@vonosan/auth 0.2.1

package/dist/lib/passkey.js

@@ -0,0 +1,401 @@
+/**
+ * ──────────────────────────────────────────────────────────────────
+ * 🏢 Company Name: Bonifade Technologies
+ * 👨‍💻 Developer: Bowofade Oyerinde
+ * 🐙 GitHub: oyenet1
+ * 📅 Created Date: 2026-04-05
+ * 🔄 Updated Date: 2026-04-05
+ * ──────────────────────────────────────────────────────────────────
+ */
+// ─── Challenge generation ─────────────────────────────────────────────────────
+const CHALLENGE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+/**
+ * Generate a cryptographically random challenge for WebAuthn.
+ * Returns a base64url-encoded 32-byte random value.
+ */
+export function generateChallenge() {
+    const bytes = crypto.getRandomValues(new Uint8Array(32));
+    return {
+        challenge: bufferToBase64url(bytes),
+        expiresAt: Date.now() + CHALLENGE_TTL_MS,
+    };
+}
+/**
+ * Build the PublicKeyCredentialCreationOptions for registration.
+ */
+export function buildRegistrationOptions(opts) {
+    return {
+        rp: { id: opts.rpId, name: opts.rpName },
+        user: {
+            id: opts.userId,
+            name: opts.userName,
+            displayName: opts.userDisplayName,
+        },
+        challenge: opts.challenge,
+        pubKeyCredParams: [
+            { alg: -7, type: 'public-key' }, // ES256 (ECDSA P-256)
+            { alg: -257, type: 'public-key' }, // RS256 (RSA PKCS1)
+        ],
+        timeout: opts.timeout ?? 60000,
+        attestation: opts.attestation ?? 'none',
+        authenticatorSelection: opts.authenticatorSelection ?? {
+            residentKey: 'preferred',
+            userVerification: 'preferred',
+        },
+        excludeCredentials: [],
+    };
+}
+/**
+ * Build the PublicKeyCredentialRequestOptions for authentication.
+ */
+export function buildAuthenticationOptions(opts) {
+    return {
+        rpId: opts.rpId,
+        challenge: opts.challenge,
+        timeout: opts.timeout ?? 60000,
+        userVerification: opts.userVerification ?? 'preferred',
+        allowCredentials: opts.allowCredentials ?? [],
+    };
+}
+// ─── Registration verification ───────────────────────────────────────────────
+/**
+ * Verify a WebAuthn registration response.
+ *
+ * Validates:
+ * - clientDataJSON type, origin, and challenge
+ * - attestationObject format (none attestation)
+ * - Extracts public key, sign count, AAGUID, and device type
+ *
+ * @throws Error if verification fails
+ */
+export async function verifyRegistration(response, expectedChallenge, expectedOrigin, expectedRpId) {
+    // 1. Decode and verify clientDataJSON
+    const clientData = decodeClientDataJSON(response.response.clientDataJSON);
+    if (clientData.type !== 'webauthn.create') {
+        throw new Error('Invalid clientData type for registration');
+    }
+    if (clientData.challenge !== expectedChallenge) {
+        throw new Error('Challenge mismatch');
+    }
+    if (clientData.origin !== expectedOrigin) {
+        throw new Error(`Origin mismatch: expected ${expectedOrigin}, got ${clientData.origin}`);
+    }
+    // 2. Decode attestationObject (CBOR — simplified for 'none' attestation)
+    const attestationBytes = base64urlToBuffer(response.response.attestationObject);
+    const attestation = decodeCBOR(attestationBytes);
+    if (!attestation || typeof attestation !== 'object') {
+        throw new Error('Failed to decode attestationObject');
+    }
+    const { fmt, authData } = attestation;
+    if (fmt !== 'none' && fmt !== 'packed') {
+        // For now we only support 'none' attestation (most common for passkeys)
+        // 'packed' is also common — we accept it but don't verify the attestation statement
+    }
+    // 3. Parse authenticatorData
+    const parsedAuthData = parseAuthenticatorData(authData);
+    // 4. Verify RP ID hash
+    const rpIdHash = await sha256(new TextEncoder().encode(expectedRpId));
+    if (!bufferEqual(parsedAuthData.rpIdHash, rpIdHash)) {
+        throw new Error('RP ID hash mismatch');
+    }
+    // 5. Check flags
+    const { flags } = parsedAuthData;
+    if (!(flags & 0x01))
+        throw new Error('User presence flag not set');
+    // 6. Extract credential data
+    if (!parsedAuthData.attestedCredentialData) {
+        throw new Error('No attested credential data in authenticatorData');
+    }
+    const { credentialId, publicKey, aaguid } = parsedAuthData.attestedCredentialData;
+    // 7. Determine device type from flags
+    const backedUp = !!(flags & 0x10);
+    const deviceType = !!(flags & 0x08) ? 'platform' : 'cross-platform';
+    return {
+        credentialId: bufferToBase64url(credentialId),
+        publicKey: bufferToBase64url(publicKey),
+        signCount: parsedAuthData.signCount,
+        aaguid: formatAaguid(aaguid),
+        deviceType,
+        backedUp,
+        transports: [],
+    };
+}
+// ─── Authentication verification ─────────────────────────────────────────────
+/**
+ * Verify a WebAuthn authentication response.
+ *
+ * Validates:
+ * - clientDataJSON type, origin, and challenge
+ * - authenticatorData RP ID hash and flags
+ * - Signature over authenticatorData + clientDataHash using stored public key
+ * - Sign count (replay attack prevention)
+ *
+ * @throws Error if verification fails
+ */
+export async function verifyAuthentication(response, expectedChallenge, expectedOrigin, expectedRpId, storedCredential) {
+    // 1. Verify clientDataJSON
+    const clientData = decodeClientDataJSON(response.response.clientDataJSON);
+    if (clientData.type !== 'webauthn.get') {
+        throw new Error('Invalid clientData type for authentication');
+    }
+    if (clientData.challenge !== expectedChallenge) {
+        throw new Error('Challenge mismatch');
+    }
+    if (clientData.origin !== expectedOrigin) {
+        throw new Error(`Origin mismatch: expected ${expectedOrigin}, got ${clientData.origin}`);
+    }
+    // 2. Parse authenticatorData
+    const authDataBytes = base64urlToBuffer(response.response.authenticatorData);
+    const parsedAuthData = parseAuthenticatorData(authDataBytes);
+    // 3. Verify RP ID hash
+    const rpIdHash = await sha256(new TextEncoder().encode(expectedRpId));
+    if (!bufferEqual(parsedAuthData.rpIdHash, rpIdHash)) {
+        throw new Error('RP ID hash mismatch');
+    }
+    // 4. Check user presence flag
+    if (!(parsedAuthData.flags & 0x01)) {
+        throw new Error('User presence flag not set');
+    }
+    const userVerified = !!(parsedAuthData.flags & 0x04);
+    // 5. Verify sign count (replay attack prevention)
+    if (parsedAuthData.signCount !== 0 &&
+        storedCredential.signCount !== 0 &&
+        parsedAuthData.signCount <= storedCredential.signCount) {
+        throw new Error(`Sign count mismatch — possible replay attack. ` +
+            `Stored: ${storedCredential.signCount}, received: ${parsedAuthData.signCount}`);
+    }
+    // 6. Verify signature
+    const clientDataHash = await sha256(base64urlToBuffer(response.response.clientDataJSON));
+    const signedData = concatBuffers(authDataBytes, clientDataHash);
+    const signature = base64urlToBuffer(response.response.signature);
+    const publicKeyBytes = base64urlToBuffer(storedCredential.publicKey);
+    const valid = await verifySignature(publicKeyBytes, signature, signedData);
+    if (!valid) {
+        throw new Error('Signature verification failed');
+    }
+    return {
+        credentialId: storedCredential.credentialId,
+        newSignCount: parsedAuthData.signCount,
+        userVerified,
+    };
+}
+// ─── Crypto helpers ───────────────────────────────────────────────────────────
+async function sha256(data) {
+    const hash = await crypto.subtle.digest('SHA-256', data);
+    return new Uint8Array(hash);
+}
+async function verifySignature(publicKeyBytes, signature, data) {
+    try {
+        // Import COSE-encoded public key
+        // COSE key for ES256: kty=2 (EC), alg=-7, crv=1 (P-256), x, y
+        const coseKey = decodeCBOR(publicKeyBytes);
+        if (!coseKey)
+            return false;
+        const kty = coseKey[1];
+        const alg = coseKey[3];
+        if (kty === 2 && alg === -7) {
+            // EC P-256 (ES256)
+            const x = coseKey[-2];
+            const y = coseKey[-3];
+            const jwk = {
+                kty: 'EC',
+                crv: 'P-256',
+                x: bufferToBase64url(x),
+                y: bufferToBase64url(y),
+            };
+            const key = await crypto.subtle.importKey('jwk', jwk, { name: 'ECDSA', namedCurve: 'P-256' }, false, ['verify']);
+            // Convert DER signature to raw r||s format
+            const rawSig = derToRaw(signature);
+            return crypto.subtle.verify({ name: 'ECDSA', hash: 'SHA-256' }, key, rawSig, data);
+        }
+        if (kty === 3 && alg === -257) {
+            // RSA PKCS1 (RS256)
+            const n = coseKey[-1];
+            const e = coseKey[-2];
+            const jwk = {
+                kty: 'RSA',
+                alg: 'RS256',
+                n: bufferToBase64url(n),
+                e: bufferToBase64url(e),
+            };
+            const key = await crypto.subtle.importKey('jwk', jwk, { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256' }, false, ['verify']);
+            return crypto.subtle.verify({ name: 'RSASSA-PKCS1-v1_5' }, key, signature, data);
+        }
+        return false;
+    }
+    catch {
+        return false;
+    }
+}
+// ─── Encoding helpers ─────────────────────────────────────────────────────────
+export function bufferToBase64url(buffer) {
+    let binary = '';
+    for (let i = 0; i < buffer.length; i++) {
+        binary += String.fromCharCode(buffer[i]);
+    }
+    return btoa(binary)
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=/g, '');
+}
+export function base64urlToBuffer(base64url) {
+    const base64 = base64url
+        .replace(/-/g, '+')
+        .replace(/_/g, '/')
+        .padEnd(base64url.length + ((4 - (base64url.length % 4)) % 4), '=');
+    const binary = atob(base64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+function bufferEqual(a, b) {
+    // Constant-time comparison to prevent timing attacks on RP ID hash checks
+    if (a.length !== b.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.length; i++) {
+        diff |= a[i] ^ b[i];
+    }
+    return diff === 0;
+}
+function concatBuffers(...buffers) {
+    const total = buffers.reduce((sum, b) => sum + b.length, 0);
+    const result = new Uint8Array(total);
+    let offset = 0;
+    for (const buf of buffers) {
+        result.set(buf, offset);
+        offset += buf.length;
+    }
+    return result;
+}
+// ─── CBOR decoder (minimal — handles WebAuthn subset) ────────────────────────
+function decodeCBOR(data) {
+    const view = new DataView(data.buffer, data.byteOffset, data.byteLength);
+    const [value] = decodeCBORValue(view, 0);
+    return value;
+}
+function decodeCBORValue(view, offset) {
+    const byte = view.getUint8(offset);
+    const majorType = (byte >> 5) & 0x07;
+    const additionalInfo = byte & 0x1f;
+    offset++;
+    let length;
+    if (additionalInfo < 24) {
+        length = additionalInfo;
+    }
+    else if (additionalInfo === 24) {
+        length = view.getUint8(offset++);
+    }
+    else if (additionalInfo === 25) {
+        length = view.getUint16(offset);
+        offset += 2;
+    }
+    else if (additionalInfo === 26) {
+        length = view.getUint32(offset);
+        offset += 4;
+    }
+    else {
+        length = 0;
+    }
+    switch (majorType) {
+        case 0: return [length, offset]; // unsigned int
+        case 1: return [-(length + 1), offset]; // negative int
+        case 2: { // byte string
+            const bytes = new Uint8Array(view.buffer, view.byteOffset + offset, length);
+            return [bytes, offset + length];
+        }
+        case 3: { // text string
+            const bytes = new Uint8Array(view.buffer, view.byteOffset + offset, length);
+            return [new TextDecoder().decode(bytes), offset + length];
+        }
+        case 4: { // array
+            const arr = [];
+            for (let i = 0; i < length; i++) {
+                const [val, newOffset] = decodeCBORValue(view, offset);
+                arr.push(val);
+                offset = newOffset;
+            }
+            return [arr, offset];
+        }
+        case 5: { // map
+            const map = {};
+            for (let i = 0; i < length; i++) {
+                const [key, o1] = decodeCBORValue(view, offset);
+                const [val, o2] = decodeCBORValue(view, o1);
+                map[key] = val;
+                offset = o2;
+            }
+            return [map, offset];
+        }
+        default: return [null, offset];
+    }
+}
+function parseAuthenticatorData(data) {
+    let offset = 0;
+    const rpIdHash = data.slice(offset, offset + 32);
+    offset += 32;
+    const flags = data[offset++];
+    const signCount = new DataView(data.buffer, data.byteOffset + offset, 4).getUint32(0);
+    offset += 4;
+    let attestedCredentialData;
+    // AT flag (bit 6) indicates attested credential data is present
+    if (flags & 0x40) {
+        const aaguid = data.slice(offset, offset + 16);
+        offset += 16;
+        const credIdLen = new DataView(data.buffer, data.byteOffset + offset, 2).getUint16(0);
+        offset += 2;
+        const credentialId = data.slice(offset, offset + credIdLen);
+        offset += credIdLen;
+        // Remaining bytes are the COSE-encoded public key
+        const publicKey = data.slice(offset);
+        attestedCredentialData = { aaguid, credentialId, publicKey };
+    }
+    return { rpIdHash, flags, signCount, attestedCredentialData };
+}
+// ─── clientDataJSON decoder ───────────────────────────────────────────────────
+function decodeClientDataJSON(base64url) {
+    const bytes = base64urlToBuffer(base64url);
+    const json = new TextDecoder().decode(bytes);
+    return JSON.parse(json);
+}
+// ─── DER → raw signature conversion ──────────────────────────────────────────
+function derToRaw(der) {
+    // DER SEQUENCE { INTEGER r, INTEGER s } → raw 64-byte r||s
+    if (der[0] !== 0x30)
+        return der; // not DER, return as-is
+    let offset = 2;
+    if (der[1] & 0x80)
+        offset += der[1] & 0x7f;
+    // r
+    offset++; // 0x02
+    let rLen = der[offset++];
+    if (rLen & 0x80) {
+        rLen = der[offset++];
+    }
+    const rStart = offset + (der[offset] === 0x00 ? 1 : 0);
+    const rEnd = offset + rLen;
+    const r = der.slice(rStart, rEnd);
+    offset = rEnd;
+    // s
+    offset++; // 0x02
+    let sLen = der[offset++];
+    if (sLen & 0x80) {
+        sLen = der[offset++];
+    }
+    const sStart = offset + (der[offset] === 0x00 ? 1 : 0);
+    const sEnd = offset + sLen;
+    const s = der.slice(sStart, sEnd);
+    // Pad to 32 bytes each
+    const raw = new Uint8Array(64);
+    raw.set(r, 32 - r.length);
+    raw.set(s, 64 - s.length);
+    return raw;
+}
+// ─── AAGUID formatter ─────────────────────────────────────────────────────────
+function formatAaguid(bytes) {
+    const hex = Array.from(bytes).map((b) => b.toString(16).padStart(2, '0')).join('');
+    return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
+}
+//# sourceMappingURL=passkey.js.map

package/dist/lib/passkey.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey.js","sourceRoot":"","sources":["../../src/lib/passkey.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAoGH,iFAAiF;AAEjF,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,YAAY;AAEnD;;;GAGG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;IACxD,OAAO;QACL,SAAS,EAAE,iBAAiB,CAAC,KAAK,CAAC;QACnC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB;KACzC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,IAAyB;IAChE,OAAO;QACL,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE;QACxC,IAAI,EAAE;YACJ,EAAE,EAAE,IAAI,CAAC,MAAM;YACf,IAAI,EAAE,IAAI,CAAC,QAAQ;YACnB,WAAW,EAAE,IAAI,CAAC,eAAe;SAClC;QACD,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,gBAAgB,EAAE;YAChB,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,EAAI,sBAAsB;YACzD,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,oBAAoB;SACxD;QACD,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,KAAK;QAC9B,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,MAAM;QACvC,sBAAsB,EAAE,IAAI,CAAC,sBAAsB,IAAI;YACrD,WAAW,EAAE,WAAW;YACxB,gBAAgB,EAAE,WAAW;SAC9B;QACD,kBAAkB,EAAE,EAAE;KACvB,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CAAC,IAA2B;IACpE,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,KAAK;QAC9B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,IAAI,WAAW;QACtD,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,IAAI,EAAE;KAC9C,CAAA;AACH,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,QAA8B,EAC9B,iBAAyB,EACzB,cAAsB,EACtB,YAAoB;IAEpB,sCAAsC;IACtC,MAAM,UAAU,GAAG,oBAAoB,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;IAEzE,IAAI,UAAU,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAC7D,CAAC;IACD,IAAI,UAAU,CAAC,SAAS,KAAK,iBAAiB,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;IACvC,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,6BAA6B,cAAc,SAAS,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;IAC1F,CAAC;IAED,yEAAyE;IACzE,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAA;IAC/E,MAAM,WAAW,GAAG,UAAU,CAAC,gBAAgB,CAAC,CAAA;IAEhD,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;IACvD,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,WAAoD,CAAA;IAE9E,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;QACvC,wEAAwE;QACxE,oFAAoF;IACtF,CAAC;IAED,6BAA6B;IAC7B,MAAM,cAAc,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAA;IAEvD,uBAAuB;IACvB,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IACrE,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;IACxC,CAAC;IAED,iBAAiB;IACjB,MAAM,EAAE,KAAK,EAAE,GAAG,cAAc,CAAA;IAChC,IAAI,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;IAElE,6BAA6B;IAC7B,IAAI,CAAC,cAAc,CAAC,sBAAsB,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;IACrE,CAAC;IAED,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,cAAc,CAAC,sBAAsB,CAAA;IAEjF,sCAAsC;IACtC,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,CAAA;IACjC,MAAM,UAAU,GACd,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,gBAAgB,CAAA;IAElD,OAAO;QACL,YAAY,EAAE,iBAAiB,CAAC,YAAY,CAAC;QAC7C,SAAS,EAAE,iBAAiB,CAAC,SAAS,CAAC;QACvC,SAAS,EAAE,cAAc,CAAC,SAAS;QACnC,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC;QAC5B,UAAU;QACV,QAAQ;QACR,UAAU,EAAE,EAAE;KACf,CAAA;AACH,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,QAAgC,EAChC,iBAAyB,EACzB,cAAsB,EACtB,YAAoB,EACpB,gBAAmC;IAEnC,2BAA2B;IAC3B,MAAM,UAAU,GAAG,oBAAoB,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;IAEzE,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;IAC/D,CAAC;IACD,IAAI,UAAU,CAAC,SAAS,KAAK,iBAAiB,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;IACvC,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,6BAA6B,cAAc,SAAS,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;IAC1F,CAAC;IAED,6BAA6B;IAC7B,MAAM,aAAa,GAAG,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAA;IAC5E,MAAM,cAAc,GAAG,sBAAsB,CAAC,aAAa,CAAC,CAAA;IAE5D,uBAAuB;IACvB,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IACrE,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;IACxC,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK,GAAG,IAAI,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;IAC/C,CAAC;IAED,MAAM,YAAY,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,GAAG,IAAI,CAAC,CAAA;IAEpD,kDAAkD;IAClD,IACE,cAAc,CAAC,SAAS,KAAK,CAAC;QAC9B,gBAAgB,CAAC,SAAS,KAAK,CAAC;QAChC,cAAc,CAAC,SAAS,IAAI,gBAAgB,CAAC,SAAS,EACtD,CAAC;QACD,MAAM,IAAI,KAAK,CACb,gDAAgD;YAChD,WAAW,gBAAgB,CAAC,SAAS,eAAe,cAAc,CAAC,SAAS,EAAE,CAC/E,CAAA;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAA;IACxF,MAAM,UAAU,GAAG,aAAa,CAAC,aAAa,EAAE,cAAc,CAAC,CAAA;IAC/D,MAAM,SAAS,GAAG,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;IAChE,MAAM,cAAc,GAAG,iBAAiB,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;IAEpE,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,SAAS,EAAE,UAAU,CAAC,CAAA;IAC1E,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,OAAO;QACL,YAAY,EAAE,gBAAgB,CAAC,YAAY;QAC3C,YAAY,EAAE,cAAc,CAAC,SAAS;QACtC,YAAY;KACb,CAAA;AACH,CAAC;AAED,iFAAiF;AAEjF,KAAK,UAAU,MAAM,CAAC,IAAgB;IACpC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;IACxD,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,CAAA;AAC7B,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,cAA0B,EAC1B,SAAqB,EACrB,IAAgB;IAEhB,IAAI,CAAC;QACH,iCAAiC;QACjC,8DAA8D;QAC9D,MAAM,OAAO,GAAG,UAAU,CAAC,cAAc,CAA4B,CAAA;QAErE,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAA;QAE1B,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAW,CAAA;QAChC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAW,CAAA;QAEhC,IAAI,GAAG,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;YAC5B,mBAAmB;YACnB,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAe,CAAA;YACnC,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAe,CAAA;YAEnC,MAAM,GAAG,GAAG;gBACV,GAAG,EAAE,IAAI;gBACT,GAAG,EAAE,OAAO;gBACZ,CAAC,EAAE,iBAAiB,CAAC,CAAC,CAAC;gBACvB,CAAC,EAAE,iBAAiB,CAAC,CAAC,CAAC;aACxB,CAAA;YAED,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EAAE,GAAG,EACV,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EACtC,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAA;YAED,2CAA2C;YAC3C,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAA;YAElC,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CACzB,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAClC,GAAG,EACH,MAAM,EACN,IAAI,CACL,CAAA;QACH,CAAC;QAED,IAAI,GAAG,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;YAC9B,oBAAoB;YACpB,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAe,CAAA;YACnC,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAe,CAAA;YAEnC,MAAM,GAAG,GAAG;gBACV,GAAG,EAAE,KAAK;gBACV,GAAG,EAAE,OAAO;gBACZ,CAAC,EAAE,iBAAiB,CAAC,CAAC,CAAC;gBACvB,CAAC,EAAE,iBAAiB,CAAC,CAAC,CAAC;aACxB,CAAA;YAED,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EAAE,GAAG,EACV,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,EAC9C,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAA;YAED,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CACzB,EAAE,IAAI,EAAE,mBAAmB,EAAE,EAC7B,GAAG,EACH,SAAS,EACT,IAAI,CACL,CAAA;QACH,CAAC;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,iFAAiF;AAEjF,MAAM,UAAU,iBAAiB,CAAC,MAAkB;IAClD,IAAI,MAAM,GAAG,EAAE,CAAA;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;IAC1C,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC;SAChB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;AACtB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,MAAM,MAAM,GAAG,SAAS;SACrB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IACrE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAA;IAC3B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;IACjC,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,WAAW,CAAC,CAAa,EAAE,CAAa;IAC/C,0EAA0E;IAC1E,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IACvC,IAAI,IAAI,GAAG,CAAC,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;IACrB,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAA;AACnB,CAAC;AAED,SAAS,aAAa,CAAC,GAAG,OAAqB;IAC7C,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;IAC3D,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,IAAI,MAAM,GAAG,CAAC,CAAA;IACd,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;QACvB,MAAM,IAAI,GAAG,CAAC,MAAM,CAAA;IACtB,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,gFAAgF;AAEhF,SAAS,UAAU,CAAC,IAAgB;IAClC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;IACxE,MAAM,CAAC,KAAK,CAAC,GAAG,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;IACxC,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,eAAe,CAAC,IAAc,EAAE,MAAc;IACrD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;IAClC,MAAM,SAAS,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,CAAA;IACpC,MAAM,cAAc,GAAG,IAAI,GAAG,IAAI,CAAA;IAClC,MAAM,EAAE,CAAA;IAER,IAAI,MAAc,CAAA;IAClB,IAAI,cAAc,GAAG,EAAE,EAAE,CAAC;QACxB,MAAM,GAAG,cAAc,CAAA;IACzB,CAAC;SAAM,IAAI,cAAc,KAAK,EAAE,EAAE,CAAC;QACjC,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;IAClC,CAAC;SAAM,IAAI,cAAc,KAAK,EAAE,EAAE,CAAC;QACjC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;QAC/B,MAAM,IAAI,CAAC,CAAA;IACb,CAAC;SAAM,IAAI,cAAc,KAAK,EAAE,EAAE,CAAC;QACjC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;QAC/B,MAAM,IAAI,CAAC,CAAA;IACb,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,CAAC,CAAA;IACZ,CAAC;IAED,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA,CAA0B,eAAe;QACxE,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA,CAAkB,eAAe;QACvE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAgD,cAAc;YACrE,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,GAAG,MAAM,EAAE,MAAM,CAAC,CAAA;YAC3E,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,CAAA;QACjC,CAAC;QACD,KAAK,CAAC,CAAC,CAAC,CAAC,CAAgD,cAAc;YACrE,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,GAAG,MAAM,EAAE,MAAM,CAAC,CAAA;YAC3E,OAAO,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,CAAA;QAC3D,CAAC;QACD,KAAK,CAAC,CAAC,CAAC,CAAC,CAAgD,QAAQ;YAC/D,MAAM,GAAG,GAAc,EAAE,CAAA;YACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAChC,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;gBACtD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACb,MAAM,GAAG,SAAS,CAAA;YACpB,CAAC;YACD,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;QACtB,CAAC;QACD,KAAK,CAAC,CAAC,CAAC,CAAC,CAAgD,MAAM;YAC7D,MAAM,GAAG,GAAqC,EAAE,CAAA;YAChD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAChC,MAAM,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;gBAC/C,MAAM,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,eAAe,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;gBAC3C,GAAG,CAAC,GAAsB,CAAC,GAAG,GAAG,CAAA;gBACjC,MAAM,GAAG,EAAE,CAAA;YACb,CAAC;YACD,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;QACtB,CAAC;QACD,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAChC,CAAC;AACH,CAAC;AAeD,SAAS,sBAAsB,CAAC,IAAgB;IAC9C,IAAI,MAAM,GAAG,CAAC,CAAA;IAEd,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,EAAE,CAAC,CAAA;IAChD,MAAM,IAAI,EAAE,CAAA;IAEZ,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAA;IAC5B,MAAM,SAAS,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IACrF,MAAM,IAAI,CAAC,CAAA;IAEX,IAAI,sBAAgE,CAAA;IAEpE,gEAAgE;IAChE,IAAI,KAAK,GAAG,IAAI,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,EAAE,CAAC,CAAA;QAC9C,MAAM,IAAI,EAAE,CAAA;QAEZ,MAAM,SAAS,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QACrF,MAAM,IAAI,CAAC,CAAA;QAEX,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;QAC3D,MAAM,IAAI,SAAS,CAAA;QAEnB,kDAAkD;QAClD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAEpC,sBAAsB,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,CAAA;IAC9D,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,sBAAsB,EAAE,CAAA;AAC/D,CAAC;AAED,iFAAiF;AAEjF,SAAS,oBAAoB,CAAC,SAAiB;IAM7C,MAAM,KAAK,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAA;IAC1C,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC;AAED,gFAAgF;AAEhF,SAAS,QAAQ,CAAC,GAAe;IAC/B,2DAA2D;IAC3D,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,OAAO,GAAG,CAAA,CAAC,wBAAwB;IAExD,IAAI,MAAM,GAAG,CAAC,CAAA;IACd,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI;QAAE,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAA;IAE1C,IAAI;IACJ,MAAM,EAAE,CAAA,CAAC,OAAO;IAChB,IAAI,IAAI,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IACxB,IAAI,IAAI,GAAG,IAAI,EAAE,CAAC;QAAC,IAAI,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IAAC,CAAC;IACzC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtD,MAAM,IAAI,GAAG,MAAM,GAAG,IAAI,CAAA;IAC1B,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACjC,MAAM,GAAG,IAAI,CAAA;IAEb,IAAI;IACJ,MAAM,EAAE,CAAA,CAAC,OAAO;IAChB,IAAI,IAAI,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IACxB,IAAI,IAAI,GAAG,IAAI,EAAE,CAAC;QAAC,IAAI,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IAAC,CAAC;IACzC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtD,MAAM,IAAI,GAAG,MAAM,GAAG,IAAI,CAAA;IAC1B,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IAEjC,uBAAuB;IACvB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA;IAC9B,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;IACzB,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;IACzB,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,iFAAiF;AAEjF,SAAS,YAAY,CAAC,KAAiB;IACrC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAClF,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAA;AAC5G,CAAC"}

package/dist/lib/password.d.ts

@@ -0,0 +1,20 @@
+/**
+ * ──────────────────────────────────────────────────────────────────
+ * 🏢 Company Name: Bonifade Technologies
+ * 👨‍💻 Developer: Bowofade Oyerinde
+ * 🐙 GitHub: oyenet1
+ * 📅 Created Date: 2026-04-05
+ * 🔄 Updated Date: 2026-04-05
+ * ──────────────────────────────────────────────────────────────────
+ */
+/**
+ * `hashPassword(password)` — derives a PBKDF2 hash from a plaintext password.
+ * Returns a `salt:hash` string safe to store in the database.
+ */
+export declare function hashPassword(password: string): Promise<string>;
+/**
+ * `verifyPassword(password, storedHash)` — timing-safe comparison.
+ * Returns true if the password matches the stored `salt:hash`.
+ */
+export declare function verifyPassword(password: string, storedHash: string): Promise<boolean>;
+//# sourceMappingURL=password.d.ts.map

package/dist/lib/password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../src/lib/password.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAiCH;;;GAGG;AACH,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAwBpE;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,OAAO,CAAC,CAkClB"}

package/dist/lib/password.js

@@ -0,0 +1,77 @@
+/**
+ * ──────────────────────────────────────────────────────────────────
+ * 🏢 Company Name: Bonifade Technologies
+ * 👨‍💻 Developer: Bowofade Oyerinde
+ * 🐙 GitHub: oyenet1
+ * 📅 Created Date: 2026-04-05
+ * 🔄 Updated Date: 2026-04-05
+ * ──────────────────────────────────────────────────────────────────
+ */
+/**
+ * Password hashing via PBKDF2 using the Web Crypto API.
+ *
+ * Compatible with Cloudflare Workers, Bun, Node.js (18+), and Deno.
+ * No native addons required.
+ *
+ * Format: `<hex-salt>:<hex-hash>`
+ */
+const ITERATIONS = 100_000;
+const KEY_LENGTH = 32; // bytes → 256-bit
+const DIGEST = 'SHA-256';
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+function toHex(buffer) {
+    return Array.from(new Uint8Array(buffer))
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+function fromHex(hex) {
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < hex.length; i += 2) {
+        bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+    }
+    return bytes;
+}
+// ─── Public API ───────────────────────────────────────────────────────────────
+/**
+ * `hashPassword(password)` — derives a PBKDF2 hash from a plaintext password.
+ * Returns a `salt:hash` string safe to store in the database.
+ */
+export async function hashPassword(password) {
+    const saltBytes = crypto.getRandomValues(new Uint8Array(16));
+    const salt = toHex(saltBytes.buffer);
+    const keyMaterial = await crypto.subtle.importKey('raw', new TextEncoder().encode(password), 'PBKDF2', false, ['deriveBits']);
+    const hashBuffer = await crypto.subtle.deriveBits({
+        name: 'PBKDF2',
+        salt: saltBytes,
+        iterations: ITERATIONS,
+        hash: DIGEST,
+    }, keyMaterial, KEY_LENGTH * 8);
+    return `${salt}:${toHex(hashBuffer)}`;
+}
+/**
+ * `verifyPassword(password, storedHash)` — timing-safe comparison.
+ * Returns true if the password matches the stored `salt:hash`.
+ */
+export async function verifyPassword(password, storedHash) {
+    const [saltHex, hashHex] = storedHash.split(':');
+    if (!saltHex || !hashHex)
+        return false;
+    const saltBytes = fromHex(saltHex);
+    const keyMaterial = await crypto.subtle.importKey('raw', new TextEncoder().encode(password), 'PBKDF2', false, ['deriveBits']);
+    const hashBuffer = await crypto.subtle.deriveBits({
+        name: 'PBKDF2',
+        salt: saltBytes,
+        iterations: ITERATIONS,
+        hash: DIGEST,
+    }, keyMaterial, KEY_LENGTH * 8);
+    const candidateHex = toHex(hashBuffer);
+    // Timing-safe comparison — compare byte-by-byte without short-circuiting
+    if (candidateHex.length !== hashHex.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < candidateHex.length; i++) {
+        diff |= candidateHex.charCodeAt(i) ^ hashHex.charCodeAt(i);
+    }
+    return diff === 0;
+}
+//# sourceMappingURL=password.js.map

package/dist/lib/password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.js","sourceRoot":"","sources":["../../src/lib/password.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;;;;;GAOG;AAEH,MAAM,UAAU,GAAG,OAAO,CAAA;AAC1B,MAAM,UAAU,GAAG,EAAE,CAAA,CAAC,kBAAkB;AACxC,MAAM,MAAM,GAAG,SAAS,CAAA;AAExB,gFAAgF;AAEhF,SAAS,KAAK,CAAC,MAAmB;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;SACtC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAA;AACb,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IAC1B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IAClD,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,iFAAiF;AAEjF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB;IACjD,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;IAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;IAEpC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/C,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAClC,QAAQ,EACR,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAA;IAED,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAC/C;QACE,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,SAAS;QACf,UAAU,EAAE,UAAU;QACtB,IAAI,EAAE,MAAM;KACb,EACD,WAAW,EACX,UAAU,GAAG,CAAC,CACf,CAAA;IAED,OAAO,GAAG,IAAI,IAAI,KAAK,CAAC,UAAU,CAAC,EAAE,CAAA;AACvC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,UAAkB;IAElB,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAChD,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAA;IAEtC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAElC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/C,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAClC,QAAQ,EACR,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAA;IAED,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAC/C;QACE,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,SAAS;QACf,UAAU,EAAE,UAAU;QACtB,IAAI,EAAE,MAAM;KACb,EACD,WAAW,EACX,UAAU,GAAG,CAAC,CACf,CAAA;IAED,MAAM,YAAY,GAAG,KAAK,CAAC,UAAU,CAAC,CAAA;IAEtC,yEAAyE;IACzE,IAAI,YAAY,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IACxD,IAAI,IAAI,GAAG,CAAC,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7C,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;IAC5D,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAA;AACnB,CAAC"}

package/dist/middleware/auth.middleware.d.ts

@@ -0,0 +1,50 @@
+/**
+ * ──────────────────────────────────────────────────────────────────
+ * 🏢 Company Name: Bonifade Technologies
+ * 👨‍💻 Developer: Bowofade Oyerinde
+ * 🐙 GitHub: oyenet1
+ * 📅 Created Date: 2026-04-05
+ * 🔄 Updated Date: 2026-04-05
+ * ──────────────────────────────────────────────────────────────────
+ */
+import type { AppVariables, AuthAccount } from 'vonosan/types';
+type AuthVariables = AppVariables & {
+    account: AuthAccount;
+};
+/**
+ * `authMiddleware` — verifies the Bearer JWT, loads the account from DB,
+ * and sets `c.var.account`. Returns 401 on missing/invalid token.
+ */
+export declare const authMiddleware: import("hono").MiddlewareHandler<{
+    Variables: AuthVariables;
+}, string, {}>;
+/**
+ * `optionalAuthMiddleware` — silently continues as guest on invalid/missing token.
+ * Does not set `c.var.account` if authentication fails.
+ */
+export declare const optionalAuthMiddleware: import("hono").MiddlewareHandler<{
+    Variables: AppVariables;
+}, string, {}>;
+/**
+ * `isAdmin` — 403 if the authenticated user is not admin or superadmin.
+ * Must be used after `authMiddleware`.
+ */
+export declare const isAdmin: import("hono").MiddlewareHandler<{
+    Variables: AuthVariables;
+}, string, {}>;
+/**
+ * `isSuperAdmin` — 403 if the authenticated user is not superadmin.
+ * Must be used after `authMiddleware`.
+ */
+export declare const isSuperAdmin: import("hono").MiddlewareHandler<{
+    Variables: AuthVariables;
+}, string, {}>;
+/**
+ * `apiKeyOrJwtMiddleware` — accepts either a Bearer JWT or a `vono_*` API key.
+ * Sets `c.var.account` on success; returns 401 on failure.
+ */
+export declare const apiKeyOrJwtMiddleware: import("hono").MiddlewareHandler<{
+    Variables: AuthVariables;
+}, string, {}>;
+export {};
+//# sourceMappingURL=auth.middleware.d.ts.map

package/dist/middleware/auth.middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/auth.middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,eAAe,CAAA;AAS9D,KAAK,aAAa,GAAG,YAAY,GAAG;IAAE,OAAO,EAAE,WAAW,CAAA;CAAE,CAAA;AAK5D;;;GAGG;AACH,eAAO,MAAM,cAAc;eAAiC,aAAa;cAwCxE,CAAA;AAID;;;GAGG;AACH,eAAO,MAAM,sBAAsB;eAAiC,YAAY;cAyC/E,CAAA;AAID;;;GAGG;AACH,eAAO,MAAM,OAAO;eAAiC,aAAa;cAShE,CAAA;AAEF;;;GAGG;AACH,eAAO,MAAM,YAAY;eAAiC,aAAa;cAWtE,CAAA;AAID;;;GAGG;AACH,eAAO,MAAM,qBAAqB;eAAiC,aAAa;cAoF/E,CAAA"}