAK,IAAI,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC9C,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACpC,MAAM,IAAI,CAAC,mBAAmB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAC5D,CAAC;QACL,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;QACnC,IAAI,CAAC,mBAAmB,GAAG,qBAAqB,CAAC;QACjD,IAAI,SAAS,CAAC,MAAM,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;QACnC,CAAC;QAID,IAAI,GAAG,GAAG,EAAE,CAAC;QACb,IAAI,gBAAgB,GAAG,EAAE,CAAC;QAG1B,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;YACrB,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC7D,CAAC;aAEI,CAAC;YAEF,IAAI,0BAA0B,EAAE,QAAQ,EAAE,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;gBAClE,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC3C,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACvD,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;YACpC,CAAC;iBAEI,CAAC;gBAGF,IAAI,CAAC,MAAM,IAAI,CAAC,iCAAiC,EAAE,EAAE,CAAC;oBAClD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sHAAsH,CAAC,CAAC;oBAC1I,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kCAAkC,CAAC,CAAC;gBACrF,CAAC;gBAGD,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC;QACL,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC;QACpB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QACjD,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,CAAC;QAClE,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC;QAC3B,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC;IAC3C,CAAC;IAGO,KAAK,CAAC,gBAAgB,CAAC,IAAU,EAAE,QAAkB,EAAE,EAAE,GAAW,EAAE,gBAAwB;QAClG,MAAM,IAAI,CAAC,WAAW,CAAC,yBAAyB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAI9D,IAAI,IAAI,CAAC,mBAAmB,IAAI,gBAAgB,EAAE,CAAC;YAC/C,MAAM,IAAI,CAAC,+BAA+B,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QACvE,CAAC;QAGD,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAGD,gBAAgB,CAAC,SAAiB,CAAC;QAC/B,MAAM,SAAS,GAAG,4BAA4B,CAAC;QAC/C,MAAM,SAAS,GAAG,4BAA4B,CAAC;QAC/C,MAAM,OAAO,GAAG,YAAY,CAAC;QAC7B,MAAM,YAAY,GAAG,KAAK,CAAC;QAC3B,MAAM,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,OAAO,GAAG,YAAY,CAAC;QAEhE,IAAI,QAAQ,GAAG,EAAE,CAAC;QAElB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;YAChE,QAAQ,IAAI,QAAQ,CAAC,WAAW,CAAC,CAAC;QACtC,CAAC;QAED,OAAO,QAAQ,CAAC;IACpB,CAAC;IAEO,KAAK,CAAC,+BAA+B,CAAC,IAAU,EAAE,gBAAwB;QAC9E,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;QAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,0BAA0B,EAC1B;YACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;YAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;YAC9F,oBAAoB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,sBAAsB,CAAC;YAClG,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,gBAAgB;YAC1B,cAAc,EAAE,WAAW;SAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;IAEN,CAAC;IAEO,KAAK,CAAC,qBAAqB;QAC/B,MAAM,wBAAwB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,0BAA0B,CAAC,CAAC;QAClH,OAAO,wBAAwB,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,mBAAmB;QAC7B,MAAM,sBAAsB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,wBAAwB,CAAC,CAAC;QAC9G,OAAO,sBAAsB,CAAC;IAClC,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,IAAU;QACvC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAEhD,IAAI,MAAM,IAAI,CAAC,qBAAqB,EAAE,EAAE,CAAC;YACrC,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;YAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;gBAC9F,oBAAoB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,sBAAsB,CAAC;gBAClG,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;QACN,CAAC;QAGD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAA;QAC5D,IAAI,mBAAmB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACrC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;YACnD,UAAU,CAAC,oBAAoB,CAC3B,IAAI,CAAC,MAAM,EACX,gBAAgB,EAChB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,oBAAoB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,sBAAsB,CAAC;gBAClG,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ;aAC1D,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CAEzE,CAAC;QACN,CAAC;IACL,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,SAAuB;QACjD,MAAM,iCAAiC,GAAG,MAAM,IAAI,CAAC,iCAAiC,EAAE,CAAC;QACzF,IAAI,CAAC,iCAAiC,EAAE,CAAC;YACrC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kCAAkC,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,mCAAmC,EAAE,CAAC;QACpE,IAAI,CAAC,4BAA4B,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;QAE/D,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,4BAA4B,CAAC,SAAS,CAAC,CAAC;QACxE,IAAI,IAAA,4BAAU,EAAC,YAAY,CAAC,IAAI,YAAY,CAAC,MAAM,EAAE,CAAC;YAClD,MAAM,IAAI,0BAAiB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;QACpE,CAAC;QAED,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,4CAA4C,CAAC,YAAY,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAChH,MAAM,IAAI,CAAC,mCAAmC,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,0BAAiB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YACpE,CAAC;YACD,MAAM,GAAG,CAAC;QACd,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,mCAAgB,CAAC,6BAA6B,EAAE,CAAC;IACvE,CAAC;IAEO,4BAA4B,CAAC,SAAuB,EAAE,gBAAwB;QAClF,IAAI,gBAAgB,KAAK,uDAA2C,CAAC,KAAK,IAAI,IAAA,yBAAO,EAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACrG,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,6BAA6B,CAAC,CAAC;QAChF,CAAC;QACD,IAAI,gBAAgB,KAAK,uDAA2C,CAAC,MAAM,IAAI,IAAA,yBAAO,EAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACvG,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,8BAA8B,CAAC,CAAC;QACjF,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,4BAA4B,CAAC,SAAuB;QAC9D,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC/B,KAAK,EAAE;gBACH,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE;gBAC1B,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE;gBAC5B,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE;aACnC;SACJ,CAAC,CAAC;IACP,CAAC;IAEO,mCAAmC;QACvC,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,sCAAsC,CAAC,CAAC;IACxG,CAAC;IAEO,KAAK,CAAC,4CAA4C,CAAC,YAAkB,EAAE,SAAuB,EAAE,gBAAwB;QAC5H,IAAI,IAAI,GAAG,YAAY,CAAC;QACxB,IAAI,IAAA,yBAAO,EAAC,IAAI,CAAC,EAAE,CAAC;YAChB,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAClC,MAAM,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YACzD,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrC,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,aAAa,CAAC,CAAC,CAAC;QAC7H,CAAC;aAAM,CAAC;YACJ,MAAM,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YACzD,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAGO,UAAU,CAAC,SAAuB;QACtC,MAAM,IAAI,GAAG,IAAI,kBAAI,EAAE,CAAC;QACxB,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;QAC/B,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC,aAAa,CAAC;QAC7C,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC,GAAG,CAAC;QAC3C,OAAO,IAAI,CAAC;IAChB,CAAC;IAGO,KAAK,CAAC,qBAAqB,CAAC,oCAA4C,EAAE,IAAU;QACxF,IAAI,CAAC,oCAAoC,EAAE,CAAC;YACxC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,0BAA0B,CAAC,CAAC;QAC7E,CAAC;QACD,MAAM,2BAA2B,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,6BAA6B,CAAC,CAAC;QACxH,IAAI,oCAAoC,KAAK,uDAA2C,CAAC,KAAK,EAAE,CAAC;YAC7F,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9C,IAAI,CAAC,oCAAoC,GAAG,KAAK,CAAC;YAClD,IAAI,CAAC,6CAA6C,GAAG,SAAS,CAAC;YAC/D,IAAI,2BAA2B,EAAE,CAAC;gBAC9B,IAAI,CAAC,6BAA6B,GAAG,KAAK,CAAC;gBAC3C,IAAI,CAAC,sCAAsC,GAAG,SAAS,CAAC;YAC5D,CAAC;QACL,CAAC;QACD,IAAI,oCAAoC,KAAK,uDAA2C,CAAC,MAAM,EAAE,CAAC;YAC9F,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9C,IAAI,CAAC,qCAAqC,GAAG,KAAK,CAAC;YACnD,IAAI,CAAC,8CAA8C,GAAG,SAAS,CAAC;YAChE,IAAI,2BAA2B,EAAE,CAAC;gBAC9B,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,uCAAuC,GAAG,SAAS,CAAC;YAC7D,CAAC;QACL,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,mCAAmC,CAAC,IAAU,EAAE,4BAAoC;QAC9F,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,IAAI,4BAA4B,KAAK,gDAAoC,CAAC,KAAK,EAAE,CAAC;YAC9E,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;YAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;gBAC9F,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ;gBACvD,oCAAoC,EAAE,IAAI,CAAC,oCAAoC;gBAC/E,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;QACN,CAAC;QACD,IAAI,4BAA4B,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;YAC/E,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;YACnD,UAAU,CAAC,oBAAoB,CAC3B,IAAI,CAAC,MAAM,EACX,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,GAAG,EAAE,IAAI,CAAC,qCAAqC;gBAC/C,qCAAqC,EAAE,IAAI,CAAC,qCAAqC;gBACjF,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ;gBACvD,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CAEzE,CAAC;QACN,CAAC;IACL,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,gBAAkC;QAC3D,MAAM,iCAAiC,GAAG,MAAM,IAAI,CAAC,iCAAiC,EAAE,CAAC;QACzF,IAAI,CAAC,iCAAiC,EAAE,CAAC;YACrC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kCAAkC,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,gBAAgB,CAAC;QACnD,IAAI,IAAI,KAAK,uDAA2C,CAAC,KAAK;YAC1D,IAAI,KAAK,uDAA2C,CAAC,MAAM,EAAE,CAAC;YAC9D,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,yBAAyB,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gCAAgC,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC3E,IAAI,CAAC,uBAAuB,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC9C,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,4BAA4B,CAAC;YAC5F,MAAM,IAAI,CAAC,uDAAuD,CAAC,IAAI,CAAC,CAAC;QAE7E,MAAM,SAAS,GAAS,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7D,IAAI,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC;QACzC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,kCAAkC,IAAI,EAAE,EAAE,CAAC;IAC3F,CAAC;IAEO,KAAK,CAAC,gCAAgC,CAC1C,IAAiD,EACjD,UAAkB;QAElB,MAAM,KAAK,GAAG,IAAI,KAAK,uDAA2C,CAAC,KAAK;YACpE,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE;YACvB,CAAC,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,cAAc,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,uBAAuB,CAC3B,IAAU,EACV,GAAW,EACX,IAAiD;QAEjD,MAAM,OAAO,GAAG,IAAI,KAAK,uDAA2C,CAAC,KAAK,CAAC;QAC3E,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC,CAAC,IAAI,CAAC,qCAAqC,CAAC;QAC/G,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC;QAErI,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,WAAW,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,WAAW,CAAC,CAAC;QAChE,CAAC;IACL,CAAC;IAEO,oBAAoB,CAAC,IAAU,EAAE,IAAiD;QACtF,IAAI,IAAI,KAAK,uDAA2C,CAAC,KAAK,EAAE,CAAC;YAC7D,IAAI,CAAC,6BAA6B,GAAG,IAAI,IAAI,EAAE,CAAC;YAChD,IAAI,CAAC,oCAAoC,GAAG,IAAI,CAAC;YACjD,IAAI,CAAC,6CAA6C,GAAG,IAAI,CAAC;QAC9D,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,8BAA8B,GAAG,IAAI,IAAI,EAAE,CAAC;YACjD,IAAI,CAAC,qCAAqC,GAAG,IAAI,CAAC;YAClD,IAAI,CAAC,8CAA8C,GAAG,IAAI,CAAC;QAC/D,CAAC;IACL,CAAC;IAEO,wBAAwB,CAAC,SAAe;QAE5C,MAAM,KAAK,GAAG,IAAI,yBAAY,CAAO,sBAAS,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAC3E,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,sBAAS,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IAC7D,CAAC;IAEO,KAAK,CAAC,uDAAuD,CAAC,IAAU;QAC5E,MAAM,4BAA4B,GAAG,IAAI,CAAC,mCAAmC,EAAE,CAAC;QAChF,IAAI,4BAA4B,KAAK,gDAAoC,CAAC,KAAK,EAAE,CAAC;YAC9E,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE,CAAC;gBACtC,OAAO,KAAK,CAAC;YACjB,CAAC;QACL,CAAC;QACD,IAAI,4BAA4B,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;YAC/E,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;gBACvC,OAAO,KAAK,CAAC;YACjB,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,GAAG;QACb,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,WAAW,CAAC,CAAC;QACpF,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,SAAS,CAAC,CAAC;QAC7C,OAAO;YACH,KAAK,EAAE,IAAA,kBAAS,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC,QAAQ,EAAE;YAC3C,SAAS,EAAE,GAAG;SACjB,CAAC;IACN,CAAC;IAEO,kBAAkB,CAAC,IAAW;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC,CAAC;QAClF,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC;YAC/B,OAAO,SAAS,CAAC;QACrB,CAAC;QACD,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC7C,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YACrB,OAAO,SAAS,CAAC;QACrB,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,OAAO,SAAS,CAAC;QACrB,CAAC;QACD,OAAO,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IAC7D,CAAC;IAEO,gBAAgB;QACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,eAAe,CAAC,CAAC;QACvF,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC5C,OAAO,IAAI,GAAG,EAAE,CAAC;QACrB,CAAC;QACD,OAAO,IAAI,GAAG,CACV,QAAQ;aACH,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;aAC1C,MAAM,CAAC,OAAO,CAAC,CACvB,CAAC;IACN,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAoB;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QACzE,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;QACxE,CAAC;QACD,MAAM,IAAI,CAAC,4BAA4B,CAAC,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;QAClE,MAAM,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC9D,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAErC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE/C,MAAM,IAAI,CAAC,0BAA0B,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAE9D,OAAO;YACH,IAAI,EAAE;gBACF,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;gBAC7C,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;aAC7C;YACD,GAAG,MAAM;SACZ,CAAA;IACL,CAAC;IAEO,SAAS,CAAC,KAAa;QAC3B,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,OAAO,MAAM,EAAE,CAAC;QAC1C,CAAC;QAED,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3C,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO,GAAG,YAAY,MAAM,UAAU,IAAI,MAAM,EAAE,CAAC;IACvD,CAAC;IAEO,UAAU,CAAC,MAAc;QAC7B,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACrB,OAAO,MAAM,CAAC;QAClB,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACpC,OAAO,MAAM,UAAU,EAAE,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,SAAuB;QAC1C,MAAM,iCAAiC,GAAG,MAAM,IAAI,CAAC,iCAAiC,EAAE,CAAC;QACzF,IAAI,CAAC,iCAAiC,EAAE,CAAC;YACrC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kCAAkC,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACtC,IAAI,CAAC,6BAA6B,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAClD,CAAC;IAEO,gBAAgB,CAAC,SAAuB;QAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,+BAA+B,CAAyC,CAAC;QAE9I,IAAI,OAAO,KAAK,gDAAoC,CAAC,UAAU,EAAE,CAAC;YAC9D,IAAI,SAAS,CAAC,IAAI,KAAK,gDAAoC,CAAC,KAAK;gBAC7D,SAAS,CAAC,IAAI,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;gBACjE,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,yBAAyB,CAAC,CAAC;YAC5E,CAAC;YACD,OAAO,SAAS,CAAC,IAA4C,CAAC;QAClE,CAAC;QAED,IAAI,OAAO,KAAK,gDAAoC,CAAC,KAAK;YACtD,OAAO,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;YAC1D,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,yBAAyB,CAAC,CAAC;IAC5E,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC1B,IAA0C,EAC1C,UAAkB,EAClB,UAAmC,EAAE;QAErC,MAAM,SAAS,GAAG,IAAI,KAAK,gDAAoC,CAAC,KAAK;YACjE,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE;YACvB,CAAC,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC3C,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,SAAS,CAAC;YAC5C,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC/D,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,cAAc,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,aAAa,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,IAAU,EAAE,IAA0C;QAC/E,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;QAC9C,IAAI,IAAI,KAAK,gDAAoC,CAAC,KAAK,EAAE,CAAC;YACtD,IAAI,CAAC,6BAA6B,GAAG,KAAK,CAAC;YAC3C,IAAI,CAAC,sCAAsC,GAAG,SAAS,CAAC;QAC5D,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;YAC5C,IAAI,CAAC,uCAAuC,GAAG,SAAS,CAAC;QAC7D,CAAC;QACD,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IAEO,qBAAqB,CAAC,IAAU,EAAE,IAA0C;QAChF,MAAM,gBAAgB,GAAG,IAAI,KAAK,gDAAoC,CAAC,KAAK;YACxE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;YACvC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,OAAO,EAAE,mCAAgB,CAAC,sBAAsB,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;IACxF,CAAC;IAEO,KAAK,CAAC,6BAA6B,CAAC,IAAU,EAAE,SAA+C;QACnG,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAE/C,IAAI,QAAQ;YACR,OAAO;QACX,IAAI,SAAS,KAAK,gDAAoC,CAAC,KAAK,EAAE,CAAC;YAC3D,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;YAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,cAAc,EACd;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;gBAC9F,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,6BAA6B,EAAE,IAAI,CAAC,6BAA6B;gBACjE,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ;gBACvD,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;QACN,CAAC;QACD,IAAI,SAAS,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;YAC5D,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;YACnD,UAAU,CAAC,oBAAoB,CAC3B,IAAI,CAAC,MAAM,EACX,cAAc,EACd;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,GAAG,EAAE,IAAI,CAAC,8BAA8B;gBACxC,8BAA8B,EAAE,IAAI,CAAC,8BAA8B;gBACnE,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ;gBACvD,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CAEzE,CAAC;QACN,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,gBAAkC;QACpD,MAAM,iCAAiC,GAAG,MAAM,IAAI,CAAC,iCAAiC,EAAE,CAAC;QACzF,IAAI,CAAC,iCAAiC,EAAE,CAAC;YACrC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kCAAkC,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,gBAAgB,CAAC;QACnD,IAAI,IAAI,KAAK,gDAAoC,CAAC,KAAK;YACnD,IAAI,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;YACvD,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,yBAAyB,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAE/C,IAAI,QAAQ,EAAE,CAAC;YACX,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACnB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,WAAW,CAAC,CAAC;YAChE,CAAC;YACD,OAAO,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,CAAC;YACD,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,CAAC,CAAC;QACZ,CAAC;QAED,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAE/B,IAAI,CAAC,mBAAmB,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,CAAC,0BAA0B,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC9D,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;IAEO,gBAAgB,CAAC,IAAU,EAAE,GAAW,EAAE,IAA0C;QACxF,MAAM,OAAO,GAAG,IAAI,KAAK,gDAAoC,CAAC,KAAK,CAAC;QACpE,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC;QACjG,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC,CAAC,IAAI,CAAC,uCAAuC,CAAC;QAEvH,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,WAAW,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,WAAW,CAAC,CAAC;QAChE,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,IAAU,EAAE,IAA0C;QACxE,IAAI,IAAI,KAAK,gDAAoC,CAAC,KAAK,EAAE,CAAC;YACtD,IAAI,CAAC,sBAAsB,GAAG,IAAI,IAAI,EAAE,CAAC;YACzC,IAAI,CAAC,6BAA6B,GAAG,IAAI,CAAC;YAC1C,IAAI,CAAC,sCAAsC,GAAG,IAAI,CAAC;QACvD,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,uBAAuB,GAAG,IAAI,IAAI,EAAE,CAAC;YAC1C,IAAI,CAAC,8BAA8B,GAAG,IAAI,CAAC;YAC3C,IAAI,CAAC,uCAAuC,GAAG,IAAI,CAAC;QACxD,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,IAAU;QAC5C,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACtE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC;QAChE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,KAAK,EAAE,EAAE,CAAC;IAC1G,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,iBAAoC,EAAE,UAA0B;QACjF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC3C,KAAK,EAAE,EAAE,EAAE,EAAE,iBAAiB,CAAC,EAAE,EAAE;SACtC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,0BAAiB,CAAC,+BAAc,CAAC,cAAc,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,aAAa,CAAC,CAAC;QAClE,CAAC;QAGD,IAAI,IAAI,CAAC,iBAAiB,KAAK,OAAO,EAAE,CAAC;YACrC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kBAAkB,CAAC,CAAC;QACrE,CAAC;QAGD,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,gBAAgB,CAAC,CAAC;QACnE,CAAC;QAGD,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,iBAAiB,CAAC,CAAC;QACpE,CAAC;QAGD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAC7C,iBAAiB,CAAC,eAAe,EACjC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,qBAAqB,CAC7B,CAAC;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,0BAA0B,CAAC,CAAC;QAC/E,CAAC;QAGD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAC/C,iBAAiB,CAAC,WAAW,CAChC,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,iBAAiB,CAAC,WAAW,CAAC;QAE9C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;QAC7C,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC;QAE3D,IAAI,CAAC,mBAAmB,GAAG,KAAK,CAAC;QAEjC,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAErC,OAAO,IAAI,CAAC;IAChB,CAAC;IAGO,KAAK,CAAC,2BAA2B,CAAC,IAAW;QACjD,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC9B,MAAM,qCAAqC,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,uCAAuC,CAAC,CAAC;QAC5I,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC/C,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,UAAU,EAAE,GAAG,qCAAqC,CAAC,CAAC;QAEvF,OAAO;YACH,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAA,SAAM,GAAE;YACrC,SAAS,EAAE,UAAU;SACxB,CAAC;IACN,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,yBAAoD;QAM7E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,yBAAyB,CAAC,QAAQ,EAAE,yBAAyB,CAAC,KAAK,CAAC,CAAC;QAEzG,IAAI,WAAW,GAAG,IAAI,CAAA;QACtB,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,WAAW,GAAG,KAAK,CAAA;QAEvB,CAAC;QACD,IAAI,WAAW,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;YAC/B,WAAW,GAAG,KAAK,CAAA;QAEvB,CAAC;QAGD,IAAI,WAAW,IAAI,IAAI,EAAE,iBAAiB,KAAK,OAAO,EAAE,CAAC;YACrD,WAAW,GAAG,KAAK,CAAA;QAEvB,CAAC;QAID,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC;YAC1E,IAAI,CAAC,iCAAiC,GAAG,KAAK,CAAC;YAC/C,IAAI,CAAC,0CAA0C,GAAG,SAAS,CAAC;YAC5D,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrC,MAAM,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC;QAChD,CAAC;QAGD,OAAO;YACH,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,mCAAgB,CAAC,0BAA0B;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,EAAE;YACb,IAAI,EAAE;gBACF,IAAI,EAAE;oBACF,KAAK,EAAE,IAAI,EAAE,KAAK;iBAGrB;aACJ;SACJ,CAAA;IACL,CAAC;IAEO,KAAK,CAAC,0BAA0B,CAAC,IAAU;QAC/C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAEhD,MAAM,qCAAqC,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,uCAAuC,CAAC,CAAC;QAE5I,IAAI,qCAAqC,IAAI,iDAAqC,CAAC,KAAK,EAAE,CAAC;YACvF,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;YAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;gBAC9F,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBAEvB,iBAAiB,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,+BAA+B,CAAC,UAAU,IAAI,CAAC,iCAAiC,EAAE;gBAC7J,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;QACN,CAAC;QAED,IAAI,qCAAqC,IAAI,iDAAqC,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACvG,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;YACnD,UAAU,CAAC,oBAAoB,CAC3B,IAAI,CAAC,MAAM,EACX,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,GAAG,EAAE,IAAI,CAAC,iCAAiC;gBAC3C,iCAAiC,EAAE,IAAI,CAAC,iCAAiC;gBACzE,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CACzE,CAAC;QACN,CAAC;IACL,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,wBAAkD;QAC1E,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;YAE3C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,8BAA8B,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;YACnG,IAAI,CAAC,IAAI;gBAAE,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YAC/E,IAAI,IAAI,CAAC,iBAAiB,KAAK,OAAO;gBAAE,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YAC5G,IAAI,CAAC,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YAGtF,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;iBACvB,kBAAkB,EAAE;iBACpB,MAAM,CAAC,kBAAI,CAAC;iBACZ,GAAG,CAAC;gBACD,yBAAyB,EAAE,GAAG,EAAE,CAAC,OAAO;gBACxC,iCAAiC,EAAE,GAAG,EAAE,CAAC,MAAM;gBAC/C,0CAA0C,EAAE,GAAG,EAAE,CAAC,MAAM;aAC3D,CAAC;iBACD,KAAK,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;iBAClC,QAAQ,CAAC,4CAA4C,EAAE,EAAE,KAAK,EAAE,wBAAwB,CAAC,iBAAiB,EAAE,CAAC;iBAC7G,QAAQ,CAAC,oDAAoD,CAAC;iBAC9D,OAAO,EAAE,CAAC;YAEf,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;gBAEjB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YACxE,CAAC;YAGD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,CAAC;YAClF,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,CAAC;YAG9D,MAAM,CAAC,CAAC,aAAa,CAAC,kBAAI,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC/I,MAAM,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC;YAE7C,OAAO;gBACH,MAAM,EAAE,SAAS;gBACjB,OAAO,EAAE,mCAAgB,CAAC,yBAAyB;gBACnD,KAAK,EAAE,EAAE;gBACT,SAAS,EAAE,EAAE;gBACb,IAAI,EAAE,EAAE;aACX,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,KAAK,CAAC,2BAA2B,CAAC,IAAU;QAChD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,MAAM,qCAAqC,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,uCAAuC,CAAC,CAAC;QAE5I,IAAI,qCAAqC,IAAI,iDAAqC,CAAC,KAAK,EAAE,CAAC;YACvF,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;YAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,kBAAkB,EAClB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;gBAC9F,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBAEvB,iBAAiB,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,+BAA+B,CAAC,UAAU,IAAI,CAAC,iCAAiC,EAAE;gBAC7J,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;QACN,CAAC;QAED,IAAI,qCAAqC,IAAI,iDAAqC,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACvG,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;YACnD,UAAU,CAAC,oBAAoB,CAC3B,IAAI,CAAC,MAAM,EACX,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,GAAG,EAAE,IAAI,CAAC,iCAAiC;gBAC3C,iCAAiC,EAAE,IAAI,CAAC,iCAAiC;gBACzE,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CACzE,CAAC;QACN,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,IAAU;QAE3B,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAClD,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YACpC,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC;SACxC,CAAC,CAAC;QAEH,OAAO;YACH,WAAW;YACX,YAAY;SACf,CAAC;IACN,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,IAAU;QAGhC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE1D,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CAAC;QAC9F,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,SAAS,CACpC,IAAI,CAAC,EAAE,EACP,cAAc,EACd,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,CACvE,CAAC;QAEF,OAAO,WAAW,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,IAAU,EAAE,oBAA6B;QAChE,MAAM,cAAc,GAAG,IAAA,mBAAU,GAAE,CAAC;QACpC,MAAM,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,iBAAiB,CAAC,CAAC;QAChG,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,eAAe,EAAE;YAChE,cAAc;SACjB,CAAC,CAAA;QAGF,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,EAAE,oBAAoB,CAAC,CAAC;QAEtF,OAAO,YAAY,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,eAAgC;QAChD,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,QAAQ,CAAC,CAAC;YAC9E,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC,CAAC;YAClF,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,QAAQ,CAAC,CAAC;YAE9E,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAA2D,eAAe,CAAC,YAAY,EAAE;gBACtI,MAAM;gBACN,QAAQ;gBACR,MAAM;aACT,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;gBAC3C,KAAK,EAAE;oBACH,EAAE,EAAE,GAAG;iBACV;gBACD,SAAS,EAAE;oBACP,KAAK,EAAE,IAAI;iBACd;aACJ,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,EAAE,CAAC;gBACR,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,eAAe,CAAC,CAAC;YACpE,CAAC;YAWD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,IAAI,EAAE,eAAe,CAAC,YAAY,CAAC,CAAC;YAEpH,MAAM,IAAI,CAAC,0BAA0B,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YAEvE,OAAO;gBACH,WAAW,EAAE,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;gBACjD,YAAY,EAAE,mBAAmB;aACpC,CAAC;QACN,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,GAAG,YAAY,gEAA4B,EAAE,CAAC;gBAE9C,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,aAAa,CAAC,CAAC;YAClE,CAAC;YAED,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,eAAe,CAAC,CAAC;QACpE,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,SAAS,CAAI,MAAc,EAAE,SAAiB,EAAE,OAAW;QACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC,CAAC;QAClF,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,QAAQ,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,QAAQ,CAAC,CAAC;QAG9E,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAClC;YACI,GAAG,EAAE,MAAM;YACX,GAAG,OAAO;SACb,EACD;YACI,QAAQ;YACR,MAAM;YACN,MAAM;YACN,SAAS;SACZ,CACJ,CAAC;IACN,CAAC;IAGD,KAAK,CAAC,uBAAuB,CAAC,IAAU;QACpC,IAAI,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,uEAAuE,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC;YACtJ,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC;YAGlC,IAAI,WAAW,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,IAAI,WAAW,CAAC,EAAE,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAEvE,OAAO,WAAW,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACJ,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,oBAAoB,CAAC,CAAC;YACzE,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,iCAAiC,CAAC,CAAC;QACtF,CAAC;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,UAAkB;QACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC3C,KAAK,EAAE;gBACH,UAAU,EAAE,UAAU;aACzB;YACD,SAAS,EAAE;gBACP,KAAK,EAAE,IAAI;aACd;SACJ,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,cAAc,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAE/B,IAAI,CAAC;YACD,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,CAAC,CAAC;QACZ,CAAC;QAED,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAC/C,OAAO;YACH,IAAI,EAAE;gBACF,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBAEvB,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;aAC7C;YACD,GAAG,MAAM;SACZ,CAAA;IACL,CAAC;IAEO,KAAK,CAAC,iCAAiC;QAE3C,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,kBAAkB,CAAC,CAAC;IACpF,CAAC;IAEO,mBAAmB,CAAC,IAAU;QAClC,MAAM,iBAAiB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,wBAAwB,CAAW,CAAC;QACnH,IAAI,iBAAiB,GAAG,CAAC,IAAI,IAAI,CAAC,mBAAmB,IAAI,iBAAiB,EAAE,CAAC;YACzE,MAAM,IAAI,2BAAkB,CAAC,+BAAc,CAAC,eAAe,CAAC,CAAC;QACjE,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,IAAU;QAC5C,IAAI,CAAC,mBAAmB,IAAI,CAAC,CAAC;QAC9B,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,IAAU;QACxC,IAAI,IAAI,CAAC,mBAAmB,KAAK,CAAC;YAAE,OAAO;QAC3C,IAAI,CAAC,mBAAmB,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IASD,KAAK,CAAC,MAAM,CAAC,YAAoB;QAC7B,IAAI,CAAC;YAaD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAQ,CAAC;YAE5D,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBAC3B,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,qBAAqB,CAAC,CAAC;YAC1E,CAAC;YAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;YAC3B,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACrD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;gBAC3C,KAAK,EAAE;oBACH,EAAE,EAAE,MAAM;iBACb;aACJ,CAAC,CAAA;YAEF,MAAM,IAAI,CAAC,0BAA0B,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YAE/D,OAAO,EAAE,OAAO,EAAE,mCAAgB,CAAC,cAAc,EAAE,CAAC;QACxD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,GAAG,YAAY,8BAAqB,IAAI,GAAG,YAAY,qCAA4B;gBACrF,CAAC,CAAC,GAAG;gBACL,CAAC,CAAC,IAAI,qCAA4B,CAAC,+BAAc,CAAC,aAAa,CAAC,CAAC;QACzE,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,YAAY,CAAC,MAAc;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,0BAAiB,CAAC,+BAAc,CAAC,cAAc,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,EAAE,CAAC,UAA0B;QAC/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC3C,KAAK,EAAE;gBACH,EAAE,EAAE,UAAU,CAAC,GAAG;aACrB;YACD,SAAS,EAAE;gBACP,KAAK,EAAE,IAAI;aACd;SACJ,CAAC,CAAC;QAKH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,2BAA2B,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEjG,MAAM,QAAQ,GAAG;YACb,IAAI,EAAE;gBACF,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBAEvB,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;aAC7C;YACD,YAAY,EAAE,iBAAiB,CAAC,mBAAmB;SAEtD,CAAA;QACD,OAAO,QAAQ,CAAC;IACpB,CAAC;CAEJ,CAAA;AAzzCY,sDAAqB;gCAArB,qBAAqB;IADjC,IAAA,mBAAU,GAAE;IAqBJ,YAAA,IAAA,0BAAgB,GAAE,CAAA;qCAhBW,0BAAW;QAER,gCAAc;QACd,gCAAc;QAClB,gBAAU;QACE,iEAA6B;QACxC,mBAAW;QAEJ,0BAAW;QAEnB,wBAAU;QACR,6BAAa;QACX,gCAAc;QACT,2CAAmB;QACZ,0DAA0B;QAG1C,oBAAU;GArBlC,qBAAqB,CAyzCjC;AAED,SAAS,0BAA0B,CAAC,MAAc;IAC9C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAC3E,IAAI,KAAK,EAAE,CAAC;QACR,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,QAAQ,GAA2B;YACrC,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,eAAe;YACtB,kBAAkB,EAAE,WAAW;SAClC,CAAC;QACF,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC;QAC/C,OAAO,eAAe,aAAa,KAAK,KAAK,mBAAmB,CAAC;IACrE,CAAC;IACD,OAAO,MAAM,CAAC;AAClB,CAAC","sourcesContent":["import { HttpService } from '@nestjs/axios';\nimport type { SolidCoreSetting } from \"src/services/settings/default-settings-provider.service\";\nimport {\n BadRequestException,\n ConflictException,\n ForbiddenException,\n Injectable,\n InternalServerErrorException,\n Logger,\n NotFoundException,\n UnauthorizedException,\n} from '@nestjs/common';\nimport { EventEmitter2 } from '@nestjs/event-emitter';\nimport { JwtService } from '@nestjs/jwt';\nimport { InjectDataSource } from '@nestjs/typeorm';\nimport { isEmpty, isNotEmpty } from 'class-validator';\nimport { randomInt, randomUUID } from 'crypto';\nimport { ERROR_MESSAGES } from 'src/constants/error-messages';\nimport { SUCCESS_MESSAGES } from 'src/constants/success-messages';\nimport { CreateUserDto } from 'src/dtos/create-user.dto';\nimport { MailFactory } from 'src/factories/mail.factory';\nimport { UserRepository } from 'src/repository/user.repository';\nimport { DataSource, Repository } from 'typeorm';\nimport { v4 as uuidv4 } from 'uuid';\nimport {\n ForgotPasswordSendVerificationTokenOn,\n PasswordlessLoginValidateWhatSources,\n PasswordlessRegistrationValidateWhatSources\n} from \"../constants\";\nimport { ChangePasswordDto } from \"../dtos/change-password.dto\";\nimport { ConfirmForgotPasswordDto } from '../dtos/confirm-forgot-password.dto';\nimport { InitiateForgotPasswordDto } from '../dtos/initiate-forgot-password.dto';\nimport { OTPConfirmOTPDto } from '../dtos/otp-confirm-otp.dto';\nimport { OTPSignInDto } from '../dtos/otp-sign-in.dto';\nimport { OTPSignUpDto } from '../dtos/otp-sign-up.dto';\nimport { RefreshTokenDto } from '../dtos/refresh-token.dto';\nimport { SignInDto } from '../dtos/sign-in.dto';\nimport { SignUpDto } from '../dtos/sign-up.dto';\nimport { User } from '../entities/user.entity';\nimport { EventDetails, EventType } from \"../interfaces\";\nimport { ActiveUserData } from '../interfaces/active-user-data.interface';\nimport { HashingService } from './hashing.service';\nimport { InvalidatedRefreshTokenError, RefreshTokenIdsStorageService } from './refresh-token-ids-storage.service';\nimport { RoleMetadataService } from './role-metadata.service';\nimport { SettingService } from './setting.service';\nimport { UserActivityHistoryService } from './user-activity-history.service';\nimport { UserService } from './user.service';\nimport { SmsFactory } from 'src/factories/sms.factory';\n\nenum LoginProvider {\n LOCAL = 'local',\n GOOGLE = 'google',\n OTP = 'otp',\n}\n\ninterface otp {\n token: string;\n expiresAt: Date;\n}\n\n@Injectable()\nexport class AuthenticationService {\n private readonly logger = new Logger(AuthenticationService.name);\n // private readonly mailService: IMail;\n constructor(\n private readonly userService: UserService,\n // @InjectRepository(User) private readonly userRepository: Repository<User>,\n private readonly userRepository: UserRepository,\n private readonly hashingService: HashingService,\n private readonly jwtService: JwtService,\n private readonly refreshTokenIdsStorage: RefreshTokenIdsStorageService,\n private readonly httpService: HttpService,\n // private readonly mailService: SMTPEMailService,\n private readonly mailServiceFactory: MailFactory,\n // private readonly smsService: Msg91OTPService,\n private readonly smsFactory: SmsFactory,\n private readonly eventEmitter: EventEmitter2,\n private readonly settingService: SettingService,\n private readonly roleMetadataService: RoleMetadataService,\n private readonly userActivityHistoryService: UserActivityHistoryService,\n\n @InjectDataSource()\n private readonly dataSource: DataSource,\n ) {\n // this.mailService = this.mailServiceFactory.getMailService();\n }\n\n private async getCompanyLogo(): Promise<string> {\n return this.settingService.getConfigValue<SolidCoreSetting>('companylogo');\n }\n\n async resolveUser(username: string, email: string) {\n return await this.userRepository.findOne({\n where: [\n { username: username },\n { email: email },\n ],\n relations: {\n roles: true\n }\n });\n }\n\n async updatePasswordDetails(user: User, newPassword: string) {\n user.password = await this.hashingService.hash(newPassword);\n user.passwordScheme = this.hashingService.name();\n user.passwordSchemeVersion = this.hashingService.currentVersion();\n user.rehashedAt = new Date();\n await this.userRepository.update(user.id, {\n password: user.password,\n passwordScheme: user.passwordScheme,\n passwordSchemeVersion: user.passwordSchemeVersion,\n rehashedAt: user.rehashedAt\n });\n return user;\n }\n\n async resolveUserByVerificationToken(token: string) {\n return await this.userRepository.findOne({\n where: { verificationTokenOnForgotPassword: token },\n relations: { roles: true }\n });\n }\n\n private async validateUserForPasswordLogin(user: User, password: string): Promise<void> {\n if (!user.active) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_ACTIVE);\n }\n this.checkAccountBlocked(user);\n const isEqual = await this.hashingService.compare(password, user.password, user.passwordSchemeVersion);\n if (!isEqual) {\n await this.incrementFailedAttempts(user);\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n }\n\n private async rehashPasswordIfRequired(user: User, password: string): Promise<void> {\n if (this.hashingService.needsRehash(user.password, user.passwordSchemeVersion)) {\n await this.updatePasswordDetails(user, password);\n }\n }\n\n async signUp(signUpDto: SignUpDto, activeUser: ActiveUserData = null): Promise<User> {\n // If public registrations are disabled and no activeUser is present when invoking signUp then we throw an exception.\n // if (!(this.settingService.getConfigValue<SolidCoreSetting>('allowPublicRegistration')) && !activeUser) {\n // throw new BadRequestException(ERROR_MESSAGES.PUBLIC_REGISTRATION_DISABLED);\n // }\n\n try {\n const onForcePasswordChange = this.settingService.getConfigValue<SolidCoreSetting>('forceChangePasswordOnFirstLogin');\n const activateUserOnRegistration = this.settingService.getConfigValue<SolidCoreSetting>('activateUserOnRegistration');\n const defaultRole = this.settingService.getConfigValue<SolidCoreSetting>('defaultRole');\n\n var { user, pwd, autoGeneratedPwd } = await this.populateForSignup(new User(), signUpDto, activateUserOnRegistration, onForcePasswordChange);\n const savedUser = await this.userRepository.save(user);\n // Also assign a default role to the newly created user. \n const userRoles = signUpDto.roles ?? [];\n if (signUpDto.username !== 'sa' && defaultRole) {\n userRoles.push(defaultRole);\n }\n await this.handlePostSignup(savedUser, userRoles, pwd, autoGeneratedPwd);\n\n // TODO: make provision to trigger a welcome email also.\n\n return savedUser;\n } catch (err) {\n const pgUniqueViolationErrorCode = '23505';\n if (err.code === pgUniqueViolationErrorCode) {\n throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);\n }\n throw err;\n }\n }\n\n async signupForExtensionUser<T extends User, U extends CreateUserDto>(signUpDto: SignUpDto, extensionUserDto: U, extensionUserRepo: Repository<T>): Promise<T> {\n try {\n const onForcePasswordChange = this.settingService.getConfigValue<SolidCoreSetting>('forceChangePasswordOnFirstLogin');\n // Merge the extended signUpDto attributes into the user entity \n //@ts-ignore \n const extensionUser = extensionUserRepo.merge(extensionUserRepo.create() as T, extensionUserDto);\n var { user, pwd, autoGeneratedPwd } = await this.populateForSignup<T>(extensionUser, signUpDto, extensionUserDto.active ?? true, onForcePasswordChange);\n const savedUser = await extensionUserRepo.save(user);\n\n await this.handlePostSignup(savedUser, signUpDto.roles, pwd, autoGeneratedPwd);\n\n return savedUser;\n }\n catch (err) {\n const pgUniqueViolationErrorCode = '23505';\n if (err.code === pgUniqueViolationErrorCode) {\n throw new ConflictException(parseUniqueConstraintError(err.detail || ERROR_MESSAGES.UNIQUE_CONSTRAINT_VIOLATION));\n }\n throw err;\n }\n }\n\n\n private async populateForSignup<T extends User>(user: T, signUpDto: SignUpDto, isUserActive: boolean = true, onForcePasswordChange?: boolean) {\n // const user = new User();\n let autoGeneratedPwdPermission = this.settingService.getConfigValue<SolidCoreSetting>('iamAutoGeneratedPassword');\n if (signUpDto.roles && signUpDto.roles.length > 0) {\n for (let i = 0; i < signUpDto.roles.length; i++) {\n const roleName = signUpDto.roles[i];\n await this.roleMetadataService.findRoleByName(roleName);\n }\n }\n user.username = signUpDto.username;\n user.email = signUpDto.email;\n user.fullName = signUpDto.fullName;\n user.forcePasswordChange = onForcePasswordChange;\n if (signUpDto.mobile) {\n user.mobile = signUpDto.mobile;\n }\n // this.logger.debug(\"user\", user);\n\n // If password has been specified by the user, then we simply create & activate the user based on the configuration parameter \"activateUserOnRegistration\".\n let pwd = '';\n let autoGeneratedPwd = '';\n\n // User has specified password \n if (signUpDto.password) {\n pwd = await this.hashingService.hash(signUpDto.password);\n }\n // User has not specified password\n else {\n // When user does not specify password, and system is configured to auto generate passwords.\n if (autoGeneratedPwdPermission?.toString().toLowerCase() === 'true') {\n autoGeneratedPwd = this.generatePassword();\n pwd = await this.hashingService.hash(autoGeneratedPwd);\n user.forcePasswordChange = true;\n }\n // When user does not specify password, and system is not configured to auto generate passwords.\n else {\n // This means that most likely the system is going to be using password-less login. \n // If that is not the case then we can raise a bad request exception...\n if (!await this.isPasswordlessRegistrationEnabled()) {\n this.logger.error('User being created without password, and password less login is also not enabled in the system. Is this intentional?');\n throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);\n }\n\n // Save the hash of the blank password, anyways since passwordless login is enabled it does not matter.\n pwd = await this.hashingService.hash(pwd);\n }\n }\n\n user.password = pwd;\n user.passwordScheme = this.hashingService.name(); // e.g. bcrypt\n user.passwordSchemeVersion = this.hashingService.currentVersion(); // e.g. 1, 2, 3 ...\n user.active = isUserActive;\n return { user, pwd, autoGeneratedPwd };\n }\n\n\n private async handlePostSignup(user: User, roles: string[] = [], pwd: string, autoGeneratedPwd: string) {\n await this.userService.initializeRolesForNewUser(roles, user);\n\n // if forcePasswordChange is true, then we trigger an email to the user to change the password, this needs to be done using a queue. \n // Create a new method like notifyUserOnForcePasswordChange, create a new email template we can call it on-force-password-change this template to include the random password\n if (user.forcePasswordChange && autoGeneratedPwd) {\n await this.notifyUserOnForcePasswordChange(user, autoGeneratedPwd);\n }\n\n // Send welcome notifications (email/SMS) if enabled.\n await this.notifyUserOnSignup(user);\n }\n\n\n generatePassword(length: number = 8): string {\n const upperCase = \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\n const lowerCase = \"abcdefghijklmnopqrstuvwxyz\";\n const numbers = \"0123456789\";\n const specialChars = \"@$#\";\n const allChars = upperCase + lowerCase + numbers + specialChars;\n\n let password = \"\";\n\n for (let i = 0; i < length; i++) {\n const randomIndex = Math.floor(Math.random() * allChars.length);\n password += allChars[randomIndex];\n }\n\n return password;\n }\n\n private async notifyUserOnForcePasswordChange(user: User, autoGeneratedPwd: string) {\n const companyLogo = await this.getCompanyLogo();\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'on-force-password-change',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n frontendLoginPageUrl: this.settingService.getConfigValue<SolidCoreSetting>('frontendLoginPageUrl'),\n email: user.email,\n fullName: user.fullName,\n userName: user.username,\n password: autoGeneratedPwd,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n\n }\n\n private async isWelcomeEmailEnabled(): Promise<boolean> {\n const sendWelcomeEmailOnSignup = this.settingService.getConfigValue<SolidCoreSetting>('sendWelcomeEmailOnSignup');\n return sendWelcomeEmailOnSignup;\n }\n\n private async isWelcomeSmsEnabled(): Promise<boolean> {\n const sendWelcomeSmsOnSignup = this.settingService.getConfigValue<SolidCoreSetting>('sendWelcomeSmsOnSignup');\n return sendWelcomeSmsOnSignup;\n }\n\n private async notifyUserOnSignup(user: User) {\n const companyLogo = await this.getCompanyLogo();\n // Email welcome\n if (await this.isWelcomeEmailEnabled()) {\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'email-on-signup',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n frontendLoginPageUrl: this.settingService.getConfigValue<SolidCoreSetting>('frontendLoginPageUrl'),\n email: user.email,\n fullName: user.fullName,\n userName: user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n }\n\n // SMS welcome\n const isWelcomeSmsEnabled = await this.isWelcomeSmsEnabled()\n if (isWelcomeSmsEnabled && user.mobile) {\n const smsService = this.smsFactory.getSmsService();\n smsService.sendSMSUsingTemplate(\n user.mobile,\n 'text-on-signup',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n frontendLoginPageUrl: this.settingService.getConfigValue<SolidCoreSetting>('frontendLoginPageUrl'),\n firstName: user.username,\n fullName: user.fullName ? user.fullName : user.username\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),\n\n );\n }\n }\n\n async otpInitiateRegistration(signUpDto: OTPSignUpDto) {\n const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();\n if (!isPasswordlessRegistrationEnabled) {\n throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);\n }\n\n const validationSource = this.resolvePasswordlessValidationSource();\n this.validateOtpRegistrationInput(signUpDto, validationSource);\n\n const existingUser = await this.findExistingRegistrationUser(signUpDto);\n if (isNotEmpty(existingUser) && existingUser.active) {\n throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);\n }\n\n try {\n const user = await this.upsertUserWithRegistrationVerificationTokens(existingUser, signUpDto, validationSource);\n await this.notifyUserOnOtpInitiateRegistration(user, validationSource);\n } catch (err) {\n if (err.code === '23505') {\n throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);\n }\n throw err;\n }\n\n return { message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_REGISTRATION };\n }\n\n private validateOtpRegistrationInput(signUpDto: OTPSignUpDto, validationSource: string): void {\n if (validationSource === PasswordlessRegistrationValidateWhatSources.EMAIL && isEmpty(signUpDto.email)) {\n throw new BadRequestException(ERROR_MESSAGES.EMAIL_REQUIRED_FOR_VALIDATION);\n }\n if (validationSource === PasswordlessRegistrationValidateWhatSources.MOBILE && isEmpty(signUpDto.mobile)) {\n throw new BadRequestException(ERROR_MESSAGES.MOBILE_REQUIRED_FOR_VALIDATION);\n }\n }\n\n private async findExistingRegistrationUser(signUpDto: OTPSignUpDto): Promise<User> {\n return this.userRepository.findOne({ //TODO Perhaps we should use the user service instead of the repository directly.\n where: [\n { email: signUpDto.email },\n { mobile: signUpDto.mobile },\n { username: signUpDto.username },\n ]\n });\n }\n\n private resolvePasswordlessValidationSource(): string {\n return this.settingService.getConfigValue<SolidCoreSetting>('passwordlessRegistrationValidateWhat');\n }\n\n private async upsertUserWithRegistrationVerificationTokens(existingUser: User, signUpDto: OTPSignUpDto, validationSource: string): Promise<User> {\n let user = existingUser;\n if (isEmpty(user)) {\n user = this.createUser(signUpDto);\n await this.assignRegistrationOtp(validationSource, user);\n await this.userRepository.save(user);\n await this.userService.addRoleToUser(user.username, this.settingService.getConfigValue<SolidCoreSetting>('defaultRole'));\n } else {\n await this.assignRegistrationOtp(validationSource, user);\n await this.userRepository.save(user);\n }\n return user;\n }\n\n // Create a new user entity.\n private createUser(signUpDto: OTPSignUpDto) {\n const user = new User();\n user.username = signUpDto.username;\n user.email = signUpDto.email;\n user.mobile = signUpDto.mobile;\n user.customPayload = signUpDto.customPayload;\n user.lastLoginProvider = LoginProvider.OTP;\n return user;\n }\n\n // Generate the validation tokens for the user i.e (system configured + user provided)\n private async assignRegistrationOtp(passwordlessRegistrationValidateWhat: string, user: User) {\n if (!passwordlessRegistrationValidateWhat) {\n throw new BadRequestException(ERROR_MESSAGES.VALIDATION_SOURCE_REQUIRED);\n }\n const autoLoginUserOnRegistration = this.settingService.getConfigValue<SolidCoreSetting>('autoLoginUserOnRegistration');\n if (passwordlessRegistrationValidateWhat === PasswordlessRegistrationValidateWhatSources.EMAIL) {\n const { token, expiresAt } = await this.otp();\n user.emailVerificationTokenOnRegistration = token;\n user.emailVerificationTokenOnRegistrationExpiresAt = expiresAt;\n if (autoLoginUserOnRegistration) {\n user.emailVerificationTokenOnLogin = token;\n user.emailVerificationTokenOnLoginExpiresAt = expiresAt;\n }\n }\n if (passwordlessRegistrationValidateWhat === PasswordlessRegistrationValidateWhatSources.MOBILE) {\n const { token, expiresAt } = await this.otp();\n user.mobileVerificationTokenOnRegistration = token;\n user.mobileVerificationTokenOnRegistrationExpiresAt = expiresAt;\n if (autoLoginUserOnRegistration) {\n user.mobileVerificationTokenOnLogin = token;\n user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;\n }\n }\n }\n\n private async notifyUserOnOtpInitiateRegistration(user: User, registrationValidationSource: string) {\n const companyLogo = await this.getCompanyLogo();\n if (registrationValidationSource === PasswordlessLoginValidateWhatSources.EMAIL) {\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'otp-on-register',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n firstName: user.username,\n fullName: user.fullName ? user.fullName : user.username,\n emailVerificationTokenOnRegistration: user.emailVerificationTokenOnRegistration,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n }\n if (registrationValidationSource === PasswordlessLoginValidateWhatSources.MOBILE) {\n const smsService = this.smsFactory.getSmsService();\n smsService.sendSMSUsingTemplate(\n user.mobile,\n 'otp-on-register',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n otp: user.mobileVerificationTokenOnRegistration,\n mobileVerificationTokenOnRegistration: user.mobileVerificationTokenOnRegistration,\n firstName: user.username,\n fullName: user.fullName ? user.fullName : user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),\n\n );\n }\n }\n\n async otpConfirmRegistration(confirmSignUpDto: OTPConfirmOTPDto) {\n const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();\n if (!isPasswordlessRegistrationEnabled) {\n throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);\n }\n\n const { type, identifier, otp } = confirmSignUpDto;\n if (type !== PasswordlessRegistrationValidateWhatSources.EMAIL &&\n type !== PasswordlessRegistrationValidateWhatSources.MOBILE) {\n throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);\n }\n\n const user = await this.findUserByRegistrationIdentifier(type, identifier);\n this.validateRegistrationOtp(user, otp, type);\n this.clearRegistrationOtp(user, type);\n user.active = this.settingService.getConfigValue<SolidCoreSetting>('activateUserOnRegistration') &&\n await this.areAllPasswordlessRegistrationValidationSourcesVerified(user);\n\n const savedUser: User = await this.userRepository.save(user);\n this.triggerRegistrationEvent(savedUser);\n return { active: savedUser.active, message: `User registration verified for ${type}` };\n }\n\n private async findUserByRegistrationIdentifier(\n type: PasswordlessRegistrationValidateWhatSources,\n identifier: string,\n ): Promise<User> {\n const where = type === PasswordlessRegistrationValidateWhatSources.EMAIL\n ? { email: identifier }\n : { mobile: identifier };\n const user = await this.userRepository.findOne({ where });\n if (!user) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);\n }\n return user;\n }\n\n private validateRegistrationOtp(\n user: User,\n otp: string,\n type: PasswordlessRegistrationValidateWhatSources,\n ): void {\n const isEmail = type === PasswordlessRegistrationValidateWhatSources.EMAIL;\n const token = isEmail ? user.emailVerificationTokenOnRegistration : user.mobileVerificationTokenOnRegistration;\n const expiresAt = isEmail ? user.emailVerificationTokenOnRegistrationExpiresAt : user.mobileVerificationTokenOnRegistrationExpiresAt;\n\n if (token !== otp) {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);\n }\n if (expiresAt < new Date()) {\n throw new UnauthorizedException(ERROR_MESSAGES.OTP_EXPIRED);\n }\n }\n\n private clearRegistrationOtp(user: User, type: PasswordlessRegistrationValidateWhatSources): void {\n if (type === PasswordlessRegistrationValidateWhatSources.EMAIL) {\n user.emailVerifiedOnRegistrationAt = new Date();\n user.emailVerificationTokenOnRegistration = null;\n user.emailVerificationTokenOnRegistrationExpiresAt = null;\n } else {\n user.mobileVerifiedOnRegistrationAt = new Date();\n user.mobileVerificationTokenOnRegistration = null;\n user.mobileVerificationTokenOnRegistrationExpiresAt = null;\n }\n }\n\n private triggerRegistrationEvent(savedUser: User) {\n // Trigger events for user registration.\n const event = new EventDetails<User>(EventType.USER_REGISTERED, savedUser);\n this.eventEmitter.emit(EventType.USER_REGISTERED, event);\n }\n\n private async areAllPasswordlessRegistrationValidationSourcesVerified(user: User): Promise<boolean> {\n const registrationValidationSource = this.resolvePasswordlessValidationSource();\n if (registrationValidationSource === PasswordlessLoginValidateWhatSources.EMAIL) {\n if (!user.emailVerifiedOnRegistrationAt) {\n return false;\n }\n }\n if (registrationValidationSource === PasswordlessLoginValidateWhatSources.MOBILE) {\n if (!user.mobileVerifiedOnRegistrationAt) {\n return false;\n }\n }\n return true;\n }\n\n private async otp(): Promise<otp> {\n const now = new Date();\n const otpExpiry = this.settingService.getConfigValue<SolidCoreSetting>('otpExpiry');\n now.setMinutes(now.getMinutes() + otpExpiry);\n return {\n token: randomInt(100000, 999999).toString(),\n expiresAt: now,\n };\n }\n\n private getDummyOtpForUser(user?: User): string | undefined {\n const dummyOtp = this.settingService.getConfigValue<SolidCoreSetting>('dummyOtp');\n if (!dummyOtp || !user?.username) {\n return undefined;\n }\n const allowedUsers = this.getDummyOtpUsers();\n if (!allowedUsers.size) {\n return undefined;\n }\n const username = user.username.trim().toLowerCase();\n if (!username) {\n return undefined;\n }\n return allowedUsers.has(username) ? dummyOtp : undefined;\n }\n\n private getDummyOtpUsers(): Set<string> {\n const rawUsers = this.settingService.getConfigValue<SolidCoreSetting>('dummyOtpUsers');\n if (!rawUsers || typeof rawUsers !== 'string') {\n return new Set();\n }\n return new Set(\n rawUsers\n .split(',')\n .map((value) => value.trim().toLowerCase())\n .filter(Boolean),\n );\n }\n\n async signIn(signInDto: SignInDto) {\n const user = await this.resolveUser(signInDto.username, signInDto.email);\n if (!user) {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n await this.validateUserForPasswordLogin(user, signInDto.password);\n await this.rehashPasswordIfRequired(user, signInDto.password);\n await this.resetFailedAttempts(user);\n\n const tokens = await this.generateTokens(user);\n\n await this.userActivityHistoryService.logEvent('login', user);\n\n return {\n user: {\n email: user.email,\n mobile: user.mobile,\n username: user.username,\n forcePasswordChange: user.forcePasswordChange,\n id: user.id,\n roles: user.roles.map((role) => role.name)\n },\n ...tokens\n }\n }\n\n private maskEmail(email: string): string {\n if (!email) return null;\n\n const [localPart, domain] = email.split('@');\n if (localPart.length <= 2) {\n return `${localPart[0]}***@${domain}`;\n }\n\n const visibleStart = localPart.slice(0, 2);\n const visibleEnd = localPart.slice(-1);\n return `${visibleStart}***${visibleEnd}@${domain}`;\n }\n\n private maskMobile(mobile: string): string {\n if (!mobile) return null;\n\n if (mobile.length <= 4) {\n return mobile;\n }\n\n const visibleEnd = mobile.slice(-4);\n return `***${visibleEnd}`;\n }\n\n async otpInitiateLogin(signInDto: OTPSignInDto) {\n const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();\n if (!isPasswordlessRegistrationEnabled) {\n throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);\n }\n\n const type = this.resolveLoginType(signInDto);\n const user = await this.findUserForLogin(type, signInDto.identifier);\n const dummyOtp = this.getDummyOtpForUser(user);\n if (!dummyOtp) {\n await this.assignLoginOtp(user, type);\n this.notifyUserOnOtpInititateLogin(user, type);\n }\n return this.buildLoginOtpResponse(user, type);\n }\n\n private resolveLoginType(signInDto: OTPSignInDto): PasswordlessLoginValidateWhatSources {\n const setting = this.settingService.getConfigValue<SolidCoreSetting>('passwordlessLoginValidateWhat') as PasswordlessLoginValidateWhatSources;\n\n if (setting === PasswordlessLoginValidateWhatSources.SELECTABLE) {\n if (signInDto.type !== PasswordlessLoginValidateWhatSources.EMAIL &&\n signInDto.type !== PasswordlessLoginValidateWhatSources.MOBILE) {\n throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);\n }\n return signInDto.type as PasswordlessLoginValidateWhatSources;\n }\n\n if (setting === PasswordlessLoginValidateWhatSources.EMAIL ||\n setting === PasswordlessLoginValidateWhatSources.MOBILE) {\n return setting;\n }\n\n throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);\n }\n\n private async findUserForLogin(\n type: PasswordlessLoginValidateWhatSources,\n identifier: string,\n options: { withRoles?: boolean } = {},\n ): Promise<User> {\n const typeWhere = type === PasswordlessLoginValidateWhatSources.EMAIL\n ? { email: identifier }\n : { mobile: identifier };\n const user = await this.userRepository.findOne({\n where: [{ username: identifier }, typeWhere],\n ...(options.withRoles ? { relations: { roles: true } } : {}),\n });\n if (!user) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);\n }\n if (!user.active) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);\n }\n return user;\n }\n\n private async assignLoginOtp(user: User, type: PasswordlessLoginValidateWhatSources): Promise<void> {\n const { token, expiresAt } = await this.otp();\n if (type === PasswordlessLoginValidateWhatSources.EMAIL) {\n user.emailVerificationTokenOnLogin = token;\n user.emailVerificationTokenOnLoginExpiresAt = expiresAt;\n } else {\n user.mobileVerificationTokenOnLogin = token;\n user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;\n }\n await this.userRepository.save(user);\n }\n\n private buildLoginOtpResponse(user: User, type: PasswordlessLoginValidateWhatSources) {\n const maskedIdentifier = type === PasswordlessLoginValidateWhatSources.EMAIL\n ? { email: this.maskEmail(user.email) }\n : { mobile: this.maskMobile(user.mobile) };\n return { message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_LOGIN, user: maskedIdentifier };\n }\n\n private async notifyUserOnOtpInititateLogin(user: User, loginType: PasswordlessLoginValidateWhatSources) {\n const companyLogo = await this.getCompanyLogo();\n const dummyOtp = this.getDummyOtpForUser(user);\n\n if (dummyOtp)\n return; // Do nothing if dummy otp is configured.\n if (loginType === PasswordlessLoginValidateWhatSources.EMAIL) {\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'otp-on-login',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n firstName: user.username,\n emailVerificationTokenOnLogin: user.emailVerificationTokenOnLogin,\n fullName: user.fullName ? user.fullName : user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n }\n if (loginType === PasswordlessLoginValidateWhatSources.MOBILE) {\n const smsService = this.smsFactory.getSmsService();\n smsService.sendSMSUsingTemplate(\n user.mobile,\n 'otp-on-login',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n otp: user.mobileVerificationTokenOnLogin,\n mobileVerificationTokenOnLogin: user.mobileVerificationTokenOnLogin,\n firstName: user.username,\n fullName: user.fullName ? user.fullName : user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),\n\n );\n }\n }\n\n async otpConfirmLogin(confirmSignInDto: OTPConfirmOTPDto) {\n const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();\n if (!isPasswordlessRegistrationEnabled) {\n throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);\n }\n\n const { type, identifier, otp } = confirmSignInDto;\n if (type !== PasswordlessLoginValidateWhatSources.EMAIL &&\n type !== PasswordlessLoginValidateWhatSources.MOBILE) {\n throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);\n }\n\n const user = await this.findUserForLogin(type, identifier, { withRoles: true });\n this.checkAccountBlocked(user);\n const dummyOtp = this.getDummyOtpForUser(user);\n\n if (dummyOtp) {\n if (otp !== dummyOtp) {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);\n }\n return this.buildLoginTokenResponse(user);\n }\n\n try {\n this.validateLoginOtp(user, otp, type);\n } catch (e) {\n await this.incrementFailedAttempts(user);\n throw e;\n }\n\n this.clearLoginOtp(user, type);\n\n user.failedLoginAttempts = 0;\n await this.userActivityHistoryService.logEvent('login', user); \n await this.userRepository.save(user);\n return this.buildLoginTokenResponse(user);\n }\n\n private validateLoginOtp(user: User, otp: string, type: PasswordlessLoginValidateWhatSources): void {\n const isEmail = type === PasswordlessLoginValidateWhatSources.EMAIL;\n const token = isEmail ? user.emailVerificationTokenOnLogin : user.mobileVerificationTokenOnLogin;\n const expiresAt = isEmail ? user.emailVerificationTokenOnLoginExpiresAt : user.mobileVerificationTokenOnLoginExpiresAt;\n\n if (token !== otp) {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);\n }\n if (expiresAt < new Date()) {\n throw new UnauthorizedException(ERROR_MESSAGES.OTP_EXPIRED);\n }\n }\n\n private clearLoginOtp(user: User, type: PasswordlessLoginValidateWhatSources): void {\n if (type === PasswordlessLoginValidateWhatSources.EMAIL) {\n user.emailVerifiedOnLoginAt = new Date();\n user.emailVerificationTokenOnLogin = null;\n user.emailVerificationTokenOnLoginExpiresAt = null;\n } else {\n user.mobileVerifiedOnLoginAt = new Date();\n user.mobileVerificationTokenOnLogin = null;\n user.mobileVerificationTokenOnLoginExpiresAt = null;\n }\n }\n\n private async buildLoginTokenResponse(user: User) {\n const { accessToken, refreshToken } = await this.generateTokens(user);\n const { id, username, email, mobile, lastLoginProvider } = user;\n const roles = user.roles.map((role) => role.name);\n return { accessToken, refreshToken, user: { id, username, email, mobile, lastLoginProvider, roles } };\n }\n\n async changePassword(changePasswordDto: ChangePasswordDto, activeUser: ActiveUserData) {\n const user = await this.userRepository.findOne({\n where: { id: changePasswordDto.id }\n });\n if (!user) {\n throw new NotFoundException(ERROR_MESSAGES.USER_NOT_FOUND);\n }\n\n if (!user.active) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);\n }\n\n // 2. Validate if user has used a provider which is \"local\", only then it makes sense for us to initiate the forgot password routine.\n if (user.lastLoginProvider !== 'local') {\n throw new BadRequestException(ERROR_MESSAGES.NON_LOCAL_PROVIDER);\n }\n\n // Check if ID's match\n if (!(user.id === activeUser.sub)) {\n throw new BadRequestException(ERROR_MESSAGES.USER_ID_MISMATCH);\n }\n\n // Check if username's match\n if (!(user.username === activeUser.username)) {\n throw new BadRequestException(ERROR_MESSAGES.USERNAME_MISMATCH);\n }\n\n // Check if old password is matching.\n const isEqual = await this.hashingService.compare(\n changePasswordDto.currentPassword,\n user.password,\n user.passwordSchemeVersion\n );\n if (!isEqual) {\n throw new UnauthorizedException(ERROR_MESSAGES.INCORRECT_CURRENT_PASSWORD);\n }\n\n // Update Password\n const pwdData = await this.userService.hashPassword(\n changePasswordDto.newPassword,\n );\n user.password = changePasswordDto.newPassword;\n\n user.password = pwdData.password;\n user.passwordScheme = pwdData.passwordScheme;\n user.passwordSchemeVersion = pwdData.passwordSchemeVersion;\n // Everytime the user changes the password we reset the forcePasswordChange flag back to false. \n user.forcePasswordChange = false;\n\n await this.userRepository.save(user);\n\n return true;\n }\n\n // generate uuid token for forgot password\n private async generateForgotPasswordToken(user?: User) {\n const expiryTime = new Date();\n const forgotPasswordVerificationTokenExpiry = this.settingService.getConfigValue<SolidCoreSetting>('forgotPasswordVerificationTokenExpiry');\n const dummyOtp = this.getDummyOtpForUser(user);\n expiryTime.setMinutes(expiryTime.getMinutes() + forgotPasswordVerificationTokenExpiry);\n\n return {\n token: dummyOtp ? dummyOtp : uuidv4(),\n expiresAt: expiryTime,\n };\n }\n\n async initiateForgotPassword(initiateForgotPasswordDto: InitiateForgotPasswordDto) {\n // Steps / Algorithm: \n // 1. Identify the user using the specified \"username\", if not found exit.\n // const user = await this.userRepository.findOne({\n // where: { username: initiateForgotPasswordDto.username, }\n // });\n const user = await this.resolveUser(initiateForgotPasswordDto.username, initiateForgotPasswordDto.email);\n\n let isValidUser = true // Instead of throwing exceptions we will simply return success message, this is to avoid user enumeration attacks.\n if (!user) {\n isValidUser = false\n // throw new NotFoundException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n if (isValidUser && !user?.active) {\n isValidUser = false\n // throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n\n // 2. Validate if user has used a provider which is \"local\", only then it makes sense for us to initiate the forgot password routine. \n if (isValidUser && user?.lastLoginProvider !== 'local') {\n isValidUser = false\n // throw new BadRequestException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n\n // 3. Generate a 6 digit validation token, we send this token to the user over their email & mobile number (controlled using configuration).\n // 4. Save this validation token in new fields on the user record. \n if (isValidUser) {\n const { token, expiresAt } = await this.generateForgotPasswordToken(user);\n user.verificationTokenOnForgotPassword = token;\n user.verificationTokenOnForgotPasswordExpiresAt = expiresAt;\n await this.userRepository.save(user);\n await this.notifyUserOnForgotPassword(user);\n }\n\n // 5. Return. \n return {\n status: 'success',\n message: SUCCESS_MESSAGES.FORGOT_PASSWORD_TOKEN_SENT,\n error: '',\n errorCode: '',\n data: {\n user: {\n email: user?.email,\n // mobile: user.mobile,\n // username: user.username,\n },\n }\n }\n }\n\n private async notifyUserOnForgotPassword(user: User) {\n const companyLogo = await this.getCompanyLogo();\n\n const forgotPasswordSendVerificationTokenOn = this.settingService.getConfigValue<SolidCoreSetting>('forgotPasswordSendVerificationTokenOn');\n\n if (forgotPasswordSendVerificationTokenOn == ForgotPasswordSendVerificationTokenOn.EMAIL) {\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'forgot-password',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n firstName: user.username,\n fullName: user.fullName,\n // TODO: Need to prefix this with the page url where the forgot password page will open up.\n passwordResetLink: `${this.settingService.getConfigValue<SolidCoreSetting>('frontendForgotPasswordPageUrl')}?token=${user.verificationTokenOnForgotPassword}`,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n }\n // Assuming all users do not have mobile as mandatory.\n if (forgotPasswordSendVerificationTokenOn == ForgotPasswordSendVerificationTokenOn.MOBILE && user.mobile) {\n const smsService = this.smsFactory.getSmsService();\n smsService.sendSMSUsingTemplate(\n user.mobile,\n 'forgot-password',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n otp: user.verificationTokenOnForgotPassword,\n verificationTokenOnForgotPassword: user.verificationTokenOnForgotPassword,\n firstName: user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),\n );\n }\n }\n\n async confirmForgotPassword(confirmForgotPasswordDto: ConfirmForgotPasswordDto) {\n return this.dataSource.transaction(async (m) => {\n // Resolve the user id first (by username/email), but DON'T check the token in JS.\n const user = await this.resolveUserByVerificationToken(confirmForgotPasswordDto.verificationToken);\n if (!user) throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n if (user.lastLoginProvider !== 'local') throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n if (!user.active) throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n\n // 1) Atomically consume the token (only one request can succeed)\n const { affected } = await m\n .createQueryBuilder()\n .update(User)\n .set({\n forgotPasswordConfirmedAt: () => 'NOW()',\n verificationTokenOnForgotPassword: () => 'NULL',\n verificationTokenOnForgotPasswordExpiresAt: () => 'NULL',\n })\n .where('id = :id', { id: user.id })\n .andWhere('verificationTokenOnForgotPassword = :token', { token: confirmForgotPasswordDto.verificationToken })\n .andWhere('verificationTokenOnForgotPasswordExpiresAt > NOW()')\n .execute();\n\n if (affected !== 1) {\n // Token invalid/expired/already used (or a parallel call already consumed it)\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n\n // 2) Now update the password & history (still inside the same transaction)\n const pwdHash = await this.hashingService.hash(confirmForgotPasswordDto.password);\n const pwdScheme = this.hashingService.name(); // e.g. bcrypt\n const pwdSchemeVersion = this.hashingService.currentVersion(); // e.g. 1, 2, 3 ...\n\n // Check reuse with your existing method (ensure it looks at hashes).\n await m.getRepository(User).update({ id: user.id }, { password: pwdHash, passwordScheme: pwdScheme, passwordSchemeVersion: pwdSchemeVersion });\n await this.notifyUserOnPasswordChanged(user);\n\n return {\n status: 'success',\n message: SUCCESS_MESSAGES.FORGOT_PASSWORD_CONFIRMED,\n error: '',\n errorCode: '',\n data: {},\n };\n });\n }\n\n private async notifyUserOnPasswordChanged(user: User) {\n const companyLogo = await this.getCompanyLogo();\n const forgotPasswordSendVerificationTokenOn = this.settingService.getConfigValue<SolidCoreSetting>('forgotPasswordSendVerificationTokenOn');\n\n if (forgotPasswordSendVerificationTokenOn == ForgotPasswordSendVerificationTokenOn.EMAIL) {\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'password-changed',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n email: user.email,\n firstName: user.username,\n fullName: user.fullName,\n // TODO: Need to prefix this with the page url where the forgot password page will open up.\n passwordResetLink: `${this.settingService.getConfigValue<SolidCoreSetting>('frontendForgotPasswordPageUrl')}?token=${user.verificationTokenOnForgotPassword}`,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n }\n // Assuming all users do not have mobile as mandatory.\n if (forgotPasswordSendVerificationTokenOn == ForgotPasswordSendVerificationTokenOn.MOBILE && user.mobile) {\n const smsService = this.smsFactory.getSmsService();\n smsService.sendSMSUsingTemplate(\n user.mobile,\n 'forgot-password',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n otp: user.verificationTokenOnForgotPassword,\n verificationTokenOnForgotPassword: user.verificationTokenOnForgotPassword,\n firstName: user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),\n );\n }\n }\n\n async generateTokens(user: User) {\n\n const [accessToken, refreshToken] = await Promise.all([\n await this.generateAccessToken(user),\n await this.generateRefreshToken(user),\n ]);\n\n return {\n accessToken,\n refreshToken,\n };\n }\n\n async generateAccessToken(user: User) {\n\n // const userRoleNames = user.roles.map((role) => role.name).join(';')\n const userRoleNames = user.roles.map((role) => role.name);\n\n const accessTokenTtl = this.settingService.getConfigValue<SolidCoreSetting>(\"accessTokenTtl\");\n const accessToken = await this.signToken<Partial<ActiveUserData>>(\n user.id,\n accessTokenTtl,\n { username: user.username, email: user.email, roles: userRoleNames },\n );\n\n return accessToken;\n }\n\n async generateRefreshToken(user: User, previousRefreshToken?: string) {\n const refreshTokenId = randomUUID();\n const refreshTokenTtl = this.settingService.getConfigValue<SolidCoreSetting>(\"refreshTokenTtl\");\n const refreshToken = await this.signToken(user.id, refreshTokenTtl, {\n refreshTokenId,\n })\n\n // store the refresh token id in the redis storage.\n await this.refreshTokenIdsStorage.insert(user.id, refreshToken, previousRefreshToken);\n\n return refreshToken;\n }\n\n async refreshTokens(refreshTokenDto: RefreshTokenDto) {\n try {\n const secret = this.settingService.getConfigValue<SolidCoreSetting>(\"secret\");\n const audience = this.settingService.getConfigValue<SolidCoreSetting>(\"audience\");\n const issuer = this.settingService.getConfigValue<SolidCoreSetting>(\"issuer\");\n\n const { sub } = await this.jwtService.verifyAsync<Pick<ActiveUserData, 'sub'> & { refreshTokenId: string }>(refreshTokenDto.refreshToken, {\n secret,\n audience,\n issuer,\n });\n // const user = await this.userRepository.findOneByOrFail({ id: sub });\n const user = await this.userRepository.findOne({\n where: {\n id: sub,\n },\n relations: {\n roles: true\n }\n });\n if (!user) {\n throw new UnauthorizedException(ERROR_MESSAGES.SESSION_INVALID);\n }\n\n // TODO: Replace the if else condition below with a call to validateAndRotate - Done\n // const isValid = await this.refreshTokenIdsStorage.validate(user.id, refreshTokenId);\n // if (isValid) {\n // // Refresh token rotation.\n // await this.refreshTokenIdsStorage.invalidate(user.id);\n // } else {\n // throw new Error('Refresh token is invalid');\n // }\n\n const currentRefreshToken = await this.refreshTokenIdsStorage.validateAndRotate(user, refreshTokenDto.refreshToken);\n\n await this.userActivityHistoryService.logEvent('tokenRefreshed', user);\n\n return {\n accessToken: await this.generateAccessToken(user),\n refreshToken: currentRefreshToken,\n };\n } catch (err) {\n if (err instanceof InvalidatedRefreshTokenError) {\n // Take action: notify user that his refresh token might have been stolen?\n throw new UnauthorizedException(ERROR_MESSAGES.ACCESS_DENIED);\n }\n\n throw new UnauthorizedException(ERROR_MESSAGES.SESSION_EXPIRED);\n }\n }\n\n private async signToken<T>(userId: number, expiresIn: number, payload?: T) {\n const audience = this.settingService.getConfigValue<SolidCoreSetting>(\"audience\");\n const issuer = this.settingService.getConfigValue<SolidCoreSetting>(\"issuer\");\n const secret = this.settingService.getConfigValue<SolidCoreSetting>(\"secret\");\n\n\n return await this.jwtService.signAsync(\n {\n sub: userId,\n ...payload,\n },\n {\n audience,\n issuer,\n secret,\n expiresIn,\n },\n );\n }\n\n // PROVIDER SPECIFIC CODE\n async validateUserUsingGoogle(user: User) {\n try {\n // Make API call to Google OAuth service to fetch user profile\n const response = await this.httpService.axiosRef.get(`https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=${user.googleAccessToken}`);\n const userProfile = response.data;\n\n // Ensure the fetched profile email & provider Id match the ones we have stored in the database earlier. \n if (userProfile.email === user.email && userProfile.id === user.googleId) {\n // TODO: remove the access code both from the database.\n return userProfile;\n } else {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_USER_PROFILE);\n }\n } catch (error) {\n throw new UnauthorizedException(ERROR_MESSAGES.GOOGLE_OAUTH_PROFILE_FETCH_FAILED);\n }\n }\n\n async signInUsingGoogle(accessCode: string) {\n const user = await this.userRepository.findOne({\n where: {\n accessCode: accessCode\n },\n relations: {\n roles: true\n }\n });\n\n if (!user) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);\n }\n this.checkAccountBlocked(user);\n\n try {\n await this.validateUserUsingGoogle(user);\n } catch (e) {\n await this.incrementFailedAttempts(user);\n throw e;\n }\n\n await this.resetFailedAttempts(user);\n const tokens = await this.generateTokens(user);\n return {\n user: {\n email: user.email,\n mobile: user.mobile,\n username: user.username,\n // forcePasswordChange: user.forcePasswordChange,\n id: user.id,\n roles: user.roles.map((role) => role.name)\n },\n ...tokens\n }\n }\n\n private async isPasswordlessRegistrationEnabled() {\n // return this.settingService.getConfigValue<SolidCoreSetting>('passwordlessRegistration');\n return this.settingService.getConfigValue<SolidCoreSetting>('passwordLessAuth');\n }\n\n private checkAccountBlocked(user: User): void {\n const maxFailedAttempts = this.settingService.getConfigValue<SolidCoreSetting>('maxFailedLoginAttempts') as number;\n if (maxFailedAttempts > 0 && user.failedLoginAttempts >= maxFailedAttempts) {\n throw new ForbiddenException(ERROR_MESSAGES.ACCOUNT_BLOCKED);\n }\n }\n\n private async incrementFailedAttempts(user: User): Promise<void> {\n user.failedLoginAttempts += 1;\n await this.userRepository.save(user);\n }\n\n private async resetFailedAttempts(user: User): Promise<void> {\n if (user.failedLoginAttempts === 0) return;\n user.failedLoginAttempts = 0;\n await this.userRepository.save(user);\n }\n\n //FIXME - Pending implementation\n // async logout() {\n // // const user = this.request.user; //TODO: // Access the user from the execution context\n\n // // Invalidate the refresh token\n // // await this.refreshTokenIdsStorage.invalidate(user.id);\n // }\n async logout(refreshToken: string) {\n try {\n // const activeUser = this.requestContextService.getActiveUser();\n // const userId = activeUser?.sub;\n // const user = await this.userRepository.findOne({\n // where: {\n // id: userId,\n // }\n // })\n // // Invalidate refresh token if you store them\n // await this.refreshTokenIdsStorage.invalidate(userId); // ← Your existing logic\n // if (!refreshToken) {\n // throw new UnauthorizedException('Refresh token is required');\n // }\n const payload = this.jwtService.decode(refreshToken) as any;\n\n if (!payload || !payload.sub) {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_REFRESH_TOKEN);\n }\n\n const userId = payload.sub;\n await this.refreshTokenIdsStorage.invalidate(userId);\n const user = await this.userRepository.findOne({\n where: {\n id: userId,\n }\n })\n // Log logout event\n await this.userActivityHistoryService.logEvent('logout', user);\n\n return { message: SUCCESS_MESSAGES.LOGOUT_SUCCESS };\n } catch (err) {\n throw err instanceof UnauthorizedException || err instanceof InternalServerErrorException\n ? err\n : new InternalServerErrorException(ERROR_MESSAGES.LOGOUT_FAILED);\n }\n }\n\n\n async activateUser(userId: number) {\n const user = await this.userService.findOne(userId, {});\n if (!user) {\n throw new NotFoundException(ERROR_MESSAGES.USER_NOT_FOUND);\n }\n user.active = true;\n await this.userRepository.save(user);\n }\n\n async me(activeUser: ActiveUserData) {\n const user = await this.userRepository.findOne({\n where: {\n id: activeUser.sub,\n },\n relations: {\n roles: true\n }\n });\n\n // const tokens = await this.generateTokens(user);\n\n // Get the refresh token for a user from refresh token storage.\n const refreshTokenState = await this.refreshTokenIdsStorage.getCurrentRefreshTokenState(user.id);\n\n const response = {\n user: {\n email: user.email,\n mobile: user.mobile,\n username: user.username,\n // forcePasswordChange: user.forcePasswordChange,\n id: user.id,\n roles: user.roles.map((role) => role.name)\n },\n refreshToken: refreshTokenState.currentRefreshToken,\n // ...tokens\n }\n return response;\n }\n\n}\n\nfunction parseUniqueConstraintError(detail: string): string {\n const match = detail.match(/Key \\(([^)]+)\\)=\\(([^)]+)\\) already exists\\./);\n if (match) {\n const field = match[1];\n const value = match[2];\n const fieldMap: Record<string, string> = {\n username: 'username',\n email: 'email address',\n full_name_user_key: 'full name',\n };\n const friendlyField = fieldMap[field] || field;\n return `A user with ${friendlyField} \"${value}\" already exists.`;\n }\n return detail;\n}\n"]}
|
|
1
|
+
{"version":3,"file":"authentication.service.js","sourceRoot":"","sources":["../../src/services/authentication.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAA4C;AAE5C,2CASwB;AACxB,yDAAsD;AACtD,qCAAyC;AACzC,6CAAmD;AACnD,qDAAsD;AACtD,mCAA+C;AAC/C,gEAA8D;AAC9D,oEAAkE;AAElE,4DAAyD;AACzD,mEAAgE;AAChE,qCAAiD;AACjD,+BAAoC;AACpC,4CAIsB;AAUtB,yDAA+C;AAC/C,8CAAwD;AAExD,uDAAmD;AACnD,2FAAkH;AAClH,mEAA8D;AAC9D,uDAAmD;AACnD,mFAA6E;AAC7E,iDAA6C;AAC7C,0DAAuD;AAEvD,IAAK,aAIJ;AAJD,WAAK,aAAa;IACd,gCAAe,CAAA;IACf,kCAAiB,CAAA;IACjB,4BAAW,CAAA;AACf,CAAC,EAJI,aAAa,KAAb,aAAa,QAIjB;AAQM,IAAM,qBAAqB,6BAA3B,MAAM,qBAAqB;IAG9B,YACqB,WAAwB,EAExB,cAA8B,EAC9B,cAA8B,EAC9B,UAAsB,EACtB,sBAAqD,EACrD,WAAwB,EAExB,kBAA+B,EAE/B,UAAsB,EACtB,YAA2B,EAC3B,cAA8B,EAC9B,mBAAwC,EACxC,0BAAsD,EAGvE,UAAuC;QAjBtB,gBAAW,GAAX,WAAW,CAAa;QAExB,mBAAc,GAAd,cAAc,CAAgB;QAC9B,mBAAc,GAAd,cAAc,CAAgB;QAC9B,eAAU,GAAV,UAAU,CAAY;QACtB,2BAAsB,GAAtB,sBAAsB,CAA+B;QACrD,gBAAW,GAAX,WAAW,CAAa;QAExB,uBAAkB,GAAlB,kBAAkB,CAAa;QAE/B,eAAU,GAAV,UAAU,CAAY;QACtB,iBAAY,GAAZ,YAAY,CAAe;QAC3B,mBAAc,GAAd,cAAc,CAAgB;QAC9B,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,+BAA0B,GAA1B,0BAA0B,CAA4B;QAGtD,eAAU,GAAV,UAAU,CAAY;QApB1B,WAAM,GAAG,IAAI,eAAM,CAAC,uBAAqB,CAAC,IAAI,CAAC,CAAC;IAuBjE,CAAC;IAEO,KAAK,CAAC,cAAc;QACxB,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,aAAa,CAAC,CAAC;IAC/E,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,KAAa;QAC7C,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YACrC,KAAK,EAAE;gBACH,EAAE,QAAQ,EAAE,QAAQ,EAAE;gBACtB,EAAE,KAAK,EAAE,KAAK,EAAE;aACnB;YACD,SAAS,EAAE;gBACP,KAAK,EAAE,IAAI;aACd;SACJ,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAAU,EAAE,WAAmB;QACvD,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC5D,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QACjD,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,CAAC;QAClE,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE;YACtC,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,qBAAqB,EAAE,IAAI,CAAC,qBAAqB;YACjD,UAAU,EAAE,IAAI,CAAC,UAAU;SAC9B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,8BAA8B,CAAC,KAAa;QAC9C,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YACrC,KAAK,EAAE,EAAE,iCAAiC,EAAE,KAAK,EAAE;YACnD,SAAS,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7B,CAAC,CAAC;IACP,CAAC;IAEO,KAAK,CAAC,4BAA4B,CAAC,IAAU,EAAE,QAAgB;QACnE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,eAAe,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACvG,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;QACxE,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,wBAAwB,CAAC,IAAU,EAAE,QAAgB;QAC/D,IAAI,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC;YAC7E,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACrD,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAoB,EAAE,aAA6B,IAAI;QAMhE,IAAI,CAAC;YACD,MAAM,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,iCAAiC,CAAC,CAAC;YACtH,MAAM,0BAA0B,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,4BAA4B,CAAC,CAAC;YACtH,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,aAAa,CAAC,CAAC;YAExF,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,kBAAI,EAAE,EAAE,SAAS,EAAE,0BAA0B,EAAE,qBAAqB,CAAC,CAAC;YAC7I,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEvD,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC;YACxC,IAAI,SAAS,CAAC,QAAQ,KAAK,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC7C,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAChC,CAAC;YACD,MAAM,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,SAAS,EAAE,GAAG,EAAE,gBAAgB,CAAC,CAAC;YAIzE,OAAO,SAAS,CAAC;QACrB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,0BAA0B,GAAG,OAAO,CAAC;YAC3C,IAAI,GAAG,CAAC,IAAI,KAAK,0BAA0B,EAAE,CAAC;gBAC1C,MAAM,IAAI,0BAAiB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YACpE,CAAC;YACD,MAAM,GAAG,CAAC;QACd,CAAC;IACL,CAAC;IAED,KAAK,CAAC,sBAAsB,CAA0C,SAAoB,EAAE,gBAAmB,EAAE,iBAAgC;QAC7I,IAAI,CAAC;YACD,MAAM,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,iCAAiC,CAAC,CAAC;YAGtH,MAAM,aAAa,GAAG,iBAAiB,CAAC,KAAK,CAAC,iBAAiB,CAAC,MAAM,EAAO,EAAE,gBAAgB,CAAC,CAAC;YACjG,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAI,aAAa,EAAE,SAAS,EAAE,gBAAgB,CAAC,MAAM,IAAI,IAAI,EAAE,qBAAqB,CAAC,CAAC;YACxJ,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAErD,MAAM,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,gBAAgB,CAAC,CAAC;YAE/E,OAAO,SAAS,CAAC;QACrB,CAAC;QACD,OAAO,GAAG,EAAE,CAAC;YACT,MAAM,0BAA0B,GAAG,OAAO,CAAC;YAC3C,IAAI,GAAG,CAAC,IAAI,KAAK,0BAA0B,EAAE,CAAC;gBAC1C,MAAM,IAAI,0BAAiB,CAAC,0BAA0B,CAAC,GAAG,CAAC,MAAM,IAAI,+BAAc,CAAC,2BAA2B,CAAC,CAAC,CAAC;YACtH,CAAC;YACD,MAAM,GAAG,CAAC;QACd,CAAC;IACL,CAAC;IAGO,KAAK,CAAC,iBAAiB,CAAiB,IAAO,EAAE,SAAoB,EAAE,eAAwB,IAAI,EAAE,qBAA+B;QAExI,IAAI,0BAA0B,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,0BAA0B,CAAC,CAAC;QAClH,IAAI,SAAS,CAAC,KAAK,IAAI,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC9C,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACpC,MAAM,IAAI,CAAC,mBAAmB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAC5D,CAAC;QACL,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;QACnC,IAAI,CAAC,mBAAmB,GAAG,qBAAqB,CAAC;QACjD,IAAI,SAAS,CAAC,MAAM,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;QACnC,CAAC;QAID,IAAI,GAAG,GAAG,EAAE,CAAC;QACb,IAAI,gBAAgB,GAAG,EAAE,CAAC;QAG1B,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;YACrB,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC7D,CAAC;aAEI,CAAC;YAEF,IAAI,0BAA0B,EAAE,QAAQ,EAAE,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;gBAClE,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC3C,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACvD,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;YACpC,CAAC;iBAEI,CAAC;gBAGF,IAAI,CAAC,MAAM,IAAI,CAAC,iCAAiC,EAAE,EAAE,CAAC;oBAClD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sHAAsH,CAAC,CAAC;oBAC1I,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kCAAkC,CAAC,CAAC;gBACrF,CAAC;gBAGD,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC;QACL,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC;QACpB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QACjD,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,CAAC;QAClE,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC;QAC3B,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC;IAC3C,CAAC;IAGO,KAAK,CAAC,gBAAgB,CAAC,IAAU,EAAE,QAAkB,EAAE,EAAE,GAAW,EAAE,gBAAwB;QAClG,MAAM,IAAI,CAAC,WAAW,CAAC,yBAAyB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAI9D,IAAI,IAAI,CAAC,mBAAmB,IAAI,gBAAgB,EAAE,CAAC;YAC/C,MAAM,IAAI,CAAC,+BAA+B,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QACvE,CAAC;QAGD,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAGD,gBAAgB,CAAC,SAAiB,CAAC;QAC/B,MAAM,SAAS,GAAG,4BAA4B,CAAC;QAC/C,MAAM,SAAS,GAAG,4BAA4B,CAAC;QAC/C,MAAM,OAAO,GAAG,YAAY,CAAC;QAC7B,MAAM,YAAY,GAAG,KAAK,CAAC;QAC3B,MAAM,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,OAAO,GAAG,YAAY,CAAC;QAEhE,IAAI,QAAQ,GAAG,EAAE,CAAC;QAElB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;YAChE,QAAQ,IAAI,QAAQ,CAAC,WAAW,CAAC,CAAC;QACtC,CAAC;QAED,OAAO,QAAQ,CAAC;IACpB,CAAC;IAEO,KAAK,CAAC,+BAA+B,CAAC,IAAU,EAAE,gBAAwB;QAC9E,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;QAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,0BAA0B,EAC1B;YACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;YAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;YAC9F,oBAAoB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,sBAAsB,CAAC;YAClG,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,gBAAgB;YAC1B,cAAc,EAAE,WAAW;SAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;IAEN,CAAC;IAEO,KAAK,CAAC,qBAAqB;QAC/B,MAAM,wBAAwB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,0BAA0B,CAAC,CAAC;QAClH,OAAO,wBAAwB,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,mBAAmB;QAC7B,MAAM,sBAAsB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,wBAAwB,CAAC,CAAC;QAC9G,OAAO,sBAAsB,CAAC;IAClC,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,IAAU;QACvC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAEhD,IAAI,MAAM,IAAI,CAAC,qBAAqB,EAAE,EAAE,CAAC;YACrC,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;YAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;gBAC9F,oBAAoB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,sBAAsB,CAAC;gBAClG,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;QACN,CAAC;QAGD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAA;QAC5D,IAAI,mBAAmB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACrC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;YACnD,UAAU,CAAC,oBAAoB,CAC3B,IAAI,CAAC,MAAM,EACX,gBAAgB,EAChB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,oBAAoB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,sBAAsB,CAAC;gBAClG,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ;aAC1D,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CAEzE,CAAC;QACN,CAAC;IACL,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,SAAuB;QACjD,MAAM,iCAAiC,GAAG,MAAM,IAAI,CAAC,iCAAiC,EAAE,CAAC;QACzF,IAAI,CAAC,iCAAiC,EAAE,CAAC;YACrC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kCAAkC,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,mCAAmC,EAAE,CAAC;QACpE,IAAI,CAAC,4BAA4B,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;QAE/D,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,4BAA4B,CAAC,SAAS,CAAC,CAAC;QACxE,IAAI,IAAA,4BAAU,EAAC,YAAY,CAAC,IAAI,YAAY,CAAC,MAAM,EAAE,CAAC;YAClD,MAAM,IAAI,0BAAiB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;QACpE,CAAC;QAED,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,4CAA4C,CAAC,YAAY,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAChH,MAAM,IAAI,CAAC,mCAAmC,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,0BAAiB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YACpE,CAAC;YACD,MAAM,GAAG,CAAC;QACd,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,mCAAgB,CAAC,6BAA6B,EAAE,CAAC;IACvE,CAAC;IAEO,4BAA4B,CAAC,SAAuB,EAAE,gBAAwB;QAClF,IAAI,gBAAgB,KAAK,uDAA2C,CAAC,KAAK,IAAI,IAAA,yBAAO,EAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACrG,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,6BAA6B,CAAC,CAAC;QAChF,CAAC;QACD,IAAI,gBAAgB,KAAK,uDAA2C,CAAC,MAAM,IAAI,IAAA,yBAAO,EAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACvG,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,8BAA8B,CAAC,CAAC;QACjF,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,4BAA4B,CAAC,SAAuB;QAC9D,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC/B,KAAK,EAAE;gBACH,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE;gBAC1B,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE;gBAC5B,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE;aACnC;SACJ,CAAC,CAAC;IACP,CAAC;IAEO,mCAAmC;QACvC,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,sCAAsC,CAAC,CAAC;IACxG,CAAC;IAEO,KAAK,CAAC,4CAA4C,CAAC,YAAkB,EAAE,SAAuB,EAAE,gBAAwB;QAC5H,IAAI,IAAI,GAAG,YAAY,CAAC;QACxB,IAAI,IAAA,yBAAO,EAAC,IAAI,CAAC,EAAE,CAAC;YAChB,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAClC,MAAM,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YACzD,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrC,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,aAAa,CAAC,CAAC,CAAC;QAC7H,CAAC;aAAM,CAAC;YACJ,MAAM,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YACzD,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAGO,UAAU,CAAC,SAAuB;QACtC,MAAM,IAAI,GAAG,IAAI,kBAAI,EAAE,CAAC;QACxB,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;QAC/B,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC,aAAa,CAAC;QAC7C,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC,GAAG,CAAC;QAC3C,OAAO,IAAI,CAAC;IAChB,CAAC;IAGO,KAAK,CAAC,qBAAqB,CAAC,oCAA4C,EAAE,IAAU;QACxF,IAAI,CAAC,oCAAoC,EAAE,CAAC;YACxC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,0BAA0B,CAAC,CAAC;QAC7E,CAAC;QACD,MAAM,2BAA2B,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,6BAA6B,CAAC,CAAC;QACxH,IAAI,oCAAoC,KAAK,uDAA2C,CAAC,KAAK,EAAE,CAAC;YAC7F,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9C,IAAI,CAAC,oCAAoC,GAAG,KAAK,CAAC;YAClD,IAAI,CAAC,6CAA6C,GAAG,SAAS,CAAC;YAC/D,IAAI,2BAA2B,EAAE,CAAC;gBAC9B,IAAI,CAAC,6BAA6B,GAAG,KAAK,CAAC;gBAC3C,IAAI,CAAC,sCAAsC,GAAG,SAAS,CAAC;YAC5D,CAAC;QACL,CAAC;QACD,IAAI,oCAAoC,KAAK,uDAA2C,CAAC,MAAM,EAAE,CAAC;YAC9F,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9C,IAAI,CAAC,qCAAqC,GAAG,KAAK,CAAC;YACnD,IAAI,CAAC,8CAA8C,GAAG,SAAS,CAAC;YAChE,IAAI,2BAA2B,EAAE,CAAC;gBAC9B,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;gBAC5C,IAAI,CAAC,uCAAuC,GAAG,SAAS,CAAC;YAC7D,CAAC;QACL,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,mCAAmC,CAAC,IAAU,EAAE,4BAAoC;QAC9F,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,IAAI,4BAA4B,KAAK,gDAAoC,CAAC,KAAK,EAAE,CAAC;YAC9E,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;YAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;gBAC9F,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ;gBACvD,oCAAoC,EAAE,IAAI,CAAC,oCAAoC;gBAC/E,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;QACN,CAAC;QACD,IAAI,4BAA4B,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;YAC/E,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;YACnD,UAAU,CAAC,oBAAoB,CAC3B,IAAI,CAAC,MAAM,EACX,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,GAAG,EAAE,IAAI,CAAC,qCAAqC;gBAC/C,qCAAqC,EAAE,IAAI,CAAC,qCAAqC;gBACjF,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ;gBACvD,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CAEzE,CAAC;QACN,CAAC;IACL,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,gBAAkC;QAC3D,MAAM,iCAAiC,GAAG,MAAM,IAAI,CAAC,iCAAiC,EAAE,CAAC;QACzF,IAAI,CAAC,iCAAiC,EAAE,CAAC;YACrC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kCAAkC,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,gBAAgB,CAAC;QACnD,IAAI,IAAI,KAAK,uDAA2C,CAAC,KAAK;YAC1D,IAAI,KAAK,uDAA2C,CAAC,MAAM,EAAE,CAAC;YAC9D,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,yBAAyB,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gCAAgC,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC3E,IAAI,CAAC,uBAAuB,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC9C,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,4BAA4B,CAAC;YAC5F,MAAM,IAAI,CAAC,uDAAuD,CAAC,IAAI,CAAC,CAAC;QAE7E,MAAM,SAAS,GAAS,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7D,IAAI,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC;QACzC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,kCAAkC,IAAI,EAAE,EAAE,CAAC;IAC3F,CAAC;IAEO,KAAK,CAAC,gCAAgC,CAC1C,IAAiD,EACjD,UAAkB;QAElB,MAAM,KAAK,GAAG,IAAI,KAAK,uDAA2C,CAAC,KAAK;YACpE,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE;YACvB,CAAC,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,cAAc,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,uBAAuB,CAC3B,IAAU,EACV,GAAW,EACX,IAAiD;QAEjD,MAAM,OAAO,GAAG,IAAI,KAAK,uDAA2C,CAAC,KAAK,CAAC;QAC3E,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC,CAAC,IAAI,CAAC,qCAAqC,CAAC;QAC/G,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC;QAErI,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,WAAW,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,WAAW,CAAC,CAAC;QAChE,CAAC;IACL,CAAC;IAEO,oBAAoB,CAAC,IAAU,EAAE,IAAiD;QACtF,IAAI,IAAI,KAAK,uDAA2C,CAAC,KAAK,EAAE,CAAC;YAC7D,IAAI,CAAC,6BAA6B,GAAG,IAAI,IAAI,EAAE,CAAC;YAChD,IAAI,CAAC,oCAAoC,GAAG,IAAI,CAAC;YACjD,IAAI,CAAC,6CAA6C,GAAG,IAAI,CAAC;QAC9D,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,8BAA8B,GAAG,IAAI,IAAI,EAAE,CAAC;YACjD,IAAI,CAAC,qCAAqC,GAAG,IAAI,CAAC;YAClD,IAAI,CAAC,8CAA8C,GAAG,IAAI,CAAC;QAC/D,CAAC;IACL,CAAC;IAEO,wBAAwB,CAAC,SAAe;QAE5C,MAAM,KAAK,GAAG,IAAI,yBAAY,CAAO,sBAAS,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAC3E,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,sBAAS,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IAC7D,CAAC;IAEO,KAAK,CAAC,uDAAuD,CAAC,IAAU;QAC5E,MAAM,4BAA4B,GAAG,IAAI,CAAC,mCAAmC,EAAE,CAAC;QAChF,IAAI,4BAA4B,KAAK,gDAAoC,CAAC,KAAK,EAAE,CAAC;YAC9E,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE,CAAC;gBACtC,OAAO,KAAK,CAAC;YACjB,CAAC;QACL,CAAC;QACD,IAAI,4BAA4B,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;YAC/E,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;gBACvC,OAAO,KAAK,CAAC;YACjB,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,GAAG;QACb,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,WAAW,CAAC,CAAC;QACpF,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,SAAS,CAAC,CAAC;QAC7C,OAAO;YACH,KAAK,EAAE,IAAA,kBAAS,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC,QAAQ,EAAE;YAC3C,SAAS,EAAE,GAAG;SACjB,CAAC;IACN,CAAC;IAEO,kBAAkB,CAAC,IAAW;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC,CAAC;QAClF,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC;YAC/B,OAAO,SAAS,CAAC;QACrB,CAAC;QACD,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC7C,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YACrB,OAAO,SAAS,CAAC;QACrB,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,OAAO,SAAS,CAAC;QACrB,CAAC;QACD,OAAO,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IAC7D,CAAC;IAEO,gBAAgB;QACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,eAAe,CAAC,CAAC;QACvF,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC5C,OAAO,IAAI,GAAG,EAAE,CAAC;QACrB,CAAC;QACD,OAAO,IAAI,GAAG,CACV,QAAQ;aACH,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;aAC1C,MAAM,CAAC,OAAO,CAAC,CACvB,CAAC;IACN,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAoB;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QACzE,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;QACxE,CAAC;QACD,MAAM,IAAI,CAAC,4BAA4B,CAAC,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;QAClE,MAAM,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC9D,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAErC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE/C,MAAM,IAAI,CAAC,0BAA0B,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAE9D,OAAO;YACH,IAAI,EAAE;gBACF,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;gBAC7C,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;aAC7C;YACD,GAAG,MAAM;SACZ,CAAA;IACL,CAAC;IAEO,SAAS,CAAC,KAAa;QAC3B,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,OAAO,MAAM,EAAE,CAAC;QAC1C,CAAC;QAED,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3C,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO,GAAG,YAAY,MAAM,UAAU,IAAI,MAAM,EAAE,CAAC;IACvD,CAAC;IAEO,UAAU,CAAC,MAAc;QAC7B,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACrB,OAAO,MAAM,CAAC;QAClB,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACpC,OAAO,MAAM,UAAU,EAAE,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,SAAuB;QAC1C,MAAM,iCAAiC,GAAG,MAAM,IAAI,CAAC,iCAAiC,EAAE,CAAC;QACzF,IAAI,CAAC,iCAAiC,EAAE,CAAC;YACrC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kCAAkC,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACtC,IAAI,CAAC,6BAA6B,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAClD,CAAC;IAEO,gBAAgB,CAAC,SAAuB;QAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,+BAA+B,CAAyC,CAAC;QAE9I,IAAI,OAAO,KAAK,gDAAoC,CAAC,UAAU,EAAE,CAAC;YAC9D,IAAI,SAAS,CAAC,IAAI,KAAK,gDAAoC,CAAC,KAAK;gBAC7D,SAAS,CAAC,IAAI,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;gBACjE,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,yBAAyB,CAAC,CAAC;YAC5E,CAAC;YACD,OAAO,SAAS,CAAC,IAA4C,CAAC;QAClE,CAAC;QAED,IAAI,OAAO,KAAK,gDAAoC,CAAC,KAAK;YACtD,OAAO,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;YAC1D,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,yBAAyB,CAAC,CAAC;IAC5E,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC1B,IAA0C,EAC1C,UAAkB,EAClB,UAAmC,EAAE;QAErC,MAAM,SAAS,GAAG,IAAI,KAAK,gDAAoC,CAAC,KAAK;YACjE,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE;YACvB,CAAC,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC3C,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,SAAS,CAAC;YAC5C,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC/D,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,cAAc,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,aAAa,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,IAAU,EAAE,IAA0C;QAC/E,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;QAC9C,IAAI,IAAI,KAAK,gDAAoC,CAAC,KAAK,EAAE,CAAC;YACtD,IAAI,CAAC,6BAA6B,GAAG,KAAK,CAAC;YAC3C,IAAI,CAAC,sCAAsC,GAAG,SAAS,CAAC;YACxD,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE;gBACtC,6BAA6B,EAAE,KAAK;gBACpC,sCAAsC,EAAE,SAAS;aACpD,CAAC,CAAC;QACP,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,8BAA8B,GAAG,KAAK,CAAC;YAC5C,IAAI,CAAC,uCAAuC,GAAG,SAAS,CAAC;YACzD,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE;gBACtC,8BAA8B,EAAE,KAAK;gBACrC,uCAAuC,EAAE,SAAS;aACrD,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAEO,qBAAqB,CAAC,IAAU,EAAE,IAA0C;QAChF,MAAM,gBAAgB,GAAG,IAAI,KAAK,gDAAoC,CAAC,KAAK;YACxE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;YACvC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,OAAO,EAAE,mCAAgB,CAAC,sBAAsB,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;IACxF,CAAC;IAEO,KAAK,CAAC,6BAA6B,CAAC,IAAU,EAAE,SAA+C;QACnG,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAE/C,IAAI,QAAQ;YACR,OAAO;QACX,IAAI,SAAS,KAAK,gDAAoC,CAAC,KAAK,EAAE,CAAC;YAC3D,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;YAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,cAAc,EACd;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;gBAC9F,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,6BAA6B,EAAE,IAAI,CAAC,6BAA6B;gBACjE,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ;gBACvD,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;QACN,CAAC;QACD,IAAI,SAAS,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;YAC5D,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;YACnD,UAAU,CAAC,oBAAoB,CAC3B,IAAI,CAAC,MAAM,EACX,cAAc,EACd;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,GAAG,EAAE,IAAI,CAAC,8BAA8B;gBACxC,8BAA8B,EAAE,IAAI,CAAC,8BAA8B;gBACnE,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ;gBACvD,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CAEzE,CAAC;QACN,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,gBAAkC;QACpD,MAAM,iCAAiC,GAAG,MAAM,IAAI,CAAC,iCAAiC,EAAE,CAAC;QACzF,IAAI,CAAC,iCAAiC,EAAE,CAAC;YACrC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kCAAkC,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,gBAAgB,CAAC;QACnD,IAAI,IAAI,KAAK,gDAAoC,CAAC,KAAK;YACnD,IAAI,KAAK,gDAAoC,CAAC,MAAM,EAAE,CAAC;YACvD,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,yBAAyB,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAE/C,IAAI,QAAQ,EAAE,CAAC;YACX,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACnB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,WAAW,CAAC,CAAC;YAChE,CAAC;YACD,OAAO,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,CAAC;YACD,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,CAAC,CAAC;QACZ,CAAC;QAED,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACrC,MAAM,IAAI,CAAC,0BAA0B,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC9D,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;IAEO,gBAAgB,CAAC,IAAU,EAAE,GAAW,EAAE,IAA0C;QACxF,MAAM,OAAO,GAAG,IAAI,KAAK,gDAAoC,CAAC,KAAK,CAAC;QACpE,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC;QACjG,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC,CAAC,IAAI,CAAC,uCAAuC,CAAC;QAEvH,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,WAAW,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,WAAW,CAAC,CAAC;QAChE,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,IAAU,EAAE,IAA0C;QAC9E,IAAI,IAAI,KAAK,gDAAoC,CAAC,KAAK,EAAE,CAAC;YACtD,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC,sBAAsB,GAAG,UAAU,CAAC;YACzC,IAAI,CAAC,6BAA6B,GAAG,IAAI,CAAC;YAC1C,IAAI,CAAC,sCAAsC,GAAG,IAAI,CAAC;YACnD,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE;gBACtC,sBAAsB,EAAE,UAAU;gBAClC,6BAA6B,EAAE,IAAI;gBACnC,sCAAsC,EAAE,IAAI;aAC/C,CAAC,CAAC;QACP,CAAC;aAAM,CAAC;YACJ,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC,uBAAuB,GAAG,UAAU,CAAC;YAC1C,IAAI,CAAC,8BAA8B,GAAG,IAAI,CAAC;YAC3C,IAAI,CAAC,uCAAuC,GAAG,IAAI,CAAC;YACpD,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE;gBACtC,uBAAuB,EAAE,UAAU;gBACnC,8BAA8B,EAAE,IAAI;gBACpC,uCAAuC,EAAE,IAAI;aAChD,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,IAAU;QAC5C,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACtE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC;QAChE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,KAAK,EAAE,EAAE,CAAC;IAC1G,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,iBAAoC,EAAE,UAA0B;QACjF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC3C,KAAK,EAAE,EAAE,EAAE,EAAE,iBAAiB,CAAC,EAAE,EAAE;SACtC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,0BAAiB,CAAC,+BAAc,CAAC,cAAc,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,aAAa,CAAC,CAAC;QAClE,CAAC;QAGD,IAAI,IAAI,CAAC,iBAAiB,KAAK,OAAO,EAAE,CAAC;YACrC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,kBAAkB,CAAC,CAAC;QACrE,CAAC;QAGD,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,gBAAgB,CAAC,CAAC;QACnE,CAAC;QAGD,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,4BAAmB,CAAC,+BAAc,CAAC,iBAAiB,CAAC,CAAC;QACpE,CAAC;QAGD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAC7C,iBAAiB,CAAC,eAAe,EACjC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,qBAAqB,CAC7B,CAAC;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,0BAA0B,CAAC,CAAC;QAC/E,CAAC;QAGD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAC/C,iBAAiB,CAAC,WAAW,CAChC,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,iBAAiB,CAAC,WAAW,CAAC;QAE9C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;QAC7C,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC;QAE3D,IAAI,CAAC,mBAAmB,GAAG,KAAK,CAAC;QAEjC,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAErC,OAAO,IAAI,CAAC;IAChB,CAAC;IAGO,KAAK,CAAC,2BAA2B,CAAC,IAAW;QACjD,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC9B,MAAM,qCAAqC,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,uCAAuC,CAAC,CAAC;QAC5I,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC/C,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,UAAU,EAAE,GAAG,qCAAqC,CAAC,CAAC;QAEvF,OAAO;YACH,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAA,SAAM,GAAE;YACrC,SAAS,EAAE,UAAU;SACxB,CAAC;IACN,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,yBAAoD;QAM7E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,yBAAyB,CAAC,QAAQ,EAAE,yBAAyB,CAAC,KAAK,CAAC,CAAC;QAEzG,IAAI,WAAW,GAAG,IAAI,CAAA;QACtB,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,WAAW,GAAG,KAAK,CAAA;QAEvB,CAAC;QACD,IAAI,WAAW,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;YAC/B,WAAW,GAAG,KAAK,CAAA;QAEvB,CAAC;QAGD,IAAI,WAAW,IAAI,IAAI,EAAE,iBAAiB,KAAK,OAAO,EAAE,CAAC;YACrD,WAAW,GAAG,KAAK,CAAA;QAEvB,CAAC;QAID,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC;YAC1E,IAAI,CAAC,iCAAiC,GAAG,KAAK,CAAC;YAC/C,IAAI,CAAC,0CAA0C,GAAG,SAAS,CAAC;YAC5D,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrC,MAAM,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC;QAChD,CAAC;QAGD,OAAO;YACH,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,mCAAgB,CAAC,0BAA0B;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,EAAE;YACb,IAAI,EAAE;gBACF,IAAI,EAAE;oBACF,KAAK,EAAE,IAAI,EAAE,KAAK;iBAGrB;aACJ;SACJ,CAAA;IACL,CAAC;IAEO,KAAK,CAAC,0BAA0B,CAAC,IAAU;QAC/C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAEhD,MAAM,qCAAqC,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,uCAAuC,CAAC,CAAC;QAE5I,IAAI,qCAAqC,IAAI,iDAAqC,CAAC,KAAK,EAAE,CAAC;YACvF,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;YAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;gBAC9F,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBAEvB,iBAAiB,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,+BAA+B,CAAC,UAAU,IAAI,CAAC,iCAAiC,EAAE;gBAC7J,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;QACN,CAAC;QAED,IAAI,qCAAqC,IAAI,iDAAqC,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACvG,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;YACnD,UAAU,CAAC,oBAAoB,CAC3B,IAAI,CAAC,MAAM,EACX,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,GAAG,EAAE,IAAI,CAAC,iCAAiC;gBAC3C,iCAAiC,EAAE,IAAI,CAAC,iCAAiC;gBACzE,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CACzE,CAAC;QACN,CAAC;IACL,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,wBAAkD;QAC1E,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;YAE3C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,8BAA8B,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;YACnG,IAAI,CAAC,IAAI;gBAAE,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YAC/E,IAAI,IAAI,CAAC,iBAAiB,KAAK,OAAO;gBAAE,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YAC5G,IAAI,CAAC,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YAGtF,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;iBACvB,kBAAkB,EAAE;iBACpB,MAAM,CAAC,kBAAI,CAAC;iBACZ,GAAG,CAAC;gBACD,yBAAyB,EAAE,GAAG,EAAE,CAAC,OAAO;gBACxC,iCAAiC,EAAE,GAAG,EAAE,CAAC,MAAM;gBAC/C,0CAA0C,EAAE,GAAG,EAAE,CAAC,MAAM;aAC3D,CAAC;iBACD,KAAK,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;iBAClC,QAAQ,CAAC,4CAA4C,EAAE,EAAE,KAAK,EAAE,wBAAwB,CAAC,iBAAiB,EAAE,CAAC;iBAC7G,QAAQ,CAAC,oDAAoD,CAAC;iBAC9D,OAAO,EAAE,CAAC;YAEf,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;gBAEjB,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,mBAAmB,CAAC,CAAC;YACxE,CAAC;YAGD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,CAAC;YAClF,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,CAAC;YAG9D,MAAM,CAAC,CAAC,aAAa,CAAC,kBAAI,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC/I,MAAM,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC;YAE7C,OAAO;gBACH,MAAM,EAAE,SAAS;gBACjB,OAAO,EAAE,mCAAgB,CAAC,yBAAyB;gBACnD,KAAK,EAAE,EAAE;gBACT,SAAS,EAAE,EAAE;gBACb,IAAI,EAAE,EAAE;aACX,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,KAAK,CAAC,2BAA2B,CAAC,IAAU;QAChD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,MAAM,qCAAqC,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,uCAAuC,CAAC,CAAC;QAE5I,IAAI,qCAAqC,IAAI,iDAAqC,CAAC,KAAK,EAAE,CAAC;YACvF,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC;YAC7D,WAAW,CAAC,sBAAsB,CAC9B,IAAI,CAAC,KAAK,EACV,kBAAkB,EAClB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,kBAAkB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,oBAAoB,CAAC;gBAC9F,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBAEvB,iBAAiB,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,+BAA+B,CAAC,UAAU,IAAI,CAAC,iCAAiC,EAAE;gBAC7J,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,mBAAmB,CAAC,EACzE,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,IAAI,CAAC,EAAE,CACV,CAAC;QACN,CAAC;QAED,IAAI,qCAAqC,IAAI,iDAAqC,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACvG,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;YACnD,UAAU,CAAC,oBAAoB,CAC3B,IAAI,CAAC,MAAM,EACX,iBAAiB,EACjB;gBACI,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC;gBAC9E,GAAG,EAAE,IAAI,CAAC,iCAAiC;gBAC3C,iCAAiC,EAAE,IAAI,CAAC,iCAAiC;gBACzE,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,cAAc,EAAE,WAAW;aAC9B,EACD,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CACzE,CAAC;QACN,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,IAAU;QAE3B,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAClD,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YACpC,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC;SACxC,CAAC,CAAC;QAEH,OAAO;YACH,WAAW;YACX,YAAY;SACf,CAAC;IACN,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,IAAU;QAGhC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE1D,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,gBAAgB,CAAC,CAAC;QAC9F,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,SAAS,CACpC,IAAI,CAAC,EAAE,EACP,cAAc,EACd,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,CACvE,CAAC;QAEF,OAAO,WAAW,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,IAAU,EAAE,oBAA6B;QAChE,MAAM,cAAc,GAAG,IAAA,mBAAU,GAAE,CAAC;QACpC,MAAM,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,iBAAiB,CAAC,CAAC;QAChG,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,eAAe,EAAE;YAChE,cAAc;SACjB,CAAC,CAAA;QAGF,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,EAAE,oBAAoB,CAAC,CAAC;QAEtF,OAAO,YAAY,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,eAAgC;QAChD,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,QAAQ,CAAC,CAAC;YAC9E,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC,CAAC;YAClF,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,QAAQ,CAAC,CAAC;YAE9E,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAA2D,eAAe,CAAC,YAAY,EAAE;gBACtI,MAAM;gBACN,QAAQ;gBACR,MAAM;aACT,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;gBAC3C,KAAK,EAAE;oBACH,EAAE,EAAE,GAAG;iBACV;gBACD,SAAS,EAAE;oBACP,KAAK,EAAE,IAAI;iBACd;aACJ,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,EAAE,CAAC;gBACR,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,eAAe,CAAC,CAAC;YACpE,CAAC;YAWD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,IAAI,EAAE,eAAe,CAAC,YAAY,CAAC,CAAC;YAEpH,MAAM,IAAI,CAAC,0BAA0B,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YAEvE,OAAO;gBACH,WAAW,EAAE,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;gBACjD,YAAY,EAAE,mBAAmB;aACpC,CAAC;QACN,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,GAAG,YAAY,gEAA4B,EAAE,CAAC;gBAE9C,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,aAAa,CAAC,CAAC;YAClE,CAAC;YAED,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,eAAe,CAAC,CAAC;QACpE,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,SAAS,CAAI,MAAc,EAAE,SAAiB,EAAE,OAAW;QACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,UAAU,CAAC,CAAC;QAClF,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,QAAQ,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,QAAQ,CAAC,CAAC;QAG9E,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAClC;YACI,GAAG,EAAE,MAAM;YACX,GAAG,OAAO;SACb,EACD;YACI,QAAQ;YACR,MAAM;YACN,MAAM;YACN,SAAS;SACZ,CACJ,CAAC;IACN,CAAC;IAGD,KAAK,CAAC,uBAAuB,CAAC,IAAU;QACpC,IAAI,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,uEAAuE,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC;YACtJ,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC;YAGlC,IAAI,WAAW,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,IAAI,WAAW,CAAC,EAAE,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAEvE,OAAO,WAAW,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACJ,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,oBAAoB,CAAC,CAAC;YACzE,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,iCAAiC,CAAC,CAAC;QACtF,CAAC;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,UAAkB;QACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC3C,KAAK,EAAE;gBACH,UAAU,EAAE,UAAU;aACzB;YACD,SAAS,EAAE;gBACP,KAAK,EAAE,IAAI;aACd;SACJ,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,cAAc,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAE/B,IAAI,CAAC;YACD,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,CAAC,CAAC;QACZ,CAAC;QAED,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAC/C,OAAO;YACH,IAAI,EAAE;gBACF,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBAEvB,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;aAC7C;YACD,GAAG,MAAM;SACZ,CAAA;IACL,CAAC;IAEO,KAAK,CAAC,iCAAiC;QAE3C,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,kBAAkB,CAAC,CAAC;IACpF,CAAC;IAEO,mBAAmB,CAAC,IAAU;QAClC,MAAM,iBAAiB,GAAG,IAAI,CAAC,cAAc,CAAC,cAAc,CAAmB,wBAAwB,CAAW,CAAC;QACnH,IAAI,iBAAiB,GAAG,CAAC,IAAI,IAAI,CAAC,mBAAmB,IAAI,iBAAiB,EAAE,CAAC;YACzE,MAAM,IAAI,2BAAkB,CAAC,+BAAc,CAAC,eAAe,CAAC,CAAC;QACjE,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,IAAU;QAC5C,MAAM,kBAAkB,GAAG,CAAC,IAAI,CAAC,mBAAmB,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC/D,IAAI,CAAC,mBAAmB,GAAG,kBAAkB,CAAC;QAC9C,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3F,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,IAAU;QACxC,IAAI,IAAI,CAAC,mBAAmB,KAAK,CAAC;YAAE,OAAO;QAC3C,IAAI,CAAC,mBAAmB,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,mBAAmB,EAAE,CAAC,EAAE,CAAC,CAAC;IAC1E,CAAC;IASD,KAAK,CAAC,MAAM,CAAC,YAAoB;QAC7B,IAAI,CAAC;YAaD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAQ,CAAC;YAE5D,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBAC3B,MAAM,IAAI,8BAAqB,CAAC,+BAAc,CAAC,qBAAqB,CAAC,CAAC;YAC1E,CAAC;YAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;YAC3B,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACrD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;gBAC3C,KAAK,EAAE;oBACH,EAAE,EAAE,MAAM;iBACb;aACJ,CAAC,CAAA;YAEF,MAAM,IAAI,CAAC,0BAA0B,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YAE/D,OAAO,EAAE,OAAO,EAAE,mCAAgB,CAAC,cAAc,EAAE,CAAC;QACxD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,GAAG,YAAY,8BAAqB,IAAI,GAAG,YAAY,qCAA4B;gBACrF,CAAC,CAAC,GAAG;gBACL,CAAC,CAAC,IAAI,qCAA4B,CAAC,+BAAc,CAAC,aAAa,CAAC,CAAC;QACzE,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,YAAY,CAAC,MAAc;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,0BAAiB,CAAC,+BAAc,CAAC,cAAc,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,EAAE,CAAC,UAA0B;QAC/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC3C,KAAK,EAAE;gBACH,EAAE,EAAE,UAAU,CAAC,GAAG;aACrB;YACD,SAAS,EAAE;gBACP,KAAK,EAAE,IAAI;aACd;SACJ,CAAC,CAAC;QAKH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,2BAA2B,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEjG,MAAM,QAAQ,GAAG;YACb,IAAI,EAAE;gBACF,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBAEvB,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;aAC7C;YACD,YAAY,EAAE,iBAAiB,CAAC,mBAAmB;SAEtD,CAAA;QACD,OAAO,QAAQ,CAAC;IACpB,CAAC;CAEJ,CAAA;AA30CY,sDAAqB;gCAArB,qBAAqB;IADjC,IAAA,mBAAU,GAAE;IAqBJ,YAAA,IAAA,0BAAgB,GAAE,CAAA;qCAhBW,0BAAW;QAER,gCAAc;QACd,gCAAc;QAClB,gBAAU;QACE,iEAA6B;QACxC,mBAAW;QAEJ,0BAAW;QAEnB,wBAAU;QACR,6BAAa;QACX,gCAAc;QACT,2CAAmB;QACZ,0DAA0B;QAG1C,oBAAU;GArBlC,qBAAqB,CA20CjC;AAED,SAAS,0BAA0B,CAAC,MAAc;IAC9C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAC3E,IAAI,KAAK,EAAE,CAAC;QACR,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,QAAQ,GAA2B;YACrC,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,eAAe;YACtB,kBAAkB,EAAE,WAAW;SAClC,CAAC;QACF,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC;QAC/C,OAAO,eAAe,aAAa,KAAK,KAAK,mBAAmB,CAAC;IACrE,CAAC;IACD,OAAO,MAAM,CAAC;AAClB,CAAC","sourcesContent":["import { HttpService } from '@nestjs/axios';\nimport type { SolidCoreSetting } from \"src/services/settings/default-settings-provider.service\";\nimport {\n BadRequestException,\n ConflictException,\n ForbiddenException,\n Injectable,\n InternalServerErrorException,\n Logger,\n NotFoundException,\n UnauthorizedException,\n} from '@nestjs/common';\nimport { EventEmitter2 } from '@nestjs/event-emitter';\nimport { JwtService } from '@nestjs/jwt';\nimport { InjectDataSource } from '@nestjs/typeorm';\nimport { isEmpty, isNotEmpty } from 'class-validator';\nimport { randomInt, randomUUID } from 'crypto';\nimport { ERROR_MESSAGES } from 'src/constants/error-messages';\nimport { SUCCESS_MESSAGES } from 'src/constants/success-messages';\nimport { CreateUserDto } from 'src/dtos/create-user.dto';\nimport { MailFactory } from 'src/factories/mail.factory';\nimport { UserRepository } from 'src/repository/user.repository';\nimport { DataSource, Repository } from 'typeorm';\nimport { v4 as uuidv4 } from 'uuid';\nimport {\n ForgotPasswordSendVerificationTokenOn,\n PasswordlessLoginValidateWhatSources,\n PasswordlessRegistrationValidateWhatSources\n} from \"../constants\";\nimport { ChangePasswordDto } from \"../dtos/change-password.dto\";\nimport { ConfirmForgotPasswordDto } from '../dtos/confirm-forgot-password.dto';\nimport { InitiateForgotPasswordDto } from '../dtos/initiate-forgot-password.dto';\nimport { OTPConfirmOTPDto } from '../dtos/otp-confirm-otp.dto';\nimport { OTPSignInDto } from '../dtos/otp-sign-in.dto';\nimport { OTPSignUpDto } from '../dtos/otp-sign-up.dto';\nimport { RefreshTokenDto } from '../dtos/refresh-token.dto';\nimport { SignInDto } from '../dtos/sign-in.dto';\nimport { SignUpDto } from '../dtos/sign-up.dto';\nimport { User } from '../entities/user.entity';\nimport { EventDetails, EventType } from \"../interfaces\";\nimport { ActiveUserData } from '../interfaces/active-user-data.interface';\nimport { HashingService } from './hashing.service';\nimport { InvalidatedRefreshTokenError, RefreshTokenIdsStorageService } from './refresh-token-ids-storage.service';\nimport { RoleMetadataService } from './role-metadata.service';\nimport { SettingService } from './setting.service';\nimport { UserActivityHistoryService } from './user-activity-history.service';\nimport { UserService } from './user.service';\nimport { SmsFactory } from 'src/factories/sms.factory';\n\nenum LoginProvider {\n LOCAL = 'local',\n GOOGLE = 'google',\n OTP = 'otp',\n}\n\ninterface otp {\n token: string;\n expiresAt: Date;\n}\n\n@Injectable()\nexport class AuthenticationService {\n private readonly logger = new Logger(AuthenticationService.name);\n // private readonly mailService: IMail;\n constructor(\n private readonly userService: UserService,\n // @InjectRepository(User) private readonly userRepository: Repository<User>,\n private readonly userRepository: UserRepository,\n private readonly hashingService: HashingService,\n private readonly jwtService: JwtService,\n private readonly refreshTokenIdsStorage: RefreshTokenIdsStorageService,\n private readonly httpService: HttpService,\n // private readonly mailService: SMTPEMailService,\n private readonly mailServiceFactory: MailFactory,\n // private readonly smsService: Msg91OTPService,\n private readonly smsFactory: SmsFactory,\n private readonly eventEmitter: EventEmitter2,\n private readonly settingService: SettingService,\n private readonly roleMetadataService: RoleMetadataService,\n private readonly userActivityHistoryService: UserActivityHistoryService,\n\n @InjectDataSource()\n private readonly dataSource: DataSource,\n ) {\n // this.mailService = this.mailServiceFactory.getMailService();\n }\n\n private async getCompanyLogo(): Promise<string> {\n return this.settingService.getConfigValue<SolidCoreSetting>('companylogo');\n }\n\n async resolveUser(username: string, email: string) {\n return await this.userRepository.findOne({\n where: [\n { username: username },\n { email: email },\n ],\n relations: {\n roles: true\n }\n });\n }\n\n async updatePasswordDetails(user: User, newPassword: string) {\n user.password = await this.hashingService.hash(newPassword);\n user.passwordScheme = this.hashingService.name();\n user.passwordSchemeVersion = this.hashingService.currentVersion();\n user.rehashedAt = new Date();\n await this.userRepository.update(user.id, {\n password: user.password,\n passwordScheme: user.passwordScheme,\n passwordSchemeVersion: user.passwordSchemeVersion,\n rehashedAt: user.rehashedAt\n });\n return user;\n }\n\n async resolveUserByVerificationToken(token: string) {\n return await this.userRepository.findOne({\n where: { verificationTokenOnForgotPassword: token },\n relations: { roles: true }\n });\n }\n\n private async validateUserForPasswordLogin(user: User, password: string): Promise<void> {\n if (!user.active) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_ACTIVE);\n }\n this.checkAccountBlocked(user);\n const isEqual = await this.hashingService.compare(password, user.password, user.passwordSchemeVersion);\n if (!isEqual) {\n await this.incrementFailedAttempts(user);\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n }\n\n private async rehashPasswordIfRequired(user: User, password: string): Promise<void> {\n if (this.hashingService.needsRehash(user.password, user.passwordSchemeVersion)) {\n await this.updatePasswordDetails(user, password);\n }\n }\n\n async signUp(signUpDto: SignUpDto, activeUser: ActiveUserData = null): Promise<User> {\n // If public registrations are disabled and no activeUser is present when invoking signUp then we throw an exception.\n // if (!(this.settingService.getConfigValue<SolidCoreSetting>('allowPublicRegistration')) && !activeUser) {\n // throw new BadRequestException(ERROR_MESSAGES.PUBLIC_REGISTRATION_DISABLED);\n // }\n\n try {\n const onForcePasswordChange = this.settingService.getConfigValue<SolidCoreSetting>('forceChangePasswordOnFirstLogin');\n const activateUserOnRegistration = this.settingService.getConfigValue<SolidCoreSetting>('activateUserOnRegistration');\n const defaultRole = this.settingService.getConfigValue<SolidCoreSetting>('defaultRole');\n\n var { user, pwd, autoGeneratedPwd } = await this.populateForSignup(new User(), signUpDto, activateUserOnRegistration, onForcePasswordChange);\n const savedUser = await this.userRepository.save(user);\n // Also assign a default role to the newly created user. \n const userRoles = signUpDto.roles ?? [];\n if (signUpDto.username !== 'sa' && defaultRole) {\n userRoles.push(defaultRole);\n }\n await this.handlePostSignup(savedUser, userRoles, pwd, autoGeneratedPwd);\n\n // TODO: make provision to trigger a welcome email also.\n\n return savedUser;\n } catch (err) {\n const pgUniqueViolationErrorCode = '23505';\n if (err.code === pgUniqueViolationErrorCode) {\n throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);\n }\n throw err;\n }\n }\n\n async signupForExtensionUser<T extends User, U extends CreateUserDto>(signUpDto: SignUpDto, extensionUserDto: U, extensionUserRepo: Repository<T>): Promise<T> {\n try {\n const onForcePasswordChange = this.settingService.getConfigValue<SolidCoreSetting>('forceChangePasswordOnFirstLogin');\n // Merge the extended signUpDto attributes into the user entity \n //@ts-ignore \n const extensionUser = extensionUserRepo.merge(extensionUserRepo.create() as T, extensionUserDto);\n var { user, pwd, autoGeneratedPwd } = await this.populateForSignup<T>(extensionUser, signUpDto, extensionUserDto.active ?? true, onForcePasswordChange);\n const savedUser = await extensionUserRepo.save(user);\n\n await this.handlePostSignup(savedUser, signUpDto.roles, pwd, autoGeneratedPwd);\n\n return savedUser;\n }\n catch (err) {\n const pgUniqueViolationErrorCode = '23505';\n if (err.code === pgUniqueViolationErrorCode) {\n throw new ConflictException(parseUniqueConstraintError(err.detail || ERROR_MESSAGES.UNIQUE_CONSTRAINT_VIOLATION));\n }\n throw err;\n }\n }\n\n\n private async populateForSignup<T extends User>(user: T, signUpDto: SignUpDto, isUserActive: boolean = true, onForcePasswordChange?: boolean) {\n // const user = new User();\n let autoGeneratedPwdPermission = this.settingService.getConfigValue<SolidCoreSetting>('iamAutoGeneratedPassword');\n if (signUpDto.roles && signUpDto.roles.length > 0) {\n for (let i = 0; i < signUpDto.roles.length; i++) {\n const roleName = signUpDto.roles[i];\n await this.roleMetadataService.findRoleByName(roleName);\n }\n }\n user.username = signUpDto.username;\n user.email = signUpDto.email;\n user.fullName = signUpDto.fullName;\n user.forcePasswordChange = onForcePasswordChange;\n if (signUpDto.mobile) {\n user.mobile = signUpDto.mobile;\n }\n // this.logger.debug(\"user\", user);\n\n // If password has been specified by the user, then we simply create & activate the user based on the configuration parameter \"activateUserOnRegistration\".\n let pwd = '';\n let autoGeneratedPwd = '';\n\n // User has specified password \n if (signUpDto.password) {\n pwd = await this.hashingService.hash(signUpDto.password);\n }\n // User has not specified password\n else {\n // When user does not specify password, and system is configured to auto generate passwords.\n if (autoGeneratedPwdPermission?.toString().toLowerCase() === 'true') {\n autoGeneratedPwd = this.generatePassword();\n pwd = await this.hashingService.hash(autoGeneratedPwd);\n user.forcePasswordChange = true;\n }\n // When user does not specify password, and system is not configured to auto generate passwords.\n else {\n // This means that most likely the system is going to be using password-less login. \n // If that is not the case then we can raise a bad request exception...\n if (!await this.isPasswordlessRegistrationEnabled()) {\n this.logger.error('User being created without password, and password less login is also not enabled in the system. Is this intentional?');\n throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);\n }\n\n // Save the hash of the blank password, anyways since passwordless login is enabled it does not matter.\n pwd = await this.hashingService.hash(pwd);\n }\n }\n\n user.password = pwd;\n user.passwordScheme = this.hashingService.name(); // e.g. bcrypt\n user.passwordSchemeVersion = this.hashingService.currentVersion(); // e.g. 1, 2, 3 ...\n user.active = isUserActive;\n return { user, pwd, autoGeneratedPwd };\n }\n\n\n private async handlePostSignup(user: User, roles: string[] = [], pwd: string, autoGeneratedPwd: string) {\n await this.userService.initializeRolesForNewUser(roles, user);\n\n // if forcePasswordChange is true, then we trigger an email to the user to change the password, this needs to be done using a queue. \n // Create a new method like notifyUserOnForcePasswordChange, create a new email template we can call it on-force-password-change this template to include the random password\n if (user.forcePasswordChange && autoGeneratedPwd) {\n await this.notifyUserOnForcePasswordChange(user, autoGeneratedPwd);\n }\n\n // Send welcome notifications (email/SMS) if enabled.\n await this.notifyUserOnSignup(user);\n }\n\n\n generatePassword(length: number = 8): string {\n const upperCase = \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\n const lowerCase = \"abcdefghijklmnopqrstuvwxyz\";\n const numbers = \"0123456789\";\n const specialChars = \"@$#\";\n const allChars = upperCase + lowerCase + numbers + specialChars;\n\n let password = \"\";\n\n for (let i = 0; i < length; i++) {\n const randomIndex = Math.floor(Math.random() * allChars.length);\n password += allChars[randomIndex];\n }\n\n return password;\n }\n\n private async notifyUserOnForcePasswordChange(user: User, autoGeneratedPwd: string) {\n const companyLogo = await this.getCompanyLogo();\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'on-force-password-change',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n frontendLoginPageUrl: this.settingService.getConfigValue<SolidCoreSetting>('frontendLoginPageUrl'),\n email: user.email,\n fullName: user.fullName,\n userName: user.username,\n password: autoGeneratedPwd,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n\n }\n\n private async isWelcomeEmailEnabled(): Promise<boolean> {\n const sendWelcomeEmailOnSignup = this.settingService.getConfigValue<SolidCoreSetting>('sendWelcomeEmailOnSignup');\n return sendWelcomeEmailOnSignup;\n }\n\n private async isWelcomeSmsEnabled(): Promise<boolean> {\n const sendWelcomeSmsOnSignup = this.settingService.getConfigValue<SolidCoreSetting>('sendWelcomeSmsOnSignup');\n return sendWelcomeSmsOnSignup;\n }\n\n private async notifyUserOnSignup(user: User) {\n const companyLogo = await this.getCompanyLogo();\n // Email welcome\n if (await this.isWelcomeEmailEnabled()) {\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'email-on-signup',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n frontendLoginPageUrl: this.settingService.getConfigValue<SolidCoreSetting>('frontendLoginPageUrl'),\n email: user.email,\n fullName: user.fullName,\n userName: user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n }\n\n // SMS welcome\n const isWelcomeSmsEnabled = await this.isWelcomeSmsEnabled()\n if (isWelcomeSmsEnabled && user.mobile) {\n const smsService = this.smsFactory.getSmsService();\n smsService.sendSMSUsingTemplate(\n user.mobile,\n 'text-on-signup',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n frontendLoginPageUrl: this.settingService.getConfigValue<SolidCoreSetting>('frontendLoginPageUrl'),\n firstName: user.username,\n fullName: user.fullName ? user.fullName : user.username\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),\n\n );\n }\n }\n\n async otpInitiateRegistration(signUpDto: OTPSignUpDto) {\n const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();\n if (!isPasswordlessRegistrationEnabled) {\n throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);\n }\n\n const validationSource = this.resolvePasswordlessValidationSource();\n this.validateOtpRegistrationInput(signUpDto, validationSource);\n\n const existingUser = await this.findExistingRegistrationUser(signUpDto);\n if (isNotEmpty(existingUser) && existingUser.active) {\n throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);\n }\n\n try {\n const user = await this.upsertUserWithRegistrationVerificationTokens(existingUser, signUpDto, validationSource);\n await this.notifyUserOnOtpInitiateRegistration(user, validationSource);\n } catch (err) {\n if (err.code === '23505') {\n throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);\n }\n throw err;\n }\n\n return { message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_REGISTRATION };\n }\n\n private validateOtpRegistrationInput(signUpDto: OTPSignUpDto, validationSource: string): void {\n if (validationSource === PasswordlessRegistrationValidateWhatSources.EMAIL && isEmpty(signUpDto.email)) {\n throw new BadRequestException(ERROR_MESSAGES.EMAIL_REQUIRED_FOR_VALIDATION);\n }\n if (validationSource === PasswordlessRegistrationValidateWhatSources.MOBILE && isEmpty(signUpDto.mobile)) {\n throw new BadRequestException(ERROR_MESSAGES.MOBILE_REQUIRED_FOR_VALIDATION);\n }\n }\n\n private async findExistingRegistrationUser(signUpDto: OTPSignUpDto): Promise<User> {\n return this.userRepository.findOne({ //TODO Perhaps we should use the user service instead of the repository directly.\n where: [\n { email: signUpDto.email },\n { mobile: signUpDto.mobile },\n { username: signUpDto.username },\n ]\n });\n }\n\n private resolvePasswordlessValidationSource(): string {\n return this.settingService.getConfigValue<SolidCoreSetting>('passwordlessRegistrationValidateWhat');\n }\n\n private async upsertUserWithRegistrationVerificationTokens(existingUser: User, signUpDto: OTPSignUpDto, validationSource: string): Promise<User> {\n let user = existingUser;\n if (isEmpty(user)) {\n user = this.createUser(signUpDto);\n await this.assignRegistrationOtp(validationSource, user);\n await this.userRepository.save(user);\n await this.userService.addRoleToUser(user.username, this.settingService.getConfigValue<SolidCoreSetting>('defaultRole'));\n } else {\n await this.assignRegistrationOtp(validationSource, user);\n await this.userRepository.save(user);\n }\n return user;\n }\n\n // Create a new user entity.\n private createUser(signUpDto: OTPSignUpDto) {\n const user = new User();\n user.username = signUpDto.username;\n user.email = signUpDto.email;\n user.mobile = signUpDto.mobile;\n user.customPayload = signUpDto.customPayload;\n user.lastLoginProvider = LoginProvider.OTP;\n return user;\n }\n\n // Generate the validation tokens for the user i.e (system configured + user provided)\n private async assignRegistrationOtp(passwordlessRegistrationValidateWhat: string, user: User) {\n if (!passwordlessRegistrationValidateWhat) {\n throw new BadRequestException(ERROR_MESSAGES.VALIDATION_SOURCE_REQUIRED);\n }\n const autoLoginUserOnRegistration = this.settingService.getConfigValue<SolidCoreSetting>('autoLoginUserOnRegistration');\n if (passwordlessRegistrationValidateWhat === PasswordlessRegistrationValidateWhatSources.EMAIL) {\n const { token, expiresAt } = await this.otp();\n user.emailVerificationTokenOnRegistration = token;\n user.emailVerificationTokenOnRegistrationExpiresAt = expiresAt;\n if (autoLoginUserOnRegistration) {\n user.emailVerificationTokenOnLogin = token;\n user.emailVerificationTokenOnLoginExpiresAt = expiresAt;\n }\n }\n if (passwordlessRegistrationValidateWhat === PasswordlessRegistrationValidateWhatSources.MOBILE) {\n const { token, expiresAt } = await this.otp();\n user.mobileVerificationTokenOnRegistration = token;\n user.mobileVerificationTokenOnRegistrationExpiresAt = expiresAt;\n if (autoLoginUserOnRegistration) {\n user.mobileVerificationTokenOnLogin = token;\n user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;\n }\n }\n }\n\n private async notifyUserOnOtpInitiateRegistration(user: User, registrationValidationSource: string) {\n const companyLogo = await this.getCompanyLogo();\n if (registrationValidationSource === PasswordlessLoginValidateWhatSources.EMAIL) {\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'otp-on-register',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n firstName: user.username,\n fullName: user.fullName ? user.fullName : user.username,\n emailVerificationTokenOnRegistration: user.emailVerificationTokenOnRegistration,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n }\n if (registrationValidationSource === PasswordlessLoginValidateWhatSources.MOBILE) {\n const smsService = this.smsFactory.getSmsService();\n smsService.sendSMSUsingTemplate(\n user.mobile,\n 'otp-on-register',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n otp: user.mobileVerificationTokenOnRegistration,\n mobileVerificationTokenOnRegistration: user.mobileVerificationTokenOnRegistration,\n firstName: user.username,\n fullName: user.fullName ? user.fullName : user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),\n\n );\n }\n }\n\n async otpConfirmRegistration(confirmSignUpDto: OTPConfirmOTPDto) {\n const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();\n if (!isPasswordlessRegistrationEnabled) {\n throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);\n }\n\n const { type, identifier, otp } = confirmSignUpDto;\n if (type !== PasswordlessRegistrationValidateWhatSources.EMAIL &&\n type !== PasswordlessRegistrationValidateWhatSources.MOBILE) {\n throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);\n }\n\n const user = await this.findUserByRegistrationIdentifier(type, identifier);\n this.validateRegistrationOtp(user, otp, type);\n this.clearRegistrationOtp(user, type);\n user.active = this.settingService.getConfigValue<SolidCoreSetting>('activateUserOnRegistration') &&\n await this.areAllPasswordlessRegistrationValidationSourcesVerified(user);\n\n const savedUser: User = await this.userRepository.save(user);\n this.triggerRegistrationEvent(savedUser);\n return { active: savedUser.active, message: `User registration verified for ${type}` };\n }\n\n private async findUserByRegistrationIdentifier(\n type: PasswordlessRegistrationValidateWhatSources,\n identifier: string,\n ): Promise<User> {\n const where = type === PasswordlessRegistrationValidateWhatSources.EMAIL\n ? { email: identifier }\n : { mobile: identifier };\n const user = await this.userRepository.findOne({ where });\n if (!user) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);\n }\n return user;\n }\n\n private validateRegistrationOtp(\n user: User,\n otp: string,\n type: PasswordlessRegistrationValidateWhatSources,\n ): void {\n const isEmail = type === PasswordlessRegistrationValidateWhatSources.EMAIL;\n const token = isEmail ? user.emailVerificationTokenOnRegistration : user.mobileVerificationTokenOnRegistration;\n const expiresAt = isEmail ? user.emailVerificationTokenOnRegistrationExpiresAt : user.mobileVerificationTokenOnRegistrationExpiresAt;\n\n if (token !== otp) {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);\n }\n if (expiresAt < new Date()) {\n throw new UnauthorizedException(ERROR_MESSAGES.OTP_EXPIRED);\n }\n }\n\n private clearRegistrationOtp(user: User, type: PasswordlessRegistrationValidateWhatSources): void {\n if (type === PasswordlessRegistrationValidateWhatSources.EMAIL) {\n user.emailVerifiedOnRegistrationAt = new Date();\n user.emailVerificationTokenOnRegistration = null;\n user.emailVerificationTokenOnRegistrationExpiresAt = null;\n } else {\n user.mobileVerifiedOnRegistrationAt = new Date();\n user.mobileVerificationTokenOnRegistration = null;\n user.mobileVerificationTokenOnRegistrationExpiresAt = null;\n }\n }\n\n private triggerRegistrationEvent(savedUser: User) {\n // Trigger events for user registration.\n const event = new EventDetails<User>(EventType.USER_REGISTERED, savedUser);\n this.eventEmitter.emit(EventType.USER_REGISTERED, event);\n }\n\n private async areAllPasswordlessRegistrationValidationSourcesVerified(user: User): Promise<boolean> {\n const registrationValidationSource = this.resolvePasswordlessValidationSource();\n if (registrationValidationSource === PasswordlessLoginValidateWhatSources.EMAIL) {\n if (!user.emailVerifiedOnRegistrationAt) {\n return false;\n }\n }\n if (registrationValidationSource === PasswordlessLoginValidateWhatSources.MOBILE) {\n if (!user.mobileVerifiedOnRegistrationAt) {\n return false;\n }\n }\n return true;\n }\n\n private async otp(): Promise<otp> {\n const now = new Date();\n const otpExpiry = this.settingService.getConfigValue<SolidCoreSetting>('otpExpiry');\n now.setMinutes(now.getMinutes() + otpExpiry);\n return {\n token: randomInt(100000, 999999).toString(),\n expiresAt: now,\n };\n }\n\n private getDummyOtpForUser(user?: User): string | undefined {\n const dummyOtp = this.settingService.getConfigValue<SolidCoreSetting>('dummyOtp');\n if (!dummyOtp || !user?.username) {\n return undefined;\n }\n const allowedUsers = this.getDummyOtpUsers();\n if (!allowedUsers.size) {\n return undefined;\n }\n const username = user.username.trim().toLowerCase();\n if (!username) {\n return undefined;\n }\n return allowedUsers.has(username) ? dummyOtp : undefined;\n }\n\n private getDummyOtpUsers(): Set<string> {\n const rawUsers = this.settingService.getConfigValue<SolidCoreSetting>('dummyOtpUsers');\n if (!rawUsers || typeof rawUsers !== 'string') {\n return new Set();\n }\n return new Set(\n rawUsers\n .split(',')\n .map((value) => value.trim().toLowerCase())\n .filter(Boolean),\n );\n }\n\n async signIn(signInDto: SignInDto) {\n const user = await this.resolveUser(signInDto.username, signInDto.email);\n if (!user) {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n await this.validateUserForPasswordLogin(user, signInDto.password);\n await this.rehashPasswordIfRequired(user, signInDto.password);\n await this.resetFailedAttempts(user);\n\n const tokens = await this.generateTokens(user);\n\n await this.userActivityHistoryService.logEvent('login', user);\n\n return {\n user: {\n email: user.email,\n mobile: user.mobile,\n username: user.username,\n forcePasswordChange: user.forcePasswordChange,\n id: user.id,\n roles: user.roles.map((role) => role.name)\n },\n ...tokens\n }\n }\n\n private maskEmail(email: string): string {\n if (!email) return null;\n\n const [localPart, domain] = email.split('@');\n if (localPart.length <= 2) {\n return `${localPart[0]}***@${domain}`;\n }\n\n const visibleStart = localPart.slice(0, 2);\n const visibleEnd = localPart.slice(-1);\n return `${visibleStart}***${visibleEnd}@${domain}`;\n }\n\n private maskMobile(mobile: string): string {\n if (!mobile) return null;\n\n if (mobile.length <= 4) {\n return mobile;\n }\n\n const visibleEnd = mobile.slice(-4);\n return `***${visibleEnd}`;\n }\n\n async otpInitiateLogin(signInDto: OTPSignInDto) {\n const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();\n if (!isPasswordlessRegistrationEnabled) {\n throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);\n }\n\n const type = this.resolveLoginType(signInDto);\n const user = await this.findUserForLogin(type, signInDto.identifier);\n const dummyOtp = this.getDummyOtpForUser(user);\n if (!dummyOtp) {\n await this.assignLoginOtp(user, type);\n this.notifyUserOnOtpInititateLogin(user, type);\n }\n return this.buildLoginOtpResponse(user, type);\n }\n\n private resolveLoginType(signInDto: OTPSignInDto): PasswordlessLoginValidateWhatSources {\n const setting = this.settingService.getConfigValue<SolidCoreSetting>('passwordlessLoginValidateWhat') as PasswordlessLoginValidateWhatSources;\n\n if (setting === PasswordlessLoginValidateWhatSources.SELECTABLE) {\n if (signInDto.type !== PasswordlessLoginValidateWhatSources.EMAIL &&\n signInDto.type !== PasswordlessLoginValidateWhatSources.MOBILE) {\n throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);\n }\n return signInDto.type as PasswordlessLoginValidateWhatSources;\n }\n\n if (setting === PasswordlessLoginValidateWhatSources.EMAIL ||\n setting === PasswordlessLoginValidateWhatSources.MOBILE) {\n return setting;\n }\n\n throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);\n }\n\n private async findUserForLogin(\n type: PasswordlessLoginValidateWhatSources,\n identifier: string,\n options: { withRoles?: boolean } = {},\n ): Promise<User> {\n const typeWhere = type === PasswordlessLoginValidateWhatSources.EMAIL\n ? { email: identifier }\n : { mobile: identifier };\n const user = await this.userRepository.findOne({\n where: [{ username: identifier }, typeWhere],\n ...(options.withRoles ? { relations: { roles: true } } : {}),\n });\n if (!user) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);\n }\n if (!user.active) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);\n }\n return user;\n }\n\n private async assignLoginOtp(user: User, type: PasswordlessLoginValidateWhatSources): Promise<void> {\n const { token, expiresAt } = await this.otp();\n if (type === PasswordlessLoginValidateWhatSources.EMAIL) {\n user.emailVerificationTokenOnLogin = token;\n user.emailVerificationTokenOnLoginExpiresAt = expiresAt;\n await this.userRepository.update(user.id, {\n emailVerificationTokenOnLogin: token,\n emailVerificationTokenOnLoginExpiresAt: expiresAt,\n });\n } else {\n user.mobileVerificationTokenOnLogin = token;\n user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;\n await this.userRepository.update(user.id, {\n mobileVerificationTokenOnLogin: token,\n mobileVerificationTokenOnLoginExpiresAt: expiresAt,\n });\n }\n }\n\n private buildLoginOtpResponse(user: User, type: PasswordlessLoginValidateWhatSources) {\n const maskedIdentifier = type === PasswordlessLoginValidateWhatSources.EMAIL\n ? { email: this.maskEmail(user.email) }\n : { mobile: this.maskMobile(user.mobile) };\n return { message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_LOGIN, user: maskedIdentifier };\n }\n\n private async notifyUserOnOtpInititateLogin(user: User, loginType: PasswordlessLoginValidateWhatSources) {\n const companyLogo = await this.getCompanyLogo();\n const dummyOtp = this.getDummyOtpForUser(user);\n\n if (dummyOtp)\n return; // Do nothing if dummy otp is configured.\n if (loginType === PasswordlessLoginValidateWhatSources.EMAIL) {\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'otp-on-login',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n firstName: user.username,\n emailVerificationTokenOnLogin: user.emailVerificationTokenOnLogin,\n fullName: user.fullName ? user.fullName : user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n }\n if (loginType === PasswordlessLoginValidateWhatSources.MOBILE) {\n const smsService = this.smsFactory.getSmsService();\n smsService.sendSMSUsingTemplate(\n user.mobile,\n 'otp-on-login',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n otp: user.mobileVerificationTokenOnLogin,\n mobileVerificationTokenOnLogin: user.mobileVerificationTokenOnLogin,\n firstName: user.username,\n fullName: user.fullName ? user.fullName : user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),\n\n );\n }\n }\n\n async otpConfirmLogin(confirmSignInDto: OTPConfirmOTPDto) {\n const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();\n if (!isPasswordlessRegistrationEnabled) {\n throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);\n }\n\n const { type, identifier, otp } = confirmSignInDto;\n if (type !== PasswordlessLoginValidateWhatSources.EMAIL &&\n type !== PasswordlessLoginValidateWhatSources.MOBILE) {\n throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);\n }\n\n const user = await this.findUserForLogin(type, identifier, { withRoles: true });\n this.checkAccountBlocked(user);\n const dummyOtp = this.getDummyOtpForUser(user);\n\n if (dummyOtp) {\n if (otp !== dummyOtp) {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);\n }\n return this.buildLoginTokenResponse(user);\n }\n\n try {\n this.validateLoginOtp(user, otp, type);\n } catch (e) {\n await this.incrementFailedAttempts(user);\n throw e;\n }\n\n await this.clearLoginOtp(user, type);\n await this.userActivityHistoryService.logEvent('login', user); \n await this.resetFailedAttempts(user);\n return this.buildLoginTokenResponse(user);\n }\n\n private validateLoginOtp(user: User, otp: string, type: PasswordlessLoginValidateWhatSources): void {\n const isEmail = type === PasswordlessLoginValidateWhatSources.EMAIL;\n const token = isEmail ? user.emailVerificationTokenOnLogin : user.mobileVerificationTokenOnLogin;\n const expiresAt = isEmail ? user.emailVerificationTokenOnLoginExpiresAt : user.mobileVerificationTokenOnLoginExpiresAt;\n\n if (token !== otp) {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_OTP);\n }\n if (expiresAt < new Date()) {\n throw new UnauthorizedException(ERROR_MESSAGES.OTP_EXPIRED);\n }\n }\n\n private async clearLoginOtp(user: User, type: PasswordlessLoginValidateWhatSources): Promise<void> {\n if (type === PasswordlessLoginValidateWhatSources.EMAIL) {\n const verifiedAt = new Date();\n user.emailVerifiedOnLoginAt = verifiedAt;\n user.emailVerificationTokenOnLogin = null;\n user.emailVerificationTokenOnLoginExpiresAt = null;\n await this.userRepository.update(user.id, {\n emailVerifiedOnLoginAt: verifiedAt,\n emailVerificationTokenOnLogin: null,\n emailVerificationTokenOnLoginExpiresAt: null,\n });\n } else {\n const verifiedAt = new Date();\n user.mobileVerifiedOnLoginAt = verifiedAt;\n user.mobileVerificationTokenOnLogin = null;\n user.mobileVerificationTokenOnLoginExpiresAt = null;\n await this.userRepository.update(user.id, {\n mobileVerifiedOnLoginAt: verifiedAt,\n mobileVerificationTokenOnLogin: null,\n mobileVerificationTokenOnLoginExpiresAt: null,\n });\n }\n }\n\n private async buildLoginTokenResponse(user: User) {\n const { accessToken, refreshToken } = await this.generateTokens(user);\n const { id, username, email, mobile, lastLoginProvider } = user;\n const roles = user.roles.map((role) => role.name);\n return { accessToken, refreshToken, user: { id, username, email, mobile, lastLoginProvider, roles } };\n }\n\n async changePassword(changePasswordDto: ChangePasswordDto, activeUser: ActiveUserData) {\n const user = await this.userRepository.findOne({\n where: { id: changePasswordDto.id }\n });\n if (!user) {\n throw new NotFoundException(ERROR_MESSAGES.USER_NOT_FOUND);\n }\n\n if (!user.active) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);\n }\n\n // 2. Validate if user has used a provider which is \"local\", only then it makes sense for us to initiate the forgot password routine.\n if (user.lastLoginProvider !== 'local') {\n throw new BadRequestException(ERROR_MESSAGES.NON_LOCAL_PROVIDER);\n }\n\n // Check if ID's match\n if (!(user.id === activeUser.sub)) {\n throw new BadRequestException(ERROR_MESSAGES.USER_ID_MISMATCH);\n }\n\n // Check if username's match\n if (!(user.username === activeUser.username)) {\n throw new BadRequestException(ERROR_MESSAGES.USERNAME_MISMATCH);\n }\n\n // Check if old password is matching.\n const isEqual = await this.hashingService.compare(\n changePasswordDto.currentPassword,\n user.password,\n user.passwordSchemeVersion\n );\n if (!isEqual) {\n throw new UnauthorizedException(ERROR_MESSAGES.INCORRECT_CURRENT_PASSWORD);\n }\n\n // Update Password\n const pwdData = await this.userService.hashPassword(\n changePasswordDto.newPassword,\n );\n user.password = changePasswordDto.newPassword;\n\n user.password = pwdData.password;\n user.passwordScheme = pwdData.passwordScheme;\n user.passwordSchemeVersion = pwdData.passwordSchemeVersion;\n // Everytime the user changes the password we reset the forcePasswordChange flag back to false. \n user.forcePasswordChange = false;\n\n await this.userRepository.save(user);\n\n return true;\n }\n\n // generate uuid token for forgot password\n private async generateForgotPasswordToken(user?: User) {\n const expiryTime = new Date();\n const forgotPasswordVerificationTokenExpiry = this.settingService.getConfigValue<SolidCoreSetting>('forgotPasswordVerificationTokenExpiry');\n const dummyOtp = this.getDummyOtpForUser(user);\n expiryTime.setMinutes(expiryTime.getMinutes() + forgotPasswordVerificationTokenExpiry);\n\n return {\n token: dummyOtp ? dummyOtp : uuidv4(),\n expiresAt: expiryTime,\n };\n }\n\n async initiateForgotPassword(initiateForgotPasswordDto: InitiateForgotPasswordDto) {\n // Steps / Algorithm: \n // 1. Identify the user using the specified \"username\", if not found exit.\n // const user = await this.userRepository.findOne({\n // where: { username: initiateForgotPasswordDto.username, }\n // });\n const user = await this.resolveUser(initiateForgotPasswordDto.username, initiateForgotPasswordDto.email);\n\n let isValidUser = true // Instead of throwing exceptions we will simply return success message, this is to avoid user enumeration attacks.\n if (!user) {\n isValidUser = false\n // throw new NotFoundException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n if (isValidUser && !user?.active) {\n isValidUser = false\n // throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n\n // 2. Validate if user has used a provider which is \"local\", only then it makes sense for us to initiate the forgot password routine. \n if (isValidUser && user?.lastLoginProvider !== 'local') {\n isValidUser = false\n // throw new BadRequestException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n\n // 3. Generate a 6 digit validation token, we send this token to the user over their email & mobile number (controlled using configuration).\n // 4. Save this validation token in new fields on the user record. \n if (isValidUser) {\n const { token, expiresAt } = await this.generateForgotPasswordToken(user);\n user.verificationTokenOnForgotPassword = token;\n user.verificationTokenOnForgotPasswordExpiresAt = expiresAt;\n await this.userRepository.save(user);\n await this.notifyUserOnForgotPassword(user);\n }\n\n // 5. Return. \n return {\n status: 'success',\n message: SUCCESS_MESSAGES.FORGOT_PASSWORD_TOKEN_SENT,\n error: '',\n errorCode: '',\n data: {\n user: {\n email: user?.email,\n // mobile: user.mobile,\n // username: user.username,\n },\n }\n }\n }\n\n private async notifyUserOnForgotPassword(user: User) {\n const companyLogo = await this.getCompanyLogo();\n\n const forgotPasswordSendVerificationTokenOn = this.settingService.getConfigValue<SolidCoreSetting>('forgotPasswordSendVerificationTokenOn');\n\n if (forgotPasswordSendVerificationTokenOn == ForgotPasswordSendVerificationTokenOn.EMAIL) {\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'forgot-password',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n firstName: user.username,\n fullName: user.fullName,\n // TODO: Need to prefix this with the page url where the forgot password page will open up.\n passwordResetLink: `${this.settingService.getConfigValue<SolidCoreSetting>('frontendForgotPasswordPageUrl')}?token=${user.verificationTokenOnForgotPassword}`,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n }\n // Assuming all users do not have mobile as mandatory.\n if (forgotPasswordSendVerificationTokenOn == ForgotPasswordSendVerificationTokenOn.MOBILE && user.mobile) {\n const smsService = this.smsFactory.getSmsService();\n smsService.sendSMSUsingTemplate(\n user.mobile,\n 'forgot-password',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n otp: user.verificationTokenOnForgotPassword,\n verificationTokenOnForgotPassword: user.verificationTokenOnForgotPassword,\n firstName: user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),\n );\n }\n }\n\n async confirmForgotPassword(confirmForgotPasswordDto: ConfirmForgotPasswordDto) {\n return this.dataSource.transaction(async (m) => {\n // Resolve the user id first (by username/email), but DON'T check the token in JS.\n const user = await this.resolveUserByVerificationToken(confirmForgotPasswordDto.verificationToken);\n if (!user) throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n if (user.lastLoginProvider !== 'local') throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n if (!user.active) throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n\n // 1) Atomically consume the token (only one request can succeed)\n const { affected } = await m\n .createQueryBuilder()\n .update(User)\n .set({\n forgotPasswordConfirmedAt: () => 'NOW()',\n verificationTokenOnForgotPassword: () => 'NULL',\n verificationTokenOnForgotPasswordExpiresAt: () => 'NULL',\n })\n .where('id = :id', { id: user.id })\n .andWhere('verificationTokenOnForgotPassword = :token', { token: confirmForgotPasswordDto.verificationToken })\n .andWhere('verificationTokenOnForgotPasswordExpiresAt > NOW()')\n .execute();\n\n if (affected !== 1) {\n // Token invalid/expired/already used (or a parallel call already consumed it)\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_CREDENTIALS);\n }\n\n // 2) Now update the password & history (still inside the same transaction)\n const pwdHash = await this.hashingService.hash(confirmForgotPasswordDto.password);\n const pwdScheme = this.hashingService.name(); // e.g. bcrypt\n const pwdSchemeVersion = this.hashingService.currentVersion(); // e.g. 1, 2, 3 ...\n\n // Check reuse with your existing method (ensure it looks at hashes).\n await m.getRepository(User).update({ id: user.id }, { password: pwdHash, passwordScheme: pwdScheme, passwordSchemeVersion: pwdSchemeVersion });\n await this.notifyUserOnPasswordChanged(user);\n\n return {\n status: 'success',\n message: SUCCESS_MESSAGES.FORGOT_PASSWORD_CONFIRMED,\n error: '',\n errorCode: '',\n data: {},\n };\n });\n }\n\n private async notifyUserOnPasswordChanged(user: User) {\n const companyLogo = await this.getCompanyLogo();\n const forgotPasswordSendVerificationTokenOn = this.settingService.getConfigValue<SolidCoreSetting>('forgotPasswordSendVerificationTokenOn');\n\n if (forgotPasswordSendVerificationTokenOn == ForgotPasswordSendVerificationTokenOn.EMAIL) {\n const mailService = this.mailServiceFactory.getMailService();\n mailService.sendEmailUsingTemplate(\n user.email,\n 'password-changed',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),\n email: user.email,\n firstName: user.username,\n fullName: user.fullName,\n // TODO: Need to prefix this with the page url where the forgot password page will open up.\n passwordResetLink: `${this.settingService.getConfigValue<SolidCoreSetting>('frontendForgotPasswordPageUrl')}?token=${user.verificationTokenOnForgotPassword}`,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),\n null,\n null,\n 'user',\n user.id\n );\n }\n // Assuming all users do not have mobile as mandatory.\n if (forgotPasswordSendVerificationTokenOn == ForgotPasswordSendVerificationTokenOn.MOBILE && user.mobile) {\n const smsService = this.smsFactory.getSmsService();\n smsService.sendSMSUsingTemplate(\n user.mobile,\n 'forgot-password',\n {\n solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),\n otp: user.verificationTokenOnForgotPassword,\n verificationTokenOnForgotPassword: user.verificationTokenOnForgotPassword,\n firstName: user.username,\n companyLogoUrl: companyLogo\n },\n this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),\n );\n }\n }\n\n async generateTokens(user: User) {\n\n const [accessToken, refreshToken] = await Promise.all([\n await this.generateAccessToken(user),\n await this.generateRefreshToken(user),\n ]);\n\n return {\n accessToken,\n refreshToken,\n };\n }\n\n async generateAccessToken(user: User) {\n\n // const userRoleNames = user.roles.map((role) => role.name).join(';')\n const userRoleNames = user.roles.map((role) => role.name);\n\n const accessTokenTtl = this.settingService.getConfigValue<SolidCoreSetting>(\"accessTokenTtl\");\n const accessToken = await this.signToken<Partial<ActiveUserData>>(\n user.id,\n accessTokenTtl,\n { username: user.username, email: user.email, roles: userRoleNames },\n );\n\n return accessToken;\n }\n\n async generateRefreshToken(user: User, previousRefreshToken?: string) {\n const refreshTokenId = randomUUID();\n const refreshTokenTtl = this.settingService.getConfigValue<SolidCoreSetting>(\"refreshTokenTtl\");\n const refreshToken = await this.signToken(user.id, refreshTokenTtl, {\n refreshTokenId,\n })\n\n // store the refresh token id in the redis storage.\n await this.refreshTokenIdsStorage.insert(user.id, refreshToken, previousRefreshToken);\n\n return refreshToken;\n }\n\n async refreshTokens(refreshTokenDto: RefreshTokenDto) {\n try {\n const secret = this.settingService.getConfigValue<SolidCoreSetting>(\"secret\");\n const audience = this.settingService.getConfigValue<SolidCoreSetting>(\"audience\");\n const issuer = this.settingService.getConfigValue<SolidCoreSetting>(\"issuer\");\n\n const { sub } = await this.jwtService.verifyAsync<Pick<ActiveUserData, 'sub'> & { refreshTokenId: string }>(refreshTokenDto.refreshToken, {\n secret,\n audience,\n issuer,\n });\n // const user = await this.userRepository.findOneByOrFail({ id: sub });\n const user = await this.userRepository.findOne({\n where: {\n id: sub,\n },\n relations: {\n roles: true\n }\n });\n if (!user) {\n throw new UnauthorizedException(ERROR_MESSAGES.SESSION_INVALID);\n }\n\n // TODO: Replace the if else condition below with a call to validateAndRotate - Done\n // const isValid = await this.refreshTokenIdsStorage.validate(user.id, refreshTokenId);\n // if (isValid) {\n // // Refresh token rotation.\n // await this.refreshTokenIdsStorage.invalidate(user.id);\n // } else {\n // throw new Error('Refresh token is invalid');\n // }\n\n const currentRefreshToken = await this.refreshTokenIdsStorage.validateAndRotate(user, refreshTokenDto.refreshToken);\n\n await this.userActivityHistoryService.logEvent('tokenRefreshed', user);\n\n return {\n accessToken: await this.generateAccessToken(user),\n refreshToken: currentRefreshToken,\n };\n } catch (err) {\n if (err instanceof InvalidatedRefreshTokenError) {\n // Take action: notify user that his refresh token might have been stolen?\n throw new UnauthorizedException(ERROR_MESSAGES.ACCESS_DENIED);\n }\n\n throw new UnauthorizedException(ERROR_MESSAGES.SESSION_EXPIRED);\n }\n }\n\n private async signToken<T>(userId: number, expiresIn: number, payload?: T) {\n const audience = this.settingService.getConfigValue<SolidCoreSetting>(\"audience\");\n const issuer = this.settingService.getConfigValue<SolidCoreSetting>(\"issuer\");\n const secret = this.settingService.getConfigValue<SolidCoreSetting>(\"secret\");\n\n\n return await this.jwtService.signAsync(\n {\n sub: userId,\n ...payload,\n },\n {\n audience,\n issuer,\n secret,\n expiresIn,\n },\n );\n }\n\n // PROVIDER SPECIFIC CODE\n async validateUserUsingGoogle(user: User) {\n try {\n // Make API call to Google OAuth service to fetch user profile\n const response = await this.httpService.axiosRef.get(`https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=${user.googleAccessToken}`);\n const userProfile = response.data;\n\n // Ensure the fetched profile email & provider Id match the ones we have stored in the database earlier. \n if (userProfile.email === user.email && userProfile.id === user.googleId) {\n // TODO: remove the access code both from the database.\n return userProfile;\n } else {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_USER_PROFILE);\n }\n } catch (error) {\n throw new UnauthorizedException(ERROR_MESSAGES.GOOGLE_OAUTH_PROFILE_FETCH_FAILED);\n }\n }\n\n async signInUsingGoogle(accessCode: string) {\n const user = await this.userRepository.findOne({\n where: {\n accessCode: accessCode\n },\n relations: {\n roles: true\n }\n });\n\n if (!user) {\n throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);\n }\n this.checkAccountBlocked(user);\n\n try {\n await this.validateUserUsingGoogle(user);\n } catch (e) {\n await this.incrementFailedAttempts(user);\n throw e;\n }\n\n await this.resetFailedAttempts(user);\n const tokens = await this.generateTokens(user);\n return {\n user: {\n email: user.email,\n mobile: user.mobile,\n username: user.username,\n // forcePasswordChange: user.forcePasswordChange,\n id: user.id,\n roles: user.roles.map((role) => role.name)\n },\n ...tokens\n }\n }\n\n private async isPasswordlessRegistrationEnabled() {\n // return this.settingService.getConfigValue<SolidCoreSetting>('passwordlessRegistration');\n return this.settingService.getConfigValue<SolidCoreSetting>('passwordLessAuth');\n }\n\n private checkAccountBlocked(user: User): void {\n const maxFailedAttempts = this.settingService.getConfigValue<SolidCoreSetting>('maxFailedLoginAttempts') as number;\n if (maxFailedAttempts > 0 && user.failedLoginAttempts >= maxFailedAttempts) {\n throw new ForbiddenException(ERROR_MESSAGES.ACCOUNT_BLOCKED);\n }\n }\n\n private async incrementFailedAttempts(user: User): Promise<void> {\n const nextFailedAttempts = (user.failedLoginAttempts ?? 0) + 1;\n user.failedLoginAttempts = nextFailedAttempts;\n await this.userRepository.update(user.id, { failedLoginAttempts: nextFailedAttempts });\n }\n\n private async resetFailedAttempts(user: User): Promise<void> {\n if (user.failedLoginAttempts === 0) return;\n user.failedLoginAttempts = 0;\n await this.userRepository.update(user.id, { failedLoginAttempts: 0 });\n }\n\n //FIXME - Pending implementation\n // async logout() {\n // // const user = this.request.user; //TODO: // Access the user from the execution context\n\n // // Invalidate the refresh token\n // // await this.refreshTokenIdsStorage.invalidate(user.id);\n // }\n async logout(refreshToken: string) {\n try {\n // const activeUser = this.requestContextService.getActiveUser();\n // const userId = activeUser?.sub;\n // const user = await this.userRepository.findOne({\n // where: {\n // id: userId,\n // }\n // })\n // // Invalidate refresh token if you store them\n // await this.refreshTokenIdsStorage.invalidate(userId); // ← Your existing logic\n // if (!refreshToken) {\n // throw new UnauthorizedException('Refresh token is required');\n // }\n const payload = this.jwtService.decode(refreshToken) as any;\n\n if (!payload || !payload.sub) {\n throw new UnauthorizedException(ERROR_MESSAGES.INVALID_REFRESH_TOKEN);\n }\n\n const userId = payload.sub;\n await this.refreshTokenIdsStorage.invalidate(userId);\n const user = await this.userRepository.findOne({\n where: {\n id: userId,\n }\n })\n // Log logout event\n await this.userActivityHistoryService.logEvent('logout', user);\n\n return { message: SUCCESS_MESSAGES.LOGOUT_SUCCESS };\n } catch (err) {\n throw err instanceof UnauthorizedException || err instanceof InternalServerErrorException\n ? err\n : new InternalServerErrorException(ERROR_MESSAGES.LOGOUT_FAILED);\n }\n }\n\n\n async activateUser(userId: number) {\n const user = await this.userService.findOne(userId, {});\n if (!user) {\n throw new NotFoundException(ERROR_MESSAGES.USER_NOT_FOUND);\n }\n user.active = true;\n await this.userRepository.save(user);\n }\n\n async me(activeUser: ActiveUserData) {\n const user = await this.userRepository.findOne({\n where: {\n id: activeUser.sub,\n },\n relations: {\n roles: true\n }\n });\n\n // const tokens = await this.generateTokens(user);\n\n // Get the refresh token for a user from refresh token storage.\n const refreshTokenState = await this.refreshTokenIdsStorage.getCurrentRefreshTokenState(user.id);\n\n const response = {\n user: {\n email: user.email,\n mobile: user.mobile,\n username: user.username,\n // forcePasswordChange: user.forcePasswordChange,\n id: user.id,\n roles: user.roles.map((role) => role.name)\n },\n refreshToken: refreshTokenState.currentRefreshToken,\n // ...tokens\n }\n return response;\n }\n\n}\n\nfunction parseUniqueConstraintError(detail: string): string {\n const match = detail.match(/Key \\(([^)]+)\\)=\\(([^)]+)\\) already exists\\./);\n if (match) {\n const field = match[1];\n const value = match[2];\n const fieldMap: Record<string, string> = {\n username: 'username',\n email: 'email address',\n full_name_user_key: 'full name',\n };\n const friendlyField = fieldMap[field] || field;\n return `A user with ${friendlyField} \"${value}\" already exists.`;\n }\n return detail;\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@solidxai/core",
|
|
3
|
-
"version": "0.1.6-beta.
|
|
3
|
+
"version": "0.1.6-beta.6",
|
|
4
4
|
"description": "This module is a NestJS module containing all the required core providers required by a Solid application",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -740,11 +740,18 @@ export class AuthenticationService {
|
|
|
740
740
|
if (type === PasswordlessLoginValidateWhatSources.EMAIL) {
|
|
741
741
|
user.emailVerificationTokenOnLogin = token;
|
|
742
742
|
user.emailVerificationTokenOnLoginExpiresAt = expiresAt;
|
|
743
|
+
await this.userRepository.update(user.id, {
|
|
744
|
+
emailVerificationTokenOnLogin: token,
|
|
745
|
+
emailVerificationTokenOnLoginExpiresAt: expiresAt,
|
|
746
|
+
});
|
|
743
747
|
} else {
|
|
744
748
|
user.mobileVerificationTokenOnLogin = token;
|
|
745
749
|
user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;
|
|
750
|
+
await this.userRepository.update(user.id, {
|
|
751
|
+
mobileVerificationTokenOnLogin: token,
|
|
752
|
+
mobileVerificationTokenOnLoginExpiresAt: expiresAt,
|
|
753
|
+
});
|
|
746
754
|
}
|
|
747
|
-
await this.userRepository.save(user);
|
|
748
755
|
}
|
|
749
756
|
|
|
750
757
|
private buildLoginOtpResponse(user: User, type: PasswordlessLoginValidateWhatSources) {
|
|
@@ -829,11 +836,9 @@ export class AuthenticationService {
|
|
|
829
836
|
throw e;
|
|
830
837
|
}
|
|
831
838
|
|
|
832
|
-
this.clearLoginOtp(user, type);
|
|
833
|
-
|
|
834
|
-
user.failedLoginAttempts = 0;
|
|
839
|
+
await this.clearLoginOtp(user, type);
|
|
835
840
|
await this.userActivityHistoryService.logEvent('login', user);
|
|
836
|
-
await this.
|
|
841
|
+
await this.resetFailedAttempts(user);
|
|
837
842
|
return this.buildLoginTokenResponse(user);
|
|
838
843
|
}
|
|
839
844
|
|
|
@@ -850,15 +855,27 @@ export class AuthenticationService {
|
|
|
850
855
|
}
|
|
851
856
|
}
|
|
852
857
|
|
|
853
|
-
private clearLoginOtp(user: User, type: PasswordlessLoginValidateWhatSources): void {
|
|
858
|
+
private async clearLoginOtp(user: User, type: PasswordlessLoginValidateWhatSources): Promise<void> {
|
|
854
859
|
if (type === PasswordlessLoginValidateWhatSources.EMAIL) {
|
|
855
|
-
|
|
860
|
+
const verifiedAt = new Date();
|
|
861
|
+
user.emailVerifiedOnLoginAt = verifiedAt;
|
|
856
862
|
user.emailVerificationTokenOnLogin = null;
|
|
857
863
|
user.emailVerificationTokenOnLoginExpiresAt = null;
|
|
864
|
+
await this.userRepository.update(user.id, {
|
|
865
|
+
emailVerifiedOnLoginAt: verifiedAt,
|
|
866
|
+
emailVerificationTokenOnLogin: null,
|
|
867
|
+
emailVerificationTokenOnLoginExpiresAt: null,
|
|
868
|
+
});
|
|
858
869
|
} else {
|
|
859
|
-
|
|
870
|
+
const verifiedAt = new Date();
|
|
871
|
+
user.mobileVerifiedOnLoginAt = verifiedAt;
|
|
860
872
|
user.mobileVerificationTokenOnLogin = null;
|
|
861
873
|
user.mobileVerificationTokenOnLoginExpiresAt = null;
|
|
874
|
+
await this.userRepository.update(user.id, {
|
|
875
|
+
mobileVerifiedOnLoginAt: verifiedAt,
|
|
876
|
+
mobileVerificationTokenOnLogin: null,
|
|
877
|
+
mobileVerificationTokenOnLoginExpiresAt: null,
|
|
878
|
+
});
|
|
862
879
|
}
|
|
863
880
|
}
|
|
864
881
|
|
|
@@ -1301,14 +1318,15 @@ export class AuthenticationService {
|
|
|
1301
1318
|
}
|
|
1302
1319
|
|
|
1303
1320
|
private async incrementFailedAttempts(user: User): Promise<void> {
|
|
1304
|
-
user.failedLoginAttempts
|
|
1305
|
-
|
|
1321
|
+
const nextFailedAttempts = (user.failedLoginAttempts ?? 0) + 1;
|
|
1322
|
+
user.failedLoginAttempts = nextFailedAttempts;
|
|
1323
|
+
await this.userRepository.update(user.id, { failedLoginAttempts: nextFailedAttempts });
|
|
1306
1324
|
}
|
|
1307
1325
|
|
|
1308
1326
|
private async resetFailedAttempts(user: User): Promise<void> {
|
|
1309
1327
|
if (user.failedLoginAttempts === 0) return;
|
|
1310
1328
|
user.failedLoginAttempts = 0;
|
|
1311
|
-
await this.userRepository.
|
|
1329
|
+
await this.userRepository.update(user.id, { failedLoginAttempts: 0 });
|
|
1312
1330
|
}
|
|
1313
1331
|
|
|
1314
1332
|
//FIXME - Pending implementation
|