convex-cms 0.0.1

package/dist/component/userContext.js

@@ -0,0 +1,615 @@
+/**
+ * User Context Handler Module
+ *
+ * Functions to receive and validate user context passed from parent apps.
+ * Extracts user ID and roles for permission checks in the CMS authorization system.
+ *
+ * This module bridges the gap between external authentication systems and the
+ * CMS's internal RBAC (Role-Based Access Control) system. The CMS is auth-agnostic,
+ * meaning it doesn't own user authentication - instead, it relies on the parent
+ * application to provide user identification.
+ *
+ * Key concepts:
+ * - UserContext: The validated user information passed to CMS operations
+ * - User ID: A string identifier from your auth system (Clerk, Auth0, custom, etc.)
+ * - Role: The CMS role assigned to the user (admin, editor, author, viewer, or custom)
+ *
+ * @example
+ * ```typescript
+ * import { createUserContext, validateUserContext, extractUserId } from './userContext';
+ *
+ * // In your Convex function:
+ * export const createPost = mutation({
+ *   handler: async (ctx, args) => {
+ *     // Get user from your auth system
+ *     const identity = await ctx.auth.getUserIdentity();
+ *
+ *     // Create and validate user context
+ *     const userContext = await createUserContext({
+ *       userId: identity?.subject,
+ *       getUserRole: config.getUserRole,
+ *     });
+ *
+ *     // Use in CMS operations
+ *     const entry = await cms.contentEntries.create(ctx, {
+ *       ...args,
+ *       createdBy: userContext.userId,
+ *     });
+ *   },
+ * });
+ * ```
+ */
+import { getRole } from "./roles.js";
+// =============================================================================
+// User Context Error Class
+// =============================================================================
+/**
+ * Error thrown when user context validation fails.
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   const context = await createUserContext({ input, getUserRole });
+ * } catch (error) {
+ *   if (error instanceof UserContextError) {
+ *     console.log(error.code); // 'ANONYMOUS_NOT_ALLOWED'
+ *     console.log(error.message); // 'Anonymous users are not allowed'
+ *   }
+ * }
+ * ```
+ */
+export class UserContextError extends Error {
+    code;
+    details;
+    constructor(error) {
+        super(error.message);
+        this.name = "UserContextError";
+        this.code = error.code;
+        this.details = error.details;
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, UserContextError);
+        }
+    }
+    toJSON() {
+        return {
+            name: this.name,
+            code: this.code,
+            message: this.message,
+            details: this.details,
+        };
+    }
+}
+// =============================================================================
+// Validation Functions
+// =============================================================================
+/**
+ * Validate a user ID string.
+ *
+ * @param userId - The user ID to validate
+ * @returns True if the user ID is valid
+ *
+ * @example
+ * ```typescript
+ * isValidUserId("user_123"); // true
+ * isValidUserId(""); // false
+ * isValidUserId(null); // false
+ * ```
+ */
+export function isValidUserId(userId) {
+    return typeof userId === "string" && userId.trim().length > 0;
+}
+/**
+ * Validate that a role name exists in the role definitions.
+ *
+ * @param roleName - The role name to validate
+ * @param customRoles - Optional custom role definitions
+ * @returns True if the role exists
+ *
+ * @example
+ * ```typescript
+ * isValidRole("admin"); // true (built-in)
+ * isValidRole("blog-author", { "blog-author": {...} }); // true (custom)
+ * isValidRole("unknown"); // false
+ * ```
+ */
+export function isValidRole(roleName, customRoles) {
+    if (roleName === null || roleName === undefined) {
+        return false;
+    }
+    // getRole returns undefined if role not found
+    return getRole(roleName, customRoles) !== undefined;
+}
+/**
+ * Validate user context input without creating the full context.
+ * Use this for quick validation before expensive operations.
+ *
+ * @param input - The user context input to validate
+ * @param options - Validation options
+ * @returns Validation result with errors if invalid
+ *
+ * @example
+ * ```typescript
+ * const result = validateUserContextInput(
+ *   { userId: "user_123" },
+ *   { allowAnonymous: false }
+ * );
+ *
+ * if (!result.valid) {
+ *   console.log(result.errors); // Validation errors
+ * }
+ * ```
+ */
+export function validateUserContextInput(input, options = {}) {
+    const { allowAnonymous = true, requireRole = false, customRoles } = options;
+    const errors = [];
+    // Validate user ID format (if provided)
+    if (input.userId !== undefined && input.userId !== null) {
+        if (typeof input.userId !== "string") {
+            errors.push({
+                code: "INVALID_USER_ID",
+                message: "User ID must be a string",
+                details: { receivedType: typeof input.userId },
+            });
+        }
+        else if (input.userId.trim().length === 0) {
+            errors.push({
+                code: "INVALID_USER_ID",
+                message: "User ID cannot be empty",
+            });
+        }
+    }
+    // Check anonymous access
+    const isAuthenticated = isValidUserId(input.userId);
+    if (!allowAnonymous && !isAuthenticated) {
+        errors.push({
+            code: "ANONYMOUS_NOT_ALLOWED",
+            message: "Authentication is required for this operation",
+        });
+    }
+    // Validate role if provided
+    if (input.role !== undefined && input.role !== null) {
+        if (!isValidRole(input.role, customRoles)) {
+            errors.push({
+                code: "UNKNOWN_ROLE",
+                message: `Unknown role: ${input.role}`,
+                details: { role: input.role },
+            });
+        }
+    }
+    else if (requireRole) {
+        // Role is required but not provided
+        errors.push({
+            code: "ROLE_REQUIRED",
+            message: "A CMS role is required for this operation",
+        });
+    }
+    return {
+        valid: errors.length === 0,
+        errors: errors.length > 0 ? errors : undefined,
+    };
+}
+// =============================================================================
+// User Context Creation Functions
+// =============================================================================
+/**
+ * Resolve the user's CMS role using the getUserRole hook.
+ *
+ * @param ctx - The CMS hook context (provides db and auth access)
+ * @param userId - The user ID to look up
+ * @param getUserRole - The getUserRole hook from configuration
+ * @returns The resolved role name or null
+ *
+ * @example
+ * ```typescript
+ * const role = await resolveUserRole(ctx, "user_123", config.getUserRole);
+ * console.log(role); // "editor" or null
+ * ```
+ */
+export async function resolveUserRole(ctx, userId, getUserRole) {
+    if (!getUserRole) {
+        return null;
+    }
+    try {
+        const context = { userId };
+        return await getUserRole(ctx, context);
+    }
+    catch (error) {
+        // Re-throw with context for better error handling
+        const message = error instanceof Error ? error.message : "Unknown error";
+        throw new UserContextError({
+            code: "HOOK_ERROR",
+            message: `getUserRole hook failed: ${message}`,
+            details: { userId, originalError: message },
+        });
+    }
+}
+/**
+ * Create a validated user context from input.
+ *
+ * This is the main function for converting raw user input into a validated
+ * UserContext that can be used throughout CMS operations. It handles:
+ * - User ID validation
+ * - Role resolution via the getUserRole hook
+ * - Role validation against built-in and custom roles
+ * - Access control checks (anonymous, role requirements)
+ *
+ * @param options - Options including input and hooks
+ * @returns Validated UserContext
+ * @throws UserContextError if validation fails
+ *
+ * @example
+ * ```typescript
+ * // Basic usage with getUserRole hook
+ * const context = await createUserContext({
+ *   input: { userId: identity?.subject },
+ *   getUserRole: config.getUserRole,
+ * });
+ *
+ * // With pre-resolved role (skips hook)
+ * const context = await createUserContext({
+ *   input: { userId: "user_123", role: "editor" },
+ * });
+ *
+ * // Require authentication
+ * const context = await createUserContext({
+ *   input: { userId },
+ *   allowAnonymous: false,
+ * });
+ * ```
+ */
+export async function createUserContext(options) {
+    const { ctx, input, getUserRole, customRoles, allowAnonymous = true, requireRole = false, } = options;
+    // Validate input
+    const validation = validateUserContextInput(input, {
+        allowAnonymous,
+        requireRole: false, // We'll check this after resolving the role
+        customRoles,
+    });
+    if (!validation.valid && validation.errors) {
+        throw new UserContextError(validation.errors[0]);
+    }
+    // Normalize userId
+    const userId = isValidUserId(input.userId) ? input.userId : undefined;
+    const isAuthenticated = userId !== undefined;
+    // Resolve role
+    let role = null;
+    if (input.role !== undefined && input.role !== null) {
+        // Use pre-provided role
+        role = input.role;
+    }
+    else if (userId && getUserRole && ctx) {
+        // Resolve role via hook
+        role = await resolveUserRole(ctx, userId, getUserRole);
+    }
+    // Validate resolved role
+    const roleDefinition = role ? getRole(role, customRoles) ?? undefined : undefined;
+    const hasRole = roleDefinition !== undefined;
+    // Check role requirement
+    if (requireRole && !hasRole) {
+        throw new UserContextError({
+            code: "ROLE_REQUIRED",
+            message: isAuthenticated
+                ? `User ${userId} has no CMS role assigned`
+                : "Authentication and a CMS role are required",
+            details: { userId, resolvedRole: role },
+        });
+    }
+    // Warn about unknown roles (but don't fail if requireRole is false)
+    if (role !== null && !hasRole) {
+        // Role was provided but doesn't exist - this is logged but not an error
+        // unless requireRole is true (handled above)
+        console.warn(`Unknown CMS role "${role}" for user ${userId ?? "anonymous"}`);
+    }
+    return {
+        userId,
+        role,
+        isAuthenticated,
+        hasRole,
+        roleDefinition,
+        email: input.email,
+        displayName: input.displayName,
+        metadata: input.metadata,
+    };
+}
+/**
+ * Create a user context synchronously when the role is already known.
+ * Use this when you've already resolved the role or want to skip hook execution.
+ *
+ * @param input - User context input with role pre-resolved
+ * @param customRoles - Optional custom role definitions
+ * @returns Validated UserContext
+ *
+ * @example
+ * ```typescript
+ * // When role is already known
+ * const context = createUserContextSync({
+ *   userId: "user_123",
+ *   role: "editor",
+ * });
+ * ```
+ */
+export function createUserContextSync(input, customRoles) {
+    const userId = isValidUserId(input.userId) ? input.userId : undefined;
+    const role = input.role ?? null;
+    const roleDefinition = role ? getRole(role, customRoles) ?? undefined : undefined;
+    return {
+        userId,
+        role,
+        isAuthenticated: userId !== undefined,
+        hasRole: roleDefinition !== undefined,
+        roleDefinition,
+        email: input.email,
+        displayName: input.displayName,
+        metadata: input.metadata,
+    };
+}
+// =============================================================================
+// User ID Extraction Functions
+// =============================================================================
+/**
+ * Extract user ID from various input formats.
+ * Handles common patterns from different auth systems.
+ *
+ * @param input - The input to extract userId from
+ * @returns The extracted userId or undefined
+ *
+ * @example
+ * ```typescript
+ * // From Convex identity
+ * extractUserId(identity); // uses identity.subject
+ *
+ * // From string
+ * extractUserId("user_123"); // "user_123"
+ *
+ * // From object with common fields
+ * extractUserId({ sub: "user_123" }); // "user_123"
+ * extractUserId({ userId: "user_123" }); // "user_123"
+ * extractUserId({ id: "user_123" }); // "user_123"
+ * ```
+ */
+export function extractUserId(input) {
+    if (input === null || input === undefined) {
+        return undefined;
+    }
+    // String input
+    if (typeof input === "string") {
+        return isValidUserId(input) ? input : undefined;
+    }
+    // Object input - try common fields in order of priority
+    const candidates = [
+        input.subject, // Convex identity
+        input.sub, // JWT standard
+        input.userId, // Common custom field
+        input.id, // Generic ID field
+        input._id, // MongoDB-style
+    ];
+    for (const candidate of candidates) {
+        if (isValidUserId(candidate)) {
+            return candidate;
+        }
+    }
+    return undefined;
+}
+/**
+ * Extract user ID from a Convex auth context.
+ * This is a convenience wrapper for extractUserId that works with ctx.auth.
+ *
+ * @param authContext - The auth context from ctx.auth
+ * @returns The user ID or undefined if not authenticated
+ *
+ * @example
+ * ```typescript
+ * export const myMutation = mutation({
+ *   handler: async (ctx, args) => {
+ *     const userId = await extractUserIdFromAuth(ctx.auth);
+ *     if (!userId) {
+ *       throw new Error("Authentication required");
+ *     }
+ *     // ... use userId
+ *   },
+ * });
+ * ```
+ */
+export async function extractUserIdFromAuth(authContext) {
+    const identity = await authContext.getUserIdentity();
+    return extractUserId(identity);
+}
+// =============================================================================
+// Authorization Context Builders
+// =============================================================================
+/**
+ * Build an AuthorizationHookContext from a UserContext and operation details.
+ * This creates the context object used by authorization hooks.
+ *
+ * @param userContext - The validated user context
+ * @param operation - The CMS operation being performed
+ * @param resourceInfo - Additional resource information
+ * @returns AuthorizationHookContext for hook execution
+ *
+ * @example
+ * ```typescript
+ * const hookContext = buildAuthorizationContext(
+ *   userContext,
+ *   "contentEntries.update",
+ *   {
+ *     resourceId: entry._id,
+ *     resourceOwnerId: entry.createdBy,
+ *     contentTypeId: entry.contentTypeId,
+ *     contentTypeName: contentType.name,
+ *   }
+ * );
+ * ```
+ */
+export function buildAuthorizationContext(userContext, operation, resourceInfo) {
+    return {
+        operation,
+        userId: userContext.userId,
+        role: userContext.role,
+        resourceId: resourceInfo?.resourceId,
+        resourceOwnerId: resourceInfo?.resourceOwnerId,
+        contentTypeId: resourceInfo?.contentTypeId,
+        contentTypeName: resourceInfo?.contentTypeName,
+        operationData: {
+            ...resourceInfo?.operationData,
+            // Include user context metadata for custom hooks
+            _userMetadata: userContext.metadata,
+        },
+    };
+}
+/**
+ * Create a minimal user context for anonymous operations.
+ * Use this for public read operations that don't require authentication.
+ *
+ * @returns A UserContext representing an anonymous user
+ *
+ * @example
+ * ```typescript
+ * // For public content queries
+ * const context = createAnonymousContext();
+ * // context.isAuthenticated === false
+ * // context.hasRole === false
+ * ```
+ */
+export function createAnonymousContext() {
+    return {
+        userId: undefined,
+        role: null,
+        isAuthenticated: false,
+        hasRole: false,
+    };
+}
+/**
+ * Create a system context for internal operations.
+ * This bypasses normal user authentication for system-level operations.
+ * Use with caution - only for trusted internal operations.
+ *
+ * @param systemId - Optional identifier for the system operation
+ * @returns A UserContext representing a system operation
+ *
+ * @example
+ * ```typescript
+ * // For scheduled jobs or internal migrations
+ * const context = createSystemContext("scheduled-publisher");
+ * // context.userId === "_system:scheduled-publisher"
+ * // context.role === "admin" (full access)
+ * ```
+ */
+export function createSystemContext(systemId) {
+    const userId = systemId ? `_system:${systemId}` : "_system";
+    return {
+        userId,
+        role: "admin",
+        isAuthenticated: true,
+        hasRole: true,
+        metadata: {
+            isSystemContext: true,
+            systemId,
+        },
+    };
+}
+// =============================================================================
+// Utility Functions
+// =============================================================================
+/**
+ * Check if a user context represents an authenticated user.
+ *
+ * @param context - The user context to check
+ * @returns True if the user is authenticated
+ */
+export function isAuthenticated(context) {
+    return context.isAuthenticated && context.userId !== undefined;
+}
+/**
+ * Check if a user context has a specific role.
+ *
+ * @param context - The user context to check
+ * @param roleName - The role name to check for
+ * @returns True if the user has the specified role
+ */
+export function hasUserRole(context, roleName) {
+    return context.role === roleName && context.hasRole;
+}
+/**
+ * Check if a user context represents a system operation.
+ *
+ * @param context - The user context to check
+ * @returns True if this is a system context
+ */
+export function isSystemContext(context) {
+    return context.metadata?.isSystemContext === true;
+}
+/**
+ * Get the display identifier for a user context.
+ * Useful for logging and audit trails.
+ *
+ * @param context - The user context
+ * @returns A human-readable identifier for the user
+ */
+export function getUserDisplayId(context) {
+    if (context.displayName) {
+        return context.displayName;
+    }
+    if (context.email) {
+        return context.email;
+    }
+    if (context.userId) {
+        if (context.userId.startsWith("_system")) {
+            return `System (${context.userId.replace("_system:", "")})`;
+        }
+        return context.userId;
+    }
+    return "Anonymous";
+}
+/**
+ * Validate that a user context meets minimum requirements for an operation.
+ * Returns validation result with specific error messages.
+ *
+ * @param context - The user context to validate
+ * @param requirements - The requirements to check
+ * @returns Validation result
+ *
+ * @example
+ * ```typescript
+ * const result = validateUserContext(context, {
+ *   requireAuthentication: true,
+ *   requireRole: true,
+ *   allowedRoles: ["admin", "editor"],
+ * });
+ *
+ * if (!result.valid) {
+ *   throw new Error(result.errors[0].message);
+ * }
+ * ```
+ */
+export function validateUserContext(context, requirements) {
+    const errors = [];
+    if (requirements.requireAuthentication && !context.isAuthenticated) {
+        errors.push({
+            code: "ANONYMOUS_NOT_ALLOWED",
+            message: "Authentication is required for this operation",
+        });
+    }
+    if (requirements.requireRole && !context.hasRole) {
+        errors.push({
+            code: "ROLE_REQUIRED",
+            message: "A valid CMS role is required for this operation",
+        });
+    }
+    if (requirements.allowedRoles && context.role) {
+        if (!requirements.allowedRoles.includes(context.role)) {
+            errors.push({
+                code: "UNKNOWN_ROLE",
+                message: `Role "${context.role}" is not allowed for this operation`,
+                details: {
+                    allowedRoles: requirements.allowedRoles,
+                    actualRole: context.role,
+                },
+            });
+        }
+    }
+    if (errors.length > 0) {
+        return { valid: false, errors };
+    }
+    return { valid: true, context };
+}
+//# sourceMappingURL=userContext.js.map

package/dist/component/userContext.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"userContext.js","sourceRoot":"","sources":["../../src/component/userContext.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAWH,OAAO,EAAE,OAAO,EAAuB,MAAM,YAAY,CAAC;AAuL1D,gFAAgF;AAChF,2BAA2B;AAC3B,gFAAgF;AAEhF;;;;;;;;;;;;;;GAcG;AACH,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IAChC,IAAI,CAAqC;IACzC,OAAO,CAA2B;IAE3C,YAAY,KAAiC;QAC3C,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QACvB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAE7B,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;YAC5B,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,MAAM;QACJ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;IACJ,CAAC;CACF;AAED,gFAAgF;AAChF,uBAAuB;AACvB,gFAAgF;AAEhF;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,aAAa,CAAC,MAAe;IAC3C,OAAO,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;AAChE,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,WAAW,CACzB,QAAmC,EACnC,WAA4C;IAE5C,IAAI,QAAQ,KAAK,IAAI,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,8CAA8C;IAC9C,OAAO,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,KAAK,SAAS,CAAC;AACtD,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,wBAAwB,CACtC,KAAuB,EACvB,UAII,EAAE;IAEN,MAAM,EAAE,cAAc,GAAG,IAAI,EAAE,WAAW,GAAG,KAAK,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAC5E,MAAM,MAAM,GAAiC,EAAE,CAAC;IAEhD,wCAAwC;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;QACxD,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,0BAA0B;gBACnC,OAAO,EAAE,EAAE,YAAY,EAAE,OAAO,KAAK,CAAC,MAAM,EAAE;aAC/C,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5C,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,yBAAyB;aACnC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,MAAM,eAAe,GAAG,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,CAAC,cAAc,IAAI,CAAC,eAAe,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EAAE,+CAA+C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAC5B,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;QACpD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,iBAAiB,KAAK,CAAC,IAAI,EAAE;gBACtC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;SAAM,IAAI,WAAW,EAAE,CAAC;QACvB,oCAAoC;QACpC,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;KAC/C,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,kCAAkC;AAClC,gFAAgF;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,GAAmB,EACnB,MAAc,EACd,WAA6B;IAE7B,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAuB,EAAE,MAAM,EAAE,CAAC;QAC/C,OAAO,MAAM,WAAW,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,kDAAkD;QAClD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACzE,MAAM,IAAI,gBAAgB,CAAC;YACzB,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,4BAA4B,OAAO,EAAE;YAC9C,OAAO,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE;SAC5C,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAAiC;IAEjC,MAAM,EACJ,GAAG,EACH,KAAK,EACL,WAAW,EACX,WAAW,EACX,cAAc,GAAG,IAAI,EACrB,WAAW,GAAG,KAAK,GACpB,GAAG,OAAO,CAAC;IAEZ,iBAAiB;IACjB,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,EAAE;QACjD,cAAc;QACd,WAAW,EAAE,KAAK,EAAE,4CAA4C;QAChE,WAAW;KACZ,CAAC,CAAC;IAEH,IAAI,CAAC,UAAU,CAAC,KAAK,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QAC3C,MAAM,IAAI,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,mBAAmB;IACnB,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,MAAM,eAAe,GAAG,MAAM,KAAK,SAAS,CAAC;IAE7C,eAAe;IACf,IAAI,IAAI,GAAkB,IAAI,CAAC;IAE/B,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;QACpD,wBAAwB;QACxB,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;IACpB,CAAC;SAAM,IAAI,MAAM,IAAI,WAAW,IAAI,GAAG,EAAE,CAAC;QACxC,wBAAwB;QACxB,IAAI,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IACzD,CAAC;IAED,yBAAyB;IACzB,MAAM,cAAc,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAClF,MAAM,OAAO,GAAG,cAAc,KAAK,SAAS,CAAC;IAE7C,yBAAyB;IACzB,IAAI,WAAW,IAAI,CAAC,OAAO,EAAE,CAAC;QAC5B,MAAM,IAAI,gBAAgB,CAAC;YACzB,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,eAAe;gBACtB,CAAC,CAAC,QAAQ,MAAM,2BAA2B;gBAC3C,CAAC,CAAC,4CAA4C;YAChD,OAAO,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,IAAI,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QAC9B,wEAAwE;QACxE,6CAA6C;QAC7C,OAAO,CAAC,IAAI,CAAC,qBAAqB,IAAI,cAAc,MAAM,IAAI,WAAW,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO;QACL,MAAM;QACN,IAAI;QACJ,eAAe;QACf,OAAO;QACP,cAAc;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAuB,EACvB,WAA4C;IAE5C,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC;IAChC,MAAM,cAAc,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAElF,OAAO;QACL,MAAM;QACN,IAAI;QACJ,eAAe,EAAE,MAAM,KAAK,SAAS;QACrC,OAAO,EAAE,cAAc,KAAK,SAAS;QACrC,cAAc;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,+BAA+B;AAC/B,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,aAAa,CAC3B,KAAiH;IAEjH,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,eAAe;IACf,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IAClD,CAAC;IAED,wDAAwD;IACxD,MAAM,UAAU,GAAG;QACjB,KAAK,CAAC,OAAO,EAAE,kBAAkB;QACjC,KAAK,CAAC,GAAG,EAAE,eAAe;QAC1B,KAAK,CAAC,MAAM,EAAE,sBAAsB;QACpC,KAAK,CAAC,EAAE,EAAE,mBAAmB;QAC7B,KAAK,CAAC,GAAG,EAAE,gBAAgB;KAC5B,CAAC;IAEF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,WAA4E;IAE5E,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,eAAe,EAAE,CAAC;IACrD,OAAO,aAAa,CAAC,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED,gFAAgF;AAChF,iCAAiC;AACjC,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,yBAAyB,CACvC,WAAwB,EACxB,SAAuB,EACvB,YAMC;IAED,OAAO;QACL,SAAS;QACT,MAAM,EAAE,WAAW,CAAC,MAAM;QAC1B,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,UAAU,EAAE,YAAY,EAAE,UAAU;QACpC,eAAe,EAAE,YAAY,EAAE,eAAe;QAC9C,aAAa,EAAE,YAAY,EAAE,aAAa;QAC1C,eAAe,EAAE,YAAY,EAAE,eAAe;QAC9C,aAAa,EAAE;YACb,GAAG,YAAY,EAAE,aAAa;YAC9B,iDAAiD;YACjD,aAAa,EAAE,WAAW,CAAC,QAAQ;SACpC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,IAAI,EAAE,IAAI;QACV,eAAe,EAAE,KAAK;QACtB,OAAO,EAAE,KAAK;KACf,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAiB;IACnD,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAW,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,OAAO;QACL,MAAM;QACN,IAAI,EAAE,OAAO;QACb,eAAe,EAAE,IAAI;QACrB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE;YACR,eAAe,EAAE,IAAI;YACrB,QAAQ;SACT;KACF,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,oBAAoB;AACpB,gFAAgF;AAEhF;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,OAAoB;IAClD,OAAO,OAAO,CAAC,eAAe,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC;AACjE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,OAAoB,EAAE,QAAgB;IAChE,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,CAAC,OAAO,CAAC;AACtD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,OAAoB;IAClD,OAAO,OAAO,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,CAAC;AACpD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAoB;IACnD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,OAAO,OAAO,CAAC,WAAW,CAAC;IAC7B,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,OAAO,OAAO,CAAC,KAAK,CAAC;IACvB,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACzC,OAAO,WAAW,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,GAAG,CAAC;QAC9D,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAoB,EACpB,YAIC;IAED,MAAM,MAAM,GAAiC,EAAE,CAAC;IAEhD,IAAI,YAAY,CAAC,qBAAqB,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;QACnE,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EAAE,+CAA+C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,IAAI,YAAY,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CAAC;IACL,CAAC;IAED,IAAI,YAAY,CAAC,YAAY,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACtD,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,SAAS,OAAO,CAAC,IAAI,qCAAqC;gBACnE,OAAO,EAAE;oBACP,YAAY,EAAE,YAAY,CAAC,YAAY;oBACvC,UAAU,EAAE,OAAO,CAAC,IAAI;iBACzB;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAClC,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAClC,CAAC"}