@xylex-group/athena 2.12.1 → 2.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -21
- package/README.md +1190 -1184
- package/bin/athena-js.js +104 -76
- package/dist/admin.cjs +45 -0
- package/dist/admin.cjs.map +1 -0
- package/dist/admin.d.cts +64 -0
- package/dist/admin.d.ts +64 -0
- package/dist/admin.js +41 -0
- package/dist/admin.js.map +1 -0
- package/dist/athena-auth-url-oLux_57a.d.cts +377 -0
- package/dist/athena-auth-url-oLux_57a.d.ts +377 -0
- package/dist/browser.cjs +33 -49
- package/dist/browser.cjs.map +1 -1
- package/dist/browser.d.cts +12 -10
- package/dist/browser.d.ts +12 -10
- package/dist/browser.js +33 -49
- package/dist/browser.js.map +1 -1
- package/dist/cli/index.cjs +150 -51
- package/dist/cli/index.cjs.map +1 -1
- package/dist/cli/index.d.cts +14 -5
- package/dist/cli/index.d.ts +14 -5
- package/dist/cli/index.js +150 -52
- package/dist/cli/index.js.map +1 -1
- package/dist/{client-CMtx5P4D.d.cts → client-BJjUwDSg.d.cts} +109 -1448
- package/dist/{client-Dre8H24u.d.ts → client-DVOKSYDI.d.ts} +109 -1448
- package/dist/cookies.cjs +18 -0
- package/dist/cookies.cjs.map +1 -1
- package/dist/cookies.d.cts +2 -1
- package/dist/cookies.d.ts +2 -1
- package/dist/cookies.js +17 -1
- package/dist/cookies.js.map +1 -1
- package/dist/{index-CVcQCGyG.d.ts → index-CFL9xbFR.d.cts} +2 -0
- package/dist/{index-CVcQCGyG.d.cts → index-UKJpunc6.d.ts} +2 -0
- package/dist/index.cjs +101 -49
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +13 -10
- package/dist/index.d.ts +13 -10
- package/dist/index.js +101 -50
- package/dist/index.js.map +1 -1
- package/dist/{model-form-DfTi8-D1.d.cts → model-form-Dw4zEL5a.d.cts} +2 -2
- package/dist/{model-form-CU0mWrF9.d.ts → model-form-yRg71q3H.d.ts} +2 -2
- package/dist/{module-DBGmbIuh.d.ts → module-DBteUIob.d.ts} +12 -9
- package/dist/{module-GoijrBXV.d.cts → module-yoX49uQC.d.cts} +12 -9
- package/dist/next/client.cjs +452 -49
- package/dist/next/client.cjs.map +1 -1
- package/dist/next/client.d.cts +7 -4
- package/dist/next/client.d.ts +7 -4
- package/dist/next/client.js +430 -50
- package/dist/next/client.js.map +1 -1
- package/dist/next/server.cjs +292 -49
- package/dist/next/server.cjs.map +1 -1
- package/dist/next/server.d.cts +81 -5
- package/dist/next/server.d.ts +81 -5
- package/dist/next/server.js +280 -50
- package/dist/next/server.js.map +1 -1
- package/dist/organization.cjs +72 -0
- package/dist/organization.cjs.map +1 -0
- package/dist/organization.d.cts +43 -0
- package/dist/organization.d.ts +43 -0
- package/dist/organization.js +70 -0
- package/dist/organization.js.map +1 -0
- package/dist/payload-BzVbUgY_.d.cts +219 -0
- package/dist/payload-DEOWN_oo.d.ts +219 -0
- package/dist/{pipeline-DrjU2vNA.d.ts → pipeline-Bj6RWt1A.d.ts} +1 -1
- package/dist/{pipeline-c7Gdm0qv.d.cts → pipeline-Dwck-wZO.d.cts} +1 -1
- package/dist/react.cjs +2 -13
- package/dist/react.cjs.map +1 -1
- package/dist/react.d.cts +26 -7
- package/dist/react.d.ts +26 -7
- package/dist/react.js +2 -13
- package/dist/react.js.map +1 -1
- package/dist/session-cookie-detection-BqOp9mO6.d.cts +46 -0
- package/dist/session-cookie-detection-BqOp9mO6.d.ts +46 -0
- package/dist/social-providers.cjs +4189 -0
- package/dist/social-providers.cjs.map +1 -0
- package/dist/social-providers.d.cts +4948 -0
- package/dist/social-providers.d.ts +4948 -0
- package/dist/social-providers.js +4117 -0
- package/dist/social-providers.js.map +1 -0
- package/dist/{types-Bez4HSbI.d.cts → types-BRP7sfSF.d.ts} +50 -2
- package/dist/{types-kPaHUqUa.d.ts → types-BU8uJH_b.d.cts} +50 -2
- package/dist/{types-BRUHGXo2.d.ts → types-CH78O90i.d.cts} +2 -2
- package/dist/{types-BRUHGXo2.d.cts → types-CH78O90i.d.ts} +2 -2
- package/dist/{types-BLizCLd1.d.cts → types-CjC9_5ZQ.d.cts} +3 -3
- package/dist/{types-DRRb0Fd0.d.ts → types-DPgejxYC.d.ts} +3 -3
- package/dist/types-eAKAh71s.d.cts +1476 -0
- package/dist/types-eAKAh71s.d.ts +1476 -0
- package/dist/utils.cjs +438 -15
- package/dist/utils.cjs.map +1 -1
- package/dist/utils.d.cts +76 -11
- package/dist/utils.d.ts +76 -11
- package/dist/utils.js +390 -16
- package/dist/utils.js.map +1 -1
- package/package.json +49 -22
- package/dist/shared-DZSGAmXs.d.cts +0 -35
- package/dist/shared-MMnVBBfy.d.ts +0 -35
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/auth/env/logger.ts","../src/auth/error/athena-auth-error.ts","../src/auth/error/api-error.ts","../src/auth/utils/base64.ts","../src/auth/fetch/body.ts","../src/auth/fetch/athena-fetch.ts","../src/auth/oauth2/reject-redirects.ts","../src/auth/oauth2/token-utils.ts","../src/auth/oauth2/client-id.ts","../src/auth/oauth2/pkce.ts","../src/auth/oauth2/create-authorization-url.ts","../src/auth/oauth2/refresh-access-token.ts","../src/auth/oauth2/validate-authorization-code.ts","../src/auth/social-providers/apple-crypto.ts","../src/auth/social-providers/helpers/get-jwks-public-key.ts","../src/auth/social-providers/apple-keys.ts","../src/auth/social-providers/apple.ts","../src/auth/social-providers/atlassian.ts","../src/auth/social-providers/helpers/trim-trailing-slash.ts","../src/auth/social-providers/athena.ts","../src/auth/social-providers/cognito-keys.ts","../src/auth/social-providers/cognito.ts","../src/auth/social-providers/discord.ts","../src/auth/social-providers/dropbox.ts","../src/auth/social-providers/facebook-verify.ts","../src/auth/social-providers/facebook.ts","../src/auth/social-providers/figma.ts","../src/auth/social-providers/github.ts","../src/auth/social-providers/gitlab.ts","../src/auth/social-providers/google-types.ts","../src/auth/social-providers/google-keys.ts","../src/auth/social-providers/google-verify.ts","../src/auth/social-providers/helpers/merge-scopes.ts","../src/auth/social-providers/google.ts","../src/auth/social-providers/huggingface.ts","../src/auth/social-providers/kakao.ts","../src/auth/social-providers/kick.ts","../src/auth/social-providers/line.ts","../src/auth/social-providers/linear.ts","../src/auth/social-providers/linkedin.ts","../src/auth/social-providers/microsoft-keys.ts","../src/auth/social-providers/microsoft-types.ts","../src/auth/social-providers/microsoft-entra-id.ts","../src/auth/social-providers/naver.ts","../src/auth/social-providers/notion.ts","../src/auth/social-providers/paybin.ts","../src/auth/social-providers/paypal-keys.ts","../src/auth/social-providers/paypal.ts","../src/auth/social-providers/polar.ts","../src/auth/social-providers/railway.ts","../src/auth/social-providers/reddit.ts","../src/auth/social-providers/roblox.ts","../src/auth/social-providers/salesforce.ts","../src/auth/social-providers/slack.ts","../src/auth/social-providers/spotify.ts","../src/auth/social-providers/tiktok.ts","../src/auth/social-providers/twitch.ts","../src/auth/social-providers/twitter.ts","../src/auth/social-providers/vercel.ts","../src/auth/social-providers/vk.ts","../src/auth/social-providers/wechat.ts","../src/auth/social-providers/zoom.ts","../src/auth/social-providers/registry.ts"],"names":["authorizationEndpoint","tokenEndpoint","jwtVerify","decodeProtectedHeader","decodeJwt","createRemoteJWKSet","profile","userMap","userinfoEndpoint"],"mappings":";;;;;;AAEA,IAAM,SAAS,CAAC,OAAA,EAAS,MAAA,EAAQ,SAAA,EAAW,QAAQ,OAAO,CAAA;AAE3D,SAAS,gBAAA,CAAiB,SAAmB,KAAA,EAA0B;AACrE,EAAA,OAAO,OAAO,OAAA,CAAQ,KAAK,CAAA,IAAK,MAAA,CAAO,QAAQ,OAAO,CAAA;AACxD;AAEA,SAAS,eAAA,GAA4B;AACnC,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GACJ,OAAO,OAAA,KAAY,WAAA,IAAe,QAAQ,GAAA,GACtC,OAAA,CAAQ,IAAI,qBAAA,GACZ,KAAA,CAAA;AACN,IAAA,IACE,GAAA,KAAQ,WACR,GAAA,KAAQ,MAAA,IACR,QAAQ,MAAA,IACR,GAAA,KAAQ,OAAA,IACR,GAAA,KAAQ,SAAA,EACR;AACA,MAAA,OAAO,GAAA;AAAA,IACT;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAER;AACA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,GAAA,CACP,KAAA,EACA,OAAA,EAAA,GACG,IAAA,EACG;AACN,EAAA,MAAM,UAAU,eAAA,EAAgB;AAChC,EAAA,IAAI,CAAC,gBAAA,CAAiB,OAAA,EAAS,UAAU,MAAA,GAAS,MAAA,GAAS,KAAK,CAAA,EAAG;AAEnE,EAAA,MAAM,EAAA,GACJ,UAAU,OAAA,GACN,OAAA,CAAQ,QACR,KAAA,KAAU,MAAA,GACR,OAAA,CAAQ,IAAA,GACR,OAAA,CAAQ,GAAA;AAChB,EAAA,EAAA,CAAG,CAAA,cAAA,EAAiB,OAAO,CAAA,CAAA,EAAI,GAAG,IAAI,CAAA;AACxC;AAEO,IAAM,MAAA,GAAS;AAAA,EACpB,KAAA,EAAO,CAAC,OAAA,EAAA,GAAoB,IAAA,KAAoB,IAAI,OAAA,EAAS,OAAA,EAAS,GAAG,IAAI,CAAA;AAAA,EAC7E,IAAA,EAAM,CAAC,OAAA,EAAA,GAAoB,IAAA,KAAoB,IAAI,MAAA,EAAQ,OAAA,EAAS,GAAG,IAAI,CAAA;AAAA,EAC3E,OAAA,EAAS,CAAC,OAAA,EAAA,GAAoB,IAAA,KAAoB,IAAI,MAAA,EAAQ,OAAA,EAAS,GAAG,IAAI,CAAA;AAAA,EAC9E,IAAA,EAAM,CAAC,OAAA,EAAA,GAAoB,IAAA,KAAoB,IAAI,MAAA,EAAQ,OAAA,EAAS,GAAG,IAAI,CAAA;AAAA,EAC3E,KAAA,EAAO,CAAC,OAAA,EAAA,GAAoB,IAAA,KAAoB,IAAI,OAAA,EAAS,OAAA,EAAS,GAAG,IAAI;AAC/E,CAAA;;;AChDO,IAAM,eAAA,GAAN,cAA8B,KAAA,CAAM;AAAA,EACzC,WAAA,CAAY,SAAiB,OAAA,EAA2C;AACtE,IAAA,KAAA,CAAM,SAAS,OAAO,CAAA;AACtB,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AACZ,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AACf,IAAA,IAAA,CAAK,KAAA,GAAQ,EAAA;AAAA,EACf;AACF,CAAA;;;ACLO,IAAM,QAAA,GAAN,MAAM,SAAA,SAAiB,KAAA,CAAM;AAAA,EAClC,MAAA;AAAA,EACA,UAAA;AAAA,EACA,IAAA;AAAA,EACA,OAAA;AAAA,EAEA,WAAA,CACE,QACA,IAAA,EACA;AACA,IAAA,MAAM,OAAA,GACJ,OAAO,IAAA,KAAS,QAAA,GACZ,IAAA,GACA,IAAA,EAAM,OAAA,KAAY,OAAO,MAAA,KAAW,QAAA,GAAW,MAAA,GAAS,CAAA,KAAA,EAAQ,MAAM,CAAA,CAAA,CAAA;AAC5E,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,UAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,UAAA,GAAa,OAAO,MAAA,KAAW,QAAA,GAAW,MAAA,GAAS,GAAA;AACxD,IAAA,IAAA,CAAK,OAAO,OAAO,IAAA,KAAS,WAAW,EAAE,OAAA,EAAS,MAAK,GAAI,IAAA;AAC3D,IAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AAAA,EACjB;AAAA,EAEA,OAAO,UAAA,CACL,MAAA,EACA,IAAA,EACU;AACV,IAAA,OAAO,IAAI,SAAA,CAAS,MAAA,EAAQ,IAAI,CAAA;AAAA,EAClC;AAAA,EAEA,OAAO,IAAA,CACL,MAAA,EACA,KAAA,EACU;AACV,IAAA,OAAO,IAAI,UAAS,MAAA,EAAQ;AAAA,MAC1B,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,MAAM,KAAA,CAAM;AAAA,KACb,CAAA;AAAA,EACH;AACF,CAAA;;;AC5CA,SAAS,aAAa,KAAA,EAAsD;AAC1E,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,OAAO,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,KAAK,CAAA;AAAA,EACvC;AACA,EAAA,IAAI,iBAAiB,UAAA,EAAY;AAC/B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,WAAW,KAAK,CAAA;AAC7B;AAEA,SAAS,aAAA,CAAc,KAAA,EAAmB,OAAA,EAAkB,OAAA,EAA0B;AACpF,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAE,CAAA;AAAA,EACzC;AACA,EAAA,IAAI,OAAA,GAAU,KAAK,MAAM,CAAA;AACzB,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,OAAA,GAAU,QAAQ,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EAC1D;AACA,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAA,GAAU,OAAA,CAAQ,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA;AAAA,EACtC;AACA,EAAA,OAAO,OAAA;AACT;AAKO,IAAM,MAAA,GAAS;AAAA,EACpB,OAAO,KAAA,EAAkD;AACvD,IAAA,OAAO,aAAA,CAAc,YAAA,CAAa,KAAK,CAAA,EAAG,OAAO,IAAI,CAAA;AAAA,EACvD;AACF,CAAA;AAKO,IAAM,SAAA,GAAY;AAAA,EACvB,MAAA,CACE,OACA,OAAA,EACQ;AACR,IAAA,OAAO,cAAc,YAAA,CAAa,KAAK,GAAG,IAAA,EAAM,OAAA,EAAS,YAAY,KAAK,CAAA;AAAA,EAC5E;AACF,CAAA;;;ACvCO,SAAS,mBACd,IAAA,EAC+D;AAC/D,EAAA,IAAI,IAAA,IAAQ,MAAM,OAAO,IAAA;AACzB,EAAA,IAAI,OAAO,IAAA,KAAS,QAAA,EAAU,OAAO,IAAA;AACrC,EAAA,IAAI,IAAA,YAAgB,iBAAiB,OAAO,IAAA;AAC5C,EAAA,IAAI,IAAA,YAAgB,UAAU,OAAO,IAAA;AACrC,EAAA,IAAI,IAAA,YAAgB,MAAM,OAAO,IAAA;AACjC,EAAA,IAAI,OAAO,SAAS,QAAA,EAAU;AAC5B,IAAA,OAAO,IAAA,CAAK,UAAU,IAAI,CAAA;AAAA,EAC5B;AACA,EAAA,OAAO,OAAO,IAAI,CAAA;AACpB;AAKO,SAAS,eAAA,CACd,KACA,KAAA,EACQ;AACR,EAAA,IAAI,CAAC,OAAO,OAAO,GAAA;AACnB,EAAA,MAAM,CAAA,GAAI,IAAI,GAAA,CAAI,GAAG,CAAA;AACrB,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAChD,IAAA,IAAI,KAAA,KAAU,MAAA,IAAa,KAAA,KAAU,IAAA,EAAM;AAC3C,IAAA,CAAA,CAAE,YAAA,CAAa,GAAA,CAAI,GAAA,EAAK,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,EACvC;AACA,EAAA,OAAO,EAAE,QAAA,EAAS;AACpB;;;ACxBA,eAAsB,WAAA,CACpB,GAAA,EACA,OAAA,GAA6B,EAAC,EACC;AAC/B,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,OAAA,CAAQ,OAAO,CAAA;AAC3C,EAAA,IAAI,OAAA,CAAQ,MAAM,KAAA,EAAO;AACvB,IAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,IAAA,CAAK,IAAA,IAAQ,QAAA;AAClC,IAAA,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA,EAAG,IAAI,IAAI,OAAA,CAAQ,IAAA,CAAK,KAAK,CAAA,CAAE,CAAA;AAAA,EAC9D;AAEA,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,GAAA,EAAK,OAAA,CAAQ,KAAK,CAAA;AACjD,EAAA,MAAM,IAAA,GAAO,kBAAA,CAAmB,OAAA,CAAQ,IAAI,CAAA;AAE5C,EAAA,IACE,IAAA,IAAQ,IAAA,IACR,OAAO,IAAA,KAAS,QAAA,IAChB,CAAC,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAC3B,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EACnB;AACA,IAAA,OAAA,CAAQ,GAAA,CAAI,gBAAgB,kBAAkB,CAAA;AAAA,EAChD;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,MAAA,EAAQ;AAAA,MACnC,MAAA,EAAQ,QAAQ,MAAA,IAAU,KAAA;AAAA,MAC1B,OAAA;AAAA,MACA,MAAM,IAAA,IAAQ,KAAA,CAAA;AAAA,MACd,QAAA,EAAU,QAAQ,QAAA,IAAY,QAAA;AAAA,MAC9B,QAAQ,OAAA,CAAQ;AAAA,KACjB,CAAA;AAED,IAAA,OAAA,CAAQ,UAAA,GAAa,EAAE,QAAA,EAAU,CAAA;AAEjC,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,IAAI,OAAA,GAAU,QAAA,CAAS,UAAA,IAAc,CAAA,KAAA,EAAQ,SAAS,MAAM,CAAA,CAAA;AAC5D,MAAA,IAAI;AACF,QAAA,MAAM,OAAA,GAAW,MAAM,QAAA,CAAS,KAAA,GAAQ,IAAA,EAAK;AAK7C,QAAA,OAAA,GACE,OAAA,CAAQ,OAAA,IACR,OAAA,CAAQ,iBAAA,IACR,QAAQ,KAAA,IACR,OAAA;AAAA,MACJ,CAAA,CAAA,MAAQ;AACN,QAAA,IAAI;AACF,UAAA,OAAA,GAAW,MAAM,QAAA,CAAS,KAAA,EAAM,CAAE,MAAK,IAAM,OAAA;AAAA,QAC/C,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AACA,MAAA,MAAM,KAAA,GAAQ;AAAA,QACZ,OAAA;AAAA,QACA,QAAQ,QAAA,CAAS,MAAA;AAAA,QACjB,YAAY,QAAA,CAAS;AAAA,OACvB;AACA,MAAA,OAAA,CAAQ,OAAA,GAAU,EAAE,QAAA,EAAU,KAAA,EAAO,CAAA;AACrC,MAAA,OAAO,EAAE,IAAA,EAAM,IAAA,EAAM,KAAA,EAAM;AAAA,IAC7B;AAEA,IAAA,MAAM,WAAA,GAAc,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AAC5D,IAAA,IAAI,YAAY,QAAA,CAAS,kBAAkB,KAAK,WAAA,CAAY,QAAA,CAAS,OAAO,CAAA,EAAG;AAC7E,MAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,MAAA,OAAO,EAAE,IAAA,EAAM,KAAA,EAAO,IAAA,EAAK;AAAA,IAC7B;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,EAAE,IAAA,EAAM,EAAC,EAAQ,OAAO,IAAA,EAAK;AAAA,IACtC;AACA,IAAA,IAAI;AACF,MAAA,OAAO,EAAE,IAAA,EAAM,IAAA,CAAK,MAAM,IAAI,CAAA,EAAQ,OAAO,IAAA,EAAK;AAAA,IACpD,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,EAAE,IAAA,EAAM,IAAA,EAAsB,KAAA,EAAO,IAAA,EAAK;AAAA,IACnD;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,KAAA,GAAQ;AAAA,MACZ,SAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AAAA,MAC9D,MAAA,EAAQ,CAAA;AAAA,MACR,UAAA,EAAY;AAAA,KACd;AAGA,IAAA,OAAA,CAAQ,OAAA,GAAU;AAAA,MAChB,QAAA,EAAU,IAAI,QAAA,CAAS,IAAA,EAAM,EAAE,MAAA,EAAQ,GAAA,EAAK,UAAA,EAAY,eAAA,EAAiB,CAAA;AAAA,MACzE,KAAA,EAAO;AAAA,KACR,CAAA;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,IAAA,EAAM,KAAA,EAAM;AAAA,EAC7B;AACF;;;AC/FA,IAAM,sBAAA,uBAA6B,GAAA,CAAI,CAAC,KAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC,CAAA;AAShE,SAAS,mBAAmB,QAAA,EAA6B;AACxD,EAAA,OACC,SAAS,IAAA,KAAS,gBAAA,IAClB,sBAAA,CAAuB,GAAA,CAAI,SAAS,MAAM,CAAA;AAE5C;AAEA,SAAS,gBAAgB,QAAA,EAAmC;AAC3D,EAAA,OAAO,IAAI,eAAA;AAAA,IACV,uBAAuB,QAAQ,CAAA,0HAAA;AAAA,GAChC;AACD;AASO,IAAM,kBAAA,GAAqB,EAAE,QAAA,EAAU,QAAA,EAAS;AAqBvD,eAAsB,sBAAA,CACrB,KACA,OAAA,EACC;AACD,EAAA,IAAI,UAAA,GAAa,KAAA;AACjB,EAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAe,GAAA,EAAK;AAAA,IACxC,GAAG,OAAA;AAAA,IACH,GAAG,kBAAA;AAAA,IACH,QAAQ,OAAA,EAAS;AAChB,MAAA,IAAI,kBAAA,CAAmB,OAAA,CAAQ,QAAQ,CAAA,EAAG,UAAA,GAAa,IAAA;AAAA,IACxD;AAAA,GACA,CAAA;AACD,EAAA,IAAI,UAAA,EAAY,MAAM,eAAA,CAAgB,GAAG,CAAA;AACzC,EAAA,OAAO,MAAA;AACR;;;AC3DO,SAAS,gBAAgB,IAAA,EAAyC;AACxE,EAAA,MAAM,OAAA,GAAU,CAAC,OAAA,KAAoB;AACpC,IAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,IAAA,OAAO,IAAI,IAAA,CAAK,GAAA,CAAI,OAAA,EAAQ,GAAI,UAAU,GAAI,CAAA;AAAA,EAC/C,CAAA;AAEA,EAAA,OAAO;AAAA,IACN,WAAW,IAAA,CAAK,UAAA;AAAA,IAChB,aAAa,IAAA,CAAK,YAAA;AAAA,IAClB,cAAc,IAAA,CAAK,aAAA;AAAA,IACnB,sBAAsB,IAAA,CAAK,UAAA,GACxB,OAAA,CAAQ,IAAA,CAAK,UAAU,CAAA,GACvB,MAAA;AAAA,IACH,uBAAuB,IAAA,CAAK,wBAAA,GACzB,OAAA,CAAQ,IAAA,CAAK,wBAAwB,CAAA,GACrC,MAAA;AAAA,IACH,MAAA,EAAQ,IAAA,EAAM,KAAA,GACX,OAAO,KAAK,KAAA,KAAU,QAAA,GACrB,IAAA,CAAK,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA,GACpB,IAAA,CAAK,QACN,EAAC;AAAA,IACJ,SAAS,IAAA,CAAK,QAAA;AAAA,IACd,GAAA,EAAK;AAAA,GACN;AACD;;;ACxBO,SAAS,mBAAmB,QAAA,EAAuC;AACzE,EAAA,MAAM,QAAQ,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,GAAI,QAAA,CAAS,CAAC,CAAA,GAAI,QAAA;AACtD,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,MAAA,GAAS,IAAI,KAAA,GAAQ,MAAA;AAChE;;;ACFA,eAAsB,sBAAsB,YAAA,EAAsB;AACjE,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,MAAA,CAAO,YAAY,CAAA;AACxC,EAAA,MAAM,OAAO,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,IAAI,CAAA;AACvD,EAAA,OAAO,SAAA,CAAU,MAAA,CAAO,IAAI,UAAA,CAAW,IAAI,CAAA,EAAG;AAAA,IAC7C,OAAA,EAAS;AAAA,GACT,CAAA;AACF;;;ACNA,eAAsB,sBAAA,CAAuB;AAAA,EAC5C,EAAA,EAAI,GAAA;AAAA,EACJ,OAAA;AAAA,EACA,qBAAA,EAAAA,sBAAAA;AAAA,EACA,KAAA;AAAA,EACA,YAAA;AAAA,EACA,MAAA;AAAA,EACA,MAAA;AAAA,EACA,WAAA;AAAA,EACA,QAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EACA,YAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA,EACA,EAAA;AAAA,EACA,YAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACD,CAAA,EAmBG;AAEF,EAAA,OAAA,GAAU,OAAO,OAAA,KAAY,UAAA,GAAa,MAAM,SAAQ,GAAI,OAAA;AAC5D,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,yBAAyBA,sBAAqB,CAAA;AAC1E,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,YAAA,IAAgB,MAAM,CAAA;AAC5D,EAAA,MAAM,eAAA,GAAkB,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,QAAQ,IACnD,OAAA,CAAQ,QAAA,CAAS,CAAC,CAAA,GAClB,OAAA,CAAQ,QAAA;AACX,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,eAAe,CAAA;AACjD,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AACnC,EAAA,IAAI,MAAA,EAAQ;AACX,IAAA,GAAA,CAAI,aAAa,GAAA,CAAI,OAAA,EAAS,OAAO,IAAA,CAAK,WAAA,IAAe,GAAG,CAAC,CAAA;AAAA,EAC9D;AACA,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,OAAA,CAAQ,eAAe,WAAW,CAAA;AACvE,EAAA,QAAA,IAAY,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,QAAQ,CAAA;AACrD,EAAA,OAAA,IAAW,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,SAAA,EAAW,OAAO,CAAA;AAClD,EAAA,SAAA,IAAa,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,YAAA,EAAc,SAAS,CAAA;AACzD,EAAA,MAAA,IAAU,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,QAAA,EAAU,MAAM,CAAA;AAC/C,EAAA,EAAA,IAAM,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,IAAA,EAAM,EAAE,CAAA;AACnC,EAAA,UAAA,IAAc,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,aAAA,EAAe,UAAU,CAAA;AAC5D,EAAA,YAAA,IAAgB,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,YAAY,CAAA;AAClE,EAAA,IAAI,YAAA,EAAc;AACjB,IAAA,MAAM,aAAA,GAAgB,MAAM,qBAAA,CAAsB,YAAY,CAAA;AAC9D,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,MAAM,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,aAAa,CAAA;AAAA,EACrD;AACA,EAAA,IAAI,MAAA,EAAQ;AACX,IAAA,MAAM,YAAY,MAAA,CAAO,MAAA;AAAA,MACxB,CAAC,KAAK,KAAA,KAAU;AACf,QAAA,GAAA,CAAI,KAAK,CAAA,GAAI,IAAA;AACb,QAAA,OAAO,GAAA;AAAA,MACR,CAAA;AAAA,MACA;AAAC,KACF;AACA,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA;AAAA,MAChB,QAAA;AAAA,MACA,KAAK,SAAA,CAAU;AAAA,QACd,UAAU,EAAE,KAAA,EAAO,MAAM,cAAA,EAAgB,IAAA,EAAM,GAAG,SAAA;AAAU,OAC5D;AAAA,KACF;AAAA,EACD;AACA,EAAA,IAAI,gBAAA,EAAkB;AACrB,IAAA,MAAA,CAAO,OAAA,CAAQ,gBAAgB,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAC1D,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,IAChC,CAAC,CAAA;AAAA,EACF;AACA,EAAA,OAAO,GAAA;AACR;;;AClEO,SAAS,+BAAA,CAAgC;AAAA,EAC/C,YAAA;AAAA,EACA,OAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA;AACD,CAAA,EAMG;AACF,EAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,EAAA,MAAM,OAAA,GAA+B;AAAA,IACpC,cAAA,EAAgB,mCAAA;AAAA,IAChB,MAAA,EAAQ;AAAA,GACT;AAEA,EAAA,IAAA,CAAK,GAAA,CAAI,cAAc,eAAe,CAAA;AACtC,EAAA,IAAA,CAAK,GAAA,CAAI,iBAAiB,YAAY,CAAA;AAGtC,EAAA,IAAI,mBAAmB,OAAA,EAAS;AAC/B,IAAA,MAAM,eAAA,GAAkB,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,QAAQ,IACnD,OAAA,CAAQ,QAAA,CAAS,CAAC,CAAA,GAClB,OAAA,CAAQ,QAAA;AACX,IAAA,IAAI,eAAA,EAAiB;AACpB,MAAA,OAAA,CAAQ,eAAe,CAAA,GACtB,QAAA,GACA,MAAA,CAAO,MAAA,CAAO,CAAA,EAAG,eAAe,CAAA,CAAA,EAAI,OAAA,CAAQ,YAAA,IAAgB,EAAE,CAAA,CAAE,CAAA;AAAA,IAClE,CAAA,MAAO;AACN,MAAA,OAAA,CAAQ,eAAe,IACtB,QAAA,GAAW,MAAA,CAAO,OAAO,CAAA,CAAA,EAAI,OAAA,CAAQ,YAAA,IAAgB,EAAE,CAAA,CAAE,CAAA;AAAA,IAC3D;AAAA,EACD,CAAA,MAAO;AACN,IAAA,MAAM,eAAA,GAAkB,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,QAAQ,IACnD,OAAA,CAAQ,QAAA,CAAS,CAAC,CAAA,GAClB,OAAA,CAAQ,QAAA;AACX,IAAA,IAAA,CAAK,GAAA,CAAI,aAAa,eAAe,CAAA;AACrC,IAAA,IAAI,QAAQ,YAAA,EAAc;AACzB,MAAA,IAAA,CAAK,GAAA,CAAI,eAAA,EAAiB,OAAA,CAAQ,YAAY,CAAA;AAAA,IAC/C;AAAA,EACD;AAEA,EAAA,IAAI,QAAA,EAAU;AACb,IAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AACjC,MAAA,IAAA,CAAK,MAAA,CAAO,YAAY,QAAQ,CAAA;AAAA,IACjC,CAAA,MAAO;AACN,MAAA,KAAA,MAAW,aAAa,QAAA,EAAU;AACjC,QAAA,IAAA,CAAK,MAAA,CAAO,YAAY,SAAS,CAAA;AAAA,MAClC;AAAA,IACD;AAAA,EACD;AACA,EAAA,IAAI,WAAA,EAAa;AAChB,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,WAAW,CAAA,EAAG;AACvD,MAAA,IAAA,CAAK,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,IACpB;AAAA,EACD;AAEA,EAAA,OAAO;AAAA,IACN,IAAA;AAAA,IACA;AAAA,GACD;AACD;AAQA,eAAsB,kBAAA,CAAmB;AAAA,EACxC,YAAA;AAAA,EACA,OAAA;AAAA,EACA,aAAA,EAAAC,cAAAA;AAAA,EACA,cAAA;AAAA,EACA;AACD,CAAA,EAM0B;AACzB,EAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAQ,GAAI,MAAM,+BAAA,CAAgC;AAAA,IAC/D,YAAA;AAAA,IACA,OAAA;AAAA,IACA,cAAA;AAAA,IACA;AAAA,GACA,CAAA;AAED,EAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,uBAQ3BA,cAAAA,EAAe;AAAA,IACjB,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA;AAAA,IACA;AAAA,GACA,CAAA;AACD,EAAA,IAAI,KAAA,EAAO;AACV,IAAA,MAAM,KAAA;AAAA,EACP;AACA,EAAA,MAAM,MAAA,GAAuB;AAAA,IAC5B,aAAa,IAAA,CAAK,YAAA;AAAA,IAClB,cAAc,IAAA,CAAK,aAAA;AAAA,IACnB,WAAW,IAAA,CAAK,UAAA;AAAA,IAChB,MAAA,EAAQ,IAAA,CAAK,KAAA,EAAO,KAAA,CAAM,GAAG,CAAA;AAAA,IAC7B,SAAS,IAAA,CAAK;AAAA,GACf;AAEA,EAAA,IAAI,KAAK,UAAA,EAAY;AACpB,IAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,IAAA,MAAA,CAAO,uBAAuB,IAAI,IAAA;AAAA,MACjC,GAAA,CAAI,OAAA,EAAQ,GAAI,IAAA,CAAK,UAAA,GAAa;AAAA,KACnC;AAAA,EACD;AAEA,EAAA,IAAI,KAAK,wBAAA,EAA0B;AAClC,IAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,IAAA,MAAA,CAAO,wBAAwB,IAAI,IAAA;AAAA,MAClC,GAAA,CAAI,OAAA,EAAQ,GAAI,IAAA,CAAK,wBAAA,GAA2B;AAAA,KACjD;AAAA,EACD;AAEA,EAAA,OAAO,MAAA;AACR;ACvJA,eAAsB,wBAAA,CAAyB;AAAA,EAC9C,IAAA;AAAA,EACA,YAAA;AAAA,EACA,WAAA;AAAA,EACA,OAAA;AAAA,EACA,cAAA;AAAA,EACA,QAAA;AAAA,EACA,OAAA;AAAA,EACA,mBAAmB,EAAC;AAAA,EACpB;AACD,CAAA,EAUG;AACF,EAAA,OAAA,GAAU,OAAO,OAAA,KAAY,UAAA,GAAa,MAAM,SAAQ,GAAI,OAAA;AAC5D,EAAA,OAAO,8BAAA,CAA+B;AAAA,IACrC,IAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAA;AAAA,IACA,OAAA;AAAA,IACA,cAAA;AAAA,IACA,QAAA;AAAA,IACA,OAAA;AAAA,IACA,gBAAA;AAAA,IACA;AAAA,GACA,CAAA;AACF;AAKO,SAAS,8BAAA,CAA+B;AAAA,EAC9C,IAAA;AAAA,EACA,YAAA;AAAA,EACA,WAAA;AAAA,EACA,OAAA;AAAA,EACA,cAAA;AAAA,EACA,QAAA;AAAA,EACA,OAAA;AAAA,EACA,mBAAmB,EAAC;AAAA,EACpB;AACD,CAAA,EAUG;AACF,EAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,EAAA,MAAM,cAAA,GAAsC;AAAA,IAC3C,cAAA,EAAgB,mCAAA;AAAA,IAChB,MAAA,EAAQ,kBAAA;AAAA,IACR,GAAG;AAAA,GACJ;AAEA,EAAA,IAAA,CAAK,GAAA,CAAI,cAAc,oBAAoB,CAAA;AAC3C,EAAA,IAAA,CAAK,GAAA,CAAI,QAAQ,IAAI,CAAA;AACrB,EAAA,YAAA,IAAgB,IAAA,CAAK,GAAA,CAAI,eAAA,EAAiB,YAAY,CAAA;AACtD,EAAA,OAAA,CAAQ,SAAA,IAAa,IAAA,CAAK,GAAA,CAAI,YAAA,EAAc,QAAQ,SAAS,CAAA;AAC7D,EAAA,QAAA,IAAY,IAAA,CAAK,GAAA,CAAI,WAAA,EAAa,QAAQ,CAAA;AAC1C,EAAA,IAAA,CAAK,GAAA,CAAI,cAAA,EAAgB,OAAA,CAAQ,WAAA,IAAe,WAAW,CAAA;AAC3D,EAAA,IAAI,QAAA,EAAU;AACb,IAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AACjC,MAAA,IAAA,CAAK,MAAA,CAAO,YAAY,QAAQ,CAAA;AAAA,IACjC,CAAA,MAAO;AACN,MAAA,KAAA,MAAW,aAAa,QAAA,EAAU;AACjC,QAAA,IAAA,CAAK,MAAA,CAAO,YAAY,SAAS,CAAA;AAAA,MAClC;AAAA,IACD;AAAA,EACD;AAGA,EAAA,IAAI,mBAAmB,OAAA,EAAS;AAC/B,IAAA,MAAM,eAAA,GAAkB,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,QAAQ,IACnD,OAAA,CAAQ,QAAA,CAAS,CAAC,CAAA,GAClB,OAAA,CAAQ,QAAA;AACX,IAAA,MAAM,qBAAqB,MAAA,CAAO,MAAA;AAAA,MACjC,CAAA,EAAG,eAAe,CAAA,CAAA,EAAI,OAAA,CAAQ,gBAAgB,EAAE,CAAA;AAAA,KACjD;AACA,IAAA,cAAA,CAAe,eAAe,CAAA,GAAI,CAAA,MAAA,EAAS,kBAAkB,CAAA,CAAA;AAAA,EAC9D,CAAA,MAAO;AACN,IAAA,MAAM,eAAA,GAAkB,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,QAAQ,IACnD,OAAA,CAAQ,QAAA,CAAS,CAAC,CAAA,GAClB,OAAA,CAAQ,QAAA;AACX,IAAA,IAAA,CAAK,GAAA,CAAI,aAAa,eAAe,CAAA;AACrC,IAAA,IAAI,QAAQ,YAAA,EAAc;AACzB,MAAA,IAAA,CAAK,GAAA,CAAI,eAAA,EAAiB,OAAA,CAAQ,YAAY,CAAA;AAAA,IAC/C;AAAA,EACD;AAEA,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,gBAAgB,CAAA,EAAG;AAC5D,IAAA,IAAI,CAAC,KAAK,GAAA,CAAI,GAAG,GAAG,IAAA,CAAK,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,EAC3C;AAEA,EAAA,OAAO;AAAA,IACN,IAAA;AAAA,IACA,OAAA,EAAS;AAAA,GACV;AACD;AAUA,eAAsB,yBAAA,CAA0B;AAAA,EAC/C,IAAA;AAAA,EACA,YAAA;AAAA,EACA,WAAA;AAAA,EACA,OAAA;AAAA,EACA,aAAA,EAAAA,cAAAA;AAAA,EACA,cAAA;AAAA,EACA,QAAA;AAAA,EACA,OAAA;AAAA,EACA,mBAAmB,EAAC;AAAA,EACpB;AACD,CAAA,EAWG;AACF,EAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,cAAA,EAAe,GAAI,MAAM,wBAAA,CAAyB;AAAA,IACxE,IAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAA;AAAA,IACA,OAAA;AAAA,IACA,cAAA;AAAA,IACA,QAAA;AAAA,IACA,OAAA;AAAA,IACA,gBAAA;AAAA,IACA;AAAA,GACA,CAAA;AAED,EAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,uBAA+BA,cAAAA,EAAe;AAAA,IAC3E,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA;AAAA,IACA,OAAA,EAAS;AAAA,GACT,CAAA;AACD,EAAA,IAAI,KAAA,EAAO;AACV,IAAA,MAAM,KAAA;AAAA,EACP;AACA,EAAA,MAAM,MAAA,GAAS,gBAAgB,IAAI,CAAA;AACnC,EAAA,OAAO,MAAA;AACR;;;AC3KA,eAAsB,UAAU,KAAA,EAAgC;AAC9D,EAAA,MAAM,IAAA,GAAO,IAAI,WAAA,EAAY,CAAE,OAAO,KAAK,CAAA;AAC3C,EAAA,MAAM,SAAS,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,IAAI,CAAA;AACzD,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA,CACrC,IAAI,CAAC,IAAA,KAAS,KAAK,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAChD,KAAK,EAAE,CAAA;AACZ;AAMA,eAAsB,YAAA,CACpB,UACA,KAAA,EACkB;AAClB,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,aAAa,KAAA,EAAO;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,QAAA,KAAc,MAAM,SAAA,CAAU,KAAK,CAAA;AAC5C;ACEA,eAAsB,gBAAA,CACpB,SACA,GAAA,EACgD;AAChD,EAAA,MAAM,EAAE,IAAA,EAAK,GAAI,MAAM,YAAiC,OAAO,CAAA;AAE/D,EAAA,IAAI,CAAC,MAAM,IAAA,EAAM;AACf,IAAA,MAAM,IAAI,SAAS,aAAA,EAAe;AAAA,MAChC,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,GAAA,GAAM,KAAK,IAAA,CAAK,IAAA,CAAK,CAAC,GAAA,KAAQ,GAAA,CAAI,QAAQ,GAAG,CAAA;AACnD,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,aAAA,EAAgB,GAAG,CAAA,UAAA,CAAY,CAAA;AAAA,EACjD;AAEA,EAAA,OAAO,MAAM,SAAA,CAAU,GAAA,EAAK,GAAA,CAAI,GAAG,CAAA;AACrC;;;ACzCO,IAAM,iBAAA,GAAoB,OAAO,GAAA,KAAgB;AACtD,EAAA,OAAO,gBAAA,CAAiB,uCAAuC,GAAG,CAAA;AACpE;;;ACqBO,IAAM,KAAA,GAAQ,CAAC,OAAA,KAA0B;AAC/C,EAAA,MAAMA,cAAAA,GAAgB,sCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,OAAA;AAAA,IACJ,IAAA,EAAM,OAAA;AAAA,IACN,MAAM,sBAAA,CAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,aAAY,EAAG;AAC5D,MAAA,IAAI,CAAC,kBAAA,CAAmB,OAAA,CAAQ,QAAQ,CAAA,IAAK,CAAC,QAAQ,YAAA,EAAc;AACnE,QAAA,MAAA,CAAO,KAAA;AAAA,UACN;AAAA,SACD;AACA,QAAA,MAAM,IAAI,gBAAgB,+BAA+B,CAAA;AAAA,MAC1D;AACA,MAAA,MAAM,SAAS,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,SAAS,MAAM,CAAA;AAClE,MAAA,IAAI,QAAQ,KAAA,EAAO,MAAA,CAAO,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAC/C,MAAA,IAAI,MAAA,EAAQ,MAAA,CAAO,IAAA,CAAK,GAAG,MAAM,CAAA;AACjC,MAAA,MAAM,GAAA,GAAM,MAAM,sBAAA,CAAuB;AAAA,QACxC,EAAA,EAAI,OAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,0CAAA;AAAA,QACvB,MAAA,EAAQ,MAAA;AAAA,QACR,KAAA;AAAA,QACA,WAAA;AAAA,QACA,YAAA,EAAc,WAAA;AAAA,QACd,YAAA,EAAc;AAAA,OACd,CAAA;AACD,MAAA,OAAO,GAAA;AAAA,IACR,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,MAAM,aAAA,CAAc,KAAA,EAAO,KAAA,EAAO;AACjC,MAAA,IAAI,QAAQ,oBAAA,EAAsB;AACjC,QAAA,OAAO,KAAA;AAAA,MACR;AACA,MAAA,IAAI,QAAQ,aAAA,EAAe;AAC1B,QAAA,OAAO,OAAA,CAAQ,aAAA,CAAc,KAAA,EAAO,KAAK,CAAA;AAAA,MAC1C;AACA,MAAA,IAAI;AACH,QAAA,MAAM,aAAA,GAAgB,sBAAsB,KAAK,CAAA;AACjD,QAAA,MAAM,EAAE,GAAA,EAAK,GAAA,EAAK,MAAA,EAAO,GAAI,aAAA;AAC7B,QAAA,IAAI,CAAC,GAAA,IAAO,CAAC,MAAA,EAAQ,OAAO,KAAA;AAC5B,QAAA,MAAM,SAAA,GAAY,MAAM,iBAAA,CAAkB,GAAG,CAAA;AAC7C,QAAA,MAAM,EAAE,OAAA,EAAS,SAAA,KAAc,MAAMC,SAAAA,CAAU,OAAO,SAAA,EAAW;AAAA,UAChE,UAAA,EAAY,CAAC,MAAM,CAAA;AAAA,UACnB,MAAA,EAAQ,2BAAA;AAAA,UACR,QAAA,EACC,OAAA,CAAQ,QAAA,IAAY,OAAA,CAAQ,QAAA,CAAS,MAAA,GAClC,OAAA,CAAQ,QAAA,GACR,OAAA,CAAQ,mBAAA,GACP,OAAA,CAAQ,mBAAA,GACR,OAAA,CAAQ,QAAA;AAAA,UACb,WAAA,EAAa;AAAA,SACb,CAAA;AACD,QAAA,CAAC,gBAAA,EAAkB,kBAAkB,CAAA,CAAE,OAAA,CAAQ,CAAC,KAAA,KAAU;AACzD,UAAA,IAAI,SAAA,CAAU,KAAK,CAAA,KAAM,KAAA,CAAA,EAAW;AACnC,YAAA,SAAA,CAAU,KAAK,CAAA,GAAI,OAAA,CAAQ,SAAA,CAAU,KAAK,CAAC,CAAA;AAAA,UAC5C;AAAA,QACD,CAAC,CAAA;AACD,QAAA,IAAI,SAAS,CAAE,MAAM,aAAa,SAAA,CAAU,KAAA,EAAO,KAAK,CAAA,EAAI;AAC3D,UAAA,OAAO,KAAA;AAAA,QACR;AACA,QAAA,OAAO,CAAC,CAAC,SAAA;AAAA,MACV,CAAA,CAAA,MAAQ;AACP,QAAA,OAAO,KAAA;AAAA,MACR;AAAA,IACD,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAD;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,IAAI,CAAC,MAAM,OAAA,EAAS;AACnB,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAU,SAAA,CAAwB,KAAA,CAAM,OAAO,CAAA;AACrD,MAAA,IAAI,CAAC,OAAA,EAAS;AACb,QAAA,OAAO,IAAA;AAAA,MACR;AAGA,MAAA,IAAI,IAAA;AACJ,MAAA,IAAI,KAAA,CAAM,MAAM,IAAA,EAAM;AACrB,QAAA,MAAM,SAAA,GAAY,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,SAAA,IAAa,EAAA;AAC/C,QAAA,MAAM,QAAA,GAAW,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,QAAA,IAAY,EAAA;AAC7C,QAAA,MAAM,WAAW,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,QAAQ,GAAG,IAAA,EAAK;AACjD,QAAA,IAAA,GAAO,QAAA;AAAA,MACR,CAAA,MAAO;AACN,QAAA,IAAA,GAAO,QAAQ,IAAA,IAAQ,EAAA;AAAA,MACxB;AAEA,MAAA,MAAM,aAAA,GACL,OAAO,OAAA,CAAQ,cAAA,KAAmB,YAC/B,OAAA,CAAQ,cAAA,GACR,QAAQ,cAAA,KAAmB,MAAA;AAC/B,MAAA,MAAM,eAAA,GAAkB;AAAA,QACvB,GAAG,OAAA;AAAA,QACH;AAAA,OACD;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,eAAe,CAAA;AAChE,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,GAAA;AAAA,UACZ,MAAM,eAAA,CAAgB,IAAA;AAAA,UACtB,aAAA;AAAA,UACA,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;AC5HO,IAAM,SAAA,GAAY,CAAC,OAAA,KAA8B;AACvD,EAAA,MAAMA,cAAAA,GAAgB,wCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,WAAA;AAAA,IACJ,IAAA,EAAM,WAAA;AAAA,IAEN,MAAM,sBAAA,CAAuB,EAAE,OAAO,MAAA,EAAQ,YAAA,EAAc,aAAY,EAAG;AAC1E,MAAA,IAAI,CAAC,OAAA,CAAQ,QAAA,IAAY,CAAC,QAAQ,YAAA,EAAc;AAC/C,QAAA,MAAA,CAAO,MAAM,iDAAiD,CAAA;AAC9D,QAAA,MAAM,IAAI,gBAAgB,+BAA+B,CAAA;AAAA,MAC1D;AACA,MAAA,IAAI,CAAC,YAAA,EAAc;AAClB,QAAA,MAAM,IAAI,gBAAgB,wCAAwC,CAAA;AAAA,MACnE;AAEA,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GACrB,EAAC,GACD,CAAC,kBAAkB,gBAAgB,CAAA;AACtC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAElC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,WAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,sCAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,gBAAA,EAAkB;AAAA,UACjB,QAAA,EAAU;AAAA,SACX;AAAA,QACA,QAAQ,OAAA,CAAQ;AAAA,OAChB,CAAA;AAAA,IACF,CAAA;AAAA,IAEA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IAEA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IAEF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,IAAI,CAAC,MAAM,WAAA,EAAa;AACvB,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,IAAI;AACH,QAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAQ,GAAI,MAAM,YAK7B,8BAAA,EAAgC;AAAA,UAClC,SAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA,CAAA;AAAG,SACxD,CAAA;AAED,QAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AAErB,QAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AAExD,QAAA,OAAO;AAAA,UACN,IAAA,EAAM;AAAA,YACL,IAAI,OAAA,CAAQ,UAAA;AAAA,YACZ,MAAM,OAAA,CAAQ,IAAA;AAAA,YACd,OAAO,OAAA,CAAQ,KAAA;AAAA,YACf,OAAO,OAAA,CAAQ,OAAA;AAAA,YACf,aAAA,EAAe,KAAA;AAAA,YACf,GAAG;AAAA,WACJ;AAAA,UACA,IAAA,EAAM;AAAA,SACP;AAAA,MACD,SAAS,KAAA,EAAO;AACf,QAAA,MAAA,CAAO,KAAA,CAAM,yCAAyC,KAAK,CAAA;AAC3D,QAAA,OAAO,IAAA;AAAA,MACR;AAAA,IACD,CAAA;AAAA,IAEA;AAAA,GACD;AACD;;;AC3HO,SAAS,kBAAkB,KAAA,EAAuB;AACvD,EAAA,IAAI,MAAA,GAAS,KAAA;AACb,EAAA,OAAO,MAAA,CAAO,QAAA,CAAS,GAAG,CAAA,EAAG;AAC3B,IAAA,MAAA,GAAS,MAAA,CAAO,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAAA,EAC7B;AACA,EAAA,OAAO,MAAA;AACT;;;AC2CA,SAAS,cAAc,OAAA,EAAgC;AACrD,EAAA,IAAI,OAAA,CAAQ,MAAA,EAAQ,OAAO,iBAAA,CAAkB,QAAQ,MAAM,CAAA;AAE3D,EAAA,IAAI,QAAQ,qBAAA,EAAuB;AACjC,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,qBAAqB,CAAA;AACjD,MAAA,OAAO,CAAA,EAAG,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK,IAAI,IAAI,CAAA,CAAA;AAAA,IACrC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AACA,EAAA,MAAM,IAAI,KAAA;AAAA,IACR;AAAA,GACF;AACF;AAWO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AAChD,EAAA,MAAM,MAAA,GAAS,MAAM,aAAA,CAAc,OAAO,CAAA;AAC1C,EAAA,MAAMD,yBAAwB,MAC5B,OAAA,CAAQ,qBAAA,IACR,CAAA,EAAG,QAAQ,CAAA,iBAAA,CAAA;AACb,EAAA,MAAMC,iBAAgB,MACpB,OAAA,CAAQ,aAAA,IAAiB,CAAA,EAAG,QAAQ,CAAA,aAAA,CAAA;AACtC,EAAA,MAAM,mBAAmB,MACvB,OAAA,CAAQ,gBAAA,IAAoB,CAAA,EAAG,QAAQ,CAAA,gBAAA,CAAA;AAEzC,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,sBAAA,CAAuB;AAAA,MACrB,KAAA;AAAA,MACA,MAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAA;AAAA,MACA,SAAA;AAAA,MACA;AAAA,KACF,EAOG;AACD,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACpB,KACA,CAAC,QAAA,EAAU,WAAW,OAAO,CAAA;AACjC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC5B,EAAA,EAAI,QAAA;AAAA,QACJ,OAAA;AAAA,QACA,uBAAuBD,sBAAAA,EAAsB;AAAA,QAC7C,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,SAAA;AAAA,QACA,OAAA;AAAA,QACA,QAAQ,OAAA,CAAQ;AAAA,OACjB,CAAA;AAAA,IACH,CAAA;AAAA,IACA,2BAA2B,OAAO;AAAA,MAChC,IAAA;AAAA,MACA,YAAA;AAAA,MACA;AAAA,KACF,KAKM;AACJ,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAC/B,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,eAAeC,cAAAA;AAAc,OAC9B,CAAA;AAAA,IACH,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACxB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAyB;AAC9B,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACxB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACP,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACxB;AAAA,QACA,eAAeA,cAAAA;AAAc,OAC9B,CAAA;AAAA,IACH,CAAA;AAAA,IACJ,MAAM,YAAY,KAAA,EAAO;AACvB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MAClC;AACA,MAAA,IAAI,CAAC,MAAM,WAAA,EAAa;AACtB,QAAA,OAAO,IAAA;AAAA,MACT;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACrC,gBAAA,EAAiB;AAAA,QACjB;AAAA,UACE,OAAA,EAAS;AAAA,YACP,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA,CAAA;AAAA,YAC1C,YAAA,EAAc,aAAA;AAAA,YACd,MAAA,EAAQ;AAAA;AACV;AACF,OACF;AACA,MAAA,IAAI,KAAA,IAAS,CAAC,OAAA,EAAS;AACrB,QAAA,MAAA,CAAO,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACnD,QAAA,OAAO,IAAA;AAAA,MACT;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACL,IAAA,EAAM;AAAA,UACJ,IAAI,OAAA,CAAQ,GAAA;AAAA,UACZ,MAAM,OAAA,CAAQ,IAAA;AAAA,UACd,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,OAAO,OAAA,CAAQ,OAAA;AAAA,UACf,aAAA,EAAe,QAAQ,cAAA,IAAkB,KAAA;AAAA,UACzC,GAAG;AAAA,SACL;AAAA,QACA,IAAA,EAAM;AAAA,OACR;AAAA,IACF,CAAA;AAAA,IACA;AAAA,GACF;AACF;;;AC1LO,IAAM,mBAAA,GAAsB,OACjC,GAAA,EACA,MAAA,EACA,UAAA,KACG;AACH,EAAA,MAAM,OAAA,GAAU,CAAA,oBAAA,EAAuB,MAAM,CAAA,eAAA,EAAkB,UAAU,CAAA,sBAAA,CAAA;AACzE,EAAA,IAAI;AACF,IAAA,OAAO,MAAM,gBAAA,CAAiB,OAAA,EAAS,GAAG,CAAA;AAAA,EAC5C,SAAS,KAAA,EAAO;AACd,IAAA,MAAA,CAAO,KAAA,CAAM,uCAAuC,KAAK,CAAA;AACzD,IAAA,MAAM,KAAA;AAAA,EACR;AACF;;;ACAO,IAAM,OAAA,GAAU,CAAC,OAAA,KAA4B;AACnD,EAAA,IAAI,CAAC,QAAQ,MAAA,IAAU,CAAC,QAAQ,MAAA,IAAU,CAAC,QAAQ,UAAA,EAAY;AAC9D,IAAA,MAAA,CAAO,KAAA;AAAA,MACN;AAAA,KACD;AACA,IAAA,MAAM,IAAI,gBAAgB,4BAA4B,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,MAAA,CAAO,OAAA,CAAQ,gBAAgB,EAAE,CAAA;AAC7D,EAAA,MAAMD,sBAAAA,GAAwB,WAAW,WAAW,CAAA,iBAAA,CAAA;AACpD,EAAA,MAAMC,cAAAA,GAAgB,WAAW,WAAW,CAAA,aAAA,CAAA;AAC5C,EAAA,MAAM,gBAAA,GAAmB,WAAW,WAAW,CAAA,gBAAA,CAAA;AAE/C,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,SAAA;AAAA,IACJ,IAAA,EAAM,SAAA;AAAA,IACN,MAAM,sBAAA,CAAuB,EAAE,OAAO,MAAA,EAAQ,YAAA,EAAc,aAAY,EAAG;AAC1E,MAAA,IAAI,CAAC,kBAAA,CAAmB,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAC1C,QAAA,MAAA,CAAO,KAAA;AAAA,UACN;AAAA,SACD;AACA,QAAA,MAAM,IAAI,gBAAgB,+BAA+B,CAAA;AAAA,MAC1D;AAEA,MAAA,IAAI,OAAA,CAAQ,mBAAA,IAAuB,CAAC,OAAA,CAAQ,YAAA,EAAc;AACzD,QAAA,MAAA,CAAO,KAAA;AAAA,UACN;AAAA,SACD;AACA,QAAA,MAAM,IAAI,gBAAgB,wBAAwB,CAAA;AAAA,MACnD;AACA,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACrB,KACA,CAAC,QAAA,EAAU,WAAW,OAAO,CAAA;AAChC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAElC,MAAA,MAAM,GAAA,GAAM,MAAM,sBAAA,CAAuB;AAAA,QACxC,EAAA,EAAI,SAAA;AAAA,QACJ,OAAA,EAAS;AAAA,UACR,GAAG;AAAA,SACJ;AAAA,QACA,qBAAA,EAAAD,sBAAAA;AAAA,QACA,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,QAAQ,OAAA,CAAQ;AAAA,OAChB,CAAA;AAGD,MAAA,MAAM,UAAA,GAAa,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC/C,MAAA,IAAI,UAAA,EAAY;AACf,QAAA,GAAA,CAAI,YAAA,CAAa,OAAO,OAAO,CAAA;AAC/B,QAAA,MAAM,YAAA,GAAe,mBAAmB,UAAU,CAAA;AAElD,QAAA,MAAM,SAAA,GAAY,IAAI,QAAA,EAAS;AAC/B,QAAA,MAAM,SAAA,GAAY,SAAA,CAAU,QAAA,CAAS,GAAG,IAAI,GAAA,GAAM,GAAA;AAClD,QAAA,OAAO,IAAI,IAAI,CAAA,EAAG,SAAS,GAAG,SAAS,CAAA,MAAA,EAAS,YAAY,CAAA,CAAE,CAAA;AAAA,MAC/D;AACA,MAAA,OAAO,GAAA;AAAA,IACR,CAAA;AAAA,IAEA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAC;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IAEA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IAEF,MAAM,aAAA,CAAc,KAAA,EAAO,KAAA,EAAO;AACjC,MAAA,IAAI,QAAQ,oBAAA,EAAsB;AACjC,QAAA,OAAO,KAAA;AAAA,MACR;AACA,MAAA,IAAI,QAAQ,aAAA,EAAe;AAC1B,QAAA,OAAO,OAAA,CAAQ,aAAA,CAAc,KAAA,EAAO,KAAK,CAAA;AAAA,MAC1C;AAEA,MAAA,IAAI;AACH,QAAA,MAAM,aAAA,GAAgBE,sBAAsB,KAAK,CAAA;AACjD,QAAA,MAAM,EAAE,GAAA,EAAK,GAAA,EAAK,MAAA,EAAO,GAAI,aAAA;AAC7B,QAAA,IAAI,CAAC,GAAA,IAAO,CAAC,MAAA,EAAQ,OAAO,KAAA;AAE5B,QAAA,MAAM,YAAY,MAAM,mBAAA;AAAA,UACvB,GAAA;AAAA,UACA,OAAA,CAAQ,MAAA;AAAA,UACR,OAAA,CAAQ;AAAA,SACT;AACA,QAAA,MAAM,iBAAiB,CAAA,oBAAA,EAAuB,OAAA,CAAQ,MAAM,CAAA,eAAA,EAAkB,QAAQ,UAAU,CAAA,CAAA;AAEhG,QAAA,MAAM,EAAE,OAAA,EAAS,SAAA,KAAc,MAAMD,SAAAA,CAAU,OAAO,SAAA,EAAW;AAAA,UAChE,UAAA,EAAY,CAAC,MAAM,CAAA;AAAA,UACnB,MAAA,EAAQ,cAAA;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAA,EAAa;AAAA,SACb,CAAA;AAED,QAAA,IAAI,KAAA,IAAS,SAAA,CAAU,KAAA,KAAU,KAAA,EAAO;AACvC,UAAA,OAAO,KAAA;AAAA,QACR;AACA,QAAA,OAAO,IAAA;AAAA,MACR,SAAS,KAAA,EAAO;AACf,QAAA,MAAA,CAAO,KAAA,CAAM,8BAA8B,KAAK,CAAA;AAChD,QAAA,OAAO,KAAA;AAAA,MACR;AAAA,IACD,CAAA;AAAA,IAEA,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,IAAI,MAAM,OAAA,EAAS;AAClB,QAAA,IAAI;AACH,UAAA,MAAM,OAAA,GAAUE,SAAAA,CAA0B,KAAA,CAAM,OAAO,CAAA;AACvD,UAAA,IAAI,CAAC,OAAA,EAAS;AACb,YAAA,OAAO,IAAA;AAAA,UACR;AACA,UAAA,MAAM,OACL,OAAA,CAAQ,IAAA,IAAQ,OAAA,CAAQ,UAAA,IAAc,QAAQ,QAAA,IAAY,EAAA;AAC3D,UAAA,MAAM,eAAA,GAAkB;AAAA,YACvB,GAAG,OAAA;AAAA,YACH;AAAA,WACD;AACA,UAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,eAAe,CAAA;AAEhE,UAAA,OAAO;AAAA,YACN,IAAA,EAAM;AAAA,cACL,IAAI,OAAA,CAAQ,GAAA;AAAA,cACZ,MAAM,eAAA,CAAgB,IAAA;AAAA,cACtB,OAAO,OAAA,CAAQ,KAAA;AAAA,cACf,OAAO,OAAA,CAAQ,OAAA;AAAA,cACf,eAAe,OAAA,CAAQ,cAAA;AAAA,cACvB,GAAG;AAAA,aACJ;AAAA,YACA,IAAA,EAAM;AAAA,WACP;AAAA,QACD,SAAS,KAAA,EAAO;AACf,UAAA,MAAA,CAAO,KAAA,CAAM,8BAA8B,KAAK,CAAA;AAAA,QACjD;AAAA,MACD;AAEA,MAAA,IAAI,MAAM,WAAA,EAAa;AACtB,QAAA,IAAI;AACH,UAAA,MAAM,EAAE,IAAA,EAAM,QAAA,EAAS,GAAI,MAAM,WAAA;AAAA,YAChC,gBAAA;AAAA,YACA;AAAA,cACC,OAAA,EAAS;AAAA,gBACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,WACD;AAEA,UAAA,IAAI,QAAA,EAAU;AACb,YAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,QAAQ,CAAA;AACzD,YAAA,OAAO;AAAA,cACN,IAAA,EAAM;AAAA,gBACL,IAAI,QAAA,CAAS,GAAA;AAAA,gBACb,MACC,QAAA,CAAS,IAAA,IACT,QAAA,CAAS,UAAA,IACT,SAAS,QAAA,IACT,EAAA;AAAA,gBACD,OAAO,QAAA,CAAS,KAAA;AAAA,gBAChB,OAAO,QAAA,CAAS,OAAA;AAAA,gBAChB,eAAe,QAAA,CAAS,cAAA;AAAA,gBACxB,GAAG;AAAA,eACJ;AAAA,cACA,IAAA,EAAM;AAAA,aACP;AAAA,UACD;AAAA,QACD,SAAS,KAAA,EAAO;AACf,UAAA,MAAA,CAAO,KAAA,CAAM,2CAA2C,KAAK,CAAA;AAAA,QAC9D;AAAA,MACD;AAEA,MAAA,OAAO,IAAA;AAAA,IACR,CAAA;AAAA,IAEA;AAAA,GACD;AACD;;;AC1IO,IAAM,OAAA,GAAU,CAAC,OAAA,KAA4B;AACnD,EAAA,MAAMH,cAAAA,GAAgB,sCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,SAAA;AAAA,IACJ,IAAA,EAAM,SAAA;AAAA,IACN,sBAAA,CAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,aAAY,EAAG;AACtD,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,YAAY,OAAO,CAAA;AACvE,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,QAAA,CAAS,KAAK,CAAA;AAC1C,MAAA,MAAM,gBAAA,GACL,eAAe,OAAA,CAAQ,WAAA,KAAgB,SACpC,CAAA,aAAA,EAAgB,OAAA,CAAQ,WAAW,CAAA,CAAA,GACnC,EAAA;AACJ,MAAA,OAAO,IAAI,GAAA;AAAA,QACV,kDAAkD,OAAA,CAAQ,IAAA;AAAA,UACzD;AAAA,SACA,CAAA,8BAAA,EACA,OAAA,CAAQ,QACT,CAAA,cAAA,EAAiB,kBAAA;AAAA,UAChB,QAAQ,WAAA,IAAe;AAAA,SACvB,UAAU,KAAK,CAAA,QAAA,EACf,QAAQ,MAAA,IAAU,MACnB,GAAG,gBAAgB,CAAA;AAAA,OACpB;AAAA,IACD,CAAA;AAAA,IACA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,mCAAA;AAAA,QACA;AAAA,UACC,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AAEA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,IAAI,OAAA,CAAQ,WAAW,IAAA,EAAM;AAC5B,QAAA,MAAM,sBACL,OAAA,CAAQ,aAAA,KAAkB,GAAA,GACvB,MAAA,CAAO,OAAO,OAAA,CAAQ,EAAE,CAAA,IAAK,MAAA,CAAO,EAAE,CAAC,CAAA,GAAI,IAC3C,QAAA,CAAS,OAAA,CAAQ,aAAa,CAAA,GAAI,CAAA;AACtC,QAAA,OAAA,CAAQ,SAAA,GAAY,4CAA4C,mBAAmB,CAAA,IAAA,CAAA;AAAA,MACpF,CAAA,MAAO;AACN,QAAA,MAAM,SAAS,OAAA,CAAQ,MAAA,CAAO,UAAA,CAAW,IAAI,IAAI,KAAA,GAAQ,KAAA;AACzD,QAAA,OAAA,CAAQ,SAAA,GAAY,sCAAsC,OAAA,CAAQ,EAAE,IAAI,OAAA,CAAQ,MAAM,IAAI,MAAM,CAAA,CAAA;AAAA,MACjG;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,EAAA;AAAA,UACZ,IAAA,EAAM,OAAA,CAAQ,WAAA,IAAe,OAAA,CAAQ,QAAA,IAAY,EAAA;AAAA,UACjD,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,eAAe,OAAA,CAAQ,QAAA;AAAA,UACvB,OAAO,OAAA,CAAQ,SAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;AC9IO,IAAM,OAAA,GAAU,CAAC,OAAA,KAA4B;AACnD,EAAA,MAAMA,cAAAA,GAAgB,yCAAA;AAEtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,SAAA;AAAA,IACJ,IAAA,EAAM,SAAA;AAAA,IACN,wBAAwB,OAAO;AAAA,MAC9B,KAAA;AAAA,MACA,MAAA;AAAA,MACA,YAAA;AAAA,MACA;AAAA,KACD,KAAM;AACL,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,mBAAmB,CAAA;AACvE,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,MAAM,mBAA2C,EAAC;AAClD,MAAA,IAAI,QAAQ,UAAA,EAAY;AACvB,QAAA,gBAAA,CAAiB,oBAAoB,OAAA,CAAQ,UAAA;AAAA,MAC9C;AACA,MAAA,OAAO,MAAM,sBAAA,CAAuB;AAAA,QACnC,EAAA,EAAI,SAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,0CAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,MAAM,yBAAA,CAA0B;AAAA,QACtC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,wDAAA;AAAA,QACA;AAAA,UACC,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AAEA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,UAAA;AAAA,UACZ,IAAA,EAAM,QAAQ,IAAA,EAAM,YAAA;AAAA,UACpB,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,aAAA,EAAe,QAAQ,cAAA,IAAkB,KAAA;AAAA,UACzC,OAAO,OAAA,CAAQ,iBAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACxFA,eAAsB,yBAAA,CACpB,aACA,OAAA,EACwB;AACxB,EAAA,MAAM,eAAA,GAAkB,kBAAA,CAAmB,OAAA,CAAQ,QAAQ,CAAA;AAC3D,EAAA,IAAI,CAAC,eAAA,IAAmB,CAAC,OAAA,CAAQ,YAAA,EAAc;AAC7C,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,SAAA,GAAY,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,QAAQ,IAC5C,OAAA,CAAQ,QAAA,GACR,CAAC,OAAA,CAAQ,QAAQ,CAAA;AACrB,EAAA,MAAM,cAAA,GAAiB,CAAA,EAAG,eAAe,CAAA,CAAA,EAAI,QAAQ,YAAY,CAAA,CAAA;AACjE,EAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,WAAA;AAAA,IAC5B,wCAAA;AAAA,IACA;AAAA,MACE,KAAA,EAAO;AAAA,QACL,WAAA,EAAa,WAAA;AAAA,QACb,YAAA,EAAc;AAAA;AAChB;AACF,GACF;AACA,EAAA,IAAI,KAAA,IAAS,CAAC,IAAA,EAAM,IAAA,EAAM;AACxB,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,EAAE,QAAA,EAAU,MAAA,EAAQ,OAAA,KAAY,IAAA,CAAK,IAAA;AAC3C,EAAA,IAAI,QAAA,KAAa,IAAA,IAAQ,CAAC,MAAA,IAAU,CAAC,UAAU,QAAA,CAAS,MAAM,CAAA,IAAK,CAAC,OAAA,EAAS;AAC3E,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,OAAA;AACT;;;AC3BO,IAAM,QAAA,GAAW,CAAC,OAAA,KAA6B;AACrD,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,UAAA;AAAA,IACJ,IAAA,EAAM,UAAA;AAAA,IACN,MAAM,sBAAA,CAAuB,EAAE,OAAO,MAAA,EAAQ,WAAA,EAAa,WAAU,EAAG;AACvE,MAAA,IAAI,CAAC,kBAAA,CAAmB,OAAA,CAAQ,QAAQ,CAAA,IAAK,CAAC,QAAQ,YAAA,EAAc;AACnE,QAAA,MAAA,CAAO,KAAA;AAAA,UACN;AAAA,SACD;AACA,QAAA,MAAM,IAAI,gBAAgB,+BAA+B,CAAA;AAAA,MAC1D;AACA,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GACrB,EAAC,GACD,CAAC,SAAS,gBAAgB,CAAA;AAC7B,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,MAAM,sBAAA,CAAuB;AAAA,QACnC,EAAA,EAAI,UAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,6CAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,WAAA;AAAA,QACA,SAAA;AAAA,QACA,gBAAA,EAAkB,QAAQ,QAAA,GACvB;AAAA,UACA,WAAW,OAAA,CAAQ;AAAA,YAEnB;AAAC,OACJ,CAAA;AAAA,IACF,CAAA;AAAA,IACA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAe;AAAA,OACf,CAAA;AAAA,IACF,CAAA;AAAA,IACA,MAAM,aAAA,CAAc,KAAA,EAAO,KAAA,EAAO;AACjC,MAAA,IAAI,QAAQ,oBAAA,EAAsB;AACjC,QAAA,OAAO,KAAA;AAAA,MACR;AAEA,MAAA,IAAI,QAAQ,aAAA,EAAe;AAC1B,QAAA,OAAO,OAAA,CAAQ,aAAA,CAAc,KAAA,EAAO,KAAK,CAAA;AAAA,MAC1C;AAIA,MAAA,IAAI,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA,CAAE,WAAW,CAAA,EAAG;AAClC,QAAA,IAAI;AACH,UAAA,MAAM,EAAE,OAAA,EAAS,SAAA,EAAU,GAAI,MAAMC,SAAAA;AAAA,YACpC,KAAA;AAAA,YACAG,kBAAAA;AAAA;AAAA,cAEC,IAAI,GAAA;AAAA,gBACH;AAAA;AACD,aACD;AAAA,YACA;AAAA,cACC,UAAA,EAAY,CAAC,OAAO,CAAA;AAAA,cACpB,UAAU,OAAA,CAAQ,QAAA;AAAA,cAClB,MAAA,EAAQ;AAAA;AACT,WACD;AAEA,UAAA,IAAI,KAAA,IAAS,SAAA,CAAU,KAAA,KAAU,KAAA,EAAO;AACvC,YAAA,OAAO,KAAA;AAAA,UACR;AAEA,UAAA,OAAO,CAAC,CAAC,SAAA;AAAA,QACV,CAAA,CAAA,MAAQ;AACP,UAAA,OAAO,KAAA;AAAA,QACR;AAAA,MACD;AAMA,MAAA,OAAQ,MAAM,yBAAA,CAA0B,KAAA,EAAO,OAAO,CAAA,KAAO,IAAA;AAAA,IAC9D,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EACC;AAAA,OACD,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,IAAI,KAAA,CAAM,WAAW,KAAA,CAAM,OAAA,CAAQ,MAAM,GAAG,CAAA,CAAE,WAAW,CAAA,EAAG;AAC3D,QAAA,MAAMC,QAAAA,GAAUF,SAAAA,CAAU,KAAA,CAAM,OAAO,CAAA;AAOvC,QAAA,MAAM,IAAA,GAAO;AAAA,UACZ,IAAIE,QAAAA,CAAQ,GAAA;AAAA,UACZ,MAAMA,QAAAA,CAAQ,IAAA;AAAA,UACd,OAAOA,QAAAA,CAAQ,KAAA;AAAA,UACf,OAAA,EAAS;AAAA,YACR,IAAA,EAAM;AAAA,cACL,KAAKA,QAAAA,CAAQ,OAAA;AAAA,cACb,MAAA,EAAQ,GAAA;AAAA,cACR,KAAA,EAAO,GAAA;AAAA,cACP,aAAA,EAAe;AAAA;AAChB;AACD,SACD;AAKA,QAAA,MAAMC,QAAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB;AAAA,UAChD,GAAG,IAAA;AAAA,UACH,cAAA,EAAgB;AAAA,SAChB,CAAA;AAED,QAAA,OAAO;AAAA,UACN,IAAA,EAAM;AAAA,YACL,GAAG,IAAA;AAAA,YACH,aAAA,EAAe,KAAA;AAAA,YACf,GAAGA;AAAA,WACJ;AAAA,UACA,IAAA,EAAMD;AAAA,SACP;AAAA,MACD;AAOA,MAAA,MAAM,cAAc,KAAA,CAAM,WAAA;AAC1B,MAAA,IAAI,CAAC,WAAA,EAAa;AACjB,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,WAAA,GAAc,MAAM,yBAAA,CAA0B,WAAA,EAAa,OAAO,CAAA;AACxE,MAAA,IAAI,CAAC,WAAA,EAAa;AACjB,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,MAAA,GAAS;AAAA,QACd,IAAA;AAAA,QACA,MAAA;AAAA,QACA,OAAA;AAAA,QACA,SAAA;AAAA,QACA,GAAI,OAAA,EAAS,MAAA,IAAU;AAAC,OACzB;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,uCAAA,GAA0C,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,QACzD;AAAA,UACC,IAAA,EAAM;AAAA,YACL,IAAA,EAAM,QAAA;AAAA,YACN,KAAA,EAAO;AAAA;AACR;AACD,OACD;AACA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,IAAI,OAAA,CAAQ,OAAO,WAAA,EAAa;AAC/B,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,EAAA;AAAA,UACZ,MAAM,OAAA,CAAQ,IAAA;AAAA,UACd,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,KAAA,EAAO,OAAA,CAAQ,OAAA,CAAQ,IAAA,CAAK,GAAA;AAAA,UAC5B,aAAA,EAAe,QAAQ,cAAA,IAAkB,KAAA;AAAA,UACzC,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACtMO,IAAM,KAAA,GAAQ,CAAC,OAAA,KAA0B;AAC/C,EAAA,MAAML,cAAAA,GAAgB,sCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,OAAA;AAAA,IACJ,IAAA,EAAM,OAAA;AAAA,IACN,MAAM,sBAAA,CAAuB,EAAE,OAAO,MAAA,EAAQ,YAAA,EAAc,aAAY,EAAG;AAC1E,MAAA,IAAI,CAAC,OAAA,CAAQ,QAAA,IAAY,CAAC,QAAQ,YAAA,EAAc;AAC/C,QAAA,MAAA,CAAO,KAAA;AAAA,UACN;AAAA,SACD;AACA,QAAA,MAAM,IAAI,gBAAgB,+BAA+B,CAAA;AAAA,MAC1D;AACA,MAAA,IAAI,CAAC,YAAA,EAAc;AAClB,QAAA,MAAM,IAAI,gBAAgB,oCAAoC,CAAA;AAAA,MAC/D;AAEA,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,mBAAmB,CAAA;AACvE,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAElC,MAAA,MAAM,GAAA,GAAM,MAAM,sBAAA,CAAuB;AAAA,QACxC,EAAA,EAAI,OAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,6BAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACA,CAAA;AAED,MAAA,OAAO,GAAA;AAAA,IACR,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA,cAAAA;AAAA,QACA,cAAA,EAAgB;AAAA,OAChB,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA,cAAAA;AAAA,QACA,cAAA,EAAgB;AAAA,OAChB,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,IAAI;AACH,QAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAQ,GAAI,MAAM,WAAA;AAAA,UAC/B,6BAAA;AAAA,UACA;AAAA,YACC,OAAA,EAAS;AAAA,cACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,SACD;AAEA,QAAA,IAAI,CAAC,OAAA,EAAS;AACb,UAAA,MAAA,CAAO,MAAM,iCAAiC,CAAA;AAC9C,UAAA,OAAO,IAAA;AAAA,QACR;AAEA,QAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AAExD,QAAA,OAAO;AAAA,UACN,IAAA,EAAM;AAAA,YACL,IAAI,OAAA,CAAQ,EAAA;AAAA,YACZ,MAAM,OAAA,CAAQ,MAAA;AAAA,YACd,OAAO,OAAA,CAAQ,KAAA;AAAA,YACf,OAAO,OAAA,CAAQ,OAAA;AAAA,YACf,aAAA,EAAe,KAAA;AAAA,YACf,GAAG;AAAA,WACJ;AAAA,UACA,IAAA,EAAM;AAAA,SACP;AAAA,MACD,SAAS,KAAA,EAAO;AACf,QAAA,MAAA,CAAO,KAAA,CAAM,yCAAyC,KAAK,CAAA;AAC3D,QAAA,OAAO,IAAA;AAAA,MACR;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACzDO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,MAAMA,cAAAA,GAAgB,6CAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,sBAAA,CAAuB;AAAA,MACtB,KAAA;AAAA,MACA,MAAA;AAAA,MACA,SAAA;AAAA,MACA,YAAA;AAAA,MACA;AAAA,KACD,EAAG;AACF,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GACrB,EAAC,GACD,CAAC,aAAa,YAAY,CAAA;AAC7B,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,QAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,0CAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,SAAA;AAAA,QACA,QAAQ,OAAA,CAAQ;AAAA,OAChB,CAAA;AAAA,IACF,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,cAAA,KAAmB,8BAAA,CAA+B;AAAA,QACxE,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA;AAAA,OACA,CAAA;AAED,MAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,YAG5BA,cAAAA,EAAe;AAAA,QAChB,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACT,CAAA;AAED,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,MAAA,CAAO,KAAA,CAAM,uCAAuC,KAAK,CAAA;AACzD,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,IAAI,WAAW,IAAA,EAAM;AACpB,QAAA,MAAA,CAAO,KAAA,CAAM,uCAAuC,IAAI,CAAA;AACxD,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,OAAO,gBAAgB,IAAI,CAAA;AAAA,IAC5B,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,6BAAA;AAAA,QACA;AAAA,UACC,OAAA,EAAS;AAAA,YACR,YAAA,EAAc,aAAA;AAAA,YACd,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AACA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,MAAA,EAAO,GAAI,MAAM,YAO7B,oCAAA,EAAsC;AAAA,QACvC,OAAA,EAAS;AAAA,UACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA,CAAA;AAAA,UAC1C,YAAA,EAAc;AAAA;AACf,OACA,CAAA;AAED,MAAA,IAAI,CAAC,OAAA,CAAQ,KAAA,IAAS,MAAA,EAAQ;AAC7B,QAAA,OAAA,CAAQ,KAAA,GAAA,CAAS,MAAA,CAAO,IAAA,CAAK,CAAC,CAAA,KAAM,EAAE,OAAO,CAAA,IAAK,MAAA,CAAO,CAAC,CAAA,GACvD,KAAA;AAAA,MACJ;AACA,MAAA,MAAM,aAAA,GACL,MAAA,EAAQ,IAAA,CAAK,CAAC,CAAA,KAAM,EAAE,KAAA,KAAU,OAAA,CAAQ,KAAK,CAAA,EAAG,QAAA,IAAY,KAAA;AAE7D,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,EAAA;AAAA,UACZ,IAAA,EAAM,OAAA,CAAQ,IAAA,IAAQ,OAAA,CAAQ,KAAA,IAAS,EAAA;AAAA,UACvC,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,OAAO,OAAA,CAAQ,UAAA;AAAA,UACf,aAAA;AAAA,UACA,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;AC5HA,IAAM,kBAAA,GAAqB,CAAC,KAAA,GAAgB,EAAA,KAAO;AAClD,EAAA,OAAO,KAAA,CACL,KAAA,CAAM,KAAK,CAAA,CACX,IAAI,CAAC,GAAA,KAAQ,GAAA,CAAI,OAAA,CAAQ,SAAA,EAAW,GAAG,CAAC,CAAA,CACxC,KAAK,KAAK,CAAA;AACb,CAAA;AAEA,IAAM,iBAAA,GAAoB,CAAC,MAAA,KAAgC;AAC1D,EAAA,MAAM,UAAU,MAAA,IAAU,oBAAA;AAC1B,EAAA,OAAO;AAAA,IACN,qBAAA,EAAuB,kBAAA,CAAmB,CAAA,EAAG,OAAO,CAAA,gBAAA,CAAkB,CAAA;AAAA,IACtE,aAAA,EAAe,kBAAA,CAAmB,CAAA,EAAG,OAAO,CAAA,YAAA,CAAc,CAAA;AAAA,IAC1D,gBAAA,EAAkB,kBAAA,CAAmB,CAAA,EAAG,OAAO,CAAA,YAAA,CAAc;AAAA,GAC9D;AACD,CAAA;AAEO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,MAAM,EAAE,qBAAA,EAAAD,sBAAAA,EAAuB,aAAA,EAAAC,cAAAA,EAAe,kBAAAO,iBAAAA,EAAiB,GAC9D,iBAAA,CAAkB,OAAA,CAAQ,MAAM,CAAA;AACjC,EAAA,MAAM,QAAA,GAAW,QAAA;AACjB,EAAA,MAAM,UAAA,GAAa,QAAA;AACnB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,UAAA;AAAA,IACN,wBAAwB,OAAO;AAAA,MAC9B,KAAA;AAAA,MACA,MAAA;AAAA,MACA,YAAA;AAAA,MACA,SAAA;AAAA,MACA;AAAA,KACD,KAAM;AACL,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,WAAW,CAAA;AAC/D,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,MAAM,sBAAA,CAAuB;AAAA,QACnC,EAAA,EAAI,QAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAAR,sBAAAA;AAAA,QACA,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,WAAA,EAAa,cAAa,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,YAAA;AAAA,QACA,aAAA,EAAAC;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAeA;AAAA,OACf,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtCO,iBAAAA;AAAA,QACA,EAAE,SAAS,EAAE,aAAA,EAAe,UAAU,KAAA,CAAM,WAAW,IAAG;AAAE,OAC7D;AACA,MAAA,IAAI,KAAA,IAAS,OAAA,CAAQ,KAAA,KAAU,QAAA,IAAY,QAAQ,MAAA,EAAQ;AAC1D,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AAGxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,EAAA;AAAA,UACZ,IAAA,EAAM,OAAA,CAAQ,IAAA,IAAQ,OAAA,CAAQ,QAAA,IAAY,EAAA;AAAA,UAC1C,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,OAAO,OAAA,CAAQ,UAAA;AAAA,UACf,aAAA,EAAe,QAAQ,cAAA,IAAkB,KAAA;AAAA,UACzC,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;AC1FO,IAAM,uBAAA,GAA0B,IAAA;;;AC9DhC,IAAM,kBAAA,GAAqB,OAAO,GAAA,KAAgB;AACvD,EAAA,OAAO,gBAAA,CAAiB,8CAA8C,GAAG,CAAA;AAC3E;;;ACQO,IAAM,sBAAsB,OAAO;AAAA,EACxC,KAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF,CAAA,KAA8D;AAC5D,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,GAAA,EAAK,GAAA,EAAK,MAAA,EAAO,GAAIL,sBAAsB,KAAK,CAAA;AACxD,IAAA,IAAI,CAAC,GAAA,IAAO,CAAC,MAAA,EAAQ,OAAO,IAAA;AAE5B,IAAA,MAAM,SAAA,GAAY,MAAM,kBAAA,CAAmB,GAAG,CAAA;AAC9C,IAAA,MAAM,EAAE,OAAA,EAAS,SAAA,KAAc,MAAMD,SAAAA,CAAU,OAAO,SAAA,EAAW;AAAA,MAC/D,UAAA,EAAY,CAAC,MAAM,CAAA;AAAA,MACnB,MAAA,EAAQ,CAAC,6BAAA,EAA+B,qBAAqB,CAAA;AAAA,MAC7D,QAAA;AAAA,MACA,WAAA,EAAa;AAAA,KACd,CAAA;AAED,IAAA,IAAI,KAAA,IAAS,SAAA,CAAU,KAAA,KAAU,KAAA,EAAO;AACtC,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,OAAO,SAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAMO,IAAM,2BAAA,GAA8B,CACzC,sBAAA,EACA,iBAAA,KACG;AACH,EAAA,IAAI,CAAC,wBAAwB,OAAO,IAAA;AACpC,EAAA,IAAI,OAAO,iBAAA,KAAsB,QAAA,IAAY,CAAC,iBAAA,EAAmB;AAC/D,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,sBAAA,KAA2B,KAAK,OAAO,IAAA;AAC3C,EAAA,OAAO,iBAAA,KAAsB,sBAAA;AAC/B;;;ACzCO,SAAS,WAAA,CACd,QAAA,EACA,YAAA,EACA,aAAA,EACA,mBAAA,EACU;AACV,EAAA,MAAM,SAAS,mBAAA,GAAsB,EAAC,GAAI,CAAC,GAAG,QAAQ,CAAA;AACtD,EAAA,IAAI,YAAA,EAAc,MAAA,CAAO,IAAA,CAAK,GAAG,YAAY,CAAA;AAC7C,EAAA,IAAI,aAAA,EAAe,MAAA,CAAO,IAAA,CAAK,GAAG,aAAa,CAAA;AAC/C,EAAA,OAAO,CAAC,GAAG,IAAI,GAAA,CAAI,MAAM,CAAC,CAAA;AAC5B;;;ACYO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AAChD,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,MAAM,sBAAA,CAAuB;AAAA,MAC3B,KAAA;AAAA,MACA,MAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAA;AAAA,MACA,SAAA;AAAA,MACA;AAAA,KACF,EAAG;AACD,MAAA,IAAI,CAAC,kBAAA,CAAmB,OAAA,CAAQ,QAAQ,CAAA,IAAK,CAAC,QAAQ,YAAA,EAAc;AAClE,QAAA,MAAA,CAAO,KAAA;AAAA,UACL;AAAA,SACF;AACA,QAAA,MAAM,IAAI,gBAAgB,+BAA+B,CAAA;AAAA,MAC3D;AACA,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,MAAM,IAAI,gBAAgB,qCAAqC,CAAA;AAAA,MACjE;AACA,MAAA,MAAM,OAAA,GAAU,WAAA;AAAA,QACd,CAAC,OAAA,EAAS,SAAA,EAAW,QAAQ,CAAA;AAAA,QAC7B,OAAA,CAAQ,KAAA;AAAA,QACR,MAAA;AAAA,QACA,OAAA,CAAQ;AAAA,OACV;AACA,MAAA,MAAM,GAAA,GAAM,MAAM,sBAAA,CAAuB;AAAA,QACvC,EAAA,EAAI,QAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,8CAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,YAAY,OAAA,CAAQ,UAAA;AAAA,QACpB,OAAA,EAAS,WAAW,OAAA,CAAQ,OAAA;AAAA,QAC5B,SAAA;AAAA,QACA,IAAI,OAAA,CAAQ,EAAA;AAAA,QACZ,gBAAA,EAAkB;AAAA,UAChB,sBAAA,EAAwB;AAAA;AAC1B,OACD,CAAA;AACD,MAAA,OAAO,GAAA;AAAA,IACT,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACxE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAC/B,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAe;AAAA,OAChB,CAAA;AAAA,IACH,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACxB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACtB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACxB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACP,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACxB;AAAA,QACA,aAAA,EAAe;AAAA,OAChB,CAAA;AAAA,IACH,CAAA;AAAA,IACJ,MAAM,aAAA,CAAc,KAAA,EAAO,KAAA,EAAO;AAChC,MAAA,IAAI,QAAQ,oBAAA,EAAsB;AAChC,QAAA,OAAO,KAAA;AAAA,MACT;AACA,MAAA,IAAI,QAAQ,aAAA,EAAe;AACzB,QAAA,OAAO,OAAA,CAAQ,aAAA,CAAc,KAAA,EAAO,KAAK,CAAA;AAAA,MAC3C;AAEA,MAAA,MAAM,SAAA,GAAY,MAAM,mBAAA,CAAoB;AAAA,QAC1C,KAAA;AAAA,QACA,UAAU,OAAA,CAAQ,QAAA;AAAA,QAClB;AAAA,OACD,CAAA;AACD,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,OAAO,2BAAA,CAA4B,OAAA,CAAQ,EAAA,EAAI,SAAA,CAAU,EAAE,CAAA;AAAA,IAC7D,CAAA;AAAA,IACA,MAAM,YAAY,KAAA,EAAO;AACvB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MAClC;AACA,MAAA,IAAI,CAAC,MAAM,OAAA,EAAS;AAClB,QAAA,OAAO,IAAA;AAAA,MACT;AACA,MAAA,MAAM,IAAA,GAAOE,SAAAA,CAAU,KAAA,CAAM,OAAO,CAAA;AACpC,MAAA,IAAI,CAAC,2BAAA,CAA4B,OAAA,CAAQ,EAAA,EAAI,IAAA,CAAK,EAAE,CAAA,EAAG;AACrD,QAAA,MAAA,CAAO,KAAA;AAAA,UACL,yDACE,IAAA,CAAK,EAAA,IAAM,WACb,CAAA,+CAAA,EAAkD,QAAQ,EAAE,CAAA,EAAA;AAAA,SAC9D;AACA,QAAA,OAAO,IAAA;AAAA,MACT;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,IAAI,CAAA;AACrD,MAAA,OAAO;AAAA,QACL,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,GAAA;AAAA,UACT,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,OAAO,IAAA,CAAK,OAAA;AAAA,UACZ,eAAe,IAAA,CAAK,cAAA;AAAA,UACpB,GAAG;AAAA,SACL;AAAA,QACA,IAAA,EAAM;AAAA,OACR;AAAA,IACF,CAAA;AAAA,IACA;AAAA,GACF;AACF;;;AC5GO,IAAM,WAAA,GAAc,CAAC,OAAA,KAAgC;AAC3D,EAAA,MAAMH,cAAAA,GAAgB,oCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,aAAA;AAAA,IACJ,IAAA,EAAM,cAAA;AAAA,IACN,uBAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,YAAA,EAAc,aAAY,EAAG;AACpE,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACrB,KACA,CAAC,QAAA,EAAU,WAAW,OAAO,CAAA;AAChC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,aAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,wCAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,uCAAA;AAAA,QACA;AAAA,UACC,MAAA,EAAQ,KAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AACA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,GAAA;AAAA,UACZ,IAAA,EAAM,OAAA,CAAQ,IAAA,IAAQ,OAAA,CAAQ,kBAAA,IAAsB,EAAA;AAAA,UACpD,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,OAAO,OAAA,CAAQ,OAAA;AAAA,UACf,aAAA,EAAe,QAAQ,cAAA,IAAkB,KAAA;AAAA,UACzC,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACfO,IAAM,KAAA,GAAQ,CAAC,OAAA,KAA0B;AAC/C,EAAA,MAAMA,cAAAA,GAAgB,qCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,OAAA;AAAA,IACJ,IAAA,EAAM,OAAA;AAAA,IACN,sBAAA,CAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,aAAY,EAAG;AACtD,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACrB,KACA,CAAC,eAAA,EAAiB,iBAAiB,kBAAkB,CAAA;AACxD,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,OAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,yCAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,mCAAA;AAAA,QACA;AAAA,UACC,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AACA,MAAA,IAAI,KAAA,IAAS,CAAC,OAAA,EAAS;AACtB,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,aAAA,IAAiB,EAAC;AAC1C,MAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,OAAA,IAAW,EAAC;AACzC,MAAA,MAAM,IAAA,GAAO;AAAA,QACZ,EAAA,EAAI,MAAA,CAAO,OAAA,CAAQ,EAAE,CAAA;AAAA,QACrB,IAAA,EAAM,YAAA,CAAa,QAAA,IAAY,OAAA,CAAQ,IAAA,IAAQ,EAAA;AAAA,QAC/C,OAAO,OAAA,CAAQ,KAAA;AAAA,QACf,KAAA,EACC,YAAA,CAAa,iBAAA,IAAqB,YAAA,CAAa,mBAAA;AAAA,QAChD,eAAe,CAAC,CAAC,QAAQ,cAAA,IAAkB,CAAC,CAAC,OAAA,CAAQ,iBAAA;AAAA,QACrD,GAAG;AAAA,OACJ;AACA,MAAA,OAAO;AAAA,QACN,IAAA;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACnJO,IAAM,IAAA,GAAO,CAAC,OAAA,KAAyB;AAC7C,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,MAAA;AAAA,IACJ,IAAA,EAAM,MAAA;AAAA,IACN,uBAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,WAAA,EAAa,cAAa,EAAG;AACpE,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,WAAW,CAAA;AAC/D,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAElC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,MAAA;AAAA,QACJ,WAAA;AAAA,QACA,OAAA;AAAA,QACA,qBAAA,EAAuB,qCAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,YAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,MAAM,yBAAA,CAA0B,EAAE,IAAA,EAAM,WAAA,EAAa,cAAa,EAAG;AACpE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAe,iCAAA;AAAA,QACf;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAe;AAAA,OACf,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,YAE3B,sCAAA,EAAwC;AAAA,QAC1C,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C,OACA,CAAA;AAED,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,OAAA,GAAU,IAAA,CAAK,IAAA,CAAK,CAAC,CAAA;AAE3B,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AAGxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,OAAA;AAAA,UACZ,MAAM,OAAA,CAAQ,IAAA;AAAA,UACd,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,OAAO,OAAA,CAAQ,eAAA;AAAA,UACf,aAAA,EAAe,KAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;ACjEO,IAAM,IAAA,GAAO,CAAC,OAAA,KAAyB;AAC7C,EAAA,MAAMD,sBAAAA,GAAwB,8CAAA;AAC9B,EAAA,MAAMC,cAAAA,GAAgB,uCAAA;AACtB,EAAA,MAAM,gBAAA,GAAmB,0CAAA;AACzB,EAAA,MAAM,qBAAA,GAAwB,wCAAA;AAE9B,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,MAAA;AAAA,IACJ,IAAA,EAAM,MAAA;AAAA,IACN,MAAM,sBAAA,CAAuB;AAAA,MAC5B,KAAA;AAAA,MACA,MAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACD,EAAG;AACF,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACrB,KACA,CAAC,QAAA,EAAU,WAAW,OAAO,CAAA;AAChC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,MAAM,sBAAA,CAAuB;AAAA,QACnC,EAAA,EAAI,MAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAAD,sBAAAA;AAAA,QACA,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAC;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,aAAA,CAAc,KAAA,EAAO,KAAA,EAAO;AACjC,MAAA,IAAI,QAAQ,oBAAA,EAAsB;AACjC,QAAA,OAAO,KAAA;AAAA,MACR;AACA,MAAA,IAAI,QAAQ,aAAA,EAAe;AAC1B,QAAA,OAAO,OAAA,CAAQ,aAAA,CAAc,KAAA,EAAO,KAAK,CAAA;AAAA,MAC1C;AACA,MAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,MAAA,IAAA,CAAK,GAAA,CAAI,YAAY,KAAK,CAAA;AAC1B,MAAA,IAAA,CAAK,GAAA,CAAI,WAAA,EAAa,OAAA,CAAQ,QAAQ,CAAA;AACtC,MAAA,IAAI,KAAA,EAAO,IAAA,CAAK,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AAClC,MAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,WAAA;AAAA,QAC7B,qBAAA;AAAA,QACA;AAAA,UACC,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACR,cAAA,EAAgB;AAAA,WACjB;AAAA,UACA;AAAA;AACD,OACD;AACA,MAAA,IAAI,KAAA,IAAS,CAAC,IAAA,EAAM;AACnB,QAAA,OAAO,KAAA;AAAA,MACR;AAEA,MAAA,IAAI,IAAA,CAAK,GAAA,KAAQ,OAAA,CAAQ,QAAA,EAAU,OAAO,KAAA;AAC1C,MAAA,IAAI,IAAA,CAAK,KAAA,IAAS,IAAA,CAAK,KAAA,KAAU,OAAO,OAAO,KAAA;AAC/C,MAAA,OAAO,IAAA;AAAA,IACR,CAAA;AAAA,IACA,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,IAAI,OAAA,GAAoD,IAAA;AAExD,MAAA,IAAI,MAAM,OAAA,EAAS;AAClB,QAAA,IAAI;AACH,UAAA,OAAA,GAAUG,SAAAA,CAAU,MAAM,OAAO,CAAA;AAAA,QAClC,CAAA,CAAA,MAAQ;AAAA,QAAC;AAAA,MACV;AAEA,MAAA,IAAI,CAAC,OAAA,EAAS;AACb,QAAA,MAAM,EAAE,IAAA,EAAK,GAAI,MAAM,YAA0B,gBAAA,EAAkB;AAAA,UAClE,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C,SACA,CAAA;AACD,QAAA,OAAA,GAAU,IAAA,IAAQ,IAAA;AAAA,MACnB;AACA,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAc,CAAA;AAE/D,MAAA,MAAM,EAAA,GAAM,OAAA,CAAgB,GAAA,IAAQ,OAAA,CAAgB,MAAA;AACpD,MAAA,MAAM,IAAA,GAAQ,OAAA,CAAgB,IAAA,IAAS,OAAA,CAAgB,WAAA,IAAe,EAAA;AACtE,MAAA,MAAM,KAAA,GACJ,OAAA,CAAgB,OAAA,IAAY,OAAA,CAAgB,UAAA,IAAc,MAAA;AAC5D,MAAA,MAAM,QAAS,OAAA,CAAgB,KAAA;AAC/B,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,EAAA;AAAA,UACA,IAAA;AAAA,UACA,KAAA;AAAA,UACA,KAAA;AAAA;AAAA,UAEA,aAAA,EAAe,KAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;AC5IO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,MAAMH,cAAAA,GAAgB,oCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,uBAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,SAAA,EAAW,aAAY,EAAG;AACjE,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,MAAM,CAAA;AAC1D,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,QAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,oCAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,WAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,gCAAA;AAAA,QACA;AAAA,UACC,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACR,cAAA,EAAgB,kBAAA;AAAA,YAChB,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA,WAC3C;AAAA,UACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,YACpB,KAAA,EAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAAA;AAAA,WAaP;AAAA;AACF,OACD;AACA,MAAA,IAAI,KAAA,IAAS,CAAC,OAAA,EAAS,IAAA,EAAM,MAAA,EAAQ;AACpC,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,QAAA,GAAW,QAAQ,IAAA,CAAK,MAAA;AAC9B,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,QAAQ,CAAA;AAGzD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,MAAA,CAAO,EAAA;AAAA,UACxB,IAAA,EAAM,OAAA,CAAQ,IAAA,CAAK,MAAA,CAAO,IAAA;AAAA,UAC1B,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,MAAA,CAAO,KAAA;AAAA,UAC3B,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,MAAA,CAAO,SAAA;AAAA,UAC3B,aAAA,EAAe,KAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;AC9FO,IAAM,QAAA,GAAW,CAAC,OAAA,KAA6B;AACrD,EAAA,MAAMD,sBAAAA,GACL,iDAAA;AACD,EAAA,MAAMC,cAAAA,GAAgB,+CAAA;AAEtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,UAAA;AAAA,IACJ,IAAA,EAAM,UAAA;AAAA,IACN,wBAAwB,OAAO;AAAA,MAC9B,KAAA;AAAA,MACA,MAAA;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACD,KAAM;AACL,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACrB,KACA,CAAC,SAAA,EAAW,SAAS,QAAQ,CAAA;AAChC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,MAAM,sBAAA,CAAuB;AAAA,QACnC,EAAA,EAAI,UAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAAD,sBAAAA;AAAA,QACA,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,OAAO,MAAM,yBAAA,CAA0B;AAAA,QACtC,IAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAC;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,sCAAA;AAAA,QACA;AAAA,UACC,MAAA,EAAQ,KAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AAEA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,GAAA;AAAA,UACZ,MAAM,OAAA,CAAQ,IAAA;AAAA,UACd,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,aAAA,EAAe,QAAQ,cAAA,IAAkB,KAAA;AAAA,UACzC,OAAO,OAAA,CAAQ,OAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACpGO,IAAM,qBAAA,GAAwB,OACnC,GAAA,EACA,MAAA,EACA,SAAA,KACG;AACH,EAAA,OAAO,gBAAA;AAAA,IACL,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,MAAM,CAAA,oBAAA,CAAA;AAAA,IACtB;AAAA,GACF;AACF;;;ACZO,IAAM,4BAAA,GAA+B;;;AC6BrC,IAAM,SAAA,GAAY,CAAC,OAAA,KAA8B;AACvD,EAAA,MAAM,MAAA,GAAS,QAAQ,QAAA,IAAY,QAAA;AAInC,EAAA,MAAM,SAAA,GAAY,iBAAA;AAAA,IACjB,QAAQ,SAAA,IAAa;AAAA,GACtB;AACA,EAAA,MAAMD,sBAAAA,GAAwB,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,MAAM,CAAA,sBAAA,CAAA;AACpD,EAAA,MAAMC,cAAAA,GAAgB,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,MAAM,CAAA,kBAAA,CAAA;AAC5C,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,WAAA;AAAA,IACJ,IAAA,EAAM,mBAAA;AAAA,IACN,uBAAuB,IAAA,EAAM;AAI5B,MAAA,IAAI,CAAC,kBAAA,CAAmB,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAC1C,QAAA,MAAA,CAAO,KAAA;AAAA,UACN;AAAA,SACD;AACA,QAAA,MAAM,IAAI,gBAAgB,+BAA+B,CAAA;AAAA,MAC1D;AACA,MAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,mBAAA,GACpB,EAAC,GACD,CAAC,QAAA,EAAU,SAAA,EAAW,OAAA,EAAS,WAAA,EAAa,gBAAgB,CAAA;AAC/D,MAAA,IAAI,QAAQ,KAAA,EAAO,MAAA,CAAO,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAC/C,MAAA,IAAI,KAAK,MAAA,EAAQ,MAAA,CAAO,IAAA,CAAK,GAAG,KAAK,MAAM,CAAA;AAC3C,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,WAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAAD,sBAAAA;AAAA,QACA,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,cAAc,IAAA,CAAK,YAAA;AAAA,QACnB,MAAA;AAAA,QACA,aAAa,IAAA,CAAK,WAAA;AAAA,QAClB,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,WAAW,IAAA,CAAK;AAAA,OAChB,CAAA;AAAA,IACF,CAAA;AAAA,IACA,yBAAA,CAA0B,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,EAAG;AAC9D,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAC;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,MAAM,aAAA,CAAc,KAAA,EAAO,KAAA,EAAO;AACjC,MAAA,IAAI,QAAQ,oBAAA,EAAsB;AACjC,QAAA,OAAO,KAAA;AAAA,MACR;AACA,MAAA,IAAI,QAAQ,aAAA,EAAe;AAC1B,QAAA,OAAO,OAAA,CAAQ,aAAA,CAAc,KAAA,EAAO,KAAK,CAAA;AAAA,MAC1C;AAEA,MAAA,IAAI;AACH,QAAA,MAAM,EAAE,GAAA,EAAK,GAAA,EAAK,MAAA,EAAO,GAAIE,sBAAsB,KAAK,CAAA;AACxD,QAAA,IAAI,CAAC,GAAA,IAAO,CAAC,MAAA,EAAQ,OAAO,KAAA;AAE5B,QAAA,MAAM,SAAA,GAAY,MAAM,qBAAA,CAAsB,GAAA,EAAK,QAAQ,SAAS,CAAA;AACpE,QAAA,MAAM,aAAA,GAKF;AAAA,UACH,UAAA,EAAY,CAAC,MAAM,CAAA;AAAA,UACnB,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAA,EAAa;AAAA,SACd;AAKA,QAAA,IACC,MAAA,KAAW,QAAA,IACX,MAAA,KAAW,eAAA,IACX,WAAW,WAAA,EACV;AACD,UAAA,aAAA,CAAc,MAAA,GAAS,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,MAAM,CAAA,KAAA,CAAA;AAAA,QAC9C;AACA,QAAA,MAAM,EAAE,OAAA,EAAS,SAAA,EAAU,GAAI,MAAMD,SAAAA;AAAA,UACpC,KAAA;AAAA,UACA,SAAA;AAAA,UACA;AAAA,SACD;AAEA,QAAA,IAAI,KAAA,IAAS,SAAA,CAAU,KAAA,KAAU,KAAA,EAAO;AACvC,UAAA,OAAO,KAAA;AAAA,QACR;AASA,QAAA,MAAM,MAAM,SAAA,CAAU,GAAA;AACtB,QAAA,IACC,OAAO,QAAQ,QAAA,IACf,SAAA,CAAU,QAAQ,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,GAAG,CAAA,KAAA,CAAA,EACpC;AACD,UAAA,OAAO,KAAA;AAAA,QACR;AACA,QAAA,IACC,MAAA,KAAW,eAAA,IACX,GAAA,KAAQ,4BAAA,EACP;AACD,UAAA,OAAO,KAAA;AAAA,QACR;AACA,QAAA,IAAI,MAAA,KAAW,WAAA,IAAe,GAAA,KAAQ,4BAAA,EAA8B;AACnE,UAAA,OAAO,KAAA;AAAA,QACR;AAEA,QAAA,OAAO,IAAA;AAAA,MACR,SAAS,KAAA,EAAO;AACf,QAAA,MAAA,CAAO,KAAA,CAAM,8BAA8B,KAAK,CAAA;AAChD,QAAA,OAAO,KAAA;AAAA,MACR;AAAA,IACD,CAAA;AAAA,IACA,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,IAAI,CAAC,MAAM,OAAA,EAAS;AACnB,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,IAAA,GAAOE,SAAAA,CAAU,KAAA,CAAM,OAAO,CAAA;AACpC,MAAA,MAAM,gBAAA,GAAmB,QAAQ,gBAAA,IAAoB,EAAA;AACrD,MAAA,MAAM,WAAA;AAAA,QACL,CAAA,2CAAA,EAA8C,gBAAgB,CAAA,CAAA,EAAI,gBAAgB,CAAA,OAAA,CAAA;AAAA,QAClF;AAAA,UACC,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA,WAC3C;AAAA,UACA,MAAM,WAAW,OAAA,EAAS;AACzB,YAAA,IAAI,OAAA,CAAQ,mBAAA,IAAuB,CAAC,OAAA,CAAQ,SAAS,EAAA,EAAI;AACxD,cAAA;AAAA,YACD;AACA,YAAA,IAAI;AACH,cAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,QAAA,CAAS,KAAA,EAAM;AACxC,cAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,WAAA,EAAY;AACjD,cAAA,MAAM,aAAA,GAAgB,MAAA,CAAO,MAAA,CAAO,aAAa,CAAA;AACjD,cAAA,IAAA,CAAK,OAAA,GAAU,2BAA2B,aAAa,CAAA,CAAA;AAAA,YACxD,SAAS,CAAA,EAAG;AACX,cAAA,MAAA,CAAO,KAAA;AAAA,gBACN,KAAK,OAAO,CAAA,KAAM,YAAY,MAAA,IAAU,CAAA,GACpC,EAAE,IAAA,GACH,EAAA;AAAA,gBACH;AAAA,eACD;AAAA,YACD;AAAA,UACD;AAAA;AACD,OACD;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,IAAI,CAAA;AAKrD,MAAA,MAAM,aAAA,GACL,KAAK,cAAA,KAAmB,MAAA,GACrB,KAAK,cAAA,GACL,IAAA,CAAK,UACJ,IAAA,CAAK,sBAAA,EAAwB,SAAS,IAAA,CAAK,KAAK,KAChD,IAAA,CAAK,wBAAA,EAA0B,SAAS,IAAA,CAAK,KAAK,KAClD,IAAA,GACA,KAAA;AACL,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,IAAA,CAAK,GAAA;AAAA,UACT,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,OAAO,IAAA,CAAK,OAAA;AAAA,UACZ,aAAA;AAAA,UACA,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,mBAAA,GACpB,EAAC,GACD,CAAC,QAAA,EAAU,SAAA,EAAW,OAAA,EAAS,WAAA,EAAa,gBAAgB,CAAA;AAC/D,MAAA,IAAI,QAAQ,KAAA,EAAO,MAAA,CAAO,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAE/C,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,WAAA,EAAa;AAAA,UACZ,KAAA,EAAO,MAAA,CAAO,IAAA,CAAK,GAAG;AAAA;AAAA,SACvB;AAAA,QACA,aAAA,EAAAH;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF;AAAA,GACD;AACD;;;ACvMO,IAAM,KAAA,GAAQ,CAAC,OAAA,KAA0B;AAC/C,EAAA,MAAMA,cAAAA,GAAgB,sCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,OAAA;AAAA,IACJ,IAAA,EAAM,OAAA;AAAA,IACN,sBAAA,CAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,aAAY,EAAG;AACtD,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,WAAW,OAAO,CAAA;AACtE,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,OAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,0CAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,qCAAA;AAAA,QACA;AAAA,UACC,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AACA,MAAA,IAAI,KAAA,IAAS,CAAC,OAAA,IAAW,OAAA,CAAQ,eAAe,IAAA,EAAM;AACrD,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,QAAA,IAAY,EAAC;AACjC,MAAA,MAAM,IAAA,GAAO;AAAA,QACZ,IAAI,GAAA,CAAI,EAAA;AAAA,QACR,IAAA,EAAM,GAAA,CAAI,IAAA,IAAQ,GAAA,CAAI,QAAA,IAAY,EAAA;AAAA,QAClC,OAAO,GAAA,CAAI,KAAA;AAAA,QACX,OAAO,GAAA,CAAI,aAAA;AAAA,QACX,aAAA,EAAe,KAAA;AAAA,QACf,GAAG;AAAA,OACJ;AACA,MAAA,OAAO;AAAA,QACN,IAAA;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACvFO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,MAAMA,cAAAA,GAAgB,uCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,uBAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,SAAA,EAAW,aAAY,EAAG;AACjE,MAAA,MAAM,OAAA,GAAoB,OAAA,CAAQ,mBAAA,GAAsB,KAAK,EAAC;AAC9D,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,QAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,2CAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,WAAA;AAAA,QACA,SAAA;AAAA,QACA,gBAAA,EAAkB;AAAA,UACjB,KAAA,EAAO;AAAA;AACR,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA,cAAAA;AAAA,QACA,cAAA,EAAgB;AAAA,OAChB,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,OAAM,GAAI,MAAM,YAMpC,oCAAA,EAAsC;AAAA,QACxC,OAAA,EAAS;AAAA,UACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA,CAAA;AAAA,UAC1C,gBAAA,EAAkB;AAAA;AACnB,OACA,CAAA;AACD,MAAA,IAAI,KAAA,IAAS,CAAC,OAAA,EAAS;AACtB,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,GAAA,EAAK,KAAA,EAAO,IAAA;AACxC,MAAA,IAAI,CAAC,WAAA,EAAa;AACjB,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,WAAW,CAAA;AAC5D,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,WAAA,CAAY,EAAA;AAAA,UAChB,IAAA,EAAM,YAAY,IAAA,IAAQ,EAAA;AAAA,UAC1B,KAAA,EAAO,WAAA,CAAY,MAAA,EAAQ,KAAA,IAAS,IAAA;AAAA,UACpC,OAAO,WAAA,CAAY,UAAA;AAAA,UACnB,aAAA,EAAe,KAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;AC7EO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,MAAM,MAAA,GAAS,QAAQ,MAAA,IAAU,uBAAA;AACjC,EAAA,MAAMD,sBAAAA,GAAwB,GAAG,MAAM,CAAA,iBAAA,CAAA;AACvC,EAAA,MAAMC,cAAAA,GAAgB,GAAG,MAAM,CAAA,aAAA,CAAA;AAE/B,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,MAAM,sBAAA,CAAuB;AAAA,MAC5B,KAAA;AAAA,MACA,MAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACD,EAAG;AACF,MAAA,IAAI,CAAC,OAAA,CAAQ,QAAA,IAAY,CAAC,QAAQ,YAAA,EAAc;AAC/C,QAAA,MAAA,CAAO,KAAA;AAAA,UACN;AAAA,SACD;AACA,QAAA,MAAM,IAAI,gBAAgB,+BAA+B,CAAA;AAAA,MAC1D;AACA,MAAA,IAAI,CAAC,YAAA,EAAc;AAClB,QAAA,MAAM,IAAI,gBAAgB,qCAAqC,CAAA;AAAA,MAChE;AACA,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACrB,KACA,CAAC,QAAA,EAAU,SAAS,SAAS,CAAA;AAChC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,MAAM,GAAA,GAAM,MAAM,sBAAA,CAAuB;AAAA,QACxC,EAAA,EAAI,QAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAAD,sBAAAA;AAAA,QACA,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB;AAAA,OACA,CAAA;AACD,MAAA,OAAO,GAAA;AAAA,IACR,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAC;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,IAAI,CAAC,MAAM,OAAA,EAAS;AACnB,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,IAAA,GAAOG,SAAAA,CAAU,KAAA,CAAM,OAAO,CAAA;AACpC,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,IAAI,CAAA;AACrD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,IAAA,CAAK,GAAA;AAAA,UACT,IAAA,EAAM,IAAA,CAAK,IAAA,IAAQ,IAAA,CAAK,kBAAA,IAAsB,EAAA;AAAA,UAC9C,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,OAAO,IAAA,CAAK,OAAA;AAAA,UACZ,aAAA,EAAe,KAAK,cAAA,IAAkB,KAAA;AAAA,UACtC,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;AC7GO,IAAM,kBAAA,GAAqB,OAAO,GAAA,EAAa,OAAA,KAAoB;AACxE,EAAA,OAAO,gBAAA,CAAiB,SAAS,GAAG,CAAA;AACtC;;;ACkBA,IAAM,0BAAA,GAA6B,CAAC,OAAA,EAAS,OAAO,CAAA;AAQ7C,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,MAAM,WAAA,GAAc,QAAQ,WAAA,IAAe,SAAA;AAC3C,EAAA,MAAM,YAAY,WAAA,KAAgB,SAAA;AAElC,EAAA,MAAMJ,sBAAAA,GAAwB,YAC3B,iDAAA,GACA,yCAAA;AAEH,EAAA,MAAMC,cAAAA,GAAgB,YACnB,kDAAA,GACA,0CAAA;AAEH,EAAA,MAAM,gBAAA,GAAmB,YACtB,8DAAA,GACA,sDAAA;AAOH,EAAA,MAAM,MAAA,GAAS,YACZ,gCAAA,GACA,wBAAA;AAEH,EAAA,MAAM,YAAA,GAAe,YAClB,gDAAA,GACA,wCAAA;AAEH,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,MAAM,sBAAA,CAAuB,EAAE,KAAA,EAAO,YAAA,EAAc,aAAY,EAAG;AAClE,MAAA,IAAI,CAAC,OAAA,CAAQ,QAAA,IAAY,CAAC,QAAQ,YAAA,EAAc;AAC/C,QAAA,MAAA,CAAO,KAAA;AAAA,UACN;AAAA,SACD;AACA,QAAA,MAAM,IAAI,gBAAgB,+BAA+B,CAAA;AAAA,MAC1D;AAQA,MAAA,MAAM,UAAoB,EAAC;AAE3B,MAAA,MAAM,GAAA,GAAM,MAAM,sBAAA,CAAuB;AAAA,QACxC,EAAA,EAAI,QAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAAD,sBAAAA;AAAA,QACA,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,QAAQ,OAAA,CAAQ;AAAA,OAChB,CAAA;AACD,MAAA,OAAO,GAAA;AAAA,IACR,CAAA;AAAA,IAEA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAK3D,MAAA,MAAM,cAAc,MAAA,CAAO,MAAA;AAAA,QAC1B,CAAA,EAAG,OAAA,CAAQ,QAAQ,CAAA,CAAA,EAAI,QAAQ,YAAY,CAAA;AAAA,OAC5C;AAEA,MAAA,IAAI;AACH,QAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAYC,cAAAA,EAAe;AAAA,UACjD,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,SAAS,WAAW,CAAA,CAAA;AAAA,YACnC,MAAA,EAAQ,kBAAA;AAAA,YACR,iBAAA,EAAmB,OAAA;AAAA,YACnB,cAAA,EAAgB;AAAA,WACjB;AAAA,UACA,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,YACzB,UAAA,EAAY,oBAAA;AAAA,YACZ,IAAA;AAAA,YACA,YAAA,EAAc;AAAA,WACd,EAAE,QAAA;AAAS,SACZ,CAAA;AAED,QAAA,IAAI,CAAC,SAAS,IAAA,EAAM;AACnB,UAAA,MAAM,IAAI,gBAAgB,4BAA4B,CAAA;AAAA,QACvD;AAEA,QAAA,MAAM,OAAO,QAAA,CAAS,IAAA;AAEtB,QAAA,MAAM,MAAA,GAAS;AAAA,UACd,aAAa,IAAA,CAAK,YAAA;AAAA,UAClB,cAAc,IAAA,CAAK,aAAA;AAAA,UACnB,oBAAA,EAAsB,IAAA,CAAK,UAAA,GACxB,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,EAAI,GAAI,IAAA,CAAK,UAAA,GAAa,GAAI,CAAA,GAC5C,KAAA,CAAA;AAAA,UACH,SAAS,IAAA,CAAK;AAAA,SACf;AAEA,QAAA,OAAO,MAAA;AAAA,MACR,SAAS,KAAA,EAAO;AACf,QAAA,MAAA,CAAO,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACnD,QAAA,MAAM,IAAI,gBAAgB,4BAA4B,CAAA;AAAA,MACvD;AAAA,IACD,CAAA;AAAA,IAEA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,MAAM,cAAc,MAAA,CAAO,MAAA;AAAA,QAC1B,CAAA,EAAG,OAAA,CAAQ,QAAQ,CAAA,CAAA,EAAI,QAAQ,YAAY,CAAA;AAAA,OAC5C;AAEA,MAAA,IAAI;AACH,QAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAYA,cAAAA,EAAe;AAAA,UACjD,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,SAAS,WAAW,CAAA,CAAA;AAAA,YACnC,MAAA,EAAQ,kBAAA;AAAA,YACR,iBAAA,EAAmB,OAAA;AAAA,YACnB,cAAA,EAAgB;AAAA,WACjB;AAAA,UACA,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,YACzB,UAAA,EAAY,eAAA;AAAA,YACZ,aAAA,EAAe;AAAA,WACf,EAAE,QAAA;AAAS,SACZ,CAAA;AAED,QAAA,IAAI,CAAC,SAAS,IAAA,EAAM;AACnB,UAAA,MAAM,IAAI,gBAAgB,gCAAgC,CAAA;AAAA,QAC3D;AAEA,QAAA,MAAM,OAAO,QAAA,CAAS,IAAA;AACtB,QAAA,OAAO;AAAA,UACN,aAAa,IAAA,CAAK,YAAA;AAAA,UAClB,cAAc,IAAA,CAAK,aAAA;AAAA,UACnB,oBAAA,EAAsB,IAAA,CAAK,UAAA,GACxB,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,EAAI,GAAI,IAAA,CAAK,UAAA,GAAa,GAAI,CAAA,GAC5C,KAAA;AAAA,SACJ;AAAA,MACD,SAAS,KAAA,EAAO;AACf,QAAA,MAAA,CAAO,KAAA,CAAM,gCAAgC,KAAK,CAAA;AAClD,QAAA,MAAM,IAAI,gBAAgB,gCAAgC,CAAA;AAAA,MAC3D;AAAA,IACD,CAAA;AAAA,IAEF,MAAM,aAAA,CAAc,KAAA,EAAO,KAAA,EAAO;AACjC,MAAA,IAAI,QAAQ,oBAAA,EAAsB;AACjC,QAAA,OAAO,KAAA;AAAA,MACR;AACA,MAAA,IAAI,QAAQ,aAAA,EAAe;AAC1B,QAAA,OAAO,OAAA,CAAQ,aAAA,CAAc,KAAA,EAAO,KAAK,CAAA;AAAA,MAC1C;AAOA,MAAA,IAAI;AACH,QAAA,MAAM,EAAE,GAAA,EAAK,GAAA,EAAK,MAAA,EAAO,GAAIE,sBAAsB,KAAK,CAAA;AACxD,QAAA,IAAI,CAAC,QAAQ,OAAO,KAAA;AACpB,QAAA,IACC,CAAC,0BAAA,CAA2B,QAAA;AAAA,UAC3B;AAAA,SACD,EACC;AACD,UAAA,OAAO,KAAA;AAAA,QACR;AAOA,QAAA,MAAM,GAAA,GACL,MAAA,KAAW,OAAA,GACR,IAAI,aAAY,CAAE,MAAA,CAAO,OAAA,CAAQ,YAAY,IAC7C,GAAA,GACC,MAAM,kBAAA,CAAmB,GAAA,EAAK,YAAY,CAAA,GAC1C,KAAA,CAAA;AACL,QAAA,IAAI,CAAC,KAAK,OAAO,KAAA;AAEjB,QAAA,MAAM,EAAE,OAAA,EAAS,SAAA,KAAc,MAAMD,SAAAA,CAAU,OAAO,GAAA,EAAK;AAAA,UAC1D,UAAA,EAAY,CAAC,MAAM,CAAA;AAAA,UACnB,MAAA;AAAA,UACA,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAA,EAAa;AAAA,SACb,CAAA;AAED,QAAA,IAAI,KAAA,IAAS,SAAA,CAAU,KAAA,KAAU,KAAA,EAAO;AACvC,UAAA,OAAO,KAAA;AAAA,QACR;AAEA,QAAA,OAAO,IAAA;AAAA,MACR,SAAS,KAAA,EAAO;AACf,QAAA,MAAA,CAAO,KAAA,CAAM,qCAAqC,KAAK,CAAA;AACvD,QAAA,OAAO,KAAA;AAAA,MACR;AAAA,IACD,CAAA;AAAA,IAEA,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,IAAI,CAAC,MAAM,WAAA,EAAa;AACvB,QAAA,MAAA,CAAO,MAAM,oDAAoD,CAAA;AACjE,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,IAAI;AACH,QAAA,MAAM,WAAW,MAAM,WAAA;AAAA,UACtB,GAAG,gBAAgB,CAAA,kBAAA,CAAA;AAAA,UACnB;AAAA,YACC,OAAA,EAAS;AAAA,cACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA,CAAA;AAAA,cAC1C,MAAA,EAAQ;AAAA;AACT;AACD,SACD;AAEA,QAAA,IAAI,CAAC,SAAS,IAAA,EAAM;AACnB,UAAA,MAAA,CAAO,MAAM,uCAAuC,CAAA;AACpD,UAAA,OAAO,IAAA;AAAA,QACR;AAEA,QAAA,MAAM,WAAW,QAAA,CAAS,IAAA;AAC1B,QAAA,IAAI,MAAM,OAAA,EAAS;AAClB,UAAA,IAAI,cAAA;AACJ,UAAA,IAAI;AACH,YAAA,cAAA,GAAiBE,SAAAA,CAAU,KAAA,CAAM,OAAO,CAAA,CAAE,GAAA;AAAA,UAC3C,SAAS,KAAA,EAAO;AACf,YAAA,MAAA,CAAO,KAAA,CAAM,qCAAqC,KAAK,CAAA;AACvD,YAAA,OAAO,IAAA;AAAA,UACR;AAIA,UAAA,MAAM,eAAA,GAAkB,QAAA,CAAS,GAAA,IAAO,QAAA,CAAS,OAAA;AACjD,UAAA,IAAI,CAAC,cAAA,IAAkB,eAAA,KAAoB,cAAA,EAAgB;AAC1D,YAAA,MAAA,CAAO,KAAA;AAAA,cACN;AAAA,aACD;AACA,YAAA,OAAO,IAAA;AAAA,UACR;AAAA,QACD;AAEA,QAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,QAAQ,CAAA;AAEzD,QAAA,MAAM,MAAA,GAAS;AAAA,UACd,IAAA,EAAM;AAAA,YACL,IAAI,QAAA,CAAS,OAAA;AAAA,YACb,MAAM,QAAA,CAAS,IAAA;AAAA,YACf,OAAO,QAAA,CAAS,KAAA;AAAA,YAChB,OAAO,QAAA,CAAS,OAAA;AAAA,YAChB,eAAe,QAAA,CAAS,cAAA;AAAA,YACxB,GAAG;AAAA,WACJ;AAAA,UACA,IAAA,EAAM;AAAA,SACP;AAEA,QAAA,OAAO,MAAA;AAAA,MACR,SAAS,KAAA,EAAO;AACf,QAAA,MAAA,CAAO,KAAA,CAAM,0CAA0C,KAAK,CAAA;AAC5D,QAAA,OAAO,IAAA;AAAA,MACR;AAAA,IACD,CAAA;AAAA,IAEA;AAAA,GACD;AACD;;;ACnRO,IAAM,KAAA,GAAQ,CAAC,OAAA,KAA0B;AAC/C,EAAA,MAAMH,cAAAA,GAAgB,sCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,OAAA;AAAA,IACJ,IAAA,EAAM,OAAA;AAAA,IACN,uBAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,YAAA,EAAc,aAAY,EAAG;AACpE,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACrB,KACA,CAAC,QAAA,EAAU,WAAW,OAAO,CAAA;AAChC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,OAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,mCAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,QAAQ,OAAA,CAAQ;AAAA,OAChB,CAAA;AAAA,IACF,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,yCAAA;AAAA,QACA;AAAA,UACC,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AACA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AAGxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,EAAA;AAAA,UACZ,IAAA,EAAM,OAAA,CAAQ,WAAA,IAAe,OAAA,CAAQ,QAAA,IAAY,EAAA;AAAA,UACjD,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,OAAO,OAAA,CAAQ,UAAA;AAAA,UACf,aAAA,EAAe,QAAQ,cAAA,IAAkB,KAAA;AAAA,UACzC,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACtGA,IAAM,qBAAA,GAAwB,0CAAA;AAC9B,IAAM,aAAA,GAAgB,2CAAA;AACtB,IAAM,gBAAA,GAAmB,wCAAA;AAiBlB,IAAM,OAAA,GAAU,CAAC,OAAA,KAA4B;AACnD,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,SAAA;AAAA,IACJ,IAAA,EAAM,SAAA;AAAA,IACN,uBAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,YAAA,EAAc,aAAY,EAAG;AACpE,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACrB,KACA,CAAC,QAAA,EAAU,SAAS,SAAS,CAAA;AAChC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,SAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA;AAAA,QACA,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA;AAAA,QACA,cAAA,EAAgB;AAAA,OAChB,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA;AAAA,QACA,cAAA,EAAgB;AAAA,OAChB,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,gBAAA;AAAA,QACA,EAAE,SAAS,EAAE,aAAA,EAAe,UAAU,KAAA,CAAM,WAAW,IAAG;AAAE,OAC7D;AACA,MAAA,IAAI,KAAA,IAAS,CAAC,OAAA,EAAS;AACtB,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AAGxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,GAAA;AAAA,UACZ,MAAM,OAAA,CAAQ,IAAA;AAAA,UACd,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,OAAO,OAAA,CAAQ,OAAA;AAAA,UACf,aAAA,EAAe,KAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;AC5EO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,sBAAA,CAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,aAAY,EAAG;AACtD,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,UAAU,CAAA;AAC9D,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,QAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,yCAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,WAAA;AAAA,QACA,UAAU,OAAA,CAAQ;AAAA,OAClB,CAAA;AAAA,IACF,CAAA;AAAA,IACA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,QAChC,UAAA,EAAY,oBAAA;AAAA,QACZ,IAAA;AAAA,QACA,YAAA,EAAc,QAAQ,WAAA,IAAe;AAAA,OACrC,CAAA;AACD,MAAA,MAAM,OAAA,GAAU;AAAA,QACf,cAAA,EAAgB,mCAAA;AAAA,QAChB,MAAA,EAAQ,YAAA;AAAA,QACR,YAAA,EAAc,aAAA;AAAA,QACd,aAAA,EAAe,SAAS,MAAA,CAAO,MAAA;AAAA,UAC9B,CAAA,EAAG,OAAA,CAAQ,QAAQ,CAAA,CAAA,EAAI,QAAQ,YAAY,CAAA;AAAA,SAC3C,CAAA;AAAA,OACF;AAEA,MAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,WAAA;AAAA,QAC7B,4CAAA;AAAA,QACA;AAAA,UACC,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA;AAAA,UACA,IAAA,EAAM,KAAK,QAAA;AAAS;AACrB,OACD;AAEA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,MAAM,KAAA;AAAA,MACP;AAEA,MAAA,OAAO,gBAAgB,IAAI,CAAA;AAAA,IAC5B,CAAA;AAAA,IAEA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,cAAA,EAAgB,OAAA;AAAA,QAChB,aAAA,EAAe;AAAA,OACf,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,oCAAA;AAAA,QACA;AAAA,UACC,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA,CAAA;AAAA,YAC1C,YAAA,EAAc;AAAA;AACf;AACD,OACD;AAEA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AAKxD,MAAA,MAAM,KAAA,GAAQ,OAAA,EAAS,KAAA,IAAS,CAAA,EAAG,QAAQ,EAAE,CAAA,eAAA,CAAA;AAC7C,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,EAAA;AAAA,UACZ,MAAM,OAAA,CAAQ,IAAA;AAAA,UACd,OAAO,OAAA,CAAQ,QAAA,EAAU,KAAA,CAAM,GAAG,EAAE,CAAC,CAAA;AAAA,UACrC,GAAG,OAAA;AAAA,UACH,KAAA;AAAA,UACA,aAAA,EAAe,SAAS,aAAA,IAAiB;AAAA,SAC1C;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;AC3FO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,MAAMA,cAAAA,GAAgB,wCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,sBAAA,CAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,aAAY,EAAG;AACtD,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,UAAU,SAAS,CAAA;AACvE,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,IAAI,GAAA;AAAA,QACV,oDAAoD,OAAA,CAAQ,IAAA;AAAA,UAC3D;AAAA,SACA,CAAA,8BAAA,EACA,OAAA,CAAQ,QACT,CAAA,cAAA,EAAiB,kBAAA;AAAA,UAChB,QAAQ,WAAA,IAAe;AAAA,SACvB,CAAA,OAAA,EAAU,KAAK,CAAA,QAAA,EAAW,OAAA,CAAQ,UAAU,wBAAwB,CAAA;AAAA,OACtE;AAAA,IACD,CAAA;AAAA,IACA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA,EAAa,QAAQ,WAAA,IAAe,WAAA;AAAA,QACpC,OAAA;AAAA,QACA,aAAA,EAAAA,cAAAA;AAAA,QACA,cAAA,EAAgB;AAAA,OAChB,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,2CAAA;AAAA,QACA;AAAA,UACC,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AAEA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AAGxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,GAAA;AAAA,UACZ,IAAA,EAAM,OAAA,CAAQ,QAAA,IAAY,OAAA,CAAQ,kBAAA,IAAsB,EAAA;AAAA,UACxD,OAAO,OAAA,CAAQ,OAAA;AAAA,UACf,KAAA,EAAO,QAAQ,kBAAA,IAAsB,IAAA;AAAA;AAAA,UACrC,aAAA,EAAe,KAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,UACL,GAAG;AAAA;AACJ,OACD;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACtEO,IAAM,UAAA,GAAa,CAAC,OAAA,KAA+B;AACzD,EAAA,MAAM,WAAA,GAAc,QAAQ,WAAA,IAAe,YAAA;AAC3C,EAAA,MAAM,YAAY,WAAA,KAAgB,SAAA;AAClC,EAAA,MAAMD,sBAAAA,GAAwB,QAAQ,QAAA,GACnC,CAAA,QAAA,EAAW,QAAQ,QAAQ,CAAA,0BAAA,CAAA,GAC3B,YACC,uDAAA,GACA,wDAAA;AAEJ,EAAA,MAAMC,cAAAA,GAAgB,QAAQ,QAAA,GAC3B,CAAA,QAAA,EAAW,QAAQ,QAAQ,CAAA,sBAAA,CAAA,GAC3B,YACC,mDAAA,GACA,oDAAA;AAEJ,EAAA,MAAM,gBAAA,GAAmB,QAAQ,QAAA,GAC9B,CAAA,QAAA,EAAW,QAAQ,QAAQ,CAAA,yBAAA,CAAA,GAC3B,YACC,sDAAA,GACA,uDAAA;AAEJ,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,YAAA;AAAA,IACJ,IAAA,EAAM,YAAA;AAAA,IAEN,MAAM,sBAAA,CAAuB,EAAE,OAAO,MAAA,EAAQ,YAAA,EAAc,aAAY,EAAG;AAC1E,MAAA,IAAI,CAAC,OAAA,CAAQ,QAAA,IAAY,CAAC,QAAQ,YAAA,EAAc;AAC/C,QAAA,MAAA,CAAO,KAAA;AAAA,UACN;AAAA,SACD;AACA,QAAA,MAAM,IAAI,gBAAgB,+BAA+B,CAAA;AAAA,MAC1D;AACA,MAAA,IAAI,CAAC,YAAA,EAAc;AAClB,QAAA,MAAM,IAAI,gBAAgB,yCAAyC,CAAA;AAAA,MACpE;AAEA,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACrB,KACA,CAAC,QAAA,EAAU,SAAS,SAAS,CAAA;AAChC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAElC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,YAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAAD,sBAAAA;AAAA,QACA,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA,EAAa,QAAQ,WAAA,IAAe;AAAA,OACpC,CAAA;AAAA,IACF,CAAA;AAAA,IAEA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA,EAAa,QAAQ,WAAA,IAAe,WAAA;AAAA,QACpC,OAAA;AAAA,QACA,aAAA,EAAAC;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IAEA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IAEF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,IAAI;AACH,QAAA,MAAM,EAAE,IAAA,EAAM,IAAA,EAAK,GAAI,MAAM,WAAA;AAAA,UAC5B,gBAAA;AAAA,UACA;AAAA,YACC,OAAA,EAAS;AAAA,cACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,SACD;AAEA,QAAA,IAAI,CAAC,IAAA,EAAM;AACV,UAAA,MAAA,CAAO,MAAM,2CAA2C,CAAA;AACxD,UAAA,OAAO,IAAA;AAAA,QACR;AAEA,QAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,IAAI,CAAA;AAErD,QAAA,OAAO;AAAA,UACN,IAAA,EAAM;AAAA,YACL,IAAI,IAAA,CAAK,OAAA;AAAA,YACT,MAAM,IAAA,CAAK,IAAA;AAAA,YACX,OAAO,IAAA,CAAK,KAAA;AAAA,YACZ,KAAA,EAAO,IAAA,CAAK,MAAA,EAAQ,OAAA,IAAW,KAAK,MAAA,EAAQ,SAAA;AAAA,YAC5C,aAAA,EAAe,KAAK,cAAA,IAAkB,KAAA;AAAA,YACtC,GAAG;AAAA,WACJ;AAAA,UACA,IAAA,EAAM;AAAA,SACP;AAAA,MACD,SAAS,KAAA,EAAO;AACf,QAAA,MAAA,CAAO,KAAA,CAAM,8CAA8C,KAAK,CAAA;AAChE,QAAA,OAAO,IAAA;AAAA,MACR;AAAA,IACD,CAAA;AAAA,IAEA;AAAA,GACD;AACD;;;ACvHO,IAAM,KAAA,GAAQ,CAAC,OAAA,KAA0B;AAC/C,EAAA,MAAMA,cAAAA,GAAgB,4CAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,OAAA;AAAA,IACJ,IAAA,EAAM,OAAA;AAAA,IACN,sBAAA,CAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,aAAY,EAAG;AACtD,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACrB,KACA,CAAC,QAAA,EAAU,WAAW,OAAO,CAAA;AAChC,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,4CAA4C,CAAA;AAChE,MAAA,GAAA,CAAI,aAAa,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,IAAA,CAAK,GAAG,CAAC,CAAA;AAC/C,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAC5C,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,OAAA,CAAQ,QAAQ,CAAA;AAClD,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,OAAA,CAAQ,eAAe,WAAW,CAAA;AACvE,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AACnC,MAAA,OAAO,GAAA;AAAA,IACR,CAAA;AAAA,IACA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,+CAAA;AAAA,QACA;AAAA,UACC,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AAEA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,EAAA,EAAI,QAAQ,2BAA2B,CAAA;AAAA,UACvC,IAAA,EAAM,QAAQ,IAAA,IAAQ,EAAA;AAAA,UACtB,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,eAAe,OAAA,CAAQ,cAAA;AAAA,UACvB,KAAA,EAAO,OAAA,CAAQ,OAAA,IAAW,OAAA,CAAQ,kCAAkC,CAAA;AAAA,UACpE,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;AC1FO,IAAM,OAAA,GAAU,CAAC,OAAA,KAA4B;AACnD,EAAA,MAAMA,cAAAA,GAAgB,wCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,SAAA;AAAA,IACJ,IAAA,EAAM,SAAA;AAAA,IACN,uBAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,YAAA,EAAc,aAAY,EAAG;AACpE,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,iBAAiB,CAAA;AACrE,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,SAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,wCAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,+BAAA;AAAA,QACA;AAAA,UACC,MAAA,EAAQ,KAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AACA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,EAAA;AAAA,UACZ,MAAM,OAAA,CAAQ,YAAA;AAAA,UACd,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,KAAA,EAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA,EAAG,GAAA;AAAA,UAC1B,aAAA,EAAe,KAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACmCO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,MAAMA,cAAAA,GAAgB,6CAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,sBAAA,CAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,aAAY,EAAG;AACtD,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,mBAAmB,CAAA;AACvE,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,IAAI,GAAA;AAAA,QACV,kDAAkD,OAAA,CAAQ,IAAA;AAAA,UACzD;AAAA,SACA,CAAA,+BAAA,EAAkC,OAAA,CAAQ,SAAS,CAAA,cAAA,EAAiB,kBAAA;AAAA,UACpE,QAAQ,WAAA,IAAe;AAAA,SACvB,UAAU,KAAK,CAAA;AAAA,OACjB;AAAA,IACD,CAAA;AAAA,IAEA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA,EAAa,QAAQ,WAAA,IAAe,WAAA;AAAA,QACpC,OAAA,EAAS;AAAA,UACR,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA,cAAAA;AAAA,QACA,cAAA,EAAgB,MAAA;AAAA,QAChB,WAAA,EAAa;AAAA,UACZ,YAAY,OAAA,CAAQ;AAAA;AACrB,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,MAAM,MAAA,GAAS;AAAA,QACd,SAAA;AAAA,QACA,kBAAA;AAAA,QACA,cAAA;AAAA,QACA;AAAA,OACD;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,CAAA,iDAAA,EAAoD,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAAA;AAAA,QACpE;AAAA,UACC,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AAEA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,OAAO,OAAA,CAAQ,IAAA,CAAK,KAAK,KAAA,IAAS,OAAA,CAAQ,KAAK,IAAA,CAAK,QAAA;AAAA,UACpD,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,IAAA,CAAK,OAAA;AAAA,UACtB,IAAA,EACC,QAAQ,IAAA,CAAK,IAAA,CAAK,gBAAgB,OAAA,CAAQ,IAAA,CAAK,KAAK,QAAA,IAAY,EAAA;AAAA,UACjE,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,IAAA,CAAK,gBAAA;AAAA,UACzB,aAAA,EAAe;AAAA,SAChB;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;AC3KO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,MAAMA,cAAAA,GAAgB,mCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,sBAAA,CAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,aAAY,EAAG;AACtD,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GACrB,EAAC,GACD,CAAC,mBAAmB,QAAQ,CAAA;AAC/B,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,QAAA;AAAA,QACJ,WAAA;AAAA,QACA,OAAA;AAAA,QACA,qBAAA,EAAuB,uCAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,MAAA,EAAQ,QAAQ,MAAA,IAAU;AAAA,UACzB,OAAA;AAAA,UACA,gBAAA;AAAA,UACA,oBAAA;AAAA,UACA;AAAA;AACD,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAM,aAAY,KAAM;AAC3D,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,UAAU,KAAA,CAAM,OAAA;AACtB,MAAA,IAAI,CAAC,OAAA,EAAS;AACb,QAAA,MAAA,CAAO,MAAM,2BAA2B,CAAA;AACxC,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,OAAA,GAAUG,UAAU,OAAO,CAAA;AACjC,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,GAAA;AAAA,UACZ,MAAM,OAAA,CAAQ,kBAAA;AAAA,UACd,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,OAAO,OAAA,CAAQ,OAAA;AAAA,UACf,eAAe,OAAA,CAAQ,cAAA;AAAA,UACvB,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACNO,IAAM,OAAA,GAAU,CAAC,OAAA,KAA2B;AAClD,EAAA,MAAMH,cAAAA,GAAgB,kCAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,SAAA;AAAA,IACJ,IAAA,EAAM,SAAA;AAAA,IACN,uBAAuB,IAAA,EAAM;AAC5B,MAAA,MAAM,OAAA,GAAU,QAAQ,mBAAA,GACrB,KACA,CAAC,YAAA,EAAc,YAAA,EAAc,gBAAA,EAAkB,aAAa,CAAA;AAC/D,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,KAAK,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,KAAK,MAAM,CAAA;AAC5C,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,SAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,kCAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,cAAc,IAAA,CAAK,YAAA;AAAA,QACnB,aAAa,IAAA,CAAK;AAAA,OAClB,CAAA;AAAA,IACF,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,cAAA,EAAgB,OAAA;AAAA,QAChB,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IAEA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,cAAA,EAAgB,OAAA;AAAA,QAChB,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,EAAO,YAAA,KAC7B,MAAM,WAAA;AAAA,QACL,4DAAA;AAAA,QACA;AAAA,UACC,MAAA,EAAQ,KAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AAED,MAAA,IAAI,YAAA,EAAc;AACjB,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,EAAE,MAAM,SAAA,EAAW,KAAA,EAAO,YAAW,GAAI,MAAM,YAElD,0DAAA,EAA4D;AAAA,QAC9D,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C,OACA,CAAA;AACD,MAAA,IAAI,aAAA,GAAgB,KAAA;AACpB,MAAA,IAAI,CAAC,UAAA,IAAc,SAAA,EAAW,IAAA,EAAM,eAAA,EAAiB;AACpD,QAAA,OAAA,CAAQ,IAAA,CAAK,KAAA,GAAQ,SAAA,CAAU,IAAA,CAAK,eAAA;AACpC,QAAA,aAAA,GAAgB,IAAA;AAAA,MACjB;AACA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,EAAA,EAAI,QAAQ,IAAA,CAAK,EAAA;AAAA,UACjB,IAAA,EAAM,QAAQ,IAAA,CAAK,IAAA;AAAA,UACnB,OAAO,OAAA,CAAQ,IAAA,CAAK,KAAA,IAAS,OAAA,CAAQ,KAAK,QAAA,IAAY,IAAA;AAAA,UACtD,KAAA,EAAO,QAAQ,IAAA,CAAK,iBAAA;AAAA,UACpB,aAAA;AAAA,UACA,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACpLO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,uBAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,YAAA,EAAc,aAAY,EAAG;AACpE,MAAA,IAAI,CAAC,YAAA,EAAc;AAClB,QAAA,MAAM,IAAI,gBAAgB,qCAAqC,CAAA;AAAA,MAChE;AAEA,MAAA,IAAI,OAAA,GAAgC,MAAA;AACpC,MAAA,IAAI,OAAA,CAAQ,KAAA,KAAU,MAAA,IAAa,MAAA,KAAW,MAAA,EAAW;AACxD,QAAA,OAAA,GAAU,EAAC;AACX,QAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,QAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAAA,MACnC;AAEA,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,QAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAuB,oCAAA;AAAA,QACvB,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,YAAA,EAAc,aAAY,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAe;AAAA,OACf,CAAA;AAAA,IACF,CAAA;AAAA,IACA,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,6CAAA;AAAA,QACA;AAAA,UACC,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AAEA,MAAA,IAAI,KAAA,IAAS,CAAC,OAAA,EAAS;AACtB,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,GAAA;AAAA,UACZ,IAAA,EAAM,OAAA,CAAQ,IAAA,IAAQ,OAAA,CAAQ,kBAAA,IAAsB,EAAA;AAAA,UACpD,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,OAAO,OAAA,CAAQ,OAAA;AAAA,UACf,aAAA,EAAe,QAAQ,cAAA,IAAkB,KAAA;AAAA,UACzC,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;AC3DO,IAAM,EAAA,GAAK,CAAC,OAAA,KAAsB;AACxC,EAAA,MAAMA,cAAAA,GAAgB,+BAAA;AACtB,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,IAAA;AAAA,IACJ,IAAA,EAAM,IAAA;AAAA,IACN,MAAM,sBAAA,CAAuB,EAAE,OAAO,MAAA,EAAQ,YAAA,EAAc,aAAY,EAAG;AAC1E,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,SAAS,OAAO,CAAA;AACpE,MAAA,IAAI,QAAQ,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAChD,MAAA,IAAI,MAAA,EAAQ,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAClC,MAAA,MAAMD,sBAAAA,GAAwB,6BAAA;AAE9B,MAAA,OAAO,sBAAA,CAAuB;AAAA,QAC7B,EAAA,EAAI,IAAA;AAAA,QACJ,OAAA;AAAA,QACA,qBAAA,EAAAA,sBAAAA;AAAA,QACA,MAAA,EAAQ,OAAA;AAAA,QACR,KAAA;AAAA,QACA,WAAA;AAAA,QACA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,2BAA2B,OAAO;AAAA,MACjC,IAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACD,KAAM;AACL,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA,EAAa,QAAQ,WAAA,IAAe,WAAA;AAAA,QACpC,OAAA;AAAA,QACA,QAAA;AAAA,QACA,aAAA,EAAAC;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,OAAO,kBAAA,CAAmB;AAAA,QACzB,YAAA;AAAA,QACA,OAAA,EAAS;AAAA,UACR,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,UACnB,cAAc,OAAA,CAAQ;AAAA,SACvB;AAAA,QACA,aAAA,EAAAA;AAAA,OACA,CAAA;AAAA,IACF,CAAA;AAAA,IACF,MAAM,YAAY,IAAA,EAAM;AACvB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,IAAI,CAAA;AAAA,MAChC;AACA,MAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACtB,QAAA,OAAO,IAAA;AAAA,MACR;AACA,MAAA,MAAM,QAAA,GAAW,IAAI,eAAA,CAAgB;AAAA,QACpC,cAAc,IAAA,CAAK,WAAA;AAAA,QACnB,WAAW,OAAA,CAAQ;AAAA,OACnB,EAAE,QAAA,EAAS;AACZ,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,oCAAA;AAAA,QACA;AAAA,UACC,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACR,cAAA,EAAgB;AAAA,WACjB;AAAA,UACA,IAAA,EAAM;AAAA;AACP,OACD;AACA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,IAAI,CAAC,OAAA,CAAQ,IAAA,CAAK,KAAA,IAAS,CAAC,SAAS,KAAA,EAAO;AAC3C,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,EAAA,EAAI,QAAQ,IAAA,CAAK,OAAA;AAAA,UACjB,UAAA,EAAY,QAAQ,IAAA,CAAK,UAAA;AAAA,UACzB,SAAA,EAAW,QAAQ,IAAA,CAAK,SAAA;AAAA,UACxB,KAAA,EAAO,QAAQ,IAAA,CAAK,KAAA;AAAA,UACpB,KAAA,EAAO,QAAQ,IAAA,CAAK,MAAA;AAAA,UACpB,aAAA,EAAe,KAAA;AAAA,UACf,QAAA,EAAU,QAAQ,IAAA,CAAK,QAAA;AAAA,UACvB,GAAA,EAAK,QAAQ,IAAA,CAAK,GAAA;AAAA,UAClB,IAAA,EAAM,GAAG,OAAA,CAAQ,IAAA,CAAK,UAAU,CAAA,CAAA,EAAI,OAAA,CAAQ,KAAK,SAAS,CAAA,CAAA;AAAA,UAC1D,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACpEO,IAAM,MAAA,GAAS,CAAC,OAAA,KAA2B;AACjD,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,QAAA;AAAA,IACJ,IAAA,EAAM,QAAA;AAAA,IACN,sBAAA,CAAuB,EAAE,KAAA,EAAO,MAAA,EAAQ,aAAY,EAAG;AACtD,MAAA,MAAM,UAAU,OAAA,CAAQ,mBAAA,GAAsB,EAAC,GAAI,CAAC,cAAc,CAAA;AAClE,MAAA,OAAA,CAAQ,KAAA,IAAS,OAAA,CAAQ,IAAA,CAAK,GAAG,QAAQ,KAAK,CAAA;AAC9C,MAAA,MAAA,IAAU,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,CAAA;AAIhC,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,8CAA8C,CAAA;AAClE,MAAA,GAAA,CAAI,aAAa,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,IAAA,CAAK,GAAG,CAAC,CAAA;AAC/C,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAC5C,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,OAAA,CAAQ,QAAQ,CAAA;AAC9C,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,OAAA,CAAQ,eAAe,WAAW,CAAA;AACvE,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AACnC,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAA,EAAQ,OAAA,CAAQ,QAAQ,IAAI,CAAA;AACjD,MAAA,GAAA,CAAI,IAAA,GAAO,iBAAA;AAEX,MAAA,OAAO,GAAA;AAAA,IACR,CAAA;AAAA;AAAA;AAAA;AAAA,IAKA,yBAAA,EAA2B,OAAO,EAAE,IAAA,EAAK,KAAM;AAC9C,MAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,QAClC,OAAO,OAAA,CAAQ,QAAA;AAAA,QACf,QAAQ,OAAA,CAAQ,YAAA;AAAA,QAChB,IAAA;AAAA,QACA,UAAA,EAAY;AAAA,OACZ,CAAA;AAED,MAAA,MAAM,EAAE,IAAA,EAAM,SAAA,EAAW,KAAA,KAAU,MAAM,WAAA;AAAA,QAUxC,oDAAA,GACC,OAAO,QAAA,EAAS;AAAA,QACjB;AAAA,UACC,MAAA,EAAQ;AAAA;AACT,OACD;AAEA,MAAA,IAAI,KAAA,IAAS,CAAC,SAAA,IAAa,SAAA,CAAU,OAAA,EAAS;AAC7C,QAAA,MAAM,IAAI,KAAA;AAAA,UACT,CAAA,uCAAA,EAA0C,SAAA,EAAW,MAAA,IAAU,KAAA,EAAO,WAAW,eAAe,CAAA;AAAA,SACjG;AAAA,MACD;AAEA,MAAA,OAAO;AAAA,QACN,SAAA,EAAW,QAAA;AAAA,QACX,aAAa,SAAA,CAAU,YAAA;AAAA,QACvB,cAAc,SAAA,CAAU,aAAA;AAAA,QACxB,sBAAsB,IAAI,IAAA;AAAA,UACzB,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA,CAAU,UAAA,GAAa;AAAA,SACrC;AAAA,QACA,MAAA,EAAQ,SAAA,CAAU,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAAA;AAAA;AAAA,QAGjC,QAAQ,SAAA,CAAU,MAAA;AAAA,QAClB,SAAS,SAAA,CAAU;AAAA,OACpB;AAAA,IACD,CAAA;AAAA,IAEA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,OAAA,CAAQ,kBAAA,GACR,OAAO,YAAA,KAAiB;AACxB,MAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,QAClC,OAAO,OAAA,CAAQ,QAAA;AAAA,QACf,UAAA,EAAY,eAAA;AAAA,QACZ,aAAA,EAAe;AAAA,OACf,CAAA;AAED,MAAA,MAAM,EAAE,IAAA,EAAM,SAAA,EAAW,KAAA,KAAU,MAAM,WAAA;AAAA,QASxC,qDAAA,GACC,OAAO,QAAA,EAAS;AAAA,QACjB;AAAA,UACC,MAAA,EAAQ;AAAA;AACT,OACD;AAEA,MAAA,IAAI,KAAA,IAAS,CAAC,SAAA,IAAa,SAAA,CAAU,OAAA,EAAS;AAC7C,QAAA,MAAM,IAAI,KAAA;AAAA,UACT,CAAA,gCAAA,EAAmC,SAAA,EAAW,MAAA,IAAU,KAAA,EAAO,WAAW,eAAe,CAAA;AAAA,SAC1F;AAAA,MACD;AAEA,MAAA,OAAO;AAAA,QACN,SAAA,EAAW,QAAA;AAAA,QACX,aAAa,SAAA,CAAU,YAAA;AAAA,QACvB,cAAc,SAAA,CAAU,aAAA;AAAA,QACxB,sBAAsB,IAAI,IAAA;AAAA,UACzB,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA,CAAU,UAAA,GAAa;AAAA,SACrC;AAAA,QACA,MAAA,EAAQ,SAAA,CAAU,KAAA,CAAM,KAAA,CAAM,GAAG;AAAA,OAClC;AAAA,IACD,CAAA;AAAA,IAEF,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AAEA,MAAA,MAAM,SAAU,KAAA,CAA6C,MAAA;AAE7D,MAAA,IAAI,CAAC,MAAA,EAAQ;AACZ,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,QAClC,YAAA,EAAc,MAAM,WAAA,IAAe,EAAA;AAAA,QACnC,MAAA;AAAA,QACA,IAAA,EAAM;AAAA,OACN,CAAA;AAED,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,EAAM,GAAI,MAAM,WAAA,CAErC,yCAAA,GAA4C,MAAA,CAAO,QAAA,EAAS,EAAG;AAAA,QAChE,MAAA,EAAQ;AAAA,OACR,CAAA;AAED,MAAA,IAAI,KAAA,IAAS,CAAC,OAAA,IAAW,OAAA,CAAQ,OAAA,EAAS;AACzC,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AACxD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,EAAA,EAAI,OAAA,CAAQ,OAAA,IAAW,OAAA,CAAQ,MAAA,IAAU,MAAA;AAAA,UACzC,MAAM,OAAA,CAAQ,QAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,UAMd,KAAA,EACC,QAAQ,KAAA,IACR,CAAA,EAAG,QAAQ,OAAA,IAAW,OAAA,CAAQ,UAAU,MAAM,CAAA,eAAA,CAAA;AAAA,UAC/C,OAAO,OAAA,CAAQ,UAAA;AAAA,UACf,aAAA,EAAe,KAAA;AAAA,UACf,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,OACP;AAAA,IACD,CAAA;AAAA,IACA;AAAA,GACD;AACD;;;ACpMO,IAAM,IAAA,GAAO,CAAC,WAAA,KAA6B;AACjD,EAAA,MAAM,OAAA,GAAU;AAAA,IACf,IAAA,EAAM,IAAA;AAAA,IACN,GAAG;AAAA,GACJ;AAEA,EAAA,OAAO;AAAA,IACN,EAAA,EAAI,MAAA;AAAA,IACJ,IAAA,EAAM,MAAA;AAAA,IACN,wBAAwB,OAAO,EAAE,KAAA,EAAO,WAAA,EAAa,cAAa,KAAM;AACvE,MAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,QAClC,aAAA,EAAe,MAAA;AAAA,QACf,YAAA,EAAc,OAAA,CAAQ,WAAA,GAAc,OAAA,CAAQ,WAAA,GAAc,WAAA;AAAA,QAC1D,WAAW,OAAA,CAAQ,QAAA;AAAA,QACnB;AAAA,OACA,CAAA;AAED,MAAA,IAAI,QAAQ,IAAA,EAAM;AACjB,QAAA,MAAM,aAAA,GAAgB,MAAM,qBAAA,CAAsB,YAAY,CAAA;AAC9D,QAAA,MAAA,CAAO,GAAA,CAAI,yBAAyB,MAAM,CAAA;AAC1C,QAAA,MAAA,CAAO,GAAA,CAAI,kBAAkB,aAAa,CAAA;AAAA,MAC3C;AAEA,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,iCAAiC,CAAA;AACrD,MAAA,GAAA,CAAI,MAAA,GAAS,OAAO,QAAA,EAAS;AAE7B,MAAA,OAAO,GAAA;AAAA,IACR,CAAA;AAAA,IACA,2BAA2B,OAAO,EAAE,IAAA,EAAM,WAAA,EAAa,cAAa,KAAM;AACzE,MAAA,OAAO,yBAAA,CAA0B;AAAA,QAChC,IAAA;AAAA,QACA,WAAA,EAAa,QAAQ,WAAA,IAAe,WAAA;AAAA,QACpC,YAAA;AAAA,QACA,OAAA;AAAA,QACA,aAAA,EAAe,6BAAA;AAAA,QACf,cAAA,EAAgB;AAAA,OAChB,CAAA;AAAA,IACF,CAAA;AAAA,IACA,oBAAoB,OAAA,CAAQ,kBAAA,GACzB,QAAQ,kBAAA,GACR,OAAO,iBACP,kBAAA,CAAmB;AAAA,MAClB,YAAA;AAAA,MACA,OAAA,EAAS;AAAA,QACR,UAAU,OAAA,CAAQ,QAAA;AAAA,QAClB,WAAW,OAAA,CAAQ,SAAA;AAAA,QACnB,cAAc,OAAA,CAAQ;AAAA,OACvB;AAAA,MACA,aAAA,EAAe;AAAA,KACf,CAAA;AAAA,IACJ,MAAM,YAAY,KAAA,EAAO;AACxB,MAAA,IAAI,QAAQ,WAAA,EAAa;AACxB,QAAA,OAAO,OAAA,CAAQ,YAAY,KAAK,CAAA;AAAA,MACjC;AACA,MAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,KAAU,MAAM,WAAA;AAAA,QACtC,iCAAA;AAAA,QACA;AAAA,UACC,OAAA,EAAS;AAAA,YACR,aAAA,EAAe,CAAA,OAAA,EAAU,KAAA,CAAM,WAAW,CAAA;AAAA;AAC3C;AACD,OACD;AAEA,MAAA,IAAI,KAAA,EAAO;AACV,QAAA,OAAO,IAAA;AAAA,MACR;AAEA,MAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,gBAAA,GAAmB,OAAO,CAAA;AAExD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM;AAAA,UACL,IAAI,OAAA,CAAQ,EAAA;AAAA,UACZ,MAAM,OAAA,CAAQ,YAAA;AAAA,UACd,OAAO,OAAA,CAAQ,OAAA;AAAA,UACf,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,aAAA,EAAe,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,UACvC,GAAG;AAAA,SACJ;AAAA,QACA,IAAA,EAAM;AAAA,UACL,GAAG;AAAA;AACJ,OACD;AAAA,IACD;AAAA,GACD;AACD;;;AChEO,IAAM,eAAA,GAAkB;AAAA,EAC7B,KAAA;AAAA,EACA,SAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,QAAA;AAAA,EACA,KAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EACA,MAAA;AAAA,EACA,WAAA;AAAA,EACA,KAAA;AAAA,EACA,OAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,IAAA;AAAA,EACA,MAAA;AAAA,EACA,QAAA;AAAA,EACA,MAAA;AAAA,EACA,MAAA;AAAA,EACA,MAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EACA,EAAA;AAAA,EACA,IAAA;AAAA,EACA,MAAA;AAAA,EACA,KAAA;AAAA,EACA,KAAA;AAAA,EACA,IAAA;AAAA,EACA,MAAA;AAAA,EACA,MAAA;AAAA,EACA,KAAA;AAAA,EACA,OAAA;AAAA,EACA,MAAA;AAAA,EACA;AACF;AAGO,IAAM,kBAAA,GAAqB,MAAA,CAAO,IAAA,CAAK,eAAe;AAStD,IAAM,yBACV,CAAA,CAAA,IAAA,CAAK,kBAAkB,CAAA,CACvB,EAAA,CAAK,UAAQ","file":"social-providers.js","sourcesContent":["export type LogLevel = 'debug' | 'info' | 'success' | 'warn' | 'error'\n\nconst levels = ['debug', 'info', 'success', 'warn', 'error'] as const\n\nfunction shouldPublishLog(current: LogLevel, level: LogLevel): boolean {\n return levels.indexOf(level) >= levels.indexOf(current)\n}\n\nfunction resolveLogLevel(): LogLevel {\n try {\n const env =\n typeof process !== 'undefined' && process.env\n ? process.env.ATHENA_AUTH_LOG_LEVEL\n : undefined\n if (\n env === 'debug' ||\n env === 'info' ||\n env === 'warn' ||\n env === 'error' ||\n env === 'success'\n ) {\n return env\n }\n } catch {\n // ignore non-Node environments\n }\n return 'warn'\n}\n\nfunction log(\n level: Exclude<LogLevel, 'success'>,\n message: string,\n ...args: unknown[]\n): void {\n const current = resolveLogLevel()\n if (!shouldPublishLog(current, level === 'info' ? 'info' : level)) return\n\n const fn =\n level === 'error'\n ? console.error\n : level === 'warn'\n ? console.warn\n : console.log\n fn(`[athena-auth] ${message}`, ...args)\n}\n\nexport const logger = {\n debug: (message: string, ...args: unknown[]) => log('debug', message, ...args),\n info: (message: string, ...args: unknown[]) => log('info', message, ...args),\n success: (message: string, ...args: unknown[]) => log('info', message, ...args),\n warn: (message: string, ...args: unknown[]) => log('warn', message, ...args),\n error: (message: string, ...args: unknown[]) => log('error', message, ...args),\n}\n","/**\n * Athena Auth SDK error for configuration and invariant failures in\n * OAuth / social-provider flows.\n */\nexport class AthenaAuthError extends Error {\n constructor(message: string, options?: { cause?: unknown | undefined }) {\n super(message, options)\n this.name = 'AthenaAuthError'\n this.message = message\n this.stack = ''\n }\n}\n\n/** @deprecated Use {@link AthenaAuthError}. */\nexport const BetterAuthError = AthenaAuthError\n","/**\n * Lightweight HTTP/API error used by social-provider helpers.\n *\n * Intentionally does not depend on better-call; status can be a number or\n * string label used by call sites for branching.\n */\nexport class APIError extends Error {\n status: string | number\n statusCode: number\n body: Record<string, unknown> | undefined\n headers: Headers | undefined\n\n constructor(\n status: string | number,\n body?: { message?: string; code?: string; [key: string]: unknown } | string,\n ) {\n const message =\n typeof body === 'string'\n ? body\n : body?.message ?? (typeof status === 'string' ? status : `HTTP ${status}`)\n super(message)\n this.name = 'APIError'\n this.status = status\n this.statusCode = typeof status === 'number' ? status : 500\n this.body = typeof body === 'string' ? { message: body } : body\n this.headers = undefined\n }\n\n static fromStatus(\n status: string | number,\n body?: { message?: string; code?: string; [key: string]: unknown },\n ): APIError {\n return new APIError(status, body)\n }\n\n static from(\n status: string | number,\n error: { code: string; message: string },\n ): APIError {\n return new APIError(status, {\n message: error.message,\n code: error.code,\n })\n }\n}\n","function toUint8Array(input: string | ArrayBuffer | Uint8Array): Uint8Array {\n if (typeof input === 'string') {\n return new TextEncoder().encode(input)\n }\n if (input instanceof Uint8Array) {\n return input\n }\n return new Uint8Array(input)\n}\n\nfunction bytesToBase64(bytes: Uint8Array, urlSafe: boolean, padding: boolean): string {\n let binary = ''\n for (let i = 0; i < bytes.length; i++) {\n binary += String.fromCharCode(bytes[i]!)\n }\n let encoded = btoa(binary)\n if (urlSafe) {\n encoded = encoded.replace(/\\+/g, '-').replace(/\\//g, '_')\n }\n if (!padding) {\n encoded = encoded.replace(/=+$/g, '')\n }\n return encoded\n}\n\n/**\n * Standard Base64 helpers (RFC 4648) used for HTTP Basic Auth credentials.\n */\nexport const base64 = {\n encode(input: string | ArrayBuffer | Uint8Array): string {\n return bytesToBase64(toUint8Array(input), false, true)\n },\n}\n\n/**\n * Base64URL helpers used for PKCE code challenges.\n */\nexport const base64Url = {\n encode(\n input: string | ArrayBuffer | Uint8Array,\n options?: { padding?: boolean },\n ): string {\n return bytesToBase64(toUint8Array(input), true, options?.padding !== false)\n },\n}\n","import type { AthenaFetchOption } from './types.ts'\n\n/**\n * Normalize request bodies for `fetch` (string, form data, or JSON objects).\n */\nexport function normalizeFetchBody(\n body: AthenaFetchOption['body'],\n): string | URLSearchParams | FormData | Blob | null | undefined {\n if (body == null) return body as null | undefined\n if (typeof body === 'string') return body\n if (body instanceof URLSearchParams) return body\n if (body instanceof FormData) return body\n if (body instanceof Blob) return body\n if (typeof body === 'object') {\n return JSON.stringify(body)\n }\n return String(body)\n}\n\n/**\n * Append query params to a URL string.\n */\nexport function applyFetchQuery(\n url: string,\n query?: AthenaFetchOption['query'],\n): string {\n if (!query) return url\n const u = new URL(url)\n for (const [key, value] of Object.entries(query)) {\n if (value === undefined || value === null) continue\n u.searchParams.set(key, String(value))\n }\n return u.toString()\n}\n","import { applyFetchQuery, normalizeFetchBody } from './body.ts'\nimport type { AthenaFetchOption, AthenaFetchResult } from './types.ts'\n\n/**\n * Fetch JSON (or text) and return a better-fetch-like `{ data, error }` result.\n *\n * Used by social-provider token and userinfo calls. Does **not** use\n * `@better-fetch/fetch`.\n */\nexport async function athenaFetch<T = unknown>(\n url: string,\n options: AthenaFetchOption = {},\n): Promise<AthenaFetchResult<T>> {\n const headers = new Headers(options.headers)\n if (options.auth?.token) {\n const type = options.auth.type ?? 'Bearer'\n headers.set('authorization', `${type} ${options.auth.token}`)\n }\n\n const target = applyFetchQuery(url, options.query)\n const body = normalizeFetchBody(options.body)\n\n if (\n body != null &&\n typeof body === 'string' &&\n !headers.has('content-type') &&\n body.startsWith('{')\n ) {\n headers.set('content-type', 'application/json')\n }\n\n try {\n const response = await fetch(target, {\n method: options.method ?? 'GET',\n headers,\n body: body ?? undefined,\n redirect: options.redirect ?? 'follow',\n signal: options.signal,\n })\n\n options.onResponse?.({ response })\n\n if (!response.ok) {\n let message = response.statusText || `HTTP ${response.status}`\n try {\n const errBody = (await response.clone().json()) as {\n message?: string\n error?: string\n error_description?: string\n }\n message =\n errBody.message ||\n errBody.error_description ||\n errBody.error ||\n message\n } catch {\n try {\n message = (await response.clone().text()) || message\n } catch {\n // ignore parse failures\n }\n }\n const error = {\n message,\n status: response.status,\n statusText: response.statusText,\n }\n options.onError?.({ response, error })\n return { data: null, error }\n }\n\n const contentType = response.headers.get('content-type') ?? ''\n if (contentType.includes('application/json') || contentType.includes('+json')) {\n const data = (await response.json()) as T\n return { data, error: null }\n }\n\n const text = await response.text()\n if (!text) {\n return { data: {} as T, error: null }\n }\n try {\n return { data: JSON.parse(text) as T, error: null }\n } catch {\n return { data: text as unknown as T, error: null }\n }\n } catch (cause) {\n const error = {\n message: cause instanceof Error ? cause.message : String(cause),\n status: 0,\n statusText: 'NetworkError',\n }\n // Fetch Response status must be in 200–599; do not use status 0 (throws RangeError).\n // Use 502 as a stable stand-in for transport failures so onError hooks stay safe.\n options.onError?.({\n response: new Response(null, { status: 502, statusText: 'Network Error' }),\n error: cause,\n })\n return { data: null, error }\n }\n}\n\n/** Alias kept so mechanical renames from better-fetch stay readable. */\nexport const betterFetch = athenaFetch\n","// cspell:ignore workerd\nimport type { AthenaFetchOption as BetterFetchOption } from \"../fetch.ts\";\nimport { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport { AthenaAuthError } from \"../error.ts\";\n\nconst HTTP_REDIRECT_STATUSES = new Set([301, 302, 303, 307, 308]);\n\n/**\n * Whether a response from a `redirect: \"manual\"` fetch is a redirect.\n *\n * Node/undici exposes the real 3xx status. Spec-compliant runtimes (Cloudflare\n * Workers, Deno, browsers) return an opaque-redirect filtered response with\n * status 0 and type `\"opaqueredirect\"`, so the status alone is not enough.\n */\nfunction isRedirectResponse(response: Response): boolean {\n\treturn (\n\t\tresponse.type === \"opaqueredirect\" ||\n\t\tHTTP_REDIRECT_STATUSES.has(response.status)\n\t);\n}\n\nfunction redirectRefused(endpoint: string): AthenaAuthError {\n\treturn new AthenaAuthError(\n\t\t`The OAuth endpoint \"${endpoint}\" returned an HTTP redirect. Server-side OAuth fetches refuse redirects to prevent SSRF; configure the final endpoint URL.`,\n\t);\n}\n\n/**\n * Fetch option that refuses HTTP redirects portably.\n *\n * Cloudflare Workers (workerd) rejects `redirect: \"error\"`, so manual mode is\n * used and the resolved response is checked with {@link assertResponseNotRedirect}\n * (or, for betterFetch, with {@link fetchRefusingRedirects}).\n */\nexport const NO_FOLLOW_REDIRECT = { redirect: \"manual\" } as const;\n\n/**\n * Throw when a native-`fetch` response (e.g. jose's JWKS loader) resolved to a\n * redirect, so an attacker-influenced endpoint cannot bounce a server-side\n * request to an internal address.\n */\nexport function assertResponseNotRedirect(\n\tendpoint: string,\n\tresponse: Response,\n): void {\n\tif (isRedirectResponse(response)) throw redirectRefused(endpoint);\n}\n\n/**\n * betterFetch that refuses HTTP redirects on a server-side OAuth fetch.\n *\n * Returns the betterFetch result and throws if the endpoint redirected, on both\n * undici (real 3xx status) and spec-compliant runtimes (opaque redirect, where\n * the error status is 0). The redirect is never followed on any runtime.\n */\nexport async function fetchRefusingRedirects<T>(\n\turl: string,\n\toptions?: BetterFetchOption,\n) {\n\tlet redirected = false;\n\tconst result = await betterFetch<T>(url, {\n\t\t...options,\n\t\t...NO_FOLLOW_REDIRECT,\n\t\tonError(context) {\n\t\t\tif (isRedirectResponse(context.response)) redirected = true;\n\t\t},\n\t});\n\tif (redirected) throw redirectRefused(url);\n\treturn result;\n}\n","import type { OAuth2Tokens } from \"./types.ts\";\n\n/**\n * Normalize a provider token-endpoint JSON body into {@link OAuth2Tokens}.\n *\n * Maps `access_token`, `refresh_token`, `expires_in`, `scope`, and `id_token`,\n * and keeps the raw payload under `raw` for provider-specific fields.\n *\n * @param data - Parsed token response object\n */\nexport function getOAuth2Tokens(data: Record<string, any>): OAuth2Tokens {\n\tconst getDate = (seconds: number) => {\n\t\tconst now = new Date();\n\t\treturn new Date(now.getTime() + seconds * 1000);\n\t};\n\n\treturn {\n\t\ttokenType: data.token_type,\n\t\taccessToken: data.access_token,\n\t\trefreshToken: data.refresh_token,\n\t\taccessTokenExpiresAt: data.expires_in\n\t\t\t? getDate(data.expires_in)\n\t\t\t: undefined,\n\t\trefreshTokenExpiresAt: data.refresh_token_expires_in\n\t\t\t? getDate(data.refresh_token_expires_in)\n\t\t\t: undefined,\n\t\tscopes: data?.scope\n\t\t\t? typeof data.scope === \"string\"\n\t\t\t\t? data.scope.split(\" \")\n\t\t\t\t: data.scope\n\t\t\t: [],\n\t\tidToken: data.id_token,\n\t\traw: data,\n\t};\n}\n\n/**\n * Fill in `accessTokenExpiresAt` when the token response omitted `expires_in`.\n */\nexport function applyDefaultAccessTokenExpiry(\n\ttokens: OAuth2Tokens,\n\taccessTokenExpiresIn: number | undefined,\n): OAuth2Tokens {\n\tif (!tokens.accessTokenExpiresAt && accessTokenExpiresIn) {\n\t\ttokens.accessTokenExpiresAt = new Date(\n\t\t\tDate.now() + accessTokenExpiresIn * 1000,\n\t\t);\n\t}\n\treturn tokens;\n}\n","/**\n * Return the provider's primary Client ID.\n *\n * Accepts a single string or an array form used for multi-audience ID token\n * verification (index `0` is the primary client used for authorize/token\n * exchange; later entries are additional accepted audiences only).\n *\n * @param clientId - `string` or `string[]` from provider options\n * @returns Primary non-empty client id, or `undefined` if missing\n */\nexport function getPrimaryClientId(clientId: unknown): string | undefined {\n\tconst value = Array.isArray(clientId) ? clientId[0] : clientId;\n\treturn typeof value === \"string\" && value.length > 0 ? value : undefined;\n}\n","import { base64Url } from \"../utils/base64.ts\";\n\n/**\n * Compute the S256 PKCE `code_challenge` for a given `code_verifier`.\n *\n * Uses Web Crypto `SHA-256` then Base64URL without padding\n * (RFC 7636 §4.2).\n *\n * @param codeVerifier - High-entropy verifier string from the client\n * @returns Base64URL-encoded challenge suitable for the authorize request\n */\nexport async function generateCodeChallenge(codeVerifier: string) {\n\tconst encoder = new TextEncoder();\n\tconst data = encoder.encode(codeVerifier);\n\tconst hash = await crypto.subtle.digest(\"SHA-256\", data);\n\treturn base64Url.encode(new Uint8Array(hash), {\n\t\tpadding: false,\n\t});\n}\n","import type { AwaitableFunction } from \"../types/index.ts\";\nimport type { ProviderOptions } from \"./index.ts\";\nimport { generateCodeChallenge } from \"./utils.ts\";\n\n/**\n * Build a standard OAuth 2.0 / OIDC authorization URL.\n *\n * Resolves awaitable `options`, applies client id, scopes, redirect URI,\n * optional PKCE (`code_challenge` S256), claims, and provider-specific params.\n *\n * @returns Absolute authorize URL ready for browser redirect\n */\nexport async function createAuthorizationURL({\n\tid: _id,\n\toptions,\n\tauthorizationEndpoint,\n\tstate,\n\tcodeVerifier,\n\tscopes,\n\tclaims,\n\tredirectURI,\n\tduration,\n\tprompt,\n\taccessType,\n\tresponseType,\n\tdisplay,\n\tloginHint,\n\thd,\n\tresponseMode,\n\tadditionalParams,\n\tscopeJoiner,\n}: {\n\tid: string;\n\toptions: AwaitableFunction<ProviderOptions>;\n\tredirectURI: string;\n\tauthorizationEndpoint: string;\n\tstate: string;\n\tcodeVerifier?: string | undefined;\n\tscopes?: string[] | undefined;\n\tclaims?: string[] | undefined;\n\tduration?: string | undefined;\n\tprompt?: string | undefined;\n\taccessType?: string | undefined;\n\tresponseType?: string | undefined;\n\tdisplay?: string | undefined;\n\tloginHint?: string | undefined;\n\thd?: string | undefined;\n\tresponseMode?: string | undefined;\n\tadditionalParams?: Record<string, string> | undefined;\n\tscopeJoiner?: string | undefined;\n}) {\n\tvoid _id;\n\toptions = typeof options === \"function\" ? await options() : options;\n\tconst url = new URL(options.authorizationEndpoint || authorizationEndpoint);\n\turl.searchParams.set(\"response_type\", responseType || \"code\");\n\tconst primaryClientId = Array.isArray(options.clientId)\n\t\t? options.clientId[0]\n\t\t: options.clientId;\n\turl.searchParams.set(\"client_id\", primaryClientId);\n\turl.searchParams.set(\"state\", state);\n\tif (scopes) {\n\t\turl.searchParams.set(\"scope\", scopes.join(scopeJoiner || \" \"));\n\t}\n\turl.searchParams.set(\"redirect_uri\", options.redirectURI || redirectURI);\n\tduration && url.searchParams.set(\"duration\", duration);\n\tdisplay && url.searchParams.set(\"display\", display);\n\tloginHint && url.searchParams.set(\"login_hint\", loginHint);\n\tprompt && url.searchParams.set(\"prompt\", prompt);\n\thd && url.searchParams.set(\"hd\", hd);\n\taccessType && url.searchParams.set(\"access_type\", accessType);\n\tresponseMode && url.searchParams.set(\"response_mode\", responseMode);\n\tif (codeVerifier) {\n\t\tconst codeChallenge = await generateCodeChallenge(codeVerifier);\n\t\turl.searchParams.set(\"code_challenge_method\", \"S256\");\n\t\turl.searchParams.set(\"code_challenge\", codeChallenge);\n\t}\n\tif (claims) {\n\t\tconst claimsObj = claims.reduce(\n\t\t\t(acc, claim) => {\n\t\t\t\tacc[claim] = null;\n\t\t\t\treturn acc;\n\t\t\t},\n\t\t\t{} as Record<string, null>,\n\t\t);\n\t\turl.searchParams.set(\n\t\t\t\"claims\",\n\t\t\tJSON.stringify({\n\t\t\t\tid_token: { email: null, email_verified: null, ...claimsObj },\n\t\t\t}),\n\t\t);\n\t}\n\tif (additionalParams) {\n\t\tObject.entries(additionalParams).forEach(([key, value]) => {\n\t\t\turl.searchParams.set(key, value);\n\t\t});\n\t}\n\treturn url;\n}\n","import { base64 } from \"../utils/base64.ts\";\nimport type { AwaitableFunction } from \"../types/index.ts\";\nimport type { OAuth2Tokens, ProviderOptions } from \"./types.ts\";\nimport { fetchRefusingRedirects } from \"./reject-redirects.ts\";\n\nexport async function refreshAccessTokenRequest({\n\trefreshToken,\n\toptions,\n\tauthentication,\n\textraParams,\n\tresource,\n}: {\n\trefreshToken: string;\n\toptions: AwaitableFunction<Partial<ProviderOptions>>;\n\tauthentication?: (\"basic\" | \"post\") | undefined;\n\textraParams?: Record<string, string> | undefined;\n\tresource?: (string | string[]) | undefined;\n}) {\n\toptions = typeof options === \"function\" ? await options() : options;\n\treturn createRefreshAccessTokenRequest({\n\t\trefreshToken,\n\t\toptions,\n\t\tauthentication,\n\t\textraParams,\n\t\tresource,\n\t});\n}\n\n/**\n * @deprecated use async'd refreshAccessTokenRequest instead\n */\nexport function createRefreshAccessTokenRequest({\n\trefreshToken,\n\toptions,\n\tauthentication,\n\textraParams,\n\tresource,\n}: {\n\trefreshToken: string;\n\toptions: ProviderOptions;\n\tauthentication?: (\"basic\" | \"post\") | undefined;\n\textraParams?: Record<string, string> | undefined;\n\tresource?: (string | string[]) | undefined;\n}) {\n\tconst body = new URLSearchParams();\n\tconst headers: Record<string, any> = {\n\t\t\"content-type\": \"application/x-www-form-urlencoded\",\n\t\taccept: \"application/json\",\n\t};\n\n\tbody.set(\"grant_type\", \"refresh_token\");\n\tbody.set(\"refresh_token\", refreshToken);\n\t// Use standard Base64 encoding for HTTP Basic Auth (OAuth2 spec, RFC 7617)\n\t// Fixes compatibility with providers like Notion, Twitter, etc.\n\tif (authentication === \"basic\") {\n\t\tconst primaryClientId = Array.isArray(options.clientId)\n\t\t\t? options.clientId[0]\n\t\t\t: options.clientId;\n\t\tif (primaryClientId) {\n\t\t\theaders[\"authorization\"] =\n\t\t\t\t\"Basic \" +\n\t\t\t\tbase64.encode(`${primaryClientId}:${options.clientSecret ?? \"\"}`);\n\t\t} else {\n\t\t\theaders[\"authorization\"] =\n\t\t\t\t\"Basic \" + base64.encode(`:${options.clientSecret ?? \"\"}`);\n\t\t}\n\t} else {\n\t\tconst primaryClientId = Array.isArray(options.clientId)\n\t\t\t? options.clientId[0]\n\t\t\t: options.clientId;\n\t\tbody.set(\"client_id\", primaryClientId);\n\t\tif (options.clientSecret) {\n\t\t\tbody.set(\"client_secret\", options.clientSecret);\n\t\t}\n\t}\n\n\tif (resource) {\n\t\tif (typeof resource === \"string\") {\n\t\t\tbody.append(\"resource\", resource);\n\t\t} else {\n\t\t\tfor (const _resource of resource) {\n\t\t\t\tbody.append(\"resource\", _resource);\n\t\t\t}\n\t\t}\n\t}\n\tif (extraParams) {\n\t\tfor (const [key, value] of Object.entries(extraParams)) {\n\t\t\tbody.set(key, value);\n\t\t}\n\t}\n\n\treturn {\n\t\tbody,\n\t\theaders,\n\t};\n}\n\n/**\n * Refresh an access token using a refresh_token grant.\n *\n * Posts to `tokenEndpoint` (redirect-refusing) and maps the response to\n * {@link OAuth2Tokens}. Supports basic or post client authentication.\n */\nexport async function refreshAccessToken({\n\trefreshToken,\n\toptions,\n\ttokenEndpoint,\n\tauthentication,\n\textraParams,\n}: {\n\trefreshToken: string;\n\toptions: Partial<ProviderOptions>;\n\ttokenEndpoint: string;\n\tauthentication?: (\"basic\" | \"post\") | undefined;\n\textraParams?: Record<string, string> | undefined;\n}): Promise<OAuth2Tokens> {\n\tconst { body, headers } = await createRefreshAccessTokenRequest({\n\t\trefreshToken,\n\t\toptions,\n\t\tauthentication,\n\t\textraParams,\n\t});\n\n\tconst { data, error } = await fetchRefusingRedirects<{\n\t\taccess_token: string;\n\t\trefresh_token?: string | undefined;\n\t\texpires_in?: number | undefined;\n\t\trefresh_token_expires_in?: number | undefined;\n\t\ttoken_type?: string | undefined;\n\t\tscope?: string | undefined;\n\t\tid_token?: string | undefined;\n\t}>(tokenEndpoint, {\n\t\tmethod: \"POST\",\n\t\tbody,\n\t\theaders,\n\t});\n\tif (error) {\n\t\tthrow error;\n\t}\n\tconst tokens: OAuth2Tokens = {\n\t\taccessToken: data.access_token,\n\t\trefreshToken: data.refresh_token,\n\t\ttokenType: data.token_type,\n\t\tscopes: data.scope?.split(\" \"),\n\t\tidToken: data.id_token,\n\t};\n\n\tif (data.expires_in) {\n\t\tconst now = new Date();\n\t\ttokens.accessTokenExpiresAt = new Date(\n\t\t\tnow.getTime() + data.expires_in * 1000,\n\t\t);\n\t}\n\n\tif (data.refresh_token_expires_in) {\n\t\tconst now = new Date();\n\t\ttokens.refreshTokenExpiresAt = new Date(\n\t\t\tnow.getTime() + data.refresh_token_expires_in * 1000,\n\t\t);\n\t}\n\n\treturn tokens;\n}\n","import { base64 } from \"../utils/base64.ts\";\nimport { createRemoteJWKSet, customFetch, jwtVerify } from \"jose\";\nimport type { AwaitableFunction } from \"../types/index.ts\";\nimport type { ProviderOptions } from \"./index.ts\";\nimport { getOAuth2Tokens } from \"./index.ts\";\nimport {\n\tassertResponseNotRedirect,\n\tfetchRefusingRedirects,\n\tNO_FOLLOW_REDIRECT,\n} from \"./reject-redirects.ts\";\n\nexport async function authorizationCodeRequest({\n\tcode,\n\tcodeVerifier,\n\tredirectURI,\n\toptions,\n\tauthentication,\n\tdeviceId,\n\theaders,\n\tadditionalParams = {},\n\tresource,\n}: {\n\tcode: string;\n\tredirectURI: string;\n\toptions: AwaitableFunction<Partial<ProviderOptions>>;\n\tcodeVerifier?: string | undefined;\n\tdeviceId?: string | undefined;\n\tauthentication?: (\"basic\" | \"post\") | undefined;\n\theaders?: Record<string, string> | undefined;\n\tadditionalParams?: Record<string, string> | undefined;\n\tresource?: (string | string[]) | undefined;\n}) {\n\toptions = typeof options === \"function\" ? await options() : options;\n\treturn createAuthorizationCodeRequest({\n\t\tcode,\n\t\tcodeVerifier,\n\t\tredirectURI,\n\t\toptions,\n\t\tauthentication,\n\t\tdeviceId,\n\t\theaders,\n\t\tadditionalParams,\n\t\tresource,\n\t});\n}\n\n/**\n * @deprecated use async'd authorizationCodeRequest instead\n */\nexport function createAuthorizationCodeRequest({\n\tcode,\n\tcodeVerifier,\n\tredirectURI,\n\toptions,\n\tauthentication,\n\tdeviceId,\n\theaders,\n\tadditionalParams = {},\n\tresource,\n}: {\n\tcode: string;\n\tredirectURI: string;\n\toptions: Partial<ProviderOptions>;\n\tcodeVerifier?: string | undefined;\n\tdeviceId?: string | undefined;\n\tauthentication?: (\"basic\" | \"post\") | undefined;\n\theaders?: Record<string, string> | undefined;\n\tadditionalParams?: Record<string, string> | undefined;\n\tresource?: (string | string[]) | undefined;\n}) {\n\tconst body = new URLSearchParams();\n\tconst requestHeaders: Record<string, any> = {\n\t\t\"content-type\": \"application/x-www-form-urlencoded\",\n\t\taccept: \"application/json\",\n\t\t...headers,\n\t};\n\n\tbody.set(\"grant_type\", \"authorization_code\");\n\tbody.set(\"code\", code);\n\tcodeVerifier && body.set(\"code_verifier\", codeVerifier);\n\toptions.clientKey && body.set(\"client_key\", options.clientKey);\n\tdeviceId && body.set(\"device_id\", deviceId);\n\tbody.set(\"redirect_uri\", options.redirectURI || redirectURI);\n\tif (resource) {\n\t\tif (typeof resource === \"string\") {\n\t\t\tbody.append(\"resource\", resource);\n\t\t} else {\n\t\t\tfor (const _resource of resource) {\n\t\t\t\tbody.append(\"resource\", _resource);\n\t\t\t}\n\t\t}\n\t}\n\t// Use standard Base64 encoding for HTTP Basic Auth (OAuth2 spec, RFC 7617)\n\t// Fixes compatibility with providers like Notion, Twitter, etc.\n\tif (authentication === \"basic\") {\n\t\tconst primaryClientId = Array.isArray(options.clientId)\n\t\t\t? options.clientId[0]\n\t\t\t: options.clientId;\n\t\tconst encodedCredentials = base64.encode(\n\t\t\t`${primaryClientId}:${options.clientSecret ?? \"\"}`,\n\t\t);\n\t\trequestHeaders[\"authorization\"] = `Basic ${encodedCredentials}`;\n\t} else {\n\t\tconst primaryClientId = Array.isArray(options.clientId)\n\t\t\t? options.clientId[0]\n\t\t\t: options.clientId;\n\t\tbody.set(\"client_id\", primaryClientId);\n\t\tif (options.clientSecret) {\n\t\t\tbody.set(\"client_secret\", options.clientSecret);\n\t\t}\n\t}\n\n\tfor (const [key, value] of Object.entries(additionalParams)) {\n\t\tif (!body.has(key)) body.append(key, value);\n\t}\n\n\treturn {\n\t\tbody,\n\t\theaders: requestHeaders,\n\t};\n}\n\n/**\n * Exchange an authorization code for OAuth2 tokens at `tokenEndpoint`.\n *\n * Builds the form body via {@link authorizationCodeRequest}, posts with\n * redirect-refusing fetch, and normalizes the JSON via {@link getOAuth2Tokens}.\n *\n * @throws When the token endpoint returns an error response body\n */\nexport async function validateAuthorizationCode({\n\tcode,\n\tcodeVerifier,\n\tredirectURI,\n\toptions,\n\ttokenEndpoint,\n\tauthentication,\n\tdeviceId,\n\theaders,\n\tadditionalParams = {},\n\tresource,\n}: {\n\tcode: string;\n\tredirectURI: string;\n\toptions: AwaitableFunction<Partial<ProviderOptions>>;\n\tcodeVerifier?: string | undefined;\n\tdeviceId?: string | undefined;\n\ttokenEndpoint: string;\n\tauthentication?: (\"basic\" | \"post\") | undefined;\n\theaders?: Record<string, string> | undefined;\n\tadditionalParams?: Record<string, string> | undefined;\n\tresource?: (string | string[]) | undefined;\n}) {\n\tconst { body, headers: requestHeaders } = await authorizationCodeRequest({\n\t\tcode,\n\t\tcodeVerifier,\n\t\tredirectURI,\n\t\toptions,\n\t\tauthentication,\n\t\tdeviceId,\n\t\theaders,\n\t\tadditionalParams,\n\t\tresource,\n\t});\n\n\tconst { data, error } = await fetchRefusingRedirects<object>(tokenEndpoint, {\n\t\tmethod: \"POST\",\n\t\tbody: body,\n\t\theaders: requestHeaders,\n\t});\n\tif (error) {\n\t\tthrow error;\n\t}\n\tconst tokens = getOAuth2Tokens(data);\n\treturn tokens;\n}\n\nexport async function validateToken(\n\ttoken: string,\n\tjwksEndpoint: string,\n\toptions?: {\n\t\taudience?: string | string[];\n\t\tissuer?: string | string[];\n\t},\n) {\n\tconst jwks = createRemoteJWKSet(new URL(jwksEndpoint), {\n\t\t[customFetch]: async (url, init) => {\n\t\t\tconst response = await fetch(url, { ...init, ...NO_FOLLOW_REDIRECT });\n\t\t\tassertResponseNotRedirect(String(url), response);\n\t\t\treturn response;\n\t\t},\n\t});\n\tconst verified = await jwtVerify(token, jwks, {\n\t\taudience: options?.audience,\n\t\tissuer: options?.issuer,\n\t});\n\treturn verified;\n}\n","/**\n * SHA-256 hex digest of a UTF-8 string (used for Apple nonce comparison).\n * Apple may place either the raw nonce or its SHA-256 hash in the ID token.\n */\nexport async function sha256Hex(value: string): Promise<string> {\n const data = new TextEncoder().encode(value)\n const digest = await crypto.subtle.digest('SHA-256', data)\n return Array.from(new Uint8Array(digest))\n .map((byte) => byte.toString(16).padStart(2, '0'))\n .join('')\n}\n\n/**\n * Whether the JWT `nonce` claim matches the expected OAuth nonce\n * (raw equality or SHA-256 hex of the original nonce).\n */\nexport async function nonceMatches(\n jwtNonce: unknown,\n nonce: string,\n): Promise<boolean> {\n if (typeof jwtNonce !== 'string') {\n return false\n }\n if (jwtNonce === nonce) {\n return true\n }\n return jwtNonce === (await sha256Hex(nonce))\n}\n","import { importJWK } from 'jose'\nimport { APIError } from '../../error.ts'\nimport { athenaFetch } from '../../fetch.ts'\n\n/** Minimal JWK fields used when selecting a key from a JWKS document. */\nexport type JwkLike = {\n kid: string\n alg: string\n kty: string\n use?: string\n n?: string\n e?: string\n x5c?: string[]\n x5t?: string\n [key: string]: unknown\n}\n\n/**\n * Fetch a JWKS document, find the key by `kid`, and import it for JWT verify.\n *\n * Shared by Apple, Google, Microsoft, Cognito, PayPal, and other OIDC providers\n * that publish RSA/EC public keys at a well-known JWKS URL.\n *\n * @param jwksUrl - Absolute URL of the provider JWKS (`/.well-known/jwks.json` or equivalent)\n * @param kid - Key id from the JWT protected header\n * @returns Key material suitable for `jose` `jwtVerify`\n * @throws {APIError} When the JWKS response has no `keys` array\n * @throws {Error} When no key matches `kid`\n */\nexport async function getJwksPublicKey(\n jwksUrl: string,\n kid: string,\n): Promise<Awaited<ReturnType<typeof importJWK>>> {\n const { data } = await athenaFetch<{ keys: JwkLike[] }>(jwksUrl)\n\n if (!data?.keys) {\n throw new APIError('BAD_REQUEST', {\n message: 'Keys not found',\n })\n }\n\n const jwk = data.keys.find((key) => key.kid === kid)\n if (!jwk) {\n throw new Error(`JWK with kid ${kid} not found`)\n }\n\n return await importJWK(jwk, jwk.alg)\n}\n","import { getJwksPublicKey } from './helpers/get-jwks-public-key.ts'\n\n/**\n * Fetch Apple's JWKS and import the key for the given JWT `kid`.\n * @see https://appleid.apple.com/auth/keys\n */\nexport const getApplePublicKey = async (kid: string) => {\n return getJwksPublicKey('https://appleid.apple.com/auth/keys', kid)\n}\n","import { decodeJwt, decodeProtectedHeader, jwtVerify } from \"jose\";\nimport { logger } from \"../env/index.ts\";\nimport { AthenaAuthError } from \"../error.ts\";\nimport type { OAuthProvider } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\tgetPrimaryClientId,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\nimport { nonceMatches } from \"./apple-crypto.ts\";\nimport { getApplePublicKey } from \"./apple-keys.ts\";\nimport type { AppleOptions, AppleProfile } from \"./apple-types.ts\";\n\nexport type {\n\tAppleNonConformUser,\n\tAppleOptions,\n\tAppleProfile,\n} from \"./apple-types.ts\";\nexport { getApplePublicKey } from \"./apple-keys.ts\";\n\n/**\n * Sign in with Apple OAuth provider factory.\n *\n * Uses `response_mode=form_post` and `code id_token` when requesting\n * name/email scopes (Apple REST API requirements).\n *\n * @param options - Apple Services ID / client secret configuration\n */\nexport const apple = (options: AppleOptions) => {\n\tconst tokenEndpoint = \"https://appleid.apple.com/auth/token\";\n\treturn {\n\t\tid: \"apple\",\n\t\tname: \"Apple\",\n\t\tasync createAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tif (!getPrimaryClientId(options.clientId) || !options.clientSecret) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t\"Client ID and client secret are required for Apple. Make sure to provide them in the options.\",\n\t\t\t\t);\n\t\t\t\tthrow new AthenaAuthError(\"CLIENT_ID_AND_SECRET_REQUIRED\");\n\t\t\t}\n\t\t\tconst _scope = options.disableDefaultScope ? [] : [\"email\", \"name\"];\n\t\t\tif (options.scope) _scope.push(...options.scope);\n\t\t\tif (scopes) _scope.push(...scopes);\n\t\t\tconst url = await createAuthorizationURL({\n\t\t\t\tid: \"apple\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://appleid.apple.com/auth/authorize\",\n\t\t\t\tscopes: _scope,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t\tresponseMode: \"form_post\",\n\t\t\t\tresponseType: \"code id_token\",\n\t\t\t});\n\t\t\treturn url;\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\tasync verifyIdToken(token, nonce) {\n\t\t\tif (options.disableIdTokenSignIn) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\tif (options.verifyIdToken) {\n\t\t\t\treturn options.verifyIdToken(token, nonce);\n\t\t\t}\n\t\t\ttry {\n\t\t\t\tconst decodedHeader = decodeProtectedHeader(token);\n\t\t\t\tconst { kid, alg: jwtAlg } = decodedHeader;\n\t\t\t\tif (!kid || !jwtAlg) return false;\n\t\t\t\tconst publicKey = await getApplePublicKey(kid);\n\t\t\t\tconst { payload: jwtClaims } = await jwtVerify(token, publicKey, {\n\t\t\t\t\talgorithms: [jwtAlg],\n\t\t\t\t\tissuer: \"https://appleid.apple.com\",\n\t\t\t\t\taudience:\n\t\t\t\t\t\toptions.audience && options.audience.length\n\t\t\t\t\t\t\t? options.audience\n\t\t\t\t\t\t\t: options.appBundleIdentifier\n\t\t\t\t\t\t\t\t? options.appBundleIdentifier\n\t\t\t\t\t\t\t\t: options.clientId,\n\t\t\t\t\tmaxTokenAge: \"1h\",\n\t\t\t\t});\n\t\t\t\t[\"email_verified\", \"is_private_email\"].forEach((field) => {\n\t\t\t\t\tif (jwtClaims[field] !== undefined) {\n\t\t\t\t\t\tjwtClaims[field] = Boolean(jwtClaims[field]);\n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t\tif (nonce && !(await nonceMatches(jwtClaims.nonce, nonce))) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t\treturn !!jwtClaims;\n\t\t\t} catch {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions,\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tif (!token.idToken) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst profile = decodeJwt<AppleProfile>(token.idToken);\n\t\t\tif (!profile) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\t// TODO: \"\" masking will be removed when the name field is made optional\n\t\t\tlet name: string;\n\t\t\tif (token.user?.name) {\n\t\t\t\tconst firstName = token.user.name.firstName || \"\";\n\t\t\t\tconst lastName = token.user.name.lastName || \"\";\n\t\t\t\tconst fullName = `${firstName} ${lastName}`.trim();\n\t\t\t\tname = fullName;\n\t\t\t} else {\n\t\t\t\tname = profile.name || \"\";\n\t\t\t}\n\n\t\t\tconst emailVerified =\n\t\t\t\ttypeof profile.email_verified === \"boolean\"\n\t\t\t\t\t? profile.email_verified\n\t\t\t\t\t: profile.email_verified === \"true\";\n\t\t\tconst enrichedProfile = {\n\t\t\t\t...profile,\n\t\t\t\tname,\n\t\t\t};\n\t\t\tconst userMap = await options.mapProfileToUser?.(enrichedProfile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: enrichedProfile.name,\n\t\t\t\t\temailVerified: emailVerified,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: enrichedProfile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<AppleProfile>;\n};\n\n\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport { logger } from \"../env/index.ts\";\nimport { AthenaAuthError } from \"../error.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface AtlassianProfile {\n\taccount_type?: string | undefined;\n\taccount_id: string;\n\temail?: string | undefined;\n\tname: string;\n\tpicture?: string | undefined;\n\tnickname?: string | undefined;\n\tlocale?: string | undefined;\n\textended_profile?:\n\t\t| {\n\t\t\t\tjob_title?: string;\n\t\t\t\torganization?: string;\n\t\t\t\tdepartment?: string;\n\t\t\t\tlocation?: string;\n\t\t }\n\t\t| undefined;\n}\nexport interface AtlassianOptions extends ProviderOptions<AtlassianProfile> {\n\tclientId: string;\n}\n\nexport const atlassian = (options: AtlassianOptions) => {\n\tconst tokenEndpoint = \"https://auth.atlassian.com/oauth/token\";\n\treturn {\n\t\tid: \"atlassian\",\n\t\tname: \"Atlassian\",\n\n\t\tasync createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tif (!options.clientId || !options.clientSecret) {\n\t\t\t\tlogger.error(\"Client Id and Secret are required for Atlassian\");\n\t\t\t\tthrow new AthenaAuthError(\"CLIENT_ID_AND_SECRET_REQUIRED\");\n\t\t\t}\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new AthenaAuthError(\"codeVerifier is required for Atlassian\");\n\t\t\t}\n\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"read:jira-user\", \"offline_access\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"atlassian\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://auth.atlassian.com/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\tadditionalParams: {\n\t\t\t\t\taudience: \"api.atlassian.com\",\n\t\t\t\t},\n\t\t\t\tprompt: options.prompt,\n\t\t\t});\n\t\t},\n\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tif (!token.accessToken) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst { data: profile } = await betterFetch<{\n\t\t\t\t\taccount_id: string;\n\t\t\t\t\tname: string;\n\t\t\t\t\temail?: string | undefined;\n\t\t\t\t\tpicture?: string | undefined;\n\t\t\t\t}>(\"https://api.atlassian.com/me\", {\n\t\t\t\t\theaders: { Authorization: `Bearer ${token.accessToken}` },\n\t\t\t\t});\n\n\t\t\t\tif (!profile) return null;\n\n\t\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\n\t\t\t\treturn {\n\t\t\t\t\tuser: {\n\t\t\t\t\t\tid: profile.account_id,\n\t\t\t\t\t\tname: profile.name,\n\t\t\t\t\t\temail: profile.email,\n\t\t\t\t\t\timage: profile.picture,\n\t\t\t\t\t\temailVerified: false,\n\t\t\t\t\t\t...userMap,\n\t\t\t\t\t},\n\t\t\t\t\tdata: profile,\n\t\t\t\t};\n\t\t\t} catch (error) {\n\t\t\t\tlogger.error(\"Failed to fetch user info from Figma:\", error);\n\t\t\t\treturn null;\n\t\t\t}\n\t\t},\n\n\t\toptions,\n\t} satisfies OAuthProvider<AtlassianProfile>;\n};\n","/**\n * Strip trailing `/` characters without a ReDoS-prone regex (loop-based).\n *\n * Used for OAuth authority/issuer base URLs so endpoint concatenation never\n * produces double slashes that break issuer comparisons.\n *\n * @param value - Absolute or path-like URL string\n * @returns Same string with all trailing slashes removed\n */\nexport function trimTrailingSlash(value: string): string {\n let result = value\n while (result.endsWith('/')) {\n result = result.slice(0, -1)\n }\n return result\n}\n","import { athenaFetch as betterFetch } from '../fetch.ts'\nimport type { OAuthProvider, ProviderOptions } from '../oauth2/index.ts'\nimport {\n createAuthorizationURL,\n refreshAccessToken,\n validateAuthorizationCode,\n} from '../oauth2/index.ts'\nimport { logger } from '../env/index.ts'\nimport { trimTrailingSlash } from './helpers/trim-trailing-slash.ts'\n\n/**\n * Standard OIDC-style profile claims returned by an Athena identity provider.\n *\n * Field names follow common OIDC claim names so Athena Auth can stay compatible\n * with generic OIDC clients while remaining first-class in this SDK.\n */\nexport interface AthenaProfile {\n sub: string\n email?: string | undefined\n email_verified?: boolean | undefined\n name?: string | undefined\n given_name?: string | undefined\n family_name?: string | undefined\n preferred_username?: string | undefined\n picture?: string | undefined\n locale?: string | undefined\n updated_at?: number | undefined\n iss?: string | undefined\n aud?: string | string[] | undefined\n exp?: number | undefined\n iat?: number | undefined\n [key: string]: unknown\n}\n\nexport interface AthenaOptions extends ProviderOptions<AthenaProfile> {\n clientId: string\n /**\n * Base issuer URL for the Athena identity provider\n * (e.g. `https://auth.example.com` or a tenant-specific auth root).\n *\n * Defaults for authorization, token, userinfo, and JWKS endpoints are\n * derived from this issuer when the explicit endpoint overrides are omitted.\n */\n issuer?: string | undefined\n /**\n * Override the authorization endpoint. Defaults to `{issuer}/oauth2/authorize`.\n */\n authorizationEndpoint?: string | undefined\n /**\n * Override the token endpoint. Defaults to `{issuer}/oauth2/token`.\n */\n tokenEndpoint?: string | undefined\n /**\n * Override the userinfo endpoint. Defaults to `{issuer}/oauth2/userinfo`.\n */\n userInfoEndpoint?: string | undefined\n}\n\nfunction resolveIssuer(options: AthenaOptions): string {\n if (options.issuer) return trimTrailingSlash(options.issuer)\n // Allow deriving issuer from an explicit authorization endpoint host.\n if (options.authorizationEndpoint) {\n try {\n const url = new URL(options.authorizationEndpoint)\n return `${url.protocol}//${url.host}`\n } catch {\n // fall through\n }\n }\n throw new Error(\n 'Athena social provider requires `issuer` (or a full `authorizationEndpoint`) in options.',\n )\n}\n\n/**\n * Athena first-party OAuth / OIDC social provider factory.\n *\n * Athena Auth will expose an Athena identity provider; this client module is\n * ready so apps can configure `socialProviders.athena` the same way as Google,\n * GitHub, etc. Defaults endpoints to `{issuer}/oauth2/authorize|token|userinfo`.\n *\n * @param options - Client credentials and issuer (or full endpoint overrides)\n */\nexport const athena = (options: AthenaOptions) => {\n const issuer = () => resolveIssuer(options)\n const authorizationEndpoint = () =>\n options.authorizationEndpoint ||\n `${issuer()}/oauth2/authorize`\n const tokenEndpoint = () =>\n options.tokenEndpoint || `${issuer()}/oauth2/token`\n const userInfoEndpoint = () =>\n options.userInfoEndpoint || `${issuer()}/oauth2/userinfo`\n\n return {\n id: 'athena' as const,\n name: 'Athena',\n createAuthorizationURL({\n state,\n scopes,\n codeVerifier,\n redirectURI,\n loginHint,\n display,\n }: {\n state: string\n codeVerifier: string\n scopes?: string[] | undefined\n redirectURI: string\n display?: string | undefined\n loginHint?: string | undefined\n }) {\n const _scopes = options.disableDefaultScope\n ? []\n : ['openid', 'profile', 'email']\n if (options.scope) _scopes.push(...options.scope)\n if (scopes) _scopes.push(...scopes)\n return createAuthorizationURL({\n id: 'athena',\n options,\n authorizationEndpoint: authorizationEndpoint(),\n scopes: _scopes,\n state,\n codeVerifier,\n redirectURI,\n loginHint,\n display,\n prompt: options.prompt,\n })\n },\n validateAuthorizationCode: async ({\n code,\n codeVerifier,\n redirectURI,\n }: {\n code: string\n redirectURI: string\n codeVerifier?: string | undefined\n deviceId?: string | undefined\n }) => {\n return validateAuthorizationCode({\n code,\n codeVerifier,\n redirectURI,\n options,\n tokenEndpoint: tokenEndpoint(),\n })\n },\n refreshAccessToken: options.refreshAccessToken\n ? options.refreshAccessToken\n : async (refreshToken: string) => {\n return refreshAccessToken({\n refreshToken,\n options: {\n clientId: options.clientId,\n clientKey: options.clientKey,\n clientSecret: options.clientSecret,\n },\n tokenEndpoint: tokenEndpoint(),\n })\n },\n async getUserInfo(token) {\n if (options.getUserInfo) {\n return options.getUserInfo(token)\n }\n if (!token.accessToken) {\n return null\n }\n const { data: profile, error } = await betterFetch<AthenaProfile>(\n userInfoEndpoint(),\n {\n headers: {\n Authorization: `Bearer ${token.accessToken}`,\n 'User-Agent': 'athena-auth',\n Accept: 'application/json',\n },\n },\n )\n if (error || !profile) {\n logger.error('Athena OAuth userinfo failed:', error)\n return null\n }\n const userMap = await options.mapProfileToUser?.(profile)\n return {\n user: {\n id: profile.sub,\n name: profile.name,\n email: profile.email,\n image: profile.picture,\n emailVerified: profile.email_verified ?? false,\n ...userMap,\n },\n data: profile,\n }\n },\n options,\n } satisfies OAuthProvider<AthenaProfile, AthenaOptions>\n}\n","import { logger } from '../env/index.ts'\nimport { getJwksPublicKey } from './helpers/get-jwks-public-key.ts'\n\n/**\n * Fetch the Cognito User Pool JWKS and import the key for `kid`.\n *\n * @param kid - JWT header key id\n * @param region - AWS region of the pool (e.g. `us-east-1`)\n * @param userPoolId - Cognito User Pool id\n */\nexport const getCognitoPublicKey = async (\n kid: string,\n region: string,\n userPoolId: string,\n) => {\n const jwksUri = `https://cognito-idp.${region}.amazonaws.com/${userPoolId}/.well-known/jwks.json`\n try {\n return await getJwksPublicKey(jwksUri, kid)\n } catch (error) {\n logger.error('Failed to fetch Cognito public key:', error)\n throw error\n }\n}\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport { decodeJwt, decodeProtectedHeader, jwtVerify } from \"jose\";\nimport { logger } from \"../env/index.ts\";\nimport { AthenaAuthError } from \"../error.ts\";\nimport type { OAuthProvider } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\tgetPrimaryClientId,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\nimport { getCognitoPublicKey } from \"./cognito-keys.ts\";\nimport type { CognitoOptions, CognitoProfile } from \"./cognito-types.ts\";\n\nexport type { CognitoOptions, CognitoProfile } from \"./cognito-types.ts\";\nexport { getCognitoPublicKey } from \"./cognito-keys.ts\";\n\n/**\n * Amazon Cognito Hosted UI OAuth provider factory.\n *\n * @param options - Domain, region, user pool id, and app client settings\n */\nexport const cognito = (options: CognitoOptions) => {\n\tif (!options.domain || !options.region || !options.userPoolId) {\n\t\tlogger.error(\n\t\t\t\"Domain, region and userPoolId are required for Amazon Cognito. Make sure to provide them in the options.\",\n\t\t);\n\t\tthrow new AthenaAuthError(\"DOMAIN_AND_REGION_REQUIRED\");\n\t}\n\n\tconst cleanDomain = options.domain.replace(/^https?:\\/\\//, \"\");\n\tconst authorizationEndpoint = `https://${cleanDomain}/oauth2/authorize`;\n\tconst tokenEndpoint = `https://${cleanDomain}/oauth2/token`;\n\tconst userInfoEndpoint = `https://${cleanDomain}/oauth2/userinfo`;\n\n\treturn {\n\t\tid: \"cognito\",\n\t\tname: \"Cognito\",\n\t\tasync createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tif (!getPrimaryClientId(options.clientId)) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t\"ClientId is required for Amazon Cognito. Make sure to provide them in the options.\",\n\t\t\t\t);\n\t\t\t\tthrow new AthenaAuthError(\"CLIENT_ID_AND_SECRET_REQUIRED\");\n\t\t\t}\n\n\t\t\tif (options.requireClientSecret && !options.clientSecret) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t\"Client Secret is required when requireClientSecret is true. Make sure to provide it in the options.\",\n\t\t\t\t);\n\t\t\t\tthrow new AthenaAuthError(\"CLIENT_SECRET_REQUIRED\");\n\t\t\t}\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"profile\", \"email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\n\t\t\tconst url = await createAuthorizationURL({\n\t\t\t\tid: \"cognito\",\n\t\t\t\toptions: {\n\t\t\t\t\t...options,\n\t\t\t\t},\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\tprompt: options.prompt,\n\t\t\t});\n\t\t\t// AWS Cognito requires scopes to be encoded with %20 instead of +\n\t\t\t// URLSearchParams encodes spaces as + by default, so we need to fix this\n\t\t\tconst scopeValue = url.searchParams.get(\"scope\");\n\t\t\tif (scopeValue) {\n\t\t\t\turl.searchParams.delete(\"scope\");\n\t\t\t\tconst encodedScope = encodeURIComponent(scopeValue);\n\t\t\t\t// Manually append the scope with proper encoding to the URL\n\t\t\t\tconst urlString = url.toString();\n\t\t\t\tconst separator = urlString.includes(\"?\") ? \"&\" : \"?\";\n\t\t\t\treturn new URL(`${urlString}${separator}scope=${encodedScope}`);\n\t\t\t}\n\t\t\treturn url;\n\t\t},\n\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\n\t\tasync verifyIdToken(token, nonce) {\n\t\t\tif (options.disableIdTokenSignIn) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\tif (options.verifyIdToken) {\n\t\t\t\treturn options.verifyIdToken(token, nonce);\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst decodedHeader = decodeProtectedHeader(token);\n\t\t\t\tconst { kid, alg: jwtAlg } = decodedHeader;\n\t\t\t\tif (!kid || !jwtAlg) return false;\n\n\t\t\t\tconst publicKey = await getCognitoPublicKey(\n\t\t\t\t\tkid,\n\t\t\t\t\toptions.region,\n\t\t\t\t\toptions.userPoolId,\n\t\t\t\t);\n\t\t\t\tconst expectedIssuer = `https://cognito-idp.${options.region}.amazonaws.com/${options.userPoolId}`;\n\n\t\t\t\tconst { payload: jwtClaims } = await jwtVerify(token, publicKey, {\n\t\t\t\t\talgorithms: [jwtAlg],\n\t\t\t\t\tissuer: expectedIssuer,\n\t\t\t\t\taudience: options.clientId,\n\t\t\t\t\tmaxTokenAge: \"1h\",\n\t\t\t\t});\n\n\t\t\t\tif (nonce && jwtClaims.nonce !== nonce) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t\treturn true;\n\t\t\t} catch (error) {\n\t\t\t\tlogger.error(\"Failed to verify ID token:\", error);\n\t\t\t\treturn false;\n\t\t\t}\n\t\t},\n\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tif (token.idToken) {\n\t\t\t\ttry {\n\t\t\t\t\tconst profile = decodeJwt<CognitoProfile>(token.idToken);\n\t\t\t\t\tif (!profile) {\n\t\t\t\t\t\treturn null;\n\t\t\t\t\t}\n\t\t\t\t\tconst name =\n\t\t\t\t\t\tprofile.name || profile.given_name || profile.username || \"\";\n\t\t\t\t\tconst enrichedProfile = {\n\t\t\t\t\t\t...profile,\n\t\t\t\t\t\tname,\n\t\t\t\t\t};\n\t\t\t\t\tconst userMap = await options.mapProfileToUser?.(enrichedProfile);\n\n\t\t\t\t\treturn {\n\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\tid: profile.sub,\n\t\t\t\t\t\t\tname: enrichedProfile.name,\n\t\t\t\t\t\t\temail: profile.email,\n\t\t\t\t\t\t\timage: profile.picture,\n\t\t\t\t\t\t\temailVerified: profile.email_verified,\n\t\t\t\t\t\t\t...userMap,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tdata: enrichedProfile,\n\t\t\t\t\t};\n\t\t\t\t} catch (error) {\n\t\t\t\t\tlogger.error(\"Failed to decode ID token:\", error);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif (token.accessToken) {\n\t\t\t\ttry {\n\t\t\t\t\tconst { data: userInfo } = await betterFetch<CognitoProfile>(\n\t\t\t\t\t\tuserInfoEndpoint,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\n\t\t\t\t\tif (userInfo) {\n\t\t\t\t\t\tconst userMap = await options.mapProfileToUser?.(userInfo);\n\t\t\t\t\t\treturn {\n\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\tid: userInfo.sub,\n\t\t\t\t\t\t\t\tname:\n\t\t\t\t\t\t\t\t\tuserInfo.name ||\n\t\t\t\t\t\t\t\t\tuserInfo.given_name ||\n\t\t\t\t\t\t\t\t\tuserInfo.username ||\n\t\t\t\t\t\t\t\t\t\"\",\n\t\t\t\t\t\t\t\temail: userInfo.email,\n\t\t\t\t\t\t\t\timage: userInfo.picture,\n\t\t\t\t\t\t\t\temailVerified: userInfo.email_verified,\n\t\t\t\t\t\t\t\t...userMap,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tdata: userInfo,\n\t\t\t\t\t\t};\n\t\t\t\t\t}\n\t\t\t\t} catch (error) {\n\t\t\t\t\tlogger.error(\"Failed to fetch user info from Cognito:\", error);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn null;\n\t\t},\n\n\t\toptions,\n\t} satisfies OAuthProvider<CognitoProfile>;\n};\n\n\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport { refreshAccessToken, validateAuthorizationCode } from \"../oauth2/index.ts\";\nexport interface DiscordProfile extends Record<string, any> {\n\t/** the user's id (i.e. the numerical snowflake) */\n\tid: string;\n\t/** the user's username, not unique across the platform */\n\tusername: string;\n\t/** the user's Discord-tag */\n\tdiscriminator: string;\n\t/** the user's display name, if it is set */\n\tglobal_name: string | null;\n\t/**\n\t * the user's avatar hash:\n\t * https://discord.com/developers/docs/reference#image-formatting\n\t */\n\tavatar: string | null;\n\t/** whether the user belongs to an OAuth2 application */\n\tbot?: boolean | undefined;\n\t/**\n\t * whether the user is an Official Discord System user (part of the urgent\n\t * message system)\n\t */\n\tsystem?: boolean | undefined;\n\t/** whether the user has two factor enabled on their account */\n\tmfa_enabled: boolean;\n\t/**\n\t * the user's banner hash:\n\t * https://discord.com/developers/docs/reference#image-formatting\n\t */\n\tbanner: string | null;\n\n\t/** the user's banner color encoded as an integer representation of hexadecimal color code */\n\taccent_color: number | null;\n\n\t/**\n\t * the user's chosen language option:\n\t * https://discord.com/developers/docs/reference#locales\n\t */\n\tlocale: string;\n\t/** whether the email on this account has been verified */\n\tverified: boolean;\n\t/** the user's email */\n\temail?: string | null;\n\t/**\n\t * the flags on a user's account:\n\t * https://discord.com/developers/docs/resources/user#user-object-user-flags\n\t */\n\tflags: number;\n\t/**\n\t * the type of Nitro subscription on a user's account:\n\t * https://discord.com/developers/docs/resources/user#user-object-premium-types\n\t */\n\tpremium_type: number;\n\t/**\n\t * the public flags on a user's account:\n\t * https://discord.com/developers/docs/resources/user#user-object-user-flags\n\t */\n\tpublic_flags: number;\n\t/** undocumented field; corresponds to the user's custom nickname */\n\tdisplay_name: string | null;\n\t/**\n\t * undocumented field; corresponds to the Discord feature where you can e.g.\n\t * put your avatar inside of an ice cube\n\t */\n\tavatar_decoration: string | null;\n\t/**\n\t * undocumented field; corresponds to the premium feature where you can\n\t * select a custom banner color\n\t */\n\tbanner_color: string | null;\n\t/** undocumented field; the CDN URL of their profile picture */\n\timage_url: string;\n}\n\nexport interface DiscordOptions extends ProviderOptions<DiscordProfile> {\n\tclientId: string;\n\tprompt?: (\"none\" | \"consent\") | undefined;\n\tpermissions?: number | undefined;\n}\n\nexport const discord = (options: DiscordOptions) => {\n\tconst tokenEndpoint = \"https://discord.com/api/oauth2/token\";\n\treturn {\n\t\tid: \"discord\",\n\t\tname: \"Discord\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"identify\", \"email\"];\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tconst hasBotScope = _scopes.includes(\"bot\");\n\t\t\tconst permissionsParam =\n\t\t\t\thasBotScope && options.permissions !== undefined\n\t\t\t\t\t? `&permissions=${options.permissions}`\n\t\t\t\t\t: \"\";\n\t\t\treturn new URL(\n\t\t\t\t`https://discord.com/api/oauth2/authorize?scope=${_scopes.join(\n\t\t\t\t\t\"+\",\n\t\t\t\t)}&response_type=code&client_id=${\n\t\t\t\t\toptions.clientId\n\t\t\t\t}&redirect_uri=${encodeURIComponent(\n\t\t\t\t\toptions.redirectURI || redirectURI,\n\t\t\t\t)}&state=${state}&prompt=${\n\t\t\t\t\toptions.prompt || \"none\"\n\t\t\t\t}${permissionsParam}`,\n\t\t\t);\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<DiscordProfile>(\n\t\t\t\t\"https://discord.com/api/users/@me\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tauthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tif (profile.avatar === null) {\n\t\t\t\tconst defaultAvatarNumber =\n\t\t\t\t\tprofile.discriminator === \"0\"\n\t\t\t\t\t\t? Number(BigInt(profile.id) >> BigInt(22)) % 6\n\t\t\t\t\t\t: parseInt(profile.discriminator) % 5;\n\t\t\t\tprofile.image_url = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNumber}.png`;\n\t\t\t} else {\n\t\t\t\tconst format = profile.avatar.startsWith(\"a_\") ? \"gif\" : \"png\";\n\t\t\t\tprofile.image_url = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.global_name || profile.username || \"\",\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\temailVerified: profile.verified,\n\t\t\t\t\timage: profile.image_url,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<DiscordProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface DropboxProfile {\n\taccount_id: string;\n\tname: {\n\t\tgiven_name: string;\n\t\tsurname: string;\n\t\tfamiliar_name: string;\n\t\tdisplay_name: string;\n\t\tabbreviated_name: string;\n\t};\n\temail: string;\n\temail_verified: boolean;\n\tprofile_photo_url: string;\n}\n\nexport interface DropboxOptions extends ProviderOptions<DropboxProfile> {\n\tclientId: string;\n\taccessType?: (\"offline\" | \"online\" | \"legacy\") | undefined;\n}\n\nexport const dropbox = (options: DropboxOptions) => {\n\tconst tokenEndpoint = \"https://api.dropboxapi.com/oauth2/token\";\n\n\treturn {\n\t\tid: \"dropbox\",\n\t\tname: \"Dropbox\",\n\t\tcreateAuthorizationURL: async ({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tcodeVerifier,\n\t\t\tredirectURI,\n\t\t}) => {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"account_info.read\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\tconst additionalParams: Record<string, string> = {};\n\t\t\tif (options.accessType) {\n\t\t\t\tadditionalParams.token_access_type = options.accessType;\n\t\t\t}\n\t\t\treturn await createAuthorizationURL({\n\t\t\t\tid: \"dropbox\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://www.dropbox.com/oauth2/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t\tcodeVerifier,\n\t\t\t\tadditionalParams,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn await validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<DropboxProfile>(\n\t\t\t\t\"https://api.dropboxapi.com/2/users/get_current_account\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.account_id,\n\t\t\t\t\tname: profile.name?.display_name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\temailVerified: profile.email_verified || false,\n\t\t\t\t\timage: profile.profile_photo_url,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<DropboxProfile>;\n};\n","import { athenaFetch as betterFetch } from '../fetch.ts'\nimport { getPrimaryClientId } from '../oauth2/index.ts'\nimport type { FacebookOptions } from './facebook-types.ts'\n\ninterface FacebookDebugTokenData {\n app_id?: string\n is_valid?: boolean\n user_id?: string\n}\n\n/**\n * Validate an opaque Facebook access token against the configured app.\n *\n * Facebook access tokens are not audience-bound at Graph `/me`: a token\n * minted for any Facebook app returns that app's profile. Without this check,\n * a token issued to an unrelated app could be accepted on the direct sign-in\n * path. Calls `debug_token` and requires the token to be valid, bound to one\n * of the configured client ids, and tied to a user.\n *\n * @see https://developers.facebook.com/docs/facebook-login/guides/access-tokens/debugging\n *\n * @returns The inspected token's `user_id` when valid, otherwise `null`.\n */\nexport async function verifyFacebookAccessToken(\n accessToken: string,\n options: FacebookOptions,\n): Promise<string | null> {\n const primaryClientId = getPrimaryClientId(options.clientId)\n if (!primaryClientId || !options.clientSecret) {\n return null\n }\n const clientIds = Array.isArray(options.clientId)\n ? options.clientId\n : [options.clientId]\n const appAccessToken = `${primaryClientId}|${options.clientSecret}`\n const { data, error } = await betterFetch<{ data?: FacebookDebugTokenData }>(\n 'https://graph.facebook.com/debug_token',\n {\n query: {\n input_token: accessToken,\n access_token: appAccessToken,\n },\n },\n )\n if (error || !data?.data) {\n return null\n }\n const { is_valid, app_id, user_id } = data.data\n if (is_valid !== true || !app_id || !clientIds.includes(app_id) || !user_id) {\n return null\n }\n return user_id\n}\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport { createRemoteJWKSet, decodeJwt, jwtVerify } from \"jose\";\nimport { logger } from \"../env/index.ts\";\nimport { AthenaAuthError } from \"../error.ts\";\nimport type { OAuthProvider } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\tgetPrimaryClientId,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\nimport type { FacebookOptions, FacebookProfile } from \"./facebook-types.ts\";\nimport { verifyFacebookAccessToken } from \"./facebook-verify.ts\";\n\nexport type { FacebookOptions, FacebookProfile } from \"./facebook-types.ts\";\nexport { verifyFacebookAccessToken } from \"./facebook-verify.ts\";\n\n/**\n * Facebook Login OAuth provider factory (Graph API v24).\n *\n * Supports limited-login JWT ID tokens and opaque access tokens (with\n * `debug_token` app binding).\n *\n * @param options - App id/secret and optional field extensions\n */\nexport const facebook = (options: FacebookOptions) => {\n\treturn {\n\t\tid: \"facebook\",\n\t\tname: \"Facebook\",\n\t\tasync createAuthorizationURL({ state, scopes, redirectURI, loginHint }) {\n\t\t\tif (!getPrimaryClientId(options.clientId) || !options.clientSecret) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t\"Client ID and client secret are required for Facebook. Make sure to provide them in the options.\",\n\t\t\t\t);\n\t\t\t\tthrow new AthenaAuthError(\"CLIENT_ID_AND_SECRET_REQUIRED\");\n\t\t\t}\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"email\", \"public_profile\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn await createAuthorizationURL({\n\t\t\t\tid: \"facebook\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://www.facebook.com/v24.0/dialog/oauth\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t\tloginHint,\n\t\t\t\tadditionalParams: options.configId\n\t\t\t\t\t? {\n\t\t\t\t\t\t\tconfig_id: options.configId,\n\t\t\t\t\t\t}\n\t\t\t\t\t: {},\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://graph.facebook.com/v24.0/oauth/access_token\",\n\t\t\t});\n\t\t},\n\t\tasync verifyIdToken(token, nonce) {\n\t\t\tif (options.disableIdTokenSignIn) {\n\t\t\t\treturn false;\n\t\t\t}\n\n\t\t\tif (options.verifyIdToken) {\n\t\t\t\treturn options.verifyIdToken(token, nonce);\n\t\t\t}\n\n\t\t\t/* limited login */\n\t\t\t// check is limited token\n\t\t\tif (token.split(\".\").length === 3) {\n\t\t\t\ttry {\n\t\t\t\t\tconst { payload: jwtClaims } = await jwtVerify(\n\t\t\t\t\t\ttoken,\n\t\t\t\t\t\tcreateRemoteJWKSet(\n\t\t\t\t\t\t\t// https://developers.facebook.com/docs/facebook-login/limited-login/token/#jwks\n\t\t\t\t\t\t\tnew URL(\n\t\t\t\t\t\t\t\t\"https://limited.facebook.com/.well-known/oauth/openid/jwks/\",\n\t\t\t\t\t\t\t),\n\t\t\t\t\t\t),\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\talgorithms: [\"RS256\"],\n\t\t\t\t\t\t\taudience: options.clientId,\n\t\t\t\t\t\t\tissuer: \"https://www.facebook.com\",\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\n\t\t\t\t\tif (nonce && jwtClaims.nonce !== nonce) {\n\t\t\t\t\t\treturn false;\n\t\t\t\t\t}\n\n\t\t\t\t\treturn !!jwtClaims;\n\t\t\t\t} catch {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t/* access_token */\n\t\t\t// An opaque access token carries no app binding of its own, so it\n\t\t\t// must be validated against the configured app before it can be\n\t\t\t// trusted as proof of identity.\n\t\t\treturn (await verifyFacebookAccessToken(token, options)) !== null;\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint:\n\t\t\t\t\t\t\t\"https://graph.facebook.com/v24.0/oauth/access_token\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tif (token.idToken && token.idToken.split(\".\").length === 3) {\n\t\t\t\tconst profile = decodeJwt(token.idToken) as {\n\t\t\t\t\tsub: string;\n\t\t\t\t\temail: string;\n\t\t\t\t\tname: string;\n\t\t\t\t\tpicture: string;\n\t\t\t\t};\n\n\t\t\t\tconst user = {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\tpicture: {\n\t\t\t\t\t\tdata: {\n\t\t\t\t\t\t\turl: profile.picture,\n\t\t\t\t\t\t\theight: 100,\n\t\t\t\t\t\t\twidth: 100,\n\t\t\t\t\t\t\tis_silhouette: false,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t};\n\n\t\t\t\t// https://developers.facebook.com/docs/facebook-login/limited-login/permissions\n\t\t\t\t// Facebook ID token does not include email_verified claim.\n\t\t\t\t// We default to false for security consistency.\n\t\t\t\tconst userMap = await options.mapProfileToUser?.({\n\t\t\t\t\t...user,\n\t\t\t\t\temail_verified: false,\n\t\t\t\t});\n\n\t\t\t\treturn {\n\t\t\t\t\tuser: {\n\t\t\t\t\t\t...user,\n\t\t\t\t\t\temailVerified: false,\n\t\t\t\t\t\t...userMap,\n\t\t\t\t\t},\n\t\t\t\t\tdata: profile,\n\t\t\t\t};\n\t\t\t}\n\n\t\t\t// The profile is fetched with `accessToken`, which is the credential\n\t\t\t// that actually proves identity here — and a separate request field\n\t\t\t// from the `idToken`/token validated by `verifyIdToken`. Since an\n\t\t\t// opaque token is not app-bound at `/me`, validate this exact token\n\t\t\t// against the configured app before trusting the profile it returns.\n\t\t\tconst accessToken = token.accessToken;\n\t\t\tif (!accessToken) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst tokenUserId = await verifyFacebookAccessToken(accessToken, options);\n\t\t\tif (!tokenUserId) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst fields = [\n\t\t\t\t\"id\",\n\t\t\t\t\"name\",\n\t\t\t\t\"email\",\n\t\t\t\t\"picture\",\n\t\t\t\t...(options?.fields || []),\n\t\t\t];\n\t\t\tconst { data: profile, error } = await betterFetch<FacebookProfile>(\n\t\t\t\t\"https://graph.facebook.com/me?fields=\" + fields.join(\",\"),\n\t\t\t\t{\n\t\t\t\t\tauth: {\n\t\t\t\t\t\ttype: \"Bearer\",\n\t\t\t\t\t\ttoken: accessToken,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\t// Bind the validated token to the profile it returned.\n\t\t\tif (profile.id !== tokenUserId) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.picture.data.url,\n\t\t\t\t\temailVerified: profile.email_verified ?? false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<FacebookProfile>;\n};\n\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport { logger } from \"../env/index.ts\";\nimport { AthenaAuthError } from \"../error.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface FigmaProfile {\n\tid: string;\n\temail: string;\n\thandle: string;\n\timg_url: string;\n}\n\nexport interface FigmaOptions extends ProviderOptions<FigmaProfile> {\n\tclientId: string;\n}\n\nexport const figma = (options: FigmaOptions) => {\n\tconst tokenEndpoint = \"https://api.figma.com/v1/oauth/token\";\n\treturn {\n\t\tid: \"figma\",\n\t\tname: \"Figma\",\n\t\tasync createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tif (!options.clientId || !options.clientSecret) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t\"Client Id and Client Secret are required for Figma. Make sure to provide them in the options.\",\n\t\t\t\t);\n\t\t\t\tthrow new AthenaAuthError(\"CLIENT_ID_AND_SECRET_REQUIRED\");\n\t\t\t}\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new AthenaAuthError(\"codeVerifier is required for Figma\");\n\t\t\t}\n\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"current_user:read\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\n\t\t\tconst url = await createAuthorizationURL({\n\t\t\t\tid: \"figma\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://www.figma.com/oauth\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t});\n\n\t\t\treturn url;\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t\tauthentication: \"basic\",\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t\tauthentication: \"basic\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst { data: profile } = await betterFetch<FigmaProfile>(\n\t\t\t\t\t\"https://api.figma.com/v1/me\",\n\t\t\t\t\t{\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t);\n\n\t\t\t\tif (!profile) {\n\t\t\t\t\tlogger.error(\"Failed to fetch user from Figma\");\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\n\t\t\t\treturn {\n\t\t\t\t\tuser: {\n\t\t\t\t\t\tid: profile.id,\n\t\t\t\t\t\tname: profile.handle,\n\t\t\t\t\t\temail: profile.email,\n\t\t\t\t\t\timage: profile.img_url,\n\t\t\t\t\t\temailVerified: false,\n\t\t\t\t\t\t...userMap,\n\t\t\t\t\t},\n\t\t\t\t\tdata: profile,\n\t\t\t\t};\n\t\t\t} catch (error) {\n\t\t\t\tlogger.error(\"Failed to fetch user info from Figma:\", error);\n\t\t\t\treturn null;\n\t\t\t}\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<FigmaProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport { logger } from \"../env/index.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\tgetOAuth2Tokens,\n\trefreshAccessToken,\n} from \"../oauth2/index.ts\";\nimport { createAuthorizationCodeRequest } from \"../oauth2/validate-authorization-code.ts\";\n\nexport interface GithubProfile {\n\tlogin: string;\n\tid: string;\n\tnode_id: string;\n\tavatar_url: string;\n\tgravatar_id: string;\n\turl: string;\n\thtml_url: string;\n\tfollowers_url: string;\n\tfollowing_url: string;\n\tgists_url: string;\n\tstarred_url: string;\n\tsubscriptions_url: string;\n\torganizations_url: string;\n\trepos_url: string;\n\tevents_url: string;\n\treceived_events_url: string;\n\ttype: string;\n\tsite_admin: boolean;\n\tname: string;\n\tcompany: string;\n\tblog: string;\n\tlocation: string;\n\temail: string | null;\n\thireable: boolean;\n\tbio: string;\n\ttwitter_username: string;\n\tpublic_repos: string;\n\tpublic_gists: string;\n\tfollowers: string;\n\tfollowing: string;\n\tcreated_at: string;\n\tupdated_at: string;\n\tprivate_gists: string;\n\ttotal_private_repos: string;\n\towned_private_repos: string;\n\tdisk_usage: string;\n\tcollaborators: string;\n\ttwo_factor_authentication: boolean;\n\tplan: {\n\t\tname: string;\n\t\tspace: string;\n\t\tprivate_repos: string;\n\t\tcollaborators: string;\n\t};\n}\n\nexport interface GithubOptions extends ProviderOptions<GithubProfile> {\n\tclientId: string;\n}\nexport const github = (options: GithubOptions) => {\n\tconst tokenEndpoint = \"https://github.com/login/oauth/access_token\";\n\treturn {\n\t\tid: \"github\",\n\t\tname: \"GitHub\",\n\t\tcreateAuthorizationURL({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tloginHint,\n\t\t\tcodeVerifier,\n\t\t\tredirectURI,\n\t\t}) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"read:user\", \"user:email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"github\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://github.com/login/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\tloginHint,\n\t\t\t\tprompt: options.prompt,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\tconst { body, headers: requestHeaders } = createAuthorizationCodeRequest({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t});\n\n\t\t\tconst { data, error } = await betterFetch<\n\t\t\t\t| { access_token: string; token_type: string; scope: string }\n\t\t\t\t| { error: string; error_description?: string; error_uri?: string }\n\t\t\t>(tokenEndpoint, {\n\t\t\t\tmethod: \"POST\",\n\t\t\t\tbody: body,\n\t\t\t\theaders: requestHeaders,\n\t\t\t});\n\n\t\t\tif (error) {\n\t\t\t\tlogger.error(\"GitHub OAuth token exchange failed:\", error);\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tif (\"error\" in data) {\n\t\t\t\tlogger.error(\"GitHub OAuth token exchange failed:\", data);\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\treturn getOAuth2Tokens(data);\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<GithubProfile>(\n\t\t\t\t\"https://api.github.com/user\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t\"User-Agent\": \"athena-auth\",\n\t\t\t\t\t\tauthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst { data: emails } = await betterFetch<\n\t\t\t\t{\n\t\t\t\t\temail: string;\n\t\t\t\t\tprimary: boolean;\n\t\t\t\t\tverified: boolean;\n\t\t\t\t\tvisibility: \"public\" | \"private\";\n\t\t\t\t}[]\n\t\t\t>(\"https://api.github.com/user/emails\", {\n\t\t\t\theaders: {\n\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\"User-Agent\": \"athena-auth\",\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (!profile.email && emails) {\n\t\t\t\tprofile.email = (emails.find((e) => e.primary) ?? emails[0])\n\t\t\t\t\t?.email as string;\n\t\t\t}\n\t\t\tconst emailVerified =\n\t\t\t\temails?.find((e) => e.email === profile.email)?.verified ?? false;\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.name || profile.login || \"\",\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.avatar_url,\n\t\t\t\t\temailVerified,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<GithubProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface GitlabProfile extends Record<string, any> {\n\tid: number;\n\tusername: string;\n\temail: string;\n\tname: string;\n\tstate: string;\n\tavatar_url: string;\n\tweb_url: string;\n\tcreated_at: string;\n\tbio: string;\n\tlocation?: string | undefined;\n\tpublic_email: string;\n\tskype: string;\n\tlinkedin: string;\n\ttwitter: string;\n\twebsite_url: string;\n\torganization: string;\n\tjob_title: string;\n\tpronouns: string;\n\tbot: boolean;\n\twork_information?: string | undefined;\n\tfollowers: number;\n\tfollowing: number;\n\tlocal_time: string;\n\tlast_sign_in_at: string;\n\tconfirmed_at: string;\n\ttheme_id: number;\n\tlast_activity_on: string;\n\tcolor_scheme_id: number;\n\tprojects_limit: number;\n\tcurrent_sign_in_at: string;\n\tidentities: Array<{\n\t\tprovider: string;\n\t\textern_uid: string;\n\t}>;\n\tcan_create_group: boolean;\n\tcan_create_project: boolean;\n\ttwo_factor_enabled: boolean;\n\texternal: boolean;\n\tprivate_profile: boolean;\n\tcommit_email: string;\n\tshared_runners_minutes_limit: number;\n\textra_shared_runners_minutes_limit: number;\n\temail_verified?: boolean | undefined;\n}\n\nexport interface GitlabOptions extends ProviderOptions<GitlabProfile> {\n\tclientId: string;\n\tissuer?: string | undefined;\n}\n\nconst cleanDoubleSlashes = (input: string = \"\") => {\n\treturn input\n\t\t.split(\"://\")\n\t\t.map((str) => str.replace(/\\/{2,}/g, \"/\"))\n\t\t.join(\"://\");\n};\n\nconst issuerToEndpoints = (issuer?: string | undefined) => {\n\tconst baseUrl = issuer || \"https://gitlab.com\";\n\treturn {\n\t\tauthorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),\n\t\ttokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),\n\t\tuserinfoEndpoint: cleanDoubleSlashes(`${baseUrl}/api/v4/user`),\n\t};\n};\n\nexport const gitlab = (options: GitlabOptions) => {\n\tconst { authorizationEndpoint, tokenEndpoint, userinfoEndpoint } =\n\t\tissuerToEndpoints(options.issuer);\n\tconst issuerId = \"gitlab\";\n\tconst issuerName = \"Gitlab\";\n\treturn {\n\t\tid: issuerId,\n\t\tname: issuerName,\n\t\tcreateAuthorizationURL: async ({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tcodeVerifier,\n\t\t\tloginHint,\n\t\t\tredirectURI,\n\t\t}) => {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"read_user\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn await createAuthorizationURL({\n\t\t\t\tid: issuerId,\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t\tcodeVerifier,\n\t\t\t\tloginHint,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\tcodeVerifier,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: tokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<GitlabProfile>(\n\t\t\t\tuserinfoEndpoint,\n\t\t\t\t{ headers: { authorization: `Bearer ${token.accessToken}` } },\n\t\t\t);\n\t\t\tif (error || profile.state !== \"active\" || profile.locked) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\t// GitLab may provide email_verified claim, but it's not guaranteed.\n\t\t\t// We check for it first, then default to false for security consistency.\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.name ?? profile.username ?? \"\",\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.avatar_url,\n\t\t\t\t\temailVerified: profile.email_verified ?? false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<GitlabProfile>;\n};\n","import type { ProviderOptions } from '../oauth2/index.ts'\n\n/**\n * Google OpenID Connect ID-token claims used by the Google social provider.\n * @see https://developers.google.com/identity/openid-connect/openid-connect#an-id-tokens-payload\n */\nexport interface GoogleProfile {\n aud: string\n azp: string\n email: string\n email_verified: boolean\n exp: number\n /**\n * The family name of the user, or last name in most\n * Western languages.\n */\n family_name: string\n /**\n * The given name of the user, or first name in most\n * Western languages.\n */\n given_name: string\n hd?: string | undefined\n iat: number\n iss: string\n jti?: string | undefined\n locale?: string | undefined\n name: string\n nbf?: number | undefined\n picture: string\n sub: string\n}\n\n/**\n * Configuration for the Google OAuth / OpenID Connect provider.\n */\nexport interface GoogleOptions extends ProviderOptions<GoogleProfile> {\n clientId: string | string[]\n /**\n * The access type to use for the authorization code request.\n * Use `offline` to receive a refresh token.\n */\n accessType?: ('offline' | 'online') | undefined\n /**\n * The display mode to use for the authorization code request.\n */\n display?: ('page' | 'popup' | 'touch' | 'wap') | undefined\n /**\n * Hosted domain (Google Workspace) the user must belong to.\n *\n * Sent as the `hd` authorization hint and enforced against the ID token\n * `hd` claim. Use `\"*\"` to require any Workspace domain.\n */\n hd?: string | undefined\n}\n\n/** Inputs for {@link verifyGoogleIdToken}. */\nexport interface VerifyGoogleIdTokenOptions {\n token: string\n audience: string | string[]\n nonce?: string | undefined\n}\n\n/** Maximum accepted age for Google ID tokens during local verification. */\nexport const GOOGLE_ID_TOKEN_MAX_AGE = '1h'\n","import { getJwksPublicKey } from './helpers/get-jwks-public-key.ts'\n\nexport const getGooglePublicKey = async (kid: string) => {\n return getJwksPublicKey('https://www.googleapis.com/oauth2/v3/certs', kid)\n}\n","import type { JWTPayload } from 'jose'\nimport { decodeProtectedHeader, jwtVerify } from 'jose'\nimport {\n GOOGLE_ID_TOKEN_MAX_AGE,\n type VerifyGoogleIdTokenOptions,\n} from './google-types.ts'\nimport { getGooglePublicKey } from './google-keys.ts'\n\n/**\n * Verifies a Google ID token against Google's issuer, audience, signature,\n * expiry, and maximum token age.\n */\nexport const verifyGoogleIdToken = async ({\n token,\n audience,\n nonce,\n}: VerifyGoogleIdTokenOptions): Promise<JWTPayload | null> => {\n try {\n const { kid, alg: jwtAlg } = decodeProtectedHeader(token)\n if (!kid || !jwtAlg) return null\n\n const publicKey = await getGooglePublicKey(kid)\n const { payload: jwtClaims } = await jwtVerify(token, publicKey, {\n algorithms: [jwtAlg],\n issuer: ['https://accounts.google.com', 'accounts.google.com'],\n audience,\n maxTokenAge: GOOGLE_ID_TOKEN_MAX_AGE,\n })\n\n if (nonce && jwtClaims.nonce !== nonce) {\n return null\n }\n\n return jwtClaims\n } catch {\n return null\n }\n}\n\n/**\n * Checks whether Google's verified `hd` claim satisfies the configured hosted\n * domain restriction. `hd: \"*\"` accepts any Google Workspace hosted domain.\n */\nexport const isGoogleHostedDomainAllowed = (\n configuredHostedDomain: string | undefined,\n tokenHostedDomain: unknown,\n) => {\n if (!configuredHostedDomain) return true\n if (typeof tokenHostedDomain !== 'string' || !tokenHostedDomain) {\n return false\n }\n if (configuredHostedDomain === '*') return true\n return tokenHostedDomain === configuredHostedDomain\n}\n","/**\n * Merge default, configured, and request-time OAuth scopes without duplicates.\n *\n * Order of application: defaults → `optionScopes` → `requestScopes`.\n * When `disableDefaultScope` is true, the default list is skipped.\n *\n * @param defaults - Provider default scopes (e.g. `openid profile email`)\n * @param optionScopes - Scopes from provider options\n * @param requestScopes - Scopes from the authorization request call\n * @param disableDefaultScope - When true, omit `defaults`\n * @returns Deduplicated scope list preserving first-seen order\n */\nexport function mergeScopes(\n defaults: string[],\n optionScopes: string[] | undefined,\n requestScopes: string[] | undefined,\n disableDefaultScope?: boolean,\n): string[] {\n const scopes = disableDefaultScope ? [] : [...defaults]\n if (optionScopes) scopes.push(...optionScopes)\n if (requestScopes) scopes.push(...requestScopes)\n return [...new Set(scopes)]\n}\n","import { decodeJwt } from 'jose'\nimport { logger } from '../env/index.ts'\nimport { AthenaAuthError } from '../error.ts'\nimport type { OAuthProvider } from '../oauth2/index.ts'\nimport {\n createAuthorizationURL,\n getPrimaryClientId,\n refreshAccessToken,\n validateAuthorizationCode,\n} from '../oauth2/index.ts'\nimport type { GoogleOptions, GoogleProfile } from './google-types.ts'\nimport {\n isGoogleHostedDomainAllowed,\n verifyGoogleIdToken,\n} from './google-verify.ts'\nimport { mergeScopes } from './helpers/merge-scopes.ts'\n\nexport type {\n GoogleOptions,\n GoogleProfile,\n VerifyGoogleIdTokenOptions,\n} from './google-types.ts'\nexport { getGooglePublicKey } from './google-keys.ts'\nexport {\n isGoogleHostedDomainAllowed,\n verifyGoogleIdToken,\n} from './google-verify.ts'\n\n/**\n * Google OAuth / OpenID Connect provider factory.\n *\n * @param options - Client id/secret, optional hosted domain (`hd`), access type\n * @returns Provider with authorize, token, refresh, ID-token verify, and userinfo\n */\nexport const google = (options: GoogleOptions) => {\n return {\n id: 'google',\n name: 'Google',\n async createAuthorizationURL({\n state,\n scopes,\n codeVerifier,\n redirectURI,\n loginHint,\n display,\n }) {\n if (!getPrimaryClientId(options.clientId) || !options.clientSecret) {\n logger.error(\n 'Client Id and Client Secret is required for Google. Make sure to provide them in the options.',\n )\n throw new AthenaAuthError('CLIENT_ID_AND_SECRET_REQUIRED')\n }\n if (!codeVerifier) {\n throw new AthenaAuthError('codeVerifier is required for Google')\n }\n const _scopes = mergeScopes(\n ['email', 'profile', 'openid'],\n options.scope,\n scopes,\n options.disableDefaultScope,\n )\n const url = await createAuthorizationURL({\n id: 'google',\n options,\n authorizationEndpoint: 'https://accounts.google.com/o/oauth2/v2/auth',\n scopes: _scopes,\n state,\n codeVerifier,\n redirectURI,\n prompt: options.prompt,\n accessType: options.accessType,\n display: display || options.display,\n loginHint,\n hd: options.hd,\n additionalParams: {\n include_granted_scopes: 'true',\n },\n })\n return url\n },\n validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n return validateAuthorizationCode({\n code,\n codeVerifier,\n redirectURI,\n options,\n tokenEndpoint: 'https://oauth2.googleapis.com/token',\n })\n },\n refreshAccessToken: options.refreshAccessToken\n ? options.refreshAccessToken\n : async (refreshToken) => {\n return refreshAccessToken({\n refreshToken,\n options: {\n clientId: options.clientId,\n clientKey: options.clientKey,\n clientSecret: options.clientSecret,\n },\n tokenEndpoint: 'https://oauth2.googleapis.com/token',\n })\n },\n async verifyIdToken(token, nonce) {\n if (options.disableIdTokenSignIn) {\n return false\n }\n if (options.verifyIdToken) {\n return options.verifyIdToken(token, nonce)\n }\n\n const jwtClaims = await verifyGoogleIdToken({\n token,\n audience: options.clientId,\n nonce,\n })\n if (!jwtClaims) {\n return false\n }\n\n return isGoogleHostedDomainAllowed(options.hd, jwtClaims.hd)\n },\n async getUserInfo(token) {\n if (options.getUserInfo) {\n return options.getUserInfo(token)\n }\n if (!token.idToken) {\n return null\n }\n const user = decodeJwt(token.idToken) as GoogleProfile\n if (!isGoogleHostedDomainAllowed(options.hd, user.hd)) {\n logger.error(\n `Google sign-in rejected: id token hosted domain (hd) \"${\n user.hd ?? '<missing>'\n }\" does not satisfy the configured \"hd\" option \"${options.hd}\".`,\n )\n return null\n }\n const userMap = await options.mapProfileToUser?.(user)\n return {\n user: {\n id: user.sub,\n name: user.name,\n email: user.email,\n image: user.picture,\n emailVerified: user.email_verified,\n ...userMap,\n },\n data: user,\n }\n },\n options,\n } satisfies OAuthProvider<GoogleProfile>\n}\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface HuggingFaceProfile {\n\tsub: string;\n\tname: string;\n\tpreferred_username: string;\n\tprofile: string;\n\tpicture: string;\n\twebsite?: string | undefined;\n\temail?: string | undefined;\n\temail_verified?: boolean | undefined;\n\tisPro: boolean;\n\tcanPay?: boolean | undefined;\n\torgs?:\n\t\t| {\n\t\t\t\tsub: string;\n\t\t\t\tname: string;\n\t\t\t\tpicture: string;\n\t\t\t\tpreferred_username: string;\n\t\t\t\tisEnterprise: boolean | \"plus\";\n\t\t\t\tcanPay?: boolean;\n\t\t\t\troleInOrg?: \"admin\" | \"write\" | \"contributor\" | \"read\";\n\t\t\t\tpendingSSO?: boolean;\n\t\t\t\tmissingMFA?: boolean;\n\t\t\t\tresourceGroups?: {\n\t\t\t\t\tsub: string;\n\t\t\t\t\tname: string;\n\t\t\t\t\trole: \"admin\" | \"write\" | \"contributor\" | \"read\";\n\t\t\t\t}[];\n\t\t }\n\t\t| undefined;\n}\n\nexport interface HuggingFaceOptions\n\textends ProviderOptions<HuggingFaceProfile> {\n\tclientId: string;\n}\n\nexport const huggingface = (options: HuggingFaceOptions) => {\n\tconst tokenEndpoint = \"https://huggingface.co/oauth/token\";\n\treturn {\n\t\tid: \"huggingface\",\n\t\tname: \"Hugging Face\",\n\t\tcreateAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"profile\", \"email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"huggingface\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://huggingface.co/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<HuggingFaceProfile>(\n\t\t\t\t\"https://huggingface.co/oauth/userinfo\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.name || profile.preferred_username || \"\",\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\temailVerified: profile.email_verified ?? false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<HuggingFaceProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\ninterface Partner {\n\t/** Partner-specific ID (consent required: kakaotalk_message) */\n\tuuid?: string | undefined;\n}\n\ninterface Profile {\n\t/** Nickname (consent required: profile/nickname) */\n\tnickname?: string | undefined;\n\t/** Thumbnail image URL (consent required: profile/profile image) */\n\tthumbnail_image_url?: string | undefined;\n\t/** Profile image URL (consent required: profile/profile image) */\n\tprofile_image_url?: string | undefined;\n\t/** Whether the profile image is the default */\n\tis_default_image?: boolean | undefined;\n\t/** Whether the nickname is the default */\n\tis_default_nickname?: boolean | undefined;\n}\n\ninterface KakaoAccount {\n\t/** Consent required: profile info (nickname/profile image) */\n\tprofile_needs_agreement?: boolean | undefined;\n\t/** Consent required: nickname */\n\tprofile_nickname_needs_agreement?: boolean | undefined;\n\t/** Consent required: profile image */\n\tprofile_image_needs_agreement?: boolean | undefined;\n\t/** Profile info */\n\tprofile?: Profile | undefined;\n\t/** Consent required: name */\n\tname_needs_agreement?: boolean | undefined;\n\t/** Name */\n\tname?: string | undefined;\n\t/** Consent required: email */\n\temail_needs_agreement?: boolean | undefined;\n\t/** Email valid */\n\tis_email_valid?: boolean | undefined;\n\t/** Email verified */\n\tis_email_verified?: boolean | undefined;\n\t/** Email */\n\temail?: string | undefined;\n\t/** Consent required: age range */\n\tage_range_needs_agreement?: boolean | undefined;\n\t/** Age range */\n\tage_range?: string | undefined;\n\t/** Consent required: birth year */\n\tbirthyear_needs_agreement?: boolean | undefined;\n\t/** Birth year (YYYY) */\n\tbirthyear?: string | undefined;\n\t/** Consent required: birthday */\n\tbirthday_needs_agreement?: boolean | undefined;\n\t/** Birthday (MMDD) */\n\tbirthday?: string | undefined;\n\t/** Birthday type (SOLAR/LUNAR) */\n\tbirthday_type?: string | undefined;\n\t/** Whether birthday is in a leap month */\n\tis_leap_month?: boolean | undefined;\n\t/** Consent required: gender */\n\tgender_needs_agreement?: boolean | undefined;\n\t/** Gender (male/female) */\n\tgender?: string | undefined;\n\t/** Consent required: phone number */\n\tphone_number_needs_agreement?: boolean | undefined;\n\t/** Phone number */\n\tphone_number?: string | undefined;\n\t/** Consent required: CI */\n\tci_needs_agreement?: boolean | undefined;\n\t/** CI (unique identifier) */\n\tci?: string | undefined;\n\t/** CI authentication time (UTC) */\n\tci_authenticated_at?: string | undefined;\n}\n\nexport interface KakaoProfile {\n\t/** Kakao user ID */\n\tid: number;\n\t/**\n\t * Whether the user has signed up (only present if auto-connection is disabled)\n\t * false: preregistered, true: registered\n\t */\n\thas_signed_up?: boolean | undefined;\n\t/** UTC datetime when the user connected the service */\n\tconnected_at?: string | undefined;\n\t/** UTC datetime when the user signed up via Kakao Sync */\n\tsynched_at?: string | undefined;\n\t/** Custom user properties */\n\tproperties?: Record<string, any> | undefined;\n\t/** Kakao account info */\n\tkakao_account: KakaoAccount;\n\t/** Partner info */\n\tfor_partner?: Partner | undefined;\n}\n\nexport interface KakaoOptions extends ProviderOptions<KakaoProfile> {\n\tclientId: string;\n}\n\nexport const kakao = (options: KakaoOptions) => {\n\tconst tokenEndpoint = \"https://kauth.kakao.com/oauth/token\";\n\treturn {\n\t\tid: \"kakao\",\n\t\tname: \"Kakao\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"account_email\", \"profile_image\", \"profile_nickname\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"kakao\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://kauth.kakao.com/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<KakaoProfile>(\n\t\t\t\t\"https://kapi.kakao.com/v2/user/me\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !profile) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\tconst account = profile.kakao_account || {};\n\t\t\tconst kakaoProfile = account.profile || {};\n\t\t\tconst user = {\n\t\t\t\tid: String(profile.id),\n\t\t\t\tname: kakaoProfile.nickname || account.name || \"\",\n\t\t\t\temail: account.email,\n\t\t\t\timage:\n\t\t\t\t\tkakaoProfile.profile_image_url || kakaoProfile.thumbnail_image_url,\n\t\t\t\temailVerified: !!account.is_email_valid && !!account.is_email_verified,\n\t\t\t\t...userMap,\n\t\t\t};\n\t\t\treturn {\n\t\t\t\tuser,\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<KakaoProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface KickProfile {\n\t/**\n\t * The user id of the user\n\t */\n\tuser_id: string;\n\t/**\n\t * The name of the user\n\t */\n\tname: string;\n\t/**\n\t * The email of the user\n\t */\n\temail: string;\n\t/**\n\t * The picture of the user\n\t */\n\tprofile_picture: string;\n}\n\nexport interface KickOptions extends ProviderOptions<KickProfile> {\n\tclientId: string;\n}\n\nexport const kick = (options: KickOptions) => {\n\treturn {\n\t\tid: \"kick\",\n\t\tname: \"Kick\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI, codeVerifier }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"user:read\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"kick\",\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://id.kick.com/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tcodeVerifier,\n\t\t\t\tstate,\n\t\t\t});\n\t\t},\n\t\tasync validateAuthorizationCode({ code, redirectURI, codeVerifier }) {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://id.kick.com/oauth/token\",\n\t\t\t\tcodeVerifier,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: \"https://id.kick.com/oauth/token\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tconst { data, error } = await betterFetch<{\n\t\t\t\tdata: KickProfile[];\n\t\t\t}>(\"https://api.kick.com/public/v1/users\", {\n\t\t\t\tmethod: \"GET\",\n\t\t\t\theaders: {\n\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst profile = data.data[0]!;\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\t// Kick does not provide email_verified claim.\n\t\t\t// We default to false for security consistency.\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.user_id,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.profile_picture,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<KickProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport { decodeJwt } from \"jose\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface LineIdTokenPayload {\n\tiss: string;\n\tsub: string;\n\taud: string;\n\texp: number;\n\tiat: number;\n\tname?: string | undefined;\n\tpicture?: string | undefined;\n\temail?: string | undefined;\n\tamr?: string[] | undefined;\n\tnonce?: string | undefined;\n}\n\nexport interface LineUserInfo {\n\tsub: string;\n\tname?: string | undefined;\n\tpicture?: string | undefined;\n\temail?: string | undefined;\n}\n\nexport interface LineOptions\n\textends ProviderOptions<LineUserInfo | LineIdTokenPayload> {\n\tclientId: string;\n}\n\n/**\n * LINE Login v2.1\n * - Authorization endpoint: https://access.line.me/oauth2/v2.1/authorize\n * - Token endpoint: https://api.line.me/oauth2/v2.1/token\n * - UserInfo endpoint: https://api.line.me/oauth2/v2.1/userinfo\n * - Verify ID token: https://api.line.me/oauth2/v2.1/verify\n *\n * Docs: https://developers.line.biz/en/reference/line-login/#issue-access-token\n */\nexport const line = (options: LineOptions) => {\n\tconst authorizationEndpoint = \"https://access.line.me/oauth2/v2.1/authorize\";\n\tconst tokenEndpoint = \"https://api.line.me/oauth2/v2.1/token\";\n\tconst userInfoEndpoint = \"https://api.line.me/oauth2/v2.1/userinfo\";\n\tconst verifyIdTokenEndpoint = \"https://api.line.me/oauth2/v2.1/verify\";\n\n\treturn {\n\t\tid: \"line\",\n\t\tname: \"LINE\",\n\t\tasync createAuthorizationURL({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tcodeVerifier,\n\t\t\tredirectURI,\n\t\t\tloginHint,\n\t\t}) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"profile\", \"email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn await createAuthorizationURL({\n\t\t\t\tid: \"line\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\tloginHint,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync verifyIdToken(token, nonce) {\n\t\t\tif (options.disableIdTokenSignIn) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\tif (options.verifyIdToken) {\n\t\t\t\treturn options.verifyIdToken(token, nonce);\n\t\t\t}\n\t\t\tconst body = new URLSearchParams();\n\t\t\tbody.set(\"id_token\", token);\n\t\t\tbody.set(\"client_id\", options.clientId);\n\t\t\tif (nonce) body.set(\"nonce\", nonce);\n\t\t\tconst { data, error } = await betterFetch<LineIdTokenPayload>(\n\t\t\t\tverifyIdTokenEndpoint,\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t\"content-type\": \"application/x-www-form-urlencoded\",\n\t\t\t\t\t},\n\t\t\t\t\tbody,\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !data) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\t// aud must match clientId; nonce (if provided) must also match nonce\n\t\t\tif (data.aud !== options.clientId) return false;\n\t\t\tif (data.nonce && data.nonce !== nonce) return false;\n\t\t\treturn true;\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tlet profile: LineUserInfo | LineIdTokenPayload | null = null;\n\t\t\t// Prefer ID token if available\n\t\t\tif (token.idToken) {\n\t\t\t\ttry {\n\t\t\t\t\tprofile = decodeJwt(token.idToken) as LineIdTokenPayload;\n\t\t\t\t} catch {}\n\t\t\t}\n\t\t\t// Fallback to UserInfo endpoint\n\t\t\tif (!profile) {\n\t\t\t\tconst { data } = await betterFetch<LineUserInfo>(userInfoEndpoint, {\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tauthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tprofile = data || null;\n\t\t\t}\n\t\t\tif (!profile) return null;\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile as any);\n\t\t\t// ID preference order\n\t\t\tconst id = (profile as any).sub || (profile as any).userId;\n\t\t\tconst name = (profile as any).name || (profile as any).displayName || \"\";\n\t\t\tconst image =\n\t\t\t\t(profile as any).picture || (profile as any).pictureUrl || undefined;\n\t\t\tconst email = (profile as any).email;\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid,\n\t\t\t\t\tname,\n\t\t\t\t\temail,\n\t\t\t\t\timage,\n\t\t\t\t\t// LINE does not expose email verification status in ID token/userinfo\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile as any,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<LineUserInfo | LineIdTokenPayload, LineOptions>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface LinearUser {\n\tid: string;\n\tname: string;\n\temail: string;\n\tavatarUrl?: string | undefined;\n\tactive: boolean;\n\tcreatedAt: string;\n\tupdatedAt: string;\n}\n\nexport interface LinearProfile {\n\tdata: {\n\t\tviewer: LinearUser;\n\t};\n}\n\nexport interface LinearOptions extends ProviderOptions<LinearUser> {\n\tclientId: string;\n}\n\nexport const linear = (options: LinearOptions) => {\n\tconst tokenEndpoint = \"https://api.linear.app/oauth/token\";\n\treturn {\n\t\tid: \"linear\",\n\t\tname: \"Linear\",\n\t\tcreateAuthorizationURL({ state, scopes, loginHint, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"read\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"linear\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://linear.app/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t\tloginHint,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tconst { data: profile, error } = await betterFetch<LinearProfile>(\n\t\t\t\t\"https://api.linear.app/graphql\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t\"Content-Type\": \"application/json\",\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t\tbody: JSON.stringify({\n\t\t\t\t\t\tquery: `\n\t\t\t\t\t\t\tquery {\n\t\t\t\t\t\t\t\tviewer {\n\t\t\t\t\t\t\t\t\tid\n\t\t\t\t\t\t\t\t\tname\n\t\t\t\t\t\t\t\t\temail\n\t\t\t\t\t\t\t\t\tavatarUrl\n\t\t\t\t\t\t\t\t\tactive\n\t\t\t\t\t\t\t\t\tcreatedAt\n\t\t\t\t\t\t\t\t\tupdatedAt\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t`,\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !profile?.data?.viewer) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userData = profile.data.viewer;\n\t\t\tconst userMap = await options.mapProfileToUser?.(userData);\n\t\t\t// Linear does not provide email_verified claim.\n\t\t\t// We default to false for security consistency.\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.data.viewer.id,\n\t\t\t\t\tname: profile.data.viewer.name,\n\t\t\t\t\temail: profile.data.viewer.email,\n\t\t\t\t\timage: profile.data.viewer.avatarUrl,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: userData,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<LinearUser>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface LinkedInProfile {\n\tsub: string;\n\tname: string;\n\tgiven_name: string;\n\tfamily_name: string;\n\tpicture: string;\n\tlocale: {\n\t\tcountry: string;\n\t\tlanguage: string;\n\t};\n\temail?: string;\n\temail_verified?: boolean;\n}\n\nexport interface LinkedInOptions extends ProviderOptions<LinkedInProfile> {\n\tclientId: string;\n}\n\nexport const linkedin = (options: LinkedInOptions) => {\n\tconst authorizationEndpoint =\n\t\t\"https://www.linkedin.com/oauth/v2/authorization\";\n\tconst tokenEndpoint = \"https://www.linkedin.com/oauth/v2/accessToken\";\n\n\treturn {\n\t\tid: \"linkedin\",\n\t\tname: \"Linkedin\",\n\t\tcreateAuthorizationURL: async ({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tredirectURI,\n\t\t\tloginHint,\n\t\t}) => {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"profile\", \"email\", \"openid\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn await createAuthorizationURL({\n\t\t\t\tid: \"linkedin\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tloginHint,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn await validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<LinkedInProfile>(\n\t\t\t\t\"https://api.linkedin.com/v2/userinfo\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\temailVerified: profile.email_verified ?? false,\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<LinkedInProfile>;\n};\n","import { getJwksPublicKey } from './helpers/get-jwks-public-key.ts'\n\n/**\n * Import the Microsoft Entra ID JWKS public key for the given JWT `kid`.\n *\n * @param kid - JWT protected-header key id\n * @param tenant - Tenant id or common/organizations/consumers\n * @param authority - Authority host (no trailing slash), e.g. login.microsoftonline.com\n */\nexport const getMicrosoftPublicKey = async (\n kid: string,\n tenant: string,\n authority: string,\n) => {\n return getJwksPublicKey(\n `${authority}/${tenant}/discovery/v2.0/keys`,\n kid,\n )\n}\n","import type { ProviderOptions } from '../oauth2/index.ts'\n\n/**\n * Microsoft personal (consumer) account tenant id.\n * @see https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference\n */\nexport const MICROSOFT_CONSUMER_TENANT_ID = '9188040d-6c67-4c5b-b112-36a304b66dad'\n\nexport interface MicrosoftEntraIDProfile extends Record<string, any> {\n\t/** Identifies the intended recipient of the token */\n\taud: string;\n\t/** Identifies the issuer, or \"authorization server\" that constructs and returns the token */\n\tiss: string;\n\t/** Indicates when the authentication for the token occurred */\n\tiat: Date;\n\t/** Records the identity provider that authenticated the subject of the token */\n\tidp: string;\n\t/** Identifies the time before which the JWT can't be accepted for processing */\n\tnbf: Date;\n\t/** Identifies the expiration time on or after which the JWT can't be accepted for processing */\n\texp: Date;\n\t/** Code hash included in ID tokens when issued with an OAuth 2.0 authorization code */\n\tc_hash: string;\n\t/** Access token hash included in ID tokens when issued with an OAuth 2.0 access token */\n\tat_hash: string;\n\t/** Internal claim used to record data for token reuse */\n\taio: string;\n\t/** The primary username that represents the user */\n\tpreferred_username: string;\n\t/** User's email address */\n\temail?: string;\n\t/** Human-readable value that identifies the subject of the token */\n\tname: string;\n\t/** Matches the parameter included in the original authorize request */\n\tnonce: string;\n\t/** User's profile picture */\n\tpicture: string;\n\t/** Immutable identifier for the user account */\n\toid: string;\n\t/** Set of roles assigned to the user */\n\troles: string[];\n\t/** Internal claim used to revalidate tokens */\n\trh: string;\n\t/** Subject identifier - unique to application ID */\n\tsub: string;\n\t/** Tenant ID the user is signing in to */\n\ttid: string;\n\t/** Unique identifier for a session */\n\tsid: string;\n\t/** Token identifier claim */\n\tuti: string;\n\t/** Indicates if user is in at least one group */\n\thasgroups: boolean;\n\t/** User account status in tenant (0 = member, 1 = guest) */\n\tacct: 0 | 1;\n\t/** Auth Context IDs */\n\tacrs: string;\n\t/** Time when the user last authenticated */\n\tauth_time: Date;\n\t/** User's country/region */\n\tctry: string;\n\t/** IP address of requesting client when inside VNET */\n\tfwd: string;\n\t/** Group claims */\n\tgroups: string;\n\t/** Login hint for SSO */\n\tlogin_hint: string;\n\t/** Resource tenant's country/region */\n\ttenant_ctry: string;\n\t/** Region of the resource tenant */\n\ttenant_region_scope: string;\n\t/** UserPrincipalName */\n\tupn: string;\n\t/** User's verified primary email addresses */\n\tverified_primary_email: string[];\n\t/** User's verified secondary email addresses */\n\tverified_secondary_email: string[];\n\t/** Whether the user's email is verified (optional claim, must be configured in app registration) */\n\temail_verified?: boolean | undefined;\n\t/** VNET specifier information */\n\tvnet: string;\n\t/** Client Capabilities */\n\txms_cc: string;\n\t/** Whether user's email domain is verified */\n\txms_edov: boolean;\n\t/** Preferred data location for Multi-Geo tenants */\n\txms_pdl: string;\n\t/** User preferred language */\n\txms_pl: string;\n\t/** Tenant preferred language */\n\txms_tpl: string;\n\t/** Zero-touch Deployment ID */\n\tztdid: string;\n\t/** IP Address */\n\tipaddr: string;\n\t/** On-premises Security Identifier */\n\tonprem_sid: string;\n\t/** Password Expiration Time */\n\tpwd_exp: number;\n\t/** Change Password URL */\n\tpwd_url: string;\n\t/** Inside Corporate Network flag */\n\tin_corp: string;\n\t/** User's family name/surname */\n\tfamily_name: string;\n\t/** User's given/first name */\n\tgiven_name: string;\n}\n\nexport interface MicrosoftOptions\n\textends ProviderOptions<MicrosoftEntraIDProfile> {\n\tclientId: string | string[];\n\t/**\n\t * The tenant ID of the Microsoft account\n\t * @default \"common\"\n\t */\n\ttenantId?: string | undefined;\n\t/**\n\t * The authentication authority URL. Use the default \"https://login.microsoftonline.com\" for standard Entra ID or \"https://<tenant-id>.ciamlogin.com\" for CIAM scenarios.\n\t * @default \"https://login.microsoftonline.com\"\n\t */\n\tauthority?: string | undefined;\n\t/**\n\t * The size of the profile photo\n\t * @default 48\n\t */\n\tprofilePhotoSize?:\n\t\t| (48 | 64 | 96 | 120 | 240 | 360 | 432 | 504 | 648)\n\t\t| undefined;\n\t/**\n\t * Disable profile photo\n\t */\n\tdisableProfilePhoto?: boolean | undefined;\n}\n","import { base64 } from \"../utils/base64.ts\";\nimport { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport { decodeJwt, decodeProtectedHeader, jwtVerify } from \"jose\";\nimport { logger } from \"../env/index.ts\";\nimport { AthenaAuthError } from \"../error.ts\";\nimport type { OAuthProvider } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\tgetPrimaryClientId,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\nimport { trimTrailingSlash } from \"./helpers/trim-trailing-slash.ts\";\nimport { getMicrosoftPublicKey } from \"./microsoft-keys.ts\";\n\nimport {\n\tMICROSOFT_CONSUMER_TENANT_ID,\n\ttype MicrosoftEntraIDProfile,\n\ttype MicrosoftOptions,\n} from \"./microsoft-types.ts\";\n\nexport type { MicrosoftEntraIDProfile, MicrosoftOptions } from \"./microsoft-types.ts\";\nexport { MICROSOFT_CONSUMER_TENANT_ID } from \"./microsoft-types.ts\";\nexport { getMicrosoftPublicKey } from \"./microsoft-keys.ts\";\n\n/**\n * Microsoft Entra ID (Azure AD) OAuth provider factory.\n *\n * Supports multi-tenant endpoints (common/organizations/consumers) with\n * explicit tenant-class checks on ID tokens.\n *\n * @param options - Client id, optional tenant/authority, profile photo settings\n */\n\n\nexport const microsoft = (options: MicrosoftOptions) => {\n\tconst tenant = options.tenantId || \"common\";\n\t// Trim any trailing slash so endpoint URLs and the issuer comparison below\n\t// never produce a double slash (e.g. a configured `https://host/` would make\n\t// the expected issuer `https://host//<tid>/v2.0` and reject every token).\n\tconst authority = trimTrailingSlash(\n\t\toptions.authority || \"https://login.microsoftonline.com\",\n\t);\n\tconst authorizationEndpoint = `${authority}/${tenant}/oauth2/v2.0/authorize`;\n\tconst tokenEndpoint = `${authority}/${tenant}/oauth2/v2.0/token`;\n\treturn {\n\t\tid: \"microsoft\",\n\t\tname: \"Microsoft EntraID\",\n\t\tcreateAuthorizationURL(data) {\n\t\t\t// Microsoft Entra supports public clients (SPA / native apps with\n\t\t\t// PKCE only), so clientSecret is intentionally not required here.\n\t\t\t// See https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow\n\t\t\tif (!getPrimaryClientId(options.clientId)) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t\"Client Id is required for Microsoft Entra ID. Make sure to provide it in the options.\",\n\t\t\t\t);\n\t\t\t\tthrow new AthenaAuthError(\"CLIENT_ID_AND_SECRET_REQUIRED\");\n\t\t\t}\n\t\t\tconst scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"profile\", \"email\", \"User.Read\", \"offline_access\"];\n\t\t\tif (options.scope) scopes.push(...options.scope);\n\t\t\tif (data.scopes) scopes.push(...data.scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"microsoft\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tstate: data.state,\n\t\t\t\tcodeVerifier: data.codeVerifier,\n\t\t\t\tscopes,\n\t\t\t\tredirectURI: data.redirectURI,\n\t\t\t\tprompt: options.prompt,\n\t\t\t\tloginHint: data.loginHint,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode({ code, codeVerifier, redirectURI }) {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\tasync verifyIdToken(token, nonce) {\n\t\t\tif (options.disableIdTokenSignIn) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\tif (options.verifyIdToken) {\n\t\t\t\treturn options.verifyIdToken(token, nonce);\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst { kid, alg: jwtAlg } = decodeProtectedHeader(token);\n\t\t\t\tif (!kid || !jwtAlg) return false;\n\n\t\t\t\tconst publicKey = await getMicrosoftPublicKey(kid, tenant, authority);\n\t\t\t\tconst verifyOptions: {\n\t\t\t\t\talgorithms: [string];\n\t\t\t\t\taudience: string | string[];\n\t\t\t\t\tmaxTokenAge: string;\n\t\t\t\t\tissuer?: string;\n\t\t\t\t} = {\n\t\t\t\t\talgorithms: [jwtAlg],\n\t\t\t\t\taudience: options.clientId,\n\t\t\t\t\tmaxTokenAge: \"1h\",\n\t\t\t\t};\n\t\t\t\t/**\n\t\t\t\t * Issuer varies per user's tenant for multi-tenant endpoints, so only validate for specific tenants.\n\t\t\t\t * @see https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols#endpoints\n\t\t\t\t */\n\t\t\t\tif (\n\t\t\t\t\ttenant !== \"common\" &&\n\t\t\t\t\ttenant !== \"organizations\" &&\n\t\t\t\t\ttenant !== \"consumers\"\n\t\t\t\t) {\n\t\t\t\t\tverifyOptions.issuer = `${authority}/${tenant}/v2.0`;\n\t\t\t\t}\n\t\t\t\tconst { payload: jwtClaims } = await jwtVerify(\n\t\t\t\t\ttoken,\n\t\t\t\t\tpublicKey,\n\t\t\t\t\tverifyOptions,\n\t\t\t\t);\n\n\t\t\t\tif (nonce && jwtClaims.nonce !== nonce) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\n\t\t\t\t// The multi-tenant endpoints (common/organizations/consumers) skip\n\t\t\t\t// jose's issuer check above because the issuer varies per tenant, and\n\t\t\t\t// the organizations and consumers JWKS sets overlap. Enforce the tenant\n\t\t\t\t// binding explicitly so a token from a disallowed account class cannot\n\t\t\t\t// pass: the issuer must name the token's own tenant, and the account\n\t\t\t\t// class must match the configured restriction.\n\t\t\t\t// @see https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference\n\t\t\t\tconst tid = jwtClaims.tid;\n\t\t\t\tif (\n\t\t\t\t\ttypeof tid !== \"string\" ||\n\t\t\t\t\tjwtClaims.iss !== `${authority}/${tid}/v2.0`\n\t\t\t\t) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t\tif (\n\t\t\t\t\ttenant === \"organizations\" &&\n\t\t\t\t\ttid === MICROSOFT_CONSUMER_TENANT_ID\n\t\t\t\t) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t\tif (tenant === \"consumers\" && tid !== MICROSOFT_CONSUMER_TENANT_ID) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\n\t\t\t\treturn true;\n\t\t\t} catch (error) {\n\t\t\t\tlogger.error(\"Failed to verify ID token:\", error);\n\t\t\t\treturn false;\n\t\t\t}\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tif (!token.idToken) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst user = decodeJwt(token.idToken) as MicrosoftEntraIDProfile;\n\t\t\tconst profilePhotoSize = options.profilePhotoSize || 48;\n\t\t\tawait betterFetch<ArrayBuffer>(\n\t\t\t\t`https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`,\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t\tasync onResponse(context) {\n\t\t\t\t\t\tif (options.disableProfilePhoto || !context.response.ok) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tconst response = context.response.clone();\n\t\t\t\t\t\t\tconst pictureBuffer = await response.arrayBuffer();\n\t\t\t\t\t\t\tconst pictureBase64 = base64.encode(pictureBuffer);\n\t\t\t\t\t\t\tuser.picture = `data:image/jpeg;base64, ${pictureBase64}`;\n\t\t\t\t\t\t} catch (e) {\n\t\t\t\t\t\t\tlogger.error(\n\t\t\t\t\t\t\t\te && typeof e === \"object\" && \"name\" in e\n\t\t\t\t\t\t\t\t\t? (e.name as string)\n\t\t\t\t\t\t\t\t\t: \"\",\n\t\t\t\t\t\t\t\te,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tconst userMap = await options.mapProfileToUser?.(user);\n\t\t\t// Microsoft Entra ID does NOT include email_verified claim by default.\n\t\t\t// It must be configured as an optional claim in the app registration.\n\t\t\t// We default to false when not provided for security consistency.\n\t\t\t// We can also check verified_primary_email/verified_secondary_email arrays as fallback.\n\t\t\tconst emailVerified =\n\t\t\t\tuser.email_verified !== undefined\n\t\t\t\t\t? user.email_verified\n\t\t\t\t\t: user.email &&\n\t\t\t\t\t\t\t(user.verified_primary_email?.includes(user.email) ||\n\t\t\t\t\t\t\t\tuser.verified_secondary_email?.includes(user.email))\n\t\t\t\t\t\t? true\n\t\t\t\t\t\t: false;\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: user.sub,\n\t\t\t\t\tname: user.name,\n\t\t\t\t\temail: user.email,\n\t\t\t\t\timage: user.picture,\n\t\t\t\t\temailVerified,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: user,\n\t\t\t};\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\tconst scopes = options.disableDefaultScope\n\t\t\t\t\t\t? []\n\t\t\t\t\t\t: [\"openid\", \"profile\", \"email\", \"User.Read\", \"offline_access\"];\n\t\t\t\t\tif (options.scope) scopes.push(...options.scope);\n\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\textraParams: {\n\t\t\t\t\t\t\tscope: scopes.join(\" \"), // Include the scopes in request to microsoft\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider;\n};\n\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface NaverProfile {\n\t/** API response result code */\n\tresultcode: string;\n\t/** API response message */\n\tmessage: string;\n\tresponse: {\n\t\t/** Unique Naver user identifier */\n\t\tid: string;\n\t\t/** User nickname */\n\t\tnickname: string;\n\t\t/** User real name */\n\t\tname: string;\n\t\t/** User email address */\n\t\temail: string;\n\t\t/** Gender (F: female, M: male, U: unknown) */\n\t\tgender: string;\n\t\t/** Age range */\n\t\tage: string;\n\t\t/** Birthday (MM-DD format) */\n\t\tbirthday: string;\n\t\t/** Birth year */\n\t\tbirthyear: string;\n\t\t/** Profile image URL */\n\t\tprofile_image: string;\n\t\t/** Mobile phone number */\n\t\tmobile: string;\n\t};\n}\n\nexport interface NaverOptions extends ProviderOptions<NaverProfile> {\n\tclientId: string;\n}\n\nexport const naver = (options: NaverOptions) => {\n\tconst tokenEndpoint = \"https://nid.naver.com/oauth2.0/token\";\n\treturn {\n\t\tid: \"naver\",\n\t\tname: \"Naver\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"profile\", \"email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"naver\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://nid.naver.com/oauth2.0/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<NaverProfile>(\n\t\t\t\t\"https://openapi.naver.com/v1/nid/me\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error || !profile || profile.resultcode !== \"00\") {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\tconst res = profile.response || {};\n\t\t\tconst user = {\n\t\t\t\tid: res.id,\n\t\t\t\tname: res.name || res.nickname || \"\",\n\t\t\t\temail: res.email,\n\t\t\t\timage: res.profile_image,\n\t\t\t\temailVerified: false,\n\t\t\t\t...userMap,\n\t\t\t};\n\t\t\treturn {\n\t\t\t\tuser,\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<NaverProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface NotionProfile {\n\tobject: \"user\";\n\tid: string;\n\ttype: \"person\" | \"bot\";\n\tname?: string | undefined;\n\tavatar_url?: string | undefined;\n\tperson?:\n\t\t| {\n\t\t\t\temail?: string;\n\t\t }\n\t\t| undefined;\n}\n\nexport interface NotionOptions extends ProviderOptions<NotionProfile> {\n\tclientId: string;\n}\n\nexport const notion = (options: NotionOptions) => {\n\tconst tokenEndpoint = \"https://api.notion.com/v1/oauth/token\";\n\treturn {\n\t\tid: \"notion\",\n\t\tname: \"Notion\",\n\t\tcreateAuthorizationURL({ state, scopes, loginHint, redirectURI }) {\n\t\t\tconst _scopes: string[] = options.disableDefaultScope ? [] : [];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"notion\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://api.notion.com/v1/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t\tloginHint,\n\t\t\t\tadditionalParams: {\n\t\t\t\t\towner: \"user\",\n\t\t\t\t},\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t\tauthentication: \"basic\",\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<{\n\t\t\t\tbot: {\n\t\t\t\t\towner: {\n\t\t\t\t\t\tuser: NotionProfile;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t}>(\"https://api.notion.com/v1/users/me\", {\n\t\t\t\theaders: {\n\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\"Notion-Version\": \"2022-06-28\",\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (error || !profile) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userProfile = profile.bot?.owner?.user;\n\t\t\tif (!userProfile) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(userProfile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: userProfile.id,\n\t\t\t\t\tname: userProfile.name || \"\",\n\t\t\t\t\temail: userProfile.person?.email || null,\n\t\t\t\t\timage: userProfile.avatar_url,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: userProfile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<NotionProfile>;\n};\n","import { decodeJwt } from \"jose\";\nimport { logger } from \"../env/index.ts\";\nimport { AthenaAuthError } from \"../error.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface PaybinProfile {\n\tsub: string;\n\temail: string;\n\temail_verified?: boolean | undefined;\n\tname?: string | undefined;\n\tpreferred_username?: string | undefined;\n\tpicture?: string | undefined;\n\tgiven_name?: string | undefined;\n\tfamily_name?: string | undefined;\n}\n\nexport interface PaybinOptions extends ProviderOptions<PaybinProfile> {\n\tclientId: string;\n\t/**\n\t * The issuer URL of your Paybin OAuth server\n\t * @default \"https://idp.paybin.io\"\n\t */\n\tissuer?: string | undefined;\n}\n\nexport const paybin = (options: PaybinOptions) => {\n\tconst issuer = options.issuer || \"https://idp.paybin.io\";\n\tconst authorizationEndpoint = `${issuer}/oauth2/authorize`;\n\tconst tokenEndpoint = `${issuer}/oauth2/token`;\n\n\treturn {\n\t\tid: \"paybin\",\n\t\tname: \"Paybin\",\n\t\tasync createAuthorizationURL({\n\t\t\tstate,\n\t\t\tscopes,\n\t\t\tcodeVerifier,\n\t\t\tredirectURI,\n\t\t\tloginHint,\n\t\t}) {\n\t\t\tif (!options.clientId || !options.clientSecret) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t\"Client Id and Client Secret is required for Paybin. Make sure to provide them in the options.\",\n\t\t\t\t);\n\t\t\t\tthrow new AthenaAuthError(\"CLIENT_ID_AND_SECRET_REQUIRED\");\n\t\t\t}\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new AthenaAuthError(\"codeVerifier is required for Paybin\");\n\t\t\t}\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"email\", \"profile\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\tconst url = await createAuthorizationURL({\n\t\t\t\tid: \"paybin\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\tprompt: options.prompt,\n\t\t\t\tloginHint,\n\t\t\t});\n\t\t\treturn url;\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tif (!token.idToken) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst user = decodeJwt(token.idToken) as PaybinProfile;\n\t\t\tconst userMap = await options.mapProfileToUser?.(user);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: user.sub,\n\t\t\t\t\tname: user.name || user.preferred_username || \"\",\n\t\t\t\t\temail: user.email,\n\t\t\t\t\timage: user.picture,\n\t\t\t\t\temailVerified: user.email_verified || false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: user,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<PaybinProfile>;\n};\n","import { getJwksPublicKey } from './helpers/get-jwks-public-key.ts'\n\n/**\n * Import the PayPal JWKS public key matching `kid` for RS256 ID-token verify.\n *\n * @param kid - Key id from the JWT protected header\n * @param jwksUri - Sandbox or live JWKS endpoint\n */\nexport const getPayPalPublicKey = async (kid: string, jwksUri: string) => {\n return getJwksPublicKey(jwksUri, kid)\n}\n","import { base64 } from \"../utils/base64.ts\";\nimport { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport { decodeJwt, decodeProtectedHeader, jwtVerify } from \"jose\";\nimport { logger } from \"../env/index.ts\";\nimport { AthenaAuthError } from \"../error.ts\";\nimport type { OAuthProvider } from \"../oauth2/index.ts\";\nimport { createAuthorizationURL } from \"../oauth2/index.ts\";\nimport { getPayPalPublicKey } from \"./paypal-keys.ts\";\nimport type {\n\tPayPalOptions,\n\tPayPalProfile,\n\tPayPalTokenResponse,\n} from \"./paypal-types.ts\";\n\nexport type {\n\tPayPalOptions,\n\tPayPalProfile,\n\tPayPalTokenResponse,\n} from \"./paypal-types.ts\";\nexport { getPayPalPublicKey } from \"./paypal-keys.ts\";\n\n/**\n * ID token signing algorithms advertised by PayPal's OpenID configuration.\n * Anything outside this allowlist is rejected so each token is only ever\n * verified with the algorithm it was issued for.\n *\n * @see https://www.paypal.com/.well-known/openid-configuration\n */\nconst PAYPAL_ID_TOKEN_ALGORITHMS = [\"RS256\", \"HS256\"] as const;\n\n/**\n * PayPal Login with PayPal OAuth provider factory.\n *\n * @param options - Client credentials and sandbox/live environment\n * @returns OAuth provider implementation for PayPal\n */\nexport const paypal = (options: PayPalOptions) => {\n\tconst environment = options.environment || \"sandbox\";\n\tconst isSandbox = environment === \"sandbox\";\n\n\tconst authorizationEndpoint = isSandbox\n\t\t? \"https://www.sandbox.paypal.com/signin/authorize\"\n\t\t: \"https://www.paypal.com/signin/authorize\";\n\n\tconst tokenEndpoint = isSandbox\n\t\t? \"https://api-m.sandbox.paypal.com/v1/oauth2/token\"\n\t\t: \"https://api-m.paypal.com/v1/oauth2/token\";\n\n\tconst userInfoEndpoint = isSandbox\n\t\t? \"https://api-m.sandbox.paypal.com/v1/identity/oauth2/userinfo\"\n\t\t: \"https://api-m.paypal.com/v1/identity/oauth2/userinfo\";\n\n\t/**\n\t * Issuer and JWKS endpoints used to cryptographically verify ID tokens.\n\t *\n\t * @see https://www.paypal.com/.well-known/openid-configuration\n\t */\n\tconst issuer = isSandbox\n\t\t? \"https://www.sandbox.paypal.com\"\n\t\t: \"https://www.paypal.com\";\n\n\tconst jwksEndpoint = isSandbox\n\t\t? \"https://api.sandbox.paypal.com/v1/oauth2/certs\"\n\t\t: \"https://api.paypal.com/v1/oauth2/certs\";\n\n\treturn {\n\t\tid: \"paypal\",\n\t\tname: \"PayPal\",\n\t\tasync createAuthorizationURL({ state, codeVerifier, redirectURI }) {\n\t\t\tif (!options.clientId || !options.clientSecret) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t\"Client Id and Client Secret is required for PayPal. Make sure to provide them in the options.\",\n\t\t\t\t);\n\t\t\t\tthrow new AthenaAuthError(\"CLIENT_ID_AND_SECRET_REQUIRED\");\n\t\t\t}\n\n\t\t\t/**\n\t\t\t * Log in with PayPal doesn't use traditional OAuth2 scopes\n\t\t\t * Instead, permissions are configured in the PayPal Developer Dashboard\n\t\t\t * We don't pass any scopes to avoid \"invalid scope\" errors\n\t\t\t **/\n\n\t\t\tconst _scopes: string[] = [];\n\n\t\t\tconst url = await createAuthorizationURL({\n\t\t\t\tid: \"paypal\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\tprompt: options.prompt,\n\t\t\t});\n\t\t\treturn url;\n\t\t},\n\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\t/**\n\t\t\t * PayPal requires Basic Auth for token exchange\n\t\t\t **/\n\n\t\t\tconst credentials = base64.encode(\n\t\t\t\t`${options.clientId}:${options.clientSecret}`,\n\t\t\t);\n\n\t\t\ttry {\n\t\t\t\tconst response = await betterFetch(tokenEndpoint, {\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Basic ${credentials}`,\n\t\t\t\t\t\tAccept: \"application/json\",\n\t\t\t\t\t\t\"Accept-Language\": \"en_US\",\n\t\t\t\t\t\t\"Content-Type\": \"application/x-www-form-urlencoded\",\n\t\t\t\t\t},\n\t\t\t\t\tbody: new URLSearchParams({\n\t\t\t\t\t\tgrant_type: \"authorization_code\",\n\t\t\t\t\t\tcode: code,\n\t\t\t\t\t\tredirect_uri: redirectURI,\n\t\t\t\t\t}).toString(),\n\t\t\t\t});\n\n\t\t\t\tif (!response.data) {\n\t\t\t\t\tthrow new AthenaAuthError(\"FAILED_TO_GET_ACCESS_TOKEN\");\n\t\t\t\t}\n\n\t\t\t\tconst data = response.data as PayPalTokenResponse;\n\n\t\t\t\tconst result = {\n\t\t\t\t\taccessToken: data.access_token,\n\t\t\t\t\trefreshToken: data.refresh_token,\n\t\t\t\t\taccessTokenExpiresAt: data.expires_in\n\t\t\t\t\t\t? new Date(Date.now() + data.expires_in * 1000)\n\t\t\t\t\t\t: undefined,\n\t\t\t\t\tidToken: data.id_token,\n\t\t\t\t};\n\n\t\t\t\treturn result;\n\t\t\t} catch (error) {\n\t\t\t\tlogger.error(\"PayPal token exchange failed:\", error);\n\t\t\t\tthrow new AthenaAuthError(\"FAILED_TO_GET_ACCESS_TOKEN\");\n\t\t\t}\n\t\t},\n\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\tconst credentials = base64.encode(\n\t\t\t\t\t\t`${options.clientId}:${options.clientSecret}`,\n\t\t\t\t\t);\n\n\t\t\t\t\ttry {\n\t\t\t\t\t\tconst response = await betterFetch(tokenEndpoint, {\n\t\t\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t\tAuthorization: `Basic ${credentials}`,\n\t\t\t\t\t\t\t\tAccept: \"application/json\",\n\t\t\t\t\t\t\t\t\"Accept-Language\": \"en_US\",\n\t\t\t\t\t\t\t\t\"Content-Type\": \"application/x-www-form-urlencoded\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tbody: new URLSearchParams({\n\t\t\t\t\t\t\t\tgrant_type: \"refresh_token\",\n\t\t\t\t\t\t\t\trefresh_token: refreshToken,\n\t\t\t\t\t\t\t}).toString(),\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tif (!response.data) {\n\t\t\t\t\t\t\tthrow new AthenaAuthError(\"FAILED_TO_REFRESH_ACCESS_TOKEN\");\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tconst data = response.data as any;\n\t\t\t\t\t\treturn {\n\t\t\t\t\t\t\taccessToken: data.access_token,\n\t\t\t\t\t\t\trefreshToken: data.refresh_token,\n\t\t\t\t\t\t\taccessTokenExpiresAt: data.expires_in\n\t\t\t\t\t\t\t\t? new Date(Date.now() + data.expires_in * 1000)\n\t\t\t\t\t\t\t\t: undefined,\n\t\t\t\t\t\t};\n\t\t\t\t\t} catch (error) {\n\t\t\t\t\t\tlogger.error(\"PayPal token refresh failed:\", error);\n\t\t\t\t\t\tthrow new AthenaAuthError(\"FAILED_TO_REFRESH_ACCESS_TOKEN\");\n\t\t\t\t\t}\n\t\t\t\t},\n\n\t\tasync verifyIdToken(token, nonce) {\n\t\t\tif (options.disableIdTokenSignIn) {\n\t\t\t\treturn false;\n\t\t\t}\n\t\t\tif (options.verifyIdToken) {\n\t\t\t\treturn options.verifyIdToken(token, nonce);\n\t\t\t}\n\n\t\t\t// Cryptographically verify the ID token. Decoding alone is not enough:\n\t\t\t// the signature, issuer, audience and expiration must all be checked\n\t\t\t// before the token's claims can be relied on as proof of identity.\n\t\t\t// See https://www.paypal.com/.well-known/openid-configuration\n\n\t\t\ttry {\n\t\t\t\tconst { kid, alg: jwtAlg } = decodeProtectedHeader(token);\n\t\t\t\tif (!jwtAlg) return false;\n\t\t\t\tif (\n\t\t\t\t\t!PAYPAL_ID_TOKEN_ALGORITHMS.includes(\n\t\t\t\t\t\tjwtAlg as (typeof PAYPAL_ID_TOKEN_ALGORITHMS)[number],\n\t\t\t\t\t)\n\t\t\t\t) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\n\t\t\t\t// PayPal can sign ID tokens either asymmetrically (RS256, verified\n\t\t\t\t// against the published JWKS) or symmetrically (HS256, verified with\n\t\t\t\t// the client secret). Selecting the key by algorithm keeps the two\n\t\t\t\t// paths separate so each algorithm is only verified with its\n\t\t\t\t// corresponding key type.\n\t\t\t\tconst key =\n\t\t\t\t\tjwtAlg === \"HS256\"\n\t\t\t\t\t\t? new TextEncoder().encode(options.clientSecret)\n\t\t\t\t\t\t: kid\n\t\t\t\t\t\t\t? await getPayPalPublicKey(kid, jwksEndpoint)\n\t\t\t\t\t\t\t: undefined;\n\t\t\t\tif (!key) return false;\n\n\t\t\t\tconst { payload: jwtClaims } = await jwtVerify(token, key, {\n\t\t\t\t\talgorithms: [jwtAlg],\n\t\t\t\t\tissuer,\n\t\t\t\t\taudience: options.clientId,\n\t\t\t\t\tmaxTokenAge: \"1h\",\n\t\t\t\t});\n\n\t\t\t\tif (nonce && jwtClaims.nonce !== nonce) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\n\t\t\t\treturn true;\n\t\t\t} catch (error) {\n\t\t\t\tlogger.error(\"Failed to verify PayPal ID token:\", error);\n\t\t\t\treturn false;\n\t\t\t}\n\t\t},\n\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tif (!token.accessToken) {\n\t\t\t\tlogger.error(\"Access token is required to fetch PayPal user info\");\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst response = await betterFetch<PayPalProfile>(\n\t\t\t\t\t`${userInfoEndpoint}?schema=paypalv1.1`,\n\t\t\t\t\t{\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\t\tAccept: \"application/json\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t);\n\n\t\t\t\tif (!response.data) {\n\t\t\t\t\tlogger.error(\"Failed to fetch user info from PayPal\");\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\tconst userInfo = response.data;\n\t\t\t\tif (token.idToken) {\n\t\t\t\t\tlet idTokenSubject: string | undefined;\n\t\t\t\t\ttry {\n\t\t\t\t\t\tidTokenSubject = decodeJwt(token.idToken).sub;\n\t\t\t\t\t} catch (error) {\n\t\t\t\t\t\tlogger.error(\"Failed to decode PayPal ID token:\", error);\n\t\t\t\t\t\treturn null;\n\t\t\t\t\t}\n\n\t\t\t\t\t// OIDC binds UserInfo to the ID Token with `sub`. Keep `user_id`\n\t\t\t\t\t// as the account id below for existing PayPal account mappings.\n\t\t\t\t\tconst userInfoSubject = userInfo.sub ?? userInfo.user_id;\n\t\t\t\t\tif (!idTokenSubject || userInfoSubject !== idTokenSubject) {\n\t\t\t\t\t\tlogger.error(\n\t\t\t\t\t\t\t\"PayPal user info subject does not match ID token subject\",\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn null;\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tconst userMap = await options.mapProfileToUser?.(userInfo);\n\n\t\t\t\tconst result = {\n\t\t\t\t\tuser: {\n\t\t\t\t\t\tid: userInfo.user_id,\n\t\t\t\t\t\tname: userInfo.name,\n\t\t\t\t\t\temail: userInfo.email,\n\t\t\t\t\t\timage: userInfo.picture,\n\t\t\t\t\t\temailVerified: userInfo.email_verified,\n\t\t\t\t\t\t...userMap,\n\t\t\t\t\t},\n\t\t\t\t\tdata: userInfo,\n\t\t\t\t};\n\n\t\t\t\treturn result;\n\t\t\t} catch (error) {\n\t\t\t\tlogger.error(\"Failed to fetch user info from PayPal:\", error);\n\t\t\t\treturn null;\n\t\t\t}\n\t\t},\n\n\t\toptions,\n\t} satisfies OAuthProvider<PayPalProfile>;\n};\n\n\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface PolarProfile {\n\tid: string;\n\temail: string;\n\tusername: string;\n\tavatar_url: string;\n\tgithub_username?: string | undefined;\n\taccount_id?: string | undefined;\n\tpublic_name?: string | undefined;\n\temail_verified?: boolean | undefined;\n\tprofile_settings?:\n\t\t| {\n\t\t\t\tprofile_settings_enabled?: boolean;\n\t\t\t\tprofile_settings_public_name?: string;\n\t\t\t\tprofile_settings_public_avatar?: string;\n\t\t\t\tprofile_settings_public_bio?: string;\n\t\t\t\tprofile_settings_public_location?: string;\n\t\t\t\tprofile_settings_public_website?: string;\n\t\t\t\tprofile_settings_public_twitter?: string;\n\t\t\t\tprofile_settings_public_github?: string;\n\t\t\t\tprofile_settings_public_email?: string;\n\t\t }\n\t\t| undefined;\n}\n\nexport interface PolarOptions extends ProviderOptions<PolarProfile> {}\n\nexport const polar = (options: PolarOptions) => {\n\tconst tokenEndpoint = \"https://api.polar.sh/v1/oauth2/token\";\n\treturn {\n\t\tid: \"polar\",\n\t\tname: \"Polar\",\n\t\tcreateAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"profile\", \"email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"polar\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://polar.sh/oauth2/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\tprompt: options.prompt,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<PolarProfile>(\n\t\t\t\t\"https://api.polar.sh/v1/oauth2/userinfo\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\t// Polar may provide email_verified claim, but it's not guaranteed.\n\t\t\t// We check for it first, then default to false for security consistency.\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.public_name || profile.username || \"\",\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.avatar_url,\n\t\t\t\t\temailVerified: profile.email_verified ?? false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<PolarProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nconst authorizationEndpoint = \"https://backboard.railway.com/oauth/auth\";\nconst tokenEndpoint = \"https://backboard.railway.com/oauth/token\";\nconst userinfoEndpoint = \"https://backboard.railway.com/oauth/me\";\n\nexport interface RailwayProfile {\n\t/** The user's unique ID (OAuth `sub` claim). */\n\tsub: string;\n\t/** The user's email address. */\n\temail: string;\n\t/** The user's display name. */\n\tname: string;\n\t/** URL of the user's profile picture. */\n\tpicture: string;\n}\n\nexport interface RailwayOptions extends ProviderOptions<RailwayProfile> {\n\tclientId: string;\n}\n\nexport const railway = (options: RailwayOptions) => {\n\treturn {\n\t\tid: \"railway\",\n\t\tname: \"Railway\",\n\t\tcreateAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"email\", \"profile\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"railway\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t\tauthentication: \"basic\",\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t\tauthentication: \"basic\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<RailwayProfile>(\n\t\t\t\tuserinfoEndpoint,\n\t\t\t\t{ headers: { authorization: `Bearer ${token.accessToken}` } },\n\t\t\t);\n\t\t\tif (error || !profile) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\t// Railway does not provide an email_verified claim.\n\t\t\t// We default to false for security consistency.\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<RailwayProfile>;\n};\n","import { base64 } from \"../utils/base64.ts\";\nimport { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\tgetOAuth2Tokens,\n\trefreshAccessToken,\n} from \"../oauth2/index.ts\";\n\nexport interface RedditProfile {\n\tid: string;\n\tname: string;\n\ticon_img: string | null;\n\thas_verified_email: boolean;\n\toauth_client_id: string;\n\tverified: boolean;\n}\n\nexport interface RedditOptions extends ProviderOptions<RedditProfile> {\n\tclientId: string;\n\tduration?: string | undefined;\n}\n\nexport const reddit = (options: RedditOptions) => {\n\treturn {\n\t\tid: \"reddit\",\n\t\tname: \"Reddit\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"identity\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"reddit\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://www.reddit.com/api/v1/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t\tduration: options.duration,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\tconst body = new URLSearchParams({\n\t\t\t\tgrant_type: \"authorization_code\",\n\t\t\t\tcode,\n\t\t\t\tredirect_uri: options.redirectURI || redirectURI,\n\t\t\t});\n\t\t\tconst headers = {\n\t\t\t\t\"content-type\": \"application/x-www-form-urlencoded\",\n\t\t\t\taccept: \"text/plain\",\n\t\t\t\t\"User-Agent\": \"athena-auth\",\n\t\t\t\tAuthorization: `Basic ${base64.encode(\n\t\t\t\t\t`${options.clientId}:${options.clientSecret}`,\n\t\t\t\t)}`,\n\t\t\t};\n\n\t\t\tconst { data, error } = await betterFetch<object>(\n\t\t\t\t\"https://www.reddit.com/api/v1/access_token\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\theaders,\n\t\t\t\t\tbody: body.toString(),\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\tthrow error;\n\t\t\t}\n\n\t\t\treturn getOAuth2Tokens(data);\n\t\t},\n\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tauthentication: \"basic\",\n\t\t\t\t\t\ttokenEndpoint: \"https://www.reddit.com/api/v1/access_token\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tconst { data: profile, error } = await betterFetch<RedditProfile>(\n\t\t\t\t\"https://oauth.reddit.com/api/v1/me\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\t\"User-Agent\": \"athena-auth\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\t// Reddit's identity scope does not return an email. Synthesize a stable,\n\t\t\t// non-routable placeholder (RFC 2606 `.invalid`) keyed to the user's\n\t\t\t// Reddit id rather than the routable `reddit.com`, which could collide\n\t\t\t// with a real address. Left unverified; `mapProfileToUser` can override.\n\t\t\tconst email = userMap?.email || `${profile.id}@reddit.invalid`;\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\timage: profile.icon_img?.split(\"?\")[0]!,\n\t\t\t\t\t...userMap,\n\t\t\t\t\temail,\n\t\t\t\t\temailVerified: userMap?.emailVerified ?? false,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<RedditProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport { refreshAccessToken, validateAuthorizationCode } from \"../oauth2/index.ts\";\n\nexport interface RobloxProfile extends Record<string, any> {\n\t/** the user's id */\n\tsub: string;\n\t/** the user's username */\n\tpreferred_username: string;\n\t/** the user's display name, will return the same value as the preferred_username if not set */\n\tnickname: string;\n\t/** the user's display name, again, will return the same value as the preferred_username if not set */\n\tname: string;\n\t/** the account creation date as a unix timestamp in seconds */\n\tcreated_at: number;\n\t/** the user's profile URL */\n\tprofile: string;\n\t/** the user's avatar URL */\n\tpicture: string;\n}\n\nexport interface RobloxOptions extends ProviderOptions<RobloxProfile> {\n\tclientId: string;\n\tprompt?:\n\t\t| (\n\t\t\t\t| \"none\"\n\t\t\t\t| \"consent\"\n\t\t\t\t| \"login\"\n\t\t\t\t| \"select_account\"\n\t\t\t\t| \"select_account consent\"\n\t\t )\n\t\t| undefined;\n}\n\nexport const roblox = (options: RobloxOptions) => {\n\tconst tokenEndpoint = \"https://apis.roblox.com/oauth/v1/token\";\n\treturn {\n\t\tid: \"roblox\",\n\t\tname: \"Roblox\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"openid\", \"profile\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn new URL(\n\t\t\t\t`https://apis.roblox.com/oauth/v1/authorize?scope=${_scopes.join(\n\t\t\t\t\t\"+\",\n\t\t\t\t)}&response_type=code&client_id=${\n\t\t\t\t\toptions.clientId\n\t\t\t\t}&redirect_uri=${encodeURIComponent(\n\t\t\t\t\toptions.redirectURI || redirectURI,\n\t\t\t\t)}&state=${state}&prompt=${options.prompt || \"select_account consent\"}`,\n\t\t\t);\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI: options.redirectURI || redirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t\tauthentication: \"post\",\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<RobloxProfile>(\n\t\t\t\t\"https://apis.roblox.com/oauth/v1/userinfo\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tauthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\t// Roblox does not provide email or email_verified claim.\n\t\t\t// We default to false for security consistency.\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.nickname || profile.preferred_username || \"\",\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\temail: profile.preferred_username || null, // Roblox does not provide email\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: {\n\t\t\t\t\t...profile,\n\t\t\t\t},\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<RobloxProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport { logger } from \"../env/index.ts\";\nimport { AthenaAuthError } from \"../error.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface SalesforceProfile {\n\tsub: string;\n\tuser_id: string;\n\torganization_id: string;\n\tpreferred_username?: string | undefined;\n\temail: string;\n\temail_verified?: boolean | undefined;\n\tname: string;\n\tgiven_name?: string | undefined;\n\tfamily_name?: string | undefined;\n\tzoneinfo?: string | undefined;\n\tphotos?:\n\t\t| {\n\t\t\t\tpicture?: string;\n\t\t\t\tthumbnail?: string;\n\t\t }\n\t\t| undefined;\n}\n\nexport interface SalesforceOptions extends ProviderOptions<SalesforceProfile> {\n\tclientId: string;\n\tenvironment?: (\"sandbox\" | \"production\") | undefined;\n\tloginUrl?: string | undefined;\n\t/**\n\t * Override the redirect URI if auto-detection fails.\n\t * Should match the Callback URL configured in your Salesforce Connected App.\n\t * @example \"http://localhost:3000/api/auth/callback/salesforce\"\n\t */\n\tredirectURI?: string | undefined;\n}\n\nexport const salesforce = (options: SalesforceOptions) => {\n\tconst environment = options.environment ?? \"production\";\n\tconst isSandbox = environment === \"sandbox\";\n\tconst authorizationEndpoint = options.loginUrl\n\t\t? `https://${options.loginUrl}/services/oauth2/authorize`\n\t\t: isSandbox\n\t\t\t? \"https://test.salesforce.com/services/oauth2/authorize\"\n\t\t\t: \"https://login.salesforce.com/services/oauth2/authorize\";\n\n\tconst tokenEndpoint = options.loginUrl\n\t\t? `https://${options.loginUrl}/services/oauth2/token`\n\t\t: isSandbox\n\t\t\t? \"https://test.salesforce.com/services/oauth2/token\"\n\t\t\t: \"https://login.salesforce.com/services/oauth2/token\";\n\n\tconst userInfoEndpoint = options.loginUrl\n\t\t? `https://${options.loginUrl}/services/oauth2/userinfo`\n\t\t: isSandbox\n\t\t\t? \"https://test.salesforce.com/services/oauth2/userinfo\"\n\t\t\t: \"https://login.salesforce.com/services/oauth2/userinfo\";\n\n\treturn {\n\t\tid: \"salesforce\",\n\t\tname: \"Salesforce\",\n\n\t\tasync createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tif (!options.clientId || !options.clientSecret) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t\"Client Id and Client Secret are required for Salesforce. Make sure to provide them in the options.\",\n\t\t\t\t);\n\t\t\t\tthrow new AthenaAuthError(\"CLIENT_ID_AND_SECRET_REQUIRED\");\n\t\t\t}\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new AthenaAuthError(\"codeVerifier is required for Salesforce\");\n\t\t\t}\n\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"email\", \"profile\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"salesforce\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI: options.redirectURI || redirectURI,\n\t\t\t});\n\t\t},\n\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI: options.redirectURI || redirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst { data: user } = await betterFetch<SalesforceProfile>(\n\t\t\t\t\tuserInfoEndpoint,\n\t\t\t\t\t{\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t);\n\n\t\t\t\tif (!user) {\n\t\t\t\t\tlogger.error(\"Failed to fetch user info from Salesforce\");\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\tconst userMap = await options.mapProfileToUser?.(user);\n\n\t\t\t\treturn {\n\t\t\t\t\tuser: {\n\t\t\t\t\t\tid: user.user_id,\n\t\t\t\t\t\tname: user.name,\n\t\t\t\t\t\temail: user.email,\n\t\t\t\t\t\timage: user.photos?.picture || user.photos?.thumbnail,\n\t\t\t\t\t\temailVerified: user.email_verified ?? false,\n\t\t\t\t\t\t...userMap,\n\t\t\t\t\t},\n\t\t\t\t\tdata: user,\n\t\t\t\t};\n\t\t\t} catch (error) {\n\t\t\t\tlogger.error(\"Failed to fetch user info from Salesforce:\", error);\n\t\t\t\treturn null;\n\t\t\t}\n\t\t},\n\n\t\toptions,\n\t} satisfies OAuthProvider<SalesforceProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport { refreshAccessToken, validateAuthorizationCode } from \"../oauth2/index.ts\";\n\nexport interface SlackProfile extends Record<string, any> {\n\tok: boolean;\n\tsub: string;\n\t\"https://slack.com/user_id\": string;\n\t\"https://slack.com/team_id\": string;\n\temail: string;\n\temail_verified: boolean;\n\tdate_email_verified: number;\n\tname: string;\n\tpicture: string;\n\tgiven_name: string;\n\tfamily_name: string;\n\tlocale: string;\n\t\"https://slack.com/team_name\": string;\n\t\"https://slack.com/team_domain\": string;\n\t\"https://slack.com/user_image_24\": string;\n\t\"https://slack.com/user_image_32\": string;\n\t\"https://slack.com/user_image_48\": string;\n\t\"https://slack.com/user_image_72\": string;\n\t\"https://slack.com/user_image_192\": string;\n\t\"https://slack.com/user_image_512\": string;\n\t\"https://slack.com/team_image_34\": string;\n\t\"https://slack.com/team_image_44\": string;\n\t\"https://slack.com/team_image_68\": string;\n\t\"https://slack.com/team_image_88\": string;\n\t\"https://slack.com/team_image_102\": string;\n\t\"https://slack.com/team_image_132\": string;\n\t\"https://slack.com/team_image_230\": string;\n\t\"https://slack.com/team_image_default\": boolean;\n}\n\nexport interface SlackOptions extends ProviderOptions<SlackProfile> {\n\tclientId: string;\n}\n\nexport const slack = (options: SlackOptions) => {\n\tconst tokenEndpoint = \"https://slack.com/api/openid.connect.token\";\n\treturn {\n\t\tid: \"slack\",\n\t\tname: \"Slack\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"openid\", \"profile\", \"email\"];\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tconst url = new URL(\"https://slack.com/openid/connect/authorize\");\n\t\t\turl.searchParams.set(\"scope\", _scopes.join(\" \"));\n\t\t\turl.searchParams.set(\"response_type\", \"code\");\n\t\t\turl.searchParams.set(\"client_id\", options.clientId);\n\t\t\turl.searchParams.set(\"redirect_uri\", options.redirectURI || redirectURI);\n\t\t\turl.searchParams.set(\"state\", state);\n\t\t\treturn url;\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<SlackProfile>(\n\t\t\t\t\"https://slack.com/api/openid.connect.userInfo\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tauthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile[\"https://slack.com/user_id\"],\n\t\t\t\t\tname: profile.name || \"\",\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\temailVerified: profile.email_verified,\n\t\t\t\t\timage: profile.picture || profile[\"https://slack.com/user_image_512\"],\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<SlackProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface SpotifyProfile {\n\tid: string;\n\tdisplay_name: string;\n\temail: string;\n\timages: {\n\t\turl: string;\n\t}[];\n}\n\nexport interface SpotifyOptions extends ProviderOptions<SpotifyProfile> {\n\tclientId: string;\n}\n\nexport const spotify = (options: SpotifyOptions) => {\n\tconst tokenEndpoint = \"https://accounts.spotify.com/api/token\";\n\treturn {\n\t\tid: \"spotify\",\n\t\tname: \"Spotify\",\n\t\tcreateAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"user-read-email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"spotify\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://accounts.spotify.com/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<SpotifyProfile>(\n\t\t\t\t\"https://api.spotify.com/v1/me\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.display_name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.images[0]?.url,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<SpotifyProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport { refreshAccessToken, validateAuthorizationCode } from \"../oauth2/index.ts\";\n\n/**\n * [More info](https://developers.tiktok.com/doc/tiktok-api-v2-get-user-info/)\n */\nexport interface TiktokProfile extends Record<string, any> {\n\tdata: {\n\t\tuser: {\n\t\t\t/**\n\t\t\t * The unique identification of the user in the current application.Open id\n\t\t\t * for the client.\n\t\t\t *\n\t\t\t * To return this field, add `fields=open_id` in the user profile request's query parameter.\n\t\t\t */\n\t\t\topen_id: string;\n\t\t\t/**\n\t\t\t * The unique identification of the user across different apps for the same developer.\n\t\t\t * For example, if a partner has X number of clients,\n\t\t\t * it will get X number of open_id for the same TikTok user,\n\t\t\t * but one persistent union_id for the particular user.\n\t\t\t *\n\t\t\t * To return this field, add `fields=union_id` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tunion_id?: string | undefined;\n\t\t\t/**\n\t\t\t * User's profile image.\n\t\t\t *\n\t\t\t * To return this field, add `fields=avatar_url` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tavatar_url?: string | undefined;\n\t\t\t/**\n\t\t\t * User`s profile image in 100x100 size.\n\t\t\t *\n\t\t\t * To return this field, add `fields=avatar_url_100` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tavatar_url_100?: string | undefined;\n\t\t\t/**\n\t\t\t * User's profile image with higher resolution\n\t\t\t *\n\t\t\t * To return this field, add `fields=avatar_url_100` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tavatar_large_url: string;\n\t\t\t/**\n\t\t\t * User's profile name\n\t\t\t *\n\t\t\t * To return this field, add `fields=display_name` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tdisplay_name: string;\n\t\t\t/**\n\t\t\t * User's username.\n\t\t\t *\n\t\t\t * To return this field, add `fields=username` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tusername: string;\n\t\t\t/** @note Email is currently unsupported by TikTok */\n\t\t\temail?: string | undefined;\n\t\t\t/**\n\t\t\t * User's bio description if there is a valid one.\n\t\t\t *\n\t\t\t * To return this field, add `fields=bio_description` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tbio_description?: string | undefined;\n\t\t\t/**\n\t\t\t * The link to user's TikTok profile page.\n\t\t\t *\n\t\t\t * To return this field, add `fields=profile_deep_link` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tprofile_deep_link?: string | undefined;\n\t\t\t/**\n\t\t\t * Whether TikTok has provided a verified badge to the account after confirming\n\t\t\t * that it belongs to the user it represents.\n\t\t\t *\n\t\t\t * To return this field, add `fields=is_verified` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tis_verified?: boolean | undefined;\n\t\t\t/**\n\t\t\t * User's followers count.\n\t\t\t *\n\t\t\t * To return this field, add `fields=follower_count` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tfollower_count?: number | undefined;\n\t\t\t/**\n\t\t\t * The number of accounts that the user is following.\n\t\t\t *\n\t\t\t * To return this field, add `fields=following_count` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tfollowing_count?: number | undefined;\n\t\t\t/**\n\t\t\t * The total number of likes received by the user across all of their videos.\n\t\t\t *\n\t\t\t * To return this field, add `fields=likes_count` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tlikes_count?: number | undefined;\n\t\t\t/**\n\t\t\t * The total number of publicly posted videos by the user.\n\t\t\t *\n\t\t\t * To return this field, add `fields=video_count` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tvideo_count?: number | undefined;\n\t\t};\n\t};\n\terror?:\n\t\t| {\n\t\t\t\t/**\n\t\t\t\t * The error category in string.\n\t\t\t\t */\n\t\t\t\tcode?: string;\n\t\t\t\t/**\n\t\t\t\t * The error message in string.\n\t\t\t\t */\n\t\t\t\tmessage?: string;\n\t\t\t\t/**\n\t\t\t\t * The error message in string.\n\t\t\t\t */\n\t\t\t\tlog_id?: string;\n\t\t }\n\t\t| undefined;\n}\n\nexport interface TiktokOptions extends ProviderOptions {\n\t// Client ID is not used in TikTok, we delete it from the options\n\tclientId?: never | undefined;\n\tclientSecret: string;\n\tclientKey: string;\n}\n\nexport const tiktok = (options: TiktokOptions) => {\n\tconst tokenEndpoint = \"https://open.tiktokapis.com/v2/oauth/token/\";\n\treturn {\n\t\tid: \"tiktok\",\n\t\tname: \"TikTok\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"user.info.profile\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn new URL(\n\t\t\t\t`https://www.tiktok.com/v2/auth/authorize?scope=${_scopes.join(\n\t\t\t\t\t\",\",\n\t\t\t\t)}&response_type=code&client_key=${options.clientKey}&redirect_uri=${encodeURIComponent(\n\t\t\t\t\toptions.redirectURI || redirectURI,\n\t\t\t\t)}&state=${state}`,\n\t\t\t);\n\t\t},\n\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI: options.redirectURI || redirectURI,\n\t\t\t\toptions: {\n\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t},\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t\tauthentication: \"post\",\n\t\t\t\t\t\textraParams: {\n\t\t\t\t\t\t\tclient_key: options.clientKey,\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tconst fields = [\n\t\t\t\t\"open_id\",\n\t\t\t\t\"avatar_large_url\",\n\t\t\t\t\"display_name\",\n\t\t\t\t\"username\",\n\t\t\t];\n\t\t\tconst { data: profile, error } = await betterFetch<TiktokProfile>(\n\t\t\t\t`https://open.tiktokapis.com/v2/user/info/?fields=${fields.join(\",\")}`,\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tauthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\temail: profile.data.user.email || profile.data.user.username,\n\t\t\t\t\tid: profile.data.user.open_id,\n\t\t\t\t\tname:\n\t\t\t\t\t\tprofile.data.user.display_name || profile.data.user.username || \"\",\n\t\t\t\t\timage: profile.data.user.avatar_large_url,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<TiktokProfile, TiktokOptions>;\n};\n","import { decodeJwt } from \"jose\";\nimport { logger } from \"../env/index.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\n/**\n * @see https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#requesting-claims\n */\nexport interface TwitchProfile {\n\t/**\n\t * The sub of the user\n\t */\n\tsub: string;\n\t/**\n\t * The preferred username of the user\n\t */\n\tpreferred_username: string;\n\t/**\n\t * The email of the user\n\t */\n\temail: string;\n\t/**\n\t * Indicate if this user has a verified email.\n\t */\n\temail_verified: boolean;\n\t/**\n\t * The picture of the user\n\t */\n\tpicture: string;\n}\n\nexport interface TwitchOptions extends ProviderOptions<TwitchProfile> {\n\tclientId: string;\n\tclaims?: string[] | undefined;\n}\nexport const twitch = (options: TwitchOptions) => {\n\tconst tokenEndpoint = \"https://id.twitch.tv/oauth2/token\";\n\treturn {\n\t\tid: \"twitch\",\n\t\tname: \"Twitch\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"user:read:email\", \"openid\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"twitch\",\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://id.twitch.tv/oauth2/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tclaims: options.claims || [\n\t\t\t\t\t\"email\",\n\t\t\t\t\t\"email_verified\",\n\t\t\t\t\t\"preferred_username\",\n\t\t\t\t\t\"picture\",\n\t\t\t\t],\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst idToken = token.idToken;\n\t\t\tif (!idToken) {\n\t\t\t\tlogger.error(\"No idToken found in token\");\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst profile = decodeJwt(idToken) as TwitchProfile;\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.preferred_username,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\temailVerified: profile.email_verified,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<TwitchProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface TwitterProfile {\n\tdata: {\n\t\t/**\n\t\t * Unique identifier of this user. This is returned as a string in order to avoid complications with languages and tools\n\t\t * that cannot handle large integers.\n\t\t */\n\t\tid: string;\n\t\t/** The friendly name of this user, as shown on their profile. */\n\t\tname: string;\n\t\t/** The email address of this user. */\n\t\temail?: string | undefined;\n\t\t/** The Twitter handle (screen name) of this user. */\n\t\tusername: string;\n\t\t/**\n\t\t * The location specified in the user's profile, if the user provided one.\n\t\t * As this is a freeform value, it may not indicate a valid location, but it may be fuzzily evaluated when performing searches with location queries.\n\t\t *\n\t\t * To return this field, add `user.fields=location` in the authorization request's query parameter.\n\t\t */\n\t\tlocation?: string | undefined;\n\t\t/**\n\t\t * This object and its children fields contain details about text that has a special meaning in the user's description.\n\t\t *\n\t\t *To return this field, add `user.fields=entities` in the authorization request's query parameter.\n\t\t */\n\t\tentities?:\n\t\t\t| {\n\t\t\t\t\t/** Contains details about the user's profile website. */\n\t\t\t\t\turl: {\n\t\t\t\t\t\t/** Contains details about the user's profile website. */\n\t\t\t\t\t\turls: Array<{\n\t\t\t\t\t\t\t/** The start position (zero-based) of the recognized user's profile website. All start indices are inclusive. */\n\t\t\t\t\t\t\tstart: number;\n\t\t\t\t\t\t\t/** The end position (zero-based) of the recognized user's profile website. This end index is exclusive. */\n\t\t\t\t\t\t\tend: number;\n\t\t\t\t\t\t\t/** The URL in the format entered by the user. */\n\t\t\t\t\t\t\turl: string;\n\t\t\t\t\t\t\t/** The fully resolved URL. */\n\t\t\t\t\t\t\texpanded_url: string;\n\t\t\t\t\t\t\t/** The URL as displayed in the user's profile. */\n\t\t\t\t\t\t\tdisplay_url: string;\n\t\t\t\t\t\t}>;\n\t\t\t\t\t};\n\t\t\t\t\t/** Contains details about URLs, Hashtags, Cashtags, or mentions located within a user's description. */\n\t\t\t\t\tdescription: {\n\t\t\t\t\t\thashtags: Array<{\n\t\t\t\t\t\t\tstart: number;\n\t\t\t\t\t\t\tend: number;\n\t\t\t\t\t\t\ttag: string;\n\t\t\t\t\t\t}>;\n\t\t\t\t\t};\n\t\t\t }\n\t\t\t| undefined;\n\t\t/**\n\t\t * Indicate if this user is a verified Twitter user.\n\t\t *\n\t\t * To return this field, add `user.fields=verified` in the authorization request's query parameter.\n\t\t */\n\t\tverified?: boolean | undefined;\n\t\t/**\n\t\t * The text of this user's profile description (also known as bio), if the user provided one.\n\t\t *\n\t\t * To return this field, add `user.fields=description` in the authorization request's query parameter.\n\t\t */\n\t\tdescription?: string | undefined;\n\t\t/**\n\t\t * The URL specified in the user's profile, if present.\n\t\t *\n\t\t * To return this field, add `user.fields=url` in the authorization request's query parameter.\n\t\t */\n\t\turl?: string | undefined;\n\t\t/** The URL to the profile image for this user, as shown on the user's profile. */\n\t\tprofile_image_url?: string | undefined;\n\t\tprotected?: boolean | undefined;\n\t\t/**\n\t\t * Unique identifier of this user's pinned Tweet.\n\t\t *\n\t\t * You can obtain the expanded object in `includes.tweets` by adding `expansions=pinned_tweet_id` in the authorization request's query parameter.\n\t\t */\n\t\tpinned_tweet_id?: string | undefined;\n\t\tcreated_at?: string | undefined;\n\t};\n\tincludes?:\n\t\t| {\n\t\t\t\ttweets?: Array<{\n\t\t\t\t\tid: string;\n\t\t\t\t\ttext: string;\n\t\t\t\t}>;\n\t\t }\n\t\t| undefined;\n\t[claims: string]: unknown;\n}\n\nexport interface TwitterOption extends ProviderOptions<TwitterProfile> {\n\tclientId: string;\n}\n\nexport const twitter = (options: TwitterOption) => {\n\tconst tokenEndpoint = \"https://api.x.com/2/oauth2/token\";\n\treturn {\n\t\tid: \"twitter\",\n\t\tname: \"Twitter\",\n\t\tcreateAuthorizationURL(data) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"users.read\", \"tweet.read\", \"offline.access\", \"users.email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (data.scopes) _scopes.push(...data.scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"twitter\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://x.com/i/oauth2/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate: data.state,\n\t\t\t\tcodeVerifier: data.codeVerifier,\n\t\t\t\tredirectURI: data.redirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tauthentication: \"basic\",\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tauthentication: \"basic\",\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error: profileError } =\n\t\t\t\tawait betterFetch<TwitterProfile>(\n\t\t\t\t\t\"https://api.x.com/2/users/me?user.fields=profile_image_url\",\n\t\t\t\t\t{\n\t\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t);\n\n\t\t\tif (profileError) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst { data: emailData, error: emailError } = await betterFetch<{\n\t\t\t\tdata: { confirmed_email: string };\n\t\t\t}>(\"https://api.x.com/2/users/me?user.fields=confirmed_email\", {\n\t\t\t\tmethod: \"GET\",\n\t\t\t\theaders: {\n\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t},\n\t\t\t});\n\t\t\tlet emailVerified = false;\n\t\t\tif (!emailError && emailData?.data?.confirmed_email) {\n\t\t\t\tprofile.data.email = emailData.data.confirmed_email;\n\t\t\t\temailVerified = true;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.data.id,\n\t\t\t\t\tname: profile.data.name,\n\t\t\t\t\temail: profile.data.email || profile.data.username || null,\n\t\t\t\t\timage: profile.data.profile_image_url,\n\t\t\t\t\temailVerified: emailVerified,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<TwitterProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport { AthenaAuthError } from \"../error.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport { createAuthorizationURL, validateAuthorizationCode } from \"../oauth2/index.ts\";\n\nexport interface VercelProfile {\n\tsub: string;\n\tname?: string;\n\tpreferred_username?: string;\n\temail?: string;\n\temail_verified?: boolean;\n\tpicture?: string;\n}\n\nexport interface VercelOptions extends ProviderOptions<VercelProfile> {\n\tclientId: string;\n}\n\nexport const vercel = (options: VercelOptions) => {\n\treturn {\n\t\tid: \"vercel\",\n\t\tname: \"Vercel\",\n\t\tcreateAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new AthenaAuthError(\"codeVerifier is required for Vercel\");\n\t\t\t}\n\n\t\t\tlet _scopes: string[] | undefined = undefined;\n\t\t\tif (options.scope !== undefined || scopes !== undefined) {\n\t\t\t\t_scopes = [];\n\t\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\t}\n\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"vercel\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://vercel.com/oauth/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://api.vercel.com/login/oauth/token\",\n\t\t\t});\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tconst { data: profile, error } = await betterFetch<VercelProfile>(\n\t\t\t\t\"https://api.vercel.com/login/oauth/userinfo\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error || !profile) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.name ?? profile.preferred_username ?? \"\",\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\temailVerified: profile.email_verified ?? false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<VercelProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\n\nexport interface VkProfile {\n\tuser: {\n\t\tuser_id: string;\n\t\tfirst_name: string;\n\t\tlast_name: string;\n\t\temail?: string | undefined;\n\t\tphone?: number | undefined;\n\t\tavatar?: string | undefined;\n\t\tsex?: number | undefined;\n\t\tverified?: boolean | undefined;\n\t\tbirthday: string;\n\t};\n}\n\nexport interface VkOption extends ProviderOptions {\n\tclientId: string;\n\tscheme?: (\"light\" | \"dark\") | undefined;\n}\n\nexport const vk = (options: VkOption) => {\n\tconst tokenEndpoint = \"https://id.vk.com/oauth2/auth\";\n\treturn {\n\t\tid: \"vk\",\n\t\tname: \"VK\",\n\t\tasync createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"email\", \"phone\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\tconst authorizationEndpoint = \"https://id.vk.com/authorize\";\n\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"vk\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint,\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tredirectURI,\n\t\t\t\tcodeVerifier,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({\n\t\t\tcode,\n\t\t\tcodeVerifier,\n\t\t\tredirectURI,\n\t\t\tdeviceId,\n\t\t}) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirectURI: options.redirectURI || redirectURI,\n\t\t\t\toptions,\n\t\t\t\tdeviceId,\n\t\t\t\ttokenEndpoint,\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(data) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(data);\n\t\t\t}\n\t\t\tif (!data.accessToken) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst formBody = new URLSearchParams({\n\t\t\t\taccess_token: data.accessToken,\n\t\t\t\tclient_id: options.clientId,\n\t\t\t}).toString();\n\t\t\tconst { data: profile, error } = await betterFetch<VkProfile>(\n\t\t\t\t\"https://id.vk.com/oauth2/user_info\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t\"Content-Type\": \"application/x-www-form-urlencoded\",\n\t\t\t\t\t},\n\t\t\t\t\tbody: formBody,\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\tif (!profile.user.email && !userMap?.email) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.user.user_id,\n\t\t\t\t\tfirst_name: profile.user.first_name,\n\t\t\t\t\tlast_name: profile.user.last_name,\n\t\t\t\t\temail: profile.user.email,\n\t\t\t\t\timage: profile.user.avatar,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\tbirthday: profile.user.birthday,\n\t\t\t\t\tsex: profile.user.sex,\n\t\t\t\t\tname: `${profile.user.first_name} ${profile.user.last_name}`,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<VkProfile>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuth2Tokens, OAuthProvider, ProviderOptions } from \"../oauth2/index.ts\";\n\n/**\n * WeChat user profile information\n * @see https://developers.weixin.qq.com/doc/oplatform/en/Website_App/WeChat_Login/Wechat_Login.html\n */\nexport interface WeChatProfile extends Record<string, any> {\n\t/**\n\t * User's unique OpenID\n\t */\n\topenid: string;\n\t/**\n\t * User's nickname\n\t */\n\tnickname: string;\n\t/**\n\t * User's avatar image URL\n\t */\n\theadimgurl: string;\n\t/**\n\t * User's privileges\n\t */\n\tprivilege: string[];\n\t/**\n\t * User's UnionID (unique across the developer's various applications)\n\t */\n\tunionid?: string;\n\t/** @note Email is currently unsupported by WeChat */\n\temail?: string;\n}\n\nexport interface WeChatOptions extends ProviderOptions<WeChatProfile> {\n\t/**\n\t * WeChat App ID\n\t */\n\tclientId: string;\n\t/**\n\t * WeChat App Secret\n\t */\n\tclientSecret: string;\n\t/**\n\t * Platform type for WeChat login\n\t * - Currently only supports \"WebsiteApp\" for WeChat Website Application (网站应用)\n\t * @default \"WebsiteApp\"\n\t */\n\tplatformType?: \"WebsiteApp\";\n\n\t/**\n\t * UI language for the WeChat login page\n\t * cn for Simplified Chinese, en for English\n\t * @default \"cn\" if left undefined\n\t */\n\tlang?: \"cn\" | \"en\";\n}\n\nexport const wechat = (options: WeChatOptions) => {\n\treturn {\n\t\tid: \"wechat\",\n\t\tname: \"WeChat\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"snsapi_login\"];\n\t\t\toptions.scope && _scopes.push(...options.scope);\n\t\t\tscopes && _scopes.push(...scopes);\n\n\t\t\t// WeChat uses non-standard OAuth2 parameters (appid instead of client_id)\n\t\t\t// and requires a fragment (#wechat_redirect), so we construct the URL manually.\n\t\t\tconst url = new URL(\"https://open.weixin.qq.com/connect/qrconnect\");\n\t\t\turl.searchParams.set(\"scope\", _scopes.join(\",\"));\n\t\t\turl.searchParams.set(\"response_type\", \"code\");\n\t\t\turl.searchParams.set(\"appid\", options.clientId);\n\t\t\turl.searchParams.set(\"redirect_uri\", options.redirectURI || redirectURI);\n\t\t\turl.searchParams.set(\"state\", state);\n\t\t\turl.searchParams.set(\"lang\", options.lang || \"cn\");\n\t\t\turl.hash = \"wechat_redirect\";\n\n\t\t\treturn url;\n\t\t},\n\n\t\t// WeChat uses non-standard token exchange (appid/secret instead of\n\t\t// client_id/client_secret, GET instead of POST), so shared helpers\n\t\t// like validateAuthorizationCode/getOAuth2Tokens cannot be used directly.\n\t\tvalidateAuthorizationCode: async ({ code }) => {\n\t\t\tconst params = new URLSearchParams({\n\t\t\t\tappid: options.clientId,\n\t\t\t\tsecret: options.clientSecret,\n\t\t\t\tcode: code,\n\t\t\t\tgrant_type: \"authorization_code\",\n\t\t\t});\n\n\t\t\tconst { data: tokenData, error } = await betterFetch<{\n\t\t\t\taccess_token: string;\n\t\t\t\texpires_in: number;\n\t\t\t\trefresh_token: string;\n\t\t\t\topenid: string;\n\t\t\t\tscope: string;\n\t\t\t\tunionid?: string;\n\t\t\t\terrcode?: number;\n\t\t\t\terrmsg?: string;\n\t\t\t}>(\n\t\t\t\t\"https://api.weixin.qq.com/sns/oauth2/access_token?\" +\n\t\t\t\t\tparams.toString(),\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error || !tokenData || tokenData.errcode) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Failed to validate authorization code: ${tokenData?.errmsg || error?.message || \"Unknown error\"}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\ttokenType: \"Bearer\" as const,\n\t\t\t\taccessToken: tokenData.access_token,\n\t\t\t\trefreshToken: tokenData.refresh_token,\n\t\t\t\taccessTokenExpiresAt: new Date(\n\t\t\t\t\tDate.now() + tokenData.expires_in * 1000,\n\t\t\t\t),\n\t\t\t\tscopes: tokenData.scope.split(\",\"),\n\t\t\t\t// WeChat requires openid for the userinfo endpoint, which is\n\t\t\t\t// returned alongside the access token.\n\t\t\t\topenid: tokenData.openid,\n\t\t\t\tunionid: tokenData.unionid,\n\t\t\t};\n\t\t},\n\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\tconst params = new URLSearchParams({\n\t\t\t\t\t\tappid: options.clientId,\n\t\t\t\t\t\tgrant_type: \"refresh_token\",\n\t\t\t\t\t\trefresh_token: refreshToken,\n\t\t\t\t\t});\n\n\t\t\t\t\tconst { data: tokenData, error } = await betterFetch<{\n\t\t\t\t\t\taccess_token: string;\n\t\t\t\t\t\texpires_in: number;\n\t\t\t\t\t\trefresh_token: string;\n\t\t\t\t\t\topenid: string;\n\t\t\t\t\t\tscope: string;\n\t\t\t\t\t\terrcode?: number;\n\t\t\t\t\t\terrmsg?: string;\n\t\t\t\t\t}>(\n\t\t\t\t\t\t\"https://api.weixin.qq.com/sns/oauth2/refresh_token?\" +\n\t\t\t\t\t\t\tparams.toString(),\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\n\t\t\t\t\tif (error || !tokenData || tokenData.errcode) {\n\t\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t\t`Failed to refresh access token: ${tokenData?.errmsg || error?.message || \"Unknown error\"}`,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\n\t\t\t\t\treturn {\n\t\t\t\t\t\ttokenType: \"Bearer\" as const,\n\t\t\t\t\t\taccessToken: tokenData.access_token,\n\t\t\t\t\t\trefreshToken: tokenData.refresh_token,\n\t\t\t\t\t\taccessTokenExpiresAt: new Date(\n\t\t\t\t\t\t\tDate.now() + tokenData.expires_in * 1000,\n\t\t\t\t\t\t),\n\t\t\t\t\t\tscopes: tokenData.scope.split(\",\"),\n\t\t\t\t\t};\n\t\t\t\t},\n\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tconst openid = (token as OAuth2Tokens & { openid?: string }).openid;\n\n\t\t\tif (!openid) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst params = new URLSearchParams({\n\t\t\t\taccess_token: token.accessToken || \"\",\n\t\t\t\topenid: openid,\n\t\t\t\tlang: \"zh_CN\",\n\t\t\t});\n\n\t\t\tconst { data: profile, error } = await betterFetch<\n\t\t\t\tWeChatProfile & { errcode?: number; errmsg?: string }\n\t\t\t>(\"https://api.weixin.qq.com/sns/userinfo?\" + params.toString(), {\n\t\t\t\tmethod: \"GET\",\n\t\t\t});\n\n\t\t\tif (error || !profile || profile.errcode) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.unionid || profile.openid || openid,\n\t\t\t\t\tname: profile.nickname,\n\t\t\t\t\t// WeChat does not return an email, and the OAuth callback rejects a\n\t\t\t\t\t// missing one, so the default sign-in would always fail. Synthesize a\n\t\t\t\t\t// stable, non-routable placeholder (RFC 2606 `.invalid`) keyed to the\n\t\t\t\t\t// user's WeChat id, left unverified. Applications that collect a real\n\t\t\t\t\t// email override it via `mapProfileToUser`.\n\t\t\t\t\temail:\n\t\t\t\t\t\tprofile.email ||\n\t\t\t\t\t\t`${profile.unionid || profile.openid || openid}@wechat.invalid`,\n\t\t\t\t\timage: profile.headimgurl,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<WeChatProfile, WeChatOptions>;\n};\n","import { athenaFetch as betterFetch } from \"../fetch.ts\";\nimport type { OAuthProvider } from \"../oauth2/index.ts\";\nimport {\n\tgenerateCodeChallenge,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2/index.ts\";\nimport type { ZoomOptions, ZoomProfile } from \"./zoom-types.ts\";\n\nexport type {\n\tLoginType,\n\tPhoneNumber,\n\tPronounOption,\n\tZoomOptions,\n\tZoomProfile,\n} from \"./zoom-types.ts\";\n\n/**\n * Zoom OAuth provider factory (Users API).\n *\n * @param userOptions - Client id/secret; PKCE defaults to enabled\n * @see https://developers.zoom.us/docs/integrations/oauth/\n */\nexport const zoom = (userOptions: ZoomOptions) => {\n\tconst options = {\n\t\tpkce: true,\n\t\t...userOptions,\n\t};\n\n\treturn {\n\t\tid: \"zoom\",\n\t\tname: \"Zoom\",\n\t\tcreateAuthorizationURL: async ({ state, redirectURI, codeVerifier }) => {\n\t\t\tconst params = new URLSearchParams({\n\t\t\t\tresponse_type: \"code\",\n\t\t\t\tredirect_uri: options.redirectURI ? options.redirectURI : redirectURI,\n\t\t\t\tclient_id: options.clientId,\n\t\t\t\tstate,\n\t\t\t});\n\n\t\t\tif (options.pkce) {\n\t\t\t\tconst codeChallenge = await generateCodeChallenge(codeVerifier);\n\t\t\t\tparams.set(\"code_challenge_method\", \"S256\");\n\t\t\t\tparams.set(\"code_challenge\", codeChallenge);\n\t\t\t}\n\n\t\t\tconst url = new URL(\"https://zoom.us/oauth/authorize\");\n\t\t\turl.search = params.toString();\n\n\t\t\treturn url;\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI: options.redirectURI || redirectURI,\n\t\t\t\tcodeVerifier,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://zoom.us/oauth/token\",\n\t\t\t\tauthentication: \"post\",\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) =>\n\t\t\t\t\trefreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: \"https://zoom.us/oauth/token\",\n\t\t\t\t\t}),\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error } = await betterFetch<ZoomProfile>(\n\t\t\t\t\"https://api.zoom.us/v2/users/me\",\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tauthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.display_name,\n\t\t\t\t\timage: profile.pic_url,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\temailVerified: Boolean(profile.verified),\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: {\n\t\t\t\t\t...profile,\n\t\t\t\t},\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<ZoomProfile>;\n};\n\n","import * as z from 'zod'\nimport type { AwaitableFunction } from '../types/index.ts'\nimport { apple } from './apple.ts'\nimport { atlassian } from './atlassian.ts'\nimport { athena } from './athena.ts'\nimport { cognito } from './cognito.ts'\nimport { discord } from './discord.ts'\nimport { dropbox } from './dropbox.ts'\nimport { facebook } from './facebook.ts'\nimport { figma } from './figma.ts'\nimport { github } from './github.ts'\nimport { gitlab } from './gitlab.ts'\nimport { google } from './google.ts'\nimport { huggingface } from './huggingface.ts'\nimport { kakao } from './kakao.ts'\nimport { kick } from './kick.ts'\nimport { line } from './line.ts'\nimport { linear } from './linear.ts'\nimport { linkedin } from './linkedin.ts'\nimport { microsoft } from './microsoft-entra-id.ts'\nimport { naver } from './naver.ts'\nimport { notion } from './notion.ts'\nimport { paybin } from './paybin.ts'\nimport { paypal } from './paypal.ts'\nimport { polar } from './polar.ts'\nimport { railway } from './railway.ts'\nimport { reddit } from './reddit.ts'\nimport { roblox } from './roblox.ts'\nimport { salesforce } from './salesforce.ts'\nimport { slack } from './slack.ts'\nimport { spotify } from './spotify.ts'\nimport { tiktok } from './tiktok.ts'\nimport { twitch } from './twitch.ts'\nimport { twitter } from './twitter.ts'\nimport { vercel } from './vercel.ts'\nimport { vk } from './vk.ts'\nimport { wechat } from './wechat.ts'\nimport { zoom } from './zoom.ts'\n\n/**\n * Built-in social / OAuth provider factories (Better Auth–compatible shape).\n * Includes first-party `athena` for the upcoming Athena Auth identity provider.\n */\nexport const socialProviders = {\n apple,\n atlassian,\n athena,\n cognito,\n discord,\n facebook,\n figma,\n github,\n microsoft,\n google,\n huggingface,\n slack,\n spotify,\n twitch,\n twitter,\n dropbox,\n kick,\n linear,\n linkedin,\n gitlab,\n tiktok,\n reddit,\n roblox,\n salesforce,\n vk,\n zoom,\n notion,\n kakao,\n naver,\n line,\n paybin,\n paypal,\n polar,\n railway,\n vercel,\n wechat,\n}\n\n/** Runtime list of built-in provider ids (includes `athena`). */\nexport const socialProviderList = Object.keys(socialProviders) as [\n 'github',\n ...(keyof typeof socialProviders)[],\n]\n\n/**\n * Zod schema for a social provider id: any built-in key or open string\n * (custom providers via `(string & {})`).\n */\nexport const SocialProviderListEnum = z\n .enum(socialProviderList)\n .or(z.string()) as z.ZodType<SocialProviderList[number] | (string & {})>\n\n/** Provider id string with autocomplete for built-ins and allowance for custom keys. */\nexport type SocialProvider = z.infer<typeof SocialProviderListEnum>\n\n/**\n * Config map for enabling/configuring social providers on an auth instance.\n * Each key is optional; values may be options objects or async factories.\n */\nexport type SocialProviders = {\n [K in SocialProviderList[number]]?: AwaitableFunction<\n Parameters<(typeof socialProviders)[K]>[0] & {\n enabled?: boolean | undefined\n }\n >\n}\n\n/** Tuple type of {@link socialProviderList}. */\nexport type SocialProviderList = typeof socialProviderList\n"]}
|