expediate 0.0.3 → 1.0.0

package/dist/git.js

@@ -0,0 +1,244 @@
+/* Copyright 2021 Fabien Bavent
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+'use strict';
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.gitHandler = gitHandler;
+const child_process_1 = require("child_process");
+const zlib_1 = require("zlib");
+// ---------------------------------------------------------------------------
+// PKT-LINE helpers
+// ---------------------------------------------------------------------------
+/**
+ * Encode a string as a Git PKT-LINE frame.
+ *
+ * The Git Smart HTTP protocol wraps each line in a 4-hex-digit length prefix
+ * that counts the total frame length (4 bytes for the prefix itself plus the
+ * payload bytes, **not** characters).
+ *
+ * @param str - The plain-text payload to wrap (must be ASCII or UTF-8).
+ * @returns The framed string, e.g. `"001e# service=git-upload-pack\n"`.
+ *
+ * @see https://git-scm.com/docs/pack-protocol#_pkt_line_format
+ *
+ * @example
+ * ```ts
+ * pktLine('# service=git-upload-pack\n')
+ * // → '001e# service=git-upload-pack\n'
+ * //    ^^^^  4 + 26 = 30 = 0x1e
+ * ```
+ */
+function pktLine(str) {
+    // BUG FIX: the original used `str.length` (character count / UTF-16 code
+    // units) instead of the actual byte length. The Git PKT-LINE spec requires
+    // the 4-hex-digit prefix to represent the *byte* count of the whole frame
+    // (prefix + payload). For ASCII-only service names this difference is zero,
+    // but using Buffer.byteLength is correct and future-proof.
+    const byteLen = Buffer.byteLength(str, 'utf8') + 4; // +4 for the 4-char hex prefix itself
+    return byteLen.toString(16).padStart(4, '0') + str;
+}
+/**
+ * The Git PKT-LINE flush packet.
+ * Signals the end of a list of PKT-LINE records.
+ */
+const PKT_FLUSH = '0000';
+// ---------------------------------------------------------------------------
+// Middleware factory
+// ---------------------------------------------------------------------------
+/**
+ * Middleware factory that exposes a Git repository over the **Git Smart HTTP
+ * protocol** (read-only fetch / clone, via `git-upload-pack`).
+ *
+ * Mount this handler at the root of a repository-scoped path so that the two
+ * sub-paths it handles (`/info/refs` and `/git-upload-pack`) are reachable:
+ *
+ * ```ts
+ * app.use('/repos/:repo', gitHandler({
+ *   repository: (req) => path.join('/srv/git', req.params.repo + '.git'),
+ * }));
+ * ```
+ *
+ * **Supported endpoints:**
+ *
+ * | Method | Path              | Purpose                                      |
+ * |--------|-------------------|----------------------------------------------|
+ * | GET    | `/info/refs`      | Smart HTTP capability advertisement          |
+ * | POST   | `/git-upload-pack`| Pack-file negotiation and transfer           |
+ *
+ * Only `git-upload-pack` (fetch / clone) is implemented.
+ * `git-receive-pack` (push) is intentionally excluded.
+ *
+ * **Compression:** gzip-compressed POST bodies are transparently decompressed
+ * before being piped to `git-upload-pack`.
+ *
+ * @param opt - Handler configuration (see {@link GitHandlerOptions}).
+ * @returns An Express-compatible middleware function `(req, res) => void`.
+ * @throws {TypeError} When `opt.repository` is not a function.
+ */
+function gitHandler(opt) {
+    if (typeof opt.repository !== 'function')
+        throw new TypeError('gitHandler: opt.repository must be a function');
+    const gitBin = (opt.gitPath ?? '') + 'git-upload-pack';
+    return (req, res) => {
+        // Resolve the repository path for this request.
+        const gitDirectory = opt.repository(req);
+        if (!gitDirectory)
+            return void res.status(404).send('Repository not found');
+        const urlPath = req.path; // sub-path after the mount prefix
+        // ── GET /info/refs?service=git-upload-pack ──────────────────────────
+        if (req.method === 'GET' && urlPath === '/info/refs') {
+            // BUG FIX: `req.queries.url` can be undefined when no query parameters
+            // are present, causing `req.queries.url.service` to throw a TypeError.
+            const service = req.queries?.url?.service;
+            if (service !== 'git-upload-pack')
+                return void res.status(403).send('Only git-upload-pack is supported');
+            res.setHeader('Content-Type', `application/x-${service}-advertisement`);
+            res.setHeader('Cache-Control', 'no-cache');
+            // The Smart HTTP advertisement starts with a PKT-LINE service banner
+            // followed by a flush packet (0000), then the git-upload-pack output.
+            res.write(pktLine(`# service=${service}\n`));
+            res.write(PKT_FLUSH);
+            const args = buildArgs(opt, ['--stateless-rpc', '--advertise-refs', gitDirectory]);
+            const proc = (0, child_process_1.spawn)(gitBin, args, {
+                env: { ...process.env, GIT_PROTOCOL: req.headers['git-protocol'] || '' },
+            });
+            // BUG FIX: the original did not listen for spawn errors (e.g. ENOENT
+            // when git is not installed). Without this handler, a missing binary
+            // causes an uncaught exception that crashes the server process.
+            proc.on('error', (err) => {
+                console.error('[git-upload-pack refs] spawn error:', err.message);
+                if (!res.writableEnded)
+                    res.status(500).send(`git-upload-pack unavailable: ${err.message}`);
+            });
+            proc.stdout.pipe(res);
+            proc.stdout.on('error', (err) => {
+                console.warn('[git-upload-pack refs] stdout error:', err.message);
+            });
+            proc.stderr.on('data', (d) => console.error('[git-upload-pack refs]', d.toString()));
+            proc.on('close', (code) => {
+                if (code !== 0) {
+                    console.error(`[git-upload-pack refs] exited with code ${code}`);
+                    if (!res.writableEnded)
+                        res.status(500).send('git-upload-pack failed');
+                }
+                // When code === 0, proc.stdout has already piped all data and called
+                // res.end() automatically (default pipe behaviour).
+            });
+            return;
+        }
+        // ── POST /git-upload-pack ───────────────────────────────────────────
+        if (req.method === 'POST' && urlPath === '/git-upload-pack') {
+            const contentType = req.headers['content-type'] || '';
+            // BUG FIX: the original called `res.send(415).send(...)`. Our router's
+            // `res.send()` signature is `send(body?)` — passing 415 as the body
+            // writes the number as a string, then the chained `.send()` fails
+            // because `res.send()` already ended the response. Corrected to
+            // `res.status(415).send(...)`.
+            if (contentType !== 'application/x-git-upload-pack-request')
+                return void res.status(415).send('Unsupported Media Type');
+            res.setHeader('Content-Type', 'application/x-git-upload-pack-result');
+            res.setHeader('Cache-Control', 'no-cache');
+            const args = buildArgs(opt, ['--stateless-rpc', gitDirectory]);
+            const proc = (0, child_process_1.spawn)(gitBin, args, {
+                env: { ...process.env, GIT_PROTOCOL: req.headers['git-protocol'] || '' },
+            });
+            // BUG FIX: same missing spawn-error handler as the GET branch.
+            proc.on('error', (err) => {
+                console.error('[git-upload-pack pack] spawn error:', err.message);
+                if (!res.writableEnded)
+                    res.status(500).send(`git-upload-pack unavailable: ${err.message}`);
+            });
+            // Transparently decompress gzip-encoded request bodies.
+            const encoding = req.headers['content-encoding'];
+            if (encoding === 'gzip') {
+                const gunzip = (0, zlib_1.createGunzip)();
+                gunzip.on('error', (err) => {
+                    console.warn('[git-upload-pack pack] gunzip error:', err.message);
+                    if (!res.writableEnded)
+                        res.status(400).send('Failed to decompress request body');
+                });
+                req.pipe(gunzip).pipe(proc.stdin);
+            }
+            else {
+                req.pipe(proc.stdin);
+            }
+            proc.stdout.pipe(res);
+            proc.stdout.on('error', (err) => {
+                console.warn('[git-upload-pack pack] stdout error:', err.message);
+            });
+            // BUG FIX: the original tagged the POST stderr with the same label as
+            // the GET branch ('[git-upload-pack refs]'), making log messages from
+            // the two branches indistinguishable. Corrected to '[git-upload-pack pack]'.
+            proc.stderr.on('data', (d) => console.error('[git-upload-pack pack]', d.toString()));
+            proc.on('close', (code) => {
+                if (code !== 0) {
+                    console.error(`[git-upload-pack pack] exited with code ${code}`);
+                    if (!res.writableEnded)
+                        res.status(500).send('git-upload-pack failed');
+                }
+            });
+            proc.stdin.on('error', (err) => {
+                // EPIPE is expected when the client disconnects mid-stream; it is not
+                // a server-side fault and does not require an error response.
+                if (err.code !== 'EPIPE')
+                    console.warn('[git-upload-pack pack] stdin error:', err.message);
+            });
+            return;
+        }
+        // Unrecognised path inside the repository mount.
+        res.status(404).send('Not found');
+    };
+}
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+/**
+ * Build the argument list for `git-upload-pack`.
+ *
+ * Prepends an optional `--timeout=<n>` argument when configured, then
+ * inserts the `--strict` / `--no-strict` flag, followed by any additional
+ * arguments the caller provides.
+ *
+ * @param opt      - Handler options.
+ * @param trailing - Arguments appended after the strict flag
+ *                   (e.g. `['--stateless-rpc', '--advertise-refs', dir]`).
+ * @returns The complete argument array ready for `spawn`.
+ */
+function buildArgs(opt, trailing) {
+    const args = [];
+    if (opt.timeout) {
+        // BUG FIX: `parseInt` without an explicit radix may misinterpret strings
+        // that start with '0' as octal in some environments. Always pass base 10.
+        const seconds = parseInt(String(opt.timeout), 10);
+        if (!isNaN(seconds) && seconds > 0)
+            args.push(`--timeout=${seconds}`);
+    }
+    // BUG FIX: the original used `opt.bareOnly ? '--strict' : '--no-strict'`.
+    // `git-upload-pack` does not accept `--strict` — that flag belongs to
+    // `git-receive-pack`. The correct option for upload-pack is `--no-strict`
+    // (which relaxes the requirement that the path must be a bare repository).
+    // When the caller sets `strict: true` we simply omit `--no-strict`; when
+    // `strict` is false (default) we pass `--no-strict` to allow non-bare repos.
+    if (!opt.strict)
+        args.push('--no-strict');
+    return [...args, ...trailing];
+}
+exports.default = gitHandler;
+//# sourceMappingURL=git.js.map

package/dist/git.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"git.js","sourceRoot":"","sources":["../src/git.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,YAAY,CAAC;;AAgIb,gCAwIC;AAtQD,iDAA4C;AAC5C,+BAAoC;AAoDpC,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAS,OAAO,CAAC,GAAW;IAC1B,yEAAyE;IACzE,2EAA2E;IAC3E,0EAA0E;IAC1E,4EAA4E;IAC5E,2DAA2D;IAC3D,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,sCAAsC;IAC1F,OAAO,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,MAAM,SAAS,GAAG,MAAM,CAAC;AAEzB,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,SAAgB,UAAU,CAAC,GAAsB;IAC/C,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,UAAU;QACtC,MAAM,IAAI,SAAS,CAAC,+CAA+C,CAAC,CAAC;IAEvE,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,GAAG,iBAAiB,CAAC;IAEvD,OAAO,CAAC,GAAkB,EAAE,GAAmB,EAAQ,EAAE;QACvD,gDAAgD;QAChD,MAAM,YAAY,GAAG,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,YAAY;YACf,OAAO,KAAK,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAE3D,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,kCAAkC;QAE5D,uEAAuE;QACvE,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;YACrD,uEAAuE;YACvE,uEAAuE;YACvE,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC;YAE1C,IAAI,OAAO,KAAK,iBAAiB;gBAC/B,OAAO,KAAK,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;YAExE,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,iBAAiB,OAAO,gBAAgB,CAAC,CAAC;YACxE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;YAE3C,qEAAqE;YACrE,sEAAsE;YACtE,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,OAAO,IAAI,CAAC,CAAC,CAAC;YAC7C,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAErB,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,CAAC,CAAC,CAAC;YACnF,MAAM,IAAI,GAAG,IAAA,qBAAK,EAAC,MAAM,EAAE,IAAI,EAAE;gBAC/B,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,YAAY,EAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAY,IAAI,EAAE,EAAE;aACrF,CAAC,CAAC;YAEH,qEAAqE;YACrE,qEAAqE;YACrE,gEAAgE;YAChE,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACvB,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;gBAClE,IAAI,CAAC,GAAG,CAAC,aAAa;oBAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,gCAAgC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9F,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACtB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC9B,OAAO,CAAC,IAAI,CAAC,sCAAsC,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACpE,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CACnC,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CACtD,CAAC;YAEF,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,OAAO,CAAC,KAAK,CAAC,2CAA2C,IAAI,EAAE,CAAC,CAAC;oBACjE,IAAI,CAAC,GAAG,CAAC,aAAa;wBAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;gBACzE,CAAC;gBACD,qEAAqE;gBACrE,oDAAoD;YACtD,CAAC,CAAC,CAAC;YAEH,OAAO;QACT,CAAC;QAED,uEAAuE;QACvE,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,OAAO,KAAK,kBAAkB,EAAE,CAAC;YAC5D,MAAM,WAAW,GAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAY,IAAI,EAAE,CAAC;YAElE,uEAAuE;YACvE,oEAAoE;YACpE,kEAAkE;YAClE,gEAAgE;YAChE,+BAA+B;YAC/B,IAAI,WAAW,KAAK,uCAAuC;gBACzD,OAAO,KAAK,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;YAE7D,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,sCAAsC,CAAC,CAAC;YACtE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;YAE3C,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC,CAAC;YAC/D,MAAM,IAAI,GAAG,IAAA,qBAAK,EAAC,MAAM,EAAE,IAAI,EAAE;gBAC/B,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,YAAY,EAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAY,IAAI,EAAE,EAAE;aACrF,CAAC,CAAC;YAEH,+DAA+D;YAC/D,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACvB,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;gBAClE,IAAI,CAAC,GAAG,CAAC,aAAa;oBAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,gCAAgC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9F,CAAC,CAAC,CAAC;YAEH,wDAAwD;YACxD,MAAM,QAAQ,GAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAwB,CAAC;YACzE,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACxB,MAAM,MAAM,GAAG,IAAA,mBAAY,GAAE,CAAC;gBAC9B,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;oBACzB,OAAO,CAAC,IAAI,CAAC,sCAAsC,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;oBAClE,IAAI,CAAC,GAAG,CAAC,aAAa;wBAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;gBACpF,CAAC,CAAC,CAAC;gBACF,GAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACL,GAAW,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAChC,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACtB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC9B,OAAO,CAAC,IAAI,CAAC,sCAAsC,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACpE,CAAC,CAAC,CAAC;YAEH,sEAAsE;YACtE,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CACnC,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CACtD,CAAC;YAEF,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,OAAO,CAAC,KAAK,CAAC,2CAA2C,IAAI,EAAE,CAAC,CAAC;oBACjE,IAAI,CAAC,GAAG,CAAC,aAAa;wBAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;gBACzE,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;gBACpD,sEAAsE;gBACtE,8DAA8D;gBAC9D,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO;oBACtB,OAAO,CAAC,IAAI,CAAC,qCAAqC,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACrE,CAAC,CAAC,CAAC;YAEH,OAAO;QACT,CAAC;QAED,iDAAiD;QACjD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACpC,CAAC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;;;;;;;;;;GAWG;AACH,SAAS,SAAS,CAAC,GAAsB,EAAE,QAAkB;IAC3D,MAAM,IAAI,GAAa,EAAE,CAAC;IAE1B,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QAChB,yEAAyE;QACzE,0EAA0E;QAC1E,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,OAAO,GAAG,CAAC;YAChC,IAAI,CAAC,IAAI,CAAC,aAAa,OAAO,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,0EAA0E;IAC1E,sEAAsE;IACtE,0EAA0E;IAC1E,2EAA2E;IAC3E,yEAAyE;IACzE,6EAA6E;IAC7E,IAAI,CAAC,GAAG,CAAC,MAAM;QACb,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAE3B,OAAO,CAAC,GAAG,IAAI,EAAE,GAAG,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED,kBAAe,UAAU,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,21 @@
+/**
+ * @module expediate
+ * TypeScript package for web server routing.
+ */
+import createRouter from './router';
+export { createRouter };
+export type { Router, RouterRequest, RouterResponse, Middleware, MiddlewareArg, NextFunction, Layer, CookieOptions, TlsOptions, StringMap, } from './router';
+export { serveStatic, serveFile, sendFile, mime } from './static';
+export type { StaticOptions, Mime } from './static';
+export { json, formData, parseBody, logger } from './misc';
+export type { BodyOptions, LoggerOptions, FormPart, } from './misc';
+import createJwtPlugin from './jwt-auth';
+export { createJwtPlugin };
+export type { JwtPlugin, JwtConfig } from './jwt-auth';
+import gitHandler from './git';
+export { gitHandler };
+export type { GitHandlerOptions, } from './git';
+import apiBuilder from './apis';
+export { apiBuilder };
+export type { ApiError, ServiceMethod, ServiceInstance, ServiceMethods, RouteMap, ServiceDefinition } from './apis';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAoBA;;;GAGG;AAGH,OAAO,YAAY,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,CAAA;AACvB,YAAY,EACV,MAAM,EACN,aAAa,EACb,cAAc,EACd,UAAU,EACV,aAAa,EACb,YAAY,EACZ,KAAK,EACL,aAAa,EACb,UAAU,EACV,SAAS,GACV,MAAM,UAAU,CAAC;AAIlB,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAClE,YAAY,EACV,aAAa,EACb,IAAI,EACL,MAAM,UAAU,CAAC;AAIlB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC3D,YAAY,EACV,WAAW,EACX,aAAa,EACb,QAAQ,GACT,MAAM,QAAQ,CAAC;AAGhB,OAAO,eAAe,MAAM,YAAY,CAAA;AACxC,OAAO,EAAE,eAAe,EAAE,CAAA;AAC1B,YAAY,EACV,SAAS,EACT,SAAS,EACV,MAAM,YAAY,CAAC;AAGpB,OAAQ,UAAU,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,UAAU,EAAE,CAAA;AACrB,YAAY,EACR,iBAAiB,GACpB,MAAM,OAAO,CAAA;AAGd,OAAO,UAAU,MAAM,QAAQ,CAAA;AAC/B,OAAO,EAAE,UAAU,EAAE,CAAA;AACrB,YAAY,EACR,QAAQ,EACR,aAAa,EACb,eAAe,EACf,cAAc,EACd,QAAQ,EACR,iBAAiB,EACpB,MAAM,QAAQ,CAAA"}

package/dist/index.js

@@ -0,0 +1,55 @@
+"use strict";
+/* Copyright 2021 Fabien Bavent
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+/**
+ * @module expediate
+ * TypeScript package for web server routing.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.apiBuilder = exports.gitHandler = exports.createJwtPlugin = exports.logger = exports.parseBody = exports.formData = exports.json = exports.mime = exports.sendFile = exports.serveFile = exports.serveStatic = exports.createRouter = void 0;
+// ── Router ────────────────────────────────────────────────────────────────────
+const router_1 = __importDefault(require("./router"));
+exports.createRouter = router_1.default;
+// ── Static ────────────────────────────────────────────────────────────────────
+var static_1 = require("./static");
+Object.defineProperty(exports, "serveStatic", { enumerable: true, get: function () { return static_1.serveStatic; } });
+Object.defineProperty(exports, "serveFile", { enumerable: true, get: function () { return static_1.serveFile; } });
+Object.defineProperty(exports, "sendFile", { enumerable: true, get: function () { return static_1.sendFile; } });
+Object.defineProperty(exports, "mime", { enumerable: true, get: function () { return static_1.mime; } });
+// ── Miscallenous ──────────────────────────────────────────────────────────────
+var misc_1 = require("./misc");
+Object.defineProperty(exports, "json", { enumerable: true, get: function () { return misc_1.json; } });
+Object.defineProperty(exports, "formData", { enumerable: true, get: function () { return misc_1.formData; } });
+Object.defineProperty(exports, "parseBody", { enumerable: true, get: function () { return misc_1.parseBody; } });
+Object.defineProperty(exports, "logger", { enumerable: true, get: function () { return misc_1.logger; } });
+// ── JWT Authentication ────────────────────────────────────────────────────────
+const jwt_auth_1 = __importDefault(require("./jwt-auth"));
+exports.createJwtPlugin = jwt_auth_1.default;
+// ── Git repository ────────────────────────────────────────────────────────────
+const git_1 = __importDefault(require("./git"));
+exports.gitHandler = git_1.default;
+// ── API Service ───────────────────────────────────────────────────────────────
+const apis_1 = __importDefault(require("./apis"));
+exports.apiBuilder = apis_1.default;
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AACH;;;GAGG;;;;;;AAEH,iFAAiF;AACjF,sDAAoC;AAC3B,uBADF,gBAAY,CACE;AAcrB,iFAAiF;AAEjF,mCAAkE;AAAzD,qGAAA,WAAW,OAAA;AAAE,mGAAA,SAAS,OAAA;AAAE,kGAAA,QAAQ,OAAA;AAAE,8FAAA,IAAI,OAAA;AAM/C,iFAAiF;AAEjF,+BAA2D;AAAlD,4FAAA,IAAI,OAAA;AAAE,gGAAA,QAAQ,OAAA;AAAE,iGAAA,SAAS,OAAA;AAAE,8FAAA,MAAM,OAAA;AAO1C,iFAAiF;AACjF,0DAAwC;AAC/B,0BADF,kBAAe,CACE;AAMxB,iFAAiF;AACjF,gDAA+B;AACtB,qBADD,aAAU,CACC;AAKnB,iFAAiF;AACjF,kDAA+B;AACtB,qBADF,cAAU,CACE"}

package/dist/jwt-auth.d.ts

@@ -0,0 +1,280 @@
+/**
+ * jwt-auth.ts
+ *
+ * JWT authentication plugin for the Expediate router.
+ *
+ * Provides:
+ * - Stateless access tokens (HS256 / HS384 / HS512 HMAC-signed JWTs).
+ * - Opaque refresh tokens with server-side storage and automatic rotation.
+ * - Route handlers for login, token refresh, and logout.
+ * - Middleware for token validation, authorisation, role checks, and
+ *   permission checks.
+ *
+ * Security notes:
+ * - Passwords are hashed with SHA-256 for demonstration purposes only.
+ *   Replace with bcrypt / argon2 in production.
+ * - The default secrets are placeholders — always override them in production.
+ * - Refresh token storage defaults to an in-process Map; replace with a
+ *   persistent store (Redis, database) for multi-instance deployments.
+ */
+import type { Middleware } from './router.js';
+/** A user record as stored in (or returned by) the user database. */
+export interface UserRecord {
+    /** Stable unique identifier (used as JWT `sub` claim when present). */
+    id?: string;
+    /** Login username. */
+    username: string;
+    /**
+     * SHA-256 hex digest of the user's password.
+     * Replace with a bcrypt/argon2 hash in production.
+     */
+    passwordHash: string;
+    /** Role labels assigned to this user (e.g. `'admin'`, `'editor'`). */
+    roles?: string[];
+    /**
+     * Fine-grained permission strings assigned to this user
+     * (e.g. `'read'`, `'write'`, `'delete'`).
+     */
+    permissions?: string[];
+    /** Any additional fields the application wants to carry. */
+    [key: string]: unknown;
+}
+/**
+ * The decoded JWT access-token payload attached to `req.user` after
+ * successful authentication.
+ */
+export interface TokenPayload {
+    /** JWT subject — typically the user's stable ID. */
+    sub: string;
+    /** Username extracted from the user record. */
+    username: string;
+    /** Issuer claim, set to `config.issuer`. */
+    iss: string;
+    /** Issued-at timestamp (Unix seconds). */
+    iat: number;
+    /** Expiration timestamp (Unix seconds). */
+    exp: number;
+    /** Roles copied from the user record. */
+    roles?: string[];
+    /** Permissions copied from the user record. */
+    permissions?: string[];
+    /** Any additional claims produced by `config.payload`. */
+    [key: string]: unknown;
+}
+/** Internal metadata stored alongside each active refresh token. */
+interface RefreshTokenData {
+    /** Username the refresh token was issued to. */
+    username: string;
+    /** Unix ms timestamp of issuance. */
+    issuedAt: number;
+    /** Unix ms timestamp after which the token must be rejected. */
+    expiresAt: number;
+}
+/**
+ * Minimal interface for the refresh-token store.
+ * Any object implementing these four methods is accepted (Map, Redis client
+ * adapter, database wrapper, etc.).
+ */
+export interface TokenStore {
+    set(key: string, value: RefreshTokenData): void;
+    get(key: string): RefreshTokenData | undefined;
+    delete(key: string): void;
+    has(key: string): boolean;
+}
+/**
+ * Supported HMAC-SHA signing algorithms for JWT.
+ * RS*, ES*, and PS* families are not yet implemented.
+ */
+export type JwtAlgorithm = 'HS256' | 'HS384' | 'HS512';
+/**
+ * Full configuration object for {@link createJwtPlugin}.
+ * All fields have defaults; override only what you need.
+ */
+export interface JwtConfig {
+    /** HMAC secret used to sign access tokens. **Change in production.** */
+    accessTokenSecret: string;
+    /** HMAC secret used to sign refresh tokens (currently unused — refresh   *
+     * tokens are opaque random strings, not JWTs). Reserved for future use. */
+    refreshTokenSecret: string;
+    /** Access token lifetime in **seconds**. Defaults to 15 minutes. */
+    accessTokenExpiry: number;
+    /** Refresh token lifetime in **seconds**. Defaults to 7 days. */
+    refreshTokenExpiry: number;
+    /** Value placed in the JWT `iss` claim. */
+    issuer: string;
+    /**
+     * When `true`, the `authenticate` middleware rejects tokens whose `iss`
+     * claim does not match `config.issuer`.
+     * Defaults to `false` (issuer not checked).
+     */
+    checkIssuer: boolean;
+    /** JWT signing algorithm. Defaults to `'HS256'`. */
+    alg: JwtAlgorithm;
+    /**
+     * Extract the login username from a user record.
+     * Defaults to `(user) => user.username`.
+     */
+    username: (user: UserRecord) => string;
+    /**
+     * Fetch a user record by username.
+     * Return `undefined` (or any falsy value) when the user does not exist.
+     */
+    fetchUser: (username: string) => UserRecord | undefined;
+    /**
+     * Return `true` when the supplied plain-text `password` is valid for
+     * `user`, `false` otherwise.
+     *
+     * The default implementation compares SHA-256 hashes; replace with a
+     * timing-safe bcrypt/argon2 check in production.
+     */
+    isPasswordValid: (user: UserRecord, password: string) => boolean;
+    /**
+     * Build the JWT payload for a user.
+     * The `iss`, `iat`, `exp`, and `sub` claims are added automatically.
+     * Returning a partial object is fine — the plugin merges the rest.
+     */
+    payload: (user: UserRecord) => Partial<TokenPayload>;
+    /**
+     * Active refresh-token store.
+     * Defaults to an in-process `Map` (lost on restart; not suitable for
+     * multi-instance deployments).
+     */
+    refreshTokenStore: TokenStore;
+}
+/** Result returned by {@link verifyToken}. */
+type VerifyResult = {
+    valid: true;
+    payload: TokenPayload;
+} | {
+    valid: false;
+    error: string;
+};
+/**
+ * Hash a plain-text password with SHA-256 and return the hex digest.
+ *
+ * > **⚠ Warning:** SHA-256 is fast and therefore unsuitable for password
+ * > hashing in production.  Use bcrypt or argon2 instead.
+ *
+ * @param password - The plain-text password to hash.
+ * @returns A 64-character lowercase hex string.
+ */
+export declare function hashPassword(password: string): string;
+/**
+ * Default in-memory user database used when no custom `fetchUser` is
+ * provided.  Contains three demo accounts: alice (admin), bob (editor),
+ * charlie (viewer).
+ *
+ * Replace or ignore this map entirely when you supply your own `fetchUser`.
+ */
+export declare const userDatabase: Map<string, UserRecord>;
+/**
+ * Sign a payload object and return a compact JWT string.
+ *
+ * Automatically adds the `iat` (issued-at) and `exp` (expiration) claims.
+ * Any claims already present in `payload` are preserved and take precedence
+ * over `iat`/`exp` (use this to override expiry if needed).
+ *
+ * @param payload   - JWT payload claims (must be JSON-serialisable).
+ * @param secret    - HMAC secret used to sign the token.
+ * @param expiresIn - Validity window in **seconds** from the current time.
+ * @param alg       - Signing algorithm. Defaults to `'HS256'`.
+ * @returns A compact JWT string in the form `header.payload.signature`.
+ */
+declare function signToken(payload: Partial<TokenPayload>, secret: string, expiresIn: number, alg?: JwtAlgorithm): string;
+/**
+ * Verify a compact JWT string and return its decoded payload on success.
+ *
+ * Performs the following checks in order:
+ * 1. Structural validity (exactly three dot-separated segments).
+ * 2. Algorithm consistency (header `alg` matches the expected `alg`).
+ * 3. Signature integrity (timing-safe HMAC comparison).
+ * 4. Expiration (`exp` claim is in the future).
+ *
+ * All errors are returned as `{ valid: false, error }` — no exception is
+ * thrown to the caller.
+ *
+ * @param token  - The compact JWT string to verify.
+ * @param secret - HMAC secret that was used to sign the token.
+ * @param alg    - Expected signing algorithm.
+ * @returns A {@link VerifyResult} discriminated union.
+ */
+declare function verifyToken(token: string, secret: string, alg: JwtAlgorithm): VerifyResult;
+/**
+ * The object returned by {@link createJwtPlugin}.
+ *
+ * Mount the handlers on your router and apply the middleware to protected
+ * routes:
+ *
+ * ```ts
+ * const auth = createJwtPlugin({ accessTokenSecret: process.env.JWT_SECRET! });
+ *
+ * app.post('/auth/login',   json(), auth.login);
+ * app.post('/auth/refresh', json(), auth.refresh);
+ * app.post('/auth/logout',  json(), auth.logout);
+ *
+ * app.get('/me',    auth.authenticate, auth.authorize, getProfile);
+ * app.delete('/admin', ...auth.requireRole('admin'), deleteHandler);
+ * app.put('/posts', ...auth.requirePermission('write'), updateHandler);
+ * ```
+ */
+export interface JwtPlugin {
+    /**
+     * Route handler for `POST /auth/login`.
+     * Expects a JSON body with `{ username, password }`.
+     * On success: responds with `{ accessToken, refreshToken, expiresIn, tokenType }`.
+     */
+    login: Middleware;
+    /**
+     * Route handler for `POST /auth/refresh`.
+     * Expects a JSON body with `{ username, refreshToken }`.
+     * On success: responds with a new `{ accessToken, refreshToken, ... }` pair.
+     */
+    refresh: Middleware;
+    /**
+     * Route handler for `POST /auth/logout`.
+     * Expects a JSON body with `{ refreshToken }` (optional).
+     * Always responds with 200; revokes the refresh token if provided.
+     */
+    logout: Middleware;
+    /**
+     * Middleware that validates the `Authorization: Bearer <token>` header.
+     * Sets `req.user` to the decoded {@link TokenPayload} on success.
+     * Calls `next()` silently (without error) when the token is absent or invalid,
+     * allowing the route to decide how to handle unauthenticated requests.
+     */
+    authenticate: Middleware;
+    /**
+     * Middleware that rejects unauthenticated requests with 401.
+     * Should be placed **after** {@link authenticate}:
+     * `router.get('/me', auth.authenticate, auth.authorize, handler)`.
+     */
+    authorize: Middleware;
+    /**
+     * Middleware factory that requires the authenticated user to have at least
+     * one of the specified roles.  Returns `[authenticate, roleCheck]` so it
+     * can be spread directly into a route registration:
+     * `router.get('/admin', ...auth.requireRole('admin'), handler)`.
+     * Responds with 401 when unauthenticated, 403 when the role is missing.
+     */
+    requireRole: (...roles: string[]) => Middleware[];
+    /**
+     * Middleware factory that requires the authenticated user to have **all**
+     * of the specified permissions.  Returns `[authenticate, permCheck]`.
+     * Responds with 401 when unauthenticated, 403 when any permission is missing.
+     */
+    requirePermission: (...permissions: string[]) => Middleware[];
+}
+/**
+ * Create a JWT authentication plugin pre-configured with the given options.
+ *
+ * All config fields have safe defaults for development.  At minimum, set
+ * `accessTokenSecret` (and `refreshTokenSecret` if you plan to use it) to
+ * random values in production.
+ *
+ * @param userConfig - Partial {@link JwtConfig} overrides.
+ * @returns A {@link JwtPlugin} object exposing handlers and middleware.
+ */
+export declare function createJwtPlugin(userConfig?: Partial<JwtConfig>): JwtPlugin;
+export default createJwtPlugin;
+export { signToken, verifyToken, hashPassword as _hashPassword };
+//# sourceMappingURL=jwt-auth.d.ts.map

package/dist/jwt-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-auth.d.ts","sourceRoot":"","sources":["../src/jwt-auth.ts"],"names":[],"mappings":"AAoBA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,KAAK,EAAiC,UAAU,EAAE,MAAM,aAAa,CAAC;AAM7E,qEAAqE;AACrE,MAAM,WAAW,UAAU;IACzB,uEAAuE;IACvE,EAAE,CAAC,EAAY,MAAM,CAAC;IACtB,sBAAsB;IACtB,QAAQ,EAAO,MAAM,CAAC;IACtB;;;OAGG;IACH,YAAY,EAAG,MAAM,CAAC;IACtB,sEAAsE;IACtE,KAAK,CAAC,EAAS,MAAM,EAAE,CAAC;IACxB;;;OAGG;IACH,WAAW,CAAC,EAAG,MAAM,EAAE,CAAC;IACxB,4DAA4D;IAC5D,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,oDAAoD;IACpD,GAAG,EAAW,MAAM,CAAC;IACrB,+CAA+C;IAC/C,QAAQ,EAAM,MAAM,CAAC;IACrB,4CAA4C;IAC5C,GAAG,EAAW,MAAM,CAAC;IACrB,0CAA0C;IAC1C,GAAG,EAAW,MAAM,CAAC;IACrB,2CAA2C;IAC3C,GAAG,EAAW,MAAM,CAAC;IACrB,yCAAyC;IACzC,KAAK,CAAC,EAAQ,MAAM,EAAE,CAAC;IACvB,+CAA+C;IAC/C,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,0DAA0D;IAC1D,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,oEAAoE;AACpE,UAAU,gBAAgB;IACxB,gDAAgD;IAChD,QAAQ,EAAG,MAAM,CAAC;IAClB,qCAAqC;IACrC,QAAQ,EAAG,MAAM,CAAC;IAClB,gEAAgE;IAChE,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,gBAAgB,GAAG,IAAI,CAAC;IAChD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS,CAAC;IAC/C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;AAEvD;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,wEAAwE;IACxE,iBAAiB,EAAG,MAAM,CAAC;IAC3B;+EAC2E;IAC3E,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oEAAoE;IACpE,iBAAiB,EAAG,MAAM,CAAC;IAC3B,iEAAiE;IACjE,kBAAkB,EAAE,MAAM,CAAC;IAC3B,2CAA2C;IAC3C,MAAM,EAAc,MAAM,CAAC;IAC3B;;;;OAIG;IACH,WAAW,EAAS,OAAO,CAAC;IAC5B,oDAAoD;IACpD,GAAG,EAAiB,YAAY,CAAC;IACjC;;;OAGG;IACH,QAAQ,EAAY,CAAC,IAAI,EAAE,UAAU,KAAK,MAAM,CAAC;IACjD;;;OAGG;IACH,SAAS,EAAW,CAAC,QAAQ,EAAE,MAAM,KAAK,UAAU,GAAG,SAAS,CAAC;IACjE;;;;;;OAMG;IACH,eAAe,EAAK,CAAC,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;IACpE;;;;OAIG;IACH,OAAO,EAAa,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC;IAChE;;;;OAIG;IACH,iBAAiB,EAAG,UAAU,CAAC;CAChC;AAQD,8CAA8C;AAC9C,KAAK,YAAY,GACb;IAAE,KAAK,EAAE,IAAI,CAAC;IAAE,OAAO,EAAE,YAAY,CAAA;CAAE,GACvC;IAAE,KAAK,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAMpC;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAErD;AAED;;;;;;GAMG;AACH,eAAO,MAAM,YAAY,yBAsBvB,CAAC;AAsGH;;;;;;;;;;;;GAYG;AACH,iBAAS,SAAS,CAChB,OAAO,EAAI,OAAO,CAAC,YAAY,CAAC,EAChC,MAAM,EAAK,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,GAAG,GAAQ,YAAsB,GAChC,MAAM,CAMR;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,iBAAS,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,YAAY,GAAG,YAAY,CAyCnF;AA0ID;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,SAAS;IACxB;;;;OAIG;IACH,KAAK,EAAE,UAAU,CAAC;IAClB;;;;OAIG;IACH,OAAO,EAAE,UAAU,CAAC;IACpB;;;;OAIG;IACH,MAAM,EAAE,UAAU,CAAC;IACnB;;;;;OAKG;IACH,YAAY,EAAE,UAAU,CAAC;IACzB;;;;OAIG;IACH,SAAS,EAAE,UAAU,CAAC;IACtB;;;;;;OAMG;IACH,WAAW,EAAQ,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,KAAW,UAAU,EAAE,CAAC;IAC9D;;;;OAIG;IACH,iBAAiB,EAAE,CAAC,GAAG,WAAW,EAAE,MAAM,EAAE,KAAK,UAAU,EAAE,CAAC;CAC/D;AAED;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,UAAU,GAAE,OAAO,CAAC,SAAS,CAAM,GAAG,SAAS,CA8N9E;AAED,eAAe,eAAe,CAAC;AAG/B,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,YAAY,IAAI,aAAa,EAAE,CAAC"}