alp-node-auth 9.3.0 → 10.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -3,6 +3,21 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
5
5
 
6
+ ## [10.0.0](https://github.com/christophehurpeau/alp/compare/alp-node-auth@9.3.0...alp-node-auth@10.0.0) (2024-01-06)
7
+
8
+
9
+ ### ⚠ BREAKING CHANGES
10
+
11
+ * merge to alp-node to improve maintenability, remove alp-types
12
+
13
+ ### Features
14
+
15
+ * merge to alp-node to improve maintenability, remove alp-types ([ead9a2f](https://github.com/christophehurpeau/alp/commit/ead9a2fd1bcbedce0be29ea0e444c5cead99c64d))
16
+
17
+ Version bump for dependency: alp-node
18
+ Version bump for dependency: alp-node
19
+
20
+
6
21
  ## [9.3.0](https://github.com/christophehurpeau/alp/compare/alp-node-auth@9.2.0...alp-node-auth@9.3.0) (2024-01-06)
7
22
 
8
23
  Note: no notable changes
@@ -1,4 +1,4 @@
1
- import type { NodeConfig } from 'alp-types';
1
+ import type { NodeConfig } from 'alp-node';
2
2
  import type MongoUsersManager from './MongoUsersManager';
3
3
  import type { User } from './types';
4
4
  export declare const createAuthApolloContext: <U extends User = User>(config: NodeConfig, usersManager: MongoUsersManager<U, import("./types").UserSanitized>) => any;
@@ -1 +1 @@
1
- {"version":3,"file":"authApolloContext.d.ts","sourceRoot":"","sources":["../../src/authApolloContext.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAE5C,OAAO,KAAK,iBAAiB,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAiBpC,eAAO,MAAM,uBAAuB,kCAC1B,UAAU,0EAEjB,GA2BF,CAAC"}
1
+ {"version":3,"file":"authApolloContext.d.ts","sourceRoot":"","sources":["../../src/authApolloContext.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAE3C,OAAO,KAAK,iBAAiB,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAiBpC,eAAO,MAAM,uBAAuB,kCAC1B,UAAU,0EAEjB,GA2BF,CAAC"}
@@ -1,4 +1,4 @@
1
- import type { NodeApplication } from 'alp-types';
1
+ import type { NodeApplication } from 'alp-node';
2
2
  import type MongoUsersManager from './MongoUsersManager';
3
3
  import type { User } from './types';
4
4
  export declare const authSocketIO: <U extends User = User>(app: NodeApplication, usersManager: MongoUsersManager<U, import("./types").UserSanitized>, io: any, jwtAudience?: string) => void;
@@ -1 +1 @@
1
- {"version":3,"file":"authSocketIO.d.ts","sourceRoot":"","sources":["../../src/authSocketIO.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAEjD,OAAO,KAAK,iBAAiB,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAMpC,eAAO,MAAM,YAAY,+BAClB,eAAe,2EAGhB,GAAG,gBACO,MAAM,KACnB,IAgCF,CAAC"}
1
+ {"version":3,"file":"authSocketIO.d.ts","sourceRoot":"","sources":["../../src/authSocketIO.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAEhD,OAAO,KAAK,iBAAiB,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAMpC,eAAO,MAAM,YAAY,+BAClB,eAAe,2EAGhB,GAAG,gBACO,MAAM,KACnB,IAgCF,CAAC"}
@@ -1,5 +1,5 @@
1
- import type { AlpRouteRef } from 'alp-router';
2
- import type { Context } from 'alp-types';
1
+ /// <reference types="koa" />
2
+ import type { AlpRouteRef, Context } from 'alp-node';
3
3
  import type MongoUsersManager from './MongoUsersManager';
4
4
  import type { AuthenticationService, AccessResponseHooks } from './services/authentification/AuthenticationService';
5
5
  import type { AllowedStrategyKeys, AllowedMapParamsStrategy } from './services/authentification/types';
@@ -1 +1 @@
1
- {"version":3,"file":"createAuthController.d.ts","sourceRoot":"","sources":["../../src/createAuthController.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,KAAK,iBAAiB,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EACV,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,KAAK,EACV,mBAAmB,EACnB,wBAAwB,EACzB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAEnD,MAAM,WAAW,0BAA0B,CACzC,YAAY,SAAS,mBAAmB,EACxC,CAAC,SAAS,IAAI,GAAG,IAAI,EACrB,UAAU,SAAS,aAAa,GAAG,aAAa;IAEhD,qBAAqB,EAAE,qBAAqB,CAAC,YAAY,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC;IAC7E,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,iBAAiB,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAC/C,eAAe,CAAC,EAAE,YAAY,CAAC;IAC/B,SAAS,CAAC,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,WAAW,CAAC;IACnB,QAAQ,EAAE,WAAW,CAAC;IACtB,QAAQ,EAAE,WAAW,CAAC;IACtB,MAAM,EAAE,WAAW,CAAC;CACrB;AAED,KAAK,cAAc,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE,CAAC,IAAI;KAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;CAAE,CAAC;AAE/D,MAAM,WAAW,SAAS,CAAC,YAAY,SAAS,mBAAmB,CACjE,SAAQ,mBAAmB,CAAC,YAAY,CAAC;IACzC,cAAc,CAAC,EAAE,CAAC,WAAW,SAAS,YAAY,EAChD,QAAQ,EAAE,WAAW,EACrB,GAAG,EAAE,OAAO,KAEV,cAAc,CAAC,wBAAwB,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,GAC1D,OAAO,CAAC,cAAc,CAAC,wBAAwB,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC,GACnE,OAAO,CAAC,IAAI,CAAC,GAEb,IAAI,CAAC;CACV;AAED,wBAAgB,oBAAoB,CAClC,YAAY,SAAS,mBAAmB,EACxC,CAAC,SAAS,IAAI,GAAG,IAAI,EACrB,UAAU,SAAS,aAAa,GAAG,aAAa,EAChD,EACA,YAAY,EACZ,qBAAqB,EACrB,aAAmB,EACnB,eAAe,EACf,SAAc,GACf,EAAE,0BAA0B,CAAC,YAAY,EAAE,CAAC,EAAE,UAAU,CAAC,GAAG,cAAc,CAsD1E"}
1
+ {"version":3,"file":"createAuthController.d.ts","sourceRoot":"","sources":["../../src/createAuthController.ts"],"names":[],"mappings":";AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,KAAK,iBAAiB,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EACV,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,KAAK,EACV,mBAAmB,EACnB,wBAAwB,EACzB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAEnD,MAAM,WAAW,0BAA0B,CACzC,YAAY,SAAS,mBAAmB,EACxC,CAAC,SAAS,IAAI,GAAG,IAAI,EACrB,UAAU,SAAS,aAAa,GAAG,aAAa;IAEhD,qBAAqB,EAAE,qBAAqB,CAAC,YAAY,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC;IAC7E,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,iBAAiB,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAC/C,eAAe,CAAC,EAAE,YAAY,CAAC;IAC/B,SAAS,CAAC,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,WAAW,CAAC;IACnB,QAAQ,EAAE,WAAW,CAAC;IACtB,QAAQ,EAAE,WAAW,CAAC;IACtB,MAAM,EAAE,WAAW,CAAC;CACrB;AAED,KAAK,cAAc,CAAC,CAAC,SAAS,MAAM,GAAG,EAAE,CAAC,IAAI;KAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;CAAE,CAAC;AAE/D,MAAM,WAAW,SAAS,CAAC,YAAY,SAAS,mBAAmB,CACjE,SAAQ,mBAAmB,CAAC,YAAY,CAAC;IACzC,cAAc,CAAC,EAAE,CAAC,WAAW,SAAS,YAAY,EAChD,QAAQ,EAAE,WAAW,EACrB,GAAG,EAAE,OAAO,KAEV,cAAc,CAAC,wBAAwB,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,GAC1D,OAAO,CAAC,cAAc,CAAC,wBAAwB,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC,GACnE,OAAO,CAAC,IAAI,CAAC,GAEb,IAAI,CAAC;CACV;AAED,wBAAgB,oBAAoB,CAClC,YAAY,SAAS,mBAAmB,EACxC,CAAC,SAAS,IAAI,GAAG,IAAI,EACrB,UAAU,SAAS,aAAa,GAAG,aAAa,EAChD,EACA,YAAY,EACZ,qBAAqB,EACrB,aAAmB,EACnB,eAAe,EACf,SAAc,GACf,EAAE,0BAA0B,CAAC,YAAY,EAAE,CAAC,EAAE,UAAU,CAAC,GAAG,cAAc,CAsD1E"}
@@ -1,7 +1,6 @@
1
1
  /// <reference types="node" />
2
2
  import type { IncomingMessage } from 'node:http';
3
- import type { Context } from 'alp-node';
4
- import type { NodeApplication } from 'alp-types';
3
+ import type { Context, NodeApplication } from 'alp-node';
5
4
  import type MongoUsersManager from './MongoUsersManager';
6
5
  import type { AuthController as AuthControllerType, AuthHooks } from './createAuthController';
7
6
  import type { AuthRoutes as AuthRoutesType } from './createRoutes';
@@ -16,7 +15,7 @@ export { authSocketIO } from './authSocketIO';
16
15
  export { createAuthApolloContext } from './authApolloContext';
17
16
  export { STATUSES } from './services/user/UserAccountsService';
18
17
  export * from './types';
19
- declare module 'alp-types' {
18
+ declare module 'alp-node' {
20
19
  interface ContextState {
21
20
  loggedInUserId: NonNullable<ContextState['loggedInUser']>['_id'] | null | undefined;
22
21
  loggedInUser: User | null | undefined;
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAEjD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,KAAK,EAAgB,eAAe,EAAE,MAAM,WAAW,CAAC;AAG/D,OAAO,KAAK,iBAAiB,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EACV,cAAc,IAAI,kBAAkB,EACpC,SAAS,EACV,MAAM,wBAAwB,CAAC;AAEhC,OAAO,KAAK,EAAE,UAAU,IAAI,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mDAAmD,CAAC;AAEpF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AAE7E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAQnD,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,OAAO,IAAI,wBAAwB,EAAE,MAAM,0CAA0C,CAAC;AAC/F,OAAO,EAAE,OAAO,IAAI,uBAAuB,EAAE,MAAM,yCAAyC,CAAC;AAC7F,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,EAAE,QAAQ,EAAE,MAAM,qCAAqC,CAAC;AAE/D,cAAc,SAAS,CAAC;AAExB,OAAO,QAAQ,WAAW,CAAC;IAEzB,UAAU,YAAY;QACpB,cAAc,EACV,WAAW,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,GAChD,IAAI,GACJ,SAAS,CAAC;QACd,YAAY,EAAE,IAAI,GAAG,IAAI,GAAG,SAAS,CAAC;KACvC;IAED,UAAU,qBAAqB;QAC7B,cAAc,EACV,WAAW,CAAC,qBAAqB,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,GACzD,IAAI,GACJ,SAAS,CAAC;QACd,YAAY,EAAE,aAAa,GAAG,IAAI,GAAG,SAAS,CAAC;KAChD;IAED,UAAU,WAAW;QACnB,WAAW,EAAE,CACX,cAAc,EAAE,WAAW,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,EAC3D,YAAY,EAAE,WAAW,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,KACpD,OAAO,CAAC,IAAI,CAAC,CAAC;QACnB,MAAM,EAAE,MAAM,IAAI,CAAC;KACpB;CACF;AAMD,MAAM,MAAM,cAAc,GAAG,kBAAkB,CAAC;AAChD,MAAM,MAAM,UAAU,GAAG,cAAc,CAAC;AACxC,OAAO,EAAE,qBAAqB,EAAE,MAAM,mDAAmD,CAAC;AAE1F,MAAM,CAAC,OAAO,UAAU,IAAI,CAC1B,YAAY,SAAS,mBAAmB,GAAG,QAAQ,EACnD,CAAC,SAAS,IAAI,GAAG,IAAI,EACrB,UAAU,SAAS,aAAa,GAAG,aAAa,EAChD,EACA,aAAa,EACb,YAAY,EACZ,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,SAAS,EACT,WAAW,GACZ,EAAE;IACD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,iBAAiB,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAC/C,UAAU,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC;IACrC,eAAe,CAAC,EAAE,YAAY,CAAC;IAC/B,iBAAiB,EAAE,MAAM,CAAC,YAAY,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7D,SAAS,CAAC,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;IACpC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,SAEc,eAAe;;uCAqFjB,eAAe;;yBAUf,OAAO;EAsCnB"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAEjD,OAAO,KAAK,EAAE,OAAO,EAAgB,eAAe,EAAE,MAAM,UAAU,CAAC;AAGvE,OAAO,KAAK,iBAAiB,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EACV,cAAc,IAAI,kBAAkB,EACpC,SAAS,EACV,MAAM,wBAAwB,CAAC;AAEhC,OAAO,KAAK,EAAE,UAAU,IAAI,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mDAAmD,CAAC;AAEpF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AAE7E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAQnD,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,OAAO,IAAI,wBAAwB,EAAE,MAAM,0CAA0C,CAAC;AAC/F,OAAO,EAAE,OAAO,IAAI,uBAAuB,EAAE,MAAM,yCAAyC,CAAC;AAC7F,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,EAAE,QAAQ,EAAE,MAAM,qCAAqC,CAAC;AAE/D,cAAc,SAAS,CAAC;AAExB,OAAO,QAAQ,UAAU,CAAC;IAExB,UAAU,YAAY;QACpB,cAAc,EACV,WAAW,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,GAChD,IAAI,GACJ,SAAS,CAAC;QACd,YAAY,EAAE,IAAI,GAAG,IAAI,GAAG,SAAS,CAAC;KACvC;IAED,UAAU,qBAAqB;QAC7B,cAAc,EACV,WAAW,CAAC,qBAAqB,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,GACzD,IAAI,GACJ,SAAS,CAAC;QACd,YAAY,EAAE,aAAa,GAAG,IAAI,GAAG,SAAS,CAAC;KAChD;IAED,UAAU,WAAW;QACnB,WAAW,EAAE,CACX,cAAc,EAAE,WAAW,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,EAC3D,YAAY,EAAE,WAAW,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,KACpD,OAAO,CAAC,IAAI,CAAC,CAAC;QACnB,MAAM,EAAE,MAAM,IAAI,CAAC;KACpB;CACF;AAMD,MAAM,MAAM,cAAc,GAAG,kBAAkB,CAAC;AAChD,MAAM,MAAM,UAAU,GAAG,cAAc,CAAC;AACxC,OAAO,EAAE,qBAAqB,EAAE,MAAM,mDAAmD,CAAC;AAE1F,MAAM,CAAC,OAAO,UAAU,IAAI,CAC1B,YAAY,SAAS,mBAAmB,GAAG,QAAQ,EACnD,CAAC,SAAS,IAAI,GAAG,IAAI,EACrB,UAAU,SAAS,aAAa,GAAG,aAAa,EAChD,EACA,aAAa,EACb,YAAY,EACZ,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,SAAS,EACT,WAAW,GACZ,EAAE;IACD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,iBAAiB,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAC/C,UAAU,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC;IACrC,eAAe,CAAC,EAAE,YAAY,CAAC;IAC/B,iBAAiB,EAAE,MAAM,CAAC,YAAY,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7D,SAAS,CAAC,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;IACpC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,SAEc,eAAe;;uCAqFjB,eAAe;;yBAUf,OAAO;EAsCnB"}
@@ -1,7 +1,7 @@
1
1
  /// <reference types="node" />
2
+ /// <reference types="koa" />
2
3
  import { EventEmitter } from 'node:events';
3
- import 'alp-router';
4
- import type { Context, NodeConfig } from 'alp-types';
4
+ import type { Context, NodeConfig } from 'alp-node';
5
5
  import type { Strategy as Oauth2Strategy } from '../../../strategies/strategies.d';
6
6
  import type { AccountId, User, Account, UserSanitized } from '../../types';
7
7
  import type UserAccountsService from '../user/UserAccountsService';
@@ -1 +1 @@
1
- {"version":3,"file":"AuthenticationService.d.ts","sourceRoot":"","sources":["../../../../src/services/authentification/AuthenticationService.ts"],"names":[],"mappings":";AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAErD,OAAO,KAAK,EAAE,QAAQ,IAAI,cAAc,EAAE,MAAM,kCAAkC,CAAC;AACnF,OAAO,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE3E,OAAO,KAAK,mBAAmB,MAAM,6BAA6B,CAAC;AACnE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAI3D,MAAM,WAAW,sBAAsB;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,UAAU,CAAC,YAAY,SAAS,mBAAmB,IAAI,MAAM,CACvE,YAAY,EACZ,cAAc,CAAC,GAAG,CAAC,CACpB,CAAC;AAEF,MAAM,WAAW,mBAAmB,CAAC,YAAY,EAAE,CAAC,SAAS,IAAI,GAAG,IAAI;IACtE,iBAAiB,CAAC,EAAE,CAAC,WAAW,SAAS,YAAY,EACnD,QAAQ,EAAE,WAAW,EACrB,YAAY,EAAE,CAAC,KACZ,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAE1B,gBAAgB,CAAC,EAAE,CAAC,WAAW,SAAS,YAAY,EAClD,QAAQ,EAAE,WAAW,EACrB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,CAAC,KACJ,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC3B;AAED,qBAAa,qBAAqB,CAChC,YAAY,SAAS,mBAAmB,EACxC,CAAC,SAAS,IAAI,GAAG,IAAI,EACrB,UAAU,SAAS,aAAa,GAAG,aAAa,CAEhD,SAAQ,YAAY;IACpB,MAAM,EAAE,UAAU,CAAC;IAEnB,UAAU,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC;IAErC,mBAAmB,EAAE,mBAAmB,CAAC,YAAY,EAAE,CAAC,EAAE,UAAU,CAAC,CAAC;gBAGpE,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,UAAU,CAAC,YAAY,CAAC,EACpC,mBAAmB,EAAE,mBAAmB,CAAC,YAAY,EAAE,CAAC,EAAE,UAAU,CAAC;IAQvE,eAAe,CAAC,CAAC,SAAS,YAAY,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,GAAG,GAAG,MAAM;IAWnE,SAAS,CACb,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,gBAAgB,GACxB,OAAO,CAAC,MAAM,CAAC;IAmCZ,YAAY,CAChB,QAAQ,EAAE,YAAY,EACtB,WAAW,EAAE;QAAE,YAAY,EAAE,MAAM,CAAA;KAAE,GACpC,OAAO,CAAC,MAAM,CAAC;IAgClB,WAAW,CAAC,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM;IAS7C,eAAe,CACnB,GAAG,EAAE,OAAO,EACZ,QAAQ,EAAE,YAAY,EACtB,EACE,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,SAAS,GACV,EAAE;QACD,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAClC,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAC9B,IAAI,CAAC,EAAE,CAAC,CAAC;QACT,SAAS,CAAC,EAAE,SAAS,CAAC;KACvB,EACD,MAAM,CAAC,EAAE,GAAG,GACX,OAAO,CAAC,IAAI,CAAC;IAuCV,cAAc,CAAC,WAAW,SAAS,YAAY,EACnD,GAAG,EAAE,OAAO,EACZ,QAAQ,EAAE,WAAW,EACrB,UAAU,EAAE,OAAO,EACnB,KAAK,EAAE,mBAAmB,CAAC,YAAY,EAAE,CAAC,CAAC,GAC1C,OAAO,CAAC,CAAC,CAAC;IAgEb,oBAAoB,CAAC,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;CAsBlE"}
1
+ {"version":3,"file":"AuthenticationService.d.ts","sourceRoot":"","sources":["../../../../src/services/authentification/AuthenticationService.ts"],"names":[],"mappings":";;AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEpD,OAAO,KAAK,EAAE,QAAQ,IAAI,cAAc,EAAE,MAAM,kCAAkC,CAAC;AACnF,OAAO,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE3E,OAAO,KAAK,mBAAmB,MAAM,6BAA6B,CAAC;AACnE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAI3D,MAAM,WAAW,sBAAsB;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,UAAU,CAAC,YAAY,SAAS,mBAAmB,IAAI,MAAM,CACvE,YAAY,EACZ,cAAc,CAAC,GAAG,CAAC,CACpB,CAAC;AAEF,MAAM,WAAW,mBAAmB,CAAC,YAAY,EAAE,CAAC,SAAS,IAAI,GAAG,IAAI;IACtE,iBAAiB,CAAC,EAAE,CAAC,WAAW,SAAS,YAAY,EACnD,QAAQ,EAAE,WAAW,EACrB,YAAY,EAAE,CAAC,KACZ,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAE1B,gBAAgB,CAAC,EAAE,CAAC,WAAW,SAAS,YAAY,EAClD,QAAQ,EAAE,WAAW,EACrB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,CAAC,KACJ,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC3B;AAED,qBAAa,qBAAqB,CAChC,YAAY,SAAS,mBAAmB,EACxC,CAAC,SAAS,IAAI,GAAG,IAAI,EACrB,UAAU,SAAS,aAAa,GAAG,aAAa,CAEhD,SAAQ,YAAY;IACpB,MAAM,EAAE,UAAU,CAAC;IAEnB,UAAU,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC;IAErC,mBAAmB,EAAE,mBAAmB,CAAC,YAAY,EAAE,CAAC,EAAE,UAAU,CAAC,CAAC;gBAGpE,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,UAAU,CAAC,YAAY,CAAC,EACpC,mBAAmB,EAAE,mBAAmB,CAAC,YAAY,EAAE,CAAC,EAAE,UAAU,CAAC;IAQvE,eAAe,CAAC,CAAC,SAAS,YAAY,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,GAAG,GAAG,MAAM;IAWnE,SAAS,CACb,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,gBAAgB,GACxB,OAAO,CAAC,MAAM,CAAC;IAmCZ,YAAY,CAChB,QAAQ,EAAE,YAAY,EACtB,WAAW,EAAE;QAAE,YAAY,EAAE,MAAM,CAAA;KAAE,GACpC,OAAO,CAAC,MAAM,CAAC;IAgClB,WAAW,CAAC,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM;IAS7C,eAAe,CACnB,GAAG,EAAE,OAAO,EACZ,QAAQ,EAAE,YAAY,EACtB,EACE,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,SAAS,GACV,EAAE;QACD,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAClC,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAC9B,IAAI,CAAC,EAAE,CAAC,CAAC;QACT,SAAS,CAAC,EAAE,SAAS,CAAC;KACvB,EACD,MAAM,CAAC,EAAE,GAAG,GACX,OAAO,CAAC,IAAI,CAAC;IAuCV,cAAc,CAAC,WAAW,SAAS,YAAY,EACnD,GAAG,EAAE,OAAO,EACZ,QAAQ,EAAE,WAAW,EACrB,UAAU,EAAE,OAAO,EACnB,KAAK,EAAE,mBAAmB,CAAC,YAAY,EAAE,CAAC,CAAC,GAC1C,OAAO,CAAC,CAAC,CAAC;IAoEb,oBAAoB,CAAC,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;CAsBlE"}
@@ -1,4 +1,5 @@
1
- import type { GoogleParams, SlackParams } from 'alp-types';
1
+ export type GoogleParams = 'access_type' | 'include_granted_scopes' | 'login_hint' | 'prompt';
2
+ export type SlackParams = 'client_id' | 'team';
2
3
  export type AllowedStrategyKeys = 'google' | 'slack';
3
4
  export interface AllowedMapParamsStrategy {
4
5
  google: GoogleParams;
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/services/authentification/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAE3D,MAAM,MAAM,mBAAmB,GAAG,QAAQ,GAAG,OAAO,CAAC;AAErD,MAAM,WAAW,wBAAwB;IACvC,MAAM,EAAE,YAAY,CAAC;IACrB,KAAK,EAAE,WAAW,CAAC;CACpB;AAED,MAAM,WAAW,MAAM;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;CACjB"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/services/authentification/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GACpB,aAAa,GACb,wBAAwB,GACxB,YAAY,GACZ,QAAQ,CAAC;AACb,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,MAAM,CAAC;AAE/C,MAAM,MAAM,mBAAmB,GAAG,QAAQ,GAAG,OAAO,CAAC;AAErD,MAAM,WAAW,wBAAwB;IACvC,MAAM,EAAE,YAAY,CAAC;IACrB,KAAK,EAAE,WAAW,CAAC;CACpB;AAED,MAAM,WAAW,MAAM;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;CACjB"}
@@ -2,7 +2,6 @@ import { promisify } from 'node:util';
2
2
  import jsonwebtoken from 'jsonwebtoken';
3
3
  import { Logger } from 'nightingale-logger';
4
4
  import { EventEmitter } from 'node:events';
5
- import 'alp-router';
6
5
  import { randomBytes } from 'node:crypto';
7
6
  import Cookies from 'cookies';
8
7
 
@@ -26,7 +25,7 @@ function createAuthController({
26
25
  */
27
26
  async addScope(ctx) {
28
27
  if (!ctx.state.loggedInUser) {
29
- await ctx.redirectTo(homeRouterKey);
28
+ ctx.redirectTo(homeRouterKey);
30
29
  return;
31
30
  }
32
31
  const strategy = ctx.namedParam('strategy') || defaultStrategy;
@@ -46,11 +45,11 @@ function createAuthController({
46
45
  });
47
46
  const keyPath = usersManager.store.keyPath;
48
47
  await ctx.setLoggedIn(loggedInUser[keyPath], loggedInUser);
49
- await ctx.redirectTo(homeRouterKey);
48
+ ctx.redirectTo(homeRouterKey);
50
49
  },
51
50
  async logout(ctx) {
52
51
  ctx.logout();
53
- await ctx.redirectTo(homeRouterKey);
52
+ ctx.redirectTo(homeRouterKey);
54
53
  }
55
54
  };
56
55
  }
@@ -200,30 +199,28 @@ class AuthenticationService extends EventEmitter {
200
199
  access_type: refreshToken ? 'offline' : 'online',
201
200
  ...params
202
201
  });
203
- return ctx.redirect(redirectUri);
202
+ ctx.redirect(redirectUri);
204
203
  }
205
204
  async accessResponse(ctx, strategy, isLoggedIn, hooks) {
206
- if (ctx.query.error) {
207
- const error = new Error(ctx.query.error);
208
- error.status = 403;
209
- error.expose = true;
210
- throw error;
211
- }
212
- const code = ctx.query.code;
213
- const state = ctx.query.state;
205
+ const errorParam = ctx.params.queryParam('error').notEmpty();
206
+ if (errorParam.isValid()) {
207
+ ctx.throw(errorParam.value, 403);
208
+ }
209
+ const code = ctx.validParams.queryParam('code').notEmpty().value;
210
+ const state = ctx.validParams.queryParam('state').notEmpty().value;
214
211
  const cookieName = `auth_${strategy}_${state}`;
215
- let cookie = ctx.cookies.get(cookieName);
212
+ const cookie = ctx.cookies.get(cookieName);
216
213
  ctx.cookies.set(cookieName, '', {
217
214
  expires: new Date(1)
218
215
  });
219
216
  if (!cookie) {
220
217
  throw new Error('No cookie for this state');
221
218
  }
222
- cookie = JSON.parse(cookie);
223
- if (!cookie?.scope) {
219
+ const parsedCookie = JSON.parse(cookie);
220
+ if (!parsedCookie?.scope) {
224
221
  throw new Error('Unexpected cookie value');
225
222
  }
226
- if (!cookie.isLoginAccess) {
223
+ if (!parsedCookie.isLoginAccess) {
227
224
  if (!isLoggedIn) {
228
225
  throw new Error('You are not connected');
229
226
  }
@@ -232,8 +229,8 @@ class AuthenticationService extends EventEmitter {
232
229
  code,
233
230
  redirectUri: this.redirectUri(ctx, strategy)
234
231
  });
235
- if (cookie.isLoginAccess) {
236
- const user = await this.userAccountsService.findOrCreateFromStrategy(strategy, tokens, cookie.scope, cookie.scopeKey);
232
+ if (parsedCookie.isLoginAccess) {
233
+ const user = await this.userAccountsService.findOrCreateFromStrategy(strategy, tokens, parsedCookie.scope, parsedCookie.scopeKey);
237
234
  if (hooks.afterLoginSuccess) {
238
235
  await hooks.afterLoginSuccess(strategy, user);
239
236
  }
@@ -243,9 +240,9 @@ class AuthenticationService extends EventEmitter {
243
240
  const {
244
241
  account,
245
242
  user
246
- } = await this.userAccountsService.update(loggedInUser, strategy, tokens, cookie.scope, cookie.scopeKey);
243
+ } = await this.userAccountsService.update(loggedInUser, strategy, tokens, parsedCookie.scope, parsedCookie.scopeKey);
247
244
  if (hooks.afterScopeUpdate) {
248
- await hooks.afterScopeUpdate(strategy, cookie.scopeKey, account, user);
245
+ await hooks.afterScopeUpdate(strategy, parsedCookie.scopeKey, account, user);
249
246
  }
250
247
  return loggedInUser;
251
248
  }
@@ -1 +1 @@
1
- {"version":3,"file":"index-node18.mjs","sources":["../src/createAuthController.ts","../src/createRoutes.ts","../src/utils/generators.ts","../src/services/authentification/AuthenticationService.ts","../src/services/user/UserAccountsService.ts","../src/utils/cookies.ts","../src/utils/createFindLoggedInUser.ts","../src/MongoUsersManager.ts","../src/services/user/UserAccountGoogleService.ts","../src/services/user/UserAccountSlackService.ts","../src/authSocketIO.ts","../src/authApolloContext.ts","../src/index.ts"],"sourcesContent":["import type { AlpRouteRef } from 'alp-router';\nimport type { Context } from 'alp-types';\nimport type MongoUsersManager from './MongoUsersManager';\nimport type {\n AuthenticationService,\n AccessResponseHooks,\n} from './services/authentification/AuthenticationService';\nimport type {\n AllowedStrategyKeys,\n AllowedMapParamsStrategy,\n} from './services/authentification/types';\nimport type { User, UserSanitized } from './types';\n\nexport interface CreateAuthControllerParams<\n StrategyKeys extends AllowedStrategyKeys,\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n> {\n authenticationService: AuthenticationService<StrategyKeys, U, UserSanitized>;\n homeRouterKey?: string;\n usersManager: MongoUsersManager<U, USanitized>;\n defaultStrategy?: StrategyKeys;\n authHooks?: AuthHooks<StrategyKeys>;\n}\n\nexport interface AuthController {\n login: AlpRouteRef;\n addScope: AlpRouteRef;\n response: AlpRouteRef;\n logout: AlpRouteRef;\n}\n\ntype OptionalRecord<K extends keyof any, T> = { [P in K]?: T };\n\nexport interface AuthHooks<StrategyKeys extends AllowedStrategyKeys>\n extends AccessResponseHooks<StrategyKeys> {\n paramsForLogin?: <StrategyKey extends StrategyKeys>(\n strategy: StrategyKey,\n ctx: Context,\n ) =>\n | OptionalRecord<AllowedMapParamsStrategy[StrategyKey], any>\n | Promise<OptionalRecord<AllowedMapParamsStrategy[StrategyKey], any>>\n | Promise<void>\n // eslint-disable-next-line @typescript-eslint/no-invalid-void-type\n | void;\n}\n\nexport function createAuthController<\n StrategyKeys extends AllowedStrategyKeys,\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n>({\n usersManager,\n authenticationService,\n homeRouterKey = '/',\n defaultStrategy,\n authHooks = {},\n}: CreateAuthControllerParams<StrategyKeys, U, USanitized>): AuthController {\n return {\n async login(ctx: Context): Promise<void> {\n const strategy: StrategyKeys = (ctx.namedParam('strategy') ||\n defaultStrategy) as StrategyKeys;\n if (!strategy) throw new Error('Strategy missing');\n const params =\n (authHooks.paramsForLogin &&\n (await authHooks.paramsForLogin(strategy, ctx))) ||\n {};\n await authenticationService.redirectAuthUrl(ctx, strategy, {}, params);\n },\n\n /**\n * Add scope in existing\n * The user must already be connected\n */\n async addScope(ctx: Context): Promise<void> {\n if (!ctx.state.loggedInUser) {\n await ctx.redirectTo(homeRouterKey);\n return;\n }\n\n const strategy: StrategyKeys = (ctx.namedParam('strategy') ||\n defaultStrategy) as StrategyKeys;\n if (!strategy) throw new Error('Strategy missing');\n const scopeKey = ctx.namedParam('scopeKey');\n if (!scopeKey) throw new Error('Scope missing');\n await authenticationService.redirectAuthUrl(ctx, strategy, { scopeKey });\n },\n\n async response(ctx: Context): Promise<void> {\n const strategy: StrategyKeys = ctx.namedParam('strategy') as StrategyKeys;\n ctx.assert(strategy);\n\n const loggedInUser = await authenticationService.accessResponse(\n ctx,\n strategy,\n !!ctx.state.loggedInUser,\n {\n afterLoginSuccess: authHooks.afterLoginSuccess,\n afterScopeUpdate: authHooks.afterScopeUpdate,\n },\n );\n const keyPath = usersManager.store.keyPath;\n await ctx.setLoggedIn(loggedInUser[keyPath], loggedInUser);\n await ctx.redirectTo(homeRouterKey);\n },\n\n async logout(ctx: Context): Promise<void> {\n ctx.logout();\n await ctx.redirectTo(homeRouterKey);\n },\n };\n}\n","import type { AuthController } from './createAuthController';\n\nexport interface AuthRoutes {\n login: [string, (segment: any) => void];\n addScope: [string, AuthController['addScope']];\n logout: [string, AuthController['logout']];\n}\n\nexport const createRoutes = (controller: AuthController): AuthRoutes => ({\n login: [\n '/login/:strategy?',\n (segment: any) => {\n segment.add('/response', controller.response, 'authResponse');\n segment.defaultRoute(controller.login, 'login');\n },\n ],\n addScope: ['/add-scope/:strategy/:scopeKey', controller.addScope],\n logout: ['/logout', controller.logout],\n});\n","import { randomBytes } from 'node:crypto';\nimport { promisify } from 'node:util';\n\nconst randomBytesPromisified = promisify(randomBytes);\n\nexport async function randomBase64(size: number): Promise<string> {\n const buffer = await randomBytesPromisified(size);\n return buffer.toString('base64');\n}\n\nexport async function randomHex(size: number): Promise<string> {\n const buffer = await randomBytesPromisified(size);\n return buffer.toString('hex');\n}\n","/* eslint-disable @typescript-eslint/no-unsafe-argument */\n/* eslint-disable @typescript-eslint/explicit-module-boundary-types */\n/* eslint-disable @typescript-eslint/no-unsafe-assignment */\n/* eslint-disable camelcase, max-lines */\nimport { EventEmitter } from 'node:events';\nimport 'alp-router';\nimport type { Context, NodeConfig } from 'alp-types';\nimport { Logger } from 'nightingale-logger';\nimport type { Strategy as Oauth2Strategy } from '../../../strategies/strategies.d';\nimport type { AccountId, User, Account, UserSanitized } from '../../types';\nimport { randomHex } from '../../utils/generators';\nimport type UserAccountsService from '../user/UserAccountsService';\nimport type { AllowedStrategyKeys, Tokens } from './types';\n\nconst logger = new Logger('alp:auth:authentication');\n\nexport interface GenerateAuthUrlOptions {\n accessType?: string;\n grantType?: string;\n includeGrantedScopes?: boolean;\n loginHint?: string;\n prompt?: string;\n redirectUri?: string;\n scope?: string;\n state?: string;\n}\n\nexport interface GetTokensOptions {\n code: string;\n redirectUri: string;\n}\n\nexport type Strategies<StrategyKeys extends AllowedStrategyKeys> = Record<\n StrategyKeys,\n Oauth2Strategy<any>\n>;\n\nexport interface AccessResponseHooks<StrategyKeys, U extends User = User> {\n afterLoginSuccess?: <StrategyKey extends StrategyKeys>(\n strategy: StrategyKey,\n loggedInUser: U,\n ) => Promise<void> | void;\n\n afterScopeUpdate?: <StrategyKey extends StrategyKeys>(\n strategy: StrategyKey,\n scopeKey: string,\n account: Account,\n user: U,\n ) => Promise<void> | void;\n}\n\nexport class AuthenticationService<\n StrategyKeys extends AllowedStrategyKeys,\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n // eslint-disable-next-line unicorn/prefer-event-target\n> extends EventEmitter {\n config: NodeConfig;\n\n strategies: Strategies<StrategyKeys>;\n\n userAccountsService: UserAccountsService<StrategyKeys, U, USanitized>;\n\n constructor(\n config: NodeConfig,\n strategies: Strategies<StrategyKeys>,\n userAccountsService: UserAccountsService<StrategyKeys, U, USanitized>,\n ) {\n super();\n this.config = config;\n this.strategies = strategies;\n this.userAccountsService = userAccountsService;\n }\n\n generateAuthUrl<T extends StrategyKeys>(strategy: T, params: any): string {\n logger.debug('generateAuthUrl', { strategy, params });\n const strategyInstance = this.strategies[strategy];\n switch (strategyInstance.type) {\n case 'oauth2':\n return strategyInstance.oauth2.authorizationCode.authorizeURL(params);\n default:\n throw new Error('Invalid strategy');\n }\n }\n\n async getTokens(\n strategy: StrategyKeys,\n options: GetTokensOptions,\n ): Promise<Tokens> {\n logger.debug('getTokens', { strategy, options });\n const strategyInstance = this.strategies[strategy];\n switch (strategyInstance.type) {\n case 'oauth2': {\n const result = await strategyInstance.oauth2.authorizationCode.getToken(\n {\n code: options.code,\n redirect_uri: options.redirectUri,\n },\n );\n if (!result) return result;\n const tokens = result.token;\n\n return {\n accessToken: tokens.access_token as string,\n refreshToken: tokens.refresh_token as string,\n tokenType: tokens.token_type as string,\n expiresIn: tokens.expires_in as number,\n expireDate: (() => {\n if (tokens.expires_in == null) return null;\n const d = new Date();\n d.setTime(d.getTime() + (tokens.expires_in as number) * 1000);\n return d;\n })(),\n idToken: tokens.id_token as string,\n };\n // return strategyInstance.accessToken.create(result);\n }\n\n default:\n throw new Error('Invalid stategy');\n }\n }\n\n async refreshToken(\n strategy: StrategyKeys,\n tokensParam: { refreshToken: string },\n ): Promise<Tokens> {\n logger.debug('refreshToken', { strategy });\n if (!tokensParam.refreshToken) {\n throw new Error('Missing refresh token');\n }\n const strategyInstance = this.strategies[strategy];\n switch (strategyInstance.type) {\n case 'oauth2': {\n const token = strategyInstance.oauth2.clientCredentials.createToken({\n refresh_token: tokensParam.refreshToken,\n });\n const result = await token.refresh();\n const tokens = result.token;\n return {\n accessToken: tokens.access_token as string,\n tokenType: tokens.token_type as string,\n expiresIn: tokens.expires_in as number,\n expireDate: (() => {\n if (tokens.expires_in == null) return null;\n const d = new Date();\n d.setTime(d.getTime() + (tokens.expires_in as number) * 1000);\n return d;\n })(),\n idToken: tokens.id_token as string,\n };\n }\n\n default:\n throw new Error('Invalid stategy');\n }\n }\n\n redirectUri(ctx: Context, strategy: string): string {\n const host = `http${this.config.get('allowHttps') ? 's' : ''}://${\n ctx.request.host\n }`;\n return `${host}${ctx.urlGenerator('authResponse', {\n strategy,\n })}`;\n }\n\n async redirectAuthUrl(\n ctx: Context,\n strategy: StrategyKeys,\n {\n refreshToken,\n scopeKey,\n user,\n accountId,\n }: {\n refreshToken?: string | undefined;\n scopeKey?: string | undefined;\n user?: U;\n accountId?: AccountId;\n },\n params?: any,\n ): Promise<void> {\n logger.debug('redirectAuthUrl', { strategy, scopeKey, refreshToken });\n const state = await randomHex(8);\n const isLoginAccess = !scopeKey || scopeKey === 'login';\n const scope = this.userAccountsService.getScope(\n strategy,\n scopeKey || 'login',\n user,\n accountId,\n );\n\n if (!scope) {\n throw new Error('Invalid empty scope');\n }\n\n ctx.cookies.set(\n `auth_${strategy}_${state}`,\n JSON.stringify({\n scopeKey,\n scope,\n isLoginAccess,\n }),\n {\n maxAge: 10 * 60 * 1000,\n httpOnly: true,\n secure: this.config.get('allowHttps'),\n },\n );\n const redirectUri = this.generateAuthUrl(strategy, {\n redirect_uri: this.redirectUri(ctx, strategy),\n scope,\n state,\n access_type: refreshToken ? 'offline' : 'online',\n ...params,\n });\n\n return ctx.redirect(redirectUri);\n }\n\n async accessResponse<StrategyKey extends StrategyKeys>(\n ctx: Context,\n strategy: StrategyKey,\n isLoggedIn: boolean,\n hooks: AccessResponseHooks<StrategyKeys, U>,\n ): Promise<U> {\n if (ctx.query.error) {\n const error: any = new Error(ctx.query.error);\n error.status = 403;\n error.expose = true;\n throw error;\n }\n\n const code = ctx.query.code;\n const state = ctx.query.state;\n const cookieName = `auth_${strategy}_${state as string}`;\n let cookie = ctx.cookies.get(cookieName);\n ctx.cookies.set(cookieName, '', { expires: new Date(1) });\n if (!cookie) {\n throw new Error('No cookie for this state');\n }\n\n cookie = JSON.parse(cookie);\n if (!cookie?.scope) {\n throw new Error('Unexpected cookie value');\n }\n\n if (!cookie.isLoginAccess) {\n if (!isLoggedIn) {\n throw new Error('You are not connected');\n }\n }\n\n const tokens: Tokens = await this.getTokens(strategy, {\n code,\n redirectUri: this.redirectUri(ctx, strategy),\n });\n\n if (cookie.isLoginAccess) {\n const user = await this.userAccountsService.findOrCreateFromStrategy(\n strategy,\n tokens,\n cookie.scope,\n cookie.scopeKey,\n );\n\n if (hooks.afterLoginSuccess) {\n await hooks.afterLoginSuccess(strategy, user);\n }\n\n return user;\n }\n\n const loggedInUser = ctx.state.loggedInUser as U;\n const { account, user } = await this.userAccountsService.update(\n loggedInUser,\n strategy,\n tokens,\n cookie.scope,\n cookie.scopeKey,\n );\n\n if (hooks.afterScopeUpdate) {\n await hooks.afterScopeUpdate(strategy, cookie.scopeKey, account, user);\n }\n\n return loggedInUser;\n }\n\n refreshAccountTokens(user: U, account: Account): Promise<boolean> {\n if (\n account.tokenExpireDate &&\n account.tokenExpireDate.getTime() > Date.now()\n ) {\n return Promise.resolve(false);\n }\n return this.refreshToken(account.provider as StrategyKeys, {\n // accessToken: account.accessToken,\n refreshToken: account.refreshToken!,\n }).then((tokens: Tokens) => {\n if (!tokens) {\n // serviceGoogle.updateFields({ accessToken:null, refreshToken:null, status: .OUTDATED });\n return false;\n }\n account.accessToken = tokens.accessToken;\n account.tokenExpireDate = tokens.expireDate;\n return this.userAccountsService\n .updateAccount(user, account)\n .then(() => true);\n });\n }\n}\n","/* eslint-disable @typescript-eslint/no-shadow */\nimport { EventEmitter } from 'node:events';\nimport { Logger } from 'nightingale-logger';\nimport type MongoUsersManager from '../../MongoUsersManager';\nimport type { AccountId, User, Account, UserSanitized } from '../../types';\nimport type { AllowedStrategyKeys } from '../authentification/types';\nimport type { AccountService, TokensObject } from './types';\n\nconst logger = new Logger('alp:auth:userAccounts');\n\nexport const STATUSES = {\n VALIDATED: 'validated',\n DELETED: 'deleted',\n};\n\nexport default class UserAccountsService<\n StrategyKeys extends AllowedStrategyKeys,\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n // eslint-disable-next-line unicorn/prefer-event-target\n> extends EventEmitter {\n private readonly strategyToService: Record<StrategyKeys, AccountService<any>>;\n\n usersManager: MongoUsersManager<U, USanitized>;\n\n constructor(\n usersManager: MongoUsersManager<U, USanitized>,\n strategyToService: Record<StrategyKeys, AccountService<any>>,\n ) {\n super();\n this.usersManager = usersManager;\n this.strategyToService = strategyToService;\n }\n\n getScope(\n strategy: StrategyKeys,\n scopeKey: string,\n user?: U,\n accountId?: AccountId,\n ): string {\n logger.debug('getScope', { strategy, userId: user?._id });\n const service = this.strategyToService[strategy];\n if (!service) {\n throw new Error('Strategy not supported');\n }\n\n const newScope = service.scopeKeyToScope[scopeKey];\n if (!user || !accountId) {\n return newScope;\n }\n const account = user.accounts.find(\n (account) =>\n account.provider === strategy && account.accountId === accountId,\n );\n\n if (!account) {\n throw new Error('Could not found associated account');\n }\n return service.getScope(account.scope, newScope).join(' ');\n }\n\n async update(\n user: U,\n strategy: StrategyKeys,\n tokens: TokensObject,\n scope: string,\n subservice: string,\n ): Promise<{ user: U; account: U['accounts'][number] }> {\n const service = this.strategyToService[strategy];\n const profile = await service.getProfile(tokens);\n const accountId = service.getId(profile);\n const account = user.accounts.find(\n (account) =>\n account.provider === strategy && account.accountId === accountId,\n );\n if (!account) {\n // TODO check if already exists in other user => merge\n // TODO else add a new account in this user\n throw new Error('Could not found associated account');\n }\n account.status = 'valid';\n account.accessToken = tokens.accessToken;\n if (tokens.refreshToken) {\n account.refreshToken = tokens.refreshToken;\n }\n if (tokens.expireDate !== undefined) {\n account.tokenExpireDate = tokens.expireDate;\n }\n account.scope = service.getScope(account.scope, scope);\n account.subservices = account.subservices || [];\n if (subservice && !account.subservices.includes(subservice)) {\n account.subservices.push(subservice);\n }\n\n await this.usersManager.replaceOne(user);\n return { user, account };\n }\n\n async findOrCreateFromStrategy(\n strategy: StrategyKeys,\n tokens: TokensObject,\n scope: string,\n subservice: string,\n ): Promise<U> {\n const service = this.strategyToService[strategy];\n if (!service) throw new Error('Strategy not supported');\n\n const profile = await service.getProfile(tokens);\n const accountId = service.getId(profile);\n if (!accountId) throw new Error('Invalid profile: no id found');\n\n const emails = service.getEmails(profile);\n\n let user: Partial<U> | undefined =\n await this.usersManager.findOneByAccountOrEmails({\n provider: service.providerKey,\n accountId,\n emails,\n });\n\n logger.info(!user ? 'create user' : 'existing user', {\n userId: user?._id,\n accountId,\n /*emails , user*/\n });\n\n if (!user) {\n user = {};\n }\n\n Object.assign(user, {\n displayName: service.getDisplayName(profile),\n fullName: service.getFullName(profile),\n status: STATUSES.VALIDATED,\n });\n\n if (!user.accounts) user.accounts = [];\n\n let account: Partial<Account> | undefined = user.accounts.find(\n (account: Account) =>\n account.provider === strategy && account.accountId === accountId,\n );\n\n if (!account) {\n account = { provider: strategy, accountId };\n // @ts-expect-error well...\n user.accounts.push(account);\n }\n\n account.name = service.getAccountName(profile);\n account.status = 'valid';\n account.profile = profile;\n account.accessToken = tokens.accessToken;\n if (tokens.refreshToken) {\n account.refreshToken = tokens.refreshToken;\n }\n if (tokens.expireDate !== undefined) {\n account.tokenExpireDate = tokens.expireDate;\n }\n account.scope = service.getScope(account.scope, scope);\n\n if (!account.subservices) account.subservices = [];\n if (subservice && !account.subservices.includes(subservice)) {\n account.subservices.push(subservice);\n }\n\n if (!user.emails) user.emails = [];\n const userEmails = user.emails;\n emails.forEach((email: string) => {\n if (!userEmails.includes(email)) {\n userEmails.push(email);\n }\n });\n\n user.emailDomains = [\n // eslint-disable-next-line unicorn/no-array-reduce\n ...user.emails.reduce(\n (domains: Set<string>, email: string) =>\n domains.add(email.split('@', 2)[1]),\n new Set<string>(),\n ),\n ];\n\n const keyPath = this.usersManager.store.keyPath;\n\n if (user[keyPath]) {\n await this.usersManager.replaceOne(user as U);\n } else {\n await this.usersManager.insertOne(user as U);\n }\n\n return user as U;\n }\n\n async updateAccount(user: U, account: Account): Promise<U> {\n await this.usersManager.updateAccount(user, account);\n return user;\n }\n}\n","import type { IncomingMessage } from 'node:http';\nimport type { Option } from 'cookies';\nimport Cookies from 'cookies';\n\nexport const COOKIE_NAME_TOKEN = 'loggedInUserToken';\nexport const COOKIE_NAME_STATE = 'loggedInUserState';\n\nexport const getTokenFromRequest = (\n req: IncomingMessage,\n options?: Pick<Option, Exclude<keyof Option, 'secure'>>,\n): string | undefined => {\n if (req.headers.authorization?.startsWith('Bearer ')) {\n return req.headers.authorization.slice('Bearer '.length);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n const cookies = new Cookies(req, null as unknown as any, {\n ...options,\n secure: true,\n });\n\n return cookies.get(COOKIE_NAME_TOKEN);\n};\n","import { promisify } from 'node:util';\nimport type {\n GetPublicKeyOrSecret,\n Secret,\n VerifyCallback,\n VerifyOptions,\n} from 'jsonwebtoken';\nimport jsonwebtoken from 'jsonwebtoken';\nimport type { Logger } from 'nightingale-logger';\nimport type MongoUsersManager from '../MongoUsersManager';\nimport type { User, UserSanitized } from '../types';\n\ntype Verify = (\n token: string,\n secretOrPublicKey: GetPublicKeyOrSecret | Secret,\n options?: VerifyOptions,\n callback?: VerifyCallback,\n) => void;\n\nconst verifyPromisified = promisify<\n Parameters<Verify>[0],\n Parameters<Verify>[1],\n Parameters<Verify>[2],\n Parameters<VerifyCallback>[1]\n>(jsonwebtoken.verify as Verify);\n\nconst createDecodeJWT =\n (secretKey: string) =>\n async (token: string, jwtAudience: string): Promise<string | undefined> => {\n const result = await verifyPromisified(token, secretKey, {\n algorithms: ['HS512'],\n audience: jwtAudience,\n });\n return (result as any)?.loggedInUserId as string | undefined;\n };\n\nexport type FindLoggedInUser<U extends User> = (\n jwtAudience?: string,\n token?: string,\n) => Promise<[U['_id'] | null | undefined, U | null | undefined]>;\n\nexport const createFindLoggedInUser = <\n U extends User,\n USanitized extends UserSanitized,\n>(\n secretKey: string,\n usersManager: MongoUsersManager<U, USanitized>,\n logger: Logger,\n): FindLoggedInUser<U> => {\n const decodeJwt = createDecodeJWT(secretKey);\n\n const findLoggedInUser: FindLoggedInUser<U> = async (jwtAudience, token) => {\n if (!token || !jwtAudience) return [null, null];\n\n let loggedInUserId;\n try {\n loggedInUserId = await decodeJwt(token, jwtAudience);\n } catch (error: unknown) {\n logger.debug('failed to verify authentification', { err: error });\n }\n\n if (loggedInUserId == null) return [null, null];\n\n const loggedInUser = await usersManager.findById(loggedInUserId);\n\n if (!loggedInUser) return [null, null];\n\n return [loggedInUserId, loggedInUser];\n };\n\n return findLoggedInUser;\n};\n","import type { MongoInsertType, MongoStore, Update } from 'liwi-mongo';\nimport type { User, Account, UserSanitized } from './types';\n\nexport default class MongoUsersManager<\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n> {\n store: MongoStore<U>;\n\n constructor(store: MongoStore<U>) {\n this.store = store;\n }\n\n /** @deprecated use findById instead */\n findConnected(connected: string): Promise<U | undefined> {\n return this.store.findByKey(connected);\n }\n\n findById(userId: string): Promise<U | undefined> {\n return this.store.findByKey(userId);\n }\n\n insertOne(user: MongoInsertType<U>): Promise<any> {\n return this.store.insertOne(user);\n }\n\n replaceOne(user: U): Promise<any> {\n return this.store.replaceOne(user);\n }\n\n sanitize(user: U): USanitized {\n return this.sanitizeBaseUser(user) as USanitized;\n }\n\n findOneByAccountOrEmails({\n accountId,\n emails,\n provider,\n }: {\n accountId: number | string;\n emails?: string[];\n provider: string;\n }): Promise<U | undefined> {\n let query: any = {\n 'accounts.provider': provider,\n 'accounts.accountId': accountId,\n };\n\n if (emails && emails.length > 0) {\n query = {\n $or: [\n query,\n {\n emails: { $in: emails },\n },\n ],\n };\n }\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n return this.store.findOne(query);\n }\n\n updateAccount(user: U, account: Account): Promise<U> {\n const accountIndex = user.accounts.indexOf(account);\n if (accountIndex === -1) {\n throw new Error('Invalid account');\n }\n\n return this.store.partialUpdateOne(user, {\n $set: {\n [`accounts.${accountIndex}`]: account,\n },\n } as Update<U>);\n }\n\n // eslint-disable-next-line @typescript-eslint/class-methods-use-this\n sanitizeBaseUser(user: U): UserSanitized {\n return {\n _id: user._id,\n created: user.created,\n updated: user.updated,\n displayName: user.displayName,\n fullName: user.fullName,\n status: user.status,\n emails: user.emails,\n emailDomains: user.emailDomains,\n accounts: user.accounts.map((account: Account) => ({\n provider: account.provider,\n accountId: account.accountId,\n name: account.name,\n status: account.status,\n profile: account.profile,\n })),\n };\n }\n}\n","/* eslint-disable @typescript-eslint/class-methods-use-this */\n/* eslint-disable @typescript-eslint/no-unsafe-argument */\n/* eslint-disable @typescript-eslint/explicit-module-boundary-types */\nimport type { Tokens } from '../authentification/types';\nimport type { AccountService, FullName } from './types';\n\nexport default class UserAccountGoogleService<ScopeKeys extends 'login'>\n implements AccountService<ScopeKeys>\n{\n scopeKeyToScope: Record<ScopeKeys, string>;\n\n constructor(scopeKeyToScope: Record<Exclude<'login', ScopeKeys>, string>) {\n this.scopeKeyToScope = {\n ...scopeKeyToScope,\n login: 'openid profile email',\n };\n }\n\n providerKey = 'google';\n\n getProfile(tokens: Tokens): Promise<any> {\n return fetch(\n `https://www.googleapis.com/oauth2/v1/userinfo?access_token=${tokens.accessToken}`,\n ).then((response) => response.json());\n }\n\n getId(profile: any): any {\n return profile.id;\n }\n\n getAccountName(profile: any): string | null | undefined {\n return profile.email;\n }\n\n getEmails(profile: any): string[] {\n const emails: string[] = [];\n\n if (profile.email) {\n emails.push(profile.email);\n }\n\n return emails;\n }\n\n getDisplayName(profile: any): string | null | undefined {\n return profile.name;\n }\n\n getFullName(profile: any): FullName {\n return {\n givenName: profile.given_name,\n familyName: profile.family_name,\n };\n }\n\n getDefaultScope(newScope: string): string[] {\n return this.getScope(undefined, newScope);\n }\n\n getScope(oldScope: string[] | undefined, newScope: string): string[] {\n return !oldScope\n ? newScope.split(' ')\n : [...oldScope, ...newScope.split(' ')].filter(\n (item, i, ar) => ar.indexOf(item) === i,\n );\n }\n}\n","/* eslint-disable @typescript-eslint/class-methods-use-this */\n/* eslint-disable @typescript-eslint/explicit-module-boundary-types */\nimport type { Tokens } from '../authentification/types';\nimport type { AccountService, FullName } from './types';\n\n// https://api.slack.com/methods/users.identity\n\nexport default class UserAccountSlackService<ScopeKeys extends 'login'>\n implements AccountService<ScopeKeys>\n{\n scopeKeyToScope: Record<ScopeKeys, string>;\n\n constructor(scopeKeyToScope: Record<Exclude<'login', ScopeKeys>, string>) {\n this.scopeKeyToScope = {\n ...scopeKeyToScope,\n login: 'identity.basic identity.email identity.avatar',\n };\n }\n\n providerKey = 'google';\n\n getProfile(tokens: Tokens): Promise<any> {\n return fetch(\n `https://slack.com/api/users.identity?token=${tokens.accessToken}`,\n ).then((response) => response.json());\n }\n\n getId(profile: any): string | null {\n if (!profile?.team?.id || !profile.user?.id) {\n return null;\n }\n return `team:${profile.team.id as string};user:${\n profile.user.id as string\n }`;\n }\n\n getAccountName(profile: any): string | null | undefined {\n return profile.user.email;\n }\n\n getEmails(profile: any): string[] {\n return profile.user.email ? [profile.user.email] : [];\n }\n\n getDisplayName(profile: any): string | null | undefined {\n return profile.user.name;\n }\n\n getFullName(profile: any): FullName | null {\n return null;\n }\n\n getDefaultScope(newScope: string): string[] {\n return this.getScope(undefined, newScope);\n }\n\n getScope(oldScope: string[] | undefined, newScope: string): string[] {\n return !oldScope\n ? newScope.split(' ')\n : [...oldScope, ...newScope.split(' ')].filter(\n (item, i, ar) => ar.indexOf(item) === i,\n );\n }\n}\n","import type { NodeApplication } from 'alp-types';\nimport { Logger } from 'nightingale-logger';\nimport type MongoUsersManager from './MongoUsersManager';\nimport type { User } from './types';\nimport { getTokenFromRequest } from './utils/cookies';\nimport { createFindLoggedInUser } from './utils/createFindLoggedInUser';\n\nconst logger = new Logger('alp:auth');\n\nexport const authSocketIO = <U extends User = User>(\n app: NodeApplication,\n usersManager: MongoUsersManager<U>,\n // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types\n io: any,\n jwtAudience?: string,\n): void => {\n const findLoggedInUser = createFindLoggedInUser(\n app.config.get<Map<string, string>>('authentication').get('secretKey')!,\n usersManager,\n logger,\n );\n\n const users = new Map();\n io.users = users;\n\n io.use(async (socket: any, next: any) => {\n const handshakeData = socket.request;\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n const token = getTokenFromRequest(handshakeData);\n\n if (!token) return next();\n\n const [loggedInUserId, loggedInUser] = await findLoggedInUser(\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n jwtAudience || handshakeData.headers['user-agent'],\n token,\n );\n\n if (!loggedInUserId || !loggedInUser) return next();\n\n socket.user = loggedInUser;\n users.set(socket.client.id, loggedInUser);\n\n socket.on('disconnected', () => users.delete(socket.client.id));\n\n await next();\n });\n};\n","import type { IncomingMessage } from 'node:http';\nimport type { NodeConfig } from 'alp-types';\nimport { Logger } from 'nightingale-logger';\nimport type MongoUsersManager from './MongoUsersManager';\nimport type { User } from './types';\nimport { getTokenFromRequest, COOKIE_NAME_TOKEN } from './utils/cookies';\nimport { createFindLoggedInUser } from './utils/createFindLoggedInUser';\n\nconst logger = new Logger('alp:auth');\n\nconst getTokenFromReq = (\n req: IncomingMessage & { cookies?: Record<string, string> },\n): string | undefined => {\n if (req.cookies) return req.cookies[COOKIE_NAME_TOKEN];\n return getTokenFromRequest(req);\n};\n\n/*\n * Not tested yet.\n * @internal\n */\nexport const createAuthApolloContext = <U extends User = User>(\n config: NodeConfig,\n usersManager: MongoUsersManager<U>,\n): any => {\n const findLoggedInUser = createFindLoggedInUser(\n config.get<Map<string, string>>('authentication').get('secretKey')!,\n usersManager,\n logger,\n );\n\n return async ({ req, connection }: { req: any; connection: any }) => {\n if (connection?.loggedInUser) {\n return { user: connection.loggedInUser };\n }\n\n if (!req) return null;\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n const token = getTokenFromReq(req);\n\n if (!token) return { user: undefined };\n\n const [, loggedInUser] = await findLoggedInUser(\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n req.headers['user-agent'],\n token,\n );\n\n return { user: loggedInUser };\n };\n};\n","/* eslint-disable max-lines */\nimport type { IncomingMessage } from 'node:http';\nimport { promisify } from 'node:util';\nimport type { Context } from 'alp-node';\nimport type { ContextState, NodeApplication } from 'alp-types';\nimport jsonwebtoken from 'jsonwebtoken';\nimport { Logger } from 'nightingale-logger';\nimport type MongoUsersManager from './MongoUsersManager';\nimport type {\n AuthController as AuthControllerType,\n AuthHooks,\n} from './createAuthController';\nimport { createAuthController } from './createAuthController';\nimport type { AuthRoutes as AuthRoutesType } from './createRoutes';\nimport { createRoutes } from './createRoutes';\nimport type { Strategies } from './services/authentification/AuthenticationService';\nimport { AuthenticationService } from './services/authentification/AuthenticationService';\nimport type { AllowedStrategyKeys } from './services/authentification/types';\nimport UserAccountsService from './services/user/UserAccountsService';\nimport type { AccountService } from './services/user/types';\nimport type { User, UserSanitized } from './types';\nimport {\n getTokenFromRequest,\n COOKIE_NAME_TOKEN,\n COOKIE_NAME_STATE,\n} from './utils/cookies';\nimport { createFindLoggedInUser } from './utils/createFindLoggedInUser';\n\nexport { default as MongoUsersManager } from './MongoUsersManager';\nexport { default as UserAccountGoogleService } from './services/user/UserAccountGoogleService';\nexport { default as UserAccountSlackService } from './services/user/UserAccountSlackService';\nexport { authSocketIO } from './authSocketIO';\nexport { createAuthApolloContext } from './authApolloContext';\nexport { STATUSES } from './services/user/UserAccountsService';\n\nexport * from './types';\n\ndeclare module 'alp-types' {\n // eslint-disable-next-line @typescript-eslint/no-shadow\n interface ContextState {\n loggedInUserId:\n | NonNullable<ContextState['loggedInUser']>['_id']\n | null\n | undefined;\n loggedInUser: User | null | undefined;\n }\n\n interface ContextSanitizedState {\n loggedInUserId:\n | NonNullable<ContextSanitizedState['loggedInUser']>['_id']\n | null\n | undefined;\n loggedInUser: UserSanitized | null | undefined;\n }\n\n interface BaseContext {\n setLoggedIn: (\n loggedInUserId: NonNullable<ContextState['loggedInUserId']>,\n loggedInUser: NonNullable<ContextState['loggedInUser']>,\n ) => Promise<void>;\n logout: () => void;\n }\n}\n\nconst logger = new Logger('alp:auth');\n\nconst signPromisified: any = promisify(jsonwebtoken.sign);\n\nexport type AuthController = AuthControllerType;\nexport type AuthRoutes = AuthRoutesType;\nexport { AuthenticationService } from './services/authentification/AuthenticationService';\n\nexport default function init<\n StrategyKeys extends AllowedStrategyKeys = 'google',\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n>({\n homeRouterKey,\n usersManager,\n strategies,\n defaultStrategy,\n strategyToService,\n authHooks,\n jwtAudience,\n}: {\n homeRouterKey?: string;\n usersManager: MongoUsersManager<U, USanitized>;\n strategies: Strategies<StrategyKeys>;\n defaultStrategy?: StrategyKeys;\n strategyToService: Record<StrategyKeys, AccountService<any>>;\n authHooks?: AuthHooks<StrategyKeys>;\n jwtAudience?: string;\n}) {\n // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types\n return (app: NodeApplication) => {\n const userAccountsService = new UserAccountsService(\n usersManager,\n strategyToService,\n );\n\n const authenticationService = new AuthenticationService(\n app.config,\n strategies,\n userAccountsService,\n );\n\n const controller = createAuthController({\n usersManager,\n authenticationService,\n homeRouterKey,\n defaultStrategy,\n authHooks,\n });\n\n app.context.setLoggedIn = async function (\n this: Context,\n loggedInUserId: NonNullable<ContextState['loggedInUser']>['_id'],\n loggedInUser: NonNullable<ContextState['loggedInUser']>,\n ): Promise<void> {\n logger.debug('setLoggedIn', { loggedInUser });\n if (!loggedInUserId) {\n throw new Error('Illegal value for setLoggedIn');\n }\n\n this.state.loggedInUserId = loggedInUserId;\n this.state.loggedInUser = loggedInUser;\n\n const token = await signPromisified(\n { loggedInUserId, time: Date.now() },\n this.config\n .get<Map<string, unknown>>('authentication')\n .get('secretKey'),\n {\n algorithm: 'HS512',\n audience: jwtAudience || this.request.headers['user-agent'],\n expiresIn: '30 days',\n },\n );\n\n const calcExpiresTime = (): number => {\n const date = new Date();\n date.setDate(date.getDate() + 30);\n return date.getTime();\n };\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n this.cookies.set(COOKIE_NAME_TOKEN, token, {\n httpOnly: true,\n secure: this.config.get('allowHttps'),\n });\n\n this.cookies.set(\n COOKIE_NAME_STATE,\n JSON.stringify({ loggedInUserId, expiresIn: calcExpiresTime() }),\n {\n httpOnly: false,\n secure: this.config.get('allowHttps'),\n },\n );\n };\n\n app.context.logout = function (this: Context): void {\n delete this.state.loggedInUserId;\n delete this.state.loggedInUser;\n this.cookies.set(COOKIE_NAME_TOKEN, '', { expires: new Date(1) });\n this.cookies.set(COOKIE_NAME_STATE, '', { expires: new Date(1) });\n };\n\n const findLoggedInUser = createFindLoggedInUser(\n app.config\n .get<Map<string, unknown>>('authentication')\n .get('secretKey') as string,\n usersManager,\n logger,\n );\n\n return {\n routes: createRoutes(controller),\n findLoggedInUserFromRequest: (\n req: IncomingMessage,\n ): ReturnType<typeof findLoggedInUser> => {\n const token = getTokenFromRequest(req);\n return findLoggedInUser(\n jwtAudience || req.headers['user-agent'],\n token,\n );\n },\n findLoggedInUser,\n middleware: async <T>(\n ctx: Context,\n next: () => Promise<T> | T,\n ): Promise<T> => {\n const token = ctx.cookies.get(COOKIE_NAME_TOKEN);\n const userAgent = ctx.request.headers['user-agent'];\n logger.debug('middleware', { token });\n\n const setState = (\n loggedInUserId: U['_id'] | null | undefined,\n loggedInUser: U | null | undefined,\n ): void => {\n ctx.state.loggedInUserId = loggedInUserId;\n ctx.state.user = loggedInUser;\n ctx.sanitizedState.loggedInUserId = loggedInUserId;\n ctx.sanitizedState.loggedInUser =\n loggedInUser && usersManager.sanitize(loggedInUser);\n };\n\n const [loggedInUserId, loggedInUser] = await findLoggedInUser(\n jwtAudience || userAgent,\n token,\n );\n logger.debug('middleware', { loggedInUserId });\n\n if (loggedInUserId == null || loggedInUser == null) {\n if (token) {\n ctx.cookies.set(COOKIE_NAME_TOKEN, '', { expires: new Date(1) });\n ctx.cookies.set(COOKIE_NAME_STATE, '', { expires: new Date(1) });\n }\n setState(null, null);\n return next();\n }\n\n setState(loggedInUserId, loggedInUser);\n return next();\n },\n };\n };\n}\n"],"names":["createAuthController","usersManager","authenticationService","homeRouterKey","defaultStrategy","authHooks","login","ctx","strategy","namedParam","Error","params","paramsForLogin","redirectAuthUrl","addScope","state","loggedInUser","redirectTo","scopeKey","response","assert","accessResponse","afterLoginSuccess","afterScopeUpdate","keyPath","store","setLoggedIn","logout","createRoutes","controller","segment","add","defaultRoute","randomBytesPromisified","promisify","randomBytes","randomHex","size","buffer","toString","logger","Logger","AuthenticationService","EventEmitter","constructor","config","strategies","userAccountsService","generateAuthUrl","debug","strategyInstance","type","oauth2","authorizationCode","authorizeURL","getTokens","options","result","getToken","code","redirect_uri","redirectUri","tokens","token","accessToken","access_token","refreshToken","refresh_token","tokenType","token_type","expiresIn","expires_in","expireDate","d","Date","setTime","getTime","idToken","id_token","tokensParam","clientCredentials","createToken","refresh","host","get","request","urlGenerator","user","accountId","scope","getScope","cookies","set","JSON","stringify","isLoginAccess","maxAge","httpOnly","secure","access_type","redirect","isLoggedIn","hooks","query","error","status","expose","cookieName","cookie","expires","parse","findOrCreateFromStrategy","account","update","refreshAccountTokens","tokenExpireDate","now","Promise","resolve","provider","then","updateAccount","STATUSES","VALIDATED","DELETED","UserAccountsService","strategyToService","userId","_id","service","newScope","scopeKeyToScope","accounts","find","join","subservice","profile","getProfile","getId","undefined","subservices","includes","push","replaceOne","emails","getEmails","findOneByAccountOrEmails","providerKey","info","Object","assign","displayName","getDisplayName","fullName","getFullName","name","getAccountName","userEmails","forEach","email","emailDomains","reduce","domains","split","Set","insertOne","COOKIE_NAME_TOKEN","COOKIE_NAME_STATE","getTokenFromRequest","req","headers","authorization","startsWith","slice","Cookies","verifyPromisified","jsonwebtoken","verify","createDecodeJWT","secretKey","jwtAudience","algorithms","audience","loggedInUserId","createFindLoggedInUser","decodeJwt","err","findById","MongoUsersManager","findConnected","connected","findByKey","sanitize","sanitizeBaseUser","length","$or","$in","findOne","accountIndex","indexOf","partialUpdateOne","$set","created","updated","map","UserAccountGoogleService","fetch","json","id","givenName","given_name","familyName","family_name","getDefaultScope","oldScope","filter","item","i","ar","UserAccountSlackService","team","authSocketIO","app","io","findLoggedInUser","users","Map","use","socket","next","handshakeData","client","on","delete","getTokenFromReq","createAuthApolloContext","connection","signPromisified","sign","init","context","time","algorithm","date","setDate","getDate","routes","findLoggedInUserFromRequest","middleware","userAgent","setState","sanitizedState"],"mappings":";;;;;;;;AA+CO,SAASA,oBAAoBA,CAIlC;EACAC,YAAY;EACZC,qBAAqB;AACrBC,EAAAA,aAAa,GAAG,GAAG;EACnBC,eAAe;AACfC,EAAAA,SAAS,GAAG,EAAC;AAC0C,CAAC,EAAkB;EAC1E,OAAO;IACL,MAAMC,KAAKA,CAACC,GAAY,EAAiB;MACvC,MAAMC,QAAsB,GAAID,GAAG,CAACE,UAAU,CAAC,UAAU,CAAC,IACxDL,eAAgC,CAAA;MAClC,IAAI,CAACI,QAAQ,EAAE,MAAM,IAAIE,KAAK,CAAC,kBAAkB,CAAC,CAAA;AAClD,MAAA,MAAMC,MAAM,GACTN,SAAS,CAACO,cAAc,KACtB,MAAMP,SAAS,CAACO,cAAc,CAACJ,QAAQ,EAAED,GAAG,CAAC,CAAC,IACjD,EAAE,CAAA;AACJ,MAAA,MAAML,qBAAqB,CAACW,eAAe,CAACN,GAAG,EAAEC,QAAQ,EAAE,EAAE,EAAEG,MAAM,CAAC,CAAA;KACvE;AAED;AACJ;AACA;AACA;IACI,MAAMG,QAAQA,CAACP,GAAY,EAAiB;AAC1C,MAAA,IAAI,CAACA,GAAG,CAACQ,KAAK,CAACC,YAAY,EAAE;AAC3B,QAAA,MAAMT,GAAG,CAACU,UAAU,CAACd,aAAa,CAAC,CAAA;AACnC,QAAA,OAAA;AACF,OAAA;MAEA,MAAMK,QAAsB,GAAID,GAAG,CAACE,UAAU,CAAC,UAAU,CAAC,IACxDL,eAAgC,CAAA;MAClC,IAAI,CAACI,QAAQ,EAAE,MAAM,IAAIE,KAAK,CAAC,kBAAkB,CAAC,CAAA;AAClD,MAAA,MAAMQ,QAAQ,GAAGX,GAAG,CAACE,UAAU,CAAC,UAAU,CAAC,CAAA;MAC3C,IAAI,CAACS,QAAQ,EAAE,MAAM,IAAIR,KAAK,CAAC,eAAe,CAAC,CAAA;AAC/C,MAAA,MAAMR,qBAAqB,CAACW,eAAe,CAACN,GAAG,EAAEC,QAAQ,EAAE;AAAEU,QAAAA,QAAAA;AAAS,OAAC,CAAC,CAAA;KACzE;IAED,MAAMC,QAAQA,CAACZ,GAAY,EAAiB;AAC1C,MAAA,MAAMC,QAAsB,GAAGD,GAAG,CAACE,UAAU,CAAC,UAAU,CAAiB,CAAA;AACzEF,MAAAA,GAAG,CAACa,MAAM,CAACZ,QAAQ,CAAC,CAAA;AAEpB,MAAA,MAAMQ,YAAY,GAAG,MAAMd,qBAAqB,CAACmB,cAAc,CAC7Dd,GAAG,EACHC,QAAQ,EACR,CAAC,CAACD,GAAG,CAACQ,KAAK,CAACC,YAAY,EACxB;QACEM,iBAAiB,EAAEjB,SAAS,CAACiB,iBAAiB;QAC9CC,gBAAgB,EAAElB,SAAS,CAACkB,gBAAAA;AAC9B,OACF,CAAC,CAAA;AACD,MAAA,MAAMC,OAAO,GAAGvB,YAAY,CAACwB,KAAK,CAACD,OAAO,CAAA;MAC1C,MAAMjB,GAAG,CAACmB,WAAW,CAACV,YAAY,CAACQ,OAAO,CAAC,EAAER,YAAY,CAAC,CAAA;AAC1D,MAAA,MAAMT,GAAG,CAACU,UAAU,CAACd,aAAa,CAAC,CAAA;KACpC;IAED,MAAMwB,MAAMA,CAACpB,GAAY,EAAiB;MACxCA,GAAG,CAACoB,MAAM,EAAE,CAAA;AACZ,MAAA,MAAMpB,GAAG,CAACU,UAAU,CAACd,aAAa,CAAC,CAAA;AACrC,KAAA;GACD,CAAA;AACH;;ACvGO,MAAMyB,YAAY,GAAIC,UAA0B,KAAkB;AACvEvB,EAAAA,KAAK,EAAE,CACL,mBAAmB,EAClBwB,OAAY,IAAK;IAChBA,OAAO,CAACC,GAAG,CAAC,WAAW,EAAEF,UAAU,CAACV,QAAQ,EAAE,cAAc,CAAC,CAAA;IAC7DW,OAAO,CAACE,YAAY,CAACH,UAAU,CAACvB,KAAK,EAAE,OAAO,CAAC,CAAA;AACjD,GAAC,CACF;AACDQ,EAAAA,QAAQ,EAAE,CAAC,gCAAgC,EAAEe,UAAU,CAACf,QAAQ,CAAC;AACjEa,EAAAA,MAAM,EAAE,CAAC,SAAS,EAAEE,UAAU,CAACF,MAAM,CAAA;AACvC,CAAC,CAAC;;ACfF,MAAMM,sBAAsB,GAAGC,SAAS,CAACC,WAAW,CAAC,CAAA;AAO9C,eAAeC,SAASA,CAACC,IAAY,EAAmB;AAC7D,EAAA,MAAMC,MAAM,GAAG,MAAML,sBAAsB,CAACI,IAAI,CAAC,CAAA;AACjD,EAAA,OAAOC,MAAM,CAACC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC/B;;ACbA;AACA;AACA;AACA;AAWA,MAAMC,QAAM,GAAG,IAAIC,MAAM,CAAC,yBAAyB,CAAC,CAAA;AAqC7C,MAAMC,qBAAqB,SAKxBC,YAAY,CAAC;AAOrBC,EAAAA,WAAWA,CACTC,MAAkB,EAClBC,UAAoC,EACpCC,mBAAqE,EACrE;AACA,IAAA,KAAK,EAAE,CAAA;IACP,IAAI,CAACF,MAAM,GAAGA,MAAM,CAAA;IACpB,IAAI,CAACC,UAAU,GAAGA,UAAU,CAAA;IAC5B,IAAI,CAACC,mBAAmB,GAAGA,mBAAmB,CAAA;AAChD,GAAA;AAEAC,EAAAA,eAAeA,CAAyBxC,QAAW,EAAEG,MAAW,EAAU;AACxE6B,IAAAA,QAAM,CAACS,KAAK,CAAC,iBAAiB,EAAE;MAAEzC,QAAQ;AAAEG,MAAAA,MAAAA;AAAO,KAAC,CAAC,CAAA;AACrD,IAAA,MAAMuC,gBAAgB,GAAG,IAAI,CAACJ,UAAU,CAACtC,QAAQ,CAAC,CAAA;IAClD,QAAQ0C,gBAAgB,CAACC,IAAI;AAC3B,MAAA,KAAK,QAAQ;QACX,OAAOD,gBAAgB,CAACE,MAAM,CAACC,iBAAiB,CAACC,YAAY,CAAC3C,MAAM,CAAC,CAAA;AACvE,MAAA;AACE,QAAA,MAAM,IAAID,KAAK,CAAC,kBAAkB,CAAC,CAAA;AACvC,KAAA;AACF,GAAA;AAEA,EAAA,MAAM6C,SAASA,CACb/C,QAAsB,EACtBgD,OAAyB,EACR;AACjBhB,IAAAA,QAAM,CAACS,KAAK,CAAC,WAAW,EAAE;MAAEzC,QAAQ;AAAEgD,MAAAA,OAAAA;AAAQ,KAAC,CAAC,CAAA;AAChD,IAAA,MAAMN,gBAAgB,GAAG,IAAI,CAACJ,UAAU,CAACtC,QAAQ,CAAC,CAAA;IAClD,QAAQ0C,gBAAgB,CAACC,IAAI;AAC3B,MAAA,KAAK,QAAQ;AAAE,QAAA;UACb,MAAMM,MAAM,GAAG,MAAMP,gBAAgB,CAACE,MAAM,CAACC,iBAAiB,CAACK,QAAQ,CACrE;YACEC,IAAI,EAAEH,OAAO,CAACG,IAAI;YAClBC,YAAY,EAAEJ,OAAO,CAACK,WAAAA;AACxB,WACF,CAAC,CAAA;AACD,UAAA,IAAI,CAACJ,MAAM,EAAE,OAAOA,MAAM,CAAA;AAC1B,UAAA,MAAMK,MAAM,GAAGL,MAAM,CAACM,KAAK,CAAA;UAE3B,OAAO;YACLC,WAAW,EAAEF,MAAM,CAACG,YAAsB;YAC1CC,YAAY,EAAEJ,MAAM,CAACK,aAAuB;YAC5CC,SAAS,EAAEN,MAAM,CAACO,UAAoB;YACtCC,SAAS,EAAER,MAAM,CAACS,UAAoB;YACtCC,UAAU,EAAE,CAAC,MAAM;AACjB,cAAA,IAAIV,MAAM,CAACS,UAAU,IAAI,IAAI,EAAE,OAAO,IAAI,CAAA;AAC1C,cAAA,MAAME,CAAC,GAAG,IAAIC,IAAI,EAAE,CAAA;AACpBD,cAAAA,CAAC,CAACE,OAAO,CAACF,CAAC,CAACG,OAAO,EAAE,GAAId,MAAM,CAACS,UAAU,GAAc,IAAI,CAAC,CAAA;AAC7D,cAAA,OAAOE,CAAC,CAAA;AACV,aAAC,GAAG;YACJI,OAAO,EAAEf,MAAM,CAACgB,QAAAA;WACjB,CAAA;AACD;AACF,SAAA;AAEA,MAAA;AACE,QAAA,MAAM,IAAIpE,KAAK,CAAC,iBAAiB,CAAC,CAAA;AACtC,KAAA;AACF,GAAA;AAEA,EAAA,MAAMwD,YAAYA,CAChB1D,QAAsB,EACtBuE,WAAqC,EACpB;AACjBvC,IAAAA,QAAM,CAACS,KAAK,CAAC,cAAc,EAAE;AAAEzC,MAAAA,QAAAA;AAAS,KAAC,CAAC,CAAA;AAC1C,IAAA,IAAI,CAACuE,WAAW,CAACb,YAAY,EAAE;AAC7B,MAAA,MAAM,IAAIxD,KAAK,CAAC,uBAAuB,CAAC,CAAA;AAC1C,KAAA;AACA,IAAA,MAAMwC,gBAAgB,GAAG,IAAI,CAACJ,UAAU,CAACtC,QAAQ,CAAC,CAAA;IAClD,QAAQ0C,gBAAgB,CAACC,IAAI;AAC3B,MAAA,KAAK,QAAQ;AAAE,QAAA;UACb,MAAMY,KAAK,GAAGb,gBAAgB,CAACE,MAAM,CAAC4B,iBAAiB,CAACC,WAAW,CAAC;YAClEd,aAAa,EAAEY,WAAW,CAACb,YAAAA;AAC7B,WAAC,CAAC,CAAA;AACF,UAAA,MAAMT,MAAM,GAAG,MAAMM,KAAK,CAACmB,OAAO,EAAE,CAAA;AACpC,UAAA,MAAMpB,MAAM,GAAGL,MAAM,CAACM,KAAK,CAAA;UAC3B,OAAO;YACLC,WAAW,EAAEF,MAAM,CAACG,YAAsB;YAC1CG,SAAS,EAAEN,MAAM,CAACO,UAAoB;YACtCC,SAAS,EAAER,MAAM,CAACS,UAAoB;YACtCC,UAAU,EAAE,CAAC,MAAM;AACjB,cAAA,IAAIV,MAAM,CAACS,UAAU,IAAI,IAAI,EAAE,OAAO,IAAI,CAAA;AAC1C,cAAA,MAAME,CAAC,GAAG,IAAIC,IAAI,EAAE,CAAA;AACpBD,cAAAA,CAAC,CAACE,OAAO,CAACF,CAAC,CAACG,OAAO,EAAE,GAAId,MAAM,CAACS,UAAU,GAAc,IAAI,CAAC,CAAA;AAC7D,cAAA,OAAOE,CAAC,CAAA;AACV,aAAC,GAAG;YACJI,OAAO,EAAEf,MAAM,CAACgB,QAAAA;WACjB,CAAA;AACH,SAAA;AAEA,MAAA;AACE,QAAA,MAAM,IAAIpE,KAAK,CAAC,iBAAiB,CAAC,CAAA;AACtC,KAAA;AACF,GAAA;AAEAmD,EAAAA,WAAWA,CAACtD,GAAY,EAAEC,QAAgB,EAAU;IAClD,MAAM2E,IAAI,GAAI,CAAM,IAAA,EAAA,IAAI,CAACtC,MAAM,CAACuC,GAAG,CAAC,YAAY,CAAC,GAAG,GAAG,GAAG,EAAG,CAAA,GAAA,EAC3D7E,GAAG,CAAC8E,OAAO,CAACF,IACb,CAAC,CAAA,CAAA;IACF,OAAQ,CAAA,EAAEA,IAAK,CAAE5E,EAAAA,GAAG,CAAC+E,YAAY,CAAC,cAAc,EAAE;AAChD9E,MAAAA,QAAAA;AACF,KAAC,CAAE,CAAC,CAAA,CAAA;AACN,GAAA;AAEA,EAAA,MAAMK,eAAeA,CACnBN,GAAY,EACZC,QAAsB,EACtB;IACE0D,YAAY;IACZhD,QAAQ;IACRqE,IAAI;AACJC,IAAAA,SAAAA;GAMD,EACD7E,MAAY,EACG;AACf6B,IAAAA,QAAM,CAACS,KAAK,CAAC,iBAAiB,EAAE;MAAEzC,QAAQ;MAAEU,QAAQ;AAAEgD,MAAAA,YAAAA;AAAa,KAAC,CAAC,CAAA;AACrE,IAAA,MAAMnD,KAAK,GAAG,MAAMqB,SAAS,CAAC,CAAC,CAAC,CAAA;AAEhC,IAAA,MAAMqD,KAAK,GAAG,IAAI,CAAC1C,mBAAmB,CAAC2C,QAAQ,CAC7ClF,QAAQ,EACRU,QAAQ,IAAI,OAAO,EACnBqE,IAAI,EACJC,SACF,CAAC,CAAA;IAED,IAAI,CAACC,KAAK,EAAE;AACV,MAAA,MAAM,IAAI/E,KAAK,CAAC,qBAAqB,CAAC,CAAA;AACxC,KAAA;AAEAH,IAAAA,GAAG,CAACoF,OAAO,CAACC,GAAG,CACZ,CAAOpF,KAAAA,EAAAA,QAAS,CAAGO,CAAAA,EAAAA,KAAM,CAAC,CAAA,EAC3B8E,IAAI,CAACC,SAAS,CAAC;MACb5E,QAAQ;MACRuE,KAAK;AACLM,MAAAA,aAAa,EAjBK,CAAC7E,QAAQ,IAAIA,QAAQ,KAAK,OAAA;AAkB9C,KAAC,CAAC,EACF;AACE8E,MAAAA,MAAM,EAAgB,MAAA;AACtBC,MAAAA,QAAQ,EAAE,IAAI;AACdC,MAAAA,MAAM,EAAE,IAAI,CAACrD,MAAM,CAACuC,GAAG,CAAC,YAAY,CAAA;AACtC,KACF,CAAC,CAAA;AACD,IAAA,MAAMvB,WAAW,GAAG,IAAI,CAACb,eAAe,CAACxC,QAAQ,EAAE;MACjDoD,YAAY,EAAE,IAAI,CAACC,WAAW,CAACtD,GAAG,EAAEC,QAAQ,CAAC;MAC7CiF,KAAK;MACL1E,KAAK;AACLoF,MAAAA,WAAW,EAAEjC,YAAY,GAAG,SAAS,GAAG,QAAQ;MAChD,GAAGvD,MAAAA;AACL,KAAC,CAAC,CAAA;AAEF,IAAA,OAAOJ,GAAG,CAAC6F,QAAQ,CAACvC,WAAW,CAAC,CAAA;AAClC,GAAA;EAEA,MAAMxC,cAAcA,CAClBd,GAAY,EACZC,QAAqB,EACrB6F,UAAmB,EACnBC,KAA2C,EAC/B;AACZ,IAAA,IAAI/F,GAAG,CAACgG,KAAK,CAACC,KAAK,EAAE;MACnB,MAAMA,KAAU,GAAG,IAAI9F,KAAK,CAACH,GAAG,CAACgG,KAAK,CAACC,KAAK,CAAC,CAAA;MAC7CA,KAAK,CAACC,MAAM,GAAG,GAAG,CAAA;MAClBD,KAAK,CAACE,MAAM,GAAG,IAAI,CAAA;AACnB,MAAA,MAAMF,KAAK,CAAA;AACb,KAAA;AAEA,IAAA,MAAM7C,IAAI,GAAGpD,GAAG,CAACgG,KAAK,CAAC5C,IAAI,CAAA;AAC3B,IAAA,MAAM5C,KAAK,GAAGR,GAAG,CAACgG,KAAK,CAACxF,KAAK,CAAA;AAC7B,IAAA,MAAM4F,UAAU,GAAI,CAAA,KAAA,EAAOnG,QAAS,CAAA,CAAA,EAAGO,KAAgB,CAAC,CAAA,CAAA;IACxD,IAAI6F,MAAM,GAAGrG,GAAG,CAACoF,OAAO,CAACP,GAAG,CAACuB,UAAU,CAAC,CAAA;IACxCpG,GAAG,CAACoF,OAAO,CAACC,GAAG,CAACe,UAAU,EAAE,EAAE,EAAE;AAAEE,MAAAA,OAAO,EAAE,IAAInC,IAAI,CAAC,CAAC,CAAA;AAAE,KAAC,CAAC,CAAA;IACzD,IAAI,CAACkC,MAAM,EAAE;AACX,MAAA,MAAM,IAAIlG,KAAK,CAAC,0BAA0B,CAAC,CAAA;AAC7C,KAAA;AAEAkG,IAAAA,MAAM,GAAGf,IAAI,CAACiB,KAAK,CAACF,MAAM,CAAC,CAAA;AAC3B,IAAA,IAAI,CAACA,MAAM,EAAEnB,KAAK,EAAE;AAClB,MAAA,MAAM,IAAI/E,KAAK,CAAC,yBAAyB,CAAC,CAAA;AAC5C,KAAA;AAEA,IAAA,IAAI,CAACkG,MAAM,CAACb,aAAa,EAAE;MACzB,IAAI,CAACM,UAAU,EAAE;AACf,QAAA,MAAM,IAAI3F,KAAK,CAAC,uBAAuB,CAAC,CAAA;AAC1C,OAAA;AACF,KAAA;IAEA,MAAMoD,MAAc,GAAG,MAAM,IAAI,CAACP,SAAS,CAAC/C,QAAQ,EAAE;MACpDmD,IAAI;AACJE,MAAAA,WAAW,EAAE,IAAI,CAACA,WAAW,CAACtD,GAAG,EAAEC,QAAQ,CAAA;AAC7C,KAAC,CAAC,CAAA;IAEF,IAAIoG,MAAM,CAACb,aAAa,EAAE;MACxB,MAAMR,IAAI,GAAG,MAAM,IAAI,CAACxC,mBAAmB,CAACgE,wBAAwB,CAClEvG,QAAQ,EACRsD,MAAM,EACN8C,MAAM,CAACnB,KAAK,EACZmB,MAAM,CAAC1F,QACT,CAAC,CAAA;MAED,IAAIoF,KAAK,CAAChF,iBAAiB,EAAE;AAC3B,QAAA,MAAMgF,KAAK,CAAChF,iBAAiB,CAACd,QAAQ,EAAE+E,IAAI,CAAC,CAAA;AAC/C,OAAA;AAEA,MAAA,OAAOA,IAAI,CAAA;AACb,KAAA;AAEA,IAAA,MAAMvE,YAAY,GAAGT,GAAG,CAACQ,KAAK,CAACC,YAAiB,CAAA;IAChD,MAAM;MAAEgG,OAAO;AAAEzB,MAAAA,IAAAA;KAAM,GAAG,MAAM,IAAI,CAACxC,mBAAmB,CAACkE,MAAM,CAC7DjG,YAAY,EACZR,QAAQ,EACRsD,MAAM,EACN8C,MAAM,CAACnB,KAAK,EACZmB,MAAM,CAAC1F,QACT,CAAC,CAAA;IAED,IAAIoF,KAAK,CAAC/E,gBAAgB,EAAE;AAC1B,MAAA,MAAM+E,KAAK,CAAC/E,gBAAgB,CAACf,QAAQ,EAAEoG,MAAM,CAAC1F,QAAQ,EAAE8F,OAAO,EAAEzB,IAAI,CAAC,CAAA;AACxE,KAAA;AAEA,IAAA,OAAOvE,YAAY,CAAA;AACrB,GAAA;AAEAkG,EAAAA,oBAAoBA,CAAC3B,IAAO,EAAEyB,OAAgB,EAAoB;AAChE,IAAA,IACEA,OAAO,CAACG,eAAe,IACvBH,OAAO,CAACG,eAAe,CAACvC,OAAO,EAAE,GAAGF,IAAI,CAAC0C,GAAG,EAAE,EAC9C;AACA,MAAA,OAAOC,OAAO,CAACC,OAAO,CAAC,KAAK,CAAC,CAAA;AAC/B,KAAA;AACA,IAAA,OAAO,IAAI,CAACpD,YAAY,CAAC8C,OAAO,CAACO,QAAQ,EAAkB;AACzD;MACArD,YAAY,EAAE8C,OAAO,CAAC9C,YAAAA;AACxB,KAAC,CAAC,CAACsD,IAAI,CAAE1D,MAAc,IAAK;MAC1B,IAAI,CAACA,MAAM,EAAE;AACX;AACA,QAAA,OAAO,KAAK,CAAA;AACd,OAAA;AACAkD,MAAAA,OAAO,CAAChD,WAAW,GAAGF,MAAM,CAACE,WAAW,CAAA;AACxCgD,MAAAA,OAAO,CAACG,eAAe,GAAGrD,MAAM,CAACU,UAAU,CAAA;AAC3C,MAAA,OAAO,IAAI,CAACzB,mBAAmB,CAC5B0E,aAAa,CAAClC,IAAI,EAAEyB,OAAO,CAAC,CAC5BQ,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA;AACrB,KAAC,CAAC,CAAA;AACJ,GAAA;AACF;;ACxTA;AAQA,MAAMhF,QAAM,GAAG,IAAIC,MAAM,CAAC,uBAAuB,CAAC,CAAA;AAE3C,MAAMiF,QAAQ,GAAG;AACtBC,EAAAA,SAAS,EAAE,WAAW;AACtBC,EAAAA,OAAO,EAAE,SAAA;AACX,EAAC;AAEc,MAAMC,mBAAmB,SAK9BlF,YAAY,CAAC;AAKrBC,EAAAA,WAAWA,CACT3C,YAA8C,EAC9C6H,iBAA4D,EAC5D;AACA,IAAA,KAAK,EAAE,CAAA;IACP,IAAI,CAAC7H,YAAY,GAAGA,YAAY,CAAA;IAChC,IAAI,CAAC6H,iBAAiB,GAAGA,iBAAiB,CAAA;AAC5C,GAAA;EAEApC,QAAQA,CACNlF,QAAsB,EACtBU,QAAgB,EAChBqE,IAAQ,EACRC,SAAqB,EACb;AACRhD,IAAAA,QAAM,CAACS,KAAK,CAAC,UAAU,EAAE;MAAEzC,QAAQ;MAAEuH,MAAM,EAAExC,IAAI,EAAEyC,GAAAA;AAAI,KAAC,CAAC,CAAA;AACzD,IAAA,MAAMC,OAAO,GAAG,IAAI,CAACH,iBAAiB,CAACtH,QAAQ,CAAC,CAAA;IAChD,IAAI,CAACyH,OAAO,EAAE;AACZ,MAAA,MAAM,IAAIvH,KAAK,CAAC,wBAAwB,CAAC,CAAA;AAC3C,KAAA;AAEA,IAAA,MAAMwH,QAAQ,GAAGD,OAAO,CAACE,eAAe,CAACjH,QAAQ,CAAC,CAAA;AAClD,IAAA,IAAI,CAACqE,IAAI,IAAI,CAACC,SAAS,EAAE;AACvB,MAAA,OAAO0C,QAAQ,CAAA;AACjB,KAAA;IACA,MAAMlB,OAAO,GAAGzB,IAAI,CAAC6C,QAAQ,CAACC,IAAI,CAC/BrB,OAAO,IACNA,OAAO,CAACO,QAAQ,KAAK/G,QAAQ,IAAIwG,OAAO,CAACxB,SAAS,KAAKA,SAC3D,CAAC,CAAA;IAED,IAAI,CAACwB,OAAO,EAAE;AACZ,MAAA,MAAM,IAAItG,KAAK,CAAC,oCAAoC,CAAC,CAAA;AACvD,KAAA;AACA,IAAA,OAAOuH,OAAO,CAACvC,QAAQ,CAACsB,OAAO,CAACvB,KAAK,EAAEyC,QAAQ,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC,CAAA;AAC5D,GAAA;EAEA,MAAMrB,MAAMA,CACV1B,IAAO,EACP/E,QAAsB,EACtBsD,MAAoB,EACpB2B,KAAa,EACb8C,UAAkB,EACoC;AACtD,IAAA,MAAMN,OAAO,GAAG,IAAI,CAACH,iBAAiB,CAACtH,QAAQ,CAAC,CAAA;IAChD,MAAMgI,OAAO,GAAG,MAAMP,OAAO,CAACQ,UAAU,CAAC3E,MAAM,CAAC,CAAA;AAChD,IAAA,MAAM0B,SAAS,GAAGyC,OAAO,CAACS,KAAK,CAACF,OAAO,CAAC,CAAA;IACxC,MAAMxB,OAAO,GAAGzB,IAAI,CAAC6C,QAAQ,CAACC,IAAI,CAC/BrB,OAAO,IACNA,OAAO,CAACO,QAAQ,KAAK/G,QAAQ,IAAIwG,OAAO,CAACxB,SAAS,KAAKA,SAC3D,CAAC,CAAA;IACD,IAAI,CAACwB,OAAO,EAAE;AACZ;AACA;AACA,MAAA,MAAM,IAAItG,KAAK,CAAC,oCAAoC,CAAC,CAAA;AACvD,KAAA;IACAsG,OAAO,CAACP,MAAM,GAAG,OAAO,CAAA;AACxBO,IAAAA,OAAO,CAAChD,WAAW,GAAGF,MAAM,CAACE,WAAW,CAAA;IACxC,IAAIF,MAAM,CAACI,YAAY,EAAE;AACvB8C,MAAAA,OAAO,CAAC9C,YAAY,GAAGJ,MAAM,CAACI,YAAY,CAAA;AAC5C,KAAA;AACA,IAAA,IAAIJ,MAAM,CAACU,UAAU,KAAKmE,SAAS,EAAE;AACnC3B,MAAAA,OAAO,CAACG,eAAe,GAAGrD,MAAM,CAACU,UAAU,CAAA;AAC7C,KAAA;AACAwC,IAAAA,OAAO,CAACvB,KAAK,GAAGwC,OAAO,CAACvC,QAAQ,CAACsB,OAAO,CAACvB,KAAK,EAAEA,KAAK,CAAC,CAAA;AACtDuB,IAAAA,OAAO,CAAC4B,WAAW,GAAG5B,OAAO,CAAC4B,WAAW,IAAI,EAAE,CAAA;IAC/C,IAAIL,UAAU,IAAI,CAACvB,OAAO,CAAC4B,WAAW,CAACC,QAAQ,CAACN,UAAU,CAAC,EAAE;AAC3DvB,MAAAA,OAAO,CAAC4B,WAAW,CAACE,IAAI,CAACP,UAAU,CAAC,CAAA;AACtC,KAAA;AAEA,IAAA,MAAM,IAAI,CAACtI,YAAY,CAAC8I,UAAU,CAACxD,IAAI,CAAC,CAAA;IACxC,OAAO;MAAEA,IAAI;AAAEyB,MAAAA,OAAAA;KAAS,CAAA;AAC1B,GAAA;EAEA,MAAMD,wBAAwBA,CAC5BvG,QAAsB,EACtBsD,MAAoB,EACpB2B,KAAa,EACb8C,UAAkB,EACN;AACZ,IAAA,MAAMN,OAAO,GAAG,IAAI,CAACH,iBAAiB,CAACtH,QAAQ,CAAC,CAAA;IAChD,IAAI,CAACyH,OAAO,EAAE,MAAM,IAAIvH,KAAK,CAAC,wBAAwB,CAAC,CAAA;IAEvD,MAAM8H,OAAO,GAAG,MAAMP,OAAO,CAACQ,UAAU,CAAC3E,MAAM,CAAC,CAAA;AAChD,IAAA,MAAM0B,SAAS,GAAGyC,OAAO,CAACS,KAAK,CAACF,OAAO,CAAC,CAAA;IACxC,IAAI,CAAChD,SAAS,EAAE,MAAM,IAAI9E,KAAK,CAAC,8BAA8B,CAAC,CAAA;AAE/D,IAAA,MAAMsI,MAAM,GAAGf,OAAO,CAACgB,SAAS,CAACT,OAAO,CAAC,CAAA;IAEzC,IAAIjD,IAA4B,GAC9B,MAAM,IAAI,CAACtF,YAAY,CAACiJ,wBAAwB,CAAC;MAC/C3B,QAAQ,EAAEU,OAAO,CAACkB,WAAW;MAC7B3D,SAAS;AACTwD,MAAAA,MAAAA;AACF,KAAC,CAAC,CAAA;IAEJxG,QAAM,CAAC4G,IAAI,CAAC,CAAC7D,IAAI,GAAG,aAAa,GAAG,eAAe,EAAE;MACnDwC,MAAM,EAAExC,IAAI,EAAEyC,GAAG;AACjBxC,MAAAA,SAAAA;AACA;AACF,KAAC,CAAC,CAAA;IAEF,IAAI,CAACD,IAAI,EAAE;MACTA,IAAI,GAAG,EAAE,CAAA;AACX,KAAA;AAEA8D,IAAAA,MAAM,CAACC,MAAM,CAAC/D,IAAI,EAAE;AAClBgE,MAAAA,WAAW,EAAEtB,OAAO,CAACuB,cAAc,CAAChB,OAAO,CAAC;AAC5CiB,MAAAA,QAAQ,EAAExB,OAAO,CAACyB,WAAW,CAAClB,OAAO,CAAC;MACtC/B,MAAM,EAAEiB,QAAQ,CAACC,SAAAA;AACnB,KAAC,CAAC,CAAA;IAEF,IAAI,CAACpC,IAAI,CAAC6C,QAAQ,EAAE7C,IAAI,CAAC6C,QAAQ,GAAG,EAAE,CAAA;IAEtC,IAAIpB,OAAqC,GAAGzB,IAAI,CAAC6C,QAAQ,CAACC,IAAI,CAC3DrB,OAAgB,IACfA,OAAO,CAACO,QAAQ,KAAK/G,QAAQ,IAAIwG,OAAO,CAACxB,SAAS,KAAKA,SAC3D,CAAC,CAAA;IAED,IAAI,CAACwB,OAAO,EAAE;AACZA,MAAAA,OAAO,GAAG;AAAEO,QAAAA,QAAQ,EAAE/G,QAAQ;AAAEgF,QAAAA,SAAAA;OAAW,CAAA;AAC3C;AACAD,MAAAA,IAAI,CAAC6C,QAAQ,CAACU,IAAI,CAAC9B,OAAO,CAAC,CAAA;AAC7B,KAAA;IAEAA,OAAO,CAAC2C,IAAI,GAAG1B,OAAO,CAAC2B,cAAc,CAACpB,OAAO,CAAC,CAAA;IAC9CxB,OAAO,CAACP,MAAM,GAAG,OAAO,CAAA;IACxBO,OAAO,CAACwB,OAAO,GAAGA,OAAO,CAAA;AACzBxB,IAAAA,OAAO,CAAChD,WAAW,GAAGF,MAAM,CAACE,WAAW,CAAA;IACxC,IAAIF,MAAM,CAACI,YAAY,EAAE;AACvB8C,MAAAA,OAAO,CAAC9C,YAAY,GAAGJ,MAAM,CAACI,YAAY,CAAA;AAC5C,KAAA;AACA,IAAA,IAAIJ,MAAM,CAACU,UAAU,KAAKmE,SAAS,EAAE;AACnC3B,MAAAA,OAAO,CAACG,eAAe,GAAGrD,MAAM,CAACU,UAAU,CAAA;AAC7C,KAAA;AACAwC,IAAAA,OAAO,CAACvB,KAAK,GAAGwC,OAAO,CAACvC,QAAQ,CAACsB,OAAO,CAACvB,KAAK,EAAEA,KAAK,CAAC,CAAA;IAEtD,IAAI,CAACuB,OAAO,CAAC4B,WAAW,EAAE5B,OAAO,CAAC4B,WAAW,GAAG,EAAE,CAAA;IAClD,IAAIL,UAAU,IAAI,CAACvB,OAAO,CAAC4B,WAAW,CAACC,QAAQ,CAACN,UAAU,CAAC,EAAE;AAC3DvB,MAAAA,OAAO,CAAC4B,WAAW,CAACE,IAAI,CAACP,UAAU,CAAC,CAAA;AACtC,KAAA;IAEA,IAAI,CAAChD,IAAI,CAACyD,MAAM,EAAEzD,IAAI,CAACyD,MAAM,GAAG,EAAE,CAAA;AAClC,IAAA,MAAMa,UAAU,GAAGtE,IAAI,CAACyD,MAAM,CAAA;AAC9BA,IAAAA,MAAM,CAACc,OAAO,CAAEC,KAAa,IAAK;AAChC,MAAA,IAAI,CAACF,UAAU,CAAChB,QAAQ,CAACkB,KAAK,CAAC,EAAE;AAC/BF,QAAAA,UAAU,CAACf,IAAI,CAACiB,KAAK,CAAC,CAAA;AACxB,OAAA;AACF,KAAC,CAAC,CAAA;IAEFxE,IAAI,CAACyE,YAAY,GAAG;AAClB;AACA,IAAA,GAAGzE,IAAI,CAACyD,MAAM,CAACiB,MAAM,CACnB,CAACC,OAAoB,EAAEH,KAAa,KAClCG,OAAO,CAACnI,GAAG,CAACgI,KAAK,CAACI,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACrC,IAAIC,GAAG,EACT,CAAC,CACF,CAAA;IAED,MAAM5I,OAAO,GAAG,IAAI,CAACvB,YAAY,CAACwB,KAAK,CAACD,OAAO,CAAA;AAE/C,IAAA,IAAI+D,IAAI,CAAC/D,OAAO,CAAC,EAAE;AACjB,MAAA,MAAM,IAAI,CAACvB,YAAY,CAAC8I,UAAU,CAACxD,IAAS,CAAC,CAAA;AAC/C,KAAC,MAAM;AACL,MAAA,MAAM,IAAI,CAACtF,YAAY,CAACoK,SAAS,CAAC9E,IAAS,CAAC,CAAA;AAC9C,KAAA;AAEA,IAAA,OAAOA,IAAI,CAAA;AACb,GAAA;AAEA,EAAA,MAAMkC,aAAaA,CAAClC,IAAO,EAAEyB,OAAgB,EAAc;IACzD,MAAM,IAAI,CAAC/G,YAAY,CAACwH,aAAa,CAAClC,IAAI,EAAEyB,OAAO,CAAC,CAAA;AACpD,IAAA,OAAOzB,IAAI,CAAA;AACb,GAAA;AACF;;AClMO,MAAM+E,iBAAiB,GAAG,mBAAmB,CAAA;AAC7C,MAAMC,iBAAiB,GAAG,mBAAmB,CAAA;AAE7C,MAAMC,mBAAmB,GAAGA,CACjCC,GAAoB,EACpBjH,OAAuD,KAChC;EACvB,IAAIiH,GAAG,CAACC,OAAO,CAACC,aAAa,EAAEC,UAAU,CAAC,SAAS,CAAC,EAAE;IACpD,OAAOH,GAAG,CAACC,OAAO,CAACC,aAAa,CAACE,KAAK,EAAiB,CAAC,CAAA;AAC1D,GAAA;;AAEA;EACA,MAAMlF,OAAO,GAAG,IAAImF,OAAO,CAACL,GAAG,EAAE,IAAI,EAAoB;AACvD,IAAA,GAAGjH,OAAO;AACV0C,IAAAA,MAAM,EAAE,IAAA;AACV,GAAC,CAAC,CAAA;AAEF,EAAA,OAAOP,OAAO,CAACP,GAAG,CAACkF,iBAAiB,CAAC,CAAA;AACvC,CAAC;;ACHD,MAAMS,iBAAiB,GAAG7I,SAAS,CAKjC8I,YAAY,CAACC,MAAgB,CAAC,CAAA;AAEhC,MAAMC,eAAe,GAClBC,SAAiB,IAClB,OAAOpH,KAAa,EAAEqH,WAAmB,KAAkC;EACzE,MAAM3H,MAAM,GAAG,MAAMsH,iBAAiB,CAAChH,KAAK,EAAEoH,SAAS,EAAE;IACvDE,UAAU,EAAE,CAAC,OAAO,CAAC;AACrBC,IAAAA,QAAQ,EAAEF,WAAAA;AACZ,GAAC,CAAC,CAAA;EACF,OAAQ3H,MAAM,EAAU8H,cAAc,CAAA;AACxC,CAAC,CAAA;AAOI,MAAMC,sBAAsB,GAAGA,CAIpCL,SAAiB,EACjBlL,YAA8C,EAC9CuC,MAAc,KACU;AACxB,EAAA,MAAMiJ,SAAS,GAAGP,eAAe,CAACC,SAAS,CAAC,CAAA;AAqB5C,EAAA,OAnB8C,OAAOC,WAAW,EAAErH,KAAK,KAAK;IAC1E,IAAI,CAACA,KAAK,IAAI,CAACqH,WAAW,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;AAE/C,IAAA,IAAIG,cAAc,CAAA;IAClB,IAAI;AACFA,MAAAA,cAAc,GAAG,MAAME,SAAS,CAAC1H,KAAK,EAAEqH,WAAW,CAAC,CAAA;KACrD,CAAC,OAAO5E,KAAc,EAAE;AACvBhE,MAAAA,MAAM,CAACS,KAAK,CAAC,mCAAmC,EAAE;AAAEyI,QAAAA,GAAG,EAAElF,KAAAA;AAAM,OAAC,CAAC,CAAA;AACnE,KAAA;IAEA,IAAI+E,cAAc,IAAI,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;IAE/C,MAAMvK,YAAY,GAAG,MAAMf,YAAY,CAAC0L,QAAQ,CAACJ,cAAc,CAAC,CAAA;IAEhE,IAAI,CAACvK,YAAY,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;AAEtC,IAAA,OAAO,CAACuK,cAAc,EAAEvK,YAAY,CAAC,CAAA;GACtC,CAAA;AAGH,CAAC;;ACpEc,MAAM4K,iBAAiB,CAGpC;EAGAhJ,WAAWA,CAACnB,KAAoB,EAAE;IAChC,IAAI,CAACA,KAAK,GAAGA,KAAK,CAAA;AACpB,GAAA;;AAEA;EACAoK,aAAaA,CAACC,SAAiB,EAA0B;AACvD,IAAA,OAAO,IAAI,CAACrK,KAAK,CAACsK,SAAS,CAACD,SAAS,CAAC,CAAA;AACxC,GAAA;EAEAH,QAAQA,CAAC5D,MAAc,EAA0B;AAC/C,IAAA,OAAO,IAAI,CAACtG,KAAK,CAACsK,SAAS,CAAChE,MAAM,CAAC,CAAA;AACrC,GAAA;EAEAsC,SAASA,CAAC9E,IAAwB,EAAgB;AAChD,IAAA,OAAO,IAAI,CAAC9D,KAAK,CAAC4I,SAAS,CAAC9E,IAAI,CAAC,CAAA;AACnC,GAAA;EAEAwD,UAAUA,CAACxD,IAAO,EAAgB;AAChC,IAAA,OAAO,IAAI,CAAC9D,KAAK,CAACsH,UAAU,CAACxD,IAAI,CAAC,CAAA;AACpC,GAAA;EAEAyG,QAAQA,CAACzG,IAAO,EAAc;AAC5B,IAAA,OAAO,IAAI,CAAC0G,gBAAgB,CAAC1G,IAAI,CAAC,CAAA;AACpC,GAAA;AAEA2D,EAAAA,wBAAwBA,CAAC;IACvB1D,SAAS;IACTwD,MAAM;AACNzB,IAAAA,QAAAA;AAKF,GAAC,EAA0B;AACzB,IAAA,IAAIhB,KAAU,GAAG;AACf,MAAA,mBAAmB,EAAEgB,QAAQ;AAC7B,MAAA,oBAAoB,EAAE/B,SAAAA;KACvB,CAAA;AAED,IAAA,IAAIwD,MAAM,IAAIA,MAAM,CAACkD,MAAM,GAAG,CAAC,EAAE;AAC/B3F,MAAAA,KAAK,GAAG;QACN4F,GAAG,EAAE,CACH5F,KAAK,EACL;AACEyC,UAAAA,MAAM,EAAE;AAAEoD,YAAAA,GAAG,EAAEpD,MAAAA;AAAO,WAAA;SACvB,CAAA;OAEJ,CAAA;AACH,KAAA;;AAEA;AACA,IAAA,OAAO,IAAI,CAACvH,KAAK,CAAC4K,OAAO,CAAC9F,KAAK,CAAC,CAAA;AAClC,GAAA;AAEAkB,EAAAA,aAAaA,CAAClC,IAAO,EAAEyB,OAAgB,EAAc;IACnD,MAAMsF,YAAY,GAAG/G,IAAI,CAAC6C,QAAQ,CAACmE,OAAO,CAACvF,OAAO,CAAC,CAAA;AACnD,IAAA,IAAIsF,YAAY,KAAK,CAAC,CAAC,EAAE;AACvB,MAAA,MAAM,IAAI5L,KAAK,CAAC,iBAAiB,CAAC,CAAA;AACpC,KAAA;AAEA,IAAA,OAAO,IAAI,CAACe,KAAK,CAAC+K,gBAAgB,CAACjH,IAAI,EAAE;AACvCkH,MAAAA,IAAI,EAAE;QACJ,CAAE,CAAA,SAAA,EAAWH,YAAa,CAAA,CAAC,GAAGtF,OAAAA;AAChC,OAAA;AACF,KAAc,CAAC,CAAA;AACjB,GAAA;;AAEA;EACAiF,gBAAgBA,CAAC1G,IAAO,EAAiB;IACvC,OAAO;MACLyC,GAAG,EAAEzC,IAAI,CAACyC,GAAG;MACb0E,OAAO,EAAEnH,IAAI,CAACmH,OAAO;MACrBC,OAAO,EAAEpH,IAAI,CAACoH,OAAO;MACrBpD,WAAW,EAAEhE,IAAI,CAACgE,WAAW;MAC7BE,QAAQ,EAAElE,IAAI,CAACkE,QAAQ;MACvBhD,MAAM,EAAElB,IAAI,CAACkB,MAAM;MACnBuC,MAAM,EAAEzD,IAAI,CAACyD,MAAM;MACnBgB,YAAY,EAAEzE,IAAI,CAACyE,YAAY;MAC/B5B,QAAQ,EAAE7C,IAAI,CAAC6C,QAAQ,CAACwE,GAAG,CAAE5F,OAAgB,KAAM;QACjDO,QAAQ,EAAEP,OAAO,CAACO,QAAQ;QAC1B/B,SAAS,EAAEwB,OAAO,CAACxB,SAAS;QAC5BmE,IAAI,EAAE3C,OAAO,CAAC2C,IAAI;QAClBlD,MAAM,EAAEO,OAAO,CAACP,MAAM;QACtB+B,OAAO,EAAExB,OAAO,CAACwB,OAAAA;AACnB,OAAC,CAAC,CAAA;KACH,CAAA;AACH,GAAA;AACF;;AChGA;AACA;AACA;;AAIe,MAAMqE,wBAAwB,CAE7C;EAGEjK,WAAWA,CAACuF,eAA4D,EAAE;IACxE,IAAI,CAACA,eAAe,GAAG;AACrB,MAAA,GAAGA,eAAe;AAClB7H,MAAAA,KAAK,EAAE,sBAAA;KACR,CAAA;AACH,GAAA;AAEA6I,EAAAA,WAAW,GAAG,QAAQ,CAAA;EAEtBV,UAAUA,CAAC3E,MAAc,EAAgB;AACvC,IAAA,OAAOgJ,KAAK,CACT,CAAA,2DAAA,EAA6DhJ,MAAM,CAACE,WAAY,EACnF,CAAC,CAACwD,IAAI,CAAErG,QAAQ,IAAKA,QAAQ,CAAC4L,IAAI,EAAE,CAAC,CAAA;AACvC,GAAA;EAEArE,KAAKA,CAACF,OAAY,EAAO;IACvB,OAAOA,OAAO,CAACwE,EAAE,CAAA;AACnB,GAAA;EAEApD,cAAcA,CAACpB,OAAY,EAA6B;IACtD,OAAOA,OAAO,CAACuB,KAAK,CAAA;AACtB,GAAA;EAEAd,SAASA,CAACT,OAAY,EAAY;IAChC,MAAMQ,MAAgB,GAAG,EAAE,CAAA;IAE3B,IAAIR,OAAO,CAACuB,KAAK,EAAE;AACjBf,MAAAA,MAAM,CAACF,IAAI,CAACN,OAAO,CAACuB,KAAK,CAAC,CAAA;AAC5B,KAAA;AAEA,IAAA,OAAOf,MAAM,CAAA;AACf,GAAA;EAEAQ,cAAcA,CAAChB,OAAY,EAA6B;IACtD,OAAOA,OAAO,CAACmB,IAAI,CAAA;AACrB,GAAA;EAEAD,WAAWA,CAAClB,OAAY,EAAY;IAClC,OAAO;MACLyE,SAAS,EAAEzE,OAAO,CAAC0E,UAAU;MAC7BC,UAAU,EAAE3E,OAAO,CAAC4E,WAAAA;KACrB,CAAA;AACH,GAAA;EAEAC,eAAeA,CAACnF,QAAgB,EAAY;AAC1C,IAAA,OAAO,IAAI,CAACxC,QAAQ,CAACiD,SAAS,EAAET,QAAQ,CAAC,CAAA;AAC3C,GAAA;AAEAxC,EAAAA,QAAQA,CAAC4H,QAA8B,EAAEpF,QAAgB,EAAY;AACnE,IAAA,OAAO,CAACoF,QAAQ,GACZpF,QAAQ,CAACiC,KAAK,CAAC,GAAG,CAAC,GACnB,CAAC,GAAGmD,QAAQ,EAAE,GAAGpF,QAAQ,CAACiC,KAAK,CAAC,GAAG,CAAC,CAAC,CAACoD,MAAM,CAC1C,CAACC,IAAI,EAAEC,CAAC,EAAEC,EAAE,KAAKA,EAAE,CAACnB,OAAO,CAACiB,IAAI,CAAC,KAAKC,CACxC,CAAC,CAAA;AACP,GAAA;AACF;;AClEA;AACA;;AAIA;;AAEe,MAAME,uBAAuB,CAE5C;EAGE/K,WAAWA,CAACuF,eAA4D,EAAE;IACxE,IAAI,CAACA,eAAe,GAAG;AACrB,MAAA,GAAGA,eAAe;AAClB7H,MAAAA,KAAK,EAAE,+CAAA;KACR,CAAA;AACH,GAAA;AAEA6I,EAAAA,WAAW,GAAG,QAAQ,CAAA;EAEtBV,UAAUA,CAAC3E,MAAc,EAAgB;AACvC,IAAA,OAAOgJ,KAAK,CACT,CAAA,2CAAA,EAA6ChJ,MAAM,CAACE,WAAY,EACnE,CAAC,CAACwD,IAAI,CAAErG,QAAQ,IAAKA,QAAQ,CAAC4L,IAAI,EAAE,CAAC,CAAA;AACvC,GAAA;EAEArE,KAAKA,CAACF,OAAY,EAAiB;AACjC,IAAA,IAAI,CAACA,OAAO,EAAEoF,IAAI,EAAEZ,EAAE,IAAI,CAACxE,OAAO,CAACjD,IAAI,EAAEyH,EAAE,EAAE;AAC3C,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;AACA,IAAA,OAAQ,CAAOxE,KAAAA,EAAAA,OAAO,CAACoF,IAAI,CAACZ,EAAa,CACvCxE,MAAAA,EAAAA,OAAO,CAACjD,IAAI,CAACyH,EACd,CAAC,CAAA,CAAA;AACJ,GAAA;EAEApD,cAAcA,CAACpB,OAAY,EAA6B;AACtD,IAAA,OAAOA,OAAO,CAACjD,IAAI,CAACwE,KAAK,CAAA;AAC3B,GAAA;EAEAd,SAASA,CAACT,OAAY,EAAY;AAChC,IAAA,OAAOA,OAAO,CAACjD,IAAI,CAACwE,KAAK,GAAG,CAACvB,OAAO,CAACjD,IAAI,CAACwE,KAAK,CAAC,GAAG,EAAE,CAAA;AACvD,GAAA;EAEAP,cAAcA,CAAChB,OAAY,EAA6B;AACtD,IAAA,OAAOA,OAAO,CAACjD,IAAI,CAACoE,IAAI,CAAA;AAC1B,GAAA;AAEAD,EAAAA,WAAWA,GAAgC;AACzC,IAAA,OAAO,IAAI,CAAA;AACb,GAAA;EAEA2D,eAAeA,CAACnF,QAAgB,EAAY;AAC1C,IAAA,OAAO,IAAI,CAACxC,QAAQ,CAACiD,SAAS,EAAET,QAAQ,CAAC,CAAA;AAC3C,GAAA;AAEAxC,EAAAA,QAAQA,CAAC4H,QAA8B,EAAEpF,QAAgB,EAAY;AACnE,IAAA,OAAO,CAACoF,QAAQ,GACZpF,QAAQ,CAACiC,KAAK,CAAC,GAAG,CAAC,GACnB,CAAC,GAAGmD,QAAQ,EAAE,GAAGpF,QAAQ,CAACiC,KAAK,CAAC,GAAG,CAAC,CAAC,CAACoD,MAAM,CAC1C,CAACC,IAAI,EAAEC,CAAC,EAAEC,EAAE,KAAKA,EAAE,CAACnB,OAAO,CAACiB,IAAI,CAAC,KAAKC,CACxC,CAAC,CAAA;AACP,GAAA;AACF;;ACxDA,MAAMjL,QAAM,GAAG,IAAIC,MAAM,CAAC,UAAU,CAAC,CAAA;AAE9B,MAAMoL,YAAY,GAAGA,CAC1BC,GAAoB,EACpB7N,YAAkC,EAElC8N,EAAO,EACP3C,WAAoB,KACX;EACT,MAAM4C,gBAAgB,GAAGxC,sBAAsB,CAC7CsC,GAAG,CAACjL,MAAM,CAACuC,GAAG,CAAsB,gBAAgB,CAAC,CAACA,GAAG,CAAC,WAAW,CAAC,EACtEnF,YAAY,EACZuC,QACF,CAAC,CAAA;AAED,EAAA,MAAMyL,KAAK,GAAG,IAAIC,GAAG,EAAE,CAAA;EACvBH,EAAE,CAACE,KAAK,GAAGA,KAAK,CAAA;AAEhBF,EAAAA,EAAE,CAACI,GAAG,CAAC,OAAOC,MAAW,EAAEC,IAAS,KAAK;AACvC,IAAA,MAAMC,aAAa,GAAGF,MAAM,CAAC/I,OAAO,CAAA;AACpC;AACA,IAAA,MAAMtB,KAAK,GAAGyG,mBAAmB,CAAC8D,aAAa,CAAC,CAAA;AAEhD,IAAA,IAAI,CAACvK,KAAK,EAAE,OAAOsK,IAAI,EAAE,CAAA;AAEzB,IAAA,MAAM,CAAC9C,cAAc,EAAEvK,YAAY,CAAC,GAAG,MAAMgN,gBAAgB;AAC3D;IACA5C,WAAW,IAAIkD,aAAa,CAAC5D,OAAO,CAAC,YAAY,CAAC,EAClD3G,KACF,CAAC,CAAA;IAED,IAAI,CAACwH,cAAc,IAAI,CAACvK,YAAY,EAAE,OAAOqN,IAAI,EAAE,CAAA;IAEnDD,MAAM,CAAC7I,IAAI,GAAGvE,YAAY,CAAA;IAC1BiN,KAAK,CAACrI,GAAG,CAACwI,MAAM,CAACG,MAAM,CAACvB,EAAE,EAAEhM,YAAY,CAAC,CAAA;AAEzCoN,IAAAA,MAAM,CAACI,EAAE,CAAC,cAAc,EAAE,MAAMP,KAAK,CAACQ,MAAM,CAACL,MAAM,CAACG,MAAM,CAACvB,EAAE,CAAC,CAAC,CAAA;IAE/D,MAAMqB,IAAI,EAAE,CAAA;AACd,GAAC,CAAC,CAAA;AACJ;;ACvCA,MAAM7L,QAAM,GAAG,IAAIC,MAAM,CAAC,UAAU,CAAC,CAAA;AAErC,MAAMiM,eAAe,GACnBjE,GAA2D,IACpC;EACvB,IAAIA,GAAG,CAAC9E,OAAO,EAAE,OAAO8E,GAAG,CAAC9E,OAAO,CAAC2E,iBAAiB,CAAC,CAAA;EACtD,OAAOE,mBAAmB,CAACC,GAAG,CAAC,CAAA;AACjC,CAAC,CAAA;;AAED;AACA;AACA;AACA;MACakE,uBAAuB,GAAGA,CACrC9L,MAAkB,EAClB5C,YAAkC,KAC1B;AACR,EAAA,MAAM+N,gBAAgB,GAAGxC,sBAAsB,CAC7C3I,MAAM,CAACuC,GAAG,CAAsB,gBAAgB,CAAC,CAACA,GAAG,CAAC,WAAW,CAAC,EAClEnF,YAAY,EACZuC,QACF,CAAC,CAAA;AAED,EAAA,OAAO,OAAO;IAAEiI,GAAG;AAAEmE,IAAAA,UAAAA;AAA0C,GAAC,KAAK;IACnE,IAAIA,UAAU,EAAE5N,YAAY,EAAE;MAC5B,OAAO;QAAEuE,IAAI,EAAEqJ,UAAU,CAAC5N,YAAAA;OAAc,CAAA;AAC1C,KAAA;AAEA,IAAA,IAAI,CAACyJ,GAAG,EAAE,OAAO,IAAI,CAAA;;AAErB;AACA,IAAA,MAAM1G,KAAK,GAAG2K,eAAe,CAACjE,GAAG,CAAC,CAAA;IAElC,IAAI,CAAC1G,KAAK,EAAE,OAAO;AAAEwB,MAAAA,IAAI,EAAEoD,SAAAA;KAAW,CAAA;AAEtC,IAAA,MAAM,GAAG3H,YAAY,CAAC,GAAG,MAAMgN,gBAAgB;AAC7C;AACAvD,IAAAA,GAAG,CAACC,OAAO,CAAC,YAAY,CAAC,EACzB3G,KACF,CAAC,CAAA;IAED,OAAO;AAAEwB,MAAAA,IAAI,EAAEvE,YAAAA;KAAc,CAAA;GAC9B,CAAA;AACH;;ACnDA;;AAgEA,MAAMwB,MAAM,GAAG,IAAIC,MAAM,CAAC,UAAU,CAAC,CAAA;AAErC,MAAMoM,eAAoB,GAAG3M,SAAS,CAAC8I,YAAY,CAAC8D,IAAI,CAAC,CAAA;AAM1C,SAASC,IAAIA,CAI1B;EACA5O,aAAa;EACbF,YAAY;EACZ6C,UAAU;EACV1C,eAAe;EACf0H,iBAAiB;EACjBzH,SAAS;AACT+K,EAAAA,WAAAA;AASF,CAAC,EAAE;AACD;AACA,EAAA,OAAQ0C,GAAoB,IAAK;IAC/B,MAAM/K,mBAAmB,GAAG,IAAI8E,mBAAmB,CACjD5H,YAAY,EACZ6H,iBACF,CAAC,CAAA;AAED,IAAA,MAAM5H,qBAAqB,GAAG,IAAIwC,qBAAqB,CACrDoL,GAAG,CAACjL,MAAM,EACVC,UAAU,EACVC,mBACF,CAAC,CAAA;IAED,MAAMlB,UAAU,GAAG7B,oBAAoB,CAAC;MACtCC,YAAY;MACZC,qBAAqB;MACrBC,aAAa;MACbC,eAAe;AACfC,MAAAA,SAAAA;AACF,KAAC,CAAC,CAAA;IAEFyN,GAAG,CAACkB,OAAO,CAACtN,WAAW,GAAG,gBAExB6J,cAAgE,EAChEvK,YAAuD,EACxC;AACfwB,MAAAA,MAAM,CAACS,KAAK,CAAC,aAAa,EAAE;AAAEjC,QAAAA,YAAAA;AAAa,OAAC,CAAC,CAAA;MAC7C,IAAI,CAACuK,cAAc,EAAE;AACnB,QAAA,MAAM,IAAI7K,KAAK,CAAC,+BAA+B,CAAC,CAAA;AAClD,OAAA;AAEA,MAAA,IAAI,CAACK,KAAK,CAACwK,cAAc,GAAGA,cAAc,CAAA;AAC1C,MAAA,IAAI,CAACxK,KAAK,CAACC,YAAY,GAAGA,YAAY,CAAA;AAEtC,MAAA,MAAM+C,KAAK,GAAG,MAAM8K,eAAe,CACjC;QAAEtD,cAAc;AAAE0D,QAAAA,IAAI,EAAEvK,IAAI,CAAC0C,GAAG,EAAC;AAAE,OAAC,EACpC,IAAI,CAACvE,MAAM,CACRuC,GAAG,CAAuB,gBAAgB,CAAC,CAC3CA,GAAG,CAAC,WAAW,CAAC,EACnB;AACE8J,QAAAA,SAAS,EAAE,OAAO;QAClB5D,QAAQ,EAAEF,WAAW,IAAI,IAAI,CAAC/F,OAAO,CAACqF,OAAO,CAAC,YAAY,CAAC;AAC3DpG,QAAAA,SAAS,EAAE,SAAA;AACb,OACF,CAAC,CAAA;AAQD;MACA,IAAI,CAACqB,OAAO,CAACC,GAAG,CAAC0E,iBAAiB,EAAEvG,KAAK,EAAE;AACzCkC,QAAAA,QAAQ,EAAE,IAAI;AACdC,QAAAA,MAAM,EAAE,IAAI,CAACrD,MAAM,CAACuC,GAAG,CAAC,YAAY,CAAA;AACtC,OAAC,CAAC,CAAA;MAEF,IAAI,CAACO,OAAO,CAACC,GAAG,CACd2E,iBAAiB,EACjB1E,IAAI,CAACC,SAAS,CAAC;QAAEyF,cAAc;QAAEjH,SAAS,EAAE,CAdtB,MAAc;AACpC,UAAA,MAAM6K,IAAI,GAAG,IAAIzK,IAAI,EAAE,CAAA;UACvByK,IAAI,CAACC,OAAO,CAACD,IAAI,CAACE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAA;AACjC,UAAA,OAAOF,IAAI,CAACvK,OAAO,EAAE,CAAA;AACvB,SAAC,GAU6D;AAAE,OAAC,CAAC,EAChE;AACEqB,QAAAA,QAAQ,EAAE,KAAK;AACfC,QAAAA,MAAM,EAAE,IAAI,CAACrD,MAAM,CAACuC,GAAG,CAAC,YAAY,CAAA;AACtC,OACF,CAAC,CAAA;KACF,CAAA;AAED0I,IAAAA,GAAG,CAACkB,OAAO,CAACrN,MAAM,GAAG,YAA+B;AAClD,MAAA,OAAO,IAAI,CAACZ,KAAK,CAACwK,cAAc,CAAA;AAChC,MAAA,OAAO,IAAI,CAACxK,KAAK,CAACC,YAAY,CAAA;MAC9B,IAAI,CAAC2E,OAAO,CAACC,GAAG,CAAC0E,iBAAiB,EAAE,EAAE,EAAE;AAAEzD,QAAAA,OAAO,EAAE,IAAInC,IAAI,CAAC,CAAC,CAAA;AAAE,OAAC,CAAC,CAAA;MACjE,IAAI,CAACiB,OAAO,CAACC,GAAG,CAAC2E,iBAAiB,EAAE,EAAE,EAAE;AAAE1D,QAAAA,OAAO,EAAE,IAAInC,IAAI,CAAC,CAAC,CAAA;AAAE,OAAC,CAAC,CAAA;KAClE,CAAA;IAED,MAAMsJ,gBAAgB,GAAGxC,sBAAsB,CAC7CsC,GAAG,CAACjL,MAAM,CACPuC,GAAG,CAAuB,gBAAgB,CAAC,CAC3CA,GAAG,CAAC,WAAW,CAAC,EACnBnF,YAAY,EACZuC,MACF,CAAC,CAAA;IAED,OAAO;AACL8M,MAAAA,MAAM,EAAE1N,YAAY,CAACC,UAAU,CAAC;MAChC0N,2BAA2B,EACzB9E,GAAoB,IACoB;AACxC,QAAA,MAAM1G,KAAK,GAAGyG,mBAAmB,CAACC,GAAG,CAAC,CAAA;AACtC,QAAA,OAAOuD,gBAAgB,CACrB5C,WAAW,IAAIX,GAAG,CAACC,OAAO,CAAC,YAAY,CAAC,EACxC3G,KACF,CAAC,CAAA;OACF;MACDiK,gBAAgB;AAChBwB,MAAAA,UAAU,EAAE,OACVjP,GAAY,EACZ8N,IAA0B,KACX;QACf,MAAMtK,KAAK,GAAGxD,GAAG,CAACoF,OAAO,CAACP,GAAG,CAACkF,iBAAiB,CAAC,CAAA;QAChD,MAAMmF,SAAS,GAAGlP,GAAG,CAAC8E,OAAO,CAACqF,OAAO,CAAC,YAAY,CAAC,CAAA;AACnDlI,QAAAA,MAAM,CAACS,KAAK,CAAC,YAAY,EAAE;AAAEc,UAAAA,KAAAA;AAAM,SAAC,CAAC,CAAA;AAErC,QAAA,MAAM2L,QAAQ,GAAGA,CACfnE,cAA2C,EAC3CvK,YAAkC,KACzB;AACTT,UAAAA,GAAG,CAACQ,KAAK,CAACwK,cAAc,GAAGA,cAAc,CAAA;AACzChL,UAAAA,GAAG,CAACQ,KAAK,CAACwE,IAAI,GAAGvE,YAAY,CAAA;AAC7BT,UAAAA,GAAG,CAACoP,cAAc,CAACpE,cAAc,GAAGA,cAAc,CAAA;AAClDhL,UAAAA,GAAG,CAACoP,cAAc,CAAC3O,YAAY,GAC7BA,YAAY,IAAIf,YAAY,CAAC+L,QAAQ,CAAChL,YAAY,CAAC,CAAA;SACtD,CAAA;AAED,QAAA,MAAM,CAACuK,cAAc,EAAEvK,YAAY,CAAC,GAAG,MAAMgN,gBAAgB,CAC3D5C,WAAW,IAAIqE,SAAS,EACxB1L,KACF,CAAC,CAAA;AACDvB,QAAAA,MAAM,CAACS,KAAK,CAAC,YAAY,EAAE;AAAEsI,UAAAA,cAAAA;AAAe,SAAC,CAAC,CAAA;AAE9C,QAAA,IAAIA,cAAc,IAAI,IAAI,IAAIvK,YAAY,IAAI,IAAI,EAAE;AAClD,UAAA,IAAI+C,KAAK,EAAE;YACTxD,GAAG,CAACoF,OAAO,CAACC,GAAG,CAAC0E,iBAAiB,EAAE,EAAE,EAAE;AAAEzD,cAAAA,OAAO,EAAE,IAAInC,IAAI,CAAC,CAAC,CAAA;AAAE,aAAC,CAAC,CAAA;YAChEnE,GAAG,CAACoF,OAAO,CAACC,GAAG,CAAC2E,iBAAiB,EAAE,EAAE,EAAE;AAAE1D,cAAAA,OAAO,EAAE,IAAInC,IAAI,CAAC,CAAC,CAAA;AAAE,aAAC,CAAC,CAAA;AAClE,WAAA;AACAgL,UAAAA,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;UACpB,OAAOrB,IAAI,EAAE,CAAA;AACf,SAAA;AAEAqB,QAAAA,QAAQ,CAACnE,cAAc,EAAEvK,YAAY,CAAC,CAAA;QACtC,OAAOqN,IAAI,EAAE,CAAA;AACf,OAAA;KACD,CAAA;GACF,CAAA;AACH;;;;"}
1
+ {"version":3,"file":"index-node18.mjs","sources":["../src/createAuthController.ts","../src/createRoutes.ts","../src/utils/generators.ts","../src/services/authentification/AuthenticationService.ts","../src/services/user/UserAccountsService.ts","../src/utils/cookies.ts","../src/utils/createFindLoggedInUser.ts","../src/MongoUsersManager.ts","../src/services/user/UserAccountGoogleService.ts","../src/services/user/UserAccountSlackService.ts","../src/authSocketIO.ts","../src/authApolloContext.ts","../src/index.ts"],"sourcesContent":["import type { AlpRouteRef, Context } from 'alp-node';\nimport type MongoUsersManager from './MongoUsersManager';\nimport type {\n AuthenticationService,\n AccessResponseHooks,\n} from './services/authentification/AuthenticationService';\nimport type {\n AllowedStrategyKeys,\n AllowedMapParamsStrategy,\n} from './services/authentification/types';\nimport type { User, UserSanitized } from './types';\n\nexport interface CreateAuthControllerParams<\n StrategyKeys extends AllowedStrategyKeys,\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n> {\n authenticationService: AuthenticationService<StrategyKeys, U, UserSanitized>;\n homeRouterKey?: string;\n usersManager: MongoUsersManager<U, USanitized>;\n defaultStrategy?: StrategyKeys;\n authHooks?: AuthHooks<StrategyKeys>;\n}\n\nexport interface AuthController {\n login: AlpRouteRef;\n addScope: AlpRouteRef;\n response: AlpRouteRef;\n logout: AlpRouteRef;\n}\n\ntype OptionalRecord<K extends keyof any, T> = { [P in K]?: T };\n\nexport interface AuthHooks<StrategyKeys extends AllowedStrategyKeys>\n extends AccessResponseHooks<StrategyKeys> {\n paramsForLogin?: <StrategyKey extends StrategyKeys>(\n strategy: StrategyKey,\n ctx: Context,\n ) =>\n | OptionalRecord<AllowedMapParamsStrategy[StrategyKey], any>\n | Promise<OptionalRecord<AllowedMapParamsStrategy[StrategyKey], any>>\n | Promise<void>\n // eslint-disable-next-line @typescript-eslint/no-invalid-void-type\n | void;\n}\n\nexport function createAuthController<\n StrategyKeys extends AllowedStrategyKeys,\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n>({\n usersManager,\n authenticationService,\n homeRouterKey = '/',\n defaultStrategy,\n authHooks = {},\n}: CreateAuthControllerParams<StrategyKeys, U, USanitized>): AuthController {\n return {\n async login(ctx: Context): Promise<void> {\n const strategy: StrategyKeys = (ctx.namedParam('strategy') ||\n defaultStrategy) as StrategyKeys;\n if (!strategy) throw new Error('Strategy missing');\n const params =\n (authHooks.paramsForLogin &&\n (await authHooks.paramsForLogin(strategy, ctx))) ||\n {};\n await authenticationService.redirectAuthUrl(ctx, strategy, {}, params);\n },\n\n /**\n * Add scope in existing\n * The user must already be connected\n */\n async addScope(ctx: Context): Promise<void> {\n if (!ctx.state.loggedInUser) {\n ctx.redirectTo(homeRouterKey);\n return;\n }\n\n const strategy: StrategyKeys = (ctx.namedParam('strategy') ||\n defaultStrategy) as StrategyKeys;\n if (!strategy) throw new Error('Strategy missing');\n const scopeKey = ctx.namedParam('scopeKey');\n if (!scopeKey) throw new Error('Scope missing');\n await authenticationService.redirectAuthUrl(ctx, strategy, { scopeKey });\n },\n\n async response(ctx: Context): Promise<void> {\n const strategy: StrategyKeys = ctx.namedParam('strategy') as StrategyKeys;\n ctx.assert(strategy);\n\n const loggedInUser = await authenticationService.accessResponse(\n ctx,\n strategy,\n !!ctx.state.loggedInUser,\n {\n afterLoginSuccess: authHooks.afterLoginSuccess,\n afterScopeUpdate: authHooks.afterScopeUpdate,\n },\n );\n const keyPath = usersManager.store.keyPath;\n await ctx.setLoggedIn(loggedInUser[keyPath], loggedInUser);\n ctx.redirectTo(homeRouterKey);\n },\n\n async logout(ctx: Context): Promise<void> {\n ctx.logout();\n ctx.redirectTo(homeRouterKey);\n },\n };\n}\n","import type { AuthController } from './createAuthController';\n\nexport interface AuthRoutes {\n login: [string, (segment: any) => void];\n addScope: [string, AuthController['addScope']];\n logout: [string, AuthController['logout']];\n}\n\nexport const createRoutes = (controller: AuthController): AuthRoutes => ({\n login: [\n '/login/:strategy?',\n (segment: any) => {\n segment.add('/response', controller.response, 'authResponse');\n segment.defaultRoute(controller.login, 'login');\n },\n ],\n addScope: ['/add-scope/:strategy/:scopeKey', controller.addScope],\n logout: ['/logout', controller.logout],\n});\n","import { randomBytes } from 'node:crypto';\nimport { promisify } from 'node:util';\n\nconst randomBytesPromisified = promisify(randomBytes);\n\nexport async function randomBase64(size: number): Promise<string> {\n const buffer = await randomBytesPromisified(size);\n return buffer.toString('base64');\n}\n\nexport async function randomHex(size: number): Promise<string> {\n const buffer = await randomBytesPromisified(size);\n return buffer.toString('hex');\n}\n","/* eslint-disable @typescript-eslint/no-unsafe-argument */\n/* eslint-disable @typescript-eslint/explicit-module-boundary-types */\n/* eslint-disable @typescript-eslint/no-unsafe-assignment */\n/* eslint-disable camelcase, max-lines */\nimport { EventEmitter } from 'node:events';\nimport type { Context, NodeConfig } from 'alp-node';\nimport { Logger } from 'nightingale-logger';\nimport type { Strategy as Oauth2Strategy } from '../../../strategies/strategies.d';\nimport type { AccountId, User, Account, UserSanitized } from '../../types';\nimport { randomHex } from '../../utils/generators';\nimport type UserAccountsService from '../user/UserAccountsService';\nimport type { AllowedStrategyKeys, Tokens } from './types';\n\nconst logger = new Logger('alp:auth:authentication');\n\nexport interface GenerateAuthUrlOptions {\n accessType?: string;\n grantType?: string;\n includeGrantedScopes?: boolean;\n loginHint?: string;\n prompt?: string;\n redirectUri?: string;\n scope?: string;\n state?: string;\n}\n\nexport interface GetTokensOptions {\n code: string;\n redirectUri: string;\n}\n\nexport type Strategies<StrategyKeys extends AllowedStrategyKeys> = Record<\n StrategyKeys,\n Oauth2Strategy<any>\n>;\n\nexport interface AccessResponseHooks<StrategyKeys, U extends User = User> {\n afterLoginSuccess?: <StrategyKey extends StrategyKeys>(\n strategy: StrategyKey,\n loggedInUser: U,\n ) => Promise<void> | void;\n\n afterScopeUpdate?: <StrategyKey extends StrategyKeys>(\n strategy: StrategyKey,\n scopeKey: string,\n account: Account,\n user: U,\n ) => Promise<void> | void;\n}\n\nexport class AuthenticationService<\n StrategyKeys extends AllowedStrategyKeys,\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n // eslint-disable-next-line unicorn/prefer-event-target\n> extends EventEmitter {\n config: NodeConfig;\n\n strategies: Strategies<StrategyKeys>;\n\n userAccountsService: UserAccountsService<StrategyKeys, U, USanitized>;\n\n constructor(\n config: NodeConfig,\n strategies: Strategies<StrategyKeys>,\n userAccountsService: UserAccountsService<StrategyKeys, U, USanitized>,\n ) {\n super();\n this.config = config;\n this.strategies = strategies;\n this.userAccountsService = userAccountsService;\n }\n\n generateAuthUrl<T extends StrategyKeys>(strategy: T, params: any): string {\n logger.debug('generateAuthUrl', { strategy, params });\n const strategyInstance = this.strategies[strategy];\n switch (strategyInstance.type) {\n case 'oauth2':\n return strategyInstance.oauth2.authorizationCode.authorizeURL(params);\n default:\n throw new Error('Invalid strategy');\n }\n }\n\n async getTokens(\n strategy: StrategyKeys,\n options: GetTokensOptions,\n ): Promise<Tokens> {\n logger.debug('getTokens', { strategy, options });\n const strategyInstance = this.strategies[strategy];\n switch (strategyInstance.type) {\n case 'oauth2': {\n const result = await strategyInstance.oauth2.authorizationCode.getToken(\n {\n code: options.code,\n redirect_uri: options.redirectUri,\n },\n );\n if (!result) return result;\n const tokens = result.token;\n\n return {\n accessToken: tokens.access_token as string,\n refreshToken: tokens.refresh_token as string,\n tokenType: tokens.token_type as string,\n expiresIn: tokens.expires_in as number,\n expireDate: (() => {\n if (tokens.expires_in == null) return null;\n const d = new Date();\n d.setTime(d.getTime() + (tokens.expires_in as number) * 1000);\n return d;\n })(),\n idToken: tokens.id_token as string,\n };\n // return strategyInstance.accessToken.create(result);\n }\n\n default:\n throw new Error('Invalid stategy');\n }\n }\n\n async refreshToken(\n strategy: StrategyKeys,\n tokensParam: { refreshToken: string },\n ): Promise<Tokens> {\n logger.debug('refreshToken', { strategy });\n if (!tokensParam.refreshToken) {\n throw new Error('Missing refresh token');\n }\n const strategyInstance = this.strategies[strategy];\n switch (strategyInstance.type) {\n case 'oauth2': {\n const token = strategyInstance.oauth2.clientCredentials.createToken({\n refresh_token: tokensParam.refreshToken,\n });\n const result = await token.refresh();\n const tokens = result.token;\n return {\n accessToken: tokens.access_token as string,\n tokenType: tokens.token_type as string,\n expiresIn: tokens.expires_in as number,\n expireDate: (() => {\n if (tokens.expires_in == null) return null;\n const d = new Date();\n d.setTime(d.getTime() + (tokens.expires_in as number) * 1000);\n return d;\n })(),\n idToken: tokens.id_token as string,\n };\n }\n\n default:\n throw new Error('Invalid stategy');\n }\n }\n\n redirectUri(ctx: Context, strategy: string): string {\n const host = `http${this.config.get('allowHttps') ? 's' : ''}://${\n ctx.request.host\n }`;\n return `${host}${ctx.urlGenerator('authResponse', {\n strategy,\n })}`;\n }\n\n async redirectAuthUrl(\n ctx: Context,\n strategy: StrategyKeys,\n {\n refreshToken,\n scopeKey,\n user,\n accountId,\n }: {\n refreshToken?: string | undefined;\n scopeKey?: string | undefined;\n user?: U;\n accountId?: AccountId;\n },\n params?: any,\n ): Promise<void> {\n logger.debug('redirectAuthUrl', { strategy, scopeKey, refreshToken });\n const state = await randomHex(8);\n const isLoginAccess = !scopeKey || scopeKey === 'login';\n const scope = this.userAccountsService.getScope(\n strategy,\n scopeKey || 'login',\n user,\n accountId,\n );\n\n if (!scope) {\n throw new Error('Invalid empty scope');\n }\n\n ctx.cookies.set(\n `auth_${strategy}_${state}`,\n JSON.stringify({\n scopeKey,\n scope,\n isLoginAccess,\n }),\n {\n maxAge: 10 * 60 * 1000,\n httpOnly: true,\n secure: this.config.get('allowHttps'),\n },\n );\n const redirectUri = this.generateAuthUrl(strategy, {\n redirect_uri: this.redirectUri(ctx, strategy),\n scope,\n state,\n access_type: refreshToken ? 'offline' : 'online',\n ...params,\n });\n\n ctx.redirect(redirectUri);\n }\n\n async accessResponse<StrategyKey extends StrategyKeys>(\n ctx: Context,\n strategy: StrategyKey,\n isLoggedIn: boolean,\n hooks: AccessResponseHooks<StrategyKeys, U>,\n ): Promise<U> {\n const errorParam = ctx.params.queryParam('error').notEmpty();\n if (errorParam.isValid()) {\n ctx.throw(errorParam.value, 403);\n }\n\n const code = ctx.validParams.queryParam('code').notEmpty().value;\n const state = ctx.validParams.queryParam('state').notEmpty().value;\n\n const cookieName = `auth_${strategy}_${state}`;\n const cookie = ctx.cookies.get(cookieName);\n ctx.cookies.set(cookieName, '', { expires: new Date(1) });\n if (!cookie) {\n throw new Error('No cookie for this state');\n }\n\n const parsedCookie = JSON.parse(cookie);\n if (!parsedCookie?.scope) {\n throw new Error('Unexpected cookie value');\n }\n\n if (!parsedCookie.isLoginAccess) {\n if (!isLoggedIn) {\n throw new Error('You are not connected');\n }\n }\n\n const tokens: Tokens = await this.getTokens(strategy, {\n code,\n redirectUri: this.redirectUri(ctx, strategy),\n });\n\n if (parsedCookie.isLoginAccess) {\n const user = await this.userAccountsService.findOrCreateFromStrategy(\n strategy,\n tokens,\n parsedCookie.scope,\n parsedCookie.scopeKey,\n );\n\n if (hooks.afterLoginSuccess) {\n await hooks.afterLoginSuccess(strategy, user);\n }\n\n return user;\n }\n\n const loggedInUser = ctx.state.loggedInUser as U;\n const { account, user } = await this.userAccountsService.update(\n loggedInUser,\n strategy,\n tokens,\n parsedCookie.scope,\n parsedCookie.scopeKey,\n );\n\n if (hooks.afterScopeUpdate) {\n await hooks.afterScopeUpdate(\n strategy,\n parsedCookie.scopeKey,\n account,\n user,\n );\n }\n\n return loggedInUser;\n }\n\n refreshAccountTokens(user: U, account: Account): Promise<boolean> {\n if (\n account.tokenExpireDate &&\n account.tokenExpireDate.getTime() > Date.now()\n ) {\n return Promise.resolve(false);\n }\n return this.refreshToken(account.provider as StrategyKeys, {\n // accessToken: account.accessToken,\n refreshToken: account.refreshToken!,\n }).then((tokens: Tokens) => {\n if (!tokens) {\n // serviceGoogle.updateFields({ accessToken:null, refreshToken:null, status: .OUTDATED });\n return false;\n }\n account.accessToken = tokens.accessToken;\n account.tokenExpireDate = tokens.expireDate;\n return this.userAccountsService\n .updateAccount(user, account)\n .then(() => true);\n });\n }\n}\n","/* eslint-disable @typescript-eslint/no-shadow */\nimport { EventEmitter } from 'node:events';\nimport { Logger } from 'nightingale-logger';\nimport type MongoUsersManager from '../../MongoUsersManager';\nimport type { AccountId, User, Account, UserSanitized } from '../../types';\nimport type { AllowedStrategyKeys } from '../authentification/types';\nimport type { AccountService, TokensObject } from './types';\n\nconst logger = new Logger('alp:auth:userAccounts');\n\nexport const STATUSES = {\n VALIDATED: 'validated',\n DELETED: 'deleted',\n};\n\nexport default class UserAccountsService<\n StrategyKeys extends AllowedStrategyKeys,\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n // eslint-disable-next-line unicorn/prefer-event-target\n> extends EventEmitter {\n private readonly strategyToService: Record<StrategyKeys, AccountService<any>>;\n\n usersManager: MongoUsersManager<U, USanitized>;\n\n constructor(\n usersManager: MongoUsersManager<U, USanitized>,\n strategyToService: Record<StrategyKeys, AccountService<any>>,\n ) {\n super();\n this.usersManager = usersManager;\n this.strategyToService = strategyToService;\n }\n\n getScope(\n strategy: StrategyKeys,\n scopeKey: string,\n user?: U,\n accountId?: AccountId,\n ): string {\n logger.debug('getScope', { strategy, userId: user?._id });\n const service = this.strategyToService[strategy];\n if (!service) {\n throw new Error('Strategy not supported');\n }\n\n const newScope = service.scopeKeyToScope[scopeKey];\n if (!user || !accountId) {\n return newScope;\n }\n const account = user.accounts.find(\n (account) =>\n account.provider === strategy && account.accountId === accountId,\n );\n\n if (!account) {\n throw new Error('Could not found associated account');\n }\n return service.getScope(account.scope, newScope).join(' ');\n }\n\n async update(\n user: U,\n strategy: StrategyKeys,\n tokens: TokensObject,\n scope: string,\n subservice: string,\n ): Promise<{ user: U; account: U['accounts'][number] }> {\n const service = this.strategyToService[strategy];\n const profile = await service.getProfile(tokens);\n const accountId = service.getId(profile);\n const account = user.accounts.find(\n (account) =>\n account.provider === strategy && account.accountId === accountId,\n );\n if (!account) {\n // TODO check if already exists in other user => merge\n // TODO else add a new account in this user\n throw new Error('Could not found associated account');\n }\n account.status = 'valid';\n account.accessToken = tokens.accessToken;\n if (tokens.refreshToken) {\n account.refreshToken = tokens.refreshToken;\n }\n if (tokens.expireDate !== undefined) {\n account.tokenExpireDate = tokens.expireDate;\n }\n account.scope = service.getScope(account.scope, scope);\n account.subservices = account.subservices || [];\n if (subservice && !account.subservices.includes(subservice)) {\n account.subservices.push(subservice);\n }\n\n await this.usersManager.replaceOne(user);\n return { user, account };\n }\n\n async findOrCreateFromStrategy(\n strategy: StrategyKeys,\n tokens: TokensObject,\n scope: string,\n subservice: string,\n ): Promise<U> {\n const service = this.strategyToService[strategy];\n if (!service) throw new Error('Strategy not supported');\n\n const profile = await service.getProfile(tokens);\n const accountId = service.getId(profile);\n if (!accountId) throw new Error('Invalid profile: no id found');\n\n const emails = service.getEmails(profile);\n\n let user: Partial<U> | undefined =\n await this.usersManager.findOneByAccountOrEmails({\n provider: service.providerKey,\n accountId,\n emails,\n });\n\n logger.info(!user ? 'create user' : 'existing user', {\n userId: user?._id,\n accountId,\n /*emails , user*/\n });\n\n if (!user) {\n user = {};\n }\n\n Object.assign(user, {\n displayName: service.getDisplayName(profile),\n fullName: service.getFullName(profile),\n status: STATUSES.VALIDATED,\n });\n\n if (!user.accounts) user.accounts = [];\n\n let account: Partial<Account> | undefined = user.accounts.find(\n (account: Account) =>\n account.provider === strategy && account.accountId === accountId,\n );\n\n if (!account) {\n account = { provider: strategy, accountId };\n // @ts-expect-error well...\n user.accounts.push(account);\n }\n\n account.name = service.getAccountName(profile);\n account.status = 'valid';\n account.profile = profile;\n account.accessToken = tokens.accessToken;\n if (tokens.refreshToken) {\n account.refreshToken = tokens.refreshToken;\n }\n if (tokens.expireDate !== undefined) {\n account.tokenExpireDate = tokens.expireDate;\n }\n account.scope = service.getScope(account.scope, scope);\n\n if (!account.subservices) account.subservices = [];\n if (subservice && !account.subservices.includes(subservice)) {\n account.subservices.push(subservice);\n }\n\n if (!user.emails) user.emails = [];\n const userEmails = user.emails;\n emails.forEach((email: string) => {\n if (!userEmails.includes(email)) {\n userEmails.push(email);\n }\n });\n\n user.emailDomains = [\n // eslint-disable-next-line unicorn/no-array-reduce\n ...user.emails.reduce(\n (domains: Set<string>, email: string) =>\n domains.add(email.split('@', 2)[1]),\n new Set<string>(),\n ),\n ];\n\n const keyPath = this.usersManager.store.keyPath;\n\n if (user[keyPath]) {\n await this.usersManager.replaceOne(user as U);\n } else {\n await this.usersManager.insertOne(user as U);\n }\n\n return user as U;\n }\n\n async updateAccount(user: U, account: Account): Promise<U> {\n await this.usersManager.updateAccount(user, account);\n return user;\n }\n}\n","import type { IncomingMessage } from 'node:http';\nimport type { Option } from 'cookies';\nimport Cookies from 'cookies';\n\nexport const COOKIE_NAME_TOKEN = 'loggedInUserToken';\nexport const COOKIE_NAME_STATE = 'loggedInUserState';\n\nexport const getTokenFromRequest = (\n req: IncomingMessage,\n options?: Pick<Option, Exclude<keyof Option, 'secure'>>,\n): string | undefined => {\n if (req.headers.authorization?.startsWith('Bearer ')) {\n return req.headers.authorization.slice('Bearer '.length);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n const cookies = new Cookies(req, null as unknown as any, {\n ...options,\n secure: true,\n });\n\n return cookies.get(COOKIE_NAME_TOKEN);\n};\n","import { promisify } from 'node:util';\nimport type {\n GetPublicKeyOrSecret,\n Secret,\n VerifyCallback,\n VerifyOptions,\n} from 'jsonwebtoken';\nimport jsonwebtoken from 'jsonwebtoken';\nimport type { Logger } from 'nightingale-logger';\nimport type MongoUsersManager from '../MongoUsersManager';\nimport type { User, UserSanitized } from '../types';\n\ntype Verify = (\n token: string,\n secretOrPublicKey: GetPublicKeyOrSecret | Secret,\n options?: VerifyOptions,\n callback?: VerifyCallback,\n) => void;\n\nconst verifyPromisified = promisify<\n Parameters<Verify>[0],\n Parameters<Verify>[1],\n Parameters<Verify>[2],\n Parameters<VerifyCallback>[1]\n>(jsonwebtoken.verify as Verify);\n\nconst createDecodeJWT =\n (secretKey: string) =>\n async (token: string, jwtAudience: string): Promise<string | undefined> => {\n const result = await verifyPromisified(token, secretKey, {\n algorithms: ['HS512'],\n audience: jwtAudience,\n });\n return (result as any)?.loggedInUserId as string | undefined;\n };\n\nexport type FindLoggedInUser<U extends User> = (\n jwtAudience?: string,\n token?: string,\n) => Promise<[U['_id'] | null | undefined, U | null | undefined]>;\n\nexport const createFindLoggedInUser = <\n U extends User,\n USanitized extends UserSanitized,\n>(\n secretKey: string,\n usersManager: MongoUsersManager<U, USanitized>,\n logger: Logger,\n): FindLoggedInUser<U> => {\n const decodeJwt = createDecodeJWT(secretKey);\n\n const findLoggedInUser: FindLoggedInUser<U> = async (jwtAudience, token) => {\n if (!token || !jwtAudience) return [null, null];\n\n let loggedInUserId;\n try {\n loggedInUserId = await decodeJwt(token, jwtAudience);\n } catch (error: unknown) {\n logger.debug('failed to verify authentification', { err: error });\n }\n\n if (loggedInUserId == null) return [null, null];\n\n const loggedInUser = await usersManager.findById(loggedInUserId);\n\n if (!loggedInUser) return [null, null];\n\n return [loggedInUserId, loggedInUser];\n };\n\n return findLoggedInUser;\n};\n","import type { MongoInsertType, MongoStore, Update } from 'liwi-mongo';\nimport type { User, Account, UserSanitized } from './types';\n\nexport default class MongoUsersManager<\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n> {\n store: MongoStore<U>;\n\n constructor(store: MongoStore<U>) {\n this.store = store;\n }\n\n /** @deprecated use findById instead */\n findConnected(connected: string): Promise<U | undefined> {\n return this.store.findByKey(connected);\n }\n\n findById(userId: string): Promise<U | undefined> {\n return this.store.findByKey(userId);\n }\n\n insertOne(user: MongoInsertType<U>): Promise<any> {\n return this.store.insertOne(user);\n }\n\n replaceOne(user: U): Promise<any> {\n return this.store.replaceOne(user);\n }\n\n sanitize(user: U): USanitized {\n return this.sanitizeBaseUser(user) as USanitized;\n }\n\n findOneByAccountOrEmails({\n accountId,\n emails,\n provider,\n }: {\n accountId: number | string;\n emails?: string[];\n provider: string;\n }): Promise<U | undefined> {\n let query: any = {\n 'accounts.provider': provider,\n 'accounts.accountId': accountId,\n };\n\n if (emails && emails.length > 0) {\n query = {\n $or: [\n query,\n {\n emails: { $in: emails },\n },\n ],\n };\n }\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n return this.store.findOne(query);\n }\n\n updateAccount(user: U, account: Account): Promise<U> {\n const accountIndex = user.accounts.indexOf(account);\n if (accountIndex === -1) {\n throw new Error('Invalid account');\n }\n\n return this.store.partialUpdateOne(user, {\n $set: {\n [`accounts.${accountIndex}`]: account,\n },\n } as Update<U>);\n }\n\n // eslint-disable-next-line @typescript-eslint/class-methods-use-this\n sanitizeBaseUser(user: U): UserSanitized {\n return {\n _id: user._id,\n created: user.created,\n updated: user.updated,\n displayName: user.displayName,\n fullName: user.fullName,\n status: user.status,\n emails: user.emails,\n emailDomains: user.emailDomains,\n accounts: user.accounts.map((account: Account) => ({\n provider: account.provider,\n accountId: account.accountId,\n name: account.name,\n status: account.status,\n profile: account.profile,\n })),\n };\n }\n}\n","/* eslint-disable @typescript-eslint/class-methods-use-this */\n/* eslint-disable @typescript-eslint/no-unsafe-argument */\n/* eslint-disable @typescript-eslint/explicit-module-boundary-types */\nimport type { Tokens } from '../authentification/types';\nimport type { AccountService, FullName } from './types';\n\nexport default class UserAccountGoogleService<ScopeKeys extends 'login'>\n implements AccountService<ScopeKeys>\n{\n scopeKeyToScope: Record<ScopeKeys, string>;\n\n constructor(scopeKeyToScope: Record<Exclude<'login', ScopeKeys>, string>) {\n this.scopeKeyToScope = {\n ...scopeKeyToScope,\n login: 'openid profile email',\n };\n }\n\n providerKey = 'google';\n\n getProfile(tokens: Tokens): Promise<any> {\n return fetch(\n `https://www.googleapis.com/oauth2/v1/userinfo?access_token=${tokens.accessToken}`,\n ).then((response) => response.json());\n }\n\n getId(profile: any): any {\n return profile.id;\n }\n\n getAccountName(profile: any): string | null | undefined {\n return profile.email;\n }\n\n getEmails(profile: any): string[] {\n const emails: string[] = [];\n\n if (profile.email) {\n emails.push(profile.email);\n }\n\n return emails;\n }\n\n getDisplayName(profile: any): string | null | undefined {\n return profile.name;\n }\n\n getFullName(profile: any): FullName {\n return {\n givenName: profile.given_name,\n familyName: profile.family_name,\n };\n }\n\n getDefaultScope(newScope: string): string[] {\n return this.getScope(undefined, newScope);\n }\n\n getScope(oldScope: string[] | undefined, newScope: string): string[] {\n return !oldScope\n ? newScope.split(' ')\n : [...oldScope, ...newScope.split(' ')].filter(\n (item, i, ar) => ar.indexOf(item) === i,\n );\n }\n}\n","/* eslint-disable @typescript-eslint/class-methods-use-this */\n/* eslint-disable @typescript-eslint/explicit-module-boundary-types */\nimport type { Tokens } from '../authentification/types';\nimport type { AccountService, FullName } from './types';\n\n// https://api.slack.com/methods/users.identity\n\nexport default class UserAccountSlackService<ScopeKeys extends 'login'>\n implements AccountService<ScopeKeys>\n{\n scopeKeyToScope: Record<ScopeKeys, string>;\n\n constructor(scopeKeyToScope: Record<Exclude<'login', ScopeKeys>, string>) {\n this.scopeKeyToScope = {\n ...scopeKeyToScope,\n login: 'identity.basic identity.email identity.avatar',\n };\n }\n\n providerKey = 'google';\n\n getProfile(tokens: Tokens): Promise<any> {\n return fetch(\n `https://slack.com/api/users.identity?token=${tokens.accessToken}`,\n ).then((response) => response.json());\n }\n\n getId(profile: any): string | null {\n if (!profile?.team?.id || !profile.user?.id) {\n return null;\n }\n return `team:${profile.team.id as string};user:${\n profile.user.id as string\n }`;\n }\n\n getAccountName(profile: any): string | null | undefined {\n return profile.user.email;\n }\n\n getEmails(profile: any): string[] {\n return profile.user.email ? [profile.user.email] : [];\n }\n\n getDisplayName(profile: any): string | null | undefined {\n return profile.user.name;\n }\n\n getFullName(profile: any): FullName | null {\n return null;\n }\n\n getDefaultScope(newScope: string): string[] {\n return this.getScope(undefined, newScope);\n }\n\n getScope(oldScope: string[] | undefined, newScope: string): string[] {\n return !oldScope\n ? newScope.split(' ')\n : [...oldScope, ...newScope.split(' ')].filter(\n (item, i, ar) => ar.indexOf(item) === i,\n );\n }\n}\n","import type { NodeApplication } from 'alp-node';\nimport { Logger } from 'nightingale-logger';\nimport type MongoUsersManager from './MongoUsersManager';\nimport type { User } from './types';\nimport { getTokenFromRequest } from './utils/cookies';\nimport { createFindLoggedInUser } from './utils/createFindLoggedInUser';\n\nconst logger = new Logger('alp:auth');\n\nexport const authSocketIO = <U extends User = User>(\n app: NodeApplication,\n usersManager: MongoUsersManager<U>,\n // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types\n io: any,\n jwtAudience?: string,\n): void => {\n const findLoggedInUser = createFindLoggedInUser(\n app.config.get<Map<string, string>>('authentication').get('secretKey')!,\n usersManager,\n logger,\n );\n\n const users = new Map();\n io.users = users;\n\n io.use(async (socket: any, next: any) => {\n const handshakeData = socket.request;\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n const token = getTokenFromRequest(handshakeData);\n\n if (!token) return next();\n\n const [loggedInUserId, loggedInUser] = await findLoggedInUser(\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n jwtAudience || handshakeData.headers['user-agent'],\n token,\n );\n\n if (!loggedInUserId || !loggedInUser) return next();\n\n socket.user = loggedInUser;\n users.set(socket.client.id, loggedInUser);\n\n socket.on('disconnected', () => users.delete(socket.client.id));\n\n await next();\n });\n};\n","import type { IncomingMessage } from 'node:http';\nimport type { NodeConfig } from 'alp-node';\nimport { Logger } from 'nightingale-logger';\nimport type MongoUsersManager from './MongoUsersManager';\nimport type { User } from './types';\nimport { getTokenFromRequest, COOKIE_NAME_TOKEN } from './utils/cookies';\nimport { createFindLoggedInUser } from './utils/createFindLoggedInUser';\n\nconst logger = new Logger('alp:auth');\n\nconst getTokenFromReq = (\n req: IncomingMessage & { cookies?: Record<string, string> },\n): string | undefined => {\n if (req.cookies) return req.cookies[COOKIE_NAME_TOKEN];\n return getTokenFromRequest(req);\n};\n\n/*\n * Not tested yet.\n * @internal\n */\nexport const createAuthApolloContext = <U extends User = User>(\n config: NodeConfig,\n usersManager: MongoUsersManager<U>,\n): any => {\n const findLoggedInUser = createFindLoggedInUser(\n config.get<Map<string, string>>('authentication').get('secretKey')!,\n usersManager,\n logger,\n );\n\n return async ({ req, connection }: { req: any; connection: any }) => {\n if (connection?.loggedInUser) {\n return { user: connection.loggedInUser };\n }\n\n if (!req) return null;\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n const token = getTokenFromReq(req);\n\n if (!token) return { user: undefined };\n\n const [, loggedInUser] = await findLoggedInUser(\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n req.headers['user-agent'],\n token,\n );\n\n return { user: loggedInUser };\n };\n};\n","/* eslint-disable max-lines */\nimport type { IncomingMessage } from 'node:http';\nimport { promisify } from 'node:util';\nimport type { Context, ContextState, NodeApplication } from 'alp-node';\nimport jsonwebtoken from 'jsonwebtoken';\nimport { Logger } from 'nightingale-logger';\nimport type MongoUsersManager from './MongoUsersManager';\nimport type {\n AuthController as AuthControllerType,\n AuthHooks,\n} from './createAuthController';\nimport { createAuthController } from './createAuthController';\nimport type { AuthRoutes as AuthRoutesType } from './createRoutes';\nimport { createRoutes } from './createRoutes';\nimport type { Strategies } from './services/authentification/AuthenticationService';\nimport { AuthenticationService } from './services/authentification/AuthenticationService';\nimport type { AllowedStrategyKeys } from './services/authentification/types';\nimport UserAccountsService from './services/user/UserAccountsService';\nimport type { AccountService } from './services/user/types';\nimport type { User, UserSanitized } from './types';\nimport {\n getTokenFromRequest,\n COOKIE_NAME_TOKEN,\n COOKIE_NAME_STATE,\n} from './utils/cookies';\nimport { createFindLoggedInUser } from './utils/createFindLoggedInUser';\n\nexport { default as MongoUsersManager } from './MongoUsersManager';\nexport { default as UserAccountGoogleService } from './services/user/UserAccountGoogleService';\nexport { default as UserAccountSlackService } from './services/user/UserAccountSlackService';\nexport { authSocketIO } from './authSocketIO';\nexport { createAuthApolloContext } from './authApolloContext';\nexport { STATUSES } from './services/user/UserAccountsService';\n\nexport * from './types';\n\ndeclare module 'alp-node' {\n // eslint-disable-next-line @typescript-eslint/no-shadow\n interface ContextState {\n loggedInUserId:\n | NonNullable<ContextState['loggedInUser']>['_id']\n | null\n | undefined;\n loggedInUser: User | null | undefined;\n }\n\n interface ContextSanitizedState {\n loggedInUserId:\n | NonNullable<ContextSanitizedState['loggedInUser']>['_id']\n | null\n | undefined;\n loggedInUser: UserSanitized | null | undefined;\n }\n\n interface BaseContext {\n setLoggedIn: (\n loggedInUserId: NonNullable<ContextState['loggedInUserId']>,\n loggedInUser: NonNullable<ContextState['loggedInUser']>,\n ) => Promise<void>;\n logout: () => void;\n }\n}\n\nconst logger = new Logger('alp:auth');\n\nconst signPromisified: any = promisify(jsonwebtoken.sign);\n\nexport type AuthController = AuthControllerType;\nexport type AuthRoutes = AuthRoutesType;\nexport { AuthenticationService } from './services/authentification/AuthenticationService';\n\nexport default function init<\n StrategyKeys extends AllowedStrategyKeys = 'google',\n U extends User = User,\n USanitized extends UserSanitized = UserSanitized,\n>({\n homeRouterKey,\n usersManager,\n strategies,\n defaultStrategy,\n strategyToService,\n authHooks,\n jwtAudience,\n}: {\n homeRouterKey?: string;\n usersManager: MongoUsersManager<U, USanitized>;\n strategies: Strategies<StrategyKeys>;\n defaultStrategy?: StrategyKeys;\n strategyToService: Record<StrategyKeys, AccountService<any>>;\n authHooks?: AuthHooks<StrategyKeys>;\n jwtAudience?: string;\n}) {\n // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types\n return (app: NodeApplication) => {\n const userAccountsService = new UserAccountsService(\n usersManager,\n strategyToService,\n );\n\n const authenticationService = new AuthenticationService(\n app.config,\n strategies,\n userAccountsService,\n );\n\n const controller = createAuthController({\n usersManager,\n authenticationService,\n homeRouterKey,\n defaultStrategy,\n authHooks,\n });\n\n app.context.setLoggedIn = async function (\n this: Context,\n loggedInUserId: NonNullable<ContextState['loggedInUser']>['_id'],\n loggedInUser: NonNullable<ContextState['loggedInUser']>,\n ): Promise<void> {\n logger.debug('setLoggedIn', { loggedInUser });\n if (!loggedInUserId) {\n throw new Error('Illegal value for setLoggedIn');\n }\n\n this.state.loggedInUserId = loggedInUserId;\n this.state.loggedInUser = loggedInUser;\n\n const token = await signPromisified(\n { loggedInUserId, time: Date.now() },\n this.config\n .get<Map<string, unknown>>('authentication')\n .get('secretKey'),\n {\n algorithm: 'HS512',\n audience: jwtAudience || this.request.headers['user-agent'],\n expiresIn: '30 days',\n },\n );\n\n const calcExpiresTime = (): number => {\n const date = new Date();\n date.setDate(date.getDate() + 30);\n return date.getTime();\n };\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument\n this.cookies.set(COOKIE_NAME_TOKEN, token, {\n httpOnly: true,\n secure: this.config.get('allowHttps'),\n });\n\n this.cookies.set(\n COOKIE_NAME_STATE,\n JSON.stringify({ loggedInUserId, expiresIn: calcExpiresTime() }),\n {\n httpOnly: false,\n secure: this.config.get('allowHttps'),\n },\n );\n };\n\n app.context.logout = function (this: Context): void {\n delete this.state.loggedInUserId;\n delete this.state.loggedInUser;\n this.cookies.set(COOKIE_NAME_TOKEN, '', { expires: new Date(1) });\n this.cookies.set(COOKIE_NAME_STATE, '', { expires: new Date(1) });\n };\n\n const findLoggedInUser = createFindLoggedInUser(\n app.config\n .get<Map<string, unknown>>('authentication')\n .get('secretKey') as string,\n usersManager,\n logger,\n );\n\n return {\n routes: createRoutes(controller),\n findLoggedInUserFromRequest: (\n req: IncomingMessage,\n ): ReturnType<typeof findLoggedInUser> => {\n const token = getTokenFromRequest(req);\n return findLoggedInUser(\n jwtAudience || req.headers['user-agent'],\n token,\n );\n },\n findLoggedInUser,\n middleware: async <T>(\n ctx: Context,\n next: () => Promise<T> | T,\n ): Promise<T> => {\n const token = ctx.cookies.get(COOKIE_NAME_TOKEN);\n const userAgent = ctx.request.headers['user-agent'];\n logger.debug('middleware', { token });\n\n const setState = (\n loggedInUserId: U['_id'] | null | undefined,\n loggedInUser: U | null | undefined,\n ): void => {\n ctx.state.loggedInUserId = loggedInUserId;\n ctx.state.user = loggedInUser;\n ctx.sanitizedState.loggedInUserId = loggedInUserId;\n ctx.sanitizedState.loggedInUser =\n loggedInUser && usersManager.sanitize(loggedInUser);\n };\n\n const [loggedInUserId, loggedInUser] = await findLoggedInUser(\n jwtAudience || userAgent,\n token,\n );\n logger.debug('middleware', { loggedInUserId });\n\n if (loggedInUserId == null || loggedInUser == null) {\n if (token) {\n ctx.cookies.set(COOKIE_NAME_TOKEN, '', { expires: new Date(1) });\n ctx.cookies.set(COOKIE_NAME_STATE, '', { expires: new Date(1) });\n }\n setState(null, null);\n return next();\n }\n\n setState(loggedInUserId, loggedInUser);\n return next();\n },\n };\n };\n}\n"],"names":["createAuthController","usersManager","authenticationService","homeRouterKey","defaultStrategy","authHooks","login","ctx","strategy","namedParam","Error","params","paramsForLogin","redirectAuthUrl","addScope","state","loggedInUser","redirectTo","scopeKey","response","assert","accessResponse","afterLoginSuccess","afterScopeUpdate","keyPath","store","setLoggedIn","logout","createRoutes","controller","segment","add","defaultRoute","randomBytesPromisified","promisify","randomBytes","randomHex","size","buffer","toString","logger","Logger","AuthenticationService","EventEmitter","constructor","config","strategies","userAccountsService","generateAuthUrl","debug","strategyInstance","type","oauth2","authorizationCode","authorizeURL","getTokens","options","result","getToken","code","redirect_uri","redirectUri","tokens","token","accessToken","access_token","refreshToken","refresh_token","tokenType","token_type","expiresIn","expires_in","expireDate","d","Date","setTime","getTime","idToken","id_token","tokensParam","clientCredentials","createToken","refresh","host","get","request","urlGenerator","user","accountId","scope","getScope","cookies","set","JSON","stringify","isLoginAccess","maxAge","httpOnly","secure","access_type","redirect","isLoggedIn","hooks","errorParam","queryParam","notEmpty","isValid","throw","value","validParams","cookieName","cookie","expires","parsedCookie","parse","findOrCreateFromStrategy","account","update","refreshAccountTokens","tokenExpireDate","now","Promise","resolve","provider","then","updateAccount","STATUSES","VALIDATED","DELETED","UserAccountsService","strategyToService","userId","_id","service","newScope","scopeKeyToScope","accounts","find","join","subservice","profile","getProfile","getId","status","undefined","subservices","includes","push","replaceOne","emails","getEmails","findOneByAccountOrEmails","providerKey","info","Object","assign","displayName","getDisplayName","fullName","getFullName","name","getAccountName","userEmails","forEach","email","emailDomains","reduce","domains","split","Set","insertOne","COOKIE_NAME_TOKEN","COOKIE_NAME_STATE","getTokenFromRequest","req","headers","authorization","startsWith","slice","Cookies","verifyPromisified","jsonwebtoken","verify","createDecodeJWT","secretKey","jwtAudience","algorithms","audience","loggedInUserId","createFindLoggedInUser","decodeJwt","error","err","findById","MongoUsersManager","findConnected","connected","findByKey","sanitize","sanitizeBaseUser","query","length","$or","$in","findOne","accountIndex","indexOf","partialUpdateOne","$set","created","updated","map","UserAccountGoogleService","fetch","json","id","givenName","given_name","familyName","family_name","getDefaultScope","oldScope","filter","item","i","ar","UserAccountSlackService","team","authSocketIO","app","io","findLoggedInUser","users","Map","use","socket","next","handshakeData","client","on","delete","getTokenFromReq","createAuthApolloContext","connection","signPromisified","sign","init","context","time","algorithm","date","setDate","getDate","routes","findLoggedInUserFromRequest","middleware","userAgent","setState","sanitizedState"],"mappings":";;;;;;;AA8CO,SAASA,oBAAoBA,CAIlC;EACAC,YAAY;EACZC,qBAAqB;AACrBC,EAAAA,aAAa,GAAG,GAAG;EACnBC,eAAe;AACfC,EAAAA,SAAS,GAAG,EAAC;AAC0C,CAAC,EAAkB;EAC1E,OAAO;IACL,MAAMC,KAAKA,CAACC,GAAY,EAAiB;MACvC,MAAMC,QAAsB,GAAID,GAAG,CAACE,UAAU,CAAC,UAAU,CAAC,IACxDL,eAAgC,CAAA;MAClC,IAAI,CAACI,QAAQ,EAAE,MAAM,IAAIE,KAAK,CAAC,kBAAkB,CAAC,CAAA;AAClD,MAAA,MAAMC,MAAM,GACTN,SAAS,CAACO,cAAc,KACtB,MAAMP,SAAS,CAACO,cAAc,CAACJ,QAAQ,EAAED,GAAG,CAAC,CAAC,IACjD,EAAE,CAAA;AACJ,MAAA,MAAML,qBAAqB,CAACW,eAAe,CAACN,GAAG,EAAEC,QAAQ,EAAE,EAAE,EAAEG,MAAM,CAAC,CAAA;KACvE;AAED;AACJ;AACA;AACA;IACI,MAAMG,QAAQA,CAACP,GAAY,EAAiB;AAC1C,MAAA,IAAI,CAACA,GAAG,CAACQ,KAAK,CAACC,YAAY,EAAE;AAC3BT,QAAAA,GAAG,CAACU,UAAU,CAACd,aAAa,CAAC,CAAA;AAC7B,QAAA,OAAA;AACF,OAAA;MAEA,MAAMK,QAAsB,GAAID,GAAG,CAACE,UAAU,CAAC,UAAU,CAAC,IACxDL,eAAgC,CAAA;MAClC,IAAI,CAACI,QAAQ,EAAE,MAAM,IAAIE,KAAK,CAAC,kBAAkB,CAAC,CAAA;AAClD,MAAA,MAAMQ,QAAQ,GAAGX,GAAG,CAACE,UAAU,CAAC,UAAU,CAAC,CAAA;MAC3C,IAAI,CAACS,QAAQ,EAAE,MAAM,IAAIR,KAAK,CAAC,eAAe,CAAC,CAAA;AAC/C,MAAA,MAAMR,qBAAqB,CAACW,eAAe,CAACN,GAAG,EAAEC,QAAQ,EAAE;AAAEU,QAAAA,QAAAA;AAAS,OAAC,CAAC,CAAA;KACzE;IAED,MAAMC,QAAQA,CAACZ,GAAY,EAAiB;AAC1C,MAAA,MAAMC,QAAsB,GAAGD,GAAG,CAACE,UAAU,CAAC,UAAU,CAAiB,CAAA;AACzEF,MAAAA,GAAG,CAACa,MAAM,CAACZ,QAAQ,CAAC,CAAA;AAEpB,MAAA,MAAMQ,YAAY,GAAG,MAAMd,qBAAqB,CAACmB,cAAc,CAC7Dd,GAAG,EACHC,QAAQ,EACR,CAAC,CAACD,GAAG,CAACQ,KAAK,CAACC,YAAY,EACxB;QACEM,iBAAiB,EAAEjB,SAAS,CAACiB,iBAAiB;QAC9CC,gBAAgB,EAAElB,SAAS,CAACkB,gBAAAA;AAC9B,OACF,CAAC,CAAA;AACD,MAAA,MAAMC,OAAO,GAAGvB,YAAY,CAACwB,KAAK,CAACD,OAAO,CAAA;MAC1C,MAAMjB,GAAG,CAACmB,WAAW,CAACV,YAAY,CAACQ,OAAO,CAAC,EAAER,YAAY,CAAC,CAAA;AAC1DT,MAAAA,GAAG,CAACU,UAAU,CAACd,aAAa,CAAC,CAAA;KAC9B;IAED,MAAMwB,MAAMA,CAACpB,GAAY,EAAiB;MACxCA,GAAG,CAACoB,MAAM,EAAE,CAAA;AACZpB,MAAAA,GAAG,CAACU,UAAU,CAACd,aAAa,CAAC,CAAA;AAC/B,KAAA;GACD,CAAA;AACH;;ACtGO,MAAMyB,YAAY,GAAIC,UAA0B,KAAkB;AACvEvB,EAAAA,KAAK,EAAE,CACL,mBAAmB,EAClBwB,OAAY,IAAK;IAChBA,OAAO,CAACC,GAAG,CAAC,WAAW,EAAEF,UAAU,CAACV,QAAQ,EAAE,cAAc,CAAC,CAAA;IAC7DW,OAAO,CAACE,YAAY,CAACH,UAAU,CAACvB,KAAK,EAAE,OAAO,CAAC,CAAA;AACjD,GAAC,CACF;AACDQ,EAAAA,QAAQ,EAAE,CAAC,gCAAgC,EAAEe,UAAU,CAACf,QAAQ,CAAC;AACjEa,EAAAA,MAAM,EAAE,CAAC,SAAS,EAAEE,UAAU,CAACF,MAAM,CAAA;AACvC,CAAC,CAAC;;ACfF,MAAMM,sBAAsB,GAAGC,SAAS,CAACC,WAAW,CAAC,CAAA;AAO9C,eAAeC,SAASA,CAACC,IAAY,EAAmB;AAC7D,EAAA,MAAMC,MAAM,GAAG,MAAML,sBAAsB,CAACI,IAAI,CAAC,CAAA;AACjD,EAAA,OAAOC,MAAM,CAACC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC/B;;ACbA;AACA;AACA;AACA;AAUA,MAAMC,QAAM,GAAG,IAAIC,MAAM,CAAC,yBAAyB,CAAC,CAAA;AAqC7C,MAAMC,qBAAqB,SAKxBC,YAAY,CAAC;AAOrBC,EAAAA,WAAWA,CACTC,MAAkB,EAClBC,UAAoC,EACpCC,mBAAqE,EACrE;AACA,IAAA,KAAK,EAAE,CAAA;IACP,IAAI,CAACF,MAAM,GAAGA,MAAM,CAAA;IACpB,IAAI,CAACC,UAAU,GAAGA,UAAU,CAAA;IAC5B,IAAI,CAACC,mBAAmB,GAAGA,mBAAmB,CAAA;AAChD,GAAA;AAEAC,EAAAA,eAAeA,CAAyBxC,QAAW,EAAEG,MAAW,EAAU;AACxE6B,IAAAA,QAAM,CAACS,KAAK,CAAC,iBAAiB,EAAE;MAAEzC,QAAQ;AAAEG,MAAAA,MAAAA;AAAO,KAAC,CAAC,CAAA;AACrD,IAAA,MAAMuC,gBAAgB,GAAG,IAAI,CAACJ,UAAU,CAACtC,QAAQ,CAAC,CAAA;IAClD,QAAQ0C,gBAAgB,CAACC,IAAI;AAC3B,MAAA,KAAK,QAAQ;QACX,OAAOD,gBAAgB,CAACE,MAAM,CAACC,iBAAiB,CAACC,YAAY,CAAC3C,MAAM,CAAC,CAAA;AACvE,MAAA;AACE,QAAA,MAAM,IAAID,KAAK,CAAC,kBAAkB,CAAC,CAAA;AACvC,KAAA;AACF,GAAA;AAEA,EAAA,MAAM6C,SAASA,CACb/C,QAAsB,EACtBgD,OAAyB,EACR;AACjBhB,IAAAA,QAAM,CAACS,KAAK,CAAC,WAAW,EAAE;MAAEzC,QAAQ;AAAEgD,MAAAA,OAAAA;AAAQ,KAAC,CAAC,CAAA;AAChD,IAAA,MAAMN,gBAAgB,GAAG,IAAI,CAACJ,UAAU,CAACtC,QAAQ,CAAC,CAAA;IAClD,QAAQ0C,gBAAgB,CAACC,IAAI;AAC3B,MAAA,KAAK,QAAQ;AAAE,QAAA;UACb,MAAMM,MAAM,GAAG,MAAMP,gBAAgB,CAACE,MAAM,CAACC,iBAAiB,CAACK,QAAQ,CACrE;YACEC,IAAI,EAAEH,OAAO,CAACG,IAAI;YAClBC,YAAY,EAAEJ,OAAO,CAACK,WAAAA;AACxB,WACF,CAAC,CAAA;AACD,UAAA,IAAI,CAACJ,MAAM,EAAE,OAAOA,MAAM,CAAA;AAC1B,UAAA,MAAMK,MAAM,GAAGL,MAAM,CAACM,KAAK,CAAA;UAE3B,OAAO;YACLC,WAAW,EAAEF,MAAM,CAACG,YAAsB;YAC1CC,YAAY,EAAEJ,MAAM,CAACK,aAAuB;YAC5CC,SAAS,EAAEN,MAAM,CAACO,UAAoB;YACtCC,SAAS,EAAER,MAAM,CAACS,UAAoB;YACtCC,UAAU,EAAE,CAAC,MAAM;AACjB,cAAA,IAAIV,MAAM,CAACS,UAAU,IAAI,IAAI,EAAE,OAAO,IAAI,CAAA;AAC1C,cAAA,MAAME,CAAC,GAAG,IAAIC,IAAI,EAAE,CAAA;AACpBD,cAAAA,CAAC,CAACE,OAAO,CAACF,CAAC,CAACG,OAAO,EAAE,GAAId,MAAM,CAACS,UAAU,GAAc,IAAI,CAAC,CAAA;AAC7D,cAAA,OAAOE,CAAC,CAAA;AACV,aAAC,GAAG;YACJI,OAAO,EAAEf,MAAM,CAACgB,QAAAA;WACjB,CAAA;AACD;AACF,SAAA;AAEA,MAAA;AACE,QAAA,MAAM,IAAIpE,KAAK,CAAC,iBAAiB,CAAC,CAAA;AACtC,KAAA;AACF,GAAA;AAEA,EAAA,MAAMwD,YAAYA,CAChB1D,QAAsB,EACtBuE,WAAqC,EACpB;AACjBvC,IAAAA,QAAM,CAACS,KAAK,CAAC,cAAc,EAAE;AAAEzC,MAAAA,QAAAA;AAAS,KAAC,CAAC,CAAA;AAC1C,IAAA,IAAI,CAACuE,WAAW,CAACb,YAAY,EAAE;AAC7B,MAAA,MAAM,IAAIxD,KAAK,CAAC,uBAAuB,CAAC,CAAA;AAC1C,KAAA;AACA,IAAA,MAAMwC,gBAAgB,GAAG,IAAI,CAACJ,UAAU,CAACtC,QAAQ,CAAC,CAAA;IAClD,QAAQ0C,gBAAgB,CAACC,IAAI;AAC3B,MAAA,KAAK,QAAQ;AAAE,QAAA;UACb,MAAMY,KAAK,GAAGb,gBAAgB,CAACE,MAAM,CAAC4B,iBAAiB,CAACC,WAAW,CAAC;YAClEd,aAAa,EAAEY,WAAW,CAACb,YAAAA;AAC7B,WAAC,CAAC,CAAA;AACF,UAAA,MAAMT,MAAM,GAAG,MAAMM,KAAK,CAACmB,OAAO,EAAE,CAAA;AACpC,UAAA,MAAMpB,MAAM,GAAGL,MAAM,CAACM,KAAK,CAAA;UAC3B,OAAO;YACLC,WAAW,EAAEF,MAAM,CAACG,YAAsB;YAC1CG,SAAS,EAAEN,MAAM,CAACO,UAAoB;YACtCC,SAAS,EAAER,MAAM,CAACS,UAAoB;YACtCC,UAAU,EAAE,CAAC,MAAM;AACjB,cAAA,IAAIV,MAAM,CAACS,UAAU,IAAI,IAAI,EAAE,OAAO,IAAI,CAAA;AAC1C,cAAA,MAAME,CAAC,GAAG,IAAIC,IAAI,EAAE,CAAA;AACpBD,cAAAA,CAAC,CAACE,OAAO,CAACF,CAAC,CAACG,OAAO,EAAE,GAAId,MAAM,CAACS,UAAU,GAAc,IAAI,CAAC,CAAA;AAC7D,cAAA,OAAOE,CAAC,CAAA;AACV,aAAC,GAAG;YACJI,OAAO,EAAEf,MAAM,CAACgB,QAAAA;WACjB,CAAA;AACH,SAAA;AAEA,MAAA;AACE,QAAA,MAAM,IAAIpE,KAAK,CAAC,iBAAiB,CAAC,CAAA;AACtC,KAAA;AACF,GAAA;AAEAmD,EAAAA,WAAWA,CAACtD,GAAY,EAAEC,QAAgB,EAAU;IAClD,MAAM2E,IAAI,GAAI,CAAM,IAAA,EAAA,IAAI,CAACtC,MAAM,CAACuC,GAAG,CAAC,YAAY,CAAC,GAAG,GAAG,GAAG,EAAG,CAAA,GAAA,EAC3D7E,GAAG,CAAC8E,OAAO,CAACF,IACb,CAAC,CAAA,CAAA;IACF,OAAQ,CAAA,EAAEA,IAAK,CAAE5E,EAAAA,GAAG,CAAC+E,YAAY,CAAC,cAAc,EAAE;AAChD9E,MAAAA,QAAAA;AACF,KAAC,CAAE,CAAC,CAAA,CAAA;AACN,GAAA;AAEA,EAAA,MAAMK,eAAeA,CACnBN,GAAY,EACZC,QAAsB,EACtB;IACE0D,YAAY;IACZhD,QAAQ;IACRqE,IAAI;AACJC,IAAAA,SAAAA;GAMD,EACD7E,MAAY,EACG;AACf6B,IAAAA,QAAM,CAACS,KAAK,CAAC,iBAAiB,EAAE;MAAEzC,QAAQ;MAAEU,QAAQ;AAAEgD,MAAAA,YAAAA;AAAa,KAAC,CAAC,CAAA;AACrE,IAAA,MAAMnD,KAAK,GAAG,MAAMqB,SAAS,CAAC,CAAC,CAAC,CAAA;AAEhC,IAAA,MAAMqD,KAAK,GAAG,IAAI,CAAC1C,mBAAmB,CAAC2C,QAAQ,CAC7ClF,QAAQ,EACRU,QAAQ,IAAI,OAAO,EACnBqE,IAAI,EACJC,SACF,CAAC,CAAA;IAED,IAAI,CAACC,KAAK,EAAE;AACV,MAAA,MAAM,IAAI/E,KAAK,CAAC,qBAAqB,CAAC,CAAA;AACxC,KAAA;AAEAH,IAAAA,GAAG,CAACoF,OAAO,CAACC,GAAG,CACZ,CAAOpF,KAAAA,EAAAA,QAAS,CAAGO,CAAAA,EAAAA,KAAM,CAAC,CAAA,EAC3B8E,IAAI,CAACC,SAAS,CAAC;MACb5E,QAAQ;MACRuE,KAAK;AACLM,MAAAA,aAAa,EAjBK,CAAC7E,QAAQ,IAAIA,QAAQ,KAAK,OAAA;AAkB9C,KAAC,CAAC,EACF;AACE8E,MAAAA,MAAM,EAAgB,MAAA;AACtBC,MAAAA,QAAQ,EAAE,IAAI;AACdC,MAAAA,MAAM,EAAE,IAAI,CAACrD,MAAM,CAACuC,GAAG,CAAC,YAAY,CAAA;AACtC,KACF,CAAC,CAAA;AACD,IAAA,MAAMvB,WAAW,GAAG,IAAI,CAACb,eAAe,CAACxC,QAAQ,EAAE;MACjDoD,YAAY,EAAE,IAAI,CAACC,WAAW,CAACtD,GAAG,EAAEC,QAAQ,CAAC;MAC7CiF,KAAK;MACL1E,KAAK;AACLoF,MAAAA,WAAW,EAAEjC,YAAY,GAAG,SAAS,GAAG,QAAQ;MAChD,GAAGvD,MAAAA;AACL,KAAC,CAAC,CAAA;AAEFJ,IAAAA,GAAG,CAAC6F,QAAQ,CAACvC,WAAW,CAAC,CAAA;AAC3B,GAAA;EAEA,MAAMxC,cAAcA,CAClBd,GAAY,EACZC,QAAqB,EACrB6F,UAAmB,EACnBC,KAA2C,EAC/B;AACZ,IAAA,MAAMC,UAAU,GAAGhG,GAAG,CAACI,MAAM,CAAC6F,UAAU,CAAC,OAAO,CAAC,CAACC,QAAQ,EAAE,CAAA;AAC5D,IAAA,IAAIF,UAAU,CAACG,OAAO,EAAE,EAAE;MACxBnG,GAAG,CAACoG,KAAK,CAACJ,UAAU,CAACK,KAAK,EAAE,GAAG,CAAC,CAAA;AAClC,KAAA;AAEA,IAAA,MAAMjD,IAAI,GAAGpD,GAAG,CAACsG,WAAW,CAACL,UAAU,CAAC,MAAM,CAAC,CAACC,QAAQ,EAAE,CAACG,KAAK,CAAA;AAChE,IAAA,MAAM7F,KAAK,GAAGR,GAAG,CAACsG,WAAW,CAACL,UAAU,CAAC,OAAO,CAAC,CAACC,QAAQ,EAAE,CAACG,KAAK,CAAA;AAElE,IAAA,MAAME,UAAU,GAAI,CAAA,KAAA,EAAOtG,QAAS,CAAA,CAAA,EAAGO,KAAM,CAAC,CAAA,CAAA;IAC9C,MAAMgG,MAAM,GAAGxG,GAAG,CAACoF,OAAO,CAACP,GAAG,CAAC0B,UAAU,CAAC,CAAA;IAC1CvG,GAAG,CAACoF,OAAO,CAACC,GAAG,CAACkB,UAAU,EAAE,EAAE,EAAE;AAAEE,MAAAA,OAAO,EAAE,IAAItC,IAAI,CAAC,CAAC,CAAA;AAAE,KAAC,CAAC,CAAA;IACzD,IAAI,CAACqC,MAAM,EAAE;AACX,MAAA,MAAM,IAAIrG,KAAK,CAAC,0BAA0B,CAAC,CAAA;AAC7C,KAAA;AAEA,IAAA,MAAMuG,YAAY,GAAGpB,IAAI,CAACqB,KAAK,CAACH,MAAM,CAAC,CAAA;AACvC,IAAA,IAAI,CAACE,YAAY,EAAExB,KAAK,EAAE;AACxB,MAAA,MAAM,IAAI/E,KAAK,CAAC,yBAAyB,CAAC,CAAA;AAC5C,KAAA;AAEA,IAAA,IAAI,CAACuG,YAAY,CAAClB,aAAa,EAAE;MAC/B,IAAI,CAACM,UAAU,EAAE;AACf,QAAA,MAAM,IAAI3F,KAAK,CAAC,uBAAuB,CAAC,CAAA;AAC1C,OAAA;AACF,KAAA;IAEA,MAAMoD,MAAc,GAAG,MAAM,IAAI,CAACP,SAAS,CAAC/C,QAAQ,EAAE;MACpDmD,IAAI;AACJE,MAAAA,WAAW,EAAE,IAAI,CAACA,WAAW,CAACtD,GAAG,EAAEC,QAAQ,CAAA;AAC7C,KAAC,CAAC,CAAA;IAEF,IAAIyG,YAAY,CAAClB,aAAa,EAAE;MAC9B,MAAMR,IAAI,GAAG,MAAM,IAAI,CAACxC,mBAAmB,CAACoE,wBAAwB,CAClE3G,QAAQ,EACRsD,MAAM,EACNmD,YAAY,CAACxB,KAAK,EAClBwB,YAAY,CAAC/F,QACf,CAAC,CAAA;MAED,IAAIoF,KAAK,CAAChF,iBAAiB,EAAE;AAC3B,QAAA,MAAMgF,KAAK,CAAChF,iBAAiB,CAACd,QAAQ,EAAE+E,IAAI,CAAC,CAAA;AAC/C,OAAA;AAEA,MAAA,OAAOA,IAAI,CAAA;AACb,KAAA;AAEA,IAAA,MAAMvE,YAAY,GAAGT,GAAG,CAACQ,KAAK,CAACC,YAAiB,CAAA;IAChD,MAAM;MAAEoG,OAAO;AAAE7B,MAAAA,IAAAA;KAAM,GAAG,MAAM,IAAI,CAACxC,mBAAmB,CAACsE,MAAM,CAC7DrG,YAAY,EACZR,QAAQ,EACRsD,MAAM,EACNmD,YAAY,CAACxB,KAAK,EAClBwB,YAAY,CAAC/F,QACf,CAAC,CAAA;IAED,IAAIoF,KAAK,CAAC/E,gBAAgB,EAAE;AAC1B,MAAA,MAAM+E,KAAK,CAAC/E,gBAAgB,CAC1Bf,QAAQ,EACRyG,YAAY,CAAC/F,QAAQ,EACrBkG,OAAO,EACP7B,IACF,CAAC,CAAA;AACH,KAAA;AAEA,IAAA,OAAOvE,YAAY,CAAA;AACrB,GAAA;AAEAsG,EAAAA,oBAAoBA,CAAC/B,IAAO,EAAE6B,OAAgB,EAAoB;AAChE,IAAA,IACEA,OAAO,CAACG,eAAe,IACvBH,OAAO,CAACG,eAAe,CAAC3C,OAAO,EAAE,GAAGF,IAAI,CAAC8C,GAAG,EAAE,EAC9C;AACA,MAAA,OAAOC,OAAO,CAACC,OAAO,CAAC,KAAK,CAAC,CAAA;AAC/B,KAAA;AACA,IAAA,OAAO,IAAI,CAACxD,YAAY,CAACkD,OAAO,CAACO,QAAQ,EAAkB;AACzD;MACAzD,YAAY,EAAEkD,OAAO,CAAClD,YAAAA;AACxB,KAAC,CAAC,CAAC0D,IAAI,CAAE9D,MAAc,IAAK;MAC1B,IAAI,CAACA,MAAM,EAAE;AACX;AACA,QAAA,OAAO,KAAK,CAAA;AACd,OAAA;AACAsD,MAAAA,OAAO,CAACpD,WAAW,GAAGF,MAAM,CAACE,WAAW,CAAA;AACxCoD,MAAAA,OAAO,CAACG,eAAe,GAAGzD,MAAM,CAACU,UAAU,CAAA;AAC3C,MAAA,OAAO,IAAI,CAACzB,mBAAmB,CAC5B8E,aAAa,CAACtC,IAAI,EAAE6B,OAAO,CAAC,CAC5BQ,IAAI,CAAC,MAAM,IAAI,CAAC,CAAA;AACrB,KAAC,CAAC,CAAA;AACJ,GAAA;AACF;;AC3TA;AAQA,MAAMpF,QAAM,GAAG,IAAIC,MAAM,CAAC,uBAAuB,CAAC,CAAA;AAE3C,MAAMqF,QAAQ,GAAG;AACtBC,EAAAA,SAAS,EAAE,WAAW;AACtBC,EAAAA,OAAO,EAAE,SAAA;AACX,EAAC;AAEc,MAAMC,mBAAmB,SAK9BtF,YAAY,CAAC;AAKrBC,EAAAA,WAAWA,CACT3C,YAA8C,EAC9CiI,iBAA4D,EAC5D;AACA,IAAA,KAAK,EAAE,CAAA;IACP,IAAI,CAACjI,YAAY,GAAGA,YAAY,CAAA;IAChC,IAAI,CAACiI,iBAAiB,GAAGA,iBAAiB,CAAA;AAC5C,GAAA;EAEAxC,QAAQA,CACNlF,QAAsB,EACtBU,QAAgB,EAChBqE,IAAQ,EACRC,SAAqB,EACb;AACRhD,IAAAA,QAAM,CAACS,KAAK,CAAC,UAAU,EAAE;MAAEzC,QAAQ;MAAE2H,MAAM,EAAE5C,IAAI,EAAE6C,GAAAA;AAAI,KAAC,CAAC,CAAA;AACzD,IAAA,MAAMC,OAAO,GAAG,IAAI,CAACH,iBAAiB,CAAC1H,QAAQ,CAAC,CAAA;IAChD,IAAI,CAAC6H,OAAO,EAAE;AACZ,MAAA,MAAM,IAAI3H,KAAK,CAAC,wBAAwB,CAAC,CAAA;AAC3C,KAAA;AAEA,IAAA,MAAM4H,QAAQ,GAAGD,OAAO,CAACE,eAAe,CAACrH,QAAQ,CAAC,CAAA;AAClD,IAAA,IAAI,CAACqE,IAAI,IAAI,CAACC,SAAS,EAAE;AACvB,MAAA,OAAO8C,QAAQ,CAAA;AACjB,KAAA;IACA,MAAMlB,OAAO,GAAG7B,IAAI,CAACiD,QAAQ,CAACC,IAAI,CAC/BrB,OAAO,IACNA,OAAO,CAACO,QAAQ,KAAKnH,QAAQ,IAAI4G,OAAO,CAAC5B,SAAS,KAAKA,SAC3D,CAAC,CAAA;IAED,IAAI,CAAC4B,OAAO,EAAE;AACZ,MAAA,MAAM,IAAI1G,KAAK,CAAC,oCAAoC,CAAC,CAAA;AACvD,KAAA;AACA,IAAA,OAAO2H,OAAO,CAAC3C,QAAQ,CAAC0B,OAAO,CAAC3B,KAAK,EAAE6C,QAAQ,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC,CAAA;AAC5D,GAAA;EAEA,MAAMrB,MAAMA,CACV9B,IAAO,EACP/E,QAAsB,EACtBsD,MAAoB,EACpB2B,KAAa,EACbkD,UAAkB,EACoC;AACtD,IAAA,MAAMN,OAAO,GAAG,IAAI,CAACH,iBAAiB,CAAC1H,QAAQ,CAAC,CAAA;IAChD,MAAMoI,OAAO,GAAG,MAAMP,OAAO,CAACQ,UAAU,CAAC/E,MAAM,CAAC,CAAA;AAChD,IAAA,MAAM0B,SAAS,GAAG6C,OAAO,CAACS,KAAK,CAACF,OAAO,CAAC,CAAA;IACxC,MAAMxB,OAAO,GAAG7B,IAAI,CAACiD,QAAQ,CAACC,IAAI,CAC/BrB,OAAO,IACNA,OAAO,CAACO,QAAQ,KAAKnH,QAAQ,IAAI4G,OAAO,CAAC5B,SAAS,KAAKA,SAC3D,CAAC,CAAA;IACD,IAAI,CAAC4B,OAAO,EAAE;AACZ;AACA;AACA,MAAA,MAAM,IAAI1G,KAAK,CAAC,oCAAoC,CAAC,CAAA;AACvD,KAAA;IACA0G,OAAO,CAAC2B,MAAM,GAAG,OAAO,CAAA;AACxB3B,IAAAA,OAAO,CAACpD,WAAW,GAAGF,MAAM,CAACE,WAAW,CAAA;IACxC,IAAIF,MAAM,CAACI,YAAY,EAAE;AACvBkD,MAAAA,OAAO,CAAClD,YAAY,GAAGJ,MAAM,CAACI,YAAY,CAAA;AAC5C,KAAA;AACA,IAAA,IAAIJ,MAAM,CAACU,UAAU,KAAKwE,SAAS,EAAE;AACnC5B,MAAAA,OAAO,CAACG,eAAe,GAAGzD,MAAM,CAACU,UAAU,CAAA;AAC7C,KAAA;AACA4C,IAAAA,OAAO,CAAC3B,KAAK,GAAG4C,OAAO,CAAC3C,QAAQ,CAAC0B,OAAO,CAAC3B,KAAK,EAAEA,KAAK,CAAC,CAAA;AACtD2B,IAAAA,OAAO,CAAC6B,WAAW,GAAG7B,OAAO,CAAC6B,WAAW,IAAI,EAAE,CAAA;IAC/C,IAAIN,UAAU,IAAI,CAACvB,OAAO,CAAC6B,WAAW,CAACC,QAAQ,CAACP,UAAU,CAAC,EAAE;AAC3DvB,MAAAA,OAAO,CAAC6B,WAAW,CAACE,IAAI,CAACR,UAAU,CAAC,CAAA;AACtC,KAAA;AAEA,IAAA,MAAM,IAAI,CAAC1I,YAAY,CAACmJ,UAAU,CAAC7D,IAAI,CAAC,CAAA;IACxC,OAAO;MAAEA,IAAI;AAAE6B,MAAAA,OAAAA;KAAS,CAAA;AAC1B,GAAA;EAEA,MAAMD,wBAAwBA,CAC5B3G,QAAsB,EACtBsD,MAAoB,EACpB2B,KAAa,EACbkD,UAAkB,EACN;AACZ,IAAA,MAAMN,OAAO,GAAG,IAAI,CAACH,iBAAiB,CAAC1H,QAAQ,CAAC,CAAA;IAChD,IAAI,CAAC6H,OAAO,EAAE,MAAM,IAAI3H,KAAK,CAAC,wBAAwB,CAAC,CAAA;IAEvD,MAAMkI,OAAO,GAAG,MAAMP,OAAO,CAACQ,UAAU,CAAC/E,MAAM,CAAC,CAAA;AAChD,IAAA,MAAM0B,SAAS,GAAG6C,OAAO,CAACS,KAAK,CAACF,OAAO,CAAC,CAAA;IACxC,IAAI,CAACpD,SAAS,EAAE,MAAM,IAAI9E,KAAK,CAAC,8BAA8B,CAAC,CAAA;AAE/D,IAAA,MAAM2I,MAAM,GAAGhB,OAAO,CAACiB,SAAS,CAACV,OAAO,CAAC,CAAA;IAEzC,IAAIrD,IAA4B,GAC9B,MAAM,IAAI,CAACtF,YAAY,CAACsJ,wBAAwB,CAAC;MAC/C5B,QAAQ,EAAEU,OAAO,CAACmB,WAAW;MAC7BhE,SAAS;AACT6D,MAAAA,MAAAA;AACF,KAAC,CAAC,CAAA;IAEJ7G,QAAM,CAACiH,IAAI,CAAC,CAAClE,IAAI,GAAG,aAAa,GAAG,eAAe,EAAE;MACnD4C,MAAM,EAAE5C,IAAI,EAAE6C,GAAG;AACjB5C,MAAAA,SAAAA;AACA;AACF,KAAC,CAAC,CAAA;IAEF,IAAI,CAACD,IAAI,EAAE;MACTA,IAAI,GAAG,EAAE,CAAA;AACX,KAAA;AAEAmE,IAAAA,MAAM,CAACC,MAAM,CAACpE,IAAI,EAAE;AAClBqE,MAAAA,WAAW,EAAEvB,OAAO,CAACwB,cAAc,CAACjB,OAAO,CAAC;AAC5CkB,MAAAA,QAAQ,EAAEzB,OAAO,CAAC0B,WAAW,CAACnB,OAAO,CAAC;MACtCG,MAAM,EAAEjB,QAAQ,CAACC,SAAAA;AACnB,KAAC,CAAC,CAAA;IAEF,IAAI,CAACxC,IAAI,CAACiD,QAAQ,EAAEjD,IAAI,CAACiD,QAAQ,GAAG,EAAE,CAAA;IAEtC,IAAIpB,OAAqC,GAAG7B,IAAI,CAACiD,QAAQ,CAACC,IAAI,CAC3DrB,OAAgB,IACfA,OAAO,CAACO,QAAQ,KAAKnH,QAAQ,IAAI4G,OAAO,CAAC5B,SAAS,KAAKA,SAC3D,CAAC,CAAA;IAED,IAAI,CAAC4B,OAAO,EAAE;AACZA,MAAAA,OAAO,GAAG;AAAEO,QAAAA,QAAQ,EAAEnH,QAAQ;AAAEgF,QAAAA,SAAAA;OAAW,CAAA;AAC3C;AACAD,MAAAA,IAAI,CAACiD,QAAQ,CAACW,IAAI,CAAC/B,OAAO,CAAC,CAAA;AAC7B,KAAA;IAEAA,OAAO,CAAC4C,IAAI,GAAG3B,OAAO,CAAC4B,cAAc,CAACrB,OAAO,CAAC,CAAA;IAC9CxB,OAAO,CAAC2B,MAAM,GAAG,OAAO,CAAA;IACxB3B,OAAO,CAACwB,OAAO,GAAGA,OAAO,CAAA;AACzBxB,IAAAA,OAAO,CAACpD,WAAW,GAAGF,MAAM,CAACE,WAAW,CAAA;IACxC,IAAIF,MAAM,CAACI,YAAY,EAAE;AACvBkD,MAAAA,OAAO,CAAClD,YAAY,GAAGJ,MAAM,CAACI,YAAY,CAAA;AAC5C,KAAA;AACA,IAAA,IAAIJ,MAAM,CAACU,UAAU,KAAKwE,SAAS,EAAE;AACnC5B,MAAAA,OAAO,CAACG,eAAe,GAAGzD,MAAM,CAACU,UAAU,CAAA;AAC7C,KAAA;AACA4C,IAAAA,OAAO,CAAC3B,KAAK,GAAG4C,OAAO,CAAC3C,QAAQ,CAAC0B,OAAO,CAAC3B,KAAK,EAAEA,KAAK,CAAC,CAAA;IAEtD,IAAI,CAAC2B,OAAO,CAAC6B,WAAW,EAAE7B,OAAO,CAAC6B,WAAW,GAAG,EAAE,CAAA;IAClD,IAAIN,UAAU,IAAI,CAACvB,OAAO,CAAC6B,WAAW,CAACC,QAAQ,CAACP,UAAU,CAAC,EAAE;AAC3DvB,MAAAA,OAAO,CAAC6B,WAAW,CAACE,IAAI,CAACR,UAAU,CAAC,CAAA;AACtC,KAAA;IAEA,IAAI,CAACpD,IAAI,CAAC8D,MAAM,EAAE9D,IAAI,CAAC8D,MAAM,GAAG,EAAE,CAAA;AAClC,IAAA,MAAMa,UAAU,GAAG3E,IAAI,CAAC8D,MAAM,CAAA;AAC9BA,IAAAA,MAAM,CAACc,OAAO,CAAEC,KAAa,IAAK;AAChC,MAAA,IAAI,CAACF,UAAU,CAAChB,QAAQ,CAACkB,KAAK,CAAC,EAAE;AAC/BF,QAAAA,UAAU,CAACf,IAAI,CAACiB,KAAK,CAAC,CAAA;AACxB,OAAA;AACF,KAAC,CAAC,CAAA;IAEF7E,IAAI,CAAC8E,YAAY,GAAG;AAClB;AACA,IAAA,GAAG9E,IAAI,CAAC8D,MAAM,CAACiB,MAAM,CACnB,CAACC,OAAoB,EAAEH,KAAa,KAClCG,OAAO,CAACxI,GAAG,CAACqI,KAAK,CAACI,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACrC,IAAIC,GAAG,EACT,CAAC,CACF,CAAA;IAED,MAAMjJ,OAAO,GAAG,IAAI,CAACvB,YAAY,CAACwB,KAAK,CAACD,OAAO,CAAA;AAE/C,IAAA,IAAI+D,IAAI,CAAC/D,OAAO,CAAC,EAAE;AACjB,MAAA,MAAM,IAAI,CAACvB,YAAY,CAACmJ,UAAU,CAAC7D,IAAS,CAAC,CAAA;AAC/C,KAAC,MAAM;AACL,MAAA,MAAM,IAAI,CAACtF,YAAY,CAACyK,SAAS,CAACnF,IAAS,CAAC,CAAA;AAC9C,KAAA;AAEA,IAAA,OAAOA,IAAI,CAAA;AACb,GAAA;AAEA,EAAA,MAAMsC,aAAaA,CAACtC,IAAO,EAAE6B,OAAgB,EAAc;IACzD,MAAM,IAAI,CAACnH,YAAY,CAAC4H,aAAa,CAACtC,IAAI,EAAE6B,OAAO,CAAC,CAAA;AACpD,IAAA,OAAO7B,IAAI,CAAA;AACb,GAAA;AACF;;AClMO,MAAMoF,iBAAiB,GAAG,mBAAmB,CAAA;AAC7C,MAAMC,iBAAiB,GAAG,mBAAmB,CAAA;AAE7C,MAAMC,mBAAmB,GAAGA,CACjCC,GAAoB,EACpBtH,OAAuD,KAChC;EACvB,IAAIsH,GAAG,CAACC,OAAO,CAACC,aAAa,EAAEC,UAAU,CAAC,SAAS,CAAC,EAAE;IACpD,OAAOH,GAAG,CAACC,OAAO,CAACC,aAAa,CAACE,KAAK,EAAiB,CAAC,CAAA;AAC1D,GAAA;;AAEA;EACA,MAAMvF,OAAO,GAAG,IAAIwF,OAAO,CAACL,GAAG,EAAE,IAAI,EAAoB;AACvD,IAAA,GAAGtH,OAAO;AACV0C,IAAAA,MAAM,EAAE,IAAA;AACV,GAAC,CAAC,CAAA;AAEF,EAAA,OAAOP,OAAO,CAACP,GAAG,CAACuF,iBAAiB,CAAC,CAAA;AACvC,CAAC;;ACHD,MAAMS,iBAAiB,GAAGlJ,SAAS,CAKjCmJ,YAAY,CAACC,MAAgB,CAAC,CAAA;AAEhC,MAAMC,eAAe,GAClBC,SAAiB,IAClB,OAAOzH,KAAa,EAAE0H,WAAmB,KAAkC;EACzE,MAAMhI,MAAM,GAAG,MAAM2H,iBAAiB,CAACrH,KAAK,EAAEyH,SAAS,EAAE;IACvDE,UAAU,EAAE,CAAC,OAAO,CAAC;AACrBC,IAAAA,QAAQ,EAAEF,WAAAA;AACZ,GAAC,CAAC,CAAA;EACF,OAAQhI,MAAM,EAAUmI,cAAc,CAAA;AACxC,CAAC,CAAA;AAOI,MAAMC,sBAAsB,GAAGA,CAIpCL,SAAiB,EACjBvL,YAA8C,EAC9CuC,MAAc,KACU;AACxB,EAAA,MAAMsJ,SAAS,GAAGP,eAAe,CAACC,SAAS,CAAC,CAAA;AAqB5C,EAAA,OAnB8C,OAAOC,WAAW,EAAE1H,KAAK,KAAK;IAC1E,IAAI,CAACA,KAAK,IAAI,CAAC0H,WAAW,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;AAE/C,IAAA,IAAIG,cAAc,CAAA;IAClB,IAAI;AACFA,MAAAA,cAAc,GAAG,MAAME,SAAS,CAAC/H,KAAK,EAAE0H,WAAW,CAAC,CAAA;KACrD,CAAC,OAAOM,KAAc,EAAE;AACvBvJ,MAAAA,MAAM,CAACS,KAAK,CAAC,mCAAmC,EAAE;AAAE+I,QAAAA,GAAG,EAAED,KAAAA;AAAM,OAAC,CAAC,CAAA;AACnE,KAAA;IAEA,IAAIH,cAAc,IAAI,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;IAE/C,MAAM5K,YAAY,GAAG,MAAMf,YAAY,CAACgM,QAAQ,CAACL,cAAc,CAAC,CAAA;IAEhE,IAAI,CAAC5K,YAAY,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;AAEtC,IAAA,OAAO,CAAC4K,cAAc,EAAE5K,YAAY,CAAC,CAAA;GACtC,CAAA;AAGH,CAAC;;ACpEc,MAAMkL,iBAAiB,CAGpC;EAGAtJ,WAAWA,CAACnB,KAAoB,EAAE;IAChC,IAAI,CAACA,KAAK,GAAGA,KAAK,CAAA;AACpB,GAAA;;AAEA;EACA0K,aAAaA,CAACC,SAAiB,EAA0B;AACvD,IAAA,OAAO,IAAI,CAAC3K,KAAK,CAAC4K,SAAS,CAACD,SAAS,CAAC,CAAA;AACxC,GAAA;EAEAH,QAAQA,CAAC9D,MAAc,EAA0B;AAC/C,IAAA,OAAO,IAAI,CAAC1G,KAAK,CAAC4K,SAAS,CAAClE,MAAM,CAAC,CAAA;AACrC,GAAA;EAEAuC,SAASA,CAACnF,IAAwB,EAAgB;AAChD,IAAA,OAAO,IAAI,CAAC9D,KAAK,CAACiJ,SAAS,CAACnF,IAAI,CAAC,CAAA;AACnC,GAAA;EAEA6D,UAAUA,CAAC7D,IAAO,EAAgB;AAChC,IAAA,OAAO,IAAI,CAAC9D,KAAK,CAAC2H,UAAU,CAAC7D,IAAI,CAAC,CAAA;AACpC,GAAA;EAEA+G,QAAQA,CAAC/G,IAAO,EAAc;AAC5B,IAAA,OAAO,IAAI,CAACgH,gBAAgB,CAAChH,IAAI,CAAC,CAAA;AACpC,GAAA;AAEAgE,EAAAA,wBAAwBA,CAAC;IACvB/D,SAAS;IACT6D,MAAM;AACN1B,IAAAA,QAAAA;AAKF,GAAC,EAA0B;AACzB,IAAA,IAAI6E,KAAU,GAAG;AACf,MAAA,mBAAmB,EAAE7E,QAAQ;AAC7B,MAAA,oBAAoB,EAAEnC,SAAAA;KACvB,CAAA;AAED,IAAA,IAAI6D,MAAM,IAAIA,MAAM,CAACoD,MAAM,GAAG,CAAC,EAAE;AAC/BD,MAAAA,KAAK,GAAG;QACNE,GAAG,EAAE,CACHF,KAAK,EACL;AACEnD,UAAAA,MAAM,EAAE;AAAEsD,YAAAA,GAAG,EAAEtD,MAAAA;AAAO,WAAA;SACvB,CAAA;OAEJ,CAAA;AACH,KAAA;;AAEA;AACA,IAAA,OAAO,IAAI,CAAC5H,KAAK,CAACmL,OAAO,CAACJ,KAAK,CAAC,CAAA;AAClC,GAAA;AAEA3E,EAAAA,aAAaA,CAACtC,IAAO,EAAE6B,OAAgB,EAAc;IACnD,MAAMyF,YAAY,GAAGtH,IAAI,CAACiD,QAAQ,CAACsE,OAAO,CAAC1F,OAAO,CAAC,CAAA;AACnD,IAAA,IAAIyF,YAAY,KAAK,CAAC,CAAC,EAAE;AACvB,MAAA,MAAM,IAAInM,KAAK,CAAC,iBAAiB,CAAC,CAAA;AACpC,KAAA;AAEA,IAAA,OAAO,IAAI,CAACe,KAAK,CAACsL,gBAAgB,CAACxH,IAAI,EAAE;AACvCyH,MAAAA,IAAI,EAAE;QACJ,CAAE,CAAA,SAAA,EAAWH,YAAa,CAAA,CAAC,GAAGzF,OAAAA;AAChC,OAAA;AACF,KAAc,CAAC,CAAA;AACjB,GAAA;;AAEA;EACAmF,gBAAgBA,CAAChH,IAAO,EAAiB;IACvC,OAAO;MACL6C,GAAG,EAAE7C,IAAI,CAAC6C,GAAG;MACb6E,OAAO,EAAE1H,IAAI,CAAC0H,OAAO;MACrBC,OAAO,EAAE3H,IAAI,CAAC2H,OAAO;MACrBtD,WAAW,EAAErE,IAAI,CAACqE,WAAW;MAC7BE,QAAQ,EAAEvE,IAAI,CAACuE,QAAQ;MACvBf,MAAM,EAAExD,IAAI,CAACwD,MAAM;MACnBM,MAAM,EAAE9D,IAAI,CAAC8D,MAAM;MACnBgB,YAAY,EAAE9E,IAAI,CAAC8E,YAAY;MAC/B7B,QAAQ,EAAEjD,IAAI,CAACiD,QAAQ,CAAC2E,GAAG,CAAE/F,OAAgB,KAAM;QACjDO,QAAQ,EAAEP,OAAO,CAACO,QAAQ;QAC1BnC,SAAS,EAAE4B,OAAO,CAAC5B,SAAS;QAC5BwE,IAAI,EAAE5C,OAAO,CAAC4C,IAAI;QAClBjB,MAAM,EAAE3B,OAAO,CAAC2B,MAAM;QACtBH,OAAO,EAAExB,OAAO,CAACwB,OAAAA;AACnB,OAAC,CAAC,CAAA;KACH,CAAA;AACH,GAAA;AACF;;AChGA;AACA;AACA;;AAIe,MAAMwE,wBAAwB,CAE7C;EAGExK,WAAWA,CAAC2F,eAA4D,EAAE;IACxE,IAAI,CAACA,eAAe,GAAG;AACrB,MAAA,GAAGA,eAAe;AAClBjI,MAAAA,KAAK,EAAE,sBAAA;KACR,CAAA;AACH,GAAA;AAEAkJ,EAAAA,WAAW,GAAG,QAAQ,CAAA;EAEtBX,UAAUA,CAAC/E,MAAc,EAAgB;AACvC,IAAA,OAAOuJ,KAAK,CACT,CAAA,2DAAA,EAA6DvJ,MAAM,CAACE,WAAY,EACnF,CAAC,CAAC4D,IAAI,CAAEzG,QAAQ,IAAKA,QAAQ,CAACmM,IAAI,EAAE,CAAC,CAAA;AACvC,GAAA;EAEAxE,KAAKA,CAACF,OAAY,EAAO;IACvB,OAAOA,OAAO,CAAC2E,EAAE,CAAA;AACnB,GAAA;EAEAtD,cAAcA,CAACrB,OAAY,EAA6B;IACtD,OAAOA,OAAO,CAACwB,KAAK,CAAA;AACtB,GAAA;EAEAd,SAASA,CAACV,OAAY,EAAY;IAChC,MAAMS,MAAgB,GAAG,EAAE,CAAA;IAE3B,IAAIT,OAAO,CAACwB,KAAK,EAAE;AACjBf,MAAAA,MAAM,CAACF,IAAI,CAACP,OAAO,CAACwB,KAAK,CAAC,CAAA;AAC5B,KAAA;AAEA,IAAA,OAAOf,MAAM,CAAA;AACf,GAAA;EAEAQ,cAAcA,CAACjB,OAAY,EAA6B;IACtD,OAAOA,OAAO,CAACoB,IAAI,CAAA;AACrB,GAAA;EAEAD,WAAWA,CAACnB,OAAY,EAAY;IAClC,OAAO;MACL4E,SAAS,EAAE5E,OAAO,CAAC6E,UAAU;MAC7BC,UAAU,EAAE9E,OAAO,CAAC+E,WAAAA;KACrB,CAAA;AACH,GAAA;EAEAC,eAAeA,CAACtF,QAAgB,EAAY;AAC1C,IAAA,OAAO,IAAI,CAAC5C,QAAQ,CAACsD,SAAS,EAAEV,QAAQ,CAAC,CAAA;AAC3C,GAAA;AAEA5C,EAAAA,QAAQA,CAACmI,QAA8B,EAAEvF,QAAgB,EAAY;AACnE,IAAA,OAAO,CAACuF,QAAQ,GACZvF,QAAQ,CAACkC,KAAK,CAAC,GAAG,CAAC,GACnB,CAAC,GAAGqD,QAAQ,EAAE,GAAGvF,QAAQ,CAACkC,KAAK,CAAC,GAAG,CAAC,CAAC,CAACsD,MAAM,CAC1C,CAACC,IAAI,EAAEC,CAAC,EAAEC,EAAE,KAAKA,EAAE,CAACnB,OAAO,CAACiB,IAAI,CAAC,KAAKC,CACxC,CAAC,CAAA;AACP,GAAA;AACF;;AClEA;AACA;;AAIA;;AAEe,MAAME,uBAAuB,CAE5C;EAGEtL,WAAWA,CAAC2F,eAA4D,EAAE;IACxE,IAAI,CAACA,eAAe,GAAG;AACrB,MAAA,GAAGA,eAAe;AAClBjI,MAAAA,KAAK,EAAE,+CAAA;KACR,CAAA;AACH,GAAA;AAEAkJ,EAAAA,WAAW,GAAG,QAAQ,CAAA;EAEtBX,UAAUA,CAAC/E,MAAc,EAAgB;AACvC,IAAA,OAAOuJ,KAAK,CACT,CAAA,2CAAA,EAA6CvJ,MAAM,CAACE,WAAY,EACnE,CAAC,CAAC4D,IAAI,CAAEzG,QAAQ,IAAKA,QAAQ,CAACmM,IAAI,EAAE,CAAC,CAAA;AACvC,GAAA;EAEAxE,KAAKA,CAACF,OAAY,EAAiB;AACjC,IAAA,IAAI,CAACA,OAAO,EAAEuF,IAAI,EAAEZ,EAAE,IAAI,CAAC3E,OAAO,CAACrD,IAAI,EAAEgI,EAAE,EAAE;AAC3C,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;AACA,IAAA,OAAQ,CAAO3E,KAAAA,EAAAA,OAAO,CAACuF,IAAI,CAACZ,EAAa,CACvC3E,MAAAA,EAAAA,OAAO,CAACrD,IAAI,CAACgI,EACd,CAAC,CAAA,CAAA;AACJ,GAAA;EAEAtD,cAAcA,CAACrB,OAAY,EAA6B;AACtD,IAAA,OAAOA,OAAO,CAACrD,IAAI,CAAC6E,KAAK,CAAA;AAC3B,GAAA;EAEAd,SAASA,CAACV,OAAY,EAAY;AAChC,IAAA,OAAOA,OAAO,CAACrD,IAAI,CAAC6E,KAAK,GAAG,CAACxB,OAAO,CAACrD,IAAI,CAAC6E,KAAK,CAAC,GAAG,EAAE,CAAA;AACvD,GAAA;EAEAP,cAAcA,CAACjB,OAAY,EAA6B;AACtD,IAAA,OAAOA,OAAO,CAACrD,IAAI,CAACyE,IAAI,CAAA;AAC1B,GAAA;AAEAD,EAAAA,WAAWA,GAAgC;AACzC,IAAA,OAAO,IAAI,CAAA;AACb,GAAA;EAEA6D,eAAeA,CAACtF,QAAgB,EAAY;AAC1C,IAAA,OAAO,IAAI,CAAC5C,QAAQ,CAACsD,SAAS,EAAEV,QAAQ,CAAC,CAAA;AAC3C,GAAA;AAEA5C,EAAAA,QAAQA,CAACmI,QAA8B,EAAEvF,QAAgB,EAAY;AACnE,IAAA,OAAO,CAACuF,QAAQ,GACZvF,QAAQ,CAACkC,KAAK,CAAC,GAAG,CAAC,GACnB,CAAC,GAAGqD,QAAQ,EAAE,GAAGvF,QAAQ,CAACkC,KAAK,CAAC,GAAG,CAAC,CAAC,CAACsD,MAAM,CAC1C,CAACC,IAAI,EAAEC,CAAC,EAAEC,EAAE,KAAKA,EAAE,CAACnB,OAAO,CAACiB,IAAI,CAAC,KAAKC,CACxC,CAAC,CAAA;AACP,GAAA;AACF;;ACxDA,MAAMxL,QAAM,GAAG,IAAIC,MAAM,CAAC,UAAU,CAAC,CAAA;AAE9B,MAAM2L,YAAY,GAAGA,CAC1BC,GAAoB,EACpBpO,YAAkC,EAElCqO,EAAO,EACP7C,WAAoB,KACX;EACT,MAAM8C,gBAAgB,GAAG1C,sBAAsB,CAC7CwC,GAAG,CAACxL,MAAM,CAACuC,GAAG,CAAsB,gBAAgB,CAAC,CAACA,GAAG,CAAC,WAAW,CAAC,EACtEnF,YAAY,EACZuC,QACF,CAAC,CAAA;AAED,EAAA,MAAMgM,KAAK,GAAG,IAAIC,GAAG,EAAE,CAAA;EACvBH,EAAE,CAACE,KAAK,GAAGA,KAAK,CAAA;AAEhBF,EAAAA,EAAE,CAACI,GAAG,CAAC,OAAOC,MAAW,EAAEC,IAAS,KAAK;AACvC,IAAA,MAAMC,aAAa,GAAGF,MAAM,CAACtJ,OAAO,CAAA;AACpC;AACA,IAAA,MAAMtB,KAAK,GAAG8G,mBAAmB,CAACgE,aAAa,CAAC,CAAA;AAEhD,IAAA,IAAI,CAAC9K,KAAK,EAAE,OAAO6K,IAAI,EAAE,CAAA;AAEzB,IAAA,MAAM,CAAChD,cAAc,EAAE5K,YAAY,CAAC,GAAG,MAAMuN,gBAAgB;AAC3D;IACA9C,WAAW,IAAIoD,aAAa,CAAC9D,OAAO,CAAC,YAAY,CAAC,EAClDhH,KACF,CAAC,CAAA;IAED,IAAI,CAAC6H,cAAc,IAAI,CAAC5K,YAAY,EAAE,OAAO4N,IAAI,EAAE,CAAA;IAEnDD,MAAM,CAACpJ,IAAI,GAAGvE,YAAY,CAAA;IAC1BwN,KAAK,CAAC5I,GAAG,CAAC+I,MAAM,CAACG,MAAM,CAACvB,EAAE,EAAEvM,YAAY,CAAC,CAAA;AAEzC2N,IAAAA,MAAM,CAACI,EAAE,CAAC,cAAc,EAAE,MAAMP,KAAK,CAACQ,MAAM,CAACL,MAAM,CAACG,MAAM,CAACvB,EAAE,CAAC,CAAC,CAAA;IAE/D,MAAMqB,IAAI,EAAE,CAAA;AACd,GAAC,CAAC,CAAA;AACJ;;ACvCA,MAAMpM,QAAM,GAAG,IAAIC,MAAM,CAAC,UAAU,CAAC,CAAA;AAErC,MAAMwM,eAAe,GACnBnE,GAA2D,IACpC;EACvB,IAAIA,GAAG,CAACnF,OAAO,EAAE,OAAOmF,GAAG,CAACnF,OAAO,CAACgF,iBAAiB,CAAC,CAAA;EACtD,OAAOE,mBAAmB,CAACC,GAAG,CAAC,CAAA;AACjC,CAAC,CAAA;;AAED;AACA;AACA;AACA;MACaoE,uBAAuB,GAAGA,CACrCrM,MAAkB,EAClB5C,YAAkC,KAC1B;AACR,EAAA,MAAMsO,gBAAgB,GAAG1C,sBAAsB,CAC7ChJ,MAAM,CAACuC,GAAG,CAAsB,gBAAgB,CAAC,CAACA,GAAG,CAAC,WAAW,CAAC,EAClEnF,YAAY,EACZuC,QACF,CAAC,CAAA;AAED,EAAA,OAAO,OAAO;IAAEsI,GAAG;AAAEqE,IAAAA,UAAAA;AAA0C,GAAC,KAAK;IACnE,IAAIA,UAAU,EAAEnO,YAAY,EAAE;MAC5B,OAAO;QAAEuE,IAAI,EAAE4J,UAAU,CAACnO,YAAAA;OAAc,CAAA;AAC1C,KAAA;AAEA,IAAA,IAAI,CAAC8J,GAAG,EAAE,OAAO,IAAI,CAAA;;AAErB;AACA,IAAA,MAAM/G,KAAK,GAAGkL,eAAe,CAACnE,GAAG,CAAC,CAAA;IAElC,IAAI,CAAC/G,KAAK,EAAE,OAAO;AAAEwB,MAAAA,IAAI,EAAEyD,SAAAA;KAAW,CAAA;AAEtC,IAAA,MAAM,GAAGhI,YAAY,CAAC,GAAG,MAAMuN,gBAAgB;AAC7C;AACAzD,IAAAA,GAAG,CAACC,OAAO,CAAC,YAAY,CAAC,EACzBhH,KACF,CAAC,CAAA;IAED,OAAO;AAAEwB,MAAAA,IAAI,EAAEvE,YAAAA;KAAc,CAAA;GAC9B,CAAA;AACH;;ACnDA;;AA+DA,MAAMwB,MAAM,GAAG,IAAIC,MAAM,CAAC,UAAU,CAAC,CAAA;AAErC,MAAM2M,eAAoB,GAAGlN,SAAS,CAACmJ,YAAY,CAACgE,IAAI,CAAC,CAAA;AAM1C,SAASC,IAAIA,CAI1B;EACAnP,aAAa;EACbF,YAAY;EACZ6C,UAAU;EACV1C,eAAe;EACf8H,iBAAiB;EACjB7H,SAAS;AACToL,EAAAA,WAAAA;AASF,CAAC,EAAE;AACD;AACA,EAAA,OAAQ4C,GAAoB,IAAK;IAC/B,MAAMtL,mBAAmB,GAAG,IAAIkF,mBAAmB,CACjDhI,YAAY,EACZiI,iBACF,CAAC,CAAA;AAED,IAAA,MAAMhI,qBAAqB,GAAG,IAAIwC,qBAAqB,CACrD2L,GAAG,CAACxL,MAAM,EACVC,UAAU,EACVC,mBACF,CAAC,CAAA;IAED,MAAMlB,UAAU,GAAG7B,oBAAoB,CAAC;MACtCC,YAAY;MACZC,qBAAqB;MACrBC,aAAa;MACbC,eAAe;AACfC,MAAAA,SAAAA;AACF,KAAC,CAAC,CAAA;IAEFgO,GAAG,CAACkB,OAAO,CAAC7N,WAAW,GAAG,gBAExBkK,cAAgE,EAChE5K,YAAuD,EACxC;AACfwB,MAAAA,MAAM,CAACS,KAAK,CAAC,aAAa,EAAE;AAAEjC,QAAAA,YAAAA;AAAa,OAAC,CAAC,CAAA;MAC7C,IAAI,CAAC4K,cAAc,EAAE;AACnB,QAAA,MAAM,IAAIlL,KAAK,CAAC,+BAA+B,CAAC,CAAA;AAClD,OAAA;AAEA,MAAA,IAAI,CAACK,KAAK,CAAC6K,cAAc,GAAGA,cAAc,CAAA;AAC1C,MAAA,IAAI,CAAC7K,KAAK,CAACC,YAAY,GAAGA,YAAY,CAAA;AAEtC,MAAA,MAAM+C,KAAK,GAAG,MAAMqL,eAAe,CACjC;QAAExD,cAAc;AAAE4D,QAAAA,IAAI,EAAE9K,IAAI,CAAC8C,GAAG,EAAC;AAAE,OAAC,EACpC,IAAI,CAAC3E,MAAM,CACRuC,GAAG,CAAuB,gBAAgB,CAAC,CAC3CA,GAAG,CAAC,WAAW,CAAC,EACnB;AACEqK,QAAAA,SAAS,EAAE,OAAO;QAClB9D,QAAQ,EAAEF,WAAW,IAAI,IAAI,CAACpG,OAAO,CAAC0F,OAAO,CAAC,YAAY,CAAC;AAC3DzG,QAAAA,SAAS,EAAE,SAAA;AACb,OACF,CAAC,CAAA;AAQD;MACA,IAAI,CAACqB,OAAO,CAACC,GAAG,CAAC+E,iBAAiB,EAAE5G,KAAK,EAAE;AACzCkC,QAAAA,QAAQ,EAAE,IAAI;AACdC,QAAAA,MAAM,EAAE,IAAI,CAACrD,MAAM,CAACuC,GAAG,CAAC,YAAY,CAAA;AACtC,OAAC,CAAC,CAAA;MAEF,IAAI,CAACO,OAAO,CAACC,GAAG,CACdgF,iBAAiB,EACjB/E,IAAI,CAACC,SAAS,CAAC;QAAE8F,cAAc;QAAEtH,SAAS,EAAE,CAdtB,MAAc;AACpC,UAAA,MAAMoL,IAAI,GAAG,IAAIhL,IAAI,EAAE,CAAA;UACvBgL,IAAI,CAACC,OAAO,CAACD,IAAI,CAACE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAA;AACjC,UAAA,OAAOF,IAAI,CAAC9K,OAAO,EAAE,CAAA;AACvB,SAAC,GAU6D;AAAE,OAAC,CAAC,EAChE;AACEqB,QAAAA,QAAQ,EAAE,KAAK;AACfC,QAAAA,MAAM,EAAE,IAAI,CAACrD,MAAM,CAACuC,GAAG,CAAC,YAAY,CAAA;AACtC,OACF,CAAC,CAAA;KACF,CAAA;AAEDiJ,IAAAA,GAAG,CAACkB,OAAO,CAAC5N,MAAM,GAAG,YAA+B;AAClD,MAAA,OAAO,IAAI,CAACZ,KAAK,CAAC6K,cAAc,CAAA;AAChC,MAAA,OAAO,IAAI,CAAC7K,KAAK,CAACC,YAAY,CAAA;MAC9B,IAAI,CAAC2E,OAAO,CAACC,GAAG,CAAC+E,iBAAiB,EAAE,EAAE,EAAE;AAAE3D,QAAAA,OAAO,EAAE,IAAItC,IAAI,CAAC,CAAC,CAAA;AAAE,OAAC,CAAC,CAAA;MACjE,IAAI,CAACiB,OAAO,CAACC,GAAG,CAACgF,iBAAiB,EAAE,EAAE,EAAE;AAAE5D,QAAAA,OAAO,EAAE,IAAItC,IAAI,CAAC,CAAC,CAAA;AAAE,OAAC,CAAC,CAAA;KAClE,CAAA;IAED,MAAM6J,gBAAgB,GAAG1C,sBAAsB,CAC7CwC,GAAG,CAACxL,MAAM,CACPuC,GAAG,CAAuB,gBAAgB,CAAC,CAC3CA,GAAG,CAAC,WAAW,CAAC,EACnBnF,YAAY,EACZuC,MACF,CAAC,CAAA;IAED,OAAO;AACLqN,MAAAA,MAAM,EAAEjO,YAAY,CAACC,UAAU,CAAC;MAChCiO,2BAA2B,EACzBhF,GAAoB,IACoB;AACxC,QAAA,MAAM/G,KAAK,GAAG8G,mBAAmB,CAACC,GAAG,CAAC,CAAA;AACtC,QAAA,OAAOyD,gBAAgB,CACrB9C,WAAW,IAAIX,GAAG,CAACC,OAAO,CAAC,YAAY,CAAC,EACxChH,KACF,CAAC,CAAA;OACF;MACDwK,gBAAgB;AAChBwB,MAAAA,UAAU,EAAE,OACVxP,GAAY,EACZqO,IAA0B,KACX;QACf,MAAM7K,KAAK,GAAGxD,GAAG,CAACoF,OAAO,CAACP,GAAG,CAACuF,iBAAiB,CAAC,CAAA;QAChD,MAAMqF,SAAS,GAAGzP,GAAG,CAAC8E,OAAO,CAAC0F,OAAO,CAAC,YAAY,CAAC,CAAA;AACnDvI,QAAAA,MAAM,CAACS,KAAK,CAAC,YAAY,EAAE;AAAEc,UAAAA,KAAAA;AAAM,SAAC,CAAC,CAAA;AAErC,QAAA,MAAMkM,QAAQ,GAAGA,CACfrE,cAA2C,EAC3C5K,YAAkC,KACzB;AACTT,UAAAA,GAAG,CAACQ,KAAK,CAAC6K,cAAc,GAAGA,cAAc,CAAA;AACzCrL,UAAAA,GAAG,CAACQ,KAAK,CAACwE,IAAI,GAAGvE,YAAY,CAAA;AAC7BT,UAAAA,GAAG,CAAC2P,cAAc,CAACtE,cAAc,GAAGA,cAAc,CAAA;AAClDrL,UAAAA,GAAG,CAAC2P,cAAc,CAAClP,YAAY,GAC7BA,YAAY,IAAIf,YAAY,CAACqM,QAAQ,CAACtL,YAAY,CAAC,CAAA;SACtD,CAAA;AAED,QAAA,MAAM,CAAC4K,cAAc,EAAE5K,YAAY,CAAC,GAAG,MAAMuN,gBAAgB,CAC3D9C,WAAW,IAAIuE,SAAS,EACxBjM,KACF,CAAC,CAAA;AACDvB,QAAAA,MAAM,CAACS,KAAK,CAAC,YAAY,EAAE;AAAE2I,UAAAA,cAAAA;AAAe,SAAC,CAAC,CAAA;AAE9C,QAAA,IAAIA,cAAc,IAAI,IAAI,IAAI5K,YAAY,IAAI,IAAI,EAAE;AAClD,UAAA,IAAI+C,KAAK,EAAE;YACTxD,GAAG,CAACoF,OAAO,CAACC,GAAG,CAAC+E,iBAAiB,EAAE,EAAE,EAAE;AAAE3D,cAAAA,OAAO,EAAE,IAAItC,IAAI,CAAC,CAAC,CAAA;AAAE,aAAC,CAAC,CAAA;YAChEnE,GAAG,CAACoF,OAAO,CAACC,GAAG,CAACgF,iBAAiB,EAAE,EAAE,EAAE;AAAE5D,cAAAA,OAAO,EAAE,IAAItC,IAAI,CAAC,CAAC,CAAA;AAAE,aAAC,CAAC,CAAA;AAClE,WAAA;AACAuL,UAAAA,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;UACpB,OAAOrB,IAAI,EAAE,CAAA;AACf,SAAA;AAEAqB,QAAAA,QAAQ,CAACrE,cAAc,EAAE5K,YAAY,CAAC,CAAA;QACtC,OAAO4N,IAAI,EAAE,CAAA;AACf,OAAA;KACD,CAAA;GACF,CAAA;AACH;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "alp-node-auth",
3
- "version": "9.3.0",
3
+ "version": "10.0.0",
4
4
  "description": "authentication with alp",
5
5
  "keywords": [
6
6
  "alp"
@@ -119,15 +119,13 @@
119
119
  },
120
120
  "prettier": "@pob/root/prettier-config",
121
121
  "peerDependencies": {
122
- "alp-node": "^6.1.1",
123
- "alp-router": "^7.1.1",
122
+ "alp-node": "^7.0.0",
124
123
  "liwi-mongo": "^11.0.0",
125
124
  "router-segments": "^9.1.0"
126
125
  },
127
126
  "dependencies": {
128
127
  "@types/jsonwebtoken": "^9.0.1",
129
128
  "@types/simple-oauth2": "^5.0.4",
130
- "alp-types": "3.1.1",
131
129
  "cookies": "~0.8.0",
132
130
  "jsonwebtoken": "^9.0.0",
133
131
  "nightingale-logger": "^15.0.0",
@@ -135,8 +133,7 @@
135
133
  },
136
134
  "devDependencies": {
137
135
  "@babel/core": "7.23.7",
138
- "alp-node": "6.2.0",
139
- "alp-router": "7.2.0",
136
+ "alp-node": "7.0.0",
140
137
  "liwi-mongo": "11.0.0",
141
138
  "pob-babel": "38.0.2",
142
139
  "router-segments": "9.1.0",
@@ -1,5 +1,5 @@
1
1
  import type { IncomingMessage } from 'node:http';
2
- import type { NodeConfig } from 'alp-types';
2
+ import type { NodeConfig } from 'alp-node';
3
3
  import { Logger } from 'nightingale-logger';
4
4
  import type MongoUsersManager from './MongoUsersManager';
5
5
  import type { User } from './types';
@@ -1,4 +1,4 @@
1
- import type { NodeApplication } from 'alp-types';
1
+ import type { NodeApplication } from 'alp-node';
2
2
  import { Logger } from 'nightingale-logger';
3
3
  import type MongoUsersManager from './MongoUsersManager';
4
4
  import type { User } from './types';
@@ -1,5 +1,4 @@
1
- import type { AlpRouteRef } from 'alp-router';
2
- import type { Context } from 'alp-types';
1
+ import type { AlpRouteRef, Context } from 'alp-node';
3
2
  import type MongoUsersManager from './MongoUsersManager';
4
3
  import type {
5
4
  AuthenticationService,
@@ -74,7 +73,7 @@ export function createAuthController<
74
73
  */
75
74
  async addScope(ctx: Context): Promise<void> {
76
75
  if (!ctx.state.loggedInUser) {
77
- await ctx.redirectTo(homeRouterKey);
76
+ ctx.redirectTo(homeRouterKey);
78
77
  return;
79
78
  }
80
79
 
@@ -101,12 +100,12 @@ export function createAuthController<
101
100
  );
102
101
  const keyPath = usersManager.store.keyPath;
103
102
  await ctx.setLoggedIn(loggedInUser[keyPath], loggedInUser);
104
- await ctx.redirectTo(homeRouterKey);
103
+ ctx.redirectTo(homeRouterKey);
105
104
  },
106
105
 
107
106
  async logout(ctx: Context): Promise<void> {
108
107
  ctx.logout();
109
- await ctx.redirectTo(homeRouterKey);
108
+ ctx.redirectTo(homeRouterKey);
110
109
  },
111
110
  };
112
111
  }
package/src/index.ts CHANGED
@@ -1,8 +1,7 @@
1
1
  /* eslint-disable max-lines */
2
2
  import type { IncomingMessage } from 'node:http';
3
3
  import { promisify } from 'node:util';
4
- import type { Context } from 'alp-node';
5
- import type { ContextState, NodeApplication } from 'alp-types';
4
+ import type { Context, ContextState, NodeApplication } from 'alp-node';
6
5
  import jsonwebtoken from 'jsonwebtoken';
7
6
  import { Logger } from 'nightingale-logger';
8
7
  import type MongoUsersManager from './MongoUsersManager';
@@ -35,7 +34,7 @@ export { STATUSES } from './services/user/UserAccountsService';
35
34
 
36
35
  export * from './types';
37
36
 
38
- declare module 'alp-types' {
37
+ declare module 'alp-node' {
39
38
  // eslint-disable-next-line @typescript-eslint/no-shadow
40
39
  interface ContextState {
41
40
  loggedInUserId:
@@ -3,8 +3,7 @@
3
3
  /* eslint-disable @typescript-eslint/no-unsafe-assignment */
4
4
  /* eslint-disable camelcase, max-lines */
5
5
  import { EventEmitter } from 'node:events';
6
- import 'alp-router';
7
- import type { Context, NodeConfig } from 'alp-types';
6
+ import type { Context, NodeConfig } from 'alp-node';
8
7
  import { Logger } from 'nightingale-logger';
9
8
  import type { Strategy as Oauth2Strategy } from '../../../strategies/strategies.d';
10
9
  import type { AccountId, User, Account, UserSanitized } from '../../types';
@@ -216,7 +215,7 @@ export class AuthenticationService<
216
215
  ...params,
217
216
  });
218
217
 
219
- return ctx.redirect(redirectUri);
218
+ ctx.redirect(redirectUri);
220
219
  }
221
220
 
222
221
  async accessResponse<StrategyKey extends StrategyKeys>(
@@ -225,28 +224,27 @@ export class AuthenticationService<
225
224
  isLoggedIn: boolean,
226
225
  hooks: AccessResponseHooks<StrategyKeys, U>,
227
226
  ): Promise<U> {
228
- if (ctx.query.error) {
229
- const error: any = new Error(ctx.query.error);
230
- error.status = 403;
231
- error.expose = true;
232
- throw error;
227
+ const errorParam = ctx.params.queryParam('error').notEmpty();
228
+ if (errorParam.isValid()) {
229
+ ctx.throw(errorParam.value, 403);
233
230
  }
234
231
 
235
- const code = ctx.query.code;
236
- const state = ctx.query.state;
237
- const cookieName = `auth_${strategy}_${state as string}`;
238
- let cookie = ctx.cookies.get(cookieName);
232
+ const code = ctx.validParams.queryParam('code').notEmpty().value;
233
+ const state = ctx.validParams.queryParam('state').notEmpty().value;
234
+
235
+ const cookieName = `auth_${strategy}_${state}`;
236
+ const cookie = ctx.cookies.get(cookieName);
239
237
  ctx.cookies.set(cookieName, '', { expires: new Date(1) });
240
238
  if (!cookie) {
241
239
  throw new Error('No cookie for this state');
242
240
  }
243
241
 
244
- cookie = JSON.parse(cookie);
245
- if (!cookie?.scope) {
242
+ const parsedCookie = JSON.parse(cookie);
243
+ if (!parsedCookie?.scope) {
246
244
  throw new Error('Unexpected cookie value');
247
245
  }
248
246
 
249
- if (!cookie.isLoginAccess) {
247
+ if (!parsedCookie.isLoginAccess) {
250
248
  if (!isLoggedIn) {
251
249
  throw new Error('You are not connected');
252
250
  }
@@ -257,12 +255,12 @@ export class AuthenticationService<
257
255
  redirectUri: this.redirectUri(ctx, strategy),
258
256
  });
259
257
 
260
- if (cookie.isLoginAccess) {
258
+ if (parsedCookie.isLoginAccess) {
261
259
  const user = await this.userAccountsService.findOrCreateFromStrategy(
262
260
  strategy,
263
261
  tokens,
264
- cookie.scope,
265
- cookie.scopeKey,
262
+ parsedCookie.scope,
263
+ parsedCookie.scopeKey,
266
264
  );
267
265
 
268
266
  if (hooks.afterLoginSuccess) {
@@ -277,12 +275,17 @@ export class AuthenticationService<
277
275
  loggedInUser,
278
276
  strategy,
279
277
  tokens,
280
- cookie.scope,
281
- cookie.scopeKey,
278
+ parsedCookie.scope,
279
+ parsedCookie.scopeKey,
282
280
  );
283
281
 
284
282
  if (hooks.afterScopeUpdate) {
285
- await hooks.afterScopeUpdate(strategy, cookie.scopeKey, account, user);
283
+ await hooks.afterScopeUpdate(
284
+ strategy,
285
+ parsedCookie.scopeKey,
286
+ account,
287
+ user,
288
+ );
286
289
  }
287
290
 
288
291
  return loggedInUser;
@@ -1,4 +1,9 @@
1
- import type { GoogleParams, SlackParams } from 'alp-types';
1
+ export type GoogleParams =
2
+ | 'access_type'
3
+ | 'include_granted_scopes'
4
+ | 'login_hint'
5
+ | 'prompt';
6
+ export type SlackParams = 'client_id' | 'team';
2
7
 
3
8
  export type AllowedStrategyKeys = 'google' | 'slack';
4
9
 
@@ -1,5 +1,10 @@
1
- import { Config, SlackParams } from 'alp-types';
2
1
  import { ClientCredentials, AuthorizationCode } from 'simple-oauth2';
2
+ export type GoogleParams =
3
+ | 'access_type'
4
+ | 'include_granted_scopes'
5
+ | 'login_hint'
6
+ | 'prompt';
7
+ export type SlackParams = 'client_id' | 'team';
3
8
 
4
9
  export interface Strategy<Params = SlackParams> {
5
10
  type: 'oauth2';