@wazobiatech/auth-middleware 1.0.0

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export * from './middlewares';
+export * from './nestjs/jwt-auth.module';
+export * from './nestjs/strategies/jwt-strategy';
+export * from './nestjs/guards/jwt-guard';
+export * from './nestjs/guards/project.guard';
+export * from './nestjs/decorators/auth.decorator';
+export * from './nestjs/decorators/current-user.decorator';
+export * from './types/jwt-payload';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAC;AAC9B,cAAc,0BAA0B,CAAC;AACzC,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,+BAA+B,CAAA;AAC7C,cAAc,oCAAoC,CAAC;AACnD,cAAc,4CAA4C,CAAC;AAC3D,cAAc,qBAAqB,CAAA"}

package/dist/index.js

@@ -0,0 +1,25 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./middlewares"), exports);
+__exportStar(require("./nestjs/jwt-auth.module"), exports);
+__exportStar(require("./nestjs/strategies/jwt-strategy"), exports);
+__exportStar(require("./nestjs/guards/jwt-guard"), exports);
+__exportStar(require("./nestjs/guards/project.guard"), exports);
+__exportStar(require("./nestjs/decorators/auth.decorator"), exports);
+__exportStar(require("./nestjs/decorators/current-user.decorator"), exports);
+__exportStar(require("./types/jwt-payload"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,gDAA8B;AAC9B,2DAAyC;AACzC,mEAAiD;AACjD,4DAA0C;AAC1C,gEAA6C;AAC7C,qEAAmD;AACnD,6EAA2D;AAC3D,sDAAmC"}

package/dist/middlewares/express.helper.d.ts

@@ -0,0 +1,4 @@
+import { NextFunction, Request, Response } from "express";
+export declare function projectAuthMiddleware(): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+export declare function jwtAuthMiddleware(): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+//# sourceMappingURL=express.helper.d.ts.map

package/dist/middlewares/express.helper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.helper.d.ts","sourceRoot":"","sources":["../../src/middlewares/express.helper.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAK1D,wBAAgB,qBAAqB,KAGrB,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBAQ9D;AAED,wBAAgB,iBAAiB,KAGjB,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBAQ9D"}

package/dist/middlewares/express.helper.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.projectAuthMiddleware = projectAuthMiddleware;
+exports.jwtAuthMiddleware = jwtAuthMiddleware;
+const project_guard_1 = require("./project.guard");
+const jwt_guard_1 = require("./jwt.guard");
+function projectAuthMiddleware() {
+    const authMiddleware = new project_guard_1.ProjectAuthMiddleware();
+    return async (req, res, next) => {
+        try {
+            await authMiddleware.authenticate(req);
+            next();
+        }
+        catch (error) {
+            res.status(401).json({ error: error.message });
+        }
+    };
+}
+function jwtAuthMiddleware() {
+    const authMiddleware = new jwt_guard_1.JwtAuthMiddleware();
+    return async (req, res, next) => {
+        try {
+            await authMiddleware.authenticate(req);
+            next();
+        }
+        catch (error) {
+            res.status(401).json({ error: error.message });
+        }
+    };
+}
+//# sourceMappingURL=express.helper.js.map

package/dist/middlewares/express.helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.helper.js","sourceRoot":"","sources":["../../src/middlewares/express.helper.ts"],"names":[],"mappings":";;AAKA,sDAWC;AAED,8CAWC;AA5BD,mDAAwD;AAExD,2CAAgD;AAEhD,SAAgB,qBAAqB;IACnC,MAAM,cAAc,GAAG,IAAI,qCAAqB,EAAE,CAAC;IAEnD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC/D,IAAI,CAAC;YACH,MAAM,cAAc,CAAC,YAAY,CAAC,GAA2B,CAAC,CAAC;YAC/D,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,iBAAiB;IAC/B,MAAM,cAAc,GAAG,IAAI,6BAAiB,EAAE,CAAC;IAE/C,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC/D,IAAI,CAAC;YACH,MAAM,cAAc,CAAC,YAAY,CAAC,GAA2B,CAAC,CAAC;YAC/D,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/middlewares/gql.helper.d.ts

@@ -0,0 +1,14 @@
+import { GraphQLResolveInfo } from "graphql";
+import { GqlContext } from "../types/jwt-payload";
+export declare class GraphQLAuthHelper {
+    private projectAuth;
+    private jwtAuth;
+    authenticateJwt(context: GqlContext): Promise<void>;
+    withProjectAuth<TParent, TArgs, TResult>(resolver: (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult> | TResult): (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult>;
+    withProjectAuthNoStrict<TParent, TArgs, TResult>(resolver: (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult> | TResult): (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult>;
+    withJwtAuth<TParent, TArgs, TResult>(resolver: (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult> | TResult): (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult>;
+    withJwtAuthNoStrict<TParent, TArgs, TResult>(resolver: (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult> | TResult): (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult>;
+    withCombinedAuth<TParent, TArgs, TResult>(resolver: (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult> | TResult): (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult>;
+    withCombinedAuthNoProjectStrict<TParent, TArgs, TResult>(resolver: (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult> | TResult): (parent: TParent, args: TArgs, context: GqlContext, info: GraphQLResolveInfo | null) => Promise<TResult>;
+}
+//# sourceMappingURL=gql.helper.d.ts.map

package/dist/middlewares/gql.helper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gql.helper.d.ts","sourceRoot":"","sources":["../../src/middlewares/gql.helper.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAKlD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,WAAW,CAA+B;IAClD,OAAO,CAAC,OAAO,CAA2B;IAEpC,eAAe,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAOzD,eAAe,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EACrC,QAAQ,EAAE,CACR,MAAM,EAAE,OAAO,EACf,IAAI,EAAE,KAAK,EACX,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE,kBAAkB,GAAG,IAAI,KAC5B,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,IAG7B,QAAQ,OAAO,EACf,MAAM,KAAK,EACX,SAAS,UAAU,EACnB,MAAM,kBAAkB,GAAG,IAAI,KAC9B,OAAO,CAAC,OAAO,CAAC;IAOrB,uBAAuB,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAC7C,QAAQ,EAAE,CACR,MAAM,EAAE,OAAO,EACf,IAAI,EAAE,KAAK,EACX,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE,kBAAkB,GAAG,IAAI,KAC5B,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,IAG7B,QAAQ,OAAO,EACf,MAAM,KAAK,EACX,SAAS,UAAU,EACnB,MAAM,kBAAkB,GAAG,IAAI,KAC9B,OAAO,CAAC,OAAO,CAAC;IAYrB,WAAW,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EACjC,QAAQ,EAAE,CACR,MAAM,EAAE,OAAO,EACf,IAAI,EAAE,KAAK,EACX,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE,kBAAkB,GAAG,IAAI,KAC5B,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,IAG7B,QAAQ,OAAO,EACf,MAAM,KAAK,EACX,SAAS,UAAU,EACnB,MAAM,kBAAkB,GAAG,IAAI,KAC9B,OAAO,CAAC,OAAO,CAAC;IAOrB,mBAAmB,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EACzC,QAAQ,EAAE,CACR,MAAM,EAAE,OAAO,EACf,IAAI,EAAE,KAAK,EACX,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE,kBAAkB,GAAG,IAAI,KAC5B,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,IAG7B,QAAQ,OAAO,EACf,MAAM,KAAK,EACX,SAAS,UAAU,EACnB,MAAM,kBAAkB,GAAG,IAAI,KAC9B,OAAO,CAAC,OAAO,CAAC;IAarB,gBAAgB,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EACtC,QAAQ,EAAE,CACR,MAAM,EAAE,OAAO,EACf,IAAI,EAAE,KAAK,EACX,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE,kBAAkB,GAAG,IAAI,KAC5B,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,IAG7B,QAAQ,OAAO,EACf,MAAM,KAAK,EACX,SAAS,UAAU,EACnB,MAAM,kBAAkB,GAAG,IAAI,KAC9B,OAAO,CAAC,OAAO,CAAC;IAQrB,+BAA+B,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EACrD,QAAQ,EAAE,CACR,MAAM,EAAE,OAAO,EACf,IAAI,EAAE,KAAK,EACX,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE,kBAAkB,GAAG,IAAI,KAC5B,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,IAG7B,QAAQ,OAAO,EACf,MAAM,KAAK,EACX,SAAS,UAAU,EACnB,MAAM,kBAAkB,GAAG,IAAI,KAC9B,OAAO,CAAC,OAAO,CAAC;CAetB"}

package/dist/middlewares/gql.helper.js

@@ -0,0 +1,82 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GraphQLAuthHelper = void 0;
+const jwt_guard_1 = require("./jwt.guard");
+const project_guard_1 = require("./project.guard");
+// GraphQL Middleware Helper (similar to your GqlMiddleware)
+class GraphQLAuthHelper {
+    constructor() {
+        this.projectAuth = new project_guard_1.ProjectAuthMiddleware();
+        this.jwtAuth = new jwt_guard_1.JwtAuthMiddleware();
+    }
+    async authenticateJwt(context) {
+        if (!context.req) {
+            throw new Error('Request context not available');
+        }
+        await this.jwtAuth.authenticate(context.req);
+    }
+    withProjectAuth(resolver) {
+        return async (parent, args, context, info) => {
+            await this.projectAuth.authenticate(context.req);
+            return resolver(parent, args, context, info);
+        };
+    }
+    // No Strict: Project optional (no JWT check)
+    withProjectAuthNoStrict(resolver) {
+        return async (parent, args, context, info) => {
+            // Project auth is optional - continues if fails
+            try {
+                await this.projectAuth.authenticate(context.req);
+            }
+            catch (error) {
+                console.warn('Project auth (optional):', error.message);
+            }
+            return resolver(parent, args, context, info);
+        };
+    }
+    withJwtAuth(resolver) {
+        return async (parent, args, context, info) => {
+            await this.authenticateJwt(context);
+            return resolver(parent, args, context, info);
+        };
+    }
+    // No Strict: JWT optional (no project check)
+    withJwtAuthNoStrict(resolver) {
+        return async (parent, args, context, info) => {
+            // JWT auth is optional - continues if fails
+            try {
+                await this.authenticateJwt(context);
+            }
+            catch (error) {
+                // Optional: Log for debugging
+                console.warn('JWT auth (optional):', error.message);
+            }
+            return resolver(parent, args, context, info);
+        };
+    }
+    withCombinedAuth(resolver) {
+        return async (parent, args, context, info) => {
+            await this.authenticateJwt(context);
+            await this.projectAuth.authenticate(context.req);
+            return resolver(parent, args, context, info);
+        };
+    }
+    // No Strict: JWT required, Project optional
+    withCombinedAuthNoProjectStrict(resolver) {
+        return async (parent, args, context, info) => {
+            // JWT is required
+            await this.authenticateJwt(context);
+            // Project auth is optional - continues if fails
+            try {
+                await this.projectAuth.authenticate(context.req);
+            }
+            catch (error) {
+                // Optional: Log for debugging
+                console.warn('Project auth (optional):', error.message);
+            }
+            return resolver(parent, args, context, info);
+        };
+    }
+}
+exports.GraphQLAuthHelper = GraphQLAuthHelper;
+//# sourceMappingURL=gql.helper.js.map

package/dist/middlewares/gql.helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gql.helper.js","sourceRoot":"","sources":["../../src/middlewares/gql.helper.ts"],"names":[],"mappings":";;;AAEA,2CAAgD;AAChD,mDAAwD;AAExD,4DAA4D;AAC5D,MAAa,iBAAiB;IAA9B;QACU,gBAAW,GAAG,IAAI,qCAAqB,EAAE,CAAC;QAC1C,YAAO,GAAG,IAAI,6BAAiB,EAAE,CAAC;IAqJ5C,CAAC;IAnJC,KAAK,CAAC,eAAe,CAAC,OAAmB;QACvC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED,eAAe,CACb,QAK+B;QAE/B,OAAO,KAAK,EACV,MAAe,EACf,IAAW,EACX,OAAmB,EACnB,IAA+B,EACb,EAAE;YACpB,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjD,OAAO,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QAC/C,CAAC,CAAC;IACJ,CAAC;IAED,6CAA6C;IAC7C,uBAAuB,CACrB,QAK+B;QAE/B,OAAO,KAAK,EACV,MAAe,EACf,IAAW,EACX,OAAmB,EACnB,IAA+B,EACb,EAAE;YACpB,gDAAgD;YAChD,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAC1D,CAAC;YAED,OAAO,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QAC/C,CAAC,CAAC;IACJ,CAAC;IAED,WAAW,CACT,QAK+B;QAE/B,OAAO,KAAK,EACV,MAAe,EACf,IAAW,EACX,OAAmB,EACnB,IAA+B,EACb,EAAE;YACpB,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YACpC,OAAO,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QAC/C,CAAC,CAAC;IACJ,CAAC;IAED,6CAA6C;IAC7C,mBAAmB,CACjB,QAK+B;QAE/B,OAAO,KAAK,EACV,MAAe,EACf,IAAW,EACX,OAAmB,EACnB,IAA+B,EACb,EAAE;YACpB,4CAA4C;YAC5C,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YACtC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,8BAA8B;gBAC9B,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YACtD,CAAC;YAED,OAAO,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QAC/C,CAAC,CAAC;IACJ,CAAC;IAED,gBAAgB,CACd,QAK+B;QAE/B,OAAO,KAAK,EACV,MAAe,EACf,IAAW,EACX,OAAmB,EACnB,IAA+B,EACb,EAAE;YACpB,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YACpC,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjD,OAAO,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QAC/C,CAAC,CAAC;IACJ,CAAC;IAED,4CAA4C;IAC5C,+BAA+B,CAC7B,QAK+B;QAE/B,OAAO,KAAK,EACV,MAAe,EACf,IAAW,EACX,OAAmB,EACnB,IAA+B,EACb,EAAE;YACpB,kBAAkB;YAClB,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAEpC,gDAAgD;YAChD,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,8BAA8B;gBAC9B,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAC1D,CAAC;YAED,OAAO,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QAC/C,CAAC,CAAC;IACJ,CAAC;CACF;AAvJD,8CAuJC"}

package/dist/middlewares/index.d.ts

@@ -0,0 +1,5 @@
+export { ProjectAuthMiddleware } from "./project.guard";
+export { JwtAuthMiddleware } from "./jwt.guard";
+export { GraphQLAuthHelper } from "./gql.helper";
+export { projectAuthMiddleware, jwtAuthMiddleware } from "./express.helper";
+//# sourceMappingURL=index.d.ts.map

package/dist/middlewares/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middlewares/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAA;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAChD,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA"}

package/dist/middlewares/index.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.jwtAuthMiddleware = exports.projectAuthMiddleware = exports.GraphQLAuthHelper = exports.JwtAuthMiddleware = exports.ProjectAuthMiddleware = void 0;
+var project_guard_1 = require("./project.guard");
+Object.defineProperty(exports, "ProjectAuthMiddleware", { enumerable: true, get: function () { return project_guard_1.ProjectAuthMiddleware; } });
+var jwt_guard_1 = require("./jwt.guard");
+Object.defineProperty(exports, "JwtAuthMiddleware", { enumerable: true, get: function () { return jwt_guard_1.JwtAuthMiddleware; } });
+var gql_helper_1 = require("./gql.helper");
+Object.defineProperty(exports, "GraphQLAuthHelper", { enumerable: true, get: function () { return gql_helper_1.GraphQLAuthHelper; } });
+var express_helper_1 = require("./express.helper");
+Object.defineProperty(exports, "projectAuthMiddleware", { enumerable: true, get: function () { return express_helper_1.projectAuthMiddleware; } });
+Object.defineProperty(exports, "jwtAuthMiddleware", { enumerable: true, get: function () { return express_helper_1.jwtAuthMiddleware; } });
+//# sourceMappingURL=index.js.map

package/dist/middlewares/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/middlewares/index.ts"],"names":[],"mappings":";;;AAAA,iDAAuD;AAA9C,sHAAA,qBAAqB,OAAA;AAC9B,yCAA+C;AAAtC,8GAAA,iBAAiB,OAAA;AAC1B,2CAAgD;AAAvC,+GAAA,iBAAiB,OAAA;AAC1B,mDAA2E;AAAlE,uHAAA,qBAAqB,OAAA;AAAE,mHAAA,iBAAiB,OAAA"}

package/dist/middlewares/jwt.guard.d.ts

@@ -0,0 +1,16 @@
+import { AuthenticatedRequest } from '../types/jwt-payload';
+export declare class JwtAuthMiddleware {
+    private expectedIssuer;
+    private jwksCache;
+    constructor();
+    authenticate(req: AuthenticatedRequest): Promise<void>;
+    private decodeJWTTokenForProjectUuid;
+    private getJwksUriAndPath;
+    private fetchJWKS;
+    private getSigningKey;
+    private createTokenCacheKey;
+    private cacheValidatedToken;
+    private getCachedToken;
+    private validate;
+}
+//# sourceMappingURL=jwt.guard.d.ts.map

package/dist/middlewares/jwt.guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.guard.d.ts","sourceRoot":"","sources":["../../src/middlewares/jwt.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EAGrB,MAAM,sBAAsB,CAAC;AAQ9B,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,SAAS,CAGH;;IAOR,YAAY,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IAyB5D,OAAO,CAAC,4BAA4B;IAuBpC,OAAO,CAAC,iBAAiB;YA2BX,SAAS;YAwET,aAAa;IA0D3B,OAAO,CAAC,mBAAmB;YAWb,mBAAmB;YAoBnB,cAAc;YAqCd,QAAQ;CA8EvB"}

package/dist/middlewares/jwt.guard.js

@@ -0,0 +1,336 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtAuthMiddleware = void 0;
+const redis_connection_1 = __importDefault(require("../utils/redis.connection"));
+const jsonwebtoken = __importStar(require("jsonwebtoken"));
+const crypto = __importStar(require("crypto"));
+const jose = __importStar(require("node-jose"));
+const axios_1 = __importDefault(require("axios"));
+// Advanced JWT Authentication with JWKS support
+class JwtAuthMiddleware {
+    constructor() {
+        this.jwksCache = new Map();
+        const domain = process.env.MERCURY_BASE_URL || 'http://localhost:4000';
+        this.expectedIssuer = domain;
+    }
+    async authenticate(req) {
+        const authHeader = req.headers.authorization;
+        if (!authHeader) {
+            throw new Error('No authorization header provided');
+        }
+        const token = authHeader.startsWith('Bearer ')
+            ? authHeader.slice(7)
+            : authHeader;
+        if (!token) {
+            throw new Error('No token provided');
+        }
+        try {
+            // Get signing key from JWKS
+            const publicKey = await this.getSigningKey(token);
+            // Validate token
+            const user = await this.validate(token, publicKey);
+            req.user = user;
+        }
+        catch (error) {
+            throw new Error(`Invalid JWT token: ${error.message}`);
+        }
+    }
+    decodeJWTTokenForProjectUuid(rawJwtToken) {
+        try {
+            const parts = rawJwtToken.split('.');
+            if (parts.length !== 3) {
+                return null;
+            }
+            const decoded = jsonwebtoken.decode(rawJwtToken);
+            if (!decoded) {
+                return null;
+            }
+            if (typeof decoded === 'object' && decoded !== null && 'project_uuid' in decoded) {
+                const projectUuid = decoded.project_uuid || null;
+                return projectUuid;
+            }
+            return null;
+        }
+        catch (error) {
+            return null;
+        }
+    }
+    getJwksUriAndPath(projectUuid) {
+        const domain = process.env.MERCURY_BASE_URL || 'http://localhost:4000';
+        console.log('JWKS Debug - MERCURY_BASE_URL:', domain);
+        console.log('JWKS Debug - projectUuid:', projectUuid);
+        let path;
+        if (projectUuid) {
+            path = `auth/projects/${projectUuid}/.well-known/jwks.json`;
+        }
+        else {
+            const defaultProjectUuid = process.env.NEXUS_ID;
+            if (!defaultProjectUuid) {
+                throw new Error('No project UUID found in token and no default project UUID configured');
+            }
+            path = `auth/projects/${defaultProjectUuid}/.well-known/jwks.json`;
+        }
+        const uri = `${domain}/${path}`;
+        console.log('JWKS Debug - Constructed URI:', uri);
+        return { uri, path };
+    }
+    async fetchJWKS(jwksUri, path) {
+        try {
+            const timestamp = Date.now().toString();
+            const signatureInput = 'GET' + `/${path}` + timestamp;
+            const sharedSecret = process.env.SIGNATURE_SHARED_SECRET || '';
+            const signature = crypto
+                .createHmac('sha256', sharedSecret)
+                .update(signatureInput)
+                .digest('hex');
+            const headers = {
+                Accept: 'application/json',
+                'User-Agent': 'Node-JWT-Strategy/1.0',
+                'X-Timestamp': timestamp,
+                'X-Signature': signature,
+            };
+            const response = await axios_1.default.get(jwksUri, {
+                timeout: 10000,
+                headers,
+            });
+            if (!response.data || !response.data.keys) {
+                throw new Error('Invalid JWKS response: missing keys');
+            }
+            let jwksData;
+            if (Array.isArray(response.data.keys)) {
+                jwksData = response.data;
+            }
+            else {
+                jwksData = {
+                    keys: [response.data.keys],
+                };
+            }
+            const keyStore = await jose.JWK.asKeyStore(jwksData);
+            return keyStore;
+        }
+        catch (error) {
+            if (axios_1.default.isAxiosError(error)) {
+                const axiosError = error;
+                if (axiosError.code === 'ENOTFOUND') {
+                    throw new Error('JWKS endpoint not reachable');
+                }
+                else if (axiosError.code === 'ETIMEDOUT') {
+                    throw new Error('JWKS endpoint timeout');
+                }
+                else if (axiosError.code === 'CERT_REQUIRED' ||
+                    axiosError.code === 'UNABLE_TO_GET_LOCAL_ISSUER_CERT') {
+                    throw new Error('Client certificate authentication failed');
+                }
+                else if (axiosError.response?.status) {
+                    throw new Error(`JWKS endpoint returned ${axiosError.response.status}: ${axiosError.response.statusText}`);
+                }
+                else {
+                    const message = axiosError.message || 'Unknown error';
+                    throw new Error(`Failed to fetch JWKS: ${message}`);
+                }
+            }
+            else {
+                const errorMessage = error instanceof Error ? error.message : String(error);
+                throw new Error(`Failed to fetch JWKS: ${errorMessage}`);
+            }
+        }
+    }
+    async getSigningKey(rawJwtToken) {
+        try {
+            const parts = rawJwtToken.split('.');
+            if (parts.length !== 3) {
+                throw new Error(`Invalid JWT format: expected 3 parts, got ${parts.length}`);
+            }
+            const headerBase64 = parts[0];
+            const headerJson = Buffer.from(headerBase64, 'base64').toString();
+            const header = JSON.parse(headerJson);
+            if (!header.kid) {
+                throw new Error('Missing key ID (kid) in token header');
+            }
+            const projectUuid = this.decodeJWTTokenForProjectUuid(rawJwtToken);
+            const { uri: jwksUri, path } = this.getJwksUriAndPath(projectUuid);
+            const cacheKey = projectUuid || 'default';
+            const cachedEntry = this.jwksCache.get(cacheKey);
+            let keyStore;
+            if (!cachedEntry || Date.now() > cachedEntry.expiry) {
+                keyStore = await this.fetchJWKS(jwksUri, path);
+                const expiryTime = Date.now() + 600000; // 10 minutes
+                this.jwksCache.set(cacheKey, {
+                    keyStore: keyStore,
+                    expiry: expiryTime,
+                });
+            }
+            else {
+                keyStore = cachedEntry.keyStore;
+            }
+            const key = keyStore.get(header.kid);
+            if (!key) {
+                throw new Error(`Key ${header.kid} not found in JWKS for project ${projectUuid || 'default'}`);
+            }
+            const publicKey = key.toPEM(false);
+            return publicKey;
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            throw new Error(`Unable to get signing key: ${errorMessage}`);
+        }
+    }
+    createTokenCacheKey(rawToken) {
+        const tokenHash = crypto
+            .createHash('sha256')
+            .update(rawToken)
+            .digest('hex')
+            .substring(0, 32);
+        const cacheKey = `validated_token:${tokenHash}`;
+        return cacheKey;
+    }
+    async cacheValidatedToken(payload, rawToken) {
+        try {
+            const redis = await redis_connection_1.default.getInstance();
+            const cacheExpiryTime = parseInt(process.env.CACHE_EXPIRY_TIME || '3600');
+            const cacheKey = this.createTokenCacheKey(rawToken);
+            const payloadString = JSON.stringify(payload);
+            await redis.set(cacheKey, payloadString, {
+                EX: cacheExpiryTime,
+            });
+        }
+        catch (error) {
+            console.warn('Failed to cache token:', error);
+        }
+    }
+    async getCachedToken(rawToken) {
+        try {
+            const redis = await redis_connection_1.default.getInstance();
+            const cacheKey = this.createTokenCacheKey(rawToken);
+            const cachedPayload = await redis.get(cacheKey);
+            if (cachedPayload && typeof cachedPayload === 'string') {
+                const payload = JSON.parse(cachedPayload);
+                // Validate cached payload structure
+                if (!payload.sub || !payload.sub.uuid || !payload.sub.email) {
+                    await redis.del(cacheKey);
+                    return null;
+                }
+                const now = Math.floor(Date.now() / 1000);
+                if (payload.exp && payload.exp < now) {
+                    await redis.del(cacheKey);
+                    return null;
+                }
+                return payload;
+            }
+            return null;
+        }
+        catch (error) {
+            try {
+                const cacheKey = this.createTokenCacheKey(rawToken);
+                const redis = await redis_connection_1.default.getInstance();
+                await redis.del(cacheKey);
+            }
+            catch (cleanupError) {
+                console.error('[JWT-DEBUG] Failed to cleanup corrupted cache entry:', cleanupError);
+            }
+            return null;
+        }
+    }
+    async validate(rawToken, publicKey) {
+        // Check cache first
+        const cachedPayload = await this.getCachedToken(rawToken);
+        if (cachedPayload) {
+            return {
+                uuid: cachedPayload.sub.uuid,
+                email: cachedPayload.sub.email,
+                name: cachedPayload.sub.name,
+            };
+        }
+        try {
+            // Verify the token using the public key
+            const verified = jsonwebtoken.verify(rawToken, publicKey, {
+                algorithms: ['RS512'],
+                ignoreExpiration: false,
+            });
+            if (typeof verified !== 'object' || verified === null) {
+                throw new Error('Invalid JWT payload');
+            }
+            const payload = verified;
+            // Validate the payload structure
+            if (!payload || !payload.sub || !payload.sub.uuid) {
+                throw new Error('Invalid JWT payload structure');
+            }
+            // Validate issuer
+            if (payload.iss !== this.expectedIssuer) {
+                throw new Error(`Invalid issuer. Expected: ${this.expectedIssuer}, Got: ${payload.iss}`);
+            }
+            // Validate timestamps
+            const now = Math.floor(Date.now() / 1000);
+            if (payload.exp && payload.exp < now) {
+                throw new Error('Token expired');
+            }
+            if (payload.nbf && payload.nbf > now) {
+                throw new Error('Token not yet valid');
+            }
+            // Check Redis for token revocation
+            if (payload.jti) {
+                try {
+                    const redis = await redis_connection_1.default.getInstance();
+                    const revocationKey = `revoked_token:${payload.jti}`;
+                    const isRevoked = await redis.get(revocationKey);
+                    if (isRevoked) {
+                        throw new Error('Token has been revoked');
+                    }
+                }
+                catch (error) {
+                    const errorMessage = error instanceof Error ? error.message : String(error);
+                    throw new Error(`Redis error: ${errorMessage}`);
+                }
+            }
+            // Cache the validated token
+            await this.cacheValidatedToken(payload, rawToken);
+            const authUser = {
+                uuid: payload.sub.uuid,
+                email: payload.sub.email,
+                name: payload.sub.name,
+            };
+            return authUser;
+        }
+        catch (error) {
+            throw new Error(`Token validation failed: ${error.message}`);
+        }
+    }
+}
+exports.JwtAuthMiddleware = JwtAuthMiddleware;
+//# sourceMappingURL=jwt.guard.js.map

package/dist/middlewares/jwt.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.guard.js","sourceRoot":"","sources":["../../src/middlewares/jwt.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,iFAA+D;AAC/D,2DAA6C;AAC7C,+CAAiC;AACjC,gDAAkC;AAClC,kDAA0C;AAE1C,gDAAgD;AAChD,MAAa,iBAAiB;IAO5B;QALQ,cAAS,GAGb,IAAI,GAAG,EAAE,CAAC;QAGZ,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,uBAAuB,CAAC;QACvE,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,GAAyB;QAC1C,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;YAC5C,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;YACrB,CAAC,CAAC,UAAU,CAAC;QAEf,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;QAED,IAAI,CAAC;YACH,4BAA4B;YAC5B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAClD,iBAAiB;YACjB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;YACnD,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;QAClB,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,sBAAsB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAEO,4BAA4B,CAAC,WAAmB;QACtD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACjD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,IAAI,cAAc,IAAI,OAAO,EAAE,CAAC;gBACjF,MAAM,WAAW,GAAI,OAAqC,CAAC,YAAY,IAAI,IAAI,CAAC;gBAChF,OAAO,WAAW,CAAC;YACrB,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,WAA0B;QAIlD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,uBAAuB,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,gCAAgC,EAAE,MAAM,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAE,WAAW,CAAC,CAAC;QACtD,IAAI,IAAY,CAAC;QAEjB,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,GAAG,iBAAiB,WAAW,wBAAwB,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;YAChD,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAC;YACJ,CAAC;YAED,IAAI,GAAG,iBAAiB,kBAAkB,wBAAwB,CAAC;QACrE,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;QAChC,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC;QAClD,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;IACvB,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,OAAe,EACf,IAAY;QAEZ,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;YACxC,MAAM,cAAc,GAAG,KAAK,GAAG,IAAI,IAAI,EAAE,GAAG,SAAS,CAAC;YACtD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE,CAAC;YAE/D,MAAM,SAAS,GAAG,MAAM;iBACrB,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC;iBAClC,MAAM,CAAC,cAAc,CAAC;iBACtB,MAAM,CAAC,KAAK,CAAC,CAAC;YAEjB,MAAM,OAAO,GAAG;gBACd,MAAM,EAAE,kBAAkB;gBAC1B,YAAY,EAAE,uBAAuB;gBACrC,aAAa,EAAE,SAAS;gBACxB,aAAa,EAAE,SAAS;aACzB,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,GAAG,CAE7B,OAAO,EAAE;gBACV,OAAO,EAAE,KAAK;gBACd,OAAO;aACR,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;YACzD,CAAC;YAED,IAAI,QAAkC,CAAC;YAEvC,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACtC,QAAQ,GAAG,QAAQ,CAAC,IAAgC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG;oBACT,IAAI,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;iBAC3B,CAAC;YACJ,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAErD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAI,eAAK,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,MAAM,UAAU,GAAG,KAAmB,CAAC;gBACvC,IAAI,UAAU,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBACpC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACjD,CAAC;qBAAM,IAAI,UAAU,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBAC3C,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;gBAC3C,CAAC;qBAAM,IACL,UAAU,CAAC,IAAI,KAAK,eAAe;oBACnC,UAAU,CAAC,IAAI,KAAK,iCAAiC,EACrD,CAAC;oBACD,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBAC9D,CAAC;qBAAM,IAAI,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;oBACvC,MAAM,IAAI,KAAK,CACb,0BAA0B,UAAU,CAAC,QAAQ,CAAC,MAAM,KAAK,UAAU,CAAC,QAAQ,CAAC,UAAU,EAAE,CAC1F,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,IAAI,eAAe,CAAC;oBACtD,MAAM,IAAI,KAAK,CAAC,yBAAyB,OAAO,EAAE,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC5E,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,WAAmB;QAC7C,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,6CAA6C,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;YAC/E,CAAC;YAOD,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAE9B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;YAElE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAc,CAAC;YACnD,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,4BAA4B,CAAC,WAAW,CAAC,CAAC;YACnE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;YAEnE,MAAM,QAAQ,GAAG,WAAW,IAAI,SAAS,CAAC;YAE1C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAEjD,IAAI,QAA2B,CAAC;YAEhC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC;gBACpD,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;gBAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,aAAa;gBAErD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE;oBAC3B,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,UAAU;iBACnB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;YAClC,CAAC;YAED,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAA6B,CAAC;YAEjE,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,MAAM,IAAI,KAAK,CACb,OAAO,MAAM,CAAC,GAAG,kCAAkC,WAAW,IAAI,SAAS,EAAE,CAC9E,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5E,MAAM,IAAI,KAAK,CAAC,8BAA8B,YAAY,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,QAAgB;QAC1C,MAAM,SAAS,GAAG,MAAM;aACrB,UAAU,CAAC,QAAQ,CAAC;aACpB,MAAM,CAAC,QAAQ,CAAC;aAChB,MAAM,CAAC,KAAK,CAAC;aACb,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEpB,MAAM,QAAQ,GAAG,mBAAmB,SAAS,EAAE,CAAC;QAChD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAC/B,OAAmB,EACnB,QAAgB;QAGhB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;YACzD,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,MAAM,CAAC,CAAC;YAE1E,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YACpD,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAE9C,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;gBACvC,EAAE,EAAE,eAAe;aACpB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,QAAgB;QAC3C,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;YACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YACpD,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAEhD,IAAI,aAAa,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;gBACvD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAe,CAAC;gBACxD,oCAAoC;gBACpC,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;oBAC5D,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBAC1B,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBAE1C,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;oBACrC,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBAC1B,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;gBACpD,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;gBACzD,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,YAAY,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CAAC,sDAAsD,EAAE,YAAY,CAAC,CAAC;YACtF,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,QAAQ,CACpB,QAAgB,EAChB,SAAiB;QAEjB,oBAAoB;QACpB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC1D,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO;gBACL,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,IAAI;gBAC5B,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK;gBAC9B,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,IAAI;aAC7B,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,wCAAwC;YACxC,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE;gBACxD,UAAU,EAAE,CAAC,OAAO,CAAC;gBACrB,gBAAgB,EAAE,KAAK;aACxB,CAAC,CAAC;YAEH,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;YAED,MAAM,OAAO,GAAG,QAAiC,CAAC;YAElD,iCAAiC;YACjC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;gBAClD,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;YAED,kBAAkB;YAClB,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,CAAC,cAAc,UAAU,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;YAC3F,CAAC;YAED,sBAAsB;YACtB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;gBACrC,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;YACnC,CAAC;YAED,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;gBACrC,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;YAED,mCAAmC;YACnC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;oBACzD,MAAM,aAAa,GAAG,iBAAiB,OAAO,CAAC,GAAG,EAAE,CAAC;oBACrD,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;oBAGjD,IAAI,SAAS,EAAE,CAAC;wBACd,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;oBAC5C,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAc,EAAE,CAAC;oBACxB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;oBAC5E,MAAM,IAAI,KAAK,CAAC,gBAAgB,YAAY,EAAE,CAAC,CAAC;gBAClD,CAAC;YACH,CAAC;YAED,4BAA4B;YAC5B,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAElD,MAAM,QAAQ,GAAG;gBACf,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI;gBACtB,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,KAAK;gBACxB,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI;aACvB,CAAC;YAEF,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;CACF;AA3WD,8CA2WC"}