@zintrust/core 0.1.42 → 0.1.43

package/app/Controllers/AuthController.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Auth Controller
+ * Minimal, real auth endpoints backing the example API routes.
+ */
+import type { AuthControllerApi } from '../Types/controller';
+export declare const AuthController: Readonly<{
+    create(): AuthControllerApi;
+}>;
+export default AuthController;
+//# sourceMappingURL=AuthController.d.ts.map

package/app/Controllers/AuthController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthController.d.ts","sourceRoot":"","sources":["../../../app/Controllers/AuthController.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAE,iBAAiB,EAAuB,MAAM,uBAAuB,CAAC;AA+MpF,eAAO,MAAM,cAAc;cACf,iBAAiB;EAQ3B,CAAC;AAEH,eAAe,cAAc,CAAC"}

package/app/Controllers/AuthController.js

@@ -0,0 +1,201 @@
+/**
+ * Auth Controller
+ * Minimal, real auth endpoints backing the example API routes.
+ */
+import { Auth } from '../../src/auth/Auth.js';
+import { User } from '../Models/User.js';
+import { getString } from '../../src/common/utility.js';
+import { Logger } from '../../src/config/logger.js';
+import { getValidatedBody } from '../../src/http/ValidationHelper.js';
+import { JwtManager } from '../../src/security/JwtManager.js';
+import { TokenRevocation } from '../../src/security/TokenRevocation.js';
+const pickPublicUser = (row) => {
+    return {
+        id: row.id,
+        name: getString(row.name),
+        email: getString(row.email),
+    };
+};
+/**
+ * Authenticates a user by email and password.
+ * Validates credentials against the database and returns a JWT access token on success.
+ * Logs all authentication attempts for security auditing.
+ * @param req - HTTP request containing email and password
+ * @param res - HTTP response to send authentication result
+ * @returns Promise that resolves after sending the response
+ */
+async function login(req, res) {
+    const body = getValidatedBody(req);
+    if (!body) {
+        Logger.error('AuthController.login: validation middleware did not populate req.validated.body');
+        return res.setStatus(500).json({ error: 'Internal server error' });
+    }
+    const email = getString(body['email']);
+    const password = getString(body['password']);
+    const ipAddress = req.getRaw().socket.remoteAddress ?? 'unknown';
+    try {
+        const existing = await User.where('email', '=', email).limit(1).first();
+        if (existing === null) {
+            Logger.warn('AuthController.login: failed login attempt', {
+                email,
+                ip: ipAddress,
+                reason: 'user_not_found',
+                timestamp: new Date().toISOString(),
+            });
+            res.setStatus(401).json({ error: 'Invalid credentials' });
+            return;
+        }
+        const passwordHash = getString(existing.password);
+        const ok = await Auth.compare(password, passwordHash);
+        if (!ok) {
+            Logger.warn('AuthController.login: failed login attempt', {
+                email,
+                ip: ipAddress,
+                reason: 'invalid_password',
+                timestamp: new Date().toISOString(),
+            });
+            res.setStatus(401).json({ error: 'Invalid credentials' });
+            return;
+        }
+        const user = pickPublicUser(existing);
+        const subject = (() => {
+            const id = user.id;
+            if (typeof id === 'string' && id.length > 0)
+                return id;
+            if (typeof id === 'number' && Number.isFinite(id))
+                return String(id);
+            return undefined;
+        })();
+        const token = JwtManager.signAccessToken({
+            sub: subject,
+            email,
+        });
+        Logger.info('AuthController.login: successful login', {
+            userId: subject,
+            email,
+            ip: ipAddress,
+            timestamp: new Date().toISOString(),
+        });
+        res.json({
+            token,
+            token_type: 'Bearer',
+            user,
+        });
+    }
+    catch (error) {
+        Logger.error('AuthController.login: unexpected error', {
+            email,
+            ip: ipAddress,
+            error: error instanceof Error ? error.message : String(error),
+            timestamp: new Date().toISOString(),
+        });
+        res.setStatus(500).json({ error: 'Login failed' });
+    }
+}
+/**
+ * Registers a new user with name, email, and password.
+ * Validates email uniqueness, hashes password, and stores user in database.
+ * Returns 201 on success, 409 if email already exists.
+ * @param req - HTTP request containing name, email, and password
+ * @param res - HTTP response to send registration result
+ * @returns Promise that resolves after sending the response
+ */
+async function register(req, res) {
+    const body = getValidatedBody(req);
+    if (!body) {
+        Logger.error('AuthController.register: validation middleware did not populate req.validated.body');
+        res.setStatus(500).json({ error: 'Internal server error' });
+        return;
+    }
+    const name = getString(body['name']);
+    const email = getString(body['email']);
+    const password = getString(body['password']);
+    const ipAddress = req.getRaw().socket.remoteAddress ?? 'unknown';
+    try {
+        const existing = await User.where('email', '=', email).limit(1).first();
+        if (existing !== null) {
+            Logger.warn('AuthController.register: duplicate email attempt', {
+                email,
+                ip: ipAddress,
+                timestamp: new Date().toISOString(),
+            });
+            res.setStatus(409).json({ error: 'Email already registered' });
+            return;
+        }
+        const passwordHash = await Auth.hash(password);
+        const result = await User.query().insert({
+            name,
+            email,
+            password: passwordHash,
+        });
+        let insertedUserId = result.id;
+        if (insertedUserId === null || insertedUserId === undefined) {
+            const inserted = await User.where('email', '=', email).limit(1).first();
+            if (inserted?.id !== null && inserted?.id !== undefined) {
+                insertedUserId = inserted.id;
+            }
+        }
+        if (insertedUserId !== null && insertedUserId !== undefined) {
+            Logger.info('AuthController.register: successful registration', {
+                user_id: insertedUserId,
+                email,
+                ip: ipAddress,
+                timestamp: new Date().toISOString(),
+            });
+            res.setStatus(201).json({ message: 'Registered' });
+        }
+        else {
+            Logger.error('Failed to retrieve inserted user ID', {
+                email,
+                ip: ipAddress,
+            });
+            res.setStatus(500).json({ error: 'Registration failed' });
+        }
+        return;
+    }
+    catch (error) {
+        Logger.error('AuthController.register failed', error);
+        res.setStatus(500).json({ error: 'Registration failed' });
+    }
+}
+/**
+ * Logs out the current user by revoking their JWT token.
+ * Extracts authorization header and marks token as revoked.
+ * Requires persistent token revocation store for stateless JWT validation.
+ * @param req - HTTP request containing authorization header with JWT token
+ * @param res - HTTP response to send logout confirmation
+ * @returns Promise that resolves after sending the response
+ */
+async function logout(req, res) {
+    const authHeader = typeof req.getHeader === 'function' ? req.getHeader('authorization') : undefined;
+    await TokenRevocation.revoke(authHeader);
+    res.json({ message: 'Logged out' });
+}
+/**
+ * Refreshes the user's JWT access token.
+ * Generates a new token with the same claims as the current user.
+ * Returns 401 if user is not authenticated.
+ * @param req - HTTP request with user populated by authentication middleware
+ * @param res - HTTP response to send refreshed token
+ * @returns Promise that resolves after sending the response
+ */
+async function refresh(req, res) {
+    const user = req.user;
+    if (user === undefined) {
+        res.setStatus(401).json({ error: 'Unauthorized' });
+        return;
+    }
+    const token = JwtManager.signAccessToken(user);
+    res.json({ token, token_type: 'Bearer' });
+}
+export const AuthController = Object.freeze({
+    create() {
+        return {
+            login,
+            register,
+            logout,
+            refresh,
+        };
+    },
+});
+export default AuthController;

package/app/Controllers/UserController.d.ts

@@ -0,0 +1,9 @@
+/**
+ * User Controller (compat)
+ *
+ * This file remains for backwards-compatibility. The actual implementation is
+ * QueryBuilder-backed and lives in UserQueryBuilderController.
+ */
+export { UserQueryBuilderController as UserController, UserQueryBuilderController, } from '../Controllers/UserQueryBuilderController';
+export { UserQueryBuilderController as default } from '../Controllers/UserQueryBuilderController';
+//# sourceMappingURL=UserController.d.ts.map

package/app/Controllers/UserController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"UserController.d.ts","sourceRoot":"","sources":["../../../app/Controllers/UserController.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,0BAA0B,IAAI,cAAc,EAC5C,0BAA0B,GAC3B,MAAM,6CAA6C,CAAC;AAErD,OAAO,EAAE,0BAA0B,IAAI,OAAO,EAAE,MAAM,6CAA6C,CAAC"}

package/app/Controllers/UserController.js

@@ -0,0 +1,8 @@
+/**
+ * User Controller (compat)
+ *
+ * This file remains for backwards-compatibility. The actual implementation is
+ * QueryBuilder-backed and lives in UserQueryBuilderController.
+ */
+export { UserQueryBuilderController as UserController, UserQueryBuilderController, } from '../Controllers/UserQueryBuilderController.js';
+export { UserQueryBuilderController as default } from '../Controllers/UserQueryBuilderController.js';

package/app/Controllers/UserQueryBuilderController.d.ts

@@ -0,0 +1,16 @@
+/**
+ * User QueryBuilder Controller
+ * QueryBuilder-backed controller for the users resource.
+ */
+import type { IUserController } from '../Types/controller';
+/**
+ * User QueryBuilder Controller Factory
+ */
+export declare const UserQueryBuilderController: {
+    /**
+     * Create a new user controller instance
+     */
+    create(): IUserController;
+};
+export default UserQueryBuilderController;
+//# sourceMappingURL=UserQueryBuilderController.d.ts.map

package/app/Controllers/UserQueryBuilderController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"UserQueryBuilderController.d.ts","sourceRoot":"","sources":["../../../app/Controllers/UserQueryBuilderController.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAmC,MAAM,uBAAuB,CAAC;AAkc9F;;GAEG;AACH,eAAO,MAAM,0BAA0B;IACrC;;OAEG;cACO,eAAe;CAG1B,CAAC;AAEF,eAAe,0BAA0B,CAAC"}

package/app/Controllers/UserQueryBuilderController.js

@@ -0,0 +1,404 @@
+/**
+ * User QueryBuilder Controller
+ * QueryBuilder-backed controller for the users resource.
+ */
+import { Logger, QueryBuilder, Sanitizer, Schema, Validator, getValidatedBody, nowIso, randomBytes, useDatabase, } from '../../src/index.js';
+const isValidationError = (error) => {
+    if (typeof error !== 'object' || error === null)
+        return false;
+    const maybe = error;
+    return maybe.name === 'ValidationError' && typeof maybe.toObject === 'function';
+};
+const isSanitizerError = (error) => {
+    if (typeof error !== 'object' || error === null)
+        return false;
+    const maybe = error;
+    return maybe.name === 'SanitizerError';
+};
+const toJsonRecord = (value) => {
+    if (typeof value !== 'object' || value === null)
+        return {};
+    if (Array.isArray(value))
+        return {};
+    return value;
+};
+const resolveBody = (req) => {
+    return toJsonRecord(getValidatedBody(req) ?? req.body ?? {});
+};
+const getParamCompat = (req, name) => {
+    try {
+        const anyReq = req;
+        if (typeof anyReq.getParam === 'function')
+            return anyReq.getParam(name);
+    }
+    catch {
+        // ignore
+    }
+    const anyReq = req;
+    const params = anyReq.params;
+    if (typeof params === 'object' && params !== null)
+        return params[name];
+    return undefined;
+};
+const requireSelf = (req, res, userId) => {
+    if (typeof userId !== 'string' || userId.length === 0) {
+        res.status(400).json({ error: 'Missing user id' });
+        return false;
+    }
+    const subject = typeof req.user?.sub === 'string' ? req.user.sub : undefined;
+    if (subject === undefined || subject.length === 0) {
+        res.status(401).json({ error: 'Unauthorized' });
+        return false;
+    }
+    if (subject !== userId) {
+        res.status(403).json({ error: 'Forbidden' });
+        return false;
+    }
+    return true;
+};
+const randomInt = (min, max) => {
+    const lo = Math.ceil(min);
+    const hi = Math.floor(max);
+    return Math.floor(lo + Math.random() * (hi - lo + 1)); // NOSONAR is just a test utility
+};
+const randomName = () => {
+    const first = ['Alex', 'Jordan', 'Taylor', 'Sam', 'Casey', 'Riley', 'Morgan'];
+    const last = ['Lee', 'Kim', 'Patel', 'Garcia', 'Brown', 'Nguyen', 'Smith'];
+    return `${first[randomInt(0, first.length - 1)]} ${last[randomInt(0, last.length - 1)]}`;
+};
+const randomEmail = () => {
+    const n = randomInt(10000, 99999);
+    return `user${n}@example.com`;
+};
+const randomPassword = () => {
+    // Not cryptographically perfect UX-wise, but avoids hard-coded credentials.
+    // `base64url` keeps it URL-safe and reasonably short.
+    return randomBytes(12).toString('base64url');
+};
+const pickAllowed = (body, allowed) => {
+    const out = {};
+    for (const [k, v] of Object.entries(body)) {
+        if (allowed.has(k))
+            out[k] = v;
+    }
+    return out;
+};
+const hasUnknownKeys = (body, allowed) => {
+    for (const k of Object.keys(body)) {
+        if (!allowed.has(k))
+            return k;
+    }
+    return null;
+};
+const sanitizeUserUpdateBody = (updateBody) => {
+    const sanitizedUpdateBody = {};
+    if ('name' in updateBody) {
+        sanitizedUpdateBody['name'] = Sanitizer.nameText(updateBody['name']).trim();
+    }
+    if ('email' in updateBody) {
+        sanitizedUpdateBody['email'] = Sanitizer.email(updateBody['email']).trim().toLowerCase();
+    }
+    if ('password' in updateBody) {
+        sanitizedUpdateBody['password'] = Sanitizer.safePasswordChars(updateBody['password']);
+    }
+    return sanitizedUpdateBody;
+};
+const buildUserUpdateSchema = () => {
+    return Schema.create()
+        .custom('name', (v) => v === undefined || typeof v === 'string', 'name must be a string')
+        .minLength('name', 1)
+        .custom('email', (v) => v === undefined || typeof v === 'string', 'email must be a string')
+        .custom('password', (v) => v === undefined || typeof v === 'string', 'password must be a string')
+        .minLength('password', 8);
+};
+const buildUserStoreSchema = () => {
+    return Schema.create()
+        .custom('name', (v) => typeof v === 'string', 'name must be a string')
+        .minLength('name', 1)
+        .custom('email', (v) => typeof v === 'string', 'email must be a string')
+        .email('email')
+        .custom('password', (v) => typeof v === 'string', 'password must be a string')
+        .minLength('password', 8);
+};
+/**
+ * User Controller Methods
+ */
+const userControllerMethods = {
+    /**
+     * List all users
+     * GET /users
+     */
+    async index(req, res) {
+        try {
+            const subject = typeof req.user?.sub === 'string' ? req.user.sub : undefined;
+            if (subject === undefined || subject.length === 0) {
+                res.status(401).json({ error: 'Unauthorized' });
+                return;
+            }
+            const db = useDatabase();
+            const users = await QueryBuilder.create('users', db)
+                .select('id', 'name', 'email', 'created_at', 'updated_at')
+                .where('id', '=', subject)
+                .limit(1)
+                .get();
+            res.json({ data: users });
+        }
+        catch (error) {
+            Logger.error('Error fetching users:', error);
+            res.status(500).json({ error: 'Failed to fetch users' });
+        }
+    },
+    /**
+     * Show a specific user
+     * GET /users/:id
+     */
+    async show(req, res) {
+        try {
+            const db = useDatabase();
+            const rawId = getParamCompat(req, 'id');
+            const id = Sanitizer.digitsOnly(rawId); // Zero trust protection for db id
+            if (typeof id !== 'string' || id.length === 0) {
+                // ✅ Good
+                res.status(400).json({ error: 'Missing user id' });
+                return;
+            }
+            if (!requireSelf(req, res, id))
+                return;
+            const user = await QueryBuilder.create('users', db)
+                .select('id', 'name', 'email', 'created_at', 'updated_at')
+                .where('id', '=', id)
+                .limit(1)
+                .first();
+            if (user === null) {
+                res.status(404).json({ error: 'User not found' });
+                return;
+            }
+            res.json({ data: user });
+        }
+        catch (error) {
+            if (isSanitizerError(error)) {
+                res.status(400).json({ error: error.message });
+                return;
+            }
+            Logger.error('Error fetching user:', error);
+            res.status(500).json({ error: 'Failed to fetch user' });
+        }
+    },
+    /**
+     * Show create form
+     * GET /users/create
+     */
+    async create(_req, res) {
+        res.json({ form: 'Create User Form' });
+    },
+    /**
+     * Store a new user
+     * POST /users
+     */
+    async store(req, res) {
+        try {
+            // Use validated body if available (already sanitized by middleware), otherwise fallback to raw
+            const body = resolveBody(req);
+            const required = ['name', 'email', 'password'];
+            const missing = {};
+            for (const key of required) {
+                const val = body[key];
+                if (typeof val !== 'string' || val.trim() === '') {
+                    missing[key] = ['Required'];
+                }
+            }
+            if (Object.keys(missing).length > 0) {
+                res.status(422).json({ errors: missing });
+                return;
+            }
+            // Trust middleware for sanitization if validation passed.
+            // If we are here, validation ostensibly passed or we are in a context where we must self-validate.
+            // To satisfy defense-in-depth without double-sanitization bottleneck:
+            // We assume body is safe-ish if it came from resolved validated body.
+            // But to be explicit and type-safe, we cast or read fields directly.
+            const db = useDatabase();
+            const ts = nowIso();
+            // Apply bulletproof sanitization for defense-in-depth
+            const name = Sanitizer.nameText(body['name']);
+            const email = Sanitizer.email(body['email']);
+            const password = Sanitizer.safePasswordChars(body['password']);
+            Validator.validate({ name, email, password }, buildUserStoreSchema());
+            await QueryBuilder.create('users', db).insert({
+                name,
+                email,
+                password, // Hashing should be handled by model/service or here if raw
+                created_at: ts,
+                updated_at: ts,
+            });
+            res.status(201).json({ message: 'User created' });
+        }
+        catch (error) {
+            if (isSanitizerError(error)) {
+                res.status(400).json({ error: error.message });
+                return;
+            }
+            if (isValidationError(error)) {
+                res.status(422).json({ errors: error.toObject?.() ?? {} });
+                return;
+            }
+            Logger.error('Error creating user:', error);
+            res.status(500).json({ error: 'Failed to create user' });
+        }
+    },
+    /**
+     * Fill users table with random users
+     * POST /users/fill
+     */
+    async fill(req, res) {
+        try {
+            const body = resolveBody(req);
+            const countVal = body['count'];
+            // Ensure count is a number (middleware validation handles this, but we double check or default)
+            let count = typeof countVal === 'number' ? countVal : 10;
+            if (count < 1)
+                count = 1;
+            if (count > 100)
+                count = 100;
+            const db = useDatabase();
+            const ts = nowIso();
+            // Optimize: Bulk insert instead of N+1 inserts to reduce IO bottleneck and memory overhead
+            const users = Array.from({ length: count }, () => ({
+                name: randomName(),
+                email: randomEmail(),
+                password: randomPassword(),
+                created_at: ts,
+                updated_at: ts,
+            }));
+            await QueryBuilder.create('users', db).insert(users);
+            res.status(201).json({ message: 'Users filled', count });
+        }
+        catch (error) {
+            Logger.error('Error filling users:', error);
+            res.status(500).json({ error: 'Failed to fill users' });
+        }
+    },
+    /**
+     * Show edit form
+     * GET /users/:id/edit
+     */
+    async edit(_req, res) {
+        try {
+            res.json({ form: 'Edit User Form' });
+        }
+        catch (error) {
+            Logger.error('Error loading edit form:', error);
+            res.status(500).json({ error: 'Failed to load edit form' });
+        }
+    },
+    /**
+     * Update a user
+     * PUT /users/:id
+     */
+    async update(req, res) {
+        // NOSONAR bulletproof sanitization requires explicit validation steps
+        try {
+            const db = useDatabase();
+            const rawId = getParamCompat(req, 'id');
+            const id = Sanitizer.digitsOnly(rawId);
+            if (typeof id !== 'string' || id.length === 0) {
+                res.status(400).json({ error: 'Missing user id' });
+                return;
+            }
+            if (!requireSelf(req, res, id))
+                return;
+            const allowed = new Set(['name', 'email', 'password']);
+            const body = resolveBody(req);
+            const unknown = hasUnknownKeys(body, allowed);
+            if (unknown !== null) {
+                res.status(422).json({ errors: { [unknown]: ['Unknown field'] } });
+                return;
+            }
+            const updateBody = pickAllowed(body, allowed);
+            if (Object.keys(updateBody).length === 0) {
+                res.status(422).json({ errors: { body: ['No fields to update'] } });
+                return;
+            }
+            const sanitizedUpdateBody = sanitizeUserUpdateBody(updateBody);
+            Validator.validate(sanitizedUpdateBody, buildUserUpdateSchema());
+            const existing = await QueryBuilder.create('users', db)
+                .select('id')
+                .where('id', '=', id)
+                .limit(1)
+                .first();
+            if (existing === null) {
+                res.status(404).json({ error: 'User not found' });
+                return;
+            }
+            const ts = nowIso();
+            await QueryBuilder.create('users', db)
+                .where('id', '=', id)
+                .update({ ...sanitizedUpdateBody, updated_at: ts });
+            const user = await QueryBuilder.create('users', db)
+                .select('id', 'name', 'email', 'created_at', 'updated_at')
+                .where('id', '=', id)
+                .limit(1)
+                .first();
+            res.json({ message: 'User updated', user });
+        }
+        catch (error) {
+            if (isSanitizerError(error)) {
+                res.status(400).json({ error: error.message });
+                return;
+            }
+            if (isValidationError(error)) {
+                res.status(422).json({ errors: error.toObject?.() ?? {} });
+                return;
+            }
+            Logger.error('Error updating user:', error);
+            res.status(500).json({ error: 'Failed to update user' });
+        }
+    },
+    /**
+     * Delete a user
+     * DELETE /users/:id
+     */
+    async destroy(req, res) {
+        try {
+            const db = useDatabase();
+            const rawId = getParamCompat(req, 'id');
+            const id = Sanitizer.digitsOnly(rawId);
+            if (typeof id !== 'string' || id.length === 0) {
+                res.status(400).json({ error: 'Missing user id' });
+                return;
+            }
+            if (!requireSelf(req, res, id))
+                return;
+            const existing = await QueryBuilder.create('users', db)
+                .select('id')
+                .where('id', '=', id)
+                .limit(1)
+                .first();
+            if (existing === null) {
+                res.status(404).json({ error: 'User not found' });
+                return;
+            }
+            await QueryBuilder.create('users', db).where('id', '=', id).delete();
+            res.json({ message: 'User deleted' });
+        }
+        catch (error) {
+            if (isSanitizerError(error)) {
+                res.status(400).json({ error: error.message });
+                return;
+            }
+            Logger.error('Error deleting user:', error);
+            res.status(500).json({ error: 'Failed to delete user' });
+        }
+    },
+};
+/**
+ * User QueryBuilder Controller Factory
+ */
+export const UserQueryBuilderController = {
+    /**
+     * Create a new user controller instance
+     */
+    create() {
+        return userControllerMethods;
+    },
+};
+export default UserQueryBuilderController;

package/app/Middleware/ProfilerMiddleware.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Profiler Middleware
+ * Enables request profiling when ENABLE_PROFILER environment variable is set
+ */
+import type { Middleware } from '../../src/middleware/MiddlewareStack';
+/**
+ * ProfilerMiddleware wraps request execution with performance profiling
+ * Enabled via ENABLE_PROFILER=true environment variable
+ * Attaches profiling report to response headers
+ */
+export declare const ProfilerMiddleware: Middleware;
+//# sourceMappingURL=ProfilerMiddleware.d.ts.map

package/app/Middleware/ProfilerMiddleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProfilerMiddleware.d.ts","sourceRoot":"","sources":["../../../app/Middleware/ProfilerMiddleware.ts"],"names":[],"mappings":"AACA;;;GAGG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAG9D;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,EAAE,UAwChC,CAAC"}