alepha 0.20.2 → 0.20.3

package/dist/security/index.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.browser.js","names":[],"sources":["../../src/security/schemas/userAccountInfoSchema.ts","../../src/security/atoms/currentUserAtom.ts","../../src/security/errors/InvalidCredentialsError.ts","../../src/security/errors/InvalidPermissionError.ts","../../src/security/errors/SecurityError.ts","../../src/security/primitives/$secure.browser.ts","../../src/security/schemas/permissionSchema.ts","../../src/security/schemas/roleSchema.ts","../../src/security/index.browser.ts"],"sourcesContent":["import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const userAccountInfoSchema = t.object({\n  id: t.text({\n    description: \"Unique identifier for the user.\",\n  }),\n\n  name: t.optional(\n    t.text({\n      description: \"Full name of the user.\",\n    }),\n  ),\n\n  email: t.optional(\n    t.text({\n      description: \"Email address of the user.\",\n      format: \"email\",\n    }),\n  ),\n\n  username: t.optional(\n    t.text({\n      description: \"Preferred username of the user.\",\n    }),\n  ),\n\n  picture: t.optional(\n    t.text({\n      description: \"URL to the user's profile picture.\",\n    }),\n  ),\n\n  sessionId: t.optional(\n    t.text({\n      description: \"Session identifier for the user, if applicable.\",\n    }),\n  ),\n\n  // -------------------------------------------------------------------------------------------------------------------\n\n  organization: t.optional(\n    t.uuid({\n      description: \"Organization the user belongs to.\",\n    }),\n  ),\n\n  roles: t.optional(\n    t.array(t.text(), {\n      description: \"List of roles assigned to the user.\",\n    }),\n  ),\n\n  realm: t.optional(\n    t.text({\n      description: \"The realm (issuer) the user was authenticated from.\",\n    }),\n  ),\n});\n\nexport type UserAccount = Static<typeof userAccountInfoSchema>;\n","import { $atom, t } from \"alepha\";\nimport { userAccountInfoSchema } from \"../schemas/userAccountInfoSchema.ts\";\n\n/**\n * Atom storing the current authenticated user.\n *\n * Transport-agnostic — works with HTTP, MCP, pipelines, jobs, and any context\n * that sets the atom before calling secured logic.\n */\nexport const currentUserAtom = $atom({\n  name: \"alepha.security.user\",\n  schema: t.optional(userAccountInfoSchema),\n});\n","import { UnauthorizedError } from \"alepha/server\";\n\n/**\n * Error thrown when the provided credentials are invalid.\n *\n * Message can not be changed to avoid leaking information.\n * Cause is omitted for the same reason.\n */\nexport class InvalidCredentialsError extends UnauthorizedError {\n  readonly name = \"UnauthorizedError\";\n  constructor() {\n    super(\"Invalid credentials\");\n  }\n}\n","export class InvalidPermissionError extends Error {\n  constructor(name: string) {\n    super(`Permission '${name}' is invalid`);\n  }\n}\n","export class SecurityError extends Error {\n  public name = \"SecurityError\";\n  public readonly status = 403;\n}\n","import { createMiddleware, type Middleware } from \"alepha\";\nimport { currentUserAtom } from \"../atoms/currentUserAtom.ts\";\nimport type { UserAccountToken } from \"../interfaces/UserAccountToken.ts\";\nimport type { SecureOptions } from \"./$secure.ts\";\n\nexport type { SecureOptions };\n\n/**\n * Browser-side middleware that enforces authentication and authorization.\n *\n * Resolves the user from `currentUserAtom` only (no HTTP header resolution).\n * Checks roles from the user object and permissions from the user's roles.\n *\n * In the browser, an unauthenticated or unauthorized user is not an exception —\n * the middleware short-circuits by returning `undefined` and the handler is not called.\n * Components should use `action.can()` to conditionally render UI elements.\n *\n * ```typescript\n * class OrderController {\n *   getOrders = $action({\n *     use: [$secure()],\n *     handler: async ({ query }) => { ... },\n *   });\n *\n *   deleteOrder = $action({\n *     use: [$secure({ permissions: [\"orders:delete\"] })],\n *     handler: async ({ params }) => { ... },\n *   });\n * }\n * ```\n */\nexport function $secure(options?: SecureOptions): Middleware {\n  return createMiddleware({\n    name: \"$secure\",\n    options: (options as unknown as Record<string, unknown>) ?? undefined,\n    handler: ({ alepha, next }) => {\n      return async (...args: any[]) => {\n        const user: UserAccountToken | undefined =\n          alepha.store.get(currentUserAtom);\n\n        if (!user) {\n          return undefined;\n        }\n\n        // Issuer check\n        if (options?.issuers?.length) {\n          if (!user.realm || !options.issuers.includes(user.realm)) {\n            return undefined;\n          }\n        }\n\n        // Role check\n        if (options?.roles?.length) {\n          const hasRole = options.roles.some((role) =>\n            user.roles?.includes(role),\n          );\n          if (!hasRole) {\n            return undefined;\n          }\n        }\n\n        // Permission check (browser-side: check against user roles)\n        // Server-side permissions are enforced by the API — the browser version\n        // trusts that the API registry already filtered actions by permission.\n\n        // Custom guard\n        if (options?.guard) {\n          if (!options.guard(user)) {\n            return undefined;\n          }\n        }\n\n        return next(...args);\n      };\n    },\n  });\n}\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const permissionSchema = t.object({\n  name: t.text({\n    description: \"Name of the permission.\",\n  }),\n\n  group: t.optional(\n    t.text({\n      description: \"Group of the permission.\",\n    }),\n  ),\n\n  description: t.optional(\n    t.text({\n      description: \"Describe the permission.\",\n    }),\n  ),\n\n  // HTTP Only\n\n  method: t.optional(\n    t.text({\n      description: \"HTTP method of the permission. When available.\",\n    }),\n  ),\n\n  path: t.optional(\n    t.text({\n      description: \"Pathname of the permission. When available.\",\n    }),\n  ),\n});\n\nexport type Permission = Static<typeof permissionSchema>;\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const roleSchema = t.object({\n  name: t.text({\n    description: \"Name of the role.\",\n  }),\n\n  description: t.optional(\n    t.text({\n      description: \"Describe the role.\",\n    }),\n  ),\n\n  default: t.optional(\n    t.boolean({\n      description:\n        \"If true, this role will be assigned to all users by default.\",\n    }),\n  ),\n\n  permissions: t.array(\n    t.object({\n      name: t.text({\n        description: \"Name of the permission.\",\n      }),\n      ownership: t.optional(\n        t.boolean({\n          description:\n            \"If true, user will only have access to it's own resources.\",\n        }),\n      ),\n      exclude: t.optional(\n        t.array(t.text(), {\n          description:\n            \"Exclude some permissions. Useful when 'name' is a wildcard.\",\n        }),\n      ),\n    }),\n  ),\n});\n\nexport type Role = Static<typeof roleSchema>;\n","import { $module } from \"alepha\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./atoms/currentUserAtom.ts\";\nexport * from \"./errors/InvalidCredentialsError.ts\";\nexport * from \"./errors/InvalidPermissionError.ts\";\nexport * from \"./errors/SecurityError.ts\";\nexport * from \"./interfaces/UserAccountToken.ts\";\nexport * from \"./primitives/$secure.browser.ts\";\nexport * from \"./schemas/permissionSchema.ts\";\nexport * from \"./schemas/roleSchema.ts\";\nexport * from \"./schemas/userAccountInfoSchema.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport const AlephaSecurity = $module({\n  name: \"alepha.security\",\n});\n"],"mappings":";;;AAGA,MAAa,wBAAwB,EAAE,OAAO;CAC5C,IAAI,EAAE,KAAK,EACT,aAAa,mCACd,CAAC;CAEF,MAAM,EAAE,SACN,EAAE,KAAK,EACL,aAAa,0BACd,CAAC,CACH;CAED,OAAO,EAAE,SACP,EAAE,KAAK;EACL,aAAa;EACb,QAAQ;EACT,CAAC,CACH;CAED,UAAU,EAAE,SACV,EAAE,KAAK,EACL,aAAa,mCACd,CAAC,CACH;CAED,SAAS,EAAE,SACT,EAAE,KAAK,EACL,aAAa,sCACd,CAAC,CACH;CAED,WAAW,EAAE,SACX,EAAE,KAAK,EACL,aAAa,mDACd,CAAC,CACH;CAID,cAAc,EAAE,SACd,EAAE,KAAK,EACL,aAAa,qCACd,CAAC,CACH;CAED,OAAO,EAAE,SACP,EAAE,MAAM,EAAE,MAAM,EAAE,EAChB,aAAa,uCACd,CAAC,CACH;CAED,OAAO,EAAE,SACP,EAAE,KAAK,EACL,aAAa,uDACd,CAAC,CACH;CACF,CAAC;;;;;;;;;ACjDF,MAAa,kBAAkB,MAAM;CACnC,MAAM;CACN,QAAQ,EAAE,SAAS,sBAAsB;CAC1C,CAAC;;;;;;;;;ACJF,IAAa,0BAAb,cAA6C,kBAAkB;CAC7D,OAAgB;CAChB,cAAc;AACZ,QAAM,sBAAsB;;;;;ACXhC,IAAa,yBAAb,cAA4C,MAAM;CAChD,YAAY,MAAc;AACxB,QAAM,eAAe,KAAK,cAAc;;;;;ACF5C,IAAa,gBAAb,cAAmC,MAAM;CACvC,OAAc;CACd,SAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;AC6B3B,SAAgB,QAAQ,SAAqC;AAC3D,QAAO,iBAAiB;EACtB,MAAM;EACN,SAAU,WAAkD,KAAA;EAC5D,UAAU,EAAE,QAAQ,WAAW;AAC7B,UAAO,OAAO,GAAG,SAAgB;IAC/B,MAAM,OACJ,OAAO,MAAM,IAAI,gBAAgB;AAEnC,QAAI,CAAC,KACH;AAIF,QAAI,SAAS,SAAS;SAChB,CAAC,KAAK,SAAS,CAAC,QAAQ,QAAQ,SAAS,KAAK,MAAM,CACtD;;AAKJ,QAAI,SAAS,OAAO;SAId,CAHY,QAAQ,MAAM,MAAM,SAClC,KAAK,OAAO,SAAS,KAAK,CAC3B,CAEC;;AASJ,QAAI,SAAS;SACP,CAAC,QAAQ,MAAM,KAAK,CACtB;;AAIJ,WAAO,KAAK,GAAG,KAAK;;;EAGzB,CAAC;;;;ACxEJ,MAAa,mBAAmB,EAAE,OAAO;CACvC,MAAM,EAAE,KAAK,EACX,aAAa,2BACd,CAAC;CAEF,OAAO,EAAE,SACP,EAAE,KAAK,EACL,aAAa,4BACd,CAAC,CACH;CAED,aAAa,EAAE,SACb,EAAE,KAAK,EACL,aAAa,4BACd,CAAC,CACH;CAID,QAAQ,EAAE,SACR,EAAE,KAAK,EACL,aAAa,kDACd,CAAC,CACH;CAED,MAAM,EAAE,SACN,EAAE,KAAK,EACL,aAAa,+CACd,CAAC,CACH;CACF,CAAC;;;AC9BF,MAAa,aAAa,EAAE,OAAO;CACjC,MAAM,EAAE,KAAK,EACX,aAAa,qBACd,CAAC;CAEF,aAAa,EAAE,SACb,EAAE,KAAK,EACL,aAAa,sBACd,CAAC,CACH;CAED,SAAS,EAAE,SACT,EAAE,QAAQ,EACR,aACE,gEACH,CAAC,CACH;CAED,aAAa,EAAE,MACb,EAAE,OAAO;EACP,MAAM,EAAE,KAAK,EACX,aAAa,2BACd,CAAC;EACF,WAAW,EAAE,SACX,EAAE,QAAQ,EACR,aACE,8DACH,CAAC,CACH;EACD,SAAS,EAAE,SACT,EAAE,MAAM,EAAE,MAAM,EAAE,EAChB,aACE,+DACH,CAAC,CACH;EACF,CAAC,CACH;CACF,CAAC;;;ACxBF,MAAa,iBAAiB,QAAQ,EACpC,MAAM,mBACP,CAAC"}
+{"version":3,"file":"index.browser.js","names":[],"sources":["../../src/security/schemas/userAccountInfoSchema.ts","../../src/security/atoms/currentUserAtom.ts","../../src/security/errors/InvalidCredentialsError.ts","../../src/security/errors/InvalidPermissionError.ts","../../src/security/errors/SecurityError.ts","../../src/security/primitives/$secure.browser.ts","../../src/security/schemas/permissionSchema.ts","../../src/security/schemas/roleSchema.ts","../../src/security/index.browser.ts"],"sourcesContent":["import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const userAccountInfoSchema = t.object({\n  id: t.text({\n    description: \"Unique identifier for the user.\",\n  }),\n\n  name: t.optional(\n    t.text({\n      description: \"Full name of the user.\",\n    }),\n  ),\n\n  email: t.optional(\n    t.text({\n      description: \"Email address of the user.\",\n      format: \"email\",\n    }),\n  ),\n\n  username: t.optional(\n    t.text({\n      description: \"Preferred username of the user.\",\n    }),\n  ),\n\n  picture: t.optional(\n    t.text({\n      description: \"URL to the user's profile picture.\",\n    }),\n  ),\n\n  sessionId: t.optional(\n    t.text({\n      description: \"Session identifier for the user, if applicable.\",\n    }),\n  ),\n\n  // -------------------------------------------------------------------------------------------------------------------\n\n  organization: t.optional(\n    t.uuid({\n      description: \"Organization the user belongs to.\",\n    }),\n  ),\n\n  roles: t.optional(\n    t.array(t.text(), {\n      description: \"List of roles assigned to the user.\",\n    }),\n  ),\n\n  realm: t.optional(\n    t.text({\n      description: \"The realm (issuer) the user was authenticated from.\",\n    }),\n  ),\n});\n\nexport type UserAccount = Static<typeof userAccountInfoSchema>;\n","import { $atom, t } from \"alepha\";\nimport { userAccountInfoSchema } from \"../schemas/userAccountInfoSchema.ts\";\n\n/**\n * Atom storing the current authenticated user.\n *\n * Transport-agnostic — works with HTTP, MCP, pipelines, jobs, and any context\n * that sets the atom before calling secured logic.\n */\nexport const currentUserAtom = $atom({\n  name: \"alepha.security.user\",\n  schema: t.optional(userAccountInfoSchema),\n});\n","import { UnauthorizedError } from \"alepha/server\";\n\n/**\n * Error thrown when the provided credentials are invalid.\n *\n * Message can not be changed to avoid leaking information.\n * Cause is omitted for the same reason.\n */\nexport class InvalidCredentialsError extends UnauthorizedError {\n  readonly name = \"UnauthorizedError\";\n  constructor() {\n    super(\"Invalid credentials\");\n  }\n}\n","export class InvalidPermissionError extends Error {\n  constructor(name: string) {\n    super(`Permission '${name}' is invalid`);\n  }\n}\n","export class SecurityError extends Error {\n  public name = \"SecurityError\";\n  public readonly status = 403;\n}\n","import { createMiddleware, type Middleware } from \"alepha\";\nimport { currentUserAtom } from \"../atoms/currentUserAtom.ts\";\nimport type { UserAccountToken } from \"../interfaces/UserAccountToken.ts\";\nimport type { SecureOptions } from \"./$secure.ts\";\n\nexport type { SecureOptions };\n\n/**\n * Browser-side middleware that enforces authentication and authorization.\n *\n * Resolves the user from `currentUserAtom` only (no HTTP header resolution).\n * Checks roles from the user object and permissions from the user's roles.\n *\n * In the browser, an unauthenticated or unauthorized user is not an exception —\n * the middleware short-circuits by returning `undefined` and the handler is not called.\n * Components should use `action.can()` to conditionally render UI elements.\n *\n * ```typescript\n * class OrderController {\n *   getOrders = $action({\n *     use: [$secure()],\n *     handler: async ({ query }) => { ... },\n *   });\n *\n *   deleteOrder = $action({\n *     use: [$secure({ permissions: [\"orders:delete\"] })],\n *     handler: async ({ params }) => { ... },\n *   });\n * }\n * ```\n */\nexport function $secure(options?: SecureOptions): Middleware {\n  return createMiddleware({\n    name: \"$secure\",\n    options: (options as unknown as Record<string, unknown>) ?? undefined,\n    handler: ({ alepha, next }) => {\n      return async (...args: any[]) => {\n        const user: UserAccountToken | undefined =\n          alepha.store.get(currentUserAtom);\n\n        if (!user) {\n          return undefined;\n        }\n\n        // Issuer check\n        if (options?.issuers?.length) {\n          if (!user.realm || !options.issuers.includes(user.realm)) {\n            return undefined;\n          }\n        }\n\n        // Role check\n        if (options?.roles?.length) {\n          const hasRole = options.roles.some((role) =>\n            user.roles?.includes(role),\n          );\n          if (!hasRole) {\n            return undefined;\n          }\n        }\n\n        // Permission check (browser-side: check against user roles)\n        // Server-side permissions are enforced by the API — the browser version\n        // trusts that the API registry already filtered actions by permission.\n\n        // Custom guard\n        if (options?.guard) {\n          if (!options.guard(user)) {\n            return undefined;\n          }\n        }\n\n        return next(...args);\n      };\n    },\n  });\n}\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const permissionSchema = t.object({\n  name: t.text({\n    description: \"Name of the permission.\",\n  }),\n\n  group: t.optional(\n    t.text({\n      description: \"Group of the permission.\",\n    }),\n  ),\n\n  description: t.optional(\n    t.text({\n      description: \"Describe the permission.\",\n    }),\n  ),\n\n  // HTTP Only\n\n  method: t.optional(\n    t.text({\n      description: \"HTTP method of the permission. When available.\",\n    }),\n  ),\n\n  path: t.optional(\n    t.text({\n      description: \"Pathname of the permission. When available.\",\n    }),\n  ),\n});\n\nexport type Permission = Static<typeof permissionSchema>;\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const roleSchema = t.object({\n  name: t.text({\n    description: \"Name of the role.\",\n  }),\n\n  description: t.optional(\n    t.text({\n      description: \"Describe the role.\",\n    }),\n  ),\n\n  default: t.optional(\n    t.boolean({\n      description:\n        \"If true, this role will be assigned to all users by default.\",\n    }),\n  ),\n\n  permissions: t.array(\n    t.object({\n      name: t.text({\n        description: \"Name of the permission.\",\n      }),\n      ownership: t.optional(\n        t.boolean({\n          description:\n            \"If true, user will only have access to it's own resources.\",\n        }),\n      ),\n      exclude: t.optional(\n        t.array(t.text(), {\n          description:\n            \"Exclude some permissions. Useful when 'name' is a wildcard.\",\n        }),\n      ),\n    }),\n  ),\n});\n\nexport type Role = Static<typeof roleSchema>;\n","import { $module } from \"alepha\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./atoms/currentUserAtom.ts\";\nexport * from \"./errors/InvalidCredentialsError.ts\";\nexport * from \"./errors/InvalidPermissionError.ts\";\nexport * from \"./errors/SecurityError.ts\";\nexport * from \"./interfaces/UserAccountToken.ts\";\nexport * from \"./primitives/$secure.browser.ts\";\nexport * from \"./schemas/permissionSchema.ts\";\nexport * from \"./schemas/roleSchema.ts\";\nexport * from \"./schemas/userAccountInfoSchema.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport const AlephaSecurity = $module({\n  name: \"alepha.security\",\n});\n"],"mappings":";;;AAGA,MAAa,wBAAwB,EAAE,OAAO;CAC5C,IAAI,EAAE,KAAK,EACT,aAAa,mCACd,CAAC;CAEF,MAAM,EAAE,SACN,EAAE,KAAK,EACL,aAAa,0BACd,CAAC,CACH;CAED,OAAO,EAAE,SACP,EAAE,KAAK;EACL,aAAa;EACb,QAAQ;EACT,CAAC,CACH;CAED,UAAU,EAAE,SACV,EAAE,KAAK,EACL,aAAa,mCACd,CAAC,CACH;CAED,SAAS,EAAE,SACT,EAAE,KAAK,EACL,aAAa,sCACd,CAAC,CACH;CAED,WAAW,EAAE,SACX,EAAE,KAAK,EACL,aAAa,mDACd,CAAC,CACH;CAID,cAAc,EAAE,SACd,EAAE,KAAK,EACL,aAAa,qCACd,CAAC,CACH;CAED,OAAO,EAAE,SACP,EAAE,MAAM,EAAE,MAAM,EAAE,EAChB,aAAa,uCACd,CAAC,CACH;CAED,OAAO,EAAE,SACP,EAAE,KAAK,EACL,aAAa,uDACd,CAAC,CACH;CACF,CAAC;;;;;;;;;ACjDF,MAAa,kBAAkB,MAAM;CACnC,MAAM;CACN,QAAQ,EAAE,SAAS,sBAAsB;CAC1C,CAAC;;;;;;;;;ACJF,IAAa,0BAAb,cAA6C,kBAAkB;CAC7D,OAAgB;CAChB,cAAc;AACZ,QAAM,sBAAsB;;;;;ACXhC,IAAa,yBAAb,cAA4C,MAAM;CAChD,YAAY,MAAc;AACxB,QAAM,eAAe,KAAK,cAAc;;;;;ACF5C,IAAa,gBAAb,cAAmC,MAAM;CACvC,OAAc;CACd,SAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;AC6B3B,SAAgB,QAAQ,SAAqC;AAC3D,QAAO,iBAAiB;EACtB,MAAM;EACN,SAAU,WAAkD,KAAA;EAC5D,UAAU,EAAE,QAAQ,WAAW;AAC7B,UAAO,OAAO,GAAG,SAAgB;IAC/B,MAAM,OACJ,OAAO,MAAM,IAAI,gBAAgB;AAEnC,QAAI,CAAC,KACH;AAIF,QAAI,SAAS,SAAS;SAChB,CAAC,KAAK,SAAS,CAAC,QAAQ,QAAQ,SAAS,KAAK,MAAM,CACtD;;AAKJ,QAAI,SAAS,OAAO;SAId,CAHY,QAAQ,MAAM,MAAM,SAClC,KAAK,OAAO,SAAS,KAAK,CAEhB,CACV;;AASJ,QAAI,SAAS;SACP,CAAC,QAAQ,MAAM,KAAK,CACtB;;AAIJ,WAAO,KAAK,GAAG,KAAK;;;EAGzB,CAAC;;;;ACxEJ,MAAa,mBAAmB,EAAE,OAAO;CACvC,MAAM,EAAE,KAAK,EACX,aAAa,2BACd,CAAC;CAEF,OAAO,EAAE,SACP,EAAE,KAAK,EACL,aAAa,4BACd,CAAC,CACH;CAED,aAAa,EAAE,SACb,EAAE,KAAK,EACL,aAAa,4BACd,CAAC,CACH;CAID,QAAQ,EAAE,SACR,EAAE,KAAK,EACL,aAAa,kDACd,CAAC,CACH;CAED,MAAM,EAAE,SACN,EAAE,KAAK,EACL,aAAa,+CACd,CAAC,CACH;CACF,CAAC;;;AC9BF,MAAa,aAAa,EAAE,OAAO;CACjC,MAAM,EAAE,KAAK,EACX,aAAa,qBACd,CAAC;CAEF,aAAa,EAAE,SACb,EAAE,KAAK,EACL,aAAa,sBACd,CAAC,CACH;CAED,SAAS,EAAE,SACT,EAAE,QAAQ,EACR,aACE,gEACH,CAAC,CACH;CAED,aAAa,EAAE,MACb,EAAE,OAAO;EACP,MAAM,EAAE,KAAK,EACX,aAAa,2BACd,CAAC;EACF,WAAW,EAAE,SACX,EAAE,QAAQ,EACR,aACE,8DACH,CAAC,CACH;EACD,SAAS,EAAE,SACT,EAAE,MAAM,EAAE,MAAM,EAAE,EAChB,aACE,+DACH,CAAC,CACH;EACF,CAAC,CACH;CACF,CAAC;;;ACxBF,MAAa,iBAAiB,QAAQ,EACpC,MAAM,mBACP,CAAC"}

package/dist/security/index.d.ts

@@ -2,8 +2,10 @@ import * as _$alepha from "alepha";
 import { Alepha, KIND, Middleware, Primitive, Static } from "alepha";
 import { DateTimeProvider, Duration, DurationLike } from "alepha/datetime";
 import * as _$alepha_logger0 from "alepha/logger";
+import { CryptoKey, FlattenedJWSInput, JSONWebKeySet, JWSHeaderParameters, JWTHeaderParameters, JWTPayload, JWTVerifyResult, KeyObject } from "jose";
 import { SecretProvider } from "alepha/crypto";
 import { FetchOptions, ServerRequest, UnauthorizedError } from "alepha/server";
+import { JWTVerifyOptions } from "jose/jwt/verify";
 export * from "alepha/crypto";
 
 //#region ../../src/security/schemas/userAccountInfoSchema.d.ts
@@ -129,331 +131,6 @@ interface BasicAuthOptions {
  */
 declare function $basicAuth(options: BasicAuthOptions): Middleware;
 //#endregion
-//#region ../../../../node_modules/jose/dist/types/types.d.ts
-/** Generic JSON Web Key Parameters. */
-interface JWKParameters {
-  /** JWK "kty" (Key Type) Parameter */
-  kty?: string;
-  /**
-   * JWK "alg" (Algorithm) Parameter
-   *
-   * @see {@link https://github.com/panva/jose/issues/210 Algorithm Key Requirements}
-   */
-  alg?: string;
-  /** JWK "key_ops" (Key Operations) Parameter */
-  key_ops?: string[];
-  /** JWK "ext" (Extractable) Parameter */
-  ext?: boolean;
-  /** JWK "use" (Public Key Use) Parameter */
-  use?: string;
-  /** JWK "x5c" (X.509 Certificate Chain) Parameter */
-  x5c?: string[];
-  /** JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter */
-  x5t?: string;
-  /** JWK "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter */
-  'x5t#S256'?: string;
-  /** JWK "x5u" (X.509 URL) Parameter */
-  x5u?: string;
-  /** JWK "kid" (Key ID) Parameter */
-  kid?: string;
-}
-/**
- * JSON Web Key ({@link https://www.rfc-editor.org/rfc/rfc7517 JWK}). "RSA", "EC", "OKP", "AKP", and
- * "oct" key types are supported.
- *
- * @see {@link JWK_AKP_Public}
- * @see {@link JWK_AKP_Private}
- * @see {@link JWK_OKP_Public}
- * @see {@link JWK_OKP_Private}
- * @see {@link JWK_EC_Public}
- * @see {@link JWK_EC_Private}
- * @see {@link JWK_RSA_Public}
- * @see {@link JWK_RSA_Private}
- * @see {@link JWK_oct}
- */
-interface JWK extends JWKParameters {
-  /**
-   * - EC JWK "crv" (Curve) Parameter
-   * - OKP JWK "crv" (The Subtype of Key Pair) Parameter
-   */
-  crv?: string;
-  /**
-   * - Private RSA JWK "d" (Private Exponent) Parameter
-   * - Private EC JWK "d" (ECC Private Key) Parameter
-   * - Private OKP JWK "d" (The Private Key) Parameter
-   */
-  d?: string;
-  /** Private RSA JWK "dp" (First Factor CRT Exponent) Parameter */
-  dp?: string;
-  /** Private RSA JWK "dq" (Second Factor CRT Exponent) Parameter */
-  dq?: string;
-  /** RSA JWK "e" (Exponent) Parameter */
-  e?: string;
-  /** Oct JWK "k" (Key Value) Parameter */
-  k?: string;
-  /** RSA JWK "n" (Modulus) Parameter */
-  n?: string;
-  /** Private RSA JWK "p" (First Prime Factor) Parameter */
-  p?: string;
-  /** Private RSA JWK "q" (Second Prime Factor) Parameter */
-  q?: string;
-  /** Private RSA JWK "qi" (First CRT Coefficient) Parameter */
-  qi?: string;
-  /**
-   * - EC JWK "x" (X Coordinate) Parameter
-   * - OKP JWK "x" (The public key) Parameter
-   */
-  x?: string;
-  /** EC JWK "y" (Y Coordinate) Parameter */
-  y?: string;
-  /** AKP JWK "pub" (Public Key) Parameter */
-  pub?: string;
-  /** AKP JWK "priv" (Private key) Parameter */
-  priv?: string;
-}
-/**
- * Flattened JWS definition for verify function inputs, allows payload as {@link !Uint8Array} for
- * detached signature validation.
- */
-interface FlattenedJWSInput {
-  /**
-   * The "header" member MUST be present and contain the value JWS Unprotected Header when the JWS
-   * Unprotected Header value is non- empty; otherwise, it MUST be absent. This value is represented
-   * as an unencoded JSON object, rather than as a string. These Header Parameter values are not
-   * integrity protected.
-   */
-  header?: JWSHeaderParameters;
-  /**
-   * The "payload" member MUST be present and contain the value BASE64URL(JWS Payload). When RFC7797
-   * "b64": false is used the value passed may also be a {@link !Uint8Array}.
-   */
-  payload: string | Uint8Array;
-  /**
-   * The "protected" member MUST be present and contain the value BASE64URL(UTF8(JWS Protected
-   * Header)) when the JWS Protected Header value is non-empty; otherwise, it MUST be absent. These
-   * Header Parameter values are integrity protected.
-   */
-  protected?: string;
-  /** The "signature" member MUST be present and contain the value BASE64URL(JWS Signature). */
-  signature: string;
-}
-/** Header Parameters common to JWE and JWS */
-interface JoseHeaderParameters {
-  /** "kid" (Key ID) Header Parameter */
-  kid?: string;
-  /** "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter */
-  x5t?: string;
-  /** "x5c" (X.509 Certificate Chain) Header Parameter */
-  x5c?: string[];
-  /** "x5u" (X.509 URL) Header Parameter */
-  x5u?: string;
-  /** "jku" (JWK Set URL) Header Parameter */
-  jku?: string;
-  /** "jwk" (JSON Web Key) Header Parameter */
-  jwk?: Pick<JWK, 'kty' | 'crv' | 'x' | 'y' | 'e' | 'n' | 'alg' | 'pub'>;
-  /** "typ" (Type) Header Parameter */
-  typ?: string;
-  /** "cty" (Content Type) Header Parameter */
-  cty?: string;
-}
-/** Recognized JWS Header Parameters, any other Header Members may also be present. */
-interface JWSHeaderParameters extends JoseHeaderParameters {
-  /**
-   * JWS "alg" (Algorithm) Header Parameter
-   *
-   * @see {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}
-   */
-  alg?: string;
-  /**
-   * This JWS Extension Header Parameter modifies the JWS Payload representation and the JWS Signing
-   * Input computation as per {@link https://www.rfc-editor.org/rfc/rfc7797 RFC7797}.
-   */
-  b64?: boolean;
-  /** JWS "crit" (Critical) Header Parameter */
-  crit?: string[];
-  /** Any other JWS Header member. */
-  [propName: string]: unknown;
-}
-/** Shared Interface with a "crit" property for all sign, verify, encrypt and decrypt operations. */
-interface CritOption {
-  /**
-   * An object with keys representing recognized "crit" (Critical) Header Parameter names. The value
-   * for those is either `true` or `false`. `true` when the Header Parameter MUST be integrity
-   * protected, `false` when it's irrelevant.
-   *
-   * This makes the "Extension Header Parameter "..." is not recognized" error go away.
-   *
-   * Use this when a given JWS/JWT/JWE profile requires the use of proprietary non-registered "crit"
-   * (Critical) Header Parameters. This will only make sure the Header Parameter is syntactically
-   * correct when provided and that it is optionally integrity protected. It will not process the
-   * Header Parameter in any way or reject the operation if it is missing. You MUST still verify the
-   * Header Parameter was present and process it according to the profile's validation steps after
-   * the operation succeeds.
-   *
-   * The JWS extension Header Parameter `b64` is always recognized and processed properly. No other
-   * registered Header Parameters that need this kind of default built-in treatment are currently
-   * available.
-   */
-  crit?: {
-    [propName: string]: boolean;
-  };
-}
-/** JWT Claims Set verification options. */
-interface JWTClaimVerificationOptions {
-  /**
-   * Expected JWT "aud" (Audience) Claim value(s).
-   *
-   * This option makes the JWT "aud" (Audience) Claim presence required.
-   */
-  audience?: string | string[];
-  /**
-   * Clock skew tolerance
-   *
-   * - In seconds when number (e.g. 5)
-   * - Resolved into a number of seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").
-   *
-   * Used when validating the JWT "nbf" (Not Before) and "exp" (Expiration Time) claims, and when
-   * validating the "iat" (Issued At) claim if the {@link maxTokenAge `maxTokenAge` option} is set.
-   */
-  clockTolerance?: string | number;
-  /**
-   * Expected JWT "iss" (Issuer) Claim value(s).
-   *
-   * This option makes the JWT "iss" (Issuer) Claim presence required.
-   */
-  issuer?: string | string[];
-  /**
-   * Maximum time elapsed (in seconds) from the JWT "iat" (Issued At) Claim value.
-   *
-   * - In seconds when number (e.g. 5)
-   * - Resolved into a number of seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").
-   *
-   * This option makes the JWT "iat" (Issued At) Claim presence required.
-   */
-  maxTokenAge?: string | number;
-  /**
-   * Expected JWT "sub" (Subject) Claim value.
-   *
-   * This option makes the JWT "sub" (Subject) Claim presence required.
-   */
-  subject?: string;
-  /**
-   * Expected JWT "typ" (Type) Header Parameter value.
-   *
-   * This option makes the JWT "typ" (Type) Header Parameter presence required.
-   */
-  typ?: string;
-  /** Date to use when comparing NumericDate claims, defaults to `new Date()`. */
-  currentDate?: Date;
-  /**
-   * Array of required Claim Names that must be present in the JWT Claims Set. Default is that: if
-   * the {@link issuer `issuer` option} is set, then JWT "iss" (Issuer) Claim must be present; if the
-   * {@link audience `audience` option} is set, then JWT "aud" (Audience) Claim must be present; if
-   * the {@link subject `subject` option} is set, then JWT "sub" (Subject) Claim must be present; if
-   * the {@link maxTokenAge `maxTokenAge` option} is set, then JWT "iat" (Issued At) Claim must be
-   * present.
-   */
-  requiredClaims?: string[];
-}
-/** JWS Verification options. */
-interface VerifyOptions extends CritOption {
-  /**
-   * A list of accepted JWS "alg" (Algorithm) Header Parameter values. By default all "alg"
-   * (Algorithm) values applicable for the used key/secret are allowed.
-   *
-   * > [!NOTE]\
-   * > Unsecured JWTs (`{ "alg": "none" }`) are never accepted by this API.
-   */
-  algorithms?: string[];
-}
-/** Recognized JWT Claims Set members, any other members may also be present. */
-interface JWTPayload {
-  /**
-   * JWT Issuer
-   *
-   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1 RFC7519#section-4.1.1}
-   */
-  iss?: string;
-  /**
-   * JWT Subject
-   *
-   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2 RFC7519#section-4.1.2}
-   */
-  sub?: string;
-  /**
-   * JWT Audience
-   *
-   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3 RFC7519#section-4.1.3}
-   */
-  aud?: string | string[];
-  /**
-   * JWT ID
-   *
-   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7 RFC7519#section-4.1.7}
-   */
-  jti?: string;
-  /**
-   * JWT Not Before
-   *
-   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5 RFC7519#section-4.1.5}
-   */
-  nbf?: number;
-  /**
-   * JWT Expiration Time
-   *
-   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4 RFC7519#section-4.1.4}
-   */
-  exp?: number;
-  /**
-   * JWT Issued At
-   *
-   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6 RFC7519#section-4.1.6}
-   */
-  iat?: number;
-  /** Any other JWT Claim Set member. */
-  [propName: string]: unknown;
-}
-/** Signed JSON Web Token (JWT) verification result */
-interface JWTVerifyResult<PayloadType = JWTPayload> {
-  /** JWT Claims Set. */
-  payload: PayloadType & JWTPayload;
-  /** JWS Protected Header. */
-  protectedHeader: JWTHeaderParameters;
-}
-/** Recognized Compact JWS Header Parameters, any other Header Members may also be present. */
-interface CompactJWSHeaderParameters extends JWSHeaderParameters {
-  alg: string;
-}
-/** Recognized Signed JWT Header Parameters, any other Header Members may also be present. */
-interface JWTHeaderParameters extends CompactJWSHeaderParameters {
-  b64?: true;
-}
-/** JSON Web Key Set */
-interface JSONWebKeySet {
-  keys: JWK[];
-}
-/**
- * {@link !KeyObject} is a representation of a key/secret available in the Node.js runtime. You may
- * use the Node.js runtime APIs {@link !createPublicKey}, {@link !createPrivateKey}, and
- * {@link !createSecretKey} to obtain a {@link !KeyObject} from your existing key material.
- */
-interface KeyObject {
-  type: string;
-}
-/**
- * {@link !CryptoKey} is a representation of a key/secret available in all supported runtimes. In
- * addition to the {@link key/import Key Import Functions} you may use the
- * {@link !SubtleCrypto.importKey} API to obtain a {@link !CryptoKey} from your existing key
- * material.
- */
-type CryptoKey = Extract<Awaited<ReturnType<typeof crypto.subtle.generateKey>>, {
-  type: string;
-}>;
-//#endregion
-//#region ../../../../node_modules/jose/dist/types/jwt/verify.d.ts
-/** Combination of JWS Verification options and JWT Claims Set verification options. */
-interface JWTVerifyOptions extends VerifyOptions, JWTClaimVerificationOptions {}
-//#endregion
 //#region ../../src/security/providers/JwtProvider.d.ts
 /**
  * Provides utilities for working with JSON Web Tokens (JWT).

package/dist/security/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":["JWKParameters","kty","alg","key_ops","ext","use","x5c","x5t","x5u","kid","JWK_OKP_Public","crv","x","JWK_OKP_Private","d","JWK_AKP_Public","pub","JWK_AKP_Private","priv","JWK_EC_Public","y","JWK_EC_Private","JWK_RSA_Public","e","n","JWK_RSA_Private","dp","dq","p","q","qi","JWK_oct","k","JWK","GenericGetKeyFunction","IProtectedHeader","IToken","ReturnKeyTypes","Promise","protectedHeader","token","GetKeyFunction","CryptoKey","KeyObject","Uint8Array","FlattenedJWSInput","JWSHeaderParameters","header","payload","protected","signature","GeneralJWSInput","Omit","signatures","FlattenedJWS","Partial","GeneralJWS","JoseHeaderParameters","Pick","jku","jwk","typ","cty","b64","crit","propName","JWEKeyManagementHeaderParameters","apu","apv","p2c","p2s","iv","epk","FlattenedJWE","JWEHeaderParameters","aad","ciphertext","encrypted_key","tag","unprotected","GeneralJWE","recipients","enc","zip","CritOption","DecryptOptions","keyManagementAlgorithms","contentEncryptionAlgorithms","maxPBES2Count","maxDecompressedLength","EncryptOptions","JWTClaimVerificationOptions","Date","audience","clockTolerance","issuer","maxTokenAge","subject","currentDate","requiredClaims","VerifyOptions","algorithms","SignOptions","JWTPayload","iss","sub","aud","jti","nbf","exp","iat","FlattenedDecryptResult","additionalAuthenticatedData","plaintext","sharedUnprotectedHeader","unprotectedHeader","GeneralDecryptResult","CompactDecryptResult","CompactJWEHeaderParameters","FlattenedVerifyResult","GeneralVerifyResult","CompactVerifyResult","CompactJWSHeaderParameters","JWTVerifyResult","PayloadType","JWTHeaderParameters","JWTDecryptResult","ResolvedKey","key","JSONWebKeySet","keys","type","crypto","subtle","generateKey","ReturnType","Awaited","Extract","ProduceJWT","setIssuer","setSubject","setAudience","setJti","jwtId","setNotBefore","input","setExpirationTime","setIssuedAt","types","JWTVerifyOptions","VerifyOptions","JWTClaimVerificationOptions","JWTVerifyGetKey","JWTHeaderParameters","FlattenedJWSInput","CryptoKey","KeyObject","JWK","Uint8Array","GenericGetKeyFunction","jwtVerify","PayloadType","JWTPayload","JWTVerifyResult","Promise","jwt","key","options","ResolvedKey","getKey"],"sources":["../../src/security/schemas/userAccountInfoSchema.ts","../../src/security/interfaces/UserAccountToken.ts","../../src/security/atoms/currentUserAtom.ts","../../src/security/errors/InvalidCredentialsError.ts","../../src/security/errors/InvalidPermissionError.ts","../../src/security/errors/SecurityError.ts","../../src/security/interfaces/IssuerResolver.ts","../../src/security/primitives/$basicAuth.ts","../../../../node_modules/jose/dist/types/types.d.ts","../../../../node_modules/jose/dist/types/jwt/verify.d.ts","../../src/security/providers/JwtProvider.ts","../../src/security/schemas/permissionSchema.ts","../../src/security/schemas/roleSchema.ts","../../src/security/providers/SecurityProvider.ts","../../src/security/primitives/$issuer.ts","../../src/security/primitives/$permission.ts","../../src/security/primitives/$role.ts","../../src/security/primitives/$secure.ts","../../src/security/primitives/$serviceAccount.ts","../../src/security/providers/ServerSecurityProvider.ts","../../src/security/index.ts"],"x_google_ignoreList":[8,9],"mappings":";;;;;;;;;cAGa,qBAAA,WAAqB,OAAA;MAuDhC,QAAA,CAAA,OAAA;;;;;;;;;;KAEU,WAAA,GAAc,MAAA,QAAc,qBAAA;;;;;;;UCtDvB,gBAAA,SAAyB,WAAA;;;;EAIxC,KAAA;EDPW;;;ECYX,KAAA;;;;;EAMA,SAAA;AAAA;;;;;;;;;cCZW,eAAA,EAAe,QAAA,CAAA,IAAA,CAAA,QAAA,CAAA,SAAA,UAAA,OAAA;MAG1B,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;cCJW,uBAAA,SAAgC,iBAAA;EAAA,SAClC,IAAA;;;;;cCTE,sBAAA,SAA+B,KAAA;cAC9B,IAAA;AAAA;;;cCDD,aAAA,SAAsB,KAAA;EAC1B,IAAA;EAAA,SACS,MAAA;AAAA;;;;;;;KCKN,QAAA,GAAW,IAAA,CAAK,WAAA;EAC1B,SAAA;AAAA;;ANLF;;UMWiB,cAAA;EN4Cf;;;EMxCA,QAAA;;;;;;EAOA,SAAA,GAAY,GAAA,EAAK,aAAA,KAAkB,OAAA,CAAQ,QAAA;AAAA;;;UCrB5B,gBAAA;EACf,QAAA;EACA,QAAA;AAAA;;;;;;APHF;;;;;;;;;;iBOqBgB,UAAA,CAAW,OAAA,EAAS,gBAAA,GAAmB,UAAA;;;;UCvBtCA,aAAAA;;EAEfC,GAAAA;;;;;;EAMAC,GAAAA;ERNF;EQQEC,OAAAA;;EAEAC,GAAAA;;EAEAC,GAAAA;;EAEAC,GAAAA;;EAEAC,GAAAA;;EAEA,UAAA;;EAEAC,GAAAA;;EAEAC,GAAAA;AAAAA;;;;;;;;;;;;;;;UA2FewB,GAAAA,SAAYjC,aAAAA;;;;;EAK3BW,GAAAA;;;;;;EAMAG,CAAAA;;EAEAY,EAAAA;;EAEAC,EAAAA;;EAEAJ,CAAAA;;EAEAS,CAAAA;;EAEAR,CAAAA;;EAEAI,CAAAA;;EAEAC,CAAAA;;EAEAC,EAAAA;;;ALvIF;;EK4IElB,CAAAA;EL5I4D;EK8I5DQ,CAAAA;EL7IS;EK+ITJ,GAAAA;;EAEAE,IAAAA;AAAAA;;;;;UAqCe2B,iBAAAA;EFjLc;;;;;;EEwL7BE,MAAAA,GAASD,mBAAAA;EF7KT;;;;EEmLAE,OAAAA,WAAkBJ,UAAAA;EFnLiC;;;;ACrBrD;EC+MEK,SAAAA;ED9MA;ECiNAC,SAAAA;AAAAA;;UAyCeO,oBAAAA;EAlHf5B;EAoHApB,GAAAA;EA3GAW;EA8GAb,GAAAA;EA1GI;EA6GJD,GAAAA;EAxEgC;EA2EhCE,GAAAA;EApEAuC;EAuEAY,GAAAA;EAjEkBf;EAoElBgB,GAAAA,GAAMF,IAAAA,CAAKzB,GAAAA;EA1DF;EA6DT4B,GAAAA;EApBmC;EAuBnCC,GAAAA;AAAAA;;UAIehB,mBAAAA,SAA4BW,oBAAAA;EAhB3CjD;;;;;EAsBAN,GAAAA;EAVG;;AAIL;;EAYE6D,GAAAA;EAZ2CN;EAe3CO,IAAAA;EAAAA;EAAAA,CAGCC,QAAAA;AAAAA;;UAmIcmB,UAAAA;EEpZI;;;;;;;;;;;;;;;;;;EFuanBpB,IAAAA;IAAAA,CACGC,QAAAA;EAAAA;AAAAA;;UA0CY0B,2BAAAA;EE7TN;;;;AAGX;EFgUEE,QAAAA;EEhUoD;;;;;;;;;EF2UpDC,cAAAA;EEhUF;;;;;EFuUEC,MAAAA;EErUwB;;;;;;AC7L1B;;EH4gBEC,WAAAA;;;;;;EAOAC,OAAAA;;;;;;EAOApC,GAAAA;;EAGAqC,WAAAA,GAAcN,IAAAA;;;;;;;;;EAUdO,cAAAA;AAAAA;AGvgBF;AAAA,UH2gBiBC,aAAAA,SAAsBhB,UAAAA;;;;;;;AI3iBvC;EJmjBEiB,UAAAA;AAAAA;;UAOeE,UAAAA;;;;;;EAMfC,GAAAA;;;;;;EAOAC,GAAAA;;;;;;EAOAC,GAAAA;;;;;;EAOAC,GAAAA;;;;;;EAOAC,GAAAA;;;;;;EAOAC,GAAAA;EK3kB2B;;;;;ELklB3BC,GAAAA;EKzkBiC;EAAA,CL4kBhC7C,QAAAA;AAAAA;;UA0Dc0D,eAAAA,eAA8BpB,UAAAA;EKtoB1B;ELwoBnBvD,OAAAA,EAAS4E,WAAAA,GAAcrB,UAAAA;EK/nBJ;ELkoBnBhE,eAAAA,EAAiBsF,mBAAAA;AAAAA;;UAmBFH,0BAAAA,SAAmC5E,mBAAAA;EAClD5C,GAAAA;AAAAA;;UAIe2H,mBAAAA,SAA4BH,0BAAAA;EAC3C3D,GAAAA;AAAAA;;UAUekE,aAAAA;EACfC,IAAAA,EAAMjG,GAAAA;AAAAA;;;;;;UAQSU,SAAAA;EACfwF,IAAAA;AAAAA;;;;;;;KASUzF,SAAAA,GAAY+F,OAAAA,CACtBD,OAAAA,CAAQD,UAAAA,QAAkBH,MAAAA,CAAOC,MAAAA,CAAOC,WAAAA;EACtCH,IAAAA;AAAAA;;;;UChuBakB,gBAAAA,SAAyBD,aAAAA,EAAqBA,2BAAAA;;;;;;cCkBlD,WAAA;EAAA,mBACQ,GAAA,EADG,gBAAA,CACA,MAAA;EAAA,mBACH,QAAA,EAAU,eAAA;EAAA,mBACV,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,OAAA,EAAO,WAAA;EV6B1B;;;;;;EUrBO,YAAA,CAAa,IAAA,UAAc,eAAA,WAA0B,aAAA;;;;;;;;EAiC/C,KAAA,CACX,KAAA,UACA,OAAA,WACA,OAAA,GAAU,gBAAA,GACT,OAAA,CAAQ,cAAA;;;;;;;;;;EAwDE,MAAA,CACX,OAAA,EAAS,kBAAA,EACT,OAAA,WACA,WAAA,GAAc,cAAA,GACb,OAAA;;;;;;;YAyBO,WAAA,CAAY,GAAA;AAAA;AAAA,KAKZ,SAAA,IACV,eAAA,GAAkB,mBAAA,EAClB,KAAA,GAAQ,iBAAA,KACL,OAAA,CAAQ,SAAA,GAAY,SAAA;AAAA,UAER,eAAA;EACf,IAAA;EACA,SAAA,EAAW,SAAA;EACX,SAAA;AAAA;AAAA,UAGe,cAAA;EACf,MAAA,GAAS,OAAA,CAAQ,mBAAA;AAAA;AAAA,UAGF,kBAAA,SAA2B,UAAA;EAC1C,GAAA;EAEA,IAAA;EACA,KAAA;EACA,KAAA;EACA,YAAA;EAEA,YAAA;IAAiB,KAAA;EAAA;AAAA;AAAA,UAGF,cAAA;EACf,OAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,kBAAA;AAAA;;;cC7Lb,gBAAA,WAAgB,OAAA;QA8B3B,QAAA,CAAA,OAAA;;;;;;KAEU,UAAA,GAAa,MAAA,QAAc,gBAAA;;;cChC1B,UAAA,WAAU,OAAA;QAqCrB,QAAA,CAAA,OAAA;;;;;;;;;KAEU,IAAA,GAAO,MAAA,QAAc,UAAA;;;cCfpB,gBAAA;EAAA,mBACQ,iBAAA;EAAA,mBACA,iBAAA,EAAiB,MAAA;EAAA,mBACjB,0BAAA,EAA0B,MAAA;EAAA,mBAG1B,GAAA,EAH0B,gBAAA,CAGvB,MAAA;EAAA,mBACH,GAAA,EAAG,WAAA;EAAA,mBACH,MAAA,EAAM,MAAA;EAAA,mBACN,cAAA,EAAc,cAAA;EAAA,IAEtB,SAAA,CAAA;;;;qBAOQ,WAAA,EAAa,UAAA;;;;qBAKb,MAAA,EAAQ,KAAA;EAAA,UAmBjB,KAAA,EAnBsB,QAAA,CAmBjB,aAAA;;;;YAwBL,wBAAA,CAAyB,SAAA,WAAoB,cAAA;Eb1FvB;;;;;;EayHzB,UAAA,CAAW,IAAA,EAAM,IAAA,KAAS,MAAA,aAAmB,IAAA;;;;;;EAgE7C,gBAAA,CAAiB,GAAA,EAAK,UAAA,YAAsB,UAAA;EA0D5C,WAAA,CAAY,KAAA,EAAO,KAAA;;;;;;;;;EAiBb,WAAA,CAAY,KAAA,UAAe,KAAA,EAAO,IAAA,KAAS,OAAA;;;;;;;;;EAuBjD,qBAAA,CACL,OAAA,EAAS,UAAA,EACT,SAAA,YACC,WAAA;EbrOO;;;;Ea4QH,UAAA,CACL,QAAA,EAAU,QAAA,EACV,OAAA;IACE,KAAA;IACA,UAAA,GAAa,UAAA;EAAA,IAEd,gBAAA;EZxUY;;;;EY4WR,gBAAA,CAAiB,QAAA,EAAU,cAAA,EAAgB,SAAA;EZxWlD;;;;EYsXO,QAAA,CAAS,SAAA,YAAqB,KAAA;;;;AXvXvC;;;;;;EW4Ye,4BAAA,CACX,GAAA;IAAO,GAAA,EAAK,GAAA;IAAc,OAAA;MAAW,aAAA;IAAA;EAAA,GACrC,OAAA;IACE,KAAA;IACA,UAAA,GAAa,UAAA;EAAA,IAEd,OAAA,CAAQ,gBAAA;;;;;;;;;EA0DJ,eAAA,CACL,cAAA,WAAyB,UAAA,KACtB,WAAA,aACF,mBAAA;EX/cuB;;;EWuiBb,mBAAA,CACX,aAAA,WACA,OAAA;IACE,UAAA,GAAa,UAAA;IACb,KAAA;IACA,MAAA,GAAS,gBAAA;EAAA,IAEV,OAAA,CAAQ,gBAAA;;;;;;;;EA2DJ,GAAA,CAAI,QAAA,UAAkB,UAAA,WAAqB,UAAA;;;;EAO3C,SAAA,CACL,QAAA,UACA,UAAA,WAAqB,UAAA;;;;;;EAUhB,kBAAA,CAAmB,UAAA,EAAY,UAAA;;;;EAoB/B,YAAA,CAAa,IAAA,EAAM,gBAAA,EAAkB,OAAA;;;;EAWrC,kBAAA,CAAmB,IAAA,EAAM,gBAAA;EAOzB,SAAA,CAAA,GAAa,KAAA;;;AVnqBtB;;;EU4qBS,QAAA,CAAS,KAAA,YAAiB,IAAA;EV5qBU;;;;;;;EU2rBpC,cAAA,CAAe,IAAA;IACpB,KAAA,GAAQ,KAAA,CAAM,IAAA;IACd,KAAA;EAAA,IACE,UAAA;ETtsB2C;;;;;;ESqyBxC,gBAAA,CAAiB,OAAA,EAAS,MAAA;EAgB1B,uBAAA,CACL,OAAA,EAAS,MAAA;;ARtzBb;;;;EQq0BS,mBAAA,CAAoB,OAAA,EAAS,MAAA;EAI7B,qBAAA,CACL,OAAA,EAAS,MAAA;EAqBJ,sBAAA,CACL,OAAA,EAAS,MAAA;EAiBJ,mBAAA,CAAoB,OAAA,EAAS,MAAA;ER/2Bd;;;;ACKxB;;EO43BS,kBAAA,CAAmB,OAAA,EAAS,MAAA;EAmB5B,0BAAA,CACL,OAAA,EAAS,MAAA;AAAA;;;;UAiBI,KAAA;EACf,IAAA;EAEA,KAAA,EAAO,IAAA;;;;;;EAOP,MAAA,YAAkB,aAAA;EPh6BlB;;;;EOs6BA,OAAA,IAAW,GAAA,EAAK,MAAA,kBAAwB,WAAA;EP/5BG;;;EOo6B3C,SAAA,GAAY,cAAA;AAAA;AAAA,UAGG,mBAAA;EACf,YAAA;EACA,SAAA;AAAA;;;;;Ab/7BF;;;;ccmBa,OAAA;EAAA,UAAoB,sBAAA,GAAyB,eAAA;EAAA;;KAM9C,sBAAA;;;;;EAKV,IAAA;;;;EAKA,WAAA;;;;EAKA,KAAA,GAAQ,KAAA,UAAe,IAAA;EdxCS;;;Ec6ChC,QAAA,GAAW,cAAA;;;;EAKX,OAAA,IAAW,UAAA,EAAY,MAAA,kBAAwB,WAAA;;;;EAK/C,SAAA,GAAY,cAAA;AAAA,KACT,cAAA,GAAiB,cAAA;AAAA,UAEL,cAAA;EACf,WAAA;;;;;IAKE,UAAA,GAAa,YAAA;EAAA;EAGf,YAAA;;;;;IAKE,UAAA,GAAa,YAAA;EAAA;EAOf,eAAA,IACE,IAAA,EAAM,WAAA,EACN,MAAA;IACE,SAAA;EAAA,MAEC,OAAA;IACH,YAAA;IACA,SAAA;EAAA;EAGF,gBAAA,IAAoB,YAAA,aAAyB,OAAA;IAC3C,IAAA,EAAM,WAAA;IACN,SAAA;IACA,SAAA;EAAA;EAGF,eAAA,IAAmB,YAAA,aAAyB,OAAA;AAAA;AAAA,KAGlC,cAAA;;;;EAIV,MAAA;AAAA;AAAA,UAGe,cAAA;EbvFN;;;Ea2FT,IAAA,mBAAuB,aAAA;AAAA;AAAA,cAKZ,eAAA,SAAwB,SAAA,CAAU,sBAAA;EAAA,mBAC1B,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,GAAA,EAAG,WAAA;EAAA,mBACH,GAAA,EADG,gBAAA,CACA,MAAA;EAAA,IAEX,IAAA,CAAA;EAAA,IAIA,qBAAA,CAAA,GAAyB,QAAA;EAAA,IAMzB,sBAAA,CAAA,GAA0B,QAAA;EAAA,UAM3B,MAAA,CAAA;;;;YAkCA,iBAAA,CAAA,GAAqB,cAAA;;;;;EAgCxB,gBAAA,CAAiB,QAAA,EAAU,cAAA;;;;EAO3B,QAAA,CAAA,GAAY,IAAA;EZ3MO;;;EYkNb,QAAA,CAAS,KAAA,EAAO,IAAA,KAAS,OAAA;EZlNZ;;;EYyNnB,aAAA,CAAc,IAAA,WAAe,IAAA;EAQvB,UAAA,CAAW,KAAA,WAAgB,OAAA,CAAQ,UAAA;;;;EAQnC,WAAA,CACX,IAAA,EAAM,WAAA,EACN,YAAA;IACE,GAAA;IACA,aAAA;IACA,wBAAA;EAAA,IAED,OAAA,CAAQ,mBAAA;EAoFE,YAAA,CACX,YAAA,UACA,WAAA,YACC,OAAA;IACD,MAAA,EAAQ,mBAAA;IACR,IAAA,EAAM,WAAA;EAAA;AAAA;AAAA,UAoEO,kBAAA;EACf,GAAA;EACA,KAAA;EACA,KAAA;AAAA;AAAA,UAGe,mBAAA;EACf,YAAA;EACA,UAAA;EACA,UAAA;EACA,SAAA;EACA,aAAA;EACA,wBAAA;EACA,KAAA;AAAA;;;;;;cC5ZW,WAAA;EAAA,WACF,0BAAA,GACR,mBAAA;EAAA;;UAMc,0BAAA;Ef2Cf;;;EevCA,IAAA;;;;EAKA,KAAA;;;;EAKA,WAAA;AAAA;AAAA,cAKW,mBAAA,SAA4B,SAAA,CAAU,0BAAA;EAAA,mBAC9B,gBAAA,EAAgB,gBAAA;EAAA,IAExB,IAAA,CAAA;EAAA,IAIA,KAAA,CAAA;EAIJ,QAAA,CAAA;EAAA,UAIG,MAAA,CAAA;;;;EAWH,GAAA,CAAI,IAAA,GAAO,WAAA;AAAA;;;;;;cCpDP,KAAA;EAAA,WAAkB,oBAAA,GAA4B,aAAA;EAAA;;UAM1C,oBAAA;;;;EAIf,IAAA;;;;EAKA,WAAA;EAEA,MAAA,YAAkB,eAAA;EAElB,WAAA,GAAc,KAAA;IAGR,IAAA;IACA,SAAA;IACA,OAAA;EAAA;AAAA;AAAA,cAKK,aAAA,SAAsB,SAAA,CAAU,oBAAA;EAAA,mBACxB,gBAAA,EAAgB,gBAAA;EAAA,IAExB,IAAA,CAAA;EAAA,UAID,MAAA,CAAA;;;;MAoBC,MAAA,CAAA,YAAmB,eAAA;EAIvB,GAAA,CAAI,UAAA,WAAqB,mBAAA;EAIzB,KAAA,CAAM,UAAA,WAAqB,mBAAA,GAAmB,mBAAA;AAAA;;;UCjEtC,aAAA;;;;;EAKf,OAAA;;AjBTF;;EiBcE,KAAA;EjByCA;;;EiBpCA,WAAA,aAAwB,UAAA;;;;;EAMxB,KAAA,IAAS,IAAA,EAAM,gBAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AjBgCjB;;;;;;;;ACtDA;;;;;iBgB+EgB,OAAA,CAAQ,OAAA,GAAU,aAAA,GAAgB,UAAA;;;;;;;;;;;AjBlFlD;;;;;;;;;;;;;;;;;;;;ckB8Ba,eAAA,GACX,OAAA,EAAS,8BAAA,KACR,uBAAA;AAAA,KAqHS,8BAAA;EACV,WAAA;AAAA;EAGI,MAAA,EAAQ,oCAAA;AAAA;EAGR,MAAA,EAAQ,eAAA;EACR,IAAA,EAAM,WAAA;AAAA;AAAA,UAIK,oCAAA;;;;EAIf,GAAA;;;;EAKA,QAAA;;;;EAKA,YAAA;AAAA;AAAA,UAGe,uBAAA;EACf,KAAA,QAAa,OAAA;AAAA;AAAA,UAGE,mBAAA;EACf,QAAA,GAAW,mBAAA;AAAA;;;cCjLA,sBAAA;EAAA,mBACQ,GAAA,EADc,gBAAA,CACX,MAAA;EAAA,mBACH,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,WAAA,EAAW,WAAA;EAAA,mBACX,MAAA,EAAM,MAAA;EAAA,mBAEN,eAAA,EAFM,QAAA,CAES,aAAA;EAAA,mBA8Bf,eAAA,EA9Be,QAAA,CA8BA,aAAA;EAAA,UA0BxB,cAAA,CAAA,GAAkB,gBAAA;EAAA,mBAQT,eAAA,EARyB,QAAA,CAQV,aAAA;AAAA;AAAA,KAmCxB,0BAAA,IACV,OAAA,EAAS,aAAA,KACN,OAAA,CAAQ,gBAAA;;;;YC/ED,KAAA;IACR,uBAAA;MACE,KAAA;MACA,IAAA,EAAM,WAAA;IAAA;EAAA;EAAA,UAIA,KAAA;;;;;;;IAOR,6BAAA,GAAgC,gBAAA;;;;IAKhC,sBAAA,GAAyB,WAAA;EAAA;AAAA;AAAA;EAAA,UAKjB,aAAA;IACR,IAAA,GAAO,gBAAA;EAAA;EAAA,UAGC,mBAAA;IACR,IAAA,EAAM,gBAAA;EAAA;EAAA,UAGE,oBAAA,SAA6B,YAAA;;;;;;;;IAQrC,IAAA,GAAO,gBAAA;EAAA;AAAA;;;;ApBjBX;;;;;;;;ACtDA;;;;;cmB6Fa,cAAA,EAAc,QAAA,CAAA,OAAA,CAKzB,QAAA,CALyB,MAAA"}
+{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/security/schemas/userAccountInfoSchema.ts","../../src/security/interfaces/UserAccountToken.ts","../../src/security/atoms/currentUserAtom.ts","../../src/security/errors/InvalidCredentialsError.ts","../../src/security/errors/InvalidPermissionError.ts","../../src/security/errors/SecurityError.ts","../../src/security/interfaces/IssuerResolver.ts","../../src/security/primitives/$basicAuth.ts","../../src/security/providers/JwtProvider.ts","../../src/security/schemas/permissionSchema.ts","../../src/security/schemas/roleSchema.ts","../../src/security/providers/SecurityProvider.ts","../../src/security/primitives/$issuer.ts","../../src/security/primitives/$permission.ts","../../src/security/primitives/$role.ts","../../src/security/primitives/$secure.ts","../../src/security/primitives/$serviceAccount.ts","../../src/security/providers/ServerSecurityProvider.ts","../../src/security/index.ts"],"mappings":";;;;;;;;;;;cAGa,qBAAA,WAAqB,OAAA;MAuDhC,QAAA,CAAA,OAAA;;;;;;;;;;KAEU,WAAA,GAAc,MAAA,QAAc,qBAAA;;;;;;;UCtDvB,gBAAA,SAAyB,WAAA;;;;EAIxC,KAAA;;;ADPF;ECYE,KAAA;;;;;EAMA,SAAA;AAAA;;;;;;;;;cCZW,eAAA,EAAe,QAAA,CAAA,IAAA,CAAA,QAAA,CAAA,SAAA,UAAA,OAAA;MAG1B,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;cCJW,uBAAA,SAAgC,iBAAA;EAAA,SAClC,IAAA;;;;;cCTE,sBAAA,SAA+B,KAAA;cAC9B,IAAA;AAAA;;;cCDD,aAAA,SAAsB,KAAA;EAC1B,IAAA;EAAA,SACS,MAAA;AAAA;;;;;;;KCKN,QAAA,GAAW,IAAA,CAAK,WAAA;EAC1B,SAAA;AAAA;;;;UAMe,cAAA;EN4Cf;;;EMxCA,QAAA;;;;;;EAOA,SAAA,GAAY,GAAA,EAAK,aAAA,KAAkB,OAAA,CAAQ,QAAA;AAAA;;;UCrB5B,gBAAA;EACf,QAAA;EACA,QAAA;AAAA;;;;;;;;APHF;;;;;;;;iBOqBgB,UAAA,CAAW,OAAA,EAAS,gBAAA,GAAmB,UAAA;;;;;;cCC1C,WAAA;EAAA,mBACQ,GAAA,EADG,gBAAA,CACA,MAAA;EAAA,mBACH,QAAA,EAAU,eAAA;EAAA,mBACV,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,OAAA,EAAO,WAAA;;AR1B5B;;;;;EQkCS,YAAA,CAAa,IAAA,UAAc,eAAA,WAA0B,aAAA;;;;;;;;EAiC/C,KAAA,CACX,KAAA,UACA,OAAA,WACA,OAAA,GAAU,gBAAA,GACT,OAAA,CAAQ,cAAA;;;;;;;;;;EAwDE,MAAA,CACX,OAAA,EAAS,kBAAA,EACT,OAAA,WACA,WAAA,GAAc,cAAA,GACb,OAAA;ERnI6B;;;;;;EAAA,UQ4JtB,WAAA,CAAY,GAAA;AAAA;AAAA,KAKZ,SAAA,IACV,eAAA,GAAkB,mBAAA,EAClB,KAAA,GAAQ,iBAAA,KACL,OAAA,CAAQ,SAAA,GAAY,SAAA;AAAA,UAER,eAAA;EACf,IAAA;EACA,SAAA,EAAW,SAAA;EACX,SAAA;AAAA;AAAA,UAGe,cAAA;EACf,MAAA,GAAS,OAAA,CAAQ,mBAAA;AAAA;AAAA,UAGF,kBAAA,SAA2B,UAAA;EAC1C,GAAA;EAEA,IAAA;EACA,KAAA;EACA,KAAA;EACA,YAAA;EAEA,YAAA;IAAiB,KAAA;EAAA;AAAA;AAAA,UAGF,cAAA;EACf,OAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,kBAAA;AAAA;;;cC7Lb,gBAAA,WAAgB,OAAA;QA8B3B,QAAA,CAAA,OAAA;;;;;;KAEU,UAAA,GAAa,MAAA,QAAc,gBAAA;;;cChC1B,UAAA,WAAU,OAAA;QAqCrB,QAAA,CAAA,OAAA;;;;;;;;;KAEU,IAAA,GAAO,MAAA,QAAc,UAAA;;;cCfpB,gBAAA;EAAA,mBACQ,iBAAA;EAAA,mBACA,iBAAA,EAAiB,MAAA;EAAA,mBACjB,0BAAA,EAA0B,MAAA;EAAA,mBAG1B,GAAA,EAH0B,gBAAA,CAGvB,MAAA;EAAA,mBACH,GAAA,EAAG,WAAA;EAAA,mBACH,MAAA,EAAM,MAAA;EAAA,mBACN,cAAA,EAAc,cAAA;EAAA,IAEtB,SAAA,CAAA;;;;qBAOQ,WAAA,EAAa,UAAA;;;;qBAKb,MAAA,EAAQ,KAAA;EAAA,UAmBjB,KAAA,EAnBsB,QAAA,CAmBjB,aAAA;;;;YAwBL,wBAAA,CAAyB,SAAA,WAAoB,cAAA;;;;;;;EA+BhD,UAAA,CAAW,IAAA,EAAM,IAAA,KAAS,MAAA,aAAmB,IAAA;;;;;;EAgE7C,gBAAA,CAAiB,GAAA,EAAK,UAAA,YAAsB,UAAA;EA0D5C,WAAA,CAAY,KAAA,EAAO,KAAA;;;;;;;;;EAiBb,WAAA,CAAY,KAAA,UAAe,KAAA,EAAO,IAAA,KAAS,OAAA;;;;;;;;;EAuBjD,qBAAA,CACL,OAAA,EAAS,UAAA,EACT,SAAA,YACC,WAAA;;;AXrOL;;EW4QS,UAAA,CACL,QAAA,EAAU,QAAA,EACV,OAAA;IACE,KAAA;IACA,UAAA,GAAa,UAAA;EAAA,IAEd,gBAAA;;;AVxUL;;EU4WS,gBAAA,CAAiB,QAAA,EAAU,cAAA,EAAgB,SAAA;EV5WC;;;;EU0X5C,QAAA,CAAS,SAAA,YAAqB,KAAA;EV3W5B;;;;;ACZX;;;;ES4Ye,4BAAA,CACX,GAAA;IAAO,GAAA,EAAK,GAAA;IAAc,OAAA;MAAW,aAAA;IAAA;EAAA,GACrC,OAAA;IACE,KAAA;IACA,UAAA,GAAa,UAAA;EAAA,IAEd,OAAA,CAAQ,gBAAA;;;;;;;;;EA0DJ,eAAA,CACL,cAAA,WAAyB,UAAA,KACtB,WAAA,aACF,mBAAA;ET/cuB;;;ESuiBb,mBAAA,CACX,aAAA,WACA,OAAA;IACE,UAAA,GAAa,UAAA;IACb,KAAA;IACA,MAAA,GAAS,gBAAA;EAAA,IAEV,OAAA,CAAQ,gBAAA;;;;;;;;EA2DJ,GAAA,CAAI,QAAA,UAAkB,UAAA,WAAqB,UAAA;;;;EAO3C,SAAA,CACL,QAAA,UACA,UAAA,WAAqB,UAAA;;;;;;EAUhB,kBAAA,CAAmB,UAAA,EAAY,UAAA;;;;EAoB/B,YAAA,CAAa,IAAA,EAAM,gBAAA,EAAkB,OAAA;;;;EAWrC,kBAAA,CAAmB,IAAA,EAAM,gBAAA;EAOzB,SAAA,CAAA,GAAa,KAAA;;;;;ARnqBtB;EQ4qBS,QAAA,CAAS,KAAA,YAAiB,IAAA;;;;;;;;EAe1B,cAAA,CAAe,IAAA;IACpB,KAAA,GAAQ,KAAA,CAAM,IAAA;IACd,KAAA;EAAA,IACE,UAAA;EPtsB8B;;;;;;EOqyB3B,gBAAA,CAAiB,OAAA,EAAS,MAAA;EAgB1B,uBAAA,CACL,OAAA,EAAS,MAAA;;;;ANtzBb;;EMq0BS,mBAAA,CAAoB,OAAA,EAAS,MAAA;EAI7B,qBAAA,CACL,OAAA,EAAS,MAAA;EAqBJ,sBAAA,CACL,OAAA,EAAS,MAAA;EAiBJ,mBAAA,CAAoB,OAAA,EAAS,MAAA;EN/2BpB;;;;;;EMi4BT,kBAAA,CAAmB,OAAA,EAAS,MAAA;EAmB5B,0BAAA,CACL,OAAA,EAAS,MAAA;AAAA;;;;UAiBI,KAAA;EACf,IAAA;EAEA,KAAA,EAAO,IAAA;EL75BQ;;;;;EKo6Bf,MAAA,YAAkB,aAAA;ELz5BwB;;;;EK+5B1C,OAAA,IAAW,GAAA,EAAK,MAAA,kBAAwB,WAAA;EL/5B5B;;;EKo6BZ,SAAA,GAAY,cAAA;AAAA;AAAA,UAGG,mBAAA;EACf,YAAA;EACA,SAAA;AAAA;;;;;;;AX/7BF;;cYmBa,OAAA;EAAA,UAAoB,sBAAA,GAAyB,eAAA;EAAA;;KAM9C,sBAAA;;;;;EAKV,IAAA;;;;EAKA,WAAA;;;;EAKA,KAAA,GAAQ,KAAA,UAAe,IAAA;;;;EAKvB,QAAA,GAAW,cAAA;EZ7CqB;;;EYkDhC,OAAA,IAAW,UAAA,EAAY,MAAA,kBAAwB,WAAA;;;;EAK/C,SAAA,GAAY,cAAA;AAAA,KACT,cAAA,GAAiB,cAAA;AAAA,UAEL,cAAA;EACf,WAAA;;;;;IAKE,UAAA,GAAa,YAAA;EAAA;EAGf,YAAA;;;;;IAKE,UAAA,GAAa,YAAA;EAAA;EAOf,eAAA,IACE,IAAA,EAAM,WAAA,EACN,MAAA;IACE,SAAA;EAAA,MAEC,OAAA;IACH,YAAA;IACA,SAAA;EAAA;EAGF,gBAAA,IAAoB,YAAA,aAAyB,OAAA;IAC3C,IAAA,EAAM,WAAA;IACN,SAAA;IACA,SAAA;EAAA;EAGF,eAAA,IAAmB,YAAA,aAAyB,OAAA;AAAA;AAAA,KAGlC,cAAA;EX/FK;;;EWmGf,MAAA;AAAA;AAAA,UAGe,cAAA;EX7Ff;;;EWiGA,IAAA,mBAAuB,aAAA;AAAA;AAAA,cAKZ,eAAA,SAAwB,SAAA,CAAU,sBAAA;EAAA,mBAC1B,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,GAAA,EAAG,WAAA;EAAA,mBACH,GAAA,EADG,gBAAA,CACA,MAAA;EAAA,IAEX,IAAA,CAAA;EAAA,IAIA,qBAAA,CAAA,GAAyB,QAAA;EAAA,IAMzB,sBAAA,CAAA,GAA0B,QAAA;EAAA,UAM3B,MAAA,CAAA;;;;YAkCA,iBAAA,CAAA,GAAqB,cAAA;;;;;EAgCxB,gBAAA,CAAiB,QAAA,EAAU,cAAA;;;;EAO3B,QAAA,CAAA,GAAY,IAAA;;;;EAON,QAAA,CAAS,KAAA,EAAO,IAAA,KAAS,OAAA;EVlNZ;;;EUyNnB,aAAA,CAAc,IAAA,WAAe,IAAA;EAQvB,UAAA,CAAW,KAAA,WAAgB,OAAA,CAAQ,UAAA;;;;EAQnC,WAAA,CACX,IAAA,EAAM,WAAA,EACN,YAAA;IACE,GAAA;IACA,aAAA;IACA,wBAAA;EAAA,IAED,OAAA,CAAQ,mBAAA;EAoFE,YAAA,CACX,YAAA,UACA,WAAA,YACC,OAAA;IACD,MAAA,EAAQ,mBAAA;IACR,IAAA,EAAM,WAAA;EAAA;AAAA;AAAA,UAoEO,kBAAA;EACf,GAAA;EACA,KAAA;EACA,KAAA;AAAA;AAAA,UAGe,mBAAA;EACf,YAAA;EACA,UAAA;EACA,UAAA;EACA,SAAA;EACA,aAAA;EACA,wBAAA;EACA,KAAA;AAAA;;;;;;cC5ZW,WAAA;EAAA,WACF,0BAAA,GACR,mBAAA;EAAA;;UAMc,0BAAA;;AbZjB;;EagBE,IAAA;EbuCA;;;EalCA,KAAA;;;;EAKA,WAAA;AAAA;AAAA,cAKW,mBAAA,SAA4B,SAAA,CAAU,0BAAA;EAAA,mBAC9B,gBAAA,EAAgB,gBAAA;EAAA,IAExB,IAAA,CAAA;EAAA,IAIA,KAAA,CAAA;EAIJ,QAAA,CAAA;EAAA,UAIG,MAAA,CAAA;;;;EAWH,GAAA,CAAI,IAAA,GAAO,WAAA;AAAA;;;;;;cCpDP,KAAA;EAAA,WAAkB,oBAAA,GAA4B,aAAA;EAAA;;UAM1C,oBAAA;EdXJ;;;EceX,IAAA;;;;EAKA,WAAA;EAEA,MAAA,YAAkB,eAAA;EAElB,WAAA,GAAc,KAAA;IAGR,IAAA;IACA,SAAA;IACA,OAAA;EAAA;AAAA;AAAA,cAKK,aAAA,SAAsB,SAAA,CAAU,oBAAA;EAAA,mBACxB,gBAAA,EAAgB,gBAAA;EAAA,IAExB,IAAA,CAAA;EAAA,UAID,MAAA,CAAA;;;;MAoBC,MAAA,CAAA,YAAmB,eAAA;EAIvB,GAAA,CAAI,UAAA,WAAqB,mBAAA;EAIzB,KAAA,CAAM,UAAA,WAAqB,mBAAA,GAAmB,mBAAA;AAAA;;;UCjEtC,aAAA;;;;;EAKf,OAAA;;;;EAKA,KAAA;EfyCA;;;EepCA,WAAA,aAAwB,UAAA;;;;;EAMxB,KAAA,IAAS,IAAA,EAAM,gBAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AfgCjB;;;;;;;;ACtDA;;;iBc+EgB,OAAA,CAAQ,OAAA,GAAU,aAAA,GAAgB,UAAA;;;;;;;;;;;;;AflFlD;;;;;;;;;;;;;;;;;;cgB8Ba,eAAA,GACX,OAAA,EAAS,8BAAA,KACR,uBAAA;AAAA,KAqHS,8BAAA;EACV,WAAA;AAAA;EAGI,MAAA,EAAQ,oCAAA;AAAA;EAGR,MAAA,EAAQ,eAAA;EACR,IAAA,EAAM,WAAA;AAAA;AAAA,UAIK,oCAAA;;;;EAIf,GAAA;;;;EAKA,QAAA;;;;EAKA,YAAA;AAAA;AAAA,UAGe,uBAAA;EACf,KAAA,QAAa,OAAA;AAAA;AAAA,UAGE,mBAAA;EACf,QAAA,GAAW,mBAAA;AAAA;;;cCjLA,sBAAA;EAAA,mBACQ,GAAA,EADc,gBAAA,CACX,MAAA;EAAA,mBACH,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,WAAA,EAAW,WAAA;EAAA,mBACX,MAAA,EAAM,MAAA;EAAA,mBAEN,eAAA,EAFM,QAAA,CAES,aAAA;EAAA,mBA8Bf,eAAA,EA9Be,QAAA,CA8BA,aAAA;EAAA,UA0BxB,cAAA,CAAA,GAAkB,gBAAA;EAAA,mBAQT,eAAA,EARyB,QAAA,CAQV,aAAA;AAAA;AAAA,KAmCxB,0BAAA,IACV,OAAA,EAAS,aAAA,KACN,OAAA,CAAQ,gBAAA;;;;YC/ED,KAAA;IACR,uBAAA;MACE,KAAA;MACA,IAAA,EAAM,WAAA;IAAA;EAAA;EAAA,UAIA,KAAA;;;;;;;IAOR,6BAAA,GAAgC,gBAAA;;;;IAKhC,sBAAA,GAAyB,WAAA;EAAA;AAAA;AAAA;EAAA,UAKjB,aAAA;IACR,IAAA,GAAO,gBAAA;EAAA;EAAA,UAGC,mBAAA;IACR,IAAA,EAAM,gBAAA;EAAA;EAAA,UAGE,oBAAA,SAA6B,YAAA;;;;;;;;IAQrC,IAAA,GAAO,gBAAA;EAAA;AAAA;;;;;;AlBjBX;;;;;;;;ACtDA;;;ciB6Fa,cAAA,EAAc,QAAA,CAAA,OAAA,CAKzB,QAAA,CALyB,MAAA"}