cortex-auth 1.2.1 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/payload-access/access.d.ts +10 -32
- package/dist/payload-access/access.d.ts.map +1 -1
- package/dist/payload-access/access.js +18 -8
- package/dist/payload-access/access.js.map +1 -1
- package/dist/payload-jwt/configuration.d.ts +42 -3
- package/dist/payload-jwt/configuration.d.ts.map +1 -1
- package/dist/payload-jwt/configuration.js +55 -1
- package/dist/payload-jwt/configuration.js.map +1 -1
- package/package.json +1 -1
|
@@ -1,36 +1,14 @@
|
|
|
1
1
|
import { AccessArgs } from 'payload';
|
|
2
2
|
import type { Where } from 'payload';
|
|
3
3
|
import type { User } from '../types';
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
*/
|
|
15
|
-
export declare const isDigitalColleague: ({ req: { user } }: AccessArgs<Partial<User>>) => boolean;
|
|
16
|
-
/**
|
|
17
|
-
* Checks that the user is an 'admin'
|
|
18
|
-
*/
|
|
19
|
-
export declare const isAdmin: ({ req: { user } }: AccessArgs<Partial<User>>) => boolean;
|
|
20
|
-
/**
|
|
21
|
-
* Users can edit their own profile
|
|
22
|
-
*/
|
|
23
|
-
export declare const editOwnProfile: ({ req: { user }, data }: AccessArgs<Partial<User>>) => boolean;
|
|
24
|
-
/**
|
|
25
|
-
* can edit owned items
|
|
26
|
-
*/
|
|
27
|
-
export declare const isOwned: ({ req: { user } }: AccessArgs<Partial<User>>) => boolean | Where;
|
|
28
|
-
/**
|
|
29
|
-
* User is in the member relationship of the item
|
|
30
|
-
*/
|
|
31
|
-
export declare const isMember: ({ req: { user } }: AccessArgs<Partial<User>>) => boolean | Where;
|
|
32
|
-
/**
|
|
33
|
-
* User is in the member relationship of the item
|
|
34
|
-
*/
|
|
35
|
-
export declare const isMemberOrOwner: ({ req: { user } }: AccessArgs<Partial<User>>) => boolean | Where;
|
|
4
|
+
export declare const payloadAcl: {
|
|
5
|
+
isAuthenticated: ({ req: { user } }: AccessArgs<Partial<Partial<User>>>) => boolean;
|
|
6
|
+
isUser: ({ req: { user } }: AccessArgs<Partial<User>>) => boolean;
|
|
7
|
+
isDigitalColleague: ({ req: { user } }: AccessArgs<Partial<User>>) => boolean;
|
|
8
|
+
isAdmin: ({ req: { user } }: AccessArgs<Partial<User>>) => boolean;
|
|
9
|
+
editOwnProfile: ({ req: { user }, data }: AccessArgs<Partial<User>>) => boolean;
|
|
10
|
+
isOwned: ({ req: { user } }: AccessArgs<Partial<User>>) => boolean | Where;
|
|
11
|
+
isMember: ({ req: { user } }: AccessArgs<Partial<User>>) => boolean | Where;
|
|
12
|
+
isMemberOrOwner: ({ req: { user } }: AccessArgs<Partial<User>>) => boolean | Where;
|
|
13
|
+
};
|
|
36
14
|
//# sourceMappingURL=access.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../src/payload-access/access.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACpC,OAAO,KAAK,EAAG,KAAK,EAAE,MAAM,SAAS,CAAA;AACrC,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../src/payload-access/access.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACpC,OAAO,KAAK,EAAG,KAAK,EAAE,MAAM,SAAS,CAAA;AACrC,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AA8HnC,eAAO,MAAM,UAAU;yCAzHqB,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;gCAO3C,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;4CAcb,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;iCAWpC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAG,OAAO;8CAWtB,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAG,OAAO;iCAahD,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAG,OAAO,GAAG,KAAK;kCAmB1C,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAG,OAAO,GAAG,KAAK;yCAqBpC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAG,OAAO,GAAG,KAAK;CAkCtF,CAAA"}
|
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Checks that the request is authenticated
|
|
3
3
|
*/
|
|
4
|
-
|
|
4
|
+
const isAuthenticated = ({ req: { user } }) => {
|
|
5
5
|
return Boolean(user);
|
|
6
6
|
};
|
|
7
7
|
/**
|
|
8
8
|
* Checks that the user is a 'user' or 'admin' i.e. they are human
|
|
9
9
|
*/
|
|
10
|
-
|
|
10
|
+
const isUser = ({ req: { user } }) => {
|
|
11
11
|
if (!user)
|
|
12
12
|
return false;
|
|
13
13
|
if (user.role === 'user') {
|
|
@@ -21,7 +21,7 @@ export const isUser = ({ req: { user } }) => {
|
|
|
21
21
|
/**
|
|
22
22
|
* Checks that the user is a 'digital-colleague'
|
|
23
23
|
*/
|
|
24
|
-
|
|
24
|
+
const isDigitalColleague = ({ req: { user } }) => {
|
|
25
25
|
if (!user)
|
|
26
26
|
return false;
|
|
27
27
|
if (user.role === 'digital-colleague') {
|
|
@@ -32,7 +32,7 @@ export const isDigitalColleague = ({ req: { user } }) => {
|
|
|
32
32
|
/**
|
|
33
33
|
* Checks that the user is an 'admin'
|
|
34
34
|
*/
|
|
35
|
-
|
|
35
|
+
const isAdmin = ({ req: { user } }) => {
|
|
36
36
|
// console.log('Checking isAdminUser for user:', user)
|
|
37
37
|
if (user?.role === 'admin') {
|
|
38
38
|
return true;
|
|
@@ -42,7 +42,7 @@ export const isAdmin = ({ req: { user } }) => {
|
|
|
42
42
|
/**
|
|
43
43
|
* Users can edit their own profile
|
|
44
44
|
*/
|
|
45
|
-
|
|
45
|
+
const editOwnProfile = ({ req: { user }, data }) => {
|
|
46
46
|
// Allow admins to edit anything
|
|
47
47
|
if (user?.role === 'admin') {
|
|
48
48
|
return true;
|
|
@@ -53,7 +53,7 @@ export const editOwnProfile = ({ req: { user }, data }) => {
|
|
|
53
53
|
/**
|
|
54
54
|
* can edit owned items
|
|
55
55
|
*/
|
|
56
|
-
|
|
56
|
+
const isOwned = ({ req: { user } }) => {
|
|
57
57
|
if (!user)
|
|
58
58
|
return false;
|
|
59
59
|
// Allow admins to edit anything
|
|
@@ -71,7 +71,7 @@ export const isOwned = ({ req: { user } }) => {
|
|
|
71
71
|
/**
|
|
72
72
|
* User is in the member relationship of the item
|
|
73
73
|
*/
|
|
74
|
-
|
|
74
|
+
const isMember = ({ req: { user } }) => {
|
|
75
75
|
if (!user)
|
|
76
76
|
return false;
|
|
77
77
|
// Allow admins to edit anything
|
|
@@ -89,7 +89,7 @@ export const isMember = ({ req: { user } }) => {
|
|
|
89
89
|
/**
|
|
90
90
|
* User is in the member relationship of the item
|
|
91
91
|
*/
|
|
92
|
-
|
|
92
|
+
const isMemberOrOwner = ({ req: { user } }) => {
|
|
93
93
|
if (!user)
|
|
94
94
|
return false;
|
|
95
95
|
// Allow admins to edit anything
|
|
@@ -113,4 +113,14 @@ export const isMemberOrOwner = ({ req: { user } }) => {
|
|
|
113
113
|
};
|
|
114
114
|
return query;
|
|
115
115
|
};
|
|
116
|
+
export const payloadAcl = {
|
|
117
|
+
isAuthenticated,
|
|
118
|
+
isUser,
|
|
119
|
+
isDigitalColleague,
|
|
120
|
+
isAdmin,
|
|
121
|
+
editOwnProfile,
|
|
122
|
+
isOwned,
|
|
123
|
+
isMember,
|
|
124
|
+
isMemberOrOwner,
|
|
125
|
+
};
|
|
116
126
|
//# sourceMappingURL=access.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.js","sourceRoot":"","sources":["../../src/payload-access/access.ts"],"names":[],"mappings":"AAIA;;GAEG;
|
|
1
|
+
{"version":3,"file":"access.js","sourceRoot":"","sources":["../../src/payload-access/access.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,eAAe,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,EAAsC,EAAE,EAAE;IAC9E,OAAO,OAAO,CAAC,IAAI,CAAC,CAAA;AACxB,CAAC,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,EAA6B,EAAE,EAAE;IAC5D,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAA;IACvB,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,IAAI,CAAA;IACf,CAAC;IACD,OAAO,KAAK,CAAA;AAChB,CAAC,CAAA;AAED;;GAEG;AACH,MAAM,kBAAkB,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,EAA6B,EAAE,EAAE;IACxE,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAA;IACvB,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACpC,OAAO,IAAI,CAAA;IACf,CAAC;IACD,OAAO,KAAK,CAAA;AAChB,CAAC,CAAA;AAED;;GAEG;AACH,MAAM,OAAO,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,EAA6B,EAAW,EAAE;IACtE,sDAAsD;IACtD,IAAI,IAAI,EAAE,IAAI,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,CAAA;IACf,CAAC;IACD,OAAO,KAAK,CAAA;AAChB,CAAC,CAAA;AAED;;GAEG;AACH,MAAM,cAAc,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAA6B,EAAW,EAAE;IAEnF,gCAAgC;IAChC,IAAI,IAAI,EAAE,IAAI,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,CAAA;IACf,CAAC;IACD,uCAAuC;IACvC,OAAO,IAAI,EAAE,EAAE,KAAM,IAAa,EAAE,EAAE,CAAA;AAC1C,CAAC,CAAA;AAED;;GAEG;AACH,MAAM,OAAO,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,EAA6B,EAAmB,EAAE;IAC9E,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAA;IAEvB,gCAAgC;IAChC,IAAI,IAAI,EAAE,IAAI,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,CAAA;IACf,CAAC;IACD,uCAAuC;IACvC,MAAM,KAAK,GAAU;QACjB,KAAK,EAAE;YACH,MAAM,EAAE,IAAI,CAAC,EAAE;SAClB;KACJ,CAAA;IACD,OAAO,KAAK,CAAA;AAChB,CAAC,CAAA;AAED;;GAEG;AACH,MAAM,QAAQ,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,EAA6B,EAAmB,EAAE;IAC/E,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAA;IAEvB,gCAAgC;IAChC,IAAI,IAAI,EAAE,IAAI,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,CAAA;IACf,CAAC;IACD,uCAAuC;IACvC,MAAM,KAAK,GAAU;QAEjB,cAAc,EAAE;YACZ,MAAM,EAAE,IAAI,CAAC,EAAE;SAClB;KAEJ,CAAA;IACD,OAAO,KAAK,CAAA;AAChB,CAAC,CAAA;AAED;;GAEG;AACH,MAAM,eAAe,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,EAA6B,EAAmB,EAAE;IACtF,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAA;IAEvB,gCAAgC;IAChC,IAAI,IAAI,EAAE,IAAI,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,CAAA;IACf,CAAC;IACD,uCAAuC;IACvC,MAAM,KAAK,GAAU;QACjB,EAAE,EAAE;YACA;gBACI,cAAc,EAAE;oBACZ,MAAM,EAAE,IAAI,CAAC,EAAE;iBAClB;aACJ;YACD;gBACI,KAAK,EAAE;oBACH,MAAM,EAAE,IAAI,CAAC,EAAE;iBAClB;aACJ;SACJ;KACJ,CAAA;IACD,OAAO,KAAK,CAAA;AAChB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,UAAU,GAAG;IACtB,eAAe;IACf,MAAM;IACN,kBAAkB;IAClB,OAAO;IACP,cAAc;IACd,OAAO;IACP,QAAQ;IACR,eAAe;CAClB,CAAA"}
|
|
@@ -1,6 +1,45 @@
|
|
|
1
|
-
import type { User } from '../types';
|
|
2
1
|
import type { SanitizedConfig } from 'payload';
|
|
3
|
-
type
|
|
4
|
-
|
|
2
|
+
import type { NextAuthConfig } from "next-auth";
|
|
3
|
+
type NextAuthConfigFunction = {
|
|
4
|
+
session: {
|
|
5
|
+
maxAge?: number;
|
|
6
|
+
};
|
|
7
|
+
oauth: {
|
|
8
|
+
scope?: string;
|
|
9
|
+
};
|
|
10
|
+
};
|
|
11
|
+
declare module "next-auth" {
|
|
12
|
+
interface Session {
|
|
13
|
+
accessToken?: string;
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
export declare const payloadAuthConfig: {
|
|
17
|
+
databaseWithBackend: (authConfig: NextAuthConfigFunction, payloadConfig: SanitizedConfig) => NextAuthConfig;
|
|
18
|
+
userCollectionDatabaseFields: {
|
|
19
|
+
name: string;
|
|
20
|
+
type: string;
|
|
21
|
+
admin: {
|
|
22
|
+
disabled: boolean;
|
|
23
|
+
};
|
|
24
|
+
fields: ({
|
|
25
|
+
name: string;
|
|
26
|
+
type: string;
|
|
27
|
+
required: boolean;
|
|
28
|
+
admin?: undefined;
|
|
29
|
+
} | {
|
|
30
|
+
name: string;
|
|
31
|
+
type: string;
|
|
32
|
+
required?: undefined;
|
|
33
|
+
admin?: undefined;
|
|
34
|
+
} | {
|
|
35
|
+
name: string;
|
|
36
|
+
type: string;
|
|
37
|
+
admin: {
|
|
38
|
+
disabled: boolean;
|
|
39
|
+
};
|
|
40
|
+
required?: undefined;
|
|
41
|
+
})[];
|
|
42
|
+
};
|
|
43
|
+
};
|
|
5
44
|
export {};
|
|
6
45
|
//# sourceMappingURL=configuration.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"configuration.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"configuration.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAG9C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AA8DhD,KAAK,sBAAsB,GAAG;IAAE,OAAO,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,KAAK,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,CAAC;AAqC1F,OAAO,QAAQ,WAAW,CAAC;IACzB,UAAU,OAAO;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB;CACF;AAwBD,eAAO,MAAM,iBAAiB;sCA/DW,sBAAsB,iBAAiB,eAAe,KAAG,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;CA+D1B,CAAC"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { decodeJwt } from 'jose';
|
|
2
2
|
import { getPayload } from 'payload';
|
|
3
|
+
import KeycloakProvider from "next-auth/providers/keycloak";
|
|
3
4
|
function upsertAccount(existing = [], account) {
|
|
4
5
|
const provider = account.provider;
|
|
5
6
|
const providerAccountId = account.providerAccountId;
|
|
@@ -25,7 +26,7 @@ function upsertAccount(existing = [], account) {
|
|
|
25
26
|
}
|
|
26
27
|
return [...existing, nextRow];
|
|
27
28
|
}
|
|
28
|
-
|
|
29
|
+
async function persistTokens(userId, account, payloadConfig) {
|
|
29
30
|
const payload = await getPayload({ config: payloadConfig });
|
|
30
31
|
const fullUser = await payload.findByID({
|
|
31
32
|
collection: "users",
|
|
@@ -47,4 +48,57 @@ export async function persistTokens(userId, account, payloadConfig) {
|
|
|
47
48
|
overrideAccess: true,
|
|
48
49
|
});
|
|
49
50
|
}
|
|
51
|
+
const databaseWithBackend = (authConfig, payloadConfig) => ({
|
|
52
|
+
secret: process.env.PAYLOAD_SECRET,
|
|
53
|
+
session: {
|
|
54
|
+
maxAge: authConfig.session.maxAge ?? 60 * 30 * 8, // 8 hours
|
|
55
|
+
strategy: 'database',
|
|
56
|
+
},
|
|
57
|
+
providers: [KeycloakProvider({
|
|
58
|
+
clientId: process.env.OAUTH_CLIENT_ID,
|
|
59
|
+
clientSecret: process.env.OAUTH_CLIENT_SECRET,
|
|
60
|
+
issuer: process.env.OAUTH_ISSUER,
|
|
61
|
+
authorization: { params: { scope: authConfig.oauth.scope ?? "openid profile email offline_access" } },
|
|
62
|
+
profile(profile, tokens) {
|
|
63
|
+
let role = 'user'; // default role
|
|
64
|
+
if (tokens && tokens.access_token) {
|
|
65
|
+
const decodedJWT = decodeJwt(tokens.access_token);
|
|
66
|
+
const permissions = decodedJWT.resource_access?.[process.env.OAUTH_CLIENT_ID]?.roles;
|
|
67
|
+
role = permissions?.[0] || 'user';
|
|
68
|
+
}
|
|
69
|
+
return { id: profile.sub, role, ...profile };
|
|
70
|
+
},
|
|
71
|
+
}),
|
|
72
|
+
],
|
|
73
|
+
events: {
|
|
74
|
+
// fires when an OAuth account is linked [NextAuth](https://next-auth.js.org/configuration/events)
|
|
75
|
+
async linkAccount({ user, account }) {
|
|
76
|
+
await persistTokens(user.id, account, payloadConfig);
|
|
77
|
+
},
|
|
78
|
+
// fires on every sign-in [NextAuth](https://next-auth.js.org/configuration/events)
|
|
79
|
+
async signIn({ user, account }) {
|
|
80
|
+
if (account)
|
|
81
|
+
await persistTokens(user.id, account, payloadConfig);
|
|
82
|
+
},
|
|
83
|
+
},
|
|
84
|
+
});
|
|
85
|
+
const userCollectionDatabaseFields = {
|
|
86
|
+
name: "accounts",
|
|
87
|
+
type: "array",
|
|
88
|
+
admin: { disabled: false }, // optional
|
|
89
|
+
fields: [
|
|
90
|
+
{ name: "provider", type: "text", required: true },
|
|
91
|
+
{ name: "providerAccountId", type: "text", required: true },
|
|
92
|
+
{ name: "type", type: "text" },
|
|
93
|
+
// Add these:
|
|
94
|
+
{ name: "access_token", type: "text", admin: { disabled: true } },
|
|
95
|
+
{ name: "refresh_token", type: "text", admin: { disabled: true } },
|
|
96
|
+
{ name: "expires_at", type: "number", admin: { disabled: true } },
|
|
97
|
+
{ name: "id_token", type: "text", admin: { disabled: true } },
|
|
98
|
+
{ name: "token_type", type: "text", admin: { disabled: true } },
|
|
99
|
+
{ name: "scope", type: "text", admin: { disabled: true } },
|
|
100
|
+
{ name: "session_state", type: "text", admin: { disabled: true } },
|
|
101
|
+
],
|
|
102
|
+
};
|
|
103
|
+
export const payloadAuthConfig = { databaseWithBackend, userCollectionDatabaseFields };
|
|
50
104
|
//# sourceMappingURL=configuration.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"configuration.js","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"configuration.js","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AAEpC,OAAO,gBAAgB,MAAM,8BAA8B,CAAC;AAI5D,SAAS,aAAa,CAAC,WAA0B,EAAE,EAAE,OAAoB;IACvE,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;IACjC,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAA;IAEnD,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAC5B,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,iBAAiB,KAAK,iBAAiB,CACzF,CAAA;IAED,MAAM,OAAO,GAAG;QACd,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClC,QAAQ;QACR,iBAAiB;QACjB,IAAI,EAAE,OAAO,CAAC,IAAI;QAElB,yDAAyD;QACzD,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,IAAI;QAC1C,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,IAAI;QAC5C,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;QACtC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,IAAI;QAClC,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;QACtC,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;QAC5B,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,IAAI;KAC7C,CAAA;IAED,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAA;QAC1B,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,CAAC,GAAG,QAAQ,EAAE,OAAO,CAAC,CAAA;AAC/B,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,MAAc,EAAE,OAAoB,EAAE,aAA8B;IAC/F,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAA;IAE3D,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC;QACtC,UAAU,EAAE,OAAO;QACnB,EAAE,EAAE,MAAM;QACV,KAAK,EAAE,CAAC;KACT,CAAC,CAAA;IAEF,MAAM,QAAQ,GAAI,QAAiB,CAAC,QAAQ,IAAI,EAAE,CAAA;IAClD,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACjD,IAAI,IAAI,GAAG,MAAM,CAAC,CAAC,eAAe;IAClC,IAAI,OAAO,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,WAAW,GAAK,UAAU,CAAC,eAAwD,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC,EAAE,KAA8B,CAAC;QAC1J,IAAI,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IACpC,CAAC;IACD,MAAM,OAAO,CAAC,MAAM,CAAC;QACnB,UAAU,EAAE,OAAO;QACnB,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;QACxB,cAAc,EAAE,IAAI;KACrB,CAAC,CAAA;AACJ,CAAC;AAID,MAAM,mBAAmB,GAAG,CAAC,UAAkC,EAAE,aAA8B,EAAkB,EAAE,CAAC,CAAC;IACnH,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc;IAClC,OAAO,EAAE;QACP,MAAM,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,UAAU;QAC5D,QAAQ,EAAE,UAAU;KACrB;IACD,SAAS,EAAE,CAAC,gBAAgB,CAAC;YAC3B,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe;YACrC,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;YAC7C,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;YAChC,aAAa,EAAE,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,KAAK,IAAI,qCAAqC,EAAE,EAAE;YACrG,OAAO,CAAC,OAAO,EAAE,MAAM;gBACrB,IAAI,IAAI,GAAG,MAAM,CAAC,CAAC,eAAe;gBAClC,IAAI,MAAM,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;oBAClC,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;oBAClD,MAAM,WAAW,GAAK,UAAU,CAAC,eAAwD,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC,EAAE,KAA8B,CAAC;oBAC1J,IAAI,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;gBACpC,CAAC;gBACD,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAA;YAC9C,CAAC;SACF,CAAC;KACD;IACD,MAAM,EAAE;QACN,mGAAmG;QACnG,KAAK,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE;YACjC,MAAM,aAAa,CAAC,IAAI,CAAC,EAAY,EAAE,OAAiC,EAAE,aAAa,CAAC,CAAA;QAC1F,CAAC;QAED,oFAAoF;QACpF,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE;YAC5B,IAAI,OAAO;gBAAE,MAAM,aAAa,CAAC,IAAI,CAAC,EAAY,EAAE,OAAiC,EAAE,aAAa,CAAC,CAAA;QACvG,CAAC;KACF;CACF,CAAC,CAAC;AASH,MAAM,4BAA4B,GAAG;IAC/B,IAAI,EAAE,UAAU;IAChB,IAAI,EAAE,OAAO;IACb,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,WAAW;IACvC,MAAM,EAAE;QACN,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;QAClD,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;QAC3D,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE;QAE9B,aAAa;QACb,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;QACjE,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;QAClE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;QACjE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;QAC7D,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;QAC/D,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;QAC1D,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;KACnE;CACF,CAAC;AAGN,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,CAAC"}
|