@strapi/plugin-users-permissions 5.33.2 → 5.33.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/server/controllers/auth.js +11 -11
  2. package/dist/server/controllers/auth.js.map +1 -1
  3. package/dist/server/controllers/auth.mjs +11 -11
  4. package/dist/server/controllers/auth.mjs.map +1 -1
  5. package/package.json +6 -6
  6. package/server/controllers/auth.js +13 -15
package/dist/server/controllers/auth.js CHANGED
@@ -209,10 +209,8 @@ function requireAuth() {
209
209
  const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
210
210
  if (mode === 'refresh') {
211
211
  const deviceId = extractDeviceId(ctx.request.body);
212
- if (deviceId) {
213
- // Invalidate sessions: specific device if deviceId provided
214
- await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id), deviceId);
215
- }
212
+ // Invalidate all sessions when password changes for security
213
+ await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));
216
214
  const newDeviceId = deviceId || crypto.randomUUID();
217
215
  const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), newDeviceId, {
218
216
  type: 'refresh'
@@ -255,10 +253,8 @@ function requireAuth() {
255
253
  const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
256
254
  if (mode === 'refresh') {
257
255
  const deviceId = extractDeviceId(ctx.request.body);
258
- if (deviceId) {
259
- // Invalidate sessions: specific device if deviceId provided
260
- await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id), deviceId);
261
- }
256
+ // Invalidate all sessions when password is reset for security
257
+ await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));
262
258
  const newDeviceId = deviceId || crypto.randomUUID();
263
259
  const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), newDeviceId, {
264
260
  type: 'refresh'
@@ -285,7 +281,13 @@ function requireAuth() {
285
281
  if (mode !== 'refresh') {
286
282
  return ctx.notFound();
287
283
  }
288
- const { refreshToken } = ctx.request.body || {};
284
+ const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
285
+ const cookieName = upSessions?.cookie?.name || 'strapi_up_refresh';
286
+ // Check for refresh token in cookie first (if httpOnly is configured), then in body
287
+ let refreshToken = ctx.cookies.get(cookieName);
288
+ if (!refreshToken) {
289
+ refreshToken = ctx.request.body?.refreshToken;
290
+ }
289
291
  if (!refreshToken || typeof refreshToken !== 'string') {
290
292
  return ctx.badRequest('Missing refresh token');
291
293
  }
@@ -297,10 +299,8 @@ function requireAuth() {
297
299
  if ('error' in result) {
298
300
  return ctx.unauthorized('Invalid refresh token');
299
301
  }
300
- const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
301
302
  const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
302
303
  if (upSessions?.httpOnly || requestHttpOnly) {
303
- const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';
304
304
  const isProduction = process.env.NODE_ENV === 'production';
305
305
  const isSecure = typeof upSessions.cookie?.secure === 'boolean' ? upSessions.cookie?.secure : isProduction;
306
306
  const cookieOptions = {
package/dist/server/controllers/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","sources":["../../../server/controllers/auth.js"],"sourcesContent":["'use strict';\n\n/**\n * Auth.js controller\n *\n * @description: A set of functions called \"actions\" for managing `Auth`.\n */\n\n/* eslint-disable no-useless-escape */\nconst crypto = require('crypto');\nconst _ = require('lodash');\nconst { concat, compact, isArray } = require('lodash/fp');\nconst utils = require('@strapi/utils');\nconst { getService } = require('../utils');\nconst {\n validateCallbackBody,\n validateRegisterBody,\n validateSendEmailConfirmationBody,\n validateForgotPasswordBody,\n validateResetPasswordBody,\n validateEmailConfirmationBody,\n validateChangePasswordBody,\n} = require('./validation/auth');\n\nconst { ApplicationError, ValidationError, ForbiddenError } = utils.errors;\n\nconst sanitizeUser = (user, ctx) => {\n const { auth } = ctx.state;\n const userSchema = strapi.getModel('plugin::users-permissions.user');\n\n return strapi.contentAPI.sanitize.output(user, userSchema, { auth });\n};\n\nconst extractDeviceId = (requestBody) => {\n const { deviceId } = requestBody || {};\n\n return typeof deviceId === 'string' && deviceId.length > 0 ? deviceId : undefined;\n};\n\nmodule.exports = ({ strapi }) => ({\n async callback(ctx) {\n const provider = ctx.params.provider || 'local';\n const params = ctx.request.body;\n\n const store = strapi.store({ type: 'plugin', name: 'users-permissions' });\n const grantSettings = await store.get({ key: 'grant' });\n\n const grantProvider = provider === 'local' ? 'email' : provider;\n\n if (!_.get(grantSettings, [grantProvider, 'enabled'])) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (provider === 'local') {\n await validateCallbackBody(params);\n\n const { identifier } = params;\n\n // Check if the user exists.\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: {\n provider,\n $or: [{ email: identifier.toLowerCase() }, { username: identifier }],\n },\n });\n\n if (!user) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n if (!user.password) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const validPassword = await getService('user').validatePassword(\n params.password,\n user.password\n );\n\n if (!validPassword) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const advancedSettings = await store.get({ key: 'advanced' });\n const requiresConfirmation = _.get(advancedSettings, 'email_confirmation');\n\n if (requiresConfirmation && user.confirmed !== true) {\n throw new ApplicationError('Your account email is not confirmed');\n }\n\n if (user.blocked === true) {\n throw new ApplicationError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean'\n ? upSessions.cookie?.secure\n : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n\n ctx.cookies.set(cookieName, refresh.token, cookieOptions);\n return ctx.send({ jwt: access.token, user: await sanitizeUser(user, ctx) });\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n }\n\n // Connect the user with the third-party provider.\n try {\n const user = await getService('providers').connect(provider, ctx.query);\n\n if (user.blocked) {\n throw new ForbiddenError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean'\n ? upSessions.cookie?.secure\n : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n ctx.cookies.set(cookieName, refresh.token, cookieOptions);\n return ctx.send({ jwt: access.token, user: await sanitizeUser(user, ctx) });\n }\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } catch (error) {\n throw new ApplicationError(error.message);\n }\n },\n\n async changePassword(ctx) {\n if (!ctx.state.user) {\n throw new ApplicationError('You must be authenticated to reset your password');\n }\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { currentPassword, password } = await validateChangePasswordBody(\n ctx.request.body,\n validations\n );\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { id: ctx.state.user.id } });\n\n const validPassword = await getService('user').validatePassword(currentPassword, user.password);\n\n if (!validPassword) {\n throw new ValidationError('The provided current password is invalid');\n }\n\n if (currentPassword === password) {\n throw new ValidationError('Your new password must be different than your current password');\n }\n\n await getService('user').edit(user.id, { password });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n if (deviceId) {\n // Invalidate sessions: specific device if deviceId provided\n await strapi\n .sessionManager('users-permissions')\n .invalidateRefreshToken(String(user.id), deviceId);\n }\n\n const newDeviceId = deviceId || crypto.randomUUID();\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), newDeviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n\n async resetPassword(ctx) {\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { password, passwordConfirmation, code } = await validateResetPasswordBody(\n ctx.request.body,\n validations\n );\n\n if (password !== passwordConfirmation) {\n throw new ValidationError('Passwords do not match');\n }\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { resetPasswordToken: code } });\n\n if (!user) {\n throw new ValidationError('Incorrect code provided');\n }\n\n await getService('user').edit(user.id, {\n resetPasswordToken: null,\n password,\n });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n if (deviceId) {\n // Invalidate sessions: specific device if deviceId provided\n await strapi\n .sessionManager('users-permissions')\n .invalidateRefreshToken(String(user.id), deviceId);\n }\n\n const newDeviceId = deviceId || crypto.randomUUID();\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), newDeviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n async refresh(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n const { refreshToken } = ctx.request.body || {};\n if (!refreshToken || typeof refreshToken !== 'string') {\n return ctx.badRequest('Missing refresh token');\n }\n\n const rotation = await strapi\n .sessionManager('users-permissions')\n .rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean' ? upSessions.cookie?.secure : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n ctx.cookies.set(cookieName, rotation.token, cookieOptions);\n return ctx.send({ jwt: result.token });\n }\n return ctx.send({ jwt: result.token, refreshToken: rotation.token });\n },\n async logout(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n // Invalidate all sessions for the authenticated user, or by deviceId if provided\n if (!ctx.state.user) {\n return ctx.unauthorized('Missing authentication');\n }\n\n const deviceId = extractDeviceId(ctx.request.body);\n try {\n await strapi\n .sessionManager('users-permissions')\n .invalidateRefreshToken(String(ctx.state.user.id), deviceId);\n } catch (err) {\n strapi.log.error('UP logout failed', err);\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n ctx.cookies.set(cookieName, '', { expires: new Date(0) });\n }\n return ctx.send({ ok: true });\n },\n async connect(ctx, next) {\n const grant = require('grant').koa();\n\n const providers = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })\n .get();\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n const grantConfig = {\n defaults: {\n prefix: `${apiPrefix}/connect`,\n },\n ...providers,\n };\n\n const [requestPath] = ctx.request.url.split('?');\n const provider = requestPath.split('/connect/')[1].split('/')[0];\n\n if (!_.get(grantConfig[provider], 'enabled')) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (!strapi.config.server.url.startsWith('http')) {\n strapi.log.warn(\n 'You are using a third party provider for login. Make sure to set an absolute url in config/server.js. More info here: https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html#setting-up-the-server-url'\n );\n }\n\n // Ability to pass OAuth callback dynamically\n const queryCustomCallback = _.get(ctx, 'query.callback');\n const dynamicSessionCallback = _.get(ctx, 'session.grant.dynamic.callback');\n\n const customCallback = queryCustomCallback ?? dynamicSessionCallback;\n\n // The custom callback is validated to make sure it's not redirecting to an unwanted actor.\n if (customCallback !== undefined) {\n try {\n // We're extracting the callback validator from the plugin config since it can be user-customized\n const { validate: validateCallback } = strapi\n .plugin('users-permissions')\n .config('callback');\n\n await validateCallback(customCallback, grantConfig[provider]);\n\n grantConfig[provider].callback = customCallback;\n } catch (e) {\n throw new ValidationError('Invalid callback URL provided', { callback: customCallback });\n }\n }\n\n // Build a valid redirect URI for the current provider\n grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider);\n\n return grant(grantConfig)(ctx, next);\n },\n\n async forgotPassword(ctx) {\n const { email } = await validateForgotPasswordBody(ctx.request.body);\n\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const emailSettings = await pluginStore.get({ key: 'email' });\n const advancedSettings = await pluginStore.get({ key: 'advanced' });\n\n // Find the user by email.\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { email: email.toLowerCase() } });\n\n if (!user || user.blocked) {\n return ctx.send({ ok: true });\n }\n\n // Generate random token.\n const userInfo = await sanitizeUser(user, ctx);\n\n const resetPasswordToken = crypto.randomBytes(64).toString('hex');\n\n const resetPasswordSettings = _.get(emailSettings, 'reset_password.options', {});\n const emailBody = await getService('users-permissions').template(\n resetPasswordSettings.message,\n {\n URL: advancedSettings.email_reset_password,\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: userInfo,\n TOKEN: resetPasswordToken,\n }\n );\n\n const emailObject = await getService('users-permissions').template(\n resetPasswordSettings.object,\n {\n USER: userInfo,\n }\n );\n\n const emailToSend = {\n to: user.email,\n from:\n resetPasswordSettings.from.email || resetPasswordSettings.from.name\n ? `${resetPasswordSettings.from.name} <${resetPasswordSettings.from.email}>`\n : undefined,\n replyTo: resetPasswordSettings.response_email,\n subject: emailObject,\n text: emailBody,\n html: emailBody,\n };\n\n // NOTE: Update the user before sending the email so an Admin can generate the link if the email fails\n await getService('user').edit(user.id, { resetPasswordToken });\n\n // Send an email to the user.\n await strapi.plugin('email').service('email').send(emailToSend);\n\n ctx.send({ ok: true });\n },\n\n async register(ctx) {\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const settings = await pluginStore.get({ key: 'advanced' });\n\n if (!settings.allow_register) {\n throw new ApplicationError('Register action is currently disabled');\n }\n\n const { register } = strapi.config.get('plugin::users-permissions');\n const alwaysAllowedKeys = ['username', 'password', 'email'];\n\n // Note that we intentionally do not filter allowedFields to allow a project to explicitly accept private or other Strapi field on registration\n const allowedKeys = compact(\n concat(alwaysAllowedKeys, isArray(register?.allowedFields) ? register.allowedFields : [])\n );\n\n // Check if there are any keys in requestBody that are not in allowedKeys\n const invalidKeys = Object.keys(ctx.request.body).filter((key) => !allowedKeys.includes(key));\n\n if (invalidKeys.length > 0) {\n // If there are invalid keys, throw an error\n throw new ValidationError(`Invalid parameters: ${invalidKeys.join(', ')}`);\n }\n\n const params = {\n ..._.pick(ctx.request.body, allowedKeys),\n provider: 'local',\n };\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n await validateRegisterBody(params, validations);\n\n const role = await strapi.db\n .query('plugin::users-permissions.role')\n .findOne({ where: { type: settings.default_role } });\n\n if (!role) {\n throw new ApplicationError('Impossible to find the default role');\n }\n\n const { email, username, provider } = params;\n\n const identifierFilter = {\n $or: [\n { email: email.toLowerCase() },\n { username: email.toLowerCase() },\n { username },\n { email: username },\n ],\n };\n\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter, provider },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n\n if (settings.unique_email) {\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n }\n\n const newUser = {\n ...params,\n role: role.id,\n email: email.toLowerCase(),\n username,\n confirmed: !settings.email_confirmation,\n };\n\n const user = await getService('user').add(newUser);\n\n const sanitizedUser = await sanitizeUser(user, ctx);\n\n if (settings.email_confirmation) {\n try {\n await getService('user').sendConfirmationEmail(sanitizedUser);\n } catch (err) {\n strapi.log.error(err);\n throw new ApplicationError('Error sending confirmation email');\n }\n\n return ctx.send({ user: sanitizedUser });\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body) || crypto.randomUUID();\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({ jwt: access.token, refreshToken: refresh.token, user: sanitizedUser });\n }\n\n const jwt = getService('jwt').issue(_.pick(user, ['id']));\n return ctx.send({ jwt, user: sanitizedUser });\n },\n\n async emailConfirmation(ctx, next, returnUser) {\n const { confirmation: confirmationToken } = await validateEmailConfirmationBody(ctx.query);\n\n const userService = getService('user');\n const jwtService = getService('jwt');\n\n const [user] = await userService.fetchAll({ filters: { confirmationToken } });\n\n if (!user) {\n throw new ValidationError('Invalid token');\n }\n\n await userService.edit(user.id, { confirmed: true, confirmationToken: null });\n\n if (returnUser) {\n ctx.send({\n jwt: jwtService.issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } else {\n const settings = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n .get();\n\n ctx.redirect(settings.email_confirmation_redirection || '/');\n }\n },\n\n async sendEmailConfirmation(ctx) {\n const { email } = await validateSendEmailConfirmationBody(ctx.request.body);\n\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: { email: email.toLowerCase() },\n });\n\n if (!user) {\n return ctx.send({ email, sent: true });\n }\n\n if (user.confirmed) {\n throw new ApplicationError('Already confirmed');\n }\n\n if (user.blocked) {\n throw new ApplicationError('User blocked');\n }\n\n await getService('user').sendConfirmationEmail(user);\n\n ctx.send({\n email: user.email,\n sent: true,\n });\n },\n});\n"],"names":["crypto","require$$0","_","require$$1","concat","compact","isArray","require$$2","utils","require$$3","getService","require$$4","validateCallbackBody","validateRegisterBody","validateSendEmailConfirmationBody","validateForgotPasswordBody","validateResetPasswordBody","validateEmailConfirmationBody","validateChangePasswordBody","require$$5","ApplicationError","ValidationError","ForbiddenError","errors","sanitizeUser","user","ctx","auth","state","userSchema","strapi","getModel","contentAPI","sanitize","output","extractDeviceId","requestBody","deviceId","length","undefined","callback","provider","params","request","body","store","type","name","grantSettings","get","key","grantProvider","identifier","db","query","findOne","where","$or","email","toLowerCase","username","password","validPassword","validatePassword","advancedSettings","requiresConfirmation","confirmed","blocked","mode","config","refresh","sessionManager","generateRefreshToken","String","id","access","generateAccessToken","token","upSessions","requestHttpOnly","header","httpOnly","cookieName","cookie","isProduction","process","env","NODE_ENV","isSecure","secure","cookieOptions","sameSite","path","domain","overwrite","cookies","set","send","jwt","refreshToken","issue","connect","error","message","changePassword","validations","currentPassword","edit","invalidateRefreshToken","newDeviceId","randomUUID","resetPassword","passwordConfirmation","code","resetPasswordToken","notFound","badRequest","rotation","rotateRefreshToken","unauthorized","result","logout","err","log","expires","Date","ok","next","grant","require$$6","koa","providers","apiPrefix","grantConfig","defaults","prefix","requestPath","url","split","server","startsWith","warn","queryCustomCallback","dynamicSessionCallback","customCallback","validate","validateCallback","plugin","e","redirect_uri","buildRedirectUri","forgotPassword","pluginStore","emailSettings","userInfo","randomBytes","toString","resetPasswordSettings","emailBody","template","URL","email_reset_password","SERVER_URL","ADMIN_URL","USER","TOKEN","emailObject","object","emailToSend","to","from","replyTo","response_email","subject","text","html","service","register","settings","allow_register","alwaysAllowedKeys","allowedKeys","allowedFields","invalidKeys","Object","keys","filter","includes","join","pick","role","default_role","identifierFilter","conflictingUserCount","count","unique_email","newUser","email_confirmation","add","sanitizedUser","sendConfirmationEmail","emailConfirmation","returnUser","confirmation","confirmationToken","userService","jwtService","fetchAll","filters","redirect","email_confirmation_redirection","sendEmailConfirmation","sent"],"mappings":";;;;;;;;;;;;;;;AAEA;;;;4CAOA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,CAAIC,GAAAA,YAAAA;AACV,IAAA,MAAM,EAAEC,MAAM,EAAEC,OAAO,EAAEC,OAAO,EAAE,GAAGC,YAAAA;AACrC,IAAA,MAAMC,KAAQC,GAAAA,UAAAA;IACd,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AACvB,IAAA,MAAM,EACJC,oBAAoB,EACpBC,oBAAoB,EACpBC,iCAAiC,EACjCC,0BAA0B,EAC1BC,yBAAyB,EACzBC,6BAA6B,EAC7BC,0BAA0B,EAC3B,GAAGC,gBAAAA,EAAAA;IAEJ,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAEC,cAAc,EAAE,GAAGd,KAAAA,CAAMe,MAAM;IAE1E,MAAMC,YAAAA,GAAe,CAACC,IAAMC,EAAAA,GAAAA,GAAAA;AAC1B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,KAAK;QAC1B,MAAMC,UAAAA,GAAaC,MAAOC,CAAAA,QAAQ,CAAC,gCAAA,CAAA;QAEnC,OAAOD,MAAAA,CAAOE,UAAU,CAACC,QAAQ,CAACC,MAAM,CAACT,MAAMI,UAAY,EAAA;AAAEF,YAAAA;AAAI,SAAA,CAAA;AACnE,KAAA;AAEA,IAAA,MAAMQ,kBAAkB,CAACC,WAAAA,GAAAA;AACvB,QAAA,MAAM,EAAEC,QAAQ,EAAE,GAAGD,eAAe;AAEpC,QAAA,OAAO,OAAOC,QAAa,KAAA,QAAA,IAAYA,SAASC,MAAM,GAAG,IAAID,QAAWE,GAAAA,SAAAA;AAC1E,KAAA;AAEAZ,IAAAA,IAAAA,GAAiB,CAAC,EAAEG,MAAAA,EAAAA,OAAM,EAAE,IAAM;AAChC,YAAA,MAAMU,UAASd,GAAG,EAAA;AAChB,gBAAA,MAAMe,QAAWf,GAAAA,GAAAA,CAAIgB,MAAM,CAACD,QAAQ,IAAI,OAAA;AACxC,gBAAA,MAAMC,MAAShB,GAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI;gBAE/B,MAAMC,KAAAA,GAAQf,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AACtE,gBAAA,MAAMC,aAAgB,GAAA,MAAMH,KAAMI,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAO,iBAAA,CAAA;gBAEpD,MAAMC,aAAAA,GAAgBV,QAAa,KAAA,OAAA,GAAU,OAAUA,GAAAA,QAAAA;AAEvD,gBAAA,IAAI,CAACvC,CAAAA,CAAE+C,GAAG,CAACD,aAAe,EAAA;AAACG,oBAAAA,aAAAA;AAAe,oBAAA;iBAAU,CAAG,EAAA;AACrD,oBAAA,MAAM,IAAI/B,gBAAiB,CAAA,2BAAA,CAAA;AAC5B;AAED,gBAAA,IAAIqB,aAAa,OAAS,EAAA;AACxB,oBAAA,MAAM7B,oBAAqB8B,CAAAA,MAAAA,CAAAA;oBAE3B,MAAM,EAAEU,UAAU,EAAE,GAAGV,MAAAA;;oBAGvB,MAAMjB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkCC,CAAAA,CAAAA,OAAO,CAAC;wBAC3EC,KAAO,EAAA;AACLf,4BAAAA,QAAAA;4BACAgB,GAAK,EAAA;AAAC,gCAAA;AAAEC,oCAAAA,KAAAA,EAAON,WAAWO,WAAW;;AAAM,gCAAA;oCAAEC,QAAUR,EAAAA;;AAAa;AACrE;AACT,qBAAA,CAAA;AAEM,oBAAA,IAAI,CAAC3B,IAAM,EAAA;AACT,wBAAA,MAAM,IAAIJ,eAAgB,CAAA,gCAAA,CAAA;AAC3B;oBAED,IAAI,CAACI,IAAKoC,CAAAA,QAAQ,EAAE;AAClB,wBAAA,MAAM,IAAIxC,eAAgB,CAAA,gCAAA,CAAA;AAC3B;oBAED,MAAMyC,aAAAA,GAAgB,MAAMpD,UAAAA,CAAW,MAAQqD,CAAAA,CAAAA,gBAAgB,CAC7DrB,MAAOmB,CAAAA,QAAQ,EACfpC,IAAAA,CAAKoC,QAAQ,CAAA;AAGf,oBAAA,IAAI,CAACC,aAAe,EAAA;AAClB,wBAAA,MAAM,IAAIzC,eAAgB,CAAA,gCAAA,CAAA;AAC3B;AAED,oBAAA,MAAM2C,gBAAmB,GAAA,MAAMnB,KAAMI,CAAAA,GAAG,CAAC;wBAAEC,GAAK,EAAA;AAAU,qBAAA,CAAA;AAC1D,oBAAA,MAAMe,oBAAuB/D,GAAAA,CAAAA,CAAE+C,GAAG,CAACe,gBAAkB,EAAA,oBAAA,CAAA;AAErD,oBAAA,IAAIC,oBAAwBxC,IAAAA,IAAAA,CAAKyC,SAAS,KAAK,IAAM,EAAA;AACnD,wBAAA,MAAM,IAAI9C,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;oBAED,IAAIK,IAAAA,CAAK0C,OAAO,KAAK,IAAM,EAAA;AACzB,wBAAA,MAAM,IAAI/C,gBAAiB,CAAA,mDAAA,CAAA;AAC5B;AAED,oBAAA,MAAMgD,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,oBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,wBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,wBAAA,MAAM0B,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;4BAAES,IAAM,EAAA;AAAS,yBAAA,CAAA;wBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,wBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,4BAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AAED,wBAAA,MAAM0D,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,wBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;wBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,4BAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9C,4BAAA,MAAMqC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;4BAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SACjCX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MACnBL,GAAAA,YAAAA;AAEN,4BAAA,MAAMM,aAAgB,GAAA;gCACpBT,QAAU,EAAA,IAAA;gCACVQ,MAAQD,EAAAA,QAAAA;gCACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;gCACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;gCACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;gCAC3BC,SAAW,EAAA;AACvB,6BAAA;AAEUpE,4BAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYZ,EAAAA,OAAAA,CAAQO,KAAK,EAAEa,aAAAA,CAAAA;4BAC3C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,gCAAAA,GAAAA,EAAKvB,OAAOE,KAAK;gCAAEpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AAAM,6BAAA,CAAA;AAC3E;wBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;AACdC,4BAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,4BAAAA,YAAAA,EAAc7B,QAAQO,KAAK;4BAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACzC,yBAAA,CAAA;AACO;oBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;wBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;;gBAGD,IAAI;oBACF,MAAMD,IAAAA,GAAO,MAAMf,UAAW,CAAA,WAAA,CAAA,CAAa2F,OAAO,CAAC5D,QAAAA,EAAUf,IAAI4B,KAAK,CAAA;oBAEtE,IAAI7B,IAAAA,CAAK0C,OAAO,EAAE;AAChB,wBAAA,MAAM,IAAI7C,cAAe,CAAA,mDAAA,CAAA;AAC1B;AAED,oBAAA,MAAM8C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,oBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,wBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,wBAAA,MAAM0B,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;4BAAES,IAAM,EAAA;AAAS,yBAAA,CAAA;wBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,wBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,4BAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AAED,wBAAA,MAAM0D,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,wBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;wBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,4BAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9C,4BAAA,MAAMqC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;4BAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SACjCX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MACnBL,GAAAA,YAAAA;AAEN,4BAAA,MAAMM,aAAgB,GAAA;gCACpBT,QAAU,EAAA,IAAA;gCACVQ,MAAQD,EAAAA,QAAAA;gCACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;gCACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;gCACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;gCAC3BC,SAAW,EAAA;AACvB,6BAAA;AACUpE,4BAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYZ,EAAAA,OAAAA,CAAQO,KAAK,EAAEa,aAAAA,CAAAA;4BAC3C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,gCAAAA,GAAAA,EAAKvB,OAAOE,KAAK;gCAAEpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AAAM,6BAAA,CAAA;AAC3E;wBACD,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;AACdC,4BAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,4BAAAA,YAAAA,EAAc7B,QAAQO,KAAK;4BAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACzC,yBAAA,CAAA;AACO;oBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;wBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK,iBAAA,CAAC,OAAO4E,KAAO,EAAA;oBACd,MAAM,IAAIlF,gBAAiBkF,CAAAA,KAAAA,CAAMC,OAAO,CAAA;AACzC;AACF,aAAA;AAED,YAAA,MAAMC,gBAAe9E,GAAG,EAAA;AACtB,gBAAA,IAAI,CAACA,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;AACnB,oBAAA,MAAM,IAAIL,gBAAiB,CAAA,kDAAA,CAAA;AAC5B;AAED,gBAAA,MAAMqF,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAEyD,eAAe,EAAE7C,QAAQ,EAAE,GAAG,MAAM3C,0BAAAA,CAC1CQ,GAAIiB,CAAAA,OAAO,CAACC,IAAI,EAChB6D,WAAAA,CAAAA;gBAGF,MAAMhF,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEkB,wBAAAA,EAAAA,EAAIhD,GAAIE,CAAAA,KAAK,CAACH,IAAI,CAACiD;AAAI;AAAA,iBAAA,CAAA;gBAE7C,MAAMZ,aAAAA,GAAgB,MAAMpD,UAAW,CAAA,MAAA,CAAA,CAAQqD,gBAAgB,CAAC2C,eAAAA,EAAiBjF,KAAKoC,QAAQ,CAAA;AAE9F,gBAAA,IAAI,CAACC,aAAe,EAAA;AAClB,oBAAA,MAAM,IAAIzC,eAAgB,CAAA,0CAAA,CAAA;AAC3B;AAED,gBAAA,IAAIqF,oBAAoB7C,QAAU,EAAA;AAChC,oBAAA,MAAM,IAAIxC,eAAgB,CAAA,gEAAA,CAAA;AAC3B;AAED,gBAAA,MAAMX,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;AAAEb,oBAAAA;AAAQ,iBAAA,CAAA;AAEjD,gBAAA,MAAMO,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,oBAAA,IAAIP,QAAU,EAAA;;wBAEZ,MAAMP,OAAAA,CACHyC,cAAc,CAAC,mBAAA,CAAA,CACfqC,sBAAsB,CAACnC,MAAAA,CAAOhD,IAAKiD,CAAAA,EAAE,CAAGrC,EAAAA,QAAAA,CAAAA;AAC5C;oBAED,MAAMwE,WAAAA,GAAcxE,QAAYrC,IAAAA,MAAAA,CAAO8G,UAAU,EAAA;AACjD,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGmC,WAAa,EAAA;wBAAE/D,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEvE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AACdC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;gBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;oBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,wBAAAA,EAAAA,EAAIjD,KAAKiD;;oBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACrC,iBAAA,CAAA;AACG,aAAA;AAED,YAAA,MAAMqF,eAAcrF,GAAG,EAAA;AACrB,gBAAA,MAAM+E,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAEY,QAAQ,EAAEmD,oBAAoB,EAAEC,IAAI,EAAE,GAAG,MAAMjG,yBACrDU,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAChB6D,WAAAA,CAAAA;AAGF,gBAAA,IAAI5C,aAAamD,oBAAsB,EAAA;AACrC,oBAAA,MAAM,IAAI3F,eAAgB,CAAA,wBAAA,CAAA;AAC3B;gBAED,MAAMI,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;wBAAE0D,kBAAoBD,EAAAA;AAAI;AAAI,iBAAA,CAAA;AAElD,gBAAA,IAAI,CAACxF,IAAM,EAAA;AACT,oBAAA,MAAM,IAAIJ,eAAgB,CAAA,yBAAA,CAAA;AAC3B;AAED,gBAAA,MAAMX,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;oBACrCwC,kBAAoB,EAAA,IAAA;AACpBrD,oBAAAA;AACN,iBAAA,CAAA;AAEI,gBAAA,MAAMO,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,oBAAA,IAAIP,QAAU,EAAA;;wBAEZ,MAAMP,OAAAA,CACHyC,cAAc,CAAC,mBAAA,CAAA,CACfqC,sBAAsB,CAACnC,MAAAA,CAAOhD,IAAKiD,CAAAA,EAAE,CAAGrC,EAAAA,QAAAA,CAAAA;AAC5C;oBAED,MAAMwE,WAAAA,GAAcxE,QAAYrC,IAAAA,MAAAA,CAAO8G,UAAU,EAAA;AACjD,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGmC,WAAa,EAAA;wBAAE/D,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEvE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AACdC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;gBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;oBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,wBAAAA,EAAAA,EAAIjD,KAAKiD;;oBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACrC,iBAAA,CAAA;AACG,aAAA;AACD,YAAA,MAAM4C,SAAQ5C,GAAG,EAAA;AACf,gBAAA,MAAM0C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,OAAO1C,IAAIyF,QAAQ,EAAA;AACpB;gBAED,MAAM,EAAEhB,YAAY,EAAE,GAAGzE,IAAIiB,OAAO,CAACC,IAAI,IAAI,EAAA;AAC7C,gBAAA,IAAI,CAACuD,YAAAA,IAAgB,OAAOA,YAAAA,KAAiB,QAAU,EAAA;oBACrD,OAAOzE,GAAAA,CAAI0F,UAAU,CAAC,uBAAA,CAAA;AACvB;AAED,gBAAA,MAAMC,WAAW,MAAMvF,OAAAA,CACpByC,cAAc,CAAC,mBAAA,CAAA,CACf+C,kBAAkB,CAACnB,YAAAA,CAAAA;AACtB,gBAAA,IAAI,WAAWkB,QAAU,EAAA;oBACvB,OAAO3F,GAAAA,CAAI6F,YAAY,CAAC,uBAAA,CAAA;AACzB;gBAED,MAAMC,MAAAA,GAAS,MAAM1F,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACyC,QAAAA,CAASxC,KAAK,CAAA;AACrC,gBAAA,IAAI,WAAW2C,MAAQ,EAAA;oBACrB,OAAO9F,GAAAA,CAAI6F,YAAY,CAAC,uBAAA,CAAA;AACzB;AAED,gBAAA,MAAMzC,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,gBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,oBAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9C,oBAAA,MAAMqC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;oBAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SAAYX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MAASL,GAAAA,YAAAA;AAE/E,oBAAA,MAAMM,aAAgB,GAAA;wBACpBT,QAAU,EAAA,IAAA;wBACVQ,MAAQD,EAAAA,QAAAA;wBACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;wBACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;wBACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;wBAC3BC,SAAW,EAAA;AACnB,qBAAA;AACMpE,oBAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYmC,EAAAA,QAAAA,CAASxC,KAAK,EAAEa,aAAAA,CAAAA;oBAC5C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKsB,OAAO3C;AAAK,qBAAA,CAAA;AACpC;gBACD,OAAOnD,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,oBAAAA,GAAAA,EAAKsB,OAAO3C,KAAK;AAAEsB,oBAAAA,YAAAA,EAAckB,SAASxC;AAAK,iBAAA,CAAA;AAClE,aAAA;AACD,YAAA,MAAM4C,QAAO/F,GAAG,EAAA;AACd,gBAAA,MAAM0C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,OAAO1C,IAAIyF,QAAQ,EAAA;AACpB;;AAGD,gBAAA,IAAI,CAACzF,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;oBACnB,OAAOC,GAAAA,CAAI6F,YAAY,CAAC,wBAAA,CAAA;AACzB;AAED,gBAAA,MAAMlF,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;gBACjD,IAAI;AACF,oBAAA,MAAMd,OACHyC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfqC,sBAAsB,CAACnC,MAAO/C,CAAAA,GAAAA,CAAIE,KAAK,CAACH,IAAI,CAACiD,EAAE,CAAGrC,EAAAA,QAAAA,CAAAA;AACtD,iBAAA,CAAC,OAAOqF,GAAK,EAAA;AACZ5F,oBAAAA,OAAAA,CAAO6F,GAAG,CAACrB,KAAK,CAAC,kBAAoBoB,EAAAA,GAAAA,CAAAA;AACtC;AAED,gBAAA,MAAM5C,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,gBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,oBAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9CrB,oBAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,YAAY,EAAI,EAAA;AAAE0C,wBAAAA,OAAAA,EAAS,IAAIC,IAAK,CAAA,CAAA;AAAE,qBAAA,CAAA;AACvD;gBACD,OAAOnG,GAAAA,CAAIuE,IAAI,CAAC;oBAAE6B,EAAI,EAAA;AAAM,iBAAA,CAAA;AAC7B,aAAA;YACD,MAAMzB,OAAAA,CAAAA,CAAQ3E,GAAG,EAAEqG,IAAI,EAAA;gBACrB,MAAMC,KAAAA,GAAQC,WAAiBC,GAAG,EAAA;AAElC,gBAAA,MAAMC,SAAY,GAAA,MAAMrG,OACrBe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA,mBAAA;oBAAqBG,GAAK,EAAA;mBACxDD,GAAG,EAAA;AAEN,gBAAA,MAAMmF,SAAYtG,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,iBAAA,CAAA;AACpC,gBAAA,MAAMoF,WAAc,GAAA;oBAClBC,QAAU,EAAA;wBACRC,MAAQ,EAAA,CAAA,EAAGH,SAAU,CAAA,QAAQ;AAC9B,qBAAA;AACD,oBAAA,GAAGD;AACT,iBAAA;gBAEI,MAAM,CAACK,YAAY,GAAG9G,GAAAA,CAAIiB,OAAO,CAAC8F,GAAG,CAACC,KAAK,CAAC,GAAA,CAAA;AAC5C,gBAAA,MAAMjG,QAAW+F,GAAAA,WAAAA,CAAYE,KAAK,CAAC,WAAY,CAAA,CAAC,CAAE,CAAA,CAACA,KAAK,CAAC,GAAI,CAAA,CAAC,CAAE,CAAA;gBAEhE,IAAI,CAACxI,EAAE+C,GAAG,CAACoF,WAAW,CAAC5F,QAAAA,CAAS,EAAE,SAAY,CAAA,EAAA;AAC5C,oBAAA,MAAM,IAAIrB,gBAAiB,CAAA,2BAAA,CAAA;AAC5B;gBAED,IAAI,CAACU,OAAOuC,CAAAA,MAAM,CAACsE,MAAM,CAACF,GAAG,CAACG,UAAU,CAAC,MAAS,CAAA,EAAA;oBAChD9G,OAAO6F,CAAAA,GAAG,CAACkB,IAAI,CACb,6NAAA,CAAA;AAEH;;AAGD,gBAAA,MAAMC,mBAAsB5I,GAAAA,CAAAA,CAAE+C,GAAG,CAACvB,GAAK,EAAA,gBAAA,CAAA;AACvC,gBAAA,MAAMqH,sBAAyB7I,GAAAA,CAAAA,CAAE+C,GAAG,CAACvB,GAAK,EAAA,gCAAA,CAAA;AAE1C,gBAAA,MAAMsH,iBAAiBF,mBAAuBC,IAAAA,sBAAAA;;AAG9C,gBAAA,IAAIC,mBAAmBzG,SAAW,EAAA;oBAChC,IAAI;;wBAEF,MAAM,EAAE0G,QAAUC,EAAAA,gBAAgB,EAAE,GAAGpH,QACpCqH,MAAM,CAAC,mBACP9E,CAAAA,CAAAA,MAAM,CAAC,UAAA,CAAA;AAEV,wBAAA,MAAM6E,gBAAiBF,CAAAA,cAAAA,EAAgBX,WAAW,CAAC5F,QAAS,CAAA,CAAA;AAE5D4F,wBAAAA,WAAW,CAAC5F,QAAAA,CAAS,CAACD,QAAQ,GAAGwG,cAAAA;AAClC,qBAAA,CAAC,OAAOI,CAAG,EAAA;wBACV,MAAM,IAAI/H,gBAAgB,+BAAiC,EAAA;4BAAEmB,QAAUwG,EAAAA;AAAgB,yBAAA,CAAA;AACxF;AACF;;gBAGDX,WAAW,CAAC5F,SAAS,CAAC4G,YAAY,GAAG3I,UAAW,CAAA,WAAA,CAAA,CAAa4I,gBAAgB,CAAC7G,QAAAA,CAAAA;gBAE9E,OAAOuF,KAAAA,CAAMK,aAAa3G,GAAKqG,EAAAA,IAAAA,CAAAA;AAChC,aAAA;AAED,YAAA,MAAMwB,gBAAe7H,GAAG,EAAA;gBACtB,MAAM,EAAEgC,KAAK,EAAE,GAAG,MAAM3C,0BAA2BW,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;AAEnE,gBAAA,MAAM4G,WAAc,GAAA,MAAM1H,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAM0G,aAAgB,GAAA,MAAMD,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAO,iBAAA,CAAA;AAC1D,gBAAA,MAAMc,gBAAmB,GAAA,MAAMwF,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAU,iBAAA,CAAA;;gBAGhE,MAAMzB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI;AAAA,iBAAA,CAAA;AAElD,gBAAA,IAAI,CAAClC,IAAAA,IAAQA,IAAK0C,CAAAA,OAAO,EAAE;oBACzB,OAAOzC,GAAAA,CAAIuE,IAAI,CAAC;wBAAE6B,EAAI,EAAA;AAAM,qBAAA,CAAA;AAC7B;;gBAGD,MAAM4B,QAAAA,GAAW,MAAMlI,YAAAA,CAAaC,IAAMC,EAAAA,GAAAA,CAAAA;AAE1C,gBAAA,MAAMwF,qBAAqBlH,MAAO2J,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE3D,gBAAA,MAAMC,wBAAwB3J,CAAE+C,CAAAA,GAAG,CAACwG,aAAAA,EAAe,0BAA0B,EAAA,CAAA;gBAC7E,MAAMK,SAAAA,GAAY,MAAMpJ,UAAW,CAAA,mBAAA,CAAA,CAAqBqJ,QAAQ,CAC9DF,qBAAAA,CAAsBtD,OAAO,EAC7B;AACEyD,oBAAAA,GAAAA,EAAKhG,iBAAiBiG,oBAAoB;AAC1CC,oBAAAA,UAAAA,EAAYpI,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,oBAAA,CAAA;AAC9BkH,oBAAAA,SAAAA,EAAWrI,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,mBAAA,CAAA;oBAC7BmH,IAAMV,EAAAA,QAAAA;oBACNW,KAAOnD,EAAAA;AACR,iBAAA,CAAA;gBAGH,MAAMoD,WAAAA,GAAc,MAAM5J,UAAW,CAAA,mBAAA,CAAA,CAAqBqJ,QAAQ,CAChEF,qBAAAA,CAAsBU,MAAM,EAC5B;oBACEH,IAAMV,EAAAA;AACP,iBAAA,CAAA;AAGH,gBAAA,MAAMc,WAAc,GAAA;AAClBC,oBAAAA,EAAAA,EAAIhJ,KAAKiC,KAAK;oBACdgH,IACEb,EAAAA,qBAAAA,CAAsBa,IAAI,CAAChH,KAAK,IAAImG,sBAAsBa,IAAI,CAAC3H,IAAI,GAC/D,CAAG8G,EAAAA,qBAAAA,CAAsBa,IAAI,CAAC3H,IAAI,CAAC,EAAE,EAAE8G,qBAAAA,CAAsBa,IAAI,CAAChH,KAAK,CAAC,CAAC,CAAC,GAC1EnB,SAAAA;AACNoI,oBAAAA,OAAAA,EAASd,sBAAsBe,cAAc;oBAC7CC,OAASP,EAAAA,WAAAA;oBACTQ,IAAMhB,EAAAA,SAAAA;oBACNiB,IAAMjB,EAAAA;AACZ,iBAAA;;AAGI,gBAAA,MAAMpJ,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;AAAEwC,oBAAAA;AAAkB,iBAAA,CAAA;;gBAG3D,MAAMpF,OAAAA,CAAOqH,MAAM,CAAC,OAAA,CAAA,CAAS6B,OAAO,CAAC,OAAA,CAAA,CAAS/E,IAAI,CAACuE,WAAAA,CAAAA;AAEnD9I,gBAAAA,GAAAA,CAAIuE,IAAI,CAAC;oBAAE6B,EAAI,EAAA;AAAM,iBAAA,CAAA;AACtB,aAAA;AAED,YAAA,MAAMmD,UAASvJ,GAAG,EAAA;AAChB,gBAAA,MAAM8H,WAAc,GAAA,MAAM1H,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAMmI,QAAW,GAAA,MAAM1B,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAU,iBAAA,CAAA;gBAExD,IAAI,CAACgI,QAASC,CAAAA,cAAc,EAAE;AAC5B,oBAAA,MAAM,IAAI/J,gBAAiB,CAAA,uCAAA,CAAA;AAC5B;gBAED,MAAM,EAAE6J,QAAQ,EAAE,GAAGnJ,QAAOuC,MAAM,CAACpB,GAAG,CAAC,2BAAA,CAAA;AACvC,gBAAA,MAAMmI,iBAAoB,GAAA;AAAC,oBAAA,UAAA;AAAY,oBAAA,UAAA;AAAY,oBAAA;AAAQ,iBAAA;;gBAG3D,MAAMC,WAAAA,GAAchL,OAClBD,CAAAA,MAAAA,CAAOgL,iBAAmB9K,EAAAA,OAAAA,CAAQ2K,UAAUK,aAAiBL,CAAAA,GAAAA,QAAAA,CAASK,aAAa,GAAG,EAAE,CAAA,CAAA;;AAI1F,gBAAA,MAAMC,cAAcC,MAAOC,CAAAA,IAAI,CAAC/J,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAE8I,CAAAA,MAAM,CAAC,CAACxI,GAAAA,GAAQ,CAACmI,WAAAA,CAAYM,QAAQ,CAACzI,GAAAA,CAAAA,CAAAA;gBAExF,IAAIqI,WAAAA,CAAYjJ,MAAM,GAAG,CAAG,EAAA;;oBAE1B,MAAM,IAAIjB,gBAAgB,CAAC,oBAAoB,EAAEkK,WAAYK,CAAAA,IAAI,CAAC,IAAO,CAAA,CAAA,CAAA,CAAA;AAC1E;AAED,gBAAA,MAAMlJ,MAAS,GAAA;oBACb,GAAGxC,CAAAA,CAAE2L,IAAI,CAACnK,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAAEyI,WAAY,CAAA;oBACxC5I,QAAU,EAAA;AAChB,iBAAA;AAEI,gBAAA,MAAMgE,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAMpC,qBAAqB6B,MAAQ+D,EAAAA,WAAAA,CAAAA;gBAEnC,MAAMqF,IAAAA,GAAO,MAAMhK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEV,wBAAAA,IAAAA,EAAMoI,SAASa;AAAc;AAAA,iBAAA,CAAA;AAEnD,gBAAA,IAAI,CAACD,IAAM,EAAA;AACT,oBAAA,MAAM,IAAI1K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;AAED,gBAAA,MAAM,EAAEsC,KAAK,EAAEE,QAAQ,EAAEnB,QAAQ,EAAE,GAAGC,MAAAA;AAEtC,gBAAA,MAAMsJ,gBAAmB,GAAA;oBACvBvI,GAAK,EAAA;AACH,wBAAA;AAAEC,4BAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI,yBAAA;AAC9B,wBAAA;AAAEC,4BAAAA,QAAAA,EAAUF,MAAMC,WAAW;AAAI,yBAAA;AACjC,wBAAA;AAAEC,4BAAAA;AAAU,yBAAA;AACZ,wBAAA;4BAAEF,KAAOE,EAAAA;AAAU;AACpB;AACP,iBAAA;gBAEI,MAAMqI,oBAAAA,GAAuB,MAAMnK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkC4I,CAAAA,CAAAA,KAAK,CAAC;oBACzF1I,KAAO,EAAA;AAAE,wBAAA,GAAGwI,gBAAgB;AAAEvJ,wBAAAA;AAAU;AAC9C,iBAAA,CAAA;AAEI,gBAAA,IAAIwJ,uBAAuB,CAAG,EAAA;AAC5B,oBAAA,MAAM,IAAI7K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;gBAED,IAAI8J,QAAAA,CAASiB,YAAY,EAAE;oBACzB,MAAMF,oBAAAA,GAAuB,MAAMnK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkC4I,CAAAA,CAAAA,KAAK,CAAC;wBACzF1I,KAAO,EAAA;AAAE,4BAAA,GAAGwI;AAAkB;AACtC,qBAAA,CAAA;AAEM,oBAAA,IAAIC,uBAAuB,CAAG,EAAA;AAC5B,wBAAA,MAAM,IAAI7K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;AACF;AAED,gBAAA,MAAMgL,OAAU,GAAA;AACd,oBAAA,GAAG1J,MAAM;AACToJ,oBAAAA,IAAAA,EAAMA,KAAKpH,EAAE;AACbhB,oBAAAA,KAAAA,EAAOA,MAAMC,WAAW,EAAA;AACxBC,oBAAAA,QAAAA;oBACAM,SAAW,EAAA,CAACgH,SAASmB;AAC3B,iBAAA;AAEI,gBAAA,MAAM5K,IAAO,GAAA,MAAMf,UAAW,CAAA,MAAA,CAAA,CAAQ4L,GAAG,CAACF,OAAAA,CAAAA;gBAE1C,MAAMG,aAAAA,GAAgB,MAAM/K,YAAAA,CAAaC,IAAMC,EAAAA,GAAAA,CAAAA;gBAE/C,IAAIwJ,QAAAA,CAASmB,kBAAkB,EAAE;oBAC/B,IAAI;wBACF,MAAM3L,UAAAA,CAAW,MAAQ8L,CAAAA,CAAAA,qBAAqB,CAACD,aAAAA,CAAAA;AAChD,qBAAA,CAAC,OAAO7E,GAAK,EAAA;wBACZ5F,OAAO6F,CAAAA,GAAG,CAACrB,KAAK,CAACoB,GAAAA,CAAAA;AACjB,wBAAA,MAAM,IAAItG,gBAAiB,CAAA,kCAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;wBAAExE,IAAM8K,EAAAA;AAAe,qBAAA,CAAA;AACxC;AAED,gBAAA,MAAMnI,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;oBACtB,MAAM/B,QAAAA,GAAWF,gBAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA,IAAK5C,OAAO8G,UAAU,EAAA;AAEvE,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;wBAAES,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AAAEsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAAEpD,IAAM8K,EAAAA;AAAe,qBAAA,CAAA;AACxF;gBAED,MAAMrG,GAAAA,GAAMxF,WAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAClG,CAAE2L,CAAAA,IAAI,CAACpK,IAAM,EAAA;AAAC,oBAAA;AAAK,iBAAA,CAAA,CAAA;gBACvD,OAAOC,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,oBAAAA,GAAAA;oBAAKzE,IAAM8K,EAAAA;AAAa,iBAAA,CAAA;AAC3C,aAAA;AAED,YAAA,MAAME,iBAAkB/K,CAAAA,CAAAA,GAAG,EAAEqG,IAAI,EAAE2E,UAAU,EAAA;gBAC3C,MAAM,EAAEC,cAAcC,iBAAiB,EAAE,GAAG,MAAM3L,6BAAAA,CAA8BS,IAAI4B,KAAK,CAAA;AAEzF,gBAAA,MAAMuJ,cAAcnM,UAAW,CAAA,MAAA,CAAA;AAC/B,gBAAA,MAAMoM,aAAapM,UAAW,CAAA,KAAA,CAAA;AAE9B,gBAAA,MAAM,CAACe,IAAK,CAAA,GAAG,MAAMoL,WAAAA,CAAYE,QAAQ,CAAC;oBAAEC,OAAS,EAAA;AAAEJ,wBAAAA;AAAmB;AAAA,iBAAA,CAAA;AAE1E,gBAAA,IAAI,CAACnL,IAAM,EAAA;AACT,oBAAA,MAAM,IAAIJ,eAAgB,CAAA,eAAA,CAAA;AAC3B;AAED,gBAAA,MAAMwL,WAAYlG,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;oBAAER,SAAW,EAAA,IAAA;oBAAM0I,iBAAmB,EAAA;AAAI,iBAAA,CAAA;AAE1E,gBAAA,IAAIF,UAAY,EAAA;AACdhL,oBAAAA,GAAAA,CAAIuE,IAAI,CAAC;wBACPC,GAAK4G,EAAAA,UAAAA,CAAW1G,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACjCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;iBACW,MAAA;AACL,oBAAA,MAAMwJ,QAAW,GAAA,MAAMpJ,OACpBe,CAAAA,KAAK,CAAC;wBAAEC,IAAM,EAAA,QAAA;wBAAUC,IAAM,EAAA,mBAAA;wBAAqBG,GAAK,EAAA;uBACxDD,GAAG,EAAA;AAENvB,oBAAAA,GAAAA,CAAIuL,QAAQ,CAAC/B,QAASgC,CAAAA,8BAA8B,IAAI,GAAA,CAAA;AACzD;AACF,aAAA;AAED,YAAA,MAAMC,uBAAsBzL,GAAG,EAAA;gBAC7B,MAAM,EAAEgC,KAAK,EAAE,GAAG,MAAM5C,iCAAkCY,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;gBAE1E,MAAMnB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkCC,CAAAA,CAAAA,OAAO,CAAC;oBAC3EC,KAAO,EAAA;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI;AAC3C,iBAAA,CAAA;AAEI,gBAAA,IAAI,CAAClC,IAAM,EAAA;oBACT,OAAOC,GAAAA,CAAIuE,IAAI,CAAC;AAAEvC,wBAAAA,KAAAA;wBAAO0J,IAAM,EAAA;AAAI,qBAAA,CAAA;AACpC;gBAED,IAAI3L,IAAAA,CAAKyC,SAAS,EAAE;AAClB,oBAAA,MAAM,IAAI9C,gBAAiB,CAAA,mBAAA,CAAA;AAC5B;gBAED,IAAIK,IAAAA,CAAK0C,OAAO,EAAE;AAChB,oBAAA,MAAM,IAAI/C,gBAAiB,CAAA,cAAA,CAAA;AAC5B;gBAED,MAAMV,UAAAA,CAAW,MAAQ8L,CAAAA,CAAAA,qBAAqB,CAAC/K,IAAAA,CAAAA;AAE/CC,gBAAAA,GAAAA,CAAIuE,IAAI,CAAC;AACPvC,oBAAAA,KAAAA,EAAOjC,KAAKiC,KAAK;oBACjB0J,IAAM,EAAA;AACZ,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
1
+ {"version":3,"file":"auth.js","sources":["../../../server/controllers/auth.js"],"sourcesContent":["'use strict';\n\n/**\n * Auth.js controller\n *\n * @description: A set of functions called \"actions\" for managing `Auth`.\n */\n\n/* eslint-disable no-useless-escape */\nconst crypto = require('crypto');\nconst _ = require('lodash');\nconst { concat, compact, isArray } = require('lodash/fp');\nconst utils = require('@strapi/utils');\nconst { getService } = require('../utils');\nconst {\n validateCallbackBody,\n validateRegisterBody,\n validateSendEmailConfirmationBody,\n validateForgotPasswordBody,\n validateResetPasswordBody,\n validateEmailConfirmationBody,\n validateChangePasswordBody,\n} = require('./validation/auth');\n\nconst { ApplicationError, ValidationError, ForbiddenError } = utils.errors;\n\nconst sanitizeUser = (user, ctx) => {\n const { auth } = ctx.state;\n const userSchema = strapi.getModel('plugin::users-permissions.user');\n\n return strapi.contentAPI.sanitize.output(user, userSchema, { auth });\n};\n\nconst extractDeviceId = (requestBody) => {\n const { deviceId } = requestBody || {};\n\n return typeof deviceId === 'string' && deviceId.length > 0 ? deviceId : undefined;\n};\n\nmodule.exports = ({ strapi }) => ({\n async callback(ctx) {\n const provider = ctx.params.provider || 'local';\n const params = ctx.request.body;\n\n const store = strapi.store({ type: 'plugin', name: 'users-permissions' });\n const grantSettings = await store.get({ key: 'grant' });\n\n const grantProvider = provider === 'local' ? 'email' : provider;\n\n if (!_.get(grantSettings, [grantProvider, 'enabled'])) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (provider === 'local') {\n await validateCallbackBody(params);\n\n const { identifier } = params;\n\n // Check if the user exists.\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: {\n provider,\n $or: [{ email: identifier.toLowerCase() }, { username: identifier }],\n },\n });\n\n if (!user) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n if (!user.password) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const validPassword = await getService('user').validatePassword(\n params.password,\n user.password\n );\n\n if (!validPassword) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const advancedSettings = await store.get({ key: 'advanced' });\n const requiresConfirmation = _.get(advancedSettings, 'email_confirmation');\n\n if (requiresConfirmation && user.confirmed !== true) {\n throw new ApplicationError('Your account email is not confirmed');\n }\n\n if (user.blocked === true) {\n throw new ApplicationError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean'\n ? upSessions.cookie?.secure\n : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n\n ctx.cookies.set(cookieName, refresh.token, cookieOptions);\n return ctx.send({ jwt: access.token, user: await sanitizeUser(user, ctx) });\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n }\n\n // Connect the user with the third-party provider.\n try {\n const user = await getService('providers').connect(provider, ctx.query);\n\n if (user.blocked) {\n throw new ForbiddenError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean'\n ? upSessions.cookie?.secure\n : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n ctx.cookies.set(cookieName, refresh.token, cookieOptions);\n return ctx.send({ jwt: access.token, user: await sanitizeUser(user, ctx) });\n }\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } catch (error) {\n throw new ApplicationError(error.message);\n }\n },\n\n async changePassword(ctx) {\n if (!ctx.state.user) {\n throw new ApplicationError('You must be authenticated to reset your password');\n }\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { currentPassword, password } = await validateChangePasswordBody(\n ctx.request.body,\n validations\n );\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { id: ctx.state.user.id } });\n\n const validPassword = await getService('user').validatePassword(currentPassword, user.password);\n\n if (!validPassword) {\n throw new ValidationError('The provided current password is invalid');\n }\n\n if (currentPassword === password) {\n throw new ValidationError('Your new password must be different than your current password');\n }\n\n await getService('user').edit(user.id, { password });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n // Invalidate all sessions when password changes for security\n await strapi.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));\n\n const newDeviceId = deviceId || crypto.randomUUID();\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), newDeviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n\n async resetPassword(ctx) {\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { password, passwordConfirmation, code } = await validateResetPasswordBody(\n ctx.request.body,\n validations\n );\n\n if (password !== passwordConfirmation) {\n throw new ValidationError('Passwords do not match');\n }\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { resetPasswordToken: code } });\n\n if (!user) {\n throw new ValidationError('Incorrect code provided');\n }\n\n await getService('user').edit(user.id, {\n resetPasswordToken: null,\n password,\n });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n // Invalidate all sessions when password is reset for security\n await strapi.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));\n\n const newDeviceId = deviceId || crypto.randomUUID();\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), newDeviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n async refresh(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const cookieName = upSessions?.cookie?.name || 'strapi_up_refresh';\n\n // Check for refresh token in cookie first (if httpOnly is configured), then in body\n let refreshToken = ctx.cookies.get(cookieName);\n if (!refreshToken) {\n refreshToken = ctx.request.body?.refreshToken;\n }\n\n if (!refreshToken || typeof refreshToken !== 'string') {\n return ctx.badRequest('Missing refresh token');\n }\n\n const rotation = await strapi\n .sessionManager('users-permissions')\n .rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean' ? upSessions.cookie?.secure : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n ctx.cookies.set(cookieName, rotation.token, cookieOptions);\n return ctx.send({ jwt: result.token });\n }\n return ctx.send({ jwt: result.token, refreshToken: rotation.token });\n },\n async logout(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n // Invalidate all sessions for the authenticated user, or by deviceId if provided\n if (!ctx.state.user) {\n return ctx.unauthorized('Missing authentication');\n }\n\n const deviceId = extractDeviceId(ctx.request.body);\n try {\n await strapi\n .sessionManager('users-permissions')\n .invalidateRefreshToken(String(ctx.state.user.id), deviceId);\n } catch (err) {\n strapi.log.error('UP logout failed', err);\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n ctx.cookies.set(cookieName, '', { expires: new Date(0) });\n }\n return ctx.send({ ok: true });\n },\n async connect(ctx, next) {\n const grant = require('grant').koa();\n\n const providers = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })\n .get();\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n const grantConfig = {\n defaults: {\n prefix: `${apiPrefix}/connect`,\n },\n ...providers,\n };\n\n const [requestPath] = ctx.request.url.split('?');\n const provider = requestPath.split('/connect/')[1].split('/')[0];\n\n if (!_.get(grantConfig[provider], 'enabled')) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (!strapi.config.server.url.startsWith('http')) {\n strapi.log.warn(\n 'You are using a third party provider for login. Make sure to set an absolute url in config/server.js. More info here: https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html#setting-up-the-server-url'\n );\n }\n\n // Ability to pass OAuth callback dynamically\n const queryCustomCallback = _.get(ctx, 'query.callback');\n const dynamicSessionCallback = _.get(ctx, 'session.grant.dynamic.callback');\n\n const customCallback = queryCustomCallback ?? dynamicSessionCallback;\n\n // The custom callback is validated to make sure it's not redirecting to an unwanted actor.\n if (customCallback !== undefined) {\n try {\n // We're extracting the callback validator from the plugin config since it can be user-customized\n const { validate: validateCallback } = strapi\n .plugin('users-permissions')\n .config('callback');\n\n await validateCallback(customCallback, grantConfig[provider]);\n\n grantConfig[provider].callback = customCallback;\n } catch (e) {\n throw new ValidationError('Invalid callback URL provided', { callback: customCallback });\n }\n }\n\n // Build a valid redirect URI for the current provider\n grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider);\n\n return grant(grantConfig)(ctx, next);\n },\n\n async forgotPassword(ctx) {\n const { email } = await validateForgotPasswordBody(ctx.request.body);\n\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const emailSettings = await pluginStore.get({ key: 'email' });\n const advancedSettings = await pluginStore.get({ key: 'advanced' });\n\n // Find the user by email.\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { email: email.toLowerCase() } });\n\n if (!user || user.blocked) {\n return ctx.send({ ok: true });\n }\n\n // Generate random token.\n const userInfo = await sanitizeUser(user, ctx);\n\n const resetPasswordToken = crypto.randomBytes(64).toString('hex');\n\n const resetPasswordSettings = _.get(emailSettings, 'reset_password.options', {});\n const emailBody = await getService('users-permissions').template(\n resetPasswordSettings.message,\n {\n URL: advancedSettings.email_reset_password,\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: userInfo,\n TOKEN: resetPasswordToken,\n }\n );\n\n const emailObject = await getService('users-permissions').template(\n resetPasswordSettings.object,\n {\n USER: userInfo,\n }\n );\n\n const emailToSend = {\n to: user.email,\n from:\n resetPasswordSettings.from.email || resetPasswordSettings.from.name\n ? `${resetPasswordSettings.from.name} <${resetPasswordSettings.from.email}>`\n : undefined,\n replyTo: resetPasswordSettings.response_email,\n subject: emailObject,\n text: emailBody,\n html: emailBody,\n };\n\n // NOTE: Update the user before sending the email so an Admin can generate the link if the email fails\n await getService('user').edit(user.id, { resetPasswordToken });\n\n // Send an email to the user.\n await strapi.plugin('email').service('email').send(emailToSend);\n\n ctx.send({ ok: true });\n },\n\n async register(ctx) {\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const settings = await pluginStore.get({ key: 'advanced' });\n\n if (!settings.allow_register) {\n throw new ApplicationError('Register action is currently disabled');\n }\n\n const { register } = strapi.config.get('plugin::users-permissions');\n const alwaysAllowedKeys = ['username', 'password', 'email'];\n\n // Note that we intentionally do not filter allowedFields to allow a project to explicitly accept private or other Strapi field on registration\n const allowedKeys = compact(\n concat(alwaysAllowedKeys, isArray(register?.allowedFields) ? register.allowedFields : [])\n );\n\n // Check if there are any keys in requestBody that are not in allowedKeys\n const invalidKeys = Object.keys(ctx.request.body).filter((key) => !allowedKeys.includes(key));\n\n if (invalidKeys.length > 0) {\n // If there are invalid keys, throw an error\n throw new ValidationError(`Invalid parameters: ${invalidKeys.join(', ')}`);\n }\n\n const params = {\n ..._.pick(ctx.request.body, allowedKeys),\n provider: 'local',\n };\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n await validateRegisterBody(params, validations);\n\n const role = await strapi.db\n .query('plugin::users-permissions.role')\n .findOne({ where: { type: settings.default_role } });\n\n if (!role) {\n throw new ApplicationError('Impossible to find the default role');\n }\n\n const { email, username, provider } = params;\n\n const identifierFilter = {\n $or: [\n { email: email.toLowerCase() },\n { username: email.toLowerCase() },\n { username },\n { email: username },\n ],\n };\n\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter, provider },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n\n if (settings.unique_email) {\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n }\n\n const newUser = {\n ...params,\n role: role.id,\n email: email.toLowerCase(),\n username,\n confirmed: !settings.email_confirmation,\n };\n\n const user = await getService('user').add(newUser);\n\n const sanitizedUser = await sanitizeUser(user, ctx);\n\n if (settings.email_confirmation) {\n try {\n await getService('user').sendConfirmationEmail(sanitizedUser);\n } catch (err) {\n strapi.log.error(err);\n throw new ApplicationError('Error sending confirmation email');\n }\n\n return ctx.send({ user: sanitizedUser });\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body) || crypto.randomUUID();\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({ jwt: access.token, refreshToken: refresh.token, user: sanitizedUser });\n }\n\n const jwt = getService('jwt').issue(_.pick(user, ['id']));\n return ctx.send({ jwt, user: sanitizedUser });\n },\n\n async emailConfirmation(ctx, next, returnUser) {\n const { confirmation: confirmationToken } = await validateEmailConfirmationBody(ctx.query);\n\n const userService = getService('user');\n const jwtService = getService('jwt');\n\n const [user] = await userService.fetchAll({ filters: { confirmationToken } });\n\n if (!user) {\n throw new ValidationError('Invalid token');\n }\n\n await userService.edit(user.id, { confirmed: true, confirmationToken: null });\n\n if (returnUser) {\n ctx.send({\n jwt: jwtService.issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } else {\n const settings = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n .get();\n\n ctx.redirect(settings.email_confirmation_redirection || '/');\n }\n },\n\n async sendEmailConfirmation(ctx) {\n const { email } = await validateSendEmailConfirmationBody(ctx.request.body);\n\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: { email: email.toLowerCase() },\n });\n\n if (!user) {\n return ctx.send({ email, sent: true });\n }\n\n if (user.confirmed) {\n throw new ApplicationError('Already confirmed');\n }\n\n if (user.blocked) {\n throw new ApplicationError('User blocked');\n }\n\n await getService('user').sendConfirmationEmail(user);\n\n ctx.send({\n email: user.email,\n sent: true,\n });\n },\n});\n"],"names":["crypto","require$$0","_","require$$1","concat","compact","isArray","require$$2","utils","require$$3","getService","require$$4","validateCallbackBody","validateRegisterBody","validateSendEmailConfirmationBody","validateForgotPasswordBody","validateResetPasswordBody","validateEmailConfirmationBody","validateChangePasswordBody","require$$5","ApplicationError","ValidationError","ForbiddenError","errors","sanitizeUser","user","ctx","auth","state","userSchema","strapi","getModel","contentAPI","sanitize","output","extractDeviceId","requestBody","deviceId","length","undefined","callback","provider","params","request","body","store","type","name","grantSettings","get","key","grantProvider","identifier","db","query","findOne","where","$or","email","toLowerCase","username","password","validPassword","validatePassword","advancedSettings","requiresConfirmation","confirmed","blocked","mode","config","refresh","sessionManager","generateRefreshToken","String","id","access","generateAccessToken","token","upSessions","requestHttpOnly","header","httpOnly","cookieName","cookie","isProduction","process","env","NODE_ENV","isSecure","secure","cookieOptions","sameSite","path","domain","overwrite","cookies","set","send","jwt","refreshToken","issue","connect","error","message","changePassword","validations","currentPassword","edit","invalidateRefreshToken","newDeviceId","randomUUID","resetPassword","passwordConfirmation","code","resetPasswordToken","notFound","badRequest","rotation","rotateRefreshToken","unauthorized","result","logout","err","log","expires","Date","ok","next","grant","require$$6","koa","providers","apiPrefix","grantConfig","defaults","prefix","requestPath","url","split","server","startsWith","warn","queryCustomCallback","dynamicSessionCallback","customCallback","validate","validateCallback","plugin","e","redirect_uri","buildRedirectUri","forgotPassword","pluginStore","emailSettings","userInfo","randomBytes","toString","resetPasswordSettings","emailBody","template","URL","email_reset_password","SERVER_URL","ADMIN_URL","USER","TOKEN","emailObject","object","emailToSend","to","from","replyTo","response_email","subject","text","html","service","register","settings","allow_register","alwaysAllowedKeys","allowedKeys","allowedFields","invalidKeys","Object","keys","filter","includes","join","pick","role","default_role","identifierFilter","conflictingUserCount","count","unique_email","newUser","email_confirmation","add","sanitizedUser","sendConfirmationEmail","emailConfirmation","returnUser","confirmation","confirmationToken","userService","jwtService","fetchAll","filters","redirect","email_confirmation_redirection","sendEmailConfirmation","sent"],"mappings":";;;;;;;;;;;;;;;AAEA;;;;4CAOA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,CAAIC,GAAAA,YAAAA;AACV,IAAA,MAAM,EAAEC,MAAM,EAAEC,OAAO,EAAEC,OAAO,EAAE,GAAGC,YAAAA;AACrC,IAAA,MAAMC,KAAQC,GAAAA,UAAAA;IACd,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AACvB,IAAA,MAAM,EACJC,oBAAoB,EACpBC,oBAAoB,EACpBC,iCAAiC,EACjCC,0BAA0B,EAC1BC,yBAAyB,EACzBC,6BAA6B,EAC7BC,0BAA0B,EAC3B,GAAGC,gBAAAA,EAAAA;IAEJ,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAEC,cAAc,EAAE,GAAGd,KAAAA,CAAMe,MAAM;IAE1E,MAAMC,YAAAA,GAAe,CAACC,IAAMC,EAAAA,GAAAA,GAAAA;AAC1B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,KAAK;QAC1B,MAAMC,UAAAA,GAAaC,MAAOC,CAAAA,QAAQ,CAAC,gCAAA,CAAA;QAEnC,OAAOD,MAAAA,CAAOE,UAAU,CAACC,QAAQ,CAACC,MAAM,CAACT,MAAMI,UAAY,EAAA;AAAEF,YAAAA;AAAI,SAAA,CAAA;AACnE,KAAA;AAEA,IAAA,MAAMQ,kBAAkB,CAACC,WAAAA,GAAAA;AACvB,QAAA,MAAM,EAAEC,QAAQ,EAAE,GAAGD,eAAe;AAEpC,QAAA,OAAO,OAAOC,QAAa,KAAA,QAAA,IAAYA,SAASC,MAAM,GAAG,IAAID,QAAWE,GAAAA,SAAAA;AAC1E,KAAA;AAEAZ,IAAAA,IAAAA,GAAiB,CAAC,EAAEG,MAAAA,EAAAA,OAAM,EAAE,IAAM;AAChC,YAAA,MAAMU,UAASd,GAAG,EAAA;AAChB,gBAAA,MAAMe,QAAWf,GAAAA,GAAAA,CAAIgB,MAAM,CAACD,QAAQ,IAAI,OAAA;AACxC,gBAAA,MAAMC,MAAShB,GAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI;gBAE/B,MAAMC,KAAAA,GAAQf,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AACtE,gBAAA,MAAMC,aAAgB,GAAA,MAAMH,KAAMI,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAO,iBAAA,CAAA;gBAEpD,MAAMC,aAAAA,GAAgBV,QAAa,KAAA,OAAA,GAAU,OAAUA,GAAAA,QAAAA;AAEvD,gBAAA,IAAI,CAACvC,CAAAA,CAAE+C,GAAG,CAACD,aAAe,EAAA;AAACG,oBAAAA,aAAAA;AAAe,oBAAA;iBAAU,CAAG,EAAA;AACrD,oBAAA,MAAM,IAAI/B,gBAAiB,CAAA,2BAAA,CAAA;AAC5B;AAED,gBAAA,IAAIqB,aAAa,OAAS,EAAA;AACxB,oBAAA,MAAM7B,oBAAqB8B,CAAAA,MAAAA,CAAAA;oBAE3B,MAAM,EAAEU,UAAU,EAAE,GAAGV,MAAAA;;oBAGvB,MAAMjB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkCC,CAAAA,CAAAA,OAAO,CAAC;wBAC3EC,KAAO,EAAA;AACLf,4BAAAA,QAAAA;4BACAgB,GAAK,EAAA;AAAC,gCAAA;AAAEC,oCAAAA,KAAAA,EAAON,WAAWO,WAAW;;AAAM,gCAAA;oCAAEC,QAAUR,EAAAA;;AAAa;AACrE;AACT,qBAAA,CAAA;AAEM,oBAAA,IAAI,CAAC3B,IAAM,EAAA;AACT,wBAAA,MAAM,IAAIJ,eAAgB,CAAA,gCAAA,CAAA;AAC3B;oBAED,IAAI,CAACI,IAAKoC,CAAAA,QAAQ,EAAE;AAClB,wBAAA,MAAM,IAAIxC,eAAgB,CAAA,gCAAA,CAAA;AAC3B;oBAED,MAAMyC,aAAAA,GAAgB,MAAMpD,UAAAA,CAAW,MAAQqD,CAAAA,CAAAA,gBAAgB,CAC7DrB,MAAOmB,CAAAA,QAAQ,EACfpC,IAAAA,CAAKoC,QAAQ,CAAA;AAGf,oBAAA,IAAI,CAACC,aAAe,EAAA;AAClB,wBAAA,MAAM,IAAIzC,eAAgB,CAAA,gCAAA,CAAA;AAC3B;AAED,oBAAA,MAAM2C,gBAAmB,GAAA,MAAMnB,KAAMI,CAAAA,GAAG,CAAC;wBAAEC,GAAK,EAAA;AAAU,qBAAA,CAAA;AAC1D,oBAAA,MAAMe,oBAAuB/D,GAAAA,CAAAA,CAAE+C,GAAG,CAACe,gBAAkB,EAAA,oBAAA,CAAA;AAErD,oBAAA,IAAIC,oBAAwBxC,IAAAA,IAAAA,CAAKyC,SAAS,KAAK,IAAM,EAAA;AACnD,wBAAA,MAAM,IAAI9C,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;oBAED,IAAIK,IAAAA,CAAK0C,OAAO,KAAK,IAAM,EAAA;AACzB,wBAAA,MAAM,IAAI/C,gBAAiB,CAAA,mDAAA,CAAA;AAC5B;AAED,oBAAA,MAAMgD,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,oBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,wBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,wBAAA,MAAM0B,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;4BAAES,IAAM,EAAA;AAAS,yBAAA,CAAA;wBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,wBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,4BAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AAED,wBAAA,MAAM0D,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,wBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;wBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,4BAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9C,4BAAA,MAAMqC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;4BAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SACjCX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MACnBL,GAAAA,YAAAA;AAEN,4BAAA,MAAMM,aAAgB,GAAA;gCACpBT,QAAU,EAAA,IAAA;gCACVQ,MAAQD,EAAAA,QAAAA;gCACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;gCACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;gCACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;gCAC3BC,SAAW,EAAA;AACvB,6BAAA;AAEUpE,4BAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYZ,EAAAA,OAAAA,CAAQO,KAAK,EAAEa,aAAAA,CAAAA;4BAC3C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,gCAAAA,GAAAA,EAAKvB,OAAOE,KAAK;gCAAEpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AAAM,6BAAA,CAAA;AAC3E;wBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;AACdC,4BAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,4BAAAA,YAAAA,EAAc7B,QAAQO,KAAK;4BAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACzC,yBAAA,CAAA;AACO;oBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;wBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;;gBAGD,IAAI;oBACF,MAAMD,IAAAA,GAAO,MAAMf,UAAW,CAAA,WAAA,CAAA,CAAa2F,OAAO,CAAC5D,QAAAA,EAAUf,IAAI4B,KAAK,CAAA;oBAEtE,IAAI7B,IAAAA,CAAK0C,OAAO,EAAE;AAChB,wBAAA,MAAM,IAAI7C,cAAe,CAAA,mDAAA,CAAA;AAC1B;AAED,oBAAA,MAAM8C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,oBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,wBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,wBAAA,MAAM0B,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;4BAAES,IAAM,EAAA;AAAS,yBAAA,CAAA;wBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,wBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,4BAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AAED,wBAAA,MAAM0D,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,wBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;wBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,4BAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9C,4BAAA,MAAMqC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;4BAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SACjCX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MACnBL,GAAAA,YAAAA;AAEN,4BAAA,MAAMM,aAAgB,GAAA;gCACpBT,QAAU,EAAA,IAAA;gCACVQ,MAAQD,EAAAA,QAAAA;gCACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;gCACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;gCACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;gCAC3BC,SAAW,EAAA;AACvB,6BAAA;AACUpE,4BAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYZ,EAAAA,OAAAA,CAAQO,KAAK,EAAEa,aAAAA,CAAAA;4BAC3C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,gCAAAA,GAAAA,EAAKvB,OAAOE,KAAK;gCAAEpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AAAM,6BAAA,CAAA;AAC3E;wBACD,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;AACdC,4BAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,4BAAAA,YAAAA,EAAc7B,QAAQO,KAAK;4BAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACzC,yBAAA,CAAA;AACO;oBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;wBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK,iBAAA,CAAC,OAAO4E,KAAO,EAAA;oBACd,MAAM,IAAIlF,gBAAiBkF,CAAAA,KAAAA,CAAMC,OAAO,CAAA;AACzC;AACF,aAAA;AAED,YAAA,MAAMC,gBAAe9E,GAAG,EAAA;AACtB,gBAAA,IAAI,CAACA,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;AACnB,oBAAA,MAAM,IAAIL,gBAAiB,CAAA,kDAAA,CAAA;AAC5B;AAED,gBAAA,MAAMqF,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAEyD,eAAe,EAAE7C,QAAQ,EAAE,GAAG,MAAM3C,0BAAAA,CAC1CQ,GAAIiB,CAAAA,OAAO,CAACC,IAAI,EAChB6D,WAAAA,CAAAA;gBAGF,MAAMhF,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEkB,wBAAAA,EAAAA,EAAIhD,GAAIE,CAAAA,KAAK,CAACH,IAAI,CAACiD;AAAI;AAAA,iBAAA,CAAA;gBAE7C,MAAMZ,aAAAA,GAAgB,MAAMpD,UAAW,CAAA,MAAA,CAAA,CAAQqD,gBAAgB,CAAC2C,eAAAA,EAAiBjF,KAAKoC,QAAQ,CAAA;AAE9F,gBAAA,IAAI,CAACC,aAAe,EAAA;AAClB,oBAAA,MAAM,IAAIzC,eAAgB,CAAA,0CAAA,CAAA;AAC3B;AAED,gBAAA,IAAIqF,oBAAoB7C,QAAU,EAAA;AAChC,oBAAA,MAAM,IAAIxC,eAAgB,CAAA,gEAAA,CAAA;AAC3B;AAED,gBAAA,MAAMX,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;AAAEb,oBAAAA;AAAQ,iBAAA,CAAA;AAEjD,gBAAA,MAAMO,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;;oBAGjD,MAAMd,OAAAA,CAAOyC,cAAc,CAAC,mBAAA,CAAA,CAAqBqC,sBAAsB,CAACnC,MAAAA,CAAOhD,KAAKiD,EAAE,CAAA,CAAA;oBAEtF,MAAMmC,WAAAA,GAAcxE,QAAYrC,IAAAA,MAAAA,CAAO8G,UAAU,EAAA;AACjD,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGmC,WAAa,EAAA;wBAAE/D,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEvE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AACdC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;gBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;oBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,wBAAAA,EAAAA,EAAIjD,KAAKiD;;oBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACrC,iBAAA,CAAA;AACG,aAAA;AAED,YAAA,MAAMqF,eAAcrF,GAAG,EAAA;AACrB,gBAAA,MAAM+E,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAEY,QAAQ,EAAEmD,oBAAoB,EAAEC,IAAI,EAAE,GAAG,MAAMjG,yBACrDU,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAChB6D,WAAAA,CAAAA;AAGF,gBAAA,IAAI5C,aAAamD,oBAAsB,EAAA;AACrC,oBAAA,MAAM,IAAI3F,eAAgB,CAAA,wBAAA,CAAA;AAC3B;gBAED,MAAMI,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;wBAAE0D,kBAAoBD,EAAAA;AAAI;AAAI,iBAAA,CAAA;AAElD,gBAAA,IAAI,CAACxF,IAAM,EAAA;AACT,oBAAA,MAAM,IAAIJ,eAAgB,CAAA,yBAAA,CAAA;AAC3B;AAED,gBAAA,MAAMX,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;oBACrCwC,kBAAoB,EAAA,IAAA;AACpBrD,oBAAAA;AACN,iBAAA,CAAA;AAEI,gBAAA,MAAMO,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;;oBAGjD,MAAMd,OAAAA,CAAOyC,cAAc,CAAC,mBAAA,CAAA,CAAqBqC,sBAAsB,CAACnC,MAAAA,CAAOhD,KAAKiD,EAAE,CAAA,CAAA;oBAEtF,MAAMmC,WAAAA,GAAcxE,QAAYrC,IAAAA,MAAAA,CAAO8G,UAAU,EAAA;AACjD,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGmC,WAAa,EAAA;wBAAE/D,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEvE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AACdC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;gBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;oBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,wBAAAA,EAAAA,EAAIjD,KAAKiD;;oBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACrC,iBAAA,CAAA;AACG,aAAA;AACD,YAAA,MAAM4C,SAAQ5C,GAAG,EAAA;AACf,gBAAA,MAAM0C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,OAAO1C,IAAIyF,QAAQ,EAAA;AACpB;AAED,gBAAA,MAAMrC,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;gBACrC,MAAMiC,UAAAA,GAAaJ,UAAYK,EAAAA,MAAAA,EAAQpC,IAAQ,IAAA,mBAAA;;AAG/C,gBAAA,IAAIoD,YAAezE,GAAAA,GAAAA,CAAIqE,OAAO,CAAC9C,GAAG,CAACiC,UAAAA,CAAAA;AACnC,gBAAA,IAAI,CAACiB,YAAc,EAAA;AACjBA,oBAAAA,YAAAA,GAAezE,GAAIiB,CAAAA,OAAO,CAACC,IAAI,EAAEuD,YAAAA;AAClC;AAED,gBAAA,IAAI,CAACA,YAAAA,IAAgB,OAAOA,YAAAA,KAAiB,QAAU,EAAA;oBACrD,OAAOzE,GAAAA,CAAI0F,UAAU,CAAC,uBAAA,CAAA;AACvB;AAED,gBAAA,MAAMC,WAAW,MAAMvF,OAAAA,CACpByC,cAAc,CAAC,mBAAA,CAAA,CACf+C,kBAAkB,CAACnB,YAAAA,CAAAA;AACtB,gBAAA,IAAI,WAAWkB,QAAU,EAAA;oBACvB,OAAO3F,GAAAA,CAAI6F,YAAY,CAAC,uBAAA,CAAA;AACzB;gBAED,MAAMC,MAAAA,GAAS,MAAM1F,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACyC,QAAAA,CAASxC,KAAK,CAAA;AACrC,gBAAA,IAAI,WAAW2C,MAAQ,EAAA;oBACrB,OAAO9F,GAAAA,CAAI6F,YAAY,CAAC,uBAAA,CAAA;AACzB;AAED,gBAAA,MAAMxC,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,oBAAA,MAAMK,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;oBAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SAAYX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MAASL,GAAAA,YAAAA;AAE/E,oBAAA,MAAMM,aAAgB,GAAA;wBACpBT,QAAU,EAAA,IAAA;wBACVQ,MAAQD,EAAAA,QAAAA;wBACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;wBACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;wBACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;wBAC3BC,SAAW,EAAA;AACnB,qBAAA;AACMpE,oBAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYmC,EAAAA,QAAAA,CAASxC,KAAK,EAAEa,aAAAA,CAAAA;oBAC5C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKsB,OAAO3C;AAAK,qBAAA,CAAA;AACpC;gBACD,OAAOnD,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,oBAAAA,GAAAA,EAAKsB,OAAO3C,KAAK;AAAEsB,oBAAAA,YAAAA,EAAckB,SAASxC;AAAK,iBAAA,CAAA;AAClE,aAAA;AACD,YAAA,MAAM4C,QAAO/F,GAAG,EAAA;AACd,gBAAA,MAAM0C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,OAAO1C,IAAIyF,QAAQ,EAAA;AACpB;;AAGD,gBAAA,IAAI,CAACzF,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;oBACnB,OAAOC,GAAAA,CAAI6F,YAAY,CAAC,wBAAA,CAAA;AACzB;AAED,gBAAA,MAAMlF,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;gBACjD,IAAI;AACF,oBAAA,MAAMd,OACHyC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfqC,sBAAsB,CAACnC,MAAO/C,CAAAA,GAAAA,CAAIE,KAAK,CAACH,IAAI,CAACiD,EAAE,CAAGrC,EAAAA,QAAAA,CAAAA;AACtD,iBAAA,CAAC,OAAOqF,GAAK,EAAA;AACZ5F,oBAAAA,OAAAA,CAAO6F,GAAG,CAACrB,KAAK,CAAC,kBAAoBoB,EAAAA,GAAAA,CAAAA;AACtC;AAED,gBAAA,MAAM5C,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,gBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,oBAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9CrB,oBAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,YAAY,EAAI,EAAA;AAAE0C,wBAAAA,OAAAA,EAAS,IAAIC,IAAK,CAAA,CAAA;AAAE,qBAAA,CAAA;AACvD;gBACD,OAAOnG,GAAAA,CAAIuE,IAAI,CAAC;oBAAE6B,EAAI,EAAA;AAAM,iBAAA,CAAA;AAC7B,aAAA;YACD,MAAMzB,OAAAA,CAAAA,CAAQ3E,GAAG,EAAEqG,IAAI,EAAA;gBACrB,MAAMC,KAAAA,GAAQC,WAAiBC,GAAG,EAAA;AAElC,gBAAA,MAAMC,SAAY,GAAA,MAAMrG,OACrBe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA,mBAAA;oBAAqBG,GAAK,EAAA;mBACxDD,GAAG,EAAA;AAEN,gBAAA,MAAMmF,SAAYtG,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,iBAAA,CAAA;AACpC,gBAAA,MAAMoF,WAAc,GAAA;oBAClBC,QAAU,EAAA;wBACRC,MAAQ,EAAA,CAAA,EAAGH,SAAU,CAAA,QAAQ;AAC9B,qBAAA;AACD,oBAAA,GAAGD;AACT,iBAAA;gBAEI,MAAM,CAACK,YAAY,GAAG9G,GAAAA,CAAIiB,OAAO,CAAC8F,GAAG,CAACC,KAAK,CAAC,GAAA,CAAA;AAC5C,gBAAA,MAAMjG,QAAW+F,GAAAA,WAAAA,CAAYE,KAAK,CAAC,WAAY,CAAA,CAAC,CAAE,CAAA,CAACA,KAAK,CAAC,GAAI,CAAA,CAAC,CAAE,CAAA;gBAEhE,IAAI,CAACxI,EAAE+C,GAAG,CAACoF,WAAW,CAAC5F,QAAAA,CAAS,EAAE,SAAY,CAAA,EAAA;AAC5C,oBAAA,MAAM,IAAIrB,gBAAiB,CAAA,2BAAA,CAAA;AAC5B;gBAED,IAAI,CAACU,OAAOuC,CAAAA,MAAM,CAACsE,MAAM,CAACF,GAAG,CAACG,UAAU,CAAC,MAAS,CAAA,EAAA;oBAChD9G,OAAO6F,CAAAA,GAAG,CAACkB,IAAI,CACb,6NAAA,CAAA;AAEH;;AAGD,gBAAA,MAAMC,mBAAsB5I,GAAAA,CAAAA,CAAE+C,GAAG,CAACvB,GAAK,EAAA,gBAAA,CAAA;AACvC,gBAAA,MAAMqH,sBAAyB7I,GAAAA,CAAAA,CAAE+C,GAAG,CAACvB,GAAK,EAAA,gCAAA,CAAA;AAE1C,gBAAA,MAAMsH,iBAAiBF,mBAAuBC,IAAAA,sBAAAA;;AAG9C,gBAAA,IAAIC,mBAAmBzG,SAAW,EAAA;oBAChC,IAAI;;wBAEF,MAAM,EAAE0G,QAAUC,EAAAA,gBAAgB,EAAE,GAAGpH,QACpCqH,MAAM,CAAC,mBACP9E,CAAAA,CAAAA,MAAM,CAAC,UAAA,CAAA;AAEV,wBAAA,MAAM6E,gBAAiBF,CAAAA,cAAAA,EAAgBX,WAAW,CAAC5F,QAAS,CAAA,CAAA;AAE5D4F,wBAAAA,WAAW,CAAC5F,QAAAA,CAAS,CAACD,QAAQ,GAAGwG,cAAAA;AAClC,qBAAA,CAAC,OAAOI,CAAG,EAAA;wBACV,MAAM,IAAI/H,gBAAgB,+BAAiC,EAAA;4BAAEmB,QAAUwG,EAAAA;AAAgB,yBAAA,CAAA;AACxF;AACF;;gBAGDX,WAAW,CAAC5F,SAAS,CAAC4G,YAAY,GAAG3I,UAAW,CAAA,WAAA,CAAA,CAAa4I,gBAAgB,CAAC7G,QAAAA,CAAAA;gBAE9E,OAAOuF,KAAAA,CAAMK,aAAa3G,GAAKqG,EAAAA,IAAAA,CAAAA;AAChC,aAAA;AAED,YAAA,MAAMwB,gBAAe7H,GAAG,EAAA;gBACtB,MAAM,EAAEgC,KAAK,EAAE,GAAG,MAAM3C,0BAA2BW,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;AAEnE,gBAAA,MAAM4G,WAAc,GAAA,MAAM1H,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAM0G,aAAgB,GAAA,MAAMD,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAO,iBAAA,CAAA;AAC1D,gBAAA,MAAMc,gBAAmB,GAAA,MAAMwF,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAU,iBAAA,CAAA;;gBAGhE,MAAMzB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI;AAAA,iBAAA,CAAA;AAElD,gBAAA,IAAI,CAAClC,IAAAA,IAAQA,IAAK0C,CAAAA,OAAO,EAAE;oBACzB,OAAOzC,GAAAA,CAAIuE,IAAI,CAAC;wBAAE6B,EAAI,EAAA;AAAM,qBAAA,CAAA;AAC7B;;gBAGD,MAAM4B,QAAAA,GAAW,MAAMlI,YAAAA,CAAaC,IAAMC,EAAAA,GAAAA,CAAAA;AAE1C,gBAAA,MAAMwF,qBAAqBlH,MAAO2J,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE3D,gBAAA,MAAMC,wBAAwB3J,CAAE+C,CAAAA,GAAG,CAACwG,aAAAA,EAAe,0BAA0B,EAAA,CAAA;gBAC7E,MAAMK,SAAAA,GAAY,MAAMpJ,UAAW,CAAA,mBAAA,CAAA,CAAqBqJ,QAAQ,CAC9DF,qBAAAA,CAAsBtD,OAAO,EAC7B;AACEyD,oBAAAA,GAAAA,EAAKhG,iBAAiBiG,oBAAoB;AAC1CC,oBAAAA,UAAAA,EAAYpI,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,oBAAA,CAAA;AAC9BkH,oBAAAA,SAAAA,EAAWrI,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,mBAAA,CAAA;oBAC7BmH,IAAMV,EAAAA,QAAAA;oBACNW,KAAOnD,EAAAA;AACR,iBAAA,CAAA;gBAGH,MAAMoD,WAAAA,GAAc,MAAM5J,UAAW,CAAA,mBAAA,CAAA,CAAqBqJ,QAAQ,CAChEF,qBAAAA,CAAsBU,MAAM,EAC5B;oBACEH,IAAMV,EAAAA;AACP,iBAAA,CAAA;AAGH,gBAAA,MAAMc,WAAc,GAAA;AAClBC,oBAAAA,EAAAA,EAAIhJ,KAAKiC,KAAK;oBACdgH,IACEb,EAAAA,qBAAAA,CAAsBa,IAAI,CAAChH,KAAK,IAAImG,sBAAsBa,IAAI,CAAC3H,IAAI,GAC/D,CAAG8G,EAAAA,qBAAAA,CAAsBa,IAAI,CAAC3H,IAAI,CAAC,EAAE,EAAE8G,qBAAAA,CAAsBa,IAAI,CAAChH,KAAK,CAAC,CAAC,CAAC,GAC1EnB,SAAAA;AACNoI,oBAAAA,OAAAA,EAASd,sBAAsBe,cAAc;oBAC7CC,OAASP,EAAAA,WAAAA;oBACTQ,IAAMhB,EAAAA,SAAAA;oBACNiB,IAAMjB,EAAAA;AACZ,iBAAA;;AAGI,gBAAA,MAAMpJ,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;AAAEwC,oBAAAA;AAAkB,iBAAA,CAAA;;gBAG3D,MAAMpF,OAAAA,CAAOqH,MAAM,CAAC,OAAA,CAAA,CAAS6B,OAAO,CAAC,OAAA,CAAA,CAAS/E,IAAI,CAACuE,WAAAA,CAAAA;AAEnD9I,gBAAAA,GAAAA,CAAIuE,IAAI,CAAC;oBAAE6B,EAAI,EAAA;AAAM,iBAAA,CAAA;AACtB,aAAA;AAED,YAAA,MAAMmD,UAASvJ,GAAG,EAAA;AAChB,gBAAA,MAAM8H,WAAc,GAAA,MAAM1H,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAMmI,QAAW,GAAA,MAAM1B,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAU,iBAAA,CAAA;gBAExD,IAAI,CAACgI,QAASC,CAAAA,cAAc,EAAE;AAC5B,oBAAA,MAAM,IAAI/J,gBAAiB,CAAA,uCAAA,CAAA;AAC5B;gBAED,MAAM,EAAE6J,QAAQ,EAAE,GAAGnJ,QAAOuC,MAAM,CAACpB,GAAG,CAAC,2BAAA,CAAA;AACvC,gBAAA,MAAMmI,iBAAoB,GAAA;AAAC,oBAAA,UAAA;AAAY,oBAAA,UAAA;AAAY,oBAAA;AAAQ,iBAAA;;gBAG3D,MAAMC,WAAAA,GAAchL,OAClBD,CAAAA,MAAAA,CAAOgL,iBAAmB9K,EAAAA,OAAAA,CAAQ2K,UAAUK,aAAiBL,CAAAA,GAAAA,QAAAA,CAASK,aAAa,GAAG,EAAE,CAAA,CAAA;;AAI1F,gBAAA,MAAMC,cAAcC,MAAOC,CAAAA,IAAI,CAAC/J,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAE8I,CAAAA,MAAM,CAAC,CAACxI,GAAAA,GAAQ,CAACmI,WAAAA,CAAYM,QAAQ,CAACzI,GAAAA,CAAAA,CAAAA;gBAExF,IAAIqI,WAAAA,CAAYjJ,MAAM,GAAG,CAAG,EAAA;;oBAE1B,MAAM,IAAIjB,gBAAgB,CAAC,oBAAoB,EAAEkK,WAAYK,CAAAA,IAAI,CAAC,IAAO,CAAA,CAAA,CAAA,CAAA;AAC1E;AAED,gBAAA,MAAMlJ,MAAS,GAAA;oBACb,GAAGxC,CAAAA,CAAE2L,IAAI,CAACnK,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAAEyI,WAAY,CAAA;oBACxC5I,QAAU,EAAA;AAChB,iBAAA;AAEI,gBAAA,MAAMgE,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAMpC,qBAAqB6B,MAAQ+D,EAAAA,WAAAA,CAAAA;gBAEnC,MAAMqF,IAAAA,GAAO,MAAMhK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEV,wBAAAA,IAAAA,EAAMoI,SAASa;AAAc;AAAA,iBAAA,CAAA;AAEnD,gBAAA,IAAI,CAACD,IAAM,EAAA;AACT,oBAAA,MAAM,IAAI1K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;AAED,gBAAA,MAAM,EAAEsC,KAAK,EAAEE,QAAQ,EAAEnB,QAAQ,EAAE,GAAGC,MAAAA;AAEtC,gBAAA,MAAMsJ,gBAAmB,GAAA;oBACvBvI,GAAK,EAAA;AACH,wBAAA;AAAEC,4BAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI,yBAAA;AAC9B,wBAAA;AAAEC,4BAAAA,QAAAA,EAAUF,MAAMC,WAAW;AAAI,yBAAA;AACjC,wBAAA;AAAEC,4BAAAA;AAAU,yBAAA;AACZ,wBAAA;4BAAEF,KAAOE,EAAAA;AAAU;AACpB;AACP,iBAAA;gBAEI,MAAMqI,oBAAAA,GAAuB,MAAMnK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkC4I,CAAAA,CAAAA,KAAK,CAAC;oBACzF1I,KAAO,EAAA;AAAE,wBAAA,GAAGwI,gBAAgB;AAAEvJ,wBAAAA;AAAU;AAC9C,iBAAA,CAAA;AAEI,gBAAA,IAAIwJ,uBAAuB,CAAG,EAAA;AAC5B,oBAAA,MAAM,IAAI7K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;gBAED,IAAI8J,QAAAA,CAASiB,YAAY,EAAE;oBACzB,MAAMF,oBAAAA,GAAuB,MAAMnK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkC4I,CAAAA,CAAAA,KAAK,CAAC;wBACzF1I,KAAO,EAAA;AAAE,4BAAA,GAAGwI;AAAkB;AACtC,qBAAA,CAAA;AAEM,oBAAA,IAAIC,uBAAuB,CAAG,EAAA;AAC5B,wBAAA,MAAM,IAAI7K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;AACF;AAED,gBAAA,MAAMgL,OAAU,GAAA;AACd,oBAAA,GAAG1J,MAAM;AACToJ,oBAAAA,IAAAA,EAAMA,KAAKpH,EAAE;AACbhB,oBAAAA,KAAAA,EAAOA,MAAMC,WAAW,EAAA;AACxBC,oBAAAA,QAAAA;oBACAM,SAAW,EAAA,CAACgH,SAASmB;AAC3B,iBAAA;AAEI,gBAAA,MAAM5K,IAAO,GAAA,MAAMf,UAAW,CAAA,MAAA,CAAA,CAAQ4L,GAAG,CAACF,OAAAA,CAAAA;gBAE1C,MAAMG,aAAAA,GAAgB,MAAM/K,YAAAA,CAAaC,IAAMC,EAAAA,GAAAA,CAAAA;gBAE/C,IAAIwJ,QAAAA,CAASmB,kBAAkB,EAAE;oBAC/B,IAAI;wBACF,MAAM3L,UAAAA,CAAW,MAAQ8L,CAAAA,CAAAA,qBAAqB,CAACD,aAAAA,CAAAA;AAChD,qBAAA,CAAC,OAAO7E,GAAK,EAAA;wBACZ5F,OAAO6F,CAAAA,GAAG,CAACrB,KAAK,CAACoB,GAAAA,CAAAA;AACjB,wBAAA,MAAM,IAAItG,gBAAiB,CAAA,kCAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;wBAAExE,IAAM8K,EAAAA;AAAe,qBAAA,CAAA;AACxC;AAED,gBAAA,MAAMnI,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;oBACtB,MAAM/B,QAAAA,GAAWF,gBAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA,IAAK5C,OAAO8G,UAAU,EAAA;AAEvE,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;wBAAES,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AAAEsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAAEpD,IAAM8K,EAAAA;AAAe,qBAAA,CAAA;AACxF;gBAED,MAAMrG,GAAAA,GAAMxF,WAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAClG,CAAE2L,CAAAA,IAAI,CAACpK,IAAM,EAAA;AAAC,oBAAA;AAAK,iBAAA,CAAA,CAAA;gBACvD,OAAOC,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,oBAAAA,GAAAA;oBAAKzE,IAAM8K,EAAAA;AAAa,iBAAA,CAAA;AAC3C,aAAA;AAED,YAAA,MAAME,iBAAkB/K,CAAAA,CAAAA,GAAG,EAAEqG,IAAI,EAAE2E,UAAU,EAAA;gBAC3C,MAAM,EAAEC,cAAcC,iBAAiB,EAAE,GAAG,MAAM3L,6BAAAA,CAA8BS,IAAI4B,KAAK,CAAA;AAEzF,gBAAA,MAAMuJ,cAAcnM,UAAW,CAAA,MAAA,CAAA;AAC/B,gBAAA,MAAMoM,aAAapM,UAAW,CAAA,KAAA,CAAA;AAE9B,gBAAA,MAAM,CAACe,IAAK,CAAA,GAAG,MAAMoL,WAAAA,CAAYE,QAAQ,CAAC;oBAAEC,OAAS,EAAA;AAAEJ,wBAAAA;AAAmB;AAAA,iBAAA,CAAA;AAE1E,gBAAA,IAAI,CAACnL,IAAM,EAAA;AACT,oBAAA,MAAM,IAAIJ,eAAgB,CAAA,eAAA,CAAA;AAC3B;AAED,gBAAA,MAAMwL,WAAYlG,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;oBAAER,SAAW,EAAA,IAAA;oBAAM0I,iBAAmB,EAAA;AAAI,iBAAA,CAAA;AAE1E,gBAAA,IAAIF,UAAY,EAAA;AACdhL,oBAAAA,GAAAA,CAAIuE,IAAI,CAAC;wBACPC,GAAK4G,EAAAA,UAAAA,CAAW1G,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACjCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;iBACW,MAAA;AACL,oBAAA,MAAMwJ,QAAW,GAAA,MAAMpJ,OACpBe,CAAAA,KAAK,CAAC;wBAAEC,IAAM,EAAA,QAAA;wBAAUC,IAAM,EAAA,mBAAA;wBAAqBG,GAAK,EAAA;uBACxDD,GAAG,EAAA;AAENvB,oBAAAA,GAAAA,CAAIuL,QAAQ,CAAC/B,QAASgC,CAAAA,8BAA8B,IAAI,GAAA,CAAA;AACzD;AACF,aAAA;AAED,YAAA,MAAMC,uBAAsBzL,GAAG,EAAA;gBAC7B,MAAM,EAAEgC,KAAK,EAAE,GAAG,MAAM5C,iCAAkCY,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;gBAE1E,MAAMnB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkCC,CAAAA,CAAAA,OAAO,CAAC;oBAC3EC,KAAO,EAAA;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI;AAC3C,iBAAA,CAAA;AAEI,gBAAA,IAAI,CAAClC,IAAM,EAAA;oBACT,OAAOC,GAAAA,CAAIuE,IAAI,CAAC;AAAEvC,wBAAAA,KAAAA;wBAAO0J,IAAM,EAAA;AAAI,qBAAA,CAAA;AACpC;gBAED,IAAI3L,IAAAA,CAAKyC,SAAS,EAAE;AAClB,oBAAA,MAAM,IAAI9C,gBAAiB,CAAA,mBAAA,CAAA;AAC5B;gBAED,IAAIK,IAAAA,CAAK0C,OAAO,EAAE;AAChB,oBAAA,MAAM,IAAI/C,gBAAiB,CAAA,cAAA,CAAA;AAC5B;gBAED,MAAMV,UAAAA,CAAW,MAAQ8L,CAAAA,CAAAA,qBAAqB,CAAC/K,IAAAA,CAAAA;AAE/CC,gBAAAA,GAAAA,CAAIuE,IAAI,CAAC;AACPvC,oBAAAA,KAAAA,EAAOjC,KAAKiC,KAAK;oBACjB0J,IAAM,EAAA;AACZ,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
package/dist/server/controllers/auth.mjs CHANGED
@@ -207,10 +207,8 @@ function requireAuth() {
207
207
  const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
208
208
  if (mode === 'refresh') {
209
209
  const deviceId = extractDeviceId(ctx.request.body);
210
- if (deviceId) {
211
- // Invalidate sessions: specific device if deviceId provided
212
- await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id), deviceId);
213
- }
210
+ // Invalidate all sessions when password changes for security
211
+ await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));
214
212
  const newDeviceId = deviceId || crypto.randomUUID();
215
213
  const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), newDeviceId, {
216
214
  type: 'refresh'
@@ -253,10 +251,8 @@ function requireAuth() {
253
251
  const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
254
252
  if (mode === 'refresh') {
255
253
  const deviceId = extractDeviceId(ctx.request.body);
256
- if (deviceId) {
257
- // Invalidate sessions: specific device if deviceId provided
258
- await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id), deviceId);
259
- }
254
+ // Invalidate all sessions when password is reset for security
255
+ await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));
260
256
  const newDeviceId = deviceId || crypto.randomUUID();
261
257
  const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), newDeviceId, {
262
258
  type: 'refresh'
@@ -283,7 +279,13 @@ function requireAuth() {
283
279
  if (mode !== 'refresh') {
284
280
  return ctx.notFound();
285
281
  }
286
- const { refreshToken } = ctx.request.body || {};
282
+ const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
283
+ const cookieName = upSessions?.cookie?.name || 'strapi_up_refresh';
284
+ // Check for refresh token in cookie first (if httpOnly is configured), then in body
285
+ let refreshToken = ctx.cookies.get(cookieName);
286
+ if (!refreshToken) {
287
+ refreshToken = ctx.request.body?.refreshToken;
288
+ }
287
289
  if (!refreshToken || typeof refreshToken !== 'string') {
288
290
  return ctx.badRequest('Missing refresh token');
289
291
  }
@@ -295,10 +297,8 @@ function requireAuth() {
295
297
  if ('error' in result) {
296
298
  return ctx.unauthorized('Invalid refresh token');
297
299
  }
298
- const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
299
300
  const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
300
301
  if (upSessions?.httpOnly || requestHttpOnly) {
301
- const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';
302
302
  const isProduction = process.env.NODE_ENV === 'production';
303
303
  const isSecure = typeof upSessions.cookie?.secure === 'boolean' ? upSessions.cookie?.secure : isProduction;
304
304
  const cookieOptions = {
package/dist/server/controllers/auth.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.mjs","sources":["../../../server/controllers/auth.js"],"sourcesContent":["'use strict';\n\n/**\n * Auth.js controller\n *\n * @description: A set of functions called \"actions\" for managing `Auth`.\n */\n\n/* eslint-disable no-useless-escape */\nconst crypto = require('crypto');\nconst _ = require('lodash');\nconst { concat, compact, isArray } = require('lodash/fp');\nconst utils = require('@strapi/utils');\nconst { getService } = require('../utils');\nconst {\n validateCallbackBody,\n validateRegisterBody,\n validateSendEmailConfirmationBody,\n validateForgotPasswordBody,\n validateResetPasswordBody,\n validateEmailConfirmationBody,\n validateChangePasswordBody,\n} = require('./validation/auth');\n\nconst { ApplicationError, ValidationError, ForbiddenError } = utils.errors;\n\nconst sanitizeUser = (user, ctx) => {\n const { auth } = ctx.state;\n const userSchema = strapi.getModel('plugin::users-permissions.user');\n\n return strapi.contentAPI.sanitize.output(user, userSchema, { auth });\n};\n\nconst extractDeviceId = (requestBody) => {\n const { deviceId } = requestBody || {};\n\n return typeof deviceId === 'string' && deviceId.length > 0 ? deviceId : undefined;\n};\n\nmodule.exports = ({ strapi }) => ({\n async callback(ctx) {\n const provider = ctx.params.provider || 'local';\n const params = ctx.request.body;\n\n const store = strapi.store({ type: 'plugin', name: 'users-permissions' });\n const grantSettings = await store.get({ key: 'grant' });\n\n const grantProvider = provider === 'local' ? 'email' : provider;\n\n if (!_.get(grantSettings, [grantProvider, 'enabled'])) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (provider === 'local') {\n await validateCallbackBody(params);\n\n const { identifier } = params;\n\n // Check if the user exists.\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: {\n provider,\n $or: [{ email: identifier.toLowerCase() }, { username: identifier }],\n },\n });\n\n if (!user) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n if (!user.password) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const validPassword = await getService('user').validatePassword(\n params.password,\n user.password\n );\n\n if (!validPassword) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const advancedSettings = await store.get({ key: 'advanced' });\n const requiresConfirmation = _.get(advancedSettings, 'email_confirmation');\n\n if (requiresConfirmation && user.confirmed !== true) {\n throw new ApplicationError('Your account email is not confirmed');\n }\n\n if (user.blocked === true) {\n throw new ApplicationError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean'\n ? upSessions.cookie?.secure\n : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n\n ctx.cookies.set(cookieName, refresh.token, cookieOptions);\n return ctx.send({ jwt: access.token, user: await sanitizeUser(user, ctx) });\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n }\n\n // Connect the user with the third-party provider.\n try {\n const user = await getService('providers').connect(provider, ctx.query);\n\n if (user.blocked) {\n throw new ForbiddenError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean'\n ? upSessions.cookie?.secure\n : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n ctx.cookies.set(cookieName, refresh.token, cookieOptions);\n return ctx.send({ jwt: access.token, user: await sanitizeUser(user, ctx) });\n }\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } catch (error) {\n throw new ApplicationError(error.message);\n }\n },\n\n async changePassword(ctx) {\n if (!ctx.state.user) {\n throw new ApplicationError('You must be authenticated to reset your password');\n }\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { currentPassword, password } = await validateChangePasswordBody(\n ctx.request.body,\n validations\n );\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { id: ctx.state.user.id } });\n\n const validPassword = await getService('user').validatePassword(currentPassword, user.password);\n\n if (!validPassword) {\n throw new ValidationError('The provided current password is invalid');\n }\n\n if (currentPassword === password) {\n throw new ValidationError('Your new password must be different than your current password');\n }\n\n await getService('user').edit(user.id, { password });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n if (deviceId) {\n // Invalidate sessions: specific device if deviceId provided\n await strapi\n .sessionManager('users-permissions')\n .invalidateRefreshToken(String(user.id), deviceId);\n }\n\n const newDeviceId = deviceId || crypto.randomUUID();\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), newDeviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n\n async resetPassword(ctx) {\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { password, passwordConfirmation, code } = await validateResetPasswordBody(\n ctx.request.body,\n validations\n );\n\n if (password !== passwordConfirmation) {\n throw new ValidationError('Passwords do not match');\n }\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { resetPasswordToken: code } });\n\n if (!user) {\n throw new ValidationError('Incorrect code provided');\n }\n\n await getService('user').edit(user.id, {\n resetPasswordToken: null,\n password,\n });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n if (deviceId) {\n // Invalidate sessions: specific device if deviceId provided\n await strapi\n .sessionManager('users-permissions')\n .invalidateRefreshToken(String(user.id), deviceId);\n }\n\n const newDeviceId = deviceId || crypto.randomUUID();\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), newDeviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n async refresh(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n const { refreshToken } = ctx.request.body || {};\n if (!refreshToken || typeof refreshToken !== 'string') {\n return ctx.badRequest('Missing refresh token');\n }\n\n const rotation = await strapi\n .sessionManager('users-permissions')\n .rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean' ? upSessions.cookie?.secure : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n ctx.cookies.set(cookieName, rotation.token, cookieOptions);\n return ctx.send({ jwt: result.token });\n }\n return ctx.send({ jwt: result.token, refreshToken: rotation.token });\n },\n async logout(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n // Invalidate all sessions for the authenticated user, or by deviceId if provided\n if (!ctx.state.user) {\n return ctx.unauthorized('Missing authentication');\n }\n\n const deviceId = extractDeviceId(ctx.request.body);\n try {\n await strapi\n .sessionManager('users-permissions')\n .invalidateRefreshToken(String(ctx.state.user.id), deviceId);\n } catch (err) {\n strapi.log.error('UP logout failed', err);\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n ctx.cookies.set(cookieName, '', { expires: new Date(0) });\n }\n return ctx.send({ ok: true });\n },\n async connect(ctx, next) {\n const grant = require('grant').koa();\n\n const providers = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })\n .get();\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n const grantConfig = {\n defaults: {\n prefix: `${apiPrefix}/connect`,\n },\n ...providers,\n };\n\n const [requestPath] = ctx.request.url.split('?');\n const provider = requestPath.split('/connect/')[1].split('/')[0];\n\n if (!_.get(grantConfig[provider], 'enabled')) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (!strapi.config.server.url.startsWith('http')) {\n strapi.log.warn(\n 'You are using a third party provider for login. Make sure to set an absolute url in config/server.js. More info here: https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html#setting-up-the-server-url'\n );\n }\n\n // Ability to pass OAuth callback dynamically\n const queryCustomCallback = _.get(ctx, 'query.callback');\n const dynamicSessionCallback = _.get(ctx, 'session.grant.dynamic.callback');\n\n const customCallback = queryCustomCallback ?? dynamicSessionCallback;\n\n // The custom callback is validated to make sure it's not redirecting to an unwanted actor.\n if (customCallback !== undefined) {\n try {\n // We're extracting the callback validator from the plugin config since it can be user-customized\n const { validate: validateCallback } = strapi\n .plugin('users-permissions')\n .config('callback');\n\n await validateCallback(customCallback, grantConfig[provider]);\n\n grantConfig[provider].callback = customCallback;\n } catch (e) {\n throw new ValidationError('Invalid callback URL provided', { callback: customCallback });\n }\n }\n\n // Build a valid redirect URI for the current provider\n grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider);\n\n return grant(grantConfig)(ctx, next);\n },\n\n async forgotPassword(ctx) {\n const { email } = await validateForgotPasswordBody(ctx.request.body);\n\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const emailSettings = await pluginStore.get({ key: 'email' });\n const advancedSettings = await pluginStore.get({ key: 'advanced' });\n\n // Find the user by email.\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { email: email.toLowerCase() } });\n\n if (!user || user.blocked) {\n return ctx.send({ ok: true });\n }\n\n // Generate random token.\n const userInfo = await sanitizeUser(user, ctx);\n\n const resetPasswordToken = crypto.randomBytes(64).toString('hex');\n\n const resetPasswordSettings = _.get(emailSettings, 'reset_password.options', {});\n const emailBody = await getService('users-permissions').template(\n resetPasswordSettings.message,\n {\n URL: advancedSettings.email_reset_password,\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: userInfo,\n TOKEN: resetPasswordToken,\n }\n );\n\n const emailObject = await getService('users-permissions').template(\n resetPasswordSettings.object,\n {\n USER: userInfo,\n }\n );\n\n const emailToSend = {\n to: user.email,\n from:\n resetPasswordSettings.from.email || resetPasswordSettings.from.name\n ? `${resetPasswordSettings.from.name} <${resetPasswordSettings.from.email}>`\n : undefined,\n replyTo: resetPasswordSettings.response_email,\n subject: emailObject,\n text: emailBody,\n html: emailBody,\n };\n\n // NOTE: Update the user before sending the email so an Admin can generate the link if the email fails\n await getService('user').edit(user.id, { resetPasswordToken });\n\n // Send an email to the user.\n await strapi.plugin('email').service('email').send(emailToSend);\n\n ctx.send({ ok: true });\n },\n\n async register(ctx) {\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const settings = await pluginStore.get({ key: 'advanced' });\n\n if (!settings.allow_register) {\n throw new ApplicationError('Register action is currently disabled');\n }\n\n const { register } = strapi.config.get('plugin::users-permissions');\n const alwaysAllowedKeys = ['username', 'password', 'email'];\n\n // Note that we intentionally do not filter allowedFields to allow a project to explicitly accept private or other Strapi field on registration\n const allowedKeys = compact(\n concat(alwaysAllowedKeys, isArray(register?.allowedFields) ? register.allowedFields : [])\n );\n\n // Check if there are any keys in requestBody that are not in allowedKeys\n const invalidKeys = Object.keys(ctx.request.body).filter((key) => !allowedKeys.includes(key));\n\n if (invalidKeys.length > 0) {\n // If there are invalid keys, throw an error\n throw new ValidationError(`Invalid parameters: ${invalidKeys.join(', ')}`);\n }\n\n const params = {\n ..._.pick(ctx.request.body, allowedKeys),\n provider: 'local',\n };\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n await validateRegisterBody(params, validations);\n\n const role = await strapi.db\n .query('plugin::users-permissions.role')\n .findOne({ where: { type: settings.default_role } });\n\n if (!role) {\n throw new ApplicationError('Impossible to find the default role');\n }\n\n const { email, username, provider } = params;\n\n const identifierFilter = {\n $or: [\n { email: email.toLowerCase() },\n { username: email.toLowerCase() },\n { username },\n { email: username },\n ],\n };\n\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter, provider },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n\n if (settings.unique_email) {\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n }\n\n const newUser = {\n ...params,\n role: role.id,\n email: email.toLowerCase(),\n username,\n confirmed: !settings.email_confirmation,\n };\n\n const user = await getService('user').add(newUser);\n\n const sanitizedUser = await sanitizeUser(user, ctx);\n\n if (settings.email_confirmation) {\n try {\n await getService('user').sendConfirmationEmail(sanitizedUser);\n } catch (err) {\n strapi.log.error(err);\n throw new ApplicationError('Error sending confirmation email');\n }\n\n return ctx.send({ user: sanitizedUser });\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body) || crypto.randomUUID();\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({ jwt: access.token, refreshToken: refresh.token, user: sanitizedUser });\n }\n\n const jwt = getService('jwt').issue(_.pick(user, ['id']));\n return ctx.send({ jwt, user: sanitizedUser });\n },\n\n async emailConfirmation(ctx, next, returnUser) {\n const { confirmation: confirmationToken } = await validateEmailConfirmationBody(ctx.query);\n\n const userService = getService('user');\n const jwtService = getService('jwt');\n\n const [user] = await userService.fetchAll({ filters: { confirmationToken } });\n\n if (!user) {\n throw new ValidationError('Invalid token');\n }\n\n await userService.edit(user.id, { confirmed: true, confirmationToken: null });\n\n if (returnUser) {\n ctx.send({\n jwt: jwtService.issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } else {\n const settings = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n .get();\n\n ctx.redirect(settings.email_confirmation_redirection || '/');\n }\n },\n\n async sendEmailConfirmation(ctx) {\n const { email } = await validateSendEmailConfirmationBody(ctx.request.body);\n\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: { email: email.toLowerCase() },\n });\n\n if (!user) {\n return ctx.send({ email, sent: true });\n }\n\n if (user.confirmed) {\n throw new ApplicationError('Already confirmed');\n }\n\n if (user.blocked) {\n throw new ApplicationError('User blocked');\n }\n\n await getService('user').sendConfirmationEmail(user);\n\n ctx.send({\n email: user.email,\n sent: true,\n });\n },\n});\n"],"names":["crypto","require$$0","_","require$$1","concat","compact","isArray","require$$2","utils","require$$3","getService","require$$4","validateCallbackBody","validateRegisterBody","validateSendEmailConfirmationBody","validateForgotPasswordBody","validateResetPasswordBody","validateEmailConfirmationBody","validateChangePasswordBody","require$$5","ApplicationError","ValidationError","ForbiddenError","errors","sanitizeUser","user","ctx","auth","state","userSchema","strapi","getModel","contentAPI","sanitize","output","extractDeviceId","requestBody","deviceId","length","undefined","callback","provider","params","request","body","store","type","name","grantSettings","get","key","grantProvider","identifier","db","query","findOne","where","$or","email","toLowerCase","username","password","validPassword","validatePassword","advancedSettings","requiresConfirmation","confirmed","blocked","mode","config","refresh","sessionManager","generateRefreshToken","String","id","access","generateAccessToken","token","upSessions","requestHttpOnly","header","httpOnly","cookieName","cookie","isProduction","process","env","NODE_ENV","isSecure","secure","cookieOptions","sameSite","path","domain","overwrite","cookies","set","send","jwt","refreshToken","issue","connect","error","message","changePassword","validations","currentPassword","edit","invalidateRefreshToken","newDeviceId","randomUUID","resetPassword","passwordConfirmation","code","resetPasswordToken","notFound","badRequest","rotation","rotateRefreshToken","unauthorized","result","logout","err","log","expires","Date","ok","next","grant","require$$6","koa","providers","apiPrefix","grantConfig","defaults","prefix","requestPath","url","split","server","startsWith","warn","queryCustomCallback","dynamicSessionCallback","customCallback","validate","validateCallback","plugin","e","redirect_uri","buildRedirectUri","forgotPassword","pluginStore","emailSettings","userInfo","randomBytes","toString","resetPasswordSettings","emailBody","template","URL","email_reset_password","SERVER_URL","ADMIN_URL","USER","TOKEN","emailObject","object","emailToSend","to","from","replyTo","response_email","subject","text","html","service","register","settings","allow_register","alwaysAllowedKeys","allowedKeys","allowedFields","invalidKeys","Object","keys","filter","includes","join","pick","role","default_role","identifierFilter","conflictingUserCount","count","unique_email","newUser","email_confirmation","add","sanitizedUser","sendConfirmationEmail","emailConfirmation","returnUser","confirmation","confirmationToken","userService","jwtService","fetchAll","filters","redirect","email_confirmation_redirection","sendEmailConfirmation","sent"],"mappings":";;;;;;;;;;;;;AAEA;;;;4CAOA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,CAAIC,GAAAA,YAAAA;AACV,IAAA,MAAM,EAAEC,MAAM,EAAEC,OAAO,EAAEC,OAAO,EAAE,GAAGC,YAAAA;AACrC,IAAA,MAAMC,KAAQC,GAAAA,UAAAA;IACd,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AACvB,IAAA,MAAM,EACJC,oBAAoB,EACpBC,oBAAoB,EACpBC,iCAAiC,EACjCC,0BAA0B,EAC1BC,yBAAyB,EACzBC,6BAA6B,EAC7BC,0BAA0B,EAC3B,GAAGC,aAAAA,EAAAA;IAEJ,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAEC,cAAc,EAAE,GAAGd,KAAAA,CAAMe,MAAM;IAE1E,MAAMC,YAAAA,GAAe,CAACC,IAAMC,EAAAA,GAAAA,GAAAA;AAC1B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,KAAK;QAC1B,MAAMC,UAAAA,GAAaC,MAAOC,CAAAA,QAAQ,CAAC,gCAAA,CAAA;QAEnC,OAAOD,MAAAA,CAAOE,UAAU,CAACC,QAAQ,CAACC,MAAM,CAACT,MAAMI,UAAY,EAAA;AAAEF,YAAAA;AAAI,SAAA,CAAA;AACnE,KAAA;AAEA,IAAA,MAAMQ,kBAAkB,CAACC,WAAAA,GAAAA;AACvB,QAAA,MAAM,EAAEC,QAAQ,EAAE,GAAGD,eAAe;AAEpC,QAAA,OAAO,OAAOC,QAAa,KAAA,QAAA,IAAYA,SAASC,MAAM,GAAG,IAAID,QAAWE,GAAAA,SAAAA;AAC1E,KAAA;AAEAZ,IAAAA,IAAAA,GAAiB,CAAC,EAAEG,MAAAA,EAAAA,OAAM,EAAE,IAAM;AAChC,YAAA,MAAMU,UAASd,GAAG,EAAA;AAChB,gBAAA,MAAMe,QAAWf,GAAAA,GAAAA,CAAIgB,MAAM,CAACD,QAAQ,IAAI,OAAA;AACxC,gBAAA,MAAMC,MAAShB,GAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI;gBAE/B,MAAMC,KAAAA,GAAQf,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AACtE,gBAAA,MAAMC,aAAgB,GAAA,MAAMH,KAAMI,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAO,iBAAA,CAAA;gBAEpD,MAAMC,aAAAA,GAAgBV,QAAa,KAAA,OAAA,GAAU,OAAUA,GAAAA,QAAAA;AAEvD,gBAAA,IAAI,CAACvC,CAAAA,CAAE+C,GAAG,CAACD,aAAe,EAAA;AAACG,oBAAAA,aAAAA;AAAe,oBAAA;iBAAU,CAAG,EAAA;AACrD,oBAAA,MAAM,IAAI/B,gBAAiB,CAAA,2BAAA,CAAA;AAC5B;AAED,gBAAA,IAAIqB,aAAa,OAAS,EAAA;AACxB,oBAAA,MAAM7B,oBAAqB8B,CAAAA,MAAAA,CAAAA;oBAE3B,MAAM,EAAEU,UAAU,EAAE,GAAGV,MAAAA;;oBAGvB,MAAMjB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkCC,CAAAA,CAAAA,OAAO,CAAC;wBAC3EC,KAAO,EAAA;AACLf,4BAAAA,QAAAA;4BACAgB,GAAK,EAAA;AAAC,gCAAA;AAAEC,oCAAAA,KAAAA,EAAON,WAAWO,WAAW;;AAAM,gCAAA;oCAAEC,QAAUR,EAAAA;;AAAa;AACrE;AACT,qBAAA,CAAA;AAEM,oBAAA,IAAI,CAAC3B,IAAM,EAAA;AACT,wBAAA,MAAM,IAAIJ,eAAgB,CAAA,gCAAA,CAAA;AAC3B;oBAED,IAAI,CAACI,IAAKoC,CAAAA,QAAQ,EAAE;AAClB,wBAAA,MAAM,IAAIxC,eAAgB,CAAA,gCAAA,CAAA;AAC3B;oBAED,MAAMyC,aAAAA,GAAgB,MAAMpD,UAAAA,CAAW,MAAQqD,CAAAA,CAAAA,gBAAgB,CAC7DrB,MAAOmB,CAAAA,QAAQ,EACfpC,IAAAA,CAAKoC,QAAQ,CAAA;AAGf,oBAAA,IAAI,CAACC,aAAe,EAAA;AAClB,wBAAA,MAAM,IAAIzC,eAAgB,CAAA,gCAAA,CAAA;AAC3B;AAED,oBAAA,MAAM2C,gBAAmB,GAAA,MAAMnB,KAAMI,CAAAA,GAAG,CAAC;wBAAEC,GAAK,EAAA;AAAU,qBAAA,CAAA;AAC1D,oBAAA,MAAMe,oBAAuB/D,GAAAA,CAAAA,CAAE+C,GAAG,CAACe,gBAAkB,EAAA,oBAAA,CAAA;AAErD,oBAAA,IAAIC,oBAAwBxC,IAAAA,IAAAA,CAAKyC,SAAS,KAAK,IAAM,EAAA;AACnD,wBAAA,MAAM,IAAI9C,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;oBAED,IAAIK,IAAAA,CAAK0C,OAAO,KAAK,IAAM,EAAA;AACzB,wBAAA,MAAM,IAAI/C,gBAAiB,CAAA,mDAAA,CAAA;AAC5B;AAED,oBAAA,MAAMgD,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,oBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,wBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,wBAAA,MAAM0B,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;4BAAES,IAAM,EAAA;AAAS,yBAAA,CAAA;wBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,wBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,4BAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AAED,wBAAA,MAAM0D,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,wBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;wBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,4BAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9C,4BAAA,MAAMqC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;4BAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SACjCX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MACnBL,GAAAA,YAAAA;AAEN,4BAAA,MAAMM,aAAgB,GAAA;gCACpBT,QAAU,EAAA,IAAA;gCACVQ,MAAQD,EAAAA,QAAAA;gCACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;gCACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;gCACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;gCAC3BC,SAAW,EAAA;AACvB,6BAAA;AAEUpE,4BAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYZ,EAAAA,OAAAA,CAAQO,KAAK,EAAEa,aAAAA,CAAAA;4BAC3C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,gCAAAA,GAAAA,EAAKvB,OAAOE,KAAK;gCAAEpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AAAM,6BAAA,CAAA;AAC3E;wBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;AACdC,4BAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,4BAAAA,YAAAA,EAAc7B,QAAQO,KAAK;4BAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACzC,yBAAA,CAAA;AACO;oBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;wBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;;gBAGD,IAAI;oBACF,MAAMD,IAAAA,GAAO,MAAMf,UAAW,CAAA,WAAA,CAAA,CAAa2F,OAAO,CAAC5D,QAAAA,EAAUf,IAAI4B,KAAK,CAAA;oBAEtE,IAAI7B,IAAAA,CAAK0C,OAAO,EAAE;AAChB,wBAAA,MAAM,IAAI7C,cAAe,CAAA,mDAAA,CAAA;AAC1B;AAED,oBAAA,MAAM8C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,oBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,wBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,wBAAA,MAAM0B,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;4BAAES,IAAM,EAAA;AAAS,yBAAA,CAAA;wBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,wBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,4BAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AAED,wBAAA,MAAM0D,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,wBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;wBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,4BAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9C,4BAAA,MAAMqC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;4BAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SACjCX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MACnBL,GAAAA,YAAAA;AAEN,4BAAA,MAAMM,aAAgB,GAAA;gCACpBT,QAAU,EAAA,IAAA;gCACVQ,MAAQD,EAAAA,QAAAA;gCACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;gCACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;gCACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;gCAC3BC,SAAW,EAAA;AACvB,6BAAA;AACUpE,4BAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYZ,EAAAA,OAAAA,CAAQO,KAAK,EAAEa,aAAAA,CAAAA;4BAC3C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,gCAAAA,GAAAA,EAAKvB,OAAOE,KAAK;gCAAEpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AAAM,6BAAA,CAAA;AAC3E;wBACD,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;AACdC,4BAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,4BAAAA,YAAAA,EAAc7B,QAAQO,KAAK;4BAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACzC,yBAAA,CAAA;AACO;oBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;wBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK,iBAAA,CAAC,OAAO4E,KAAO,EAAA;oBACd,MAAM,IAAIlF,gBAAiBkF,CAAAA,KAAAA,CAAMC,OAAO,CAAA;AACzC;AACF,aAAA;AAED,YAAA,MAAMC,gBAAe9E,GAAG,EAAA;AACtB,gBAAA,IAAI,CAACA,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;AACnB,oBAAA,MAAM,IAAIL,gBAAiB,CAAA,kDAAA,CAAA;AAC5B;AAED,gBAAA,MAAMqF,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAEyD,eAAe,EAAE7C,QAAQ,EAAE,GAAG,MAAM3C,0BAAAA,CAC1CQ,GAAIiB,CAAAA,OAAO,CAACC,IAAI,EAChB6D,WAAAA,CAAAA;gBAGF,MAAMhF,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEkB,wBAAAA,EAAAA,EAAIhD,GAAIE,CAAAA,KAAK,CAACH,IAAI,CAACiD;AAAI;AAAA,iBAAA,CAAA;gBAE7C,MAAMZ,aAAAA,GAAgB,MAAMpD,UAAW,CAAA,MAAA,CAAA,CAAQqD,gBAAgB,CAAC2C,eAAAA,EAAiBjF,KAAKoC,QAAQ,CAAA;AAE9F,gBAAA,IAAI,CAACC,aAAe,EAAA;AAClB,oBAAA,MAAM,IAAIzC,eAAgB,CAAA,0CAAA,CAAA;AAC3B;AAED,gBAAA,IAAIqF,oBAAoB7C,QAAU,EAAA;AAChC,oBAAA,MAAM,IAAIxC,eAAgB,CAAA,gEAAA,CAAA;AAC3B;AAED,gBAAA,MAAMX,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;AAAEb,oBAAAA;AAAQ,iBAAA,CAAA;AAEjD,gBAAA,MAAMO,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,oBAAA,IAAIP,QAAU,EAAA;;wBAEZ,MAAMP,OAAAA,CACHyC,cAAc,CAAC,mBAAA,CAAA,CACfqC,sBAAsB,CAACnC,MAAAA,CAAOhD,IAAKiD,CAAAA,EAAE,CAAGrC,EAAAA,QAAAA,CAAAA;AAC5C;oBAED,MAAMwE,WAAAA,GAAcxE,QAAYrC,IAAAA,MAAAA,CAAO8G,UAAU,EAAA;AACjD,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGmC,WAAa,EAAA;wBAAE/D,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEvE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AACdC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;gBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;oBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,wBAAAA,EAAAA,EAAIjD,KAAKiD;;oBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACrC,iBAAA,CAAA;AACG,aAAA;AAED,YAAA,MAAMqF,eAAcrF,GAAG,EAAA;AACrB,gBAAA,MAAM+E,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAEY,QAAQ,EAAEmD,oBAAoB,EAAEC,IAAI,EAAE,GAAG,MAAMjG,yBACrDU,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAChB6D,WAAAA,CAAAA;AAGF,gBAAA,IAAI5C,aAAamD,oBAAsB,EAAA;AACrC,oBAAA,MAAM,IAAI3F,eAAgB,CAAA,wBAAA,CAAA;AAC3B;gBAED,MAAMI,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;wBAAE0D,kBAAoBD,EAAAA;AAAI;AAAI,iBAAA,CAAA;AAElD,gBAAA,IAAI,CAACxF,IAAM,EAAA;AACT,oBAAA,MAAM,IAAIJ,eAAgB,CAAA,yBAAA,CAAA;AAC3B;AAED,gBAAA,MAAMX,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;oBACrCwC,kBAAoB,EAAA,IAAA;AACpBrD,oBAAAA;AACN,iBAAA,CAAA;AAEI,gBAAA,MAAMO,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,oBAAA,IAAIP,QAAU,EAAA;;wBAEZ,MAAMP,OAAAA,CACHyC,cAAc,CAAC,mBAAA,CAAA,CACfqC,sBAAsB,CAACnC,MAAAA,CAAOhD,IAAKiD,CAAAA,EAAE,CAAGrC,EAAAA,QAAAA,CAAAA;AAC5C;oBAED,MAAMwE,WAAAA,GAAcxE,QAAYrC,IAAAA,MAAAA,CAAO8G,UAAU,EAAA;AACjD,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGmC,WAAa,EAAA;wBAAE/D,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEvE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AACdC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;gBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;oBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,wBAAAA,EAAAA,EAAIjD,KAAKiD;;oBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACrC,iBAAA,CAAA;AACG,aAAA;AACD,YAAA,MAAM4C,SAAQ5C,GAAG,EAAA;AACf,gBAAA,MAAM0C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,OAAO1C,IAAIyF,QAAQ,EAAA;AACpB;gBAED,MAAM,EAAEhB,YAAY,EAAE,GAAGzE,IAAIiB,OAAO,CAACC,IAAI,IAAI,EAAA;AAC7C,gBAAA,IAAI,CAACuD,YAAAA,IAAgB,OAAOA,YAAAA,KAAiB,QAAU,EAAA;oBACrD,OAAOzE,GAAAA,CAAI0F,UAAU,CAAC,uBAAA,CAAA;AACvB;AAED,gBAAA,MAAMC,WAAW,MAAMvF,OAAAA,CACpByC,cAAc,CAAC,mBAAA,CAAA,CACf+C,kBAAkB,CAACnB,YAAAA,CAAAA;AACtB,gBAAA,IAAI,WAAWkB,QAAU,EAAA;oBACvB,OAAO3F,GAAAA,CAAI6F,YAAY,CAAC,uBAAA,CAAA;AACzB;gBAED,MAAMC,MAAAA,GAAS,MAAM1F,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACyC,QAAAA,CAASxC,KAAK,CAAA;AACrC,gBAAA,IAAI,WAAW2C,MAAQ,EAAA;oBACrB,OAAO9F,GAAAA,CAAI6F,YAAY,CAAC,uBAAA,CAAA;AACzB;AAED,gBAAA,MAAMzC,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,gBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,oBAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9C,oBAAA,MAAMqC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;oBAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SAAYX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MAASL,GAAAA,YAAAA;AAE/E,oBAAA,MAAMM,aAAgB,GAAA;wBACpBT,QAAU,EAAA,IAAA;wBACVQ,MAAQD,EAAAA,QAAAA;wBACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;wBACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;wBACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;wBAC3BC,SAAW,EAAA;AACnB,qBAAA;AACMpE,oBAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYmC,EAAAA,QAAAA,CAASxC,KAAK,EAAEa,aAAAA,CAAAA;oBAC5C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKsB,OAAO3C;AAAK,qBAAA,CAAA;AACpC;gBACD,OAAOnD,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,oBAAAA,GAAAA,EAAKsB,OAAO3C,KAAK;AAAEsB,oBAAAA,YAAAA,EAAckB,SAASxC;AAAK,iBAAA,CAAA;AAClE,aAAA;AACD,YAAA,MAAM4C,QAAO/F,GAAG,EAAA;AACd,gBAAA,MAAM0C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,OAAO1C,IAAIyF,QAAQ,EAAA;AACpB;;AAGD,gBAAA,IAAI,CAACzF,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;oBACnB,OAAOC,GAAAA,CAAI6F,YAAY,CAAC,wBAAA,CAAA;AACzB;AAED,gBAAA,MAAMlF,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;gBACjD,IAAI;AACF,oBAAA,MAAMd,OACHyC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfqC,sBAAsB,CAACnC,MAAO/C,CAAAA,GAAAA,CAAIE,KAAK,CAACH,IAAI,CAACiD,EAAE,CAAGrC,EAAAA,QAAAA,CAAAA;AACtD,iBAAA,CAAC,OAAOqF,GAAK,EAAA;AACZ5F,oBAAAA,OAAAA,CAAO6F,GAAG,CAACrB,KAAK,CAAC,kBAAoBoB,EAAAA,GAAAA,CAAAA;AACtC;AAED,gBAAA,MAAM5C,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,gBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,oBAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9CrB,oBAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,YAAY,EAAI,EAAA;AAAE0C,wBAAAA,OAAAA,EAAS,IAAIC,IAAK,CAAA,CAAA;AAAE,qBAAA,CAAA;AACvD;gBACD,OAAOnG,GAAAA,CAAIuE,IAAI,CAAC;oBAAE6B,EAAI,EAAA;AAAM,iBAAA,CAAA;AAC7B,aAAA;YACD,MAAMzB,OAAAA,CAAAA,CAAQ3E,GAAG,EAAEqG,IAAI,EAAA;gBACrB,MAAMC,KAAAA,GAAQC,WAAiBC,GAAG,EAAA;AAElC,gBAAA,MAAMC,SAAY,GAAA,MAAMrG,OACrBe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA,mBAAA;oBAAqBG,GAAK,EAAA;mBACxDD,GAAG,EAAA;AAEN,gBAAA,MAAMmF,SAAYtG,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,iBAAA,CAAA;AACpC,gBAAA,MAAMoF,WAAc,GAAA;oBAClBC,QAAU,EAAA;wBACRC,MAAQ,EAAA,CAAA,EAAGH,SAAU,CAAA,QAAQ;AAC9B,qBAAA;AACD,oBAAA,GAAGD;AACT,iBAAA;gBAEI,MAAM,CAACK,YAAY,GAAG9G,GAAAA,CAAIiB,OAAO,CAAC8F,GAAG,CAACC,KAAK,CAAC,GAAA,CAAA;AAC5C,gBAAA,MAAMjG,QAAW+F,GAAAA,WAAAA,CAAYE,KAAK,CAAC,WAAY,CAAA,CAAC,CAAE,CAAA,CAACA,KAAK,CAAC,GAAI,CAAA,CAAC,CAAE,CAAA;gBAEhE,IAAI,CAACxI,EAAE+C,GAAG,CAACoF,WAAW,CAAC5F,QAAAA,CAAS,EAAE,SAAY,CAAA,EAAA;AAC5C,oBAAA,MAAM,IAAIrB,gBAAiB,CAAA,2BAAA,CAAA;AAC5B;gBAED,IAAI,CAACU,OAAOuC,CAAAA,MAAM,CAACsE,MAAM,CAACF,GAAG,CAACG,UAAU,CAAC,MAAS,CAAA,EAAA;oBAChD9G,OAAO6F,CAAAA,GAAG,CAACkB,IAAI,CACb,6NAAA,CAAA;AAEH;;AAGD,gBAAA,MAAMC,mBAAsB5I,GAAAA,CAAAA,CAAE+C,GAAG,CAACvB,GAAK,EAAA,gBAAA,CAAA;AACvC,gBAAA,MAAMqH,sBAAyB7I,GAAAA,CAAAA,CAAE+C,GAAG,CAACvB,GAAK,EAAA,gCAAA,CAAA;AAE1C,gBAAA,MAAMsH,iBAAiBF,mBAAuBC,IAAAA,sBAAAA;;AAG9C,gBAAA,IAAIC,mBAAmBzG,SAAW,EAAA;oBAChC,IAAI;;wBAEF,MAAM,EAAE0G,QAAUC,EAAAA,gBAAgB,EAAE,GAAGpH,QACpCqH,MAAM,CAAC,mBACP9E,CAAAA,CAAAA,MAAM,CAAC,UAAA,CAAA;AAEV,wBAAA,MAAM6E,gBAAiBF,CAAAA,cAAAA,EAAgBX,WAAW,CAAC5F,QAAS,CAAA,CAAA;AAE5D4F,wBAAAA,WAAW,CAAC5F,QAAAA,CAAS,CAACD,QAAQ,GAAGwG,cAAAA;AAClC,qBAAA,CAAC,OAAOI,CAAG,EAAA;wBACV,MAAM,IAAI/H,gBAAgB,+BAAiC,EAAA;4BAAEmB,QAAUwG,EAAAA;AAAgB,yBAAA,CAAA;AACxF;AACF;;gBAGDX,WAAW,CAAC5F,SAAS,CAAC4G,YAAY,GAAG3I,UAAW,CAAA,WAAA,CAAA,CAAa4I,gBAAgB,CAAC7G,QAAAA,CAAAA;gBAE9E,OAAOuF,KAAAA,CAAMK,aAAa3G,GAAKqG,EAAAA,IAAAA,CAAAA;AAChC,aAAA;AAED,YAAA,MAAMwB,gBAAe7H,GAAG,EAAA;gBACtB,MAAM,EAAEgC,KAAK,EAAE,GAAG,MAAM3C,0BAA2BW,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;AAEnE,gBAAA,MAAM4G,WAAc,GAAA,MAAM1H,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAM0G,aAAgB,GAAA,MAAMD,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAO,iBAAA,CAAA;AAC1D,gBAAA,MAAMc,gBAAmB,GAAA,MAAMwF,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAU,iBAAA,CAAA;;gBAGhE,MAAMzB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI;AAAA,iBAAA,CAAA;AAElD,gBAAA,IAAI,CAAClC,IAAAA,IAAQA,IAAK0C,CAAAA,OAAO,EAAE;oBACzB,OAAOzC,GAAAA,CAAIuE,IAAI,CAAC;wBAAE6B,EAAI,EAAA;AAAM,qBAAA,CAAA;AAC7B;;gBAGD,MAAM4B,QAAAA,GAAW,MAAMlI,YAAAA,CAAaC,IAAMC,EAAAA,GAAAA,CAAAA;AAE1C,gBAAA,MAAMwF,qBAAqBlH,MAAO2J,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE3D,gBAAA,MAAMC,wBAAwB3J,CAAE+C,CAAAA,GAAG,CAACwG,aAAAA,EAAe,0BAA0B,EAAA,CAAA;gBAC7E,MAAMK,SAAAA,GAAY,MAAMpJ,UAAW,CAAA,mBAAA,CAAA,CAAqBqJ,QAAQ,CAC9DF,qBAAAA,CAAsBtD,OAAO,EAC7B;AACEyD,oBAAAA,GAAAA,EAAKhG,iBAAiBiG,oBAAoB;AAC1CC,oBAAAA,UAAAA,EAAYpI,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,oBAAA,CAAA;AAC9BkH,oBAAAA,SAAAA,EAAWrI,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,mBAAA,CAAA;oBAC7BmH,IAAMV,EAAAA,QAAAA;oBACNW,KAAOnD,EAAAA;AACR,iBAAA,CAAA;gBAGH,MAAMoD,WAAAA,GAAc,MAAM5J,UAAW,CAAA,mBAAA,CAAA,CAAqBqJ,QAAQ,CAChEF,qBAAAA,CAAsBU,MAAM,EAC5B;oBACEH,IAAMV,EAAAA;AACP,iBAAA,CAAA;AAGH,gBAAA,MAAMc,WAAc,GAAA;AAClBC,oBAAAA,EAAAA,EAAIhJ,KAAKiC,KAAK;oBACdgH,IACEb,EAAAA,qBAAAA,CAAsBa,IAAI,CAAChH,KAAK,IAAImG,sBAAsBa,IAAI,CAAC3H,IAAI,GAC/D,CAAG8G,EAAAA,qBAAAA,CAAsBa,IAAI,CAAC3H,IAAI,CAAC,EAAE,EAAE8G,qBAAAA,CAAsBa,IAAI,CAAChH,KAAK,CAAC,CAAC,CAAC,GAC1EnB,SAAAA;AACNoI,oBAAAA,OAAAA,EAASd,sBAAsBe,cAAc;oBAC7CC,OAASP,EAAAA,WAAAA;oBACTQ,IAAMhB,EAAAA,SAAAA;oBACNiB,IAAMjB,EAAAA;AACZ,iBAAA;;AAGI,gBAAA,MAAMpJ,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;AAAEwC,oBAAAA;AAAkB,iBAAA,CAAA;;gBAG3D,MAAMpF,OAAAA,CAAOqH,MAAM,CAAC,OAAA,CAAA,CAAS6B,OAAO,CAAC,OAAA,CAAA,CAAS/E,IAAI,CAACuE,WAAAA,CAAAA;AAEnD9I,gBAAAA,GAAAA,CAAIuE,IAAI,CAAC;oBAAE6B,EAAI,EAAA;AAAM,iBAAA,CAAA;AACtB,aAAA;AAED,YAAA,MAAMmD,UAASvJ,GAAG,EAAA;AAChB,gBAAA,MAAM8H,WAAc,GAAA,MAAM1H,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAMmI,QAAW,GAAA,MAAM1B,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAU,iBAAA,CAAA;gBAExD,IAAI,CAACgI,QAASC,CAAAA,cAAc,EAAE;AAC5B,oBAAA,MAAM,IAAI/J,gBAAiB,CAAA,uCAAA,CAAA;AAC5B;gBAED,MAAM,EAAE6J,QAAQ,EAAE,GAAGnJ,QAAOuC,MAAM,CAACpB,GAAG,CAAC,2BAAA,CAAA;AACvC,gBAAA,MAAMmI,iBAAoB,GAAA;AAAC,oBAAA,UAAA;AAAY,oBAAA,UAAA;AAAY,oBAAA;AAAQ,iBAAA;;gBAG3D,MAAMC,WAAAA,GAAchL,OAClBD,CAAAA,MAAAA,CAAOgL,iBAAmB9K,EAAAA,OAAAA,CAAQ2K,UAAUK,aAAiBL,CAAAA,GAAAA,QAAAA,CAASK,aAAa,GAAG,EAAE,CAAA,CAAA;;AAI1F,gBAAA,MAAMC,cAAcC,MAAOC,CAAAA,IAAI,CAAC/J,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAE8I,CAAAA,MAAM,CAAC,CAACxI,GAAAA,GAAQ,CAACmI,WAAAA,CAAYM,QAAQ,CAACzI,GAAAA,CAAAA,CAAAA;gBAExF,IAAIqI,WAAAA,CAAYjJ,MAAM,GAAG,CAAG,EAAA;;oBAE1B,MAAM,IAAIjB,gBAAgB,CAAC,oBAAoB,EAAEkK,WAAYK,CAAAA,IAAI,CAAC,IAAO,CAAA,CAAA,CAAA,CAAA;AAC1E;AAED,gBAAA,MAAMlJ,MAAS,GAAA;oBACb,GAAGxC,CAAAA,CAAE2L,IAAI,CAACnK,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAAEyI,WAAY,CAAA;oBACxC5I,QAAU,EAAA;AAChB,iBAAA;AAEI,gBAAA,MAAMgE,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAMpC,qBAAqB6B,MAAQ+D,EAAAA,WAAAA,CAAAA;gBAEnC,MAAMqF,IAAAA,GAAO,MAAMhK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEV,wBAAAA,IAAAA,EAAMoI,SAASa;AAAc;AAAA,iBAAA,CAAA;AAEnD,gBAAA,IAAI,CAACD,IAAM,EAAA;AACT,oBAAA,MAAM,IAAI1K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;AAED,gBAAA,MAAM,EAAEsC,KAAK,EAAEE,QAAQ,EAAEnB,QAAQ,EAAE,GAAGC,MAAAA;AAEtC,gBAAA,MAAMsJ,gBAAmB,GAAA;oBACvBvI,GAAK,EAAA;AACH,wBAAA;AAAEC,4BAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI,yBAAA;AAC9B,wBAAA;AAAEC,4BAAAA,QAAAA,EAAUF,MAAMC,WAAW;AAAI,yBAAA;AACjC,wBAAA;AAAEC,4BAAAA;AAAU,yBAAA;AACZ,wBAAA;4BAAEF,KAAOE,EAAAA;AAAU;AACpB;AACP,iBAAA;gBAEI,MAAMqI,oBAAAA,GAAuB,MAAMnK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkC4I,CAAAA,CAAAA,KAAK,CAAC;oBACzF1I,KAAO,EAAA;AAAE,wBAAA,GAAGwI,gBAAgB;AAAEvJ,wBAAAA;AAAU;AAC9C,iBAAA,CAAA;AAEI,gBAAA,IAAIwJ,uBAAuB,CAAG,EAAA;AAC5B,oBAAA,MAAM,IAAI7K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;gBAED,IAAI8J,QAAAA,CAASiB,YAAY,EAAE;oBACzB,MAAMF,oBAAAA,GAAuB,MAAMnK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkC4I,CAAAA,CAAAA,KAAK,CAAC;wBACzF1I,KAAO,EAAA;AAAE,4BAAA,GAAGwI;AAAkB;AACtC,qBAAA,CAAA;AAEM,oBAAA,IAAIC,uBAAuB,CAAG,EAAA;AAC5B,wBAAA,MAAM,IAAI7K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;AACF;AAED,gBAAA,MAAMgL,OAAU,GAAA;AACd,oBAAA,GAAG1J,MAAM;AACToJ,oBAAAA,IAAAA,EAAMA,KAAKpH,EAAE;AACbhB,oBAAAA,KAAAA,EAAOA,MAAMC,WAAW,EAAA;AACxBC,oBAAAA,QAAAA;oBACAM,SAAW,EAAA,CAACgH,SAASmB;AAC3B,iBAAA;AAEI,gBAAA,MAAM5K,IAAO,GAAA,MAAMf,UAAW,CAAA,MAAA,CAAA,CAAQ4L,GAAG,CAACF,OAAAA,CAAAA;gBAE1C,MAAMG,aAAAA,GAAgB,MAAM/K,YAAAA,CAAaC,IAAMC,EAAAA,GAAAA,CAAAA;gBAE/C,IAAIwJ,QAAAA,CAASmB,kBAAkB,EAAE;oBAC/B,IAAI;wBACF,MAAM3L,UAAAA,CAAW,MAAQ8L,CAAAA,CAAAA,qBAAqB,CAACD,aAAAA,CAAAA;AAChD,qBAAA,CAAC,OAAO7E,GAAK,EAAA;wBACZ5F,OAAO6F,CAAAA,GAAG,CAACrB,KAAK,CAACoB,GAAAA,CAAAA;AACjB,wBAAA,MAAM,IAAItG,gBAAiB,CAAA,kCAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;wBAAExE,IAAM8K,EAAAA;AAAe,qBAAA,CAAA;AACxC;AAED,gBAAA,MAAMnI,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;oBACtB,MAAM/B,QAAAA,GAAWF,gBAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA,IAAK5C,OAAO8G,UAAU,EAAA;AAEvE,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;wBAAES,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AAAEsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAAEpD,IAAM8K,EAAAA;AAAe,qBAAA,CAAA;AACxF;gBAED,MAAMrG,GAAAA,GAAMxF,WAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAClG,CAAE2L,CAAAA,IAAI,CAACpK,IAAM,EAAA;AAAC,oBAAA;AAAK,iBAAA,CAAA,CAAA;gBACvD,OAAOC,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,oBAAAA,GAAAA;oBAAKzE,IAAM8K,EAAAA;AAAa,iBAAA,CAAA;AAC3C,aAAA;AAED,YAAA,MAAME,iBAAkB/K,CAAAA,CAAAA,GAAG,EAAEqG,IAAI,EAAE2E,UAAU,EAAA;gBAC3C,MAAM,EAAEC,cAAcC,iBAAiB,EAAE,GAAG,MAAM3L,6BAAAA,CAA8BS,IAAI4B,KAAK,CAAA;AAEzF,gBAAA,MAAMuJ,cAAcnM,UAAW,CAAA,MAAA,CAAA;AAC/B,gBAAA,MAAMoM,aAAapM,UAAW,CAAA,KAAA,CAAA;AAE9B,gBAAA,MAAM,CAACe,IAAK,CAAA,GAAG,MAAMoL,WAAAA,CAAYE,QAAQ,CAAC;oBAAEC,OAAS,EAAA;AAAEJ,wBAAAA;AAAmB;AAAA,iBAAA,CAAA;AAE1E,gBAAA,IAAI,CAACnL,IAAM,EAAA;AACT,oBAAA,MAAM,IAAIJ,eAAgB,CAAA,eAAA,CAAA;AAC3B;AAED,gBAAA,MAAMwL,WAAYlG,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;oBAAER,SAAW,EAAA,IAAA;oBAAM0I,iBAAmB,EAAA;AAAI,iBAAA,CAAA;AAE1E,gBAAA,IAAIF,UAAY,EAAA;AACdhL,oBAAAA,GAAAA,CAAIuE,IAAI,CAAC;wBACPC,GAAK4G,EAAAA,UAAAA,CAAW1G,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACjCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;iBACW,MAAA;AACL,oBAAA,MAAMwJ,QAAW,GAAA,MAAMpJ,OACpBe,CAAAA,KAAK,CAAC;wBAAEC,IAAM,EAAA,QAAA;wBAAUC,IAAM,EAAA,mBAAA;wBAAqBG,GAAK,EAAA;uBACxDD,GAAG,EAAA;AAENvB,oBAAAA,GAAAA,CAAIuL,QAAQ,CAAC/B,QAASgC,CAAAA,8BAA8B,IAAI,GAAA,CAAA;AACzD;AACF,aAAA;AAED,YAAA,MAAMC,uBAAsBzL,GAAG,EAAA;gBAC7B,MAAM,EAAEgC,KAAK,EAAE,GAAG,MAAM5C,iCAAkCY,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;gBAE1E,MAAMnB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkCC,CAAAA,CAAAA,OAAO,CAAC;oBAC3EC,KAAO,EAAA;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI;AAC3C,iBAAA,CAAA;AAEI,gBAAA,IAAI,CAAClC,IAAM,EAAA;oBACT,OAAOC,GAAAA,CAAIuE,IAAI,CAAC;AAAEvC,wBAAAA,KAAAA;wBAAO0J,IAAM,EAAA;AAAI,qBAAA,CAAA;AACpC;gBAED,IAAI3L,IAAAA,CAAKyC,SAAS,EAAE;AAClB,oBAAA,MAAM,IAAI9C,gBAAiB,CAAA,mBAAA,CAAA;AAC5B;gBAED,IAAIK,IAAAA,CAAK0C,OAAO,EAAE;AAChB,oBAAA,MAAM,IAAI/C,gBAAiB,CAAA,cAAA,CAAA;AAC5B;gBAED,MAAMV,UAAAA,CAAW,MAAQ8L,CAAAA,CAAAA,qBAAqB,CAAC/K,IAAAA,CAAAA;AAE/CC,gBAAAA,GAAAA,CAAIuE,IAAI,CAAC;AACPvC,oBAAAA,KAAAA,EAAOjC,KAAKiC,KAAK;oBACjB0J,IAAM,EAAA;AACZ,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
1
+ {"version":3,"file":"auth.mjs","sources":["../../../server/controllers/auth.js"],"sourcesContent":["'use strict';\n\n/**\n * Auth.js controller\n *\n * @description: A set of functions called \"actions\" for managing `Auth`.\n */\n\n/* eslint-disable no-useless-escape */\nconst crypto = require('crypto');\nconst _ = require('lodash');\nconst { concat, compact, isArray } = require('lodash/fp');\nconst utils = require('@strapi/utils');\nconst { getService } = require('../utils');\nconst {\n validateCallbackBody,\n validateRegisterBody,\n validateSendEmailConfirmationBody,\n validateForgotPasswordBody,\n validateResetPasswordBody,\n validateEmailConfirmationBody,\n validateChangePasswordBody,\n} = require('./validation/auth');\n\nconst { ApplicationError, ValidationError, ForbiddenError } = utils.errors;\n\nconst sanitizeUser = (user, ctx) => {\n const { auth } = ctx.state;\n const userSchema = strapi.getModel('plugin::users-permissions.user');\n\n return strapi.contentAPI.sanitize.output(user, userSchema, { auth });\n};\n\nconst extractDeviceId = (requestBody) => {\n const { deviceId } = requestBody || {};\n\n return typeof deviceId === 'string' && deviceId.length > 0 ? deviceId : undefined;\n};\n\nmodule.exports = ({ strapi }) => ({\n async callback(ctx) {\n const provider = ctx.params.provider || 'local';\n const params = ctx.request.body;\n\n const store = strapi.store({ type: 'plugin', name: 'users-permissions' });\n const grantSettings = await store.get({ key: 'grant' });\n\n const grantProvider = provider === 'local' ? 'email' : provider;\n\n if (!_.get(grantSettings, [grantProvider, 'enabled'])) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (provider === 'local') {\n await validateCallbackBody(params);\n\n const { identifier } = params;\n\n // Check if the user exists.\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: {\n provider,\n $or: [{ email: identifier.toLowerCase() }, { username: identifier }],\n },\n });\n\n if (!user) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n if (!user.password) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const validPassword = await getService('user').validatePassword(\n params.password,\n user.password\n );\n\n if (!validPassword) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const advancedSettings = await store.get({ key: 'advanced' });\n const requiresConfirmation = _.get(advancedSettings, 'email_confirmation');\n\n if (requiresConfirmation && user.confirmed !== true) {\n throw new ApplicationError('Your account email is not confirmed');\n }\n\n if (user.blocked === true) {\n throw new ApplicationError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean'\n ? upSessions.cookie?.secure\n : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n\n ctx.cookies.set(cookieName, refresh.token, cookieOptions);\n return ctx.send({ jwt: access.token, user: await sanitizeUser(user, ctx) });\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n }\n\n // Connect the user with the third-party provider.\n try {\n const user = await getService('providers').connect(provider, ctx.query);\n\n if (user.blocked) {\n throw new ForbiddenError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean'\n ? upSessions.cookie?.secure\n : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n ctx.cookies.set(cookieName, refresh.token, cookieOptions);\n return ctx.send({ jwt: access.token, user: await sanitizeUser(user, ctx) });\n }\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } catch (error) {\n throw new ApplicationError(error.message);\n }\n },\n\n async changePassword(ctx) {\n if (!ctx.state.user) {\n throw new ApplicationError('You must be authenticated to reset your password');\n }\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { currentPassword, password } = await validateChangePasswordBody(\n ctx.request.body,\n validations\n );\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { id: ctx.state.user.id } });\n\n const validPassword = await getService('user').validatePassword(currentPassword, user.password);\n\n if (!validPassword) {\n throw new ValidationError('The provided current password is invalid');\n }\n\n if (currentPassword === password) {\n throw new ValidationError('Your new password must be different than your current password');\n }\n\n await getService('user').edit(user.id, { password });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n // Invalidate all sessions when password changes for security\n await strapi.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));\n\n const newDeviceId = deviceId || crypto.randomUUID();\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), newDeviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n\n async resetPassword(ctx) {\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { password, passwordConfirmation, code } = await validateResetPasswordBody(\n ctx.request.body,\n validations\n );\n\n if (password !== passwordConfirmation) {\n throw new ValidationError('Passwords do not match');\n }\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { resetPasswordToken: code } });\n\n if (!user) {\n throw new ValidationError('Incorrect code provided');\n }\n\n await getService('user').edit(user.id, {\n resetPasswordToken: null,\n password,\n });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n // Invalidate all sessions when password is reset for security\n await strapi.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));\n\n const newDeviceId = deviceId || crypto.randomUUID();\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), newDeviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n async refresh(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const cookieName = upSessions?.cookie?.name || 'strapi_up_refresh';\n\n // Check for refresh token in cookie first (if httpOnly is configured), then in body\n let refreshToken = ctx.cookies.get(cookieName);\n if (!refreshToken) {\n refreshToken = ctx.request.body?.refreshToken;\n }\n\n if (!refreshToken || typeof refreshToken !== 'string') {\n return ctx.badRequest('Missing refresh token');\n }\n\n const rotation = await strapi\n .sessionManager('users-permissions')\n .rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean' ? upSessions.cookie?.secure : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n ctx.cookies.set(cookieName, rotation.token, cookieOptions);\n return ctx.send({ jwt: result.token });\n }\n return ctx.send({ jwt: result.token, refreshToken: rotation.token });\n },\n async logout(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n // Invalidate all sessions for the authenticated user, or by deviceId if provided\n if (!ctx.state.user) {\n return ctx.unauthorized('Missing authentication');\n }\n\n const deviceId = extractDeviceId(ctx.request.body);\n try {\n await strapi\n .sessionManager('users-permissions')\n .invalidateRefreshToken(String(ctx.state.user.id), deviceId);\n } catch (err) {\n strapi.log.error('UP logout failed', err);\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n ctx.cookies.set(cookieName, '', { expires: new Date(0) });\n }\n return ctx.send({ ok: true });\n },\n async connect(ctx, next) {\n const grant = require('grant').koa();\n\n const providers = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })\n .get();\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n const grantConfig = {\n defaults: {\n prefix: `${apiPrefix}/connect`,\n },\n ...providers,\n };\n\n const [requestPath] = ctx.request.url.split('?');\n const provider = requestPath.split('/connect/')[1].split('/')[0];\n\n if (!_.get(grantConfig[provider], 'enabled')) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (!strapi.config.server.url.startsWith('http')) {\n strapi.log.warn(\n 'You are using a third party provider for login. Make sure to set an absolute url in config/server.js. More info here: https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html#setting-up-the-server-url'\n );\n }\n\n // Ability to pass OAuth callback dynamically\n const queryCustomCallback = _.get(ctx, 'query.callback');\n const dynamicSessionCallback = _.get(ctx, 'session.grant.dynamic.callback');\n\n const customCallback = queryCustomCallback ?? dynamicSessionCallback;\n\n // The custom callback is validated to make sure it's not redirecting to an unwanted actor.\n if (customCallback !== undefined) {\n try {\n // We're extracting the callback validator from the plugin config since it can be user-customized\n const { validate: validateCallback } = strapi\n .plugin('users-permissions')\n .config('callback');\n\n await validateCallback(customCallback, grantConfig[provider]);\n\n grantConfig[provider].callback = customCallback;\n } catch (e) {\n throw new ValidationError('Invalid callback URL provided', { callback: customCallback });\n }\n }\n\n // Build a valid redirect URI for the current provider\n grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider);\n\n return grant(grantConfig)(ctx, next);\n },\n\n async forgotPassword(ctx) {\n const { email } = await validateForgotPasswordBody(ctx.request.body);\n\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const emailSettings = await pluginStore.get({ key: 'email' });\n const advancedSettings = await pluginStore.get({ key: 'advanced' });\n\n // Find the user by email.\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { email: email.toLowerCase() } });\n\n if (!user || user.blocked) {\n return ctx.send({ ok: true });\n }\n\n // Generate random token.\n const userInfo = await sanitizeUser(user, ctx);\n\n const resetPasswordToken = crypto.randomBytes(64).toString('hex');\n\n const resetPasswordSettings = _.get(emailSettings, 'reset_password.options', {});\n const emailBody = await getService('users-permissions').template(\n resetPasswordSettings.message,\n {\n URL: advancedSettings.email_reset_password,\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: userInfo,\n TOKEN: resetPasswordToken,\n }\n );\n\n const emailObject = await getService('users-permissions').template(\n resetPasswordSettings.object,\n {\n USER: userInfo,\n }\n );\n\n const emailToSend = {\n to: user.email,\n from:\n resetPasswordSettings.from.email || resetPasswordSettings.from.name\n ? `${resetPasswordSettings.from.name} <${resetPasswordSettings.from.email}>`\n : undefined,\n replyTo: resetPasswordSettings.response_email,\n subject: emailObject,\n text: emailBody,\n html: emailBody,\n };\n\n // NOTE: Update the user before sending the email so an Admin can generate the link if the email fails\n await getService('user').edit(user.id, { resetPasswordToken });\n\n // Send an email to the user.\n await strapi.plugin('email').service('email').send(emailToSend);\n\n ctx.send({ ok: true });\n },\n\n async register(ctx) {\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const settings = await pluginStore.get({ key: 'advanced' });\n\n if (!settings.allow_register) {\n throw new ApplicationError('Register action is currently disabled');\n }\n\n const { register } = strapi.config.get('plugin::users-permissions');\n const alwaysAllowedKeys = ['username', 'password', 'email'];\n\n // Note that we intentionally do not filter allowedFields to allow a project to explicitly accept private or other Strapi field on registration\n const allowedKeys = compact(\n concat(alwaysAllowedKeys, isArray(register?.allowedFields) ? register.allowedFields : [])\n );\n\n // Check if there are any keys in requestBody that are not in allowedKeys\n const invalidKeys = Object.keys(ctx.request.body).filter((key) => !allowedKeys.includes(key));\n\n if (invalidKeys.length > 0) {\n // If there are invalid keys, throw an error\n throw new ValidationError(`Invalid parameters: ${invalidKeys.join(', ')}`);\n }\n\n const params = {\n ..._.pick(ctx.request.body, allowedKeys),\n provider: 'local',\n };\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n await validateRegisterBody(params, validations);\n\n const role = await strapi.db\n .query('plugin::users-permissions.role')\n .findOne({ where: { type: settings.default_role } });\n\n if (!role) {\n throw new ApplicationError('Impossible to find the default role');\n }\n\n const { email, username, provider } = params;\n\n const identifierFilter = {\n $or: [\n { email: email.toLowerCase() },\n { username: email.toLowerCase() },\n { username },\n { email: username },\n ],\n };\n\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter, provider },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n\n if (settings.unique_email) {\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n }\n\n const newUser = {\n ...params,\n role: role.id,\n email: email.toLowerCase(),\n username,\n confirmed: !settings.email_confirmation,\n };\n\n const user = await getService('user').add(newUser);\n\n const sanitizedUser = await sanitizeUser(user, ctx);\n\n if (settings.email_confirmation) {\n try {\n await getService('user').sendConfirmationEmail(sanitizedUser);\n } catch (err) {\n strapi.log.error(err);\n throw new ApplicationError('Error sending confirmation email');\n }\n\n return ctx.send({ user: sanitizedUser });\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body) || crypto.randomUUID();\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({ jwt: access.token, refreshToken: refresh.token, user: sanitizedUser });\n }\n\n const jwt = getService('jwt').issue(_.pick(user, ['id']));\n return ctx.send({ jwt, user: sanitizedUser });\n },\n\n async emailConfirmation(ctx, next, returnUser) {\n const { confirmation: confirmationToken } = await validateEmailConfirmationBody(ctx.query);\n\n const userService = getService('user');\n const jwtService = getService('jwt');\n\n const [user] = await userService.fetchAll({ filters: { confirmationToken } });\n\n if (!user) {\n throw new ValidationError('Invalid token');\n }\n\n await userService.edit(user.id, { confirmed: true, confirmationToken: null });\n\n if (returnUser) {\n ctx.send({\n jwt: jwtService.issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } else {\n const settings = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n .get();\n\n ctx.redirect(settings.email_confirmation_redirection || '/');\n }\n },\n\n async sendEmailConfirmation(ctx) {\n const { email } = await validateSendEmailConfirmationBody(ctx.request.body);\n\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: { email: email.toLowerCase() },\n });\n\n if (!user) {\n return ctx.send({ email, sent: true });\n }\n\n if (user.confirmed) {\n throw new ApplicationError('Already confirmed');\n }\n\n if (user.blocked) {\n throw new ApplicationError('User blocked');\n }\n\n await getService('user').sendConfirmationEmail(user);\n\n ctx.send({\n email: user.email,\n sent: true,\n });\n },\n});\n"],"names":["crypto","require$$0","_","require$$1","concat","compact","isArray","require$$2","utils","require$$3","getService","require$$4","validateCallbackBody","validateRegisterBody","validateSendEmailConfirmationBody","validateForgotPasswordBody","validateResetPasswordBody","validateEmailConfirmationBody","validateChangePasswordBody","require$$5","ApplicationError","ValidationError","ForbiddenError","errors","sanitizeUser","user","ctx","auth","state","userSchema","strapi","getModel","contentAPI","sanitize","output","extractDeviceId","requestBody","deviceId","length","undefined","callback","provider","params","request","body","store","type","name","grantSettings","get","key","grantProvider","identifier","db","query","findOne","where","$or","email","toLowerCase","username","password","validPassword","validatePassword","advancedSettings","requiresConfirmation","confirmed","blocked","mode","config","refresh","sessionManager","generateRefreshToken","String","id","access","generateAccessToken","token","upSessions","requestHttpOnly","header","httpOnly","cookieName","cookie","isProduction","process","env","NODE_ENV","isSecure","secure","cookieOptions","sameSite","path","domain","overwrite","cookies","set","send","jwt","refreshToken","issue","connect","error","message","changePassword","validations","currentPassword","edit","invalidateRefreshToken","newDeviceId","randomUUID","resetPassword","passwordConfirmation","code","resetPasswordToken","notFound","badRequest","rotation","rotateRefreshToken","unauthorized","result","logout","err","log","expires","Date","ok","next","grant","require$$6","koa","providers","apiPrefix","grantConfig","defaults","prefix","requestPath","url","split","server","startsWith","warn","queryCustomCallback","dynamicSessionCallback","customCallback","validate","validateCallback","plugin","e","redirect_uri","buildRedirectUri","forgotPassword","pluginStore","emailSettings","userInfo","randomBytes","toString","resetPasswordSettings","emailBody","template","URL","email_reset_password","SERVER_URL","ADMIN_URL","USER","TOKEN","emailObject","object","emailToSend","to","from","replyTo","response_email","subject","text","html","service","register","settings","allow_register","alwaysAllowedKeys","allowedKeys","allowedFields","invalidKeys","Object","keys","filter","includes","join","pick","role","default_role","identifierFilter","conflictingUserCount","count","unique_email","newUser","email_confirmation","add","sanitizedUser","sendConfirmationEmail","emailConfirmation","returnUser","confirmation","confirmationToken","userService","jwtService","fetchAll","filters","redirect","email_confirmation_redirection","sendEmailConfirmation","sent"],"mappings":";;;;;;;;;;;;;AAEA;;;;4CAOA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,CAAIC,GAAAA,YAAAA;AACV,IAAA,MAAM,EAAEC,MAAM,EAAEC,OAAO,EAAEC,OAAO,EAAE,GAAGC,YAAAA;AACrC,IAAA,MAAMC,KAAQC,GAAAA,UAAAA;IACd,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AACvB,IAAA,MAAM,EACJC,oBAAoB,EACpBC,oBAAoB,EACpBC,iCAAiC,EACjCC,0BAA0B,EAC1BC,yBAAyB,EACzBC,6BAA6B,EAC7BC,0BAA0B,EAC3B,GAAGC,aAAAA,EAAAA;IAEJ,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAEC,cAAc,EAAE,GAAGd,KAAAA,CAAMe,MAAM;IAE1E,MAAMC,YAAAA,GAAe,CAACC,IAAMC,EAAAA,GAAAA,GAAAA;AAC1B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,KAAK;QAC1B,MAAMC,UAAAA,GAAaC,MAAOC,CAAAA,QAAQ,CAAC,gCAAA,CAAA;QAEnC,OAAOD,MAAAA,CAAOE,UAAU,CAACC,QAAQ,CAACC,MAAM,CAACT,MAAMI,UAAY,EAAA;AAAEF,YAAAA;AAAI,SAAA,CAAA;AACnE,KAAA;AAEA,IAAA,MAAMQ,kBAAkB,CAACC,WAAAA,GAAAA;AACvB,QAAA,MAAM,EAAEC,QAAQ,EAAE,GAAGD,eAAe;AAEpC,QAAA,OAAO,OAAOC,QAAa,KAAA,QAAA,IAAYA,SAASC,MAAM,GAAG,IAAID,QAAWE,GAAAA,SAAAA;AAC1E,KAAA;AAEAZ,IAAAA,IAAAA,GAAiB,CAAC,EAAEG,MAAAA,EAAAA,OAAM,EAAE,IAAM;AAChC,YAAA,MAAMU,UAASd,GAAG,EAAA;AAChB,gBAAA,MAAMe,QAAWf,GAAAA,GAAAA,CAAIgB,MAAM,CAACD,QAAQ,IAAI,OAAA;AACxC,gBAAA,MAAMC,MAAShB,GAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI;gBAE/B,MAAMC,KAAAA,GAAQf,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AACtE,gBAAA,MAAMC,aAAgB,GAAA,MAAMH,KAAMI,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAO,iBAAA,CAAA;gBAEpD,MAAMC,aAAAA,GAAgBV,QAAa,KAAA,OAAA,GAAU,OAAUA,GAAAA,QAAAA;AAEvD,gBAAA,IAAI,CAACvC,CAAAA,CAAE+C,GAAG,CAACD,aAAe,EAAA;AAACG,oBAAAA,aAAAA;AAAe,oBAAA;iBAAU,CAAG,EAAA;AACrD,oBAAA,MAAM,IAAI/B,gBAAiB,CAAA,2BAAA,CAAA;AAC5B;AAED,gBAAA,IAAIqB,aAAa,OAAS,EAAA;AACxB,oBAAA,MAAM7B,oBAAqB8B,CAAAA,MAAAA,CAAAA;oBAE3B,MAAM,EAAEU,UAAU,EAAE,GAAGV,MAAAA;;oBAGvB,MAAMjB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkCC,CAAAA,CAAAA,OAAO,CAAC;wBAC3EC,KAAO,EAAA;AACLf,4BAAAA,QAAAA;4BACAgB,GAAK,EAAA;AAAC,gCAAA;AAAEC,oCAAAA,KAAAA,EAAON,WAAWO,WAAW;;AAAM,gCAAA;oCAAEC,QAAUR,EAAAA;;AAAa;AACrE;AACT,qBAAA,CAAA;AAEM,oBAAA,IAAI,CAAC3B,IAAM,EAAA;AACT,wBAAA,MAAM,IAAIJ,eAAgB,CAAA,gCAAA,CAAA;AAC3B;oBAED,IAAI,CAACI,IAAKoC,CAAAA,QAAQ,EAAE;AAClB,wBAAA,MAAM,IAAIxC,eAAgB,CAAA,gCAAA,CAAA;AAC3B;oBAED,MAAMyC,aAAAA,GAAgB,MAAMpD,UAAAA,CAAW,MAAQqD,CAAAA,CAAAA,gBAAgB,CAC7DrB,MAAOmB,CAAAA,QAAQ,EACfpC,IAAAA,CAAKoC,QAAQ,CAAA;AAGf,oBAAA,IAAI,CAACC,aAAe,EAAA;AAClB,wBAAA,MAAM,IAAIzC,eAAgB,CAAA,gCAAA,CAAA;AAC3B;AAED,oBAAA,MAAM2C,gBAAmB,GAAA,MAAMnB,KAAMI,CAAAA,GAAG,CAAC;wBAAEC,GAAK,EAAA;AAAU,qBAAA,CAAA;AAC1D,oBAAA,MAAMe,oBAAuB/D,GAAAA,CAAAA,CAAE+C,GAAG,CAACe,gBAAkB,EAAA,oBAAA,CAAA;AAErD,oBAAA,IAAIC,oBAAwBxC,IAAAA,IAAAA,CAAKyC,SAAS,KAAK,IAAM,EAAA;AACnD,wBAAA,MAAM,IAAI9C,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;oBAED,IAAIK,IAAAA,CAAK0C,OAAO,KAAK,IAAM,EAAA;AACzB,wBAAA,MAAM,IAAI/C,gBAAiB,CAAA,mDAAA,CAAA;AAC5B;AAED,oBAAA,MAAMgD,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,oBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,wBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,wBAAA,MAAM0B,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;4BAAES,IAAM,EAAA;AAAS,yBAAA,CAAA;wBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,wBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,4BAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AAED,wBAAA,MAAM0D,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,wBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;wBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,4BAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9C,4BAAA,MAAMqC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;4BAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SACjCX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MACnBL,GAAAA,YAAAA;AAEN,4BAAA,MAAMM,aAAgB,GAAA;gCACpBT,QAAU,EAAA,IAAA;gCACVQ,MAAQD,EAAAA,QAAAA;gCACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;gCACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;gCACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;gCAC3BC,SAAW,EAAA;AACvB,6BAAA;AAEUpE,4BAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYZ,EAAAA,OAAAA,CAAQO,KAAK,EAAEa,aAAAA,CAAAA;4BAC3C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,gCAAAA,GAAAA,EAAKvB,OAAOE,KAAK;gCAAEpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AAAM,6BAAA,CAAA;AAC3E;wBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;AACdC,4BAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,4BAAAA,YAAAA,EAAc7B,QAAQO,KAAK;4BAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACzC,yBAAA,CAAA;AACO;oBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;wBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;;gBAGD,IAAI;oBACF,MAAMD,IAAAA,GAAO,MAAMf,UAAW,CAAA,WAAA,CAAA,CAAa2F,OAAO,CAAC5D,QAAAA,EAAUf,IAAI4B,KAAK,CAAA;oBAEtE,IAAI7B,IAAAA,CAAK0C,OAAO,EAAE;AAChB,wBAAA,MAAM,IAAI7C,cAAe,CAAA,mDAAA,CAAA;AAC1B;AAED,oBAAA,MAAM8C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,oBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,wBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;AAEjD,wBAAA,MAAM0B,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;4BAAES,IAAM,EAAA;AAAS,yBAAA,CAAA;wBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,wBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,4BAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;AAED,wBAAA,MAAM0D,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,wBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;wBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,4BAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9C,4BAAA,MAAMqC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;4BAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SACjCX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MACnBL,GAAAA,YAAAA;AAEN,4BAAA,MAAMM,aAAgB,GAAA;gCACpBT,QAAU,EAAA,IAAA;gCACVQ,MAAQD,EAAAA,QAAAA;gCACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;gCACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;gCACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;gCAC3BC,SAAW,EAAA;AACvB,6BAAA;AACUpE,4BAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYZ,EAAAA,OAAAA,CAAQO,KAAK,EAAEa,aAAAA,CAAAA;4BAC3C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,gCAAAA,GAAAA,EAAKvB,OAAOE,KAAK;gCAAEpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AAAM,6BAAA,CAAA;AAC3E;wBACD,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;AACdC,4BAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,4BAAAA,YAAAA,EAAc7B,QAAQO,KAAK;4BAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACzC,yBAAA,CAAA;AACO;oBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;wBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK,iBAAA,CAAC,OAAO4E,KAAO,EAAA;oBACd,MAAM,IAAIlF,gBAAiBkF,CAAAA,KAAAA,CAAMC,OAAO,CAAA;AACzC;AACF,aAAA;AAED,YAAA,MAAMC,gBAAe9E,GAAG,EAAA;AACtB,gBAAA,IAAI,CAACA,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;AACnB,oBAAA,MAAM,IAAIL,gBAAiB,CAAA,kDAAA,CAAA;AAC5B;AAED,gBAAA,MAAMqF,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAEyD,eAAe,EAAE7C,QAAQ,EAAE,GAAG,MAAM3C,0BAAAA,CAC1CQ,GAAIiB,CAAAA,OAAO,CAACC,IAAI,EAChB6D,WAAAA,CAAAA;gBAGF,MAAMhF,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEkB,wBAAAA,EAAAA,EAAIhD,GAAIE,CAAAA,KAAK,CAACH,IAAI,CAACiD;AAAI;AAAA,iBAAA,CAAA;gBAE7C,MAAMZ,aAAAA,GAAgB,MAAMpD,UAAW,CAAA,MAAA,CAAA,CAAQqD,gBAAgB,CAAC2C,eAAAA,EAAiBjF,KAAKoC,QAAQ,CAAA;AAE9F,gBAAA,IAAI,CAACC,aAAe,EAAA;AAClB,oBAAA,MAAM,IAAIzC,eAAgB,CAAA,0CAAA,CAAA;AAC3B;AAED,gBAAA,IAAIqF,oBAAoB7C,QAAU,EAAA;AAChC,oBAAA,MAAM,IAAIxC,eAAgB,CAAA,gEAAA,CAAA;AAC3B;AAED,gBAAA,MAAMX,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;AAAEb,oBAAAA;AAAQ,iBAAA,CAAA;AAEjD,gBAAA,MAAMO,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;;oBAGjD,MAAMd,OAAAA,CAAOyC,cAAc,CAAC,mBAAA,CAAA,CAAqBqC,sBAAsB,CAACnC,MAAAA,CAAOhD,KAAKiD,EAAE,CAAA,CAAA;oBAEtF,MAAMmC,WAAAA,GAAcxE,QAAYrC,IAAAA,MAAAA,CAAO8G,UAAU,EAAA;AACjD,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGmC,WAAa,EAAA;wBAAE/D,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEvE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AACdC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;gBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;oBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,wBAAAA,EAAAA,EAAIjD,KAAKiD;;oBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACrC,iBAAA,CAAA;AACG,aAAA;AAED,YAAA,MAAMqF,eAAcrF,GAAG,EAAA;AACrB,gBAAA,MAAM+E,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAEY,QAAQ,EAAEmD,oBAAoB,EAAEC,IAAI,EAAE,GAAG,MAAMjG,yBACrDU,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAChB6D,WAAAA,CAAAA;AAGF,gBAAA,IAAI5C,aAAamD,oBAAsB,EAAA;AACrC,oBAAA,MAAM,IAAI3F,eAAgB,CAAA,wBAAA,CAAA;AAC3B;gBAED,MAAMI,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;wBAAE0D,kBAAoBD,EAAAA;AAAI;AAAI,iBAAA,CAAA;AAElD,gBAAA,IAAI,CAACxF,IAAM,EAAA;AACT,oBAAA,MAAM,IAAIJ,eAAgB,CAAA,yBAAA,CAAA;AAC3B;AAED,gBAAA,MAAMX,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;oBACrCwC,kBAAoB,EAAA,IAAA;AACpBrD,oBAAAA;AACN,iBAAA,CAAA;AAEI,gBAAA,MAAMO,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,MAAM/B,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;;oBAGjD,MAAMd,OAAAA,CAAOyC,cAAc,CAAC,mBAAA,CAAA,CAAqBqC,sBAAsB,CAACnC,MAAAA,CAAOhD,KAAKiD,EAAE,CAAA,CAAA;oBAEtF,MAAMmC,WAAAA,GAAcxE,QAAYrC,IAAAA,MAAAA,CAAO8G,UAAU,EAAA;AACjD,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGmC,WAAa,EAAA;wBAAE/D,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEvE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AACdC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAC3BpD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;AACK;gBAED,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;oBACdC,GAAKxF,EAAAA,UAAAA,CAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAC;AAAE1B,wBAAAA,EAAAA,EAAIjD,KAAKiD;;oBACxCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACrC,iBAAA,CAAA;AACG,aAAA;AACD,YAAA,MAAM4C,SAAQ5C,GAAG,EAAA;AACf,gBAAA,MAAM0C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,OAAO1C,IAAIyF,QAAQ,EAAA;AACpB;AAED,gBAAA,MAAMrC,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;gBACrC,MAAMiC,UAAAA,GAAaJ,UAAYK,EAAAA,MAAAA,EAAQpC,IAAQ,IAAA,mBAAA;;AAG/C,gBAAA,IAAIoD,YAAezE,GAAAA,GAAAA,CAAIqE,OAAO,CAAC9C,GAAG,CAACiC,UAAAA,CAAAA;AACnC,gBAAA,IAAI,CAACiB,YAAc,EAAA;AACjBA,oBAAAA,YAAAA,GAAezE,GAAIiB,CAAAA,OAAO,CAACC,IAAI,EAAEuD,YAAAA;AAClC;AAED,gBAAA,IAAI,CAACA,YAAAA,IAAgB,OAAOA,YAAAA,KAAiB,QAAU,EAAA;oBACrD,OAAOzE,GAAAA,CAAI0F,UAAU,CAAC,uBAAA,CAAA;AACvB;AAED,gBAAA,MAAMC,WAAW,MAAMvF,OAAAA,CACpByC,cAAc,CAAC,mBAAA,CAAA,CACf+C,kBAAkB,CAACnB,YAAAA,CAAAA;AACtB,gBAAA,IAAI,WAAWkB,QAAU,EAAA;oBACvB,OAAO3F,GAAAA,CAAI6F,YAAY,CAAC,uBAAA,CAAA;AACzB;gBAED,MAAMC,MAAAA,GAAS,MAAM1F,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACyC,QAAAA,CAASxC,KAAK,CAAA;AACrC,gBAAA,IAAI,WAAW2C,MAAQ,EAAA;oBACrB,OAAO9F,GAAAA,CAAI6F,YAAY,CAAC,uBAAA,CAAA;AACzB;AAED,gBAAA,MAAMxC,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,oBAAA,MAAMK,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;oBAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SAAYX,GAAAA,UAAAA,CAAWK,MAAM,EAAEM,MAASL,GAAAA,YAAAA;AAE/E,oBAAA,MAAMM,aAAgB,GAAA;wBACpBT,QAAU,EAAA,IAAA;wBACVQ,MAAQD,EAAAA,QAAAA;wBACRG,QAAUb,EAAAA,UAAAA,CAAWK,MAAM,EAAEQ,QAAY,IAAA,KAAA;wBACzCC,IAAMd,EAAAA,UAAAA,CAAWK,MAAM,EAAES,IAAQ,IAAA,GAAA;wBACjCC,MAAQf,EAAAA,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;wBAC3BC,SAAW,EAAA;AACnB,qBAAA;AACMpE,oBAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAYmC,EAAAA,QAAAA,CAASxC,KAAK,EAAEa,aAAAA,CAAAA;oBAC5C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKsB,OAAO3C;AAAK,qBAAA,CAAA;AACpC;gBACD,OAAOnD,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,oBAAAA,GAAAA,EAAKsB,OAAO3C,KAAK;AAAEsB,oBAAAA,YAAAA,EAAckB,SAASxC;AAAK,iBAAA,CAAA;AAClE,aAAA;AACD,YAAA,MAAM4C,QAAO/F,GAAG,EAAA;AACd,gBAAA,MAAM0C,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;AACtB,oBAAA,OAAO1C,IAAIyF,QAAQ,EAAA;AACpB;;AAGD,gBAAA,IAAI,CAACzF,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;oBACnB,OAAOC,GAAAA,CAAI6F,YAAY,CAAC,wBAAA,CAAA;AACzB;AAED,gBAAA,MAAMlF,QAAWF,GAAAA,eAAAA,CAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA;gBACjD,IAAI;AACF,oBAAA,MAAMd,OACHyC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfqC,sBAAsB,CAACnC,MAAO/C,CAAAA,GAAAA,CAAIE,KAAK,CAACH,IAAI,CAACiD,EAAE,CAAGrC,EAAAA,QAAAA,CAAAA;AACtD,iBAAA,CAAC,OAAOqF,GAAK,EAAA;AACZ5F,oBAAAA,OAAAA,CAAO6F,GAAG,CAACrB,KAAK,CAAC,kBAAoBoB,EAAAA,GAAAA,CAAAA;AACtC;AAED,gBAAA,MAAM5C,UAAahD,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,gBAAA,MAAM8B,kBAAkBrD,GAAIiB,CAAAA,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAiB,EAAA;AAC3C,oBAAA,MAAMG,UAAaJ,GAAAA,UAAAA,CAAWK,MAAM,EAAEpC,IAAQ,IAAA,mBAAA;AAC9CrB,oBAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,YAAY,EAAI,EAAA;AAAE0C,wBAAAA,OAAAA,EAAS,IAAIC,IAAK,CAAA,CAAA;AAAE,qBAAA,CAAA;AACvD;gBACD,OAAOnG,GAAAA,CAAIuE,IAAI,CAAC;oBAAE6B,EAAI,EAAA;AAAM,iBAAA,CAAA;AAC7B,aAAA;YACD,MAAMzB,OAAAA,CAAAA,CAAQ3E,GAAG,EAAEqG,IAAI,EAAA;gBACrB,MAAMC,KAAAA,GAAQC,WAAiBC,GAAG,EAAA;AAElC,gBAAA,MAAMC,SAAY,GAAA,MAAMrG,OACrBe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA,mBAAA;oBAAqBG,GAAK,EAAA;mBACxDD,GAAG,EAAA;AAEN,gBAAA,MAAMmF,SAAYtG,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,iBAAA,CAAA;AACpC,gBAAA,MAAMoF,WAAc,GAAA;oBAClBC,QAAU,EAAA;wBACRC,MAAQ,EAAA,CAAA,EAAGH,SAAU,CAAA,QAAQ;AAC9B,qBAAA;AACD,oBAAA,GAAGD;AACT,iBAAA;gBAEI,MAAM,CAACK,YAAY,GAAG9G,GAAAA,CAAIiB,OAAO,CAAC8F,GAAG,CAACC,KAAK,CAAC,GAAA,CAAA;AAC5C,gBAAA,MAAMjG,QAAW+F,GAAAA,WAAAA,CAAYE,KAAK,CAAC,WAAY,CAAA,CAAC,CAAE,CAAA,CAACA,KAAK,CAAC,GAAI,CAAA,CAAC,CAAE,CAAA;gBAEhE,IAAI,CAACxI,EAAE+C,GAAG,CAACoF,WAAW,CAAC5F,QAAAA,CAAS,EAAE,SAAY,CAAA,EAAA;AAC5C,oBAAA,MAAM,IAAIrB,gBAAiB,CAAA,2BAAA,CAAA;AAC5B;gBAED,IAAI,CAACU,OAAOuC,CAAAA,MAAM,CAACsE,MAAM,CAACF,GAAG,CAACG,UAAU,CAAC,MAAS,CAAA,EAAA;oBAChD9G,OAAO6F,CAAAA,GAAG,CAACkB,IAAI,CACb,6NAAA,CAAA;AAEH;;AAGD,gBAAA,MAAMC,mBAAsB5I,GAAAA,CAAAA,CAAE+C,GAAG,CAACvB,GAAK,EAAA,gBAAA,CAAA;AACvC,gBAAA,MAAMqH,sBAAyB7I,GAAAA,CAAAA,CAAE+C,GAAG,CAACvB,GAAK,EAAA,gCAAA,CAAA;AAE1C,gBAAA,MAAMsH,iBAAiBF,mBAAuBC,IAAAA,sBAAAA;;AAG9C,gBAAA,IAAIC,mBAAmBzG,SAAW,EAAA;oBAChC,IAAI;;wBAEF,MAAM,EAAE0G,QAAUC,EAAAA,gBAAgB,EAAE,GAAGpH,QACpCqH,MAAM,CAAC,mBACP9E,CAAAA,CAAAA,MAAM,CAAC,UAAA,CAAA;AAEV,wBAAA,MAAM6E,gBAAiBF,CAAAA,cAAAA,EAAgBX,WAAW,CAAC5F,QAAS,CAAA,CAAA;AAE5D4F,wBAAAA,WAAW,CAAC5F,QAAAA,CAAS,CAACD,QAAQ,GAAGwG,cAAAA;AAClC,qBAAA,CAAC,OAAOI,CAAG,EAAA;wBACV,MAAM,IAAI/H,gBAAgB,+BAAiC,EAAA;4BAAEmB,QAAUwG,EAAAA;AAAgB,yBAAA,CAAA;AACxF;AACF;;gBAGDX,WAAW,CAAC5F,SAAS,CAAC4G,YAAY,GAAG3I,UAAW,CAAA,WAAA,CAAA,CAAa4I,gBAAgB,CAAC7G,QAAAA,CAAAA;gBAE9E,OAAOuF,KAAAA,CAAMK,aAAa3G,GAAKqG,EAAAA,IAAAA,CAAAA;AAChC,aAAA;AAED,YAAA,MAAMwB,gBAAe7H,GAAG,EAAA;gBACtB,MAAM,EAAEgC,KAAK,EAAE,GAAG,MAAM3C,0BAA2BW,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;AAEnE,gBAAA,MAAM4G,WAAc,GAAA,MAAM1H,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAM0G,aAAgB,GAAA,MAAMD,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAO,iBAAA,CAAA;AAC1D,gBAAA,MAAMc,gBAAmB,GAAA,MAAMwF,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAU,iBAAA,CAAA;;gBAGhE,MAAMzB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI;AAAA,iBAAA,CAAA;AAElD,gBAAA,IAAI,CAAClC,IAAAA,IAAQA,IAAK0C,CAAAA,OAAO,EAAE;oBACzB,OAAOzC,GAAAA,CAAIuE,IAAI,CAAC;wBAAE6B,EAAI,EAAA;AAAM,qBAAA,CAAA;AAC7B;;gBAGD,MAAM4B,QAAAA,GAAW,MAAMlI,YAAAA,CAAaC,IAAMC,EAAAA,GAAAA,CAAAA;AAE1C,gBAAA,MAAMwF,qBAAqBlH,MAAO2J,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE3D,gBAAA,MAAMC,wBAAwB3J,CAAE+C,CAAAA,GAAG,CAACwG,aAAAA,EAAe,0BAA0B,EAAA,CAAA;gBAC7E,MAAMK,SAAAA,GAAY,MAAMpJ,UAAW,CAAA,mBAAA,CAAA,CAAqBqJ,QAAQ,CAC9DF,qBAAAA,CAAsBtD,OAAO,EAC7B;AACEyD,oBAAAA,GAAAA,EAAKhG,iBAAiBiG,oBAAoB;AAC1CC,oBAAAA,UAAAA,EAAYpI,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,oBAAA,CAAA;AAC9BkH,oBAAAA,SAAAA,EAAWrI,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,mBAAA,CAAA;oBAC7BmH,IAAMV,EAAAA,QAAAA;oBACNW,KAAOnD,EAAAA;AACR,iBAAA,CAAA;gBAGH,MAAMoD,WAAAA,GAAc,MAAM5J,UAAW,CAAA,mBAAA,CAAA,CAAqBqJ,QAAQ,CAChEF,qBAAAA,CAAsBU,MAAM,EAC5B;oBACEH,IAAMV,EAAAA;AACP,iBAAA,CAAA;AAGH,gBAAA,MAAMc,WAAc,GAAA;AAClBC,oBAAAA,EAAAA,EAAIhJ,KAAKiC,KAAK;oBACdgH,IACEb,EAAAA,qBAAAA,CAAsBa,IAAI,CAAChH,KAAK,IAAImG,sBAAsBa,IAAI,CAAC3H,IAAI,GAC/D,CAAG8G,EAAAA,qBAAAA,CAAsBa,IAAI,CAAC3H,IAAI,CAAC,EAAE,EAAE8G,qBAAAA,CAAsBa,IAAI,CAAChH,KAAK,CAAC,CAAC,CAAC,GAC1EnB,SAAAA;AACNoI,oBAAAA,OAAAA,EAASd,sBAAsBe,cAAc;oBAC7CC,OAASP,EAAAA,WAAAA;oBACTQ,IAAMhB,EAAAA,SAAAA;oBACNiB,IAAMjB,EAAAA;AACZ,iBAAA;;AAGI,gBAAA,MAAMpJ,WAAW,MAAQiG,CAAAA,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;AAAEwC,oBAAAA;AAAkB,iBAAA,CAAA;;gBAG3D,MAAMpF,OAAAA,CAAOqH,MAAM,CAAC,OAAA,CAAA,CAAS6B,OAAO,CAAC,OAAA,CAAA,CAAS/E,IAAI,CAACuE,WAAAA,CAAAA;AAEnD9I,gBAAAA,GAAAA,CAAIuE,IAAI,CAAC;oBAAE6B,EAAI,EAAA;AAAM,iBAAA,CAAA;AACtB,aAAA;AAED,YAAA,MAAMmD,UAASvJ,GAAG,EAAA;AAChB,gBAAA,MAAM8H,WAAc,GAAA,MAAM1H,OAAOe,CAAAA,KAAK,CAAC;oBAAEC,IAAM,EAAA,QAAA;oBAAUC,IAAM,EAAA;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAMmI,QAAW,GAAA,MAAM1B,WAAYvG,CAAAA,GAAG,CAAC;oBAAEC,GAAK,EAAA;AAAU,iBAAA,CAAA;gBAExD,IAAI,CAACgI,QAASC,CAAAA,cAAc,EAAE;AAC5B,oBAAA,MAAM,IAAI/J,gBAAiB,CAAA,uCAAA,CAAA;AAC5B;gBAED,MAAM,EAAE6J,QAAQ,EAAE,GAAGnJ,QAAOuC,MAAM,CAACpB,GAAG,CAAC,2BAAA,CAAA;AACvC,gBAAA,MAAMmI,iBAAoB,GAAA;AAAC,oBAAA,UAAA;AAAY,oBAAA,UAAA;AAAY,oBAAA;AAAQ,iBAAA;;gBAG3D,MAAMC,WAAAA,GAAchL,OAClBD,CAAAA,MAAAA,CAAOgL,iBAAmB9K,EAAAA,OAAAA,CAAQ2K,UAAUK,aAAiBL,CAAAA,GAAAA,QAAAA,CAASK,aAAa,GAAG,EAAE,CAAA,CAAA;;AAI1F,gBAAA,MAAMC,cAAcC,MAAOC,CAAAA,IAAI,CAAC/J,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAE8I,CAAAA,MAAM,CAAC,CAACxI,GAAAA,GAAQ,CAACmI,WAAAA,CAAYM,QAAQ,CAACzI,GAAAA,CAAAA,CAAAA;gBAExF,IAAIqI,WAAAA,CAAYjJ,MAAM,GAAG,CAAG,EAAA;;oBAE1B,MAAM,IAAIjB,gBAAgB,CAAC,oBAAoB,EAAEkK,WAAYK,CAAAA,IAAI,CAAC,IAAO,CAAA,CAAA,CAAA,CAAA;AAC1E;AAED,gBAAA,MAAMlJ,MAAS,GAAA;oBACb,GAAGxC,CAAAA,CAAE2L,IAAI,CAACnK,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAAEyI,WAAY,CAAA;oBACxC5I,QAAU,EAAA;AAChB,iBAAA;AAEI,gBAAA,MAAMgE,WAAc3E,GAAAA,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAMpC,qBAAqB6B,MAAQ+D,EAAAA,WAAAA,CAAAA;gBAEnC,MAAMqF,IAAAA,GAAO,MAAMhK,OAAOuB,CAAAA,EAAE,CACzBC,KAAK,CAAC,gCACNC,CAAAA,CAAAA,OAAO,CAAC;oBAAEC,KAAO,EAAA;AAAEV,wBAAAA,IAAAA,EAAMoI,SAASa;AAAc;AAAA,iBAAA,CAAA;AAEnD,gBAAA,IAAI,CAACD,IAAM,EAAA;AACT,oBAAA,MAAM,IAAI1K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;AAED,gBAAA,MAAM,EAAEsC,KAAK,EAAEE,QAAQ,EAAEnB,QAAQ,EAAE,GAAGC,MAAAA;AAEtC,gBAAA,MAAMsJ,gBAAmB,GAAA;oBACvBvI,GAAK,EAAA;AACH,wBAAA;AAAEC,4BAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI,yBAAA;AAC9B,wBAAA;AAAEC,4BAAAA,QAAAA,EAAUF,MAAMC,WAAW;AAAI,yBAAA;AACjC,wBAAA;AAAEC,4BAAAA;AAAU,yBAAA;AACZ,wBAAA;4BAAEF,KAAOE,EAAAA;AAAU;AACpB;AACP,iBAAA;gBAEI,MAAMqI,oBAAAA,GAAuB,MAAMnK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkC4I,CAAAA,CAAAA,KAAK,CAAC;oBACzF1I,KAAO,EAAA;AAAE,wBAAA,GAAGwI,gBAAgB;AAAEvJ,wBAAAA;AAAU;AAC9C,iBAAA,CAAA;AAEI,gBAAA,IAAIwJ,uBAAuB,CAAG,EAAA;AAC5B,oBAAA,MAAM,IAAI7K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;gBAED,IAAI8J,QAAAA,CAASiB,YAAY,EAAE;oBACzB,MAAMF,oBAAAA,GAAuB,MAAMnK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkC4I,CAAAA,CAAAA,KAAK,CAAC;wBACzF1I,KAAO,EAAA;AAAE,4BAAA,GAAGwI;AAAkB;AACtC,qBAAA,CAAA;AAEM,oBAAA,IAAIC,uBAAuB,CAAG,EAAA;AAC5B,wBAAA,MAAM,IAAI7K,gBAAiB,CAAA,qCAAA,CAAA;AAC5B;AACF;AAED,gBAAA,MAAMgL,OAAU,GAAA;AACd,oBAAA,GAAG1J,MAAM;AACToJ,oBAAAA,IAAAA,EAAMA,KAAKpH,EAAE;AACbhB,oBAAAA,KAAAA,EAAOA,MAAMC,WAAW,EAAA;AACxBC,oBAAAA,QAAAA;oBACAM,SAAW,EAAA,CAACgH,SAASmB;AAC3B,iBAAA;AAEI,gBAAA,MAAM5K,IAAO,GAAA,MAAMf,UAAW,CAAA,MAAA,CAAA,CAAQ4L,GAAG,CAACF,OAAAA,CAAAA;gBAE1C,MAAMG,aAAAA,GAAgB,MAAM/K,YAAAA,CAAaC,IAAMC,EAAAA,GAAAA,CAAAA;gBAE/C,IAAIwJ,QAAAA,CAASmB,kBAAkB,EAAE;oBAC/B,IAAI;wBACF,MAAM3L,UAAAA,CAAW,MAAQ8L,CAAAA,CAAAA,qBAAqB,CAACD,aAAAA,CAAAA;AAChD,qBAAA,CAAC,OAAO7E,GAAK,EAAA;wBACZ5F,OAAO6F,CAAAA,GAAG,CAACrB,KAAK,CAACoB,GAAAA,CAAAA;AACjB,wBAAA,MAAM,IAAItG,gBAAiB,CAAA,kCAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;wBAAExE,IAAM8K,EAAAA;AAAe,qBAAA,CAAA;AACxC;AAED,gBAAA,MAAMnI,OAAOtC,OAAOuC,CAAAA,MAAM,CAACpB,GAAG,CAAC,yCAA2C,EAAA,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAW,EAAA;oBACtB,MAAM/B,QAAAA,GAAWF,gBAAgBT,GAAIiB,CAAAA,OAAO,CAACC,IAAI,CAAA,IAAK5C,OAAO8G,UAAU,EAAA;AAEvE,oBAAA,MAAMxC,OAAU,GAAA,MAAMxC,OACnByC,CAAAA,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAOhD,CAAAA,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAU,EAAA;wBAAES,IAAM,EAAA;AAAS,qBAAA,CAAA;oBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAClByC,CAAAA,cAAc,CAAC,mBACfK,CAAAA,CAAAA,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAQ,EAAA;AACrB,wBAAA,MAAM,IAAIvD,gBAAiB,CAAA,qBAAA,CAAA;AAC5B;oBAED,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AAAEsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAAEpD,IAAM8K,EAAAA;AAAe,qBAAA,CAAA;AACxF;gBAED,MAAMrG,GAAAA,GAAMxF,WAAW,KAAO0F,CAAAA,CAAAA,KAAK,CAAClG,CAAE2L,CAAAA,IAAI,CAACpK,IAAM,EAAA;AAAC,oBAAA;AAAK,iBAAA,CAAA,CAAA;gBACvD,OAAOC,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,oBAAAA,GAAAA;oBAAKzE,IAAM8K,EAAAA;AAAa,iBAAA,CAAA;AAC3C,aAAA;AAED,YAAA,MAAME,iBAAkB/K,CAAAA,CAAAA,GAAG,EAAEqG,IAAI,EAAE2E,UAAU,EAAA;gBAC3C,MAAM,EAAEC,cAAcC,iBAAiB,EAAE,GAAG,MAAM3L,6BAAAA,CAA8BS,IAAI4B,KAAK,CAAA;AAEzF,gBAAA,MAAMuJ,cAAcnM,UAAW,CAAA,MAAA,CAAA;AAC/B,gBAAA,MAAMoM,aAAapM,UAAW,CAAA,KAAA,CAAA;AAE9B,gBAAA,MAAM,CAACe,IAAK,CAAA,GAAG,MAAMoL,WAAAA,CAAYE,QAAQ,CAAC;oBAAEC,OAAS,EAAA;AAAEJ,wBAAAA;AAAmB;AAAA,iBAAA,CAAA;AAE1E,gBAAA,IAAI,CAACnL,IAAM,EAAA;AACT,oBAAA,MAAM,IAAIJ,eAAgB,CAAA,eAAA,CAAA;AAC3B;AAED,gBAAA,MAAMwL,WAAYlG,CAAAA,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;oBAAER,SAAW,EAAA,IAAA;oBAAM0I,iBAAmB,EAAA;AAAI,iBAAA,CAAA;AAE1E,gBAAA,IAAIF,UAAY,EAAA;AACdhL,oBAAAA,GAAAA,CAAIuE,IAAI,CAAC;wBACPC,GAAK4G,EAAAA,UAAAA,CAAW1G,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACjCjD,IAAM,EAAA,MAAMD,aAAaC,IAAMC,EAAAA,GAAAA;AACvC,qBAAA,CAAA;iBACW,MAAA;AACL,oBAAA,MAAMwJ,QAAW,GAAA,MAAMpJ,OACpBe,CAAAA,KAAK,CAAC;wBAAEC,IAAM,EAAA,QAAA;wBAAUC,IAAM,EAAA,mBAAA;wBAAqBG,GAAK,EAAA;uBACxDD,GAAG,EAAA;AAENvB,oBAAAA,GAAAA,CAAIuL,QAAQ,CAAC/B,QAASgC,CAAAA,8BAA8B,IAAI,GAAA,CAAA;AACzD;AACF,aAAA;AAED,YAAA,MAAMC,uBAAsBzL,GAAG,EAAA;gBAC7B,MAAM,EAAEgC,KAAK,EAAE,GAAG,MAAM5C,iCAAkCY,CAAAA,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;gBAE1E,MAAMnB,IAAAA,GAAO,MAAMK,OAAOuB,CAAAA,EAAE,CAACC,KAAK,CAAC,gCAAkCC,CAAAA,CAAAA,OAAO,CAAC;oBAC3EC,KAAO,EAAA;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAI;AAC3C,iBAAA,CAAA;AAEI,gBAAA,IAAI,CAAClC,IAAM,EAAA;oBACT,OAAOC,GAAAA,CAAIuE,IAAI,CAAC;AAAEvC,wBAAAA,KAAAA;wBAAO0J,IAAM,EAAA;AAAI,qBAAA,CAAA;AACpC;gBAED,IAAI3L,IAAAA,CAAKyC,SAAS,EAAE;AAClB,oBAAA,MAAM,IAAI9C,gBAAiB,CAAA,mBAAA,CAAA;AAC5B;gBAED,IAAIK,IAAAA,CAAK0C,OAAO,EAAE;AAChB,oBAAA,MAAM,IAAI/C,gBAAiB,CAAA,cAAA,CAAA;AAC5B;gBAED,MAAMV,UAAAA,CAAW,MAAQ8L,CAAAA,CAAAA,qBAAqB,CAAC/K,IAAAA,CAAAA;AAE/CC,gBAAAA,GAAAA,CAAIuE,IAAI,CAAC;AACPvC,oBAAAA,KAAAA,EAAOjC,KAAKiC,KAAK;oBACjB0J,IAAM,EAAA;AACZ,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@strapi/plugin-users-permissions",
3
- "version": "5.33.2",
3
+ "version": "5.33.4",
4
4
  "description": "Protect your API with a full-authentication process based on JWT",
5
5
  "repository": {
6
6
  "type": "git",
@@ -48,16 +48,16 @@
48
48
  "watch": "run -T rollup -c -w"
49
49
  },
50
50
  "dependencies": {
51
- "@strapi/design-system": "2.0.1",
52
- "@strapi/icons": "2.0.1",
53
- "@strapi/utils": "5.33.2",
51
+ "@strapi/design-system": "2.1.2",
52
+ "@strapi/icons": "2.1.2",
53
+ "@strapi/utils": "5.33.4",
54
54
  "bcryptjs": "2.4.3",
55
55
  "formik": "2.4.5",
56
56
  "grant": "^5.4.8",
57
57
  "immer": "9.0.21",
58
58
  "jsonwebtoken": "9.0.0",
59
59
  "jwk-to-pem": "2.0.5",
60
- "koa": "2.16.1",
60
+ "koa": "2.16.3",
61
61
  "koa2-ratelimit": "^1.1.3",
62
62
  "lodash": "4.17.21",
63
63
  "prop-types": "^15.8.1",
@@ -70,7 +70,7 @@
70
70
  "zod": "3.25.67"
71
71
  },
72
72
  "devDependencies": {
73
- "@strapi/strapi": "5.33.2",
73
+ "@strapi/strapi": "5.33.4",
74
74
  "@testing-library/dom": "10.4.1",
75
75
  "@testing-library/react": "16.3.0",
76
76
  "@testing-library/user-event": "14.6.1",
package/server/controllers/auth.js CHANGED
@@ -235,12 +235,8 @@ module.exports = ({ strapi }) => ({
235
235
  if (mode === 'refresh') {
236
236
  const deviceId = extractDeviceId(ctx.request.body);
237
237
 
238
- if (deviceId) {
239
- // Invalidate sessions: specific device if deviceId provided
240
- await strapi
241
- .sessionManager('users-permissions')
242
- .invalidateRefreshToken(String(user.id), deviceId);
243
- }
238
+ // Invalidate all sessions when password changes for security
239
+ await strapi.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));
244
240
 
245
241
  const newDeviceId = deviceId || crypto.randomUUID();
246
242
  const refresh = await strapi
@@ -296,12 +292,8 @@ module.exports = ({ strapi }) => ({
296
292
  if (mode === 'refresh') {
297
293
  const deviceId = extractDeviceId(ctx.request.body);
298
294
 
299
- if (deviceId) {
300
- // Invalidate sessions: specific device if deviceId provided
301
- await strapi
302
- .sessionManager('users-permissions')
303
- .invalidateRefreshToken(String(user.id), deviceId);
304
- }
295
+ // Invalidate all sessions when password is reset for security
296
+ await strapi.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));
305
297
 
306
298
  const newDeviceId = deviceId || crypto.randomUUID();
307
299
  const refresh = await strapi
@@ -333,7 +325,15 @@ module.exports = ({ strapi }) => ({
333
325
  return ctx.notFound();
334
326
  }
335
327
 
336
- const { refreshToken } = ctx.request.body || {};
328
+ const upSessions = strapi.config.get('plugin::users-permissions.sessions');
329
+ const cookieName = upSessions?.cookie?.name || 'strapi_up_refresh';
330
+
331
+ // Check for refresh token in cookie first (if httpOnly is configured), then in body
332
+ let refreshToken = ctx.cookies.get(cookieName);
333
+ if (!refreshToken) {
334
+ refreshToken = ctx.request.body?.refreshToken;
335
+ }
336
+
337
337
  if (!refreshToken || typeof refreshToken !== 'string') {
338
338
  return ctx.badRequest('Missing refresh token');
339
339
  }
@@ -352,10 +352,8 @@ module.exports = ({ strapi }) => ({
352
352
  return ctx.unauthorized('Invalid refresh token');
353
353
  }
354
354
 
355
- const upSessions = strapi.config.get('plugin::users-permissions.sessions');
356
355
  const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
357
356
  if (upSessions?.httpOnly || requestHttpOnly) {
358
- const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';
359
357
  const isProduction = process.env.NODE_ENV === 'production';
360
358
  const isSecure =
361
359
  typeof upSessions.cookie?.secure === 'boolean' ? upSessions.cookie?.secure : isProduction;