mocktp 0.0.1-security → 3.15.3

package/dist/rules/websockets/websocket-handler-definitions.d.ts

@@ -0,0 +1,78 @@
+import { ClientServerChannel, Serializable, SerializedProxyConfig } from "../../serialization/serialization";
+import { Explainable, Headers } from "../../types";
+import { ProxyConfig } from '../proxy-config';
+import { PassThroughHandlerConnectionOptions, ForwardingOptions, PassThroughLookupOptions, CADefinition } from '../passthrough-handling-definitions';
+import { CloseConnectionHandlerDefinition, ResetConnectionHandlerDefinition, TimeoutHandlerDefinition } from '../requests/request-handler-definitions';
+export interface WebSocketHandlerDefinition extends Explainable, Serializable {
+    type: keyof typeof WsHandlerDefinitionLookup;
+}
+export type PassThroughWebSocketHandlerOptions = PassThroughHandlerConnectionOptions;
+/**
+ * @internal
+ */
+export interface SerializedPassThroughWebSocketData {
+    type: 'ws-passthrough';
+    forwarding?: ForwardingOptions;
+    lookupOptions?: PassThroughLookupOptions;
+    proxyConfig?: SerializedProxyConfig;
+    ignoreHostCertificateErrors?: string[] | boolean;
+    extraCACertificates?: Array<{
+        cert: string;
+    } | {
+        certPath: string;
+    }>;
+    clientCertificateHostMap?: {
+        [host: string]: {
+            pfx: string;
+            passphrase?: string;
+        };
+    };
+}
+export declare class PassThroughWebSocketHandlerDefinition extends Serializable implements WebSocketHandlerDefinition {
+    readonly type = "ws-passthrough";
+    readonly lookupOptions: PassThroughLookupOptions | undefined;
+    readonly proxyConfig?: ProxyConfig;
+    readonly forwarding?: ForwardingOptions;
+    readonly ignoreHostHttpsErrors: string[] | boolean;
+    readonly clientCertificateHostMap: {
+        [host: string]: {
+            pfx: Buffer;
+            passphrase?: string;
+        };
+    };
+    readonly extraCACertificates: Array<CADefinition>;
+    constructor(options?: PassThroughWebSocketHandlerOptions);
+    explain(): string;
+    /**
+     * @internal
+     */
+    serialize(channel: ClientServerChannel): SerializedPassThroughWebSocketData;
+}
+export declare class EchoWebSocketHandlerDefinition extends Serializable implements WebSocketHandlerDefinition {
+    readonly type = "ws-echo";
+    explain(): string;
+}
+export declare class ListenWebSocketHandlerDefinition extends Serializable implements WebSocketHandlerDefinition {
+    readonly type = "ws-listen";
+    explain(): string;
+}
+export declare class RejectWebSocketHandlerDefinition extends Serializable implements WebSocketHandlerDefinition {
+    readonly statusCode: number;
+    readonly statusMessage: string;
+    readonly headers: Headers;
+    readonly body: Buffer | string;
+    readonly type = "ws-reject";
+    constructor(statusCode: number, statusMessage?: string, headers?: Headers, body?: Buffer | string);
+    explain(): string;
+}
+export { CloseConnectionHandlerDefinition, ResetConnectionHandlerDefinition, TimeoutHandlerDefinition };
+export declare const WsHandlerDefinitionLookup: {
+    'ws-passthrough': typeof PassThroughWebSocketHandlerDefinition;
+    'ws-echo': typeof EchoWebSocketHandlerDefinition;
+    'ws-listen': typeof ListenWebSocketHandlerDefinition;
+    'ws-reject': typeof RejectWebSocketHandlerDefinition;
+    'close-connection': typeof CloseConnectionHandlerDefinition;
+    'reset-connection': typeof ResetConnectionHandlerDefinition;
+    timeout: typeof TimeoutHandlerDefinition;
+};
+//# sourceMappingURL=websocket-handler-definitions.d.ts.map

package/dist/rules/websockets/websocket-handler-definitions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"websocket-handler-definitions.d.ts","sourceRoot":"","sources":["../../../src/rules/websockets/websocket-handler-definitions.ts"],"names":[],"mappings":"AAIA,OAAO,EACH,mBAAmB,EACnB,YAAY,EACZ,qBAAqB,EAGxB,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEnD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACH,mCAAmC,EACnC,iBAAiB,EACjB,wBAAwB,EACxB,YAAY,EACf,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EACH,gCAAgC,EAChC,gCAAgC,EAChC,wBAAwB,EAC3B,MAAM,yCAAyC,CAAC;AAejD,MAAM,WAAW,0BAA2B,SAAQ,WAAW,EAAE,YAAY;IACzE,IAAI,EAAE,MAAM,OAAO,yBAAyB,CAAC;CAChD;AAED,MAAM,MAAM,kCAAkC,GAAG,mCAAmC,CAAC;AAErF;;GAEG;AACH,MAAM,WAAW,kCAAkC;IAC/C,IAAI,EAAE,gBAAgB,CAAC;IACvB,UAAU,CAAC,EAAE,iBAAiB,CAAC;IAC/B,aAAa,CAAC,EAAE,wBAAwB,CAAC;IACzC,WAAW,CAAC,EAAE,qBAAqB,CAAC;IACpC,2BAA2B,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACjD,mBAAmB,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrE,wBAAwB,CAAC,EAAE;QAAE,CAAC,IAAI,EAAE,MAAM,GAAG;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,UAAU,CAAC,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAC;CACvF;AAED,qBAAa,qCAAsC,SAAQ,YAAa,YAAW,0BAA0B;IACzG,QAAQ,CAAC,IAAI,oBAAoB;IAGjC,SAAgB,aAAa,EAAE,wBAAwB,GAAG,SAAS,CAAC;IACpE,SAAgB,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1C,SAAgB,UAAU,CAAC,EAAE,iBAAiB,CAAC;IAC/C,SAAgB,qBAAqB,EAAE,MAAM,EAAE,GAAG,OAAO,CAAM;IAC/D,SAAgB,wBAAwB,EAAE;QACtC,CAAC,IAAI,EAAE,MAAM,GAAG;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,UAAU,CAAC,EAAE,MAAM,CAAA;SAAE,CAAA;KACvD,CAAC;IAEF,SAAgB,mBAAmB,EAAE,KAAK,CAAC,YAAY,CAAC,CAAM;gBAElD,OAAO,GAAE,kCAAuC;IAkC5D,OAAO;IAMP;;OAEG;IACH,SAAS,CAAC,OAAO,EAAE,mBAAmB,GAAG,kCAAkC;CAuB9E;AAED,qBAAa,8BAA+B,SAAQ,YAAa,YAAW,0BAA0B;IAElG,QAAQ,CAAC,IAAI,aAAa;IAE1B,OAAO,IAAI,MAAM;CAGpB;AAED,qBAAa,gCAAiC,SAAQ,YAAa,YAAW,0BAA0B;IAEpG,QAAQ,CAAC,IAAI,eAAe;IAE5B,OAAO,IAAI,MAAM;CAGpB;AAED,qBAAa,gCAAiC,SAAQ,YAAa,YAAW,0BAA0B;aAKhF,UAAU,EAAE,MAAM;aAClB,aAAa,EAAE,MAAM;aACrB,OAAO,EAAE,OAAO;aAChB,IAAI,EAAE,MAAM,GAAG,MAAM;IANzC,QAAQ,CAAC,IAAI,eAAe;gBAGR,UAAU,EAAE,MAAM,EAClB,aAAa,GAAE,MAA6B,EAC5C,OAAO,GAAE,OAAY,EACrB,IAAI,GAAE,MAAM,GAAG,MAAW;IAK9C,OAAO;CAIV;AAID,OAAO,EACH,gCAAgC,EAChC,gCAAgC,EAChC,wBAAwB,EAC3B,CAAC;AAEF,eAAO,MAAM,yBAAyB;;;;;;;;CAQrC,CAAC"}

package/dist/rules/websockets/websocket-handler-definitions.js

@@ -0,0 +1,118 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WsHandlerDefinitionLookup = exports.TimeoutHandlerDefinition = exports.ResetConnectionHandlerDefinition = exports.CloseConnectionHandlerDefinition = exports.RejectWebSocketHandlerDefinition = exports.ListenWebSocketHandlerDefinition = exports.EchoWebSocketHandlerDefinition = exports.PassThroughWebSocketHandlerDefinition = void 0;
+const _ = require("lodash");
+const url = require("url");
+const common_tags_1 = require("common-tags");
+const serialization_1 = require("../../serialization/serialization");
+const request_handler_definitions_1 = require("../requests/request-handler-definitions");
+Object.defineProperty(exports, "CloseConnectionHandlerDefinition", { enumerable: true, get: function () { return request_handler_definitions_1.CloseConnectionHandlerDefinition; } });
+Object.defineProperty(exports, "ResetConnectionHandlerDefinition", { enumerable: true, get: function () { return request_handler_definitions_1.ResetConnectionHandlerDefinition; } });
+Object.defineProperty(exports, "TimeoutHandlerDefinition", { enumerable: true, get: function () { return request_handler_definitions_1.TimeoutHandlerDefinition; } });
+class PassThroughWebSocketHandlerDefinition extends serialization_1.Serializable {
+    constructor(options = {}) {
+        super();
+        this.type = 'ws-passthrough';
+        this.ignoreHostHttpsErrors = [];
+        this.extraCACertificates = [];
+        // If a location is provided, and it's not a bare hostname, it must be parseable
+        const { forwarding } = options;
+        if (forwarding && forwarding.targetHost.includes('/')) {
+            const { protocol, hostname, port, path } = url.parse(forwarding.targetHost);
+            if (path && path.trim() !== "/") {
+                const suggestion = url.format({ protocol, hostname, port }) ||
+                    forwarding.targetHost.slice(0, forwarding.targetHost.indexOf('/'));
+                throw new Error((0, common_tags_1.stripIndent) `
+                    URLs for forwarding cannot include a path, but "${forwarding.targetHost}" does. ${''}Did you mean ${suggestion}?
+                `);
+            }
+        }
+        this.forwarding = options.forwarding;
+        this.ignoreHostHttpsErrors = options.ignoreHostHttpsErrors || [];
+        if (!Array.isArray(this.ignoreHostHttpsErrors) && typeof this.ignoreHostHttpsErrors !== 'boolean') {
+            throw new Error("ignoreHostHttpsErrors must be an array or a boolean");
+        }
+        this.lookupOptions = options.lookupOptions;
+        this.proxyConfig = options.proxyConfig;
+        this.extraCACertificates =
+            options.additionalTrustedCAs ||
+                options.trustAdditionalCAs ||
+                [];
+        this.clientCertificateHostMap = options.clientCertificateHostMap || {};
+    }
+    explain() {
+        return this.forwarding
+            ? `forward the websocket to ${this.forwarding.targetHost}`
+            : 'pass the request through to the target host';
+    }
+    /**
+     * @internal
+     */
+    serialize(channel) {
+        return {
+            type: this.type,
+            forwarding: this.forwarding,
+            lookupOptions: this.lookupOptions,
+            proxyConfig: (0, serialization_1.serializeProxyConfig)(this.proxyConfig, channel),
+            ignoreHostCertificateErrors: this.ignoreHostHttpsErrors,
+            extraCACertificates: this.extraCACertificates.map((certObject) => {
+                // We use toString to make sure that buffers always end up as
+                // as UTF-8 string, to avoid serialization issues. Strings are an
+                // easy safe format here, since it's really all just plain-text PEM
+                // under the hood.
+                if ('cert' in certObject) {
+                    return { cert: certObject.cert.toString('utf8') };
+                }
+                else {
+                    return certObject;
+                }
+            }),
+            clientCertificateHostMap: _.mapValues(this.clientCertificateHostMap, ({ pfx, passphrase }) => ({ pfx: (0, serialization_1.serializeBuffer)(pfx), passphrase }))
+        };
+    }
+}
+exports.PassThroughWebSocketHandlerDefinition = PassThroughWebSocketHandlerDefinition;
+class EchoWebSocketHandlerDefinition extends serialization_1.Serializable {
+    constructor() {
+        super(...arguments);
+        this.type = 'ws-echo';
+    }
+    explain() {
+        return "echo all websocket messages";
+    }
+}
+exports.EchoWebSocketHandlerDefinition = EchoWebSocketHandlerDefinition;
+class ListenWebSocketHandlerDefinition extends serialization_1.Serializable {
+    constructor() {
+        super(...arguments);
+        this.type = 'ws-listen';
+    }
+    explain() {
+        return "silently accept websocket messages without responding";
+    }
+}
+exports.ListenWebSocketHandlerDefinition = ListenWebSocketHandlerDefinition;
+class RejectWebSocketHandlerDefinition extends serialization_1.Serializable {
+    constructor(statusCode, statusMessage = 'WebSocket rejected', headers = {}, body = '') {
+        super();
+        this.statusCode = statusCode;
+        this.statusMessage = statusMessage;
+        this.headers = headers;
+        this.body = body;
+        this.type = 'ws-reject';
+    }
+    explain() {
+        return `explicitly reject the websocket upgrade with status ${this.statusCode}`;
+    }
+}
+exports.RejectWebSocketHandlerDefinition = RejectWebSocketHandlerDefinition;
+exports.WsHandlerDefinitionLookup = {
+    'ws-passthrough': PassThroughWebSocketHandlerDefinition,
+    'ws-echo': EchoWebSocketHandlerDefinition,
+    'ws-listen': ListenWebSocketHandlerDefinition,
+    'ws-reject': RejectWebSocketHandlerDefinition,
+    'close-connection': request_handler_definitions_1.CloseConnectionHandlerDefinition,
+    'reset-connection': request_handler_definitions_1.ResetConnectionHandlerDefinition,
+    'timeout': request_handler_definitions_1.TimeoutHandlerDefinition
+};
+//# sourceMappingURL=websocket-handler-definitions.js.map

package/dist/rules/websockets/websocket-handler-definitions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"websocket-handler-definitions.js","sourceRoot":"","sources":["../../../src/rules/websockets/websocket-handler-definitions.ts"],"names":[],"mappings":";;;AAAA,4BAA4B;AAC5B,2BAA2B;AAC3B,6CAA0C;AAE1C,qEAM2C;AAW3C,yFAIiD;AA6J7C,iHAhKA,8DAAgC,OAgKA;AAChC,iHAhKA,8DAAgC,OAgKA;AAChC,yGAhKA,sDAAwB,OAgKA;AA7H5B,MAAa,qCAAsC,SAAQ,4BAAY;IAenE,YAAY,UAA8C,EAAE;QACxD,KAAK,EAAE,CAAC;QAfH,SAAI,GAAG,gBAAgB,CAAC;QAOjB,0BAAqB,GAAuB,EAAE,CAAC;QAK/C,wBAAmB,GAAwB,EAAE,CAAC;QAK1D,gFAAgF;QAChF,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;QAC/B,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACpD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC5E,IAAI,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBAC9B,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;oBACvD,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvE,MAAM,IAAI,KAAK,CAAC,IAAA,yBAAW,EAAA;sEAC2B,UAAU,CAAC,UAAU,WAAW,EAClF,gBAAgB,UAAU;iBAC7B,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QAErC,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,IAAI,EAAE,CAAC;QACjE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,qBAAqB,CAAC,IAAI,OAAO,IAAI,CAAC,qBAAqB,KAAK,SAAS,EAAE,CAAC;YAChG,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QAEvC,IAAI,CAAC,mBAAmB;YACpB,OAAO,CAAC,oBAAoB;gBAC5B,OAAO,CAAC,kBAAkB;gBAC1B,EAAE,CAAC;QACP,IAAI,CAAC,wBAAwB,GAAG,OAAO,CAAC,wBAAwB,IAAI,EAAE,CAAC;IAC3E,CAAC;IAED,OAAO;QACH,OAAO,IAAI,CAAC,UAAU;YAClB,CAAC,CAAC,4BAA4B,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;YAC1D,CAAC,CAAC,6CAA6C,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,OAA4B;QAClC,OAAO;YACH,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,WAAW,EAAE,IAAA,oCAAoB,EAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC;YAC5D,2BAA2B,EAAE,IAAI,CAAC,qBAAqB;YACvD,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE;gBAC7D,6DAA6D;gBAC7D,iEAAiE;gBACjE,mEAAmE;gBACnE,kBAAkB;gBAClB,IAAI,MAAM,IAAI,UAAU,EAAE,CAAC;oBACvB,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAA;gBACrD,CAAC;qBAAM,CAAC;oBACJ,OAAO,UAAU,CAAC;gBACtB,CAAC;YACL,CAAC,CAAC;YACF,wBAAwB,EAAE,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,wBAAwB,EAC/D,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,IAAA,+BAAe,EAAC,GAAG,CAAC,EAAE,UAAU,EAAE,CAAC,CACvE;SACJ,CAAC;IACN,CAAC;CACJ;AAjFD,sFAiFC;AAED,MAAa,8BAA+B,SAAQ,4BAAY;IAAhE;;QAEa,SAAI,GAAG,SAAS,CAAC;IAK9B,CAAC;IAHG,OAAO;QACH,OAAO,6BAA6B,CAAC;IACzC,CAAC;CACJ;AAPD,wEAOC;AAED,MAAa,gCAAiC,SAAQ,4BAAY;IAAlE;;QAEa,SAAI,GAAG,WAAW,CAAC;IAKhC,CAAC;IAHG,OAAO;QACH,OAAO,uDAAuD,CAAC;IACnE,CAAC;CACJ;AAPD,4EAOC;AAED,MAAa,gCAAiC,SAAQ,4BAAY;IAI9D,YACoB,UAAkB,EAClB,gBAAwB,oBAAoB,EAC5C,UAAmB,EAAE,EACrB,OAAwB,EAAE;QAE1C,KAAK,EAAE,CAAC;QALQ,eAAU,GAAV,UAAU,CAAQ;QAClB,kBAAa,GAAb,aAAa,CAA+B;QAC5C,YAAO,GAAP,OAAO,CAAc;QACrB,SAAI,GAAJ,IAAI,CAAsB;QANrC,SAAI,GAAG,WAAW,CAAC;IAS5B,CAAC;IAED,OAAO;QACH,OAAO,uDAAuD,IAAI,CAAC,UAAU,EAAE,CAAC;IACpF,CAAC;CAEJ;AAjBD,4EAiBC;AAUY,QAAA,yBAAyB,GAAG;IACrC,gBAAgB,EAAE,qCAAqC;IACvD,SAAS,EAAE,8BAA8B;IACzC,WAAW,EAAE,gCAAgC;IAC7C,WAAW,EAAE,gCAAgC;IAC7C,kBAAkB,EAAE,8DAAgC;IACpD,kBAAkB,EAAE,8DAAgC;IACpD,SAAS,EAAE,sDAAwB;CACtC,CAAC"}

package/dist/rules/websockets/websocket-handlers.d.ts

@@ -0,0 +1,39 @@
+import net = require('net');
+import * as http from 'http';
+import { ClientServerChannel } from "../../serialization/serialization";
+import { OngoingRequest } from "../../types";
+import { CloseConnectionHandler, ResetConnectionHandler, TimeoutHandler } from '../requests/request-handlers';
+import { RuleParameters } from '../rule-parameters';
+import { EchoWebSocketHandlerDefinition, ListenWebSocketHandlerDefinition, PassThroughWebSocketHandlerDefinition, PassThroughWebSocketHandlerOptions, RejectWebSocketHandlerDefinition, SerializedPassThroughWebSocketData, WebSocketHandlerDefinition, WsHandlerDefinitionLookup } from './websocket-handler-definitions';
+export interface WebSocketHandler extends WebSocketHandlerDefinition {
+    handle(request: OngoingRequest & http.IncomingMessage, socket: net.Socket, head: Buffer): Promise<void>;
+}
+export { PassThroughWebSocketHandlerOptions };
+export declare class PassThroughWebSocketHandler extends PassThroughWebSocketHandlerDefinition {
+    private wsServer?;
+    private initializeWsServer;
+    private _trustedCACertificates;
+    private trustedCACertificates;
+    handle(req: OngoingRequest, socket: net.Socket, head: Buffer): Promise<void>;
+    private connectUpstream;
+    /**
+     * @internal
+     */
+    static deserialize(data: SerializedPassThroughWebSocketData, channel: ClientServerChannel, ruleParams: RuleParameters): any;
+}
+export declare class EchoWebSocketHandler extends EchoWebSocketHandlerDefinition {
+    private wsServer?;
+    private initializeWsServer;
+    handle(req: OngoingRequest & http.IncomingMessage, socket: net.Socket, head: Buffer): Promise<void>;
+}
+export declare class ListenWebSocketHandler extends ListenWebSocketHandlerDefinition {
+    private wsServer?;
+    private initializeWsServer;
+    handle(req: OngoingRequest & http.IncomingMessage, socket: net.Socket, head: Buffer): Promise<void>;
+}
+export declare class RejectWebSocketHandler extends RejectWebSocketHandlerDefinition {
+    handle(req: OngoingRequest, socket: net.Socket, head: Buffer): Promise<void>;
+}
+export { CloseConnectionHandler, ResetConnectionHandler, TimeoutHandler };
+export declare const WsHandlerLookup: typeof WsHandlerDefinitionLookup;
+//# sourceMappingURL=websocket-handlers.d.ts.map

package/dist/rules/websockets/websocket-handlers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"websocket-handlers.d.ts","sourceRoot":"","sources":["../../../src/rules/websockets/websocket-handlers.ts"],"names":[],"mappings":"AACA,OAAO,GAAG,GAAG,QAAQ,KAAK,CAAC,CAAC;AAG5B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAI7B,OAAO,EACH,mBAAmB,EAGtB,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EAAE,cAAc,EAAc,MAAM,aAAa,CAAC;AAEzD,OAAO,EACH,sBAAsB,EACtB,sBAAsB,EACtB,cAAc,EACjB,MAAM,8BAA8B,CAAC;AAetC,OAAO,EAA2B,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAS7E,OAAO,EACH,8BAA8B,EAC9B,gCAAgC,EAChC,qCAAqC,EACrC,kCAAkC,EAClC,gCAAgC,EAChC,kCAAkC,EAClC,0BAA0B,EAC1B,yBAAyB,EAC5B,MAAM,iCAAiC,CAAC;AAEzC,MAAM,WAAW,gBAAiB,SAAQ,0BAA0B;IAChE,MAAM,CAEF,OAAO,EAAE,cAAc,GAAG,IAAI,CAAC,eAAe,EAE9C,MAAM,EAAE,GAAG,CAAC,MAAM,EAElB,IAAI,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;CACpB;AAwHD,OAAO,EAAE,kCAAkC,EAAE,CAAC;AAE9C,qBAAa,2BAA4B,SAAQ,qCAAqC;IAElF,OAAO,CAAC,QAAQ,CAAC,CAAmB;IAEpC,OAAO,CAAC,kBAAkB;IAoB1B,OAAO,CAAC,sBAAsB,CAA0C;YAC1D,qBAAqB;IAU7B,MAAM,CAAC,GAAG,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM;YAwEpD,eAAe;IAwH7B;;OAEG;IACH,MAAM,CAAC,WAAW,CACd,IAAI,EAAE,kCAAkC,EACxC,OAAO,EAAE,mBAAmB,EAC5B,UAAU,EAAE,cAAc,GAC3B,GAAG;CAYT;AAED,qBAAa,oBAAqB,SAAQ,8BAA8B;IAEpE,OAAO,CAAC,QAAQ,CAAC,CAAmB;IAEpC,OAAO,CAAC,kBAAkB;IASpB,MAAM,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM;CAQ5F;AAED,qBAAa,sBAAuB,SAAQ,gCAAgC;IAExE,OAAO,CAAC,QAAQ,CAAC,CAAmB;IAEpC,OAAO,CAAC,kBAAkB;IAUpB,MAAM,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM;CAQ5F;AAED,qBAAa,sBAAuB,SAAQ,gCAAgC;IAElE,MAAM,CAAC,GAAG,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM;CAOrE;AAID,OAAO,EACH,sBAAsB,EACtB,sBAAsB,EACtB,cAAc,EACjB,CAAC;AAEF,eAAO,MAAM,eAAe,EAAE,OAAO,yBAQpC,CAAC"}

package/dist/rules/websockets/websocket-handlers.js

@@ -0,0 +1,356 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WsHandlerLookup = exports.TimeoutHandler = exports.ResetConnectionHandler = exports.CloseConnectionHandler = exports.RejectWebSocketHandler = exports.ListenWebSocketHandler = exports.EchoWebSocketHandler = exports.PassThroughWebSocketHandler = void 0;
+const _ = require("lodash");
+const url = require("url");
+const WebSocket = require("ws");
+const serialization_1 = require("../../serialization/serialization");
+const request_handlers_1 = require("../requests/request-handlers");
+Object.defineProperty(exports, "CloseConnectionHandler", { enumerable: true, get: function () { return request_handlers_1.CloseConnectionHandler; } });
+Object.defineProperty(exports, "ResetConnectionHandler", { enumerable: true, get: function () { return request_handlers_1.ResetConnectionHandler; } });
+Object.defineProperty(exports, "TimeoutHandler", { enumerable: true, get: function () { return request_handlers_1.TimeoutHandler; } });
+const url_1 = require("../../util/url");
+const request_utils_1 = require("../../util/request-utils");
+const header_utils_1 = require("../../util/header-utils");
+const buffer_utils_1 = require("../../util/buffer-utils");
+const http_agents_1 = require("../http-agents");
+const rule_parameters_1 = require("../rule-parameters");
+const passthrough_handling_1 = require("../passthrough-handling");
+const websocket_handler_definitions_1 = require("./websocket-handler-definitions");
+function isOpen(socket) {
+    return socket.readyState === WebSocket.OPEN;
+}
+// Based on ws's validation.js
+function isValidStatusCode(code) {
+    return ( // Standard code:
+    code >= 1000 &&
+        code <= 1014 &&
+        code !== 1004 &&
+        code !== 1005 &&
+        code !== 1006) || ( // Application-specific code:
+    code >= 3000 && code <= 4999);
+}
+const INVALID_STATUS_REGEX = /Invalid WebSocket frame: invalid status code (\d+)/;
+function pipeWebSocket(inSocket, outSocket) {
+    const onPipeFailed = (op) => (err) => {
+        if (!err)
+            return;
+        inSocket.close();
+        console.error(`Websocket ${op} failed`, err);
+    };
+    inSocket.on('message', (msg, isBinary) => {
+        if (isOpen(outSocket)) {
+            outSocket.send(msg, { binary: isBinary }, onPipeFailed('message'));
+        }
+    });
+    inSocket.on('close', (num, reason) => {
+        if (isValidStatusCode(num)) {
+            try {
+                outSocket.close(num, reason);
+            }
+            catch (e) {
+                console.warn(e);
+                outSocket.close();
+            }
+        }
+        else {
+            outSocket.close();
+        }
+    });
+    inSocket.on('ping', (data) => {
+        if (isOpen(outSocket))
+            outSocket.ping(data, undefined, onPipeFailed('ping'));
+    });
+    inSocket.on('pong', (data) => {
+        if (isOpen(outSocket))
+            outSocket.pong(data, undefined, onPipeFailed('pong'));
+    });
+    // If either socket has an general error (connection failure, but also could be invalid WS
+    // frames) then we kill the raw connection upstream to simulate a generic connection error:
+    inSocket.on('error', (err) => {
+        console.log(`Error in proxied WebSocket:`, err);
+        const rawOutSocket = outSocket;
+        if (err.message.match(INVALID_STATUS_REGEX)) {
+            const status = parseInt(INVALID_STATUS_REGEX.exec(err.message)[1]);
+            // Simulate errors elsewhere by messing with ws internals. This may break things,
+            // that's effectively on purpose: we're simulating the client going wrong:
+            const buf = Buffer.allocUnsafe(2);
+            buf.writeUInt16BE(status); // status comes from readUInt16BE, so always fits
+            const sender = rawOutSocket._sender;
+            sender.sendFrame(sender.constructor.frame(buf, {
+                fin: true,
+                rsv1: false,
+                opcode: 0x08,
+                mask: true,
+                readOnly: false
+            }), () => {
+                rawOutSocket._socket.destroy();
+            });
+        }
+        else {
+            // Unknown error, just kill the connection with no explanation
+            rawOutSocket._socket.destroy();
+        }
+    });
+}
+async function mirrorRejection(socket, rejectionResponse) {
+    if (socket.writable) {
+        const { statusCode, statusMessage, rawHeaders } = rejectionResponse;
+        socket.write(rawResponse(statusCode || 500, statusMessage || 'Unknown error', (0, header_utils_1.pairFlatRawHeaders)(rawHeaders)));
+        const body = await (0, buffer_utils_1.streamToBuffer)(rejectionResponse);
+        if (socket.writable)
+            socket.write(body);
+    }
+    socket.destroy();
+}
+const rawResponse = (statusCode, statusMessage, headers = []) => `HTTP/1.1 ${statusCode} ${statusMessage}\r\n` +
+    _.map(headers, ([key, value]) => `${key}: ${value}`).join('\r\n') +
+    '\r\n\r\n';
+class PassThroughWebSocketHandler extends websocket_handler_definitions_1.PassThroughWebSocketHandlerDefinition {
+    initializeWsServer() {
+        if (this.wsServer)
+            return;
+        this.wsServer = new WebSocket.Server({
+            noServer: true,
+            // Mirror subprotocols back to the client:
+            handleProtocols(protocols, request) {
+                return request.upstreamWebSocketProtocol
+                    // If there's no upstream socket, default to mirroring the first protocol. This matches
+                    // WS's default behaviour - we could be stricter, but it'd be a breaking change.
+                    ?? protocols.values().next().value
+                    ?? false; // If there were no protocols specific and this is called for some reason
+            },
+        });
+        this.wsServer.on('connection', (ws) => {
+            pipeWebSocket(ws, ws.upstreamWebSocket);
+            pipeWebSocket(ws.upstreamWebSocket, ws);
+        });
+    }
+    async trustedCACertificates() {
+        if (!this.extraCACertificates.length)
+            return undefined;
+        if (!this._trustedCACertificates) {
+            this._trustedCACertificates = (0, passthrough_handling_1.getTrustedCAs)(undefined, this.extraCACertificates);
+        }
+        return this._trustedCACertificates;
+    }
+    async handle(req, socket, head) {
+        this.initializeWsServer();
+        let { protocol, hostname, port, path } = url.parse(req.url);
+        const rawHeaders = req.rawHeaders;
+        const reqMessage = req;
+        const isH2Downstream = (0, request_utils_1.isHttp2)(req);
+        const hostHeaderName = isH2Downstream ? ':authority' : 'host';
+        hostname = await (0, passthrough_handling_1.getClientRelativeHostname)(hostname, req.remoteIpAddress, (0, passthrough_handling_1.getDnsLookupFunction)(this.lookupOptions));
+        if (this.forwarding) {
+            const { targetHost, updateHostHeader } = this.forwarding;
+            let wsUrl;
+            if (!targetHost.includes('/')) {
+                // We're forwarding to a bare hostname, just overwrite that bit:
+                [hostname, port] = targetHost.split(':');
+            }
+            else {
+                // Forwarding to a full URL; override the host & protocol, but never the path.
+                ({ protocol, hostname, port } = url.parse(targetHost));
+            }
+            // Connect directly to the forwarding target URL
+            wsUrl = `${protocol}//${hostname}${port ? ':' + port : ''}${path}`;
+            // Optionally update the host header too:
+            let hostHeader = (0, header_utils_1.findRawHeader)(rawHeaders, hostHeaderName);
+            if (!hostHeader) {
+                // Should never happen really, but just in case:
+                hostHeader = [hostHeaderName, hostname];
+                rawHeaders.unshift(hostHeader);
+            }
+            ;
+            if (updateHostHeader === undefined || updateHostHeader === true) {
+                // If updateHostHeader is true, or just not specified, match the new target
+                hostHeader[1] = hostname + (port ? `:${port}` : '');
+            }
+            else if (updateHostHeader) {
+                // If it's an explicit custom value, use that directly.
+                hostHeader[1] = updateHostHeader;
+            } // Otherwise: falsey means don't touch it.
+            await this.connectUpstream(wsUrl, reqMessage, rawHeaders, socket, head);
+        }
+        else if (!hostname) { // No hostname in URL means transparent proxy, so use Host header
+            const hostHeader = req.headers[hostHeaderName];
+            [hostname, port] = hostHeader.split(':');
+            // __lastHopEncrypted is set in http-combo-server, for requests that have explicitly
+            // CONNECTed upstream (which may then up/downgrade from the current encryption).
+            if (socket.__lastHopEncrypted !== undefined) {
+                protocol = socket.__lastHopEncrypted ? 'wss' : 'ws';
+            }
+            else {
+                protocol = reqMessage.connection.encrypted ? 'wss' : 'ws';
+            }
+            const wsUrl = `${protocol}://${hostname}${port ? ':' + port : ''}${path}`;
+            await this.connectUpstream(wsUrl, reqMessage, rawHeaders, socket, head);
+        }
+        else {
+            // Connect directly according to the specified URL
+            const wsUrl = `${protocol.replace('http', 'ws')}//${hostname}${port ? ':' + port : ''}${path}`;
+            await this.connectUpstream(wsUrl, reqMessage, rawHeaders, socket, head);
+        }
+    }
+    async connectUpstream(wsUrl, req, rawHeaders, incomingSocket, head) {
+        const parsedUrl = url.parse(wsUrl);
+        const effectivePort = (0, url_1.getEffectivePort)(parsedUrl);
+        const strictHttpsChecks = (0, passthrough_handling_1.shouldUseStrictHttps)(parsedUrl.hostname, effectivePort, this.ignoreHostHttpsErrors);
+        // Use a client cert if it's listed for the host+port or whole hostname
+        const hostWithPort = `${parsedUrl.hostname}:${effectivePort}`;
+        const clientCert = this.clientCertificateHostMap[hostWithPort] ||
+            this.clientCertificateHostMap[parsedUrl.hostname] ||
+            {};
+        const trustedCerts = await this.trustedCACertificates();
+        const caConfig = trustedCerts
+            ? { ca: trustedCerts }
+            : {};
+        const proxySettingSource = (0, rule_parameters_1.assertParamDereferenced)(this.proxyConfig);
+        const agent = await (0, http_agents_1.getAgent)({
+            protocol: parsedUrl.protocol,
+            hostname: parsedUrl.hostname,
+            port: effectivePort,
+            proxySettingSource,
+            tryHttp2: false, // We don't support websockets over H2 yet
+            keepAlive: false // Not a thing for websockets: they take over the whole connection
+        });
+        // We have to flatten the headers, as WS doesn't support raw headers - it builds its own
+        // header object internally.
+        const headers = (0, header_utils_1.rawHeadersToObjectPreservingCase)(rawHeaders);
+        // Subprotocols have to be handled explicitly. WS takes control of the headers itself,
+        // and checks the response, so we need to parse the client headers and use them manually:
+        const originalSubprotocols = (0, header_utils_1.findRawHeaders)(rawHeaders, 'sec-websocket-protocol')
+            .flatMap(([_k, value]) => value.split(',').map(p => p.trim()));
+        // Drop empty subprotocols, to better handle mildly badly behaved clients
+        const filteredSubprotocols = originalSubprotocols.filter(p => !!p);
+        // If the subprotocols are invalid (there are some empty strings, or an entirely empty value) then
+        // WS will reject the upgrade. With this, we reset the header to the 'equivalent' valid version, to
+        // avoid unnecessarily rejecting clients who send mildly wrong headers (empty protocol values).
+        if (originalSubprotocols.length !== filteredSubprotocols.length) {
+            if (filteredSubprotocols.length) {
+                // Note that req.headers is auto-lowercased by Node, so we can ignore case
+                req.headers['sec-websocket-protocol'] = filteredSubprotocols.join(',');
+            }
+            else {
+                delete req.headers['sec-websocket-protocol'];
+            }
+        }
+        const upstreamWebSocket = new WebSocket(wsUrl, filteredSubprotocols, {
+            maxPayload: 0,
+            agent,
+            lookup: (0, passthrough_handling_1.getDnsLookupFunction)(this.lookupOptions),
+            headers: _.omitBy(headers, (_v, headerName) => headerName.toLowerCase().startsWith('sec-websocket') ||
+                headerName.toLowerCase() === 'connection' ||
+                headerName.toLowerCase() === 'upgrade'), // Simplify to string - doesn't matter though, only used by http module anyway
+            // TLS options:
+            ...(0, passthrough_handling_1.getUpstreamTlsOptions)(strictHttpsChecks),
+            ...clientCert,
+            ...caConfig
+        });
+        upstreamWebSocket.once('open', () => {
+            // Used in the subprotocol selection handler during the upgrade:
+            req.upstreamWebSocketProtocol = upstreamWebSocket.protocol || false;
+            this.wsServer.handleUpgrade(req, incomingSocket, head, (ws) => {
+                ws.upstreamWebSocket = upstreamWebSocket;
+                incomingSocket.emit('ws-upgrade', ws);
+                this.wsServer.emit('connection', ws); // This pipes the connections together
+            });
+        });
+        // If the upstream says no, we say no too.
+        let unexpectedResponse = false;
+        upstreamWebSocket.on('unexpected-response', (req, res) => {
+            console.log(`Unexpected websocket response from ${wsUrl}: ${res.statusCode}`);
+            // Clean up the downstream connection
+            mirrorRejection(incomingSocket, res);
+            // Clean up the upstream connection (WS would do this automatically, but doesn't if you listen to this event)
+            // See https://github.com/websockets/ws/blob/45e17acea791d865df6b255a55182e9c42e5877a/lib/websocket.js#L1050
+            // We don't match that perfectly, but this should be effectively equivalent:
+            req.destroy();
+            if (req.socket && !req.socket.destroyed) {
+                res.socket.destroy();
+            }
+            unexpectedResponse = true; // So that we ignore this in the error handler
+            upstreamWebSocket.terminate();
+        });
+        // If there's some other error, we just kill the socket:
+        upstreamWebSocket.on('error', (e) => {
+            if (unexpectedResponse)
+                return; // Handled separately above
+            console.warn(e);
+            incomingSocket.end();
+        });
+        incomingSocket.on('error', () => upstreamWebSocket.close(1011)); // Internal error
+    }
+    /**
+     * @internal
+     */
+    static deserialize(data, channel, ruleParams) {
+        // By default, we assume we just need to assign the right prototype
+        return _.create(this.prototype, {
+            ...data,
+            proxyConfig: (0, serialization_1.deserializeProxyConfig)(data.proxyConfig, channel, ruleParams),
+            extraCACertificates: data.extraCACertificates || [],
+            ignoreHostHttpsErrors: data.ignoreHostCertificateErrors,
+            clientCertificateHostMap: _.mapValues(data.clientCertificateHostMap, ({ pfx, passphrase }) => ({ pfx: (0, serialization_1.deserializeBuffer)(pfx), passphrase })),
+        });
+    }
+}
+exports.PassThroughWebSocketHandler = PassThroughWebSocketHandler;
+class EchoWebSocketHandler extends websocket_handler_definitions_1.EchoWebSocketHandlerDefinition {
+    initializeWsServer() {
+        if (this.wsServer)
+            return;
+        this.wsServer = new WebSocket.Server({ noServer: true });
+        this.wsServer.on('connection', (ws) => {
+            pipeWebSocket(ws, ws);
+        });
+    }
+    async handle(req, socket, head) {
+        this.initializeWsServer();
+        this.wsServer.handleUpgrade(req, socket, head, (ws) => {
+            socket.emit('ws-upgrade', ws);
+            this.wsServer.emit('connection', ws);
+        });
+    }
+}
+exports.EchoWebSocketHandler = EchoWebSocketHandler;
+class ListenWebSocketHandler extends websocket_handler_definitions_1.ListenWebSocketHandlerDefinition {
+    initializeWsServer() {
+        if (this.wsServer)
+            return;
+        this.wsServer = new WebSocket.Server({ noServer: true });
+        this.wsServer.on('connection', (ws) => {
+            // Accept but ignore the incoming websocket data
+            ws.resume();
+        });
+    }
+    async handle(req, socket, head) {
+        this.initializeWsServer();
+        this.wsServer.handleUpgrade(req, socket, head, (ws) => {
+            socket.emit('ws-upgrade', ws);
+            this.wsServer.emit('connection', ws);
+        });
+    }
+}
+exports.ListenWebSocketHandler = ListenWebSocketHandler;
+class RejectWebSocketHandler extends websocket_handler_definitions_1.RejectWebSocketHandlerDefinition {
+    async handle(req, socket, head) {
+        socket.write(rawResponse(this.statusCode, this.statusMessage, (0, header_utils_1.objectHeadersToRaw)(this.headers)));
+        if (this.body)
+            socket.write(this.body);
+        socket.write('\r\n');
+        socket.destroy();
+    }
+}
+exports.RejectWebSocketHandler = RejectWebSocketHandler;
+exports.WsHandlerLookup = {
+    'ws-passthrough': PassThroughWebSocketHandler,
+    'ws-echo': EchoWebSocketHandler,
+    'ws-listen': ListenWebSocketHandler,
+    'ws-reject': RejectWebSocketHandler,
+    'close-connection': request_handlers_1.CloseConnectionHandler,
+    'reset-connection': request_handlers_1.ResetConnectionHandler,
+    'timeout': request_handlers_1.TimeoutHandler
+};
+//# sourceMappingURL=websocket-handlers.js.map

package/dist/rules/websockets/websocket-handlers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"websocket-handlers.js","sourceRoot":"","sources":["../../../src/rules/websockets/websocket-handlers.ts"],"names":[],"mappings":";;;AAAA,4BAA4B;AAE5B,2BAA2B;AAI3B,gCAAgC;AAEhC,qEAI2C;AAI3C,mEAIsC;AA2dlC,uGA9dA,yCAAsB,OA8dA;AACtB,uGA9dA,yCAAsB,OA8dA;AACtB,+FA9dA,iCAAc,OA8dA;AA5dlB,wCAAkD;AAClD,4DAAmD;AACnD,0DAMiC;AACjC,0DAAyD;AAGzD,gDAA0C;AAE1C,wDAA6E;AAC7E,kEAMiC;AAEjC,mFASyC;AAqBzC,SAAS,MAAM,CAAC,MAAiB;IAC7B,OAAO,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,CAAC;AAChD,CAAC;AAED,8BAA8B;AAC9B,SAAS,iBAAiB,CAAC,IAAY;IACnC,OAAO,EAAE,iBAAiB;IACtB,IAAI,IAAI,IAAI;QACZ,IAAI,IAAI,IAAI;QACZ,IAAI,KAAK,IAAI;QACb,IAAI,KAAK,IAAI;QACb,IAAI,KAAK,IAAI,CAChB,IAAI,EAAE,6BAA6B;IAChC,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,CAC/B,CAAC;AACN,CAAC;AAED,MAAM,oBAAoB,GAAG,oDAAoD,CAAC;AAElF,SAAS,aAAa,CAAC,QAAmB,EAAE,SAAoB;IAC5D,MAAM,YAAY,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,CAAC,GAAW,EAAE,EAAE;QACjD,IAAI,CAAC,GAAG;YAAE,OAAO;QAEjB,QAAQ,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IACjD,CAAC,CAAC;IAEF,QAAQ,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;QACrC,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACpB,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,YAAY,CAAC,SAAS,CAAC,CAAC,CAAA;QACtE,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE;QACjC,IAAI,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC;gBACD,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACjC,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,SAAS,CAAC,KAAK,EAAE,CAAC;YACtB,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,SAAS,CAAC,KAAK,EAAE,CAAC;QACtB,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;QACzB,IAAI,MAAM,CAAC,SAAS,CAAC;YAAE,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAA;IAChF,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;QACzB,IAAI,MAAM,CAAC,SAAS,CAAC;YAAE,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAA;IAChF,CAAC,CAAC,CAAC;IAEH,0FAA0F;IAC1F,2FAA2F;IAC3F,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;QACzB,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,SAAgB,CAAC;QAEtC,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,QAAQ,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAEpE,iFAAiF;YACjF,0EAA0E;YAC1E,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;YAClC,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,iDAAiD;YAC5E,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC;YACpC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,EAAE;gBAC3C,GAAG,EAAE,IAAI;gBACT,IAAI,EAAE,KAAK;gBACX,MAAM,EAAE,IAAI;gBACZ,IAAI,EAAE,IAAI;gBACV,QAAQ,EAAE,KAAK;aAClB,CAAC,EAAE,GAAG,EAAE;gBACL,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACnC,CAAC,CAAC,CAAC;QACP,CAAC;aAAM,CAAC;YACJ,8DAA8D;YAC9D,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACnC,CAAC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,MAAkB,EAAE,iBAAuC;IACtF,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,iBAAiB,CAAC;QAEpE,MAAM,CAAC,KAAK,CACR,WAAW,CAAC,UAAU,IAAI,GAAG,EAAE,aAAa,IAAI,eAAe,EAAE,IAAA,iCAAkB,EAAC,UAAU,CAAC,CAAC,CACnG,CAAC;QAEF,MAAM,IAAI,GAAG,MAAM,IAAA,6BAAc,EAAC,iBAAiB,CAAC,CAAC;QACrD,IAAI,MAAM,CAAC,QAAQ;YAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,CAAC;AACrB,CAAC;AAED,MAAM,WAAW,GAAG,CAChB,UAAkB,EAClB,aAAqB,EACrB,UAAsB,EAAE,EAC1B,EAAE,CACA,YAAY,UAAU,IAAI,aAAa,MAAM;IAC7C,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAC5B,GAAG,GAAG,KAAK,KAAK,EAAE,CACrB,CAAC,IAAI,CAAC,MAAM,CAAC;IACd,UAAU,CAAC;AAIf,MAAa,2BAA4B,SAAQ,qEAAqC;IAI1E,kBAAkB;QACtB,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAE1B,IAAI,CAAC,QAAQ,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC;YACjC,QAAQ,EAAE,IAAI;YACd,0CAA0C;YAC1C,eAAe,CAAC,SAAS,EAAE,OAAoC;gBAC3D,OAAO,OAAO,CAAC,yBAAyB;oBACpC,uFAAuF;oBACvF,gFAAgF;uBAC7E,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK;uBAC/B,KAAK,CAAC,CAAC,yEAAyE;YAC3F,CAAC;SACJ,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,EAAwB,EAAE,EAAE;YACxD,aAAa,CAAC,EAAE,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC;YACxC,aAAa,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACP,CAAC;IAGO,KAAK,CAAC,qBAAqB;QAC/B,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QAEvD,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC/B,IAAI,CAAC,sBAAsB,GAAG,IAAA,oCAAa,EAAC,SAAS,EAAE,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACrF,CAAC;QAED,OAAO,IAAI,CAAC,sBAAsB,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAmB,EAAE,MAAkB,EAAE,IAAY;QAC9D,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE1B,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,GAAI,CAAC,CAAC;QAC7D,MAAM,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;QAElC,MAAM,UAAU,GAAG,GAAsC,CAAC;QAC1D,MAAM,cAAc,GAAG,IAAA,uBAAO,EAAC,GAAG,CAAC,CAAC;QACpC,MAAM,cAAc,GAAG,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC;QAE9D,QAAQ,GAAG,MAAM,IAAA,gDAAyB,EACtC,QAAQ,EACR,GAAG,CAAC,eAAe,EACnB,IAAA,2CAAoB,EAAC,IAAI,CAAC,aAAa,CAAC,CAC3C,CAAC;QAEF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAClB,MAAM,EAAE,UAAU,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAC,UAAU,CAAC;YAEzD,IAAI,KAAa,CAAC;YAClB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,gEAAgE;gBAChE,CAAC,QAAQ,EAAE,IAAI,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACJ,8EAA8E;gBAC9E,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;YAC3D,CAAC;YAED,gDAAgD;YAChD,KAAK,GAAG,GAAG,QAAS,KAAK,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC;YAEpE,yCAAyC;YACzC,IAAI,UAAU,GAAG,IAAA,4BAAa,EAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YAC3D,IAAI,CAAC,UAAU,EAAE,CAAC;gBACd,gDAAgD;gBAChD,UAAU,GAAG,CAAC,cAAc,EAAE,QAAS,CAAC,CAAC;gBACzC,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACnC,CAAC;YAAA,CAAC;YAEF,IAAI,gBAAgB,KAAK,SAAS,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;gBAC9D,2EAA2E;gBAC3E,UAAU,CAAC,CAAC,CAAC,GAAG,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACxD,CAAC;iBAAM,IAAI,gBAAgB,EAAE,CAAC;gBAC1B,uDAAuD;gBACvD,UAAU,CAAC,CAAC,CAAC,GAAG,gBAAgB,CAAC;YACrC,CAAC,CAAC,0CAA0C;YAE5C,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC5E,CAAC;aAAM,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,iEAAiE;YACrF,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;YAC/C,CAAE,QAAQ,EAAE,IAAI,CAAE,GAAG,UAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAE5C,oFAAoF;YACpF,gFAAgF;YAChF,IAAI,MAAM,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;gBAC1C,QAAQ,GAAG,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YACxD,CAAC;iBAAM,CAAC;gBACJ,QAAQ,GAAG,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAC9D,CAAC;YAED,MAAM,KAAK,GAAG,GAAG,QAAQ,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC;YAC1E,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC5E,CAAC;aAAM,CAAC;YACJ,kDAAkD;YAClD,MAAM,KAAK,GAAG,GACV,QAAS,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAClC,KAAK,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC;YAEhD,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC5E,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,eAAe,CACzB,KAAa,EACb,GAAyB,EACzB,UAAsB,EACtB,cAA0B,EAC1B,IAAY;QAEZ,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEnC,MAAM,aAAa,GAAG,IAAA,sBAAgB,EAAC,SAAS,CAAC,CAAC;QAElD,MAAM,iBAAiB,GAAG,IAAA,2CAAoB,EAC1C,SAAS,CAAC,QAAS,EACnB,aAAa,EACb,IAAI,CAAC,qBAAqB,CAC7B,CAAC;QAEF,uEAAuE;QACvE,MAAM,YAAY,GAAG,GAAG,SAAS,CAAC,QAAQ,IAAI,aAAa,EAAE,CAAC;QAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,wBAAwB,CAAC,YAAY,CAAC;YAC1D,IAAI,CAAC,wBAAwB,CAAC,SAAS,CAAC,QAAS,CAAC;YAClD,EAAE,CAAC;QAEP,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,YAAY;YACzB,CAAC,CAAC,EAAE,EAAE,EAAE,YAAY,EAAE;YACtB,CAAC,CAAC,EAAE,CAAC;QAET,MAAM,kBAAkB,GAAG,IAAA,yCAAuB,EAAC,IAAI,CAAC,WAAW,CAAuB,CAAC;QAE3F,MAAM,KAAK,GAAG,MAAM,IAAA,sBAAQ,EAAC;YACzB,QAAQ,EAAE,SAAS,CAAC,QAA0B;YAC9C,QAAQ,EAAE,SAAS,CAAC,QAAS;YAC7B,IAAI,EAAE,aAAa;YACnB,kBAAkB;YAClB,QAAQ,EAAE,KAAK,EAAE,0CAA0C;YAC3D,SAAS,EAAE,KAAK,CAAC,kEAAkE;SACtF,CAAC,CAAC;QAEH,wFAAwF;QACxF,4BAA4B;QAC5B,MAAM,OAAO,GAAG,IAAA,+CAAgC,EAAC,UAAU,CAAC,CAAC;QAE7D,sFAAsF;QACtF,yFAAyF;QACzF,MAAM,oBAAoB,GAAG,IAAA,6BAAc,EAAC,UAAU,EAAE,wBAAwB,CAAC;aAC5E,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAEnE,yEAAyE;QACzE,MAAM,oBAAoB,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEnE,kGAAkG;QAClG,mGAAmG;QACnG,+FAA+F;QAC/F,IAAI,oBAAoB,CAAC,MAAM,KAAK,oBAAoB,CAAC,MAAM,EAAE,CAAC;YAC9D,IAAI,oBAAoB,CAAC,MAAM,EAAE,CAAC;gBAC7B,0EAA0E;gBAC3E,GAAG,CAAC,OAAO,CAAC,wBAAwB,CAAC,GAAG,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAC1E,CAAC;iBAAM,CAAC;gBACJ,OAAO,GAAG,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;YACjD,CAAC;QACL,CAAC;QAED,MAAM,iBAAiB,GAAG,IAAI,SAAS,CAAC,KAAK,EAAE,oBAAoB,EAAE;YACjE,UAAU,EAAE,CAAC;YACb,KAAK;YACL,MAAM,EAAE,IAAA,2CAAoB,EAAC,IAAI,CAAC,aAAa,CAAC;YAChD,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,UAAU,EAAE,EAAE,CAC1C,UAAU,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC;gBACpD,UAAU,CAAC,WAAW,EAAE,KAAK,YAAY;gBACzC,UAAU,CAAC,WAAW,EAAE,KAAK,SAAS,CACZ,EAAE,8EAA8E;YAE9G,eAAe;YACf,GAAG,IAAA,4CAAqB,EAAC,iBAAiB,CAAC;YAC3C,GAAG,UAAU;YACb,GAAG,QAAQ;SACmD,CAAC,CAAC;QAEpE,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE;YAChC,gEAAgE;YAC/D,GAAmC,CAAC,yBAAyB,GAAG,iBAAiB,CAAC,QAAQ,IAAI,KAAK,CAAC;YAErG,IAAI,CAAC,QAAS,CAAC,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE;gBACnC,EAAG,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;gBAClE,cAAc,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;gBACtC,IAAI,CAAC,QAAS,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,CAAC,sCAAsC;YACjF,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;QAEH,0CAA0C;QAC1C,IAAI,kBAAkB,GAAG,KAAK,CAAC;QAC/B,iBAAiB,CAAC,EAAE,CAAC,qBAAqB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACrD,OAAO,CAAC,GAAG,CAAC,sCAAsC,KAAK,KAAK,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;YAE9E,qCAAqC;YACrC,eAAe,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;YAErC,6GAA6G;YAC7G,4GAA4G;YAC5G,4EAA4E;YAC5E,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACtC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,CAAC;YACD,kBAAkB,GAAG,IAAI,CAAC,CAAC,8CAA8C;YACzE,iBAAiB,CAAC,SAAS,EAAE,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,wDAAwD;QACxD,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;YAChC,IAAI,kBAAkB;gBAAE,OAAO,CAAC,2BAA2B;YAE3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,cAAc,CAAC,GAAG,EAAE,CAAC;QACzB,CAAC,CAAC,CAAC;QAEH,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,iBAAiB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,iBAAiB;IACtF,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,WAAW,CACd,IAAwC,EACxC,OAA4B,EAC5B,UAA0B;QAE1B,mEAAmE;QACnE,OAAO,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE;YAC5B,GAAG,IAAI;YACP,WAAW,EAAE,IAAA,sCAAsB,EAAC,IAAI,CAAC,WAAW,EAAE,OAAO,EAAE,UAAU,CAAC;YAC1E,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAI,EAAE;YACnD,qBAAqB,EAAE,IAAI,CAAC,2BAA2B;YACvD,wBAAwB,EAAE,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,wBAAwB,EAC/D,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,IAAA,iCAAiB,EAAC,GAAG,CAAC,EAAE,UAAU,EAAE,CAAC,CACzE;SACJ,CAAC,CAAC;IACP,CAAC;CACJ;AAtPD,kEAsPC;AAED,MAAa,oBAAqB,SAAQ,8DAA8B;IAI5D,kBAAkB;QACtB,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAE1B,IAAI,CAAC,QAAQ,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,EAAa,EAAE,EAAE;YAC7C,aAAa,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAA0C,EAAE,MAAkB,EAAE,IAAY;QACrF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE1B,IAAI,CAAC,QAAS,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE;YACnD,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,QAAS,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;IACP,CAAC;CACJ;AArBD,oDAqBC;AAED,MAAa,sBAAuB,SAAQ,gEAAgC;IAIhE,kBAAkB;QACtB,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAE1B,IAAI,CAAC,QAAQ,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,EAAa,EAAE,EAAE;YAC7C,gDAAgD;YAChD,EAAE,CAAC,MAAM,EAAE,CAAC;QAChB,CAAC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAA0C,EAAE,MAAkB,EAAE,IAAY;QACrF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE1B,IAAI,CAAC,QAAS,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE;YACnD,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,QAAS,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;IACP,CAAC;CACJ;AAtBD,wDAsBC;AAED,MAAa,sBAAuB,SAAQ,gEAAgC;IAExE,KAAK,CAAC,MAAM,CAAC,GAAmB,EAAE,MAAkB,EAAE,IAAY;QAC9D,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,aAAa,EAAE,IAAA,iCAAkB,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACjG,IAAI,IAAI,CAAC,IAAI;YAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrB,MAAM,CAAC,OAAO,EAAE,CAAC;IACrB,CAAC;CAEJ;AATD,wDASC;AAUY,QAAA,eAAe,GAAqC;IAC7D,gBAAgB,EAAE,2BAA2B;IAC7C,SAAS,EAAE,oBAAoB;IAC/B,WAAW,EAAE,sBAAsB;IACnC,WAAW,EAAE,sBAAsB;IACnC,kBAAkB,EAAE,yCAAsB;IAC1C,kBAAkB,EAAE,yCAAsB;IAC1C,SAAS,EAAE,iCAAc;CAC5B,CAAC"}