convex-cms 0.0.1

package/dist/component/userContext.d.ts

@@ -0,0 +1,508 @@
+/**
+ * User Context Handler Module
+ *
+ * Functions to receive and validate user context passed from parent apps.
+ * Extracts user ID and roles for permission checks in the CMS authorization system.
+ *
+ * This module bridges the gap between external authentication systems and the
+ * CMS's internal RBAC (Role-Based Access Control) system. The CMS is auth-agnostic,
+ * meaning it doesn't own user authentication - instead, it relies on the parent
+ * application to provide user identification.
+ *
+ * Key concepts:
+ * - UserContext: The validated user information passed to CMS operations
+ * - User ID: A string identifier from your auth system (Clerk, Auth0, custom, etc.)
+ * - Role: The CMS role assigned to the user (admin, editor, author, viewer, or custom)
+ *
+ * @example
+ * ```typescript
+ * import { createUserContext, validateUserContext, extractUserId } from './userContext';
+ *
+ * // In your Convex function:
+ * export const createPost = mutation({
+ *   handler: async (ctx, args) => {
+ *     // Get user from your auth system
+ *     const identity = await ctx.auth.getUserIdentity();
+ *
+ *     // Create and validate user context
+ *     const userContext = await createUserContext({
+ *       userId: identity?.subject,
+ *       getUserRole: config.getUserRole,
+ *     });
+ *
+ *     // Use in CMS operations
+ *     const entry = await cms.contentEntries.create(ctx, {
+ *       ...args,
+ *       createdBy: userContext.userId,
+ *     });
+ *   },
+ * });
+ * ```
+ */
+import type { GetUserRoleHook, GetUserRoleResult, AuthorizationHookContext, CmsOperation, CmsHookContext } from "../client/types.js";
+import { type RoleDefinition } from "./roles.js";
+/**
+ * Raw user context input from the parent application.
+ * This is the initial user information before validation.
+ */
+export interface UserContextInput {
+    /**
+     * The user ID from your authentication system.
+     * Can be undefined for anonymous/unauthenticated requests.
+     *
+     * Examples:
+     * - Clerk: `user.id` or `identity.subject`
+     * - Auth0: `user.sub`
+     * - Custom: Your database user ID
+     */
+    userId?: string | null;
+    /**
+     * Optional pre-resolved role name.
+     * If provided, skips the getUserRole hook lookup.
+     * Useful when you've already determined the role elsewhere.
+     */
+    role?: string | null;
+    /**
+     * Optional email for logging/debugging purposes.
+     * Not used for authorization decisions.
+     */
+    email?: string;
+    /**
+     * Optional display name for audit trails.
+     * Not used for authorization decisions.
+     */
+    displayName?: string;
+    /**
+     * Additional metadata from your auth system.
+     * Can be used in custom authorization hooks.
+     */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Validated user context ready for CMS operations.
+ * This is the result after validation and role resolution.
+ */
+export interface UserContext {
+    /**
+     * The validated user ID.
+     * Will be undefined for anonymous users.
+     */
+    userId: string | undefined;
+    /**
+     * The resolved CMS role name.
+     * Will be null if the user has no CMS role assigned.
+     */
+    role: string | null;
+    /**
+     * Whether the user is authenticated (has a valid userId).
+     */
+    isAuthenticated: boolean;
+    /**
+     * Whether the user has a valid CMS role assigned.
+     */
+    hasRole: boolean;
+    /**
+     * The full role definition if the role exists.
+     * Useful for checking specific permissions.
+     */
+    roleDefinition?: RoleDefinition;
+    /**
+     * Optional email (passed through from input).
+     */
+    email?: string;
+    /**
+     * Optional display name (passed through from input).
+     */
+    displayName?: string;
+    /**
+     * Optional metadata (passed through from input).
+     */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Options for creating a user context.
+ */
+export interface CreateUserContextOptions {
+    /**
+     * The CMS hook context (provides db and auth access for hooks).
+     * Required when using getUserRole hook.
+     */
+    ctx?: CmsHookContext;
+    /**
+     * The raw user context input.
+     */
+    input: UserContextInput;
+    /**
+     * The getUserRole hook from CMS configuration.
+     * Required if input.role is not provided.
+     */
+    getUserRole?: GetUserRoleHook;
+    /**
+     * Custom role definitions to check against.
+     * Used in addition to built-in roles.
+     */
+    customRoles?: Record<string, RoleDefinition>;
+    /**
+     * Whether to allow anonymous (unauthenticated) users.
+     * @default true
+     */
+    allowAnonymous?: boolean;
+    /**
+     * Whether to require a valid CMS role.
+     * If true, throws an error when the user has no role.
+     * @default false
+     */
+    requireRole?: boolean;
+}
+/**
+ * Validation error details for user context.
+ */
+export interface UserContextValidationError {
+    /**
+     * Error code for programmatic handling.
+     */
+    code: "INVALID_USER_ID" | "ANONYMOUS_NOT_ALLOWED" | "ROLE_REQUIRED" | "UNKNOWN_ROLE" | "HOOK_ERROR";
+    /**
+     * Human-readable error message.
+     */
+    message: string;
+    /**
+     * Additional details about the error.
+     */
+    details?: Record<string, unknown>;
+}
+/**
+ * Result of user context validation.
+ */
+export interface UserContextValidationResult {
+    /**
+     * Whether the validation passed.
+     */
+    valid: boolean;
+    /**
+     * The validated user context (only present if valid).
+     */
+    context?: UserContext;
+    /**
+     * Validation errors (only present if invalid).
+     */
+    errors?: UserContextValidationError[];
+}
+/**
+ * Error thrown when user context validation fails.
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   const context = await createUserContext({ input, getUserRole });
+ * } catch (error) {
+ *   if (error instanceof UserContextError) {
+ *     console.log(error.code); // 'ANONYMOUS_NOT_ALLOWED'
+ *     console.log(error.message); // 'Anonymous users are not allowed'
+ *   }
+ * }
+ * ```
+ */
+export declare class UserContextError extends Error {
+    readonly code: UserContextValidationError["code"];
+    readonly details?: Record<string, unknown>;
+    constructor(error: UserContextValidationError);
+    toJSON(): Record<string, unknown>;
+}
+/**
+ * Validate a user ID string.
+ *
+ * @param userId - The user ID to validate
+ * @returns True if the user ID is valid
+ *
+ * @example
+ * ```typescript
+ * isValidUserId("user_123"); // true
+ * isValidUserId(""); // false
+ * isValidUserId(null); // false
+ * ```
+ */
+export declare function isValidUserId(userId: unknown): userId is string;
+/**
+ * Validate that a role name exists in the role definitions.
+ *
+ * @param roleName - The role name to validate
+ * @param customRoles - Optional custom role definitions
+ * @returns True if the role exists
+ *
+ * @example
+ * ```typescript
+ * isValidRole("admin"); // true (built-in)
+ * isValidRole("blog-author", { "blog-author": {...} }); // true (custom)
+ * isValidRole("unknown"); // false
+ * ```
+ */
+export declare function isValidRole(roleName: string | null | undefined, customRoles?: Record<string, RoleDefinition>): boolean;
+/**
+ * Validate user context input without creating the full context.
+ * Use this for quick validation before expensive operations.
+ *
+ * @param input - The user context input to validate
+ * @param options - Validation options
+ * @returns Validation result with errors if invalid
+ *
+ * @example
+ * ```typescript
+ * const result = validateUserContextInput(
+ *   { userId: "user_123" },
+ *   { allowAnonymous: false }
+ * );
+ *
+ * if (!result.valid) {
+ *   console.log(result.errors); // Validation errors
+ * }
+ * ```
+ */
+export declare function validateUserContextInput(input: UserContextInput, options?: {
+    allowAnonymous?: boolean;
+    requireRole?: boolean;
+    customRoles?: Record<string, RoleDefinition>;
+}): {
+    valid: boolean;
+    errors?: UserContextValidationError[];
+};
+/**
+ * Resolve the user's CMS role using the getUserRole hook.
+ *
+ * @param ctx - The CMS hook context (provides db and auth access)
+ * @param userId - The user ID to look up
+ * @param getUserRole - The getUserRole hook from configuration
+ * @returns The resolved role name or null
+ *
+ * @example
+ * ```typescript
+ * const role = await resolveUserRole(ctx, "user_123", config.getUserRole);
+ * console.log(role); // "editor" or null
+ * ```
+ */
+export declare function resolveUserRole(ctx: CmsHookContext, userId: string, getUserRole?: GetUserRoleHook): Promise<GetUserRoleResult>;
+/**
+ * Create a validated user context from input.
+ *
+ * This is the main function for converting raw user input into a validated
+ * UserContext that can be used throughout CMS operations. It handles:
+ * - User ID validation
+ * - Role resolution via the getUserRole hook
+ * - Role validation against built-in and custom roles
+ * - Access control checks (anonymous, role requirements)
+ *
+ * @param options - Options including input and hooks
+ * @returns Validated UserContext
+ * @throws UserContextError if validation fails
+ *
+ * @example
+ * ```typescript
+ * // Basic usage with getUserRole hook
+ * const context = await createUserContext({
+ *   input: { userId: identity?.subject },
+ *   getUserRole: config.getUserRole,
+ * });
+ *
+ * // With pre-resolved role (skips hook)
+ * const context = await createUserContext({
+ *   input: { userId: "user_123", role: "editor" },
+ * });
+ *
+ * // Require authentication
+ * const context = await createUserContext({
+ *   input: { userId },
+ *   allowAnonymous: false,
+ * });
+ * ```
+ */
+export declare function createUserContext(options: CreateUserContextOptions): Promise<UserContext>;
+/**
+ * Create a user context synchronously when the role is already known.
+ * Use this when you've already resolved the role or want to skip hook execution.
+ *
+ * @param input - User context input with role pre-resolved
+ * @param customRoles - Optional custom role definitions
+ * @returns Validated UserContext
+ *
+ * @example
+ * ```typescript
+ * // When role is already known
+ * const context = createUserContextSync({
+ *   userId: "user_123",
+ *   role: "editor",
+ * });
+ * ```
+ */
+export declare function createUserContextSync(input: UserContextInput, customRoles?: Record<string, RoleDefinition>): UserContext;
+/**
+ * Extract user ID from various input formats.
+ * Handles common patterns from different auth systems.
+ *
+ * @param input - The input to extract userId from
+ * @returns The extracted userId or undefined
+ *
+ * @example
+ * ```typescript
+ * // From Convex identity
+ * extractUserId(identity); // uses identity.subject
+ *
+ * // From string
+ * extractUserId("user_123"); // "user_123"
+ *
+ * // From object with common fields
+ * extractUserId({ sub: "user_123" }); // "user_123"
+ * extractUserId({ userId: "user_123" }); // "user_123"
+ * extractUserId({ id: "user_123" }); // "user_123"
+ * ```
+ */
+export declare function extractUserId(input: string | {
+    subject?: string;
+    sub?: string;
+    userId?: string;
+    id?: string;
+    _id?: string;
+} | null | undefined): string | undefined;
+/**
+ * Extract user ID from a Convex auth context.
+ * This is a convenience wrapper for extractUserId that works with ctx.auth.
+ *
+ * @param authContext - The auth context from ctx.auth
+ * @returns The user ID or undefined if not authenticated
+ *
+ * @example
+ * ```typescript
+ * export const myMutation = mutation({
+ *   handler: async (ctx, args) => {
+ *     const userId = await extractUserIdFromAuth(ctx.auth);
+ *     if (!userId) {
+ *       throw new Error("Authentication required");
+ *     }
+ *     // ... use userId
+ *   },
+ * });
+ * ```
+ */
+export declare function extractUserIdFromAuth(authContext: {
+    getUserIdentity: () => Promise<{
+        subject?: string;
+    } | null>;
+}): Promise<string | undefined>;
+/**
+ * Build an AuthorizationHookContext from a UserContext and operation details.
+ * This creates the context object used by authorization hooks.
+ *
+ * @param userContext - The validated user context
+ * @param operation - The CMS operation being performed
+ * @param resourceInfo - Additional resource information
+ * @returns AuthorizationHookContext for hook execution
+ *
+ * @example
+ * ```typescript
+ * const hookContext = buildAuthorizationContext(
+ *   userContext,
+ *   "contentEntries.update",
+ *   {
+ *     resourceId: entry._id,
+ *     resourceOwnerId: entry.createdBy,
+ *     contentTypeId: entry.contentTypeId,
+ *     contentTypeName: contentType.name,
+ *   }
+ * );
+ * ```
+ */
+export declare function buildAuthorizationContext(userContext: UserContext, operation: CmsOperation, resourceInfo?: {
+    resourceId?: string;
+    resourceOwnerId?: string;
+    contentTypeId?: string;
+    contentTypeName?: string;
+    operationData?: Record<string, unknown>;
+}): Omit<AuthorizationHookContext, "ctx">;
+/**
+ * Create a minimal user context for anonymous operations.
+ * Use this for public read operations that don't require authentication.
+ *
+ * @returns A UserContext representing an anonymous user
+ *
+ * @example
+ * ```typescript
+ * // For public content queries
+ * const context = createAnonymousContext();
+ * // context.isAuthenticated === false
+ * // context.hasRole === false
+ * ```
+ */
+export declare function createAnonymousContext(): UserContext;
+/**
+ * Create a system context for internal operations.
+ * This bypasses normal user authentication for system-level operations.
+ * Use with caution - only for trusted internal operations.
+ *
+ * @param systemId - Optional identifier for the system operation
+ * @returns A UserContext representing a system operation
+ *
+ * @example
+ * ```typescript
+ * // For scheduled jobs or internal migrations
+ * const context = createSystemContext("scheduled-publisher");
+ * // context.userId === "_system:scheduled-publisher"
+ * // context.role === "admin" (full access)
+ * ```
+ */
+export declare function createSystemContext(systemId?: string): UserContext;
+/**
+ * Check if a user context represents an authenticated user.
+ *
+ * @param context - The user context to check
+ * @returns True if the user is authenticated
+ */
+export declare function isAuthenticated(context: UserContext): boolean;
+/**
+ * Check if a user context has a specific role.
+ *
+ * @param context - The user context to check
+ * @param roleName - The role name to check for
+ * @returns True if the user has the specified role
+ */
+export declare function hasUserRole(context: UserContext, roleName: string): boolean;
+/**
+ * Check if a user context represents a system operation.
+ *
+ * @param context - The user context to check
+ * @returns True if this is a system context
+ */
+export declare function isSystemContext(context: UserContext): boolean;
+/**
+ * Get the display identifier for a user context.
+ * Useful for logging and audit trails.
+ *
+ * @param context - The user context
+ * @returns A human-readable identifier for the user
+ */
+export declare function getUserDisplayId(context: UserContext): string;
+/**
+ * Validate that a user context meets minimum requirements for an operation.
+ * Returns validation result with specific error messages.
+ *
+ * @param context - The user context to validate
+ * @param requirements - The requirements to check
+ * @returns Validation result
+ *
+ * @example
+ * ```typescript
+ * const result = validateUserContext(context, {
+ *   requireAuthentication: true,
+ *   requireRole: true,
+ *   allowedRoles: ["admin", "editor"],
+ * });
+ *
+ * if (!result.valid) {
+ *   throw new Error(result.errors[0].message);
+ * }
+ * ```
+ */
+export declare function validateUserContext(context: UserContext, requirements: {
+    requireAuthentication?: boolean;
+    requireRole?: boolean;
+    allowedRoles?: string[];
+}): UserContextValidationResult;
+//# sourceMappingURL=userContext.d.ts.map

package/dist/component/userContext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"userContext.d.ts","sourceRoot":"","sources":["../../src/component/userContext.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,OAAO,KAAK,EACV,eAAe,EAEf,iBAAiB,EACjB,wBAAwB,EACxB,YAAY,EACZ,cAAc,EACf,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAW,KAAK,cAAc,EAAE,MAAM,YAAY,CAAC;AAM1D;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;;;;;OAQG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEvB;;;;OAIG;IACH,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAErB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAE3B;;;OAGG;IACH,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAEpB;;OAEG;IACH,eAAe,EAAE,OAAO,CAAC;IAEzB;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;OAGG;IACH,GAAG,CAAC,EAAE,cAAc,CAAC;IAErB;;OAEG;IACH,KAAK,EAAE,gBAAgB,CAAC;IAExB;;;OAGG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;IAE9B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAE7C;;;OAGG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB;;;;OAIG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC;;OAEG;IACH,IAAI,EACA,iBAAiB,GACjB,uBAAuB,GACvB,eAAe,GACf,cAAc,GACd,YAAY,CAAC;IAEjB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;OAEG;IACH,KAAK,EAAE,OAAO,CAAC;IAEf;;OAEG;IACH,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB;;OAEG;IACH,MAAM,CAAC,EAAE,0BAA0B,EAAE,CAAC;CACvC;AAMD;;;;;;;;;;;;;;GAcG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,IAAI,EAAE,0BAA0B,CAAC,MAAM,CAAC,CAAC;IAClD,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAE/B,KAAK,EAAE,0BAA0B;IAW7C,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAQlC;AAMD;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,IAAI,MAAM,CAE/D;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,WAAW,CACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACnC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,GAC3C,OAAO,CAMT;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,gBAAgB,EACvB,OAAO,GAAE;IACP,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACzC,GACL;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,0BAA0B,EAAE,CAAA;CAAE,CAkD3D;AAMD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,eAAe,CACnC,GAAG,EAAE,cAAc,EACnB,MAAM,EAAE,MAAM,EACd,WAAW,CAAC,EAAE,eAAe,GAC5B,OAAO,CAAC,iBAAiB,CAAC,CAiB5B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,WAAW,CAAC,CAoEtB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,gBAAgB,EACvB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,GAC3C,WAAW,CAeb;AAMD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,aAAa,CAC3B,KAAK,EAAE,MAAM,GAAG;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,EAAE,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,GAAG,SAAS,GAChH,MAAM,GAAG,SAAS,CA0BpB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,qBAAqB,CACzC,WAAW,EAAE;IAAE,eAAe,EAAE,MAAM,OAAO,CAAC;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;CAAE,GAC3E,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAG7B;AAMD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,yBAAyB,CACvC,WAAW,EAAE,WAAW,EACxB,SAAS,EAAE,YAAY,EACvB,YAAY,CAAC,EAAE;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACzC,GACA,IAAI,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAevC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,sBAAsB,IAAI,WAAW,CAOpD;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,WAAW,CAYlE;AAMD;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAE7D;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE3E;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAE7D;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAc7D;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,WAAW,EACpB,YAAY,EAAE;IACZ,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB,GACA,2BAA2B,CAmC7B"}