@strapi/plugin-users-permissions 5.12.0 → 5.12.2

package/dist/server/services/providers-registry.js

@@ -0,0 +1,555 @@
+'use strict';
+
+var require$$0 = require('assert');
+var require$$1 = require('jsonwebtoken');
+var require$$2 = require('url-join');
+var require$$3 = require('jwk-to-pem');
+var require$$4 = require('purest');
+
+var providersRegistry;
+var hasRequiredProvidersRegistry;
+function requireProvidersRegistry() {
+    if (hasRequiredProvidersRegistry) return providersRegistry;
+    hasRequiredProvidersRegistry = 1;
+    const { strict: assert } = require$$0;
+    const jwt = require$$1;
+    const urljoin = require$$2;
+    const jwkToPem = require$$3;
+    const getCognitoPayload = async ({ idToken, jwksUrl, purest })=>{
+        const { header: { kid }, payload } = jwt.decode(idToken, {
+            complete: true
+        });
+        if (!payload || !kid) {
+            throw new Error('The provided token is not valid');
+        }
+        const config = {
+            cognito: {
+                discovery: {
+                    origin: jwksUrl.origin,
+                    path: jwksUrl.pathname
+                }
+            }
+        };
+        try {
+            const cognito = purest({
+                provider: 'cognito',
+                config
+            });
+            // get the JSON Web Key (JWK) for the user pool
+            const { body: jwk } = await cognito('discovery').request();
+            // Get the key with the same Key ID as the provided token
+            const key = jwk.keys.find(({ kid: jwkKid })=>jwkKid === kid);
+            const pem = jwkToPem(key);
+            // https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html
+            const decodedToken = await new Promise((resolve, reject)=>{
+                jwt.verify(idToken, pem, {
+                    algorithms: [
+                        'RS256'
+                    ]
+                }, (err, decodedToken)=>{
+                    if (err) {
+                        reject();
+                    }
+                    resolve(decodedToken);
+                });
+            });
+            return decodedToken;
+        } catch (err) {
+            throw new Error('There was an error verifying the token');
+        }
+    };
+    const initProviders = ({ baseURL, purest })=>({
+            email: {
+                enabled: true,
+                icon: 'envelope',
+                grantConfig: {}
+            },
+            discord: {
+                enabled: false,
+                icon: 'discord',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/discord/callback`,
+                    scope: [
+                        'identify',
+                        'email'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const discord = purest({
+                        provider: 'discord'
+                    });
+                    return discord.get('users/@me').auth(accessToken).request().then(({ body })=>{
+                        // Combine username and discriminator (if discriminator exists and not equal to 0)
+                        const username = body.discriminator && body.discriminator !== '0' ? `${body.username}#${body.discriminator}` : body.username;
+                        return {
+                            username,
+                            email: body.email
+                        };
+                    });
+                }
+            },
+            facebook: {
+                enabled: false,
+                icon: 'facebook-square',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/facebook/callback`,
+                    scope: [
+                        'email'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const facebook = purest({
+                        provider: 'facebook'
+                    });
+                    return facebook.get('me').auth(accessToken).qs({
+                        fields: 'name,email'
+                    }).request().then(({ body })=>({
+                            username: body.name,
+                            email: body.email
+                        }));
+                }
+            },
+            google: {
+                enabled: false,
+                icon: 'google',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/google/callback`,
+                    scope: [
+                        'email'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const google = purest({
+                        provider: 'google'
+                    });
+                    return google.query('oauth').get('tokeninfo').qs({
+                        accessToken
+                    }).request().then(({ body })=>({
+                            username: body.email.split('@')[0],
+                            email: body.email
+                        }));
+                }
+            },
+            github: {
+                enabled: false,
+                icon: 'github',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/github/callback`,
+                    scope: [
+                        'user',
+                        'user:email'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const github = purest({
+                        provider: 'github',
+                        defaults: {
+                            headers: {
+                                'user-agent': 'strapi'
+                            }
+                        }
+                    });
+                    const { body: userBody } = await github.get('user').auth(accessToken).request();
+                    // This is the public email on the github profile
+                    if (userBody.email) {
+                        return {
+                            username: userBody.login,
+                            email: userBody.email
+                        };
+                    }
+                    // Get the email with Github's user/emails API
+                    const { body: emailBody } = await github.get('user/emails').auth(accessToken).request();
+                    return {
+                        username: userBody.login,
+                        email: Array.isArray(emailBody) ? emailBody.find((email)=>email.primary === true).email : null
+                    };
+                }
+            },
+            microsoft: {
+                enabled: false,
+                icon: 'windows',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/microsoft/callback`,
+                    scope: [
+                        'user.read'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const microsoft = purest({
+                        provider: 'microsoft'
+                    });
+                    return microsoft.get('me').auth(accessToken).request().then(({ body })=>({
+                            username: body.userPrincipalName,
+                            email: body.userPrincipalName
+                        }));
+                }
+            },
+            twitter: {
+                enabled: false,
+                icon: 'twitter',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/twitter/callback`
+                },
+                async authCallback ({ accessToken, query, providers }) {
+                    const twitter = purest({
+                        provider: 'twitter',
+                        defaults: {
+                            oauth: {
+                                consumer_key: providers.twitter.key,
+                                consumer_secret: providers.twitter.secret
+                            }
+                        }
+                    });
+                    return twitter.get('account/verify_credentials').auth(accessToken, query.access_secret).qs({
+                        screen_name: query['raw[screen_name]'],
+                        include_email: 'true'
+                    }).request().then(({ body })=>({
+                            username: body.screen_name,
+                            email: body.email
+                        }));
+                }
+            },
+            instagram: {
+                enabled: false,
+                icon: 'instagram',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/instagram/callback`,
+                    scope: [
+                        'user_profile'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const instagram = purest({
+                        provider: 'instagram'
+                    });
+                    return instagram.get('me').auth(accessToken).qs({
+                        fields: 'id,username'
+                    }).request().then(({ body })=>({
+                            username: body.username,
+                            email: `${body.username}@strapi.io`
+                        }));
+                }
+            },
+            vk: {
+                enabled: false,
+                icon: 'vk',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/vk/callback`,
+                    scope: [
+                        'email'
+                    ]
+                },
+                async authCallback ({ accessToken, query }) {
+                    const vk = purest({
+                        provider: 'vk'
+                    });
+                    return vk.get('users').auth(accessToken).qs({
+                        id: query.raw.user_id,
+                        v: '5.122'
+                    }).request().then(({ body })=>({
+                            username: `${body.response[0].last_name} ${body.response[0].first_name}`,
+                            email: query.raw.email
+                        }));
+                }
+            },
+            twitch: {
+                enabled: false,
+                icon: 'twitch',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/twitch/callback`,
+                    scope: [
+                        'user:read:email'
+                    ]
+                },
+                async authCallback ({ accessToken, providers }) {
+                    const twitch = purest({
+                        provider: 'twitch',
+                        config: {
+                            twitch: {
+                                default: {
+                                    origin: 'https://api.twitch.tv',
+                                    path: 'helix/{path}',
+                                    headers: {
+                                        Authorization: 'Bearer {auth}',
+                                        'Client-Id': '{auth}'
+                                    }
+                                }
+                            }
+                        }
+                    });
+                    return twitch.get('users').auth(accessToken, providers.twitch.key).request().then(({ body })=>({
+                            username: body.data[0].login,
+                            email: body.data[0].email
+                        }));
+                }
+            },
+            linkedin: {
+                enabled: false,
+                icon: 'linkedin',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/linkedin/callback`,
+                    scope: [
+                        'r_liteprofile',
+                        'r_emailaddress'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const linkedIn = purest({
+                        provider: 'linkedin'
+                    });
+                    const { body: { localizedFirstName } } = await linkedIn.get('me').auth(accessToken).request();
+                    const { body: { elements } } = await linkedIn.get('emailAddress?q=members&projection=(elements*(handle~))').auth(accessToken).request();
+                    const email = elements[0]['handle~'];
+                    return {
+                        username: localizedFirstName,
+                        email: email.emailAddress
+                    };
+                }
+            },
+            cognito: {
+                enabled: false,
+                icon: 'aws',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    subdomain: 'my.subdomain.com',
+                    callback: `${baseURL}/cognito/callback`,
+                    scope: [
+                        'email',
+                        'openid',
+                        'profile'
+                    ]
+                },
+                async authCallback ({ query, providers }) {
+                    const jwksUrl = new URL(providers.cognito.jwksurl);
+                    const idToken = query.id_token;
+                    const tokenPayload = await getCognitoPayload({
+                        idToken,
+                        jwksUrl,
+                        purest
+                    });
+                    return {
+                        username: tokenPayload['cognito:username'],
+                        email: tokenPayload.email
+                    };
+                }
+            },
+            reddit: {
+                enabled: false,
+                icon: 'reddit',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callback: `${baseURL}/reddit/callback`,
+                    scope: [
+                        'identity'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const reddit = purest({
+                        provider: 'reddit',
+                        config: {
+                            reddit: {
+                                default: {
+                                    origin: 'https://oauth.reddit.com',
+                                    path: 'api/{version}/{path}',
+                                    version: 'v1',
+                                    headers: {
+                                        Authorization: 'Bearer {auth}',
+                                        'user-agent': 'strapi'
+                                    }
+                                }
+                            }
+                        }
+                    });
+                    return reddit.get('me').auth(accessToken).request().then(({ body })=>({
+                            username: body.name,
+                            email: `${body.name}@strapi.io`
+                        }));
+                }
+            },
+            auth0: {
+                enabled: false,
+                icon: '',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    subdomain: 'my-tenant.eu',
+                    callback: `${baseURL}/auth0/callback`,
+                    scope: [
+                        'openid',
+                        'email',
+                        'profile'
+                    ]
+                },
+                async authCallback ({ accessToken, providers }) {
+                    const auth0 = purest({
+                        provider: 'auth0'
+                    });
+                    return auth0.get('userinfo').subdomain(providers.auth0.subdomain).auth(accessToken).request().then(({ body })=>{
+                        const username = body.username || body.nickname || body.name || body.email.split('@')[0];
+                        const email = body.email || `${username.replace(/\s+/g, '.')}@strapi.io`;
+                        return {
+                            username,
+                            email
+                        };
+                    });
+                }
+            },
+            cas: {
+                enabled: false,
+                icon: 'book',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callback: `${baseURL}/cas/callback`,
+                    scope: [
+                        'openid email'
+                    ],
+                    subdomain: 'my.subdomain.com/cas'
+                },
+                async authCallback ({ accessToken, providers }) {
+                    const cas = purest({
+                        provider: 'cas'
+                    });
+                    return cas.get('oidc/profile').subdomain(providers.cas.subdomain).auth(accessToken).request().then(({ body })=>{
+                        // CAS attribute may be in body.attributes or "FLAT", depending on CAS config
+                        const username = body.attributes ? body.attributes.strapiusername || body.id || body.sub : body.strapiusername || body.id || body.sub;
+                        const email = body.attributes ? body.attributes.strapiemail || body.attributes.email : body.strapiemail || body.email;
+                        if (!username || !email) {
+                            strapi.log.warn(`CAS Response Body did not contain required attributes: ${JSON.stringify(body)}`);
+                        }
+                        return {
+                            username,
+                            email
+                        };
+                    });
+                }
+            },
+            patreon: {
+                enabled: false,
+                icon: '',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callback: `${baseURL}/patreon/callback`,
+                    scope: [
+                        'identity',
+                        'identity[email]'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const patreon = purest({
+                        provider: 'patreon',
+                        config: {
+                            patreon: {
+                                default: {
+                                    origin: 'https://www.patreon.com',
+                                    path: 'api/oauth2/{path}',
+                                    headers: {
+                                        authorization: 'Bearer {auth}'
+                                    }
+                                }
+                            }
+                        }
+                    });
+                    return patreon.get('v2/identity').auth(accessToken).qs(new URLSearchParams({
+                        'fields[user]': 'full_name,email'
+                    }).toString()).request().then(({ body })=>{
+                        const patreonData = body.data.attributes;
+                        return {
+                            username: patreonData.full_name,
+                            email: patreonData.email
+                        };
+                    });
+                }
+            },
+            keycloak: {
+                enabled: false,
+                icon: '',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    subdomain: 'myKeycloakProvider.com/realms/myrealm',
+                    callback: `${baseURL}/keycloak/callback`,
+                    scope: [
+                        'openid',
+                        'email',
+                        'profile'
+                    ]
+                },
+                async authCallback ({ accessToken, providers }) {
+                    const keycloak = purest({
+                        provider: 'keycloak'
+                    });
+                    return keycloak.subdomain(providers.keycloak.subdomain).get('protocol/openid-connect/userinfo').auth(accessToken).request().then(({ body })=>{
+                        return {
+                            username: body.preferred_username,
+                            email: body.email
+                        };
+                    });
+                }
+            }
+        });
+    providersRegistry = ()=>{
+        const purest = require$$4;
+        const apiPrefix = strapi.config.get('api.rest.prefix');
+        const baseURL = urljoin(strapi.config.server.url, apiPrefix, 'auth');
+        const authProviders = initProviders({
+            baseURL,
+            purest
+        });
+        /**
+	   * @public
+	   */ return {
+            getAll () {
+                return authProviders;
+            },
+            get (name) {
+                return authProviders[name];
+            },
+            add (name, config) {
+                authProviders[name] = config;
+            },
+            remove (name) {
+                delete authProviders[name];
+            },
+            /**
+	     * @internal
+	     */ async run ({ provider, accessToken, query, providers }) {
+                const authProvider = authProviders[provider];
+                assert(authProvider, 'Unknown auth provider');
+                return authProvider.authCallback({
+                    accessToken,
+                    query,
+                    providers,
+                    purest
+                });
+            }
+        };
+    };
+    return providersRegistry;
+}
+
+exports.__require = requireProvidersRegistry;
+//# sourceMappingURL=providers-registry.js.map

package/dist/server/services/providers-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"providers-registry.js","sources":["../../../server/services/providers-registry.js"],"sourcesContent":["'use strict';\n\nconst { strict: assert } = require('assert');\nconst jwt = require('jsonwebtoken');\nconst urljoin = require('url-join');\nconst jwkToPem = require('jwk-to-pem');\n\nconst getCognitoPayload = async ({ idToken, jwksUrl, purest }) => {\n  const {\n    header: { kid },\n    payload,\n  } = jwt.decode(idToken, { complete: true });\n\n  if (!payload || !kid) {\n    throw new Error('The provided token is not valid');\n  }\n\n  const config = {\n    cognito: {\n      discovery: {\n        origin: jwksUrl.origin,\n        path: jwksUrl.pathname,\n      },\n    },\n  };\n  try {\n    const cognito = purest({ provider: 'cognito', config });\n    // get the JSON Web Key (JWK) for the user pool\n    const { body: jwk } = await cognito('discovery').request();\n    // Get the key with the same Key ID as the provided token\n    const key = jwk.keys.find(({ kid: jwkKid }) => jwkKid === kid);\n    const pem = jwkToPem(key);\n\n    // https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html\n    const decodedToken = await new Promise((resolve, reject) => {\n      jwt.verify(idToken, pem, { algorithms: ['RS256'] }, (err, decodedToken) => {\n        if (err) {\n          reject();\n        }\n        resolve(decodedToken);\n      });\n    });\n    return decodedToken;\n  } catch (err) {\n    throw new Error('There was an error verifying the token');\n  }\n};\n\nconst initProviders = ({ baseURL, purest }) => ({\n  email: {\n    enabled: true,\n    icon: 'envelope',\n    grantConfig: {},\n  },\n  discord: {\n    enabled: false,\n    icon: 'discord',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callbackUrl: `${baseURL}/discord/callback`,\n      scope: ['identify', 'email'],\n    },\n    async authCallback({ accessToken }) {\n      const discord = purest({ provider: 'discord' });\n\n      return discord\n        .get('users/@me')\n        .auth(accessToken)\n        .request()\n        .then(({ body }) => {\n          // Combine username and discriminator (if discriminator exists and not equal to 0)\n          const username =\n            body.discriminator && body.discriminator !== '0'\n              ? `${body.username}#${body.discriminator}`\n              : body.username;\n          return {\n            username,\n            email: body.email,\n          };\n        });\n    },\n  },\n  facebook: {\n    enabled: false,\n    icon: 'facebook-square',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callbackUrl: `${baseURL}/facebook/callback`,\n      scope: ['email'],\n    },\n    async authCallback({ accessToken }) {\n      const facebook = purest({ provider: 'facebook' });\n\n      return facebook\n        .get('me')\n        .auth(accessToken)\n        .qs({ fields: 'name,email' })\n        .request()\n        .then(({ body }) => ({\n          username: body.name,\n          email: body.email,\n        }));\n    },\n  },\n  google: {\n    enabled: false,\n    icon: 'google',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callbackUrl: `${baseURL}/google/callback`,\n      scope: ['email'],\n    },\n    async authCallback({ accessToken }) {\n      const google = purest({ provider: 'google' });\n\n      return google\n        .query('oauth')\n        .get('tokeninfo')\n        .qs({ accessToken })\n        .request()\n        .then(({ body }) => ({\n          username: body.email.split('@')[0],\n          email: body.email,\n        }));\n    },\n  },\n  github: {\n    enabled: false,\n    icon: 'github',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callbackUrl: `${baseURL}/github/callback`,\n      scope: ['user', 'user:email'],\n    },\n    async authCallback({ accessToken }) {\n      const github = purest({\n        provider: 'github',\n        defaults: {\n          headers: {\n            'user-agent': 'strapi',\n          },\n        },\n      });\n\n      const { body: userBody } = await github.get('user').auth(accessToken).request();\n\n      // This is the public email on the github profile\n      if (userBody.email) {\n        return {\n          username: userBody.login,\n          email: userBody.email,\n        };\n      }\n      // Get the email with Github's user/emails API\n      const { body: emailBody } = await github.get('user/emails').auth(accessToken).request();\n\n      return {\n        username: userBody.login,\n        email: Array.isArray(emailBody)\n          ? emailBody.find((email) => email.primary === true).email\n          : null,\n      };\n    },\n  },\n  microsoft: {\n    enabled: false,\n    icon: 'windows',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callbackUrl: `${baseURL}/microsoft/callback`,\n      scope: ['user.read'],\n    },\n    async authCallback({ accessToken }) {\n      const microsoft = purest({ provider: 'microsoft' });\n\n      return microsoft\n        .get('me')\n        .auth(accessToken)\n        .request()\n        .then(({ body }) => ({\n          username: body.userPrincipalName,\n          email: body.userPrincipalName,\n        }));\n    },\n  },\n\n  twitter: {\n    enabled: false,\n    icon: 'twitter',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callbackUrl: `${baseURL}/twitter/callback`,\n    },\n    async authCallback({ accessToken, query, providers }) {\n      const twitter = purest({\n        provider: 'twitter',\n        defaults: {\n          oauth: {\n            consumer_key: providers.twitter.key,\n            consumer_secret: providers.twitter.secret,\n          },\n        },\n      });\n\n      return twitter\n        .get('account/verify_credentials')\n        .auth(accessToken, query.access_secret)\n        .qs({ screen_name: query['raw[screen_name]'], include_email: 'true' })\n        .request()\n        .then(({ body }) => ({\n          username: body.screen_name,\n          email: body.email,\n        }));\n    },\n  },\n  instagram: {\n    enabled: false,\n    icon: 'instagram',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callbackUrl: `${baseURL}/instagram/callback`,\n      scope: ['user_profile'],\n    },\n    async authCallback({ accessToken }) {\n      const instagram = purest({ provider: 'instagram' });\n\n      return instagram\n        .get('me')\n        .auth(accessToken)\n        .qs({ fields: 'id,username' })\n        .request()\n        .then(({ body }) => ({\n          username: body.username,\n          email: `${body.username}@strapi.io`, // dummy email as Instagram does not provide user email\n        }));\n    },\n  },\n  vk: {\n    enabled: false,\n    icon: 'vk',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callbackUrl: `${baseURL}/vk/callback`,\n      scope: ['email'],\n    },\n    async authCallback({ accessToken, query }) {\n      const vk = purest({ provider: 'vk' });\n\n      return vk\n        .get('users')\n        .auth(accessToken)\n        .qs({ id: query.raw.user_id, v: '5.122' })\n        .request()\n        .then(({ body }) => ({\n          username: `${body.response[0].last_name} ${body.response[0].first_name}`,\n          email: query.raw.email,\n        }));\n    },\n  },\n\n  twitch: {\n    enabled: false,\n    icon: 'twitch',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callbackUrl: `${baseURL}/twitch/callback`,\n      scope: ['user:read:email'],\n    },\n    async authCallback({ accessToken, providers }) {\n      const twitch = purest({\n        provider: 'twitch',\n        config: {\n          twitch: {\n            default: {\n              origin: 'https://api.twitch.tv',\n              path: 'helix/{path}',\n              headers: {\n                Authorization: 'Bearer {auth}',\n                'Client-Id': '{auth}',\n              },\n            },\n          },\n        },\n      });\n\n      return twitch\n        .get('users')\n        .auth(accessToken, providers.twitch.key)\n        .request()\n        .then(({ body }) => ({\n          username: body.data[0].login,\n          email: body.data[0].email,\n        }));\n    },\n  },\n\n  linkedin: {\n    enabled: false,\n    icon: 'linkedin',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callbackUrl: `${baseURL}/linkedin/callback`,\n      scope: ['r_liteprofile', 'r_emailaddress'],\n    },\n    async authCallback({ accessToken }) {\n      const linkedIn = purest({ provider: 'linkedin' });\n      const {\n        body: { localizedFirstName },\n      } = await linkedIn.get('me').auth(accessToken).request();\n      const {\n        body: { elements },\n      } = await linkedIn\n        .get('emailAddress?q=members&projection=(elements*(handle~))')\n        .auth(accessToken)\n        .request();\n\n      const email = elements[0]['handle~'];\n\n      return {\n        username: localizedFirstName,\n        email: email.emailAddress,\n      };\n    },\n  },\n\n  cognito: {\n    enabled: false,\n    icon: 'aws',\n    grantConfig: {\n      key: '',\n      secret: '',\n      subdomain: 'my.subdomain.com',\n      callback: `${baseURL}/cognito/callback`,\n      scope: ['email', 'openid', 'profile'],\n    },\n    async authCallback({ query, providers }) {\n      const jwksUrl = new URL(providers.cognito.jwksurl);\n      const idToken = query.id_token;\n      const tokenPayload = await getCognitoPayload({ idToken, jwksUrl, purest });\n      return {\n        username: tokenPayload['cognito:username'],\n        email: tokenPayload.email,\n      };\n    },\n  },\n\n  reddit: {\n    enabled: false,\n    icon: 'reddit',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callback: `${baseURL}/reddit/callback`,\n      scope: ['identity'],\n    },\n    async authCallback({ accessToken }) {\n      const reddit = purest({\n        provider: 'reddit',\n        config: {\n          reddit: {\n            default: {\n              origin: 'https://oauth.reddit.com',\n              path: 'api/{version}/{path}',\n              version: 'v1',\n              headers: {\n                Authorization: 'Bearer {auth}',\n                'user-agent': 'strapi',\n              },\n            },\n          },\n        },\n      });\n\n      return reddit\n        .get('me')\n        .auth(accessToken)\n        .request()\n        .then(({ body }) => ({\n          username: body.name,\n          email: `${body.name}@strapi.io`, // dummy email as Reddit does not provide user email\n        }));\n    },\n  },\n\n  auth0: {\n    enabled: false,\n    icon: '',\n    grantConfig: {\n      key: '',\n      secret: '',\n      subdomain: 'my-tenant.eu',\n      callback: `${baseURL}/auth0/callback`,\n      scope: ['openid', 'email', 'profile'],\n    },\n    async authCallback({ accessToken, providers }) {\n      const auth0 = purest({ provider: 'auth0' });\n\n      return auth0\n        .get('userinfo')\n        .subdomain(providers.auth0.subdomain)\n        .auth(accessToken)\n        .request()\n        .then(({ body }) => {\n          const username = body.username || body.nickname || body.name || body.email.split('@')[0];\n          const email = body.email || `${username.replace(/\\s+/g, '.')}@strapi.io`;\n\n          return {\n            username,\n            email,\n          };\n        });\n    },\n  },\n\n  cas: {\n    enabled: false,\n    icon: 'book',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callback: `${baseURL}/cas/callback`,\n      scope: ['openid email'], // scopes should be space delimited\n      subdomain: 'my.subdomain.com/cas',\n    },\n    async authCallback({ accessToken, providers }) {\n      const cas = purest({ provider: 'cas' });\n\n      return cas\n        .get('oidc/profile')\n        .subdomain(providers.cas.subdomain)\n        .auth(accessToken)\n        .request()\n        .then(({ body }) => {\n          // CAS attribute may be in body.attributes or \"FLAT\", depending on CAS config\n          const username = body.attributes\n            ? body.attributes.strapiusername || body.id || body.sub\n            : body.strapiusername || body.id || body.sub;\n          const email = body.attributes\n            ? body.attributes.strapiemail || body.attributes.email\n            : body.strapiemail || body.email;\n          if (!username || !email) {\n            strapi.log.warn(\n              `CAS Response Body did not contain required attributes: ${JSON.stringify(body)}`\n            );\n          }\n          return {\n            username,\n            email,\n          };\n        });\n    },\n  },\n\n  patreon: {\n    enabled: false,\n    icon: '',\n    grantConfig: {\n      key: '',\n      secret: '',\n      callback: `${baseURL}/patreon/callback`,\n      scope: ['identity', 'identity[email]'],\n    },\n    async authCallback({ accessToken }) {\n      const patreon = purest({\n        provider: 'patreon',\n        config: {\n          patreon: {\n            default: {\n              origin: 'https://www.patreon.com',\n              path: 'api/oauth2/{path}',\n              headers: {\n                authorization: 'Bearer {auth}',\n              },\n            },\n          },\n        },\n      });\n\n      return patreon\n        .get('v2/identity')\n        .auth(accessToken)\n        .qs(new URLSearchParams({ 'fields[user]': 'full_name,email' }).toString())\n        .request()\n        .then(({ body }) => {\n          const patreonData = body.data.attributes;\n          return {\n            username: patreonData.full_name,\n            email: patreonData.email,\n          };\n        });\n    },\n  },\n  keycloak: {\n    enabled: false,\n    icon: '',\n    grantConfig: {\n      key: '',\n      secret: '',\n      subdomain: 'myKeycloakProvider.com/realms/myrealm',\n      callback: `${baseURL}/keycloak/callback`,\n      scope: ['openid', 'email', 'profile'],\n    },\n    async authCallback({ accessToken, providers }) {\n      const keycloak = purest({ provider: 'keycloak' });\n\n      return keycloak\n        .subdomain(providers.keycloak.subdomain)\n        .get('protocol/openid-connect/userinfo')\n        .auth(accessToken)\n        .request()\n        .then(({ body }) => {\n          return {\n            username: body.preferred_username,\n            email: body.email,\n          };\n        });\n    },\n  },\n});\n\nmodule.exports = () => {\n  const purest = require('purest');\n\n  const apiPrefix = strapi.config.get('api.rest.prefix');\n  const baseURL = urljoin(strapi.config.server.url, apiPrefix, 'auth');\n\n  const authProviders = initProviders({ baseURL, purest });\n\n  /**\n   * @public\n   */\n  return {\n    getAll() {\n      return authProviders;\n    },\n    get(name) {\n      return authProviders[name];\n    },\n    add(name, config) {\n      authProviders[name] = config;\n    },\n    remove(name) {\n      delete authProviders[name];\n    },\n\n    /**\n     * @internal\n     */\n    async run({ provider, accessToken, query, providers }) {\n      const authProvider = authProviders[provider];\n\n      assert(authProvider, 'Unknown auth provider');\n\n      return authProvider.authCallback({ accessToken, query, providers, purest });\n    },\n  };\n};\n"],"names":["strict","assert","require$$0","jwt","require$$1","urljoin","require$$2","jwkToPem","require$$3","getCognitoPayload","idToken","jwksUrl","purest","header","kid","payload","decode","complete","Error","config","cognito","discovery","origin","path","pathname","provider","body","jwk","request","key","keys","find","jwkKid","pem","decodedToken","Promise","resolve","reject","verify","algorithms","err","initProviders","baseURL","email","enabled","icon","grantConfig","discord","secret","callbackUrl","scope","authCallback","accessToken","get","auth","then","username","discriminator","facebook","qs","fields","name","google","query","split","github","defaults","headers","userBody","login","emailBody","Array","isArray","primary","microsoft","userPrincipalName","twitter","providers","oauth","consumer_key","consumer_secret","access_secret","screen_name","include_email","instagram","vk","id","raw","user_id","v","response","last_name","first_name","twitch","default","Authorization","data","linkedin","linkedIn","localizedFirstName","elements","emailAddress","subdomain","callback","URL","jwksurl","id_token","tokenPayload","reddit","version","auth0","nickname","replace","cas","attributes","strapiusername","sub","strapiemail","strapi","log","warn","JSON","stringify","patreon","authorization","URLSearchParams","toString","patreonData","full_name","keycloak","preferred_username","providersRegistry","require$$4","apiPrefix","server","url","authProviders","getAll","add","remove","run","authProvider"],"mappings":";;;;;;;;;;;;;AAEA,IAAA,MAAM,EAAEA,MAAAA,EAAQC,MAAM,EAAE,GAAGC,UAAAA;AAC3B,IAAA,MAAMC,GAAMC,GAAAA,UAAAA;AACZ,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;AAChB,IAAA,MAAMC,QAAWC,GAAAA,UAAAA;IAEjB,MAAMC,iBAAAA,GAAoB,OAAO,EAAEC,OAAO,EAAEC,OAAO,EAAEC,MAAM,EAAE,GAAA;AAC3D,QAAA,MAAM,EACJC,MAAAA,EAAQ,EAAEC,GAAG,EAAE,EACfC,OAAO,EACR,GAAGZ,GAAAA,CAAIa,MAAM,CAACN,OAAS,EAAA;YAAEO,QAAU,EAAA;AAAI,SAAA,CAAA;QAExC,IAAI,CAACF,OAAW,IAAA,CAACD,GAAK,EAAA;AACpB,YAAA,MAAM,IAAII,KAAM,CAAA,iCAAA,CAAA;AACjB;AAED,QAAA,MAAMC,MAAS,GAAA;YACbC,OAAS,EAAA;gBACPC,SAAW,EAAA;AACTC,oBAAAA,MAAAA,EAAQX,QAAQW,MAAM;AACtBC,oBAAAA,IAAAA,EAAMZ,QAAQa;AACf;AACF;AACL,SAAA;QACE,IAAI;AACF,YAAA,MAAMJ,UAAUR,MAAO,CAAA;gBAAEa,QAAU,EAAA,SAAA;AAAWN,gBAAAA;AAAM,aAAA,CAAA;;YAEpD,MAAM,EAAEO,MAAMC,GAAG,EAAE,GAAG,MAAMP,OAAAA,CAAQ,aAAaQ,OAAO,EAAA;;AAExD,YAAA,MAAMC,GAAMF,GAAAA,GAAAA,CAAIG,IAAI,CAACC,IAAI,CAAC,CAAC,EAAEjB,GAAKkB,EAAAA,MAAM,EAAE,GAAKA,MAAWlB,KAAAA,GAAAA,CAAAA;AAC1D,YAAA,MAAMmB,MAAM1B,QAASsB,CAAAA,GAAAA,CAAAA;;AAGrB,YAAA,MAAMK,YAAe,GAAA,MAAM,IAAIC,OAAAA,CAAQ,CAACC,OAASC,EAAAA,MAAAA,GAAAA;gBAC/ClC,GAAImC,CAAAA,MAAM,CAAC5B,OAAAA,EAASuB,GAAK,EAAA;oBAAEM,UAAY,EAAA;AAAC,wBAAA;AAAQ;AAAE,iBAAA,EAAE,CAACC,GAAKN,EAAAA,YAAAA,GAAAA;AACxD,oBAAA,IAAIM,GAAK,EAAA;AACPH,wBAAAA,MAAAA,EAAAA;AACD;oBACDD,OAAQF,CAAAA,YAAAA,CAAAA;AAChB,iBAAA,CAAA;AACA,aAAA,CAAA;YACI,OAAOA,YAAAA;AACR,SAAA,CAAC,OAAOM,GAAK,EAAA;AACZ,YAAA,MAAM,IAAItB,KAAM,CAAA,wCAAA,CAAA;AACjB;AACH,KAAA;IAEA,MAAMuB,aAAAA,GAAgB,CAAC,EAAEC,OAAO,EAAE9B,MAAM,EAAE,IAAM;YAC9C+B,KAAO,EAAA;gBACLC,OAAS,EAAA,IAAA;gBACTC,IAAM,EAAA,UAAA;AACNC,gBAAAA,WAAAA,EAAa;AACd,aAAA;YACDC,OAAS,EAAA;gBACPH,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,SAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRC,oBAAAA,WAAAA,EAAa,CAAC,EAAEP,OAAQ,CAAA,iBAAiB,CAAC;oBAC1CQ,KAAO,EAAA;AAAC,wBAAA,UAAA;AAAY,wBAAA;AAAQ;AAC7B,iBAAA;gBACD,MAAMC,YAAAA,CAAAA,CAAa,EAAEC,WAAW,EAAE,EAAA;AAChC,oBAAA,MAAML,UAAUnC,MAAO,CAAA;wBAAEa,QAAU,EAAA;AAAW,qBAAA,CAAA;AAE9C,oBAAA,OAAOsB,OACJM,CAAAA,GAAG,CAAC,WAAA,CAAA,CACJC,IAAI,CAACF,WAAAA,CAAAA,CACLxB,OAAO,EAAA,CACP2B,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,GAAA;;wBAEb,MAAM8B,QAAAA,GACJ9B,KAAK+B,aAAa,IAAI/B,KAAK+B,aAAa,KAAK,MACzC,CAAC,EAAE/B,KAAK8B,QAAQ,CAAC,CAAC,EAAE9B,IAAAA,CAAK+B,aAAa,CAAC,CAAC,GACxC/B,IAAAA,CAAK8B,QAAQ;wBACnB,OAAO;AACLA,4BAAAA,QAAAA;AACAb,4BAAAA,KAAAA,EAAOjB,KAAKiB;AACxB,yBAAA;AACA,qBAAA,CAAA;AACK;AACF,aAAA;YACDe,QAAU,EAAA;gBACRd,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,iBAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRC,oBAAAA,WAAAA,EAAa,CAAC,EAAEP,OAAQ,CAAA,kBAAkB,CAAC;oBAC3CQ,KAAO,EAAA;AAAC,wBAAA;AAAQ;AACjB,iBAAA;gBACD,MAAMC,YAAAA,CAAAA,CAAa,EAAEC,WAAW,EAAE,EAAA;AAChC,oBAAA,MAAMM,WAAW9C,MAAO,CAAA;wBAAEa,QAAU,EAAA;AAAY,qBAAA,CAAA;oBAEhD,OAAOiC,QAAAA,CACJL,GAAG,CAAC,IAAA,CAAA,CACJC,IAAI,CAACF,WAAAA,CAAAA,CACLO,EAAE,CAAC;wBAAEC,MAAQ,EAAA;qBACbhC,CAAAA,CAAAA,OAAO,GACP2B,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,IAAM;AACnB8B,4BAAAA,QAAAA,EAAU9B,KAAKmC,IAAI;AACnBlB,4BAAAA,KAAAA,EAAOjB,KAAKiB;yBACb,CAAA,CAAA;AACJ;AACF,aAAA;YACDmB,MAAQ,EAAA;gBACNlB,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,QAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRC,oBAAAA,WAAAA,EAAa,CAAC,EAAEP,OAAQ,CAAA,gBAAgB,CAAC;oBACzCQ,KAAO,EAAA;AAAC,wBAAA;AAAQ;AACjB,iBAAA;gBACD,MAAMC,YAAAA,CAAAA,CAAa,EAAEC,WAAW,EAAE,EAAA;AAChC,oBAAA,MAAMU,SAASlD,MAAO,CAAA;wBAAEa,QAAU,EAAA;AAAU,qBAAA,CAAA;oBAE5C,OAAOqC,MAAAA,CACJC,KAAK,CAAC,OAAA,CAAA,CACNV,GAAG,CAAC,WAAA,CAAA,CACJM,EAAE,CAAC;AAAEP,wBAAAA;qBACLxB,CAAAA,CAAAA,OAAO,GACP2B,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,IAAM;AACnB8B,4BAAAA,QAAAA,EAAU9B,KAAKiB,KAAK,CAACqB,KAAK,CAAC,GAAA,CAAI,CAAC,CAAE,CAAA;AAClCrB,4BAAAA,KAAAA,EAAOjB,KAAKiB;yBACb,CAAA,CAAA;AACJ;AACF,aAAA;YACDsB,MAAQ,EAAA;gBACNrB,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,QAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRC,oBAAAA,WAAAA,EAAa,CAAC,EAAEP,OAAQ,CAAA,gBAAgB,CAAC;oBACzCQ,KAAO,EAAA;AAAC,wBAAA,MAAA;AAAQ,wBAAA;AAAa;AAC9B,iBAAA;gBACD,MAAMC,YAAAA,CAAAA,CAAa,EAAEC,WAAW,EAAE,EAAA;AAChC,oBAAA,MAAMa,SAASrD,MAAO,CAAA;wBACpBa,QAAU,EAAA,QAAA;wBACVyC,QAAU,EAAA;4BACRC,OAAS,EAAA;gCACP,YAAc,EAAA;AACf;AACF;AACT,qBAAA,CAAA;AAEM,oBAAA,MAAM,EAAEzC,IAAAA,EAAM0C,QAAQ,EAAE,GAAG,MAAMH,MAAOZ,CAAAA,GAAG,CAAC,MAAA,CAAA,CAAQC,IAAI,CAACF,aAAaxB,OAAO,EAAA;;oBAG7E,IAAIwC,QAAAA,CAASzB,KAAK,EAAE;wBAClB,OAAO;AACLa,4BAAAA,QAAAA,EAAUY,SAASC,KAAK;AACxB1B,4BAAAA,KAAAA,EAAOyB,SAASzB;AAC1B,yBAAA;AACO;;AAED,oBAAA,MAAM,EAAEjB,IAAAA,EAAM4C,SAAS,EAAE,GAAG,MAAML,MAAOZ,CAAAA,GAAG,CAAC,aAAA,CAAA,CAAeC,IAAI,CAACF,aAAaxB,OAAO,EAAA;oBAErF,OAAO;AACL4B,wBAAAA,QAAAA,EAAUY,SAASC,KAAK;AACxB1B,wBAAAA,KAAAA,EAAO4B,KAAMC,CAAAA,OAAO,CAACF,SAAAA,CAAAA,GACjBA,UAAUvC,IAAI,CAAC,CAACY,KAAAA,GAAUA,KAAM8B,CAAAA,OAAO,KAAK,IAAA,CAAA,CAAM9B,KAAK,GACvD;AACZ,qBAAA;AACK;AACF,aAAA;YACD+B,SAAW,EAAA;gBACT9B,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,SAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRC,oBAAAA,WAAAA,EAAa,CAAC,EAAEP,OAAQ,CAAA,mBAAmB,CAAC;oBAC5CQ,KAAO,EAAA;AAAC,wBAAA;AAAY;AACrB,iBAAA;gBACD,MAAMC,YAAAA,CAAAA,CAAa,EAAEC,WAAW,EAAE,EAAA;AAChC,oBAAA,MAAMsB,YAAY9D,MAAO,CAAA;wBAAEa,QAAU,EAAA;AAAa,qBAAA,CAAA;AAElD,oBAAA,OAAOiD,UACJrB,GAAG,CAAC,IACJC,CAAAA,CAAAA,IAAI,CAACF,WACLxB,CAAAA,CAAAA,OAAO,EACP2B,CAAAA,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,IAAM;AACnB8B,4BAAAA,QAAAA,EAAU9B,KAAKiD,iBAAiB;AAChChC,4BAAAA,KAAAA,EAAOjB,KAAKiD;yBACb,CAAA,CAAA;AACJ;AACF,aAAA;YAEDC,OAAS,EAAA;gBACPhC,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,SAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRC,oBAAAA,WAAAA,EAAa,CAAC,EAAEP,OAAQ,CAAA,iBAAiB;AAC1C,iBAAA;AACD,gBAAA,MAAMS,cAAa,EAAEC,WAAW,EAAEW,KAAK,EAAEc,SAAS,EAAE,EAAA;AAClD,oBAAA,MAAMD,UAAUhE,MAAO,CAAA;wBACrBa,QAAU,EAAA,SAAA;wBACVyC,QAAU,EAAA;4BACRY,KAAO,EAAA;gCACLC,YAAcF,EAAAA,SAAAA,CAAUD,OAAO,CAAC/C,GAAG;gCACnCmD,eAAiBH,EAAAA,SAAAA,CAAUD,OAAO,CAAC5B;AACpC;AACF;AACT,qBAAA,CAAA;oBAEM,OAAO4B,OAAAA,CACJvB,GAAG,CAAC,4BACJC,CAAAA,CAAAA,IAAI,CAACF,WAAAA,EAAaW,KAAMkB,CAAAA,aAAa,CACrCtB,CAAAA,EAAE,CAAC;wBAAEuB,WAAanB,EAAAA,KAAK,CAAC,kBAAmB,CAAA;wBAAEoB,aAAe,EAAA;qBAC5DvD,CAAAA,CAAAA,OAAO,GACP2B,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,IAAM;AACnB8B,4BAAAA,QAAAA,EAAU9B,KAAKwD,WAAW;AAC1BvC,4BAAAA,KAAAA,EAAOjB,KAAKiB;yBACb,CAAA,CAAA;AACJ;AACF,aAAA;YACDyC,SAAW,EAAA;gBACTxC,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,WAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRC,oBAAAA,WAAAA,EAAa,CAAC,EAAEP,OAAQ,CAAA,mBAAmB,CAAC;oBAC5CQ,KAAO,EAAA;AAAC,wBAAA;AAAe;AACxB,iBAAA;gBACD,MAAMC,YAAAA,CAAAA,CAAa,EAAEC,WAAW,EAAE,EAAA;AAChC,oBAAA,MAAMgC,YAAYxE,MAAO,CAAA;wBAAEa,QAAU,EAAA;AAAa,qBAAA,CAAA;oBAElD,OAAO2D,SAAAA,CACJ/B,GAAG,CAAC,IAAA,CAAA,CACJC,IAAI,CAACF,WAAAA,CAAAA,CACLO,EAAE,CAAC;wBAAEC,MAAQ,EAAA;qBACbhC,CAAAA,CAAAA,OAAO,GACP2B,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,IAAM;AACnB8B,4BAAAA,QAAAA,EAAU9B,KAAK8B,QAAQ;AACvBb,4BAAAA,KAAAA,EAAO,CAAC,EAAEjB,IAAAA,CAAK8B,QAAQ,CAAC,UAAU;yBACnC,CAAA,CAAA;AACJ;AACF,aAAA;YACD6B,EAAI,EAAA;gBACFzC,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,IAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRC,oBAAAA,WAAAA,EAAa,CAAC,EAAEP,OAAQ,CAAA,YAAY,CAAC;oBACrCQ,KAAO,EAAA;AAAC,wBAAA;AAAQ;AACjB,iBAAA;AACD,gBAAA,MAAMC,YAAa,CAAA,CAAA,EAAEC,WAAW,EAAEW,KAAK,EAAE,EAAA;AACvC,oBAAA,MAAMsB,KAAKzE,MAAO,CAAA;wBAAEa,QAAU,EAAA;AAAM,qBAAA,CAAA;oBAEpC,OAAO4D,EAAAA,CACJhC,GAAG,CAAC,OAAA,CAAA,CACJC,IAAI,CAACF,WAAAA,CAAAA,CACLO,EAAE,CAAC;wBAAE2B,EAAIvB,EAAAA,KAAAA,CAAMwB,GAAG,CAACC,OAAO;wBAAEC,CAAG,EAAA;qBAC/B7D,CAAAA,CAAAA,OAAO,GACP2B,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,IAAM;AACnB8B,4BAAAA,QAAAA,EAAU,CAAC,EAAE9B,IAAAA,CAAKgE,QAAQ,CAAC,CAAA,CAAE,CAACC,SAAS,CAAC,CAAC,EAAEjE,KAAKgE,QAAQ,CAAC,EAAE,CAACE,UAAU,CAAC,CAAC;4BACxEjD,KAAOoB,EAAAA,KAAAA,CAAMwB,GAAG,CAAC5C;yBAClB,CAAA,CAAA;AACJ;AACF,aAAA;YAEDkD,MAAQ,EAAA;gBACNjD,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,QAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRC,oBAAAA,WAAAA,EAAa,CAAC,EAAEP,OAAQ,CAAA,gBAAgB,CAAC;oBACzCQ,KAAO,EAAA;AAAC,wBAAA;AAAkB;AAC3B,iBAAA;AACD,gBAAA,MAAMC,YAAa,CAAA,CAAA,EAAEC,WAAW,EAAEyB,SAAS,EAAE,EAAA;AAC3C,oBAAA,MAAMgB,SAASjF,MAAO,CAAA;wBACpBa,QAAU,EAAA,QAAA;wBACVN,MAAQ,EAAA;4BACN0E,MAAQ,EAAA;gCACNC,OAAS,EAAA;oCACPxE,MAAQ,EAAA,uBAAA;oCACRC,IAAM,EAAA,cAAA;oCACN4C,OAAS,EAAA;wCACP4B,aAAe,EAAA,eAAA;wCACf,WAAa,EAAA;AACd;AACF;AACF;AACF;AACT,qBAAA,CAAA;oBAEM,OAAOF,MAAAA,CACJxC,GAAG,CAAC,OAAA,CAAA,CACJC,IAAI,CAACF,WAAAA,EAAayB,UAAUgB,MAAM,CAAChE,GAAG,CACtCD,CAAAA,OAAO,GACP2B,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,IAAM;AACnB8B,4BAAAA,QAAAA,EAAU9B,IAAKsE,CAAAA,IAAI,CAAC,CAAA,CAAE,CAAC3B,KAAK;AAC5B1B,4BAAAA,KAAAA,EAAOjB,IAAKsE,CAAAA,IAAI,CAAC,CAAA,CAAE,CAACrD;yBACrB,CAAA,CAAA;AACJ;AACF,aAAA;YAEDsD,QAAU,EAAA;gBACRrD,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,UAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRC,oBAAAA,WAAAA,EAAa,CAAC,EAAEP,OAAQ,CAAA,kBAAkB,CAAC;oBAC3CQ,KAAO,EAAA;AAAC,wBAAA,eAAA;AAAiB,wBAAA;AAAiB;AAC3C,iBAAA;gBACD,MAAMC,YAAAA,CAAAA,CAAa,EAAEC,WAAW,EAAE,EAAA;AAChC,oBAAA,MAAM8C,WAAWtF,MAAO,CAAA;wBAAEa,QAAU,EAAA;AAAY,qBAAA,CAAA;AAChD,oBAAA,MAAM,EACJC,IAAAA,EAAM,EAAEyE,kBAAkB,EAAE,EAC7B,GAAG,MAAMD,QAAAA,CAAS7C,GAAG,CAAC,IAAA,CAAA,CAAMC,IAAI,CAACF,aAAaxB,OAAO,EAAA;AACtD,oBAAA,MAAM,EACJF,IAAAA,EAAM,EAAE0E,QAAQ,EAAE,EACnB,GAAG,MAAMF,QAAAA,CACP7C,GAAG,CAAC,wDAAA,CAAA,CACJC,IAAI,CAACF,aACLxB,OAAO,EAAA;AAEV,oBAAA,MAAMe,KAAQyD,GAAAA,QAAQ,CAAC,CAAA,CAAE,CAAC,SAAU,CAAA;oBAEpC,OAAO;wBACL5C,QAAU2C,EAAAA,kBAAAA;AACVxD,wBAAAA,KAAAA,EAAOA,MAAM0D;AACrB,qBAAA;AACK;AACF,aAAA;YAEDjF,OAAS,EAAA;gBACPwB,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,KAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;oBACRsD,SAAW,EAAA,kBAAA;AACXC,oBAAAA,QAAAA,EAAU,CAAC,EAAE7D,OAAQ,CAAA,iBAAiB,CAAC;oBACvCQ,KAAO,EAAA;AAAC,wBAAA,OAAA;AAAS,wBAAA,QAAA;AAAU,wBAAA;AAAU;AACtC,iBAAA;AACD,gBAAA,MAAMC,YAAa,CAAA,CAAA,EAAEY,KAAK,EAAEc,SAAS,EAAE,EAAA;AACrC,oBAAA,MAAMlE,UAAU,IAAI6F,GAAAA,CAAI3B,SAAUzD,CAAAA,OAAO,CAACqF,OAAO,CAAA;oBACjD,MAAM/F,OAAAA,GAAUqD,MAAM2C,QAAQ;oBAC9B,MAAMC,YAAAA,GAAe,MAAMlG,iBAAkB,CAAA;AAAEC,wBAAAA,OAAAA;AAASC,wBAAAA,OAAAA;AAASC,wBAAAA;AAAM,qBAAA,CAAA;oBACvE,OAAO;wBACL4C,QAAUmD,EAAAA,YAAY,CAAC,kBAAmB,CAAA;AAC1ChE,wBAAAA,KAAAA,EAAOgE,aAAahE;AAC5B,qBAAA;AACK;AACF,aAAA;YAEDiE,MAAQ,EAAA;gBACNhE,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,QAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRuD,oBAAAA,QAAAA,EAAU,CAAC,EAAE7D,OAAQ,CAAA,gBAAgB,CAAC;oBACtCQ,KAAO,EAAA;AAAC,wBAAA;AAAW;AACpB,iBAAA;gBACD,MAAMC,YAAAA,CAAAA,CAAa,EAAEC,WAAW,EAAE,EAAA;AAChC,oBAAA,MAAMwD,SAAShG,MAAO,CAAA;wBACpBa,QAAU,EAAA,QAAA;wBACVN,MAAQ,EAAA;4BACNyF,MAAQ,EAAA;gCACNd,OAAS,EAAA;oCACPxE,MAAQ,EAAA,0BAAA;oCACRC,IAAM,EAAA,sBAAA;oCACNsF,OAAS,EAAA,IAAA;oCACT1C,OAAS,EAAA;wCACP4B,aAAe,EAAA,eAAA;wCACf,YAAc,EAAA;AACf;AACF;AACF;AACF;AACT,qBAAA,CAAA;AAEM,oBAAA,OAAOa,OACJvD,GAAG,CAAC,IACJC,CAAAA,CAAAA,IAAI,CAACF,WACLxB,CAAAA,CAAAA,OAAO,EACP2B,CAAAA,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,IAAM;AACnB8B,4BAAAA,QAAAA,EAAU9B,KAAKmC,IAAI;AACnBlB,4BAAAA,KAAAA,EAAO,CAAC,EAAEjB,IAAAA,CAAKmC,IAAI,CAAC,UAAU;yBAC/B,CAAA,CAAA;AACJ;AACF,aAAA;YAEDiD,KAAO,EAAA;gBACLlE,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,EAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;oBACRsD,SAAW,EAAA,cAAA;AACXC,oBAAAA,QAAAA,EAAU,CAAC,EAAE7D,OAAQ,CAAA,eAAe,CAAC;oBACrCQ,KAAO,EAAA;AAAC,wBAAA,QAAA;AAAU,wBAAA,OAAA;AAAS,wBAAA;AAAU;AACtC,iBAAA;AACD,gBAAA,MAAMC,YAAa,CAAA,CAAA,EAAEC,WAAW,EAAEyB,SAAS,EAAE,EAAA;AAC3C,oBAAA,MAAMiC,QAAQlG,MAAO,CAAA;wBAAEa,QAAU,EAAA;AAAS,qBAAA,CAAA;oBAE1C,OAAOqF,KAAAA,CACJzD,GAAG,CAAC,UAAA,CAAA,CACJiD,SAAS,CAACzB,SAAAA,CAAUiC,KAAK,CAACR,SAAS,EACnChD,IAAI,CAACF,aACLxB,OAAO,EAAA,CACP2B,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,GAAA;AACb,wBAAA,MAAM8B,WAAW9B,IAAK8B,CAAAA,QAAQ,IAAI9B,IAAAA,CAAKqF,QAAQ,IAAIrF,IAAAA,CAAKmC,IAAI,IAAInC,KAAKiB,KAAK,CAACqB,KAAK,CAAC,GAAA,CAAI,CAAC,CAAE,CAAA;AACxF,wBAAA,MAAMrB,KAAQjB,GAAAA,IAAAA,CAAKiB,KAAK,IAAI,CAAC,EAAEa,QAASwD,CAAAA,OAAO,CAAC,MAAA,EAAQ,GAAK,CAAA,CAAA,UAAU,CAAC;wBAExE,OAAO;AACLxD,4BAAAA,QAAAA;AACAb,4BAAAA;AACZ,yBAAA;AACA,qBAAA,CAAA;AACK;AACF,aAAA;YAEDsE,GAAK,EAAA;gBACHrE,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,MAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRuD,oBAAAA,QAAAA,EAAU,CAAC,EAAE7D,OAAQ,CAAA,aAAa,CAAC;oBACnCQ,KAAO,EAAA;AAAC,wBAAA;AAAe,qBAAA;oBACvBoD,SAAW,EAAA;AACZ,iBAAA;AACD,gBAAA,MAAMnD,YAAa,CAAA,CAAA,EAAEC,WAAW,EAAEyB,SAAS,EAAE,EAAA;AAC3C,oBAAA,MAAMoC,MAAMrG,MAAO,CAAA;wBAAEa,QAAU,EAAA;AAAO,qBAAA,CAAA;oBAEtC,OAAOwF,GAAAA,CACJ5D,GAAG,CAAC,cAAA,CAAA,CACJiD,SAAS,CAACzB,SAAAA,CAAUoC,GAAG,CAACX,SAAS,EACjChD,IAAI,CAACF,aACLxB,OAAO,EAAA,CACP2B,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,GAAA;;wBAEb,MAAM8B,QAAAA,GAAW9B,KAAKwF,UAAU,GAC5BxF,KAAKwF,UAAU,CAACC,cAAc,IAAIzF,IAAK4D,CAAAA,EAAE,IAAI5D,IAAK0F,CAAAA,GAAG,GACrD1F,IAAKyF,CAAAA,cAAc,IAAIzF,IAAK4D,CAAAA,EAAE,IAAI5D,IAAAA,CAAK0F,GAAG;AAC9C,wBAAA,MAAMzE,QAAQjB,IAAKwF,CAAAA,UAAU,GACzBxF,IAAKwF,CAAAA,UAAU,CAACG,WAAW,IAAI3F,IAAKwF,CAAAA,UAAU,CAACvE,KAAK,GACpDjB,KAAK2F,WAAW,IAAI3F,KAAKiB,KAAK;wBAClC,IAAI,CAACa,QAAY,IAAA,CAACb,KAAO,EAAA;4BACvB2E,MAAOC,CAAAA,GAAG,CAACC,IAAI,CACb,CAAC,uDAAuD,EAAEC,IAAKC,CAAAA,SAAS,CAAChG,IAAAA,CAAAA,CAAM,CAAC,CAAA;AAEnF;wBACD,OAAO;AACL8B,4BAAAA,QAAAA;AACAb,4BAAAA;AACZ,yBAAA;AACA,qBAAA,CAAA;AACK;AACF,aAAA;YAEDgF,OAAS,EAAA;gBACP/E,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,EAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;AACRuD,oBAAAA,QAAAA,EAAU,CAAC,EAAE7D,OAAQ,CAAA,iBAAiB,CAAC;oBACvCQ,KAAO,EAAA;AAAC,wBAAA,UAAA;AAAY,wBAAA;AAAkB;AACvC,iBAAA;gBACD,MAAMC,YAAAA,CAAAA,CAAa,EAAEC,WAAW,EAAE,EAAA;AAChC,oBAAA,MAAMuE,UAAU/G,MAAO,CAAA;wBACrBa,QAAU,EAAA,SAAA;wBACVN,MAAQ,EAAA;4BACNwG,OAAS,EAAA;gCACP7B,OAAS,EAAA;oCACPxE,MAAQ,EAAA,yBAAA;oCACRC,IAAM,EAAA,mBAAA;oCACN4C,OAAS,EAAA;wCACPyD,aAAe,EAAA;AAChB;AACF;AACF;AACF;AACT,qBAAA,CAAA;oBAEM,OAAOD,OAAAA,CACJtE,GAAG,CAAC,aACJC,CAAAA,CAAAA,IAAI,CAACF,WACLO,CAAAA,CAAAA,EAAE,CAAC,IAAIkE,eAAgB,CAAA;wBAAE,cAAgB,EAAA;qBAAqBC,CAAAA,CAAAA,QAAQ,IACtElG,OAAO,EAAA,CACP2B,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,GAAA;AACb,wBAAA,MAAMqG,WAAcrG,GAAAA,IAAAA,CAAKsE,IAAI,CAACkB,UAAU;wBACxC,OAAO;AACL1D,4BAAAA,QAAAA,EAAUuE,YAAYC,SAAS;AAC/BrF,4BAAAA,KAAAA,EAAOoF,YAAYpF;AAC/B,yBAAA;AACA,qBAAA,CAAA;AACK;AACF,aAAA;YACDsF,QAAU,EAAA;gBACRrF,OAAS,EAAA,KAAA;gBACTC,IAAM,EAAA,EAAA;gBACNC,WAAa,EAAA;oBACXjB,GAAK,EAAA,EAAA;oBACLmB,MAAQ,EAAA,EAAA;oBACRsD,SAAW,EAAA,uCAAA;AACXC,oBAAAA,QAAAA,EAAU,CAAC,EAAE7D,OAAQ,CAAA,kBAAkB,CAAC;oBACxCQ,KAAO,EAAA;AAAC,wBAAA,QAAA;AAAU,wBAAA,OAAA;AAAS,wBAAA;AAAU;AACtC,iBAAA;AACD,gBAAA,MAAMC,YAAa,CAAA,CAAA,EAAEC,WAAW,EAAEyB,SAAS,EAAE,EAAA;AAC3C,oBAAA,MAAMoD,WAAWrH,MAAO,CAAA;wBAAEa,QAAU,EAAA;AAAY,qBAAA,CAAA;oBAEhD,OAAOwG,QAAAA,CACJ3B,SAAS,CAACzB,SAAAA,CAAUoD,QAAQ,CAAC3B,SAAS,EACtCjD,GAAG,CAAC,oCACJC,IAAI,CAACF,aACLxB,OAAO,EAAA,CACP2B,IAAI,CAAC,CAAC,EAAE7B,IAAI,EAAE,GAAA;wBACb,OAAO;AACL8B,4BAAAA,QAAAA,EAAU9B,KAAKwG,kBAAkB;AACjCvF,4BAAAA,KAAAA,EAAOjB,KAAKiB;AACxB,yBAAA;AACA,qBAAA,CAAA;AACK;AACF;SACH,CAAA;IAEAwF,iBAAiB,GAAA,IAAA;AACf,QAAA,MAAMvH,MAASwH,GAAAA,UAAAA;AAEf,QAAA,MAAMC,SAAYf,GAAAA,MAAAA,CAAOnG,MAAM,CAACkC,GAAG,CAAC,iBAAA,CAAA;QACpC,MAAMX,OAAAA,GAAUrC,QAAQiH,MAAOnG,CAAAA,MAAM,CAACmH,MAAM,CAACC,GAAG,EAAEF,SAAW,EAAA,MAAA,CAAA;AAE7D,QAAA,MAAMG,gBAAgB/F,aAAc,CAAA;AAAEC,YAAAA,OAAAA;AAAS9B,YAAAA;AAAQ,SAAA,CAAA;AAEzD;;AAEA,OACE,OAAO;AACL6H,YAAAA,MAAAA,CAAAA,GAAAA;gBACE,OAAOD,aAAAA;AACR,aAAA;AACDnF,YAAAA,GAAAA,CAAAA,CAAIQ,IAAI,EAAA;gBACN,OAAO2E,aAAa,CAAC3E,IAAK,CAAA;AAC3B,aAAA;YACD6E,GAAI7E,CAAAA,CAAAA,IAAI,EAAE1C,MAAM,EAAA;gBACdqH,aAAa,CAAC3E,KAAK,GAAG1C,MAAAA;AACvB,aAAA;AACDwH,YAAAA,MAAAA,CAAAA,CAAO9E,IAAI,EAAA;gBACT,OAAO2E,aAAa,CAAC3E,IAAK,CAAA;AAC3B,aAAA;AAEL;;SAGI,MAAM+E,GAAI,CAAA,CAAA,EAAEnH,QAAQ,EAAE2B,WAAW,EAAEW,KAAK,EAAEc,SAAS,EAAE,EAAA;gBACnD,MAAMgE,YAAAA,GAAeL,aAAa,CAAC/G,QAAS,CAAA;AAE5CxB,gBAAAA,MAAAA,CAAO4I,YAAc,EAAA,uBAAA,CAAA;gBAErB,OAAOA,YAAAA,CAAa1F,YAAY,CAAC;AAAEC,oBAAAA,WAAAA;AAAaW,oBAAAA,KAAAA;AAAOc,oBAAAA,SAAAA;AAAWjE,oBAAAA;AAAM,iBAAA,CAAA;AACzE;AACL,SAAA;AACA,KAAA;;;;;;"}