electron-webauthn 0.0.12 â 0.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +66 -79
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -6
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -15,6 +15,9 @@ This package provides JavaScript bindings to Apple's AuthenticationServices fram
|
|
|
15
15
|
- đ Support for cross-platform authenticators (external security keys)
|
|
16
16
|
- đĻ TypeScript first with complete type definitions
|
|
17
17
|
- đ¨ Seamless integration with Electron's native window system
|
|
18
|
+
- đ PRF (Pseudo-Random Function) support for credential assertions
|
|
19
|
+
- đž Large Blob support for storing credential-specific data
|
|
20
|
+
- âī¸ User verification preference configuration (preferred, required, discouraged)
|
|
18
21
|
|
|
19
22
|
## Installation
|
|
20
23
|
|
|
@@ -49,8 +52,9 @@ async function authenticate() {
|
|
|
49
52
|
const result = await getCredential(
|
|
50
53
|
"example.com", // Relying Party ID
|
|
51
54
|
Buffer.from("your-challenge"), // Challenge from server
|
|
52
|
-
|
|
53
|
-
[] // Optional: allowed credential IDs
|
|
55
|
+
"https://example.com", // Origin
|
|
56
|
+
[], // Optional: allowed credential IDs
|
|
57
|
+
"preferred" // Optional: user verification preference
|
|
54
58
|
);
|
|
55
59
|
|
|
56
60
|
console.log(result);
|
|
@@ -61,12 +65,14 @@ async function authenticate() {
|
|
|
61
65
|
// - authenticatorData: Authenticator data (Buffer)
|
|
62
66
|
// - signature: Assertion signature (Buffer)
|
|
63
67
|
// - userHandle: User handle (Buffer)
|
|
68
|
+
// - prf: [Buffer | null, Buffer | null] - PRF output (if supported)
|
|
69
|
+
// - largeBlob: Buffer | null - Large blob data (if supported)
|
|
64
70
|
}
|
|
65
71
|
```
|
|
66
72
|
|
|
67
73
|
## API Reference
|
|
68
74
|
|
|
69
|
-
### `getCredential(rpid, challenge,
|
|
75
|
+
### `getCredential(rpid, challenge, origin, allowedCredentialIds, userVerificationPreference)`
|
|
70
76
|
|
|
71
77
|
Performs a WebAuthn assertion (authentication) using available platform and cross-platform authenticators.
|
|
72
78
|
|
|
@@ -74,8 +80,12 @@ Performs a WebAuthn assertion (authentication) using available platform and cros
|
|
|
74
80
|
|
|
75
81
|
- **`rpid: string`** - The Relying Party ID (typically your domain)
|
|
76
82
|
- **`challenge: Buffer`** - The challenge from your server (32+ bytes recommended)
|
|
77
|
-
- **`
|
|
83
|
+
- **`origin: string`** - The origin where the credential assertion will be used (e.g., "https://example.com")
|
|
78
84
|
- **`allowedCredentialIds: Buffer[]`** - Optional array of credential IDs the user can use (empty = all registered credentials)
|
|
85
|
+
- **`userVerificationPreference?: UserVerificationPreference`** - Optional preference for user verification. Can be:
|
|
86
|
+
- `"preferred"` - User verification is preferred but not required (default)
|
|
87
|
+
- `"required"` - User verification is required
|
|
88
|
+
- `"discouraged"` - User verification should be discouraged
|
|
79
89
|
|
|
80
90
|
#### Returns
|
|
81
91
|
|
|
@@ -91,49 +101,20 @@ interface GetCredentialResult {
|
|
|
91
101
|
authenticatorData: Buffer; // Authenticator data from the device
|
|
92
102
|
signature: Buffer; // Digital signature from the authenticator
|
|
93
103
|
userHandle: Buffer; // User handle from the credential
|
|
104
|
+
prf: [Buffer | null, Buffer | null]; // PRF output (if supported by authenticator)
|
|
105
|
+
largeBlob: Buffer | null; // Large blob data (if supported by authenticator)
|
|
94
106
|
}
|
|
95
107
|
```
|
|
96
108
|
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
### Package Structure
|
|
109
|
+
#### User Verification Preference Type
|
|
100
110
|
|
|
111
|
+
```typescript
|
|
112
|
+
type UserVerificationPreference = "preferred" | "required" | "discouraged";
|
|
101
113
|
```
|
|
102
|
-
src/
|
|
103
|
-
âââ index.ts # Main export - getCredential function
|
|
104
|
-
âââ helpers.ts # Utility functions
|
|
105
|
-
âââ objc/
|
|
106
|
-
â âââ authentication-services/ # AuthenticationServices framework bindings
|
|
107
|
-
â â âââ as-authorization-*.ts # Authorization request/response objects
|
|
108
|
-
â â âââ enums/ # Enumeration values
|
|
109
|
-
â â âââ index.ts # Exports
|
|
110
|
-
â âââ foundation/ # Foundation framework bindings
|
|
111
|
-
â âââ nsdata.ts # NSData (binary data) bindings
|
|
112
|
-
â âââ nsstring.ts # NSString bindings
|
|
113
|
-
â âââ nsarray.ts # NSArray bindings
|
|
114
|
-
â âââ nserror.ts # NSError bindings
|
|
115
|
-
â âââ nsview.ts # NSView bindings
|
|
116
|
-
â âââ nswindow.ts # NSWindow bindings
|
|
117
|
-
â âââ index.ts # Exports
|
|
118
|
-
âââ test/ # Test utilities
|
|
119
|
-
âââ index.ts # Test script
|
|
120
|
-
âââ window.ts # Test window helpers
|
|
121
|
-
âââ example.ts # Example usage
|
|
122
|
-
```
|
|
123
|
-
|
|
124
|
-
### Dependencies
|
|
125
114
|
|
|
126
|
-
|
|
127
|
-
- **TypeScript** - For type checking and compilation
|
|
128
|
-
|
|
129
|
-
## How It Works
|
|
115
|
+
## Architecture
|
|
130
116
|
|
|
131
|
-
|
|
132
|
-
2. **Request Configuration**: Sets up the challenge and optional allowed credentials list
|
|
133
|
-
3. **Controller Setup**: Creates an `ASAuthorizationController` to manage the authentication flow
|
|
134
|
-
4. **Delegation**: Registers delegates to handle success/error responses from the system
|
|
135
|
-
5. **Presentation**: Shows the native authentication UI in your window
|
|
136
|
-
6. **Result Processing**: Converts Objective-C objects to JavaScript Buffers and returns the assertion data
|
|
117
|
+
This library implements the WebAuthn standard using native APIs. Under the hood it handles all the complexity of macOS's authentication system, so you just call `getCredential()` with your challenge and get back the signed assertion.
|
|
137
118
|
|
|
138
119
|
## Usage Examples
|
|
139
120
|
|
|
@@ -155,7 +136,7 @@ app.on("ready", () => {
|
|
|
155
136
|
// In your preload script or main process
|
|
156
137
|
export async function authenticateUser(challenge: Buffer) {
|
|
157
138
|
const nativeHandle = getPointer(mainWindow.getNativeWindowHandle());
|
|
158
|
-
return getCredential("myapp.com", challenge,
|
|
139
|
+
return getCredential("myapp.com", challenge, "https://myapp.com", []);
|
|
159
140
|
}
|
|
160
141
|
```
|
|
161
142
|
|
|
@@ -166,11 +147,43 @@ export async function authenticateUser(challenge: Buffer) {
|
|
|
166
147
|
const result = await getCredential(
|
|
167
148
|
"myapp.com",
|
|
168
149
|
challenge,
|
|
169
|
-
|
|
150
|
+
"https://myapp.com",
|
|
170
151
|
[credentialId1, credentialId2] // User can only use these credentials
|
|
171
152
|
);
|
|
172
153
|
```
|
|
173
154
|
|
|
155
|
+
### With User Verification Requirement
|
|
156
|
+
|
|
157
|
+
```typescript
|
|
158
|
+
// Require user verification (e.g., for sensitive operations)
|
|
159
|
+
const result = await getCredential(
|
|
160
|
+
"myapp.com",
|
|
161
|
+
challenge,
|
|
162
|
+
"https://myapp.com",
|
|
163
|
+
[], // No credential restrictions
|
|
164
|
+
"required" // Require user verification (biometric or PIN)
|
|
165
|
+
);
|
|
166
|
+
```
|
|
167
|
+
|
|
168
|
+
### Using PRF Output
|
|
169
|
+
|
|
170
|
+
```typescript
|
|
171
|
+
// Get credential with PRF support
|
|
172
|
+
const result = await getCredential(
|
|
173
|
+
"myapp.com",
|
|
174
|
+
challenge,
|
|
175
|
+
"https://myapp.com",
|
|
176
|
+
[]
|
|
177
|
+
);
|
|
178
|
+
|
|
179
|
+
// PRF output is available in the result
|
|
180
|
+
const [prfFirst, prfSecond] = result.prf;
|
|
181
|
+
if (prfFirst) {
|
|
182
|
+
// Use PRF output for additional cryptographic operations
|
|
183
|
+
console.log("PRF first output:", prfFirst);
|
|
184
|
+
}
|
|
185
|
+
```
|
|
186
|
+
|
|
174
187
|
### Server-Side Verification
|
|
175
188
|
|
|
176
189
|
After getting the assertion result, verify it on your server:
|
|
@@ -197,7 +210,7 @@ try {
|
|
|
197
210
|
const result = await getCredential(
|
|
198
211
|
"example.com",
|
|
199
212
|
challenge,
|
|
200
|
-
|
|
213
|
+
"https://example.com",
|
|
201
214
|
[]
|
|
202
215
|
);
|
|
203
216
|
} catch (error) {
|
|
@@ -206,51 +219,25 @@ try {
|
|
|
206
219
|
}
|
|
207
220
|
```
|
|
208
221
|
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
| Platform | Support |
|
|
212
|
-
| --------- | ---------------- |
|
|
213
|
-
| macOS 12+ | â
Full support |
|
|
214
|
-
| Windows | â Not supported |
|
|
215
|
-
| Linux | â Not supported |
|
|
216
|
-
| iOS | â Not supported |
|
|
217
|
-
|
|
218
|
-
## WebAuthn Spec Compliance
|
|
219
|
-
|
|
220
|
-
This library implements the WebAuthn Level 2 specification for the assertion (authentication) operation:
|
|
221
|
-
|
|
222
|
-
- â
Public Key Credential (assertions)
|
|
223
|
-
- â
Platform authenticators (built-in)
|
|
224
|
-
- â
Cross-platform authenticators (external)
|
|
225
|
-
- â Credential registration (create)
|
|
226
|
-
- âšī¸ See [WebAuthn Specification](https://www.w3.org/TR/webauthn-2/)
|
|
227
|
-
|
|
228
|
-
## Development
|
|
229
|
-
|
|
230
|
-
### Building
|
|
231
|
-
|
|
232
|
-
```bash
|
|
233
|
-
bun run build
|
|
234
|
-
```
|
|
235
|
-
|
|
236
|
-
This compiles TypeScript to JavaScript in the `dist/` directory.
|
|
222
|
+
**Supported:**
|
|
237
223
|
|
|
238
|
-
|
|
224
|
+
- â
WebAuthn assertions (authentication with existing credentials)
|
|
225
|
+
- â
Platform authenticators (Touch ID, Face ID)
|
|
226
|
+
- â
PRF (Pseudo-Random Function) output
|
|
227
|
+
- â
Large Blob support
|
|
239
228
|
|
|
240
|
-
|
|
229
|
+
**Not Supported:**
|
|
241
230
|
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
4. Code builds successfully with `bun run build`
|
|
231
|
+
- â Cross-platform authenticators (external security keys)
|
|
232
|
+
- â Credential registration (attestation)
|
|
233
|
+
- â Discoverable credentials
|
|
246
234
|
|
|
247
235
|
## License
|
|
248
236
|
|
|
249
237
|
See [LICENSE](./LICENSE) file for details.
|
|
250
238
|
|
|
251
|
-
##
|
|
239
|
+
## Resources
|
|
252
240
|
|
|
253
241
|
- [WebAuthn Specification](https://www.w3.org/TR/webauthn-2/)
|
|
254
|
-
- [Apple AuthenticationServices Documentation](https://developer.apple.com/documentation/authenticationservices)
|
|
255
242
|
- [Electron Documentation](https://www.electronjs.org/docs)
|
|
256
243
|
- [objc-js Library](https://github.com/iamEvanYT/objc-js)
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AA8BA,KAAK,uBAAuB,GAAG,UAAU,GAAG,gBAAgB,CAAC;AAC7D,MAAM,MAAM,0BAA0B,GAClC,WAAW,GACX,UAAU,GACV,aAAa,CAAC;AAElB,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,uBAAuB,EAAE,uBAAuB,CAAC;IACjD,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,EAAE,CAAC,MAAM,GAAG,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC;IACpC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,iBAAS,aAAa,CACpB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,kBAAkB,EAAE,MAAM,EAC1B,MAAM,EAAE,MAAM,EACd,oBAAoB,EAAE,MAAM,EAAE,EAC9B,0BAA0B,CAAC,EAAE,0BAA0B,GACtD,OAAO,CAAC,mBAAmB,CAAC,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AA8BA,KAAK,uBAAuB,GAAG,UAAU,GAAG,gBAAgB,CAAC;AAC7D,MAAM,MAAM,0BAA0B,GAClC,WAAW,GACX,UAAU,GACV,aAAa,CAAC;AAElB,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,uBAAuB,EAAE,uBAAuB,CAAC;IACjD,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,EAAE,CAAC,MAAM,GAAG,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC;IACpC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,iBAAS,aAAa,CACpB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,kBAAkB,EAAE,MAAM,EAC1B,MAAM,EAAE,MAAM,EACd,oBAAoB,EAAE,MAAM,EAAE,EAC9B,0BAA0B,CAAC,EAAE,0BAA0B,GACtD,OAAO,CAAC,mBAAmB,CAAC,CA6I9B;AAED,OAAO,EAAE,aAAa,EAAE,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -34,7 +34,8 @@ function getCredential(rpid, challenge, nativeWindowHandle, origin, allowedCrede
|
|
|
34
34
|
const requestsArray = NSArray.arrayWithObject$(platformKeyRequest);
|
|
35
35
|
const authController = WebauthnGetController.alloc().initWithAuthorizationRequests$(requestsArray);
|
|
36
36
|
// OLD: const authController = createAuthorizationController(requestsArray);
|
|
37
|
-
// Generate
|
|
37
|
+
// Generate our own client data instead of letting apple generate it
|
|
38
|
+
// This is because apple's client data lack the `crossOrigin` field, which is required by a lot of sites.
|
|
38
39
|
const serializedOrigin = serializeOrigin(origin);
|
|
39
40
|
const clientData = {
|
|
40
41
|
type: "webauthn.get",
|
|
@@ -45,7 +46,6 @@ function getCredential(rpid, challenge, nativeWindowHandle, origin, allowedCrede
|
|
|
45
46
|
const clientDataJSON = JSON.stringify(clientData);
|
|
46
47
|
const clientDataBuffer = Buffer.from(clientDataJSON, "utf-8");
|
|
47
48
|
const clientDataHash = clientDataJsonBufferToHash(clientDataBuffer);
|
|
48
|
-
console.log("clientDataJSON", clientDataJSON);
|
|
49
49
|
setClientDataHash(authController, clientDataHash);
|
|
50
50
|
const finished = (_success) => {
|
|
51
51
|
removeClientDataHash(authController);
|
|
@@ -60,7 +60,7 @@ function getCredential(rpid, challenge, nativeWindowHandle, origin, allowedCrede
|
|
|
60
60
|
didCompleteWithAuthorization: (_, authorization) => {
|
|
61
61
|
// Cast to _ASAuthorization to access typed methods
|
|
62
62
|
const credential = authorization.credential();
|
|
63
|
-
console.log("Authorization succeeded:", credential);
|
|
63
|
+
// console.log("Authorization succeeded:", credential);
|
|
64
64
|
const id_data = credential.credentialID();
|
|
65
65
|
const id = bufferFromNSDataDirect(id_data);
|
|
66
66
|
let authenticatorAttachment = "platform";
|
|
@@ -71,7 +71,6 @@ function getCredential(rpid, challenge, nativeWindowHandle, origin, allowedCrede
|
|
|
71
71
|
const prf = credential.prf();
|
|
72
72
|
const prfFirst = prf?.first ? prf.first() : null;
|
|
73
73
|
const prfSecond = prf?.second ? prf.second() : null;
|
|
74
|
-
console.log("rawAuthenticatorData", credential.rawAuthenticatorData());
|
|
75
74
|
resolve({
|
|
76
75
|
id,
|
|
77
76
|
authenticatorAttachment,
|
|
@@ -93,7 +92,7 @@ function getCredential(rpid, challenge, nativeWindowHandle, origin, allowedCrede
|
|
|
93
92
|
// Parse the NSError into a readable format
|
|
94
93
|
const parsedError = error;
|
|
95
94
|
const errorMessage = parsedError.localizedDescription().UTF8String();
|
|
96
|
-
console.error("Authorization failed:", errorMessage);
|
|
95
|
+
// console.error("Authorization failed:", errorMessage);
|
|
97
96
|
reject(new Error(errorMessage));
|
|
98
97
|
finished(false);
|
|
99
98
|
},
|
|
@@ -110,7 +109,6 @@ function getCredential(rpid, challenge, nativeWindowHandle, origin, allowedCrede
|
|
|
110
109
|
});
|
|
111
110
|
authController.setPresentationContextProvider$(presentationContextProvider);
|
|
112
111
|
// authController.performRequests()
|
|
113
|
-
console.log("performing requests");
|
|
114
112
|
authController.performRequests();
|
|
115
113
|
return promise;
|
|
116
114
|
}
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AACtC,OAAO,EAAE,qCAAqC,EAAE,MAAM,wEAAwE,CAAC;AAC/H,OAAO,EAAE,yBAAyB,EAAE,MAAM,+DAA+D,CAAC;AAC1G,OAAO,EAAE,iCAAiC,EAAE,MAAM,8FAA8F,CAAC;AACjJ,OAAO,EAAE,yCAAyC,EAAE,MAAM,4FAA4F,CAAC;AACvJ,OAAO,EAAE,2CAA2C,EAAE,MAAM,8FAA8F,CAAC;AAG3J,OAAO,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAEL,sBAAsB,EACtB,gBAAgB,GACjB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EACL,iBAAiB,EACjB,0BAA0B,EAC1B,oBAAoB,EACpB,eAAe,GAChB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,4CAA4C,EAAE,MAAM,2FAA2F,CAAC;AACzJ,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,mCAAmC,CAAC;AAmB3C,SAAS,aAAa,CACpB,IAAY,EACZ,SAAiB,EACjB,kBAA0B,EAC1B,MAAc,EACd,oBAA8B,EAC9B,0BAAuD;IAEvD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,GAChC,oBAAoB,EAAuB,CAAC;IAE9C,oBAAoB;IACpB,MAAM,OAAO,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAEzC,sDAAsD;IACtD,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAEjD,mHAAmH;IACnH,MAAM,gBAAgB,GAAG,yCAAyC,CAAC,OAAO,CAAC,CAAC;IAE5E,mGAAmG;IACnG,MAAM,kBAAkB,GACtB,gBAAgB,CAAC,8CAA8C,CAC7D,YAAY,CACb,CAAC;IAEJ,sDAAsD;IACtD,IAAI,0BAA0B,KAAK,WAAW,EAAE,CAAC;QAC/C,kBAAkB,CAAC,8BAA8B,CAC/C,kBAAkB,CAAC,WAAW,CAAC,CAChC,CAAC;IACJ,CAAC;SAAM,IAAI,0BAA0B,KAAK,UAAU,EAAE,CAAC;QACrD,kBAAkB,CAAC,8BAA8B,CAC/C,kBAAkB,CAAC,UAAU,CAAC,CAC/B,CAAC;IACJ,CAAC;SAAM,IAAI,0BAA0B,KAAK,aAAa,EAAE,CAAC;QACxD,kBAAkB,CAAC,8BAA8B,CAC/C,kBAAkB,CAAC,aAAa,CAAC,CAClC,CAAC;IACJ,CAAC;IAED,8FAA8F;IAC9F,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IACnE,MAAM,cAAc,GAClB,qBAAqB,CAAC,KAAK,EAAE,CAAC,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAC9E,4EAA4E;IAE5E,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AACtC,OAAO,EAAE,qCAAqC,EAAE,MAAM,wEAAwE,CAAC;AAC/H,OAAO,EAAE,yBAAyB,EAAE,MAAM,+DAA+D,CAAC;AAC1G,OAAO,EAAE,iCAAiC,EAAE,MAAM,8FAA8F,CAAC;AACjJ,OAAO,EAAE,yCAAyC,EAAE,MAAM,4FAA4F,CAAC;AACvJ,OAAO,EAAE,2CAA2C,EAAE,MAAM,8FAA8F,CAAC;AAG3J,OAAO,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAEL,sBAAsB,EACtB,gBAAgB,GACjB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EACL,iBAAiB,EACjB,0BAA0B,EAC1B,oBAAoB,EACpB,eAAe,GAChB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,4CAA4C,EAAE,MAAM,2FAA2F,CAAC;AACzJ,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,mCAAmC,CAAC;AAmB3C,SAAS,aAAa,CACpB,IAAY,EACZ,SAAiB,EACjB,kBAA0B,EAC1B,MAAc,EACd,oBAA8B,EAC9B,0BAAuD;IAEvD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,GAChC,oBAAoB,EAAuB,CAAC;IAE9C,oBAAoB;IACpB,MAAM,OAAO,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAEzC,sDAAsD;IACtD,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAEjD,mHAAmH;IACnH,MAAM,gBAAgB,GAAG,yCAAyC,CAAC,OAAO,CAAC,CAAC;IAE5E,mGAAmG;IACnG,MAAM,kBAAkB,GACtB,gBAAgB,CAAC,8CAA8C,CAC7D,YAAY,CACb,CAAC;IAEJ,sDAAsD;IACtD,IAAI,0BAA0B,KAAK,WAAW,EAAE,CAAC;QAC/C,kBAAkB,CAAC,8BAA8B,CAC/C,kBAAkB,CAAC,WAAW,CAAC,CAChC,CAAC;IACJ,CAAC;SAAM,IAAI,0BAA0B,KAAK,UAAU,EAAE,CAAC;QACrD,kBAAkB,CAAC,8BAA8B,CAC/C,kBAAkB,CAAC,UAAU,CAAC,CAC/B,CAAC;IACJ,CAAC;SAAM,IAAI,0BAA0B,KAAK,aAAa,EAAE,CAAC;QACxD,kBAAkB,CAAC,8BAA8B,CAC/C,kBAAkB,CAAC,aAAa,CAAC,CAClC,CAAC;IACJ,CAAC;IAED,8FAA8F;IAC9F,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IACnE,MAAM,cAAc,GAClB,qBAAqB,CAAC,KAAK,EAAE,CAAC,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAC9E,4EAA4E;IAE5E,oEAAoE;IACpE,0GAA0G;IAC1G,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG;QACjB,IAAI,EAAE,cAAc;QACpB,SAAS,EAAE,iBAAiB,CAAC,SAAS,CAAC;QACvC,MAAM,EAAE,gBAAgB;QACxB,WAAW,EAAE,KAAK;KACnB,CAAC;IAEF,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;IAC9D,MAAM,cAAc,GAAG,0BAA0B,CAAC,gBAAgB,CAAC,CAAC;IAEpE,iBAAiB,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;IAElD,MAAM,QAAQ,GAAG,CAAC,QAAiB,EAAE,EAAE;QACrC,oBAAoB,CAAC,cAAc,CAAC,CAAC;IACvC,CAAC,CAAC;IAEF,sCAAsC;IACtC,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,kBAAkB,GAAG,kBAAkB,CAC3C,oBAAoB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAC9B,2CAA2C,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAClE,CACF,CAAC;QACF,kBAAkB,CAAC,sBAAsB,CAAC,kBAAkB,CAAC,CAAC;IAChE,CAAC;IAED,iCAAiC;IACjC,MAAM,QAAQ,GAAG,qCAAqC,CAAC;QACrD,4BAA4B,EAAE,CAAC,CAAC,EAAE,aAAa,EAAE,EAAE;YACjD,mDAAmD;YACnD,MAAM,UAAU,GACd,aAAa,CAAC,UAAU,EAAqE,CAAC;YAChG,uDAAuD;YAEvD,MAAM,OAAO,GAAG,UAAU,CAAC,YAAY,EAAE,CAAC;YAC1C,MAAM,EAAE,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;YAE3C,IAAI,uBAAuB,GAA4B,UAAU,CAAC;YAClE,IACE,UAAU,CAAC,UAAU,EAAE;gBACvB,4CAA4C,CAAC,yDAAyD,EACtG,CAAC;gBACD,uBAAuB,GAAG,gBAAgB,CAAC;YAC7C,CAAC;YAED,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YACjD,MAAM,SAAS,GAAG,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YAEpD,OAAO,CAAC;gBACN,EAAE;gBACF,uBAAuB;gBACvB,cAAc,EAAE,gBAAgB,EAAE,yDAAyD;gBAC3F,iBAAiB,EAAE,sBAAsB,CACvC,UAAU,CAAC,oBAAoB,EAAE,CAClC;gBACD,SAAS,EAAE,sBAAsB,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;gBACzD,UAAU,EAAE,sBAAsB,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;gBACvD,GAAG,EAAE;oBACH,QAAQ,CAAC,CAAC,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;oBAClD,SAAS,CAAC,CAAC,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI;iBACrD;gBACD,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE;oBAC/B,CAAC,CAAC,sBAAsB,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,CAAC;oBAC3D,CAAC,CAAC,IAAI;aACT,CAAC,CAAC;YAEH,QAAQ,CAAC,IAAI,CAAC,CAAC;QACjB,CAAC;QACD,oBAAoB,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE;YACjC,2CAA2C;YAC3C,MAAM,WAAW,GAAG,KAA6C,CAAC;YAClE,MAAM,YAAY,GAAG,WAAW,CAAC,oBAAoB,EAAE,CAAC,UAAU,EAAE,CAAC;YACrE,wDAAwD;YAExD,MAAM,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;YAEhC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAClB,CAAC;KACF,CAAC,CAAC;IACH,cAAc,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAEtC,oDAAoD;IACpD,MAAM,2BAA2B,GAAG,iCAAiC,CAAC;QACpE,4CAA4C,EAAE,GAAG,EAAE;YACjD,yDAAyD;YACzD,MAAM,MAAM,GAAG,WAAW,CAAC,kBAAkB,CAAuB,CAAC;YACrE,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YACjC,OAAO,QAAQ,CAAC;QAClB,CAAC;KACF,CAAC,CAAC;IACH,cAAc,CAAC,+BAA+B,CAAC,2BAA2B,CAAC,CAAC;IAE5E,mCAAmC;IACnC,cAAc,CAAC,eAAe,EAAE,CAAC;IAEjC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,OAAO,EAAE,aAAa,EAAE,CAAC"}
|