@xbg.solutions/utils-token-handler 1.0.0

package/lib/generic-token-handler.js

@@ -0,0 +1,176 @@
+"use strict";
+/**
+ * Generic Token Handler
+ * Platform-agnostic token handling with configurable auth providers
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenHandler = void 0;
+exports.createTokenHandler = createTokenHandler;
+const token_types_1 = require("./token-types");
+const token_blacklist_manager_1 = require("./token-blacklist-manager");
+class TokenHandler {
+    constructor(config, adapter) {
+        this.config = config;
+        this.adapter = adapter;
+        this.blacklistManager = new token_blacklist_manager_1.TokenBlacklistManager(this.config.database, this.config.blacklist);
+    }
+    /**
+     * Verify and unpack raw token string
+     * Returns normalized token if valid, or error details if invalid
+     */
+    async verifyAndUnpack(rawToken, logger) {
+        logger.debug('TokenHandler: Starting token verification');
+        try {
+            // Step 1: Verify token with auth provider
+            const providerToken = await this.adapter.verifyToken(rawToken, logger);
+            logger.debug('TokenHandler: Token verified by provider', {
+                authUID: this.extractAuthUID(providerToken)
+            });
+            // Step 2: Check if token is individually blacklisted
+            const tokenIdentifier = await this.adapter.getTokenIdentifier(rawToken);
+            const isIndividuallyBlacklisted = await this.blacklistManager.isBlacklisted(tokenIdentifier, logger);
+            if (isIndividuallyBlacklisted) {
+                logger.warn('TokenHandler: Token is individually blacklisted', {
+                    authUID: this.extractAuthUID(providerToken)
+                });
+                return {
+                    isValid: false,
+                    isBlacklisted: true,
+                    token: null,
+                    error: token_types_1.TokenVerificationError.BLACKLISTED
+                };
+            }
+            // Step 3: Check if user has global token revocation
+            const authUID = this.extractAuthUID(providerToken);
+            const revocationTime = await this.blacklistManager.getUserTokenRevocationTime(authUID, logger);
+            if (revocationTime) {
+                const tokenIssuedAt = this.extractIssuedAt(providerToken);
+                const tokenIssuedDate = new Date(tokenIssuedAt * 1000);
+                if (tokenIssuedDate < revocationTime) {
+                    logger.warn('TokenHandler: Token issued before global revocation', {
+                        authUID,
+                        tokenIssuedAt: tokenIssuedDate,
+                        // Don't log revocation time for privacy
+                    });
+                    return {
+                        isValid: false,
+                        isBlacklisted: true,
+                        token: null,
+                        error: token_types_1.TokenVerificationError.BLACKLISTED
+                    };
+                }
+            }
+            // Step 4: Normalize token to platform-agnostic structure
+            const normalizedToken = this.adapter.normalizeToken(providerToken, this.config.customClaims);
+            logger.debug('TokenHandler: Token verified and normalized', {
+                authUID: normalizedToken.authUID,
+                userUID: normalizedToken.userUID,
+                issuer: normalizedToken.issuer
+            });
+            return {
+                isValid: true,
+                isBlacklisted: false,
+                token: normalizedToken,
+                error: null
+            };
+        }
+        catch (error) {
+            logger.warn('TokenHandler: Token verification failed', {
+                error: error.message
+            });
+            // Map provider errors to our error types
+            const verificationError = this.adapter.mapProviderError(error);
+            return {
+                isValid: false,
+                isBlacklisted: false,
+                token: null,
+                error: verificationError
+            };
+        }
+    }
+    /**
+     * Generate token identifier for blacklist lookup
+     */
+    async getTokenIdentifier(rawToken) {
+        return this.adapter.getTokenIdentifier(rawToken);
+    }
+    /**
+     * Sync custom claims to auth provider
+     */
+    async syncCustomClaims(authUID, claims, logger) {
+        logger.debug('TokenHandler: Syncing custom claims', {
+            authUID,
+            provider: this.config.provider.type
+        });
+        await this.adapter.syncCustomClaims(authUID, claims, logger);
+    }
+    /**
+     * Revoke all tokens for a user at provider level
+     */
+    async revokeUserTokens(authUID, logger) {
+        logger.info('TokenHandler: Revoking user tokens at provider level', {
+            authUID,
+            provider: this.config.provider.type
+        });
+        return this.adapter.revokeUserTokens(authUID, logger);
+    }
+    /**
+     * Blacklist individual token
+     */
+    async blacklistToken(tokenIdentifier, authUID, reason, tokenExpiresAt, blacklistedBy, logger) {
+        return this.blacklistManager.blacklistToken(tokenIdentifier, authUID, reason, tokenExpiresAt, blacklistedBy, logger);
+    }
+    /**
+     * Blacklist all tokens for a user (global revocation)
+     */
+    async blacklistAllUserTokens(authUID, reason, blacklistedBy, logger) {
+        return this.blacklistManager.blacklistAllUserTokens(authUID, reason, blacklistedBy, logger);
+    }
+    /**
+     * Check if token is blacklisted
+     */
+    async isTokenBlacklisted(tokenIdentifier, logger) {
+        return this.blacklistManager.isBlacklisted(tokenIdentifier, logger);
+    }
+    /**
+     * Get user's token revocation timestamp
+     */
+    async getUserTokenRevocationTime(authUID, logger) {
+        return this.blacklistManager.getUserTokenRevocationTime(authUID, logger);
+    }
+    /**
+     * Cleanup expired blacklist entries
+     */
+    async cleanupExpiredEntries(logger) {
+        return this.blacklistManager.cleanupExpiredEntries(logger);
+    }
+    /**
+     * Get token handler configuration
+     */
+    getConfig() {
+        return Object.assign({}, this.config);
+    }
+    /**
+     * Extract authUID from provider token
+     * Different providers may structure this differently
+     */
+    extractAuthUID(providerToken) {
+        // Common patterns for different providers
+        return providerToken.uid || providerToken.sub || providerToken.user_id || '';
+    }
+    /**
+     * Extract issued-at timestamp from provider token
+     * Different providers may structure this differently
+     */
+    extractIssuedAt(providerToken) {
+        return providerToken.iat || providerToken.issued_at || Math.floor(Date.now() / 1000);
+    }
+}
+exports.TokenHandler = TokenHandler;
+/**
+ * Factory function to create token handler with type safety
+ */
+function createTokenHandler(config, adapter) {
+    return new TokenHandler(config, adapter);
+}
+//# sourceMappingURL=generic-token-handler.js.map

package/lib/generic-token-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generic-token-handler.js","sourceRoot":"","sources":["../src/generic-token-handler.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AA2PH,gDAKC;AA7PD,+CAOuB;AACvB,uEAAkE;AAElE,MAAa,YAAY;IAKvB,YACU,MAAyC,EACzC,OAAqC;QADrC,WAAM,GAAN,MAAM,CAAmC;QACzC,YAAO,GAAP,OAAO,CAA8B;QAE7C,IAAI,CAAC,gBAAgB,GAAG,IAAI,+CAAqB,CAC/C,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CACnB,QAAgB,EAChB,MAAc;QAEd,MAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAE1D,IAAI,CAAC;YACH,0CAA0C;YAC1C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAEvE,MAAM,CAAC,KAAK,CAAC,0CAA0C,EAAE;gBACvD,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;aAC5C,CAAC,CAAC;YAEH,qDAAqD;YACrD,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YACxE,MAAM,yBAAyB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,CACzE,eAAe,EACf,MAAM,CACP,CAAC;YAEF,IAAI,yBAAyB,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,iDAAiD,EAAE;oBAC7D,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;iBAC5C,CAAC,CAAC;gBAEH,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,aAAa,EAAE,IAAI;oBACnB,KAAK,EAAE,IAAI;oBACX,KAAK,EAAE,oCAAsB,CAAC,WAAW;iBAC1C,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;YACnD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,0BAA0B,CAC3E,OAAO,EACP,MAAM,CACP,CAAC;YAEF,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,aAAa,GAAG,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;gBAC1D,MAAM,eAAe,GAAG,IAAI,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;gBAEvD,IAAI,eAAe,GAAG,cAAc,EAAE,CAAC;oBACrC,MAAM,CAAC,IAAI,CAAC,qDAAqD,EAAE;wBACjE,OAAO;wBACP,aAAa,EAAE,eAAe;wBAC9B,wCAAwC;qBACzC,CAAC,CAAC;oBAEH,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,aAAa,EAAE,IAAI;wBACnB,KAAK,EAAE,IAAI;wBACX,KAAK,EAAE,oCAAsB,CAAC,WAAW;qBAC1C,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,yDAAyD;YACzD,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CACjD,aAAa,EACb,IAAI,CAAC,MAAM,CAAC,YAAY,CACzB,CAAC;YAEF,MAAM,CAAC,KAAK,CAAC,6CAA6C,EAAE;gBAC1D,OAAO,EAAE,eAAe,CAAC,OAAO;gBAChC,OAAO,EAAE,eAAe,CAAC,OAAO;gBAChC,MAAM,EAAE,eAAe,CAAC,MAAM;aAC/B,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,aAAa,EAAE,KAAK;gBACpB,KAAK,EAAE,eAAe;gBACtB,KAAK,EAAE,IAAI;aACZ,CAAC;QAEJ,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE;gBACrD,KAAK,EAAE,KAAK,CAAC,OAAO;aACrB,CAAC,CAAC;YAEH,yCAAyC;YACzC,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;YAE/D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,aAAa,EAAE,KAAK;gBACpB,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,iBAAiB;aACzB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,QAAgB;QACvC,OAAO,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CACpB,OAAe,EACf,MAAqB,EACrB,MAAc;QAEd,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE;YAClD,OAAO;YACP,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI;SACpC,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAAe,EAAE,MAAc;QACpD,MAAM,CAAC,IAAI,CAAC,sDAAsD,EAAE;YAClE,OAAO;YACP,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI;SACpC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,eAAuB,EACvB,OAAe,EACf,MAAc,EACd,cAAoB,EACpB,aAA4B,EAC5B,MAAc;QAEd,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,CACzC,eAAe,EACf,OAAO,EACP,MAAM,EACN,cAAc,EACd,aAAa,EACb,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAC1B,OAAe,EACf,MAAc,EACd,aAA4B,EAC5B,MAAc;QAEd,OAAO,IAAI,CAAC,gBAAgB,CAAC,sBAAsB,CACjD,OAAO,EACP,MAAM,EACN,aAAa,EACb,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,eAAuB,EAAE,MAAc;QAC9D,OAAO,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,0BAA0B,CAAC,OAAe,EAAE,MAAc;QAC9D,OAAO,IAAI,CAAC,gBAAgB,CAAC,0BAA0B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CAAC,MAAc;QACxC,OAAO,IAAI,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,SAAS;QACP,yBAAY,IAAI,CAAC,MAAM,EAAG;IAC5B,CAAC;IAED;;;OAGG;IACK,cAAc,CAAC,aAAkB;QACvC,0CAA0C;QAC1C,OAAO,aAAa,CAAC,GAAG,IAAI,aAAa,CAAC,GAAG,IAAI,aAAa,CAAC,OAAO,IAAI,EAAE,CAAC;IAC/E,CAAC;IAED;;;OAGG;IACK,eAAe,CAAC,aAAkB;QACxC,OAAO,aAAa,CAAC,GAAG,IAAI,aAAa,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACvF,CAAC;CACF;AAzOD,oCAyOC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAChC,MAAyC,EACzC,OAAqC;IAErC,OAAO,IAAI,YAAY,CAAgB,MAAM,EAAE,OAAO,CAAC,CAAC;AAC1D,CAAC"}

package/lib/index.d.ts

@@ -0,0 +1,71 @@
+/**
+ * Token Handler Utility - Barrel Export
+ * Portable, configurable token handling with auth provider abstraction
+ */
+export * from './token-types';
+export * from './generic-token-handler';
+export * from './token-blacklist-manager';
+export * from './firebase-adapter';
+export * from './firestore-database-adapter';
+export { createTokenHandler } from './generic-token-handler';
+export { createTokenBlacklistManager } from './token-blacklist-manager';
+export { createFirebaseAuthAdapter } from './firebase-adapter';
+export { createFirestoreTokenDatabase } from './firestore-database-adapter';
+/**
+ * Quick-start factory for Firebase-based token handling
+ *
+ * @example
+ * ```typescript
+ * const handler = createFirebaseTokenHandler({
+ *   customClaims: {
+ *     extract: (token) => ({ userID: token.userID }),
+ *     defaults: { userID: null }
+ *   },
+ *   blacklist: {
+ *     storage: { database: 'main', collection: 'blacklist' },
+ *     retention: { cleanupRetentionDays: 30, globalRevocationRetentionDays: 30 },
+ *     reasons: ['LOGOUT', 'PASSWORD_CHANGE']
+ *   },
+ *   database: firestoreInstance
+ * });
+ * ```
+ */
+export declare function createFirebaseTokenHandler<TCustomClaims = Record<string, any>>(config: {
+    customClaims: {
+        extract: (token: any) => TCustomClaims;
+        validate?: (claims: TCustomClaims) => boolean;
+        defaults: Partial<TCustomClaims>;
+    };
+    blacklist: {
+        storage: {
+            database: string;
+            collection: string;
+        };
+        retention: {
+            cleanupRetentionDays: number;
+            globalRevocationRetentionDays: number;
+        };
+        reasons: string[];
+    };
+    database: any;
+}): any;
+/**
+ * Quick-start factory for Auth0-based token handling
+ * Future implementation when Auth0 adapter is available
+ */
+export declare function createAuth0TokenHandler<_TCustomClaims = Record<string, any>>(_config: any): void;
+/**
+ * Quick-start factory for Clerk-based token handling
+ * Future implementation when Clerk adapter is available
+ */
+export declare function createClerkTokenHandler<_TCustomClaims = Record<string, any>>(_config: any): void;
+/**
+ * Version and metadata
+ */
+export declare const TOKEN_HANDLER_VERSION = "2.0.0";
+export declare const SUPPORTED_PROVIDERS: readonly ["firebase"];
+/**
+ * Utility function to validate token handler configuration
+ */
+export declare function validateTokenHandlerConfig(config: any): boolean;
+//# sourceMappingURL=index.d.ts.map

package/lib/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,cAAc,eAAe,CAAC;AAG9B,cAAc,yBAAyB,CAAC;AACxC,cAAc,2BAA2B,CAAC;AAG1C,cAAc,oBAAoB,CAAC;AACnC,cAAc,8BAA8B,CAAC;AAG7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,2BAA2B,CAAC;AACxE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,4BAA4B,EAAE,MAAM,8BAA8B,CAAC;AAE5E;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,0BAA0B,CAAC,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,EAAE;IACtF,YAAY,EAAE;QACZ,OAAO,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,aAAa,CAAC;QACvC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,OAAO,CAAC;QAC9C,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;KAClC,CAAC;IACF,SAAS,EAAE;QACT,OAAO,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,UAAU,EAAE,MAAM,CAAA;SAAE,CAAC;QAClD,SAAS,EAAE;YAAE,oBAAoB,EAAE,MAAM,CAAC;YAAC,6BAA6B,EAAE,MAAM,CAAA;SAAE,CAAC;QACnF,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;IACF,QAAQ,EAAE,GAAG,CAAC;CACf,OAuBA;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,OAAO,EAAE,GAAG,QAEzF;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,OAAO,EAAE,GAAG,QAEzF;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,UAAU,CAAC;AAC7C,eAAO,MAAM,mBAAmB,uBAAwB,CAAC;AAEzD;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,GAAG,GACV,OAAO,CAST"}

package/lib/index.js

@@ -0,0 +1,109 @@
+"use strict";
+/**
+ * Token Handler Utility - Barrel Export
+ * Portable, configurable token handling with auth provider abstraction
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SUPPORTED_PROVIDERS = exports.TOKEN_HANDLER_VERSION = exports.createFirestoreTokenDatabase = exports.createFirebaseAuthAdapter = exports.createTokenBlacklistManager = exports.createTokenHandler = void 0;
+exports.createFirebaseTokenHandler = createFirebaseTokenHandler;
+exports.createAuth0TokenHandler = createAuth0TokenHandler;
+exports.createClerkTokenHandler = createClerkTokenHandler;
+exports.validateTokenHandlerConfig = validateTokenHandlerConfig;
+// Core types and interfaces
+__exportStar(require("./token-types"), exports);
+// Generic implementations
+__exportStar(require("./generic-token-handler"), exports);
+__exportStar(require("./token-blacklist-manager"), exports);
+// Adapters
+__exportStar(require("./firebase-adapter"), exports);
+__exportStar(require("./firestore-database-adapter"), exports);
+// Factory functions for common configurations
+var generic_token_handler_1 = require("./generic-token-handler");
+Object.defineProperty(exports, "createTokenHandler", { enumerable: true, get: function () { return generic_token_handler_1.createTokenHandler; } });
+var token_blacklist_manager_1 = require("./token-blacklist-manager");
+Object.defineProperty(exports, "createTokenBlacklistManager", { enumerable: true, get: function () { return token_blacklist_manager_1.createTokenBlacklistManager; } });
+var firebase_adapter_1 = require("./firebase-adapter");
+Object.defineProperty(exports, "createFirebaseAuthAdapter", { enumerable: true, get: function () { return firebase_adapter_1.createFirebaseAuthAdapter; } });
+var firestore_database_adapter_1 = require("./firestore-database-adapter");
+Object.defineProperty(exports, "createFirestoreTokenDatabase", { enumerable: true, get: function () { return firestore_database_adapter_1.createFirestoreTokenDatabase; } });
+/**
+ * Quick-start factory for Firebase-based token handling
+ *
+ * @example
+ * ```typescript
+ * const handler = createFirebaseTokenHandler({
+ *   customClaims: {
+ *     extract: (token) => ({ userID: token.userID }),
+ *     defaults: { userID: null }
+ *   },
+ *   blacklist: {
+ *     storage: { database: 'main', collection: 'blacklist' },
+ *     retention: { cleanupRetentionDays: 30, globalRevocationRetentionDays: 30 },
+ *     reasons: ['LOGOUT', 'PASSWORD_CHANGE']
+ *   },
+ *   database: firestoreInstance
+ * });
+ * ```
+ */
+function createFirebaseTokenHandler(config) {
+    const { createTokenHandler } = require('./generic-token-handler');
+    const { createFirebaseAuthAdapter } = require('./adapters/firebase-auth-adapter');
+    const { createFirestoreTokenDatabase } = require('./adapters/firestore-database-adapter');
+    // Create database adapter
+    const tokenDatabase = createFirestoreTokenDatabase(config.database, config.blacklist.storage.collection);
+    // Create auth adapter
+    const authAdapter = createFirebaseAuthAdapter();
+    // Build complete configuration
+    const handlerConfig = {
+        customClaims: config.customClaims,
+        blacklist: config.blacklist,
+        provider: { type: 'firebase' },
+        database: tokenDatabase
+    };
+    return createTokenHandler(handlerConfig, authAdapter);
+}
+/**
+ * Quick-start factory for Auth0-based token handling
+ * Future implementation when Auth0 adapter is available
+ */
+function createAuth0TokenHandler(_config) {
+    throw new Error('Auth0 adapter not yet implemented. Use createFirebaseTokenHandler for now.');
+}
+/**
+ * Quick-start factory for Clerk-based token handling
+ * Future implementation when Clerk adapter is available
+ */
+function createClerkTokenHandler(_config) {
+    throw new Error('Clerk adapter not yet implemented. Use createFirebaseTokenHandler for now.');
+}
+/**
+ * Version and metadata
+ */
+exports.TOKEN_HANDLER_VERSION = '2.0.0';
+exports.SUPPORTED_PROVIDERS = ['firebase'];
+/**
+ * Utility function to validate token handler configuration
+ */
+function validateTokenHandlerConfig(config) {
+    return (config &&
+        typeof config === 'object' &&
+        config.customClaims &&
+        config.blacklist &&
+        config.provider &&
+        config.database);
+}
+//# sourceMappingURL=index.js.map

package/lib/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;AAsCH,gEAmCC;AAMD,0DAEC;AAMD,0DAEC;AAWD,gEAWC;AA7GD,4BAA4B;AAC5B,gDAA8B;AAE9B,0BAA0B;AAC1B,0DAAwC;AACxC,4DAA0C;AAE1C,WAAW;AACX,qDAAmC;AACnC,+DAA6C;AAE7C,8CAA8C;AAC9C,iEAA6D;AAApD,2HAAA,kBAAkB,OAAA;AAC3B,qEAAwE;AAA/D,sIAAA,2BAA2B,OAAA;AACpC,uDAA+D;AAAtD,6HAAA,yBAAyB,OAAA;AAClC,2EAA4E;AAAnE,0IAAA,4BAA4B,OAAA;AAErC;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,0BAA0B,CAAsC,MAY/E;IACC,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAAC;IAClE,MAAM,EAAE,yBAAyB,EAAE,GAAG,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAClF,MAAM,EAAE,4BAA4B,EAAE,GAAG,OAAO,CAAC,uCAAuC,CAAC,CAAC;IAE1F,0BAA0B;IAC1B,MAAM,aAAa,GAAG,4BAA4B,CAChD,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CACpC,CAAC;IAEF,sBAAsB;IACtB,MAAM,WAAW,GAAG,yBAAyB,EAAE,CAAC;IAEhD,+BAA+B;IAC/B,MAAM,aAAa,GAAG;QACpB,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,QAAQ,EAAE,EAAE,IAAI,EAAE,UAAmB,EAAE;QACvC,QAAQ,EAAE,aAAa;KACxB,CAAC;IAEF,OAAO,kBAAkB,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AAED;;;GAGG;AACH,SAAgB,uBAAuB,CAAuC,OAAY;IACxF,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;AAChG,CAAC;AAED;;;GAGG;AACH,SAAgB,uBAAuB,CAAuC,OAAY;IACxF,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;AAChG,CAAC;AAED;;GAEG;AACU,QAAA,qBAAqB,GAAG,OAAO,CAAC;AAChC,QAAA,mBAAmB,GAAG,CAAC,UAAU,CAAU,CAAC;AAEzD;;GAEG;AACH,SAAgB,0BAA0B,CACxC,MAAW;IAEX,OAAO,CACL,MAAM;QACN,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,CAAC,YAAY;QACnB,MAAM,CAAC,SAAS;QAChB,MAAM,CAAC,QAAQ;QACf,MAAM,CAAC,QAAQ,CAChB,CAAC;AACJ,CAAC"}

package/lib/token-blacklist-manager.d.ts

@@ -0,0 +1,78 @@
+/**
+ * Token Blacklist Manager
+ * Generic token blacklist implementation with configurable database backend
+ */
+import { Logger } from '@xbg/utils-logger';
+import { TokenBlacklistEntry, ITokenDatabase, BlacklistConfig } from './token-types';
+export declare class TokenBlacklistManager {
+    private database;
+    private config;
+    constructor(database: ITokenDatabase, config: BlacklistConfig);
+    /**
+     * Add token to blacklist
+     *
+     * @param tokenIdentifier - Token JTI or hash
+     * @param authUID - User who owned this token
+     * @param reason - Reason for blacklisting (must be in configured reasons)
+     * @param tokenExpiresAt - When token would naturally expire
+     * @param blacklistedBy - Optional userUID who triggered blacklist
+     * @param logger - Logger instance
+     */
+    blacklistToken(tokenIdentifier: string, authUID: string, reason: string, tokenExpiresAt: Date, blacklistedBy: string | null, logger: Logger): Promise<TokenBlacklistEntry>;
+    /**
+     * Check if token is blacklisted
+     *
+     * @param tokenIdentifier - Token JTI or hash
+     * @param logger - Logger instance
+     * @returns true if blacklisted, false otherwise
+     */
+    isBlacklisted(tokenIdentifier: string, logger: Logger): Promise<boolean>;
+    /**
+     * Blacklist all tokens for a user (global revocation)
+     * Used when user logs out all sessions, changes password, or account deleted
+     *
+     * This creates a revocation timestamp. Token verification checks:
+     * is token issued before this timestamp?
+     *
+     * @param authUID - User's auth UID
+     * @param reason - Reason for blacklisting (must be in configured reasons)
+     * @param blacklistedBy - Optional userUID who triggered blacklist
+     * @param logger - Logger instance
+     */
+    blacklistAllUserTokens(authUID: string, reason: string, blacklistedBy: string | null, logger: Logger): Promise<void>;
+    /**
+     * Check if user has a global token revocation
+     * Returns the timestamp of revocation if exists
+     *
+     * @param authUID - User's auth UID
+     * @param logger - Logger instance
+     * @returns Date of revocation, or null if no global revocation
+     */
+    getUserTokenRevocationTime(authUID: string, logger: Logger): Promise<Date | null>;
+    /**
+     * Cleanup expired blacklist entries
+     * Run via CRON job periodically
+     *
+     * @param logger - Logger instance
+     * @returns Number of entries deleted
+     */
+    cleanupExpiredEntries(logger: Logger): Promise<number>;
+    /**
+     * Get blacklist configuration
+     */
+    getConfig(): BlacklistConfig;
+    /**
+     * Validate that reason is allowed by configuration
+     */
+    private validateReason;
+    /**
+     * Mask token identifier for logging (security)
+     * Shows first 10 characters + ...
+     */
+    private maskTokenIdentifier;
+}
+/**
+ * Factory function to create blacklist manager
+ */
+export declare function createTokenBlacklistManager(database: ITokenDatabase, config: BlacklistConfig): TokenBlacklistManager;
+//# sourceMappingURL=token-blacklist-manager.d.ts.map

package/lib/token-blacklist-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-blacklist-manager.d.ts","sourceRoot":"","sources":["../src/token-blacklist-manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,eAAe,EAChB,MAAM,eAAe,CAAC;AAGvB,qBAAa,qBAAqB;IAE9B,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,MAAM;gBADN,QAAQ,EAAE,cAAc,EACxB,MAAM,EAAE,eAAe;IAGjC;;;;;;;;;OASG;IACG,cAAc,CAClB,eAAe,EAAE,MAAM,EACvB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,IAAI,EACpB,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,mBAAmB,CAAC;IAiC/B;;;;;;OAMG;IACG,aAAa,CACjB,eAAe,EAAE,MAAM,EACvB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,OAAO,CAAC;IAenB;;;;;;;;;;;OAWG;IACG,sBAAsB,CAC1B,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC;IAsBhB;;;;;;;OAOG;IACG,0BAA0B,CAC9B,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAgBvB;;;;;;OAMG;IACG,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAiB5D;;OAEG;IACH,SAAS,IAAI,eAAe;IAI5B;;OAEG;IACH,OAAO,CAAC,cAAc;IAetB;;;OAGG;IACH,OAAO,CAAC,mBAAmB;CAM5B;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,cAAc,EACxB,MAAM,EAAE,eAAe,GACtB,qBAAqB,CAEvB"}

package/lib/token-blacklist-manager.js

@@ -0,0 +1,174 @@
+"use strict";
+/**
+ * Token Blacklist Manager
+ * Generic token blacklist implementation with configurable database backend
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenBlacklistManager = void 0;
+exports.createTokenBlacklistManager = createTokenBlacklistManager;
+const uuid_1 = require("uuid");
+class TokenBlacklistManager {
+    constructor(database, config) {
+        this.database = database;
+        this.config = config;
+    }
+    /**
+     * Add token to blacklist
+     *
+     * @param tokenIdentifier - Token JTI or hash
+     * @param authUID - User who owned this token
+     * @param reason - Reason for blacklisting (must be in configured reasons)
+     * @param tokenExpiresAt - When token would naturally expire
+     * @param blacklistedBy - Optional userUID who triggered blacklist
+     * @param logger - Logger instance
+     */
+    async blacklistToken(tokenIdentifier, authUID, reason, tokenExpiresAt, blacklistedBy, logger) {
+        // Validate reason against configured reasons
+        this.validateReason(reason, logger);
+        logger.debug('TokenBlacklistManager: Adding token to blacklist', {
+            tokenIdentifier: this.maskTokenIdentifier(tokenIdentifier),
+            authUID,
+            reason,
+            database: this.config.storage.database,
+            collection: this.config.storage.collection
+        });
+        const entry = {
+            blacklistEntryUID: (0, uuid_1.v4)(),
+            tokenJTI: tokenIdentifier,
+            authUID,
+            blacklistedAt: new Date(),
+            blacklistedBy,
+            reason,
+            expiresAt: tokenExpiresAt
+        };
+        await this.database.addBlacklistEntry(entry);
+        logger.info('TokenBlacklistManager: Token blacklisted successfully', {
+            blacklistEntryUID: entry.blacklistEntryUID,
+            authUID,
+            reason
+        });
+        return entry;
+    }
+    /**
+     * Check if token is blacklisted
+     *
+     * @param tokenIdentifier - Token JTI or hash
+     * @param logger - Logger instance
+     * @returns true if blacklisted, false otherwise
+     */
+    async isBlacklisted(tokenIdentifier, logger) {
+        logger.debug('TokenBlacklistManager: Checking if token is blacklisted', {
+            tokenIdentifier: this.maskTokenIdentifier(tokenIdentifier)
+        });
+        const isBlacklisted = await this.database.isTokenBlacklisted(tokenIdentifier);
+        logger.debug('TokenBlacklistManager: Blacklist check result', {
+            tokenIdentifier: this.maskTokenIdentifier(tokenIdentifier),
+            isBlacklisted
+        });
+        return isBlacklisted;
+    }
+    /**
+     * Blacklist all tokens for a user (global revocation)
+     * Used when user logs out all sessions, changes password, or account deleted
+     *
+     * This creates a revocation timestamp. Token verification checks:
+     * is token issued before this timestamp?
+     *
+     * @param authUID - User's auth UID
+     * @param reason - Reason for blacklisting (must be in configured reasons)
+     * @param blacklistedBy - Optional userUID who triggered blacklist
+     * @param logger - Logger instance
+     */
+    async blacklistAllUserTokens(authUID, reason, blacklistedBy, logger) {
+        // Validate reason against configured reasons
+        this.validateReason(reason, logger);
+        logger.info('TokenBlacklistManager: Blacklisting all tokens for user', {
+            authUID,
+            reason
+        });
+        const expiresAt = new Date(Date.now() + this.config.retention.globalRevocationRetentionDays * 24 * 60 * 60 * 1000);
+        await this.database.addUserRevocation(authUID, reason, blacklistedBy, expiresAt);
+        logger.info('TokenBlacklistManager: All user tokens blacklisted', {
+            authUID,
+            reason,
+            expiresAt
+        });
+    }
+    /**
+     * Check if user has a global token revocation
+     * Returns the timestamp of revocation if exists
+     *
+     * @param authUID - User's auth UID
+     * @param logger - Logger instance
+     * @returns Date of revocation, or null if no global revocation
+     */
+    async getUserTokenRevocationTime(authUID, logger) {
+        logger.debug('TokenBlacklistManager: Checking user token revocation', {
+            authUID
+        });
+        const revocationTime = await this.database.getUserRevocationTime(authUID);
+        logger.debug('TokenBlacklistManager: User revocation check result', {
+            authUID,
+            hasRevocation: revocationTime !== null,
+            // Don't log the actual timestamp for privacy
+        });
+        return revocationTime;
+    }
+    /**
+     * Cleanup expired blacklist entries
+     * Run via CRON job periodically
+     *
+     * @param logger - Logger instance
+     * @returns Number of entries deleted
+     */
+    async cleanupExpiredEntries(logger) {
+        logger.info('TokenBlacklistManager: Starting cleanup of expired entries', {
+            database: this.config.storage.database,
+            collection: this.config.storage.collection
+        });
+        const deletedCount = await this.database.cleanupExpiredEntries();
+        logger.info('TokenBlacklistManager: Cleanup completed', {
+            deletedCount,
+            database: this.config.storage.database,
+            collection: this.config.storage.collection
+        });
+        return deletedCount;
+    }
+    /**
+     * Get blacklist configuration
+     */
+    getConfig() {
+        return Object.assign({}, this.config);
+    }
+    /**
+     * Validate that reason is allowed by configuration
+     */
+    validateReason(reason, logger) {
+        if (!this.config.reasons.includes(reason)) {
+            const error = new Error(`Invalid blacklist reason: ${reason}. Allowed reasons: ${this.config.reasons.join(', ')}`);
+            logger.error('TokenBlacklistManager: Invalid blacklist reason', error, {
+                providedReason: reason,
+                allowedReasons: this.config.reasons
+            });
+            throw error;
+        }
+    }
+    /**
+     * Mask token identifier for logging (security)
+     * Shows first 10 characters + ...
+     */
+    maskTokenIdentifier(tokenIdentifier) {
+        if (tokenIdentifier.length <= 10) {
+            return tokenIdentifier;
+        }
+        return tokenIdentifier.substring(0, 10) + '...';
+    }
+}
+exports.TokenBlacklistManager = TokenBlacklistManager;
+/**
+ * Factory function to create blacklist manager
+ */
+function createTokenBlacklistManager(database, config) {
+    return new TokenBlacklistManager(database, config);
+}
+//# sourceMappingURL=token-blacklist-manager.js.map

package/lib/token-blacklist-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-blacklist-manager.js","sourceRoot":"","sources":["../src/token-blacklist-manager.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AA6NH,kEAKC;AA1ND,+BAAoC;AAEpC,MAAa,qBAAqB;IAChC,YACU,QAAwB,EACxB,MAAuB;QADvB,aAAQ,GAAR,QAAQ,CAAgB;QACxB,WAAM,GAAN,MAAM,CAAiB;IAC9B,CAAC;IAEJ;;;;;;;;;OASG;IACH,KAAK,CAAC,cAAc,CAClB,eAAuB,EACvB,OAAe,EACf,MAAc,EACd,cAAoB,EACpB,aAA4B,EAC5B,MAAc;QAEd,6CAA6C;QAC7C,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEpC,MAAM,CAAC,KAAK,CAAC,kDAAkD,EAAE;YAC/D,eAAe,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;YAC1D,OAAO;YACP,MAAM;YACN,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ;YACtC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU;SAC3C,CAAC,CAAC;QAEH,MAAM,KAAK,GAAwB;YACjC,iBAAiB,EAAE,IAAA,SAAM,GAAE;YAC3B,QAAQ,EAAE,eAAe;YACzB,OAAO;YACP,aAAa,EAAE,IAAI,IAAI,EAAE;YACzB,aAAa;YACb,MAAM;YACN,SAAS,EAAE,cAAc;SAC1B,CAAC;QAEF,MAAM,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAE7C,MAAM,CAAC,IAAI,CAAC,uDAAuD,EAAE;YACnE,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;YAC1C,OAAO;YACP,MAAM;SACP,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,aAAa,CACjB,eAAuB,EACvB,MAAc;QAEd,MAAM,CAAC,KAAK,CAAC,yDAAyD,EAAE;YACtE,eAAe,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;SAC3D,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC;QAE9E,MAAM,CAAC,KAAK,CAAC,+CAA+C,EAAE;YAC5D,eAAe,EAAE,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC;YAC1D,aAAa;SACd,CAAC,CAAC;QAEH,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,sBAAsB,CAC1B,OAAe,EACf,MAAc,EACd,aAA4B,EAC5B,MAAc;QAEd,6CAA6C;QAC7C,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEpC,MAAM,CAAC,IAAI,CAAC,yDAAyD,EAAE;YACrE,OAAO;YACP,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,IAAI,IAAI,CACxB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,6BAA6B,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CACvF,CAAC;QAEF,MAAM,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC;QAEjF,MAAM,CAAC,IAAI,CAAC,oDAAoD,EAAE;YAChE,OAAO;YACP,MAAM;YACN,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,0BAA0B,CAC9B,OAAe,EACf,MAAc;QAEd,MAAM,CAAC,KAAK,CAAC,uDAAuD,EAAE;YACpE,OAAO;SACR,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAE1E,MAAM,CAAC,KAAK,CAAC,qDAAqD,EAAE;YAClE,OAAO;YACP,aAAa,EAAE,cAAc,KAAK,IAAI;YACtC,6CAA6C;SAC9C,CAAC,CAAC;QAEH,OAAO,cAAc,CAAC;IACxB,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,qBAAqB,CAAC,MAAc;QACxC,MAAM,CAAC,IAAI,CAAC,4DAA4D,EAAE;YACxE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ;YACtC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU;SAC3C,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,CAAC;QAEjE,MAAM,CAAC,IAAI,CAAC,0CAA0C,EAAE;YACtD,YAAY;YACZ,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ;YACtC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU;SAC3C,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,SAAS;QACP,yBAAY,IAAI,CAAC,MAAM,EAAG;IAC5B,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,MAAc,EAAE,MAAc;QACnD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1C,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,6BAA6B,MAAM,sBAAsB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1F,CAAC;YAEF,MAAM,CAAC,KAAK,CAAC,iDAAiD,EAAE,KAAK,EAAE;gBACrE,cAAc,EAAE,MAAM;gBACtB,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;aACpC,CAAC,CAAC;YAEH,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,mBAAmB,CAAC,eAAuB;QACjD,IAAI,eAAe,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YACjC,OAAO,eAAe,CAAC;QACzB,CAAC;QACD,OAAO,eAAe,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC;IAClD,CAAC;CACF;AA9MD,sDA8MC;AAED;;GAEG;AACH,SAAgB,2BAA2B,CACzC,QAAwB,EACxB,MAAuB;IAEvB,OAAO,IAAI,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AACrD,CAAC"}