@tinycloudlabs/sdk-core 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +320 -0
- package/dist/TinyCloud.d.ts +206 -0
- package/dist/TinyCloud.d.ts.map +1 -0
- package/dist/TinyCloud.js +244 -0
- package/dist/TinyCloud.js.map +1 -0
- package/dist/TinyCloud.schema.d.ts +173 -0
- package/dist/TinyCloud.schema.d.ts.map +1 -0
- package/dist/TinyCloud.schema.js +136 -0
- package/dist/TinyCloud.schema.js.map +1 -0
- package/dist/TinyCloud.schema.test.d.ts +5 -0
- package/dist/TinyCloud.schema.test.d.ts.map +1 -0
- package/dist/TinyCloud.schema.test.js +286 -0
- package/dist/TinyCloud.schema.test.js.map +1 -0
- package/dist/authorization/CapabilityKeyRegistry.d.ts +317 -0
- package/dist/authorization/CapabilityKeyRegistry.d.ts.map +1 -0
- package/dist/authorization/CapabilityKeyRegistry.js +509 -0
- package/dist/authorization/CapabilityKeyRegistry.js.map +1 -0
- package/dist/authorization/authorization.schema.d.ts +233 -0
- package/dist/authorization/authorization.schema.d.ts.map +1 -0
- package/dist/authorization/authorization.schema.js +220 -0
- package/dist/authorization/authorization.schema.js.map +1 -0
- package/dist/authorization/authorization.schema.test.d.ts +5 -0
- package/dist/authorization/authorization.schema.test.d.ts.map +1 -0
- package/dist/authorization/authorization.schema.test.js +618 -0
- package/dist/authorization/authorization.schema.test.js.map +1 -0
- package/dist/authorization/index.d.ts +38 -0
- package/dist/authorization/index.d.ts.map +1 -0
- package/dist/authorization/index.js +52 -0
- package/dist/authorization/index.js.map +1 -0
- package/dist/authorization/spaceCreation.d.ts +96 -0
- package/dist/authorization/spaceCreation.d.ts.map +1 -0
- package/dist/authorization/spaceCreation.js +35 -0
- package/dist/authorization/spaceCreation.js.map +1 -0
- package/dist/authorization/spaceCreation.schema.d.ts +67 -0
- package/dist/authorization/spaceCreation.schema.d.ts.map +1 -0
- package/dist/authorization/spaceCreation.schema.js +95 -0
- package/dist/authorization/spaceCreation.schema.js.map +1 -0
- package/dist/authorization/spaceCreation.schema.test.d.ts +5 -0
- package/dist/authorization/spaceCreation.schema.test.d.ts.map +1 -0
- package/dist/authorization/spaceCreation.schema.test.js +168 -0
- package/dist/authorization/spaceCreation.schema.test.js.map +1 -0
- package/dist/authorization/strategies.d.ts +134 -0
- package/dist/authorization/strategies.d.ts.map +1 -0
- package/dist/authorization/strategies.js +15 -0
- package/dist/authorization/strategies.js.map +1 -0
- package/dist/authorization/strategies.schema.d.ts +185 -0
- package/dist/authorization/strategies.schema.d.ts.map +1 -0
- package/dist/authorization/strategies.schema.js +147 -0
- package/dist/authorization/strategies.schema.js.map +1 -0
- package/dist/authorization/strategies.schema.test.d.ts +5 -0
- package/dist/authorization/strategies.schema.test.d.ts.map +1 -0
- package/dist/authorization/strategies.schema.test.js +253 -0
- package/dist/authorization/strategies.schema.test.js.map +1 -0
- package/dist/delegations/DelegationManager.d.ts +164 -0
- package/dist/delegations/DelegationManager.d.ts.map +1 -0
- package/dist/delegations/DelegationManager.js +428 -0
- package/dist/delegations/DelegationManager.js.map +1 -0
- package/dist/delegations/SharingService.d.ts +279 -0
- package/dist/delegations/SharingService.d.ts.map +1 -0
- package/dist/delegations/SharingService.js +558 -0
- package/dist/delegations/SharingService.js.map +1 -0
- package/dist/delegations/SharingService.schema.d.ts +401 -0
- package/dist/delegations/SharingService.schema.d.ts.map +1 -0
- package/dist/delegations/SharingService.schema.js +211 -0
- package/dist/delegations/SharingService.schema.js.map +1 -0
- package/dist/delegations/index.d.ts +38 -0
- package/dist/delegations/index.d.ts.map +1 -0
- package/dist/delegations/index.js +42 -0
- package/dist/delegations/index.js.map +1 -0
- package/dist/delegations/types.d.ts +13 -0
- package/dist/delegations/types.d.ts.map +1 -0
- package/dist/delegations/types.js +42 -0
- package/dist/delegations/types.js.map +1 -0
- package/dist/delegations/types.schema.d.ts +1641 -0
- package/dist/delegations/types.schema.d.ts.map +1 -0
- package/dist/delegations/types.schema.js +535 -0
- package/dist/delegations/types.schema.js.map +1 -0
- package/dist/delegations/types.schema.test.d.ts +5 -0
- package/dist/delegations/types.schema.test.d.ts.map +1 -0
- package/dist/delegations/types.schema.test.js +627 -0
- package/dist/delegations/types.schema.test.js.map +1 -0
- package/dist/index.d.ts +22 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +52 -0
- package/dist/index.js.map +1 -0
- package/dist/json-schema.d.ts +327 -0
- package/dist/json-schema.d.ts.map +1 -0
- package/dist/json-schema.js +703 -0
- package/dist/json-schema.js.map +1 -0
- package/dist/json-schema.test.d.ts +7 -0
- package/dist/json-schema.test.d.ts.map +1 -0
- package/dist/json-schema.test.js +365 -0
- package/dist/json-schema.test.js.map +1 -0
- package/dist/signer.d.ts +28 -0
- package/dist/signer.d.ts.map +1 -0
- package/dist/signer.js +2 -0
- package/dist/signer.js.map +1 -0
- package/dist/space.d.ts +53 -0
- package/dist/space.d.ts.map +1 -0
- package/dist/space.js +67 -0
- package/dist/space.js.map +1 -0
- package/dist/space.schema.d.ts +65 -0
- package/dist/space.schema.d.ts.map +1 -0
- package/dist/space.schema.js +65 -0
- package/dist/space.schema.js.map +1 -0
- package/dist/space.schema.test.d.ts +5 -0
- package/dist/space.schema.test.d.ts.map +1 -0
- package/dist/space.schema.test.js +148 -0
- package/dist/space.schema.test.js.map +1 -0
- package/dist/spaces/Space.d.ts +175 -0
- package/dist/spaces/Space.d.ts.map +1 -0
- package/dist/spaces/Space.js +84 -0
- package/dist/spaces/Space.js.map +1 -0
- package/dist/spaces/SpaceService.d.ts +271 -0
- package/dist/spaces/SpaceService.d.ts.map +1 -0
- package/dist/spaces/SpaceService.js +715 -0
- package/dist/spaces/SpaceService.js.map +1 -0
- package/dist/spaces/index.d.ts +11 -0
- package/dist/spaces/index.d.ts.map +1 -0
- package/dist/spaces/index.js +20 -0
- package/dist/spaces/index.js.map +1 -0
- package/dist/spaces/spaces.schema.d.ts +421 -0
- package/dist/spaces/spaces.schema.d.ts.map +1 -0
- package/dist/spaces/spaces.schema.js +342 -0
- package/dist/spaces/spaces.schema.js.map +1 -0
- package/dist/spaces/spaces.schema.test.d.ts +5 -0
- package/dist/spaces/spaces.schema.test.d.ts.map +1 -0
- package/dist/spaces/spaces.schema.test.js +471 -0
- package/dist/spaces/spaces.schema.test.js.map +1 -0
- package/dist/storage.d.ts +47 -0
- package/dist/storage.d.ts.map +1 -0
- package/dist/storage.js +14 -0
- package/dist/storage.js.map +1 -0
- package/dist/storage.schema.d.ts +277 -0
- package/dist/storage.schema.d.ts.map +1 -0
- package/dist/storage.schema.js +185 -0
- package/dist/storage.schema.js.map +1 -0
- package/dist/storage.schema.test.d.ts +5 -0
- package/dist/storage.schema.test.d.ts.map +1 -0
- package/dist/storage.schema.test.js +346 -0
- package/dist/storage.schema.test.js.map +1 -0
- package/dist/userAuthorization.d.ts +99 -0
- package/dist/userAuthorization.d.ts.map +1 -0
- package/dist/userAuthorization.js +3 -0
- package/dist/userAuthorization.js.map +1 -0
- package/dist/userAuthorization.schema.d.ts +259 -0
- package/dist/userAuthorization.schema.d.ts.map +1 -0
- package/dist/userAuthorization.schema.js +175 -0
- package/dist/userAuthorization.schema.js.map +1 -0
- package/dist/userAuthorization.schema.test.d.ts +5 -0
- package/dist/userAuthorization.schema.test.d.ts.map +1 -0
- package/dist/userAuthorization.schema.test.js +356 -0
- package/dist/userAuthorization.schema.test.js.map +1 -0
- package/dist/version.d.ts +30 -0
- package/dist/version.d.ts.map +1 -0
- package/dist/version.js +54 -0
- package/dist/version.js.map +1 -0
- package/dist/wasm-validation.d.ts +287 -0
- package/dist/wasm-validation.d.ts.map +1 -0
- package/dist/wasm-validation.js +219 -0
- package/dist/wasm-validation.js.map +1 -0
- package/dist/wasm-validation.test.d.ts +5 -0
- package/dist/wasm-validation.test.d.ts.map +1 -0
- package/dist/wasm-validation.test.js +233 -0
- package/dist/wasm-validation.test.js.map +1 -0
- package/package.json +40 -0
|
@@ -0,0 +1,509 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* CapabilityKeyRegistry - Tracks keys and their capabilities for automatic key selection.
|
|
3
|
+
*
|
|
4
|
+
* The registry maintains mappings between:
|
|
5
|
+
* - Keys and their associated delegations
|
|
6
|
+
* - Capabilities (resource/action pairs) and the keys that can exercise them
|
|
7
|
+
*
|
|
8
|
+
* This enables automatic key selection when performing operations, choosing
|
|
9
|
+
* the most appropriate key based on priority and validity.
|
|
10
|
+
*
|
|
11
|
+
* @packageDocumentation
|
|
12
|
+
*/
|
|
13
|
+
import { ok, err, serviceError } from "@tinycloudlabs/sdk-services";
|
|
14
|
+
// =============================================================================
|
|
15
|
+
// Service Name
|
|
16
|
+
// =============================================================================
|
|
17
|
+
const SERVICE_NAME = "capability-key-registry";
|
|
18
|
+
// =============================================================================
|
|
19
|
+
// Error Codes
|
|
20
|
+
// =============================================================================
|
|
21
|
+
/**
|
|
22
|
+
* Error codes specific to CapabilityKeyRegistry operations.
|
|
23
|
+
*/
|
|
24
|
+
export const CapabilityKeyRegistryErrorCodes = {
|
|
25
|
+
/** Key not found in registry */
|
|
26
|
+
KEY_NOT_FOUND: "KEY_NOT_FOUND",
|
|
27
|
+
/** No key available for the requested capability */
|
|
28
|
+
NO_CAPABLE_KEY: "NO_CAPABLE_KEY",
|
|
29
|
+
/** Delegation has expired */
|
|
30
|
+
DELEGATION_EXPIRED: "DELEGATION_EXPIRED",
|
|
31
|
+
/** Delegation has been revoked */
|
|
32
|
+
DELEGATION_REVOKED: "DELEGATION_REVOKED",
|
|
33
|
+
/** Invalid delegation data */
|
|
34
|
+
INVALID_DELEGATION: "INVALID_DELEGATION",
|
|
35
|
+
/** Key already registered */
|
|
36
|
+
KEY_EXISTS: "KEY_EXISTS",
|
|
37
|
+
};
|
|
38
|
+
// =============================================================================
|
|
39
|
+
// Implementation
|
|
40
|
+
// =============================================================================
|
|
41
|
+
/**
|
|
42
|
+
* CapabilityKeyRegistry - Tracks keys and their capabilities for automatic key selection.
|
|
43
|
+
*
|
|
44
|
+
* @example
|
|
45
|
+
* ```typescript
|
|
46
|
+
* const registry = new CapabilityKeyRegistry();
|
|
47
|
+
*
|
|
48
|
+
* // Register a session key with its delegations
|
|
49
|
+
* registry.registerKey(sessionKey, [rootDelegation]);
|
|
50
|
+
*
|
|
51
|
+
* // Get the best key for an operation
|
|
52
|
+
* const key = registry.getKeyForCapability(
|
|
53
|
+
* "tinycloud://my-space/kv/data",
|
|
54
|
+
* "tinycloud.kv/get"
|
|
55
|
+
* );
|
|
56
|
+
*
|
|
57
|
+
* if (key) {
|
|
58
|
+
* // Use this key for the operation
|
|
59
|
+
* console.log("Using key:", key.id);
|
|
60
|
+
* }
|
|
61
|
+
* ```
|
|
62
|
+
*/
|
|
63
|
+
export class CapabilityKeyRegistry {
|
|
64
|
+
constructor() {
|
|
65
|
+
/**
|
|
66
|
+
* Registry of all keys indexed by ID.
|
|
67
|
+
*/
|
|
68
|
+
this.keys = new Map();
|
|
69
|
+
/**
|
|
70
|
+
* Delegation storage.
|
|
71
|
+
*/
|
|
72
|
+
this.store = {
|
|
73
|
+
byKey: new Map(),
|
|
74
|
+
byCid: new Map(),
|
|
75
|
+
byCapability: new Map(),
|
|
76
|
+
};
|
|
77
|
+
}
|
|
78
|
+
// ===========================================================================
|
|
79
|
+
// Key Management
|
|
80
|
+
// ===========================================================================
|
|
81
|
+
/**
|
|
82
|
+
* Register a key with its associated delegations.
|
|
83
|
+
*
|
|
84
|
+
* @param key - Key information
|
|
85
|
+
* @param delegations - Delegations granted to this key
|
|
86
|
+
*/
|
|
87
|
+
registerKey(key, delegations) {
|
|
88
|
+
// Store the key
|
|
89
|
+
this.keys.set(key.id, key);
|
|
90
|
+
// Initialize delegation storage for this key
|
|
91
|
+
if (!this.store.byKey.has(key.id)) {
|
|
92
|
+
this.store.byKey.set(key.id, []);
|
|
93
|
+
}
|
|
94
|
+
// Process each delegation
|
|
95
|
+
for (const delegation of delegations) {
|
|
96
|
+
this.addDelegation(key, delegation);
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Remove a key and all its associated delegations.
|
|
101
|
+
*
|
|
102
|
+
* @param keyId - The key ID to remove
|
|
103
|
+
*/
|
|
104
|
+
removeKey(keyId) {
|
|
105
|
+
// Get delegations for this key
|
|
106
|
+
const delegations = this.store.byKey.get(keyId) || [];
|
|
107
|
+
// Remove from byCid
|
|
108
|
+
for (const delegation of delegations) {
|
|
109
|
+
this.store.byCid.delete(delegation.cid);
|
|
110
|
+
}
|
|
111
|
+
// Remove from byCapability
|
|
112
|
+
for (const [capKey, entries] of this.store.byCapability) {
|
|
113
|
+
const filtered = entries.filter((entry) => !entry.keys.some((k) => k.id === keyId));
|
|
114
|
+
if (filtered.length === 0) {
|
|
115
|
+
this.store.byCapability.delete(capKey);
|
|
116
|
+
}
|
|
117
|
+
else {
|
|
118
|
+
// Remove this key from entries that have multiple keys
|
|
119
|
+
for (const entry of filtered) {
|
|
120
|
+
entry.keys = entry.keys.filter((k) => k.id !== keyId);
|
|
121
|
+
}
|
|
122
|
+
this.store.byCapability.set(capKey, filtered.filter((e) => e.keys.length > 0));
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
// Remove from byKey
|
|
126
|
+
this.store.byKey.delete(keyId);
|
|
127
|
+
// Remove the key itself
|
|
128
|
+
this.keys.delete(keyId);
|
|
129
|
+
}
|
|
130
|
+
// ===========================================================================
|
|
131
|
+
// Capability Lookup
|
|
132
|
+
// ===========================================================================
|
|
133
|
+
/**
|
|
134
|
+
* Get a key that can exercise the specified capability.
|
|
135
|
+
*
|
|
136
|
+
* Key selection algorithm:
|
|
137
|
+
* 1. Filter keys that have the required capability
|
|
138
|
+
* 2. Check delegation validity (not expired, not revoked)
|
|
139
|
+
* 3. Sort by priority (session=0, main=1, ingested=2)
|
|
140
|
+
* 4. Return highest priority valid key
|
|
141
|
+
*
|
|
142
|
+
* @param resource - Resource URI
|
|
143
|
+
* @param action - Action to perform
|
|
144
|
+
* @returns The best matching key, or null if none available
|
|
145
|
+
*/
|
|
146
|
+
getKeyForCapability(resource, action) {
|
|
147
|
+
// Find matching capabilities
|
|
148
|
+
const matchingEntries = this.findMatchingEntries(resource, action);
|
|
149
|
+
if (matchingEntries.length === 0) {
|
|
150
|
+
return null;
|
|
151
|
+
}
|
|
152
|
+
// Collect all valid keys from matching entries
|
|
153
|
+
const validKeys = [];
|
|
154
|
+
for (const entry of matchingEntries) {
|
|
155
|
+
// Check if the delegation is valid
|
|
156
|
+
if (!this.isDelegationValid(entry.delegation)) {
|
|
157
|
+
continue;
|
|
158
|
+
}
|
|
159
|
+
// Add keys from this entry
|
|
160
|
+
for (const key of entry.keys) {
|
|
161
|
+
if (!validKeys.some((k) => k.id === key.id)) {
|
|
162
|
+
validKeys.push(key);
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
if (validKeys.length === 0) {
|
|
167
|
+
return null;
|
|
168
|
+
}
|
|
169
|
+
// Sort by priority (lower is better)
|
|
170
|
+
validKeys.sort((a, b) => a.priority - b.priority);
|
|
171
|
+
return validKeys[0];
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Get all registered capabilities.
|
|
175
|
+
*
|
|
176
|
+
* @returns All capability entries in the registry
|
|
177
|
+
*/
|
|
178
|
+
getAllCapabilities() {
|
|
179
|
+
const all = [];
|
|
180
|
+
for (const entries of this.store.byCapability.values()) {
|
|
181
|
+
all.push(...entries);
|
|
182
|
+
}
|
|
183
|
+
return all;
|
|
184
|
+
}
|
|
185
|
+
// ===========================================================================
|
|
186
|
+
// Delegation Tracking
|
|
187
|
+
// ===========================================================================
|
|
188
|
+
/**
|
|
189
|
+
* Get all delegations for a specific key.
|
|
190
|
+
*
|
|
191
|
+
* @param keyId - The key ID
|
|
192
|
+
* @returns Array of delegations for this key
|
|
193
|
+
*/
|
|
194
|
+
getDelegationsForKey(keyId) {
|
|
195
|
+
return this.store.byKey.get(keyId) || [];
|
|
196
|
+
}
|
|
197
|
+
// ===========================================================================
|
|
198
|
+
// Ingestion
|
|
199
|
+
// ===========================================================================
|
|
200
|
+
/**
|
|
201
|
+
* Ingest a key and delegation from an external source.
|
|
202
|
+
*
|
|
203
|
+
* @param key - Key information to ingest
|
|
204
|
+
* @param delegation - Delegation to associate with the key
|
|
205
|
+
* @param options - Ingestion options
|
|
206
|
+
*/
|
|
207
|
+
ingestKey(key, delegation, options) {
|
|
208
|
+
// Apply priority override if specified
|
|
209
|
+
const keyToStore = options?.priority !== undefined
|
|
210
|
+
? { ...key, priority: options.priority }
|
|
211
|
+
: key;
|
|
212
|
+
// Store the key
|
|
213
|
+
this.keys.set(keyToStore.id, keyToStore);
|
|
214
|
+
// Initialize delegation storage
|
|
215
|
+
if (!this.store.byKey.has(keyToStore.id)) {
|
|
216
|
+
this.store.byKey.set(keyToStore.id, []);
|
|
217
|
+
}
|
|
218
|
+
// Add the delegation
|
|
219
|
+
this.addDelegation(keyToStore, delegation);
|
|
220
|
+
}
|
|
221
|
+
// ===========================================================================
|
|
222
|
+
// Validation
|
|
223
|
+
// ===========================================================================
|
|
224
|
+
/**
|
|
225
|
+
* Check if a delegation is currently valid.
|
|
226
|
+
*
|
|
227
|
+
* @param delegation - The delegation to check
|
|
228
|
+
* @returns true if valid, false if expired or revoked
|
|
229
|
+
*/
|
|
230
|
+
isDelegationValid(delegation) {
|
|
231
|
+
// Check if revoked
|
|
232
|
+
if (delegation.isRevoked) {
|
|
233
|
+
return false;
|
|
234
|
+
}
|
|
235
|
+
// Check expiry
|
|
236
|
+
const now = new Date();
|
|
237
|
+
if (delegation.expiry && delegation.expiry < now) {
|
|
238
|
+
return false;
|
|
239
|
+
}
|
|
240
|
+
return true;
|
|
241
|
+
}
|
|
242
|
+
// ===========================================================================
|
|
243
|
+
// Key Access
|
|
244
|
+
// ===========================================================================
|
|
245
|
+
/**
|
|
246
|
+
* Get a key by its ID.
|
|
247
|
+
*
|
|
248
|
+
* @param keyId - The key ID
|
|
249
|
+
* @returns The key info, or undefined if not found
|
|
250
|
+
*/
|
|
251
|
+
getKey(keyId) {
|
|
252
|
+
return this.keys.get(keyId);
|
|
253
|
+
}
|
|
254
|
+
/**
|
|
255
|
+
* Get all registered keys.
|
|
256
|
+
*
|
|
257
|
+
* @returns Array of all registered keys
|
|
258
|
+
*/
|
|
259
|
+
getAllKeys() {
|
|
260
|
+
return Array.from(this.keys.values());
|
|
261
|
+
}
|
|
262
|
+
// ===========================================================================
|
|
263
|
+
// Clear
|
|
264
|
+
// ===========================================================================
|
|
265
|
+
/**
|
|
266
|
+
* Clear all registered keys and delegations.
|
|
267
|
+
*/
|
|
268
|
+
clear() {
|
|
269
|
+
this.keys.clear();
|
|
270
|
+
this.store.byKey.clear();
|
|
271
|
+
this.store.byCid.clear();
|
|
272
|
+
this.store.byCapability.clear();
|
|
273
|
+
}
|
|
274
|
+
// ===========================================================================
|
|
275
|
+
// Revocation
|
|
276
|
+
// ===========================================================================
|
|
277
|
+
/**
|
|
278
|
+
* Revoke a delegation by CID.
|
|
279
|
+
*
|
|
280
|
+
* @param cid - The delegation CID to revoke
|
|
281
|
+
* @returns Result indicating success or failure
|
|
282
|
+
*/
|
|
283
|
+
revokeDelegation(cid) {
|
|
284
|
+
const stored = this.store.byCid.get(cid);
|
|
285
|
+
if (!stored) {
|
|
286
|
+
return err(serviceError(CapabilityKeyRegistryErrorCodes.KEY_NOT_FOUND, `Delegation not found: ${cid}`, SERVICE_NAME));
|
|
287
|
+
}
|
|
288
|
+
// Mark the delegation as revoked
|
|
289
|
+
stored.delegation.isRevoked = true;
|
|
290
|
+
// Update in byKey
|
|
291
|
+
const keyDelegations = this.store.byKey.get(stored.keyId);
|
|
292
|
+
if (keyDelegations) {
|
|
293
|
+
const delegation = keyDelegations.find((d) => d.cid === cid);
|
|
294
|
+
if (delegation) {
|
|
295
|
+
delegation.isRevoked = true;
|
|
296
|
+
}
|
|
297
|
+
}
|
|
298
|
+
// Update in byCapability
|
|
299
|
+
for (const entries of this.store.byCapability.values()) {
|
|
300
|
+
for (const entry of entries) {
|
|
301
|
+
if (entry.delegation.cid === cid) {
|
|
302
|
+
entry.delegation.isRevoked = true;
|
|
303
|
+
}
|
|
304
|
+
}
|
|
305
|
+
}
|
|
306
|
+
return ok(undefined);
|
|
307
|
+
}
|
|
308
|
+
// ===========================================================================
|
|
309
|
+
// Search
|
|
310
|
+
// ===========================================================================
|
|
311
|
+
/**
|
|
312
|
+
* Find capabilities that match a resource path pattern.
|
|
313
|
+
*
|
|
314
|
+
* @param resourcePattern - Resource pattern (supports wildcards)
|
|
315
|
+
* @param action - Optional action filter
|
|
316
|
+
* @returns Matching capability entries
|
|
317
|
+
*/
|
|
318
|
+
findCapabilities(resourcePattern, action) {
|
|
319
|
+
const results = [];
|
|
320
|
+
for (const entries of this.store.byCapability.values()) {
|
|
321
|
+
for (const entry of entries) {
|
|
322
|
+
// Check action match if specified
|
|
323
|
+
if (action && entry.action !== action) {
|
|
324
|
+
continue;
|
|
325
|
+
}
|
|
326
|
+
// Check resource pattern match
|
|
327
|
+
if (this.matchesResourcePattern(entry.resource, resourcePattern)) {
|
|
328
|
+
results.push(entry);
|
|
329
|
+
}
|
|
330
|
+
}
|
|
331
|
+
}
|
|
332
|
+
return results;
|
|
333
|
+
}
|
|
334
|
+
// ===========================================================================
|
|
335
|
+
// Private Methods
|
|
336
|
+
// ===========================================================================
|
|
337
|
+
/**
|
|
338
|
+
* Add a delegation to the store.
|
|
339
|
+
*
|
|
340
|
+
* @param key - The key associated with this delegation
|
|
341
|
+
* @param delegation - The delegation to add
|
|
342
|
+
*/
|
|
343
|
+
addDelegation(key, delegation) {
|
|
344
|
+
// Add to byKey
|
|
345
|
+
const keyDelegations = this.store.byKey.get(key.id) || [];
|
|
346
|
+
if (!keyDelegations.some((d) => d.cid === delegation.cid)) {
|
|
347
|
+
keyDelegations.push(delegation);
|
|
348
|
+
this.store.byKey.set(key.id, keyDelegations);
|
|
349
|
+
}
|
|
350
|
+
// Add to byCid
|
|
351
|
+
if (!this.store.byCid.has(delegation.cid)) {
|
|
352
|
+
this.store.byCid.set(delegation.cid, {
|
|
353
|
+
delegation,
|
|
354
|
+
parentCid: delegation.parentCid,
|
|
355
|
+
keyId: key.id,
|
|
356
|
+
storedAt: new Date(),
|
|
357
|
+
});
|
|
358
|
+
}
|
|
359
|
+
// Add to byCapability for each action
|
|
360
|
+
for (const action of delegation.actions) {
|
|
361
|
+
const capKey = this.makeCapabilityKey(delegation.path, action);
|
|
362
|
+
const entries = this.store.byCapability.get(capKey) || [];
|
|
363
|
+
// Check if we already have an entry for this exact delegation
|
|
364
|
+
const existingEntry = entries.find((e) => e.delegation.cid === delegation.cid);
|
|
365
|
+
if (existingEntry) {
|
|
366
|
+
// Add this key if not already present
|
|
367
|
+
if (!existingEntry.keys.some((k) => k.id === key.id)) {
|
|
368
|
+
existingEntry.keys.push(key);
|
|
369
|
+
// Re-sort by priority
|
|
370
|
+
existingEntry.keys.sort((a, b) => a.priority - b.priority);
|
|
371
|
+
}
|
|
372
|
+
}
|
|
373
|
+
else {
|
|
374
|
+
// Create new capability entry
|
|
375
|
+
const entry = {
|
|
376
|
+
resource: delegation.path,
|
|
377
|
+
action,
|
|
378
|
+
keys: [key],
|
|
379
|
+
delegation,
|
|
380
|
+
expiresAt: delegation.expiry,
|
|
381
|
+
};
|
|
382
|
+
entries.push(entry);
|
|
383
|
+
this.store.byCapability.set(capKey, entries);
|
|
384
|
+
}
|
|
385
|
+
}
|
|
386
|
+
}
|
|
387
|
+
/**
|
|
388
|
+
* Create a capability key for indexing.
|
|
389
|
+
*
|
|
390
|
+
* @param resource - Resource path
|
|
391
|
+
* @param action - Action
|
|
392
|
+
* @returns Combined key string
|
|
393
|
+
*/
|
|
394
|
+
makeCapabilityKey(resource, action) {
|
|
395
|
+
return `${resource}|${action}`;
|
|
396
|
+
}
|
|
397
|
+
/**
|
|
398
|
+
* Find capability entries that match a resource and action.
|
|
399
|
+
*
|
|
400
|
+
* @param resource - Resource to match
|
|
401
|
+
* @param action - Action to match
|
|
402
|
+
* @returns Matching entries
|
|
403
|
+
*/
|
|
404
|
+
findMatchingEntries(resource, action) {
|
|
405
|
+
const results = [];
|
|
406
|
+
// Exact match
|
|
407
|
+
const exactKey = this.makeCapabilityKey(resource, action);
|
|
408
|
+
const exactEntries = this.store.byCapability.get(exactKey);
|
|
409
|
+
if (exactEntries) {
|
|
410
|
+
results.push(...exactEntries);
|
|
411
|
+
}
|
|
412
|
+
// Wildcard matches - check all entries for patterns that match this resource
|
|
413
|
+
for (const [capKey, entries] of this.store.byCapability) {
|
|
414
|
+
if (capKey === exactKey)
|
|
415
|
+
continue; // Already handled
|
|
416
|
+
for (const entry of entries) {
|
|
417
|
+
// Check if the entry's action matches
|
|
418
|
+
if (!this.actionMatches(entry.action, action)) {
|
|
419
|
+
continue;
|
|
420
|
+
}
|
|
421
|
+
// Check if the entry's resource pattern matches the requested resource
|
|
422
|
+
if (this.resourceMatchesPattern(resource, entry.resource)) {
|
|
423
|
+
if (!results.some((r) => r.delegation.cid === entry.delegation.cid)) {
|
|
424
|
+
results.push(entry);
|
|
425
|
+
}
|
|
426
|
+
}
|
|
427
|
+
}
|
|
428
|
+
}
|
|
429
|
+
return results;
|
|
430
|
+
}
|
|
431
|
+
/**
|
|
432
|
+
* Check if an action pattern matches a specific action.
|
|
433
|
+
*
|
|
434
|
+
* @param pattern - Action pattern (may include wildcard like "tinycloud.kv/*")
|
|
435
|
+
* @param action - Specific action to check
|
|
436
|
+
* @returns true if pattern matches action
|
|
437
|
+
*/
|
|
438
|
+
actionMatches(pattern, action) {
|
|
439
|
+
// Exact match
|
|
440
|
+
if (pattern === action) {
|
|
441
|
+
return true;
|
|
442
|
+
}
|
|
443
|
+
// Wildcard match (e.g., "tinycloud.kv/*" matches "tinycloud.kv/get")
|
|
444
|
+
if (pattern.endsWith("/*")) {
|
|
445
|
+
const prefix = pattern.slice(0, -2);
|
|
446
|
+
return action.startsWith(prefix + "/") || action === prefix;
|
|
447
|
+
}
|
|
448
|
+
return false;
|
|
449
|
+
}
|
|
450
|
+
/**
|
|
451
|
+
* Check if a resource matches a pattern.
|
|
452
|
+
*
|
|
453
|
+
* Patterns support:
|
|
454
|
+
* - Exact match: "/kv/data" matches "/kv/data"
|
|
455
|
+
* - Wildcard suffix: "/kv/*" matches "/kv/anything"
|
|
456
|
+
* - Double wildcard: "/kv/**" matches "/kv/any/nested/path"
|
|
457
|
+
*
|
|
458
|
+
* @param resource - The specific resource being accessed
|
|
459
|
+
* @param pattern - The pattern from the delegation
|
|
460
|
+
* @returns true if resource matches pattern
|
|
461
|
+
*/
|
|
462
|
+
resourceMatchesPattern(resource, pattern) {
|
|
463
|
+
// Exact match
|
|
464
|
+
if (pattern === resource) {
|
|
465
|
+
return true;
|
|
466
|
+
}
|
|
467
|
+
// Double wildcard (**) - matches any nested path
|
|
468
|
+
if (pattern.endsWith("/**")) {
|
|
469
|
+
const prefix = pattern.slice(0, -3);
|
|
470
|
+
return resource.startsWith(prefix);
|
|
471
|
+
}
|
|
472
|
+
// Single wildcard (*) - matches one path segment
|
|
473
|
+
if (pattern.endsWith("/*")) {
|
|
474
|
+
const prefix = pattern.slice(0, -2);
|
|
475
|
+
if (!resource.startsWith(prefix)) {
|
|
476
|
+
return false;
|
|
477
|
+
}
|
|
478
|
+
const remainder = resource.slice(prefix.length);
|
|
479
|
+
// Should be a single segment (no more slashes except possibly trailing)
|
|
480
|
+
return !remainder.includes("/") || remainder === "/";
|
|
481
|
+
}
|
|
482
|
+
// Prefix match for paths ending with /
|
|
483
|
+
if (pattern.endsWith("/") && resource.startsWith(pattern)) {
|
|
484
|
+
return true;
|
|
485
|
+
}
|
|
486
|
+
return false;
|
|
487
|
+
}
|
|
488
|
+
/**
|
|
489
|
+
* Check if a specific resource matches a resource pattern for searching.
|
|
490
|
+
*
|
|
491
|
+
* @param entryResource - The resource from a capability entry
|
|
492
|
+
* @param searchPattern - The pattern to search for
|
|
493
|
+
* @returns true if entry resource matches search pattern
|
|
494
|
+
*/
|
|
495
|
+
matchesResourcePattern(entryResource, searchPattern) {
|
|
496
|
+
// Use the same logic as resourceMatchesPattern
|
|
497
|
+
return this.resourceMatchesPattern(entryResource, searchPattern) ||
|
|
498
|
+
this.resourceMatchesPattern(searchPattern, entryResource);
|
|
499
|
+
}
|
|
500
|
+
}
|
|
501
|
+
/**
|
|
502
|
+
* Create a new CapabilityKeyRegistry instance.
|
|
503
|
+
*
|
|
504
|
+
* @returns A new registry instance
|
|
505
|
+
*/
|
|
506
|
+
export function createCapabilityKeyRegistry() {
|
|
507
|
+
return new CapabilityKeyRegistry();
|
|
508
|
+
}
|
|
509
|
+
//# sourceMappingURL=CapabilityKeyRegistry.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"CapabilityKeyRegistry.js","sourceRoot":"","sources":["../../src/authorization/CapabilityKeyRegistry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAQpE,gFAAgF;AAChF,eAAe;AACf,gFAAgF;AAEhF,MAAM,YAAY,GAAG,yBAAyB,CAAC;AAE/C,gFAAgF;AAChF,cAAc;AACd,gFAAgF;AAEhF;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG;IAC7C,gCAAgC;IAChC,aAAa,EAAE,eAAe;IAC9B,oDAAoD;IACpD,cAAc,EAAE,gBAAgB;IAChC,6BAA6B;IAC7B,kBAAkB,EAAE,oBAAoB;IACxC,kCAAkC;IAClC,kBAAkB,EAAE,oBAAoB;IACxC,8BAA8B;IAC9B,kBAAkB,EAAE,oBAAoB;IACxC,6BAA6B;IAC7B,UAAU,EAAE,YAAY;CAChB,CAAC;AAwJX,gFAAgF;AAChF,iBAAiB;AACjB,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,OAAO,qBAAqB;IAAlC;QACE;;WAEG;QACK,SAAI,GAAyB,IAAI,GAAG,EAAE,CAAC;QAE/C;;WAEG;QACK,UAAK,GAAoB;YAC/B,KAAK,EAAE,IAAI,GAAG,EAAE;YAChB,KAAK,EAAE,IAAI,GAAG,EAAE;YAChB,YAAY,EAAE,IAAI,GAAG,EAAE;SACxB,CAAC;IA8fJ,CAAC;IA5fC,8EAA8E;IAC9E,iBAAiB;IACjB,8EAA8E;IAE9E;;;;;OAKG;IACH,WAAW,CAAC,GAAY,EAAE,WAAyB;QACjD,gBAAgB;QAChB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAE3B,6CAA6C;QAC7C,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YAClC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACnC,CAAC;QAED,0BAA0B;QAC1B,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,SAAS,CAAC,KAAa;QACrB,+BAA+B;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAEtD,oBAAoB;QACpB,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAC1C,CAAC;QAED,2BAA2B;QAC3B,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;YACxD,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAC7B,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAC5D,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACzC,CAAC;iBAAM,CAAC;gBACN,uDAAuD;gBACvD,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;oBAC7B,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC;gBACjE,CAAC;gBACD,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;YACjF,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE/B,wBAAwB;QACxB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;IAED,8EAA8E;IAC9E,oBAAoB;IACpB,8EAA8E;IAE9E;;;;;;;;;;;;OAYG;IACH,mBAAmB,CAAC,QAAgB,EAAE,MAAc;QAClD,6BAA6B;QAC7B,MAAM,eAAe,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAEnE,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,+CAA+C;QAC/C,MAAM,SAAS,GAAc,EAAE,CAAC;QAEhC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;YACpC,mCAAmC;YACnC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9C,SAAS;YACX,CAAC;YAED,2BAA2B;YAC3B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBAC7B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBACrD,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtB,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,qCAAqC;QACrC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAU,EAAE,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAEpE,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAED;;;;OAIG;IACH,kBAAkB;QAChB,MAAM,GAAG,GAAsB,EAAE,CAAC;QAClC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YACvD,GAAG,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QACvB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,8EAA8E;IAC9E,sBAAsB;IACtB,8EAA8E;IAE9E;;;;;OAKG;IACH,oBAAoB,CAAC,KAAa;QAChC,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAC3C,CAAC;IAED,8EAA8E;IAC9E,YAAY;IACZ,8EAA8E;IAE9E;;;;;;OAMG;IACH,SAAS,CACP,GAAY,EACZ,UAAsB,EACtB,OAAuB;QAEvB,uCAAuC;QACvC,MAAM,UAAU,GAAY,OAAO,EAAE,QAAQ,KAAK,SAAS;YACzD,CAAC,CAAC,EAAE,GAAG,GAAG,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE;YACxC,CAAC,CAAC,GAAG,CAAC;QAER,gBAAgB;QAChB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;QAEzC,gCAAgC;QAChC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IAC7C,CAAC;IAED,8EAA8E;IAC9E,aAAa;IACb,8EAA8E;IAE9E;;;;;OAKG;IACH,iBAAiB,CAAC,UAAsB;QACtC,mBAAmB;QACnB,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;YACzB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,eAAe;QACf,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACjD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8EAA8E;IAC9E,aAAa;IACb,8EAA8E;IAE9E;;;;;OAKG;IACH,MAAM,CAAC,KAAa;QAClB,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED;;;;OAIG;IACH,UAAU;QACR,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,8EAA8E;IAC9E,QAAQ;IACR,8EAA8E;IAE9E;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAClB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;IAClC,CAAC;IAED,8EAA8E;IAC9E,aAAa;IACb,8EAA8E;IAE9E;;;;;OAKG;IACH,gBAAgB,CAAC,GAAW;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,GAAG,CACR,YAAY,CACV,+BAA+B,CAAC,aAAa,EAC7C,yBAAyB,GAAG,EAAE,EAC9B,YAAY,CACb,CACF,CAAC;QACJ,CAAC;QAED,iCAAiC;QACjC,MAAM,CAAC,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC;QAEnC,kBAAkB;QAClB,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,UAAU,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;YAC7D,IAAI,UAAU,EAAE,CAAC;gBACf,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YACvD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;oBACjC,KAAK,CAAC,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC;IACvB,CAAC;IAED,8EAA8E;IAC9E,SAAS;IACT,8EAA8E;IAE9E;;;;;;OAMG;IACH,gBAAgB,CACd,eAAuB,EACvB,MAAe;QAEf,MAAM,OAAO,GAAsB,EAAE,CAAC;QAEtC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YACvD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,kCAAkC;gBAClC,IAAI,MAAM,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBACtC,SAAS;gBACX,CAAC;gBAED,+BAA+B;gBAC/B,IAAI,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;oBACjE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACtB,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAE9E;;;;;OAKG;IACK,aAAa,CAAC,GAAY,EAAE,UAAsB;QACxD,eAAe;QACf,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;QAC1D,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1D,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;QAC/C,CAAC;QAED,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE;gBACnC,UAAU;gBACV,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,KAAK,EAAE,GAAG,CAAC,EAAE;gBACb,QAAQ,EAAE,IAAI,IAAI,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;QAED,sCAAsC;QACtC,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAE1D,8DAA8D;YAC9D,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,KAAK,UAAU,CAAC,GAAG,CAAC,CAAC;YAE/E,IAAI,aAAa,EAAE,CAAC;gBAClB,sCAAsC;gBACtC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBAC9D,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAC7B,sBAAsB;oBACtB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAU,EAAE,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAC/E,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,8BAA8B;gBAC9B,MAAM,KAAK,GAAoB;oBAC7B,QAAQ,EAAE,UAAU,CAAC,IAAI;oBACzB,MAAM;oBACN,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,UAAU;oBACV,SAAS,EAAE,UAAU,CAAC,MAAM;iBAC7B,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,iBAAiB,CAAC,QAAgB,EAAE,MAAc;QACxD,OAAO,GAAG,QAAQ,IAAI,MAAM,EAAE,CAAC;IACjC,CAAC;IAED;;;;;;OAMG;IACK,mBAAmB,CACzB,QAAgB,EAChB,MAAc;QAEd,MAAM,OAAO,GAAsB,EAAE,CAAC;QAEtC,cAAc;QACd,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3D,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QAChC,CAAC;QAED,6EAA6E;QAC7E,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;YACxD,IAAI,MAAM,KAAK,QAAQ;gBAAE,SAAS,CAAC,kBAAkB;YAErD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,sCAAsC;gBACtC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBAED,uEAAuE;gBACvE,IAAI,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC1D,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,KAAK,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;wBACpE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBACtB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;OAMG;IACK,aAAa,CAAC,OAAe,EAAE,MAAc;QACnD,cAAc;QACd,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,qEAAqE;QACrE,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACpC,OAAO,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,MAAM,KAAK,MAAM,CAAC;QAC9D,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;;;;;OAWG;IACK,sBAAsB,CAAC,QAAgB,EAAE,OAAe;QAC9D,cAAc;QACd,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,iDAAiD;QACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACpC,OAAO,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC;QAED,iDAAiD;QACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACpC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAChD,wEAAwE;YACxE,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,SAAS,KAAK,GAAG,CAAC;QACvD,CAAC;QAED,uCAAuC;QACvC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;OAMG;IACK,sBAAsB,CAC5B,aAAqB,EACrB,aAAqB;QAErB,+CAA+C;QAC/C,OAAO,IAAI,CAAC,sBAAsB,CAAC,aAAa,EAAE,aAAa,CAAC;YACzD,IAAI,CAAC,sBAAsB,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;IACnE,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,UAAU,2BAA2B;IACzC,OAAO,IAAI,qBAAqB,EAAE,CAAC;AACrC,CAAC"}
|