@usearete/sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,364 @@
1
+ import * as ed25519 from '@noble/ed25519';
2
+
3
+ /**
4
+ * Base64URL encoding/decoding utilities
5
+ */
6
+ /**
7
+ * Encode Uint8Array to base64url string (RFC 4648)
8
+ */
9
+ function encode(bytes) {
10
+ // Convert to regular base64
11
+ const base64 = Buffer.from(bytes).toString('base64');
12
+ // Convert to base64url: replace + with -, / with _, remove padding
13
+ return base64
14
+ .replace(/\+/g, '-')
15
+ .replace(/\//g, '_')
16
+ .replace(/=/g, '');
17
+ }
18
+ /**
19
+ * Decode base64url string to Uint8Array
20
+ */
21
+ function decode(base64url) {
22
+ // Convert from base64url to regular base64
23
+ let base64 = base64url
24
+ .replace(/-/g, '+')
25
+ .replace(/_/g, '/');
26
+ // Add padding if needed
27
+ const padding = 4 - (base64.length % 4);
28
+ if (padding !== 4) {
29
+ base64 += '='.repeat(padding);
30
+ }
31
+ return new Uint8Array(Buffer.from(base64, 'base64'));
32
+ }
33
+ const base64url = {
34
+ encode,
35
+ decode,
36
+ };
37
+
38
+ /**
39
+ * Arete Auth Server - Drop-in Endpoint Handlers
40
+ *
41
+ * These are framework-agnostic API route handlers that users can mount however they like.
42
+ * They handle token minting and JWKS serving directly using Ed25519 signing.
43
+ *
44
+ * @example
45
+ * ```typescript
46
+ * // app/api/arete/sessions/route.ts (Next.js App Router)
47
+ * import { handleSessionRequest, handleJwksRequest } from '@usearete/sdk/ssr/handlers';
48
+ *
49
+ * export async function POST(request: Request) {
50
+ * const user = await getAuthenticatedUser(request);
51
+ * if (!user) return new Response('Unauthorized', { status: 401 });
52
+ * return handleSessionRequest({}, user.id);
53
+ * }
54
+ *
55
+ * export async function GET() {
56
+ * return handleJwksRequest();
57
+ * }
58
+ * ```
59
+ */
60
+ /**
61
+ * Decode base64 to Uint8Array
62
+ */
63
+ function decodeBase64(base64) {
64
+ const binary = Buffer.from(base64, 'base64');
65
+ return new Uint8Array(binary);
66
+ }
67
+ /**
68
+ * Encode Uint8Array to base64url
69
+ */
70
+ function encodeBase64url(bytes) {
71
+ return base64url.encode(bytes);
72
+ }
73
+ /**
74
+ * Generate a key ID from public key bytes
75
+ */
76
+ function deriveKeyId(publicKey) {
77
+ // Use first 8 bytes of public key as hex for kid
78
+ return Array.from(publicKey.slice(0, 8))
79
+ .map(b => b.toString(16).padStart(2, '0'))
80
+ .join('');
81
+ }
82
+ /**
83
+ * Create JWT header for Ed25519
84
+ */
85
+ function createJwtHeader(keyId) {
86
+ const header = {
87
+ alg: 'EdDSA',
88
+ typ: 'JWT',
89
+ kid: keyId,
90
+ };
91
+ return encodeBase64url(new TextEncoder().encode(JSON.stringify(header)));
92
+ }
93
+ /**
94
+ * Create JWT payload from claims
95
+ */
96
+ function createJwtPayload(claims) {
97
+ return encodeBase64url(new TextEncoder().encode(JSON.stringify(claims)));
98
+ }
99
+ /**
100
+ * Sign data with Ed25519
101
+ */
102
+ async function signEd25519(data, privateKey) {
103
+ const messageBytes = new TextEncoder().encode(data);
104
+ return await ed25519.signAsync(messageBytes, privateKey);
105
+ }
106
+ /**
107
+ * Mint a session token using Ed25519 signing
108
+ * `subject` must come from verified server-side auth or trusted service code.
109
+ */
110
+ async function mintSessionToken(config, subject = 'anonymous', scope = 'read', origin) {
111
+ const signingKeyBase64 = config.signingKey || process.env.ARETE_SIGNING_KEY;
112
+ if (!signingKeyBase64) {
113
+ throw new Error('ARETE_SIGNING_KEY not set. Generate with: node -e "console.log(require(\'crypto\').randomBytes(32).toString(\'base64\'))"');
114
+ }
115
+ const privateKeyBytes = decodeBase64(signingKeyBase64);
116
+ if (privateKeyBytes.length !== 32) {
117
+ throw new Error(`Invalid signing key length: expected 32 bytes, got ${privateKeyBytes.length}. ` +
118
+ 'Ed25519 signing key must be 32 bytes (base64-encoded).');
119
+ }
120
+ // Derive public key from private key
121
+ const publicKeyBytes = await ed25519.getPublicKeyAsync(privateKeyBytes);
122
+ const keyId = config.keyId || deriveKeyId(publicKeyBytes);
123
+ const issuer = config.issuer || process.env.ARETE_ISSUER || 'arete';
124
+ const audience = config.audience || process.env.ARETE_AUDIENCE || 'arete';
125
+ const ttlSeconds = config.ttlSeconds || 300;
126
+ const now = Math.floor(Date.now() / 1000);
127
+ const expiresAt = now + ttlSeconds;
128
+ const claims = {
129
+ iss: issuer,
130
+ sub: subject,
131
+ aud: audience,
132
+ iat: now,
133
+ nbf: now,
134
+ exp: expiresAt,
135
+ jti: crypto.randomUUID(),
136
+ scope,
137
+ metering_key: `meter:${subject}`,
138
+ key_class: 'secret',
139
+ limits: config.limits || {
140
+ max_connections: 10,
141
+ max_subscriptions: 100,
142
+ max_snapshot_rows: 1000,
143
+ max_messages_per_minute: 10000,
144
+ max_bytes_per_minute: 100 * 1024 * 1024,
145
+ },
146
+ };
147
+ // Add origin binding if provided
148
+ if (origin) {
149
+ claims.origin = origin;
150
+ }
151
+ // Create JWT
152
+ const header = createJwtHeader(keyId);
153
+ const payload = createJwtPayload(claims);
154
+ const signingInput = `${header}.${payload}`;
155
+ const signature = await signEd25519(signingInput, privateKeyBytes);
156
+ const signatureBase64 = encodeBase64url(signature);
157
+ const token = `${signingInput}.${signatureBase64}`;
158
+ return {
159
+ token,
160
+ expires_at: expiresAt,
161
+ };
162
+ }
163
+ /**
164
+ * Generate JWKS response from signing key
165
+ */
166
+ async function generateJwks(config) {
167
+ const signingKeyBase64 = config.signingKey || process.env.ARETE_SIGNING_KEY;
168
+ const publicKeyBase64 = config.publicKey || process.env.ARETE_PUBLIC_KEY;
169
+ if (!signingKeyBase64 && !publicKeyBase64) {
170
+ return { keys: [] };
171
+ }
172
+ let publicKeyBytes;
173
+ if (publicKeyBase64) {
174
+ // Use provided public key
175
+ publicKeyBytes = decodeBase64(publicKeyBase64);
176
+ if (publicKeyBytes.length !== 32) {
177
+ throw new Error(`Invalid public key length: expected 32 bytes, got ${publicKeyBytes.length}`);
178
+ }
179
+ }
180
+ else {
181
+ // Derive public key from private key
182
+ const privateKeyBytes = decodeBase64(signingKeyBase64);
183
+ if (privateKeyBytes.length !== 32) {
184
+ throw new Error(`Invalid signing key length: expected 32 bytes, got ${privateKeyBytes.length}`);
185
+ }
186
+ publicKeyBytes = await ed25519.getPublicKeyAsync(privateKeyBytes);
187
+ }
188
+ const keyId = config.keyId ||
189
+ (publicKeyBase64 ? 'key-1' : deriveKeyId(publicKeyBytes));
190
+ return {
191
+ keys: [
192
+ {
193
+ kty: 'OKP',
194
+ crv: 'Ed25519',
195
+ kid: keyId,
196
+ use: 'sig',
197
+ alg: 'EdDSA',
198
+ x: encodeBase64url(publicKeyBytes),
199
+ },
200
+ ],
201
+ };
202
+ }
203
+ /**
204
+ * Framework-agnostic health check handler
205
+ */
206
+ function handleHealthRequest() {
207
+ return new Response(JSON.stringify({
208
+ status: 'healthy',
209
+ version: '0.5.10',
210
+ }), {
211
+ status: 200,
212
+ headers: {
213
+ 'Content-Type': 'application/json',
214
+ },
215
+ });
216
+ }
217
+
218
+ /**
219
+ * Vite SSR integration for Arete Auth
220
+ *
221
+ * Express/Connect middleware that mounts auth endpoints.
222
+ * `resolveSession` must derive the subject from verified server-side auth.
223
+ * Never trust caller-supplied headers for identity or scope.
224
+ *
225
+ * @example
226
+ * ```typescript
227
+ * // server.ts
228
+ * import express from 'express';
229
+ * import { createViteAuthMiddleware } from '@usearete/sdk/ssr/vite';
230
+ *
231
+ * const app = express();
232
+ *
233
+ * // Mount auth endpoints at /api/arete
234
+ * app.use('/api/arete', createViteAuthMiddleware({
235
+ * resolveSession: async (req) => {
236
+ * const user = await getAuthenticatedUser(req);
237
+ * if (!user) return null;
238
+ * return { subject: user.id };
239
+ * },
240
+ * }));
241
+ *
242
+ * // Or mount at root
243
+ * app.use(createViteAuthMiddleware({
244
+ * basePath: '/auth',
245
+ * resolveSession: async (req) => {
246
+ * const user = await getAuthenticatedUser(req);
247
+ * if (!user) return null;
248
+ * return { subject: user.id };
249
+ * },
250
+ * }));
251
+ * ```
252
+ */
253
+ /**
254
+ * Create Express middleware that mounts Arete auth endpoints
255
+ */
256
+ function createViteAuthMiddleware(options = {}) {
257
+ const { basePath = '', ...config } = options;
258
+ // Note: In production, you'd use express.Router(), but for Vite SSR
259
+ // we just return a middleware function that checks the path
260
+ return async function middleware(req, res, next) {
261
+ const pathname = req.path;
262
+ // POST /{basePath}/sessions - Mint token
263
+ if (req.method === 'POST' && pathname === `${basePath}/sessions`) {
264
+ const origin = req.headers.origin;
265
+ try {
266
+ if (!config.resolveSession) {
267
+ res.status(500).json({
268
+ error: 'createViteAuthMiddleware requires resolveSession to derive the subject from authenticated server-side state',
269
+ });
270
+ return;
271
+ }
272
+ const session = await config.resolveSession(req, res);
273
+ if (!session) {
274
+ res.status(401).json({
275
+ error: 'Unauthorized',
276
+ });
277
+ return;
278
+ }
279
+ const tokenData = await mintSessionToken(config, session.subject, session.scope || 'read', origin);
280
+ res.json(tokenData);
281
+ return;
282
+ }
283
+ catch (error) {
284
+ res.status(500).json({
285
+ error: error instanceof Error ? error.message : 'Failed to mint token',
286
+ });
287
+ return;
288
+ }
289
+ }
290
+ // GET /{basePath}/.well-known/jwks.json - JWKS
291
+ if (req.method === 'GET' && pathname === `${basePath}/.well-known/jwks.json`) {
292
+ try {
293
+ const jwks = await generateJwks(config);
294
+ res.json(jwks);
295
+ return;
296
+ }
297
+ catch (error) {
298
+ res.status(500).json({
299
+ error: error instanceof Error ? error.message : 'Failed to generate JWKS',
300
+ });
301
+ return;
302
+ }
303
+ }
304
+ // GET /{basePath}/health - Health check
305
+ if (req.method === 'GET' && pathname === `${basePath}/health`) {
306
+ const response = handleHealthRequest();
307
+ res.status(response.status).json(await response.json());
308
+ return;
309
+ }
310
+ // Not an auth route, pass to next middleware
311
+ next();
312
+ };
313
+ }
314
+ /**
315
+ * Create a Vite plugin that injects the auth endpoints
316
+ * This is for use with Vite's configureServer hook
317
+ *
318
+ * @example
319
+ * ```typescript
320
+ * // vite.config.ts
321
+ * import { defineConfig } from 'vite';
322
+ * import { createViteAuthPlugin } from '@usearete/sdk/ssr/vite';
323
+ *
324
+ * export default defineConfig({
325
+ * plugins: [
326
+ * createViteAuthPlugin({
327
+ * basePath: '/api/arete',
328
+ * resolveSession: async (req) => {
329
+ * const user = await getAuthenticatedUser(req);
330
+ * if (!user) return null;
331
+ * return { subject: user.id };
332
+ * },
333
+ * }),
334
+ * ],
335
+ * });
336
+ * ```
337
+ */
338
+ function createViteAuthPlugin(options = {}) {
339
+ return {
340
+ name: 'arete-auth',
341
+ configureServer(server) {
342
+ server.middlewares.use(options.basePath || '/api/arete', createViteAuthMiddleware({ ...options, basePath: '' }));
343
+ },
344
+ };
345
+ }
346
+ /**
347
+ * Helper to inject token into HTML for client-side hydration
348
+ */
349
+ function injectAreteToken(html, token) {
350
+ if (!token)
351
+ return html;
352
+ const tokenScript = `
353
+ <script>
354
+ window.__ARETE_TOKEN__ = ${JSON.stringify(token)};
355
+ </script>
356
+ `;
357
+ if (html.includes('</head>')) {
358
+ return html.replace('</head>', `${tokenScript}</head>`);
359
+ }
360
+ return html.replace('<body>', `<body>${tokenScript}`);
361
+ }
362
+
363
+ export { createViteAuthMiddleware, createViteAuthPlugin, injectAreteToken };
364
+ //# sourceMappingURL=vite.esm.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"vite.esm.js","sources":["../../src/ssr/utils.ts","../../src/ssr/handlers.ts","../../src/ssr/vite.ts"],"sourcesContent":[null,null,null],"names":[],"mappings":";;AAAA;;AAEG;AAEH;;AAEG;AACG,SAAU,MAAM,CAAC,KAAiB,EAAA;;AAEtC,IAAA,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;;AAErD,IAAA,OAAO,MAAM;AACV,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;AACnB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;AACnB,SAAA,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AACvB,CAAC;AAED;;AAEG;AACG,SAAU,MAAM,CAAC,SAAiB,EAAA;;IAEtC,IAAI,MAAM,GAAG,SAAS;AACnB,SAAA,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;AAClB,SAAA,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;;IAGtB,MAAM,OAAO,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACxC,IAAA,IAAI,OAAO,KAAK,CAAC,EAAE;AACjB,QAAA,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;KAC/B;AAED,IAAA,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvD,CAAC;AAEM,MAAM,SAAS,GAAG;IACvB,MAAM;IACN,MAAM;CACP;;ACtCD;;;;;;;;;;;;;;;;;;;;;AAqBG;AAoGH;;AAEG;AACH,SAAS,YAAY,CAAC,MAAc,EAAA;IAClC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAC7C,IAAA,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;AAEG;AACH,SAAS,eAAe,CAAC,KAAiB,EAAA;AACxC,IAAA,OAAO,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACjC,CAAC;AAED;;AAEG;AACH,SAAS,WAAW,CAAC,SAAqB,EAAA;;AAExC,IAAA,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACrC,SAAA,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACzC,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED;;AAEG;AACH,SAAS,eAAe,CAAC,KAAa,EAAA;AACpC,IAAA,MAAM,MAAM,GAAG;AACb,QAAA,GAAG,EAAE,OAAO;AACZ,QAAA,GAAG,EAAE,KAAK;AACV,QAAA,GAAG,EAAE,KAAK;KACX,CAAC;AACF,IAAA,OAAO,eAAe,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED;;AAEG;AACH,SAAS,gBAAgB,CAAC,MAAqB,EAAA;AAC7C,IAAA,OAAO,eAAe,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED;;AAEG;AACH,eAAe,WAAW,CACxB,IAAY,EACZ,UAAsB,EAAA;IAEtB,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpD,OAAO,MAAM,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;AAC3D,CAAC;AAED;;;AAGG;AACI,eAAe,gBAAgB,CACpC,MAAyB,EACzB,OAAA,GAAkB,WAAW,EAC7B,KAAgB,GAAA,MAAM,EACtB,MAAe,EAAA;IAEf,MAAM,gBAAgB,GAAG,MAAM,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAC5E,IAAI,CAAC,gBAAgB,EAAE;AACrB,QAAA,MAAM,IAAI,KAAK,CACb,2HAA2H,CAC5H,CAAC;KACH;AAED,IAAA,MAAM,eAAe,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;AACvD,IAAA,IAAI,eAAe,CAAC,MAAM,KAAK,EAAE,EAAE;AACjC,QAAA,MAAM,IAAI,KAAK,CACb,sDAAsD,eAAe,CAAC,MAAM,CAAI,EAAA,CAAA;AAChF,YAAA,wDAAwD,CACzD,CAAC;KACH;;IAGD,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;IACxE,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,WAAW,CAAC,cAAc,CAAC,CAAC;AAE1D,IAAA,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,OAAO,CAAC;AACpE,IAAA,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC;AAC1E,IAAA,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC;AAE5C,IAAA,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;AAC1C,IAAA,MAAM,SAAS,GAAG,GAAG,GAAG,UAAU,CAAC;AAEnC,IAAA,MAAM,MAAM,GAAkB;AAC5B,QAAA,GAAG,EAAE,MAAM;AACX,QAAA,GAAG,EAAE,OAAO;AACZ,QAAA,GAAG,EAAE,QAAQ;AACb,QAAA,GAAG,EAAE,GAAG;AACR,QAAA,GAAG,EAAE,GAAG;AACR,QAAA,GAAG,EAAE,SAAS;AACd,QAAA,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE;QACxB,KAAK;QACL,YAAY,EAAE,CAAS,MAAA,EAAA,OAAO,CAAE,CAAA;AAChC,QAAA,SAAS,EAAE,QAAQ;AACnB,QAAA,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI;AACvB,YAAA,eAAe,EAAE,EAAE;AACnB,YAAA,iBAAiB,EAAE,GAAG;AACtB,YAAA,iBAAiB,EAAE,IAAI;AACvB,YAAA,uBAAuB,EAAE,KAAK;AAC9B,YAAA,oBAAoB,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI;AACxC,SAAA;KACF,CAAC;;IAGF,IAAI,MAAM,EAAE;AACV,QAAA,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;KACxB;;AAGD,IAAA,MAAM,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;AACtC,IAAA,MAAM,OAAO,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;AACzC,IAAA,MAAM,YAAY,GAAG,CAAA,EAAG,MAAM,CAAI,CAAA,EAAA,OAAO,EAAE,CAAC;IAC5C,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;AACnE,IAAA,MAAM,eAAe,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;AAEnD,IAAA,MAAM,KAAK,GAAG,CAAA,EAAG,YAAY,CAAI,CAAA,EAAA,eAAe,EAAE,CAAC;IAEnD,OAAO;QACL,KAAK;AACL,QAAA,UAAU,EAAE,SAAS;KACtB,CAAC;AACJ,CAAC;AAED;;AAEG;AACI,eAAe,YAAY,CAAC,MAAyB,EAAA;IAC1D,MAAM,gBAAgB,GAAG,MAAM,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAC5E,MAAM,eAAe,GAAG,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;AAEzE,IAAA,IAAI,CAAC,gBAAgB,IAAI,CAAC,eAAe,EAAE;AACzC,QAAA,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;KACrB;AAED,IAAA,IAAI,cAA0B,CAAC;IAE/B,IAAI,eAAe,EAAE;;AAEnB,QAAA,cAAc,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC;AAC/C,QAAA,IAAI,cAAc,CAAC,MAAM,KAAK,EAAE,EAAE;YAChC,MAAM,IAAI,KAAK,CACb,CAAA,kDAAA,EAAqD,cAAc,CAAC,MAAM,CAAE,CAAA,CAC7E,CAAC;SACH;KACF;SAAM;;AAEL,QAAA,MAAM,eAAe,GAAG,YAAY,CAAC,gBAAiB,CAAC,CAAC;AACxD,QAAA,IAAI,eAAe,CAAC,MAAM,KAAK,EAAE,EAAE;YACjC,MAAM,IAAI,KAAK,CACb,CAAA,mDAAA,EAAsD,eAAe,CAAC,MAAM,CAAE,CAAA,CAC/E,CAAC;SACH;QACD,cAAc,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;KACnE;AAED,IAAA,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK;AACxB,SAAC,eAAe,GAAG,OAAO,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC,CAAC;IAE5D,OAAO;AACL,QAAA,IAAI,EAAE;AACJ,YAAA;AACE,gBAAA,GAAG,EAAE,KAAK;AACV,gBAAA,GAAG,EAAE,SAAS;AACd,gBAAA,GAAG,EAAE,KAAK;AACV,gBAAA,GAAG,EAAE,KAAK;AACV,gBAAA,GAAG,EAAE,OAAO;AACZ,gBAAA,CAAC,EAAE,eAAe,CAAC,cAAc,CAAC;AACnC,aAAA;AACF,SAAA;KACF,CAAC;AACJ,CAAC;AAiED;;AAEG;SACa,mBAAmB,GAAA;AACjC,IAAA,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;AACb,QAAA,MAAM,EAAE,SAAS;AACjB,QAAA,OAAO,EAAE,QAAQ;AAClB,KAAA,CAAC,EACF;AACE,QAAA,MAAM,EAAE,GAAG;AACX,QAAA,OAAO,EAAE;AACP,YAAA,cAAc,EAAE,kBAAkB;AACnC,SAAA;AACF,KAAA,CACF,CAAC;AACJ;;AC5XA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCG;AA2BH;;AAEG;AACa,SAAA,wBAAwB,CAAC,OAAA,GAAqC,EAAE,EAAA;IAC9E,MAAM,EAAE,QAAQ,GAAG,EAAE,EAAE,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC;;;IAI7C,OAAO,eAAe,UAAU,CAAC,GAAY,EAAE,GAAa,EAAE,IAAgB,EAAA;AAC5E,QAAA,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC;;AAG1B,QAAA,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,QAAQ,KAAK,CAAG,EAAA,QAAQ,CAAW,SAAA,CAAA,EAAE;AAChE,YAAA,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAA4B,CAAC;AAExD,YAAA,IAAI;AACF,gBAAA,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE;AAC1B,oBAAA,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;AACnB,wBAAA,KAAK,EAAE,6GAA6G;AACrH,qBAAA,CAAC,CAAC;oBACH,OAAO;iBACR;gBAED,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACtD,IAAI,CAAC,OAAO,EAAE;AACZ,oBAAA,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;AACnB,wBAAA,KAAK,EAAE,cAAc;AACtB,qBAAA,CAAC,CAAC;oBACH,OAAO;iBACR;AAED,gBAAA,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,IAAI,MAAM,EAAE,MAAM,CAAC,CAAC;AACnG,gBAAA,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACpB,OAAO;aACR;YAAC,OAAO,KAAK,EAAE;AACd,gBAAA,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;AACnB,oBAAA,KAAK,EAAE,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,sBAAsB;AACvE,iBAAA,CAAC,CAAC;gBACH,OAAO;aACR;SACF;;AAGD,QAAA,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,QAAQ,KAAK,CAAG,EAAA,QAAQ,CAAwB,sBAAA,CAAA,EAAE;AAC5E,YAAA,IAAI;AACF,gBAAA,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;AACxC,gBAAA,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACf,OAAO;aACR;YAAC,OAAO,KAAK,EAAE;AACd,gBAAA,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;AACnB,oBAAA,KAAK,EAAE,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,yBAAyB;AAC1E,iBAAA,CAAC,CAAC;gBACH,OAAO;aACR;SACF;;AAGD,QAAA,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,QAAQ,KAAK,CAAG,EAAA,QAAQ,CAAS,OAAA,CAAA,EAAE;AAC7D,YAAA,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAC;AACvC,YAAA,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;YACxD,OAAO;SACR;;AAGD,QAAA,IAAI,EAAE,CAAC;AACT,KAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;AAuBG;AACa,SAAA,oBAAoB,CAAC,OAAA,GAAqC,EAAE,EAAA;IAC1E,OAAO;AACL,QAAA,IAAI,EAAE,YAAY;AAClB,QAAA,eAAe,CAAC,MAA6E,EAAA;YAC3F,MAAM,CAAC,WAAW,CAAC,GAAG,CACpB,OAAO,CAAC,QAAQ,IAAI,YAAY,EAChC,wBAAwB,CAAC,EAAE,GAAG,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CACvD,CAAC;SACH;KACF,CAAC;AACJ,CAAC;AAED;;AAEG;AACa,SAAA,gBAAgB,CAC9B,IAAY,EACZ,KAAyB,EAAA;AAEzB,IAAA,IAAI,CAAC,KAAK;AAAE,QAAA,OAAO,IAAI,CAAC;AAExB,IAAA,MAAM,WAAW,GAAG,CAAA;;AAEW,+BAAA,EAAA,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;;GAEnD,CAAC;AAEF,IAAA,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAG,EAAA,WAAW,CAAS,OAAA,CAAA,CAAC,CAAC;KACzD;IAED,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAS,MAAA,EAAA,WAAW,CAAE,CAAA,CAAC,CAAC;AACxD;;;;"}