@universis/janitor 1.9.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/README.md +106 -0
  2. package/dist/index.d.ts +46 -5
  3. package/dist/index.esm.js +444 -154
  4. package/dist/index.esm.js.map +1 -1
  5. package/dist/index.js +445 -153
  6. package/dist/index.js.map +1 -1
  7. package/package.json +6 -3
  8. package/public/schemas/v1/rate-limit-service.json +4 -4
  9. package/public/schemas/v1/speed-limit-service.json +4 -4
  10. package/src/AppRateLimitService.d.ts +5 -0
  11. package/src/AppRateLimitService.js +21 -0
  12. package/src/AppSpeedLimitService.d.ts +5 -0
  13. package/src/AppSpeedLimitService.js +21 -0
  14. package/src/RateLimitService.d.ts +20 -1
  15. package/src/RateLimitService.js +201 -70
  16. package/src/SpeedLimitService.d.ts +20 -2
  17. package/src/SpeedLimitService.js +207 -83
  18. package/src/index.d.ts +2 -0
  19. package/src/index.js +2 -0
package/dist/index.esm.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.esm.js","sources":["../src/RateLimitService.js","../src/SpeedLimitService.js","../src/RedisClientStore.js","../src/ScopeAccessConfiguration.js","../src/validateScope.js","../src/OAuth2ClientService.js","../src/RemoteAddressValidator.js"],"sourcesContent":["import { ApplicationService, TraceUtils } from '@themost/common';\nimport { rateLimit } from 'express-rate-limit';\nimport express from 'express';\nimport path from 'path';\n\nexport class RateLimitService extends ApplicationService {\n /**\n * @param {import('@themost/express').ExpressDataApplication} app \n */\n constructor(app) {\n super(app);\n app.serviceRouter.subscribe(serviceRouter => {\n if (serviceRouter == null) {\n return;\n }\n try {\n const addRouter = express.Router();\n let serviceConfiguration = app.getConfiguration().getSourceAt('settings/universis/janitor/rateLimit') || {\n profiles: [],\n paths: []\n };\n if (serviceConfiguration.extends) {\n // get additional configuration\n const configurationPath = app.getConfiguration().getConfigurationPath();\n const extendsPath = path.resolve(configurationPath, serviceConfiguration.extends);\n TraceUtils.log(`@universis/janitor#RateLimitService will try to extend service configuration from ${extendsPath}`);\n serviceConfiguration = require(extendsPath);\n }\n const pathsArray = serviceConfiguration.paths || [];\n const profilesArray = serviceConfiguration.profiles || [];\n // create maps\n const paths = new Map(pathsArray);\n const profiles = new Map(profilesArray);\n if (paths.size === 0) {\n TraceUtils.warn('@universis/janitor#RateLimitService is being started but the collection of paths is empty.');\n }\n // get proxy address forwarding option\n let proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');\n if (typeof proxyAddressForwarding !== 'boolean') {\n proxyAddressForwarding = false;\n }\n paths.forEach((value, path) => {\n let profile;\n // get profile\n if (value.profile) {\n profile = profiles.get(value.profile);\n } else {\n // or options defined inline\n profile = value\n }\n if (profile != null) {\n const rateLimitOptions = Object.assign({\n windowMs: 5 * 60 * 1000, // 5 minutes\n limit: 50, // 50 requests\n legacyHeaders: true // send headers\n }, profile, {\n keyGenerator: (req) => {\n let remoteAddress;\n if (proxyAddressForwarding) {\n // get proxy headers or remote address\n remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n } else {\n // get remote address\n remoteAddress = (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n }\n return `${path}:${remoteAddress}`;\n }\n });\n if (typeof rateLimitOptions.store === 'string') {\n // load store\n const store = rateLimitOptions.store.split('#');\n let StoreClass;\n if (store.length === 2) {\n const storeModule = require(store[0]);\n if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {\n StoreClass = storeModule[store[1]];\n rateLimitOptions.store = new StoreClass(this, rateLimitOptions);\n } else {\n throw new Error(`${store} cannot be found or is inaccessible`);\n }\n } else {\n StoreClass = require(store[0]);\n // create store\n rateLimitOptions.store = new StoreClass(this, rateLimitOptions);\n }\n }\n addRouter.use(path, rateLimit(rateLimitOptions));\n }\n });\n if (addRouter.stack.length) {\n serviceRouter.stack.unshift.apply(serviceRouter.stack, addRouter.stack);\n }\n } catch (err) {\n TraceUtils.error('An error occurred while validating rate limit configuration.');\n TraceUtils.error(err);\n TraceUtils.warn('Rate limit service is inactive due to an error occured while loading configuration.')\n }\n });\n }\n\n}","import { ApplicationService, TraceUtils } from '@themost/common';\nimport slowDown from 'express-slow-down';\nimport express from 'express';\nimport path from 'path';\n\nexport class SpeedLimitService extends ApplicationService {\n constructor(app) {\n super(app);\n\n app.serviceRouter.subscribe(serviceRouter => {\n if (serviceRouter == null) {\n return;\n }\n try {\n const addRouter = express.Router();\n let serviceConfiguration = app.getConfiguration().getSourceAt('settings/universis/janitor/speedLimit') || {\n profiles: [],\n paths: []\n };\n if (serviceConfiguration.extends) {\n // get additional configuration\n const configurationPath = app.getConfiguration().getConfigurationPath();\n const extendsPath = path.resolve(configurationPath, serviceConfiguration.extends);\n TraceUtils.log(`@universis/janitor#SpeedLimitService will try to extend service configuration from ${extendsPath}`);\n serviceConfiguration = require(extendsPath);\n }\n const pathsArray = serviceConfiguration.paths || [];\n const profilesArray = serviceConfiguration.profiles || [];\n // create maps\n const paths = new Map(pathsArray);\n const profiles = new Map(profilesArray);\n if (paths.size === 0) {\n TraceUtils.warn('@universis/janitor#SpeedLimitService is being started but the collection of paths is empty.');\n }\n // get proxy address forwarding option\n let proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');\n if (typeof proxyAddressForwarding !== 'boolean') {\n proxyAddressForwarding = false;\n }\n paths.forEach((value, path) => {\n let profile;\n // get profile\n if (value.profile) {\n profile = profiles.get(value.profile);\n } else {\n // or options defined inline\n profile = value\n }\n if (profile != null) {\n const slowDownOptions = Object.assign({\n windowMs: 5 * 60 * 1000, // 5 minutes\n delayAfter: 20, // 20 requests\n delayMs: 500, // 500 ms\n maxDelayMs: 10000 // 10 seconds\n }, profile, {\n keyGenerator: (req) => {\n let remoteAddress;\n if (proxyAddressForwarding) {\n // get proxy headers or remote address\n remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n } else {\n // get remote address\n remoteAddress = (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n }\n return `${path}:${remoteAddress}`;\n }\n });\n if (Array.isArray(slowDownOptions.randomDelayMs)) {\n slowDownOptions.delayMs = () => {\n const delayMs = Math.floor(Math.random() * (slowDownOptions.randomDelayMs[1] - slowDownOptions.randomDelayMs[0] + 1) + slowDownOptions.randomDelayMs[0]);\n return delayMs;\n }\n }\n if (Array.isArray(slowDownOptions.randomMaxDelayMs)) {\n slowDownOptions.maxDelayMs = () => {\n const maxDelayMs = Math.floor(Math.random() * (slowDownOptions.randomMaxDelayMs[1] - slowDownOptions.randomMaxDelayMs[0] + 1) + slowDownOptions.randomMaxDelayMs[0]);\n return maxDelayMs;\n }\n }\n if (typeof slowDownOptions.store === 'string') {\n // load store\n const store = slowDownOptions.store.split('#');\n let StoreClass;\n if (store.length === 2) {\n const storeModule = require(store[0]);\n if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {\n StoreClass = storeModule[store[1]];\n slowDownOptions.store = new StoreClass(this, slowDownOptions);\n } else {\n throw new Error(`${store} cannot be found or is inaccessible`);\n }\n } else {\n StoreClass = require(store[0]);\n // create store\n slowDownOptions.store = new StoreClass(this, slowDownOptions);\n }\n }\n addRouter.use(path, slowDown(slowDownOptions));\n }\n });\n if (addRouter.stack.length) {\n serviceRouter.stack.unshift.apply(serviceRouter.stack, addRouter.stack);\n }\n } catch (err) {\n TraceUtils.error('An error occurred while validating speed limit configuration.');\n TraceUtils.error(err);\n TraceUtils.warn('Speed limit service is inactive due to an error occured while loading configuration.')\n }\n });\n }\n\n}","import { TraceUtils } from '@themost/common';\nimport { RedisStore } from 'rate-limit-redis';\nimport { Redis } from 'ioredis';\nimport '@themost/promise-sequence';\n\nlet superLoadIncrementScript;\nlet superLoadGetScript;\n\nfunction noLoadGetScript() {\n //\n}\n\nfunction noLoadIncrementScript() {\n //\n}\n\nif (RedisStore.prototype.loadIncrementScript.name === 'loadIncrementScript') {\n // get super method for future use\n superLoadIncrementScript = RedisStore.prototype.loadIncrementScript;\n RedisStore.prototype.loadIncrementScript = noLoadIncrementScript;\n}\n\nif (RedisStore.prototype.loadGetScript.name === 'loadGetScript') {\n // get super method\n superLoadGetScript = RedisStore.prototype.loadGetScript;\n RedisStore.prototype.loadGetScript = noLoadGetScript;\n}\n\nclass RedisClientStore extends RedisStore {\n\n /**\n * @type {import('redis').RedisClientType}\n */\n client;\n\n /**\n * \n * @param {import('@themost/common').ApplicationService} service\n * @param {{windowMs: number}} options\n */\n constructor(service, options) {\n super({\n /**\n * @param {...string} args\n * @returns {Promise<*>}\n */\n sendCommand: function () {\n const args = Array.from(arguments);\n const [command] = args.splice(0, 1);\n const self = this;\n if (command === 'SCRIPT') {\n const connectOptions = service.getApplication().getConfiguration().getSourceAt('settings/redis/options') || {\n host: '127.0.0.1',\n port: 6379\n };\n const client = new Redis(connectOptions);\n return client.call(command, args).catch((error) => {\n if (error instanceof TypeError && error.message === 'Invalid argument type') {\n TraceUtils.warn('RedisClientStore: Invalid argument type: ' + JSON.stringify(args));\n }\n return Promise.reject(error);\n }).finally(() => {\n if (client.isOpen) {\n client.disconnect().catch((errDisconnect) => {\n TraceUtils.error(errDisconnect);\n });\n }\n });\n }\n if (self.client == null) {\n const connectOptions = service.getApplication().getConfiguration().getSourceAt('settings/redis/options') || {\n host: '127.0.0.1',\n port: 6379\n };\n self.client = new Redis(connectOptions);\n }\n if (self.client.isOpen) {\n return self.client.call(command, args).catch((error) => {\n if (error instanceof TypeError && error.message === 'Invalid argument type') {\n TraceUtils.warn('RedisClientStore: Invalid argument type: ' + JSON.stringify(args));\n }\n return Promise.reject(error);\n });\n }\n // send load script commands once\n return (() => {\n if (self.incrementScriptSha == null) {\n return this.postInit();\n }\n return Promise.resolve();\n })().then(() => {\n // send command \n args[0] = self.incrementScriptSha;\n return self.client.call(command, args).catch((error) => {\n if (error instanceof TypeError && error.message === 'Invalid argument type') {\n TraceUtils.warn('RedisClientStore: Invalid argument type: ' + JSON.stringify(args));\n }\n return Promise.reject(error);\n });\n });\n }\n });\n this.init(options);\n TraceUtils.debug('RedisClientStore: Starting up and loading increment and get scripts.');\n void this.postInit().then(() => {\n TraceUtils.debug('RedisClientStore: Successfully loaded increment and get scripts.');\n }).catch((err) => {\n TraceUtils.error('RedisClientStore: Failed to load increment and get scripts.');\n TraceUtils.error(err);\n });\n }\n async postInit() {\n const [incrementScriptSha, getScriptSha] = await Promise.sequence([\n () => superLoadIncrementScript.call(this),\n () => superLoadGetScript.call(this)\n ]);\n this.incrementScriptSha = incrementScriptSha;\n this.getScriptSha = getScriptSha;\n }\n\n}\n\nexport {\n RedisClientStore\n}","\nimport {ConfigurationStrategy, Args, ApplicationService} from '@themost/common';\nimport path from 'path';\nimport url from 'url';\n\nconst HTTP_METHOD_REGEXP = /^\\b(POST|PUT|PATCH|DELETE)\\b$/i;\n\nclass ScopeString {\n constructor(str) {\n this.value = str;\n }\n toString() {\n return this.value;\n }\n /**\n * Splits a comma-separated or space-separated scope string e.g. \"profile email\" or \"profile,email\"\n *\n * Important note: https://www.rfc-editor.org/rfc/rfc6749#section-3.3 defines the regular expression of access token scopes\n * which is a space separated string. Several OAuth2 servers use a comma-separated list instead.\n *\n * The operation will try to use both implementations by excluding comma ',' from access token regular expressions\n * @returns {Array<string>}\n */\n split() {\n // the default regular expression includes comma /([\\x21\\x23-\\x5B\\x5D-\\x7E]+)/g\n // the modified regular expression excludes comma /x2C /([\\x21\\x23-\\x2B\\x2D-\\x5B\\x5D-\\x7E]+)/g\n const re = /([\\x21\\x23-\\x2B\\x2D-\\x5B\\x5D-\\x7E]+)/g\n const results = [];\n let match = re.exec(this.value);\n while(match !== null) {\n results.push(match[0]);\n match = re.exec(this.value);\n }\n return results;\n }\n}\n\nclass ScopeAccessConfiguration extends ConfigurationStrategy {\n /**\n * @param {import('@themost/common').ConfigurationBase} configuration\n */\n constructor(configuration) {\n super(configuration);\n let elements = [];\n // define property\n Object.defineProperty(this, 'elements', {\n get: () => {\n return elements;\n },\n enumerable: true\n });\n }\n\n /**\n * @param {Request} req\n * @returns Promise<ScopeAccessConfigurationElement>\n */\n verify(req) {\n return new Promise((resolve, reject) => {\n try {\n // validate request context\n Args.notNull(req.context,'Context');\n // validate request context user\n Args.notNull(req.context.user,'User');\n if (req.context.user.authenticationScope && req.context.user.authenticationScope.length>0) {\n // get original url\n let reqUrl = url.parse(req.originalUrl).pathname;\n // get user context scopes as array e.g, ['students', 'students:read']\n let reqScopes = new ScopeString(req.context.user.authenticationScope).split();\n // get user access based on HTTP method e.g. GET -> read access\n let reqAccess = HTTP_METHOD_REGEXP.test(req.method) ? 'write' : 'read';\n // first phase: find element by resource and scope\n let result = this.elements.find(x => {\n // filter element by access level\n return new RegExp( \"^\" + x.resource, 'i').test(reqUrl)\n // and scopes\n && x.scope.find(y => {\n // search user scopes (validate wildcard scope)\n return y === \"*\" || reqScopes.indexOf(y)>=0;\n });\n });\n // second phase: check access level\n if (result == null) {\n return resolve();\n }\n // if access is missing or access is not an array\n if (Array.isArray(result.access) === false) {\n // the requested access is not allowed because the access is not defined\n return resolve();\n }\n // if the requested access is not in the access array\n if (result.access.indexOf(reqAccess) < 0) {\n // the requested access is not allowed because the access levels do not match\n return resolve();\n }\n // otherwise, return result\n return resolve(result);\n }\n return resolve();\n }\n catch(err) {\n return reject(err);\n }\n\n });\n }\n\n}\n\n/**\n * @class\n */\nclass DefaultScopeAccessConfiguration extends ScopeAccessConfiguration {\n /**\n * @param {import('@themost/common').ConfigurationBase} configuration\n */\n constructor(configuration) {\n super(configuration);\n let defaults = [];\n // load scope access from configuration resource\n try {\n /**\n * @type {Array<ScopeAccessConfigurationElement>}\n */\n defaults = require(path.resolve(configuration.getConfigurationPath(), 'scope.access.json'));\n }\n catch(err) {\n // if an error occurred other than module not found (there are no default access policies)\n if (err.code !== 'MODULE_NOT_FOUND') {\n // throw error\n throw err;\n }\n // otherwise continue\n }\n this.elements.push.apply(this.elements, defaults);\n }\n}\n\nclass EnableScopeAccessConfiguration extends ApplicationService {\n /**\n * @param {import('@themost/express').ExpressDataApplication|import('@themost/common').ApplicationBase} app \n */\n constructor(app) {\n super(app);\n // register scope access configuration\n app.getConfiguration().useStrategy(ScopeAccessConfiguration, DefaultScopeAccessConfiguration);\n }\n}\n\n\n/**\n * @class\n */\nclass ExtendScopeAccessConfiguration extends ApplicationService {\n /**\n * @param {import('@themost/express').ExpressDataApplication|import('@themost/common').ApplicationBase} app\n */\n constructor(app) {\n super(app);\n // Get the additional scope access extensions from the configuration\n const scopeAccessExtensions = app.getConfiguration().settings.universis?.janitor?.scopeAccess.imports;\n if (app && app.container && scopeAccessExtensions != null) {\n app.container.subscribe((container) => {\n if (container) {\n const scopeAccess = app.getConfiguration().getStrategy(function ScopeAccessConfiguration() { });\n if (scopeAccess != null) {\n for (const scopeAccessExtension of scopeAccessExtensions) {\n try {\n const elements = require(path.resolve(app.getConfiguration().getConfigurationPath(), scopeAccessExtension));\n if (elements) {\n // add extra scope access elements\n scopeAccess.elements.unshift(...elements);\n }\n }\n catch(err) {\n // if an error occurred other than module not found (there are no default access policies)\n if (err.code !== 'MODULE_NOT_FOUND') {\n // throw error\n throw err;\n }\n }\n }\n }\n }\n });\n }\n }\n}\n\nexport {\n ScopeString,\n ScopeAccessConfiguration,\n DefaultScopeAccessConfiguration,\n EnableScopeAccessConfiguration,\n ExtendScopeAccessConfiguration\n}\n","import { ScopeAccessConfiguration } from './ScopeAccessConfiguration';\nimport {HttpForbiddenError} from '@themost/common';\n\nfunction validateScope() {\n return (req, res, next) => {\n /**\n * @type {ScopeAccessConfiguration}\n */\n let scopeAccessConfiguration = req.context.getApplication().getConfiguration().getStrategy(ScopeAccessConfiguration);\n if (typeof scopeAccessConfiguration === 'undefined') {\n return next(new Error('Invalid application configuration. Scope access configuration strategy is missing or is in accessible.'));\n }\n scopeAccessConfiguration.verify(req).then(value => {\n if (value) {\n return next();\n }\n return next(new HttpForbiddenError('Access denied due to authorization scopes.'))\n }).catch(reason => {\n return next(reason);\n });\n };\n}\n\nexport {\n validateScope\n}\n","import {Request} from 'superagent'\nimport {URL} from 'url';\nimport {ApplicationService, DataError, HttpError} from '@themost/common';\n\nfunction responseHander(resolve, reject) {\n return function (err, response) {\n if (err) {\n /**\n * @type {import('superagent').Response}\n */\n const response = err.response\n if (response && response.headers['content-type'] === 'application/json') {\n // get body\n const clientError = response.body;\n const error = new HttpError(response.status);\n return reject(Object.assign(error, {\n clientError\n }));\n }\n return reject(err);\n }\n if (response.status === 204 && response.headers['content-type'] === 'application/json') {\n return resolve(null);\n }\n return resolve(response.body);\n };\n}\n\n/**\n * @class\n */\nclass OAuth2ClientService extends ApplicationService {\n /**\n * @param {import('@themost/express').ExpressDataApplication} app\n */\n constructor(app) {\n super(app);\n /**\n * @name OAuth2ClientService#settings\n * @type {{server_uri:string,token_uri?:string}}\n */\n Object.defineProperty(this, 'settings', {\n writable: false,\n value: app.getConfiguration().getSourceAt('settings/auth'),\n enumerable: false,\n configurable: false\n });\n }\n\n /**\n * Gets keycloak server root\n * @returns {string}\n */\n getServer() {\n return this.settings.server_uri;\n }\n\n /**\n * Gets keycloak server root\n * @returns {string}\n */\n getAdminRoot() {\n return this.settings.admin_uri;\n }\n\n // noinspection JSUnusedGlobalSymbols\n /**\n * Gets user's profile by calling OAuth2 server profile endpoint\n * @param {ExpressDataContext} context\n * @param {string} token\n */\n getUserInfo(token) {\n return new Promise((resolve, reject) => {\n const userinfo_uri = this.settings.userinfo_uri ? new URL(this.settings.userinfo_uri, this.getServer()) : new URL('me', this.getServer());\n return new Request('GET', userinfo_uri)\n .set({\n 'Authorization': `Bearer ${token}`,\n 'Accept': 'application/json'\n })\n .query({\n 'access_token':token\n }).end(responseHander(resolve, reject));\n });\n }\n\n // noinspection JSUnusedGlobalSymbols\n /**\n * Gets the token info of the current context\n * @param {ExpressDataContext} context\n */\n getContextTokenInfo(context) {\n if (context.user == null) {\n return Promise.reject(new Error('Context user may not be null'));\n }\n if (context.user.authenticationType !== 'Bearer') {\n return Promise.reject(new Error('Invalid context authentication type'));\n }\n if (context.user.authenticationToken == null) {\n return Promise.reject(new Error('Context authentication data may not be null'));\n }\n return this.getTokenInfo(context, context.user.authenticationToken);\n }\n /**\n * Gets token info by calling OAuth2 server endpoint\n * @param {ExpressDataContext} _context\n * @param {string} token\n */\n getTokenInfo(_context, token) {\n return new Promise((resolve, reject) => {\n const introspection_uri = this.settings.introspection_uri ? new URL(this.settings.introspection_uri, this.getServer()) : new URL('tokeninfo', this.getServer());\n return new Request('POST', introspection_uri)\n .auth(this.settings.client_id, this.settings.client_secret)\n .set('Accept', 'application/json')\n .type('form')\n .send({\n 'token_type_hint': 'access_token',\n 'token': token,\n }).end(responseHander(resolve, reject));\n });\n }\n\n /**\n * @param {AuthorizeUser} authorizeUser\n */\n authorize(authorizeUser) {\n const tokenURL = this.settings.token_uri ? new URL(this.settings.token_uri) : new URL('authorize', this.getServer());\n return new Promise((resolve, reject)=> {\n return new Request('POST', tokenURL)\n .type('form')\n .send(authorizeUser).end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Gets a user by name\n * @param {*} user_id \n * @param {AdminMethodOptions} options \n */\n getUserById(user_id, options) {\n return new Promise((resolve, reject) => {\n return new Request('GET', new URL(`users/${user_id}`, this.getAdminRoot()))\n .set('Authorization', `Bearer ${options.access_token}`)\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Gets a user by name\n * @param {string} username \n * @param {AdminMethodOptions} options \n */\n getUser(username, options) {\n return new Promise((resolve, reject)=> {\n return new Request('GET', new URL('users', this.getAdminRoot()))\n .set('Authorization', `Bearer ${options.access_token}`)\n .query({\n '$filter': `name eq '${username}'`\n })\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Gets a user by email address\n * @param {string} email \n * @param {AdminMethodOptions} options \n */\n getUserByEmail(email, options) {\n return new Promise((resolve, reject)=> {\n return new Request('GET', new URL('users', this.getAdminRoot()))\n .set('Authorization', `Bearer ${options.access_token}`)\n .query({\n '$filter': `alternateName eq '${email}'`\n })\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Updates an existing user\n * @param {*} user \n * @param {AdminMethodOptions} options \n */\n updateUser(user, options) {\n return new Promise((resolve, reject)=> {\n if (user.id == null) {\n return reject(new DataError('E_IDENTIFIER', 'User may not be empty at this context.', null, 'User', 'id'));\n }\n const request = new Request('PUT', new URL(`users/${user.id}`, this.getAdminRoot()));\n return request.set('Authorization', `Bearer ${options.access_token}`)\n .set('Content-Type', 'application/json')\n .send(user)\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Creates a new user\n * @param {*} user \n * @param {AdminMethodOptions} options \n */\n createUser(user, options) {\n return new Promise((resolve, reject)=> {\n const request = new Request('POST', new URL('users', this.getAdminRoot()));\n return request.set('Authorization', `Bearer ${options.access_token}`)\n .set('Content-Type', 'application/json')\n .send(Object.assign({}, user, {\n $state: 1 // for create\n }))\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Deletes a user\n * @param {{id: any}} user \n * @param {AdminMethodOptions} options \n */\n deleteUser(user, options) {\n return new Promise((resolve, reject)=> {\n if (user.id == null) {\n return reject(new DataError('E_IDENTIFIER', 'User may not be empty at this context.', null, 'User', 'id'));\n }\n const request = new Request('DELETE', new URL(`users/${user.id}`, this.getAdminRoot()));\n return request.set('Authorization', `Bearer ${options.access_token}`)\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * @param {boolean=} force \n * @returns {*}\n */\n getWellKnownConfiguration(force) {\n if (force) {\n this.well_known_configuration = null;\n }\n if (this.well_known_configuration) {\n return Promise.resolve(this.well_known_configuration);\n }\n return new Promise((resolve, reject) => {\n const well_known_configuration_uri = this.settings.well_known_configuration_uri ? new URL(this.settings.well_known_configuration_uri, this.getServer()) : new URL('.well-known/openid-configuration', this.getServer());\n return new Request('GET', well_known_configuration_uri)\n .end(responseHander(resolve, reject));\n }).then((configuration) => {\n this.well_known_configuration = configuration;\n return configuration;\n });\n }\n}\n\nexport {\n OAuth2ClientService\n}\n\n","import { ApplicationService, HttpForbiddenError, TraceUtils } from '@themost/common';\nimport express from 'express';\nimport jwt from 'jsonwebtoken';\n\nclass HttpRemoteAddrForbiddenError extends HttpForbiddenError {\n constructor() {\n super('Access is denied due to remote address conflict. The client network has been changed or cannot be determined.');\n this.statusCode = 403.6;\n }\n \n}\n\nclass RemoteAddressValidator extends ApplicationService {\n constructor(app) {\n super(app);\n\n // get proxy address forwarding option\n let proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');\n if (typeof proxyAddressForwarding !== 'boolean') {\n proxyAddressForwarding = false;\n }\n this.proxyAddressForwarding = proxyAddressForwarding;\n // get token claim name\n this.claim = app.getConfiguration().getSourceAt('settings/universis/janitor/remoteAddress/claim') || 'remoteAddress';\n\n app.serviceRouter.subscribe((serviceRouter) => {\n if (serviceRouter == null) {\n return;\n }\n const addRouter = express.Router();\n addRouter.use((req, res, next) => {\n void this.validateRemoteAddress(req).then((value) => {\n if (value === false) {\n return next(new HttpRemoteAddrForbiddenError());\n }\n return next();\n }).catch((err) => {\n return next(err);\n });\n });\n // insert router at the beginning of serviceRouter.stack\n serviceRouter.stack.unshift.apply(serviceRouter.stack, addRouter.stack);\n });\n }\n\n /**\n * Gets remote address from request\n * @param {import('express').Request} req \n * @returns \n */\n getRemoteAddress(req) {\n let remoteAddress;\n if (this.proxyAddressForwarding) {\n // get proxy headers or remote address\n remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n } else {\n remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;\n }\n return remoteAddress;\n }\n\n /**\n * Validates token remote address with request remote address\n * @param {import('express').Request} req \n * @returns {Promise<boolean>}\n */\n async validateRemoteAddress(req) {\n const authenticationToken = req.context?.user?.authenticationToken;\n if (authenticationToken != null) {\n const access_token = jwt.decode(authenticationToken);\n const remoteAddress = access_token[this.claim];\n if (remoteAddress == null) {\n TraceUtils.warn(`Remote address validation failed. Expected a valid remote address claimed by using \"${this.claim}\" attribute but got none.`);\n return false;\n }\n // get context remote address\n const requestRemoteAddress = this.getRemoteAddress(req);\n if (remoteAddress !== requestRemoteAddress) {\n TraceUtils.warn(`Remote address validation failed. Expected remote address is ${remoteAddress || 'Uknown'} but request remote address is ${requestRemoteAddress}`);\n return false;\n }\n return true;\n }\n TraceUtils.warn('Remote address validation cannot be completed because authentication token is not available.');\n return false;\n }\n\n}\n\nexport {\n HttpRemoteAddrForbiddenError,\n RemoteAddressValidator\n}\n"],"names":["RateLimitService","ApplicationService","constructor","app","serviceRouter","subscribe","addRouter","express","Router","serviceConfiguration","getConfiguration","getSourceAt","profiles","paths","extends","configurationPath","getConfigurationPath","extendsPath","path","resolve","TraceUtils","log","require","pathsArray","profilesArray","Map","size","warn","proxyAddressForwarding","forEach","value","profile","get","rateLimitOptions","Object","assign","windowMs","limit","legacyHeaders","keyGenerator","req","remoteAddress","headers","connection","socket","store","split","StoreClass","length","storeModule","prototype","hasOwnProperty","call","Error","use","rateLimit","stack","unshift","apply","err","error","SpeedLimitService","slowDownOptions","delayAfter","delayMs","maxDelayMs","Array","isArray","randomDelayMs","Math","floor","random","randomMaxDelayMs","slowDown","superLoadIncrementScript","superLoadGetScript","noLoadGetScript","noLoadIncrementScript","RedisStore","loadIncrementScript","name","loadGetScript","RedisClientStore","service","options","sendCommand","args","from","arguments","command","splice","self","connectOptions","getApplication","host","port","client","Redis","catch","TypeError","message","JSON","stringify","Promise","reject","finally","isOpen","disconnect","errDisconnect","incrementScriptSha","postInit","then","_defineProperty","init","debug","getScriptSha","sequence","HTTP_METHOD_REGEXP","ScopeString","str","toString","re","results","match","exec","push","ScopeAccessConfiguration","ConfigurationStrategy","configuration","elements","defineProperty","enumerable","verify","Args","notNull","context","user","authenticationScope","reqUrl","url","parse","originalUrl","pathname","reqScopes","reqAccess","test","method","result","find","x","RegExp","resource","scope","y","indexOf","access","DefaultScopeAccessConfiguration","defaults","code","EnableScopeAccessConfiguration","useStrategy","ExtendScopeAccessConfiguration","scopeAccessExtensions","settings","universis","janitor","scopeAccess","imports","container","getStrategy","scopeAccessExtension","validateScope","res","next","scopeAccessConfiguration","HttpForbiddenError","reason","responseHander","response","clientError","body","HttpError","status","OAuth2ClientService","writable","configurable","getServer","server_uri","getAdminRoot","admin_uri","getUserInfo","token","userinfo_uri","URL","Request","set","query","end","getContextTokenInfo","authenticationType","authenticationToken","getTokenInfo","_context","introspection_uri","auth","client_id","client_secret","type","send","authorize","authorizeUser","tokenURL","token_uri","getUserById","user_id","access_token","getUser","username","getUserByEmail","email","updateUser","id","DataError","request","createUser","$state","deleteUser","getWellKnownConfiguration","force","well_known_configuration","well_known_configuration_uri","HttpRemoteAddrForbiddenError","statusCode","RemoteAddressValidator","claim","validateRemoteAddress","getRemoteAddress","jwt","decode","requestRemoteAddress"],"mappings":";;;;;;;;;;;;;AAKO,MAAMA,gBAAgB,SAASC,kBAAkB,CAAC;AACrD;AACJ;AACA;EACIC,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;AACVA,IAAAA,GAAG,CAACC,aAAa,CAACC,SAAS,CAAC,CAAAD,aAAa,KAAI;MACzC,IAAIA,aAAa,IAAI,IAAI,EAAE;AACvB,QAAA;AACJ;MACA,IAAI;AACA,QAAA,MAAME,SAAS,GAAGC,OAAO,CAACC,MAAM,EAAE;AAClC,QAAA,IAAIC,oBAAoB,GAAGN,GAAG,CAACO,gBAAgB,EAAE,CAACC,WAAW,CAAC,sCAAsC,CAAC,IAAI;AACrGC,UAAAA,QAAQ,EAAE,EAAE;AACZC,UAAAA,KAAK,EAAE;SACV;QACD,IAAIJ,oBAAoB,CAACK,OAAO,EAAE;AAC9B;UACA,MAAMC,iBAAiB,GAAGZ,GAAG,CAACO,gBAAgB,EAAE,CAACM,oBAAoB,EAAE;UACvE,MAAMC,WAAW,GAAGC,IAAI,CAACC,OAAO,CAACJ,iBAAiB,EAAEN,oBAAoB,CAACK,OAAO,CAAC;AACjFM,UAAAA,UAAU,CAACC,GAAG,CAAC,CAAqFJ,kFAAAA,EAAAA,WAAW,EAAE,CAAC;AAClHR,UAAAA,oBAAoB,GAAGa,OAAO,CAACL,WAAW,CAAC;AAC/C;AACA,QAAA,MAAMM,UAAU,GAAGd,oBAAoB,CAACI,KAAK,IAAI,EAAE;AACnD,QAAA,MAAMW,aAAa,GAAGf,oBAAoB,CAACG,QAAQ,IAAI,EAAE;AACzD;AACA,QAAA,MAAMC,KAAK,GAAG,IAAIY,GAAG,CAACF,UAAU,CAAC;AACjC,QAAA,MAAMX,QAAQ,GAAG,IAAIa,GAAG,CAACD,aAAa,CAAC;AACvC,QAAA,IAAIX,KAAK,CAACa,IAAI,KAAK,CAAC,EAAE;AAClBN,UAAAA,UAAU,CAACO,IAAI,CAAC,4FAA4F,CAAC;AACjH;AACA;QACA,IAAIC,sBAAsB,GAAGzB,GAAG,CAACO,gBAAgB,EAAE,CAACC,WAAW,CAAC,+CAA+C,CAAC;AAChH,QAAA,IAAI,OAAOiB,sBAAsB,KAAK,SAAS,EAAE;AAC7CA,UAAAA,sBAAsB,GAAG,KAAK;AAClC;AACAf,QAAAA,KAAK,CAACgB,OAAO,CAAC,CAACC,KAAK,EAAEZ,IAAI,KAAK;AAC3B,UAAA,IAAIa,OAAO;AACX;UACA,IAAID,KAAK,CAACC,OAAO,EAAE;YACfA,OAAO,GAAGnB,QAAQ,CAACoB,GAAG,CAACF,KAAK,CAACC,OAAO,CAAC;AACzC,WAAC,MAAM;AACH;AACAA,YAAAA,OAAO,GAAGD,KAAK;AACnB;UACA,IAAIC,OAAO,IAAI,IAAI,EAAE;AACjB,YAAA,MAAME,gBAAgB,GAAGC,MAAM,CAACC,MAAM,CAAC;AACnCC,cAAAA,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI;cACvBC,KAAK,EAAE,EAAE;cACTC,aAAa,EAAE,IAAI;aACtB,EAAEP,OAAO,EAAE;cACRQ,YAAY,EAAEA,CAACC,GAAG,KAAK;AACnB,gBAAA,IAAIC,aAAa;AACjB,gBAAA,IAAIb,sBAAsB,EAAE;AACxB;AACAa,kBAAAA,aAAa,GAAGD,GAAG,CAACE,OAAO,CAAC,WAAW,CAAC,IAAIF,GAAG,CAACE,OAAO,CAAC,iBAAiB,CAAC,KAAKF,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAa,CAAC;AAC5J,iBAAC,MAAM;AACH;AACAA,kBAAAA,aAAa,GAAID,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAc;AAC9F;AACA,gBAAA,OAAO,CAAGvB,EAAAA,IAAI,CAAIuB,CAAAA,EAAAA,aAAa,CAAE,CAAA;AACrC;AACJ,aAAC,CAAC;AACF,YAAA,IAAI,OAAOR,gBAAgB,CAACY,KAAK,KAAK,QAAQ,EAAE;AAC5C;cACA,MAAMA,KAAK,GAAGZ,gBAAgB,CAACY,KAAK,CAACC,KAAK,CAAC,GAAG,CAAC;AAC/C,cAAA,IAAIC,UAAU;AACd,cAAA,IAAIF,KAAK,CAACG,MAAM,KAAK,CAAC,EAAE;gBACpB,MAAMC,WAAW,GAAG3B,OAAO,CAACuB,KAAK,CAAC,CAAC,CAAC,CAAC;AACrC,gBAAA,IAAIX,MAAM,CAACgB,SAAS,CAACC,cAAc,CAACC,IAAI,CAACH,WAAW,EAAEJ,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;AAC7DE,kBAAAA,UAAU,GAAGE,WAAW,CAACJ,KAAK,CAAC,CAAC,CAAC,CAAC;kBAClCZ,gBAAgB,CAACY,KAAK,GAAG,IAAIE,UAAU,CAAC,IAAI,EAAEd,gBAAgB,CAAC;AACnE,iBAAC,MAAM;AACH,kBAAA,MAAM,IAAIoB,KAAK,CAAC,CAAGR,EAAAA,KAAK,qCAAqC,CAAC;AAClE;AACJ,eAAC,MAAM;AACHE,gBAAAA,UAAU,GAAGzB,OAAO,CAACuB,KAAK,CAAC,CAAC,CAAC,CAAC;AAC9B;gBACAZ,gBAAgB,CAACY,KAAK,GAAG,IAAIE,UAAU,CAAC,IAAI,EAAEd,gBAAgB,CAAC;AACnE;AACJ;YACA3B,SAAS,CAACgD,GAAG,CAACpC,IAAI,EAAEqC,SAAS,CAACtB,gBAAgB,CAAC,CAAC;AACpD;AACJ,SAAC,CAAC;AACF,QAAA,IAAI3B,SAAS,CAACkD,KAAK,CAACR,MAAM,EAAE;AACxB5C,UAAAA,aAAa,CAACoD,KAAK,CAACC,OAAO,CAACC,KAAK,CAACtD,aAAa,CAACoD,KAAK,EAAElD,SAAS,CAACkD,KAAK,CAAC;AAC3E;OACH,CAAC,OAAOG,GAAG,EAAE;AACVvC,QAAAA,UAAU,CAACwC,KAAK,CAAC,8DAA8D,CAAC;AAChFxC,QAAAA,UAAU,CAACwC,KAAK,CAACD,GAAG,CAAC;AACrBvC,QAAAA,UAAU,CAACO,IAAI,CAAC,qFAAqF,CAAC;AAC1G;AACJ,KAAC,CAAC;AACN;;AAEJ;;AC/FO,MAAMkC,iBAAiB,SAAS5D,kBAAkB,CAAC;EACtDC,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;;AAEVA,IAAAA,GAAG,CAACC,aAAa,CAACC,SAAS,CAAC,CAAAD,aAAa,KAAI;MACzC,IAAIA,aAAa,IAAI,IAAI,EAAE;AACvB,QAAA;AACJ;MACA,IAAI;AACA,QAAA,MAAME,SAAS,GAAGC,OAAO,CAACC,MAAM,EAAE;AAClC,QAAA,IAAIC,oBAAoB,GAAGN,GAAG,CAACO,gBAAgB,EAAE,CAACC,WAAW,CAAC,uCAAuC,CAAC,IAAI;AACtGC,UAAAA,QAAQ,EAAE,EAAE;AACZC,UAAAA,KAAK,EAAE;SACV;QACD,IAAIJ,oBAAoB,CAACK,OAAO,EAAE;AAC9B;UACA,MAAMC,iBAAiB,GAAGZ,GAAG,CAACO,gBAAgB,EAAE,CAACM,oBAAoB,EAAE;UACvE,MAAMC,WAAW,GAAGC,IAAI,CAACC,OAAO,CAACJ,iBAAiB,EAAEN,oBAAoB,CAACK,OAAO,CAAC;AACjFM,UAAAA,UAAU,CAACC,GAAG,CAAC,CAAsFJ,mFAAAA,EAAAA,WAAW,EAAE,CAAC;AACnHR,UAAAA,oBAAoB,GAAGa,OAAO,CAACL,WAAW,CAAC;AAC/C;AACA,QAAA,MAAMM,UAAU,GAAGd,oBAAoB,CAACI,KAAK,IAAI,EAAE;AACnD,QAAA,MAAMW,aAAa,GAAGf,oBAAoB,CAACG,QAAQ,IAAI,EAAE;AACzD;AACA,QAAA,MAAMC,KAAK,GAAG,IAAIY,GAAG,CAACF,UAAU,CAAC;AACjC,QAAA,MAAMX,QAAQ,GAAG,IAAIa,GAAG,CAACD,aAAa,CAAC;AACvC,QAAA,IAAIX,KAAK,CAACa,IAAI,KAAK,CAAC,EAAE;AAClBN,UAAAA,UAAU,CAACO,IAAI,CAAC,6FAA6F,CAAC;AAClH;AACA;QACA,IAAIC,sBAAsB,GAAGzB,GAAG,CAACO,gBAAgB,EAAE,CAACC,WAAW,CAAC,+CAA+C,CAAC;AAChH,QAAA,IAAI,OAAOiB,sBAAsB,KAAK,SAAS,EAAE;AAC7CA,UAAAA,sBAAsB,GAAG,KAAK;AAClC;AACAf,QAAAA,KAAK,CAACgB,OAAO,CAAC,CAACC,KAAK,EAAEZ,IAAI,KAAK;AAC3B,UAAA,IAAIa,OAAO;AACX;UACA,IAAID,KAAK,CAACC,OAAO,EAAE;YACfA,OAAO,GAAGnB,QAAQ,CAACoB,GAAG,CAACF,KAAK,CAACC,OAAO,CAAC;AACzC,WAAC,MAAM;AACH;AACAA,YAAAA,OAAO,GAAGD,KAAK;AACnB;UACA,IAAIC,OAAO,IAAI,IAAI,EAAE;AACjB,YAAA,MAAM+B,eAAe,GAAG5B,MAAM,CAACC,MAAM,CAAC;AAClCC,cAAAA,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI;cACvB2B,UAAU,EAAE,EAAE;cACdC,OAAO,EAAE,GAAG;cACZC,UAAU,EAAE,KAAK;aACpB,EAAElC,OAAO,EAAE;cACRQ,YAAY,EAAEA,CAACC,GAAG,KAAK;AACnB,gBAAA,IAAIC,aAAa;AACjB,gBAAA,IAAIb,sBAAsB,EAAE;AACxB;AACAa,kBAAAA,aAAa,GAAGD,GAAG,CAACE,OAAO,CAAC,WAAW,CAAC,IAAIF,GAAG,CAACE,OAAO,CAAC,iBAAiB,CAAC,KAAKF,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAa,CAAC;AAC5J,iBAAC,MAAM;AACH;AACAA,kBAAAA,aAAa,GAAID,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAc;AAC9F;AACA,gBAAA,OAAO,CAAGvB,EAAAA,IAAI,CAAIuB,CAAAA,EAAAA,aAAa,CAAE,CAAA;AACrC;AACJ,aAAC,CAAC;YACF,IAAIyB,KAAK,CAACC,OAAO,CAACL,eAAe,CAACM,aAAa,CAAC,EAAE;cAC9CN,eAAe,CAACE,OAAO,GAAG,MAAM;AAC5B,gBAAA,MAAMA,OAAO,GAAGK,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,EAAE,IAAIT,eAAe,CAACM,aAAa,CAAC,CAAC,CAAC,GAAGN,eAAe,CAACM,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAGN,eAAe,CAACM,aAAa,CAAC,CAAC,CAAC,CAAC;AACxJ,gBAAA,OAAOJ,OAAO;eACjB;AACL;YACA,IAAIE,KAAK,CAACC,OAAO,CAACL,eAAe,CAACU,gBAAgB,CAAC,EAAE;cACjDV,eAAe,CAACG,UAAU,GAAG,MAAM;AAC/B,gBAAA,MAAMA,UAAU,GAAGI,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,EAAE,IAAIT,eAAe,CAACU,gBAAgB,CAAC,CAAC,CAAC,GAAGV,eAAe,CAACU,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAGV,eAAe,CAACU,gBAAgB,CAAC,CAAC,CAAC,CAAC;AACpK,gBAAA,OAAOP,UAAU;eACpB;AACL;AACA,YAAA,IAAI,OAAOH,eAAe,CAACjB,KAAK,KAAK,QAAQ,EAAE;AAC3C;cACA,MAAMA,KAAK,GAAGiB,eAAe,CAACjB,KAAK,CAACC,KAAK,CAAC,GAAG,CAAC;AAC9C,cAAA,IAAIC,UAAU;AACd,cAAA,IAAIF,KAAK,CAACG,MAAM,KAAK,CAAC,EAAE;gBACpB,MAAMC,WAAW,GAAG3B,OAAO,CAACuB,KAAK,CAAC,CAAC,CAAC,CAAC;AACrC,gBAAA,IAAIX,MAAM,CAACgB,SAAS,CAACC,cAAc,CAACC,IAAI,CAACH,WAAW,EAAEJ,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;AAC7DE,kBAAAA,UAAU,GAAGE,WAAW,CAACJ,KAAK,CAAC,CAAC,CAAC,CAAC;kBAClCiB,eAAe,CAACjB,KAAK,GAAG,IAAIE,UAAU,CAAC,IAAI,EAAEe,eAAe,CAAC;AACjE,iBAAC,MAAM;AACH,kBAAA,MAAM,IAAIT,KAAK,CAAC,CAAGR,EAAAA,KAAK,qCAAqC,CAAC;AAClE;AACJ,eAAC,MAAM;AACHE,gBAAAA,UAAU,GAAGzB,OAAO,CAACuB,KAAK,CAAC,CAAC,CAAC,CAAC;AAC9B;gBACAiB,eAAe,CAACjB,KAAK,GAAG,IAAIE,UAAU,CAAC,IAAI,EAAEe,eAAe,CAAC;AACjE;AACJ;YACAxD,SAAS,CAACgD,GAAG,CAACpC,IAAI,EAAEuD,QAAQ,CAACX,eAAe,CAAC,CAAC;AAClD;AACJ,SAAC,CAAC;AACF,QAAA,IAAIxD,SAAS,CAACkD,KAAK,CAACR,MAAM,EAAE;AACxB5C,UAAAA,aAAa,CAACoD,KAAK,CAACC,OAAO,CAACC,KAAK,CAACtD,aAAa,CAACoD,KAAK,EAAElD,SAAS,CAACkD,KAAK,CAAC;AAC3E;OACH,CAAC,OAAOG,GAAG,EAAE;AACVvC,QAAAA,UAAU,CAACwC,KAAK,CAAC,+DAA+D,CAAC;AACjFxC,QAAAA,UAAU,CAACwC,KAAK,CAACD,GAAG,CAAC;AACrBvC,QAAAA,UAAU,CAACO,IAAI,CAAC,sFAAsF,CAAC;AAC3G;AACJ,KAAC,CAAC;AACN;;AAEJ;;;;;;;;;;;;;;;;;;;;;;;;;AC1GA,IAAI+C,wBAAwB;AAC5B,IAAIC,kBAAkB;;AAEtB,SAASC,eAAeA,GAAG;;AACvB;AAAA;AAGJ,SAASC,qBAAqBA,GAAG;;AAC7B;AAAA;AAGJ,IAAIC,UAAU,CAAC5B,SAAS,CAAC6B,mBAAmB,CAACC,IAAI,KAAK,qBAAqB,EAAE;AACzE;AACAN,EAAAA,wBAAwB,GAAGI,UAAU,CAAC5B,SAAS,CAAC6B,mBAAmB;AACnED,EAAAA,UAAU,CAAC5B,SAAS,CAAC6B,mBAAmB,GAAGF,qBAAqB;AACpE;;AAEA,IAAIC,UAAU,CAAC5B,SAAS,CAAC+B,aAAa,CAACD,IAAI,KAAK,eAAe,EAAE;AAC7D;AACAL,EAAAA,kBAAkB,GAAGG,UAAU,CAAC5B,SAAS,CAAC+B,aAAa;AACvDH,EAAAA,UAAU,CAAC5B,SAAS,CAAC+B,aAAa,GAAGL,eAAe;AACxD;;AAEA,MAAMM,gBAAgB,SAASJ,UAAU,CAAC;;;;;;;AAOtC;AACJ;AACA;AACA;AACA;AACI5E,EAAAA,WAAWA,CAACiF,OAAO,EAAEC,OAAO,EAAE;AAC1B,IAAA,KAAK,CAAC;AACF;AACZ;AACA;AACA;MACYC,WAAW,EAAE,YAAY;AACrB,QAAA,MAAMC,IAAI,GAAGpB,KAAK,CAACqB,IAAI,CAACC,SAAS,CAAC;QAClC,MAAM,CAACC,OAAO,CAAC,GAAGH,IAAI,CAACI,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;QACnC,MAAMC,IAAI,GAAG,IAAI;QACjB,IAAIF,OAAO,KAAK,QAAQ,EAAE;AACtB,UAAA,MAAMG,cAAc,GAAGT,OAAO,CAACU,cAAc,EAAE,CAACnF,gBAAgB,EAAE,CAACC,WAAW,CAAC,wBAAwB,CAAC,IAAI;AACxGmF,YAAAA,IAAI,EAAE,WAAW;AACjBC,YAAAA,IAAI,EAAE;WACT;AACD,UAAA,MAAMC,MAAM,GAAG,IAAIC,KAAK,CAACL,cAAc,CAAC;AACxC,UAAA,OAAOI,MAAM,CAAC5C,IAAI,CAACqC,OAAO,EAAEH,IAAI,CAAC,CAACY,KAAK,CAAC,CAACtC,KAAK,KAAK;YAC/C,IAAIA,KAAK,YAAYuC,SAAS,IAAIvC,KAAK,CAACwC,OAAO,KAAK,uBAAuB,EAAE;cACzEhF,UAAU,CAACO,IAAI,CAAC,2CAA2C,GAAG0E,IAAI,CAACC,SAAS,CAAChB,IAAI,CAAC,CAAC;AACvF;AACA,YAAA,OAAOiB,OAAO,CAACC,MAAM,CAAC5C,KAAK,CAAC;AAChC,WAAC,CAAC,CAAC6C,OAAO,CAAC,MAAM;YACb,IAAIT,MAAM,CAACU,MAAM,EAAE;cACfV,MAAM,CAACW,UAAU,EAAE,CAACT,KAAK,CAAC,CAACU,aAAa,KAAK;AACzCxF,gBAAAA,UAAU,CAACwC,KAAK,CAACgD,aAAa,CAAC;AACnC,eAAC,CAAC;AACN;AACJ,WAAC,CAAC;AACN;AACA,QAAA,IAAIjB,IAAI,CAACK,MAAM,IAAI,IAAI,EAAE;AACrB,UAAA,MAAMJ,cAAc,GAAGT,OAAO,CAACU,cAAc,EAAE,CAACnF,gBAAgB,EAAE,CAACC,WAAW,CAAC,wBAAwB,CAAC,IAAI;AACxGmF,YAAAA,IAAI,EAAE,WAAW;AACjBC,YAAAA,IAAI,EAAE;WACT;AACDJ,UAAAA,IAAI,CAACK,MAAM,GAAG,IAAIC,KAAK,CAACL,cAAc,CAAC;AAC3C;AACA,QAAA,IAAID,IAAI,CAACK,MAAM,CAACU,MAAM,EAAE;AACpB,UAAA,OAAOf,IAAI,CAACK,MAAM,CAAC5C,IAAI,CAACqC,OAAO,EAAEH,IAAI,CAAC,CAACY,KAAK,CAAC,CAACtC,KAAK,KAAK;YACpD,IAAIA,KAAK,YAAYuC,SAAS,IAAIvC,KAAK,CAACwC,OAAO,KAAK,uBAAuB,EAAE;cACzEhF,UAAU,CAACO,IAAI,CAAC,2CAA2C,GAAG0E,IAAI,CAACC,SAAS,CAAChB,IAAI,CAAC,CAAC;AACvF;AACA,YAAA,OAAOiB,OAAO,CAACC,MAAM,CAAC5C,KAAK,CAAC;AAChC,WAAC,CAAC;AACN;AACA;AACA,QAAA,OAAO,CAAC,MAAM;AACV,UAAA,IAAI+B,IAAI,CAACkB,kBAAkB,IAAI,IAAI,EAAE;AACjC,YAAA,OAAO,IAAI,CAACC,QAAQ,EAAE;AAC1B;AACA,UAAA,OAAOP,OAAO,CAACpF,OAAO,EAAE;AAC5B,SAAC,GAAG,CAAC4F,IAAI,CAAC,MAAM;AACZ;AACAzB,UAAAA,IAAI,CAAC,CAAC,CAAC,GAAGK,IAAI,CAACkB,kBAAkB;AACjC,UAAA,OAAOlB,IAAI,CAACK,MAAM,CAAC5C,IAAI,CAACqC,OAAO,EAAEH,IAAI,CAAC,CAACY,KAAK,CAAC,CAACtC,KAAK,KAAK;YACpD,IAAIA,KAAK,YAAYuC,SAAS,IAAIvC,KAAK,CAACwC,OAAO,KAAK,uBAAuB,EAAE;cACzEhF,UAAU,CAACO,IAAI,CAAC,2CAA2C,GAAG0E,IAAI,CAACC,SAAS,CAAChB,IAAI,CAAC,CAAC;AACvF;AACA,YAAA,OAAOiB,OAAO,CAACC,MAAM,CAAC5C,KAAK,CAAC;AAChC,WAAC,CAAC;AACN,SAAC,CAAC;AACN;KACH,CAAC,CAAC;AAtEX;AACA,OAFIoD,eAAA,CAAA,IAAA,EAAA,QAAA,EAAA,MAAA,CAAA,CAwEI,IAAI,CAACC,IAAI,CAAC7B,OAAO,CAAC,CAClBhE,UAAU,CAAC8F,KAAK,CAAC,sEAAsE,CAAC;IACxF,KAAK,IAAI,CAACJ,QAAQ,EAAE,CAACC,IAAI,CAAC,MAAM;AAC5B3F,MAAAA,UAAU,CAAC8F,KAAK,CAAC,kEAAkE,CAAC;AACxF,KAAC,CAAC,CAAChB,KAAK,CAAC,CAACvC,GAAG,KAAK;AACdvC,MAAAA,UAAU,CAACwC,KAAK,CAAC,6DAA6D,CAAC;AAC/ExC,MAAAA,UAAU,CAACwC,KAAK,CAACD,GAAG,CAAC;AACzB,KAAC,CAAC;AACN;EACA,MAAMmD,QAAQA,GAAG;IACb,MAAM,CAACD,kBAAkB,EAAEM,YAAY,CAAC,GAAG,MAAMZ,OAAO,CAACa,QAAQ,CAAC;AAC9D,IAAA,MAAM1C,wBAAwB,CAACtB,IAAI,CAAC,IAAI,CAAC;AACzC,IAAA,MAAMuB,kBAAkB,CAACvB,IAAI,CAAC,IAAI,CAAC;KACrC;IACF,IAAI,CAACyD,kBAAkB,GAAGA,kBAAkB;IAC5C,IAAI,CAACM,YAAY,GAAGA,YAAY;AACpC;;AAEJ;;ACnHA,MAAME,kBAAkB,GAAG,gCAAgC;;AAE3D,MAAMC,WAAW,CAAC;EACdpH,WAAWA,CAACqH,GAAG,EAAE;IACb,IAAI,CAACzF,KAAK,GAAGyF,GAAG;AACpB;AACAC,EAAAA,QAAQA,GAAG;IACP,OAAO,IAAI,CAAC1F,KAAK;AACrB;AACA;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACIgB,EAAAA,KAAKA,GAAG;AACJ;AACA;IACA,MAAM2E,EAAE,GAAG,uCAAuC;IAClD,MAAMC,OAAO,GAAG,EAAE;IAClB,IAAIC,KAAK,GAAGF,EAAE,CAACG,IAAI,CAAC,IAAI,CAAC9F,KAAK,CAAC;IAC/B,OAAM6F,KAAK,KAAK,IAAI,EAAE;AAClBD,MAAAA,OAAO,CAACG,IAAI,CAACF,KAAK,CAAC,CAAC,CAAC,CAAC;MACtBA,KAAK,GAAGF,EAAE,CAACG,IAAI,CAAC,IAAI,CAAC9F,KAAK,CAAC;AAC/B;AACA,IAAA,OAAO4F,OAAO;AAClB;AACJ;;AAEA,MAAMI,wBAAwB,SAASC,qBAAqB,CAAC;AACzD;AACJ;AACA;EACI7H,WAAWA,CAAC8H,aAAa,EAAE;IACvB,KAAK,CAACA,aAAa,CAAC;IACpB,IAAIC,QAAQ,GAAG,EAAE;AACjB;AACA/F,IAAAA,MAAM,CAACgG,cAAc,CAAC,IAAI,EAAE,UAAU,EAAE;MACpClG,GAAG,EAAEA,MAAM;AACP,QAAA,OAAOiG,QAAQ;OAClB;AACDE,MAAAA,UAAU,EAAE;AAChB,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;EACIC,MAAMA,CAAC5F,GAAG,EAAE;AACR,IAAA,OAAO,IAAI+D,OAAO,CAAC,CAACpF,OAAO,EAAEqF,MAAM,KAAK;MACpC,IAAI;AACA;QACA6B,IAAI,CAACC,OAAO,CAAC9F,GAAG,CAAC+F,OAAO,EAAC,SAAS,CAAC;AACnC;QACAF,IAAI,CAACC,OAAO,CAAC9F,GAAG,CAAC+F,OAAO,CAACC,IAAI,EAAC,MAAM,CAAC;AACrC,QAAA,IAAIhG,GAAG,CAAC+F,OAAO,CAACC,IAAI,CAACC,mBAAmB,IAAIjG,GAAG,CAAC+F,OAAO,CAACC,IAAI,CAACC,mBAAmB,CAACzF,MAAM,GAAC,CAAC,EAAE;AACvF;UACA,IAAI0F,MAAM,GAAGC,GAAG,CAACC,KAAK,CAACpG,GAAG,CAACqG,WAAW,CAAC,CAACC,QAAQ;AAChD;AACA,UAAA,IAAIC,SAAS,GAAG,IAAIzB,WAAW,CAAC9E,GAAG,CAAC+F,OAAO,CAACC,IAAI,CAACC,mBAAmB,CAAC,CAAC3F,KAAK,EAAE;AAC7E;AACA,UAAA,IAAIkG,SAAS,GAAG3B,kBAAkB,CAAC4B,IAAI,CAACzG,GAAG,CAAC0G,MAAM,CAAC,GAAG,OAAO,GAAG,MAAM;AACtE;UACA,IAAIC,MAAM,GAAG,IAAI,CAAClB,QAAQ,CAACmB,IAAI,CAAC,CAAAC,CAAC,KAAI;AACjC;AACA,YAAA,OAAO,IAAIC,MAAM,CAAE,GAAG,GAAGD,CAAC,CAACE,QAAQ,EAAE,GAAG,CAAC,CAACN,IAAI,CAACP,MAAM;AACjD;eACGW,CAAC,CAACG,KAAK,CAACJ,IAAI,CAAC,CAAAK,CAAC,KAAI;AACjB;cACA,OAAOA,CAAC,KAAK,GAAG,IAAIV,SAAS,CAACW,OAAO,CAACD,CAAC,CAAC,IAAE,CAAC;AAC/C,aAAC,CAAC;AACV,WAAC,CAAC;AACF;UACA,IAAIN,MAAM,IAAI,IAAI,EAAE;YAChB,OAAOhI,OAAO,EAAE;AACpB;AACA;UACA,IAAI+C,KAAK,CAACC,OAAO,CAACgF,MAAM,CAACQ,MAAM,CAAC,KAAK,KAAK,EAAE;AACxC;YACA,OAAOxI,OAAO,EAAE;AACpB;AACA;UACA,IAAIgI,MAAM,CAACQ,MAAM,CAACD,OAAO,CAACV,SAAS,CAAC,GAAG,CAAC,EAAE;AACtC;YACA,OAAO7H,OAAO,EAAE;AACpB;AACA;UACA,OAAOA,OAAO,CAACgI,MAAM,CAAC;AAC1B;QACA,OAAOhI,OAAO,EAAE;AACpB;AACA,MAAA,OAAMwC,GAAG,EAAE;QACP,OAAO6C,MAAM,CAAC7C,GAAG,CAAC;AACtB;;AAEJ,KAAC,CAAC;AACN;;AAEJ;;AAEA;AACA;AACA;AACA,MAAMiG,+BAA+B,SAAS9B,wBAAwB,CAAC;AACnE;AACJ;AACA;EACI5H,WAAWA,CAAC8H,aAAa,EAAE;IACxB,KAAK,CAACA,aAAa,CAAC;IACnB,IAAI6B,QAAQ,GAAG,EAAE;AAClB;IACC,IAAI;AACA;AACZ;AACA;AACYA,MAAAA,QAAQ,GAAGvI,OAAO,CAACJ,IAAI,CAACC,OAAO,CAAC6G,aAAa,CAAChH,oBAAoB,EAAE,EAAE,mBAAmB,CAAC,CAAC;AAC/F;AACA,IAAA,OAAM2C,GAAG,EAAE;AACP;AACA,MAAA,IAAIA,GAAG,CAACmG,IAAI,KAAK,kBAAkB,EAAE;AACjC;AACA,QAAA,MAAMnG,GAAG;AACb;AACA;AACJ;AACA,IAAA,IAAI,CAACsE,QAAQ,CAACJ,IAAI,CAACnE,KAAK,CAAC,IAAI,CAACuE,QAAQ,EAAE4B,QAAQ,CAAC;AACrD;AACJ;;AAEA,MAAME,8BAA8B,SAAS9J,kBAAkB,CAAC;AAC5D;AACJ;AACA;EACIC,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;AACV;IACAA,GAAG,CAACO,gBAAgB,EAAE,CAACsJ,WAAW,CAAClC,wBAAwB,EAAE8B,+BAA+B,CAAC;AACjG;AACJ;;;AAGA;AACA;AACA;AACA,MAAMK,8BAA8B,SAAShK,kBAAkB,CAAC;AAC5D;AACJ;AACA;EACIC,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;AACV;AACA,IAAA,MAAM+J,qBAAqB,GAAG/J,GAAG,CAACO,gBAAgB,EAAE,CAACyJ,QAAQ,CAACC,SAAS,EAAEC,OAAO,EAAEC,WAAW,CAACC,OAAO;IACrG,IAAIpK,GAAG,IAAIA,GAAG,CAACqK,SAAS,IAAIN,qBAAqB,IAAI,IAAI,EAAE;AACvD/J,MAAAA,GAAG,CAACqK,SAAS,CAACnK,SAAS,CAAC,CAACmK,SAAS,KAAK;AACnC,QAAA,IAAIA,SAAS,EAAE;AACX,UAAA,MAAMF,WAAW,GAAGnK,GAAG,CAACO,gBAAgB,EAAE,CAAC+J,WAAW,CAAC,SAAS3C,wBAAwBA,GAAG,EAAG,CAAC;UAC/F,IAAIwC,WAAW,IAAI,IAAI,EAAE;AACrB,YAAA,KAAK,MAAMI,oBAAoB,IAAIR,qBAAqB,EAAE;cACtD,IAAI;gBACA,MAAMjC,QAAQ,GAAG3G,OAAO,CAACJ,IAAI,CAACC,OAAO,CAAChB,GAAG,CAACO,gBAAgB,EAAE,CAACM,oBAAoB,EAAE,EAAE0J,oBAAoB,CAAC,CAAC;AAC3G,gBAAA,IAAIzC,QAAQ,EAAE;AACV;AACAqC,kBAAAA,WAAW,CAACrC,QAAQ,CAACxE,OAAO,CAAC,GAAGwE,QAAQ,CAAC;AAC7C;AACJ;AACA,cAAA,OAAMtE,GAAG,EAAE;AACP;AACA,gBAAA,IAAIA,GAAG,CAACmG,IAAI,KAAK,kBAAkB,EAAE;AACjC;AACA,kBAAA,MAAMnG,GAAG;AACb;AACJ;AACJ;AACJ;AACJ;AACJ,OAAC,CAAC;AACN;AACJ;AACJ;;ACxLA,SAASgH,aAAaA,GAAG;AACrB,EAAA,OAAO,CAACnI,GAAG,EAAEoI,GAAG,EAAEC,IAAI,KAAK;AACvB;AACR;AACA;AACQ,IAAA,IAAIC,wBAAwB,GAAGtI,GAAG,CAAC+F,OAAO,CAAC1C,cAAc,EAAE,CAACnF,gBAAgB,EAAE,CAAC+J,WAAW,CAAC3C,wBAAwB,CAAC;AACpH,IAAA,IAAI,OAAOgD,wBAAwB,KAAK,WAAW,EAAE;AACjD,MAAA,OAAOD,IAAI,CAAC,IAAIxH,KAAK,CAAC,wGAAwG,CAAC,CAAC;AACpI;IACAyH,wBAAwB,CAAC1C,MAAM,CAAC5F,GAAG,CAAC,CAACuE,IAAI,CAAC,CAAAjF,KAAK,KAAI;AAC/C,MAAA,IAAIA,KAAK,EAAE;QACP,OAAO+I,IAAI,EAAE;AACjB;AACA,MAAA,OAAOA,IAAI,CAAC,IAAIE,kBAAkB,CAAC,4CAA4C,CAAC,CAAC;AACrF,KAAC,CAAC,CAAC7E,KAAK,CAAC,CAAA8E,MAAM,KAAI;MACf,OAAOH,IAAI,CAACG,MAAM,CAAC;AACvB,KAAC,CAAC;GACL;AACL;;ACjBA,SAASC,cAAcA,CAAC9J,OAAO,EAAEqF,MAAM,EAAE;AACrC,EAAA,OAAO,UAAU7C,GAAG,EAAEuH,QAAQ,EAAE;AAC5B,IAAA,IAAIvH,GAAG,EAAE;AACL;AACZ;AACA;AACY,MAAA,MAAMuH,QAAQ,GAAGvH,GAAG,CAACuH,QAAQ;MAC7B,IAAIA,QAAQ,IAAIA,QAAQ,CAACxI,OAAO,CAAC,cAAc,CAAC,KAAK,kBAAkB,EAAE;AACrE;AACA,QAAA,MAAMyI,WAAW,GAAGD,QAAQ,CAACE,IAAI;QACjC,MAAMxH,KAAK,GAAG,IAAIyH,SAAS,CAACH,QAAQ,CAACI,MAAM,CAAC;AAC5C,QAAA,OAAO9E,MAAM,CAACtE,MAAM,CAACC,MAAM,CAACyB,KAAK,EAAE;AAC/BuH,UAAAA;AACJ,SAAC,CAAC,CAAC;AACP;MACA,OAAO3E,MAAM,CAAC7C,GAAG,CAAC;AACtB;AACA,IAAA,IAAIuH,QAAQ,CAACI,MAAM,KAAK,GAAG,IAAIJ,QAAQ,CAACxI,OAAO,CAAC,cAAc,CAAC,KAAK,kBAAkB,EAAE;MACpF,OAAOvB,OAAO,CAAC,IAAI,CAAC;AACxB;AACA,IAAA,OAAOA,OAAO,CAAC+J,QAAQ,CAACE,IAAI,CAAC;GAChC;AACL;;AAEA;AACA;AACA;AACA,MAAMG,mBAAmB,SAAStL,kBAAkB,CAAC;AACjD;AACJ;AACA;EACIC,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;AACV;AACR;AACA;AACA;AACS+B,IAAAA,MAAM,CAACgG,cAAc,CAAC,IAAI,EAAE,UAAU,EAAE;AACrCsD,MAAAA,QAAQ,EAAE,KAAK;MACf1J,KAAK,EAAE3B,GAAG,CAACO,gBAAgB,EAAE,CAACC,WAAW,CAAC,eAAe,CAAC;AAC1DwH,MAAAA,UAAU,EAAE,KAAK;AACjBsD,MAAAA,YAAY,EAAE;AAClB,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACKC,EAAAA,SAASA,GAAG;AACT,IAAA,OAAO,IAAI,CAACvB,QAAQ,CAACwB,UAAU;AACnC;;AAEA;AACJ;AACA;AACA;AACKC,EAAAA,YAAYA,GAAG;AACZ,IAAA,OAAO,IAAI,CAACzB,QAAQ,CAAC0B,SAAS;AAClC;;AAEA;AACA;AACJ;AACA;AACA;AACA;EACIC,WAAWA,CAACC,KAAK,EAAE;AACf,IAAA,OAAO,IAAIxF,OAAO,CAAC,CAACpF,OAAO,EAAEqF,MAAM,KAAK;AACpC,MAAA,MAAMwF,YAAY,GAAG,IAAI,CAAC7B,QAAQ,CAAC6B,YAAY,GAAG,IAAIC,GAAG,CAAC,IAAI,CAAC9B,QAAQ,CAAC6B,YAAY,EAAE,IAAI,CAACN,SAAS,EAAE,CAAC,GAAG,IAAIO,GAAG,CAAC,IAAI,EAAE,IAAI,CAACP,SAAS,EAAE,CAAC;AACzI,MAAA,OAAO,IAAIQ,OAAO,CAAC,KAAK,EAAEF,YAAY,CAAC;AAClCG,MAAAA,GAAG,CAAC;QACD,eAAe,EAAE,CAAUJ,OAAAA,EAAAA,KAAK,CAAE,CAAA;AAClC,QAAA,QAAQ,EAAE;AACd,OAAC,CAAC;AACDK,MAAAA,KAAK,CAAC;AACH,QAAA,cAAc,EAACL;OAClB,CAAC,CAACM,GAAG,CAACpB,cAAc,CAAC9J,OAAO,EAAEqF,MAAM,CAAC,CAAC;AAC/C,KAAC,CAAC;AACN;;AAEA;AACA;AACJ;AACA;AACA;EACI8F,mBAAmBA,CAAC/D,OAAO,EAAE;AACzB,IAAA,IAAIA,OAAO,CAACC,IAAI,IAAI,IAAI,EAAE;MACtB,OAAOjC,OAAO,CAACC,MAAM,CAAC,IAAInD,KAAK,CAAC,8BAA8B,CAAC,CAAC;AACpE;AACA,IAAA,IAAIkF,OAAO,CAACC,IAAI,CAAC+D,kBAAkB,KAAK,QAAQ,EAAE;MAC9C,OAAOhG,OAAO,CAACC,MAAM,CAAC,IAAInD,KAAK,CAAC,qCAAqC,CAAC,CAAC;AAC3E;AACA,IAAA,IAAIkF,OAAO,CAACC,IAAI,CAACgE,mBAAmB,IAAI,IAAI,EAAE;MAC1C,OAAOjG,OAAO,CAACC,MAAM,CAAC,IAAInD,KAAK,CAAC,6CAA6C,CAAC,CAAC;AACnF;IACA,OAAO,IAAI,CAACoJ,YAAY,CAAClE,OAAO,EAAEA,OAAO,CAACC,IAAI,CAACgE,mBAAmB,CAAC;AACvE;AACA;AACJ;AACA;AACA;AACA;AACIC,EAAAA,YAAYA,CAACC,QAAQ,EAAEX,KAAK,EAAE;AAC1B,IAAA,OAAO,IAAIxF,OAAO,CAAC,CAACpF,OAAO,EAAEqF,MAAM,KAAK;AACpC,MAAA,MAAMmG,iBAAiB,GAAG,IAAI,CAACxC,QAAQ,CAACwC,iBAAiB,GAAG,IAAIV,GAAG,CAAC,IAAI,CAAC9B,QAAQ,CAACwC,iBAAiB,EAAE,IAAI,CAACjB,SAAS,EAAE,CAAC,GAAG,IAAIO,GAAG,CAAC,WAAW,EAAE,IAAI,CAACP,SAAS,EAAE,CAAC;AAC/J,MAAA,OAAO,IAAIQ,OAAO,CAAC,MAAM,EAAES,iBAAiB,CAAC;AACxCC,MAAAA,IAAI,CAAC,IAAI,CAACzC,QAAQ,CAAC0C,SAAS,EAAE,IAAI,CAAC1C,QAAQ,CAAC2C,aAAa,CAAC;AAC1DX,MAAAA,GAAG,CAAC,QAAQ,EAAE,kBAAkB,CAAC;MACjCY,IAAI,CAAC,MAAM,CAAC;AACZC,MAAAA,IAAI,CAAC;AACF,QAAA,iBAAiB,EAAE,cAAc;AACjC,QAAA,OAAO,EAAEjB;OACZ,CAAC,CAACM,GAAG,CAACpB,cAAc,CAAC9J,OAAO,EAAEqF,MAAM,CAAC,CAAC;AAC/C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;EACKyG,SAASA,CAACC,aAAa,EAAE;AACtB,IAAA,MAAMC,QAAQ,GAAG,IAAI,CAAChD,QAAQ,CAACiD,SAAS,GAAG,IAAInB,GAAG,CAAC,IAAI,CAAC9B,QAAQ,CAACiD,SAAS,CAAC,GAAG,IAAInB,GAAG,CAAC,WAAW,EAAE,IAAI,CAACP,SAAS,EAAE,CAAC;AACpH,IAAA,OAAO,IAAInF,OAAO,CAAC,CAACpF,OAAO,EAAEqF,MAAM,KAAI;AACnC,MAAA,OAAO,IAAI0F,OAAO,CAAC,MAAM,EAAEiB,QAAQ,CAAC;MAC/BJ,IAAI,CAAC,MAAM,CAAC;AACZC,MAAAA,IAAI,CAACE,aAAa,CAAC,CAACb,GAAG,CAACpB,cAAc,CAAC9J,OAAO,EAAEqF,MAAM,CAAC,CAAC;AACjE,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACK6G,EAAAA,WAAWA,CAACC,OAAO,EAAElI,OAAO,EAAE;AAC3B,IAAA,OAAO,IAAImB,OAAO,CAAC,CAACpF,OAAO,EAAEqF,MAAM,KAAK;AACpC,MAAA,OAAO,IAAI0F,OAAO,CAAC,KAAK,EAAE,IAAID,GAAG,CAAC,CAAA,MAAA,EAASqB,OAAO,CAAA,CAAE,EAAE,IAAI,CAAC1B,YAAY,EAAE,CAAC,CAAC;MACtEO,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAU/G,OAAO,CAACmI,YAAY,EAAE,CAAC;AACtDlB,MAAAA,GAAG,CAACpB,cAAc,CAAC9J,OAAO,EAAEqF,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACIgH,EAAAA,OAAOA,CAACC,QAAQ,EAAErI,OAAO,EAAE;AACvB,IAAA,OAAO,IAAImB,OAAO,CAAC,CAACpF,OAAO,EAAEqF,MAAM,KAAI;AACnC,MAAA,OAAO,IAAI0F,OAAO,CAAC,KAAK,EAAE,IAAID,GAAG,CAAC,OAAO,EAAE,IAAI,CAACL,YAAY,EAAE,CAAC,CAAC;MAC3DO,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAU/G,OAAO,CAACmI,YAAY,EAAE,CAAC;AACtDnB,MAAAA,KAAK,CAAC;QACH,SAAS,EAAE,YAAYqB,QAAQ,CAAA,CAAA;AACnC,OAAC,CAAC;AACDpB,MAAAA,GAAG,CAACpB,cAAc,CAAC9J,OAAO,EAAEqF,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACKkH,EAAAA,cAAcA,CAACC,KAAK,EAAEvI,OAAO,EAAE;AAC5B,IAAA,OAAO,IAAImB,OAAO,CAAC,CAACpF,OAAO,EAAEqF,MAAM,KAAI;AACnC,MAAA,OAAO,IAAI0F,OAAO,CAAC,KAAK,EAAE,IAAID,GAAG,CAAC,OAAO,EAAE,IAAI,CAACL,YAAY,EAAE,CAAC,CAAC;MAC3DO,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAU/G,OAAO,CAACmI,YAAY,EAAE,CAAC;AACtDnB,MAAAA,KAAK,CAAC;QACH,SAAS,EAAE,qBAAqBuB,KAAK,CAAA,CAAA;AACzC,OAAC,CAAC;AACDtB,MAAAA,GAAG,CAACpB,cAAc,CAAC9J,OAAO,EAAEqF,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACKoH,EAAAA,UAAUA,CAACpF,IAAI,EAAEpD,OAAO,EAAE;AACvB,IAAA,OAAO,IAAImB,OAAO,CAAC,CAACpF,OAAO,EAAEqF,MAAM,KAAI;AACnC,MAAA,IAAIgC,IAAI,CAACqF,EAAE,IAAI,IAAI,EAAE;AACjB,QAAA,OAAOrH,MAAM,CAAC,IAAIsH,SAAS,CAAC,cAAc,EAAE,wCAAwC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;AAC9G;MACA,MAAMC,OAAO,GAAG,IAAI7B,OAAO,CAAC,KAAK,EAAE,IAAID,GAAG,CAAC,CAAA,MAAA,EAASzD,IAAI,CAACqF,EAAE,EAAE,EAAE,IAAI,CAACjC,YAAY,EAAE,CAAC,CAAC;MACpF,OAAOmC,OAAO,CAAC5B,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAU/G,OAAO,CAACmI,YAAY,CAAA,CAAE,CAAC;AAChEpB,MAAAA,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC;MACvCa,IAAI,CAACxE,IAAI,CAAC;AACV6D,MAAAA,GAAG,CAACpB,cAAc,CAAC9J,OAAO,EAAEqF,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACKwH,EAAAA,UAAUA,CAACxF,IAAI,EAAEpD,OAAO,EAAE;AACvB,IAAA,OAAO,IAAImB,OAAO,CAAC,CAACpF,OAAO,EAAEqF,MAAM,KAAI;AACnC,MAAA,MAAMuH,OAAO,GAAG,IAAI7B,OAAO,CAAC,MAAM,EAAE,IAAID,GAAG,CAAC,OAAO,EAAE,IAAI,CAACL,YAAY,EAAE,CAAC,CAAC;MAC1E,OAAOmC,OAAO,CAAC5B,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAU/G,OAAO,CAACmI,YAAY,CAAA,CAAE,CAAC;AAChEpB,MAAAA,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC;MACvCa,IAAI,CAAC9K,MAAM,CAACC,MAAM,CAAC,EAAE,EAAEqG,IAAI,EAAE;QAC1ByF,MAAM,EAAE,CAAC;AACb,OAAC,CAAC,CAAC;AACF5B,MAAAA,GAAG,CAACpB,cAAc,CAAC9J,OAAO,EAAEqF,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACK0H,EAAAA,UAAUA,CAAC1F,IAAI,EAAEpD,OAAO,EAAE;AACvB,IAAA,OAAO,IAAImB,OAAO,CAAC,CAACpF,OAAO,EAAEqF,MAAM,KAAI;AACnC,MAAA,IAAIgC,IAAI,CAACqF,EAAE,IAAI,IAAI,EAAE;AACjB,QAAA,OAAOrH,MAAM,CAAC,IAAIsH,SAAS,CAAC,cAAc,EAAE,wCAAwC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;AAC9G;MACA,MAAMC,OAAO,GAAG,IAAI7B,OAAO,CAAC,QAAQ,EAAE,IAAID,GAAG,CAAC,CAAA,MAAA,EAASzD,IAAI,CAACqF,EAAE,EAAE,EAAE,IAAI,CAACjC,YAAY,EAAE,CAAC,CAAC;MACvF,OAAOmC,OAAO,CAAC5B,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAU/G,OAAO,CAACmI,YAAY,CAAA,CAAE,CAAC;AAChElB,MAAAA,GAAG,CAACpB,cAAc,CAAC9J,OAAO,EAAEqF,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;EACI2H,yBAAyBA,CAACC,KAAK,EAAE;AAC7B,IAAA,IAAIA,KAAK,EAAE;MACP,IAAI,CAACC,wBAAwB,GAAG,IAAI;AACxC;IACA,IAAI,IAAI,CAACA,wBAAwB,EAAE;AAC/B,MAAA,OAAO9H,OAAO,CAACpF,OAAO,CAAC,IAAI,CAACkN,wBAAwB,CAAC;AACzD;AACA,IAAA,OAAO,IAAI9H,OAAO,CAAC,CAACpF,OAAO,EAAEqF,MAAM,KAAK;AACpC,MAAA,MAAM8H,4BAA4B,GAAG,IAAI,CAACnE,QAAQ,CAACmE,4BAA4B,GAAG,IAAIrC,GAAG,CAAC,IAAI,CAAC9B,QAAQ,CAACmE,4BAA4B,EAAE,IAAI,CAAC5C,SAAS,EAAE,CAAC,GAAG,IAAIO,GAAG,CAAC,kCAAkC,EAAE,IAAI,CAACP,SAAS,EAAE,CAAC;AACvN,MAAA,OAAO,IAAIQ,OAAO,CAAC,KAAK,EAAEoC,4BAA4B,CAAC;AAClDjC,MAAAA,GAAG,CAACpB,cAAc,CAAC9J,OAAO,EAAEqF,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC,CAACO,IAAI,CAAC,CAACiB,aAAa,KAAK;MACvB,IAAI,CAACqG,wBAAwB,GAAGrG,aAAa;AAC7C,MAAA,OAAOA,aAAa;AACxB,KAAC,CAAC;AACN;AACJ;;ACrPA,MAAMuG,4BAA4B,SAASxD,kBAAkB,CAAC;AAC1D7K,EAAAA,WAAWA,GAAG;IACV,KAAK,CAAC,+GAA+G,CAAC;IACtH,IAAI,CAACsO,UAAU,GAAG,KAAK;AAC3B;;AAEJ;;AAEA,MAAMC,sBAAsB,SAASxO,kBAAkB,CAAC;EACtDC,WAAWA,CAACC,GAAG,EAAE;IACf,KAAK,CAACA,GAAG,CAAC;;AAEV;IACA,IAAIyB,sBAAsB,GAAGzB,GAAG,CAACO,gBAAgB,EAAE,CAACC,WAAW,CAAC,+CAA+C,CAAC;AAChH,IAAA,IAAI,OAAOiB,sBAAsB,KAAK,SAAS,EAAE;AAC7CA,MAAAA,sBAAsB,GAAG,KAAK;AAClC;IACA,IAAI,CAACA,sBAAsB,GAAGA,sBAAsB;AACpD;AACA,IAAA,IAAI,CAAC8M,KAAK,GAAGvO,GAAG,CAACO,gBAAgB,EAAE,CAACC,WAAW,CAAC,gDAAgD,CAAC,IAAI,eAAe;;AAEpHR,IAAAA,GAAG,CAACC,aAAa,CAACC,SAAS,CAAC,CAACD,aAAa,KAAK;MAC3C,IAAIA,aAAa,IAAI,IAAI,EAAE;AACvB,QAAA;AACJ;AACA,MAAA,MAAME,SAAS,GAAGC,OAAO,CAACC,MAAM,EAAE;MAClCF,SAAS,CAACgD,GAAG,CAAC,CAACd,GAAG,EAAEoI,GAAG,EAAEC,IAAI,KAAK;QAC9B,KAAK,IAAI,CAAC8D,qBAAqB,CAACnM,GAAG,CAAC,CAACuE,IAAI,CAAC,CAACjF,KAAK,KAAK;UACjD,IAAIA,KAAK,KAAK,KAAK,EAAE;AACjB,YAAA,OAAO+I,IAAI,CAAC,IAAI0D,4BAA4B,EAAE,CAAC;AACnD;UACA,OAAO1D,IAAI,EAAE;AACjB,SAAC,CAAC,CAAC3E,KAAK,CAAC,CAACvC,GAAG,KAAK;UACd,OAAOkH,IAAI,CAAClH,GAAG,CAAC;AACpB,SAAC,CAAC;AACN,OAAC,CAAC;AACF;AACAvD,MAAAA,aAAa,CAACoD,KAAK,CAACC,OAAO,CAACC,KAAK,CAACtD,aAAa,CAACoD,KAAK,EAAElD,SAAS,CAACkD,KAAK,CAAC;AAC3E,KAAC,CAAC;AACJ;;AAEA;AACF;AACA;AACA;AACA;EACEoL,gBAAgBA,CAACpM,GAAG,EAAE;AACpB,IAAA,IAAIC,aAAa;IACjB,IAAI,IAAI,CAACb,sBAAsB,EAAE;AAC7B;AACAa,MAAAA,aAAa,GAAGD,GAAG,CAACE,OAAO,CAAC,WAAW,CAAC,IAAIF,GAAG,CAACE,OAAO,CAAC,iBAAiB,CAAC,KAAKF,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAa,CAAC;AAC5J,KAAC,MAAM;AACHA,MAAAA,aAAa,GAAGD,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAa;AAC5F;AACA,IAAA,OAAOA,aAAa;AACtB;;AAEA;AACF;AACA;AACA;AACA;EACE,MAAMkM,qBAAqBA,CAACnM,GAAG,EAAE;IAC/B,MAAMgK,mBAAmB,GAAGhK,GAAG,CAAC+F,OAAO,EAAEC,IAAI,EAAEgE,mBAAmB;IAClE,IAAIA,mBAAmB,IAAI,IAAI,EAAE;AAC7B,MAAA,MAAMe,YAAY,GAAGsB,GAAG,CAACC,MAAM,CAACtC,mBAAmB,CAAC;AACpD,MAAA,MAAM/J,aAAa,GAAG8K,YAAY,CAAC,IAAI,CAACmB,KAAK,CAAC;MAC9C,IAAIjM,aAAa,IAAI,IAAI,EAAE;QACvBrB,UAAU,CAACO,IAAI,CAAC,CAAA,oFAAA,EAAuF,IAAI,CAAC+M,KAAK,2BAA2B,CAAC;AAC7I,QAAA,OAAO,KAAK;AAChB;AACA;AACA,MAAA,MAAMK,oBAAoB,GAAG,IAAI,CAACH,gBAAgB,CAACpM,GAAG,CAAC;MACvD,IAAIC,aAAa,KAAKsM,oBAAoB,EAAE;QACxC3N,UAAU,CAACO,IAAI,CAAC,CAAgEc,6DAAAA,EAAAA,aAAa,IAAI,QAAQ,CAAA,+BAAA,EAAkCsM,oBAAoB,CAAA,CAAE,CAAC;AAClK,QAAA,OAAO,KAAK;AAChB;AACA,MAAA,OAAO,IAAI;AACf;AACA3N,IAAAA,UAAU,CAACO,IAAI,CAAC,8FAA8F,CAAC;AAC/G,IAAA,OAAO,KAAK;AACd;;AAEF;;;;"}
1
+ {"version":3,"file":"index.esm.js","sources":["../src/RateLimitService.js","../src/SpeedLimitService.js","../src/RedisClientStore.js","../src/ScopeAccessConfiguration.js","../src/validateScope.js","../src/OAuth2ClientService.js","../src/RemoteAddressValidator.js","../src/AppRateLimitService.js","../src/AppSpeedLimitService.js"],"sourcesContent":["import { ApplicationService, TraceUtils } from '@themost/common';\nimport { rateLimit } from 'express-rate-limit';\nimport express from 'express';\nimport path from 'path';\nimport { BehaviorSubject } from 'rxjs';\n\nexport class RateLimitService extends ApplicationService {\n /**\n * @param {import('@themost/express').ExpressDataApplication} app \n */\n constructor(app) {\n super(app);\n\n // get proxy address forwarding option\n const proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');\n this.proxyAddressForwarding = typeof proxyAddressForwarding !== 'boolean'? false : proxyAddressForwarding; \n\n /**\n * @type {BehaviorSubject<{ target: RateLimitService }>}\n */\n this.loaded = new BehaviorSubject(null);\n\n const serviceContainer = this.getServiceContainer();\n if (serviceContainer == null) {\n TraceUtils.warn(`${this.getServiceName()} is being started but the parent router seems to be unavailable.`);\n return;\n }\n serviceContainer.subscribe((router) => {\n if (router == null) {\n return;\n }\n try {\n // set router for further processing\n Object.defineProperty(this, 'router', {\n value: express.Router(),\n writable: false,\n enumerable: false,\n configurable: true\n });\n const serviceConfiguration = this.getServiceConfiguration();\n // create maps\n const paths = serviceConfiguration.paths;\n if (paths.size === 0) {\n TraceUtils.warn(`${this.getServiceName()} is being started but the collection of paths is empty.`);\n }\n paths.forEach((value, path) => {\n this.set(path, value);\n });\n if (router.stack) {\n router.stack.unshift.apply(router.stack, this.router.stack);\n } else {\n // use router\n router.use(this.router);\n // get router stack (use a workaround for express 4.x)\n const stack = router._router && router._router.stack;\n if (Array.isArray(stack)) {\n // stage #1 find logger middleware (for supporting request logging)\n let index = stack.findIndex((item) => {\n return item.name === 'logger';\n });\n if (index === -1) {\n // stage #2 find expressInit middleware\n index = stack.findIndex((item) => {\n return item.name === 'expressInit';\n });\n }\n // if found, move the last middleware to be after expressInit\n if (index > -1) {\n // move the last middleware to be after expressInit\n stack.splice(index + 1, 0, stack.pop());\n }\n } else {\n TraceUtils.warn(`${this.getServiceName()} is being started but the container stack is not available.`);\n }\n }\n // notify that the service is loaded\n this.loaded.next({ target: this });\n } catch (err) {\n TraceUtils.error('An error occurred while validating rate limit configuration.');\n TraceUtils.error(err);\n TraceUtils.warn('Rate limit service is inactive due to an error occured while loading configuration.')\n }\n });\n }\n\n /**\n * Returns the service router that is used to register rate limit middleware.\n * @returns {import('rxjs').BehaviorSubject<import('express').Router | import('express').Application>} The service router.\n */\n getServiceContainer() {\n return this.getApplication() && this.getApplication().serviceRouter;\n }\n\n /**\n * Returns the service name.\n * @returns {string} The service name.\n */\n getServiceName() {\n return '@universis/janitor#RateLimitService';\n }\n /**\n * Returns the service configuration.\n * @returns {{extends?: string, profiles?: Array, paths?: Array}} The service configuration.\n */\n getServiceConfiguration() {\n if (this.serviceConfiguration) {\n return this.serviceConfiguration;\n }\n let serviceConfiguration = {\n profiles: [],\n paths: []\n };\n // get service configuration\n const serviceConfigurationSource = this.getApplication().getConfiguration().getSourceAt('settings/universis/janitor/rateLimit');\n if (serviceConfigurationSource) {\n if (typeof serviceConfigurationSource.extends === 'string') {\n // get additional configuration\n const configurationPath = this.getApplication().getConfiguration().getConfigurationPath();\n const extendsPath = path.resolve(configurationPath, serviceConfigurationSource.extends);\n TraceUtils.log(`${this.getServiceName()} will try to extend service configuration using ${extendsPath}`);\n serviceConfiguration = Object.assign({}, {\n profiles: [],\n paths: []\n }, require(extendsPath));\n } else {\n TraceUtils.log(`${this.getServiceName()} will use service configuration from settings/universis/janitor/rateLimit`);\n serviceConfiguration = Object.assign({}, {\n profiles: [],\n paths: []\n }, serviceConfigurationSource);\n }\n }\n const pathsArray = serviceConfiguration.paths || [];\n const profilesArray = serviceConfiguration.profiles || [];\n // create maps\n serviceConfiguration.paths = new Map(pathsArray);\n serviceConfiguration.profiles = new Map(profilesArray);\n // set service configuration\n Object.defineProperty(this, 'serviceConfiguration', {\n value: serviceConfiguration,\n writable: false,\n enumerable: false,\n configurable: true\n });\n return this.serviceConfiguration;\n }\n\n /**\n * Sets the rate limit configuration for a specific path.\n * @param {string} path \n * @param {{ profile: string } | import('express-rate-limit').Options} options \n * @returns {RateLimitService} The service instance for chaining.\n */\n set(path, options) {\n let opts;\n // get profile\n if (options.profile) {\n opts = this.serviceConfiguration.profiles.get(options.profile);\n } else {\n // or options defined inline\n opts = options\n }\n /**\n * @type { import('express-rate-limit').Options }\n */\n const rateLimitOptions = Object.assign({\n windowMs: 5 * 60 * 1000, // 5 minutes\n limit: 50, // 50 requests\n legacyHeaders: true // send headers\n }, opts, {\n keyGenerator: (req) => {\n let remoteAddress;\n if (this.proxyAddressForwarding) {\n // get proxy headers or remote address\n remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n } else {\n // get remote address\n remoteAddress = (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n }\n return `${path}:${remoteAddress}`;\n }\n });\n if (typeof rateLimitOptions.store === 'undefined') {\n const StoreClass = this.getStoreType();\n if (typeof StoreClass === 'function') {\n rateLimitOptions.store = new StoreClass(this, rateLimitOptions);\n }\n }\n this.router.use(path, rateLimit(rateLimitOptions));\n return this;\n }\n\n /**\n * @returns {function} The type of store used for rate limiting.\n */\n getStoreType() {\n const serviceConfiguration = this.getServiceConfiguration();\n if (typeof serviceConfiguration.storeType !== 'string') {\n return;\n }\n let StoreClass;\n const store = serviceConfiguration.storeType.split('#');\n if (store.length === 2) {\n const storeModule = require(store[0]);\n if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {\n StoreClass = storeModule[store[1]];\n return StoreClass\n } else {\n throw new Error(`${store} cannot be found or is inaccessible`);\n }\n } else {\n StoreClass = require(store[0]);\n return StoreClass;\n }\n }\n\n /**\n * Unsets the rate limit configuration for a specific path.\n * @param {string} path \n * @returns {RateLimitService} The service instance for chaining.\n */\n unset(path) {\n const index =this.router.stack.findIndex((layer) => {\n return layer.route && layer.route.path === path;\n });\n if (index !== -1) {\n this.router.stack.splice(index, 1);\n }\n return this;\n }\n\n}","import { ApplicationService, TraceUtils } from '@themost/common';\nimport slowDown from 'express-slow-down';\nimport express from 'express';\nimport path from 'path';\nimport { BehaviorSubject } from 'rxjs';\n\nexport class SpeedLimitService extends ApplicationService {\n constructor(app) {\n super(app);\n\n // get proxy address forwarding option\n const proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');\n this.proxyAddressForwarding = typeof proxyAddressForwarding !== 'boolean'? false : proxyAddressForwarding; \n\n /**\n * @type {BehaviorSubject<{ target: SpeedLimitService }>}\n */\n this.loaded = new BehaviorSubject(null);\n\n const serviceContainer = this.getServiceContainer();\n if (serviceContainer == null) {\n TraceUtils.warn(`${this.getServiceName()} is being started but the parent router seems to be unavailable.`);\n return;\n }\n\n serviceContainer.subscribe(router => {\n if (router == null) {\n return;\n }\n try {\n // set router for further processing\n Object.defineProperty(this, 'router', {\n value: express.Router(),\n writable: false,\n enumerable: false,\n configurable: true\n });\n const serviceConfiguration = this.getServiceConfiguration();\n // create maps\n const paths = serviceConfiguration.paths;\n if (paths.size === 0) {\n TraceUtils.warn(`${this.getServiceName()} is being started but the collection of paths is empty.`);\n }\n paths.forEach((value, path) => {\n this.set(path, value);\n });\n if (router.stack) {\n router.stack.unshift.apply(router.stack, this.router.stack);\n } else {\n // use router\n router.use(this.router);\n // get router stack (use a workaround for express 4.x)\n const stack = router._router && router._router.stack;\n if (Array.isArray(stack)) {\n // stage #1 find logger middleware (for supporting request logging)\n let index = stack.findIndex((item) => {\n return item.name === 'logger';\n });\n if (index === -1) {\n // stage #2 find expressInit middleware\n index = stack.findIndex((item) => {\n return item.name === 'expressInit';\n });\n }\n } else {\n TraceUtils.warn(`${this.getServiceName()} is being started but the container stack is not available.`);\n }\n }\n // notify that the service is loaded\n this.loaded.next({ target: this });\n } catch (err) {\n TraceUtils.error('An error occurred while validating speed limit configuration.');\n TraceUtils.error(err);\n TraceUtils.warn('Speed limit service is inactive due to an error occured while loading configuration.')\n }\n });\n }\n\n /**\n * @returns {function} The type of store used for rate limiting.\n */\n getStoreType() {\n const serviceConfiguration = this.getServiceConfiguration();\n if (typeof serviceConfiguration.storeType !== 'string') {\n return;\n }\n let StoreClass;\n const store = serviceConfiguration.storeType.split('#');\n if (store.length === 2) {\n const storeModule = require(store[0]);\n if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {\n StoreClass = storeModule[store[1]];\n return StoreClass\n } else {\n throw new Error(`${store} cannot be found or is inaccessible`);\n }\n } else {\n StoreClass = require(store[0]);\n return StoreClass;\n }\n }\n\n /**\n * Returns the service name.\n * @returns {string} The service name.\n */\n getServiceName() {\n return '@universis/janitor#SpeedLimitService';\n }\n\n /**\n * Returns the service router that is used to register speed limit middleware.\n * @returns {import('express').Router | import('express').Application} The service router.\n */\n getServiceContainer() {\n return this.getApplication() && this.getApplication().serviceRouter;\n }\n\n /**\n * Sets the speed limit configuration for a specific path.\n * @param {string} path \n * @param {{ profile: string } | import('express-slow-down').Options} options \n * @returns {SpeedLimitService} The service instance for chaining.\n */\n set(path, options) {\n let opts;\n // get profile\n if (options.profile) {\n opts = this.serviceConfiguration.profiles.get(options.profile);\n } else {\n // or options defined inline\n opts = options\n }\n const slowDownOptions = Object.assign({\n windowMs: 5 * 60 * 1000, // 5 minutes\n delayAfter: 20, // 20 requests\n delayMs: 500, // 500 ms\n maxDelayMs: 10000 // 10 seconds\n }, opts, {\n keyGenerator: (req) => {\n let remoteAddress;\n if (this.proxyAddressForwarding) {\n // get proxy headers or remote address\n remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n } else {\n // get remote address\n remoteAddress = (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n }\n return `${path}:${remoteAddress}`;\n }\n });\n if (Array.isArray(slowDownOptions.randomDelayMs)) {\n slowDownOptions.delayMs = () => {\n const delayMs = Math.floor(Math.random() * (slowDownOptions.randomDelayMs[1] - slowDownOptions.randomDelayMs[0] + 1) + slowDownOptions.randomDelayMs[0]);\n return delayMs;\n }\n }\n if (Array.isArray(slowDownOptions.randomMaxDelayMs)) {\n slowDownOptions.maxDelayMs = () => {\n const maxDelayMs = Math.floor(Math.random() * (slowDownOptions.randomMaxDelayMs[1] - slowDownOptions.randomMaxDelayMs[0] + 1) + slowDownOptions.randomMaxDelayMs[0]);\n return maxDelayMs;\n }\n }\n if (typeof slowDownOptions.store === 'undefined') {\n const StoreClass = this.getStoreType();\n if (typeof StoreClass === 'function') {\n slowDownOptions.store = new StoreClass(this, slowDownOptions);\n }\n }\n this.router.use(path, slowDown(slowDownOptions));\n return this;\n }\n \n\n /**\n * Unsets the speed limit configuration for a specific path.\n * @param {string} path \n * @return {SpeedLimitService} The service instance for chaining.\n */\n unset(path) {\n const index =this.router.stack.findIndex((layer) => {\n return layer.route && layer.route.path === path;\n });\n if (index !== -1) {\n this.router.stack.splice(index, 1);\n }\n return this;\n }\n\n /**\n * \n * @returns {{extends?: string, profiles?: Array, paths?: Array}} The service configuration.\n */\n getServiceConfiguration() {\n if (this.serviceConfiguration) {\n return this.serviceConfiguration;\n }\n let serviceConfiguration = {\n profiles: [],\n paths: []\n };\n // get service configuration\n const serviceConfigurationSource = this.getApplication().getConfiguration().getSourceAt('settings/universis/janitor/speedLimit');\n if (serviceConfigurationSource) {\n if (typeof serviceConfigurationSource.extends === 'string') {\n // get additional configuration\n const configurationPath = this.getApplication().getConfiguration().getConfigurationPath();\n const extendsPath = path.resolve(configurationPath, serviceConfigurationSource.extends);\n TraceUtils.log(`${this.getServiceName()} will try to extend service configuration using ${extendsPath}`);\n serviceConfiguration = Object.assign({}, {\n profiles: [],\n paths: []\n }, require(extendsPath));\n } else {\n TraceUtils.log(`${this.getServiceName()} will use service configuration from settings/universis/janitor/speedLimit`);\n serviceConfiguration = Object.assign({}, {\n profiles: [],\n paths: []\n }, serviceConfigurationSource);\n }\n }\n const profilesArray = serviceConfiguration.profiles || [];\n serviceConfiguration.profiles = new Map(profilesArray);\n const pathsArray = serviceConfiguration.paths || [];\n serviceConfiguration.paths = new Map(pathsArray);\n\n Object.defineProperty(this, 'serviceConfiguration', {\n value: serviceConfiguration,\n writable: false,\n enumerable: false,\n configurable: true\n });\n return this.serviceConfiguration;\n }\n\n}","import { TraceUtils } from '@themost/common';\nimport { RedisStore } from 'rate-limit-redis';\nimport { Redis } from 'ioredis';\nimport '@themost/promise-sequence';\n\nlet superLoadIncrementScript;\nlet superLoadGetScript;\n\nfunction noLoadGetScript() {\n //\n}\n\nfunction noLoadIncrementScript() {\n //\n}\n\nif (RedisStore.prototype.loadIncrementScript.name === 'loadIncrementScript') {\n // get super method for future use\n superLoadIncrementScript = RedisStore.prototype.loadIncrementScript;\n RedisStore.prototype.loadIncrementScript = noLoadIncrementScript;\n}\n\nif (RedisStore.prototype.loadGetScript.name === 'loadGetScript') {\n // get super method\n superLoadGetScript = RedisStore.prototype.loadGetScript;\n RedisStore.prototype.loadGetScript = noLoadGetScript;\n}\n\nclass RedisClientStore extends RedisStore {\n\n /**\n * @type {import('redis').RedisClientType}\n */\n client;\n\n /**\n * \n * @param {import('@themost/common').ApplicationService} service\n * @param {{windowMs: number}} options\n */\n constructor(service, options) {\n super({\n /**\n * @param {...string} args\n * @returns {Promise<*>}\n */\n sendCommand: function () {\n const args = Array.from(arguments);\n const [command] = args.splice(0, 1);\n const self = this;\n if (command === 'SCRIPT') {\n const connectOptions = service.getApplication().getConfiguration().getSourceAt('settings/redis/options') || {\n host: '127.0.0.1',\n port: 6379\n };\n const client = new Redis(connectOptions);\n return client.call(command, args).catch((error) => {\n if (error instanceof TypeError && error.message === 'Invalid argument type') {\n TraceUtils.warn('RedisClientStore: Invalid argument type: ' + JSON.stringify(args));\n }\n return Promise.reject(error);\n }).finally(() => {\n if (client.isOpen) {\n client.disconnect().catch((errDisconnect) => {\n TraceUtils.error(errDisconnect);\n });\n }\n });\n }\n if (self.client == null) {\n const connectOptions = service.getApplication().getConfiguration().getSourceAt('settings/redis/options') || {\n host: '127.0.0.1',\n port: 6379\n };\n self.client = new Redis(connectOptions);\n }\n if (self.client.isOpen) {\n return self.client.call(command, args).catch((error) => {\n if (error instanceof TypeError && error.message === 'Invalid argument type') {\n TraceUtils.warn('RedisClientStore: Invalid argument type: ' + JSON.stringify(args));\n }\n return Promise.reject(error);\n });\n }\n // send load script commands once\n return (() => {\n if (self.incrementScriptSha == null) {\n return this.postInit();\n }\n return Promise.resolve();\n })().then(() => {\n // send command \n args[0] = self.incrementScriptSha;\n return self.client.call(command, args).catch((error) => {\n if (error instanceof TypeError && error.message === 'Invalid argument type') {\n TraceUtils.warn('RedisClientStore: Invalid argument type: ' + JSON.stringify(args));\n }\n return Promise.reject(error);\n });\n });\n }\n });\n this.init(options);\n TraceUtils.debug('RedisClientStore: Starting up and loading increment and get scripts.');\n void this.postInit().then(() => {\n TraceUtils.debug('RedisClientStore: Successfully loaded increment and get scripts.');\n }).catch((err) => {\n TraceUtils.error('RedisClientStore: Failed to load increment and get scripts.');\n TraceUtils.error(err);\n });\n }\n async postInit() {\n const [incrementScriptSha, getScriptSha] = await Promise.sequence([\n () => superLoadIncrementScript.call(this),\n () => superLoadGetScript.call(this)\n ]);\n this.incrementScriptSha = incrementScriptSha;\n this.getScriptSha = getScriptSha;\n }\n\n}\n\nexport {\n RedisClientStore\n}","\nimport {ConfigurationStrategy, Args, ApplicationService} from '@themost/common';\nimport path from 'path';\nimport url from 'url';\n\nconst HTTP_METHOD_REGEXP = /^\\b(POST|PUT|PATCH|DELETE)\\b$/i;\n\nclass ScopeString {\n constructor(str) {\n this.value = str;\n }\n toString() {\n return this.value;\n }\n /**\n * Splits a comma-separated or space-separated scope string e.g. \"profile email\" or \"profile,email\"\n *\n * Important note: https://www.rfc-editor.org/rfc/rfc6749#section-3.3 defines the regular expression of access token scopes\n * which is a space separated string. Several OAuth2 servers use a comma-separated list instead.\n *\n * The operation will try to use both implementations by excluding comma ',' from access token regular expressions\n * @returns {Array<string>}\n */\n split() {\n // the default regular expression includes comma /([\\x21\\x23-\\x5B\\x5D-\\x7E]+)/g\n // the modified regular expression excludes comma /x2C /([\\x21\\x23-\\x2B\\x2D-\\x5B\\x5D-\\x7E]+)/g\n const re = /([\\x21\\x23-\\x2B\\x2D-\\x5B\\x5D-\\x7E]+)/g\n const results = [];\n let match = re.exec(this.value);\n while(match !== null) {\n results.push(match[0]);\n match = re.exec(this.value);\n }\n return results;\n }\n}\n\nclass ScopeAccessConfiguration extends ConfigurationStrategy {\n /**\n * @param {import('@themost/common').ConfigurationBase} configuration\n */\n constructor(configuration) {\n super(configuration);\n let elements = [];\n // define property\n Object.defineProperty(this, 'elements', {\n get: () => {\n return elements;\n },\n enumerable: true\n });\n }\n\n /**\n * @param {Request} req\n * @returns Promise<ScopeAccessConfigurationElement>\n */\n verify(req) {\n return new Promise((resolve, reject) => {\n try {\n // validate request context\n Args.notNull(req.context,'Context');\n // validate request context user\n Args.notNull(req.context.user,'User');\n if (req.context.user.authenticationScope && req.context.user.authenticationScope.length>0) {\n // get original url\n let reqUrl = url.parse(req.originalUrl).pathname;\n // get user context scopes as array e.g, ['students', 'students:read']\n let reqScopes = new ScopeString(req.context.user.authenticationScope).split();\n // get user access based on HTTP method e.g. GET -> read access\n let reqAccess = HTTP_METHOD_REGEXP.test(req.method) ? 'write' : 'read';\n // first phase: find element by resource and scope\n let result = this.elements.find(x => {\n // filter element by access level\n return new RegExp( \"^\" + x.resource, 'i').test(reqUrl)\n // and scopes\n && x.scope.find(y => {\n // search user scopes (validate wildcard scope)\n return y === \"*\" || reqScopes.indexOf(y)>=0;\n });\n });\n // second phase: check access level\n if (result == null) {\n return resolve();\n }\n // if access is missing or access is not an array\n if (Array.isArray(result.access) === false) {\n // the requested access is not allowed because the access is not defined\n return resolve();\n }\n // if the requested access is not in the access array\n if (result.access.indexOf(reqAccess) < 0) {\n // the requested access is not allowed because the access levels do not match\n return resolve();\n }\n // otherwise, return result\n return resolve(result);\n }\n return resolve();\n }\n catch(err) {\n return reject(err);\n }\n\n });\n }\n\n}\n\n/**\n * @class\n */\nclass DefaultScopeAccessConfiguration extends ScopeAccessConfiguration {\n /**\n * @param {import('@themost/common').ConfigurationBase} configuration\n */\n constructor(configuration) {\n super(configuration);\n let defaults = [];\n // load scope access from configuration resource\n try {\n /**\n * @type {Array<ScopeAccessConfigurationElement>}\n */\n defaults = require(path.resolve(configuration.getConfigurationPath(), 'scope.access.json'));\n }\n catch(err) {\n // if an error occurred other than module not found (there are no default access policies)\n if (err.code !== 'MODULE_NOT_FOUND') {\n // throw error\n throw err;\n }\n // otherwise continue\n }\n this.elements.push.apply(this.elements, defaults);\n }\n}\n\nclass EnableScopeAccessConfiguration extends ApplicationService {\n /**\n * @param {import('@themost/express').ExpressDataApplication|import('@themost/common').ApplicationBase} app \n */\n constructor(app) {\n super(app);\n // register scope access configuration\n app.getConfiguration().useStrategy(ScopeAccessConfiguration, DefaultScopeAccessConfiguration);\n }\n}\n\n\n/**\n * @class\n */\nclass ExtendScopeAccessConfiguration extends ApplicationService {\n /**\n * @param {import('@themost/express').ExpressDataApplication|import('@themost/common').ApplicationBase} app\n */\n constructor(app) {\n super(app);\n // Get the additional scope access extensions from the configuration\n const scopeAccessExtensions = app.getConfiguration().settings.universis?.janitor?.scopeAccess.imports;\n if (app && app.container && scopeAccessExtensions != null) {\n app.container.subscribe((container) => {\n if (container) {\n const scopeAccess = app.getConfiguration().getStrategy(function ScopeAccessConfiguration() { });\n if (scopeAccess != null) {\n for (const scopeAccessExtension of scopeAccessExtensions) {\n try {\n const elements = require(path.resolve(app.getConfiguration().getConfigurationPath(), scopeAccessExtension));\n if (elements) {\n // add extra scope access elements\n scopeAccess.elements.unshift(...elements);\n }\n }\n catch(err) {\n // if an error occurred other than module not found (there are no default access policies)\n if (err.code !== 'MODULE_NOT_FOUND') {\n // throw error\n throw err;\n }\n }\n }\n }\n }\n });\n }\n }\n}\n\nexport {\n ScopeString,\n ScopeAccessConfiguration,\n DefaultScopeAccessConfiguration,\n EnableScopeAccessConfiguration,\n ExtendScopeAccessConfiguration\n}\n","import { ScopeAccessConfiguration } from './ScopeAccessConfiguration';\nimport {HttpForbiddenError} from '@themost/common';\n\nfunction validateScope() {\n return (req, res, next) => {\n /**\n * @type {ScopeAccessConfiguration}\n */\n let scopeAccessConfiguration = req.context.getApplication().getConfiguration().getStrategy(ScopeAccessConfiguration);\n if (typeof scopeAccessConfiguration === 'undefined') {\n return next(new Error('Invalid application configuration. Scope access configuration strategy is missing or is in accessible.'));\n }\n scopeAccessConfiguration.verify(req).then(value => {\n if (value) {\n return next();\n }\n return next(new HttpForbiddenError('Access denied due to authorization scopes.'))\n }).catch(reason => {\n return next(reason);\n });\n };\n}\n\nexport {\n validateScope\n}\n","import {Request} from 'superagent'\nimport {URL} from 'url';\nimport {ApplicationService, DataError, HttpError} from '@themost/common';\n\nfunction responseHander(resolve, reject) {\n return function (err, response) {\n if (err) {\n /**\n * @type {import('superagent').Response}\n */\n const response = err.response\n if (response && response.headers['content-type'] === 'application/json') {\n // get body\n const clientError = response.body;\n const error = new HttpError(response.status);\n return reject(Object.assign(error, {\n clientError\n }));\n }\n return reject(err);\n }\n if (response.status === 204 && response.headers['content-type'] === 'application/json') {\n return resolve(null);\n }\n return resolve(response.body);\n };\n}\n\n/**\n * @class\n */\nclass OAuth2ClientService extends ApplicationService {\n /**\n * @param {import('@themost/express').ExpressDataApplication} app\n */\n constructor(app) {\n super(app);\n /**\n * @name OAuth2ClientService#settings\n * @type {{server_uri:string,token_uri?:string}}\n */\n Object.defineProperty(this, 'settings', {\n writable: false,\n value: app.getConfiguration().getSourceAt('settings/auth'),\n enumerable: false,\n configurable: false\n });\n }\n\n /**\n * Gets keycloak server root\n * @returns {string}\n */\n getServer() {\n return this.settings.server_uri;\n }\n\n /**\n * Gets keycloak server root\n * @returns {string}\n */\n getAdminRoot() {\n return this.settings.admin_uri;\n }\n\n // noinspection JSUnusedGlobalSymbols\n /**\n * Gets user's profile by calling OAuth2 server profile endpoint\n * @param {ExpressDataContext} context\n * @param {string} token\n */\n getUserInfo(token) {\n return new Promise((resolve, reject) => {\n const userinfo_uri = this.settings.userinfo_uri ? new URL(this.settings.userinfo_uri, this.getServer()) : new URL('me', this.getServer());\n return new Request('GET', userinfo_uri)\n .set({\n 'Authorization': `Bearer ${token}`,\n 'Accept': 'application/json'\n })\n .query({\n 'access_token':token\n }).end(responseHander(resolve, reject));\n });\n }\n\n // noinspection JSUnusedGlobalSymbols\n /**\n * Gets the token info of the current context\n * @param {ExpressDataContext} context\n */\n getContextTokenInfo(context) {\n if (context.user == null) {\n return Promise.reject(new Error('Context user may not be null'));\n }\n if (context.user.authenticationType !== 'Bearer') {\n return Promise.reject(new Error('Invalid context authentication type'));\n }\n if (context.user.authenticationToken == null) {\n return Promise.reject(new Error('Context authentication data may not be null'));\n }\n return this.getTokenInfo(context, context.user.authenticationToken);\n }\n /**\n * Gets token info by calling OAuth2 server endpoint\n * @param {ExpressDataContext} _context\n * @param {string} token\n */\n getTokenInfo(_context, token) {\n return new Promise((resolve, reject) => {\n const introspection_uri = this.settings.introspection_uri ? new URL(this.settings.introspection_uri, this.getServer()) : new URL('tokeninfo', this.getServer());\n return new Request('POST', introspection_uri)\n .auth(this.settings.client_id, this.settings.client_secret)\n .set('Accept', 'application/json')\n .type('form')\n .send({\n 'token_type_hint': 'access_token',\n 'token': token,\n }).end(responseHander(resolve, reject));\n });\n }\n\n /**\n * @param {AuthorizeUser} authorizeUser\n */\n authorize(authorizeUser) {\n const tokenURL = this.settings.token_uri ? new URL(this.settings.token_uri) : new URL('authorize', this.getServer());\n return new Promise((resolve, reject)=> {\n return new Request('POST', tokenURL)\n .type('form')\n .send(authorizeUser).end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Gets a user by name\n * @param {*} user_id \n * @param {AdminMethodOptions} options \n */\n getUserById(user_id, options) {\n return new Promise((resolve, reject) => {\n return new Request('GET', new URL(`users/${user_id}`, this.getAdminRoot()))\n .set('Authorization', `Bearer ${options.access_token}`)\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Gets a user by name\n * @param {string} username \n * @param {AdminMethodOptions} options \n */\n getUser(username, options) {\n return new Promise((resolve, reject)=> {\n return new Request('GET', new URL('users', this.getAdminRoot()))\n .set('Authorization', `Bearer ${options.access_token}`)\n .query({\n '$filter': `name eq '${username}'`\n })\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Gets a user by email address\n * @param {string} email \n * @param {AdminMethodOptions} options \n */\n getUserByEmail(email, options) {\n return new Promise((resolve, reject)=> {\n return new Request('GET', new URL('users', this.getAdminRoot()))\n .set('Authorization', `Bearer ${options.access_token}`)\n .query({\n '$filter': `alternateName eq '${email}'`\n })\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Updates an existing user\n * @param {*} user \n * @param {AdminMethodOptions} options \n */\n updateUser(user, options) {\n return new Promise((resolve, reject)=> {\n if (user.id == null) {\n return reject(new DataError('E_IDENTIFIER', 'User may not be empty at this context.', null, 'User', 'id'));\n }\n const request = new Request('PUT', new URL(`users/${user.id}`, this.getAdminRoot()));\n return request.set('Authorization', `Bearer ${options.access_token}`)\n .set('Content-Type', 'application/json')\n .send(user)\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Creates a new user\n * @param {*} user \n * @param {AdminMethodOptions} options \n */\n createUser(user, options) {\n return new Promise((resolve, reject)=> {\n const request = new Request('POST', new URL('users', this.getAdminRoot()));\n return request.set('Authorization', `Bearer ${options.access_token}`)\n .set('Content-Type', 'application/json')\n .send(Object.assign({}, user, {\n $state: 1 // for create\n }))\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * Deletes a user\n * @param {{id: any}} user \n * @param {AdminMethodOptions} options \n */\n deleteUser(user, options) {\n return new Promise((resolve, reject)=> {\n if (user.id == null) {\n return reject(new DataError('E_IDENTIFIER', 'User may not be empty at this context.', null, 'User', 'id'));\n }\n const request = new Request('DELETE', new URL(`users/${user.id}`, this.getAdminRoot()));\n return request.set('Authorization', `Bearer ${options.access_token}`)\n .end(responseHander(resolve, reject));\n });\n }\n\n /**\n * @param {boolean=} force \n * @returns {*}\n */\n getWellKnownConfiguration(force) {\n if (force) {\n this.well_known_configuration = null;\n }\n if (this.well_known_configuration) {\n return Promise.resolve(this.well_known_configuration);\n }\n return new Promise((resolve, reject) => {\n const well_known_configuration_uri = this.settings.well_known_configuration_uri ? new URL(this.settings.well_known_configuration_uri, this.getServer()) : new URL('.well-known/openid-configuration', this.getServer());\n return new Request('GET', well_known_configuration_uri)\n .end(responseHander(resolve, reject));\n }).then((configuration) => {\n this.well_known_configuration = configuration;\n return configuration;\n });\n }\n}\n\nexport {\n OAuth2ClientService\n}\n\n","import { ApplicationService, HttpForbiddenError, TraceUtils } from '@themost/common';\nimport express from 'express';\nimport jwt from 'jsonwebtoken';\n\nclass HttpRemoteAddrForbiddenError extends HttpForbiddenError {\n constructor() {\n super('Access is denied due to remote address conflict. The client network has been changed or cannot be determined.');\n this.statusCode = 403.6;\n }\n \n}\n\nclass RemoteAddressValidator extends ApplicationService {\n constructor(app) {\n super(app);\n\n // get proxy address forwarding option\n let proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');\n if (typeof proxyAddressForwarding !== 'boolean') {\n proxyAddressForwarding = false;\n }\n this.proxyAddressForwarding = proxyAddressForwarding;\n // get token claim name\n this.claim = app.getConfiguration().getSourceAt('settings/universis/janitor/remoteAddress/claim') || 'remoteAddress';\n\n app.serviceRouter.subscribe((serviceRouter) => {\n if (serviceRouter == null) {\n return;\n }\n const addRouter = express.Router();\n addRouter.use((req, res, next) => {\n void this.validateRemoteAddress(req).then((value) => {\n if (value === false) {\n return next(new HttpRemoteAddrForbiddenError());\n }\n return next();\n }).catch((err) => {\n return next(err);\n });\n });\n // insert router at the beginning of serviceRouter.stack\n serviceRouter.stack.unshift.apply(serviceRouter.stack, addRouter.stack);\n });\n }\n\n /**\n * Gets remote address from request\n * @param {import('express').Request} req \n * @returns \n */\n getRemoteAddress(req) {\n let remoteAddress;\n if (this.proxyAddressForwarding) {\n // get proxy headers or remote address\n remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n } else {\n remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;\n }\n return remoteAddress;\n }\n\n /**\n * Validates token remote address with request remote address\n * @param {import('express').Request} req \n * @returns {Promise<boolean>}\n */\n async validateRemoteAddress(req) {\n const authenticationToken = req.context?.user?.authenticationToken;\n if (authenticationToken != null) {\n const access_token = jwt.decode(authenticationToken);\n const remoteAddress = access_token[this.claim];\n if (remoteAddress == null) {\n TraceUtils.warn(`Remote address validation failed. Expected a valid remote address claimed by using \"${this.claim}\" attribute but got none.`);\n return false;\n }\n // get context remote address\n const requestRemoteAddress = this.getRemoteAddress(req);\n if (remoteAddress !== requestRemoteAddress) {\n TraceUtils.warn(`Remote address validation failed. Expected remote address is ${remoteAddress || 'Uknown'} but request remote address is ${requestRemoteAddress}`);\n return false;\n }\n return true;\n }\n TraceUtils.warn('Remote address validation cannot be completed because authentication token is not available.');\n return false;\n }\n\n}\n\nexport {\n HttpRemoteAddrForbiddenError,\n RemoteAddressValidator\n}\n","import { RateLimitService } from './RateLimitService';\n\nclass AppRateLimitService extends RateLimitService {\n /**\n * \n * @param {import('@themost/common').ApplicationBase} app \n */\n constructor(app) {\n super(app);\n }\n\n getServiceName() {\n return '@universis/janitor#AppRateLimitService';\n }\n\n getServiceContainer() {\n return this.getApplication() && this.getApplication().container;\n }\n}\n\nexport { AppRateLimitService };","import { SpeedLimitService } from './SpeedLimitService';\n\nclass AppSpeedLimitService extends SpeedLimitService {\n /**\n * \n * @param {import('@themost/common').ApplicationBase} app \n */\n constructor(app) {\n super(app);\n }\n\n getServiceName() {\n return '@universis/janitor#AppSpeedLimitService';\n }\n\n getServiceContainer() {\n return this.getApplication() && this.getApplication().container;\n }\n}\n\nexport { AppSpeedLimitService };"],"names":["RateLimitService","ApplicationService","constructor","app","proxyAddressForwarding","getConfiguration","getSourceAt","loaded","BehaviorSubject","serviceContainer","getServiceContainer","TraceUtils","warn","getServiceName","subscribe","router","Object","defineProperty","value","express","Router","writable","enumerable","configurable","serviceConfiguration","getServiceConfiguration","paths","size","forEach","path","set","stack","unshift","apply","use","_router","Array","isArray","index","findIndex","item","name","splice","pop","next","target","err","error","getApplication","serviceRouter","profiles","serviceConfigurationSource","extends","configurationPath","getConfigurationPath","extendsPath","resolve","log","assign","require","pathsArray","profilesArray","Map","options","opts","profile","get","rateLimitOptions","windowMs","limit","legacyHeaders","keyGenerator","req","remoteAddress","headers","connection","socket","store","StoreClass","getStoreType","rateLimit","storeType","split","length","storeModule","prototype","hasOwnProperty","call","Error","unset","layer","route","SpeedLimitService","slowDownOptions","delayAfter","delayMs","maxDelayMs","randomDelayMs","Math","floor","random","randomMaxDelayMs","slowDown","superLoadIncrementScript","superLoadGetScript","noLoadGetScript","noLoadIncrementScript","RedisStore","loadIncrementScript","loadGetScript","RedisClientStore","service","sendCommand","args","from","arguments","command","self","connectOptions","host","port","client","Redis","catch","TypeError","message","JSON","stringify","Promise","reject","finally","isOpen","disconnect","errDisconnect","incrementScriptSha","postInit","then","_defineProperty","init","debug","getScriptSha","sequence","HTTP_METHOD_REGEXP","ScopeString","str","toString","re","results","match","exec","push","ScopeAccessConfiguration","ConfigurationStrategy","configuration","elements","verify","Args","notNull","context","user","authenticationScope","reqUrl","url","parse","originalUrl","pathname","reqScopes","reqAccess","test","method","result","find","x","RegExp","resource","scope","y","indexOf","access","DefaultScopeAccessConfiguration","defaults","code","EnableScopeAccessConfiguration","useStrategy","ExtendScopeAccessConfiguration","scopeAccessExtensions","settings","universis","janitor","scopeAccess","imports","container","getStrategy","scopeAccessExtension","validateScope","res","scopeAccessConfiguration","HttpForbiddenError","reason","responseHander","response","clientError","body","HttpError","status","OAuth2ClientService","getServer","server_uri","getAdminRoot","admin_uri","getUserInfo","token","userinfo_uri","URL","Request","query","end","getContextTokenInfo","authenticationType","authenticationToken","getTokenInfo","_context","introspection_uri","auth","client_id","client_secret","type","send","authorize","authorizeUser","tokenURL","token_uri","getUserById","user_id","access_token","getUser","username","getUserByEmail","email","updateUser","id","DataError","request","createUser","$state","deleteUser","getWellKnownConfiguration","force","well_known_configuration","well_known_configuration_uri","HttpRemoteAddrForbiddenError","statusCode","RemoteAddressValidator","claim","addRouter","validateRemoteAddress","getRemoteAddress","jwt","decode","requestRemoteAddress","AppRateLimitService","AppSpeedLimitService"],"mappings":";;;;;;;;;;;;;;AAMO,MAAMA,gBAAgB,SAASC,kBAAkB,CAAC;AACrD;AACJ;AACA;EACIC,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;;AAEV;IACA,MAAMC,sBAAsB,GAAGD,GAAG,CAACE,gBAAgB,EAAE,CAACC,WAAW,CAAC,+CAA+C,CAAC;IAClH,IAAI,CAACF,sBAAsB,GAAG,OAAOA,sBAAsB,KAAK,SAAS,GAAE,KAAK,GAAGA,sBAAsB;;AAEzG;AACR;AACA;AACQ,IAAA,IAAI,CAACG,MAAM,GAAG,IAAIC,eAAe,CAAC,IAAI,CAAC;;AAEvC,IAAA,MAAMC,gBAAgB,GAAG,IAAI,CAACC,mBAAmB,EAAE;IACnD,IAAID,gBAAgB,IAAI,IAAI,EAAE;MAC1BE,UAAU,CAACC,IAAI,CAAC,CAAG,EAAA,IAAI,CAACC,cAAc,EAAE,CAAA,gEAAA,CAAkE,CAAC;AAC3G,MAAA;AACJ;AACAJ,IAAAA,gBAAgB,CAACK,SAAS,CAAC,CAACC,MAAM,KAAK;MACnC,IAAIA,MAAM,IAAI,IAAI,EAAE;AAChB,QAAA;AACJ;MACA,IAAI;AACA;AACAC,QAAAA,MAAM,CAACC,cAAc,CAAC,IAAI,EAAE,QAAQ,EAAE;AAClCC,UAAAA,KAAK,EAAEC,OAAO,CAACC,MAAM,EAAE;AACvBC,UAAAA,QAAQ,EAAE,KAAK;AACfC,UAAAA,UAAU,EAAE,KAAK;AACjBC,UAAAA,YAAY,EAAE;AAClB,SAAC,CAAC;AACF,QAAA,MAAMC,oBAAoB,GAAG,IAAI,CAACC,uBAAuB,EAAE;AAC3D;AACA,QAAA,MAAMC,KAAK,GAAGF,oBAAoB,CAACE,KAAK;AACxC,QAAA,IAAIA,KAAK,CAACC,IAAI,KAAK,CAAC,EAAE;UAClBhB,UAAU,CAACC,IAAI,CAAC,CAAG,EAAA,IAAI,CAACC,cAAc,EAAE,CAAA,uDAAA,CAAyD,CAAC;AACtG;AACAa,QAAAA,KAAK,CAACE,OAAO,CAAC,CAACV,KAAK,EAAEW,IAAI,KAAK;AAC3B,UAAA,IAAI,CAACC,GAAG,CAACD,IAAI,EAAEX,KAAK,CAAC;AACzB,SAAC,CAAC;QACF,IAAIH,MAAM,CAACgB,KAAK,EAAE;AACVhB,UAAAA,MAAM,CAACgB,KAAK,CAACC,OAAO,CAACC,KAAK,CAAClB,MAAM,CAACgB,KAAK,EAAE,IAAI,CAAChB,MAAM,CAACgB,KAAK,CAAC;AACnE,SAAC,MAAM;AACH;AACAhB,UAAAA,MAAM,CAACmB,GAAG,CAAC,IAAI,CAACnB,MAAM,CAAC;AACvB;UACA,MAAMgB,KAAK,GAAGhB,MAAM,CAACoB,OAAO,IAAIpB,MAAM,CAACoB,OAAO,CAACJ,KAAK;AACpD,UAAA,IAAIK,KAAK,CAACC,OAAO,CAACN,KAAK,CAAC,EAAE;AACtB;YACA,IAAIO,KAAK,GAAGP,KAAK,CAACQ,SAAS,CAAC,CAACC,IAAI,KAAK;AAClC,cAAA,OAAOA,IAAI,CAACC,IAAI,KAAK,QAAQ;AACjC,aAAC,CAAC;AACF,YAAA,IAAIH,KAAK,KAAK,CAAC,CAAC,EAAE;AACd;AACAA,cAAAA,KAAK,GAAGP,KAAK,CAACQ,SAAS,CAAC,CAACC,IAAI,KAAK;AAC9B,gBAAA,OAAOA,IAAI,CAACC,IAAI,KAAK,aAAa;AACtC,eAAC,CAAC;AACN;AACA;AACA,YAAA,IAAIH,KAAK,GAAG,CAAC,CAAC,EAAE;AACZ;AACAP,cAAAA,KAAK,CAACW,MAAM,CAACJ,KAAK,GAAG,CAAC,EAAE,CAAC,EAAEP,KAAK,CAACY,GAAG,EAAE,CAAC;AAC3C;AACJ,WAAC,MAAM;YACHhC,UAAU,CAACC,IAAI,CAAC,CAAG,EAAA,IAAI,CAACC,cAAc,EAAE,CAAA,2DAAA,CAA6D,CAAC;AAC1G;AACJ;AACA;QACA,IAAI,CAACN,MAAM,CAACqC,IAAI,CAAC,EAAEC,MAAM,EAAE,IAAI,EAAE,CAAC;OACrC,CAAC,OAAOC,GAAG,EAAE;AACVnC,QAAAA,UAAU,CAACoC,KAAK,CAAC,8DAA8D,CAAC;AAChFpC,QAAAA,UAAU,CAACoC,KAAK,CAACD,GAAG,CAAC;AACrBnC,QAAAA,UAAU,CAACC,IAAI,CAAC,qFAAqF,CAAC;AAC1G;AACJ,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACIF,EAAAA,mBAAmBA,GAAG;AAClB,IAAA,OAAO,IAAI,CAACsC,cAAc,EAAE,IAAI,IAAI,CAACA,cAAc,EAAE,CAACC,aAAa;AACvE;;AAEA;AACJ;AACA;AACA;AACIpC,EAAAA,cAAcA,GAAG;AACb,IAAA,OAAO,qCAAqC;AAChD;AACA;AACJ;AACA;AACA;AACIY,EAAAA,uBAAuBA,GAAG;IACtB,IAAI,IAAI,CAACD,oBAAoB,EAAE;MAC3B,OAAO,IAAI,CAACA,oBAAoB;AACpC;AACA,IAAA,IAAIA,oBAAoB,GAAG;AACvB0B,MAAAA,QAAQ,EAAE,EAAE;AACZxB,MAAAA,KAAK,EAAE;KACV;AACD;AACA,IAAA,MAAMyB,0BAA0B,GAAG,IAAI,CAACH,cAAc,EAAE,CAAC3C,gBAAgB,EAAE,CAACC,WAAW,CAAC,sCAAsC,CAAC;AAC/H,IAAA,IAAI6C,0BAA0B,EAAE;AAC5B,MAAA,IAAI,OAAOA,0BAA0B,CAACC,OAAO,KAAK,QAAQ,EAAE;AACxD;AACA,QAAA,MAAMC,iBAAiB,GAAG,IAAI,CAACL,cAAc,EAAE,CAAC3C,gBAAgB,EAAE,CAACiD,oBAAoB,EAAE;QACzF,MAAMC,WAAW,GAAG1B,IAAI,CAAC2B,OAAO,CAACH,iBAAiB,EAAEF,0BAA0B,CAACC,OAAO,CAAC;AACvFzC,QAAAA,UAAU,CAAC8C,GAAG,CAAC,CAAA,EAAG,IAAI,CAAC5C,cAAc,EAAE,CAAA,gDAAA,EAAmD0C,WAAW,CAAA,CAAE,CAAC;AACxG/B,QAAAA,oBAAoB,GAAGR,MAAM,CAAC0C,MAAM,CAAC,EAAE,EAAE;AACrCR,UAAAA,QAAQ,EAAE,EAAE;AACZxB,UAAAA,KAAK,EAAE;AACX,SAAC,EAAEiC,OAAO,CAACJ,WAAW,CAAC,CAAC;AAC5B,OAAC,MAAM;QACH5C,UAAU,CAAC8C,GAAG,CAAC,CAAG,EAAA,IAAI,CAAC5C,cAAc,EAAE,CAAA,yEAAA,CAA2E,CAAC;AACnHW,QAAAA,oBAAoB,GAAGR,MAAM,CAAC0C,MAAM,CAAC,EAAE,EAAE;AACrCR,UAAAA,QAAQ,EAAE,EAAE;AACZxB,UAAAA,KAAK,EAAE;SACV,EAAEyB,0BAA0B,CAAC;AAClC;AACJ;AACA,IAAA,MAAMS,UAAU,GAAGpC,oBAAoB,CAACE,KAAK,IAAI,EAAE;AACnD,IAAA,MAAMmC,aAAa,GAAGrC,oBAAoB,CAAC0B,QAAQ,IAAI,EAAE;AACzD;AACA1B,IAAAA,oBAAoB,CAACE,KAAK,GAAG,IAAIoC,GAAG,CAACF,UAAU,CAAC;AAChDpC,IAAAA,oBAAoB,CAAC0B,QAAQ,GAAG,IAAIY,GAAG,CAACD,aAAa,CAAC;AACtD;AACA7C,IAAAA,MAAM,CAACC,cAAc,CAAC,IAAI,EAAE,sBAAsB,EAAE;AAChDC,MAAAA,KAAK,EAAEM,oBAAoB;AAC3BH,MAAAA,QAAQ,EAAE,KAAK;AACfC,MAAAA,UAAU,EAAE,KAAK;AACjBC,MAAAA,YAAY,EAAE;AAClB,KAAC,CAAC;IACF,OAAO,IAAI,CAACC,oBAAoB;AACpC;;AAEA;AACJ;AACA;AACA;AACA;AACA;AACIM,EAAAA,GAAGA,CAACD,IAAI,EAAEkC,OAAO,EAAE;AACf,IAAA,IAAIC,IAAI;AACR;IACA,IAAID,OAAO,CAACE,OAAO,EAAE;AACjBD,MAAAA,IAAI,GAAG,IAAI,CAACxC,oBAAoB,CAAC0B,QAAQ,CAACgB,GAAG,CAACH,OAAO,CAACE,OAAO,CAAC;AAClE,KAAC,MAAM;AACH;AACAD,MAAAA,IAAI,GAAGD,OAAO;AAClB;AACA;AACR;AACA;AACQ,IAAA,MAAMI,gBAAgB,GAAGnD,MAAM,CAAC0C,MAAM,CAAC;AACnCU,MAAAA,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI;MACvBC,KAAK,EAAE,EAAE;MACTC,aAAa,EAAE,IAAI;KACtB,EAAEN,IAAI,EAAE;MACLO,YAAY,EAAEA,CAACC,GAAG,KAAK;AACnB,QAAA,IAAIC,aAAa;QACjB,IAAI,IAAI,CAACrE,sBAAsB,EAAE;AAC7B;AACAqE,UAAAA,aAAa,GAAGD,GAAG,CAACE,OAAO,CAAC,WAAW,CAAC,IAAIF,GAAG,CAACE,OAAO,CAAC,iBAAiB,CAAC,KAAKF,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAa,CAAC;AAC5J,SAAC,MAAM;AACH;AACAA,UAAAA,aAAa,GAAID,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAc;AAC9F;AACA,QAAA,OAAO,CAAG5C,EAAAA,IAAI,CAAI4C,CAAAA,EAAAA,aAAa,CAAE,CAAA;AACrC;AACJ,KAAC,CAAC;AACF,IAAA,IAAI,OAAON,gBAAgB,CAACU,KAAK,KAAK,WAAW,EAAE;AAC/C,MAAA,MAAMC,UAAU,GAAG,IAAI,CAACC,YAAY,EAAE;AACtC,MAAA,IAAI,OAAOD,UAAU,KAAK,UAAU,EAAE;QAClCX,gBAAgB,CAACU,KAAK,GAAG,IAAIC,UAAU,CAAC,IAAI,EAAEX,gBAAgB,CAAC;AACnE;AACJ;IACA,IAAI,CAACpD,MAAM,CAACmB,GAAG,CAACL,IAAI,EAAEmD,SAAS,CAACb,gBAAgB,CAAC,CAAC;AAClD,IAAA,OAAO,IAAI;AACf;;AAEA;AACJ;AACA;AACIY,EAAAA,YAAYA,GAAG;AACX,IAAA,MAAMvD,oBAAoB,GAAG,IAAI,CAACC,uBAAuB,EAAE;AAC3D,IAAA,IAAI,OAAOD,oBAAoB,CAACyD,SAAS,KAAK,QAAQ,EAAE;AACpD,MAAA;AACJ;AACA,IAAA,IAAIH,UAAU;IACd,MAAMD,KAAK,GAAGrD,oBAAoB,CAACyD,SAAS,CAACC,KAAK,CAAC,GAAG,CAAC;AACvD,IAAA,IAAIL,KAAK,CAACM,MAAM,KAAK,CAAC,EAAE;MACpB,MAAMC,WAAW,GAAGzB,OAAO,CAACkB,KAAK,CAAC,CAAC,CAAC,CAAC;AACrC,MAAA,IAAI7D,MAAM,CAACqE,SAAS,CAACC,cAAc,CAACC,IAAI,CAACH,WAAW,EAAEP,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;AAC7DC,QAAAA,UAAU,GAAGM,WAAW,CAACP,KAAK,CAAC,CAAC,CAAC,CAAC;AAClC,QAAA,OAAOC,UAAU;AACrB,OAAC,MAAM;AACH,QAAA,MAAM,IAAIU,KAAK,CAAC,CAAGX,EAAAA,KAAK,qCAAqC,CAAC;AAClE;AACJ,KAAC,MAAM;AACHC,MAAAA,UAAU,GAAGnB,OAAO,CAACkB,KAAK,CAAC,CAAC,CAAC,CAAC;AAC9B,MAAA,OAAOC,UAAU;AACrB;AACJ;;AAEA;AACJ;AACA;AACA;AACA;EACIW,KAAKA,CAAC5D,IAAI,EAAE;AACR,IAAA,MAAMS,KAAK,GAAE,IAAI,CAACvB,MAAM,CAACgB,KAAK,CAACQ,SAAS,CAAC,CAACmD,KAAK,KAAK;MAChD,OAAOA,KAAK,CAACC,KAAK,IAAID,KAAK,CAACC,KAAK,CAAC9D,IAAI,KAAKA,IAAI;AACnD,KAAC,CAAC;AACF,IAAA,IAAIS,KAAK,KAAK,EAAE,EAAE;MACd,IAAI,CAACvB,MAAM,CAACgB,KAAK,CAACW,MAAM,CAACJ,KAAK,EAAE,CAAC,CAAC;AACtC;AACA,IAAA,OAAO,IAAI;AACf;;AAEJ;;ACjOO,MAAMsD,iBAAiB,SAAS3F,kBAAkB,CAAC;EACtDC,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;;AAEV;IACA,MAAMC,sBAAsB,GAAGD,GAAG,CAACE,gBAAgB,EAAE,CAACC,WAAW,CAAC,+CAA+C,CAAC;IAClH,IAAI,CAACF,sBAAsB,GAAG,OAAOA,sBAAsB,KAAK,SAAS,GAAE,KAAK,GAAGA,sBAAsB;;AAEzG;AACR;AACA;AACQ,IAAA,IAAI,CAACG,MAAM,GAAG,IAAIC,eAAe,CAAC,IAAI,CAAC;;AAEvC,IAAA,MAAMC,gBAAgB,GAAG,IAAI,CAACC,mBAAmB,EAAE;IACnD,IAAID,gBAAgB,IAAI,IAAI,EAAE;MAC1BE,UAAU,CAACC,IAAI,CAAC,CAAG,EAAA,IAAI,CAACC,cAAc,EAAE,CAAA,gEAAA,CAAkE,CAAC;AAC3G,MAAA;AACJ;;AAEAJ,IAAAA,gBAAgB,CAACK,SAAS,CAAC,CAAAC,MAAM,KAAI;MACjC,IAAIA,MAAM,IAAI,IAAI,EAAE;AAChB,QAAA;AACJ;MACA,IAAI;AACA;AACAC,QAAAA,MAAM,CAACC,cAAc,CAAC,IAAI,EAAE,QAAQ,EAAE;AAClCC,UAAAA,KAAK,EAAEC,OAAO,CAACC,MAAM,EAAE;AACvBC,UAAAA,QAAQ,EAAE,KAAK;AACfC,UAAAA,UAAU,EAAE,KAAK;AACjBC,UAAAA,YAAY,EAAE;AAClB,SAAC,CAAC;AACF,QAAA,MAAMC,oBAAoB,GAAG,IAAI,CAACC,uBAAuB,EAAE;AAC3D;AACA,QAAA,MAAMC,KAAK,GAAGF,oBAAoB,CAACE,KAAK;AACxC,QAAA,IAAIA,KAAK,CAACC,IAAI,KAAK,CAAC,EAAE;UAClBhB,UAAU,CAACC,IAAI,CAAC,CAAG,EAAA,IAAI,CAACC,cAAc,EAAE,CAAA,uDAAA,CAAyD,CAAC;AACtG;AACAa,QAAAA,KAAK,CAACE,OAAO,CAAC,CAACV,KAAK,EAAEW,IAAI,KAAK;AAC3B,UAAA,IAAI,CAACC,GAAG,CAACD,IAAI,EAAEX,KAAK,CAAC;AACzB,SAAC,CAAC;QACF,IAAIH,MAAM,CAACgB,KAAK,EAAE;AACVhB,UAAAA,MAAM,CAACgB,KAAK,CAACC,OAAO,CAACC,KAAK,CAAClB,MAAM,CAACgB,KAAK,EAAE,IAAI,CAAChB,MAAM,CAACgB,KAAK,CAAC;AACnE,SAAC,MAAM;AACH;AACAhB,UAAAA,MAAM,CAACmB,GAAG,CAAC,IAAI,CAACnB,MAAM,CAAC;AACvB;UACA,MAAMgB,KAAK,GAAGhB,MAAM,CAACoB,OAAO,IAAIpB,MAAM,CAACoB,OAAO,CAACJ,KAAK;AACpD,UAAA,IAAIK,KAAK,CAACC,OAAO,CAACN,KAAK,CAAC,EAAE;AACtB;YACA,IAAIO,KAAK,GAAGP,KAAK,CAACQ,SAAS,CAAC,CAACC,IAAI,KAAK;AAClC,cAAA,OAAOA,IAAI,CAACC,IAAI,KAAK,QAAQ;AACjC,aAAC,CAAC;AACF,YAAA,IAAIH,KAAK,KAAK,CAAC,CAAC,EAAE;AACd;AACAA,cAAAA,KAAK,GAAGP,KAAK,CAACQ,SAAS,CAAC,CAACC,IAAI,KAAK;AAC9B,gBAAA,OAAOA,IAAI,CAACC,IAAI,KAAK,aAAa;AACtC,eAAC,CAAC;AACN;AACJ,WAAC,MAAM;YACH9B,UAAU,CAACC,IAAI,CAAC,CAAG,EAAA,IAAI,CAACC,cAAc,EAAE,CAAA,2DAAA,CAA6D,CAAC;AAC1G;AACJ;AACA;QACA,IAAI,CAACN,MAAM,CAACqC,IAAI,CAAC,EAAEC,MAAM,EAAE,IAAI,EAAE,CAAC;OACrC,CAAC,OAAOC,GAAG,EAAE;AACVnC,QAAAA,UAAU,CAACoC,KAAK,CAAC,+DAA+D,CAAC;AACjFpC,QAAAA,UAAU,CAACoC,KAAK,CAACD,GAAG,CAAC;AACrBnC,QAAAA,UAAU,CAACC,IAAI,CAAC,sFAAsF,CAAC;AAC3G;AACJ,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACImE,EAAAA,YAAYA,GAAG;AACX,IAAA,MAAMvD,oBAAoB,GAAG,IAAI,CAACC,uBAAuB,EAAE;AAC3D,IAAA,IAAI,OAAOD,oBAAoB,CAACyD,SAAS,KAAK,QAAQ,EAAE;AACpD,MAAA;AACJ;AACA,IAAA,IAAIH,UAAU;IACd,MAAMD,KAAK,GAAGrD,oBAAoB,CAACyD,SAAS,CAACC,KAAK,CAAC,GAAG,CAAC;AACvD,IAAA,IAAIL,KAAK,CAACM,MAAM,KAAK,CAAC,EAAE;MACpB,MAAMC,WAAW,GAAGzB,OAAO,CAACkB,KAAK,CAAC,CAAC,CAAC,CAAC;AACrC,MAAA,IAAI7D,MAAM,CAACqE,SAAS,CAACC,cAAc,CAACC,IAAI,CAACH,WAAW,EAAEP,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;AAC7DC,QAAAA,UAAU,GAAGM,WAAW,CAACP,KAAK,CAAC,CAAC,CAAC,CAAC;AAClC,QAAA,OAAOC,UAAU;AACrB,OAAC,MAAM;AACH,QAAA,MAAM,IAAIU,KAAK,CAAC,CAAGX,EAAAA,KAAK,qCAAqC,CAAC;AAClE;AACJ,KAAC,MAAM;AACHC,MAAAA,UAAU,GAAGnB,OAAO,CAACkB,KAAK,CAAC,CAAC,CAAC,CAAC;AAC9B,MAAA,OAAOC,UAAU;AACrB;AACJ;;AAEA;AACJ;AACA;AACA;AACIjE,EAAAA,cAAcA,GAAG;AACb,IAAA,OAAO,sCAAsC;AACjD;;AAEC;AACL;AACA;AACA;AACIH,EAAAA,mBAAmBA,GAAG;AAClB,IAAA,OAAO,IAAI,CAACsC,cAAc,EAAE,IAAI,IAAI,CAACA,cAAc,EAAE,CAACC,aAAa;AACvE;;AAEA;AACJ;AACA;AACA;AACA;AACA;AACInB,EAAAA,GAAGA,CAACD,IAAI,EAAEkC,OAAO,EAAE;AACf,IAAA,IAAIC,IAAI;AACR;IACA,IAAID,OAAO,CAACE,OAAO,EAAE;AACjBD,MAAAA,IAAI,GAAG,IAAI,CAACxC,oBAAoB,CAAC0B,QAAQ,CAACgB,GAAG,CAACH,OAAO,CAACE,OAAO,CAAC;AAClE,KAAC,MAAM;AACH;AACAD,MAAAA,IAAI,GAAGD,OAAO;AAClB;AACA,IAAA,MAAM8B,eAAe,GAAG7E,MAAM,CAAC0C,MAAM,CAAC;AAClCU,MAAAA,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI;MACvB0B,UAAU,EAAE,EAAE;MACdC,OAAO,EAAE,GAAG;MACZC,UAAU,EAAE,KAAK;KACpB,EAAEhC,IAAI,EAAE;MACLO,YAAY,EAAEA,CAACC,GAAG,KAAK;AACnB,QAAA,IAAIC,aAAa;QACjB,IAAI,IAAI,CAACrE,sBAAsB,EAAE;AAC7B;AACAqE,UAAAA,aAAa,GAAGD,GAAG,CAACE,OAAO,CAAC,WAAW,CAAC,IAAIF,GAAG,CAACE,OAAO,CAAC,iBAAiB,CAAC,KAAKF,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAa,CAAC;AAC5J,SAAC,MAAM;AACH;AACAA,UAAAA,aAAa,GAAID,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAc;AAC9F;AACA,QAAA,OAAO,CAAG5C,EAAAA,IAAI,CAAI4C,CAAAA,EAAAA,aAAa,CAAE,CAAA;AACrC;AACJ,KAAC,CAAC;IACF,IAAIrC,KAAK,CAACC,OAAO,CAACwD,eAAe,CAACI,aAAa,CAAC,EAAE;MAC9CJ,eAAe,CAACE,OAAO,GAAG,MAAM;AAC5B,QAAA,MAAMA,OAAO,GAAGG,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,EAAE,IAAIP,eAAe,CAACI,aAAa,CAAC,CAAC,CAAC,GAAGJ,eAAe,CAACI,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAGJ,eAAe,CAACI,aAAa,CAAC,CAAC,CAAC,CAAC;AACxJ,QAAA,OAAOF,OAAO;OACjB;AACL;IACA,IAAI3D,KAAK,CAACC,OAAO,CAACwD,eAAe,CAACQ,gBAAgB,CAAC,EAAE;MACjDR,eAAe,CAACG,UAAU,GAAG,MAAM;AAC/B,QAAA,MAAMA,UAAU,GAAGE,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,EAAE,IAAIP,eAAe,CAACQ,gBAAgB,CAAC,CAAC,CAAC,GAAGR,eAAe,CAACQ,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAGR,eAAe,CAACQ,gBAAgB,CAAC,CAAC,CAAC,CAAC;AACpK,QAAA,OAAOL,UAAU;OACpB;AACL;AACA,IAAA,IAAI,OAAOH,eAAe,CAAChB,KAAK,KAAK,WAAW,EAAE;AAC9C,MAAA,MAAMC,UAAU,GAAG,IAAI,CAACC,YAAY,EAAE;AACtC,MAAA,IAAI,OAAOD,UAAU,KAAK,UAAU,EAAE;QAClCe,eAAe,CAAChB,KAAK,GAAG,IAAIC,UAAU,CAAC,IAAI,EAAEe,eAAe,CAAC;AACjE;AACJ;IACA,IAAI,CAAC9E,MAAM,CAACmB,GAAG,CAACL,IAAI,EAAEyE,QAAQ,CAACT,eAAe,CAAC,CAAC;AAChD,IAAA,OAAO,IAAI;AACf;;;AAGA;AACJ;AACA;AACA;AACA;EACIJ,KAAKA,CAAC5D,IAAI,EAAE;AACR,IAAA,MAAMS,KAAK,GAAE,IAAI,CAACvB,MAAM,CAACgB,KAAK,CAACQ,SAAS,CAAC,CAACmD,KAAK,KAAK;MAChD,OAAOA,KAAK,CAACC,KAAK,IAAID,KAAK,CAACC,KAAK,CAAC9D,IAAI,KAAKA,IAAI;AACnD,KAAC,CAAC;AACF,IAAA,IAAIS,KAAK,KAAK,EAAE,EAAE;MACd,IAAI,CAACvB,MAAM,CAACgB,KAAK,CAACW,MAAM,CAACJ,KAAK,EAAE,CAAC,CAAC;AACtC;AACA,IAAA,OAAO,IAAI;AACf;;AAEA;AACJ;AACA;AACA;AACIb,EAAAA,uBAAuBA,GAAG;IACtB,IAAI,IAAI,CAACD,oBAAoB,EAAE;MAC3B,OAAO,IAAI,CAACA,oBAAoB;AACpC;AACA,IAAA,IAAIA,oBAAoB,GAAG;AACvB0B,MAAAA,QAAQ,EAAE,EAAE;AACZxB,MAAAA,KAAK,EAAE;KACV;AACD;AACA,IAAA,MAAMyB,0BAA0B,GAAG,IAAI,CAACH,cAAc,EAAE,CAAC3C,gBAAgB,EAAE,CAACC,WAAW,CAAC,uCAAuC,CAAC;AAChI,IAAA,IAAI6C,0BAA0B,EAAE;AAC5B,MAAA,IAAI,OAAOA,0BAA0B,CAACC,OAAO,KAAK,QAAQ,EAAE;AACxD;AACA,QAAA,MAAMC,iBAAiB,GAAG,IAAI,CAACL,cAAc,EAAE,CAAC3C,gBAAgB,EAAE,CAACiD,oBAAoB,EAAE;QACzF,MAAMC,WAAW,GAAG1B,IAAI,CAAC2B,OAAO,CAACH,iBAAiB,EAAEF,0BAA0B,CAACC,OAAO,CAAC;AACvFzC,QAAAA,UAAU,CAAC8C,GAAG,CAAC,CAAA,EAAG,IAAI,CAAC5C,cAAc,EAAE,CAAA,gDAAA,EAAmD0C,WAAW,CAAA,CAAE,CAAC;AACxG/B,QAAAA,oBAAoB,GAAGR,MAAM,CAAC0C,MAAM,CAAC,EAAE,EAAE;AACrCR,UAAAA,QAAQ,EAAE,EAAE;AACZxB,UAAAA,KAAK,EAAE;AACX,SAAC,EAAEiC,OAAO,CAACJ,WAAW,CAAC,CAAC;AAC5B,OAAC,MAAM;QACH5C,UAAU,CAAC8C,GAAG,CAAC,CAAG,EAAA,IAAI,CAAC5C,cAAc,EAAE,CAAA,0EAAA,CAA4E,CAAC;AACpHW,QAAAA,oBAAoB,GAAGR,MAAM,CAAC0C,MAAM,CAAC,EAAE,EAAE;AACrCR,UAAAA,QAAQ,EAAE,EAAE;AACZxB,UAAAA,KAAK,EAAE;SACV,EAAEyB,0BAA0B,CAAC;AAClC;AACJ;AACA,IAAA,MAAMU,aAAa,GAAGrC,oBAAoB,CAAC0B,QAAQ,IAAI,EAAE;AACzD1B,IAAAA,oBAAoB,CAAC0B,QAAQ,GAAG,IAAIY,GAAG,CAACD,aAAa,CAAC;AACtD,IAAA,MAAMD,UAAU,GAAGpC,oBAAoB,CAACE,KAAK,IAAI,EAAE;AACnDF,IAAAA,oBAAoB,CAACE,KAAK,GAAG,IAAIoC,GAAG,CAACF,UAAU,CAAC;;AAEhD5C,IAAAA,MAAM,CAACC,cAAc,CAAC,IAAI,EAAE,sBAAsB,EAAE;AAChDC,MAAAA,KAAK,EAAEM,oBAAoB;AAC3BH,MAAAA,QAAQ,EAAE,KAAK;AACfC,MAAAA,UAAU,EAAE,KAAK;AACjBC,MAAAA,YAAY,EAAE;AAClB,KAAC,CAAC;IACF,OAAO,IAAI,CAACC,oBAAoB;AACpC;;AAEJ;;;;;;;;;;;;;;;;;;;;;;;;;ACtOA,IAAI+E,wBAAwB;AAC5B,IAAIC,kBAAkB;;AAEtB,SAASC,eAAeA,GAAG;;AACvB;AAAA;AAGJ,SAASC,qBAAqBA,GAAG;;AAC7B;AAAA;AAGJ,IAAIC,UAAU,CAACtB,SAAS,CAACuB,mBAAmB,CAACnE,IAAI,KAAK,qBAAqB,EAAE;AACzE;AACA8D,EAAAA,wBAAwB,GAAGI,UAAU,CAACtB,SAAS,CAACuB,mBAAmB;AACnED,EAAAA,UAAU,CAACtB,SAAS,CAACuB,mBAAmB,GAAGF,qBAAqB;AACpE;;AAEA,IAAIC,UAAU,CAACtB,SAAS,CAACwB,aAAa,CAACpE,IAAI,KAAK,eAAe,EAAE;AAC7D;AACA+D,EAAAA,kBAAkB,GAAGG,UAAU,CAACtB,SAAS,CAACwB,aAAa;AACvDF,EAAAA,UAAU,CAACtB,SAAS,CAACwB,aAAa,GAAGJ,eAAe;AACxD;;AAEA,MAAMK,gBAAgB,SAASH,UAAU,CAAC;;;;;;;AAOtC;AACJ;AACA;AACA;AACA;AACIzG,EAAAA,WAAWA,CAAC6G,OAAO,EAAEhD,OAAO,EAAE;AAC1B,IAAA,KAAK,CAAC;AACF;AACZ;AACA;AACA;MACYiD,WAAW,EAAE,YAAY;AACrB,QAAA,MAAMC,IAAI,GAAG7E,KAAK,CAAC8E,IAAI,CAACC,SAAS,CAAC;QAClC,MAAM,CAACC,OAAO,CAAC,GAAGH,IAAI,CAACvE,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;QACnC,MAAM2E,IAAI,GAAG,IAAI;QACjB,IAAID,OAAO,KAAK,QAAQ,EAAE;AACtB,UAAA,MAAME,cAAc,GAAGP,OAAO,CAAC/D,cAAc,EAAE,CAAC3C,gBAAgB,EAAE,CAACC,WAAW,CAAC,wBAAwB,CAAC,IAAI;AACxGiH,YAAAA,IAAI,EAAE,WAAW;AACjBC,YAAAA,IAAI,EAAE;WACT;AACD,UAAA,MAAMC,MAAM,GAAG,IAAIC,KAAK,CAACJ,cAAc,CAAC;AACxC,UAAA,OAAOG,MAAM,CAAClC,IAAI,CAAC6B,OAAO,EAAEH,IAAI,CAAC,CAACU,KAAK,CAAC,CAAC5E,KAAK,KAAK;YAC/C,IAAIA,KAAK,YAAY6E,SAAS,IAAI7E,KAAK,CAAC8E,OAAO,KAAK,uBAAuB,EAAE;cACzElH,UAAU,CAACC,IAAI,CAAC,2CAA2C,GAAGkH,IAAI,CAACC,SAAS,CAACd,IAAI,CAAC,CAAC;AACvF;AACA,YAAA,OAAOe,OAAO,CAACC,MAAM,CAAClF,KAAK,CAAC;AAChC,WAAC,CAAC,CAACmF,OAAO,CAAC,MAAM;YACb,IAAIT,MAAM,CAACU,MAAM,EAAE;cACfV,MAAM,CAACW,UAAU,EAAE,CAACT,KAAK,CAAC,CAACU,aAAa,KAAK;AACzC1H,gBAAAA,UAAU,CAACoC,KAAK,CAACsF,aAAa,CAAC;AACnC,eAAC,CAAC;AACN;AACJ,WAAC,CAAC;AACN;AACA,QAAA,IAAIhB,IAAI,CAACI,MAAM,IAAI,IAAI,EAAE;AACrB,UAAA,MAAMH,cAAc,GAAGP,OAAO,CAAC/D,cAAc,EAAE,CAAC3C,gBAAgB,EAAE,CAACC,WAAW,CAAC,wBAAwB,CAAC,IAAI;AACxGiH,YAAAA,IAAI,EAAE,WAAW;AACjBC,YAAAA,IAAI,EAAE;WACT;AACDH,UAAAA,IAAI,CAACI,MAAM,GAAG,IAAIC,KAAK,CAACJ,cAAc,CAAC;AAC3C;AACA,QAAA,IAAID,IAAI,CAACI,MAAM,CAACU,MAAM,EAAE;AACpB,UAAA,OAAOd,IAAI,CAACI,MAAM,CAAClC,IAAI,CAAC6B,OAAO,EAAEH,IAAI,CAAC,CAACU,KAAK,CAAC,CAAC5E,KAAK,KAAK;YACpD,IAAIA,KAAK,YAAY6E,SAAS,IAAI7E,KAAK,CAAC8E,OAAO,KAAK,uBAAuB,EAAE;cACzElH,UAAU,CAACC,IAAI,CAAC,2CAA2C,GAAGkH,IAAI,CAACC,SAAS,CAACd,IAAI,CAAC,CAAC;AACvF;AACA,YAAA,OAAOe,OAAO,CAACC,MAAM,CAAClF,KAAK,CAAC;AAChC,WAAC,CAAC;AACN;AACA;AACA,QAAA,OAAO,CAAC,MAAM;AACV,UAAA,IAAIsE,IAAI,CAACiB,kBAAkB,IAAI,IAAI,EAAE;AACjC,YAAA,OAAO,IAAI,CAACC,QAAQ,EAAE;AAC1B;AACA,UAAA,OAAOP,OAAO,CAACxE,OAAO,EAAE;AAC5B,SAAC,GAAG,CAACgF,IAAI,CAAC,MAAM;AACZ;AACAvB,UAAAA,IAAI,CAAC,CAAC,CAAC,GAAGI,IAAI,CAACiB,kBAAkB;AACjC,UAAA,OAAOjB,IAAI,CAACI,MAAM,CAAClC,IAAI,CAAC6B,OAAO,EAAEH,IAAI,CAAC,CAACU,KAAK,CAAC,CAAC5E,KAAK,KAAK;YACpD,IAAIA,KAAK,YAAY6E,SAAS,IAAI7E,KAAK,CAAC8E,OAAO,KAAK,uBAAuB,EAAE;cACzElH,UAAU,CAACC,IAAI,CAAC,2CAA2C,GAAGkH,IAAI,CAACC,SAAS,CAACd,IAAI,CAAC,CAAC;AACvF;AACA,YAAA,OAAOe,OAAO,CAACC,MAAM,CAAClF,KAAK,CAAC;AAChC,WAAC,CAAC;AACN,SAAC,CAAC;AACN;KACH,CAAC,CAAC;AAtEX;AACA,OAFI0F,eAAA,CAAA,IAAA,EAAA,QAAA,EAAA,MAAA,CAAA,CAwEI,IAAI,CAACC,IAAI,CAAC3E,OAAO,CAAC,CAClBpD,UAAU,CAACgI,KAAK,CAAC,sEAAsE,CAAC;IACxF,KAAK,IAAI,CAACJ,QAAQ,EAAE,CAACC,IAAI,CAAC,MAAM;AAC5B7H,MAAAA,UAAU,CAACgI,KAAK,CAAC,kEAAkE,CAAC;AACxF,KAAC,CAAC,CAAChB,KAAK,CAAC,CAAC7E,GAAG,KAAK;AACdnC,MAAAA,UAAU,CAACoC,KAAK,CAAC,6DAA6D,CAAC;AAC/EpC,MAAAA,UAAU,CAACoC,KAAK,CAACD,GAAG,CAAC;AACzB,KAAC,CAAC;AACN;EACA,MAAMyF,QAAQA,GAAG;IACb,MAAM,CAACD,kBAAkB,EAAEM,YAAY,CAAC,GAAG,MAAMZ,OAAO,CAACa,QAAQ,CAAC;AAC9D,IAAA,MAAMtC,wBAAwB,CAAChB,IAAI,CAAC,IAAI,CAAC;AACzC,IAAA,MAAMiB,kBAAkB,CAACjB,IAAI,CAAC,IAAI,CAAC;KACrC;IACF,IAAI,CAAC+C,kBAAkB,GAAGA,kBAAkB;IAC5C,IAAI,CAACM,YAAY,GAAGA,YAAY;AACpC;;AAEJ;;ACnHA,MAAME,kBAAkB,GAAG,gCAAgC;;AAE3D,MAAMC,WAAW,CAAC;EACd7I,WAAWA,CAAC8I,GAAG,EAAE;IACb,IAAI,CAAC9H,KAAK,GAAG8H,GAAG;AACpB;AACAC,EAAAA,QAAQA,GAAG;IACP,OAAO,IAAI,CAAC/H,KAAK;AACrB;AACA;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACIgE,EAAAA,KAAKA,GAAG;AACJ;AACA;IACA,MAAMgE,EAAE,GAAG,uCAAuC;IAClD,MAAMC,OAAO,GAAG,EAAE;IAClB,IAAIC,KAAK,GAAGF,EAAE,CAACG,IAAI,CAAC,IAAI,CAACnI,KAAK,CAAC;IAC/B,OAAMkI,KAAK,KAAK,IAAI,EAAE;AAClBD,MAAAA,OAAO,CAACG,IAAI,CAACF,KAAK,CAAC,CAAC,CAAC,CAAC;MACtBA,KAAK,GAAGF,EAAE,CAACG,IAAI,CAAC,IAAI,CAACnI,KAAK,CAAC;AAC/B;AACA,IAAA,OAAOiI,OAAO;AAClB;AACJ;;AAEA,MAAMI,wBAAwB,SAASC,qBAAqB,CAAC;AACzD;AACJ;AACA;EACItJ,WAAWA,CAACuJ,aAAa,EAAE;IACvB,KAAK,CAACA,aAAa,CAAC;IACpB,IAAIC,QAAQ,GAAG,EAAE;AACjB;AACA1I,IAAAA,MAAM,CAACC,cAAc,CAAC,IAAI,EAAE,UAAU,EAAE;MACpCiD,GAAG,EAAEA,MAAM;AACP,QAAA,OAAOwF,QAAQ;OAClB;AACDpI,MAAAA,UAAU,EAAE;AAChB,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;EACIqI,MAAMA,CAACnF,GAAG,EAAE;AACR,IAAA,OAAO,IAAIwD,OAAO,CAAC,CAACxE,OAAO,EAAEyE,MAAM,KAAK;MACpC,IAAI;AACA;QACA2B,IAAI,CAACC,OAAO,CAACrF,GAAG,CAACsF,OAAO,EAAC,SAAS,CAAC;AACnC;QACAF,IAAI,CAACC,OAAO,CAACrF,GAAG,CAACsF,OAAO,CAACC,IAAI,EAAC,MAAM,CAAC;AACrC,QAAA,IAAIvF,GAAG,CAACsF,OAAO,CAACC,IAAI,CAACC,mBAAmB,IAAIxF,GAAG,CAACsF,OAAO,CAACC,IAAI,CAACC,mBAAmB,CAAC7E,MAAM,GAAC,CAAC,EAAE;AACvF;UACA,IAAI8E,MAAM,GAAGC,GAAG,CAACC,KAAK,CAAC3F,GAAG,CAAC4F,WAAW,CAAC,CAACC,QAAQ;AAChD;AACA,UAAA,IAAIC,SAAS,GAAG,IAAIvB,WAAW,CAACvE,GAAG,CAACsF,OAAO,CAACC,IAAI,CAACC,mBAAmB,CAAC,CAAC9E,KAAK,EAAE;AAC7E;AACA,UAAA,IAAIqF,SAAS,GAAGzB,kBAAkB,CAAC0B,IAAI,CAAChG,GAAG,CAACiG,MAAM,CAAC,GAAG,OAAO,GAAG,MAAM;AACtE;UACA,IAAIC,MAAM,GAAG,IAAI,CAAChB,QAAQ,CAACiB,IAAI,CAAC,CAAAC,CAAC,KAAI;AACjC;AACA,YAAA,OAAO,IAAIC,MAAM,CAAE,GAAG,GAAGD,CAAC,CAACE,QAAQ,EAAE,GAAG,CAAC,CAACN,IAAI,CAACP,MAAM;AACjD;eACGW,CAAC,CAACG,KAAK,CAACJ,IAAI,CAAC,CAAAK,CAAC,KAAI;AACjB;cACA,OAAOA,CAAC,KAAK,GAAG,IAAIV,SAAS,CAACW,OAAO,CAACD,CAAC,CAAC,IAAE,CAAC;AAC/C,aAAC,CAAC;AACV,WAAC,CAAC;AACF;UACA,IAAIN,MAAM,IAAI,IAAI,EAAE;YAChB,OAAOlH,OAAO,EAAE;AACpB;AACA;UACA,IAAIpB,KAAK,CAACC,OAAO,CAACqI,MAAM,CAACQ,MAAM,CAAC,KAAK,KAAK,EAAE;AACxC;YACA,OAAO1H,OAAO,EAAE;AACpB;AACA;UACA,IAAIkH,MAAM,CAACQ,MAAM,CAACD,OAAO,CAACV,SAAS,CAAC,GAAG,CAAC,EAAE;AACtC;YACA,OAAO/G,OAAO,EAAE;AACpB;AACA;UACA,OAAOA,OAAO,CAACkH,MAAM,CAAC;AAC1B;QACA,OAAOlH,OAAO,EAAE;AACpB;AACA,MAAA,OAAMV,GAAG,EAAE;QACP,OAAOmF,MAAM,CAACnF,GAAG,CAAC;AACtB;;AAEJ,KAAC,CAAC;AACN;;AAEJ;;AAEA;AACA;AACA;AACA,MAAMqI,+BAA+B,SAAS5B,wBAAwB,CAAC;AACnE;AACJ;AACA;EACIrJ,WAAWA,CAACuJ,aAAa,EAAE;IACxB,KAAK,CAACA,aAAa,CAAC;IACnB,IAAI2B,QAAQ,GAAG,EAAE;AAClB;IACC,IAAI;AACA;AACZ;AACA;AACYA,MAAAA,QAAQ,GAAGzH,OAAO,CAAC9B,IAAI,CAAC2B,OAAO,CAACiG,aAAa,CAACnG,oBAAoB,EAAE,EAAE,mBAAmB,CAAC,CAAC;AAC/F;AACA,IAAA,OAAMR,GAAG,EAAE;AACP;AACA,MAAA,IAAIA,GAAG,CAACuI,IAAI,KAAK,kBAAkB,EAAE;AACjC;AACA,QAAA,MAAMvI,GAAG;AACb;AACA;AACJ;AACA,IAAA,IAAI,CAAC4G,QAAQ,CAACJ,IAAI,CAACrH,KAAK,CAAC,IAAI,CAACyH,QAAQ,EAAE0B,QAAQ,CAAC;AACrD;AACJ;;AAEA,MAAME,8BAA8B,SAASrL,kBAAkB,CAAC;AAC5D;AACJ;AACA;EACIC,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;AACV;IACAA,GAAG,CAACE,gBAAgB,EAAE,CAACkL,WAAW,CAAChC,wBAAwB,EAAE4B,+BAA+B,CAAC;AACjG;AACJ;;;AAGA;AACA;AACA;AACA,MAAMK,8BAA8B,SAASvL,kBAAkB,CAAC;AAC5D;AACJ;AACA;EACIC,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;AACV;AACA,IAAA,MAAMsL,qBAAqB,GAAGtL,GAAG,CAACE,gBAAgB,EAAE,CAACqL,QAAQ,CAACC,SAAS,EAAEC,OAAO,EAAEC,WAAW,CAACC,OAAO;IACrG,IAAI3L,GAAG,IAAIA,GAAG,CAAC4L,SAAS,IAAIN,qBAAqB,IAAI,IAAI,EAAE;AACvDtL,MAAAA,GAAG,CAAC4L,SAAS,CAACjL,SAAS,CAAC,CAACiL,SAAS,KAAK;AACnC,QAAA,IAAIA,SAAS,EAAE;AACX,UAAA,MAAMF,WAAW,GAAG1L,GAAG,CAACE,gBAAgB,EAAE,CAAC2L,WAAW,CAAC,SAASzC,wBAAwBA,GAAG,EAAG,CAAC;UAC/F,IAAIsC,WAAW,IAAI,IAAI,EAAE;AACrB,YAAA,KAAK,MAAMI,oBAAoB,IAAIR,qBAAqB,EAAE;cACtD,IAAI;gBACA,MAAM/B,QAAQ,GAAG/F,OAAO,CAAC9B,IAAI,CAAC2B,OAAO,CAACrD,GAAG,CAACE,gBAAgB,EAAE,CAACiD,oBAAoB,EAAE,EAAE2I,oBAAoB,CAAC,CAAC;AAC3G,gBAAA,IAAIvC,QAAQ,EAAE;AACV;AACAmC,kBAAAA,WAAW,CAACnC,QAAQ,CAAC1H,OAAO,CAAC,GAAG0H,QAAQ,CAAC;AAC7C;AACJ;AACA,cAAA,OAAM5G,GAAG,EAAE;AACP;AACA,gBAAA,IAAIA,GAAG,CAACuI,IAAI,KAAK,kBAAkB,EAAE;AACjC;AACA,kBAAA,MAAMvI,GAAG;AACb;AACJ;AACJ;AACJ;AACJ;AACJ,OAAC,CAAC;AACN;AACJ;AACJ;;ACxLA,SAASoJ,aAAaA,GAAG;AACrB,EAAA,OAAO,CAAC1H,GAAG,EAAE2H,GAAG,EAAEvJ,IAAI,KAAK;AACvB;AACR;AACA;AACQ,IAAA,IAAIwJ,wBAAwB,GAAG5H,GAAG,CAACsF,OAAO,CAAC9G,cAAc,EAAE,CAAC3C,gBAAgB,EAAE,CAAC2L,WAAW,CAACzC,wBAAwB,CAAC;AACpH,IAAA,IAAI,OAAO6C,wBAAwB,KAAK,WAAW,EAAE;AACjD,MAAA,OAAOxJ,IAAI,CAAC,IAAI4C,KAAK,CAAC,wGAAwG,CAAC,CAAC;AACpI;IACA4G,wBAAwB,CAACzC,MAAM,CAACnF,GAAG,CAAC,CAACgE,IAAI,CAAC,CAAAtH,KAAK,KAAI;AAC/C,MAAA,IAAIA,KAAK,EAAE;QACP,OAAO0B,IAAI,EAAE;AACjB;AACA,MAAA,OAAOA,IAAI,CAAC,IAAIyJ,kBAAkB,CAAC,4CAA4C,CAAC,CAAC;AACrF,KAAC,CAAC,CAAC1E,KAAK,CAAC,CAAA2E,MAAM,KAAI;MACf,OAAO1J,IAAI,CAAC0J,MAAM,CAAC;AACvB,KAAC,CAAC;GACL;AACL;;ACjBA,SAASC,cAAcA,CAAC/I,OAAO,EAAEyE,MAAM,EAAE;AACrC,EAAA,OAAO,UAAUnF,GAAG,EAAE0J,QAAQ,EAAE;AAC5B,IAAA,IAAI1J,GAAG,EAAE;AACL;AACZ;AACA;AACY,MAAA,MAAM0J,QAAQ,GAAG1J,GAAG,CAAC0J,QAAQ;MAC7B,IAAIA,QAAQ,IAAIA,QAAQ,CAAC9H,OAAO,CAAC,cAAc,CAAC,KAAK,kBAAkB,EAAE;AACrE;AACA,QAAA,MAAM+H,WAAW,GAAGD,QAAQ,CAACE,IAAI;QACjC,MAAM3J,KAAK,GAAG,IAAI4J,SAAS,CAACH,QAAQ,CAACI,MAAM,CAAC;AAC5C,QAAA,OAAO3E,MAAM,CAACjH,MAAM,CAAC0C,MAAM,CAACX,KAAK,EAAE;AAC/B0J,UAAAA;AACJ,SAAC,CAAC,CAAC;AACP;MACA,OAAOxE,MAAM,CAACnF,GAAG,CAAC;AACtB;AACA,IAAA,IAAI0J,QAAQ,CAACI,MAAM,KAAK,GAAG,IAAIJ,QAAQ,CAAC9H,OAAO,CAAC,cAAc,CAAC,KAAK,kBAAkB,EAAE;MACpF,OAAOlB,OAAO,CAAC,IAAI,CAAC;AACxB;AACA,IAAA,OAAOA,OAAO,CAACgJ,QAAQ,CAACE,IAAI,CAAC;GAChC;AACL;;AAEA;AACA;AACA;AACA,MAAMG,mBAAmB,SAAS5M,kBAAkB,CAAC;AACjD;AACJ;AACA;EACIC,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;AACV;AACR;AACA;AACA;AACSa,IAAAA,MAAM,CAACC,cAAc,CAAC,IAAI,EAAE,UAAU,EAAE;AACrCI,MAAAA,QAAQ,EAAE,KAAK;MACfH,KAAK,EAAEf,GAAG,CAACE,gBAAgB,EAAE,CAACC,WAAW,CAAC,eAAe,CAAC;AAC1DgB,MAAAA,UAAU,EAAE,KAAK;AACjBC,MAAAA,YAAY,EAAE;AAClB,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACKuL,EAAAA,SAASA,GAAG;AACT,IAAA,OAAO,IAAI,CAACpB,QAAQ,CAACqB,UAAU;AACnC;;AAEA;AACJ;AACA;AACA;AACKC,EAAAA,YAAYA,GAAG;AACZ,IAAA,OAAO,IAAI,CAACtB,QAAQ,CAACuB,SAAS;AAClC;;AAEA;AACA;AACJ;AACA;AACA;AACA;EACIC,WAAWA,CAACC,KAAK,EAAE;AACf,IAAA,OAAO,IAAInF,OAAO,CAAC,CAACxE,OAAO,EAAEyE,MAAM,KAAK;AACpC,MAAA,MAAMmF,YAAY,GAAG,IAAI,CAAC1B,QAAQ,CAAC0B,YAAY,GAAG,IAAIC,GAAG,CAAC,IAAI,CAAC3B,QAAQ,CAAC0B,YAAY,EAAE,IAAI,CAACN,SAAS,EAAE,CAAC,GAAG,IAAIO,GAAG,CAAC,IAAI,EAAE,IAAI,CAACP,SAAS,EAAE,CAAC;AACzI,MAAA,OAAO,IAAIQ,OAAO,CAAC,KAAK,EAAEF,YAAY,CAAC;AAClCtL,MAAAA,GAAG,CAAC;QACD,eAAe,EAAE,CAAUqL,OAAAA,EAAAA,KAAK,CAAE,CAAA;AAClC,QAAA,QAAQ,EAAE;AACd,OAAC,CAAC;AACDI,MAAAA,KAAK,CAAC;AACH,QAAA,cAAc,EAACJ;OAClB,CAAC,CAACK,GAAG,CAACjB,cAAc,CAAC/I,OAAO,EAAEyE,MAAM,CAAC,CAAC;AAC/C,KAAC,CAAC;AACN;;AAEA;AACA;AACJ;AACA;AACA;EACIwF,mBAAmBA,CAAC3D,OAAO,EAAE;AACzB,IAAA,IAAIA,OAAO,CAACC,IAAI,IAAI,IAAI,EAAE;MACtB,OAAO/B,OAAO,CAACC,MAAM,CAAC,IAAIzC,KAAK,CAAC,8BAA8B,CAAC,CAAC;AACpE;AACA,IAAA,IAAIsE,OAAO,CAACC,IAAI,CAAC2D,kBAAkB,KAAK,QAAQ,EAAE;MAC9C,OAAO1F,OAAO,CAACC,MAAM,CAAC,IAAIzC,KAAK,CAAC,qCAAqC,CAAC,CAAC;AAC3E;AACA,IAAA,IAAIsE,OAAO,CAACC,IAAI,CAAC4D,mBAAmB,IAAI,IAAI,EAAE;MAC1C,OAAO3F,OAAO,CAACC,MAAM,CAAC,IAAIzC,KAAK,CAAC,6CAA6C,CAAC,CAAC;AACnF;IACA,OAAO,IAAI,CAACoI,YAAY,CAAC9D,OAAO,EAAEA,OAAO,CAACC,IAAI,CAAC4D,mBAAmB,CAAC;AACvE;AACA;AACJ;AACA;AACA;AACA;AACIC,EAAAA,YAAYA,CAACC,QAAQ,EAAEV,KAAK,EAAE;AAC1B,IAAA,OAAO,IAAInF,OAAO,CAAC,CAACxE,OAAO,EAAEyE,MAAM,KAAK;AACpC,MAAA,MAAM6F,iBAAiB,GAAG,IAAI,CAACpC,QAAQ,CAACoC,iBAAiB,GAAG,IAAIT,GAAG,CAAC,IAAI,CAAC3B,QAAQ,CAACoC,iBAAiB,EAAE,IAAI,CAAChB,SAAS,EAAE,CAAC,GAAG,IAAIO,GAAG,CAAC,WAAW,EAAE,IAAI,CAACP,SAAS,EAAE,CAAC;AAC/J,MAAA,OAAO,IAAIQ,OAAO,CAAC,MAAM,EAAEQ,iBAAiB,CAAC;AACxCC,MAAAA,IAAI,CAAC,IAAI,CAACrC,QAAQ,CAACsC,SAAS,EAAE,IAAI,CAACtC,QAAQ,CAACuC,aAAa,CAAC;AAC1DnM,MAAAA,GAAG,CAAC,QAAQ,EAAE,kBAAkB,CAAC;MACjCoM,IAAI,CAAC,MAAM,CAAC;AACZC,MAAAA,IAAI,CAAC;AACF,QAAA,iBAAiB,EAAE,cAAc;AACjC,QAAA,OAAO,EAAEhB;OACZ,CAAC,CAACK,GAAG,CAACjB,cAAc,CAAC/I,OAAO,EAAEyE,MAAM,CAAC,CAAC;AAC/C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;EACKmG,SAASA,CAACC,aAAa,EAAE;AACtB,IAAA,MAAMC,QAAQ,GAAG,IAAI,CAAC5C,QAAQ,CAAC6C,SAAS,GAAG,IAAIlB,GAAG,CAAC,IAAI,CAAC3B,QAAQ,CAAC6C,SAAS,CAAC,GAAG,IAAIlB,GAAG,CAAC,WAAW,EAAE,IAAI,CAACP,SAAS,EAAE,CAAC;AACpH,IAAA,OAAO,IAAI9E,OAAO,CAAC,CAACxE,OAAO,EAAEyE,MAAM,KAAI;AACnC,MAAA,OAAO,IAAIqF,OAAO,CAAC,MAAM,EAAEgB,QAAQ,CAAC;MAC/BJ,IAAI,CAAC,MAAM,CAAC;AACZC,MAAAA,IAAI,CAACE,aAAa,CAAC,CAACb,GAAG,CAACjB,cAAc,CAAC/I,OAAO,EAAEyE,MAAM,CAAC,CAAC;AACjE,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACKuG,EAAAA,WAAWA,CAACC,OAAO,EAAE1K,OAAO,EAAE;AAC3B,IAAA,OAAO,IAAIiE,OAAO,CAAC,CAACxE,OAAO,EAAEyE,MAAM,KAAK;AACpC,MAAA,OAAO,IAAIqF,OAAO,CAAC,KAAK,EAAE,IAAID,GAAG,CAAC,CAAA,MAAA,EAASoB,OAAO,CAAA,CAAE,EAAE,IAAI,CAACzB,YAAY,EAAE,CAAC,CAAC;MACtElL,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAUiC,OAAO,CAAC2K,YAAY,EAAE,CAAC;AACtDlB,MAAAA,GAAG,CAACjB,cAAc,CAAC/I,OAAO,EAAEyE,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACI0G,EAAAA,OAAOA,CAACC,QAAQ,EAAE7K,OAAO,EAAE;AACvB,IAAA,OAAO,IAAIiE,OAAO,CAAC,CAACxE,OAAO,EAAEyE,MAAM,KAAI;AACnC,MAAA,OAAO,IAAIqF,OAAO,CAAC,KAAK,EAAE,IAAID,GAAG,CAAC,OAAO,EAAE,IAAI,CAACL,YAAY,EAAE,CAAC,CAAC;MAC3DlL,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAUiC,OAAO,CAAC2K,YAAY,EAAE,CAAC;AACtDnB,MAAAA,KAAK,CAAC;QACH,SAAS,EAAE,YAAYqB,QAAQ,CAAA,CAAA;AACnC,OAAC,CAAC;AACDpB,MAAAA,GAAG,CAACjB,cAAc,CAAC/I,OAAO,EAAEyE,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACK4G,EAAAA,cAAcA,CAACC,KAAK,EAAE/K,OAAO,EAAE;AAC5B,IAAA,OAAO,IAAIiE,OAAO,CAAC,CAACxE,OAAO,EAAEyE,MAAM,KAAI;AACnC,MAAA,OAAO,IAAIqF,OAAO,CAAC,KAAK,EAAE,IAAID,GAAG,CAAC,OAAO,EAAE,IAAI,CAACL,YAAY,EAAE,CAAC,CAAC;MAC3DlL,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAUiC,OAAO,CAAC2K,YAAY,EAAE,CAAC;AACtDnB,MAAAA,KAAK,CAAC;QACH,SAAS,EAAE,qBAAqBuB,KAAK,CAAA,CAAA;AACzC,OAAC,CAAC;AACDtB,MAAAA,GAAG,CAACjB,cAAc,CAAC/I,OAAO,EAAEyE,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACK8G,EAAAA,UAAUA,CAAChF,IAAI,EAAEhG,OAAO,EAAE;AACvB,IAAA,OAAO,IAAIiE,OAAO,CAAC,CAACxE,OAAO,EAAEyE,MAAM,KAAI;AACnC,MAAA,IAAI8B,IAAI,CAACiF,EAAE,IAAI,IAAI,EAAE;AACjB,QAAA,OAAO/G,MAAM,CAAC,IAAIgH,SAAS,CAAC,cAAc,EAAE,wCAAwC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;AAC9G;MACA,MAAMC,OAAO,GAAG,IAAI5B,OAAO,CAAC,KAAK,EAAE,IAAID,GAAG,CAAC,CAAA,MAAA,EAAStD,IAAI,CAACiF,EAAE,EAAE,EAAE,IAAI,CAAChC,YAAY,EAAE,CAAC,CAAC;MACpF,OAAOkC,OAAO,CAACpN,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAUiC,OAAO,CAAC2K,YAAY,CAAA,CAAE,CAAC;AAChE5M,MAAAA,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC;MACvCqM,IAAI,CAACpE,IAAI,CAAC;AACVyD,MAAAA,GAAG,CAACjB,cAAc,CAAC/I,OAAO,EAAEyE,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACKkH,EAAAA,UAAUA,CAACpF,IAAI,EAAEhG,OAAO,EAAE;AACvB,IAAA,OAAO,IAAIiE,OAAO,CAAC,CAACxE,OAAO,EAAEyE,MAAM,KAAI;AACnC,MAAA,MAAMiH,OAAO,GAAG,IAAI5B,OAAO,CAAC,MAAM,EAAE,IAAID,GAAG,CAAC,OAAO,EAAE,IAAI,CAACL,YAAY,EAAE,CAAC,CAAC;MAC1E,OAAOkC,OAAO,CAACpN,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAUiC,OAAO,CAAC2K,YAAY,CAAA,CAAE,CAAC;AAChE5M,MAAAA,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC;MACvCqM,IAAI,CAACnN,MAAM,CAAC0C,MAAM,CAAC,EAAE,EAAEqG,IAAI,EAAE;QAC1BqF,MAAM,EAAE,CAAC;AACb,OAAC,CAAC,CAAC;AACF5B,MAAAA,GAAG,CAACjB,cAAc,CAAC/I,OAAO,EAAEyE,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;AACA;AACKoH,EAAAA,UAAUA,CAACtF,IAAI,EAAEhG,OAAO,EAAE;AACvB,IAAA,OAAO,IAAIiE,OAAO,CAAC,CAACxE,OAAO,EAAEyE,MAAM,KAAI;AACnC,MAAA,IAAI8B,IAAI,CAACiF,EAAE,IAAI,IAAI,EAAE;AACjB,QAAA,OAAO/G,MAAM,CAAC,IAAIgH,SAAS,CAAC,cAAc,EAAE,wCAAwC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;AAC9G;MACA,MAAMC,OAAO,GAAG,IAAI5B,OAAO,CAAC,QAAQ,EAAE,IAAID,GAAG,CAAC,CAAA,MAAA,EAAStD,IAAI,CAACiF,EAAE,EAAE,EAAE,IAAI,CAAChC,YAAY,EAAE,CAAC,CAAC;MACvF,OAAOkC,OAAO,CAACpN,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAUiC,OAAO,CAAC2K,YAAY,CAAA,CAAE,CAAC;AAChElB,MAAAA,GAAG,CAACjB,cAAc,CAAC/I,OAAO,EAAEyE,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC;AACN;;AAEA;AACJ;AACA;AACA;EACIqH,yBAAyBA,CAACC,KAAK,EAAE;AAC7B,IAAA,IAAIA,KAAK,EAAE;MACP,IAAI,CAACC,wBAAwB,GAAG,IAAI;AACxC;IACA,IAAI,IAAI,CAACA,wBAAwB,EAAE;AAC/B,MAAA,OAAOxH,OAAO,CAACxE,OAAO,CAAC,IAAI,CAACgM,wBAAwB,CAAC;AACzD;AACA,IAAA,OAAO,IAAIxH,OAAO,CAAC,CAACxE,OAAO,EAAEyE,MAAM,KAAK;AACpC,MAAA,MAAMwH,4BAA4B,GAAG,IAAI,CAAC/D,QAAQ,CAAC+D,4BAA4B,GAAG,IAAIpC,GAAG,CAAC,IAAI,CAAC3B,QAAQ,CAAC+D,4BAA4B,EAAE,IAAI,CAAC3C,SAAS,EAAE,CAAC,GAAG,IAAIO,GAAG,CAAC,kCAAkC,EAAE,IAAI,CAACP,SAAS,EAAE,CAAC;AACvN,MAAA,OAAO,IAAIQ,OAAO,CAAC,KAAK,EAAEmC,4BAA4B,CAAC;AAClDjC,MAAAA,GAAG,CAACjB,cAAc,CAAC/I,OAAO,EAAEyE,MAAM,CAAC,CAAC;AAC7C,KAAC,CAAC,CAACO,IAAI,CAAC,CAACiB,aAAa,KAAK;MACvB,IAAI,CAAC+F,wBAAwB,GAAG/F,aAAa;AAC7C,MAAA,OAAOA,aAAa;AACxB,KAAC,CAAC;AACN;AACJ;;ACrPA,MAAMiG,4BAA4B,SAASrD,kBAAkB,CAAC;AAC1DnM,EAAAA,WAAWA,GAAG;IACV,KAAK,CAAC,+GAA+G,CAAC;IACtH,IAAI,CAACyP,UAAU,GAAG,KAAK;AAC3B;;AAEJ;;AAEA,MAAMC,sBAAsB,SAAS3P,kBAAkB,CAAC;EACtDC,WAAWA,CAACC,GAAG,EAAE;IACf,KAAK,CAACA,GAAG,CAAC;;AAEV;IACA,IAAIC,sBAAsB,GAAGD,GAAG,CAACE,gBAAgB,EAAE,CAACC,WAAW,CAAC,+CAA+C,CAAC;AAChH,IAAA,IAAI,OAAOF,sBAAsB,KAAK,SAAS,EAAE;AAC7CA,MAAAA,sBAAsB,GAAG,KAAK;AAClC;IACA,IAAI,CAACA,sBAAsB,GAAGA,sBAAsB;AACpD;AACA,IAAA,IAAI,CAACyP,KAAK,GAAG1P,GAAG,CAACE,gBAAgB,EAAE,CAACC,WAAW,CAAC,gDAAgD,CAAC,IAAI,eAAe;;AAEpHH,IAAAA,GAAG,CAAC8C,aAAa,CAACnC,SAAS,CAAC,CAACmC,aAAa,KAAK;MAC3C,IAAIA,aAAa,IAAI,IAAI,EAAE;AACvB,QAAA;AACJ;AACA,MAAA,MAAM6M,SAAS,GAAG3O,OAAO,CAACC,MAAM,EAAE;MAClC0O,SAAS,CAAC5N,GAAG,CAAC,CAACsC,GAAG,EAAE2H,GAAG,EAAEvJ,IAAI,KAAK;QAC9B,KAAK,IAAI,CAACmN,qBAAqB,CAACvL,GAAG,CAAC,CAACgE,IAAI,CAAC,CAACtH,KAAK,KAAK;UACjD,IAAIA,KAAK,KAAK,KAAK,EAAE;AACjB,YAAA,OAAO0B,IAAI,CAAC,IAAI8M,4BAA4B,EAAE,CAAC;AACnD;UACA,OAAO9M,IAAI,EAAE;AACjB,SAAC,CAAC,CAAC+E,KAAK,CAAC,CAAC7E,GAAG,KAAK;UACd,OAAOF,IAAI,CAACE,GAAG,CAAC;AACpB,SAAC,CAAC;AACN,OAAC,CAAC;AACF;AACAG,MAAAA,aAAa,CAAClB,KAAK,CAACC,OAAO,CAACC,KAAK,CAACgB,aAAa,CAAClB,KAAK,EAAE+N,SAAS,CAAC/N,KAAK,CAAC;AAC3E,KAAC,CAAC;AACJ;;AAEA;AACF;AACA;AACA;AACA;EACEiO,gBAAgBA,CAACxL,GAAG,EAAE;AACpB,IAAA,IAAIC,aAAa;IACjB,IAAI,IAAI,CAACrE,sBAAsB,EAAE;AAC7B;AACAqE,MAAAA,aAAa,GAAGD,GAAG,CAACE,OAAO,CAAC,WAAW,CAAC,IAAIF,GAAG,CAACE,OAAO,CAAC,iBAAiB,CAAC,KAAKF,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAa,CAAC;AAC5J,KAAC,MAAM;AACHA,MAAAA,aAAa,GAAGD,GAAG,CAACG,UAAU,GAAGH,GAAG,CAACG,UAAU,CAACF,aAAa,GAAGD,GAAG,CAACI,MAAM,CAACH,aAAa;AAC5F;AACA,IAAA,OAAOA,aAAa;AACtB;;AAEA;AACF;AACA;AACA;AACA;EACE,MAAMsL,qBAAqBA,CAACvL,GAAG,EAAE;IAC/B,MAAMmJ,mBAAmB,GAAGnJ,GAAG,CAACsF,OAAO,EAAEC,IAAI,EAAE4D,mBAAmB;IAClE,IAAIA,mBAAmB,IAAI,IAAI,EAAE;AAC7B,MAAA,MAAMe,YAAY,GAAGuB,GAAG,CAACC,MAAM,CAACvC,mBAAmB,CAAC;AACpD,MAAA,MAAMlJ,aAAa,GAAGiK,YAAY,CAAC,IAAI,CAACmB,KAAK,CAAC;MAC9C,IAAIpL,aAAa,IAAI,IAAI,EAAE;QACvB9D,UAAU,CAACC,IAAI,CAAC,CAAA,oFAAA,EAAuF,IAAI,CAACiP,KAAK,2BAA2B,CAAC;AAC7I,QAAA,OAAO,KAAK;AAChB;AACA;AACA,MAAA,MAAMM,oBAAoB,GAAG,IAAI,CAACH,gBAAgB,CAACxL,GAAG,CAAC;MACvD,IAAIC,aAAa,KAAK0L,oBAAoB,EAAE;QACxCxP,UAAU,CAACC,IAAI,CAAC,CAAgE6D,6DAAAA,EAAAA,aAAa,IAAI,QAAQ,CAAA,+BAAA,EAAkC0L,oBAAoB,CAAA,CAAE,CAAC;AAClK,QAAA,OAAO,KAAK;AAChB;AACA,MAAA,OAAO,IAAI;AACf;AACAxP,IAAAA,UAAU,CAACC,IAAI,CAAC,8FAA8F,CAAC;AAC/G,IAAA,OAAO,KAAK;AACd;;AAEF;;ACrFA,MAAMwP,mBAAmB,SAASpQ,gBAAgB,CAAC;AAC/C;AACJ;AACA;AACA;EACIE,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;AACd;;AAEAU,EAAAA,cAAcA,GAAG;AACb,IAAA,OAAO,wCAAwC;AACnD;;AAEAH,EAAAA,mBAAmBA,GAAG;AAClB,IAAA,OAAO,IAAI,CAACsC,cAAc,EAAE,IAAI,IAAI,CAACA,cAAc,EAAE,CAAC+I,SAAS;AACnE;AACJ;;AChBA,MAAMsE,oBAAoB,SAASzK,iBAAiB,CAAC;AACjD;AACJ;AACA;AACA;EACI1F,WAAWA,CAACC,GAAG,EAAE;IACb,KAAK,CAACA,GAAG,CAAC;AACd;;AAEAU,EAAAA,cAAcA,GAAG;AACb,IAAA,OAAO,yCAAyC;AACpD;;AAEAH,EAAAA,mBAAmBA,GAAG;AAClB,IAAA,OAAO,IAAI,CAACsC,cAAc,EAAE,IAAI,IAAI,CAACA,cAAc,EAAE,CAAC+I,SAAS;AACnE;AACJ;;;;"}