npm - alepha - Versions diffs - 0.13.0 → 0.13.2 - Mend

alepha 0.13.0 → 0.13.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (461) hide show

package/README.md +1 -1
package/dist/api-files/index.d.ts +28 -91
package/dist/api-files/index.js +10 -755
package/dist/api-files/index.js.map +1 -1
package/dist/api-jobs/index.d.ts +67 -67
package/dist/api-jobs/index.js +13 -13
package/dist/api-jobs/index.js.map +1 -1
package/dist/api-notifications/index.d.ts +129 -146
package/dist/api-notifications/index.js +17 -39
package/dist/api-notifications/index.js.map +1 -1
package/dist/api-parameters/index.d.ts +21 -22
package/dist/api-parameters/index.js +22 -22
package/dist/api-parameters/index.js.map +1 -1
package/dist/api-users/index.d.ts +224 -2001
package/dist/api-users/index.js +914 -4787
package/dist/api-users/index.js.map +1 -1
package/dist/api-verifications/index.d.ts +96 -96
package/dist/batch/index.d.ts +13 -13
package/dist/batch/index.js +8 -8
package/dist/batch/index.js.map +1 -1
package/dist/bucket/index.d.ts +14 -14
package/dist/bucket/index.js +12 -12
package/dist/bucket/index.js.map +1 -1
package/dist/cache/index.d.ts +11 -11
package/dist/cache/index.js +9 -9
package/dist/cache/index.js.map +1 -1
package/dist/cli/{dist-Sz2EXvQX.cjs → dist-Dl9Vl7Ur.js} +17 -13
package/dist/cli/{dist-BBPjuQ56.js.map → dist-Dl9Vl7Ur.js.map} +1 -1
package/dist/cli/index.d.ts +31 -37
package/dist/cli/index.js +152 -83
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +19 -19
package/dist/command/index.js +25 -25
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js +218 -218
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +232 -232
package/dist/core/index.js +218 -218
package/dist/core/index.js.map +1 -1
package/dist/core/{index.cjs → index.native.js} +304 -455
package/dist/core/index.native.js.map +1 -0
package/dist/datetime/index.d.ts +9 -9
package/dist/datetime/index.js +7 -7
package/dist/datetime/index.js.map +1 -1
package/dist/email/index.d.ts +16 -16
package/dist/email/index.js +80 -82
package/dist/email/index.js.map +1 -1
package/dist/file/index.js +1 -1
package/dist/file/index.js.map +1 -1
package/dist/lock/index.d.ts +9 -9
package/dist/lock/index.js +8 -8
package/dist/lock/index.js.map +1 -1
package/dist/lock-redis/index.js +3 -66
package/dist/lock-redis/index.js.map +1 -1
package/dist/logger/index.d.ts +5 -5
package/dist/logger/index.js +8 -8
package/dist/logger/index.js.map +1 -1
package/dist/orm/index.browser.js +114 -114
package/dist/orm/index.browser.js.map +1 -1
package/dist/orm/index.d.ts +219 -219
package/dist/orm/index.js +46 -46
package/dist/orm/index.js.map +1 -1
package/dist/queue/index.d.ts +25 -25
package/dist/queue/index.js +20 -20
package/dist/queue/index.js.map +1 -1
package/dist/queue-redis/index.d.ts +2 -2
package/dist/redis/index.d.ts +10 -10
package/dist/retry/index.d.ts +20 -20
package/dist/retry/index.js +9 -9
package/dist/retry/index.js.map +1 -1
package/dist/scheduler/index.d.ts +12 -12
package/dist/scheduler/index.js +9 -9
package/dist/scheduler/index.js.map +1 -1
package/dist/security/index.d.ts +53 -53
package/dist/security/index.js +32 -32
package/dist/security/index.js.map +1 -1
package/dist/server/index.browser.js +1 -1
package/dist/server/index.browser.js.map +1 -1
package/dist/server/index.d.ts +101 -101
package/dist/server/index.js +17 -17
package/dist/server/index.js.map +1 -1
package/dist/server-auth/index.browser.js +4 -982
package/dist/server-auth/index.browser.js.map +1 -1
package/dist/server-auth/index.d.ts +204 -785
package/dist/server-auth/index.js +47 -1239
package/dist/server-auth/index.js.map +1 -1
package/dist/server-cache/index.d.ts +10 -10
package/dist/server-cache/index.js +2 -2
package/dist/server-cache/index.js.map +1 -1
package/dist/server-compress/index.d.ts +4 -4
package/dist/server-compress/index.js +1 -1
package/dist/server-compress/index.js.map +1 -1
package/dist/server-cookies/index.browser.js +8 -8
package/dist/server-cookies/index.browser.js.map +1 -1
package/dist/server-cookies/index.d.ts +17 -17
package/dist/server-cookies/index.js +10 -10
package/dist/server-cookies/index.js.map +1 -1
package/dist/server-cors/index.d.ts +17 -17
package/dist/server-cors/index.js +9 -9
package/dist/server-cors/index.js.map +1 -1
package/dist/server-health/index.d.ts +2 -2
package/dist/server-helmet/index.d.ts +1 -1
package/dist/server-links/index.browser.js +12 -12
package/dist/server-links/index.browser.js.map +1 -1
package/dist/server-links/index.d.ts +59 -251
package/dist/server-links/index.js +23 -502
package/dist/server-links/index.js.map +1 -1
package/dist/server-metrics/index.d.ts +4 -4
package/dist/server-metrics/index.js +170 -174
package/dist/server-metrics/index.js.map +1 -1
package/dist/server-multipart/index.d.ts +2 -2
package/dist/server-proxy/index.d.ts +12 -12
package/dist/server-proxy/index.js +10 -10
package/dist/server-proxy/index.js.map +1 -1
package/dist/server-rate-limit/index.d.ts +22 -22
package/dist/server-rate-limit/index.js +12 -12
package/dist/server-rate-limit/index.js.map +1 -1
package/dist/server-security/index.d.ts +24 -24
package/dist/server-security/index.js +15 -15
package/dist/server-security/index.js.map +1 -1
package/dist/server-static/index.d.ts +14 -14
package/dist/server-static/index.js +8 -8
package/dist/server-static/index.js.map +1 -1
package/dist/server-swagger/index.d.ts +25 -184
package/dist/server-swagger/index.js +21 -724
package/dist/server-swagger/index.js.map +1 -1
package/dist/sms/index.d.ts +14 -14
package/dist/sms/index.js +9 -9
package/dist/sms/index.js.map +1 -1
package/dist/thread/index.d.ts +11 -11
package/dist/thread/index.js +17 -17
package/dist/thread/index.js.map +1 -1
package/dist/topic/index.d.ts +26 -26
package/dist/topic/index.js +16 -16
package/dist/topic/index.js.map +1 -1
package/dist/topic-redis/index.d.ts +1 -1
package/dist/vite/index.d.ts +3 -3
package/dist/vite/index.js +12 -13
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.browser.js +11 -11
package/dist/websocket/index.browser.js.map +1 -1
package/dist/websocket/index.d.ts +51 -51
package/dist/websocket/index.js +13 -13
package/dist/websocket/index.js.map +1 -1
package/package.json +62 -52
package/src/api-files/services/FileService.ts +5 -7
package/src/api-jobs/index.ts +1 -1
package/src/api-jobs/{descriptors → primitives}/$job.ts +8 -8
package/src/api-jobs/providers/JobProvider.ts +9 -9
package/src/api-jobs/services/JobService.ts +5 -5
package/src/api-notifications/index.ts +5 -15
package/src/api-notifications/{descriptors → primitives}/$notification.ts +10 -10
package/src/api-notifications/services/NotificationSenderService.ts +3 -3
package/src/api-parameters/index.ts +1 -1
package/src/api-parameters/{descriptors → primitives}/$config.ts +7 -12
package/src/api-users/index.ts +1 -1
package/src/api-users/{descriptors → primitives}/$userRealm.ts +8 -8
package/src/api-users/providers/UserRealmProvider.ts +1 -1
package/src/batch/index.ts +3 -3
package/src/batch/{descriptors → primitives}/$batch.ts +13 -16
package/src/bucket/index.ts +8 -8
package/src/bucket/{descriptors → primitives}/$bucket.ts +8 -8
package/src/bucket/providers/LocalFileStorageProvider.ts +3 -3
package/src/cache/index.ts +4 -4
package/src/cache/{descriptors → primitives}/$cache.ts +15 -15
package/src/cli/apps/AlephaPackageBuilderCli.ts +30 -3
package/src/cli/assets/appRouterTs.ts +9 -0
package/src/cli/assets/indexHtml.ts +2 -1
package/src/cli/assets/mainBrowserTs.ts +10 -0
package/src/cli/commands/CoreCommands.ts +6 -5
package/src/cli/commands/DrizzleCommands.ts +69 -61
package/src/cli/commands/VerifyCommands.ts +2 -2
package/src/cli/commands/ViteCommands.ts +6 -1
package/src/cli/services/ProjectUtils.ts +78 -41
package/src/command/index.ts +5 -5
package/src/command/{descriptors → primitives}/$command.ts +9 -12
package/src/command/providers/CliProvider.ts +10 -10
package/src/core/Alepha.ts +30 -33
package/src/core/constants/KIND.ts +1 -1
package/src/core/constants/OPTIONS.ts +1 -1
package/src/core/helpers/{descriptor.ts → primitive.ts} +18 -18
package/src/core/helpers/ref.ts +1 -1
package/src/core/index.shared.ts +8 -8
package/src/core/{descriptors → primitives}/$context.ts +5 -5
package/src/core/{descriptors → primitives}/$hook.ts +4 -4
package/src/core/{descriptors → primitives}/$inject.ts +2 -2
package/src/core/{descriptors → primitives}/$module.ts +9 -9
package/src/core/{descriptors → primitives}/$use.ts +2 -2
package/src/core/providers/CodecManager.ts +1 -1
package/src/core/providers/JsonSchemaCodec.ts +1 -1
package/src/core/providers/StateManager.ts +2 -2
package/src/datetime/index.ts +3 -3
package/src/datetime/{descriptors → primitives}/$interval.ts +6 -6
package/src/email/index.ts +4 -4
package/src/email/{descriptors → primitives}/$email.ts +8 -8
package/src/file/index.ts +1 -1
package/src/lock/index.ts +3 -3
package/src/lock/{descriptors → primitives}/$lock.ts +10 -10
package/src/logger/index.ts +8 -8
package/src/logger/{descriptors → primitives}/$logger.ts +2 -2
package/src/logger/services/Logger.ts +1 -1
package/src/orm/constants/PG_SYMBOLS.ts +2 -2
package/src/orm/index.browser.ts +2 -2
package/src/orm/index.ts +8 -8
package/src/orm/{descriptors → primitives}/$entity.ts +11 -11
package/src/orm/{descriptors → primitives}/$repository.ts +2 -2
package/src/orm/{descriptors → primitives}/$sequence.ts +8 -8
package/src/orm/{descriptors → primitives}/$transaction.ts +4 -4
package/src/orm/providers/DrizzleKitProvider.ts +1 -1
package/src/orm/providers/PostgresTypeProvider.ts +3 -3
package/src/orm/providers/RepositoryProvider.ts +4 -4
package/src/orm/providers/drivers/DatabaseProvider.ts +7 -7
package/src/orm/services/ModelBuilder.ts +9 -9
package/src/orm/services/PgRelationManager.ts +2 -2
package/src/orm/services/PostgresModelBuilder.ts +5 -5
package/src/orm/services/Repository.ts +7 -7
package/src/orm/services/SqliteModelBuilder.ts +5 -5
package/src/queue/index.ts +7 -7
package/src/queue/{descriptors → primitives}/$consumer.ts +15 -15
package/src/queue/{descriptors → primitives}/$queue.ts +12 -12
package/src/queue/providers/WorkerProvider.ts +7 -7
package/src/retry/index.ts +3 -3
package/src/retry/{descriptors → primitives}/$retry.ts +19 -17
package/src/scheduler/index.ts +3 -3
package/src/scheduler/{descriptors → primitives}/$scheduler.ts +9 -9
package/src/scheduler/providers/CronProvider.ts +1 -1
package/src/security/index.ts +9 -9
package/src/security/{descriptors → primitives}/$permission.ts +7 -7
package/src/security/{descriptors → primitives}/$realm.ts +6 -12
package/src/security/{descriptors → primitives}/$role.ts +12 -12
package/src/security/{descriptors → primitives}/$serviceAccount.ts +8 -8
package/src/server/index.browser.ts +1 -1
package/src/server/index.ts +14 -14
package/src/server/{descriptors → primitives}/$action.ts +13 -13
package/src/server/{descriptors → primitives}/$route.ts +9 -9
package/src/server/providers/NodeHttpServerProvider.ts +2 -2
package/src/server/services/HttpClient.ts +1 -1
package/src/server-auth/index.browser.ts +1 -1
package/src/server-auth/index.ts +6 -6
package/src/server-auth/{descriptors → primitives}/$auth.ts +10 -10
package/src/server-auth/{descriptors → primitives}/$authCredentials.ts +4 -4
package/src/server-auth/{descriptors → primitives}/$authGithub.ts +4 -4
package/src/server-auth/{descriptors → primitives}/$authGoogle.ts +4 -4
package/src/server-auth/providers/ServerAuthProvider.ts +4 -4
package/src/server-cache/providers/ServerCacheProvider.ts +7 -7
package/src/server-compress/providers/ServerCompressProvider.ts +3 -3
package/src/server-cookies/index.browser.ts +2 -2
package/src/server-cookies/index.ts +5 -5
package/src/server-cookies/{descriptors → primitives}/$cookie.browser.ts +12 -12
package/src/server-cookies/{descriptors → primitives}/$cookie.ts +13 -13
package/src/server-cookies/providers/ServerCookiesProvider.ts +4 -4
package/src/server-cookies/services/CookieParser.ts +1 -1
package/src/server-cors/index.ts +3 -3
package/src/server-cors/{descriptors → primitives}/$cors.ts +11 -13
package/src/server-cors/providers/ServerCorsProvider.ts +5 -5
package/src/server-links/index.browser.ts +5 -5
package/src/server-links/index.ts +9 -9
package/src/server-links/{descriptors → primitives}/$remote.ts +11 -11
package/src/server-links/providers/LinkProvider.ts +7 -7
package/src/server-links/providers/{RemoteDescriptorProvider.ts → RemotePrimitiveProvider.ts} +6 -6
package/src/server-links/providers/ServerLinksProvider.ts +3 -3
package/src/server-proxy/index.ts +3 -3
package/src/server-proxy/{descriptors → primitives}/$proxy.ts +8 -8
package/src/server-proxy/providers/ServerProxyProvider.ts +4 -4
package/src/server-rate-limit/index.ts +6 -6
package/src/server-rate-limit/{descriptors → primitives}/$rateLimit.ts +13 -13
package/src/server-rate-limit/providers/ServerRateLimitProvider.ts +5 -5
package/src/server-security/index.ts +3 -3
package/src/server-security/{descriptors → primitives}/$basicAuth.ts +13 -13
package/src/server-security/providers/ServerBasicAuthProvider.ts +5 -5
package/src/server-security/providers/ServerSecurityProvider.ts +4 -4
package/src/server-static/index.ts +3 -3
package/src/server-static/{descriptors → primitives}/$serve.ts +8 -10
package/src/server-static/providers/ServerStaticProvider.ts +6 -6
package/src/server-swagger/index.ts +5 -5
package/src/server-swagger/{descriptors → primitives}/$swagger.ts +9 -9
package/src/server-swagger/providers/ServerSwaggerProvider.ts +11 -10
package/src/sms/index.ts +4 -4
package/src/sms/{descriptors → primitives}/$sms.ts +8 -8
package/src/thread/index.ts +3 -3
package/src/thread/{descriptors → primitives}/$thread.ts +13 -13
package/src/thread/providers/ThreadProvider.ts +7 -9
package/src/topic/index.ts +5 -5
package/src/topic/{descriptors → primitives}/$subscriber.ts +14 -14
package/src/topic/{descriptors → primitives}/$topic.ts +10 -10
package/src/topic/providers/TopicProvider.ts +4 -4
package/src/vite/helpers/boot.ts +3 -3
package/src/vite/tasks/copyAssets.ts +1 -1
package/src/vite/tasks/generateSitemap.ts +3 -3
package/src/vite/tasks/prerenderPages.ts +2 -2
package/src/vite/tasks/runAlepha.ts +2 -2
package/src/websocket/index.browser.ts +3 -3
package/src/websocket/index.shared.ts +2 -2
package/src/websocket/index.ts +4 -4
package/src/websocket/interfaces/WebSocketInterfaces.ts +3 -3
package/src/websocket/{descriptors → primitives}/$channel.ts +10 -10
package/src/websocket/{descriptors → primitives}/$websocket.ts +8 -8
package/src/websocket/providers/NodeWebSocketServerProvider.ts +7 -7
package/src/websocket/providers/WebSocketServerProvider.ts +3 -3
package/src/websocket/services/WebSocketClient.ts +5 -5
package/dist/api-files/index.cjs +0 -1293
package/dist/api-files/index.cjs.map +0 -1
package/dist/api-files/index.d.cts +0 -829
package/dist/api-jobs/index.cjs +0 -274
package/dist/api-jobs/index.cjs.map +0 -1
package/dist/api-jobs/index.d.cts +0 -654
package/dist/api-notifications/index.cjs +0 -380
package/dist/api-notifications/index.cjs.map +0 -1
package/dist/api-notifications/index.d.cts +0 -289
package/dist/api-parameters/index.cjs +0 -66
package/dist/api-parameters/index.cjs.map +0 -1
package/dist/api-parameters/index.d.cts +0 -84
package/dist/api-users/index.cjs +0 -6009
package/dist/api-users/index.cjs.map +0 -1
package/dist/api-users/index.d.cts +0 -4740
package/dist/api-verifications/index.cjs +0 -407
package/dist/api-verifications/index.cjs.map +0 -1
package/dist/api-verifications/index.d.cts +0 -207
package/dist/batch/index.cjs +0 -408
package/dist/batch/index.cjs.map +0 -1
package/dist/batch/index.d.cts +0 -330
package/dist/bin/index.cjs +0 -17
package/dist/bin/index.cjs.map +0 -1
package/dist/bin/index.d.cts +0 -1
package/dist/bucket/index.cjs +0 -303
package/dist/bucket/index.cjs.map +0 -1
package/dist/bucket/index.d.cts +0 -355
package/dist/cache/index.cjs +0 -241
package/dist/cache/index.cjs.map +0 -1
package/dist/cache/index.d.cts +0 -202
package/dist/cache-redis/index.cjs +0 -84
package/dist/cache-redis/index.cjs.map +0 -1
package/dist/cache-redis/index.d.cts +0 -40
package/dist/cli/chunk-DSlc6foC.cjs +0 -43
package/dist/cli/dist-BBPjuQ56.js +0 -2778
package/dist/cli/dist-Sz2EXvQX.cjs.map +0 -1
package/dist/cli/index.cjs +0 -1241
package/dist/cli/index.cjs.map +0 -1
package/dist/cli/index.d.cts +0 -422
package/dist/command/index.cjs +0 -693
package/dist/command/index.cjs.map +0 -1
package/dist/command/index.d.cts +0 -340
package/dist/core/index.cjs.map +0 -1
package/dist/core/index.d.cts +0 -1927
package/dist/datetime/index.cjs +0 -318
package/dist/datetime/index.cjs.map +0 -1
package/dist/datetime/index.d.cts +0 -145
package/dist/email/index.cjs +0 -10874
package/dist/email/index.cjs.map +0 -1
package/dist/email/index.d.cts +0 -186
package/dist/fake/index.cjs +0 -34641
package/dist/fake/index.cjs.map +0 -1
package/dist/fake/index.d.cts +0 -74
package/dist/file/index.cjs +0 -1212
package/dist/file/index.cjs.map +0 -1
package/dist/file/index.d.cts +0 -698
package/dist/lock/index.cjs +0 -226
package/dist/lock/index.cjs.map +0 -1
package/dist/lock/index.d.cts +0 -361
package/dist/lock-redis/index.cjs +0 -113
package/dist/lock-redis/index.cjs.map +0 -1
package/dist/lock-redis/index.d.cts +0 -24
package/dist/logger/index.cjs +0 -521
package/dist/logger/index.cjs.map +0 -1
package/dist/logger/index.d.cts +0 -281
package/dist/orm/index.cjs +0 -2986
package/dist/orm/index.cjs.map +0 -1
package/dist/orm/index.d.cts +0 -2213
package/dist/queue/index.cjs +0 -1044
package/dist/queue/index.cjs.map +0 -1
package/dist/queue/index.d.cts +0 -1265
package/dist/queue-redis/index.cjs +0 -873
package/dist/queue-redis/index.cjs.map +0 -1
package/dist/queue-redis/index.d.cts +0 -82
package/dist/redis/index.cjs +0 -153
package/dist/redis/index.cjs.map +0 -1
package/dist/redis/index.d.cts +0 -82
package/dist/retry/index.cjs +0 -146
package/dist/retry/index.cjs.map +0 -1
package/dist/retry/index.d.cts +0 -172
package/dist/router/index.cjs +0 -111
package/dist/router/index.cjs.map +0 -1
package/dist/router/index.d.cts +0 -46
package/dist/scheduler/index.cjs +0 -576
package/dist/scheduler/index.cjs.map +0 -1
package/dist/scheduler/index.d.cts +0 -145
package/dist/security/index.cjs +0 -2402
package/dist/security/index.cjs.map +0 -1
package/dist/security/index.d.cts +0 -598
package/dist/server/index.cjs +0 -1680
package/dist/server/index.cjs.map +0 -1
package/dist/server/index.d.cts +0 -810
package/dist/server-auth/index.cjs +0 -3146
package/dist/server-auth/index.cjs.map +0 -1
package/dist/server-auth/index.d.cts +0 -1164
package/dist/server-cache/index.cjs +0 -252
package/dist/server-cache/index.cjs.map +0 -1
package/dist/server-cache/index.d.cts +0 -164
package/dist/server-compress/index.cjs +0 -141
package/dist/server-compress/index.cjs.map +0 -1
package/dist/server-compress/index.d.cts +0 -38
package/dist/server-cookies/index.cjs +0 -234
package/dist/server-cookies/index.cjs.map +0 -1
package/dist/server-cookies/index.d.cts +0 -144
package/dist/server-cors/index.cjs +0 -201
package/dist/server-cors/index.cjs.map +0 -1
package/dist/server-cors/index.d.cts +0 -140
package/dist/server-health/index.cjs +0 -62
package/dist/server-health/index.cjs.map +0 -1
package/dist/server-health/index.d.cts +0 -58
package/dist/server-helmet/index.cjs +0 -131
package/dist/server-helmet/index.cjs.map +0 -1
package/dist/server-helmet/index.d.cts +0 -97
package/dist/server-links/index.cjs +0 -992
package/dist/server-links/index.cjs.map +0 -1
package/dist/server-links/index.d.cts +0 -513
package/dist/server-metrics/index.cjs +0 -4535
package/dist/server-metrics/index.cjs.map +0 -1
package/dist/server-metrics/index.d.cts +0 -35
package/dist/server-multipart/index.cjs +0 -237
package/dist/server-multipart/index.cjs.map +0 -1
package/dist/server-multipart/index.d.cts +0 -50
package/dist/server-proxy/index.cjs +0 -186
package/dist/server-proxy/index.cjs.map +0 -1
package/dist/server-proxy/index.d.cts +0 -234
package/dist/server-rate-limit/index.cjs +0 -241
package/dist/server-rate-limit/index.cjs.map +0 -1
package/dist/server-rate-limit/index.d.cts +0 -183
package/dist/server-security/index.cjs +0 -316
package/dist/server-security/index.cjs.map +0 -1
package/dist/server-security/index.d.cts +0 -173
package/dist/server-static/index.cjs +0 -170
package/dist/server-static/index.cjs.map +0 -1
package/dist/server-static/index.d.cts +0 -121
package/dist/server-swagger/index.cjs +0 -1021
package/dist/server-swagger/index.cjs.map +0 -1
package/dist/server-swagger/index.d.cts +0 -382
package/dist/sms/index.cjs +0 -221
package/dist/sms/index.cjs.map +0 -1
package/dist/sms/index.d.cts +0 -130
package/dist/thread/index.cjs +0 -350
package/dist/thread/index.cjs.map +0 -1
package/dist/thread/index.d.cts +0 -260
package/dist/topic/index.cjs +0 -282
package/dist/topic/index.cjs.map +0 -1
package/dist/topic/index.d.cts +0 -523
package/dist/topic-redis/index.cjs +0 -71
package/dist/topic-redis/index.cjs.map +0 -1
package/dist/topic-redis/index.d.cts +0 -42
package/dist/vite/index.cjs +0 -1077
package/dist/vite/index.cjs.map +0 -1
package/dist/vite/index.d.cts +0 -542
package/dist/websocket/index.cjs +0 -1117
package/dist/websocket/index.cjs.map +0 -1
package/dist/websocket/index.d.cts +0 -861
package/src/api-notifications/providers/MemorySmsProvider.ts +0 -20
package/src/api-notifications/providers/SmsProvider.ts +0 -8
/package/src/core/{descriptors → primitives}/$atom.ts +0 -0
/package/src/core/{descriptors → primitives}/$env.ts +0 -0
/package/src/server-auth/{descriptors → primitives}/$authApple.ts +0 -0
/package/src/server-links/{descriptors → primitives}/$client.ts +0 -0

package/dist/server-rate-limit/index.d.cts DELETED Viewed

@@ -1,183 +0,0 @@
-import * as alepha1 from "alepha";
-import { Descriptor, KIND, Static } from "alepha";
-import { ServerRequest, ServerRouterProvider } from "alepha/server";
-import * as alepha_logger0 from "alepha/logger";
-import * as alepha_cache0 from "alepha/cache";
-//#region src/server-rate-limit/providers/ServerRateLimitProvider.d.ts
-interface RateLimitResult {
-  allowed: boolean;
-  limit: number;
-  remaining: number;
-  resetTime: number;
-  retryAfter?: number;
-}
-/**
- * Rate limit configuration atom (global defaults)
- */
-declare const rateLimitOptions: alepha1.Atom<alepha1.TObject<{
-  windowMs: alepha1.TOptional<alepha1.TNumber>;
-  max: alepha1.TOptional<alepha1.TNumber>;
-  skipFailedRequests: alepha1.TOptional<alepha1.TBoolean>;
-  skipSuccessfulRequests: alepha1.TOptional<alepha1.TBoolean>;
-}>, "alepha.server.rate-limit.options">;
-type RateLimitAtomOptions = Static<typeof rateLimitOptions.schema>;
-declare module "alepha" {
-  interface State {
-    [rateLimitOptions.key]: RateLimitAtomOptions;
-  }
-}
-declare class ServerRateLimitProvider {
-  protected readonly log: alepha_logger0.Logger;
-  protected readonly serverRouterProvider: ServerRouterProvider;
-  protected readonly env: {
-    RATE_LIMIT_WINDOW_MS: number;
-    RATE_LIMIT_MAX_REQUESTS: number;
-  };
-  protected readonly cache: alepha_cache0.CacheDescriptorFn<RateLimitData, any[]>;
-  protected readonly globalOptions: Readonly<{
-    windowMs?: number | undefined;
-    max?: number | undefined;
-    skipFailedRequests?: boolean | undefined;
-    skipSuccessfulRequests?: boolean | undefined;
-  }>;
-  /**
-   * Registered rate limit configurations with their path patterns
-   */
-  readonly registeredConfigs: RateLimitDescriptorOptions[];
-  /**
-   * Register a rate limit configuration (called by descriptors)
-   */
-  registerRateLimit(config: RateLimitDescriptorOptions): void;
-  protected readonly onStart: alepha1.HookDescriptor<"start">;
-  readonly onRequest: alepha1.HookDescriptor<"server:onRequest">;
-  readonly onActionRequest: alepha1.HookDescriptor<"action:onRequest">;
-  /**
-   * Build complete rate limit options by merging with global defaults
-   */
-  protected buildRateLimitOptions(config: RateLimitDescriptorOptions): RateLimitOptions;
-  /**
-   * Set rate limit headers on the response
-   */
-  protected setRateLimitHeaders(request: ServerRequest, result: RateLimitResult): void;
-  checkLimit(req: ServerRequest, options?: RateLimitOptions): Promise<RateLimitResult>;
-  protected generateKey(req: ServerRequest): string;
-  protected getClientIP(req: ServerRequest): string;
-}
-interface RateLimitData {
-  count: number;
-  windowStart: number;
-  hits: number[];
-}
-//#endregion
-//#region src/server-rate-limit/descriptors/$rateLimit.d.ts
-/**
- * Declares rate limiting for server routes or custom usage.
- * This descriptor provides methods to check rate limits and configure behavior
- * within the server request/response cycle.
- *
- * @example
- * ```ts
- * class ApiService {
- *   // Apply rate limiting to specific paths
- *   apiRateLimit = $rateLimit({
- *     paths: ["/api/*"],
- *     max: 100,
- *     windowMs: 15 * 60 * 1000, // 15 minutes
- *   });
- *
- *   // Or use check() method for manual rate limiting
- *   customAction = $action({
- *     handler: async (req) => {
- *       const result = await this.apiRateLimit.check(req);
- *       if (!result.allowed) throw new Error("Rate limited");
- *       return "ok";
- *     },
- *   });
- * }
- * ```
- */
-declare const $rateLimit: {
-  (options?: RateLimitDescriptorOptions): AbstractRateLimitDescriptor;
-  [KIND]: typeof RateLimitDescriptor;
-};
-interface RateLimitDescriptorOptions extends RateLimitOptions {
-  /** Name identifier for this rate limit (default: property key) */
-  name?: string;
-  /** Path patterns to match (supports wildcards like /api/*) */
-  paths?: string[];
-}
-interface AbstractRateLimitDescriptor {
-  readonly name: string;
-  readonly options: RateLimitDescriptorOptions;
-  check(request: ServerRequest, options?: RateLimitOptions): Promise<RateLimitResult>;
-}
-declare class RateLimitDescriptor extends Descriptor<RateLimitDescriptorOptions> implements AbstractRateLimitDescriptor {
-  protected readonly serverRateLimitProvider: ServerRateLimitProvider;
-  get name(): string;
-  protected onInit(): void;
-  /**
-   * Checks rate limit for the given request using this descriptor's configuration.
-   */
-  check(request: ServerRequest, options?: RateLimitOptions): Promise<RateLimitResult>;
-}
-//#endregion
-//#region src/server-rate-limit/index.d.ts
-declare module "alepha/server" {
-  interface ActionDescriptorOptions<TConfig> {
-    /**
-     * Rate limiting configuration for this action.
-     * When specified, the action will be rate limited according to these settings.
-     */
-    rateLimit?: RateLimitOptions;
-  }
-  interface ServerRoute {
-    /**
-     * Route-specific rate limit configuration.
-     * If set, overrides the global rate limit options for this route.
-     */
-    rateLimit?: RateLimitOptions;
-  }
-}
-interface RateLimitOptions {
-  /** Maximum number of requests per window (default: 100) */
-  max?: number;
-  /** Window duration in milliseconds (default: 15 minutes) */
-  windowMs?: number;
-  /** Custom key generator function */
-  keyGenerator?: (req: any) => string;
-  /** Skip rate limiting for failed requests */
-  skipFailedRequests?: boolean;
-  /** Skip rate limiting for successful requests */
-  skipSuccessfulRequests?: boolean;
-}
-/**
- * Provides rate limiting capabilities for server routes and actions with configurable limits and windows.
- *
- * The server-rate-limit module enables per-route and per-action rate limiting using either:
- * - The `$rateLimit` descriptor with `paths` option for path-based rate limiting
- * - The `rateLimit` option in action descriptors for action-specific limiting
- *
- * It offers sliding window rate limiting, custom key generation, and seamless integration with server routes.
- *
- * @example
- * ```ts
- * import { $rateLimit, AlephaServerRateLimit } from "alepha/server-rate-limit";
- *
- * class ApiService {
- *   // Path-specific rate limiting
- *   apiRateLimit = $rateLimit({
- *     paths: ["/api/*"],
- *     max: 100,
- *     windowMs: 15 * 60 * 1000, // 15 minutes
- *   });
- * }
- * ```
- *
- * @see {@link $rateLimit}
- * @module alepha.server.rate-limit
- */
-declare const AlephaServerRateLimit: alepha1.Service<alepha1.Module>;
-//#endregion
-export { $rateLimit, AbstractRateLimitDescriptor, AlephaServerRateLimit, RateLimitAtomOptions, RateLimitDescriptor, RateLimitDescriptorOptions, RateLimitOptions, RateLimitResult, ServerRateLimitProvider, rateLimitOptions };
-//# sourceMappingURL=index.d.cts.map

package/dist/server-security/index.cjs DELETED Viewed

@@ -1,316 +0,0 @@
-let alepha = require("alepha");
-let alepha_security = require("alepha/security");
-let alepha_server = require("alepha/server");
-let node_crypto = require("node:crypto");
-let alepha_logger = require("alepha/logger");
-//#region src/server-security/providers/ServerBasicAuthProvider.ts
-var ServerBasicAuthProvider = class {
-	alepha = (0, alepha.$inject)(alepha.Alepha);
-	log = (0, alepha_logger.$logger)();
-	routerProvider = (0, alepha.$inject)(alepha_server.ServerRouterProvider);
-	realm = "Secure Area";
-	/**
-	* Registered basic auth descriptors with their configurations
-	*/
-	registeredAuths = [];
-	/**
-	* Register a basic auth configuration (called by descriptors)
-	*/
-	registerAuth(config) {
-		this.registeredAuths.push(config);
-	}
-	onStart = (0, alepha.$hook)({
-		on: "start",
-		handler: async () => {
-			for (const auth of this.registeredAuths) if (auth.paths) for (const pattern of auth.paths) {
-				const matchedRoutes = this.routerProvider.getRoutes(pattern);
-				for (const route of matchedRoutes) route.secure = { basic: {
-					username: auth.username,
-					password: auth.password
-				} };
-			}
-			if (this.registeredAuths.length > 0) this.log.info(`Initialized with ${this.registeredAuths.length} registered basic-auth configurations.`);
-		}
-	});
-	/**
-	* Hook into server:onRequest to check basic auth
-	*/
-	onRequest = (0, alepha.$hook)({
-		on: "server:onRequest",
-		handler: async ({ route, request }) => {
-			const routeAuth = route.secure;
-			if (typeof routeAuth === "object" && "basic" in routeAuth && routeAuth.basic) this.checkAuth(request, routeAuth.basic);
-		}
-	});
-	/**
-	* Hook into action:onRequest to check basic auth for actions
-	*/
-	onActionRequest = (0, alepha.$hook)({
-		on: "action:onRequest",
-		handler: async ({ action, request }) => {
-			const routeAuth = action.route.secure;
-			if (isBasicAuth(routeAuth)) this.checkAuth(request, routeAuth.basic);
-		}
-	});
-	/**
-	* Check basic authentication
-	*/
-	checkAuth(request, options) {
-		const authHeader = request.headers?.authorization;
-		if (!authHeader || !authHeader.startsWith("Basic ")) {
-			this.sendAuthRequired(request);
-			throw new alepha_server.HttpError({
-				status: 401,
-				message: "Authentication required"
-			});
-		}
-		const base64Credentials = authHeader.slice(6);
-		const credentials = Buffer.from(base64Credentials, "base64").toString("utf-8");
-		const colonIndex = credentials.indexOf(":");
-		const username = colonIndex !== -1 ? credentials.slice(0, colonIndex) : credentials;
-		const password = colonIndex !== -1 ? credentials.slice(colonIndex + 1) : "";
-		if (!this.timingSafeCredentialCheck(username, password, options.username, options.password)) {
-			this.sendAuthRequired(request);
-			this.log.warn(`Failed basic auth attempt for user`, { username });
-			throw new alepha_server.HttpError({
-				status: 401,
-				message: "Invalid credentials"
-			});
-		}
-	}
-	/**
-	* Performs a timing-safe comparison of credentials to prevent timing attacks.
-	* Always compares both username and password to avoid leaking which one is wrong.
-	*/
-	timingSafeCredentialCheck(inputUsername, inputPassword, expectedUsername, expectedPassword) {
-		const inputUserBuf = Buffer.from(inputUsername, "utf-8");
-		const expectedUserBuf = Buffer.from(expectedUsername, "utf-8");
-		const inputPassBuf = Buffer.from(inputPassword, "utf-8");
-		const expectedPassBuf = Buffer.from(expectedPassword, "utf-8");
-		return (this.safeCompare(inputUserBuf, expectedUserBuf) & this.safeCompare(inputPassBuf, expectedPassBuf)) === 1;
-	}
-	/**
-	* Compares two buffers in constant time, handling different lengths safely.
-	* Returns 1 if equal, 0 if not equal.
-	*/
-	safeCompare(input, expected) {
-		if (input.length !== expected.length) {
-			(0, node_crypto.timingSafeEqual)(input, input);
-			return 0;
-		}
-		return (0, node_crypto.timingSafeEqual)(input, expected) ? 1 : 0;
-	}
-	/**
-	* Send WWW-Authenticate header
-	*/
-	sendAuthRequired(request) {
-		request.reply.setHeader("WWW-Authenticate", `Basic realm="${this.realm}"`);
-	}
-};
-const isBasicAuth = (value) => {
-	return typeof value === "object" && !!value && "basic" in value && !!value.basic;
-};
-//#endregion
-//#region src/server-security/descriptors/$basicAuth.ts
-/**
-* Declares HTTP Basic Authentication for server routes.
-* This descriptor provides methods to protect routes with username/password authentication.
-*/
-const $basicAuth = (options) => {
-	return (0, alepha.createDescriptor)(BasicAuthDescriptor, options);
-};
-var BasicAuthDescriptor = class extends alepha.Descriptor {
-	serverBasicAuthProvider = (0, alepha.$inject)(ServerBasicAuthProvider);
-	get name() {
-		return this.options.name ?? `${this.config.propertyKey}`;
-	}
-	onInit() {
-		this.serverBasicAuthProvider.registerAuth(this.options);
-	}
-	/**
-	* Checks basic auth for the given request using this descriptor's configuration.
-	*/
-	check(request, options) {
-		const mergedOptions = {
-			...this.options,
-			...options
-		};
-		this.serverBasicAuthProvider.checkAuth(request, mergedOptions);
-	}
-};
-$basicAuth[alepha.KIND] = BasicAuthDescriptor;
-//#endregion
-//#region src/server-security/providers/ServerSecurityProvider.ts
-var ServerSecurityProvider = class {
-	log = (0, alepha_logger.$logger)();
-	securityProvider = (0, alepha.$inject)(alepha_security.SecurityProvider);
-	jwtProvider = (0, alepha.$inject)(alepha_security.JwtProvider);
-	alepha = (0, alepha.$inject)(alepha.Alepha);
-	onConfigure = (0, alepha.$hook)({
-		on: "configure",
-		handler: async () => {
-			for (const action of this.alepha.descriptors(alepha_server.$action)) {
-				if (action.options.disabled || action.options.secure === false || this.securityProvider.getRealms().length === 0) continue;
-				if (typeof action.options.secure !== "object") this.securityProvider.createPermission({
-					name: action.name,
-					group: action.group,
-					method: action.route.method,
-					path: action.route.path
-				});
-			}
-		}
-	});
-	onActionRequest = (0, alepha.$hook)({
-		on: "action:onRequest",
-		handler: async ({ action, request, options }) => {
-			if (action.options.secure === false && !options.user) {
-				this.log.trace("Skipping security check for route");
-				return;
-			}
-			if (isBasicAuth(action.route.secure)) return;
-			const permission = this.securityProvider.getPermissions().find((it) => it.path === action.route.path && it.method === action.route.method);
-			try {
-				request.user = this.createUserFromLocalFunctionContext(options, permission);
-				const route = action.route;
-				if (typeof route.secure === "object") this.check(request.user, route.secure);
-				this.alepha.state.set("alepha.server.request.user", this.alepha.codec.decode(alepha_security.userAccountInfoSchema, request.user));
-			} catch (error) {
-				if (action.options.secure || permission) throw error;
-				this.log.trace("Skipping security check for action");
-			}
-		}
-	});
-	onRequest = (0, alepha.$hook)({
-		on: "server:onRequest",
-		priority: "last",
-		handler: async ({ request, route }) => {
-			if (route.secure === false) {
-				this.log.trace("Skipping security check for route - explicitly disabled");
-				return;
-			}
-			if (isBasicAuth(route.secure)) return;
-			const permission = this.securityProvider.getPermissions().find((it) => it.path === route.path && it.method === route.method);
-			if (!request.headers.authorization && !route.secure && !permission) {
-				this.log.trace("Skipping security check for route - no authorization header and not secure");
-				return;
-			}
-			try {
-				request.user = await this.securityProvider.createUserFromToken(request.headers.authorization, { permission });
-				if (typeof route.secure === "object") this.check(request.user, route.secure);
-				this.alepha.state.set("alepha.server.request.user", this.alepha.codec.decode(alepha_security.userAccountInfoSchema, request.user));
-				this.log.trace("User set from request token", {
-					user: request.user,
-					permission
-				});
-			} catch (error) {
-				if (route.secure || permission) throw error;
-				this.log.trace("Skipping security check for route - error occurred", error);
-			}
-		}
-	});
-	check(user, secure) {
-		if (secure.realm) {
-			if (user.realm !== secure.realm) throw new alepha_server.ForbiddenError(`User must belong to realm '${secure.realm}' to access this route`);
-		}
-	}
-	/**
-	* Get the user account token for a local action call.
-	* There are three possible sources for the user:
-	* - `options.user`: the user passed in the options
-	* - `"system"`: the system user from the state (you MUST set state `server.security.system.user`)
-	* - `"context"`: the user from the request context (you MUST be in an HTTP request context)
-	*
-	* Priority order: `options.user` > `"system"` > `"context"`.
-	*
-	* In testing environment, if no user is provided, a test user is created based on the SecurityProvider's roles.
-	*/
-	createUserFromLocalFunctionContext(options, permission) {
-		const fromOptions = typeof options.user === "object" ? options.user : void 0;
-		const type = typeof options.user === "string" ? options.user : void 0;
-		let user;
-		const fromContext = this.alepha.context.get("request")?.user;
-		const fromSystem = this.alepha.state.get("alepha.server.security.system.user");
-		if (type === "system") user = fromSystem;
-		else if (type === "context") user = fromContext;
-		else user = fromOptions ?? fromContext ?? fromSystem;
-		if (!user) {
-			if (this.alepha.isTest() && !("user" in options)) return this.createTestUser();
-			throw new alepha_server.UnauthorizedError("User is required for calling this action");
-		}
-		const roles = user.roles ?? (this.alepha.isTest() ? this.securityProvider.getRoles().map((role) => role.name) : []);
-		let ownership;
-		if (permission) {
-			const result = this.securityProvider.checkPermission(permission, ...roles);
-			if (!result.isAuthorized) throw new alepha_server.ForbiddenError(`Permission '${this.securityProvider.permissionToString(permission)}' is required for this route`);
-			ownership = result.ownership;
-		}
-		return {
-			...user,
-			ownership
-		};
-	}
-	createTestUser() {
-		return {
-			id: (0, node_crypto.randomUUID)(),
-			name: "Test",
-			roles: this.securityProvider.getRoles().map((role) => role.name)
-		};
-	}
-	onClientRequest = (0, alepha.$hook)({
-		on: "client:onRequest",
-		handler: async ({ request, options }) => {
-			if (!this.alepha.isTest()) return;
-			if ("user" in options && options.user === void 0) return;
-			request.headers = new Headers(request.headers);
-			if (!request.headers.has("authorization")) {
-				const test = this.createTestUser();
-				const user = typeof options?.user === "object" ? options.user : void 0;
-				const sub = user?.id ?? test.id;
-				const roles = user?.roles ?? test.roles;
-				const token = await this.jwtProvider.create({
-					sub,
-					roles
-				}, user?.realm ?? this.securityProvider.getRealms()[0]?.name);
-				request.headers.set("authorization", `Bearer ${token}`);
-			}
-		}
-	});
-};
-//#endregion
-//#region src/server-security/index.ts
-/**
-* Plugin for Alepha Server that provides security features. Based on the Alepha Security module.
-*
-* By default, all $action will be guarded by a permission check.
-*
-* @see {@link ServerSecurityProvider}
-* @module alepha.server.security
-*/
-const AlephaServerSecurity = (0, alepha.$module)({
-	name: "alepha.server.security",
-	descriptors: [
-		alepha_security.$realm,
-		alepha_security.$role,
-		alepha_security.$permission,
-		$basicAuth
-	],
-	services: [
-		alepha_server.AlephaServer,
-		alepha_security.AlephaSecurity,
-		ServerSecurityProvider,
-		ServerBasicAuthProvider
-	]
-});
-//#endregion
-exports.$basicAuth = $basicAuth;
-exports.AlephaServerSecurity = AlephaServerSecurity;
-exports.BasicAuthDescriptor = BasicAuthDescriptor;
-exports.ServerBasicAuthProvider = ServerBasicAuthProvider;
-exports.ServerSecurityProvider = ServerSecurityProvider;
-exports.isBasicAuth = isBasicAuth;
-//# sourceMappingURL=index.cjs.map

package/dist/server-security/index.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.cjs","names":["Alepha","ServerRouterProvider","HttpError","Descriptor","KIND","SecurityProvider","JwtProvider","Alepha","$action","userAccountInfoSchema","ForbiddenError","user: UserAccountToken | undefined","UnauthorizedError","ownership: boolean | string | undefined","$realm","$role","$permission","AlephaServer","AlephaSecurity"],"sources":["../../src/server-security/providers/ServerBasicAuthProvider.ts","../../src/server-security/descriptors/$basicAuth.ts","../../src/server-security/providers/ServerSecurityProvider.ts","../../src/server-security/index.ts"],"sourcesContent":["import { timingSafeEqual } from \"node:crypto\";\nimport { $hook, $inject, Alepha } from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport {\n HttpError,\n type ServerRequest,\n ServerRouterProvider,\n} from \"alepha/server\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface BasicAuthOptions {\n username: string;\n password: string;\n}\n\nexport interface BasicAuthDescriptorConfig extends BasicAuthOptions {\n /** Name identifier for this basic auth (default: property key) */\n name?: string;\n /** Path patterns to match (supports wildcards like /devtools/*) */\n paths?: string[];\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport class ServerBasicAuthProvider {\n protected readonly alepha = $inject(Alepha);\n protected readonly log = $logger();\n protected readonly routerProvider = $inject(ServerRouterProvider);\n protected readonly realm = \"Secure Area\";\n\n /**\n * Registered basic auth descriptors with their configurations\n */\n public readonly registeredAuths: BasicAuthDescriptorConfig[] = [];\n\n /**\n * Register a basic auth configuration (called by descriptors)\n */\n public registerAuth(config: BasicAuthDescriptorConfig): void {\n this.registeredAuths.push(config);\n }\n\n public readonly onStart = $hook({\n on: \"start\",\n handler: async () => {\n for (const auth of this.registeredAuths) {\n if (auth.paths) {\n for (const pattern of auth.paths) {\n const matchedRoutes = this.routerProvider.getRoutes(pattern);\n for (const route of matchedRoutes) {\n route.secure = {\n basic: {\n username: auth.username,\n password: auth.password,\n },\n };\n }\n }\n }\n }\n\n if (this.registeredAuths.length > 0) {\n this.log.info(\n `Initialized with ${this.registeredAuths.length} registered basic-auth configurations.`,\n );\n }\n },\n });\n\n /**\n * Hook into server:onRequest to check basic auth\n */\n public readonly onRequest = $hook({\n on: \"server:onRequest\",\n handler: async ({ route, request }) => {\n const routeAuth = route.secure;\n if (\n typeof routeAuth === \"object\" &&\n \"basic\" in routeAuth &&\n routeAuth.basic\n ) {\n this.checkAuth(request, routeAuth.basic);\n }\n },\n });\n\n /**\n * Hook into action:onRequest to check basic auth for actions\n */\n public readonly onActionRequest = $hook({\n on: \"action:onRequest\",\n handler: async ({ action, request }) => {\n const routeAuth = action.route.secure;\n if (isBasicAuth(routeAuth)) {\n this.checkAuth(request, routeAuth.basic);\n }\n },\n });\n\n /**\n * Check basic authentication\n */\n public checkAuth(request: ServerRequest, options: BasicAuthOptions): void {\n const authHeader = request.headers?.authorization;\n\n if (!authHeader || !authHeader.startsWith(\"Basic \")) {\n this.sendAuthRequired(request);\n throw new HttpError({\n status: 401,\n message: \"Authentication required\",\n });\n }\n\n // decode base64 credentials\n const base64Credentials = authHeader.slice(6); // Remove \"Basic \"\n const credentials = Buffer.from(base64Credentials, \"base64\").toString(\n \"utf-8\",\n );\n\n // split only on the first colon to handle passwords with colons\n const colonIndex = credentials.indexOf(\":\");\n const username =\n colonIndex !== -1 ? credentials.slice(0, colonIndex) : credentials;\n const password = colonIndex !== -1 ? credentials.slice(colonIndex + 1) : \"\";\n\n // verify credentials using timing-safe comparison to prevent timing attacks\n const isValid = this.timingSafeCredentialCheck(\n username,\n password,\n options.username,\n options.password,\n );\n\n if (!isValid) {\n this.sendAuthRequired(request);\n this.log.warn(`Failed basic auth attempt for user`, {\n username,\n });\n throw new HttpError({\n status: 401,\n message: \"Invalid credentials\",\n });\n }\n }\n\n /**\n * Performs a timing-safe comparison of credentials to prevent timing attacks.\n * Always compares both username and password to avoid leaking which one is wrong.\n */\n protected timingSafeCredentialCheck(\n inputUsername: string,\n inputPassword: string,\n expectedUsername: string,\n expectedPassword: string,\n ): boolean {\n // Convert to buffers for timing-safe comparison\n const inputUserBuf = Buffer.from(inputUsername, \"utf-8\");\n const expectedUserBuf = Buffer.from(expectedUsername, \"utf-8\");\n const inputPassBuf = Buffer.from(inputPassword, \"utf-8\");\n const expectedPassBuf = Buffer.from(expectedPassword, \"utf-8\");\n\n // timingSafeEqual requires same-length buffers\n // When lengths differ, we compare against a dummy buffer to maintain constant time\n const userMatch = this.safeCompare(inputUserBuf, expectedUserBuf);\n const passMatch = this.safeCompare(inputPassBuf, expectedPassBuf);\n\n // Both must match - bitwise AND avoids short-circuit evaluation\n // eslint-disable-next-line no-bitwise\n return (userMatch & passMatch) === 1;\n }\n\n /**\n * Compares two buffers in constant time, handling different lengths safely.\n * Returns 1 if equal, 0 if not equal.\n */\n protected safeCompare(input: Buffer, expected: Buffer): number {\n // If lengths differ, compare input against itself to maintain timing\n // but return 0 (not equal)\n if (input.length !== expected.length) {\n // Still perform a comparison to keep timing consistent\n timingSafeEqual(input, input);\n return 0;\n }\n\n return timingSafeEqual(input, expected) ? 1 : 0;\n }\n\n /**\n * Send WWW-Authenticate header\n */\n protected sendAuthRequired(request: ServerRequest): void {\n request.reply.setHeader(\"WWW-Authenticate\", `Basic realm=\"${this.realm}\"`);\n }\n}\n\nexport const isBasicAuth = (\n value: unknown,\n): value is { basic: BasicAuthOptions } => {\n return (\n typeof value === \"object\" && !!value && \"basic\" in value && !!value.basic\n );\n};\n","import { $inject, createDescriptor, Descriptor, KIND } from \"alepha\";\nimport type { ServerRequest } from \"alepha/server\";\nimport type {\n BasicAuthDescriptorConfig,\n BasicAuthOptions,\n} from \"../providers/ServerBasicAuthProvider.ts\";\nimport { ServerBasicAuthProvider } from \"../providers/ServerBasicAuthProvider.ts\";\n\n/**\n * Declares HTTP Basic Authentication for server routes.\n * This descriptor provides methods to protect routes with username/password authentication.\n */\nexport const $basicAuth = (\n options: BasicAuthDescriptorConfig,\n): AbstractBasicAuthDescriptor => {\n return createDescriptor(BasicAuthDescriptor, options);\n};\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface AbstractBasicAuthDescriptor {\n readonly name: string;\n readonly options: BasicAuthDescriptorConfig;\n check(request: ServerRequest, options?: BasicAuthOptions): void;\n}\n\nexport class BasicAuthDescriptor\n extends Descriptor<BasicAuthDescriptorConfig>\n implements AbstractBasicAuthDescriptor\n{\n protected readonly serverBasicAuthProvider = $inject(ServerBasicAuthProvider);\n\n public get name(): string {\n return this.options.name ?? `${this.config.propertyKey}`;\n }\n\n protected onInit() {\n // Register this auth configuration with the provider\n this.serverBasicAuthProvider.registerAuth(this.options);\n }\n\n /**\n * Checks basic auth for the given request using this descriptor's configuration.\n */\n public check(request: ServerRequest, options?: BasicAuthOptions): void {\n const mergedOptions = { ...this.options, ...options };\n this.serverBasicAuthProvider.checkAuth(request, mergedOptions);\n }\n}\n\n$basicAuth[KIND] = BasicAuthDescriptor;\n","import { randomUUID } from \"node:crypto\";\nimport { $hook, $inject, Alepha } from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport {\n JwtProvider,\n type Permission,\n SecurityProvider,\n type UserAccountToken,\n userAccountInfoSchema,\n} from \"alepha/security\";\nimport {\n $action,\n ForbiddenError,\n type ServerRequest,\n UnauthorizedError,\n} from \"alepha/server\";\nimport {\n type BasicAuthOptions,\n isBasicAuth,\n} from \"./ServerBasicAuthProvider.ts\";\n\nexport class ServerSecurityProvider {\n protected readonly log = $logger();\n protected readonly securityProvider = $inject(SecurityProvider);\n protected readonly jwtProvider = $inject(JwtProvider);\n protected readonly alepha = $inject(Alepha);\n\n protected readonly onConfigure = $hook({\n on: \"configure\",\n handler: async () => {\n for (const action of this.alepha.descriptors($action)) {\n // -------------------------------------------------------------------------------------------------------------\n // if the action is disabled or not secure, we do NOT create a permission for it\n // -------------------------------------------------------------------------------------------------------------\n if (\n action.options.disabled ||\n action.options.secure === false ||\n this.securityProvider.getRealms().length === 0\n ) {\n continue;\n }\n\n const secure = action.options.secure;\n if (typeof secure !== \"object\") {\n this.securityProvider.createPermission({\n name: action.name,\n group: action.group,\n method: action.route.method,\n path: action.route.path,\n });\n }\n }\n },\n });\n\n // -------------------------------------------------------------------------------------------------------------------\n\n protected readonly onActionRequest = $hook({\n on: \"action:onRequest\",\n handler: async ({ action, request, options }) => {\n // if you set explicitly secure: false, we assume you don't want any security check\n // but only if no user is provided in options\n if (action.options.secure === false && !options.user) {\n this.log.trace(\"Skipping security check for route\");\n return;\n }\n\n if (isBasicAuth(action.route.secure)) {\n return;\n }\n\n const permission = this.securityProvider\n .getPermissions()\n .find(\n (it) =>\n it.path === action.route.path && it.method === action.route.method,\n );\n\n try {\n request.user = this.createUserFromLocalFunctionContext(\n options,\n permission,\n );\n\n const route = action.route;\n if (typeof route.secure === \"object\") {\n this.check(request.user, route.secure);\n }\n\n this.alepha.state.set(\n \"alepha.server.request.user\",\n this.alepha.codec.decode(userAccountInfoSchema, request.user),\n );\n } catch (error) {\n if (action.options.secure || permission) {\n throw error;\n }\n // else, we skip the security check\n this.log.trace(\"Skipping security check for action\");\n }\n },\n });\n\n protected readonly onRequest = $hook({\n on: \"server:onRequest\",\n priority: \"last\",\n handler: async ({ request, route }) => {\n // if you set explicitly secure: false, we assume you don't want any security check\n if (route.secure === false) {\n this.log.trace(\n \"Skipping security check for route - explicitly disabled\",\n );\n return;\n }\n\n if (isBasicAuth(route.secure)) {\n return;\n }\n\n const permission = this.securityProvider\n .getPermissions()\n .find((it) => it.path === route.path && it.method === route.method);\n\n if (!request.headers.authorization && !route.secure && !permission) {\n this.log.trace(\n \"Skipping security check for route - no authorization header and not secure\",\n );\n return;\n }\n\n try {\n // set user to request\n request.user = await this.securityProvider.createUserFromToken(\n request.headers.authorization,\n { permission },\n );\n\n if (typeof route.secure === \"object\") {\n this.check(request.user, route.secure);\n }\n\n this.alepha.state.set(\n \"alepha.server.request.user\",\n // remove sensitive info\n this.alepha.codec.decode(userAccountInfoSchema, request.user),\n );\n\n this.log.trace(\"User set from request token\", {\n user: request.user,\n permission,\n });\n } catch (error) {\n if (route.secure || permission) {\n throw error;\n }\n\n // else, we skip the security check\n this.log.trace(\n \"Skipping security check for route - error occurred\",\n error,\n );\n }\n },\n });\n\n // -------------------------------------------------------------------------------------------------------------------\n\n protected check(user: UserAccountToken, secure: ServerRouteSecure) {\n if (secure.realm) {\n if (user.realm !== secure.realm) {\n throw new ForbiddenError(\n `User must belong to realm '${secure.realm}' to access this route`,\n );\n }\n }\n }\n\n /**\n * Get the user account token for a local action call.\n * There are three possible sources for the user:\n * - `options.user`: the user passed in the options\n * - `\"system\"`: the system user from the state (you MUST set state `server.security.system.user`)\n * - `\"context\"`: the user from the request context (you MUST be in an HTTP request context)\n *\n * Priority order: `options.user` > `\"system\"` > `\"context\"`.\n *\n * In testing environment, if no user is provided, a test user is created based on the SecurityProvider's roles.\n */\n protected createUserFromLocalFunctionContext(\n options: { user?: UserAccountToken | \"system\" | \"context\" },\n permission?: Permission,\n ): UserAccountToken {\n const fromOptions =\n typeof options.user === \"object\" ? options.user : undefined;\n\n const type = typeof options.user === \"string\" ? options.user : undefined;\n\n let user: UserAccountToken | undefined;\n\n const fromContext = this.alepha.context.get<ServerRequest>(\"request\")?.user;\n const fromSystem = this.alepha.state.get(\n \"alepha.server.security.system.user\",\n );\n\n if (type === \"system\") {\n user = fromSystem;\n } else if (type === \"context\") {\n user = fromContext;\n } else {\n user = fromOptions ?? fromContext ?? fromSystem;\n }\n\n if (!user) {\n // in testing mode, we create a test user\n if (this.alepha.isTest() && !(\"user\" in options)) {\n return this.createTestUser();\n }\n\n throw new UnauthorizedError(\"User is required for calling this action\");\n }\n\n const roles =\n user.roles ??\n (this.alepha.isTest()\n ? this.securityProvider.getRoles().map((role) => role.name)\n : []);\n let ownership: boolean | string | undefined;\n\n if (permission) {\n const result = this.securityProvider.checkPermission(\n permission,\n ...roles,\n );\n if (!result.isAuthorized) {\n throw new ForbiddenError(\n `Permission '${this.securityProvider.permissionToString(permission)}' is required for this route`,\n );\n }\n ownership = result.ownership;\n }\n\n // create a new user object with ownership if needed\n return {\n ...user,\n ownership,\n };\n }\n\n // ---------------------------------------------------------------------------------------------------------------\n // TESTING ONLY\n // ---------------------------------------------------------------------------------------------------------------\n\n protected createTestUser(): UserAccountToken {\n return {\n id: randomUUID(),\n name: \"Test\",\n roles: this.securityProvider.getRoles().map((role) => role.name),\n };\n }\n\n protected readonly onClientRequest = $hook({\n on: \"client:onRequest\",\n handler: async ({ request, options }) => {\n if (!this.alepha.isTest()) {\n return;\n }\n\n // skip helper if user is explicitly set to undefined\n if (\"user\" in options && options.user === undefined) {\n return;\n }\n\n request.headers = new Headers(request.headers);\n\n if (!request.headers.has(\"authorization\")) {\n const test = this.createTestUser();\n const user =\n typeof options?.user === \"object\" ? options.user : undefined;\n const sub = user?.id ?? test.id;\n const roles = user?.roles ?? test.roles;\n\n const token = await this.jwtProvider.create(\n {\n sub,\n roles,\n },\n user?.realm ?? this.securityProvider.getRealms()[0]?.name,\n );\n\n request.headers.set(\"authorization\", `Bearer ${token}`);\n }\n },\n });\n}\n\nexport type ServerRouteSecure = {\n realm?: string;\n basic?: BasicAuthOptions;\n};\n","import { $module } from \"alepha\";\nimport {\n $permission,\n $realm,\n $role,\n AlephaSecurity,\n type UserAccount,\n type UserAccountToken,\n} from \"alepha/security\";\nimport { AlephaServer, type FetchOptions } from \"alepha/server\";\nimport { $basicAuth } from \"./descriptors/$basicAuth.ts\";\nimport { ServerBasicAuthProvider } from \"./providers/ServerBasicAuthProvider.ts\";\nimport {\n type ServerRouteSecure,\n ServerSecurityProvider,\n} from \"./providers/ServerSecurityProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./descriptors/$basicAuth.ts\";\nexport * from \"./providers/ServerBasicAuthProvider.ts\";\nexport * from \"./providers/ServerSecurityProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha\" {\n interface State {\n /**\n * Real (or fake) user account, used for internal actions.\n *\n * If you define this, you assume that all actions are executed by this user by default.\n * > To force a different user, you need to pass it explicitly in the options.\n */\n\n \"alepha.server.security.system.user\"?: UserAccountToken;\n\n /**\n * The authenticated user account attached to the server request state.\n *\n * @internal\n */\n \"alepha.server.request.user\"?: UserAccount;\n }\n}\n\ndeclare module \"alepha/server\" {\n interface ServerRequest<TConfig> {\n user?: UserAccountToken; // for all routes, user is maybe present\n }\n\n interface ServerActionRequest<TConfig> {\n user: UserAccountToken; // for actions, user is always present\n }\n\n interface ServerRoute {\n /**\n * If true, the route will be protected by the security provider.\n * All actions are secure by default, but you can disable it for specific actions.\n */\n secure?: boolean | ServerRouteSecure;\n }\n\n interface ClientRequestOptions extends FetchOptions {\n /**\n * Forward user from the previous request.\n * If \"system\", use system user. @see {ServerSecurityProvider.localSystemUser}\n * If \"context\", use the user from the current context (e.g. request).\n *\n * @default \"system\" if provided, else \"context\" if available.\n */\n user?: UserAccountToken | \"system\" | \"context\";\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * Plugin for Alepha Server that provides security features. Based on the Alepha Security module.\n *\n * By default, all $action will be guarded by a permission check.\n *\n * @see {@link ServerSecurityProvider}\n * @module alepha.server.security\n */\nexport const AlephaServerSecurity = $module({\n name: \"alepha.server.security\",\n descriptors: [$realm, $role, $permission, $basicAuth],\n services: [\n AlephaServer,\n AlephaSecurity,\n ServerSecurityProvider,\n ServerBasicAuthProvider,\n ],\n});\n"],"mappings":";;;;;;;AAyBA,IAAa,0BAAb,MAAqC;CACnC,AAAmB,6BAAiBA,cAAO;CAC3C,AAAmB,kCAAe;CAClC,AAAmB,qCAAyBC,mCAAqB;CACjE,AAAmB,QAAQ;;;;CAK3B,AAAgB,kBAA+C,EAAE;;;;CAKjE,AAAO,aAAa,QAAyC;AAC3D,OAAK,gBAAgB,KAAK,OAAO;;CAGnC,AAAgB,4BAAgB;EAC9B,IAAI;EACJ,SAAS,YAAY;AACnB,QAAK,MAAM,QAAQ,KAAK,gBACtB,KAAI,KAAK,MACP,MAAK,MAAM,WAAW,KAAK,OAAO;IAChC,MAAM,gBAAgB,KAAK,eAAe,UAAU,QAAQ;AAC5D,SAAK,MAAM,SAAS,cAClB,OAAM,SAAS,EACb,OAAO;KACL,UAAU,KAAK;KACf,UAAU,KAAK;KAChB,EACF;;AAMT,OAAI,KAAK,gBAAgB,SAAS,EAChC,MAAK,IAAI,KACP,oBAAoB,KAAK,gBAAgB,OAAO,wCACjD;;EAGN,CAAC;;;;CAKF,AAAgB,8BAAkB;EAChC,IAAI;EACJ,SAAS,OAAO,EAAE,OAAO,cAAc;GACrC,MAAM,YAAY,MAAM;AACxB,OACE,OAAO,cAAc,YACrB,WAAW,aACX,UAAU,MAEV,MAAK,UAAU,SAAS,UAAU,MAAM;;EAG7C,CAAC;;;;CAKF,AAAgB,oCAAwB;EACtC,IAAI;EACJ,SAAS,OAAO,EAAE,QAAQ,cAAc;GACtC,MAAM,YAAY,OAAO,MAAM;AAC/B,OAAI,YAAY,UAAU,CACxB,MAAK,UAAU,SAAS,UAAU,MAAM;;EAG7C,CAAC;;;;CAKF,AAAO,UAAU,SAAwB,SAAiC;EACxE,MAAM,aAAa,QAAQ,SAAS;AAEpC,MAAI,CAAC,cAAc,CAAC,WAAW,WAAW,SAAS,EAAE;AACnD,QAAK,iBAAiB,QAAQ;AAC9B,SAAM,IAAIC,wBAAU;IAClB,QAAQ;IACR,SAAS;IACV,CAAC;;EAIJ,MAAM,oBAAoB,WAAW,MAAM,EAAE;EAC7C,MAAM,cAAc,OAAO,KAAK,mBAAmB,SAAS,CAAC,SAC3D,QACD;EAGD,MAAM,aAAa,YAAY,QAAQ,IAAI;EAC3C,MAAM,WACJ,eAAe,KAAK,YAAY,MAAM,GAAG,WAAW,GAAG;EACzD,MAAM,WAAW,eAAe,KAAK,YAAY,MAAM,aAAa,EAAE,GAAG;AAUzE,MAAI,CAPY,KAAK,0BACnB,UACA,UACA,QAAQ,UACR,QAAQ,SACT,EAEa;AACZ,QAAK,iBAAiB,QAAQ;AAC9B,QAAK,IAAI,KAAK,sCAAsC,EAClD,UACD,CAAC;AACF,SAAM,IAAIA,wBAAU;IAClB,QAAQ;IACR,SAAS;IACV,CAAC;;;;;;;CAQN,AAAU,0BACR,eACA,eACA,kBACA,kBACS;EAET,MAAM,eAAe,OAAO,KAAK,eAAe,QAAQ;EACxD,MAAM,kBAAkB,OAAO,KAAK,kBAAkB,QAAQ;EAC9D,MAAM,eAAe,OAAO,KAAK,eAAe,QAAQ;EACxD,MAAM,kBAAkB,OAAO,KAAK,kBAAkB,QAAQ;AAS9D,UALkB,KAAK,YAAY,cAAc,gBAAgB,GAC/C,KAAK,YAAY,cAAc,gBAAgB,MAI9B;;;;;;CAOrC,AAAU,YAAY,OAAe,UAA0B;AAG7D,MAAI,MAAM,WAAW,SAAS,QAAQ;AAEpC,oCAAgB,OAAO,MAAM;AAC7B,UAAO;;AAGT,0CAAuB,OAAO,SAAS,GAAG,IAAI;;;;;CAMhD,AAAU,iBAAiB,SAA8B;AACvD,UAAQ,MAAM,UAAU,oBAAoB,gBAAgB,KAAK,MAAM,GAAG;;;AAI9E,MAAa,eACX,UACyC;AACzC,QACE,OAAO,UAAU,YAAY,CAAC,CAAC,SAAS,WAAW,SAAS,CAAC,CAAC,MAAM;;;;;;;;;AC5LxE,MAAa,cACX,YACgC;AAChC,qCAAwB,qBAAqB,QAAQ;;AAWvD,IAAa,sBAAb,cACUC,kBAEV;CACE,AAAmB,8CAAkC,wBAAwB;CAE7E,IAAW,OAAe;AACxB,SAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,OAAO;;CAG7C,AAAU,SAAS;AAEjB,OAAK,wBAAwB,aAAa,KAAK,QAAQ;;;;;CAMzD,AAAO,MAAM,SAAwB,SAAkC;EACrE,MAAM,gBAAgB;GAAE,GAAG,KAAK;GAAS,GAAG;GAAS;AACrD,OAAK,wBAAwB,UAAU,SAAS,cAAc;;;AAIlE,WAAWC,eAAQ;;;;AC7BnB,IAAa,yBAAb,MAAoC;CAClC,AAAmB,kCAAe;CAClC,AAAmB,uCAA2BC,iCAAiB;CAC/D,AAAmB,kCAAsBC,4BAAY;CACrD,AAAmB,6BAAiBC,cAAO;CAE3C,AAAmB,gCAAoB;EACrC,IAAI;EACJ,SAAS,YAAY;AACnB,QAAK,MAAM,UAAU,KAAK,OAAO,YAAYC,sBAAQ,EAAE;AAIrD,QACE,OAAO,QAAQ,YACf,OAAO,QAAQ,WAAW,SAC1B,KAAK,iBAAiB,WAAW,CAAC,WAAW,EAE7C;AAIF,QAAI,OADW,OAAO,QAAQ,WACR,SACpB,MAAK,iBAAiB,iBAAiB;KACrC,MAAM,OAAO;KACb,OAAO,OAAO;KACd,QAAQ,OAAO,MAAM;KACrB,MAAM,OAAO,MAAM;KACpB,CAAC;;;EAIT,CAAC;CAIF,AAAmB,oCAAwB;EACzC,IAAI;EACJ,SAAS,OAAO,EAAE,QAAQ,SAAS,cAAc;AAG/C,OAAI,OAAO,QAAQ,WAAW,SAAS,CAAC,QAAQ,MAAM;AACpD,SAAK,IAAI,MAAM,oCAAoC;AACnD;;AAGF,OAAI,YAAY,OAAO,MAAM,OAAO,CAClC;GAGF,MAAM,aAAa,KAAK,iBACrB,gBAAgB,CAChB,MACE,OACC,GAAG,SAAS,OAAO,MAAM,QAAQ,GAAG,WAAW,OAAO,MAAM,OAC/D;AAEH,OAAI;AACF,YAAQ,OAAO,KAAK,mCAClB,SACA,WACD;IAED,MAAM,QAAQ,OAAO;AACrB,QAAI,OAAO,MAAM,WAAW,SAC1B,MAAK,MAAM,QAAQ,MAAM,MAAM,OAAO;AAGxC,SAAK,OAAO,MAAM,IAChB,8BACA,KAAK,OAAO,MAAM,OAAOC,uCAAuB,QAAQ,KAAK,CAC9D;YACM,OAAO;AACd,QAAI,OAAO,QAAQ,UAAU,WAC3B,OAAM;AAGR,SAAK,IAAI,MAAM,qCAAqC;;;EAGzD,CAAC;CAEF,AAAmB,8BAAkB;EACnC,IAAI;EACJ,UAAU;EACV,SAAS,OAAO,EAAE,SAAS,YAAY;AAErC,OAAI,MAAM,WAAW,OAAO;AAC1B,SAAK,IAAI,MACP,0DACD;AACD;;AAGF,OAAI,YAAY,MAAM,OAAO,CAC3B;GAGF,MAAM,aAAa,KAAK,iBACrB,gBAAgB,CAChB,MAAM,OAAO,GAAG,SAAS,MAAM,QAAQ,GAAG,WAAW,MAAM,OAAO;AAErE,OAAI,CAAC,QAAQ,QAAQ,iBAAiB,CAAC,MAAM,UAAU,CAAC,YAAY;AAClE,SAAK,IAAI,MACP,6EACD;AACD;;AAGF,OAAI;AAEF,YAAQ,OAAO,MAAM,KAAK,iBAAiB,oBACzC,QAAQ,QAAQ,eAChB,EAAE,YAAY,CACf;AAED,QAAI,OAAO,MAAM,WAAW,SAC1B,MAAK,MAAM,QAAQ,MAAM,MAAM,OAAO;AAGxC,SAAK,OAAO,MAAM,IAChB,8BAEA,KAAK,OAAO,MAAM,OAAOA,uCAAuB,QAAQ,KAAK,CAC9D;AAED,SAAK,IAAI,MAAM,+BAA+B;KAC5C,MAAM,QAAQ;KACd;KACD,CAAC;YACK,OAAO;AACd,QAAI,MAAM,UAAU,WAClB,OAAM;AAIR,SAAK,IAAI,MACP,sDACA,MACD;;;EAGN,CAAC;CAIF,AAAU,MAAM,MAAwB,QAA2B;AACjE,MAAI,OAAO,OACT;OAAI,KAAK,UAAU,OAAO,MACxB,OAAM,IAAIC,6BACR,8BAA8B,OAAO,MAAM,wBAC5C;;;;;;;;;;;;;;CAgBP,AAAU,mCACR,SACA,YACkB;EAClB,MAAM,cACJ,OAAO,QAAQ,SAAS,WAAW,QAAQ,OAAO;EAEpD,MAAM,OAAO,OAAO,QAAQ,SAAS,WAAW,QAAQ,OAAO;EAE/D,IAAIC;EAEJ,MAAM,cAAc,KAAK,OAAO,QAAQ,IAAmB,UAAU,EAAE;EACvE,MAAM,aAAa,KAAK,OAAO,MAAM,IACnC,qCACD;AAED,MAAI,SAAS,SACX,QAAO;WACE,SAAS,UAClB,QAAO;MAEP,QAAO,eAAe,eAAe;AAGvC,MAAI,CAAC,MAAM;AAET,OAAI,KAAK,OAAO,QAAQ,IAAI,EAAE,UAAU,SACtC,QAAO,KAAK,gBAAgB;AAG9B,SAAM,IAAIC,gCAAkB,2CAA2C;;EAGzE,MAAM,QACJ,KAAK,UACJ,KAAK,OAAO,QAAQ,GACjB,KAAK,iBAAiB,UAAU,CAAC,KAAK,SAAS,KAAK,KAAK,GACzD,EAAE;EACR,IAAIC;AAEJ,MAAI,YAAY;GACd,MAAM,SAAS,KAAK,iBAAiB,gBACnC,YACA,GAAG,MACJ;AACD,OAAI,CAAC,OAAO,aACV,OAAM,IAAIH,6BACR,eAAe,KAAK,iBAAiB,mBAAmB,WAAW,CAAC,8BACrE;AAEH,eAAY,OAAO;;AAIrB,SAAO;GACL,GAAG;GACH;GACD;;CAOH,AAAU,iBAAmC;AAC3C,SAAO;GACL,iCAAgB;GAChB,MAAM;GACN,OAAO,KAAK,iBAAiB,UAAU,CAAC,KAAK,SAAS,KAAK,KAAK;GACjE;;CAGH,AAAmB,oCAAwB;EACzC,IAAI;EACJ,SAAS,OAAO,EAAE,SAAS,cAAc;AACvC,OAAI,CAAC,KAAK,OAAO,QAAQ,CACvB;AAIF,OAAI,UAAU,WAAW,QAAQ,SAAS,OACxC;AAGF,WAAQ,UAAU,IAAI,QAAQ,QAAQ,QAAQ;AAE9C,OAAI,CAAC,QAAQ,QAAQ,IAAI,gBAAgB,EAAE;IACzC,MAAM,OAAO,KAAK,gBAAgB;IAClC,MAAM,OACJ,OAAO,SAAS,SAAS,WAAW,QAAQ,OAAO;IACrD,MAAM,MAAM,MAAM,MAAM,KAAK;IAC7B,MAAM,QAAQ,MAAM,SAAS,KAAK;IAElC,MAAM,QAAQ,MAAM,KAAK,YAAY,OACnC;KACE;KACA;KACD,EACD,MAAM,SAAS,KAAK,iBAAiB,WAAW,CAAC,IAAI,KACtD;AAED,YAAQ,QAAQ,IAAI,iBAAiB,UAAU,QAAQ;;;EAG5D,CAAC;;;;;;;;;;;;;AChNJ,MAAa,2CAA+B;CAC1C,MAAM;CACN,aAAa;EAACI;EAAQC;EAAOC;EAAa;EAAW;CACrD,UAAU;EACRC;EACAC;EACA;EACA;EACD;CACF,CAAC"}