@zetra/citrineos-util 1.8.3-fork.1

package/dist/networkconnection/authenticator/BasicAuthenticationFilter.js

@@ -0,0 +1,51 @@
+import { Logger } from 'tslog';
+import { CryptoUtils } from '@citrineos/data';
+import { IncomingMessage } from 'http';
+import { extractBasicCredentials } from '../../util/RequestOperations.js';
+import { AuthenticatorFilter } from './AuthenticatorFilter.js';
+import { OCPP2_0_1 } from '@citrineos/base';
+import { UpgradeAuthenticationError } from './errors/AuthenticationError.js';
+/**
+ * Filter used to authenticate incoming HTTP requests based on basic authorization header.
+ * It only applies when the security profile is set to 1 or 2.
+ */
+export class BasicAuthenticationFilter extends AuthenticatorFilter {
+    _deviceModelRepository;
+    constructor(deviceModelRepository, logger) {
+        super(logger);
+        this._deviceModelRepository = deviceModelRepository;
+    }
+    shouldFilter(options) {
+        return options.securityProfile === 1 || options.securityProfile === 2;
+    }
+    async filter(tenantId, identifier, request) {
+        const { username, password } = extractBasicCredentials(request);
+        if (!username || !password) {
+            throw new UpgradeAuthenticationError('Auth header missing or incorrectly formatted');
+        }
+        if (username !== identifier || !(await this._isPasswordValid(tenantId, username, password))) {
+            throw new UpgradeAuthenticationError(`Unauthorized ${identifier}`);
+        }
+    }
+    async _isPasswordValid(tenantId, username, password) {
+        return await this._deviceModelRepository
+            .readAllByQuerystring(tenantId, {
+            tenantId,
+            stationId: username,
+            component_name: 'SecurityCtrlr',
+            variable_name: 'BasicAuthPassword',
+            type: OCPP2_0_1.AttributeEnumType.Actual,
+        })
+            .then((r) => {
+            if (r && r[0]) {
+                const hashedPassword = r[0].value;
+                if (hashedPassword) {
+                    return CryptoUtils.isPasswordMatch(hashedPassword, password);
+                }
+            }
+            this._logger.warn('Has no password', username);
+            return false;
+        });
+    }
+}
+//# sourceMappingURL=BasicAuthenticationFilter.js.map

package/dist/networkconnection/authenticator/BasicAuthenticationFilter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"BasicAuthenticationFilter.js","sourceRoot":"","sources":["../../../src/networkconnection/authenticator/BasicAuthenticationFilter.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAE/B,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AACvC,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAE7E;;;GAGG;AACH,MAAM,OAAO,yBAA0B,SAAQ,mBAAmB;IACxD,sBAAsB,CAAyB;IAEvD,YAAY,qBAA6C,EAAE,MAAwB;QACjF,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,sBAAsB,GAAG,qBAAqB,CAAC;IACtD,CAAC;IAES,YAAY,CAAC,OAA8B;QACnD,OAAO,OAAO,CAAC,eAAe,KAAK,CAAC,IAAI,OAAO,CAAC,eAAe,KAAK,CAAC,CAAC;IACxE,CAAC;IAES,KAAK,CAAC,MAAM,CACpB,QAAgB,EAChB,UAAkB,EAClB,OAAwB;QAExB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;QAChE,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3B,MAAM,IAAI,0BAA0B,CAAC,8CAA8C,CAAC,CAAC;QACvF,CAAC;QAED,IAAI,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,EAAE,CAAC;YAC5F,MAAM,IAAI,0BAA0B,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,QAAgB,EAAE,QAAgB,EAAE,QAAgB;QACjF,OAAO,MAAM,IAAI,CAAC,sBAAsB;aACrC,oBAAoB,CAAC,QAAQ,EAAE;YAC9B,QAAQ;YACR,SAAS,EAAE,QAAQ;YACnB,cAAc,EAAE,eAAe;YAC/B,aAAa,EAAE,mBAAmB;YAClC,IAAI,EAAE,SAAS,CAAC,iBAAiB,CAAC,MAAM;SACzC,CAAC;aACD,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;YACV,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACd,MAAM,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBAClC,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,WAAW,CAAC,eAAe,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;YACD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC;YAC/C,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;IACP,CAAC;CACF"}

package/dist/networkconnection/authenticator/ConnectedStationFilter.d.ts

@@ -0,0 +1,14 @@
+import type { AuthenticationOptions, ICache } from '@citrineos/base';
+import type { ILogObj } from 'tslog';
+import { Logger } from 'tslog';
+import { IncomingMessage } from 'http';
+import { AuthenticatorFilter } from './AuthenticatorFilter.js';
+/**
+ * Filter used to prevent multiple simultaneous connections for the same charging station.
+ */
+export declare class ConnectedStationFilter extends AuthenticatorFilter {
+    private _cache;
+    constructor(cache: ICache, logger?: Logger<ILogObj>);
+    protected shouldFilter(_options: AuthenticationOptions): boolean;
+    protected filter(tenantId: number, identifier: string, _request: IncomingMessage): Promise<void>;
+}

package/dist/networkconnection/authenticator/ConnectedStationFilter.js

@@ -0,0 +1,25 @@
+import { CacheNamespace, notNull } from '@citrineos/base';
+import { Logger } from 'tslog';
+import { IncomingMessage } from 'http';
+import { AuthenticatorFilter } from './AuthenticatorFilter.js';
+import { UpgradeAuthenticationError } from './errors/AuthenticationError.js';
+/**
+ * Filter used to prevent multiple simultaneous connections for the same charging station.
+ */
+export class ConnectedStationFilter extends AuthenticatorFilter {
+    _cache;
+    constructor(cache, logger) {
+        super(logger);
+        this._cache = cache;
+    }
+    shouldFilter(_options) {
+        return true;
+    }
+    async filter(tenantId, identifier, _request) {
+        const isAlreadyConnected = notNull(await this._cache.get(identifier, CacheNamespace.Connections));
+        if (isAlreadyConnected) {
+            throw new UpgradeAuthenticationError(`New connection attempted for already connected identifier ${identifier}`);
+        }
+    }
+}
+//# sourceMappingURL=ConnectedStationFilter.js.map

package/dist/networkconnection/authenticator/ConnectedStationFilter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ConnectedStationFilter.js","sourceRoot":"","sources":["../../../src/networkconnection/authenticator/ConnectedStationFilter.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAE1D,OAAO,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAC/B,OAAO,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AACvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAE7E;;GAEG;AACH,MAAM,OAAO,sBAAuB,SAAQ,mBAAmB;IACrD,MAAM,CAAS;IAEvB,YAAY,KAAa,EAAE,MAAwB;QACjD,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IAES,YAAY,CAAC,QAA+B;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;IAES,KAAK,CAAC,MAAM,CACpB,QAAgB,EAChB,UAAkB,EAClB,QAAyB;QAEzB,MAAM,kBAAkB,GAAG,OAAO,CAChC,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,cAAc,CAAC,WAAW,CAAC,CAC9D,CAAC;QACF,IAAI,kBAAkB,EAAE,CAAC;YACvB,MAAM,IAAI,0BAA0B,CAClC,6DAA6D,UAAU,EAAE,CAC1E,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/dist/networkconnection/authenticator/NetworkProfileFilter.d.ts

@@ -0,0 +1,16 @@
+import type { ILogObj } from 'tslog';
+import { Logger } from 'tslog';
+import type { IDeviceModelRepository } from '@citrineos/data';
+import { IncomingMessage } from 'http';
+import { AuthenticatorFilter } from './AuthenticatorFilter.js';
+import type { AuthenticationOptions } from '@citrineos/base';
+/**
+ * Filter used to block connections when charging stations attempt to connect to disallowed security profiles
+ */
+export declare class NetworkProfileFilter extends AuthenticatorFilter {
+    private _deviceModelRepository;
+    constructor(deviceModelRepository: IDeviceModelRepository, logger?: Logger<ILogObj>);
+    protected shouldFilter(_options: AuthenticationOptions): boolean;
+    protected filter(tenantId: number, identifier: string, request: IncomingMessage, options: AuthenticationOptions): Promise<void>;
+    private _isConfigurationSlotAllowed;
+}

package/dist/networkconnection/authenticator/NetworkProfileFilter.js

@@ -0,0 +1,84 @@
+import { Logger } from 'tslog';
+import { ChargingStationNetworkProfile, ServerNetworkProfile } from '@citrineos/data';
+import { IncomingMessage } from 'http';
+import { AuthenticatorFilter } from './AuthenticatorFilter.js';
+import { OCPP2_0_1 } from '@citrineos/base';
+import { UpgradeAuthenticationError } from './errors/AuthenticationError.js';
+/**
+ * Filter used to block connections when charging stations attempt to connect to disallowed security profiles
+ */
+export class NetworkProfileFilter extends AuthenticatorFilter {
+    _deviceModelRepository;
+    constructor(deviceModelRepository, logger) {
+        super(logger);
+        this._deviceModelRepository = deviceModelRepository;
+    }
+    shouldFilter(_options) {
+        return true;
+    }
+    async filter(tenantId, identifier, request, options) {
+        const isConfigurationSlotAllowed = await this._isConfigurationSlotAllowed(tenantId, identifier, options.securityProfile);
+        if (!isConfigurationSlotAllowed) {
+            throw new UpgradeAuthenticationError(`SecurityProfile not allowed ${options.securityProfile}`);
+        }
+    }
+    async _isConfigurationSlotAllowed(tenantId, identifier, securityProfile) {
+        const r = await this._deviceModelRepository.readAllByQuerystring(tenantId, {
+            tenantId,
+            stationId: identifier,
+            component_name: 'OCPPCommCtrlr',
+            variable_name: 'NetworkConfigurationPriority',
+            type: OCPP2_0_1.AttributeEnumType.Actual,
+        });
+        if (r && r[0]) {
+            const configurationSlotsString = r[0].value;
+            if (configurationSlotsString && configurationSlotsString.trim() !== '') {
+                // Split the string by commas to get an array of string numbers
+                const configurationSlotStringsArray = configurationSlotsString.split(',');
+                // Parse the array into numbers and filter out the rest
+                const configurationSlotsArray = configurationSlotStringsArray
+                    .map((configurationSlotString) => parseInt(configurationSlotString, 10))
+                    .filter((configurationSlotId) => {
+                    if (isNaN(configurationSlotId)) {
+                        this._logger.error('NetworkConfigurationPriority elements must be integers: ' +
+                            configurationSlotsString);
+                        return false;
+                    }
+                    else {
+                        return true;
+                    }
+                });
+                if (configurationSlotsArray.length == 0) {
+                    this._logger.debug('No valid configuration slots to check: ' + configurationSlotsString);
+                    return true;
+                }
+                else {
+                    let securityProfileAllowed = false;
+                    for (const configurationSlot of configurationSlotsArray) {
+                        const chargingStationNetworkProfile = await ChargingStationNetworkProfile.findOne({
+                            where: { stationId: identifier, configurationSlot: configurationSlot },
+                        });
+                        if (chargingStationNetworkProfile) {
+                            const serverNetworkProfile = await ServerNetworkProfile.findByPk(chargingStationNetworkProfile.websocketServerConfigId);
+                            if (serverNetworkProfile && securityProfile >= serverNetworkProfile.securityProfile) {
+                                this._logger.debug('Security profile allowed');
+                                securityProfileAllowed = true;
+                            }
+                        }
+                        else {
+                            this._logger.warn('Unknown configuration slot; skipping security profile network profile check.');
+                            securityProfileAllowed = true;
+                        }
+                    }
+                    if (!securityProfileAllowed) {
+                        this._logger.warn(`Station ${identifier} unable to connect with security profile ${securityProfile}`);
+                    }
+                    return securityProfileAllowed;
+                }
+            }
+        }
+        this._logger.warn('Has no configuration slots configured');
+        return true;
+    }
+}
+//# sourceMappingURL=NetworkProfileFilter.js.map

package/dist/networkconnection/authenticator/NetworkProfileFilter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"NetworkProfileFilter.js","sourceRoot":"","sources":["../../../src/networkconnection/authenticator/NetworkProfileFilter.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAE/B,OAAO,EAAE,6BAA6B,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACtF,OAAO,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AACvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAE7E;;GAEG;AACH,MAAM,OAAO,oBAAqB,SAAQ,mBAAmB;IACnD,sBAAsB,CAAyB;IAEvD,YAAY,qBAA6C,EAAE,MAAwB;QACjF,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,sBAAsB,GAAG,qBAAqB,CAAC;IACtD,CAAC;IAES,YAAY,CAAC,QAA+B;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;IAES,KAAK,CAAC,MAAM,CACpB,QAAgB,EAChB,UAAkB,EAClB,OAAwB,EACxB,OAA8B;QAE9B,MAAM,0BAA0B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CACvE,QAAQ,EACR,UAAU,EACV,OAAO,CAAC,eAAe,CACxB,CAAC;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;YAChC,MAAM,IAAI,0BAA0B,CAClC,+BAA+B,OAAO,CAAC,eAAe,EAAE,CACzD,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,2BAA2B,CACvC,QAAgB,EAChB,UAAkB,EAClB,eAAuB;QAEvB,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,oBAAoB,CAAC,QAAQ,EAAE;YACzE,QAAQ;YACR,SAAS,EAAE,UAAU;YACrB,cAAc,EAAE,eAAe;YAC/B,aAAa,EAAE,8BAA8B;YAC7C,IAAI,EAAE,SAAS,CAAC,iBAAiB,CAAC,MAAM;SACzC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACd,MAAM,wBAAwB,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAC5C,IAAI,wBAAwB,IAAI,wBAAwB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBACvE,+DAA+D;gBAC/D,MAAM,6BAA6B,GAAG,wBAAwB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC1E,uDAAuD;gBACvD,MAAM,uBAAuB,GAAG,6BAA6B;qBAC1D,GAAG,CAAC,CAAC,uBAAuB,EAAE,EAAE,CAAC,QAAQ,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;qBACvE,MAAM,CAAC,CAAC,mBAAmB,EAAE,EAAE;oBAC9B,IAAI,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC;wBAC/B,IAAI,CAAC,OAAO,CAAC,KAAK,CAChB,0DAA0D;4BACxD,wBAAwB,CAC3B,CAAC;wBACF,OAAO,KAAK,CAAC;oBACf,CAAC;yBAAM,CAAC;wBACN,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC,CAAC,CAAC;gBAEL,IAAI,uBAAuB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBACxC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,yCAAyC,GAAG,wBAAwB,CAAC,CAAC;oBACzF,OAAO,IAAI,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,IAAI,sBAAsB,GAAG,KAAK,CAAC;oBACnC,KAAK,MAAM,iBAAiB,IAAI,uBAAuB,EAAE,CAAC;wBACxD,MAAM,6BAA6B,GAAG,MAAM,6BAA6B,CAAC,OAAO,CAAC;4BAChF,KAAK,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,EAAE;yBACvE,CAAC,CAAC;wBACH,IAAI,6BAA6B,EAAE,CAAC;4BAClC,MAAM,oBAAoB,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAC9D,6BAA6B,CAAC,uBAAuB,CACtD,CAAC;4BACF,IAAI,oBAAoB,IAAI,eAAe,IAAI,oBAAoB,CAAC,eAAe,EAAE,CAAC;gCACpF,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;gCAC/C,sBAAsB,GAAG,IAAI,CAAC;4BAChC,CAAC;wBACH,CAAC;6BAAM,CAAC;4BACN,IAAI,CAAC,OAAO,CAAC,IAAI,CACf,8EAA8E,CAC/E,CAAC;4BACF,sBAAsB,GAAG,IAAI,CAAC;wBAChC,CAAC;oBACH,CAAC;oBACD,IAAI,CAAC,sBAAsB,EAAE,CAAC;wBAC5B,IAAI,CAAC,OAAO,CAAC,IAAI,CACf,WAAW,UAAU,4CAA4C,eAAe,EAAE,CACnF,CAAC;oBACJ,CAAC;oBACD,OAAO,sBAAsB,CAAC;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/networkconnection/authenticator/UnknownStationFilter.d.ts

@@ -0,0 +1,16 @@
+import type { ILogObj } from 'tslog';
+import { Logger } from 'tslog';
+import type { ILocationRepository } from '@citrineos/data';
+import { IncomingMessage } from 'http';
+import { AuthenticatorFilter } from './AuthenticatorFilter.js';
+import type { AuthenticationOptions } from '@citrineos/base';
+/**
+ * Filter used to block connections from charging stations that are not recognized in the system.
+ * It only applies when unknown charging stations are not allowed.
+ */
+export declare class UnknownStationFilter extends AuthenticatorFilter {
+    private _locationRepository;
+    constructor(locationRepository: ILocationRepository, logger?: Logger<ILogObj>);
+    protected shouldFilter(options: AuthenticationOptions): boolean;
+    protected filter(tenantId: number, identifier: string, _request: IncomingMessage): Promise<void>;
+}

package/dist/networkconnection/authenticator/UnknownStationFilter.js

@@ -0,0 +1,25 @@
+import { Logger } from 'tslog';
+import { IncomingMessage } from 'http';
+import { AuthenticatorFilter } from './AuthenticatorFilter.js';
+import { UpgradeUnknownError } from './errors/UnknownError.js';
+/**
+ * Filter used to block connections from charging stations that are not recognized in the system.
+ * It only applies when unknown charging stations are not allowed.
+ */
+export class UnknownStationFilter extends AuthenticatorFilter {
+    _locationRepository;
+    constructor(locationRepository, logger) {
+        super(logger);
+        this._locationRepository = locationRepository;
+    }
+    shouldFilter(options) {
+        return !options.allowUnknownChargingStations;
+    }
+    async filter(tenantId, identifier, _request) {
+        const isStationKnown = await this._locationRepository.doesChargingStationExistByStationId(tenantId, identifier);
+        if (!isStationKnown) {
+            throw new UpgradeUnknownError(`Unknown identifier ${identifier}`);
+        }
+    }
+}
+//# sourceMappingURL=UnknownStationFilter.js.map

package/dist/networkconnection/authenticator/UnknownStationFilter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"UnknownStationFilter.js","sourceRoot":"","sources":["../../../src/networkconnection/authenticator/UnknownStationFilter.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAE/B,OAAO,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AACvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,oBAAqB,SAAQ,mBAAmB;IACnD,mBAAmB,CAAsB;IAEjD,YAAY,kBAAuC,EAAE,MAAwB;QAC3E,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,mBAAmB,GAAG,kBAAkB,CAAC;IAChD,CAAC;IAES,YAAY,CAAC,OAA8B;QACnD,OAAO,CAAC,OAAO,CAAC,4BAA4B,CAAC;IAC/C,CAAC;IAES,KAAK,CAAC,MAAM,CACpB,QAAgB,EAChB,UAAkB,EAClB,QAAyB;QAEzB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mCAAmC,CACvF,QAAQ,EACR,UAAU,CACX,CAAC;QACF,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,mBAAmB,CAAC,sBAAsB,UAAU,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;CACF"}

package/dist/networkconnection/authenticator/errors/AuthenticationError.d.ts

@@ -0,0 +1,6 @@
+import { Duplex } from 'stream';
+import type { IUpgradeError } from './IUpgradeError.js';
+export declare class UpgradeAuthenticationError extends Error implements IUpgradeError {
+    constructor(message: string);
+    terminateConnection(socket: Duplex): boolean;
+}

package/dist/networkconnection/authenticator/errors/AuthenticationError.js

@@ -0,0 +1,25 @@
+// SPDX-FileCopyrightText: 2025 Contributors to the CitrineOS Project
+//
+// SPDX-License-Identifier: Apache-2.0
+import { Duplex } from 'stream';
+export class UpgradeAuthenticationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'UpgradeAuthenticationError';
+    }
+    terminateConnection(socket) {
+        try {
+            socket.write('HTTP/1.1 401 Unauthorized\r\n');
+            socket.write('WWW-Authenticate: Basic realm="Access to the WebSocket", charset="UTF-8"\r\n');
+            socket.write('\r\n');
+            socket.end();
+            socket.destroy();
+            return true;
+        }
+        catch (error) {
+            this.message = error.message;
+            return false;
+        }
+    }
+}
+//# sourceMappingURL=AuthenticationError.js.map

package/dist/networkconnection/authenticator/errors/AuthenticationError.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthenticationError.js","sourceRoot":"","sources":["../../../../src/networkconnection/authenticator/errors/AuthenticationError.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,sCAAsC;AAEtC,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAGhC,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,4BAA4B,CAAC;IAC3C,CAAC;IAED,mBAAmB,CAAC,MAAc;QAChC,IAAI,CAAC;YACH,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAC9C,MAAM,CAAC,KAAK,CAAC,8EAA8E,CAAC,CAAC;YAC7F,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACrB,MAAM,CAAC,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,OAAO,GAAI,KAAe,CAAC,OAAO,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}

package/dist/networkconnection/authenticator/errors/IUpgradeError.d.ts

@@ -0,0 +1,9 @@
+import { Duplex } from 'stream';
+export interface IUpgradeError {
+    /**
+     * Terminates the WebSocket connection by sending an error response and closing the socket.
+     * @param {Duplex} socket - The WebSocket duplex stream.
+     * @returns {boolean} True if the connection was terminated successfully, false otherwise.
+     */
+    terminateConnection(socket: Duplex): boolean;
+}

package/dist/networkconnection/authenticator/errors/IUpgradeError.js

@@ -0,0 +1,5 @@
+// SPDX-FileCopyrightText: 2025 Contributors to the CitrineOS Project
+//
+// SPDX-License-Identifier: Apache-2.0
+import { Duplex } from 'stream';
+//# sourceMappingURL=IUpgradeError.js.map

package/dist/networkconnection/authenticator/errors/IUpgradeError.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IUpgradeError.js","sourceRoot":"","sources":["../../../../src/networkconnection/authenticator/errors/IUpgradeError.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,sCAAsC;AAEtC,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC"}

package/dist/networkconnection/authenticator/errors/UnknownError.d.ts

@@ -0,0 +1,6 @@
+import { Duplex } from 'stream';
+import type { IUpgradeError } from './IUpgradeError.js';
+export declare class UpgradeUnknownError extends Error implements IUpgradeError {
+    constructor(message: string);
+    terminateConnection(socket: Duplex): boolean;
+}

package/dist/networkconnection/authenticator/errors/UnknownError.js

@@ -0,0 +1,24 @@
+// SPDX-FileCopyrightText: 2025 Contributors to the CitrineOS Project
+//
+// SPDX-License-Identifier: Apache-2.0
+import { Duplex } from 'stream';
+export class UpgradeUnknownError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'UpgradeUnknownError';
+    }
+    terminateConnection(socket) {
+        try {
+            socket.write('HTTP/1.1 404 Not Found\r\n');
+            socket.write('\r\n');
+            socket.end();
+            socket.destroy();
+            return true;
+        }
+        catch (error) {
+            this.message = error.message;
+            return false;
+        }
+    }
+}
+//# sourceMappingURL=UnknownError.js.map

package/dist/networkconnection/authenticator/errors/UnknownError.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"UnknownError.js","sourceRoot":"","sources":["../../../../src/networkconnection/authenticator/errors/UnknownError.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,sCAAsC;AAEtC,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAGhC,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;IAED,mBAAmB,CAAC,MAAc;QAChC,IAAI,CAAC;YACH,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAC3C,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACrB,MAAM,CAAC,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,OAAO,GAAI,KAAe,CAAC,OAAO,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}

package/dist/networkconnection/index.d.ts

@@ -0,0 +1,5 @@
+export { Authenticator } from './authenticator/Authenticator.js';
+export { WebsocketNetworkConnection } from './WebsocketNetworkConnection.js';
+export { BasicAuthenticationFilter } from './authenticator/BasicAuthenticationFilter.js';
+export { ConnectedStationFilter } from './authenticator/ConnectedStationFilter.js';
+export { UnknownStationFilter } from './authenticator/UnknownStationFilter.js';

package/dist/networkconnection/index.js

@@ -0,0 +1,9 @@
+// SPDX-FileCopyrightText: 2025 Contributors to the CitrineOS Project
+//
+// SPDX-License-Identifier: Apache-2.0
+export { Authenticator } from './authenticator/Authenticator.js';
+export { WebsocketNetworkConnection } from './WebsocketNetworkConnection.js';
+export { BasicAuthenticationFilter } from './authenticator/BasicAuthenticationFilter.js';
+export { ConnectedStationFilter } from './authenticator/ConnectedStationFilter.js';
+export { UnknownStationFilter } from './authenticator/UnknownStationFilter.js';
+//# sourceMappingURL=index.js.map

package/dist/networkconnection/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/networkconnection/index.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,sCAAsC;AAEtC,OAAO,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,yBAAyB,EAAE,MAAM,8CAA8C,CAAC;AACzF,OAAO,EAAE,sBAAsB,EAAE,MAAM,2CAA2C,CAAC;AACnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC"}

package/dist/queue/index.d.ts

@@ -0,0 +1,4 @@
+export { RabbitMqReceiver } from './rabbit-mq/receiver.js';
+export { RabbitMqSender } from './rabbit-mq/sender.js';
+export { KafkaReceiver } from './kafka/receiver.js';
+export { KafkaSender } from './kafka/sender.js';

package/dist/queue/index.js

@@ -0,0 +1,8 @@
+// SPDX-FileCopyrightText: 2025 Contributors to the CitrineOS Project
+//
+// SPDX-License-Identifier: Apache-2.0
+export { RabbitMqReceiver } from './rabbit-mq/receiver.js';
+export { RabbitMqSender } from './rabbit-mq/sender.js';
+export { KafkaReceiver } from './kafka/receiver.js';
+export { KafkaSender } from './kafka/sender.js';
+//# sourceMappingURL=index.js.map

package/dist/queue/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/queue/index.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,sCAAsC;AAEtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/queue/kafka/receiver.d.ts

@@ -0,0 +1,35 @@
+import type { CallAction, IMessageHandler, IModule, SystemConfig } from '@citrineos/base';
+import { AbstractMessageHandler, CircuitBreaker } from '@citrineos/base';
+import type { ILogObj } from 'tslog';
+import { Logger } from 'tslog';
+/**
+ * Implementation of a {@link IMessageHandler} using Kafka as the underlying transport.
+ */
+export declare class KafkaReceiver extends AbstractMessageHandler implements IMessageHandler {
+    /**
+     * Fields
+     */
+    private _client;
+    private _topicName;
+    private _consumerMap;
+    private _circuitBreaker;
+    private _reconnectInterval?;
+    constructor(config: SystemConfig, logger?: Logger<ILogObj>, module?: IModule, circuitBreaker?: CircuitBreaker);
+    private _initAdmin;
+    subscribe(identifier: string, actions?: CallAction[], filter?: {
+        [k: string]: string;
+    }): Promise<boolean>;
+    unsubscribe(identifier: string): Promise<boolean>;
+    shutdown(): Promise<void>;
+    /**
+     * Private Methods
+     */
+    /**
+     * Underlying Kafka message handler.
+     *
+     * @param message The kafka message to process
+     */
+    private _onMessage;
+    private _onCircuitBreakerStateChange;
+    initConnection(): Promise<void>;
+}

package/dist/queue/kafka/receiver.js

@@ -0,0 +1,179 @@
+import { AbstractMessageHandler, CircuitBreaker, Message, OcppError, RetryMessageError, } from '@citrineos/base';
+import { plainToInstance } from 'class-transformer';
+import { Kafka } from 'kafkajs';
+import { Logger } from 'tslog';
+/**
+ * Implementation of a {@link IMessageHandler} using Kafka as the underlying transport.
+ */
+export class KafkaReceiver extends AbstractMessageHandler {
+    /**
+     * Fields
+     */
+    _client;
+    _topicName;
+    _consumerMap;
+    _circuitBreaker;
+    _reconnectInterval;
+    constructor(config, logger, module, circuitBreaker) {
+        super(config, logger, module);
+        this._circuitBreaker = circuitBreaker ?? new CircuitBreaker();
+        this._circuitBreaker.onStateChange(this._onCircuitBreakerStateChange.bind(this));
+        this._consumerMap = new Map();
+        this._client = new Kafka({
+            brokers: this._config.util.messageBroker.kafka?.brokers || [],
+            ssl: true,
+            sasl: {
+                mechanism: 'plain',
+                username: this._config.util.messageBroker.kafka?.sasl.username || '',
+                password: this._config.util.messageBroker.kafka?.sasl.password || '',
+            },
+        });
+        this._topicName = `${this._config.util.messageBroker.kafka?.topicPrefix}-${this._config.util.messageBroker.kafka?.topicName}`;
+        this._initAdmin();
+    }
+    _initAdmin() {
+        const admin = this._client.admin();
+        admin
+            .connect()
+            .then(() => admin.listTopics())
+            .then((topics) => {
+            this._logger.debug('Topics:', topics);
+            if (!topics || topics.filter((topic) => topic === this._topicName).length === 0) {
+                this._client
+                    .admin()
+                    .createTopics({ topics: [{ topic: this._topicName }] })
+                    .then(() => {
+                    this._logger.debug(`Topic ${this._topicName} created.`);
+                    this._circuitBreaker.triggerSuccess();
+                })
+                    .catch((err) => {
+                    this._logger.error('Error creating topic', err);
+                    this._circuitBreaker.triggerFailure(err?.message);
+                });
+            }
+            else {
+                this._logger.debug(`Topic ${this._topicName} already exists.`);
+                this._circuitBreaker.triggerSuccess();
+            }
+        })
+            .then(() => admin.disconnect())
+            .catch((err) => {
+            this._logger.error(err);
+            this._circuitBreaker.triggerFailure(err?.message);
+        });
+    }
+    subscribe(identifier, actions, filter) {
+        if (this._circuitBreaker.state === 'CLOSED') {
+            this._logger.error('Circuit breaker is CLOSED. Cannot subscribe to Kafka topic.');
+            return Promise.resolve(false);
+        }
+        this._logger.debug(`Subscribing to ${this._topicName}...`, identifier, actions, filter);
+        const consumer = this._client.consumer({ groupId: 'test-group' });
+        return consumer
+            .connect()
+            .then(() => consumer.subscribe({ topic: this._topicName, fromBeginning: false }))
+            .then(() => consumer.run({
+            autoCommit: false,
+            eachMessage: (payload) => this._onMessage(payload, consumer),
+        }))
+            .then(() => this._consumerMap.set(identifier, consumer))
+            .then(() => true)
+            .catch((err) => {
+            this._logger.error(err);
+            this._circuitBreaker.triggerFailure(err?.message);
+            return false;
+        });
+    }
+    unsubscribe(identifier) {
+        const consumer = this._consumerMap.get(identifier);
+        if (!consumer) {
+            this._logger.error('Consumer not found', identifier);
+            return Promise.resolve(false);
+        }
+        return consumer
+            .disconnect()
+            .then(() => this._consumerMap.delete(identifier))
+            .catch((err) => {
+            this._logger.error(err);
+            return false;
+        });
+    }
+    async shutdown() {
+        for (const consumer of this._consumerMap.values()) {
+            await consumer.disconnect();
+        }
+    }
+    /**
+     * Private Methods
+     */
+    /**
+     * Underlying Kafka message handler.
+     *
+     * @param message The kafka message to process
+     */
+    async _onMessage({ topic, partition, message }, consumer) {
+        this._logger.debug(`Received message ${message.value?.toString()} on topic ${topic} partition ${partition}`);
+        try {
+            const messageValue = message.value;
+            if (messageValue) {
+                const parsed = plainToInstance((Message), messageValue.toString());
+                await this.handle(parsed, message.key?.toString());
+            }
+        }
+        catch (error) {
+            if (error instanceof RetryMessageError) {
+                this._logger.warn('Retrying message: ', error.message);
+                // Retryable error, usually ongoing call with station when trying to send new call
+                return;
+            }
+            else {
+                this._logger.error('Error while processing message:', error, message);
+            }
+        }
+        await consumer.commitOffsets([{ topic, partition, offset: message.offset }]);
+    }
+    _onCircuitBreakerStateChange(state, reason) {
+        this._logger.info(`[CircuitBreaker] State changed to ${state}${reason ? `: ${reason}` : ''}`);
+        switch (state) {
+            case 'FAILING':
+                this._logger.warn('Circuit breaker is FAILING. Kafka sender will not send messages until recovery. Reason:', reason);
+                break;
+            case 'CLOSED': {
+                this._logger.error('Circuit breaker is CLOSED. Shutting down Kafka receiver. Reason:', reason);
+                void this.shutdown();
+                if (this._reconnectInterval) {
+                    clearInterval(this._reconnectInterval);
+                }
+                const delay = (this._config.maxReconnectDelay || 30) * 1000;
+                this._logger.warn(`Starting continuous reconnect attempts every ${delay / 1000} seconds while circuit breaker is CLOSED.`);
+                this._reconnectInterval = setInterval(() => {
+                    this._logger.info('Attempting Kafka reconnect due to circuit breaker CLOSED...');
+                    try {
+                        this._initAdmin();
+                        this._logger.info('Kafka reconnect attempt finished (success or already open).');
+                    }
+                    catch (err) {
+                        this._logger.error('Kafka reconnect attempt failed.', err);
+                    }
+                }, delay);
+                break;
+            }
+            case 'OPEN':
+                this._logger.info('Circuit breaker is OPEN. Will attempt to (re)initialize Kafka admin connection.');
+                if (this._reconnectInterval) {
+                    this._logger.info('Clearing reconnect interval as circuit breaker is now OPEN.');
+                    clearInterval(this._reconnectInterval);
+                    this._reconnectInterval = undefined;
+                }
+                this._initAdmin();
+                break;
+            default:
+                this._logger.warn('Unknown circuit breaker state:', state);
+                break;
+        }
+    }
+    initConnection() {
+        return Promise.resolve(undefined);
+    }
+}
+//# sourceMappingURL=receiver.js.map

package/dist/queue/kafka/receiver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"receiver.js","sourceRoot":"","sources":["../../../src/queue/kafka/receiver.ts"],"names":[],"mappings":"AAYA,OAAO,EACL,sBAAsB,EACtB,cAAc,EACd,OAAO,EACP,SAAS,EACT,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAEhC,OAAO,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAE/B;;GAEG;AACH,MAAM,OAAO,aAAc,SAAQ,sBAAsB;IACvD;;OAEG;IACK,OAAO,CAAQ;IACf,UAAU,CAAS;IACnB,YAAY,CAAwB;IACpC,eAAe,CAAiB;IAChC,kBAAkB,CAAkB;IAE5C,YACE,MAAoB,EACpB,MAAwB,EACxB,MAAgB,EAChB,cAA+B;QAE/B,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9B,IAAI,CAAC,eAAe,GAAG,cAAc,IAAI,IAAI,cAAc,EAAE,CAAC;QAC9D,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACjF,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,EAAoB,CAAC;QAChD,IAAI,CAAC,OAAO,GAAG,IAAI,KAAK,CAAC;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE;YAC7D,GAAG,EAAE,IAAI;YACT,IAAI,EAAE;gBACJ,SAAS,EAAE,OAAO;gBAClB,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE;gBACpE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE;aACrE;SACF,CAAC,CAAC;QACH,IAAI,CAAC,UAAU,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,WAAW,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC;QAC9H,IAAI,CAAC,UAAU,EAAE,CAAC;IACpB,CAAC;IAEO,UAAU;QAChB,MAAM,KAAK,GAAU,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QAC1C,KAAK;aACF,OAAO,EAAE;aACT,IAAI,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;aAC9B,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACf,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACtC,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChF,IAAI,CAAC,OAAO;qBACT,KAAK,EAAE;qBACP,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,EAAE,CAAC;qBACtD,IAAI,CAAC,GAAG,EAAE;oBACT,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,UAAU,WAAW,CAAC,CAAC;oBACxD,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC;gBACxC,CAAC,CAAC;qBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;oBAChD,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;gBACpD,CAAC,CAAC,CAAC;YACP,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,UAAU,kBAAkB,CAAC,CAAC;gBAC/D,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC;YACxC,CAAC;QACH,CAAC,CAAC;aACD,IAAI,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;aAC9B,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxB,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACP,CAAC;IAED,SAAS,CACP,UAAkB,EAClB,OAAsB,EACtB,MAAgC;QAEhC,IAAI,IAAI,CAAC,eAAe,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC5C,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;YAClF,OAAO,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,IAAI,CAAC,UAAU,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QACxF,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;QAClE,OAAO,QAAQ;aACZ,OAAO,EAAE;aACT,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;aAChF,IAAI,CAAC,GAAG,EAAE,CACT,QAAQ,CAAC,GAAG,CAAC;YACX,UAAU,EAAE,KAAK;YACjB,WAAW,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC;SAC7D,CAAC,CACH;aACA,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;aACvD,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;aAChB,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxB,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAClD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;IACP,CAAC;IAED,WAAW,CAAC,UAAkB;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,UAAU,CAAC,CAAC;YACrD,OAAO,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;QACD,OAAO,QAAQ;aACZ,UAAU,EAAE;aACZ,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;aAChD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YAClD,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;OAEG;IAEH;;;;OAIG;IACK,KAAK,CAAC,UAAU,CACtB,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAsB,EACjD,QAAkB;QAElB,IAAI,CAAC,OAAO,CAAC,KAAK,CAChB,oBAAoB,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,aAAa,KAAK,cAAc,SAAS,EAAE,CACzF,CAAC;QACF,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC;YACnC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,MAAM,GAAG,eAAe,CAC5B,CAAA,OAA+C,CAAA,EAC/C,YAAY,CAAC,QAAQ,EAAE,CACxB,CAAC;gBACF,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,iBAAiB,EAAE,CAAC;gBACvC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvD,kFAAkF;gBAClF,OAAO;YACT,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;QACD,MAAM,QAAQ,CAAC,aAAa,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC/E,CAAC;IAEO,4BAA4B,CAAC,KAA0B,EAAE,MAAe;QAC9E,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,qCAAqC,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9F,QAAQ,KAAK,EAAE,CAAC;YACd,KAAK,SAAS;gBACZ,IAAI,CAAC,OAAO,CAAC,IAAI,CACf,yFAAyF,EACzF,MAAM,CACP,CAAC;gBACF,MAAM;YAER,KAAK,QAAQ,CAAC,CAAC,CAAC;gBACd,IAAI,CAAC,OAAO,CAAC,KAAK,CAChB,kEAAkE,EAClE,MAAM,CACP,CAAC;gBACF,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACrB,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBAC5B,aAAa,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBACzC,CAAC;gBACD,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;gBAC5D,IAAI,CAAC,OAAO,CAAC,IAAI,CACf,gDAAgD,KAAK,GAAG,IAAI,2CAA2C,CACxG,CAAC;gBACF,IAAI,CAAC,kBAAkB,GAAG,WAAW,CAAC,GAAG,EAAE;oBACzC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;oBACjF,IAAI,CAAC;wBACH,IAAI,CAAC,UAAU,EAAE,CAAC;wBAClB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;oBACnF,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,GAAG,CAAC,CAAC;oBAC7D,CAAC;gBACH,CAAC,EAAE,KAAK,CAAC,CAAC;gBACV,MAAM;YACR,CAAC;YAED,KAAK,MAAM;gBACT,IAAI,CAAC,OAAO,CAAC,IAAI,CACf,iFAAiF,CAClF,CAAC;gBACF,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBAC5B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;oBACjF,aAAa,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;oBACvC,IAAI,CAAC,kBAAkB,GAAG,SAAS,CAAC;gBACtC,CAAC;gBACD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,MAAM;YAER;gBACE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,gCAAgC,EAAE,KAAK,CAAC,CAAC;gBAC3D,MAAM;QACV,CAAC;IACH,CAAC;IAED,cAAc;QACZ,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC;CACF"}