convex-cms 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/admin.d.ts +16 -0
- package/dist/cli/commands/admin.d.ts.map +1 -0
- package/dist/cli/commands/admin.js +88 -0
- package/dist/cli/commands/admin.js.map +1 -0
- package/dist/cli/index.d.ts +3 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +18 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/cli/utils/detectConvexUrl.d.ts +13 -0
- package/dist/cli/utils/detectConvexUrl.d.ts.map +1 -0
- package/dist/cli/utils/detectConvexUrl.js +48 -0
- package/dist/cli/utils/detectConvexUrl.js.map +1 -0
- package/dist/cli/utils/openBrowser.d.ts +7 -0
- package/dist/cli/utils/openBrowser.d.ts.map +1 -0
- package/dist/cli/utils/openBrowser.js +17 -0
- package/dist/cli/utils/openBrowser.js.map +1 -0
- package/dist/client/admin-config.d.ts +126 -0
- package/dist/client/admin-config.d.ts.map +1 -0
- package/dist/client/admin-config.js +117 -0
- package/dist/client/admin-config.js.map +1 -0
- package/dist/client/adminApi.d.ts +2273 -0
- package/dist/client/adminApi.d.ts.map +1 -0
- package/dist/client/adminApi.js +716 -0
- package/dist/client/adminApi.js.map +1 -0
- package/dist/client/agentTools.d.ts +933 -0
- package/dist/client/agentTools.d.ts.map +1 -0
- package/dist/client/agentTools.js +1004 -0
- package/dist/client/agentTools.js.map +1 -0
- package/dist/client/argTypes.d.ts +212 -0
- package/dist/client/argTypes.d.ts.map +1 -0
- package/dist/client/argTypes.js +5 -0
- package/dist/client/argTypes.js.map +1 -0
- package/dist/client/field-types.d.ts +55 -0
- package/dist/client/field-types.d.ts.map +1 -0
- package/dist/client/field-types.js +152 -0
- package/dist/client/field-types.js.map +1 -0
- package/dist/client/index.d.ts +189 -0
- package/dist/client/index.d.ts.map +1 -0
- package/dist/client/index.js +668 -0
- package/dist/client/index.js.map +1 -0
- package/dist/client/queryBuilder.d.ts +765 -0
- package/dist/client/queryBuilder.d.ts.map +1 -0
- package/dist/client/queryBuilder.js +970 -0
- package/dist/client/queryBuilder.js.map +1 -0
- package/dist/client/schema/codegen.d.ts +128 -0
- package/dist/client/schema/codegen.d.ts.map +1 -0
- package/dist/client/schema/codegen.js +318 -0
- package/dist/client/schema/codegen.js.map +1 -0
- package/dist/client/schema/defineContentType.d.ts +221 -0
- package/dist/client/schema/defineContentType.d.ts.map +1 -0
- package/dist/client/schema/defineContentType.js +380 -0
- package/dist/client/schema/defineContentType.js.map +1 -0
- package/dist/client/schema/index.d.ts +85 -0
- package/dist/client/schema/index.d.ts.map +1 -0
- package/dist/client/schema/index.js +92 -0
- package/dist/client/schema/index.js.map +1 -0
- package/dist/client/schema/schemaDrift.d.ts +199 -0
- package/dist/client/schema/schemaDrift.d.ts.map +1 -0
- package/dist/client/schema/schemaDrift.js +340 -0
- package/dist/client/schema/schemaDrift.js.map +1 -0
- package/dist/client/schema/typedClient.d.ts +401 -0
- package/dist/client/schema/typedClient.d.ts.map +1 -0
- package/dist/client/schema/typedClient.js +269 -0
- package/dist/client/schema/typedClient.js.map +1 -0
- package/dist/client/schema/types.d.ts +477 -0
- package/dist/client/schema/types.d.ts.map +1 -0
- package/dist/client/schema/types.js +39 -0
- package/dist/client/schema/types.js.map +1 -0
- package/dist/client/types.d.ts +449 -0
- package/dist/client/types.d.ts.map +1 -0
- package/dist/client/types.js +149 -0
- package/dist/client/types.js.map +1 -0
- package/dist/client/workflows.d.ts +51 -0
- package/dist/client/workflows.d.ts.map +1 -0
- package/dist/client/workflows.js +103 -0
- package/dist/client/workflows.js.map +1 -0
- package/dist/client/wrapper.d.ts +2198 -0
- package/dist/client/wrapper.d.ts.map +1 -0
- package/dist/client/wrapper.js +2651 -0
- package/dist/client/wrapper.js.map +1 -0
- package/dist/component/_generated/api.d.ts +124 -0
- package/dist/component/_generated/api.d.ts.map +1 -0
- package/dist/component/_generated/api.js +31 -0
- package/dist/component/_generated/api.js.map +1 -0
- package/dist/component/_generated/component.d.ts +4321 -0
- package/dist/component/_generated/component.d.ts.map +1 -0
- package/dist/component/_generated/component.js +11 -0
- package/dist/component/_generated/component.js.map +1 -0
- package/dist/component/_generated/dataModel.d.ts +46 -0
- package/dist/component/_generated/dataModel.d.ts.map +1 -0
- package/dist/component/_generated/dataModel.js +11 -0
- package/dist/component/_generated/dataModel.js.map +1 -0
- package/dist/component/_generated/server.d.ts +121 -0
- package/dist/component/_generated/server.d.ts.map +1 -0
- package/dist/component/_generated/server.js +78 -0
- package/dist/component/_generated/server.js.map +1 -0
- package/dist/component/auditLog.d.ts +410 -0
- package/dist/component/auditLog.d.ts.map +1 -0
- package/dist/component/auditLog.js +607 -0
- package/dist/component/auditLog.js.map +1 -0
- package/dist/component/authorization.d.ts +323 -0
- package/dist/component/authorization.d.ts.map +1 -0
- package/dist/component/authorization.js +464 -0
- package/dist/component/authorization.js.map +1 -0
- package/dist/component/authorizationHooks.d.ts +184 -0
- package/dist/component/authorizationHooks.d.ts.map +1 -0
- package/dist/component/authorizationHooks.js +521 -0
- package/dist/component/authorizationHooks.js.map +1 -0
- package/dist/component/bulkOperations.d.ts +200 -0
- package/dist/component/bulkOperations.d.ts.map +1 -0
- package/dist/component/bulkOperations.js +568 -0
- package/dist/component/bulkOperations.js.map +1 -0
- package/dist/component/contentEntries.d.ts +719 -0
- package/dist/component/contentEntries.d.ts.map +1 -0
- package/dist/component/contentEntries.js +1617 -0
- package/dist/component/contentEntries.js.map +1 -0
- package/dist/component/contentEntryMutations.d.ts +505 -0
- package/dist/component/contentEntryMutations.d.ts.map +1 -0
- package/dist/component/contentEntryMutations.js +1009 -0
- package/dist/component/contentEntryMutations.js.map +1 -0
- package/dist/component/contentEntryValidation.d.ts +115 -0
- package/dist/component/contentEntryValidation.d.ts.map +1 -0
- package/dist/component/contentEntryValidation.js +546 -0
- package/dist/component/contentEntryValidation.js.map +1 -0
- package/dist/component/contentLock.d.ts +328 -0
- package/dist/component/contentLock.d.ts.map +1 -0
- package/dist/component/contentLock.js +471 -0
- package/dist/component/contentLock.js.map +1 -0
- package/dist/component/contentTypeMigration.d.ts +411 -0
- package/dist/component/contentTypeMigration.d.ts.map +1 -0
- package/dist/component/contentTypeMigration.js +805 -0
- package/dist/component/contentTypeMigration.js.map +1 -0
- package/dist/component/contentTypeMutations.d.ts +975 -0
- package/dist/component/contentTypeMutations.d.ts.map +1 -0
- package/dist/component/contentTypeMutations.js +768 -0
- package/dist/component/contentTypeMutations.js.map +1 -0
- package/dist/component/contentTypes.d.ts +538 -0
- package/dist/component/contentTypes.d.ts.map +1 -0
- package/dist/component/contentTypes.js +304 -0
- package/dist/component/contentTypes.js.map +1 -0
- package/dist/component/convex.config.d.ts +42 -0
- package/dist/component/convex.config.d.ts.map +1 -0
- package/dist/component/convex.config.js +43 -0
- package/dist/component/convex.config.js.map +1 -0
- package/dist/component/documentTypes.d.ts +186 -0
- package/dist/component/documentTypes.d.ts.map +1 -0
- package/dist/component/documentTypes.js +23 -0
- package/dist/component/documentTypes.js.map +1 -0
- package/dist/component/eventEmitter.d.ts +281 -0
- package/dist/component/eventEmitter.d.ts.map +1 -0
- package/dist/component/eventEmitter.js +300 -0
- package/dist/component/eventEmitter.js.map +1 -0
- package/dist/component/exportImport.d.ts +1120 -0
- package/dist/component/exportImport.d.ts.map +1 -0
- package/dist/component/exportImport.js +931 -0
- package/dist/component/exportImport.js.map +1 -0
- package/dist/component/index.d.ts +28 -0
- package/dist/component/index.d.ts.map +1 -0
- package/dist/component/index.js +142 -0
- package/dist/component/index.js.map +1 -0
- package/dist/component/lib/deepReferenceResolver.d.ts +252 -0
- package/dist/component/lib/deepReferenceResolver.d.ts.map +1 -0
- package/dist/component/lib/deepReferenceResolver.js +601 -0
- package/dist/component/lib/deepReferenceResolver.js.map +1 -0
- package/dist/component/lib/errors.d.ts +306 -0
- package/dist/component/lib/errors.d.ts.map +1 -0
- package/dist/component/lib/errors.js +407 -0
- package/dist/component/lib/errors.js.map +1 -0
- package/dist/component/lib/index.d.ts +10 -0
- package/dist/component/lib/index.d.ts.map +1 -0
- package/dist/component/lib/index.js +33 -0
- package/dist/component/lib/index.js.map +1 -0
- package/dist/component/lib/mediaReferenceResolver.d.ts +217 -0
- package/dist/component/lib/mediaReferenceResolver.d.ts.map +1 -0
- package/dist/component/lib/mediaReferenceResolver.js +326 -0
- package/dist/component/lib/mediaReferenceResolver.js.map +1 -0
- package/dist/component/lib/metadataExtractor.d.ts +245 -0
- package/dist/component/lib/metadataExtractor.d.ts.map +1 -0
- package/dist/component/lib/metadataExtractor.js +548 -0
- package/dist/component/lib/metadataExtractor.js.map +1 -0
- package/dist/component/lib/mutationAuth.d.ts +95 -0
- package/dist/component/lib/mutationAuth.d.ts.map +1 -0
- package/dist/component/lib/mutationAuth.js +146 -0
- package/dist/component/lib/mutationAuth.js.map +1 -0
- package/dist/component/lib/queries.d.ts +17 -0
- package/dist/component/lib/queries.d.ts.map +1 -0
- package/dist/component/lib/queries.js +49 -0
- package/dist/component/lib/queries.js.map +1 -0
- package/dist/component/lib/ragContentChunker.d.ts +423 -0
- package/dist/component/lib/ragContentChunker.d.ts.map +1 -0
- package/dist/component/lib/ragContentChunker.js +897 -0
- package/dist/component/lib/ragContentChunker.js.map +1 -0
- package/dist/component/lib/referenceResolver.d.ts +175 -0
- package/dist/component/lib/referenceResolver.d.ts.map +1 -0
- package/dist/component/lib/referenceResolver.js +293 -0
- package/dist/component/lib/referenceResolver.js.map +1 -0
- package/dist/component/lib/slugGenerator.d.ts +71 -0
- package/dist/component/lib/slugGenerator.d.ts.map +1 -0
- package/dist/component/lib/slugGenerator.js +207 -0
- package/dist/component/lib/slugGenerator.js.map +1 -0
- package/dist/component/lib/slugUniqueness.d.ts +131 -0
- package/dist/component/lib/slugUniqueness.d.ts.map +1 -0
- package/dist/component/lib/slugUniqueness.js +229 -0
- package/dist/component/lib/slugUniqueness.js.map +1 -0
- package/dist/component/lib/softDelete.d.ts +18 -0
- package/dist/component/lib/softDelete.d.ts.map +1 -0
- package/dist/component/lib/softDelete.js +29 -0
- package/dist/component/lib/softDelete.js.map +1 -0
- package/dist/component/localeFallbackChain.d.ts +410 -0
- package/dist/component/localeFallbackChain.d.ts.map +1 -0
- package/dist/component/localeFallbackChain.js +467 -0
- package/dist/component/localeFallbackChain.js.map +1 -0
- package/dist/component/localeFields.d.ts +508 -0
- package/dist/component/localeFields.d.ts.map +1 -0
- package/dist/component/localeFields.js +592 -0
- package/dist/component/localeFields.js.map +1 -0
- package/dist/component/mediaAssetMutations.d.ts +235 -0
- package/dist/component/mediaAssetMutations.d.ts.map +1 -0
- package/dist/component/mediaAssetMutations.js +558 -0
- package/dist/component/mediaAssetMutations.js.map +1 -0
- package/dist/component/mediaAssets.d.ts +168 -0
- package/dist/component/mediaAssets.d.ts.map +1 -0
- package/dist/component/mediaAssets.js +618 -0
- package/dist/component/mediaAssets.js.map +1 -0
- package/dist/component/mediaFolderMutations.d.ts +642 -0
- package/dist/component/mediaFolderMutations.d.ts.map +1 -0
- package/dist/component/mediaFolderMutations.js +849 -0
- package/dist/component/mediaFolderMutations.js.map +1 -0
- package/dist/component/mediaUploadMutations.d.ts +136 -0
- package/dist/component/mediaUploadMutations.d.ts.map +1 -0
- package/dist/component/mediaUploadMutations.js +205 -0
- package/dist/component/mediaUploadMutations.js.map +1 -0
- package/dist/component/mediaVariantMutations.d.ts +468 -0
- package/dist/component/mediaVariantMutations.d.ts.map +1 -0
- package/dist/component/mediaVariantMutations.js +737 -0
- package/dist/component/mediaVariantMutations.js.map +1 -0
- package/dist/component/mediaVariants.d.ts +525 -0
- package/dist/component/mediaVariants.d.ts.map +1 -0
- package/dist/component/mediaVariants.js +661 -0
- package/dist/component/mediaVariants.js.map +1 -0
- package/dist/component/ragContentIndexer.d.ts +595 -0
- package/dist/component/ragContentIndexer.d.ts.map +1 -0
- package/dist/component/ragContentIndexer.js +794 -0
- package/dist/component/ragContentIndexer.js.map +1 -0
- package/dist/component/rateLimitHooks.d.ts +266 -0
- package/dist/component/rateLimitHooks.d.ts.map +1 -0
- package/dist/component/rateLimitHooks.js +412 -0
- package/dist/component/rateLimitHooks.js.map +1 -0
- package/dist/component/roles.d.ts +649 -0
- package/dist/component/roles.d.ts.map +1 -0
- package/dist/component/roles.js +884 -0
- package/dist/component/roles.js.map +1 -0
- package/dist/component/scheduledPublish.d.ts +182 -0
- package/dist/component/scheduledPublish.d.ts.map +1 -0
- package/dist/component/scheduledPublish.js +304 -0
- package/dist/component/scheduledPublish.js.map +1 -0
- package/dist/component/schema.d.ts +4114 -0
- package/dist/component/schema.d.ts.map +1 -0
- package/dist/component/schema.js +469 -0
- package/dist/component/schema.js.map +1 -0
- package/dist/component/taxonomies.d.ts +476 -0
- package/dist/component/taxonomies.d.ts.map +1 -0
- package/dist/component/taxonomies.js +785 -0
- package/dist/component/taxonomies.js.map +1 -0
- package/dist/component/taxonomyMutations.d.ts +206 -0
- package/dist/component/taxonomyMutations.d.ts.map +1 -0
- package/dist/component/taxonomyMutations.js +1001 -0
- package/dist/component/taxonomyMutations.js.map +1 -0
- package/dist/component/trash.d.ts +265 -0
- package/dist/component/trash.d.ts.map +1 -0
- package/dist/component/trash.js +621 -0
- package/dist/component/trash.js.map +1 -0
- package/dist/component/types.d.ts +4 -0
- package/dist/component/types.d.ts.map +1 -0
- package/dist/component/types.js +2 -0
- package/dist/component/types.js.map +1 -0
- package/dist/component/userContext.d.ts +508 -0
- package/dist/component/userContext.d.ts.map +1 -0
- package/dist/component/userContext.js +615 -0
- package/dist/component/userContext.js.map +1 -0
- package/dist/component/validation.d.ts +387 -0
- package/dist/component/validation.d.ts.map +1 -0
- package/dist/component/validation.js +1052 -0
- package/dist/component/validation.js.map +1 -0
- package/dist/component/validators.d.ts +4645 -0
- package/dist/component/validators.d.ts.map +1 -0
- package/dist/component/validators.js +641 -0
- package/dist/component/validators.js.map +1 -0
- package/dist/component/versionMutations.d.ts +216 -0
- package/dist/component/versionMutations.d.ts.map +1 -0
- package/dist/component/versionMutations.js +321 -0
- package/dist/component/versionMutations.js.map +1 -0
- package/dist/component/webhookTrigger.d.ts +770 -0
- package/dist/component/webhookTrigger.d.ts.map +1 -0
- package/dist/component/webhookTrigger.js +1413 -0
- package/dist/component/webhookTrigger.js.map +1 -0
- package/dist/react/index.d.ts +316 -0
- package/dist/react/index.d.ts.map +1 -0
- package/dist/react/index.js +558 -0
- package/dist/react/index.js.map +1 -0
- package/dist/test.d.ts +2230 -0
- package/dist/test.d.ts.map +1 -0
- package/dist/test.js +1107 -0
- package/dist/test.js.map +1 -0
- package/package.json +95 -0
- package/src/cli/commands/admin.ts +104 -0
- package/src/cli/index.ts +21 -0
- package/src/cli/utils/detectConvexUrl.ts +54 -0
- package/src/cli/utils/openBrowser.ts +16 -0
- package/src/client/admin-config.ts +138 -0
- package/src/client/adminApi.ts +942 -0
- package/src/client/agentTools.ts +1311 -0
- package/src/client/argTypes.ts +316 -0
- package/src/client/field-types.ts +187 -0
- package/src/client/index.ts +1301 -0
- package/src/client/queryBuilder.ts +1100 -0
- package/src/client/schema/codegen.ts +500 -0
- package/src/client/schema/defineContentType.ts +501 -0
- package/src/client/schema/index.ts +169 -0
- package/src/client/schema/schemaDrift.ts +574 -0
- package/src/client/schema/typedClient.ts +688 -0
- package/src/client/schema/types.ts +666 -0
- package/src/client/types.ts +723 -0
- package/src/client/workflows.ts +141 -0
- package/src/client/wrapper.ts +4304 -0
- package/src/component/_generated/api.ts +140 -0
- package/src/component/_generated/component.ts +5029 -0
- package/src/component/_generated/dataModel.ts +60 -0
- package/src/component/_generated/server.ts +156 -0
- package/src/component/authorization.ts +647 -0
- package/src/component/authorizationHooks.ts +668 -0
- package/src/component/bulkOperations.ts +687 -0
- package/src/component/contentEntries.ts +1976 -0
- package/src/component/contentEntryMutations.ts +1223 -0
- package/src/component/contentEntryValidation.ts +707 -0
- package/src/component/contentLock.ts +550 -0
- package/src/component/contentTypeMigration.ts +1064 -0
- package/src/component/contentTypeMutations.ts +969 -0
- package/src/component/contentTypes.ts +346 -0
- package/src/component/convex.config.ts +44 -0
- package/src/component/documentTypes.ts +240 -0
- package/src/component/eventEmitter.ts +485 -0
- package/src/component/exportImport.ts +1169 -0
- package/src/component/index.ts +491 -0
- package/src/component/lib/deepReferenceResolver.ts +999 -0
- package/src/component/lib/errors.ts +816 -0
- package/src/component/lib/index.ts +145 -0
- package/src/component/lib/mediaReferenceResolver.ts +495 -0
- package/src/component/lib/metadataExtractor.ts +792 -0
- package/src/component/lib/mutationAuth.ts +199 -0
- package/src/component/lib/queries.ts +79 -0
- package/src/component/lib/ragContentChunker.ts +1371 -0
- package/src/component/lib/referenceResolver.ts +430 -0
- package/src/component/lib/slugGenerator.ts +262 -0
- package/src/component/lib/slugUniqueness.ts +333 -0
- package/src/component/lib/softDelete.ts +44 -0
- package/src/component/localeFallbackChain.ts +673 -0
- package/src/component/localeFields.ts +896 -0
- package/src/component/mediaAssetMutations.ts +725 -0
- package/src/component/mediaAssets.ts +932 -0
- package/src/component/mediaFolderMutations.ts +1046 -0
- package/src/component/mediaUploadMutations.ts +224 -0
- package/src/component/mediaVariantMutations.ts +900 -0
- package/src/component/mediaVariants.ts +793 -0
- package/src/component/ragContentIndexer.ts +1067 -0
- package/src/component/rateLimitHooks.ts +572 -0
- package/src/component/roles.ts +1360 -0
- package/src/component/scheduledPublish.ts +358 -0
- package/src/component/schema.ts +617 -0
- package/src/component/taxonomies.ts +949 -0
- package/src/component/taxonomyMutations.ts +1210 -0
- package/src/component/trash.ts +724 -0
- package/src/component/userContext.ts +898 -0
- package/src/component/validation.ts +1388 -0
- package/src/component/validators.ts +949 -0
- package/src/component/versionMutations.ts +392 -0
- package/src/component/webhookTrigger.ts +1922 -0
- package/src/react/index.ts +898 -0
- package/src/test.ts +1580 -0
|
@@ -0,0 +1,521 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Authorization Hooks Execution Module
|
|
3
|
+
*
|
|
4
|
+
* This module provides the infrastructure for executing authorization hooks
|
|
5
|
+
* that enable custom permission logic beyond the built-in RBAC system.
|
|
6
|
+
*
|
|
7
|
+
* Authorization hooks allow parent applications to:
|
|
8
|
+
* - Implement custom authorization logic (team-based, subscription-based, etc.)
|
|
9
|
+
* - Add additional restrictions beyond RBAC
|
|
10
|
+
* - Override RBAC decisions in special cases
|
|
11
|
+
* - Log and audit authorization decisions
|
|
12
|
+
*
|
|
13
|
+
* Hook execution order:
|
|
14
|
+
* 1. beforeRbac hook (can reject early or skip RBAC)
|
|
15
|
+
* 2. Built-in RBAC permission check (if not skipped)
|
|
16
|
+
* 3. afterRbac hook (additional restrictions)
|
|
17
|
+
* 4. Operation-specific hook (fine-grained control)
|
|
18
|
+
* 5. onDeny hook (if denied, can override)
|
|
19
|
+
*
|
|
20
|
+
* @example
|
|
21
|
+
* ```typescript
|
|
22
|
+
* import { executeAuthorizationHooks } from './authorizationHooks';
|
|
23
|
+
*
|
|
24
|
+
* // In a mutation handler
|
|
25
|
+
* const authResult = await executeAuthorizationHooks({
|
|
26
|
+
* hooks: config.authorizationHooks,
|
|
27
|
+
* context: {
|
|
28
|
+
* operation: 'contentEntries.create',
|
|
29
|
+
* userId: args.createdBy,
|
|
30
|
+
* role: userRole,
|
|
31
|
+
* contentTypeId: args.contentTypeId,
|
|
32
|
+
* operationData: args,
|
|
33
|
+
* },
|
|
34
|
+
* rbacCheck: () => checkPermission({ role: userRole, ... }),
|
|
35
|
+
* skipRbac: config.skipRbac,
|
|
36
|
+
* });
|
|
37
|
+
*
|
|
38
|
+
* if (!authResult.allowed) {
|
|
39
|
+
* throw new UnauthorizedError(authResult.reason ?? 'Access denied', { ... });
|
|
40
|
+
* }
|
|
41
|
+
* ```
|
|
42
|
+
*/
|
|
43
|
+
import { checkPermission, UnauthorizedError, } from "./authorization.js";
|
|
44
|
+
// =============================================================================
|
|
45
|
+
// Helper Functions
|
|
46
|
+
// =============================================================================
|
|
47
|
+
/**
|
|
48
|
+
* Maps a CMS operation to an RBAC resource and action.
|
|
49
|
+
*/
|
|
50
|
+
export function operationToRbac(operation) {
|
|
51
|
+
const mapping = {
|
|
52
|
+
// Content Types
|
|
53
|
+
"contentTypes.create": { resource: "contentTypes", action: "create" },
|
|
54
|
+
"contentTypes.update": { resource: "contentTypes", action: "update" },
|
|
55
|
+
"contentTypes.delete": { resource: "contentTypes", action: "delete" },
|
|
56
|
+
"contentTypes.read": { resource: "contentTypes", action: "read" },
|
|
57
|
+
// Content Entries
|
|
58
|
+
"contentEntries.create": { resource: "contentEntries", action: "create" },
|
|
59
|
+
"contentEntries.update": { resource: "contentEntries", action: "update" },
|
|
60
|
+
"contentEntries.delete": { resource: "contentEntries", action: "delete" },
|
|
61
|
+
"contentEntries.read": { resource: "contentEntries", action: "read" },
|
|
62
|
+
"contentEntries.publish": { resource: "contentEntries", action: "publish" },
|
|
63
|
+
"contentEntries.unpublish": { resource: "contentEntries", action: "unpublish" },
|
|
64
|
+
"contentEntries.restore": { resource: "contentEntries", action: "restore" },
|
|
65
|
+
"contentEntries.schedule": { resource: "contentEntries", action: "update" }, // Schedule uses update permission
|
|
66
|
+
// Media Items (unified assets and folders)
|
|
67
|
+
"mediaItems.create": { resource: "mediaItems", action: "create" },
|
|
68
|
+
"mediaItems.update": { resource: "mediaItems", action: "update" },
|
|
69
|
+
"mediaItems.delete": { resource: "mediaItems", action: "delete" },
|
|
70
|
+
"mediaItems.read": { resource: "mediaItems", action: "read" },
|
|
71
|
+
"mediaItems.move": { resource: "mediaItems", action: "move" },
|
|
72
|
+
// Versions
|
|
73
|
+
"versions.read": { resource: "contentEntries", action: "read" }, // Version read uses entry read
|
|
74
|
+
"versions.rollback": { resource: "contentEntries", action: "update" }, // Rollback uses entry update
|
|
75
|
+
};
|
|
76
|
+
return mapping[operation] ?? null;
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Execute a single authorization hook safely.
|
|
80
|
+
* Catches errors and converts them to denied results.
|
|
81
|
+
*/
|
|
82
|
+
async function executeHook(hook, context) {
|
|
83
|
+
if (!hook) {
|
|
84
|
+
return { allowed: true };
|
|
85
|
+
}
|
|
86
|
+
try {
|
|
87
|
+
const result = await hook(context);
|
|
88
|
+
return result;
|
|
89
|
+
}
|
|
90
|
+
catch (error) {
|
|
91
|
+
// Hook threw an error - treat as denial
|
|
92
|
+
const message = error instanceof Error ? error.message : "Authorization hook failed";
|
|
93
|
+
return {
|
|
94
|
+
allowed: false,
|
|
95
|
+
reason: message,
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Execute the authorize hook with the extended context that includes the RBAC decision.
|
|
101
|
+
* This hook receives the default RBAC decision and can override it.
|
|
102
|
+
*/
|
|
103
|
+
async function executeAuthorizeHook(hook, context, defaultDecision) {
|
|
104
|
+
if (!hook) {
|
|
105
|
+
// If no authorize hook, return the default decision
|
|
106
|
+
return {
|
|
107
|
+
allowed: defaultDecision.allowed,
|
|
108
|
+
reason: defaultDecision.reason,
|
|
109
|
+
};
|
|
110
|
+
}
|
|
111
|
+
const authorizeContext = {
|
|
112
|
+
...context,
|
|
113
|
+
defaultDecision,
|
|
114
|
+
};
|
|
115
|
+
try {
|
|
116
|
+
const result = await hook(authorizeContext);
|
|
117
|
+
return result;
|
|
118
|
+
}
|
|
119
|
+
catch (error) {
|
|
120
|
+
// Hook threw an error - treat as denial
|
|
121
|
+
const message = error instanceof Error ? error.message : "Authorize hook failed";
|
|
122
|
+
return {
|
|
123
|
+
allowed: false,
|
|
124
|
+
reason: message,
|
|
125
|
+
};
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
// =============================================================================
|
|
129
|
+
// Main Authorization Execution Function
|
|
130
|
+
// =============================================================================
|
|
131
|
+
/**
|
|
132
|
+
* Execute the full authorization hook chain for an operation.
|
|
133
|
+
*
|
|
134
|
+
* This function orchestrates the execution of all authorization hooks and the
|
|
135
|
+
* built-in RBAC check in the correct order:
|
|
136
|
+
*
|
|
137
|
+
* 1. **beforeRbac hook**: Can reject early or skip RBAC
|
|
138
|
+
* 2. **Built-in RBAC**: Standard role-based permission check
|
|
139
|
+
* 3. **authorize hook**: Receives RBAC decision, can override allow/deny
|
|
140
|
+
* 4. **afterRbac hook**: Additional restrictions after authorize passes
|
|
141
|
+
* 5. **Operation hook**: Operation-specific restrictions
|
|
142
|
+
* 6. **onDeny hook**: Can override denials
|
|
143
|
+
*
|
|
144
|
+
* @param options - Configuration for the authorization execution
|
|
145
|
+
* @returns AuthorizationResult indicating if the operation is allowed
|
|
146
|
+
*
|
|
147
|
+
* @example
|
|
148
|
+
* ```typescript
|
|
149
|
+
* const result = await executeAuthorizationHooks({
|
|
150
|
+
* hooks: config.authorizationHooks,
|
|
151
|
+
* context: {
|
|
152
|
+
* operation: 'contentEntries.publish',
|
|
153
|
+
* userId: currentUser,
|
|
154
|
+
* role: 'editor',
|
|
155
|
+
* resourceId: entryId,
|
|
156
|
+
* resourceOwnerId: entry.createdBy,
|
|
157
|
+
* },
|
|
158
|
+
* rbacOptions: {
|
|
159
|
+
* role: 'editor',
|
|
160
|
+
* resource: 'contentEntries',
|
|
161
|
+
* action: 'publish',
|
|
162
|
+
* userId: currentUser,
|
|
163
|
+
* resourceOwnerId: entry.createdBy,
|
|
164
|
+
* },
|
|
165
|
+
* });
|
|
166
|
+
*
|
|
167
|
+
* if (!result.allowed) {
|
|
168
|
+
* throw new Error(result.reason ?? 'Operation not allowed');
|
|
169
|
+
* }
|
|
170
|
+
* ```
|
|
171
|
+
*/
|
|
172
|
+
export async function executeAuthorizationHooks(options) {
|
|
173
|
+
const { hooks, context, rbacOptions, skipRbac = false, customRoles } = options;
|
|
174
|
+
let modifiedData;
|
|
175
|
+
let rbacResult;
|
|
176
|
+
let shouldSkipRbac = skipRbac;
|
|
177
|
+
// -------------------------------------------------------------------------
|
|
178
|
+
// Step 1: Execute beforeRbac hook
|
|
179
|
+
// -------------------------------------------------------------------------
|
|
180
|
+
if (hooks?.beforeRbac) {
|
|
181
|
+
const beforeResult = await executeHook(hooks.beforeRbac, context);
|
|
182
|
+
if (!beforeResult.allowed) {
|
|
183
|
+
// beforeRbac denied - check onDeny hook
|
|
184
|
+
if (hooks.onDeny) {
|
|
185
|
+
const denyResult = await executeHook(hooks.onDeny, {
|
|
186
|
+
...context,
|
|
187
|
+
operationData: {
|
|
188
|
+
...context.operationData,
|
|
189
|
+
deniedBy: "beforeRbac",
|
|
190
|
+
reason: beforeResult.reason,
|
|
191
|
+
},
|
|
192
|
+
});
|
|
193
|
+
if (denyResult.allowed) {
|
|
194
|
+
// onDeny overrode the denial
|
|
195
|
+
modifiedData = denyResult.modifiedData;
|
|
196
|
+
}
|
|
197
|
+
else {
|
|
198
|
+
return {
|
|
199
|
+
allowed: false,
|
|
200
|
+
reason: beforeResult.reason ?? "Denied by beforeRbac hook",
|
|
201
|
+
deniedBy: "beforeRbac",
|
|
202
|
+
};
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
else {
|
|
206
|
+
return {
|
|
207
|
+
allowed: false,
|
|
208
|
+
reason: beforeResult.reason ?? "Denied by beforeRbac hook",
|
|
209
|
+
deniedBy: "beforeRbac",
|
|
210
|
+
};
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
else {
|
|
214
|
+
// beforeRbac allowed - check if we should skip RBAC
|
|
215
|
+
if (beforeResult.skipRbac) {
|
|
216
|
+
shouldSkipRbac = true;
|
|
217
|
+
}
|
|
218
|
+
if (beforeResult.modifiedData) {
|
|
219
|
+
modifiedData = beforeResult.modifiedData;
|
|
220
|
+
}
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
// -------------------------------------------------------------------------
|
|
224
|
+
// Step 2: Execute built-in RBAC check (if not skipped)
|
|
225
|
+
// -------------------------------------------------------------------------
|
|
226
|
+
let rbacDecision = {
|
|
227
|
+
allowed: true, // Default if RBAC is skipped
|
|
228
|
+
};
|
|
229
|
+
if (!shouldSkipRbac && rbacOptions) {
|
|
230
|
+
// Add custom roles if provided
|
|
231
|
+
const rbacOptionsWithRoles = {
|
|
232
|
+
...rbacOptions,
|
|
233
|
+
customRoles: customRoles ?? rbacOptions.customRoles,
|
|
234
|
+
};
|
|
235
|
+
rbacResult = checkPermission(rbacOptionsWithRoles);
|
|
236
|
+
if (rbacResult.allowed) {
|
|
237
|
+
// Type narrowing: rbacResult is PermissionGranted when allowed is true
|
|
238
|
+
const grantedResult = rbacResult;
|
|
239
|
+
rbacDecision = {
|
|
240
|
+
allowed: true,
|
|
241
|
+
grantedScope: grantedResult.grantedScope,
|
|
242
|
+
ownershipVerified: grantedResult.ownershipVerified,
|
|
243
|
+
};
|
|
244
|
+
}
|
|
245
|
+
else {
|
|
246
|
+
// Type narrowing: rbacResult is PermissionDenied when allowed is false
|
|
247
|
+
const deniedResult = rbacResult;
|
|
248
|
+
rbacDecision = {
|
|
249
|
+
allowed: false,
|
|
250
|
+
reason: deniedResult.reason,
|
|
251
|
+
code: deniedResult.code,
|
|
252
|
+
};
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
// -------------------------------------------------------------------------
|
|
256
|
+
// Step 3: Execute authorize hook (receives RBAC decision)
|
|
257
|
+
// -------------------------------------------------------------------------
|
|
258
|
+
// The authorize hook can override the RBAC decision in either direction
|
|
259
|
+
if (hooks?.authorize) {
|
|
260
|
+
const authorizeResult = await executeAuthorizeHook(hooks.authorize, {
|
|
261
|
+
...context,
|
|
262
|
+
operationData: {
|
|
263
|
+
...context.operationData,
|
|
264
|
+
...(modifiedData ?? {}),
|
|
265
|
+
},
|
|
266
|
+
}, rbacDecision);
|
|
267
|
+
if (!authorizeResult.allowed) {
|
|
268
|
+
// authorize hook denied - check onDeny hook
|
|
269
|
+
if (hooks.onDeny) {
|
|
270
|
+
const denyResult = await executeHook(hooks.onDeny, {
|
|
271
|
+
...context,
|
|
272
|
+
operationData: {
|
|
273
|
+
...context.operationData,
|
|
274
|
+
deniedBy: "authorize",
|
|
275
|
+
reason: authorizeResult.reason,
|
|
276
|
+
defaultDecision: rbacDecision,
|
|
277
|
+
},
|
|
278
|
+
});
|
|
279
|
+
if (denyResult.allowed) {
|
|
280
|
+
// onDeny overrode the denial
|
|
281
|
+
modifiedData = denyResult.modifiedData ?? modifiedData;
|
|
282
|
+
}
|
|
283
|
+
else {
|
|
284
|
+
return {
|
|
285
|
+
allowed: false,
|
|
286
|
+
reason: authorizeResult.reason ?? "Denied by authorize hook",
|
|
287
|
+
deniedBy: "authorize",
|
|
288
|
+
rbacResult,
|
|
289
|
+
};
|
|
290
|
+
}
|
|
291
|
+
}
|
|
292
|
+
else {
|
|
293
|
+
return {
|
|
294
|
+
allowed: false,
|
|
295
|
+
reason: authorizeResult.reason ?? "Denied by authorize hook",
|
|
296
|
+
deniedBy: "authorize",
|
|
297
|
+
rbacResult,
|
|
298
|
+
};
|
|
299
|
+
}
|
|
300
|
+
}
|
|
301
|
+
else if (authorizeResult.modifiedData) {
|
|
302
|
+
modifiedData = { ...modifiedData, ...authorizeResult.modifiedData };
|
|
303
|
+
}
|
|
304
|
+
}
|
|
305
|
+
else if (!rbacDecision.allowed) {
|
|
306
|
+
// No authorize hook and RBAC denied - check onDeny hook
|
|
307
|
+
if (hooks?.onDeny) {
|
|
308
|
+
const denyResult = await executeHook(hooks.onDeny, {
|
|
309
|
+
...context,
|
|
310
|
+
operationData: {
|
|
311
|
+
...context.operationData,
|
|
312
|
+
deniedBy: "rbac",
|
|
313
|
+
reason: rbacDecision.reason,
|
|
314
|
+
rbacCode: rbacDecision.code,
|
|
315
|
+
},
|
|
316
|
+
});
|
|
317
|
+
if (denyResult.allowed) {
|
|
318
|
+
// onDeny overrode the denial
|
|
319
|
+
modifiedData = denyResult.modifiedData ?? modifiedData;
|
|
320
|
+
}
|
|
321
|
+
else {
|
|
322
|
+
return {
|
|
323
|
+
allowed: false,
|
|
324
|
+
reason: rbacDecision.reason ?? "Denied by RBAC",
|
|
325
|
+
deniedBy: "rbac",
|
|
326
|
+
rbacResult,
|
|
327
|
+
};
|
|
328
|
+
}
|
|
329
|
+
}
|
|
330
|
+
else {
|
|
331
|
+
return {
|
|
332
|
+
allowed: false,
|
|
333
|
+
reason: rbacDecision.reason ?? "Denied by RBAC",
|
|
334
|
+
deniedBy: "rbac",
|
|
335
|
+
rbacResult,
|
|
336
|
+
};
|
|
337
|
+
}
|
|
338
|
+
}
|
|
339
|
+
// -------------------------------------------------------------------------
|
|
340
|
+
// Step 4: Execute afterRbac hook
|
|
341
|
+
// -------------------------------------------------------------------------
|
|
342
|
+
if (hooks?.afterRbac) {
|
|
343
|
+
const afterResult = await executeHook(hooks.afterRbac, {
|
|
344
|
+
...context,
|
|
345
|
+
operationData: {
|
|
346
|
+
...context.operationData,
|
|
347
|
+
...(modifiedData ?? {}),
|
|
348
|
+
},
|
|
349
|
+
});
|
|
350
|
+
if (!afterResult.allowed) {
|
|
351
|
+
// afterRbac denied - check onDeny hook
|
|
352
|
+
if (hooks.onDeny) {
|
|
353
|
+
const denyResult = await executeHook(hooks.onDeny, {
|
|
354
|
+
...context,
|
|
355
|
+
operationData: {
|
|
356
|
+
...context.operationData,
|
|
357
|
+
deniedBy: "afterRbac",
|
|
358
|
+
reason: afterResult.reason,
|
|
359
|
+
},
|
|
360
|
+
});
|
|
361
|
+
if (denyResult.allowed) {
|
|
362
|
+
// onDeny overrode the denial
|
|
363
|
+
modifiedData = denyResult.modifiedData ?? modifiedData;
|
|
364
|
+
}
|
|
365
|
+
else {
|
|
366
|
+
return {
|
|
367
|
+
allowed: false,
|
|
368
|
+
reason: afterResult.reason ?? "Denied by afterRbac hook",
|
|
369
|
+
deniedBy: "afterRbac",
|
|
370
|
+
rbacResult,
|
|
371
|
+
};
|
|
372
|
+
}
|
|
373
|
+
}
|
|
374
|
+
else {
|
|
375
|
+
return {
|
|
376
|
+
allowed: false,
|
|
377
|
+
reason: afterResult.reason ?? "Denied by afterRbac hook",
|
|
378
|
+
deniedBy: "afterRbac",
|
|
379
|
+
rbacResult,
|
|
380
|
+
};
|
|
381
|
+
}
|
|
382
|
+
}
|
|
383
|
+
else if (afterResult.modifiedData) {
|
|
384
|
+
modifiedData = { ...modifiedData, ...afterResult.modifiedData };
|
|
385
|
+
}
|
|
386
|
+
}
|
|
387
|
+
// -------------------------------------------------------------------------
|
|
388
|
+
// Step 5: Execute operation-specific hook
|
|
389
|
+
// -------------------------------------------------------------------------
|
|
390
|
+
const operationHook = hooks?.operationHooks?.[context.operation];
|
|
391
|
+
if (operationHook) {
|
|
392
|
+
const opResult = await executeHook(operationHook, {
|
|
393
|
+
...context,
|
|
394
|
+
operationData: {
|
|
395
|
+
...context.operationData,
|
|
396
|
+
...(modifiedData ?? {}),
|
|
397
|
+
},
|
|
398
|
+
});
|
|
399
|
+
if (!opResult.allowed) {
|
|
400
|
+
// Operation hook denied - check onDeny hook
|
|
401
|
+
if (hooks?.onDeny) {
|
|
402
|
+
const denyResult = await executeHook(hooks.onDeny, {
|
|
403
|
+
...context,
|
|
404
|
+
operationData: {
|
|
405
|
+
...context.operationData,
|
|
406
|
+
deniedBy: "operationHook",
|
|
407
|
+
reason: opResult.reason,
|
|
408
|
+
},
|
|
409
|
+
});
|
|
410
|
+
if (denyResult.allowed) {
|
|
411
|
+
// onDeny overrode the denial
|
|
412
|
+
modifiedData = denyResult.modifiedData ?? modifiedData;
|
|
413
|
+
}
|
|
414
|
+
else {
|
|
415
|
+
return {
|
|
416
|
+
allowed: false,
|
|
417
|
+
reason: opResult.reason ?? `Denied by ${context.operation} hook`,
|
|
418
|
+
deniedBy: "operationHook",
|
|
419
|
+
rbacResult,
|
|
420
|
+
};
|
|
421
|
+
}
|
|
422
|
+
}
|
|
423
|
+
else {
|
|
424
|
+
return {
|
|
425
|
+
allowed: false,
|
|
426
|
+
reason: opResult.reason ?? `Denied by ${context.operation} hook`,
|
|
427
|
+
deniedBy: "operationHook",
|
|
428
|
+
rbacResult,
|
|
429
|
+
};
|
|
430
|
+
}
|
|
431
|
+
}
|
|
432
|
+
else if (opResult.modifiedData) {
|
|
433
|
+
modifiedData = { ...modifiedData, ...opResult.modifiedData };
|
|
434
|
+
}
|
|
435
|
+
}
|
|
436
|
+
// -------------------------------------------------------------------------
|
|
437
|
+
// All checks passed
|
|
438
|
+
// -------------------------------------------------------------------------
|
|
439
|
+
return {
|
|
440
|
+
allowed: true,
|
|
441
|
+
modifiedData,
|
|
442
|
+
rbacResult,
|
|
443
|
+
};
|
|
444
|
+
}
|
|
445
|
+
// =============================================================================
|
|
446
|
+
// Convenience Functions
|
|
447
|
+
// =============================================================================
|
|
448
|
+
/**
|
|
449
|
+
* Create an authorization context for a content entry operation.
|
|
450
|
+
*
|
|
451
|
+
* @param operation - The CMS operation being performed
|
|
452
|
+
* @param userId - The user performing the operation
|
|
453
|
+
* @param role - The user's CMS role
|
|
454
|
+
* @param entry - The content entry (if available)
|
|
455
|
+
* @param contentType - The content type (if available)
|
|
456
|
+
* @param operationData - Additional operation data (args)
|
|
457
|
+
* @returns AuthorizationHookContext
|
|
458
|
+
*/
|
|
459
|
+
export function createContentEntryAuthContext(operation, userId, role, entry, contentType, operationData) {
|
|
460
|
+
return {
|
|
461
|
+
operation,
|
|
462
|
+
userId,
|
|
463
|
+
role,
|
|
464
|
+
resourceId: entry?._id,
|
|
465
|
+
resourceOwnerId: entry?.createdBy,
|
|
466
|
+
contentTypeId: (entry?.contentTypeId ?? contentType?._id),
|
|
467
|
+
contentTypeName: contentType?.name,
|
|
468
|
+
operationData,
|
|
469
|
+
};
|
|
470
|
+
}
|
|
471
|
+
/**
|
|
472
|
+
* Create RBAC options from an authorization context.
|
|
473
|
+
*
|
|
474
|
+
* @param context - The authorization context
|
|
475
|
+
* @returns PermissionCheckOptions for the RBAC check
|
|
476
|
+
*/
|
|
477
|
+
export function contextToRbacOptions(context) {
|
|
478
|
+
const rbacMapping = operationToRbac(context.operation);
|
|
479
|
+
if (!rbacMapping) {
|
|
480
|
+
return null;
|
|
481
|
+
}
|
|
482
|
+
return {
|
|
483
|
+
userId: context.userId,
|
|
484
|
+
role: context.role ?? null,
|
|
485
|
+
resource: rbacMapping.resource,
|
|
486
|
+
action: rbacMapping.action,
|
|
487
|
+
resourceOwnerId: context.resourceOwnerId,
|
|
488
|
+
};
|
|
489
|
+
}
|
|
490
|
+
/**
|
|
491
|
+
* Execute authorization for an operation and throw if denied.
|
|
492
|
+
*
|
|
493
|
+
* This is a convenience wrapper that executes hooks and throws
|
|
494
|
+
* UnauthorizedError if the operation is not allowed.
|
|
495
|
+
*
|
|
496
|
+
* @param options - Authorization execution options
|
|
497
|
+
* @throws UnauthorizedError if the operation is denied
|
|
498
|
+
* @returns The authorization result (if allowed)
|
|
499
|
+
*/
|
|
500
|
+
export async function requireAuthorization(options) {
|
|
501
|
+
const result = await executeAuthorizationHooks(options);
|
|
502
|
+
if (!result.allowed) {
|
|
503
|
+
const rbacMapping = operationToRbac(options.context.operation);
|
|
504
|
+
// Get the error code from RBAC result if available
|
|
505
|
+
let errorCode = "PERMISSION_DENIED";
|
|
506
|
+
if (result.rbacResult && !result.rbacResult.allowed) {
|
|
507
|
+
// Type narrowing: rbacResult is PermissionDenied when allowed is false
|
|
508
|
+
const deniedRbac = result.rbacResult;
|
|
509
|
+
errorCode = deniedRbac.code;
|
|
510
|
+
}
|
|
511
|
+
throw new UnauthorizedError(result.reason ?? "Operation not allowed", {
|
|
512
|
+
code: errorCode,
|
|
513
|
+
resource: rbacMapping?.resource,
|
|
514
|
+
action: rbacMapping?.action,
|
|
515
|
+
role: options.context.role ?? undefined,
|
|
516
|
+
userId: options.context.userId,
|
|
517
|
+
});
|
|
518
|
+
}
|
|
519
|
+
return result;
|
|
520
|
+
}
|
|
521
|
+
//# sourceMappingURL=authorizationHooks.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorizationHooks.js","sourceRoot":"","sources":["../../src/component/authorizationHooks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AAUH,OAAO,EACL,eAAe,EAGf,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAkF5B,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,SAAuB;IACrD,MAAM,OAAO,GAAiE;QAC5E,gBAAgB;QAChB,qBAAqB,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;QACrE,qBAAqB,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;QACrE,qBAAqB,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;QACrE,mBAAmB,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE;QAEjE,kBAAkB;QAClB,uBAAuB,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,QAAQ,EAAE;QACzE,uBAAuB,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,QAAQ,EAAE;QACzE,uBAAuB,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,QAAQ,EAAE;QACzE,qBAAqB,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE;QACrE,wBAAwB,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,SAAS,EAAE;QAC3E,0BAA0B,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE;QAC/E,wBAAwB,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,SAAS,EAAE;QAC3E,yBAAyB,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,kCAAkC;QAE/G,2CAA2C;QAC3C,mBAAmB,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE;QACjE,mBAAmB,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE;QACjE,mBAAmB,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE;QACjE,iBAAiB,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE;QAC7D,iBAAiB,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE;QAE7D,WAAW;QACX,eAAe,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,+BAA+B;QAChG,mBAAmB,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,6BAA6B;KACrG,CAAC;IAEF,OAAO,OAAO,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,WAAW,CACxB,IAAqH,EACrH,OAAiC;IAEjC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;QACnC,OAAO,MAA4B,CAAC;IACtC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,wCAAwC;QACxC,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC;QACrF,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,OAAO;SAChB,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,oBAAoB,CACjC,IAAiH,EACjH,OAAiC,EACjC,eAAwD;IAExD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,oDAAoD;QACpD,OAAO;YACL,OAAO,EAAE,eAAe,CAAC,OAAO;YAChC,MAAM,EAAE,eAAe,CAAC,MAAM;SAC/B,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAyB;QAC7C,GAAG,OAAO;QACV,eAAe;KAChB,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC5C,OAAO,MAA4B,CAAC;IACtC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,wCAAwC;QACxC,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC;QACjF,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,OAAO;SAChB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,wCAAwC;AACxC,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,OAAoC;IAEpC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,GAAG,KAAK,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAE/E,IAAI,YAAiD,CAAC;IACtD,IAAI,UAA6C,CAAC;IAClD,IAAI,cAAc,GAAG,QAAQ,CAAC;IAE9B,4EAA4E;IAC5E,kCAAkC;IAClC,4EAA4E;IAC5E,IAAI,KAAK,EAAE,UAAU,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAElE,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,wCAAwC;YACxC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE;oBACjD,GAAG,OAAO;oBACV,aAAa,EAAE;wBACb,GAAG,OAAO,CAAC,aAAa;wBACxB,QAAQ,EAAE,YAAY;wBACtB,MAAM,EAAE,YAAY,CAAC,MAAM;qBAC5B;iBACF,CAAC,CAAC;gBAEH,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;oBACvB,6BAA6B;oBAC7B,YAAY,GAAG,UAAU,CAAC,YAAY,CAAC;gBACzC,CAAC;qBAAM,CAAC;oBACN,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,2BAA2B;wBAC1D,QAAQ,EAAE,YAAY;qBACvB,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,2BAA2B;oBAC1D,QAAQ,EAAE,YAAY;iBACvB,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,oDAAoD;YACpD,IAAI,YAAY,CAAC,QAAQ,EAAE,CAAC;gBAC1B,cAAc,GAAG,IAAI,CAAC;YACxB,CAAC;YACD,IAAI,YAAY,CAAC,YAAY,EAAE,CAAC;gBAC9B,YAAY,GAAG,YAAY,CAAC,YAAY,CAAC;YAC3C,CAAC;QACH,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,uDAAuD;IACvD,4EAA4E;IAC5E,IAAI,YAAY,GAA4C;QAC1D,OAAO,EAAE,IAAI,EAAE,6BAA6B;KAC7C,CAAC;IAEF,IAAI,CAAC,cAAc,IAAI,WAAW,EAAE,CAAC;QACnC,+BAA+B;QAC/B,MAAM,oBAAoB,GAA2B;YACnD,GAAG,WAAW;YACd,WAAW,EAAE,WAAW,IAAI,WAAW,CAAC,WAAW;SACpD,CAAC;QAEF,UAAU,GAAG,eAAe,CAAC,oBAAoB,CAAC,CAAC;QAEnD,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvB,uEAAuE;YACvE,MAAM,aAAa,GAAG,UAIrB,CAAC;YACF,YAAY,GAAG;gBACb,OAAO,EAAE,IAAI;gBACb,YAAY,EAAE,aAAa,CAAC,YAAY;gBACxC,iBAAiB,EAAE,aAAa,CAAC,iBAAiB;aACnD,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,uEAAuE;YACvE,MAAM,YAAY,GAAG,UAA8D,CAAC;YACpF,YAAY,GAAG;gBACb,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,IAAI,EAAE,YAAY,CAAC,IAAI;aACxB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,0DAA0D;IAC1D,4EAA4E;IAC5E,wEAAwE;IACxE,IAAI,KAAK,EAAE,SAAS,EAAE,CAAC;QACrB,MAAM,eAAe,GAAG,MAAM,oBAAoB,CAChD,KAAK,CAAC,SAAS,EACf;YACE,GAAG,OAAO;YACV,aAAa,EAAE;gBACb,GAAG,OAAO,CAAC,aAAa;gBACxB,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;aACxB;SACF,EACD,YAAY,CACb,CAAC;QAEF,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;YAC7B,4CAA4C;YAC5C,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE;oBACjD,GAAG,OAAO;oBACV,aAAa,EAAE;wBACb,GAAG,OAAO,CAAC,aAAa;wBACxB,QAAQ,EAAE,WAAW;wBACrB,MAAM,EAAE,eAAe,CAAC,MAAM;wBAC9B,eAAe,EAAE,YAAY;qBAC9B;iBACF,CAAC,CAAC;gBAEH,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;oBACvB,6BAA6B;oBAC7B,YAAY,GAAG,UAAU,CAAC,YAAY,IAAI,YAAY,CAAC;gBACzD,CAAC;qBAAM,CAAC;oBACN,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,MAAM,EAAE,eAAe,CAAC,MAAM,IAAI,0BAA0B;wBAC5D,QAAQ,EAAE,WAAW;wBACrB,UAAU;qBACX,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,eAAe,CAAC,MAAM,IAAI,0BAA0B;oBAC5D,QAAQ,EAAE,WAAW;oBACrB,UAAU;iBACX,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,eAAe,CAAC,YAAY,EAAE,CAAC;YACxC,YAAY,GAAG,EAAE,GAAG,YAAY,EAAE,GAAG,eAAe,CAAC,YAAY,EAAE,CAAC;QACtE,CAAC;IACH,CAAC;SAAM,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;QACjC,wDAAwD;QACxD,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE;gBACjD,GAAG,OAAO;gBACV,aAAa,EAAE;oBACb,GAAG,OAAO,CAAC,aAAa;oBACxB,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,YAAY,CAAC,MAAM;oBAC3B,QAAQ,EAAE,YAAY,CAAC,IAAI;iBAC5B;aACF,CAAC,CAAC;YAEH,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;gBACvB,6BAA6B;gBAC7B,YAAY,GAAG,UAAU,CAAC,YAAY,IAAI,YAAY,CAAC;YACzD,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,gBAAgB;oBAC/C,QAAQ,EAAE,MAAM;oBAChB,UAAU;iBACX,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,gBAAgB;gBAC/C,QAAQ,EAAE,MAAM;gBAChB,UAAU;aACX,CAAC;QACJ,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,iCAAiC;IACjC,4EAA4E;IAC5E,IAAI,KAAK,EAAE,SAAS,EAAE,CAAC;QACrB,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE;YACrD,GAAG,OAAO;YACV,aAAa,EAAE;gBACb,GAAG,OAAO,CAAC,aAAa;gBACxB,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;aACxB;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,uCAAuC;YACvC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE;oBACjD,GAAG,OAAO;oBACV,aAAa,EAAE;wBACb,GAAG,OAAO,CAAC,aAAa;wBACxB,QAAQ,EAAE,WAAW;wBACrB,MAAM,EAAE,WAAW,CAAC,MAAM;qBAC3B;iBACF,CAAC,CAAC;gBAEH,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;oBACvB,6BAA6B;oBAC7B,YAAY,GAAG,UAAU,CAAC,YAAY,IAAI,YAAY,CAAC;gBACzD,CAAC;qBAAM,CAAC;oBACN,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,MAAM,EAAE,WAAW,CAAC,MAAM,IAAI,0BAA0B;wBACxD,QAAQ,EAAE,WAAW;wBACrB,UAAU;qBACX,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,WAAW,CAAC,MAAM,IAAI,0BAA0B;oBACxD,QAAQ,EAAE,WAAW;oBACrB,UAAU;iBACX,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;YACpC,YAAY,GAAG,EAAE,GAAG,YAAY,EAAE,GAAG,WAAW,CAAC,YAAY,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,0CAA0C;IAC1C,4EAA4E;IAC5E,MAAM,aAAa,GAAG,KAAK,EAAE,cAAc,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACjE,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,EAAE;YAChD,GAAG,OAAO;YACV,aAAa,EAAE;gBACb,GAAG,OAAO,CAAC,aAAa;gBACxB,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;aACxB;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,4CAA4C;YAC5C,IAAI,KAAK,EAAE,MAAM,EAAE,CAAC;gBAClB,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE;oBACjD,GAAG,OAAO;oBACV,aAAa,EAAE;wBACb,GAAG,OAAO,CAAC,aAAa;wBACxB,QAAQ,EAAE,eAAe;wBACzB,MAAM,EAAE,QAAQ,CAAC,MAAM;qBACxB;iBACF,CAAC,CAAC;gBAEH,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;oBACvB,6BAA6B;oBAC7B,YAAY,GAAG,UAAU,CAAC,YAAY,IAAI,YAAY,CAAC;gBACzD,CAAC;qBAAM,CAAC;oBACN,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,aAAa,OAAO,CAAC,SAAS,OAAO;wBAChE,QAAQ,EAAE,eAAe;wBACzB,UAAU;qBACX,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,aAAa,OAAO,CAAC,SAAS,OAAO;oBAChE,QAAQ,EAAE,eAAe;oBACzB,UAAU;iBACX,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;YACjC,YAAY,GAAG,EAAE,GAAG,YAAY,EAAE,GAAG,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,oBAAoB;IACpB,4EAA4E;IAC5E,OAAO;QACL,OAAO,EAAE,IAAI;QACb,YAAY;QACZ,UAAU;KACX,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,wBAAwB;AACxB,gFAAgF;AAEhF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,6BAA6B,CAC3C,SAAuB,EACvB,MAA0B,EAC1B,IAA+B,EAC/B,KAAoE,EACpE,WAA4C,EAC5C,aAAuC;IAEvC,OAAO;QACL,SAAS;QACT,MAAM;QACN,IAAI;QACJ,UAAU,EAAE,KAAK,EAAE,GAAyB;QAC5C,eAAe,EAAE,KAAK,EAAE,SAAS;QACjC,aAAa,EAAE,CAAC,KAAK,EAAE,aAAa,IAAI,WAAW,EAAE,GAAG,CAAuB;QAC/E,eAAe,EAAE,WAAW,EAAE,IAAI;QAClC,aAAa;KACd,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAiC;IAEjC,MAAM,WAAW,GAAG,eAAe,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACvD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI;QAC1B,QAAQ,EAAE,WAAW,CAAC,QAAQ;QAC9B,MAAM,EAAE,WAAW,CAAC,MAAM;QAC1B,eAAe,EAAE,OAAO,CAAC,eAAe;KACzC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAoC;IAEpC,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAExD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,WAAW,GAAG,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAE/D,mDAAmD;QACnD,IAAI,SAAS,GAA4E,mBAAmB,CAAC;QAC7G,IAAI,MAAM,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACpD,uEAAuE;YACvE,MAAM,UAAU,GAAG,MAAM,CAAC,UAA8C,CAAC;YACzE,SAAS,GAAG,UAAU,CAAC,IAAwB,CAAC;QAClD,CAAC;QAED,MAAM,IAAI,iBAAiB,CACzB,MAAM,CAAC,MAAM,IAAI,uBAAuB,EACxC;YACE,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE,WAAW,EAAE,QAAQ;YAC/B,MAAM,EAAE,WAAW,EAAE,MAAM;YAC3B,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS;YACvC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM;SAC/B,CACF,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|