@tinyrack/tinyauth-server 0.0.15 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/entrypoints/app.d.ts +49 -2
- package/dist/entrypoints/app.d.ts.map +1 -1
- package/dist/entrypoints/app.js +5 -0
- package/dist/entrypoints/app.js.map +1 -1
- package/dist/entrypoints/database/postgres/postgres.d.ts.map +1 -1
- package/dist/entrypoints/database/postgres/postgres.js +1 -0
- package/dist/entrypoints/database/postgres/postgres.js.map +1 -1
- package/dist/entrypoints/database/sqlite/sqlite.d.ts.map +1 -1
- package/dist/entrypoints/database/sqlite/sqlite.js +1 -0
- package/dist/entrypoints/database/sqlite/sqlite.js.map +1 -1
- package/dist/entrypoints/identity-providers/apple.d.ts +1 -0
- package/dist/entrypoints/identity-providers/apple.d.ts.map +1 -1
- package/dist/entrypoints/identity-providers/apple.js +1 -0
- package/dist/entrypoints/identity-providers/apple.js.map +1 -1
- package/dist/entrypoints/identity-providers/generic-oauth.d.ts +2 -0
- package/dist/entrypoints/identity-providers/generic-oauth.d.ts.map +1 -1
- package/dist/entrypoints/identity-providers/generic-oauth.js +2 -0
- package/dist/entrypoints/identity-providers/generic-oauth.js.map +1 -1
- package/dist/lib/config/client.d.ts.map +1 -1
- package/dist/lib/config/client.js +5 -1
- package/dist/lib/config/client.js.map +1 -1
- package/dist/lib/config/identity-providers.d.ts +4 -0
- package/dist/lib/config/identity-providers.d.ts.map +1 -1
- package/dist/lib/config/identity-providers.js +25 -8
- package/dist/lib/config/identity-providers.js.map +1 -1
- package/dist/lib/config/resolved.d.ts +2 -0
- package/dist/lib/config/resolved.d.ts.map +1 -1
- package/dist/lib/config/url-policy.d.ts +4 -0
- package/dist/lib/config/url-policy.d.ts.map +1 -0
- package/dist/lib/config/url-policy.js +38 -0
- package/dist/lib/config/url-policy.js.map +1 -0
- package/dist/lib/pkce.d.ts.map +1 -1
- package/dist/lib/pkce.js +8 -1
- package/dist/lib/pkce.js.map +1 -1
- package/dist/middleware/csrf.d.ts +2 -0
- package/dist/middleware/csrf.d.ts.map +1 -0
- package/dist/middleware/csrf.js +51 -0
- package/dist/middleware/csrf.js.map +1 -0
- package/dist/middleware/session.d.ts.map +1 -1
- package/dist/middleware/session.js +2 -0
- package/dist/middleware/session.js.map +1 -1
- package/dist/repositories/revoked-token.repository.d.ts +20 -0
- package/dist/repositories/revoked-token.repository.d.ts.map +1 -1
- package/dist/repositories/revoked-token.repository.js +44 -1
- package/dist/repositories/revoked-token.repository.js.map +1 -1
- package/dist/routes/api/auth/passkey/verify/post.d.ts.map +1 -1
- package/dist/routes/api/auth/passkey/verify/post.js +1 -1
- package/dist/routes/api/auth/passkey/verify/post.js.map +1 -1
- package/dist/routes/api/index.d.ts +38 -0
- package/dist/routes/api/index.d.ts.map +1 -1
- package/dist/routes/api/oauth/_provider/authorize/get.d.ts.map +1 -1
- package/dist/routes/api/oauth/_provider/authorize/get.js +13 -1
- package/dist/routes/api/oauth/_provider/authorize/get.js.map +1 -1
- package/dist/routes/api/oauth/_provider/callback/get.d.ts +19 -0
- package/dist/routes/api/oauth/_provider/callback/get.d.ts.map +1 -1
- package/dist/routes/api/oauth/_provider/callback/get.js +19 -10
- package/dist/routes/api/oauth/_provider/callback/get.js.map +1 -1
- package/dist/routes/api/oauth/_provider/callback/post.d.ts +19 -0
- package/dist/routes/api/oauth/_provider/callback/post.d.ts.map +1 -1
- package/dist/routes/api/oauth/_provider/callback/post.js +49 -11
- package/dist/routes/api/oauth/_provider/callback/post.js.map +1 -1
- package/dist/routes/api/oauth/index.d.ts +38 -0
- package/dist/routes/api/oauth/index.d.ts.map +1 -1
- package/dist/routes/index.d.ts +47 -2
- package/dist/routes/index.d.ts.map +1 -1
- package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts +4 -0
- package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts.map +1 -1
- package/dist/routes/oauth/.well-known/openid-configuration/get.js +25 -2
- package/dist/routes/oauth/.well-known/openid-configuration/get.js.map +1 -1
- package/dist/routes/oauth/authorize/get.d.ts +2 -0
- package/dist/routes/oauth/authorize/get.d.ts.map +1 -1
- package/dist/routes/oauth/authorize/get.js +4 -0
- package/dist/routes/oauth/authorize/get.js.map +1 -1
- package/dist/routes/oauth/client-auth.d.ts +10 -0
- package/dist/routes/oauth/client-auth.d.ts.map +1 -0
- package/dist/routes/oauth/client-auth.js +57 -0
- package/dist/routes/oauth/client-auth.js.map +1 -0
- package/dist/routes/oauth/index.d.ts +9 -2
- package/dist/routes/oauth/index.d.ts.map +1 -1
- package/dist/routes/oauth/introspect/post.d.ts +1 -0
- package/dist/routes/oauth/introspect/post.d.ts.map +1 -1
- package/dist/routes/oauth/introspect/post.js +36 -12
- package/dist/routes/oauth/introspect/post.js.map +1 -1
- package/dist/routes/oauth/revoke/post.d.ts.map +1 -1
- package/dist/routes/oauth/revoke/post.js +30 -12
- package/dist/routes/oauth/revoke/post.js.map +1 -1
- package/dist/routes/oauth/token/post.d.ts +2 -2
- package/dist/routes/oauth/token/post.d.ts.map +1 -1
- package/dist/routes/oauth/token/post.js +32 -9
- package/dist/routes/oauth/token/post.js.map +1 -1
- package/dist/routes/oauth/userinfo/get.d.ts.map +1 -1
- package/dist/routes/oauth/userinfo/get.js +3 -0
- package/dist/routes/oauth/userinfo/get.js.map +1 -1
- package/dist/schemas/error.d.ts +75 -0
- package/dist/schemas/error.d.ts.map +1 -1
- package/dist/schemas/error.js +3 -0
- package/dist/schemas/error.js.map +1 -1
- package/dist/schemas/field.d.ts +1 -6
- package/dist/schemas/field.d.ts.map +1 -1
- package/dist/schemas/field.js +6 -3
- package/dist/schemas/field.js.map +1 -1
- package/dist/schemas/oauth.d.ts +1 -1
- package/dist/schemas/oauth.js +1 -1
- package/dist/schemas/oauth.js.map +1 -1
- package/dist/schemas/response.d.ts +1 -1
- package/dist/services/container.d.ts +2 -0
- package/dist/services/container.d.ts.map +1 -1
- package/dist/services/jwt.service.d.ts +6 -0
- package/dist/services/jwt.service.d.ts.map +1 -1
- package/dist/services/jwt.service.js +60 -34
- package/dist/services/jwt.service.js.map +1 -1
- package/dist/services/oauth-authorize.service.d.ts +5 -0
- package/dist/services/oauth-authorize.service.d.ts.map +1 -1
- package/dist/services/oauth-authorize.service.js +67 -9
- package/dist/services/oauth-authorize.service.js.map +1 -1
- package/dist/services/oauth-client.service.d.ts +3 -0
- package/dist/services/oauth-client.service.d.ts.map +1 -1
- package/dist/services/oauth-client.service.js +31 -0
- package/dist/services/oauth-client.service.js.map +1 -1
- package/dist/services/oauth-connect.service.d.ts +6 -8
- package/dist/services/oauth-connect.service.d.ts.map +1 -1
- package/dist/services/oauth-connect.service.js +158 -20
- package/dist/services/oauth-connect.service.js.map +1 -1
- package/dist/services/oauth-token.service.d.ts +11 -3
- package/dist/services/oauth-token.service.d.ts.map +1 -1
- package/dist/services/oauth-token.service.js +153 -50
- package/dist/services/oauth-token.service.js.map +1 -1
- package/dist/services/passkey.service.d.ts +1 -1
- package/dist/services/passkey.service.d.ts.map +1 -1
- package/dist/services/passkey.service.js +11 -3
- package/dist/services/passkey.service.js.map +1 -1
- package/package.json +1 -1
- package/public/assets/{index-KMvNrUPy.js → index-DaJe6s9D.js} +26 -26
- package/public/assets/{index-KMvNrUPy.js.map → index-DaJe6s9D.js.map} +1 -1
- package/public/index.html +1 -1
- package/readme.md +74 -25
|
@@ -17,6 +17,7 @@ export class OAuthTokenService {
|
|
|
17
17
|
oauthClientService;
|
|
18
18
|
jwtService;
|
|
19
19
|
securityService;
|
|
20
|
+
refreshRotationLocks = new Map();
|
|
20
21
|
constructor(config, mikro, userService, oauthClientService, jwtService, securityService) {
|
|
21
22
|
this.config = config;
|
|
22
23
|
this.mikro = mikro;
|
|
@@ -61,16 +62,17 @@ export class OAuthTokenService {
|
|
|
61
62
|
if (codeEntity.redirectUri !== redirectUri) {
|
|
62
63
|
throw new e.RedirectUriMismatch.Error();
|
|
63
64
|
}
|
|
64
|
-
// 5. Validate PKCE
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
65
|
+
// 5. Validate S256 PKCE for every authorization code (OAuth 2.1 / Security BCP)
|
|
66
|
+
if (!codeEntity.codeChallenge ||
|
|
67
|
+
codeEntity.codeChallengeMethod !== 'S256') {
|
|
68
|
+
throw new e.InvalidPKCEVerifier.Error();
|
|
69
|
+
}
|
|
70
|
+
if (!codeVerifier) {
|
|
71
|
+
throw new e.MissingCodeVerifier.Error();
|
|
72
|
+
}
|
|
73
|
+
const isPKCEValid = await validatePKCE(codeVerifier, codeEntity.codeChallenge, codeEntity.codeChallengeMethod);
|
|
74
|
+
if (!isPKCEValid) {
|
|
75
|
+
throw new e.InvalidPKCEVerifier.Error();
|
|
74
76
|
}
|
|
75
77
|
// 6. Get user data from relation (load via Ref)
|
|
76
78
|
const user = await codeEntity.user.load();
|
|
@@ -84,6 +86,8 @@ export class OAuthTokenService {
|
|
|
84
86
|
userEmailVerified: user.email_verified,
|
|
85
87
|
clientId: client.clientId,
|
|
86
88
|
scope: codeEntity.scope,
|
|
89
|
+
issueRefreshToken: client.grantTypes.includes('refresh_token') &&
|
|
90
|
+
codeEntity.scope.includes('offline_access'),
|
|
87
91
|
nonce: codeEntity.nonce,
|
|
88
92
|
// Pass OIDC authentication metadata from the authorization code
|
|
89
93
|
// Only include when defined and non-null (exactOptionalPropertyTypes)
|
|
@@ -109,9 +113,26 @@ export class OAuthTokenService {
|
|
|
109
113
|
* @throws {ClientIdMismatch} - Client ID doesn't match original token request
|
|
110
114
|
*/
|
|
111
115
|
async refreshAccessToken(params) {
|
|
116
|
+
const decodedRefreshToken = this.jwtService.decodeToken(params.refreshToken);
|
|
117
|
+
const refreshTokenJti = typeof decodedRefreshToken?.jti === 'string'
|
|
118
|
+
? decodedRefreshToken.jti
|
|
119
|
+
: undefined;
|
|
120
|
+
if (refreshTokenJti) {
|
|
121
|
+
return this.withRefreshTokenRotationLock(refreshTokenJti, () => this.refreshAccessTokenLocked(params));
|
|
122
|
+
}
|
|
123
|
+
return this.refreshAccessTokenLocked(params);
|
|
124
|
+
}
|
|
125
|
+
async refreshAccessTokenLocked(params) {
|
|
112
126
|
const { refreshToken, clientId } = params;
|
|
113
127
|
// 1. Verify refresh token (also checks revocation)
|
|
114
|
-
|
|
128
|
+
let refreshPayload;
|
|
129
|
+
try {
|
|
130
|
+
refreshPayload = await this.jwtService.verifyRefreshToken(refreshToken);
|
|
131
|
+
}
|
|
132
|
+
catch (error) {
|
|
133
|
+
await this.revokeRefreshTokenFamilyIfReused(refreshToken, clientId);
|
|
134
|
+
throw error;
|
|
135
|
+
}
|
|
115
136
|
// 2. Validate client_id matches (RFC 6749 §6)
|
|
116
137
|
// Refresh token is bound to the client that obtained it
|
|
117
138
|
if (refreshPayload.client_id !== clientId) {
|
|
@@ -126,14 +147,19 @@ export class OAuthTokenService {
|
|
|
126
147
|
// This is a security best practice per OAuth 2.0 Security BCP §4.14.2
|
|
127
148
|
// If an attacker tries to use a stolen refresh token after the legitimate
|
|
128
149
|
// user has already used it, the token will be rejected as revoked.
|
|
129
|
-
if (refreshPayload.jti
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
150
|
+
if (!refreshPayload.jti || !refreshPayload.exp) {
|
|
151
|
+
throw new e.InvalidRefreshToken.Error();
|
|
152
|
+
}
|
|
153
|
+
const didRevokeRefreshToken = await this.mikro.revokedToken.revokeTokenOnce({
|
|
154
|
+
jti: refreshPayload.jti,
|
|
155
|
+
token_type: 'refresh_token',
|
|
156
|
+
clientId: client.id, // Use entity primary key
|
|
157
|
+
userSub: userData.sub,
|
|
158
|
+
expires_at: new Date(refreshPayload.exp * 1000),
|
|
159
|
+
});
|
|
160
|
+
if (!didRevokeRefreshToken) {
|
|
161
|
+
await this.revokeRefreshTokenFamily(refreshPayload, client.id);
|
|
162
|
+
throw new e.InvalidRefreshToken.Error();
|
|
137
163
|
}
|
|
138
164
|
// 6. Build token response with new access and refresh tokens
|
|
139
165
|
// (no nonce in refresh flow)
|
|
@@ -143,6 +169,8 @@ export class OAuthTokenService {
|
|
|
143
169
|
userEmailVerified: userData.email_verified,
|
|
144
170
|
clientId: client.clientId,
|
|
145
171
|
scope: refreshPayload.scope.split(' '),
|
|
172
|
+
issueRefreshToken: true,
|
|
173
|
+
grantId: refreshPayload.grant_id,
|
|
146
174
|
});
|
|
147
175
|
}
|
|
148
176
|
/**
|
|
@@ -155,7 +183,7 @@ export class OAuthTokenService {
|
|
|
155
183
|
* @param tokenTypeHint - Hint about token type (access_token or refresh_token)
|
|
156
184
|
* @returns Token introspection result
|
|
157
185
|
*/
|
|
158
|
-
async introspectToken(token, tokenTypeHint) {
|
|
186
|
+
async introspectToken(token, tokenTypeHint, requestingClientId) {
|
|
159
187
|
// Try to verify the token based on hint or both types
|
|
160
188
|
let payload = null;
|
|
161
189
|
let tokenType = null;
|
|
@@ -210,6 +238,9 @@ export class OAuthTokenService {
|
|
|
210
238
|
}
|
|
211
239
|
// 3. If verification succeeded, return active response
|
|
212
240
|
if (payload && tokenType) {
|
|
241
|
+
if (requestingClientId && payload.client_id !== requestingClientId) {
|
|
242
|
+
return { active: false };
|
|
243
|
+
}
|
|
213
244
|
return {
|
|
214
245
|
active: true,
|
|
215
246
|
scope: payload.scope,
|
|
@@ -219,6 +250,7 @@ export class OAuthTokenService {
|
|
|
219
250
|
...(payload.iat !== undefined && { iat: payload.iat }),
|
|
220
251
|
sub: payload.sub,
|
|
221
252
|
...(payload.iss !== undefined && { iss: payload.iss }),
|
|
253
|
+
...(payload.aud !== undefined && { aud: payload.aud }),
|
|
222
254
|
};
|
|
223
255
|
}
|
|
224
256
|
// 4. Token is invalid or expired - return inactive
|
|
@@ -241,29 +273,20 @@ export class OAuthTokenService {
|
|
|
241
273
|
* @param tokenTypeHint - Hint about token type (access_token or refresh_token)
|
|
242
274
|
* @returns void - Always succeeds per RFC 7009 §2.1
|
|
243
275
|
*/
|
|
244
|
-
async revokeToken(token, tokenTypeHint) {
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
276
|
+
async revokeToken(token, tokenTypeHint, requestingClientId) {
|
|
277
|
+
const verification = await this.verifyTokenForRevocation(token, tokenTypeHint);
|
|
278
|
+
if (!verification) {
|
|
279
|
+
return;
|
|
280
|
+
}
|
|
281
|
+
const { payload, tokenType } = verification;
|
|
282
|
+
if (requestingClientId && payload.client_id !== requestingClientId) {
|
|
251
283
|
return;
|
|
252
284
|
}
|
|
253
|
-
const jti =
|
|
254
|
-
|
|
255
|
-
const rawClientId = decoded['client_id'];
|
|
256
|
-
const clientId = typeof rawClientId === 'string' ? rawClientId : undefined;
|
|
257
|
-
const rawTyp = decoded['typ'];
|
|
258
|
-
const tokenType = (rawTyp === 'access_token' || rawTyp === 'refresh_token'
|
|
259
|
-
? rawTyp
|
|
260
|
-
: undefined) ||
|
|
261
|
-
tokenTypeHint ||
|
|
262
|
-
'access_token';
|
|
263
|
-
const expiresAt = new Date(decoded.exp * 1000);
|
|
264
|
-
if (!clientId) {
|
|
285
|
+
const { jti, exp } = payload;
|
|
286
|
+
if (!jti || !exp) {
|
|
265
287
|
return;
|
|
266
288
|
}
|
|
289
|
+
const expiresAt = new Date(exp * 1000);
|
|
267
290
|
// Check if already revoked
|
|
268
291
|
const isAlreadyRevoked = await this.mikro.revokedToken.isRevoked(jti);
|
|
269
292
|
if (isAlreadyRevoked) {
|
|
@@ -271,8 +294,10 @@ export class OAuthTokenService {
|
|
|
271
294
|
}
|
|
272
295
|
// Look up user and client entities to get primary keys
|
|
273
296
|
// Note: clientId from token is the business key, we need the entity's primary key
|
|
274
|
-
const userEntity = await this.mikro.user.findOne({ sub:
|
|
275
|
-
const clientEntity = await this.mikro.oauthClient.findOne({
|
|
297
|
+
const userEntity = await this.mikro.user.findOne({ sub: payload.sub });
|
|
298
|
+
const clientEntity = await this.mikro.oauthClient.findOne({
|
|
299
|
+
clientId: payload.client_id,
|
|
300
|
+
});
|
|
276
301
|
if (!userEntity || !clientEntity) {
|
|
277
302
|
// User or client no longer exists, but we still return success per RFC 7009
|
|
278
303
|
return;
|
|
@@ -285,6 +310,9 @@ export class OAuthTokenService {
|
|
|
285
310
|
userSub: userEntity.sub,
|
|
286
311
|
expires_at: expiresAt,
|
|
287
312
|
});
|
|
313
|
+
if (tokenType === 'refresh_token') {
|
|
314
|
+
await this.revokeRefreshTokenFamily(payload, clientEntity.id);
|
|
315
|
+
}
|
|
288
316
|
// RFC 7009 §2.1: "If the particular token is a refresh token and the
|
|
289
317
|
// authorization server supports the revocation of access tokens, then
|
|
290
318
|
// the authorization server SHOULD also invalidate all access tokens
|
|
@@ -294,6 +322,78 @@ export class OAuthTokenService {
|
|
|
294
322
|
// the revocation check happens at token verification time via jti lookup.
|
|
295
323
|
// Access tokens will be rejected when their jti is in the revoked_tokens table.
|
|
296
324
|
}
|
|
325
|
+
async withRefreshTokenRotationLock(refreshTokenJti, operation) {
|
|
326
|
+
const previousLock = this.refreshRotationLocks.get(refreshTokenJti);
|
|
327
|
+
let releaseLock = () => { };
|
|
328
|
+
const currentLock = new Promise((resolve) => {
|
|
329
|
+
releaseLock = resolve;
|
|
330
|
+
});
|
|
331
|
+
this.refreshRotationLocks.set(refreshTokenJti, currentLock);
|
|
332
|
+
if (previousLock) {
|
|
333
|
+
await previousLock;
|
|
334
|
+
}
|
|
335
|
+
try {
|
|
336
|
+
return await operation();
|
|
337
|
+
}
|
|
338
|
+
finally {
|
|
339
|
+
releaseLock();
|
|
340
|
+
if (this.refreshRotationLocks.get(refreshTokenJti) === currentLock) {
|
|
341
|
+
this.refreshRotationLocks.delete(refreshTokenJti);
|
|
342
|
+
}
|
|
343
|
+
}
|
|
344
|
+
}
|
|
345
|
+
async revokeRefreshTokenFamilyIfReused(refreshToken, clientId) {
|
|
346
|
+
try {
|
|
347
|
+
const refreshPayload = await this.jwtService.verifyRefreshTokenForReuseDetection(refreshToken);
|
|
348
|
+
if (refreshPayload.client_id !== clientId || !refreshPayload.jti) {
|
|
349
|
+
return;
|
|
350
|
+
}
|
|
351
|
+
const isRefreshTokenRevoked = await this.mikro.revokedToken.isRevoked(refreshPayload.jti);
|
|
352
|
+
if (!isRefreshTokenRevoked) {
|
|
353
|
+
return;
|
|
354
|
+
}
|
|
355
|
+
const client = await this.oauthClientService.findByClientId(clientId);
|
|
356
|
+
await this.revokeRefreshTokenFamily(refreshPayload, client.id);
|
|
357
|
+
}
|
|
358
|
+
catch {
|
|
359
|
+
// Invalid, expired, or malformed refresh tokens do not identify a family.
|
|
360
|
+
}
|
|
361
|
+
}
|
|
362
|
+
async revokeRefreshTokenFamily(payload, clientEntityId) {
|
|
363
|
+
if (!payload.grant_id || !payload.exp) {
|
|
364
|
+
return;
|
|
365
|
+
}
|
|
366
|
+
const tokenExpiresAt = payload.exp * 1000;
|
|
367
|
+
const familyExpiresAt = Date.now() + this.config.tokens.refresh_token_ttl * 1000;
|
|
368
|
+
await this.mikro.revokedToken.revokeGrant({
|
|
369
|
+
grantId: payload.grant_id,
|
|
370
|
+
clientId: clientEntityId,
|
|
371
|
+
userSub: payload.sub,
|
|
372
|
+
expires_at: new Date(Math.max(tokenExpiresAt, familyExpiresAt)),
|
|
373
|
+
});
|
|
374
|
+
}
|
|
375
|
+
async verifyTokenForRevocation(token, tokenTypeHint) {
|
|
376
|
+
const verifyAccessToken = async () => ({
|
|
377
|
+
payload: await this.jwtService.verifyAccessToken(token),
|
|
378
|
+
tokenType: 'access_token',
|
|
379
|
+
});
|
|
380
|
+
const verifyRefreshToken = async () => ({
|
|
381
|
+
payload: await this.jwtService.verifyRefreshToken(token),
|
|
382
|
+
tokenType: 'refresh_token',
|
|
383
|
+
});
|
|
384
|
+
const attempts = tokenTypeHint === 'refresh_token'
|
|
385
|
+
? [verifyRefreshToken, verifyAccessToken]
|
|
386
|
+
: [verifyAccessToken, verifyRefreshToken];
|
|
387
|
+
for (const attempt of attempts) {
|
|
388
|
+
try {
|
|
389
|
+
return await attempt();
|
|
390
|
+
}
|
|
391
|
+
catch {
|
|
392
|
+
// RFC 7009 returns success for invalid, unknown, or already revoked tokens.
|
|
393
|
+
}
|
|
394
|
+
}
|
|
395
|
+
return undefined;
|
|
396
|
+
}
|
|
297
397
|
/**
|
|
298
398
|
* Compute the at_hash claim value (OIDC Core 1.0 §3.1.3.6)
|
|
299
399
|
*
|
|
@@ -319,7 +419,7 @@ export class OAuthTokenService {
|
|
|
319
419
|
* @returns Complete token response
|
|
320
420
|
*/
|
|
321
421
|
async buildTokenResponse(params) {
|
|
322
|
-
const { userSub, userEmail, userEmailVerified, clientId, scope, nonce, authTime, } = params;
|
|
422
|
+
const { userSub, userEmail, userEmailVerified, clientId, scope, issueRefreshToken, grantId = crypto.randomUUID(), nonce, authTime, } = params;
|
|
323
423
|
const scopeString = scope.join(' ');
|
|
324
424
|
// Generate access token (RFC 6749 §1.4)
|
|
325
425
|
const accessToken = await this.jwtService.signAccessToken({
|
|
@@ -327,21 +427,24 @@ export class OAuthTokenService {
|
|
|
327
427
|
sub: userSub,
|
|
328
428
|
client_id: clientId,
|
|
329
429
|
scope: scopeString,
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
const refreshToken = await this.jwtService.signRefreshToken({
|
|
333
|
-
typ: 'refresh_token',
|
|
334
|
-
sub: userSub,
|
|
335
|
-
client_id: clientId,
|
|
336
|
-
scope: scopeString,
|
|
430
|
+
aud: this.config.server.public_origin,
|
|
431
|
+
grant_id: grantId,
|
|
337
432
|
});
|
|
338
433
|
const response = {
|
|
339
434
|
access_token: accessToken,
|
|
340
435
|
token_type: 'Bearer',
|
|
341
436
|
expires_in: this.config.tokens.access_token_ttl,
|
|
342
|
-
refresh_token: refreshToken,
|
|
343
437
|
scope: scopeString,
|
|
344
438
|
};
|
|
439
|
+
if (issueRefreshToken) {
|
|
440
|
+
response.refresh_token = await this.jwtService.signRefreshToken({
|
|
441
|
+
typ: 'refresh_token',
|
|
442
|
+
sub: userSub,
|
|
443
|
+
client_id: clientId,
|
|
444
|
+
scope: scopeString,
|
|
445
|
+
grant_id: grantId,
|
|
446
|
+
});
|
|
447
|
+
}
|
|
345
448
|
// Generate ID token if OIDC (openid scope present)
|
|
346
449
|
if (scope.includes('openid')) {
|
|
347
450
|
const idTokenPayload = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-token.service.js","sourceRoot":"","sources":["../../src/services/oauth-token.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEhF,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,qBAAqB,CAAC;AAgFxC;;;;;;;;GAQG;AACH,MAAM,OAAO,iBAAiB;IACX,MAAM,CAAwB;IAC9B,KAAK,CAAe;IACpB,WAAW,CAAc;IACzB,kBAAkB,CAAqB;IACvC,UAAU,CAAa;IACvB,eAAe,CAAkB;IAClD,YACE,MAA6B,EAC7B,KAAmB,EACnB,WAAwB,EACxB,kBAAsC,EACtC,UAAsB,EACtB,eAAgC;QAEhC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,yBAAyB,CAAC,MAAoC;QAClE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;QAE7D,iFAAiF;QACjF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAEtE,+CAA+C;QAC/C,uDAAuD;QACvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,eAAe,CACzD,YAAY,EACZ,IAAI,CACL,CAAC;QACF,MAAM,UAAU,GACd,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,iCAAiC,CAC1D,MAAM,CAAC,EAAE,EACT,QAAQ,CACT,CAAC;QAEJ,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QAED,IAAI,UAAU,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QAED,UAAU,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAE5B,4BAA4B;QAC5B,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAEnD,qDAAqD;QACrD,wDAAwD;QACxD,IAAI,UAAU,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;YAC3C,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,8DAA8D;QAC9D,2EAA2E;QAC3E,IAAI,UAAU,CAAC,aAAa,EAAE,CAAC;YAC7B,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAC1C,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,YAAY,CACpC,YAAY,EACZ,UAAU,CAAC,aAAa,EACxB,UAAU,CAAC,mBAAmB,CAC/B,CAAC;YAEF,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAC1C,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,CAAC,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QACnC,CAAC;QAED,0BAA0B;QAC1B,OAAO,IAAI,CAAC,kBAAkB,CAAC;YAC7B,OAAO,EAAE,IAAI,CAAC,GAAG;YACjB,SAAS,EAAE,IAAI,CAAC,KAAK;YACrB,iBAAiB,EAAE,IAAI,CAAC,cAAc;YACtC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,gEAAgE;YAChE,sEAAsE;YACtE,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,IAAI,IAAI;gBACjC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,KAAK,CAAC,kBAAkB,CAAC,MAA+B;QACtD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAE1C,mDAAmD;QACnD,MAAM,cAAc,GAClB,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;QAEzD,8CAA8C;QAC9C,wDAAwD;QACxD,IAAI,cAAc,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,IAAI,CAAC,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;QACvC,CAAC;QAED,mDAAmD;QACnD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;QAE5E,qBAAqB;QACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAEtE,0DAA0D;QAC1D,sEAAsE;QACtE,0EAA0E;QAC1E,mEAAmE;QACnE,IAAI,cAAc,CAAC,GAAG,IAAI,cAAc,CAAC,GAAG,EAAE,CAAC;YAC7C,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,CAAC;gBACxC,GAAG,EAAE,cAAc,CAAC,GAAG;gBACvB,UAAU,EAAE,eAAe;gBAC3B,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,yBAAyB;gBAC9C,OAAO,EAAE,QAAQ,CAAC,GAAG;gBACrB,UAAU,EAAE,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,GAAG,IAAI,CAAC;aAChD,CAAC,CAAC;QACL,CAAC;QAED,6DAA6D;QAC7D,6BAA6B;QAC7B,OAAO,IAAI,CAAC,kBAAkB,CAAC;YAC7B,OAAO,EAAE,QAAQ,CAAC,GAAG;YACrB,SAAS,EAAE,QAAQ,CAAC,KAAK;YACzB,iBAAiB,EAAE,QAAQ,CAAC,cAAc;YAC1C,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;SACvC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,eAAe,CACnB,KAAa,EACb,aAAgD;QAEhD,sDAAsD;QACtD,IAAI,OAAO,GAAoD,IAAI,CAAC;QACpE,IAAI,SAAS,GAA4C,IAAI,CAAC;QAE9D,iEAAiE;QACjE,IAAI,aAAa,KAAK,cAAc,EAAE,CAAC;YACrC,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBACzD,SAAS,GAAG,cAAc,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,iCAAiC;gBACjC,IAAI,CAAC;oBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;oBAC1D,SAAS,GAAG,eAAe,CAAC;gBAC9B,CAAC;gBAAC,MAAM,CAAC;oBACP,wCAAwC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,aAAa,KAAK,eAAe,EAAE,CAAC;YAC7C,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBAC1D,SAAS,GAAG,eAAe,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,gCAAgC;gBAChC,IAAI,CAAC;oBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;oBACzD,SAAS,GAAG,cAAc,CAAC;gBAC7B,CAAC;gBAAC,MAAM,CAAC;oBACP,wCAAwC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,sCAAsC;YACtC,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBACzD,SAAS,GAAG,cAAc,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,IAAI,CAAC;oBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;oBAC1D,SAAS,GAAG,eAAe,CAAC;gBAC9B,CAAC;gBAAC,MAAM,CAAC;oBACP,wCAAwC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;QAED,uDAAuD;QACvD,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;YACzB,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,QAAQ;gBACpB,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;gBACtD,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;gBACtD,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;aACvD,CAAC;QACJ,CAAC;QAED,mDAAmD;QACnD,6EAA6E;QAC7E,gFAAgF;QAChF,2EAA2E;QAC3E,iCAAiC;QACjC,OAAO;YACL,MAAM,EAAE,KAAK;SACd,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,WAAW,CACf,KAAa,EACb,aAAgD;QAEhD,+DAA+D;QAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAEnD,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAClD,qEAAqE;YACrE,uEAAuE;YACvE,+BAA+B;YAC/B,OAAO;QACT,CAAC;QAED,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;QAC5B,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3E,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,SAAS,GACb,CAAC,MAAM,KAAK,cAAc,IAAI,MAAM,KAAK,eAAe;YACtD,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,SAAS,CAAC;YACd,aAAa;YACb,cAAc,CAAC;QACjB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;QAE/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO;QACT,CAAC;QAED,2BAA2B;QAC3B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACtE,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QAED,uDAAuD;QACvD,kFAAkF;QAClF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QACnE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QAExE,IAAI,CAAC,UAAU,IAAI,CAAC,YAAY,EAAE,CAAC;YACjC,4EAA4E;YAC5E,OAAO;QACT,CAAC;QAED,0DAA0D;QAC1D,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,CAAC;YACxC,GAAG;YACH,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,YAAY,CAAC,EAAE,EAAE,2BAA2B;YACtD,OAAO,EAAE,UAAU,CAAC,GAAG;YACvB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QAEH,qEAAqE;QACrE,sEAAsE;QACtE,oEAAoE;QACpE,0CAA0C;QAC1C,EAAE;QACF,4EAA4E;QAC5E,0EAA0E;QAC1E,gFAAgF;IAClF,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,aAAa,CAAC,WAAmB;QAC7C,mCAAmC;QACnC,MAAM,IAAI,GAAG,IAAI,UAAU,CACzB,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACxB,SAAS,EACT,aAAa,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAC1C,CACF,CAAC;QACF,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;QACpD,mBAAmB;QACnB,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,kBAAkB,CAAC,MAShC;QACC,MAAM,EACJ,OAAO,EACP,SAAS,EACT,iBAAiB,EACjB,QAAQ,EACR,KAAK,EACL,KAAK,EACL,QAAQ,GACT,GAAG,MAAM,CAAC;QAEX,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEpC,wCAAwC;QACxC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC;YACxD,GAAG,EAAE,cAAc;YACnB,GAAG,EAAE,OAAO;YACZ,SAAS,EAAE,QAAQ;YACnB,KAAK,EAAE,WAAW;SACnB,CAAC,CAAC;QAEH,yCAAyC;QACzC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC;YAC1D,GAAG,EAAE,eAAe;YACpB,GAAG,EAAE,OAAO;YACZ,SAAS,EAAE,QAAQ;YACnB,KAAK,EAAE,WAAW;SACnB,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAkB;YAC9B,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB;YAC/C,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,WAAW;SACnB,CAAC;QAEF,mDAAmD;QACnD,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,MAAM,cAAc,GAShB;gBACF,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,QAAQ;aACd,CAAC;YAEF,IAAI,KAAK,EAAE,CAAC;gBACV,cAAc,CAAC,KAAK,GAAG,KAAK,CAAC;YAC/B,CAAC;YAED,8CAA8C;YAC9C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,cAAc,CAAC,SAAS,GAAG,QAAQ,CAAC;YACtC,CAAC;YAED,2CAA2C;YAC3C,oEAAoE;YACpE,wEAAwE;YACxE,cAAc,CAAC,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;YAE/D,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,cAAc,CAAC,KAAK,GAAG,SAAS,CAAC;gBACjC,cAAc,CAAC,cAAc,GAAG,iBAAiB,CAAC;YACpD,CAAC;YAED,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9B,cAAc,CAAC,IAAI,GAAG,SAAS,CAAC;YAClC,CAAC;YAED,QAAQ,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;QACxE,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"oauth-token.service.js","sourceRoot":"","sources":["../../src/services/oauth-token.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEhF,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,qBAAqB,CAAC;AAkFxC;;;;;;;;GAQG;AACH,MAAM,OAAO,iBAAiB;IACX,MAAM,CAAwB;IAC9B,KAAK,CAAe;IACpB,WAAW,CAAc;IACzB,kBAAkB,CAAqB;IACvC,UAAU,CAAa;IACvB,eAAe,CAAkB;IACjC,oBAAoB,GAAG,IAAI,GAAG,EAAyB,CAAC;IACzE,YACE,MAA6B,EAC7B,KAAmB,EACnB,WAAwB,EACxB,kBAAsC,EACtC,UAAsB,EACtB,eAAgC;QAEhC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,yBAAyB,CAAC,MAAoC;QAClE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;QAE7D,iFAAiF;QACjF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAEtE,+CAA+C;QAC/C,uDAAuD;QACvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,eAAe,CACzD,YAAY,EACZ,IAAI,CACL,CAAC;QACF,MAAM,UAAU,GACd,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,iCAAiC,CAC1D,MAAM,CAAC,EAAE,EACT,QAAQ,CACT,CAAC;QAEJ,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QAED,IAAI,UAAU,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QAED,UAAU,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAE5B,4BAA4B;QAC5B,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAEnD,qDAAqD;QACrD,wDAAwD;QACxD,IAAI,UAAU,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;YAC3C,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,gFAAgF;QAChF,IACE,CAAC,UAAU,CAAC,aAAa;YACzB,UAAU,CAAC,mBAAmB,KAAK,MAAM,EACzC,CAAC;YACD,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,YAAY,CACpC,YAAY,EACZ,UAAU,CAAC,aAAa,EACxB,UAAU,CAAC,mBAAmB,CAC/B,CAAC;QAEF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,gDAAgD;QAChD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,CAAC,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QACnC,CAAC;QAED,0BAA0B;QAC1B,OAAO,IAAI,CAAC,kBAAkB,CAAC;YAC7B,OAAO,EAAE,IAAI,CAAC,GAAG;YACjB,SAAS,EAAE,IAAI,CAAC,KAAK;YACrB,iBAAiB,EAAE,IAAI,CAAC,cAAc;YACtC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,iBAAiB,EACf,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,CAAC;gBAC3C,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YAC7C,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,gEAAgE;YAChE,sEAAsE;YACtE,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,IAAI,IAAI;gBACjC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,KAAK,CAAC,kBAAkB,CAAC,MAA+B;QACtD,MAAM,mBAAmB,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CACrD,MAAM,CAAC,YAAY,CACpB,CAAC;QACF,MAAM,eAAe,GACnB,OAAO,mBAAmB,EAAE,GAAG,KAAK,QAAQ;YAC1C,CAAC,CAAC,mBAAmB,CAAC,GAAG;YACzB,CAAC,CAAC,SAAS,CAAC;QAEhB,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC,4BAA4B,CAAC,eAAe,EAAE,GAAG,EAAE,CAC7D,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,CACtC,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,wBAAwB,CAAC,MAA+B;QACpE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAE1C,mDAAmD;QACnD,IAAI,cAAmC,CAAC;QACxC,IAAI,CAAC;YACH,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;QAC1E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,CAAC,gCAAgC,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;YACpE,MAAM,KAAK,CAAC;QACd,CAAC;QAED,8CAA8C;QAC9C,wDAAwD;QACxD,IAAI,cAAc,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,IAAI,CAAC,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;QACvC,CAAC;QAED,mDAAmD;QACnD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;QAE5E,qBAAqB;QACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAEtE,0DAA0D;QAC1D,sEAAsE;QACtE,0EAA0E;QAC1E,mEAAmE;QACnE,IAAI,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;YAC/C,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,eAAe,CACzE;YACE,GAAG,EAAE,cAAc,CAAC,GAAG;YACvB,UAAU,EAAE,eAAe;YAC3B,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,yBAAyB;YAC9C,OAAO,EAAE,QAAQ,CAAC,GAAG;YACrB,UAAU,EAAE,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,GAAG,IAAI,CAAC;SAChD,CACF,CAAC;QAEF,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC3B,MAAM,IAAI,CAAC,wBAAwB,CAAC,cAAc,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;YAC/D,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,6DAA6D;QAC7D,6BAA6B;QAC7B,OAAO,IAAI,CAAC,kBAAkB,CAAC;YAC7B,OAAO,EAAE,QAAQ,CAAC,GAAG;YACrB,SAAS,EAAE,QAAQ,CAAC,KAAK;YACzB,iBAAiB,EAAE,QAAQ,CAAC,cAAc;YAC1C,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;YACtC,iBAAiB,EAAE,IAAI;YACvB,OAAO,EAAE,cAAc,CAAC,QAAQ;SACjC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,eAAe,CACnB,KAAa,EACb,aAAgD,EAChD,kBAA2B;QAE3B,sDAAsD;QACtD,IAAI,OAAO,GAAoD,IAAI,CAAC;QACpE,IAAI,SAAS,GAA4C,IAAI,CAAC;QAE9D,iEAAiE;QACjE,IAAI,aAAa,KAAK,cAAc,EAAE,CAAC;YACrC,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBACzD,SAAS,GAAG,cAAc,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,iCAAiC;gBACjC,IAAI,CAAC;oBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;oBAC1D,SAAS,GAAG,eAAe,CAAC;gBAC9B,CAAC;gBAAC,MAAM,CAAC;oBACP,wCAAwC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,aAAa,KAAK,eAAe,EAAE,CAAC;YAC7C,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBAC1D,SAAS,GAAG,eAAe,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,gCAAgC;gBAChC,IAAI,CAAC;oBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;oBACzD,SAAS,GAAG,cAAc,CAAC;gBAC7B,CAAC;gBAAC,MAAM,CAAC;oBACP,wCAAwC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,sCAAsC;YACtC,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBACzD,SAAS,GAAG,cAAc,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,IAAI,CAAC;oBACH,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;oBAC1D,SAAS,GAAG,eAAe,CAAC;gBAC9B,CAAC;gBAAC,MAAM,CAAC;oBACP,wCAAwC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;QAED,uDAAuD;QACvD,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;YACzB,IAAI,kBAAkB,IAAI,OAAO,CAAC,SAAS,KAAK,kBAAkB,EAAE,CAAC;gBACnE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC3B,CAAC;YAED,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,QAAQ;gBACpB,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;gBACtD,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;gBACtD,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;gBACtD,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;aACvD,CAAC;QACJ,CAAC;QAED,mDAAmD;QACnD,6EAA6E;QAC7E,gFAAgF;QAChF,2EAA2E;QAC3E,iCAAiC;QACjC,OAAO;YACL,MAAM,EAAE,KAAK;SACd,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,WAAW,CACf,KAAa,EACb,aAAgD,EAChD,kBAA2B;QAE3B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,wBAAwB,CACtD,KAAK,EACL,aAAa,CACd,CAAC;QAEF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO;QACT,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,YAAY,CAAC;QAE5C,IAAI,kBAAkB,IAAI,OAAO,CAAC,SAAS,KAAK,kBAAkB,EAAE,CAAC;YACnE,OAAO;QACT,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;QAC7B,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;QAEvC,2BAA2B;QAC3B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACtE,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QAED,uDAAuD;QACvD,kFAAkF;QAClF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACvE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC;YACxD,QAAQ,EAAE,OAAO,CAAC,SAAS;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,IAAI,CAAC,YAAY,EAAE,CAAC;YACjC,4EAA4E;YAC5E,OAAO;QACT,CAAC;QAED,0DAA0D;QAC1D,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,CAAC;YACxC,GAAG;YACH,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,YAAY,CAAC,EAAE,EAAE,2BAA2B;YACtD,OAAO,EAAE,UAAU,CAAC,GAAG;YACvB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QAEH,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,wBAAwB,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,qEAAqE;QACrE,sEAAsE;QACtE,oEAAoE;QACpE,0CAA0C;QAC1C,EAAE;QACF,4EAA4E;QAC5E,0EAA0E;QAC1E,gFAAgF;IAClF,CAAC;IAEO,KAAK,CAAC,4BAA4B,CACxC,eAAuB,EACvB,SAA2B;QAE3B,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACpE,IAAI,WAAW,GAAe,GAAG,EAAE,GAAE,CAAC,CAAC;QACvC,MAAM,WAAW,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAChD,WAAW,GAAG,OAAO,CAAC;QACxB,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;QAE5D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,YAAY,CAAC;QACrB,CAAC;QAED,IAAI,CAAC;YACH,OAAO,MAAM,SAAS,EAAE,CAAC;QAC3B,CAAC;gBAAS,CAAC;YACT,WAAW,EAAE,CAAC;YACd,IAAI,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,WAAW,EAAE,CAAC;gBACnE,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gCAAgC,CAC5C,YAAoB,EACpB,QAAgB;QAEhB,IAAI,CAAC;YACH,MAAM,cAAc,GAClB,MAAM,IAAI,CAAC,UAAU,CAAC,mCAAmC,CAAC,YAAY,CAAC,CAAC;YAE1E,IAAI,cAAc,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;gBACjE,OAAO;YACT,CAAC;YAED,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,CACnE,cAAc,CAAC,GAAG,CACnB,CAAC;YACF,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAC3B,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YACtE,MAAM,IAAI,CAAC,wBAAwB,CAAC,cAAc,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACjE,CAAC;QAAC,MAAM,CAAC;YACP,0EAA0E;QAC5E,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,wBAAwB,CACpC,OAAiD,EACjD,cAAsB;QAEtB,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACtC,OAAO;QACT,CAAC;QAED,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;QAC1C,MAAM,eAAe,GACnB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAE3D,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,CAAC;YACxC,OAAO,EAAE,OAAO,CAAC,QAAQ;YACzB,QAAQ,EAAE,cAAc;YACxB,OAAO,EAAE,OAAO,CAAC,GAAG;YACpB,UAAU,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC;SAChE,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,wBAAwB,CACpC,KAAa,EACb,aAAgD;QAQhD,MAAM,iBAAiB,GAAG,KAAK,IAG5B,EAAE,CAAC,CAAC;YACL,OAAO,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,KAAK,CAAC;YACvD,SAAS,EAAE,cAAc;SAC1B,CAAC,CAAC;QACH,MAAM,kBAAkB,GAAG,KAAK,IAG7B,EAAE,CAAC,CAAC;YACL,OAAO,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,CAAC;YACxD,SAAS,EAAE,eAAe;SAC3B,CAAC,CAAC;QAEH,MAAM,QAAQ,GACZ,aAAa,KAAK,eAAe;YAC/B,CAAC,CAAC,CAAC,kBAAkB,EAAE,iBAAiB,CAAC;YACzC,CAAC,CAAC,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,CAAC;QAE9C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC;gBACH,OAAO,MAAM,OAAO,EAAE,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACP,4EAA4E;YAC9E,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,aAAa,CAAC,WAAmB;QAC7C,mCAAmC;QACnC,MAAM,IAAI,GAAG,IAAI,UAAU,CACzB,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACxB,SAAS,EACT,aAAa,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAC1C,CACF,CAAC;QACF,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;QACpD,mBAAmB;QACnB,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,kBAAkB,CAAC,MAWhC;QACC,MAAM,EACJ,OAAO,EACP,SAAS,EACT,iBAAiB,EACjB,QAAQ,EACR,KAAK,EACL,iBAAiB,EACjB,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,EAC7B,KAAK,EACL,QAAQ,GACT,GAAG,MAAM,CAAC;QAEX,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEpC,wCAAwC;QACxC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC;YACxD,GAAG,EAAE,cAAc;YACnB,GAAG,EAAE,OAAO;YACZ,SAAS,EAAE,QAAQ;YACnB,KAAK,EAAE,WAAW;YAClB,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa;YACrC,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAkB;YAC9B,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB;YAC/C,KAAK,EAAE,WAAW;SACnB,CAAC;QAEF,IAAI,iBAAiB,EAAE,CAAC;YACtB,QAAQ,CAAC,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC;gBAC9D,GAAG,EAAE,eAAe;gBACpB,GAAG,EAAE,OAAO;gBACZ,SAAS,EAAE,QAAQ;gBACnB,KAAK,EAAE,WAAW;gBAClB,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;QAED,mDAAmD;QACnD,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,MAAM,cAAc,GAShB;gBACF,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,QAAQ;aACd,CAAC;YAEF,IAAI,KAAK,EAAE,CAAC;gBACV,cAAc,CAAC,KAAK,GAAG,KAAK,CAAC;YAC/B,CAAC;YAED,8CAA8C;YAC9C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,cAAc,CAAC,SAAS,GAAG,QAAQ,CAAC;YACtC,CAAC;YAED,2CAA2C;YAC3C,oEAAoE;YACpE,wEAAwE;YACxE,cAAc,CAAC,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;YAE/D,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,cAAc,CAAC,KAAK,GAAG,SAAS,CAAC;gBACjC,cAAc,CAAC,cAAc,GAAG,iBAAiB,CAAC;YACpD,CAAC;YAED,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9B,cAAc,CAAC,IAAI,GAAG,SAAS,CAAC;YAClC,CAAC;YAED,QAAQ,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;QACxE,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
|
|
@@ -52,7 +52,7 @@ export declare class PasskeyService {
|
|
|
52
52
|
* Verify authentication response
|
|
53
53
|
* Returns the user if verification succeeds
|
|
54
54
|
*/
|
|
55
|
-
verifyAuthentication(response: AuthenticationResponseJSON, expectedChallenge: string): Promise<UserEntity>;
|
|
55
|
+
verifyAuthentication(response: AuthenticationResponseJSON, expectedChallenge: string, expectedUserSub?: string): Promise<UserEntity>;
|
|
56
56
|
/**
|
|
57
57
|
* Get all passkeys for a user
|
|
58
58
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"passkey.service.d.ts","sourceRoot":"","sources":["../../src/services/passkey.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAE1B,sCAAsC,EACtC,qCAAqC,EACrC,wBAAwB,EACzB,MAAM,wBAAwB,CAAC;AAQhC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EACL,KAAK,kBAAkB,EAExB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAEpE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEvD;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,6BAA6B;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,0DAA0D;IAC1D,WAAW,EAAE,cAAc,GAAG,aAAa,CAAC;IAC5C,yDAAyD;IACzD,SAAS,EAAE,OAAO,CAAC;IACnB,sCAAsC;IACtC,UAAU,EAAE,IAAI,CAAC;CAClB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA2B;IAElD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;IACrC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;gBAC5B,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,qBAAqB;IAKrE;;OAEG;IACH,OAAO,CAAC,OAAO;IASf;;OAEG;IACH,OAAO,CAAC,UAAU;IAQlB;;OAEG;IACU,2BAA2B,CACtC,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,sCAAsC,CAAC;IA4BlD;;OAEG;IACU,kBAAkB,CAC7B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,wBAAwB,EAClC,iBAAiB,EAAE,MAAM,EACzB,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,kBAAkB,CAAC;IA0C9B;;;;OAIG;IACU,6BAA6B,CACxC,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,qCAAqC,CAAC;IAyBjD;;;OAGG;IACU,oBAAoB,CAC/B,QAAQ,EAAE,0BAA0B,EACpC,iBAAiB,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"passkey.service.d.ts","sourceRoot":"","sources":["../../src/services/passkey.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAE1B,sCAAsC,EACtC,qCAAqC,EACrC,wBAAwB,EACzB,MAAM,wBAAwB,CAAC;AAQhC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EACL,KAAK,kBAAkB,EAExB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAEpE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEvD;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,6BAA6B;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,0DAA0D;IAC1D,WAAW,EAAE,cAAc,GAAG,aAAa,CAAC;IAC5C,yDAAyD;IACzD,SAAS,EAAE,OAAO,CAAC;IACnB,sCAAsC;IACtC,UAAU,EAAE,IAAI,CAAC;CAClB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA2B;IAElD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;IACrC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;gBAC5B,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,qBAAqB;IAKrE;;OAEG;IACH,OAAO,CAAC,OAAO;IASf;;OAEG;IACH,OAAO,CAAC,UAAU;IAQlB;;OAEG;IACU,2BAA2B,CACtC,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,sCAAsC,CAAC;IA4BlD;;OAEG;IACU,kBAAkB,CAC7B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,wBAAwB,EAClC,iBAAiB,EAAE,MAAM,EACzB,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,kBAAkB,CAAC;IA0C9B;;;;OAIG;IACU,6BAA6B,CACxC,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,qCAAqC,CAAC;IAyBjD;;;OAGG;IACU,oBAAoB,CAC/B,QAAQ,EAAE,0BAA0B,EACpC,iBAAiB,EAAE,MAAM,EACzB,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,UAAU,CAAC;IA8CtB;;OAEG;IACU,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAYrE;;OAEG;IACU,aAAa,CACxB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE;QACP,mBAAmB,EAAE,OAAO,CAAC;QAC7B,oBAAoB,EAAE,OAAO,CAAC;QAC9B,oBAAoB,EAAE,OAAO,CAAC;KAC/B,GACA,OAAO,CAAC,IAAI,CAAC;IA4BhB;;OAEG;IACU,aAAa,CACxB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC;CAajB"}
|
|
@@ -120,7 +120,7 @@ export class PasskeyService {
|
|
|
120
120
|
* Verify authentication response
|
|
121
121
|
* Returns the user if verification succeeds
|
|
122
122
|
*/
|
|
123
|
-
async verifyAuthentication(response, expectedChallenge) {
|
|
123
|
+
async verifyAuthentication(response, expectedChallenge, expectedUserSub) {
|
|
124
124
|
// Find the passkey by credential ID
|
|
125
125
|
const passkey = await this.mikro.userPasskey.findByCredentialId(response.id);
|
|
126
126
|
if (!passkey) {
|
|
@@ -143,10 +143,18 @@ export class PasskeyService {
|
|
|
143
143
|
if (!verification.verified) {
|
|
144
144
|
throw new e.PasskeyVerificationFailed.Error();
|
|
145
145
|
}
|
|
146
|
+
const passkeyUser = passkey.user.getEntity();
|
|
147
|
+
if (expectedUserSub && passkeyUser.sub !== expectedUserSub) {
|
|
148
|
+
throw new e.PasskeyUserMismatch.Error();
|
|
149
|
+
}
|
|
150
|
+
const newCounter = verification.authenticationInfo.newCounter;
|
|
151
|
+
if (newCounter < passkey.counter) {
|
|
152
|
+
throw new e.PasskeyVerificationFailed.Error();
|
|
153
|
+
}
|
|
146
154
|
// Update counter for replay attack prevention
|
|
147
|
-
passkey.counter =
|
|
155
|
+
passkey.counter = newCounter;
|
|
148
156
|
await this.mikro.em.flush();
|
|
149
|
-
return
|
|
157
|
+
return passkeyUser;
|
|
150
158
|
}
|
|
151
159
|
/**
|
|
152
160
|
* Get all passkeys for a user
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"passkey.service.js","sourceRoot":"","sources":["../../src/services/passkey.service.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,6BAA6B,EAC7B,2BAA2B,EAC3B,4BAA4B,EAC5B,0BAA0B,GAC3B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAE9D,OAAO,EAEL,uBAAuB,GACxB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,CAAC,EAAE,MAAM,qBAAqB,CAAC;AAsBxC,MAAM,OAAO,cAAc;IACR,MAAM,GAAW,eAAe,CAAC;IAEjC,KAAK,CAAe;IACpB,MAAM,CAAwB;IAC/C,YAAmB,KAAmB,EAAE,MAA6B;QACnE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,OAAO;QACb,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;QAC/C,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;YACxB,OAAO,aAAa,CAAC,KAAK,CAAC;QAC7B,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAC1D,OAAO,OAAO,CAAC,QAAQ,CAAC;IAC1B,CAAC;IAED;;OAEG;IACK,UAAU;QAChB,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;QAC/C,IAAI,aAAa,CAAC,OAAO,IAAI,aAAa,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9D,OAAO,aAAa,CAAC,OAAO,CAAC;QAC/B,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,2BAA2B,CACtC,IAAgB;QAEhB,mCAAmC;QACnC,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,aAAa,CACjE,IAAI,CAAC,GAAG,CACT,CAAC;QAEF,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAAC;YAChD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE;YACpB,QAAQ,EAAE,IAAI,CAAC,KAAK;YACpB,eAAe,EAAE,IAAI,CAAC,KAAK;YAC3B,iDAAiD;YACjD,eAAe,EAAE,MAAM;YACvB,8CAA8C;YAC9C,kBAAkB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBACrD,EAAE,EAAE,OAAO,CAAC,aAAa;gBACzB,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAClE,CAAC,CAAC;YACH,sBAAsB,EAAE;gBACtB,uDAAuD;gBACvD,WAAW,EAAE,WAAW;gBACxB,gBAAgB,EAAE,WAAW;aAC9B;SACF,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,kBAAkB,CAC7B,IAAgB,EAChB,QAAkC,EAClC,iBAAyB,EACzB,WAAoB;QAEpB,MAAM,YAAY,GAAG,MAAM,0BAA0B,CAAC;YACpD,QAAQ;YACR,iBAAiB;YACjB,cAAc,EAAE,IAAI,CAAC,UAAU,EAAE;YACjC,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;YAC7D,MAAM,IAAI,CAAC,CAAC,yBAAyB,CAAC,KAAK,EAAE,CAAC;QAChD,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,GAC5D,YAAY,CAAC,gBAAgB,CAAC;QAEhC,qCAAqC;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,oBAAoB,CAC9D,UAAU,CAAC,EAAE,CACd,CAAC;QACF,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,IAAI,CAAC,CAAC,oBAAoB,CAAC,KAAK,EAAE,CAAC;QAC3C,CAAC;QAED,0BAA0B;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,uBAAuB,EAAE;YAC5D,IAAI,EAAE,IAAI,CAAC,GAAG;YACd,aAAa,EAAE,UAAU,CAAC,EAAE;YAC5B,UAAU,EAAE,YAAY,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;YACzD,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;YACnC,WAAW,EAAE,oBAAoB;YACjC,SAAS,EAAE,kBAAkB;YAC7B,UAAU,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,IAAI,IAAI;YAChD,IAAI,EAAE,WAAW,IAAI,IAAI;YACzB,MAAM,EAAE,YAAY,CAAC,gBAAgB,CAAC,MAAM,IAAI,IAAI;SACrD,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/B,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAE5B,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,6BAA6B,CACxC,OAAgB;QAEhB,IAAI,gBAES,CAAC;QAEd,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YACzE,gBAAgB,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBAChD,EAAE,EAAE,OAAO,CAAC,aAAa;gBACzB,GAAG,CAAC,OAAO,CAAC,UAAU,IAAI;oBACxB,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,CAAC;aACH,CAAC,CAAC,CAAC;QACN,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,6BAA6B,CAAC;YAClD,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE;YACpB,gBAAgB,EAAE,WAAW;YAC7B,8CAA8C;YAC9C,gBAAgB,EAAE,gBAAgB,IAAI,EAAE;SACzC,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,oBAAoB,CAC/B,QAAoC,EACpC,iBAAyB;
|
|
1
|
+
{"version":3,"file":"passkey.service.js","sourceRoot":"","sources":["../../src/services/passkey.service.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,6BAA6B,EAC7B,2BAA2B,EAC3B,4BAA4B,EAC5B,0BAA0B,GAC3B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAE9D,OAAO,EAEL,uBAAuB,GACxB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,CAAC,EAAE,MAAM,qBAAqB,CAAC;AAsBxC,MAAM,OAAO,cAAc;IACR,MAAM,GAAW,eAAe,CAAC;IAEjC,KAAK,CAAe;IACpB,MAAM,CAAwB;IAC/C,YAAmB,KAAmB,EAAE,MAA6B;QACnE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,OAAO;QACb,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;QAC/C,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;YACxB,OAAO,aAAa,CAAC,KAAK,CAAC;QAC7B,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAC1D,OAAO,OAAO,CAAC,QAAQ,CAAC;IAC1B,CAAC;IAED;;OAEG;IACK,UAAU;QAChB,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;QAC/C,IAAI,aAAa,CAAC,OAAO,IAAI,aAAa,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9D,OAAO,aAAa,CAAC,OAAO,CAAC;QAC/B,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,2BAA2B,CACtC,IAAgB;QAEhB,mCAAmC;QACnC,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,aAAa,CACjE,IAAI,CAAC,GAAG,CACT,CAAC;QAEF,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAAC;YAChD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE;YACpB,QAAQ,EAAE,IAAI,CAAC,KAAK;YACpB,eAAe,EAAE,IAAI,CAAC,KAAK;YAC3B,iDAAiD;YACjD,eAAe,EAAE,MAAM;YACvB,8CAA8C;YAC9C,kBAAkB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBACrD,EAAE,EAAE,OAAO,CAAC,aAAa;gBACzB,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAClE,CAAC,CAAC;YACH,sBAAsB,EAAE;gBACtB,uDAAuD;gBACvD,WAAW,EAAE,WAAW;gBACxB,gBAAgB,EAAE,WAAW;aAC9B;SACF,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,kBAAkB,CAC7B,IAAgB,EAChB,QAAkC,EAClC,iBAAyB,EACzB,WAAoB;QAEpB,MAAM,YAAY,GAAG,MAAM,0BAA0B,CAAC;YACpD,QAAQ;YACR,iBAAiB;YACjB,cAAc,EAAE,IAAI,CAAC,UAAU,EAAE;YACjC,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;YAC7D,MAAM,IAAI,CAAC,CAAC,yBAAyB,CAAC,KAAK,EAAE,CAAC;QAChD,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,GAC5D,YAAY,CAAC,gBAAgB,CAAC;QAEhC,qCAAqC;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,oBAAoB,CAC9D,UAAU,CAAC,EAAE,CACd,CAAC;QACF,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,IAAI,CAAC,CAAC,oBAAoB,CAAC,KAAK,EAAE,CAAC;QAC3C,CAAC;QAED,0BAA0B;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,uBAAuB,EAAE;YAC5D,IAAI,EAAE,IAAI,CAAC,GAAG;YACd,aAAa,EAAE,UAAU,CAAC,EAAE;YAC5B,UAAU,EAAE,YAAY,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;YACzD,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;YACnC,WAAW,EAAE,oBAAoB;YACjC,SAAS,EAAE,kBAAkB;YAC7B,UAAU,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,IAAI,IAAI;YAChD,IAAI,EAAE,WAAW,IAAI,IAAI;YACzB,MAAM,EAAE,YAAY,CAAC,gBAAgB,CAAC,MAAM,IAAI,IAAI;SACrD,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/B,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAE5B,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,6BAA6B,CACxC,OAAgB;QAEhB,IAAI,gBAES,CAAC;QAEd,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YACzE,gBAAgB,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBAChD,EAAE,EAAE,OAAO,CAAC,aAAa;gBACzB,GAAG,CAAC,OAAO,CAAC,UAAU,IAAI;oBACxB,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,CAAC;aACH,CAAC,CAAC,CAAC;QACN,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,6BAA6B,CAAC;YAClD,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE;YACpB,gBAAgB,EAAE,WAAW;YAC7B,8CAA8C;YAC9C,gBAAgB,EAAE,gBAAgB,IAAI,EAAE;SACzC,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,oBAAoB,CAC/B,QAAoC,EACpC,iBAAyB,EACzB,eAAwB;QAExB,oCAAoC;QACpC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAC7D,QAAQ,CAAC,EAAE,CACZ,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;QACtC,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,4BAA4B,CAAC;YACtD,QAAQ;YACR,iBAAiB;YACjB,cAAc,EAAE,IAAI,CAAC,UAAU,EAAE;YACjC,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE;YAC5B,UAAU,EAAE;gBACV,EAAE,EAAE,OAAO,CAAC,aAAa;gBACzB,SAAS,EAAE,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC;gBACpD,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,GAAG,CAAC,OAAO,CAAC,UAAU,IAAI;oBACxB,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,CAAC;aACH;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC3B,MAAM,IAAI,CAAC,CAAC,yBAAyB,CAAC,KAAK,EAAE,CAAC;QAChD,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7C,IAAI,eAAe,IAAI,WAAW,CAAC,GAAG,KAAK,eAAe,EAAE,CAAC;YAC3D,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,MAAM,UAAU,GAAG,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC;QAC9D,IAAI,UAAU,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,CAAC,yBAAyB,CAAC,KAAK,EAAE,CAAC;QAChD,CAAC;QAED,8CAA8C;QAC9C,OAAO,CAAC,OAAO,GAAG,UAAU,CAAC;QAC7B,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAE5B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,eAAe,CAAC,OAAe;QAC1C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACrE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1B,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,aAAa,EAAE,CAAC,CAAC,aAAa;YAC9B,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI;YACpB,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,UAAU,EAAE,CAAC,CAAC,UAAU;SACzB,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CACxB,OAAe,EACf,SAAiB,EACjB,OAIC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAC7D,OAAO,EACP,SAAS,CACV,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;QACtC,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAE1E,wCAAwC;QACxC,IAAI,YAAY,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;YACvD,MAAM,IAAI,CAAC,CAAC,uBAAuB,CAAC,KAAK,EAAE,CAAC;QAC9C,CAAC;QAED,wEAAwE;QACxE,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;YACjC,MAAM,kBAAkB,GAAG,YAAY,KAAK,CAAC,CAAC;YAC9C,IAAI,kBAAkB,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,CAAC;gBACxD,MAAM,IAAI,CAAC,CAAC,4BAA4B,CAAC,KAAK,EAAE,CAAC;YACnD,CAAC;QACH,CAAC;QAED,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,oBAAoB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CACxB,OAAe,EACf,SAAiB,EACjB,IAAY;QAEZ,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAC7D,OAAO,EACP,SAAS,CACV,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;QACtC,CAAC;QAED,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;QACpB,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAC9B,CAAC;CACF"}
|