npm - @strapi/admin - Versions diffs - 5.0.0-rc.8 → 5.0.0-rc.9 - Mend

@strapi/admin 5.0.0-rc.8 → 5.0.0-rc.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (232) hide show

package/dist/ee/server/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.mjs","sources":["../../../server/src/routes/serve-admin-panel.ts","../../../server/src/utils/index.js","../../../server/src/strategies/admin.ts","../../../server/src/services/constants.ts","../../../server/src/strategies/api-token.ts","../../../server/src/register.ts","../../../ee/server/src/register.ts","../../../server/src/config/admin-actions.ts","../../../server/src/config/admin-conditions.ts","../../../server/src/bootstrap.ts","../../../ee/server/src/utils/index.ts","../../../ee/server/src/config/admin-actions.ts","../../../ee/server/src/utils/persisted-tables.ts","../../../ee/server/src/bootstrap.ts","../../../server/src/destroy.ts","../../../ee/server/src/destroy.ts","../../../ee/server/src/content-types/index.ts","../../../ee/server/src/utils/sso-lock.ts","../../../ee/server/src/services/auth.ts","../../../server/src/services/passport/local-strategy.ts","../../../server/src/services/passport.ts","../../../ee/server/src/services/passport/provider-registry.ts","../../../ee/server/src/services/passport/sso.ts","../../../ee/server/src/services/passport.ts","../../../ee/server/src/services/role.ts","../../../server/src/domain/user.ts","../../../ee/server/src/services/user.ts","../../../ee/server/src/services/metrics.ts","../../../ee/server/src/services/seat-enforcement.ts","../../../ee/server/src/services/index.ts","../../../ee/server/src/validation/authentication.ts","../../../ee/server/src/controllers/authentication-utils/constants.ts","../../../ee/server/src/controllers/authentication-utils/utils.ts","../../../ee/server/src/controllers/authentication-utils/middlewares.ts","../../../ee/server/src/controllers/authentication.ts","../../../ee/server/src/validation/role.ts","../../../ee/server/src/controllers/role.ts","../../../server/src/domain/action/index.ts","../../../server/src/validation/common-functions/check-fields-are-correctly-nested.ts","../../../server/src/validation/common-functions/check-fields-dont-have-duplicates.ts","../../../server/src/validation/common-validators.ts","../../../server/src/validation/user.ts","../../../ee/server/src/validation/user.ts","../../../ee/server/src/controllers/user.ts","../../../ee/server/src/controllers/admin.ts","../../../ee/server/src/controllers/index.ts","../../../ee/server/src/routes/utils.ts","../../../ee/server/src/routes/sso.ts","../../../ee/server/src/routes/license-limit.ts","../../../ee/server/src/routes/index.ts","../../../ee/server/src/audit-logs/routes/audit-logs.ts","../../../ee/server/src/audit-logs/validation/audit-logs.ts","../../../ee/server/src/audit-logs/controllers/audit-logs.ts","../../../ee/server/src/audit-logs/services/audit-logs.ts","../../../ee/server/src/audit-logs/services/lifecycles.ts","../../../ee/server/src/audit-logs/content-types/audit-log.ts","../../../ee/server/src/index.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport { resolve, join, extname, basename } from 'path';\nimport fse from 'fs-extra';\nimport koaStatic from 'koa-static';\nimport type { Core } from '@strapi/types';\n\nconst registerAdminPanelRoute = ({ strapi }: { strapi: Core.Strapi }) => {\n let buildDir = resolve(strapi.dirs.dist.root, 'build');\n\n if (!fse.pathExistsSync(buildDir)) {\n buildDir = resolve(__dirname, '../../build');\n }\n\n const serveAdminMiddleware = async (ctx: Context, next: Next) => {\n await next();\n\n if (ctx.method !== 'HEAD' && ctx.method !== 'GET') {\n return;\n }\n\n if (ctx.body != null \|\| ctx.status !== 404) {\n return;\n }\n\n ctx.type = 'html';\n ctx.body = fse.createReadStream(join(buildDir, 'index.html'));\n };\n\n strapi.server.routes([\n {\n method: 'GET',\n path: `${strapi.config.admin.path}/:path`,\n handler: [\n serveAdminMiddleware,\n serveStatic(buildDir, {\n maxage: 31536000,\n defer: false,\n index: 'index.html',\n setHeaders(res: any, path: any) {\n const ext = extname(path);\n // publicly cache static files to avoid unnecessary network & disk access\n if (ext !== '.html') {\n res.setHeader('cache-control', 'public, max-age=31536000, immutable');\n }\n },\n }),\n ],\n config: { auth: false },\n },\n ]);\n};\n\n// serveStatic is not supposed to be used to serve a folder that have sub-folders\nconst serveStatic = (filesDir: any, koaStaticOptions = {}) => {\n const serve = koaStatic(filesDir, koaStaticOptions);\n\n return async (ctx: Context, next: Next) => {\n const prev = ctx.path;\n const newPath = basename(ctx.path);\n\n ctx.path = newPath;\n await serve(ctx, async () => {\n ctx.path = prev;\n await next();\n ctx.path = newPath;\n });\n ctx.path = prev;\n };\n};\n\nexport default registerAdminPanelRoute;\n","const getService = (name) => {\n return strapi.service(`admin::${name}`);\n};\n\nexport { getService };\n","import type { Context } from 'koa';\nimport { getService } from '../utils';\n\n/* @type {import('.').AuthenticateFunction} /\nexport const authenticate = async (ctx: Context) => {\n const { authorization } = ctx.request.header;\n\n if (!authorization) {\n return { authenticated: false };\n }\n\n const parts = authorization.split(/\\s+/);\n\n if (parts[0].toLowerCase() !== 'bearer' \|\| parts.length !== 2) {\n return { authenticated: false };\n }\n\n const token = parts[1];\n const { payload, isValid } = getService('token').decodeJwtToken(token);\n\n if (!isValid) {\n return { authenticated: false };\n }\n\n const user = await strapi.db\n .query('admin::user')\n .findOne({ where: { id: payload.id }, populate: ['roles'] });\n\n if (!user \|\| !(user.isActive === true)) {\n return { authenticated: false };\n }\n\n const userAbility = await getService('permission').engine.generateUserAbility(user);\n\n // TODO: use the ability from ctx.state.auth instead of\n // ctx.state.userAbility, and remove the assign below\n ctx.state.userAbility = userAbility;\n ctx.state.user = user;\n\n return {\n authenticated: true,\n credentials: user,\n ability: userAbility,\n };\n};\n\nexport const name = 'admin';\n\n/* @type {import('.').AuthStrategy} /\nexport default {\n name,\n authenticate,\n};\n","const DAY_IN_MS = 24 60 * 60 * 1000;\n\nconst constants = {\n CONTENT_TYPE_SECTION: 'contentTypes',\n SUPER_ADMIN_CODE: 'strapi-super-admin',\n EDITOR_CODE: 'strapi-editor',\n AUTHOR_CODE: 'strapi-author',\n READ_ACTION: 'plugin::content-manager.explorer.read',\n CREATE_ACTION: 'plugin::content-manager.explorer.create',\n UPDATE_ACTION: 'plugin::content-manager.explorer.update',\n DELETE_ACTION: 'plugin::content-manager.explorer.delete',\n PUBLISH_ACTION: 'plugin::content-manager.explorer.publish',\n API_TOKEN_TYPE: {\n READ_ONLY: 'read-only',\n FULL_ACCESS: 'full-access',\n CUSTOM: 'custom',\n },\n // The front-end only displays these values\n API_TOKEN_LIFESPANS: {\n UNLIMITED: null,\n DAYS_7: 7 * DAY_IN_MS,\n DAYS_30: 30 * DAY_IN_MS,\n DAYS_90: 90 * DAY_IN_MS,\n },\n TRANSFER_TOKEN_TYPE: {\n PUSH: 'push',\n PULL: 'pull',\n },\n TRANSFER_TOKEN_LIFESPANS: {\n UNLIMITED: null,\n DAYS_7: 7 * DAY_IN_MS,\n DAYS_30: 30 * DAY_IN_MS,\n DAYS_90: 90 * DAY_IN_MS,\n },\n};\n\nexport default constants;\n","import type { Context } from 'koa';\nimport { castArray, isNil } from 'lodash/fp';\nimport { differenceInHours, parseISO } from 'date-fns';\nimport { errors } from '@strapi/utils';\nimport constants from '../services/constants';\nimport { getService } from '../utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError, ForbiddenError } = errors;\n\nconst isReadScope = (scope: any) => scope.endsWith('find') \|\| scope.endsWith('findOne');\n\nconst extractToken = (ctx: Context) => {\n if (ctx.request && ctx.request.header && ctx.request.header.authorization) {\n const parts = ctx.request.header.authorization.split(/\\s+/);\n\n if (parts[0].toLowerCase() !== 'bearer' \|\| parts.length !== 2) {\n return null;\n }\n\n return parts[1];\n }\n\n return null;\n};\n\n/*\n Authenticate the validity of the token\n /\nexport const authenticate = async (ctx: Context) => {\n const apiTokenService = getService('api-token');\n const token = extractToken(ctx);\n\n if (!token) {\n return { authenticated: false };\n }\n\n const apiToken = await apiTokenService.getBy({\n accessKey: apiTokenService.hash(token),\n });\n\n // token not found\n if (!apiToken) {\n return { authenticated: false };\n }\n\n const currentDate = new Date();\n\n if (!isNil(apiToken.expiresAt)) {\n const expirationDate = new Date(apiToken.expiresAt);\n // token has expired\n if (expirationDate < currentDate) {\n return { authenticated: false, error: new UnauthorizedError('Token expired') };\n }\n }\n\n // update lastUsedAt if the token has not been used in the last hour\n // @ts-expect-error - FIXME: verify lastUsedAt is defined\n const hoursSinceLastUsed = differenceInHours(currentDate, parseISO(apiToken.lastUsedAt));\n if (hoursSinceLastUsed >= 1) {\n await strapi.db.query('admin::api-token').update({\n where: { id: apiToken.id },\n data: { lastUsedAt: currentDate },\n });\n }\n\n if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n const ability = await strapi.contentAPI.permissions.engine.generateAbility(\n apiToken.permissions.map((action: any) => ({ action }))\n );\n\n return { authenticated: true, ability, credentials: apiToken };\n }\n\n return { authenticated: true, credentials: apiToken };\n};\n\n/\n Verify the token has the required abilities for the requested scope\n \n @type {import('.').VerifyFunction}\n /\nexport const verify = (auth: any, config: any) => {\n const { credentials: apiToken, ability } = auth;\n\n if (!apiToken) {\n throw new UnauthorizedError('Token not found');\n }\n\n const currentDate = new Date();\n\n if (!isNil(apiToken.expiresAt)) {\n const expirationDate = new Date(apiToken.expiresAt);\n // token has expired\n if (expirationDate < currentDate) {\n throw new UnauthorizedError('Token expired');\n }\n }\n\n // Full access\n if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) {\n return;\n }\n\n // Read only\n if (apiToken.type === constants.API_TOKEN_TYPE.READ_ONLY) {\n /\n If you don't have `full-access` you can only access `find` and `findOne`\n * scopes. If the route has no scope, then you can't get access to it.\n /\n const scopes = castArray(config.scope);\n\n if (config.scope && scopes.every(isReadScope)) {\n return;\n }\n }\n\n // Custom\n else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n if (!ability) {\n throw new ForbiddenError();\n }\n\n const scopes = castArray(config.scope);\n\n const isAllowed = scopes.every((scope) => ability.can(scope));\n\n if (isAllowed) {\n return;\n }\n }\n\n throw new ForbiddenError();\n};\n\nexport const name = 'api-token';\n\nexport default {\n name: 'api-token',\n authenticate,\n verify,\n};\n","import type { Core } from '@strapi/types';\nimport registerAdminPanelRoute from './routes/serve-admin-panel';\nimport adminAuthStrategy from './strategies/admin';\nimport apiTokenAuthStrategy from './strategies/api-token';\n\nexport default ({ strapi }: { strapi: Core.Strapi }) => {\n const passportMiddleware = strapi.service('admin::passport').init();\n\n strapi.server.api('admin').use(passportMiddleware);\n strapi.get('auth').register('admin', adminAuthStrategy);\n strapi.get('auth').register('content-api', apiTokenAuthStrategy);\n\n if (strapi.config.get('admin.serveAdminPanel')) {\n registerAdminPanelRoute({ strapi });\n }\n};\n","import type { Core } from '@strapi/types';\n\nimport executeCERegister from '../../../server/src/register';\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n await executeCERegister({ strapi });\n};\n","export const actions = [\n {\n uid: 'marketplace.read',\n displayName: 'Access the marketplace',\n pluginName: 'admin',\n section: 'settings',\n category: 'plugins and marketplace',\n subCategory: 'marketplace',\n },\n {\n uid: 'webhooks.create',\n displayName: 'Create',\n pluginName: 'admin',\n section: 'settings',\n category: 'webhooks',\n },\n {\n uid: 'webhooks.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'webhooks',\n },\n {\n uid: 'webhooks.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'webhooks',\n },\n {\n uid: 'webhooks.delete',\n displayName: 'Delete',\n pluginName: 'admin',\n section: 'settings',\n category: 'webhooks',\n },\n {\n uid: 'users.create',\n displayName: 'Create (invite)',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'users',\n },\n {\n uid: 'users.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'users',\n },\n {\n uid: 'users.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'users',\n },\n {\n uid: 'users.delete',\n displayName: 'Delete',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'users',\n },\n {\n uid: 'roles.create',\n displayName: 'Create',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'roles',\n },\n {\n uid: 'roles.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'roles',\n },\n {\n uid: 'roles.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'roles',\n },\n {\n uid: 'roles.delete',\n displayName: 'Delete',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'roles',\n },\n {\n uid: 'api-tokens.access',\n displayName: 'Access the API tokens settings page',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'api Tokens',\n },\n {\n uid: 'api-tokens.create',\n displayName: 'Create (generate)',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'general',\n },\n {\n uid: 'api-tokens.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'general',\n },\n {\n uid: 'api-tokens.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'general',\n },\n {\n uid: 'api-tokens.regenerate',\n displayName: 'Regenerate',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'general',\n },\n {\n uid: 'api-tokens.delete',\n displayName: 'Delete (revoke)',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'general',\n },\n {\n uid: 'project-settings.update',\n displayName: 'Update the project level settings',\n pluginName: 'admin',\n section: 'settings',\n category: 'project',\n },\n {\n uid: 'project-settings.read',\n displayName: 'Read the project level settings',\n pluginName: 'admin',\n section: 'settings',\n category: 'project',\n },\n {\n uid: 'transfer.tokens.access',\n displayName: 'Access the transfer tokens settings page',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'transfer tokens',\n },\n {\n uid: 'transfer.tokens.create',\n displayName: 'Create (generate)',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'general',\n },\n {\n uid: 'transfer.tokens.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'general',\n },\n {\n uid: 'transfer.tokens.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'general',\n },\n {\n uid: 'transfer.tokens.regenerate',\n displayName: 'Regenerate',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'general',\n },\n {\n uid: 'transfer.tokens.delete',\n displayName: 'Delete (revoke)',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'general',\n },\n];\n\nexport default {\n actions,\n};\n","// TODO: TS User and role type\ntype User = any;\ntype Role = any;\n\nexport const conditions = [\n {\n displayName: 'Is creator',\n name: 'is-creator',\n plugin: 'admin',\n handler: (user: User) => ({ 'createdBy.id': user.id }),\n },\n {\n displayName: 'Has same role as creator',\n name: 'has-same-role-as-creator',\n plugin: 'admin',\n handler: (user: User) => ({\n 'createdBy.roles': {\n $elemMatch: {\n id: {\n $in: user.roles.map((r: Role) => r.id),\n },\n },\n },\n }),\n },\n];\n\nexport default {\n conditions,\n};\n","import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n};\n","import type { Core } from '@strapi/types';\n\nexport const getService = (\n name: string,\n { strapi }: { strapi: Core.Strapi } = { strapi: global.strapi }\n) => {\n return strapi.service(`admin::${name}`);\n};\n\nexport default {\n getService,\n};\n","export default {\n sso: [\n {\n uid: 'provider-login.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'single sign on',\n subCategory: 'options',\n },\n {\n uid: 'provider-login.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'single sign on',\n subCategory: 'options',\n },\n ],\n auditLogs: [\n {\n uid: 'audit-logs.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'audit logs',\n subCategory: 'options',\n },\n ],\n};\n","import type { Core } from '@strapi/types';\nimport { differenceWith, isEqual } from 'lodash/fp';\n\ninterface PersistedTable {\n name: string;\n dependsOn?: Array<{ name: string }>;\n}\n\n/\n Transform table name to the object format\n /\nconst transformTableName = (table: string \| PersistedTable) => {\n if (typeof table === 'string') {\n return { name: table };\n }\n return table;\n};\n\n/\n Finds all tables in the database matching the regular expression\n * @param {Object} ctx\n * @param {Strapi} ctx.strapi\n * @param {RegExp} regex\n * @returns {Promise<string[]>}\n /\nexport async function findTables({ strapi }: { strapi: Core.Strapi }, regex: any) {\n // @ts-expect-error - getTables is not typed into the schema inspector\n const tables = await strapi.db.dialect.schemaInspector.getTables();\n return tables.filter((tableName: string) => regex.test(tableName));\n}\n\n/\n Add tables name to the reserved tables in core store\n /\nasync function addPersistTables(\n { strapi }: { strapi: Core.Strapi },\n tableNames: Array<string \| PersistedTable>\n) {\n const persistedTables = await getPersistedTables({ strapi });\n const tables = tableNames.map(transformTableName);\n\n // Get new tables to be persisted, remove tables if they already were persisted\n const notPersistedTableNames = differenceWith(isEqual, tables, persistedTables);\n // Remove tables that are going to be changed\n const tablesToPersist = differenceWith(\n (t1: any, t2: any) => t1.name === t2.name,\n persistedTables,\n notPersistedTableNames\n );\n\n if (!notPersistedTableNames.length) {\n return;\n }\n\n // @ts-expect-error lodash types\n tablesToPersist.push(...notPersistedTableNames);\n await strapi.store.set({\n type: 'core',\n key: 'persisted_tables',\n value: tablesToPersist,\n });\n}\n\n/\n Get all reserved table names from the core store\n * @param {Object} ctx\n * @param {Strapi} ctx.strapi\n * @param {RegExp} regex\n * @returns {Promise<string[]>}\n /\n\nasync function getPersistedTables({ strapi }: { strapi: Core.Strapi }) {\n const persistedTables: any = await strapi.store.get({\n type: 'core',\n key: 'persisted_tables',\n });\n\n return (persistedTables \|\| []).map(transformTableName);\n}\n\n/\n Set all reserved table names in the core store\n * @param {Object} ctx\n * @param {Strapi} ctx.strapi\n * @param {Array<string\|{ table: string; dependsOn?: Array<{ table: string;}> }>} tableNames\n * @returns {Promise<void>}\n /\nasync function setPersistedTables(\n { strapi }: { strapi: Core.Strapi },\n tableNames: Array<string \| PersistedTable>\n) {\n await strapi.store.set({\n type: 'core',\n key: 'persisted_tables',\n value: tableNames,\n });\n}\n/\n Add all table names that start with a prefix to the reserved tables in\n * core store\n * @param {string} tableNamePrefix\n * @return {Promise<void>}\n /\n\nexport const persistTablesWithPrefix = async (tableNamePrefix: string) => {\n const tableNameRegex = new RegExp(`^${tableNamePrefix}.`);\n const tableNames = await findTables({ strapi }, tableNameRegex);\n\n await addPersistTables({ strapi }, tableNames);\n};\n\n/*\n Remove all table names that end with a suffix from the reserved tables in core store\n * @param {string} tableNameSuffix\n * @return {Promise<void>}\n /\nexport const removePersistedTablesWithSuffix = async (tableNameSuffix: string) => {\n const tableNameRegex = new RegExp(`.${tableNameSuffix}$`);\n const persistedTables = await getPersistedTables({ strapi });\n\n const filteredPersistedTables = persistedTables.filter((table: any) => {\n return !tableNameRegex.test(table.name);\n });\n\n if (filteredPersistedTables.length === persistedTables.length) {\n return;\n }\n\n await setPersistedTables({ strapi }, filteredPersistedTables);\n};\n\n/*\n Add tables to the reserved tables in core store\n /\nexport const persistTables = async (tables: Array<string \| PersistedTable>) => {\n await addPersistTables({ strapi }, tables);\n};\n\nexport default {\n persistTablesWithPrefix,\n removePersistedTablesWithSuffix,\n persistTables,\n findTables,\n};\n","import executeCEBootstrap from '../../../server/src/bootstrap';\nimport { getService } from '../../server/src/utils';\nimport actions from './config/admin-actions';\nimport { persistTablesWithPrefix } from './utils/persisted-tables';\n\nexport default async (args: any) => {\n const { actionProvider } = getService('permission');\n if (strapi.ee.features.isEnabled('sso')) {\n await actionProvider.registerMany(actions.sso);\n }\n\n if (strapi.ee.features.isEnabled('audit-logs')) {\n await persistTablesWithPrefix('strapi_audit_logs');\n await actionProvider.registerMany(actions.auditLogs);\n }\n\n await getService('seat-enforcement').seatEnforcementWorkflow();\n await executeCEBootstrap(args);\n};\n","import { getService } from './utils';\n\nexport default async () => {\n const { conditionProvider, actionProvider } = getService('permission');\n\n await conditionProvider.clear();\n await actionProvider.clear();\n};\n","import type { Core } from '@strapi/types';\nimport executeCEDestroy from '../../../server/src/destroy';\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n await executeCEDestroy();\n};\n","export default {};\n","import { isEmpty } from 'lodash/fp';\n\nexport const isSsoLocked = async (user: any) => {\n if (!strapi.ee.features.isEnabled('sso')) {\n return false;\n }\n\n if (!user) {\n throw new Error('Missing user object');\n }\n\n // check if any roles are locked\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n const lockedRoles = providers.ssoLockedRoles ?? [];\n if (isEmpty(lockedRoles)) {\n return false;\n }\n\n const roles =\n // If the roles are pre-loaded for the given user, then use them\n user.roles ??\n // Otherwise, try to load the role based on the given user ID\n (await strapi.db.query('admin::user').load(user, 'roles', { roles: { fields: ['id'] } })) ??\n // If the query fails somehow, default to an empty array\n [];\n\n // Check if any of the user's roles are in lockedRoles\n const isLocked = lockedRoles.some((lockedId: string) =>\n // lockedRoles will be a string to avoid issues with frontend and bigints\n roles.some((role: any) => lockedId === role.id.toString())\n );\n\n return isLocked;\n};\n\nexport default {\n isSsoLocked,\n};\n","import _ from 'lodash';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport { isSsoLocked } from '../utils/sso-lock';\n\nconst { ApplicationError } = errors;\n/\n Send an email to the user if it exists and is not locked to SSO\n * If those conditions are not met, nothing happens\n \n @param {Object} param params\n * @param {string} param.email user email for which to reset the password\n /\nconst forgotPassword = async ({ email }: any = {}) => {\n const user = await strapi.db.query('admin::user').findOne({ where: { email, isActive: true } });\n\n if (!user \|\| (await isSsoLocked(user))) {\n return;\n }\n\n const resetPasswordToken = getService('token').createToken();\n await getService('user').updateById(user.id, { resetPasswordToken });\n\n // Send an email to the admin.\n const url = `${strapi.config.get(\n 'admin.absoluteUrl'\n )}/auth/reset-password?code=${resetPasswordToken}`;\n return strapi\n .plugin('email')\n .service('email')\n .sendTemplatedEmail(\n {\n to: user.email,\n from: strapi.config.get('admin.forgotPassword.from'),\n replyTo: strapi.config.get('admin.forgotPassword.replyTo'),\n },\n strapi.config.get('admin.forgotPassword.emailTemplate'),\n {\n url,\n user: _.pick(user, ['email', 'firstname', 'lastname', 'username']),\n }\n )\n .catch((err: unknown) => {\n // log error server side but do not disclose it to the user to avoid leaking informations\n strapi.log.error(err);\n });\n};\n\n/\n Reset a user password\n * @param {Object} param params\n * @param {string} param.resetPasswordToken token generated to request a password reset\n * @param {string} param.password new user password\n /\nconst resetPassword = async ({ resetPasswordToken, password }: any = {}) => {\n const matchingUser = await strapi.db\n .query('admin::user')\n .findOne({ where: { resetPasswordToken, isActive: true } });\n\n if (!matchingUser \|\| (await isSsoLocked(matchingUser))) {\n throw new ApplicationError();\n }\n\n return getService('user').updateById(matchingUser.id, {\n password,\n resetPasswordToken: null,\n });\n};\n\nexport default {\n forgotPassword,\n resetPassword,\n};\n","import { toLower } from 'lodash/fp';\nimport { Strategy as LocalStrategy } from 'passport-local';\nimport type { Core } from '@strapi/types';\nimport { getService } from '../../utils';\n\nconst createLocalStrategy = (strapi: Core.Strapi, middleware?: any) => {\n return new LocalStrategy(\n {\n usernameField: 'email',\n passwordField: 'password',\n session: false,\n },\n (email: string, password: string, done: any) => {\n return getService('auth')\n .checkCredentials({ email: toLower(email), password })\n .then(async ([error, user, message]) => {\n if (middleware) {\n return middleware([error, user, message], done);\n }\n\n return done(error, user, message);\n })\n .catch((error) => done(error));\n }\n );\n};\n\nexport default createLocalStrategy;\n","import passport from 'koa-passport';\nimport type { Strategy } from 'passport-local';\nimport { isFunction } from 'lodash/fp';\n\nimport createLocalStrategy from './passport/local-strategy';\n\nconst authEventsMapper = {\n onConnectionSuccess: 'admin.auth.success',\n onConnectionError: 'admin.auth.error',\n};\n\nconst valueIsFunctionType = ([, value]: [any, any]) => isFunction(value);\nconst keyIsValidEventName = ([key]: any) => {\n return Object.keys(strapi.service('admin::passport').authEventsMapper).includes(key);\n};\n\nconst getPassportStrategies = () => [createLocalStrategy(strapi)] as Strategy[];\n\nconst registerAuthEvents = () => {\n // @ts-expect-error - TODO: migrate auth service to TS\n const { events = {} } = strapi.config.get('admin.auth', {});\n const { authEventsMapper } = strapi.service('admin::passport');\n\n const eventList = Object.entries(events).filter(keyIsValidEventName).filter(valueIsFunctionType);\n\n for (const [eventName, handler] of eventList) {\n // TODO - TS: ensure the handler is an EventHub.Listener\n strapi.eventHub.on(authEventsMapper[eventName], handler as any);\n }\n};\n\nconst init = () => {\n strapi\n .service('admin::passport')\n .getPassportStrategies()\n .forEach((strategy: Strategy) => passport.use(strategy));\n\n registerAuthEvents();\n\n return passport.initialize();\n};\n\nexport default { init, getPassportStrategies, authEventsMapper };\n","import '@strapi/types';\n\nexport default () => {\n const registry = new Map();\n\n Object.assign(registry, {\n register(provider: unknown) {\n if (strapi.isLoaded) {\n throw new Error(`You can't register new provider after the bootstrap`);\n }\n\n // TODO\n // @ts-expect-error check map types\n this.set(provider.uid, provider);\n },\n\n registerMany(providers: unknown[]) {\n providers.forEach((provider) => {\n this.register(provider);\n });\n },\n\n getAll(): unknown[] {\n // TODO\n // @ts-expect-error check map types\n return Array.from(this.values());\n },\n });\n\n return registry;\n};\n","import '@strapi/types';\nimport passport from '../../../../../server/src/services/passport';\nimport createProviderRegistry from './provider-registry';\n\nexport const providerRegistry = createProviderRegistry();\nconst errorMessage = 'SSO is disabled. Its functionnalities cannot be accessed.';\n\nexport const getStrategyCallbackURL = (providerName: string) => {\n if (!strapi.ee.features.isEnabled('sso')) {\n throw new Error(errorMessage);\n }\n\n return `/admin/connect/${providerName}`;\n};\n\nexport const syncProviderRegistryWithConfig = () => {\n if (!strapi.ee.features.isEnabled('sso')) {\n throw new Error(errorMessage);\n }\n\n const { providers = [] } = strapi.config.get('admin.auth', {}) as any;\n\n // TODO\n // @ts-expect-error check map types\n providerRegistry.registerMany(providers);\n};\n\nexport const SSOAuthEventsMapper = {\n onSSOAutoRegistration: 'admin.auth.autoRegistration',\n};\n\nexport default {\n providerRegistry,\n getStrategyCallbackURL,\n syncProviderRegistryWithConfig,\n authEventsMapper: { ...passport.authEventsMapper, ...SSOAuthEventsMapper },\n};\n","import { errors } from '@strapi/utils';\nimport createLocalStrategy from '../../../../server/src/services/passport/local-strategy';\nimport sso from './passport/sso';\nimport { isSsoLocked } from '../utils/sso-lock';\n\nconst { UnauthorizedError } = errors;\n\nconst localStrategyMiddleware = async ([error, user, message]: any, done: any) => {\n // if we got a user, we need to check that it's not sso locked\n if (user && !error && (await isSsoLocked(user))) {\n return done(\n new UnauthorizedError('Login not allowed, please contact your administrator', {\n code: 'LOGIN_NOT_ALLOWED',\n }),\n user,\n message\n );\n }\n\n return done(error, user, message);\n};\n\nconst getPassportStrategies = () => {\n if (!strapi.ee.features.isEnabled('sso')) {\n return [createLocalStrategy(strapi)];\n }\n\n const localStrategy = createLocalStrategy(strapi, localStrategyMiddleware);\n\n if (!strapi.isLoaded) {\n sso.syncProviderRegistryWithConfig();\n }\n\n // TODO\n // @ts-expect-error check map types\n const providers = sso.providerRegistry.getAll();\n const strategies = providers.map((provider: any) => provider.createStrategy(strapi));\n\n return [localStrategy, ...strategies];\n};\n\nexport default {\n getPassportStrategies,\n ...sso,\n};\n","import { toString } from 'lodash/fp';\nimport { errors } from '@strapi/utils';\n\nconst { ApplicationError } = errors;\n\nconst ssoCheckRolesIdForDeletion = async (ids: any) => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n\n const {\n providers: { defaultRole },\n } = (await adminStore.get({ key: 'auth' })) as any;\n\n for (const roleId of ids) {\n if (defaultRole && toString(defaultRole) === toString(roleId)) {\n throw new ApplicationError(\n 'This role is used as the default SSO role. Make sure to change this configuration before deleting the role'\n );\n }\n }\n};\n\nexport default {\n ssoCheckRolesIdForDeletion,\n};\n","import constants from '../services/constants';\n\nimport type {\n AdminUser,\n AdminRole,\n AdminUserCreationPayload,\n} from '../../../shared/contracts/shared';\n\nconst { SUPER_ADMIN_CODE } = constants;\n\n/\n Create a new user model by merging default and specified attributes\n * @param attributes A partial user object\n /\nexport function createUser(attributes: Partial<AdminUserCreationPayload>) {\n return {\n roles: [],\n isActive: false,\n username: null,\n ...attributes,\n };\n}\n\nexport const hasSuperAdminRole = (user: AdminUser) => {\n return user.roles.filter((role: AdminRole) => role.code === SUPER_ADMIN_CODE).length > 0;\n};\n\nexport const ADMIN_USER_ALLOWED_FIELDS = ['id', 'firstname', 'lastname', 'username'];\n\nexport default {\n createUser,\n hasSuperAdminRole,\n ADMIN_USER_ALLOWED_FIELDS,\n};\n","import _ from 'lodash';\nimport { pipe, map, castArray, toNumber } from 'lodash/fp';\nimport { arrays, errors } from '@strapi/utils';\nimport { hasSuperAdminRole } from '../../../../server/src/domain/user';\nimport constants from '../../../../server/src/services/constants';\nimport { getService } from '../utils';\n\nconst { ValidationError } = errors;\nconst { SUPER_ADMIN_CODE } = constants;\n\n/* Checks if ee disabled users list needs to be updated\n * @param {string} id\n * @param {object} input\n /\nconst updateEEDisabledUsersList = async (id: string, input: any) => {\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const user = disabledUsers.find((user: any) => user.id === Number(id));\n if (!user) {\n return;\n }\n\n if (user.isActive !== input.isActive) {\n const newDisabledUsersList = disabledUsers.filter((user: any) => user.id !== Number(id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n }\n};\n\nconst castNumberArray = pipe(castArray, map(toNumber));\n\nconst removeFromEEDisabledUsersList = async (ids: unknown) => {\n let idsToCheck: any;\n if (typeof ids === 'object') {\n idsToCheck = castNumberArray(ids);\n } else {\n idsToCheck = [Number(ids)];\n }\n\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const newDisabledUsersList = disabledUsers.filter((user: any) => !idsToCheck.includes(user.id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n};\n\n/\n Update a user in database\n * @param id query params to find the user to update\n * @param attributes A partial user object\n * @returns {Promise<user>}\n /\nconst updateById = async (id: any, attributes: any) => {\n // Check at least one super admin remains\n if (_.has(attributes, 'roles')) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const willRemoveSuperAdminRole = !arrays.includesString(attributes.roles, superAdminRole.id);\n\n if (lastAdminUser && willRemoveSuperAdminRole) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // cannot disable last super admin\n if (attributes.isActive === false) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n if (lastAdminUser) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // hash password if a new one is sent\n if (_.has(attributes, 'password')) {\n const hashedPassword = await getService('auth').hashPassword(attributes.password);\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: {\n ...attributes,\n password: hashedPassword,\n },\n populate: ['roles'],\n });\n\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n\n return updatedUser;\n }\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: attributes,\n populate: ['roles'],\n });\n\n await updateEEDisabledUsersList(id, attributes);\n\n if (updatedUser) {\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n }\n\n return updatedUser;\n};\n\n/* Delete a user\n * @param id id of the user to delete\n * @returns {Promise<user>}\n /\nconst deleteById = async (id: unknown) => {\n // Check at least one super admin remains\n const userToDelete = await strapi.db.query('admin::user').findOne({\n where: { id },\n populate: ['roles'],\n });\n\n if (!userToDelete) {\n return null;\n }\n\n if (userToDelete) {\n if (userToDelete.roles.some((r: any) => r.code === SUPER_ADMIN_CODE)) {\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n if (superAdminRole.usersCount === 1) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n }\n\n const deletedUser = await strapi.db\n .query('admin::user')\n .delete({ where: { id }, populate: ['roles'] });\n\n await removeFromEEDisabledUsersList(id);\n\n strapi.eventHub.emit('user.delete', { user: sanitizeUser(deletedUser) });\n\n return deletedUser;\n};\n\n/* Delete a user\n * @param ids ids of the users to delete\n * @returns {Promise<user>}\n /\nconst deleteByIds = async (ids: any) => {\n // Check at least one super admin remains\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const nbOfSuperAdminToDelete = await strapi.db.query('admin::user').count({\n where: {\n id: ids,\n roles: { id: superAdminRole.id },\n },\n });\n\n if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n\n const deletedUsers = [];\n for (const id of ids) {\n const deletedUser = await strapi.db.query('admin::user').delete({\n where: { id },\n populate: ['roles'],\n });\n\n deletedUsers.push(deletedUser);\n }\n\n await removeFromEEDisabledUsersList(ids);\n\n strapi.eventHub.emit('user.delete', {\n users: deletedUsers.map((deletedUser) => sanitizeUser(deletedUser)),\n });\n\n return deletedUsers;\n};\n\nconst sanitizeUserRoles = (role: unknown) => _.pick(role, ['id', 'name', 'description', 'code']);\n\n/\n Check if a user is the last super admin\n * @param {int\|string} userId user's id to look for\n /\nconst isLastSuperAdminUser = async (userId: unknown) => {\n const user = (await findOne(userId)) as any;\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n\n return superAdminRole.usersCount === 1 && hasSuperAdminRole(user);\n};\n\n/\n Remove private user fields\n * @param {Object} user - user to sanitize\n /\nconst sanitizeUser = (user: any) => {\n return {\n ..._.omit(user, ['password', 'resetPasswordToken', 'registrationToken', 'roles']),\n roles: user.roles && user.roles.map(sanitizeUserRoles),\n };\n};\n\n/\n Find one user\n /\nconst findOne = async (id: any, populate = ['roles']) => {\n return strapi.db.query('admin::user').findOne({ where: { id }, populate });\n};\n\nconst getCurrentActiveUserCount = async () => {\n return strapi.db.query('admin::user').count({ where: { isActive: true } });\n};\n\nexport default {\n updateEEDisabledUsersList,\n removeFromEEDisabledUsersList,\n getCurrentActiveUserCount,\n deleteByIds,\n deleteById,\n updateById,\n};\n","import { assign } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { getService } from '../utils';\n\nconst getSSOProvidersList = async () => {\n const { providerRegistry } = strapi.service('admin::passport');\n\n return providerRegistry.getAll().map(({ uid }: { uid: string }) => uid);\n};\n\nconst sendUpdateProjectInformation = async (strapi: Core.Strapi) => {\n let groupProperties = {};\n\n const numberOfActiveAdminUsers = await getService('user').count({ isActive: true });\n const numberOfAdminUsers = await getService('user').count();\n\n if (strapi.ee.features.isEnabled('sso')) {\n const SSOProviders = await getSSOProvidersList();\n\n groupProperties = assign(groupProperties, {\n SSOProviders,\n isSSOConfigured: SSOProviders.length !== 0,\n });\n }\n\n if (strapi.ee.features.isEnabled('cms-content-releases')) {\n const numberOfContentReleases = await strapi\n .db!.query('plugin::content-releases.release')\n .count();\n\n const numberOfPublishedContentReleases = await strapi\n .db!.query('plugin::content-releases.release')\n .count({\n filters: { releasedAt: { $notNull: true } },\n });\n\n groupProperties = assign(groupProperties, {\n numberOfContentReleases,\n numberOfPublishedContentReleases,\n });\n }\n\n groupProperties = assign(groupProperties, { numberOfActiveAdminUsers, numberOfAdminUsers });\n\n strapi.telemetry.send('didUpdateProjectInformation', {\n groupProperties,\n });\n};\n\nconst startCron = (strapi: Core.Strapi) => {\n strapi.cron.add({\n '0 0 0 * ': () => sendUpdateProjectInformation(strapi),\n });\n};\n\nexport default { startCron, getSSOProvidersList, sendUpdateProjectInformation };\n","import { take, drop, map, prop, pick, reverse, isNil } from 'lodash/fp';\nimport { getService } from '../utils';\nimport constants from '../../../../server/src/services/constants';\n\nconst { SUPER_ADMIN_CODE } = constants;\n\n/\n Keeps the list of users disabled by the seat enforcement service\n /\nconst getDisabledUserList = async () => {\n return strapi.store.get({ type: 'ee', key: 'disabled_users' });\n};\n\nconst enableMaximumUserCount = async (numberOfUsersToEnable: number) => {\n const disabledUsers = (await getDisabledUserList()) as any;\n const orderedDisabledUsers = reverse(disabledUsers);\n\n const usersToEnable = take(numberOfUsersToEnable, orderedDisabledUsers);\n\n await strapi.db.query('admin::user').updateMany({\n where: { id: map(prop('id'), usersToEnable) },\n data: { isActive: true },\n });\n\n const remainingDisabledUsers = drop(numberOfUsersToEnable, orderedDisabledUsers);\n\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: remainingDisabledUsers,\n });\n};\n\nconst disableUsersAboveLicenseLimit = async (numberOfUsersToDisable: number) => {\n const currentlyDisabledUsers: any = (await getDisabledUserList()) ?? [];\n\n const usersToDisable = [];\n const nonSuperAdminUsersToDisable = await strapi.db.query('admin::user').findMany({\n where: {\n isActive: true,\n roles: {\n code: { $ne: SUPER_ADMIN_CODE },\n },\n },\n orderBy: { createdAt: 'DESC' },\n limit: numberOfUsersToDisable,\n });\n\n usersToDisable.push(...nonSuperAdminUsersToDisable);\n\n if (nonSuperAdminUsersToDisable.length < numberOfUsersToDisable) {\n const superAdminUsersToDisable = await strapi.db.query('admin::user').findMany({\n where: {\n isActive: true,\n roles: { code: SUPER_ADMIN_CODE },\n },\n orderBy: { createdAt: 'DESC' },\n limit: numberOfUsersToDisable - nonSuperAdminUsersToDisable.length,\n });\n\n usersToDisable.push(...superAdminUsersToDisable);\n }\n\n await strapi.db.query('admin::user').updateMany({\n where: { id: map(prop('id'), usersToDisable) },\n data: { isActive: false },\n });\n\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: currentlyDisabledUsers.concat(map(pick(['id', 'isActive']), usersToDisable)),\n });\n};\n\nconst syncDisabledUserRecords = async () => {\n const disabledUsers = await strapi.store.get({ type: 'ee', key: 'disabled_users' });\n\n if (!disabledUsers) {\n return;\n }\n\n await strapi.db.query('admin::user').updateMany({\n where: { id: map(prop('id'), disabledUsers) },\n data: { isActive: false },\n });\n};\n\nconst seatEnforcementWorkflow = async () => {\n const adminSeats = strapi.ee.seats;\n if (isNil(adminSeats)) {\n return;\n }\n\n // TODO: we need to make sure an admin can decide to disable specific user and reactivate others\n await syncDisabledUserRecords();\n\n const currentActiveUserCount = await getService('user').getCurrentActiveUserCount();\n\n const adminSeatsLeft = adminSeats - currentActiveUserCount;\n\n if (adminSeatsLeft > 0) {\n await enableMaximumUserCount(adminSeatsLeft);\n } else if (adminSeatsLeft < 0) {\n await disableUsersAboveLicenseLimit(-adminSeatsLeft);\n }\n};\n\nexport default {\n seatEnforcementWorkflow,\n getDisabledUserList,\n};\n","import auth from './auth';\nimport passport from './passport';\nimport role from './role';\nimport user from './user';\nimport metrics from './metrics';\nimport seatEnforcement from './seat-enforcement';\n\nexport default {\n auth,\n passport,\n role,\n user,\n metrics,\n 'seat-enforcement': seatEnforcement,\n};\n","import { yup, validateYupSchema } from '@strapi/utils';\n\nconst providerOptionsUpdateSchema = yup.object().shape({\n autoRegister: yup.boolean().required(),\n defaultRole: yup\n .strapiID()\n .when('autoRegister', (value, initSchema) => {\n return value ? initSchema.required() : initSchema.nullable();\n })\n .test('is-valid-role', 'You must submit a valid default role', (roleId) => {\n if (roleId === null) {\n return true;\n }\n return strapi.service('admin::role').exists({ id: roleId });\n }),\n ssoLockedRoles: yup\n .array()\n .nullable()\n .of(\n yup\n .strapiID()\n .test(\n 'is-valid-role',\n 'You must submit a valid role for the SSO Locked roles',\n (roleId) => {\n return strapi.service('admin::role').exists({ id: roleId });\n }\n )\n ),\n});\n\nexport const validateProviderOptionsUpdate = validateYupSchema(providerOptionsUpdateSchema);\n\nexport default {\n validateProviderOptionsUpdate,\n};\n","export const PROVIDER_REDIRECT_BASE = '/auth/login';\nexport const PROVIDER_REDIRECT_SUCCESS = `${PROVIDER_REDIRECT_BASE}/success`;\nexport const PROVIDER_REDIRECT_ERROR = `${PROVIDER_REDIRECT_BASE}/error`;\n\nexport default {\n PROVIDER_REDIRECT_BASE,\n PROVIDER_REDIRECT_SUCCESS,\n PROVIDER_REDIRECT_ERROR,\n};\n","import { mapValues } from 'lodash/fp';\nimport { PROVIDER_REDIRECT_ERROR, PROVIDER_REDIRECT_SUCCESS } from './constants';\n\nconst PROVIDER_URLS_MAP = {\n success: PROVIDER_REDIRECT_SUCCESS,\n error: PROVIDER_REDIRECT_ERROR,\n};\n\nexport const getAdminStore = async () => strapi.store({ type: 'core', name: 'admin' });\n\nexport const getPrefixedRedirectUrls = () => {\n const { url: adminUrl } = strapi.config.get('admin') as any;\n const prefixUrl = (url: string) => `${adminUrl \|\| '/admin'}${url}`;\n\n return mapValues(prefixUrl, PROVIDER_URLS_MAP);\n};\n\nexport default {\n getAdminStore,\n getPrefixedRedirectUrls,\n};\n","import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error \|\| !profile \|\| !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error \|\| defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user \|\| profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname \|\| !lastname);\n\n if (!providers.autoRegister \|\| !providers.defaultRole \|\| isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const domain: string \| undefined = strapi.config.get('admin.auth.domain');\n const { user } = ctx.state;\n\n const jwt = getService('token').createJwtToken(user);\n\n const isProduction = strapi.config.get('environment') === 'production';\n\n const cookiesOptions = { httpOnly: false, secure: isProduction, overwrite: true, domain };\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.cookies.set('jwtToken', jwt, cookiesOptions);\n ctx.redirect(redirectUrls.success);\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n","import type { Context, Next } from 'koa';\n\nimport { pick } from 'lodash/fp';\nimport compose from 'koa-compose';\nimport { errors } from '@strapi/utils';\nimport { validateProviderOptionsUpdate } from '../validation/authentication';\nimport { middlewares, utils } from './authentication-utils';\n\nconst toProviderDTO = pick(['uid', 'displayName', 'icon']);\nconst toProviderLoginOptionsDTO = pick(['autoRegister', 'defaultRole', 'ssoLockedRoles']);\n\nconst { ValidationError } = errors;\n\nconst providerAuthenticationFlow = compose([\n middlewares.authenticate,\n middlewares.redirectWithAuth,\n]);\n\nexport default {\n async getProviders(ctx: Context) {\n const { providerRegistry } = strapi.service('admin::passport');\n\n ctx.body = providerRegistry.getAll().map(toProviderDTO);\n },\n\n async getProviderLoginOptions(ctx: Context) {\n const adminStore = await utils.getAdminStore();\n const { providers: providersOptions } = (await adminStore.get({ key: 'auth' })) as any;\n\n ctx.body = {\n data: toProviderLoginOptionsDTO(providersOptions),\n };\n },\n\n async updateProviderLoginOptions(ctx: Context) {\n const {\n request: { body },\n } = ctx;\n\n await validateProviderOptionsUpdate(body);\n\n const adminStore = await utils.getAdminStore();\n const currentAuthOptions = (await adminStore.get({ key: 'auth' })) as any;\n const newAuthOptions = { ...currentAuthOptions, providers: body };\n await adminStore.set({ key: 'auth', value: newAuthOptions });\n\n strapi.telemetry.send('didUpdateSSOSettings');\n\n ctx.body = {\n data: toProviderLoginOptionsDTO(newAuthOptions.providers),\n };\n },\n\n providerLogin(ctx: Context, next: Next) {\n const {\n params: { provider: providerName },\n } = ctx;\n\n const { providerRegistry } = strapi.service('admin::passport');\n\n if (!providerRegistry.has(providerName)) {\n throw new ValidationError(`Invalid provider supplied: ${providerName}`);\n }\n\n return providerAuthenticationFlow(ctx, next);\n },\n};\n","import { yup, validateYupSchema } from '@strapi/utils';\n\nconst roleCreateSchema = yup\n .object()\n .shape({\n name: yup.string().min(1).required(),\n description: yup.string().nullable(),\n })\n .noUnknown();\n\nconst rolesDeleteSchema = yup\n .object()\n .shape({\n ids: yup\n .array()\n .of(yup.strapiID())\n .min(1)\n .required()\n .test(\n 'roles-deletion-checks',\n 'Roles deletion checks have failed',\n async function rolesDeletionChecks(ids) {\n try {\n await strapi.service('admin::role').checkRolesIdForDeletion(ids);\n\n if (strapi.ee.features.isEnabled('sso')) {\n await strapi.service('admin::role').ssoCheckRolesIdForDeletion(ids);\n }\n } catch (e: any) {\n return this.createError({ path: 'ids', message: e.message });\n }\n\n return true;\n }\n ),\n })\n .noUnknown();\n\nconst roleDeleteSchema = yup\n .strapiID()\n .required()\n .test(\n 'no-admin-single-delete',\n 'Role deletion checks have failed',\n async function noAdminSingleDelete(id) {\n try {\n await strapi.service('admin::role').checkRolesIdForDeletion([id]);\n\n if (strapi.ee.features.isEnabled('sso')) {\n await strapi.service('admin::role').ssoCheckRolesIdForDeletion([id]);\n }\n } catch (e: any) {\n return this.createError({ path: 'id', message: e.message });\n }\n\n return true;\n }\n );\n\nexport const validateRoleCreateInput = validateYupSchema(roleCreateSchema);\nexport const validateRolesDeleteInput = validateYupSchema(rolesDeleteSchema);\nexport const validateRoleDeleteInput = validateYupSchema(roleDeleteSchema);\n\nexport default {\n validateRoleCreateInput,\n validateRolesDeleteInput,\n validateRoleDeleteInput,\n};\n","import type { Context } from 'koa';\n\nimport {\n validateRoleCreateInput,\n validateRoleDeleteInput,\n validateRolesDeleteInput,\n} from '../validation/role';\nimport { getService } from '../utils';\n\nexport default {\n /\n Create a new role\n * @param {KoaContext} ctx - koa context\n /\n async create(ctx: Context) {\n await validateRoleCreateInput(ctx.request.body);\n\n const roleService = getService('role');\n\n const role = await roleService.create(ctx.request.body);\n const sanitizedRole = roleService.sanitizeRole(role);\n\n ctx.created({ data: sanitizedRole });\n },\n\n /\n Delete a role\n * @param {KoaContext} ctx - koa context\n /\n async deleteOne(ctx: Context) {\n const { id } = ctx.params;\n\n await validateRoleDeleteInput(id);\n\n const roleService = getService('role');\n\n const roles = await roleService.deleteByIds([id]);\n\n const sanitizedRole = roles.map((role: unknown) => roleService.sanitizeRole(role))[0] \|\| null;\n\n return ctx.deleted({\n data: sanitizedRole,\n });\n },\n\n /\n delete several roles\n * @param {KoaContext} ctx - koa context\n /\n async deleteMany(ctx: Context) {\n const { body } = ctx.request;\n\n await validateRolesDeleteInput(body);\n\n const roleService = getService('role');\n\n const roles = await roleService.deleteByIds(body.ids);\n const sanitizedRoles = roles.map(roleService.sanitizeRole);\n\n return ctx.deleted({\n data: sanitizedRoles,\n });\n },\n};\n","import type { Utils } from '@strapi/types';\n\nimport { curry, pipe, merge, set, pick, omit, includes, isArray, prop } from 'lodash/fp';\n\nexport type Action = {\n actionId: string; // The unique identifier of the action\n section: string; // The section linked to the action - These can be 'contentTypes' \| 'plugins' \| 'settings' \| 'internal'\n displayName: string; // The human readable name of an action\n category: string; // The main category of an action\n subCategory?: string; // The secondary category of an action (only for settings and plugins section)\n pluginName?: string; // The plugin which provide the action\n subjects?: string[]; // A list of subjects on which the action can be applied\n options: {\n // The options of an action\n applyToProperties: string[] \| null; // The list of properties that can be associated with an action\n };\n};\n\n/\n Set of attributes used to create a new {@link Action} object\n * @typedef {Action, { uid: string }} CreateActionPayload\n /\nexport type CreateActionPayload = Utils.Intersect<\n [\n Utils.Object.PartialBy<\n // Action Id is computed from the uid value\n Omit<Action, 'actionId'>,\n // Options is filled with default values\n 'options'\n >,\n { uid: string },\n ]\n>;\n\n/\n Return the default attributes of a new {@link Action}\n * @return Partial<Action>\n /\nconst getDefaultActionAttributes = (): Partial<Action> => ({\n options: {\n applyToProperties: null,\n },\n});\n\n/\n Get the list of all the valid attributes of an {@link Action}\n /\nconst actionFields = [\n 'section',\n 'displayName',\n 'category',\n 'subCategory',\n 'pluginName',\n 'subjects',\n 'options',\n 'actionId',\n] as const;\n\n/\n Remove unwanted attributes from an {@link Action}\n /\nconst sanitizeActionAttributes = pick(actionFields) as (\n action: Action \| CreateActionPayload\n) => Action;\n\n/\n Create and return an identifier for an {@link CreateActionPayload}.\n * The format is based on the action's source ({@link CreateActionPayload.pluginName} or 'application') and {@link CreateActionPayload.uid}.\n * @param {CreateActionPayload} attributes\n * @return {string}\n /\n// TODO: TS - Use Common.UID\nconst computeActionId = (attributes: CreateActionPayload): string => {\n const { pluginName, uid } = attributes;\n\n if (!pluginName) {\n return `api::${uid}`;\n }\n\n if (pluginName === 'admin') {\n return `admin::${uid}`;\n }\n\n return `plugin::${pluginName}.${uid}`;\n};\n\n/\n Assign an actionId attribute to an {@link CreateActionPayload} object\n /\nconst assignActionId = (attrs: CreateActionPayload) =>\n set('actionId', computeActionId(attrs), attrs);\n\n/\n Transform an action by adding or removing the {@link Action.subCategory} attribute\n * @param {Action} action - The action to process\n * @return {Action}\n /\nconst assignOrOmitSubCategory = (action: Action): Action => {\n const shouldHaveSubCategory = ['settings', 'plugins'].includes(action.section);\n\n return shouldHaveSubCategory\n ? set('subCategory', action.subCategory \|\| 'general', action)\n : omit('subCategory', action);\n};\n\n/\n Check if a property can be applied to an {@link Action}\n /\nconst appliesToProperty = curry((property: string, action: Action): boolean => {\n return pipe(prop('options.applyToProperties'), includes(property))(action);\n});\n\n/\n Check if an action applies to a subject\n /\nconst appliesToSubject = curry((subject: string, action: Action): boolean => {\n return isArray(action.subjects) && includes(subject, action.subjects);\n});\n\n/\n Transform the given attributes into a domain representation of an Action\n /\nconst create: (payload: CreateActionPayload) => Action = pipe(\n // Create and assign an action identifier to the action\n // (need to be done before the sanitizeActionAttributes since we need the uid here)\n assignActionId,\n // Add or remove the sub category field based on the pluginName attribute\n assignOrOmitSubCategory,\n // Remove unwanted attributes from the payload\n sanitizeActionAttributes,\n // Complete the action creation by adding default values for some attributes\n merge(getDefaultActionAttributes())\n);\n\nexport default {\n actionFields,\n appliesToProperty,\n appliesToSubject,\n assignActionId,\n assignOrOmitSubCategory,\n create,\n computeActionId,\n getDefaultActionAttributes,\n sanitizeActionAttributes,\n};\n","import _ from 'lodash';\n\nconst checkFieldsAreCorrectlyNested = (fields: unknown) => {\n if (_.isNil(fields)) {\n // Only check if the fields exist\n return true;\n }\n if (!Array.isArray(fields)) {\n return false;\n }\n\n let failed = false;\n for (let indexA = 0; indexA < fields.length; indexA += 1) {\n failed = fields\n .slice(indexA + 1)\n .some(\n (fieldB) =>\n fieldB.startsWith(`${fields[indexA]}.`) \|\| fields[indexA].startsWith(`${fieldB}.`)\n );\n if (failed) break;\n }\n\n return !failed;\n};\n\nexport default checkFieldsAreCorrectlyNested;\n","import _ from 'lodash';\n\nconst checkFieldsDontHaveDuplicates = (fields: unknown) => {\n if (_.isNil(fields)) {\n // Only check if the fields exist\n return true;\n }\n if (!Array.isArray(fields)) {\n return false;\n }\n\n return _.uniq(fields).length === fields.length;\n};\n\nexport default checkFieldsDontHaveDuplicates;\n","import { yup } from '@strapi/utils';\nimport _ from 'lodash';\nimport { isEmpty, has, isNil, isArray } from 'lodash/fp';\nimport { getService } from '../utils';\nimport actionDomain, { type Action } from '../domain/action';\nimport { checkFieldsAreCorrectlyNested, checkFieldsDontHaveDuplicates } from './common-functions';\nimport actions from '../domain/action/index';\n\nconst { actionFields } = actions;\n\nconst getActionFromProvider = (actionId: string) => {\n return getService('permission').actionProvider.get(actionId);\n};\n\nexport const email = yup.string().email().lowercase();\n\nexport const firstname = yup.string().trim().min(1);\n\nexport const lastname = yup.string();\n\nexport const username = yup.string().min(1);\n\nexport const password = yup\n .string()\n .min(8)\n .matches(/[a-z]/, '${path} must contain at least one lowercase character')\n .matches(/[A-Z]/, '${path} must contain at least one uppercase character')\n .matches(/\\d/, '${path} must contain at least one number');\n\nexport const roles = yup.array(yup.strapiID()).min(1);\n\nconst isAPluginName = yup\n .string()\n .test('is-a-plugin-name', 'is not a plugin name', function (value) {\n return [undefined, 'admin', ...Object.keys(strapi.plugins)].includes(value)\n ? true\n : this.createError({ path: this.path, message: `${this.path} is not an existing plugin` });\n });\n\nexport const arrayOfConditionNames = yup\n .array()\n .of(yup.string())\n .test('is-an-array-of-conditions', 'is not a plugin name', function (value) {\n const ids = strapi.service('admin::permission').conditionProvider.keys();\n return _.isUndefined(value) \|\| _.difference(value, ids).length === 0\n ? true\n : this.createError({ path: this.path, message: `contains conditions that don't exist` });\n });\n\nexport const permissionsAreEquals = (a: any, b: any) =>\n a.action === b.action && (a.subject === b.subject \|\| (_.isNil(a.subject) && _.isNil(b.subject)));\n\nconst checkNoDuplicatedPermissions = (permissions: unknown) =>\n !Array.isArray(permissions) \|\|\n permissions.every((permA, i) =>\n permissions.slice(i + 1).every((permB) => !permissionsAreEquals(permA, permB))\n );\n\nconst checkNilFields = (action: Action) =>\n function (fields: typeof actionFields) {\n // If the parent has no action field, then we ignore this test\n if (isNil(action)) {\n return true;\n }\n\n return actionDomain.appliesToProperty('fields', action) \|\| isNil(fields);\n };\n\nconst fieldsPropertyValidation = (action: Action) =>\n yup\n .array()\n .of(yup.string())\n .nullable()\n .test(\n 'field-nested',\n 'Fields format are incorrect (bad nesting).',\n checkFieldsAreCorrectlyNested\n )\n .test(\n 'field-nested',\n 'Fields format are incorrect (duplicates).',\n checkFieldsDontHaveDuplicates\n )\n .test(\n 'fields-restriction',\n 'The permission at ${path} must have fields set to null or undefined',\n // @ts-expect-error yup types\n checkNilFields(action)\n );\n\nexport const permission = yup\n .object()\n .shape({\n action: yup\n .string()\n .required()\n .test('action-validity', 'action is not an existing permission action', function (actionId) {\n // If the action field is Nil, ignore the test and let the required check handle the error\n if (isNil(actionId)) {\n return true;\n }\n\n return !!getActionFromProvider(actionId);\n }),\n actionParameters: yup.object().nullable(),\n subject: yup\n .string()\n .nullable()\n .test('subject-validity', 'Invalid subject submitted', function (subject) {\n // @ts-expect-error yup types\n const action = getActionFromProvider(this.options.parent.action);\n\n if (!action) {\n return true;\n }\n\n if (isNil(action.subjects)) {\n return isNil(subject);\n }\n\n if (isArray(action.subjects)) {\n return action.subjects.includes(subject);\n }\n\n return false;\n }),\n properties: yup\n .object()\n .test('properties-structure', 'Invalid property set at ${path}', function (properties) {\n // @ts-expect-error yup types\n const action = getActionFromProvider(this.options.parent.action) as any;\n const hasNoProperties = isEmpty(properties) \|\| isNil(properties);\n\n if (!has('options.applyToProperties', action)) {\n return hasNoProperties;\n }\n\n if (hasNoProperties) {\n return true;\n }\n\n const { applyToProperties } = action.options;\n\n if (!isArray(applyToProperties)) {\n return false;\n }\n\n return Object.keys(properties).every((property) => applyToProperties.includes(property));\n })\n .test(\n 'fields-property',\n 'Invalid fields property at ${path}',\n async function (properties = {}) {\n // @ts-expect-error yup types\n const action = getActionFromProvider(this.options.parent.action) as any;\n\n if (!action \|\| !properties) {\n return true;\n }\n\n if (!actionDomain.appliesToProperty('fields', action)) {\n return true;\n }\n\n try {\n await fieldsPropertyValidation(action).validate(properties.fields, {\n strict: true,\n abortEarly: false,\n });\n return true;\n } catch (e: any) {\n // Propagate fieldsPropertyValidation error with updated path\n throw this.createError({\n message: e.message,\n path: `${this.path}.fields`,\n });\n }\n }\n ),\n conditions: yup.array().of(yup.string()),\n })\n .noUnknown();\n\nexport const updatePermissions = yup\n .object()\n .shape({\n permissions: yup\n .array()\n .required()\n .of(permission)\n .test(\n 'duplicated-permissions',\n 'Some permissions are duplicated (same action and subject)',\n checkNoDuplicatedPermissions\n ),\n })\n .required()\n .noUnknown();\n\nexport default {\n email,\n firstname,\n lastname,\n username,\n password,\n roles,\n isAPluginName,\n arrayOfConditionNames,\n permission,\n updatePermissions,\n};\n","import { isUndefined } from 'lodash/fp';\nimport { yup, validateYupSchema } from '@strapi/utils';\nimport validators from './common-validators';\n\nconst userCreationSchema = yup\n .object()\n .shape({\n email: validators.email.required(),\n firstname: validators.firstname.required(),\n lastname: validators.lastname,\n roles: validators.roles.min(1),\n preferedLanguage: yup.string().nullable(),\n })\n .noUnknown();\n\nconst profileUpdateSchema = yup\n .object()\n .shape({\n email: validators.email.notNull(),\n firstname: validators.firstname.notNull(),\n lastname: validators.lastname.nullable(),\n username: validators.username.nullable(),\n password: validators.password.notNull(),\n currentPassword: yup\n .string()\n .when('password', (password: string, schema: any) =>\n !isUndefined(password) ? schema.required() : schema\n )\n .notNull(),\n preferedLanguage: yup.string().nullable(),\n })\n .noUnknown();\n\nconst userUpdateSchema = yup\n .object()\n .shape({\n email: validators.email.notNull(),\n firstname: validators.firstname.notNull(),\n lastname: validators.lastname.nullable(),\n username: validators.username.nullable(),\n password: validators.password.notNull(),\n isActive: yup.bool().notNull(),\n roles: validators.roles.min(1).notNull(),\n })\n .noUnknown();\n\nconst usersDeleteSchema = yup\n .object()\n .shape({\n ids: yup.array().of(yup.strapiID()).min(1).required(),\n })\n .noUnknown();\n\nexport const validateUserCreationInput = validateYupSchema(userCreationSchema);\nexport const validateProfileUpdateInput = validateYupSchema(profileUpdateSchema);\nexport const validateUserUpdateInput = validateYupSchema(userUpdateSchema);\nexport const validateUsersDeleteInput = validateYupSchema(usersDeleteSchema);\nexport const schemas = {\n userCreationSchema,\n usersDeleteSchema,\n userUpdateSchema,\n};\n\nexport default {\n validateUserCreationInput,\n validateProfileUpdateInput,\n validateUserUpdateInput,\n validateUsersDeleteInput,\n schemas,\n};\n","import { yup, validateYupSchema } from '@strapi/utils';\nimport { schemas } from '../../../../server/src/validation/user';\n\nconst ssoUserCreationInputExtension = yup\n .object()\n .shape({\n useSSORegistration: yup.boolean(),\n })\n .noUnknown();\n\nexport const validateUserCreationInput = (data: any) => {\n let schema = schemas.userCreationSchema;\n\n if (strapi.ee.features.isEnabled('sso')) {\n schema = schema.concat(ssoUserCreationInputExtension);\n }\n\n return validateYupSchema(schema)(data);\n};\n\nexport default {\n validateUserCreationInput,\n};\n","import type { Context } from 'koa';\n\nimport _ from 'lodash';\nimport { pick, isNil } from 'lodash/fp';\nimport { errors } from '@strapi/utils';\nimport { validateUserCreationInput } from '../validation/user';\nimport { validateUserUpdateInput } from '../../../../server/src/validation/user';\nimport { getService } from '../utils';\nimport { isSsoLocked } from '../utils/sso-lock';\n\nconst { ApplicationError, ForbiddenError } = errors;\n\nconst pickUserCreationAttributes = pick(['firstname', 'lastname', 'email', 'roles']);\n\nconst hasAdminSeatsAvaialble = async () => {\n if (!strapi.EE) {\n return true;\n }\n\n const permittedSeats = strapi.ee.seats as any;\n if (isNil(permittedSeats)) {\n return true;\n }\n\n const userCount = await strapi.service('admin::user').getCurrentActiveUserCount();\n\n if (userCount < permittedSeats) {\n return true;\n }\n};\n\nexport default {\n async create(ctx: Context) {\n if (!(await hasAdminSeatsAvaialble())) {\n throw new ForbiddenError('License seat limit reached. You cannot create a new user');\n }\n\n const { body } = ctx.request;\n const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };\n\n await validateUserCreationInput(cleanData);\n\n const attributes = pickUserCreationAttributes(cleanData);\n const { useSSORegistration } = cleanData;\n\n const userAlreadyExists = await getService('user').exists({ email: attributes.email });\n\n if (userAlreadyExists) {\n throw new ApplicationError('Email already taken');\n }\n\n if (useSSORegistration) {\n Object.assign(attributes, { registrationToken: null, isActive: true });\n }\n\n const createdUser = await getService('user').create(attributes);\n const userInfo = getService('user').sanitizeUser(createdUser);\n\n // Note: We need to assign manually the registrationToken to the\n // final user payload so that it's not removed in the sanitation process.\n Object.assign(userInfo, { registrationToken: createdUser.registrationToken });\n\n ctx.created({ data: userInfo });\n },\n\n async update(ctx: Context) {\n const { id } = ctx.params;\n const { body: input } = ctx.request;\n\n await validateUserUpdateInput(input);\n\n if (_.has(input, 'email')) {\n const uniqueEmailCheck = await getService('user').exists({\n id: { $ne: id },\n email: input.email,\n });\n\n if (uniqueEmailCheck) {\n throw new ApplicationError('A user with this email address already exists');\n }\n }\n\n const user = await getService('user').findOne(id, null);\n\n if (!(await hasAdminSeatsAvaialble()) && !user.isActive && input.isActive) {\n throw new ForbiddenError('License seat limit reached. You cannot active this user');\n }\n\n const updatedUser = await getService('user').updateById(id, input);\n\n if (!updatedUser) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(updatedUser),\n };\n },\n\n async isSSOLocked(ctx: Context) {\n const { user } = ctx.state;\n const isSSOLocked = await isSsoLocked(user);\n\n ctx.body = {\n data: {\n isSSOLocked,\n },\n };\n },\n};\n","import { isNil } from 'lodash/fp';\nimport { env } from '@strapi/utils';\nimport { getService } from '../utils';\n\nexport default {\n // NOTE: Overrides CE admin controller\n async getProjectType() {\n const flags = strapi.config.get('admin.flags', {});\n try {\n return { data: { isEE: strapi.EE, features: strapi.ee.features.list(), flags } };\n } catch (err) {\n return { data: { isEE: false, features: [], flags } };\n }\n },\n\n async licenseLimitInformation() {\n const permittedSeats = strapi.ee.seats;\n\n let shouldNotify = false;\n let licenseLimitStatus = null;\n let enforcementUserCount;\n\n const currentActiveUserCount = await getService('user').getCurrentActiveUserCount();\n\n const eeDisabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (eeDisabledUsers) {\n enforcementUserCount = currentActiveUserCount + eeDisabledUsers.length;\n } else {\n enforcementUserCount = currentActiveUserCount;\n }\n\n if (!isNil(permittedSeats) && enforcementUserCount > permittedSeats) {\n shouldNotify = true;\n licenseLimitStatus = 'OVER_LIMIT';\n }\n\n if (!isNil(permittedSeats) && enforcementUserCount === permittedSeats) {\n shouldNotify = true;\n licenseLimitStatus = 'AT_LIMIT';\n }\n\n const data = {\n enforcementUserCount,\n currentActiveUserCount,\n permittedSeats,\n shouldNotify,\n shouldStopCreate: isNil(permittedSeats) ? false : currentActiveUserCount >= permittedSeats,\n licenseLimitStatus,\n isHostedOnStrapiCloud: env('STRAPI_HOSTING', null) === 'strapi.cloud',\n features: strapi.ee.features.list() ?? [],\n };\n\n return { data };\n },\n};\n","import type {} from 'koa-body';\n\nimport authentication from './authentication';\nimport role from './role';\nimport user from './user';\nimport admin from './admin';\n\nexport default {\n authentication,\n role,\n user,\n admin,\n};\n","import type { Core } from '@strapi/types';\n\nexport const enableFeatureMiddleware: Core.MiddlewareFactory =\n (featureName: string) => (ctx, next) => {\n if (strapi.ee.features.isEnabled(featureName)) {\n return next();\n }\n\n ctx.status = 404;\n };\n\nexport default {\n enableFeatureMiddleware,\n};\n","import { enableFeatureMiddleware } from './utils';\n\nexport default {\n type: 'admin',\n routes: [\n {\n method: 'GET',\n path: '/providers',\n handler: 'authentication.getProviders',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n auth: false,\n },\n },\n {\n method: 'GET',\n path: '/connect/:provider',\n handler: 'authentication.providerLogin',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n auth: false,\n },\n },\n {\n method: 'POST',\n path: '/connect/:provider',\n handler: 'authentication.providerLogin',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n auth: false,\n },\n },\n {\n method: 'GET',\n path: '/providers/options',\n handler: 'authentication.getProviderLoginOptions',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::provider-login.read'] } },\n ],\n },\n },\n {\n method: 'PUT',\n path: '/providers/options',\n handler: 'authentication.updateProviderLoginOptions',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::provider-login.update'] } },\n ],\n },\n },\n {\n method: 'GET',\n path: '/providers/isSSOLocked',\n handler: 'user.isSSOLocked',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n ],\n};\n","export default {\n type: 'admin',\n routes: [\n // License limit infos\n {\n method: 'GET',\n path: '/license-limit-information',\n handler: 'admin.licenseLimitInformation',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n {\n name: 'admin::hasPermissions',\n config: {\n actions: [\n 'admin::users.create',\n 'admin::users.read',\n 'admin::users.update',\n 'admin::users.delete',\n ],\n },\n },\n ],\n },\n },\n ],\n};\n","import sso from './sso';\nimport licenseLimit from './license-limit';\n\nexport default {\n sso,\n 'license-limit': licenseLimit,\n};\n","import { enableFeatureMiddleware } from '../../routes/utils';\n\nexport default {\n type: 'admin',\n routes: [\n {\n method: 'GET',\n path: '/audit-logs',\n handler: 'audit-logs.findMany',\n config: {\n middlewares: [enableFeatureMiddleware('audit-logs')],\n policies: [\n 'admin::isAuthenticatedAdmin',\n {\n name: 'admin::hasPermissions',\n config: {\n actions: ['admin::audit-logs.read'],\n },\n },\n ],\n },\n },\n {\n method: 'GET',\n path: '/audit-logs/:id',\n handler: 'audit-logs.findOne',\n config: {\n middlewares: [enableFeatureMiddleware('audit-logs')],\n policies: [\n 'admin::isAuthenticatedAdmin',\n {\n name: 'admin::hasPermissions',\n config: {\n actions: ['admin::audit-logs.read'],\n },\n },\n ],\n },\n },\n ],\n};\n","import { yup, validateYupSchema } from '@strapi/utils';\n\nconst ALLOWED_SORT_STRINGS = ['action:ASC', 'action:DESC', 'date:ASC', 'date:DESC'];\n\nconst validateFindManySchema = yup\n .object()\n .shape({\n page: yup.number().integer().min(1),\n pageSize: yup.number().integer().min(1).max(100),\n sort: yup.mixed().oneOf(ALLOWED_SORT_STRINGS),\n })\n .required();\n\nexport const validateFindMany = validateYupSchema(validateFindManySchema, { strict: false });\n\nexport default {\n validateFindMany,\n};\n","import type { Context } from 'koa';\n\nimport { validateFindMany } from '../validation/audit-logs';\n\nexport default {\n async findMany(ctx: Context) {\n const { query } = ctx.request;\n await validateFindMany(query);\n\n const auditLogs = strapi.get('audit-logs');\n const body = await auditLogs.findMany(query);\n\n ctx.body = body;\n },\n\n async findOne(ctx: Context) {\n const { id } = ctx.params;\n\n const auditLogs = strapi.get('audit-logs');\n const body = await auditLogs.findOne(id);\n\n ctx.body = body;\n\n strapi.telemetry.send('didWatchAnAuditLog');\n },\n};\n","import type { Core } from '@strapi/types';\n\ninterface Event {\n action: string;\n date: Date;\n userId: string \| number;\n payload: Record<string, unknown>;\n}\n\ninterface Log extends Omit<Event, 'userId'> {\n user: string \| number;\n}\n\nconst getSanitizedUser = (user: any) => {\n let displayName = user.email;\n\n if (user.username) {\n displayName = user.username;\n } else if (user.firstname && user.lastname) {\n displayName = `${user.firstname} ${user.lastname}`;\n }\n\n return {\n id: user.id,\n email: user.email,\n displayName,\n };\n};\n\n/\n @description\n * Manages audit logs interaction with the database. Accessible via strapi.get('audit-logs')\n /\nconst createAuditLogsService = (strapi: Core.Strapi) => {\n return {\n async saveEvent(event: Event) {\n const { userId, ...rest } = event;\n\n const auditLog: Log = { ...rest, user: userId };\n\n // Save to database\n await strapi.db?.query('admin::audit-log').create({ data: auditLog });\n\n return this;\n },\n\n async findMany(query: unknown) {\n const { results, pagination } = await strapi.db?.query('admin::audit-log').findPage({\n populate: ['user'],\n select: ['action', 'date', 'payload'],\n ...strapi.get('query-params').transform('admin::audit-log', query),\n });\n\n const sanitizedResults = results.map((result: any) => {\n const { user, ...rest } = result;\n return {\n ...rest,\n user: user ? getSanitizedUser(user) : null,\n };\n });\n\n return {\n results: sanitizedResults,\n pagination,\n };\n },\n\n async findOne(id: unknown) {\n const result: any = await strapi.db?.query('admin::audit-log').findOne({\n where: { id },\n populate: ['user'],\n select: ['action', 'date', 'payload'],\n });\n\n if (!result) {\n return null;\n }\n\n const { user, ...rest } = result;\n return {\n ...rest,\n user: user ? getSanitizedUser(user) : null,\n };\n },\n\n deleteExpiredEvents(expirationDate: Date) {\n return strapi.db?.query('admin::audit-log').deleteMany({\n where: {\n date: {\n $lt: expirationDate.toISOString(),\n },\n },\n });\n },\n };\n};\n\nexport { createAuditLogsService };\n","import type { Core } from '@strapi/types';\nimport { scheduleJob } from 'node-schedule';\n\nconst DEFAULT_RETENTION_DAYS = 90;\n\nconst defaultEvents = [\n 'entry.create',\n 'entry.update',\n 'entry.delete',\n 'entry.publish',\n 'entry.unpublish',\n 'media.create',\n 'media.update',\n 'media.delete',\n 'media-folder.create',\n 'media-folder.update',\n 'media-folder.delete',\n 'user.create',\n 'user.update',\n 'user.delete',\n 'admin.auth.success',\n 'admin.logout',\n 'content-type.create',\n 'content-type.update',\n 'content-type.delete',\n 'component.create',\n 'component.update',\n 'component.delete',\n 'role.create',\n 'role.update',\n 'role.delete',\n 'permission.create',\n 'permission.update',\n 'permission.delete',\n];\n\nconst getEventMap = (defaultEvents: any) => {\n const getDefaultPayload = (...args: any) => args[0];\n\n // Use the default payload for all default events\n return defaultEvents.reduce((acc: any, event: any) => {\n acc[event] = getDefaultPayload;\n return acc;\n }, {} as any);\n};\n\nconst getRetentionDays = (strapi: Core.Strapi) => {\n const featureConfig = strapi.ee.features.get('audit-logs');\n const licenseRetentionDays =\n typeof featureConfig === 'object' && featureConfig?.options.retentionDays;\n const userRetentionDays = strapi.config.get('admin.auditLogs.retentionDays');\n\n // For enterprise plans, use 90 days by default, but allow users to override it\n if (licenseRetentionDays == null) {\n return userRetentionDays ?? DEFAULT_RETENTION_DAYS;\n }\n\n // Allow users to override the license retention days, but not to increase it\n if (userRetentionDays && userRetentionDays < licenseRetentionDays) {\n return userRetentionDays;\n }\n\n // User didn't provide a retention days value, use the license one\n return licenseRetentionDays;\n};\n\n/\n @description\n * Manages the the lifecycle of audit logs. Accessible via strapi.get('audit-logs-lifecycles')\n /\nconst createAuditLogsLifecycleService = (strapi: Core.Strapi) => {\n // Manage internal service state privately\n const state = {} as any;\n const auditLogsService = strapi.get('audit-logs');\n\n // NOTE: providers should be able to replace getEventMap to add or remove events\n const eventMap = getEventMap(defaultEvents);\n\n const processEvent = (name: string, ...args: any) => {\n const requestState = strapi.requestContext.get()?.state;\n\n // Ignore events with auth strategies different from admin\n const isUsingAdminAuth = requestState?.route.info.type === 'admin';\n const user = requestState?.user;\n if (!isUsingAdminAuth \|\| !user) {\n return null;\n }\n\n const getPayload = eventMap[name];\n\n // Ignore the event if it's not in the map\n if (!getPayload) {\n return null;\n }\n\n // Ignore some events based on payload\n // TODO: What does this ignore in upload? Why would we want to ignore anything?\n const ignoredUids = ['plugin::upload.file', 'plugin::upload.folder'];\n if (ignoredUids.includes(args[0]?.uid)) {\n return null;\n }\n\n return {\n action: name,\n date: new Date().toISOString(),\n payload: getPayload(...args) \|\| {},\n userId: user.id,\n };\n };\n\n const handleEvent = async (name: string, ...args: any) => {\n const processedEvent = processEvent(name, ...args);\n\n if (processedEvent) {\n await auditLogsService.saveEvent(processedEvent);\n }\n };\n\n return {\n async register() {\n // Handle license being enabled\n if (!state.eeEnableUnsubscribe) {\n // @ts-expect-error- update event hub to receive callback argument\n state.eeEnableUnsubscribe = strapi.eventHub.on('ee.enable', () => {\n // Recreate the service to use the new license info\n this.destroy();\n this.register();\n });\n }\n\n // Handle license being updated\n if (!state.eeUpdateUnsubscribe) {\n // @ts-expect-error- update event hub to receive callback argument\n state.eeUpdateUnsubscribe = strapi.eventHub.on('ee.update', () => {\n // Recreate the service to use the new license info\n this.destroy();\n this.register();\n });\n }\n\n // Handle license being disabled\n // @ts-expect-error- update event hub to receive callback argument\n state.eeDisableUnsubscribe = strapi.eventHub.on('ee.disable', () => {\n // Turn off service when the license gets disabled\n // Only ee.enable and ee.update listeners remain active to recreate the service\n this.destroy();\n });\n\n // Check current state of license\n if (!strapi.ee.features.isEnabled('audit-logs')) {\n return this;\n }\n\n // Start saving events\n state.eventHubUnsubscribe = strapi.eventHub.subscribe(handleEvent);\n\n // Manage audit logs auto deletion\n const retentionDays = getRetentionDays(strapi);\n state.deleteExpiredJob = scheduleJob('0 0 * ', () => {\n const expirationDate = new Date(Date.now() - retentionDays 24 * 60 * 60 * 1000);\n auditLogsService.deleteExpiredEvents(expirationDate);\n });\n\n return this;\n },\n\n unsubscribe() {\n if (state.eeDisableUnsubscribe) {\n state.eeDisableUnsubscribe();\n }\n\n if (state.eventHubUnsubscribe) {\n state.eventHubUnsubscribe();\n }\n\n if (state.deleteExpiredJob) {\n state.deleteExpiredJob.cancel();\n }\n\n return this;\n },\n\n destroy() {\n return this.unsubscribe();\n },\n };\n};\n\nexport { createAuditLogsLifecycleService };\n","export const auditLog = {\n schema: {\n kind: 'collectionType',\n collectionName: 'strapi_audit_logs',\n info: {\n singularName: 'audit-log',\n pluralName: 'audit-logs',\n displayName: 'Audit Log',\n },\n options: {\n timestamps: false,\n },\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n },\n attributes: {\n action: {\n type: 'string',\n required: true,\n },\n date: {\n type: 'datetime',\n required: true,\n },\n user: {\n type: 'relation',\n relation: 'oneToOne',\n target: 'admin::user',\n },\n payload: {\n type: 'json',\n },\n },\n },\n};\n","import register from './register';\nimport bootstrap from './bootstrap';\nimport destroy from './destroy';\nimport adminContentTypes from './content-types';\nimport services from './services';\nimport controllers from './controllers';\nimport routes from './routes';\nimport auditLogsRoutes from './audit-logs/routes/audit-logs';\nimport auditLogsController from './audit-logs/controllers/audit-logs';\nimport { createAuditLogsService } from './audit-logs/services/audit-logs';\nimport { createAuditLogsLifecycleService } from './audit-logs/services/lifecycles';\nimport { auditLog } from './audit-logs/content-types/audit-log';\nimport { Core } from '@strapi/types';\n\nconst getAdminEE = () => {\n const eeAdmin = {\n register,\n bootstrap,\n destroy,\n contentTypes: {\n // Always register the audit-log content type to prevent data loss\n 'audit-log': auditLog,\n ...adminContentTypes,\n },\n services,\n controllers,\n routes,\n };\n\n // Only add the other audit-logs APIs if the feature is enabled by the user and the license\n if (\n strapi.config.get('admin.auditLogs.enabled', true) &&\n strapi.ee.features.isEnabled('audit-logs')\n ) {\n return {\n ...eeAdmin,\n controllers: {\n ...eeAdmin.controllers,\n 'audit-logs': auditLogsController,\n },\n routes: {\n ...eeAdmin.routes,\n 'audit-logs': auditLogsRoutes,\n },\n async register({ strapi }: { strapi: Core.Strapi }) {\n // Run the the default registration\n await eeAdmin.register({ strapi });\n // Register an internal audit logs service\n strapi.add('audit-logs', createAuditLogsService(strapi));\n // Register an internal audit logs lifecycle service\n const auditLogsLifecycle = createAuditLogsLifecycleService(strapi);\n strapi.add('audit-logs-lifecycle', auditLogsLifecycle);\n\n await auditLogsLifecycle.register();\n },\n async destroy({ strapi }: { strapi: Core.Strapi }) {\n strapi.get('audit-logs-lifecycle').destroy();\n await eeAdmin.destroy({ strapi });\n },\n };\n }\n\n return eeAdmin;\n};\n\nexport default getAdminEE();\n"],"names":["strapi","getService","name","authenticate","user","UnauthorizedError","ForbiddenError","auth","actions","roles","role","ApplicationError","email","password","LocalStrategy","getPassportStrategies","authEventsMapper","passport","sso","SUPER_ADMIN_CODE","ValidationError","updatedUser","providerRegistry","firstname","lastname","username","auditLog","defaultEvents"],"mappings":";;;;;;;;;;;;AAMA,MAAM,0BAA0B,CAAC,EAAE,QAAAA,cAAsC;AACvE,MAAI,WAAW,QAAQA,QAAO,KAAK,KAAK,MAAM,OAAO;AAErD,MAAI,CAAC,IAAI,eAAe,QAAQ,GAAG;AACtB,eAAA,QAAQ,WAAW,aAAa;AAAA,EAC7C;AAEM,QAAA,uBAAuB,OAAO,KAAc,SAAe;AAC/D,UAAM,KAAK;AAEX,QAAI,IAAI,WAAW,UAAU,IAAI,WAAW,OAAO;AACjD;AAAA,IACF;AAEA,QAAI,IAAI,QAAQ,QAAQ,IAAI,WAAW,KAAK;AAC1C;AAAA,IACF;AAEA,QAAI,OAAO;AACX,QAAI,OAAO,IAAI,iBAAiB,KAAK,UAAU,YAAY,CAAC;AAAA,EAAA;AAG9D,EAAAA,QAAO,OAAO,OAAO;AAAA,IACnB;AAAA,MACE,QAAQ;AAAA,MACR,MAAM,GAAGA,QAAO,OAAO,MAAM,IAAI;AAAA,MACjC,SAAS;AAAA,QACP;AAAA,QACA,YAAY,UAAU;AAAA,UACpB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,OAAO;AAAA,UACP,WAAW,KAAU,MAAW;AACxB,kBAAA,MAAM,QAAQ,IAAI;AAExB,gBAAI,QAAQ,SAAS;AACf,kBAAA,UAAU,iBAAiB,qCAAqC;AAAA,YACtE;AAAA,UACF;AAAA,QAAA,CACD;AAAA,MACH;AAAA,MACA,QAAQ,EAAE,MAAM,MAAM;AAAA,IACxB;AAAA,EAAA,CACD;AACH;AAGA,MAAM,cAAc,CAAC,UAAe,mBAAmB,OAAO;AACtD,QAAA,QAAQ,UAAU,UAAU,gBAAgB;AAE3C,SAAA,OAAO,KAAc,SAAe;AACzC,UAAM,OAAO,IAAI;AACX,UAAA,UAAU,SAAS,IAAI,IAAI;AAEjC,QAAI,OAAO;AACL,UAAA,MAAM,KAAK,YAAY;AAC3B,UAAI,OAAO;AACX,YAAM,KAAK;AACX,UAAI,OAAO;AAAA,IAAA,CACZ;AACD,QAAI,OAAO;AAAA,EAAA;AAEf;ACpEA,MAAMC,eAAa,CAACC,UAAS;AAC3B,SAAO,OAAO,QAAQ,UAAUA,KAAI,EAAE;AACxC;ACEa,MAAAC,iBAAe,OAAO,QAAiB;AAClD,QAAM,EAAE,cAAkB,IAAA,IAAI,QAAQ;AAEtC,MAAI,CAAC,eAAe;AACX,WAAA,EAAE,eAAe;EAC1B;AAEM,QAAA,QAAQ,cAAc,MAAM,KAAK;AAEnC,MAAA,MAAM,CAAC,EAAE,YAAA,MAAkB,YAAY,MAAM,WAAW,GAAG;AACtD,WAAA,EAAE,eAAe;EAC1B;AAEM,QAAA,QAAQ,MAAM,CAAC;AACf,QAAA,EAAE,SAAS,YAAYF,aAAW,OAAO,EAAE,eAAe,KAAK;AAErE,MAAI,CAAC,SAAS;AACL,WAAA,EAAE,eAAe;EAC1B;AAEA,QAAMG,QAAO,MAAM,OAAO,GACvB,MAAM,aAAa,EACnB,QAAQ,EAAE,OAAO,EAAE,IAAI,QAAQ,GAAG,GAAG,UAAU,CAAC,OAAO,GAAG;AAE7D,MAAI,CAACA,SAAQ,EAAEA,MAAK,aAAa,OAAO;AAC/B,WAAA,EAAE,eAAe;EAC1B;AAEA,QAAM,cAAc,MAAMH,aAAW,YAAY,EAAE,OAAO,oBAAoBG,KAAI;AAIlF,MAAI,MAAM,cAAc;AACxB,MAAI,MAAM,OAAOA;AAEV,SAAA;AAAA,IACL,eAAe;AAAA,IACf,aAAaA;AAAA,IACb,SAAS;AAAA,EAAA;AAEb;AAEO,MAAM,OAAO;AAGpB,MAAe,oBAAA;AAAA,EACb;AAAA,EAAA,cACAD;AACF;ACpDA,MAAM,YAAY,KAAK,KAAK,KAAK;AAEjC,MAAM,YAAY;AAAA,EAChB,sBAAsB;AAAA,EACtB,kBAAkB;AAAA,EAClB,aAAa;AAAA,EACb,aAAa;AAAA,EACb,aAAa;AAAA,EACb,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,IACd,WAAW;AAAA,IACX,aAAa;AAAA,IACb,QAAQ;AAAA,EACV;AAAA;AAAA,EAEA,qBAAqB;AAAA,IACnB,WAAW;AAAA,IACX,QAAQ,IAAI;AAAA,IACZ,SAAS,KAAK;AAAA,IACd,SAAS,KAAK;AAAA,EAChB;AAAA,EACA,qBAAqB;AAAA,IACnB,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AAAA,EACA,0BAA0B;AAAA,IACxB,WAAW;AAAA,IACX,QAAQ,IAAI;AAAA,IACZ,SAAS,KAAK;AAAA,IACd,SAAS,KAAK;AAAA,EAChB;AACF;AC1BA,MAAM,qBAAEE,qBAAmB,gBAAAC,iBAAmB,IAAA;AAE9C,MAAM,cAAc,CAAC,UAAe,MAAM,SAAS,MAAM,KAAK,MAAM,SAAS,SAAS;AAEtF,MAAM,eAAe,CAAC,QAAiB;AACjC,MAAA,IAAI,WAAW,IAAI,QAAQ,UAAU,IAAI,QAAQ,OAAO,eAAe;AACzE,UAAM,QAAQ,IAAI,QAAQ,OAAO,cAAc,MAAM,KAAK;AAEtD,QAAA,MAAM,CAAC,EAAE,YAAA,MAAkB,YAAY,MAAM,WAAW,GAAG;AACtD,aAAA;AAAA,IACT;AAEA,WAAO,MAAM,CAAC;AAAA,EAChB;AAEO,SAAA;AACT;AAKa,MAAAH,iBAAe,OAAO,QAAiB;AAC5C,QAAA,kBAAkBF,aAAW,WAAW;AACxC,QAAA,QAAQ,aAAa,GAAG;AAE9B,MAAI,CAAC,OAAO;AACH,WAAA,EAAE,eAAe;EAC1B;AAEM,QAAA,WAAW,MAAM,gBAAgB,MAAM;AAAA,IAC3C,WAAW,gBAAgB,KAAK,KAAK;AAAA,EAAA,CACtC;AAGD,MAAI,CAAC,UAAU;AACN,WAAA,EAAE,eAAe;EAC1B;AAEM,QAAA,kCAAkB;AAExB,MAAI,CAAC,MAAM,SAAS,SAAS,GAAG;AAC9B,UAAM,iBAAiB,IAAI,KAAK,SAAS,SAAS;AAElD,QAAI,iBAAiB,aAAa;AAChC,aAAO,EAAE,eAAe,OAAO,OAAO,IAAII,oBAAkB,eAAe;IAC7E;AAAA,EACF;AAIA,QAAM,qBAAqB,kBAAkB,aAAa,SAAS,SAAS,UAAU,CAAC;AACvF,MAAI,sBAAsB,GAAG;AAC3B,UAAM,OAAO,GAAG,MAAM,kBAAkB,EAAE,OAAO;AAAA,MAC/C,OAAO,EAAE,IAAI,SAAS,GAAG;AAAA,MACzB,MAAM,EAAE,YAAY,YAAY;AAAA,IAAA,CACjC;AAAA,EACH;AAEA,MAAI,SAAS,SAAS,UAAU,eAAe,QAAQ;AACrD,UAAM,UAAU,MAAM,OAAO,WAAW,YAAY,OAAO;AAAA,MACzD,SAAS,YAAY,IAAI,CAAC,YAAiB,EAAE,SAAS;AAAA,IAAA;AAGxD,WAAO,EAAE,eAAe,MAAM,SAAS,aAAa,SAAS;AAAA,EAC/D;AAEA,SAAO,EAAE,eAAe,MAAM,aAAa,SAAS;AACtD;AAOa,MAAA,SAAS,CAACE,OAAW,WAAgB;AAChD,QAAM,EAAE,aAAa,UAAU,QAAA,IAAYA;AAE3C,MAAI,CAAC,UAAU;AACP,UAAA,IAAIF,oBAAkB,iBAAiB;AAAA,EAC/C;AAEM,QAAA,kCAAkB;AAExB,MAAI,CAAC,MAAM,SAAS,SAAS,GAAG;AAC9B,UAAM,iBAAiB,IAAI,KAAK,SAAS,SAAS;AAElD,QAAI,iBAAiB,aAAa;AAC1B,YAAA,IAAIA,oBAAkB,eAAe;AAAA,IAC7C;AAAA,EACF;AAGA,MAAI,SAAS,SAAS,UAAU,eAAe,aAAa;AAC1D;AAAA,EACF;AAGA,MAAI,SAAS,SAAS,UAAU,eAAe,WAAW;AAKlD,UAAA,SAAS,UAAU,OAAO,KAAK;AAErC,QAAI,OAAO,SAAS,OAAO,MAAM,WAAW,GAAG;AAC7C;AAAA,IACF;AAAA,EAIO,WAAA,SAAS,SAAS,UAAU,eAAe,QAAQ;AAC1D,QAAI,CAAC,SAAS;AACZ,YAAM,IAAIC,iBAAe;AAAA,IAC3B;AAEM,UAAA,SAAS,UAAU,OAAO,KAAK;AAE/B,UAAA,YAAY,OAAO,MAAM,CAAC,UAAU,QAAQ,IAAI,KAAK,CAAC;AAE5D,QAAI,WAAW;AACb;AAAA,IACF;AAAA,EACF;AAEA,QAAM,IAAIA,iBAAe;AAC3B;AAIA,MAAe,uBAAA;AAAA,EACb,MAAM;AAAA,EAAA,cACNH;AAAAA,EACA;AACF;ACxIA,MAAA,oBAAe,CAAC,EAAE,QAAAH,QAAA,MAAsC;AACtD,QAAM,qBAAqBA,QAAO,QAAQ,iBAAiB,EAAE,KAAK;AAElE,EAAAA,QAAO,OAAO,IAAI,OAAO,EAAE,IAAI,kBAAkB;AACjD,EAAAA,QAAO,IAAI,MAAM,EAAE,SAAS,SAAS,iBAAiB;AACtD,EAAAA,QAAO,IAAI,MAAM,EAAE,SAAS,eAAe,oBAAoB;AAE/D,MAAIA,QAAO,OAAO,IAAI,uBAAuB,GAAG;AACtB,4BAAA,EAAE,QAAAA,SAAQ;AAAA,EACpC;AACF;ACXA,MAAA,WAAe,OAAO,EAAE,QAAAA,QAAA,MAAsC;AACtD,QAAA,kBAAkB,EAAE,QAAAA,QAAA,CAAQ;AACpC;ACNO,MAAMQ,YAAU;AAAA,EACrB;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AACF;AAEA,MAAe,eAAA;AAAA,EAAA,SACbA;AACF;ACnNO,MAAM,aAAa;AAAA,EACxB;AAAA,IACE,aAAa;AAAA,IACb,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,SAAS,CAACJ,WAAgB,EAAE,gBAAgBA,MAAK,GAAG;AAAA,EACtD;AAAA,EACA;AAAA,IACE,aAAa;AAAA,IACb,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,SAAS,CAACA,WAAgB;AAAA,MACxB,mBAAmB;AAAA,QACjB,YAAY;AAAA,UACV,IAAI;AAAA,YACF,KAAKA,MAAK,MAAM,IAAI,CAAC,MAAY,EAAE,EAAE;AAAA,UACvC;AAAA,QACF;AAAA,MACF;AAAA,IAAA;AAAA,EAEJ;AACF;AAEA,MAAe,kBAAA;AAAA,EACb;AACF;ACtBA,MAAM,2BAA2B;AAAA,EAC/B,WAAW;AAAA,IACT,cAAc;AAAA,IACd,aAAa;AAAA,IACb,gBAAgB;AAAA,EAClB;AACF;AAEA,MAAM,4BAA4B,YAAY;AAC5C,QAAMH,aAAW,YAAY,EAAE,eAAe,aAAa,aAAa,OAAO;AACjF;AAEA,MAAM,0BAA0B,YAAY;AAC1C,QAAMA,aAAW,YAAY,EAAE,kBAAkB,aAAa,gBAAgB,UAAU;AAC1F;AAEA,MAAM,qBAAqB,MAAM;AAC/B,QAAM,EAAE,+BAAA,IAAmCA,aAAW,SAAS;AAExD,SAAA,GAAG,WAAW,UAAU;AAAA,IAC7B,QAAQ,CAAC,aAAa;AAAA,IACtB,aAAa;AAAA,IACb,aAAa;AAAA,IACb,YAAY,EAAE,UAAU;AAClB,UAAA,OAAO,KAAK,kBAAkB;AACD;MACjC;AAAA,IACF;AAAA,EAAA,CACD;AACH;AAEA,MAAM,mBAAmB,YAAY;AAC7B,QAAA,aAAa,MAAM,OAAO,MAAM,EAAE,MAAM,QAAQ,MAAM,QAAA,CAAS;AACrE,QAAM,oBAAoB,MAAM,WAAW,IAAI,EAAE,KAAK,QAAQ;AACxD,QAAA,kBAAkB,MAAM,0BAA0B,iBAAiB;AAEzE,QAAM,aAAa,MAAMA,aAAW,MAAM,EAAE,OAAO;AAAA,IACjD,IAAI,gBAAgB,UAAU;AAAA,EAAA,CAC/B;AAGD,MAAI,CAAC,YAAY;AACf,oBAAgB,UAAU,cAAc;AAAA,EAC1C;AAEA,QAAM,WAAW,IAAI,EAAE,KAAK,QAAQ,OAAO,iBAAiB;AAC9D;AAEA,MAAM,2BAA2B,YAAY;AAC3C,QAAM,mBAAmB,OAAO,WAAW,YAAY,UAAU,OAAO;AAClE,QAAA,kBAAkB,MAAM,MAAM;AAAA,IAClC,OAAO,GAAG,MAAM,6BAA6B,EAAE;AAAA,IAC/C,IAAI,QAAQ;AAAA,EAAA;AAGd,QAAM,qBAAqB,KAAK,WAAW,iBAAiB,gBAAgB,CAAC;AAEzE,MAAA,mBAAmB,SAAS,GAAG;AACjC,UAAM,OAAO,GACV,MAAM,6BAA6B,EACnC,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,mBAAmB,EAAA,EAAK,CAAA;AAAA,EAClE;AACF;AAEA,MAAA,qBAAe,OAAO,EAAE,QAAAD,cAAsC;AAC5D,QAAM,wBAAwB;AAC9B,QAAM,0BAA0B;AACb;AAEb,QAAA,oBAAoBC,aAAW,YAAY;AAC3C,QAAA,cAAcA,aAAW,MAAM;AAC/B,QAAA,cAAcA,aAAW,MAAM;AAC/B,QAAA,kBAAkBA,aAAW,WAAW;AACxC,QAAA,kBAAkBA,aAAW,UAAU;AACvC,QAAA,eAAeA,aAAW,OAAO;AAEvC,QAAM,YAAY;AAClB,QAAM,YAAY;AAClB,QAAM,YAAY;AAElB,QAAM,kBAAkB;AAExB,QAAM,YAAY;AAElB,QAAM,iBAAiB;AACvB,QAAM,yBAAyB;AAE/B,QAAMA,aAAW,SAAS,EAAE,6BAA6BD,OAAM;AACpDC,eAAA,SAAS,EAAE,UAAUD,OAAM;AAEtC,kBAAgB,mBAAmB;AACnC,kBAAgB,MAAM;AACtB,eAAa,qBAAqB;AACpC;AClGa,MAAA,aAAa,CACxBE,OACA,EAAE,QAAAF,QAAA,IAAoC,EAAE,QAAQ,OAAO,aACpD;AACH,SAAOA,QAAO,QAAQ,UAAUE,KAAI,EAAE;AACxC;ACPA,MAAe,UAAA;AAAA,EACb,KAAK;AAAA,IACH;AAAA,MACE,KAAK;AAAA,MACL,aAAa;AAAA,MACb,YAAY;AAAA,MACZ,SAAS;AAAA,MACT,UAAU;AAAA,MACV,aAAa;AAAA,IACf;AAAA,IACA;AAAA,MACE,KAAK;AAAA,MACL,aAAa;AAAA,MACb,YAAY;AAAA,MACZ,SAAS;AAAA,MACT,UAAU;AAAA,MACV,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,WAAW;AAAA,IACT;AAAA,MACE,KAAK;AAAA,MACL,aAAa;AAAA,MACb,YAAY;AAAA,MACZ,SAAS;AAAA,MACT,UAAU;AAAA,MACV,aAAa;AAAA,IACf;AAAA,EACF;AACF;AClBA,MAAM,qBAAqB,CAAC,UAAmC;AACzD,MAAA,OAAO,UAAU,UAAU;AACtB,WAAA,EAAE,MAAM;EACjB;AACO,SAAA;AACT;AASA,eAAsB,WAAW,EAAE,QAAAF,QAAAA,GAAmC,OAAY;AAEhF,QAAM,SAAS,MAAMA,QAAO,GAAG,QAAQ,gBAAgB;AACvD,SAAO,OAAO,OAAO,CAAC,cAAsB,MAAM,KAAK,SAAS,CAAC;AACnE;AAKA,eAAe,iBACb,EAAE,QAAAA,QAAAA,GACF,YACA;AACA,QAAM,kBAAkB,MAAM,mBAAmB,EAAE,QAAAA,QAAQ,CAAA;AACrD,QAAA,SAAS,WAAW,IAAI,kBAAkB;AAGhD,QAAM,yBAAyB,eAAe,SAAS,QAAQ,eAAe;AAE9E,QAAM,kBAAkB;AAAA,IACtB,CAAC,IAAS,OAAY,GAAG,SAAS,GAAG;AAAA,IACrC;AAAA,IACA;AAAA,EAAA;AAGE,MAAA,CAAC,uBAAuB,QAAQ;AAClC;AAAA,EACF;AAGgB,kBAAA,KAAK,GAAG,sBAAsB;AACxCA,QAAAA,QAAO,MAAM,IAAI;AAAA,IACrB,MAAM;AAAA,IACN,KAAK;AAAA,IACL,OAAO;AAAA,EAAA,CACR;AACH;AAUA,eAAe,mBAAmB,EAAE,QAAAA,WAAmC;AACrE,QAAM,kBAAuB,MAAMA,QAAO,MAAM,IAAI;AAAA,IAClD,MAAM;AAAA,IACN,KAAK;AAAA,EAAA,CACN;AAED,UAAQ,mBAAmB,CAAA,GAAI,IAAI,kBAAkB;AACvD;AA0Ba,MAAA,0BAA0B,OAAO,oBAA4B;AACxE,QAAM,iBAAiB,IAAI,OAAO,IAAI,eAAe,IAAI;AACzD,QAAM,aAAa,MAAM,WAAW,EAAE,UAAU,cAAc;AAE9D,QAAM,iBAAiB,EAAE,OAAO,GAAG,UAAU;AAC/C;ACxGA,MAAe,YAAA,OAAO,SAAc;AAClC,QAAM,EAAE,eAAA,IAAmB,WAAW,YAAY;AAClD,MAAI,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACjC,UAAA,eAAe,aAAa,QAAQ,GAAG;AAAA,EAC/C;AAEA,MAAI,OAAO,GAAG,SAAS,UAAU,YAAY,GAAG;AAC9C,UAAM,wBAAwB,mBAAmB;AAC3C,UAAA,eAAe,aAAa,QAAQ,SAAS;AAAA,EACrD;AAEM,QAAA,WAAW,kBAAkB,EAAE;AACrC,QAAM,mBAAmB,IAAI;AAC/B;AChBA,MAAA,mBAAe,YAAY;AACzB,QAAM,EAAE,mBAAmB,eAAe,IAAIC,aAAW,YAAY;AAErE,QAAM,kBAAkB;AACxB,QAAM,eAAe;AACvB;ACJA,MAAA,UAAe,OAAO,EAAE,QAAAD,QAAA,MAAsC;AAC5D,QAAM,iBAAiB;AACzB;ACLA,MAAA,oBAAe,CAAC;ACEH,MAAA,cAAc,OAAOI,UAAc;AAC9C,MAAI,CAAC,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACjC,WAAA;AAAA,EACT;AAEA,MAAI,CAACA,OAAM;AACH,UAAA,IAAI,MAAM,qBAAqB;AAAA,EACvC;AAGM,QAAA,aAAa,MAAM,OAAO,MAAM,EAAE,MAAM,QAAQ,MAAM,QAAA,CAAS;AAC/D,QAAA,EAAE,UAAe,IAAA,MAAM,WAAW,IAAI,EAAE,KAAK,OAAA,CAAQ;AACrD,QAAA,cAAc,UAAU,kBAAkB;AAC5C,MAAA,QAAQ,WAAW,GAAG;AACjB,WAAA;AAAA,EACT;AAEM,QAAAK;AAAA;AAAA,IAEJL,MAAK;AAAA,IAEJ,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,KAAKA,OAAM,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,KAAK;AAAA,IAEvF,CAAC;AAAA;AAGH,QAAM,WAAW,YAAY;AAAA,IAAK,CAAC;AAAA;AAAA,MAEjCK,OAAM,KAAK,CAACC,UAAc,aAAaA,MAAK,GAAG,UAAU;AAAA;AAAA,EAAA;AAGpD,SAAA;AACT;AC7BA,MAAM,EAAEC,kBAAAA,mBAAqB,IAAA;AAQ7B,MAAM,iBAAiB,OAAO,EAAE,OAAAC,OAAM,IAAS,OAAO;AACpD,QAAMR,QAAO,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAAQ,QAAO,UAAU,KAAA,EAAQ,CAAA;AAE9F,MAAI,CAACR,SAAS,MAAM,YAAYA,KAAI,GAAI;AACtC;AAAA,EACF;AAEA,QAAM,qBAAqB,WAAW,OAAO,EAAE,YAAY;AACrD,QAAA,WAAW,MAAM,EAAE,WAAWA,MAAK,IAAI,EAAE,oBAAoB;AAG7D,QAAA,MAAM,GAAG,OAAO,OAAO;AAAA,IAC3B;AAAA,EAAA,CACD,6BAA6B,kBAAkB;AAChD,SAAO,OACJ,OAAO,OAAO,EACd,QAAQ,OAAO,EACf;AAAA,IACC;AAAA,MACE,IAAIA,MAAK;AAAA,MACT,MAAM,OAAO,OAAO,IAAI,2BAA2B;AAAA,MACnD,SAAS,OAAO,OAAO,IAAI,8BAA8B;AAAA,IAC3D;AAAA,IACA,OAAO,OAAO,IAAI,oCAAoC;AAAA,IACtD;AAAA,MACE;AAAA,MACA,MAAM,EAAE,KAAKA,OAAM,CAAC,SAAS,aAAa,YAAY,UAAU,CAAC;AAAA,IACnE;AAAA,EAAA,EAED,MAAM,CAAC,QAAiB;AAEhB,WAAA,IAAI,MAAM,GAAG;AAAA,EAAA,CACrB;AACL;AAQA,MAAM,gBAAgB,OAAO,EAAE,oBAAoB,UAAAS,UAAS,IAAS,CAAA,MAAO;AAC1E,QAAM,eAAe,MAAM,OAAO,GAC/B,MAAM,aAAa,EACnB,QAAQ,EAAE,OAAO,EAAE,oBAAoB,UAAU,KAAA,EAAQ,CAAA;AAE5D,MAAI,CAAC,gBAAiB,MAAM,YAAY,YAAY,GAAI;AACtD,UAAM,IAAIF,mBAAiB;AAAA,EAC7B;AAEA,SAAO,WAAW,MAAM,EAAE,WAAW,aAAa,IAAI;AAAA,IACpD,UAAAE;AAAA,IACA,oBAAoB;AAAA,EAAA,CACrB;AACH;AAEA,MAAe,OAAA;AAAA,EACb;AAAA,EACA;AACF;ACnEA,MAAM,sBAAsB,CAACb,SAAqB,eAAqB;AACrE,SAAO,IAAIc;AAAAA,IACT;AAAA,MACE,eAAe;AAAA,MACf,eAAe;AAAA,MACf,SAAS;AAAA,IACX;AAAA,IACA,CAACF,QAAeC,WAAkB,SAAc;AAC9C,aAAOZ,aAAW,MAAM,EACrB,iBAAiB,EAAE,OAAO,QAAQW,MAAK,GAAG,UAAAC,UAAU,CAAA,EACpD,KAAK,OAAO,CAAC,OAAOT,OAAM,OAAO,MAAM;AACtC,YAAI,YAAY;AACd,iBAAO,WAAW,CAAC,OAAOA,OAAM,OAAO,GAAG,IAAI;AAAA,QAChD;AAEO,eAAA,KAAK,OAAOA,OAAM,OAAO;AAAA,MAAA,CACjC,EACA,MAAM,CAAC,UAAU,KAAK,KAAK,CAAC;AAAA,IACjC;AAAA,EAAA;AAEJ;ACnBA,MAAM,mBAAmB;AAAA,EACvB,qBAAqB;AAAA,EACrB,mBAAmB;AACrB;AAEA,MAAM,sBAAsB,CAAC,CAAG,EAAA,KAAK,MAAkB,WAAW,KAAK;AACvE,MAAM,sBAAsB,CAAC,CAAC,GAAG,MAAW;AACnC,SAAA,OAAO,KAAK,OAAO,QAAQ,iBAAiB,EAAE,gBAAgB,EAAE,SAAS,GAAG;AACrF;AAEA,MAAMW,0BAAwB,MAAM,CAAC,oBAAoB,MAAM,CAAC;AAEhE,MAAM,qBAAqB,MAAM;AAEzB,QAAA,EAAE,SAAS,CAAA,MAAO,OAAO,OAAO,IAAI,cAAc,CAAA,CAAE;AAC1D,QAAM,EAAE,kBAAAC,kBAAAA,IAAqB,OAAO,QAAQ,iBAAiB;AAEvD,QAAA,YAAY,OAAO,QAAQ,MAAM,EAAE,OAAO,mBAAmB,EAAE,OAAO,mBAAmB;AAE/F,aAAW,CAAC,WAAW,OAAO,KAAK,WAAW;AAE5C,WAAO,SAAS,GAAGA,kBAAiB,SAAS,GAAG,OAAc;AAAA,EAChE;AACF;AAEA,MAAM,OAAO,MAAM;AAEd,SAAA,QAAQ,iBAAiB,EACzB,sBAAsB,EACtB,QAAQ,CAAC,aAAuBC,WAAS,IAAI,QAAQ,CAAC;AAEtC;AAEnB,SAAOA,WAAS;AAClB;AAEA,MAAA,aAAe,EAAE,MAAM,uBAAAF,yBAAuB,iBAAiB;ACxC/D,MAAA,yBAAe,MAAM;AACb,QAAA,+BAAe;AAErB,SAAO,OAAO,UAAU;AAAA,IACtB,SAAS,UAAmB;AAC1B,UAAI,OAAO,UAAU;AACb,cAAA,IAAI,MAAM,qDAAqD;AAAA,MACvE;AAIK,WAAA,IAAI,SAAS,KAAK,QAAQ;AAAA,IACjC;AAAA,IAEA,aAAa,WAAsB;AACvB,gBAAA,QAAQ,CAAC,aAAa;AAC9B,aAAK,SAAS,QAAQ;AAAA,MAAA,CACvB;AAAA,IACH;AAAA,IAEA,SAAoB;AAGlB,aAAO,MAAM,KAAK,KAAK,OAAQ,CAAA;AAAA,IACjC;AAAA,EAAA,CACD;AAEM,SAAA;AACT;AC1BO,MAAM,mBAAmB,uBAAuB;AACvD,MAAM,eAAe;AAER,MAAA,yBAAyB,CAAC,iBAAyB;AAC9D,MAAI,CAAC,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AAClC,UAAA,IAAI,MAAM,YAAY;AAAA,EAC9B;AAEA,SAAO,kBAAkB,YAAY;AACvC;AAEO,MAAM,iCAAiC,MAAM;AAClD,MAAI,CAAC,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AAClC,UAAA,IAAI,MAAM,YAAY;AAAA,EAC9B;AAEM,QAAA,EAAE,YAAY,CAAA,MAAO,OAAO,OAAO,IAAI,cAAc,CAAA,CAAE;AAI7D,mBAAiB,aAAa,SAAS;AACzC;AAEO,MAAM,sBAAsB;AAAA,EACjC,uBAAuB;AACzB;AAEA,MAAe,QAAA;AAAA,EACb;AAAA,EACA;AAAA,EACA;AAAA,EACA,kBAAkB,EAAE,GAAGE,WAAS,kBAAkB,GAAG,oBAAoB;AAC3E;AC/BA,MAAM,EAAE,kBAAsB,IAAA;AAE9B,MAAM,0BAA0B,OAAO,CAAC,OAAOb,OAAM,OAAO,GAAQ,SAAc;AAEhF,MAAIA,SAAQ,CAAC,SAAU,MAAM,YAAYA,KAAI,GAAI;AACxC,WAAA;AAAA,MACL,IAAI,kBAAkB,wDAAwD;AAAA,QAC5E,MAAM;AAAA,MAAA,CACP;AAAA,MACDA;AAAA,MACA;AAAA,IAAA;AAAA,EAEJ;AAEO,SAAA,KAAK,OAAOA,OAAM,OAAO;AAClC;AAEA,MAAM,wBAAwB,MAAM;AAClC,MAAI,CAAC,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACjC,WAAA,CAAC,oBAAoB,MAAM,CAAC;AAAA,EACrC;AAEM,QAAA,gBAAgB,oBAAoB,QAAQ,uBAAuB;AAErE,MAAA,CAAC,OAAO,UAAU;AACpBc,UAAI,+BAA+B;AAAA,EACrC;AAIM,QAAA,YAAYA,MAAI,iBAAiB,OAAO;AACxC,QAAA,aAAa,UAAU,IAAI,CAAC,aAAkB,SAAS,eAAe,MAAM,CAAC;AAE5E,SAAA,CAAC,eAAe,GAAG,UAAU;AACtC;AAEA,MAAe,WAAA;AAAA,EACb;AAAA,EACA,GAAGA;AACL;ACzCA,MAAM,EAAEP,kBAAAA,mBAAqB,IAAA;AAE7B,MAAM,6BAA6B,OAAO,QAAa;AAC/C,QAAA,aAAa,MAAM,OAAO,MAAM,EAAE,MAAM,QAAQ,MAAM,QAAA,CAAS;AAE/D,QAAA;AAAA,IACJ,WAAW,EAAE,YAAY;AAAA,EAAA,IACtB,MAAM,WAAW,IAAI,EAAE,KAAK,OAAQ,CAAA;AAEzC,aAAW,UAAU,KAAK;AACxB,QAAI,eAAe,SAAS,WAAW,MAAM,SAAS,MAAM,GAAG;AAC7D,YAAM,IAAIA;AAAAA,QACR;AAAA,MAAA;AAAA,IAEJ;AAAA,EACF;AACF;AAEA,MAAe,SAAA;AAAA,EACb;AACF;ACfA,MAAM,EAAEQ,kBAAAA,mBAAqB,IAAA;AAehB,MAAA,oBAAoB,CAACf,UAAoB;AAC7C,SAAAA,MAAK,MAAM,OAAO,CAACM,UAAoBA,MAAK,SAASS,kBAAgB,EAAE,SAAS;AACzF;AClBA,MAAM,EAAEC,iBAAAA,kBAAoB,IAAA;AAC5B,MAAM,EAAED,kBAAAA,mBAAqB,IAAA;AAM7B,MAAM,4BAA4B,OAAO,IAAY,UAAe;AAClE,QAAM,gBAAgB,MAAM,WAAW,kBAAkB,EAAE,oBAAoB;AAE/E,MAAI,CAAC,eAAe;AAClB;AAAA,EACF;AAEM,QAAAf,QAAO,cAAc,KAAK,CAACA,WAAcA,OAAK,OAAO,OAAO,EAAE,CAAC;AACrE,MAAI,CAACA,OAAM;AACT;AAAA,EACF;AAEI,MAAAA,MAAK,aAAa,MAAM,UAAU;AAC9B,UAAA,uBAAuB,cAAc,OAAO,CAACA,WAAcA,OAAK,OAAO,OAAO,EAAE,CAAC;AACjF,UAAA,OAAO,MAAM,IAAI;AAAA,MACrB,MAAM;AAAA,MACN,KAAK;AAAA,MACL,OAAO;AAAA,IAAA,CACR;AAAA,EACH;AACF;AAEA,MAAM,kBAAkB,KAAK,WAAW,IAAI,QAAQ,CAAC;AAErD,MAAM,gCAAgC,OAAO,QAAiB;AACxD,MAAA;AACA,MAAA,OAAO,QAAQ,UAAU;AAC3B,iBAAa,gBAAgB,GAAG;AAAA,EAAA,OAC3B;AACQ,iBAAA,CAAC,OAAO,GAAG,CAAC;AAAA,EAC3B;AAEA,QAAM,gBAAgB,MAAM,WAAW,kBAAkB,EAAE,oBAAoB;AAE/E,MAAI,CAAC,eAAe;AAClB;AAAA,EACF;AAEM,QAAA,uBAAuB,cAAc,OAAO,CAACA,UAAc,CAAC,WAAW,SAASA,MAAK,EAAE,CAAC;AACxF,QAAA,OAAO,MAAM,IAAI;AAAA,IACrB,MAAM;AAAA,IACN,KAAK;AAAA,IACL,OAAO;AAAA,EAAA,CACR;AACH;AAQA,MAAM,aAAa,OAAO,IAAS,eAAoB;AAErD,MAAI,EAAE,IAAI,YAAY,OAAO,GAAG;AACxB,UAAA,gBAAgB,MAAM,qBAAqB,EAAE;AACnD,UAAM,iBAAiB,MAAM,WAAW,MAAM,EAAE,4BAA4B;AAC5E,UAAM,2BAA2B,CAAC,OAAO,eAAe,WAAW,OAAO,eAAe,EAAE;AAE3F,QAAI,iBAAiB,0BAA0B;AACvC,YAAA,IAAIgB,kBAAgB,wDAAwD;AAAA,IACpF;AAAA,EACF;AAGI,MAAA,WAAW,aAAa,OAAO;AAC3B,UAAA,gBAAgB,MAAM,qBAAqB,EAAE;AACnD,QAAI,eAAe;AACX,YAAA,IAAIA,kBAAgB,wDAAwD;AAAA,IACpF;AAAA,EACF;AAGA,MAAI,EAAE,IAAI,YAAY,UAAU,GAAG;AACjC,UAAM,iBAAiB,MAAM,WAAW,MAAM,EAAE,aAAa,WAAW,QAAQ;AAEhF,UAAMC,eAAc,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,OAAO;AAAA,MAC9D,OAAO,EAAE,GAAG;AAAA,MACZ,MAAM;AAAA,QACJ,GAAG;AAAA,QACH,UAAU;AAAA,MACZ;AAAA,MACA,UAAU,CAAC,OAAO;AAAA,IAAA,CACnB;AAEM,WAAA,SAAS,KAAK,eAAe,EAAE,MAAM,aAAaA,YAAW,GAAG;AAEhEA,WAAAA;AAAAA,EACT;AAEA,QAAM,cAAc,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,OAAO;AAAA,IAC9D,OAAO,EAAE,GAAG;AAAA,IACZ,MAAM;AAAA,IACN,UAAU,CAAC,OAAO;AAAA,EAAA,CACnB;AAEK,QAAA,0BAA0B,IAAI,UAAU;AAE9C,MAAI,aAAa;AACR,WAAA,SAAS,KAAK,eAAe,EAAE,MAAM,aAAa,WAAW,GAAG;AAAA,EACzE;AAEO,SAAA;AACT;AAMA,MAAM,aAAa,OAAO,OAAgB;AAExC,QAAM,eAAe,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,QAAQ;AAAA,IAChE,OAAO,EAAE,GAAG;AAAA,IACZ,UAAU,CAAC,OAAO;AAAA,EAAA,CACnB;AAED,MAAI,CAAC,cAAc;AACV,WAAA;AAAA,EACT;AAEA,MAAI,cAAc;AACZ,QAAA,aAAa,MAAM,KAAK,CAAC,MAAW,EAAE,SAASF,kBAAgB,GAAG;AACpE,YAAM,iBAAiB,MAAM,WAAW,MAAM,EAAE,4BAA4B;AACxE,UAAA,eAAe,eAAe,GAAG;AAC7B,cAAA,IAAIC,kBAAgB,wDAAwD;AAAA,MACpF;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAc,MAAM,OAAO,GAC9B,MAAM,aAAa,EACnB,OAAO,EAAE,OAAO,EAAE,GAAG,GAAG,UAAU,CAAC,OAAO,GAAG;AAEhD,QAAM,8BAA8B,EAAE;AAE/B,SAAA,SAAS,KAAK,eAAe,EAAE,MAAM,aAAa,WAAW,GAAG;AAEhE,SAAA;AACT;AAMA,MAAM,cAAc,OAAO,QAAa;AAEtC,QAAM,iBAAiB,MAAM,WAAW,MAAM,EAAE,4BAA4B;AAC5E,QAAM,yBAAyB,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,MAAM;AAAA,IACxE,OAAO;AAAA,MACL,IAAI;AAAA,MACJ,OAAO,EAAE,IAAI,eAAe,GAAG;AAAA,IACjC;AAAA,EAAA,CACD;AAEG,MAAA,eAAe,eAAe,wBAAwB;AAClD,UAAA,IAAIA,kBAAgB,wDAAwD;AAAA,EACpF;AAEA,QAAM,eAAe,CAAA;AACrB,aAAW,MAAM,KAAK;AACpB,UAAM,cAAc,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,OAAO;AAAA,MAC9D,OAAO,EAAE,GAAG;AAAA,MACZ,UAAU,CAAC,OAAO;AAAA,IAAA,CACnB;AAED,iBAAa,KAAK,WAAW;AAAA,EAC/B;AAEA,QAAM,8BAA8B,GAAG;AAEhC,SAAA,SAAS,KAAK,eAAe;AAAA,IAClC,OAAO,aAAa,IAAI,CAAC,gBAAgB,aAAa,WAAW,CAAC;AAAA,EAAA,CACnE;AAEM,SAAA;AACT;AAEA,MAAM,oBAAoB,CAACV,UAAkB,EAAE,KAAKA,OAAM,CAAC,MAAM,QAAQ,eAAe,MAAM,CAAC;AAM/F,MAAM,uBAAuB,OAAO,WAAoB;AAChD,QAAAN,QAAQ,MAAM,QAAQ,MAAM;AAClC,QAAM,iBAAiB,MAAM,WAAW,MAAM,EAAE,4BAA4B;AAE5E,SAAO,eAAe,eAAe,KAAK,kBAAkBA,KAAI;AAClE;AAMA,MAAM,eAAe,CAACA,UAAc;AAC3B,SAAA;AAAA,IACL,GAAG,EAAE,KAAKA,OAAM,CAAC,YAAY,sBAAsB,qBAAqB,OAAO,CAAC;AAAA,IAChF,OAAOA,MAAK,SAASA,MAAK,MAAM,IAAI,iBAAiB;AAAA,EAAA;AAEzD;AAKA,MAAM,UAAU,OAAO,IAAS,WAAW,CAAC,OAAO,MAAM;AACvD,SAAO,OAAO,GAAG,MAAM,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,SAAU,CAAA;AAC3E;AAEA,MAAM,4BAA4B,YAAY;AAC5C,SAAO,OAAO,GAAG,MAAM,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,KAAK,EAAG,CAAA;AAC3E;AAEA,MAAe,SAAA;AAAA,EACb;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;ACrOA,MAAM,sBAAsB,YAAY;AACtC,QAAM,EAAE,kBAAAkB,kBAAqB,IAAA,OAAO,QAAQ,iBAAiB;AAEtD,SAAAA,kBAAiB,SAAS,IAAI,CAAC,EAAE,IAAA,MAA2B,GAAG;AACxE;AAEA,MAAM,+BAA+B,OAAOtB,YAAwB;AAClE,MAAI,kBAAkB,CAAA;AAEhB,QAAA,2BAA2B,MAAM,WAAW,MAAM,EAAE,MAAM,EAAE,UAAU,KAAA,CAAM;AAClF,QAAM,qBAAqB,MAAM,WAAW,MAAM,EAAE,MAAM;AAE1D,MAAIA,QAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACjC,UAAA,eAAe,MAAM;AAE3B,sBAAkB,OAAO,iBAAiB;AAAA,MACxC;AAAA,MACA,iBAAiB,aAAa,WAAW;AAAA,IAAA,CAC1C;AAAA,EACH;AAEA,MAAIA,QAAO,GAAG,SAAS,UAAU,sBAAsB,GAAG;AACxD,UAAM,0BAA0B,MAAMA,QACnC,GAAI,MAAM,kCAAkC,EAC5C;AAEH,UAAM,mCAAmC,MAAMA,QAC5C,GAAI,MAAM,kCAAkC,EAC5C,MAAM;AAAA,MACL,SAAS,EAAE,YAAY,EAAE,UAAU,OAAO;AAAA,IAAA,CAC3C;AAEH,sBAAkB,OAAO,iBAAiB;AAAA,MACxC;AAAA,MACA;AAAA,IAAA,CACD;AAAA,EACH;AAEA,oBAAkB,OAAO,iBAAiB,EAAE,0BAA0B,mBAAoB,CAAA;AAE1FA,UAAO,UAAU,KAAK,+BAA+B;AAAA,IACnD;AAAA,EAAA,CACD;AACH;AAEA,MAAM,YAAY,CAACA,YAAwB;AACzCA,UAAO,KAAK,IAAI;AAAA,IACd,eAAe,MAAM,6BAA6BA,OAAM;AAAA,EAAA,CACzD;AACH;AAEA,MAAA,UAAe,EAAE,WAAW,qBAAqB,6BAA6B;ACnD9E,MAAM,EAAE,iBAAqB,IAAA;AAK7B,MAAM,sBAAsB,YAAY;AAC/B,SAAA,OAAO,MAAM,IAAI,EAAE,MAAM,MAAM,KAAK,kBAAkB;AAC/D;AAEA,MAAM,yBAAyB,OAAO,0BAAkC;AAChE,QAAA,gBAAiB,MAAM;AACvB,QAAA,uBAAuB,QAAQ,aAAa;AAE5C,QAAA,gBAAgB,KAAK,uBAAuB,oBAAoB;AAEtE,QAAM,OAAO,GAAG,MAAM,aAAa,EAAE,WAAW;AAAA,IAC9C,OAAO,EAAE,IAAI,IAAI,KAAK,IAAI,GAAG,aAAa,EAAE;AAAA,IAC5C,MAAM,EAAE,UAAU,KAAK;AAAA,EAAA,CACxB;AAEK,QAAA,yBAAyB,KAAK,uBAAuB,oBAAoB;AAEzE,QAAA,OAAO,MAAM,IAAI;AAAA,IACrB,MAAM;AAAA,IACN,KAAK;AAAA,IACL,OAAO;AAAA,EAAA,CACR;AACH;AAEA,MAAM,gCAAgC,OAAO,2BAAmC;AAC9E,QAAM,yBAA+B,MAAM,oBAAoB,KAAM;AAErE,QAAM,iBAAiB,CAAA;AACvB,QAAM,8BAA8B,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,SAAS;AAAA,IAChF,OAAO;AAAA,MACL,UAAU;AAAA,MACV,OAAO;AAAA,QACL,MAAM,EAAE,KAAK,iBAAiB;AAAA,MAChC;AAAA,IACF;AAAA,IACA,SAAS,EAAE,WAAW,OAAO;AAAA,IAC7B,OAAO;AAAA,EAAA,CACR;AAEc,iBAAA,KAAK,GAAG,2BAA2B;AAE9C,MAAA,4BAA4B,SAAS,wBAAwB;AAC/D,UAAM,2BAA2B,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,SAAS;AAAA,MAC7E,OAAO;AAAA,QACL,UAAU;AAAA,QACV,OAAO,EAAE,MAAM,iBAAiB;AAAA,MAClC;AAAA,MACA,SAAS,EAAE,WAAW,OAAO;AAAA,MAC7B,OAAO,yBAAyB,4BAA4B;AAAA,IAAA,CAC7D;AAEc,mBAAA,KAAK,GAAG,wBAAwB;AAAA,EACjD;AAEA,QAAM,OAAO,GAAG,MAAM,aAAa,EAAE,WAAW;AAAA,IAC9C,OAAO,EAAE,IAAI,IAAI,KAAK,IAAI,GAAG,cAAc,EAAE;AAAA,IAC7C,MAAM,EAAE,UAAU,MAAM;AAAA,EAAA,CACzB;AAEK,QAAA,OAAO,MAAM,IAAI;AAAA,IACrB,MAAM;AAAA,IACN,KAAK;AAAA,IACL,OAAO,uBAAuB,OAAO,IAAI,KAAK,CAAC,MAAM,UAAU,CAAC,GAAG,cAAc,CAAC;AAAA,EAAA,CACnF;AACH;AAEA,MAAM,0BAA0B,YAAY;AACpC,QAAA,gBAAgB,MAAM,OAAO,MAAM,IAAI,EAAE,MAAM,MAAM,KAAK,iBAAA,CAAkB;AAElF,MAAI,CAAC,eAAe;AAClB;AAAA,EACF;AAEA,QAAM,OAAO,GAAG,MAAM,aAAa,EAAE,WAAW;AAAA,IAC9C,OAAO,EAAE,IAAI,IAAI,KAAK,IAAI,GAAG,aAAa,EAAE;AAAA,IAC5C,MAAM,EAAE,UAAU,MAAM;AAAA,EAAA,CACzB;AACH;AAEA,MAAM,0BAA0B,YAAY;AACpC,QAAA,aAAa,OAAO,GAAG;AACzB,MAAA,MAAM,UAAU,GAAG;AACrB;AAAA,EACF;AAGA,QAAM,wBAAwB;AAE9B,QAAM,yBAAyB,MAAM,WAAW,MAAM,EAAE,0BAA0B;AAElF,QAAM,iBAAiB,aAAa;AAEpC,MAAI,iBAAiB,GAAG;AACtB,UAAM,uBAAuB,cAAc;AAAA,EAAA,WAClC,iBAAiB,GAAG;AACvB,UAAA,8BAA8B,CAAC,cAAc;AAAA,EACrD;AACF;AAEA,MAAe,kBAAA;AAAA,EACb;AAAA,EACA;AACF;ACxGA,MAAe,WAAA;AAAA,EACb;AAAA,EACA;AAAA,EAAA,MACAU;AAAAA,EAAA,MACAN;AAAAA,EACA;AAAA,EACA,oBAAoB;AACtB;ACZA,MAAM,8BAA8B,IAAI,OAAO,EAAE,MAAM;AAAA,EACrD,cAAc,IAAI,QAAQ,EAAE,SAAS;AAAA,EACrC,aAAa,IACV,SAAS,EACT,KAAK,gBAAgB,CAAC,OAAO,eAAe;AAC3C,WAAO,QAAQ,WAAW,SAAS,IAAI,WAAW,SAAS;AAAA,EAC5D,CAAA,EACA,KAAK,iBAAiB,wCAAwC,CAAC,WAAW;AACzE,QAAI,WAAW,MAAM;AACZ,aAAA;AAAA,IACT;AACO,WAAA,OAAO,QAAQ,aAAa,EAAE,OAAO,EAAE,IAAI,QAAQ;AAAA,EAAA,CAC3D;AAAA,EACH,gBAAgB,IACb,QACA,SACA,EAAA;AAAA,IACC,IACG,WACA;AAAA,MACC;AAAA,MACA;AAAA,MACA,CAAC,WAAW;AACH,eAAA,OAAO,QAAQ,aAAa,EAAE,OAAO,EAAE,IAAI,QAAQ;AAAA,MAC5D;AAAA,IACF;AAAA,EACJ;AACJ,CAAC;AAEY,MAAA,gCAAgC,kBAAkB,2BAA2B;AC/BnF,MAAM,yBAAyB;AACzB,MAAA,4BAA4B,GAAG,sBAAsB;AACrD,MAAA,0BAA0B,GAAG,sBAAsB;ACChE,MAAM,oBAAoB;AAAA,EACxB,SAAS;AAAA,EACT,OAAO;AACT;AAEa,MAAA,gBAAgB,YAAY,OAAO,MAAM,EAAE,MAAM,QAAQ,MAAM,QAAA,CAAS;AAE9E,MAAM,0BAA0B,MAAM;AAC3C,QAAM,EAAE,KAAK,aAAa,OAAO,OAAO,IAAI,OAAO;AACnD,QAAM,YAAY,CAAC,QAAgB,GAAG,YAAY,QAAQ,GAAG,GAAG;AAEzD,SAAA,UAAU,WAAW,iBAAiB;AAC/C;AAEA,MAAe,QAAA;AAAA,EACb;AAAA,EACA;AACF;ACfA,MAAM,yBAAyB,MAAM,IAAI,MAAM,4BAA4B;AAE9D,MAAA,eAAuC,OAAO,KAAK,SAAS;AACjE,QAAA;AAAA,IACJ,QAAQ,EAAE,SAAS;AAAA,EACjB,IAAA;AACE,QAAA,eAAe,MAAM;AAG3B,SAAOa,WAAS,aAAa,UAAU,MAAM,OAAO,OAAO,YAAY;AACrE,QAAI,SAAS,CAAC,WAAW,CAAC,QAAQ,OAAO;AACvC,UAAI,OAAO;AACF,eAAA,IAAI,MAAM,KAAK;AAAA,MACxB;AAEO,aAAA,SAAS,KAAK,oBAAoB;AAAA,QACvC,OAAO,SAAS,uBAAuB;AAAA,QACvC;AAAA,MAAA,CACD;AAEM,aAAA,IAAI,SAAS,aAAa,KAAK;AAAA,IACxC;AAEA,UAAMb,QAAO,MAAM,WAAW,MAAM,EAAE,eAAe,QAAQ,KAAK;AAC5D,UAAA,WAAWA,QAAO,uBAAuB;AAE/C,WAAO,SAAS,KAAK,IAAI,EAAEA,SAAQ,SAAS,QAAQ;AAAA,EAAA,CACrD,EAAE,KAAK,IAAI;AACd;AAEA,MAAM,uBACJ,CAAC,KAAK,SAAS,OAAOA,OAAW,aAAkB;AAC3C,QAAA,eAAe,MAAM;AAEvB,MAAA,CAACA,MAAK,UAAU;AACX,WAAA,SAAS,KAAK,oBAAoB;AAAA,MACvC,OAAO,IAAI,MAAM,oCAAoCA,MAAK,EAAE,GAAG;AAAA,MAC/D;AAAA,IAAA,CACD;AACM,WAAA,IAAI,SAAS,aAAa,KAAK;AAAA,EACxC;AAEA,MAAI,MAAM,OAAOA;AACjB,SAAO,KAAK;AACd;AAEF,MAAM,0BACJ,CAAC,KAAK,SAAS,OAAO,SAAc,aAAkB;AACpD,QAAM,EAAE,OAAAQ,QAAO,WAAAW,YAAW,UAAAC,WAAU,UAAAC,cAAa;AAC3C,QAAA,eAAe,MAAM;AACrB,QAAA,aAAa,MAAM,MAAM;AACzB,QAAA,EAAE,UAAe,IAAA,MAAM,WAAW,IAAI,EAAE,KAAK,OAAA,CAAQ;AAG3D,QAAM,0BAA0B,CAACA,cAAa,CAACF,cAAa,CAACC;AAE7D,MAAI,CAAC,UAAU,gBAAgB,CAAC,UAAU,eAAe,yBAAyB;AACzE,WAAA,SAAS,KAAK,oBAAoB,EAAE,OAAO,uBAAuB,GAAG,UAAU;AAC/E,WAAA,IAAI,SAAS,aAAa,KAAK;AAAA,EACxC;AAEM,QAAA,cAAc,MAAM,WAAW,MAAM,EAAE,QAAQ,EAAE,IAAI,UAAU,YAAA,CAAa;AAGlF,MAAI,CAAC,aAAa;AACT,WAAA,SAAS,KAAK,oBAAoB,EAAE,OAAO,uBAAuB,GAAG,UAAU;AAC/E,WAAA,IAAI,SAAS,aAAa,KAAK;AAAA,EACxC;AAGA,MAAI,MAAM,OAAO,MAAM,WAAW,MAAM,EAAE,OAAO;AAAA,IAC/C,OAAAZ;AAAA,IACA,UAAAa;AAAA,IACA,WAAAF;AAAA,IACA,UAAAC;AAAA,IACA,OAAO,CAAC,YAAY,EAAE;AAAA,IACtB,UAAU;AAAA,IACV,mBAAmB;AAAA,EAAA,CACpB;AAEM,SAAA,SAAS,KAAK,+BAA+B;AAAA,IAClD,MAAM,IAAI,MAAM;AAAA,IAChB;AAAA,EAAA,CACD;AAED,SAAO,KAAK;AACd;AAEW,MAAA,mBAA2C,CAAC,QAAQ;AACzD,QAAA;AAAA,IACJ,QAAQ,EAAE,SAAS;AAAA,EACjB,IAAA;AACE,QAAA,eAAe,MAAM;AAC3B,QAAM,SAA6B,OAAO,OAAO,IAAI,mBAAmB;AAClE,QAAA,EAAE,MAAApB,MAAK,IAAI,IAAI;AAErB,QAAM,MAAM,WAAW,OAAO,EAAE,eAAeA,KAAI;AAEnD,QAAM,eAAe,OAAO,OAAO,IAAI,aAAa,MAAM;AAEpD,QAAA,iBAAiB,EAAE,UAAU,OAAO,QAAQ,cAAc,WAAW,MAAM;AAEjF,QAAM,gBAAgB,WAAW,MAAM,EAAE,aAAaA,KAAI;AAC1D,SAAO,SAAS,KAAK,sBAAsB,EAAE,MAAM,eAAe,UAAU;AAE5E,MAAI,QAAQ,IAAI,YAAY,KAAK,cAAc;AAC3C,MAAA,SAAS,aAAa,OAAO;AACnC;AAEA,MAAe,cAAA;AAAA,EACb;AAAA,EACA;AACF;AC7GA,MAAM,gBAAgB,KAAK,CAAC,OAAO,eAAe,MAAM,CAAC;AACzD,MAAM,4BAA4B,KAAK,CAAC,gBAAgB,eAAe,gBAAgB,CAAC;AAExF,MAAM,EAAE,gBAAoB,IAAA;AAE5B,MAAM,6BAA6B,QAAQ;AAAA,EACzC,YAAY;AAAA,EACZ,YAAY;AACd,CAAC;AAED,MAAe,iBAAA;AAAA,EACb,MAAM,aAAa,KAAc;AAC/B,UAAM,EAAE,kBAAAkB,kBAAqB,IAAA,OAAO,QAAQ,iBAAiB;AAE7D,QAAI,OAAOA,kBAAiB,OAAO,EAAE,IAAI,aAAa;AAAA,EACxD;AAAA,EAEA,MAAM,wBAAwB,KAAc;AACpC,UAAA,aAAa,MAAM,MAAM;AACzB,UAAA,EAAE,WAAW,iBAAA,IAAsB,MAAM,WAAW,IAAI,EAAE,KAAK,OAAA,CAAQ;AAE7E,QAAI,OAAO;AAAA,MACT,MAAM,0BAA0B,gBAAgB;AAAA,IAAA;AAAA,EAEpD;AAAA,EAEA,MAAM,2BAA2B,KAAc;AACvC,UAAA;AAAA,MACJ,SAAS,EAAE,KAAK;AAAA,IACd,IAAA;AAEJ,UAAM,8BAA8B,IAAI;AAElC,UAAA,aAAa,MAAM,MAAM;AAC/B,UAAM,qBAAsB,MAAM,WAAW,IAAI,EAAE,KAAK,QAAQ;AAChE,UAAM,iBAAiB,EAAE,GAAG,oBAAoB,WAAW,KAAK;AAChE,UAAM,WAAW,IAAI,EAAE,KAAK,QAAQ,OAAO,gBAAgB;AAEpD,WAAA,UAAU,KAAK,sBAAsB;AAE5C,QAAI,OAAO;AAAA,MACT,MAAM,0BAA0B,eAAe,SAAS;AAAA,IAAA;AAAA,EAE5D;AAAA,EAEA,cAAc,KAAc,MAAY;AAChC,UAAA;AAAA,MACJ,QAAQ,EAAE,UAAU,aAAa;AAAA,IAC/B,IAAA;AAEJ,UAAM,EAAE,kBAAAA,kBAAqB,IAAA,OAAO,QAAQ,iBAAiB;AAE7D,QAAI,CAACA,kBAAiB,IAAI,YAAY,GAAG;AACvC,YAAM,IAAI,gBAAgB,8BAA8B,YAAY,EAAE;AAAA,IACxE;AAEO,WAAA,2BAA2B,KAAK,IAAI;AAAA,EAC7C;AACF;AChEA,MAAM,mBAAmB,IACtB,OAAO,EACP,MAAM;AAAA,EACL,MAAM,IAAI,OAAA,EAAS,IAAI,CAAC,EAAE,SAAS;AAAA,EACnC,aAAa,IAAI,OAAO,EAAE,SAAS;AACrC,CAAC,EACA,UAAU;AAEb,MAAM,oBAAoB,IACvB,OAAO,EACP,MAAM;AAAA,EACL,KAAK,IACF,MAAM,EACN,GAAG,IAAI,SAAU,CAAA,EACjB,IAAI,CAAC,EACL,SACA,EAAA;AAAA,IACC;AAAA,IACA;AAAA,IACA,eAAe,oBAAoB,KAAK;AAClC,UAAA;AACF,cAAM,OAAO,QAAQ,aAAa,EAAE,wBAAwB,GAAG;AAE/D,YAAI,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACvC,gBAAM,OAAO,QAAQ,aAAa,EAAE,2BAA2B,GAAG;AAAA,QACpE;AAAA,eACO,GAAQ;AACR,eAAA,KAAK,YAAY,EAAE,MAAM,OAAO,SAAS,EAAE,SAAS;AAAA,MAC7D;AAEO,aAAA;AAAA,IACT;AAAA,EACF;AACJ,CAAC,EACA,UAAU;AAEb,MAAM,mBAAmB,IACtB,WACA,SACA,EAAA;AAAA,EACC;AAAA,EACA;AAAA,EACA,eAAe,oBAAoB,IAAI;AACjC,QAAA;AACF,YAAM,OAAO,QAAQ,aAAa,EAAE,wBAAwB,CAAC,EAAE,CAAC;AAEhE,UAAI,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACvC,cAAM,OAAO,QAAQ,aAAa,EAAE,2BAA2B,CAAC,EAAE,CAAC;AAAA,MACrE;AAAA,aACO,GAAQ;AACR,aAAA,KAAK,YAAY,EAAE,MAAM,MAAM,SAAS,EAAE,SAAS;AAAA,IAC5D;AAEO,WAAA;AAAA,EACT;AACF;AAEW,MAAA,0BAA0B,kBAAkB,gBAAgB;AAC5D,MAAA,2BAA2B,kBAAkB,iBAAiB;AAC9D,MAAA,0BAA0B,kBAAkB,gBAAgB;ACpDzE,MAAe,OAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKb,MAAM,OAAO,KAAc;AACnB,UAAA,wBAAwB,IAAI,QAAQ,IAAI;AAExC,UAAA,cAAc,WAAW,MAAM;AAErC,UAAMZ,QAAO,MAAM,YAAY,OAAO,IAAI,QAAQ,IAAI;AAChD,UAAA,gBAAgB,YAAY,aAAaA,KAAI;AAEnD,QAAI,QAAQ,EAAE,MAAM,cAAe,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,UAAU,KAAc;AACtB,UAAA,EAAE,GAAG,IAAI,IAAI;AAEnB,UAAM,wBAAwB,EAAE;AAE1B,UAAA,cAAc,WAAW,MAAM;AAErC,UAAMD,SAAQ,MAAM,YAAY,YAAY,CAAC,EAAE,CAAC;AAE1C,UAAA,gBAAgBA,OAAM,IAAI,CAACC,UAAkB,YAAY,aAAaA,KAAI,CAAC,EAAE,CAAC,KAAK;AAEzF,WAAO,IAAI,QAAQ;AAAA,MACjB,MAAM;AAAA,IAAA,CACP;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAAW,KAAc;AACvB,UAAA,EAAE,KAAK,IAAI,IAAI;AAErB,UAAM,yBAAyB,IAAI;AAE7B,UAAA,cAAc,WAAW,MAAM;AAErC,UAAMD,SAAQ,MAAM,YAAY,YAAY,KAAK,GAAG;AACpD,UAAM,iBAAiBA,OAAM,IAAI,YAAY,YAAY;AAEzD,WAAO,IAAI,QAAQ;AAAA,MACjB,MAAM;AAAA,IAAA,CACP;AAAA,EACH;AACF;ACzBA,MAAM,6BAA6B,OAAwB;AAAA,EACzD,SAAS;AAAA,IACP,mBAAmB;AAAA,EACrB;AACF;AAKA,MAAM,eAAe;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAKA,MAAM,2BAA2B,KAAK,YAAY;AAWlD,MAAM,kBAAkB,CAAC,eAA4C;AAC7D,QAAA,EAAE,YAAY,IAAQ,IAAA;AAE5B,MAAI,CAAC,YAAY;AACf,WAAO,QAAQ,GAAG;AAAA,EACpB;AAEA,MAAI,eAAe,SAAS;AAC1B,WAAO,UAAU,GAAG;AAAA,EACtB;AAEO,SAAA,WAAW,UAAU,IAAI,GAAG;AACrC;AAKA,MAAM,iBAAiB,CAAC,UACtB,IAAI,YAAY,gBAAgB,KAAK,GAAG,KAAK;AAO/C,MAAM,0BAA0B,CAAC,WAA2B;AAC1D,QAAM,wBAAwB,CAAC,YAAY,SAAS,EAAE,SAAS,OAAO,OAAO;AAEtE,SAAA,wBACH,IAAI,eAAe,OAAO,eAAe,WAAW,MAAM,IAC1D,KAAK,eAAe,MAAM;AAChC;AAKA,MAAM,oBAAoB,MAAM,CAAC,UAAkB,WAA4B;AACtE,SAAA,KAAK,KAAK,2BAA2B,GAAG,SAAS,QAAQ,CAAC,EAAE,MAAM;AAC3E,CAAC;AAKD,MAAM,mBAAmB,MAAM,CAAC,SAAiB,WAA4B;AAC3E,SAAO,QAAQ,OAAO,QAAQ,KAAK,SAAS,SAAS,OAAO,QAAQ;AACtE,CAAC;AAKD,MAAM,SAAmD;AAAA;AAAA;AAAA,EAGvD;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA,MAAM,4BAA4B;AACpC;AAEA,MAAe,eAAA;AAAA,EACb;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AC9IA,MAAM,gCAAgC,CAAC,WAAoB;AACrD,MAAA,EAAE,MAAM,MAAM,GAAG;AAEZ,WAAA;AAAA,EACT;AACA,MAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AACnB,WAAA;AAAA,EACT;AAEA,MAAI,SAAS;AACb,WAAS,SAAS,GAAG,SAAS,OAAO,QAAQ,UAAU,GAAG;AACxD,aAAS,OACN,MAAM,SAAS,CAAC,EAChB;AAAA,MACC,CAAC,WACC,OAAO,WAAW,GAAG,OAAO,MAAM,CAAC,GAAG,KAAK,OAAO,MAAM,EAAE,WAAW,GAAG,MAAM,GAAG;AAAA,IAAA;AAEnF,QAAA;AAAQ;AAAA,EACd;AAEA,SAAO,CAAC;AACV;ACrBA,MAAM,gCAAgC,CAAC,WAAoB;AACrD,MAAA,EAAE,MAAM,MAAM,GAAG;AAEZ,WAAA;AAAA,EACT;AACA,MAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AACnB,WAAA;AAAA,EACT;AAEA,SAAO,EAAE,KAAK,MAAM,EAAE,WAAW,OAAO;AAC1C;ACFA,MAAM,wBAAwB,CAAC,aAAqB;AAClD,SAAOR,aAAW,YAAY,EAAE,eAAe,IAAI,QAAQ;AAC7D;AAEO,MAAM,QAAQ,IAAI,OAAA,EAAS,QAAQ,UAAU;AAE7C,MAAM,YAAY,IAAI,SAAS,KAAK,EAAE,IAAI,CAAC;AAErC,MAAA,WAAW,IAAI;AAErB,MAAM,WAAW,IAAI,OAAO,EAAE,IAAI,CAAC;AAEnC,MAAM,WAAW,IACrB,OACA,EAAA,IAAI,CAAC,EACL,QAAQ,SAAS,uDAAuD,EACxE,QAAQ,SAAS,uDAAuD,EACxE,QAAQ,MAAM,0CAA0C;AAE9C,MAAA,QAAQ,IAAI,MAAM,IAAI,UAAU,EAAE,IAAI,CAAC;AAEpD,MAAM,gBAAgB,IACnB,OAAO,EACP,KAAK,oBAAoB,wBAAwB,SAAU,OAAO;AAC1D,SAAA,CAAC,QAAW,SAAS,GAAG,OAAO,KAAK,OAAO,OAAO,CAAC,EAAE,SAAS,KAAK,IACtE,OACA,KAAK,YAAY,EAAE,MAAM,KAAK,MAAM,SAAS,GAAG,KAAK,IAAI,6BAA8B,CAAA;AAC7F,CAAC;AAEI,MAAM,wBAAwB,IAClC,MAAM,EACN,GAAG,IAAI,OAAQ,CAAA,EACf,KAAK,6BAA6B,wBAAwB,SAAU,OAAO;AAC1E,QAAM,MAAM,OAAO,QAAQ,mBAAmB,EAAE,kBAAkB;AAC3D,SAAA,EAAE,YAAY,KAAK,KAAK,EAAE,WAAW,OAAO,GAAG,EAAE,WAAW,IAC/D,OACA,KAAK,YAAY,EAAE,MAAM,KAAK,MAAM,SAAS,wCAAwC;AAC3F,CAAC;AAEU,MAAA,uBAAuB,CAAC,GAAQ,MAC3C,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,WAAY,EAAE,MAAM,EAAE,OAAO,KAAK,EAAE,MAAM,EAAE,OAAO;AAE/F,MAAM,+BAA+B,CAAC,gBACpC,CAAC,MAAM,QAAQ,WAAW,KAC1B,YAAY;AAAA,EAAM,CAAC,OAAO,MACxB,YAAY,MAAM,IAAI,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,qBAAqB,OAAO,KAAK,CAAC;AAC/E;AAEF,MAAM,iBAAiB,CAAC,WACtB,SAAU,QAA6B;AAEjC,MAAA,MAAM,MAAM,GAAG;AACV,WAAA;AAAA,EACT;AAEA,SAAO,aAAa,kBAAkB,UAAU,MAAM,KAAK,MAAM,MAAM;AACzE;AAEF,MAAM,2BAA2B,CAAC,WAChC,IACG,MAAM,EACN,GAAG,IAAI,OAAO,CAAC,EACf,SACA,EAAA;AAAA,EACC;AAAA,EACA;AAAA,EACA;AACF,EACC;AAAA,EACC;AAAA,EACA;AAAA,EACA;AACF,EACC;AAAA,EACC;AAAA,EACA;AAAA;AAAA,EAEA,eAAe,MAAM;AACvB;AAEG,MAAM,aAAa,IACvB,OAAO,EACP,MAAM;AAAA,EACL,QAAQ,IACL,OAAA,EACA,SAAA,EACA,KAAK,mBAAmB,+CAA+C,SAAU,UAAU;AAEtF,QAAA,MAAM,QAAQ,GAAG;AACZ,aAAA;AAAA,IACT;AAEO,WAAA,CAAC,CAAC,sBAAsB,QAAQ;AAAA,EAAA,CACxC;AAAA,EACH,kBAAkB,IAAI,OAAO,EAAE,SAAS;AAAA,EACxC,SAAS,IACN,OAAA,EACA,SAAA,EACA,KAAK,oBAAoB,6BAA6B,SAAU,SAAS;AAExE,UAAM,SAAS,sBAAsB,KAAK,QAAQ,OAAO,MAAM;AAE/D,QAAI,CAAC,QAAQ;AACJ,aAAA;AAAA,IACT;AAEI,QAAA,MAAM,OAAO,QAAQ,GAAG;AAC1B,aAAO,MAAM,OAAO;AAAA,IACtB;AAEI,QAAA,QAAQ,OAAO,QAAQ,GAAG;AACrB,aAAA,OAAO,SAAS,SAAS,OAAO;AAAA,IACzC;AAEO,WAAA;AAAA,EAAA,CACR;AAAA,EACH,YAAY,IACT,OAAO,EACP,KAAK,wBAAwB,mCAAmC,SAAU,YAAY;AAErF,UAAM,SAAS,sBAAsB,KAAK,QAAQ,OAAO,MAAM;AAC/D,UAAM,kBAAkB,QAAQ,UAAU,KAAK,MAAM,UAAU;AAE/D,QAAI,CAAC,IAAI,6BAA6B,MAAM,GAAG;AACtC,aAAA;AAAA,IACT;AAEA,QAAI,iBAAiB;AACZ,aAAA;AAAA,IACT;AAEM,UAAA,EAAE,kBAAkB,IAAI,OAAO;AAEjC,QAAA,CAAC,QAAQ,iBAAiB,GAAG;AACxB,aAAA;AAAA,IACT;AAEO,WAAA,OAAO,KAAK,UAAU,EAAE,MAAM,CAAC,aAAa,kBAAkB,SAAS,QAAQ,CAAC;AAAA,EACxF,CAAA,EACA;AAAA,IACC;AAAA,IACA;AAAA,IACA,eAAgB,aAAa,CAAA,GAAI;AAE/B,YAAM,SAAS,sBAAsB,KAAK,QAAQ,OAAO,MAAM;AAE3D,UAAA,CAAC,UAAU,CAAC,YAAY;AACnB,eAAA;AAAA,MACT;AAEA,UAAI,CAAC,aAAa,kBAAkB,UAAU,MAAM,GAAG;AAC9C,eAAA;AAAA,MACT;AAEI,UAAA;AACF,cAAM,yBAAyB,MAAM,EAAE,SAAS,WAAW,QAAQ;AAAA,UACjE,QAAQ;AAAA,UACR,YAAY;AAAA,QAAA,CACb;AACM,eAAA;AAAA,eACA,GAAQ;AAEf,cAAM,KAAK,YAAY;AAAA,UACrB,SAAS,EAAE;AAAA,UACX,MAAM,GAAG,KAAK,IAAI;AAAA,QAAA,CACnB;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA,EACF,YAAY,IAAI,MAAA,EAAQ,GAAG,IAAI,QAAQ;AACzC,CAAC,EACA,UAAU;AAEN,MAAM,oBAAoB,IAC9B,OAAO,EACP,MAAM;AAAA,EACL,aAAa,IACV,MAAM,EACN,WACA,GAAG,UAAU,EACb;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACJ,CAAC,EACA,WACA;AAEH,MAAe,aAAA;AAAA,EACb;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AC9MA,MAAM,qBAAqB,IACxB,OAAO,EACP,MAAM;AAAA,EACL,OAAO,WAAW,MAAM,SAAS;AAAA,EACjC,WAAW,WAAW,UAAU,SAAS;AAAA,EACzC,UAAU,WAAW;AAAA,EACrB,OAAO,WAAW,MAAM,IAAI,CAAC;AAAA,EAC7B,kBAAkB,IAAI,OAAO,EAAE,SAAS;AAC1C,CAAC,EACA,UAAU;AAEb,MAAM,sBAAsB,IACzB,OAAO,EACP,MAAM;AAAA,EACL,OAAO,WAAW,MAAM,QAAQ;AAAA,EAChC,WAAW,WAAW,UAAU,QAAQ;AAAA,EACxC,UAAU,WAAW,SAAS,SAAS;AAAA,EACvC,UAAU,WAAW,SAAS,SAAS;AAAA,EACvC,UAAU,WAAW,SAAS,QAAQ;AAAA,EACtC,iBAAiB,IACd,OAAA,EACA;AAAA,IAAK;AAAA,IAAY,CAACY,WAAkB,WACnC,CAAC,YAAYA,SAAQ,IAAI,OAAO,SAAA,IAAa;AAAA,IAE9C,QAAQ;AAAA,EACX,kBAAkB,IAAI,OAAO,EAAE,SAAS;AAC1C,CAAC,EACA,UAAU;AAEb,MAAM,mBAAmB,IACtB,OAAO,EACP,MAAM;AAAA,EACL,OAAO,WAAW,MAAM,QAAQ;AAAA,EAChC,WAAW,WAAW,UAAU,QAAQ;AAAA,EACxC,UAAU,WAAW,SAAS,SAAS;AAAA,EACvC,UAAU,WAAW,SAAS,SAAS;AAAA,EACvC,UAAU,WAAW,SAAS,QAAQ;AAAA,EACtC,UAAU,IAAI,KAAK,EAAE,QAAQ;AAAA,EAC7B,OAAO,WAAW,MAAM,IAAI,CAAC,EAAE,QAAQ;AACzC,CAAC,EACA,UAAU;AAEb,MAAM,oBAAoB,IACvB,OAAO,EACP,MAAM;AAAA,EACL,KAAK,IAAI,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE,SAAS;AACtD,CAAC,EACA,UAAU;AAE4B,kBAAkB,kBAAkB;AACnC,kBAAkB,mBAAmB;AAClE,MAAA,0BAA0B,kBAAkB,gBAAgB;AACjC,kBAAkB,iBAAiB;AACpE,MAAM,UAAU;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AACF;AC1DA,MAAM,gCAAgC,IACnC,OAAO,EACP,MAAM;AAAA,EACL,oBAAoB,IAAI,QAAQ;AAClC,CAAC,EACA,UAAU;AAEA,MAAA,4BAA4B,CAAC,SAAc;AACtD,MAAI,SAAS,QAAQ;AAErB,MAAI,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AAC9B,aAAA,OAAO,OAAO,6BAA6B;AAAA,EACtD;AAEO,SAAA,kBAAkB,MAAM,EAAE,IAAI;AACvC;ACRA,MAAM,EAAE,kBAAkB,eAAmB,IAAA;AAE7C,MAAM,6BAA6B,KAAK,CAAC,aAAa,YAAY,SAAS,OAAO,CAAC;AAEnF,MAAM,yBAAyB,YAAY;AACrC,MAAA,CAAC,OAAO,IAAI;AACP,WAAA;AAAA,EACT;AAEM,QAAA,iBAAiB,OAAO,GAAG;AAC7B,MAAA,MAAM,cAAc,GAAG;AAClB,WAAA;AAAA,EACT;AAEA,QAAM,YAAY,MAAM,OAAO,QAAQ,aAAa,EAAE;AAEtD,MAAI,YAAY,gBAAgB;AACvB,WAAA;AAAA,EACT;AACF;AAEA,MAAe,OAAA;AAAA,EACb,MAAM,OAAO,KAAc;AACrB,QAAA,CAAE,MAAM,0BAA2B;AAC/B,YAAA,IAAI,eAAe,0DAA0D;AAAA,IACrF;AAEM,UAAA,EAAE,KAAK,IAAI,IAAI;AACrB,UAAM,YAAY,EAAE,GAAG,MAAM,OAAO,EAAE,IAAI,MAAM,SAAS,EAAE,EAAE,YAAc,EAAA;AAE3E,UAAM,0BAA0B,SAAS;AAEnC,UAAA,aAAa,2BAA2B,SAAS;AACjD,UAAA,EAAE,mBAAuB,IAAA;AAEzB,UAAA,oBAAoB,MAAM,WAAW,MAAM,EAAE,OAAO,EAAE,OAAO,WAAW,MAAA,CAAO;AAErF,QAAI,mBAAmB;AACf,YAAA,IAAI,iBAAiB,qBAAqB;AAAA,IAClD;AAEA,QAAI,oBAAoB;AACtB,aAAO,OAAO,YAAY,EAAE,mBAAmB,MAAM,UAAU,MAAM;AAAA,IACvE;AAEA,UAAM,cAAc,MAAM,WAAW,MAAM,EAAE,OAAO,UAAU;AAC9D,UAAM,WAAW,WAAW,MAAM,EAAE,aAAa,WAAW;AAI5D,WAAO,OAAO,UAAU,EAAE,mBAAmB,YAAY,mBAAmB;AAE5E,QAAI,QAAQ,EAAE,MAAM,SAAU,CAAA;AAAA,EAChC;AAAA,EAEA,MAAM,OAAO,KAAc;AACnB,UAAA,EAAE,GAAG,IAAI,IAAI;AACnB,UAAM,EAAE,MAAM,UAAU,IAAI;AAE5B,UAAM,wBAAwB,KAAK;AAEnC,QAAI,EAAE,IAAI,OAAO,OAAO,GAAG;AACzB,YAAM,mBAAmB,MAAM,WAAW,MAAM,EAAE,OAAO;AAAA,QACvD,IAAI,EAAE,KAAK,GAAG;AAAA,QACd,OAAO,MAAM;AAAA,MAAA,CACd;AAED,UAAI,kBAAkB;AACd,cAAA,IAAI,iBAAiB,+CAA+C;AAAA,MAC5E;AAAA,IACF;AAEA,UAAMT,QAAO,MAAM,WAAW,MAAM,EAAE,QAAQ,IAAI,IAAI;AAElD,QAAA,CAAE,MAAM,4BAA6B,CAACA,MAAK,YAAY,MAAM,UAAU;AACnE,YAAA,IAAI,eAAe,yDAAyD;AAAA,IACpF;AAEA,UAAM,cAAc,MAAM,WAAW,MAAM,EAAE,WAAW,IAAI,KAAK;AAEjE,QAAI,CAAC,aAAa;AACT,aAAA,IAAI,SAAS,qBAAqB;AAAA,IAC3C;AAEA,QAAI,OAAO;AAAA,MACT,MAAM,WAAW,MAAM,EAAE,aAAa,WAAW;AAAA,IAAA;AAAA,EAErD;AAAA,EAEA,MAAM,YAAY,KAAc;AACxB,UAAA,EAAE,MAAAA,MAAK,IAAI,IAAI;AACf,UAAA,cAAc,MAAM,YAAYA,KAAI;AAE1C,QAAI,OAAO;AAAA,MACT,MAAM;AAAA,QACJ;AAAA,MACF;AAAA,IAAA;AAAA,EAEJ;AACF;ACzGA,MAAe,QAAA;AAAA;AAAA,EAEb,MAAM,iBAAiB;AACrB,UAAM,QAAQ,OAAO,OAAO,IAAI,eAAe,CAAA,CAAE;AAC7C,QAAA;AACF,aAAO,EAAE,MAAM,EAAE,MAAM,OAAO,IAAI,UAAU,OAAO,GAAG,SAAS,KAAK,GAAG,MAAQ,EAAA;AAAA,aACxE,KAAK;AACL,aAAA,EAAE,MAAM,EAAE,MAAM,OAAO,UAAU,CAAI,GAAA,MAAA;IAC9C;AAAA,EACF;AAAA,EAEA,MAAM,0BAA0B;AACxB,UAAA,iBAAiB,OAAO,GAAG;AAEjC,QAAI,eAAe;AACnB,QAAI,qBAAqB;AACrB,QAAA;AAEJ,UAAM,yBAAyB,MAAM,WAAW,MAAM,EAAE,0BAA0B;AAElF,UAAM,kBAAkB,MAAM,WAAW,kBAAkB,EAAE,oBAAoB;AAEjF,QAAI,iBAAiB;AACnB,6BAAuB,yBAAyB,gBAAgB;AAAA,IAAA,OAC3D;AACkB,6BAAA;AAAA,IACzB;AAEA,QAAI,CAAC,MAAM,cAAc,KAAK,uBAAuB,gBAAgB;AACpD,qBAAA;AACM,2BAAA;AAAA,IACvB;AAEA,QAAI,CAAC,MAAM,cAAc,KAAK,yBAAyB,gBAAgB;AACtD,qBAAA;AACM,2BAAA;AAAA,IACvB;AAEA,UAAM,OAAO;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,kBAAkB,MAAM,cAAc,IAAI,QAAQ,0BAA0B;AAAA,MAC5E;AAAA,MACA,uBAAuB,IAAI,kBAAkB,IAAI,MAAM;AAAA,MACvD,UAAU,OAAO,GAAG,SAAS,UAAU,CAAC;AAAA,IAAA;AAG1C,WAAO,EAAE,KAAK;AAAA,EAChB;AACF;AChDA,MAAe,cAAA;AAAA,EACb;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;ACVO,MAAM,0BACX,CAAC,gBAAwB,CAAC,KAAK,SAAS;AACtC,MAAI,OAAO,GAAG,SAAS,UAAU,WAAW,GAAG;AAC7C,WAAO,KAAK;AAAA,EACd;AAEA,MAAI,SAAS;AACf;ACPF,MAAe,MAAA;AAAA,EACb,MAAM;AAAA,EACN,QAAQ;AAAA,IACN;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,MAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,MAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,MAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,UAAU;AAAA,UACR;AAAA,UACA,EAAE,MAAM,yBAAyB,QAAQ,EAAE,SAAS,CAAC,4BAA4B,IAAI;AAAA,QACvF;AAAA,MACF;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,UAAU;AAAA,UACR;AAAA,UACA,EAAE,MAAM,yBAAyB,QAAQ,EAAE,SAAS,CAAC,8BAA8B,IAAI;AAAA,QACzF;AAAA,MACF;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,UAAU,CAAC,6BAA6B;AAAA,MAC1C;AAAA,IACF;AAAA,EACF;AACF;AClEA,MAAe,eAAA;AAAA,EACb,MAAM;AAAA,EACN,QAAQ;AAAA;AAAA,IAEN;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,UAAU;AAAA,UACR;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,QAAQ;AAAA,cACN,SAAS;AAAA,gBACP;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;ACvBA,MAAe,SAAA;AAAA,EACb;AAAA,EACA,iBAAiB;AACnB;ACJA,MAAe,kBAAA;AAAA,EACb,MAAM;AAAA,EACN,QAAQ;AAAA,IACN;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,YAAY,CAAC;AAAA,QACnD,UAAU;AAAA,UACR;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,QAAQ;AAAA,cACN,SAAS,CAAC,wBAAwB;AAAA,YACpC;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,YAAY,CAAC;AAAA,QACnD,UAAU;AAAA,UACR;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,QAAQ;AAAA,cACN,SAAS,CAAC,wBAAwB;AAAA,YACpC;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;ACtCA,MAAM,uBAAuB,CAAC,cAAc,eAAe,YAAY,WAAW;AAElF,MAAM,yBAAyB,IAC5B,OAAO,EACP,MAAM;AAAA,EACL,MAAM,IAAI,OAAA,EAAS,QAAQ,EAAE,IAAI,CAAC;AAAA,EAClC,UAAU,IAAI,OAAA,EAAS,QAAA,EAAU,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EAC/C,MAAM,IAAI,QAAQ,MAAM,oBAAoB;AAC9C,CAAC,EACA,SAAS;AAEL,MAAM,mBAAmB,kBAAkB,wBAAwB,EAAE,QAAQ,OAAO;ACT3F,MAAe,sBAAA;AAAA,EACb,MAAM,SAAS,KAAc;AACrB,UAAA,EAAE,MAAM,IAAI,IAAI;AACtB,UAAM,iBAAiB,KAAK;AAEtB,UAAA,YAAY,OAAO,IAAI,YAAY;AACzC,UAAM,OAAO,MAAM,UAAU,SAAS,KAAK;AAE3C,QAAI,OAAO;AAAA,EACb;AAAA,EAEA,MAAM,QAAQ,KAAc;AACpB,UAAA,EAAE,GAAG,IAAI,IAAI;AAEb,UAAA,YAAY,OAAO,IAAI,YAAY;AACzC,UAAM,OAAO,MAAM,UAAU,QAAQ,EAAE;AAEvC,QAAI,OAAO;AAEJ,WAAA,UAAU,KAAK,oBAAoB;AAAA,EAC5C;AACF;ACZA,MAAM,mBAAmB,CAACA,UAAc;AACtC,MAAI,cAAcA,MAAK;AAEvB,MAAIA,MAAK,UAAU;AACjB,kBAAcA,MAAK;AAAA,EACV,WAAAA,MAAK,aAAaA,MAAK,UAAU;AAC1C,kBAAc,GAAGA,MAAK,SAAS,IAAIA,MAAK,QAAQ;AAAA,EAClD;AAEO,SAAA;AAAA,IACL,IAAIA,MAAK;AAAA,IACT,OAAOA,MAAK;AAAA,IACZ;AAAA,EAAA;AAEJ;AAMA,MAAM,yBAAyB,CAACJ,YAAwB;AAC/C,SAAA;AAAA,IACL,MAAM,UAAU,OAAc;AAC5B,YAAM,EAAE,QAAQ,GAAG,KAAA,IAAS;AAE5B,YAAM0B,YAAgB,EAAE,GAAG,MAAM,MAAM,OAAO;AAGxC,YAAA1B,QAAO,IAAI,MAAM,kBAAkB,EAAE,OAAO,EAAE,MAAM0B,UAAA,CAAU;AAE7D,aAAA;AAAA,IACT;AAAA,IAEA,MAAM,SAAS,OAAgB;AACvB,YAAA,EAAE,SAAS,WAAA,IAAe,MAAM1B,QAAO,IAAI,MAAM,kBAAkB,EAAE,SAAS;AAAA,QAClF,UAAU,CAAC,MAAM;AAAA,QACjB,QAAQ,CAAC,UAAU,QAAQ,SAAS;AAAA,QACpC,GAAGA,QAAO,IAAI,cAAc,EAAE,UAAU,oBAAoB,KAAK;AAAA,MAAA,CAClE;AAED,YAAM,mBAAmB,QAAQ,IAAI,CAAC,WAAgB;AACpD,cAAM,EAAE,MAAAI,OAAM,GAAG,KAAA,IAAS;AACnB,eAAA;AAAA,UACL,GAAG;AAAA,UACH,MAAMA,QAAO,iBAAiBA,KAAI,IAAI;AAAA,QAAA;AAAA,MACxC,CACD;AAEM,aAAA;AAAA,QACL,SAAS;AAAA,QACT;AAAA,MAAA;AAAA,IAEJ;AAAA,IAEA,MAAM,QAAQ,IAAa;AACzB,YAAM,SAAc,MAAMJ,QAAO,IAAI,MAAM,kBAAkB,EAAE,QAAQ;AAAA,QACrE,OAAO,EAAE,GAAG;AAAA,QACZ,UAAU,CAAC,MAAM;AAAA,QACjB,QAAQ,CAAC,UAAU,QAAQ,SAAS;AAAA,MAAA,CACrC;AAED,UAAI,CAAC,QAAQ;AACJ,eAAA;AAAA,MACT;AAEA,YAAM,EAAE,MAAAI,OAAM,GAAG,KAAA,IAAS;AACnB,aAAA;AAAA,QACL,GAAG;AAAA,QACH,MAAMA,QAAO,iBAAiBA,KAAI,IAAI;AAAA,MAAA;AAAA,IAE1C;AAAA,IAEA,oBAAoB,gBAAsB;AACxC,aAAOJ,QAAO,IAAI,MAAM,kBAAkB,EAAE,WAAW;AAAA,QACrD,OAAO;AAAA,UACL,MAAM;AAAA,YACJ,KAAK,eAAe,YAAY;AAAA,UAClC;AAAA,QACF;AAAA,MAAA,CACD;AAAA,IACH;AAAA,EAAA;AAEJ;AC5FA,MAAM,yBAAyB;AAE/B,MAAM,gBAAgB;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,MAAM,cAAc,CAAC2B,mBAAuB;AAC1C,QAAM,oBAAoB,IAAI,SAAc,KAAK,CAAC;AAGlD,SAAOA,eAAc,OAAO,CAAC,KAAU,UAAe;AACpD,QAAI,KAAK,IAAI;AACN,WAAA;AAAA,EACT,GAAG,CAAS,CAAA;AACd;AAEA,MAAM,mBAAmB,CAAC3B,YAAwB;AAChD,QAAM,gBAAgBA,QAAO,GAAG,SAAS,IAAI,YAAY;AACzD,QAAM,uBACJ,OAAO,kBAAkB,YAAY,eAAe,QAAQ;AAC9D,QAAM,oBAAoBA,QAAO,OAAO,IAAI,+BAA+B;AAG3E,MAAI,wBAAwB,MAAM;AAChC,WAAO,qBAAqB;AAAA,EAC9B;AAGI,MAAA,qBAAqB,oBAAoB,sBAAsB;AAC1D,WAAA;AAAA,EACT;AAGO,SAAA;AACT;AAMA,MAAM,kCAAkC,CAACA,YAAwB;AAE/D,QAAM,QAAQ,CAAA;AACR,QAAA,mBAAmBA,QAAO,IAAI,YAAY;AAG1C,QAAA,WAAW,YAAY,aAAa;AAEpC,QAAA,eAAe,CAACE,UAAiB,SAAc;AACnD,UAAM,eAAeF,QAAO,eAAe,IAAA,GAAO;AAGlD,UAAM,mBAAmB,cAAc,MAAM,KAAK,SAAS;AAC3D,UAAMI,QAAO,cAAc;AACvB,QAAA,CAAC,oBAAoB,CAACA,OAAM;AACvB,aAAA;AAAA,IACT;AAEM,UAAA,aAAa,SAASF,KAAI;AAGhC,QAAI,CAAC,YAAY;AACR,aAAA;AAAA,IACT;AAIM,UAAA,cAAc,CAAC,uBAAuB,uBAAuB;AACnE,QAAI,YAAY,SAAS,KAAK,CAAC,GAAG,GAAG,GAAG;AAC/B,aAAA;AAAA,IACT;AAEO,WAAA;AAAA,MACL,QAAQA;AAAA,MACR,OAAM,oBAAI,KAAK,GAAE,YAAY;AAAA,MAC7B,SAAS,WAAW,GAAG,IAAI,KAAK,CAAC;AAAA,MACjC,QAAQE,MAAK;AAAA,IAAA;AAAA,EACf;AAGI,QAAA,cAAc,OAAOF,UAAiB,SAAc;AACxD,UAAM,iBAAiB,aAAaA,OAAM,GAAG,IAAI;AAEjD,QAAI,gBAAgB;AACZ,YAAA,iBAAiB,UAAU,cAAc;AAAA,IACjD;AAAA,EAAA;AAGK,SAAA;AAAA,IACL,MAAM,WAAW;AAEX,UAAA,CAAC,MAAM,qBAAqB;AAE9B,cAAM,sBAAsBF,QAAO,SAAS,GAAG,aAAa,MAAM;AAEhE,eAAK,QAAQ;AACb,eAAK,SAAS;AAAA,QAAA,CACf;AAAA,MACH;AAGI,UAAA,CAAC,MAAM,qBAAqB;AAE9B,cAAM,sBAAsBA,QAAO,SAAS,GAAG,aAAa,MAAM;AAEhE,eAAK,QAAQ;AACb,eAAK,SAAS;AAAA,QAAA,CACf;AAAA,MACH;AAIA,YAAM,uBAAuBA,QAAO,SAAS,GAAG,cAAc,MAAM;AAGlE,aAAK,QAAQ;AAAA,MAAA,CACd;AAGD,UAAI,CAACA,QAAO,GAAG,SAAS,UAAU,YAAY,GAAG;AACxC,eAAA;AAAA,MACT;AAGA,YAAM,sBAAsBA,QAAO,SAAS,UAAU,WAAW;AAG3D,YAAA,gBAAgB,iBAAiBA,OAAM;AACvC,YAAA,mBAAmB,YAAY,aAAa,MAAM;AAChD,cAAA,iBAAiB,IAAI,KAAK,KAAK,IAAA,IAAQ,gBAAgB,KAAK,KAAK,KAAK,GAAI;AAChF,yBAAiB,oBAAoB,cAAc;AAAA,MAAA,CACpD;AAEM,aAAA;AAAA,IACT;AAAA,IAEA,cAAc;AACZ,UAAI,MAAM,sBAAsB;AAC9B,cAAM,qBAAqB;AAAA,MAC7B;AAEA,UAAI,MAAM,qBAAqB;AAC7B,cAAM,oBAAoB;AAAA,MAC5B;AAEA,UAAI,MAAM,kBAAkB;AAC1B,cAAM,iBAAiB;MACzB;AAEO,aAAA;AAAA,IACT;AAAA,IAEA,UAAU;AACR,aAAO,KAAK;IACd;AAAA,EAAA;AAEJ;AC1LO,MAAM,WAAW;AAAA,EACtB,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,gBAAgB;AAAA,IAChB,MAAM;AAAA,MACJ,cAAc;AAAA,MACd,YAAY;AAAA,MACZ,aAAa;AAAA,IACf;AAAA,IACA,SAAS;AAAA,MACP,YAAY;AAAA,IACd;AAAA,IACA,eAAe;AAAA,MACb,mBAAmB;AAAA,QACjB,SAAS;AAAA,MACX;AAAA,MACA,wBAAwB;AAAA,QACtB,SAAS;AAAA,MACX;AAAA,IACF;AAAA,IACA,YAAY;AAAA,MACV,QAAQ;AAAA,QACN,MAAM;AAAA,QACN,UAAU;AAAA,MACZ;AAAA,MACA,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,UAAU;AAAA,MACZ;AAAA,MACA,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,UAAU;AAAA,QACV,QAAQ;AAAA,MACV;AAAA,MACA,SAAS;AAAA,QACP,MAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;ACzBA,MAAM,aAAa,MAAM;AACvB,QAAM,UAAU;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA,cAAc;AAAA;AAAA,MAEZ,aAAa;AAAA,MACb,GAAG;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAKA,MAAA,OAAO,OAAO,IAAI,2BAA2B,IAAI,KACjD,OAAO,GAAG,SAAS,UAAU,YAAY,GACzC;AACO,WAAA;AAAA,MACL,GAAG;AAAA,MACH,aAAa;AAAA,QACX,GAAG,QAAQ;AAAA,QACX,cAAc;AAAA,MAChB;AAAA,MACA,QAAQ;AAAA,QACN,GAAG,QAAQ;AAAA,QACX,cAAc;AAAA,MAChB;AAAA,MACA,MAAM,SAAS,EAAE,QAAAA,WAAmC;AAElD,cAAM,QAAQ,SAAS,EAAE,QAAAA,QAAQ,CAAA;AAEjCA,gBAAO,IAAI,cAAc,uBAAuBA,OAAM,CAAC;AAEjD,cAAA,qBAAqB,gCAAgCA,OAAM;AACjEA,gBAAO,IAAI,wBAAwB,kBAAkB;AAErD,cAAM,mBAAmB;MAC3B;AAAA,MACA,MAAM,QAAQ,EAAE,QAAAA,WAAmC;AACjDA,gBAAO,IAAI,sBAAsB,EAAE,QAAQ;AAC3C,cAAM,QAAQ,QAAQ,EAAE,QAAAA,QAAQ,CAAA;AAAA,MAClC;AAAA,IAAA;AAAA,EAEJ;AAEO,SAAA;AACT;AAEA,MAAA,QAAe,WAAW;"}
1	+ {"version":3,"file":"index.mjs","sources":["../../../server/src/routes/serve-admin-panel.ts","../../../server/src/utils/index.js","../../../server/src/strategies/admin.ts","../../../server/src/services/constants.ts","../../../server/src/strategies/api-token.ts","../../../server/src/register.ts","../../../ee/server/src/register.ts","../../../server/src/config/admin-actions.ts","../../../server/src/config/admin-conditions.ts","../../../server/src/bootstrap.ts","../../../ee/server/src/utils/index.ts","../../../ee/server/src/config/admin-actions.ts","../../../ee/server/src/utils/persisted-tables.ts","../../../ee/server/src/bootstrap.ts","../../../server/src/destroy.ts","../../../ee/server/src/destroy.ts","../../../ee/server/src/content-types/index.ts","../../../ee/server/src/utils/sso-lock.ts","../../../ee/server/src/services/auth.ts","../../../server/src/services/passport/local-strategy.ts","../../../server/src/services/passport.ts","../../../ee/server/src/services/passport/provider-registry.ts","../../../ee/server/src/services/passport/sso.ts","../../../ee/server/src/services/passport.ts","../../../ee/server/src/services/role.ts","../../../server/src/domain/user.ts","../../../ee/server/src/services/user.ts","../../../ee/server/src/services/metrics.ts","../../../ee/server/src/services/seat-enforcement.ts","../../../ee/server/src/services/index.ts","../../../ee/server/src/validation/authentication.ts","../../../ee/server/src/controllers/authentication-utils/constants.ts","../../../ee/server/src/controllers/authentication-utils/utils.ts","../../../ee/server/src/controllers/authentication-utils/middlewares.ts","../../../ee/server/src/controllers/authentication.ts","../../../ee/server/src/validation/role.ts","../../../ee/server/src/controllers/role.ts","../../../server/src/domain/action/index.ts","../../../server/src/validation/common-functions/check-fields-are-correctly-nested.ts","../../../server/src/validation/common-functions/check-fields-dont-have-duplicates.ts","../../../server/src/validation/common-validators.ts","../../../server/src/validation/user.ts","../../../ee/server/src/validation/user.ts","../../../ee/server/src/controllers/user.ts","../../../ee/server/src/controllers/admin.ts","../../../ee/server/src/controllers/index.ts","../../../ee/server/src/routes/utils.ts","../../../ee/server/src/routes/sso.ts","../../../ee/server/src/routes/license-limit.ts","../../../ee/server/src/routes/index.ts","../../../ee/server/src/audit-logs/routes/audit-logs.ts","../../../ee/server/src/audit-logs/validation/audit-logs.ts","../../../ee/server/src/audit-logs/controllers/audit-logs.ts","../../../ee/server/src/audit-logs/services/audit-logs.ts","../../../ee/server/src/audit-logs/services/lifecycles.ts","../../../ee/server/src/audit-logs/content-types/audit-log.ts","../../../ee/server/src/index.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport { resolve, join, extname, basename } from 'path';\nimport fse from 'fs-extra';\nimport koaStatic from 'koa-static';\nimport type { Core } from '@strapi/types';\n\nconst registerAdminPanelRoute = ({ strapi }: { strapi: Core.Strapi }) => {\n let buildDir = resolve(strapi.dirs.dist.root, 'build');\n\n if (!fse.pathExistsSync(buildDir)) {\n buildDir = resolve(__dirname, '../../build');\n }\n\n const serveAdminMiddleware = async (ctx: Context, next: Next) => {\n await next();\n\n if (ctx.method !== 'HEAD' && ctx.method !== 'GET') {\n return;\n }\n\n if (ctx.body != null \|\| ctx.status !== 404) {\n return;\n }\n\n ctx.type = 'html';\n ctx.body = fse.createReadStream(join(buildDir, 'index.html'));\n };\n\n strapi.server.routes([\n {\n method: 'GET',\n path: `${strapi.config.admin.path}/:path`,\n handler: [\n serveAdminMiddleware,\n serveStatic(buildDir, {\n maxage: 31536000,\n defer: false,\n index: 'index.html',\n setHeaders(res: any, path: any) {\n const ext = extname(path);\n // publicly cache static files to avoid unnecessary network & disk access\n if (ext !== '.html') {\n res.setHeader('cache-control', 'public, max-age=31536000, immutable');\n }\n },\n }),\n ],\n config: { auth: false },\n },\n ]);\n};\n\n// serveStatic is not supposed to be used to serve a folder that have sub-folders\nconst serveStatic = (filesDir: any, koaStaticOptions = {}) => {\n const serve = koaStatic(filesDir, koaStaticOptions);\n\n return async (ctx: Context, next: Next) => {\n const prev = ctx.path;\n const newPath = basename(ctx.path);\n\n ctx.path = newPath;\n await serve(ctx, async () => {\n ctx.path = prev;\n await next();\n ctx.path = newPath;\n });\n ctx.path = prev;\n };\n};\n\nexport default registerAdminPanelRoute;\n","const getService = (name) => {\n return strapi.service(`admin::${name}`);\n};\n\nexport { getService };\n","import type { Context } from 'koa';\nimport { getService } from '../utils';\n\n/* @type {import('.').AuthenticateFunction} /\nexport const authenticate = async (ctx: Context) => {\n const { authorization } = ctx.request.header;\n\n if (!authorization) {\n return { authenticated: false };\n }\n\n const parts = authorization.split(/\\s+/);\n\n if (parts[0].toLowerCase() !== 'bearer' \|\| parts.length !== 2) {\n return { authenticated: false };\n }\n\n const token = parts[1];\n const { payload, isValid } = getService('token').decodeJwtToken(token);\n\n if (!isValid) {\n return { authenticated: false };\n }\n\n const user = await strapi.db\n .query('admin::user')\n .findOne({ where: { id: payload.id }, populate: ['roles'] });\n\n if (!user \|\| !(user.isActive === true)) {\n return { authenticated: false };\n }\n\n const userAbility = await getService('permission').engine.generateUserAbility(user);\n\n // TODO: use the ability from ctx.state.auth instead of\n // ctx.state.userAbility, and remove the assign below\n ctx.state.userAbility = userAbility;\n ctx.state.user = user;\n\n return {\n authenticated: true,\n credentials: user,\n ability: userAbility,\n };\n};\n\nexport const name = 'admin';\n\n/* @type {import('.').AuthStrategy} /\nexport default {\n name,\n authenticate,\n};\n","const DAY_IN_MS = 24 60 * 60 * 1000;\n\nconst constants = {\n CONTENT_TYPE_SECTION: 'contentTypes',\n SUPER_ADMIN_CODE: 'strapi-super-admin',\n EDITOR_CODE: 'strapi-editor',\n AUTHOR_CODE: 'strapi-author',\n READ_ACTION: 'plugin::content-manager.explorer.read',\n CREATE_ACTION: 'plugin::content-manager.explorer.create',\n UPDATE_ACTION: 'plugin::content-manager.explorer.update',\n DELETE_ACTION: 'plugin::content-manager.explorer.delete',\n PUBLISH_ACTION: 'plugin::content-manager.explorer.publish',\n API_TOKEN_TYPE: {\n READ_ONLY: 'read-only',\n FULL_ACCESS: 'full-access',\n CUSTOM: 'custom',\n },\n // The front-end only displays these values\n API_TOKEN_LIFESPANS: {\n UNLIMITED: null,\n DAYS_7: 7 * DAY_IN_MS,\n DAYS_30: 30 * DAY_IN_MS,\n DAYS_90: 90 * DAY_IN_MS,\n },\n TRANSFER_TOKEN_TYPE: {\n PUSH: 'push',\n PULL: 'pull',\n },\n TRANSFER_TOKEN_LIFESPANS: {\n UNLIMITED: null,\n DAYS_7: 7 * DAY_IN_MS,\n DAYS_30: 30 * DAY_IN_MS,\n DAYS_90: 90 * DAY_IN_MS,\n },\n};\n\nexport default constants;\n","import type { Context } from 'koa';\nimport { castArray, isNil } from 'lodash/fp';\nimport { differenceInHours, parseISO } from 'date-fns';\nimport { errors } from '@strapi/utils';\nimport constants from '../services/constants';\nimport { getService } from '../utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError, ForbiddenError } = errors;\n\nconst isReadScope = (scope: any) => scope.endsWith('find') \|\| scope.endsWith('findOne');\n\nconst extractToken = (ctx: Context) => {\n if (ctx.request && ctx.request.header && ctx.request.header.authorization) {\n const parts = ctx.request.header.authorization.split(/\\s+/);\n\n if (parts[0].toLowerCase() !== 'bearer' \|\| parts.length !== 2) {\n return null;\n }\n\n return parts[1];\n }\n\n return null;\n};\n\n/*\n Authenticate the validity of the token\n /\nexport const authenticate = async (ctx: Context) => {\n const apiTokenService = getService('api-token');\n const token = extractToken(ctx);\n\n if (!token) {\n return { authenticated: false };\n }\n\n const apiToken = await apiTokenService.getBy({\n accessKey: apiTokenService.hash(token),\n });\n\n // token not found\n if (!apiToken) {\n return { authenticated: false };\n }\n\n const currentDate = new Date();\n\n if (!isNil(apiToken.expiresAt)) {\n const expirationDate = new Date(apiToken.expiresAt);\n // token has expired\n if (expirationDate < currentDate) {\n return { authenticated: false, error: new UnauthorizedError('Token expired') };\n }\n }\n\n // update lastUsedAt if the token has not been used in the last hour\n // @ts-expect-error - FIXME: verify lastUsedAt is defined\n const hoursSinceLastUsed = differenceInHours(currentDate, parseISO(apiToken.lastUsedAt));\n if (hoursSinceLastUsed >= 1) {\n await strapi.db.query('admin::api-token').update({\n where: { id: apiToken.id },\n data: { lastUsedAt: currentDate },\n });\n }\n\n if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n const ability = await strapi.contentAPI.permissions.engine.generateAbility(\n apiToken.permissions.map((action: any) => ({ action }))\n );\n\n return { authenticated: true, ability, credentials: apiToken };\n }\n\n return { authenticated: true, credentials: apiToken };\n};\n\n/\n Verify the token has the required abilities for the requested scope\n \n @type {import('.').VerifyFunction}\n /\nexport const verify = (auth: any, config: any) => {\n const { credentials: apiToken, ability } = auth;\n\n if (!apiToken) {\n throw new UnauthorizedError('Token not found');\n }\n\n const currentDate = new Date();\n\n if (!isNil(apiToken.expiresAt)) {\n const expirationDate = new Date(apiToken.expiresAt);\n // token has expired\n if (expirationDate < currentDate) {\n throw new UnauthorizedError('Token expired');\n }\n }\n\n // Full access\n if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) {\n return;\n }\n\n // Read only\n if (apiToken.type === constants.API_TOKEN_TYPE.READ_ONLY) {\n /\n If you don't have `full-access` you can only access `find` and `findOne`\n * scopes. If the route has no scope, then you can't get access to it.\n /\n const scopes = castArray(config.scope);\n\n if (config.scope && scopes.every(isReadScope)) {\n return;\n }\n }\n\n // Custom\n else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n if (!ability) {\n throw new ForbiddenError();\n }\n\n const scopes = castArray(config.scope);\n\n const isAllowed = scopes.every((scope) => ability.can(scope));\n\n if (isAllowed) {\n return;\n }\n }\n\n throw new ForbiddenError();\n};\n\nexport const name = 'api-token';\n\nexport default {\n name: 'api-token',\n authenticate,\n verify,\n};\n","import type { Core } from '@strapi/types';\nimport registerAdminPanelRoute from './routes/serve-admin-panel';\nimport adminAuthStrategy from './strategies/admin';\nimport apiTokenAuthStrategy from './strategies/api-token';\n\nexport default ({ strapi }: { strapi: Core.Strapi }) => {\n const passportMiddleware = strapi.service('admin::passport').init();\n\n strapi.server.api('admin').use(passportMiddleware);\n strapi.get('auth').register('admin', adminAuthStrategy);\n strapi.get('auth').register('content-api', apiTokenAuthStrategy);\n\n if (strapi.config.get('admin.serveAdminPanel')) {\n registerAdminPanelRoute({ strapi });\n }\n};\n","import type { Core } from '@strapi/types';\n\nimport executeCERegister from '../../../server/src/register';\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n await executeCERegister({ strapi });\n};\n","export const actions = [\n {\n uid: 'marketplace.read',\n displayName: 'Access the marketplace',\n pluginName: 'admin',\n section: 'settings',\n category: 'plugins and marketplace',\n subCategory: 'marketplace',\n },\n {\n uid: 'webhooks.create',\n displayName: 'Create',\n pluginName: 'admin',\n section: 'settings',\n category: 'webhooks',\n },\n {\n uid: 'webhooks.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'webhooks',\n },\n {\n uid: 'webhooks.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'webhooks',\n },\n {\n uid: 'webhooks.delete',\n displayName: 'Delete',\n pluginName: 'admin',\n section: 'settings',\n category: 'webhooks',\n },\n {\n uid: 'users.create',\n displayName: 'Create (invite)',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'users',\n },\n {\n uid: 'users.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'users',\n aliases: [\n {\n actionId: 'plugin::content-manager.explorer.read',\n subjects: ['admin::user'],\n },\n ],\n },\n {\n uid: 'users.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'users',\n },\n {\n uid: 'users.delete',\n displayName: 'Delete',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'users',\n },\n {\n uid: 'roles.create',\n displayName: 'Create',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'roles',\n },\n {\n uid: 'roles.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'roles',\n aliases: [\n {\n actionId: 'plugin::content-manager.explorer.read',\n subjects: ['admin::role'],\n },\n ],\n },\n {\n uid: 'roles.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'roles',\n },\n {\n uid: 'roles.delete',\n displayName: 'Delete',\n pluginName: 'admin',\n section: 'settings',\n category: 'users and roles',\n subCategory: 'roles',\n },\n {\n uid: 'api-tokens.access',\n displayName: 'Access the API tokens settings page',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'api Tokens',\n },\n {\n uid: 'api-tokens.create',\n displayName: 'Create (generate)',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'general',\n },\n {\n uid: 'api-tokens.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'general',\n },\n {\n uid: 'api-tokens.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'general',\n },\n {\n uid: 'api-tokens.regenerate',\n displayName: 'Regenerate',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'general',\n },\n {\n uid: 'api-tokens.delete',\n displayName: 'Delete (revoke)',\n pluginName: 'admin',\n section: 'settings',\n category: 'api tokens',\n subCategory: 'general',\n },\n {\n uid: 'project-settings.update',\n displayName: 'Update the project level settings',\n pluginName: 'admin',\n section: 'settings',\n category: 'project',\n },\n {\n uid: 'project-settings.read',\n displayName: 'Read the project level settings',\n pluginName: 'admin',\n section: 'settings',\n category: 'project',\n },\n {\n uid: 'transfer.tokens.access',\n displayName: 'Access the transfer tokens settings page',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'transfer tokens',\n },\n {\n uid: 'transfer.tokens.create',\n displayName: 'Create (generate)',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'general',\n },\n {\n uid: 'transfer.tokens.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'general',\n },\n {\n uid: 'transfer.tokens.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'general',\n },\n {\n uid: 'transfer.tokens.regenerate',\n displayName: 'Regenerate',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'general',\n },\n {\n uid: 'transfer.tokens.delete',\n displayName: 'Delete (revoke)',\n pluginName: 'admin',\n section: 'settings',\n category: 'transfer tokens',\n subCategory: 'general',\n },\n];\n\nexport default {\n actions,\n};\n","// TODO: TS User and role type\ntype User = any;\ntype Role = any;\n\nexport const conditions = [\n {\n displayName: 'Is creator',\n name: 'is-creator',\n plugin: 'admin',\n handler: (user: User) => ({ 'createdBy.id': user.id }),\n },\n {\n displayName: 'Has same role as creator',\n name: 'has-same-role-as-creator',\n plugin: 'admin',\n handler: (user: User) => ({\n 'createdBy.roles': {\n $elemMatch: {\n id: {\n $in: user.roles.map((r: Role) => r.id),\n },\n },\n },\n }),\n },\n];\n\nexport default {\n conditions,\n};\n","import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n};\n","import type { Core } from '@strapi/types';\n\nexport const getService = (\n name: string,\n { strapi }: { strapi: Core.Strapi } = { strapi: global.strapi }\n) => {\n return strapi.service(`admin::${name}`);\n};\n\nexport default {\n getService,\n};\n","export default {\n sso: [\n {\n uid: 'provider-login.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'single sign on',\n subCategory: 'options',\n },\n {\n uid: 'provider-login.update',\n displayName: 'Update',\n pluginName: 'admin',\n section: 'settings',\n category: 'single sign on',\n subCategory: 'options',\n },\n ],\n auditLogs: [\n {\n uid: 'audit-logs.read',\n displayName: 'Read',\n pluginName: 'admin',\n section: 'settings',\n category: 'audit logs',\n subCategory: 'options',\n },\n ],\n};\n","import type { Core } from '@strapi/types';\nimport { differenceWith, isEqual } from 'lodash/fp';\n\ninterface PersistedTable {\n name: string;\n dependsOn?: Array<{ name: string }>;\n}\n\n/\n Transform table name to the object format\n /\nconst transformTableName = (table: string \| PersistedTable) => {\n if (typeof table === 'string') {\n return { name: table };\n }\n return table;\n};\n\n/\n Finds all tables in the database matching the regular expression\n * @param {Object} ctx\n * @param {Strapi} ctx.strapi\n * @param {RegExp} regex\n * @returns {Promise<string[]>}\n /\nexport async function findTables({ strapi }: { strapi: Core.Strapi }, regex: any) {\n // @ts-expect-error - getTables is not typed into the schema inspector\n const tables = await strapi.db.dialect.schemaInspector.getTables();\n return tables.filter((tableName: string) => regex.test(tableName));\n}\n\n/\n Add tables name to the reserved tables in core store\n /\nasync function addPersistTables(\n { strapi }: { strapi: Core.Strapi },\n tableNames: Array<string \| PersistedTable>\n) {\n const persistedTables = await getPersistedTables({ strapi });\n const tables = tableNames.map(transformTableName);\n\n // Get new tables to be persisted, remove tables if they already were persisted\n const notPersistedTableNames = differenceWith(isEqual, tables, persistedTables);\n // Remove tables that are going to be changed\n const tablesToPersist = differenceWith(\n (t1: any, t2: any) => t1.name === t2.name,\n persistedTables,\n notPersistedTableNames\n );\n\n if (!notPersistedTableNames.length) {\n return;\n }\n\n // @ts-expect-error lodash types\n tablesToPersist.push(...notPersistedTableNames);\n await strapi.store.set({\n type: 'core',\n key: 'persisted_tables',\n value: tablesToPersist,\n });\n}\n\n/\n Get all reserved table names from the core store\n * @param {Object} ctx\n * @param {Strapi} ctx.strapi\n * @param {RegExp} regex\n * @returns {Promise<string[]>}\n /\n\nasync function getPersistedTables({ strapi }: { strapi: Core.Strapi }) {\n const persistedTables: any = await strapi.store.get({\n type: 'core',\n key: 'persisted_tables',\n });\n\n return (persistedTables \|\| []).map(transformTableName);\n}\n\n/\n Set all reserved table names in the core store\n * @param {Object} ctx\n * @param {Strapi} ctx.strapi\n * @param {Array<string\|{ table: string; dependsOn?: Array<{ table: string;}> }>} tableNames\n * @returns {Promise<void>}\n /\nasync function setPersistedTables(\n { strapi }: { strapi: Core.Strapi },\n tableNames: Array<string \| PersistedTable>\n) {\n await strapi.store.set({\n type: 'core',\n key: 'persisted_tables',\n value: tableNames,\n });\n}\n/\n Add all table names that start with a prefix to the reserved tables in\n * core store\n * @param {string} tableNamePrefix\n * @return {Promise<void>}\n /\n\nexport const persistTablesWithPrefix = async (tableNamePrefix: string) => {\n const tableNameRegex = new RegExp(`^${tableNamePrefix}.`);\n const tableNames = await findTables({ strapi }, tableNameRegex);\n\n await addPersistTables({ strapi }, tableNames);\n};\n\n/*\n Remove all table names that end with a suffix from the reserved tables in core store\n * @param {string} tableNameSuffix\n * @return {Promise<void>}\n /\nexport const removePersistedTablesWithSuffix = async (tableNameSuffix: string) => {\n const tableNameRegex = new RegExp(`.${tableNameSuffix}$`);\n const persistedTables = await getPersistedTables({ strapi });\n\n const filteredPersistedTables = persistedTables.filter((table: any) => {\n return !tableNameRegex.test(table.name);\n });\n\n if (filteredPersistedTables.length === persistedTables.length) {\n return;\n }\n\n await setPersistedTables({ strapi }, filteredPersistedTables);\n};\n\n/*\n Add tables to the reserved tables in core store\n /\nexport const persistTables = async (tables: Array<string \| PersistedTable>) => {\n await addPersistTables({ strapi }, tables);\n};\n\nexport default {\n persistTablesWithPrefix,\n removePersistedTablesWithSuffix,\n persistTables,\n findTables,\n};\n","import executeCEBootstrap from '../../../server/src/bootstrap';\nimport { getService } from '../../server/src/utils';\nimport actions from './config/admin-actions';\nimport { persistTablesWithPrefix } from './utils/persisted-tables';\n\nexport default async (args: any) => {\n const { actionProvider } = getService('permission');\n if (strapi.ee.features.isEnabled('sso')) {\n await actionProvider.registerMany(actions.sso);\n }\n\n if (strapi.ee.features.isEnabled('audit-logs')) {\n await persistTablesWithPrefix('strapi_audit_logs');\n await actionProvider.registerMany(actions.auditLogs);\n }\n\n await getService('seat-enforcement').seatEnforcementWorkflow();\n await executeCEBootstrap(args);\n};\n","import { getService } from './utils';\n\nexport default async () => {\n const { conditionProvider, actionProvider } = getService('permission');\n\n await conditionProvider.clear();\n await actionProvider.clear();\n};\n","import type { Core } from '@strapi/types';\nimport executeCEDestroy from '../../../server/src/destroy';\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n await executeCEDestroy();\n};\n","export default {};\n","import { isEmpty } from 'lodash/fp';\n\nexport const isSsoLocked = async (user: any) => {\n if (!strapi.ee.features.isEnabled('sso')) {\n return false;\n }\n\n if (!user) {\n throw new Error('Missing user object');\n }\n\n // check if any roles are locked\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n const lockedRoles = providers.ssoLockedRoles ?? [];\n if (isEmpty(lockedRoles)) {\n return false;\n }\n\n const roles =\n // If the roles are pre-loaded for the given user, then use them\n user.roles ??\n // Otherwise, try to load the role based on the given user ID\n (await strapi.db.query('admin::user').load(user, 'roles', { roles: { fields: ['id'] } })) ??\n // If the query fails somehow, default to an empty array\n [];\n\n // Check if any of the user's roles are in lockedRoles\n const isLocked = lockedRoles.some((lockedId: string) =>\n // lockedRoles will be a string to avoid issues with frontend and bigints\n roles.some((role: any) => lockedId === role.id.toString())\n );\n\n return isLocked;\n};\n\nexport default {\n isSsoLocked,\n};\n","import _ from 'lodash';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport { isSsoLocked } from '../utils/sso-lock';\n\nconst { ApplicationError } = errors;\n/\n Send an email to the user if it exists and is not locked to SSO\n * If those conditions are not met, nothing happens\n \n @param {Object} param params\n * @param {string} param.email user email for which to reset the password\n /\nconst forgotPassword = async ({ email }: any = {}) => {\n const user = await strapi.db.query('admin::user').findOne({ where: { email, isActive: true } });\n\n if (!user \|\| (await isSsoLocked(user))) {\n return;\n }\n\n const resetPasswordToken = getService('token').createToken();\n await getService('user').updateById(user.id, { resetPasswordToken });\n\n // Send an email to the admin.\n const url = `${strapi.config.get(\n 'admin.absoluteUrl'\n )}/auth/reset-password?code=${resetPasswordToken}`;\n return strapi\n .plugin('email')\n .service('email')\n .sendTemplatedEmail(\n {\n to: user.email,\n from: strapi.config.get('admin.forgotPassword.from'),\n replyTo: strapi.config.get('admin.forgotPassword.replyTo'),\n },\n strapi.config.get('admin.forgotPassword.emailTemplate'),\n {\n url,\n user: _.pick(user, ['email', 'firstname', 'lastname', 'username']),\n }\n )\n .catch((err: unknown) => {\n // log error server side but do not disclose it to the user to avoid leaking informations\n strapi.log.error(err);\n });\n};\n\n/\n Reset a user password\n * @param {Object} param params\n * @param {string} param.resetPasswordToken token generated to request a password reset\n * @param {string} param.password new user password\n /\nconst resetPassword = async ({ resetPasswordToken, password }: any = {}) => {\n const matchingUser = await strapi.db\n .query('admin::user')\n .findOne({ where: { resetPasswordToken, isActive: true } });\n\n if (!matchingUser \|\| (await isSsoLocked(matchingUser))) {\n throw new ApplicationError();\n }\n\n return getService('user').updateById(matchingUser.id, {\n password,\n resetPasswordToken: null,\n });\n};\n\nexport default {\n forgotPassword,\n resetPassword,\n};\n","import { toLower } from 'lodash/fp';\nimport { Strategy as LocalStrategy } from 'passport-local';\nimport type { Core } from '@strapi/types';\nimport { getService } from '../../utils';\n\nconst createLocalStrategy = (strapi: Core.Strapi, middleware?: any) => {\n return new LocalStrategy(\n {\n usernameField: 'email',\n passwordField: 'password',\n session: false,\n },\n (email: string, password: string, done: any) => {\n return getService('auth')\n .checkCredentials({ email: toLower(email), password })\n .then(async ([error, user, message]) => {\n if (middleware) {\n return middleware([error, user, message], done);\n }\n\n return done(error, user, message);\n })\n .catch((error) => done(error));\n }\n );\n};\n\nexport default createLocalStrategy;\n","import passport from 'koa-passport';\nimport type { Strategy } from 'passport-local';\nimport { isFunction } from 'lodash/fp';\n\nimport createLocalStrategy from './passport/local-strategy';\n\nconst authEventsMapper = {\n onConnectionSuccess: 'admin.auth.success',\n onConnectionError: 'admin.auth.error',\n};\n\nconst valueIsFunctionType = ([, value]: [any, any]) => isFunction(value);\nconst keyIsValidEventName = ([key]: any) => {\n return Object.keys(strapi.service('admin::passport').authEventsMapper).includes(key);\n};\n\nconst getPassportStrategies = () => [createLocalStrategy(strapi)] as Strategy[];\n\nconst registerAuthEvents = () => {\n // @ts-expect-error - TODO: migrate auth service to TS\n const { events = {} } = strapi.config.get('admin.auth', {});\n const { authEventsMapper } = strapi.service('admin::passport');\n\n const eventList = Object.entries(events).filter(keyIsValidEventName).filter(valueIsFunctionType);\n\n for (const [eventName, handler] of eventList) {\n // TODO - TS: ensure the handler is an EventHub.Listener\n strapi.eventHub.on(authEventsMapper[eventName], handler as any);\n }\n};\n\nconst init = () => {\n strapi\n .service('admin::passport')\n .getPassportStrategies()\n .forEach((strategy: Strategy) => passport.use(strategy));\n\n registerAuthEvents();\n\n return passport.initialize();\n};\n\nexport default { init, getPassportStrategies, authEventsMapper };\n","import '@strapi/types';\n\nexport default () => {\n const registry = new Map();\n\n Object.assign(registry, {\n register(provider: unknown) {\n if (strapi.isLoaded) {\n throw new Error(`You can't register new provider after the bootstrap`);\n }\n\n // TODO\n // @ts-expect-error check map types\n this.set(provider.uid, provider);\n },\n\n registerMany(providers: unknown[]) {\n providers.forEach((provider) => {\n this.register(provider);\n });\n },\n\n getAll(): unknown[] {\n // TODO\n // @ts-expect-error check map types\n return Array.from(this.values());\n },\n });\n\n return registry;\n};\n","import '@strapi/types';\nimport passport from '../../../../../server/src/services/passport';\nimport createProviderRegistry from './provider-registry';\n\nexport const providerRegistry = createProviderRegistry();\nconst errorMessage = 'SSO is disabled. Its functionnalities cannot be accessed.';\n\nexport const getStrategyCallbackURL = (providerName: string) => {\n if (!strapi.ee.features.isEnabled('sso')) {\n throw new Error(errorMessage);\n }\n\n return `/admin/connect/${providerName}`;\n};\n\nexport const syncProviderRegistryWithConfig = () => {\n if (!strapi.ee.features.isEnabled('sso')) {\n throw new Error(errorMessage);\n }\n\n const { providers = [] } = strapi.config.get('admin.auth', {}) as any;\n\n // TODO\n // @ts-expect-error check map types\n providerRegistry.registerMany(providers);\n};\n\nexport const SSOAuthEventsMapper = {\n onSSOAutoRegistration: 'admin.auth.autoRegistration',\n};\n\nexport default {\n providerRegistry,\n getStrategyCallbackURL,\n syncProviderRegistryWithConfig,\n authEventsMapper: { ...passport.authEventsMapper, ...SSOAuthEventsMapper },\n};\n","import { errors } from '@strapi/utils';\nimport createLocalStrategy from '../../../../server/src/services/passport/local-strategy';\nimport sso from './passport/sso';\nimport { isSsoLocked } from '../utils/sso-lock';\n\nconst { UnauthorizedError } = errors;\n\nconst localStrategyMiddleware = async ([error, user, message]: any, done: any) => {\n // if we got a user, we need to check that it's not sso locked\n if (user && !error && (await isSsoLocked(user))) {\n return done(\n new UnauthorizedError('Login not allowed, please contact your administrator', {\n code: 'LOGIN_NOT_ALLOWED',\n }),\n user,\n message\n );\n }\n\n return done(error, user, message);\n};\n\nconst getPassportStrategies = () => {\n if (!strapi.ee.features.isEnabled('sso')) {\n return [createLocalStrategy(strapi)];\n }\n\n const localStrategy = createLocalStrategy(strapi, localStrategyMiddleware);\n\n if (!strapi.isLoaded) {\n sso.syncProviderRegistryWithConfig();\n }\n\n // TODO\n // @ts-expect-error check map types\n const providers = sso.providerRegistry.getAll();\n const strategies = providers.map((provider: any) => provider.createStrategy(strapi));\n\n return [localStrategy, ...strategies];\n};\n\nexport default {\n getPassportStrategies,\n ...sso,\n};\n","import { toString } from 'lodash/fp';\nimport { errors } from '@strapi/utils';\n\nconst { ApplicationError } = errors;\n\nconst ssoCheckRolesIdForDeletion = async (ids: any) => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n\n const {\n providers: { defaultRole },\n } = (await adminStore.get({ key: 'auth' })) as any;\n\n for (const roleId of ids) {\n if (defaultRole && toString(defaultRole) === toString(roleId)) {\n throw new ApplicationError(\n 'This role is used as the default SSO role. Make sure to change this configuration before deleting the role'\n );\n }\n }\n};\n\nexport default {\n ssoCheckRolesIdForDeletion,\n};\n","import constants from '../services/constants';\n\nimport type {\n AdminUser,\n AdminRole,\n AdminUserCreationPayload,\n} from '../../../shared/contracts/shared';\n\nconst { SUPER_ADMIN_CODE } = constants;\n\n/\n Create a new user model by merging default and specified attributes\n * @param attributes A partial user object\n /\nexport function createUser(attributes: Partial<AdminUserCreationPayload>) {\n return {\n roles: [],\n isActive: false,\n username: null,\n ...attributes,\n };\n}\n\nexport const hasSuperAdminRole = (user: AdminUser) => {\n return user.roles.filter((role: AdminRole) => role.code === SUPER_ADMIN_CODE).length > 0;\n};\n\nexport const ADMIN_USER_ALLOWED_FIELDS = ['id', 'firstname', 'lastname', 'username'];\n\nexport default {\n createUser,\n hasSuperAdminRole,\n ADMIN_USER_ALLOWED_FIELDS,\n};\n","import _ from 'lodash';\nimport { pipe, map, castArray, toNumber } from 'lodash/fp';\nimport { arrays, errors } from '@strapi/utils';\nimport { hasSuperAdminRole } from '../../../../server/src/domain/user';\nimport constants from '../../../../server/src/services/constants';\nimport { getService } from '../utils';\n\nconst { ValidationError } = errors;\nconst { SUPER_ADMIN_CODE } = constants;\n\n/* Checks if ee disabled users list needs to be updated\n * @param {string} id\n * @param {object} input\n /\nconst updateEEDisabledUsersList = async (id: string, input: any) => {\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const user = disabledUsers.find((user: any) => user.id === Number(id));\n if (!user) {\n return;\n }\n\n if (user.isActive !== input.isActive) {\n const newDisabledUsersList = disabledUsers.filter((user: any) => user.id !== Number(id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n }\n};\n\nconst castNumberArray = pipe(castArray, map(toNumber));\n\nconst removeFromEEDisabledUsersList = async (ids: unknown) => {\n let idsToCheck: any;\n if (typeof ids === 'object') {\n idsToCheck = castNumberArray(ids);\n } else {\n idsToCheck = [Number(ids)];\n }\n\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const newDisabledUsersList = disabledUsers.filter((user: any) => !idsToCheck.includes(user.id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n};\n\n/\n Update a user in database\n * @param id query params to find the user to update\n * @param attributes A partial user object\n * @returns {Promise<user>}\n /\nconst updateById = async (id: any, attributes: any) => {\n // Check at least one super admin remains\n if (_.has(attributes, 'roles')) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const willRemoveSuperAdminRole = !arrays.includesString(attributes.roles, superAdminRole.id);\n\n if (lastAdminUser && willRemoveSuperAdminRole) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // cannot disable last super admin\n if (attributes.isActive === false) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n if (lastAdminUser) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // hash password if a new one is sent\n if (_.has(attributes, 'password')) {\n const hashedPassword = await getService('auth').hashPassword(attributes.password);\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: {\n ...attributes,\n password: hashedPassword,\n },\n populate: ['roles'],\n });\n\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n\n return updatedUser;\n }\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: attributes,\n populate: ['roles'],\n });\n\n await updateEEDisabledUsersList(id, attributes);\n\n if (updatedUser) {\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n }\n\n return updatedUser;\n};\n\n/* Delete a user\n * @param id id of the user to delete\n * @returns {Promise<user>}\n /\nconst deleteById = async (id: unknown) => {\n // Check at least one super admin remains\n const userToDelete = await strapi.db.query('admin::user').findOne({\n where: { id },\n populate: ['roles'],\n });\n\n if (!userToDelete) {\n return null;\n }\n\n if (userToDelete) {\n if (userToDelete.roles.some((r: any) => r.code === SUPER_ADMIN_CODE)) {\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n if (superAdminRole.usersCount === 1) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n }\n\n const deletedUser = await strapi.db\n .query('admin::user')\n .delete({ where: { id }, populate: ['roles'] });\n\n await removeFromEEDisabledUsersList(id);\n\n strapi.eventHub.emit('user.delete', { user: sanitizeUser(deletedUser) });\n\n return deletedUser;\n};\n\n/* Delete a user\n * @param ids ids of the users to delete\n * @returns {Promise<user>}\n /\nconst deleteByIds = async (ids: any) => {\n // Check at least one super admin remains\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const nbOfSuperAdminToDelete = await strapi.db.query('admin::user').count({\n where: {\n id: ids,\n roles: { id: superAdminRole.id },\n },\n });\n\n if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n\n const deletedUsers = [];\n for (const id of ids) {\n const deletedUser = await strapi.db.query('admin::user').delete({\n where: { id },\n populate: ['roles'],\n });\n\n deletedUsers.push(deletedUser);\n }\n\n await removeFromEEDisabledUsersList(ids);\n\n strapi.eventHub.emit('user.delete', {\n users: deletedUsers.map((deletedUser) => sanitizeUser(deletedUser)),\n });\n\n return deletedUsers;\n};\n\nconst sanitizeUserRoles = (role: unknown) => _.pick(role, ['id', 'name', 'description', 'code']);\n\n/\n Check if a user is the last super admin\n * @param {int\|string} userId user's id to look for\n /\nconst isLastSuperAdminUser = async (userId: unknown) => {\n const user = (await findOne(userId)) as any;\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n\n return superAdminRole.usersCount === 1 && hasSuperAdminRole(user);\n};\n\n/\n Remove private user fields\n * @param {Object} user - user to sanitize\n /\nconst sanitizeUser = (user: any) => {\n return {\n ..._.omit(user, ['password', 'resetPasswordToken', 'registrationToken', 'roles']),\n roles: user.roles && user.roles.map(sanitizeUserRoles),\n };\n};\n\n/\n Find one user\n /\nconst findOne = async (id: any, populate = ['roles']) => {\n return strapi.db.query('admin::user').findOne({ where: { id }, populate });\n};\n\nconst getCurrentActiveUserCount = async () => {\n return strapi.db.query('admin::user').count({ where: { isActive: true } });\n};\n\nexport default {\n updateEEDisabledUsersList,\n removeFromEEDisabledUsersList,\n getCurrentActiveUserCount,\n deleteByIds,\n deleteById,\n updateById,\n};\n","import { assign } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { getService } from '../utils';\n\nconst getSSOProvidersList = async () => {\n const { providerRegistry } = strapi.service('admin::passport');\n\n return providerRegistry.getAll().map(({ uid }: { uid: string }) => uid);\n};\n\nconst sendUpdateProjectInformation = async (strapi: Core.Strapi) => {\n let groupProperties = {};\n\n const numberOfActiveAdminUsers = await getService('user').count({ isActive: true });\n const numberOfAdminUsers = await getService('user').count();\n\n if (strapi.ee.features.isEnabled('sso')) {\n const SSOProviders = await getSSOProvidersList();\n\n groupProperties = assign(groupProperties, {\n SSOProviders,\n isSSOConfigured: SSOProviders.length !== 0,\n });\n }\n\n if (strapi.ee.features.isEnabled('cms-content-releases')) {\n const numberOfContentReleases = await strapi\n .db!.query('plugin::content-releases.release')\n .count();\n\n const numberOfPublishedContentReleases = await strapi\n .db!.query('plugin::content-releases.release')\n .count({\n filters: { releasedAt: { $notNull: true } },\n });\n\n groupProperties = assign(groupProperties, {\n numberOfContentReleases,\n numberOfPublishedContentReleases,\n });\n }\n\n groupProperties = assign(groupProperties, { numberOfActiveAdminUsers, numberOfAdminUsers });\n\n strapi.telemetry.send('didUpdateProjectInformation', {\n groupProperties,\n });\n};\n\nconst startCron = (strapi: Core.Strapi) => {\n strapi.cron.add({\n '0 0 0 * ': () => sendUpdateProjectInformation(strapi),\n });\n};\n\nexport default { startCron, getSSOProvidersList, sendUpdateProjectInformation };\n","import { take, drop, map, prop, pick, reverse, isNil } from 'lodash/fp';\nimport { getService } from '../utils';\nimport constants from '../../../../server/src/services/constants';\n\nconst { SUPER_ADMIN_CODE } = constants;\n\n/\n Keeps the list of users disabled by the seat enforcement service\n /\nconst getDisabledUserList = async () => {\n return strapi.store.get({ type: 'ee', key: 'disabled_users' });\n};\n\nconst enableMaximumUserCount = async (numberOfUsersToEnable: number) => {\n const disabledUsers = (await getDisabledUserList()) as any;\n const orderedDisabledUsers = reverse(disabledUsers);\n\n const usersToEnable = take(numberOfUsersToEnable, orderedDisabledUsers);\n\n await strapi.db.query('admin::user').updateMany({\n where: { id: map(prop('id'), usersToEnable) },\n data: { isActive: true },\n });\n\n const remainingDisabledUsers = drop(numberOfUsersToEnable, orderedDisabledUsers);\n\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: remainingDisabledUsers,\n });\n};\n\nconst disableUsersAboveLicenseLimit = async (numberOfUsersToDisable: number) => {\n const currentlyDisabledUsers: any = (await getDisabledUserList()) ?? [];\n\n const usersToDisable = [];\n const nonSuperAdminUsersToDisable = await strapi.db.query('admin::user').findMany({\n where: {\n isActive: true,\n roles: {\n code: { $ne: SUPER_ADMIN_CODE },\n },\n },\n orderBy: { createdAt: 'DESC' },\n limit: numberOfUsersToDisable,\n });\n\n usersToDisable.push(...nonSuperAdminUsersToDisable);\n\n if (nonSuperAdminUsersToDisable.length < numberOfUsersToDisable) {\n const superAdminUsersToDisable = await strapi.db.query('admin::user').findMany({\n where: {\n isActive: true,\n roles: { code: SUPER_ADMIN_CODE },\n },\n orderBy: { createdAt: 'DESC' },\n limit: numberOfUsersToDisable - nonSuperAdminUsersToDisable.length,\n });\n\n usersToDisable.push(...superAdminUsersToDisable);\n }\n\n await strapi.db.query('admin::user').updateMany({\n where: { id: map(prop('id'), usersToDisable) },\n data: { isActive: false },\n });\n\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: currentlyDisabledUsers.concat(map(pick(['id', 'isActive']), usersToDisable)),\n });\n};\n\nconst syncDisabledUserRecords = async () => {\n const disabledUsers = await strapi.store.get({ type: 'ee', key: 'disabled_users' });\n\n if (!disabledUsers) {\n return;\n }\n\n await strapi.db.query('admin::user').updateMany({\n where: { id: map(prop('id'), disabledUsers) },\n data: { isActive: false },\n });\n};\n\nconst seatEnforcementWorkflow = async () => {\n const adminSeats = strapi.ee.seats;\n if (isNil(adminSeats)) {\n return;\n }\n\n // TODO: we need to make sure an admin can decide to disable specific user and reactivate others\n await syncDisabledUserRecords();\n\n const currentActiveUserCount = await getService('user').getCurrentActiveUserCount();\n\n const adminSeatsLeft = adminSeats - currentActiveUserCount;\n\n if (adminSeatsLeft > 0) {\n await enableMaximumUserCount(adminSeatsLeft);\n } else if (adminSeatsLeft < 0) {\n await disableUsersAboveLicenseLimit(-adminSeatsLeft);\n }\n};\n\nexport default {\n seatEnforcementWorkflow,\n getDisabledUserList,\n};\n","import auth from './auth';\nimport passport from './passport';\nimport role from './role';\nimport user from './user';\nimport metrics from './metrics';\nimport seatEnforcement from './seat-enforcement';\n\nexport default {\n auth,\n passport,\n role,\n user,\n metrics,\n 'seat-enforcement': seatEnforcement,\n};\n","import { yup, validateYupSchema } from '@strapi/utils';\n\nconst providerOptionsUpdateSchema = yup.object().shape({\n autoRegister: yup.boolean().required(),\n defaultRole: yup\n .strapiID()\n .when('autoRegister', (value, initSchema) => {\n return value ? initSchema.required() : initSchema.nullable();\n })\n .test('is-valid-role', 'You must submit a valid default role', (roleId) => {\n if (roleId === null) {\n return true;\n }\n return strapi.service('admin::role').exists({ id: roleId });\n }),\n ssoLockedRoles: yup\n .array()\n .nullable()\n .of(\n yup\n .strapiID()\n .test(\n 'is-valid-role',\n 'You must submit a valid role for the SSO Locked roles',\n (roleId) => {\n return strapi.service('admin::role').exists({ id: roleId });\n }\n )\n ),\n});\n\nexport const validateProviderOptionsUpdate = validateYupSchema(providerOptionsUpdateSchema);\n\nexport default {\n validateProviderOptionsUpdate,\n};\n","export const PROVIDER_REDIRECT_BASE = '/auth/login';\nexport const PROVIDER_REDIRECT_SUCCESS = `${PROVIDER_REDIRECT_BASE}/success`;\nexport const PROVIDER_REDIRECT_ERROR = `${PROVIDER_REDIRECT_BASE}/error`;\n\nexport default {\n PROVIDER_REDIRECT_BASE,\n PROVIDER_REDIRECT_SUCCESS,\n PROVIDER_REDIRECT_ERROR,\n};\n","import { mapValues } from 'lodash/fp';\nimport { PROVIDER_REDIRECT_ERROR, PROVIDER_REDIRECT_SUCCESS } from './constants';\n\nconst PROVIDER_URLS_MAP = {\n success: PROVIDER_REDIRECT_SUCCESS,\n error: PROVIDER_REDIRECT_ERROR,\n};\n\nexport const getAdminStore = async () => strapi.store({ type: 'core', name: 'admin' });\n\nexport const getPrefixedRedirectUrls = () => {\n const { url: adminUrl } = strapi.config.get('admin') as any;\n const prefixUrl = (url: string) => `${adminUrl \|\| '/admin'}${url}`;\n\n return mapValues(prefixUrl, PROVIDER_URLS_MAP);\n};\n\nexport default {\n getAdminStore,\n getPrefixedRedirectUrls,\n};\n","import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error \|\| !profile \|\| !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error \|\| defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user \|\| profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname \|\| !lastname);\n\n if (!providers.autoRegister \|\| !providers.defaultRole \|\| isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const domain: string \| undefined = strapi.config.get('admin.auth.domain');\n const { user } = ctx.state;\n\n const jwt = getService('token').createJwtToken(user);\n\n const isProduction = strapi.config.get('environment') === 'production';\n\n const cookiesOptions = { httpOnly: false, secure: isProduction, overwrite: true, domain };\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.cookies.set('jwtToken', jwt, cookiesOptions);\n ctx.redirect(redirectUrls.success);\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n","import type { Context, Next } from 'koa';\n\nimport { pick } from 'lodash/fp';\nimport compose from 'koa-compose';\nimport { errors } from '@strapi/utils';\nimport { validateProviderOptionsUpdate } from '../validation/authentication';\nimport { middlewares, utils } from './authentication-utils';\n\nconst toProviderDTO = pick(['uid', 'displayName', 'icon']);\nconst toProviderLoginOptionsDTO = pick(['autoRegister', 'defaultRole', 'ssoLockedRoles']);\n\nconst { ValidationError } = errors;\n\nconst providerAuthenticationFlow = compose([\n middlewares.authenticate,\n middlewares.redirectWithAuth,\n]);\n\nexport default {\n async getProviders(ctx: Context) {\n const { providerRegistry } = strapi.service('admin::passport');\n\n ctx.body = providerRegistry.getAll().map(toProviderDTO);\n },\n\n async getProviderLoginOptions(ctx: Context) {\n const adminStore = await utils.getAdminStore();\n const { providers: providersOptions } = (await adminStore.get({ key: 'auth' })) as any;\n\n ctx.body = {\n data: toProviderLoginOptionsDTO(providersOptions),\n };\n },\n\n async updateProviderLoginOptions(ctx: Context) {\n const {\n request: { body },\n } = ctx;\n\n await validateProviderOptionsUpdate(body);\n\n const adminStore = await utils.getAdminStore();\n const currentAuthOptions = (await adminStore.get({ key: 'auth' })) as any;\n const newAuthOptions = { ...currentAuthOptions, providers: body };\n await adminStore.set({ key: 'auth', value: newAuthOptions });\n\n strapi.telemetry.send('didUpdateSSOSettings');\n\n ctx.body = {\n data: toProviderLoginOptionsDTO(newAuthOptions.providers),\n };\n },\n\n providerLogin(ctx: Context, next: Next) {\n const {\n params: { provider: providerName },\n } = ctx;\n\n const { providerRegistry } = strapi.service('admin::passport');\n\n if (!providerRegistry.has(providerName)) {\n throw new ValidationError(`Invalid provider supplied: ${providerName}`);\n }\n\n return providerAuthenticationFlow(ctx, next);\n },\n};\n","import { yup, validateYupSchema } from '@strapi/utils';\n\nconst roleCreateSchema = yup\n .object()\n .shape({\n name: yup.string().min(1).required(),\n description: yup.string().nullable(),\n })\n .noUnknown();\n\nconst rolesDeleteSchema = yup\n .object()\n .shape({\n ids: yup\n .array()\n .of(yup.strapiID())\n .min(1)\n .required()\n .test(\n 'roles-deletion-checks',\n 'Roles deletion checks have failed',\n async function rolesDeletionChecks(ids) {\n try {\n await strapi.service('admin::role').checkRolesIdForDeletion(ids);\n\n if (strapi.ee.features.isEnabled('sso')) {\n await strapi.service('admin::role').ssoCheckRolesIdForDeletion(ids);\n }\n } catch (e: any) {\n return this.createError({ path: 'ids', message: e.message });\n }\n\n return true;\n }\n ),\n })\n .noUnknown();\n\nconst roleDeleteSchema = yup\n .strapiID()\n .required()\n .test(\n 'no-admin-single-delete',\n 'Role deletion checks have failed',\n async function noAdminSingleDelete(id) {\n try {\n await strapi.service('admin::role').checkRolesIdForDeletion([id]);\n\n if (strapi.ee.features.isEnabled('sso')) {\n await strapi.service('admin::role').ssoCheckRolesIdForDeletion([id]);\n }\n } catch (e: any) {\n return this.createError({ path: 'id', message: e.message });\n }\n\n return true;\n }\n );\n\nexport const validateRoleCreateInput = validateYupSchema(roleCreateSchema);\nexport const validateRolesDeleteInput = validateYupSchema(rolesDeleteSchema);\nexport const validateRoleDeleteInput = validateYupSchema(roleDeleteSchema);\n\nexport default {\n validateRoleCreateInput,\n validateRolesDeleteInput,\n validateRoleDeleteInput,\n};\n","import type { Context } from 'koa';\n\nimport {\n validateRoleCreateInput,\n validateRoleDeleteInput,\n validateRolesDeleteInput,\n} from '../validation/role';\nimport { getService } from '../utils';\n\nexport default {\n /\n Create a new role\n * @param {KoaContext} ctx - koa context\n /\n async create(ctx: Context) {\n await validateRoleCreateInput(ctx.request.body);\n\n const roleService = getService('role');\n\n const role = await roleService.create(ctx.request.body);\n const sanitizedRole = roleService.sanitizeRole(role);\n\n ctx.created({ data: sanitizedRole });\n },\n\n /\n Delete a role\n * @param {KoaContext} ctx - koa context\n /\n async deleteOne(ctx: Context) {\n const { id } = ctx.params;\n\n await validateRoleDeleteInput(id);\n\n const roleService = getService('role');\n\n const roles = await roleService.deleteByIds([id]);\n\n const sanitizedRole = roles.map((role: unknown) => roleService.sanitizeRole(role))[0] \|\| null;\n\n return ctx.deleted({\n data: sanitizedRole,\n });\n },\n\n /\n delete several roles\n * @param {KoaContext} ctx - koa context\n /\n async deleteMany(ctx: Context) {\n const { body } = ctx.request;\n\n await validateRolesDeleteInput(body);\n\n const roleService = getService('role');\n\n const roles = await roleService.deleteByIds(body.ids);\n const sanitizedRoles = roles.map(roleService.sanitizeRole);\n\n return ctx.deleted({\n data: sanitizedRoles,\n });\n },\n};\n","import type { Utils } from '@strapi/types';\n\nimport { curry, pipe, merge, set, pick, omit, includes, isArray, prop } from 'lodash/fp';\n\nexport interface ActionAlias {\n /\n The action ID to alias\n /\n actionId: string;\n\n /\n An optional array of subject to restrict the alias usage\n /\n subjects?: string[];\n}\n\nexport type Action = {\n /\n The unique identifier of the action\n /\n actionId: string;\n\n /\n The section linked to the action - These can be 'contentTypes' \| 'plugins' \| 'settings' \| 'internal'\n /\n section: string;\n\n /\n The human readable name of an action\n /\n displayName: string;\n\n /\n The main category of an action\n /\n category: string;\n\n /\n The secondary category of an action (only for settings and plugins section)\n /\n subCategory?: string;\n\n /\n The plugin that provides the action\n /\n pluginName?: string;\n\n /\n A list of subjects on which the action can be applied\n /\n subjects?: string[];\n\n /\n The options of an action\n /\n options: {\n /\n The list of properties that can be associated with an action\n /\n applyToProperties: string[] \| null;\n };\n\n /\n An optional array of @see {@link ActionAlias}.\n \n It represents the possible aliases for the current action.\n \n Aliases are unidirectional.\n \n Note: This is an internal property and probably shouldn't be used outside Strapi core features.\n * Its behavior might change at any time without notice.\n \n @internal\n /\n aliases?: ActionAlias[];\n};\n\n/\n Set of attributes used to create a new {@link Action} object\n * @typedef {Action, { uid: string }} CreateActionPayload\n /\nexport type CreateActionPayload = Utils.Intersect<\n [\n Utils.Object.PartialBy<\n // Action Id is computed from the uid value\n Omit<Action, 'actionId'>,\n // Options is filled with default values\n 'options'\n >,\n { uid: string },\n ]\n>;\n\n/\n Return the default attributes of a new {@link Action}\n * @return Partial<Action>\n /\nconst getDefaultActionAttributes = (): Partial<Action> => ({\n options: {\n applyToProperties: null,\n },\n});\n\n/\n Get the list of all the valid attributes of an {@link Action}\n /\nconst actionFields = [\n 'section',\n 'displayName',\n 'category',\n 'subCategory',\n 'pluginName',\n 'subjects',\n 'options',\n 'actionId',\n 'aliases',\n] as const;\n\n/\n Remove unwanted attributes from an {@link Action}\n /\nconst sanitizeActionAttributes = pick(actionFields) as (\n action: Action \| CreateActionPayload\n) => Action;\n\n/\n Create and return an identifier for an {@link CreateActionPayload}.\n * The format is based on the action's source ({@link CreateActionPayload.pluginName} or 'application') and {@link CreateActionPayload.uid}.\n * @param {CreateActionPayload} attributes\n * @return {string}\n /\n// TODO: TS - Use Common.UID\nconst computeActionId = (attributes: CreateActionPayload): string => {\n const { pluginName, uid } = attributes;\n\n if (!pluginName) {\n return `api::${uid}`;\n }\n\n if (pluginName === 'admin') {\n return `admin::${uid}`;\n }\n\n return `plugin::${pluginName}.${uid}`;\n};\n\n/\n Assign an actionId attribute to an {@link CreateActionPayload} object\n /\nconst assignActionId = (attrs: CreateActionPayload) =>\n set('actionId', computeActionId(attrs), attrs);\n\n/\n Transform an action by adding or removing the {@link Action.subCategory} attribute\n * @param {Action} action - The action to process\n * @return {Action}\n /\nconst assignOrOmitSubCategory = (action: Action): Action => {\n const shouldHaveSubCategory = ['settings', 'plugins'].includes(action.section);\n\n return shouldHaveSubCategory\n ? set('subCategory', action.subCategory \|\| 'general', action)\n : omit('subCategory', action);\n};\n\n/\n Check if a property can be applied to an {@link Action}\n /\nconst appliesToProperty = curry((property: string, action: Action): boolean => {\n return pipe(prop('options.applyToProperties'), includes(property))(action);\n});\n\n/\n Check if an action applies to a subject\n /\nconst appliesToSubject = curry((subject: string, action: Action): boolean => {\n return isArray(action.subjects) && includes(subject, action.subjects);\n});\n\n/\n Transform the given attributes into a domain representation of an Action\n /\nconst create: (payload: CreateActionPayload) => Action = pipe(\n // Create and assign an action identifier to the action\n // (need to be done before the sanitizeActionAttributes since we need the uid here)\n assignActionId,\n // Add or remove the sub category field based on the pluginName attribute\n assignOrOmitSubCategory,\n // Remove unwanted attributes from the payload\n sanitizeActionAttributes,\n // Complete the action creation by adding default values for some attributes\n merge(getDefaultActionAttributes())\n);\n\nexport default {\n actionFields,\n appliesToProperty,\n appliesToSubject,\n assignActionId,\n assignOrOmitSubCategory,\n create,\n computeActionId,\n getDefaultActionAttributes,\n sanitizeActionAttributes,\n};\n","import _ from 'lodash';\n\nconst checkFieldsAreCorrectlyNested = (fields: unknown) => {\n if (_.isNil(fields)) {\n // Only check if the fields exist\n return true;\n }\n if (!Array.isArray(fields)) {\n return false;\n }\n\n let failed = false;\n for (let indexA = 0; indexA < fields.length; indexA += 1) {\n failed = fields\n .slice(indexA + 1)\n .some(\n (fieldB) =>\n fieldB.startsWith(`${fields[indexA]}.`) \|\| fields[indexA].startsWith(`${fieldB}.`)\n );\n if (failed) break;\n }\n\n return !failed;\n};\n\nexport default checkFieldsAreCorrectlyNested;\n","import _ from 'lodash';\n\nconst checkFieldsDontHaveDuplicates = (fields: unknown) => {\n if (_.isNil(fields)) {\n // Only check if the fields exist\n return true;\n }\n if (!Array.isArray(fields)) {\n return false;\n }\n\n return _.uniq(fields).length === fields.length;\n};\n\nexport default checkFieldsDontHaveDuplicates;\n","import { yup } from '@strapi/utils';\nimport _ from 'lodash';\nimport { isEmpty, has, isNil, isArray } from 'lodash/fp';\nimport { getService } from '../utils';\nimport actionDomain, { type Action } from '../domain/action';\nimport { checkFieldsAreCorrectlyNested, checkFieldsDontHaveDuplicates } from './common-functions';\nimport actions from '../domain/action/index';\n\nconst { actionFields } = actions;\n\nconst getActionFromProvider = (actionId: string) => {\n return getService('permission').actionProvider.get(actionId);\n};\n\nexport const email = yup.string().email().lowercase();\n\nexport const firstname = yup.string().trim().min(1);\n\nexport const lastname = yup.string();\n\nexport const username = yup.string().min(1);\n\nexport const password = yup\n .string()\n .min(8)\n .matches(/[a-z]/, '${path} must contain at least one lowercase character')\n .matches(/[A-Z]/, '${path} must contain at least one uppercase character')\n .matches(/\\d/, '${path} must contain at least one number');\n\nexport const roles = yup.array(yup.strapiID()).min(1);\n\nconst isAPluginName = yup\n .string()\n .test('is-a-plugin-name', 'is not a plugin name', function (value) {\n return [undefined, 'admin', ...Object.keys(strapi.plugins)].includes(value)\n ? true\n : this.createError({ path: this.path, message: `${this.path} is not an existing plugin` });\n });\n\nexport const arrayOfConditionNames = yup\n .array()\n .of(yup.string())\n .test('is-an-array-of-conditions', 'is not a plugin name', function (value) {\n const ids = strapi.service('admin::permission').conditionProvider.keys();\n return _.isUndefined(value) \|\| _.difference(value, ids).length === 0\n ? true\n : this.createError({ path: this.path, message: `contains conditions that don't exist` });\n });\n\nexport const permissionsAreEquals = (a: any, b: any) =>\n a.action === b.action && (a.subject === b.subject \|\| (_.isNil(a.subject) && _.isNil(b.subject)));\n\nconst checkNoDuplicatedPermissions = (permissions: unknown) =>\n !Array.isArray(permissions) \|\|\n permissions.every((permA, i) =>\n permissions.slice(i + 1).every((permB) => !permissionsAreEquals(permA, permB))\n );\n\nconst checkNilFields = (action: Action) =>\n function (fields: typeof actionFields) {\n // If the parent has no action field, then we ignore this test\n if (isNil(action)) {\n return true;\n }\n\n return actionDomain.appliesToProperty('fields', action) \|\| isNil(fields);\n };\n\nconst fieldsPropertyValidation = (action: Action) =>\n yup\n .array()\n .of(yup.string())\n .nullable()\n .test(\n 'field-nested',\n 'Fields format are incorrect (bad nesting).',\n checkFieldsAreCorrectlyNested\n )\n .test(\n 'field-nested',\n 'Fields format are incorrect (duplicates).',\n checkFieldsDontHaveDuplicates\n )\n .test(\n 'fields-restriction',\n 'The permission at ${path} must have fields set to null or undefined',\n // @ts-expect-error yup types\n checkNilFields(action)\n );\n\nexport const permission = yup\n .object()\n .shape({\n action: yup\n .string()\n .required()\n .test('action-validity', 'action is not an existing permission action', function (actionId) {\n // If the action field is Nil, ignore the test and let the required check handle the error\n if (isNil(actionId)) {\n return true;\n }\n\n return !!getActionFromProvider(actionId);\n }),\n actionParameters: yup.object().nullable(),\n subject: yup\n .string()\n .nullable()\n .test('subject-validity', 'Invalid subject submitted', function (subject) {\n // @ts-expect-error yup types\n const action = getActionFromProvider(this.options.parent.action);\n\n if (!action) {\n return true;\n }\n\n if (isNil(action.subjects)) {\n return isNil(subject);\n }\n\n if (isArray(action.subjects) && !isNil(subject)) {\n return action.subjects.includes(subject);\n }\n\n return false;\n }),\n properties: yup\n .object()\n .test('properties-structure', 'Invalid property set at ${path}', function (properties) {\n // @ts-expect-error yup types\n const action = getActionFromProvider(this.options.parent.action) as any;\n const hasNoProperties = isEmpty(properties) \|\| isNil(properties);\n\n if (!has('options.applyToProperties', action)) {\n return hasNoProperties;\n }\n\n if (hasNoProperties) {\n return true;\n }\n\n const { applyToProperties } = action.options;\n\n if (!isArray(applyToProperties)) {\n return false;\n }\n\n return Object.keys(properties).every((property) => applyToProperties.includes(property));\n })\n .test(\n 'fields-property',\n 'Invalid fields property at ${path}',\n async function (properties = {}) {\n // @ts-expect-error yup types\n const action = getActionFromProvider(this.options.parent.action) as any;\n\n if (!action \|\| !properties) {\n return true;\n }\n\n if (!actionDomain.appliesToProperty('fields', action)) {\n return true;\n }\n\n try {\n await fieldsPropertyValidation(action).validate(properties.fields, {\n strict: true,\n abortEarly: false,\n });\n return true;\n } catch (e: any) {\n // Propagate fieldsPropertyValidation error with updated path\n throw this.createError({\n message: e.message,\n path: `${this.path}.fields`,\n });\n }\n }\n ),\n conditions: yup.array().of(yup.string()),\n })\n .noUnknown();\n\nexport const updatePermissions = yup\n .object()\n .shape({\n permissions: yup\n .array()\n .required()\n .of(permission)\n .test(\n 'duplicated-permissions',\n 'Some permissions are duplicated (same action and subject)',\n checkNoDuplicatedPermissions\n ),\n })\n .required()\n .noUnknown();\n\nexport default {\n email,\n firstname,\n lastname,\n username,\n password,\n roles,\n isAPluginName,\n arrayOfConditionNames,\n permission,\n updatePermissions,\n};\n","import { isUndefined } from 'lodash/fp';\nimport { yup, validateYupSchema } from '@strapi/utils';\nimport validators from './common-validators';\n\nconst userCreationSchema = yup\n .object()\n .shape({\n email: validators.email.required(),\n firstname: validators.firstname.required(),\n lastname: validators.lastname,\n roles: validators.roles.min(1),\n preferedLanguage: yup.string().nullable(),\n })\n .noUnknown();\n\nconst profileUpdateSchema = yup\n .object()\n .shape({\n email: validators.email.notNull(),\n firstname: validators.firstname.notNull(),\n lastname: validators.lastname.nullable(),\n username: validators.username.nullable(),\n password: validators.password.notNull(),\n currentPassword: yup\n .string()\n .when('password', (password: string, schema: any) =>\n !isUndefined(password) ? schema.required() : schema\n )\n .notNull(),\n preferedLanguage: yup.string().nullable(),\n })\n .noUnknown();\n\nconst userUpdateSchema = yup\n .object()\n .shape({\n email: validators.email.notNull(),\n firstname: validators.firstname.notNull(),\n lastname: validators.lastname.nullable(),\n username: validators.username.nullable(),\n password: validators.password.notNull(),\n isActive: yup.bool().notNull(),\n roles: validators.roles.min(1).notNull(),\n })\n .noUnknown();\n\nconst usersDeleteSchema = yup\n .object()\n .shape({\n ids: yup.array().of(yup.strapiID()).min(1).required(),\n })\n .noUnknown();\n\nexport const validateUserCreationInput = validateYupSchema(userCreationSchema);\nexport const validateProfileUpdateInput = validateYupSchema(profileUpdateSchema);\nexport const validateUserUpdateInput = validateYupSchema(userUpdateSchema);\nexport const validateUsersDeleteInput = validateYupSchema(usersDeleteSchema);\nexport const schemas = {\n userCreationSchema,\n usersDeleteSchema,\n userUpdateSchema,\n};\n\nexport default {\n validateUserCreationInput,\n validateProfileUpdateInput,\n validateUserUpdateInput,\n validateUsersDeleteInput,\n schemas,\n};\n","import { yup, validateYupSchema } from '@strapi/utils';\nimport { schemas } from '../../../../server/src/validation/user';\n\nconst ssoUserCreationInputExtension = yup\n .object()\n .shape({\n useSSORegistration: yup.boolean(),\n })\n .noUnknown();\n\nexport const validateUserCreationInput = (data: any) => {\n let schema = schemas.userCreationSchema;\n\n if (strapi.ee.features.isEnabled('sso')) {\n schema = schema.concat(ssoUserCreationInputExtension);\n }\n\n return validateYupSchema(schema)(data);\n};\n\nexport default {\n validateUserCreationInput,\n};\n","import type { Context } from 'koa';\n\nimport _ from 'lodash';\nimport { pick, isNil } from 'lodash/fp';\nimport { errors } from '@strapi/utils';\nimport { validateUserCreationInput } from '../validation/user';\nimport { validateUserUpdateInput } from '../../../../server/src/validation/user';\nimport { getService } from '../utils';\nimport { isSsoLocked } from '../utils/sso-lock';\n\nconst { ApplicationError, ForbiddenError } = errors;\n\nconst pickUserCreationAttributes = pick(['firstname', 'lastname', 'email', 'roles']);\n\nconst hasAdminSeatsAvaialble = async () => {\n if (!strapi.EE) {\n return true;\n }\n\n const permittedSeats = strapi.ee.seats as any;\n if (isNil(permittedSeats)) {\n return true;\n }\n\n const userCount = await strapi.service('admin::user').getCurrentActiveUserCount();\n\n if (userCount < permittedSeats) {\n return true;\n }\n};\n\nexport default {\n async create(ctx: Context) {\n if (!(await hasAdminSeatsAvaialble())) {\n throw new ForbiddenError('License seat limit reached. You cannot create a new user');\n }\n\n const { body } = ctx.request;\n const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };\n\n await validateUserCreationInput(cleanData);\n\n const attributes = pickUserCreationAttributes(cleanData);\n const { useSSORegistration } = cleanData;\n\n const userAlreadyExists = await getService('user').exists({ email: attributes.email });\n\n if (userAlreadyExists) {\n throw new ApplicationError('Email already taken');\n }\n\n if (useSSORegistration) {\n Object.assign(attributes, { registrationToken: null, isActive: true });\n }\n\n const createdUser = await getService('user').create(attributes);\n const userInfo = getService('user').sanitizeUser(createdUser);\n\n // Note: We need to assign manually the registrationToken to the\n // final user payload so that it's not removed in the sanitation process.\n Object.assign(userInfo, { registrationToken: createdUser.registrationToken });\n\n ctx.created({ data: userInfo });\n },\n\n async update(ctx: Context) {\n const { id } = ctx.params;\n const { body: input } = ctx.request;\n\n await validateUserUpdateInput(input);\n\n if (_.has(input, 'email')) {\n const uniqueEmailCheck = await getService('user').exists({\n id: { $ne: id },\n email: input.email,\n });\n\n if (uniqueEmailCheck) {\n throw new ApplicationError('A user with this email address already exists');\n }\n }\n\n const user = await getService('user').findOne(id, null);\n\n if (!(await hasAdminSeatsAvaialble()) && !user.isActive && input.isActive) {\n throw new ForbiddenError('License seat limit reached. You cannot active this user');\n }\n\n const updatedUser = await getService('user').updateById(id, input);\n\n if (!updatedUser) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(updatedUser),\n };\n },\n\n async isSSOLocked(ctx: Context) {\n const { user } = ctx.state;\n const isSSOLocked = await isSsoLocked(user);\n\n ctx.body = {\n data: {\n isSSOLocked,\n },\n };\n },\n};\n","import { isNil } from 'lodash/fp';\nimport { env } from '@strapi/utils';\nimport { getService } from '../utils';\n\nexport default {\n // NOTE: Overrides CE admin controller\n async getProjectType() {\n const flags = strapi.config.get('admin.flags', {});\n try {\n return { data: { isEE: strapi.EE, features: strapi.ee.features.list(), flags } };\n } catch (err) {\n return { data: { isEE: false, features: [], flags } };\n }\n },\n\n async licenseLimitInformation() {\n const permittedSeats = strapi.ee.seats;\n\n let shouldNotify = false;\n let licenseLimitStatus = null;\n let enforcementUserCount;\n\n const currentActiveUserCount = await getService('user').getCurrentActiveUserCount();\n\n const eeDisabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (eeDisabledUsers) {\n enforcementUserCount = currentActiveUserCount + eeDisabledUsers.length;\n } else {\n enforcementUserCount = currentActiveUserCount;\n }\n\n if (!isNil(permittedSeats) && enforcementUserCount > permittedSeats) {\n shouldNotify = true;\n licenseLimitStatus = 'OVER_LIMIT';\n }\n\n if (!isNil(permittedSeats) && enforcementUserCount === permittedSeats) {\n shouldNotify = true;\n licenseLimitStatus = 'AT_LIMIT';\n }\n\n const data = {\n enforcementUserCount,\n currentActiveUserCount,\n permittedSeats,\n shouldNotify,\n shouldStopCreate: isNil(permittedSeats) ? false : currentActiveUserCount >= permittedSeats,\n licenseLimitStatus,\n isHostedOnStrapiCloud: env('STRAPI_HOSTING', null) === 'strapi.cloud',\n features: strapi.ee.features.list() ?? [],\n };\n\n return { data };\n },\n};\n","import type {} from 'koa-body';\n\nimport authentication from './authentication';\nimport role from './role';\nimport user from './user';\nimport admin from './admin';\n\nexport default {\n authentication,\n role,\n user,\n admin,\n};\n","import type { Core } from '@strapi/types';\n\nexport const enableFeatureMiddleware: Core.MiddlewareFactory =\n (featureName: string) => (ctx, next) => {\n if (strapi.ee.features.isEnabled(featureName)) {\n return next();\n }\n\n ctx.status = 404;\n };\n\nexport default {\n enableFeatureMiddleware,\n};\n","import { enableFeatureMiddleware } from './utils';\n\nexport default {\n type: 'admin',\n routes: [\n {\n method: 'GET',\n path: '/providers',\n handler: 'authentication.getProviders',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n auth: false,\n },\n },\n {\n method: 'GET',\n path: '/connect/:provider',\n handler: 'authentication.providerLogin',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n auth: false,\n },\n },\n {\n method: 'POST',\n path: '/connect/:provider',\n handler: 'authentication.providerLogin',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n auth: false,\n },\n },\n {\n method: 'GET',\n path: '/providers/options',\n handler: 'authentication.getProviderLoginOptions',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::provider-login.read'] } },\n ],\n },\n },\n {\n method: 'PUT',\n path: '/providers/options',\n handler: 'authentication.updateProviderLoginOptions',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::provider-login.update'] } },\n ],\n },\n },\n {\n method: 'GET',\n path: '/providers/isSSOLocked',\n handler: 'user.isSSOLocked',\n config: {\n middlewares: [enableFeatureMiddleware('sso')],\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n ],\n};\n","export default {\n type: 'admin',\n routes: [\n // License limit infos\n {\n method: 'GET',\n path: '/license-limit-information',\n handler: 'admin.licenseLimitInformation',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n {\n name: 'admin::hasPermissions',\n config: {\n actions: [\n 'admin::users.create',\n 'admin::users.read',\n 'admin::users.update',\n 'admin::users.delete',\n ],\n },\n },\n ],\n },\n },\n ],\n};\n","import sso from './sso';\nimport licenseLimit from './license-limit';\n\nexport default {\n sso,\n 'license-limit': licenseLimit,\n};\n","import { enableFeatureMiddleware } from '../../routes/utils';\n\nexport default {\n type: 'admin',\n routes: [\n {\n method: 'GET',\n path: '/audit-logs',\n handler: 'audit-logs.findMany',\n config: {\n middlewares: [enableFeatureMiddleware('audit-logs')],\n policies: [\n 'admin::isAuthenticatedAdmin',\n {\n name: 'admin::hasPermissions',\n config: {\n actions: ['admin::audit-logs.read'],\n },\n },\n ],\n },\n },\n {\n method: 'GET',\n path: '/audit-logs/:id',\n handler: 'audit-logs.findOne',\n config: {\n middlewares: [enableFeatureMiddleware('audit-logs')],\n policies: [\n 'admin::isAuthenticatedAdmin',\n {\n name: 'admin::hasPermissions',\n config: {\n actions: ['admin::audit-logs.read'],\n },\n },\n ],\n },\n },\n ],\n};\n","import { yup, validateYupSchema } from '@strapi/utils';\n\nconst ALLOWED_SORT_STRINGS = ['action:ASC', 'action:DESC', 'date:ASC', 'date:DESC'];\n\nconst validateFindManySchema = yup\n .object()\n .shape({\n page: yup.number().integer().min(1),\n pageSize: yup.number().integer().min(1).max(100),\n sort: yup.mixed().oneOf(ALLOWED_SORT_STRINGS),\n })\n .required();\n\nexport const validateFindMany = validateYupSchema(validateFindManySchema, { strict: false });\n\nexport default {\n validateFindMany,\n};\n","import type { Context } from 'koa';\n\nimport { validateFindMany } from '../validation/audit-logs';\n\nexport default {\n async findMany(ctx: Context) {\n const { query } = ctx.request;\n await validateFindMany(query);\n\n const auditLogs = strapi.get('audit-logs');\n const body = await auditLogs.findMany(query);\n\n ctx.body = body;\n },\n\n async findOne(ctx: Context) {\n const { id } = ctx.params;\n\n const auditLogs = strapi.get('audit-logs');\n const body = await auditLogs.findOne(id);\n\n ctx.body = body;\n\n strapi.telemetry.send('didWatchAnAuditLog');\n },\n};\n","import type { Core } from '@strapi/types';\n\ninterface Event {\n action: string;\n date: Date;\n userId: string \| number;\n payload: Record<string, unknown>;\n}\n\ninterface Log extends Omit<Event, 'userId'> {\n user: string \| number;\n}\n\nconst getSanitizedUser = (user: any) => {\n let displayName = user.email;\n\n if (user.username) {\n displayName = user.username;\n } else if (user.firstname && user.lastname) {\n displayName = `${user.firstname} ${user.lastname}`;\n }\n\n return {\n id: user.id,\n email: user.email,\n displayName,\n };\n};\n\n/\n @description\n * Manages audit logs interaction with the database. Accessible via strapi.get('audit-logs')\n /\nconst createAuditLogsService = (strapi: Core.Strapi) => {\n return {\n async saveEvent(event: Event) {\n const { userId, ...rest } = event;\n\n const auditLog: Log = { ...rest, user: userId };\n\n // Save to database\n await strapi.db?.query('admin::audit-log').create({ data: auditLog });\n\n return this;\n },\n\n async findMany(query: unknown) {\n const { results, pagination } = await strapi.db?.query('admin::audit-log').findPage({\n populate: ['user'],\n select: ['action', 'date', 'payload'],\n ...strapi.get('query-params').transform('admin::audit-log', query),\n });\n\n const sanitizedResults = results.map((result: any) => {\n const { user, ...rest } = result;\n return {\n ...rest,\n user: user ? getSanitizedUser(user) : null,\n };\n });\n\n return {\n results: sanitizedResults,\n pagination,\n };\n },\n\n async findOne(id: unknown) {\n const result: any = await strapi.db?.query('admin::audit-log').findOne({\n where: { id },\n populate: ['user'],\n select: ['action', 'date', 'payload'],\n });\n\n if (!result) {\n return null;\n }\n\n const { user, ...rest } = result;\n return {\n ...rest,\n user: user ? getSanitizedUser(user) : null,\n };\n },\n\n deleteExpiredEvents(expirationDate: Date) {\n return strapi.db?.query('admin::audit-log').deleteMany({\n where: {\n date: {\n $lt: expirationDate.toISOString(),\n },\n },\n });\n },\n };\n};\n\nexport { createAuditLogsService };\n","import type { Core } from '@strapi/types';\nimport { scheduleJob } from 'node-schedule';\n\nconst DEFAULT_RETENTION_DAYS = 90;\n\nconst defaultEvents = [\n 'entry.create',\n 'entry.update',\n 'entry.delete',\n 'entry.publish',\n 'entry.unpublish',\n 'media.create',\n 'media.update',\n 'media.delete',\n 'media-folder.create',\n 'media-folder.update',\n 'media-folder.delete',\n 'user.create',\n 'user.update',\n 'user.delete',\n 'admin.auth.success',\n 'admin.logout',\n 'content-type.create',\n 'content-type.update',\n 'content-type.delete',\n 'component.create',\n 'component.update',\n 'component.delete',\n 'role.create',\n 'role.update',\n 'role.delete',\n 'permission.create',\n 'permission.update',\n 'permission.delete',\n];\n\nconst getEventMap = (defaultEvents: any) => {\n const getDefaultPayload = (...args: any) => args[0];\n\n // Use the default payload for all default events\n return defaultEvents.reduce((acc: any, event: any) => {\n acc[event] = getDefaultPayload;\n return acc;\n }, {} as any);\n};\n\nconst getRetentionDays = (strapi: Core.Strapi) => {\n const featureConfig = strapi.ee.features.get('audit-logs');\n const licenseRetentionDays =\n typeof featureConfig === 'object' && featureConfig?.options.retentionDays;\n const userRetentionDays = strapi.config.get('admin.auditLogs.retentionDays');\n\n // For enterprise plans, use 90 days by default, but allow users to override it\n if (licenseRetentionDays == null) {\n return userRetentionDays ?? DEFAULT_RETENTION_DAYS;\n }\n\n // Allow users to override the license retention days, but not to increase it\n if (userRetentionDays && userRetentionDays < licenseRetentionDays) {\n return userRetentionDays;\n }\n\n // User didn't provide a retention days value, use the license one\n return licenseRetentionDays;\n};\n\n/\n @description\n * Manages the the lifecycle of audit logs. Accessible via strapi.get('audit-logs-lifecycles')\n /\nconst createAuditLogsLifecycleService = (strapi: Core.Strapi) => {\n // Manage internal service state privately\n const state = {} as any;\n const auditLogsService = strapi.get('audit-logs');\n\n // NOTE: providers should be able to replace getEventMap to add or remove events\n const eventMap = getEventMap(defaultEvents);\n\n const processEvent = (name: string, ...args: any) => {\n const requestState = strapi.requestContext.get()?.state;\n\n // Ignore events with auth strategies different from admin\n const isUsingAdminAuth = requestState?.route.info.type === 'admin';\n const user = requestState?.user;\n if (!isUsingAdminAuth \|\| !user) {\n return null;\n }\n\n const getPayload = eventMap[name];\n\n // Ignore the event if it's not in the map\n if (!getPayload) {\n return null;\n }\n\n // Ignore some events based on payload\n // TODO: What does this ignore in upload? Why would we want to ignore anything?\n const ignoredUids = ['plugin::upload.file', 'plugin::upload.folder'];\n if (ignoredUids.includes(args[0]?.uid)) {\n return null;\n }\n\n return {\n action: name,\n date: new Date().toISOString(),\n payload: getPayload(...args) \|\| {},\n userId: user.id,\n };\n };\n\n const handleEvent = async (name: string, ...args: any) => {\n const processedEvent = processEvent(name, ...args);\n\n if (processedEvent) {\n await auditLogsService.saveEvent(processedEvent);\n }\n };\n\n return {\n async register() {\n // Handle license being enabled\n if (!state.eeEnableUnsubscribe) {\n // @ts-expect-error- update event hub to receive callback argument\n state.eeEnableUnsubscribe = strapi.eventHub.on('ee.enable', () => {\n // Recreate the service to use the new license info\n this.destroy();\n this.register();\n });\n }\n\n // Handle license being updated\n if (!state.eeUpdateUnsubscribe) {\n // @ts-expect-error- update event hub to receive callback argument\n state.eeUpdateUnsubscribe = strapi.eventHub.on('ee.update', () => {\n // Recreate the service to use the new license info\n this.destroy();\n this.register();\n });\n }\n\n // Handle license being disabled\n // @ts-expect-error- update event hub to receive callback argument\n state.eeDisableUnsubscribe = strapi.eventHub.on('ee.disable', () => {\n // Turn off service when the license gets disabled\n // Only ee.enable and ee.update listeners remain active to recreate the service\n this.destroy();\n });\n\n // Check current state of license\n if (!strapi.ee.features.isEnabled('audit-logs')) {\n return this;\n }\n\n // Start saving events\n state.eventHubUnsubscribe = strapi.eventHub.subscribe(handleEvent);\n\n // Manage audit logs auto deletion\n const retentionDays = getRetentionDays(strapi);\n state.deleteExpiredJob = scheduleJob('0 0 * ', () => {\n const expirationDate = new Date(Date.now() - retentionDays 24 * 60 * 60 * 1000);\n auditLogsService.deleteExpiredEvents(expirationDate);\n });\n\n return this;\n },\n\n unsubscribe() {\n if (state.eeDisableUnsubscribe) {\n state.eeDisableUnsubscribe();\n }\n\n if (state.eventHubUnsubscribe) {\n state.eventHubUnsubscribe();\n }\n\n if (state.deleteExpiredJob) {\n state.deleteExpiredJob.cancel();\n }\n\n return this;\n },\n\n destroy() {\n return this.unsubscribe();\n },\n };\n};\n\nexport { createAuditLogsLifecycleService };\n","export const auditLog = {\n schema: {\n kind: 'collectionType',\n collectionName: 'strapi_audit_logs',\n info: {\n singularName: 'audit-log',\n pluralName: 'audit-logs',\n displayName: 'Audit Log',\n },\n options: {\n timestamps: false,\n },\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n },\n attributes: {\n action: {\n type: 'string',\n required: true,\n },\n date: {\n type: 'datetime',\n required: true,\n },\n user: {\n type: 'relation',\n relation: 'oneToOne',\n target: 'admin::user',\n },\n payload: {\n type: 'json',\n },\n },\n },\n};\n","import register from './register';\nimport bootstrap from './bootstrap';\nimport destroy from './destroy';\nimport adminContentTypes from './content-types';\nimport services from './services';\nimport controllers from './controllers';\nimport routes from './routes';\nimport auditLogsRoutes from './audit-logs/routes/audit-logs';\nimport auditLogsController from './audit-logs/controllers/audit-logs';\nimport { createAuditLogsService } from './audit-logs/services/audit-logs';\nimport { createAuditLogsLifecycleService } from './audit-logs/services/lifecycles';\nimport { auditLog } from './audit-logs/content-types/audit-log';\nimport { Core } from '@strapi/types';\n\nconst getAdminEE = () => {\n const eeAdmin = {\n register,\n bootstrap,\n destroy,\n contentTypes: {\n // Always register the audit-log content type to prevent data loss\n 'audit-log': auditLog,\n ...adminContentTypes,\n },\n services,\n controllers,\n routes,\n };\n\n // Only add the other audit-logs APIs if the feature is enabled by the user and the license\n if (\n strapi.config.get('admin.auditLogs.enabled', true) &&\n strapi.ee.features.isEnabled('audit-logs')\n ) {\n return {\n ...eeAdmin,\n controllers: {\n ...eeAdmin.controllers,\n 'audit-logs': auditLogsController,\n },\n routes: {\n ...eeAdmin.routes,\n 'audit-logs': auditLogsRoutes,\n },\n async register({ strapi }: { strapi: Core.Strapi }) {\n // Run the the default registration\n await eeAdmin.register({ strapi });\n // Register an internal audit logs service\n strapi.add('audit-logs', createAuditLogsService(strapi));\n // Register an internal audit logs lifecycle service\n const auditLogsLifecycle = createAuditLogsLifecycleService(strapi);\n strapi.add('audit-logs-lifecycle', auditLogsLifecycle);\n\n await auditLogsLifecycle.register();\n },\n async destroy({ strapi }: { strapi: Core.Strapi }) {\n strapi.get('audit-logs-lifecycle').destroy();\n await eeAdmin.destroy({ strapi });\n },\n };\n }\n\n return eeAdmin;\n};\n\nexport default getAdminEE();\n"],"names":["strapi","getService","name","authenticate","user","UnauthorizedError","ForbiddenError","auth","actions","roles","role","ApplicationError","email","password","LocalStrategy","getPassportStrategies","authEventsMapper","passport","sso","SUPER_ADMIN_CODE","ValidationError","updatedUser","providerRegistry","firstname","lastname","username","auditLog","defaultEvents"],"mappings":";;;;;;;;;;;;AAMA,MAAM,0BAA0B,CAAC,EAAE,QAAAA,cAAsC;AACvE,MAAI,WAAW,QAAQA,QAAO,KAAK,KAAK,MAAM,OAAO;AAErD,MAAI,CAAC,IAAI,eAAe,QAAQ,GAAG;AACtB,eAAA,QAAQ,WAAW,aAAa;AAAA,EAC7C;AAEM,QAAA,uBAAuB,OAAO,KAAc,SAAe;AAC/D,UAAM,KAAK;AAEX,QAAI,IAAI,WAAW,UAAU,IAAI,WAAW,OAAO;AACjD;AAAA,IACF;AAEA,QAAI,IAAI,QAAQ,QAAQ,IAAI,WAAW,KAAK;AAC1C;AAAA,IACF;AAEA,QAAI,OAAO;AACX,QAAI,OAAO,IAAI,iBAAiB,KAAK,UAAU,YAAY,CAAC;AAAA,EAAA;AAG9D,EAAAA,QAAO,OAAO,OAAO;AAAA,IACnB;AAAA,MACE,QAAQ;AAAA,MACR,MAAM,GAAGA,QAAO,OAAO,MAAM,IAAI;AAAA,MACjC,SAAS;AAAA,QACP;AAAA,QACA,YAAY,UAAU;AAAA,UACpB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,OAAO;AAAA,UACP,WAAW,KAAU,MAAW;AACxB,kBAAA,MAAM,QAAQ,IAAI;AAExB,gBAAI,QAAQ,SAAS;AACf,kBAAA,UAAU,iBAAiB,qCAAqC;AAAA,YACtE;AAAA,UACF;AAAA,QAAA,CACD;AAAA,MACH;AAAA,MACA,QAAQ,EAAE,MAAM,MAAM;AAAA,IACxB;AAAA,EAAA,CACD;AACH;AAGA,MAAM,cAAc,CAAC,UAAe,mBAAmB,OAAO;AACtD,QAAA,QAAQ,UAAU,UAAU,gBAAgB;AAE3C,SAAA,OAAO,KAAc,SAAe;AACzC,UAAM,OAAO,IAAI;AACX,UAAA,UAAU,SAAS,IAAI,IAAI;AAEjC,QAAI,OAAO;AACL,UAAA,MAAM,KAAK,YAAY;AAC3B,UAAI,OAAO;AACX,YAAM,KAAK;AACX,UAAI,OAAO;AAAA,IAAA,CACZ;AACD,QAAI,OAAO;AAAA,EAAA;AAEf;ACpEA,MAAMC,eAAa,CAACC,UAAS;AAC3B,SAAO,OAAO,QAAQ,UAAUA,KAAI,EAAE;AACxC;ACEa,MAAAC,iBAAe,OAAO,QAAiB;AAClD,QAAM,EAAE,cAAkB,IAAA,IAAI,QAAQ;AAEtC,MAAI,CAAC,eAAe;AACX,WAAA,EAAE,eAAe;EAC1B;AAEM,QAAA,QAAQ,cAAc,MAAM,KAAK;AAEnC,MAAA,MAAM,CAAC,EAAE,YAAA,MAAkB,YAAY,MAAM,WAAW,GAAG;AACtD,WAAA,EAAE,eAAe;EAC1B;AAEM,QAAA,QAAQ,MAAM,CAAC;AACf,QAAA,EAAE,SAAS,YAAYF,aAAW,OAAO,EAAE,eAAe,KAAK;AAErE,MAAI,CAAC,SAAS;AACL,WAAA,EAAE,eAAe;EAC1B;AAEA,QAAMG,QAAO,MAAM,OAAO,GACvB,MAAM,aAAa,EACnB,QAAQ,EAAE,OAAO,EAAE,IAAI,QAAQ,GAAG,GAAG,UAAU,CAAC,OAAO,GAAG;AAE7D,MAAI,CAACA,SAAQ,EAAEA,MAAK,aAAa,OAAO;AAC/B,WAAA,EAAE,eAAe;EAC1B;AAEA,QAAM,cAAc,MAAMH,aAAW,YAAY,EAAE,OAAO,oBAAoBG,KAAI;AAIlF,MAAI,MAAM,cAAc;AACxB,MAAI,MAAM,OAAOA;AAEV,SAAA;AAAA,IACL,eAAe;AAAA,IACf,aAAaA;AAAA,IACb,SAAS;AAAA,EAAA;AAEb;AAEO,MAAM,OAAO;AAGpB,MAAe,oBAAA;AAAA,EACb;AAAA,EAAA,cACAD;AACF;ACpDA,MAAM,YAAY,KAAK,KAAK,KAAK;AAEjC,MAAM,YAAY;AAAA,EAChB,sBAAsB;AAAA,EACtB,kBAAkB;AAAA,EAClB,aAAa;AAAA,EACb,aAAa;AAAA,EACb,aAAa;AAAA,EACb,eAAe;AAAA,EACf,eAAe;AAAA,EACf,eAAe;AAAA,EACf,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,IACd,WAAW;AAAA,IACX,aAAa;AAAA,IACb,QAAQ;AAAA,EACV;AAAA;AAAA,EAEA,qBAAqB;AAAA,IACnB,WAAW;AAAA,IACX,QAAQ,IAAI;AAAA,IACZ,SAAS,KAAK;AAAA,IACd,SAAS,KAAK;AAAA,EAChB;AAAA,EACA,qBAAqB;AAAA,IACnB,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AAAA,EACA,0BAA0B;AAAA,IACxB,WAAW;AAAA,IACX,QAAQ,IAAI;AAAA,IACZ,SAAS,KAAK;AAAA,IACd,SAAS,KAAK;AAAA,EAChB;AACF;AC1BA,MAAM,qBAAEE,qBAAmB,gBAAAC,iBAAmB,IAAA;AAE9C,MAAM,cAAc,CAAC,UAAe,MAAM,SAAS,MAAM,KAAK,MAAM,SAAS,SAAS;AAEtF,MAAM,eAAe,CAAC,QAAiB;AACjC,MAAA,IAAI,WAAW,IAAI,QAAQ,UAAU,IAAI,QAAQ,OAAO,eAAe;AACzE,UAAM,QAAQ,IAAI,QAAQ,OAAO,cAAc,MAAM,KAAK;AAEtD,QAAA,MAAM,CAAC,EAAE,YAAA,MAAkB,YAAY,MAAM,WAAW,GAAG;AACtD,aAAA;AAAA,IACT;AAEA,WAAO,MAAM,CAAC;AAAA,EAChB;AAEO,SAAA;AACT;AAKa,MAAAH,iBAAe,OAAO,QAAiB;AAC5C,QAAA,kBAAkBF,aAAW,WAAW;AACxC,QAAA,QAAQ,aAAa,GAAG;AAE9B,MAAI,CAAC,OAAO;AACH,WAAA,EAAE,eAAe;EAC1B;AAEM,QAAA,WAAW,MAAM,gBAAgB,MAAM;AAAA,IAC3C,WAAW,gBAAgB,KAAK,KAAK;AAAA,EAAA,CACtC;AAGD,MAAI,CAAC,UAAU;AACN,WAAA,EAAE,eAAe;EAC1B;AAEM,QAAA,kCAAkB;AAExB,MAAI,CAAC,MAAM,SAAS,SAAS,GAAG;AAC9B,UAAM,iBAAiB,IAAI,KAAK,SAAS,SAAS;AAElD,QAAI,iBAAiB,aAAa;AAChC,aAAO,EAAE,eAAe,OAAO,OAAO,IAAII,oBAAkB,eAAe;IAC7E;AAAA,EACF;AAIA,QAAM,qBAAqB,kBAAkB,aAAa,SAAS,SAAS,UAAU,CAAC;AACvF,MAAI,sBAAsB,GAAG;AAC3B,UAAM,OAAO,GAAG,MAAM,kBAAkB,EAAE,OAAO;AAAA,MAC/C,OAAO,EAAE,IAAI,SAAS,GAAG;AAAA,MACzB,MAAM,EAAE,YAAY,YAAY;AAAA,IAAA,CACjC;AAAA,EACH;AAEA,MAAI,SAAS,SAAS,UAAU,eAAe,QAAQ;AACrD,UAAM,UAAU,MAAM,OAAO,WAAW,YAAY,OAAO;AAAA,MACzD,SAAS,YAAY,IAAI,CAAC,YAAiB,EAAE,SAAS;AAAA,IAAA;AAGxD,WAAO,EAAE,eAAe,MAAM,SAAS,aAAa,SAAS;AAAA,EAC/D;AAEA,SAAO,EAAE,eAAe,MAAM,aAAa,SAAS;AACtD;AAOa,MAAA,SAAS,CAACE,OAAW,WAAgB;AAChD,QAAM,EAAE,aAAa,UAAU,QAAA,IAAYA;AAE3C,MAAI,CAAC,UAAU;AACP,UAAA,IAAIF,oBAAkB,iBAAiB;AAAA,EAC/C;AAEM,QAAA,kCAAkB;AAExB,MAAI,CAAC,MAAM,SAAS,SAAS,GAAG;AAC9B,UAAM,iBAAiB,IAAI,KAAK,SAAS,SAAS;AAElD,QAAI,iBAAiB,aAAa;AAC1B,YAAA,IAAIA,oBAAkB,eAAe;AAAA,IAC7C;AAAA,EACF;AAGA,MAAI,SAAS,SAAS,UAAU,eAAe,aAAa;AAC1D;AAAA,EACF;AAGA,MAAI,SAAS,SAAS,UAAU,eAAe,WAAW;AAKlD,UAAA,SAAS,UAAU,OAAO,KAAK;AAErC,QAAI,OAAO,SAAS,OAAO,MAAM,WAAW,GAAG;AAC7C;AAAA,IACF;AAAA,EAIO,WAAA,SAAS,SAAS,UAAU,eAAe,QAAQ;AAC1D,QAAI,CAAC,SAAS;AACZ,YAAM,IAAIC,iBAAe;AAAA,IAC3B;AAEM,UAAA,SAAS,UAAU,OAAO,KAAK;AAE/B,UAAA,YAAY,OAAO,MAAM,CAAC,UAAU,QAAQ,IAAI,KAAK,CAAC;AAE5D,QAAI,WAAW;AACb;AAAA,IACF;AAAA,EACF;AAEA,QAAM,IAAIA,iBAAe;AAC3B;AAIA,MAAe,uBAAA;AAAA,EACb,MAAM;AAAA,EAAA,cACNH;AAAAA,EACA;AACF;ACxIA,MAAA,oBAAe,CAAC,EAAE,QAAAH,QAAA,MAAsC;AACtD,QAAM,qBAAqBA,QAAO,QAAQ,iBAAiB,EAAE,KAAK;AAElE,EAAAA,QAAO,OAAO,IAAI,OAAO,EAAE,IAAI,kBAAkB;AACjD,EAAAA,QAAO,IAAI,MAAM,EAAE,SAAS,SAAS,iBAAiB;AACtD,EAAAA,QAAO,IAAI,MAAM,EAAE,SAAS,eAAe,oBAAoB;AAE/D,MAAIA,QAAO,OAAO,IAAI,uBAAuB,GAAG;AACtB,4BAAA,EAAE,QAAAA,SAAQ;AAAA,EACpC;AACF;ACXA,MAAA,WAAe,OAAO,EAAE,QAAAA,QAAA,MAAsC;AACtD,QAAA,kBAAkB,EAAE,QAAAA,QAAA,CAAQ;AACpC;ACNO,MAAMQ,YAAU;AAAA,EACrB;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,SAAS;AAAA,MACP;AAAA,QACE,UAAU;AAAA,QACV,UAAU,CAAC,aAAa;AAAA,MAC1B;AAAA,IACF;AAAA,EACF;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,SAAS;AAAA,MACP;AAAA,QACE,UAAU;AAAA,QACV,UAAU,CAAC,aAAa;AAAA,MAC1B;AAAA,IACF;AAAA,EACF;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AACF;AAEA,MAAe,eAAA;AAAA,EAAA,SACbA;AACF;AC/NO,MAAM,aAAa;AAAA,EACxB;AAAA,IACE,aAAa;AAAA,IACb,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,SAAS,CAACJ,WAAgB,EAAE,gBAAgBA,MAAK,GAAG;AAAA,EACtD;AAAA,EACA;AAAA,IACE,aAAa;AAAA,IACb,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,SAAS,CAACA,WAAgB;AAAA,MACxB,mBAAmB;AAAA,QACjB,YAAY;AAAA,UACV,IAAI;AAAA,YACF,KAAKA,MAAK,MAAM,IAAI,CAAC,MAAY,EAAE,EAAE;AAAA,UACvC;AAAA,QACF;AAAA,MACF;AAAA,IAAA;AAAA,EAEJ;AACF;AAEA,MAAe,kBAAA;AAAA,EACb;AACF;ACtBA,MAAM,2BAA2B;AAAA,EAC/B,WAAW;AAAA,IACT,cAAc;AAAA,IACd,aAAa;AAAA,IACb,gBAAgB;AAAA,EAClB;AACF;AAEA,MAAM,4BAA4B,YAAY;AAC5C,QAAMH,aAAW,YAAY,EAAE,eAAe,aAAa,aAAa,OAAO;AACjF;AAEA,MAAM,0BAA0B,YAAY;AAC1C,QAAMA,aAAW,YAAY,EAAE,kBAAkB,aAAa,gBAAgB,UAAU;AAC1F;AAEA,MAAM,qBAAqB,MAAM;AAC/B,QAAM,EAAE,+BAAA,IAAmCA,aAAW,SAAS;AAExD,SAAA,GAAG,WAAW,UAAU;AAAA,IAC7B,QAAQ,CAAC,aAAa;AAAA,IACtB,aAAa;AAAA,IACb,aAAa;AAAA,IACb,YAAY,EAAE,UAAU;AAClB,UAAA,OAAO,KAAK,kBAAkB;AACD;MACjC;AAAA,IACF;AAAA,EAAA,CACD;AACH;AAEA,MAAM,mBAAmB,YAAY;AAC7B,QAAA,aAAa,MAAM,OAAO,MAAM,EAAE,MAAM,QAAQ,MAAM,QAAA,CAAS;AACrE,QAAM,oBAAoB,MAAM,WAAW,IAAI,EAAE,KAAK,QAAQ;AACxD,QAAA,kBAAkB,MAAM,0BAA0B,iBAAiB;AAEzE,QAAM,aAAa,MAAMA,aAAW,MAAM,EAAE,OAAO;AAAA,IACjD,IAAI,gBAAgB,UAAU;AAAA,EAAA,CAC/B;AAGD,MAAI,CAAC,YAAY;AACf,oBAAgB,UAAU,cAAc;AAAA,EAC1C;AAEA,QAAM,WAAW,IAAI,EAAE,KAAK,QAAQ,OAAO,iBAAiB;AAC9D;AAEA,MAAM,2BAA2B,YAAY;AAC3C,QAAM,mBAAmB,OAAO,WAAW,YAAY,UAAU,OAAO;AAClE,QAAA,kBAAkB,MAAM,MAAM;AAAA,IAClC,OAAO,GAAG,MAAM,6BAA6B,EAAE;AAAA,IAC/C,IAAI,QAAQ;AAAA,EAAA;AAGd,QAAM,qBAAqB,KAAK,WAAW,iBAAiB,gBAAgB,CAAC;AAEzE,MAAA,mBAAmB,SAAS,GAAG;AACjC,UAAM,OAAO,GACV,MAAM,6BAA6B,EACnC,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,mBAAmB,EAAA,EAAK,CAAA;AAAA,EAClE;AACF;AAEA,MAAA,qBAAe,OAAO,EAAE,QAAAD,cAAsC;AAC5D,QAAM,wBAAwB;AAC9B,QAAM,0BAA0B;AACb;AAEb,QAAA,oBAAoBC,aAAW,YAAY;AAC3C,QAAA,cAAcA,aAAW,MAAM;AAC/B,QAAA,cAAcA,aAAW,MAAM;AAC/B,QAAA,kBAAkBA,aAAW,WAAW;AACxC,QAAA,kBAAkBA,aAAW,UAAU;AACvC,QAAA,eAAeA,aAAW,OAAO;AAEvC,QAAM,YAAY;AAClB,QAAM,YAAY;AAClB,QAAM,YAAY;AAElB,QAAM,kBAAkB;AAExB,QAAM,YAAY;AAElB,QAAM,iBAAiB;AACvB,QAAM,yBAAyB;AAE/B,QAAMA,aAAW,SAAS,EAAE,6BAA6BD,OAAM;AACpDC,eAAA,SAAS,EAAE,UAAUD,OAAM;AAEtC,kBAAgB,mBAAmB;AACnC,kBAAgB,MAAM;AACtB,eAAa,qBAAqB;AACpC;AClGa,MAAA,aAAa,CACxBE,OACA,EAAE,QAAAF,QAAA,IAAoC,EAAE,QAAQ,OAAO,aACpD;AACH,SAAOA,QAAO,QAAQ,UAAUE,KAAI,EAAE;AACxC;ACPA,MAAe,UAAA;AAAA,EACb,KAAK;AAAA,IACH;AAAA,MACE,KAAK;AAAA,MACL,aAAa;AAAA,MACb,YAAY;AAAA,MACZ,SAAS;AAAA,MACT,UAAU;AAAA,MACV,aAAa;AAAA,IACf;AAAA,IACA;AAAA,MACE,KAAK;AAAA,MACL,aAAa;AAAA,MACb,YAAY;AAAA,MACZ,SAAS;AAAA,MACT,UAAU;AAAA,MACV,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,WAAW;AAAA,IACT;AAAA,MACE,KAAK;AAAA,MACL,aAAa;AAAA,MACb,YAAY;AAAA,MACZ,SAAS;AAAA,MACT,UAAU;AAAA,MACV,aAAa;AAAA,IACf;AAAA,EACF;AACF;AClBA,MAAM,qBAAqB,CAAC,UAAmC;AACzD,MAAA,OAAO,UAAU,UAAU;AACtB,WAAA,EAAE,MAAM;EACjB;AACO,SAAA;AACT;AASA,eAAsB,WAAW,EAAE,QAAAF,QAAAA,GAAmC,OAAY;AAEhF,QAAM,SAAS,MAAMA,QAAO,GAAG,QAAQ,gBAAgB;AACvD,SAAO,OAAO,OAAO,CAAC,cAAsB,MAAM,KAAK,SAAS,CAAC;AACnE;AAKA,eAAe,iBACb,EAAE,QAAAA,QAAAA,GACF,YACA;AACA,QAAM,kBAAkB,MAAM,mBAAmB,EAAE,QAAAA,QAAQ,CAAA;AACrD,QAAA,SAAS,WAAW,IAAI,kBAAkB;AAGhD,QAAM,yBAAyB,eAAe,SAAS,QAAQ,eAAe;AAE9E,QAAM,kBAAkB;AAAA,IACtB,CAAC,IAAS,OAAY,GAAG,SAAS,GAAG;AAAA,IACrC;AAAA,IACA;AAAA,EAAA;AAGE,MAAA,CAAC,uBAAuB,QAAQ;AAClC;AAAA,EACF;AAGgB,kBAAA,KAAK,GAAG,sBAAsB;AACxCA,QAAAA,QAAO,MAAM,IAAI;AAAA,IACrB,MAAM;AAAA,IACN,KAAK;AAAA,IACL,OAAO;AAAA,EAAA,CACR;AACH;AAUA,eAAe,mBAAmB,EAAE,QAAAA,WAAmC;AACrE,QAAM,kBAAuB,MAAMA,QAAO,MAAM,IAAI;AAAA,IAClD,MAAM;AAAA,IACN,KAAK;AAAA,EAAA,CACN;AAED,UAAQ,mBAAmB,CAAA,GAAI,IAAI,kBAAkB;AACvD;AA0Ba,MAAA,0BAA0B,OAAO,oBAA4B;AACxE,QAAM,iBAAiB,IAAI,OAAO,IAAI,eAAe,IAAI;AACzD,QAAM,aAAa,MAAM,WAAW,EAAE,UAAU,cAAc;AAE9D,QAAM,iBAAiB,EAAE,OAAO,GAAG,UAAU;AAC/C;ACxGA,MAAe,YAAA,OAAO,SAAc;AAClC,QAAM,EAAE,eAAA,IAAmB,WAAW,YAAY;AAClD,MAAI,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACjC,UAAA,eAAe,aAAa,QAAQ,GAAG;AAAA,EAC/C;AAEA,MAAI,OAAO,GAAG,SAAS,UAAU,YAAY,GAAG;AAC9C,UAAM,wBAAwB,mBAAmB;AAC3C,UAAA,eAAe,aAAa,QAAQ,SAAS;AAAA,EACrD;AAEM,QAAA,WAAW,kBAAkB,EAAE;AACrC,QAAM,mBAAmB,IAAI;AAC/B;AChBA,MAAA,mBAAe,YAAY;AACzB,QAAM,EAAE,mBAAmB,eAAe,IAAIC,aAAW,YAAY;AAErE,QAAM,kBAAkB;AACxB,QAAM,eAAe;AACvB;ACJA,MAAA,UAAe,OAAO,EAAE,QAAAD,QAAA,MAAsC;AAC5D,QAAM,iBAAiB;AACzB;ACLA,MAAA,oBAAe,CAAC;ACEH,MAAA,cAAc,OAAOI,UAAc;AAC9C,MAAI,CAAC,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACjC,WAAA;AAAA,EACT;AAEA,MAAI,CAACA,OAAM;AACH,UAAA,IAAI,MAAM,qBAAqB;AAAA,EACvC;AAGM,QAAA,aAAa,MAAM,OAAO,MAAM,EAAE,MAAM,QAAQ,MAAM,QAAA,CAAS;AAC/D,QAAA,EAAE,UAAe,IAAA,MAAM,WAAW,IAAI,EAAE,KAAK,OAAA,CAAQ;AACrD,QAAA,cAAc,UAAU,kBAAkB;AAC5C,MAAA,QAAQ,WAAW,GAAG;AACjB,WAAA;AAAA,EACT;AAEM,QAAAK;AAAA;AAAA,IAEJL,MAAK;AAAA,IAEJ,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,KAAKA,OAAM,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,KAAK;AAAA,IAEvF,CAAC;AAAA;AAGH,QAAM,WAAW,YAAY;AAAA,IAAK,CAAC;AAAA;AAAA,MAEjCK,OAAM,KAAK,CAACC,UAAc,aAAaA,MAAK,GAAG,UAAU;AAAA;AAAA,EAAA;AAGpD,SAAA;AACT;AC7BA,MAAM,EAAEC,kBAAAA,mBAAqB,IAAA;AAQ7B,MAAM,iBAAiB,OAAO,EAAE,OAAAC,OAAM,IAAS,OAAO;AACpD,QAAMR,QAAO,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAAQ,QAAO,UAAU,KAAA,EAAQ,CAAA;AAE9F,MAAI,CAACR,SAAS,MAAM,YAAYA,KAAI,GAAI;AACtC;AAAA,EACF;AAEA,QAAM,qBAAqB,WAAW,OAAO,EAAE,YAAY;AACrD,QAAA,WAAW,MAAM,EAAE,WAAWA,MAAK,IAAI,EAAE,oBAAoB;AAG7D,QAAA,MAAM,GAAG,OAAO,OAAO;AAAA,IAC3B;AAAA,EAAA,CACD,6BAA6B,kBAAkB;AAChD,SAAO,OACJ,OAAO,OAAO,EACd,QAAQ,OAAO,EACf;AAAA,IACC;AAAA,MACE,IAAIA,MAAK;AAAA,MACT,MAAM,OAAO,OAAO,IAAI,2BAA2B;AAAA,MACnD,SAAS,OAAO,OAAO,IAAI,8BAA8B;AAAA,IAC3D;AAAA,IACA,OAAO,OAAO,IAAI,oCAAoC;AAAA,IACtD;AAAA,MACE;AAAA,MACA,MAAM,EAAE,KAAKA,OAAM,CAAC,SAAS,aAAa,YAAY,UAAU,CAAC;AAAA,IACnE;AAAA,EAAA,EAED,MAAM,CAAC,QAAiB;AAEhB,WAAA,IAAI,MAAM,GAAG;AAAA,EAAA,CACrB;AACL;AAQA,MAAM,gBAAgB,OAAO,EAAE,oBAAoB,UAAAS,UAAS,IAAS,CAAA,MAAO;AAC1E,QAAM,eAAe,MAAM,OAAO,GAC/B,MAAM,aAAa,EACnB,QAAQ,EAAE,OAAO,EAAE,oBAAoB,UAAU,KAAA,EAAQ,CAAA;AAE5D,MAAI,CAAC,gBAAiB,MAAM,YAAY,YAAY,GAAI;AACtD,UAAM,IAAIF,mBAAiB;AAAA,EAC7B;AAEA,SAAO,WAAW,MAAM,EAAE,WAAW,aAAa,IAAI;AAAA,IACpD,UAAAE;AAAA,IACA,oBAAoB;AAAA,EAAA,CACrB;AACH;AAEA,MAAe,OAAA;AAAA,EACb;AAAA,EACA;AACF;ACnEA,MAAM,sBAAsB,CAACb,SAAqB,eAAqB;AACrE,SAAO,IAAIc;AAAAA,IACT;AAAA,MACE,eAAe;AAAA,MACf,eAAe;AAAA,MACf,SAAS;AAAA,IACX;AAAA,IACA,CAACF,QAAeC,WAAkB,SAAc;AAC9C,aAAOZ,aAAW,MAAM,EACrB,iBAAiB,EAAE,OAAO,QAAQW,MAAK,GAAG,UAAAC,UAAU,CAAA,EACpD,KAAK,OAAO,CAAC,OAAOT,OAAM,OAAO,MAAM;AACtC,YAAI,YAAY;AACd,iBAAO,WAAW,CAAC,OAAOA,OAAM,OAAO,GAAG,IAAI;AAAA,QAChD;AAEO,eAAA,KAAK,OAAOA,OAAM,OAAO;AAAA,MAAA,CACjC,EACA,MAAM,CAAC,UAAU,KAAK,KAAK,CAAC;AAAA,IACjC;AAAA,EAAA;AAEJ;ACnBA,MAAM,mBAAmB;AAAA,EACvB,qBAAqB;AAAA,EACrB,mBAAmB;AACrB;AAEA,MAAM,sBAAsB,CAAC,CAAG,EAAA,KAAK,MAAkB,WAAW,KAAK;AACvE,MAAM,sBAAsB,CAAC,CAAC,GAAG,MAAW;AACnC,SAAA,OAAO,KAAK,OAAO,QAAQ,iBAAiB,EAAE,gBAAgB,EAAE,SAAS,GAAG;AACrF;AAEA,MAAMW,0BAAwB,MAAM,CAAC,oBAAoB,MAAM,CAAC;AAEhE,MAAM,qBAAqB,MAAM;AAEzB,QAAA,EAAE,SAAS,CAAA,MAAO,OAAO,OAAO,IAAI,cAAc,CAAA,CAAE;AAC1D,QAAM,EAAE,kBAAAC,kBAAAA,IAAqB,OAAO,QAAQ,iBAAiB;AAEvD,QAAA,YAAY,OAAO,QAAQ,MAAM,EAAE,OAAO,mBAAmB,EAAE,OAAO,mBAAmB;AAE/F,aAAW,CAAC,WAAW,OAAO,KAAK,WAAW;AAE5C,WAAO,SAAS,GAAGA,kBAAiB,SAAS,GAAG,OAAc;AAAA,EAChE;AACF;AAEA,MAAM,OAAO,MAAM;AAEd,SAAA,QAAQ,iBAAiB,EACzB,sBAAsB,EACtB,QAAQ,CAAC,aAAuBC,WAAS,IAAI,QAAQ,CAAC;AAEtC;AAEnB,SAAOA,WAAS;AAClB;AAEA,MAAA,aAAe,EAAE,MAAM,uBAAAF,yBAAuB,iBAAiB;ACxC/D,MAAA,yBAAe,MAAM;AACb,QAAA,+BAAe;AAErB,SAAO,OAAO,UAAU;AAAA,IACtB,SAAS,UAAmB;AAC1B,UAAI,OAAO,UAAU;AACb,cAAA,IAAI,MAAM,qDAAqD;AAAA,MACvE;AAIK,WAAA,IAAI,SAAS,KAAK,QAAQ;AAAA,IACjC;AAAA,IAEA,aAAa,WAAsB;AACvB,gBAAA,QAAQ,CAAC,aAAa;AAC9B,aAAK,SAAS,QAAQ;AAAA,MAAA,CACvB;AAAA,IACH;AAAA,IAEA,SAAoB;AAGlB,aAAO,MAAM,KAAK,KAAK,OAAQ,CAAA;AAAA,IACjC;AAAA,EAAA,CACD;AAEM,SAAA;AACT;AC1BO,MAAM,mBAAmB,uBAAuB;AACvD,MAAM,eAAe;AAER,MAAA,yBAAyB,CAAC,iBAAyB;AAC9D,MAAI,CAAC,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AAClC,UAAA,IAAI,MAAM,YAAY;AAAA,EAC9B;AAEA,SAAO,kBAAkB,YAAY;AACvC;AAEO,MAAM,iCAAiC,MAAM;AAClD,MAAI,CAAC,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AAClC,UAAA,IAAI,MAAM,YAAY;AAAA,EAC9B;AAEM,QAAA,EAAE,YAAY,CAAA,MAAO,OAAO,OAAO,IAAI,cAAc,CAAA,CAAE;AAI7D,mBAAiB,aAAa,SAAS;AACzC;AAEO,MAAM,sBAAsB;AAAA,EACjC,uBAAuB;AACzB;AAEA,MAAe,QAAA;AAAA,EACb;AAAA,EACA;AAAA,EACA;AAAA,EACA,kBAAkB,EAAE,GAAGE,WAAS,kBAAkB,GAAG,oBAAoB;AAC3E;AC/BA,MAAM,EAAE,kBAAsB,IAAA;AAE9B,MAAM,0BAA0B,OAAO,CAAC,OAAOb,OAAM,OAAO,GAAQ,SAAc;AAEhF,MAAIA,SAAQ,CAAC,SAAU,MAAM,YAAYA,KAAI,GAAI;AACxC,WAAA;AAAA,MACL,IAAI,kBAAkB,wDAAwD;AAAA,QAC5E,MAAM;AAAA,MAAA,CACP;AAAA,MACDA;AAAA,MACA;AAAA,IAAA;AAAA,EAEJ;AAEO,SAAA,KAAK,OAAOA,OAAM,OAAO;AAClC;AAEA,MAAM,wBAAwB,MAAM;AAClC,MAAI,CAAC,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACjC,WAAA,CAAC,oBAAoB,MAAM,CAAC;AAAA,EACrC;AAEM,QAAA,gBAAgB,oBAAoB,QAAQ,uBAAuB;AAErE,MAAA,CAAC,OAAO,UAAU;AACpBc,UAAI,+BAA+B;AAAA,EACrC;AAIM,QAAA,YAAYA,MAAI,iBAAiB,OAAO;AACxC,QAAA,aAAa,UAAU,IAAI,CAAC,aAAkB,SAAS,eAAe,MAAM,CAAC;AAE5E,SAAA,CAAC,eAAe,GAAG,UAAU;AACtC;AAEA,MAAe,WAAA;AAAA,EACb;AAAA,EACA,GAAGA;AACL;ACzCA,MAAM,EAAEP,kBAAAA,mBAAqB,IAAA;AAE7B,MAAM,6BAA6B,OAAO,QAAa;AAC/C,QAAA,aAAa,MAAM,OAAO,MAAM,EAAE,MAAM,QAAQ,MAAM,QAAA,CAAS;AAE/D,QAAA;AAAA,IACJ,WAAW,EAAE,YAAY;AAAA,EAAA,IACtB,MAAM,WAAW,IAAI,EAAE,KAAK,OAAQ,CAAA;AAEzC,aAAW,UAAU,KAAK;AACxB,QAAI,eAAe,SAAS,WAAW,MAAM,SAAS,MAAM,GAAG;AAC7D,YAAM,IAAIA;AAAAA,QACR;AAAA,MAAA;AAAA,IAEJ;AAAA,EACF;AACF;AAEA,MAAe,SAAA;AAAA,EACb;AACF;ACfA,MAAM,EAAEQ,kBAAAA,mBAAqB,IAAA;AAehB,MAAA,oBAAoB,CAACf,UAAoB;AAC7C,SAAAA,MAAK,MAAM,OAAO,CAACM,UAAoBA,MAAK,SAASS,kBAAgB,EAAE,SAAS;AACzF;AClBA,MAAM,EAAEC,iBAAAA,kBAAoB,IAAA;AAC5B,MAAM,EAAED,kBAAAA,mBAAqB,IAAA;AAM7B,MAAM,4BAA4B,OAAO,IAAY,UAAe;AAClE,QAAM,gBAAgB,MAAM,WAAW,kBAAkB,EAAE,oBAAoB;AAE/E,MAAI,CAAC,eAAe;AAClB;AAAA,EACF;AAEM,QAAAf,QAAO,cAAc,KAAK,CAACA,WAAcA,OAAK,OAAO,OAAO,EAAE,CAAC;AACrE,MAAI,CAACA,OAAM;AACT;AAAA,EACF;AAEI,MAAAA,MAAK,aAAa,MAAM,UAAU;AAC9B,UAAA,uBAAuB,cAAc,OAAO,CAACA,WAAcA,OAAK,OAAO,OAAO,EAAE,CAAC;AACjF,UAAA,OAAO,MAAM,IAAI;AAAA,MACrB,MAAM;AAAA,MACN,KAAK;AAAA,MACL,OAAO;AAAA,IAAA,CACR;AAAA,EACH;AACF;AAEA,MAAM,kBAAkB,KAAK,WAAW,IAAI,QAAQ,CAAC;AAErD,MAAM,gCAAgC,OAAO,QAAiB;AACxD,MAAA;AACA,MAAA,OAAO,QAAQ,UAAU;AAC3B,iBAAa,gBAAgB,GAAG;AAAA,EAAA,OAC3B;AACQ,iBAAA,CAAC,OAAO,GAAG,CAAC;AAAA,EAC3B;AAEA,QAAM,gBAAgB,MAAM,WAAW,kBAAkB,EAAE,oBAAoB;AAE/E,MAAI,CAAC,eAAe;AAClB;AAAA,EACF;AAEM,QAAA,uBAAuB,cAAc,OAAO,CAACA,UAAc,CAAC,WAAW,SAASA,MAAK,EAAE,CAAC;AACxF,QAAA,OAAO,MAAM,IAAI;AAAA,IACrB,MAAM;AAAA,IACN,KAAK;AAAA,IACL,OAAO;AAAA,EAAA,CACR;AACH;AAQA,MAAM,aAAa,OAAO,IAAS,eAAoB;AAErD,MAAI,EAAE,IAAI,YAAY,OAAO,GAAG;AACxB,UAAA,gBAAgB,MAAM,qBAAqB,EAAE;AACnD,UAAM,iBAAiB,MAAM,WAAW,MAAM,EAAE,4BAA4B;AAC5E,UAAM,2BAA2B,CAAC,OAAO,eAAe,WAAW,OAAO,eAAe,EAAE;AAE3F,QAAI,iBAAiB,0BAA0B;AACvC,YAAA,IAAIgB,kBAAgB,wDAAwD;AAAA,IACpF;AAAA,EACF;AAGI,MAAA,WAAW,aAAa,OAAO;AAC3B,UAAA,gBAAgB,MAAM,qBAAqB,EAAE;AACnD,QAAI,eAAe;AACX,YAAA,IAAIA,kBAAgB,wDAAwD;AAAA,IACpF;AAAA,EACF;AAGA,MAAI,EAAE,IAAI,YAAY,UAAU,GAAG;AACjC,UAAM,iBAAiB,MAAM,WAAW,MAAM,EAAE,aAAa,WAAW,QAAQ;AAEhF,UAAMC,eAAc,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,OAAO;AAAA,MAC9D,OAAO,EAAE,GAAG;AAAA,MACZ,MAAM;AAAA,QACJ,GAAG;AAAA,QACH,UAAU;AAAA,MACZ;AAAA,MACA,UAAU,CAAC,OAAO;AAAA,IAAA,CACnB;AAEM,WAAA,SAAS,KAAK,eAAe,EAAE,MAAM,aAAaA,YAAW,GAAG;AAEhEA,WAAAA;AAAAA,EACT;AAEA,QAAM,cAAc,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,OAAO;AAAA,IAC9D,OAAO,EAAE,GAAG;AAAA,IACZ,MAAM;AAAA,IACN,UAAU,CAAC,OAAO;AAAA,EAAA,CACnB;AAEK,QAAA,0BAA0B,IAAI,UAAU;AAE9C,MAAI,aAAa;AACR,WAAA,SAAS,KAAK,eAAe,EAAE,MAAM,aAAa,WAAW,GAAG;AAAA,EACzE;AAEO,SAAA;AACT;AAMA,MAAM,aAAa,OAAO,OAAgB;AAExC,QAAM,eAAe,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,QAAQ;AAAA,IAChE,OAAO,EAAE,GAAG;AAAA,IACZ,UAAU,CAAC,OAAO;AAAA,EAAA,CACnB;AAED,MAAI,CAAC,cAAc;AACV,WAAA;AAAA,EACT;AAEA,MAAI,cAAc;AACZ,QAAA,aAAa,MAAM,KAAK,CAAC,MAAW,EAAE,SAASF,kBAAgB,GAAG;AACpE,YAAM,iBAAiB,MAAM,WAAW,MAAM,EAAE,4BAA4B;AACxE,UAAA,eAAe,eAAe,GAAG;AAC7B,cAAA,IAAIC,kBAAgB,wDAAwD;AAAA,MACpF;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAc,MAAM,OAAO,GAC9B,MAAM,aAAa,EACnB,OAAO,EAAE,OAAO,EAAE,GAAG,GAAG,UAAU,CAAC,OAAO,GAAG;AAEhD,QAAM,8BAA8B,EAAE;AAE/B,SAAA,SAAS,KAAK,eAAe,EAAE,MAAM,aAAa,WAAW,GAAG;AAEhE,SAAA;AACT;AAMA,MAAM,cAAc,OAAO,QAAa;AAEtC,QAAM,iBAAiB,MAAM,WAAW,MAAM,EAAE,4BAA4B;AAC5E,QAAM,yBAAyB,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,MAAM;AAAA,IACxE,OAAO;AAAA,MACL,IAAI;AAAA,MACJ,OAAO,EAAE,IAAI,eAAe,GAAG;AAAA,IACjC;AAAA,EAAA,CACD;AAEG,MAAA,eAAe,eAAe,wBAAwB;AAClD,UAAA,IAAIA,kBAAgB,wDAAwD;AAAA,EACpF;AAEA,QAAM,eAAe,CAAA;AACrB,aAAW,MAAM,KAAK;AACpB,UAAM,cAAc,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,OAAO;AAAA,MAC9D,OAAO,EAAE,GAAG;AAAA,MACZ,UAAU,CAAC,OAAO;AAAA,IAAA,CACnB;AAED,iBAAa,KAAK,WAAW;AAAA,EAC/B;AAEA,QAAM,8BAA8B,GAAG;AAEhC,SAAA,SAAS,KAAK,eAAe;AAAA,IAClC,OAAO,aAAa,IAAI,CAAC,gBAAgB,aAAa,WAAW,CAAC;AAAA,EAAA,CACnE;AAEM,SAAA;AACT;AAEA,MAAM,oBAAoB,CAACV,UAAkB,EAAE,KAAKA,OAAM,CAAC,MAAM,QAAQ,eAAe,MAAM,CAAC;AAM/F,MAAM,uBAAuB,OAAO,WAAoB;AAChD,QAAAN,QAAQ,MAAM,QAAQ,MAAM;AAClC,QAAM,iBAAiB,MAAM,WAAW,MAAM,EAAE,4BAA4B;AAE5E,SAAO,eAAe,eAAe,KAAK,kBAAkBA,KAAI;AAClE;AAMA,MAAM,eAAe,CAACA,UAAc;AAC3B,SAAA;AAAA,IACL,GAAG,EAAE,KAAKA,OAAM,CAAC,YAAY,sBAAsB,qBAAqB,OAAO,CAAC;AAAA,IAChF,OAAOA,MAAK,SAASA,MAAK,MAAM,IAAI,iBAAiB;AAAA,EAAA;AAEzD;AAKA,MAAM,UAAU,OAAO,IAAS,WAAW,CAAC,OAAO,MAAM;AACvD,SAAO,OAAO,GAAG,MAAM,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,SAAU,CAAA;AAC3E;AAEA,MAAM,4BAA4B,YAAY;AAC5C,SAAO,OAAO,GAAG,MAAM,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,KAAK,EAAG,CAAA;AAC3E;AAEA,MAAe,SAAA;AAAA,EACb;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;ACrOA,MAAM,sBAAsB,YAAY;AACtC,QAAM,EAAE,kBAAAkB,kBAAqB,IAAA,OAAO,QAAQ,iBAAiB;AAEtD,SAAAA,kBAAiB,SAAS,IAAI,CAAC,EAAE,IAAA,MAA2B,GAAG;AACxE;AAEA,MAAM,+BAA+B,OAAOtB,YAAwB;AAClE,MAAI,kBAAkB,CAAA;AAEhB,QAAA,2BAA2B,MAAM,WAAW,MAAM,EAAE,MAAM,EAAE,UAAU,KAAA,CAAM;AAClF,QAAM,qBAAqB,MAAM,WAAW,MAAM,EAAE,MAAM;AAE1D,MAAIA,QAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACjC,UAAA,eAAe,MAAM;AAE3B,sBAAkB,OAAO,iBAAiB;AAAA,MACxC;AAAA,MACA,iBAAiB,aAAa,WAAW;AAAA,IAAA,CAC1C;AAAA,EACH;AAEA,MAAIA,QAAO,GAAG,SAAS,UAAU,sBAAsB,GAAG;AACxD,UAAM,0BAA0B,MAAMA,QACnC,GAAI,MAAM,kCAAkC,EAC5C;AAEH,UAAM,mCAAmC,MAAMA,QAC5C,GAAI,MAAM,kCAAkC,EAC5C,MAAM;AAAA,MACL,SAAS,EAAE,YAAY,EAAE,UAAU,OAAO;AAAA,IAAA,CAC3C;AAEH,sBAAkB,OAAO,iBAAiB;AAAA,MACxC;AAAA,MACA;AAAA,IAAA,CACD;AAAA,EACH;AAEA,oBAAkB,OAAO,iBAAiB,EAAE,0BAA0B,mBAAoB,CAAA;AAE1FA,UAAO,UAAU,KAAK,+BAA+B;AAAA,IACnD;AAAA,EAAA,CACD;AACH;AAEA,MAAM,YAAY,CAACA,YAAwB;AACzCA,UAAO,KAAK,IAAI;AAAA,IACd,eAAe,MAAM,6BAA6BA,OAAM;AAAA,EAAA,CACzD;AACH;AAEA,MAAA,UAAe,EAAE,WAAW,qBAAqB,6BAA6B;ACnD9E,MAAM,EAAE,iBAAqB,IAAA;AAK7B,MAAM,sBAAsB,YAAY;AAC/B,SAAA,OAAO,MAAM,IAAI,EAAE,MAAM,MAAM,KAAK,kBAAkB;AAC/D;AAEA,MAAM,yBAAyB,OAAO,0BAAkC;AAChE,QAAA,gBAAiB,MAAM;AACvB,QAAA,uBAAuB,QAAQ,aAAa;AAE5C,QAAA,gBAAgB,KAAK,uBAAuB,oBAAoB;AAEtE,QAAM,OAAO,GAAG,MAAM,aAAa,EAAE,WAAW;AAAA,IAC9C,OAAO,EAAE,IAAI,IAAI,KAAK,IAAI,GAAG,aAAa,EAAE;AAAA,IAC5C,MAAM,EAAE,UAAU,KAAK;AAAA,EAAA,CACxB;AAEK,QAAA,yBAAyB,KAAK,uBAAuB,oBAAoB;AAEzE,QAAA,OAAO,MAAM,IAAI;AAAA,IACrB,MAAM;AAAA,IACN,KAAK;AAAA,IACL,OAAO;AAAA,EAAA,CACR;AACH;AAEA,MAAM,gCAAgC,OAAO,2BAAmC;AAC9E,QAAM,yBAA+B,MAAM,oBAAoB,KAAM;AAErE,QAAM,iBAAiB,CAAA;AACvB,QAAM,8BAA8B,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,SAAS;AAAA,IAChF,OAAO;AAAA,MACL,UAAU;AAAA,MACV,OAAO;AAAA,QACL,MAAM,EAAE,KAAK,iBAAiB;AAAA,MAChC;AAAA,IACF;AAAA,IACA,SAAS,EAAE,WAAW,OAAO;AAAA,IAC7B,OAAO;AAAA,EAAA,CACR;AAEc,iBAAA,KAAK,GAAG,2BAA2B;AAE9C,MAAA,4BAA4B,SAAS,wBAAwB;AAC/D,UAAM,2BAA2B,MAAM,OAAO,GAAG,MAAM,aAAa,EAAE,SAAS;AAAA,MAC7E,OAAO;AAAA,QACL,UAAU;AAAA,QACV,OAAO,EAAE,MAAM,iBAAiB;AAAA,MAClC;AAAA,MACA,SAAS,EAAE,WAAW,OAAO;AAAA,MAC7B,OAAO,yBAAyB,4BAA4B;AAAA,IAAA,CAC7D;AAEc,mBAAA,KAAK,GAAG,wBAAwB;AAAA,EACjD;AAEA,QAAM,OAAO,GAAG,MAAM,aAAa,EAAE,WAAW;AAAA,IAC9C,OAAO,EAAE,IAAI,IAAI,KAAK,IAAI,GAAG,cAAc,EAAE;AAAA,IAC7C,MAAM,EAAE,UAAU,MAAM;AAAA,EAAA,CACzB;AAEK,QAAA,OAAO,MAAM,IAAI;AAAA,IACrB,MAAM;AAAA,IACN,KAAK;AAAA,IACL,OAAO,uBAAuB,OAAO,IAAI,KAAK,CAAC,MAAM,UAAU,CAAC,GAAG,cAAc,CAAC;AAAA,EAAA,CACnF;AACH;AAEA,MAAM,0BAA0B,YAAY;AACpC,QAAA,gBAAgB,MAAM,OAAO,MAAM,IAAI,EAAE,MAAM,MAAM,KAAK,iBAAA,CAAkB;AAElF,MAAI,CAAC,eAAe;AAClB;AAAA,EACF;AAEA,QAAM,OAAO,GAAG,MAAM,aAAa,EAAE,WAAW;AAAA,IAC9C,OAAO,EAAE,IAAI,IAAI,KAAK,IAAI,GAAG,aAAa,EAAE;AAAA,IAC5C,MAAM,EAAE,UAAU,MAAM;AAAA,EAAA,CACzB;AACH;AAEA,MAAM,0BAA0B,YAAY;AACpC,QAAA,aAAa,OAAO,GAAG;AACzB,MAAA,MAAM,UAAU,GAAG;AACrB;AAAA,EACF;AAGA,QAAM,wBAAwB;AAE9B,QAAM,yBAAyB,MAAM,WAAW,MAAM,EAAE,0BAA0B;AAElF,QAAM,iBAAiB,aAAa;AAEpC,MAAI,iBAAiB,GAAG;AACtB,UAAM,uBAAuB,cAAc;AAAA,EAAA,WAClC,iBAAiB,GAAG;AACvB,UAAA,8BAA8B,CAAC,cAAc;AAAA,EACrD;AACF;AAEA,MAAe,kBAAA;AAAA,EACb;AAAA,EACA;AACF;ACxGA,MAAe,WAAA;AAAA,EACb;AAAA,EACA;AAAA,EAAA,MACAU;AAAAA,EAAA,MACAN;AAAAA,EACA;AAAA,EACA,oBAAoB;AACtB;ACZA,MAAM,8BAA8B,IAAI,OAAO,EAAE,MAAM;AAAA,EACrD,cAAc,IAAI,QAAQ,EAAE,SAAS;AAAA,EACrC,aAAa,IACV,SAAS,EACT,KAAK,gBAAgB,CAAC,OAAO,eAAe;AAC3C,WAAO,QAAQ,WAAW,SAAS,IAAI,WAAW,SAAS;AAAA,EAC5D,CAAA,EACA,KAAK,iBAAiB,wCAAwC,CAAC,WAAW;AACzE,QAAI,WAAW,MAAM;AACZ,aAAA;AAAA,IACT;AACO,WAAA,OAAO,QAAQ,aAAa,EAAE,OAAO,EAAE,IAAI,QAAQ;AAAA,EAAA,CAC3D;AAAA,EACH,gBAAgB,IACb,QACA,SACA,EAAA;AAAA,IACC,IACG,WACA;AAAA,MACC;AAAA,MACA;AAAA,MACA,CAAC,WAAW;AACH,eAAA,OAAO,QAAQ,aAAa,EAAE,OAAO,EAAE,IAAI,QAAQ;AAAA,MAC5D;AAAA,IACF;AAAA,EACJ;AACJ,CAAC;AAEY,MAAA,gCAAgC,kBAAkB,2BAA2B;AC/BnF,MAAM,yBAAyB;AACzB,MAAA,4BAA4B,GAAG,sBAAsB;AACrD,MAAA,0BAA0B,GAAG,sBAAsB;ACChE,MAAM,oBAAoB;AAAA,EACxB,SAAS;AAAA,EACT,OAAO;AACT;AAEa,MAAA,gBAAgB,YAAY,OAAO,MAAM,EAAE,MAAM,QAAQ,MAAM,QAAA,CAAS;AAE9E,MAAM,0BAA0B,MAAM;AAC3C,QAAM,EAAE,KAAK,aAAa,OAAO,OAAO,IAAI,OAAO;AACnD,QAAM,YAAY,CAAC,QAAgB,GAAG,YAAY,QAAQ,GAAG,GAAG;AAEzD,SAAA,UAAU,WAAW,iBAAiB;AAC/C;AAEA,MAAe,QAAA;AAAA,EACb;AAAA,EACA;AACF;ACfA,MAAM,yBAAyB,MAAM,IAAI,MAAM,4BAA4B;AAE9D,MAAA,eAAuC,OAAO,KAAK,SAAS;AACjE,QAAA;AAAA,IACJ,QAAQ,EAAE,SAAS;AAAA,EACjB,IAAA;AACE,QAAA,eAAe,MAAM;AAG3B,SAAOa,WAAS,aAAa,UAAU,MAAM,OAAO,OAAO,YAAY;AACrE,QAAI,SAAS,CAAC,WAAW,CAAC,QAAQ,OAAO;AACvC,UAAI,OAAO;AACF,eAAA,IAAI,MAAM,KAAK;AAAA,MACxB;AAEO,aAAA,SAAS,KAAK,oBAAoB;AAAA,QACvC,OAAO,SAAS,uBAAuB;AAAA,QACvC;AAAA,MAAA,CACD;AAEM,aAAA,IAAI,SAAS,aAAa,KAAK;AAAA,IACxC;AAEA,UAAMb,QAAO,MAAM,WAAW,MAAM,EAAE,eAAe,QAAQ,KAAK;AAC5D,UAAA,WAAWA,QAAO,uBAAuB;AAE/C,WAAO,SAAS,KAAK,IAAI,EAAEA,SAAQ,SAAS,QAAQ;AAAA,EAAA,CACrD,EAAE,KAAK,IAAI;AACd;AAEA,MAAM,uBACJ,CAAC,KAAK,SAAS,OAAOA,OAAW,aAAkB;AAC3C,QAAA,eAAe,MAAM;AAEvB,MAAA,CAACA,MAAK,UAAU;AACX,WAAA,SAAS,KAAK,oBAAoB;AAAA,MACvC,OAAO,IAAI,MAAM,oCAAoCA,MAAK,EAAE,GAAG;AAAA,MAC/D;AAAA,IAAA,CACD;AACM,WAAA,IAAI,SAAS,aAAa,KAAK;AAAA,EACxC;AAEA,MAAI,MAAM,OAAOA;AACjB,SAAO,KAAK;AACd;AAEF,MAAM,0BACJ,CAAC,KAAK,SAAS,OAAO,SAAc,aAAkB;AACpD,QAAM,EAAE,OAAAQ,QAAO,WAAAW,YAAW,UAAAC,WAAU,UAAAC,cAAa;AAC3C,QAAA,eAAe,MAAM;AACrB,QAAA,aAAa,MAAM,MAAM;AACzB,QAAA,EAAE,UAAe,IAAA,MAAM,WAAW,IAAI,EAAE,KAAK,OAAA,CAAQ;AAG3D,QAAM,0BAA0B,CAACA,cAAa,CAACF,cAAa,CAACC;AAE7D,MAAI,CAAC,UAAU,gBAAgB,CAAC,UAAU,eAAe,yBAAyB;AACzE,WAAA,SAAS,KAAK,oBAAoB,EAAE,OAAO,uBAAuB,GAAG,UAAU;AAC/E,WAAA,IAAI,SAAS,aAAa,KAAK;AAAA,EACxC;AAEM,QAAA,cAAc,MAAM,WAAW,MAAM,EAAE,QAAQ,EAAE,IAAI,UAAU,YAAA,CAAa;AAGlF,MAAI,CAAC,aAAa;AACT,WAAA,SAAS,KAAK,oBAAoB,EAAE,OAAO,uBAAuB,GAAG,UAAU;AAC/E,WAAA,IAAI,SAAS,aAAa,KAAK;AAAA,EACxC;AAGA,MAAI,MAAM,OAAO,MAAM,WAAW,MAAM,EAAE,OAAO;AAAA,IAC/C,OAAAZ;AAAA,IACA,UAAAa;AAAA,IACA,WAAAF;AAAA,IACA,UAAAC;AAAA,IACA,OAAO,CAAC,YAAY,EAAE;AAAA,IACtB,UAAU;AAAA,IACV,mBAAmB;AAAA,EAAA,CACpB;AAEM,SAAA,SAAS,KAAK,+BAA+B;AAAA,IAClD,MAAM,IAAI,MAAM;AAAA,IAChB;AAAA,EAAA,CACD;AAED,SAAO,KAAK;AACd;AAEW,MAAA,mBAA2C,CAAC,QAAQ;AACzD,QAAA;AAAA,IACJ,QAAQ,EAAE,SAAS;AAAA,EACjB,IAAA;AACE,QAAA,eAAe,MAAM;AAC3B,QAAM,SAA6B,OAAO,OAAO,IAAI,mBAAmB;AAClE,QAAA,EAAE,MAAApB,MAAK,IAAI,IAAI;AAErB,QAAM,MAAM,WAAW,OAAO,EAAE,eAAeA,KAAI;AAEnD,QAAM,eAAe,OAAO,OAAO,IAAI,aAAa,MAAM;AAEpD,QAAA,iBAAiB,EAAE,UAAU,OAAO,QAAQ,cAAc,WAAW,MAAM;AAEjF,QAAM,gBAAgB,WAAW,MAAM,EAAE,aAAaA,KAAI;AAC1D,SAAO,SAAS,KAAK,sBAAsB,EAAE,MAAM,eAAe,UAAU;AAE5E,MAAI,QAAQ,IAAI,YAAY,KAAK,cAAc;AAC3C,MAAA,SAAS,aAAa,OAAO;AACnC;AAEA,MAAe,cAAA;AAAA,EACb;AAAA,EACA;AACF;AC7GA,MAAM,gBAAgB,KAAK,CAAC,OAAO,eAAe,MAAM,CAAC;AACzD,MAAM,4BAA4B,KAAK,CAAC,gBAAgB,eAAe,gBAAgB,CAAC;AAExF,MAAM,EAAE,gBAAoB,IAAA;AAE5B,MAAM,6BAA6B,QAAQ;AAAA,EACzC,YAAY;AAAA,EACZ,YAAY;AACd,CAAC;AAED,MAAe,iBAAA;AAAA,EACb,MAAM,aAAa,KAAc;AAC/B,UAAM,EAAE,kBAAAkB,kBAAqB,IAAA,OAAO,QAAQ,iBAAiB;AAE7D,QAAI,OAAOA,kBAAiB,OAAO,EAAE,IAAI,aAAa;AAAA,EACxD;AAAA,EAEA,MAAM,wBAAwB,KAAc;AACpC,UAAA,aAAa,MAAM,MAAM;AACzB,UAAA,EAAE,WAAW,iBAAA,IAAsB,MAAM,WAAW,IAAI,EAAE,KAAK,OAAA,CAAQ;AAE7E,QAAI,OAAO;AAAA,MACT,MAAM,0BAA0B,gBAAgB;AAAA,IAAA;AAAA,EAEpD;AAAA,EAEA,MAAM,2BAA2B,KAAc;AACvC,UAAA;AAAA,MACJ,SAAS,EAAE,KAAK;AAAA,IACd,IAAA;AAEJ,UAAM,8BAA8B,IAAI;AAElC,UAAA,aAAa,MAAM,MAAM;AAC/B,UAAM,qBAAsB,MAAM,WAAW,IAAI,EAAE,KAAK,QAAQ;AAChE,UAAM,iBAAiB,EAAE,GAAG,oBAAoB,WAAW,KAAK;AAChE,UAAM,WAAW,IAAI,EAAE,KAAK,QAAQ,OAAO,gBAAgB;AAEpD,WAAA,UAAU,KAAK,sBAAsB;AAE5C,QAAI,OAAO;AAAA,MACT,MAAM,0BAA0B,eAAe,SAAS;AAAA,IAAA;AAAA,EAE5D;AAAA,EAEA,cAAc,KAAc,MAAY;AAChC,UAAA;AAAA,MACJ,QAAQ,EAAE,UAAU,aAAa;AAAA,IAC/B,IAAA;AAEJ,UAAM,EAAE,kBAAAA,kBAAqB,IAAA,OAAO,QAAQ,iBAAiB;AAE7D,QAAI,CAACA,kBAAiB,IAAI,YAAY,GAAG;AACvC,YAAM,IAAI,gBAAgB,8BAA8B,YAAY,EAAE;AAAA,IACxE;AAEO,WAAA,2BAA2B,KAAK,IAAI;AAAA,EAC7C;AACF;AChEA,MAAM,mBAAmB,IACtB,OAAO,EACP,MAAM;AAAA,EACL,MAAM,IAAI,OAAA,EAAS,IAAI,CAAC,EAAE,SAAS;AAAA,EACnC,aAAa,IAAI,OAAO,EAAE,SAAS;AACrC,CAAC,EACA,UAAU;AAEb,MAAM,oBAAoB,IACvB,OAAO,EACP,MAAM;AAAA,EACL,KAAK,IACF,MAAM,EACN,GAAG,IAAI,SAAU,CAAA,EACjB,IAAI,CAAC,EACL,SACA,EAAA;AAAA,IACC;AAAA,IACA;AAAA,IACA,eAAe,oBAAoB,KAAK;AAClC,UAAA;AACF,cAAM,OAAO,QAAQ,aAAa,EAAE,wBAAwB,GAAG;AAE/D,YAAI,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACvC,gBAAM,OAAO,QAAQ,aAAa,EAAE,2BAA2B,GAAG;AAAA,QACpE;AAAA,eACO,GAAQ;AACR,eAAA,KAAK,YAAY,EAAE,MAAM,OAAO,SAAS,EAAE,SAAS;AAAA,MAC7D;AAEO,aAAA;AAAA,IACT;AAAA,EACF;AACJ,CAAC,EACA,UAAU;AAEb,MAAM,mBAAmB,IACtB,WACA,SACA,EAAA;AAAA,EACC;AAAA,EACA;AAAA,EACA,eAAe,oBAAoB,IAAI;AACjC,QAAA;AACF,YAAM,OAAO,QAAQ,aAAa,EAAE,wBAAwB,CAAC,EAAE,CAAC;AAEhE,UAAI,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AACvC,cAAM,OAAO,QAAQ,aAAa,EAAE,2BAA2B,CAAC,EAAE,CAAC;AAAA,MACrE;AAAA,aACO,GAAQ;AACR,aAAA,KAAK,YAAY,EAAE,MAAM,MAAM,SAAS,EAAE,SAAS;AAAA,IAC5D;AAEO,WAAA;AAAA,EACT;AACF;AAEW,MAAA,0BAA0B,kBAAkB,gBAAgB;AAC5D,MAAA,2BAA2B,kBAAkB,iBAAiB;AAC9D,MAAA,0BAA0B,kBAAkB,gBAAgB;ACpDzE,MAAe,OAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKb,MAAM,OAAO,KAAc;AACnB,UAAA,wBAAwB,IAAI,QAAQ,IAAI;AAExC,UAAA,cAAc,WAAW,MAAM;AAErC,UAAMZ,QAAO,MAAM,YAAY,OAAO,IAAI,QAAQ,IAAI;AAChD,UAAA,gBAAgB,YAAY,aAAaA,KAAI;AAEnD,QAAI,QAAQ,EAAE,MAAM,cAAe,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,UAAU,KAAc;AACtB,UAAA,EAAE,GAAG,IAAI,IAAI;AAEnB,UAAM,wBAAwB,EAAE;AAE1B,UAAA,cAAc,WAAW,MAAM;AAErC,UAAMD,SAAQ,MAAM,YAAY,YAAY,CAAC,EAAE,CAAC;AAE1C,UAAA,gBAAgBA,OAAM,IAAI,CAACC,UAAkB,YAAY,aAAaA,KAAI,CAAC,EAAE,CAAC,KAAK;AAEzF,WAAO,IAAI,QAAQ;AAAA,MACjB,MAAM;AAAA,IAAA,CACP;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAAW,KAAc;AACvB,UAAA,EAAE,KAAK,IAAI,IAAI;AAErB,UAAM,yBAAyB,IAAI;AAE7B,UAAA,cAAc,WAAW,MAAM;AAErC,UAAMD,SAAQ,MAAM,YAAY,YAAY,KAAK,GAAG;AACpD,UAAM,iBAAiBA,OAAM,IAAI,YAAY,YAAY;AAEzD,WAAO,IAAI,QAAQ;AAAA,MACjB,MAAM;AAAA,IAAA,CACP;AAAA,EACH;AACF;ACkCA,MAAM,6BAA6B,OAAwB;AAAA,EACzD,SAAS;AAAA,IACP,mBAAmB;AAAA,EACrB;AACF;AAKA,MAAM,eAAe;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAKA,MAAM,2BAA2B,KAAK,YAAY;AAWlD,MAAM,kBAAkB,CAAC,eAA4C;AAC7D,QAAA,EAAE,YAAY,IAAQ,IAAA;AAE5B,MAAI,CAAC,YAAY;AACf,WAAO,QAAQ,GAAG;AAAA,EACpB;AAEA,MAAI,eAAe,SAAS;AAC1B,WAAO,UAAU,GAAG;AAAA,EACtB;AAEO,SAAA,WAAW,UAAU,IAAI,GAAG;AACrC;AAKA,MAAM,iBAAiB,CAAC,UACtB,IAAI,YAAY,gBAAgB,KAAK,GAAG,KAAK;AAO/C,MAAM,0BAA0B,CAAC,WAA2B;AAC1D,QAAM,wBAAwB,CAAC,YAAY,SAAS,EAAE,SAAS,OAAO,OAAO;AAEtE,SAAA,wBACH,IAAI,eAAe,OAAO,eAAe,WAAW,MAAM,IAC1D,KAAK,eAAe,MAAM;AAChC;AAKA,MAAM,oBAAoB,MAAM,CAAC,UAAkB,WAA4B;AACtE,SAAA,KAAK,KAAK,2BAA2B,GAAG,SAAS,QAAQ,CAAC,EAAE,MAAM;AAC3E,CAAC;AAKD,MAAM,mBAAmB,MAAM,CAAC,SAAiB,WAA4B;AAC3E,SAAO,QAAQ,OAAO,QAAQ,KAAK,SAAS,SAAS,OAAO,QAAQ;AACtE,CAAC;AAKD,MAAM,SAAmD;AAAA;AAAA;AAAA,EAGvD;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA,MAAM,4BAA4B;AACpC;AAEA,MAAe,eAAA;AAAA,EACb;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AC1MA,MAAM,gCAAgC,CAAC,WAAoB;AACrD,MAAA,EAAE,MAAM,MAAM,GAAG;AAEZ,WAAA;AAAA,EACT;AACA,MAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AACnB,WAAA;AAAA,EACT;AAEA,MAAI,SAAS;AACb,WAAS,SAAS,GAAG,SAAS,OAAO,QAAQ,UAAU,GAAG;AACxD,aAAS,OACN,MAAM,SAAS,CAAC,EAChB;AAAA,MACC,CAAC,WACC,OAAO,WAAW,GAAG,OAAO,MAAM,CAAC,GAAG,KAAK,OAAO,MAAM,EAAE,WAAW,GAAG,MAAM,GAAG;AAAA,IAAA;AAEnF,QAAA;AAAQ;AAAA,EACd;AAEA,SAAO,CAAC;AACV;ACrBA,MAAM,gCAAgC,CAAC,WAAoB;AACrD,MAAA,EAAE,MAAM,MAAM,GAAG;AAEZ,WAAA;AAAA,EACT;AACA,MAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AACnB,WAAA;AAAA,EACT;AAEA,SAAO,EAAE,KAAK,MAAM,EAAE,WAAW,OAAO;AAC1C;ACFA,MAAM,wBAAwB,CAAC,aAAqB;AAClD,SAAOR,aAAW,YAAY,EAAE,eAAe,IAAI,QAAQ;AAC7D;AAEO,MAAM,QAAQ,IAAI,OAAA,EAAS,QAAQ,UAAU;AAE7C,MAAM,YAAY,IAAI,SAAS,KAAK,EAAE,IAAI,CAAC;AAErC,MAAA,WAAW,IAAI;AAErB,MAAM,WAAW,IAAI,OAAO,EAAE,IAAI,CAAC;AAEnC,MAAM,WAAW,IACrB,OACA,EAAA,IAAI,CAAC,EACL,QAAQ,SAAS,uDAAuD,EACxE,QAAQ,SAAS,uDAAuD,EACxE,QAAQ,MAAM,0CAA0C;AAE9C,MAAA,QAAQ,IAAI,MAAM,IAAI,UAAU,EAAE,IAAI,CAAC;AAEpD,MAAM,gBAAgB,IACnB,OAAO,EACP,KAAK,oBAAoB,wBAAwB,SAAU,OAAO;AAC1D,SAAA,CAAC,QAAW,SAAS,GAAG,OAAO,KAAK,OAAO,OAAO,CAAC,EAAE,SAAS,KAAK,IACtE,OACA,KAAK,YAAY,EAAE,MAAM,KAAK,MAAM,SAAS,GAAG,KAAK,IAAI,6BAA8B,CAAA;AAC7F,CAAC;AAEI,MAAM,wBAAwB,IAClC,MAAM,EACN,GAAG,IAAI,OAAQ,CAAA,EACf,KAAK,6BAA6B,wBAAwB,SAAU,OAAO;AAC1E,QAAM,MAAM,OAAO,QAAQ,mBAAmB,EAAE,kBAAkB;AAC3D,SAAA,EAAE,YAAY,KAAK,KAAK,EAAE,WAAW,OAAO,GAAG,EAAE,WAAW,IAC/D,OACA,KAAK,YAAY,EAAE,MAAM,KAAK,MAAM,SAAS,wCAAwC;AAC3F,CAAC;AAEU,MAAA,uBAAuB,CAAC,GAAQ,MAC3C,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,WAAY,EAAE,MAAM,EAAE,OAAO,KAAK,EAAE,MAAM,EAAE,OAAO;AAE/F,MAAM,+BAA+B,CAAC,gBACpC,CAAC,MAAM,QAAQ,WAAW,KAC1B,YAAY;AAAA,EAAM,CAAC,OAAO,MACxB,YAAY,MAAM,IAAI,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,qBAAqB,OAAO,KAAK,CAAC;AAC/E;AAEF,MAAM,iBAAiB,CAAC,WACtB,SAAU,QAA6B;AAEjC,MAAA,MAAM,MAAM,GAAG;AACV,WAAA;AAAA,EACT;AAEA,SAAO,aAAa,kBAAkB,UAAU,MAAM,KAAK,MAAM,MAAM;AACzE;AAEF,MAAM,2BAA2B,CAAC,WAChC,IACG,MAAM,EACN,GAAG,IAAI,OAAO,CAAC,EACf,SACA,EAAA;AAAA,EACC;AAAA,EACA;AAAA,EACA;AACF,EACC;AAAA,EACC;AAAA,EACA;AAAA,EACA;AACF,EACC;AAAA,EACC;AAAA,EACA;AAAA;AAAA,EAEA,eAAe,MAAM;AACvB;AAEG,MAAM,aAAa,IACvB,OAAO,EACP,MAAM;AAAA,EACL,QAAQ,IACL,OAAA,EACA,SAAA,EACA,KAAK,mBAAmB,+CAA+C,SAAU,UAAU;AAEtF,QAAA,MAAM,QAAQ,GAAG;AACZ,aAAA;AAAA,IACT;AAEO,WAAA,CAAC,CAAC,sBAAsB,QAAQ;AAAA,EAAA,CACxC;AAAA,EACH,kBAAkB,IAAI,OAAO,EAAE,SAAS;AAAA,EACxC,SAAS,IACN,OAAA,EACA,SAAA,EACA,KAAK,oBAAoB,6BAA6B,SAAU,SAAS;AAExE,UAAM,SAAS,sBAAsB,KAAK,QAAQ,OAAO,MAAM;AAE/D,QAAI,CAAC,QAAQ;AACJ,aAAA;AAAA,IACT;AAEI,QAAA,MAAM,OAAO,QAAQ,GAAG;AAC1B,aAAO,MAAM,OAAO;AAAA,IACtB;AAEA,QAAI,QAAQ,OAAO,QAAQ,KAAK,CAAC,MAAM,OAAO,GAAG;AACxC,aAAA,OAAO,SAAS,SAAS,OAAO;AAAA,IACzC;AAEO,WAAA;AAAA,EAAA,CACR;AAAA,EACH,YAAY,IACT,OAAO,EACP,KAAK,wBAAwB,mCAAmC,SAAU,YAAY;AAErF,UAAM,SAAS,sBAAsB,KAAK,QAAQ,OAAO,MAAM;AAC/D,UAAM,kBAAkB,QAAQ,UAAU,KAAK,MAAM,UAAU;AAE/D,QAAI,CAAC,IAAI,6BAA6B,MAAM,GAAG;AACtC,aAAA;AAAA,IACT;AAEA,QAAI,iBAAiB;AACZ,aAAA;AAAA,IACT;AAEM,UAAA,EAAE,kBAAkB,IAAI,OAAO;AAEjC,QAAA,CAAC,QAAQ,iBAAiB,GAAG;AACxB,aAAA;AAAA,IACT;AAEO,WAAA,OAAO,KAAK,UAAU,EAAE,MAAM,CAAC,aAAa,kBAAkB,SAAS,QAAQ,CAAC;AAAA,EACxF,CAAA,EACA;AAAA,IACC;AAAA,IACA;AAAA,IACA,eAAgB,aAAa,CAAA,GAAI;AAE/B,YAAM,SAAS,sBAAsB,KAAK,QAAQ,OAAO,MAAM;AAE3D,UAAA,CAAC,UAAU,CAAC,YAAY;AACnB,eAAA;AAAA,MACT;AAEA,UAAI,CAAC,aAAa,kBAAkB,UAAU,MAAM,GAAG;AAC9C,eAAA;AAAA,MACT;AAEI,UAAA;AACF,cAAM,yBAAyB,MAAM,EAAE,SAAS,WAAW,QAAQ;AAAA,UACjE,QAAQ;AAAA,UACR,YAAY;AAAA,QAAA,CACb;AACM,eAAA;AAAA,eACA,GAAQ;AAEf,cAAM,KAAK,YAAY;AAAA,UACrB,SAAS,EAAE;AAAA,UACX,MAAM,GAAG,KAAK,IAAI;AAAA,QAAA,CACnB;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA,EACF,YAAY,IAAI,MAAA,EAAQ,GAAG,IAAI,QAAQ;AACzC,CAAC,EACA,UAAU;AAEN,MAAM,oBAAoB,IAC9B,OAAO,EACP,MAAM;AAAA,EACL,aAAa,IACV,MAAM,EACN,WACA,GAAG,UAAU,EACb;AAAA,IACC;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACJ,CAAC,EACA,WACA;AAEH,MAAe,aAAA;AAAA,EACb;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AC9MA,MAAM,qBAAqB,IACxB,OAAO,EACP,MAAM;AAAA,EACL,OAAO,WAAW,MAAM,SAAS;AAAA,EACjC,WAAW,WAAW,UAAU,SAAS;AAAA,EACzC,UAAU,WAAW;AAAA,EACrB,OAAO,WAAW,MAAM,IAAI,CAAC;AAAA,EAC7B,kBAAkB,IAAI,OAAO,EAAE,SAAS;AAC1C,CAAC,EACA,UAAU;AAEb,MAAM,sBAAsB,IACzB,OAAO,EACP,MAAM;AAAA,EACL,OAAO,WAAW,MAAM,QAAQ;AAAA,EAChC,WAAW,WAAW,UAAU,QAAQ;AAAA,EACxC,UAAU,WAAW,SAAS,SAAS;AAAA,EACvC,UAAU,WAAW,SAAS,SAAS;AAAA,EACvC,UAAU,WAAW,SAAS,QAAQ;AAAA,EACtC,iBAAiB,IACd,OAAA,EACA;AAAA,IAAK;AAAA,IAAY,CAACY,WAAkB,WACnC,CAAC,YAAYA,SAAQ,IAAI,OAAO,SAAA,IAAa;AAAA,IAE9C,QAAQ;AAAA,EACX,kBAAkB,IAAI,OAAO,EAAE,SAAS;AAC1C,CAAC,EACA,UAAU;AAEb,MAAM,mBAAmB,IACtB,OAAO,EACP,MAAM;AAAA,EACL,OAAO,WAAW,MAAM,QAAQ;AAAA,EAChC,WAAW,WAAW,UAAU,QAAQ;AAAA,EACxC,UAAU,WAAW,SAAS,SAAS;AAAA,EACvC,UAAU,WAAW,SAAS,SAAS;AAAA,EACvC,UAAU,WAAW,SAAS,QAAQ;AAAA,EACtC,UAAU,IAAI,KAAK,EAAE,QAAQ;AAAA,EAC7B,OAAO,WAAW,MAAM,IAAI,CAAC,EAAE,QAAQ;AACzC,CAAC,EACA,UAAU;AAEb,MAAM,oBAAoB,IACvB,OAAO,EACP,MAAM;AAAA,EACL,KAAK,IAAI,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE,SAAS;AACtD,CAAC,EACA,UAAU;AAE4B,kBAAkB,kBAAkB;AACnC,kBAAkB,mBAAmB;AAClE,MAAA,0BAA0B,kBAAkB,gBAAgB;AACjC,kBAAkB,iBAAiB;AACpE,MAAM,UAAU;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AACF;AC1DA,MAAM,gCAAgC,IACnC,OAAO,EACP,MAAM;AAAA,EACL,oBAAoB,IAAI,QAAQ;AAClC,CAAC,EACA,UAAU;AAEA,MAAA,4BAA4B,CAAC,SAAc;AACtD,MAAI,SAAS,QAAQ;AAErB,MAAI,OAAO,GAAG,SAAS,UAAU,KAAK,GAAG;AAC9B,aAAA,OAAO,OAAO,6BAA6B;AAAA,EACtD;AAEO,SAAA,kBAAkB,MAAM,EAAE,IAAI;AACvC;ACRA,MAAM,EAAE,kBAAkB,eAAmB,IAAA;AAE7C,MAAM,6BAA6B,KAAK,CAAC,aAAa,YAAY,SAAS,OAAO,CAAC;AAEnF,MAAM,yBAAyB,YAAY;AACrC,MAAA,CAAC,OAAO,IAAI;AACP,WAAA;AAAA,EACT;AAEM,QAAA,iBAAiB,OAAO,GAAG;AAC7B,MAAA,MAAM,cAAc,GAAG;AAClB,WAAA;AAAA,EACT;AAEA,QAAM,YAAY,MAAM,OAAO,QAAQ,aAAa,EAAE;AAEtD,MAAI,YAAY,gBAAgB;AACvB,WAAA;AAAA,EACT;AACF;AAEA,MAAe,OAAA;AAAA,EACb,MAAM,OAAO,KAAc;AACrB,QAAA,CAAE,MAAM,0BAA2B;AAC/B,YAAA,IAAI,eAAe,0DAA0D;AAAA,IACrF;AAEM,UAAA,EAAE,KAAK,IAAI,IAAI;AACrB,UAAM,YAAY,EAAE,GAAG,MAAM,OAAO,EAAE,IAAI,MAAM,SAAS,EAAE,EAAE,YAAc,EAAA;AAE3E,UAAM,0BAA0B,SAAS;AAEnC,UAAA,aAAa,2BAA2B,SAAS;AACjD,UAAA,EAAE,mBAAuB,IAAA;AAEzB,UAAA,oBAAoB,MAAM,WAAW,MAAM,EAAE,OAAO,EAAE,OAAO,WAAW,MAAA,CAAO;AAErF,QAAI,mBAAmB;AACf,YAAA,IAAI,iBAAiB,qBAAqB;AAAA,IAClD;AAEA,QAAI,oBAAoB;AACtB,aAAO,OAAO,YAAY,EAAE,mBAAmB,MAAM,UAAU,MAAM;AAAA,IACvE;AAEA,UAAM,cAAc,MAAM,WAAW,MAAM,EAAE,OAAO,UAAU;AAC9D,UAAM,WAAW,WAAW,MAAM,EAAE,aAAa,WAAW;AAI5D,WAAO,OAAO,UAAU,EAAE,mBAAmB,YAAY,mBAAmB;AAE5E,QAAI,QAAQ,EAAE,MAAM,SAAU,CAAA;AAAA,EAChC;AAAA,EAEA,MAAM,OAAO,KAAc;AACnB,UAAA,EAAE,GAAG,IAAI,IAAI;AACnB,UAAM,EAAE,MAAM,UAAU,IAAI;AAE5B,UAAM,wBAAwB,KAAK;AAEnC,QAAI,EAAE,IAAI,OAAO,OAAO,GAAG;AACzB,YAAM,mBAAmB,MAAM,WAAW,MAAM,EAAE,OAAO;AAAA,QACvD,IAAI,EAAE,KAAK,GAAG;AAAA,QACd,OAAO,MAAM;AAAA,MAAA,CACd;AAED,UAAI,kBAAkB;AACd,cAAA,IAAI,iBAAiB,+CAA+C;AAAA,MAC5E;AAAA,IACF;AAEA,UAAMT,QAAO,MAAM,WAAW,MAAM,EAAE,QAAQ,IAAI,IAAI;AAElD,QAAA,CAAE,MAAM,4BAA6B,CAACA,MAAK,YAAY,MAAM,UAAU;AACnE,YAAA,IAAI,eAAe,yDAAyD;AAAA,IACpF;AAEA,UAAM,cAAc,MAAM,WAAW,MAAM,EAAE,WAAW,IAAI,KAAK;AAEjE,QAAI,CAAC,aAAa;AACT,aAAA,IAAI,SAAS,qBAAqB;AAAA,IAC3C;AAEA,QAAI,OAAO;AAAA,MACT,MAAM,WAAW,MAAM,EAAE,aAAa,WAAW;AAAA,IAAA;AAAA,EAErD;AAAA,EAEA,MAAM,YAAY,KAAc;AACxB,UAAA,EAAE,MAAAA,MAAK,IAAI,IAAI;AACf,UAAA,cAAc,MAAM,YAAYA,KAAI;AAE1C,QAAI,OAAO;AAAA,MACT,MAAM;AAAA,QACJ;AAAA,MACF;AAAA,IAAA;AAAA,EAEJ;AACF;ACzGA,MAAe,QAAA;AAAA;AAAA,EAEb,MAAM,iBAAiB;AACrB,UAAM,QAAQ,OAAO,OAAO,IAAI,eAAe,CAAA,CAAE;AAC7C,QAAA;AACF,aAAO,EAAE,MAAM,EAAE,MAAM,OAAO,IAAI,UAAU,OAAO,GAAG,SAAS,KAAK,GAAG,MAAQ,EAAA;AAAA,aACxE,KAAK;AACL,aAAA,EAAE,MAAM,EAAE,MAAM,OAAO,UAAU,CAAI,GAAA,MAAA;IAC9C;AAAA,EACF;AAAA,EAEA,MAAM,0BAA0B;AACxB,UAAA,iBAAiB,OAAO,GAAG;AAEjC,QAAI,eAAe;AACnB,QAAI,qBAAqB;AACrB,QAAA;AAEJ,UAAM,yBAAyB,MAAM,WAAW,MAAM,EAAE,0BAA0B;AAElF,UAAM,kBAAkB,MAAM,WAAW,kBAAkB,EAAE,oBAAoB;AAEjF,QAAI,iBAAiB;AACnB,6BAAuB,yBAAyB,gBAAgB;AAAA,IAAA,OAC3D;AACkB,6BAAA;AAAA,IACzB;AAEA,QAAI,CAAC,MAAM,cAAc,KAAK,uBAAuB,gBAAgB;AACpD,qBAAA;AACM,2BAAA;AAAA,IACvB;AAEA,QAAI,CAAC,MAAM,cAAc,KAAK,yBAAyB,gBAAgB;AACtD,qBAAA;AACM,2BAAA;AAAA,IACvB;AAEA,UAAM,OAAO;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,kBAAkB,MAAM,cAAc,IAAI,QAAQ,0BAA0B;AAAA,MAC5E;AAAA,MACA,uBAAuB,IAAI,kBAAkB,IAAI,MAAM;AAAA,MACvD,UAAU,OAAO,GAAG,SAAS,UAAU,CAAC;AAAA,IAAA;AAG1C,WAAO,EAAE,KAAK;AAAA,EAChB;AACF;AChDA,MAAe,cAAA;AAAA,EACb;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;ACVO,MAAM,0BACX,CAAC,gBAAwB,CAAC,KAAK,SAAS;AACtC,MAAI,OAAO,GAAG,SAAS,UAAU,WAAW,GAAG;AAC7C,WAAO,KAAK;AAAA,EACd;AAEA,MAAI,SAAS;AACf;ACPF,MAAe,MAAA;AAAA,EACb,MAAM;AAAA,EACN,QAAQ;AAAA,IACN;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,MAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,MAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,MAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,UAAU;AAAA,UACR;AAAA,UACA,EAAE,MAAM,yBAAyB,QAAQ,EAAE,SAAS,CAAC,4BAA4B,IAAI;AAAA,QACvF;AAAA,MACF;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,UAAU;AAAA,UACR;AAAA,UACA,EAAE,MAAM,yBAAyB,QAAQ,EAAE,SAAS,CAAC,8BAA8B,IAAI;AAAA,QACzF;AAAA,MACF;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,KAAK,CAAC;AAAA,QAC5C,UAAU,CAAC,6BAA6B;AAAA,MAC1C;AAAA,IACF;AAAA,EACF;AACF;AClEA,MAAe,eAAA;AAAA,EACb,MAAM;AAAA,EACN,QAAQ;AAAA;AAAA,IAEN;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,UAAU;AAAA,UACR;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,QAAQ;AAAA,cACN,SAAS;AAAA,gBACP;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;ACvBA,MAAe,SAAA;AAAA,EACb;AAAA,EACA,iBAAiB;AACnB;ACJA,MAAe,kBAAA;AAAA,EACb,MAAM;AAAA,EACN,QAAQ;AAAA,IACN;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,YAAY,CAAC;AAAA,QACnD,UAAU;AAAA,UACR;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,QAAQ;AAAA,cACN,SAAS,CAAC,wBAAwB;AAAA,YACpC;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,MACT,QAAQ;AAAA,QACN,aAAa,CAAC,wBAAwB,YAAY,CAAC;AAAA,QACnD,UAAU;AAAA,UACR;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,QAAQ;AAAA,cACN,SAAS,CAAC,wBAAwB;AAAA,YACpC;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;ACtCA,MAAM,uBAAuB,CAAC,cAAc,eAAe,YAAY,WAAW;AAElF,MAAM,yBAAyB,IAC5B,OAAO,EACP,MAAM;AAAA,EACL,MAAM,IAAI,OAAA,EAAS,QAAQ,EAAE,IAAI,CAAC;AAAA,EAClC,UAAU,IAAI,OAAA,EAAS,QAAA,EAAU,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EAC/C,MAAM,IAAI,QAAQ,MAAM,oBAAoB;AAC9C,CAAC,EACA,SAAS;AAEL,MAAM,mBAAmB,kBAAkB,wBAAwB,EAAE,QAAQ,OAAO;ACT3F,MAAe,sBAAA;AAAA,EACb,MAAM,SAAS,KAAc;AACrB,UAAA,EAAE,MAAM,IAAI,IAAI;AACtB,UAAM,iBAAiB,KAAK;AAEtB,UAAA,YAAY,OAAO,IAAI,YAAY;AACzC,UAAM,OAAO,MAAM,UAAU,SAAS,KAAK;AAE3C,QAAI,OAAO;AAAA,EACb;AAAA,EAEA,MAAM,QAAQ,KAAc;AACpB,UAAA,EAAE,GAAG,IAAI,IAAI;AAEb,UAAA,YAAY,OAAO,IAAI,YAAY;AACzC,UAAM,OAAO,MAAM,UAAU,QAAQ,EAAE;AAEvC,QAAI,OAAO;AAEJ,WAAA,UAAU,KAAK,oBAAoB;AAAA,EAC5C;AACF;ACZA,MAAM,mBAAmB,CAACA,UAAc;AACtC,MAAI,cAAcA,MAAK;AAEvB,MAAIA,MAAK,UAAU;AACjB,kBAAcA,MAAK;AAAA,EACV,WAAAA,MAAK,aAAaA,MAAK,UAAU;AAC1C,kBAAc,GAAGA,MAAK,SAAS,IAAIA,MAAK,QAAQ;AAAA,EAClD;AAEO,SAAA;AAAA,IACL,IAAIA,MAAK;AAAA,IACT,OAAOA,MAAK;AAAA,IACZ;AAAA,EAAA;AAEJ;AAMA,MAAM,yBAAyB,CAACJ,YAAwB;AAC/C,SAAA;AAAA,IACL,MAAM,UAAU,OAAc;AAC5B,YAAM,EAAE,QAAQ,GAAG,KAAA,IAAS;AAE5B,YAAM0B,YAAgB,EAAE,GAAG,MAAM,MAAM,OAAO;AAGxC,YAAA1B,QAAO,IAAI,MAAM,kBAAkB,EAAE,OAAO,EAAE,MAAM0B,UAAA,CAAU;AAE7D,aAAA;AAAA,IACT;AAAA,IAEA,MAAM,SAAS,OAAgB;AACvB,YAAA,EAAE,SAAS,WAAA,IAAe,MAAM1B,QAAO,IAAI,MAAM,kBAAkB,EAAE,SAAS;AAAA,QAClF,UAAU,CAAC,MAAM;AAAA,QACjB,QAAQ,CAAC,UAAU,QAAQ,SAAS;AAAA,QACpC,GAAGA,QAAO,IAAI,cAAc,EAAE,UAAU,oBAAoB,KAAK;AAAA,MAAA,CAClE;AAED,YAAM,mBAAmB,QAAQ,IAAI,CAAC,WAAgB;AACpD,cAAM,EAAE,MAAAI,OAAM,GAAG,KAAA,IAAS;AACnB,eAAA;AAAA,UACL,GAAG;AAAA,UACH,MAAMA,QAAO,iBAAiBA,KAAI,IAAI;AAAA,QAAA;AAAA,MACxC,CACD;AAEM,aAAA;AAAA,QACL,SAAS;AAAA,QACT;AAAA,MAAA;AAAA,IAEJ;AAAA,IAEA,MAAM,QAAQ,IAAa;AACzB,YAAM,SAAc,MAAMJ,QAAO,IAAI,MAAM,kBAAkB,EAAE,QAAQ;AAAA,QACrE,OAAO,EAAE,GAAG;AAAA,QACZ,UAAU,CAAC,MAAM;AAAA,QACjB,QAAQ,CAAC,UAAU,QAAQ,SAAS;AAAA,MAAA,CACrC;AAED,UAAI,CAAC,QAAQ;AACJ,eAAA;AAAA,MACT;AAEA,YAAM,EAAE,MAAAI,OAAM,GAAG,KAAA,IAAS;AACnB,aAAA;AAAA,QACL,GAAG;AAAA,QACH,MAAMA,QAAO,iBAAiBA,KAAI,IAAI;AAAA,MAAA;AAAA,IAE1C;AAAA,IAEA,oBAAoB,gBAAsB;AACxC,aAAOJ,QAAO,IAAI,MAAM,kBAAkB,EAAE,WAAW;AAAA,QACrD,OAAO;AAAA,UACL,MAAM;AAAA,YACJ,KAAK,eAAe,YAAY;AAAA,UAClC;AAAA,QACF;AAAA,MAAA,CACD;AAAA,IACH;AAAA,EAAA;AAEJ;AC5FA,MAAM,yBAAyB;AAE/B,MAAM,gBAAgB;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,MAAM,cAAc,CAAC2B,mBAAuB;AAC1C,QAAM,oBAAoB,IAAI,SAAc,KAAK,CAAC;AAGlD,SAAOA,eAAc,OAAO,CAAC,KAAU,UAAe;AACpD,QAAI,KAAK,IAAI;AACN,WAAA;AAAA,EACT,GAAG,CAAS,CAAA;AACd;AAEA,MAAM,mBAAmB,CAAC3B,YAAwB;AAChD,QAAM,gBAAgBA,QAAO,GAAG,SAAS,IAAI,YAAY;AACzD,QAAM,uBACJ,OAAO,kBAAkB,YAAY,eAAe,QAAQ;AAC9D,QAAM,oBAAoBA,QAAO,OAAO,IAAI,+BAA+B;AAG3E,MAAI,wBAAwB,MAAM;AAChC,WAAO,qBAAqB;AAAA,EAC9B;AAGI,MAAA,qBAAqB,oBAAoB,sBAAsB;AAC1D,WAAA;AAAA,EACT;AAGO,SAAA;AACT;AAMA,MAAM,kCAAkC,CAACA,YAAwB;AAE/D,QAAM,QAAQ,CAAA;AACR,QAAA,mBAAmBA,QAAO,IAAI,YAAY;AAG1C,QAAA,WAAW,YAAY,aAAa;AAEpC,QAAA,eAAe,CAACE,UAAiB,SAAc;AACnD,UAAM,eAAeF,QAAO,eAAe,IAAA,GAAO;AAGlD,UAAM,mBAAmB,cAAc,MAAM,KAAK,SAAS;AAC3D,UAAMI,QAAO,cAAc;AACvB,QAAA,CAAC,oBAAoB,CAACA,OAAM;AACvB,aAAA;AAAA,IACT;AAEM,UAAA,aAAa,SAASF,KAAI;AAGhC,QAAI,CAAC,YAAY;AACR,aAAA;AAAA,IACT;AAIM,UAAA,cAAc,CAAC,uBAAuB,uBAAuB;AACnE,QAAI,YAAY,SAAS,KAAK,CAAC,GAAG,GAAG,GAAG;AAC/B,aAAA;AAAA,IACT;AAEO,WAAA;AAAA,MACL,QAAQA;AAAA,MACR,OAAM,oBAAI,KAAK,GAAE,YAAY;AAAA,MAC7B,SAAS,WAAW,GAAG,IAAI,KAAK,CAAC;AAAA,MACjC,QAAQE,MAAK;AAAA,IAAA;AAAA,EACf;AAGI,QAAA,cAAc,OAAOF,UAAiB,SAAc;AACxD,UAAM,iBAAiB,aAAaA,OAAM,GAAG,IAAI;AAEjD,QAAI,gBAAgB;AACZ,YAAA,iBAAiB,UAAU,cAAc;AAAA,IACjD;AAAA,EAAA;AAGK,SAAA;AAAA,IACL,MAAM,WAAW;AAEX,UAAA,CAAC,MAAM,qBAAqB;AAE9B,cAAM,sBAAsBF,QAAO,SAAS,GAAG,aAAa,MAAM;AAEhE,eAAK,QAAQ;AACb,eAAK,SAAS;AAAA,QAAA,CACf;AAAA,MACH;AAGI,UAAA,CAAC,MAAM,qBAAqB;AAE9B,cAAM,sBAAsBA,QAAO,SAAS,GAAG,aAAa,MAAM;AAEhE,eAAK,QAAQ;AACb,eAAK,SAAS;AAAA,QAAA,CACf;AAAA,MACH;AAIA,YAAM,uBAAuBA,QAAO,SAAS,GAAG,cAAc,MAAM;AAGlE,aAAK,QAAQ;AAAA,MAAA,CACd;AAGD,UAAI,CAACA,QAAO,GAAG,SAAS,UAAU,YAAY,GAAG;AACxC,eAAA;AAAA,MACT;AAGA,YAAM,sBAAsBA,QAAO,SAAS,UAAU,WAAW;AAG3D,YAAA,gBAAgB,iBAAiBA,OAAM;AACvC,YAAA,mBAAmB,YAAY,aAAa,MAAM;AAChD,cAAA,iBAAiB,IAAI,KAAK,KAAK,IAAA,IAAQ,gBAAgB,KAAK,KAAK,KAAK,GAAI;AAChF,yBAAiB,oBAAoB,cAAc;AAAA,MAAA,CACpD;AAEM,aAAA;AAAA,IACT;AAAA,IAEA,cAAc;AACZ,UAAI,MAAM,sBAAsB;AAC9B,cAAM,qBAAqB;AAAA,MAC7B;AAEA,UAAI,MAAM,qBAAqB;AAC7B,cAAM,oBAAoB;AAAA,MAC5B;AAEA,UAAI,MAAM,kBAAkB;AAC1B,cAAM,iBAAiB;MACzB;AAEO,aAAA;AAAA,IACT;AAAA,IAEA,UAAU;AACR,aAAO,KAAK;IACd;AAAA,EAAA;AAEJ;AC1LO,MAAM,WAAW;AAAA,EACtB,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,gBAAgB;AAAA,IAChB,MAAM;AAAA,MACJ,cAAc;AAAA,MACd,YAAY;AAAA,MACZ,aAAa;AAAA,IACf;AAAA,IACA,SAAS;AAAA,MACP,YAAY;AAAA,IACd;AAAA,IACA,eAAe;AAAA,MACb,mBAAmB;AAAA,QACjB,SAAS;AAAA,MACX;AAAA,MACA,wBAAwB;AAAA,QACtB,SAAS;AAAA,MACX;AAAA,IACF;AAAA,IACA,YAAY;AAAA,MACV,QAAQ;AAAA,QACN,MAAM;AAAA,QACN,UAAU;AAAA,MACZ;AAAA,MACA,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,UAAU;AAAA,MACZ;AAAA,MACA,MAAM;AAAA,QACJ,MAAM;AAAA,QACN,UAAU;AAAA,QACV,QAAQ;AAAA,MACV;AAAA,MACA,SAAS;AAAA,QACP,MAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;ACzBA,MAAM,aAAa,MAAM;AACvB,QAAM,UAAU;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA,cAAc;AAAA;AAAA,MAEZ,aAAa;AAAA,MACb,GAAG;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAKA,MAAA,OAAO,OAAO,IAAI,2BAA2B,IAAI,KACjD,OAAO,GAAG,SAAS,UAAU,YAAY,GACzC;AACO,WAAA;AAAA,MACL,GAAG;AAAA,MACH,aAAa;AAAA,QACX,GAAG,QAAQ;AAAA,QACX,cAAc;AAAA,MAChB;AAAA,MACA,QAAQ;AAAA,QACN,GAAG,QAAQ;AAAA,QACX,cAAc;AAAA,MAChB;AAAA,MACA,MAAM,SAAS,EAAE,QAAAA,WAAmC;AAElD,cAAM,QAAQ,SAAS,EAAE,QAAAA,QAAQ,CAAA;AAEjCA,gBAAO,IAAI,cAAc,uBAAuBA,OAAM,CAAC;AAEjD,cAAA,qBAAqB,gCAAgCA,OAAM;AACjEA,gBAAO,IAAI,wBAAwB,kBAAkB;AAErD,cAAM,mBAAmB;MAC3B;AAAA,MACA,MAAM,QAAQ,EAAE,QAAAA,WAAmC;AACjDA,gBAAO,IAAI,sBAAsB,EAAE,QAAQ;AAC3C,cAAM,QAAQ,QAAQ,EAAE,QAAAA,QAAQ,CAAA;AAAA,MAClC;AAAA,IAAA;AAAA,EAEJ;AAEO,SAAA;AACT;AAEA,MAAA,QAAe,WAAW;"}