npm - digitaltwin-core - Versions diffs - 0.6.1 → 0.7.2 - Mend

digitaltwin-core 0.6.1 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

package/README.md +188 -0
package/dist/auth/apisix_parser.d.ts +122 -0
package/dist/auth/apisix_parser.d.ts.map +1 -0
package/dist/auth/apisix_parser.js +157 -0
package/dist/auth/apisix_parser.js.map +1 -0
package/dist/auth/auth_config.d.ts +95 -0
package/dist/auth/auth_config.d.ts.map +1 -0
package/dist/auth/auth_config.js +125 -0
package/dist/auth/auth_config.js.map +1 -0
package/dist/auth/index.d.ts +5 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +4 -0
package/dist/auth/index.js.map +1 -0
package/dist/auth/types.d.ts +100 -0
package/dist/auth/types.d.ts.map +1 -0
package/dist/auth/types.js +2 -0
package/dist/auth/types.js.map +1 -0
package/dist/auth/user_service.d.ts +86 -0
package/dist/auth/user_service.d.ts.map +1 -0
package/dist/auth/user_service.js +239 -0
package/dist/auth/user_service.js.map +1 -0
package/dist/components/assets_manager.d.ts +21 -5
package/dist/components/assets_manager.d.ts.map +1 -1
package/dist/components/assets_manager.js +132 -4
package/dist/components/assets_manager.js.map +1 -1
package/dist/components/custom_table_manager.d.ts +344 -0
package/dist/components/custom_table_manager.d.ts.map +1 -0
package/dist/components/custom_table_manager.js +525 -0
package/dist/components/custom_table_manager.js.map +1 -0
package/dist/components/index.d.ts +4 -1
package/dist/components/index.d.ts.map +1 -1
package/dist/components/index.js +3 -0
package/dist/components/index.js.map +1 -1
package/dist/components/map_manager.d.ts +61 -0
package/dist/components/map_manager.d.ts.map +1 -0
package/dist/components/map_manager.js +233 -0
package/dist/components/map_manager.js.map +1 -0
package/dist/components/tileset_manager.d.ts +55 -0
package/dist/components/tileset_manager.d.ts.map +1 -0
package/dist/components/tileset_manager.js +212 -0
package/dist/components/tileset_manager.js.map +1 -0
package/dist/components/types.d.ts +20 -0
package/dist/components/types.d.ts.map +1 -1
package/dist/database/adapters/knex_database_adapter.d.ts +7 -0
package/dist/database/adapters/knex_database_adapter.d.ts.map +1 -1
package/dist/database/adapters/knex_database_adapter.js +136 -2
package/dist/database/adapters/knex_database_adapter.js.map +1 -1
package/dist/database/database_adapter.d.ts +22 -1
package/dist/database/database_adapter.d.ts.map +1 -1
package/dist/database/database_adapter.js.map +1 -1
package/dist/engine/digital_twin_engine.d.ts +4 -1
package/dist/engine/digital_twin_engine.d.ts.map +1 -1
package/dist/engine/digital_twin_engine.js +69 -3
package/dist/engine/digital_twin_engine.js.map +1 -1
package/dist/engine/endpoints.d.ts +2 -2
package/dist/engine/endpoints.d.ts.map +1 -1
package/dist/engine/endpoints.js.map +1 -1
package/dist/env/env.d.ts +8 -0
package/dist/env/env.d.ts.map +1 -1
package/dist/env/env.js +22 -1
package/dist/env/env.js.map +1 -1
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +3 -0
package/dist/index.js.map +1 -1
package/dist/types/data_record.d.ts +1 -1
package/dist/utils/index.d.ts +5 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +5 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/zip_utils.d.ts +24 -0
package/dist/utils/zip_utils.d.ts.map +1 -0
package/dist/utils/zip_utils.js +77 -0
package/dist/utils/zip_utils.js.map +1 -0
package/package.json +3 -1

package/dist/auth/auth_config.js ADDED Viewed

@@ -0,0 +1,125 @@
+import { Env } from '../env/env.js';
+/**
+ * Authentication configuration for Digital Twin framework.
+ *
+ * Controls whether authentication is required for components that support it.
+ * When authentication is disabled, all requests are treated as authenticated
+ * with a default anonymous user.
+ *
+ * Environment variables:
+ * - DIGITALTWIN_DISABLE_AUTH: Set to "true" or "1" to disable authentication (default: false)
+ * - DIGITALTWIN_ANONYMOUS_USER_ID: User ID to use when auth is disabled (default: "anonymous")
+ *
+ * @example
+ * ```bash
+ * # Disable authentication for development
+ * export DIGITALTWIN_DISABLE_AUTH=true
+ * export DIGITALTWIN_ANONYMOUS_USER_ID=dev-user-123
+ *
+ * # Enable authentication (default)
+ * export DIGITALTWIN_DISABLE_AUTH=false
+ * ```
+ *
+ * @example
+ * ```typescript
+ * import { AuthConfig } from './auth_config.js'
+ *
+ * if (AuthConfig.isAuthDisabled()) {
+ *   console.log('Authentication is disabled')
+ *   const anonymousUser = AuthConfig.getAnonymousUser()
+ *   console.log(`Using anonymous user: ${anonymousUser.id}`)
+ * }
+ * ```
+ */
+export class AuthConfig {
+    static { this._config = null; }
+    /**
+     * Loads and validates authentication configuration from environment variables.
+     * This is called automatically the first time any method is used.
+     */
+    static loadConfig() {
+        if (this._config !== null)
+            return;
+        const config = Env.validate({
+            DIGITALTWIN_DISABLE_AUTH: Env.schema.boolean({
+                optional: true,
+                default: false
+            }),
+            DIGITALTWIN_ANONYMOUS_USER_ID: Env.schema.string({
+                optional: true
+            })
+        });
+        // Set default anonymous user ID if not provided
+        if (!config.DIGITALTWIN_ANONYMOUS_USER_ID) {
+            config.DIGITALTWIN_ANONYMOUS_USER_ID = 'anonymous';
+        }
+        this._config = config;
+    }
+    /**
+     * Checks if authentication is disabled via environment variables.
+     *
+     * @returns true if DIGITALTWIN_DISABLE_AUTH is set to "true" or "1", false otherwise
+     *
+     * @example
+     * ```typescript
+     * if (AuthConfig.isAuthDisabled()) {
+     *   console.log('Running in no-auth mode')
+     * }
+     * ```
+     */
+    static isAuthDisabled() {
+        this.loadConfig();
+        return this._config.DIGITALTWIN_DISABLE_AUTH;
+    }
+    /**
+     * Checks if authentication is enabled (opposite of isAuthDisabled).
+     *
+     * @returns true if authentication should be enforced, false otherwise
+     */
+    static isAuthEnabled() {
+        return !this.isAuthDisabled();
+    }
+    /**
+     * Gets the anonymous user ID to use when authentication is disabled.
+     *
+     * @returns The user ID configured for anonymous access
+     *
+     * @example
+     * ```typescript
+     * const userId = AuthConfig.getAnonymousUserId()
+     * console.log(`Anonymous user ID: ${userId}`) // "anonymous" by default
+     * ```
+     */
+    static getAnonymousUserId() {
+        this.loadConfig();
+        return this._config.DIGITALTWIN_ANONYMOUS_USER_ID;
+    }
+    /**
+     * Gets a fake authenticated user object for anonymous access.
+     *
+     * @returns An AuthenticatedUser object representing the anonymous user
+     *
+     * @example
+     * ```typescript
+     * import type { AuthenticatedUser } from './types.js'
+     *
+     * const anonymousUser: AuthenticatedUser = AuthConfig.getAnonymousUser()
+     * console.log(anonymousUser) // { id: "anonymous", roles: ["anonymous"] }
+     * ```
+     */
+    static getAnonymousUser() {
+        return {
+            id: this.getAnonymousUserId(),
+            roles: ['anonymous']
+        };
+    }
+    /**
+     * Resets the cached configuration (useful for testing).
+     *
+     * @private
+     */
+    static _resetConfig() {
+        this._config = null;
+    }
+}
+//# sourceMappingURL=auth_config.js.map

package/dist/auth/auth_config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth_config.js","sourceRoot":"","sources":["../../src/auth/auth_config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAA;AAEnC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,OAAO,UAAU;aACJ,YAAO,GAGX,IAAI,CAAA;IAEf;;;OAGG;IACK,MAAM,CAAC,UAAU;QACrB,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI;YAAE,OAAM;QAEjC,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC;YACxB,wBAAwB,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,KAAK;aACjB,CAAC;YACF,6BAA6B,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC;gBAC7C,QAAQ,EAAE,IAAI;aACjB,CAAC;SACL,CAGA,CAAA;QAED,gDAAgD;QAChD,IAAI,CAAC,MAAM,CAAC,6BAA6B,EAAE,CAAC;YACxC,MAAM,CAAC,6BAA6B,GAAG,WAAW,CAAA;QACtD,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,MAGd,CAAA;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,cAAc;QACjB,IAAI,CAAC,UAAU,EAAE,CAAA;QACjB,OAAO,IAAI,CAAC,OAAQ,CAAC,wBAAwB,CAAA;IACjD,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,aAAa;QAChB,OAAO,CAAC,IAAI,CAAC,cAAc,EAAE,CAAA;IACjC,CAAC;IAED;;;;;;;;;;OAUG;IACH,MAAM,CAAC,kBAAkB;QACrB,IAAI,CAAC,UAAU,EAAE,CAAA;QACjB,OAAO,IAAI,CAAC,OAAQ,CAAC,6BAA6B,CAAA;IACtD,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,gBAAgB;QACnB,OAAO;YACH,EAAE,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAC7B,KAAK,EAAE,CAAC,WAAW,CAAC;SACvB,CAAA;IACL,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,YAAY;QACf,IAAI,CAAC,OAAO,GAAG,IAAI,CAAA;IACvB,CAAC"}

package/dist/auth/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { ApisixAuthParser } from './apisix_parser.js';
+export { UserService } from './user_service.js';
+export { AuthConfig } from './auth_config.js';
+export type { AuthenticatedUser, UserRecord, AuthContext, AuthenticatedRequest } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAC7C,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA"}

package/dist/auth/index.js ADDED Viewed

@@ -0,0 +1,4 @@
+export { ApisixAuthParser } from './apisix_parser.js';
+export { UserService } from './user_service.js';
+export { AuthConfig } from './auth_config.js';
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA"}

package/dist/auth/types.d.ts ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * User information extracted from Keycloak JWT via Apache APISIX headers.
+ *
+ * This interface represents the authenticated user data parsed from APISIX
+ * headers after Keycloak authentication. APISIX forwards these headers:
+ * - `x-user-id`: The Keycloak user UUID
+ * - `x-user-roles`: Comma-separated list of user roles
+ *
+ * @example
+ * ```typescript
+ * const authUser = ApisixAuthParser.parseAuthHeaders(req.headers)
+ * if (authUser) {
+ *   console.log(`User ${authUser.id} has roles: ${authUser.roles.join(', ')}`)
+ * }
+ * ```
+ */
+export interface AuthenticatedUser {
+    /** User ID from Keycloak (x-user-id header) - UUID format */
+    id: string;
+    /** User roles from Keycloak (x-user-roles header, parsed from comma-separated string) */
+    roles: string[];
+}
+/**
+ * User record stored in the database.
+ *
+ * Represents a user stored in the normalized user management system.
+ * Users are created automatically when they first access the system
+ * after being authenticated by Keycloak via APISIX.
+ *
+ * @example
+ * ```typescript
+ * const userService = new UserService(database)
+ * const userRecord = await userService.findOrCreateUser(authenticatedUser)
+ * console.log(`User ${userRecord.keycloak_id} has ${userRecord.roles.length} roles`)
+ * ```
+ */
+export interface UserRecord {
+    /** Primary key (auto-increment) */
+    id?: number;
+    /** Keycloak user ID (UUID, unique across system) */
+    keycloak_id: string;
+    /** User roles (populated from user_roles junction table) */
+    roles: string[];
+    /** First time the user was seen in the system */
+    created_at: Date;
+    /** Last time the user's roles were updated */
+    updated_at: Date;
+}
+/**
+ * Authentication context passed to handlers.
+ *
+ * Contains both the raw authentication data from APISIX headers
+ * and the corresponding database user record. Used internally
+ * by components that need full user context.
+ *
+ * @example
+ * ```typescript
+ * const authContext: AuthContext = {
+ *   user: authUser,
+ *   userRecord: await userService.findOrCreateUser(authUser)
+ * }
+ * ```
+ */
+export interface AuthContext {
+    /** Authenticated user information from APISIX headers */
+    user: AuthenticatedUser;
+    /** Database user record with full role information */
+    userRecord: UserRecord;
+}
+/**
+ * Request object extended with authentication context.
+ *
+ * Represents an HTTP request that has been augmented with
+ * authentication information. Used by handlers that need
+ * access to both request data and user context.
+ *
+ * @example
+ * ```typescript
+ * async function handleRequest(req: AuthenticatedRequest) {
+ *   if (req.auth) {
+ *     console.log(`Request from user: ${req.auth.user.id}`)
+ *   }
+ * }
+ * ```
+ */
+export interface AuthenticatedRequest {
+    /** Original Express request object */
+    originalRequest: any;
+    /** Authentication context (undefined if not authenticated) */
+    auth?: AuthContext;
+    /** Request headers (including APISIX authentication headers) */
+    headers: Record<string, string>;
+    /** URL parameters */
+    params?: Record<string, string>;
+    /** Request body */
+    body?: any;
+    /** File upload (for multipart requests with assets) */
+    file?: any;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/auth/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,iBAAiB;IAC9B,6DAA6D;IAC7D,EAAE,EAAE,MAAM,CAAA;IACV,yFAAyF;IACzF,KAAK,EAAE,MAAM,EAAE,CAAA;CAClB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,UAAU;IACvB,mCAAmC;IACnC,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,oDAAoD;IACpD,WAAW,EAAE,MAAM,CAAA;IACnB,4DAA4D;IAC5D,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,iDAAiD;IACjD,UAAU,EAAE,IAAI,CAAA;IAChB,8CAA8C;IAC9C,UAAU,EAAE,IAAI,CAAA;CACnB;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,WAAW;IACxB,yDAAyD;IACzD,IAAI,EAAE,iBAAiB,CAAA;IACvB,sDAAsD;IACtD,UAAU,EAAE,UAAU,CAAA;CACzB;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,oBAAoB;IACjC,sCAAsC;IACtC,eAAe,EAAE,GAAG,CAAA;IACpB,8DAA8D;IAC9D,IAAI,CAAC,EAAE,WAAW,CAAA;IAClB,gEAAgE;IAChE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC/B,qBAAqB;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC/B,mBAAmB;IACnB,IAAI,CAAC,EAAE,GAAG,CAAA;IACV,uDAAuD;IACvD,IAAI,CAAC,EAAE,GAAG,CAAA;CACb"}

package/dist/auth/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=types.js.map

package/dist/auth/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":""}

package/dist/auth/user_service.d.ts ADDED Viewed

@@ -0,0 +1,86 @@
+import type { DatabaseAdapter } from '../database/database_adapter.js';
+import type { AuthenticatedUser, UserRecord } from './types.js';
+/**
+ * Service for managing users in the Digital Twin framework.
+ *
+ * This service handles the complete user lifecycle in a Digital Twin application
+ * with Keycloak authentication via Apache APISIX. It manages a normalized database
+ * schema with three tables:
+ *
+ * - `users`: Core user records linked to Keycloak IDs
+ * - `roles`: Master list of available roles
+ * - `user_roles`: Many-to-many relationship between users and roles
+ *
+ * Key features:
+ * - Automatic user creation on first authentication
+ * - Role synchronization with Keycloak
+ * - Optimized queries with proper indexing
+ * - Transaction-safe role updates
+ *
+ * @example
+ * ```typescript
+ * // Initialize in your Digital Twin engine
+ * const userService = new UserService(databaseAdapter)
+ * await userService.initializeTables()
+ *
+ * // Use in AssetsManager handlers
+ * const authUser = ApisixAuthParser.parseAuthHeaders(req.headers)
+ * const userRecord = await userService.findOrCreateUser(authUser!)
+ *
+ * // Link assets to users
+ * await this.uploadAsset({
+ *   description: 'My file',
+ *   source: 'upload',
+ *   owner_id: userRecord.id!.toString(),
+ *   filename: 'document.pdf',
+ *   file: buffer
+ * })
+ * ```
+ */
+export declare class UserService {
+    private db;
+    private readonly usersTable;
+    private readonly rolesTable;
+    private readonly userRolesTable;
+    constructor(db: DatabaseAdapter);
+    /**
+     * Ensures all user-related tables exist in the database
+     */
+    initializeTables(): Promise<void>;
+    /**
+     * Finds or creates a user and synchronizes their roles.
+     *
+     * When authentication is disabled, returns a mock user record
+     * without touching the database.
+     */
+    findOrCreateUser(authUser: AuthenticatedUser): Promise<UserRecord>;
+    /**
+     * Gets a user by their database ID
+     */
+    getUserById(id: number): Promise<UserRecord | undefined>;
+    /**
+     * Gets a user by their Keycloak ID with roles
+     */
+    getUserByKeycloakId(keycloakId: string): Promise<UserRecord | undefined>;
+    /**
+     * Gets the underlying Knex instance from the database adapter
+     */
+    private getKnex;
+    /**
+     * Finds a user by their Keycloak ID
+     */
+    private findUserByKeycloakId;
+    /**
+     * Creates a new user record
+     */
+    private createUser;
+    /**
+     * Synchronizes user roles with what's provided by Keycloak
+     */
+    private syncUserRoles;
+    /**
+     * Gets a user with their roles populated
+     */
+    private getUserWithRoles;
+}
+//# sourceMappingURL=user_service.d.ts.map

package/dist/auth/user_service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user_service.d.ts","sourceRoot":"","sources":["../../src/auth/user_service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAA;AACtE,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAI/D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,qBAAa,WAAW;IACpB,OAAO,CAAC,EAAE,CAAiB;IAC3B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAU;IACrC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAU;IACrC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAe;gBAElC,EAAE,EAAE,eAAe;IAI/B;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IAyDvC;;;;;OAKG;IACG,gBAAgB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,OAAO,CAAC,UAAU,CAAC;IA0BxE;;OAEG;IACG,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC;IAI9D;;OAEG;IACG,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC;IAY9E;;OAEG;IACH,OAAO,CAAC,OAAO;IAOf;;OAEG;YACW,oBAAoB;IAgBlC;;OAEG;YACW,UAAU;IAuBxB;;OAEG;YACW,aAAa;IAoC3B;;OAEG;YACW,gBAAgB;CAqCjC"}

package/dist/auth/user_service.js ADDED Viewed

@@ -0,0 +1,239 @@
+import { AuthConfig } from './auth_config.js';
+/**
+ * Service for managing users in the Digital Twin framework.
+ *
+ * This service handles the complete user lifecycle in a Digital Twin application
+ * with Keycloak authentication via Apache APISIX. It manages a normalized database
+ * schema with three tables:
+ *
+ * - `users`: Core user records linked to Keycloak IDs
+ * - `roles`: Master list of available roles
+ * - `user_roles`: Many-to-many relationship between users and roles
+ *
+ * Key features:
+ * - Automatic user creation on first authentication
+ * - Role synchronization with Keycloak
+ * - Optimized queries with proper indexing
+ * - Transaction-safe role updates
+ *
+ * @example
+ * ```typescript
+ * // Initialize in your Digital Twin engine
+ * const userService = new UserService(databaseAdapter)
+ * await userService.initializeTables()
+ *
+ * // Use in AssetsManager handlers
+ * const authUser = ApisixAuthParser.parseAuthHeaders(req.headers)
+ * const userRecord = await userService.findOrCreateUser(authUser!)
+ *
+ * // Link assets to users
+ * await this.uploadAsset({
+ *   description: 'My file',
+ *   source: 'upload',
+ *   owner_id: userRecord.id!.toString(),
+ *   filename: 'document.pdf',
+ *   file: buffer
+ * })
+ * ```
+ */
+export class UserService {
+    constructor(db) {
+        this.usersTable = 'users';
+        this.rolesTable = 'roles';
+        this.userRolesTable = 'user_roles';
+        this.db = db;
+    }
+    /**
+     * Ensures all user-related tables exist in the database
+     */
+    async initializeTables() {
+        const knex = this.getKnex();
+        console.log('Creating user management tables...');
+        // 1. Create roles table
+        if (!(await knex.schema.hasTable(this.rolesTable))) {
+            await knex.schema.createTable(this.rolesTable, table => {
+                table.increments('id').primary();
+                table.string('name', 100).notNullable().unique();
+                table.timestamp('created_at').defaultTo(knex.fn.now());
+                // Index pour les recherches par nom de rôle
+                table.index('name', 'roles_idx_name');
+            });
+            console.log('Roles table created');
+        }
+        // 2. Create users table
+        if (!(await knex.schema.hasTable(this.usersTable))) {
+            await knex.schema.createTable(this.usersTable, table => {
+                table.increments('id').primary();
+                table.string('keycloak_id', 255).notNullable().unique();
+                table.timestamp('created_at').defaultTo(knex.fn.now());
+                table.timestamp('updated_at').defaultTo(knex.fn.now());
+                // Index principal pour les lookups par keycloak_id
+                table.index('keycloak_id', 'users_idx_keycloak_id');
+                table.index('created_at', 'users_idx_created_at');
+            });
+            console.log('Users table created');
+        }
+        // 3. Create user_roles junction table
+        if (!(await knex.schema.hasTable(this.userRolesTable))) {
+            await knex.schema.createTable(this.userRolesTable, table => {
+                table.integer('user_id').unsigned().notNullable();
+                table.integer('role_id').unsigned().notNullable();
+                table.timestamp('created_at').defaultTo(knex.fn.now());
+                // Clé primaire composite
+                table.primary(['user_id', 'role_id']);
+                // Clés étrangères
+                table.foreign('user_id').references('id').inTable(this.usersTable).onDelete('CASCADE');
+                table.foreign('role_id').references('id').inTable(this.rolesTable).onDelete('CASCADE');
+                // Index pour les requêtes inverses (quels utilisateurs ont ce rôle)
+                table.index('role_id', 'user_roles_idx_role_id');
+                table.index('user_id', 'user_roles_idx_user_id');
+            });
+            console.log('User_roles table created');
+        }
+        console.log('All user management tables ready');
+    }
+    /**
+     * Finds or creates a user and synchronizes their roles.
+     *
+     * When authentication is disabled, returns a mock user record
+     * without touching the database.
+     */
+    async findOrCreateUser(authUser) {
+        // If authentication is disabled, return a mock user record
+        if (AuthConfig.isAuthDisabled()) {
+            return {
+                id: 1, // Use a consistent ID for anonymous user
+                keycloak_id: authUser.id,
+                roles: authUser.roles,
+                created_at: new Date(),
+                updated_at: new Date()
+            };
+        }
+        // 1. Find or create user
+        let userRecord = await this.findUserByKeycloakId(authUser.id);
+        if (!userRecord) {
+            userRecord = await this.createUser(authUser);
+        }
+        // 2. Synchronize roles
+        await this.syncUserRoles(userRecord.id, authUser.roles);
+        // 3. Return user with current roles
+        return (await this.getUserWithRoles(userRecord.id)) || userRecord;
+    }
+    /**
+     * Gets a user by their database ID
+     */
+    async getUserById(id) {
+        return await this.getUserWithRoles(id);
+    }
+    /**
+     * Gets a user by their Keycloak ID with roles
+     */
+    async getUserByKeycloakId(keycloakId) {
+        const knex = this.getKnex();
+        const userRow = (await knex(this.usersTable).where('keycloak_id', keycloakId).first());
+        if (!userRow)
+            return undefined;
+        return await this.getUserWithRoles(userRow.id);
+    }
+    /**
+     * Gets the underlying Knex instance from the database adapter
+     */
+    getKnex() {
+        if ('getKnex' in this.db && typeof this.db.getKnex === 'function') {
+            return this.db.getKnex();
+        }
+        throw new Error('Cannot access Knex instance from DatabaseAdapter');
+    }
+    /**
+     * Finds a user by their Keycloak ID
+     */
+    async findUserByKeycloakId(keycloakId) {
+        const knex = this.getKnex();
+        const row = await knex(this.usersTable).where('keycloak_id', keycloakId).first();
+        if (!row)
+            return undefined;
+        return {
+            id: row.id,
+            keycloak_id: row.keycloak_id,
+            roles: [], // Will be populated by getUserWithRoles
+            created_at: new Date(row.created_at),
+            updated_at: new Date(row.updated_at)
+        };
+    }
+    /**
+     * Creates a new user record
+     */
+    async createUser(authUser) {
+        const knex = this.getKnex();
+        const now = new Date();
+        const userData = {
+            keycloak_id: authUser.id,
+            created_at: now,
+            updated_at: now
+        };
+        const insertResult = await knex(this.usersTable).insert(userData).returning('id');
+        const insertedId = insertResult[0];
+        const id = typeof insertedId === 'object' ? insertedId.id : insertedId;
+        return {
+            id,
+            keycloak_id: authUser.id,
+            roles: [],
+            created_at: now,
+            updated_at: now
+        };
+    }
+    /**
+     * Synchronizes user roles with what's provided by Keycloak
+     */
+    async syncUserRoles(userId, newRoles) {
+        const knex = this.getKnex();
+        // Transaction pour assurer la cohérence
+        await knex.transaction(async (trx) => {
+            // 1. Ensure all roles exist in roles table
+            for (const roleName of newRoles) {
+                await trx(this.rolesTable).insert({ name: roleName }).onConflict('name').ignore(); // Si le rôle existe déjà, on l'ignore
+            }
+            // 2. Get role IDs
+            const roleRows = (await trx(this.rolesTable).select('id', 'name').whereIn('name', newRoles));
+            const roleIds = roleRows.map(r => r.id);
+            // 3. Remove old role associations
+            await trx(this.userRolesTable).where('user_id', userId).delete();
+            // 4. Add new role associations
+            if (roleIds.length > 0) {
+                const userRoleData = roleIds.map((roleId) => ({
+                    user_id: userId,
+                    role_id: roleId
+                }));
+                await trx(this.userRolesTable).insert(userRoleData);
+            }
+            // 5. Update user's updated_at timestamp
+            await trx(this.usersTable).where('id', userId).update({ updated_at: new Date() });
+        });
+    }
+    /**
+     * Gets a user with their roles populated
+     */
+    async getUserWithRoles(userId) {
+        const knex = this.getKnex();
+        // Join query to get user + roles
+        const result = (await knex(this.usersTable)
+            .leftJoin(this.userRolesTable, `${this.usersTable}.id`, `${this.userRolesTable}.user_id`)
+            .leftJoin(this.rolesTable, `${this.userRolesTable}.role_id`, `${this.rolesTable}.id`)
+            .select(`${this.usersTable}.id`, `${this.usersTable}.keycloak_id`, `${this.usersTable}.created_at`, `${this.usersTable}.updated_at`, `${this.rolesTable}.name as role_name`)
+            .where(`${this.usersTable}.id`, userId));
+        if (result.length === 0)
+            return undefined;
+        const userRow = result[0];
+        const roles = result
+            .filter(row => row.role_name) // Filter out null roles
+            .map(row => row.role_name);
+        return {
+            id: userRow.id,
+            keycloak_id: userRow.keycloak_id,
+            roles: roles,
+            created_at: new Date(userRow.created_at),
+            updated_at: new Date(userRow.updated_at)
+        };
+    }
+}
+//# sourceMappingURL=user_service.js.map

package/dist/auth/user_service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user_service.js","sourceRoot":"","sources":["../../src/auth/user_service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAE7C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,MAAM,OAAO,WAAW;IAMpB,YAAY,EAAmB;QAJd,eAAU,GAAG,OAAO,CAAA;QACpB,eAAU,GAAG,OAAO,CAAA;QACpB,mBAAc,GAAG,YAAY,CAAA;QAG1C,IAAI,CAAC,EAAE,GAAG,EAAE,CAAA;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB;QAClB,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAA;QAE3B,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAA;QAEjD,wBAAwB;QACxB,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE;gBACnD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAA;gBAChC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,MAAM,EAAE,CAAA;gBAChD,KAAK,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAA;gBAEtD,4CAA4C;gBAC5C,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAA;YACzC,CAAC,CAAC,CAAA;YACF,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QACtC,CAAC;QAED,wBAAwB;QACxB,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE;gBACnD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAA;gBAChC,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,MAAM,EAAE,CAAA;gBACvD,KAAK,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAA;gBACtD,KAAK,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAA;gBAEtD,mDAAmD;gBACnD,KAAK,CAAC,KAAK,CAAC,aAAa,EAAE,uBAAuB,CAAC,CAAA;gBACnD,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,sBAAsB,CAAC,CAAA;YACrD,CAAC,CAAC,CAAA;YACF,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QACtC,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,EAAE;gBACvD,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,WAAW,EAAE,CAAA;gBACjD,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,WAAW,EAAE,CAAA;gBACjD,KAAK,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAA;gBAEtD,yBAAyB;gBACzB,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAA;gBAErC,kBAAkB;gBAClB,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;gBACtF,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;gBAEtF,oEAAoE;gBACpE,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,wBAAwB,CAAC,CAAA;gBAChD,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,wBAAwB,CAAC,CAAA;YACpD,CAAC,CAAC,CAAA;YACF,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAA;QAC3C,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAA;IACnD,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,gBAAgB,CAAC,QAA2B;QAC9C,2DAA2D;QAC3D,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO;gBACH,EAAE,EAAE,CAAC,EAAE,yCAAyC;gBAChD,WAAW,EAAE,QAAQ,CAAC,EAAE;gBACxB,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,UAAU,EAAE,IAAI,IAAI,EAAE;gBACtB,UAAU,EAAE,IAAI,IAAI,EAAE;aACzB,CAAA;QACL,CAAC;QAED,yBAAyB;QACzB,IAAI,UAAU,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;QAE7D,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;QAChD,CAAC;QAED,uBAAuB;QACvB,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,EAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAA;QAExD,oCAAoC;QACpC,OAAO,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAG,CAAC,CAAC,IAAI,UAAU,CAAA;IACtE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,EAAU;QACxB,OAAO,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAA;IAC1C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB,CAAC,UAAkB;QACxC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAA;QAE3B,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC,KAAK,EAAE,CAEtE,CAAA;QAEf,IAAI,CAAC,OAAO;YAAE,OAAO,SAAS,CAAA;QAE9B,OAAO,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;IAClD,CAAC;IAED;;OAEG;IACK,OAAO;QACX,IAAI,SAAS,IAAI,IAAI,CAAC,EAAE,IAAI,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;YAChE,OAAQ,IAAI,CAAC,EAAU,CAAC,OAAO,EAAE,CAAA;QACrC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;IACvE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAAC,UAAkB;QACjD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAA;QAE3B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC,KAAK,EAAE,CAAA;QAEhF,IAAI,CAAC,GAAG;YAAE,OAAO,SAAS,CAAA;QAE1B,OAAO;YACH,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,KAAK,EAAE,EAAE,EAAE,wCAAwC;YACnD,UAAU,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;YACpC,UAAU,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;SACvC,CAAA;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CAAC,QAA2B;QAChD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAA;QAC3B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QAEtB,MAAM,QAAQ,GAAG;YACb,WAAW,EAAE,QAAQ,CAAC,EAAE;YACxB,UAAU,EAAE,GAAG;YACf,UAAU,EAAE,GAAG;SAClB,CAAA;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QACjF,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAA;QAClC,MAAM,EAAE,GAAG,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAE,UAA6B,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAA;QAE1F,OAAO;YACH,EAAE;YACF,WAAW,EAAE,QAAQ,CAAC,EAAE;YACxB,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,GAAG;YACf,UAAU,EAAE,GAAG;SAClB,CAAA;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,MAAc,EAAE,QAAkB;QAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAA;QAE3B,wCAAwC;QACxC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,EAAC,GAAG,EAAC,EAAE;YAC/B,2CAA2C;YAC3C,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;gBAC9B,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAA,CAAC,sCAAsC;YAC5H,CAAC;YAED,kBAAkB;YAClB,MAAM,QAAQ,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAGxF,CAAA;YAEH,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;YAEvC,kCAAkC;YAClC,MAAM,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,EAAE,CAAA;YAEhE,+BAA+B;YAC/B,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrB,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAc,EAAE,EAAE,CAAC,CAAC;oBAClD,OAAO,EAAE,MAAM;oBACf,OAAO,EAAE,MAAM;iBAClB,CAAC,CAAC,CAAA;gBAEH,MAAM,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;YACvD,CAAC;YAED,wCAAwC;YACxC,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAA;QACrF,CAAC,CAAC,CAAA;IACN,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAAC,MAAc;QACzC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAA;QAE3B,iCAAiC;QACjC,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC;aACtC,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,IAAI,CAAC,UAAU,KAAK,EAAE,GAAG,IAAI,CAAC,cAAc,UAAU,CAAC;aACxF,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,cAAc,UAAU,EAAE,GAAG,IAAI,CAAC,UAAU,KAAK,CAAC;aACpF,MAAM,CACH,GAAG,IAAI,CAAC,UAAU,KAAK,EACvB,GAAG,IAAI,CAAC,UAAU,cAAc,EAChC,GAAG,IAAI,CAAC,UAAU,aAAa,EAC/B,GAAG,IAAI,CAAC,UAAU,aAAa,EAC/B,GAAG,IAAI,CAAC,UAAU,oBAAoB,CACzC;aACA,KAAK,CAAC,GAAG,IAAI,CAAC,UAAU,KAAK,EAAE,MAAM,CAAC,CAMxC,CAAA;QAEH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAA;QAEzC,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;QACzB,MAAM,KAAK,GAAG,MAAM;aACf,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,wBAAwB;aACrD,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,SAAU,CAAC,CAAA;QAE/B,OAAO;YACH,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,KAAK,EAAE,KAAK;YACZ,UAAU,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;YACxC,UAAU,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;SAC3C,CAAA;IACL,CAAC;CACJ"}