@strapi/plugin-users-permissions 5.48.1 → 5.50.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (159) hide show
  1. package/.eslintrc.cjs +1 -0
  2. package/admin/src/pages/AdvancedSettings/index.jsx +1 -1
  3. package/admin/src/pages/Roles/pages/ListPage/index.jsx +1 -1
  4. package/admin/src/translations/ja.json +46 -7
  5. package/dist/admin/components/BoundRoute/index.js +12 -6
  6. package/dist/admin/components/BoundRoute/index.js.map +1 -1
  7. package/dist/admin/components/FormModal/Input/index.js +25 -21
  8. package/dist/admin/components/FormModal/Input/index.js.map +1 -1
  9. package/dist/admin/components/FormModal/index.js +14 -10
  10. package/dist/admin/components/FormModal/index.js.map +1 -1
  11. package/dist/admin/components/Permissions/PermissionRow/SubCategory.js +8 -3
  12. package/dist/admin/components/Permissions/PermissionRow/SubCategory.js.map +1 -1
  13. package/dist/admin/components/Permissions/PermissionRow/index.js +9 -4
  14. package/dist/admin/components/Permissions/PermissionRow/index.js.map +1 -1
  15. package/dist/admin/components/Policies/index.js +9 -3
  16. package/dist/admin/components/Policies/index.js.map +1 -1
  17. package/dist/admin/components/UsersPermissions/index.js +6 -2
  18. package/dist/admin/components/UsersPermissions/index.js.map +1 -1
  19. package/dist/admin/components/UsersPermissions/reducer.js +10 -4
  20. package/dist/admin/components/UsersPermissions/reducer.js.map +1 -1
  21. package/dist/admin/contexts/UsersPermissionsContext/index.js +6 -2
  22. package/dist/admin/contexts/UsersPermissionsContext/index.js.map +1 -1
  23. package/dist/admin/pages/AdvancedSettings/index.js +1 -1
  24. package/dist/admin/pages/AdvancedSettings/index.js.map +1 -1
  25. package/dist/admin/pages/AdvancedSettings/index.mjs +1 -1
  26. package/dist/admin/pages/AdvancedSettings/index.mjs.map +1 -1
  27. package/dist/admin/pages/AdvancedSettings/utils/schema.js +3 -2
  28. package/dist/admin/pages/AdvancedSettings/utils/schema.js.map +1 -1
  29. package/dist/admin/pages/EmailTemplates/components/EmailForm.js +17 -13
  30. package/dist/admin/pages/EmailTemplates/components/EmailForm.js.map +1 -1
  31. package/dist/admin/pages/EmailTemplates/components/EmailTable.js +6 -2
  32. package/dist/admin/pages/EmailTemplates/components/EmailTable.js.map +1 -1
  33. package/dist/admin/pages/EmailTemplates/index.js +3 -2
  34. package/dist/admin/pages/EmailTemplates/index.js.map +1 -1
  35. package/dist/admin/pages/EmailTemplates/utils/schema.js +3 -2
  36. package/dist/admin/pages/EmailTemplates/utils/schema.js.map +1 -1
  37. package/dist/admin/pages/Providers/index.js +7 -3
  38. package/dist/admin/pages/Providers/index.js.map +1 -1
  39. package/dist/admin/pages/Providers/utils/forms.js +3 -2
  40. package/dist/admin/pages/Providers/utils/forms.js.map +1 -1
  41. package/dist/admin/pages/Roles/constants.js +3 -2
  42. package/dist/admin/pages/Roles/constants.js.map +1 -1
  43. package/dist/admin/pages/Roles/pages/CreatePage.js +3 -2
  44. package/dist/admin/pages/Roles/pages/CreatePage.js.map +1 -1
  45. package/dist/admin/pages/Roles/pages/EditPage.js +3 -2
  46. package/dist/admin/pages/Roles/pages/EditPage.js.map +1 -1
  47. package/dist/admin/pages/Roles/pages/ListPage/components/TableBody.js +9 -5
  48. package/dist/admin/pages/Roles/pages/ListPage/components/TableBody.js.map +1 -1
  49. package/dist/admin/pages/Roles/pages/ListPage/index.js +1 -1
  50. package/dist/admin/pages/Roles/pages/ListPage/index.js.map +1 -1
  51. package/dist/admin/pages/Roles/pages/ListPage/index.mjs +1 -1
  52. package/dist/admin/pages/Roles/pages/ListPage/index.mjs.map +1 -1
  53. package/dist/admin/translations/ja.json.js +46 -7
  54. package/dist/admin/translations/ja.json.js.map +1 -1
  55. package/dist/admin/translations/ja.json.mjs +46 -7
  56. package/dist/admin/translations/ja.json.mjs.map +1 -1
  57. package/dist/admin/utils/cleanPermissions.js +6 -2
  58. package/dist/admin/utils/cleanPermissions.js.map +1 -1
  59. package/dist/admin/utils/formatPluginName.js +5 -1
  60. package/dist/admin/utils/formatPluginName.js.map +1 -1
  61. package/dist/server/bootstrap/index.js +7 -2
  62. package/dist/server/bootstrap/index.js.map +1 -1
  63. package/dist/server/controllers/auth.js +144 -117
  64. package/dist/server/controllers/auth.js.map +1 -1
  65. package/dist/server/controllers/auth.mjs +132 -113
  66. package/dist/server/controllers/auth.mjs.map +1 -1
  67. package/dist/server/controllers/content-manager-user.js +8 -3
  68. package/dist/server/controllers/content-manager-user.js.map +1 -1
  69. package/dist/server/controllers/permissions.js +5 -1
  70. package/dist/server/controllers/permissions.js.map +1 -1
  71. package/dist/server/controllers/role.js +7 -2
  72. package/dist/server/controllers/role.js.map +1 -1
  73. package/dist/server/controllers/settings.js +7 -2
  74. package/dist/server/controllers/settings.js.map +1 -1
  75. package/dist/server/controllers/user.js +7 -2
  76. package/dist/server/controllers/user.js.map +1 -1
  77. package/dist/server/controllers/validation/auth.js +5 -1
  78. package/dist/server/controllers/validation/auth.js.map +1 -1
  79. package/dist/server/controllers/validation/email-template.js +7 -2
  80. package/dist/server/controllers/validation/email-template.js.map +1 -1
  81. package/dist/server/controllers/validation/user.js +21 -10
  82. package/dist/server/controllers/validation/user.js.map +1 -1
  83. package/dist/server/controllers/validation/user.mjs +16 -9
  84. package/dist/server/controllers/validation/user.mjs.map +1 -1
  85. package/dist/server/graphql/mutations/auth/change-password.js +5 -1
  86. package/dist/server/graphql/mutations/auth/change-password.js.map +1 -1
  87. package/dist/server/graphql/mutations/auth/email-confirmation.js +5 -1
  88. package/dist/server/graphql/mutations/auth/email-confirmation.js.map +1 -1
  89. package/dist/server/graphql/mutations/auth/forgot-password.js +5 -1
  90. package/dist/server/graphql/mutations/auth/forgot-password.js.map +1 -1
  91. package/dist/server/graphql/mutations/auth/login.js +5 -1
  92. package/dist/server/graphql/mutations/auth/login.js.map +1 -1
  93. package/dist/server/graphql/mutations/auth/register.js +5 -1
  94. package/dist/server/graphql/mutations/auth/register.js.map +1 -1
  95. package/dist/server/graphql/mutations/auth/reset-password.js +5 -1
  96. package/dist/server/graphql/mutations/auth/reset-password.js.map +1 -1
  97. package/dist/server/graphql/mutations/crud/role/create-role.js +5 -1
  98. package/dist/server/graphql/mutations/crud/role/create-role.js.map +1 -1
  99. package/dist/server/graphql/mutations/crud/user/create-user.js +5 -1
  100. package/dist/server/graphql/mutations/crud/user/create-user.js.map +1 -1
  101. package/dist/server/graphql/mutations/crud/user/update-user.js +5 -1
  102. package/dist/server/graphql/mutations/crud/user/update-user.js.map +1 -1
  103. package/dist/server/graphql/utils.js +5 -1
  104. package/dist/server/graphql/utils.js.map +1 -1
  105. package/dist/server/middlewares/rateLimit.js +11 -4
  106. package/dist/server/middlewares/rateLimit.js.map +1 -1
  107. package/dist/server/register.js +7 -2
  108. package/dist/server/register.js.map +1 -1
  109. package/dist/server/routes/content-api/auth.js +16 -0
  110. package/dist/server/routes/content-api/auth.js.map +1 -1
  111. package/dist/server/routes/content-api/auth.mjs +16 -0
  112. package/dist/server/routes/content-api/auth.mjs.map +1 -1
  113. package/dist/server/routes/content-api/index.js +5 -1
  114. package/dist/server/routes/content-api/index.js.map +1 -1
  115. package/dist/server/routes/content-api/user.js +5 -1
  116. package/dist/server/routes/content-api/user.js.map +1 -1
  117. package/dist/server/routes/content-api/validation.js +36 -4
  118. package/dist/server/routes/content-api/validation.js.map +1 -1
  119. package/dist/server/routes/content-api/validation.mjs +29 -2
  120. package/dist/server/routes/content-api/validation.mjs.map +1 -1
  121. package/dist/server/services/jwt.js +15 -8
  122. package/dist/server/services/jwt.js.map +1 -1
  123. package/dist/server/services/jwt.mjs +8 -6
  124. package/dist/server/services/jwt.mjs.map +1 -1
  125. package/dist/server/services/providers-registry.js +13 -5
  126. package/dist/server/services/providers-registry.js.map +1 -1
  127. package/dist/server/services/providers.js +7 -2
  128. package/dist/server/services/providers.js.map +1 -1
  129. package/dist/server/services/role.js +7 -2
  130. package/dist/server/services/role.js.map +1 -1
  131. package/dist/server/services/user.js +13 -5
  132. package/dist/server/services/user.js.map +1 -1
  133. package/dist/server/services/users-permissions.js +19 -4
  134. package/dist/server/services/users-permissions.js.map +1 -1
  135. package/dist/server/services/users-permissions.mjs +8 -0
  136. package/dist/server/services/users-permissions.mjs.map +1 -1
  137. package/dist/server/strategies/users-permissions.js +15 -3
  138. package/dist/server/strategies/users-permissions.js.map +1 -1
  139. package/dist/server/strategies/users-permissions.mjs +8 -1
  140. package/dist/server/strategies/users-permissions.mjs.map +1 -1
  141. package/dist/server/utils/index.js +5 -1
  142. package/dist/server/utils/index.js.map +1 -1
  143. package/dist/server/utils/refresh-cookie-options.js +27 -0
  144. package/dist/server/utils/refresh-cookie-options.js.map +1 -0
  145. package/dist/server/utils/refresh-cookie-options.mjs +25 -0
  146. package/dist/server/utils/refresh-cookie-options.mjs.map +1 -0
  147. package/dist/server/utils/sanitize/sanitizers.js +7 -2
  148. package/dist/server/utils/sanitize/sanitizers.js.map +1 -1
  149. package/lint-staged.config.mjs +1 -0
  150. package/package.json +5 -5
  151. package/rollup.config.mjs +3 -3
  152. package/server/controllers/auth.js +162 -141
  153. package/server/controllers/validation/user.js +22 -9
  154. package/server/routes/content-api/auth.js +12 -0
  155. package/server/routes/content-api/validation.js +32 -2
  156. package/server/services/jwt.js +4 -3
  157. package/server/services/users-permissions.js +2 -0
  158. package/server/strategies/users-permissions.js +6 -1
  159. package/server/utils/refresh-cookie-options.js +20 -0
@@ -5,8 +5,17 @@ var require$$0$1 = require('lodash');
5
5
  var require$$0 = require('lodash/fp');
6
6
  var require$$1 = require('@strapi/utils');
7
7
  var index = require('../utils/index.js');
8
+ var refreshCookieOptions = require('../utils/refresh-cookie-options.js');
8
9
  var auth$1 = require('./validation/auth.js');
9
- var require$$6 = require('grant');
10
+ var require$$7 = require('grant');
11
+
12
+ function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
13
+
14
+ var require$$0__default$2 = /*#__PURE__*/_interopDefault(require$$0$2);
15
+ var require$$0__default$1 = /*#__PURE__*/_interopDefault(require$$0$1);
16
+ var require$$0__default = /*#__PURE__*/_interopDefault(require$$0);
17
+ var require$$1__default = /*#__PURE__*/_interopDefault(require$$1);
18
+ var require$$7__default = /*#__PURE__*/_interopDefault(require$$7);
10
19
 
11
20
  var auth;
12
21
  var hasRequiredAuth;
@@ -17,13 +26,15 @@ function requireAuth() {
17
26
  * Auth.js controller
18
27
  *
19
28
  * @description: A set of functions called "actions" for managing `Auth`.
20
- */ /* eslint-disable no-useless-escape */ const crypto = require$$0$2;
21
- const _ = require$$0$1;
22
- const { concat, compact, isArray } = require$$0;
23
- const utils = require$$1;
29
+ */ /* eslint-disable no-useless-escape */ const crypto = require$$0__default$2.default;
30
+ const _ = require$$0__default$1.default;
31
+ const { concat, compact, isArray } = require$$0__default.default;
32
+ const utils = require$$1__default.default;
24
33
  const { getService } = index.__require();
34
+ const { buildRefreshCookieOptions } = refreshCookieOptions.__require();
25
35
  const { validateCallbackBody, validateRegisterBody, validateSendEmailConfirmationBody, validateForgotPasswordBody, validateResetPasswordBody, validateEmailConfirmationBody, validateChangePasswordBody } = auth$1.__require();
26
36
  const { ApplicationError, ValidationError, ForbiddenError } = utils.errors;
37
+ const { buildSessionMetadata, sanitizeSessionEntry, sortSessionsForDisplay } = utils;
27
38
  const sanitizeUser = (user, ctx)=>{
28
39
  const { auth } = ctx.state;
29
40
  const userSchema = strapi.getModel('plugin::users-permissions.user');
@@ -35,6 +46,82 @@ function requireAuth() {
35
46
  const { deviceId } = requestBody || {};
36
47
  return typeof deviceId === 'string' && deviceId.length > 0 ? deviceId : undefined;
37
48
  };
49
+ const buildSessionMetadataFromContext = (ctx)=>buildSessionMetadata({
50
+ userAgent: ctx.request.headers['user-agent']
51
+ });
52
+ const sendRefreshAuthResponse = async (strapi1, ctx, user, { metadata } = {})=>{
53
+ const deviceId = extractDeviceId(ctx.request.body);
54
+ const tokenOptions = {
55
+ type: 'refresh',
56
+ ...metadata ? {
57
+ metadata
58
+ } : {}
59
+ };
60
+ const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), deviceId, tokenOptions);
61
+ const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
62
+ if ('error' in access) {
63
+ throw new ApplicationError('Invalid credentials');
64
+ }
65
+ const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
66
+ const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
67
+ if (upSessions?.httpOnly || requestHttpOnly) {
68
+ const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';
69
+ const isProduction = process.env.NODE_ENV === 'production';
70
+ ctx.cookies.set(cookieName, refresh.token, buildRefreshCookieOptions(upSessions, isProduction));
71
+ return ctx.send({
72
+ jwt: access.token,
73
+ user: await sanitizeUser(user, ctx)
74
+ });
75
+ }
76
+ return ctx.send({
77
+ jwt: access.token,
78
+ refreshToken: refresh.token,
79
+ user: await sanitizeUser(user, ctx)
80
+ });
81
+ };
82
+ const reissueTokensAfterPasswordChange = async (strapi1, ctx, user)=>{
83
+ const deviceId = extractDeviceId(ctx.request.body);
84
+ await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));
85
+ const newDeviceId = deviceId || crypto.randomUUID();
86
+ const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), newDeviceId, {
87
+ type: 'refresh'
88
+ });
89
+ const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
90
+ if ('error' in access) {
91
+ throw new ApplicationError('Invalid credentials');
92
+ }
93
+ return ctx.send({
94
+ jwt: access.token,
95
+ refreshToken: refresh.token,
96
+ user: await sanitizeUser(user, ctx)
97
+ });
98
+ };
99
+ const revokeLogoutSessions = async (strapi1, ctx, userId, { scope, deviceId, body })=>{
100
+ const sessionManager = strapi1.sessionManager('users-permissions');
101
+ const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
102
+ if (scope === 'all') {
103
+ await sessionManager.invalidateRefreshToken(userId);
104
+ return;
105
+ }
106
+ if (deviceId) {
107
+ await sessionManager.invalidateRefreshToken(userId, deviceId);
108
+ return;
109
+ }
110
+ let currentSessionId = ctx.state.session?.id;
111
+ const cookieName = upSessions?.cookie?.name || 'strapi_up_refresh';
112
+ const refreshToken = ctx.cookies.get(cookieName) || (typeof body.refreshToken === 'string' ? body.refreshToken : undefined);
113
+ if (refreshToken) {
114
+ const validation = await sessionManager.validateRefreshToken(refreshToken);
115
+ if (validation.isValid) {
116
+ currentSessionId = validation.sessionId;
117
+ }
118
+ }
119
+ if (currentSessionId) {
120
+ await sessionManager.revokeSessionById(userId, currentSessionId);
121
+ return;
122
+ }
123
+ await sessionManager.invalidateRefreshToken(userId);
124
+ };
38
125
  auth = ({ strapi: strapi1 })=>({
39
126
  async callback (ctx) {
40
127
  const provider = ctx.params.provider || 'local';
@@ -92,38 +179,8 @@ function requireAuth() {
92
179
  }
93
180
  const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
94
181
  if (mode === 'refresh') {
95
- const deviceId = extractDeviceId(ctx.request.body);
96
- const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), deviceId, {
97
- type: 'refresh'
98
- });
99
- const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
100
- if ('error' in access) {
101
- throw new ApplicationError('Invalid credentials');
102
- }
103
- const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
104
- const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
105
- if (upSessions?.httpOnly || requestHttpOnly) {
106
- const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';
107
- const isProduction = process.env.NODE_ENV === 'production';
108
- const isSecure = typeof upSessions.cookie?.secure === 'boolean' ? upSessions.cookie?.secure : isProduction;
109
- const cookieOptions = {
110
- httpOnly: true,
111
- secure: isSecure,
112
- sameSite: upSessions.cookie?.sameSite ?? 'lax',
113
- path: upSessions.cookie?.path ?? '/',
114
- domain: upSessions.cookie?.domain,
115
- overwrite: true
116
- };
117
- ctx.cookies.set(cookieName, refresh.token, cookieOptions);
118
- return ctx.send({
119
- jwt: access.token,
120
- user: await sanitizeUser(user, ctx)
121
- });
122
- }
123
- return ctx.send({
124
- jwt: access.token,
125
- refreshToken: refresh.token,
126
- user: await sanitizeUser(user, ctx)
182
+ return sendRefreshAuthResponse(strapi1, ctx, user, {
183
+ metadata: buildSessionMetadataFromContext(ctx)
127
184
  });
128
185
  }
129
186
  return ctx.send({
@@ -141,38 +198,8 @@ function requireAuth() {
141
198
  }
142
199
  const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
143
200
  if (mode === 'refresh') {
144
- const deviceId = extractDeviceId(ctx.request.body);
145
- const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), deviceId, {
146
- type: 'refresh'
147
- });
148
- const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
149
- if ('error' in access) {
150
- throw new ApplicationError('Invalid credentials');
151
- }
152
- const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
153
- const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
154
- if (upSessions?.httpOnly || requestHttpOnly) {
155
- const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';
156
- const isProduction = process.env.NODE_ENV === 'production';
157
- const isSecure = typeof upSessions.cookie?.secure === 'boolean' ? upSessions.cookie?.secure : isProduction;
158
- const cookieOptions = {
159
- httpOnly: true,
160
- secure: isSecure,
161
- sameSite: upSessions.cookie?.sameSite ?? 'lax',
162
- path: upSessions.cookie?.path ?? '/',
163
- domain: upSessions.cookie?.domain,
164
- overwrite: true
165
- };
166
- ctx.cookies.set(cookieName, refresh.token, cookieOptions);
167
- return ctx.send({
168
- jwt: access.token,
169
- user: await sanitizeUser(user, ctx)
170
- });
171
- }
172
- return ctx.send({
173
- jwt: access.token,
174
- refreshToken: refresh.token,
175
- user: await sanitizeUser(user, ctx)
201
+ return sendRefreshAuthResponse(strapi1, ctx, user, {
202
+ metadata: buildSessionMetadataFromContext(ctx)
176
203
  });
177
204
  }
178
205
  return ctx.send({
@@ -208,22 +235,7 @@ function requireAuth() {
208
235
  });
209
236
  const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
210
237
  if (mode === 'refresh') {
211
- const deviceId = extractDeviceId(ctx.request.body);
212
- // Invalidate all sessions when password changes for security
213
- await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));
214
- const newDeviceId = deviceId || crypto.randomUUID();
215
- const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), newDeviceId, {
216
- type: 'refresh'
217
- });
218
- const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
219
- if ('error' in access) {
220
- throw new ApplicationError('Invalid credentials');
221
- }
222
- return ctx.send({
223
- jwt: access.token,
224
- refreshToken: refresh.token,
225
- user: await sanitizeUser(user, ctx)
226
- });
238
+ return reissueTokensAfterPasswordChange(strapi1, ctx, user);
227
239
  }
228
240
  return ctx.send({
229
241
  jwt: getService('jwt').issue({
@@ -252,22 +264,7 @@ function requireAuth() {
252
264
  });
253
265
  const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
254
266
  if (mode === 'refresh') {
255
- const deviceId = extractDeviceId(ctx.request.body);
256
- // Invalidate all sessions when password is reset for security
257
- await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));
258
- const newDeviceId = deviceId || crypto.randomUUID();
259
- const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), newDeviceId, {
260
- type: 'refresh'
261
- });
262
- const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
263
- if ('error' in access) {
264
- throw new ApplicationError('Invalid credentials');
265
- }
266
- return ctx.send({
267
- jwt: access.token,
268
- refreshToken: refresh.token,
269
- user: await sanitizeUser(user, ctx)
270
- });
267
+ return reissueTokensAfterPasswordChange(strapi1, ctx, user);
271
268
  }
272
269
  return ctx.send({
273
270
  jwt: getService('jwt').issue({
@@ -302,16 +299,7 @@ function requireAuth() {
302
299
  const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
303
300
  if (upSessions?.httpOnly || requestHttpOnly) {
304
301
  const isProduction = process.env.NODE_ENV === 'production';
305
- const isSecure = typeof upSessions.cookie?.secure === 'boolean' ? upSessions.cookie?.secure : isProduction;
306
- const cookieOptions = {
307
- httpOnly: true,
308
- secure: isSecure,
309
- sameSite: upSessions.cookie?.sameSite ?? 'lax',
310
- path: upSessions.cookie?.path ?? '/',
311
- domain: upSessions.cookie?.domain,
312
- overwrite: true
313
- };
314
- ctx.cookies.set(cookieName, rotation.token, cookieOptions);
302
+ ctx.cookies.set(cookieName, rotation.token, buildRefreshCookieOptions(upSessions, isProduction));
315
303
  return ctx.send({
316
304
  jwt: result.token
317
305
  });
@@ -326,17 +314,23 @@ function requireAuth() {
326
314
  if (mode !== 'refresh') {
327
315
  return ctx.notFound();
328
316
  }
329
- // Invalidate all sessions for the authenticated user, or by deviceId if provided
330
317
  if (!ctx.state.user) {
331
318
  return ctx.unauthorized('Missing authentication');
332
319
  }
333
- const deviceId = extractDeviceId(ctx.request.body);
320
+ const userId = String(ctx.state.user.id);
321
+ const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
322
+ const body = ctx.request.body || {};
323
+ const scope = typeof body.scope === 'string' ? body.scope : undefined;
324
+ const deviceId = extractDeviceId(body);
334
325
  try {
335
- await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(ctx.state.user.id), deviceId);
326
+ await revokeLogoutSessions(strapi1, ctx, userId, {
327
+ scope,
328
+ deviceId,
329
+ body
330
+ });
336
331
  } catch (err) {
337
332
  strapi1.log.error('UP logout failed', err);
338
333
  }
339
- const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
340
334
  const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
341
335
  if (upSessions?.httpOnly || requestHttpOnly) {
342
336
  const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';
@@ -348,8 +342,40 @@ function requireAuth() {
348
342
  ok: true
349
343
  });
350
344
  },
345
+ async getSessions (ctx) {
346
+ const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
347
+ if (mode !== 'refresh') {
348
+ return ctx.notFound();
349
+ }
350
+ if (!ctx.state.user) {
351
+ return ctx.unauthorized('Missing authentication');
352
+ }
353
+ const currentSessionId = ctx.state.session?.id;
354
+ const sessions = await strapi1.sessionManager('users-permissions').listSessions(String(ctx.state.user.id));
355
+ const data = sortSessionsForDisplay(sessions.map((session)=>sanitizeSessionEntry(session, currentSessionId)));
356
+ return ctx.send({
357
+ data
358
+ });
359
+ },
360
+ async revokeSession (ctx) {
361
+ const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
362
+ if (mode !== 'refresh') {
363
+ return ctx.notFound();
364
+ }
365
+ if (!ctx.state.user) {
366
+ return ctx.unauthorized('Missing authentication');
367
+ }
368
+ const { sessionId } = ctx.params;
369
+ const revoked = await strapi1.sessionManager('users-permissions').revokeSessionById(String(ctx.state.user.id), sessionId);
370
+ if (!revoked) {
371
+ return ctx.notFound('Session not found');
372
+ }
373
+ return ctx.send({
374
+ data: {}
375
+ });
376
+ },
351
377
  async connect (ctx, next) {
352
- const grant = require$$6.koa();
378
+ const grant = require$$7__default.default.koa();
353
379
  const providers = await strapi1.store({
354
380
  type: 'plugin',
355
381
  name: 'users-permissions',
@@ -545,7 +571,8 @@ function requireAuth() {
545
571
  if (mode === 'refresh') {
546
572
  const deviceId = extractDeviceId(ctx.request.body) || crypto.randomUUID();
547
573
  const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), deviceId, {
548
- type: 'refresh'
574
+ type: 'refresh',
575
+ metadata: buildSessionMetadataFromContext(ctx)
549
576
  });
550
577
  const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
551
578
  if ('error' in access) {
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","sources":["../../../server/controllers/auth.js"],"sourcesContent":["'use strict';\n\n/**\n * Auth.js controller\n *\n * @description: A set of functions called \"actions\" for managing `Auth`.\n */\n\n/* eslint-disable no-useless-escape */\nconst crypto = require('crypto');\nconst _ = require('lodash');\nconst { concat, compact, isArray } = require('lodash/fp');\nconst utils = require('@strapi/utils');\nconst { getService } = require('../utils');\nconst {\n validateCallbackBody,\n validateRegisterBody,\n validateSendEmailConfirmationBody,\n validateForgotPasswordBody,\n validateResetPasswordBody,\n validateEmailConfirmationBody,\n validateChangePasswordBody,\n} = require('./validation/auth');\n\nconst { ApplicationError, ValidationError, ForbiddenError } = utils.errors;\n\nconst sanitizeUser = (user, ctx) => {\n const { auth } = ctx.state;\n const userSchema = strapi.getModel('plugin::users-permissions.user');\n\n return strapi.contentAPI.sanitize.output(user, userSchema, { auth });\n};\n\nconst extractDeviceId = (requestBody) => {\n const { deviceId } = requestBody || {};\n\n return typeof deviceId === 'string' && deviceId.length > 0 ? deviceId : undefined;\n};\n\nmodule.exports = ({ strapi }) => ({\n async callback(ctx) {\n const provider = ctx.params.provider || 'local';\n const params = ctx.request.body;\n\n const store = strapi.store({ type: 'plugin', name: 'users-permissions' });\n const grantSettings = await store.get({ key: 'grant' });\n\n const grantProvider = provider === 'local' ? 'email' : provider;\n\n if (!_.get(grantSettings, [grantProvider, 'enabled'])) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (provider === 'local') {\n await validateCallbackBody(params);\n\n const { identifier } = params;\n\n // Check if the user exists.\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: {\n provider,\n $or: [{ email: identifier.toLowerCase() }, { username: identifier }],\n },\n });\n\n if (!user) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n if (!user.password) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const validPassword = await getService('user').validatePassword(\n params.password,\n user.password\n );\n\n if (!validPassword) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const advancedSettings = await store.get({ key: 'advanced' });\n const requiresConfirmation = _.get(advancedSettings, 'email_confirmation');\n\n if (requiresConfirmation && user.confirmed !== true) {\n throw new ApplicationError('Your account email is not confirmed');\n }\n\n if (user.blocked === true) {\n throw new ApplicationError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean'\n ? upSessions.cookie?.secure\n : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n\n ctx.cookies.set(cookieName, refresh.token, cookieOptions);\n return ctx.send({ jwt: access.token, user: await sanitizeUser(user, ctx) });\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n }\n\n // Connect the user with the third-party provider.\n try {\n const user = await getService('providers').connect(provider, ctx.query);\n\n if (user.blocked) {\n throw new ForbiddenError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean'\n ? upSessions.cookie?.secure\n : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n ctx.cookies.set(cookieName, refresh.token, cookieOptions);\n return ctx.send({ jwt: access.token, user: await sanitizeUser(user, ctx) });\n }\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } catch (error) {\n throw new ApplicationError(error.message);\n }\n },\n\n async changePassword(ctx) {\n if (!ctx.state.user) {\n throw new ApplicationError('You must be authenticated to reset your password');\n }\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { currentPassword, password } = await validateChangePasswordBody(\n ctx.request.body,\n validations\n );\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { id: ctx.state.user.id } });\n\n const validPassword = await getService('user').validatePassword(currentPassword, user.password);\n\n if (!validPassword) {\n throw new ValidationError('The provided current password is invalid');\n }\n\n if (currentPassword === password) {\n throw new ValidationError('Your new password must be different than your current password');\n }\n\n await getService('user').edit(user.id, { password });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n // Invalidate all sessions when password changes for security\n await strapi.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));\n\n const newDeviceId = deviceId || crypto.randomUUID();\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), newDeviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n\n async resetPassword(ctx) {\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { password, passwordConfirmation, code } = await validateResetPasswordBody(\n ctx.request.body,\n validations\n );\n\n if (password !== passwordConfirmation) {\n throw new ValidationError('Passwords do not match');\n }\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { resetPasswordToken: code } });\n\n if (!user) {\n throw new ValidationError('Incorrect code provided');\n }\n\n await getService('user').edit(user.id, {\n resetPasswordToken: null,\n password,\n });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body);\n\n // Invalidate all sessions when password is reset for security\n await strapi.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));\n\n const newDeviceId = deviceId || crypto.randomUUID();\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), newDeviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n async refresh(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const cookieName = upSessions?.cookie?.name || 'strapi_up_refresh';\n\n // Check for refresh token in cookie first (if httpOnly is configured), then in body\n let refreshToken = ctx.cookies.get(cookieName);\n if (!refreshToken) {\n refreshToken = ctx.request.body?.refreshToken;\n }\n\n if (!refreshToken || typeof refreshToken !== 'string') {\n return ctx.badRequest('Missing refresh token');\n }\n\n const rotation = await strapi\n .sessionManager('users-permissions')\n .rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure =\n typeof upSessions.cookie?.secure === 'boolean' ? upSessions.cookie?.secure : isProduction;\n\n const cookieOptions = {\n httpOnly: true,\n secure: isSecure,\n sameSite: upSessions.cookie?.sameSite ?? 'lax',\n path: upSessions.cookie?.path ?? '/',\n domain: upSessions.cookie?.domain,\n overwrite: true,\n };\n ctx.cookies.set(cookieName, rotation.token, cookieOptions);\n return ctx.send({ jwt: result.token });\n }\n return ctx.send({ jwt: result.token, refreshToken: rotation.token });\n },\n async logout(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n // Invalidate all sessions for the authenticated user, or by deviceId if provided\n if (!ctx.state.user) {\n return ctx.unauthorized('Missing authentication');\n }\n\n const deviceId = extractDeviceId(ctx.request.body);\n try {\n await strapi\n .sessionManager('users-permissions')\n .invalidateRefreshToken(String(ctx.state.user.id), deviceId);\n } catch (err) {\n strapi.log.error('UP logout failed', err);\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n ctx.cookies.set(cookieName, '', { expires: new Date(0) });\n }\n return ctx.send({ ok: true });\n },\n async connect(ctx, next) {\n const grant = require('grant').koa();\n\n const providers = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })\n .get();\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n const grantConfig = {\n defaults: {\n prefix: `${apiPrefix}/connect`,\n },\n ...providers,\n };\n\n const [requestPath] = ctx.request.url.split('?');\n const provider = requestPath.split('/connect/')[1].split('/')[0];\n\n if (!_.get(grantConfig[provider], 'enabled')) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (!strapi.config.server.url.startsWith('http')) {\n strapi.log.warn(\n 'You are using a third party provider for login. Make sure to set an absolute url in config/server.js. More info here: https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html#setting-up-the-server-url'\n );\n }\n\n // Ability to pass OAuth callback dynamically\n const queryCustomCallback = _.get(ctx, 'query.callback');\n const dynamicSessionCallback = _.get(ctx, 'session.grant.dynamic.callback');\n\n const customCallback = queryCustomCallback ?? dynamicSessionCallback;\n\n // The custom callback is validated to make sure it's not redirecting to an unwanted actor.\n if (customCallback !== undefined) {\n try {\n // We're extracting the callback validator from the plugin config since it can be user-customized\n const { validate: validateCallback } = strapi\n .plugin('users-permissions')\n .config('callback');\n\n await validateCallback(customCallback, grantConfig[provider]);\n\n grantConfig[provider].callback = customCallback;\n } catch (e) {\n throw new ValidationError('Invalid callback URL provided', { callback: customCallback });\n }\n }\n\n // Build a valid redirect URI for the current provider\n grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider);\n\n return grant(grantConfig)(ctx, next);\n },\n\n async forgotPassword(ctx) {\n const { email } = await validateForgotPasswordBody(ctx.request.body);\n\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const emailSettings = await pluginStore.get({ key: 'email' });\n const advancedSettings = await pluginStore.get({ key: 'advanced' });\n\n // Find the user by email.\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { email: email.toLowerCase() } });\n\n if (!user || user.blocked) {\n return ctx.send({ ok: true });\n }\n\n // Generate random token.\n const userInfo = await sanitizeUser(user, ctx);\n\n const resetPasswordToken = crypto.randomBytes(64).toString('hex');\n\n const resetPasswordSettings = _.get(emailSettings, 'reset_password.options', {});\n const emailBody = await getService('users-permissions').template(\n resetPasswordSettings.message,\n {\n URL: advancedSettings.email_reset_password,\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: userInfo,\n TOKEN: resetPasswordToken,\n }\n );\n\n const emailObject = await getService('users-permissions').template(\n resetPasswordSettings.object,\n {\n USER: userInfo,\n }\n );\n\n const emailToSend = {\n to: user.email,\n from:\n resetPasswordSettings.from.email || resetPasswordSettings.from.name\n ? `${resetPasswordSettings.from.name} <${resetPasswordSettings.from.email}>`\n : undefined,\n replyTo: resetPasswordSettings.response_email,\n subject: emailObject,\n text: emailBody,\n html: emailBody,\n };\n\n // NOTE: Update the user before sending the email so an Admin can generate the link if the email fails\n await getService('user').edit(user.id, { resetPasswordToken });\n\n // Send an email to the user.\n await strapi.plugin('email').service('email').send(emailToSend);\n\n ctx.send({ ok: true });\n },\n\n async register(ctx) {\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const settings = await pluginStore.get({ key: 'advanced' });\n\n if (!settings.allow_register) {\n throw new ApplicationError('Register action is currently disabled');\n }\n\n const { register } = strapi.config.get('plugin::users-permissions');\n const alwaysAllowedKeys = ['username', 'password', 'email'];\n\n // Note that we intentionally do not filter allowedFields to allow a project to explicitly accept private or other Strapi field on registration\n const allowedKeys = compact(\n concat(alwaysAllowedKeys, isArray(register?.allowedFields) ? register.allowedFields : [])\n );\n\n // Check if there are any keys in requestBody that are not in allowedKeys\n const invalidKeys = Object.keys(ctx.request.body).filter((key) => !allowedKeys.includes(key));\n\n if (invalidKeys.length > 0) {\n // If there are invalid keys, throw an error\n throw new ValidationError(`Invalid parameters: ${invalidKeys.join(', ')}`);\n }\n\n const params = {\n ..._.pick(ctx.request.body, allowedKeys),\n provider: 'local',\n };\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n await validateRegisterBody(params, validations);\n\n const role = await strapi.db\n .query('plugin::users-permissions.role')\n .findOne({ where: { type: settings.default_role } });\n\n if (!role) {\n throw new ApplicationError('Impossible to find the default role');\n }\n\n const { email, username, provider } = params;\n\n const identifierFilter = {\n $or: [\n { email: email.toLowerCase() },\n { username: email.toLowerCase() },\n { username },\n { email: username },\n ],\n };\n\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter, provider },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n\n if (settings.unique_email) {\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n }\n\n const newUser = {\n ...params,\n role: role.id,\n email: email.toLowerCase(),\n username,\n confirmed: !settings.email_confirmation,\n };\n\n const user = await getService('user').add(newUser);\n\n const sanitizedUser = await sanitizeUser(user, ctx);\n\n if (settings.email_confirmation) {\n try {\n await getService('user').sendConfirmationEmail(sanitizedUser);\n } catch (err) {\n strapi.log.error(err);\n throw new ApplicationError('Error sending confirmation email');\n }\n\n return ctx.send({ user: sanitizedUser });\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body) || crypto.randomUUID();\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({ jwt: access.token, refreshToken: refresh.token, user: sanitizedUser });\n }\n\n const jwt = getService('jwt').issue(_.pick(user, ['id']));\n return ctx.send({ jwt, user: sanitizedUser });\n },\n\n async emailConfirmation(ctx, next, returnUser) {\n const { confirmation: confirmationToken } = await validateEmailConfirmationBody(ctx.query);\n\n const userService = getService('user');\n const jwtService = getService('jwt');\n\n const [user] = await userService.fetchAll({ filters: { confirmationToken } });\n\n if (!user) {\n throw new ValidationError('Invalid token');\n }\n\n await userService.edit(user.id, { confirmed: true, confirmationToken: null });\n\n if (returnUser) {\n ctx.send({\n jwt: jwtService.issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } else {\n const settings = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n .get();\n\n ctx.redirect(settings.email_confirmation_redirection || '/');\n }\n },\n\n async sendEmailConfirmation(ctx) {\n const { email } = await validateSendEmailConfirmationBody(ctx.request.body);\n\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: { email: email.toLowerCase() },\n });\n\n if (!user) {\n return ctx.send({ email, sent: true });\n }\n\n if (user.confirmed) {\n throw new ApplicationError('Already confirmed');\n }\n\n if (user.blocked) {\n throw new ApplicationError('User blocked');\n }\n\n await getService('user').sendConfirmationEmail(user);\n\n ctx.send({\n email: user.email,\n sent: true,\n });\n },\n});\n"],"names":["crypto","require$$0","_","require$$1","concat","compact","isArray","require$$2","utils","require$$3","getService","require$$4","validateCallbackBody","validateRegisterBody","validateSendEmailConfirmationBody","validateForgotPasswordBody","validateResetPasswordBody","validateEmailConfirmationBody","validateChangePasswordBody","require$$5","ApplicationError","ValidationError","ForbiddenError","errors","sanitizeUser","user","ctx","auth","state","userSchema","strapi","getModel","contentAPI","sanitize","output","extractDeviceId","requestBody","deviceId","length","undefined","callback","provider","params","request","body","store","type","name","grantSettings","get","key","grantProvider","identifier","db","query","findOne","where","$or","email","toLowerCase","username","password","validPassword","validatePassword","advancedSettings","requiresConfirmation","confirmed","blocked","mode","config","refresh","sessionManager","generateRefreshToken","String","id","access","generateAccessToken","token","upSessions","requestHttpOnly","header","httpOnly","cookieName","cookie","isProduction","process","env","NODE_ENV","isSecure","secure","cookieOptions","sameSite","path","domain","overwrite","cookies","set","send","jwt","refreshToken","issue","connect","error","message","changePassword","validations","currentPassword","edit","invalidateRefreshToken","newDeviceId","randomUUID","resetPassword","passwordConfirmation","code","resetPasswordToken","notFound","badRequest","rotation","rotateRefreshToken","unauthorized","result","logout","err","log","expires","Date","ok","next","grant","require$$6","koa","providers","apiPrefix","grantConfig","defaults","prefix","requestPath","url","split","server","startsWith","warn","queryCustomCallback","dynamicSessionCallback","customCallback","validate","validateCallback","plugin","e","redirect_uri","buildRedirectUri","forgotPassword","pluginStore","emailSettings","userInfo","randomBytes","toString","resetPasswordSettings","emailBody","template","URL","email_reset_password","SERVER_URL","ADMIN_URL","USER","TOKEN","emailObject","object","emailToSend","to","from","replyTo","response_email","subject","text","html","service","register","settings","allow_register","alwaysAllowedKeys","allowedKeys","allowedFields","invalidKeys","Object","keys","filter","includes","join","pick","role","default_role","identifierFilter","conflictingUserCount","count","unique_email","newUser","email_confirmation","add","sanitizedUser","sendConfirmationEmail","emailConfirmation","returnUser","confirmation","confirmationToken","userService","jwtService","fetchAll","filters","redirect","email_confirmation_redirection","sendEmailConfirmation","sent"],"mappings":";;;;;;;;;;;;;;;AAEA;;;;4CAOA,MAAMA,MAAAA,GAASC,YAAAA;AACf,IAAA,MAAMC,CAAAA,GAAIC,YAAAA;AACV,IAAA,MAAM,EAAEC,MAAM,EAAEC,OAAO,EAAEC,OAAO,EAAE,GAAGC,UAAAA;AACrC,IAAA,MAAMC,KAAAA,GAAQC,UAAAA;IACd,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AACvB,IAAA,MAAM,EACJC,oBAAoB,EACpBC,oBAAoB,EACpBC,iCAAiC,EACjCC,0BAA0B,EAC1BC,yBAAyB,EACzBC,6BAA6B,EAC7BC,0BAA0B,EAC3B,GAAGC,gBAAAA,EAAAA;IAEJ,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAEC,cAAc,EAAE,GAAGd,KAAAA,CAAMe,MAAM;IAE1E,MAAMC,YAAAA,GAAe,CAACC,IAAAA,EAAMC,GAAAA,GAAAA;AAC1B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,KAAK;QAC1B,MAAMC,UAAAA,GAAaC,MAAAA,CAAOC,QAAQ,CAAC,gCAAA,CAAA;QAEnC,OAAOD,MAAAA,CAAOE,UAAU,CAACC,QAAQ,CAACC,MAAM,CAACT,MAAMI,UAAAA,EAAY;AAAEF,YAAAA;AAAI,SAAA,CAAA;AACnE,IAAA,CAAA;AAEA,IAAA,MAAMQ,kBAAkB,CAACC,WAAAA,GAAAA;AACvB,QAAA,MAAM,EAAEC,QAAQ,EAAE,GAAGD,eAAe;AAEpC,QAAA,OAAO,OAAOC,QAAAA,KAAa,QAAA,IAAYA,SAASC,MAAM,GAAG,IAAID,QAAAA,GAAWE,SAAAA;AAC1E,IAAA,CAAA;AAEAZ,IAAAA,IAAAA,GAAiB,CAAC,EAAEG,MAAAA,EAAAA,OAAM,EAAE,IAAM;AAChC,YAAA,MAAMU,UAASd,GAAG,EAAA;AAChB,gBAAA,MAAMe,QAAAA,GAAWf,GAAAA,CAAIgB,MAAM,CAACD,QAAQ,IAAI,OAAA;AACxC,gBAAA,MAAMC,MAAAA,GAAShB,GAAAA,CAAIiB,OAAO,CAACC,IAAI;gBAE/B,MAAMC,KAAAA,GAAQf,OAAAA,CAAOe,KAAK,CAAC;oBAAEC,IAAAA,EAAM,QAAA;oBAAUC,IAAAA,EAAM;AAAmB,iBAAA,CAAA;AACtE,gBAAA,MAAMC,aAAAA,GAAgB,MAAMH,KAAAA,CAAMI,GAAG,CAAC;oBAAEC,GAAAA,EAAK;AAAO,iBAAA,CAAA;gBAEpD,MAAMC,aAAAA,GAAgBV,QAAAA,KAAa,OAAA,GAAU,OAAA,GAAUA,QAAAA;AAEvD,gBAAA,IAAI,CAACvC,CAAAA,CAAE+C,GAAG,CAACD,aAAAA,EAAe;AAACG,oBAAAA,aAAAA;AAAe,oBAAA;iBAAU,CAAA,EAAG;AACrD,oBAAA,MAAM,IAAI/B,gBAAAA,CAAiB,2BAAA,CAAA;AACjC,gBAAA;AAEI,gBAAA,IAAIqB,aAAa,OAAA,EAAS;AACxB,oBAAA,MAAM7B,oBAAAA,CAAqB8B,MAAAA,CAAAA;oBAE3B,MAAM,EAAEU,UAAU,EAAE,GAAGV,MAAAA;;oBAGvB,MAAMjB,IAAAA,GAAO,MAAMK,OAAAA,CAAOuB,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCC,OAAO,CAAC;wBAC3EC,KAAAA,EAAO;AACLf,4BAAAA,QAAAA;4BACAgB,GAAAA,EAAK;AAAC,gCAAA;AAAEC,oCAAAA,KAAAA,EAAON,WAAWO,WAAW;;AAAM,gCAAA;oCAAEC,QAAAA,EAAUR;;AAAa;AAC9E;AACA,qBAAA,CAAA;AAEM,oBAAA,IAAI,CAAC3B,IAAAA,EAAM;AACT,wBAAA,MAAM,IAAIJ,eAAAA,CAAgB,gCAAA,CAAA;AAClC,oBAAA;oBAEM,IAAI,CAACI,IAAAA,CAAKoC,QAAQ,EAAE;AAClB,wBAAA,MAAM,IAAIxC,eAAAA,CAAgB,gCAAA,CAAA;AAClC,oBAAA;oBAEM,MAAMyC,aAAAA,GAAgB,MAAMpD,UAAAA,CAAW,MAAA,CAAA,CAAQqD,gBAAgB,CAC7DrB,MAAAA,CAAOmB,QAAQ,EACfpC,IAAAA,CAAKoC,QAAQ,CAAA;AAGf,oBAAA,IAAI,CAACC,aAAAA,EAAe;AAClB,wBAAA,MAAM,IAAIzC,eAAAA,CAAgB,gCAAA,CAAA;AAClC,oBAAA;AAEM,oBAAA,MAAM2C,gBAAAA,GAAmB,MAAMnB,KAAAA,CAAMI,GAAG,CAAC;wBAAEC,GAAAA,EAAK;AAAU,qBAAA,CAAA;AAC1D,oBAAA,MAAMe,oBAAAA,GAAuB/D,CAAAA,CAAE+C,GAAG,CAACe,gBAAAA,EAAkB,oBAAA,CAAA;AAErD,oBAAA,IAAIC,oBAAAA,IAAwBxC,IAAAA,CAAKyC,SAAS,KAAK,IAAA,EAAM;AACnD,wBAAA,MAAM,IAAI9C,gBAAAA,CAAiB,qCAAA,CAAA;AACnC,oBAAA;oBAEM,IAAIK,IAAAA,CAAK0C,OAAO,KAAK,IAAA,EAAM;AACzB,wBAAA,MAAM,IAAI/C,gBAAAA,CAAiB,mDAAA,CAAA;AACnC,oBAAA;AAEM,oBAAA,MAAMgD,OAAOtC,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,oBAAA,IAAImB,SAAS,SAAA,EAAW;AACtB,wBAAA,MAAM/B,QAAAA,GAAWF,eAAAA,CAAgBT,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;AAEjD,wBAAA,MAAM0B,OAAAA,GAAU,MAAMxC,OAAAA,CACnByC,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAAA,CAAOhD,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAAA,EAAU;4BAAES,IAAAA,EAAM;AAAS,yBAAA,CAAA;wBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAAAA,CAClByC,cAAc,CAAC,mBAAA,CAAA,CACfK,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,wBAAA,IAAI,WAAWF,MAAAA,EAAQ;AACrB,4BAAA,MAAM,IAAIvD,gBAAAA,CAAiB,qBAAA,CAAA;AACrC,wBAAA;AAEQ,wBAAA,MAAM0D,UAAAA,GAAahD,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,wBAAA,MAAM8B,kBAAkBrD,GAAAA,CAAIiB,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;wBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAAA,EAAiB;AAC3C,4BAAA,MAAMG,UAAAA,GAAaJ,UAAAA,CAAWK,MAAM,EAAEpC,IAAAA,IAAQ,mBAAA;AAC9C,4BAAA,MAAMqC,YAAAA,GAAeC,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;4BAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SAAA,GACjCX,UAAAA,CAAWK,MAAM,EAAEM,MAAAA,GACnBL,YAAAA;AAEN,4BAAA,MAAMM,aAAAA,GAAgB;gCACpBT,QAAAA,EAAU,IAAA;gCACVQ,MAAAA,EAAQD,QAAAA;gCACRG,QAAAA,EAAUb,UAAAA,CAAWK,MAAM,EAAEQ,QAAAA,IAAY,KAAA;gCACzCC,IAAAA,EAAMd,UAAAA,CAAWK,MAAM,EAAES,IAAAA,IAAQ,GAAA;gCACjCC,MAAAA,EAAQf,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;gCAC3BC,SAAAA,EAAW;AACvB,6BAAA;AAEUpE,4BAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAAA,EAAYZ,OAAAA,CAAQO,KAAK,EAAEa,aAAAA,CAAAA;4BAC3C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,gCAAAA,GAAAA,EAAKvB,OAAOE,KAAK;gCAAEpD,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AAAI,6BAAA,CAAA;AAClF,wBAAA;wBAEQ,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;AACdC,4BAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,4BAAAA,YAAAA,EAAc7B,QAAQO,KAAK;4BAC3BpD,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACzC,yBAAA,CAAA;AACA,oBAAA;oBAEM,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;wBACdC,GAAAA,EAAKxF,UAAAA,CAAW,KAAA,CAAA,CAAO0F,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACxCjD,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACvC,qBAAA,CAAA;AACA,gBAAA;;gBAGI,IAAI;oBACF,MAAMD,IAAAA,GAAO,MAAMf,UAAAA,CAAW,WAAA,CAAA,CAAa2F,OAAO,CAAC5D,QAAAA,EAAUf,IAAI4B,KAAK,CAAA;oBAEtE,IAAI7B,IAAAA,CAAK0C,OAAO,EAAE;AAChB,wBAAA,MAAM,IAAI7C,cAAAA,CAAe,mDAAA,CAAA;AACjC,oBAAA;AAEM,oBAAA,MAAM8C,OAAOtC,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,oBAAA,IAAImB,SAAS,SAAA,EAAW;AACtB,wBAAA,MAAM/B,QAAAA,GAAWF,eAAAA,CAAgBT,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;AAEjD,wBAAA,MAAM0B,OAAAA,GAAU,MAAMxC,OAAAA,CACnByC,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAAA,CAAOhD,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAAA,EAAU;4BAAES,IAAAA,EAAM;AAAS,yBAAA,CAAA;wBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAAAA,CAClByC,cAAc,CAAC,mBAAA,CAAA,CACfK,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,wBAAA,IAAI,WAAWF,MAAAA,EAAQ;AACrB,4BAAA,MAAM,IAAIvD,gBAAAA,CAAiB,qBAAA,CAAA;AACrC,wBAAA;AAEQ,wBAAA,MAAM0D,UAAAA,GAAahD,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,wBAAA,MAAM8B,kBAAkBrD,GAAAA,CAAIiB,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;wBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAAA,EAAiB;AAC3C,4BAAA,MAAMG,UAAAA,GAAaJ,UAAAA,CAAWK,MAAM,EAAEpC,IAAAA,IAAQ,mBAAA;AAC9C,4BAAA,MAAMqC,YAAAA,GAAeC,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;4BAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SAAA,GACjCX,UAAAA,CAAWK,MAAM,EAAEM,MAAAA,GACnBL,YAAAA;AAEN,4BAAA,MAAMM,aAAAA,GAAgB;gCACpBT,QAAAA,EAAU,IAAA;gCACVQ,MAAAA,EAAQD,QAAAA;gCACRG,QAAAA,EAAUb,UAAAA,CAAWK,MAAM,EAAEQ,QAAAA,IAAY,KAAA;gCACzCC,IAAAA,EAAMd,UAAAA,CAAWK,MAAM,EAAES,IAAAA,IAAQ,GAAA;gCACjCC,MAAAA,EAAQf,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;gCAC3BC,SAAAA,EAAW;AACvB,6BAAA;AACUpE,4BAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAAA,EAAYZ,OAAAA,CAAQO,KAAK,EAAEa,aAAAA,CAAAA;4BAC3C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,gCAAAA,GAAAA,EAAKvB,OAAOE,KAAK;gCAAEpD,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AAAI,6BAAA,CAAA;AAClF,wBAAA;wBACQ,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;AACdC,4BAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,4BAAAA,YAAAA,EAAc7B,QAAQO,KAAK;4BAC3BpD,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACzC,yBAAA,CAAA;AACA,oBAAA;oBAEM,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;wBACdC,GAAAA,EAAKxF,UAAAA,CAAW,KAAA,CAAA,CAAO0F,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACxCjD,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACvC,qBAAA,CAAA;AACA,gBAAA,CAAA,CAAM,OAAO4E,KAAAA,EAAO;oBACd,MAAM,IAAIlF,gBAAAA,CAAiBkF,KAAAA,CAAMC,OAAO,CAAA;AAC9C,gBAAA;AACA,YAAA,CAAA;AAEE,YAAA,MAAMC,gBAAe9E,GAAG,EAAA;AACtB,gBAAA,IAAI,CAACA,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;AACnB,oBAAA,MAAM,IAAIL,gBAAAA,CAAiB,kDAAA,CAAA;AACjC,gBAAA;AAEI,gBAAA,MAAMqF,WAAAA,GAAc3E,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAEyD,eAAe,EAAE7C,QAAQ,EAAE,GAAG,MAAM3C,0BAAAA,CAC1CQ,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAChB6D,WAAAA,CAAAA;gBAGF,MAAMhF,IAAAA,GAAO,MAAMK,OAAAA,CAAOuB,EAAE,CACzBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;oBAAEC,KAAAA,EAAO;AAAEkB,wBAAAA,EAAAA,EAAIhD,GAAAA,CAAIE,KAAK,CAACH,IAAI,CAACiD;AAAE;AAAE,iBAAA,CAAA;gBAE7C,MAAMZ,aAAAA,GAAgB,MAAMpD,UAAAA,CAAW,MAAA,CAAA,CAAQqD,gBAAgB,CAAC2C,eAAAA,EAAiBjF,KAAKoC,QAAQ,CAAA;AAE9F,gBAAA,IAAI,CAACC,aAAAA,EAAe;AAClB,oBAAA,MAAM,IAAIzC,eAAAA,CAAgB,0CAAA,CAAA;AAChC,gBAAA;AAEI,gBAAA,IAAIqF,oBAAoB7C,QAAAA,EAAU;AAChC,oBAAA,MAAM,IAAIxC,eAAAA,CAAgB,gEAAA,CAAA;AAChC,gBAAA;AAEI,gBAAA,MAAMX,WAAW,MAAA,CAAA,CAAQiG,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;AAAEb,oBAAAA;AAAQ,iBAAA,CAAA;AAEjD,gBAAA,MAAMO,OAAOtC,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAA,EAAW;AACtB,oBAAA,MAAM/B,QAAAA,GAAWF,eAAAA,CAAgBT,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;;oBAGjD,MAAMd,OAAAA,CAAOyC,cAAc,CAAC,mBAAA,CAAA,CAAqBqC,sBAAsB,CAACnC,MAAAA,CAAOhD,KAAKiD,EAAE,CAAA,CAAA;oBAEtF,MAAMmC,WAAAA,GAAcxE,QAAAA,IAAYrC,MAAAA,CAAO8G,UAAU,EAAA;AACjD,oBAAA,MAAMxC,OAAAA,GAAU,MAAMxC,OAAAA,CACnByC,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAAA,CAAOhD,IAAAA,CAAKiD,EAAE,CAAA,EAAGmC,WAAAA,EAAa;wBAAE/D,IAAAA,EAAM;AAAS,qBAAA,CAAA;oBAEvE,MAAM6B,MAAAA,GAAS,MAAM7C,OAAAA,CAClByC,cAAc,CAAC,mBAAA,CAAA,CACfK,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAAA,EAAQ;AACrB,wBAAA,MAAM,IAAIvD,gBAAAA,CAAiB,qBAAA,CAAA;AACnC,oBAAA;oBAEM,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AACdC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAC3BpD,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACvC,qBAAA,CAAA;AACA,gBAAA;gBAEI,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;oBACdC,GAAAA,EAAKxF,UAAAA,CAAW,KAAA,CAAA,CAAO0F,KAAK,CAAC;AAAE1B,wBAAAA,EAAAA,EAAIjD,KAAKiD;;oBACxCjD,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACrC,iBAAA,CAAA;AACA,YAAA,CAAA;AAEE,YAAA,MAAMqF,eAAcrF,GAAG,EAAA;AACrB,gBAAA,MAAM+E,WAAAA,GAAc3E,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAEY,QAAQ,EAAEmD,oBAAoB,EAAEC,IAAI,EAAE,GAAG,MAAMjG,yBAAAA,CACrDU,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAChB6D,WAAAA,CAAAA;AAGF,gBAAA,IAAI5C,aAAamD,oBAAAA,EAAsB;AACrC,oBAAA,MAAM,IAAI3F,eAAAA,CAAgB,wBAAA,CAAA;AAChC,gBAAA;gBAEI,MAAMI,IAAAA,GAAO,MAAMK,OAAAA,CAAOuB,EAAE,CACzBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;oBAAEC,KAAAA,EAAO;wBAAE0D,kBAAAA,EAAoBD;AAAI;AAAE,iBAAA,CAAA;AAEhD,gBAAA,IAAI,CAACxF,IAAAA,EAAM;AACT,oBAAA,MAAM,IAAIJ,eAAAA,CAAgB,yBAAA,CAAA;AAChC,gBAAA;AAEI,gBAAA,MAAMX,WAAW,MAAA,CAAA,CAAQiG,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;oBACrCwC,kBAAAA,EAAoB,IAAA;AACpBrD,oBAAAA;AACN,iBAAA,CAAA;AAEI,gBAAA,MAAMO,OAAOtC,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAA,EAAW;AACtB,oBAAA,MAAM/B,QAAAA,GAAWF,eAAAA,CAAgBT,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;;oBAGjD,MAAMd,OAAAA,CAAOyC,cAAc,CAAC,mBAAA,CAAA,CAAqBqC,sBAAsB,CAACnC,MAAAA,CAAOhD,KAAKiD,EAAE,CAAA,CAAA;oBAEtF,MAAMmC,WAAAA,GAAcxE,QAAAA,IAAYrC,MAAAA,CAAO8G,UAAU,EAAA;AACjD,oBAAA,MAAMxC,OAAAA,GAAU,MAAMxC,OAAAA,CACnByC,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAAA,CAAOhD,IAAAA,CAAKiD,EAAE,CAAA,EAAGmC,WAAAA,EAAa;wBAAE/D,IAAAA,EAAM;AAAS,qBAAA,CAAA;oBAEvE,MAAM6B,MAAAA,GAAS,MAAM7C,OAAAA,CAClByC,cAAc,CAAC,mBAAA,CAAA,CACfK,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAAA,EAAQ;AACrB,wBAAA,MAAM,IAAIvD,gBAAAA,CAAiB,qBAAA,CAAA;AACnC,oBAAA;oBAEM,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AACdC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AACjBsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAC3BpD,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACvC,qBAAA,CAAA;AACA,gBAAA;gBAEI,OAAOA,GAAAA,CAAIuE,IAAI,CAAC;oBACdC,GAAAA,EAAKxF,UAAAA,CAAW,KAAA,CAAA,CAAO0F,KAAK,CAAC;AAAE1B,wBAAAA,EAAAA,EAAIjD,KAAKiD;;oBACxCjD,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACrC,iBAAA,CAAA;AACA,YAAA,CAAA;AACE,YAAA,MAAM4C,SAAQ5C,GAAG,EAAA;AACf,gBAAA,MAAM0C,OAAOtC,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAA,EAAW;AACtB,oBAAA,OAAO1C,IAAIyF,QAAQ,EAAA;AACzB,gBAAA;AAEI,gBAAA,MAAMrC,UAAAA,GAAahD,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;gBACrC,MAAMiC,UAAAA,GAAaJ,UAAAA,EAAYK,MAAAA,EAAQpC,IAAAA,IAAQ,mBAAA;;AAG/C,gBAAA,IAAIoD,YAAAA,GAAezE,GAAAA,CAAIqE,OAAO,CAAC9C,GAAG,CAACiC,UAAAA,CAAAA;AACnC,gBAAA,IAAI,CAACiB,YAAAA,EAAc;AACjBA,oBAAAA,YAAAA,GAAezE,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAAEuD,YAAAA;AACvC,gBAAA;AAEI,gBAAA,IAAI,CAACA,YAAAA,IAAgB,OAAOA,YAAAA,KAAiB,QAAA,EAAU;oBACrD,OAAOzE,GAAAA,CAAI0F,UAAU,CAAC,uBAAA,CAAA;AAC5B,gBAAA;AAEI,gBAAA,MAAMC,WAAW,MAAMvF,OAAAA,CACpByC,cAAc,CAAC,mBAAA,CAAA,CACf+C,kBAAkB,CAACnB,YAAAA,CAAAA;AACtB,gBAAA,IAAI,WAAWkB,QAAAA,EAAU;oBACvB,OAAO3F,GAAAA,CAAI6F,YAAY,CAAC,uBAAA,CAAA;AAC9B,gBAAA;gBAEI,MAAMC,MAAAA,GAAS,MAAM1F,OAAAA,CAClByC,cAAc,CAAC,mBAAA,CAAA,CACfK,mBAAmB,CAACyC,QAAAA,CAASxC,KAAK,CAAA;AACrC,gBAAA,IAAI,WAAW2C,MAAAA,EAAQ;oBACrB,OAAO9F,GAAAA,CAAI6F,YAAY,CAAC,uBAAA,CAAA;AAC9B,gBAAA;AAEI,gBAAA,MAAMxC,kBAAkBrD,GAAAA,CAAIiB,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAAA,EAAiB;AAC3C,oBAAA,MAAMK,YAAAA,GAAeC,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;oBAC9C,MAAMC,QAAAA,GACJ,OAAOV,UAAAA,CAAWK,MAAM,EAAEM,WAAW,SAAA,GAAYX,UAAAA,CAAWK,MAAM,EAAEM,MAAAA,GAASL,YAAAA;AAE/E,oBAAA,MAAMM,aAAAA,GAAgB;wBACpBT,QAAAA,EAAU,IAAA;wBACVQ,MAAAA,EAAQD,QAAAA;wBACRG,QAAAA,EAAUb,UAAAA,CAAWK,MAAM,EAAEQ,QAAAA,IAAY,KAAA;wBACzCC,IAAAA,EAAMd,UAAAA,CAAWK,MAAM,EAAES,IAAAA,IAAQ,GAAA;wBACjCC,MAAAA,EAAQf,UAAAA,CAAWK,MAAM,EAAEU,MAAAA;wBAC3BC,SAAAA,EAAW;AACnB,qBAAA;AACMpE,oBAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,UAAAA,EAAYmC,QAAAA,CAASxC,KAAK,EAAEa,aAAAA,CAAAA;oBAC5C,OAAOhE,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKsB,OAAO3C;AAAK,qBAAA,CAAA;AACzC,gBAAA;gBACI,OAAOnD,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,oBAAAA,GAAAA,EAAKsB,OAAO3C,KAAK;AAAEsB,oBAAAA,YAAAA,EAAckB,SAASxC;AAAK,iBAAA,CAAA;AACrE,YAAA,CAAA;AACE,YAAA,MAAM4C,QAAO/F,GAAG,EAAA;AACd,gBAAA,MAAM0C,OAAOtC,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAA,EAAW;AACtB,oBAAA,OAAO1C,IAAIyF,QAAQ,EAAA;AACzB,gBAAA;;AAGI,gBAAA,IAAI,CAACzF,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;oBACnB,OAAOC,GAAAA,CAAI6F,YAAY,CAAC,wBAAA,CAAA;AAC9B,gBAAA;AAEI,gBAAA,MAAMlF,QAAAA,GAAWF,eAAAA,CAAgBT,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;gBACjD,IAAI;AACF,oBAAA,MAAMd,OAAAA,CACHyC,cAAc,CAAC,mBAAA,CAAA,CACfqC,sBAAsB,CAACnC,MAAAA,CAAO/C,GAAAA,CAAIE,KAAK,CAACH,IAAI,CAACiD,EAAE,CAAA,EAAGrC,QAAAA,CAAAA;AAC3D,gBAAA,CAAA,CAAM,OAAOqF,GAAAA,EAAK;AACZ5F,oBAAAA,OAAAA,CAAO6F,GAAG,CAACrB,KAAK,CAAC,kBAAA,EAAoBoB,GAAAA,CAAAA;AAC3C,gBAAA;AAEI,gBAAA,MAAM5C,UAAAA,GAAahD,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oCAAA,CAAA;AACrC,gBAAA,MAAM8B,kBAAkBrD,GAAAA,CAAIiB,OAAO,CAACqC,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIF,UAAAA,EAAYG,YAAYF,eAAAA,EAAiB;AAC3C,oBAAA,MAAMG,UAAAA,GAAaJ,UAAAA,CAAWK,MAAM,EAAEpC,IAAAA,IAAQ,mBAAA;AAC9CrB,oBAAAA,GAAAA,CAAIqE,OAAO,CAACC,GAAG,CAACd,YAAY,EAAA,EAAI;AAAE0C,wBAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AAAE,qBAAA,CAAA;AAC5D,gBAAA;gBACI,OAAOnG,GAAAA,CAAIuE,IAAI,CAAC;oBAAE6B,EAAAA,EAAI;AAAI,iBAAA,CAAA;AAC9B,YAAA,CAAA;YACE,MAAMzB,OAAAA,CAAAA,CAAQ3E,GAAG,EAAEqG,IAAI,EAAA;gBACrB,MAAMC,KAAAA,GAAQC,WAAiBC,GAAG,EAAA;AAElC,gBAAA,MAAMC,SAAAA,GAAY,MAAMrG,OAAAA,CACrBe,KAAK,CAAC;oBAAEC,IAAAA,EAAM,QAAA;oBAAUC,IAAAA,EAAM,mBAAA;oBAAqBG,GAAAA,EAAK;mBACxDD,GAAG,EAAA;AAEN,gBAAA,MAAMmF,SAAAA,GAAYtG,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,iBAAA,CAAA;AACpC,gBAAA,MAAMoF,WAAAA,GAAc;oBAClBC,QAAAA,EAAU;wBACRC,MAAAA,EAAQ,CAAA,EAAGH,SAAAA,CAAU,QAAQ;AACrC,qBAAA;AACM,oBAAA,GAAGD;AACT,iBAAA;gBAEI,MAAM,CAACK,YAAY,GAAG9G,GAAAA,CAAIiB,OAAO,CAAC8F,GAAG,CAACC,KAAK,CAAC,GAAA,CAAA;AAC5C,gBAAA,MAAMjG,QAAAA,GAAW+F,WAAAA,CAAYE,KAAK,CAAC,WAAA,CAAY,CAAC,CAAA,CAAE,CAACA,KAAK,CAAC,GAAA,CAAI,CAAC,CAAA,CAAE;gBAEhE,IAAI,CAACxI,EAAE+C,GAAG,CAACoF,WAAW,CAAC5F,QAAAA,CAAS,EAAE,SAAA,CAAA,EAAY;AAC5C,oBAAA,MAAM,IAAIrB,gBAAAA,CAAiB,2BAAA,CAAA;AACjC,gBAAA;gBAEI,IAAI,CAACU,OAAAA,CAAOuC,MAAM,CAACsE,MAAM,CAACF,GAAG,CAACG,UAAU,CAAC,MAAA,CAAA,EAAS;oBAChD9G,OAAAA,CAAO6F,GAAG,CAACkB,IAAI,CACb,6NAAA,CAAA;AAER,gBAAA;;AAGI,gBAAA,MAAMC,mBAAAA,GAAsB5I,CAAAA,CAAE+C,GAAG,CAACvB,GAAAA,EAAK,gBAAA,CAAA;AACvC,gBAAA,MAAMqH,sBAAAA,GAAyB7I,CAAAA,CAAE+C,GAAG,CAACvB,GAAAA,EAAK,gCAAA,CAAA;AAE1C,gBAAA,MAAMsH,iBAAiBF,mBAAAA,IAAuBC,sBAAAA;;AAG9C,gBAAA,IAAIC,mBAAmBzG,SAAAA,EAAW;oBAChC,IAAI;;wBAEF,MAAM,EAAE0G,QAAAA,EAAUC,gBAAgB,EAAE,GAAGpH,QACpCqH,MAAM,CAAC,mBAAA,CAAA,CACP9E,MAAM,CAAC,UAAA,CAAA;AAEV,wBAAA,MAAM6E,gBAAAA,CAAiBF,cAAAA,EAAgBX,WAAW,CAAC5F,QAAAA,CAAS,CAAA;AAE5D4F,wBAAAA,WAAW,CAAC5F,QAAAA,CAAS,CAACD,QAAQ,GAAGwG,cAAAA;AACzC,oBAAA,CAAA,CAAQ,OAAOI,CAAAA,EAAG;wBACV,MAAM,IAAI/H,gBAAgB,+BAAA,EAAiC;4BAAEmB,QAAAA,EAAUwG;AAAc,yBAAA,CAAA;AAC7F,oBAAA;AACA,gBAAA;;gBAGIX,WAAW,CAAC5F,SAAS,CAAC4G,YAAY,GAAG3I,UAAAA,CAAW,WAAA,CAAA,CAAa4I,gBAAgB,CAAC7G,QAAAA,CAAAA;gBAE9E,OAAOuF,KAAAA,CAAMK,aAAa3G,GAAAA,EAAKqG,IAAAA,CAAAA;AACnC,YAAA,CAAA;AAEE,YAAA,MAAMwB,gBAAe7H,GAAG,EAAA;gBACtB,MAAM,EAAEgC,KAAK,EAAE,GAAG,MAAM3C,0BAAAA,CAA2BW,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;AAEnE,gBAAA,MAAM4G,WAAAA,GAAc,MAAM1H,OAAAA,CAAOe,KAAK,CAAC;oBAAEC,IAAAA,EAAM,QAAA;oBAAUC,IAAAA,EAAM;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAM0G,aAAAA,GAAgB,MAAMD,WAAAA,CAAYvG,GAAG,CAAC;oBAAEC,GAAAA,EAAK;AAAO,iBAAA,CAAA;AAC1D,gBAAA,MAAMc,gBAAAA,GAAmB,MAAMwF,WAAAA,CAAYvG,GAAG,CAAC;oBAAEC,GAAAA,EAAK;AAAU,iBAAA,CAAA;;gBAGhE,MAAMzB,IAAAA,GAAO,MAAMK,OAAAA,CAAOuB,EAAE,CACzBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;oBAAEC,KAAAA,EAAO;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAE;AAAE,iBAAA,CAAA;AAElD,gBAAA,IAAI,CAAClC,IAAAA,IAAQA,IAAAA,CAAK0C,OAAO,EAAE;oBACzB,OAAOzC,GAAAA,CAAIuE,IAAI,CAAC;wBAAE6B,EAAAA,EAAI;AAAI,qBAAA,CAAA;AAChC,gBAAA;;gBAGI,MAAM4B,QAAAA,GAAW,MAAMlI,YAAAA,CAAaC,IAAAA,EAAMC,GAAAA,CAAAA;AAE1C,gBAAA,MAAMwF,qBAAqBlH,MAAAA,CAAO2J,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE3D,gBAAA,MAAMC,wBAAwB3J,CAAAA,CAAE+C,GAAG,CAACwG,aAAAA,EAAe,0BAA0B,EAAA,CAAA;gBAC7E,MAAMK,SAAAA,GAAY,MAAMpJ,UAAAA,CAAW,mBAAA,CAAA,CAAqBqJ,QAAQ,CAC9DF,qBAAAA,CAAsBtD,OAAO,EAC7B;AACEyD,oBAAAA,GAAAA,EAAKhG,iBAAiBiG,oBAAoB;AAC1CC,oBAAAA,UAAAA,EAAYpI,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,oBAAA,CAAA;AAC9BkH,oBAAAA,SAAAA,EAAWrI,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,mBAAA,CAAA;oBAC7BmH,IAAAA,EAAMV,QAAAA;oBACNW,KAAAA,EAAOnD;AACf,iBAAA,CAAA;gBAGI,MAAMoD,WAAAA,GAAc,MAAM5J,UAAAA,CAAW,mBAAA,CAAA,CAAqBqJ,QAAQ,CAChEF,qBAAAA,CAAsBU,MAAM,EAC5B;oBACEH,IAAAA,EAAMV;AACd,iBAAA,CAAA;AAGI,gBAAA,MAAMc,WAAAA,GAAc;AAClBC,oBAAAA,EAAAA,EAAIhJ,KAAKiC,KAAK;oBACdgH,IAAAA,EACEb,qBAAAA,CAAsBa,IAAI,CAAChH,KAAK,IAAImG,sBAAsBa,IAAI,CAAC3H,IAAI,GAC/D,CAAA,EAAG8G,qBAAAA,CAAsBa,IAAI,CAAC3H,IAAI,CAAC,EAAE,EAAE8G,qBAAAA,CAAsBa,IAAI,CAAChH,KAAK,CAAC,CAAC,CAAC,GAC1EnB,SAAAA;AACNoI,oBAAAA,OAAAA,EAASd,sBAAsBe,cAAc;oBAC7CC,OAAAA,EAASP,WAAAA;oBACTQ,IAAAA,EAAMhB,SAAAA;oBACNiB,IAAAA,EAAMjB;AACZ,iBAAA;;AAGI,gBAAA,MAAMpJ,WAAW,MAAA,CAAA,CAAQiG,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;AAAEwC,oBAAAA;AAAkB,iBAAA,CAAA;;gBAG3D,MAAMpF,OAAAA,CAAOqH,MAAM,CAAC,OAAA,CAAA,CAAS6B,OAAO,CAAC,OAAA,CAAA,CAAS/E,IAAI,CAACuE,WAAAA,CAAAA;AAEnD9I,gBAAAA,GAAAA,CAAIuE,IAAI,CAAC;oBAAE6B,EAAAA,EAAI;AAAI,iBAAA,CAAA;AACvB,YAAA,CAAA;AAEE,YAAA,MAAMmD,UAASvJ,GAAG,EAAA;AAChB,gBAAA,MAAM8H,WAAAA,GAAc,MAAM1H,OAAAA,CAAOe,KAAK,CAAC;oBAAEC,IAAAA,EAAM,QAAA;oBAAUC,IAAAA,EAAM;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAMmI,QAAAA,GAAW,MAAM1B,WAAAA,CAAYvG,GAAG,CAAC;oBAAEC,GAAAA,EAAK;AAAU,iBAAA,CAAA;gBAExD,IAAI,CAACgI,QAAAA,CAASC,cAAc,EAAE;AAC5B,oBAAA,MAAM,IAAI/J,gBAAAA,CAAiB,uCAAA,CAAA;AACjC,gBAAA;gBAEI,MAAM,EAAE6J,QAAQ,EAAE,GAAGnJ,QAAOuC,MAAM,CAACpB,GAAG,CAAC,2BAAA,CAAA;AACvC,gBAAA,MAAMmI,iBAAAA,GAAoB;AAAC,oBAAA,UAAA;AAAY,oBAAA,UAAA;AAAY,oBAAA;AAAQ,iBAAA;;gBAG3D,MAAMC,WAAAA,GAAchL,OAAAA,CAClBD,MAAAA,CAAOgL,iBAAAA,EAAmB9K,OAAAA,CAAQ2K,UAAUK,aAAAA,CAAAA,GAAiBL,QAAAA,CAASK,aAAa,GAAG,EAAE,CAAA,CAAA;;AAI1F,gBAAA,MAAMC,cAAcC,MAAAA,CAAOC,IAAI,CAAC/J,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA,CAAE8I,MAAM,CAAC,CAACxI,GAAAA,GAAQ,CAACmI,WAAAA,CAAYM,QAAQ,CAACzI,GAAAA,CAAAA,CAAAA;gBAExF,IAAIqI,WAAAA,CAAYjJ,MAAM,GAAG,CAAA,EAAG;;oBAE1B,MAAM,IAAIjB,gBAAgB,CAAC,oBAAoB,EAAEkK,WAAAA,CAAYK,IAAI,CAAC,IAAA,CAAA,CAAA,CAAO,CAAA;AAC/E,gBAAA;AAEI,gBAAA,MAAMlJ,MAAAA,GAAS;oBACb,GAAGxC,CAAAA,CAAE2L,IAAI,CAACnK,GAAAA,CAAIiB,OAAO,CAACC,IAAI,EAAEyI,WAAAA,CAAY;oBACxC5I,QAAAA,EAAU;AAChB,iBAAA;AAEI,gBAAA,MAAMgE,WAAAA,GAAc3E,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAMpC,qBAAqB6B,MAAAA,EAAQ+D,WAAAA,CAAAA;gBAEnC,MAAMqF,IAAAA,GAAO,MAAMhK,OAAAA,CAAOuB,EAAE,CACzBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;oBAAEC,KAAAA,EAAO;AAAEV,wBAAAA,IAAAA,EAAMoI,SAASa;AAAY;AAAE,iBAAA,CAAA;AAEnD,gBAAA,IAAI,CAACD,IAAAA,EAAM;AACT,oBAAA,MAAM,IAAI1K,gBAAAA,CAAiB,qCAAA,CAAA;AACjC,gBAAA;AAEI,gBAAA,MAAM,EAAEsC,KAAK,EAAEE,QAAQ,EAAEnB,QAAQ,EAAE,GAAGC,MAAAA;AAEtC,gBAAA,MAAMsJ,gBAAAA,GAAmB;oBACvBvI,GAAAA,EAAK;AACH,wBAAA;AAAEC,4BAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAE,yBAAA;AAC5B,wBAAA;AAAEC,4BAAAA,QAAAA,EAAUF,MAAMC,WAAW;AAAE,yBAAA;AAC/B,wBAAA;AAAEC,4BAAAA;AAAQ,yBAAA;AACV,wBAAA;4BAAEF,KAAAA,EAAOE;AAAQ;AAClB;AACP,iBAAA;gBAEI,MAAMqI,oBAAAA,GAAuB,MAAMnK,OAAAA,CAAOuB,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkC4I,KAAK,CAAC;oBACzF1I,KAAAA,EAAO;AAAE,wBAAA,GAAGwI,gBAAgB;AAAEvJ,wBAAAA;AAAQ;AAC5C,iBAAA,CAAA;AAEI,gBAAA,IAAIwJ,uBAAuB,CAAA,EAAG;AAC5B,oBAAA,MAAM,IAAI7K,gBAAAA,CAAiB,qCAAA,CAAA;AACjC,gBAAA;gBAEI,IAAI8J,QAAAA,CAASiB,YAAY,EAAE;oBACzB,MAAMF,oBAAAA,GAAuB,MAAMnK,OAAAA,CAAOuB,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkC4I,KAAK,CAAC;wBACzF1I,KAAAA,EAAO;AAAE,4BAAA,GAAGwI;AAAgB;AACpC,qBAAA,CAAA;AAEM,oBAAA,IAAIC,uBAAuB,CAAA,EAAG;AAC5B,wBAAA,MAAM,IAAI7K,gBAAAA,CAAiB,qCAAA,CAAA;AACnC,oBAAA;AACA,gBAAA;AAEI,gBAAA,MAAMgL,OAAAA,GAAU;AACd,oBAAA,GAAG1J,MAAM;AACToJ,oBAAAA,IAAAA,EAAMA,KAAKpH,EAAE;AACbhB,oBAAAA,KAAAA,EAAOA,MAAMC,WAAW,EAAA;AACxBC,oBAAAA,QAAAA;oBACAM,SAAAA,EAAW,CAACgH,SAASmB;AAC3B,iBAAA;AAEI,gBAAA,MAAM5K,IAAAA,GAAO,MAAMf,UAAAA,CAAW,MAAA,CAAA,CAAQ4L,GAAG,CAACF,OAAAA,CAAAA;gBAE1C,MAAMG,aAAAA,GAAgB,MAAM/K,YAAAA,CAAaC,IAAAA,EAAMC,GAAAA,CAAAA;gBAE/C,IAAIwJ,QAAAA,CAASmB,kBAAkB,EAAE;oBAC/B,IAAI;wBACF,MAAM3L,UAAAA,CAAW,MAAA,CAAA,CAAQ8L,qBAAqB,CAACD,aAAAA,CAAAA;AACvD,oBAAA,CAAA,CAAQ,OAAO7E,GAAAA,EAAK;wBACZ5F,OAAAA,CAAO6F,GAAG,CAACrB,KAAK,CAACoB,GAAAA,CAAAA;AACjB,wBAAA,MAAM,IAAItG,gBAAAA,CAAiB,kCAAA,CAAA;AACnC,oBAAA;oBAEM,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;wBAAExE,IAAAA,EAAM8K;AAAa,qBAAA,CAAA;AAC3C,gBAAA;AAEI,gBAAA,MAAMnI,OAAOtC,OAAAA,CAAOuC,MAAM,CAACpB,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAImB,SAAS,SAAA,EAAW;oBACtB,MAAM/B,QAAAA,GAAWF,gBAAgBT,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA,IAAK5C,OAAO8G,UAAU,EAAA;AAEvE,oBAAA,MAAMxC,OAAAA,GAAU,MAAMxC,OAAAA,CACnByC,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAAA,CAAOhD,IAAAA,CAAKiD,EAAE,CAAA,EAAGrC,QAAAA,EAAU;wBAAES,IAAAA,EAAM;AAAS,qBAAA,CAAA;oBAEpE,MAAM6B,MAAAA,GAAS,MAAM7C,OAAAA,CAClByC,cAAc,CAAC,mBAAA,CAAA,CACfK,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAAA,EAAQ;AACrB,wBAAA,MAAM,IAAIvD,gBAAAA,CAAiB,qBAAA,CAAA;AACnC,oBAAA;oBAEM,OAAOM,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKvB,OAAOE,KAAK;AAAEsB,wBAAAA,YAAAA,EAAc7B,QAAQO,KAAK;wBAAEpD,IAAAA,EAAM8K;AAAa,qBAAA,CAAA;AAC3F,gBAAA;gBAEI,MAAMrG,GAAAA,GAAMxF,WAAW,KAAA,CAAA,CAAO0F,KAAK,CAAClG,CAAAA,CAAE2L,IAAI,CAACpK,IAAAA,EAAM;AAAC,oBAAA;AAAK,iBAAA,CAAA,CAAA;gBACvD,OAAOC,GAAAA,CAAIuE,IAAI,CAAC;AAAEC,oBAAAA,GAAAA;oBAAKzE,IAAAA,EAAM8K;AAAa,iBAAA,CAAA;AAC9C,YAAA,CAAA;AAEE,YAAA,MAAME,iBAAAA,CAAAA,CAAkB/K,GAAG,EAAEqG,IAAI,EAAE2E,UAAU,EAAA;gBAC3C,MAAM,EAAEC,cAAcC,iBAAiB,EAAE,GAAG,MAAM3L,6BAAAA,CAA8BS,IAAI4B,KAAK,CAAA;AAEzF,gBAAA,MAAMuJ,cAAcnM,UAAAA,CAAW,MAAA,CAAA;AAC/B,gBAAA,MAAMoM,aAAapM,UAAAA,CAAW,KAAA,CAAA;AAE9B,gBAAA,MAAM,CAACe,IAAAA,CAAK,GAAG,MAAMoL,WAAAA,CAAYE,QAAQ,CAAC;oBAAEC,OAAAA,EAAS;AAAEJ,wBAAAA;AAAiB;AAAE,iBAAA,CAAA;AAE1E,gBAAA,IAAI,CAACnL,IAAAA,EAAM;AACT,oBAAA,MAAM,IAAIJ,eAAAA,CAAgB,eAAA,CAAA;AAChC,gBAAA;AAEI,gBAAA,MAAMwL,WAAAA,CAAYlG,IAAI,CAAClF,IAAAA,CAAKiD,EAAE,EAAE;oBAAER,SAAAA,EAAW,IAAA;oBAAM0I,iBAAAA,EAAmB;AAAI,iBAAA,CAAA;AAE1E,gBAAA,IAAIF,UAAAA,EAAY;AACdhL,oBAAAA,GAAAA,CAAIuE,IAAI,CAAC;wBACPC,GAAAA,EAAK4G,UAAAA,CAAW1G,KAAK,CAAC;AAAE1B,4BAAAA,EAAAA,EAAIjD,KAAKiD;;wBACjCjD,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACvC,qBAAA,CAAA;gBACA,CAAA,MAAW;AACL,oBAAA,MAAMwJ,QAAAA,GAAW,MAAMpJ,OAAAA,CACpBe,KAAK,CAAC;wBAAEC,IAAAA,EAAM,QAAA;wBAAUC,IAAAA,EAAM,mBAAA;wBAAqBG,GAAAA,EAAK;uBACxDD,GAAG,EAAA;AAENvB,oBAAAA,GAAAA,CAAIuL,QAAQ,CAAC/B,QAAAA,CAASgC,8BAA8B,IAAI,GAAA,CAAA;AAC9D,gBAAA;AACA,YAAA,CAAA;AAEE,YAAA,MAAMC,uBAAsBzL,GAAG,EAAA;gBAC7B,MAAM,EAAEgC,KAAK,EAAE,GAAG,MAAM5C,iCAAAA,CAAkCY,GAAAA,CAAIiB,OAAO,CAACC,IAAI,CAAA;gBAE1E,MAAMnB,IAAAA,GAAO,MAAMK,OAAAA,CAAOuB,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCC,OAAO,CAAC;oBAC3EC,KAAAA,EAAO;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAE;AACzC,iBAAA,CAAA;AAEI,gBAAA,IAAI,CAAClC,IAAAA,EAAM;oBACT,OAAOC,GAAAA,CAAIuE,IAAI,CAAC;AAAEvC,wBAAAA,KAAAA;wBAAO0J,IAAAA,EAAM;AAAI,qBAAA,CAAA;AACzC,gBAAA;gBAEI,IAAI3L,IAAAA,CAAKyC,SAAS,EAAE;AAClB,oBAAA,MAAM,IAAI9C,gBAAAA,CAAiB,mBAAA,CAAA;AACjC,gBAAA;gBAEI,IAAIK,IAAAA,CAAK0C,OAAO,EAAE;AAChB,oBAAA,MAAM,IAAI/C,gBAAAA,CAAiB,cAAA,CAAA;AACjC,gBAAA;gBAEI,MAAMV,UAAAA,CAAW,MAAA,CAAA,CAAQ8L,qBAAqB,CAAC/K,IAAAA,CAAAA;AAE/CC,gBAAAA,GAAAA,CAAIuE,IAAI,CAAC;AACPvC,oBAAAA,KAAAA,EAAOjC,KAAKiC,KAAK;oBACjB0J,IAAAA,EAAM;AACZ,iBAAA,CAAA;AACA,YAAA;SACA,CAAA;;;;;;"}
1
+ {"version":3,"file":"auth.js","sources":["../../../server/controllers/auth.js"],"sourcesContent":["'use strict';\n\n/**\n * Auth.js controller\n *\n * @description: A set of functions called \"actions\" for managing `Auth`.\n */\n\n/* eslint-disable no-useless-escape */\nconst crypto = require('crypto');\nconst _ = require('lodash');\nconst { concat, compact, isArray } = require('lodash/fp');\nconst utils = require('@strapi/utils');\nconst { getService } = require('../utils');\nconst { buildRefreshCookieOptions } = require('../utils/refresh-cookie-options');\nconst {\n validateCallbackBody,\n validateRegisterBody,\n validateSendEmailConfirmationBody,\n validateForgotPasswordBody,\n validateResetPasswordBody,\n validateEmailConfirmationBody,\n validateChangePasswordBody,\n} = require('./validation/auth');\n\nconst { ApplicationError, ValidationError, ForbiddenError } = utils.errors;\nconst { buildSessionMetadata, sanitizeSessionEntry, sortSessionsForDisplay } = utils;\n\nconst sanitizeUser = (user, ctx) => {\n const { auth } = ctx.state;\n const userSchema = strapi.getModel('plugin::users-permissions.user');\n\n return strapi.contentAPI.sanitize.output(user, userSchema, { auth });\n};\n\nconst extractDeviceId = (requestBody) => {\n const { deviceId } = requestBody || {};\n\n return typeof deviceId === 'string' && deviceId.length > 0 ? deviceId : undefined;\n};\n\nconst buildSessionMetadataFromContext = (ctx) =>\n buildSessionMetadata({\n userAgent: ctx.request.headers['user-agent'],\n });\n\nconst sendRefreshAuthResponse = async (strapi, ctx, user, { metadata } = {}) => {\n const deviceId = extractDeviceId(ctx.request.body);\n const tokenOptions = { type: 'refresh', ...(metadata ? { metadata } : {}) };\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, tokenOptions);\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n const isProduction = process.env.NODE_ENV === 'production';\n ctx.cookies.set(cookieName, refresh.token, buildRefreshCookieOptions(upSessions, isProduction));\n return ctx.send({ jwt: access.token, user: await sanitizeUser(user, ctx) });\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n};\n\nconst reissueTokensAfterPasswordChange = async (strapi, ctx, user) => {\n const deviceId = extractDeviceId(ctx.request.body);\n\n await strapi.sessionManager('users-permissions').invalidateRefreshToken(String(user.id));\n\n const newDeviceId = deviceId || crypto.randomUUID();\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), newDeviceId, { type: 'refresh' });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({\n jwt: access.token,\n refreshToken: refresh.token,\n user: await sanitizeUser(user, ctx),\n });\n};\n\nconst revokeLogoutSessions = async (strapi, ctx, userId, { scope, deviceId, body }) => {\n const sessionManager = strapi.sessionManager('users-permissions');\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n\n if (scope === 'all') {\n await sessionManager.invalidateRefreshToken(userId);\n return;\n }\n\n if (deviceId) {\n await sessionManager.invalidateRefreshToken(userId, deviceId);\n return;\n }\n\n let currentSessionId = ctx.state.session?.id;\n const cookieName = upSessions?.cookie?.name || 'strapi_up_refresh';\n const refreshToken =\n ctx.cookies.get(cookieName) ||\n (typeof body.refreshToken === 'string' ? body.refreshToken : undefined);\n\n if (refreshToken) {\n const validation = await sessionManager.validateRefreshToken(refreshToken);\n if (validation.isValid) {\n currentSessionId = validation.sessionId;\n }\n }\n\n if (currentSessionId) {\n await sessionManager.revokeSessionById(userId, currentSessionId);\n return;\n }\n\n await sessionManager.invalidateRefreshToken(userId);\n};\n\nmodule.exports = ({ strapi }) => ({\n async callback(ctx) {\n const provider = ctx.params.provider || 'local';\n const params = ctx.request.body;\n\n const store = strapi.store({ type: 'plugin', name: 'users-permissions' });\n const grantSettings = await store.get({ key: 'grant' });\n\n const grantProvider = provider === 'local' ? 'email' : provider;\n\n if (!_.get(grantSettings, [grantProvider, 'enabled'])) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (provider === 'local') {\n await validateCallbackBody(params);\n\n const { identifier } = params;\n\n // Check if the user exists.\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: {\n provider,\n $or: [{ email: identifier.toLowerCase() }, { username: identifier }],\n },\n });\n\n if (!user) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n if (!user.password) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const validPassword = await getService('user').validatePassword(\n params.password,\n user.password\n );\n\n if (!validPassword) {\n throw new ValidationError('Invalid identifier or password');\n }\n\n const advancedSettings = await store.get({ key: 'advanced' });\n const requiresConfirmation = _.get(advancedSettings, 'email_confirmation');\n\n if (requiresConfirmation && user.confirmed !== true) {\n throw new ApplicationError('Your account email is not confirmed');\n }\n\n if (user.blocked === true) {\n throw new ApplicationError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n return sendRefreshAuthResponse(strapi, ctx, user, {\n metadata: buildSessionMetadataFromContext(ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n }\n\n // Connect the user with the third-party provider.\n try {\n const user = await getService('providers').connect(provider, ctx.query);\n\n if (user.blocked) {\n throw new ForbiddenError('Your account has been blocked by an administrator');\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n return sendRefreshAuthResponse(strapi, ctx, user, {\n metadata: buildSessionMetadataFromContext(ctx),\n });\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } catch (error) {\n throw new ApplicationError(error.message);\n }\n },\n\n async changePassword(ctx) {\n if (!ctx.state.user) {\n throw new ApplicationError('You must be authenticated to reset your password');\n }\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { currentPassword, password } = await validateChangePasswordBody(\n ctx.request.body,\n validations\n );\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { id: ctx.state.user.id } });\n\n const validPassword = await getService('user').validatePassword(currentPassword, user.password);\n\n if (!validPassword) {\n throw new ValidationError('The provided current password is invalid');\n }\n\n if (currentPassword === password) {\n throw new ValidationError('Your new password must be different than your current password');\n }\n\n await getService('user').edit(user.id, { password });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n return reissueTokensAfterPasswordChange(strapi, ctx, user);\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n\n async resetPassword(ctx) {\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n const { password, passwordConfirmation, code } = await validateResetPasswordBody(\n ctx.request.body,\n validations\n );\n\n if (password !== passwordConfirmation) {\n throw new ValidationError('Passwords do not match');\n }\n\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { resetPasswordToken: code } });\n\n if (!user) {\n throw new ValidationError('Incorrect code provided');\n }\n\n await getService('user').edit(user.id, {\n resetPasswordToken: null,\n password,\n });\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n return reissueTokensAfterPasswordChange(strapi, ctx, user);\n }\n\n return ctx.send({\n jwt: getService('jwt').issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n },\n async refresh(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const cookieName = upSessions?.cookie?.name || 'strapi_up_refresh';\n\n // Check for refresh token in cookie first (if httpOnly is configured), then in body\n let refreshToken = ctx.cookies.get(cookieName);\n if (!refreshToken) {\n refreshToken = ctx.request.body?.refreshToken;\n }\n\n if (!refreshToken || typeof refreshToken !== 'string') {\n return ctx.badRequest('Missing refresh token');\n }\n\n const rotation = await strapi\n .sessionManager('users-permissions')\n .rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const isProduction = process.env.NODE_ENV === 'production';\n ctx.cookies.set(\n cookieName,\n rotation.token,\n buildRefreshCookieOptions(upSessions, isProduction)\n );\n return ctx.send({ jwt: result.token });\n }\n return ctx.send({ jwt: result.token, refreshToken: rotation.token });\n },\n async logout(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n if (!ctx.state.user) {\n return ctx.unauthorized('Missing authentication');\n }\n\n const userId = String(ctx.state.user.id);\n const upSessions = strapi.config.get('plugin::users-permissions.sessions');\n const body = ctx.request.body || {};\n const scope = typeof body.scope === 'string' ? body.scope : undefined;\n const deviceId = extractDeviceId(body);\n\n try {\n await revokeLogoutSessions(strapi, ctx, userId, { scope, deviceId, body });\n } catch (err) {\n strapi.log.error('UP logout failed', err);\n }\n\n const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';\n if (upSessions?.httpOnly || requestHttpOnly) {\n const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';\n ctx.cookies.set(cookieName, '', { expires: new Date(0) });\n }\n return ctx.send({ ok: true });\n },\n async getSessions(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n if (!ctx.state.user) {\n return ctx.unauthorized('Missing authentication');\n }\n\n const currentSessionId = ctx.state.session?.id;\n const sessions = await strapi\n .sessionManager('users-permissions')\n .listSessions(String(ctx.state.user.id));\n\n const data = sortSessionsForDisplay(\n sessions.map((session) => sanitizeSessionEntry(session, currentSessionId))\n );\n\n return ctx.send({ data });\n },\n async revokeSession(ctx) {\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode !== 'refresh') {\n return ctx.notFound();\n }\n\n if (!ctx.state.user) {\n return ctx.unauthorized('Missing authentication');\n }\n\n const { sessionId } = ctx.params;\n const revoked = await strapi\n .sessionManager('users-permissions')\n .revokeSessionById(String(ctx.state.user.id), sessionId);\n\n if (!revoked) {\n return ctx.notFound('Session not found');\n }\n\n return ctx.send({ data: {} });\n },\n async connect(ctx, next) {\n const grant = require('grant').koa();\n\n const providers = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })\n .get();\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n const grantConfig = {\n defaults: {\n prefix: `${apiPrefix}/connect`,\n },\n ...providers,\n };\n\n const [requestPath] = ctx.request.url.split('?');\n const provider = requestPath.split('/connect/')[1].split('/')[0];\n\n if (!_.get(grantConfig[provider], 'enabled')) {\n throw new ApplicationError('This provider is disabled');\n }\n\n if (!strapi.config.server.url.startsWith('http')) {\n strapi.log.warn(\n 'You are using a third party provider for login. Make sure to set an absolute url in config/server.js. More info here: https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html#setting-up-the-server-url'\n );\n }\n\n // Ability to pass OAuth callback dynamically\n const queryCustomCallback = _.get(ctx, 'query.callback');\n const dynamicSessionCallback = _.get(ctx, 'session.grant.dynamic.callback');\n\n const customCallback = queryCustomCallback ?? dynamicSessionCallback;\n\n // The custom callback is validated to make sure it's not redirecting to an unwanted actor.\n if (customCallback !== undefined) {\n try {\n // We're extracting the callback validator from the plugin config since it can be user-customized\n const { validate: validateCallback } = strapi\n .plugin('users-permissions')\n .config('callback');\n\n await validateCallback(customCallback, grantConfig[provider]);\n\n grantConfig[provider].callback = customCallback;\n } catch (e) {\n throw new ValidationError('Invalid callback URL provided', { callback: customCallback });\n }\n }\n\n // Build a valid redirect URI for the current provider\n grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider);\n\n return grant(grantConfig)(ctx, next);\n },\n\n async forgotPassword(ctx) {\n const { email } = await validateForgotPasswordBody(ctx.request.body);\n\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const emailSettings = await pluginStore.get({ key: 'email' });\n const advancedSettings = await pluginStore.get({ key: 'advanced' });\n\n // Find the user by email.\n const user = await strapi.db\n .query('plugin::users-permissions.user')\n .findOne({ where: { email: email.toLowerCase() } });\n\n if (!user || user.blocked) {\n return ctx.send({ ok: true });\n }\n\n // Generate random token.\n const userInfo = await sanitizeUser(user, ctx);\n\n const resetPasswordToken = crypto.randomBytes(64).toString('hex');\n\n const resetPasswordSettings = _.get(emailSettings, 'reset_password.options', {});\n const emailBody = await getService('users-permissions').template(\n resetPasswordSettings.message,\n {\n URL: advancedSettings.email_reset_password,\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: userInfo,\n TOKEN: resetPasswordToken,\n }\n );\n\n const emailObject = await getService('users-permissions').template(\n resetPasswordSettings.object,\n {\n USER: userInfo,\n }\n );\n\n const emailToSend = {\n to: user.email,\n from:\n resetPasswordSettings.from.email || resetPasswordSettings.from.name\n ? `${resetPasswordSettings.from.name} <${resetPasswordSettings.from.email}>`\n : undefined,\n replyTo: resetPasswordSettings.response_email,\n subject: emailObject,\n text: emailBody,\n html: emailBody,\n };\n\n // NOTE: Update the user before sending the email so an Admin can generate the link if the email fails\n await getService('user').edit(user.id, { resetPasswordToken });\n\n // Send an email to the user.\n await strapi.plugin('email').service('email').send(emailToSend);\n\n ctx.send({ ok: true });\n },\n\n async register(ctx) {\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n const settings = await pluginStore.get({ key: 'advanced' });\n\n if (!settings.allow_register) {\n throw new ApplicationError('Register action is currently disabled');\n }\n\n const { register } = strapi.config.get('plugin::users-permissions');\n const alwaysAllowedKeys = ['username', 'password', 'email'];\n\n // Note that we intentionally do not filter allowedFields to allow a project to explicitly accept private or other Strapi field on registration\n const allowedKeys = compact(\n concat(alwaysAllowedKeys, isArray(register?.allowedFields) ? register.allowedFields : [])\n );\n\n // Check if there are any keys in requestBody that are not in allowedKeys\n const invalidKeys = Object.keys(ctx.request.body).filter((key) => !allowedKeys.includes(key));\n\n if (invalidKeys.length > 0) {\n // If there are invalid keys, throw an error\n throw new ValidationError(`Invalid parameters: ${invalidKeys.join(', ')}`);\n }\n\n const params = {\n ..._.pick(ctx.request.body, allowedKeys),\n provider: 'local',\n };\n\n const validations = strapi.config.get('plugin::users-permissions.validationRules');\n\n await validateRegisterBody(params, validations);\n\n const role = await strapi.db\n .query('plugin::users-permissions.role')\n .findOne({ where: { type: settings.default_role } });\n\n if (!role) {\n throw new ApplicationError('Impossible to find the default role');\n }\n\n const { email, username, provider } = params;\n\n const identifierFilter = {\n $or: [\n { email: email.toLowerCase() },\n { username: email.toLowerCase() },\n { username },\n { email: username },\n ],\n };\n\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter, provider },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n\n if (settings.unique_email) {\n const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({\n where: { ...identifierFilter },\n });\n\n if (conflictingUserCount > 0) {\n throw new ApplicationError('Email or Username are already taken');\n }\n }\n\n const newUser = {\n ...params,\n role: role.id,\n email: email.toLowerCase(),\n username,\n confirmed: !settings.email_confirmation,\n };\n\n const user = await getService('user').add(newUser);\n\n const sanitizedUser = await sanitizeUser(user, ctx);\n\n if (settings.email_confirmation) {\n try {\n await getService('user').sendConfirmationEmail(sanitizedUser);\n } catch (err) {\n strapi.log.error(err);\n throw new ApplicationError('Error sending confirmation email');\n }\n\n return ctx.send({ user: sanitizedUser });\n }\n\n const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');\n if (mode === 'refresh') {\n const deviceId = extractDeviceId(ctx.request.body) || crypto.randomUUID();\n\n const refresh = await strapi\n .sessionManager('users-permissions')\n .generateRefreshToken(String(user.id), deviceId, {\n type: 'refresh',\n metadata: buildSessionMetadataFromContext(ctx),\n });\n\n const access = await strapi\n .sessionManager('users-permissions')\n .generateAccessToken(refresh.token);\n if ('error' in access) {\n throw new ApplicationError('Invalid credentials');\n }\n\n return ctx.send({ jwt: access.token, refreshToken: refresh.token, user: sanitizedUser });\n }\n\n const jwt = getService('jwt').issue(_.pick(user, ['id']));\n return ctx.send({ jwt, user: sanitizedUser });\n },\n\n async emailConfirmation(ctx, next, returnUser) {\n const { confirmation: confirmationToken } = await validateEmailConfirmationBody(ctx.query);\n\n const userService = getService('user');\n const jwtService = getService('jwt');\n\n const [user] = await userService.fetchAll({ filters: { confirmationToken } });\n\n if (!user) {\n throw new ValidationError('Invalid token');\n }\n\n await userService.edit(user.id, { confirmed: true, confirmationToken: null });\n\n if (returnUser) {\n ctx.send({\n jwt: jwtService.issue({ id: user.id }),\n user: await sanitizeUser(user, ctx),\n });\n } else {\n const settings = await strapi\n .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })\n .get();\n\n ctx.redirect(settings.email_confirmation_redirection || '/');\n }\n },\n\n async sendEmailConfirmation(ctx) {\n const { email } = await validateSendEmailConfirmationBody(ctx.request.body);\n\n const user = await strapi.db.query('plugin::users-permissions.user').findOne({\n where: { email: email.toLowerCase() },\n });\n\n if (!user) {\n return ctx.send({ email, sent: true });\n }\n\n if (user.confirmed) {\n throw new ApplicationError('Already confirmed');\n }\n\n if (user.blocked) {\n throw new ApplicationError('User blocked');\n }\n\n await getService('user').sendConfirmationEmail(user);\n\n ctx.send({\n email: user.email,\n sent: true,\n });\n },\n});\n"],"names":["crypto","require$$0","_","require$$1","concat","compact","isArray","require$$2","utils","require$$3","getService","require$$4","buildRefreshCookieOptions","require$$5","validateCallbackBody","validateRegisterBody","validateSendEmailConfirmationBody","validateForgotPasswordBody","validateResetPasswordBody","validateEmailConfirmationBody","validateChangePasswordBody","require$$6","ApplicationError","ValidationError","ForbiddenError","errors","buildSessionMetadata","sanitizeSessionEntry","sortSessionsForDisplay","sanitizeUser","user","ctx","auth","state","userSchema","strapi","getModel","contentAPI","sanitize","output","extractDeviceId","requestBody","deviceId","length","undefined","buildSessionMetadataFromContext","userAgent","request","headers","sendRefreshAuthResponse","metadata","body","tokenOptions","type","refresh","sessionManager","generateRefreshToken","String","id","access","generateAccessToken","token","upSessions","config","get","requestHttpOnly","header","httpOnly","cookieName","cookie","name","isProduction","process","env","NODE_ENV","cookies","set","send","jwt","refreshToken","reissueTokensAfterPasswordChange","invalidateRefreshToken","newDeviceId","randomUUID","revokeLogoutSessions","userId","scope","currentSessionId","session","validation","validateRefreshToken","isValid","sessionId","revokeSessionById","callback","provider","params","store","grantSettings","key","grantProvider","identifier","db","query","findOne","where","$or","email","toLowerCase","username","password","validPassword","validatePassword","advancedSettings","requiresConfirmation","confirmed","blocked","mode","issue","connect","error","message","changePassword","validations","currentPassword","edit","resetPassword","passwordConfirmation","code","resetPasswordToken","notFound","badRequest","rotation","rotateRefreshToken","unauthorized","result","logout","err","log","expires","Date","ok","getSessions","sessions","listSessions","data","map","revokeSession","revoked","next","grant","require$$7","koa","providers","apiPrefix","grantConfig","defaults","prefix","requestPath","url","split","server","startsWith","warn","queryCustomCallback","dynamicSessionCallback","customCallback","validate","validateCallback","plugin","e","redirect_uri","buildRedirectUri","forgotPassword","pluginStore","emailSettings","userInfo","randomBytes","toString","resetPasswordSettings","emailBody","template","URL","email_reset_password","SERVER_URL","ADMIN_URL","USER","TOKEN","emailObject","object","emailToSend","to","from","replyTo","response_email","subject","text","html","service","register","settings","allow_register","alwaysAllowedKeys","allowedKeys","allowedFields","invalidKeys","Object","keys","filter","includes","join","pick","role","default_role","identifierFilter","conflictingUserCount","count","unique_email","newUser","email_confirmation","add","sanitizedUser","sendConfirmationEmail","emailConfirmation","returnUser","confirmation","confirmationToken","userService","jwtService","fetchAll","filters","redirect","email_confirmation_redirection","sendEmailConfirmation","sent"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAEA;;;;4CAOA,MAAMA,MAAAA,GAASC,6BAAAA;AACf,IAAA,MAAMC,CAAAA,GAAIC,6BAAAA;AACV,IAAA,MAAM,EAAEC,MAAM,EAAEC,OAAO,EAAEC,OAAO,EAAE,GAAGC,2BAAAA;AACrC,IAAA,MAAMC,KAAAA,GAAQC,2BAAAA;IACd,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;IACvB,MAAM,EAAEC,yBAAyB,EAAE,GAAGC,8BAAAA,EAAAA;AACtC,IAAA,MAAM,EACJC,oBAAoB,EACpBC,oBAAoB,EACpBC,iCAAiC,EACjCC,0BAA0B,EAC1BC,yBAAyB,EACzBC,6BAA6B,EAC7BC,0BAA0B,EAC3B,GAAGC,gBAAAA,EAAAA;IAEJ,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAEC,cAAc,EAAE,GAAGhB,KAAAA,CAAMiB,MAAM;AAC1E,IAAA,MAAM,EAAEC,oBAAoB,EAAEC,oBAAoB,EAAEC,sBAAsB,EAAE,GAAGpB,KAAAA;IAE/E,MAAMqB,YAAAA,GAAe,CAACC,IAAAA,EAAMC,GAAAA,GAAAA;AAC1B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,KAAK;QAC1B,MAAMC,UAAAA,GAAaC,MAAAA,CAAOC,QAAQ,CAAC,gCAAA,CAAA;QAEnC,OAAOD,MAAAA,CAAOE,UAAU,CAACC,QAAQ,CAACC,MAAM,CAACT,MAAMI,UAAAA,EAAY;AAAEF,YAAAA;AAAI,SAAA,CAAA;AACnE,IAAA,CAAA;AAEA,IAAA,MAAMQ,kBAAkB,CAACC,WAAAA,GAAAA;AACvB,QAAA,MAAM,EAAEC,QAAQ,EAAE,GAAGD,eAAe;AAEpC,QAAA,OAAO,OAAOC,QAAAA,KAAa,QAAA,IAAYA,SAASC,MAAM,GAAG,IAAID,QAAAA,GAAWE,SAAAA;AAC1E,IAAA,CAAA;IAEA,MAAMC,+BAAAA,GAAkC,CAACd,GAAAA,GACvCL,oBAAAA,CAAqB;AACnBoB,YAAAA,SAAAA,EAAWf,GAAAA,CAAIgB,OAAO,CAACC,OAAO,CAAC,YAAA;AACnC,SAAA,CAAA;IAEA,MAAMC,uBAAAA,GAA0B,OAAOd,OAAAA,EAAQJ,GAAAA,EAAKD,IAAAA,EAAM,EAAEoB,QAAQ,EAAE,GAAG,EAAE,GAAA;AACzE,QAAA,MAAMR,QAAAA,GAAWF,eAAAA,CAAgBT,GAAAA,CAAIgB,OAAO,CAACI,IAAI,CAAA;AACjD,QAAA,MAAMC,YAAAA,GAAe;YAAEC,IAAAA,EAAM,SAAA;AAAW,YAAA,GAAIH,QAAAA,GAAW;AAAEA,gBAAAA;AAAQ,aAAA,GAAK;;AAEtE,QAAA,MAAMI,OAAAA,GAAU,MAAMnB,OAAAA,CACnBoB,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAAA,CAAO3B,IAAAA,CAAK4B,EAAE,CAAA,EAAGhB,QAAAA,EAAUU,YAAAA,CAAAA;QAEnD,MAAMO,MAAAA,GAAS,MAAMxB,OAAAA,CAClBoB,cAAc,CAAC,mBAAA,CAAA,CACfK,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,QAAA,IAAI,WAAWF,MAAAA,EAAQ;AACrB,YAAA,MAAM,IAAIrC,gBAAAA,CAAiB,qBAAA,CAAA;AAC/B,QAAA;AAEE,QAAA,MAAMwC,UAAAA,GAAa3B,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,oCAAA,CAAA;AACrC,QAAA,MAAMC,kBAAkBlC,GAAAA,CAAIgB,OAAO,CAACmB,MAAM,CAAC,0BAA0B,KAAK,UAAA;QAE1E,IAAIJ,UAAAA,EAAYK,YAAYF,eAAAA,EAAiB;AAC3C,YAAA,MAAMG,UAAAA,GAAaN,UAAAA,CAAWO,MAAM,EAAEC,IAAAA,IAAQ,mBAAA;AAC9C,YAAA,MAAMC,YAAAA,GAAeC,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;YAC9C3C,GAAAA,CAAI4C,OAAO,CAACC,GAAG,CAACR,YAAYd,OAAAA,CAAQO,KAAK,EAAEjD,yBAAAA,CAA0BkD,UAAAA,EAAYS,YAAAA,CAAAA,CAAAA;YACjF,OAAOxC,GAAAA,CAAI8C,IAAI,CAAC;AAAEC,gBAAAA,GAAAA,EAAKnB,OAAOE,KAAK;gBAAE/B,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AAAI,aAAA,CAAA;AAC5E,QAAA;QAEE,OAAOA,GAAAA,CAAI8C,IAAI,CAAC;AACdC,YAAAA,GAAAA,EAAKnB,OAAOE,KAAK;AACjBkB,YAAAA,YAAAA,EAAczB,QAAQO,KAAK;YAC3B/B,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACnC,SAAA,CAAA;AACA,IAAA,CAAA;IAEA,MAAMiD,gCAAAA,GAAmC,OAAO7C,OAAAA,EAAQJ,GAAAA,EAAKD,IAAAA,GAAAA;AAC3D,QAAA,MAAMY,QAAAA,GAAWF,eAAAA,CAAgBT,GAAAA,CAAIgB,OAAO,CAACI,IAAI,CAAA;QAEjD,MAAMhB,OAAAA,CAAOoB,cAAc,CAAC,mBAAA,CAAA,CAAqB0B,sBAAsB,CAACxB,MAAAA,CAAO3B,KAAK4B,EAAE,CAAA,CAAA;QAEtF,MAAMwB,WAAAA,GAAcxC,QAAAA,IAAY1C,MAAAA,CAAOmF,UAAU,EAAA;AACjD,QAAA,MAAM7B,OAAAA,GAAU,MAAMnB,OAAAA,CACnBoB,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAAA,CAAO3B,IAAAA,CAAK4B,EAAE,CAAA,EAAGwB,WAAAA,EAAa;YAAE7B,IAAAA,EAAM;AAAS,SAAA,CAAA;QAEvE,MAAMM,MAAAA,GAAS,MAAMxB,OAAAA,CAClBoB,cAAc,CAAC,mBAAA,CAAA,CACfK,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,QAAA,IAAI,WAAWF,MAAAA,EAAQ;AACrB,YAAA,MAAM,IAAIrC,gBAAAA,CAAiB,qBAAA,CAAA;AAC/B,QAAA;QAEE,OAAOS,GAAAA,CAAI8C,IAAI,CAAC;AACdC,YAAAA,GAAAA,EAAKnB,OAAOE,KAAK;AACjBkB,YAAAA,YAAAA,EAAczB,QAAQO,KAAK;YAC3B/B,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACnC,SAAA,CAAA;AACA,IAAA,CAAA;IAEA,MAAMqD,oBAAAA,GAAuB,OAAOjD,OAAAA,EAAQJ,GAAAA,EAAKsD,MAAAA,EAAQ,EAAEC,KAAK,EAAE5C,QAAQ,EAAES,IAAI,EAAE,GAAA;QAChF,MAAMI,cAAAA,GAAiBpB,OAAAA,CAAOoB,cAAc,CAAC,mBAAA,CAAA;AAC7C,QAAA,MAAMO,UAAAA,GAAa3B,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,oCAAA,CAAA;AAErC,QAAA,IAAIsB,UAAU,KAAA,EAAO;YACnB,MAAM/B,cAAAA,CAAe0B,sBAAsB,CAACI,MAAAA,CAAAA;AAC5C,YAAA;AACJ,QAAA;AAEE,QAAA,IAAI3C,QAAAA,EAAU;YACZ,MAAMa,cAAAA,CAAe0B,sBAAsB,CAACI,MAAAA,EAAQ3C,QAAAA,CAAAA;AACpD,YAAA;AACJ,QAAA;AAEE,QAAA,IAAI6C,gBAAAA,GAAmBxD,GAAAA,CAAIE,KAAK,CAACuD,OAAO,EAAE9B,EAAAA;QAC1C,MAAMU,UAAAA,GAAaN,UAAAA,EAAYO,MAAAA,EAAQC,IAAAA,IAAQ,mBAAA;AAC/C,QAAA,MAAMS,eACJhD,GAAAA,CAAI4C,OAAO,CAACX,GAAG,CAACI,UAAAA,CAAAA,KACf,OAAOjB,IAAAA,CAAK4B,YAAY,KAAK,QAAA,GAAW5B,IAAAA,CAAK4B,YAAY,GAAGnC,SAAA,CAAA;AAE/D,QAAA,IAAImC,YAAAA,EAAc;AAChB,YAAA,MAAMU,UAAAA,GAAa,MAAMlC,cAAAA,CAAemC,oBAAoB,CAACX,YAAAA,CAAAA;YAC7D,IAAIU,UAAAA,CAAWE,OAAO,EAAE;AACtBJ,gBAAAA,gBAAAA,GAAmBE,WAAWG,SAAS;AAC7C,YAAA;AACA,QAAA;AAEE,QAAA,IAAIL,gBAAAA,EAAkB;YACpB,MAAMhC,cAAAA,CAAesC,iBAAiB,CAACR,MAAAA,EAAQE,gBAAAA,CAAAA;AAC/C,YAAA;AACJ,QAAA;QAEE,MAAMhC,cAAAA,CAAe0B,sBAAsB,CAACI,MAAAA,CAAAA;AAC9C,IAAA,CAAA;AAEArD,IAAAA,IAAAA,GAAiB,CAAC,EAAEG,MAAAA,EAAAA,OAAM,EAAE,IAAM;AAChC,YAAA,MAAM2D,UAAS/D,GAAG,EAAA;AAChB,gBAAA,MAAMgE,QAAAA,GAAWhE,GAAAA,CAAIiE,MAAM,CAACD,QAAQ,IAAI,OAAA;AACxC,gBAAA,MAAMC,MAAAA,GAASjE,GAAAA,CAAIgB,OAAO,CAACI,IAAI;gBAE/B,MAAM8C,KAAAA,GAAQ9D,OAAAA,CAAO8D,KAAK,CAAC;oBAAE5C,IAAAA,EAAM,QAAA;oBAAUiB,IAAAA,EAAM;AAAmB,iBAAA,CAAA;AACtE,gBAAA,MAAM4B,aAAAA,GAAgB,MAAMD,KAAAA,CAAMjC,GAAG,CAAC;oBAAEmC,GAAAA,EAAK;AAAO,iBAAA,CAAA;gBAEpD,MAAMC,aAAAA,GAAgBL,QAAAA,KAAa,OAAA,GAAU,OAAA,GAAUA,QAAAA;AAEvD,gBAAA,IAAI,CAAC7F,CAAAA,CAAE8D,GAAG,CAACkC,aAAAA,EAAe;AAACE,oBAAAA,aAAAA;AAAe,oBAAA;iBAAU,CAAA,EAAG;AACrD,oBAAA,MAAM,IAAI9E,gBAAAA,CAAiB,2BAAA,CAAA;AACjC,gBAAA;AAEI,gBAAA,IAAIyE,aAAa,OAAA,EAAS;AACxB,oBAAA,MAAMjF,oBAAAA,CAAqBkF,MAAAA,CAAAA;oBAE3B,MAAM,EAAEK,UAAU,EAAE,GAAGL,MAAAA;;oBAGvB,MAAMlE,IAAAA,GAAO,MAAMK,OAAAA,CAAOmE,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCC,OAAO,CAAC;wBAC3EC,KAAAA,EAAO;AACLV,4BAAAA,QAAAA;4BACAW,GAAAA,EAAK;AAAC,gCAAA;AAAEC,oCAAAA,KAAAA,EAAON,WAAWO,WAAW;;AAAM,gCAAA;oCAAEC,QAAAA,EAAUR;;AAAa;AAC9E;AACA,qBAAA,CAAA;AAEM,oBAAA,IAAI,CAACvE,IAAAA,EAAM;AACT,wBAAA,MAAM,IAAIP,eAAAA,CAAgB,gCAAA,CAAA;AAClC,oBAAA;oBAEM,IAAI,CAACO,IAAAA,CAAKgF,QAAQ,EAAE;AAClB,wBAAA,MAAM,IAAIvF,eAAAA,CAAgB,gCAAA,CAAA;AAClC,oBAAA;oBAEM,MAAMwF,aAAAA,GAAgB,MAAMrG,UAAAA,CAAW,MAAA,CAAA,CAAQsG,gBAAgB,CAC7DhB,MAAAA,CAAOc,QAAQ,EACfhF,IAAAA,CAAKgF,QAAQ,CAAA;AAGf,oBAAA,IAAI,CAACC,aAAAA,EAAe;AAClB,wBAAA,MAAM,IAAIxF,eAAAA,CAAgB,gCAAA,CAAA;AAClC,oBAAA;AAEM,oBAAA,MAAM0F,gBAAAA,GAAmB,MAAMhB,KAAAA,CAAMjC,GAAG,CAAC;wBAAEmC,GAAAA,EAAK;AAAU,qBAAA,CAAA;AAC1D,oBAAA,MAAMe,oBAAAA,GAAuBhH,CAAAA,CAAE8D,GAAG,CAACiD,gBAAAA,EAAkB,oBAAA,CAAA;AAErD,oBAAA,IAAIC,oBAAAA,IAAwBpF,IAAAA,CAAKqF,SAAS,KAAK,IAAA,EAAM;AACnD,wBAAA,MAAM,IAAI7F,gBAAAA,CAAiB,qCAAA,CAAA;AACnC,oBAAA;oBAEM,IAAIQ,IAAAA,CAAKsF,OAAO,KAAK,IAAA,EAAM;AACzB,wBAAA,MAAM,IAAI9F,gBAAAA,CAAiB,mDAAA,CAAA;AACnC,oBAAA;AAEM,oBAAA,MAAM+F,OAAOlF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,oBAAA,IAAIqD,SAAS,SAAA,EAAW;wBACtB,OAAOpE,uBAAAA,CAAwBd,OAAAA,EAAQJ,GAAAA,EAAKD,IAAAA,EAAM;AAChDoB,4BAAAA,QAAAA,EAAUL,+BAAAA,CAAgCd,GAAAA;AACpD,yBAAA,CAAA;AACA,oBAAA;oBAEM,OAAOA,GAAAA,CAAI8C,IAAI,CAAC;wBACdC,GAAAA,EAAKpE,UAAAA,CAAW,KAAA,CAAA,CAAO4G,KAAK,CAAC;AAAE5D,4BAAAA,EAAAA,EAAI5B,KAAK4B;;wBACxC5B,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACvC,qBAAA,CAAA;AACA,gBAAA;;gBAGI,IAAI;oBACF,MAAMD,IAAAA,GAAO,MAAMpB,UAAAA,CAAW,WAAA,CAAA,CAAa6G,OAAO,CAACxB,QAAAA,EAAUhE,IAAIwE,KAAK,CAAA;oBAEtE,IAAIzE,IAAAA,CAAKsF,OAAO,EAAE;AAChB,wBAAA,MAAM,IAAI5F,cAAAA,CAAe,mDAAA,CAAA;AACjC,oBAAA;AAEM,oBAAA,MAAM6F,OAAOlF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,oBAAA,IAAIqD,SAAS,SAAA,EAAW;wBACtB,OAAOpE,uBAAAA,CAAwBd,OAAAA,EAAQJ,GAAAA,EAAKD,IAAAA,EAAM;AAChDoB,4BAAAA,QAAAA,EAAUL,+BAAAA,CAAgCd,GAAAA;AACpD,yBAAA,CAAA;AACA,oBAAA;oBAEM,OAAOA,GAAAA,CAAI8C,IAAI,CAAC;wBACdC,GAAAA,EAAKpE,UAAAA,CAAW,KAAA,CAAA,CAAO4G,KAAK,CAAC;AAAE5D,4BAAAA,EAAAA,EAAI5B,KAAK4B;;wBACxC5B,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACvC,qBAAA,CAAA;AACA,gBAAA,CAAA,CAAM,OAAOyF,KAAAA,EAAO;oBACd,MAAM,IAAIlG,gBAAAA,CAAiBkG,KAAAA,CAAMC,OAAO,CAAA;AAC9C,gBAAA;AACA,YAAA,CAAA;AAEE,YAAA,MAAMC,gBAAe3F,GAAG,EAAA;AACtB,gBAAA,IAAI,CAACA,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;AACnB,oBAAA,MAAM,IAAIR,gBAAAA,CAAiB,kDAAA,CAAA;AACjC,gBAAA;AAEI,gBAAA,MAAMqG,WAAAA,GAAcxF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAE4D,eAAe,EAAEd,QAAQ,EAAE,GAAG,MAAM1F,0BAAAA,CAC1CW,GAAAA,CAAIgB,OAAO,CAACI,IAAI,EAChBwE,WAAAA,CAAAA;gBAGF,MAAM7F,IAAAA,GAAO,MAAMK,OAAAA,CAAOmE,EAAE,CACzBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;oBAAEC,KAAAA,EAAO;AAAE/C,wBAAAA,EAAAA,EAAI3B,GAAAA,CAAIE,KAAK,CAACH,IAAI,CAAC4B;AAAE;AAAE,iBAAA,CAAA;gBAE7C,MAAMqD,aAAAA,GAAgB,MAAMrG,UAAAA,CAAW,MAAA,CAAA,CAAQsG,gBAAgB,CAACY,eAAAA,EAAiB9F,KAAKgF,QAAQ,CAAA;AAE9F,gBAAA,IAAI,CAACC,aAAAA,EAAe;AAClB,oBAAA,MAAM,IAAIxF,eAAAA,CAAgB,0CAAA,CAAA;AAChC,gBAAA;AAEI,gBAAA,IAAIqG,oBAAoBd,QAAAA,EAAU;AAChC,oBAAA,MAAM,IAAIvF,eAAAA,CAAgB,gEAAA,CAAA;AAChC,gBAAA;AAEI,gBAAA,MAAMb,WAAW,MAAA,CAAA,CAAQmH,IAAI,CAAC/F,IAAAA,CAAK4B,EAAE,EAAE;AAAEoD,oBAAAA;AAAQ,iBAAA,CAAA;AAEjD,gBAAA,MAAMO,OAAOlF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAIqD,SAAS,SAAA,EAAW;oBACtB,OAAOrC,gCAAAA,CAAiC7C,SAAQJ,GAAAA,EAAKD,IAAAA,CAAAA;AAC3D,gBAAA;gBAEI,OAAOC,GAAAA,CAAI8C,IAAI,CAAC;oBACdC,GAAAA,EAAKpE,UAAAA,CAAW,KAAA,CAAA,CAAO4G,KAAK,CAAC;AAAE5D,wBAAAA,EAAAA,EAAI5B,KAAK4B;;oBACxC5B,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACrC,iBAAA,CAAA;AACA,YAAA,CAAA;AAEE,YAAA,MAAM+F,eAAc/F,GAAG,EAAA;AACrB,gBAAA,MAAM4F,WAAAA,GAAcxF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAM,EAAE8C,QAAQ,EAAEiB,oBAAoB,EAAEC,IAAI,EAAE,GAAG,MAAM9G,yBAAAA,CACrDa,GAAAA,CAAIgB,OAAO,CAACI,IAAI,EAChBwE,WAAAA,CAAAA;AAGF,gBAAA,IAAIb,aAAaiB,oBAAAA,EAAsB;AACrC,oBAAA,MAAM,IAAIxG,eAAAA,CAAgB,wBAAA,CAAA;AAChC,gBAAA;gBAEI,MAAMO,IAAAA,GAAO,MAAMK,OAAAA,CAAOmE,EAAE,CACzBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;oBAAEC,KAAAA,EAAO;wBAAEwB,kBAAAA,EAAoBD;AAAI;AAAE,iBAAA,CAAA;AAEhD,gBAAA,IAAI,CAAClG,IAAAA,EAAM;AACT,oBAAA,MAAM,IAAIP,eAAAA,CAAgB,yBAAA,CAAA;AAChC,gBAAA;AAEI,gBAAA,MAAMb,WAAW,MAAA,CAAA,CAAQmH,IAAI,CAAC/F,IAAAA,CAAK4B,EAAE,EAAE;oBACrCuE,kBAAAA,EAAoB,IAAA;AACpBnB,oBAAAA;AACN,iBAAA,CAAA;AAEI,gBAAA,MAAMO,OAAOlF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAIqD,SAAS,SAAA,EAAW;oBACtB,OAAOrC,gCAAAA,CAAiC7C,SAAQJ,GAAAA,EAAKD,IAAAA,CAAAA;AAC3D,gBAAA;gBAEI,OAAOC,GAAAA,CAAI8C,IAAI,CAAC;oBACdC,GAAAA,EAAKpE,UAAAA,CAAW,KAAA,CAAA,CAAO4G,KAAK,CAAC;AAAE5D,wBAAAA,EAAAA,EAAI5B,KAAK4B;;oBACxC5B,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACrC,iBAAA,CAAA;AACA,YAAA,CAAA;AACE,YAAA,MAAMuB,SAAQvB,GAAG,EAAA;AACf,gBAAA,MAAMsF,OAAOlF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAIqD,SAAS,SAAA,EAAW;AACtB,oBAAA,OAAOtF,IAAImG,QAAQ,EAAA;AACzB,gBAAA;AAEI,gBAAA,MAAMpE,UAAAA,GAAa3B,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,oCAAA,CAAA;gBACrC,MAAMI,UAAAA,GAAaN,UAAAA,EAAYO,MAAAA,EAAQC,IAAAA,IAAQ,mBAAA;;AAG/C,gBAAA,IAAIS,YAAAA,GAAehD,GAAAA,CAAI4C,OAAO,CAACX,GAAG,CAACI,UAAAA,CAAAA;AACnC,gBAAA,IAAI,CAACW,YAAAA,EAAc;AACjBA,oBAAAA,YAAAA,GAAehD,GAAAA,CAAIgB,OAAO,CAACI,IAAI,EAAE4B,YAAAA;AACvC,gBAAA;AAEI,gBAAA,IAAI,CAACA,YAAAA,IAAgB,OAAOA,YAAAA,KAAiB,QAAA,EAAU;oBACrD,OAAOhD,GAAAA,CAAIoG,UAAU,CAAC,uBAAA,CAAA;AAC5B,gBAAA;AAEI,gBAAA,MAAMC,WAAW,MAAMjG,OAAAA,CACpBoB,cAAc,CAAC,mBAAA,CAAA,CACf8E,kBAAkB,CAACtD,YAAAA,CAAAA;AACtB,gBAAA,IAAI,WAAWqD,QAAAA,EAAU;oBACvB,OAAOrG,GAAAA,CAAIuG,YAAY,CAAC,uBAAA,CAAA;AAC9B,gBAAA;gBAEI,MAAMC,MAAAA,GAAS,MAAMpG,OAAAA,CAClBoB,cAAc,CAAC,mBAAA,CAAA,CACfK,mBAAmB,CAACwE,QAAAA,CAASvE,KAAK,CAAA;AACrC,gBAAA,IAAI,WAAW0E,MAAAA,EAAQ;oBACrB,OAAOxG,GAAAA,CAAIuG,YAAY,CAAC,uBAAA,CAAA;AAC9B,gBAAA;AAEI,gBAAA,MAAMrE,kBAAkBlC,GAAAA,CAAIgB,OAAO,CAACmB,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIJ,UAAAA,EAAYK,YAAYF,eAAAA,EAAiB;AAC3C,oBAAA,MAAMM,YAAAA,GAAeC,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;oBAC9C3C,GAAAA,CAAI4C,OAAO,CAACC,GAAG,CACbR,YACAgE,QAAAA,CAASvE,KAAK,EACdjD,yBAAAA,CAA0BkD,UAAAA,EAAYS,YAAAA,CAAAA,CAAAA;oBAExC,OAAOxC,GAAAA,CAAI8C,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKyD,OAAO1E;AAAK,qBAAA,CAAA;AACzC,gBAAA;gBACI,OAAO9B,GAAAA,CAAI8C,IAAI,CAAC;AAAEC,oBAAAA,GAAAA,EAAKyD,OAAO1E,KAAK;AAAEkB,oBAAAA,YAAAA,EAAcqD,SAASvE;AAAK,iBAAA,CAAA;AACrE,YAAA,CAAA;AACE,YAAA,MAAM2E,QAAOzG,GAAG,EAAA;AACd,gBAAA,MAAMsF,OAAOlF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAIqD,SAAS,SAAA,EAAW;AACtB,oBAAA,OAAOtF,IAAImG,QAAQ,EAAA;AACzB,gBAAA;AAEI,gBAAA,IAAI,CAACnG,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;oBACnB,OAAOC,GAAAA,CAAIuG,YAAY,CAAC,wBAAA,CAAA;AAC9B,gBAAA;AAEI,gBAAA,MAAMjD,SAAS5B,MAAAA,CAAO1B,GAAAA,CAAIE,KAAK,CAACH,IAAI,CAAC4B,EAAE,CAAA;AACvC,gBAAA,MAAMI,UAAAA,GAAa3B,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,oCAAA,CAAA;AACrC,gBAAA,MAAMb,OAAOpB,GAAAA,CAAIgB,OAAO,CAACI,IAAI,IAAI,EAAA;gBACjC,MAAMmC,KAAAA,GAAQ,OAAOnC,IAAAA,CAAKmC,KAAK,KAAK,QAAA,GAAWnC,IAAAA,CAAKmC,KAAK,GAAG1C,SAAAA;AAC5D,gBAAA,MAAMF,WAAWF,eAAAA,CAAgBW,IAAAA,CAAAA;gBAEjC,IAAI;oBACF,MAAMiC,oBAAAA,CAAqBjD,OAAAA,EAAQJ,GAAAA,EAAKsD,MAAAA,EAAQ;AAAEC,wBAAAA,KAAAA;AAAO5C,wBAAAA,QAAAA;AAAUS,wBAAAA;AAAI,qBAAA,CAAA;AAC7E,gBAAA,CAAA,CAAM,OAAOsF,GAAAA,EAAK;AACZtG,oBAAAA,OAAAA,CAAOuG,GAAG,CAAClB,KAAK,CAAC,kBAAA,EAAoBiB,GAAAA,CAAAA;AAC3C,gBAAA;AAEI,gBAAA,MAAMxE,kBAAkBlC,GAAAA,CAAIgB,OAAO,CAACmB,MAAM,CAAC,0BAA0B,KAAK,UAAA;gBAC1E,IAAIJ,UAAAA,EAAYK,YAAYF,eAAAA,EAAiB;AAC3C,oBAAA,MAAMG,UAAAA,GAAaN,UAAAA,CAAWO,MAAM,EAAEC,IAAAA,IAAQ,mBAAA;AAC9CvC,oBAAAA,GAAAA,CAAI4C,OAAO,CAACC,GAAG,CAACR,YAAY,EAAA,EAAI;AAAEuE,wBAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AAAE,qBAAA,CAAA;AAC5D,gBAAA;gBACI,OAAO7G,GAAAA,CAAI8C,IAAI,CAAC;oBAAEgE,EAAAA,EAAI;AAAI,iBAAA,CAAA;AAC9B,YAAA,CAAA;AACE,YAAA,MAAMC,aAAY/G,GAAG,EAAA;AACnB,gBAAA,MAAMsF,OAAOlF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAIqD,SAAS,SAAA,EAAW;AACtB,oBAAA,OAAOtF,IAAImG,QAAQ,EAAA;AACzB,gBAAA;AAEI,gBAAA,IAAI,CAACnG,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;oBACnB,OAAOC,GAAAA,CAAIuG,YAAY,CAAC,wBAAA,CAAA;AAC9B,gBAAA;AAEI,gBAAA,MAAM/C,gBAAAA,GAAmBxD,GAAAA,CAAIE,KAAK,CAACuD,OAAO,EAAE9B,EAAAA;AAC5C,gBAAA,MAAMqF,QAAAA,GAAW,MAAM5G,OAAAA,CACpBoB,cAAc,CAAC,mBAAA,CAAA,CACfyF,YAAY,CAACvF,MAAAA,CAAO1B,GAAAA,CAAIE,KAAK,CAACH,IAAI,CAAC4B,EAAE,CAAA,CAAA;gBAExC,MAAMuF,IAAAA,GAAOrH,uBACXmH,QAAAA,CAASG,GAAG,CAAC,CAAC1D,OAAAA,GAAY7D,qBAAqB6D,OAAAA,EAASD,gBAAAA,CAAAA,CAAAA,CAAAA;gBAG1D,OAAOxD,GAAAA,CAAI8C,IAAI,CAAC;AAAEoE,oBAAAA;AAAI,iBAAA,CAAA;AAC1B,YAAA,CAAA;AACE,YAAA,MAAME,eAAcpH,GAAG,EAAA;AACrB,gBAAA,MAAMsF,OAAOlF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAIqD,SAAS,SAAA,EAAW;AACtB,oBAAA,OAAOtF,IAAImG,QAAQ,EAAA;AACzB,gBAAA;AAEI,gBAAA,IAAI,CAACnG,GAAAA,CAAIE,KAAK,CAACH,IAAI,EAAE;oBACnB,OAAOC,GAAAA,CAAIuG,YAAY,CAAC,wBAAA,CAAA;AAC9B,gBAAA;AAEI,gBAAA,MAAM,EAAE1C,SAAS,EAAE,GAAG7D,IAAIiE,MAAM;AAChC,gBAAA,MAAMoD,OAAAA,GAAU,MAAMjH,OAAAA,CACnBoB,cAAc,CAAC,mBAAA,CAAA,CACfsC,iBAAiB,CAACpC,MAAAA,CAAO1B,IAAIE,KAAK,CAACH,IAAI,CAAC4B,EAAE,CAAA,EAAGkC,SAAAA,CAAAA;AAEhD,gBAAA,IAAI,CAACwD,OAAAA,EAAS;oBACZ,OAAOrH,GAAAA,CAAImG,QAAQ,CAAC,mBAAA,CAAA;AAC1B,gBAAA;gBAEI,OAAOnG,GAAAA,CAAI8C,IAAI,CAAC;AAAEoE,oBAAAA,IAAAA,EAAM;AAAE,iBAAA,CAAA;AAC9B,YAAA,CAAA;YACE,MAAM1B,OAAAA,CAAAA,CAAQxF,GAAG,EAAEsH,IAAI,EAAA;gBACrB,MAAMC,KAAAA,GAAQC,4BAAiBC,GAAG,EAAA;AAElC,gBAAA,MAAMC,SAAAA,GAAY,MAAMtH,OAAAA,CACrB8D,KAAK,CAAC;oBAAE5C,IAAAA,EAAM,QAAA;oBAAUiB,IAAAA,EAAM,mBAAA;oBAAqB6B,GAAAA,EAAK;mBACxDnC,GAAG,EAAA;AAEN,gBAAA,MAAM0F,SAAAA,GAAYvH,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,iBAAA,CAAA;AACpC,gBAAA,MAAM2F,WAAAA,GAAc;oBAClBC,QAAAA,EAAU;wBACRC,MAAAA,EAAQ,CAAA,EAAGH,SAAAA,CAAU,QAAQ;AACrC,qBAAA;AACM,oBAAA,GAAGD;AACT,iBAAA;gBAEI,MAAM,CAACK,YAAY,GAAG/H,GAAAA,CAAIgB,OAAO,CAACgH,GAAG,CAACC,KAAK,CAAC,GAAA,CAAA;AAC5C,gBAAA,MAAMjE,QAAAA,GAAW+D,WAAAA,CAAYE,KAAK,CAAC,WAAA,CAAY,CAAC,CAAA,CAAE,CAACA,KAAK,CAAC,GAAA,CAAI,CAAC,CAAA,CAAE;gBAEhE,IAAI,CAAC9J,EAAE8D,GAAG,CAAC2F,WAAW,CAAC5D,QAAAA,CAAS,EAAE,SAAA,CAAA,EAAY;AAC5C,oBAAA,MAAM,IAAIzE,gBAAAA,CAAiB,2BAAA,CAAA;AACjC,gBAAA;gBAEI,IAAI,CAACa,OAAAA,CAAO4B,MAAM,CAACkG,MAAM,CAACF,GAAG,CAACG,UAAU,CAAC,MAAA,CAAA,EAAS;oBAChD/H,OAAAA,CAAOuG,GAAG,CAACyB,IAAI,CACb,6NAAA,CAAA;AAER,gBAAA;;AAGI,gBAAA,MAAMC,mBAAAA,GAAsBlK,CAAAA,CAAE8D,GAAG,CAACjC,GAAAA,EAAK,gBAAA,CAAA;AACvC,gBAAA,MAAMsI,sBAAAA,GAAyBnK,CAAAA,CAAE8D,GAAG,CAACjC,GAAAA,EAAK,gCAAA,CAAA;AAE1C,gBAAA,MAAMuI,iBAAiBF,mBAAAA,IAAuBC,sBAAAA;;AAG9C,gBAAA,IAAIC,mBAAmB1H,SAAAA,EAAW;oBAChC,IAAI;;wBAEF,MAAM,EAAE2H,QAAAA,EAAUC,gBAAgB,EAAE,GAAGrI,QACpCsI,MAAM,CAAC,mBAAA,CAAA,CACP1G,MAAM,CAAC,UAAA,CAAA;AAEV,wBAAA,MAAMyG,gBAAAA,CAAiBF,cAAAA,EAAgBX,WAAW,CAAC5D,QAAAA,CAAS,CAAA;AAE5D4D,wBAAAA,WAAW,CAAC5D,QAAAA,CAAS,CAACD,QAAQ,GAAGwE,cAAAA;AACzC,oBAAA,CAAA,CAAQ,OAAOI,CAAAA,EAAG;wBACV,MAAM,IAAInJ,gBAAgB,+BAAA,EAAiC;4BAAEuE,QAAAA,EAAUwE;AAAc,yBAAA,CAAA;AAC7F,oBAAA;AACA,gBAAA;;gBAGIX,WAAW,CAAC5D,SAAS,CAAC4E,YAAY,GAAGjK,UAAAA,CAAW,WAAA,CAAA,CAAakK,gBAAgB,CAAC7E,QAAAA,CAAAA;gBAE9E,OAAOuD,KAAAA,CAAMK,aAAa5H,GAAAA,EAAKsH,IAAAA,CAAAA;AACnC,YAAA,CAAA;AAEE,YAAA,MAAMwB,gBAAe9I,GAAG,EAAA;gBACtB,MAAM,EAAE4E,KAAK,EAAE,GAAG,MAAM1F,0BAAAA,CAA2Bc,GAAAA,CAAIgB,OAAO,CAACI,IAAI,CAAA;AAEnE,gBAAA,MAAM2H,WAAAA,GAAc,MAAM3I,OAAAA,CAAO8D,KAAK,CAAC;oBAAE5C,IAAAA,EAAM,QAAA;oBAAUiB,IAAAA,EAAM;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAMyG,aAAAA,GAAgB,MAAMD,WAAAA,CAAY9G,GAAG,CAAC;oBAAEmC,GAAAA,EAAK;AAAO,iBAAA,CAAA;AAC1D,gBAAA,MAAMc,gBAAAA,GAAmB,MAAM6D,WAAAA,CAAY9G,GAAG,CAAC;oBAAEmC,GAAAA,EAAK;AAAU,iBAAA,CAAA;;gBAGhE,MAAMrE,IAAAA,GAAO,MAAMK,OAAAA,CAAOmE,EAAE,CACzBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;oBAAEC,KAAAA,EAAO;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAE;AAAE,iBAAA,CAAA;AAElD,gBAAA,IAAI,CAAC9E,IAAAA,IAAQA,IAAAA,CAAKsF,OAAO,EAAE;oBACzB,OAAOrF,GAAAA,CAAI8C,IAAI,CAAC;wBAAEgE,EAAAA,EAAI;AAAI,qBAAA,CAAA;AAChC,gBAAA;;gBAGI,MAAMmC,QAAAA,GAAW,MAAMnJ,YAAAA,CAAaC,IAAAA,EAAMC,GAAAA,CAAAA;AAE1C,gBAAA,MAAMkG,qBAAqBjI,MAAAA,CAAOiL,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE3D,gBAAA,MAAMC,wBAAwBjL,CAAAA,CAAE8D,GAAG,CAAC+G,aAAAA,EAAe,0BAA0B,EAAA,CAAA;gBAC7E,MAAMK,SAAAA,GAAY,MAAM1K,UAAAA,CAAW,mBAAA,CAAA,CAAqB2K,QAAQ,CAC9DF,qBAAAA,CAAsB1D,OAAO,EAC7B;AACE6D,oBAAAA,GAAAA,EAAKrE,iBAAiBsE,oBAAoB;AAC1CC,oBAAAA,UAAAA,EAAYrJ,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,oBAAA,CAAA;AAC9ByH,oBAAAA,SAAAA,EAAWtJ,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,mBAAA,CAAA;oBAC7B0H,IAAAA,EAAMV,QAAAA;oBACNW,KAAAA,EAAO1D;AACf,iBAAA,CAAA;gBAGI,MAAM2D,WAAAA,GAAc,MAAMlL,UAAAA,CAAW,mBAAA,CAAA,CAAqB2K,QAAQ,CAChEF,qBAAAA,CAAsBU,MAAM,EAC5B;oBACEH,IAAAA,EAAMV;AACd,iBAAA,CAAA;AAGI,gBAAA,MAAMc,WAAAA,GAAc;AAClBC,oBAAAA,EAAAA,EAAIjK,KAAK6E,KAAK;oBACdqF,IAAAA,EACEb,qBAAAA,CAAsBa,IAAI,CAACrF,KAAK,IAAIwE,sBAAsBa,IAAI,CAAC1H,IAAI,GAC/D,CAAA,EAAG6G,qBAAAA,CAAsBa,IAAI,CAAC1H,IAAI,CAAC,EAAE,EAAE6G,qBAAAA,CAAsBa,IAAI,CAACrF,KAAK,CAAC,CAAC,CAAC,GAC1E/D,SAAAA;AACNqJ,oBAAAA,OAAAA,EAASd,sBAAsBe,cAAc;oBAC7CC,OAAAA,EAASP,WAAAA;oBACTQ,IAAAA,EAAMhB,SAAAA;oBACNiB,IAAAA,EAAMjB;AACZ,iBAAA;;AAGI,gBAAA,MAAM1K,WAAW,MAAA,CAAA,CAAQmH,IAAI,CAAC/F,IAAAA,CAAK4B,EAAE,EAAE;AAAEuE,oBAAAA;AAAkB,iBAAA,CAAA;;gBAG3D,MAAM9F,OAAAA,CAAOsI,MAAM,CAAC,OAAA,CAAA,CAAS6B,OAAO,CAAC,OAAA,CAAA,CAASzH,IAAI,CAACiH,WAAAA,CAAAA;AAEnD/J,gBAAAA,GAAAA,CAAI8C,IAAI,CAAC;oBAAEgE,EAAAA,EAAI;AAAI,iBAAA,CAAA;AACvB,YAAA,CAAA;AAEE,YAAA,MAAM0D,UAASxK,GAAG,EAAA;AAChB,gBAAA,MAAM+I,WAAAA,GAAc,MAAM3I,OAAAA,CAAO8D,KAAK,CAAC;oBAAE5C,IAAAA,EAAM,QAAA;oBAAUiB,IAAAA,EAAM;AAAmB,iBAAA,CAAA;AAElF,gBAAA,MAAMkI,QAAAA,GAAW,MAAM1B,WAAAA,CAAY9G,GAAG,CAAC;oBAAEmC,GAAAA,EAAK;AAAU,iBAAA,CAAA;gBAExD,IAAI,CAACqG,QAAAA,CAASC,cAAc,EAAE;AAC5B,oBAAA,MAAM,IAAInL,gBAAAA,CAAiB,uCAAA,CAAA;AACjC,gBAAA;gBAEI,MAAM,EAAEiL,QAAQ,EAAE,GAAGpK,QAAO4B,MAAM,CAACC,GAAG,CAAC,2BAAA,CAAA;AACvC,gBAAA,MAAM0I,iBAAAA,GAAoB;AAAC,oBAAA,UAAA;AAAY,oBAAA,UAAA;AAAY,oBAAA;AAAQ,iBAAA;;gBAG3D,MAAMC,WAAAA,GAActM,OAAAA,CAClBD,MAAAA,CAAOsM,iBAAAA,EAAmBpM,OAAAA,CAAQiM,UAAUK,aAAAA,CAAAA,GAAiBL,QAAAA,CAASK,aAAa,GAAG,EAAE,CAAA,CAAA;;AAI1F,gBAAA,MAAMC,cAAcC,MAAAA,CAAOC,IAAI,CAAChL,GAAAA,CAAIgB,OAAO,CAACI,IAAI,CAAA,CAAE6J,MAAM,CAAC,CAAC7G,GAAAA,GAAQ,CAACwG,WAAAA,CAAYM,QAAQ,CAAC9G,GAAAA,CAAAA,CAAAA;gBAExF,IAAI0G,WAAAA,CAAYlK,MAAM,GAAG,CAAA,EAAG;;oBAE1B,MAAM,IAAIpB,gBAAgB,CAAC,oBAAoB,EAAEsL,WAAAA,CAAYK,IAAI,CAAC,IAAA,CAAA,CAAA,CAAO,CAAA;AAC/E,gBAAA;AAEI,gBAAA,MAAMlH,MAAAA,GAAS;oBACb,GAAG9F,CAAAA,CAAEiN,IAAI,CAACpL,GAAAA,CAAIgB,OAAO,CAACI,IAAI,EAAEwJ,WAAAA,CAAY;oBACxC5G,QAAAA,EAAU;AAChB,iBAAA;AAEI,gBAAA,MAAM4B,WAAAA,GAAcxF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,2CAAA,CAAA;AAEtC,gBAAA,MAAMjD,qBAAqBiF,MAAAA,EAAQ2B,WAAAA,CAAAA;gBAEnC,MAAMyF,IAAAA,GAAO,MAAMjL,OAAAA,CAAOmE,EAAE,CACzBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;oBAAEC,KAAAA,EAAO;AAAEpD,wBAAAA,IAAAA,EAAMmJ,SAASa;AAAY;AAAE,iBAAA,CAAA;AAEnD,gBAAA,IAAI,CAACD,IAAAA,EAAM;AACT,oBAAA,MAAM,IAAI9L,gBAAAA,CAAiB,qCAAA,CAAA;AACjC,gBAAA;AAEI,gBAAA,MAAM,EAAEqF,KAAK,EAAEE,QAAQ,EAAEd,QAAQ,EAAE,GAAGC,MAAAA;AAEtC,gBAAA,MAAMsH,gBAAAA,GAAmB;oBACvB5G,GAAAA,EAAK;AACH,wBAAA;AAAEC,4BAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAE,yBAAA;AAC5B,wBAAA;AAAEC,4BAAAA,QAAAA,EAAUF,MAAMC,WAAW;AAAE,yBAAA;AAC/B,wBAAA;AAAEC,4BAAAA;AAAQ,yBAAA;AACV,wBAAA;4BAAEF,KAAAA,EAAOE;AAAQ;AAClB;AACP,iBAAA;gBAEI,MAAM0G,oBAAAA,GAAuB,MAAMpL,OAAAA,CAAOmE,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCiH,KAAK,CAAC;oBACzF/G,KAAAA,EAAO;AAAE,wBAAA,GAAG6G,gBAAgB;AAAEvH,wBAAAA;AAAQ;AAC5C,iBAAA,CAAA;AAEI,gBAAA,IAAIwH,uBAAuB,CAAA,EAAG;AAC5B,oBAAA,MAAM,IAAIjM,gBAAAA,CAAiB,qCAAA,CAAA;AACjC,gBAAA;gBAEI,IAAIkL,QAAAA,CAASiB,YAAY,EAAE;oBACzB,MAAMF,oBAAAA,GAAuB,MAAMpL,OAAAA,CAAOmE,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCiH,KAAK,CAAC;wBACzF/G,KAAAA,EAAO;AAAE,4BAAA,GAAG6G;AAAgB;AACpC,qBAAA,CAAA;AAEM,oBAAA,IAAIC,uBAAuB,CAAA,EAAG;AAC5B,wBAAA,MAAM,IAAIjM,gBAAAA,CAAiB,qCAAA,CAAA;AACnC,oBAAA;AACA,gBAAA;AAEI,gBAAA,MAAMoM,OAAAA,GAAU;AACd,oBAAA,GAAG1H,MAAM;AACToH,oBAAAA,IAAAA,EAAMA,KAAK1J,EAAE;AACbiD,oBAAAA,KAAAA,EAAOA,MAAMC,WAAW,EAAA;AACxBC,oBAAAA,QAAAA;oBACAM,SAAAA,EAAW,CAACqF,SAASmB;AAC3B,iBAAA;AAEI,gBAAA,MAAM7L,IAAAA,GAAO,MAAMpB,UAAAA,CAAW,MAAA,CAAA,CAAQkN,GAAG,CAACF,OAAAA,CAAAA;gBAE1C,MAAMG,aAAAA,GAAgB,MAAMhM,YAAAA,CAAaC,IAAAA,EAAMC,GAAAA,CAAAA;gBAE/C,IAAIyK,QAAAA,CAASmB,kBAAkB,EAAE;oBAC/B,IAAI;wBACF,MAAMjN,UAAAA,CAAW,MAAA,CAAA,CAAQoN,qBAAqB,CAACD,aAAAA,CAAAA;AACvD,oBAAA,CAAA,CAAQ,OAAOpF,GAAAA,EAAK;wBACZtG,OAAAA,CAAOuG,GAAG,CAAClB,KAAK,CAACiB,GAAAA,CAAAA;AACjB,wBAAA,MAAM,IAAInH,gBAAAA,CAAiB,kCAAA,CAAA;AACnC,oBAAA;oBAEM,OAAOS,GAAAA,CAAI8C,IAAI,CAAC;wBAAE/C,IAAAA,EAAM+L;AAAa,qBAAA,CAAA;AAC3C,gBAAA;AAEI,gBAAA,MAAMxG,OAAOlF,OAAAA,CAAO4B,MAAM,CAACC,GAAG,CAAC,yCAAA,EAA2C,gBAAA,CAAA;AAC1E,gBAAA,IAAIqD,SAAS,SAAA,EAAW;oBACtB,MAAM3E,QAAAA,GAAWF,gBAAgBT,GAAAA,CAAIgB,OAAO,CAACI,IAAI,CAAA,IAAKnD,OAAOmF,UAAU,EAAA;AAEvE,oBAAA,MAAM7B,OAAAA,GAAU,MAAMnB,OAAAA,CACnBoB,cAAc,CAAC,mBAAA,CAAA,CACfC,oBAAoB,CAACC,MAAAA,CAAO3B,IAAAA,CAAK4B,EAAE,CAAA,EAAGhB,QAAAA,EAAU;wBAC/CW,IAAAA,EAAM,SAAA;AACNH,wBAAAA,QAAAA,EAAUL,+BAAAA,CAAgCd,GAAAA;AACpD,qBAAA,CAAA;oBAEM,MAAM4B,MAAAA,GAAS,MAAMxB,OAAAA,CAClBoB,cAAc,CAAC,mBAAA,CAAA,CACfK,mBAAmB,CAACN,OAAAA,CAAQO,KAAK,CAAA;AACpC,oBAAA,IAAI,WAAWF,MAAAA,EAAQ;AACrB,wBAAA,MAAM,IAAIrC,gBAAAA,CAAiB,qBAAA,CAAA;AACnC,oBAAA;oBAEM,OAAOS,GAAAA,CAAI8C,IAAI,CAAC;AAAEC,wBAAAA,GAAAA,EAAKnB,OAAOE,KAAK;AAAEkB,wBAAAA,YAAAA,EAAczB,QAAQO,KAAK;wBAAE/B,IAAAA,EAAM+L;AAAa,qBAAA,CAAA;AAC3F,gBAAA;gBAEI,MAAM/I,GAAAA,GAAMpE,WAAW,KAAA,CAAA,CAAO4G,KAAK,CAACpH,CAAAA,CAAEiN,IAAI,CAACrL,IAAAA,EAAM;AAAC,oBAAA;AAAK,iBAAA,CAAA,CAAA;gBACvD,OAAOC,GAAAA,CAAI8C,IAAI,CAAC;AAAEC,oBAAAA,GAAAA;oBAAKhD,IAAAA,EAAM+L;AAAa,iBAAA,CAAA;AAC9C,YAAA,CAAA;AAEE,YAAA,MAAME,iBAAAA,CAAAA,CAAkBhM,GAAG,EAAEsH,IAAI,EAAE2E,UAAU,EAAA;gBAC3C,MAAM,EAAEC,cAAcC,iBAAiB,EAAE,GAAG,MAAM/M,6BAAAA,CAA8BY,IAAIwE,KAAK,CAAA;AAEzF,gBAAA,MAAM4H,cAAczN,UAAAA,CAAW,MAAA,CAAA;AAC/B,gBAAA,MAAM0N,aAAa1N,UAAAA,CAAW,KAAA,CAAA;AAE9B,gBAAA,MAAM,CAACoB,IAAAA,CAAK,GAAG,MAAMqM,WAAAA,CAAYE,QAAQ,CAAC;oBAAEC,OAAAA,EAAS;AAAEJ,wBAAAA;AAAiB;AAAE,iBAAA,CAAA;AAE1E,gBAAA,IAAI,CAACpM,IAAAA,EAAM;AACT,oBAAA,MAAM,IAAIP,eAAAA,CAAgB,eAAA,CAAA;AAChC,gBAAA;AAEI,gBAAA,MAAM4M,WAAAA,CAAYtG,IAAI,CAAC/F,IAAAA,CAAK4B,EAAE,EAAE;oBAAEyD,SAAAA,EAAW,IAAA;oBAAM+G,iBAAAA,EAAmB;AAAI,iBAAA,CAAA;AAE1E,gBAAA,IAAIF,UAAAA,EAAY;AACdjM,oBAAAA,GAAAA,CAAI8C,IAAI,CAAC;wBACPC,GAAAA,EAAKsJ,UAAAA,CAAW9G,KAAK,CAAC;AAAE5D,4BAAAA,EAAAA,EAAI5B,KAAK4B;;wBACjC5B,IAAAA,EAAM,MAAMD,aAAaC,IAAAA,EAAMC,GAAAA;AACvC,qBAAA,CAAA;gBACA,CAAA,MAAW;AACL,oBAAA,MAAMyK,QAAAA,GAAW,MAAMrK,OAAAA,CACpB8D,KAAK,CAAC;wBAAE5C,IAAAA,EAAM,QAAA;wBAAUiB,IAAAA,EAAM,mBAAA;wBAAqB6B,GAAAA,EAAK;uBACxDnC,GAAG,EAAA;AAENjC,oBAAAA,GAAAA,CAAIwM,QAAQ,CAAC/B,QAAAA,CAASgC,8BAA8B,IAAI,GAAA,CAAA;AAC9D,gBAAA;AACA,YAAA,CAAA;AAEE,YAAA,MAAMC,uBAAsB1M,GAAG,EAAA;gBAC7B,MAAM,EAAE4E,KAAK,EAAE,GAAG,MAAM3F,iCAAAA,CAAkCe,GAAAA,CAAIgB,OAAO,CAACI,IAAI,CAAA;gBAE1E,MAAMrB,IAAAA,GAAO,MAAMK,OAAAA,CAAOmE,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCC,OAAO,CAAC;oBAC3EC,KAAAA,EAAO;AAAEE,wBAAAA,KAAAA,EAAOA,MAAMC,WAAW;AAAE;AACzC,iBAAA,CAAA;AAEI,gBAAA,IAAI,CAAC9E,IAAAA,EAAM;oBACT,OAAOC,GAAAA,CAAI8C,IAAI,CAAC;AAAE8B,wBAAAA,KAAAA;wBAAO+H,IAAAA,EAAM;AAAI,qBAAA,CAAA;AACzC,gBAAA;gBAEI,IAAI5M,IAAAA,CAAKqF,SAAS,EAAE;AAClB,oBAAA,MAAM,IAAI7F,gBAAAA,CAAiB,mBAAA,CAAA;AACjC,gBAAA;gBAEI,IAAIQ,IAAAA,CAAKsF,OAAO,EAAE;AAChB,oBAAA,MAAM,IAAI9F,gBAAAA,CAAiB,cAAA,CAAA;AACjC,gBAAA;gBAEI,MAAMZ,UAAAA,CAAW,MAAA,CAAA,CAAQoN,qBAAqB,CAAChM,IAAAA,CAAAA;AAE/CC,gBAAAA,GAAAA,CAAI8C,IAAI,CAAC;AACP8B,oBAAAA,KAAAA,EAAO7E,KAAK6E,KAAK;oBACjB+H,IAAAA,EAAM;AACZ,iBAAA,CAAA;AACA,YAAA;SACA,CAAA;;;;;;"}