npm - claude-flow-novice - Versions diffs - 1.6.2 → 1.6.3 - Mend

claude-flow-novice 1.6.2 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/.claude-flow-novice/dist/src/web/security/security-middleware.js ADDED Viewed

@@ -0,0 +1,379 @@
+/**
+ * Security Middleware - Comprehensive security controls for web applications
+ * Provides CSRF protection, CSP headers, input validation, and secure cookie handling
+ */ import { randomBytes } from 'crypto';
+export class SecurityMiddleware {
+    config;
+    logger;
+    csrfTokens = {};
+    rateLimitMap = new Map();
+    cleanupInterval;
+    constructor(config, logger){
+        this.config = config;
+        this.logger = logger;
+        // Start cleanup interval for expired tokens and rate limits
+        this.cleanupInterval = setInterval(()=>{
+            this.cleanupExpiredTokens();
+            this.cleanupExpiredRateLimits();
+        }, 60000); // Run every minute
+    }
+    /**
+   * Generate CSRF token for session
+   */ generateCSRFToken(sessionId) {
+        const token = randomBytes(32).toString('hex');
+        const expires = Date.now() + this.config.csrfTokenExpiry * 1000;
+        this.csrfTokens[sessionId] = {
+            token,
+            expires
+        };
+        this.logger.debug('CSRF token generated', {
+            sessionId
+        });
+        return token;
+    }
+    /**
+   * Validate CSRF token
+   */ validateCSRFToken(sessionId, providedToken) {
+        const storedToken = this.csrfTokens[sessionId];
+        if (!storedToken) {
+            this.logger.warn('No CSRF token found for session', {
+                sessionId
+            });
+            return false;
+        }
+        if (Date.now() > storedToken.expires) {
+            delete this.csrfTokens[sessionId];
+            this.logger.warn('CSRF token expired', {
+                sessionId
+            });
+            return false;
+        }
+        const isValid = storedToken.token === providedToken;
+        if (!isValid) {
+            this.logger.warn('Invalid CSRF token', {
+                sessionId
+            });
+        }
+        return isValid;
+    }
+    /**
+   * Content Security Policy middleware
+   */ contentSecurityPolicy = (req, res, next)=>{
+        if (!this.config.cspEnabled) {
+            return next();
+        }
+        const cspHeader = [
+            "default-src 'self'",
+            "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net",
+            "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
+            "font-src 'self' https://fonts.gstatic.com",
+            "img-src 'self' data: https: blob:",
+            "connect-src 'self' ws: wss: https:",
+            "frame-src 'none'",
+            "object-src 'none'",
+            "base-uri 'self'",
+            "form-action 'self'",
+            "frame-ancestors 'none'",
+            "upgrade-insecure-requests",
+            "block-all-mixed-content"
+        ].join('; ');
+        res.setHeader('Content-Security-Policy', cspHeader);
+        res.setHeader('X-Content-Type-Options', 'nosniff');
+        res.setHeader('X-Frame-Options', 'DENY');
+        res.setHeader('X-XSS-Protection', '1; mode=block');
+        res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
+        res.setHeader('Permissions-Policy', 'geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=()');
+        next();
+    };
+    /**
+   * CSRF protection middleware
+   */ csrfProtection = (req, res, next)=>{
+        if (!this.config.csrfEnabled) {
+            return next();
+        }
+        // Skip CSRF for GET, HEAD, OPTIONS requests
+        if ([
+            'GET',
+            'HEAD',
+            'OPTIONS'
+        ].includes(req.method)) {
+            return next();
+        }
+        const sessionId = this.getSessionId(req);
+        if (!sessionId) {
+            this.logger.warn('No session ID found for CSRF validation', {
+                method: req.method,
+                url: req.url
+            });
+            return res.status(401).json({
+                error: 'Session required'
+            });
+        }
+        const token = req.get('X-CSRF-Token') || req.body?.csrfToken;
+        if (!token) {
+            this.logger.warn('No CSRF token provided', {
+                sessionId,
+                method: req.method,
+                url: req.url
+            });
+            return res.status(403).json({
+                error: 'CSRF token required'
+            });
+        }
+        if (!this.validateCSRFToken(sessionId, token)) {
+            this.logger.warn('Invalid CSRF token provided', {
+                sessionId,
+                method: req.method,
+                url: req.url
+            });
+            return res.status(403).json({
+                error: 'Invalid CSRF token'
+            });
+        }
+        // Generate new token after successful validation
+        const newToken = this.generateCSRFToken(sessionId);
+        res.set('X-CSRF-Token', newToken);
+        next();
+    };
+    /**
+   * Rate limiting middleware
+   */ rateLimiting = (req, res, next)=>{
+        if (!this.config.rateLimitingEnabled) {
+            return next();
+        }
+        const key = this.getRateLimitKey(req);
+        const now = Date.now();
+        const entry = this.rateLimitMap.get(key);
+        if (!entry) {
+            this.rateLimitMap.set(key, {
+                count: 1,
+                lastReset: now
+            });
+            return next();
+        }
+        // Reset counter if window has expired
+        if (now - entry.lastReset > this.config.rateLimitWindow * 1000) {
+            this.rateLimitMap.set(key, {
+                count: 1,
+                lastReset: now
+            });
+            return next();
+        }
+        // Check if rate limit exceeded
+        if (entry.count >= this.config.rateLimitMax) {
+            this.logger.warn('Rate limit exceeded', {
+                key,
+                count: entry.count,
+                limit: this.config.rateLimitMax,
+                window: this.config.rateLimitWindow
+            });
+            res.set({
+                'X-RateLimit-Limit': this.config.rateLimitMax.toString(),
+                'X-RateLimit-Remaining': '0',
+                'X-RateLimit-Reset': new Date(entry.lastReset + this.config.rateLimitWindow * 1000).toISOString()
+            });
+            return res.status(429).json({
+                error: 'Too many requests',
+                retryAfter: this.config.rateLimitWindow
+            });
+        }
+        // Increment counter
+        entry.count++;
+        res.set({
+            'X-RateLimit-Limit': this.config.rateLimitMax.toString(),
+            'X-RateLimit-Remaining': (this.config.rateLimitMax - entry.count).toString(),
+            'X-RateLimit-Reset': new Date(entry.lastReset + this.config.rateLimitWindow * 1000).toISOString()
+        });
+        next();
+    };
+    /**
+   * Secure cookies middleware
+   */ secureCookies = (req, res, next)=>{
+        // This should be used when setting cookies
+        const originalCookie = res.cookie;
+        res.cookie = (name, value, options)=>{
+            const secureOptions = {
+                httpOnly: true,
+                secure: this.config.secureCookies,
+                sameSite: this.config.sameSiteCookies,
+                ...options
+            };
+            return originalCookie.call(res, name, value, secureOptions);
+        };
+        next();
+    };
+    /**
+   * Origin validation middleware
+   */ originValidation = (req, res, next)=>{
+        const origin = req.get('Origin') || req.get('Referer');
+        // Skip for same-origin requests
+        if (!origin || this.isSameOrigin(req, origin)) {
+            return next();
+        }
+        if (!this.config.allowedOrigins.includes(origin)) {
+            this.logger.warn('Invalid origin', {
+                origin,
+                method: req.method,
+                url: req.url,
+                ip: req.ip
+            });
+            return res.status(403).json({
+                error: 'Origin not allowed'
+            });
+        }
+        res.set('Access-Control-Allow-Origin', origin);
+        res.set('Access-Control-Allow-Credentials', 'true');
+        res.set('Vary', 'Origin');
+        next();
+    };
+    /**
+   * Input validation middleware
+   */ inputValidation = (req, res, next)=>{
+        // Validate JSON payloads
+        if (req.is('json') && req.body) {
+            const jsonStr = JSON.stringify(req.body);
+            // Check payload size (limit to 1MB)
+            if (jsonStr.length > 1024 * 1024) {
+                this.logger.warn('Request payload too large', {
+                    size: jsonStr.length,
+                    limit: 1024 * 1024
+                });
+                return res.status(413).json({
+                    error: 'Request payload too large'
+                });
+            }
+            // Check for potential XSS in string values
+            const xssPatterns = [
+                /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,
+                /javascript:/gi,
+                /on\w+\s*=/gi
+            ];
+            const sanitizeValue = (value)=>{
+                if (typeof value === 'string') {
+                    for (const pattern of xssPatterns){
+                        if (pattern.test(value)) {
+                            this.logger.warn('Potential XSS detected in input', {
+                                value: value.substring(0, 100)
+                            });
+                            throw new Error('Invalid input detected');
+                        }
+                    }
+                    return value;
+                } else if (Array.isArray(value)) {
+                    return value.map(sanitizeValue);
+                } else if (typeof value === 'object' && value !== null) {
+                    const sanitized = {};
+                    for (const [key, val] of Object.entries(value)){
+                        sanitized[key] = sanitizeValue(val);
+                    }
+                    return sanitized;
+                }
+                return value;
+            };
+            try {
+                req.body = sanitizeValue(req.body);
+            } catch (error) {
+                return res.status(400).json({
+                    error: 'Invalid input detected'
+                });
+            }
+        }
+        next();
+    };
+    /**
+   * Cleanup expired CSRF tokens
+   */ cleanupExpiredTokens() {
+        const now = Date.now();
+        let cleaned = 0;
+        for (const [sessionId, token] of Object.entries(this.csrfTokens)){
+            if (now > token.expires) {
+                delete this.csrfTokens[sessionId];
+                cleaned++;
+            }
+        }
+        if (cleaned > 0) {
+            this.logger.debug('Cleaned up expired CSRF tokens', {
+                count: cleaned
+            });
+        }
+    }
+    /**
+   * Cleanup expired rate limits
+   */ cleanupExpiredRateLimits() {
+        const now = Date.now();
+        const windowMs = this.config.rateLimitWindow * 1000;
+        let cleaned = 0;
+        for (const [key, entry] of this.rateLimitMap.entries()){
+            if (now - entry.lastReset > windowMs * 2) {
+                this.rateLimitMap.delete(key);
+                cleaned++;
+            }
+        }
+        if (cleaned > 0) {
+            this.logger.debug('Cleaned up expired rate limits', {
+                count: cleaned
+            });
+        }
+    }
+    /**
+   * Get session ID from request
+   */ getSessionId(req) {
+        // Try to get session ID from various sources
+        return req.session?.id || req.sessionID || req.get('Authorization')?.replace('Bearer ', '') || null;
+    }
+    /**
+   * Get rate limiting key for request
+   */ getRateLimitKey(req) {
+        const ip = req.ip || req.connection.remoteAddress || 'unknown';
+        const sessionId = this.getSessionId(req);
+        return sessionId ? `session:${sessionId}` : `ip:${ip}`;
+    }
+    /**
+   * Check if request is same-origin
+   */ isSameOrigin(req, origin) {
+        const host = req.get('Host');
+        if (!host) return false;
+        const protocol = req.protocol;
+        const expectedOrigin = `${protocol}://${host}`;
+        return origin === expectedOrigin || origin.startsWith(expectedOrigin);
+    }
+    /**
+   * Cleanup resources
+   */ destroy() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+        }
+        this.csrfTokens = {};
+        this.rateLimitMap.clear();
+    }
+    /**
+   * Get security statistics
+   */ getStats() {
+        return {
+            activeCSRFtokens: Object.keys(this.csrfTokens).length,
+            activeRateLimits: this.rateLimitMap.size,
+            config: {
+                ...this.config
+            }
+        };
+    }
+}
+// Default security configuration
+export const defaultSecurityConfig = {
+    csrfEnabled: true,
+    cspEnabled: true,
+    rateLimitingEnabled: true,
+    allowedOrigins: [
+        'http://localhost:3000',
+        'http://localhost:3001',
+        'https://localhost:3000',
+        'https://localhost:3001'
+    ],
+    csrfTokenExpiry: 3600,
+    rateLimitWindow: 900,
+    rateLimitMax: 100,
+    secureCookies: process.env.NODE_ENV === 'production',
+    sameSiteCookies: 'strict'
+};
+//# sourceMappingURL=security-middleware.js.map

package/.claude-flow-novice/dist/src/web/security/security-middleware.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../../../src/web/security/security-middleware.ts"],"names":["randomBytes","SecurityMiddleware","csrfTokens","rateLimitMap","Map","cleanupInterval","config","logger","setInterval","cleanupExpiredTokens","cleanupExpiredRateLimits","generateCSRFToken","sessionId","token","toString","expires","Date","now","csrfTokenExpiry","debug","validateCSRFToken","providedToken","storedToken","warn","isValid","contentSecurityPolicy","req","res","next","cspEnabled","cspHeader","join","setHeader","csrfProtection","csrfEnabled","includes","method","getSessionId","url","status","json","error","get","body","csrfToken","newToken","set","rateLimiting","rateLimitingEnabled","key","getRateLimitKey","entry","count","lastReset","rateLimitWindow","rateLimitMax","limit","window","toISOString","retryAfter","secureCookies","originalCookie","cookie","name","value","options","secureOptions","httpOnly","secure","sameSite","sameSiteCookies","call","originValidation","origin","isSameOrigin","allowedOrigins","ip","inputValidation","is","jsonStr","JSON","stringify","length","size","xssPatterns","sanitizeValue","pattern","test","substring","Error","Array","isArray","map","sanitized","val","Object","entries","cleaned","windowMs","delete","session","id","sessionID","replace","connection","remoteAddress","host","protocol","expectedOrigin","startsWith","destroy","clearInterval","clear","getStats","activeCSRFtokens","keys","activeRateLimits","defaultSecurityConfig","process","env","NODE_ENV"],"mappings":"AAAA;;;CAGC,GAGD,SAAqBA,WAAW,QAAQ,SAAS;AA2BjD,OAAO,MAAMC;;;IACHC,aAAyB,CAAC,EAAE;IAC5BC,eAAe,IAAIC,MAA8B;IACjDC,gBAAgC;IAExC,YACE,AAAQC,MAAsB,EAC9B,AAAQC,MAAe,CACvB;aAFQD,SAAAA;aACAC,SAAAA;QAER,4DAA4D;QAC5D,IAAI,CAACF,eAAe,GAAGG,YAAY;YACjC,IAAI,CAACC,oBAAoB;YACzB,IAAI,CAACC,wBAAwB;QAC/B,GAAG,QAAQ,mBAAmB;IAChC;IAEA;;GAEC,GACDC,kBAAkBC,SAAiB,EAAU;QAC3C,MAAMC,QAAQb,YAAY,IAAIc,QAAQ,CAAC;QACvC,MAAMC,UAAUC,KAAKC,GAAG,KAAM,IAAI,CAACX,MAAM,CAACY,eAAe,GAAG;QAE5D,IAAI,CAAChB,UAAU,CAACU,UAAU,GAAG;YAAEC;YAAOE;QAAQ;QAE9C,IAAI,CAACR,MAAM,CAACY,KAAK,CAAC,wBAAwB;YAAEP;QAAU;QACtD,OAAOC;IACT;IAEA;;GAEC,GACDO,kBAAkBR,SAAiB,EAAES,aAAqB,EAAW;QACnE,MAAMC,cAAc,IAAI,CAACpB,UAAU,CAACU,UAAU;QAE9C,IAAI,CAACU,aAAa;YAChB,IAAI,CAACf,MAAM,CAACgB,IAAI,CAAC,mCAAmC;gBAAEX;YAAU;YAChE,OAAO;QACT;QAEA,IAAII,KAAKC,GAAG,KAAKK,YAAYP,OAAO,EAAE;YACpC,OAAO,IAAI,CAACb,UAAU,CAACU,UAAU;YACjC,IAAI,CAACL,MAAM,CAACgB,IAAI,CAAC,sBAAsB;gBAAEX;YAAU;YACnD,OAAO;QACT;QAEA,MAAMY,UAAUF,YAAYT,KAAK,KAAKQ;QACtC,IAAI,CAACG,SAAS;YACZ,IAAI,CAACjB,MAAM,CAACgB,IAAI,CAAC,sBAAsB;gBAAEX;YAAU;QACrD;QAEA,OAAOY;IACT;IAEA;;GAEC,GACDC,wBAAwB,CAACC,KAAcC,KAAeC;QACpD,IAAI,CAAC,IAAI,CAACtB,MAAM,CAACuB,UAAU,EAAE;YAC3B,OAAOD;QACT;QAEA,MAAME,YAAY;YAChB;YACA;YACA;YACA;YACA;YACA;YACA;YACA;YACA;YACA;YACA;YACA;YACA;SACD,CAACC,IAAI,CAAC;QAEPJ,IAAIK,SAAS,CAAC,2BAA2BF;QACzCH,IAAIK,SAAS,CAAC,0BAA0B;QACxCL,IAAIK,SAAS,CAAC,mBAAmB;QACjCL,IAAIK,SAAS,CAAC,oBAAoB;QAClCL,IAAIK,SAAS,CAAC,mBAAmB;QACjCL,IAAIK,SAAS,CAAC,sBACZ;QAGFJ;IACF,EAAE;IAEF;;GAEC,GACDK,iBAAiB,CAACP,KAAcC,KAAeC;QAC7C,IAAI,CAAC,IAAI,CAACtB,MAAM,CAAC4B,WAAW,EAAE;YAC5B,OAAON;QACT;QAEA,4CAA4C;QAC5C,IAAI;YAAC;YAAO;YAAQ;SAAU,CAACO,QAAQ,CAACT,IAAIU,MAAM,GAAG;YACnD,OAAOR;QACT;QAEA,MAAMhB,YAAY,IAAI,CAACyB,YAAY,CAACX;QACpC,IAAI,CAACd,WAAW;YACd,IAAI,CAACL,MAAM,CAACgB,IAAI,CAAC,2CAA2C;gBAC1Da,QAAQV,IAAIU,MAAM;gBAClBE,KAAKZ,IAAIY,GAAG;YACd;YACA,OAAOX,IAAIY,MAAM,CAAC,KAAKC,IAAI,CAAC;gBAAEC,OAAO;YAAmB;QAC1D;QAEA,MAAM5B,QAAQa,IAAIgB,GAAG,CAAC,mBAAmBhB,IAAIiB,IAAI,EAAEC;QAEnD,IAAI,CAAC/B,OAAO;YACV,IAAI,CAACN,MAAM,CAACgB,IAAI,CAAC,0BAA0B;gBACzCX;gBACAwB,QAAQV,IAAIU,MAAM;gBAClBE,KAAKZ,IAAIY,GAAG;YACd;YACA,OAAOX,IAAIY,MAAM,CAAC,KAAKC,IAAI,CAAC;gBAAEC,OAAO;YAAsB;QAC7D;QAEA,IAAI,CAAC,IAAI,CAACrB,iBAAiB,CAACR,WAAWC,QAAQ;YAC7C,IAAI,CAACN,MAAM,CAACgB,IAAI,CAAC,+BAA+B;gBAC9CX;gBACAwB,QAAQV,IAAIU,MAAM;gBAClBE,KAAKZ,IAAIY,GAAG;YACd;YACA,OAAOX,IAAIY,MAAM,CAAC,KAAKC,IAAI,CAAC;gBAAEC,OAAO;YAAqB;QAC5D;QAEA,iDAAiD;QACjD,MAAMI,WAAW,IAAI,CAAClC,iBAAiB,CAACC;QACxCe,IAAImB,GAAG,CAAC,gBAAgBD;QAExBjB;IACF,EAAE;IAEF;;GAEC,GACDmB,eAAe,CAACrB,KAAcC,KAAeC;QAC3C,IAAI,CAAC,IAAI,CAACtB,MAAM,CAAC0C,mBAAmB,EAAE;YACpC,OAAOpB;QACT;QAEA,MAAMqB,MAAM,IAAI,CAACC,eAAe,CAACxB;QACjC,MAAMT,MAAMD,KAAKC,GAAG;QACpB,MAAMkC,QAAQ,IAAI,CAAChD,YAAY,CAACuC,GAAG,CAACO;QAEpC,IAAI,CAACE,OAAO;YACV,IAAI,CAAChD,YAAY,CAAC2C,GAAG,CAACG,KAAK;gBAAEG,OAAO;gBAAGC,WAAWpC;YAAI;YACtD,OAAOW;QACT;QAEA,sCAAsC;QACtC,IAAIX,MAAMkC,MAAME,SAAS,GAAG,IAAI,CAAC/C,MAAM,CAACgD,eAAe,GAAG,MAAM;YAC9D,IAAI,CAACnD,YAAY,CAAC2C,GAAG,CAACG,KAAK;gBAAEG,OAAO;gBAAGC,WAAWpC;YAAI;YACtD,OAAOW;QACT;QAEA,+BAA+B;QAC/B,IAAIuB,MAAMC,KAAK,IAAI,IAAI,CAAC9C,MAAM,CAACiD,YAAY,EAAE;YAC3C,IAAI,CAAChD,MAAM,CAACgB,IAAI,CAAC,uBAAuB;gBACtC0B;gBACAG,OAAOD,MAAMC,KAAK;gBAClBI,OAAO,IAAI,CAAClD,MAAM,CAACiD,YAAY;gBAC/BE,QAAQ,IAAI,CAACnD,MAAM,CAACgD,eAAe;YACrC;YAEA3B,IAAImB,GAAG,CAAC;gBACN,qBAAqB,IAAI,CAACxC,MAAM,CAACiD,YAAY,CAACzC,QAAQ;gBACtD,yBAAyB;gBACzB,qBAAqB,IAAIE,KAAKmC,MAAME,SAAS,GAAG,IAAI,CAAC/C,MAAM,CAACgD,eAAe,GAAG,MAAMI,WAAW;YACjG;YAEA,OAAO/B,IAAIY,MAAM,CAAC,KAAKC,IAAI,CAAC;gBAC1BC,OAAO;gBACPkB,YAAY,IAAI,CAACrD,MAAM,CAACgD,eAAe;YACzC;QACF;QAEA,oBAAoB;QACpBH,MAAMC,KAAK;QAEXzB,IAAImB,GAAG,CAAC;YACN,qBAAqB,IAAI,CAACxC,MAAM,CAACiD,YAAY,CAACzC,QAAQ;YACtD,yBAAyB,AAAC,CAAA,IAAI,CAACR,MAAM,CAACiD,YAAY,GAAGJ,MAAMC,KAAK,AAAD,EAAGtC,QAAQ;YAC1E,qBAAqB,IAAIE,KAAKmC,MAAME,SAAS,GAAG,IAAI,CAAC/C,MAAM,CAACgD,eAAe,GAAG,MAAMI,WAAW;QACjG;QAEA9B;IACF,EAAE;IAEF;;GAEC,GACDgC,gBAAgB,CAAClC,KAAcC,KAAeC;QAC5C,2CAA2C;QAC3C,MAAMiC,iBAAiBlC,IAAImC,MAAM;QAEjCnC,IAAImC,MAAM,GAAG,CAACC,MAAcC,OAAeC;YACzC,MAAMC,gBAAgB;gBACpBC,UAAU;gBACVC,QAAQ,IAAI,CAAC9D,MAAM,CAACsD,aAAa;gBACjCS,UAAU,IAAI,CAAC/D,MAAM,CAACgE,eAAe;gBACrC,GAAGL,OAAO;YACZ;YAEA,OAAOJ,eAAeU,IAAI,CAAC5C,KAAKoC,MAAMC,OAAOE;QAC/C;QAEAtC;IACF,EAAE;IAEF;;GAEC,GACD4C,mBAAmB,CAAC9C,KAAcC,KAAeC;QAC/C,MAAM6C,SAAS/C,IAAIgB,GAAG,CAAC,aAAahB,IAAIgB,GAAG,CAAC;QAE5C,gCAAgC;QAChC,IAAI,CAAC+B,UAAU,IAAI,CAACC,YAAY,CAAChD,KAAK+C,SAAS;YAC7C,OAAO7C;QACT;QAEA,IAAI,CAAC,IAAI,CAACtB,MAAM,CAACqE,cAAc,CAACxC,QAAQ,CAACsC,SAAS;YAChD,IAAI,CAAClE,MAAM,CAACgB,IAAI,CAAC,kBAAkB;gBACjCkD;gBACArC,QAAQV,IAAIU,MAAM;gBAClBE,KAAKZ,IAAIY,GAAG;gBACZsC,IAAIlD,IAAIkD,EAAE;YACZ;YAEA,OAAOjD,IAAIY,MAAM,CAAC,KAAKC,IAAI,CAAC;gBAAEC,OAAO;YAAqB;QAC5D;QAEAd,IAAImB,GAAG,CAAC,+BAA+B2B;QACvC9C,IAAImB,GAAG,CAAC,oCAAoC;QAC5CnB,IAAImB,GAAG,CAAC,QAAQ;QAEhBlB;IACF,EAAE;IAEF;;GAEC,GACDiD,kBAAkB,CAACnD,KAAcC,KAAeC;QAC9C,yBAAyB;QACzB,IAAIF,IAAIoD,EAAE,CAAC,WAAWpD,IAAIiB,IAAI,EAAE;YAC9B,MAAMoC,UAAUC,KAAKC,SAAS,CAACvD,IAAIiB,IAAI;YAEvC,oCAAoC;YACpC,IAAIoC,QAAQG,MAAM,GAAG,OAAO,MAAM;gBAChC,IAAI,CAAC3E,MAAM,CAACgB,IAAI,CAAC,6BAA6B;oBAC5C4D,MAAMJ,QAAQG,MAAM;oBACpB1B,OAAO,OAAO;gBAChB;gBACA,OAAO7B,IAAIY,MAAM,CAAC,KAAKC,IAAI,CAAC;oBAAEC,OAAO;gBAA4B;YACnE;YAEA,2CAA2C;YAC3C,MAAM2C,cAAc;gBAClB;gBACA;gBACA;aACD;YAED,MAAMC,gBAAgB,CAACrB;gBACrB,IAAI,OAAOA,UAAU,UAAU;oBAC7B,KAAK,MAAMsB,WAAWF,YAAa;wBACjC,IAAIE,QAAQC,IAAI,CAACvB,QAAQ;4BACvB,IAAI,CAACzD,MAAM,CAACgB,IAAI,CAAC,mCAAmC;gCAClDyC,OAAOA,MAAMwB,SAAS,CAAC,GAAG;4BAC5B;4BACA,MAAM,IAAIC,MAAM;wBAClB;oBACF;oBACA,OAAOzB;gBACT,OAAO,IAAI0B,MAAMC,OAAO,CAAC3B,QAAQ;oBAC/B,OAAOA,MAAM4B,GAAG,CAACP;gBACnB,OAAO,IAAI,OAAOrB,UAAU,YAAYA,UAAU,MAAM;oBACtD,MAAM6B,YAAiB,CAAC;oBACxB,KAAK,MAAM,CAAC5C,KAAK6C,IAAI,IAAIC,OAAOC,OAAO,CAAChC,OAAQ;wBAC9C6B,SAAS,CAAC5C,IAAI,GAAGoC,cAAcS;oBACjC;oBACA,OAAOD;gBACT;gBACA,OAAO7B;YACT;YAEA,IAAI;gBACFtC,IAAIiB,IAAI,GAAG0C,cAAc3D,IAAIiB,IAAI;YACnC,EAAE,OAAOF,OAAO;gBACd,OAAOd,IAAIY,MAAM,CAAC,KAAKC,IAAI,CAAC;oBAAEC,OAAO;gBAAyB;YAChE;QACF;QAEAb;IACF,EAAE;IAEF;;GAEC,GACD,AAAQnB,uBAA6B;QACnC,MAAMQ,MAAMD,KAAKC,GAAG;QACpB,IAAIgF,UAAU;QAEd,KAAK,MAAM,CAACrF,WAAWC,MAAM,IAAIkF,OAAOC,OAAO,CAAC,IAAI,CAAC9F,UAAU,EAAG;YAChE,IAAIe,MAAMJ,MAAME,OAAO,EAAE;gBACvB,OAAO,IAAI,CAACb,UAAU,CAACU,UAAU;gBACjCqF;YACF;QACF;QAEA,IAAIA,UAAU,GAAG;YACf,IAAI,CAAC1F,MAAM,CAACY,KAAK,CAAC,kCAAkC;gBAAEiC,OAAO6C;YAAQ;QACvE;IACF;IAEA;;GAEC,GACD,AAAQvF,2BAAiC;QACvC,MAAMO,MAAMD,KAAKC,GAAG;QACpB,MAAMiF,WAAW,IAAI,CAAC5F,MAAM,CAACgD,eAAe,GAAG;QAC/C,IAAI2C,UAAU;QAEd,KAAK,MAAM,CAAChD,KAAKE,MAAM,IAAI,IAAI,CAAChD,YAAY,CAAC6F,OAAO,GAAI;YACtD,IAAI/E,MAAMkC,MAAME,SAAS,GAAG6C,WAAW,GAAG;gBACxC,IAAI,CAAC/F,YAAY,CAACgG,MAAM,CAAClD;gBACzBgD;YACF;QACF;QAEA,IAAIA,UAAU,GAAG;YACf,IAAI,CAAC1F,MAAM,CAACY,KAAK,CAAC,kCAAkC;gBAAEiC,OAAO6C;YAAQ;QACvE;IACF;IAEA;;GAEC,GACD,AAAQ5D,aAAaX,GAAY,EAAiB;QAChD,6CAA6C;QAC7C,OAAOA,IAAI0E,OAAO,EAAEC,MAAM3E,IAAI4E,SAAS,IAAI5E,IAAIgB,GAAG,CAAC,kBAAkB6D,QAAQ,WAAW,OAAO;IACjG;IAEA;;GAEC,GACD,AAAQrD,gBAAgBxB,GAAY,EAAU;QAC5C,MAAMkD,KAAKlD,IAAIkD,EAAE,IAAIlD,IAAI8E,UAAU,CAACC,aAAa,IAAI;QACrD,MAAM7F,YAAY,IAAI,CAACyB,YAAY,CAACX;QACpC,OAAOd,YAAY,CAAC,QAAQ,EAAEA,WAAW,GAAG,CAAC,GAAG,EAAEgE,IAAI;IACxD;IAEA;;GAEC,GACD,AAAQF,aAAahD,GAAY,EAAE+C,MAAc,EAAW;QAC1D,MAAMiC,OAAOhF,IAAIgB,GAAG,CAAC;QACrB,IAAI,CAACgE,MAAM,OAAO;QAElB,MAAMC,WAAWjF,IAAIiF,QAAQ;QAC7B,MAAMC,iBAAiB,GAAGD,SAAS,GAAG,EAAED,MAAM;QAE9C,OAAOjC,WAAWmC,kBAAkBnC,OAAOoC,UAAU,CAACD;IACxD;IAEA;;GAEC,GACDE,UAAgB;QACd,IAAI,IAAI,CAACzG,eAAe,EAAE;YACxB0G,cAAc,IAAI,CAAC1G,eAAe;QACpC;QACA,IAAI,CAACH,UAAU,GAAG,CAAC;QACnB,IAAI,CAACC,YAAY,CAAC6G,KAAK;IACzB;IAEA;;GAEC,GACDC,WAIE;QACA,OAAO;YACLC,kBAAkBnB,OAAOoB,IAAI,CAAC,IAAI,CAACjH,UAAU,EAAEgF,MAAM;YACrDkC,kBAAkB,IAAI,CAACjH,YAAY,CAACgF,IAAI;YACxC7E,QAAQ;gBAAE,GAAG,IAAI,CAACA,MAAM;YAAC;QAC3B;IACF;AACF;AAEA,iCAAiC;AACjC,OAAO,MAAM+G,wBAAwC;IACnDnF,aAAa;IACbL,YAAY;IACZmB,qBAAqB;IACrB2B,gBAAgB;QACd;QACA;QACA;QACA;KACD;IACDzD,iBAAiB;IACjBoC,iBAAiB;IACjBC,cAAc;IACdK,eAAe0D,QAAQC,GAAG,CAACC,QAAQ,KAAK;IACxClD,iBAAiB;AACnB,EAAE"}