npm - claude-flow-novice - Versions diffs - 2.15.11 → 2.16.1 - Mend

claude-flow-novice 2.15.11 → 2.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (741) hide show

package/dist/api/auth-endpoints.js ADDED Viewed

@@ -0,0 +1,415 @@
+/**
+ * Authentication API Endpoints
+ *
+ * RESTful API endpoints for user authentication, registration,
+ * token management, and user profile operations.
+ */ import { Router } from 'express';
+import { z } from 'zod';
+import { AuthMiddleware } from '../services/authentication.js';
+import { createLogger } from '../lib/logging.js';
+import { StandardError, ErrorCode } from '../lib/errors.js';
+const logger = createLogger('auth-endpoints');
+// Validation schemas
+const registerSchema = z.object({
+    username: z.string().min(3, 'Username must be at least 3 characters').max(50, 'Username too long'),
+    email: z.string().email('Invalid email format'),
+    password: z.string().min(8, 'Password must be at least 8 characters').regex(/[A-Z]/, 'Password must contain at least one uppercase letter').regex(/[a-z]/, 'Password must contain at least one lowercase letter').regex(/\d/, 'Password must contain at least one number').regex(/[!@#$%^&*(),.?":{}|<>]/, 'Password must contain at least one special character'),
+    role: z.enum([
+        'admin',
+        'developer',
+        'readonly'
+    ]).optional().default('developer')
+});
+const loginSchema = z.object({
+    email: z.string().email('Invalid email format'),
+    password: z.string().min(1, 'Password is required')
+});
+const refreshTokenSchema = z.object({
+    refreshToken: z.string().min(1, 'Refresh token is required')
+});
+const changePasswordSchema = z.object({
+    currentPassword: z.string().min(1, 'Current password is required'),
+    newPassword: z.string().min(8, 'New password must be at least 8 characters').regex(/[A-Z]/, 'New password must contain at least one uppercase letter').regex(/[a-z]/, 'New password must contain at least one lowercase letter').regex(/\d/, 'New password must contain at least one number').regex(/[!@#$%^&*(),.?":{}|<>]/, 'New password must contain at least one special character')
+});
+const updateProfileSchema = z.object({
+    username: z.string().min(3, 'Username must be at least 3 characters').max(50, 'Username too long').optional(),
+    email: z.string().email('Invalid email format').optional()
+}).refine((data)=>data.username || data.email, {
+    message: 'At least one field must be provided for update'
+});
+// Rate limiting utilities
+let RateLimiter = class RateLimiter {
+    requests = new Map();
+    isAllowed(key, limit, windowMs) {
+        const now = Date.now();
+        const request = this.requests.get(key);
+        if (!request || now > request.resetTime) {
+            this.requests.set(key, {
+                count: 1,
+                resetTime: now + windowMs
+            });
+            return true;
+        }
+        if (request.count >= limit) {
+            return false;
+        }
+        request.count++;
+        return true;
+    }
+};
+const rateLimiter = new RateLimiter();
+// Rate limiting middleware
+function rateLimit(limit, windowMs, keyGenerator) {
+    return (req, res, next1)=>{
+        const key = keyGenerator(req);
+        if (!rateLimiter.isAllowed(key, limit, windowMs)) {
+            res.status(429).json({
+                error: 'Too Many Requests',
+                message: `Rate limit exceeded. Try again later.`,
+                retryAfter: Math.ceil(windowMs / 1000)
+            });
+            return;
+        }
+        next1();
+    };
+}
+// Error handling middleware
+function handleAuthError(error, req, res, next1) {
+    logger.error('Authentication error:', error);
+    if (error instanceof StandardError) {
+        const statusCode = error.code === ErrorCode.CONFLICT ? 409 : error.code === ErrorCode.NOT_FOUND ? 404 : error.code === ErrorCode.VALIDATION_FAILED ? 400 : error.code === ErrorCode.UNAUTHORIZED ? 401 : error.code === ErrorCode.FORBIDDEN ? 403 : error.code === ErrorCode.CONFLICT ? 409 : 500;
+        res.status(statusCode).json({
+            success: false,
+            error: error.code,
+            message: error.message,
+            ...error.metadata && {
+                details: error.metadata
+            }
+        });
+        return;
+    }
+    // Zod validation errors
+    if (error instanceof z.ZodError) {
+        res.status(400).json({
+            success: false,
+            error: 'VALIDATION_ERROR',
+            message: 'Validation failed',
+            details: error.errors.map((err)=>({
+                    field: err.path.join('.'),
+                    message: err.message
+                }))
+        });
+        return;
+    }
+    // Generic error
+    res.status(500).json({
+        success: false,
+        error: 'INTERNAL_SERVER_ERROR',
+        message: 'An unexpected error occurred'
+    });
+}
+// Authentication middleware
+function authenticateUser(authMiddleware) {
+    return async (req, res, next1)=>{
+        try {
+            const authHeader = req.headers.authorization;
+            if (!authHeader) {
+                res.status(401).json({
+                    success: false,
+                    error: 'UNAUTHORIZED',
+                    message: 'Missing authentication credentials'
+                });
+                return;
+            }
+            const userContext = authMiddleware.extractUserContext(authHeader);
+            // Attach user to request
+            req.user = {
+                userId: userContext.userId,
+                username: userContext.username,
+                email: userContext.email,
+                role: userContext.role
+            };
+            next1();
+        } catch (error) {
+            if (error instanceof StandardError) {
+                res.status(401).json({
+                    success: false,
+                    error: error.code,
+                    message: error.message
+                });
+                return;
+            }
+            res.status(401).json({
+                success: false,
+                error: 'UNAUTHORIZED',
+                message: 'Invalid authentication token'
+            });
+        }
+    };
+}
+// Authorization middleware
+function authorizeUser(requiredRoles) {
+    return (req, res, next1)=>{
+        if (!req.user) {
+            res.status(401).json({
+                success: false,
+                error: 'UNAUTHORIZED',
+                message: 'Authentication required'
+            });
+            return;
+        }
+        if (!requiredRoles.includes(req.user.role)) {
+            res.status(403).json({
+                success: false,
+                error: 'FORBIDDEN',
+                message: 'Insufficient permissions',
+                requiredRoles,
+                userRole: req.user.role
+            });
+            return;
+        }
+        next1();
+    };
+}
+/**
+ * Create authentication router
+ */ export function authenticationRouter(authService) {
+    const router = Router();
+    // Apply error handling middleware
+    router.use(handleAuthError);
+    // Initialize auth middleware for token validation
+    const authMiddleware = new AuthMiddleware(process.env.JWT_SECRET || 'default-secret-change-in-production');
+    // POST /api/auth/register - Register new user
+    router.post('/register', rateLimit(5, 15 * 60 * 1000, (req)=>`register:${req.ip}`), async (req, res)=>{
+        const validatedData = registerSchema.parse(req.body);
+        try {
+            const result = await authService.registerUser(validatedData);
+            res.status(201).json({
+                success: true,
+                message: 'User registered successfully',
+                user: {
+                    id: result.user.id,
+                    username: result.user.username,
+                    email: result.user.email,
+                    role: result.user.role,
+                    createdAt: result.user.createdAt
+                },
+                tokens: result.tokens
+            });
+            logger.info('User registration successful', {
+                userId: result.user.id,
+                email: result.user.email,
+                ip: req.ip
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    // POST /api/auth/login - User login
+    router.post('/login', rateLimit(10, 15 * 60 * 1000, (req)=>`login:${req.body.email || req.ip}`), async (req, res)=>{
+        const validatedData = loginSchema.parse(req.body);
+        try {
+            const result = await authService.loginUser(validatedData, req.ip, req.headers['user-agent']);
+            res.json({
+                success: true,
+                message: 'Login successful',
+                user: {
+                    id: result.user.id,
+                    username: result.user.username,
+                    email: result.user.email,
+                    role: result.user.role,
+                    createdAt: result.user.createdAt,
+                    lastLogin: result.user.lastLogin
+                },
+                tokens: result.tokens
+            });
+            logger.info('User login successful', {
+                userId: result.user.id,
+                email: result.user.email,
+                ip: req.ip
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    // POST /api/auth/refresh - Refresh access token
+    router.post('/refresh', rateLimit(20, 15 * 60 * 1000, (req)=>`refresh:${req.ip}`), async (req, res)=>{
+        const validatedData = refreshTokenSchema.parse(req.body);
+        try {
+            const tokens = await authService.refreshToken(validatedData.refreshToken);
+            res.json({
+                success: true,
+                message: 'Tokens refreshed successfully',
+                tokens
+            });
+            logger.info('Token refresh successful', {
+                ip: req.ip
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    // POST /api/auth/logout - User logout
+    router.post('/logout', authenticateUser(authMiddleware), async (req, res)=>{
+        const { refreshToken } = req.body;
+        const accessToken = req.headers.authorization;
+        try {
+            await authService.logout(req.user.userId, accessToken, refreshToken);
+            res.json({
+                success: true,
+                message: 'Logout successful'
+            });
+            logger.info('User logout successful', {
+                userId: req.user.userId,
+                ip: req.ip
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    // POST /api/auth/logout-all - Logout from all sessions
+    router.post('/logout-all', authenticateUser(authMiddleware), async (req, res)=>{
+        const accessToken = req.headers.authorization;
+        try {
+            await authService.logoutAllSessions(req.user.userId, accessToken);
+            res.json({
+                success: true,
+                message: 'All sessions terminated successfully'
+            });
+            logger.info('All sessions terminated', {
+                userId: req.user.userId,
+                ip: req.ip
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    // GET /api/auth/profile - Get user profile
+    router.get('/profile', authenticateUser(authMiddleware), async (req, res)=>{
+        try {
+            const profile = await authService.getUserProfile(req.user.userId);
+            res.json({
+                success: true,
+                user: profile
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    // PUT /api/auth/profile - Update user profile
+    router.put('/profile', authenticateUser(authMiddleware), rateLimit(5, 15 * 60 * 1000, (req)=>`profile:${req.user.userId}`), async (req, res)=>{
+        const validatedData = updateProfileSchema.parse(req.body);
+        try {
+            const updatedProfile = await authService.updateUserProfile(req.user.userId, validatedData);
+            res.json({
+                success: true,
+                message: 'Profile updated successfully',
+                user: updatedProfile
+            });
+            logger.info('Profile updated successfully', {
+                userId: req.user.userId,
+                ip: req.ip
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    // POST /api/auth/change-password - Change password
+    router.post('/change-password', authenticateUser(authMiddleware), rateLimit(3, 15 * 60 * 1000, (req)=>`password:${req.user.userId}`), async (req, res)=>{
+        const validatedData = changePasswordSchema.parse(req.body);
+        try {
+            await authService.changePassword(req.user.userId, validatedData.currentPassword, validatedData.newPassword);
+            res.json({
+                success: true,
+                message: 'Password changed successfully'
+            });
+            logger.info('Password changed successfully', {
+                userId: req.user.userId,
+                ip: req.ip
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    // GET /api/auth/sessions - Get active sessions
+    router.get('/sessions', authenticateUser(authMiddleware), async (req, res)=>{
+        try {
+            // This would require extending the authentication service
+            // to support session listing functionality
+            res.json({
+                success: true,
+                message: 'Session listing not yet implemented',
+                sessions: []
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    // DELETE /api/auth/sessions/:sessionId - Terminate specific session
+    router.delete('/sessions/:sessionId', authenticateUser(authMiddleware), async (req, res)=>{
+        try {
+            const { sessionId } = req.params;
+            // This would require extending the authentication service
+            // to support specific session termination
+            res.json({
+                success: true,
+                message: 'Session termination not yet implemented'
+            });
+        } catch (error) {
+            next(error);
+        }
+    });
+    // POST /api/auth/request-password-reset - Request password reset
+    router.post('/request-password-reset', rateLimit(3, 15 * 60 * 1000, (req)=>`reset:${req.body.email || req.ip}`), async (req, res)=>{
+        const { email } = req.body;
+        if (!email) {
+            res.status(400).json({
+                success: false,
+                error: 'VALIDATION_ERROR',
+                message: 'Email is required'
+            });
+            return;
+        }
+        // This would require implementing password reset functionality
+        res.json({
+            success: true,
+            message: 'Password reset functionality not yet implemented'
+        });
+        logger.info('Password reset requested', {
+            email,
+            ip: req.ip
+        });
+    });
+    // POST /api/auth/reset-password - Reset password with token
+    router.post('/reset-password', rateLimit(5, 60 * 60 * 1000, (req)=>`reset-confirm:${req.ip}`), async (req, res)=>{
+        const { token, newPassword } = req.body;
+        if (!token || !newPassword) {
+            res.status(400).json({
+                success: false,
+                error: 'VALIDATION_ERROR',
+                message: 'Reset token and new password are required'
+            });
+            return;
+        }
+        // This would require implementing password reset confirmation
+        res.json({
+            success: true,
+            message: 'Password reset confirmation not yet implemented'
+        });
+        logger.info('Password reset confirmation attempted', {
+            ip: req.ip
+        });
+    });
+    // GET /api/auth/verify-token - Verify token validity
+    router.get('/verify-token', authenticateUser(authMiddleware), async (req, res)=>{
+        res.json({
+            success: true,
+            message: 'Token is valid',
+            user: req.user
+        });
+    });
+    return router;
+}
+export { authenticateUser, authorizeUser, rateLimit, handleAuthError };
+//# sourceMappingURL=auth-endpoints.js.map

package/dist/api/auth-endpoints.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/api/auth-endpoints.ts"],"sourcesContent":["/**\r\n * Authentication API Endpoints\r\n * \r\n * RESTful API endpoints for user authentication, registration,\r\n * token management, and user profile operations.\r\n */\r\n\r\nimport { Router, Request, Response, NextFunction } from 'express';\r\nimport { z } from 'zod';\r\nimport { \r\n AuthenticationService, \r\n UserRegistrationRequest, \r\n LoginRequest,\r\n AuthMiddleware \r\n} from '../services/authentication.js';\r\nimport { createLogger } from '../lib/logging.js';\r\nimport { StandardError, ErrorCode } from '../lib/errors.js';\r\n\r\nconst logger = createLogger('auth-endpoints');\r\n\r\n// Extend Request type to include user\r\ndeclare global {\r\n namespace Express {\r\n interface Request {\r\n user?: {\r\n userId: string;\r\n username: string;\r\n email: string;\r\n role: string;\r\n };\r\n }\r\n }\r\n}\r\n\r\n// Validation schemas\r\nconst registerSchema = z.object({\r\n username: z.string().min(3, 'Username must be at least 3 characters').max(50, 'Username too long'),\r\n email: z.string().email('Invalid email format'),\r\n password: z.string()\r\n .min(8, 'Password must be at least 8 characters')\r\n .regex(/[A-Z]/, 'Password must contain at least one uppercase letter')\r\n .regex(/[a-z]/, 'Password must contain at least one lowercase letter')\r\n .regex(/\\d/, 'Password must contain at least one number')\r\n .regex(/[!@#$%^&*(),.?\":{}|<>]/, 'Password must contain at least one special character'),\r\n role: z.enum(['admin', 'developer', 'readonly']).optional().default('developer'),\r\n});\r\n\r\nconst loginSchema = z.object({\r\n email: z.string().email('Invalid email format'),\r\n password: z.string().min(1, 'Password is required'),\r\n});\r\n\r\nconst refreshTokenSchema = z.object({\r\n refreshToken: z.string().min(1, 'Refresh token is required'),\r\n});\r\n\r\nconst changePasswordSchema = z.object({\r\n currentPassword: z.string().min(1, 'Current password is required'),\r\n newPassword: z.string()\r\n .min(8, 'New password must be at least 8 characters')\r\n .regex(/[A-Z]/, 'New password must contain at least one uppercase letter')\r\n .regex(/[a-z]/, 'New password must contain at least one lowercase letter')\r\n .regex(/\\d/, 'New password must contain at least one number')\r\n .regex(/[!@#$%^&*(),.?\":{}|<>]/, 'New password must contain at least one special character'),\r\n});\r\n\r\nconst updateProfileSchema = z.object({\r\n username: z.string().min(3, 'Username must be at least 3 characters').max(50, 'Username too long').optional(),\r\n email: z.string().email('Invalid email format').optional(),\r\n}).refine(data => data.username || data.email, {\r\n message: 'At least one field must be provided for update',\r\n});\r\n\r\n// Rate limiting utilities\r\nclass RateLimiter {\r\n private requests = new Map<string, { count: number; resetTime: number }>();\r\n\r\n isAllowed(key: string, limit: number, windowMs: number): boolean {\r\n const now = Date.now();\r\n const request = this.requests.get(key);\r\n\r\n if (!request || now > request.resetTime) {\r\n this.requests.set(key, {\r\n count: 1,\r\n resetTime: now + windowMs,\r\n });\r\n return true;\r\n }\r\n\r\n if (request.count >= limit) {\r\n return false;\r\n }\r\n\r\n request.count++;\r\n return true;\r\n }\r\n}\r\n\r\nconst rateLimiter = new RateLimiter();\r\n\r\n// Rate limiting middleware\r\nfunction rateLimit(limit: number, windowMs: number, keyGenerator: (req: Request) => string) {\r\n return (req: Request, res: Response, next: NextFunction): void => {\r\n const key = keyGenerator(req);\r\n \r\n if (!rateLimiter.isAllowed(key, limit, windowMs)) {\r\n res.status(429).json({\r\n error: 'Too Many Requests',\r\n message: `Rate limit exceeded. Try again later.`,\r\n retryAfter: Math.ceil(windowMs / 1000),\r\n });\r\n return;\r\n }\r\n\r\n next();\r\n };\r\n}\r\n\r\n// Error handling middleware\r\nfunction handleAuthError(error: any, req: Request, res: Response, next: NextFunction): void {\r\n logger.error('Authentication error:', error);\r\n\r\n if (error instanceof StandardError) {\r\n const statusCode = error.code === ErrorCode.CONFLICT ? 409 :\r\n error.code === ErrorCode.NOT_FOUND ? 404 :\r\n error.code === ErrorCode.VALIDATION_FAILED ? 400 :\r\n error.code === ErrorCode.UNAUTHORIZED ? 401 :\r\n error.code === ErrorCode.FORBIDDEN ? 403 :\r\n error.code === ErrorCode.CONFLICT ? 409 : 500;\r\n\r\n res.status(statusCode).json({\r\n success: false,\r\n error: error.code,\r\n message: error.message,\r\n ...(error.metadata && { details: error.metadata }),\r\n });\r\n return;\r\n }\r\n\r\n // Zod validation errors\r\n if (error instanceof z.ZodError) {\r\n res.status(400).json({\r\n success: false,\r\n error: 'VALIDATION_ERROR',\r\n message: 'Validation failed',\r\n details: error.errors.map(err => ({\r\n field: err.path.join('.'),\r\n message: err.message,\r\n })),\r\n });\r\n return;\r\n }\r\n\r\n // Generic error\r\n res.status(500).json({\r\n success: false,\r\n error: 'INTERNAL_SERVER_ERROR',\r\n message: 'An unexpected error occurred',\r\n });\r\n}\r\n\r\n// Authentication middleware\r\nfunction authenticateUser(authMiddleware: AuthMiddleware) {\r\n return async (req: Request, res: Response, next: NextFunction): Promise<void> => {\r\n try {\r\n const authHeader = req.headers.authorization;\r\n \r\n if (!authHeader) {\r\n res.status(401).json({\r\n success: false,\r\n error: 'UNAUTHORIZED',\r\n message: 'Missing authentication credentials',\r\n });\r\n return;\r\n }\r\n\r\n const userContext = authMiddleware.extractUserContext(authHeader);\r\n \r\n // Attach user to request\r\n req.user = {\r\n userId: userContext.userId,\r\n username: userContext.username,\r\n email: userContext.email,\r\n role: userContext.role,\r\n };\r\n\r\n next();\r\n } catch (error) {\r\n if (error instanceof StandardError) {\r\n res.status(401).json({\r\n success: false,\r\n error: error.code,\r\n message: error.message,\r\n });\r\n return;\r\n }\r\n\r\n res.status(401).json({\r\n success: false,\r\n error: 'UNAUTHORIZED',\r\n message: 'Invalid authentication token',\r\n });\r\n }\r\n };\r\n}\r\n\r\n// Authorization middleware\r\nfunction authorizeUser(requiredRoles: string[]) {\r\n return (req: Request, res: Response, next: NextFunction): void => {\r\n if (!req.user) {\r\n res.status(401).json({\r\n success: false,\r\n error: 'UNAUTHORIZED',\r\n message: 'Authentication required',\r\n });\r\n return;\r\n }\r\n\r\n if (!requiredRoles.includes(req.user.role)) {\r\n res.status(403).json({\r\n success: false,\r\n error: 'FORBIDDEN',\r\n message: 'Insufficient permissions',\r\n requiredRoles,\r\n userRole: req.user.role,\r\n });\r\n return;\r\n }\r\n\r\n next();\r\n };\r\n}\r\n\r\n/**\r\n * Create authentication router\r\n */\r\nexport function authenticationRouter(authService: AuthenticationService): Router {\r\n const router = Router();\r\n\r\n // Apply error handling middleware\r\n router.use(handleAuthError);\r\n\r\n // Initialize auth middleware for token validation\r\n const authMiddleware = new AuthMiddleware(\r\n process.env.JWT_SECRET || 'default-secret-change-in-production'\r\n );\r\n\r\n // POST /api/auth/register - Register new user\r\n router.post('/register',\r\n rateLimit(5, 15 * 60 * 1000, (req) => `register:${req.ip}`), // 5 attempts per 15 minutes per IP\r\n async (req: Request, res: Response): Promise<void> => {\r\n const validatedData = registerSchema.parse(req.body);\r\n\r\n try {\r\n const result = await authService.registerUser(validatedData);\r\n\r\n res.status(201).json({\r\n success: true,\r\n message: 'User registered successfully',\r\n user: {\r\n id: result.user.id,\r\n username: result.user.username,\r\n email: result.user.email,\r\n role: result.user.role,\r\n createdAt: result.user.createdAt,\r\n },\r\n tokens: result.tokens,\r\n });\r\n\r\n logger.info('User registration successful', { \r\n userId: result.user.id, \r\n email: result.user.email,\r\n ip: req.ip \r\n });\r\n } catch (error) {\r\n next(error);\r\n }\r\n }\r\n );\r\n\r\n // POST /api/auth/login - User login\r\n router.post('/login',\r\n rateLimit(10, 15 * 60 * 1000, (req) => `login:${req.body.email || req.ip}`), // 10 attempts per 15 minutes per email/IP\r\n async (req: Request, res: Response): Promise<void> => {\r\n const validatedData = loginSchema.parse(req.body);\r\n\r\n try {\r\n const result = await authService.loginUser(\r\n validatedData, \r\n req.ip, \r\n req.headers['user-agent']\r\n );\r\n\r\n res.json({\r\n success: true,\r\n message: 'Login successful',\r\n user: {\r\n id: result.user.id,\r\n username: result.user.username,\r\n email: result.user.email,\r\n role: result.user.role,\r\n createdAt: result.user.createdAt,\r\n lastLogin: result.user.lastLogin,\r\n },\r\n tokens: result.tokens,\r\n });\r\n\r\n logger.info('User login successful', { \r\n userId: result.user.id, \r\n email: result.user.email,\r\n ip: req.ip \r\n });\r\n } catch (error) {\r\n next(error);\r\n }\r\n }\r\n );\r\n\r\n // POST /api/auth/refresh - Refresh access token\r\n router.post('/refresh',\r\n rateLimit(20, 15 * 60 * 1000, (req) => `refresh:${req.ip}`), // 20 attempts per 15 minutes per IP\r\n async (req: Request, res: Response): Promise<void> => {\r\n const validatedData = refreshTokenSchema.parse(req.body);\r\n\r\n try {\r\n const tokens = await authService.refreshToken(validatedData.refreshToken);\r\n\r\n res.json({\r\n success: true,\r\n message: 'Tokens refreshed successfully',\r\n tokens,\r\n });\r\n\r\n logger.info('Token refresh successful', { ip: req.ip });\r\n } catch (error) {\r\n next(error);\r\n }\r\n }\r\n );\r\n\r\n // POST /api/auth/logout - User logout\r\n router.post('/logout',\r\n authenticateUser(authMiddleware),\r\n async (req: Request, res: Response): Promise<void> => {\r\n const { refreshToken } = req.body;\r\n const accessToken = req.headers.authorization!;\r\n\r\n try {\r\n await authService.logout(req.user!.userId, accessToken, refreshToken);\r\n\r\n res.json({\r\n success: true,\r\n message: 'Logout successful',\r\n });\r\n\r\n logger.info('User logout successful', { \r\n userId: req.user!.userId,\r\n ip: req.ip \r\n });\r\n } catch (error) {\r\n next(error);\r\n }\r\n }\r\n );\r\n\r\n // POST /api/auth/logout-all - Logout from all sessions\r\n router.post('/logout-all',\r\n authenticateUser(authMiddleware),\r\n async (req: Request, res: Response): Promise<void> => {\r\n const accessToken = req.headers.authorization!;\r\n\r\n try {\r\n await authService.logoutAllSessions(req.user!.userId, accessToken);\r\n\r\n res.json({\r\n success: true,\r\n message: 'All sessions terminated successfully',\r\n });\r\n\r\n logger.info('All sessions terminated', { \r\n userId: req.user!.userId,\r\n ip: req.ip \r\n });\r\n } catch (error) {\r\n next(error);\r\n }\r\n }\r\n );\r\n\r\n // GET /api/auth/profile - Get user profile\r\n router.get('/profile',\r\n authenticateUser(authMiddleware),\r\n async (req: Request, res: Response): Promise<void> => {\r\n try {\r\n const profile = await authService.getUserProfile(req.user!.userId);\r\n\r\n res.json({\r\n success: true,\r\n user: profile,\r\n });\r\n } catch (error) {\r\n next(error);\r\n }\r\n }\r\n );\r\n\r\n // PUT /api/auth/profile - Update user profile\r\n router.put('/profile',\r\n authenticateUser(authMiddleware),\r\n rateLimit(5, 15 * 60 * 1000, (req) => `profile:${req.user!.userId}`), // 5 updates per 15 minutes per user\r\n async (req: Request, res: Response): Promise<void> => {\r\n const validatedData = updateProfileSchema.parse(req.body);\r\n\r\n try {\r\n const updatedProfile = await authService.updateUserProfile(\r\n req.user!.userId, \r\n validatedData\r\n );\r\n\r\n res.json({\r\n success: true,\r\n message: 'Profile updated successfully',\r\n user: updatedProfile,\r\n });\r\n\r\n logger.info('Profile updated successfully', { \r\n userId: req.user!.userId,\r\n ip: req.ip \r\n });\r\n } catch (error) {\r\n next(error);\r\n }\r\n }\r\n );\r\n\r\n // POST /api/auth/change-password - Change password\r\n router.post('/change-password',\r\n authenticateUser(authMiddleware),\r\n rateLimit(3, 15 * 60 * 1000, (req) => `password:${req.user!.userId}`), // 3 attempts per 15 minutes per user\r\n async (req: Request, res: Response): Promise<void> => {\r\n const validatedData = changePasswordSchema.parse(req.body);\r\n\r\n try {\r\n await authService.changePassword(\r\n req.user!.userId,\r\n validatedData.currentPassword,\r\n validatedData.newPassword\r\n );\r\n\r\n res.json({\r\n success: true,\r\n message: 'Password changed successfully',\r\n });\r\n\r\n logger.info('Password changed successfully', { \r\n userId: req.user!.userId,\r\n ip: req.ip \r\n });\r\n } catch (error) {\r\n next(error);\r\n }\r\n }\r\n );\r\n\r\n // GET /api/auth/sessions - Get active sessions\r\n router.get('/sessions',\r\n authenticateUser(authMiddleware),\r\n async (req: Request, res: Response): Promise<void> => {\r\n try {\r\n // This would require extending the authentication service\r\n // to support session listing functionality\r\n res.json({\r\n success: true,\r\n message: 'Session listing not yet implemented',\r\n sessions: [],\r\n });\r\n } catch (error) {\r\n next(error);\r\n }\r\n }\r\n );\r\n\r\n // DELETE /api/auth/sessions/:sessionId - Terminate specific session\r\n router.delete('/sessions/:sessionId',\r\n authenticateUser(authMiddleware),\r\n async (req: Request, res: Response): Promise<void> => {\r\n try {\r\n const { sessionId } = req.params;\r\n \r\n // This would require extending the authentication service\r\n // to support specific session termination\r\n res.json({\r\n success: true,\r\n message: 'Session termination not yet implemented',\r\n });\r\n } catch (error) {\r\n next(error);\r\n }\r\n }\r\n );\r\n\r\n // POST /api/auth/request-password-reset - Request password reset\r\n router.post('/request-password-reset',\r\n rateLimit(3, 15 * 60 * 1000, (req) => `reset:${req.body.email || req.ip}`), // 3 attempts per 15 minutes per email/IP\r\n async (req: Request, res: Response): Promise<void> => {\r\n const { email } = req.body;\r\n\r\n if (!email) {\r\n res.status(400).json({\r\n success: false,\r\n error: 'VALIDATION_ERROR',\r\n message: 'Email is required',\r\n });\r\n return;\r\n }\r\n\r\n // This would require implementing password reset functionality\r\n res.json({\r\n success: true,\r\n message: 'Password reset functionality not yet implemented',\r\n });\r\n\r\n logger.info('Password reset requested', { email, ip: req.ip });\r\n }\r\n );\r\n\r\n // POST /api/auth/reset-password - Reset password with token\r\n router.post('/reset-password',\r\n rateLimit(5, 60 * 60 * 1000, (req) => `reset-confirm:${req.ip}`), // 5 attempts per hour per IP\r\n async (req: Request, res: Response): Promise<void> => {\r\n const { token, newPassword } = req.body;\r\n\r\n if (!token || !newPassword) {\r\n res.status(400).json({\r\n success: false,\r\n error: 'VALIDATION_ERROR',\r\n message: 'Reset token and new password are required',\r\n });\r\n return;\r\n }\r\n\r\n // This would require implementing password reset confirmation\r\n res.json({\r\n success: true,\r\n message: 'Password reset confirmation not yet implemented',\r\n });\r\n\r\n logger.info('Password reset confirmation attempted', { ip: req.ip });\r\n }\r\n );\r\n\r\n // GET /api/auth/verify-token - Verify token validity\r\n router.get('/verify-token',\r\n authenticateUser(authMiddleware),\r\n async (req: Request, res: Response): Promise<void> => {\r\n res.json({\r\n success: true,\r\n message: 'Token is valid',\r\n user: req.user,\r\n });\r\n }\r\n );\r\n\r\n return router;\r\n}\r\n\r\nexport {\r\n authenticateUser,\r\n authorizeUser,\r\n rateLimit,\r\n handleAuthError,\r\n};"],"names":["Router","z","AuthMiddleware","createLogger","StandardError","ErrorCode","logger","registerSchema","object","username","string","min","max","email","password","regex","role","enum","optional","default","loginSchema","refreshTokenSchema","refreshToken","changePasswordSchema","currentPassword","newPassword","updateProfileSchema","refine","data","message","RateLimiter","requests","Map","isAllowed","key","limit","windowMs","now","Date","request","get","resetTime","set","count","rateLimiter","rateLimit","keyGenerator","req","res","next","status","json","error","retryAfter","Math","ceil","handleAuthError","statusCode","code","CONFLICT","NOT_FOUND","VALIDATION_FAILED","UNAUTHORIZED","FORBIDDEN","success","metadata","details","ZodError","errors","map","err","field","path","join","authenticateUser","authMiddleware","authHeader","headers","authorization","userContext","extractUserContext","user","userId","authorizeUser","requiredRoles","includes","userRole","authenticationRouter","authService","router","use","process","env","JWT_SECRET","post","ip","validatedData","parse","body","result","registerUser","id","createdAt","tokens","info","loginUser","lastLogin","accessToken","logout","logoutAllSessions","profile","getUserProfile","put","updatedProfile","updateUserProfile","changePassword","sessions","delete","sessionId","params","token"],"mappings":"AAAA;;;;;CAKC,GAED,SAASA,MAAM,QAAyC,UAAU;AAClE,SAASC,CAAC,QAAQ,MAAM;AACxB,SAIEC,cAAc,QACT,gCAAgC;AACvC,SAASC,YAAY,QAAQ,oBAAoB;AACjD,SAASC,aAAa,EAAEC,SAAS,QAAQ,mBAAmB;AAE5D,MAAMC,SAASH,aAAa;AAgB5B,qBAAqB;AACrB,MAAMI,iBAAiBN,EAAEO,MAAM,CAAC;IAC9BC,UAAUR,EAAES,MAAM,GAAGC,GAAG,CAAC,GAAG,0CAA0CC,GAAG,CAAC,IAAI;IAC9EC,OAAOZ,EAAES,MAAM,GAAGG,KAAK,CAAC;IACxBC,UAAUb,EAAES,MAAM,GACfC,GAAG,CAAC,GAAG,0CACPI,KAAK,CAAC,SAAS,uDACfA,KAAK,CAAC,SAAS,uDACfA,KAAK,CAAC,MAAM,6CACZA,KAAK,CAAC,0BAA0B;IACnCC,MAAMf,EAAEgB,IAAI,CAAC;QAAC;QAAS;QAAa;KAAW,EAAEC,QAAQ,GAAGC,OAAO,CAAC;AACtE;AAEA,MAAMC,cAAcnB,EAAEO,MAAM,CAAC;IAC3BK,OAAOZ,EAAES,MAAM,GAAGG,KAAK,CAAC;IACxBC,UAAUb,EAAES,MAAM,GAAGC,GAAG,CAAC,GAAG;AAC9B;AAEA,MAAMU,qBAAqBpB,EAAEO,MAAM,CAAC;IAClCc,cAAcrB,EAAES,MAAM,GAAGC,GAAG,CAAC,GAAG;AAClC;AAEA,MAAMY,uBAAuBtB,EAAEO,MAAM,CAAC;IACpCgB,iBAAiBvB,EAAES,MAAM,GAAGC,GAAG,CAAC,GAAG;IACnCc,aAAaxB,EAAES,MAAM,GAClBC,GAAG,CAAC,GAAG,8CACPI,KAAK,CAAC,SAAS,2DACfA,KAAK,CAAC,SAAS,2DACfA,KAAK,CAAC,MAAM,iDACZA,KAAK,CAAC,0BAA0B;AACrC;AAEA,MAAMW,sBAAsBzB,EAAEO,MAAM,CAAC;IACnCC,UAAUR,EAAES,MAAM,GAAGC,GAAG,CAAC,GAAG,0CAA0CC,GAAG,CAAC,IAAI,qBAAqBM,QAAQ;IAC3GL,OAAOZ,EAAES,MAAM,GAAGG,KAAK,CAAC,wBAAwBK,QAAQ;AAC1D,GAAGS,MAAM,CAACC,CAAAA,OAAQA,KAAKnB,QAAQ,IAAImB,KAAKf,KAAK,EAAE;IAC7CgB,SAAS;AACX;AAEA,0BAA0B;AAC1B,IAAA,AAAMC,cAAN,MAAMA;IACIC,WAAW,IAAIC,MAAoD;IAE3EC,UAAUC,GAAW,EAAEC,KAAa,EAAEC,QAAgB,EAAW;QAC/D,MAAMC,MAAMC,KAAKD,GAAG;QACpB,MAAME,UAAU,IAAI,CAACR,QAAQ,CAACS,GAAG,CAACN;QAElC,IAAI,CAACK,WAAWF,MAAME,QAAQE,SAAS,EAAE;YACvC,IAAI,CAACV,QAAQ,CAACW,GAAG,CAACR,KAAK;gBACrBS,OAAO;gBACPF,WAAWJ,MAAMD;YACnB;YACA,OAAO;QACT;QAEA,IAAIG,QAAQI,KAAK,IAAIR,OAAO;YAC1B,OAAO;QACT;QAEAI,QAAQI,KAAK;QACb,OAAO;IACT;AACF;AAEA,MAAMC,cAAc,IAAId;AAExB,2BAA2B;AAC3B,SAASe,UAAUV,KAAa,EAAEC,QAAgB,EAAEU,YAAsC;IACxF,OAAO,CAACC,KAAcC,KAAeC;QACnC,MAAMf,MAAMY,aAAaC;QAEzB,IAAI,CAACH,YAAYX,SAAS,CAACC,KAAKC,OAAOC,WAAW;YAChDY,IAAIE,MAAM,CAAC,KAAKC,IAAI,CAAC;gBACnBC,OAAO;gBACPvB,SAAS,CAAC,qCAAqC,CAAC;gBAChDwB,YAAYC,KAAKC,IAAI,CAACnB,WAAW;YACnC;YACA;QACF;QAEAa;IACF;AACF;AAEA,4BAA4B;AAC5B,SAASO,gBAAgBJ,KAAU,EAAEL,GAAY,EAAEC,GAAa,EAAEC,KAAkB;IAClF3C,OAAO8C,KAAK,CAAC,yBAAyBA;IAEtC,IAAIA,iBAAiBhD,eAAe;QAClC,MAAMqD,aAAaL,MAAMM,IAAI,KAAKrD,UAAUsD,QAAQ,GAAG,MACrCP,MAAMM,IAAI,KAAKrD,UAAUuD,SAAS,GAAG,MACrCR,MAAMM,IAAI,KAAKrD,UAAUwD,iBAAiB,GAAG,MAC7CT,MAAMM,IAAI,KAAKrD,UAAUyD,YAAY,GAAG,MACxCV,MAAMM,IAAI,KAAKrD,UAAU0D,SAAS,GAAG,MACrCX,MAAMM,IAAI,KAAKrD,UAAUsD,QAAQ,GAAG,MAAM;QAE5DX,IAAIE,MAAM,CAACO,YAAYN,IAAI,CAAC;YAC1Ba,SAAS;YACTZ,OAAOA,MAAMM,IAAI;YACjB7B,SAASuB,MAAMvB,OAAO;YACtB,GAAIuB,MAAMa,QAAQ,IAAI;gBAAEC,SAASd,MAAMa,QAAQ;YAAC,CAAC;QACnD;QACA;IACF;IAEA,wBAAwB;IACxB,IAAIb,iBAAiBnD,EAAEkE,QAAQ,EAAE;QAC/BnB,IAAIE,MAAM,CAAC,KAAKC,IAAI,CAAC;YACnBa,SAAS;YACTZ,OAAO;YACPvB,SAAS;YACTqC,SAASd,MAAMgB,MAAM,CAACC,GAAG,CAACC,CAAAA,MAAQ,CAAA;oBAChCC,OAAOD,IAAIE,IAAI,CAACC,IAAI,CAAC;oBACrB5C,SAASyC,IAAIzC,OAAO;gBACtB,CAAA;QACF;QACA;IACF;IAEA,gBAAgB;IAChBmB,IAAIE,MAAM,CAAC,KAAKC,IAAI,CAAC;QACnBa,SAAS;QACTZ,OAAO;QACPvB,SAAS;IACX;AACF;AAEA,4BAA4B;AAC5B,SAAS6C,iBAAiBC,cAA8B;IACtD,OAAO,OAAO5B,KAAcC,KAAeC;QACzC,IAAI;YACF,MAAM2B,aAAa7B,IAAI8B,OAAO,CAACC,aAAa;YAE5C,IAAI,CAACF,YAAY;gBACf5B,IAAIE,MAAM,CAAC,KAAKC,IAAI,CAAC;oBACnBa,SAAS;oBACTZ,OAAO;oBACPvB,SAAS;gBACX;gBACA;YACF;YAEA,MAAMkD,cAAcJ,eAAeK,kBAAkB,CAACJ;YAEtD,yBAAyB;YACzB7B,IAAIkC,IAAI,GAAG;gBACTC,QAAQH,YAAYG,MAAM;gBAC1BzE,UAAUsE,YAAYtE,QAAQ;gBAC9BI,OAAOkE,YAAYlE,KAAK;gBACxBG,MAAM+D,YAAY/D,IAAI;YACxB;YAEAiC;QACF,EAAE,OAAOG,OAAO;YACd,IAAIA,iBAAiBhD,eAAe;gBAClC4C,IAAIE,MAAM,CAAC,KAAKC,IAAI,CAAC;oBACnBa,SAAS;oBACTZ,OAAOA,MAAMM,IAAI;oBACjB7B,SAASuB,MAAMvB,OAAO;gBACxB;gBACA;YACF;YAEAmB,IAAIE,MAAM,CAAC,KAAKC,IAAI,CAAC;gBACnBa,SAAS;gBACTZ,OAAO;gBACPvB,SAAS;YACX;QACF;IACF;AACF;AAEA,2BAA2B;AAC3B,SAASsD,cAAcC,aAAuB;IAC5C,OAAO,CAACrC,KAAcC,KAAeC;QACnC,IAAI,CAACF,IAAIkC,IAAI,EAAE;YACbjC,IAAIE,MAAM,CAAC,KAAKC,IAAI,CAAC;gBACnBa,SAAS;gBACTZ,OAAO;gBACPvB,SAAS;YACX;YACA;QACF;QAEA,IAAI,CAACuD,cAAcC,QAAQ,CAACtC,IAAIkC,IAAI,CAACjE,IAAI,GAAG;YAC1CgC,IAAIE,MAAM,CAAC,KAAKC,IAAI,CAAC;gBACnBa,SAAS;gBACTZ,OAAO;gBACPvB,SAAS;gBACTuD;gBACAE,UAAUvC,IAAIkC,IAAI,CAACjE,IAAI;YACzB;YACA;QACF;QAEAiC;IACF;AACF;AAEA;;CAEC,GACD,OAAO,SAASsC,qBAAqBC,WAAkC;IACrE,MAAMC,SAASzF;IAEf,kCAAkC;IAClCyF,OAAOC,GAAG,CAAClC;IAEX,kDAAkD;IAClD,MAAMmB,iBAAiB,IAAIzE,eACzByF,QAAQC,GAAG,CAACC,UAAU,IAAI;IAG5B,8CAA8C;IAC9CJ,OAAOK,IAAI,CAAC,aACVjD,UAAU,GAAG,KAAK,KAAK,MAAM,CAACE,MAAQ,CAAC,SAAS,EAAEA,IAAIgD,EAAE,EAAE,GAC1D,OAAOhD,KAAcC;QACnB,MAAMgD,gBAAgBzF,eAAe0F,KAAK,CAAClD,IAAImD,IAAI;QAEnD,IAAI;YACF,MAAMC,SAAS,MAAMX,YAAYY,YAAY,CAACJ;YAE9ChD,IAAIE,MAAM,CAAC,KAAKC,IAAI,CAAC;gBACnBa,SAAS;gBACTnC,SAAS;gBACToD,MAAM;oBACJoB,IAAIF,OAAOlB,IAAI,CAACoB,EAAE;oBAClB5F,UAAU0F,OAAOlB,IAAI,CAACxE,QAAQ;oBAC9BI,OAAOsF,OAAOlB,IAAI,CAACpE,KAAK;oBACxBG,MAAMmF,OAAOlB,IAAI,CAACjE,IAAI;oBACtBsF,WAAWH,OAAOlB,IAAI,CAACqB,SAAS;gBAClC;gBACAC,QAAQJ,OAAOI,MAAM;YACvB;YAEAjG,OAAOkG,IAAI,CAAC,gCAAgC;gBAC1CtB,QAAQiB,OAAOlB,IAAI,CAACoB,EAAE;gBACtBxF,OAAOsF,OAAOlB,IAAI,CAACpE,KAAK;gBACxBkF,IAAIhD,IAAIgD,EAAE;YACZ;QACF,EAAE,OAAO3C,OAAO;YACdH,KAAKG;QACP;IACF;IAGF,oCAAoC;IACpCqC,OAAOK,IAAI,CAAC,UACVjD,UAAU,IAAI,KAAK,KAAK,MAAM,CAACE,MAAQ,CAAC,MAAM,EAAEA,IAAImD,IAAI,CAACrF,KAAK,IAAIkC,IAAIgD,EAAE,EAAE,GAC1E,OAAOhD,KAAcC;QACnB,MAAMgD,gBAAgB5E,YAAY6E,KAAK,CAAClD,IAAImD,IAAI;QAEhD,IAAI;YACF,MAAMC,SAAS,MAAMX,YAAYiB,SAAS,CACxCT,eACAjD,IAAIgD,EAAE,EACNhD,IAAI8B,OAAO,CAAC,aAAa;YAG3B7B,IAAIG,IAAI,CAAC;gBACPa,SAAS;gBACTnC,SAAS;gBACToD,MAAM;oBACJoB,IAAIF,OAAOlB,IAAI,CAACoB,EAAE;oBAClB5F,UAAU0F,OAAOlB,IAAI,CAACxE,QAAQ;oBAC9BI,OAAOsF,OAAOlB,IAAI,CAACpE,KAAK;oBACxBG,MAAMmF,OAAOlB,IAAI,CAACjE,IAAI;oBACtBsF,WAAWH,OAAOlB,IAAI,CAACqB,SAAS;oBAChCI,WAAWP,OAAOlB,IAAI,CAACyB,SAAS;gBAClC;gBACAH,QAAQJ,OAAOI,MAAM;YACvB;YAEAjG,OAAOkG,IAAI,CAAC,yBAAyB;gBACnCtB,QAAQiB,OAAOlB,IAAI,CAACoB,EAAE;gBACtBxF,OAAOsF,OAAOlB,IAAI,CAACpE,KAAK;gBACxBkF,IAAIhD,IAAIgD,EAAE;YACZ;QACF,EAAE,OAAO3C,OAAO;YACdH,KAAKG;QACP;IACF;IAGF,gDAAgD;IAChDqC,OAAOK,IAAI,CAAC,YACVjD,UAAU,IAAI,KAAK,KAAK,MAAM,CAACE,MAAQ,CAAC,QAAQ,EAAEA,IAAIgD,EAAE,EAAE,GAC1D,OAAOhD,KAAcC;QACnB,MAAMgD,gBAAgB3E,mBAAmB4E,KAAK,CAAClD,IAAImD,IAAI;QAEvD,IAAI;YACF,MAAMK,SAAS,MAAMf,YAAYlE,YAAY,CAAC0E,cAAc1E,YAAY;YAExE0B,IAAIG,IAAI,CAAC;gBACPa,SAAS;gBACTnC,SAAS;gBACT0E;YACF;YAEAjG,OAAOkG,IAAI,CAAC,4BAA4B;gBAAET,IAAIhD,IAAIgD,EAAE;YAAC;QACvD,EAAE,OAAO3C,OAAO;YACdH,KAAKG;QACP;IACF;IAGF,sCAAsC;IACtCqC,OAAOK,IAAI,CAAC,WACVpB,iBAAiBC,iBACjB,OAAO5B,KAAcC;QACnB,MAAM,EAAE1B,YAAY,EAAE,GAAGyB,IAAImD,IAAI;QACjC,MAAMS,cAAc5D,IAAI8B,OAAO,CAACC,aAAa;QAE7C,IAAI;YACF,MAAMU,YAAYoB,MAAM,CAAC7D,IAAIkC,IAAI,CAAEC,MAAM,EAAEyB,aAAarF;YAExD0B,IAAIG,IAAI,CAAC;gBACPa,SAAS;gBACTnC,SAAS;YACX;YAEAvB,OAAOkG,IAAI,CAAC,0BAA0B;gBACpCtB,QAAQnC,IAAIkC,IAAI,CAAEC,MAAM;gBACxBa,IAAIhD,IAAIgD,EAAE;YACZ;QACF,EAAE,OAAO3C,OAAO;YACdH,KAAKG;QACP;IACF;IAGF,uDAAuD;IACvDqC,OAAOK,IAAI,CAAC,eACVpB,iBAAiBC,iBACjB,OAAO5B,KAAcC;QACnB,MAAM2D,cAAc5D,IAAI8B,OAAO,CAACC,aAAa;QAE7C,IAAI;YACF,MAAMU,YAAYqB,iBAAiB,CAAC9D,IAAIkC,IAAI,CAAEC,MAAM,EAAEyB;YAEtD3D,IAAIG,IAAI,CAAC;gBACPa,SAAS;gBACTnC,SAAS;YACX;YAEAvB,OAAOkG,IAAI,CAAC,2BAA2B;gBACrCtB,QAAQnC,IAAIkC,IAAI,CAAEC,MAAM;gBACxBa,IAAIhD,IAAIgD,EAAE;YACZ;QACF,EAAE,OAAO3C,OAAO;YACdH,KAAKG;QACP;IACF;IAGF,2CAA2C;IAC3CqC,OAAOjD,GAAG,CAAC,YACTkC,iBAAiBC,iBACjB,OAAO5B,KAAcC;QACnB,IAAI;YACF,MAAM8D,UAAU,MAAMtB,YAAYuB,cAAc,CAAChE,IAAIkC,IAAI,CAAEC,MAAM;YAEjElC,IAAIG,IAAI,CAAC;gBACPa,SAAS;gBACTiB,MAAM6B;YACR;QACF,EAAE,OAAO1D,OAAO;YACdH,KAAKG;QACP;IACF;IAGF,8CAA8C;IAC9CqC,OAAOuB,GAAG,CAAC,YACTtC,iBAAiBC,iBACjB9B,UAAU,GAAG,KAAK,KAAK,MAAM,CAACE,MAAQ,CAAC,QAAQ,EAAEA,IAAIkC,IAAI,CAAEC,MAAM,EAAE,GACnE,OAAOnC,KAAcC;QACnB,MAAMgD,gBAAgBtE,oBAAoBuE,KAAK,CAAClD,IAAImD,IAAI;QAExD,IAAI;YACF,MAAMe,iBAAiB,MAAMzB,YAAY0B,iBAAiB,CACxDnE,IAAIkC,IAAI,CAAEC,MAAM,EAChBc;YAGFhD,IAAIG,IAAI,CAAC;gBACPa,SAAS;gBACTnC,SAAS;gBACToD,MAAMgC;YACR;YAEA3G,OAAOkG,IAAI,CAAC,gCAAgC;gBAC1CtB,QAAQnC,IAAIkC,IAAI,CAAEC,MAAM;gBACxBa,IAAIhD,IAAIgD,EAAE;YACZ;QACF,EAAE,OAAO3C,OAAO;YACdH,KAAKG;QACP;IACF;IAGF,mDAAmD;IACnDqC,OAAOK,IAAI,CAAC,oBACVpB,iBAAiBC,iBACjB9B,UAAU,GAAG,KAAK,KAAK,MAAM,CAACE,MAAQ,CAAC,SAAS,EAAEA,IAAIkC,IAAI,CAAEC,MAAM,EAAE,GACpE,OAAOnC,KAAcC;QACnB,MAAMgD,gBAAgBzE,qBAAqB0E,KAAK,CAAClD,IAAImD,IAAI;QAEzD,IAAI;YACF,MAAMV,YAAY2B,cAAc,CAC9BpE,IAAIkC,IAAI,CAAEC,MAAM,EAChBc,cAAcxE,eAAe,EAC7BwE,cAAcvE,WAAW;YAG3BuB,IAAIG,IAAI,CAAC;gBACPa,SAAS;gBACTnC,SAAS;YACX;YAEAvB,OAAOkG,IAAI,CAAC,iCAAiC;gBAC3CtB,QAAQnC,IAAIkC,IAAI,CAAEC,MAAM;gBACxBa,IAAIhD,IAAIgD,EAAE;YACZ;QACF,EAAE,OAAO3C,OAAO;YACdH,KAAKG;QACP;IACF;IAGF,+CAA+C;IAC/CqC,OAAOjD,GAAG,CAAC,aACTkC,iBAAiBC,iBACjB,OAAO5B,KAAcC;QACnB,IAAI;YACF,0DAA0D;YAC1D,2CAA2C;YAC3CA,IAAIG,IAAI,CAAC;gBACPa,SAAS;gBACTnC,SAAS;gBACTuF,UAAU,EAAE;YACd;QACF,EAAE,OAAOhE,OAAO;YACdH,KAAKG;QACP;IACF;IAGF,oEAAoE;IACpEqC,OAAO4B,MAAM,CAAC,wBACZ3C,iBAAiBC,iBACjB,OAAO5B,KAAcC;QACnB,IAAI;YACF,MAAM,EAAEsE,SAAS,EAAE,GAAGvE,IAAIwE,MAAM;YAEhC,0DAA0D;YAC1D,0CAA0C;YAC1CvE,IAAIG,IAAI,CAAC;gBACPa,SAAS;gBACTnC,SAAS;YACX;QACF,EAAE,OAAOuB,OAAO;YACdH,KAAKG;QACP;IACF;IAGF,iEAAiE;IACjEqC,OAAOK,IAAI,CAAC,2BACVjD,UAAU,GAAG,KAAK,KAAK,MAAM,CAACE,MAAQ,CAAC,MAAM,EAAEA,IAAImD,IAAI,CAACrF,KAAK,IAAIkC,IAAIgD,EAAE,EAAE,GACzE,OAAOhD,KAAcC;QACnB,MAAM,EAAEnC,KAAK,EAAE,GAAGkC,IAAImD,IAAI;QAE1B,IAAI,CAACrF,OAAO;YACVmC,IAAIE,MAAM,CAAC,KAAKC,IAAI,CAAC;gBACnBa,SAAS;gBACTZ,OAAO;gBACPvB,SAAS;YACX;YACA;QACF;QAEA,+DAA+D;QAC/DmB,IAAIG,IAAI,CAAC;YACPa,SAAS;YACTnC,SAAS;QACX;QAEAvB,OAAOkG,IAAI,CAAC,4BAA4B;YAAE3F;YAAOkF,IAAIhD,IAAIgD,EAAE;QAAC;IAC9D;IAGF,4DAA4D;IAC5DN,OAAOK,IAAI,CAAC,mBACVjD,UAAU,GAAG,KAAK,KAAK,MAAM,CAACE,MAAQ,CAAC,cAAc,EAAEA,IAAIgD,EAAE,EAAE,GAC/D,OAAOhD,KAAcC;QACnB,MAAM,EAAEwE,KAAK,EAAE/F,WAAW,EAAE,GAAGsB,IAAImD,IAAI;QAEvC,IAAI,CAACsB,SAAS,CAAC/F,aAAa;YAC1BuB,IAAIE,MAAM,CAAC,KAAKC,IAAI,CAAC;gBACnBa,SAAS;gBACTZ,OAAO;gBACPvB,SAAS;YACX;YACA;QACF;QAEA,8DAA8D;QAC9DmB,IAAIG,IAAI,CAAC;YACPa,SAAS;YACTnC,SAAS;QACX;QAEAvB,OAAOkG,IAAI,CAAC,yCAAyC;YAAET,IAAIhD,IAAIgD,EAAE;QAAC;IACpE;IAGF,qDAAqD;IACrDN,OAAOjD,GAAG,CAAC,iBACTkC,iBAAiBC,iBACjB,OAAO5B,KAAcC;QACnBA,IAAIG,IAAI,CAAC;YACPa,SAAS;YACTnC,SAAS;YACToD,MAAMlC,IAAIkC,IAAI;QAChB;IACF;IAGF,OAAOQ;AACT;AAEA,SACEf,gBAAgB,EAChBS,aAAa,EACbtC,SAAS,EACTW,eAAe,GACf"}