exguard-backend 1.0.37 → 1.0.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/index.cjs +7 -0
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +5 -0
  4. package/dist/index.d.ts +5 -0
  5. package/dist/index.js +7 -0
  6. package/dist/index.js.map +1 -1
  7. package/package.json +1 -1
  8. package/scripts/setup-nestjs.cjs +13 -2
package/dist/index.cjs CHANGED
@@ -1190,6 +1190,13 @@ var ExGuardBackend2 = class {
1190
1190
  getExGuard() {
1191
1191
  return this.exGuard;
1192
1192
  }
1193
+ /**
1194
+ * Connect to realtime with user's token
1195
+ * This is called automatically by the guard when a request comes in
1196
+ */
1197
+ async connectWithUserToken(userToken) {
1198
+ return this.exGuard.connectWithUserToken(userToken);
1199
+ }
1193
1200
  };
1194
1201
  function extractToken(request) {
1195
1202
  if (request.headers?.authorization) {
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/exguard-backend.ts","../src/exguard-backend-enhanced.ts","../src/cache.ts","../src/realtime.ts","../src/guards.ts","../src/express.ts","../src/fastify.ts"],"sourcesContent":["export { ExGuardBackend } from './exguard-backend.js';\nexport { ExGuardBackendEnhanced } from './exguard-backend-enhanced.js';\nexport { cache, ExGuardCache } from './cache.js';\nexport { realtime, ExGuardRealtime, createRealtime } from './realtime.js';\nexport type { \n RealtimeEvent, \n RealtimeEventHandler,\n RealtimeConnectionHandler,\n RealtimeErrorHandler,\n RealtimeAuthOptions,\n ExGuardRealtimeConfig \n} from './realtime.js';\n\n// Backend protection exports\nexport { ExGuardBackend as Guard } from './guards.js';\nexport { createExGuardExpress } from './express.js';\nexport { createExGuardFastify } from './fastify.js';\nexport type { \n UserAccessResponse, \n ApiResponse, \n ExGuardConfig,\n ExGuardEnhancedConfig,\n ExGuardCacheConfig,\n ExGuardRealtimeConfig as ExGuardRealtimeConfigType,\n GuardContext,\n GuardResult,\n GuardOptions\n} from './types.js';\n","import axios, { AxiosInstance, AxiosResponse } from 'axios';\nimport { \n UserAccessResponse, \n ApiResponse, \n ExGuardConfig \n} from './types.js';\n\nexport class ExGuardBackend {\n private client: AxiosInstance;\n private config: ExGuardConfig;\n\n constructor(config: ExGuardConfig) {\n this.config = {\n timeout: 10000,\n ...config,\n };\n\n this.client = axios.create({\n baseURL: this.config.apiUrl,\n timeout: this.config.timeout,\n headers: {\n 'Content-Type': 'application/json',\n },\n });\n }\n\n /**\n * Get user roles and permissions from the /guard/me endpoint\n * @param token - JWT access token\n * @returns Promise<UserAccessResponse>\n */\n async getUserAccess(token: string): Promise<UserAccessResponse> {\n try {\n const response: AxiosResponse<ApiResponse<UserAccessResponse>> = \n await this.client.get('/guard/me', {\n headers: {\n 'Authorization': `Bearer ${token}`,\n },\n });\n\n if (!response.data.success) {\n throw new Error('Failed to fetch user access information');\n }\n\n return response.data.data;\n } catch (error) {\n if (axios.isAxiosError(error)) {\n if (error.response?.status === 401) {\n throw new Error('Unauthorized: Invalid or expired token');\n }\n throw new Error(`API Error: ${error.response?.data?.message || error.message}`);\n }\n throw error;\n }\n }\n\n /**\n * Check if user has specific permission\n * @param token - JWT access token\n * @param permission - Permission to check (e.g., 'events:create')\n * @returns Promise<boolean>\n */\n async hasPermission(token: string, permission: string): Promise<boolean> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n } catch (error) {\n return false;\n }\n }\n\n /**\n * Check if user has specific role\n * @param token - JWT access token\n * @param role - Role to check (e.g., 'Event Manager')\n * @returns Promise<boolean>\n */\n async hasRole(token: string, role: string): Promise<boolean> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles.includes(role);\n } catch (error) {\n return false;\n }\n }\n\n /**\n * Get all permissions for a specific module\n * @param token - JWT access token\n * @param moduleKey - Module key (e.g., 'events')\n * @returns Promise<string[]>\n */\n async getModulePermissions(token: string, moduleKey: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n return module?.permissions || [];\n } catch (error) {\n return [];\n }\n }\n\n /**\n * Get user roles\n * @param token - JWT access token\n * @returns Promise<string[]>\n */\n async getUserRoles(token: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles;\n } catch (error) {\n return [];\n }\n }\n\n /**\n * Get user field offices\n * @param token - JWT access token\n * @returns Promise<string[]>\n */\n async getUserFieldOffices(token: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.fieldOffices;\n } catch (error) {\n return [];\n }\n }\n}\n","import axios, { AxiosInstance, AxiosResponse } from 'axios';\nimport { \n UserAccessResponse, \n ApiResponse, \n ExGuardConfig \n} from './types.js';\nimport { cache, ExGuardCache } from './cache.js';\nimport { \n realtime, \n RealtimeEvent, \n ExGuardRealtime,\n ExGuardRealtimeConfig,\n createRealtime \n} from './realtime.js';\n\nexport interface ExGuardEnhancedConfig extends ExGuardConfig {\n cache?: {\n ttl?: number;\n enabled?: boolean;\n };\n realtime?: {\n enabled?: boolean;\n url?: string;\n accessToken?: string;\n autoReconnect?: boolean;\n maxReconnectAttempts?: number;\n reconnectDelay?: number;\n autoConnect?: boolean;\n onConnect?: () => void;\n onDisconnect?: () => void;\n onError?: (error: Error) => void;\n onRBACUpdate?: (event: RealtimeEvent) => void;\n onUserUpdate?: (event: RealtimeEvent) => void;\n };\n}\n\nexport class ExGuardBackendEnhanced {\n private client: AxiosInstance;\n private config: ExGuardEnhancedConfig;\n private cache: ExGuardCache;\n private realtime: ExGuardRealtime;\n private userId: string | null = null;\n private _isRealtimeConnected = false;\n\n constructor(config: ExGuardEnhancedConfig) {\n this.config = {\n timeout: 10000,\n cache: {\n enabled: true,\n ttl: 300000,\n },\n realtime: {\n enabled: false,\n autoReconnect: true,\n maxReconnectAttempts: 5,\n reconnectDelay: 1000,\n },\n ...config,\n };\n\n this.cache = cache;\n \n const realtimeConfig: ExGuardRealtimeConfig = {\n autoReconnect: this.config.realtime?.autoReconnect ?? true,\n maxReconnectAttempts: this.config.realtime?.maxReconnectAttempts ?? 5,\n reconnectDelay: this.config.realtime?.reconnectDelay ?? 1000,\n onConnect: () => {\n this._isRealtimeConnected = true;\n this.config.realtime?.onConnect?.();\n },\n onDisconnect: () => {\n this._isRealtimeConnected = false;\n this.config.realtime?.onDisconnect?.();\n },\n onError: (error) => {\n this.config.realtime?.onError?.(error);\n },\n };\n \n this.realtime = createRealtime(realtimeConfig);\n\n this.client = axios.create({\n baseURL: this.config.apiUrl,\n timeout: this.config.timeout,\n headers: {\n 'Content-Type': 'application/json',\n },\n });\n\n console.log('[ExGuardBackend] Realtime config:', {\n enabled: this.config.realtime?.enabled,\n url: this.config.realtime?.url,\n hasAccessToken: !!this.config.realtime?.accessToken,\n });\n\n if (this.config.realtime?.enabled && this.config.realtime.url) {\n console.log('[ExGuardBackend] Starting realtime connection...');\n this.setupRealtime().catch(err => {\n console.error('[ExGuardBackend] Failed to setup realtime:', err);\n });\n } else {\n console.log('[ExGuardBackend] Realtime disabled or no URL provided');\n }\n\n setInterval(() => {\n this.cache.cleanup();\n }, 60000);\n }\n\n private async setupRealtime(): Promise<void> {\n // Only connect if explicitly enabled AND URL is provided\n if (!this.config.realtime?.enabled || !this.config.realtime?.url) {\n return;\n }\n\n try {\n await this.realtime.connect(\n this.config.realtime.url, \n this.config.realtime.accessToken\n );\n\n // Subscribe to channels for realtime updates\n this.realtime.subscribeToChannel('rbac');\n this.realtime.subscribeToChannel('roles');\n this.realtime.subscribeToChannel('permissions');\n \n // Listen to all events using wildcard\n this.realtime.subscribe('*', (event: RealtimeEvent) => {\n console.log('[ExGuardBackend] Realtime event received:', event);\n \n // Handle specific event types\n if (event.type.includes('rbac') || event.type === 'rbac_update') {\n this.config.realtime?.onRBACUpdate?.(event);\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('user') || event.type === 'user_update') {\n this.config.realtime?.onUserUpdate?.(event);\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('role') || event.type === 'role_update') {\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('permission') || event.type === 'permission_update') {\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n });\n\n } catch (error) {\n console.warn('[ExGuardBackend] Realtime connection failed (will retry on demand):', error);\n }\n }\n\n /**\n * Manually connect to realtime server\n */\n async connectRealtime(url?: string, accessToken?: string): Promise<void> {\n const wsUrl = url || this.config.realtime?.url;\n const wsToken = accessToken || this.config.realtime?.accessToken;\n \n if (!wsUrl) {\n throw new Error('WebSocket URL is required');\n }\n \n await this.setupRealtime();\n }\n\n /**\n * Connect to realtime with user's token (extracts userId from token)\n * Call this in your middleware/guard when a user makes a request\n */\n async connectWithUserToken(userToken: string): Promise<void> {\n const wsUrl = this.config.realtime?.url;\n \n if (!wsUrl) {\n console.warn('[ExGuardBackend] No realtime URL configured');\n return;\n }\n\n // Extract userId from token if possible\n const userId = this.extractUserIdFromToken(userToken) || 'unknown';\n \n console.log('[ExGuardBackend] Connecting to realtime with user token, userId:', userId);\n \n try {\n await this.realtime.connect(wsUrl, userToken, userId);\n this.realtime.subscribeToChannel('rbac');\n } catch (error) {\n console.warn('[ExGuardBackend] Failed to connect with user token:', error);\n }\n }\n\n /**\n * Disconnect from realtime server\n */\n disconnectRealtime(): void {\n this.realtime.disconnect();\n }\n\n /**\n * Check if realtime is connected\n */\n isRealtimeConnected(): boolean {\n return this._isRealtimeConnected || this.realtime.isConnected();\n }\n\n /**\n * Get realtime connection status\n */\n getRealtimeStatus(): 'connecting' | 'connected' | 'disconnected' | 'reconnecting' {\n return this.realtime.getStatus();\n }\n\n /**\n * Subscribe to realtime events\n */\n subscribeToRealtime(eventType: string, handler: (event: RealtimeEvent) => void): () => void {\n return this.realtime.subscribe(eventType, handler);\n }\n\n /**\n * Subscribe to all realtime events\n */\n subscribeToAllRealtime(handler: (event: RealtimeEvent) => void): () => void {\n return this.realtime.subscribeAll(handler);\n }\n\n private extractUserIdFromToken(token: string): string | null {\n try {\n const payload = JSON.parse(atob(token.split('.')[1]));\n return payload.sub || null;\n } catch {\n return null;\n }\n }\n\n private getCacheKey(token: string, suffix: string = ''): string {\n const userId = this.extractUserIdFromToken(token) || 'unknown';\n return `user:${userId}:${suffix}`;\n }\n\n async getUserAccess(token: string): Promise<UserAccessResponse> {\n if (!this.config.cache?.enabled) {\n return this.fetchUserAccess(token);\n }\n\n const cacheKey = this.getCacheKey(token, 'access');\n const cached = this.cache.get<UserAccessResponse>(cacheKey);\n \n if (cached) {\n console.log('[ExGuardBackend] Cache hit for user access');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching user access');\n const data = await this.fetchUserAccess(token);\n \n this.cache.set(cacheKey, data, this.config.cache.ttl);\n \n return data;\n }\n\n private async fetchUserAccess(token: string): Promise<UserAccessResponse> {\n try {\n const response: AxiosResponse<ApiResponse<UserAccessResponse>> = \n await this.client.get('/guard/me', {\n headers: {\n 'Authorization': `Bearer ${token}`,\n },\n });\n\n if (!response.data.success) {\n throw new Error('Failed to fetch user access information');\n }\n\n return response.data.data;\n } catch (error) {\n if (axios.isAxiosError(error)) {\n if (error.response?.status === 401) {\n throw new Error('Unauthorized: Invalid or expired token');\n }\n throw new Error(`API Error: ${error.response?.data?.message || error.message}`);\n }\n throw error;\n }\n }\n\n async hasPermission(token: string, permission: string): Promise<boolean> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n }\n\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for permission: ${permission}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, checking permission: ${permission}`);\n const userAccess = await this.getUserAccess(token);\n const hasPermission = userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n \n this.cache.set(cacheKey, hasPermission, this.config.cache.ttl! / 2);\n \n return hasPermission;\n }\n\n async hasRole(token: string, role: string): Promise<boolean> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles.includes(role);\n }\n\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for role: ${role}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, checking role: ${role}`);\n const userAccess = await this.getUserAccess(token);\n const hasRole = userAccess.roles.includes(role);\n \n this.cache.set(cacheKey, hasRole, this.config.cache.ttl! / 2);\n \n return hasRole;\n }\n\n async getModulePermissions(token: string, moduleKey: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n return module?.permissions || [];\n }\n\n const cacheKey = this.getCacheKey(token, `module:${moduleKey}`);\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for module: ${moduleKey}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, fetching module permissions: ${moduleKey}`);\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n const permissions = module?.permissions || [];\n \n this.cache.set(cacheKey, permissions, this.config.cache.ttl);\n \n return permissions;\n }\n\n async getUserRoles(token: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles;\n }\n\n const cacheKey = this.getCacheKey(token, 'roles');\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log('[ExGuardBackend] Cache hit for user roles');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching user roles');\n const userAccess = await this.getUserAccess(token);\n const roles = userAccess.roles;\n \n this.cache.set(cacheKey, roles, this.config.cache.ttl);\n \n return roles;\n }\n\n async getUserFieldOffices(token: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.fieldOffices;\n }\n\n const cacheKey = this.getCacheKey(token, 'field-offices');\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log('[ExGuardBackend] Cache hit for field offices');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching field offices');\n const userAccess = await this.getUserAccess(token);\n const fieldOffices = userAccess.fieldOffices;\n \n this.cache.set(cacheKey, fieldOffices, this.config.cache.ttl);\n \n return fieldOffices;\n }\n\n async hasPermissions(token: string, permissions: string[]): Promise<Record<string, boolean>> {\n const results: Record<string, boolean> = {};\n const uncachedPermissions: string[] = [];\n \n for (const permission of permissions) {\n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n results[permission] = cached;\n } else {\n uncachedPermissions.push(permission);\n }\n } else {\n uncachedPermissions.push(permission);\n }\n }\n\n if (uncachedPermissions.length > 0) {\n const userAccess = await this.getUserAccess(token);\n \n for (const permission of uncachedPermissions) {\n const hasPermission = userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n results[permission] = hasPermission;\n \n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n this.cache.set(cacheKey, hasPermission, this.config.cache.ttl! / 2);\n }\n }\n }\n\n return results;\n }\n\n async hasRoles(token: string, roles: string[]): Promise<Record<string, boolean>> {\n const results: Record<string, boolean> = {};\n const uncachedRoles: string[] = [];\n \n for (const role of roles) {\n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n results[role] = cached;\n } else {\n uncachedRoles.push(role);\n }\n } else {\n uncachedRoles.push(role);\n }\n }\n\n if (uncachedRoles.length > 0) {\n const userAccess = await this.getUserAccess(token);\n \n for (const role of uncachedRoles) {\n const hasRole = userAccess.roles.includes(role);\n results[role] = hasRole;\n \n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n this.cache.set(cacheKey, hasRole, this.config.cache.ttl! / 2);\n }\n }\n }\n\n return results;\n }\n\n clearUserCache(token: string): void {\n const userId = this.extractUserIdFromToken(token);\n if (userId) {\n this.cache.clearUserCache(userId);\n console.log(`[ExGuardBackend] Cache cleared for user: ${userId}`);\n }\n }\n\n clearAllCache(): void {\n this.cache.clear();\n console.log('[ExGuardBackend] All cache cleared');\n }\n\n getCacheStats(): { size: number; keys: string[] } {\n return this.cache.getStats();\n }\n\n disconnect(): void {\n this.realtime.disconnect();\n }\n}\n","/**\n * In-memory cache for user access data with TTL support\n */\n\nexport interface CacheEntry<T> {\n data: T;\n timestamp: number;\n ttl: number;\n}\n\nexport class ExGuardCache {\n private cache = new Map<string, CacheEntry<any>>();\n private subscribers = new Map<string, Set<() => void>>();\n private defaultTTL = 300000; // 5 minutes\n\n /**\n * Get cached data\n */\n get<T>(key: string): T | null {\n const entry = this.cache.get(key);\n if (!entry) return null;\n\n // Check if expired\n if (Date.now() - entry.timestamp > entry.ttl) {\n this.cache.delete(key);\n return null;\n }\n\n return entry.data;\n }\n\n /**\n * Set cached data with TTL\n */\n set<T>(key: string, data: T, ttl?: number): void {\n this.cache.set(key, {\n data,\n timestamp: Date.now(),\n ttl: ttl || this.defaultTTL,\n });\n }\n\n /**\n * Delete cached data\n */\n delete(key: string): boolean {\n const deleted = this.cache.delete(key);\n if (deleted) {\n this.notifySubscribers(key);\n }\n return deleted;\n }\n\n /**\n * Clear all cache\n */\n clear(): void {\n const keys = Array.from(this.cache.keys());\n this.cache.clear();\n keys.forEach(key => this.notifySubscribers(key));\n }\n\n /**\n * Clear cache for a specific user - clears ALL caches related to this user\n */\n clearUserCache(userId: string): void {\n // Clear all keys that contain this userId\n const keysToDelete = Array.from(this.cache.keys()).filter(key => \n key.includes(userId)\n );\n \n console.log(`[ExGuardCache] Clearing cache for user ${userId}, found ${keysToDelete.length} keys:`, keysToDelete);\n \n keysToDelete.forEach(key => {\n this.cache.delete(key);\n this.notifySubscribers(key);\n });\n \n if (keysToDelete.length === 0) {\n console.log(`[ExGuardCache] No cache entries found for user ${userId}`);\n }\n }\n\n /**\n * Subscribe to cache changes\n */\n subscribe(key: string, callback: () => void): () => void {\n if (!this.subscribers.has(key)) {\n this.subscribers.set(key, new Set());\n }\n \n this.subscribers.get(key)!.add(callback);\n \n // Return unsubscribe function\n return () => {\n const callbacks = this.subscribers.get(key);\n if (callbacks) {\n callbacks.delete(callback);\n if (callbacks.size === 0) {\n this.subscribers.delete(key);\n }\n }\n };\n }\n\n /**\n * Notify subscribers of cache changes\n */\n private notifySubscribers(key: string): void {\n const callbacks = this.subscribers.get(key);\n if (callbacks) {\n callbacks.forEach(callback => {\n try {\n callback();\n } catch (error) {\n console.error('Cache subscriber error:', error);\n }\n });\n }\n }\n\n /**\n * Get cache statistics\n */\n getStats(): { size: number; keys: string[] } {\n return {\n size: this.cache.size,\n keys: Array.from(this.cache.keys()),\n };\n }\n\n /**\n * Clean up expired entries\n */\n cleanup(): void {\n const now = Date.now();\n const keysToDelete: string[] = [];\n\n this.cache.forEach((entry, key) => {\n if (now - entry.timestamp > entry.ttl) {\n keysToDelete.push(key);\n }\n });\n\n keysToDelete.forEach(key => {\n this.cache.delete(key);\n this.notifySubscribers(key);\n });\n }\n}\n\n// Global cache instance\nexport const cache = new ExGuardCache();\n","/**\n * Realtime event handling for cache invalidation with Socket.IO support\n * Works in both browser and Node.js environments\n */\n\nimport { io, type Socket } from 'socket.io-client';\n\nconsole.log('[ExGuardRealtime] Socket.IO client loaded:', typeof io);\n\nexport interface RealtimeEvent {\n type: string;\n userId?: string;\n data?: any;\n timestamp: number;\n}\n\nexport interface RealtimeEventHandler {\n (event: RealtimeEvent): void;\n}\n\nexport interface RealtimeConnectionHandler {\n (): void;\n}\n\nexport interface RealtimeAuthOptions {\n accessToken?: string;\n apiKey?: string;\n bearerToken?: string;\n userId?: string;\n}\n\nexport interface RealtimeErrorHandler {\n (error: Error): void;\n}\n\nexport interface ExGuardRealtimeConfig {\n autoReconnect?: boolean;\n maxReconnectAttempts?: number;\n reconnectDelay?: number;\n reconnectMaxDelay?: number;\n onConnect?: RealtimeConnectionHandler;\n onDisconnect?: RealtimeConnectionHandler;\n onError?: RealtimeErrorHandler;\n autoConnect?: boolean;\n}\n\nexport class ExGuardRealtime {\n private handlers = new Map<string, Set<RealtimeEventHandler>>();\n private socket: Socket | null = null;\n private reconnectAttempts = 0;\n private config: Required<ExGuardRealtimeConfig>;\n private currentUrl: string | null = null;\n private currentToken: string | null = null;\n private currentUserId: string | null = null;\n private shouldReconnect = true;\n\n constructor(config: ExGuardRealtimeConfig = {}) {\n this.config = {\n autoReconnect: config.autoReconnect ?? true,\n maxReconnectAttempts: config.maxReconnectAttempts ?? 5,\n reconnectDelay: config.reconnectDelay ?? 1000,\n reconnectMaxDelay: config.reconnectMaxDelay ?? 30000,\n onConnect: config.onConnect ?? (() => {}),\n onDisconnect: config.onDisconnect ?? (() => {}),\n onError: config.onError ?? ((error: Error) => console.error('[ExGuardRealtime] Error:', error)),\n autoConnect: config.autoConnect ?? false,\n };\n }\n\n /**\n * Initialize and optionally connect to realtime server\n */\n async init(url?: string, accessToken?: string, userId?: string): Promise<void> {\n if (url) {\n this.currentUrl = url;\n this.currentToken = accessToken ?? null;\n this.currentUserId = userId ?? null;\n if (this.config.autoConnect) {\n try {\n await this.connect(url, accessToken, userId);\n } catch (error) {\n console.warn('[ExGuardRealtime] Auto-connect failed, will retry on demand:', error);\n }\n }\n }\n }\n\n /**\n * Connect to realtime server using Socket.IO\n * @param url - Server URL (e.g., https://api.example.com)\n * @param auth - Authentication options (accessToken, apiKey, bearerToken, userId)\n */\n connect(url: string, auth?: string | RealtimeAuthOptions, userId?: string): Promise<void> {\n let authToken: string | undefined;\n let authUserId: string | undefined;\n\n if (typeof auth === 'string') {\n authToken = auth;\n authUserId = userId || 'unknown';\n } else if (typeof auth === 'object') {\n authToken = auth.accessToken || auth.bearerToken || auth.apiKey;\n authUserId = auth.userId || userId || 'unknown';\n }\n\n return new Promise((resolve, reject) => {\n this.shouldReconnect = true;\n this.currentUrl = url;\n this.currentToken = authToken ?? null;\n this.currentUserId = authUserId ?? null;\n\n try {\n // Disconnect existing socket\n if (this.socket) {\n this.socket.disconnect();\n this.socket = null;\n }\n\n const socketUrl = `${url}/realtime`;\n console.log('[ExGuardRealtime] Connecting to:', socketUrl);\n\n this.socket = io(socketUrl, {\n auth: {\n token: authToken,\n userId: authUserId,\n },\n transports: ['websocket', 'polling'],\n reconnection: this.config.autoReconnect,\n reconnectionDelay: this.config.reconnectDelay,\n reconnectionDelayMax: this.config.reconnectMaxDelay,\n reconnectionAttempts: this.config.maxReconnectAttempts,\n timeout: 20000,\n });\n\n this.socket.on('connect', () => {\n this.reconnectAttempts = 0;\n console.log('[ExGuardRealtime] Connected! Socket ID:', this.socket?.id);\n this.config.onConnect();\n resolve();\n });\n\n this.socket.on('disconnect', (reason: string) => {\n console.log('[ExGuardRealtime] Disconnected:', reason);\n this.config.onDisconnect();\n if (this.shouldReconnect && this.config.autoReconnect) {\n this.handleReconnect();\n }\n });\n\n this.socket.on('connect_error', (error: any) => {\n console.error('[ExGuardRealtime] Connection error:', error.message);\n const err = new Error(`Connection error: ${error.message}`);\n this.config.onError(err);\n if (!this.shouldReconnect || this.reconnectAttempts >= this.config.maxReconnectAttempts) {\n reject(err);\n }\n });\n\n this.socket.on('error', (error: any) => {\n console.error('[ExGuardRealtime] Socket error:', error);\n const err = new Error(`Socket error: ${error}`);\n this.config.onError(err);\n });\n\n this.socket.on('reconnect_attempt', (attempt: number) => {\n this.reconnectAttempts = attempt;\n console.log(`[ExGuardRealtime] Reconnecting... (attempt ${attempt})`);\n });\n\n this.socket.on('reconnect', () => {\n console.log('[ExGuardRealtime] Reconnected!');\n });\n\n this.socket.on('reconnect_failed', () => {\n console.error('[ExGuardRealtime] Reconnection failed after max attempts');\n const err = new Error('Reconnection failed after maximum attempts');\n this.config.onError(err);\n reject(err);\n });\n\n // Listen to all realtime events\n this.socket.onAny((eventName: string, payload: any) => {\n try {\n const realtimeEvent: RealtimeEvent = {\n type: eventName,\n timestamp: payload?.timestamp || Date.now(),\n data: payload?.data || payload,\n userId: payload?.userId,\n };\n this.handleEvent(realtimeEvent);\n } catch (error) {\n console.error('[ExGuardRealtime] Failed to handle event:', error);\n }\n });\n\n // Set connection timeout\n setTimeout(() => {\n if (!this.socket?.connected) {\n const err = new Error('Connection timeout');\n this.config.onError(err);\n this.socket?.disconnect();\n reject(err);\n }\n }, 20000);\n\n } catch (error) {\n reject(error);\n }\n });\n }\n\n /**\n * Subscribe to channels\n */\n subscribeToChannel(channel: 'roles' | 'permissions' | 'rbac'): void {\n if (this.socket?.connected) {\n this.socket.emit(`subscribe:${channel}`);\n console.log(`[ExGuardRealtime] Subscribed to channel: ${channel}`);\n }\n }\n\n /**\n * Disconnect from realtime server\n */\n disconnect(): void {\n this.shouldReconnect = false;\n if (this.socket) {\n this.socket.disconnect();\n this.socket = null;\n }\n }\n\n /**\n * Subscribe to realtime events\n * Use '*' as eventType to receive ALL events\n */\n subscribe(eventType: string, handler: RealtimeEventHandler): () => void {\n if (!this.handlers.has(eventType)) {\n this.handlers.set(eventType, new Set());\n }\n \n this.handlers.get(eventType)!.add(handler);\n \n return () => {\n const handlers = this.handlers.get(eventType);\n if (handlers) {\n handlers.delete(handler);\n if (handlers.size === 0) {\n this.handlers.delete(eventType);\n }\n }\n };\n }\n\n /**\n * Subscribe to ALL realtime events (wildcard)\n */\n subscribeAll(handler: RealtimeEventHandler): () => void {\n return this.subscribe('*', handler);\n }\n\n /**\n * Handle incoming realtime events\n */\n private handleEvent(event: RealtimeEvent): void {\n console.log('[ExGuardRealtime] Received event:', event);\n \n // Call specific event handlers\n const handlers = this.handlers.get(event.type);\n if (handlers) {\n handlers.forEach(handler => {\n try {\n handler(event);\n } catch (error) {\n console.error('[ExGuardRealtime] Event handler error:', error);\n }\n });\n }\n \n // Call wildcard handlers for ALL events\n const wildcardHandlers = this.handlers.get('*');\n if (wildcardHandlers) {\n wildcardHandlers.forEach(handler => {\n try {\n handler(event);\n } catch (error) {\n console.error('[ExGuardRealtime] Wildcard handler error:', error);\n }\n });\n }\n }\n\n /**\n * Handle reconnection logic\n */\n private handleReconnect(): void {\n if (!this.shouldReconnect || !this.config.autoReconnect || !this.currentUrl) {\n return;\n }\n\n if (this.reconnectAttempts < this.config.maxReconnectAttempts) {\n this.reconnectAttempts++;\n const delay = Math.min(\n this.config.reconnectDelay * Math.pow(2, this.reconnectAttempts - 1),\n this.config.reconnectMaxDelay\n );\n \n console.log(`[ExGuardRealtime] Reconnecting in ${delay}ms (attempt ${this.reconnectAttempts})`);\n \n setTimeout(() => {\n this.connect(this.currentUrl!, this.currentToken!, this.currentUserId!).catch(error => {\n console.error('[ExGuardRealtime] Reconnection failed:', error);\n });\n }, delay);\n } else {\n console.error('[ExGuardRealtime] Max reconnection attempts reached');\n }\n }\n\n /**\n * Manually trigger reconnection with current auth\n */\n reconnect(): Promise<void> {\n if (this.currentUrl && this.currentToken) {\n this.reconnectAttempts = 0;\n return this.connect(this.currentUrl, this.currentToken, this.currentUserId || undefined);\n } else if (this.currentUrl) {\n this.reconnectAttempts = 0;\n return this.connect(this.currentUrl);\n }\n return Promise.reject(new Error('No URL configured'));\n }\n\n /**\n * Check if connected\n */\n isConnected(): boolean {\n return this.socket?.connected ?? false;\n }\n\n /**\n * Get connection status\n */\n getStatus(): 'connecting' | 'connected' | 'disconnected' | 'reconnecting' {\n if (!this.socket) return 'disconnected';\n if (this.socket.connected) return 'connected';\n return 'disconnected';\n }\n\n /**\n * Send a message to the server\n */\n send(event: string, data: any): void {\n if (this.socket?.connected) {\n this.socket.emit(event, data);\n }\n }\n\n /**\n * Update configuration\n */\n updateConfig(config: Partial<ExGuardRealtimeConfig>): void {\n this.config = {\n ...this.config,\n ...config,\n };\n }\n\n /**\n * Connect on-demand with user's access token from request\n * Call this in your guard or middleware with the user's token\n */\n async connectWithUserToken(url: string, accessToken: string, userId?: string): Promise<void> {\n try {\n await this.connect(url, accessToken, userId);\n } catch (error) {\n console.warn('[ExGuardRealtime] Failed to connect with user token:', error);\n }\n }\n}\n\n// Factory function for creating realtime instance\nexport function createRealtime(config?: ExGuardRealtimeConfig): ExGuardRealtime {\n return new ExGuardRealtime(config);\n}\n\n// Global realtime instance\nexport const realtime = new ExGuardRealtime();\n","/**\n * Framework-agnostic guards for protecting backend endpoints\n */\n\nimport { ExGuardBackendEnhanced } from './exguard-backend-enhanced.js';\nimport { ExGuardEnhancedConfig, UserAccessResponse, GuardContext, GuardResult, GuardOptions } from './types.js';\n\n// Re-export types for use in other modules\nexport type { GuardContext, GuardResult, GuardOptions, UserAccessResponse };\n\n/**\n * Framework-agnostic guard class for endpoint protection\n */\nexport class ExGuardBackend {\n private exGuard: ExGuardBackendEnhanced;\n\n constructor(config: ExGuardEnhancedConfig) {\n this.exGuard = new ExGuardBackendEnhanced(config);\n }\n\n /**\n * Check if user has specific permissions\n */\n async requirePermissions(\n context: GuardContext, \n permissions: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n if (options.requireAll) {\n // Require ALL permissions\n const results = await this.exGuard.hasPermissions(context.token, permissions);\n const hasAll = permissions.every(permission => results[permission]);\n \n if (!hasAll) {\n return {\n allowed: false,\n error: `Insufficient permissions. Required: ${permissions.join(', ')}`,\n statusCode: 403\n };\n }\n } else {\n // Require ANY permission (default)\n const hasPermission = await this.exGuard.hasPermissions(context.token, permissions);\n const hasAny = Object.values(hasPermission).some(Boolean);\n \n if (!hasAny) {\n return {\n allowed: false,\n error: `Insufficient permissions. Required any of: ${permissions.join(', ')}`,\n statusCode: 403\n };\n }\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Permission check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has specific roles\n */\n async requireRoles(\n context: GuardContext, \n roles: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n if (options.requireAll) {\n // Require ALL roles\n const results = await this.exGuard.hasRoles(context.token, roles);\n const hasAll = roles.every(role => results[role]);\n \n if (!hasAll) {\n return {\n allowed: false,\n error: `Insufficient roles. Required: ${roles.join(', ')}`,\n statusCode: 403\n };\n }\n } else {\n // Require ANY role (default)\n const hasRole = await this.exGuard.hasRoles(context.token, roles);\n const hasAny = Object.values(hasRole).some(Boolean);\n \n if (!hasAny) {\n return {\n allowed: false,\n error: `Insufficient roles. Required any of: ${roles.join(', ')}`,\n statusCode: 403\n };\n }\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Role check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has access to specific modules\n */\n async requireModules(\n context: GuardContext, \n modules: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n const userModuleKeys = userAccess.modules.map(m => m.key);\n\n let hasAccess: boolean;\n\n if (options.requireAll) {\n // Require ALL modules\n hasAccess = modules.every(module => userModuleKeys.includes(module));\n } else {\n // Require ANY module (default)\n hasAccess = modules.some(module => userModuleKeys.includes(module));\n }\n\n if (!hasAccess) {\n return {\n allowed: false,\n error: `Insufficient module access. Required: ${modules.join(', ')}`,\n statusCode: 403\n };\n }\n\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Module check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has access to specific field offices\n */\n async requireFieldOffices(\n context: GuardContext, \n fieldOffices: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n const userFieldOffices = await this.exGuard.getUserFieldOffices(context.token);\n\n let hasAccess: boolean;\n\n if (options.requireAll) {\n // Require ALL field offices\n hasAccess = fieldOffices.every(office => userFieldOffices.includes(office));\n } else {\n // Require ANY field office (default)\n hasAccess = fieldOffices.some(office => userFieldOffices.includes(office));\n }\n\n if (!hasAccess) {\n return {\n allowed: false,\n error: `Insufficient field office access. Required: ${fieldOffices.join(', ')}`,\n statusCode: 403\n };\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Field office check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Flexible guard with multiple requirements\n */\n async require(context: GuardContext, options: GuardOptions): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n let passed = true;\n const failures: string[] = [];\n\n // Check permissions\n if (options.permissions && options.permissions.length > 0) {\n const userPermissions = userAccess.modules.flatMap(m => m.permissions);\n const hasPermissions = options.requireAll\n ? options.permissions.every(p => userPermissions.includes(p))\n : options.permissions.some(p => userPermissions.includes(p));\n \n if (!hasPermissions) {\n passed = false;\n failures.push(`permissions: ${options.permissions.join(', ')}`);\n }\n }\n\n // Check roles\n if (options.roles && options.roles.length > 0) {\n const hasRoles = options.requireAll\n ? options.roles.every(r => userAccess.roles.includes(r))\n : options.roles.some(r => userAccess.roles.includes(r));\n \n if (!hasRoles) {\n passed = false;\n failures.push(`roles: ${options.roles.join(', ')}`);\n }\n }\n\n // Check modules\n if (options.modules && options.modules.length > 0) {\n const userModuleKeys = userAccess.modules.map(m => m.key);\n const hasModules = options.requireAll\n ? options.modules.every(m => userModuleKeys.includes(m))\n : options.modules.some(m => userModuleKeys.includes(m));\n \n if (!hasModules) {\n passed = false;\n failures.push(`modules: ${options.modules.join(', ')}`);\n }\n }\n\n // Check field offices\n if (options.fieldOffices && options.fieldOffices.length > 0) {\n const hasFieldOffices = options.requireAll\n ? options.fieldOffices.every(fo => userAccess.fieldOffices.includes(fo))\n : options.fieldOffices.some(fo => userAccess.fieldOffices.includes(fo));\n \n if (!hasFieldOffices) {\n passed = false;\n failures.push(`field offices: ${options.fieldOffices.join(', ')}`);\n }\n }\n\n if (!passed) {\n return {\n allowed: false,\n error: `Access denied. Missing: ${failures.join('; ')}`,\n statusCode: 403\n };\n }\n\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Access check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Simple authentication (just validates token)\n */\n async authenticate(context: GuardContext): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Authentication failed',\n statusCode: 401\n };\n }\n }\n\n /**\n * Get the underlying ExGuardBackendEnhanced instance\n */\n getExGuard(): ExGuardBackendEnhanced {\n return this.exGuard;\n }\n}\n\n/**\n * Helper function to extract token from various request types\n */\nexport function extractToken(request: any): string | null {\n // Express-style\n if (request.headers?.authorization) {\n const authHeader = request.headers.authorization;\n if (authHeader.startsWith('Bearer ')) {\n return authHeader.substring(7);\n }\n }\n\n // Fastify-style\n if (request.headers?.authorization) {\n const authHeader = request.headers.authorization;\n if (authHeader.startsWith('Bearer ')) {\n return authHeader.substring(7);\n }\n }\n\n // Custom header\n if (request.headers?.['x-access-token']) {\n return request.headers['x-access-token'];\n }\n\n // Query parameter\n if (request.query?.token) {\n return request.query.token;\n }\n\n return null;\n}\n\n/**\n * Create a guard context from a request\n */\nexport function createGuardContext(request: any): GuardContext | null {\n const token = extractToken(request);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request\n };\n}\n","/**\n * Express.js middleware for ExGuard endpoint protection\n */\n\nimport { ExGuardBackend, GuardContext, GuardOptions, extractToken } from './guards.js';\n\n// Conditional types to avoid build errors when express is not installed\ntype Request = any;\ntype Response = any;\ntype NextFunction = any;\n\nexport interface AuthenticatedRequest extends Request {\n user?: {\n id: string;\n cognitoSubId: string;\n username: string;\n email: string;\n roles: string[];\n permissions: string[];\n modules: Array<{ key: string; permissions: string[] }>;\n fieldOffices: string[];\n };\n}\n\n/**\n * Express middleware factory\n */\nexport function createExGuardExpress(config: any) {\n const guard = new ExGuardBackend(config);\n\n return {\n /**\n * Require specific permissions\n */\n requirePermissions(permissions: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requirePermissions(context, permissions, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require specific roles\n */\n requireRoles(roles: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireRoles(context, roles, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require module access\n */\n requireModules(modules: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireModules(context, modules, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require field office access\n */\n requireFieldOffices(fieldOffices: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireFieldOffices(context, fieldOffices, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Flexible guard with multiple requirements\n */\n require(options: GuardOptions) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.require(context, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Simple authentication middleware\n */\n authenticate() {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.authenticate(context);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 401).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Get the underlying guard instance\n */\n getGuard(): ExGuardBackend {\n return guard;\n }\n };\n}\n\nfunction createGuardContext(req: Request): GuardContext | null {\n const token = extractToken(req);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request: req\n };\n}\n","/**\n * Fastify plugin for ExGuard endpoint protection\n */\n\nimport { ExGuardBackend, GuardContext, GuardOptions, extractToken } from './guards.js';\n\n// Conditional types to avoid build errors when fastify is not installed\ntype FastifyRequest = any;\ntype FastifyReply = any;\n\nexport interface AuthenticatedRequest extends FastifyRequest {\n user?: {\n id: string;\n cognitoSubId: string;\n username: string;\n email: string;\n roles: string[];\n permissions: string[];\n modules: Array<{ key: string; permissions: string[] }>;\n fieldOffices: string[];\n };\n}\n\n/**\n * Fastify plugin factory\n */\nexport function createExGuardFastify(config: any) {\n const guard = new ExGuardBackend(config);\n\n return {\n /**\n * Require specific permissions\n */\n requirePermissions(permissions: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requirePermissions(context, permissions, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require specific roles\n */\n requireRoles(roles: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireRoles(context, roles, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require module access\n */\n requireModules(modules: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireModules(context, modules, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require field office access\n */\n requireFieldOffices(fieldOffices: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireFieldOffices(context, fieldOffices, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Flexible guard with multiple requirements\n */\n require(options: GuardOptions) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.require(context, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Simple authentication hook\n */\n authenticate() {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.authenticate(context);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 401).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Get the underlying guard instance\n */\n getGuard(): ExGuardBackend {\n return guard;\n }\n };\n}\n\nfunction createGuardContext(req: FastifyRequest): GuardContext | null {\n const token = extractToken(req);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request: req\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,eAAAA;AAAA,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,mBAAoD;AAO7C,IAAM,iBAAN,MAAqB;AAAA,EAClB;AAAA,EACA;AAAA,EAER,YAAY,QAAuB;AACjC,SAAK,SAAS;AAAA,MACZ,SAAS;AAAA,MACT,GAAG;AAAA,IACL;AAEA,SAAK,SAAS,aAAAC,QAAM,OAAO;AAAA,MACzB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,cAAc,OAA4C;AAC9D,QAAI;AACF,YAAM,WACJ,MAAM,KAAK,OAAO,IAAI,aAAa;AAAA,QACjC,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK;AAAA,QAClC;AAAA,MACF,CAAC;AAEH,UAAI,CAAC,SAAS,KAAK,SAAS;AAC1B,cAAM,IAAI,MAAM,yCAAyC;AAAA,MAC3D;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,UAAI,aAAAA,QAAM,aAAa,KAAK,GAAG;AAC7B,YAAI,MAAM,UAAU,WAAW,KAAK;AAClC,gBAAM,IAAI,MAAM,wCAAwC;AAAA,QAC1D;AACA,cAAM,IAAI,MAAM,cAAc,MAAM,UAAU,MAAM,WAAW,MAAM,OAAO,EAAE;AAAA,MAChF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,OAAe,YAAsC;AACvE,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW,QAAQ;AAAA,QAAK,CAAAC,YAC7BA,QAAO,YAAY,SAAS,UAAU;AAAA,MACxC;AAAA,IACF,SAAS,OAAO;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,QAAQ,OAAe,MAAgC;AAC3D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW,MAAM,SAAS,IAAI;AAAA,IACvC,SAAS,OAAO;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,qBAAqB,OAAe,WAAsC;AAC9E,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,YAAMA,UAAS,WAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,aAAOA,SAAQ,eAAe,CAAC;AAAA,IACjC,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa,OAAkC;AACnD,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW;AAAA,IACpB,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,oBAAoB,OAAkC;AAC1D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW;AAAA,IACpB,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AACF;;;ACnIA,IAAAC,gBAAoD;;;ACU7C,IAAM,eAAN,MAAmB;AAAA,EAChB,QAAQ,oBAAI,IAA6B;AAAA,EACzC,cAAc,oBAAI,IAA6B;AAAA,EAC/C,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA,EAKrB,IAAO,KAAuB;AAC5B,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AAGnB,QAAI,KAAK,IAAI,IAAI,MAAM,YAAY,MAAM,KAAK;AAC5C,WAAK,MAAM,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAEA,WAAO,MAAM;AAAA,EACf;AAAA;AAAA;AAAA;AAAA,EAKA,IAAO,KAAa,MAAS,KAAoB;AAC/C,SAAK,MAAM,IAAI,KAAK;AAAA,MAClB;AAAA,MACA,WAAW,KAAK,IAAI;AAAA,MACpB,KAAK,OAAO,KAAK;AAAA,IACnB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,KAAsB;AAC3B,UAAM,UAAU,KAAK,MAAM,OAAO,GAAG;AACrC,QAAI,SAAS;AACX,WAAK,kBAAkB,GAAG;AAAA,IAC5B;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,QAAc;AACZ,UAAM,OAAO,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC;AACzC,SAAK,MAAM,MAAM;AACjB,SAAK,QAAQ,SAAO,KAAK,kBAAkB,GAAG,CAAC;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,QAAsB;AAEnC,UAAM,eAAe,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC,EAAE;AAAA,MAAO,SACxD,IAAI,SAAS,MAAM;AAAA,IACrB;AAEA,YAAQ,IAAI,0CAA0C,MAAM,WAAW,aAAa,MAAM,UAAU,YAAY;AAEhH,iBAAa,QAAQ,SAAO;AAC1B,WAAK,MAAM,OAAO,GAAG;AACrB,WAAK,kBAAkB,GAAG;AAAA,IAC5B,CAAC;AAED,QAAI,aAAa,WAAW,GAAG;AAC7B,cAAQ,IAAI,kDAAkD,MAAM,EAAE;AAAA,IACxE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,KAAa,UAAkC;AACvD,QAAI,CAAC,KAAK,YAAY,IAAI,GAAG,GAAG;AAC9B,WAAK,YAAY,IAAI,KAAK,oBAAI,IAAI,CAAC;AAAA,IACrC;AAEA,SAAK,YAAY,IAAI,GAAG,EAAG,IAAI,QAAQ;AAGvC,WAAO,MAAM;AACX,YAAM,YAAY,KAAK,YAAY,IAAI,GAAG;AAC1C,UAAI,WAAW;AACb,kBAAU,OAAO,QAAQ;AACzB,YAAI,UAAU,SAAS,GAAG;AACxB,eAAK,YAAY,OAAO,GAAG;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,KAAmB;AAC3C,UAAM,YAAY,KAAK,YAAY,IAAI,GAAG;AAC1C,QAAI,WAAW;AACb,gBAAU,QAAQ,cAAY;AAC5B,YAAI;AACF,mBAAS;AAAA,QACX,SAAS,OAAO;AACd,kBAAQ,MAAM,2BAA2B,KAAK;AAAA,QAChD;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,WAA6C;AAC3C,WAAO;AAAA,MACL,MAAM,KAAK,MAAM;AAAA,MACjB,MAAM,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC;AAAA,IACpC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,UAAgB;AACd,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,eAAyB,CAAC;AAEhC,SAAK,MAAM,QAAQ,CAAC,OAAO,QAAQ;AACjC,UAAI,MAAM,MAAM,YAAY,MAAM,KAAK;AACrC,qBAAa,KAAK,GAAG;AAAA,MACvB;AAAA,IACF,CAAC;AAED,iBAAa,QAAQ,SAAO;AAC1B,WAAK,MAAM,OAAO,GAAG;AACrB,WAAK,kBAAkB,GAAG;AAAA,IAC5B,CAAC;AAAA,EACH;AACF;AAGO,IAAM,QAAQ,IAAI,aAAa;;;ACnJtC,oBAAgC;AAEhC,QAAQ,IAAI,8CAA8C,OAAO,gBAAE;AAuC5D,IAAM,kBAAN,MAAsB;AAAA,EACnB,WAAW,oBAAI,IAAuC;AAAA,EACtD,SAAwB;AAAA,EACxB,oBAAoB;AAAA,EACpB;AAAA,EACA,aAA4B;AAAA,EAC5B,eAA8B;AAAA,EAC9B,gBAA+B;AAAA,EAC/B,kBAAkB;AAAA,EAE1B,YAAY,SAAgC,CAAC,GAAG;AAC9C,SAAK,SAAS;AAAA,MACZ,eAAe,OAAO,iBAAiB;AAAA,MACvC,sBAAsB,OAAO,wBAAwB;AAAA,MACrD,gBAAgB,OAAO,kBAAkB;AAAA,MACzC,mBAAmB,OAAO,qBAAqB;AAAA,MAC/C,WAAW,OAAO,cAAc,MAAM;AAAA,MAAC;AAAA,MACvC,cAAc,OAAO,iBAAiB,MAAM;AAAA,MAAC;AAAA,MAC7C,SAAS,OAAO,YAAY,CAAC,UAAiB,QAAQ,MAAM,4BAA4B,KAAK;AAAA,MAC7F,aAAa,OAAO,eAAe;AAAA,IACrC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,KAAc,aAAsB,QAAgC;AAC7E,QAAI,KAAK;AACP,WAAK,aAAa;AAClB,WAAK,eAAe,eAAe;AACnC,WAAK,gBAAgB,UAAU;AAC/B,UAAI,KAAK,OAAO,aAAa;AAC3B,YAAI;AACF,gBAAM,KAAK,QAAQ,KAAK,aAAa,MAAM;AAAA,QAC7C,SAAS,OAAO;AACd,kBAAQ,KAAK,gEAAgE,KAAK;AAAA,QACpF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,QAAQ,KAAa,MAAqC,QAAgC;AACxF,QAAI;AACJ,QAAI;AAEJ,QAAI,OAAO,SAAS,UAAU;AAC5B,kBAAY;AACZ,mBAAa,UAAU;AAAA,IACzB,WAAW,OAAO,SAAS,UAAU;AACnC,kBAAY,KAAK,eAAe,KAAK,eAAe,KAAK;AACzD,mBAAa,KAAK,UAAU,UAAU;AAAA,IACxC;AAEA,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,WAAK,kBAAkB;AACvB,WAAK,aAAa;AAClB,WAAK,eAAe,aAAa;AACjC,WAAK,gBAAgB,cAAc;AAEnC,UAAI;AAEF,YAAI,KAAK,QAAQ;AACf,eAAK,OAAO,WAAW;AACvB,eAAK,SAAS;AAAA,QAChB;AAEA,cAAM,YAAY,GAAG,GAAG;AACxB,gBAAQ,IAAI,oCAAoC,SAAS;AAEzD,aAAK,aAAS,kBAAG,WAAW;AAAA,UAC1B,MAAM;AAAA,YACJ,OAAO;AAAA,YACP,QAAQ;AAAA,UACV;AAAA,UACA,YAAY,CAAC,aAAa,SAAS;AAAA,UACnC,cAAc,KAAK,OAAO;AAAA,UAC1B,mBAAmB,KAAK,OAAO;AAAA,UAC/B,sBAAsB,KAAK,OAAO;AAAA,UAClC,sBAAsB,KAAK,OAAO;AAAA,UAClC,SAAS;AAAA,QACX,CAAC;AAED,aAAK,OAAO,GAAG,WAAW,MAAM;AAC9B,eAAK,oBAAoB;AACzB,kBAAQ,IAAI,2CAA2C,KAAK,QAAQ,EAAE;AACtE,eAAK,OAAO,UAAU;AACtB,kBAAQ;AAAA,QACV,CAAC;AAED,aAAK,OAAO,GAAG,cAAc,CAAC,WAAmB;AAC/C,kBAAQ,IAAI,mCAAmC,MAAM;AACrD,eAAK,OAAO,aAAa;AACzB,cAAI,KAAK,mBAAmB,KAAK,OAAO,eAAe;AACrD,iBAAK,gBAAgB;AAAA,UACvB;AAAA,QACF,CAAC;AAED,aAAK,OAAO,GAAG,iBAAiB,CAAC,UAAe;AAC9C,kBAAQ,MAAM,uCAAuC,MAAM,OAAO;AAClE,gBAAM,MAAM,IAAI,MAAM,qBAAqB,MAAM,OAAO,EAAE;AAC1D,eAAK,OAAO,QAAQ,GAAG;AACvB,cAAI,CAAC,KAAK,mBAAmB,KAAK,qBAAqB,KAAK,OAAO,sBAAsB;AACvF,mBAAO,GAAG;AAAA,UACZ;AAAA,QACF,CAAC;AAED,aAAK,OAAO,GAAG,SAAS,CAAC,UAAe;AACtC,kBAAQ,MAAM,mCAAmC,KAAK;AACtD,gBAAM,MAAM,IAAI,MAAM,iBAAiB,KAAK,EAAE;AAC9C,eAAK,OAAO,QAAQ,GAAG;AAAA,QACzB,CAAC;AAED,aAAK,OAAO,GAAG,qBAAqB,CAAC,YAAoB;AACvD,eAAK,oBAAoB;AACzB,kBAAQ,IAAI,8CAA8C,OAAO,GAAG;AAAA,QACtE,CAAC;AAED,aAAK,OAAO,GAAG,aAAa,MAAM;AAChC,kBAAQ,IAAI,gCAAgC;AAAA,QAC9C,CAAC;AAED,aAAK,OAAO,GAAG,oBAAoB,MAAM;AACvC,kBAAQ,MAAM,0DAA0D;AACxE,gBAAM,MAAM,IAAI,MAAM,4CAA4C;AAClE,eAAK,OAAO,QAAQ,GAAG;AACvB,iBAAO,GAAG;AAAA,QACZ,CAAC;AAGD,aAAK,OAAO,MAAM,CAAC,WAAmB,YAAiB;AACrD,cAAI;AACF,kBAAM,gBAA+B;AAAA,cACnC,MAAM;AAAA,cACN,WAAW,SAAS,aAAa,KAAK,IAAI;AAAA,cAC1C,MAAM,SAAS,QAAQ;AAAA,cACvB,QAAQ,SAAS;AAAA,YACnB;AACA,iBAAK,YAAY,aAAa;AAAA,UAChC,SAAS,OAAO;AACd,oBAAQ,MAAM,6CAA6C,KAAK;AAAA,UAClE;AAAA,QACF,CAAC;AAGD,mBAAW,MAAM;AACf,cAAI,CAAC,KAAK,QAAQ,WAAW;AAC3B,kBAAM,MAAM,IAAI,MAAM,oBAAoB;AAC1C,iBAAK,OAAO,QAAQ,GAAG;AACvB,iBAAK,QAAQ,WAAW;AACxB,mBAAO,GAAG;AAAA,UACZ;AAAA,QACF,GAAG,GAAK;AAAA,MAEV,SAAS,OAAO;AACd,eAAO,KAAK;AAAA,MACd;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,SAAiD;AAClE,QAAI,KAAK,QAAQ,WAAW;AAC1B,WAAK,OAAO,KAAK,aAAa,OAAO,EAAE;AACvC,cAAQ,IAAI,4CAA4C,OAAO,EAAE;AAAA,IACnE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAmB;AACjB,SAAK,kBAAkB;AACvB,QAAI,KAAK,QAAQ;AACf,WAAK,OAAO,WAAW;AACvB,WAAK,SAAS;AAAA,IAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UAAU,WAAmB,SAA2C;AACtE,QAAI,CAAC,KAAK,SAAS,IAAI,SAAS,GAAG;AACjC,WAAK,SAAS,IAAI,WAAW,oBAAI,IAAI,CAAC;AAAA,IACxC;AAEA,SAAK,SAAS,IAAI,SAAS,EAAG,IAAI,OAAO;AAEzC,WAAO,MAAM;AACX,YAAM,WAAW,KAAK,SAAS,IAAI,SAAS;AAC5C,UAAI,UAAU;AACZ,iBAAS,OAAO,OAAO;AACvB,YAAI,SAAS,SAAS,GAAG;AACvB,eAAK,SAAS,OAAO,SAAS;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,SAA2C;AACtD,WAAO,KAAK,UAAU,KAAK,OAAO;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKQ,YAAY,OAA4B;AAC9C,YAAQ,IAAI,qCAAqC,KAAK;AAGtD,UAAM,WAAW,KAAK,SAAS,IAAI,MAAM,IAAI;AAC7C,QAAI,UAAU;AACZ,eAAS,QAAQ,aAAW;AAC1B,YAAI;AACF,kBAAQ,KAAK;AAAA,QACf,SAAS,OAAO;AACd,kBAAQ,MAAM,0CAA0C,KAAK;AAAA,QAC/D;AAAA,MACF,CAAC;AAAA,IACH;AAGA,UAAM,mBAAmB,KAAK,SAAS,IAAI,GAAG;AAC9C,QAAI,kBAAkB;AACpB,uBAAiB,QAAQ,aAAW;AAClC,YAAI;AACF,kBAAQ,KAAK;AAAA,QACf,SAAS,OAAO;AACd,kBAAQ,MAAM,6CAA6C,KAAK;AAAA,QAClE;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAwB;AAC9B,QAAI,CAAC,KAAK,mBAAmB,CAAC,KAAK,OAAO,iBAAiB,CAAC,KAAK,YAAY;AAC3E;AAAA,IACF;AAEA,QAAI,KAAK,oBAAoB,KAAK,OAAO,sBAAsB;AAC7D,WAAK;AACL,YAAM,QAAQ,KAAK;AAAA,QACjB,KAAK,OAAO,iBAAiB,KAAK,IAAI,GAAG,KAAK,oBAAoB,CAAC;AAAA,QACnE,KAAK,OAAO;AAAA,MACd;AAEA,cAAQ,IAAI,qCAAqC,KAAK,eAAe,KAAK,iBAAiB,GAAG;AAE9F,iBAAW,MAAM;AACf,aAAK,QAAQ,KAAK,YAAa,KAAK,cAAe,KAAK,aAAc,EAAE,MAAM,WAAS;AACrF,kBAAQ,MAAM,0CAA0C,KAAK;AAAA,QAC/D,CAAC;AAAA,MACH,GAAG,KAAK;AAAA,IACV,OAAO;AACL,cAAQ,MAAM,qDAAqD;AAAA,IACrE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAA2B;AACzB,QAAI,KAAK,cAAc,KAAK,cAAc;AACxC,WAAK,oBAAoB;AACzB,aAAO,KAAK,QAAQ,KAAK,YAAY,KAAK,cAAc,KAAK,iBAAiB,MAAS;AAAA,IACzF,WAAW,KAAK,YAAY;AAC1B,WAAK,oBAAoB;AACzB,aAAO,KAAK,QAAQ,KAAK,UAAU;AAAA,IACrC;AACA,WAAO,QAAQ,OAAO,IAAI,MAAM,mBAAmB,CAAC;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA,EAKA,cAAuB;AACrB,WAAO,KAAK,QAAQ,aAAa;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,YAA0E;AACxE,QAAI,CAAC,KAAK,OAAQ,QAAO;AACzB,QAAI,KAAK,OAAO,UAAW,QAAO;AAClC,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,KAAK,OAAe,MAAiB;AACnC,QAAI,KAAK,QAAQ,WAAW;AAC1B,WAAK,OAAO,KAAK,OAAO,IAAI;AAAA,IAC9B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA8C;AACzD,SAAK,SAAS;AAAA,MACZ,GAAG,KAAK;AAAA,MACR,GAAG;AAAA,IACL;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,KAAa,aAAqB,QAAgC;AAC3F,QAAI;AACF,YAAM,KAAK,QAAQ,KAAK,aAAa,MAAM;AAAA,IAC7C,SAAS,OAAO;AACd,cAAQ,KAAK,wDAAwD,KAAK;AAAA,IAC5E;AAAA,EACF;AACF;AAGO,SAAS,eAAe,QAAiD;AAC9E,SAAO,IAAI,gBAAgB,MAAM;AACnC;AAGO,IAAM,WAAW,IAAI,gBAAgB;;;AF9VrC,IAAM,yBAAN,MAA6B;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,SAAwB;AAAA,EACxB,uBAAuB;AAAA,EAE/B,YAAY,QAA+B;AACzC,SAAK,SAAS;AAAA,MACZ,SAAS;AAAA,MACT,OAAO;AAAA,QACL,SAAS;AAAA,QACT,KAAK;AAAA,MACP;AAAA,MACA,UAAU;AAAA,QACR,SAAS;AAAA,QACT,eAAe;AAAA,QACf,sBAAsB;AAAA,QACtB,gBAAgB;AAAA,MAClB;AAAA,MACA,GAAG;AAAA,IACL;AAEA,SAAK,QAAQ;AAEb,UAAM,iBAAwC;AAAA,MAC5C,eAAe,KAAK,OAAO,UAAU,iBAAiB;AAAA,MACtD,sBAAsB,KAAK,OAAO,UAAU,wBAAwB;AAAA,MACpE,gBAAgB,KAAK,OAAO,UAAU,kBAAkB;AAAA,MACxD,WAAW,MAAM;AACf,aAAK,uBAAuB;AAC5B,aAAK,OAAO,UAAU,YAAY;AAAA,MACpC;AAAA,MACA,cAAc,MAAM;AAClB,aAAK,uBAAuB;AAC5B,aAAK,OAAO,UAAU,eAAe;AAAA,MACvC;AAAA,MACA,SAAS,CAAC,UAAU;AAClB,aAAK,OAAO,UAAU,UAAU,KAAK;AAAA,MACvC;AAAA,IACF;AAEA,SAAK,WAAW,eAAe,cAAc;AAE7C,SAAK,SAAS,cAAAC,QAAM,OAAO;AAAA,MACzB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,IACF,CAAC;AAED,YAAQ,IAAI,qCAAqC;AAAA,MAC/C,SAAS,KAAK,OAAO,UAAU;AAAA,MAC/B,KAAK,KAAK,OAAO,UAAU;AAAA,MAC3B,gBAAgB,CAAC,CAAC,KAAK,OAAO,UAAU;AAAA,IAC1C,CAAC;AAED,QAAI,KAAK,OAAO,UAAU,WAAW,KAAK,OAAO,SAAS,KAAK;AAC7D,cAAQ,IAAI,kDAAkD;AAC9D,WAAK,cAAc,EAAE,MAAM,SAAO;AAChC,gBAAQ,MAAM,8CAA8C,GAAG;AAAA,MACjE,CAAC;AAAA,IACH,OAAO;AACL,cAAQ,IAAI,uDAAuD;AAAA,IACrE;AAEA,gBAAY,MAAM;AAChB,WAAK,MAAM,QAAQ;AAAA,IACrB,GAAG,GAAK;AAAA,EACV;AAAA,EAEA,MAAc,gBAA+B;AAE3C,QAAI,CAAC,KAAK,OAAO,UAAU,WAAW,CAAC,KAAK,OAAO,UAAU,KAAK;AAChE;AAAA,IACF;AAEA,QAAI;AACF,YAAM,KAAK,SAAS;AAAA,QAClB,KAAK,OAAO,SAAS;AAAA,QACrB,KAAK,OAAO,SAAS;AAAA,MACvB;AAGA,WAAK,SAAS,mBAAmB,MAAM;AACvC,WAAK,SAAS,mBAAmB,OAAO;AACxC,WAAK,SAAS,mBAAmB,aAAa;AAG9C,WAAK,SAAS,UAAU,KAAK,CAAC,UAAyB;AACrD,gBAAQ,IAAI,6CAA6C,KAAK;AAG9D,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,eAAK,OAAO,UAAU,eAAe,KAAK;AAC1C,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,eAAK,OAAO,UAAU,eAAe,KAAK;AAC1C,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,YAAY,KAAK,MAAM,SAAS,qBAAqB;AAC3E,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IAEH,SAAS,OAAO;AACd,cAAQ,KAAK,uEAAuE,KAAK;AAAA,IAC3F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,KAAc,aAAqC;AACvE,UAAM,QAAQ,OAAO,KAAK,OAAO,UAAU;AAC3C,UAAM,UAAU,eAAe,KAAK,OAAO,UAAU;AAErD,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM,2BAA2B;AAAA,IAC7C;AAEA,UAAM,KAAK,cAAc;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,WAAkC;AAC3D,UAAM,QAAQ,KAAK,OAAO,UAAU;AAEpC,QAAI,CAAC,OAAO;AACV,cAAQ,KAAK,6CAA6C;AAC1D;AAAA,IACF;AAGA,UAAM,SAAS,KAAK,uBAAuB,SAAS,KAAK;AAEzD,YAAQ,IAAI,oEAAoE,MAAM;AAEtF,QAAI;AACF,YAAM,KAAK,SAAS,QAAQ,OAAO,WAAW,MAAM;AACpD,WAAK,SAAS,mBAAmB,MAAM;AAAA,IACzC,SAAS,OAAO;AACd,cAAQ,KAAK,uDAAuD,KAAK;AAAA,IAC3E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,qBAA2B;AACzB,SAAK,SAAS,WAAW;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,sBAA+B;AAC7B,WAAO,KAAK,wBAAwB,KAAK,SAAS,YAAY;AAAA,EAChE;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAkF;AAChF,WAAO,KAAK,SAAS,UAAU;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAoB,WAAmB,SAAqD;AAC1F,WAAO,KAAK,SAAS,UAAU,WAAW,OAAO;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA,EAKA,uBAAuB,SAAqD;AAC1E,WAAO,KAAK,SAAS,aAAa,OAAO;AAAA,EAC3C;AAAA,EAEQ,uBAAuB,OAA8B;AAC3D,QAAI;AACF,YAAM,UAAU,KAAK,MAAM,KAAK,MAAM,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC;AACpD,aAAO,QAAQ,OAAO;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEQ,YAAY,OAAe,SAAiB,IAAY;AAC9D,UAAM,SAAS,KAAK,uBAAuB,KAAK,KAAK;AACrD,WAAO,QAAQ,MAAM,IAAI,MAAM;AAAA,EACjC;AAAA,EAEA,MAAM,cAAc,OAA4C;AAC9D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,aAAO,KAAK,gBAAgB,KAAK;AAAA,IACnC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,QAAQ;AACjD,UAAM,SAAS,KAAK,MAAM,IAAwB,QAAQ;AAE1D,QAAI,QAAQ;AACV,cAAQ,IAAI,4CAA4C;AACxD,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,mDAAmD;AAC/D,UAAM,OAAO,MAAM,KAAK,gBAAgB,KAAK;AAE7C,SAAK,MAAM,IAAI,UAAU,MAAM,KAAK,OAAO,MAAM,GAAG;AAEpD,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,gBAAgB,OAA4C;AACxE,QAAI;AACF,YAAM,WACJ,MAAM,KAAK,OAAO,IAAI,aAAa;AAAA,QACjC,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK;AAAA,QAClC;AAAA,MACF,CAAC;AAEH,UAAI,CAAC,SAAS,KAAK,SAAS;AAC1B,cAAM,IAAI,MAAM,yCAAyC;AAAA,MAC3D;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,UAAI,cAAAA,QAAM,aAAa,KAAK,GAAG;AAC7B,YAAI,MAAM,UAAU,WAAW,KAAK;AAClC,gBAAM,IAAI,MAAM,wCAAwC;AAAA,QAC1D;AACA,cAAM,IAAI,MAAM,cAAc,MAAM,UAAU,MAAM,WAAW,MAAM,OAAO,EAAE;AAAA,MAChF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAM,cAAc,OAAe,YAAsC;AACvE,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMC,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW,QAAQ;AAAA,QAAK,CAAAC,YAC7BA,QAAO,YAAY,SAAS,UAAU;AAAA,MACxC;AAAA,IACF;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,UAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,8CAA8C,UAAU,EAAE;AACtE,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,qDAAqD,UAAU,EAAE;AAC7E,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,gBAAgB,WAAW,QAAQ;AAAA,MAAK,CAAAA,YAC5CA,QAAO,YAAY,SAAS,UAAU;AAAA,IACxC;AAEA,SAAK,MAAM,IAAI,UAAU,eAAe,KAAK,OAAO,MAAM,MAAO,CAAC;AAElE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,QAAQ,OAAe,MAAgC;AAC3D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMD,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW,MAAM,SAAS,IAAI;AAAA,IACvC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,UAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,wCAAwC,IAAI,EAAE;AAC1D,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,+CAA+C,IAAI,EAAE;AACjE,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,UAAU,WAAW,MAAM,SAAS,IAAI;AAE9C,SAAK,MAAM,IAAI,UAAU,SAAS,KAAK,OAAO,MAAM,MAAO,CAAC;AAE5D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBAAqB,OAAe,WAAsC;AAC9E,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMA,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,YAAMC,UAASD,YAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,aAAOC,SAAQ,eAAe,CAAC;AAAA,IACjC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,UAAU,SAAS,EAAE;AAC9D,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,0CAA0C,SAAS,EAAE;AACjE,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,6DAA6D,SAAS,EAAE;AACpF,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAMA,UAAS,WAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,UAAM,cAAcA,SAAQ,eAAe,CAAC;AAE5C,SAAK,MAAM,IAAI,UAAU,aAAa,KAAK,OAAO,MAAM,GAAG;AAE3D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,aAAa,OAAkC;AACnD,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMD,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW;AAAA,IACpB;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,OAAO;AAChD,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,2CAA2C;AACvD,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,kDAAkD;AAC9D,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,QAAQ,WAAW;AAEzB,SAAK,MAAM,IAAI,UAAU,OAAO,KAAK,OAAO,MAAM,GAAG;AAErD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,oBAAoB,OAAkC;AAC1D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMA,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW;AAAA,IACpB;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,eAAe;AACxD,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,8CAA8C;AAC1D,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,qDAAqD;AACjE,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,eAAe,WAAW;AAEhC,SAAK,MAAM,IAAI,UAAU,cAAc,KAAK,OAAO,MAAM,GAAG;AAE5D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,eAAe,OAAe,aAAyD;AAC3F,UAAM,UAAmC,CAAC;AAC1C,UAAM,sBAAgC,CAAC;AAEvC,eAAW,cAAc,aAAa;AACpC,UAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,cAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,cAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,YAAI,WAAW,MAAM;AACnB,kBAAQ,UAAU,IAAI;AAAA,QACxB,OAAO;AACL,8BAAoB,KAAK,UAAU;AAAA,QACrC;AAAA,MACF,OAAO;AACL,4BAAoB,KAAK,UAAU;AAAA,MACrC;AAAA,IACF;AAEA,QAAI,oBAAoB,SAAS,GAAG;AAClC,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AAEjD,iBAAW,cAAc,qBAAqB;AAC5C,cAAM,gBAAgB,WAAW,QAAQ;AAAA,UAAK,CAAAC,YAC5CA,QAAO,YAAY,SAAS,UAAU;AAAA,QACxC;AACA,gBAAQ,UAAU,IAAI;AAEtB,YAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,gBAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,eAAK,MAAM,IAAI,UAAU,eAAe,KAAK,OAAO,MAAM,MAAO,CAAC;AAAA,QACpE;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,OAAe,OAAmD;AAC/E,UAAM,UAAmC,CAAC;AAC1C,UAAM,gBAA0B,CAAC;AAEjC,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,cAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,cAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,IAAI;AAAA,QAClB,OAAO;AACL,wBAAc,KAAK,IAAI;AAAA,QACzB;AAAA,MACF,OAAO;AACL,sBAAc,KAAK,IAAI;AAAA,MACzB;AAAA,IACF;AAEA,QAAI,cAAc,SAAS,GAAG;AAC5B,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AAEjD,iBAAW,QAAQ,eAAe;AAChC,cAAM,UAAU,WAAW,MAAM,SAAS,IAAI;AAC9C,gBAAQ,IAAI,IAAI;AAEhB,YAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,gBAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,eAAK,MAAM,IAAI,UAAU,SAAS,KAAK,OAAO,MAAM,MAAO,CAAC;AAAA,QAC9D;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,eAAe,OAAqB;AAClC,UAAM,SAAS,KAAK,uBAAuB,KAAK;AAChD,QAAI,QAAQ;AACV,WAAK,MAAM,eAAe,MAAM;AAChC,cAAQ,IAAI,4CAA4C,MAAM,EAAE;AAAA,IAClE;AAAA,EACF;AAAA,EAEA,gBAAsB;AACpB,SAAK,MAAM,MAAM;AACjB,YAAQ,IAAI,oCAAoC;AAAA,EAClD;AAAA,EAEA,gBAAkD;AAChD,WAAO,KAAK,MAAM,SAAS;AAAA,EAC7B;AAAA,EAEA,aAAmB;AACjB,SAAK,SAAS,WAAW;AAAA,EAC3B;AACF;;;AG3fO,IAAMC,kBAAN,MAAqB;AAAA,EAClB;AAAA,EAER,YAAY,QAA+B;AACzC,SAAK,UAAU,IAAI,uBAAuB,MAAM;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,SACA,aACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,UAAI,QAAQ,YAAY;AAEtB,cAAM,UAAU,MAAM,KAAK,QAAQ,eAAe,QAAQ,OAAO,WAAW;AAC5E,cAAM,SAAS,YAAY,MAAM,gBAAc,QAAQ,UAAU,CAAC;AAElE,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,uCAAuC,YAAY,KAAK,IAAI,CAAC;AAAA,YACpE,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF,OAAO;AAEL,cAAM,gBAAgB,MAAM,KAAK,QAAQ,eAAe,QAAQ,OAAO,WAAW;AAClF,cAAM,SAAS,OAAO,OAAO,aAAa,EAAE,KAAK,OAAO;AAExD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,8CAA8C,YAAY,KAAK,IAAI,CAAC;AAAA,YAC3E,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aACJ,SACA,OACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,UAAI,QAAQ,YAAY;AAEtB,cAAM,UAAU,MAAM,KAAK,QAAQ,SAAS,QAAQ,OAAO,KAAK;AAChE,cAAM,SAAS,MAAM,MAAM,UAAQ,QAAQ,IAAI,CAAC;AAEhD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,iCAAiC,MAAM,KAAK,IAAI,CAAC;AAAA,YACxD,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF,OAAO;AAEL,cAAM,UAAU,MAAM,KAAK,QAAQ,SAAS,QAAQ,OAAO,KAAK;AAChE,cAAM,SAAS,OAAO,OAAO,OAAO,EAAE,KAAK,OAAO;AAElD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,wCAAwC,MAAM,KAAK,IAAI,CAAC;AAAA,YAC/D,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eACJ,SACA,SACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,YAAM,iBAAiB,WAAW,QAAQ,IAAI,OAAK,EAAE,GAAG;AAExD,UAAI;AAEJ,UAAI,QAAQ,YAAY;AAEtB,oBAAY,QAAQ,MAAM,CAAAC,YAAU,eAAe,SAASA,OAAM,CAAC;AAAA,MACrE,OAAO;AAEL,oBAAY,QAAQ,KAAK,CAAAA,YAAU,eAAe,SAASA,OAAM,CAAC;AAAA,MACpE;AAEA,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,yCAAyC,QAAQ,KAAK,IAAI,CAAC;AAAA,UAClE,YAAY;AAAA,QACd;AAAA,MACF;AAEA,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBACJ,SACA,cACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,YAAM,mBAAmB,MAAM,KAAK,QAAQ,oBAAoB,QAAQ,KAAK;AAE7E,UAAI;AAEJ,UAAI,QAAQ,YAAY;AAEtB,oBAAY,aAAa,MAAM,YAAU,iBAAiB,SAAS,MAAM,CAAC;AAAA,MAC5E,OAAO;AAEL,oBAAY,aAAa,KAAK,YAAU,iBAAiB,SAAS,MAAM,CAAC;AAAA,MAC3E;AAEA,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,+CAA+C,aAAa,KAAK,IAAI,CAAC;AAAA,UAC7E,YAAY;AAAA,QACd;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAQ,SAAuB,SAA6C;AAChF,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,UAAI,SAAS;AACb,YAAM,WAAqB,CAAC;AAG5B,UAAI,QAAQ,eAAe,QAAQ,YAAY,SAAS,GAAG;AACzD,cAAM,kBAAkB,WAAW,QAAQ,QAAQ,OAAK,EAAE,WAAW;AACrE,cAAM,iBAAiB,QAAQ,aAC3B,QAAQ,YAAY,MAAM,OAAK,gBAAgB,SAAS,CAAC,CAAC,IAC1D,QAAQ,YAAY,KAAK,OAAK,gBAAgB,SAAS,CAAC,CAAC;AAE7D,YAAI,CAAC,gBAAgB;AACnB,mBAAS;AACT,mBAAS,KAAK,gBAAgB,QAAQ,YAAY,KAAK,IAAI,CAAC,EAAE;AAAA,QAChE;AAAA,MACF;AAGA,UAAI,QAAQ,SAAS,QAAQ,MAAM,SAAS,GAAG;AAC7C,cAAM,WAAW,QAAQ,aACrB,QAAQ,MAAM,MAAM,OAAK,WAAW,MAAM,SAAS,CAAC,CAAC,IACrD,QAAQ,MAAM,KAAK,OAAK,WAAW,MAAM,SAAS,CAAC,CAAC;AAExD,YAAI,CAAC,UAAU;AACb,mBAAS;AACT,mBAAS,KAAK,UAAU,QAAQ,MAAM,KAAK,IAAI,CAAC,EAAE;AAAA,QACpD;AAAA,MACF;AAGA,UAAI,QAAQ,WAAW,QAAQ,QAAQ,SAAS,GAAG;AACjD,cAAM,iBAAiB,WAAW,QAAQ,IAAI,OAAK,EAAE,GAAG;AACxD,cAAM,aAAa,QAAQ,aACvB,QAAQ,QAAQ,MAAM,OAAK,eAAe,SAAS,CAAC,CAAC,IACrD,QAAQ,QAAQ,KAAK,OAAK,eAAe,SAAS,CAAC,CAAC;AAExD,YAAI,CAAC,YAAY;AACf,mBAAS;AACT,mBAAS,KAAK,YAAY,QAAQ,QAAQ,KAAK,IAAI,CAAC,EAAE;AAAA,QACxD;AAAA,MACF;AAGA,UAAI,QAAQ,gBAAgB,QAAQ,aAAa,SAAS,GAAG;AAC3D,cAAM,kBAAkB,QAAQ,aAC5B,QAAQ,aAAa,MAAM,QAAM,WAAW,aAAa,SAAS,EAAE,CAAC,IACrE,QAAQ,aAAa,KAAK,QAAM,WAAW,aAAa,SAAS,EAAE,CAAC;AAExE,YAAI,CAAC,iBAAiB;AACpB,mBAAS;AACT,mBAAS,KAAK,kBAAkB,QAAQ,aAAa,KAAK,IAAI,CAAC,EAAE;AAAA,QACnE;AAAA,MACF;AAEA,UAAI,CAAC,QAAQ;AACX,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,2BAA2B,SAAS,KAAK,IAAI,CAAC;AAAA,UACrD,YAAY;AAAA,QACd;AAAA,MACF;AAEA,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,SAA6C;AAC9D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAqC;AACnC,WAAO,KAAK;AAAA,EACd;AACF;AAKO,SAAS,aAAa,SAA6B;AAExD,MAAI,QAAQ,SAAS,eAAe;AAClC,UAAM,aAAa,QAAQ,QAAQ;AACnC,QAAI,WAAW,WAAW,SAAS,GAAG;AACpC,aAAO,WAAW,UAAU,CAAC;AAAA,IAC/B;AAAA,EACF;AAGA,MAAI,QAAQ,SAAS,eAAe;AAClC,UAAM,aAAa,QAAQ,QAAQ;AACnC,QAAI,WAAW,WAAW,SAAS,GAAG;AACpC,aAAO,WAAW,UAAU,CAAC;AAAA,IAC/B;AAAA,EACF;AAGA,MAAI,QAAQ,UAAU,gBAAgB,GAAG;AACvC,WAAO,QAAQ,QAAQ,gBAAgB;AAAA,EACzC;AAGA,MAAI,QAAQ,OAAO,OAAO;AACxB,WAAO,QAAQ,MAAM;AAAA,EACvB;AAEA,SAAO;AACT;;;ACzSO,SAAS,qBAAqB,QAAa;AAChD,QAAM,QAAQ,IAAIC,gBAAe,MAAM;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIL,mBAAmB,aAAuB,UAAoC,CAAC,GAAG;AAChF,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,mBAAmB,SAAS,aAAa,OAAO;AAE3E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,aAAa,OAAiB,UAAoC,CAAC,GAAG;AACpE,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,SAAS,OAAO,OAAO;AAE/D,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe,SAAmB,UAAoC,CAAC,GAAG;AACxE,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,eAAe,SAAS,SAAS,OAAO;AAEnE,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,oBAAoB,cAAwB,UAAoC,CAAC,GAAG;AAClF,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,oBAAoB,SAAS,cAAc,OAAO;AAE7E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,QAAQ,SAAuB;AAC7B,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,QAAQ,SAAS,OAAO;AAEnD,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe;AACb,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,OAAO;AAE/C,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,WAA2B;AACzB,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,KAAmC;AAC7D,QAAM,QAAQ,aAAa,GAAG;AAC9B,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,EACX;AACF;;;ACxQO,SAAS,qBAAqB,QAAa;AAChD,QAAM,QAAQ,IAAIC,gBAAe,MAAM;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIL,mBAAmB,aAAuB,UAAoC,CAAC,GAAG;AAChF,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUC,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,mBAAmB,SAAS,aAAa,OAAO;AAE3E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,aAAa,OAAiB,UAAoC,CAAC,GAAG;AACpE,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,SAAS,OAAO,OAAO;AAE/D,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe,SAAmB,UAAoC,CAAC,GAAG;AACxE,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,eAAe,SAAS,SAAS,OAAO;AAEnE,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,oBAAoB,cAAwB,UAAoC,CAAC,GAAG;AAClF,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,oBAAoB,SAAS,cAAc,OAAO;AAE7E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,QAAQ,SAAuB;AAC7B,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,QAAQ,SAAS,OAAO;AAEnD,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe;AACb,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,OAAO;AAE/C,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,WAA2B;AACzB,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,SAASA,oBAAmB,KAA0C;AACpE,QAAM,QAAQ,aAAa,GAAG;AAC9B,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,EACX;AACF;","names":["ExGuardBackend","axios","module","import_axios","axios","userAccess","module","ExGuardBackend","module","ExGuardBackend","ExGuardBackend","createGuardContext"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/exguard-backend.ts","../src/exguard-backend-enhanced.ts","../src/cache.ts","../src/realtime.ts","../src/guards.ts","../src/express.ts","../src/fastify.ts"],"sourcesContent":["export { ExGuardBackend } from './exguard-backend.js';\nexport { ExGuardBackendEnhanced } from './exguard-backend-enhanced.js';\nexport { cache, ExGuardCache } from './cache.js';\nexport { realtime, ExGuardRealtime, createRealtime } from './realtime.js';\nexport type { \n RealtimeEvent, \n RealtimeEventHandler,\n RealtimeConnectionHandler,\n RealtimeErrorHandler,\n RealtimeAuthOptions,\n ExGuardRealtimeConfig \n} from './realtime.js';\n\n// Backend protection exports\nexport { ExGuardBackend as Guard } from './guards.js';\nexport { createExGuardExpress } from './express.js';\nexport { createExGuardFastify } from './fastify.js';\nexport type { \n UserAccessResponse, \n ApiResponse, \n ExGuardConfig,\n ExGuardEnhancedConfig,\n ExGuardCacheConfig,\n ExGuardRealtimeConfig as ExGuardRealtimeConfigType,\n GuardContext,\n GuardResult,\n GuardOptions\n} from './types.js';\n","import axios, { AxiosInstance, AxiosResponse } from 'axios';\nimport { \n UserAccessResponse, \n ApiResponse, \n ExGuardConfig \n} from './types.js';\n\nexport class ExGuardBackend {\n private client: AxiosInstance;\n private config: ExGuardConfig;\n\n constructor(config: ExGuardConfig) {\n this.config = {\n timeout: 10000,\n ...config,\n };\n\n this.client = axios.create({\n baseURL: this.config.apiUrl,\n timeout: this.config.timeout,\n headers: {\n 'Content-Type': 'application/json',\n },\n });\n }\n\n /**\n * Get user roles and permissions from the /guard/me endpoint\n * @param token - JWT access token\n * @returns Promise<UserAccessResponse>\n */\n async getUserAccess(token: string): Promise<UserAccessResponse> {\n try {\n const response: AxiosResponse<ApiResponse<UserAccessResponse>> = \n await this.client.get('/guard/me', {\n headers: {\n 'Authorization': `Bearer ${token}`,\n },\n });\n\n if (!response.data.success) {\n throw new Error('Failed to fetch user access information');\n }\n\n return response.data.data;\n } catch (error) {\n if (axios.isAxiosError(error)) {\n if (error.response?.status === 401) {\n throw new Error('Unauthorized: Invalid or expired token');\n }\n throw new Error(`API Error: ${error.response?.data?.message || error.message}`);\n }\n throw error;\n }\n }\n\n /**\n * Check if user has specific permission\n * @param token - JWT access token\n * @param permission - Permission to check (e.g., 'events:create')\n * @returns Promise<boolean>\n */\n async hasPermission(token: string, permission: string): Promise<boolean> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n } catch (error) {\n return false;\n }\n }\n\n /**\n * Check if user has specific role\n * @param token - JWT access token\n * @param role - Role to check (e.g., 'Event Manager')\n * @returns Promise<boolean>\n */\n async hasRole(token: string, role: string): Promise<boolean> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles.includes(role);\n } catch (error) {\n return false;\n }\n }\n\n /**\n * Get all permissions for a specific module\n * @param token - JWT access token\n * @param moduleKey - Module key (e.g., 'events')\n * @returns Promise<string[]>\n */\n async getModulePermissions(token: string, moduleKey: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n return module?.permissions || [];\n } catch (error) {\n return [];\n }\n }\n\n /**\n * Get user roles\n * @param token - JWT access token\n * @returns Promise<string[]>\n */\n async getUserRoles(token: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles;\n } catch (error) {\n return [];\n }\n }\n\n /**\n * Get user field offices\n * @param token - JWT access token\n * @returns Promise<string[]>\n */\n async getUserFieldOffices(token: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.fieldOffices;\n } catch (error) {\n return [];\n }\n }\n}\n","import axios, { AxiosInstance, AxiosResponse } from 'axios';\nimport { \n UserAccessResponse, \n ApiResponse, \n ExGuardConfig \n} from './types.js';\nimport { cache, ExGuardCache } from './cache.js';\nimport { \n realtime, \n RealtimeEvent, \n ExGuardRealtime,\n ExGuardRealtimeConfig,\n createRealtime \n} from './realtime.js';\n\nexport interface ExGuardEnhancedConfig extends ExGuardConfig {\n cache?: {\n ttl?: number;\n enabled?: boolean;\n };\n realtime?: {\n enabled?: boolean;\n url?: string;\n accessToken?: string;\n autoReconnect?: boolean;\n maxReconnectAttempts?: number;\n reconnectDelay?: number;\n autoConnect?: boolean;\n onConnect?: () => void;\n onDisconnect?: () => void;\n onError?: (error: Error) => void;\n onRBACUpdate?: (event: RealtimeEvent) => void;\n onUserUpdate?: (event: RealtimeEvent) => void;\n };\n}\n\nexport class ExGuardBackendEnhanced {\n private client: AxiosInstance;\n private config: ExGuardEnhancedConfig;\n private cache: ExGuardCache;\n private realtime: ExGuardRealtime;\n private userId: string | null = null;\n private _isRealtimeConnected = false;\n\n constructor(config: ExGuardEnhancedConfig) {\n this.config = {\n timeout: 10000,\n cache: {\n enabled: true,\n ttl: 300000,\n },\n realtime: {\n enabled: false,\n autoReconnect: true,\n maxReconnectAttempts: 5,\n reconnectDelay: 1000,\n },\n ...config,\n };\n\n this.cache = cache;\n \n const realtimeConfig: ExGuardRealtimeConfig = {\n autoReconnect: this.config.realtime?.autoReconnect ?? true,\n maxReconnectAttempts: this.config.realtime?.maxReconnectAttempts ?? 5,\n reconnectDelay: this.config.realtime?.reconnectDelay ?? 1000,\n onConnect: () => {\n this._isRealtimeConnected = true;\n this.config.realtime?.onConnect?.();\n },\n onDisconnect: () => {\n this._isRealtimeConnected = false;\n this.config.realtime?.onDisconnect?.();\n },\n onError: (error) => {\n this.config.realtime?.onError?.(error);\n },\n };\n \n this.realtime = createRealtime(realtimeConfig);\n\n this.client = axios.create({\n baseURL: this.config.apiUrl,\n timeout: this.config.timeout,\n headers: {\n 'Content-Type': 'application/json',\n },\n });\n\n console.log('[ExGuardBackend] Realtime config:', {\n enabled: this.config.realtime?.enabled,\n url: this.config.realtime?.url,\n hasAccessToken: !!this.config.realtime?.accessToken,\n });\n\n if (this.config.realtime?.enabled && this.config.realtime.url) {\n console.log('[ExGuardBackend] Starting realtime connection...');\n this.setupRealtime().catch(err => {\n console.error('[ExGuardBackend] Failed to setup realtime:', err);\n });\n } else {\n console.log('[ExGuardBackend] Realtime disabled or no URL provided');\n }\n\n setInterval(() => {\n this.cache.cleanup();\n }, 60000);\n }\n\n private async setupRealtime(): Promise<void> {\n // Only connect if explicitly enabled AND URL is provided\n if (!this.config.realtime?.enabled || !this.config.realtime?.url) {\n return;\n }\n\n try {\n await this.realtime.connect(\n this.config.realtime.url, \n this.config.realtime.accessToken\n );\n\n // Subscribe to channels for realtime updates\n this.realtime.subscribeToChannel('rbac');\n this.realtime.subscribeToChannel('roles');\n this.realtime.subscribeToChannel('permissions');\n \n // Listen to all events using wildcard\n this.realtime.subscribe('*', (event: RealtimeEvent) => {\n console.log('[ExGuardBackend] Realtime event received:', event);\n \n // Handle specific event types\n if (event.type.includes('rbac') || event.type === 'rbac_update') {\n this.config.realtime?.onRBACUpdate?.(event);\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('user') || event.type === 'user_update') {\n this.config.realtime?.onUserUpdate?.(event);\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('role') || event.type === 'role_update') {\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('permission') || event.type === 'permission_update') {\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n });\n\n } catch (error) {\n console.warn('[ExGuardBackend] Realtime connection failed (will retry on demand):', error);\n }\n }\n\n /**\n * Manually connect to realtime server\n */\n async connectRealtime(url?: string, accessToken?: string): Promise<void> {\n const wsUrl = url || this.config.realtime?.url;\n const wsToken = accessToken || this.config.realtime?.accessToken;\n \n if (!wsUrl) {\n throw new Error('WebSocket URL is required');\n }\n \n await this.setupRealtime();\n }\n\n /**\n * Connect to realtime with user's token (extracts userId from token)\n * Call this in your middleware/guard when a user makes a request\n */\n async connectWithUserToken(userToken: string): Promise<void> {\n const wsUrl = this.config.realtime?.url;\n \n if (!wsUrl) {\n console.warn('[ExGuardBackend] No realtime URL configured');\n return;\n }\n\n // Extract userId from token if possible\n const userId = this.extractUserIdFromToken(userToken) || 'unknown';\n \n console.log('[ExGuardBackend] Connecting to realtime with user token, userId:', userId);\n \n try {\n await this.realtime.connect(wsUrl, userToken, userId);\n this.realtime.subscribeToChannel('rbac');\n } catch (error) {\n console.warn('[ExGuardBackend] Failed to connect with user token:', error);\n }\n }\n\n /**\n * Disconnect from realtime server\n */\n disconnectRealtime(): void {\n this.realtime.disconnect();\n }\n\n /**\n * Check if realtime is connected\n */\n isRealtimeConnected(): boolean {\n return this._isRealtimeConnected || this.realtime.isConnected();\n }\n\n /**\n * Get realtime connection status\n */\n getRealtimeStatus(): 'connecting' | 'connected' | 'disconnected' | 'reconnecting' {\n return this.realtime.getStatus();\n }\n\n /**\n * Subscribe to realtime events\n */\n subscribeToRealtime(eventType: string, handler: (event: RealtimeEvent) => void): () => void {\n return this.realtime.subscribe(eventType, handler);\n }\n\n /**\n * Subscribe to all realtime events\n */\n subscribeToAllRealtime(handler: (event: RealtimeEvent) => void): () => void {\n return this.realtime.subscribeAll(handler);\n }\n\n private extractUserIdFromToken(token: string): string | null {\n try {\n const payload = JSON.parse(atob(token.split('.')[1]));\n return payload.sub || null;\n } catch {\n return null;\n }\n }\n\n private getCacheKey(token: string, suffix: string = ''): string {\n const userId = this.extractUserIdFromToken(token) || 'unknown';\n return `user:${userId}:${suffix}`;\n }\n\n async getUserAccess(token: string): Promise<UserAccessResponse> {\n if (!this.config.cache?.enabled) {\n return this.fetchUserAccess(token);\n }\n\n const cacheKey = this.getCacheKey(token, 'access');\n const cached = this.cache.get<UserAccessResponse>(cacheKey);\n \n if (cached) {\n console.log('[ExGuardBackend] Cache hit for user access');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching user access');\n const data = await this.fetchUserAccess(token);\n \n this.cache.set(cacheKey, data, this.config.cache.ttl);\n \n return data;\n }\n\n private async fetchUserAccess(token: string): Promise<UserAccessResponse> {\n try {\n const response: AxiosResponse<ApiResponse<UserAccessResponse>> = \n await this.client.get('/guard/me', {\n headers: {\n 'Authorization': `Bearer ${token}`,\n },\n });\n\n if (!response.data.success) {\n throw new Error('Failed to fetch user access information');\n }\n\n return response.data.data;\n } catch (error) {\n if (axios.isAxiosError(error)) {\n if (error.response?.status === 401) {\n throw new Error('Unauthorized: Invalid or expired token');\n }\n throw new Error(`API Error: ${error.response?.data?.message || error.message}`);\n }\n throw error;\n }\n }\n\n async hasPermission(token: string, permission: string): Promise<boolean> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n }\n\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for permission: ${permission}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, checking permission: ${permission}`);\n const userAccess = await this.getUserAccess(token);\n const hasPermission = userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n \n this.cache.set(cacheKey, hasPermission, this.config.cache.ttl! / 2);\n \n return hasPermission;\n }\n\n async hasRole(token: string, role: string): Promise<boolean> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles.includes(role);\n }\n\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for role: ${role}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, checking role: ${role}`);\n const userAccess = await this.getUserAccess(token);\n const hasRole = userAccess.roles.includes(role);\n \n this.cache.set(cacheKey, hasRole, this.config.cache.ttl! / 2);\n \n return hasRole;\n }\n\n async getModulePermissions(token: string, moduleKey: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n return module?.permissions || [];\n }\n\n const cacheKey = this.getCacheKey(token, `module:${moduleKey}`);\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for module: ${moduleKey}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, fetching module permissions: ${moduleKey}`);\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n const permissions = module?.permissions || [];\n \n this.cache.set(cacheKey, permissions, this.config.cache.ttl);\n \n return permissions;\n }\n\n async getUserRoles(token: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles;\n }\n\n const cacheKey = this.getCacheKey(token, 'roles');\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log('[ExGuardBackend] Cache hit for user roles');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching user roles');\n const userAccess = await this.getUserAccess(token);\n const roles = userAccess.roles;\n \n this.cache.set(cacheKey, roles, this.config.cache.ttl);\n \n return roles;\n }\n\n async getUserFieldOffices(token: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.fieldOffices;\n }\n\n const cacheKey = this.getCacheKey(token, 'field-offices');\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log('[ExGuardBackend] Cache hit for field offices');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching field offices');\n const userAccess = await this.getUserAccess(token);\n const fieldOffices = userAccess.fieldOffices;\n \n this.cache.set(cacheKey, fieldOffices, this.config.cache.ttl);\n \n return fieldOffices;\n }\n\n async hasPermissions(token: string, permissions: string[]): Promise<Record<string, boolean>> {\n const results: Record<string, boolean> = {};\n const uncachedPermissions: string[] = [];\n \n for (const permission of permissions) {\n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n results[permission] = cached;\n } else {\n uncachedPermissions.push(permission);\n }\n } else {\n uncachedPermissions.push(permission);\n }\n }\n\n if (uncachedPermissions.length > 0) {\n const userAccess = await this.getUserAccess(token);\n \n for (const permission of uncachedPermissions) {\n const hasPermission = userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n results[permission] = hasPermission;\n \n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n this.cache.set(cacheKey, hasPermission, this.config.cache.ttl! / 2);\n }\n }\n }\n\n return results;\n }\n\n async hasRoles(token: string, roles: string[]): Promise<Record<string, boolean>> {\n const results: Record<string, boolean> = {};\n const uncachedRoles: string[] = [];\n \n for (const role of roles) {\n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n results[role] = cached;\n } else {\n uncachedRoles.push(role);\n }\n } else {\n uncachedRoles.push(role);\n }\n }\n\n if (uncachedRoles.length > 0) {\n const userAccess = await this.getUserAccess(token);\n \n for (const role of uncachedRoles) {\n const hasRole = userAccess.roles.includes(role);\n results[role] = hasRole;\n \n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n this.cache.set(cacheKey, hasRole, this.config.cache.ttl! / 2);\n }\n }\n }\n\n return results;\n }\n\n clearUserCache(token: string): void {\n const userId = this.extractUserIdFromToken(token);\n if (userId) {\n this.cache.clearUserCache(userId);\n console.log(`[ExGuardBackend] Cache cleared for user: ${userId}`);\n }\n }\n\n clearAllCache(): void {\n this.cache.clear();\n console.log('[ExGuardBackend] All cache cleared');\n }\n\n getCacheStats(): { size: number; keys: string[] } {\n return this.cache.getStats();\n }\n\n disconnect(): void {\n this.realtime.disconnect();\n }\n}\n","/**\n * In-memory cache for user access data with TTL support\n */\n\nexport interface CacheEntry<T> {\n data: T;\n timestamp: number;\n ttl: number;\n}\n\nexport class ExGuardCache {\n private cache = new Map<string, CacheEntry<any>>();\n private subscribers = new Map<string, Set<() => void>>();\n private defaultTTL = 300000; // 5 minutes\n\n /**\n * Get cached data\n */\n get<T>(key: string): T | null {\n const entry = this.cache.get(key);\n if (!entry) return null;\n\n // Check if expired\n if (Date.now() - entry.timestamp > entry.ttl) {\n this.cache.delete(key);\n return null;\n }\n\n return entry.data;\n }\n\n /**\n * Set cached data with TTL\n */\n set<T>(key: string, data: T, ttl?: number): void {\n this.cache.set(key, {\n data,\n timestamp: Date.now(),\n ttl: ttl || this.defaultTTL,\n });\n }\n\n /**\n * Delete cached data\n */\n delete(key: string): boolean {\n const deleted = this.cache.delete(key);\n if (deleted) {\n this.notifySubscribers(key);\n }\n return deleted;\n }\n\n /**\n * Clear all cache\n */\n clear(): void {\n const keys = Array.from(this.cache.keys());\n this.cache.clear();\n keys.forEach(key => this.notifySubscribers(key));\n }\n\n /**\n * Clear cache for a specific user - clears ALL caches related to this user\n */\n clearUserCache(userId: string): void {\n // Clear all keys that contain this userId\n const keysToDelete = Array.from(this.cache.keys()).filter(key => \n key.includes(userId)\n );\n \n console.log(`[ExGuardCache] Clearing cache for user ${userId}, found ${keysToDelete.length} keys:`, keysToDelete);\n \n keysToDelete.forEach(key => {\n this.cache.delete(key);\n this.notifySubscribers(key);\n });\n \n if (keysToDelete.length === 0) {\n console.log(`[ExGuardCache] No cache entries found for user ${userId}`);\n }\n }\n\n /**\n * Subscribe to cache changes\n */\n subscribe(key: string, callback: () => void): () => void {\n if (!this.subscribers.has(key)) {\n this.subscribers.set(key, new Set());\n }\n \n this.subscribers.get(key)!.add(callback);\n \n // Return unsubscribe function\n return () => {\n const callbacks = this.subscribers.get(key);\n if (callbacks) {\n callbacks.delete(callback);\n if (callbacks.size === 0) {\n this.subscribers.delete(key);\n }\n }\n };\n }\n\n /**\n * Notify subscribers of cache changes\n */\n private notifySubscribers(key: string): void {\n const callbacks = this.subscribers.get(key);\n if (callbacks) {\n callbacks.forEach(callback => {\n try {\n callback();\n } catch (error) {\n console.error('Cache subscriber error:', error);\n }\n });\n }\n }\n\n /**\n * Get cache statistics\n */\n getStats(): { size: number; keys: string[] } {\n return {\n size: this.cache.size,\n keys: Array.from(this.cache.keys()),\n };\n }\n\n /**\n * Clean up expired entries\n */\n cleanup(): void {\n const now = Date.now();\n const keysToDelete: string[] = [];\n\n this.cache.forEach((entry, key) => {\n if (now - entry.timestamp > entry.ttl) {\n keysToDelete.push(key);\n }\n });\n\n keysToDelete.forEach(key => {\n this.cache.delete(key);\n this.notifySubscribers(key);\n });\n }\n}\n\n// Global cache instance\nexport const cache = new ExGuardCache();\n","/**\n * Realtime event handling for cache invalidation with Socket.IO support\n * Works in both browser and Node.js environments\n */\n\nimport { io, type Socket } from 'socket.io-client';\n\nconsole.log('[ExGuardRealtime] Socket.IO client loaded:', typeof io);\n\nexport interface RealtimeEvent {\n type: string;\n userId?: string;\n data?: any;\n timestamp: number;\n}\n\nexport interface RealtimeEventHandler {\n (event: RealtimeEvent): void;\n}\n\nexport interface RealtimeConnectionHandler {\n (): void;\n}\n\nexport interface RealtimeAuthOptions {\n accessToken?: string;\n apiKey?: string;\n bearerToken?: string;\n userId?: string;\n}\n\nexport interface RealtimeErrorHandler {\n (error: Error): void;\n}\n\nexport interface ExGuardRealtimeConfig {\n autoReconnect?: boolean;\n maxReconnectAttempts?: number;\n reconnectDelay?: number;\n reconnectMaxDelay?: number;\n onConnect?: RealtimeConnectionHandler;\n onDisconnect?: RealtimeConnectionHandler;\n onError?: RealtimeErrorHandler;\n autoConnect?: boolean;\n}\n\nexport class ExGuardRealtime {\n private handlers = new Map<string, Set<RealtimeEventHandler>>();\n private socket: Socket | null = null;\n private reconnectAttempts = 0;\n private config: Required<ExGuardRealtimeConfig>;\n private currentUrl: string | null = null;\n private currentToken: string | null = null;\n private currentUserId: string | null = null;\n private shouldReconnect = true;\n\n constructor(config: ExGuardRealtimeConfig = {}) {\n this.config = {\n autoReconnect: config.autoReconnect ?? true,\n maxReconnectAttempts: config.maxReconnectAttempts ?? 5,\n reconnectDelay: config.reconnectDelay ?? 1000,\n reconnectMaxDelay: config.reconnectMaxDelay ?? 30000,\n onConnect: config.onConnect ?? (() => {}),\n onDisconnect: config.onDisconnect ?? (() => {}),\n onError: config.onError ?? ((error: Error) => console.error('[ExGuardRealtime] Error:', error)),\n autoConnect: config.autoConnect ?? false,\n };\n }\n\n /**\n * Initialize and optionally connect to realtime server\n */\n async init(url?: string, accessToken?: string, userId?: string): Promise<void> {\n if (url) {\n this.currentUrl = url;\n this.currentToken = accessToken ?? null;\n this.currentUserId = userId ?? null;\n if (this.config.autoConnect) {\n try {\n await this.connect(url, accessToken, userId);\n } catch (error) {\n console.warn('[ExGuardRealtime] Auto-connect failed, will retry on demand:', error);\n }\n }\n }\n }\n\n /**\n * Connect to realtime server using Socket.IO\n * @param url - Server URL (e.g., https://api.example.com)\n * @param auth - Authentication options (accessToken, apiKey, bearerToken, userId)\n */\n connect(url: string, auth?: string | RealtimeAuthOptions, userId?: string): Promise<void> {\n let authToken: string | undefined;\n let authUserId: string | undefined;\n\n if (typeof auth === 'string') {\n authToken = auth;\n authUserId = userId || 'unknown';\n } else if (typeof auth === 'object') {\n authToken = auth.accessToken || auth.bearerToken || auth.apiKey;\n authUserId = auth.userId || userId || 'unknown';\n }\n\n return new Promise((resolve, reject) => {\n this.shouldReconnect = true;\n this.currentUrl = url;\n this.currentToken = authToken ?? null;\n this.currentUserId = authUserId ?? null;\n\n try {\n // Disconnect existing socket\n if (this.socket) {\n this.socket.disconnect();\n this.socket = null;\n }\n\n const socketUrl = `${url}/realtime`;\n console.log('[ExGuardRealtime] Connecting to:', socketUrl);\n\n this.socket = io(socketUrl, {\n auth: {\n token: authToken,\n userId: authUserId,\n },\n transports: ['websocket', 'polling'],\n reconnection: this.config.autoReconnect,\n reconnectionDelay: this.config.reconnectDelay,\n reconnectionDelayMax: this.config.reconnectMaxDelay,\n reconnectionAttempts: this.config.maxReconnectAttempts,\n timeout: 20000,\n });\n\n this.socket.on('connect', () => {\n this.reconnectAttempts = 0;\n console.log('[ExGuardRealtime] Connected! Socket ID:', this.socket?.id);\n this.config.onConnect();\n resolve();\n });\n\n this.socket.on('disconnect', (reason: string) => {\n console.log('[ExGuardRealtime] Disconnected:', reason);\n this.config.onDisconnect();\n if (this.shouldReconnect && this.config.autoReconnect) {\n this.handleReconnect();\n }\n });\n\n this.socket.on('connect_error', (error: any) => {\n console.error('[ExGuardRealtime] Connection error:', error.message);\n const err = new Error(`Connection error: ${error.message}`);\n this.config.onError(err);\n if (!this.shouldReconnect || this.reconnectAttempts >= this.config.maxReconnectAttempts) {\n reject(err);\n }\n });\n\n this.socket.on('error', (error: any) => {\n console.error('[ExGuardRealtime] Socket error:', error);\n const err = new Error(`Socket error: ${error}`);\n this.config.onError(err);\n });\n\n this.socket.on('reconnect_attempt', (attempt: number) => {\n this.reconnectAttempts = attempt;\n console.log(`[ExGuardRealtime] Reconnecting... (attempt ${attempt})`);\n });\n\n this.socket.on('reconnect', () => {\n console.log('[ExGuardRealtime] Reconnected!');\n });\n\n this.socket.on('reconnect_failed', () => {\n console.error('[ExGuardRealtime] Reconnection failed after max attempts');\n const err = new Error('Reconnection failed after maximum attempts');\n this.config.onError(err);\n reject(err);\n });\n\n // Listen to all realtime events\n this.socket.onAny((eventName: string, payload: any) => {\n try {\n const realtimeEvent: RealtimeEvent = {\n type: eventName,\n timestamp: payload?.timestamp || Date.now(),\n data: payload?.data || payload,\n userId: payload?.userId,\n };\n this.handleEvent(realtimeEvent);\n } catch (error) {\n console.error('[ExGuardRealtime] Failed to handle event:', error);\n }\n });\n\n // Set connection timeout\n setTimeout(() => {\n if (!this.socket?.connected) {\n const err = new Error('Connection timeout');\n this.config.onError(err);\n this.socket?.disconnect();\n reject(err);\n }\n }, 20000);\n\n } catch (error) {\n reject(error);\n }\n });\n }\n\n /**\n * Subscribe to channels\n */\n subscribeToChannel(channel: 'roles' | 'permissions' | 'rbac'): void {\n if (this.socket?.connected) {\n this.socket.emit(`subscribe:${channel}`);\n console.log(`[ExGuardRealtime] Subscribed to channel: ${channel}`);\n }\n }\n\n /**\n * Disconnect from realtime server\n */\n disconnect(): void {\n this.shouldReconnect = false;\n if (this.socket) {\n this.socket.disconnect();\n this.socket = null;\n }\n }\n\n /**\n * Subscribe to realtime events\n * Use '*' as eventType to receive ALL events\n */\n subscribe(eventType: string, handler: RealtimeEventHandler): () => void {\n if (!this.handlers.has(eventType)) {\n this.handlers.set(eventType, new Set());\n }\n \n this.handlers.get(eventType)!.add(handler);\n \n return () => {\n const handlers = this.handlers.get(eventType);\n if (handlers) {\n handlers.delete(handler);\n if (handlers.size === 0) {\n this.handlers.delete(eventType);\n }\n }\n };\n }\n\n /**\n * Subscribe to ALL realtime events (wildcard)\n */\n subscribeAll(handler: RealtimeEventHandler): () => void {\n return this.subscribe('*', handler);\n }\n\n /**\n * Handle incoming realtime events\n */\n private handleEvent(event: RealtimeEvent): void {\n console.log('[ExGuardRealtime] Received event:', event);\n \n // Call specific event handlers\n const handlers = this.handlers.get(event.type);\n if (handlers) {\n handlers.forEach(handler => {\n try {\n handler(event);\n } catch (error) {\n console.error('[ExGuardRealtime] Event handler error:', error);\n }\n });\n }\n \n // Call wildcard handlers for ALL events\n const wildcardHandlers = this.handlers.get('*');\n if (wildcardHandlers) {\n wildcardHandlers.forEach(handler => {\n try {\n handler(event);\n } catch (error) {\n console.error('[ExGuardRealtime] Wildcard handler error:', error);\n }\n });\n }\n }\n\n /**\n * Handle reconnection logic\n */\n private handleReconnect(): void {\n if (!this.shouldReconnect || !this.config.autoReconnect || !this.currentUrl) {\n return;\n }\n\n if (this.reconnectAttempts < this.config.maxReconnectAttempts) {\n this.reconnectAttempts++;\n const delay = Math.min(\n this.config.reconnectDelay * Math.pow(2, this.reconnectAttempts - 1),\n this.config.reconnectMaxDelay\n );\n \n console.log(`[ExGuardRealtime] Reconnecting in ${delay}ms (attempt ${this.reconnectAttempts})`);\n \n setTimeout(() => {\n this.connect(this.currentUrl!, this.currentToken!, this.currentUserId!).catch(error => {\n console.error('[ExGuardRealtime] Reconnection failed:', error);\n });\n }, delay);\n } else {\n console.error('[ExGuardRealtime] Max reconnection attempts reached');\n }\n }\n\n /**\n * Manually trigger reconnection with current auth\n */\n reconnect(): Promise<void> {\n if (this.currentUrl && this.currentToken) {\n this.reconnectAttempts = 0;\n return this.connect(this.currentUrl, this.currentToken, this.currentUserId || undefined);\n } else if (this.currentUrl) {\n this.reconnectAttempts = 0;\n return this.connect(this.currentUrl);\n }\n return Promise.reject(new Error('No URL configured'));\n }\n\n /**\n * Check if connected\n */\n isConnected(): boolean {\n return this.socket?.connected ?? false;\n }\n\n /**\n * Get connection status\n */\n getStatus(): 'connecting' | 'connected' | 'disconnected' | 'reconnecting' {\n if (!this.socket) return 'disconnected';\n if (this.socket.connected) return 'connected';\n return 'disconnected';\n }\n\n /**\n * Send a message to the server\n */\n send(event: string, data: any): void {\n if (this.socket?.connected) {\n this.socket.emit(event, data);\n }\n }\n\n /**\n * Update configuration\n */\n updateConfig(config: Partial<ExGuardRealtimeConfig>): void {\n this.config = {\n ...this.config,\n ...config,\n };\n }\n\n /**\n * Connect on-demand with user's access token from request\n * Call this in your guard or middleware with the user's token\n */\n async connectWithUserToken(url: string, accessToken: string, userId?: string): Promise<void> {\n try {\n await this.connect(url, accessToken, userId);\n } catch (error) {\n console.warn('[ExGuardRealtime] Failed to connect with user token:', error);\n }\n }\n}\n\n// Factory function for creating realtime instance\nexport function createRealtime(config?: ExGuardRealtimeConfig): ExGuardRealtime {\n return new ExGuardRealtime(config);\n}\n\n// Global realtime instance\nexport const realtime = new ExGuardRealtime();\n","/**\n * Framework-agnostic guards for protecting backend endpoints\n */\n\nimport { ExGuardBackendEnhanced } from './exguard-backend-enhanced.js';\nimport { ExGuardEnhancedConfig, UserAccessResponse, GuardContext, GuardResult, GuardOptions } from './types.js';\n\n// Re-export types for use in other modules\nexport type { GuardContext, GuardResult, GuardOptions, UserAccessResponse };\n\n/**\n * Framework-agnostic guard class for endpoint protection\n */\nexport class ExGuardBackend {\n private exGuard: ExGuardBackendEnhanced;\n\n constructor(config: ExGuardEnhancedConfig) {\n this.exGuard = new ExGuardBackendEnhanced(config);\n }\n\n /**\n * Check if user has specific permissions\n */\n async requirePermissions(\n context: GuardContext, \n permissions: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n if (options.requireAll) {\n // Require ALL permissions\n const results = await this.exGuard.hasPermissions(context.token, permissions);\n const hasAll = permissions.every(permission => results[permission]);\n \n if (!hasAll) {\n return {\n allowed: false,\n error: `Insufficient permissions. Required: ${permissions.join(', ')}`,\n statusCode: 403\n };\n }\n } else {\n // Require ANY permission (default)\n const hasPermission = await this.exGuard.hasPermissions(context.token, permissions);\n const hasAny = Object.values(hasPermission).some(Boolean);\n \n if (!hasAny) {\n return {\n allowed: false,\n error: `Insufficient permissions. Required any of: ${permissions.join(', ')}`,\n statusCode: 403\n };\n }\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Permission check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has specific roles\n */\n async requireRoles(\n context: GuardContext, \n roles: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n if (options.requireAll) {\n // Require ALL roles\n const results = await this.exGuard.hasRoles(context.token, roles);\n const hasAll = roles.every(role => results[role]);\n \n if (!hasAll) {\n return {\n allowed: false,\n error: `Insufficient roles. Required: ${roles.join(', ')}`,\n statusCode: 403\n };\n }\n } else {\n // Require ANY role (default)\n const hasRole = await this.exGuard.hasRoles(context.token, roles);\n const hasAny = Object.values(hasRole).some(Boolean);\n \n if (!hasAny) {\n return {\n allowed: false,\n error: `Insufficient roles. Required any of: ${roles.join(', ')}`,\n statusCode: 403\n };\n }\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Role check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has access to specific modules\n */\n async requireModules(\n context: GuardContext, \n modules: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n const userModuleKeys = userAccess.modules.map(m => m.key);\n\n let hasAccess: boolean;\n\n if (options.requireAll) {\n // Require ALL modules\n hasAccess = modules.every(module => userModuleKeys.includes(module));\n } else {\n // Require ANY module (default)\n hasAccess = modules.some(module => userModuleKeys.includes(module));\n }\n\n if (!hasAccess) {\n return {\n allowed: false,\n error: `Insufficient module access. Required: ${modules.join(', ')}`,\n statusCode: 403\n };\n }\n\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Module check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has access to specific field offices\n */\n async requireFieldOffices(\n context: GuardContext, \n fieldOffices: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n const userFieldOffices = await this.exGuard.getUserFieldOffices(context.token);\n\n let hasAccess: boolean;\n\n if (options.requireAll) {\n // Require ALL field offices\n hasAccess = fieldOffices.every(office => userFieldOffices.includes(office));\n } else {\n // Require ANY field office (default)\n hasAccess = fieldOffices.some(office => userFieldOffices.includes(office));\n }\n\n if (!hasAccess) {\n return {\n allowed: false,\n error: `Insufficient field office access. Required: ${fieldOffices.join(', ')}`,\n statusCode: 403\n };\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Field office check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Flexible guard with multiple requirements\n */\n async require(context: GuardContext, options: GuardOptions): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n let passed = true;\n const failures: string[] = [];\n\n // Check permissions\n if (options.permissions && options.permissions.length > 0) {\n const userPermissions = userAccess.modules.flatMap(m => m.permissions);\n const hasPermissions = options.requireAll\n ? options.permissions.every(p => userPermissions.includes(p))\n : options.permissions.some(p => userPermissions.includes(p));\n \n if (!hasPermissions) {\n passed = false;\n failures.push(`permissions: ${options.permissions.join(', ')}`);\n }\n }\n\n // Check roles\n if (options.roles && options.roles.length > 0) {\n const hasRoles = options.requireAll\n ? options.roles.every(r => userAccess.roles.includes(r))\n : options.roles.some(r => userAccess.roles.includes(r));\n \n if (!hasRoles) {\n passed = false;\n failures.push(`roles: ${options.roles.join(', ')}`);\n }\n }\n\n // Check modules\n if (options.modules && options.modules.length > 0) {\n const userModuleKeys = userAccess.modules.map(m => m.key);\n const hasModules = options.requireAll\n ? options.modules.every(m => userModuleKeys.includes(m))\n : options.modules.some(m => userModuleKeys.includes(m));\n \n if (!hasModules) {\n passed = false;\n failures.push(`modules: ${options.modules.join(', ')}`);\n }\n }\n\n // Check field offices\n if (options.fieldOffices && options.fieldOffices.length > 0) {\n const hasFieldOffices = options.requireAll\n ? options.fieldOffices.every(fo => userAccess.fieldOffices.includes(fo))\n : options.fieldOffices.some(fo => userAccess.fieldOffices.includes(fo));\n \n if (!hasFieldOffices) {\n passed = false;\n failures.push(`field offices: ${options.fieldOffices.join(', ')}`);\n }\n }\n\n if (!passed) {\n return {\n allowed: false,\n error: `Access denied. Missing: ${failures.join('; ')}`,\n statusCode: 403\n };\n }\n\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Access check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Simple authentication (just validates token)\n */\n async authenticate(context: GuardContext): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Authentication failed',\n statusCode: 401\n };\n }\n }\n\n /**\n * Get the underlying ExGuardBackendEnhanced instance\n */\n getExGuard(): ExGuardBackendEnhanced {\n return this.exGuard;\n }\n\n /**\n * Connect to realtime with user's token\n * This is called automatically by the guard when a request comes in\n */\n async connectWithUserToken(userToken: string): Promise<void> {\n return this.exGuard.connectWithUserToken(userToken);\n }\n}\n\n/**\n * Helper function to extract token from various request types\n */\nexport function extractToken(request: any): string | null {\n // Express-style\n if (request.headers?.authorization) {\n const authHeader = request.headers.authorization;\n if (authHeader.startsWith('Bearer ')) {\n return authHeader.substring(7);\n }\n }\n\n // Fastify-style\n if (request.headers?.authorization) {\n const authHeader = request.headers.authorization;\n if (authHeader.startsWith('Bearer ')) {\n return authHeader.substring(7);\n }\n }\n\n // Custom header\n if (request.headers?.['x-access-token']) {\n return request.headers['x-access-token'];\n }\n\n // Query parameter\n if (request.query?.token) {\n return request.query.token;\n }\n\n return null;\n}\n\n/**\n * Create a guard context from a request\n */\nexport function createGuardContext(request: any): GuardContext | null {\n const token = extractToken(request);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request\n };\n}\n","/**\n * Express.js middleware for ExGuard endpoint protection\n */\n\nimport { ExGuardBackend, GuardContext, GuardOptions, extractToken } from './guards.js';\n\n// Conditional types to avoid build errors when express is not installed\ntype Request = any;\ntype Response = any;\ntype NextFunction = any;\n\nexport interface AuthenticatedRequest extends Request {\n user?: {\n id: string;\n cognitoSubId: string;\n username: string;\n email: string;\n roles: string[];\n permissions: string[];\n modules: Array<{ key: string; permissions: string[] }>;\n fieldOffices: string[];\n };\n}\n\n/**\n * Express middleware factory\n */\nexport function createExGuardExpress(config: any) {\n const guard = new ExGuardBackend(config);\n\n return {\n /**\n * Require specific permissions\n */\n requirePermissions(permissions: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requirePermissions(context, permissions, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require specific roles\n */\n requireRoles(roles: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireRoles(context, roles, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require module access\n */\n requireModules(modules: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireModules(context, modules, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require field office access\n */\n requireFieldOffices(fieldOffices: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireFieldOffices(context, fieldOffices, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Flexible guard with multiple requirements\n */\n require(options: GuardOptions) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.require(context, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Simple authentication middleware\n */\n authenticate() {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.authenticate(context);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 401).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Get the underlying guard instance\n */\n getGuard(): ExGuardBackend {\n return guard;\n }\n };\n}\n\nfunction createGuardContext(req: Request): GuardContext | null {\n const token = extractToken(req);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request: req\n };\n}\n","/**\n * Fastify plugin for ExGuard endpoint protection\n */\n\nimport { ExGuardBackend, GuardContext, GuardOptions, extractToken } from './guards.js';\n\n// Conditional types to avoid build errors when fastify is not installed\ntype FastifyRequest = any;\ntype FastifyReply = any;\n\nexport interface AuthenticatedRequest extends FastifyRequest {\n user?: {\n id: string;\n cognitoSubId: string;\n username: string;\n email: string;\n roles: string[];\n permissions: string[];\n modules: Array<{ key: string; permissions: string[] }>;\n fieldOffices: string[];\n };\n}\n\n/**\n * Fastify plugin factory\n */\nexport function createExGuardFastify(config: any) {\n const guard = new ExGuardBackend(config);\n\n return {\n /**\n * Require specific permissions\n */\n requirePermissions(permissions: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requirePermissions(context, permissions, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require specific roles\n */\n requireRoles(roles: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireRoles(context, roles, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require module access\n */\n requireModules(modules: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireModules(context, modules, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require field office access\n */\n requireFieldOffices(fieldOffices: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireFieldOffices(context, fieldOffices, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Flexible guard with multiple requirements\n */\n require(options: GuardOptions) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.require(context, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Simple authentication hook\n */\n authenticate() {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.authenticate(context);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 401).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Get the underlying guard instance\n */\n getGuard(): ExGuardBackend {\n return guard;\n }\n };\n}\n\nfunction createGuardContext(req: FastifyRequest): GuardContext | null {\n const token = extractToken(req);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request: req\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,eAAAA;AAAA,EAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,mBAAoD;AAO7C,IAAM,iBAAN,MAAqB;AAAA,EAClB;AAAA,EACA;AAAA,EAER,YAAY,QAAuB;AACjC,SAAK,SAAS;AAAA,MACZ,SAAS;AAAA,MACT,GAAG;AAAA,IACL;AAEA,SAAK,SAAS,aAAAC,QAAM,OAAO;AAAA,MACzB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,cAAc,OAA4C;AAC9D,QAAI;AACF,YAAM,WACJ,MAAM,KAAK,OAAO,IAAI,aAAa;AAAA,QACjC,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK;AAAA,QAClC;AAAA,MACF,CAAC;AAEH,UAAI,CAAC,SAAS,KAAK,SAAS;AAC1B,cAAM,IAAI,MAAM,yCAAyC;AAAA,MAC3D;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,UAAI,aAAAA,QAAM,aAAa,KAAK,GAAG;AAC7B,YAAI,MAAM,UAAU,WAAW,KAAK;AAClC,gBAAM,IAAI,MAAM,wCAAwC;AAAA,QAC1D;AACA,cAAM,IAAI,MAAM,cAAc,MAAM,UAAU,MAAM,WAAW,MAAM,OAAO,EAAE;AAAA,MAChF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,OAAe,YAAsC;AACvE,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW,QAAQ;AAAA,QAAK,CAAAC,YAC7BA,QAAO,YAAY,SAAS,UAAU;AAAA,MACxC;AAAA,IACF,SAAS,OAAO;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,QAAQ,OAAe,MAAgC;AAC3D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW,MAAM,SAAS,IAAI;AAAA,IACvC,SAAS,OAAO;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,qBAAqB,OAAe,WAAsC;AAC9E,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,YAAMA,UAAS,WAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,aAAOA,SAAQ,eAAe,CAAC;AAAA,IACjC,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa,OAAkC;AACnD,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW;AAAA,IACpB,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,oBAAoB,OAAkC;AAC1D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW;AAAA,IACpB,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AACF;;;ACnIA,IAAAC,gBAAoD;;;ACU7C,IAAM,eAAN,MAAmB;AAAA,EAChB,QAAQ,oBAAI,IAA6B;AAAA,EACzC,cAAc,oBAAI,IAA6B;AAAA,EAC/C,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA,EAKrB,IAAO,KAAuB;AAC5B,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AAGnB,QAAI,KAAK,IAAI,IAAI,MAAM,YAAY,MAAM,KAAK;AAC5C,WAAK,MAAM,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAEA,WAAO,MAAM;AAAA,EACf;AAAA;AAAA;AAAA;AAAA,EAKA,IAAO,KAAa,MAAS,KAAoB;AAC/C,SAAK,MAAM,IAAI,KAAK;AAAA,MAClB;AAAA,MACA,WAAW,KAAK,IAAI;AAAA,MACpB,KAAK,OAAO,KAAK;AAAA,IACnB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,KAAsB;AAC3B,UAAM,UAAU,KAAK,MAAM,OAAO,GAAG;AACrC,QAAI,SAAS;AACX,WAAK,kBAAkB,GAAG;AAAA,IAC5B;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,QAAc;AACZ,UAAM,OAAO,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC;AACzC,SAAK,MAAM,MAAM;AACjB,SAAK,QAAQ,SAAO,KAAK,kBAAkB,GAAG,CAAC;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,QAAsB;AAEnC,UAAM,eAAe,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC,EAAE;AAAA,MAAO,SACxD,IAAI,SAAS,MAAM;AAAA,IACrB;AAEA,YAAQ,IAAI,0CAA0C,MAAM,WAAW,aAAa,MAAM,UAAU,YAAY;AAEhH,iBAAa,QAAQ,SAAO;AAC1B,WAAK,MAAM,OAAO,GAAG;AACrB,WAAK,kBAAkB,GAAG;AAAA,IAC5B,CAAC;AAED,QAAI,aAAa,WAAW,GAAG;AAC7B,cAAQ,IAAI,kDAAkD,MAAM,EAAE;AAAA,IACxE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,KAAa,UAAkC;AACvD,QAAI,CAAC,KAAK,YAAY,IAAI,GAAG,GAAG;AAC9B,WAAK,YAAY,IAAI,KAAK,oBAAI,IAAI,CAAC;AAAA,IACrC;AAEA,SAAK,YAAY,IAAI,GAAG,EAAG,IAAI,QAAQ;AAGvC,WAAO,MAAM;AACX,YAAM,YAAY,KAAK,YAAY,IAAI,GAAG;AAC1C,UAAI,WAAW;AACb,kBAAU,OAAO,QAAQ;AACzB,YAAI,UAAU,SAAS,GAAG;AACxB,eAAK,YAAY,OAAO,GAAG;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,KAAmB;AAC3C,UAAM,YAAY,KAAK,YAAY,IAAI,GAAG;AAC1C,QAAI,WAAW;AACb,gBAAU,QAAQ,cAAY;AAC5B,YAAI;AACF,mBAAS;AAAA,QACX,SAAS,OAAO;AACd,kBAAQ,MAAM,2BAA2B,KAAK;AAAA,QAChD;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,WAA6C;AAC3C,WAAO;AAAA,MACL,MAAM,KAAK,MAAM;AAAA,MACjB,MAAM,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC;AAAA,IACpC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,UAAgB;AACd,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,eAAyB,CAAC;AAEhC,SAAK,MAAM,QAAQ,CAAC,OAAO,QAAQ;AACjC,UAAI,MAAM,MAAM,YAAY,MAAM,KAAK;AACrC,qBAAa,KAAK,GAAG;AAAA,MACvB;AAAA,IACF,CAAC;AAED,iBAAa,QAAQ,SAAO;AAC1B,WAAK,MAAM,OAAO,GAAG;AACrB,WAAK,kBAAkB,GAAG;AAAA,IAC5B,CAAC;AAAA,EACH;AACF;AAGO,IAAM,QAAQ,IAAI,aAAa;;;ACnJtC,oBAAgC;AAEhC,QAAQ,IAAI,8CAA8C,OAAO,gBAAE;AAuC5D,IAAM,kBAAN,MAAsB;AAAA,EACnB,WAAW,oBAAI,IAAuC;AAAA,EACtD,SAAwB;AAAA,EACxB,oBAAoB;AAAA,EACpB;AAAA,EACA,aAA4B;AAAA,EAC5B,eAA8B;AAAA,EAC9B,gBAA+B;AAAA,EAC/B,kBAAkB;AAAA,EAE1B,YAAY,SAAgC,CAAC,GAAG;AAC9C,SAAK,SAAS;AAAA,MACZ,eAAe,OAAO,iBAAiB;AAAA,MACvC,sBAAsB,OAAO,wBAAwB;AAAA,MACrD,gBAAgB,OAAO,kBAAkB;AAAA,MACzC,mBAAmB,OAAO,qBAAqB;AAAA,MAC/C,WAAW,OAAO,cAAc,MAAM;AAAA,MAAC;AAAA,MACvC,cAAc,OAAO,iBAAiB,MAAM;AAAA,MAAC;AAAA,MAC7C,SAAS,OAAO,YAAY,CAAC,UAAiB,QAAQ,MAAM,4BAA4B,KAAK;AAAA,MAC7F,aAAa,OAAO,eAAe;AAAA,IACrC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,KAAc,aAAsB,QAAgC;AAC7E,QAAI,KAAK;AACP,WAAK,aAAa;AAClB,WAAK,eAAe,eAAe;AACnC,WAAK,gBAAgB,UAAU;AAC/B,UAAI,KAAK,OAAO,aAAa;AAC3B,YAAI;AACF,gBAAM,KAAK,QAAQ,KAAK,aAAa,MAAM;AAAA,QAC7C,SAAS,OAAO;AACd,kBAAQ,KAAK,gEAAgE,KAAK;AAAA,QACpF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,QAAQ,KAAa,MAAqC,QAAgC;AACxF,QAAI;AACJ,QAAI;AAEJ,QAAI,OAAO,SAAS,UAAU;AAC5B,kBAAY;AACZ,mBAAa,UAAU;AAAA,IACzB,WAAW,OAAO,SAAS,UAAU;AACnC,kBAAY,KAAK,eAAe,KAAK,eAAe,KAAK;AACzD,mBAAa,KAAK,UAAU,UAAU;AAAA,IACxC;AAEA,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,WAAK,kBAAkB;AACvB,WAAK,aAAa;AAClB,WAAK,eAAe,aAAa;AACjC,WAAK,gBAAgB,cAAc;AAEnC,UAAI;AAEF,YAAI,KAAK,QAAQ;AACf,eAAK,OAAO,WAAW;AACvB,eAAK,SAAS;AAAA,QAChB;AAEA,cAAM,YAAY,GAAG,GAAG;AACxB,gBAAQ,IAAI,oCAAoC,SAAS;AAEzD,aAAK,aAAS,kBAAG,WAAW;AAAA,UAC1B,MAAM;AAAA,YACJ,OAAO;AAAA,YACP,QAAQ;AAAA,UACV;AAAA,UACA,YAAY,CAAC,aAAa,SAAS;AAAA,UACnC,cAAc,KAAK,OAAO;AAAA,UAC1B,mBAAmB,KAAK,OAAO;AAAA,UAC/B,sBAAsB,KAAK,OAAO;AAAA,UAClC,sBAAsB,KAAK,OAAO;AAAA,UAClC,SAAS;AAAA,QACX,CAAC;AAED,aAAK,OAAO,GAAG,WAAW,MAAM;AAC9B,eAAK,oBAAoB;AACzB,kBAAQ,IAAI,2CAA2C,KAAK,QAAQ,EAAE;AACtE,eAAK,OAAO,UAAU;AACtB,kBAAQ;AAAA,QACV,CAAC;AAED,aAAK,OAAO,GAAG,cAAc,CAAC,WAAmB;AAC/C,kBAAQ,IAAI,mCAAmC,MAAM;AACrD,eAAK,OAAO,aAAa;AACzB,cAAI,KAAK,mBAAmB,KAAK,OAAO,eAAe;AACrD,iBAAK,gBAAgB;AAAA,UACvB;AAAA,QACF,CAAC;AAED,aAAK,OAAO,GAAG,iBAAiB,CAAC,UAAe;AAC9C,kBAAQ,MAAM,uCAAuC,MAAM,OAAO;AAClE,gBAAM,MAAM,IAAI,MAAM,qBAAqB,MAAM,OAAO,EAAE;AAC1D,eAAK,OAAO,QAAQ,GAAG;AACvB,cAAI,CAAC,KAAK,mBAAmB,KAAK,qBAAqB,KAAK,OAAO,sBAAsB;AACvF,mBAAO,GAAG;AAAA,UACZ;AAAA,QACF,CAAC;AAED,aAAK,OAAO,GAAG,SAAS,CAAC,UAAe;AACtC,kBAAQ,MAAM,mCAAmC,KAAK;AACtD,gBAAM,MAAM,IAAI,MAAM,iBAAiB,KAAK,EAAE;AAC9C,eAAK,OAAO,QAAQ,GAAG;AAAA,QACzB,CAAC;AAED,aAAK,OAAO,GAAG,qBAAqB,CAAC,YAAoB;AACvD,eAAK,oBAAoB;AACzB,kBAAQ,IAAI,8CAA8C,OAAO,GAAG;AAAA,QACtE,CAAC;AAED,aAAK,OAAO,GAAG,aAAa,MAAM;AAChC,kBAAQ,IAAI,gCAAgC;AAAA,QAC9C,CAAC;AAED,aAAK,OAAO,GAAG,oBAAoB,MAAM;AACvC,kBAAQ,MAAM,0DAA0D;AACxE,gBAAM,MAAM,IAAI,MAAM,4CAA4C;AAClE,eAAK,OAAO,QAAQ,GAAG;AACvB,iBAAO,GAAG;AAAA,QACZ,CAAC;AAGD,aAAK,OAAO,MAAM,CAAC,WAAmB,YAAiB;AACrD,cAAI;AACF,kBAAM,gBAA+B;AAAA,cACnC,MAAM;AAAA,cACN,WAAW,SAAS,aAAa,KAAK,IAAI;AAAA,cAC1C,MAAM,SAAS,QAAQ;AAAA,cACvB,QAAQ,SAAS;AAAA,YACnB;AACA,iBAAK,YAAY,aAAa;AAAA,UAChC,SAAS,OAAO;AACd,oBAAQ,MAAM,6CAA6C,KAAK;AAAA,UAClE;AAAA,QACF,CAAC;AAGD,mBAAW,MAAM;AACf,cAAI,CAAC,KAAK,QAAQ,WAAW;AAC3B,kBAAM,MAAM,IAAI,MAAM,oBAAoB;AAC1C,iBAAK,OAAO,QAAQ,GAAG;AACvB,iBAAK,QAAQ,WAAW;AACxB,mBAAO,GAAG;AAAA,UACZ;AAAA,QACF,GAAG,GAAK;AAAA,MAEV,SAAS,OAAO;AACd,eAAO,KAAK;AAAA,MACd;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,SAAiD;AAClE,QAAI,KAAK,QAAQ,WAAW;AAC1B,WAAK,OAAO,KAAK,aAAa,OAAO,EAAE;AACvC,cAAQ,IAAI,4CAA4C,OAAO,EAAE;AAAA,IACnE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAmB;AACjB,SAAK,kBAAkB;AACvB,QAAI,KAAK,QAAQ;AACf,WAAK,OAAO,WAAW;AACvB,WAAK,SAAS;AAAA,IAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UAAU,WAAmB,SAA2C;AACtE,QAAI,CAAC,KAAK,SAAS,IAAI,SAAS,GAAG;AACjC,WAAK,SAAS,IAAI,WAAW,oBAAI,IAAI,CAAC;AAAA,IACxC;AAEA,SAAK,SAAS,IAAI,SAAS,EAAG,IAAI,OAAO;AAEzC,WAAO,MAAM;AACX,YAAM,WAAW,KAAK,SAAS,IAAI,SAAS;AAC5C,UAAI,UAAU;AACZ,iBAAS,OAAO,OAAO;AACvB,YAAI,SAAS,SAAS,GAAG;AACvB,eAAK,SAAS,OAAO,SAAS;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,SAA2C;AACtD,WAAO,KAAK,UAAU,KAAK,OAAO;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKQ,YAAY,OAA4B;AAC9C,YAAQ,IAAI,qCAAqC,KAAK;AAGtD,UAAM,WAAW,KAAK,SAAS,IAAI,MAAM,IAAI;AAC7C,QAAI,UAAU;AACZ,eAAS,QAAQ,aAAW;AAC1B,YAAI;AACF,kBAAQ,KAAK;AAAA,QACf,SAAS,OAAO;AACd,kBAAQ,MAAM,0CAA0C,KAAK;AAAA,QAC/D;AAAA,MACF,CAAC;AAAA,IACH;AAGA,UAAM,mBAAmB,KAAK,SAAS,IAAI,GAAG;AAC9C,QAAI,kBAAkB;AACpB,uBAAiB,QAAQ,aAAW;AAClC,YAAI;AACF,kBAAQ,KAAK;AAAA,QACf,SAAS,OAAO;AACd,kBAAQ,MAAM,6CAA6C,KAAK;AAAA,QAClE;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAwB;AAC9B,QAAI,CAAC,KAAK,mBAAmB,CAAC,KAAK,OAAO,iBAAiB,CAAC,KAAK,YAAY;AAC3E;AAAA,IACF;AAEA,QAAI,KAAK,oBAAoB,KAAK,OAAO,sBAAsB;AAC7D,WAAK;AACL,YAAM,QAAQ,KAAK;AAAA,QACjB,KAAK,OAAO,iBAAiB,KAAK,IAAI,GAAG,KAAK,oBAAoB,CAAC;AAAA,QACnE,KAAK,OAAO;AAAA,MACd;AAEA,cAAQ,IAAI,qCAAqC,KAAK,eAAe,KAAK,iBAAiB,GAAG;AAE9F,iBAAW,MAAM;AACf,aAAK,QAAQ,KAAK,YAAa,KAAK,cAAe,KAAK,aAAc,EAAE,MAAM,WAAS;AACrF,kBAAQ,MAAM,0CAA0C,KAAK;AAAA,QAC/D,CAAC;AAAA,MACH,GAAG,KAAK;AAAA,IACV,OAAO;AACL,cAAQ,MAAM,qDAAqD;AAAA,IACrE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAA2B;AACzB,QAAI,KAAK,cAAc,KAAK,cAAc;AACxC,WAAK,oBAAoB;AACzB,aAAO,KAAK,QAAQ,KAAK,YAAY,KAAK,cAAc,KAAK,iBAAiB,MAAS;AAAA,IACzF,WAAW,KAAK,YAAY;AAC1B,WAAK,oBAAoB;AACzB,aAAO,KAAK,QAAQ,KAAK,UAAU;AAAA,IACrC;AACA,WAAO,QAAQ,OAAO,IAAI,MAAM,mBAAmB,CAAC;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA,EAKA,cAAuB;AACrB,WAAO,KAAK,QAAQ,aAAa;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,YAA0E;AACxE,QAAI,CAAC,KAAK,OAAQ,QAAO;AACzB,QAAI,KAAK,OAAO,UAAW,QAAO;AAClC,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,KAAK,OAAe,MAAiB;AACnC,QAAI,KAAK,QAAQ,WAAW;AAC1B,WAAK,OAAO,KAAK,OAAO,IAAI;AAAA,IAC9B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA8C;AACzD,SAAK,SAAS;AAAA,MACZ,GAAG,KAAK;AAAA,MACR,GAAG;AAAA,IACL;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,KAAa,aAAqB,QAAgC;AAC3F,QAAI;AACF,YAAM,KAAK,QAAQ,KAAK,aAAa,MAAM;AAAA,IAC7C,SAAS,OAAO;AACd,cAAQ,KAAK,wDAAwD,KAAK;AAAA,IAC5E;AAAA,EACF;AACF;AAGO,SAAS,eAAe,QAAiD;AAC9E,SAAO,IAAI,gBAAgB,MAAM;AACnC;AAGO,IAAM,WAAW,IAAI,gBAAgB;;;AF9VrC,IAAM,yBAAN,MAA6B;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,SAAwB;AAAA,EACxB,uBAAuB;AAAA,EAE/B,YAAY,QAA+B;AACzC,SAAK,SAAS;AAAA,MACZ,SAAS;AAAA,MACT,OAAO;AAAA,QACL,SAAS;AAAA,QACT,KAAK;AAAA,MACP;AAAA,MACA,UAAU;AAAA,QACR,SAAS;AAAA,QACT,eAAe;AAAA,QACf,sBAAsB;AAAA,QACtB,gBAAgB;AAAA,MAClB;AAAA,MACA,GAAG;AAAA,IACL;AAEA,SAAK,QAAQ;AAEb,UAAM,iBAAwC;AAAA,MAC5C,eAAe,KAAK,OAAO,UAAU,iBAAiB;AAAA,MACtD,sBAAsB,KAAK,OAAO,UAAU,wBAAwB;AAAA,MACpE,gBAAgB,KAAK,OAAO,UAAU,kBAAkB;AAAA,MACxD,WAAW,MAAM;AACf,aAAK,uBAAuB;AAC5B,aAAK,OAAO,UAAU,YAAY;AAAA,MACpC;AAAA,MACA,cAAc,MAAM;AAClB,aAAK,uBAAuB;AAC5B,aAAK,OAAO,UAAU,eAAe;AAAA,MACvC;AAAA,MACA,SAAS,CAAC,UAAU;AAClB,aAAK,OAAO,UAAU,UAAU,KAAK;AAAA,MACvC;AAAA,IACF;AAEA,SAAK,WAAW,eAAe,cAAc;AAE7C,SAAK,SAAS,cAAAC,QAAM,OAAO;AAAA,MACzB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,IACF,CAAC;AAED,YAAQ,IAAI,qCAAqC;AAAA,MAC/C,SAAS,KAAK,OAAO,UAAU;AAAA,MAC/B,KAAK,KAAK,OAAO,UAAU;AAAA,MAC3B,gBAAgB,CAAC,CAAC,KAAK,OAAO,UAAU;AAAA,IAC1C,CAAC;AAED,QAAI,KAAK,OAAO,UAAU,WAAW,KAAK,OAAO,SAAS,KAAK;AAC7D,cAAQ,IAAI,kDAAkD;AAC9D,WAAK,cAAc,EAAE,MAAM,SAAO;AAChC,gBAAQ,MAAM,8CAA8C,GAAG;AAAA,MACjE,CAAC;AAAA,IACH,OAAO;AACL,cAAQ,IAAI,uDAAuD;AAAA,IACrE;AAEA,gBAAY,MAAM;AAChB,WAAK,MAAM,QAAQ;AAAA,IACrB,GAAG,GAAK;AAAA,EACV;AAAA,EAEA,MAAc,gBAA+B;AAE3C,QAAI,CAAC,KAAK,OAAO,UAAU,WAAW,CAAC,KAAK,OAAO,UAAU,KAAK;AAChE;AAAA,IACF;AAEA,QAAI;AACF,YAAM,KAAK,SAAS;AAAA,QAClB,KAAK,OAAO,SAAS;AAAA,QACrB,KAAK,OAAO,SAAS;AAAA,MACvB;AAGA,WAAK,SAAS,mBAAmB,MAAM;AACvC,WAAK,SAAS,mBAAmB,OAAO;AACxC,WAAK,SAAS,mBAAmB,aAAa;AAG9C,WAAK,SAAS,UAAU,KAAK,CAAC,UAAyB;AACrD,gBAAQ,IAAI,6CAA6C,KAAK;AAG9D,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,eAAK,OAAO,UAAU,eAAe,KAAK;AAC1C,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,eAAK,OAAO,UAAU,eAAe,KAAK;AAC1C,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,YAAY,KAAK,MAAM,SAAS,qBAAqB;AAC3E,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IAEH,SAAS,OAAO;AACd,cAAQ,KAAK,uEAAuE,KAAK;AAAA,IAC3F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,KAAc,aAAqC;AACvE,UAAM,QAAQ,OAAO,KAAK,OAAO,UAAU;AAC3C,UAAM,UAAU,eAAe,KAAK,OAAO,UAAU;AAErD,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM,2BAA2B;AAAA,IAC7C;AAEA,UAAM,KAAK,cAAc;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,WAAkC;AAC3D,UAAM,QAAQ,KAAK,OAAO,UAAU;AAEpC,QAAI,CAAC,OAAO;AACV,cAAQ,KAAK,6CAA6C;AAC1D;AAAA,IACF;AAGA,UAAM,SAAS,KAAK,uBAAuB,SAAS,KAAK;AAEzD,YAAQ,IAAI,oEAAoE,MAAM;AAEtF,QAAI;AACF,YAAM,KAAK,SAAS,QAAQ,OAAO,WAAW,MAAM;AACpD,WAAK,SAAS,mBAAmB,MAAM;AAAA,IACzC,SAAS,OAAO;AACd,cAAQ,KAAK,uDAAuD,KAAK;AAAA,IAC3E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,qBAA2B;AACzB,SAAK,SAAS,WAAW;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,sBAA+B;AAC7B,WAAO,KAAK,wBAAwB,KAAK,SAAS,YAAY;AAAA,EAChE;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAkF;AAChF,WAAO,KAAK,SAAS,UAAU;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAoB,WAAmB,SAAqD;AAC1F,WAAO,KAAK,SAAS,UAAU,WAAW,OAAO;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA,EAKA,uBAAuB,SAAqD;AAC1E,WAAO,KAAK,SAAS,aAAa,OAAO;AAAA,EAC3C;AAAA,EAEQ,uBAAuB,OAA8B;AAC3D,QAAI;AACF,YAAM,UAAU,KAAK,MAAM,KAAK,MAAM,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC;AACpD,aAAO,QAAQ,OAAO;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEQ,YAAY,OAAe,SAAiB,IAAY;AAC9D,UAAM,SAAS,KAAK,uBAAuB,KAAK,KAAK;AACrD,WAAO,QAAQ,MAAM,IAAI,MAAM;AAAA,EACjC;AAAA,EAEA,MAAM,cAAc,OAA4C;AAC9D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,aAAO,KAAK,gBAAgB,KAAK;AAAA,IACnC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,QAAQ;AACjD,UAAM,SAAS,KAAK,MAAM,IAAwB,QAAQ;AAE1D,QAAI,QAAQ;AACV,cAAQ,IAAI,4CAA4C;AACxD,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,mDAAmD;AAC/D,UAAM,OAAO,MAAM,KAAK,gBAAgB,KAAK;AAE7C,SAAK,MAAM,IAAI,UAAU,MAAM,KAAK,OAAO,MAAM,GAAG;AAEpD,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,gBAAgB,OAA4C;AACxE,QAAI;AACF,YAAM,WACJ,MAAM,KAAK,OAAO,IAAI,aAAa;AAAA,QACjC,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK;AAAA,QAClC;AAAA,MACF,CAAC;AAEH,UAAI,CAAC,SAAS,KAAK,SAAS;AAC1B,cAAM,IAAI,MAAM,yCAAyC;AAAA,MAC3D;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,UAAI,cAAAA,QAAM,aAAa,KAAK,GAAG;AAC7B,YAAI,MAAM,UAAU,WAAW,KAAK;AAClC,gBAAM,IAAI,MAAM,wCAAwC;AAAA,QAC1D;AACA,cAAM,IAAI,MAAM,cAAc,MAAM,UAAU,MAAM,WAAW,MAAM,OAAO,EAAE;AAAA,MAChF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAM,cAAc,OAAe,YAAsC;AACvE,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMC,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW,QAAQ;AAAA,QAAK,CAAAC,YAC7BA,QAAO,YAAY,SAAS,UAAU;AAAA,MACxC;AAAA,IACF;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,UAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,8CAA8C,UAAU,EAAE;AACtE,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,qDAAqD,UAAU,EAAE;AAC7E,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,gBAAgB,WAAW,QAAQ;AAAA,MAAK,CAAAA,YAC5CA,QAAO,YAAY,SAAS,UAAU;AAAA,IACxC;AAEA,SAAK,MAAM,IAAI,UAAU,eAAe,KAAK,OAAO,MAAM,MAAO,CAAC;AAElE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,QAAQ,OAAe,MAAgC;AAC3D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMD,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW,MAAM,SAAS,IAAI;AAAA,IACvC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,UAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,wCAAwC,IAAI,EAAE;AAC1D,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,+CAA+C,IAAI,EAAE;AACjE,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,UAAU,WAAW,MAAM,SAAS,IAAI;AAE9C,SAAK,MAAM,IAAI,UAAU,SAAS,KAAK,OAAO,MAAM,MAAO,CAAC;AAE5D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBAAqB,OAAe,WAAsC;AAC9E,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMA,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,YAAMC,UAASD,YAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,aAAOC,SAAQ,eAAe,CAAC;AAAA,IACjC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,UAAU,SAAS,EAAE;AAC9D,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,0CAA0C,SAAS,EAAE;AACjE,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,6DAA6D,SAAS,EAAE;AACpF,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAMA,UAAS,WAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,UAAM,cAAcA,SAAQ,eAAe,CAAC;AAE5C,SAAK,MAAM,IAAI,UAAU,aAAa,KAAK,OAAO,MAAM,GAAG;AAE3D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,aAAa,OAAkC;AACnD,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMD,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW;AAAA,IACpB;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,OAAO;AAChD,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,2CAA2C;AACvD,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,kDAAkD;AAC9D,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,QAAQ,WAAW;AAEzB,SAAK,MAAM,IAAI,UAAU,OAAO,KAAK,OAAO,MAAM,GAAG;AAErD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,oBAAoB,OAAkC;AAC1D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMA,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW;AAAA,IACpB;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,eAAe;AACxD,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,8CAA8C;AAC1D,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,qDAAqD;AACjE,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,eAAe,WAAW;AAEhC,SAAK,MAAM,IAAI,UAAU,cAAc,KAAK,OAAO,MAAM,GAAG;AAE5D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,eAAe,OAAe,aAAyD;AAC3F,UAAM,UAAmC,CAAC;AAC1C,UAAM,sBAAgC,CAAC;AAEvC,eAAW,cAAc,aAAa;AACpC,UAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,cAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,cAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,YAAI,WAAW,MAAM;AACnB,kBAAQ,UAAU,IAAI;AAAA,QACxB,OAAO;AACL,8BAAoB,KAAK,UAAU;AAAA,QACrC;AAAA,MACF,OAAO;AACL,4BAAoB,KAAK,UAAU;AAAA,MACrC;AAAA,IACF;AAEA,QAAI,oBAAoB,SAAS,GAAG;AAClC,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AAEjD,iBAAW,cAAc,qBAAqB;AAC5C,cAAM,gBAAgB,WAAW,QAAQ;AAAA,UAAK,CAAAC,YAC5CA,QAAO,YAAY,SAAS,UAAU;AAAA,QACxC;AACA,gBAAQ,UAAU,IAAI;AAEtB,YAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,gBAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,eAAK,MAAM,IAAI,UAAU,eAAe,KAAK,OAAO,MAAM,MAAO,CAAC;AAAA,QACpE;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,OAAe,OAAmD;AAC/E,UAAM,UAAmC,CAAC;AAC1C,UAAM,gBAA0B,CAAC;AAEjC,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,cAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,cAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,IAAI;AAAA,QAClB,OAAO;AACL,wBAAc,KAAK,IAAI;AAAA,QACzB;AAAA,MACF,OAAO;AACL,sBAAc,KAAK,IAAI;AAAA,MACzB;AAAA,IACF;AAEA,QAAI,cAAc,SAAS,GAAG;AAC5B,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AAEjD,iBAAW,QAAQ,eAAe;AAChC,cAAM,UAAU,WAAW,MAAM,SAAS,IAAI;AAC9C,gBAAQ,IAAI,IAAI;AAEhB,YAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,gBAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,eAAK,MAAM,IAAI,UAAU,SAAS,KAAK,OAAO,MAAM,MAAO,CAAC;AAAA,QAC9D;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,eAAe,OAAqB;AAClC,UAAM,SAAS,KAAK,uBAAuB,KAAK;AAChD,QAAI,QAAQ;AACV,WAAK,MAAM,eAAe,MAAM;AAChC,cAAQ,IAAI,4CAA4C,MAAM,EAAE;AAAA,IAClE;AAAA,EACF;AAAA,EAEA,gBAAsB;AACpB,SAAK,MAAM,MAAM;AACjB,YAAQ,IAAI,oCAAoC;AAAA,EAClD;AAAA,EAEA,gBAAkD;AAChD,WAAO,KAAK,MAAM,SAAS;AAAA,EAC7B;AAAA,EAEA,aAAmB;AACjB,SAAK,SAAS,WAAW;AAAA,EAC3B;AACF;;;AG3fO,IAAMC,kBAAN,MAAqB;AAAA,EAClB;AAAA,EAER,YAAY,QAA+B;AACzC,SAAK,UAAU,IAAI,uBAAuB,MAAM;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,SACA,aACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,UAAI,QAAQ,YAAY;AAEtB,cAAM,UAAU,MAAM,KAAK,QAAQ,eAAe,QAAQ,OAAO,WAAW;AAC5E,cAAM,SAAS,YAAY,MAAM,gBAAc,QAAQ,UAAU,CAAC;AAElE,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,uCAAuC,YAAY,KAAK,IAAI,CAAC;AAAA,YACpE,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF,OAAO;AAEL,cAAM,gBAAgB,MAAM,KAAK,QAAQ,eAAe,QAAQ,OAAO,WAAW;AAClF,cAAM,SAAS,OAAO,OAAO,aAAa,EAAE,KAAK,OAAO;AAExD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,8CAA8C,YAAY,KAAK,IAAI,CAAC;AAAA,YAC3E,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aACJ,SACA,OACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,UAAI,QAAQ,YAAY;AAEtB,cAAM,UAAU,MAAM,KAAK,QAAQ,SAAS,QAAQ,OAAO,KAAK;AAChE,cAAM,SAAS,MAAM,MAAM,UAAQ,QAAQ,IAAI,CAAC;AAEhD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,iCAAiC,MAAM,KAAK,IAAI,CAAC;AAAA,YACxD,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF,OAAO;AAEL,cAAM,UAAU,MAAM,KAAK,QAAQ,SAAS,QAAQ,OAAO,KAAK;AAChE,cAAM,SAAS,OAAO,OAAO,OAAO,EAAE,KAAK,OAAO;AAElD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,wCAAwC,MAAM,KAAK,IAAI,CAAC;AAAA,YAC/D,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eACJ,SACA,SACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,YAAM,iBAAiB,WAAW,QAAQ,IAAI,OAAK,EAAE,GAAG;AAExD,UAAI;AAEJ,UAAI,QAAQ,YAAY;AAEtB,oBAAY,QAAQ,MAAM,CAAAC,YAAU,eAAe,SAASA,OAAM,CAAC;AAAA,MACrE,OAAO;AAEL,oBAAY,QAAQ,KAAK,CAAAA,YAAU,eAAe,SAASA,OAAM,CAAC;AAAA,MACpE;AAEA,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,yCAAyC,QAAQ,KAAK,IAAI,CAAC;AAAA,UAClE,YAAY;AAAA,QACd;AAAA,MACF;AAEA,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBACJ,SACA,cACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,YAAM,mBAAmB,MAAM,KAAK,QAAQ,oBAAoB,QAAQ,KAAK;AAE7E,UAAI;AAEJ,UAAI,QAAQ,YAAY;AAEtB,oBAAY,aAAa,MAAM,YAAU,iBAAiB,SAAS,MAAM,CAAC;AAAA,MAC5E,OAAO;AAEL,oBAAY,aAAa,KAAK,YAAU,iBAAiB,SAAS,MAAM,CAAC;AAAA,MAC3E;AAEA,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,+CAA+C,aAAa,KAAK,IAAI,CAAC;AAAA,UAC7E,YAAY;AAAA,QACd;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAQ,SAAuB,SAA6C;AAChF,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,UAAI,SAAS;AACb,YAAM,WAAqB,CAAC;AAG5B,UAAI,QAAQ,eAAe,QAAQ,YAAY,SAAS,GAAG;AACzD,cAAM,kBAAkB,WAAW,QAAQ,QAAQ,OAAK,EAAE,WAAW;AACrE,cAAM,iBAAiB,QAAQ,aAC3B,QAAQ,YAAY,MAAM,OAAK,gBAAgB,SAAS,CAAC,CAAC,IAC1D,QAAQ,YAAY,KAAK,OAAK,gBAAgB,SAAS,CAAC,CAAC;AAE7D,YAAI,CAAC,gBAAgB;AACnB,mBAAS;AACT,mBAAS,KAAK,gBAAgB,QAAQ,YAAY,KAAK,IAAI,CAAC,EAAE;AAAA,QAChE;AAAA,MACF;AAGA,UAAI,QAAQ,SAAS,QAAQ,MAAM,SAAS,GAAG;AAC7C,cAAM,WAAW,QAAQ,aACrB,QAAQ,MAAM,MAAM,OAAK,WAAW,MAAM,SAAS,CAAC,CAAC,IACrD,QAAQ,MAAM,KAAK,OAAK,WAAW,MAAM,SAAS,CAAC,CAAC;AAExD,YAAI,CAAC,UAAU;AACb,mBAAS;AACT,mBAAS,KAAK,UAAU,QAAQ,MAAM,KAAK,IAAI,CAAC,EAAE;AAAA,QACpD;AAAA,MACF;AAGA,UAAI,QAAQ,WAAW,QAAQ,QAAQ,SAAS,GAAG;AACjD,cAAM,iBAAiB,WAAW,QAAQ,IAAI,OAAK,EAAE,GAAG;AACxD,cAAM,aAAa,QAAQ,aACvB,QAAQ,QAAQ,MAAM,OAAK,eAAe,SAAS,CAAC,CAAC,IACrD,QAAQ,QAAQ,KAAK,OAAK,eAAe,SAAS,CAAC,CAAC;AAExD,YAAI,CAAC,YAAY;AACf,mBAAS;AACT,mBAAS,KAAK,YAAY,QAAQ,QAAQ,KAAK,IAAI,CAAC,EAAE;AAAA,QACxD;AAAA,MACF;AAGA,UAAI,QAAQ,gBAAgB,QAAQ,aAAa,SAAS,GAAG;AAC3D,cAAM,kBAAkB,QAAQ,aAC5B,QAAQ,aAAa,MAAM,QAAM,WAAW,aAAa,SAAS,EAAE,CAAC,IACrE,QAAQ,aAAa,KAAK,QAAM,WAAW,aAAa,SAAS,EAAE,CAAC;AAExE,YAAI,CAAC,iBAAiB;AACpB,mBAAS;AACT,mBAAS,KAAK,kBAAkB,QAAQ,aAAa,KAAK,IAAI,CAAC,EAAE;AAAA,QACnE;AAAA,MACF;AAEA,UAAI,CAAC,QAAQ;AACX,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,2BAA2B,SAAS,KAAK,IAAI,CAAC;AAAA,UACrD,YAAY;AAAA,QACd;AAAA,MACF;AAEA,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,SAA6C;AAC9D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAqC;AACnC,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,WAAkC;AAC3D,WAAO,KAAK,QAAQ,qBAAqB,SAAS;AAAA,EACpD;AACF;AAKO,SAAS,aAAa,SAA6B;AAExD,MAAI,QAAQ,SAAS,eAAe;AAClC,UAAM,aAAa,QAAQ,QAAQ;AACnC,QAAI,WAAW,WAAW,SAAS,GAAG;AACpC,aAAO,WAAW,UAAU,CAAC;AAAA,IAC/B;AAAA,EACF;AAGA,MAAI,QAAQ,SAAS,eAAe;AAClC,UAAM,aAAa,QAAQ,QAAQ;AACnC,QAAI,WAAW,WAAW,SAAS,GAAG;AACpC,aAAO,WAAW,UAAU,CAAC;AAAA,IAC/B;AAAA,EACF;AAGA,MAAI,QAAQ,UAAU,gBAAgB,GAAG;AACvC,WAAO,QAAQ,QAAQ,gBAAgB;AAAA,EACzC;AAGA,MAAI,QAAQ,OAAO,OAAO;AACxB,WAAO,QAAQ,MAAM;AAAA,EACvB;AAEA,SAAO;AACT;;;ACjTO,SAAS,qBAAqB,QAAa;AAChD,QAAM,QAAQ,IAAIC,gBAAe,MAAM;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIL,mBAAmB,aAAuB,UAAoC,CAAC,GAAG;AAChF,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,mBAAmB,SAAS,aAAa,OAAO;AAE3E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,aAAa,OAAiB,UAAoC,CAAC,GAAG;AACpE,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,SAAS,OAAO,OAAO;AAE/D,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe,SAAmB,UAAoC,CAAC,GAAG;AACxE,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,eAAe,SAAS,SAAS,OAAO;AAEnE,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,oBAAoB,cAAwB,UAAoC,CAAC,GAAG;AAClF,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,oBAAoB,SAAS,cAAc,OAAO;AAE7E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,QAAQ,SAAuB;AAC7B,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,QAAQ,SAAS,OAAO;AAEnD,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe;AACb,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,OAAO;AAE/C,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,WAA2B;AACzB,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,KAAmC;AAC7D,QAAM,QAAQ,aAAa,GAAG;AAC9B,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,EACX;AACF;;;ACxQO,SAAS,qBAAqB,QAAa;AAChD,QAAM,QAAQ,IAAIC,gBAAe,MAAM;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIL,mBAAmB,aAAuB,UAAoC,CAAC,GAAG;AAChF,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUC,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,mBAAmB,SAAS,aAAa,OAAO;AAE3E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,aAAa,OAAiB,UAAoC,CAAC,GAAG;AACpE,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,SAAS,OAAO,OAAO;AAE/D,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe,SAAmB,UAAoC,CAAC,GAAG;AACxE,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,eAAe,SAAS,SAAS,OAAO;AAEnE,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,oBAAoB,cAAwB,UAAoC,CAAC,GAAG;AAClF,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,oBAAoB,SAAS,cAAc,OAAO;AAE7E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,QAAQ,SAAuB;AAC7B,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,QAAQ,SAAS,OAAO;AAEnD,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe;AACb,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,OAAO;AAE/C,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,WAA2B;AACzB,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,SAASA,oBAAmB,KAA0C;AACpE,QAAM,QAAQ,aAAa,GAAG;AAC9B,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,EACX;AACF;","names":["ExGuardBackend","axios","module","import_axios","axios","userAccess","module","ExGuardBackend","module","ExGuardBackend","ExGuardBackend","createGuardContext"]}
package/dist/index.d.cts CHANGED
@@ -394,6 +394,11 @@ declare class ExGuardBackend {
394
394
  * Get the underlying ExGuardBackendEnhanced instance
395
395
  */
396
396
  getExGuard(): ExGuardBackendEnhanced;
397
+ /**
398
+ * Connect to realtime with user's token
399
+ * This is called automatically by the guard when a request comes in
400
+ */
401
+ connectWithUserToken(userToken: string): Promise<void>;
397
402
  }
398
403
 
399
404
  /**
package/dist/index.d.ts CHANGED
@@ -394,6 +394,11 @@ declare class ExGuardBackend {
394
394
  * Get the underlying ExGuardBackendEnhanced instance
395
395
  */
396
396
  getExGuard(): ExGuardBackendEnhanced;
397
+ /**
398
+ * Connect to realtime with user's token
399
+ * This is called automatically by the guard when a request comes in
400
+ */
401
+ connectWithUserToken(userToken: string): Promise<void>;
397
402
  }
398
403
 
399
404
  /**
package/dist/index.js CHANGED
@@ -1145,6 +1145,13 @@ var ExGuardBackend2 = class {
1145
1145
  getExGuard() {
1146
1146
  return this.exGuard;
1147
1147
  }
1148
+ /**
1149
+ * Connect to realtime with user's token
1150
+ * This is called automatically by the guard when a request comes in
1151
+ */
1152
+ async connectWithUserToken(userToken) {
1153
+ return this.exGuard.connectWithUserToken(userToken);
1154
+ }
1148
1155
  };
1149
1156
  function extractToken(request) {
1150
1157
  if (request.headers?.authorization) {
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/exguard-backend.ts","../src/exguard-backend-enhanced.ts","../src/cache.ts","../src/realtime.ts","../src/guards.ts","../src/express.ts","../src/fastify.ts"],"sourcesContent":["import axios, { AxiosInstance, AxiosResponse } from 'axios';\nimport { \n UserAccessResponse, \n ApiResponse, \n ExGuardConfig \n} from './types.js';\n\nexport class ExGuardBackend {\n private client: AxiosInstance;\n private config: ExGuardConfig;\n\n constructor(config: ExGuardConfig) {\n this.config = {\n timeout: 10000,\n ...config,\n };\n\n this.client = axios.create({\n baseURL: this.config.apiUrl,\n timeout: this.config.timeout,\n headers: {\n 'Content-Type': 'application/json',\n },\n });\n }\n\n /**\n * Get user roles and permissions from the /guard/me endpoint\n * @param token - JWT access token\n * @returns Promise<UserAccessResponse>\n */\n async getUserAccess(token: string): Promise<UserAccessResponse> {\n try {\n const response: AxiosResponse<ApiResponse<UserAccessResponse>> = \n await this.client.get('/guard/me', {\n headers: {\n 'Authorization': `Bearer ${token}`,\n },\n });\n\n if (!response.data.success) {\n throw new Error('Failed to fetch user access information');\n }\n\n return response.data.data;\n } catch (error) {\n if (axios.isAxiosError(error)) {\n if (error.response?.status === 401) {\n throw new Error('Unauthorized: Invalid or expired token');\n }\n throw new Error(`API Error: ${error.response?.data?.message || error.message}`);\n }\n throw error;\n }\n }\n\n /**\n * Check if user has specific permission\n * @param token - JWT access token\n * @param permission - Permission to check (e.g., 'events:create')\n * @returns Promise<boolean>\n */\n async hasPermission(token: string, permission: string): Promise<boolean> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n } catch (error) {\n return false;\n }\n }\n\n /**\n * Check if user has specific role\n * @param token - JWT access token\n * @param role - Role to check (e.g., 'Event Manager')\n * @returns Promise<boolean>\n */\n async hasRole(token: string, role: string): Promise<boolean> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles.includes(role);\n } catch (error) {\n return false;\n }\n }\n\n /**\n * Get all permissions for a specific module\n * @param token - JWT access token\n * @param moduleKey - Module key (e.g., 'events')\n * @returns Promise<string[]>\n */\n async getModulePermissions(token: string, moduleKey: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n return module?.permissions || [];\n } catch (error) {\n return [];\n }\n }\n\n /**\n * Get user roles\n * @param token - JWT access token\n * @returns Promise<string[]>\n */\n async getUserRoles(token: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles;\n } catch (error) {\n return [];\n }\n }\n\n /**\n * Get user field offices\n * @param token - JWT access token\n * @returns Promise<string[]>\n */\n async getUserFieldOffices(token: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.fieldOffices;\n } catch (error) {\n return [];\n }\n }\n}\n","import axios, { AxiosInstance, AxiosResponse } from 'axios';\nimport { \n UserAccessResponse, \n ApiResponse, \n ExGuardConfig \n} from './types.js';\nimport { cache, ExGuardCache } from './cache.js';\nimport { \n realtime, \n RealtimeEvent, \n ExGuardRealtime,\n ExGuardRealtimeConfig,\n createRealtime \n} from './realtime.js';\n\nexport interface ExGuardEnhancedConfig extends ExGuardConfig {\n cache?: {\n ttl?: number;\n enabled?: boolean;\n };\n realtime?: {\n enabled?: boolean;\n url?: string;\n accessToken?: string;\n autoReconnect?: boolean;\n maxReconnectAttempts?: number;\n reconnectDelay?: number;\n autoConnect?: boolean;\n onConnect?: () => void;\n onDisconnect?: () => void;\n onError?: (error: Error) => void;\n onRBACUpdate?: (event: RealtimeEvent) => void;\n onUserUpdate?: (event: RealtimeEvent) => void;\n };\n}\n\nexport class ExGuardBackendEnhanced {\n private client: AxiosInstance;\n private config: ExGuardEnhancedConfig;\n private cache: ExGuardCache;\n private realtime: ExGuardRealtime;\n private userId: string | null = null;\n private _isRealtimeConnected = false;\n\n constructor(config: ExGuardEnhancedConfig) {\n this.config = {\n timeout: 10000,\n cache: {\n enabled: true,\n ttl: 300000,\n },\n realtime: {\n enabled: false,\n autoReconnect: true,\n maxReconnectAttempts: 5,\n reconnectDelay: 1000,\n },\n ...config,\n };\n\n this.cache = cache;\n \n const realtimeConfig: ExGuardRealtimeConfig = {\n autoReconnect: this.config.realtime?.autoReconnect ?? true,\n maxReconnectAttempts: this.config.realtime?.maxReconnectAttempts ?? 5,\n reconnectDelay: this.config.realtime?.reconnectDelay ?? 1000,\n onConnect: () => {\n this._isRealtimeConnected = true;\n this.config.realtime?.onConnect?.();\n },\n onDisconnect: () => {\n this._isRealtimeConnected = false;\n this.config.realtime?.onDisconnect?.();\n },\n onError: (error) => {\n this.config.realtime?.onError?.(error);\n },\n };\n \n this.realtime = createRealtime(realtimeConfig);\n\n this.client = axios.create({\n baseURL: this.config.apiUrl,\n timeout: this.config.timeout,\n headers: {\n 'Content-Type': 'application/json',\n },\n });\n\n console.log('[ExGuardBackend] Realtime config:', {\n enabled: this.config.realtime?.enabled,\n url: this.config.realtime?.url,\n hasAccessToken: !!this.config.realtime?.accessToken,\n });\n\n if (this.config.realtime?.enabled && this.config.realtime.url) {\n console.log('[ExGuardBackend] Starting realtime connection...');\n this.setupRealtime().catch(err => {\n console.error('[ExGuardBackend] Failed to setup realtime:', err);\n });\n } else {\n console.log('[ExGuardBackend] Realtime disabled or no URL provided');\n }\n\n setInterval(() => {\n this.cache.cleanup();\n }, 60000);\n }\n\n private async setupRealtime(): Promise<void> {\n // Only connect if explicitly enabled AND URL is provided\n if (!this.config.realtime?.enabled || !this.config.realtime?.url) {\n return;\n }\n\n try {\n await this.realtime.connect(\n this.config.realtime.url, \n this.config.realtime.accessToken\n );\n\n // Subscribe to channels for realtime updates\n this.realtime.subscribeToChannel('rbac');\n this.realtime.subscribeToChannel('roles');\n this.realtime.subscribeToChannel('permissions');\n \n // Listen to all events using wildcard\n this.realtime.subscribe('*', (event: RealtimeEvent) => {\n console.log('[ExGuardBackend] Realtime event received:', event);\n \n // Handle specific event types\n if (event.type.includes('rbac') || event.type === 'rbac_update') {\n this.config.realtime?.onRBACUpdate?.(event);\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('user') || event.type === 'user_update') {\n this.config.realtime?.onUserUpdate?.(event);\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('role') || event.type === 'role_update') {\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('permission') || event.type === 'permission_update') {\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n });\n\n } catch (error) {\n console.warn('[ExGuardBackend] Realtime connection failed (will retry on demand):', error);\n }\n }\n\n /**\n * Manually connect to realtime server\n */\n async connectRealtime(url?: string, accessToken?: string): Promise<void> {\n const wsUrl = url || this.config.realtime?.url;\n const wsToken = accessToken || this.config.realtime?.accessToken;\n \n if (!wsUrl) {\n throw new Error('WebSocket URL is required');\n }\n \n await this.setupRealtime();\n }\n\n /**\n * Connect to realtime with user's token (extracts userId from token)\n * Call this in your middleware/guard when a user makes a request\n */\n async connectWithUserToken(userToken: string): Promise<void> {\n const wsUrl = this.config.realtime?.url;\n \n if (!wsUrl) {\n console.warn('[ExGuardBackend] No realtime URL configured');\n return;\n }\n\n // Extract userId from token if possible\n const userId = this.extractUserIdFromToken(userToken) || 'unknown';\n \n console.log('[ExGuardBackend] Connecting to realtime with user token, userId:', userId);\n \n try {\n await this.realtime.connect(wsUrl, userToken, userId);\n this.realtime.subscribeToChannel('rbac');\n } catch (error) {\n console.warn('[ExGuardBackend] Failed to connect with user token:', error);\n }\n }\n\n /**\n * Disconnect from realtime server\n */\n disconnectRealtime(): void {\n this.realtime.disconnect();\n }\n\n /**\n * Check if realtime is connected\n */\n isRealtimeConnected(): boolean {\n return this._isRealtimeConnected || this.realtime.isConnected();\n }\n\n /**\n * Get realtime connection status\n */\n getRealtimeStatus(): 'connecting' | 'connected' | 'disconnected' | 'reconnecting' {\n return this.realtime.getStatus();\n }\n\n /**\n * Subscribe to realtime events\n */\n subscribeToRealtime(eventType: string, handler: (event: RealtimeEvent) => void): () => void {\n return this.realtime.subscribe(eventType, handler);\n }\n\n /**\n * Subscribe to all realtime events\n */\n subscribeToAllRealtime(handler: (event: RealtimeEvent) => void): () => void {\n return this.realtime.subscribeAll(handler);\n }\n\n private extractUserIdFromToken(token: string): string | null {\n try {\n const payload = JSON.parse(atob(token.split('.')[1]));\n return payload.sub || null;\n } catch {\n return null;\n }\n }\n\n private getCacheKey(token: string, suffix: string = ''): string {\n const userId = this.extractUserIdFromToken(token) || 'unknown';\n return `user:${userId}:${suffix}`;\n }\n\n async getUserAccess(token: string): Promise<UserAccessResponse> {\n if (!this.config.cache?.enabled) {\n return this.fetchUserAccess(token);\n }\n\n const cacheKey = this.getCacheKey(token, 'access');\n const cached = this.cache.get<UserAccessResponse>(cacheKey);\n \n if (cached) {\n console.log('[ExGuardBackend] Cache hit for user access');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching user access');\n const data = await this.fetchUserAccess(token);\n \n this.cache.set(cacheKey, data, this.config.cache.ttl);\n \n return data;\n }\n\n private async fetchUserAccess(token: string): Promise<UserAccessResponse> {\n try {\n const response: AxiosResponse<ApiResponse<UserAccessResponse>> = \n await this.client.get('/guard/me', {\n headers: {\n 'Authorization': `Bearer ${token}`,\n },\n });\n\n if (!response.data.success) {\n throw new Error('Failed to fetch user access information');\n }\n\n return response.data.data;\n } catch (error) {\n if (axios.isAxiosError(error)) {\n if (error.response?.status === 401) {\n throw new Error('Unauthorized: Invalid or expired token');\n }\n throw new Error(`API Error: ${error.response?.data?.message || error.message}`);\n }\n throw error;\n }\n }\n\n async hasPermission(token: string, permission: string): Promise<boolean> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n }\n\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for permission: ${permission}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, checking permission: ${permission}`);\n const userAccess = await this.getUserAccess(token);\n const hasPermission = userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n \n this.cache.set(cacheKey, hasPermission, this.config.cache.ttl! / 2);\n \n return hasPermission;\n }\n\n async hasRole(token: string, role: string): Promise<boolean> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles.includes(role);\n }\n\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for role: ${role}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, checking role: ${role}`);\n const userAccess = await this.getUserAccess(token);\n const hasRole = userAccess.roles.includes(role);\n \n this.cache.set(cacheKey, hasRole, this.config.cache.ttl! / 2);\n \n return hasRole;\n }\n\n async getModulePermissions(token: string, moduleKey: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n return module?.permissions || [];\n }\n\n const cacheKey = this.getCacheKey(token, `module:${moduleKey}`);\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for module: ${moduleKey}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, fetching module permissions: ${moduleKey}`);\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n const permissions = module?.permissions || [];\n \n this.cache.set(cacheKey, permissions, this.config.cache.ttl);\n \n return permissions;\n }\n\n async getUserRoles(token: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles;\n }\n\n const cacheKey = this.getCacheKey(token, 'roles');\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log('[ExGuardBackend] Cache hit for user roles');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching user roles');\n const userAccess = await this.getUserAccess(token);\n const roles = userAccess.roles;\n \n this.cache.set(cacheKey, roles, this.config.cache.ttl);\n \n return roles;\n }\n\n async getUserFieldOffices(token: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.fieldOffices;\n }\n\n const cacheKey = this.getCacheKey(token, 'field-offices');\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log('[ExGuardBackend] Cache hit for field offices');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching field offices');\n const userAccess = await this.getUserAccess(token);\n const fieldOffices = userAccess.fieldOffices;\n \n this.cache.set(cacheKey, fieldOffices, this.config.cache.ttl);\n \n return fieldOffices;\n }\n\n async hasPermissions(token: string, permissions: string[]): Promise<Record<string, boolean>> {\n const results: Record<string, boolean> = {};\n const uncachedPermissions: string[] = [];\n \n for (const permission of permissions) {\n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n results[permission] = cached;\n } else {\n uncachedPermissions.push(permission);\n }\n } else {\n uncachedPermissions.push(permission);\n }\n }\n\n if (uncachedPermissions.length > 0) {\n const userAccess = await this.getUserAccess(token);\n \n for (const permission of uncachedPermissions) {\n const hasPermission = userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n results[permission] = hasPermission;\n \n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n this.cache.set(cacheKey, hasPermission, this.config.cache.ttl! / 2);\n }\n }\n }\n\n return results;\n }\n\n async hasRoles(token: string, roles: string[]): Promise<Record<string, boolean>> {\n const results: Record<string, boolean> = {};\n const uncachedRoles: string[] = [];\n \n for (const role of roles) {\n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n results[role] = cached;\n } else {\n uncachedRoles.push(role);\n }\n } else {\n uncachedRoles.push(role);\n }\n }\n\n if (uncachedRoles.length > 0) {\n const userAccess = await this.getUserAccess(token);\n \n for (const role of uncachedRoles) {\n const hasRole = userAccess.roles.includes(role);\n results[role] = hasRole;\n \n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n this.cache.set(cacheKey, hasRole, this.config.cache.ttl! / 2);\n }\n }\n }\n\n return results;\n }\n\n clearUserCache(token: string): void {\n const userId = this.extractUserIdFromToken(token);\n if (userId) {\n this.cache.clearUserCache(userId);\n console.log(`[ExGuardBackend] Cache cleared for user: ${userId}`);\n }\n }\n\n clearAllCache(): void {\n this.cache.clear();\n console.log('[ExGuardBackend] All cache cleared');\n }\n\n getCacheStats(): { size: number; keys: string[] } {\n return this.cache.getStats();\n }\n\n disconnect(): void {\n this.realtime.disconnect();\n }\n}\n","/**\n * In-memory cache for user access data with TTL support\n */\n\nexport interface CacheEntry<T> {\n data: T;\n timestamp: number;\n ttl: number;\n}\n\nexport class ExGuardCache {\n private cache = new Map<string, CacheEntry<any>>();\n private subscribers = new Map<string, Set<() => void>>();\n private defaultTTL = 300000; // 5 minutes\n\n /**\n * Get cached data\n */\n get<T>(key: string): T | null {\n const entry = this.cache.get(key);\n if (!entry) return null;\n\n // Check if expired\n if (Date.now() - entry.timestamp > entry.ttl) {\n this.cache.delete(key);\n return null;\n }\n\n return entry.data;\n }\n\n /**\n * Set cached data with TTL\n */\n set<T>(key: string, data: T, ttl?: number): void {\n this.cache.set(key, {\n data,\n timestamp: Date.now(),\n ttl: ttl || this.defaultTTL,\n });\n }\n\n /**\n * Delete cached data\n */\n delete(key: string): boolean {\n const deleted = this.cache.delete(key);\n if (deleted) {\n this.notifySubscribers(key);\n }\n return deleted;\n }\n\n /**\n * Clear all cache\n */\n clear(): void {\n const keys = Array.from(this.cache.keys());\n this.cache.clear();\n keys.forEach(key => this.notifySubscribers(key));\n }\n\n /**\n * Clear cache for a specific user - clears ALL caches related to this user\n */\n clearUserCache(userId: string): void {\n // Clear all keys that contain this userId\n const keysToDelete = Array.from(this.cache.keys()).filter(key => \n key.includes(userId)\n );\n \n console.log(`[ExGuardCache] Clearing cache for user ${userId}, found ${keysToDelete.length} keys:`, keysToDelete);\n \n keysToDelete.forEach(key => {\n this.cache.delete(key);\n this.notifySubscribers(key);\n });\n \n if (keysToDelete.length === 0) {\n console.log(`[ExGuardCache] No cache entries found for user ${userId}`);\n }\n }\n\n /**\n * Subscribe to cache changes\n */\n subscribe(key: string, callback: () => void): () => void {\n if (!this.subscribers.has(key)) {\n this.subscribers.set(key, new Set());\n }\n \n this.subscribers.get(key)!.add(callback);\n \n // Return unsubscribe function\n return () => {\n const callbacks = this.subscribers.get(key);\n if (callbacks) {\n callbacks.delete(callback);\n if (callbacks.size === 0) {\n this.subscribers.delete(key);\n }\n }\n };\n }\n\n /**\n * Notify subscribers of cache changes\n */\n private notifySubscribers(key: string): void {\n const callbacks = this.subscribers.get(key);\n if (callbacks) {\n callbacks.forEach(callback => {\n try {\n callback();\n } catch (error) {\n console.error('Cache subscriber error:', error);\n }\n });\n }\n }\n\n /**\n * Get cache statistics\n */\n getStats(): { size: number; keys: string[] } {\n return {\n size: this.cache.size,\n keys: Array.from(this.cache.keys()),\n };\n }\n\n /**\n * Clean up expired entries\n */\n cleanup(): void {\n const now = Date.now();\n const keysToDelete: string[] = [];\n\n this.cache.forEach((entry, key) => {\n if (now - entry.timestamp > entry.ttl) {\n keysToDelete.push(key);\n }\n });\n\n keysToDelete.forEach(key => {\n this.cache.delete(key);\n this.notifySubscribers(key);\n });\n }\n}\n\n// Global cache instance\nexport const cache = new ExGuardCache();\n","/**\n * Realtime event handling for cache invalidation with Socket.IO support\n * Works in both browser and Node.js environments\n */\n\nimport { io, type Socket } from 'socket.io-client';\n\nconsole.log('[ExGuardRealtime] Socket.IO client loaded:', typeof io);\n\nexport interface RealtimeEvent {\n type: string;\n userId?: string;\n data?: any;\n timestamp: number;\n}\n\nexport interface RealtimeEventHandler {\n (event: RealtimeEvent): void;\n}\n\nexport interface RealtimeConnectionHandler {\n (): void;\n}\n\nexport interface RealtimeAuthOptions {\n accessToken?: string;\n apiKey?: string;\n bearerToken?: string;\n userId?: string;\n}\n\nexport interface RealtimeErrorHandler {\n (error: Error): void;\n}\n\nexport interface ExGuardRealtimeConfig {\n autoReconnect?: boolean;\n maxReconnectAttempts?: number;\n reconnectDelay?: number;\n reconnectMaxDelay?: number;\n onConnect?: RealtimeConnectionHandler;\n onDisconnect?: RealtimeConnectionHandler;\n onError?: RealtimeErrorHandler;\n autoConnect?: boolean;\n}\n\nexport class ExGuardRealtime {\n private handlers = new Map<string, Set<RealtimeEventHandler>>();\n private socket: Socket | null = null;\n private reconnectAttempts = 0;\n private config: Required<ExGuardRealtimeConfig>;\n private currentUrl: string | null = null;\n private currentToken: string | null = null;\n private currentUserId: string | null = null;\n private shouldReconnect = true;\n\n constructor(config: ExGuardRealtimeConfig = {}) {\n this.config = {\n autoReconnect: config.autoReconnect ?? true,\n maxReconnectAttempts: config.maxReconnectAttempts ?? 5,\n reconnectDelay: config.reconnectDelay ?? 1000,\n reconnectMaxDelay: config.reconnectMaxDelay ?? 30000,\n onConnect: config.onConnect ?? (() => {}),\n onDisconnect: config.onDisconnect ?? (() => {}),\n onError: config.onError ?? ((error: Error) => console.error('[ExGuardRealtime] Error:', error)),\n autoConnect: config.autoConnect ?? false,\n };\n }\n\n /**\n * Initialize and optionally connect to realtime server\n */\n async init(url?: string, accessToken?: string, userId?: string): Promise<void> {\n if (url) {\n this.currentUrl = url;\n this.currentToken = accessToken ?? null;\n this.currentUserId = userId ?? null;\n if (this.config.autoConnect) {\n try {\n await this.connect(url, accessToken, userId);\n } catch (error) {\n console.warn('[ExGuardRealtime] Auto-connect failed, will retry on demand:', error);\n }\n }\n }\n }\n\n /**\n * Connect to realtime server using Socket.IO\n * @param url - Server URL (e.g., https://api.example.com)\n * @param auth - Authentication options (accessToken, apiKey, bearerToken, userId)\n */\n connect(url: string, auth?: string | RealtimeAuthOptions, userId?: string): Promise<void> {\n let authToken: string | undefined;\n let authUserId: string | undefined;\n\n if (typeof auth === 'string') {\n authToken = auth;\n authUserId = userId || 'unknown';\n } else if (typeof auth === 'object') {\n authToken = auth.accessToken || auth.bearerToken || auth.apiKey;\n authUserId = auth.userId || userId || 'unknown';\n }\n\n return new Promise((resolve, reject) => {\n this.shouldReconnect = true;\n this.currentUrl = url;\n this.currentToken = authToken ?? null;\n this.currentUserId = authUserId ?? null;\n\n try {\n // Disconnect existing socket\n if (this.socket) {\n this.socket.disconnect();\n this.socket = null;\n }\n\n const socketUrl = `${url}/realtime`;\n console.log('[ExGuardRealtime] Connecting to:', socketUrl);\n\n this.socket = io(socketUrl, {\n auth: {\n token: authToken,\n userId: authUserId,\n },\n transports: ['websocket', 'polling'],\n reconnection: this.config.autoReconnect,\n reconnectionDelay: this.config.reconnectDelay,\n reconnectionDelayMax: this.config.reconnectMaxDelay,\n reconnectionAttempts: this.config.maxReconnectAttempts,\n timeout: 20000,\n });\n\n this.socket.on('connect', () => {\n this.reconnectAttempts = 0;\n console.log('[ExGuardRealtime] Connected! Socket ID:', this.socket?.id);\n this.config.onConnect();\n resolve();\n });\n\n this.socket.on('disconnect', (reason: string) => {\n console.log('[ExGuardRealtime] Disconnected:', reason);\n this.config.onDisconnect();\n if (this.shouldReconnect && this.config.autoReconnect) {\n this.handleReconnect();\n }\n });\n\n this.socket.on('connect_error', (error: any) => {\n console.error('[ExGuardRealtime] Connection error:', error.message);\n const err = new Error(`Connection error: ${error.message}`);\n this.config.onError(err);\n if (!this.shouldReconnect || this.reconnectAttempts >= this.config.maxReconnectAttempts) {\n reject(err);\n }\n });\n\n this.socket.on('error', (error: any) => {\n console.error('[ExGuardRealtime] Socket error:', error);\n const err = new Error(`Socket error: ${error}`);\n this.config.onError(err);\n });\n\n this.socket.on('reconnect_attempt', (attempt: number) => {\n this.reconnectAttempts = attempt;\n console.log(`[ExGuardRealtime] Reconnecting... (attempt ${attempt})`);\n });\n\n this.socket.on('reconnect', () => {\n console.log('[ExGuardRealtime] Reconnected!');\n });\n\n this.socket.on('reconnect_failed', () => {\n console.error('[ExGuardRealtime] Reconnection failed after max attempts');\n const err = new Error('Reconnection failed after maximum attempts');\n this.config.onError(err);\n reject(err);\n });\n\n // Listen to all realtime events\n this.socket.onAny((eventName: string, payload: any) => {\n try {\n const realtimeEvent: RealtimeEvent = {\n type: eventName,\n timestamp: payload?.timestamp || Date.now(),\n data: payload?.data || payload,\n userId: payload?.userId,\n };\n this.handleEvent(realtimeEvent);\n } catch (error) {\n console.error('[ExGuardRealtime] Failed to handle event:', error);\n }\n });\n\n // Set connection timeout\n setTimeout(() => {\n if (!this.socket?.connected) {\n const err = new Error('Connection timeout');\n this.config.onError(err);\n this.socket?.disconnect();\n reject(err);\n }\n }, 20000);\n\n } catch (error) {\n reject(error);\n }\n });\n }\n\n /**\n * Subscribe to channels\n */\n subscribeToChannel(channel: 'roles' | 'permissions' | 'rbac'): void {\n if (this.socket?.connected) {\n this.socket.emit(`subscribe:${channel}`);\n console.log(`[ExGuardRealtime] Subscribed to channel: ${channel}`);\n }\n }\n\n /**\n * Disconnect from realtime server\n */\n disconnect(): void {\n this.shouldReconnect = false;\n if (this.socket) {\n this.socket.disconnect();\n this.socket = null;\n }\n }\n\n /**\n * Subscribe to realtime events\n * Use '*' as eventType to receive ALL events\n */\n subscribe(eventType: string, handler: RealtimeEventHandler): () => void {\n if (!this.handlers.has(eventType)) {\n this.handlers.set(eventType, new Set());\n }\n \n this.handlers.get(eventType)!.add(handler);\n \n return () => {\n const handlers = this.handlers.get(eventType);\n if (handlers) {\n handlers.delete(handler);\n if (handlers.size === 0) {\n this.handlers.delete(eventType);\n }\n }\n };\n }\n\n /**\n * Subscribe to ALL realtime events (wildcard)\n */\n subscribeAll(handler: RealtimeEventHandler): () => void {\n return this.subscribe('*', handler);\n }\n\n /**\n * Handle incoming realtime events\n */\n private handleEvent(event: RealtimeEvent): void {\n console.log('[ExGuardRealtime] Received event:', event);\n \n // Call specific event handlers\n const handlers = this.handlers.get(event.type);\n if (handlers) {\n handlers.forEach(handler => {\n try {\n handler(event);\n } catch (error) {\n console.error('[ExGuardRealtime] Event handler error:', error);\n }\n });\n }\n \n // Call wildcard handlers for ALL events\n const wildcardHandlers = this.handlers.get('*');\n if (wildcardHandlers) {\n wildcardHandlers.forEach(handler => {\n try {\n handler(event);\n } catch (error) {\n console.error('[ExGuardRealtime] Wildcard handler error:', error);\n }\n });\n }\n }\n\n /**\n * Handle reconnection logic\n */\n private handleReconnect(): void {\n if (!this.shouldReconnect || !this.config.autoReconnect || !this.currentUrl) {\n return;\n }\n\n if (this.reconnectAttempts < this.config.maxReconnectAttempts) {\n this.reconnectAttempts++;\n const delay = Math.min(\n this.config.reconnectDelay * Math.pow(2, this.reconnectAttempts - 1),\n this.config.reconnectMaxDelay\n );\n \n console.log(`[ExGuardRealtime] Reconnecting in ${delay}ms (attempt ${this.reconnectAttempts})`);\n \n setTimeout(() => {\n this.connect(this.currentUrl!, this.currentToken!, this.currentUserId!).catch(error => {\n console.error('[ExGuardRealtime] Reconnection failed:', error);\n });\n }, delay);\n } else {\n console.error('[ExGuardRealtime] Max reconnection attempts reached');\n }\n }\n\n /**\n * Manually trigger reconnection with current auth\n */\n reconnect(): Promise<void> {\n if (this.currentUrl && this.currentToken) {\n this.reconnectAttempts = 0;\n return this.connect(this.currentUrl, this.currentToken, this.currentUserId || undefined);\n } else if (this.currentUrl) {\n this.reconnectAttempts = 0;\n return this.connect(this.currentUrl);\n }\n return Promise.reject(new Error('No URL configured'));\n }\n\n /**\n * Check if connected\n */\n isConnected(): boolean {\n return this.socket?.connected ?? false;\n }\n\n /**\n * Get connection status\n */\n getStatus(): 'connecting' | 'connected' | 'disconnected' | 'reconnecting' {\n if (!this.socket) return 'disconnected';\n if (this.socket.connected) return 'connected';\n return 'disconnected';\n }\n\n /**\n * Send a message to the server\n */\n send(event: string, data: any): void {\n if (this.socket?.connected) {\n this.socket.emit(event, data);\n }\n }\n\n /**\n * Update configuration\n */\n updateConfig(config: Partial<ExGuardRealtimeConfig>): void {\n this.config = {\n ...this.config,\n ...config,\n };\n }\n\n /**\n * Connect on-demand with user's access token from request\n * Call this in your guard or middleware with the user's token\n */\n async connectWithUserToken(url: string, accessToken: string, userId?: string): Promise<void> {\n try {\n await this.connect(url, accessToken, userId);\n } catch (error) {\n console.warn('[ExGuardRealtime] Failed to connect with user token:', error);\n }\n }\n}\n\n// Factory function for creating realtime instance\nexport function createRealtime(config?: ExGuardRealtimeConfig): ExGuardRealtime {\n return new ExGuardRealtime(config);\n}\n\n// Global realtime instance\nexport const realtime = new ExGuardRealtime();\n","/**\n * Framework-agnostic guards for protecting backend endpoints\n */\n\nimport { ExGuardBackendEnhanced } from './exguard-backend-enhanced.js';\nimport { ExGuardEnhancedConfig, UserAccessResponse, GuardContext, GuardResult, GuardOptions } from './types.js';\n\n// Re-export types for use in other modules\nexport type { GuardContext, GuardResult, GuardOptions, UserAccessResponse };\n\n/**\n * Framework-agnostic guard class for endpoint protection\n */\nexport class ExGuardBackend {\n private exGuard: ExGuardBackendEnhanced;\n\n constructor(config: ExGuardEnhancedConfig) {\n this.exGuard = new ExGuardBackendEnhanced(config);\n }\n\n /**\n * Check if user has specific permissions\n */\n async requirePermissions(\n context: GuardContext, \n permissions: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n if (options.requireAll) {\n // Require ALL permissions\n const results = await this.exGuard.hasPermissions(context.token, permissions);\n const hasAll = permissions.every(permission => results[permission]);\n \n if (!hasAll) {\n return {\n allowed: false,\n error: `Insufficient permissions. Required: ${permissions.join(', ')}`,\n statusCode: 403\n };\n }\n } else {\n // Require ANY permission (default)\n const hasPermission = await this.exGuard.hasPermissions(context.token, permissions);\n const hasAny = Object.values(hasPermission).some(Boolean);\n \n if (!hasAny) {\n return {\n allowed: false,\n error: `Insufficient permissions. Required any of: ${permissions.join(', ')}`,\n statusCode: 403\n };\n }\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Permission check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has specific roles\n */\n async requireRoles(\n context: GuardContext, \n roles: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n if (options.requireAll) {\n // Require ALL roles\n const results = await this.exGuard.hasRoles(context.token, roles);\n const hasAll = roles.every(role => results[role]);\n \n if (!hasAll) {\n return {\n allowed: false,\n error: `Insufficient roles. Required: ${roles.join(', ')}`,\n statusCode: 403\n };\n }\n } else {\n // Require ANY role (default)\n const hasRole = await this.exGuard.hasRoles(context.token, roles);\n const hasAny = Object.values(hasRole).some(Boolean);\n \n if (!hasAny) {\n return {\n allowed: false,\n error: `Insufficient roles. Required any of: ${roles.join(', ')}`,\n statusCode: 403\n };\n }\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Role check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has access to specific modules\n */\n async requireModules(\n context: GuardContext, \n modules: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n const userModuleKeys = userAccess.modules.map(m => m.key);\n\n let hasAccess: boolean;\n\n if (options.requireAll) {\n // Require ALL modules\n hasAccess = modules.every(module => userModuleKeys.includes(module));\n } else {\n // Require ANY module (default)\n hasAccess = modules.some(module => userModuleKeys.includes(module));\n }\n\n if (!hasAccess) {\n return {\n allowed: false,\n error: `Insufficient module access. Required: ${modules.join(', ')}`,\n statusCode: 403\n };\n }\n\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Module check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has access to specific field offices\n */\n async requireFieldOffices(\n context: GuardContext, \n fieldOffices: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n const userFieldOffices = await this.exGuard.getUserFieldOffices(context.token);\n\n let hasAccess: boolean;\n\n if (options.requireAll) {\n // Require ALL field offices\n hasAccess = fieldOffices.every(office => userFieldOffices.includes(office));\n } else {\n // Require ANY field office (default)\n hasAccess = fieldOffices.some(office => userFieldOffices.includes(office));\n }\n\n if (!hasAccess) {\n return {\n allowed: false,\n error: `Insufficient field office access. Required: ${fieldOffices.join(', ')}`,\n statusCode: 403\n };\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Field office check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Flexible guard with multiple requirements\n */\n async require(context: GuardContext, options: GuardOptions): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n let passed = true;\n const failures: string[] = [];\n\n // Check permissions\n if (options.permissions && options.permissions.length > 0) {\n const userPermissions = userAccess.modules.flatMap(m => m.permissions);\n const hasPermissions = options.requireAll\n ? options.permissions.every(p => userPermissions.includes(p))\n : options.permissions.some(p => userPermissions.includes(p));\n \n if (!hasPermissions) {\n passed = false;\n failures.push(`permissions: ${options.permissions.join(', ')}`);\n }\n }\n\n // Check roles\n if (options.roles && options.roles.length > 0) {\n const hasRoles = options.requireAll\n ? options.roles.every(r => userAccess.roles.includes(r))\n : options.roles.some(r => userAccess.roles.includes(r));\n \n if (!hasRoles) {\n passed = false;\n failures.push(`roles: ${options.roles.join(', ')}`);\n }\n }\n\n // Check modules\n if (options.modules && options.modules.length > 0) {\n const userModuleKeys = userAccess.modules.map(m => m.key);\n const hasModules = options.requireAll\n ? options.modules.every(m => userModuleKeys.includes(m))\n : options.modules.some(m => userModuleKeys.includes(m));\n \n if (!hasModules) {\n passed = false;\n failures.push(`modules: ${options.modules.join(', ')}`);\n }\n }\n\n // Check field offices\n if (options.fieldOffices && options.fieldOffices.length > 0) {\n const hasFieldOffices = options.requireAll\n ? options.fieldOffices.every(fo => userAccess.fieldOffices.includes(fo))\n : options.fieldOffices.some(fo => userAccess.fieldOffices.includes(fo));\n \n if (!hasFieldOffices) {\n passed = false;\n failures.push(`field offices: ${options.fieldOffices.join(', ')}`);\n }\n }\n\n if (!passed) {\n return {\n allowed: false,\n error: `Access denied. Missing: ${failures.join('; ')}`,\n statusCode: 403\n };\n }\n\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Access check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Simple authentication (just validates token)\n */\n async authenticate(context: GuardContext): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Authentication failed',\n statusCode: 401\n };\n }\n }\n\n /**\n * Get the underlying ExGuardBackendEnhanced instance\n */\n getExGuard(): ExGuardBackendEnhanced {\n return this.exGuard;\n }\n}\n\n/**\n * Helper function to extract token from various request types\n */\nexport function extractToken(request: any): string | null {\n // Express-style\n if (request.headers?.authorization) {\n const authHeader = request.headers.authorization;\n if (authHeader.startsWith('Bearer ')) {\n return authHeader.substring(7);\n }\n }\n\n // Fastify-style\n if (request.headers?.authorization) {\n const authHeader = request.headers.authorization;\n if (authHeader.startsWith('Bearer ')) {\n return authHeader.substring(7);\n }\n }\n\n // Custom header\n if (request.headers?.['x-access-token']) {\n return request.headers['x-access-token'];\n }\n\n // Query parameter\n if (request.query?.token) {\n return request.query.token;\n }\n\n return null;\n}\n\n/**\n * Create a guard context from a request\n */\nexport function createGuardContext(request: any): GuardContext | null {\n const token = extractToken(request);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request\n };\n}\n","/**\n * Express.js middleware for ExGuard endpoint protection\n */\n\nimport { ExGuardBackend, GuardContext, GuardOptions, extractToken } from './guards.js';\n\n// Conditional types to avoid build errors when express is not installed\ntype Request = any;\ntype Response = any;\ntype NextFunction = any;\n\nexport interface AuthenticatedRequest extends Request {\n user?: {\n id: string;\n cognitoSubId: string;\n username: string;\n email: string;\n roles: string[];\n permissions: string[];\n modules: Array<{ key: string; permissions: string[] }>;\n fieldOffices: string[];\n };\n}\n\n/**\n * Express middleware factory\n */\nexport function createExGuardExpress(config: any) {\n const guard = new ExGuardBackend(config);\n\n return {\n /**\n * Require specific permissions\n */\n requirePermissions(permissions: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requirePermissions(context, permissions, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require specific roles\n */\n requireRoles(roles: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireRoles(context, roles, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require module access\n */\n requireModules(modules: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireModules(context, modules, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require field office access\n */\n requireFieldOffices(fieldOffices: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireFieldOffices(context, fieldOffices, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Flexible guard with multiple requirements\n */\n require(options: GuardOptions) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.require(context, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Simple authentication middleware\n */\n authenticate() {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.authenticate(context);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 401).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Get the underlying guard instance\n */\n getGuard(): ExGuardBackend {\n return guard;\n }\n };\n}\n\nfunction createGuardContext(req: Request): GuardContext | null {\n const token = extractToken(req);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request: req\n };\n}\n","/**\n * Fastify plugin for ExGuard endpoint protection\n */\n\nimport { ExGuardBackend, GuardContext, GuardOptions, extractToken } from './guards.js';\n\n// Conditional types to avoid build errors when fastify is not installed\ntype FastifyRequest = any;\ntype FastifyReply = any;\n\nexport interface AuthenticatedRequest extends FastifyRequest {\n user?: {\n id: string;\n cognitoSubId: string;\n username: string;\n email: string;\n roles: string[];\n permissions: string[];\n modules: Array<{ key: string; permissions: string[] }>;\n fieldOffices: string[];\n };\n}\n\n/**\n * Fastify plugin factory\n */\nexport function createExGuardFastify(config: any) {\n const guard = new ExGuardBackend(config);\n\n return {\n /**\n * Require specific permissions\n */\n requirePermissions(permissions: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requirePermissions(context, permissions, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require specific roles\n */\n requireRoles(roles: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireRoles(context, roles, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require module access\n */\n requireModules(modules: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireModules(context, modules, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require field office access\n */\n requireFieldOffices(fieldOffices: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireFieldOffices(context, fieldOffices, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Flexible guard with multiple requirements\n */\n require(options: GuardOptions) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.require(context, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Simple authentication hook\n */\n authenticate() {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.authenticate(context);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 401).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Get the underlying guard instance\n */\n getGuard(): ExGuardBackend {\n return guard;\n }\n };\n}\n\nfunction createGuardContext(req: FastifyRequest): GuardContext | null {\n const token = extractToken(req);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request: req\n };\n}\n"],"mappings":";AAAA,OAAO,WAA6C;AAO7C,IAAM,iBAAN,MAAqB;AAAA,EAClB;AAAA,EACA;AAAA,EAER,YAAY,QAAuB;AACjC,SAAK,SAAS;AAAA,MACZ,SAAS;AAAA,MACT,GAAG;AAAA,IACL;AAEA,SAAK,SAAS,MAAM,OAAO;AAAA,MACzB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,cAAc,OAA4C;AAC9D,QAAI;AACF,YAAM,WACJ,MAAM,KAAK,OAAO,IAAI,aAAa;AAAA,QACjC,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK;AAAA,QAClC;AAAA,MACF,CAAC;AAEH,UAAI,CAAC,SAAS,KAAK,SAAS;AAC1B,cAAM,IAAI,MAAM,yCAAyC;AAAA,MAC3D;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,UAAI,MAAM,aAAa,KAAK,GAAG;AAC7B,YAAI,MAAM,UAAU,WAAW,KAAK;AAClC,gBAAM,IAAI,MAAM,wCAAwC;AAAA,QAC1D;AACA,cAAM,IAAI,MAAM,cAAc,MAAM,UAAU,MAAM,WAAW,MAAM,OAAO,EAAE;AAAA,MAChF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,OAAe,YAAsC;AACvE,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW,QAAQ;AAAA,QAAK,YAC7B,OAAO,YAAY,SAAS,UAAU;AAAA,MACxC;AAAA,IACF,SAAS,OAAO;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,QAAQ,OAAe,MAAgC;AAC3D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW,MAAM,SAAS,IAAI;AAAA,IACvC,SAAS,OAAO;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,qBAAqB,OAAe,WAAsC;AAC9E,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,YAAM,SAAS,WAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,aAAO,QAAQ,eAAe,CAAC;AAAA,IACjC,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa,OAAkC;AACnD,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW;AAAA,IACpB,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,oBAAoB,OAAkC;AAC1D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW;AAAA,IACpB,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AACF;;;ACnIA,OAAOA,YAA6C;;;ACU7C,IAAM,eAAN,MAAmB;AAAA,EAChB,QAAQ,oBAAI,IAA6B;AAAA,EACzC,cAAc,oBAAI,IAA6B;AAAA,EAC/C,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA,EAKrB,IAAO,KAAuB;AAC5B,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AAGnB,QAAI,KAAK,IAAI,IAAI,MAAM,YAAY,MAAM,KAAK;AAC5C,WAAK,MAAM,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAEA,WAAO,MAAM;AAAA,EACf;AAAA;AAAA;AAAA;AAAA,EAKA,IAAO,KAAa,MAAS,KAAoB;AAC/C,SAAK,MAAM,IAAI,KAAK;AAAA,MAClB;AAAA,MACA,WAAW,KAAK,IAAI;AAAA,MACpB,KAAK,OAAO,KAAK;AAAA,IACnB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,KAAsB;AAC3B,UAAM,UAAU,KAAK,MAAM,OAAO,GAAG;AACrC,QAAI,SAAS;AACX,WAAK,kBAAkB,GAAG;AAAA,IAC5B;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,QAAc;AACZ,UAAM,OAAO,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC;AACzC,SAAK,MAAM,MAAM;AACjB,SAAK,QAAQ,SAAO,KAAK,kBAAkB,GAAG,CAAC;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,QAAsB;AAEnC,UAAM,eAAe,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC,EAAE;AAAA,MAAO,SACxD,IAAI,SAAS,MAAM;AAAA,IACrB;AAEA,YAAQ,IAAI,0CAA0C,MAAM,WAAW,aAAa,MAAM,UAAU,YAAY;AAEhH,iBAAa,QAAQ,SAAO;AAC1B,WAAK,MAAM,OAAO,GAAG;AACrB,WAAK,kBAAkB,GAAG;AAAA,IAC5B,CAAC;AAED,QAAI,aAAa,WAAW,GAAG;AAC7B,cAAQ,IAAI,kDAAkD,MAAM,EAAE;AAAA,IACxE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,KAAa,UAAkC;AACvD,QAAI,CAAC,KAAK,YAAY,IAAI,GAAG,GAAG;AAC9B,WAAK,YAAY,IAAI,KAAK,oBAAI,IAAI,CAAC;AAAA,IACrC;AAEA,SAAK,YAAY,IAAI,GAAG,EAAG,IAAI,QAAQ;AAGvC,WAAO,MAAM;AACX,YAAM,YAAY,KAAK,YAAY,IAAI,GAAG;AAC1C,UAAI,WAAW;AACb,kBAAU,OAAO,QAAQ;AACzB,YAAI,UAAU,SAAS,GAAG;AACxB,eAAK,YAAY,OAAO,GAAG;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,KAAmB;AAC3C,UAAM,YAAY,KAAK,YAAY,IAAI,GAAG;AAC1C,QAAI,WAAW;AACb,gBAAU,QAAQ,cAAY;AAC5B,YAAI;AACF,mBAAS;AAAA,QACX,SAAS,OAAO;AACd,kBAAQ,MAAM,2BAA2B,KAAK;AAAA,QAChD;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,WAA6C;AAC3C,WAAO;AAAA,MACL,MAAM,KAAK,MAAM;AAAA,MACjB,MAAM,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC;AAAA,IACpC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,UAAgB;AACd,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,eAAyB,CAAC;AAEhC,SAAK,MAAM,QAAQ,CAAC,OAAO,QAAQ;AACjC,UAAI,MAAM,MAAM,YAAY,MAAM,KAAK;AACrC,qBAAa,KAAK,GAAG;AAAA,MACvB;AAAA,IACF,CAAC;AAED,iBAAa,QAAQ,SAAO;AAC1B,WAAK,MAAM,OAAO,GAAG;AACrB,WAAK,kBAAkB,GAAG;AAAA,IAC5B,CAAC;AAAA,EACH;AACF;AAGO,IAAM,QAAQ,IAAI,aAAa;;;ACnJtC,SAAS,UAAuB;AAEhC,QAAQ,IAAI,8CAA8C,OAAO,EAAE;AAuC5D,IAAM,kBAAN,MAAsB;AAAA,EACnB,WAAW,oBAAI,IAAuC;AAAA,EACtD,SAAwB;AAAA,EACxB,oBAAoB;AAAA,EACpB;AAAA,EACA,aAA4B;AAAA,EAC5B,eAA8B;AAAA,EAC9B,gBAA+B;AAAA,EAC/B,kBAAkB;AAAA,EAE1B,YAAY,SAAgC,CAAC,GAAG;AAC9C,SAAK,SAAS;AAAA,MACZ,eAAe,OAAO,iBAAiB;AAAA,MACvC,sBAAsB,OAAO,wBAAwB;AAAA,MACrD,gBAAgB,OAAO,kBAAkB;AAAA,MACzC,mBAAmB,OAAO,qBAAqB;AAAA,MAC/C,WAAW,OAAO,cAAc,MAAM;AAAA,MAAC;AAAA,MACvC,cAAc,OAAO,iBAAiB,MAAM;AAAA,MAAC;AAAA,MAC7C,SAAS,OAAO,YAAY,CAAC,UAAiB,QAAQ,MAAM,4BAA4B,KAAK;AAAA,MAC7F,aAAa,OAAO,eAAe;AAAA,IACrC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,KAAc,aAAsB,QAAgC;AAC7E,QAAI,KAAK;AACP,WAAK,aAAa;AAClB,WAAK,eAAe,eAAe;AACnC,WAAK,gBAAgB,UAAU;AAC/B,UAAI,KAAK,OAAO,aAAa;AAC3B,YAAI;AACF,gBAAM,KAAK,QAAQ,KAAK,aAAa,MAAM;AAAA,QAC7C,SAAS,OAAO;AACd,kBAAQ,KAAK,gEAAgE,KAAK;AAAA,QACpF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,QAAQ,KAAa,MAAqC,QAAgC;AACxF,QAAI;AACJ,QAAI;AAEJ,QAAI,OAAO,SAAS,UAAU;AAC5B,kBAAY;AACZ,mBAAa,UAAU;AAAA,IACzB,WAAW,OAAO,SAAS,UAAU;AACnC,kBAAY,KAAK,eAAe,KAAK,eAAe,KAAK;AACzD,mBAAa,KAAK,UAAU,UAAU;AAAA,IACxC;AAEA,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,WAAK,kBAAkB;AACvB,WAAK,aAAa;AAClB,WAAK,eAAe,aAAa;AACjC,WAAK,gBAAgB,cAAc;AAEnC,UAAI;AAEF,YAAI,KAAK,QAAQ;AACf,eAAK,OAAO,WAAW;AACvB,eAAK,SAAS;AAAA,QAChB;AAEA,cAAM,YAAY,GAAG,GAAG;AACxB,gBAAQ,IAAI,oCAAoC,SAAS;AAEzD,aAAK,SAAS,GAAG,WAAW;AAAA,UAC1B,MAAM;AAAA,YACJ,OAAO;AAAA,YACP,QAAQ;AAAA,UACV;AAAA,UACA,YAAY,CAAC,aAAa,SAAS;AAAA,UACnC,cAAc,KAAK,OAAO;AAAA,UAC1B,mBAAmB,KAAK,OAAO;AAAA,UAC/B,sBAAsB,KAAK,OAAO;AAAA,UAClC,sBAAsB,KAAK,OAAO;AAAA,UAClC,SAAS;AAAA,QACX,CAAC;AAED,aAAK,OAAO,GAAG,WAAW,MAAM;AAC9B,eAAK,oBAAoB;AACzB,kBAAQ,IAAI,2CAA2C,KAAK,QAAQ,EAAE;AACtE,eAAK,OAAO,UAAU;AACtB,kBAAQ;AAAA,QACV,CAAC;AAED,aAAK,OAAO,GAAG,cAAc,CAAC,WAAmB;AAC/C,kBAAQ,IAAI,mCAAmC,MAAM;AACrD,eAAK,OAAO,aAAa;AACzB,cAAI,KAAK,mBAAmB,KAAK,OAAO,eAAe;AACrD,iBAAK,gBAAgB;AAAA,UACvB;AAAA,QACF,CAAC;AAED,aAAK,OAAO,GAAG,iBAAiB,CAAC,UAAe;AAC9C,kBAAQ,MAAM,uCAAuC,MAAM,OAAO;AAClE,gBAAM,MAAM,IAAI,MAAM,qBAAqB,MAAM,OAAO,EAAE;AAC1D,eAAK,OAAO,QAAQ,GAAG;AACvB,cAAI,CAAC,KAAK,mBAAmB,KAAK,qBAAqB,KAAK,OAAO,sBAAsB;AACvF,mBAAO,GAAG;AAAA,UACZ;AAAA,QACF,CAAC;AAED,aAAK,OAAO,GAAG,SAAS,CAAC,UAAe;AACtC,kBAAQ,MAAM,mCAAmC,KAAK;AACtD,gBAAM,MAAM,IAAI,MAAM,iBAAiB,KAAK,EAAE;AAC9C,eAAK,OAAO,QAAQ,GAAG;AAAA,QACzB,CAAC;AAED,aAAK,OAAO,GAAG,qBAAqB,CAAC,YAAoB;AACvD,eAAK,oBAAoB;AACzB,kBAAQ,IAAI,8CAA8C,OAAO,GAAG;AAAA,QACtE,CAAC;AAED,aAAK,OAAO,GAAG,aAAa,MAAM;AAChC,kBAAQ,IAAI,gCAAgC;AAAA,QAC9C,CAAC;AAED,aAAK,OAAO,GAAG,oBAAoB,MAAM;AACvC,kBAAQ,MAAM,0DAA0D;AACxE,gBAAM,MAAM,IAAI,MAAM,4CAA4C;AAClE,eAAK,OAAO,QAAQ,GAAG;AACvB,iBAAO,GAAG;AAAA,QACZ,CAAC;AAGD,aAAK,OAAO,MAAM,CAAC,WAAmB,YAAiB;AACrD,cAAI;AACF,kBAAM,gBAA+B;AAAA,cACnC,MAAM;AAAA,cACN,WAAW,SAAS,aAAa,KAAK,IAAI;AAAA,cAC1C,MAAM,SAAS,QAAQ;AAAA,cACvB,QAAQ,SAAS;AAAA,YACnB;AACA,iBAAK,YAAY,aAAa;AAAA,UAChC,SAAS,OAAO;AACd,oBAAQ,MAAM,6CAA6C,KAAK;AAAA,UAClE;AAAA,QACF,CAAC;AAGD,mBAAW,MAAM;AACf,cAAI,CAAC,KAAK,QAAQ,WAAW;AAC3B,kBAAM,MAAM,IAAI,MAAM,oBAAoB;AAC1C,iBAAK,OAAO,QAAQ,GAAG;AACvB,iBAAK,QAAQ,WAAW;AACxB,mBAAO,GAAG;AAAA,UACZ;AAAA,QACF,GAAG,GAAK;AAAA,MAEV,SAAS,OAAO;AACd,eAAO,KAAK;AAAA,MACd;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,SAAiD;AAClE,QAAI,KAAK,QAAQ,WAAW;AAC1B,WAAK,OAAO,KAAK,aAAa,OAAO,EAAE;AACvC,cAAQ,IAAI,4CAA4C,OAAO,EAAE;AAAA,IACnE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAmB;AACjB,SAAK,kBAAkB;AACvB,QAAI,KAAK,QAAQ;AACf,WAAK,OAAO,WAAW;AACvB,WAAK,SAAS;AAAA,IAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UAAU,WAAmB,SAA2C;AACtE,QAAI,CAAC,KAAK,SAAS,IAAI,SAAS,GAAG;AACjC,WAAK,SAAS,IAAI,WAAW,oBAAI,IAAI,CAAC;AAAA,IACxC;AAEA,SAAK,SAAS,IAAI,SAAS,EAAG,IAAI,OAAO;AAEzC,WAAO,MAAM;AACX,YAAM,WAAW,KAAK,SAAS,IAAI,SAAS;AAC5C,UAAI,UAAU;AACZ,iBAAS,OAAO,OAAO;AACvB,YAAI,SAAS,SAAS,GAAG;AACvB,eAAK,SAAS,OAAO,SAAS;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,SAA2C;AACtD,WAAO,KAAK,UAAU,KAAK,OAAO;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKQ,YAAY,OAA4B;AAC9C,YAAQ,IAAI,qCAAqC,KAAK;AAGtD,UAAM,WAAW,KAAK,SAAS,IAAI,MAAM,IAAI;AAC7C,QAAI,UAAU;AACZ,eAAS,QAAQ,aAAW;AAC1B,YAAI;AACF,kBAAQ,KAAK;AAAA,QACf,SAAS,OAAO;AACd,kBAAQ,MAAM,0CAA0C,KAAK;AAAA,QAC/D;AAAA,MACF,CAAC;AAAA,IACH;AAGA,UAAM,mBAAmB,KAAK,SAAS,IAAI,GAAG;AAC9C,QAAI,kBAAkB;AACpB,uBAAiB,QAAQ,aAAW;AAClC,YAAI;AACF,kBAAQ,KAAK;AAAA,QACf,SAAS,OAAO;AACd,kBAAQ,MAAM,6CAA6C,KAAK;AAAA,QAClE;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAwB;AAC9B,QAAI,CAAC,KAAK,mBAAmB,CAAC,KAAK,OAAO,iBAAiB,CAAC,KAAK,YAAY;AAC3E;AAAA,IACF;AAEA,QAAI,KAAK,oBAAoB,KAAK,OAAO,sBAAsB;AAC7D,WAAK;AACL,YAAM,QAAQ,KAAK;AAAA,QACjB,KAAK,OAAO,iBAAiB,KAAK,IAAI,GAAG,KAAK,oBAAoB,CAAC;AAAA,QACnE,KAAK,OAAO;AAAA,MACd;AAEA,cAAQ,IAAI,qCAAqC,KAAK,eAAe,KAAK,iBAAiB,GAAG;AAE9F,iBAAW,MAAM;AACf,aAAK,QAAQ,KAAK,YAAa,KAAK,cAAe,KAAK,aAAc,EAAE,MAAM,WAAS;AACrF,kBAAQ,MAAM,0CAA0C,KAAK;AAAA,QAC/D,CAAC;AAAA,MACH,GAAG,KAAK;AAAA,IACV,OAAO;AACL,cAAQ,MAAM,qDAAqD;AAAA,IACrE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAA2B;AACzB,QAAI,KAAK,cAAc,KAAK,cAAc;AACxC,WAAK,oBAAoB;AACzB,aAAO,KAAK,QAAQ,KAAK,YAAY,KAAK,cAAc,KAAK,iBAAiB,MAAS;AAAA,IACzF,WAAW,KAAK,YAAY;AAC1B,WAAK,oBAAoB;AACzB,aAAO,KAAK,QAAQ,KAAK,UAAU;AAAA,IACrC;AACA,WAAO,QAAQ,OAAO,IAAI,MAAM,mBAAmB,CAAC;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA,EAKA,cAAuB;AACrB,WAAO,KAAK,QAAQ,aAAa;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,YAA0E;AACxE,QAAI,CAAC,KAAK,OAAQ,QAAO;AACzB,QAAI,KAAK,OAAO,UAAW,QAAO;AAClC,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,KAAK,OAAe,MAAiB;AACnC,QAAI,KAAK,QAAQ,WAAW;AAC1B,WAAK,OAAO,KAAK,OAAO,IAAI;AAAA,IAC9B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA8C;AACzD,SAAK,SAAS;AAAA,MACZ,GAAG,KAAK;AAAA,MACR,GAAG;AAAA,IACL;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,KAAa,aAAqB,QAAgC;AAC3F,QAAI;AACF,YAAM,KAAK,QAAQ,KAAK,aAAa,MAAM;AAAA,IAC7C,SAAS,OAAO;AACd,cAAQ,KAAK,wDAAwD,KAAK;AAAA,IAC5E;AAAA,EACF;AACF;AAGO,SAAS,eAAe,QAAiD;AAC9E,SAAO,IAAI,gBAAgB,MAAM;AACnC;AAGO,IAAM,WAAW,IAAI,gBAAgB;;;AF9VrC,IAAM,yBAAN,MAA6B;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,SAAwB;AAAA,EACxB,uBAAuB;AAAA,EAE/B,YAAY,QAA+B;AACzC,SAAK,SAAS;AAAA,MACZ,SAAS;AAAA,MACT,OAAO;AAAA,QACL,SAAS;AAAA,QACT,KAAK;AAAA,MACP;AAAA,MACA,UAAU;AAAA,QACR,SAAS;AAAA,QACT,eAAe;AAAA,QACf,sBAAsB;AAAA,QACtB,gBAAgB;AAAA,MAClB;AAAA,MACA,GAAG;AAAA,IACL;AAEA,SAAK,QAAQ;AAEb,UAAM,iBAAwC;AAAA,MAC5C,eAAe,KAAK,OAAO,UAAU,iBAAiB;AAAA,MACtD,sBAAsB,KAAK,OAAO,UAAU,wBAAwB;AAAA,MACpE,gBAAgB,KAAK,OAAO,UAAU,kBAAkB;AAAA,MACxD,WAAW,MAAM;AACf,aAAK,uBAAuB;AAC5B,aAAK,OAAO,UAAU,YAAY;AAAA,MACpC;AAAA,MACA,cAAc,MAAM;AAClB,aAAK,uBAAuB;AAC5B,aAAK,OAAO,UAAU,eAAe;AAAA,MACvC;AAAA,MACA,SAAS,CAAC,UAAU;AAClB,aAAK,OAAO,UAAU,UAAU,KAAK;AAAA,MACvC;AAAA,IACF;AAEA,SAAK,WAAW,eAAe,cAAc;AAE7C,SAAK,SAASC,OAAM,OAAO;AAAA,MACzB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,IACF,CAAC;AAED,YAAQ,IAAI,qCAAqC;AAAA,MAC/C,SAAS,KAAK,OAAO,UAAU;AAAA,MAC/B,KAAK,KAAK,OAAO,UAAU;AAAA,MAC3B,gBAAgB,CAAC,CAAC,KAAK,OAAO,UAAU;AAAA,IAC1C,CAAC;AAED,QAAI,KAAK,OAAO,UAAU,WAAW,KAAK,OAAO,SAAS,KAAK;AAC7D,cAAQ,IAAI,kDAAkD;AAC9D,WAAK,cAAc,EAAE,MAAM,SAAO;AAChC,gBAAQ,MAAM,8CAA8C,GAAG;AAAA,MACjE,CAAC;AAAA,IACH,OAAO;AACL,cAAQ,IAAI,uDAAuD;AAAA,IACrE;AAEA,gBAAY,MAAM;AAChB,WAAK,MAAM,QAAQ;AAAA,IACrB,GAAG,GAAK;AAAA,EACV;AAAA,EAEA,MAAc,gBAA+B;AAE3C,QAAI,CAAC,KAAK,OAAO,UAAU,WAAW,CAAC,KAAK,OAAO,UAAU,KAAK;AAChE;AAAA,IACF;AAEA,QAAI;AACF,YAAM,KAAK,SAAS;AAAA,QAClB,KAAK,OAAO,SAAS;AAAA,QACrB,KAAK,OAAO,SAAS;AAAA,MACvB;AAGA,WAAK,SAAS,mBAAmB,MAAM;AACvC,WAAK,SAAS,mBAAmB,OAAO;AACxC,WAAK,SAAS,mBAAmB,aAAa;AAG9C,WAAK,SAAS,UAAU,KAAK,CAAC,UAAyB;AACrD,gBAAQ,IAAI,6CAA6C,KAAK;AAG9D,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,eAAK,OAAO,UAAU,eAAe,KAAK;AAC1C,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,eAAK,OAAO,UAAU,eAAe,KAAK;AAC1C,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,YAAY,KAAK,MAAM,SAAS,qBAAqB;AAC3E,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IAEH,SAAS,OAAO;AACd,cAAQ,KAAK,uEAAuE,KAAK;AAAA,IAC3F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,KAAc,aAAqC;AACvE,UAAM,QAAQ,OAAO,KAAK,OAAO,UAAU;AAC3C,UAAM,UAAU,eAAe,KAAK,OAAO,UAAU;AAErD,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM,2BAA2B;AAAA,IAC7C;AAEA,UAAM,KAAK,cAAc;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,WAAkC;AAC3D,UAAM,QAAQ,KAAK,OAAO,UAAU;AAEpC,QAAI,CAAC,OAAO;AACV,cAAQ,KAAK,6CAA6C;AAC1D;AAAA,IACF;AAGA,UAAM,SAAS,KAAK,uBAAuB,SAAS,KAAK;AAEzD,YAAQ,IAAI,oEAAoE,MAAM;AAEtF,QAAI;AACF,YAAM,KAAK,SAAS,QAAQ,OAAO,WAAW,MAAM;AACpD,WAAK,SAAS,mBAAmB,MAAM;AAAA,IACzC,SAAS,OAAO;AACd,cAAQ,KAAK,uDAAuD,KAAK;AAAA,IAC3E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,qBAA2B;AACzB,SAAK,SAAS,WAAW;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,sBAA+B;AAC7B,WAAO,KAAK,wBAAwB,KAAK,SAAS,YAAY;AAAA,EAChE;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAkF;AAChF,WAAO,KAAK,SAAS,UAAU;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAoB,WAAmB,SAAqD;AAC1F,WAAO,KAAK,SAAS,UAAU,WAAW,OAAO;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA,EAKA,uBAAuB,SAAqD;AAC1E,WAAO,KAAK,SAAS,aAAa,OAAO;AAAA,EAC3C;AAAA,EAEQ,uBAAuB,OAA8B;AAC3D,QAAI;AACF,YAAM,UAAU,KAAK,MAAM,KAAK,MAAM,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC;AACpD,aAAO,QAAQ,OAAO;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEQ,YAAY,OAAe,SAAiB,IAAY;AAC9D,UAAM,SAAS,KAAK,uBAAuB,KAAK,KAAK;AACrD,WAAO,QAAQ,MAAM,IAAI,MAAM;AAAA,EACjC;AAAA,EAEA,MAAM,cAAc,OAA4C;AAC9D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,aAAO,KAAK,gBAAgB,KAAK;AAAA,IACnC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,QAAQ;AACjD,UAAM,SAAS,KAAK,MAAM,IAAwB,QAAQ;AAE1D,QAAI,QAAQ;AACV,cAAQ,IAAI,4CAA4C;AACxD,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,mDAAmD;AAC/D,UAAM,OAAO,MAAM,KAAK,gBAAgB,KAAK;AAE7C,SAAK,MAAM,IAAI,UAAU,MAAM,KAAK,OAAO,MAAM,GAAG;AAEpD,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,gBAAgB,OAA4C;AACxE,QAAI;AACF,YAAM,WACJ,MAAM,KAAK,OAAO,IAAI,aAAa;AAAA,QACjC,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK;AAAA,QAClC;AAAA,MACF,CAAC;AAEH,UAAI,CAAC,SAAS,KAAK,SAAS;AAC1B,cAAM,IAAI,MAAM,yCAAyC;AAAA,MAC3D;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,UAAIA,OAAM,aAAa,KAAK,GAAG;AAC7B,YAAI,MAAM,UAAU,WAAW,KAAK;AAClC,gBAAM,IAAI,MAAM,wCAAwC;AAAA,QAC1D;AACA,cAAM,IAAI,MAAM,cAAc,MAAM,UAAU,MAAM,WAAW,MAAM,OAAO,EAAE;AAAA,MAChF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAM,cAAc,OAAe,YAAsC;AACvE,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMC,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW,QAAQ;AAAA,QAAK,YAC7B,OAAO,YAAY,SAAS,UAAU;AAAA,MACxC;AAAA,IACF;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,UAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,8CAA8C,UAAU,EAAE;AACtE,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,qDAAqD,UAAU,EAAE;AAC7E,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,gBAAgB,WAAW,QAAQ;AAAA,MAAK,YAC5C,OAAO,YAAY,SAAS,UAAU;AAAA,IACxC;AAEA,SAAK,MAAM,IAAI,UAAU,eAAe,KAAK,OAAO,MAAM,MAAO,CAAC;AAElE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,QAAQ,OAAe,MAAgC;AAC3D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMA,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW,MAAM,SAAS,IAAI;AAAA,IACvC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,UAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,wCAAwC,IAAI,EAAE;AAC1D,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,+CAA+C,IAAI,EAAE;AACjE,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,UAAU,WAAW,MAAM,SAAS,IAAI;AAE9C,SAAK,MAAM,IAAI,UAAU,SAAS,KAAK,OAAO,MAAM,MAAO,CAAC;AAE5D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBAAqB,OAAe,WAAsC;AAC9E,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMA,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,YAAMC,UAASD,YAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,aAAOC,SAAQ,eAAe,CAAC;AAAA,IACjC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,UAAU,SAAS,EAAE;AAC9D,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,0CAA0C,SAAS,EAAE;AACjE,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,6DAA6D,SAAS,EAAE;AACpF,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,SAAS,WAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,UAAM,cAAc,QAAQ,eAAe,CAAC;AAE5C,SAAK,MAAM,IAAI,UAAU,aAAa,KAAK,OAAO,MAAM,GAAG;AAE3D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,aAAa,OAAkC;AACnD,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMD,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW;AAAA,IACpB;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,OAAO;AAChD,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,2CAA2C;AACvD,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,kDAAkD;AAC9D,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,QAAQ,WAAW;AAEzB,SAAK,MAAM,IAAI,UAAU,OAAO,KAAK,OAAO,MAAM,GAAG;AAErD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,oBAAoB,OAAkC;AAC1D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMA,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW;AAAA,IACpB;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,eAAe;AACxD,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,8CAA8C;AAC1D,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,qDAAqD;AACjE,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,eAAe,WAAW;AAEhC,SAAK,MAAM,IAAI,UAAU,cAAc,KAAK,OAAO,MAAM,GAAG;AAE5D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,eAAe,OAAe,aAAyD;AAC3F,UAAM,UAAmC,CAAC;AAC1C,UAAM,sBAAgC,CAAC;AAEvC,eAAW,cAAc,aAAa;AACpC,UAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,cAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,cAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,YAAI,WAAW,MAAM;AACnB,kBAAQ,UAAU,IAAI;AAAA,QACxB,OAAO;AACL,8BAAoB,KAAK,UAAU;AAAA,QACrC;AAAA,MACF,OAAO;AACL,4BAAoB,KAAK,UAAU;AAAA,MACrC;AAAA,IACF;AAEA,QAAI,oBAAoB,SAAS,GAAG;AAClC,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AAEjD,iBAAW,cAAc,qBAAqB;AAC5C,cAAM,gBAAgB,WAAW,QAAQ;AAAA,UAAK,YAC5C,OAAO,YAAY,SAAS,UAAU;AAAA,QACxC;AACA,gBAAQ,UAAU,IAAI;AAEtB,YAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,gBAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,eAAK,MAAM,IAAI,UAAU,eAAe,KAAK,OAAO,MAAM,MAAO,CAAC;AAAA,QACpE;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,OAAe,OAAmD;AAC/E,UAAM,UAAmC,CAAC;AAC1C,UAAM,gBAA0B,CAAC;AAEjC,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,cAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,cAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,IAAI;AAAA,QAClB,OAAO;AACL,wBAAc,KAAK,IAAI;AAAA,QACzB;AAAA,MACF,OAAO;AACL,sBAAc,KAAK,IAAI;AAAA,MACzB;AAAA,IACF;AAEA,QAAI,cAAc,SAAS,GAAG;AAC5B,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AAEjD,iBAAW,QAAQ,eAAe;AAChC,cAAM,UAAU,WAAW,MAAM,SAAS,IAAI;AAC9C,gBAAQ,IAAI,IAAI;AAEhB,YAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,gBAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,eAAK,MAAM,IAAI,UAAU,SAAS,KAAK,OAAO,MAAM,MAAO,CAAC;AAAA,QAC9D;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,eAAe,OAAqB;AAClC,UAAM,SAAS,KAAK,uBAAuB,KAAK;AAChD,QAAI,QAAQ;AACV,WAAK,MAAM,eAAe,MAAM;AAChC,cAAQ,IAAI,4CAA4C,MAAM,EAAE;AAAA,IAClE;AAAA,EACF;AAAA,EAEA,gBAAsB;AACpB,SAAK,MAAM,MAAM;AACjB,YAAQ,IAAI,oCAAoC;AAAA,EAClD;AAAA,EAEA,gBAAkD;AAChD,WAAO,KAAK,MAAM,SAAS;AAAA,EAC7B;AAAA,EAEA,aAAmB;AACjB,SAAK,SAAS,WAAW;AAAA,EAC3B;AACF;;;AG3fO,IAAME,kBAAN,MAAqB;AAAA,EAClB;AAAA,EAER,YAAY,QAA+B;AACzC,SAAK,UAAU,IAAI,uBAAuB,MAAM;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,SACA,aACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,UAAI,QAAQ,YAAY;AAEtB,cAAM,UAAU,MAAM,KAAK,QAAQ,eAAe,QAAQ,OAAO,WAAW;AAC5E,cAAM,SAAS,YAAY,MAAM,gBAAc,QAAQ,UAAU,CAAC;AAElE,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,uCAAuC,YAAY,KAAK,IAAI,CAAC;AAAA,YACpE,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF,OAAO;AAEL,cAAM,gBAAgB,MAAM,KAAK,QAAQ,eAAe,QAAQ,OAAO,WAAW;AAClF,cAAM,SAAS,OAAO,OAAO,aAAa,EAAE,KAAK,OAAO;AAExD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,8CAA8C,YAAY,KAAK,IAAI,CAAC;AAAA,YAC3E,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aACJ,SACA,OACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,UAAI,QAAQ,YAAY;AAEtB,cAAM,UAAU,MAAM,KAAK,QAAQ,SAAS,QAAQ,OAAO,KAAK;AAChE,cAAM,SAAS,MAAM,MAAM,UAAQ,QAAQ,IAAI,CAAC;AAEhD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,iCAAiC,MAAM,KAAK,IAAI,CAAC;AAAA,YACxD,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF,OAAO;AAEL,cAAM,UAAU,MAAM,KAAK,QAAQ,SAAS,QAAQ,OAAO,KAAK;AAChE,cAAM,SAAS,OAAO,OAAO,OAAO,EAAE,KAAK,OAAO;AAElD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,wCAAwC,MAAM,KAAK,IAAI,CAAC;AAAA,YAC/D,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eACJ,SACA,SACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,YAAM,iBAAiB,WAAW,QAAQ,IAAI,OAAK,EAAE,GAAG;AAExD,UAAI;AAEJ,UAAI,QAAQ,YAAY;AAEtB,oBAAY,QAAQ,MAAM,YAAU,eAAe,SAAS,MAAM,CAAC;AAAA,MACrE,OAAO;AAEL,oBAAY,QAAQ,KAAK,YAAU,eAAe,SAAS,MAAM,CAAC;AAAA,MACpE;AAEA,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,yCAAyC,QAAQ,KAAK,IAAI,CAAC;AAAA,UAClE,YAAY;AAAA,QACd;AAAA,MACF;AAEA,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBACJ,SACA,cACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,YAAM,mBAAmB,MAAM,KAAK,QAAQ,oBAAoB,QAAQ,KAAK;AAE7E,UAAI;AAEJ,UAAI,QAAQ,YAAY;AAEtB,oBAAY,aAAa,MAAM,YAAU,iBAAiB,SAAS,MAAM,CAAC;AAAA,MAC5E,OAAO;AAEL,oBAAY,aAAa,KAAK,YAAU,iBAAiB,SAAS,MAAM,CAAC;AAAA,MAC3E;AAEA,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,+CAA+C,aAAa,KAAK,IAAI,CAAC;AAAA,UAC7E,YAAY;AAAA,QACd;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAQ,SAAuB,SAA6C;AAChF,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,UAAI,SAAS;AACb,YAAM,WAAqB,CAAC;AAG5B,UAAI,QAAQ,eAAe,QAAQ,YAAY,SAAS,GAAG;AACzD,cAAM,kBAAkB,WAAW,QAAQ,QAAQ,OAAK,EAAE,WAAW;AACrE,cAAM,iBAAiB,QAAQ,aAC3B,QAAQ,YAAY,MAAM,OAAK,gBAAgB,SAAS,CAAC,CAAC,IAC1D,QAAQ,YAAY,KAAK,OAAK,gBAAgB,SAAS,CAAC,CAAC;AAE7D,YAAI,CAAC,gBAAgB;AACnB,mBAAS;AACT,mBAAS,KAAK,gBAAgB,QAAQ,YAAY,KAAK,IAAI,CAAC,EAAE;AAAA,QAChE;AAAA,MACF;AAGA,UAAI,QAAQ,SAAS,QAAQ,MAAM,SAAS,GAAG;AAC7C,cAAM,WAAW,QAAQ,aACrB,QAAQ,MAAM,MAAM,OAAK,WAAW,MAAM,SAAS,CAAC,CAAC,IACrD,QAAQ,MAAM,KAAK,OAAK,WAAW,MAAM,SAAS,CAAC,CAAC;AAExD,YAAI,CAAC,UAAU;AACb,mBAAS;AACT,mBAAS,KAAK,UAAU,QAAQ,MAAM,KAAK,IAAI,CAAC,EAAE;AAAA,QACpD;AAAA,MACF;AAGA,UAAI,QAAQ,WAAW,QAAQ,QAAQ,SAAS,GAAG;AACjD,cAAM,iBAAiB,WAAW,QAAQ,IAAI,OAAK,EAAE,GAAG;AACxD,cAAM,aAAa,QAAQ,aACvB,QAAQ,QAAQ,MAAM,OAAK,eAAe,SAAS,CAAC,CAAC,IACrD,QAAQ,QAAQ,KAAK,OAAK,eAAe,SAAS,CAAC,CAAC;AAExD,YAAI,CAAC,YAAY;AACf,mBAAS;AACT,mBAAS,KAAK,YAAY,QAAQ,QAAQ,KAAK,IAAI,CAAC,EAAE;AAAA,QACxD;AAAA,MACF;AAGA,UAAI,QAAQ,gBAAgB,QAAQ,aAAa,SAAS,GAAG;AAC3D,cAAM,kBAAkB,QAAQ,aAC5B,QAAQ,aAAa,MAAM,QAAM,WAAW,aAAa,SAAS,EAAE,CAAC,IACrE,QAAQ,aAAa,KAAK,QAAM,WAAW,aAAa,SAAS,EAAE,CAAC;AAExE,YAAI,CAAC,iBAAiB;AACpB,mBAAS;AACT,mBAAS,KAAK,kBAAkB,QAAQ,aAAa,KAAK,IAAI,CAAC,EAAE;AAAA,QACnE;AAAA,MACF;AAEA,UAAI,CAAC,QAAQ;AACX,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,2BAA2B,SAAS,KAAK,IAAI,CAAC;AAAA,UACrD,YAAY;AAAA,QACd;AAAA,MACF;AAEA,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,SAA6C;AAC9D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAqC;AACnC,WAAO,KAAK;AAAA,EACd;AACF;AAKO,SAAS,aAAa,SAA6B;AAExD,MAAI,QAAQ,SAAS,eAAe;AAClC,UAAM,aAAa,QAAQ,QAAQ;AACnC,QAAI,WAAW,WAAW,SAAS,GAAG;AACpC,aAAO,WAAW,UAAU,CAAC;AAAA,IAC/B;AAAA,EACF;AAGA,MAAI,QAAQ,SAAS,eAAe;AAClC,UAAM,aAAa,QAAQ,QAAQ;AACnC,QAAI,WAAW,WAAW,SAAS,GAAG;AACpC,aAAO,WAAW,UAAU,CAAC;AAAA,IAC/B;AAAA,EACF;AAGA,MAAI,QAAQ,UAAU,gBAAgB,GAAG;AACvC,WAAO,QAAQ,QAAQ,gBAAgB;AAAA,EACzC;AAGA,MAAI,QAAQ,OAAO,OAAO;AACxB,WAAO,QAAQ,MAAM;AAAA,EACvB;AAEA,SAAO;AACT;;;ACzSO,SAAS,qBAAqB,QAAa;AAChD,QAAM,QAAQ,IAAIC,gBAAe,MAAM;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIL,mBAAmB,aAAuB,UAAoC,CAAC,GAAG;AAChF,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,mBAAmB,SAAS,aAAa,OAAO;AAE3E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,aAAa,OAAiB,UAAoC,CAAC,GAAG;AACpE,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,SAAS,OAAO,OAAO;AAE/D,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe,SAAmB,UAAoC,CAAC,GAAG;AACxE,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,eAAe,SAAS,SAAS,OAAO;AAEnE,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,oBAAoB,cAAwB,UAAoC,CAAC,GAAG;AAClF,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,oBAAoB,SAAS,cAAc,OAAO;AAE7E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,QAAQ,SAAuB;AAC7B,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,QAAQ,SAAS,OAAO;AAEnD,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe;AACb,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,OAAO;AAE/C,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,WAA2B;AACzB,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,KAAmC;AAC7D,QAAM,QAAQ,aAAa,GAAG;AAC9B,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,EACX;AACF;;;ACxQO,SAAS,qBAAqB,QAAa;AAChD,QAAM,QAAQ,IAAIC,gBAAe,MAAM;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIL,mBAAmB,aAAuB,UAAoC,CAAC,GAAG;AAChF,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUC,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,mBAAmB,SAAS,aAAa,OAAO;AAE3E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,aAAa,OAAiB,UAAoC,CAAC,GAAG;AACpE,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,SAAS,OAAO,OAAO;AAE/D,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe,SAAmB,UAAoC,CAAC,GAAG;AACxE,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,eAAe,SAAS,SAAS,OAAO;AAEnE,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,oBAAoB,cAAwB,UAAoC,CAAC,GAAG;AAClF,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,oBAAoB,SAAS,cAAc,OAAO;AAE7E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,QAAQ,SAAuB;AAC7B,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,QAAQ,SAAS,OAAO;AAEnD,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe;AACb,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,OAAO;AAE/C,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,WAA2B;AACzB,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,SAASA,oBAAmB,KAA0C;AACpE,QAAM,QAAQ,aAAa,GAAG;AAC9B,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,EACX;AACF;","names":["axios","axios","userAccess","module","ExGuardBackend","ExGuardBackend","ExGuardBackend","createGuardContext"]}
1
+ {"version":3,"sources":["../src/exguard-backend.ts","../src/exguard-backend-enhanced.ts","../src/cache.ts","../src/realtime.ts","../src/guards.ts","../src/express.ts","../src/fastify.ts"],"sourcesContent":["import axios, { AxiosInstance, AxiosResponse } from 'axios';\nimport { \n UserAccessResponse, \n ApiResponse, \n ExGuardConfig \n} from './types.js';\n\nexport class ExGuardBackend {\n private client: AxiosInstance;\n private config: ExGuardConfig;\n\n constructor(config: ExGuardConfig) {\n this.config = {\n timeout: 10000,\n ...config,\n };\n\n this.client = axios.create({\n baseURL: this.config.apiUrl,\n timeout: this.config.timeout,\n headers: {\n 'Content-Type': 'application/json',\n },\n });\n }\n\n /**\n * Get user roles and permissions from the /guard/me endpoint\n * @param token - JWT access token\n * @returns Promise<UserAccessResponse>\n */\n async getUserAccess(token: string): Promise<UserAccessResponse> {\n try {\n const response: AxiosResponse<ApiResponse<UserAccessResponse>> = \n await this.client.get('/guard/me', {\n headers: {\n 'Authorization': `Bearer ${token}`,\n },\n });\n\n if (!response.data.success) {\n throw new Error('Failed to fetch user access information');\n }\n\n return response.data.data;\n } catch (error) {\n if (axios.isAxiosError(error)) {\n if (error.response?.status === 401) {\n throw new Error('Unauthorized: Invalid or expired token');\n }\n throw new Error(`API Error: ${error.response?.data?.message || error.message}`);\n }\n throw error;\n }\n }\n\n /**\n * Check if user has specific permission\n * @param token - JWT access token\n * @param permission - Permission to check (e.g., 'events:create')\n * @returns Promise<boolean>\n */\n async hasPermission(token: string, permission: string): Promise<boolean> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n } catch (error) {\n return false;\n }\n }\n\n /**\n * Check if user has specific role\n * @param token - JWT access token\n * @param role - Role to check (e.g., 'Event Manager')\n * @returns Promise<boolean>\n */\n async hasRole(token: string, role: string): Promise<boolean> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles.includes(role);\n } catch (error) {\n return false;\n }\n }\n\n /**\n * Get all permissions for a specific module\n * @param token - JWT access token\n * @param moduleKey - Module key (e.g., 'events')\n * @returns Promise<string[]>\n */\n async getModulePermissions(token: string, moduleKey: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n return module?.permissions || [];\n } catch (error) {\n return [];\n }\n }\n\n /**\n * Get user roles\n * @param token - JWT access token\n * @returns Promise<string[]>\n */\n async getUserRoles(token: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles;\n } catch (error) {\n return [];\n }\n }\n\n /**\n * Get user field offices\n * @param token - JWT access token\n * @returns Promise<string[]>\n */\n async getUserFieldOffices(token: string): Promise<string[]> {\n try {\n const userAccess = await this.getUserAccess(token);\n return userAccess.fieldOffices;\n } catch (error) {\n return [];\n }\n }\n}\n","import axios, { AxiosInstance, AxiosResponse } from 'axios';\nimport { \n UserAccessResponse, \n ApiResponse, \n ExGuardConfig \n} from './types.js';\nimport { cache, ExGuardCache } from './cache.js';\nimport { \n realtime, \n RealtimeEvent, \n ExGuardRealtime,\n ExGuardRealtimeConfig,\n createRealtime \n} from './realtime.js';\n\nexport interface ExGuardEnhancedConfig extends ExGuardConfig {\n cache?: {\n ttl?: number;\n enabled?: boolean;\n };\n realtime?: {\n enabled?: boolean;\n url?: string;\n accessToken?: string;\n autoReconnect?: boolean;\n maxReconnectAttempts?: number;\n reconnectDelay?: number;\n autoConnect?: boolean;\n onConnect?: () => void;\n onDisconnect?: () => void;\n onError?: (error: Error) => void;\n onRBACUpdate?: (event: RealtimeEvent) => void;\n onUserUpdate?: (event: RealtimeEvent) => void;\n };\n}\n\nexport class ExGuardBackendEnhanced {\n private client: AxiosInstance;\n private config: ExGuardEnhancedConfig;\n private cache: ExGuardCache;\n private realtime: ExGuardRealtime;\n private userId: string | null = null;\n private _isRealtimeConnected = false;\n\n constructor(config: ExGuardEnhancedConfig) {\n this.config = {\n timeout: 10000,\n cache: {\n enabled: true,\n ttl: 300000,\n },\n realtime: {\n enabled: false,\n autoReconnect: true,\n maxReconnectAttempts: 5,\n reconnectDelay: 1000,\n },\n ...config,\n };\n\n this.cache = cache;\n \n const realtimeConfig: ExGuardRealtimeConfig = {\n autoReconnect: this.config.realtime?.autoReconnect ?? true,\n maxReconnectAttempts: this.config.realtime?.maxReconnectAttempts ?? 5,\n reconnectDelay: this.config.realtime?.reconnectDelay ?? 1000,\n onConnect: () => {\n this._isRealtimeConnected = true;\n this.config.realtime?.onConnect?.();\n },\n onDisconnect: () => {\n this._isRealtimeConnected = false;\n this.config.realtime?.onDisconnect?.();\n },\n onError: (error) => {\n this.config.realtime?.onError?.(error);\n },\n };\n \n this.realtime = createRealtime(realtimeConfig);\n\n this.client = axios.create({\n baseURL: this.config.apiUrl,\n timeout: this.config.timeout,\n headers: {\n 'Content-Type': 'application/json',\n },\n });\n\n console.log('[ExGuardBackend] Realtime config:', {\n enabled: this.config.realtime?.enabled,\n url: this.config.realtime?.url,\n hasAccessToken: !!this.config.realtime?.accessToken,\n });\n\n if (this.config.realtime?.enabled && this.config.realtime.url) {\n console.log('[ExGuardBackend] Starting realtime connection...');\n this.setupRealtime().catch(err => {\n console.error('[ExGuardBackend] Failed to setup realtime:', err);\n });\n } else {\n console.log('[ExGuardBackend] Realtime disabled or no URL provided');\n }\n\n setInterval(() => {\n this.cache.cleanup();\n }, 60000);\n }\n\n private async setupRealtime(): Promise<void> {\n // Only connect if explicitly enabled AND URL is provided\n if (!this.config.realtime?.enabled || !this.config.realtime?.url) {\n return;\n }\n\n try {\n await this.realtime.connect(\n this.config.realtime.url, \n this.config.realtime.accessToken\n );\n\n // Subscribe to channels for realtime updates\n this.realtime.subscribeToChannel('rbac');\n this.realtime.subscribeToChannel('roles');\n this.realtime.subscribeToChannel('permissions');\n \n // Listen to all events using wildcard\n this.realtime.subscribe('*', (event: RealtimeEvent) => {\n console.log('[ExGuardBackend] Realtime event received:', event);\n \n // Handle specific event types\n if (event.type.includes('rbac') || event.type === 'rbac_update') {\n this.config.realtime?.onRBACUpdate?.(event);\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('user') || event.type === 'user_update') {\n this.config.realtime?.onUserUpdate?.(event);\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('role') || event.type === 'role_update') {\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n \n if (event.type.includes('permission') || event.type === 'permission_update') {\n if (event.userId) {\n this.cache.clearUserCache(event.userId);\n } else {\n this.cache.clear();\n }\n }\n });\n\n } catch (error) {\n console.warn('[ExGuardBackend] Realtime connection failed (will retry on demand):', error);\n }\n }\n\n /**\n * Manually connect to realtime server\n */\n async connectRealtime(url?: string, accessToken?: string): Promise<void> {\n const wsUrl = url || this.config.realtime?.url;\n const wsToken = accessToken || this.config.realtime?.accessToken;\n \n if (!wsUrl) {\n throw new Error('WebSocket URL is required');\n }\n \n await this.setupRealtime();\n }\n\n /**\n * Connect to realtime with user's token (extracts userId from token)\n * Call this in your middleware/guard when a user makes a request\n */\n async connectWithUserToken(userToken: string): Promise<void> {\n const wsUrl = this.config.realtime?.url;\n \n if (!wsUrl) {\n console.warn('[ExGuardBackend] No realtime URL configured');\n return;\n }\n\n // Extract userId from token if possible\n const userId = this.extractUserIdFromToken(userToken) || 'unknown';\n \n console.log('[ExGuardBackend] Connecting to realtime with user token, userId:', userId);\n \n try {\n await this.realtime.connect(wsUrl, userToken, userId);\n this.realtime.subscribeToChannel('rbac');\n } catch (error) {\n console.warn('[ExGuardBackend] Failed to connect with user token:', error);\n }\n }\n\n /**\n * Disconnect from realtime server\n */\n disconnectRealtime(): void {\n this.realtime.disconnect();\n }\n\n /**\n * Check if realtime is connected\n */\n isRealtimeConnected(): boolean {\n return this._isRealtimeConnected || this.realtime.isConnected();\n }\n\n /**\n * Get realtime connection status\n */\n getRealtimeStatus(): 'connecting' | 'connected' | 'disconnected' | 'reconnecting' {\n return this.realtime.getStatus();\n }\n\n /**\n * Subscribe to realtime events\n */\n subscribeToRealtime(eventType: string, handler: (event: RealtimeEvent) => void): () => void {\n return this.realtime.subscribe(eventType, handler);\n }\n\n /**\n * Subscribe to all realtime events\n */\n subscribeToAllRealtime(handler: (event: RealtimeEvent) => void): () => void {\n return this.realtime.subscribeAll(handler);\n }\n\n private extractUserIdFromToken(token: string): string | null {\n try {\n const payload = JSON.parse(atob(token.split('.')[1]));\n return payload.sub || null;\n } catch {\n return null;\n }\n }\n\n private getCacheKey(token: string, suffix: string = ''): string {\n const userId = this.extractUserIdFromToken(token) || 'unknown';\n return `user:${userId}:${suffix}`;\n }\n\n async getUserAccess(token: string): Promise<UserAccessResponse> {\n if (!this.config.cache?.enabled) {\n return this.fetchUserAccess(token);\n }\n\n const cacheKey = this.getCacheKey(token, 'access');\n const cached = this.cache.get<UserAccessResponse>(cacheKey);\n \n if (cached) {\n console.log('[ExGuardBackend] Cache hit for user access');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching user access');\n const data = await this.fetchUserAccess(token);\n \n this.cache.set(cacheKey, data, this.config.cache.ttl);\n \n return data;\n }\n\n private async fetchUserAccess(token: string): Promise<UserAccessResponse> {\n try {\n const response: AxiosResponse<ApiResponse<UserAccessResponse>> = \n await this.client.get('/guard/me', {\n headers: {\n 'Authorization': `Bearer ${token}`,\n },\n });\n\n if (!response.data.success) {\n throw new Error('Failed to fetch user access information');\n }\n\n return response.data.data;\n } catch (error) {\n if (axios.isAxiosError(error)) {\n if (error.response?.status === 401) {\n throw new Error('Unauthorized: Invalid or expired token');\n }\n throw new Error(`API Error: ${error.response?.data?.message || error.message}`);\n }\n throw error;\n }\n }\n\n async hasPermission(token: string, permission: string): Promise<boolean> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n }\n\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for permission: ${permission}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, checking permission: ${permission}`);\n const userAccess = await this.getUserAccess(token);\n const hasPermission = userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n \n this.cache.set(cacheKey, hasPermission, this.config.cache.ttl! / 2);\n \n return hasPermission;\n }\n\n async hasRole(token: string, role: string): Promise<boolean> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles.includes(role);\n }\n\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for role: ${role}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, checking role: ${role}`);\n const userAccess = await this.getUserAccess(token);\n const hasRole = userAccess.roles.includes(role);\n \n this.cache.set(cacheKey, hasRole, this.config.cache.ttl! / 2);\n \n return hasRole;\n }\n\n async getModulePermissions(token: string, moduleKey: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n return module?.permissions || [];\n }\n\n const cacheKey = this.getCacheKey(token, `module:${moduleKey}`);\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log(`[ExGuardBackend] Cache hit for module: ${moduleKey}`);\n return cached;\n }\n\n console.log(`[ExGuardBackend] Cache miss, fetching module permissions: ${moduleKey}`);\n const userAccess = await this.getUserAccess(token);\n const module = userAccess.modules.find(m => m.key === moduleKey);\n const permissions = module?.permissions || [];\n \n this.cache.set(cacheKey, permissions, this.config.cache.ttl);\n \n return permissions;\n }\n\n async getUserRoles(token: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.roles;\n }\n\n const cacheKey = this.getCacheKey(token, 'roles');\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log('[ExGuardBackend] Cache hit for user roles');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching user roles');\n const userAccess = await this.getUserAccess(token);\n const roles = userAccess.roles;\n \n this.cache.set(cacheKey, roles, this.config.cache.ttl);\n \n return roles;\n }\n\n async getUserFieldOffices(token: string): Promise<string[]> {\n if (!this.config.cache?.enabled) {\n const userAccess = await this.getUserAccess(token);\n return userAccess.fieldOffices;\n }\n\n const cacheKey = this.getCacheKey(token, 'field-offices');\n const cached = this.cache.get<string[]>(cacheKey);\n \n if (cached !== null) {\n console.log('[ExGuardBackend] Cache hit for field offices');\n return cached;\n }\n\n console.log('[ExGuardBackend] Cache miss, fetching field offices');\n const userAccess = await this.getUserAccess(token);\n const fieldOffices = userAccess.fieldOffices;\n \n this.cache.set(cacheKey, fieldOffices, this.config.cache.ttl);\n \n return fieldOffices;\n }\n\n async hasPermissions(token: string, permissions: string[]): Promise<Record<string, boolean>> {\n const results: Record<string, boolean> = {};\n const uncachedPermissions: string[] = [];\n \n for (const permission of permissions) {\n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n results[permission] = cached;\n } else {\n uncachedPermissions.push(permission);\n }\n } else {\n uncachedPermissions.push(permission);\n }\n }\n\n if (uncachedPermissions.length > 0) {\n const userAccess = await this.getUserAccess(token);\n \n for (const permission of uncachedPermissions) {\n const hasPermission = userAccess.modules.some(module => \n module.permissions.includes(permission)\n );\n results[permission] = hasPermission;\n \n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `permission:${permission}`);\n this.cache.set(cacheKey, hasPermission, this.config.cache.ttl! / 2);\n }\n }\n }\n\n return results;\n }\n\n async hasRoles(token: string, roles: string[]): Promise<Record<string, boolean>> {\n const results: Record<string, boolean> = {};\n const uncachedRoles: string[] = [];\n \n for (const role of roles) {\n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n const cached = this.cache.get<boolean>(cacheKey);\n \n if (cached !== null) {\n results[role] = cached;\n } else {\n uncachedRoles.push(role);\n }\n } else {\n uncachedRoles.push(role);\n }\n }\n\n if (uncachedRoles.length > 0) {\n const userAccess = await this.getUserAccess(token);\n \n for (const role of uncachedRoles) {\n const hasRole = userAccess.roles.includes(role);\n results[role] = hasRole;\n \n if (this.config.cache?.enabled) {\n const cacheKey = this.getCacheKey(token, `role:${role}`);\n this.cache.set(cacheKey, hasRole, this.config.cache.ttl! / 2);\n }\n }\n }\n\n return results;\n }\n\n clearUserCache(token: string): void {\n const userId = this.extractUserIdFromToken(token);\n if (userId) {\n this.cache.clearUserCache(userId);\n console.log(`[ExGuardBackend] Cache cleared for user: ${userId}`);\n }\n }\n\n clearAllCache(): void {\n this.cache.clear();\n console.log('[ExGuardBackend] All cache cleared');\n }\n\n getCacheStats(): { size: number; keys: string[] } {\n return this.cache.getStats();\n }\n\n disconnect(): void {\n this.realtime.disconnect();\n }\n}\n","/**\n * In-memory cache for user access data with TTL support\n */\n\nexport interface CacheEntry<T> {\n data: T;\n timestamp: number;\n ttl: number;\n}\n\nexport class ExGuardCache {\n private cache = new Map<string, CacheEntry<any>>();\n private subscribers = new Map<string, Set<() => void>>();\n private defaultTTL = 300000; // 5 minutes\n\n /**\n * Get cached data\n */\n get<T>(key: string): T | null {\n const entry = this.cache.get(key);\n if (!entry) return null;\n\n // Check if expired\n if (Date.now() - entry.timestamp > entry.ttl) {\n this.cache.delete(key);\n return null;\n }\n\n return entry.data;\n }\n\n /**\n * Set cached data with TTL\n */\n set<T>(key: string, data: T, ttl?: number): void {\n this.cache.set(key, {\n data,\n timestamp: Date.now(),\n ttl: ttl || this.defaultTTL,\n });\n }\n\n /**\n * Delete cached data\n */\n delete(key: string): boolean {\n const deleted = this.cache.delete(key);\n if (deleted) {\n this.notifySubscribers(key);\n }\n return deleted;\n }\n\n /**\n * Clear all cache\n */\n clear(): void {\n const keys = Array.from(this.cache.keys());\n this.cache.clear();\n keys.forEach(key => this.notifySubscribers(key));\n }\n\n /**\n * Clear cache for a specific user - clears ALL caches related to this user\n */\n clearUserCache(userId: string): void {\n // Clear all keys that contain this userId\n const keysToDelete = Array.from(this.cache.keys()).filter(key => \n key.includes(userId)\n );\n \n console.log(`[ExGuardCache] Clearing cache for user ${userId}, found ${keysToDelete.length} keys:`, keysToDelete);\n \n keysToDelete.forEach(key => {\n this.cache.delete(key);\n this.notifySubscribers(key);\n });\n \n if (keysToDelete.length === 0) {\n console.log(`[ExGuardCache] No cache entries found for user ${userId}`);\n }\n }\n\n /**\n * Subscribe to cache changes\n */\n subscribe(key: string, callback: () => void): () => void {\n if (!this.subscribers.has(key)) {\n this.subscribers.set(key, new Set());\n }\n \n this.subscribers.get(key)!.add(callback);\n \n // Return unsubscribe function\n return () => {\n const callbacks = this.subscribers.get(key);\n if (callbacks) {\n callbacks.delete(callback);\n if (callbacks.size === 0) {\n this.subscribers.delete(key);\n }\n }\n };\n }\n\n /**\n * Notify subscribers of cache changes\n */\n private notifySubscribers(key: string): void {\n const callbacks = this.subscribers.get(key);\n if (callbacks) {\n callbacks.forEach(callback => {\n try {\n callback();\n } catch (error) {\n console.error('Cache subscriber error:', error);\n }\n });\n }\n }\n\n /**\n * Get cache statistics\n */\n getStats(): { size: number; keys: string[] } {\n return {\n size: this.cache.size,\n keys: Array.from(this.cache.keys()),\n };\n }\n\n /**\n * Clean up expired entries\n */\n cleanup(): void {\n const now = Date.now();\n const keysToDelete: string[] = [];\n\n this.cache.forEach((entry, key) => {\n if (now - entry.timestamp > entry.ttl) {\n keysToDelete.push(key);\n }\n });\n\n keysToDelete.forEach(key => {\n this.cache.delete(key);\n this.notifySubscribers(key);\n });\n }\n}\n\n// Global cache instance\nexport const cache = new ExGuardCache();\n","/**\n * Realtime event handling for cache invalidation with Socket.IO support\n * Works in both browser and Node.js environments\n */\n\nimport { io, type Socket } from 'socket.io-client';\n\nconsole.log('[ExGuardRealtime] Socket.IO client loaded:', typeof io);\n\nexport interface RealtimeEvent {\n type: string;\n userId?: string;\n data?: any;\n timestamp: number;\n}\n\nexport interface RealtimeEventHandler {\n (event: RealtimeEvent): void;\n}\n\nexport interface RealtimeConnectionHandler {\n (): void;\n}\n\nexport interface RealtimeAuthOptions {\n accessToken?: string;\n apiKey?: string;\n bearerToken?: string;\n userId?: string;\n}\n\nexport interface RealtimeErrorHandler {\n (error: Error): void;\n}\n\nexport interface ExGuardRealtimeConfig {\n autoReconnect?: boolean;\n maxReconnectAttempts?: number;\n reconnectDelay?: number;\n reconnectMaxDelay?: number;\n onConnect?: RealtimeConnectionHandler;\n onDisconnect?: RealtimeConnectionHandler;\n onError?: RealtimeErrorHandler;\n autoConnect?: boolean;\n}\n\nexport class ExGuardRealtime {\n private handlers = new Map<string, Set<RealtimeEventHandler>>();\n private socket: Socket | null = null;\n private reconnectAttempts = 0;\n private config: Required<ExGuardRealtimeConfig>;\n private currentUrl: string | null = null;\n private currentToken: string | null = null;\n private currentUserId: string | null = null;\n private shouldReconnect = true;\n\n constructor(config: ExGuardRealtimeConfig = {}) {\n this.config = {\n autoReconnect: config.autoReconnect ?? true,\n maxReconnectAttempts: config.maxReconnectAttempts ?? 5,\n reconnectDelay: config.reconnectDelay ?? 1000,\n reconnectMaxDelay: config.reconnectMaxDelay ?? 30000,\n onConnect: config.onConnect ?? (() => {}),\n onDisconnect: config.onDisconnect ?? (() => {}),\n onError: config.onError ?? ((error: Error) => console.error('[ExGuardRealtime] Error:', error)),\n autoConnect: config.autoConnect ?? false,\n };\n }\n\n /**\n * Initialize and optionally connect to realtime server\n */\n async init(url?: string, accessToken?: string, userId?: string): Promise<void> {\n if (url) {\n this.currentUrl = url;\n this.currentToken = accessToken ?? null;\n this.currentUserId = userId ?? null;\n if (this.config.autoConnect) {\n try {\n await this.connect(url, accessToken, userId);\n } catch (error) {\n console.warn('[ExGuardRealtime] Auto-connect failed, will retry on demand:', error);\n }\n }\n }\n }\n\n /**\n * Connect to realtime server using Socket.IO\n * @param url - Server URL (e.g., https://api.example.com)\n * @param auth - Authentication options (accessToken, apiKey, bearerToken, userId)\n */\n connect(url: string, auth?: string | RealtimeAuthOptions, userId?: string): Promise<void> {\n let authToken: string | undefined;\n let authUserId: string | undefined;\n\n if (typeof auth === 'string') {\n authToken = auth;\n authUserId = userId || 'unknown';\n } else if (typeof auth === 'object') {\n authToken = auth.accessToken || auth.bearerToken || auth.apiKey;\n authUserId = auth.userId || userId || 'unknown';\n }\n\n return new Promise((resolve, reject) => {\n this.shouldReconnect = true;\n this.currentUrl = url;\n this.currentToken = authToken ?? null;\n this.currentUserId = authUserId ?? null;\n\n try {\n // Disconnect existing socket\n if (this.socket) {\n this.socket.disconnect();\n this.socket = null;\n }\n\n const socketUrl = `${url}/realtime`;\n console.log('[ExGuardRealtime] Connecting to:', socketUrl);\n\n this.socket = io(socketUrl, {\n auth: {\n token: authToken,\n userId: authUserId,\n },\n transports: ['websocket', 'polling'],\n reconnection: this.config.autoReconnect,\n reconnectionDelay: this.config.reconnectDelay,\n reconnectionDelayMax: this.config.reconnectMaxDelay,\n reconnectionAttempts: this.config.maxReconnectAttempts,\n timeout: 20000,\n });\n\n this.socket.on('connect', () => {\n this.reconnectAttempts = 0;\n console.log('[ExGuardRealtime] Connected! Socket ID:', this.socket?.id);\n this.config.onConnect();\n resolve();\n });\n\n this.socket.on('disconnect', (reason: string) => {\n console.log('[ExGuardRealtime] Disconnected:', reason);\n this.config.onDisconnect();\n if (this.shouldReconnect && this.config.autoReconnect) {\n this.handleReconnect();\n }\n });\n\n this.socket.on('connect_error', (error: any) => {\n console.error('[ExGuardRealtime] Connection error:', error.message);\n const err = new Error(`Connection error: ${error.message}`);\n this.config.onError(err);\n if (!this.shouldReconnect || this.reconnectAttempts >= this.config.maxReconnectAttempts) {\n reject(err);\n }\n });\n\n this.socket.on('error', (error: any) => {\n console.error('[ExGuardRealtime] Socket error:', error);\n const err = new Error(`Socket error: ${error}`);\n this.config.onError(err);\n });\n\n this.socket.on('reconnect_attempt', (attempt: number) => {\n this.reconnectAttempts = attempt;\n console.log(`[ExGuardRealtime] Reconnecting... (attempt ${attempt})`);\n });\n\n this.socket.on('reconnect', () => {\n console.log('[ExGuardRealtime] Reconnected!');\n });\n\n this.socket.on('reconnect_failed', () => {\n console.error('[ExGuardRealtime] Reconnection failed after max attempts');\n const err = new Error('Reconnection failed after maximum attempts');\n this.config.onError(err);\n reject(err);\n });\n\n // Listen to all realtime events\n this.socket.onAny((eventName: string, payload: any) => {\n try {\n const realtimeEvent: RealtimeEvent = {\n type: eventName,\n timestamp: payload?.timestamp || Date.now(),\n data: payload?.data || payload,\n userId: payload?.userId,\n };\n this.handleEvent(realtimeEvent);\n } catch (error) {\n console.error('[ExGuardRealtime] Failed to handle event:', error);\n }\n });\n\n // Set connection timeout\n setTimeout(() => {\n if (!this.socket?.connected) {\n const err = new Error('Connection timeout');\n this.config.onError(err);\n this.socket?.disconnect();\n reject(err);\n }\n }, 20000);\n\n } catch (error) {\n reject(error);\n }\n });\n }\n\n /**\n * Subscribe to channels\n */\n subscribeToChannel(channel: 'roles' | 'permissions' | 'rbac'): void {\n if (this.socket?.connected) {\n this.socket.emit(`subscribe:${channel}`);\n console.log(`[ExGuardRealtime] Subscribed to channel: ${channel}`);\n }\n }\n\n /**\n * Disconnect from realtime server\n */\n disconnect(): void {\n this.shouldReconnect = false;\n if (this.socket) {\n this.socket.disconnect();\n this.socket = null;\n }\n }\n\n /**\n * Subscribe to realtime events\n * Use '*' as eventType to receive ALL events\n */\n subscribe(eventType: string, handler: RealtimeEventHandler): () => void {\n if (!this.handlers.has(eventType)) {\n this.handlers.set(eventType, new Set());\n }\n \n this.handlers.get(eventType)!.add(handler);\n \n return () => {\n const handlers = this.handlers.get(eventType);\n if (handlers) {\n handlers.delete(handler);\n if (handlers.size === 0) {\n this.handlers.delete(eventType);\n }\n }\n };\n }\n\n /**\n * Subscribe to ALL realtime events (wildcard)\n */\n subscribeAll(handler: RealtimeEventHandler): () => void {\n return this.subscribe('*', handler);\n }\n\n /**\n * Handle incoming realtime events\n */\n private handleEvent(event: RealtimeEvent): void {\n console.log('[ExGuardRealtime] Received event:', event);\n \n // Call specific event handlers\n const handlers = this.handlers.get(event.type);\n if (handlers) {\n handlers.forEach(handler => {\n try {\n handler(event);\n } catch (error) {\n console.error('[ExGuardRealtime] Event handler error:', error);\n }\n });\n }\n \n // Call wildcard handlers for ALL events\n const wildcardHandlers = this.handlers.get('*');\n if (wildcardHandlers) {\n wildcardHandlers.forEach(handler => {\n try {\n handler(event);\n } catch (error) {\n console.error('[ExGuardRealtime] Wildcard handler error:', error);\n }\n });\n }\n }\n\n /**\n * Handle reconnection logic\n */\n private handleReconnect(): void {\n if (!this.shouldReconnect || !this.config.autoReconnect || !this.currentUrl) {\n return;\n }\n\n if (this.reconnectAttempts < this.config.maxReconnectAttempts) {\n this.reconnectAttempts++;\n const delay = Math.min(\n this.config.reconnectDelay * Math.pow(2, this.reconnectAttempts - 1),\n this.config.reconnectMaxDelay\n );\n \n console.log(`[ExGuardRealtime] Reconnecting in ${delay}ms (attempt ${this.reconnectAttempts})`);\n \n setTimeout(() => {\n this.connect(this.currentUrl!, this.currentToken!, this.currentUserId!).catch(error => {\n console.error('[ExGuardRealtime] Reconnection failed:', error);\n });\n }, delay);\n } else {\n console.error('[ExGuardRealtime] Max reconnection attempts reached');\n }\n }\n\n /**\n * Manually trigger reconnection with current auth\n */\n reconnect(): Promise<void> {\n if (this.currentUrl && this.currentToken) {\n this.reconnectAttempts = 0;\n return this.connect(this.currentUrl, this.currentToken, this.currentUserId || undefined);\n } else if (this.currentUrl) {\n this.reconnectAttempts = 0;\n return this.connect(this.currentUrl);\n }\n return Promise.reject(new Error('No URL configured'));\n }\n\n /**\n * Check if connected\n */\n isConnected(): boolean {\n return this.socket?.connected ?? false;\n }\n\n /**\n * Get connection status\n */\n getStatus(): 'connecting' | 'connected' | 'disconnected' | 'reconnecting' {\n if (!this.socket) return 'disconnected';\n if (this.socket.connected) return 'connected';\n return 'disconnected';\n }\n\n /**\n * Send a message to the server\n */\n send(event: string, data: any): void {\n if (this.socket?.connected) {\n this.socket.emit(event, data);\n }\n }\n\n /**\n * Update configuration\n */\n updateConfig(config: Partial<ExGuardRealtimeConfig>): void {\n this.config = {\n ...this.config,\n ...config,\n };\n }\n\n /**\n * Connect on-demand with user's access token from request\n * Call this in your guard or middleware with the user's token\n */\n async connectWithUserToken(url: string, accessToken: string, userId?: string): Promise<void> {\n try {\n await this.connect(url, accessToken, userId);\n } catch (error) {\n console.warn('[ExGuardRealtime] Failed to connect with user token:', error);\n }\n }\n}\n\n// Factory function for creating realtime instance\nexport function createRealtime(config?: ExGuardRealtimeConfig): ExGuardRealtime {\n return new ExGuardRealtime(config);\n}\n\n// Global realtime instance\nexport const realtime = new ExGuardRealtime();\n","/**\n * Framework-agnostic guards for protecting backend endpoints\n */\n\nimport { ExGuardBackendEnhanced } from './exguard-backend-enhanced.js';\nimport { ExGuardEnhancedConfig, UserAccessResponse, GuardContext, GuardResult, GuardOptions } from './types.js';\n\n// Re-export types for use in other modules\nexport type { GuardContext, GuardResult, GuardOptions, UserAccessResponse };\n\n/**\n * Framework-agnostic guard class for endpoint protection\n */\nexport class ExGuardBackend {\n private exGuard: ExGuardBackendEnhanced;\n\n constructor(config: ExGuardEnhancedConfig) {\n this.exGuard = new ExGuardBackendEnhanced(config);\n }\n\n /**\n * Check if user has specific permissions\n */\n async requirePermissions(\n context: GuardContext, \n permissions: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n if (options.requireAll) {\n // Require ALL permissions\n const results = await this.exGuard.hasPermissions(context.token, permissions);\n const hasAll = permissions.every(permission => results[permission]);\n \n if (!hasAll) {\n return {\n allowed: false,\n error: `Insufficient permissions. Required: ${permissions.join(', ')}`,\n statusCode: 403\n };\n }\n } else {\n // Require ANY permission (default)\n const hasPermission = await this.exGuard.hasPermissions(context.token, permissions);\n const hasAny = Object.values(hasPermission).some(Boolean);\n \n if (!hasAny) {\n return {\n allowed: false,\n error: `Insufficient permissions. Required any of: ${permissions.join(', ')}`,\n statusCode: 403\n };\n }\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Permission check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has specific roles\n */\n async requireRoles(\n context: GuardContext, \n roles: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n if (options.requireAll) {\n // Require ALL roles\n const results = await this.exGuard.hasRoles(context.token, roles);\n const hasAll = roles.every(role => results[role]);\n \n if (!hasAll) {\n return {\n allowed: false,\n error: `Insufficient roles. Required: ${roles.join(', ')}`,\n statusCode: 403\n };\n }\n } else {\n // Require ANY role (default)\n const hasRole = await this.exGuard.hasRoles(context.token, roles);\n const hasAny = Object.values(hasRole).some(Boolean);\n \n if (!hasAny) {\n return {\n allowed: false,\n error: `Insufficient roles. Required any of: ${roles.join(', ')}`,\n statusCode: 403\n };\n }\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Role check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has access to specific modules\n */\n async requireModules(\n context: GuardContext, \n modules: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n const userModuleKeys = userAccess.modules.map(m => m.key);\n\n let hasAccess: boolean;\n\n if (options.requireAll) {\n // Require ALL modules\n hasAccess = modules.every(module => userModuleKeys.includes(module));\n } else {\n // Require ANY module (default)\n hasAccess = modules.some(module => userModuleKeys.includes(module));\n }\n\n if (!hasAccess) {\n return {\n allowed: false,\n error: `Insufficient module access. Required: ${modules.join(', ')}`,\n statusCode: 403\n };\n }\n\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Module check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Check if user has access to specific field offices\n */\n async requireFieldOffices(\n context: GuardContext, \n fieldOffices: string[], \n options: { requireAll?: boolean } = {}\n ): Promise<GuardResult> {\n try {\n const userFieldOffices = await this.exGuard.getUserFieldOffices(context.token);\n\n let hasAccess: boolean;\n\n if (options.requireAll) {\n // Require ALL field offices\n hasAccess = fieldOffices.every(office => userFieldOffices.includes(office));\n } else {\n // Require ANY field office (default)\n hasAccess = fieldOffices.some(office => userFieldOffices.includes(office));\n }\n\n if (!hasAccess) {\n return {\n allowed: false,\n error: `Insufficient field office access. Required: ${fieldOffices.join(', ')}`,\n statusCode: 403\n };\n }\n\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Field office check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Flexible guard with multiple requirements\n */\n async require(context: GuardContext, options: GuardOptions): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n let passed = true;\n const failures: string[] = [];\n\n // Check permissions\n if (options.permissions && options.permissions.length > 0) {\n const userPermissions = userAccess.modules.flatMap(m => m.permissions);\n const hasPermissions = options.requireAll\n ? options.permissions.every(p => userPermissions.includes(p))\n : options.permissions.some(p => userPermissions.includes(p));\n \n if (!hasPermissions) {\n passed = false;\n failures.push(`permissions: ${options.permissions.join(', ')}`);\n }\n }\n\n // Check roles\n if (options.roles && options.roles.length > 0) {\n const hasRoles = options.requireAll\n ? options.roles.every(r => userAccess.roles.includes(r))\n : options.roles.some(r => userAccess.roles.includes(r));\n \n if (!hasRoles) {\n passed = false;\n failures.push(`roles: ${options.roles.join(', ')}`);\n }\n }\n\n // Check modules\n if (options.modules && options.modules.length > 0) {\n const userModuleKeys = userAccess.modules.map(m => m.key);\n const hasModules = options.requireAll\n ? options.modules.every(m => userModuleKeys.includes(m))\n : options.modules.some(m => userModuleKeys.includes(m));\n \n if (!hasModules) {\n passed = false;\n failures.push(`modules: ${options.modules.join(', ')}`);\n }\n }\n\n // Check field offices\n if (options.fieldOffices && options.fieldOffices.length > 0) {\n const hasFieldOffices = options.requireAll\n ? options.fieldOffices.every(fo => userAccess.fieldOffices.includes(fo))\n : options.fieldOffices.some(fo => userAccess.fieldOffices.includes(fo));\n \n if (!hasFieldOffices) {\n passed = false;\n failures.push(`field offices: ${options.fieldOffices.join(', ')}`);\n }\n }\n\n if (!passed) {\n return {\n allowed: false,\n error: `Access denied. Missing: ${failures.join('; ')}`,\n statusCode: 403\n };\n }\n\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Access check failed',\n statusCode: 500\n };\n }\n }\n\n /**\n * Simple authentication (just validates token)\n */\n async authenticate(context: GuardContext): Promise<GuardResult> {\n try {\n const userAccess = await this.exGuard.getUserAccess(context.token);\n return { allowed: true, user: userAccess };\n } catch (error) {\n return {\n allowed: false,\n error: 'Authentication failed',\n statusCode: 401\n };\n }\n }\n\n /**\n * Get the underlying ExGuardBackendEnhanced instance\n */\n getExGuard(): ExGuardBackendEnhanced {\n return this.exGuard;\n }\n\n /**\n * Connect to realtime with user's token\n * This is called automatically by the guard when a request comes in\n */\n async connectWithUserToken(userToken: string): Promise<void> {\n return this.exGuard.connectWithUserToken(userToken);\n }\n}\n\n/**\n * Helper function to extract token from various request types\n */\nexport function extractToken(request: any): string | null {\n // Express-style\n if (request.headers?.authorization) {\n const authHeader = request.headers.authorization;\n if (authHeader.startsWith('Bearer ')) {\n return authHeader.substring(7);\n }\n }\n\n // Fastify-style\n if (request.headers?.authorization) {\n const authHeader = request.headers.authorization;\n if (authHeader.startsWith('Bearer ')) {\n return authHeader.substring(7);\n }\n }\n\n // Custom header\n if (request.headers?.['x-access-token']) {\n return request.headers['x-access-token'];\n }\n\n // Query parameter\n if (request.query?.token) {\n return request.query.token;\n }\n\n return null;\n}\n\n/**\n * Create a guard context from a request\n */\nexport function createGuardContext(request: any): GuardContext | null {\n const token = extractToken(request);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request\n };\n}\n","/**\n * Express.js middleware for ExGuard endpoint protection\n */\n\nimport { ExGuardBackend, GuardContext, GuardOptions, extractToken } from './guards.js';\n\n// Conditional types to avoid build errors when express is not installed\ntype Request = any;\ntype Response = any;\ntype NextFunction = any;\n\nexport interface AuthenticatedRequest extends Request {\n user?: {\n id: string;\n cognitoSubId: string;\n username: string;\n email: string;\n roles: string[];\n permissions: string[];\n modules: Array<{ key: string; permissions: string[] }>;\n fieldOffices: string[];\n };\n}\n\n/**\n * Express middleware factory\n */\nexport function createExGuardExpress(config: any) {\n const guard = new ExGuardBackend(config);\n\n return {\n /**\n * Require specific permissions\n */\n requirePermissions(permissions: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requirePermissions(context, permissions, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require specific roles\n */\n requireRoles(roles: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireRoles(context, roles, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require module access\n */\n requireModules(modules: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireModules(context, modules, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Require field office access\n */\n requireFieldOffices(fieldOffices: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireFieldOffices(context, fieldOffices, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Flexible guard with multiple requirements\n */\n require(options: GuardOptions) {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.require(context, options);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 403).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Simple authentication middleware\n */\n authenticate() {\n return async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {\n const context = createGuardContext(req);\n if (!context) {\n return res.status(401).json({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.authenticate(context);\n \n if (!result.allowed) {\n return res.status(result.statusCode || 401).json({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n\n next();\n };\n },\n\n /**\n * Get the underlying guard instance\n */\n getGuard(): ExGuardBackend {\n return guard;\n }\n };\n}\n\nfunction createGuardContext(req: Request): GuardContext | null {\n const token = extractToken(req);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request: req\n };\n}\n","/**\n * Fastify plugin for ExGuard endpoint protection\n */\n\nimport { ExGuardBackend, GuardContext, GuardOptions, extractToken } from './guards.js';\n\n// Conditional types to avoid build errors when fastify is not installed\ntype FastifyRequest = any;\ntype FastifyReply = any;\n\nexport interface AuthenticatedRequest extends FastifyRequest {\n user?: {\n id: string;\n cognitoSubId: string;\n username: string;\n email: string;\n roles: string[];\n permissions: string[];\n modules: Array<{ key: string; permissions: string[] }>;\n fieldOffices: string[];\n };\n}\n\n/**\n * Fastify plugin factory\n */\nexport function createExGuardFastify(config: any) {\n const guard = new ExGuardBackend(config);\n\n return {\n /**\n * Require specific permissions\n */\n requirePermissions(permissions: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requirePermissions(context, permissions, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require specific roles\n */\n requireRoles(roles: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireRoles(context, roles, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require module access\n */\n requireModules(modules: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireModules(context, modules, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Require field office access\n */\n requireFieldOffices(fieldOffices: string[], options: { requireAll?: boolean } = {}) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.requireFieldOffices(context, fieldOffices, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Flexible guard with multiple requirements\n */\n require(options: GuardOptions) {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.require(context, options);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 403).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Simple authentication hook\n */\n authenticate() {\n return async (req: AuthenticatedRequest, reply: FastifyReply) => {\n const context = createGuardContext(req);\n if (!context) {\n return reply.status(401).send({\n success: false,\n message: 'No authentication token provided'\n });\n }\n\n const result = await guard.authenticate(context);\n \n if (!result.allowed) {\n return reply.status(result.statusCode || 401).send({\n success: false,\n message: result.error\n });\n }\n\n // Attach user data to request\n if (result.user) {\n req.user = {\n id: result.user.user.id,\n cognitoSubId: result.user.user.cognitoSubId,\n username: result.user.user.username,\n email: result.user.user.email,\n roles: result.user.roles,\n permissions: result.user.modules.flatMap(m => m.permissions),\n modules: result.user.modules,\n fieldOffices: result.user.fieldOffices,\n };\n }\n };\n },\n\n /**\n * Get the underlying guard instance\n */\n getGuard(): ExGuardBackend {\n return guard;\n }\n };\n}\n\nfunction createGuardContext(req: FastifyRequest): GuardContext | null {\n const token = extractToken(req);\n if (!token) {\n return null;\n }\n\n return {\n token,\n request: req\n };\n}\n"],"mappings":";AAAA,OAAO,WAA6C;AAO7C,IAAM,iBAAN,MAAqB;AAAA,EAClB;AAAA,EACA;AAAA,EAER,YAAY,QAAuB;AACjC,SAAK,SAAS;AAAA,MACZ,SAAS;AAAA,MACT,GAAG;AAAA,IACL;AAEA,SAAK,SAAS,MAAM,OAAO;AAAA,MACzB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,cAAc,OAA4C;AAC9D,QAAI;AACF,YAAM,WACJ,MAAM,KAAK,OAAO,IAAI,aAAa;AAAA,QACjC,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK;AAAA,QAClC;AAAA,MACF,CAAC;AAEH,UAAI,CAAC,SAAS,KAAK,SAAS;AAC1B,cAAM,IAAI,MAAM,yCAAyC;AAAA,MAC3D;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,UAAI,MAAM,aAAa,KAAK,GAAG;AAC7B,YAAI,MAAM,UAAU,WAAW,KAAK;AAClC,gBAAM,IAAI,MAAM,wCAAwC;AAAA,QAC1D;AACA,cAAM,IAAI,MAAM,cAAc,MAAM,UAAU,MAAM,WAAW,MAAM,OAAO,EAAE;AAAA,MAChF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,OAAe,YAAsC;AACvE,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW,QAAQ;AAAA,QAAK,YAC7B,OAAO,YAAY,SAAS,UAAU;AAAA,MACxC;AAAA,IACF,SAAS,OAAO;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,QAAQ,OAAe,MAAgC;AAC3D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW,MAAM,SAAS,IAAI;AAAA,IACvC,SAAS,OAAO;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,qBAAqB,OAAe,WAAsC;AAC9E,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,YAAM,SAAS,WAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,aAAO,QAAQ,eAAe,CAAC;AAAA,IACjC,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa,OAAkC;AACnD,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW;AAAA,IACpB,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,oBAAoB,OAAkC;AAC1D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAO,WAAW;AAAA,IACpB,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AACF;;;ACnIA,OAAOA,YAA6C;;;ACU7C,IAAM,eAAN,MAAmB;AAAA,EAChB,QAAQ,oBAAI,IAA6B;AAAA,EACzC,cAAc,oBAAI,IAA6B;AAAA,EAC/C,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA,EAKrB,IAAO,KAAuB;AAC5B,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AAGnB,QAAI,KAAK,IAAI,IAAI,MAAM,YAAY,MAAM,KAAK;AAC5C,WAAK,MAAM,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAEA,WAAO,MAAM;AAAA,EACf;AAAA;AAAA;AAAA;AAAA,EAKA,IAAO,KAAa,MAAS,KAAoB;AAC/C,SAAK,MAAM,IAAI,KAAK;AAAA,MAClB;AAAA,MACA,WAAW,KAAK,IAAI;AAAA,MACpB,KAAK,OAAO,KAAK;AAAA,IACnB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,KAAsB;AAC3B,UAAM,UAAU,KAAK,MAAM,OAAO,GAAG;AACrC,QAAI,SAAS;AACX,WAAK,kBAAkB,GAAG;AAAA,IAC5B;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,QAAc;AACZ,UAAM,OAAO,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC;AACzC,SAAK,MAAM,MAAM;AACjB,SAAK,QAAQ,SAAO,KAAK,kBAAkB,GAAG,CAAC;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,QAAsB;AAEnC,UAAM,eAAe,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC,EAAE;AAAA,MAAO,SACxD,IAAI,SAAS,MAAM;AAAA,IACrB;AAEA,YAAQ,IAAI,0CAA0C,MAAM,WAAW,aAAa,MAAM,UAAU,YAAY;AAEhH,iBAAa,QAAQ,SAAO;AAC1B,WAAK,MAAM,OAAO,GAAG;AACrB,WAAK,kBAAkB,GAAG;AAAA,IAC5B,CAAC;AAED,QAAI,aAAa,WAAW,GAAG;AAC7B,cAAQ,IAAI,kDAAkD,MAAM,EAAE;AAAA,IACxE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,KAAa,UAAkC;AACvD,QAAI,CAAC,KAAK,YAAY,IAAI,GAAG,GAAG;AAC9B,WAAK,YAAY,IAAI,KAAK,oBAAI,IAAI,CAAC;AAAA,IACrC;AAEA,SAAK,YAAY,IAAI,GAAG,EAAG,IAAI,QAAQ;AAGvC,WAAO,MAAM;AACX,YAAM,YAAY,KAAK,YAAY,IAAI,GAAG;AAC1C,UAAI,WAAW;AACb,kBAAU,OAAO,QAAQ;AACzB,YAAI,UAAU,SAAS,GAAG;AACxB,eAAK,YAAY,OAAO,GAAG;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,KAAmB;AAC3C,UAAM,YAAY,KAAK,YAAY,IAAI,GAAG;AAC1C,QAAI,WAAW;AACb,gBAAU,QAAQ,cAAY;AAC5B,YAAI;AACF,mBAAS;AAAA,QACX,SAAS,OAAO;AACd,kBAAQ,MAAM,2BAA2B,KAAK;AAAA,QAChD;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,WAA6C;AAC3C,WAAO;AAAA,MACL,MAAM,KAAK,MAAM;AAAA,MACjB,MAAM,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC;AAAA,IACpC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,UAAgB;AACd,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,eAAyB,CAAC;AAEhC,SAAK,MAAM,QAAQ,CAAC,OAAO,QAAQ;AACjC,UAAI,MAAM,MAAM,YAAY,MAAM,KAAK;AACrC,qBAAa,KAAK,GAAG;AAAA,MACvB;AAAA,IACF,CAAC;AAED,iBAAa,QAAQ,SAAO;AAC1B,WAAK,MAAM,OAAO,GAAG;AACrB,WAAK,kBAAkB,GAAG;AAAA,IAC5B,CAAC;AAAA,EACH;AACF;AAGO,IAAM,QAAQ,IAAI,aAAa;;;ACnJtC,SAAS,UAAuB;AAEhC,QAAQ,IAAI,8CAA8C,OAAO,EAAE;AAuC5D,IAAM,kBAAN,MAAsB;AAAA,EACnB,WAAW,oBAAI,IAAuC;AAAA,EACtD,SAAwB;AAAA,EACxB,oBAAoB;AAAA,EACpB;AAAA,EACA,aAA4B;AAAA,EAC5B,eAA8B;AAAA,EAC9B,gBAA+B;AAAA,EAC/B,kBAAkB;AAAA,EAE1B,YAAY,SAAgC,CAAC,GAAG;AAC9C,SAAK,SAAS;AAAA,MACZ,eAAe,OAAO,iBAAiB;AAAA,MACvC,sBAAsB,OAAO,wBAAwB;AAAA,MACrD,gBAAgB,OAAO,kBAAkB;AAAA,MACzC,mBAAmB,OAAO,qBAAqB;AAAA,MAC/C,WAAW,OAAO,cAAc,MAAM;AAAA,MAAC;AAAA,MACvC,cAAc,OAAO,iBAAiB,MAAM;AAAA,MAAC;AAAA,MAC7C,SAAS,OAAO,YAAY,CAAC,UAAiB,QAAQ,MAAM,4BAA4B,KAAK;AAAA,MAC7F,aAAa,OAAO,eAAe;AAAA,IACrC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,KAAc,aAAsB,QAAgC;AAC7E,QAAI,KAAK;AACP,WAAK,aAAa;AAClB,WAAK,eAAe,eAAe;AACnC,WAAK,gBAAgB,UAAU;AAC/B,UAAI,KAAK,OAAO,aAAa;AAC3B,YAAI;AACF,gBAAM,KAAK,QAAQ,KAAK,aAAa,MAAM;AAAA,QAC7C,SAAS,OAAO;AACd,kBAAQ,KAAK,gEAAgE,KAAK;AAAA,QACpF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,QAAQ,KAAa,MAAqC,QAAgC;AACxF,QAAI;AACJ,QAAI;AAEJ,QAAI,OAAO,SAAS,UAAU;AAC5B,kBAAY;AACZ,mBAAa,UAAU;AAAA,IACzB,WAAW,OAAO,SAAS,UAAU;AACnC,kBAAY,KAAK,eAAe,KAAK,eAAe,KAAK;AACzD,mBAAa,KAAK,UAAU,UAAU;AAAA,IACxC;AAEA,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,WAAK,kBAAkB;AACvB,WAAK,aAAa;AAClB,WAAK,eAAe,aAAa;AACjC,WAAK,gBAAgB,cAAc;AAEnC,UAAI;AAEF,YAAI,KAAK,QAAQ;AACf,eAAK,OAAO,WAAW;AACvB,eAAK,SAAS;AAAA,QAChB;AAEA,cAAM,YAAY,GAAG,GAAG;AACxB,gBAAQ,IAAI,oCAAoC,SAAS;AAEzD,aAAK,SAAS,GAAG,WAAW;AAAA,UAC1B,MAAM;AAAA,YACJ,OAAO;AAAA,YACP,QAAQ;AAAA,UACV;AAAA,UACA,YAAY,CAAC,aAAa,SAAS;AAAA,UACnC,cAAc,KAAK,OAAO;AAAA,UAC1B,mBAAmB,KAAK,OAAO;AAAA,UAC/B,sBAAsB,KAAK,OAAO;AAAA,UAClC,sBAAsB,KAAK,OAAO;AAAA,UAClC,SAAS;AAAA,QACX,CAAC;AAED,aAAK,OAAO,GAAG,WAAW,MAAM;AAC9B,eAAK,oBAAoB;AACzB,kBAAQ,IAAI,2CAA2C,KAAK,QAAQ,EAAE;AACtE,eAAK,OAAO,UAAU;AACtB,kBAAQ;AAAA,QACV,CAAC;AAED,aAAK,OAAO,GAAG,cAAc,CAAC,WAAmB;AAC/C,kBAAQ,IAAI,mCAAmC,MAAM;AACrD,eAAK,OAAO,aAAa;AACzB,cAAI,KAAK,mBAAmB,KAAK,OAAO,eAAe;AACrD,iBAAK,gBAAgB;AAAA,UACvB;AAAA,QACF,CAAC;AAED,aAAK,OAAO,GAAG,iBAAiB,CAAC,UAAe;AAC9C,kBAAQ,MAAM,uCAAuC,MAAM,OAAO;AAClE,gBAAM,MAAM,IAAI,MAAM,qBAAqB,MAAM,OAAO,EAAE;AAC1D,eAAK,OAAO,QAAQ,GAAG;AACvB,cAAI,CAAC,KAAK,mBAAmB,KAAK,qBAAqB,KAAK,OAAO,sBAAsB;AACvF,mBAAO,GAAG;AAAA,UACZ;AAAA,QACF,CAAC;AAED,aAAK,OAAO,GAAG,SAAS,CAAC,UAAe;AACtC,kBAAQ,MAAM,mCAAmC,KAAK;AACtD,gBAAM,MAAM,IAAI,MAAM,iBAAiB,KAAK,EAAE;AAC9C,eAAK,OAAO,QAAQ,GAAG;AAAA,QACzB,CAAC;AAED,aAAK,OAAO,GAAG,qBAAqB,CAAC,YAAoB;AACvD,eAAK,oBAAoB;AACzB,kBAAQ,IAAI,8CAA8C,OAAO,GAAG;AAAA,QACtE,CAAC;AAED,aAAK,OAAO,GAAG,aAAa,MAAM;AAChC,kBAAQ,IAAI,gCAAgC;AAAA,QAC9C,CAAC;AAED,aAAK,OAAO,GAAG,oBAAoB,MAAM;AACvC,kBAAQ,MAAM,0DAA0D;AACxE,gBAAM,MAAM,IAAI,MAAM,4CAA4C;AAClE,eAAK,OAAO,QAAQ,GAAG;AACvB,iBAAO,GAAG;AAAA,QACZ,CAAC;AAGD,aAAK,OAAO,MAAM,CAAC,WAAmB,YAAiB;AACrD,cAAI;AACF,kBAAM,gBAA+B;AAAA,cACnC,MAAM;AAAA,cACN,WAAW,SAAS,aAAa,KAAK,IAAI;AAAA,cAC1C,MAAM,SAAS,QAAQ;AAAA,cACvB,QAAQ,SAAS;AAAA,YACnB;AACA,iBAAK,YAAY,aAAa;AAAA,UAChC,SAAS,OAAO;AACd,oBAAQ,MAAM,6CAA6C,KAAK;AAAA,UAClE;AAAA,QACF,CAAC;AAGD,mBAAW,MAAM;AACf,cAAI,CAAC,KAAK,QAAQ,WAAW;AAC3B,kBAAM,MAAM,IAAI,MAAM,oBAAoB;AAC1C,iBAAK,OAAO,QAAQ,GAAG;AACvB,iBAAK,QAAQ,WAAW;AACxB,mBAAO,GAAG;AAAA,UACZ;AAAA,QACF,GAAG,GAAK;AAAA,MAEV,SAAS,OAAO;AACd,eAAO,KAAK;AAAA,MACd;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,SAAiD;AAClE,QAAI,KAAK,QAAQ,WAAW;AAC1B,WAAK,OAAO,KAAK,aAAa,OAAO,EAAE;AACvC,cAAQ,IAAI,4CAA4C,OAAO,EAAE;AAAA,IACnE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAmB;AACjB,SAAK,kBAAkB;AACvB,QAAI,KAAK,QAAQ;AACf,WAAK,OAAO,WAAW;AACvB,WAAK,SAAS;AAAA,IAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UAAU,WAAmB,SAA2C;AACtE,QAAI,CAAC,KAAK,SAAS,IAAI,SAAS,GAAG;AACjC,WAAK,SAAS,IAAI,WAAW,oBAAI,IAAI,CAAC;AAAA,IACxC;AAEA,SAAK,SAAS,IAAI,SAAS,EAAG,IAAI,OAAO;AAEzC,WAAO,MAAM;AACX,YAAM,WAAW,KAAK,SAAS,IAAI,SAAS;AAC5C,UAAI,UAAU;AACZ,iBAAS,OAAO,OAAO;AACvB,YAAI,SAAS,SAAS,GAAG;AACvB,eAAK,SAAS,OAAO,SAAS;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,SAA2C;AACtD,WAAO,KAAK,UAAU,KAAK,OAAO;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKQ,YAAY,OAA4B;AAC9C,YAAQ,IAAI,qCAAqC,KAAK;AAGtD,UAAM,WAAW,KAAK,SAAS,IAAI,MAAM,IAAI;AAC7C,QAAI,UAAU;AACZ,eAAS,QAAQ,aAAW;AAC1B,YAAI;AACF,kBAAQ,KAAK;AAAA,QACf,SAAS,OAAO;AACd,kBAAQ,MAAM,0CAA0C,KAAK;AAAA,QAC/D;AAAA,MACF,CAAC;AAAA,IACH;AAGA,UAAM,mBAAmB,KAAK,SAAS,IAAI,GAAG;AAC9C,QAAI,kBAAkB;AACpB,uBAAiB,QAAQ,aAAW;AAClC,YAAI;AACF,kBAAQ,KAAK;AAAA,QACf,SAAS,OAAO;AACd,kBAAQ,MAAM,6CAA6C,KAAK;AAAA,QAClE;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAwB;AAC9B,QAAI,CAAC,KAAK,mBAAmB,CAAC,KAAK,OAAO,iBAAiB,CAAC,KAAK,YAAY;AAC3E;AAAA,IACF;AAEA,QAAI,KAAK,oBAAoB,KAAK,OAAO,sBAAsB;AAC7D,WAAK;AACL,YAAM,QAAQ,KAAK;AAAA,QACjB,KAAK,OAAO,iBAAiB,KAAK,IAAI,GAAG,KAAK,oBAAoB,CAAC;AAAA,QACnE,KAAK,OAAO;AAAA,MACd;AAEA,cAAQ,IAAI,qCAAqC,KAAK,eAAe,KAAK,iBAAiB,GAAG;AAE9F,iBAAW,MAAM;AACf,aAAK,QAAQ,KAAK,YAAa,KAAK,cAAe,KAAK,aAAc,EAAE,MAAM,WAAS;AACrF,kBAAQ,MAAM,0CAA0C,KAAK;AAAA,QAC/D,CAAC;AAAA,MACH,GAAG,KAAK;AAAA,IACV,OAAO;AACL,cAAQ,MAAM,qDAAqD;AAAA,IACrE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAA2B;AACzB,QAAI,KAAK,cAAc,KAAK,cAAc;AACxC,WAAK,oBAAoB;AACzB,aAAO,KAAK,QAAQ,KAAK,YAAY,KAAK,cAAc,KAAK,iBAAiB,MAAS;AAAA,IACzF,WAAW,KAAK,YAAY;AAC1B,WAAK,oBAAoB;AACzB,aAAO,KAAK,QAAQ,KAAK,UAAU;AAAA,IACrC;AACA,WAAO,QAAQ,OAAO,IAAI,MAAM,mBAAmB,CAAC;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA,EAKA,cAAuB;AACrB,WAAO,KAAK,QAAQ,aAAa;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,YAA0E;AACxE,QAAI,CAAC,KAAK,OAAQ,QAAO;AACzB,QAAI,KAAK,OAAO,UAAW,QAAO;AAClC,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,KAAK,OAAe,MAAiB;AACnC,QAAI,KAAK,QAAQ,WAAW;AAC1B,WAAK,OAAO,KAAK,OAAO,IAAI;AAAA,IAC9B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA8C;AACzD,SAAK,SAAS;AAAA,MACZ,GAAG,KAAK;AAAA,MACR,GAAG;AAAA,IACL;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,KAAa,aAAqB,QAAgC;AAC3F,QAAI;AACF,YAAM,KAAK,QAAQ,KAAK,aAAa,MAAM;AAAA,IAC7C,SAAS,OAAO;AACd,cAAQ,KAAK,wDAAwD,KAAK;AAAA,IAC5E;AAAA,EACF;AACF;AAGO,SAAS,eAAe,QAAiD;AAC9E,SAAO,IAAI,gBAAgB,MAAM;AACnC;AAGO,IAAM,WAAW,IAAI,gBAAgB;;;AF9VrC,IAAM,yBAAN,MAA6B;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,SAAwB;AAAA,EACxB,uBAAuB;AAAA,EAE/B,YAAY,QAA+B;AACzC,SAAK,SAAS;AAAA,MACZ,SAAS;AAAA,MACT,OAAO;AAAA,QACL,SAAS;AAAA,QACT,KAAK;AAAA,MACP;AAAA,MACA,UAAU;AAAA,QACR,SAAS;AAAA,QACT,eAAe;AAAA,QACf,sBAAsB;AAAA,QACtB,gBAAgB;AAAA,MAClB;AAAA,MACA,GAAG;AAAA,IACL;AAEA,SAAK,QAAQ;AAEb,UAAM,iBAAwC;AAAA,MAC5C,eAAe,KAAK,OAAO,UAAU,iBAAiB;AAAA,MACtD,sBAAsB,KAAK,OAAO,UAAU,wBAAwB;AAAA,MACpE,gBAAgB,KAAK,OAAO,UAAU,kBAAkB;AAAA,MACxD,WAAW,MAAM;AACf,aAAK,uBAAuB;AAC5B,aAAK,OAAO,UAAU,YAAY;AAAA,MACpC;AAAA,MACA,cAAc,MAAM;AAClB,aAAK,uBAAuB;AAC5B,aAAK,OAAO,UAAU,eAAe;AAAA,MACvC;AAAA,MACA,SAAS,CAAC,UAAU;AAClB,aAAK,OAAO,UAAU,UAAU,KAAK;AAAA,MACvC;AAAA,IACF;AAEA,SAAK,WAAW,eAAe,cAAc;AAE7C,SAAK,SAASC,OAAM,OAAO;AAAA,MACzB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,IACF,CAAC;AAED,YAAQ,IAAI,qCAAqC;AAAA,MAC/C,SAAS,KAAK,OAAO,UAAU;AAAA,MAC/B,KAAK,KAAK,OAAO,UAAU;AAAA,MAC3B,gBAAgB,CAAC,CAAC,KAAK,OAAO,UAAU;AAAA,IAC1C,CAAC;AAED,QAAI,KAAK,OAAO,UAAU,WAAW,KAAK,OAAO,SAAS,KAAK;AAC7D,cAAQ,IAAI,kDAAkD;AAC9D,WAAK,cAAc,EAAE,MAAM,SAAO;AAChC,gBAAQ,MAAM,8CAA8C,GAAG;AAAA,MACjE,CAAC;AAAA,IACH,OAAO;AACL,cAAQ,IAAI,uDAAuD;AAAA,IACrE;AAEA,gBAAY,MAAM;AAChB,WAAK,MAAM,QAAQ;AAAA,IACrB,GAAG,GAAK;AAAA,EACV;AAAA,EAEA,MAAc,gBAA+B;AAE3C,QAAI,CAAC,KAAK,OAAO,UAAU,WAAW,CAAC,KAAK,OAAO,UAAU,KAAK;AAChE;AAAA,IACF;AAEA,QAAI;AACF,YAAM,KAAK,SAAS;AAAA,QAClB,KAAK,OAAO,SAAS;AAAA,QACrB,KAAK,OAAO,SAAS;AAAA,MACvB;AAGA,WAAK,SAAS,mBAAmB,MAAM;AACvC,WAAK,SAAS,mBAAmB,OAAO;AACxC,WAAK,SAAS,mBAAmB,aAAa;AAG9C,WAAK,SAAS,UAAU,KAAK,CAAC,UAAyB;AACrD,gBAAQ,IAAI,6CAA6C,KAAK;AAG9D,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,eAAK,OAAO,UAAU,eAAe,KAAK;AAC1C,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,eAAK,OAAO,UAAU,eAAe,KAAK;AAC1C,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,SAAS,eAAe;AAC/D,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,SAAS,YAAY,KAAK,MAAM,SAAS,qBAAqB;AAC3E,cAAI,MAAM,QAAQ;AAChB,iBAAK,MAAM,eAAe,MAAM,MAAM;AAAA,UACxC,OAAO;AACL,iBAAK,MAAM,MAAM;AAAA,UACnB;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IAEH,SAAS,OAAO;AACd,cAAQ,KAAK,uEAAuE,KAAK;AAAA,IAC3F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,KAAc,aAAqC;AACvE,UAAM,QAAQ,OAAO,KAAK,OAAO,UAAU;AAC3C,UAAM,UAAU,eAAe,KAAK,OAAO,UAAU;AAErD,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM,2BAA2B;AAAA,IAC7C;AAEA,UAAM,KAAK,cAAc;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,WAAkC;AAC3D,UAAM,QAAQ,KAAK,OAAO,UAAU;AAEpC,QAAI,CAAC,OAAO;AACV,cAAQ,KAAK,6CAA6C;AAC1D;AAAA,IACF;AAGA,UAAM,SAAS,KAAK,uBAAuB,SAAS,KAAK;AAEzD,YAAQ,IAAI,oEAAoE,MAAM;AAEtF,QAAI;AACF,YAAM,KAAK,SAAS,QAAQ,OAAO,WAAW,MAAM;AACpD,WAAK,SAAS,mBAAmB,MAAM;AAAA,IACzC,SAAS,OAAO;AACd,cAAQ,KAAK,uDAAuD,KAAK;AAAA,IAC3E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,qBAA2B;AACzB,SAAK,SAAS,WAAW;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,sBAA+B;AAC7B,WAAO,KAAK,wBAAwB,KAAK,SAAS,YAAY;AAAA,EAChE;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAkF;AAChF,WAAO,KAAK,SAAS,UAAU;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAoB,WAAmB,SAAqD;AAC1F,WAAO,KAAK,SAAS,UAAU,WAAW,OAAO;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA,EAKA,uBAAuB,SAAqD;AAC1E,WAAO,KAAK,SAAS,aAAa,OAAO;AAAA,EAC3C;AAAA,EAEQ,uBAAuB,OAA8B;AAC3D,QAAI;AACF,YAAM,UAAU,KAAK,MAAM,KAAK,MAAM,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC;AACpD,aAAO,QAAQ,OAAO;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEQ,YAAY,OAAe,SAAiB,IAAY;AAC9D,UAAM,SAAS,KAAK,uBAAuB,KAAK,KAAK;AACrD,WAAO,QAAQ,MAAM,IAAI,MAAM;AAAA,EACjC;AAAA,EAEA,MAAM,cAAc,OAA4C;AAC9D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,aAAO,KAAK,gBAAgB,KAAK;AAAA,IACnC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,QAAQ;AACjD,UAAM,SAAS,KAAK,MAAM,IAAwB,QAAQ;AAE1D,QAAI,QAAQ;AACV,cAAQ,IAAI,4CAA4C;AACxD,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,mDAAmD;AAC/D,UAAM,OAAO,MAAM,KAAK,gBAAgB,KAAK;AAE7C,SAAK,MAAM,IAAI,UAAU,MAAM,KAAK,OAAO,MAAM,GAAG;AAEpD,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,gBAAgB,OAA4C;AACxE,QAAI;AACF,YAAM,WACJ,MAAM,KAAK,OAAO,IAAI,aAAa;AAAA,QACjC,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK;AAAA,QAClC;AAAA,MACF,CAAC;AAEH,UAAI,CAAC,SAAS,KAAK,SAAS;AAC1B,cAAM,IAAI,MAAM,yCAAyC;AAAA,MAC3D;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,UAAIA,OAAM,aAAa,KAAK,GAAG;AAC7B,YAAI,MAAM,UAAU,WAAW,KAAK;AAClC,gBAAM,IAAI,MAAM,wCAAwC;AAAA,QAC1D;AACA,cAAM,IAAI,MAAM,cAAc,MAAM,UAAU,MAAM,WAAW,MAAM,OAAO,EAAE;AAAA,MAChF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAM,cAAc,OAAe,YAAsC;AACvE,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMC,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW,QAAQ;AAAA,QAAK,YAC7B,OAAO,YAAY,SAAS,UAAU;AAAA,MACxC;AAAA,IACF;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,UAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,8CAA8C,UAAU,EAAE;AACtE,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,qDAAqD,UAAU,EAAE;AAC7E,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,gBAAgB,WAAW,QAAQ;AAAA,MAAK,YAC5C,OAAO,YAAY,SAAS,UAAU;AAAA,IACxC;AAEA,SAAK,MAAM,IAAI,UAAU,eAAe,KAAK,OAAO,MAAM,MAAO,CAAC;AAElE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,QAAQ,OAAe,MAAgC;AAC3D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMA,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW,MAAM,SAAS,IAAI;AAAA,IACvC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,UAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,wCAAwC,IAAI,EAAE;AAC1D,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,+CAA+C,IAAI,EAAE;AACjE,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,UAAU,WAAW,MAAM,SAAS,IAAI;AAE9C,SAAK,MAAM,IAAI,UAAU,SAAS,KAAK,OAAO,MAAM,MAAO,CAAC;AAE5D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBAAqB,OAAe,WAAsC;AAC9E,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMA,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,YAAMC,UAASD,YAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,aAAOC,SAAQ,eAAe,CAAC;AAAA,IACjC;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,UAAU,SAAS,EAAE;AAC9D,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,0CAA0C,SAAS,EAAE;AACjE,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,6DAA6D,SAAS,EAAE;AACpF,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,SAAS,WAAW,QAAQ,KAAK,OAAK,EAAE,QAAQ,SAAS;AAC/D,UAAM,cAAc,QAAQ,eAAe,CAAC;AAE5C,SAAK,MAAM,IAAI,UAAU,aAAa,KAAK,OAAO,MAAM,GAAG;AAE3D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,aAAa,OAAkC;AACnD,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMD,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW;AAAA,IACpB;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,OAAO;AAChD,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,2CAA2C;AACvD,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,kDAAkD;AAC9D,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,QAAQ,WAAW;AAEzB,SAAK,MAAM,IAAI,UAAU,OAAO,KAAK,OAAO,MAAM,GAAG;AAErD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,oBAAoB,OAAkC;AAC1D,QAAI,CAAC,KAAK,OAAO,OAAO,SAAS;AAC/B,YAAMA,cAAa,MAAM,KAAK,cAAc,KAAK;AACjD,aAAOA,YAAW;AAAA,IACpB;AAEA,UAAM,WAAW,KAAK,YAAY,OAAO,eAAe;AACxD,UAAM,SAAS,KAAK,MAAM,IAAc,QAAQ;AAEhD,QAAI,WAAW,MAAM;AACnB,cAAQ,IAAI,8CAA8C;AAC1D,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,qDAAqD;AACjE,UAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AACjD,UAAM,eAAe,WAAW;AAEhC,SAAK,MAAM,IAAI,UAAU,cAAc,KAAK,OAAO,MAAM,GAAG;AAE5D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,eAAe,OAAe,aAAyD;AAC3F,UAAM,UAAmC,CAAC;AAC1C,UAAM,sBAAgC,CAAC;AAEvC,eAAW,cAAc,aAAa;AACpC,UAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,cAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,cAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,YAAI,WAAW,MAAM;AACnB,kBAAQ,UAAU,IAAI;AAAA,QACxB,OAAO;AACL,8BAAoB,KAAK,UAAU;AAAA,QACrC;AAAA,MACF,OAAO;AACL,4BAAoB,KAAK,UAAU;AAAA,MACrC;AAAA,IACF;AAEA,QAAI,oBAAoB,SAAS,GAAG;AAClC,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AAEjD,iBAAW,cAAc,qBAAqB;AAC5C,cAAM,gBAAgB,WAAW,QAAQ;AAAA,UAAK,YAC5C,OAAO,YAAY,SAAS,UAAU;AAAA,QACxC;AACA,gBAAQ,UAAU,IAAI;AAEtB,YAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,gBAAM,WAAW,KAAK,YAAY,OAAO,cAAc,UAAU,EAAE;AACnE,eAAK,MAAM,IAAI,UAAU,eAAe,KAAK,OAAO,MAAM,MAAO,CAAC;AAAA,QACpE;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,OAAe,OAAmD;AAC/E,UAAM,UAAmC,CAAC;AAC1C,UAAM,gBAA0B,CAAC;AAEjC,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,cAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,cAAM,SAAS,KAAK,MAAM,IAAa,QAAQ;AAE/C,YAAI,WAAW,MAAM;AACnB,kBAAQ,IAAI,IAAI;AAAA,QAClB,OAAO;AACL,wBAAc,KAAK,IAAI;AAAA,QACzB;AAAA,MACF,OAAO;AACL,sBAAc,KAAK,IAAI;AAAA,MACzB;AAAA,IACF;AAEA,QAAI,cAAc,SAAS,GAAG;AAC5B,YAAM,aAAa,MAAM,KAAK,cAAc,KAAK;AAEjD,iBAAW,QAAQ,eAAe;AAChC,cAAM,UAAU,WAAW,MAAM,SAAS,IAAI;AAC9C,gBAAQ,IAAI,IAAI;AAEhB,YAAI,KAAK,OAAO,OAAO,SAAS;AAC9B,gBAAM,WAAW,KAAK,YAAY,OAAO,QAAQ,IAAI,EAAE;AACvD,eAAK,MAAM,IAAI,UAAU,SAAS,KAAK,OAAO,MAAM,MAAO,CAAC;AAAA,QAC9D;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,eAAe,OAAqB;AAClC,UAAM,SAAS,KAAK,uBAAuB,KAAK;AAChD,QAAI,QAAQ;AACV,WAAK,MAAM,eAAe,MAAM;AAChC,cAAQ,IAAI,4CAA4C,MAAM,EAAE;AAAA,IAClE;AAAA,EACF;AAAA,EAEA,gBAAsB;AACpB,SAAK,MAAM,MAAM;AACjB,YAAQ,IAAI,oCAAoC;AAAA,EAClD;AAAA,EAEA,gBAAkD;AAChD,WAAO,KAAK,MAAM,SAAS;AAAA,EAC7B;AAAA,EAEA,aAAmB;AACjB,SAAK,SAAS,WAAW;AAAA,EAC3B;AACF;;;AG3fO,IAAME,kBAAN,MAAqB;AAAA,EAClB;AAAA,EAER,YAAY,QAA+B;AACzC,SAAK,UAAU,IAAI,uBAAuB,MAAM;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,SACA,aACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,UAAI,QAAQ,YAAY;AAEtB,cAAM,UAAU,MAAM,KAAK,QAAQ,eAAe,QAAQ,OAAO,WAAW;AAC5E,cAAM,SAAS,YAAY,MAAM,gBAAc,QAAQ,UAAU,CAAC;AAElE,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,uCAAuC,YAAY,KAAK,IAAI,CAAC;AAAA,YACpE,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF,OAAO;AAEL,cAAM,gBAAgB,MAAM,KAAK,QAAQ,eAAe,QAAQ,OAAO,WAAW;AAClF,cAAM,SAAS,OAAO,OAAO,aAAa,EAAE,KAAK,OAAO;AAExD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,8CAA8C,YAAY,KAAK,IAAI,CAAC;AAAA,YAC3E,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aACJ,SACA,OACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,UAAI,QAAQ,YAAY;AAEtB,cAAM,UAAU,MAAM,KAAK,QAAQ,SAAS,QAAQ,OAAO,KAAK;AAChE,cAAM,SAAS,MAAM,MAAM,UAAQ,QAAQ,IAAI,CAAC;AAEhD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,iCAAiC,MAAM,KAAK,IAAI,CAAC;AAAA,YACxD,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF,OAAO;AAEL,cAAM,UAAU,MAAM,KAAK,QAAQ,SAAS,QAAQ,OAAO,KAAK;AAChE,cAAM,SAAS,OAAO,OAAO,OAAO,EAAE,KAAK,OAAO;AAElD,YAAI,CAAC,QAAQ;AACX,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,OAAO,wCAAwC,MAAM,KAAK,IAAI,CAAC;AAAA,YAC/D,YAAY;AAAA,UACd;AAAA,QACF;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eACJ,SACA,SACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,YAAM,iBAAiB,WAAW,QAAQ,IAAI,OAAK,EAAE,GAAG;AAExD,UAAI;AAEJ,UAAI,QAAQ,YAAY;AAEtB,oBAAY,QAAQ,MAAM,YAAU,eAAe,SAAS,MAAM,CAAC;AAAA,MACrE,OAAO;AAEL,oBAAY,QAAQ,KAAK,YAAU,eAAe,SAAS,MAAM,CAAC;AAAA,MACpE;AAEA,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,yCAAyC,QAAQ,KAAK,IAAI,CAAC;AAAA,UAClE,YAAY;AAAA,QACd;AAAA,MACF;AAEA,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBACJ,SACA,cACA,UAAoC,CAAC,GACf;AACtB,QAAI;AACF,YAAM,mBAAmB,MAAM,KAAK,QAAQ,oBAAoB,QAAQ,KAAK;AAE7E,UAAI;AAEJ,UAAI,QAAQ,YAAY;AAEtB,oBAAY,aAAa,MAAM,YAAU,iBAAiB,SAAS,MAAM,CAAC;AAAA,MAC5E,OAAO;AAEL,oBAAY,aAAa,KAAK,YAAU,iBAAiB,SAAS,MAAM,CAAC;AAAA,MAC3E;AAEA,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,+CAA+C,aAAa,KAAK,IAAI,CAAC;AAAA,UAC7E,YAAY;AAAA,QACd;AAAA,MACF;AAEA,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAQ,SAAuB,SAA6C;AAChF,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,UAAI,SAAS;AACb,YAAM,WAAqB,CAAC;AAG5B,UAAI,QAAQ,eAAe,QAAQ,YAAY,SAAS,GAAG;AACzD,cAAM,kBAAkB,WAAW,QAAQ,QAAQ,OAAK,EAAE,WAAW;AACrE,cAAM,iBAAiB,QAAQ,aAC3B,QAAQ,YAAY,MAAM,OAAK,gBAAgB,SAAS,CAAC,CAAC,IAC1D,QAAQ,YAAY,KAAK,OAAK,gBAAgB,SAAS,CAAC,CAAC;AAE7D,YAAI,CAAC,gBAAgB;AACnB,mBAAS;AACT,mBAAS,KAAK,gBAAgB,QAAQ,YAAY,KAAK,IAAI,CAAC,EAAE;AAAA,QAChE;AAAA,MACF;AAGA,UAAI,QAAQ,SAAS,QAAQ,MAAM,SAAS,GAAG;AAC7C,cAAM,WAAW,QAAQ,aACrB,QAAQ,MAAM,MAAM,OAAK,WAAW,MAAM,SAAS,CAAC,CAAC,IACrD,QAAQ,MAAM,KAAK,OAAK,WAAW,MAAM,SAAS,CAAC,CAAC;AAExD,YAAI,CAAC,UAAU;AACb,mBAAS;AACT,mBAAS,KAAK,UAAU,QAAQ,MAAM,KAAK,IAAI,CAAC,EAAE;AAAA,QACpD;AAAA,MACF;AAGA,UAAI,QAAQ,WAAW,QAAQ,QAAQ,SAAS,GAAG;AACjD,cAAM,iBAAiB,WAAW,QAAQ,IAAI,OAAK,EAAE,GAAG;AACxD,cAAM,aAAa,QAAQ,aACvB,QAAQ,QAAQ,MAAM,OAAK,eAAe,SAAS,CAAC,CAAC,IACrD,QAAQ,QAAQ,KAAK,OAAK,eAAe,SAAS,CAAC,CAAC;AAExD,YAAI,CAAC,YAAY;AACf,mBAAS;AACT,mBAAS,KAAK,YAAY,QAAQ,QAAQ,KAAK,IAAI,CAAC,EAAE;AAAA,QACxD;AAAA,MACF;AAGA,UAAI,QAAQ,gBAAgB,QAAQ,aAAa,SAAS,GAAG;AAC3D,cAAM,kBAAkB,QAAQ,aAC5B,QAAQ,aAAa,MAAM,QAAM,WAAW,aAAa,SAAS,EAAE,CAAC,IACrE,QAAQ,aAAa,KAAK,QAAM,WAAW,aAAa,SAAS,EAAE,CAAC;AAExE,YAAI,CAAC,iBAAiB;AACpB,mBAAS;AACT,mBAAS,KAAK,kBAAkB,QAAQ,aAAa,KAAK,IAAI,CAAC,EAAE;AAAA,QACnE;AAAA,MACF;AAEA,UAAI,CAAC,QAAQ;AACX,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO,2BAA2B,SAAS,KAAK,IAAI,CAAC;AAAA,UACrD,YAAY;AAAA,QACd;AAAA,MACF;AAEA,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,SAA6C;AAC9D,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,QAAQ,cAAc,QAAQ,KAAK;AACjE,aAAO,EAAE,SAAS,MAAM,MAAM,WAAW;AAAA,IAC3C,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAqC;AACnC,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,WAAkC;AAC3D,WAAO,KAAK,QAAQ,qBAAqB,SAAS;AAAA,EACpD;AACF;AAKO,SAAS,aAAa,SAA6B;AAExD,MAAI,QAAQ,SAAS,eAAe;AAClC,UAAM,aAAa,QAAQ,QAAQ;AACnC,QAAI,WAAW,WAAW,SAAS,GAAG;AACpC,aAAO,WAAW,UAAU,CAAC;AAAA,IAC/B;AAAA,EACF;AAGA,MAAI,QAAQ,SAAS,eAAe;AAClC,UAAM,aAAa,QAAQ,QAAQ;AACnC,QAAI,WAAW,WAAW,SAAS,GAAG;AACpC,aAAO,WAAW,UAAU,CAAC;AAAA,IAC/B;AAAA,EACF;AAGA,MAAI,QAAQ,UAAU,gBAAgB,GAAG;AACvC,WAAO,QAAQ,QAAQ,gBAAgB;AAAA,EACzC;AAGA,MAAI,QAAQ,OAAO,OAAO;AACxB,WAAO,QAAQ,MAAM;AAAA,EACvB;AAEA,SAAO;AACT;;;ACjTO,SAAS,qBAAqB,QAAa;AAChD,QAAM,QAAQ,IAAIC,gBAAe,MAAM;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIL,mBAAmB,aAAuB,UAAoC,CAAC,GAAG;AAChF,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,mBAAmB,SAAS,aAAa,OAAO;AAE3E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,aAAa,OAAiB,UAAoC,CAAC,GAAG;AACpE,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,SAAS,OAAO,OAAO;AAE/D,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe,SAAmB,UAAoC,CAAC,GAAG;AACxE,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,eAAe,SAAS,SAAS,OAAO;AAEnE,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,oBAAoB,cAAwB,UAAoC,CAAC,GAAG;AAClF,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,oBAAoB,SAAS,cAAc,OAAO;AAE7E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,QAAQ,SAAuB;AAC7B,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,QAAQ,SAAS,OAAO;AAEnD,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe;AACb,aAAO,OAAO,KAA2B,KAAe,SAAuB;AAC7E,cAAM,UAAU,mBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YAC1B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,OAAO;AAE/C,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,IAAI,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YAC/C,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAEA,aAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,WAA2B;AACzB,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,KAAmC;AAC7D,QAAM,QAAQ,aAAa,GAAG;AAC9B,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,EACX;AACF;;;ACxQO,SAAS,qBAAqB,QAAa;AAChD,QAAM,QAAQ,IAAIC,gBAAe,MAAM;AAEvC,SAAO;AAAA;AAAA;AAAA;AAAA,IAIL,mBAAmB,aAAuB,UAAoC,CAAC,GAAG;AAChF,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUC,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,mBAAmB,SAAS,aAAa,OAAO;AAE3E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,aAAa,OAAiB,UAAoC,CAAC,GAAG;AACpE,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,SAAS,OAAO,OAAO;AAE/D,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe,SAAmB,UAAoC,CAAC,GAAG;AACxE,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,eAAe,SAAS,SAAS,OAAO;AAEnE,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,oBAAoB,cAAwB,UAAoC,CAAC,GAAG;AAClF,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,oBAAoB,SAAS,cAAc,OAAO;AAE7E,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,QAAQ,SAAuB;AAC7B,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,QAAQ,SAAS,OAAO;AAEnD,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,eAAe;AACb,aAAO,OAAO,KAA2B,UAAwB;AAC/D,cAAM,UAAUA,oBAAmB,GAAG;AACtC,YAAI,CAAC,SAAS;AACZ,iBAAO,MAAM,OAAO,GAAG,EAAE,KAAK;AAAA,YAC5B,SAAS;AAAA,YACT,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,cAAM,SAAS,MAAM,MAAM,aAAa,OAAO;AAE/C,YAAI,CAAC,OAAO,SAAS;AACnB,iBAAO,MAAM,OAAO,OAAO,cAAc,GAAG,EAAE,KAAK;AAAA,YACjD,SAAS;AAAA,YACT,SAAS,OAAO;AAAA,UAClB,CAAC;AAAA,QACH;AAGA,YAAI,OAAO,MAAM;AACf,cAAI,OAAO;AAAA,YACT,IAAI,OAAO,KAAK,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK,KAAK;AAAA,YAC/B,UAAU,OAAO,KAAK,KAAK;AAAA,YAC3B,OAAO,OAAO,KAAK,KAAK;AAAA,YACxB,OAAO,OAAO,KAAK;AAAA,YACnB,aAAa,OAAO,KAAK,QAAQ,QAAQ,OAAK,EAAE,WAAW;AAAA,YAC3D,SAAS,OAAO,KAAK;AAAA,YACrB,cAAc,OAAO,KAAK;AAAA,UAC5B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,WAA2B;AACzB,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEA,SAASA,oBAAmB,KAA0C;AACpE,QAAM,QAAQ,aAAa,GAAG;AAC9B,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,EACX;AACF;","names":["axios","axios","userAccess","module","ExGuardBackend","ExGuardBackend","ExGuardBackend","createGuardContext"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "exguard-backend",
3
- "version": "1.0.37",
3
+ "version": "1.0.38",
4
4
  "private": false,
5
5
  "publishConfig": {
6
6
  "access": "public"
package/scripts/setup-nestjs.cjs CHANGED
@@ -129,8 +129,9 @@ import { Guard } from 'exguard-backend';
129
129
  },
130
130
  timeout: parseInt(process.env.EXGUARD_TIMEOUT || '10000'),
131
131
  realtime: {
132
- enabled: process.env.EXGUARD_REALTIME_ENABLED === 'true' && !!process.env.EXGUARD_REALTIME_URL,
133
- url: process.env.EXGUARD_REALTIME_URL || undefined,
132
+ // Auto-enable if URL is provided (uses API_URL if REALTIME_URL not set)
133
+ enabled: process.env.EXGUARD_REALTIME_ENABLED !== 'false' && !!process.env.EXGUARD_API_URL,
134
+ url: process.env.EXGUARD_REALTIME_URL || process.env.EXGUARD_API_URL || undefined,
134
135
  accessToken: process.env.EXGUARD_SERVICE_TOKEN || process.env.EXGUARD_API_KEY || undefined,
135
136
  },
136
137
  }),
@@ -172,6 +173,11 @@ export class ExGuardNestGuard implements CanActivate {
172
173
  throw new UnauthorizedException('No authentication token provided');
173
174
  }
174
175
 
176
+ // Auto-connect to realtime with user's token
177
+ await this.exGuard.connectWithUserToken(token).catch(err => {
178
+ console.warn('[ExGuard] Realtime connection failed:', err?.message);
179
+ });
180
+
175
181
  const guardContext: GuardContext = {
176
182
  token,
177
183
  request,
@@ -218,6 +224,11 @@ export class ExGuardPermissionGuard extends ExGuardNestGuard {
218
224
  throw new UnauthorizedException('No authentication token provided');
219
225
  }
220
226
 
227
+ // Auto-connect to realtime with user's token
228
+ await this.exGuard.connectWithUserToken(token).catch(err => {
229
+ console.warn('[ExGuard] Realtime connection failed:', err?.message);
230
+ });
231
+
221
232
  const guardContext: GuardContext = {
222
233
  token,
223
234
  request,