digitaltwin-core 0.9.0 → 0.9.2

package/dist/auth/apisix_parser.d.ts

@@ -118,5 +118,29 @@ export declare class ApisixAuthParser {
      * ```
      */
     static getUserRoles(headers: Record<string, string>): string[];
+    /**
+     * Checks if a user has the admin role.
+     *
+     * Determines if the authenticated user has administrative privileges by checking
+     * if their roles include the configured admin role name (default: "admin").
+     *
+     * The admin role name can be configured via DIGITALTWIN_ADMIN_ROLE_NAME environment variable.
+     *
+     * @param headers - HTTP request headers
+     * @returns true if user has admin role, false otherwise
+     *
+     * @example
+     * ```typescript
+     * if (ApisixAuthParser.isAdmin(req.headers)) {
+     *   // User has full administrative access
+     *   // Can view all assets including private assets owned by others
+     *   console.log('Admin user detected')
+     * }
+     *
+     * // With custom admin role name (DIGITALTWIN_ADMIN_ROLE_NAME=administrator)
+     * const isAdmin = ApisixAuthParser.isAdmin(req.headers)
+     * ```
+     */
+    static isAdmin(headers: Record<string, string>): boolean;
 }
 //# sourceMappingURL=apisix_parser.d.ts.map

package/dist/auth/apisix_parser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apisix_parser.d.ts","sourceRoot":"","sources":["../../src/auth/apisix_parser.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAA;AAGnD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,gBAAgB;IACzB;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,iBAAiB,GAAG,IAAI;IAqBlF;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO;IAS7D;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,GAAG,IAAI;IAShE;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,EAAE;CASjE"}
+{"version":3,"file":"apisix_parser.d.ts","sourceRoot":"","sources":["../../src/auth/apisix_parser.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAA;AAGnD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,gBAAgB;IACzB;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,iBAAiB,GAAG,IAAI;IAqBlF;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO;IAS7D;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,GAAG,IAAI;IAShE;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,EAAE;IAU9D;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO;CAK3D"}

package/dist/auth/apisix_parser.js

@@ -153,5 +153,33 @@ export class ApisixAuthParser {
         const rolesString = headers['x-user-roles'] || '';
         return rolesString ? rolesString.split(',').map(role => role.trim()) : [];
     }
+    /**
+     * Checks if a user has the admin role.
+     *
+     * Determines if the authenticated user has administrative privileges by checking
+     * if their roles include the configured admin role name (default: "admin").
+     *
+     * The admin role name can be configured via DIGITALTWIN_ADMIN_ROLE_NAME environment variable.
+     *
+     * @param headers - HTTP request headers
+     * @returns true if user has admin role, false otherwise
+     *
+     * @example
+     * ```typescript
+     * if (ApisixAuthParser.isAdmin(req.headers)) {
+     *   // User has full administrative access
+     *   // Can view all assets including private assets owned by others
+     *   console.log('Admin user detected')
+     * }
+     *
+     * // With custom admin role name (DIGITALTWIN_ADMIN_ROLE_NAME=administrator)
+     * const isAdmin = ApisixAuthParser.isAdmin(req.headers)
+     * ```
+     */
+    static isAdmin(headers) {
+        const roles = this.getUserRoles(headers);
+        const adminRoleName = AuthConfig.getAdminRoleName();
+        return roles.includes(adminRoleName);
+    }
 }
 //# sourceMappingURL=apisix_parser.js.map

package/dist/auth/apisix_parser.js.map

@@ -1 +1 @@
-{"version":3,"file":"apisix_parser.js","sourceRoot":"","sources":["../../src/auth/apisix_parser.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAE7C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,OAAO,gBAAgB;IACzB;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,MAAM,CAAC,gBAAgB,CAAC,OAA+B;QACnD,uDAAuD;QACvD,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC,gBAAgB,EAAE,CAAA;QACxC,CAAC;QAED,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAA;QACnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,OAAO,IAAI,CAAA;QACf,CAAC;QAED,0CAA0C;QAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;QACjD,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QAEhF,OAAO;YACH,EAAE,EAAE,MAAM;YACV,KAAK,EAAE,KAAK;SACf,CAAA;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,CAAC,YAAY,CAAC,OAA+B;QAC/C,wDAAwD;QACxD,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAA;QACf,CAAC;QAED,OAAO,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;IACjC,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,SAAS,CAAC,OAA+B;QAC5C,0DAA0D;QAC1D,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC,kBAAkB,EAAE,CAAA;QAC1C,CAAC;QAED,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,IAAI,CAAA;IACvC,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,YAAY,CAAC,OAA+B;QAC/C,6DAA6D;QAC7D,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAA;QAC9C,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;QACjD,OAAO,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IAC7E,CAAC;CACJ"}
+{"version":3,"file":"apisix_parser.js","sourceRoot":"","sources":["../../src/auth/apisix_parser.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAE7C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,OAAO,gBAAgB;IACzB;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,MAAM,CAAC,gBAAgB,CAAC,OAA+B;QACnD,uDAAuD;QACvD,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC,gBAAgB,EAAE,CAAA;QACxC,CAAC;QAED,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAA;QACnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,OAAO,IAAI,CAAA;QACf,CAAC;QAED,0CAA0C;QAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;QACjD,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QAEhF,OAAO;YACH,EAAE,EAAE,MAAM;YACV,KAAK,EAAE,KAAK;SACf,CAAA;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,CAAC,YAAY,CAAC,OAA+B;QAC/C,wDAAwD;QACxD,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAA;QACf,CAAC;QAED,OAAO,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;IACjC,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,SAAS,CAAC,OAA+B;QAC5C,0DAA0D;QAC1D,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC,kBAAkB,EAAE,CAAA;QAC1C,CAAC;QAED,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,IAAI,CAAA;IACvC,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,YAAY,CAAC,OAA+B;QAC/C,6DAA6D;QAC7D,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAA;QAC9C,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;QACjD,OAAO,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IAC7E,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,MAAM,CAAC,OAAO,CAAC,OAA+B;QAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;QACxC,MAAM,aAAa,GAAG,UAAU,CAAC,gBAAgB,EAAE,CAAA;QACnD,OAAO,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAA;IACxC,CAAC;CACJ"}

package/dist/auth/auth_config.d.ts

@@ -8,6 +8,7 @@
  * Environment variables:
  * - DIGITALTWIN_DISABLE_AUTH: Set to "true" or "1" to disable authentication (default: false)
  * - DIGITALTWIN_ANONYMOUS_USER_ID: User ID to use when auth is disabled (default: "anonymous")
+ * - DIGITALTWIN_ADMIN_ROLE_NAME: Name of the admin role in Keycloak (default: "admin")
  *
  * @example
  * ```bash
@@ -15,6 +16,9 @@
  * export DIGITALTWIN_DISABLE_AUTH=true
  * export DIGITALTWIN_ANONYMOUS_USER_ID=dev-user-123
  *
+ * # Configure admin role name
+ * export DIGITALTWIN_ADMIN_ROLE_NAME=administrator
+ *
  * # Enable authentication (default)
  * export DIGITALTWIN_DISABLE_AUTH=false
  * ```
@@ -28,6 +32,9 @@
  *   const anonymousUser = AuthConfig.getAnonymousUser()
  *   console.log(`Using anonymous user: ${anonymousUser.id}`)
  * }
+ *
+ * const adminRole = AuthConfig.getAdminRoleName()
+ * console.log(`Admin role is: ${adminRole}`)
  * ```
  */
 export declare class AuthConfig {
@@ -90,6 +97,25 @@ export declare class AuthConfig {
         id: string;
         roles: string[];
     };
+    /**
+     * Gets the name of the admin role configured for the system.
+     *
+     * This role name is used to determine if a user has full administrative
+     * access to all resources, including private assets owned by other users.
+     *
+     * @returns The admin role name (default: "admin")
+     *
+     * @example
+     * ```typescript
+     * const adminRole = AuthConfig.getAdminRoleName()
+     * console.log(`Admin role: ${adminRole}`) // "admin" by default
+     *
+     * // Check if user has admin role
+     * const userRoles = ['user', 'admin', 'moderator']
+     * const isAdmin = userRoles.includes(adminRole)
+     * ```
+     */
+    static getAdminRoleName(): string;
     /**
      * Resets the cached configuration (useful for testing).
      *

package/dist/auth/auth_config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth_config.d.ts","sourceRoot":"","sources":["../../src/auth/auth_config.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,qBAAa,UAAU;IACnB,OAAO,CAAC,MAAM,CAAC,OAAO,CAGP;IAEf;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;IA2BzB;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;IAQxB;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,cAAc,IAAI,OAAO;IAIhC;;;;OAIG;IACH,MAAM,CAAC,aAAa,IAAI,OAAO;IAI/B;;;;;;;;;;OAUG;IACH,MAAM,CAAC,kBAAkB,IAAI,MAAM;IAInC;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,gBAAgB;;;;IAOvB;;;;OAIG;IACH,MAAM,CAAC,YAAY;CAGtB"}
+{"version":3,"file":"auth_config.d.ts","sourceRoot":"","sources":["../../src/auth/auth_config.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,qBAAa,UAAU;IACnB,OAAO,CAAC,MAAM,CAAC,OAAO,CAIP;IAEf;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;IAqCzB;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;IAQxB;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,cAAc,IAAI,OAAO;IAIhC;;;;OAIG;IACH,MAAM,CAAC,aAAa,IAAI,OAAO;IAI/B;;;;;;;;;;OAUG;IACH,MAAM,CAAC,kBAAkB,IAAI,MAAM;IAInC;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,gBAAgB;;;;IAOvB;;;;;;;;;;;;;;;;;OAiBG;IACH,MAAM,CAAC,gBAAgB,IAAI,MAAM;IAIjC;;;;OAIG;IACH,MAAM,CAAC,YAAY;CAGtB"}

package/dist/auth/auth_config.js

@@ -9,6 +9,7 @@ import { Env } from '../env/env.js';
  * Environment variables:
  * - DIGITALTWIN_DISABLE_AUTH: Set to "true" or "1" to disable authentication (default: false)
  * - DIGITALTWIN_ANONYMOUS_USER_ID: User ID to use when auth is disabled (default: "anonymous")
+ * - DIGITALTWIN_ADMIN_ROLE_NAME: Name of the admin role in Keycloak (default: "admin")
  *
  * @example
  * ```bash
@@ -16,6 +17,9 @@ import { Env } from '../env/env.js';
  * export DIGITALTWIN_DISABLE_AUTH=true
  * export DIGITALTWIN_ANONYMOUS_USER_ID=dev-user-123
  *
+ * # Configure admin role name
+ * export DIGITALTWIN_ADMIN_ROLE_NAME=administrator
+ *
  * # Enable authentication (default)
  * export DIGITALTWIN_DISABLE_AUTH=false
  * ```
@@ -29,6 +33,9 @@ import { Env } from '../env/env.js';
  *   const anonymousUser = AuthConfig.getAnonymousUser()
  *   console.log(`Using anonymous user: ${anonymousUser.id}`)
  * }
+ *
+ * const adminRole = AuthConfig.getAdminRoleName()
+ * console.log(`Admin role is: ${adminRole}`)
  * ```
  */
 export class AuthConfig {
@@ -47,12 +54,19 @@ export class AuthConfig {
             }),
             DIGITALTWIN_ANONYMOUS_USER_ID: Env.schema.string({
                 optional: true
+            }),
+            DIGITALTWIN_ADMIN_ROLE_NAME: Env.schema.string({
+                optional: true
             })
         });
         // Set default anonymous user ID if not provided
         if (!config.DIGITALTWIN_ANONYMOUS_USER_ID) {
             config.DIGITALTWIN_ANONYMOUS_USER_ID = 'anonymous';
         }
+        // Set default admin role name if not provided
+        if (!config.DIGITALTWIN_ADMIN_ROLE_NAME) {
+            config.DIGITALTWIN_ADMIN_ROLE_NAME = 'admin';
+        }
         this._config = config;
     }
     /**
@@ -122,6 +136,27 @@ export class AuthConfig {
             roles: ['anonymous']
         };
     }
+    /**
+     * Gets the name of the admin role configured for the system.
+     *
+     * This role name is used to determine if a user has full administrative
+     * access to all resources, including private assets owned by other users.
+     *
+     * @returns The admin role name (default: "admin")
+     *
+     * @example
+     * ```typescript
+     * const adminRole = AuthConfig.getAdminRoleName()
+     * console.log(`Admin role: ${adminRole}`) // "admin" by default
+     *
+     * // Check if user has admin role
+     * const userRoles = ['user', 'admin', 'moderator']
+     * const isAdmin = userRoles.includes(adminRole)
+     * ```
+     */
+    static getAdminRoleName() {
+        return this.getConfig().DIGITALTWIN_ADMIN_ROLE_NAME;
+    }
     /**
      * Resets the cached configuration (useful for testing).
      *

package/dist/auth/auth_config.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth_config.js","sourceRoot":"","sources":["../../src/auth/auth_config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAA;AAEnC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,OAAO,UAAU;aACJ,YAAO,GAGX,IAAI,CAAA;IAEf;;;OAGG;IACK,MAAM,CAAC,UAAU;QACrB,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI;YAAE,OAAM;QAEjC,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC;YACxB,wBAAwB,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,KAAK;aACjB,CAAC;YACF,6BAA6B,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC;gBAC7C,QAAQ,EAAE,IAAI;aACjB,CAAC;SACL,CAGA,CAAA;QAED,gDAAgD;QAChD,IAAI,CAAC,MAAM,CAAC,6BAA6B,EAAE,CAAC;YACxC,MAAM,CAAC,6BAA6B,GAAG,WAAW,CAAA;QACtD,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,MAGd,CAAA;IACL,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,SAAS;QACpB,IAAI,CAAC,UAAU,EAAE,CAAA;QACjB,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAA;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAA;IACvB,CAAC;IAED;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,cAAc;QACjB,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC,wBAAwB,CAAA;IACpD,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,aAAa;QAChB,OAAO,CAAC,IAAI,CAAC,cAAc,EAAE,CAAA;IACjC,CAAC;IAED;;;;;;;;;;OAUG;IACH,MAAM,CAAC,kBAAkB;QACrB,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC,6BAA6B,CAAA;IACzD,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,gBAAgB;QACnB,OAAO;YACH,EAAE,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAC7B,KAAK,EAAE,CAAC,WAAW,CAAC;SACvB,CAAA;IACL,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,YAAY;QACf,IAAI,CAAC,OAAO,GAAG,IAAI,CAAA;IACvB,CAAC"}
+{"version":3,"file":"auth_config.js","sourceRoot":"","sources":["../../src/auth/auth_config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAA;AAEnC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,MAAM,OAAO,UAAU;aACJ,YAAO,GAIX,IAAI,CAAA;IAEf;;;OAGG;IACK,MAAM,CAAC,UAAU;QACrB,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI;YAAE,OAAM;QAEjC,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC;YACxB,wBAAwB,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,KAAK;aACjB,CAAC;YACF,6BAA6B,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC;gBAC7C,QAAQ,EAAE,IAAI;aACjB,CAAC;YACF,2BAA2B,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC;gBAC3C,QAAQ,EAAE,IAAI;aACjB,CAAC;SACL,CAIA,CAAA;QAED,gDAAgD;QAChD,IAAI,CAAC,MAAM,CAAC,6BAA6B,EAAE,CAAC;YACxC,MAAM,CAAC,6BAA6B,GAAG,WAAW,CAAA;QACtD,CAAC;QAED,8CAA8C;QAC9C,IAAI,CAAC,MAAM,CAAC,2BAA2B,EAAE,CAAC;YACtC,MAAM,CAAC,2BAA2B,GAAG,OAAO,CAAA;QAChD,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,MAId,CAAA;IACL,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,SAAS;QACpB,IAAI,CAAC,UAAU,EAAE,CAAA;QACjB,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAA;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAA;IACvB,CAAC;IAED;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,cAAc;QACjB,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC,wBAAwB,CAAA;IACpD,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,aAAa;QAChB,OAAO,CAAC,IAAI,CAAC,cAAc,EAAE,CAAA;IACjC,CAAC;IAED;;;;;;;;;;OAUG;IACH,MAAM,CAAC,kBAAkB;QACrB,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC,6BAA6B,CAAA;IACzD,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,gBAAgB;QACnB,OAAO;YACH,EAAE,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAC7B,KAAK,EAAE,CAAC,WAAW,CAAC;SACvB,CAAA;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACH,MAAM,CAAC,gBAAgB;QACnB,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC,2BAA2B,CAAA;IACvD,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,YAAY;QACf,IAAI,CAAC,OAAO,GAAG,IAAI,CAAA;IACvB,CAAC"}

package/dist/components/assets_manager.d.ts

@@ -22,7 +22,8 @@ import { UserService } from '../auth/user_service.js';
  *   description: '3D building model',
  *   source: 'https://example.com/data-source',
  *   owner_id: 123,
- *   filename: 'building.glb'
+ *   filename: 'building.glb',
+ *   is_public: true
  * }
  * ```
  */
@@ -35,6 +36,8 @@ export interface AssetMetadataRow extends MetadataRow {
     owner_id: number | null;
     /** Original filename provided by the user */
     filename: string;
+    /** Whether the asset is publicly accessible (true) or private (false) */
+    is_public: boolean;
 }
 /**
  * Request payload for creating a new asset.
@@ -48,7 +51,8 @@ export interface AssetMetadataRow extends MetadataRow {
  *   source: 'https://city-data.example.com/buildings',
  *   owner_id: 'user123',
  *   filename: 'building.glb',
- *   file: fileBuffer
+ *   file: fileBuffer,
+ *   is_public: true
  * }
  * ```
  */
@@ -63,6 +67,8 @@ export interface CreateAssetRequest {
     filename: string;
     /** File content as Buffer */
     file: Buffer;
+    /** Whether the asset is publicly accessible (default: true) */
+    is_public?: boolean;
 }
 /**
  * Request payload for updating asset metadata.
@@ -73,7 +79,8 @@ export interface CreateAssetRequest {
  * ```typescript
  * const updates: UpdateAssetRequest = {
  *   description: 'Updated building model with new textures',
- *   source: 'https://updated-source.example.com'
+ *   source: 'https://updated-source.example.com',
+ *   is_public: false
  * }
  * ```
  */
@@ -82,6 +89,8 @@ export interface UpdateAssetRequest {
     description?: string;
     /** Updated source URL (optional, validated if provided) */
     source?: string;
+    /** Updated visibility (optional) */
+    is_public?: boolean;
 }
 /**
  * Abstract base class for Assets Manager components with authentication and access control.
@@ -150,14 +159,20 @@ export declare abstract class AssetsManager implements Component, Servable {
      *
      * @param {DatabaseAdapter} db - The database adapter for metadata storage
      * @param {StorageService} storage - The storage service for file persistence
+     * @param {UserService} [userService] - Optional user service for authentication (created automatically if not provided)
      *
      * @example
      * ```typescript
+     * // Standard usage (UserService created automatically)
      * const assetsManager = new MyAssetsManager()
      * assetsManager.setDependencies(databaseAdapter, storageService)
+     *
+     * // For testing (inject mock UserService)
+     * const mockUserService = new MockUserService()
+     * assetsManager.setDependencies(databaseAdapter, storageService, mockUserService)
      * ```
      */
-    setDependencies(db: DatabaseAdapter, storage: StorageService): void;
+    setDependencies(db: DatabaseAdapter, storage: StorageService, userService?: UserService): void;
     /**
      * Returns the configuration of the assets manager.
      *
@@ -219,6 +234,104 @@ export declare abstract class AssetsManager implements Component, Servable {
      * ```
      */
     private validateFileExtension;
+    /**
+     * Validates that a string is valid base64-encoded data.
+     *
+     * Used internally to ensure file data in batch uploads is properly base64-encoded
+     * before attempting to decode it.
+     *
+     * @private
+     * @param {any} data - Data to validate as base64
+     * @returns {boolean} True if data is a valid base64 string, false otherwise
+     *
+     * @example
+     * ```typescript
+     * this.validateBase64('SGVsbG8gV29ybGQ=') // returns true
+     * this.validateBase64('not-base64!@#') // returns false
+     * this.validateBase64(123) // returns false (not a string)
+     * this.validateBase64('') // returns false (empty string)
+     * ```
+     */
+    private validateBase64;
+    /**
+     * Authenticates a request and returns the user record.
+     *
+     * This method consolidates the authentication flow:
+     * 1. Validates APISIX headers are present
+     * 2. Parses authentication headers
+     * 3. Finds or creates user record in database
+     *
+     * @param req - HTTP request object
+     * @returns AuthResult with either userRecord on success or DataResponse on failure
+     *
+     * @example
+     * ```typescript
+     * const authResult = await this.authenticateRequest(req)
+     * if (!authResult.success) {
+     *     return authResult.response
+     * }
+     * const userRecord = authResult.userRecord
+     * ```
+     */
+    private authenticateRequest;
+    /**
+     * Extracts upload data from multipart form request.
+     *
+     * @param req - HTTP request object with body and file
+     * @returns UploadData object with extracted fields
+     */
+    private extractUploadData;
+    /**
+     * Validates required fields for asset upload and returns validated data.
+     *
+     * @param data - Upload data to validate
+     * @returns UploadValidationResult with validated data on success or error response on failure
+     */
+    private validateUploadFields;
+    /**
+     * Reads file content from temporary upload path.
+     *
+     * @param filePath - Path to temporary file
+     * @returns Buffer with file content
+     * @throws Error if file cannot be read
+     */
+    private readTempFile;
+    /**
+     * Cleans up temporary file after processing.
+     * Silently ignores cleanup errors.
+     *
+     * @param filePath - Path to temporary file
+     */
+    private cleanupTempFile;
+    /**
+     * Validates ownership of an asset.
+     *
+     * @param asset - Asset record to check
+     * @param userId - User ID to validate against
+     * @returns DataResponse with error if not owner, undefined if valid
+     */
+    private validateOwnership;
+    /**
+     * Checks if a user can access a private asset.
+     *
+     * @param asset - Asset record to check
+     * @param req - HTTP request for authentication context
+     * @returns DataResponse with error if access denied, undefined if allowed
+     */
+    private checkPrivateAssetAccess;
+    /**
+     * Fetches an asset by ID with full access control validation.
+     *
+     * This method consolidates the common logic for retrieving an asset:
+     * 1. Validates that ID is provided
+     * 2. Fetches the asset from database
+     * 3. Verifies the asset belongs to this component
+     * 4. Checks access permissions for private assets
+     *
+     * @param req - HTTP request with params.id
+     * @returns Object with asset on success, or DataResponse on failure
+     */
+    private fetchAssetWithAccessCheck;
     /**
      * Upload a new asset file with metadata.
      *
@@ -235,7 +348,8 @@ export declare abstract class AssetsManager implements Component, Servable {
      *   source: 'https://city-data.example.com/buildings',
      *   owner_id: 'user123',
      *   filename: 'building.glb',
-     *   file: fileBuffer
+     *   file: fileBuffer,
+     *   is_public: true
      * })
      * ```
      */
@@ -246,9 +360,28 @@ export declare abstract class AssetsManager implements Component, Servable {
      * Returns a JSON list of all assets with their metadata, following the
      * framework pattern but adapted for assets management.
      *
+     * Access control:
+     * - Unauthenticated users: Can only see public assets
+     * - Authenticated users: Can see public assets + their own private assets
+     * - Admin users: Can see all assets (public and private from all users)
+     *
      * @returns {Promise<DataResponse>} JSON response with all assets
      */
-    retrieve(): Promise<DataResponse>;
+    retrieve(req?: any): Promise<DataResponse>;
+    /**
+     * Gets the authenticated user's database ID from request headers.
+     *
+     * @param req - HTTP request object
+     * @returns User ID or null if not authenticated
+     */
+    private getAuthenticatedUserId;
+    /**
+     * Formats assets for API response with metadata and URLs.
+     *
+     * @param assets - Array of asset records
+     * @returns Formatted assets array ready for JSON serialization
+     */
+    private formatAssetsForResponse;
     /**
      * Get all assets for this component type.
      *
@@ -282,7 +415,7 @@ export declare abstract class AssetsManager implements Component, Servable {
     /**
      * Update asset metadata by ID.
      *
-     * Updates the metadata (description and/or source) of a specific asset.
+     * Updates the metadata (description, source, and/or visibility) of a specific asset.
      * Asset metadata is stored as dedicated columns in the database.
      *
      * @param {string} id - The ID of the asset to update
@@ -293,7 +426,8 @@ export declare abstract class AssetsManager implements Component, Servable {
      * ```typescript
      * await assetsManager.updateAssetMetadata('123', {
      *   description: 'Updated building model with new textures',
-     *   source: 'https://updated-source.example.com'
+     *   source: 'https://updated-source.example.com',
+     *   is_public: false
      * })
      * ```
      */
@@ -375,7 +509,33 @@ export declare abstract class AssetsManager implements Component, Servable {
         responseType?: string;
     }>;
     /**
-     * Handle upload endpoint
+     * Handle single asset upload via HTTP POST.
+     *
+     * Flow:
+     * 1. Validate request structure and authentication
+     * 2. Extract user identity from Apache APISIX headers
+     * 3. Validate file extension and read uploaded file
+     * 4. Store file via storage service and metadata in database
+     * 5. Set owner_id to authenticated user (prevents ownership spoofing)
+     * 6. Apply is_public setting (defaults to true if not specified)
+     *
+     * Authentication: Required
+     * Ownership: Automatically set to authenticated user
+     *
+     * @param req - HTTP request with multipart/form-data file upload
+     * @returns HTTP response with success/error status
+     *
+     * @example
+     * POST /assets
+     * Content-Type: multipart/form-data
+     * x-user-id: user-uuid
+     * x-user-roles: user,premium
+     *
+     * Form data:
+     * - file: <binary file>
+     * - description: "3D model of building"
+     * - source: "https://source.com"
+     * - is_public: true
      */
     handleUpload(req: any): Promise<DataResponse>;
     /**
@@ -399,6 +559,11 @@ export declare abstract class AssetsManager implements Component, Servable {
      * Returns the file content of a specific asset by ID for display/use in front-end.
      * No download headers - just the raw file content.
      *
+     * Access control:
+     * - Public assets: Accessible to everyone
+     * - Private assets: Accessible only to owner
+     * - Admin users: Can access all assets (public and private)
+     *
      * @param {any} req - HTTP request object with params.id
      * @returns {Promise<DataResponse>} HTTP response with file content
      *
@@ -415,6 +580,11 @@ export declare abstract class AssetsManager implements Component, Servable {
      * Downloads the file content of a specific asset by ID with download headers.
      * Forces browser to download the file rather than display it.
      *
+     * Access control:
+     * - Public assets: Accessible to everyone
+     * - Private assets: Accessible only to owner
+     * - Admin users: Can download all assets (public and private)
+     *
      * @param {any} req - HTTP request object with params.id
      * @returns {Promise<DataResponse>} HTTP response with file content and download headers
      *
@@ -443,9 +613,32 @@ export declare abstract class AssetsManager implements Component, Servable {
      * Handle batch upload endpoint
      */
     handleUploadBatch(req: any): Promise<DataResponse>;
+    /**
+     * Validates all requests in a batch upload.
+     *
+     * @param requests - Array of upload requests to validate
+     * @returns DataResponse with error if validation fails, undefined if valid
+     */
+    private validateBatchRequests;
+    /**
+     * Processes batch upload requests.
+     *
+     * @param requests - Array of upload requests
+     * @param ownerId - Owner user ID
+     * @returns Array of results for each upload
+     */
+    private processBatchUploads;
     /**
      * Handle batch delete endpoint
      */
     handleDeleteBatch(req: any): Promise<DataResponse>;
+    /**
+     * Processes batch delete requests.
+     *
+     * @param ids - Array of asset IDs to delete
+     * @param userId - User ID for ownership validation
+     * @returns Array of results for each deletion
+     */
+    private processBatchDeletes;
 }
 //# sourceMappingURL=assets_manager.d.ts.map

package/dist/components/assets_manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"assets_manager.d.ts","sourceRoot":"","sources":["../../src/components/assets_manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAC1D,OAAO,KAAK,EAAE,0BAA0B,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAC1E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AACxD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAA;AACnE,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAA;AACnF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAEzD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAuBrD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,WAAW,gBAAiB,SAAQ,WAAW;IACjD,8CAA8C;IAC9C,WAAW,EAAE,MAAM,CAAA;IACnB,kFAAkF;IAClF,MAAM,EAAE,MAAM,CAAA;IACd,8DAA8D;IAC9D,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,CAAA;CACnB;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,kBAAkB;IAC/B,8CAA8C;IAC9C,WAAW,EAAE,MAAM,CAAA;IACnB,+DAA+D;IAC/D,MAAM,EAAE,MAAM,CAAA;IACd,qDAAqD;IACrD,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAA;IAChB,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAA;CACf;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,kBAAkB;IAC/B,qCAAqC;IACrC,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,2DAA2D;IAC3D,MAAM,CAAC,EAAE,MAAM,CAAA;CAClB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG;AACH,8BAAsB,aAAc,YAAW,SAAS,EAAE,QAAQ;IAC9D,SAAS,CAAC,EAAE,EAAG,eAAe,CAAA;IAC9B,SAAS,CAAC,OAAO,EAAG,cAAc,CAAA;IAClC,SAAS,CAAC,WAAW,EAAG,WAAW,CAAA;IAEnC;;;;;;;;;;;;;OAaG;IACH,eAAe,CAAC,EAAE,EAAE,eAAe,EAAE,OAAO,EAAE,cAAc,GAAG,IAAI;IAMnE;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,QAAQ,CAAC,gBAAgB,IAAI,0BAA0B;IAEvD;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,iBAAiB;IASzB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,OAAO,CAAC,qBAAqB;IAe7B;;;;;;;;;;;;;;;;;;;OAmBG;IACG,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IA+B7D;;;;;;;OAOG;IACG,QAAQ,IAAI,OAAO,CAAC,YAAY,CAAC;IAsCvC;;;;;;;;;;;;;OAaG;IACG,YAAY,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAW3C;;;;;;;;;;;;;OAaG;IACG,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC;IAI/D;;;;;;;;;;;;;;;;;OAiBG;IACG,mBAAmB,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAmCjF;;;;;;;;;;;;OAYG;IACG,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBhD;;;;;;;;;;;OAWG;IACG,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC;IASxC;;;;;;;;;;;;;OAaG;IACG,iBAAiB,CAAC,QAAQ,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IA0CtE;;;;;OAKG;IACG,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IASrD;;OAEG;IACH;;;;;;;;;;;;;;;;;OAiBG;IACH,YAAY,IAAI,KAAK,CAAC;QAClB,MAAM,EAAE,UAAU,CAAA;QAClB,IAAI,EAAE,MAAM,CAAA;QACZ,OAAO,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,CAAA;QAChC,YAAY,CAAC,EAAE,MAAM,CAAA;KACxB,CAAC;IAsDF;;OAEG;IACG,YAAY,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IAqInD;;;;;;;;;;;;;OAaG;IACG,YAAY,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IAoHnD;;;;;;;;;;;;;;OAcG;IACG,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IAwDrD;;;;;;;;;;;;;;OAcG;IACG,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IA2DrD;;;;;;;;;;;;OAYG;IACG,YAAY,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IA0FnD;;OAEG;IACG,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IA2FxD;;OAEG;IACG,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;CA2D3D"}
+{"version":3,"file":"assets_manager.d.ts","sourceRoot":"","sources":["../../src/components/assets_manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAC1D,OAAO,KAAK,EAAE,0BAA0B,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAC1E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AACxD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAA;AACnE,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAA;AACnF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAGzD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAgDrD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,WAAW,gBAAiB,SAAQ,WAAW;IACjD,8CAA8C;IAC9C,WAAW,EAAE,MAAM,CAAA;IACnB,kFAAkF;IAClF,MAAM,EAAE,MAAM,CAAA;IACd,8DAA8D;IAC9D,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,CAAA;IAChB,yEAAyE;IACzE,SAAS,EAAE,OAAO,CAAA;CACrB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,kBAAkB;IAC/B,8CAA8C;IAC9C,WAAW,EAAE,MAAM,CAAA;IACnB,+DAA+D;IAC/D,MAAM,EAAE,MAAM,CAAA;IACd,qDAAqD;IACrD,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAA;IAChB,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,+DAA+D;IAC/D,SAAS,CAAC,EAAE,OAAO,CAAA;CACtB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,kBAAkB;IAC/B,qCAAqC;IACrC,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,2DAA2D;IAC3D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,oCAAoC;IACpC,SAAS,CAAC,EAAE,OAAO,CAAA;CACtB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG;AACH,8BAAsB,aAAc,YAAW,SAAS,EAAE,QAAQ;IAC9D,SAAS,CAAC,EAAE,EAAG,eAAe,CAAA;IAC9B,SAAS,CAAC,OAAO,EAAG,cAAc,CAAA;IAClC,SAAS,CAAC,WAAW,EAAG,WAAW,CAAA;IAEnC;;;;;;;;;;;;;;;;;;;OAmBG;IACH,eAAe,CAAC,EAAE,EAAE,eAAe,EAAE,OAAO,EAAE,cAAc,EAAE,WAAW,CAAC,EAAE,WAAW,GAAG,IAAI;IAM9F;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,QAAQ,CAAC,gBAAgB,IAAI,0BAA0B;IAEvD;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,iBAAiB;IASzB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,OAAO,CAAC,qBAAqB;IAe7B;;;;;;;;;;;;;;;;;OAiBG;IACH,OAAO,CAAC,cAAc;IAoCtB;;;;;;;;;;;;;;;;;;;OAmBG;YACW,mBAAmB;IAkBjC;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IAUzB;;;;;OAKG;IACH,OAAO,CAAC,oBAAoB;IAmC5B;;;;;;OAMG;YACW,YAAY;IAI1B;;;;;OAKG;YACW,eAAe;IAM7B;;;;;;OAMG;IACH,OAAO,CAAC,iBAAiB;IAOzB;;;;;;OAMG;YACW,uBAAuB;IA6BrC;;;;;;;;;;;OAWG;YACW,yBAAyB;IA6BvC;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAgC7D;;;;;;;;;;;;OAYG;IACG,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IAwBhD;;;;;OAKG;YACW,sBAAsB;IAcpC;;;;;OAKG;IACH,OAAO,CAAC,uBAAuB;IAkB/B;;;;;;;;;;;;;OAaG;IACG,YAAY,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAW3C;;;;;;;;;;;;;OAaG;IACG,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC;IAI/D;;;;;;;;;;;;;;;;;;OAkBG;IACG,mBAAmB,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAoCjF;;;;;;;;;;;;OAYG;IACG,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBhD;;;;;;;;;;;OAWG;IACG,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC;IASxC;;;;;;;;;;;;;OAaG;IACG,iBAAiB,CAAC,QAAQ,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IA2CtE;;;;;OAKG;IACG,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IASrD;;OAEG;IACH;;;;;;;;;;;;;;;;;OAiBG;IACH,YAAY,IAAI,KAAK,CAAC;QAClB,MAAM,EAAE,UAAU,CAAA;QAClB,IAAI,EAAE,MAAM,CAAA;QACZ,OAAO,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,CAAA;QAChC,YAAY,CAAC,EAAE,MAAM,CAAA;KACxB,CAAC;IAsDF;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACG,YAAY,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IAyDnD;;;;;;;;;;;;;OAaG;IACG,YAAY,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IAuDnD;;;;;;;;;;;;;;;;;;;OAmBG;IACG,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IAcrD;;;;;;;;;;;;;;;;;;;OAmBG;IACG,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IAerD;;;;;;;;;;;;OAYG;IACG,YAAY,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IAoCnD;;OAEG;IACG,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IA2CxD;;;;;OAKG;IACH,OAAO,CAAC,qBAAqB;IAwB7B;;;;;;OAMG;YACW,mBAAmB;IA6BjC;;OAEG;IACG,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;IAqCxD;;;;;;OAMG;YACW,mBAAmB;CAgCpC"}