npm - nextjs-secure - Versions diffs - 0.2.0 → 0.5.0 - Mend

nextjs-secure 0.2.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/README.md +414 -8
package/dist/auth.cjs +500 -6
package/dist/auth.cjs.map +1 -1
package/dist/auth.d.cts +180 -19
package/dist/auth.d.ts +180 -19
package/dist/auth.js +493 -6
package/dist/auth.js.map +1 -1
package/dist/headers.cjs +277 -7
package/dist/headers.cjs.map +1 -1
package/dist/headers.d.cts +162 -25
package/dist/headers.d.ts +162 -25
package/dist/headers.js +267 -6
package/dist/headers.js.map +1 -1
package/dist/index.cjs +2685 -1
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +4 -1
package/dist/index.d.ts +4 -1
package/dist/index.js +2634 -2
package/dist/index.js.map +1 -1
package/dist/path-BVbunPfR.d.cts +534 -0
package/dist/path-BVbunPfR.d.ts +534 -0
package/dist/validation.cjs +2031 -0
package/dist/validation.cjs.map +1 -0
package/dist/validation.d.cts +42 -0
package/dist/validation.d.ts +42 -0
package/dist/validation.js +1964 -0
package/dist/validation.js.map +1 -0
package/package.json +14 -1

package/dist/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/core/errors.ts","../src/utils/time.ts","../src/utils/ip.ts","../src/middleware/rate-limit/stores/memory.ts","../src/middleware/rate-limit/algorithms/sliding-window.ts","../src/middleware/rate-limit/algorithms/fixed-window.ts","../src/middleware/rate-limit/algorithms/token-bucket.ts","../src/middleware/rate-limit/middleware.ts","../src/middleware/csrf/token.ts","../src/middleware/csrf/middleware.ts","../src/index.ts"],"names":["response","info","webcrypto","DEFAULT_CONFIG"],"mappings":";;;;;AAOO,IAAM,WAAA,GAAN,cAA0B,KAAA,CAAM;AAAA;AAAA;AAAA;AAAA,EAIrB,UAAA;AAAA;AAAA;AAAA;AAAA,EAKA,IAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA;AAAA,EAEhB,WAAA,CACE,OAAA,EACA,OAAA,GAKI,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,EAAE,KAAA,EAAO,OAAA,CAAQ,OAAO,CAAA;AACvC,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,QAAQ,UAAA,IAAc,GAAA;AACxC,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,cAAA;AAC5B,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,OAAA;AAGvB,IAAA,IAAI,MAAM,iBAAA,EAAmB;AAC3B,MAAA,KAAA,CAAM,iBAAA,CAAkB,IAAA,EAAM,IAAA,CAAK,WAAW,CAAA;AAAA,IAChD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,OAAO,IAAA,CAAK,IAAA;AAAA,MACZ,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,GAAI,IAAA,CAAK,OAAA,IAAW,EAAE,OAAA,EAAS,KAAK,OAAA;AAAQ,KAC9C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW,OAAA,EAAiC;AAC1C,IAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,UAAU,IAAA,CAAK,MAAA,EAAQ,CAAA,EAAG;AAAA,MACjD,QAAQ,IAAA,CAAK,UAAA;AAAA,MACb,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB,kBAAA;AAAA,QAChB,GAAG;AAAA;AACL,KACD,CAAA;AAAA,EACH;AACF;AAKO,IAAM,cAAA,GAAN,cAA6B,WAAA,CAAY;AAAA;AAAA;AAAA;AAAA,EAI9B,UAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA;AAAA,EAEhB,YACE,OAAA,EAMA;AACA,IAAA,KAAA,CAAM,OAAA,CAAQ,WAAW,mBAAA,EAAqB;AAAA,MAC5C,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,qBAAA;AAAA,MACN,SAAS,OAAA,CAAQ;AAAA,KAClB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,gBAAA;AACZ,IAAA,IAAA,CAAK,aAAa,OAAA,CAAQ,UAAA;AAC1B,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,OAAA;AAAA,EACzB;AAAA,EAES,MAAA,GAAkC;AACzC,IAAA,OAAO;AAAA,MACL,GAAG,MAAM,MAAA,EAAO;AAAA,MAChB,YAAY,IAAA,CAAK;AAAA,KACnB;AAAA,EACF;AAAA,EAES,WAAW,OAAA,EAAiC;AACnD,IAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,UAAU,IAAA,CAAK,MAAA,EAAQ,CAAA,EAAG;AAAA,MACjD,QAAQ,IAAA,CAAK,UAAA;AAAA,MACb,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB,kBAAA;AAAA,QAChB,aAAA,EAAe,MAAA,CAAO,IAAA,CAAK,UAAU,CAAA;AAAA,QACrC,GAAG;AAAA;AACL,KACD,CAAA;AAAA,EACH;AACF;AAKO,IAAM,mBAAA,GAAN,cAAkC,WAAA,CAAY;AAAA,EACnD,WAAA,CACE,OAAA,GAAU,yBAAA,EACV,OAAA,GAII,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,QAAQ,IAAA,IAAQ,yBAAA;AAAA,MACtB,SAAS,OAAA,CAAQ,OAAA;AAAA,MACjB,OAAO,OAAA,CAAQ;AAAA,KAChB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,qBAAA;AAAA,EACd;AACF;AAKO,IAAM,kBAAA,GAAN,cAAiC,WAAA,CAAY;AAAA,EAClD,WAAA,CACE,OAAA,GAAU,eAAA,EACV,OAAA,GAII,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,QAAQ,IAAA,IAAQ,eAAA;AAAA,MACtB,SAAS,OAAA,CAAQ,OAAA;AAAA,MACjB,OAAO,OAAA,CAAQ;AAAA,KAChB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AAAA,EACd;AACF;AAKO,IAAM,eAAA,GAAN,cAA8B,WAAA,CAAY;AAAA;AAAA;AAAA;AAAA,EAI/B,MAAA;AAAA,EAMhB,WAAA,CACE,MAAA,EACA,OAAA,GAAU,mBAAA,EACV;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,kBAAA;AAAA,MACN,OAAA,EAAS,EAAE,MAAA;AAAO,KACnB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AAAA,EAES,MAAA,GAAkC;AACzC,IAAA,OAAO;AAAA,MACL,GAAG,MAAM,MAAA,EAAO;AAAA,MAChB,QAAQ,IAAA,CAAK;AAAA,KACf;AAAA,EACF;AACF;AAKO,IAAM,SAAA,GAAN,cAAwB,WAAA,CAAY;AAAA,EACzC,WAAA,CACE,OAAA,GAAU,+BAAA,EACV,OAAA,GAEI,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,oBAAA;AAAA,MACN,SAAS,OAAA,CAAQ;AAAA,KAClB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AAAA,EACd;AACF;AAKO,IAAM,kBAAA,GAAN,cAAiC,WAAA,CAAY;AAAA,EAClD,WAAA,CACE,OAAA,EACA,OAAA,GAGI,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,qBAAA;AAAA,MACN,SAAS,OAAA,CAAQ,OAAA;AAAA,MACjB,OAAO,OAAA,CAAQ;AAAA,KAChB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AAAA,EACd;AACF;AAKO,SAAS,cAAc,KAAA,EAAsC;AAClE,EAAA,OAAO,KAAA,YAAiB,WAAA;AAC1B;AAKO,SAAS,cAAc,KAAA,EAA6B;AACzD,EAAA,IAAI,iBAAiB,WAAA,EAAa;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAI,WAAA,CAAY,KAAA,CAAM,OAAA,EAAS;AAAA,MACpC,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,IAAI,WAAA,CAAY,MAAA,CAAO,KAAK,CAAC,CAAA;AACtC;;;AC5PA,IAAM,UAAA,GAAqC;AAAA,EACzC,EAAA,EAAI,CAAA;AAAA,EACJ,CAAA,EAAG,GAAA;AAAA,EACH,GAAG,EAAA,GAAK,GAAA;AAAA,EACR,CAAA,EAAG,KAAK,EAAA,GAAK,GAAA;AAAA,EACb,CAAA,EAAG,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AACpB,CAAA;AAKA,IAAM,iBAAA,GAA4C;AAAA,EAChD,WAAA,EAAa,IAAA;AAAA,EACb,YAAA,EAAc,IAAA;AAAA,EACd,MAAA,EAAQ,GAAA;AAAA,EACR,OAAA,EAAS,GAAA;AAAA,EACT,GAAA,EAAK,GAAA;AAAA,EACL,IAAA,EAAM,GAAA;AAAA,EACN,MAAA,EAAQ,GAAA;AAAA,EACR,OAAA,EAAS,GAAA;AAAA,EACT,GAAA,EAAK,GAAA;AAAA,EACL,IAAA,EAAM,GAAA;AAAA,EACN,IAAA,EAAM,GAAA;AAAA,EACN,KAAA,EAAO,GAAA;AAAA,EACP,EAAA,EAAI,GAAA;AAAA,EACJ,GAAA,EAAK,GAAA;AAAA,EACL,GAAA,EAAK,GAAA;AAAA,EACL,IAAA,EAAM;AACR,CAAA;AAoBO,SAAS,cAAc,QAAA,EAAqC;AAEjE,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,IAAI,WAAW,CAAA,EAAG;AAChB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,kBAAA,EAAqB,QAAQ,CAAA,gCAAA,CAAkC,CAAA;AAAA,IACjF;AACA,IAAA,OAAO,QAAA;AAAA,EACT;AAGA,EAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,IAAA,EAAK,CAAE,WAAA,EAAY;AAE1C,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,EAClD;AAGA,EAAA,MAAM,YAAA,GAAe,OAAO,KAAK,CAAA;AACjC,EAAA,IAAI,CAAC,KAAA,CAAM,YAAY,CAAA,EAAG;AACxB,IAAA,IAAI,eAAe,CAAA,EAAG;AACpB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,kBAAA,EAAqB,QAAQ,CAAA,gCAAA,CAAkC,CAAA;AAAA,IACjF;AACA,IAAA,OAAO,YAAA;AAAA,EACT;AAGA,EAAA,IAAI,OAAA,GAAU,CAAA;AACd,EAAA,MAAM,KAAA,GAAQ,6BAAA;AACd,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI,QAAA,GAAW,KAAA;AAEf,EAAA,OAAA,CAAQ,KAAA,GAAQ,KAAA,CAAM,IAAA,CAAK,KAAK,OAAO,IAAA,EAAM;AAC3C,IAAA,QAAA,GAAW,IAAA;AACX,IAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,CAAC,CAAC,CAAA;AACjC,IAAA,IAAI,IAAA,GAAO,MAAM,CAAC,CAAA;AAGlB,IAAA,IAAI,QAAQ,iBAAA,EAAmB;AAC7B,MAAA,IAAA,GAAO,kBAAkB,IAAI,CAAA;AAAA,IAC/B;AAGA,IAAA,MAAM,UAAA,GAAa,WAAW,IAAI,CAAA;AAClC,IAAA,IAAI,eAAe,MAAA,EAAW;AAC5B,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,wBAAA,EAA2B,IAAI,CAAA,MAAA,EAAS,QAAQ,CAAA,6DAAA;AAAA,OAElD;AAAA,IACF;AAEA,IAAA,OAAA,IAAW,KAAA,GAAQ,UAAA;AAAA,EACrB;AAEA,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,6BAA6B,QAAQ,CAAA,6DAAA;AAAA,KAEvC;AAAA,EACF;AAEA,EAAA,OAAO,IAAA,CAAK,MAAM,OAAO,CAAA;AAC3B;AAkBO,SAAS,cAAA,CACd,EAAA,EACA,OAAA,GAaI,EAAC,EACG;AACR,EAAA,MAAM,EAAE,IAAA,GAAO,KAAA,EAAO,WAAW,CAAA,EAAG,SAAA,GAAY,KAAI,GAAI,OAAA;AAExD,EAAA,IAAI,KAAK,CAAA,EAAG;AACV,IAAA,OAAO,CAAA,CAAA,EAAI,cAAA,CAAe,CAAC,EAAA,EAAI,OAAO,CAAC,CAAA,CAAA;AAAA,EACzC;AAEA,EAAA,IAAI,OAAO,CAAA,EAAG;AACZ,IAAA,OAAO,OAAO,WAAA,GAAc,IAAA;AAAA,EAC9B;AAEA,EAAA,MAAM,KAAA,GAAmF;AAAA,IACvF,EAAE,OAAO,KAAA,EAAU,KAAA,EAAO,KAAK,IAAA,EAAM,KAAA,EAAO,YAAY,MAAA,EAAO;AAAA,IAC/D,EAAE,OAAO,IAAA,EAAS,KAAA,EAAO,KAAK,IAAA,EAAM,MAAA,EAAQ,YAAY,OAAA,EAAQ;AAAA,IAChE,EAAE,OAAO,GAAA,EAAO,KAAA,EAAO,KAAK,IAAA,EAAM,QAAA,EAAU,YAAY,SAAA,EAAU;AAAA,IAClE,EAAE,OAAO,GAAA,EAAM,KAAA,EAAO,KAAK,IAAA,EAAM,QAAA,EAAU,YAAY,SAAA,EAAU;AAAA,IACjE,EAAE,OAAO,CAAA,EAAG,KAAA,EAAO,MAAM,IAAA,EAAM,aAAA,EAAe,YAAY,cAAA;AAAe,GAC3E;AAEA,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,IAAI,SAAA,GAAY,EAAA;AAEhB,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,IAAI,KAAA,CAAM,UAAU,QAAA,EAAU;AAC9B,IAAA,IAAI,SAAA,IAAa,KAAK,KAAA,EAAO;AAC3B,MAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,SAAA,GAAY,KAAK,KAAK,CAAA;AAC/C,MAAA,SAAA,GAAY,YAAY,IAAA,CAAK,KAAA;AAE7B,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,KAAA,CAAM,IAAA,CAAK,CAAA,EAAG,KAAK,CAAA,CAAA,EAAI,KAAA,KAAU,IAAI,IAAA,CAAK,IAAA,GAAO,IAAA,CAAK,UAAU,CAAA,CAAE,CAAA;AAAA,MACpE,CAAA,MAAO;AACL,QAAA,KAAA,CAAM,KAAK,CAAA,EAAG,KAAK,CAAA,EAAG,IAAA,CAAK,KAAK,CAAA,CAAE,CAAA;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,SAAS,CAAA;AAC7B;AAKO,SAAS,YAAA,GAAuB;AACrC,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACrC;AAKO,SAAS,OAAA,GAAkB;AAChC,EAAA,OAAO,KAAK,GAAA,EAAI;AAClB;AA+BO,SAAS,MAAM,QAAA,EAA4C;AAChE,EAAA,MAAM,EAAA,GAAK,cAAc,QAAQ,CAAA;AACjC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AACzD;AAiCO,SAAS,YAAY,EAAA,EAAoB;AAC9C,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,EAAA,GAAK,GAAI,CAAA;AAC7B;;;ACvQA,IAAM,UAAA,GAAa;AAAA;AAAA,EAEjB,kBAAA;AAAA;AAAA,EAEA,WAAA;AAAA;AAAA,EAEA,iBAAA;AAAA;AAAA,EAEA,aAAA;AAAA;AAAA,EAEA,WAAA;AAAA;AAAA,EAEA,kBAAA;AAAA;AAAA,EAEA,gBAAA;AAAA;AAAA,EAEA,qBAAA;AAAA;AAAA,EAEA;AACF,CAAA;AAKA,IAAM,mBAAA,GAAsB;AAAA,EAC1B,QAAA;AAAA;AAAA,EACA,OAAA;AAAA;AAAA,EACA,+BAAA;AAAA;AAAA,EACA,aAAA;AAAA;AAAA,EACA,OAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA,EACA;AAAA;AACF,CAAA;AAKA,IAAM,UAAA,GAAa,6FAAA;AAKnB,IAAM,UAAA,GAAa,uHAAA;AA2CZ,SAAS,WAAA,CAAY,OAAA,EAAsB,OAAA,GAAwB,EAAC,EAAW;AACpF,EAAA,MAAM,EAAE,aAAa,IAAA,EAAM,aAAA,GAAgB,EAAC,EAAG,QAAA,GAAW,aAAY,GAAI,OAAA;AAG1E,EAAA,IAAI,QAAQ,EAAA,EAAI;AACd,IAAA,OAAO,WAAA,CAAY,QAAQ,EAAE,CAAA;AAAA,EAC/B;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAO,QAAA;AAAA,EACT;AAGA,EAAA,KAAA,MAAW,UAAU,aAAA,EAAe;AAClC,IAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,EAAA,GAAK,kBAAkB,KAAK,CAAA;AAClC,MAAA,IAAI,IAAI,OAAO,EAAA;AAAA,IACjB;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,UAAU,UAAA,EAAY;AAC/B,IAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,EAAA,GAAK,kBAAkB,KAAK,CAAA;AAClC,MAAA,IAAI,IAAI,OAAO,EAAA;AAAA,IACjB;AAAA,EACF;AAEA,EAAA,OAAO,QAAA;AACT;AAMA,SAAS,kBAAkB,WAAA,EAAoC;AAG7D,EAAA,MAAM,GAAA,GAAM,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA,CAAE,IAAI,CAAC,EAAA,KAAO,EAAA,CAAG,IAAA,EAAM,CAAA;AAExD,EAAA,KAAA,MAAW,MAAM,GAAA,EAAK;AACpB,IAAA,MAAM,UAAA,GAAa,YAAY,EAAE,CAAA;AACjC,IAAA,IAAI,SAAA,CAAU,UAAU,CAAA,EAAG;AACzB,MAAA,OAAO,UAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAQO,SAAS,YAAY,EAAA,EAAoB;AAC9C,EAAA,IAAI,UAAA,GAAa,GAAG,IAAA,EAAK;AAGzB,EAAA,IAAI,WAAW,UAAA,CAAW,GAAG,KAAK,UAAA,CAAW,QAAA,CAAS,GAAG,CAAA,EAAG;AAC1D,IAAA,UAAA,GAAa,WAAW,KAAA,CAAM,CAAA,EAAG,UAAA,CAAW,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,EAC1D;AAIA,EAAA,IAAI,UAAA,CAAW,SAAS,GAAG,CAAA,IAAK,CAAC,UAAA,CAAW,QAAA,CAAS,IAAI,CAAA,EAAG;AAC1D,IAAA,MAAM,SAAA,GAAY,UAAA,CAAW,WAAA,CAAY,GAAG,CAAA;AAC5C,IAAA,MAAM,aAAA,GAAgB,UAAA,CAAW,KAAA,CAAM,SAAA,GAAY,CAAC,CAAA;AACpD,IAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,aAAa,CAAA,EAAG;AAC/B,MAAA,UAAA,GAAa,UAAA,CAAW,KAAA,CAAM,CAAA,EAAG,SAAS,CAAA;AAAA,IAC5C;AAAA,EACF;AAGA,EAAA,IAAI,UAAA,CAAW,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,EAAG;AAClD,IAAA,MAAM,QAAA,GAAW,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA;AACnC,IAAA,IAAI,WAAA,CAAY,QAAQ,CAAA,EAAG;AACzB,MAAA,OAAO,QAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,UAAA;AACT;AAKO,SAAS,UAAU,EAAA,EAAqB;AAC7C,EAAA,OAAO,WAAA,CAAY,EAAE,CAAA,IAAK,WAAA,CAAY,EAAE,CAAA;AAC1C;AAKO,SAAS,YAAY,EAAA,EAAqB;AAC/C,EAAA,OAAO,UAAA,CAAW,KAAK,EAAE,CAAA;AAC3B;AAKO,SAAS,YAAY,EAAA,EAAqB;AAC/C,EAAA,OAAO,WAAW,IAAA,CAAK,EAAE,CAAA,IAAK,EAAA,KAAO,SAAS,EAAA,KAAO,IAAA;AACvD;AAKO,SAAS,YAAY,EAAA,EAAqB;AAC/C,EAAA,OAAO,oBAAoB,IAAA,CAAK,CAAC,YAAY,OAAA,CAAQ,IAAA,CAAK,EAAE,CAAC,CAAA;AAC/D;AAKO,SAAS,YAAY,EAAA,EAAqB;AAC/C,EAAA,OAAO,EAAA,KAAO,WAAA,IAAe,EAAA,KAAO,KAAA,IAAS,EAAA,KAAO,WAAA;AACtD;AA2CO,SAAS,YAAY,EAAA,EAAoB;AAC9C,EAAA,MAAM,UAAA,GAAa,YAAY,EAAE,CAAA;AAEjC,EAAA,IAAI,WAAA,CAAY,UAAU,CAAA,EAAG;AAC3B,IAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,KAAA;AACX,IAAA,OAAO,KAAA,CAAM,KAAK,GAAG,CAAA;AAAA,EACvB;AAEA,EAAA,IAAI,WAAA,CAAY,UAAU,CAAA,EAAG;AAC3B,IAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,IAAA,IAAI,KAAA,CAAM,SAAS,CAAA,EAAG;AACpB,MAAA,KAAA,CAAM,KAAA,CAAM,MAAA,GAAS,CAAC,CAAA,GAAI,MAAA;AAAA,IAC5B;AACA,IAAA,OAAO,KAAA,CAAM,KAAK,GAAG,CAAA;AAAA,EACvB;AAEA,EAAA,OAAO,iBAAA;AACT;AAMO,SAAS,WAAW,OAAA,EAMzB;AAEA,EAAA,IAAI,QAAQ,GAAA,EAAK;AACf,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,QAAQ,GAAA,CAAI,OAAA;AAAA,MACrB,IAAA,EAAM,QAAQ,GAAA,CAAI,IAAA;AAAA,MAClB,MAAA,EAAQ,QAAQ,GAAA,CAAI,MAAA;AAAA,MACpB,QAAA,EAAU,QAAQ,GAAA,CAAI,QAAA;AAAA,MACtB,SAAA,EAAW,QAAQ,GAAA,CAAI;AAAA,KACzB;AAAA,EACF;AAGA,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,MAAA;AAAA,IAChD,IAAA,EAAM,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAAK,MAAA;AAAA,IAC1C,MAAA,EAAQ,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAAK,MAAA;AAAA,IAC5C,QAAA,EAAU,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,IAAK,MAAA;AAAA,IAC7C,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAAK;AAAA,GACjD;AACF;;;ACxQO,IAAM,cAAN,MAA4C;AAAA,EACjC,IAAA,GAAO,QAAA;AAAA,EAEf,KAAA;AAAA,EACA,YAAA,GAAsD,IAAA;AAAA,EAC7C,OAAA;AAAA,EACA,eAAA;AAAA,EAEjB,WAAA,CAAY,OAAA,GAA8B,EAAC,EAAG;AAC5C,IAAA,MAAM,EAAE,eAAA,GAAkB,GAAA,EAAO,OAAA,GAAU,KAAM,GAAI,OAAA;AAErD,IAAA,IAAA,CAAK,KAAA,uBAAY,GAAA,EAAI;AACrB,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AACf,IAAA,IAAA,CAAK,eAAA,GAAkB,eAAA;AAGvB,IAAA,IAAI,OAAO,WAAA,KAAgB,WAAA,IAAe,eAAA,GAAkB,CAAA,EAAG;AAC7D,MAAA,IAAA,CAAK,iBAAA,EAAkB;AAAA,IACzB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,SAAA,CACJ,GAAA,EACA,QAAA,EAC2C;AAC3C,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,YAAA,GAAe,WAAA,CAAY,GAAA,GAAM,QAAQ,CAAA;AAE/C,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAEnC,IAAA,IAAI,QAAA,EAAU;AAEZ,MAAA,QAAA,CAAS,KAAA,EAAA;AAET,MAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AACrB,MAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,QAAQ,CAAA;AAC5B,MAAA,OAAO,EAAE,KAAA,EAAO,QAAA,CAAS,KAAA,EAAO,KAAA,EAAO,SAAS,KAAA,EAAM;AAAA,IACxD;AAGA,IAAA,MAAM,KAAA,GAAqB;AAAA,MACzB,KAAA,EAAO,CAAA;AAAA,MACP,KAAA,EAAO,YAAA;AAAA,MACP,SAAA,EAAW;AAAA,KACb;AAGA,IAAA,IAAI,IAAA,CAAK,KAAA,CAAM,IAAA,IAAQ,IAAA,CAAK,OAAA,EAAS;AACnC,MAAA,IAAA,CAAK,WAAA,EAAY;AAAA,IACnB;AAEA,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AACzB,IAAA,OAAO,EAAE,KAAA,EAAO,CAAA,EAAG,KAAA,EAAO,YAAA,EAAa;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,IAAI,GAAA,EAA+D;AACvE,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAEhC,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,IAAI,KAAA,CAAM,SAAS,GAAA,EAAK;AACtB,MAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA,EAAO,KAAA,EAAO,MAAM,KAAA,EAAM;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAM,GAAA,EAA4B;AACtC,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAA,GAA8B;AAClC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,GAAyB;AAC7B,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,MAAM,eAAyB,EAAC;AAEhC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,KAAK,KAAA,EAAO;AACrC,MAAA,IAAI,KAAA,CAAM,SAAS,GAAA,EAAK;AACtB,QAAA,YAAA,CAAa,KAAK,GAAG,CAAA;AAAA,MACvB;AAAA,IACF;AAEA,IAAA,KAAA,MAAW,OAAO,YAAA,EAAc;AAC9B,MAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAA,GAAuB;AAC3B,IAAA,IAAA,CAAK,gBAAA,EAAiB;AACtB,IAAA,IAAA,CAAK,MAAM,KAAA,EAAM;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,IAAA,GAAe;AACjB,IAAA,OAAO,KAAK,KAAA,CAAM,IAAA;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,MAAM,KAAA,EAAM;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKQ,iBAAA,GAA0B;AAChC,IAAA,IAAI,KAAK,YAAA,EAAc;AAEvB,IAAA,IAAA,CAAK,YAAA,GAAe,YAAY,MAAM;AACpC,MAAA,KAAK,KAAK,OAAA,EAAQ;AAAA,IACpB,CAAA,EAAG,KAAK,eAAe,CAAA;AAGvB,IAAA,IAAI,OAAO,IAAA,CAAK,YAAA,KAAiB,QAAA,IAAY,OAAA,IAAW,KAAK,YAAA,EAAc;AACzE,MAAC,IAAA,CAAK,aAAgC,KAAA,EAAM;AAAA,IAC9C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAA,GAAyB;AAC/B,IAAA,IAAI,KAAK,YAAA,EAAc;AACrB,MAAA,aAAA,CAAc,KAAK,YAAY,CAAA;AAC/B,MAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,WAAA,GAAoB;AAE1B,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,IAAA,CAAK,IAAA,CAAK,UAAU,GAAG,CAAA;AAEjD,IAAA,IAAI,OAAA,GAAU,CAAA;AACd,IAAA,KAAA,MAAW,GAAA,IAAO,IAAA,CAAK,KAAA,CAAM,IAAA,EAAK,EAAG;AACnC,MAAA,IAAI,WAAW,YAAA,EAAc;AAC7B,MAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AACrB,MAAA,OAAA,EAAA;AAAA,IACF;AAAA,EACF;AACF;AAKO,SAAS,kBAAkB,OAAA,EAA2C;AAC3E,EAAA,OAAO,IAAI,YAAY,OAAO,CAAA;AAChC;AAMA,IAAI,WAAA,GAAkC,IAAA;AAK/B,SAAS,qBAAqB,OAAA,EAA2C;AAC9E,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,WAAA,GAAc,IAAI,YAAY,OAAO,CAAA;AAAA,EACvC;AACA,EAAA,OAAO,WAAA;AACT;;;AC/MO,IAAM,yBAAN,MAA+D;AAAA,EACpD,IAAA,GAAO,gBAAA;AAAA;AAAA;AAAA;AAAA,EAKvB,MAAM,KAAA,CACJ,KAAA,EACA,GAAA,EACA,OACA,QAAA,EACwB;AACxB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,IAAA,MAAM,WAAA,GAAc,IAAA,CAAK,KAAA,CAAM,GAAA,GAAM,QAAQ,CAAA,GAAI,QAAA;AACjD,IAAA,MAAM,YAAY,WAAA,GAAc,QAAA;AAChC,IAAA,MAAM,sBAAsB,WAAA,GAAc,QAAA;AAG1C,IAAA,MAAM,cAAA,GAAA,CAAkB,MAAM,WAAA,IAAe,QAAA;AAG7C,IAAA,MAAM,UAAA,GAAa,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,WAAW,CAAA,CAAA;AACxC,IAAA,MAAM,WAAA,GAAc,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,mBAAmB,CAAA,CAAA;AAGjD,IAAA,MAAM,CAAC,WAAA,EAAa,YAAY,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MACpD,KAAA,CAAM,IAAI,UAAU,CAAA;AAAA,MACpB,KAAA,CAAM,IAAI,WAAW;AAAA,KACtB,CAAA;AAED,IAAA,MAAM,YAAA,GAAe,aAAa,KAAA,IAAS,CAAA;AAC3C,IAAA,MAAM,aAAA,GAAgB,cAAc,KAAA,IAAS,CAAA;AAI7C,IAAA,MAAM,iBAAiB,CAAA,GAAI,cAAA;AAC3B,IAAA,MAAM,aAAA,GAAgB,YAAA,GAAe,IAAA,CAAK,KAAA,CAAM,gBAAgB,cAAc,CAAA;AAG9E,IAAA,MAAM,KAAA,GAAQ,YAAY,SAAS,CAAA;AAGnC,IAAA,IAAI,iBAAiB,KAAA,EAAO;AAE1B,MAAA,MAAM,aAAa,IAAA,CAAK,mBAAA;AAAA,QACtB,YAAA;AAAA,QACA,aAAA;AAAA,QACA,KAAA;AAAA,QACA,QAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,OAAO;AAAA,QACL,KAAA;AAAA,QACA,SAAA,EAAW,CAAA;AAAA,QACX,KAAA;AAAA,QACA,OAAA,EAAS,IAAA;AAAA,QACT;AAAA,OACF;AAAA,IACF;AAGA,IAAA,MAAM,KAAA,CAAM,SAAA,CAAU,UAAA,EAAY,QAAQ,CAAA;AAG1C,IAAA,MAAM,YAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,KAAA,GAAQ,gBAAgB,CAAC,CAAA;AAEvD,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,SAAA;AAAA,MACA,KAAA;AAAA,MACA,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,mBAAA,CACN,YAAA,EACA,aAAA,EACA,KAAA,EACA,UACA,cAAA,EACQ;AAER,IAAA,IAAI,kBAAkB,CAAA,EAAG;AACvB,MAAA,OAAO,IAAA,CAAK,IAAA,CAAA,CAAM,CAAA,GAAI,cAAA,IAAkB,WAAW,GAAI,CAAA;AAAA,IACzD;AAMA,IAAA,MAAM,gBAAA,GAAmB,CAAA,GAAA,CAAK,KAAA,GAAQ,YAAA,IAAgB,aAAA;AAEtD,IAAA,IAAI,oBAAoB,cAAA,EAAgB;AAEtC,MAAA,OAAO,CAAA;AAAA,IACT;AAEA,IAAA,IAAI,oBAAoB,CAAA,EAAG;AAEzB,MAAA,MAAM,wBAAA,GAAA,CAA4B,IAAI,cAAA,IAAkB,QAAA;AACxD,MAAA,OAAO,IAAA,CAAK,IAAA,CAAK,wBAAA,GAA2B,GAAI,CAAA;AAAA,IAClD;AAGA,IAAA,MAAM,UAAA,GAAA,CAAc,mBAAmB,cAAA,IAAkB,QAAA;AACzD,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,UAAA,GAAa,GAAI,CAAA;AAAA,EACpC;AACF,CAAA;;;AC7GO,IAAM,uBAAN,MAA6D;AAAA,EAClD,IAAA,GAAO,cAAA;AAAA;AAAA;AAAA;AAAA,EAKvB,MAAM,KAAA,CACJ,KAAA,EACA,GAAA,EACA,OACA,QAAA,EACwB;AACxB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,IAAA,MAAM,WAAA,GAAc,IAAA,CAAK,KAAA,CAAM,GAAA,GAAM,QAAQ,CAAA,GAAI,QAAA;AACjD,IAAA,MAAM,YAAY,WAAA,GAAc,QAAA;AAChC,IAAA,MAAM,KAAA,GAAQ,YAAY,SAAS,CAAA;AAGnC,IAAA,MAAM,SAAA,GAAY,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,WAAW,CAAA,CAAA;AAGvC,IAAA,MAAM,IAAA,GAAO,MAAM,KAAA,CAAM,GAAA,CAAI,SAAS,CAAA;AACtC,IAAA,MAAM,YAAA,GAAe,MAAM,KAAA,IAAS,CAAA;AAGpC,IAAA,IAAI,gBAAgB,KAAA,EAAO;AACzB,MAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAA,CAAM,SAAA,GAAY,OAAO,GAAI,CAAA;AAErD,MAAA,OAAO;AAAA,QACL,KAAA;AAAA,QACA,SAAA,EAAW,CAAA;AAAA,QACX,KAAA;AAAA,QACA,OAAA,EAAS,IAAA;AAAA,QACT,UAAA,EAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,UAAU;AAAA,OACpC;AAAA,IACF;AAGA,IAAA,MAAM,EAAE,KAAA,EAAM,GAAI,MAAM,KAAA,CAAM,SAAA,CAAU,WAAW,QAAQ,CAAA;AAG3D,IAAA,IAAI,QAAQ,KAAA,EAAO;AACjB,MAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAA,CAAM,SAAA,GAAY,OAAO,GAAI,CAAA;AAErD,MAAA,OAAO;AAAA,QACL,KAAA;AAAA,QACA,SAAA,EAAW,CAAA;AAAA,QACX,KAAA;AAAA,QACA,OAAA,EAAS,IAAA;AAAA,QACT,UAAA,EAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,UAAU;AAAA,OACpC;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,SAAA,EAAW,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,QAAQ,KAAK,CAAA;AAAA,MACpC,KAAA;AAAA,MACA,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AACF,CAAA;;;AC3DO,IAAM,uBAAN,MAA6D;AAAA,EAClD,IAAA,GAAO,cAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMf,OAAA,uBAA6C,GAAA,EAAI;AAAA;AAAA;AAAA;AAAA,EAKxC,UAAA,GAAa,GAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAU9B,MAAM,KAAA,CACJ,MAAA,EACA,GAAA,EACA,OACA,QAAA,EACwB;AACxB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,IAAA,IAAI,MAAA,GAAS,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAEjC,IAAA,IAAI,CAAC,MAAA,EAAQ;AAEX,MAAA,MAAA,GAAS;AAAA,QACP,MAAA,EAAQ,KAAA;AAAA,QACR,UAAA,EAAY;AAAA,OACd;AAAA,IACF,CAAA,MAAO;AAEL,MAAA,MAAA,GAAS,IAAA,CAAK,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,UAAU,GAAG,CAAA;AAAA,IACzD;AAGA,IAAA,MAAM,YAAA,GAAe,QAAQ,MAAA,CAAO,MAAA;AACpC,IAAA,MAAM,aAAa,KAAA,GAAQ,QAAA;AAC3B,IAAA,MAAM,aAAa,YAAA,GAAe,UAAA;AAClC,IAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,GAAA,GAAM,UAAU,CAAA;AAG1C,IAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AAErB,MAAA,MAAM,cAAA,GAAA,CAAkB,CAAA,GAAI,MAAA,CAAO,MAAA,IAAU,UAAA;AAC7C,MAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAK,cAAA,GAAiB,GAAI,CAAA;AAElD,MAAA,OAAO;AAAA,QACL,KAAA;AAAA,QACA,SAAA,EAAW,CAAA;AAAA,QACX,KAAA;AAAA,QACA,OAAA,EAAS,IAAA;AAAA,QACT,UAAA,EAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,UAAU;AAAA,OACpC;AAAA,IACF;AAGA,IAAA,MAAA,CAAO,MAAA,IAAU,CAAA;AACjB,IAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,MAAM,CAAA;AAG5B,IAAA,IAAI,IAAA,CAAK,OAAA,CAAQ,IAAA,GAAO,IAAA,CAAK,UAAA,EAAY;AACvC,MAAA,IAAA,CAAK,OAAA,EAAQ;AAAA,IACf;AAEA,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,SAAA,EAAW,IAAA,CAAK,KAAA,CAAM,MAAA,CAAO,MAAM,CAAA;AAAA,MACnC,KAAA;AAAA,MACA,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,YAAA,CACN,MAAA,EACA,KAAA,EACA,QAAA,EACA,GAAA,EACkB;AAClB,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,UAAA;AAC7B,IAAA,MAAM,aAAa,KAAA,GAAQ,QAAA;AAC3B,IAAA,MAAM,cAAc,OAAA,GAAU,UAAA;AAE9B,IAAA,OAAO;AAAA,MACL,QAAQ,IAAA,CAAK,GAAA,CAAI,KAAA,EAAO,MAAA,CAAO,SAAS,WAAW,CAAA;AAAA,MACnD,UAAA,EAAY;AAAA,KACd;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,OAAA,GAAgB;AACtB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,cAAA,GAAiB,IAAA;AAEvB,IAAA,MAAM,eAAyB,EAAC;AAEhC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,MAAM,CAAA,IAAK,KAAK,OAAA,EAAS;AACxC,MAAA,IAAI,GAAA,GAAM,MAAA,CAAO,UAAA,GAAa,cAAA,EAAgB;AAC5C,QAAA,YAAA,CAAa,KAAK,GAAG,CAAA;AAAA,MACvB;AAAA,IACF;AAEA,IAAA,KAAA,MAAW,OAAO,YAAA,EAAc;AAC9B,MAAA,IAAA,CAAK,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,IACzB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,GAAA,EAA2C;AACxD,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,QAAQ,KAAA,EAAM;AAAA,EACrB;AACF,CAAA;;;AClIA,IAAM,cAAA,GAA2C;AAAA,EAC/C,SAAA,EAAW,gBAAA;AAAA,EACX,UAAA,EAAY,IAAA;AAAA,EACZ,OAAA,EAAS,IAAA;AAAA,EACT,MAAA,EAAQ,IAAA;AAAA,EACR,OAAA,EAAS,mBAAA;AAAA,EACT,UAAA,EAAY,GAAA;AAAA,EACZ,KAAA,EAAO;AACT,CAAA;AAKA,IAAI,YAAA,GAAsC,IAAA;AAK1C,SAAS,eAAA,GAAkC;AACzC,EAAA,IAAI,CAAC,YAAA,EAAc;AACjB,IAAA,YAAA,GAAe,IAAI,WAAA,EAAY;AAAA,EACjC;AACA,EAAA,OAAO,YAAA;AACT;AAKA,SAAS,aAAa,IAAA,EAA4D;AAChF,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,cAAA;AACH,MAAA,OAAO,IAAI,oBAAA,EAAqB;AAAA,IAClC,KAAK,cAAA;AACH,MAAA,OAAO,IAAI,oBAAA,EAAqB;AAAA,IAClC,KAAK,gBAAA;AAAA,IACL;AACE,MAAA,OAAO,IAAI,sBAAA,EAAuB;AAAA;AAExC;AAKA,SAAS,uBAAuB,IAAA,EAA8B;AAC5D,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAE5B,EAAA,OAAA,CAAQ,GAAA,CAAI,mBAAA,EAAqB,MAAA,CAAO,IAAA,CAAK,KAAK,CAAC,CAAA;AACnD,EAAA,OAAA,CAAQ,GAAA,CAAI,uBAAA,EAAyB,MAAA,CAAO,IAAA,CAAK,SAAS,CAAC,CAAA;AAC3D,EAAA,OAAA,CAAQ,GAAA,CAAI,mBAAA,EAAqB,MAAA,CAAO,IAAA,CAAK,KAAK,CAAC,CAAA;AAEnD,EAAA,IAAI,IAAA,CAAK,OAAA,IAAW,IAAA,CAAK,UAAA,EAAY;AACnC,IAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe,MAAA,CAAO,IAAA,CAAK,UAAU,CAAC,CAAA;AAAA,EACpD;AAEA,EAAA,OAAO,OAAA;AACT;AAKA,SAAS,YAAA,CAAa,QAAiB,MAAA,EAAuB;AAC5D,EAAA,MAAA,CAAO,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AAC7B,IAAA,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,EACvB,CAAC,CAAA;AACH;AAKA,eAAe,aAAA,CACb,OAAA,EACA,UAAA,EACA,MAAA,EACA,OAAA,EACiB;AACjB,EAAA,IAAI,OAAO,eAAe,UAAA,EAAY;AACpC,IAAA,MAAM,EAAA,GAAK,MAAM,UAAA,CAAW,OAAO,CAAA;AACnC,IAAA,OAAO,CAAA,EAAG,MAAM,CAAA,QAAA,EAAW,EAAE,CAAA,CAAA;AAAA,EAC/B;AAEA,EAAA,IAAI,eAAe,MAAA,EAAQ;AAEzB,IAAA,MAAM,SAAS,OAAA,EAAS,IAAA,GACnB,OAAA,CAAQ,IAAA,CAAyB,MAAM,WAAA,GACxC,WAAA;AACJ,IAAA,OAAO,CAAA,EAAG,MAAM,CAAA,MAAA,EAAS,MAAM,CAAA,CAAA;AAAA,EACjC;AAGA,EAAA,MAAM,EAAA,GAAK,YAAY,OAAO,CAAA;AAC9B,EAAA,OAAO,CAAA,EAAG,MAAM,CAAA,IAAA,EAAO,EAAE,CAAA,CAAA;AAC3B;AAkCO,SAAS,aAAA,CACd,SAIA,MAAA,EAC6E;AAE7E,EAAA,MAAM,WAAA,GAAyC;AAAA,IAC7C,GAAG,cAAA;AAAA,IACH,GAAG,MAAA;AAAA,IACH,KAAA,EAAO,MAAA,CAAO,KAAA,IAAS,eAAA;AAAgB,GACzC;AAGA,EAAA,MAAM,QAAA,GAAW,aAAA,CAAc,WAAA,CAAY,MAAM,CAAA;AAGjD,EAAA,MAAM,SAAA,GAAY,YAAA,CAAa,WAAA,CAAY,SAAS,CAAA;AAGpD,EAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,KAAA,GACtB,CAAC,KAAa,IAAA,KAAmB;AAE/B,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,yBAAA,EAA4B,GAAG,CAAA,CAAA,EAAI,QAAQ,EAAE,CAAA;AAAA,EAC3D,IACA,MAAM;AAAA,EAAC,CAAA;AAEX,EAAA,KAAA,CAAM,aAAA,EAAe;AAAA,IACnB,OAAO,WAAA,CAAY,KAAA;AAAA,IACnB,QAAQ,WAAA,CAAY,MAAA;AAAA,IACpB,WAAW,WAAA,CAAY;AAAA,GACxB,CAAA;AAED,EAAA,OAAO,OACL,SACA,OAAA,KACsB;AAEtB,IAAA,MAAM,MAA4D,OAAA,IAAW;AAAA,MAC3E,IAAA,EAAM,IAAA;AAAA,MACN,SAAA,EAAW,OAAO,UAAA,EAAW;AAAA,MAC7B,EAAA,EAAI,YAAY,OAAO,CAAA;AAAA,MACvB,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,EAAA;AAAA,MAChD,SAAA,EAAW,KAAK,GAAA,EAAI;AAAA,MACpB,UAAU;AAAC,KACb;AAEA,IAAA,IAAI;AAEF,MAAA,IAAI,YAAY,IAAA,EAAM;AACpB,QAAA,MAAM,UAAA,GAAa,MAAM,WAAA,CAAY,IAAA,CAAK,OAAO,CAAA;AACjD,QAAA,IAAI,UAAA,EAAY;AACd,UAAA,KAAA,CAAM,2BAA2B,CAAA;AACjC,UAAA,OAAO,OAAA,CAAQ,SAAS,GAAG,CAAA;AAAA,QAC7B;AAAA,MACF;AAGA,MAAA,MAAM,MAAM,MAAM,aAAA;AAAA,QAChB,OAAA;AAAA,QACA,WAAA,CAAY,UAAA;AAAA,QACZ,WAAA,CAAY,MAAA;AAAA,QACZ;AAAA,OACF;AACA,MAAA,KAAA,CAAM,kBAAkB,GAAG,CAAA;AAG3B,MAAA,MAAM,IAAA,GAAO,MAAM,SAAA,CAAU,KAAA;AAAA,QAC3B,WAAA,CAAY,KAAA;AAAA,QACZ,GAAA;AAAA,QACA,WAAA,CAAY,KAAA;AAAA,QACZ;AAAA,OACF;AACA,MAAA,KAAA,CAAM,mBAAmB,IAAI,CAAA;AAG7B,MAAA,GAAA,CAAI,SAAA,GAAY,IAAA;AAGhB,MAAA,IAAI,KAAK,OAAA,EAAS;AAChB,QAAA,KAAA,CAAM,sBAAsB,CAAA;AAG5B,QAAA,IAAI,YAAY,OAAA,EAAS;AACvB,UAAA,MAAMA,SAAAA,GAAW,MAAM,WAAA,CAAY,OAAA,CAAQ,SAAS,IAAI,CAAA;AAGxD,UAAA,IAAI,YAAY,OAAA,EAAS;AACvB,YAAA,MAAM,gBAAA,GAAmB,uBAAuB,IAAI,CAAA;AACpD,YAAA,YAAA,CAAaA,SAAAA,CAAS,SAAS,gBAAgB,CAAA;AAAA,UACjD;AAEA,UAAA,OAAOA,SAAAA;AAAA,QACT;AAGA,QAAA,MAAM,KAAA,GAAQ,IAAI,cAAA,CAAe;AAAA,UAC/B,UAAA,EAAY,KAAK,UAAA,IAAc,EAAA;AAAA,UAC/B,OAAA,EAAS,KAAK,KAAA,GAAQ,GAAA;AAAA,UACtB,SAAS,WAAA,CAAY;AAAA,SACtB,CAAA;AAED,QAAA,MAAMA,SAAAA,GAAW,MAAM,UAAA,EAAW;AAElC,QAAA,IAAI,YAAY,OAAA,EAAS;AACvB,UAAA,MAAM,gBAAA,GAAmB,uBAAuB,IAAI,CAAA;AACpD,UAAA,YAAA,CAAaA,SAAAA,CAAS,SAAS,gBAAgB,CAAA;AAAA,QACjD;AAEA,QAAA,OAAOA,SAAAA;AAAA,MACT;AAGA,MAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,OAAA,EAAS,GAAG,CAAA;AAG3C,MAAA,IAAI,YAAY,OAAA,EAAS;AAEvB,QAAA,MAAM,WAAA,GAAc,IAAI,QAAA,CAAS,QAAA,CAAS,IAAA,EAAM;AAAA,UAC9C,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,YAAY,QAAA,CAAS,UAAA;AAAA,UACrB,OAAA,EAAS,IAAI,OAAA,CAAQ,QAAA,CAAS,OAAO;AAAA,SACtC,CAAA;AAED,QAAA,MAAM,gBAAA,GAAmB,uBAAuB,IAAI,CAAA;AACpD,QAAA,YAAA,CAAa,WAAA,CAAY,SAAS,gBAAgB,CAAA;AAElD,QAAA,OAAO,WAAA;AAAA,MACT;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,KAAA,CAAM,kCAAkC,KAAK,CAAA;AAG7C,MAAA,IAAI,iBAAiB,cAAA,EAAgB;AACnC,QAAA,MAAM,KAAA;AAAA,MACR;AAKA,MAAA,OAAA,CAAQ,KAAA,CAAM,mCAAmC,KAAK,CAAA;AACtD,MAAA,OAAO,OAAA,CAAQ,SAAS,GAAG,CAAA;AAAA,IAC7B;AAAA,EACF,CAAA;AACF;AAgBO,SAAS,kBAAkB,MAAA,EAAyB;AACzD,EAAA,OAAO,CACL,OAAA,KAIG,aAAA,CAAc,OAAA,EAAS,MAAM,CAAA;AACpC;AAuBA,eAAsB,cAAA,CACpB,SACA,MAAA,EAMC;AACD,EAAA,MAAM,WAAA,GAAc;AAAA,IAClB,GAAG,cAAA;AAAA,IACH,GAAG,MAAA;AAAA,IACH,KAAA,EAAO,MAAA,CAAO,KAAA,IAAS,eAAA;AAAgB,GACzC;AAEA,EAAA,MAAM,QAAA,GAAW,aAAA,CAAc,WAAA,CAAY,MAAM,CAAA;AACjD,EAAA,MAAM,SAAA,GAAY,YAAA,CAAa,WAAA,CAAY,SAAS,CAAA;AAGpD,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,MAAM,UAAA,GAAa,MAAM,WAAA,CAAY,IAAA,CAAK,OAAO,CAAA;AACjD,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,MAAMC,KAAAA,GAAsB;AAAA,QAC1B,OAAO,WAAA,CAAY,KAAA;AAAA,QACnB,WAAW,WAAA,CAAY,KAAA;AAAA,QACvB,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,QAAA,GAAW,GAAI,CAAA;AAAA,QACjE,OAAA,EAAS;AAAA,OACX;AACA,MAAA,OAAO,EAAE,SAAS,IAAA,EAAM,IAAA,EAAAA,OAAM,OAAA,EAAS,IAAI,SAAQ,EAAE;AAAA,IACvD;AAAA,EACF;AAEA,EAAA,MAAM,MAAM,MAAM,aAAA,CAAc,SAAS,WAAA,CAAY,UAAA,EAAY,YAAY,MAAM,CAAA;AACnF,EAAA,MAAM,IAAA,GAAO,MAAM,SAAA,CAAU,KAAA,CAAM,YAAY,KAAA,EAAO,GAAA,EAAK,WAAA,CAAY,KAAA,EAAO,QAAQ,CAAA;AACtF,EAAA,MAAM,UAAU,WAAA,CAAY,OAAA,GAAU,uBAAuB,IAAI,CAAA,GAAI,IAAI,OAAA,EAAQ;AAEjF,EAAA,IAAI,KAAK,OAAA,EAAS;AAChB,IAAA,IAAI,QAAA;AAEJ,IAAA,IAAI,YAAY,OAAA,EAAS;AACvB,MAAA,QAAA,GAAW,MAAM,WAAA,CAAY,OAAA,CAAQ,OAAA,EAAS,IAAI,CAAA;AAAA,IACpD,CAAA,MAAO;AACL,MAAA,MAAM,KAAA,GAAQ,IAAI,cAAA,CAAe;AAAA,QAC/B,UAAA,EAAY,KAAK,UAAA,IAAc,EAAA;AAAA,QAC/B,OAAA,EAAS,KAAK,KAAA,GAAQ,GAAA;AAAA,QACtB,SAAS,WAAA,CAAY;AAAA,OACtB,CAAA;AACD,MAAA,QAAA,GAAW,MAAM,UAAA,EAAW;AAAA,IAC9B;AAEA,IAAA,IAAI,YAAY,OAAA,EAAS;AACvB,MAAA,YAAA,CAAa,QAAA,CAAS,SAAS,OAAO,CAAA;AAAA,IACxC;AAEA,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,IAAA,EAAM,UAAU,OAAA,EAAQ;AAAA,EACnD;AAEA,EAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,EAAM,OAAA,EAAQ;AACxC;AAcA,eAAsB,cAAA,CACpB,IAAA,EACA,UAAA,EACA,OAAA,EAIe;AACf,EAAA,MAAM,KAAA,GAAQ,OAAA,EAAS,KAAA,IAAS,eAAA,EAAgB;AAChD,EAAA,MAAM,MAAA,GAAS,SAAS,MAAA,IAAU,IAAA;AAClC,EAAA,MAAM,MAAM,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,IAAI,UAAU,CAAA,CAAA;AAE3C,EAAA,MAAM,KAAA,CAAM,MAAM,GAAG,CAAA;AACvB;AAKA,eAAsB,kBAAA,CACpB,IAAA,EACA,UAAA,EACA,OAAA,EAIkD;AAClD,EAAA,MAAM,KAAA,GAAQ,OAAA,EAAS,KAAA,IAAS,eAAA,EAAgB;AAChD,EAAA,MAAM,MAAA,GAAS,SAAS,MAAA,IAAU,IAAA;AAClC,EAAA,MAAM,MAAM,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,IAAI,UAAU,CAAA,CAAA;AAE3C,EAAA,OAAO,KAAA,CAAM,IAAI,GAAG,CAAA;AACtB;AAKO,SAAS,kBAAA,GAA2B;AACzC,EAAA,IAAI,YAAA,IAAgB,WAAW,YAAA,EAAc;AAC3C,IAAC,aAA6B,KAAA,EAAM;AAAA,EACtC;AACF;AC1dA,IAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAKzB,SAAS,YAAY,MAAA,EAAwB;AAClD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAAC,kBAAA,CAAU,gBAAgB,KAAK,CAAA;AAC/B,EAAA,OAAO,MAAM,IAAA,CAAK,KAAK,CAAA,CACpB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACZ;AAKA,eAAe,eAAA,CAAgB,MAAc,MAAA,EAAiC;AAC5E,EAAA,MAAM,GAAA,GAAM,MAAMA,kBAAA,CAAU,MAAA,CAAO,SAAA;AAAA,IACjC,KAAA;AAAA,IACA,OAAA,CAAQ,OAAO,MAAM,CAAA;AAAA,IACrB,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,IAChC,KAAA;AAAA,IACA,CAAC,MAAM;AAAA,GACT;AAEA,EAAA,MAAM,GAAA,GAAM,MAAMA,kBAAA,CAAU,MAAA,CAAO,IAAA,CAAK,QAAQ,GAAA,EAAK,OAAA,CAAQ,MAAA,CAAO,IAAI,CAAC,CAAA;AACzE,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,UAAA,CAAW,GAAG,CAAC,CAAA,CAClC,IAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACZ;AAKA,SAAS,WAAA,CAAY,GAAW,CAAA,EAAoB;AAClD,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAElC,EAAA,IAAI,MAAA,GAAS,CAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,IAAA,MAAA,IAAU,EAAE,UAAA,CAAW,CAAC,CAAA,GAAI,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EAC5C;AACA,EAAA,OAAO,MAAA,KAAW,CAAA;AACpB;AAKA,eAAsB,WAAA,CACpB,MAAA,EACA,MAAA,GAAiB,EAAA,EACA;AACjB,EAAA,MAAM,IAAA,GAAO,YAAY,MAAM,CAAA;AAC/B,EAAA,MAAM,GAAA,GAAM,MAAM,eAAA,CAAgB,IAAA,EAAM,MAAM,CAAA;AAC9C,EAAA,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA;AACvB;AAKA,eAAsB,WAAA,CACpB,OACA,MAAA,EACkB;AAClB,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,UAAU,OAAO,KAAA;AAEhD,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAC7B,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAE/B,EAAA,MAAM,CAAC,IAAA,EAAM,GAAG,CAAA,GAAI,KAAA;AACpB,EAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,GAAA,EAAK,OAAO,KAAA;AAE1B,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,IAAA,EAAM,MAAM,CAAA;AACnD,IAAA,OAAO,WAAA,CAAY,KAAK,QAAQ,CAAA;AAAA,EAClC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKO,SAAS,WAAA,CAAY,GAAW,CAAA,EAAoB;AACzD,EAAA,IAAI,CAAC,CAAA,IAAK,CAAC,CAAA,EAAG,OAAO,KAAA;AACrB,EAAA,OAAO,WAAA,CAAY,GAAG,CAAC,CAAA;AACzB;;;ACjFA,IAAM,cAAA,GAAoC;AAAA,EACxC,IAAA,EAAM,QAAA;AAAA,EACN,IAAA,EAAM,GAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,MAAA,EAAQ,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA;AAAA,EACjC,QAAA,EAAU,QAAA;AAAA,EACV,MAAA,EAAQ;AAAA;AACV,CAAA;AAEA,IAAMC,eAAAA,GAAiE;AAAA,EAErE,UAAA,EAAY,cAAA;AAAA,EACZ,SAAA,EAAW,OAAA;AAAA,EAEX,WAAA,EAAa,EAAA;AAAA,EACb,gBAAA,EAAkB,CAAC,MAAA,EAAQ,KAAA,EAAO,SAAS,QAAQ;AACrD,CAAA;AAEA,SAAS,UAAU,MAAA,EAA4B;AAC7C,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,OAAA,CAAQ,GAAA,CAAI,WAAA;AAC5C,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,iBAAA,CAAkB,IAAA,EAAc,KAAA,EAAe,IAAA,EAAiC;AACvF,EAAA,IAAI,MAAA,GAAS,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA;AAE7B,EAAA,IAAI,IAAA,CAAK,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,KAAK,IAAI,CAAA,CAAA;AAC5C,EAAA,IAAI,IAAA,CAAK,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,KAAK,MAAM,CAAA,CAAA;AAClD,EAAA,IAAI,IAAA,CAAK,MAAA,EAAQ,MAAA,IAAU,CAAA,UAAA,EAAa,KAAK,MAAM,CAAA,CAAA;AACnD,EAAA,IAAI,IAAA,CAAK,UAAU,MAAA,IAAU,YAAA;AAC7B,EAAA,IAAI,IAAA,CAAK,QAAQ,MAAA,IAAU,UAAA;AAC3B,EAAA,IAAI,IAAA,CAAK,QAAA,EAAU,MAAA,IAAU,CAAA,WAAA,EAAc,KAAK,QAAQ,CAAA,CAAA;AAExD,EAAA,OAAO,MAAA;AACT;AAKA,eAAe,YAAA,CACb,GAAA,EACA,UAAA,EACA,SAAA,EACwB;AAExB,EAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAC9C,EAAA,IAAI,aAAa,OAAO,WAAA;AAGxB,EAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AAEvD,EAAA,IAAI,WAAA,CAAY,QAAA,CAAS,mCAAmC,CAAA,EAAG;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAI,KAAA,EAAM;AACzB,MAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,QAAA,EAAS;AACvC,MAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,GAAA,CAAI,SAAS,CAAA;AACpC,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA;AAAA,IACxC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,IAAI,WAAA,CAAY,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC5C,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAI,KAAA,EAAM;AACzB,MAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,IAAA,EAAK;AAC/B,MAAA,IAAI,IAAA,IAAQ,OAAO,IAAA,CAAK,SAAS,MAAM,QAAA,EAAU;AAC/C,QAAA,OAAO,KAAK,SAAS,CAAA;AAAA,MACvB;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,oBAAA,CAAqB,MAAmB,MAAA,EAA0B;AACzE,EAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,wBAAA,EAA0B,MAAA,EAAQ,CAAA,EAAG;AAAA,IAC/E,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC/C,CAAA;AACH;AAUO,SAAS,QAAA,CAAS,OAAA,EAAuB,MAAA,GAAqB,EAAC,EAAiB;AACrF,EAAA,MAAM,MAAA,GAAS,UAAU,MAAM,CAAA;AAC/B,EAAA,MAAM,aAAa,EAAE,GAAG,cAAA,EAAgB,GAAG,OAAO,MAAA,EAAO;AACzD,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,UAAA,IAAcA,eAAAA,CAAe,UAAA;AACvD,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,SAAA,IAAaA,eAAAA,CAAe,SAAA;AACrD,EAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,gBAAA,IAAoBA,eAAAA,CAAe,gBAAA;AACnE,EAAA,MAAM,OAAA,GAAU,OAAO,OAAA,IAAW,oBAAA;AAElC,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,MAAA,CAAO,WAAA,EAAY;AAGtC,IAAA,IAAI,CAAC,gBAAA,CAAiB,QAAA,CAAS,MAAM,CAAA,EAAG;AACtC,MAAA,OAAO,QAAQ,GAAG,CAAA;AAAA,IACpB;AAGA,IAAA,IAAI,OAAO,IAAA,EAAM;AACf,MAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AACxC,MAAA,IAAI,UAAA,EAAY,OAAO,OAAA,CAAQ,GAAG,CAAA;AAAA,IACpC;AAEA,IAAA,MAAM,UAAA,GAAa,WAAW,IAAA,IAAQ,QAAA;AACtC,IAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,KAAA;AAGjD,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,OAAA,CAAQ,KAAK,gBAAgB,CAAA;AAAA,IACtC;AAGA,IAAA,MAAM,WAAA,GAAc,MAAM,WAAA,CAAY,WAAA,EAAa,MAAM,CAAA;AACzD,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,OAAA,CAAQ,KAAK,gBAAgB,CAAA;AAAA,IACtC;AAGA,IAAA,MAAM,YAAA,GAAe,MAAM,YAAA,CAAa,GAAA,EAAK,YAAY,SAAS,CAAA;AAClE,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAO,OAAA,CAAQ,KAAK,eAAe,CAAA;AAAA,IACrC;AAGA,IAAA,IAAI,CAAC,WAAA,CAAY,WAAA,EAAa,YAAY,CAAA,EAAG;AAC3C,MAAA,OAAO,OAAA,CAAQ,KAAK,gBAAgB,CAAA;AAAA,IACtC;AAEA,IAAA,OAAO,QAAQ,GAAG,CAAA;AAAA,EACpB,CAAA;AACF;AAMA,eAAsB,YAAA,CAAa,MAAA,GAAqB,EAAC,EAGtD;AACD,EAAA,MAAM,MAAA,GAAS,UAAU,MAAM,CAAA;AAC/B,EAAA,MAAM,aAAa,EAAE,GAAG,cAAA,EAAgB,GAAG,OAAO,MAAA,EAAO;AACzD,EAAA,MAAM,WAAA,GAAc,MAAA,CAAO,WAAA,IAAeA,eAAAA,CAAe,WAAA;AACzD,EAAA,MAAM,UAAA,GAAa,WAAW,IAAA,IAAQ,QAAA;AAEtC,EAAA,MAAM,KAAA,GAAQ,MAAM,WAAA,CAAY,MAAA,EAAQ,WAAW,CAAA;AACnD,EAAA,MAAM,YAAA,GAAe,iBAAA,CAAkB,UAAA,EAAY,KAAA,EAAO,UAAU,CAAA;AAEpE,EAAA,OAAO,EAAE,OAAO,YAAA,EAAa;AAC/B;AAMA,eAAsB,YAAA,CACpB,GAAA,EACA,MAAA,GAAqB,EAAC,EACwB;AAC9C,EAAA,MAAM,MAAA,GAAS,UAAU,MAAM,CAAA;AAC/B,EAAA,MAAM,aAAa,EAAE,GAAG,cAAA,EAAgB,GAAG,OAAO,MAAA,EAAO;AACzD,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,UAAA,IAAcA,eAAAA,CAAe,UAAA;AACvD,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,SAAA,IAAaA,eAAAA,CAAe,SAAA;AACrD,EAAA,MAAM,UAAA,GAAa,WAAW,IAAA,IAAQ,QAAA;AAEtC,EAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,KAAA;AACjD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,gBAAA,EAAiB;AAAA,EAClD;AAEA,EAAA,MAAM,WAAA,GAAc,MAAM,WAAA,CAAY,WAAA,EAAa,MAAM,CAAA;AACzD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,gBAAA,EAAiB;AAAA,EAClD;AAEA,EAAA,MAAM,YAAA,GAAe,MAAM,YAAA,CAAa,GAAA,EAAK,YAAY,SAAS,CAAA;AAClE,EAAA,IAAI,CAAC,YAAA,EAAc;AACjB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,eAAA,EAAgB;AAAA,EACjD;AAEA,EAAA,IAAI,CAAC,WAAA,CAAY,WAAA,EAAa,YAAY,CAAA,EAAG;AAC3C,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,gBAAA,EAAiB;AAAA,EAClD;AAEA,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACvB;;;AC7EO,IAAM,OAAA,GAAU","file":"index.cjs","sourcesContent":["/*\n Custom error classes for next-secure\n /\n\n/\n Base error class for all next-secure errors\n /\nexport class SecureError extends Error {\n /\n HTTP status code\n /\n public readonly statusCode: number\n\n /\n Error code for programmatic handling\n /\n public readonly code: string\n\n /\n Additional error details\n /\n public readonly details?: Record<string, unknown>\n\n constructor(\n message: string,\n options: {\n statusCode?: number\n code?: string\n details?: Record<string, unknown>\n cause?: Error\n } = {}\n ) {\n super(message, { cause: options.cause })\n this.name = 'SecureError'\n this.statusCode = options.statusCode ?? 500\n this.code = options.code ?? 'SECURE_ERROR'\n this.details = options.details\n\n // Maintains proper stack trace for where error was thrown\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor)\n }\n }\n\n /\n Convert error to JSON response\n /\n toJSON(): Record<string, unknown> {\n return {\n error: this.name,\n message: this.message,\n code: this.code,\n ...(this.details && { details: this.details }),\n }\n }\n\n /\n Create a Response object from this error\n /\n toResponse(headers?: HeadersInit): Response {\n return new Response(JSON.stringify(this.toJSON()), {\n status: this.statusCode,\n headers: {\n 'Content-Type': 'application/json',\n ...headers,\n },\n })\n }\n}\n\n/\n Rate limit exceeded error\n /\nexport class RateLimitError extends SecureError {\n /\n Seconds until rate limit resets\n /\n public readonly retryAfter: number\n\n /\n Unix timestamp when limit resets\n /\n public readonly resetAt: number\n\n constructor(\n options: {\n retryAfter: number\n resetAt: number\n message?: string\n details?: Record<string, unknown>\n }\n ) {\n super(options.message ?? 'Too Many Requests', {\n statusCode: 429,\n code: 'RATE_LIMIT_EXCEEDED',\n details: options.details,\n })\n this.name = 'RateLimitError'\n this.retryAfter = options.retryAfter\n this.resetAt = options.resetAt\n }\n\n override toJSON(): Record<string, unknown> {\n return {\n ...super.toJSON(),\n retryAfter: this.retryAfter,\n }\n }\n\n override toResponse(headers?: HeadersInit): Response {\n return new Response(JSON.stringify(this.toJSON()), {\n status: this.statusCode,\n headers: {\n 'Content-Type': 'application/json',\n 'Retry-After': String(this.retryAfter),\n ...headers,\n },\n })\n }\n}\n\n/\n Authentication error\n /\nexport class AuthenticationError extends SecureError {\n constructor(\n message = 'Authentication required',\n options: {\n code?: string\n details?: Record<string, unknown>\n cause?: Error\n } = {}\n ) {\n super(message, {\n statusCode: 401,\n code: options.code ?? 'AUTHENTICATION_REQUIRED',\n details: options.details,\n cause: options.cause,\n })\n this.name = 'AuthenticationError'\n }\n}\n\n/\n Authorization error (authenticated but not permitted)\n /\nexport class AuthorizationError extends SecureError {\n constructor(\n message = 'Access denied',\n options: {\n code?: string\n details?: Record<string, unknown>\n cause?: Error\n } = {}\n ) {\n super(message, {\n statusCode: 403,\n code: options.code ?? 'ACCESS_DENIED',\n details: options.details,\n cause: options.cause,\n })\n this.name = 'AuthorizationError'\n }\n}\n\n/\n Validation error\n /\nexport class ValidationError extends SecureError {\n /\n Field-level validation errors\n /\n public readonly errors: Array<{\n field: string\n message: string\n code?: string\n }>\n\n constructor(\n errors: Array<{ field: string; message: string; code?: string }>,\n message = 'Validation failed'\n ) {\n super(message, {\n statusCode: 400,\n code: 'VALIDATION_ERROR',\n details: { errors },\n })\n this.name = 'ValidationError'\n this.errors = errors\n }\n\n override toJSON(): Record<string, unknown> {\n return {\n ...super.toJSON(),\n errors: this.errors,\n }\n }\n}\n\n/\n CSRF token error\n /\nexport class CsrfError extends SecureError {\n constructor(\n message = 'Invalid or missing CSRF token',\n options: {\n details?: Record<string, unknown>\n } = {}\n ) {\n super(message, {\n statusCode: 403,\n code: 'CSRF_TOKEN_INVALID',\n details: options.details,\n })\n this.name = 'CsrfError'\n }\n}\n\n/\n Configuration error\n /\nexport class ConfigurationError extends SecureError {\n constructor(\n message: string,\n options: {\n details?: Record<string, unknown>\n cause?: Error\n } = {}\n ) {\n super(message, {\n statusCode: 500,\n code: 'CONFIGURATION_ERROR',\n details: options.details,\n cause: options.cause,\n })\n this.name = 'ConfigurationError'\n }\n}\n\n/\n Check if an error is a SecureError\n /\nexport function isSecureError(error: unknown): error is SecureError {\n return error instanceof SecureError\n}\n\n/\n Convert unknown error to SecureError\n /\nexport function toSecureError(error: unknown): SecureError {\n if (error instanceof SecureError) {\n return error\n }\n\n if (error instanceof Error) {\n return new SecureError(error.message, {\n cause: error,\n })\n }\n\n return new SecureError(String(error))\n}\n","/\n Time parsing and manipulation utilities\n /\n\nimport type { Duration } from '../core/types'\n\n/\n Time unit multipliers in milliseconds\n /\nconst TIME_UNITS: Record<string, number> = {\n ms: 1,\n s: 1000,\n m: 60 1000,\n h: 60 * 60 * 1000,\n d: 24 * 60 * 60 * 1000,\n}\n\n/*\n Extended time unit names\n /\nconst TIME_UNIT_ALIASES: Record<string, string> = {\n millisecond: 'ms',\n milliseconds: 'ms',\n second: 's',\n seconds: 's',\n sec: 's',\n secs: 's',\n minute: 'm',\n minutes: 'm',\n min: 'm',\n mins: 'm',\n hour: 'h',\n hours: 'h',\n hr: 'h',\n hrs: 'h',\n day: 'd',\n days: 'd',\n}\n\n/\n Parse a duration string or number to milliseconds\n \n @example\n * ```typescript\n * parseDuration('15m') // 900000 (15 minutes)\n * parseDuration('1h') // 3600000 (1 hour)\n * parseDuration('30s') // 30000 (30 seconds)\n * parseDuration('1d') // 86400000 (1 day)\n * parseDuration(60000) // 60000 (already in ms)\n * parseDuration('2 hours') // 7200000 (2 hours)\n * parseDuration('1h 30m') // 5400000 (1.5 hours)\n * ```\n \n @param duration - Duration string (e.g., '15m', '1h', '30s') or number in milliseconds\n * @returns Duration in milliseconds\n * @throws Error if the duration format is invalid\n /\nexport function parseDuration(duration: Duration \| string): number {\n // If it's already a number, return as-is\n if (typeof duration === 'number') {\n if (duration < 0) {\n throw new Error(`Invalid duration: ${duration}. Duration must be non-negative.`)\n }\n return duration\n }\n\n // Trim and lowercase the string\n const input = duration.trim().toLowerCase()\n\n if (!input) {\n throw new Error('Invalid duration: empty string')\n }\n\n // Try to parse as a simple number (assume milliseconds)\n const numericValue = Number(input)\n if (!isNaN(numericValue)) {\n if (numericValue < 0) {\n throw new Error(`Invalid duration: ${duration}. Duration must be non-negative.`)\n }\n return numericValue\n }\n\n // Handle compound durations like \"1h 30m\" or \"1h30m\"\n let totalMs = 0\n const regex = /(\\d+(?:\\.\\d+)?)\\s([a-z]+)/g\n let match: RegExpExecArray \| null\n let hasMatch = false\n\n while ((match = regex.exec(input)) !== null) {\n hasMatch = true\n const value = parseFloat(match[1])\n let unit = match[2]\n\n // Resolve unit aliases\n if (unit in TIME_UNIT_ALIASES) {\n unit = TIME_UNIT_ALIASES[unit]\n }\n\n // Get multiplier\n const multiplier = TIME_UNITS[unit]\n if (multiplier === undefined) {\n throw new Error(\n `Invalid duration unit: \"${unit}\" in \"${duration}\". ` +\n `Valid units: s, m, h, d (or seconds, minutes, hours, days)`\n )\n }\n\n totalMs += value * multiplier\n }\n\n if (!hasMatch) {\n throw new Error(\n `Invalid duration format: \"${duration}\". ` +\n `Expected format like \"15m\", \"1h\", \"30s\", \"1d\", or \"1h 30m\"`\n )\n }\n\n return Math.floor(totalMs)\n}\n\n/*\n Format milliseconds to a human-readable duration string\n \n @example\n * ```typescript\n * formatDuration(900000) // \"15m\"\n * formatDuration(3600000) // \"1h\"\n * formatDuration(5400000) // \"1h 30m\"\n * formatDuration(86400000) // \"1d\"\n * formatDuration(90061000) // \"1d 1h 1m 1s\"\n * ```\n \n @param ms - Duration in milliseconds\n * @param options - Formatting options\n * @returns Human-readable duration string\n /\nexport function formatDuration(\n ms: number,\n options: {\n /\n Use long unit names (e.g., \"minutes\" instead of \"m\")\n /\n long?: boolean\n /\n Maximum number of units to include\n /\n maxUnits?: number\n /\n Separator between units\n /\n separator?: string\n } = {}\n): string {\n const { long = false, maxUnits = 4, separator = ' ' } = options\n\n if (ms < 0) {\n return `-${formatDuration(-ms, options)}`\n }\n\n if (ms === 0) {\n return long ? '0 seconds' : '0s'\n }\n\n const units: Array<{ value: number; short: string; long: string; longPlural: string }> = [\n { value: 86400000, short: 'd', long: 'day', longPlural: 'days' },\n { value: 3600000, short: 'h', long: 'hour', longPlural: 'hours' },\n { value: 60000, short: 'm', long: 'minute', longPlural: 'minutes' },\n { value: 1000, short: 's', long: 'second', longPlural: 'seconds' },\n { value: 1, short: 'ms', long: 'millisecond', longPlural: 'milliseconds' },\n ]\n\n const parts: string[] = []\n let remaining = ms\n\n for (const unit of units) {\n if (parts.length >= maxUnits) break\n if (remaining >= unit.value) {\n const count = Math.floor(remaining / unit.value)\n remaining = remaining % unit.value\n\n if (long) {\n parts.push(`${count} ${count === 1 ? unit.long : unit.longPlural}`)\n } else {\n parts.push(`${count}${unit.short}`)\n }\n }\n }\n\n return parts.join(separator)\n}\n\n/\n Get the current timestamp in seconds (Unix timestamp)\n /\nexport function nowInSeconds(): number {\n return Math.floor(Date.now() / 1000)\n}\n\n/\n Get the current timestamp in milliseconds\n /\nexport function nowInMs(): number {\n return Date.now()\n}\n\n/\n Calculate reset time for a fixed window\n \n @param windowMs - Window size in milliseconds\n * @returns Unix timestamp (seconds) when the window resets\n /\nexport function getWindowReset(windowMs: number): number {\n const now = Date.now()\n const windowStart = Math.floor(now / windowMs) windowMs\n const windowEnd = windowStart + windowMs\n return Math.floor(windowEnd / 1000)\n}\n\n/*\n Get the start of the current window\n \n @param windowMs - Window size in milliseconds\n * @returns Timestamp (ms) of window start\n /\nexport function getWindowStart(windowMs: number): number {\n return Math.floor(Date.now() / windowMs) windowMs\n}\n\n/*\n Sleep for a specified duration\n \n @param duration - Duration to sleep\n * @returns Promise that resolves after the duration\n /\nexport function sleep(duration: Duration \| string): Promise<void> {\n const ms = parseDuration(duration)\n return new Promise((resolve) => setTimeout(resolve, ms))\n}\n\n/\n Check if a timestamp has expired\n \n @param timestampMs - Timestamp in milliseconds\n * @param ttlMs - Time-to-live in milliseconds\n * @returns true if expired\n /\nexport function isExpired(timestampMs: number, ttlMs: number): boolean {\n return Date.now() > timestampMs + ttlMs\n}\n\n/\n Calculate time until expiration\n \n @param expiresAt - Expiration timestamp in milliseconds\n * @returns Milliseconds until expiration (0 if already expired)\n /\nexport function timeUntilExpiry(expiresAt: number): number {\n return Math.max(0, expiresAt - Date.now())\n}\n\n/\n Convert seconds to milliseconds\n /\nexport function secondsToMs(seconds: number): number {\n return seconds 1000\n}\n\n/*\n Convert milliseconds to seconds\n /\nexport function msToSeconds(ms: number): number {\n return Math.floor(ms / 1000)\n}\n","/\n IP address extraction and validation utilities\n /\n\nimport type { NextRequest } from '../core/types'\n\n/\n Headers to check for client IP (in order of priority)\n /\nconst IP_HEADERS = [\n // Cloudflare\n 'cf-connecting-ip',\n // Vercel\n 'x-real-ip',\n // Standard forwarded header (RFC 7239)\n 'x-forwarded-for',\n // AWS ELB\n 'x-client-ip',\n // Azure\n 'client-ip',\n // Fastly\n 'fastly-client-ip',\n // Akamai\n 'true-client-ip',\n // Google Cloud\n 'x-appengine-user-ip',\n // Fly.io\n 'fly-client-ip',\n] as const\n\n/\n Localhost/private IP patterns\n /\nconst PRIVATE_IP_PATTERNS = [\n /^127\\./, // IPv4 loopback\n /^10\\./, // Private class A\n /^172\\.(1[6-9]\|2[0-9]\|3[01])\\./, // Private class B\n /^192\\.168\\./, // Private class C\n /^::1$/, // IPv6 loopback\n /^fe80:/i, // IPv6 link-local\n /^fc00:/i, // IPv6 unique local\n /^fd[0-9a-f]{2}:/i, // IPv6 unique local\n]\n\n/\n IPv4 validation regex\n /\nconst IPV4_REGEX = /^(?:(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)$/\n\n/\n IPv6 validation regex (simplified)\n /\nconst IPV6_REGEX = /^(?:[a-fA-F0-9]{1,4}:){7}[a-fA-F0-9]{1,4}$\|^::1$\|^::$\|^(?:[a-fA-F0-9]{1,4}:):(?:[a-fA-F0-9]{1,4}:)[a-fA-F0-9]{1,4}$/\n\n/\n Options for IP extraction\n /\nexport interface GetIpOptions {\n /\n Trust proxy headers (default: true)\n * Set to false in direct-to-client setups\n /\n trustProxy?: boolean\n\n /\n Additional headers to check (checked first)\n /\n customHeaders?: string[]\n\n /\n Fallback IP when none found\n /\n fallback?: string\n}\n\n/\n Extract client IP address from request\n \n @example\n * ```typescript\n * // Basic usage\n * const ip = getClientIp(request)\n \n // With options\n * const ip = getClientIp(request, {\n * trustProxy: true,\n * customHeaders: ['my-custom-ip-header'],\n * fallback: '0.0.0.0'\n * })\n * ```\n \n @param request - Next.js request object\n * @param options - Extraction options\n * @returns Client IP address or fallback\n /\nexport function getClientIp(request: NextRequest, options: GetIpOptions = {}): string {\n const { trustProxy = true, customHeaders = [], fallback = '127.0.0.1' } = options\n\n // First, check if Next.js has already extracted the IP\n if (request.ip) {\n return normalizeIp(request.ip)\n }\n\n if (!trustProxy) {\n return fallback\n }\n\n // Check custom headers first\n for (const header of customHeaders) {\n const value = request.headers.get(header)\n if (value) {\n const ip = parseIpFromHeader(value)\n if (ip) return ip\n }\n }\n\n // Check standard headers\n for (const header of IP_HEADERS) {\n const value = request.headers.get(header)\n if (value) {\n const ip = parseIpFromHeader(value)\n if (ip) return ip\n }\n }\n\n return fallback\n}\n\n/\n Parse IP from header value\n * Handles comma-separated lists (x-forwarded-for)\n /\nfunction parseIpFromHeader(headerValue: string): string \| null {\n // x-forwarded-for can have multiple IPs: \"client, proxy1, proxy2\"\n // The first one is the client IP\n const ips = headerValue.split(',').map((ip) => ip.trim())\n\n for (const ip of ips) {\n const normalized = normalizeIp(ip)\n if (isValidIp(normalized)) {\n return normalized\n }\n }\n\n return null\n}\n\n/\n Normalize an IP address\n * - Removes IPv6 brackets\n * - Removes port numbers\n * - Trims whitespace\n /\nexport function normalizeIp(ip: string): string {\n let normalized = ip.trim()\n\n // Remove IPv6 brackets: [::1] -> ::1\n if (normalized.startsWith('[') && normalized.includes(']')) {\n normalized = normalized.slice(1, normalized.indexOf(']'))\n }\n\n // Remove port: 192.168.1.1:8080 -> 192.168.1.1\n // For IPv4 with port\n if (normalized.includes(':') && !normalized.includes('::')) {\n const lastColon = normalized.lastIndexOf(':')\n const potentialPort = normalized.slice(lastColon + 1)\n if (/^\\d+$/.test(potentialPort)) {\n normalized = normalized.slice(0, lastColon)\n }\n }\n\n // Handle IPv4-mapped IPv6: ::ffff:192.168.1.1 -> 192.168.1.1\n if (normalized.toLowerCase().startsWith('::ffff:')) {\n const ipv4Part = normalized.slice(7)\n if (isValidIpv4(ipv4Part)) {\n return ipv4Part\n }\n }\n\n return normalized\n}\n\n/\n Check if an IP address is valid\n /\nexport function isValidIp(ip: string): boolean {\n return isValidIpv4(ip) \|\| isValidIpv6(ip)\n}\n\n/\n Check if an IPv4 address is valid\n /\nexport function isValidIpv4(ip: string): boolean {\n return IPV4_REGEX.test(ip)\n}\n\n/\n Check if an IPv6 address is valid\n /\nexport function isValidIpv6(ip: string): boolean {\n return IPV6_REGEX.test(ip) \|\| ip === '::1' \|\| ip === '::'\n}\n\n/\n Check if an IP is a private/local address\n /\nexport function isPrivateIp(ip: string): boolean {\n return PRIVATE_IP_PATTERNS.some((pattern) => pattern.test(ip))\n}\n\n/\n Check if an IP is localhost\n /\nexport function isLocalhost(ip: string): boolean {\n return ip === '127.0.0.1' \|\| ip === '::1' \|\| ip === 'localhost'\n}\n\n/\n Create a rate limit key from IP\n * Normalizes and optionally hashes the IP\n /\nexport function createIpKey(\n ip: string,\n options: {\n prefix?: string\n hash?: boolean\n } = {}\n): string {\n const { prefix = 'rl', hash = false } = options\n const normalizedIp = normalizeIp(ip)\n\n if (hash) {\n // Simple hash for privacy (not cryptographic)\n const hashCode = simpleHash(normalizedIp)\n return `${prefix}:ip:${hashCode}`\n }\n\n return `${prefix}:ip:${normalizedIp}`\n}\n\n/\n Simple non-cryptographic hash (for key generation)\n /\nfunction simpleHash(str: string): string {\n let hash = 0\n for (let i = 0; i < str.length; i++) {\n const char = str.charCodeAt(i)\n hash = ((hash << 5) - hash) + char\n hash = hash & hash // Convert to 32-bit integer\n }\n return Math.abs(hash).toString(36)\n}\n\n/\n Anonymize an IP address (for logging)\n * IPv4: 192.168.1.100 -> 192.168.1.xxx\n * IPv6: 2001:db8::1 -> 2001:db8::xxx\n /\nexport function anonymizeIp(ip: string): string {\n const normalized = normalizeIp(ip)\n\n if (isValidIpv4(normalized)) {\n const parts = normalized.split('.')\n parts[3] = 'xxx'\n return parts.join('.')\n }\n\n if (isValidIpv6(normalized)) {\n const parts = normalized.split(':')\n if (parts.length > 0) {\n parts[parts.length - 1] = 'xxxx'\n }\n return parts.join(':')\n }\n\n return 'xxx.xxx.xxx.xxx'\n}\n\n/\n Get geolocation info from request (if available)\n * Works with Vercel Edge and Cloudflare\n /\nexport function getGeoInfo(request: NextRequest): {\n country?: string\n city?: string\n region?: string\n latitude?: string\n longitude?: string\n} {\n // Vercel provides geo info on the request\n if (request.geo) {\n return {\n country: request.geo.country,\n city: request.geo.city,\n region: request.geo.region,\n latitude: request.geo.latitude,\n longitude: request.geo.longitude,\n }\n }\n\n // Cloudflare headers\n return {\n country: request.headers.get('cf-ipcountry') ?? undefined,\n city: request.headers.get('cf-ipcity') ?? undefined,\n region: request.headers.get('cf-region') ?? undefined,\n latitude: request.headers.get('cf-iplat') ?? undefined,\n longitude: request.headers.get('cf-iplong') ?? undefined,\n }\n}\n","/\n In-memory rate limit store\n \n Suitable for:\n * - Development\n * - Single-instance deployments\n * - Testing\n \n Not suitable for:\n * - Multi-instance/distributed deployments (use Redis/Upstash)\n * - Serverless (data lost between invocations)\n /\n\nimport type { RateLimitStore, MemoryStoreOptions } from '../types'\nimport { msToSeconds } from '../../../utils/time'\n\n/\n Entry stored in memory\n /\ninterface MemoryEntry {\n count: number\n reset: number // Unix timestamp (seconds)\n createdAt: number // Timestamp (ms)\n}\n\n/\n LRU-style memory store for rate limiting\n \n Features:\n * - Automatic cleanup of expired entries\n * - LRU eviction when max keys exceeded\n * - Zero dependencies\n * - Edge Runtime compatible\n \n @example\n * ```typescript\n * import { MemoryStore } from 'next-secure/rate-limit'\n \n const store = new MemoryStore({\n * cleanupInterval: 60000, // 1 minute\n * maxKeys: 10000\n * })\n * ```\n /\nexport class MemoryStore implements RateLimitStore {\n public readonly name = 'memory'\n\n private store: Map<string, MemoryEntry>\n private cleanupTimer: ReturnType<typeof setInterval> \| null = null\n private readonly maxKeys: number\n private readonly cleanupInterval: number\n\n constructor(options: MemoryStoreOptions = {}) {\n const { cleanupInterval = 60000, maxKeys = 10000 } = options\n\n this.store = new Map()\n this.maxKeys = maxKeys\n this.cleanupInterval = cleanupInterval\n\n // Start cleanup timer (only in long-running environments)\n if (typeof setInterval !== 'undefined' && cleanupInterval > 0) {\n this.startCleanupTimer()\n }\n }\n\n /\n Increment the counter for a key\n \n Note: The key should already include window information if needed.\n * This store is algorithm-agnostic - algorithms handle windowing logic.\n /\n async increment(\n key: string,\n windowMs: number\n ): Promise<{ count: number; reset: number }> {\n const now = Date.now()\n const defaultReset = msToSeconds(now + windowMs)\n\n const existing = this.store.get(key)\n\n if (existing) {\n // Increment existing entry\n existing.count++\n // Move to end (LRU update)\n this.store.delete(key)\n this.store.set(key, existing)\n return { count: existing.count, reset: existing.reset }\n }\n\n // New entry\n const entry: MemoryEntry = {\n count: 1,\n reset: defaultReset,\n createdAt: now,\n }\n\n // Check if we need to evict\n if (this.store.size >= this.maxKeys) {\n this.evictOldest()\n }\n\n this.store.set(key, entry)\n return { count: 1, reset: defaultReset }\n }\n\n /\n Get the current count for a key\n /\n async get(key: string): Promise<{ count: number; reset: number } \| null> {\n const entry = this.store.get(key)\n\n if (!entry) {\n return null\n }\n\n // Check if expired\n const now = Math.floor(Date.now() / 1000)\n if (entry.reset <= now) {\n this.store.delete(key)\n return null\n }\n\n return { count: entry.count, reset: entry.reset }\n }\n\n /\n Reset the counter for a key\n /\n async reset(key: string): Promise<void> {\n this.store.delete(key)\n }\n\n /\n Check if the store is healthy\n /\n async isHealthy(): Promise<boolean> {\n return true\n }\n\n /\n Cleanup expired entries\n /\n async cleanup(): Promise<void> {\n const now = Math.floor(Date.now() / 1000)\n const keysToDelete: string[] = []\n\n for (const [key, entry] of this.store) {\n if (entry.reset <= now) {\n keysToDelete.push(key)\n }\n }\n\n for (const key of keysToDelete) {\n this.store.delete(key)\n }\n }\n\n /\n Close the store (stop cleanup timer)\n /\n async close(): Promise<void> {\n this.stopCleanupTimer()\n this.store.clear()\n }\n\n /\n Get the current size of the store\n /\n get size(): number {\n return this.store.size\n }\n\n /\n Clear all entries\n /\n clear(): void {\n this.store.clear()\n }\n\n /\n Start the cleanup timer\n /\n private startCleanupTimer(): void {\n if (this.cleanupTimer) return\n\n this.cleanupTimer = setInterval(() => {\n void this.cleanup()\n }, this.cleanupInterval)\n\n // Unref to not keep the process alive\n if (typeof this.cleanupTimer === 'object' && 'unref' in this.cleanupTimer) {\n (this.cleanupTimer as NodeJS.Timeout).unref()\n }\n }\n\n /\n Stop the cleanup timer\n /\n private stopCleanupTimer(): void {\n if (this.cleanupTimer) {\n clearInterval(this.cleanupTimer)\n this.cleanupTimer = null\n }\n }\n\n /\n Evict oldest entries when max keys exceeded\n /\n private evictOldest(): void {\n // Map maintains insertion order, so first key is oldest\n const keysToDelete = Math.ceil(this.maxKeys 0.1) // Delete 10%\n\n let deleted = 0\n for (const key of this.store.keys()) {\n if (deleted >= keysToDelete) break\n this.store.delete(key)\n deleted++\n }\n }\n}\n\n/*\n Create a memory store with default options\n /\nexport function createMemoryStore(options?: MemoryStoreOptions): MemoryStore {\n return new MemoryStore(options)\n}\n\n/\n Global memory store instance (singleton)\n * Useful for serverless environments where you want to reuse across requests\n /\nlet globalStore: MemoryStore \| null = null\n\n/\n Get or create the global memory store\n /\nexport function getGlobalMemoryStore(options?: MemoryStoreOptions): MemoryStore {\n if (!globalStore) {\n globalStore = new MemoryStore(options)\n }\n return globalStore\n}\n\n/\n Reset the global memory store (useful for testing)\n /\nexport function resetGlobalMemoryStore(): void {\n if (globalStore) {\n void globalStore.close()\n globalStore = null\n }\n}\n","/\n Sliding Window Rate Limiting Algorithm\n \n This algorithm provides a smoother rate limiting experience compared to fixed windows.\n * It uses a weighted calculation based on the previous and current window counts.\n \n How it works:\n * 1. Divide time into fixed windows (e.g., 1 minute each)\n * 2. Track request counts for current and previous windows\n * 3. Calculate weighted count based on position within current window\n \n Example (100 req/min limit):\n * - Previous window: 80 requests\n * - Current window: 30 requests\n * - 30 seconds into current window (50% through)\n * - Weighted count = 30 + (80 * 0.5) = 70\n * - Since 70 < 100, request is allowed\n \n Pros:\n * - Smoother than fixed window\n * - Prevents burst attacks at window boundaries\n * - Memory efficient (only stores 2 counters per key)\n \n Cons:\n * - Slightly more complex than fixed window\n * - Not perfectly accurate (approximation)\n /\n\nimport type { RateLimitStore, RateLimitAlgorithmImpl } from '../types'\nimport type { RateLimitInfo } from '../../../core/types'\nimport { msToSeconds } from '../../../utils/time'\n\n/\n Sliding window counter algorithm implementation\n /\nexport class SlidingWindowAlgorithm implements RateLimitAlgorithmImpl {\n public readonly name = 'sliding-window' as const\n\n /\n Check if the request should be rate limited\n /\n async check(\n store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n\n // Calculate window boundaries\n const windowStart = Math.floor(now / windowMs) windowMs\n const windowEnd = windowStart + windowMs\n const previousWindowStart = windowStart - windowMs\n\n // Position within current window (0 to 1)\n const windowPosition = (now - windowStart) / windowMs\n\n // Keys for current and previous windows\n const currentKey = `${key}:${windowStart}`\n const previousKey = `${key}:${previousWindowStart}`\n\n // Get counts from both windows\n const [currentData, previousData] = await Promise.all([\n store.get(currentKey),\n store.get(previousKey),\n ])\n\n const currentCount = currentData?.count ?? 0\n const previousCount = previousData?.count ?? 0\n\n // Calculate weighted count using sliding window formula\n // Weight of previous window decreases as we move through current window\n const previousWeight = 1 - windowPosition\n const weightedCount = currentCount + Math.floor(previousCount * previousWeight)\n\n // Calculate reset time (end of current window)\n const reset = msToSeconds(windowEnd)\n\n // Check if limit exceeded\n if (weightedCount >= limit) {\n // Calculate retry time based on when enough requests will \"expire\"\n const retryAfter = this.calculateRetryAfter(\n currentCount,\n previousCount,\n limit,\n windowMs,\n windowPosition\n )\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter,\n }\n }\n\n // Increment current window counter\n await store.increment(currentKey, windowMs)\n\n // Calculate remaining\n const remaining = Math.max(0, limit - weightedCount - 1)\n\n return {\n limit,\n remaining,\n reset,\n limited: false,\n }\n }\n\n /*\n Calculate how long until the client can make another request\n /\n private calculateRetryAfter(\n currentCount: number,\n previousCount: number,\n limit: number,\n windowMs: number,\n windowPosition: number\n ): number {\n // If previous window is empty, wait until current window resets\n if (previousCount === 0) {\n return Math.ceil((1 - windowPosition) windowMs / 1000)\n }\n\n // Calculate when the weighted count will drop below limit\n // We need: currentCount + previousCount * (1 - newPosition) < limit\n // Solving for newPosition: newPosition > 1 - (limit - currentCount) / previousCount\n\n const requiredPosition = 1 - (limit - currentCount) / previousCount\n\n if (requiredPosition <= windowPosition) {\n // Should already be under limit, but we got here so add small delay\n return 1\n }\n\n if (requiredPosition >= 1) {\n // Need to wait until next window\n const remainingInCurrentWindow = (1 - windowPosition) * windowMs\n return Math.ceil(remainingInCurrentWindow / 1000)\n }\n\n // Calculate time until we reach required position\n const timeToWait = (requiredPosition - windowPosition) * windowMs\n return Math.ceil(timeToWait / 1000)\n }\n}\n\n/*\n Create a sliding window algorithm instance\n /\nexport function createSlidingWindowAlgorithm(): SlidingWindowAlgorithm {\n return new SlidingWindowAlgorithm()\n}\n\n/\n Sliding Window Log Algorithm (more accurate but uses more memory)\n \n This stores individual request timestamps instead of just counters.\n * More accurate but not recommended for high-traffic scenarios.\n /\nexport class SlidingWindowLogAlgorithm implements RateLimitAlgorithmImpl {\n public readonly name = 'sliding-window' as const\n\n /\n In-memory log of request timestamps per key\n * For production, this should be stored externally (Redis sorted sets, etc.)\n /\n private logs: Map<string, number[]> = new Map()\n\n /\n Maximum log size before cleanup\n /\n private readonly maxLogSize = 10000\n\n async check(\n _store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n const windowStart = now - windowMs\n\n // Get or create log for this key\n let log = this.logs.get(key) ?? []\n\n // Remove expired entries\n log = log.filter((timestamp) => timestamp > windowStart)\n\n // Calculate reset (when oldest entry expires)\n const oldestTimestamp = log[0] ?? now\n const reset = msToSeconds(oldestTimestamp + windowMs)\n\n // Check if limit exceeded\n if (log.length >= limit) {\n const retryAfter = Math.ceil((oldestTimestamp + windowMs - now) / 1000)\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Add current request\n log.push(now)\n this.logs.set(key, log)\n\n // Cleanup if too many keys\n if (this.logs.size > this.maxLogSize) {\n this.cleanup()\n }\n\n return {\n limit,\n remaining: Math.max(0, limit - log.length),\n reset,\n limited: false,\n }\n }\n\n /\n Remove oldest entries when log size exceeded\n /\n private cleanup(): void {\n const keysToDelete: string[] = []\n const now = Date.now()\n\n for (const [key, log] of this.logs) {\n // Delete empty or very old logs\n if (log.length === 0 \|\| log[log.length - 1]! < now - 3600000) {\n keysToDelete.push(key)\n }\n }\n\n for (const key of keysToDelete) {\n this.logs.delete(key)\n }\n }\n\n /\n Clear all logs\n /\n clear(): void {\n this.logs.clear()\n }\n}\n","/\n Fixed Window Rate Limiting Algorithm\n \n The simplest rate limiting algorithm. Divides time into fixed windows\n * and counts requests within each window.\n \n How it works:\n * 1. Divide time into fixed windows (e.g., every minute starting at :00)\n * 2. Count requests within the current window\n * 3. Reset counter when new window starts\n \n Example (100 req/min limit):\n * - Window 1 (12:00:00 - 12:00:59): 80 requests -> allowed\n * - Window 2 (12:01:00 - 12:01:59): 0 requests (fresh start)\n \n Pros:\n * - Simple to implement\n * - Memory efficient (only 1 counter per key)\n * - Fast (O(1) operations)\n \n Cons:\n * - Burst problem: 200 requests possible in 2 seconds at window boundary\n * - 100 requests at 12:00:59 (end of window 1)\n * - 100 requests at 12:01:00 (start of window 2)\n * - Not smooth\n \n Use when:\n * - Simplicity is preferred\n * - Burst at boundaries is acceptable\n * - Memory/CPU is very constrained\n /\n\nimport type { RateLimitStore, RateLimitAlgorithmImpl } from '../types'\nimport type { RateLimitInfo } from '../../../core/types'\nimport { msToSeconds } from '../../../utils/time'\n\n/\n Fixed window algorithm implementation\n /\nexport class FixedWindowAlgorithm implements RateLimitAlgorithmImpl {\n public readonly name = 'fixed-window' as const\n\n /\n Check if the request should be rate limited\n /\n async check(\n store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n\n // Calculate window boundaries\n const windowStart = Math.floor(now / windowMs) windowMs\n const windowEnd = windowStart + windowMs\n const reset = msToSeconds(windowEnd)\n\n // Create window-specific key\n const windowKey = `${key}:${windowStart}`\n\n // Get current count\n const data = await store.get(windowKey)\n const currentCount = data?.count ?? 0\n\n // Check if limit exceeded\n if (currentCount >= limit) {\n const retryAfter = Math.ceil((windowEnd - now) / 1000)\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Increment counter\n const { count } = await store.increment(windowKey, windowMs)\n\n // Double-check after increment (race condition protection)\n if (count > limit) {\n const retryAfter = Math.ceil((windowEnd - now) / 1000)\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n return {\n limit,\n remaining: Math.max(0, limit - count),\n reset,\n limited: false,\n }\n }\n}\n\n/*\n Create a fixed window algorithm instance\n /\nexport function createFixedWindowAlgorithm(): FixedWindowAlgorithm {\n return new FixedWindowAlgorithm()\n}\n\n/\n Fixed window with burst protection\n \n Adds a secondary limit to prevent bursts at window boundaries.\n * For example: 100 req/min with max 20 req/10sec burst.\n /\nexport class FixedWindowWithBurstProtection implements RateLimitAlgorithmImpl {\n public readonly name = 'fixed-window' as const\n\n constructor(\n private readonly burstLimit: number,\n private readonly burstWindowMs: number\n ) {}\n\n async check(\n store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n\n // Check burst limit first (smaller window)\n const burstWindowStart = Math.floor(now / this.burstWindowMs) this.burstWindowMs\n const burstKey = `${key}:burst:${burstWindowStart}`\n const burstData = await store.get(burstKey)\n const burstCount = burstData?.count ?? 0\n\n if (burstCount >= this.burstLimit) {\n const burstWindowEnd = burstWindowStart + this.burstWindowMs\n const retryAfter = Math.ceil((burstWindowEnd - now) / 1000)\n\n return {\n limit: this.burstLimit,\n remaining: 0,\n reset: msToSeconds(burstWindowEnd),\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Check main limit\n const windowStart = Math.floor(now / windowMs) * windowMs\n const windowEnd = windowStart + windowMs\n const windowKey = `${key}:${windowStart}`\n const data = await store.get(windowKey)\n const currentCount = data?.count ?? 0\n\n if (currentCount >= limit) {\n const retryAfter = Math.ceil((windowEnd - now) / 1000)\n\n return {\n limit,\n remaining: 0,\n reset: msToSeconds(windowEnd),\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Increment both counters\n await Promise.all([\n store.increment(windowKey, windowMs),\n store.increment(burstKey, this.burstWindowMs),\n ])\n\n return {\n limit,\n remaining: Math.max(0, limit - currentCount - 1),\n reset: msToSeconds(windowEnd),\n limited: false,\n }\n }\n}\n\n/*\n Create a fixed window with burst protection\n \n @example\n * ```typescript\n * // 100 req/min with max 20 req/10sec burst\n * const algorithm = createFixedWindowWithBurstProtection(20, 10000)\n * ```\n /\nexport function createFixedWindowWithBurstProtection(\n burstLimit: number,\n burstWindowMs: number\n): FixedWindowWithBurstProtection {\n return new FixedWindowWithBurstProtection(burstLimit, burstWindowMs)\n}\n","/\n Token Bucket Rate Limiting Algorithm\n \n A bucket holds tokens that are consumed by requests. Tokens are refilled\n * at a constant rate. This allows for controlled bursts while maintaining\n * an average rate.\n \n How it works:\n * 1. Bucket starts full with 'limit' tokens\n * 2. Each request consumes 1 token (or more for weighted requests)\n * 3. Tokens are refilled at 'limit / window' rate\n * 4. Request is allowed if tokens >= 1\n \n Example (100 tokens, refill 100/min = 1.67/sec):\n * - Initial: 100 tokens\n * - 50 requests instantly: 50 tokens remaining (burst allowed)\n * - Wait 30 seconds: 50 + (50 * 1.67) = 100 tokens (refilled)\n * - 100 requests instantly: 0 tokens\n * - Next request: denied until tokens refill\n \n Pros:\n * - Allows controlled bursts\n * - Smooth average rate\n * - Good for APIs with sporadic traffic\n \n Cons:\n * - More complex state management\n * - Requires storing last refill time\n \n Use when:\n * - You want to allow bursts\n * - Traffic is sporadic\n * - User experience matters (can handle burst then wait)\n /\n\nimport type { RateLimitStore, RateLimitAlgorithmImpl, TokenBucketState } from '../types'\nimport type { RateLimitInfo } from '../../../core/types'\nimport { msToSeconds } from '../../../utils/time'\n\n/\n Token bucket algorithm implementation\n /\nexport class TokenBucketAlgorithm implements RateLimitAlgorithmImpl {\n public readonly name = 'token-bucket' as const\n\n /\n In-memory bucket states\n * For distributed systems, this should be stored in Redis\n /\n private buckets: Map<string, TokenBucketState> = new Map()\n\n /\n Maximum number of buckets to store before cleanup\n /\n private readonly maxBuckets = 10000\n\n /\n Check if the request should be rate limited\n \n @param store - Not used directly, state stored in memory\n * @param key - Rate limit key\n * @param limit - Maximum tokens (bucket capacity)\n * @param windowMs - Time to refill bucket completely\n /\n async check(\n _store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n\n // Get or create bucket state\n let bucket = this.buckets.get(key)\n\n if (!bucket) {\n // New bucket, start full\n bucket = {\n tokens: limit,\n lastRefill: now,\n }\n } else {\n // Refill tokens based on time elapsed\n bucket = this.refillTokens(bucket, limit, windowMs, now)\n }\n\n // Calculate reset time (when bucket would be full again)\n const tokensNeeded = limit - bucket.tokens\n const refillRate = limit / windowMs // tokens per ms\n const timeToFull = tokensNeeded / refillRate\n const reset = msToSeconds(now + timeToFull)\n\n // Check if we have tokens\n if (bucket.tokens < 1) {\n // Calculate when we'll have 1 token\n const timeToOneToken = (1 - bucket.tokens) / refillRate\n const retryAfter = Math.ceil(timeToOneToken / 1000)\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Consume a token\n bucket.tokens -= 1\n this.buckets.set(key, bucket)\n\n // Cleanup if too many buckets\n if (this.buckets.size > this.maxBuckets) {\n this.cleanup()\n }\n\n return {\n limit,\n remaining: Math.floor(bucket.tokens),\n reset,\n limited: false,\n }\n }\n\n /\n Refill tokens based on time elapsed\n /\n private refillTokens(\n bucket: TokenBucketState,\n limit: number,\n windowMs: number,\n now: number\n ): TokenBucketState {\n const elapsed = now - bucket.lastRefill\n const refillRate = limit / windowMs // tokens per ms\n const tokensToAdd = elapsed refillRate\n\n return {\n tokens: Math.min(limit, bucket.tokens + tokensToAdd),\n lastRefill: now,\n }\n }\n\n /*\n Remove old buckets\n /\n private cleanup(): void {\n const now = Date.now()\n const staleThreshold = 3600000 // 1 hour\n\n const keysToDelete: string[] = []\n\n for (const [key, bucket] of this.buckets) {\n if (now - bucket.lastRefill > staleThreshold) {\n keysToDelete.push(key)\n }\n }\n\n for (const key of keysToDelete) {\n this.buckets.delete(key)\n }\n }\n\n /\n Get current bucket state (for testing/debugging)\n /\n getBucketState(key: string): TokenBucketState \| undefined {\n return this.buckets.get(key)\n }\n\n /\n Clear all buckets\n /\n clear(): void {\n this.buckets.clear()\n }\n}\n\n/\n Create a token bucket algorithm instance\n /\nexport function createTokenBucketAlgorithm(): TokenBucketAlgorithm {\n return new TokenBucketAlgorithm()\n}\n\n/\n Leaky Bucket Algorithm (variation of token bucket)\n \n Instead of refilling tokens, requests \"leak\" out of the bucket\n * at a constant rate. This enforces a strict output rate.\n \n Think of it as a bucket with a hole at the bottom:\n * - Requests are added to the bucket\n * - Requests leak out at a constant rate\n * - If bucket overflows, request is rejected\n \n Use when:\n * - You need strict rate enforcement\n * - Bursts should be queued, not rejected\n * - Output rate must be constant\n /\nexport class LeakyBucketAlgorithm implements RateLimitAlgorithmImpl {\n public readonly name = 'token-bucket' as const // Grouped with token bucket\n\n /\n In-memory bucket states\n * Stores the \"water level\" and last leak time\n /\n private buckets: Map<string, { level: number; lastLeak: number }> = new Map()\n\n /\n Maximum number of buckets\n /\n private readonly maxBuckets = 10000\n\n async check(\n _store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n\n // Get or create bucket\n let bucket = this.buckets.get(key) ?? { level: 0, lastLeak: now }\n\n // Calculate how much has leaked since last check\n const elapsed = now - bucket.lastLeak\n const leakRate = limit / windowMs // requests per ms\n const leaked = elapsed leakRate\n\n // Update level (can't go below 0)\n bucket.level = Math.max(0, bucket.level - leaked)\n bucket.lastLeak = now\n\n // Calculate reset time\n const timeToEmpty = bucket.level / leakRate\n const reset = msToSeconds(now + timeToEmpty)\n\n // Check if bucket would overflow\n if (bucket.level + 1 > limit) {\n // Calculate when there's room for 1 more request\n const overflow = bucket.level + 1 - limit\n const timeToRoom = overflow / leakRate\n const retryAfter = Math.ceil(timeToRoom / 1000)\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Add request to bucket\n bucket.level += 1\n this.buckets.set(key, bucket)\n\n // Cleanup if needed\n if (this.buckets.size > this.maxBuckets) {\n this.cleanup(now)\n }\n\n return {\n limit,\n remaining: Math.floor(limit - bucket.level),\n reset,\n limited: false,\n }\n }\n\n private cleanup(now: number): void {\n const staleThreshold = 3600000\n\n for (const [key, bucket] of this.buckets) {\n if (now - bucket.lastLeak > staleThreshold) {\n this.buckets.delete(key)\n }\n }\n }\n\n clear(): void {\n this.buckets.clear()\n }\n}\n\n/*\n Create a leaky bucket algorithm instance\n /\nexport function createLeakyBucketAlgorithm(): LeakyBucketAlgorithm {\n return new LeakyBucketAlgorithm()\n}\n","/\n Rate Limiting Middleware for Next.js App Router\n \n @example\n * ```typescript\n * // Basic usage\n * import { withRateLimit } from 'next-secure/rate-limit'\n \n export const GET = withRateLimit(\n * async (req) => Response.json({ data: [] }),\n * { limit: 100, window: '15m' }\n * )\n \n // With custom identifier\n * export const GET = withRateLimit(handler, {\n * limit: 100,\n * window: '15m',\n * identifier: (req) => req.headers.get('x-api-key') ?? 'anonymous'\n * })\n \n // With Redis store\n * import { createRedisStore } from 'next-secure/rate-limit'\n \n const store = createRedisStore({ client: redis })\n \n export const GET = withRateLimit(handler, {\n * limit: 100,\n * window: '15m',\n * store\n * })\n * ```\n /\n\nimport type { NextRequest, RateLimitInfo, SecureContext } from '../../core/types'\nimport { RateLimitError } from '../../core/errors'\nimport { parseDuration } from '../../utils/time'\nimport { getClientIp } from '../../utils/ip'\nimport type { RateLimitConfig, RateLimitStore, RateLimitAlgorithmImpl } from './types'\nimport { MemoryStore } from './stores/memory'\nimport { SlidingWindowAlgorithm } from './algorithms/sliding-window'\nimport { FixedWindowAlgorithm } from './algorithms/fixed-window'\nimport { TokenBucketAlgorithm } from './algorithms/token-bucket'\n\n/\n Default configuration values\n /\nconst DEFAULT_CONFIG: Partial<RateLimitConfig> = {\n algorithm: 'sliding-window',\n identifier: 'ip',\n headers: true,\n prefix: 'rl',\n message: 'Too Many Requests',\n statusCode: 429,\n debug: false,\n}\n\n/\n Global default store (shared across handlers)\n /\nlet defaultStore: RateLimitStore \| null = null\n\n/\n Get or create the default memory store\n /\nfunction getDefaultStore(): RateLimitStore {\n if (!defaultStore) {\n defaultStore = new MemoryStore()\n }\n return defaultStore\n}\n\n/\n Get algorithm instance by name\n /\nfunction getAlgorithm(name: RateLimitConfig['algorithm']): RateLimitAlgorithmImpl {\n switch (name) {\n case 'fixed-window':\n return new FixedWindowAlgorithm()\n case 'token-bucket':\n return new TokenBucketAlgorithm()\n case 'sliding-window':\n default:\n return new SlidingWindowAlgorithm()\n }\n}\n\n/\n Create rate limit headers\n /\nfunction createRateLimitHeaders(info: RateLimitInfo): Headers {\n const headers = new Headers()\n\n headers.set('X-RateLimit-Limit', String(info.limit))\n headers.set('X-RateLimit-Remaining', String(info.remaining))\n headers.set('X-RateLimit-Reset', String(info.reset))\n\n if (info.limited && info.retryAfter) {\n headers.set('Retry-After', String(info.retryAfter))\n }\n\n return headers\n}\n\n/\n Merge headers from multiple sources\n /\nfunction mergeHeaders(target: Headers, source: Headers): void {\n source.forEach((value, key) => {\n target.set(key, value)\n })\n}\n\n/\n Get client identifier from request\n /\nasync function getIdentifier(\n request: NextRequest,\n identifier: RateLimitConfig['identifier'],\n prefix: string,\n context?: SecureContext\n): Promise<string> {\n if (typeof identifier === 'function') {\n const id = await identifier(request)\n return `${prefix}:custom:${id}`\n }\n\n if (identifier === 'user') {\n // Requires auth middleware to have run first\n const userId = context?.user\n ? (context.user as { id?: string }).id ?? 'anonymous'\n : 'anonymous'\n return `${prefix}:user:${userId}`\n }\n\n // Default: IP-based\n const ip = getClientIp(request)\n return `${prefix}:ip:${ip}`\n}\n\n/\n Rate limiting middleware wrapper\n \n @example\n * ```typescript\n * // Simple usage\n * export const GET = withRateLimit(\n * async (req) => Response.json({ ok: true }),\n * { limit: 100, window: '15m' }\n * )\n \n // With all options\n * export const POST = withRateLimit(\n * async (req, ctx) => {\n * // ctx.rateLimit contains info\n * return Response.json({ remaining: ctx.rateLimit?.remaining })\n * },\n * {\n * limit: 10,\n * window: '1m',\n * algorithm: 'sliding-window',\n * identifier: 'ip',\n * headers: true,\n * onLimit: (req, info) => new Response(\n * JSON.stringify({ error: 'Slow down!' }),\n * { status: 429 }\n * ),\n * skip: (req) => req.headers.get('x-bypass') === 'secret'\n * }\n * )\n * ```\n /\nexport function withRateLimit<TUser = unknown>(\n handler: (\n request: NextRequest,\n context: SecureContext<TUser> & { rateLimit?: RateLimitInfo }\n ) => Promise<Response> \| Response,\n config: RateLimitConfig\n): (request: NextRequest, context?: SecureContext<TUser>) => Promise<Response> {\n // Merge config with defaults\n const finalConfig: Required<RateLimitConfig> = {\n ...DEFAULT_CONFIG,\n ...config,\n store: config.store ?? getDefaultStore(),\n } as Required<RateLimitConfig>\n\n // Parse window duration once\n const windowMs = parseDuration(finalConfig.window)\n\n // Get algorithm once\n const algorithm = getAlgorithm(finalConfig.algorithm)\n\n // Debug logging\n const debug = finalConfig.debug\n ? (msg: string, data?: unknown) => {\n // eslint-disable-next-line no-console\n console.log(`[next-secure:rate-limit] ${msg}`, data ?? '')\n }\n : () => {}\n\n debug('Initialized', {\n limit: finalConfig.limit,\n window: finalConfig.window,\n algorithm: finalConfig.algorithm,\n })\n\n return async (\n request: NextRequest,\n context?: SecureContext<TUser>\n ): Promise<Response> => {\n // Create context if not provided\n const ctx: SecureContext<TUser> & { rateLimit?: RateLimitInfo } = context ?? {\n user: null,\n requestId: crypto.randomUUID(),\n ip: getClientIp(request),\n userAgent: request.headers.get('user-agent') ?? '',\n startTime: Date.now(),\n metadata: {},\n }\n\n try {\n // Check if we should skip rate limiting\n if (finalConfig.skip) {\n const shouldSkip = await finalConfig.skip(request)\n if (shouldSkip) {\n debug('Skipping rate limit check')\n return handler(request, ctx)\n }\n }\n\n // Get identifier\n const key = await getIdentifier(\n request,\n finalConfig.identifier,\n finalConfig.prefix,\n ctx\n )\n debug('Rate limit key', key)\n\n // Check rate limit\n const info = await algorithm.check(\n finalConfig.store,\n key,\n finalConfig.limit,\n windowMs\n )\n debug('Rate limit info', info)\n\n // Add rate limit info to context\n ctx.rateLimit = info\n\n // Check if limited\n if (info.limited) {\n debug('Request rate limited')\n\n // Custom handler\n if (finalConfig.onLimit) {\n const response = await finalConfig.onLimit(request, info)\n\n // Add headers to custom response\n if (finalConfig.headers) {\n const rateLimitHeaders = createRateLimitHeaders(info)\n mergeHeaders(response.headers, rateLimitHeaders)\n }\n\n return response\n }\n\n // Default rate limit response\n const error = new RateLimitError({\n retryAfter: info.retryAfter ?? 60,\n resetAt: info.reset 1000,\n message: finalConfig.message,\n })\n\n const response = error.toResponse()\n\n if (finalConfig.headers) {\n const rateLimitHeaders = createRateLimitHeaders(info)\n mergeHeaders(response.headers, rateLimitHeaders)\n }\n\n return response\n }\n\n // Call the handler\n const response = await handler(request, ctx)\n\n // Add rate limit headers to successful response\n if (finalConfig.headers) {\n // Clone response to modify headers\n const newResponse = new Response(response.body, {\n status: response.status,\n statusText: response.statusText,\n headers: new Headers(response.headers),\n })\n\n const rateLimitHeaders = createRateLimitHeaders(info)\n mergeHeaders(newResponse.headers, rateLimitHeaders)\n\n return newResponse\n }\n\n return response\n } catch (error) {\n debug('Error in rate limit middleware', error)\n\n // Re-throw RateLimitError\n if (error instanceof RateLimitError) {\n throw error\n }\n\n // For other errors, let the request through (fail open)\n // This prevents rate limiting from blocking all requests on errors\n // eslint-disable-next-line no-console\n console.error('[next-secure:rate-limit] Error:', error)\n return handler(request, ctx)\n }\n }\n}\n\n/*\n Create a rate limiter instance for reuse\n \n @example\n * ```typescript\n * const apiLimiter = createRateLimiter({\n * limit: 100,\n * window: '15m'\n * })\n \n export const GET = apiLimiter(async (req) => Response.json({ ok: true }))\n * export const POST = apiLimiter(async (req) => Response.json({ ok: true }))\n * ```\n /\nexport function createRateLimiter(config: RateLimitConfig) {\n return <TUser = unknown>(\n handler: (\n request: NextRequest,\n context: SecureContext<TUser> & { rateLimit?: RateLimitInfo }\n ) => Promise<Response> \| Response\n ) => withRateLimit(handler, config)\n}\n\n/\n Check rate limit without wrapping a handler\n * Useful for checking rate limit in existing code\n \n @example\n * ```typescript\n * export async function GET(req: NextRequest) {\n * const result = await checkRateLimit(req, {\n * limit: 100,\n * window: '15m'\n * })\n \n if (!result.success) {\n * return result.response\n * }\n \n // Continue with normal logic\n * return Response.json({ ok: true })\n * }\n * ```\n /\nexport async function checkRateLimit(\n request: NextRequest,\n config: RateLimitConfig\n): Promise<{\n success: boolean\n info: RateLimitInfo\n response?: Response\n headers: Headers\n}> {\n const finalConfig = {\n ...DEFAULT_CONFIG,\n ...config,\n store: config.store ?? getDefaultStore(),\n } as Required<RateLimitConfig>\n\n const windowMs = parseDuration(finalConfig.window)\n const algorithm = getAlgorithm(finalConfig.algorithm)\n\n // Check if should skip\n if (finalConfig.skip) {\n const shouldSkip = await finalConfig.skip(request)\n if (shouldSkip) {\n const info: RateLimitInfo = {\n limit: finalConfig.limit,\n remaining: finalConfig.limit,\n reset: Math.floor(Date.now() / 1000) + Math.floor(windowMs / 1000),\n limited: false,\n }\n return { success: true, info, headers: new Headers() }\n }\n }\n\n const key = await getIdentifier(request, finalConfig.identifier, finalConfig.prefix)\n const info = await algorithm.check(finalConfig.store, key, finalConfig.limit, windowMs)\n const headers = finalConfig.headers ? createRateLimitHeaders(info) : new Headers()\n\n if (info.limited) {\n let response: Response\n\n if (finalConfig.onLimit) {\n response = await finalConfig.onLimit(request, info)\n } else {\n const error = new RateLimitError({\n retryAfter: info.retryAfter ?? 60,\n resetAt: info.reset 1000,\n message: finalConfig.message,\n })\n response = error.toResponse()\n }\n\n if (finalConfig.headers) {\n mergeHeaders(response.headers, headers)\n }\n\n return { success: false, info, response, headers }\n }\n\n return { success: true, info, headers }\n}\n\n/*\n Reset rate limit for a specific key\n \n @example\n * ```typescript\n * // Reset rate limit for an IP\n * await resetRateLimit('ip', '192.168.1.1')\n \n // Reset for a user\n * await resetRateLimit('user', 'user-123')\n * ```\n /\nexport async function resetRateLimit(\n type: 'ip' \| 'user' \| 'custom',\n identifier: string,\n options?: {\n store?: RateLimitStore\n prefix?: string\n }\n): Promise<void> {\n const store = options?.store ?? getDefaultStore()\n const prefix = options?.prefix ?? 'rl'\n const key = `${prefix}:${type}:${identifier}`\n\n await store.reset(key)\n}\n\n/\n Get current rate limit status for a key (without incrementing)\n /\nexport async function getRateLimitStatus(\n type: 'ip' \| 'user' \| 'custom',\n identifier: string,\n options?: {\n store?: RateLimitStore\n prefix?: string\n }\n): Promise<{ count: number; reset: number } \| null> {\n const store = options?.store ?? getDefaultStore()\n const prefix = options?.prefix ?? 'rl'\n const key = `${prefix}:${type}:${identifier}`\n\n return store.get(key)\n}\n\n/\n Clear all rate limits (useful for testing)\n /\nexport function clearAllRateLimits(): void {\n if (defaultStore && 'clear' in defaultStore) {\n (defaultStore as MemoryStore).clear()\n }\n}\n","import { webcrypto } from 'node:crypto'\n\nconst encoder = new TextEncoder()\n\n/\n Generate random bytes as hex string\n /\nexport function randomBytes(length: number): string {\n const bytes = new Uint8Array(length)\n webcrypto.getRandomValues(bytes)\n return Array.from(bytes)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n}\n\n/\n Create HMAC signature\n /\nasync function createSignature(data: string, secret: string): Promise<string> {\n const key = await webcrypto.subtle.importKey(\n 'raw',\n encoder.encode(secret),\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign']\n )\n\n const sig = await webcrypto.subtle.sign('HMAC', key, encoder.encode(data))\n return Array.from(new Uint8Array(sig))\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n}\n\n/\n Constant-time string comparison to prevent timing attacks\n /\nfunction safeCompare(a: string, b: string): boolean {\n if (a.length !== b.length) return false\n\n let result = 0\n for (let i = 0; i < a.length; i++) {\n result \|= a.charCodeAt(i) ^ b.charCodeAt(i)\n }\n return result === 0\n}\n\n/\n Create a signed CSRF token\n /\nexport async function createToken(\n secret: string,\n length: number = 32\n): Promise<string> {\n const data = randomBytes(length)\n const sig = await createSignature(data, secret)\n return `${data}.${sig}`\n}\n\n/\n Verify a signed CSRF token\n /\nexport async function verifyToken(\n token: string,\n secret: string\n): Promise<boolean> {\n if (!token \|\| typeof token !== 'string') return false\n\n const parts = token.split('.')\n if (parts.length !== 2) return false\n\n const [data, sig] = parts\n if (!data \|\| !sig) return false\n\n try {\n const expected = await createSignature(data, secret)\n return safeCompare(sig, expected)\n } catch {\n return false\n }\n}\n\n/\n Compare two tokens (constant-time)\n /\nexport function tokensMatch(a: string, b: string): boolean {\n if (!a \|\| !b) return false\n return safeCompare(a, b)\n}\n","import type { NextRequest } from 'next/server'\nimport type { CSRFConfig, CSRFCookieOptions } from './types'\nimport { createToken, verifyToken, tokensMatch } from './token'\n\ntype RouteHandler = (req: NextRequest) => Response \| Promise<Response>\n\nconst DEFAULT_COOKIE: CSRFCookieOptions = {\n name: '__csrf',\n path: '/',\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 86400, // 24h\n}\n\nconst DEFAULT_CONFIG: Required<Omit<CSRFConfig, 'skip' \| 'onError'>> = {\n cookie: DEFAULT_COOKIE,\n headerName: 'x-csrf-token',\n fieldName: '_csrf',\n secret: '',\n tokenLength: 32,\n protectedMethods: ['POST', 'PUT', 'PATCH', 'DELETE'],\n}\n\nfunction getSecret(config: CSRFConfig): string {\n const secret = config.secret \|\| process.env.CSRF_SECRET\n if (!secret) {\n throw new Error(\n 'CSRF secret is required. Set config.secret or CSRF_SECRET env variable.'\n )\n }\n return secret\n}\n\nfunction buildCookieString(name: string, value: string, opts: CSRFCookieOptions): string {\n let cookie = `${name}=${value}`\n\n if (opts.path) cookie += `; Path=${opts.path}`\n if (opts.domain) cookie += `; Domain=${opts.domain}`\n if (opts.maxAge) cookie += `; Max-Age=${opts.maxAge}`\n if (opts.httpOnly) cookie += '; HttpOnly'\n if (opts.secure) cookie += '; Secure'\n if (opts.sameSite) cookie += `; SameSite=${opts.sameSite}`\n\n return cookie\n}\n\n/\n Extract token from request (header or body)\n /\nasync function extractToken(\n req: NextRequest,\n headerName: string,\n fieldName: string\n): Promise<string \| null> {\n // check header first\n const headerToken = req.headers.get(headerName)\n if (headerToken) return headerToken\n\n // try to get from form data\n const contentType = req.headers.get('content-type') \|\| ''\n\n if (contentType.includes('application/x-www-form-urlencoded')) {\n try {\n const cloned = req.clone()\n const formData = await cloned.formData()\n const token = formData.get(fieldName)\n if (typeof token === 'string') return token\n } catch {\n // ignore parse errors\n }\n }\n\n if (contentType.includes('application/json')) {\n try {\n const cloned = req.clone()\n const body = await cloned.json()\n if (body && typeof body[fieldName] === 'string') {\n return body[fieldName]\n }\n } catch {\n // ignore parse errors\n }\n }\n\n return null\n}\n\nfunction defaultErrorResponse(_req: NextRequest, reason: string): Response {\n return new Response(JSON.stringify({ error: 'CSRF validation failed', reason }), {\n status: 403,\n headers: { 'Content-Type': 'application/json' },\n })\n}\n\n/\n CSRF protection middleware\n \n Uses double submit cookie pattern:\n * 1. Server sets a signed token in a cookie\n * 2. Client sends the same token in header/body\n * 3. Server compares both values\n /\nexport function withCSRF(handler: RouteHandler, config: CSRFConfig = {}): RouteHandler {\n const secret = getSecret(config)\n const cookieOpts = { ...DEFAULT_COOKIE, ...config.cookie }\n const headerName = config.headerName \|\| DEFAULT_CONFIG.headerName\n const fieldName = config.fieldName \|\| DEFAULT_CONFIG.fieldName\n const protectedMethods = config.protectedMethods \|\| DEFAULT_CONFIG.protectedMethods\n const onError = config.onError \|\| defaultErrorResponse\n\n return async (req: NextRequest): Promise<Response> => {\n const method = req.method.toUpperCase()\n\n // skip unprotected methods\n if (!protectedMethods.includes(method)) {\n return handler(req)\n }\n\n // custom skip logic\n if (config.skip) {\n const shouldSkip = await config.skip(req)\n if (shouldSkip) return handler(req)\n }\n\n const cookieName = cookieOpts.name \|\| '__csrf'\n const cookieToken = req.cookies.get(cookieName)?.value\n\n // no cookie = first request, reject\n if (!cookieToken) {\n return onError(req, 'missing_cookie')\n }\n\n // verify cookie token is valid (signed by us)\n const cookieValid = await verifyToken(cookieToken, secret)\n if (!cookieValid) {\n return onError(req, 'invalid_cookie')\n }\n\n // get token from request\n const requestToken = await extractToken(req, headerName, fieldName)\n if (!requestToken) {\n return onError(req, 'missing_token')\n }\n\n // compare tokens\n if (!tokensMatch(cookieToken, requestToken)) {\n return onError(req, 'token_mismatch')\n }\n\n return handler(req)\n }\n}\n\n/\n Generate a new CSRF token and cookie header\n * Use this in GET routes to set the initial token\n /\nexport async function generateCSRF(config: CSRFConfig = {}): Promise<{\n token: string\n cookieHeader: string\n}> {\n const secret = getSecret(config)\n const cookieOpts = { ...DEFAULT_COOKIE, ...config.cookie }\n const tokenLength = config.tokenLength \|\| DEFAULT_CONFIG.tokenLength\n const cookieName = cookieOpts.name \|\| '__csrf'\n\n const token = await createToken(secret, tokenLength)\n const cookieHeader = buildCookieString(cookieName, token, cookieOpts)\n\n return { token, cookieHeader }\n}\n\n/\n Validate a CSRF token without middleware\n * Useful for custom validation flows\n /\nexport async function validateCSRF(\n req: NextRequest,\n config: CSRFConfig = {}\n): Promise<{ valid: boolean; reason?: string }> {\n const secret = getSecret(config)\n const cookieOpts = { ...DEFAULT_COOKIE, ...config.cookie }\n const headerName = config.headerName \|\| DEFAULT_CONFIG.headerName\n const fieldName = config.fieldName \|\| DEFAULT_CONFIG.fieldName\n const cookieName = cookieOpts.name \|\| '__csrf'\n\n const cookieToken = req.cookies.get(cookieName)?.value\n if (!cookieToken) {\n return { valid: false, reason: 'missing_cookie' }\n }\n\n const cookieValid = await verifyToken(cookieToken, secret)\n if (!cookieValid) {\n return { valid: false, reason: 'invalid_cookie' }\n }\n\n const requestToken = await extractToken(req, headerName, fieldName)\n if (!requestToken) {\n return { valid: false, reason: 'missing_token' }\n }\n\n if (!tokensMatch(cookieToken, requestToken)) {\n return { valid: false, reason: 'token_mismatch' }\n }\n\n return { valid: true }\n}\n","/\n next-secure\n \n Production-ready security middleware for Next.js 13+ App Router.\n \n @example\n * ```typescript\n * import { withRateLimit, withAuth, secure } from 'next-secure'\n \n // Simple rate limiting\n * export const GET = withRateLimit(\n * async (req) => Response.json({ ok: true }),\n * { limit: 100, window: '15m' }\n * )\n \n // Builder pattern\n * export const POST = secure()\n * .rateLimit({ limit: 10, window: '1m' })\n * .auth({ roles: ['admin'] })\n * .handle(async (req, ctx) => {\n * return Response.json({ user: ctx.user })\n * })\n * ```\n \n @packageDocumentation\n /\n\n// =============================================================================\n// Core\n// =============================================================================\n\nexport type {\n NextRequest,\n SecureContext,\n SecureHandler,\n Middleware,\n ErrorResponse,\n RateLimitInfo,\n Duration,\n RateLimitAlgorithm,\n RateLimitIdentifier,\n} from './core/types'\n\nexport {\n SecureError,\n RateLimitError,\n AuthenticationError,\n AuthorizationError,\n ValidationError,\n CsrfError,\n ConfigurationError,\n isSecureError,\n toSecureError,\n} from './core/errors'\n\n// =============================================================================\n// Rate Limiting\n// =============================================================================\n\nexport {\n withRateLimit,\n createRateLimiter,\n checkRateLimit,\n resetRateLimit,\n getRateLimitStatus,\n clearAllRateLimits,\n} from './middleware/rate-limit'\n\nexport type {\n RateLimitConfig,\n RateLimitStore,\n MemoryStoreOptions,\n RedisStoreOptions,\n UpstashStoreOptions,\n} from './middleware/rate-limit'\n\nexport {\n MemoryStore,\n createMemoryStore,\n getGlobalMemoryStore,\n} from './middleware/rate-limit'\n\n// =============================================================================\n// CSRF Protection\n// =============================================================================\n\nexport {\n withCSRF,\n generateCSRF,\n validateCSRF,\n createToken as createCSRFToken,\n verifyToken as verifyCSRFToken,\n tokensMatch,\n} from './middleware/csrf'\n\nexport type {\n CSRFConfig,\n CSRFCookieOptions,\n CSRFToken,\n} from './middleware/csrf'\n\n// =============================================================================\n// Utilities\n// =============================================================================\n\nexport {\n parseDuration,\n formatDuration,\n nowInSeconds,\n nowInMs,\n sleep,\n} from './utils/time'\n\nexport {\n getClientIp,\n normalizeIp,\n isValidIp,\n isPrivateIp,\n isLocalhost,\n anonymizeIp,\n getGeoInfo,\n} from './utils/ip'\n\n// =============================================================================\n// Version\n// =============================================================================\n\n/\n Package version\n */\nexport const VERSION = '0.2.0'\n"]}
1	+ {"version":3,"sources":["../src/core/errors.ts","../src/utils/time.ts","../src/utils/ip.ts","../src/middleware/rate-limit/stores/memory.ts","../src/middleware/rate-limit/algorithms/sliding-window.ts","../src/middleware/rate-limit/algorithms/fixed-window.ts","../src/middleware/rate-limit/algorithms/token-bucket.ts","../src/middleware/rate-limit/middleware.ts","../src/middleware/csrf/token.ts","../src/middleware/csrf/middleware.ts","../src/middleware/headers/builder.ts","../src/middleware/headers/middleware.ts","../src/middleware/auth/jwt.ts","../src/middleware/auth/middleware.ts","../src/middleware/validation/utils.ts","../src/middleware/validation/validators/schema.ts","../src/middleware/validation/validators/content-type.ts","../src/middleware/validation/sanitizers/path.ts","../src/middleware/validation/validators/file.ts","../src/middleware/validation/sanitizers/xss.ts","../src/middleware/validation/sanitizers/sql.ts","../src/middleware/validation/middleware.ts","../src/index.ts"],"names":["response","info","webcrypto","DEFAULT_CONFIG","encoder","defaultErrorResponse","DANGEROUS_PATTERNS"],"mappings":";;;;;AAOO,IAAM,WAAA,GAAN,cAA0B,KAAA,CAAM;AAAA;AAAA;AAAA;AAAA,EAIrB,UAAA;AAAA;AAAA;AAAA;AAAA,EAKA,IAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA;AAAA,EAEhB,WAAA,CACE,OAAA,EACA,OAAA,GAKI,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,EAAE,KAAA,EAAO,OAAA,CAAQ,OAAO,CAAA;AACvC,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,QAAQ,UAAA,IAAc,GAAA;AACxC,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,cAAA;AAC5B,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,OAAA;AAGvB,IAAA,IAAI,MAAM,iBAAA,EAAmB;AAC3B,MAAA,KAAA,CAAM,iBAAA,CAAkB,IAAA,EAAM,IAAA,CAAK,WAAW,CAAA;AAAA,IAChD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAA,GAAkC;AAChC,IAAA,OAAO;AAAA,MACL,OAAO,IAAA,CAAK,IAAA;AAAA,MACZ,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,GAAI,IAAA,CAAK,OAAA,IAAW,EAAE,OAAA,EAAS,KAAK,OAAA;AAAQ,KAC9C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW,OAAA,EAAiC;AAC1C,IAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,UAAU,IAAA,CAAK,MAAA,EAAQ,CAAA,EAAG;AAAA,MACjD,QAAQ,IAAA,CAAK,UAAA;AAAA,MACb,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB,kBAAA;AAAA,QAChB,GAAG;AAAA;AACL,KACD,CAAA;AAAA,EACH;AACF;AAKO,IAAM,cAAA,GAAN,cAA6B,WAAA,CAAY;AAAA;AAAA;AAAA;AAAA,EAI9B,UAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA;AAAA,EAEhB,YACE,OAAA,EAMA;AACA,IAAA,KAAA,CAAM,OAAA,CAAQ,WAAW,mBAAA,EAAqB;AAAA,MAC5C,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,qBAAA;AAAA,MACN,SAAS,OAAA,CAAQ;AAAA,KAClB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,gBAAA;AACZ,IAAA,IAAA,CAAK,aAAa,OAAA,CAAQ,UAAA;AAC1B,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,OAAA;AAAA,EACzB;AAAA,EAES,MAAA,GAAkC;AACzC,IAAA,OAAO;AAAA,MACL,GAAG,MAAM,MAAA,EAAO;AAAA,MAChB,YAAY,IAAA,CAAK;AAAA,KACnB;AAAA,EACF;AAAA,EAES,WAAW,OAAA,EAAiC;AACnD,IAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,UAAU,IAAA,CAAK,MAAA,EAAQ,CAAA,EAAG;AAAA,MACjD,QAAQ,IAAA,CAAK,UAAA;AAAA,MACb,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB,kBAAA;AAAA,QAChB,aAAA,EAAe,MAAA,CAAO,IAAA,CAAK,UAAU,CAAA;AAAA,QACrC,GAAG;AAAA;AACL,KACD,CAAA;AAAA,EACH;AACF;AAKO,IAAM,mBAAA,GAAN,cAAkC,WAAA,CAAY;AAAA,EACnD,WAAA,CACE,OAAA,GAAU,yBAAA,EACV,OAAA,GAII,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,QAAQ,IAAA,IAAQ,yBAAA;AAAA,MACtB,SAAS,OAAA,CAAQ,OAAA;AAAA,MACjB,OAAO,OAAA,CAAQ;AAAA,KAChB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,qBAAA;AAAA,EACd;AACF;AAKO,IAAM,kBAAA,GAAN,cAAiC,WAAA,CAAY;AAAA,EAClD,WAAA,CACE,OAAA,GAAU,eAAA,EACV,OAAA,GAII,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,QAAQ,IAAA,IAAQ,eAAA;AAAA,MACtB,SAAS,OAAA,CAAQ,OAAA;AAAA,MACjB,OAAO,OAAA,CAAQ;AAAA,KAChB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AAAA,EACd;AACF;AAKO,IAAM,eAAA,GAAN,cAA8B,WAAA,CAAY;AAAA;AAAA;AAAA;AAAA,EAI/B,MAAA;AAAA,EAMhB,WAAA,CACE,MAAA,EACA,OAAA,GAAU,mBAAA,EACV;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,kBAAA;AAAA,MACN,OAAA,EAAS,EAAE,MAAA;AAAO,KACnB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AAAA,EAES,MAAA,GAAkC;AACzC,IAAA,OAAO;AAAA,MACL,GAAG,MAAM,MAAA,EAAO;AAAA,MAChB,QAAQ,IAAA,CAAK;AAAA,KACf;AAAA,EACF;AACF;AAKO,IAAM,SAAA,GAAN,cAAwB,WAAA,CAAY;AAAA,EACzC,WAAA,CACE,OAAA,GAAU,+BAAA,EACV,OAAA,GAEI,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,oBAAA;AAAA,MACN,SAAS,OAAA,CAAQ;AAAA,KAClB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AAAA,EACd;AACF;AAKO,IAAM,kBAAA,GAAN,cAAiC,WAAA,CAAY;AAAA,EAClD,WAAA,CACE,OAAA,EACA,OAAA,GAGI,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,UAAA,EAAY,GAAA;AAAA,MACZ,IAAA,EAAM,qBAAA;AAAA,MACN,SAAS,OAAA,CAAQ,OAAA;AAAA,MACjB,OAAO,OAAA,CAAQ;AAAA,KAChB,CAAA;AACD,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AAAA,EACd;AACF;AAKO,SAAS,cAAc,KAAA,EAAsC;AAClE,EAAA,OAAO,KAAA,YAAiB,WAAA;AAC1B;AAKO,SAAS,cAAc,KAAA,EAA6B;AACzD,EAAA,IAAI,iBAAiB,WAAA,EAAa;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,IAAA,OAAO,IAAI,WAAA,CAAY,KAAA,CAAM,OAAA,EAAS;AAAA,MACpC,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,IAAI,WAAA,CAAY,MAAA,CAAO,KAAK,CAAC,CAAA;AACtC;;;AC5PA,IAAM,UAAA,GAAqC;AAAA,EACzC,EAAA,EAAI,CAAA;AAAA,EACJ,CAAA,EAAG,GAAA;AAAA,EACH,GAAG,EAAA,GAAK,GAAA;AAAA,EACR,CAAA,EAAG,KAAK,EAAA,GAAK,GAAA;AAAA,EACb,CAAA,EAAG,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AACpB,CAAA;AAKA,IAAM,iBAAA,GAA4C;AAAA,EAChD,WAAA,EAAa,IAAA;AAAA,EACb,YAAA,EAAc,IAAA;AAAA,EACd,MAAA,EAAQ,GAAA;AAAA,EACR,OAAA,EAAS,GAAA;AAAA,EACT,GAAA,EAAK,GAAA;AAAA,EACL,IAAA,EAAM,GAAA;AAAA,EACN,MAAA,EAAQ,GAAA;AAAA,EACR,OAAA,EAAS,GAAA;AAAA,EACT,GAAA,EAAK,GAAA;AAAA,EACL,IAAA,EAAM,GAAA;AAAA,EACN,IAAA,EAAM,GAAA;AAAA,EACN,KAAA,EAAO,GAAA;AAAA,EACP,EAAA,EAAI,GAAA;AAAA,EACJ,GAAA,EAAK,GAAA;AAAA,EACL,GAAA,EAAK,GAAA;AAAA,EACL,IAAA,EAAM;AACR,CAAA;AAoBO,SAAS,cAAc,QAAA,EAAqC;AAEjE,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,IAAI,WAAW,CAAA,EAAG;AAChB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,kBAAA,EAAqB,QAAQ,CAAA,gCAAA,CAAkC,CAAA;AAAA,IACjF;AACA,IAAA,OAAO,QAAA;AAAA,EACT;AAGA,EAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,IAAA,EAAK,CAAE,WAAA,EAAY;AAE1C,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,EAClD;AAGA,EAAA,MAAM,YAAA,GAAe,OAAO,KAAK,CAAA;AACjC,EAAA,IAAI,CAAC,KAAA,CAAM,YAAY,CAAA,EAAG;AACxB,IAAA,IAAI,eAAe,CAAA,EAAG;AACpB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,kBAAA,EAAqB,QAAQ,CAAA,gCAAA,CAAkC,CAAA;AAAA,IACjF;AACA,IAAA,OAAO,YAAA;AAAA,EACT;AAGA,EAAA,IAAI,OAAA,GAAU,CAAA;AACd,EAAA,MAAM,KAAA,GAAQ,6BAAA;AACd,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI,QAAA,GAAW,KAAA;AAEf,EAAA,OAAA,CAAQ,KAAA,GAAQ,KAAA,CAAM,IAAA,CAAK,KAAK,OAAO,IAAA,EAAM;AAC3C,IAAA,QAAA,GAAW,IAAA;AACX,IAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,CAAC,CAAC,CAAA;AACjC,IAAA,IAAI,IAAA,GAAO,MAAM,CAAC,CAAA;AAGlB,IAAA,IAAI,QAAQ,iBAAA,EAAmB;AAC7B,MAAA,IAAA,GAAO,kBAAkB,IAAI,CAAA;AAAA,IAC/B;AAGA,IAAA,MAAM,UAAA,GAAa,WAAW,IAAI,CAAA;AAClC,IAAA,IAAI,eAAe,MAAA,EAAW;AAC5B,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,wBAAA,EAA2B,IAAI,CAAA,MAAA,EAAS,QAAQ,CAAA,6DAAA;AAAA,OAElD;AAAA,IACF;AAEA,IAAA,OAAA,IAAW,KAAA,GAAQ,UAAA;AAAA,EACrB;AAEA,EAAA,IAAI,CAAC,QAAA,EAAU;AACb,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,6BAA6B,QAAQ,CAAA,6DAAA;AAAA,KAEvC;AAAA,EACF;AAEA,EAAA,OAAO,IAAA,CAAK,MAAM,OAAO,CAAA;AAC3B;AAkBO,SAAS,cAAA,CACd,EAAA,EACA,OAAA,GAaI,EAAC,EACG;AACR,EAAA,MAAM,EAAE,IAAA,GAAO,KAAA,EAAO,WAAW,CAAA,EAAG,SAAA,GAAY,KAAI,GAAI,OAAA;AAExD,EAAA,IAAI,KAAK,CAAA,EAAG;AACV,IAAA,OAAO,CAAA,CAAA,EAAI,cAAA,CAAe,CAAC,EAAA,EAAI,OAAO,CAAC,CAAA,CAAA;AAAA,EACzC;AAEA,EAAA,IAAI,OAAO,CAAA,EAAG;AACZ,IAAA,OAAO,OAAO,WAAA,GAAc,IAAA;AAAA,EAC9B;AAEA,EAAA,MAAM,KAAA,GAAmF;AAAA,IACvF,EAAE,OAAO,KAAA,EAAU,KAAA,EAAO,KAAK,IAAA,EAAM,KAAA,EAAO,YAAY,MAAA,EAAO;AAAA,IAC/D,EAAE,OAAO,IAAA,EAAS,KAAA,EAAO,KAAK,IAAA,EAAM,MAAA,EAAQ,YAAY,OAAA,EAAQ;AAAA,IAChE,EAAE,OAAO,GAAA,EAAO,KAAA,EAAO,KAAK,IAAA,EAAM,QAAA,EAAU,YAAY,SAAA,EAAU;AAAA,IAClE,EAAE,OAAO,GAAA,EAAM,KAAA,EAAO,KAAK,IAAA,EAAM,QAAA,EAAU,YAAY,SAAA,EAAU;AAAA,IACjE,EAAE,OAAO,CAAA,EAAG,KAAA,EAAO,MAAM,IAAA,EAAM,aAAA,EAAe,YAAY,cAAA;AAAe,GAC3E;AAEA,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,IAAI,SAAA,GAAY,EAAA;AAEhB,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,IAAI,KAAA,CAAM,UAAU,QAAA,EAAU;AAC9B,IAAA,IAAI,SAAA,IAAa,KAAK,KAAA,EAAO;AAC3B,MAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,SAAA,GAAY,KAAK,KAAK,CAAA;AAC/C,MAAA,SAAA,GAAY,YAAY,IAAA,CAAK,KAAA;AAE7B,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,KAAA,CAAM,IAAA,CAAK,CAAA,EAAG,KAAK,CAAA,CAAA,EAAI,KAAA,KAAU,IAAI,IAAA,CAAK,IAAA,GAAO,IAAA,CAAK,UAAU,CAAA,CAAE,CAAA;AAAA,MACpE,CAAA,MAAO;AACL,QAAA,KAAA,CAAM,KAAK,CAAA,EAAG,KAAK,CAAA,EAAG,IAAA,CAAK,KAAK,CAAA,CAAE,CAAA;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,SAAS,CAAA;AAC7B;AAKO,SAAS,YAAA,GAAuB;AACrC,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACrC;AAKO,SAAS,OAAA,GAAkB;AAChC,EAAA,OAAO,KAAK,GAAA,EAAI;AAClB;AA+BO,SAAS,MAAM,QAAA,EAA4C;AAChE,EAAA,MAAM,EAAA,GAAK,cAAc,QAAQ,CAAA;AACjC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AACzD;AAiCO,SAAS,YAAY,EAAA,EAAoB;AAC9C,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,EAAA,GAAK,GAAI,CAAA;AAC7B;;;ACvQA,IAAM,UAAA,GAAa;AAAA;AAAA,EAEjB,kBAAA;AAAA;AAAA,EAEA,WAAA;AAAA;AAAA,EAEA,iBAAA;AAAA;AAAA,EAEA,aAAA;AAAA;AAAA,EAEA,WAAA;AAAA;AAAA,EAEA,kBAAA;AAAA;AAAA,EAEA,gBAAA;AAAA;AAAA,EAEA,qBAAA;AAAA;AAAA,EAEA;AACF,CAAA;AAKA,IAAM,mBAAA,GAAsB;AAAA,EAC1B,QAAA;AAAA;AAAA,EACA,OAAA;AAAA;AAAA,EACA,+BAAA;AAAA;AAAA,EACA,aAAA;AAAA;AAAA,EACA,OAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA,EACA;AAAA;AACF,CAAA;AAKA,IAAM,UAAA,GAAa,6FAAA;AAKnB,IAAM,UAAA,GAAa,uHAAA;AA2CZ,SAAS,WAAA,CAAY,OAAA,EAAsB,OAAA,GAAwB,EAAC,EAAW;AACpF,EAAA,MAAM,EAAE,aAAa,IAAA,EAAM,aAAA,GAAgB,EAAC,EAAG,QAAA,GAAW,aAAY,GAAI,OAAA;AAG1E,EAAA,IAAI,QAAQ,EAAA,EAAI;AACd,IAAA,OAAO,WAAA,CAAY,QAAQ,EAAE,CAAA;AAAA,EAC/B;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAO,QAAA;AAAA,EACT;AAGA,EAAA,KAAA,MAAW,UAAU,aAAA,EAAe;AAClC,IAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,EAAA,GAAK,kBAAkB,KAAK,CAAA;AAClC,MAAA,IAAI,IAAI,OAAO,EAAA;AAAA,IACjB;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,UAAU,UAAA,EAAY;AAC/B,IAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,EAAA,GAAK,kBAAkB,KAAK,CAAA;AAClC,MAAA,IAAI,IAAI,OAAO,EAAA;AAAA,IACjB;AAAA,EACF;AAEA,EAAA,OAAO,QAAA;AACT;AAMA,SAAS,kBAAkB,WAAA,EAAoC;AAG7D,EAAA,MAAM,GAAA,GAAM,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA,CAAE,IAAI,CAAC,EAAA,KAAO,EAAA,CAAG,IAAA,EAAM,CAAA;AAExD,EAAA,KAAA,MAAW,MAAM,GAAA,EAAK;AACpB,IAAA,MAAM,UAAA,GAAa,YAAY,EAAE,CAAA;AACjC,IAAA,IAAI,SAAA,CAAU,UAAU,CAAA,EAAG;AACzB,MAAA,OAAO,UAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAQO,SAAS,YAAY,EAAA,EAAoB;AAC9C,EAAA,IAAI,UAAA,GAAa,GAAG,IAAA,EAAK;AAGzB,EAAA,IAAI,WAAW,UAAA,CAAW,GAAG,KAAK,UAAA,CAAW,QAAA,CAAS,GAAG,CAAA,EAAG;AAC1D,IAAA,UAAA,GAAa,WAAW,KAAA,CAAM,CAAA,EAAG,UAAA,CAAW,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,EAC1D;AAIA,EAAA,IAAI,UAAA,CAAW,SAAS,GAAG,CAAA,IAAK,CAAC,UAAA,CAAW,QAAA,CAAS,IAAI,CAAA,EAAG;AAC1D,IAAA,MAAM,SAAA,GAAY,UAAA,CAAW,WAAA,CAAY,GAAG,CAAA;AAC5C,IAAA,MAAM,aAAA,GAAgB,UAAA,CAAW,KAAA,CAAM,SAAA,GAAY,CAAC,CAAA;AACpD,IAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,aAAa,CAAA,EAAG;AAC/B,MAAA,UAAA,GAAa,UAAA,CAAW,KAAA,CAAM,CAAA,EAAG,SAAS,CAAA;AAAA,IAC5C;AAAA,EACF;AAGA,EAAA,IAAI,UAAA,CAAW,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,EAAG;AAClD,IAAA,MAAM,QAAA,GAAW,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA;AACnC,IAAA,IAAI,WAAA,CAAY,QAAQ,CAAA,EAAG;AACzB,MAAA,OAAO,QAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,UAAA;AACT;AAKO,SAAS,UAAU,EAAA,EAAqB;AAC7C,EAAA,OAAO,WAAA,CAAY,EAAE,CAAA,IAAK,WAAA,CAAY,EAAE,CAAA;AAC1C;AAKO,SAAS,YAAY,EAAA,EAAqB;AAC/C,EAAA,OAAO,UAAA,CAAW,KAAK,EAAE,CAAA;AAC3B;AAKO,SAAS,YAAY,EAAA,EAAqB;AAC/C,EAAA,OAAO,WAAW,IAAA,CAAK,EAAE,CAAA,IAAK,EAAA,KAAO,SAAS,EAAA,KAAO,IAAA;AACvD;AAKO,SAAS,YAAY,EAAA,EAAqB;AAC/C,EAAA,OAAO,oBAAoB,IAAA,CAAK,CAAC,YAAY,OAAA,CAAQ,IAAA,CAAK,EAAE,CAAC,CAAA;AAC/D;AAKO,SAAS,YAAY,EAAA,EAAqB;AAC/C,EAAA,OAAO,EAAA,KAAO,WAAA,IAAe,EAAA,KAAO,KAAA,IAAS,EAAA,KAAO,WAAA;AACtD;AA2CO,SAAS,YAAY,EAAA,EAAoB;AAC9C,EAAA,MAAM,UAAA,GAAa,YAAY,EAAE,CAAA;AAEjC,EAAA,IAAI,WAAA,CAAY,UAAU,CAAA,EAAG;AAC3B,IAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,KAAA;AACX,IAAA,OAAO,KAAA,CAAM,KAAK,GAAG,CAAA;AAAA,EACvB;AAEA,EAAA,IAAI,WAAA,CAAY,UAAU,CAAA,EAAG;AAC3B,IAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,IAAA,IAAI,KAAA,CAAM,SAAS,CAAA,EAAG;AACpB,MAAA,KAAA,CAAM,KAAA,CAAM,MAAA,GAAS,CAAC,CAAA,GAAI,MAAA;AAAA,IAC5B;AACA,IAAA,OAAO,KAAA,CAAM,KAAK,GAAG,CAAA;AAAA,EACvB;AAEA,EAAA,OAAO,iBAAA;AACT;AAMO,SAAS,WAAW,OAAA,EAMzB;AAEA,EAAA,IAAI,QAAQ,GAAA,EAAK;AACf,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,QAAQ,GAAA,CAAI,OAAA;AAAA,MACrB,IAAA,EAAM,QAAQ,GAAA,CAAI,IAAA;AAAA,MAClB,MAAA,EAAQ,QAAQ,GAAA,CAAI,MAAA;AAAA,MACpB,QAAA,EAAU,QAAQ,GAAA,CAAI,QAAA;AAAA,MACtB,SAAA,EAAW,QAAQ,GAAA,CAAI;AAAA,KACzB;AAAA,EACF;AAGA,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,MAAA;AAAA,IAChD,IAAA,EAAM,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAAK,MAAA;AAAA,IAC1C,MAAA,EAAQ,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAAK,MAAA;AAAA,IAC5C,QAAA,EAAU,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,IAAK,MAAA;AAAA,IAC7C,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAAK;AAAA,GACjD;AACF;;;ACxQO,IAAM,cAAN,MAA4C;AAAA,EACjC,IAAA,GAAO,QAAA;AAAA,EAEf,KAAA;AAAA,EACA,YAAA,GAAsD,IAAA;AAAA,EAC7C,OAAA;AAAA,EACA,eAAA;AAAA,EAEjB,WAAA,CAAY,OAAA,GAA8B,EAAC,EAAG;AAC5C,IAAA,MAAM,EAAE,eAAA,GAAkB,GAAA,EAAO,OAAA,GAAU,KAAM,GAAI,OAAA;AAErD,IAAA,IAAA,CAAK,KAAA,uBAAY,GAAA,EAAI;AACrB,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AACf,IAAA,IAAA,CAAK,eAAA,GAAkB,eAAA;AAGvB,IAAA,IAAI,OAAO,WAAA,KAAgB,WAAA,IAAe,eAAA,GAAkB,CAAA,EAAG;AAC7D,MAAA,IAAA,CAAK,iBAAA,EAAkB;AAAA,IACzB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,SAAA,CACJ,GAAA,EACA,QAAA,EAC2C;AAC3C,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,YAAA,GAAe,WAAA,CAAY,GAAA,GAAM,QAAQ,CAAA;AAE/C,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAEnC,IAAA,IAAI,QAAA,EAAU;AAEZ,MAAA,QAAA,CAAS,KAAA,EAAA;AAET,MAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AACrB,MAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,QAAQ,CAAA;AAC5B,MAAA,OAAO,EAAE,KAAA,EAAO,QAAA,CAAS,KAAA,EAAO,KAAA,EAAO,SAAS,KAAA,EAAM;AAAA,IACxD;AAGA,IAAA,MAAM,KAAA,GAAqB;AAAA,MACzB,KAAA,EAAO,CAAA;AAAA,MACP,KAAA,EAAO,YAAA;AAAA,MACP,SAAA,EAAW;AAAA,KACb;AAGA,IAAA,IAAI,IAAA,CAAK,KAAA,CAAM,IAAA,IAAQ,IAAA,CAAK,OAAA,EAAS;AACnC,MAAA,IAAA,CAAK,WAAA,EAAY;AAAA,IACnB;AAEA,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AACzB,IAAA,OAAO,EAAE,KAAA,EAAO,CAAA,EAAG,KAAA,EAAO,YAAA,EAAa;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,IAAI,GAAA,EAA+D;AACvE,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAEhC,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,IAAI,KAAA,CAAM,SAAS,GAAA,EAAK;AACtB,MAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,CAAM,KAAA,EAAO,KAAA,EAAO,MAAM,KAAA,EAAM;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAM,GAAA,EAA4B;AACtC,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAA,GAA8B;AAClC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,GAAyB;AAC7B,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,MAAM,eAAyB,EAAC;AAEhC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,CAAA,IAAK,KAAK,KAAA,EAAO;AACrC,MAAA,IAAI,KAAA,CAAM,SAAS,GAAA,EAAK;AACtB,QAAA,YAAA,CAAa,KAAK,GAAG,CAAA;AAAA,MACvB;AAAA,IACF;AAEA,IAAA,KAAA,MAAW,OAAO,YAAA,EAAc;AAC9B,MAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAA,GAAuB;AAC3B,IAAA,IAAA,CAAK,gBAAA,EAAiB;AACtB,IAAA,IAAA,CAAK,MAAM,KAAA,EAAM;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,IAAA,GAAe;AACjB,IAAA,OAAO,KAAK,KAAA,CAAM,IAAA;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,MAAM,KAAA,EAAM;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKQ,iBAAA,GAA0B;AAChC,IAAA,IAAI,KAAK,YAAA,EAAc;AAEvB,IAAA,IAAA,CAAK,YAAA,GAAe,YAAY,MAAM;AACpC,MAAA,KAAK,KAAK,OAAA,EAAQ;AAAA,IACpB,CAAA,EAAG,KAAK,eAAe,CAAA;AAGvB,IAAA,IAAI,OAAO,IAAA,CAAK,YAAA,KAAiB,QAAA,IAAY,OAAA,IAAW,KAAK,YAAA,EAAc;AACzE,MAAC,IAAA,CAAK,aAAgC,KAAA,EAAM;AAAA,IAC9C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAA,GAAyB;AAC/B,IAAA,IAAI,KAAK,YAAA,EAAc;AACrB,MAAA,aAAA,CAAc,KAAK,YAAY,CAAA;AAC/B,MAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,WAAA,GAAoB;AAE1B,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,IAAA,CAAK,IAAA,CAAK,UAAU,GAAG,CAAA;AAEjD,IAAA,IAAI,OAAA,GAAU,CAAA;AACd,IAAA,KAAA,MAAW,GAAA,IAAO,IAAA,CAAK,KAAA,CAAM,IAAA,EAAK,EAAG;AACnC,MAAA,IAAI,WAAW,YAAA,EAAc;AAC7B,MAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AACrB,MAAA,OAAA,EAAA;AAAA,IACF;AAAA,EACF;AACF;AAKO,SAAS,kBAAkB,OAAA,EAA2C;AAC3E,EAAA,OAAO,IAAI,YAAY,OAAO,CAAA;AAChC;AAMA,IAAI,WAAA,GAAkC,IAAA;AAK/B,SAAS,qBAAqB,OAAA,EAA2C;AAC9E,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,WAAA,GAAc,IAAI,YAAY,OAAO,CAAA;AAAA,EACvC;AACA,EAAA,OAAO,WAAA;AACT;;;AC/MO,IAAM,yBAAN,MAA+D;AAAA,EACpD,IAAA,GAAO,gBAAA;AAAA;AAAA;AAAA;AAAA,EAKvB,MAAM,KAAA,CACJ,KAAA,EACA,GAAA,EACA,OACA,QAAA,EACwB;AACxB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,IAAA,MAAM,WAAA,GAAc,IAAA,CAAK,KAAA,CAAM,GAAA,GAAM,QAAQ,CAAA,GAAI,QAAA;AACjD,IAAA,MAAM,YAAY,WAAA,GAAc,QAAA;AAChC,IAAA,MAAM,sBAAsB,WAAA,GAAc,QAAA;AAG1C,IAAA,MAAM,cAAA,GAAA,CAAkB,MAAM,WAAA,IAAe,QAAA;AAG7C,IAAA,MAAM,UAAA,GAAa,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,WAAW,CAAA,CAAA;AACxC,IAAA,MAAM,WAAA,GAAc,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,mBAAmB,CAAA,CAAA;AAGjD,IAAA,MAAM,CAAC,WAAA,EAAa,YAAY,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MACpD,KAAA,CAAM,IAAI,UAAU,CAAA;AAAA,MACpB,KAAA,CAAM,IAAI,WAAW;AAAA,KACtB,CAAA;AAED,IAAA,MAAM,YAAA,GAAe,aAAa,KAAA,IAAS,CAAA;AAC3C,IAAA,MAAM,aAAA,GAAgB,cAAc,KAAA,IAAS,CAAA;AAI7C,IAAA,MAAM,iBAAiB,CAAA,GAAI,cAAA;AAC3B,IAAA,MAAM,aAAA,GAAgB,YAAA,GAAe,IAAA,CAAK,KAAA,CAAM,gBAAgB,cAAc,CAAA;AAG9E,IAAA,MAAM,KAAA,GAAQ,YAAY,SAAS,CAAA;AAGnC,IAAA,IAAI,iBAAiB,KAAA,EAAO;AAE1B,MAAA,MAAM,aAAa,IAAA,CAAK,mBAAA;AAAA,QACtB,YAAA;AAAA,QACA,aAAA;AAAA,QACA,KAAA;AAAA,QACA,QAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,OAAO;AAAA,QACL,KAAA;AAAA,QACA,SAAA,EAAW,CAAA;AAAA,QACX,KAAA;AAAA,QACA,OAAA,EAAS,IAAA;AAAA,QACT;AAAA,OACF;AAAA,IACF;AAGA,IAAA,MAAM,KAAA,CAAM,SAAA,CAAU,UAAA,EAAY,QAAQ,CAAA;AAG1C,IAAA,MAAM,YAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,KAAA,GAAQ,gBAAgB,CAAC,CAAA;AAEvD,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,SAAA;AAAA,MACA,KAAA;AAAA,MACA,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,mBAAA,CACN,YAAA,EACA,aAAA,EACA,KAAA,EACA,UACA,cAAA,EACQ;AAER,IAAA,IAAI,kBAAkB,CAAA,EAAG;AACvB,MAAA,OAAO,IAAA,CAAK,IAAA,CAAA,CAAM,CAAA,GAAI,cAAA,IAAkB,WAAW,GAAI,CAAA;AAAA,IACzD;AAMA,IAAA,MAAM,gBAAA,GAAmB,CAAA,GAAA,CAAK,KAAA,GAAQ,YAAA,IAAgB,aAAA;AAEtD,IAAA,IAAI,oBAAoB,cAAA,EAAgB;AAEtC,MAAA,OAAO,CAAA;AAAA,IACT;AAEA,IAAA,IAAI,oBAAoB,CAAA,EAAG;AAEzB,MAAA,MAAM,wBAAA,GAAA,CAA4B,IAAI,cAAA,IAAkB,QAAA;AACxD,MAAA,OAAO,IAAA,CAAK,IAAA,CAAK,wBAAA,GAA2B,GAAI,CAAA;AAAA,IAClD;AAGA,IAAA,MAAM,UAAA,GAAA,CAAc,mBAAmB,cAAA,IAAkB,QAAA;AACzD,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,UAAA,GAAa,GAAI,CAAA;AAAA,EACpC;AACF,CAAA;;;AC7GO,IAAM,uBAAN,MAA6D;AAAA,EAClD,IAAA,GAAO,cAAA;AAAA;AAAA;AAAA;AAAA,EAKvB,MAAM,KAAA,CACJ,KAAA,EACA,GAAA,EACA,OACA,QAAA,EACwB;AACxB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,IAAA,MAAM,WAAA,GAAc,IAAA,CAAK,KAAA,CAAM,GAAA,GAAM,QAAQ,CAAA,GAAI,QAAA;AACjD,IAAA,MAAM,YAAY,WAAA,GAAc,QAAA;AAChC,IAAA,MAAM,KAAA,GAAQ,YAAY,SAAS,CAAA;AAGnC,IAAA,MAAM,SAAA,GAAY,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,WAAW,CAAA,CAAA;AAGvC,IAAA,MAAM,IAAA,GAAO,MAAM,KAAA,CAAM,GAAA,CAAI,SAAS,CAAA;AACtC,IAAA,MAAM,YAAA,GAAe,MAAM,KAAA,IAAS,CAAA;AAGpC,IAAA,IAAI,gBAAgB,KAAA,EAAO;AACzB,MAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAA,CAAM,SAAA,GAAY,OAAO,GAAI,CAAA;AAErD,MAAA,OAAO;AAAA,QACL,KAAA;AAAA,QACA,SAAA,EAAW,CAAA;AAAA,QACX,KAAA;AAAA,QACA,OAAA,EAAS,IAAA;AAAA,QACT,UAAA,EAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,UAAU;AAAA,OACpC;AAAA,IACF;AAGA,IAAA,MAAM,EAAE,KAAA,EAAM,GAAI,MAAM,KAAA,CAAM,SAAA,CAAU,WAAW,QAAQ,CAAA;AAG3D,IAAA,IAAI,QAAQ,KAAA,EAAO;AACjB,MAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAA,CAAM,SAAA,GAAY,OAAO,GAAI,CAAA;AAErD,MAAA,OAAO;AAAA,QACL,KAAA;AAAA,QACA,SAAA,EAAW,CAAA;AAAA,QACX,KAAA;AAAA,QACA,OAAA,EAAS,IAAA;AAAA,QACT,UAAA,EAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,UAAU;AAAA,OACpC;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,SAAA,EAAW,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,QAAQ,KAAK,CAAA;AAAA,MACpC,KAAA;AAAA,MACA,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AACF,CAAA;;;AC3DO,IAAM,uBAAN,MAA6D;AAAA,EAClD,IAAA,GAAO,cAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMf,OAAA,uBAA6C,GAAA,EAAI;AAAA;AAAA;AAAA;AAAA,EAKxC,UAAA,GAAa,GAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAU9B,MAAM,KAAA,CACJ,MAAA,EACA,GAAA,EACA,OACA,QAAA,EACwB;AACxB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,IAAA,IAAI,MAAA,GAAS,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAEjC,IAAA,IAAI,CAAC,MAAA,EAAQ;AAEX,MAAA,MAAA,GAAS;AAAA,QACP,MAAA,EAAQ,KAAA;AAAA,QACR,UAAA,EAAY;AAAA,OACd;AAAA,IACF,CAAA,MAAO;AAEL,MAAA,MAAA,GAAS,IAAA,CAAK,YAAA,CAAa,MAAA,EAAQ,KAAA,EAAO,UAAU,GAAG,CAAA;AAAA,IACzD;AAGA,IAAA,MAAM,YAAA,GAAe,QAAQ,MAAA,CAAO,MAAA;AACpC,IAAA,MAAM,aAAa,KAAA,GAAQ,QAAA;AAC3B,IAAA,MAAM,aAAa,YAAA,GAAe,UAAA;AAClC,IAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,GAAA,GAAM,UAAU,CAAA;AAG1C,IAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AAErB,MAAA,MAAM,cAAA,GAAA,CAAkB,CAAA,GAAI,MAAA,CAAO,MAAA,IAAU,UAAA;AAC7C,MAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAK,cAAA,GAAiB,GAAI,CAAA;AAElD,MAAA,OAAO;AAAA,QACL,KAAA;AAAA,QACA,SAAA,EAAW,CAAA;AAAA,QACX,KAAA;AAAA,QACA,OAAA,EAAS,IAAA;AAAA,QACT,UAAA,EAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,UAAU;AAAA,OACpC;AAAA,IACF;AAGA,IAAA,MAAA,CAAO,MAAA,IAAU,CAAA;AACjB,IAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,MAAM,CAAA;AAG5B,IAAA,IAAI,IAAA,CAAK,OAAA,CAAQ,IAAA,GAAO,IAAA,CAAK,UAAA,EAAY;AACvC,MAAA,IAAA,CAAK,OAAA,EAAQ;AAAA,IACf;AAEA,IAAA,OAAO;AAAA,MACL,KAAA;AAAA,MACA,SAAA,EAAW,IAAA,CAAK,KAAA,CAAM,MAAA,CAAO,MAAM,CAAA;AAAA,MACnC,KAAA;AAAA,MACA,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,YAAA,CACN,MAAA,EACA,KAAA,EACA,QAAA,EACA,GAAA,EACkB;AAClB,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,UAAA;AAC7B,IAAA,MAAM,aAAa,KAAA,GAAQ,QAAA;AAC3B,IAAA,MAAM,cAAc,OAAA,GAAU,UAAA;AAE9B,IAAA,OAAO;AAAA,MACL,QAAQ,IAAA,CAAK,GAAA,CAAI,KAAA,EAAO,MAAA,CAAO,SAAS,WAAW,CAAA;AAAA,MACnD,UAAA,EAAY;AAAA,KACd;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,OAAA,GAAgB;AACtB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,cAAA,GAAiB,IAAA;AAEvB,IAAA,MAAM,eAAyB,EAAC;AAEhC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,MAAM,CAAA,IAAK,KAAK,OAAA,EAAS;AACxC,MAAA,IAAI,GAAA,GAAM,MAAA,CAAO,UAAA,GAAa,cAAA,EAAgB;AAC5C,QAAA,YAAA,CAAa,KAAK,GAAG,CAAA;AAAA,MACvB;AAAA,IACF;AAEA,IAAA,KAAA,MAAW,OAAO,YAAA,EAAc;AAC9B,MAAA,IAAA,CAAK,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,IACzB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,GAAA,EAA2C;AACxD,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,QAAQ,KAAA,EAAM;AAAA,EACrB;AACF,CAAA;;;AClIA,IAAM,cAAA,GAA2C;AAAA,EAC/C,SAAA,EAAW,gBAAA;AAAA,EACX,UAAA,EAAY,IAAA;AAAA,EACZ,OAAA,EAAS,IAAA;AAAA,EACT,MAAA,EAAQ,IAAA;AAAA,EACR,OAAA,EAAS,mBAAA;AAAA,EACT,UAAA,EAAY,GAAA;AAAA,EACZ,KAAA,EAAO;AACT,CAAA;AAKA,IAAI,YAAA,GAAsC,IAAA;AAK1C,SAAS,eAAA,GAAkC;AACzC,EAAA,IAAI,CAAC,YAAA,EAAc;AACjB,IAAA,YAAA,GAAe,IAAI,WAAA,EAAY;AAAA,EACjC;AACA,EAAA,OAAO,YAAA;AACT;AAKA,SAAS,aAAa,IAAA,EAA4D;AAChF,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,cAAA;AACH,MAAA,OAAO,IAAI,oBAAA,EAAqB;AAAA,IAClC,KAAK,cAAA;AACH,MAAA,OAAO,IAAI,oBAAA,EAAqB;AAAA,IAClC,KAAK,gBAAA;AAAA,IACL;AACE,MAAA,OAAO,IAAI,sBAAA,EAAuB;AAAA;AAExC;AAKA,SAAS,uBAAuB,IAAA,EAA8B;AAC5D,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAE5B,EAAA,OAAA,CAAQ,GAAA,CAAI,mBAAA,EAAqB,MAAA,CAAO,IAAA,CAAK,KAAK,CAAC,CAAA;AACnD,EAAA,OAAA,CAAQ,GAAA,CAAI,uBAAA,EAAyB,MAAA,CAAO,IAAA,CAAK,SAAS,CAAC,CAAA;AAC3D,EAAA,OAAA,CAAQ,GAAA,CAAI,mBAAA,EAAqB,MAAA,CAAO,IAAA,CAAK,KAAK,CAAC,CAAA;AAEnD,EAAA,IAAI,IAAA,CAAK,OAAA,IAAW,IAAA,CAAK,UAAA,EAAY;AACnC,IAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe,MAAA,CAAO,IAAA,CAAK,UAAU,CAAC,CAAA;AAAA,EACpD;AAEA,EAAA,OAAO,OAAA;AACT;AAKA,SAAS,YAAA,CAAa,QAAiB,MAAA,EAAuB;AAC5D,EAAA,MAAA,CAAO,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AAC7B,IAAA,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,EACvB,CAAC,CAAA;AACH;AAKA,eAAe,aAAA,CACb,OAAA,EACA,UAAA,EACA,MAAA,EACA,OAAA,EACiB;AACjB,EAAA,IAAI,OAAO,eAAe,UAAA,EAAY;AACpC,IAAA,MAAM,EAAA,GAAK,MAAM,UAAA,CAAW,OAAO,CAAA;AACnC,IAAA,OAAO,CAAA,EAAG,MAAM,CAAA,QAAA,EAAW,EAAE,CAAA,CAAA;AAAA,EAC/B;AAEA,EAAA,IAAI,eAAe,MAAA,EAAQ;AAEzB,IAAA,MAAM,SAAS,OAAA,EAAS,IAAA,GACnB,OAAA,CAAQ,IAAA,CAAyB,MAAM,WAAA,GACxC,WAAA;AACJ,IAAA,OAAO,CAAA,EAAG,MAAM,CAAA,MAAA,EAAS,MAAM,CAAA,CAAA;AAAA,EACjC;AAGA,EAAA,MAAM,EAAA,GAAK,YAAY,OAAO,CAAA;AAC9B,EAAA,OAAO,CAAA,EAAG,MAAM,CAAA,IAAA,EAAO,EAAE,CAAA,CAAA;AAC3B;AAkCO,SAAS,aAAA,CACd,SAIA,MAAA,EAC6E;AAE7E,EAAA,MAAM,WAAA,GAAyC;AAAA,IAC7C,GAAG,cAAA;AAAA,IACH,GAAG,MAAA;AAAA,IACH,KAAA,EAAO,MAAA,CAAO,KAAA,IAAS,eAAA;AAAgB,GACzC;AAGA,EAAA,MAAM,QAAA,GAAW,aAAA,CAAc,WAAA,CAAY,MAAM,CAAA;AAGjD,EAAA,MAAM,SAAA,GAAY,YAAA,CAAa,WAAA,CAAY,SAAS,CAAA;AAGpD,EAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,KAAA,GACtB,CAAC,KAAa,IAAA,KAAmB;AAE/B,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,yBAAA,EAA4B,GAAG,CAAA,CAAA,EAAI,QAAQ,EAAE,CAAA;AAAA,EAC3D,IACA,MAAM;AAAA,EAAC,CAAA;AAEX,EAAA,KAAA,CAAM,aAAA,EAAe;AAAA,IACnB,OAAO,WAAA,CAAY,KAAA;AAAA,IACnB,QAAQ,WAAA,CAAY,MAAA;AAAA,IACpB,WAAW,WAAA,CAAY;AAAA,GACxB,CAAA;AAED,EAAA,OAAO,OACL,SACA,OAAA,KACsB;AAEtB,IAAA,MAAM,MAA4D,OAAA,IAAW;AAAA,MAC3E,IAAA,EAAM,IAAA;AAAA,MACN,SAAA,EAAW,OAAO,UAAA,EAAW;AAAA,MAC7B,EAAA,EAAI,YAAY,OAAO,CAAA;AAAA,MACvB,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,EAAA;AAAA,MAChD,SAAA,EAAW,KAAK,GAAA,EAAI;AAAA,MACpB,UAAU;AAAC,KACb;AAEA,IAAA,IAAI;AAEF,MAAA,IAAI,YAAY,IAAA,EAAM;AACpB,QAAA,MAAM,UAAA,GAAa,MAAM,WAAA,CAAY,IAAA,CAAK,OAAO,CAAA;AACjD,QAAA,IAAI,UAAA,EAAY;AACd,UAAA,KAAA,CAAM,2BAA2B,CAAA;AACjC,UAAA,OAAO,OAAA,CAAQ,SAAS,GAAG,CAAA;AAAA,QAC7B;AAAA,MACF;AAGA,MAAA,MAAM,MAAM,MAAM,aAAA;AAAA,QAChB,OAAA;AAAA,QACA,WAAA,CAAY,UAAA;AAAA,QACZ,WAAA,CAAY,MAAA;AAAA,QACZ;AAAA,OACF;AACA,MAAA,KAAA,CAAM,kBAAkB,GAAG,CAAA;AAG3B,MAAA,MAAM,IAAA,GAAO,MAAM,SAAA,CAAU,KAAA;AAAA,QAC3B,WAAA,CAAY,KAAA;AAAA,QACZ,GAAA;AAAA,QACA,WAAA,CAAY,KAAA;AAAA,QACZ;AAAA,OACF;AACA,MAAA,KAAA,CAAM,mBAAmB,IAAI,CAAA;AAG7B,MAAA,GAAA,CAAI,SAAA,GAAY,IAAA;AAGhB,MAAA,IAAI,KAAK,OAAA,EAAS;AAChB,QAAA,KAAA,CAAM,sBAAsB,CAAA;AAG5B,QAAA,IAAI,YAAY,OAAA,EAAS;AACvB,UAAA,MAAMA,SAAAA,GAAW,MAAM,WAAA,CAAY,OAAA,CAAQ,SAAS,IAAI,CAAA;AAGxD,UAAA,IAAI,YAAY,OAAA,EAAS;AACvB,YAAA,MAAM,gBAAA,GAAmB,uBAAuB,IAAI,CAAA;AACpD,YAAA,YAAA,CAAaA,SAAAA,CAAS,SAAS,gBAAgB,CAAA;AAAA,UACjD;AAEA,UAAA,OAAOA,SAAAA;AAAA,QACT;AAGA,QAAA,MAAM,KAAA,GAAQ,IAAI,cAAA,CAAe;AAAA,UAC/B,UAAA,EAAY,KAAK,UAAA,IAAc,EAAA;AAAA,UAC/B,OAAA,EAAS,KAAK,KAAA,GAAQ,GAAA;AAAA,UACtB,SAAS,WAAA,CAAY;AAAA,SACtB,CAAA;AAED,QAAA,MAAMA,SAAAA,GAAW,MAAM,UAAA,EAAW;AAElC,QAAA,IAAI,YAAY,OAAA,EAAS;AACvB,UAAA,MAAM,gBAAA,GAAmB,uBAAuB,IAAI,CAAA;AACpD,UAAA,YAAA,CAAaA,SAAAA,CAAS,SAAS,gBAAgB,CAAA;AAAA,QACjD;AAEA,QAAA,OAAOA,SAAAA;AAAA,MACT;AAGA,MAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,OAAA,EAAS,GAAG,CAAA;AAG3C,MAAA,IAAI,YAAY,OAAA,EAAS;AAEvB,QAAA,MAAM,WAAA,GAAc,IAAI,QAAA,CAAS,QAAA,CAAS,IAAA,EAAM;AAAA,UAC9C,QAAQ,QAAA,CAAS,MAAA;AAAA,UACjB,YAAY,QAAA,CAAS,UAAA;AAAA,UACrB,OAAA,EAAS,IAAI,OAAA,CAAQ,QAAA,CAAS,OAAO;AAAA,SACtC,CAAA;AAED,QAAA,MAAM,gBAAA,GAAmB,uBAAuB,IAAI,CAAA;AACpD,QAAA,YAAA,CAAa,WAAA,CAAY,SAAS,gBAAgB,CAAA;AAElD,QAAA,OAAO,WAAA;AAAA,MACT;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,KAAA,CAAM,kCAAkC,KAAK,CAAA;AAG7C,MAAA,IAAI,iBAAiB,cAAA,EAAgB;AACnC,QAAA,MAAM,KAAA;AAAA,MACR;AAKA,MAAA,OAAA,CAAQ,KAAA,CAAM,mCAAmC,KAAK,CAAA;AACtD,MAAA,OAAO,OAAA,CAAQ,SAAS,GAAG,CAAA;AAAA,IAC7B;AAAA,EACF,CAAA;AACF;AAgBO,SAAS,kBAAkB,MAAA,EAAyB;AACzD,EAAA,OAAO,CACL,OAAA,KAIG,aAAA,CAAc,OAAA,EAAS,MAAM,CAAA;AACpC;AAuBA,eAAsB,cAAA,CACpB,SACA,MAAA,EAMC;AACD,EAAA,MAAM,WAAA,GAAc;AAAA,IAClB,GAAG,cAAA;AAAA,IACH,GAAG,MAAA;AAAA,IACH,KAAA,EAAO,MAAA,CAAO,KAAA,IAAS,eAAA;AAAgB,GACzC;AAEA,EAAA,MAAM,QAAA,GAAW,aAAA,CAAc,WAAA,CAAY,MAAM,CAAA;AACjD,EAAA,MAAM,SAAA,GAAY,YAAA,CAAa,WAAA,CAAY,SAAS,CAAA;AAGpD,EAAA,IAAI,YAAY,IAAA,EAAM;AACpB,IAAA,MAAM,UAAA,GAAa,MAAM,WAAA,CAAY,IAAA,CAAK,OAAO,CAAA;AACjD,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,MAAMC,KAAAA,GAAsB;AAAA,QAC1B,OAAO,WAAA,CAAY,KAAA;AAAA,QACnB,WAAW,WAAA,CAAY,KAAA;AAAA,QACvB,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,QAAA,GAAW,GAAI,CAAA;AAAA,QACjE,OAAA,EAAS;AAAA,OACX;AACA,MAAA,OAAO,EAAE,SAAS,IAAA,EAAM,IAAA,EAAAA,OAAM,OAAA,EAAS,IAAI,SAAQ,EAAE;AAAA,IACvD;AAAA,EACF;AAEA,EAAA,MAAM,MAAM,MAAM,aAAA,CAAc,SAAS,WAAA,CAAY,UAAA,EAAY,YAAY,MAAM,CAAA;AACnF,EAAA,MAAM,IAAA,GAAO,MAAM,SAAA,CAAU,KAAA,CAAM,YAAY,KAAA,EAAO,GAAA,EAAK,WAAA,CAAY,KAAA,EAAO,QAAQ,CAAA;AACtF,EAAA,MAAM,UAAU,WAAA,CAAY,OAAA,GAAU,uBAAuB,IAAI,CAAA,GAAI,IAAI,OAAA,EAAQ;AAEjF,EAAA,IAAI,KAAK,OAAA,EAAS;AAChB,IAAA,IAAI,QAAA;AAEJ,IAAA,IAAI,YAAY,OAAA,EAAS;AACvB,MAAA,QAAA,GAAW,MAAM,WAAA,CAAY,OAAA,CAAQ,OAAA,EAAS,IAAI,CAAA;AAAA,IACpD,CAAA,MAAO;AACL,MAAA,MAAM,KAAA,GAAQ,IAAI,cAAA,CAAe;AAAA,QAC/B,UAAA,EAAY,KAAK,UAAA,IAAc,EAAA;AAAA,QAC/B,OAAA,EAAS,KAAK,KAAA,GAAQ,GAAA;AAAA,QACtB,SAAS,WAAA,CAAY;AAAA,OACtB,CAAA;AACD,MAAA,QAAA,GAAW,MAAM,UAAA,EAAW;AAAA,IAC9B;AAEA,IAAA,IAAI,YAAY,OAAA,EAAS;AACvB,MAAA,YAAA,CAAa,QAAA,CAAS,SAAS,OAAO,CAAA;AAAA,IACxC;AAEA,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,IAAA,EAAM,UAAU,OAAA,EAAQ;AAAA,EACnD;AAEA,EAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,EAAM,OAAA,EAAQ;AACxC;AAcA,eAAsB,cAAA,CACpB,IAAA,EACA,UAAA,EACA,OAAA,EAIe;AACf,EAAA,MAAM,KAAA,GAAQ,OAAA,EAAS,KAAA,IAAS,eAAA,EAAgB;AAChD,EAAA,MAAM,MAAA,GAAS,SAAS,MAAA,IAAU,IAAA;AAClC,EAAA,MAAM,MAAM,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,IAAI,UAAU,CAAA,CAAA;AAE3C,EAAA,MAAM,KAAA,CAAM,MAAM,GAAG,CAAA;AACvB;AAKA,eAAsB,kBAAA,CACpB,IAAA,EACA,UAAA,EACA,OAAA,EAIkD;AAClD,EAAA,MAAM,KAAA,GAAQ,OAAA,EAAS,KAAA,IAAS,eAAA,EAAgB;AAChD,EAAA,MAAM,MAAA,GAAS,SAAS,MAAA,IAAU,IAAA;AAClC,EAAA,MAAM,MAAM,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,IAAI,UAAU,CAAA,CAAA;AAE3C,EAAA,OAAO,KAAA,CAAM,IAAI,GAAG,CAAA;AACtB;AAKO,SAAS,kBAAA,GAA2B;AACzC,EAAA,IAAI,YAAA,IAAgB,WAAW,YAAA,EAAc;AAC3C,IAAC,aAA6B,KAAA,EAAM;AAAA,EACtC;AACF;AC1dA,IAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAKzB,SAAS,YAAY,MAAA,EAAwB;AAClD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAAC,kBAAA,CAAU,gBAAgB,KAAK,CAAA;AAC/B,EAAA,OAAO,MAAM,IAAA,CAAK,KAAK,CAAA,CACpB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACZ;AAKA,eAAe,eAAA,CAAgB,MAAc,MAAA,EAAiC;AAC5E,EAAA,MAAM,GAAA,GAAM,MAAMA,kBAAA,CAAU,MAAA,CAAO,SAAA;AAAA,IACjC,KAAA;AAAA,IACA,OAAA,CAAQ,OAAO,MAAM,CAAA;AAAA,IACrB,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,IAChC,KAAA;AAAA,IACA,CAAC,MAAM;AAAA,GACT;AAEA,EAAA,MAAM,GAAA,GAAM,MAAMA,kBAAA,CAAU,MAAA,CAAO,IAAA,CAAK,QAAQ,GAAA,EAAK,OAAA,CAAQ,MAAA,CAAO,IAAI,CAAC,CAAA;AACzE,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,UAAA,CAAW,GAAG,CAAC,CAAA,CAClC,IAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACZ;AAKA,SAAS,WAAA,CAAY,GAAW,CAAA,EAAoB;AAClD,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAElC,EAAA,IAAI,MAAA,GAAS,CAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,IAAA,MAAA,IAAU,EAAE,UAAA,CAAW,CAAC,CAAA,GAAI,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EAC5C;AACA,EAAA,OAAO,MAAA,KAAW,CAAA;AACpB;AAKA,eAAsB,WAAA,CACpB,MAAA,EACA,MAAA,GAAiB,EAAA,EACA;AACjB,EAAA,MAAM,IAAA,GAAO,YAAY,MAAM,CAAA;AAC/B,EAAA,MAAM,GAAA,GAAM,MAAM,eAAA,CAAgB,IAAA,EAAM,MAAM,CAAA;AAC9C,EAAA,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA;AACvB;AAKA,eAAsB,WAAA,CACpB,OACA,MAAA,EACkB;AAClB,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,UAAU,OAAO,KAAA;AAEhD,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAC7B,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAE/B,EAAA,MAAM,CAAC,IAAA,EAAM,GAAG,CAAA,GAAI,KAAA;AACpB,EAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,GAAA,EAAK,OAAO,KAAA;AAE1B,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,IAAA,EAAM,MAAM,CAAA;AACnD,IAAA,OAAO,WAAA,CAAY,KAAK,QAAQ,CAAA;AAAA,EAClC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKO,SAAS,WAAA,CAAY,GAAW,CAAA,EAAoB;AACzD,EAAA,IAAI,CAAC,CAAA,IAAK,CAAC,CAAA,EAAG,OAAO,KAAA;AACrB,EAAA,OAAO,WAAA,CAAY,GAAG,CAAC,CAAA;AACzB;;;ACjFA,IAAM,cAAA,GAAoC;AAAA,EACxC,IAAA,EAAM,QAAA;AAAA,EACN,IAAA,EAAM,GAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,MAAA,EAAQ,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA;AAAA,EACjC,QAAA,EAAU,QAAA;AAAA,EACV,MAAA,EAAQ;AAAA;AACV,CAAA;AAEA,IAAMC,eAAAA,GAAiE;AAAA,EAErE,UAAA,EAAY,cAAA;AAAA,EACZ,SAAA,EAAW,OAAA;AAAA,EAEX,WAAA,EAAa,EAAA;AAAA,EACb,gBAAA,EAAkB,CAAC,MAAA,EAAQ,KAAA,EAAO,SAAS,QAAQ;AACrD,CAAA;AAEA,SAAS,UAAU,MAAA,EAA4B;AAC7C,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,OAAA,CAAQ,GAAA,CAAI,WAAA;AAC5C,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,iBAAA,CAAkB,IAAA,EAAc,KAAA,EAAe,IAAA,EAAiC;AACvF,EAAA,IAAI,MAAA,GAAS,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA;AAE7B,EAAA,IAAI,IAAA,CAAK,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,KAAK,IAAI,CAAA,CAAA;AAC5C,EAAA,IAAI,IAAA,CAAK,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,KAAK,MAAM,CAAA,CAAA;AAClD,EAAA,IAAI,IAAA,CAAK,MAAA,EAAQ,MAAA,IAAU,CAAA,UAAA,EAAa,KAAK,MAAM,CAAA,CAAA;AACnD,EAAA,IAAI,IAAA,CAAK,UAAU,MAAA,IAAU,YAAA;AAC7B,EAAA,IAAI,IAAA,CAAK,QAAQ,MAAA,IAAU,UAAA;AAC3B,EAAA,IAAI,IAAA,CAAK,QAAA,EAAU,MAAA,IAAU,CAAA,WAAA,EAAc,KAAK,QAAQ,CAAA,CAAA;AAExD,EAAA,OAAO,MAAA;AACT;AAKA,eAAe,YAAA,CACb,GAAA,EACA,UAAA,EACA,SAAA,EACwB;AAExB,EAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAC9C,EAAA,IAAI,aAAa,OAAO,WAAA;AAGxB,EAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AAEvD,EAAA,IAAI,WAAA,CAAY,QAAA,CAAS,mCAAmC,CAAA,EAAG;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAI,KAAA,EAAM;AACzB,MAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,QAAA,EAAS;AACvC,MAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,GAAA,CAAI,SAAS,CAAA;AACpC,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA;AAAA,IACxC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,IAAI,WAAA,CAAY,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC5C,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAI,KAAA,EAAM;AACzB,MAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,IAAA,EAAK;AAC/B,MAAA,IAAI,IAAA,IAAQ,OAAO,IAAA,CAAK,SAAS,MAAM,QAAA,EAAU;AAC/C,QAAA,OAAO,KAAK,SAAS,CAAA;AAAA,MACvB;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,oBAAA,CAAqB,MAAmB,MAAA,EAA0B;AACzE,EAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,wBAAA,EAA0B,MAAA,EAAQ,CAAA,EAAG;AAAA,IAC/E,MAAA,EAAQ,GAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC/C,CAAA;AACH;AAUO,SAAS,QAAA,CAAS,OAAA,EAAuB,MAAA,GAAqB,EAAC,EAAiB;AACrF,EAAA,MAAM,MAAA,GAAS,UAAU,MAAM,CAAA;AAC/B,EAAA,MAAM,aAAa,EAAE,GAAG,cAAA,EAAgB,GAAG,OAAO,MAAA,EAAO;AACzD,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,UAAA,IAAcA,eAAAA,CAAe,UAAA;AACvD,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,SAAA,IAAaA,eAAAA,CAAe,SAAA;AACrD,EAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,gBAAA,IAAoBA,eAAAA,CAAe,gBAAA;AACnE,EAAA,MAAM,OAAA,GAAU,OAAO,OAAA,IAAW,oBAAA;AAElC,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,MAAA,CAAO,WAAA,EAAY;AAGtC,IAAA,IAAI,CAAC,gBAAA,CAAiB,QAAA,CAAS,MAAM,CAAA,EAAG;AACtC,MAAA,OAAO,QAAQ,GAAG,CAAA;AAAA,IACpB;AAGA,IAAA,IAAI,OAAO,IAAA,EAAM;AACf,MAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AACxC,MAAA,IAAI,UAAA,EAAY,OAAO,OAAA,CAAQ,GAAG,CAAA;AAAA,IACpC;AAEA,IAAA,MAAM,UAAA,GAAa,WAAW,IAAA,IAAQ,QAAA;AACtC,IAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,KAAA;AAGjD,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,OAAA,CAAQ,KAAK,gBAAgB,CAAA;AAAA,IACtC;AAGA,IAAA,MAAM,WAAA,GAAc,MAAM,WAAA,CAAY,WAAA,EAAa,MAAM,CAAA;AACzD,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,OAAA,CAAQ,KAAK,gBAAgB,CAAA;AAAA,IACtC;AAGA,IAAA,MAAM,YAAA,GAAe,MAAM,YAAA,CAAa,GAAA,EAAK,YAAY,SAAS,CAAA;AAClE,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAO,OAAA,CAAQ,KAAK,eAAe,CAAA;AAAA,IACrC;AAGA,IAAA,IAAI,CAAC,WAAA,CAAY,WAAA,EAAa,YAAY,CAAA,EAAG;AAC3C,MAAA,OAAO,OAAA,CAAQ,KAAK,gBAAgB,CAAA;AAAA,IACtC;AAEA,IAAA,OAAO,QAAQ,GAAG,CAAA;AAAA,EACpB,CAAA;AACF;AAMA,eAAsB,YAAA,CAAa,MAAA,GAAqB,EAAC,EAGtD;AACD,EAAA,MAAM,MAAA,GAAS,UAAU,MAAM,CAAA;AAC/B,EAAA,MAAM,aAAa,EAAE,GAAG,cAAA,EAAgB,GAAG,OAAO,MAAA,EAAO;AACzD,EAAA,MAAM,WAAA,GAAc,MAAA,CAAO,WAAA,IAAeA,eAAAA,CAAe,WAAA;AACzD,EAAA,MAAM,UAAA,GAAa,WAAW,IAAA,IAAQ,QAAA;AAEtC,EAAA,MAAM,KAAA,GAAQ,MAAM,WAAA,CAAY,MAAA,EAAQ,WAAW,CAAA;AACnD,EAAA,MAAM,YAAA,GAAe,iBAAA,CAAkB,UAAA,EAAY,KAAA,EAAO,UAAU,CAAA;AAEpE,EAAA,OAAO,EAAE,OAAO,YAAA,EAAa;AAC/B;AAMA,eAAsB,YAAA,CACpB,GAAA,EACA,MAAA,GAAqB,EAAC,EACwB;AAC9C,EAAA,MAAM,MAAA,GAAS,UAAU,MAAM,CAAA;AAC/B,EAAA,MAAM,aAAa,EAAE,GAAG,cAAA,EAAgB,GAAG,OAAO,MAAA,EAAO;AACzD,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,UAAA,IAAcA,eAAAA,CAAe,UAAA;AACvD,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,SAAA,IAAaA,eAAAA,CAAe,SAAA;AACrD,EAAA,MAAM,UAAA,GAAa,WAAW,IAAA,IAAQ,QAAA;AAEtC,EAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,KAAA;AACjD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,gBAAA,EAAiB;AAAA,EAClD;AAEA,EAAA,MAAM,WAAA,GAAc,MAAM,WAAA,CAAY,WAAA,EAAa,MAAM,CAAA;AACzD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,gBAAA,EAAiB;AAAA,EAClD;AAEA,EAAA,MAAM,YAAA,GAAe,MAAM,YAAA,CAAa,GAAA,EAAK,YAAY,SAAS,CAAA;AAClE,EAAA,IAAI,CAAC,YAAA,EAAc;AACjB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,eAAA,EAAgB;AAAA,EACjD;AAEA,EAAA,IAAI,CAAC,WAAA,CAAY,WAAA,EAAa,YAAY,CAAA,EAAG;AAC3C,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,gBAAA,EAAiB;AAAA,EAClD;AAEA,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACvB;;;ACpMO,SAAS,SAAS,MAAA,EAAuC;AAC9D,EAAA,MAAM,aAAuB,EAAC;AAE9B,EAAA,MAAM,YAAA,GAAuC;AAAA,IAC3C,UAAA,EAAY,aAAA;AAAA,IACZ,SAAA,EAAW,YAAA;AAAA,IACX,QAAA,EAAU,WAAA;AAAA,IACV,MAAA,EAAQ,SAAA;AAAA,IACR,OAAA,EAAS,UAAA;AAAA,IACT,UAAA,EAAY,aAAA;AAAA,IACZ,QAAA,EAAU,WAAA;AAAA,IACV,SAAA,EAAW,YAAA;AAAA,IACX,QAAA,EAAU,WAAA;AAAA,IACV,QAAA,EAAU,WAAA;AAAA,IACV,SAAA,EAAW,YAAA;AAAA,IACX,cAAA,EAAgB,iBAAA;AAAA,IAChB,UAAA,EAAY,aAAA;AAAA,IACZ,OAAA,EAAS,UAAA;AAAA,IACT,WAAA,EAAa,cAAA;AAAA,IACb,SAAA,EAAW,YAAA;AAAA,IACX,QAAA,EAAU;AAAA,GACZ;AAEA,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,SAAS,KAAK,MAAA,CAAO,OAAA,CAAQ,YAAY,CAAA,EAAG;AAC3D,IAAA,MAAM,KAAA,GAAQ,OAAO,GAAkC,CAAA;AACvD,IAAA,IAAI,KAAA,KAAU,MAAA,IAAa,KAAA,KAAU,KAAA,EAAO;AAC1C,MAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACxB,QAAA,UAAA,CAAW,IAAA,CAAK,GAAG,SAAS,CAAA,CAAA,EAAI,MAAM,IAAA,CAAK,GAAG,CAAC,CAAA,CAAE,CAAA;AAAA,MACnD,CAAA,MAAA,IAAW,OAAO,KAAA,KAAU,QAAA,EAAU;AACpC,QAAA,UAAA,CAAW,IAAA,CAAK,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,KAAK,CAAA,CAAE,CAAA;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,uBAAA,EAAyB;AAClC,IAAA,UAAA,CAAW,KAAK,2BAA2B,CAAA;AAAA,EAC7C;AAEA,EAAA,IAAI,OAAO,oBAAA,EAAsB;AAC/B,IAAA,UAAA,CAAW,KAAK,yBAAyB,CAAA;AAAA,EAC3C;AAEA,EAAA,OAAO,UAAA,CAAW,KAAK,IAAI,CAAA;AAC7B;AAKO,SAAS,UAAU,MAAA,EAAyC;AACjE,EAAA,IAAI,KAAA,GAAQ,CAAA,QAAA,EAAW,MAAA,CAAO,MAAM,CAAA,CAAA;AAEpC,EAAA,IAAI,OAAO,iBAAA,EAAmB;AAC5B,IAAA,KAAA,IAAS,qBAAA;AAAA,EACX;AAEA,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,KAAA,IAAS,WAAA;AAAA,EACX;AAEA,EAAA,OAAO,KAAA;AACT;AAKO,SAAS,uBAAuB,MAAA,EAAmC;AACxE,EAAA,MAAM,aAAuB,EAAC;AAE9B,EAAA,MAAM,UAAA,GAAqC;AAAA,IACzC,aAAA,EAAe,eAAA;AAAA,IACf,kBAAA,EAAoB,sBAAA;AAAA,IACpB,QAAA,EAAU,UAAA;AAAA,IACV,OAAA,EAAS,SAAA;AAAA,IACT,MAAA,EAAQ,QAAA;AAAA,IACR,cAAA,EAAgB,iBAAA;AAAA,IAChB,cAAA,EAAgB,iBAAA;AAAA,IAChB,cAAA,EAAgB,iBAAA;AAAA,IAChB,UAAA,EAAY,YAAA;AAAA,IACZ,WAAA,EAAa,aAAA;AAAA,IACb,SAAA,EAAW,WAAA;AAAA,IACX,YAAA,EAAc,cAAA;AAAA,IACd,UAAA,EAAY,YAAA;AAAA,IACZ,IAAA,EAAM,MAAA;AAAA,IACN,OAAA,EAAS,SAAA;AAAA,IACT,gBAAA,EAAkB,oBAAA;AAAA,IAClB,uBAAA,EAAyB,2BAAA;AAAA,IACzB,cAAA,EAAgB,kBAAA;AAAA,IAChB,OAAA,EAAS,UAAA;AAAA,IACT,GAAA,EAAK,KAAA;AAAA,IACL,QAAA,EAAU,WAAA;AAAA,IACV,iBAAA,EAAmB;AAAA,GACrB;AAEA,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA,EAAG;AACvD,IAAA,MAAM,OAAA,GAAU,OAAO,GAA8B,CAAA;AACrD,IAAA,IAAI,YAAY,MAAA,EAAW;AACzB,MAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,QAAA,UAAA,CAAW,IAAA,CAAK,CAAA,EAAG,OAAO,CAAA,GAAA,CAAK,CAAA;AAAA,MACjC,CAAA,MAAO;AACL,QAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAO,CAAA,KAAM,MAAA,GAAS,MAAA,GAAS,CAAA,CAAA,EAAI,CAAC,CAAA,CAAA,CAAI,CAAA,CAAE,KAAK,GAAG,CAAA;AACjF,QAAA,UAAA,CAAW,IAAA,CAAK,CAAA,EAAG,OAAO,CAAA,EAAA,EAAK,SAAS,CAAA,CAAA,CAAG,CAAA;AAAA,MAC7C;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,UAAA,CAAW,KAAK,IAAI,CAAA;AAC7B;AAKO,IAAM,aAAA,GAAuC;AAAA,EAClD,qBAAA,EAAuB;AAAA,IACrB,UAAA,EAAY,CAAC,QAAQ,CAAA;AAAA,IACrB,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,IACpB,QAAA,EAAU,CAAC,QAAQ,CAAA;AAAA,IACnB,MAAA,EAAQ,CAAC,QAAA,EAAU,OAAO,CAAA;AAAA,IAC1B,OAAA,EAAS,CAAC,QAAQ,CAAA;AAAA,IAClB,SAAA,EAAW,CAAC,QAAQ,CAAA;AAAA,IACpB,cAAA,EAAgB,CAAC,QAAQ,CAAA;AAAA,IACzB,UAAA,EAAY,CAAC,QAAQ,CAAA;AAAA,IACrB,OAAA,EAAS,CAAC,QAAQ,CAAA;AAAA,IAClB,uBAAA,EAAyB;AAAA,GAC3B;AAAA,EACA,uBAAA,EAAyB;AAAA,IACvB,MAAA,EAAQ,OAAA;AAAA;AAAA,IACR,iBAAA,EAAmB,IAAA;AAAA,IACnB,OAAA,EAAS;AAAA,GACX;AAAA,EACA,aAAA,EAAe,MAAA;AAAA,EACf,mBAAA,EAAqB,IAAA;AAAA,EACrB,mBAAA,EAAqB,KAAA;AAAA,EACrB,gBAAA,EAAkB,IAAA;AAAA,EAClB,6BAAA,EAA+B,MAAA;AAAA,EAC/B,cAAA,EAAgB,iCAAA;AAAA,EAChB,uBAAA,EAAyB,aAAA;AAAA,EACzB,yBAAA,EAA2B,cAAA;AAAA,EAC3B,yBAAA,EAA2B,aAAA;AAAA,EAC3B,iBAAA,EAAmB;AAAA,IACjB,QAAQ,EAAC;AAAA,IACT,YAAY,EAAC;AAAA,IACb,aAAa,EAAC;AAAA,IACd,SAAS;AAAC,GACZ;AAAA,EACA,kBAAA,EAAoB;AACtB;AAKO,IAAM,cAAA,GAAwC;AAAA,EACnD,qBAAA,EAAuB;AAAA,IACrB,UAAA,EAAY,CAAC,QAAQ,CAAA;AAAA,IACrB,SAAA,EAAW,CAAC,QAAA,EAAU,iBAAA,EAAmB,eAAe,CAAA;AAAA,IACxD,QAAA,EAAU,CAAC,QAAA,EAAU,iBAAiB,CAAA;AAAA,IACtC,MAAA,EAAQ,CAAC,QAAA,EAAU,OAAA,EAAS,SAAS,QAAQ,CAAA;AAAA,IAC7C,OAAA,EAAS,CAAC,QAAA,EAAU,QAAA,EAAU,OAAO,CAAA;AAAA,IACrC,UAAA,EAAY,CAAC,QAAA,EAAU,QAAA,EAAU,MAAM,CAAA;AAAA,IACvC,QAAA,EAAU,CAAC,QAAQ;AAAA,GACrB;AAAA,EACA,uBAAA,EAAyB;AAAA,IACvB,MAAA,EAAQ,KAAA;AAAA;AAAA,IACR,iBAAA,EAAmB;AAAA,GACrB;AAAA,EACA,aAAA,EAAe,YAAA;AAAA,EACf,mBAAA,EAAqB,IAAA;AAAA,EACrB,cAAA,EAAgB;AAClB;AAKO,IAAM,UAAA,GAAoC;AAAA,EAC/C,qBAAA,EAAuB;AAAA,IACrB,UAAA,EAAY,CAAC,QAAQ,CAAA;AAAA,IACrB,cAAA,EAAgB,CAAC,QAAQ;AAAA,GAC3B;AAAA,EACA,uBAAA,EAAyB;AAAA,IACvB,MAAA,EAAQ,OAAA;AAAA,IACR,iBAAA,EAAmB;AAAA,GACrB;AAAA,EACA,aAAA,EAAe,MAAA;AAAA,EACf,mBAAA,EAAqB,IAAA;AAAA,EACrB,cAAA,EAAgB,aAAA;AAAA,EAChB,yBAAA,EAA2B;AAC7B;AAKO,SAAS,UAAU,IAAA,EAAoD;AAC5E,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,QAAA;AACH,MAAA,OAAO,aAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,cAAA;AAAA,IACT,KAAK,KAAA;AACH,MAAA,OAAO,UAAA;AAAA,IACT;AACE,MAAA,OAAO,aAAA;AAAA;AAEb;AAKO,SAAS,aAAa,MAAA,EAAwC;AACnE,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAG5B,EAAA,IAAI,OAAO,qBAAA,EAAuB;AAChC,IAAA,MAAM,GAAA,GAAM,QAAA,CAAS,MAAA,CAAO,qBAAqB,CAAA;AACjD,IAAA,IAAI,GAAA,EAAK,OAAA,CAAQ,GAAA,CAAI,yBAAA,EAA2B,GAAG,CAAA;AAAA,EACrD;AAGA,EAAA,IAAI,OAAO,uBAAA,EAAyB;AAClC,IAAA,OAAA,CAAQ,GAAA,CAAI,2BAAA,EAA6B,SAAA,CAAU,MAAA,CAAO,uBAAuB,CAAC,CAAA;AAAA,EACpF;AAGA,EAAA,IAAI,OAAO,aAAA,EAAe;AACxB,IAAA,OAAA,CAAQ,GAAA,CAAI,iBAAA,EAAmB,MAAA,CAAO,aAAa,CAAA;AAAA,EACrD;AAGA,EAAA,IAAI,OAAO,mBAAA,EAAqB;AAC9B,IAAA,OAAA,CAAQ,GAAA,CAAI,0BAA0B,SAAS,CAAA;AAAA,EACjD;AAGA,EAAA,IAAI,OAAO,mBAAA,EAAqB;AAC9B,IAAA,OAAA,CAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,mBAAmB,CAAA;AAAA,EAClE;AAGA,EAAA,IAAI,OAAO,gBAAA,EAAkB;AAC3B,IAAA,OAAA,CAAQ,GAAA,CAAI,sBAAsB,QAAQ,CAAA;AAAA,EAC5C;AAGA,EAAA,IAAI,OAAO,6BAAA,EAA+B;AACxC,IAAA,OAAA,CAAQ,GAAA,CAAI,mCAAA,EAAqC,MAAA,CAAO,6BAA6B,CAAA;AAAA,EACvF;AAGA,EAAA,IAAI,OAAO,cAAA,EAAgB;AACzB,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,cAAc,CAAA,GAC7C,MAAA,CAAO,cAAA,CAAe,IAAA,CAAK,IAAI,CAAA,GAC/B,MAAA,CAAO,cAAA;AACX,IAAA,OAAA,CAAQ,GAAA,CAAI,mBAAmB,KAAK,CAAA;AAAA,EACtC;AAGA,EAAA,IAAI,OAAO,uBAAA,EAAyB;AAClC,IAAA,OAAA,CAAQ,GAAA,CAAI,4BAAA,EAA8B,MAAA,CAAO,uBAAuB,CAAA;AAAA,EAC1E;AAGA,EAAA,IAAI,OAAO,yBAAA,EAA2B;AACpC,IAAA,OAAA,CAAQ,GAAA,CAAI,8BAAA,EAAgC,MAAA,CAAO,yBAAyB,CAAA;AAAA,EAC9E;AAGA,EAAA,IAAI,OAAO,yBAAA,EAA2B;AACpC,IAAA,OAAA,CAAQ,GAAA,CAAI,8BAAA,EAAgC,MAAA,CAAO,yBAAyB,CAAA;AAAA,EAC9E;AAGA,EAAA,IAAI,OAAO,iBAAA,EAAmB;AAC5B,IAAA,MAAM,EAAA,GAAK,sBAAA,CAAuB,MAAA,CAAO,iBAAiB,CAAA;AAC1D,IAAA,IAAI,EAAA,EAAI,OAAA,CAAQ,GAAA,CAAI,oBAAA,EAAsB,EAAE,CAAA;AAAA,EAC9C;AAGA,EAAA,IAAI,OAAO,kBAAA,EAAoB;AAC7B,IAAA,OAAA,CAAQ,GAAA,CAAI,wBAAwB,IAAI,CAAA;AAAA,EAC1C;AAEA,EAAA,OAAO,OAAA;AACT;;;AC/QA,SAAS,YAAA,CACP,MACA,MAAA,EACuB;AACvB,EAAA,OAAO;AAAA,IACL,GAAG,IAAA;AAAA,IACH,GAAG,MAAA;AAAA;AAAA,IAEH,uBACE,MAAA,CAAO,qBAAA,KAA0B,QAC7B,KAAA,GACA,MAAA,CAAO,wBACL,IAAA,CAAK,qBAAA,GACH,EAAE,GAAI,IAAA,CAAK,uBAAkC,GAAG,MAAA,CAAO,uBAAsB,GAC7E,MAAA,CAAO,wBACT,IAAA,CAAK,qBAAA;AAAA;AAAA,IAEb,yBACE,MAAA,CAAO,uBAAA,KAA4B,QAC/B,KAAA,GACA,MAAA,CAAO,0BACL,IAAA,CAAK,uBAAA,GACH,EAAE,GAAI,IAAA,CAAK,yBAAoC,GAAG,MAAA,CAAO,yBAAwB,GACjF,MAAA,CAAO,0BACT,IAAA,CAAK,uBAAA;AAAA;AAAA,IAEb,mBACE,MAAA,CAAO,iBAAA,KAAsB,QACzB,KAAA,GACA,MAAA,CAAO,oBACL,IAAA,CAAK,iBAAA,GACH,EAAE,GAAI,IAAA,CAAK,mBAA8B,GAAG,MAAA,CAAO,mBAAkB,GACrE,MAAA,CAAO,oBACT,IAAA,CAAK;AAAA,GACf;AACF;AAsBO,SAAS,mBAAA,CACd,OAAA,EACA,OAAA,GAAsC,EAAC,EACzB;AACd,EAAA,MAAM,EAAE,MAAA,EAAQ,MAAA,EAAQ,QAAA,GAAW,OAAM,GAAI,OAAA;AAG7C,EAAA,IAAI,UAAA,GAAoC,MAAA,GAAS,SAAA,CAAU,MAAM,CAAA,GAAI,aAAA;AAGrE,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,UAAA,GAAa,YAAA,CAAa,YAAY,MAAM,CAAA;AAAA,EAC9C;AAGA,EAAA,MAAM,eAAA,GAAkB,aAAa,UAAU,CAAA;AAE/C,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,GAAG,CAAA;AAGlC,IAAA,MAAM,UAAA,GAAa,IAAI,OAAA,CAAQ,QAAA,CAAS,OAAO,CAAA;AAG/C,IAAA,eAAA,CAAgB,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AACtC,MAAA,IAAI,QAAA,IAAY,CAAC,UAAA,CAAW,GAAA,CAAI,GAAG,CAAA,EAAG;AACpC,QAAA,UAAA,CAAW,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,MAC3B;AAAA,IACF,CAAC,CAAA;AAED,IAAA,OAAO,IAAI,QAAA,CAAS,QAAA,CAAS,IAAA,EAAM;AAAA,MACjC,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,YAAY,QAAA,CAAS,UAAA;AAAA,MACrB,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH,CAAA;AACF;AAaO,SAAS,qBAAA,CACd,OAAA,GAAsC,EAAC,EAC9B;AACT,EAAA,MAAM,EAAE,MAAA,EAAQ,MAAA,EAAO,GAAI,OAAA;AAE3B,EAAA,IAAI,UAAA,GAAoC,MAAA,GAAS,SAAA,CAAU,MAAM,CAAA,GAAI,aAAA;AAErE,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,UAAA,GAAa,YAAA,CAAa,YAAY,MAAM,CAAA;AAAA,EAC9C;AAEA,EAAA,OAAO,aAAa,UAAU,CAAA;AAChC;AAKO,SAAS,2BAAA,CACd,OAAA,GAAsC,EAAC,EACf;AACxB,EAAA,MAAM,OAAA,GAAU,sBAAsB,OAAO,CAAA;AAC7C,EAAA,MAAM,MAA8B,EAAC;AAErC,EAAA,OAAA,CAAQ,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AAC9B,IAAA,GAAA,CAAI,GAAG,CAAA,GAAI,KAAA;AAAA,EACb,CAAC,CAAA;AAED,EAAA,OAAO,GAAA;AACT;ACvJA,IAAMC,QAAAA,GAAU,IAAI,WAAA,EAAY;AAChC,IAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAKhC,SAAS,gBAAgB,GAAA,EAAyB;AAEhD,EAAA,MAAM,GAAA,GAAM,IAAI,MAAA,GAAS,CAAA;AACzB,EAAA,IAAI,GAAA,EAAK;AACP,IAAA,GAAA,IAAO,GAAA,CAAI,MAAA,CAAO,CAAA,GAAI,GAAG,CAAA;AAAA,EAC3B;AAGA,EAAA,MAAM,MAAA,GAAS,IAAI,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAEvD,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AAC1C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA;AACT;AAKO,SAAS,UAAU,KAAA,EAIjB;AACP,EAAA,IAAI;AACF,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAC7B,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAO,IAAA;AAE/B,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,gBAAgB,KAAA,CAAM,CAAC,CAAC,CAAC,CAAC,CAAA;AACnE,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,gBAAgB,KAAA,CAAM,CAAC,CAAC,CAAC,CAAC,CAAA;AACpE,IAAA,MAAM,SAAA,GAAY,eAAA,CAAgB,KAAA,CAAM,CAAC,CAAC,CAAA;AAE1C,IAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,SAAA,EAAU;AAAA,EACtC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAKA,SAAS,mBAAmB,GAAA,EAInB;AACP,EAAA,QAAQ,GAAA;AAAK,IACX,KAAK,OAAA;AACH,MAAA,OAAO,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,IACzC,KAAK,OAAA;AACH,MAAA,OAAO,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,IACzC,KAAK,OAAA;AACH,MAAA,OAAO,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,IACzC,KAAK,OAAA;AACH,MAAA,OAAO,EAAE,IAAA,EAAM,mBAAA,EAAqB,IAAA,EAAM,SAAA,EAAU;AAAA,IACtD,KAAK,OAAA;AACH,MAAA,OAAO,EAAE,IAAA,EAAM,mBAAA,EAAqB,IAAA,EAAM,SAAA,EAAU;AAAA,IACtD,KAAK,OAAA;AACH,MAAA,OAAO,EAAE,IAAA,EAAM,mBAAA,EAAqB,IAAA,EAAM,SAAA,EAAU;AAAA,IACtD,KAAK,OAAA;AACH,MAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAW,YAAY,OAAA,EAAQ;AAAA,IAC/D,KAAK,OAAA;AACH,MAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAW,YAAY,OAAA,EAAQ;AAAA,IAC/D,KAAK,OAAA;AACH,MAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAW,YAAY,OAAA,EAAQ;AAAA,IAC/D;AACE,MAAA,OAAO,IAAA;AAAA;AAEb;AAKA,eAAe,UAAA,CACb,IAAA,EACA,SAAA,EACA,MAAA,EACA,IAAA,EACkB;AAClB,EAAA,MAAM,GAAA,GAAM,MAAMF,kBAAAA,CAAU,MAAA,CAAO,SAAA;AAAA,IACjC,KAAA;AAAA,IACAE,QAAAA,CAAQ,OAAO,MAAM,CAAA;AAAA,IACrB,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAK;AAAA,IACrB,KAAA;AAAA,IACA,CAAC,QAAQ;AAAA,GACX;AAEA,EAAA,OAAOF,kBAAAA,CAAU,OAAO,MAAA,CAAO,MAAA,EAAQ,KAAK,SAAA,EAAWE,QAAAA,CAAQ,MAAA,CAAO,IAAI,CAAC,CAAA;AAC7E;AAKA,eAAe,eAAA,CACb,KACA,SAAA,EACoB;AAEpB,EAAA,MAAM,WAAA,GAAc,GAAA,CACjB,OAAA,CAAQ,mBAAA,EAAqB,EAAE,CAAA,CAC/B,OAAA,CAAQ,iBAAA,EAAmB,EAAE,CAAA,CAC7B,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AAEpB,EAAA,MAAM,SAAA,GAAY,eAAA,CAAgB,WAAA,CAAY,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAC,CAAA;AAErF,EAAA,MAAM,SAAA,GAAwB,CAAC,QAAQ,CAAA;AAEvC,EAAA,IAAI,SAAA,CAAU,SAAS,mBAAA,EAAqB;AAC1C,IAAA,OAAOF,mBAAU,MAAA,CAAO,SAAA;AAAA,MACtB,MAAA;AAAA,MACA,SAAA;AAAA,MACA,EAAE,IAAA,EAAM,SAAA,CAAU,IAAA,EAAM,IAAA,EAAM,UAAU,IAAA,EAAM;AAAA,MAC9C,KAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,SAAA,CAAU,SAAS,OAAA,EAAS;AAC9B,IAAA,OAAOA,mBAAU,MAAA,CAAO,SAAA;AAAA,MACtB,MAAA;AAAA,MACA,SAAA;AAAA,MACA,EAAE,IAAA,EAAM,SAAA,CAAU,IAAA,EAAM,UAAA,EAAY,UAAU,UAAA,EAAY;AAAA,MAC1D,KAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,SAAA,CAAU,IAAI,CAAA,CAAE,CAAA;AAC5D;AAKA,eAAe,gBAAA,CACb,IAAA,EACA,SAAA,EACA,SAAA,EACA,SAAA,EACkB;AAClB,EAAA,MAAM,GAAA,GAAM,MAAM,eAAA,CAAgB,SAAA,EAAW,SAAS,CAAA;AAEtD,EAAA,MAAM,MAAA,GAAS,SAAA,CAAU,IAAA,KAAS,OAAA,GAC9B,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,CAAU,IAAA,EAAM,GACvC,SAAA,CAAU,IAAA;AAEd,EAAA,OAAOA,kBAAAA,CAAU,OAAO,MAAA,CAAO,MAAA,EAAQ,KAAK,SAAA,EAAWE,QAAAA,CAAQ,MAAA,CAAO,IAAI,CAAC,CAAA;AAC7E;AAKA,SAAS,cAAA,CACP,SACA,MAAA,EACkB;AAClB,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,MAAM,SAAA,GAAY,OAAO,cAAA,IAAkB,CAAA;AAG3C,EAAA,IAAI,QAAQ,GAAA,KAAQ,MAAA,IAAa,OAAA,CAAQ,GAAA,GAAM,MAAM,SAAA,EAAW;AAC9D,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,eAAA;AAAA,MACN,OAAA,EAAS,mBAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAGA,EAAA,IAAI,QAAQ,GAAA,KAAQ,MAAA,IAAa,OAAA,CAAQ,GAAA,GAAM,MAAM,SAAA,EAAW;AAC9D,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,eAAA;AAAA,MACN,OAAA,EAAS,qBAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,MAAM,IAAI,MAAA,CAAO,MAAA,GAAS,CAAC,MAAA,CAAO,MAAM,CAAA;AAC7E,IAAA,IAAI,CAAC,QAAQ,GAAA,IAAO,CAAC,QAAQ,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA,EAAG;AAClD,MAAA,OAAO;AAAA,QACL,IAAA,EAAM,eAAA;AAAA,QACN,OAAA,EAAS,sBAAA;AAAA,QACT,MAAA,EAAQ;AAAA,OACV;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,QAAA,EAAU;AACnB,IAAA,MAAM,SAAA,GAAY,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,QAAQ,IAAI,MAAA,CAAO,QAAA,GAAW,CAAC,MAAA,CAAO,QAAQ,CAAA;AACrF,IAAA,MAAM,cAAA,GAAiB,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA,GAC5C,OAAA,CAAQ,GAAA,GACR,OAAA,CAAQ,GAAA,GACN,CAAC,OAAA,CAAQ,GAAG,IACZ,EAAC;AAEP,IAAA,MAAM,gBAAA,GAAmB,UAAU,IAAA,CAAK,CAAC,QAAQ,cAAA,CAAe,QAAA,CAAS,GAAG,CAAC,CAAA;AAC7E,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,OAAO;AAAA,QACL,IAAA,EAAM,eAAA;AAAA,QACN,OAAA,EAAS,wBAAA;AAAA,QACT,MAAA,EAAQ;AAAA,OACV;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAKA,eAAsB,SAAA,CACpB,OACA,MAAA,EACqF;AAErF,EAAA,MAAM,OAAA,GAAU,UAAU,KAAK,CAAA;AAC/B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO;AAAA,QACL,IAAA,EAAM,eAAA;AAAA,QACN,OAAA,EAAS,iBAAA;AAAA,QACT,MAAA,EAAQ;AAAA;AACV,KACF;AAAA,EACF;AAEA,EAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,SAAA,EAAU,GAAI,OAAA;AACvC,EAAA,MAAM,MAAM,MAAA,CAAO,GAAA;AAGnB,EAAA,MAAM,iBAAA,GAAoB,MAAA,CAAO,UAAA,IAAc,CAAC,OAAO,CAAA;AACvD,EAAA,IAAI,CAAC,iBAAA,CAAkB,QAAA,CAAS,GAAG,CAAA,EAAG;AACpC,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO;AAAA,QACL,IAAA,EAAM,eAAA;AAAA,QACN,OAAA,EAAS,aAAa,GAAG,CAAA,YAAA,CAAA;AAAA,QACzB,MAAA,EAAQ;AAAA;AACV,KACF;AAAA,EACF;AAGA,EAAA,MAAM,eAAA,GAAkB,mBAAmB,GAAG,CAAA;AAC9C,EAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO;AAAA,QACL,IAAA,EAAM,eAAA;AAAA,QACN,OAAA,EAAS,0BAA0B,GAAG,CAAA,CAAA;AAAA,QACtC,MAAA,EAAQ;AAAA;AACV,KACF;AAAA,EACF;AAGA,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAC7B,EAAA,MAAM,UAAA,GAAa,GAAG,KAAA,CAAM,CAAC,CAAC,CAAA,CAAA,EAAI,KAAA,CAAM,CAAC,CAAC,CAAA,CAAA;AAC1C,EAAA,IAAI,OAAA,GAAU,KAAA;AAEd,EAAA,IAAI;AACF,IAAA,IAAI,eAAA,CAAgB,SAAS,MAAA,EAAQ;AACnC,MAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAClB,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,IAAA;AAAA,UACT,KAAA,EAAO;AAAA,YACL,IAAA,EAAM,eAAA;AAAA,YACN,OAAA,EAAS,qCAAA;AAAA,YACT,MAAA,EAAQ;AAAA;AACV,SACF;AAAA,MACF;AACA,MAAA,OAAA,GAAU,MAAM,UAAA,CAAW,UAAA,EAAY,WAAW,MAAA,CAAO,MAAA,EAAQ,gBAAgB,IAAK,CAAA;AAAA,IACxF,CAAA,MAAO;AACL,MAAA,IAAI,CAAC,OAAO,SAAA,EAAW;AACrB,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,IAAA;AAAA,UACT,KAAA,EAAO;AAAA,YACL,IAAA,EAAM,eAAA;AAAA,YACN,OAAA,EAAS,+CAAA;AAAA,YACT,MAAA,EAAQ;AAAA;AACV,SACF;AAAA,MACF;AACA,MAAA,OAAA,GAAU,MAAM,gBAAA,CAAiB,UAAA,EAAY,SAAA,EAAW,MAAA,CAAO,WAAW,eAAe,CAAA;AAAA,IAC3F;AAAA,EACF,CAAA,CAAA,MAAQ;AACN,IAAA,OAAA,GAAU,KAAA;AAAA,EACZ;AAEA,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO;AAAA,QACL,IAAA,EAAM,mBAAA;AAAA,QACN,OAAA,EAAS,yBAAA;AAAA,QACT,MAAA,EAAQ;AAAA;AACV,KACF;AAAA,EACF;AAGA,EAAA,MAAM,WAAA,GAAc,cAAA,CAAe,OAAA,EAAS,MAAM,CAAA;AAClD,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,KAAA,EAAO,WAAA,EAAY;AAAA,EAC7C;AAEA,EAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,IAAA,EAAK;AAChC;AAKO,SAAS,mBAAmB,UAAA,EAA0C;AAC3E,EAAA,IAAI,CAAC,YAAY,OAAO,IAAA;AACxB,EAAA,IAAI,CAAC,UAAA,CAAW,UAAA,CAAW,SAAS,GAAG,OAAO,IAAA;AAC9C,EAAA,OAAO,UAAA,CAAW,MAAM,CAAC,CAAA;AAC3B;;;ACvTA,SAASC,qBAAAA,CAAqB,MAAmB,KAAA,EAA4B;AAC3E,EAAA,OAAO,IAAI,QAAA;AAAA,IACT,KAAK,SAAA,CAAU;AAAA,MACb,OAAO,KAAA,CAAM,IAAA;AAAA,MACb,SAAS,KAAA,CAAM;AAAA,KAChB,CAAA;AAAA,IACD;AAAA,MACE,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,GACF;AACF;AAKA,eAAe,mBAAA,CACb,KACA,MAAA,EACwB;AAExB,EAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,IAAA,OAAO,MAAA,CAAO,SAAS,GAAG,CAAA;AAAA,EAC5B;AAGA,EAAA,OAAO,kBAAA,CAAmB,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAC,CAAA;AAC5D;AAKO,SAAS,OAAA,CACd,SACA,MAAA,EACc;AACd,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,OAAA,CAAQ,GAAA,CAAI,UAAA;AAC5C,EAAA,MAAM,eAAA,GAAkB,EAAE,GAAG,MAAA,EAAQ,MAAA,EAAO;AAE5C,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,MAAM,KAAA,GAAQ,MAAM,mBAAA,CAAoB,GAAA,EAAK,eAAe,CAAA;AAE5D,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,OAAOA,sBAAqB,GAAA,EAAK;AAAA,QAC/B,IAAA,EAAM,eAAA;AAAA,QACN,OAAA,EAAS,yBAAA;AAAA,QACT,MAAA,EAAQ;AAAA,OACT,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,EAAE,OAAA,EAAS,KAAA,KAAU,MAAM,SAAA,CAAU,OAAO,eAAe,CAAA;AAEjE,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,OAAOA,qBAAAA,CAAqB,KAAK,KAAK,CAAA;AAAA,IACxC;AAGA,IAAA,MAAM,OAAiB,eAAA,CAAgB,OAAA,GACnC,MAAM,eAAA,CAAgB,OAAA,CAAQ,OAAO,CAAA,GACrC;AAAA,MACE,EAAA,EAAI,QAAQ,GAAA,IAAO,EAAA;AAAA,MACnB,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,MAAM,OAAA,CAAQ,IAAA;AAAA,MACd,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,aAAa,OAAA,CAAQ;AAAA,KACvB;AAEJ,IAAA,OAAO,OAAA,CAAQ,GAAA,EAAK,EAAE,IAAA,EAAM,OAAO,CAAA;AAAA,EACrC,CAAA;AACF;AAKO,SAAS,UAAA,CACd,SACA,MAAA,EACc;AACd,EAAA,MAAM,UAAA,GAAa,OAAO,UAAA,IAAc,WAAA;AACxC,EAAA,MAAM,UAAA,GAAa,OAAO,UAAA,IAAc,SAAA;AAExC,EAAA,OAAO,OAAO,GAAA,KAAwC;AAEpD,IAAA,IAAI,MAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAGvC,IAAA,IAAI,CAAC,MAAA,EAAQ;AACX,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA;AAC3B,MAAA,MAAA,GAAS,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAU,CAAA;AAAA,IAC1C;AAEA,IAAA,IAAI,CAAC,MAAA,EAAQ;AACX,MAAA,OAAOA,sBAAqB,GAAA,EAAK;AAAA,QAC/B,IAAA,EAAM,iBAAA;AAAA,QACN,OAAA,EAAS,kBAAA;AAAA,QACT,MAAA,EAAQ;AAAA,OACT,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,QAAA,CAAS,QAAQ,GAAG,CAAA;AAE9C,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAOA,sBAAqB,GAAA,EAAK;AAAA,QAC/B,IAAA,EAAM,iBAAA;AAAA,QACN,OAAA,EAAS,iBAAA;AAAA,QACT,MAAA,EAAQ;AAAA,OACT,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,OAAA,CAAQ,GAAA,EAAK,EAAE,IAAA,EAAM,CAAA;AAAA,EAC9B,CAAA;AACF;AAKO,SAAS,WAAA,CACd,SACA,MAAA,EACc;AACd,EAAA,MAAM,UAAA,GAAa,OAAO,UAAA,IAAc,SAAA;AAExC,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,MAAM,SAAA,GAAY,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,KAAA;AAE/C,IAAA,IAAI,CAAC,SAAA,EAAW;AACd,MAAA,OAAOA,sBAAqB,GAAA,EAAK;AAAA,QAC/B,IAAA,EAAM,iBAAA;AAAA,QACN,OAAA,EAAS,kBAAA;AAAA,QACT,MAAA,EAAQ;AAAA,OACT,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,QAAA,CAAS,WAAW,GAAG,CAAA;AAEjD,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAOA,sBAAqB,GAAA,EAAK;AAAA,QAC/B,IAAA,EAAM,iBAAA;AAAA,QACN,OAAA,EAAS,4BAAA;AAAA,QACT,MAAA,EAAQ;AAAA,OACT,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,OAAA,CAAQ,GAAA,EAAK,EAAE,IAAA,EAAM,CAAA;AAAA,EAC9B,CAAA;AACF;AAMO,SAAS,SAAA,CACd,SACA,MAAA,EACkF;AAClF,EAAA,OAAO,OACL,KACA,GAAA,KACsB;AACtB,IAAA,MAAM,EAAE,MAAK,GAAI,GAAA;AAGjB,IAAA,MAAM,SAAA,GAAY,OAAO,YAAA,GACrB,MAAA,CAAO,aAAa,IAAI,CAAA,GACxB,IAAA,CAAK,KAAA,IAAS,EAAC;AAGnB,IAAA,IAAI,MAAA,CAAO,KAAA,IAAS,MAAA,CAAO,KAAA,CAAM,SAAS,CAAA,EAAG;AAC3C,MAAA,MAAM,OAAA,GAAU,OAAO,KAAA,CAAM,IAAA,CAAK,CAAC,IAAA,KAAS,SAAA,CAAU,QAAA,CAAS,IAAI,CAAC,CAAA;AACpE,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,OAAOA,sBAAqB,GAAA,EAAK;AAAA,UAC/B,IAAA,EAAM,oBAAA;AAAA,UACN,OAAA,EAAS,0BAAA;AAAA,UACT,MAAA,EAAQ;AAAA,SACT,CAAA;AAAA,MACH;AAAA,IACF;AAGA,IAAA,MAAM,eAAA,GAAkB,OAAO,kBAAA,GAC3B,MAAA,CAAO,mBAAmB,IAAI,CAAA,GAC9B,IAAA,CAAK,WAAA,IAAe,EAAC;AAGzB,IAAA,IAAI,MAAA,CAAO,WAAA,IAAe,MAAA,CAAO,WAAA,CAAY,SAAS,CAAA,EAAG;AACvD,MAAA,MAAM,iBAAA,GAAoB,OAAO,WAAA,CAAY,KAAA;AAAA,QAAM,CAAC,IAAA,KAClD,eAAA,CAAgB,QAAA,CAAS,IAAI;AAAA,OAC/B;AACA,MAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,QAAA,OAAOA,sBAAqB,GAAA,EAAK;AAAA,UAC/B,IAAA,EAAM,0BAAA;AAAA,UACN,OAAA,EAAS,0BAAA;AAAA,UACT,MAAA,EAAQ;AAAA,SACT,CAAA;AAAA,MACH;AAAA,IACF;AAGA,IAAA,IAAI,OAAO,SAAA,EAAW;AACpB,MAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,SAAA,CAAU,MAAM,GAAG,CAAA;AACnD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,OAAOA,sBAAqB,GAAA,EAAK;AAAA,UAC/B,IAAA,EAAM,cAAA;AAAA,UACN,OAAA,EAAS,cAAA;AAAA,UACT,MAAA,EAAQ;AAAA,SACT,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,OAAO,OAAA,CAAQ,KAAK,GAAG,CAAA;AAAA,EACzB,CAAA;AACF;AAKO,SAAS,QAAA,CACd,SACA,MAAA,EACc;AACd,EAAA,MAAM,OAAA,GAAU,OAAO,OAAA,IAAWA,qBAAAA;AAElC,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,IAAI,IAAA,GAAwB,IAAA;AAC5B,IAAA,IAAI,KAAA;AAGJ,IAAA,IAAI,OAAO,GAAA,EAAK;AACd,MAAA,MAAM,MAAA,GAAS,MAAA,CAAO,GAAA,CAAI,MAAA,IAAU,QAAQ,GAAA,CAAI,UAAA;AAChD,MAAA,MAAM,SAAA,GAAY,EAAE,GAAG,MAAA,CAAO,KAAK,MAAA,EAAO;AAC1C,MAAA,MAAM,QAAA,GAAW,MAAM,mBAAA,CAAoB,GAAA,EAAK,SAAS,CAAA;AAEzD,MAAA,IAAI,QAAA,EAAU;AACZ,QAAA,MAAM,EAAE,OAAA,EAAS,KAAA,KAAU,MAAM,SAAA,CAAU,UAAU,SAAS,CAAA;AAC9D,QAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,UAAA,IAAA,GAAO,UAAU,OAAA,GACb,MAAM,SAAA,CAAU,OAAA,CAAQ,OAAO,CAAA,GAC/B;AAAA,YACE,EAAA,EAAI,QAAQ,GAAA,IAAO,EAAA;AAAA,YACnB,OAAO,OAAA,CAAQ,KAAA;AAAA,YACf,MAAM,OAAA,CAAQ,IAAA;AAAA,YACd,OAAO,OAAA,CAAQ;AAAA,WACjB;AACJ,UAAA,KAAA,GAAQ,QAAA;AAAA,QACV;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,IAAA,IAAQ,MAAA,CAAO,MAAA,EAAQ;AAC1B,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc,WAAA;AAC/C,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc,SAAA;AAE/C,MAAA,IAAI,MAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AACvC,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA;AAC3B,QAAA,MAAA,GAAS,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAU,CAAA;AAAA,MAC1C;AAEA,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,MAAM,UAAU,MAAM,MAAA,CAAO,MAAA,CAAO,QAAA,CAAS,QAAQ,GAAG,CAAA;AACxD,QAAA,IAAI,OAAA,EAAS;AACX,UAAA,IAAA,GAAO,OAAA;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,IAAA,IAAQ,MAAA,CAAO,OAAA,EAAS;AAC3B,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,OAAA,CAAQ,UAAA,IAAc,SAAA;AAChD,MAAA,MAAM,SAAA,GAAY,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,KAAA;AAE/C,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,MAAM,cAAc,MAAM,MAAA,CAAO,OAAA,CAAQ,QAAA,CAAS,WAAW,GAAG,CAAA;AAChE,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,IAAA,GAAO,WAAA;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,QAAQ,GAAA,EAAK;AAAA,QAClB,IAAA,EAAM,cAAA;AAAA,QACN,OAAA,EAAS,yBAAA;AAAA,QACT,MAAA,EAAQ;AAAA,OACT,CAAA;AAAA,IACH;AAGA,IAAA,IAAI,OAAO,IAAA,EAAM;AACf,MAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,YAAA,GAC1B,MAAA,CAAO,IAAA,CAAK,YAAA,CAAa,IAAI,CAAA,GAC7B,IAAA,CAAK,KAAA,IAAS,EAAC;AAEnB,MAAA,IAAI,OAAO,IAAA,CAAK,KAAA,IAAS,OAAO,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA,EAAG;AACrD,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,CAAC,IAAA,KAAS,SAAA,CAAU,QAAA,CAAS,IAAI,CAAC,CAAA;AACzE,QAAA,IAAI,CAAC,OAAA,EAAS;AACZ,UAAA,OAAO,QAAQ,GAAA,EAAK;AAAA,YAClB,IAAA,EAAM,oBAAA;AAAA,YACN,OAAA,EAAS,0BAAA;AAAA,YACT,MAAA,EAAQ;AAAA,WACT,CAAA;AAAA,QACH;AAAA,MACF;AAEA,MAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,IAAA,CAAK,kBAAA,GAChC,MAAA,CAAO,IAAA,CAAK,kBAAA,CAAmB,IAAI,CAAA,GACnC,IAAA,CAAK,WAAA,IAAe,EAAC;AAEzB,MAAA,IAAI,OAAO,IAAA,CAAK,WAAA,IAAe,OAAO,IAAA,CAAK,WAAA,CAAY,SAAS,CAAA,EAAG;AACjE,QAAA,MAAM,iBAAA,GAAoB,MAAA,CAAO,IAAA,CAAK,WAAA,CAAY,KAAA;AAAA,UAAM,CAAC,IAAA,KACvD,eAAA,CAAgB,QAAA,CAAS,IAAI;AAAA,SAC/B;AACA,QAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,UAAA,OAAO,QAAQ,GAAA,EAAK;AAAA,YAClB,IAAA,EAAM,0BAAA;AAAA,YACN,OAAA,EAAS,0BAAA;AAAA,YACT,MAAA,EAAQ;AAAA,WACT,CAAA;AAAA,QACH;AAAA,MACF;AAEA,MAAA,IAAI,MAAA,CAAO,KAAK,SAAA,EAAW;AACzB,QAAA,MAAM,aAAa,MAAM,MAAA,CAAO,IAAA,CAAK,SAAA,CAAU,MAAM,GAAG,CAAA;AACxD,QAAA,IAAI,CAAC,UAAA,EAAY;AACf,UAAA,OAAO,QAAQ,GAAA,EAAK;AAAA,YAClB,IAAA,EAAM,cAAA;AAAA,YACN,OAAA,EAAS,cAAA;AAAA,YACT,MAAA,EAAQ;AAAA,WACT,CAAA;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAO,SAAA,EAAW;AACpB,MAAA,MAAM,MAAA,CAAO,SAAA,CAAU,GAAA,EAAK,IAAI,CAAA;AAAA,IAClC;AAEA,IAAA,OAAO,OAAA,CAAQ,GAAA,EAAK,EAAE,IAAA,EAAM,OAAO,CAAA;AAAA,EACrC,CAAA;AACF;AAKO,SAAS,gBAAA,CACd,SAIA,MAAA,EACc;AACd,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,IAAI,IAAA,GAAwB,IAAA;AAC5B,IAAA,IAAI,KAAA;AAGJ,IAAA,IAAI,OAAO,GAAA,EAAK;AACd,MAAA,MAAM,MAAA,GAAS,MAAA,CAAO,GAAA,CAAI,MAAA,IAAU,QAAQ,GAAA,CAAI,UAAA;AAChD,MAAA,MAAM,SAAA,GAAY,EAAE,GAAG,MAAA,CAAO,KAAK,MAAA,EAAO;AAC1C,MAAA,MAAM,QAAA,GAAW,MAAM,mBAAA,CAAoB,GAAA,EAAK,SAAS,CAAA;AAEzD,MAAA,IAAI,QAAA,EAAU;AACZ,QAAA,MAAM,EAAE,OAAA,EAAS,KAAA,KAAU,MAAM,SAAA,CAAU,UAAU,SAAS,CAAA;AAC9D,QAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,UAAA,IAAA,GAAO,UAAU,OAAA,GACb,MAAM,SAAA,CAAU,OAAA,CAAQ,OAAO,CAAA,GAC/B;AAAA,YACE,EAAA,EAAI,QAAQ,GAAA,IAAO,EAAA;AAAA,YACnB,OAAO,OAAA,CAAQ,KAAA;AAAA,YACf,MAAM,OAAA,CAAQ,IAAA;AAAA,YACd,OAAO,OAAA,CAAQ;AAAA,WACjB;AACJ,UAAA,KAAA,GAAQ,QAAA;AAAA,QACV;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,IAAA,IAAQ,MAAA,CAAO,MAAA,EAAQ;AAC1B,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc,WAAA;AAC/C,MAAA,IAAI,MAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAEvC,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,MAAM,UAAU,MAAM,MAAA,CAAO,MAAA,CAAO,QAAA,CAAS,QAAQ,GAAG,CAAA;AACxD,QAAA,IAAI,SAAS,IAAA,GAAO,OAAA;AAAA,MACtB;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,IAAA,IAAQ,MAAA,CAAO,OAAA,EAAS;AAC3B,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,OAAA,CAAQ,UAAA,IAAc,SAAA;AAChD,MAAA,MAAM,SAAA,GAAY,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,KAAA;AAE/C,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,MAAM,cAAc,MAAM,MAAA,CAAO,OAAA,CAAQ,QAAA,CAAS,WAAW,GAAG,CAAA;AAChE,QAAA,IAAI,aAAa,IAAA,GAAO,WAAA;AAAA,MAC1B;AAAA,IACF;AAEA,IAAA,OAAO,OAAA,CAAQ,GAAA,EAAK,EAAE,IAAA,EAAM,OAAO,CAAA;AAAA,EACrC,CAAA;AACF;;;ACpaO,SAAS,YAAY,MAAA,EAAmC;AAC7D,EAAA,OACE,OAAO,WAAW,QAAA,IAClB,MAAA,KAAW,QACX,WAAA,IAAe,MAAA,IACf,OAAQ,MAAA,CAAkB,SAAA,KAAc,UAAA;AAE5C;AAKO,SAAS,eAAe,MAAA,EAAyC;AACtE,EAAA,IAAI,OAAO,MAAA,KAAW,QAAA,IAAY,MAAA,KAAW,MAAM,OAAO,KAAA;AAC1D,EAAA,IAAI,WAAA,IAAe,QAAQ,OAAO,KAAA;AAElC,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA;AACrC,EAAA,IAAI,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAEjC,EAAA,OAAO,QAAQ,KAAA,CAAM,CAAC,CAAC,CAAA,EAAG,IAAI,CAAA,KAAM;AAClC,IAAA,OAAO,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,QAAQ,MAAA,IAAU,IAAA;AAAA,EAChE,CAAC,CAAA;AACH;AAKA,IAAM,aAAA,GAAgB,sIAAA;AAKtB,IAAM,WAAA,GAAc,2JAAA;AAKpB,IAAM,YAAA,GAAe,wEAAA;AAKrB,IAAM,YAAA,GAAe,+EAAA;AAKd,SAAS,aAAA,CAAc,KAAA,EAAgB,IAAA,EAAiB,SAAA,EAA2C;AAExG,EAAA,IAAI,KAAA,KAAU,MAAA,IAAa,KAAA,KAAU,IAAA,IAAQ,UAAU,EAAA,EAAI;AACzD,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,SAAA;AAAA,QACP,IAAA,EAAM,UAAA;AAAA,QACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,YAAA,CAAA;AAAA,QACrC,QAAA,EAAU;AAAA,OACZ;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,QAAQ,KAAK,IAAA;AAAM,IACjB,KAAK,QAAA;AACH,MAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,cAAA;AAAA,UACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,iBAAA,CAAA;AAAA,UACrC,QAAA,EAAU,QAAA;AAAA,UACV,UAAU,OAAO;AAAA,SACnB;AAAA,MACF;AAEA,MAAA,IAAI,KAAK,SAAA,KAAc,MAAA,IAAa,KAAA,CAAM,MAAA,GAAS,KAAK,SAAA,EAAW;AACjE,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,WAAA;AAAA,UACN,SAAS,IAAA,CAAK,OAAA,IAAW,GAAG,SAAS,CAAA,kBAAA,EAAqB,KAAK,SAAS,CAAA,WAAA,CAAA;AAAA,UACxE,UAAU,KAAA,CAAM;AAAA,SAClB;AAAA,MACF;AACA,MAAA,IAAI,KAAK,SAAA,KAAc,MAAA,IAAa,KAAA,CAAM,MAAA,GAAS,KAAK,SAAA,EAAW;AACjE,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,UAAA;AAAA,UACN,SAAS,IAAA,CAAK,OAAA,IAAW,GAAG,SAAS,CAAA,iBAAA,EAAoB,KAAK,SAAS,CAAA,WAAA,CAAA;AAAA,UACvE,UAAU,KAAA,CAAM;AAAA,SAClB;AAAA,MACF;AAEA,MAAA,IAAI,KAAK,OAAA,IAAW,CAAC,KAAK,OAAA,CAAQ,IAAA,CAAK,KAAK,CAAA,EAAG;AAC7C,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,iBAAA;AAAA,UACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,mBAAA,CAAA;AAAA,UACrC,QAAA,EAAU;AAAA,SACZ;AAAA,MACF;AACA,MAAA;AAAA,IAEF,KAAK,QAAA;AACH,MAAA,MAAM,MAAM,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,OAAO,KAAK,CAAA;AAC5D,MAAA,IAAI,KAAA,CAAM,GAAG,CAAA,EAAG;AACd,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,cAAA;AAAA,UACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,iBAAA,CAAA;AAAA,UACrC,QAAA,EAAU,QAAA;AAAA,UACV,UAAU,OAAO;AAAA,SACnB;AAAA,MACF;AACA,MAAA,IAAI,KAAK,OAAA,IAAW,CAAC,MAAA,CAAO,SAAA,CAAU,GAAG,CAAA,EAAG;AAC1C,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,iBAAA;AAAA,UACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,mBAAA,CAAA;AAAA,UACrC,QAAA,EAAU;AAAA,SACZ;AAAA,MACF;AACA,MAAA,IAAI,IAAA,CAAK,GAAA,KAAQ,MAAA,IAAa,GAAA,GAAM,KAAK,GAAA,EAAK;AAC5C,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,WAAA;AAAA,UACN,SAAS,IAAA,CAAK,OAAA,IAAW,GAAG,SAAS,CAAA,kBAAA,EAAqB,KAAK,GAAG,CAAA,CAAA;AAAA,UAClE,QAAA,EAAU;AAAA,SACZ;AAAA,MACF;AACA,MAAA,IAAI,IAAA,CAAK,GAAA,KAAQ,MAAA,IAAa,GAAA,GAAM,KAAK,GAAA,EAAK;AAC5C,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,WAAA;AAAA,UACN,SAAS,IAAA,CAAK,OAAA,IAAW,GAAG,SAAS,CAAA,iBAAA,EAAoB,KAAK,GAAG,CAAA,CAAA;AAAA,UACjE,QAAA,EAAU;AAAA,SACZ;AAAA,MACF;AACA,MAAA;AAAA,IAEF,KAAK,SAAA;AACH,MAAA,IAAI,OAAO,KAAA,KAAU,SAAA,IAAa,KAAA,KAAU,MAAA,IAAU,UAAU,OAAA,EAAS;AACvE,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,cAAA;AAAA,UACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,kBAAA,CAAA;AAAA,UACrC,QAAA,EAAU,SAAA;AAAA,UACV,UAAU,OAAO;AAAA,SACnB;AAAA,MACF;AACA,MAAA;AAAA,IAEF,KAAK,OAAA;AACH,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,CAAC,aAAA,CAAc,IAAA,CAAK,KAAK,CAAA,EAAG;AAC3D,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,eAAA;AAAA,UACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,8BAAA,CAAA;AAAA,UACrC,QAAA,EAAU;AAAA,SACZ;AAAA,MACF;AACA,MAAA;AAAA,IAEF,KAAK,KAAA;AACH,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,CAAC,WAAA,CAAY,IAAA,CAAK,KAAK,CAAA,EAAG;AACzD,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,aAAA;AAAA,UACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,oBAAA,CAAA;AAAA,UACrC,QAAA,EAAU;AAAA,SACZ;AAAA,MACF;AACA,MAAA;AAAA,IAEF,KAAK,MAAA;AACH,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,CAAC,YAAA,CAAa,IAAA,CAAK,KAAK,CAAA,EAAG;AAC1D,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,cAAA;AAAA,UACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,qBAAA,CAAA;AAAA,UACrC,QAAA,EAAU;AAAA,SACZ;AAAA,MACF;AACA,MAAA;AAAA,IAEF,KAAK,MAAA;AACH,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,CAAC,YAAA,CAAa,IAAA,CAAK,KAAK,CAAA,EAAG;AAC1D,QAAA,MAAM,MAAA,GAAS,IAAI,IAAA,CAAK,KAAe,CAAA;AACvC,QAAA,IAAI,KAAA,CAAM,MAAA,CAAO,OAAA,EAAS,CAAA,EAAG;AAC3B,UAAA,OAAO;AAAA,YACL,KAAA,EAAO,SAAA;AAAA,YACP,IAAA,EAAM,cAAA;AAAA,YACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,qBAAA,CAAA;AAAA,YACrC,QAAA,EAAU;AAAA,WACZ;AAAA,QACF;AAAA,MACF;AACA,MAAA;AAAA,IAEF,KAAK,OAAA;AACH,MAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACzB,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,cAAA;AAAA,UACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,iBAAA,CAAA;AAAA,UACrC,QAAA,EAAU,OAAA;AAAA,UACV,UAAU,OAAO;AAAA,SACnB;AAAA,MACF;AACA,MAAA,IAAI,KAAK,QAAA,KAAa,MAAA,IAAa,KAAA,CAAM,MAAA,GAAS,KAAK,QAAA,EAAU;AAC/D,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,eAAA;AAAA,UACN,SAAS,IAAA,CAAK,OAAA,IAAW,GAAG,SAAS,CAAA,oBAAA,EAAuB,KAAK,QAAQ,CAAA,MAAA,CAAA;AAAA,UACzE,UAAU,KAAA,CAAM;AAAA,SAClB;AAAA,MACF;AACA,MAAA,IAAI,KAAK,QAAA,KAAa,MAAA,IAAa,KAAA,CAAM,MAAA,GAAS,KAAK,QAAA,EAAU;AAC/D,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,gBAAA;AAAA,UACN,SAAS,IAAA,CAAK,OAAA,IAAW,GAAG,SAAS,CAAA,mBAAA,EAAsB,KAAK,QAAQ,CAAA,MAAA,CAAA;AAAA,UACxE,UAAU,KAAA,CAAM;AAAA,SAClB;AAAA,MACF;AAEA,MAAA,IAAI,KAAK,KAAA,EAAO;AACd,QAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,UAAA,MAAM,SAAA,GAAY,aAAA,CAAc,KAAA,CAAM,CAAC,CAAA,EAAG,IAAA,CAAK,KAAA,EAAO,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,CAAC,CAAA,CAAA,CAAG,CAAA;AAC1E,UAAA,IAAI,WAAW,OAAO,SAAA;AAAA,QACxB;AAAA,MACF;AACA,MAAA;AAAA,IAEF,KAAK,QAAA;AACH,MAAA,IAAI,OAAO,UAAU,QAAA,IAAY,KAAA,KAAU,QAAQ,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACvE,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,SAAA;AAAA,UACP,IAAA,EAAM,cAAA;AAAA,UACN,OAAA,EAAS,IAAA,CAAK,OAAA,IAAW,CAAA,EAAG,SAAS,CAAA,kBAAA,CAAA;AAAA,UACrC,QAAA,EAAU,QAAA;AAAA,UACV,UAAU,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,GAAI,UAAU,OAAO;AAAA,SACpD;AAAA,MACF;AACA,MAAA;AAAA;AAIJ,EAAA,IAAI,KAAK,MAAA,EAAQ;AACf,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AAChC,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,SAAA;AAAA,QACP,IAAA,EAAM,mBAAA;AAAA,QACN,OAAA,EAAS,OAAO,MAAA,KAAW,QAAA,GAAW,SAAS,IAAA,CAAK,OAAA,IAAW,GAAG,SAAS,CAAA,kBAAA,CAAA;AAAA,QAC3E,QAAA,EAAU;AAAA,OACZ;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAKO,SAAS,oBAAA,CAAwB,MAAe,MAAA,EAA2C;AAChG,EAAA,IAAI,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,IAAA,EAAM;AAC7C,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,QAAQ,CAAC;AAAA,QACP,KAAA,EAAO,OAAA;AAAA,QACP,IAAA,EAAM,cAAA;AAAA,QACN,OAAA,EAAS,oBAAA;AAAA,QACT,QAAA,EAAU;AAAA,OACX;AAAA,KACH;AAAA,EACF;AAEA,EAAA,MAAM,SAA4B,EAAC;AACnC,EAAA,MAAM,MAAA,GAAS,IAAA;AAEf,EAAA,KAAA,MAAW,CAAC,SAAA,EAAW,IAAI,KAAK,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,EAAG;AACtD,IAAA,MAAM,QAAQ,aAAA,CAAc,MAAA,CAAO,SAAS,CAAA,EAAG,MAAM,SAAS,CAAA;AAC9D,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,IACnB;AAAA,EACF;AAEA,EAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACrB,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAO;AAAA,EAClC;AAEA,EAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,EAAgB;AAC1C;AAKO,SAAS,iBAAA,CAAqB,MAAe,MAAA,EAAwC;AAC1F,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,IAAI,CAAA;AAEpC,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,EAAM,OAAO,IAAA,EAAK;AAAA,EAC5C;AAEA,EAAA,MAAM,MAAA,GAA4B,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,IAAI,CAAA,KAAA,MAAU;AAAA,IAClE,KAAA,EAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,GAAG,CAAA,IAAK,OAAA;AAAA,IAC/B,MAAM,KAAA,CAAM,IAAA;AAAA,IACZ,SAAS,KAAA,CAAM,OAAA;AAAA,IACf,IAAA,EAAM,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,MAAM;AAAA,GAC7B,CAAE,CAAA;AAEF,EAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAO;AAClC;AAwCO,SAAS,UAAA,CACd,GAAA,EACA,EAAA,EACA,IAAA,GAAO,EAAA,EACE;AACT,EAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,IAAA,OAAO,EAAA,CAAG,KAAK,IAAI,CAAA;AAAA,EACrB;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,IAAA,OAAO,GAAA,CAAI,GAAA,CAAI,CAAC,IAAA,EAAM,CAAA,KAAM,UAAA,CAAW,IAAA,EAAM,EAAA,EAAI,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,CAAC,GAAG,CAAC,CAAA;AAAA,EACnE;AAEA,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,GAAA,KAAQ,IAAA,EAAM;AAC3C,IAAA,MAAM,SAAkC,EAAC;AACzC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,GAAG,CAAA,EAAG;AAC9C,MAAA,MAAM,UAAU,IAAA,GAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,GAAK,GAAA;AAC1C,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,UAAA,CAAW,KAAA,EAAO,IAAI,OAAO,CAAA;AAAA,IAC7C;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,GAAA;AACT;AAKO,SAAS,iBAAiB,GAAA,EAAgD;AAC/E,EAAA,MAAM,SAA4C,EAAC;AAEnD,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,YAAA,CAAa,SAAQ,EAAG;AACxD,MAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,QAAA,MAAM,QAAA,GAAW,OAAO,GAAG,CAAA;AAC3B,QAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAC3B,UAAA,QAAA,CAAS,KAAK,KAAK,CAAA;AAAA,QACrB,CAAA,MAAO;AACL,UAAA,MAAA,CAAO,GAAG,CAAA,GAAI,CAAC,QAAA,EAAU,KAAK,CAAA;AAAA,QAChC;AAAA,MACF,CAAA,MAAO;AACL,QAAA,MAAA,CAAO,GAAG,CAAA,GAAI,KAAA;AAAA,MAChB;AAAA,IACF;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,OAAO,MAAA;AACT;;;AC1YO,SAAS,QAAA,CACd,MACA,MAAA,EACqB;AACrB,EAAA,IAAI,WAAA,CAAY,MAAM,CAAA,EAAG;AACvB,IAAA,OAAO,iBAAA,CAAkB,MAAM,MAAM,CAAA;AAAA,EACvC;AAEA,EAAA,IAAI,cAAA,CAAe,MAAM,CAAA,EAAG;AAC1B,IAAA,OAAO,oBAAA,CAAwB,MAAM,MAAM,CAAA;AAAA,EAC7C;AAGA,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,KAAA;AAAA,IACT,QAAQ,CAAC;AAAA,MACP,KAAA,EAAO,SAAA;AAAA,MACP,IAAA,EAAM,gBAAA;AAAA,MACN,OAAA,EAAS;AAAA,KACV;AAAA,GACH;AACF;AAKA,eAAsB,YAAA,CACpB,SACA,MAAA,EAC8B;AAC9B,EAAA,IAAI,IAAA;AAEJ,EAAA,IAAI;AACF,IAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AAE3D,IAAA,IAAI,WAAA,CAAY,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC5C,MAAA,IAAA,GAAO,MAAM,QAAQ,IAAA,EAAK;AAAA,IAC5B,CAAA,MAAA,IAAW,WAAA,CAAY,QAAA,CAAS,mCAAmC,CAAA,EAAG;AACpE,MAAA,MAAM,IAAA,GAAO,MAAM,OAAA,CAAQ,IAAA,EAAK;AAChC,MAAA,IAAA,GAAO,MAAA,CAAO,WAAA,CAAY,IAAI,eAAA,CAAgB,IAAI,CAAC,CAAA;AAAA,IACrD,CAAA,MAAA,IAAW,WAAA,CAAY,QAAA,CAAS,qBAAqB,CAAA,EAAG;AACtD,MAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,QAAA,EAAS;AACxC,MAAA,MAAM,MAA+B,EAAC;AACtC,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AAE/B,QAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,UAAA,GAAA,CAAI,GAAG,CAAA,GAAI,KAAA;AAAA,QACb;AAAA,MACF,CAAC,CAAA;AACD,MAAA,IAAA,GAAO,GAAA;AAAA,IACT,CAAA,MAAO;AAEL,MAAA,IAAI;AACF,QAAA,IAAA,GAAO,MAAM,QAAQ,IAAA,EAAK;AAAA,MAC5B,CAAA,CAAA,MAAQ;AACN,QAAA,IAAA,GAAO,EAAC;AAAA,MACV;AAAA,IACF;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,QAAQ,CAAC;AAAA,QACP,KAAA,EAAO,OAAA;AAAA,QACP,IAAA,EAAM,aAAA;AAAA,QACN,OAAA,EAAS;AAAA,OACV;AAAA,KACH;AAAA,EACF;AAEA,EAAA,OAAO,QAAA,CAAY,MAAM,MAAM,CAAA;AACjC;AAKO,SAAS,aAAA,CACd,SACA,MAAA,EACqB;AACrB,EAAA,MAAM,KAAA,GAAQ,gBAAA,CAAiB,OAAA,CAAQ,GAAG,CAAA;AAC1C,EAAA,OAAO,QAAA,CAAY,OAAO,MAAM,CAAA;AAClC;AAKO,SAAS,cAAA,CACd,QACA,MAAA,EACqB;AACrB,EAAA,OAAO,QAAA,CAAY,QAAQ,MAAM,CAAA;AACnC;AAKA,eAAsB,eAAA,CAKpB,SACA,MAAA,EAUC;AACD,EAAA,MAAM,YAA+B,EAAC;AACtC,EAAA,MAAM,OAA0D,EAAC;AAGjE,EAAA,IAAI,OAAO,IAAA,EAAM;AACf,IAAA,MAAM,UAAA,GAAa,MAAM,YAAA,CAAoB,OAAA,EAAS,OAAO,IAAI,CAAA;AACjE,IAAA,IAAI,CAAC,WAAW,OAAA,EAAS;AACvB,MAAA,SAAA,CAAU,KAAK,GAAA,CAAI,UAAA,CAAW,UAAU,EAAC,EAAG,IAAI,CAAA,CAAA,MAAM;AAAA,QACpD,GAAG,CAAA;AAAA,QACH,OAAO,CAAA,KAAA,EAAQ,CAAA,CAAE,KAAK,CAAA,CAAA,CAAG,OAAA,CAAQ,cAAc,MAAM;AAAA,QACrD,CAAC,CAAA;AAAA,IACL,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,OAAO,UAAA,CAAW,IAAA;AAAA,IACzB;AAAA,EACF,CAAA,MAAO;AACL,IAAA,IAAA,CAAK,OAAO,EAAC;AAAA,EACf;AAGA,EAAA,IAAI,OAAO,KAAA,EAAO;AAChB,IAAA,MAAM,WAAA,GAAc,aAAA,CAAsB,OAAA,EAAS,MAAA,CAAO,KAAK,CAAA;AAC/D,IAAA,IAAI,CAAC,YAAY,OAAA,EAAS;AACxB,MAAA,SAAA,CAAU,KAAK,GAAA,CAAI,WAAA,CAAY,UAAU,EAAC,EAAG,IAAI,CAAA,CAAA,MAAM;AAAA,QACrD,GAAG,CAAA;AAAA,QACH,OAAO,CAAA,MAAA,EAAS,CAAA,CAAE,KAAK,CAAA,CAAA,CAAG,OAAA,CAAQ,eAAe,OAAO;AAAA,QACxD,CAAC,CAAA;AAAA,IACL,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,QAAQ,WAAA,CAAY,IAAA;AAAA,IAC3B;AAAA,EACF,CAAA,MAAO;AACL,IAAA,IAAA,CAAK,QAAQ,EAAC;AAAA,EAChB;AAGA,EAAA,IAAI,MAAA,CAAO,MAAA,IAAU,MAAA,CAAO,WAAA,EAAa;AACvC,IAAA,MAAM,YAAA,GAAe,cAAA,CAAwB,MAAA,CAAO,WAAA,EAAa,OAAO,MAAM,CAAA;AAC9E,IAAA,IAAI,CAAC,aAAa,OAAA,EAAS;AACzB,MAAA,SAAA,CAAU,KAAK,GAAA,CAAI,YAAA,CAAa,UAAU,EAAC,EAAG,IAAI,CAAA,CAAA,MAAM;AAAA,QACtD,GAAG,CAAA;AAAA,QACH,OAAO,CAAA,OAAA,EAAU,CAAA,CAAE,KAAK,CAAA,CAAA,CAAG,OAAA,CAAQ,gBAAgB,QAAQ;AAAA,QAC3D,CAAC,CAAA;AAAA,IACL,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,SAAS,YAAA,CAAa,IAAA;AAAA,IAC7B;AAAA,EACF,CAAA,MAAO;AACL,IAAA,IAAA,CAAK,SAAS,EAAC;AAAA,EACjB;AAEA,EAAA,IAAI,SAAA,CAAU,SAAS,CAAA,EAAG;AACxB,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,SAAA,EAAU;AAAA,EAC7C;AAEA,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,IAAA;AAAA,IACT;AAAA,GACF;AACF;AAKO,SAAS,+BACd,MAAA,EACU;AACV,EAAA,OAAO,IAAI,QAAA;AAAA,IACT,KAAK,SAAA,CAAU;AAAA,MACb,KAAA,EAAO,kBAAA;AAAA,MACP,OAAA,EAAS,2BAAA;AAAA,MACT,OAAA,EAAS,MAAA,CAAO,GAAA,CAAI,CAAA,CAAA,MAAM;AAAA,QACxB,OAAO,CAAA,CAAE,KAAA;AAAA,QACT,MAAM,CAAA,CAAE,IAAA;AAAA,QACR,SAAS,CAAA,CAAE;AAAA,OACb,CAAE;AAAA,KACH,CAAA;AAAA,IACD;AAAA,MACE,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,GACF;AACF;AAKO,SAAS,gBACd,MAAA,EACwC;AACxC,EAAA,OAAO,CAAC,IAAA,KAAkB,QAAA,CAAY,IAAA,EAAM,MAAM,CAAA;AACpD;;;AChNO,IAAM,UAAA,GAAa;AAAA;AAAA,EAExB,UAAA,EAAY,YAAA;AAAA,EACZ,SAAA,EAAW,WAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,eAAA,EAAiB,iBAAA;AAAA;AAAA,EAGjB,IAAA,EAAM,kBAAA;AAAA,EACN,eAAA,EAAiB,mCAAA;AAAA,EACjB,cAAA,EAAgB,qBAAA;AAAA,EAChB,GAAA,EAAK,iBAAA;AAAA,EACL,GAAA,EAAK,iBAAA;AAAA,EACL,GAAA,EAAK,iBAAA;AAAA,EACL,IAAA,EAAM,kBAAA;AAAA,EACN,YAAA,EAAc,0BAAA;AAAA;AAAA,EAGd,SAAA,EAAW,WAAA;AAAA,EACX,UAAA,EAAY,YAAA;AAAA,EACZ,SAAA,EAAW,WAAA;AAAA,EACX,UAAA,EAAY,YAAA;AAAA,EACZ,SAAA,EAAW,eAAA;AAAA;AAAA,EAGX,SAAA,EAAW,YAAA;AAAA,EACX,SAAA,EAAW,WAAA;AAAA,EACX,SAAA,EAAW,WAAA;AAAA;AAAA,EAGX,SAAA,EAAW,WAAA;AAAA,EACX,UAAA,EAAY;AACd;AAKO,SAAS,iBAAiB,MAAA,EAO/B;AACA,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,EAAA;AAAA,MACN,OAAA,EAAS,EAAA;AAAA,MACT,SAAA,EAAW,EAAA;AAAA,MACX,YAAY;AAAC,KACf;AAAA,EACF;AAGA,EAAA,MAAM,KAAA,GAAQ,OAAO,KAAA,CAAM,GAAG,EAAE,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAE,IAAA,EAAM,CAAA;AACjD,EAAA,MAAM,SAAA,GAAY,KAAA,CAAM,CAAC,CAAA,CAAE,WAAA,EAAY;AAGvC,EAAA,MAAM,CAAC,OAAO,EAAA,EAAI,OAAA,GAAU,EAAE,CAAA,GAAI,SAAA,CAAU,MAAM,GAAG,CAAA;AAGrD,EAAA,MAAM,aAAqC,EAAC;AAC5C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,CAAC,GAAA,EAAK,KAAK,CAAA,GAAI,MAAM,CAAC,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAE,MAAM,CAAA;AAC1D,IAAA,IAAI,OAAO,KAAA,EAAO;AAEhB,MAAA,UAAA,CAAW,IAAI,WAAA,EAAa,IAAI,KAAA,CAAM,OAAA,CAAQ,gBAAgB,EAAE,CAAA;AAAA,IAClE;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,OAAA;AAAA,IACA,SAAA;AAAA,IACA,OAAA,EAAS,WAAW,SAAS,CAAA;AAAA,IAC7B,QAAA,EAAU,WAAW,UAAU,CAAA;AAAA,IAC/B;AAAA,GACF;AACF;AAKO,SAAS,oBAAA,CACd,WAAA,EACA,YAAA,EACA,MAAA,GAAS,KAAA,EACA;AACT,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,OAAO,CAAC,MAAA;AAAA,EACV;AAEA,EAAA,MAAM,EAAE,SAAA,EAAU,GAAI,gBAAA,CAAiB,WAAW,CAAA;AAElD,EAAA,OAAO,YAAA,CAAa,KAAK,CAAA,OAAA,KAAW;AAClC,IAAA,MAAM,iBAAA,GAAoB,OAAA,CAAQ,WAAA,EAAY,CAAE,IAAA,EAAK;AAGrD,IAAA,IAAI,cAAc,iBAAA,EAAmB;AACnC,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,IAAI,iBAAA,CAAkB,QAAA,CAAS,IAAI,CAAA,EAAG;AACpC,MAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAC5C,MAAA,OAAO,SAAA,CAAU,UAAA,CAAW,MAAA,GAAS,GAAG,CAAA;AAAA,IAC1C;AAGA,IAAA,IAAI,CAAC,iBAAA,CAAkB,QAAA,CAAS,GAAG,CAAA,EAAG;AACpC,MAAA,MAAM,EAAE,IAAA,EAAK,GAAI,gBAAA,CAAiB,WAAW,CAAA;AAC7C,MAAA,OAAO,IAAA,KAAS,iBAAA;AAAA,IAClB;AAEA,IAAA,OAAO,KAAA;AAAA,EACT,CAAC,CAAA;AACH;AAKO,SAAS,mBAAA,CACd,SACA,MAAA,EACiE;AACjE,EAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA;AACtD,EAAA,MAAM,EAAE,OAAA,EAAS,MAAA,GAAS,KAAA,EAAO,SAAQ,GAAI,MAAA;AAG7C,EAAA,IAAI,MAAA,IAAU,CAAC,WAAA,EAAa;AAC1B,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,WAAA,EAAa,IAAA;AAAA,MACb,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAGA,EAAA,IAAI,eAAe,CAAC,oBAAA,CAAqB,WAAA,EAAa,OAAA,EAAS,MAAM,CAAA,EAAG;AACtE,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,WAAA;AAAA,MACA,MAAA,EAAQ,iBAAiB,WAAW,CAAA,gBAAA;AAAA,KACtC;AAAA,EACF;AAGA,EAAA,IAAI,WAAW,WAAA,EAAa;AAC1B,IAAA,MAAM,MAAA,GAAS,iBAAiB,WAAW,CAAA;AAC3C,IAAA,IAAI,MAAA,CAAO,WAAW,MAAA,CAAO,OAAA,CAAQ,aAAY,KAAM,OAAA,CAAQ,aAAY,EAAG;AAC5E,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,WAAA;AAAA,QACA,MAAA,EAAQ,CAAA,SAAA,EAAY,MAAA,CAAO,OAAO,+BAA+B,OAAO,CAAA,CAAA;AAAA,OAC1E;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,WAAA,EAAY;AACpC;AAKO,SAAS,+BAAA,CACd,aACA,MAAA,EACU;AACV,EAAA,OAAO,IAAI,QAAA;AAAA,IACT,KAAK,SAAA,CAAU;AAAA,MACb,KAAA,EAAO,sBAAA;AAAA,MACP,OAAA,EAAS,MAAA;AAAA,MACT,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IACD;AAAA,MACE,MAAA,EAAQ,GAAA;AAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,GACF;AACF;AAKO,SAAS,cAAc,OAAA,EAA+B;AAC3D,EAAA,OAAO,oBAAA;AAAA,IACL,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA;AAAA,IAClC,CAAC,WAAW,IAAI;AAAA,GAClB;AACF;AAKO,SAAS,cAAc,OAAA,EAA+B;AAC3D,EAAA,OAAO,oBAAA;AAAA,IACL,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA;AAAA,IAClC,CAAC,UAAA,CAAW,eAAA,EAAiB,UAAA,CAAW,cAAc;AAAA,GACxD;AACF;;;ACzMA,IAAM,kBAAA,GAAqB;AAAA;AAAA,EAEzB,SAAA;AAAA,EACA,OAAA;AAAA;AAAA,EAEA,SAAA;AAAA;AAAA,EAEA,MAAA;AAAA,EACA,KAAA;AAAA;AAAA,EAEA,aAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA,aAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA;AAAA,EAEA,mBAAA;AAAA,EACA,mBAAA;AAAA;AAAA,EAEA,cAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EAEA,sBAAA;AAAA,EACA;AAAA;AACF,CAAA;AAKA,IAAM,0BAAA,GAA6B;AAAA,EACjC,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,KAAA;AAAA,EAAO,QAAA;AAAA;AAAA,EACvB,KAAA;AAAA,EAAO,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,MAAA;AAAA;AAAA,EAChC,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,MAAA;AAAA;AAAA,EACjC,WAAA;AAAA,EAAa,WAAA;AAAA;AAAA,EACb,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ;AAAA;AAClB,CAAA;AAKA,SAAS,wBAAwB,IAAA,EAAsB;AACrD,EAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA;AAChC;AAKA,SAAS,oBAAoB,IAAA,EAAsB;AACjD,EAAA,IAAI,MAAA,GAAS,IAAA;AACb,EAAA,IAAI,QAAA,GAAW,EAAA;AAGf,EAAA,OAAO,WAAW,QAAA,EAAU;AAC1B,IAAA,QAAA,GAAW,MAAA;AACX,IAAA,IAAI;AACF,MAAA,MAAA,GAAS,mBAAmB,MAAM,CAAA;AAAA,IACpC,CAAA,CAAA,MAAQ;AACN,MAAA;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAKO,SAAS,iBAAiB,IAAA,EAAuB;AACtD,EAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,IAAA,KAAS,UAAU,OAAO,KAAA;AAG9C,EAAA,MAAM,UAAA,GAAa,uBAAA,CAAwB,mBAAA,CAAoB,IAAI,CAAC,CAAA;AAGpE,EAAA,KAAA,MAAW,WAAW,kBAAA,EAAoB;AACxC,IAAA,OAAA,CAAQ,SAAA,GAAY,CAAA;AACpB,IAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,UAAU,CAAA,EAAG;AAC5B,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAGA,EAAA,IAAI,UAAA,CAAW,QAAA,CAAS,IAAI,CAAA,EAAG;AAC7B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,KAAA;AACT;AAKO,SAAS,YAAA,CACd,IAAA,EACA,MAAA,GAA+B,EAAC,EACV;AACtB,EAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,EAAU;AACrC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,+BAAA,EAAgC;AAAA,EACjE;AAEA,EAAA,MAAM;AAAA,IACJ,aAAA,GAAgB,KAAA;AAAA,IAChB,kBAAkB,EAAC;AAAA,IACnB,iBAAA;AAAA,IACA,iBAAA,GAAoB,0BAAA;AAAA,IACpB,QAAA,GAAW,EAAA;AAAA,IACX,SAAA,GAAY,GAAA;AAAA,IACZ,SAAA,GAAY;AAAA,GACd,GAAI,MAAA;AAGJ,EAAA,IAAI,IAAA,CAAK,SAAS,SAAA,EAAW;AAC3B,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,CAAA,+BAAA,EAAkC,SAAS,CAAA,CAAA,EAAG;AAAA,EAC/E;AAGA,EAAA,IAAI,UAAA,GAAa,oBAAoB,IAAI,CAAA;AACzC,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,UAAA,GAAa,wBAAwB,UAAU,CAAA;AAAA,EACjD;AAGA,EAAA,IAAI,WAAW,QAAA,CAAS,IAAI,KAAK,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA,EAAG;AACrD,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,0BAAA,EAA2B;AAAA,EAC5D;AAGA,EAAA,IAAI,gBAAA,CAAiB,IAAI,CAAA,EAAG;AAC1B,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,mCAAA,EAAoC;AAAA,EACrE;AAGA,EAAA,MAAM,aAAa,UAAA,CAAW,UAAA,CAAW,GAAG,CAAA,IAC1C,YAAA,CAAa,KAAK,UAAU,CAAA;AAAA,EAC5B,UAAA,CAAW,WAAW,MAAM,CAAA;AAE9B,EAAA,IAAI,UAAA,IAAc,CAAC,aAAA,EAAe;AAChC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,gCAAA,EAAiC;AAAA,EAClE;AAGA,EAAA,IAAI,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC9B,IAAA,MAAM,cAAA,GAAiB,eAAA,CAAgB,IAAA,CAAK,CAAA,MAAA,KAAU;AACpD,MAAA,MAAM,gBAAA,GAAmB,wBAAwB,MAAM,CAAA;AACvD,MAAA,OAAO,UAAA,CAAW,WAAW,gBAAgB,CAAA;AAAA,IAC/C,CAAC,CAAA;AAED,IAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,4CAAA,EAA6C;AAAA,IAC9E;AAAA,EACF;AAGA,EAAA,MAAM,QAAA,GAAW,WAAW,KAAA,CAAM,GAAG,EAAE,MAAA,CAAO,CAAA,CAAA,KAAK,CAAA,IAAK,CAAA,KAAM,GAAG,CAAA;AACjE,EAAA,IAAI,QAAA,CAAS,SAAS,QAAA,EAAU;AAC9B,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,CAAA,8BAAA,EAAiC,QAAQ,CAAA,CAAA,EAAG;AAAA,EAC7E;AAGA,EAAA,MAAM,WAAA,GAAc,QAAA,CAAS,QAAA,CAAS,MAAA,GAAS,CAAC,CAAA,IAAK,EAAA;AACrD,EAAA,MAAM,QAAA,GAAW,WAAA,CAAY,WAAA,CAAY,GAAG,CAAA;AAC5C,EAAA,MAAM,SAAA,GAAY,WAAW,CAAA,GAAI,WAAA,CAAY,MAAM,QAAQ,CAAA,CAAE,aAAY,GAAI,EAAA;AAG7E,EAAA,IAAI,SAAA,IAAa,iBAAA,CAAkB,MAAA,GAAS,CAAA,EAAG;AAC7C,IAAA,IAAI,iBAAA,CAAkB,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,aAAa,CAAA,CAAE,QAAA,CAAS,SAAS,CAAA,EAAG;AACnE,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,CAAA,UAAA,EAAa,SAAS,CAAA,eAAA,CAAA,EAAkB;AAAA,IACzE;AAAA,EACF;AAGA,EAAA,IAAI,SAAA,IAAa,iBAAA,IAAqB,iBAAA,CAAkB,MAAA,GAAS,CAAA,EAAG;AAClE,IAAA,IAAI,CAAC,iBAAA,CAAkB,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAE,aAAa,CAAA,CAAE,QAAA,CAAS,SAAS,CAAA,EAAG;AACpE,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,CAAA,UAAA,EAAa,SAAS,CAAA,uBAAA,CAAA,EAA0B;AAAA,IACjF;AAAA,EACF;AAGA,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,OAAA,CAAQ,MAAA,EAAQ,GAAG,CAAA;AAEhD,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,SAAA,EAAU;AAClC;AAKO,SAAS,YAAA,CACd,IAAA,EACA,MAAA,GAA+B,EAAC,EACxB;AACR,EAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,IAAA,KAAS,UAAU,OAAO,EAAA;AAE9C,EAAA,MAAM,EAAE,SAAA,GAAY,IAAA,EAAM,SAAA,GAAY,KAAI,GAAI,MAAA;AAG9C,EAAA,IAAI,MAAA,GAAS,oBAAoB,IAAI,CAAA;AAGrC,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,MAAA,GAAS,wBAAwB,MAAM,CAAA;AAAA,EACzC;AAGA,EAAA,MAAA,GAAS,OAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAGrD,EAAA,MAAA,GAAS,OAAO,OAAA,CAAQ,SAAA,EAAW,EAAE,CAAA,CAAE,OAAA,CAAQ,WAAW,EAAE,CAAA;AAG5D,EAAA,IAAI,CAAC,OAAO,aAAA,EAAe;AACzB,IAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA;AAClC,IAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,YAAA,EAAc,EAAE,CAAA;AACxC,IAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,OAAA,EAAS,EAAE,CAAA;AAAA,EACrC;AAGA,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,MAAA,EAAQ,GAAG,CAAA;AAGnC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA;AAGlC,EAAA,IAAI,MAAA,CAAO,SAAS,SAAA,EAAW;AAC7B,IAAA,MAAA,GAAS,MAAA,CAAO,KAAA,CAAM,CAAA,EAAG,SAAS,CAAA;AAAA,EACpC;AAEA,EAAA,OAAO,MAAA;AACT;AAkDO,SAAS,aAAa,IAAA,EAAsB;AACjD,EAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,IAAA,KAAS,UAAU,OAAO,EAAA;AAE9C,EAAA,MAAM,UAAA,GAAa,wBAAwB,IAAI,CAAA;AAC/C,EAAA,MAAM,QAAA,GAAW,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AACrC,EAAA,MAAM,QAAA,GAAW,QAAA,CAAS,QAAA,CAAS,MAAA,GAAS,CAAC,CAAA,IAAK,EAAA;AAElD,EAAA,MAAM,QAAA,GAAW,QAAA,CAAS,WAAA,CAAY,GAAG,CAAA;AACzC,EAAA,IAAI,QAAA,IAAY,GAAG,OAAO,EAAA;AAE1B,EAAA,OAAO,QAAA,CAAS,KAAA,CAAM,QAAQ,CAAA,CAAE,WAAA,EAAY;AAC9C;AAiBO,SAAS,iBAAiB,QAAA,EAA0B;AACzD,EAAA,IAAI,OAAO,QAAA,KAAa,QAAA,EAAU,OAAO,MAAA;AACzC,EAAA,IAAI,CAAC,UAAU,OAAO,MAAA;AAEtB,EAAA,IAAI,MAAA,GAAS,QAAA;AAGb,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,QAAA,EAAU,EAAE,CAAA;AAGpC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AAGjC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,kBAAA,EAAoB,EAAE,CAAA;AAG9C,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,YAAA,EAAc,EAAE,CAAA;AAGxC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,kBAAA,EAAoB,EAAE,CAAA;AAG9C,EAAA,IAAI,MAAA,CAAO,SAAS,GAAA,EAAK;AACvB,IAAA,MAAM,GAAA,GAAM,aAAa,MAAM,CAAA;AAC/B,IAAA,MAAM,OAAO,MAAA,CAAO,KAAA,CAAM,CAAA,EAAG,GAAA,GAAM,IAAI,MAAM,CAAA;AAC7C,IAAA,MAAA,GAAS,IAAA,GAAO,GAAA;AAAA,EAClB;AAEA,EAAA,OAAO,MAAA,IAAU,MAAA;AACnB;;;AC3UA,IAAM,aAAA,GAA+B;AAAA;AAAA,EAEnC,EAAE,IAAA,EAAM,YAAA,EAAc,SAAA,EAAW,MAAA,EAAQ,WAAW,CAAC,GAAA,EAAM,GAAA,EAAM,GAAI,CAAA,EAAE;AAAA,EACvE,EAAE,IAAA,EAAM,WAAA,EAAa,SAAA,EAAW,QAAQ,SAAA,EAAW,CAAC,GAAA,EAAM,EAAA,EAAM,IAAM,EAAA,EAAM,EAAA,EAAM,EAAA,EAAM,EAAA,EAAM,EAAI,CAAA,EAAE;AAAA,EACpG,EAAE,IAAA,EAAM,WAAA,EAAa,SAAA,EAAW,MAAA,EAAQ,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,EAAA,EAAM,EAAI,CAAA,EAAE;AAAA;AAAA,EAC5E,EAAE,IAAA,EAAM,YAAA,EAAc,SAAA,EAAW,OAAA,EAAS,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,EAAA,EAAM,EAAI,CAAA,EAAG,QAAQ,CAAA,EAAE;AAAA;AAAA,EACzF,EAAE,MAAM,WAAA,EAAa,SAAA,EAAW,QAAQ,SAAA,EAAW,CAAC,EAAA,EAAM,EAAI,CAAA,EAAE;AAAA,EAChE,EAAE,IAAA,EAAM,YAAA,EAAc,SAAA,EAAW,OAAA,EAAS,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,EAAA,EAAM,CAAI,CAAA,EAAE;AAAA;AAAA,EAC9E,EAAE,IAAA,EAAM,YAAA,EAAc,SAAA,EAAW,OAAA,EAAS,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,CAAA,EAAM,EAAI,CAAA,EAAE;AAAA;AAAA,EAC9E,EAAE,IAAA,EAAM,cAAA,EAAgB,SAAA,EAAW,MAAA,EAAQ,SAAA,EAAW,CAAC,CAAA,EAAM,CAAA,EAAM,CAAA,EAAM,CAAI,CAAA,EAAE;AAAA,EAC/E,EAAE,IAAA,EAAM,eAAA,EAAiB,SAAA,EAAW,MAAA,EAAQ,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,GAAA,EAAM,GAAA,EAAM,GAAI,CAAA,EAAE;AAAA;AAAA;AAAA,EAGtF,EAAE,IAAA,EAAM,iBAAA,EAAmB,SAAA,EAAW,MAAA,EAAQ,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,EAAA,EAAM,EAAI,CAAA,EAAE;AAAA;AAAA,EAClF,EAAE,IAAA,EAAM,iBAAA,EAAmB,SAAA,EAAW,MAAA,EAAQ,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,CAAA,EAAM,CAAI,CAAA,EAAE;AAAA;AAAA,EAClF,EAAE,MAAM,kBAAA,EAAoB,SAAA,EAAW,OAAO,SAAA,EAAW,CAAC,EAAA,EAAM,GAAI,CAAA,EAAE;AAAA,EACtE,EAAE,IAAA,EAAM,8BAAA,EAAgC,SAAA,EAAW,MAAA,EAAQ,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,GAAA,EAAM,EAAI,CAAA,EAAE;AAAA,EAC/F,EAAE,IAAA,EAAM,6BAAA,EAA+B,SAAA,EAAW,KAAA,EAAO,SAAA,EAAW,CAAC,EAAA,EAAM,GAAA,EAAM,GAAA,EAAM,GAAA,EAAM,EAAA,EAAM,EAAI,CAAA,EAAE;AAAA;AAAA,EAGzG,EAAE,IAAA,EAAM,mEAAA,EAAqE,SAAA,EAAW,OAAA,EAAS,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,CAAA,EAAM,CAAI,CAAA,EAAE;AAAA,EACrI,EAAE,IAAA,EAAM,yEAAA,EAA2E,SAAA,EAAW,OAAA,EAAS,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,CAAA,EAAM,CAAI,CAAA,EAAE;AAAA,EAC3I,EAAE,IAAA,EAAM,2EAAA,EAA6E,SAAA,EAAW,OAAA,EAAS,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,CAAA,EAAM,CAAI,CAAA,EAAE;AAAA;AAAA,EAG7I,EAAE,IAAA,EAAM,oBAAA,EAAsB,SAAA,EAAW,QAAQ,SAAA,EAAW,CAAC,GAAA,EAAM,GAAA,EAAM,IAAM,GAAA,EAAM,GAAA,EAAM,GAAA,EAAM,EAAA,EAAM,GAAI,CAAA,EAAE;AAAA,EAC7G,EAAE,IAAA,EAAM,0BAAA,EAA4B,SAAA,EAAW,QAAQ,SAAA,EAAW,CAAC,GAAA,EAAM,GAAA,EAAM,IAAM,GAAA,EAAM,GAAA,EAAM,GAAA,EAAM,EAAA,EAAM,GAAI,CAAA,EAAE;AAAA;AAAA,EAGnH,EAAE,MAAM,YAAA,EAAc,SAAA,EAAW,QAAQ,SAAA,EAAW,CAAC,GAAA,EAAM,GAAI,CAAA,EAAE;AAAA;AAAA,EACjE,EAAE,IAAA,EAAM,YAAA,EAAc,SAAA,EAAW,MAAA,EAAQ,WAAW,CAAC,EAAA,EAAM,EAAA,EAAM,EAAI,CAAA,EAAE;AAAA;AAAA,EACvE,EAAE,IAAA,EAAM,WAAA,EAAa,SAAA,EAAW,MAAA,EAAQ,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,EAAA,EAAM,EAAI,CAAA,EAAE;AAAA;AAAA,EAC5E,EAAE,IAAA,EAAM,WAAA,EAAa,SAAA,EAAW,MAAA,EAAQ,SAAA,EAAW,CAAC,EAAA,EAAM,GAAA,EAAM,GAAA,EAAM,EAAI,CAAA,EAAE;AAAA,EAC5E,EAAE,IAAA,EAAM,YAAA,EAAc,SAAA,EAAW,OAAA,EAAS,SAAA,EAAW,CAAC,GAAA,EAAM,EAAA,EAAM,EAAA,EAAM,EAAI,CAAA,EAAE;AAAA;AAAA,EAG9E,EAAE,IAAA,EAAM,WAAA,EAAa,SAAA,EAAW,MAAA,EAAQ,SAAA,EAAW,CAAC,CAAA,EAAM,CAAA,EAAM,CAAI,CAAA,EAAG,MAAA,EAAQ,CAAA,EAAE;AAAA;AAAA,EACjF,EAAE,IAAA,EAAM,YAAA,EAAc,SAAA,EAAW,OAAA,EAAS,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,GAAA,EAAM,GAAI,CAAA,EAAE;AAAA,EAC9E,EAAE,IAAA,EAAM,WAAA,EAAa,SAAA,EAAW,MAAA,EAAQ,SAAA,EAAW,CAAC,EAAA,EAAM,EAAA,EAAM,EAAA,EAAM,EAAI,CAAA,EAAE;AAAA;AAAA,EAC5E,EAAE,IAAA,EAAM,iBAAA,EAAmB,SAAA,EAAW,QAAQ,SAAA,EAAW,CAAC,CAAA,EAAM,CAAA,EAAM,GAAM,EAAA,EAAM,GAAA,EAAM,GAAA,EAAM,GAAA,EAAM,GAAI,CAAA,EAAE;AAAA;AAAA,EAG1G,EAAE,IAAA,EAAM,kBAAA,EAAoB,SAAA,EAAW,OAAA,EAAS,SAAA,EAAW,CAAC,CAAA,EAAM,EAAA,EAAM,GAAA,EAAM,GAAI,CAAA,EAAE;AAAA;AAAA;AAAA,EAGpF,EAAE,IAAA,EAAM,WAAA,EAAa,SAAA,EAAW,OAAA,EAAS,SAAA,EAAW,CAAC,GAAA,EAAM,EAAA,EAAM,EAAA,EAAM,EAAI,CAAA,EAAE;AAAA,EAC7E,EAAE,IAAA,EAAM,YAAA,EAAc,SAAA,EAAW,QAAA,EAAU,SAAA,EAAW,CAAC,GAAA,EAAM,EAAA,EAAM,EAAA,EAAM,EAAI,CAAA;AAC/E,CAAA;AAKO,IAAM,qBAAA,GAAwB,KAAK,IAAA,GAAO,IAAA;AAC1C,IAAM,iBAAA,GAAoB,EAAA;AAK1B,IAAM,oBAAA,GAAuB;AAAA,EAClC,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,KAAA;AAAA,EAAO,QAAA;AAAA,EAAU,MAAA;AAAA,EACjC,KAAA;AAAA,EAAO,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,MAAA;AAAA,EACxC,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,KAAA;AAAA,EACzC,KAAA;AAAA,EAAO,KAAA;AAAA,EAAO,MAAA;AAAA,EAAQ,QAAA;AAAA,EACtB,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,MAAA;AAAA,EAChC,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ;AAC1B;AAKO,SAAS,gBAAA,CAAiB,OAAmB,WAAA,EAAmC;AACrF,EAAA,MAAM,MAAA,GAAS,YAAY,MAAA,IAAU,CAAA;AACrC,EAAA,MAAM,YAAY,WAAA,CAAY,SAAA;AAE9B,EAAA,IAAI,KAAA,CAAM,MAAA,GAAS,MAAA,GAAS,SAAA,CAAU,MAAA,EAAQ;AAC5C,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,SAAA,CAAU,QAAQ,CAAA,EAAA,EAAK;AACzC,IAAA,IAAI,MAAM,MAAA,GAAS,CAAC,CAAA,KAAM,SAAA,CAAU,CAAC,CAAA,EAAG;AACtC,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAKO,SAAS,eAAe,KAAA,EAA+D;AAC5F,EAAA,KAAA,MAAW,SAAS,aAAA,EAAe;AACjC,IAAA,IAAI,gBAAA,CAAiB,KAAA,EAAO,KAAK,CAAA,EAAG;AAClC,MAAA,OAAO,EAAE,IAAA,EAAM,KAAA,CAAM,IAAA,EAAM,SAAA,EAAW,MAAM,SAAA,EAAU;AAAA,IACxD;AAAA,EACF;AACA,EAAA,OAAO,IAAA;AACT;AAKA,eAAsB,YAAA,CACpB,IAAA,EACA,MAAA,GAA+B,EAAC,EAC4C;AAC5E,EAAA,MAAM;AAAA,IACJ,OAAA,GAAU,qBAAA;AAAA,IACV,OAAA,GAAU,CAAA;AAAA,IACV,eAAe,EAAC;AAAA,IAChB,eAAe,EAAC;AAAA,IAChB,oBAAoB,EAAC;AAAA,IACrB,iBAAA,GAAoB,oBAAA;AAAA,IACpB,oBAAA,GAAuB,IAAA;AAAA,IACvB,kBAAkB,UAAA,GAAa;AAAA,GACjC,GAAI,MAAA;AAEJ,EAAA,MAAM,SAAgC,EAAC;AACvC,EAAA,MAAM,SAAA,GAAY,YAAA,CAAa,IAAA,CAAK,IAAI,CAAA;AAExC,EAAA,MAAM,IAAA,GAAiB;AAAA,IACrB,UAAU,UAAA,GAAa,gBAAA,CAAiB,IAAA,CAAK,IAAI,IAAI,IAAA,CAAK,IAAA;AAAA,IAC1D,MAAM,IAAA,CAAK,IAAA;AAAA,IACX,MAAM,IAAA,CAAK,IAAA;AAAA,IACX;AAAA,GACF;AAGA,EAAA,IAAI,IAAA,CAAK,OAAO,OAAA,EAAS;AACvB,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,UAAU,IAAA,CAAK,IAAA;AAAA,MACf,IAAA,EAAM,eAAA;AAAA,MACN,OAAA,EAAS,cAAc,WAAA,CAAY,IAAA,CAAK,IAAI,CAAC,CAAA,2BAAA,EAA8B,WAAA,CAAY,OAAO,CAAC,CAAA,CAAA,CAAA;AAAA,MAC/F,OAAA,EAAS,EAAE,IAAA,EAAM,IAAA,CAAK,MAAM,OAAA;AAAQ,KACrC,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,IAAA,CAAK,OAAO,OAAA,EAAS;AACvB,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,UAAU,IAAA,CAAK,IAAA;AAAA,MACf,IAAA,EAAM,gBAAA;AAAA,MACN,OAAA,EAAS,cAAc,WAAA,CAAY,IAAA,CAAK,IAAI,CAAC,CAAA,6BAAA,EAAgC,WAAA,CAAY,OAAO,CAAC,CAAA,CAAA,CAAA;AAAA,MACjG,OAAA,EAAS,EAAE,IAAA,EAAM,IAAA,CAAK,MAAM,OAAA;AAAQ,KACrC,CAAA;AAAA,EACH;AAGA,EAAA,IAAI,iBAAA,CAAkB,MAAA,GAAS,CAAA,IAAK,SAAA,EAAW;AAC7C,IAAA,IAAI,iBAAA,CAAkB,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAE,WAAA,EAAa,CAAA,CAAE,QAAA,CAAS,SAAA,CAAU,WAAA,EAAa,CAAA,EAAG;AACjF,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,UAAU,IAAA,CAAK,IAAA;AAAA,QACf,IAAA,EAAM,uBAAA;AAAA,QACN,OAAA,EAAS,mBAAmB,SAAS,CAAA,gBAAA,CAAA;AAAA,QACrC,OAAA,EAAS,EAAE,SAAA,EAAW,iBAAA;AAAkB,OACzC,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,IAAI,iBAAA,CAAkB,MAAA,GAAS,CAAA,IAAK,SAAA,EAAW;AAC7C,IAAA,IAAI,CAAC,iBAAA,CAAkB,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAE,WAAA,EAAa,CAAA,CAAE,QAAA,CAAS,SAAA,CAAU,WAAA,EAAa,CAAA,EAAG;AAClF,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,UAAU,IAAA,CAAK,IAAA;AAAA,QACf,IAAA,EAAM,uBAAA;AAAA,QACN,OAAA,EAAS,mBAAmB,SAAS,CAAA,wBAAA,CAAA;AAAA,QACrC,OAAA,EAAS,EAAE,SAAA,EAAW,iBAAA;AAAkB,OACzC,CAAA;AAAA,IACH;AAAA,EACF;AAGA,EAAA,IAAI,YAAA,CAAa,MAAA,GAAS,CAAA,IAAK,IAAA,CAAK,IAAA,EAAM;AACxC,IAAA,IAAI,YAAA,CAAa,QAAA,CAAS,IAAA,CAAK,IAAI,CAAA,EAAG;AACpC,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,UAAU,IAAA,CAAK,IAAA;AAAA,QACf,IAAA,EAAM,kBAAA;AAAA,QACN,OAAA,EAAS,CAAA,WAAA,EAAc,IAAA,CAAK,IAAI,CAAA,gBAAA,CAAA;AAAA,QAChC,OAAA,EAAS,EAAE,IAAA,EAAM,IAAA,CAAK,MAAM,YAAA;AAAa,OAC1C,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,IAAI,YAAA,CAAa,SAAS,CAAA,EAAG;AAC3B,IAAA,IAAI,CAAC,YAAA,CAAa,QAAA,CAAS,IAAA,CAAK,IAAI,CAAA,EAAG;AACrC,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,UAAU,IAAA,CAAK,IAAA;AAAA,QACf,IAAA,EAAM,kBAAA;AAAA,QACN,OAAA,EAAS,CAAA,WAAA,EAAc,IAAA,CAAK,IAAI,CAAA,wBAAA,CAAA;AAAA,QAChC,OAAA,EAAS,EAAE,IAAA,EAAM,IAAA,CAAK,MAAM,YAAA;AAAa,OAC1C,CAAA;AAAA,IACH;AAAA,EACF;AAGA,EAAA,IAAI,oBAAA,IAAwB,MAAA,CAAO,MAAA,KAAW,CAAA,EAAG;AAC/C,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,WAAA,EAAY;AACtC,MAAA,MAAM,QAAQ,IAAI,UAAA,CAAW,OAAO,KAAA,CAAM,CAAA,EAAG,EAAE,CAAC,CAAA;AAChD,MAAA,MAAM,QAAA,GAAW,eAAe,KAAK,CAAA;AAErC,MAAA,IAAI,QAAA,EAAU;AAEZ,QAAA,IAAI,IAAA,CAAK,IAAA,IAAQ,QAAA,CAAS,IAAA,KAAS,KAAK,IAAA,EAAM;AAE5C,UAAA,MAAM,SAAA,GACH,QAAA,CAAS,IAAA,CAAK,UAAA,CAAW,QAAQ,CAAA,IAAK,IAAA,CAAK,IAAA,CAAK,UAAA,CAAW,QAAQ,CAAA,IACnE,QAAA,CAAS,IAAA,CAAK,UAAA,CAAW,QAAQ,CAAA,IAAK,IAAA,CAAK,IAAA,CAAK,UAAA,CAAW,QAAQ,CAAA,IACnE,QAAA,CAAS,IAAA,CAAK,UAAA,CAAW,QAAQ,CAAA,IAAK,IAAA,CAAK,IAAA,CAAK,WAAW,QAAQ,CAAA;AAEtE,UAAA,IAAI,CAAC,SAAA,EAAW;AACd,YAAA,MAAA,CAAO,IAAA,CAAK;AAAA,cACV,UAAU,IAAA,CAAK,IAAA;AAAA,cACf,IAAA,EAAM,iBAAA;AAAA,cACN,SAAS,CAAA,mDAAA,EAAsD,IAAA,CAAK,IAAI,CAAA,YAAA,EAAe,SAAS,IAAI,CAAA,CAAA,CAAA;AAAA,cACpG,SAAS,EAAE,OAAA,EAAS,KAAK,IAAA,EAAM,QAAA,EAAU,SAAS,IAAA;AAAK,aACxD,CAAA;AAAA,UACH;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,OAAO,MAAA,KAAW,CAAA;AAAA,IACzB,IAAA;AAAA,IACA;AAAA,GACF;AACF;AAKA,eAAsB,aAAA,CACpB,KAAA,EACA,MAAA,GAA+B,EAAC,EAC+C;AAC/E,EAAA,MAAM,EAAE,QAAA,GAAW,iBAAA,EAAkB,GAAI,MAAA;AAEzC,EAAA,MAAM,YAAmC,EAAC;AAC1C,EAAA,MAAM,QAAoB,EAAC;AAG3B,EAAA,IAAI,KAAA,CAAM,SAAS,QAAA,EAAU;AAC3B,IAAA,SAAA,CAAU,IAAA,CAAK;AAAA,MACb,QAAA,EAAU,EAAA;AAAA,MACV,IAAA,EAAM,gBAAA;AAAA,MACN,OAAA,EAAS,CAAA,gBAAA,EAAmB,KAAA,CAAM,MAAM,yBAAyB,QAAQ,CAAA,CAAA;AAAA,MACzE,OAAA,EAAS,EAAE,KAAA,EAAO,KAAA,CAAM,QAAQ,QAAA;AAAS,KAC1C,CAAA;AAAA,EACH;AAGA,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAM,MAAA,GAAS,MAAM,YAAA,CAAa,IAAA,EAAM,MAAM,CAAA;AAC9C,IAAA,KAAA,CAAM,IAAA,CAAK,OAAO,IAAI,CAAA;AACtB,IAAA,SAAA,CAAU,IAAA,CAAK,GAAG,MAAA,CAAO,MAAM,CAAA;AAAA,EACjC;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,UAAU,MAAA,KAAW,CAAA;AAAA,IAC5B,KAAA;AAAA,IACA,MAAA,EAAQ;AAAA,GACV;AACF;AAKO,SAAS,yBAAyB,QAAA,EAAyC;AAChF,EAAA,MAAM,KAAA,uBAAY,GAAA,EAAoB;AAEtC,EAAA,QAAA,CAAS,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AAC/B,IAAA,IAAI,iBAAiB,IAAA,EAAM;AACzB,MAAA,MAAM,QAAA,GAAW,KAAA,CAAM,GAAA,CAAI,GAAG,KAAK,EAAC;AACpC,MAAA,QAAA,CAAS,KAAK,KAAK,CAAA;AACnB,MAAA,KAAA,CAAM,GAAA,CAAI,KAAK,QAAQ,CAAA;AAAA,IACzB;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAO,KAAA;AACT;AAKA,eAAsB,wBAAA,CACpB,OAAA,EACA,MAAA,GAA+B,EAAC,EAC4D;AAC5F,EAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AAE3D,EAAA,IAAI,CAAC,WAAA,CAAY,QAAA,CAAS,qBAAqB,CAAA,EAAG;AAChD,IAAA,OAAO,EAAE,OAAO,IAAA,EAAM,KAAA,sBAAW,GAAA,EAAI,EAAG,MAAA,EAAQ,EAAC,EAAE;AAAA,EACrD;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,QAAA,EAAS;AACxC,IAAA,MAAM,OAAA,GAAU,yBAAyB,QAAQ,CAAA;AAEjD,IAAA,MAAM,QAAA,uBAAe,GAAA,EAAwB;AAC7C,IAAA,MAAM,YAAmC,EAAC;AAE1C,IAAA,IAAI,cAAA,GAAiB,CAAA;AAErB,IAAA,KAAA,MAAW,CAAC,KAAA,EAAO,KAAK,CAAA,IAAK,OAAA,CAAQ,SAAQ,EAAG;AAC9C,MAAA,cAAA,IAAkB,KAAA,CAAM,MAAA;AACxB,MAAA,MAAM,MAAA,GAAS,MAAM,aAAA,CAAc,KAAA,EAAO,EAAE,GAAG,MAAA,EAAQ,QAAA,EAAU,QAAA,EAAU,CAAA;AAE3E,MAAA,QAAA,CAAS,GAAA,CAAI,KAAA,EAAO,MAAA,CAAO,KAAK,CAAA;AAChC,MAAA,SAAA,CAAU,IAAA,CAAK,GAAG,MAAA,CAAO,MAAA,CAAO,GAAA,CAAI,CAAA,CAAA,MAAM,EAAE,GAAG,CAAA,EAAG,KAAA,EAAM,CAAE,CAAC,CAAA;AAAA,IAC7D;AAGA,IAAA,MAAM,QAAA,GAAW,OAAO,QAAA,IAAY,iBAAA;AACpC,IAAA,IAAI,iBAAiB,QAAA,EAAU;AAC7B,MAAA,SAAA,CAAU,IAAA,CAAK;AAAA,QACb,QAAA,EAAU,EAAA;AAAA,QACV,IAAA,EAAM,gBAAA;AAAA,QACN,OAAA,EAAS,CAAA,kBAAA,EAAqB,cAAc,CAAA,mBAAA,EAAsB,QAAQ,CAAA,CAAA,CAAA;AAAA,QAC1E,OAAA,EAAS,EAAE,KAAA,EAAO,cAAA,EAAgB,QAAA;AAAS,OAC5C,CAAA;AAAA,IACH;AAEA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,UAAU,MAAA,KAAW,CAAA;AAAA,MAC5B,KAAA,EAAO,QAAA;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,EACF,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,sBAAW,GAAA,EAAI;AAAA,MACf,QAAQ,CAAC;AAAA,QACP,QAAA,EAAU,EAAA;AAAA,QACV,IAAA,EAAM,iBAAA;AAAA,QACN,OAAA,EAAS;AAAA,OACV;AAAA,KACH;AAAA,EACF;AACF;AAKO,SAAS,yBAAyB,MAAA,EAAyC;AAChF,EAAA,OAAO,IAAI,QAAA;AAAA,IACT,KAAK,SAAA,CAAU;AAAA,MACb,KAAA,EAAO,uBAAA;AAAA,MACP,OAAA,EAAS,wBAAA;AAAA,MACT,OAAA,EAAS,MAAA,CAAO,GAAA,CAAI,CAAA,CAAA,MAAM;AAAA,QACxB,UAAU,CAAA,CAAE,QAAA;AAAA,QACZ,OAAO,CAAA,CAAE,KAAA;AAAA,QACT,MAAM,CAAA,CAAE,IAAA;AAAA,QACR,SAAS,CAAA,CAAE;AAAA,OACb,CAAE;AAAA,KACH,CAAA;AAAA,IACD;AAAA,MACE,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,GACF;AACF;AAKA,SAAS,YAAY,KAAA,EAAuB;AAC1C,EAAA,IAAI,KAAA,KAAU,GAAG,OAAO,KAAA;AAExB,EAAA,MAAM,KAAA,GAAQ,CAAC,GAAA,EAAK,IAAA,EAAM,MAAM,IAAI,CAAA;AACpC,EAAA,MAAM,CAAA,GAAI,IAAA;AACV,EAAA,MAAM,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,KAAK,CAAA,GAAI,IAAA,CAAK,GAAA,CAAI,CAAC,CAAC,CAAA;AAElD,EAAA,OAAO,CAAA,EAAG,UAAA,CAAA,CAAY,KAAA,GAAQ,IAAA,CAAK,IAAI,CAAA,EAAG,CAAC,CAAA,EAAG,OAAA,CAAQ,CAAC,CAAC,CAAC,CAAA,CAAA,EAAI,KAAA,CAAM,CAAC,CAAC,CAAA,CAAA;AACvE;;;ACzXA,IAAM,oBAAA,GAAuB;AAAA,EAC3B,GAAA;AAAA,EAAK,MAAA;AAAA,EAAQ,GAAA;AAAA,EAAK,YAAA;AAAA,EAAc,IAAA;AAAA,EAAM,MAAA;AAAA,EAAQ,KAAA;AAAA,EAAO,IAAA;AAAA,EAAM,IAAA;AAAA,EAAM,IAAA;AAAA,EAAM,IAAA;AAAA,EACvE,IAAA;AAAA,EAAM,IAAA;AAAA,EAAM,IAAA;AAAA,EAAM,IAAA;AAAA,EAAM,GAAA;AAAA,EAAK,KAAA;AAAA,EAAO,IAAA;AAAA,EAAM,MAAA;AAAA,EAAQ,IAAA;AAAA,EAAM,GAAA;AAAA,EAAK,KAAA;AAAA,EAAO,GAAA;AAAA,EACpE,GAAA;AAAA,EAAK,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,QAAA;AAAA,EAAU,KAAA;AAAA,EAAO,KAAA;AAAA,EAAO,GAAA;AAAA,EAAK;AACrD,CAAA;AAKA,IAAM,0BAAA,GAAuD;AAAA,EAC3D,CAAA,EAAG,CAAC,MAAA,EAAQ,OAAA,EAAS,UAAU,KAAK,CAAA;AAAA,EACpC,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,OAAA,EAAS,SAAS,QAAQ,CAAA;AAAA,EAC9C,IAAA,EAAM,CAAC,OAAO,CAAA;AAAA,EACd,CAAA,EAAG,CAAC,MAAM,CAAA;AAAA,EACV,UAAA,EAAY,CAAC,MAAM;AACrB,CAAA;AAKA,IAAM,sBAAA,GAAyB,CAAC,OAAA,EAAS,QAAA,EAAU,WAAW,MAAM,CAAA;AAKpE,IAAMC,mBAAAA,GAAqB;AAAA;AAAA,EAEzB,eAAA;AAAA;AAAA,EAEA,kBAAA;AAAA;AAAA,EAEA,gBAAA;AAAA;AAAA,EAEA,wEAAA;AAAA;AAAA,EAEA,mBAAA;AAAA;AAAA,EAEA,oBAAA;AAAA;AAAA,EAEA,gBAAA;AAAA;AAAA,EAEA,WAAA;AAAA;AAAA,EAEA,cAAA;AAAA;AAAA,EAEA,kCAAA;AAAA;AAAA,EAEA,sBAAA;AAAA;AAAA,EAEA,6BAAA;AAAA;AAAA,EAEA,YAAA;AAAA;AAAA,EAEA,8CAAA;AAAA;AAAA,EAEA,6CAAA;AAAA;AAAA,EAEA;AACF,CAAA;AAKA,IAAM,aAAA,GAAwC;AAAA,EAC5C,GAAA,EAAK,OAAA;AAAA,EACL,GAAA,EAAK,MAAA;AAAA,EACL,GAAA,EAAK,MAAA;AAAA,EACL,GAAA,EAAK,QAAA;AAAA,EACL,GAAA,EAAK,QAAA;AAAA,EACL,GAAA,EAAK,QAAA;AAAA,EACL,GAAA,EAAK,QAAA;AAAA,EACL,GAAA,EAAK;AACP,CAAA;AAKO,SAAS,WAAW,GAAA,EAAqB;AAC9C,EAAA,OAAO,IAAI,OAAA,CAAQ,aAAA,EAAe,UAAQ,aAAA,CAAc,IAAI,KAAK,IAAI,CAAA;AACvE;AAKO,SAAS,aAAa,GAAA,EAAqB;AAChD,EAAA,MAAM,SAAA,GAAoC;AAAA,IACxC,OAAA,EAAS,GAAA;AAAA,IACT,MAAA,EAAQ,GAAA;AAAA,IACR,MAAA,EAAQ,GAAA;AAAA,IACR,QAAA,EAAU,GAAA;AAAA,IACV,QAAA,EAAU,GAAA;AAAA,IACV,QAAA,EAAU,GAAA;AAAA,IACV,QAAA,EAAU,GAAA;AAAA,IACV,QAAA,EAAU,GAAA;AAAA,IACV,OAAA,EAAS,GAAA;AAAA,IACT,OAAA,EAAS;AAAA,GACX;AAEA,EAAA,OAAO,GAAA,CAAI,OAAA,CAAQ,oDAAA,EAAsD,CAAA,MAAA,KAAU;AACjF,IAAA,OAAO,SAAA,CAAU,MAAA,CAAO,WAAA,EAAa,CAAA,IAAK,MAAA;AAAA,EAC5C,CAAC,CAAA;AACH;AAKO,SAAS,UAAU,GAAA,EAAqB;AAE7C,EAAA,IAAI,MAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,mCAAA,EAAqC,EAAE,CAAA;AAChE,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,iCAAA,EAAmC,EAAE,CAAA;AAG7D,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,UAAA,EAAY,EAAE,CAAA;AAGtC,EAAA,MAAA,GAAS,aAAa,MAAM,CAAA;AAG5B,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AAEjC,EAAA,OAAO,OAAO,IAAA,EAAK;AACrB;AAKO,SAAS,SAAA,CAAU,GAAA,EAAa,gBAAA,GAA6B,sBAAA,EAAiC;AACnG,EAAA,IAAI,CAAC,KAAK,OAAO,IAAA;AAGjB,EAAA,MAAM,OAAA,GAAU,GAAA,CAAI,IAAA,EAAK,CAAE,WAAA,EAAY;AAGvC,EAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,aAAa,CAAA,EAAG,OAAO,KAAA;AAC9C,EAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,WAAW,CAAA,EAAG,OAAO,KAAA;AAG5C,EAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,aAAa,CAAA,EAAG,OAAO,IAAA;AAG9C,EAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,OAAO,CAAA,EAAG,OAAO,KAAA;AAGxC,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,GAAA,EAAK,qBAAqB,CAAA;AACjD,IAAA,IAAI,OAAO,QAAA,IAAY,CAAC,iBAAiB,QAAA,CAAS,MAAA,CAAO,QAAQ,CAAA,EAAG;AAElE,MAAA,IAAI,CAAC,GAAA,CAAI,QAAA,CAAS,GAAG,GAAG,OAAO,IAAA;AAC/B,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF,CAAA,CAAA,MAAQ;AAEN,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA;AACT;AAKO,SAAS,aACd,GAAA,EACA,WAAA,GAAwB,sBACxB,iBAAA,GAA8C,0BAAA,EAC9C,mBAA6B,sBAAA,EACrB;AAER,EAAA,IAAI,MAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AAGlC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,mCAAA,EAAqC,EAAE,CAAA;AAC/D,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,iCAAA,EAAmC,EAAE,CAAA;AAG7D,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,kBAAA,EAAoB,EAAE,CAAA;AAG9C,EAAA,MAAA,GAAS,OAAO,OAAA,CAAQ,kCAAA,EAAoC,CAAC,KAAA,EAAO,SAAS,UAAA,KAAe;AAC1F,IAAA,MAAM,QAAA,GAAW,QAAQ,WAAA,EAAY;AACrC,IAAA,MAAM,SAAA,GAAY,KAAA,CAAM,UAAA,CAAW,IAAI,CAAA;AAGvC,IAAA,IAAI,CAAC,WAAA,CAAY,QAAA,CAAS,QAAQ,CAAA,EAAG;AACnC,MAAA,OAAO,EAAA;AAAA,IACT;AAEA,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,OAAO,KAAK,QAAQ,CAAA,CAAA,CAAA;AAAA,IACtB;AAGA,IAAA,MAAM,YAAA,GAAe,iBAAA,CAAkB,QAAQ,CAAA,IAAK,EAAC;AACrD,IAAA,MAAM,YAAsB,EAAC;AAG7B,IAAA,MAAM,SAAA,GAAY,6DAAA;AAClB,IAAA,IAAI,SAAA;AAEJ,IAAA,OAAA,CAAQ,SAAA,GAAY,SAAA,CAAU,IAAA,CAAK,UAAU,OAAO,IAAA,EAAM;AACxD,MAAA,MAAM,QAAA,GAAW,SAAA,CAAU,CAAC,CAAA,CAAE,WAAA,EAAY;AAC1C,MAAA,MAAM,SAAA,GAAY,UAAU,CAAC,CAAA,IAAK,UAAU,CAAC,CAAA,IAAK,SAAA,CAAU,CAAC,CAAA,IAAK,EAAA;AAGlE,MAAA,IAAI,CAAC,YAAA,CAAa,QAAA,CAAS,QAAQ,CAAA,EAAG;AAGtC,MAAA,IAAIA,oBAAmB,IAAA,CAAK,CAAA,OAAA,KAAW,QAAQ,IAAA,CAAK,SAAS,CAAC,CAAA,EAAG;AAGjE,MAAA,IAAI,CAAC,QAAQ,KAAA,EAAO,QAAA,EAAU,YAAY,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAA,EAAG;AAC9D,QAAA,IAAI,CAAC,SAAA,CAAU,SAAA,EAAW,gBAAgB,CAAA,EAAG;AAAA,MAC/C;AAGA,MAAA,MAAM,SAAA,GAAY,WAAW,SAAS,CAAA;AACtC,MAAA,SAAA,CAAU,IAAA,CAAK,CAAA,EAAG,QAAQ,CAAA,EAAA,EAAK,SAAS,CAAA,CAAA,CAAG,CAAA;AAAA,IAC7C;AAEA,IAAA,MAAM,OAAA,GAAU,UAAU,MAAA,GAAS,CAAA,GAAI,MAAM,SAAA,CAAU,IAAA,CAAK,GAAG,CAAA,GAAI,EAAA;AACnE,IAAA,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,EAAG,OAAO,CAAA,CAAA,CAAA;AAAA,EAC/B,CAAC,CAAA;AAGD,EAAA,KAAA,MAAW,WAAWA,mBAAAA,EAAoB;AACxC,IAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,OAAA,EAAS,EAAE,CAAA;AAAA,EACrC;AAEA,EAAA,OAAO,MAAA;AACT;AAKO,SAAS,UAAU,GAAA,EAAsB;AAC9C,EAAA,IAAI,CAAC,GAAA,IAAO,OAAO,GAAA,KAAQ,UAAU,OAAO,KAAA;AAG5C,EAAA,MAAM,UAAA,GAAa,GAAA,CAChB,OAAA,CAAQ,oBAAA,EAAsB,CAAC,GAAG,GAAA,KAAQ,MAAA,CAAO,YAAA,CAAa,QAAA,CAAS,GAAA,EAAK,EAAE,CAAC,CAAC,CAAA,CAChF,OAAA,CAAQ,oBAAA,EAAsB,CAAC,CAAA,EAAG,QAAQ,MAAA,CAAO,YAAA,CAAa,QAAA,CAAS,GAAA,EAAK,EAAE,CAAC,CAAC,CAAA,CAChF,OAAA,CAAQ,oBAAA,EAAsB,CAAC,CAAA,EAAG,GAAA,KAAQ,OAAO,YAAA,CAAa,QAAA,CAAS,GAAA,EAAK,EAAE,CAAC,CAAC,EAChF,OAAA,CAAQ,aAAA,EAAe,CAAC,CAAA,EAAG,GAAA,KAAQ,MAAA,CAAO,aAAa,QAAA,CAAS,GAAA,EAAK,EAAE,CAAC,CAAC,CAAA;AAG5E,EAAA,KAAA,MAAW,WAAWA,mBAAAA,EAAoB;AACxC,IAAA,OAAA,CAAQ,SAAA,GAAY,CAAA;AACpB,IAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,UAAU,CAAA,EAAG;AAC5B,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAKO,SAAS,QAAA,CAAS,KAAA,EAAe,MAAA,GAAyB,EAAC,EAAW;AAC3E,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,UAAU,OAAO,EAAA;AAEhD,EAAA,MAAM;AAAA,IACJ,IAAA,GAAO,QAAA;AAAA,IACP,WAAA,GAAc,oBAAA;AAAA,IACd,iBAAA,GAAoB,0BAAA;AAAA,IACpB,gBAAA,GAAmB,sBAAA;AAAA,IACnB,SAAA;AAAA,IACA,SAAA,GAAY;AAAA,GACd,GAAI,MAAA;AAEJ,EAAA,IAAI,MAAA,GAAS,KAAA;AAGb,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AAAA,EACnC;AAGA,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,QAAA;AACH,MAAA,MAAA,GAAS,WAAW,MAAM,CAAA;AAC1B,MAAA;AAAA,IAEF,KAAK,OAAA;AACH,MAAA,MAAA,GAAS,UAAU,MAAM,CAAA;AACzB,MAAA;AAAA,IAEF,KAAK,YAAA;AACH,MAAA,MAAA,GAAS,YAAA,CAAa,MAAA,EAAQ,WAAA,EAAa,iBAAA,EAAmB,gBAAgB,CAAA;AAC9E,MAAA;AAAA;AAIJ,EAAA,IAAI,SAAA,KAAc,MAAA,IAAa,MAAA,CAAO,MAAA,GAAS,SAAA,EAAW;AACxD,IAAA,MAAA,GAAS,MAAA,CAAO,KAAA,CAAM,CAAA,EAAG,SAAS,CAAA;AAAA,EACpC;AAEA,EAAA,OAAO,MAAA;AACT;AAKO,SAAS,cAAA,CAAkB,GAAA,EAAQ,MAAA,GAAyB,EAAC,EAAM;AACxE,EAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,IAAA,OAAO,QAAA,CAAS,KAAK,MAAM,CAAA;AAAA,EAC7B;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,IAAA,OAAO,IAAI,GAAA,CAAI,CAAA,IAAA,KAAQ,cAAA,CAAe,IAAA,EAAM,MAAM,CAAC,CAAA;AAAA,EACrD;AAEA,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,GAAA,KAAQ,IAAA,EAAM;AAC3C,IAAA,MAAM,SAAkC,EAAC;AACzC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,GAAG,CAAA,EAAG;AAC9C,MAAA,MAAA,CAAO,GAAG,CAAA,GAAI,cAAA,CAAe,KAAA,EAAO,MAAM,CAAA;AAAA,IAC5C;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,GAAA;AACT;AAKO,SAAS,cAAA,CACd,GAAA,EACA,MAAA,EACA,MAAA,GAAyB,EAAC,EACvB;AACH,EAAA,MAAM,MAAA,GAAS,EAAE,GAAG,GAAA,EAAI;AAExB,EAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,IAAA,IAAI,SAAS,MAAA,IAAU,OAAO,MAAA,CAAO,KAAK,MAAM,QAAA,EAAU;AACxD,MAAC,OAAmC,KAAK,CAAA,GAAI,SAAS,MAAA,CAAO,KAAK,GAAa,MAAM,CAAA;AAAA,IACvF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;;;AC3UA,IAAM,YAAA,GAA6B;AAAA;AAAA,EAEjC;AAAA,IACE,OAAA,EAAS,kCAAA;AAAA,IACT,IAAA,EAAM,mBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,kCAAA;AAAA,IACT,IAAA,EAAM,mBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,0CAAA;AAAA,IACT,IAAA,EAAM,gBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,qBAAA;AAAA,IACT,IAAA,EAAM,kBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,mBAAA;AAAA,IACT,IAAA,EAAM,oBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,qBAAA;AAAA,IACT,IAAA,EAAM,kBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,0BAAA;AAAA,IACT,IAAA,EAAM,kBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,2BAAA;AAAA,IACT,IAAA,EAAM,qBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,0BAAA;AAAA,IACT,IAAA,EAAM,6BAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,uBAAA;AAAA,IACT,IAAA,EAAM,0BAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,yBAAA;AAAA,IACT,IAAA,EAAM,kBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,kBAAA;AAAA,IACT,IAAA,EAAM,iBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,4BAAA;AAAA,IACT,IAAA,EAAM,qBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,yBAAA;AAAA,IACT,IAAA,EAAM,6BAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,mBAAA;AAAA,IACT,IAAA,EAAM,0BAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,iBAAA;AAAA,IACT,IAAA,EAAM,qBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA;AAAA,EAGA;AAAA,IACE,OAAA,EAAS,SAAA;AAAA,IACT,IAAA,EAAM,uBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,QAAA;AAAA,IACT,IAAA,EAAM,yBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,mBAAA;AAAA,IACT,IAAA,EAAM,eAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,YAAA;AAAA,IACT,IAAA,EAAM,sBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,0BAAA;AAAA,IACT,IAAA,EAAM,yBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,oBAAA;AAAA,IACT,IAAA,EAAM,oBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,oBAAA;AAAA,IACT,IAAA,EAAM,oBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,eAAA;AAAA,IACT,IAAA,EAAM,iBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,wBAAA;AAAA,IACT,IAAA,EAAM,sBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,kBAAA;AAAA,IACT,IAAA,EAAM,mBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,gBAAA;AAAA,IACT,IAAA,EAAM,kBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,aAAA;AAAA,IACT,IAAA,EAAM,eAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA;AAAA,EAGA;AAAA,IACE,OAAA,EAAS,mCAAA;AAAA,IACT,IAAA,EAAM,qBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,mCAAA;AAAA,IACT,IAAA,EAAM,qBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,6BAAA;AAAA,IACT,IAAA,EAAM,kBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,aAAA;AAAA,IACT,IAAA,EAAM,sBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,eAAA;AAAA,IACT,IAAA,EAAM,6BAAA;AAAA,IACN,QAAA,EAAU;AAAA;AAEd,CAAA;AAMA,IAAM,gBAAA,GAAiC;AAAA,EACrC;AAAA,IACE,OAAA,EAAS,sBAAA;AAAA;AAAA,IACT,IAAA,EAAM,0BAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,gBAAA;AAAA;AAAA,IACT,IAAA,EAAM,+BAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,SAAA;AAAA;AAAA,IACT,IAAA,EAAM,qBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,SAAA;AAAA;AAAA,IACT,IAAA,EAAM,mBAAA;AAAA,IACN,QAAA,EAAU;AAAA,GACZ;AAAA,EACA;AAAA,IACE,OAAA,EAAS,WAAA;AAAA;AAAA,IACT,IAAA,EAAM,uBAAA;AAAA,IACN,QAAA,EAAU;AAAA;AAEd,CAAA;AAKA,SAAS,eAAe,KAAA,EAAuB;AAC7C,EAAA,IAAI,MAAA,GAAS,KAAA;AAGb,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,mBAAmB,MAAM,CAAA;AAAA,EACpC,CAAA,CAAA,MAAQ;AAAA,EAER;AAGA,EAAA,MAAA,GAAS,MAAA,CACN,QAAQ,oBAAA,EAAsB,CAAC,GAAG,GAAA,KAAQ,MAAA,CAAO,aAAa,QAAA,CAAS,GAAA,EAAK,EAAE,CAAC,CAAC,EAChF,OAAA,CAAQ,aAAA,EAAe,CAAC,CAAA,EAAG,GAAA,KAAQ,OAAO,YAAA,CAAa,QAAA,CAAS,KAAK,EAAE,CAAC,CAAC,CAAA,CACzE,OAAA,CAAQ,YAAY,GAAG,CAAA,CACvB,QAAQ,UAAA,EAAY,GAAG,EACvB,OAAA,CAAQ,QAAA,EAAU,GAAG,CAAA,CACrB,OAAA,CAAQ,UAAU,GAAG,CAAA,CACrB,OAAA,CAAQ,SAAA,EAAW,GAAG,CAAA;AAGzB,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA;AAAA,IAAQ,oBAAA;AAAA,IAAsB,CAAC,GAAG,GAAA,KAChD,MAAA,CAAO,aAAa,QAAA,CAAS,GAAA,EAAK,EAAE,CAAC;AAAA,GACvC;AAGA,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA;AAAA,IAAQ,oBAAA;AAAA,IAAsB,CAAC,GAAG,GAAA,KAChD,MAAA,CAAO,aAAa,QAAA,CAAS,GAAA,EAAK,EAAE,CAAC;AAAA,GACvC;AAEA,EAAA,OAAO,MAAA;AACT;AAKO,SAAS,kBAAA,CACd,KAAA,EACA,OAAA,GAII,EAAC,EACW;AAChB,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,SAAiB,EAAC;AAEjD,EAAA,MAAM;AAAA,IACJ,iBAAiB,EAAC;AAAA,IAClB,YAAA,GAAe,IAAA;AAAA,IACf,WAAA,GAAc;AAAA,GAChB,GAAI,OAAA;AAEJ,EAAA,MAAM,gBAAgB,EAAE,GAAA,EAAK,GAAG,MAAA,EAAQ,CAAA,EAAG,MAAM,CAAA,EAAE;AACnD,EAAA,MAAM,gBAAA,GAAmB,cAAc,WAAW,CAAA;AAElD,EAAA,MAAM,aAA6B,EAAC;AACpC,EAAA,MAAM,YAAA,uBAAmB,GAAA,EAAY;AAGrC,EAAA,MAAM,eAAA,GAAkB,YAAA,GAAe,cAAA,CAAe,KAAK,CAAA,GAAI,KAAA;AAG/D,EAAA,MAAM,WAAA,GAAc;AAAA,IAClB,GAAG,YAAA;AAAA,IACH,GAAI,YAAA,GAAe,gBAAA,GAAmB,EAAC;AAAA,IACvC,GAAG,cAAA,CAAe,GAAA,CAAI,CAAA,CAAA,MAAM,EAAE,OAAA,EAAS,CAAA,EAAG,IAAA,EAAM,gBAAA,EAAkB,QAAA,EAAU,MAAA,EAAgB,CAAE;AAAA,GAChG;AAEA,EAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,QAAA,MAAc,WAAA,EAAa;AACrD,IAAA,IAAI,aAAA,CAAc,QAAQ,CAAA,GAAI,gBAAA,EAAkB;AAGhD,IAAA,OAAA,CAAQ,SAAA,GAAY,CAAA;AAEpB,IAAA,MAAM,SAAA,GAAY,eAAe,eAAA,GAAkB,KAAA;AACnD,IAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAC3B,MAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA;AAC/B,MAAA,IAAI,CAAC,YAAA,CAAa,GAAA,CAAI,GAAG,CAAA,EAAG;AAC1B,QAAA,YAAA,CAAa,IAAI,GAAG,CAAA;AACpB,QAAA,UAAA,CAAW,IAAA,CAAK;AAAA,UACd,KAAA,EAAO,EAAA;AAAA;AAAA,UACP,KAAA,EAAO,KAAA;AAAA,UACP,OAAA,EAAS,IAAA;AAAA,UACT;AAAA,SACD,CAAA;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,UAAA;AACT;AAKO,SAAS,eAAA,CACd,KAAA,EACA,WAAA,GAAyC,QAAA,EAChC;AACT,EAAA,OAAO,mBAAmB,KAAA,EAAO,EAAE,WAAA,EAAa,EAAE,MAAA,GAAS,CAAA;AAC7D;AAMO,SAAS,iBAAiB,KAAA,EAAuB;AACtD,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,UAAU,OAAO,EAAA;AAEhD,EAAA,IAAI,MAAA,GAAS,KAAA;AAGb,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AAGjC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,IAAA,EAAM,IAAI,CAAA;AAGlC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,IAAA,EAAM,EAAE,CAAA;AAChC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AACjC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,OAAA,EAAS,EAAE,CAAA;AACnC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,OAAA,EAAS,EAAE,CAAA;AAGnC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,eAAA,EAAiB,EAAE,CAAA;AAE3C,EAAA,OAAO,MAAA;AACT;AAKO,SAAS,0BAAA,CACd,GAAA,EACA,OAAA,GAKI,EAAC,EACW;AAChB,EAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,GAAO,IAAA,EAAM,cAAA,EAAgB,aAAY,GAAI,OAAA;AAC7D,EAAA,MAAM,aAA6B,EAAC;AAEpC,EAAA,SAAS,IAAA,CAAK,OAAgB,IAAA,EAAoB;AAChD,IAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAE7B,MAAA,IAAI,MAAA,IAAU,MAAA,CAAO,MAAA,GAAS,CAAA,EAAG;AAC/B,QAAA,MAAM,YAAY,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA,CAAE,KAAI,IAAK,IAAA;AAC3C,QAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,SAAS,CAAA,EAAG;AAAA,MACnC;AAEA,MAAA,MAAM,WAAW,kBAAA,CAAmB,KAAA,EAAO,EAAE,cAAA,EAAgB,aAAa,CAAA;AAC1E,MAAA,KAAA,MAAW,KAAK,QAAA,EAAU;AACxB,QAAA,UAAA,CAAW,KAAK,EAAE,GAAG,CAAA,EAAG,KAAA,EAAO,MAAM,CAAA;AAAA,MACvC;AAAA,IACF,CAAA,MAAA,IAAW,IAAA,IAAQ,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACvC,MAAA,KAAA,CAAM,OAAA,CAAQ,CAAC,IAAA,EAAM,CAAA,KAAM,IAAA,CAAK,IAAA,EAAM,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,CAAC,CAAA,CAAA,CAAG,CAAC,CAAA;AAAA,IACxD,WAAW,IAAA,IAAQ,OAAO,KAAA,KAAU,QAAA,IAAY,UAAU,IAAA,EAAM;AAC9D,MAAA,KAAA,MAAW,CAAC,GAAA,EAAK,GAAG,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC9C,QAAA,IAAA,CAAK,KAAK,IAAA,GAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,GAAG,KAAK,GAAG,CAAA;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAA,CAAK,KAAK,EAAE,CAAA;AACZ,EAAA,OAAO,UAAA;AACT;;;AC1WO,SAAS,cAAA,CAKd,SAIA,MAAA,EAGc;AACd,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA,KAAY,CAAC,CAAA,EAAG,MAAA,KAAW,+BAA+B,MAAM,CAAA,CAAA;AAEvF,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,MAAM,MAAA,GAAS,MAAM,eAAA,CAAwC,GAAA,EAAK;AAAA,MAChE,MAAM,MAAA,CAAO,IAAA;AAAA,MACb,OAAO,MAAA,CAAO,KAAA;AAAA,MACd,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,aAAa,MAAA,CAAO;AAAA,KACrB,CAAA;AAED,IAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,MAAA,OAAO,OAAA,CAAQ,GAAA,EAAK,MAAA,CAAO,MAAA,IAAU,EAAE,CAAA;AAAA,IACzC;AAEA,IAAA,OAAO,QAAQ,GAAA,EAAK,EAAE,SAAA,EAAW,MAAA,CAAO,MAAO,CAAA;AAAA,EACjD,CAAA;AACF;AAMO,SAAS,gBAAA,CACd,OAAA,EAIA,MAAA,GAAuC,EAAC,EAC1B;AACd,EAAA,MAAM;AAAA,IACJ,MAAA;AAAA,IACA,IAAA,GAAO,QAAA;AAAA,IACP,WAAA;AAAA,IACA,IAAA;AAAA,IACA;AAAA,GACF,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,GAAA,KAAwC;AAEpD,IAAA,IAAI,IAAA,IAAQ,MAAM,IAAA,CAAK,GAAG,CAAA,EAAG;AAC3B,MAAA,OAAO,OAAA,CAAQ,KAAK,EAAE,SAAA,EAAW,MAAM,OAAA,EAAS,IAAI,CAAA;AAAA,IACtD;AAEA,IAAA,IAAI,IAAA;AACJ,IAAA,IAAI;AACF,MAAA,IAAA,GAAO,MAAM,IAAI,IAAA,EAAK;AAAA,IACxB,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,OAAA,CAAQ,KAAK,EAAE,SAAA,EAAW,MAAM,OAAA,EAAS,IAAI,CAAA;AAAA,IACtD;AAEA,IAAA,MAAM,UAAgC,EAAC;AAEvC,IAAA,MAAM,SAAA,GAAY,UAAA,CAAW,IAAA,EAAM,CAAC,OAAO,IAAA,KAAS;AAElD,MAAA,IAAI,MAAA,IAAU,MAAA,CAAO,MAAA,GAAS,CAAA,EAAG;AAC/B,QAAA,MAAM,YAAY,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA,CAAE,KAAI,IAAK,IAAA;AAC3C,QAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,SAAS,CAAA,EAAG;AAC/B,UAAA,OAAO,KAAA;AAAA,QACT;AAAA,MACF;AAEA,MAAA,MAAM,UAAU,QAAA,CAAS,KAAA,EAAO,EAAE,IAAA,EAAM,aAAa,CAAA;AAErD,MAAA,IAAI,YAAY,KAAA,EAAO;AACrB,QAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,UACX,KAAA,EAAO,IAAA;AAAA,UACP,QAAA,EAAU,KAAA;AAAA,UACV,SAAA,EAAW;AAAA,SACZ,CAAA;AAAA,MACH;AAEA,MAAA,OAAO,OAAA;AAAA,IACT,GAAG,EAAE,CAAA;AAGL,IAAA,IAAI,WAAA,IAAe,OAAA,CAAQ,MAAA,GAAS,CAAA,EAAG;AACrC,MAAA,WAAA,CAAY,KAAK,OAAO,CAAA;AAAA,IAC1B;AAEA,IAAA,OAAO,OAAA,CAAQ,GAAA,EAAK,EAAE,SAAA,EAAW,SAAS,CAAA;AAAA,EAC5C,CAAA;AACF;AAMO,SAAS,iBAAA,CACd,OAAA,EACA,MAAA,GAKI,EAAC,EACS;AACd,EAAA,MAAM,EAAE,MAAA,EAAQ,WAAA,EAAa,UAAA,GAAa,MAAK,GAAI,MAAA;AAEnD,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,MAAM,aAAiD,EAAC;AAGxD,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA;AAC3B,MAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,GAAA,CAAI,YAAA,CAAa,SAAQ,EAAG;AACrD,QAAA,IAAI,SAAA,CAAU,KAAK,CAAA,EAAG;AACpB,UAAA,UAAA,CAAW,KAAK,EAAE,KAAA,EAAO,SAAS,GAAG,CAAA,CAAA,EAAI,OAAO,CAAA;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,IAAA;AACJ,IAAA,IAAI;AACF,MAAA,IAAA,GAAO,MAAM,IAAI,IAAA,EAAK;AAAA,IACxB,CAAA,CAAA,MAAQ;AAEN,MAAA,IAAA,GAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,IAAA,EAAM;AACR,MAAA,UAAA,CAAW,IAAA,EAAM,CAAC,KAAA,EAAO,IAAA,KAAS;AAEhC,QAAA,IAAI,MAAA,IAAU,MAAA,CAAO,MAAA,GAAS,CAAA,EAAG;AAC/B,UAAA,MAAM,YAAY,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA,CAAE,KAAI,IAAK,IAAA;AAC3C,UAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,SAAS,CAAA,EAAG;AAC/B,YAAA,OAAO,KAAA;AAAA,UACT;AAAA,QACF;AAEA,QAAA,IAAI,SAAA,CAAU,KAAK,CAAA,EAAG;AACpB,UAAA,UAAA,CAAW,IAAA,CAAK,EAAE,KAAA,EAAO,IAAA,EAAM,OAAO,CAAA;AAAA,QACxC;AAEA,QAAA,OAAO,KAAA;AAAA,MACT,GAAG,EAAE,CAAA;AAAA,IACP;AAEA,IAAA,IAAI,UAAA,CAAW,SAAS,CAAA,EAAG;AACzB,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,KAAA,MAAW,EAAE,KAAA,EAAO,KAAA,EAAM,IAAK,UAAA,EAAY;AACzC,UAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,GAAA,EAAK,OAAO,KAAK,CAAA;AAClD,UAAA,IAAI,kBAAkB,QAAA,EAAU;AAC9B,YAAA,OAAO,MAAA;AAAA,UACT;AAAA,QACF;AAAA,MACF;AAGA,MAAA,OAAO,IAAI,QAAA;AAAA,QACT,KAAK,SAAA,CAAU;AAAA,UACb,KAAA,EAAO,cAAA;AAAA,UACP,OAAA,EAAS,wCAAA;AAAA,UACT,MAAA,EAAQ,UAAA,CAAW,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,KAAK;AAAA,SACpC,CAAA;AAAA,QACD;AAAA,UACE,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,OACF;AAAA,IACF;AAEA,IAAA,OAAO,QAAQ,GAAG,CAAA;AAAA,EACpB,CAAA;AACF;AAKO,SAAS,iBAAA,CACd,OAAA,EACA,MAAA,GAA8B,EAAC,EACjB;AACd,EAAA,MAAM;AAAA,IACJ,MAAA;AAAA,IACA,IAAA,GAAO,IAAA;AAAA,IACP,IAAA,GAAO,OAAA;AAAA,IACP,cAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb;AAAA,GACF,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,IAAI,IAAA;AACJ,IAAA,IAAI;AACF,MAAA,IAAA,GAAO,MAAM,IAAI,IAAA,EAAK;AAAA,IACxB,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,QAAQ,GAAG,CAAA;AAAA,IACpB;AAEA,IAAA,MAAM,UAAA,GAAa,2BAA2B,IAAA,EAAM;AAAA,MAClD,MAAA;AAAA,MACA,IAAA;AAAA,MACA,cAAA;AAAA,MACA,WAAA,EAAa,IAAA,KAAS,QAAA,GAAW,KAAA,GAAQ;AAAA,KAC1C,CAAA;AAGD,IAAA,MAAM,QAAA,GAAW,WAAW,MAAA,CAAO,CAAA,CAAA,KAAK,CAAC,SAAA,CAAU,QAAA,CAAS,CAAA,CAAE,KAAK,CAAC,CAAA;AAEpE,IAAA,IAAI,QAAA,CAAS,SAAS,CAAA,EAAG;AACvB,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,GAAA,EAAK,QAAQ,CAAA;AAC9C,QAAA,IAAI,kBAAkB,QAAA,EAAU;AAC9B,UAAA,OAAO,MAAA;AAAA,QACT;AAAA,MACF;AAEA,MAAA,IAAI,SAAS,OAAA,EAAS;AACpB,QAAA,OAAO,IAAI,QAAA;AAAA,UACT,KAAK,SAAA,CAAU;AAAA,YACb,KAAA,EAAO,wBAAA;AAAA,YACP,OAAA,EAAS,oCAAA;AAAA,YACT,UAAA,EAAY,QAAA,CAAS,GAAA,CAAI,CAAA,CAAA,MAAM;AAAA,cAC7B,OAAO,CAAA,CAAE,KAAA;AAAA,cACT,SAAS,CAAA,CAAE,OAAA;AAAA,cACX,UAAU,CAAA,CAAE;AAAA,aACd,CAAE;AAAA,WACH,CAAA;AAAA,UACD;AAAA,YACE,MAAA,EAAQ,GAAA;AAAA,YACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,SACF;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,QAAQ,GAAG,CAAA;AAAA,EACpB,CAAA;AACF;AAKO,SAAS,eAAA,CACd,SACA,MAAA,EACc;AACd,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,SAAA,KAAc,CAAC,CAAA,EAAG,gBACzC,+BAAA,CAAgC,WAAA,EAAa,CAAA,cAAA,EAAiB,WAAW,CAAA,gBAAA,CAAkB,CAAA,CAAA;AAG7F,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,MAAM,MAAA,GAAS,mBAAA,CAAoB,GAAA,EAAK,MAAM,CAAA;AAE9C,IAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,MAAA,OAAO,SAAA,CAAU,GAAA,EAAK,MAAA,CAAO,WAAW,CAAA;AAAA,IAC1C;AAEA,IAAA,OAAO,QAAQ,GAAG,CAAA;AAAA,EACpB,CAAA;AACF;AAKO,SAAS,kBAAA,CACd,OAAA,EAIA,MAAA,GAA+B,EAAC,EAClB;AACd,EAAA,MAAM,YAAY,MAAA,CAAO,SAAA,KAAc,CAAC,CAAA,EAAG,MAAA,KAAW,yBAAyB,MAAM,CAAA,CAAA;AAErF,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,MAAM,MAAA,GAAS,MAAM,wBAAA,CAAyB,GAAA,EAAK,MAAM,CAAA;AAEzD,IAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,MAAA,OAAO,SAAA,CAAU,GAAA,EAAK,MAAA,CAAO,MAAM,CAAA;AAAA,IACrC;AAEA,IAAA,OAAO,QAAQ,GAAA,EAAK,EAAE,KAAA,EAAO,MAAA,CAAO,OAAO,CAAA;AAAA,EAC7C,CAAA;AACF;AAMO,SAAS,oBAAA,CAKd,SAOA,MAAA,EAUc;AACd,EAAA,OAAO,OAAO,GAAA,KAAwC;AACpD,IAAA,MAAM,YAA+B,EAAC;AAGtC,IAAA,IAAI,OAAO,WAAA,EAAa;AACtB,MAAA,MAAM,QAAA,GAAW,mBAAA,CAAoB,GAAA,EAAK,MAAA,CAAO,WAAW,CAAA;AAC5D,MAAA,IAAI,CAAC,SAAS,KAAA,EAAO;AACnB,QAAA,SAAA,CAAU,IAAA,CAAK;AAAA,UACb,KAAA,EAAO,cAAA;AAAA,UACP,IAAA,EAAM,sBAAA;AAAA,UACN,OAAA,EAAS,SAAS,MAAA,IAAU;AAAA,SAC7B,CAAA;AAAA,MACH;AAAA,IACF;AAGA,IAAA,IAAI,KAAA;AACJ,IAAA,IAAI,OAAO,KAAA,EAAO;AAChB,MAAA,MAAM,UAAA,GAAa,MAAM,wBAAA,CAAyB,GAAA,EAAK,OAAO,KAAK,CAAA;AACnE,MAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,QAAA,SAAA,CAAU,IAAA,CAAK,GAAG,UAAA,CAAW,MAAA,CAAO,IAAI,CAAA,CAAA,MAAM;AAAA,UAC5C,KAAA,EAAO,CAAA,CAAE,KAAA,IAAS,CAAA,CAAE,QAAA;AAAA,UACpB,MAAM,CAAA,CAAE,IAAA;AAAA,UACR,SAAS,CAAA,CAAE;AAAA,UACX,CAAC,CAAA;AAAA,MACL,CAAA,MAAO;AACL,QAAA,KAAA,GAAQ,UAAA,CAAW,KAAA;AAAA,MACrB;AAAA,IACF;AAGA,IAAA,IAAI,SAAA,CAAU,SAAS,CAAA,EAAG;AACxB,MAAA,MAAM,UAAU,MAAA,CAAO,OAAA,KAAY,CAAC,CAAA,EAAG,MAAA,KAAW,+BAA+B,MAAM,CAAA,CAAA;AACvF,MAAA,OAAO,OAAA,CAAQ,KAAK,SAAS,CAAA;AAAA,IAC/B;AAGA,IAAA,IAAI,SAAA;AACJ,IAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,MAAA,MAAM,YAAA,GAAe,MAAM,eAAA,CAAwC,GAAA,EAAK;AAAA,QACtE,IAAA,EAAM,OAAO,MAAA,CAAO,IAAA;AAAA,QACpB,KAAA,EAAO,OAAO,MAAA,CAAO,KAAA;AAAA,QACrB,MAAA,EAAQ,OAAO,MAAA,CAAO,MAAA;AAAA,QACtB,aAAa,MAAA,CAAO;AAAA,OACrB,CAAA;AAED,MAAA,IAAI,CAAC,aAAa,OAAA,EAAS;AACzB,QAAA,SAAA,CAAU,IAAA,CAAK,GAAI,YAAA,CAAa,MAAA,IAAU,EAAG,CAAA;AAAA,MAC/C,CAAA,MAAO;AACL,QAAA,SAAA,GAAY,YAAA,CAAa,IAAA;AAAA,MAC3B;AAAA,IACF,CAAA,MAAO;AACL,MAAA,SAAA,GAAY;AAAA,QACV,MAAM,EAAC;AAAA,QACP,OAAO,EAAC;AAAA,QACR,QAAQ;AAAC,OACX;AAAA,IACF;AAGA,IAAA,IAAI,MAAA,CAAO,GAAA,IAAO,SAAA,EAAW,IAAA,EAAM;AACjC,MAAA,MAAM,aAAA,GAAgB,0BAAA,CAA2B,SAAA,CAAU,IAAA,EAAM;AAAA,QAC/D,MAAA,EAAQ,OAAO,GAAA,CAAI,MAAA;AAAA,QACnB,IAAA,EAAM,OAAO,GAAA,CAAI,IAAA;AAAA,QACjB,cAAA,EAAgB,OAAO,GAAA,CAAI;AAAA,OAC5B,CAAA;AAED,MAAA,IAAI,cAAc,MAAA,GAAS,CAAA,IAAK,MAAA,CAAO,GAAA,CAAI,SAAS,QAAA,EAAU;AAC5D,QAAA,SAAA,CAAU,IAAA,CAAK,GAAG,aAAA,CAAc,GAAA,CAAI,CAAA,CAAA,MAAM;AAAA,UACxC,OAAO,CAAA,CAAE,KAAA;AAAA,UACT,IAAA,EAAM,eAAA;AAAA,UACN,OAAA,EAAS,CAAA,kCAAA,EAAqC,CAAA,CAAE,OAAO,CAAA;AAAA,UACvD,CAAC,CAAA;AAAA,MACL;AAAA,IACF;AAGA,IAAA,IAAI,MAAA,CAAO,GAAA,EAAK,OAAA,IAAW,SAAA,EAAW,IAAA,EAAM;AAC1C,MAAA,UAAA,CAAW,SAAA,CAAU,IAAA,EAAM,CAAC,KAAA,EAAO,IAAA,KAAS;AAC1C,QAAA,IAAI,OAAO,GAAA,EAAK,MAAA,IAAU,OAAO,GAAA,CAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACtD,UAAA,MAAM,YAAY,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA,CAAE,KAAI,IAAK,IAAA;AAC3C,UAAA,IAAI,CAAC,MAAA,CAAO,GAAA,CAAI,MAAA,CAAO,QAAA,CAAS,SAAS,CAAA,EAAG;AAC1C,YAAA,OAAO,KAAA;AAAA,UACT;AAAA,QACF;AAEA,QAAA,IAAI,SAAA,CAAU,KAAK,CAAA,EAAG;AACpB,UAAA,SAAA,CAAU,IAAA,CAAK;AAAA,YACb,KAAA,EAAO,IAAA;AAAA,YACP,IAAA,EAAM,cAAA;AAAA,YACN,OAAA,EAAS;AAAA,WACV,CAAA;AAAA,QACH;AAEA,QAAA,OAAO,KAAA;AAAA,MACT,GAAG,EAAE,CAAA;AAAA,IACP;AAGA,IAAA,IAAI,SAAA,CAAU,SAAS,CAAA,EAAG;AACxB,MAAA,MAAM,UAAU,MAAA,CAAO,OAAA,KAAY,CAAC,CAAA,EAAG,MAAA,KAAW,+BAA+B,MAAM,CAAA,CAAA;AACvF,MAAA,OAAO,OAAA,CAAQ,KAAK,SAAS,CAAA;AAAA,IAC/B;AAEA,IAAA,OAAO,OAAA,CAAQ,GAAA,EAAK,EAAE,SAAA,EAAuB,OAAO,CAAA;AAAA,EACtD,CAAA;AACF;;;ACrMO,IAAM,OAAA,GAAU","file":"index.cjs","sourcesContent":["/*\n Custom error classes for next-secure\n /\n\n/\n Base error class for all next-secure errors\n /\nexport class SecureError extends Error {\n /\n HTTP status code\n /\n public readonly statusCode: number\n\n /\n Error code for programmatic handling\n /\n public readonly code: string\n\n /\n Additional error details\n /\n public readonly details?: Record<string, unknown>\n\n constructor(\n message: string,\n options: {\n statusCode?: number\n code?: string\n details?: Record<string, unknown>\n cause?: Error\n } = {}\n ) {\n super(message, { cause: options.cause })\n this.name = 'SecureError'\n this.statusCode = options.statusCode ?? 500\n this.code = options.code ?? 'SECURE_ERROR'\n this.details = options.details\n\n // Maintains proper stack trace for where error was thrown\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor)\n }\n }\n\n /\n Convert error to JSON response\n /\n toJSON(): Record<string, unknown> {\n return {\n error: this.name,\n message: this.message,\n code: this.code,\n ...(this.details && { details: this.details }),\n }\n }\n\n /\n Create a Response object from this error\n /\n toResponse(headers?: HeadersInit): Response {\n return new Response(JSON.stringify(this.toJSON()), {\n status: this.statusCode,\n headers: {\n 'Content-Type': 'application/json',\n ...headers,\n },\n })\n }\n}\n\n/\n Rate limit exceeded error\n /\nexport class RateLimitError extends SecureError {\n /\n Seconds until rate limit resets\n /\n public readonly retryAfter: number\n\n /\n Unix timestamp when limit resets\n /\n public readonly resetAt: number\n\n constructor(\n options: {\n retryAfter: number\n resetAt: number\n message?: string\n details?: Record<string, unknown>\n }\n ) {\n super(options.message ?? 'Too Many Requests', {\n statusCode: 429,\n code: 'RATE_LIMIT_EXCEEDED',\n details: options.details,\n })\n this.name = 'RateLimitError'\n this.retryAfter = options.retryAfter\n this.resetAt = options.resetAt\n }\n\n override toJSON(): Record<string, unknown> {\n return {\n ...super.toJSON(),\n retryAfter: this.retryAfter,\n }\n }\n\n override toResponse(headers?: HeadersInit): Response {\n return new Response(JSON.stringify(this.toJSON()), {\n status: this.statusCode,\n headers: {\n 'Content-Type': 'application/json',\n 'Retry-After': String(this.retryAfter),\n ...headers,\n },\n })\n }\n}\n\n/\n Authentication error\n /\nexport class AuthenticationError extends SecureError {\n constructor(\n message = 'Authentication required',\n options: {\n code?: string\n details?: Record<string, unknown>\n cause?: Error\n } = {}\n ) {\n super(message, {\n statusCode: 401,\n code: options.code ?? 'AUTHENTICATION_REQUIRED',\n details: options.details,\n cause: options.cause,\n })\n this.name = 'AuthenticationError'\n }\n}\n\n/\n Authorization error (authenticated but not permitted)\n /\nexport class AuthorizationError extends SecureError {\n constructor(\n message = 'Access denied',\n options: {\n code?: string\n details?: Record<string, unknown>\n cause?: Error\n } = {}\n ) {\n super(message, {\n statusCode: 403,\n code: options.code ?? 'ACCESS_DENIED',\n details: options.details,\n cause: options.cause,\n })\n this.name = 'AuthorizationError'\n }\n}\n\n/\n Validation error\n /\nexport class ValidationError extends SecureError {\n /\n Field-level validation errors\n /\n public readonly errors: Array<{\n field: string\n message: string\n code?: string\n }>\n\n constructor(\n errors: Array<{ field: string; message: string; code?: string }>,\n message = 'Validation failed'\n ) {\n super(message, {\n statusCode: 400,\n code: 'VALIDATION_ERROR',\n details: { errors },\n })\n this.name = 'ValidationError'\n this.errors = errors\n }\n\n override toJSON(): Record<string, unknown> {\n return {\n ...super.toJSON(),\n errors: this.errors,\n }\n }\n}\n\n/\n CSRF token error\n /\nexport class CsrfError extends SecureError {\n constructor(\n message = 'Invalid or missing CSRF token',\n options: {\n details?: Record<string, unknown>\n } = {}\n ) {\n super(message, {\n statusCode: 403,\n code: 'CSRF_TOKEN_INVALID',\n details: options.details,\n })\n this.name = 'CsrfError'\n }\n}\n\n/\n Configuration error\n /\nexport class ConfigurationError extends SecureError {\n constructor(\n message: string,\n options: {\n details?: Record<string, unknown>\n cause?: Error\n } = {}\n ) {\n super(message, {\n statusCode: 500,\n code: 'CONFIGURATION_ERROR',\n details: options.details,\n cause: options.cause,\n })\n this.name = 'ConfigurationError'\n }\n}\n\n/\n Check if an error is a SecureError\n /\nexport function isSecureError(error: unknown): error is SecureError {\n return error instanceof SecureError\n}\n\n/\n Convert unknown error to SecureError\n /\nexport function toSecureError(error: unknown): SecureError {\n if (error instanceof SecureError) {\n return error\n }\n\n if (error instanceof Error) {\n return new SecureError(error.message, {\n cause: error,\n })\n }\n\n return new SecureError(String(error))\n}\n","/\n Time parsing and manipulation utilities\n /\n\nimport type { Duration } from '../core/types'\n\n/\n Time unit multipliers in milliseconds\n /\nconst TIME_UNITS: Record<string, number> = {\n ms: 1,\n s: 1000,\n m: 60 1000,\n h: 60 * 60 * 1000,\n d: 24 * 60 * 60 * 1000,\n}\n\n/*\n Extended time unit names\n /\nconst TIME_UNIT_ALIASES: Record<string, string> = {\n millisecond: 'ms',\n milliseconds: 'ms',\n second: 's',\n seconds: 's',\n sec: 's',\n secs: 's',\n minute: 'm',\n minutes: 'm',\n min: 'm',\n mins: 'm',\n hour: 'h',\n hours: 'h',\n hr: 'h',\n hrs: 'h',\n day: 'd',\n days: 'd',\n}\n\n/\n Parse a duration string or number to milliseconds\n \n @example\n * ```typescript\n * parseDuration('15m') // 900000 (15 minutes)\n * parseDuration('1h') // 3600000 (1 hour)\n * parseDuration('30s') // 30000 (30 seconds)\n * parseDuration('1d') // 86400000 (1 day)\n * parseDuration(60000) // 60000 (already in ms)\n * parseDuration('2 hours') // 7200000 (2 hours)\n * parseDuration('1h 30m') // 5400000 (1.5 hours)\n * ```\n \n @param duration - Duration string (e.g., '15m', '1h', '30s') or number in milliseconds\n * @returns Duration in milliseconds\n * @throws Error if the duration format is invalid\n /\nexport function parseDuration(duration: Duration \| string): number {\n // If it's already a number, return as-is\n if (typeof duration === 'number') {\n if (duration < 0) {\n throw new Error(`Invalid duration: ${duration}. Duration must be non-negative.`)\n }\n return duration\n }\n\n // Trim and lowercase the string\n const input = duration.trim().toLowerCase()\n\n if (!input) {\n throw new Error('Invalid duration: empty string')\n }\n\n // Try to parse as a simple number (assume milliseconds)\n const numericValue = Number(input)\n if (!isNaN(numericValue)) {\n if (numericValue < 0) {\n throw new Error(`Invalid duration: ${duration}. Duration must be non-negative.`)\n }\n return numericValue\n }\n\n // Handle compound durations like \"1h 30m\" or \"1h30m\"\n let totalMs = 0\n const regex = /(\\d+(?:\\.\\d+)?)\\s([a-z]+)/g\n let match: RegExpExecArray \| null\n let hasMatch = false\n\n while ((match = regex.exec(input)) !== null) {\n hasMatch = true\n const value = parseFloat(match[1])\n let unit = match[2]\n\n // Resolve unit aliases\n if (unit in TIME_UNIT_ALIASES) {\n unit = TIME_UNIT_ALIASES[unit]\n }\n\n // Get multiplier\n const multiplier = TIME_UNITS[unit]\n if (multiplier === undefined) {\n throw new Error(\n `Invalid duration unit: \"${unit}\" in \"${duration}\". ` +\n `Valid units: s, m, h, d (or seconds, minutes, hours, days)`\n )\n }\n\n totalMs += value * multiplier\n }\n\n if (!hasMatch) {\n throw new Error(\n `Invalid duration format: \"${duration}\". ` +\n `Expected format like \"15m\", \"1h\", \"30s\", \"1d\", or \"1h 30m\"`\n )\n }\n\n return Math.floor(totalMs)\n}\n\n/*\n Format milliseconds to a human-readable duration string\n \n @example\n * ```typescript\n * formatDuration(900000) // \"15m\"\n * formatDuration(3600000) // \"1h\"\n * formatDuration(5400000) // \"1h 30m\"\n * formatDuration(86400000) // \"1d\"\n * formatDuration(90061000) // \"1d 1h 1m 1s\"\n * ```\n \n @param ms - Duration in milliseconds\n * @param options - Formatting options\n * @returns Human-readable duration string\n /\nexport function formatDuration(\n ms: number,\n options: {\n /\n Use long unit names (e.g., \"minutes\" instead of \"m\")\n /\n long?: boolean\n /\n Maximum number of units to include\n /\n maxUnits?: number\n /\n Separator between units\n /\n separator?: string\n } = {}\n): string {\n const { long = false, maxUnits = 4, separator = ' ' } = options\n\n if (ms < 0) {\n return `-${formatDuration(-ms, options)}`\n }\n\n if (ms === 0) {\n return long ? '0 seconds' : '0s'\n }\n\n const units: Array<{ value: number; short: string; long: string; longPlural: string }> = [\n { value: 86400000, short: 'd', long: 'day', longPlural: 'days' },\n { value: 3600000, short: 'h', long: 'hour', longPlural: 'hours' },\n { value: 60000, short: 'm', long: 'minute', longPlural: 'minutes' },\n { value: 1000, short: 's', long: 'second', longPlural: 'seconds' },\n { value: 1, short: 'ms', long: 'millisecond', longPlural: 'milliseconds' },\n ]\n\n const parts: string[] = []\n let remaining = ms\n\n for (const unit of units) {\n if (parts.length >= maxUnits) break\n if (remaining >= unit.value) {\n const count = Math.floor(remaining / unit.value)\n remaining = remaining % unit.value\n\n if (long) {\n parts.push(`${count} ${count === 1 ? unit.long : unit.longPlural}`)\n } else {\n parts.push(`${count}${unit.short}`)\n }\n }\n }\n\n return parts.join(separator)\n}\n\n/\n Get the current timestamp in seconds (Unix timestamp)\n /\nexport function nowInSeconds(): number {\n return Math.floor(Date.now() / 1000)\n}\n\n/\n Get the current timestamp in milliseconds\n /\nexport function nowInMs(): number {\n return Date.now()\n}\n\n/\n Calculate reset time for a fixed window\n \n @param windowMs - Window size in milliseconds\n * @returns Unix timestamp (seconds) when the window resets\n /\nexport function getWindowReset(windowMs: number): number {\n const now = Date.now()\n const windowStart = Math.floor(now / windowMs) windowMs\n const windowEnd = windowStart + windowMs\n return Math.floor(windowEnd / 1000)\n}\n\n/*\n Get the start of the current window\n \n @param windowMs - Window size in milliseconds\n * @returns Timestamp (ms) of window start\n /\nexport function getWindowStart(windowMs: number): number {\n return Math.floor(Date.now() / windowMs) windowMs\n}\n\n/*\n Sleep for a specified duration\n \n @param duration - Duration to sleep\n * @returns Promise that resolves after the duration\n /\nexport function sleep(duration: Duration \| string): Promise<void> {\n const ms = parseDuration(duration)\n return new Promise((resolve) => setTimeout(resolve, ms))\n}\n\n/\n Check if a timestamp has expired\n \n @param timestampMs - Timestamp in milliseconds\n * @param ttlMs - Time-to-live in milliseconds\n * @returns true if expired\n /\nexport function isExpired(timestampMs: number, ttlMs: number): boolean {\n return Date.now() > timestampMs + ttlMs\n}\n\n/\n Calculate time until expiration\n \n @param expiresAt - Expiration timestamp in milliseconds\n * @returns Milliseconds until expiration (0 if already expired)\n /\nexport function timeUntilExpiry(expiresAt: number): number {\n return Math.max(0, expiresAt - Date.now())\n}\n\n/\n Convert seconds to milliseconds\n /\nexport function secondsToMs(seconds: number): number {\n return seconds 1000\n}\n\n/*\n Convert milliseconds to seconds\n /\nexport function msToSeconds(ms: number): number {\n return Math.floor(ms / 1000)\n}\n","/\n IP address extraction and validation utilities\n /\n\nimport type { NextRequest } from '../core/types'\n\n/\n Headers to check for client IP (in order of priority)\n /\nconst IP_HEADERS = [\n // Cloudflare\n 'cf-connecting-ip',\n // Vercel\n 'x-real-ip',\n // Standard forwarded header (RFC 7239)\n 'x-forwarded-for',\n // AWS ELB\n 'x-client-ip',\n // Azure\n 'client-ip',\n // Fastly\n 'fastly-client-ip',\n // Akamai\n 'true-client-ip',\n // Google Cloud\n 'x-appengine-user-ip',\n // Fly.io\n 'fly-client-ip',\n] as const\n\n/\n Localhost/private IP patterns\n /\nconst PRIVATE_IP_PATTERNS = [\n /^127\\./, // IPv4 loopback\n /^10\\./, // Private class A\n /^172\\.(1[6-9]\|2[0-9]\|3[01])\\./, // Private class B\n /^192\\.168\\./, // Private class C\n /^::1$/, // IPv6 loopback\n /^fe80:/i, // IPv6 link-local\n /^fc00:/i, // IPv6 unique local\n /^fd[0-9a-f]{2}:/i, // IPv6 unique local\n]\n\n/\n IPv4 validation regex\n /\nconst IPV4_REGEX = /^(?:(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)$/\n\n/\n IPv6 validation regex (simplified)\n /\nconst IPV6_REGEX = /^(?:[a-fA-F0-9]{1,4}:){7}[a-fA-F0-9]{1,4}$\|^::1$\|^::$\|^(?:[a-fA-F0-9]{1,4}:):(?:[a-fA-F0-9]{1,4}:)[a-fA-F0-9]{1,4}$/\n\n/\n Options for IP extraction\n /\nexport interface GetIpOptions {\n /\n Trust proxy headers (default: true)\n * Set to false in direct-to-client setups\n /\n trustProxy?: boolean\n\n /\n Additional headers to check (checked first)\n /\n customHeaders?: string[]\n\n /\n Fallback IP when none found\n /\n fallback?: string\n}\n\n/\n Extract client IP address from request\n \n @example\n * ```typescript\n * // Basic usage\n * const ip = getClientIp(request)\n \n // With options\n * const ip = getClientIp(request, {\n * trustProxy: true,\n * customHeaders: ['my-custom-ip-header'],\n * fallback: '0.0.0.0'\n * })\n * ```\n \n @param request - Next.js request object\n * @param options - Extraction options\n * @returns Client IP address or fallback\n /\nexport function getClientIp(request: NextRequest, options: GetIpOptions = {}): string {\n const { trustProxy = true, customHeaders = [], fallback = '127.0.0.1' } = options\n\n // First, check if Next.js has already extracted the IP\n if (request.ip) {\n return normalizeIp(request.ip)\n }\n\n if (!trustProxy) {\n return fallback\n }\n\n // Check custom headers first\n for (const header of customHeaders) {\n const value = request.headers.get(header)\n if (value) {\n const ip = parseIpFromHeader(value)\n if (ip) return ip\n }\n }\n\n // Check standard headers\n for (const header of IP_HEADERS) {\n const value = request.headers.get(header)\n if (value) {\n const ip = parseIpFromHeader(value)\n if (ip) return ip\n }\n }\n\n return fallback\n}\n\n/\n Parse IP from header value\n * Handles comma-separated lists (x-forwarded-for)\n /\nfunction parseIpFromHeader(headerValue: string): string \| null {\n // x-forwarded-for can have multiple IPs: \"client, proxy1, proxy2\"\n // The first one is the client IP\n const ips = headerValue.split(',').map((ip) => ip.trim())\n\n for (const ip of ips) {\n const normalized = normalizeIp(ip)\n if (isValidIp(normalized)) {\n return normalized\n }\n }\n\n return null\n}\n\n/\n Normalize an IP address\n * - Removes IPv6 brackets\n * - Removes port numbers\n * - Trims whitespace\n /\nexport function normalizeIp(ip: string): string {\n let normalized = ip.trim()\n\n // Remove IPv6 brackets: [::1] -> ::1\n if (normalized.startsWith('[') && normalized.includes(']')) {\n normalized = normalized.slice(1, normalized.indexOf(']'))\n }\n\n // Remove port: 192.168.1.1:8080 -> 192.168.1.1\n // For IPv4 with port\n if (normalized.includes(':') && !normalized.includes('::')) {\n const lastColon = normalized.lastIndexOf(':')\n const potentialPort = normalized.slice(lastColon + 1)\n if (/^\\d+$/.test(potentialPort)) {\n normalized = normalized.slice(0, lastColon)\n }\n }\n\n // Handle IPv4-mapped IPv6: ::ffff:192.168.1.1 -> 192.168.1.1\n if (normalized.toLowerCase().startsWith('::ffff:')) {\n const ipv4Part = normalized.slice(7)\n if (isValidIpv4(ipv4Part)) {\n return ipv4Part\n }\n }\n\n return normalized\n}\n\n/\n Check if an IP address is valid\n /\nexport function isValidIp(ip: string): boolean {\n return isValidIpv4(ip) \|\| isValidIpv6(ip)\n}\n\n/\n Check if an IPv4 address is valid\n /\nexport function isValidIpv4(ip: string): boolean {\n return IPV4_REGEX.test(ip)\n}\n\n/\n Check if an IPv6 address is valid\n /\nexport function isValidIpv6(ip: string): boolean {\n return IPV6_REGEX.test(ip) \|\| ip === '::1' \|\| ip === '::'\n}\n\n/\n Check if an IP is a private/local address\n /\nexport function isPrivateIp(ip: string): boolean {\n return PRIVATE_IP_PATTERNS.some((pattern) => pattern.test(ip))\n}\n\n/\n Check if an IP is localhost\n /\nexport function isLocalhost(ip: string): boolean {\n return ip === '127.0.0.1' \|\| ip === '::1' \|\| ip === 'localhost'\n}\n\n/\n Create a rate limit key from IP\n * Normalizes and optionally hashes the IP\n /\nexport function createIpKey(\n ip: string,\n options: {\n prefix?: string\n hash?: boolean\n } = {}\n): string {\n const { prefix = 'rl', hash = false } = options\n const normalizedIp = normalizeIp(ip)\n\n if (hash) {\n // Simple hash for privacy (not cryptographic)\n const hashCode = simpleHash(normalizedIp)\n return `${prefix}:ip:${hashCode}`\n }\n\n return `${prefix}:ip:${normalizedIp}`\n}\n\n/\n Simple non-cryptographic hash (for key generation)\n /\nfunction simpleHash(str: string): string {\n let hash = 0\n for (let i = 0; i < str.length; i++) {\n const char = str.charCodeAt(i)\n hash = ((hash << 5) - hash) + char\n hash = hash & hash // Convert to 32-bit integer\n }\n return Math.abs(hash).toString(36)\n}\n\n/\n Anonymize an IP address (for logging)\n * IPv4: 192.168.1.100 -> 192.168.1.xxx\n * IPv6: 2001:db8::1 -> 2001:db8::xxx\n /\nexport function anonymizeIp(ip: string): string {\n const normalized = normalizeIp(ip)\n\n if (isValidIpv4(normalized)) {\n const parts = normalized.split('.')\n parts[3] = 'xxx'\n return parts.join('.')\n }\n\n if (isValidIpv6(normalized)) {\n const parts = normalized.split(':')\n if (parts.length > 0) {\n parts[parts.length - 1] = 'xxxx'\n }\n return parts.join(':')\n }\n\n return 'xxx.xxx.xxx.xxx'\n}\n\n/\n Get geolocation info from request (if available)\n * Works with Vercel Edge and Cloudflare\n /\nexport function getGeoInfo(request: NextRequest): {\n country?: string\n city?: string\n region?: string\n latitude?: string\n longitude?: string\n} {\n // Vercel provides geo info on the request\n if (request.geo) {\n return {\n country: request.geo.country,\n city: request.geo.city,\n region: request.geo.region,\n latitude: request.geo.latitude,\n longitude: request.geo.longitude,\n }\n }\n\n // Cloudflare headers\n return {\n country: request.headers.get('cf-ipcountry') ?? undefined,\n city: request.headers.get('cf-ipcity') ?? undefined,\n region: request.headers.get('cf-region') ?? undefined,\n latitude: request.headers.get('cf-iplat') ?? undefined,\n longitude: request.headers.get('cf-iplong') ?? undefined,\n }\n}\n","/\n In-memory rate limit store\n \n Suitable for:\n * - Development\n * - Single-instance deployments\n * - Testing\n \n Not suitable for:\n * - Multi-instance/distributed deployments (use Redis/Upstash)\n * - Serverless (data lost between invocations)\n /\n\nimport type { RateLimitStore, MemoryStoreOptions } from '../types'\nimport { msToSeconds } from '../../../utils/time'\n\n/\n Entry stored in memory\n /\ninterface MemoryEntry {\n count: number\n reset: number // Unix timestamp (seconds)\n createdAt: number // Timestamp (ms)\n}\n\n/\n LRU-style memory store for rate limiting\n \n Features:\n * - Automatic cleanup of expired entries\n * - LRU eviction when max keys exceeded\n * - Zero dependencies\n * - Edge Runtime compatible\n \n @example\n * ```typescript\n * import { MemoryStore } from 'next-secure/rate-limit'\n \n const store = new MemoryStore({\n * cleanupInterval: 60000, // 1 minute\n * maxKeys: 10000\n * })\n * ```\n /\nexport class MemoryStore implements RateLimitStore {\n public readonly name = 'memory'\n\n private store: Map<string, MemoryEntry>\n private cleanupTimer: ReturnType<typeof setInterval> \| null = null\n private readonly maxKeys: number\n private readonly cleanupInterval: number\n\n constructor(options: MemoryStoreOptions = {}) {\n const { cleanupInterval = 60000, maxKeys = 10000 } = options\n\n this.store = new Map()\n this.maxKeys = maxKeys\n this.cleanupInterval = cleanupInterval\n\n // Start cleanup timer (only in long-running environments)\n if (typeof setInterval !== 'undefined' && cleanupInterval > 0) {\n this.startCleanupTimer()\n }\n }\n\n /\n Increment the counter for a key\n \n Note: The key should already include window information if needed.\n * This store is algorithm-agnostic - algorithms handle windowing logic.\n /\n async increment(\n key: string,\n windowMs: number\n ): Promise<{ count: number; reset: number }> {\n const now = Date.now()\n const defaultReset = msToSeconds(now + windowMs)\n\n const existing = this.store.get(key)\n\n if (existing) {\n // Increment existing entry\n existing.count++\n // Move to end (LRU update)\n this.store.delete(key)\n this.store.set(key, existing)\n return { count: existing.count, reset: existing.reset }\n }\n\n // New entry\n const entry: MemoryEntry = {\n count: 1,\n reset: defaultReset,\n createdAt: now,\n }\n\n // Check if we need to evict\n if (this.store.size >= this.maxKeys) {\n this.evictOldest()\n }\n\n this.store.set(key, entry)\n return { count: 1, reset: defaultReset }\n }\n\n /\n Get the current count for a key\n /\n async get(key: string): Promise<{ count: number; reset: number } \| null> {\n const entry = this.store.get(key)\n\n if (!entry) {\n return null\n }\n\n // Check if expired\n const now = Math.floor(Date.now() / 1000)\n if (entry.reset <= now) {\n this.store.delete(key)\n return null\n }\n\n return { count: entry.count, reset: entry.reset }\n }\n\n /\n Reset the counter for a key\n /\n async reset(key: string): Promise<void> {\n this.store.delete(key)\n }\n\n /\n Check if the store is healthy\n /\n async isHealthy(): Promise<boolean> {\n return true\n }\n\n /\n Cleanup expired entries\n /\n async cleanup(): Promise<void> {\n const now = Math.floor(Date.now() / 1000)\n const keysToDelete: string[] = []\n\n for (const [key, entry] of this.store) {\n if (entry.reset <= now) {\n keysToDelete.push(key)\n }\n }\n\n for (const key of keysToDelete) {\n this.store.delete(key)\n }\n }\n\n /\n Close the store (stop cleanup timer)\n /\n async close(): Promise<void> {\n this.stopCleanupTimer()\n this.store.clear()\n }\n\n /\n Get the current size of the store\n /\n get size(): number {\n return this.store.size\n }\n\n /\n Clear all entries\n /\n clear(): void {\n this.store.clear()\n }\n\n /\n Start the cleanup timer\n /\n private startCleanupTimer(): void {\n if (this.cleanupTimer) return\n\n this.cleanupTimer = setInterval(() => {\n void this.cleanup()\n }, this.cleanupInterval)\n\n // Unref to not keep the process alive\n if (typeof this.cleanupTimer === 'object' && 'unref' in this.cleanupTimer) {\n (this.cleanupTimer as NodeJS.Timeout).unref()\n }\n }\n\n /\n Stop the cleanup timer\n /\n private stopCleanupTimer(): void {\n if (this.cleanupTimer) {\n clearInterval(this.cleanupTimer)\n this.cleanupTimer = null\n }\n }\n\n /\n Evict oldest entries when max keys exceeded\n /\n private evictOldest(): void {\n // Map maintains insertion order, so first key is oldest\n const keysToDelete = Math.ceil(this.maxKeys 0.1) // Delete 10%\n\n let deleted = 0\n for (const key of this.store.keys()) {\n if (deleted >= keysToDelete) break\n this.store.delete(key)\n deleted++\n }\n }\n}\n\n/*\n Create a memory store with default options\n /\nexport function createMemoryStore(options?: MemoryStoreOptions): MemoryStore {\n return new MemoryStore(options)\n}\n\n/\n Global memory store instance (singleton)\n * Useful for serverless environments where you want to reuse across requests\n /\nlet globalStore: MemoryStore \| null = null\n\n/\n Get or create the global memory store\n /\nexport function getGlobalMemoryStore(options?: MemoryStoreOptions): MemoryStore {\n if (!globalStore) {\n globalStore = new MemoryStore(options)\n }\n return globalStore\n}\n\n/\n Reset the global memory store (useful for testing)\n /\nexport function resetGlobalMemoryStore(): void {\n if (globalStore) {\n void globalStore.close()\n globalStore = null\n }\n}\n","/\n Sliding Window Rate Limiting Algorithm\n \n This algorithm provides a smoother rate limiting experience compared to fixed windows.\n * It uses a weighted calculation based on the previous and current window counts.\n \n How it works:\n * 1. Divide time into fixed windows (e.g., 1 minute each)\n * 2. Track request counts for current and previous windows\n * 3. Calculate weighted count based on position within current window\n \n Example (100 req/min limit):\n * - Previous window: 80 requests\n * - Current window: 30 requests\n * - 30 seconds into current window (50% through)\n * - Weighted count = 30 + (80 * 0.5) = 70\n * - Since 70 < 100, request is allowed\n \n Pros:\n * - Smoother than fixed window\n * - Prevents burst attacks at window boundaries\n * - Memory efficient (only stores 2 counters per key)\n \n Cons:\n * - Slightly more complex than fixed window\n * - Not perfectly accurate (approximation)\n /\n\nimport type { RateLimitStore, RateLimitAlgorithmImpl } from '../types'\nimport type { RateLimitInfo } from '../../../core/types'\nimport { msToSeconds } from '../../../utils/time'\n\n/\n Sliding window counter algorithm implementation\n /\nexport class SlidingWindowAlgorithm implements RateLimitAlgorithmImpl {\n public readonly name = 'sliding-window' as const\n\n /\n Check if the request should be rate limited\n /\n async check(\n store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n\n // Calculate window boundaries\n const windowStart = Math.floor(now / windowMs) windowMs\n const windowEnd = windowStart + windowMs\n const previousWindowStart = windowStart - windowMs\n\n // Position within current window (0 to 1)\n const windowPosition = (now - windowStart) / windowMs\n\n // Keys for current and previous windows\n const currentKey = `${key}:${windowStart}`\n const previousKey = `${key}:${previousWindowStart}`\n\n // Get counts from both windows\n const [currentData, previousData] = await Promise.all([\n store.get(currentKey),\n store.get(previousKey),\n ])\n\n const currentCount = currentData?.count ?? 0\n const previousCount = previousData?.count ?? 0\n\n // Calculate weighted count using sliding window formula\n // Weight of previous window decreases as we move through current window\n const previousWeight = 1 - windowPosition\n const weightedCount = currentCount + Math.floor(previousCount * previousWeight)\n\n // Calculate reset time (end of current window)\n const reset = msToSeconds(windowEnd)\n\n // Check if limit exceeded\n if (weightedCount >= limit) {\n // Calculate retry time based on when enough requests will \"expire\"\n const retryAfter = this.calculateRetryAfter(\n currentCount,\n previousCount,\n limit,\n windowMs,\n windowPosition\n )\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter,\n }\n }\n\n // Increment current window counter\n await store.increment(currentKey, windowMs)\n\n // Calculate remaining\n const remaining = Math.max(0, limit - weightedCount - 1)\n\n return {\n limit,\n remaining,\n reset,\n limited: false,\n }\n }\n\n /*\n Calculate how long until the client can make another request\n /\n private calculateRetryAfter(\n currentCount: number,\n previousCount: number,\n limit: number,\n windowMs: number,\n windowPosition: number\n ): number {\n // If previous window is empty, wait until current window resets\n if (previousCount === 0) {\n return Math.ceil((1 - windowPosition) windowMs / 1000)\n }\n\n // Calculate when the weighted count will drop below limit\n // We need: currentCount + previousCount * (1 - newPosition) < limit\n // Solving for newPosition: newPosition > 1 - (limit - currentCount) / previousCount\n\n const requiredPosition = 1 - (limit - currentCount) / previousCount\n\n if (requiredPosition <= windowPosition) {\n // Should already be under limit, but we got here so add small delay\n return 1\n }\n\n if (requiredPosition >= 1) {\n // Need to wait until next window\n const remainingInCurrentWindow = (1 - windowPosition) * windowMs\n return Math.ceil(remainingInCurrentWindow / 1000)\n }\n\n // Calculate time until we reach required position\n const timeToWait = (requiredPosition - windowPosition) * windowMs\n return Math.ceil(timeToWait / 1000)\n }\n}\n\n/*\n Create a sliding window algorithm instance\n /\nexport function createSlidingWindowAlgorithm(): SlidingWindowAlgorithm {\n return new SlidingWindowAlgorithm()\n}\n\n/\n Sliding Window Log Algorithm (more accurate but uses more memory)\n \n This stores individual request timestamps instead of just counters.\n * More accurate but not recommended for high-traffic scenarios.\n /\nexport class SlidingWindowLogAlgorithm implements RateLimitAlgorithmImpl {\n public readonly name = 'sliding-window' as const\n\n /\n In-memory log of request timestamps per key\n * For production, this should be stored externally (Redis sorted sets, etc.)\n /\n private logs: Map<string, number[]> = new Map()\n\n /\n Maximum log size before cleanup\n /\n private readonly maxLogSize = 10000\n\n async check(\n _store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n const windowStart = now - windowMs\n\n // Get or create log for this key\n let log = this.logs.get(key) ?? []\n\n // Remove expired entries\n log = log.filter((timestamp) => timestamp > windowStart)\n\n // Calculate reset (when oldest entry expires)\n const oldestTimestamp = log[0] ?? now\n const reset = msToSeconds(oldestTimestamp + windowMs)\n\n // Check if limit exceeded\n if (log.length >= limit) {\n const retryAfter = Math.ceil((oldestTimestamp + windowMs - now) / 1000)\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Add current request\n log.push(now)\n this.logs.set(key, log)\n\n // Cleanup if too many keys\n if (this.logs.size > this.maxLogSize) {\n this.cleanup()\n }\n\n return {\n limit,\n remaining: Math.max(0, limit - log.length),\n reset,\n limited: false,\n }\n }\n\n /\n Remove oldest entries when log size exceeded\n /\n private cleanup(): void {\n const keysToDelete: string[] = []\n const now = Date.now()\n\n for (const [key, log] of this.logs) {\n // Delete empty or very old logs\n if (log.length === 0 \|\| log[log.length - 1]! < now - 3600000) {\n keysToDelete.push(key)\n }\n }\n\n for (const key of keysToDelete) {\n this.logs.delete(key)\n }\n }\n\n /\n Clear all logs\n /\n clear(): void {\n this.logs.clear()\n }\n}\n","/\n Fixed Window Rate Limiting Algorithm\n \n The simplest rate limiting algorithm. Divides time into fixed windows\n * and counts requests within each window.\n \n How it works:\n * 1. Divide time into fixed windows (e.g., every minute starting at :00)\n * 2. Count requests within the current window\n * 3. Reset counter when new window starts\n \n Example (100 req/min limit):\n * - Window 1 (12:00:00 - 12:00:59): 80 requests -> allowed\n * - Window 2 (12:01:00 - 12:01:59): 0 requests (fresh start)\n \n Pros:\n * - Simple to implement\n * - Memory efficient (only 1 counter per key)\n * - Fast (O(1) operations)\n \n Cons:\n * - Burst problem: 200 requests possible in 2 seconds at window boundary\n * - 100 requests at 12:00:59 (end of window 1)\n * - 100 requests at 12:01:00 (start of window 2)\n * - Not smooth\n \n Use when:\n * - Simplicity is preferred\n * - Burst at boundaries is acceptable\n * - Memory/CPU is very constrained\n /\n\nimport type { RateLimitStore, RateLimitAlgorithmImpl } from '../types'\nimport type { RateLimitInfo } from '../../../core/types'\nimport { msToSeconds } from '../../../utils/time'\n\n/\n Fixed window algorithm implementation\n /\nexport class FixedWindowAlgorithm implements RateLimitAlgorithmImpl {\n public readonly name = 'fixed-window' as const\n\n /\n Check if the request should be rate limited\n /\n async check(\n store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n\n // Calculate window boundaries\n const windowStart = Math.floor(now / windowMs) windowMs\n const windowEnd = windowStart + windowMs\n const reset = msToSeconds(windowEnd)\n\n // Create window-specific key\n const windowKey = `${key}:${windowStart}`\n\n // Get current count\n const data = await store.get(windowKey)\n const currentCount = data?.count ?? 0\n\n // Check if limit exceeded\n if (currentCount >= limit) {\n const retryAfter = Math.ceil((windowEnd - now) / 1000)\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Increment counter\n const { count } = await store.increment(windowKey, windowMs)\n\n // Double-check after increment (race condition protection)\n if (count > limit) {\n const retryAfter = Math.ceil((windowEnd - now) / 1000)\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n return {\n limit,\n remaining: Math.max(0, limit - count),\n reset,\n limited: false,\n }\n }\n}\n\n/*\n Create a fixed window algorithm instance\n /\nexport function createFixedWindowAlgorithm(): FixedWindowAlgorithm {\n return new FixedWindowAlgorithm()\n}\n\n/\n Fixed window with burst protection\n \n Adds a secondary limit to prevent bursts at window boundaries.\n * For example: 100 req/min with max 20 req/10sec burst.\n /\nexport class FixedWindowWithBurstProtection implements RateLimitAlgorithmImpl {\n public readonly name = 'fixed-window' as const\n\n constructor(\n private readonly burstLimit: number,\n private readonly burstWindowMs: number\n ) {}\n\n async check(\n store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n\n // Check burst limit first (smaller window)\n const burstWindowStart = Math.floor(now / this.burstWindowMs) this.burstWindowMs\n const burstKey = `${key}:burst:${burstWindowStart}`\n const burstData = await store.get(burstKey)\n const burstCount = burstData?.count ?? 0\n\n if (burstCount >= this.burstLimit) {\n const burstWindowEnd = burstWindowStart + this.burstWindowMs\n const retryAfter = Math.ceil((burstWindowEnd - now) / 1000)\n\n return {\n limit: this.burstLimit,\n remaining: 0,\n reset: msToSeconds(burstWindowEnd),\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Check main limit\n const windowStart = Math.floor(now / windowMs) * windowMs\n const windowEnd = windowStart + windowMs\n const windowKey = `${key}:${windowStart}`\n const data = await store.get(windowKey)\n const currentCount = data?.count ?? 0\n\n if (currentCount >= limit) {\n const retryAfter = Math.ceil((windowEnd - now) / 1000)\n\n return {\n limit,\n remaining: 0,\n reset: msToSeconds(windowEnd),\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Increment both counters\n await Promise.all([\n store.increment(windowKey, windowMs),\n store.increment(burstKey, this.burstWindowMs),\n ])\n\n return {\n limit,\n remaining: Math.max(0, limit - currentCount - 1),\n reset: msToSeconds(windowEnd),\n limited: false,\n }\n }\n}\n\n/*\n Create a fixed window with burst protection\n \n @example\n * ```typescript\n * // 100 req/min with max 20 req/10sec burst\n * const algorithm = createFixedWindowWithBurstProtection(20, 10000)\n * ```\n /\nexport function createFixedWindowWithBurstProtection(\n burstLimit: number,\n burstWindowMs: number\n): FixedWindowWithBurstProtection {\n return new FixedWindowWithBurstProtection(burstLimit, burstWindowMs)\n}\n","/\n Token Bucket Rate Limiting Algorithm\n \n A bucket holds tokens that are consumed by requests. Tokens are refilled\n * at a constant rate. This allows for controlled bursts while maintaining\n * an average rate.\n \n How it works:\n * 1. Bucket starts full with 'limit' tokens\n * 2. Each request consumes 1 token (or more for weighted requests)\n * 3. Tokens are refilled at 'limit / window' rate\n * 4. Request is allowed if tokens >= 1\n \n Example (100 tokens, refill 100/min = 1.67/sec):\n * - Initial: 100 tokens\n * - 50 requests instantly: 50 tokens remaining (burst allowed)\n * - Wait 30 seconds: 50 + (50 * 1.67) = 100 tokens (refilled)\n * - 100 requests instantly: 0 tokens\n * - Next request: denied until tokens refill\n \n Pros:\n * - Allows controlled bursts\n * - Smooth average rate\n * - Good for APIs with sporadic traffic\n \n Cons:\n * - More complex state management\n * - Requires storing last refill time\n \n Use when:\n * - You want to allow bursts\n * - Traffic is sporadic\n * - User experience matters (can handle burst then wait)\n /\n\nimport type { RateLimitStore, RateLimitAlgorithmImpl, TokenBucketState } from '../types'\nimport type { RateLimitInfo } from '../../../core/types'\nimport { msToSeconds } from '../../../utils/time'\n\n/\n Token bucket algorithm implementation\n /\nexport class TokenBucketAlgorithm implements RateLimitAlgorithmImpl {\n public readonly name = 'token-bucket' as const\n\n /\n In-memory bucket states\n * For distributed systems, this should be stored in Redis\n /\n private buckets: Map<string, TokenBucketState> = new Map()\n\n /\n Maximum number of buckets to store before cleanup\n /\n private readonly maxBuckets = 10000\n\n /\n Check if the request should be rate limited\n \n @param store - Not used directly, state stored in memory\n * @param key - Rate limit key\n * @param limit - Maximum tokens (bucket capacity)\n * @param windowMs - Time to refill bucket completely\n /\n async check(\n _store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n\n // Get or create bucket state\n let bucket = this.buckets.get(key)\n\n if (!bucket) {\n // New bucket, start full\n bucket = {\n tokens: limit,\n lastRefill: now,\n }\n } else {\n // Refill tokens based on time elapsed\n bucket = this.refillTokens(bucket, limit, windowMs, now)\n }\n\n // Calculate reset time (when bucket would be full again)\n const tokensNeeded = limit - bucket.tokens\n const refillRate = limit / windowMs // tokens per ms\n const timeToFull = tokensNeeded / refillRate\n const reset = msToSeconds(now + timeToFull)\n\n // Check if we have tokens\n if (bucket.tokens < 1) {\n // Calculate when we'll have 1 token\n const timeToOneToken = (1 - bucket.tokens) / refillRate\n const retryAfter = Math.ceil(timeToOneToken / 1000)\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Consume a token\n bucket.tokens -= 1\n this.buckets.set(key, bucket)\n\n // Cleanup if too many buckets\n if (this.buckets.size > this.maxBuckets) {\n this.cleanup()\n }\n\n return {\n limit,\n remaining: Math.floor(bucket.tokens),\n reset,\n limited: false,\n }\n }\n\n /\n Refill tokens based on time elapsed\n /\n private refillTokens(\n bucket: TokenBucketState,\n limit: number,\n windowMs: number,\n now: number\n ): TokenBucketState {\n const elapsed = now - bucket.lastRefill\n const refillRate = limit / windowMs // tokens per ms\n const tokensToAdd = elapsed refillRate\n\n return {\n tokens: Math.min(limit, bucket.tokens + tokensToAdd),\n lastRefill: now,\n }\n }\n\n /*\n Remove old buckets\n /\n private cleanup(): void {\n const now = Date.now()\n const staleThreshold = 3600000 // 1 hour\n\n const keysToDelete: string[] = []\n\n for (const [key, bucket] of this.buckets) {\n if (now - bucket.lastRefill > staleThreshold) {\n keysToDelete.push(key)\n }\n }\n\n for (const key of keysToDelete) {\n this.buckets.delete(key)\n }\n }\n\n /\n Get current bucket state (for testing/debugging)\n /\n getBucketState(key: string): TokenBucketState \| undefined {\n return this.buckets.get(key)\n }\n\n /\n Clear all buckets\n /\n clear(): void {\n this.buckets.clear()\n }\n}\n\n/\n Create a token bucket algorithm instance\n /\nexport function createTokenBucketAlgorithm(): TokenBucketAlgorithm {\n return new TokenBucketAlgorithm()\n}\n\n/\n Leaky Bucket Algorithm (variation of token bucket)\n \n Instead of refilling tokens, requests \"leak\" out of the bucket\n * at a constant rate. This enforces a strict output rate.\n \n Think of it as a bucket with a hole at the bottom:\n * - Requests are added to the bucket\n * - Requests leak out at a constant rate\n * - If bucket overflows, request is rejected\n \n Use when:\n * - You need strict rate enforcement\n * - Bursts should be queued, not rejected\n * - Output rate must be constant\n /\nexport class LeakyBucketAlgorithm implements RateLimitAlgorithmImpl {\n public readonly name = 'token-bucket' as const // Grouped with token bucket\n\n /\n In-memory bucket states\n * Stores the \"water level\" and last leak time\n /\n private buckets: Map<string, { level: number; lastLeak: number }> = new Map()\n\n /\n Maximum number of buckets\n /\n private readonly maxBuckets = 10000\n\n async check(\n _store: RateLimitStore,\n key: string,\n limit: number,\n windowMs: number\n ): Promise<RateLimitInfo> {\n const now = Date.now()\n\n // Get or create bucket\n let bucket = this.buckets.get(key) ?? { level: 0, lastLeak: now }\n\n // Calculate how much has leaked since last check\n const elapsed = now - bucket.lastLeak\n const leakRate = limit / windowMs // requests per ms\n const leaked = elapsed leakRate\n\n // Update level (can't go below 0)\n bucket.level = Math.max(0, bucket.level - leaked)\n bucket.lastLeak = now\n\n // Calculate reset time\n const timeToEmpty = bucket.level / leakRate\n const reset = msToSeconds(now + timeToEmpty)\n\n // Check if bucket would overflow\n if (bucket.level + 1 > limit) {\n // Calculate when there's room for 1 more request\n const overflow = bucket.level + 1 - limit\n const timeToRoom = overflow / leakRate\n const retryAfter = Math.ceil(timeToRoom / 1000)\n\n return {\n limit,\n remaining: 0,\n reset,\n limited: true,\n retryAfter: Math.max(1, retryAfter),\n }\n }\n\n // Add request to bucket\n bucket.level += 1\n this.buckets.set(key, bucket)\n\n // Cleanup if needed\n if (this.buckets.size > this.maxBuckets) {\n this.cleanup(now)\n }\n\n return {\n limit,\n remaining: Math.floor(limit - bucket.level),\n reset,\n limited: false,\n }\n }\n\n private cleanup(now: number): void {\n const staleThreshold = 3600000\n\n for (const [key, bucket] of this.buckets) {\n if (now - bucket.lastLeak > staleThreshold) {\n this.buckets.delete(key)\n }\n }\n }\n\n clear(): void {\n this.buckets.clear()\n }\n}\n\n/*\n Create a leaky bucket algorithm instance\n /\nexport function createLeakyBucketAlgorithm(): LeakyBucketAlgorithm {\n return new LeakyBucketAlgorithm()\n}\n","/\n Rate Limiting Middleware for Next.js App Router\n \n @example\n * ```typescript\n * // Basic usage\n * import { withRateLimit } from 'next-secure/rate-limit'\n \n export const GET = withRateLimit(\n * async (req) => Response.json({ data: [] }),\n * { limit: 100, window: '15m' }\n * )\n \n // With custom identifier\n * export const GET = withRateLimit(handler, {\n * limit: 100,\n * window: '15m',\n * identifier: (req) => req.headers.get('x-api-key') ?? 'anonymous'\n * })\n \n // With Redis store\n * import { createRedisStore } from 'next-secure/rate-limit'\n \n const store = createRedisStore({ client: redis })\n \n export const GET = withRateLimit(handler, {\n * limit: 100,\n * window: '15m',\n * store\n * })\n * ```\n /\n\nimport type { NextRequest, RateLimitInfo, SecureContext } from '../../core/types'\nimport { RateLimitError } from '../../core/errors'\nimport { parseDuration } from '../../utils/time'\nimport { getClientIp } from '../../utils/ip'\nimport type { RateLimitConfig, RateLimitStore, RateLimitAlgorithmImpl } from './types'\nimport { MemoryStore } from './stores/memory'\nimport { SlidingWindowAlgorithm } from './algorithms/sliding-window'\nimport { FixedWindowAlgorithm } from './algorithms/fixed-window'\nimport { TokenBucketAlgorithm } from './algorithms/token-bucket'\n\n/\n Default configuration values\n /\nconst DEFAULT_CONFIG: Partial<RateLimitConfig> = {\n algorithm: 'sliding-window',\n identifier: 'ip',\n headers: true,\n prefix: 'rl',\n message: 'Too Many Requests',\n statusCode: 429,\n debug: false,\n}\n\n/\n Global default store (shared across handlers)\n /\nlet defaultStore: RateLimitStore \| null = null\n\n/\n Get or create the default memory store\n /\nfunction getDefaultStore(): RateLimitStore {\n if (!defaultStore) {\n defaultStore = new MemoryStore()\n }\n return defaultStore\n}\n\n/\n Get algorithm instance by name\n /\nfunction getAlgorithm(name: RateLimitConfig['algorithm']): RateLimitAlgorithmImpl {\n switch (name) {\n case 'fixed-window':\n return new FixedWindowAlgorithm()\n case 'token-bucket':\n return new TokenBucketAlgorithm()\n case 'sliding-window':\n default:\n return new SlidingWindowAlgorithm()\n }\n}\n\n/\n Create rate limit headers\n /\nfunction createRateLimitHeaders(info: RateLimitInfo): Headers {\n const headers = new Headers()\n\n headers.set('X-RateLimit-Limit', String(info.limit))\n headers.set('X-RateLimit-Remaining', String(info.remaining))\n headers.set('X-RateLimit-Reset', String(info.reset))\n\n if (info.limited && info.retryAfter) {\n headers.set('Retry-After', String(info.retryAfter))\n }\n\n return headers\n}\n\n/\n Merge headers from multiple sources\n /\nfunction mergeHeaders(target: Headers, source: Headers): void {\n source.forEach((value, key) => {\n target.set(key, value)\n })\n}\n\n/\n Get client identifier from request\n /\nasync function getIdentifier(\n request: NextRequest,\n identifier: RateLimitConfig['identifier'],\n prefix: string,\n context?: SecureContext\n): Promise<string> {\n if (typeof identifier === 'function') {\n const id = await identifier(request)\n return `${prefix}:custom:${id}`\n }\n\n if (identifier === 'user') {\n // Requires auth middleware to have run first\n const userId = context?.user\n ? (context.user as { id?: string }).id ?? 'anonymous'\n : 'anonymous'\n return `${prefix}:user:${userId}`\n }\n\n // Default: IP-based\n const ip = getClientIp(request)\n return `${prefix}:ip:${ip}`\n}\n\n/\n Rate limiting middleware wrapper\n \n @example\n * ```typescript\n * // Simple usage\n * export const GET = withRateLimit(\n * async (req) => Response.json({ ok: true }),\n * { limit: 100, window: '15m' }\n * )\n \n // With all options\n * export const POST = withRateLimit(\n * async (req, ctx) => {\n * // ctx.rateLimit contains info\n * return Response.json({ remaining: ctx.rateLimit?.remaining })\n * },\n * {\n * limit: 10,\n * window: '1m',\n * algorithm: 'sliding-window',\n * identifier: 'ip',\n * headers: true,\n * onLimit: (req, info) => new Response(\n * JSON.stringify({ error: 'Slow down!' }),\n * { status: 429 }\n * ),\n * skip: (req) => req.headers.get('x-bypass') === 'secret'\n * }\n * )\n * ```\n /\nexport function withRateLimit<TUser = unknown>(\n handler: (\n request: NextRequest,\n context: SecureContext<TUser> & { rateLimit?: RateLimitInfo }\n ) => Promise<Response> \| Response,\n config: RateLimitConfig\n): (request: NextRequest, context?: SecureContext<TUser>) => Promise<Response> {\n // Merge config with defaults\n const finalConfig: Required<RateLimitConfig> = {\n ...DEFAULT_CONFIG,\n ...config,\n store: config.store ?? getDefaultStore(),\n } as Required<RateLimitConfig>\n\n // Parse window duration once\n const windowMs = parseDuration(finalConfig.window)\n\n // Get algorithm once\n const algorithm = getAlgorithm(finalConfig.algorithm)\n\n // Debug logging\n const debug = finalConfig.debug\n ? (msg: string, data?: unknown) => {\n // eslint-disable-next-line no-console\n console.log(`[next-secure:rate-limit] ${msg}`, data ?? '')\n }\n : () => {}\n\n debug('Initialized', {\n limit: finalConfig.limit,\n window: finalConfig.window,\n algorithm: finalConfig.algorithm,\n })\n\n return async (\n request: NextRequest,\n context?: SecureContext<TUser>\n ): Promise<Response> => {\n // Create context if not provided\n const ctx: SecureContext<TUser> & { rateLimit?: RateLimitInfo } = context ?? {\n user: null,\n requestId: crypto.randomUUID(),\n ip: getClientIp(request),\n userAgent: request.headers.get('user-agent') ?? '',\n startTime: Date.now(),\n metadata: {},\n }\n\n try {\n // Check if we should skip rate limiting\n if (finalConfig.skip) {\n const shouldSkip = await finalConfig.skip(request)\n if (shouldSkip) {\n debug('Skipping rate limit check')\n return handler(request, ctx)\n }\n }\n\n // Get identifier\n const key = await getIdentifier(\n request,\n finalConfig.identifier,\n finalConfig.prefix,\n ctx\n )\n debug('Rate limit key', key)\n\n // Check rate limit\n const info = await algorithm.check(\n finalConfig.store,\n key,\n finalConfig.limit,\n windowMs\n )\n debug('Rate limit info', info)\n\n // Add rate limit info to context\n ctx.rateLimit = info\n\n // Check if limited\n if (info.limited) {\n debug('Request rate limited')\n\n // Custom handler\n if (finalConfig.onLimit) {\n const response = await finalConfig.onLimit(request, info)\n\n // Add headers to custom response\n if (finalConfig.headers) {\n const rateLimitHeaders = createRateLimitHeaders(info)\n mergeHeaders(response.headers, rateLimitHeaders)\n }\n\n return response\n }\n\n // Default rate limit response\n const error = new RateLimitError({\n retryAfter: info.retryAfter ?? 60,\n resetAt: info.reset 1000,\n message: finalConfig.message,\n })\n\n const response = error.toResponse()\n\n if (finalConfig.headers) {\n const rateLimitHeaders = createRateLimitHeaders(info)\n mergeHeaders(response.headers, rateLimitHeaders)\n }\n\n return response\n }\n\n // Call the handler\n const response = await handler(request, ctx)\n\n // Add rate limit headers to successful response\n if (finalConfig.headers) {\n // Clone response to modify headers\n const newResponse = new Response(response.body, {\n status: response.status,\n statusText: response.statusText,\n headers: new Headers(response.headers),\n })\n\n const rateLimitHeaders = createRateLimitHeaders(info)\n mergeHeaders(newResponse.headers, rateLimitHeaders)\n\n return newResponse\n }\n\n return response\n } catch (error) {\n debug('Error in rate limit middleware', error)\n\n // Re-throw RateLimitError\n if (error instanceof RateLimitError) {\n throw error\n }\n\n // For other errors, let the request through (fail open)\n // This prevents rate limiting from blocking all requests on errors\n // eslint-disable-next-line no-console\n console.error('[next-secure:rate-limit] Error:', error)\n return handler(request, ctx)\n }\n }\n}\n\n/*\n Create a rate limiter instance for reuse\n \n @example\n * ```typescript\n * const apiLimiter = createRateLimiter({\n * limit: 100,\n * window: '15m'\n * })\n \n export const GET = apiLimiter(async (req) => Response.json({ ok: true }))\n * export const POST = apiLimiter(async (req) => Response.json({ ok: true }))\n * ```\n /\nexport function createRateLimiter(config: RateLimitConfig) {\n return <TUser = unknown>(\n handler: (\n request: NextRequest,\n context: SecureContext<TUser> & { rateLimit?: RateLimitInfo }\n ) => Promise<Response> \| Response\n ) => withRateLimit(handler, config)\n}\n\n/\n Check rate limit without wrapping a handler\n * Useful for checking rate limit in existing code\n \n @example\n * ```typescript\n * export async function GET(req: NextRequest) {\n * const result = await checkRateLimit(req, {\n * limit: 100,\n * window: '15m'\n * })\n \n if (!result.success) {\n * return result.response\n * }\n \n // Continue with normal logic\n * return Response.json({ ok: true })\n * }\n * ```\n /\nexport async function checkRateLimit(\n request: NextRequest,\n config: RateLimitConfig\n): Promise<{\n success: boolean\n info: RateLimitInfo\n response?: Response\n headers: Headers\n}> {\n const finalConfig = {\n ...DEFAULT_CONFIG,\n ...config,\n store: config.store ?? getDefaultStore(),\n } as Required<RateLimitConfig>\n\n const windowMs = parseDuration(finalConfig.window)\n const algorithm = getAlgorithm(finalConfig.algorithm)\n\n // Check if should skip\n if (finalConfig.skip) {\n const shouldSkip = await finalConfig.skip(request)\n if (shouldSkip) {\n const info: RateLimitInfo = {\n limit: finalConfig.limit,\n remaining: finalConfig.limit,\n reset: Math.floor(Date.now() / 1000) + Math.floor(windowMs / 1000),\n limited: false,\n }\n return { success: true, info, headers: new Headers() }\n }\n }\n\n const key = await getIdentifier(request, finalConfig.identifier, finalConfig.prefix)\n const info = await algorithm.check(finalConfig.store, key, finalConfig.limit, windowMs)\n const headers = finalConfig.headers ? createRateLimitHeaders(info) : new Headers()\n\n if (info.limited) {\n let response: Response\n\n if (finalConfig.onLimit) {\n response = await finalConfig.onLimit(request, info)\n } else {\n const error = new RateLimitError({\n retryAfter: info.retryAfter ?? 60,\n resetAt: info.reset 1000,\n message: finalConfig.message,\n })\n response = error.toResponse()\n }\n\n if (finalConfig.headers) {\n mergeHeaders(response.headers, headers)\n }\n\n return { success: false, info, response, headers }\n }\n\n return { success: true, info, headers }\n}\n\n/*\n Reset rate limit for a specific key\n \n @example\n * ```typescript\n * // Reset rate limit for an IP\n * await resetRateLimit('ip', '192.168.1.1')\n \n // Reset for a user\n * await resetRateLimit('user', 'user-123')\n * ```\n /\nexport async function resetRateLimit(\n type: 'ip' \| 'user' \| 'custom',\n identifier: string,\n options?: {\n store?: RateLimitStore\n prefix?: string\n }\n): Promise<void> {\n const store = options?.store ?? getDefaultStore()\n const prefix = options?.prefix ?? 'rl'\n const key = `${prefix}:${type}:${identifier}`\n\n await store.reset(key)\n}\n\n/\n Get current rate limit status for a key (without incrementing)\n /\nexport async function getRateLimitStatus(\n type: 'ip' \| 'user' \| 'custom',\n identifier: string,\n options?: {\n store?: RateLimitStore\n prefix?: string\n }\n): Promise<{ count: number; reset: number } \| null> {\n const store = options?.store ?? getDefaultStore()\n const prefix = options?.prefix ?? 'rl'\n const key = `${prefix}:${type}:${identifier}`\n\n return store.get(key)\n}\n\n/\n Clear all rate limits (useful for testing)\n /\nexport function clearAllRateLimits(): void {\n if (defaultStore && 'clear' in defaultStore) {\n (defaultStore as MemoryStore).clear()\n }\n}\n","import { webcrypto } from 'node:crypto'\n\nconst encoder = new TextEncoder()\n\n/\n Generate random bytes as hex string\n /\nexport function randomBytes(length: number): string {\n const bytes = new Uint8Array(length)\n webcrypto.getRandomValues(bytes)\n return Array.from(bytes)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n}\n\n/\n Create HMAC signature\n /\nasync function createSignature(data: string, secret: string): Promise<string> {\n const key = await webcrypto.subtle.importKey(\n 'raw',\n encoder.encode(secret),\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign']\n )\n\n const sig = await webcrypto.subtle.sign('HMAC', key, encoder.encode(data))\n return Array.from(new Uint8Array(sig))\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n}\n\n/\n Constant-time string comparison to prevent timing attacks\n /\nfunction safeCompare(a: string, b: string): boolean {\n if (a.length !== b.length) return false\n\n let result = 0\n for (let i = 0; i < a.length; i++) {\n result \|= a.charCodeAt(i) ^ b.charCodeAt(i)\n }\n return result === 0\n}\n\n/\n Create a signed CSRF token\n /\nexport async function createToken(\n secret: string,\n length: number = 32\n): Promise<string> {\n const data = randomBytes(length)\n const sig = await createSignature(data, secret)\n return `${data}.${sig}`\n}\n\n/\n Verify a signed CSRF token\n /\nexport async function verifyToken(\n token: string,\n secret: string\n): Promise<boolean> {\n if (!token \|\| typeof token !== 'string') return false\n\n const parts = token.split('.')\n if (parts.length !== 2) return false\n\n const [data, sig] = parts\n if (!data \|\| !sig) return false\n\n try {\n const expected = await createSignature(data, secret)\n return safeCompare(sig, expected)\n } catch {\n return false\n }\n}\n\n/\n Compare two tokens (constant-time)\n /\nexport function tokensMatch(a: string, b: string): boolean {\n if (!a \|\| !b) return false\n return safeCompare(a, b)\n}\n","import type { NextRequest } from 'next/server'\nimport type { CSRFConfig, CSRFCookieOptions } from './types'\nimport { createToken, verifyToken, tokensMatch } from './token'\n\ntype RouteHandler = (req: NextRequest) => Response \| Promise<Response>\n\nconst DEFAULT_COOKIE: CSRFCookieOptions = {\n name: '__csrf',\n path: '/',\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 86400, // 24h\n}\n\nconst DEFAULT_CONFIG: Required<Omit<CSRFConfig, 'skip' \| 'onError'>> = {\n cookie: DEFAULT_COOKIE,\n headerName: 'x-csrf-token',\n fieldName: '_csrf',\n secret: '',\n tokenLength: 32,\n protectedMethods: ['POST', 'PUT', 'PATCH', 'DELETE'],\n}\n\nfunction getSecret(config: CSRFConfig): string {\n const secret = config.secret \|\| process.env.CSRF_SECRET\n if (!secret) {\n throw new Error(\n 'CSRF secret is required. Set config.secret or CSRF_SECRET env variable.'\n )\n }\n return secret\n}\n\nfunction buildCookieString(name: string, value: string, opts: CSRFCookieOptions): string {\n let cookie = `${name}=${value}`\n\n if (opts.path) cookie += `; Path=${opts.path}`\n if (opts.domain) cookie += `; Domain=${opts.domain}`\n if (opts.maxAge) cookie += `; Max-Age=${opts.maxAge}`\n if (opts.httpOnly) cookie += '; HttpOnly'\n if (opts.secure) cookie += '; Secure'\n if (opts.sameSite) cookie += `; SameSite=${opts.sameSite}`\n\n return cookie\n}\n\n/\n Extract token from request (header or body)\n /\nasync function extractToken(\n req: NextRequest,\n headerName: string,\n fieldName: string\n): Promise<string \| null> {\n // check header first\n const headerToken = req.headers.get(headerName)\n if (headerToken) return headerToken\n\n // try to get from form data\n const contentType = req.headers.get('content-type') \|\| ''\n\n if (contentType.includes('application/x-www-form-urlencoded')) {\n try {\n const cloned = req.clone()\n const formData = await cloned.formData()\n const token = formData.get(fieldName)\n if (typeof token === 'string') return token\n } catch {\n // ignore parse errors\n }\n }\n\n if (contentType.includes('application/json')) {\n try {\n const cloned = req.clone()\n const body = await cloned.json()\n if (body && typeof body[fieldName] === 'string') {\n return body[fieldName]\n }\n } catch {\n // ignore parse errors\n }\n }\n\n return null\n}\n\nfunction defaultErrorResponse(_req: NextRequest, reason: string): Response {\n return new Response(JSON.stringify({ error: 'CSRF validation failed', reason }), {\n status: 403,\n headers: { 'Content-Type': 'application/json' },\n })\n}\n\n/\n CSRF protection middleware\n \n Uses double submit cookie pattern:\n * 1. Server sets a signed token in a cookie\n * 2. Client sends the same token in header/body\n * 3. Server compares both values\n /\nexport function withCSRF(handler: RouteHandler, config: CSRFConfig = {}): RouteHandler {\n const secret = getSecret(config)\n const cookieOpts = { ...DEFAULT_COOKIE, ...config.cookie }\n const headerName = config.headerName \|\| DEFAULT_CONFIG.headerName\n const fieldName = config.fieldName \|\| DEFAULT_CONFIG.fieldName\n const protectedMethods = config.protectedMethods \|\| DEFAULT_CONFIG.protectedMethods\n const onError = config.onError \|\| defaultErrorResponse\n\n return async (req: NextRequest): Promise<Response> => {\n const method = req.method.toUpperCase()\n\n // skip unprotected methods\n if (!protectedMethods.includes(method)) {\n return handler(req)\n }\n\n // custom skip logic\n if (config.skip) {\n const shouldSkip = await config.skip(req)\n if (shouldSkip) return handler(req)\n }\n\n const cookieName = cookieOpts.name \|\| '__csrf'\n const cookieToken = req.cookies.get(cookieName)?.value\n\n // no cookie = first request, reject\n if (!cookieToken) {\n return onError(req, 'missing_cookie')\n }\n\n // verify cookie token is valid (signed by us)\n const cookieValid = await verifyToken(cookieToken, secret)\n if (!cookieValid) {\n return onError(req, 'invalid_cookie')\n }\n\n // get token from request\n const requestToken = await extractToken(req, headerName, fieldName)\n if (!requestToken) {\n return onError(req, 'missing_token')\n }\n\n // compare tokens\n if (!tokensMatch(cookieToken, requestToken)) {\n return onError(req, 'token_mismatch')\n }\n\n return handler(req)\n }\n}\n\n/\n Generate a new CSRF token and cookie header\n * Use this in GET routes to set the initial token\n /\nexport async function generateCSRF(config: CSRFConfig = {}): Promise<{\n token: string\n cookieHeader: string\n}> {\n const secret = getSecret(config)\n const cookieOpts = { ...DEFAULT_COOKIE, ...config.cookie }\n const tokenLength = config.tokenLength \|\| DEFAULT_CONFIG.tokenLength\n const cookieName = cookieOpts.name \|\| '__csrf'\n\n const token = await createToken(secret, tokenLength)\n const cookieHeader = buildCookieString(cookieName, token, cookieOpts)\n\n return { token, cookieHeader }\n}\n\n/\n Validate a CSRF token without middleware\n * Useful for custom validation flows\n /\nexport async function validateCSRF(\n req: NextRequest,\n config: CSRFConfig = {}\n): Promise<{ valid: boolean; reason?: string }> {\n const secret = getSecret(config)\n const cookieOpts = { ...DEFAULT_COOKIE, ...config.cookie }\n const headerName = config.headerName \|\| DEFAULT_CONFIG.headerName\n const fieldName = config.fieldName \|\| DEFAULT_CONFIG.fieldName\n const cookieName = cookieOpts.name \|\| '__csrf'\n\n const cookieToken = req.cookies.get(cookieName)?.value\n if (!cookieToken) {\n return { valid: false, reason: 'missing_cookie' }\n }\n\n const cookieValid = await verifyToken(cookieToken, secret)\n if (!cookieValid) {\n return { valid: false, reason: 'invalid_cookie' }\n }\n\n const requestToken = await extractToken(req, headerName, fieldName)\n if (!requestToken) {\n return { valid: false, reason: 'missing_token' }\n }\n\n if (!tokensMatch(cookieToken, requestToken)) {\n return { valid: false, reason: 'token_mismatch' }\n }\n\n return { valid: true }\n}\n","import type {\n ContentSecurityPolicy,\n StrictTransportSecurity,\n PermissionsPolicy,\n SecurityHeadersConfig,\n SecurityHeadersPreset,\n} from './types'\n\n/\n Build CSP header string from config\n /\nexport function buildCSP(policy: ContentSecurityPolicy): string {\n const directives: string[] = []\n\n const directiveMap: Record<string, string> = {\n defaultSrc: 'default-src',\n scriptSrc: 'script-src',\n styleSrc: 'style-src',\n imgSrc: 'img-src',\n fontSrc: 'font-src',\n connectSrc: 'connect-src',\n mediaSrc: 'media-src',\n objectSrc: 'object-src',\n frameSrc: 'frame-src',\n childSrc: 'child-src',\n workerSrc: 'worker-src',\n frameAncestors: 'frame-ancestors',\n formAction: 'form-action',\n baseUri: 'base-uri',\n manifestSrc: 'manifest-src',\n reportUri: 'report-uri',\n reportTo: 'report-to',\n }\n\n for (const [key, directive] of Object.entries(directiveMap)) {\n const value = policy[key as keyof ContentSecurityPolicy]\n if (value !== undefined && value !== false) {\n if (Array.isArray(value)) {\n directives.push(`${directive} ${value.join(' ')}`)\n } else if (typeof value === 'string') {\n directives.push(`${directive} ${value}`)\n }\n }\n }\n\n if (policy.upgradeInsecureRequests) {\n directives.push('upgrade-insecure-requests')\n }\n\n if (policy.blockAllMixedContent) {\n directives.push('block-all-mixed-content')\n }\n\n return directives.join('; ')\n}\n\n/\n Build HSTS header string\n /\nexport function buildHSTS(config: StrictTransportSecurity): string {\n let value = `max-age=${config.maxAge}`\n\n if (config.includeSubDomains) {\n value += '; includeSubDomains'\n }\n\n if (config.preload) {\n value += '; preload'\n }\n\n return value\n}\n\n/\n Build Permissions-Policy header string\n /\nexport function buildPermissionsPolicy(policy: PermissionsPolicy): string {\n const directives: string[] = []\n\n const featureMap: Record<string, string> = {\n accelerometer: 'accelerometer',\n ambientLightSensor: 'ambient-light-sensor',\n autoplay: 'autoplay',\n battery: 'battery',\n camera: 'camera',\n displayCapture: 'display-capture',\n documentDomain: 'document-domain',\n encryptedMedia: 'encrypted-media',\n fullscreen: 'fullscreen',\n geolocation: 'geolocation',\n gyroscope: 'gyroscope',\n magnetometer: 'magnetometer',\n microphone: 'microphone',\n midi: 'midi',\n payment: 'payment',\n pictureInPicture: 'picture-in-picture',\n publicKeyCredentialsGet: 'publickey-credentials-get',\n screenWakeLock: 'screen-wake-lock',\n syncXhr: 'sync-xhr',\n usb: 'usb',\n webShare: 'web-share',\n xrSpatialTracking: 'xr-spatial-tracking',\n }\n\n for (const [key, feature] of Object.entries(featureMap)) {\n const origins = policy[key as keyof PermissionsPolicy]\n if (origins !== undefined) {\n if (origins.length === 0) {\n directives.push(`${feature}=()`)\n } else {\n const formatted = origins.map((o) => (o === 'self' ? 'self' : `\"${o}\"`)).join(' ')\n directives.push(`${feature}=(${formatted})`)\n }\n }\n }\n\n return directives.join(', ')\n}\n\n/\n Preset: Strict security headers\n /\nexport const PRESET_STRICT: SecurityHeadersConfig = {\n contentSecurityPolicy: {\n defaultSrc: [\"'self'\"],\n scriptSrc: [\"'self'\"],\n styleSrc: [\"'self'\"],\n imgSrc: [\"'self'\", 'data:'],\n fontSrc: [\"'self'\"],\n objectSrc: [\"'none'\"],\n frameAncestors: [\"'none'\"],\n formAction: [\"'self'\"],\n baseUri: [\"'self'\"],\n upgradeInsecureRequests: true,\n },\n strictTransportSecurity: {\n maxAge: 31536000, // 1 year\n includeSubDomains: true,\n preload: true,\n },\n xFrameOptions: 'DENY',\n xContentTypeOptions: true,\n xDnsPrefetchControl: 'off',\n xDownloadOptions: true,\n xPermittedCrossDomainPolicies: 'none',\n referrerPolicy: 'strict-origin-when-cross-origin',\n crossOriginOpenerPolicy: 'same-origin',\n crossOriginEmbedderPolicy: 'require-corp',\n crossOriginResourcePolicy: 'same-origin',\n permissionsPolicy: {\n camera: [],\n microphone: [],\n geolocation: [],\n payment: [],\n },\n originAgentCluster: true,\n}\n\n/\n Preset: Relaxed security headers (for development or less strict needs)\n /\nexport const PRESET_RELAXED: SecurityHeadersConfig = {\n contentSecurityPolicy: {\n defaultSrc: [\"'self'\"],\n scriptSrc: [\"'self'\", \"'unsafe-inline'\", \"'unsafe-eval'\"],\n styleSrc: [\"'self'\", \"'unsafe-inline'\"],\n imgSrc: [\"'self'\", 'data:', 'blob:', 'https:'],\n fontSrc: [\"'self'\", 'https:', 'data:'],\n connectSrc: [\"'self'\", 'https:', 'wss:'],\n frameSrc: [\"'self'\"],\n },\n strictTransportSecurity: {\n maxAge: 86400, // 1 day\n includeSubDomains: false,\n },\n xFrameOptions: 'SAMEORIGIN',\n xContentTypeOptions: true,\n referrerPolicy: 'no-referrer-when-downgrade',\n}\n\n/\n Preset: API-focused security headers\n /\nexport const PRESET_API: SecurityHeadersConfig = {\n contentSecurityPolicy: {\n defaultSrc: [\"'none'\"],\n frameAncestors: [\"'none'\"],\n },\n strictTransportSecurity: {\n maxAge: 31536000,\n includeSubDomains: true,\n },\n xFrameOptions: 'DENY',\n xContentTypeOptions: true,\n referrerPolicy: 'no-referrer',\n crossOriginResourcePolicy: 'same-origin',\n}\n\n/\n Get preset config by name\n /\nexport function getPreset(name: SecurityHeadersPreset): SecurityHeadersConfig {\n switch (name) {\n case 'strict':\n return PRESET_STRICT\n case 'relaxed':\n return PRESET_RELAXED\n case 'api':\n return PRESET_API\n default:\n return PRESET_STRICT\n }\n}\n\n/\n Build all headers from config\n /\nexport function buildHeaders(config: SecurityHeadersConfig): Headers {\n const headers = new Headers()\n\n // CSP\n if (config.contentSecurityPolicy) {\n const csp = buildCSP(config.contentSecurityPolicy)\n if (csp) headers.set('Content-Security-Policy', csp)\n }\n\n // HSTS\n if (config.strictTransportSecurity) {\n headers.set('Strict-Transport-Security', buildHSTS(config.strictTransportSecurity))\n }\n\n // X-Frame-Options\n if (config.xFrameOptions) {\n headers.set('X-Frame-Options', config.xFrameOptions)\n }\n\n // X-Content-Type-Options\n if (config.xContentTypeOptions) {\n headers.set('X-Content-Type-Options', 'nosniff')\n }\n\n // X-DNS-Prefetch-Control\n if (config.xDnsPrefetchControl) {\n headers.set('X-DNS-Prefetch-Control', config.xDnsPrefetchControl)\n }\n\n // X-Download-Options\n if (config.xDownloadOptions) {\n headers.set('X-Download-Options', 'noopen')\n }\n\n // X-Permitted-Cross-Domain-Policies\n if (config.xPermittedCrossDomainPolicies) {\n headers.set('X-Permitted-Cross-Domain-Policies', config.xPermittedCrossDomainPolicies)\n }\n\n // Referrer-Policy\n if (config.referrerPolicy) {\n const value = Array.isArray(config.referrerPolicy)\n ? config.referrerPolicy.join(', ')\n : config.referrerPolicy\n headers.set('Referrer-Policy', value)\n }\n\n // COOP\n if (config.crossOriginOpenerPolicy) {\n headers.set('Cross-Origin-Opener-Policy', config.crossOriginOpenerPolicy)\n }\n\n // COEP\n if (config.crossOriginEmbedderPolicy) {\n headers.set('Cross-Origin-Embedder-Policy', config.crossOriginEmbedderPolicy)\n }\n\n // CORP\n if (config.crossOriginResourcePolicy) {\n headers.set('Cross-Origin-Resource-Policy', config.crossOriginResourcePolicy)\n }\n\n // Permissions-Policy\n if (config.permissionsPolicy) {\n const pp = buildPermissionsPolicy(config.permissionsPolicy)\n if (pp) headers.set('Permissions-Policy', pp)\n }\n\n // Origin-Agent-Cluster\n if (config.originAgentCluster) {\n headers.set('Origin-Agent-Cluster', '?1')\n }\n\n return headers\n}\n","import type { NextRequest } from 'next/server'\nimport type { SecurityHeadersConfig, SecurityHeadersPreset } from './types'\nimport { buildHeaders, getPreset, PRESET_STRICT } from './builder'\n\ntype RouteHandler = (req: NextRequest) => Response \| Promise<Response>\n\nexport interface WithSecurityHeadersOptions {\n /* Use a preset configuration /\n preset?: SecurityHeadersPreset\n\n /* Custom header configuration (merged with preset if provided) /\n config?: SecurityHeadersConfig\n\n /* Override response headers instead of merging /\n override?: boolean\n}\n\n/\n Merge two configs, with custom taking precedence\n /\nfunction mergeConfigs(\n base: SecurityHeadersConfig,\n custom: SecurityHeadersConfig\n): SecurityHeadersConfig {\n return {\n ...base,\n ...custom,\n // Deep merge CSP if both exist\n contentSecurityPolicy:\n custom.contentSecurityPolicy === false\n ? false\n : custom.contentSecurityPolicy\n ? base.contentSecurityPolicy\n ? { ...(base.contentSecurityPolicy as object), ...custom.contentSecurityPolicy }\n : custom.contentSecurityPolicy\n : base.contentSecurityPolicy,\n // Deep merge HSTS if both exist\n strictTransportSecurity:\n custom.strictTransportSecurity === false\n ? false\n : custom.strictTransportSecurity\n ? base.strictTransportSecurity\n ? { ...(base.strictTransportSecurity as object), ...custom.strictTransportSecurity }\n : custom.strictTransportSecurity\n : base.strictTransportSecurity,\n // Deep merge Permissions-Policy if both exist\n permissionsPolicy:\n custom.permissionsPolicy === false\n ? false\n : custom.permissionsPolicy\n ? base.permissionsPolicy\n ? { ...(base.permissionsPolicy as object), ...custom.permissionsPolicy }\n : custom.permissionsPolicy\n : base.permissionsPolicy,\n }\n}\n\n/\n Security headers middleware\n \n Adds security headers to responses. Use presets for quick setup\n * or provide custom configuration.\n \n @example\n * ```typescript\n * // Use strict preset\n * export const GET = withSecurityHeaders(handler, { preset: 'strict' })\n \n // Custom config\n * export const GET = withSecurityHeaders(handler, {\n * config: {\n * xFrameOptions: 'SAMEORIGIN',\n * referrerPolicy: 'no-referrer'\n * }\n * })\n * ```\n /\nexport function withSecurityHeaders(\n handler: RouteHandler,\n options: WithSecurityHeadersOptions = {}\n): RouteHandler {\n const { preset, config, override = false } = options\n\n // Get base config from preset or default to strict\n let baseConfig: SecurityHeadersConfig = preset ? getPreset(preset) : PRESET_STRICT\n\n // Merge with custom config if provided\n if (config) {\n baseConfig = mergeConfigs(baseConfig, config)\n }\n\n // Pre-build headers for performance\n const securityHeaders = buildHeaders(baseConfig)\n\n return async (req: NextRequest): Promise<Response> => {\n const response = await handler(req)\n\n // Clone response to modify headers\n const newHeaders = new Headers(response.headers)\n\n // Add security headers\n securityHeaders.forEach((value, key) => {\n if (override \|\| !newHeaders.has(key)) {\n newHeaders.set(key, value)\n }\n })\n\n return new Response(response.body, {\n status: response.status,\n statusText: response.statusText,\n headers: newHeaders,\n })\n }\n}\n\n/\n Create headers object for use in responses\n * Useful when you want to add headers manually\n \n @example\n * ```typescript\n * const headers = createSecurityHeaders({ preset: 'api' })\n \n return Response.json(data, { headers })\n * ```\n /\nexport function createSecurityHeaders(\n options: WithSecurityHeadersOptions = {}\n): Headers {\n const { preset, config } = options\n\n let baseConfig: SecurityHeadersConfig = preset ? getPreset(preset) : PRESET_STRICT\n\n if (config) {\n baseConfig = mergeConfigs(baseConfig, config)\n }\n\n return buildHeaders(baseConfig)\n}\n\n/\n Create a headers object as a plain object (for Next.js headers())\n /\nexport function createSecurityHeadersObject(\n options: WithSecurityHeadersOptions = {}\n): Record<string, string> {\n const headers = createSecurityHeaders(options)\n const obj: Record<string, string> = {}\n\n headers.forEach((value, key) => {\n obj[key] = value\n })\n\n return obj\n}\n","import { webcrypto } from 'node:crypto'\nimport type { JWTPayload, JWTConfig, AuthError } from './types'\n\nconst encoder = new TextEncoder()\nconst decoder = new TextDecoder()\n\n/\n Base64URL decode\n /\nfunction base64UrlDecode(str: string): Uint8Array {\n // Add padding if needed\n const pad = str.length % 4\n if (pad) {\n str += '='.repeat(4 - pad)\n }\n\n // Replace URL-safe chars\n const base64 = str.replace(/-/g, '+').replace(/_/g, '/')\n\n const binary = atob(base64)\n const bytes = new Uint8Array(binary.length)\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i)\n }\n return bytes\n}\n\n/\n Parse JWT without verification (for header inspection)\n /\nexport function decodeJWT(token: string): {\n header: Record<string, unknown>\n payload: JWTPayload\n signature: Uint8Array\n} \| null {\n try {\n const parts = token.split('.')\n if (parts.length !== 3) return null\n\n const header = JSON.parse(decoder.decode(base64UrlDecode(parts[0])))\n const payload = JSON.parse(decoder.decode(base64UrlDecode(parts[1])))\n const signature = base64UrlDecode(parts[2])\n\n return { header, payload, signature }\n } catch {\n return null\n }\n}\n\n/\n Get crypto algorithm params from JWT algorithm\n /\nfunction getAlgorithmParams(alg: string): {\n name: string\n hash?: string\n namedCurve?: string\n} \| null {\n switch (alg) {\n case 'HS256':\n return { name: 'HMAC', hash: 'SHA-256' }\n case 'HS384':\n return { name: 'HMAC', hash: 'SHA-384' }\n case 'HS512':\n return { name: 'HMAC', hash: 'SHA-512' }\n case 'RS256':\n return { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256' }\n case 'RS384':\n return { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-384' }\n case 'RS512':\n return { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-512' }\n case 'ES256':\n return { name: 'ECDSA', hash: 'SHA-256', namedCurve: 'P-256' }\n case 'ES384':\n return { name: 'ECDSA', hash: 'SHA-384', namedCurve: 'P-384' }\n case 'ES512':\n return { name: 'ECDSA', hash: 'SHA-512', namedCurve: 'P-521' }\n default:\n return null\n }\n}\n\n/\n Verify HMAC signature\n /\nasync function verifyHMAC(\n data: string,\n signature: Uint8Array,\n secret: string,\n hash: string\n): Promise<boolean> {\n const key = await webcrypto.subtle.importKey(\n 'raw',\n encoder.encode(secret),\n { name: 'HMAC', hash },\n false,\n ['verify']\n )\n\n return webcrypto.subtle.verify('HMAC', key, signature, encoder.encode(data))\n}\n\n/\n Import PEM public key\n /\nasync function importPublicKey(\n pem: string,\n algorithm: { name: string; hash?: string; namedCurve?: string }\n): Promise<CryptoKey> {\n // Remove PEM headers and decode\n const pemContents = pem\n .replace(/-----BEGIN.-----/, '')\n .replace(/-----END.-----/, '')\n .replace(/\\s/g, '')\n\n const binaryDer = base64UrlDecode(pemContents.replace(/\\+/g, '-').replace(/\\//g, '_'))\n\n const keyUsages: KeyUsage[] = ['verify']\n\n if (algorithm.name === 'RSASSA-PKCS1-v1_5') {\n return webcrypto.subtle.importKey(\n 'spki',\n binaryDer,\n { name: algorithm.name, hash: algorithm.hash! },\n false,\n keyUsages\n )\n }\n\n if (algorithm.name === 'ECDSA') {\n return webcrypto.subtle.importKey(\n 'spki',\n binaryDer,\n { name: algorithm.name, namedCurve: algorithm.namedCurve! },\n false,\n keyUsages\n )\n }\n\n throw new Error(`Unsupported algorithm: ${algorithm.name}`)\n}\n\n/\n Verify RSA/ECDSA signature\n /\nasync function verifyAsymmetric(\n data: string,\n signature: Uint8Array,\n publicKey: string,\n algorithm: { name: string; hash?: string; namedCurve?: string }\n): Promise<boolean> {\n const key = await importPublicKey(publicKey, algorithm)\n\n const params = algorithm.name === 'ECDSA'\n ? { name: 'ECDSA', hash: algorithm.hash! } as EcdsaParams\n : algorithm.name\n\n return webcrypto.subtle.verify(params, key, signature, encoder.encode(data))\n}\n\n/\n Validate JWT claims\n /\nfunction validateClaims(\n payload: JWTPayload,\n config: JWTConfig\n): AuthError \| null {\n const now = Math.floor(Date.now() / 1000)\n const tolerance = config.clockTolerance \|\| 0\n\n // Check expiration\n if (payload.exp !== undefined && payload.exp < now - tolerance) {\n return {\n code: 'expired_token',\n message: 'Token has expired',\n status: 401,\n }\n }\n\n // Check not before\n if (payload.nbf !== undefined && payload.nbf > now + tolerance) {\n return {\n code: 'invalid_token',\n message: 'Token not yet valid',\n status: 401,\n }\n }\n\n // Check issuer\n if (config.issuer) {\n const issuers = Array.isArray(config.issuer) ? config.issuer : [config.issuer]\n if (!payload.iss \|\| !issuers.includes(payload.iss)) {\n return {\n code: 'invalid_token',\n message: 'Invalid token issuer',\n status: 401,\n }\n }\n }\n\n // Check audience\n if (config.audience) {\n const audiences = Array.isArray(config.audience) ? config.audience : [config.audience]\n const tokenAudiences = Array.isArray(payload.aud)\n ? payload.aud\n : payload.aud\n ? [payload.aud]\n : []\n\n const hasValidAudience = audiences.some((aud) => tokenAudiences.includes(aud))\n if (!hasValidAudience) {\n return {\n code: 'invalid_token',\n message: 'Invalid token audience',\n status: 401,\n }\n }\n }\n\n return null\n}\n\n/\n Verify and decode JWT\n /\nexport async function verifyJWT(\n token: string,\n config: JWTConfig\n): Promise<{ payload: JWTPayload; error: null } \| { payload: null; error: AuthError }> {\n // Decode token\n const decoded = decodeJWT(token)\n if (!decoded) {\n return {\n payload: null,\n error: {\n code: 'invalid_token',\n message: 'Malformed token',\n status: 401,\n },\n }\n }\n\n const { header, payload, signature } = decoded\n const alg = header.alg as string\n\n // Check algorithm\n const allowedAlgorithms = config.algorithms \|\| ['HS256']\n if (!allowedAlgorithms.includes(alg)) {\n return {\n payload: null,\n error: {\n code: 'invalid_token',\n message: `Algorithm ${alg} not allowed`,\n status: 401,\n },\n }\n }\n\n // Get algorithm params\n const algorithmParams = getAlgorithmParams(alg)\n if (!algorithmParams) {\n return {\n payload: null,\n error: {\n code: 'invalid_token',\n message: `Unsupported algorithm: ${alg}`,\n status: 401,\n },\n }\n }\n\n // Verify signature\n const parts = token.split('.')\n const signedData = `${parts[0]}.${parts[1]}`\n let isValid = false\n\n try {\n if (algorithmParams.name === 'HMAC') {\n if (!config.secret) {\n return {\n payload: null,\n error: {\n code: 'invalid_token',\n message: 'Secret required for HMAC algorithms',\n status: 500,\n },\n }\n }\n isValid = await verifyHMAC(signedData, signature, config.secret, algorithmParams.hash!)\n } else {\n if (!config.publicKey) {\n return {\n payload: null,\n error: {\n code: 'invalid_token',\n message: 'Public key required for asymmetric algorithms',\n status: 500,\n },\n }\n }\n isValid = await verifyAsymmetric(signedData, signature, config.publicKey, algorithmParams)\n }\n } catch {\n isValid = false\n }\n\n if (!isValid) {\n return {\n payload: null,\n error: {\n code: 'invalid_signature',\n message: 'Invalid token signature',\n status: 401,\n },\n }\n }\n\n // Validate claims\n const claimsError = validateClaims(payload, config)\n if (claimsError) {\n return { payload: null, error: claimsError }\n }\n\n return { payload, error: null }\n}\n\n/\n Extract token from Authorization header\n /\nexport function extractBearerToken(authHeader: string \| null): string \| null {\n if (!authHeader) return null\n if (!authHeader.startsWith('Bearer ')) return null\n return authHeader.slice(7)\n}\n","import type { NextRequest } from 'next/server'\nimport type {\n AuthConfig,\n AuthUser,\n AuthError,\n JWTConfig,\n APIKeyConfig,\n SessionConfig,\n RBACConfig,\n} from './types'\nimport { verifyJWT, extractBearerToken } from './jwt'\n\ntype RouteHandler = (req: NextRequest) => Response \| Promise<Response>\ntype AuthenticatedHandler = (\n req: NextRequest,\n ctx: { user: AuthUser; token?: string }\n) => Response \| Promise<Response>\n\n/\n Default error response\n /\nfunction defaultErrorResponse(_req: NextRequest, error: AuthError): Response {\n return new Response(\n JSON.stringify({\n error: error.code,\n message: error.message,\n }),\n {\n status: error.status,\n headers: { 'Content-Type': 'application/json' },\n }\n )\n}\n\n/\n Extract token from request\n /\nasync function getTokenFromRequest(\n req: NextRequest,\n config?: JWTConfig\n): Promise<string \| null> {\n // Custom extractor\n if (config?.getToken) {\n return config.getToken(req)\n }\n\n // Default: Authorization header\n return extractBearerToken(req.headers.get('authorization'))\n}\n\n/\n JWT Authentication middleware\n /\nexport function withJWT(\n handler: AuthenticatedHandler,\n config: JWTConfig\n): RouteHandler {\n const secret = config.secret \|\| process.env.JWT_SECRET\n const effectiveConfig = { ...config, secret }\n\n return async (req: NextRequest): Promise<Response> => {\n const token = await getTokenFromRequest(req, effectiveConfig)\n\n if (!token) {\n return defaultErrorResponse(req, {\n code: 'missing_token',\n message: 'Authentication required',\n status: 401,\n })\n }\n\n const { payload, error } = await verifyJWT(token, effectiveConfig)\n\n if (error) {\n return defaultErrorResponse(req, error)\n }\n\n // Map payload to user\n const user: AuthUser = effectiveConfig.mapUser\n ? await effectiveConfig.mapUser(payload)\n : {\n id: payload.sub \|\| '',\n email: payload.email as string \| undefined,\n name: payload.name as string \| undefined,\n roles: payload.roles as string[] \| undefined,\n permissions: payload.permissions as string[] \| undefined,\n }\n\n return handler(req, { user, token })\n }\n}\n\n/\n API Key Authentication middleware\n /\nexport function withAPIKey(\n handler: AuthenticatedHandler,\n config: APIKeyConfig\n): RouteHandler {\n const headerName = config.headerName \|\| 'x-api-key'\n const queryParam = config.queryParam \|\| 'api_key'\n\n return async (req: NextRequest): Promise<Response> => {\n // Try header first\n let apiKey = req.headers.get(headerName)\n\n // Try query param\n if (!apiKey) {\n const url = new URL(req.url)\n apiKey = url.searchParams.get(queryParam)\n }\n\n if (!apiKey) {\n return defaultErrorResponse(req, {\n code: 'missing_api_key',\n message: 'API key required',\n status: 401,\n })\n }\n\n const user = await config.validate(apiKey, req)\n\n if (!user) {\n return defaultErrorResponse(req, {\n code: 'invalid_api_key',\n message: 'Invalid API key',\n status: 401,\n })\n }\n\n return handler(req, { user })\n }\n}\n\n/\n Session/Cookie Authentication middleware\n /\nexport function withSession(\n handler: AuthenticatedHandler,\n config: SessionConfig\n): RouteHandler {\n const cookieName = config.cookieName \|\| 'session'\n\n return async (req: NextRequest): Promise<Response> => {\n const sessionId = req.cookies.get(cookieName)?.value\n\n if (!sessionId) {\n return defaultErrorResponse(req, {\n code: 'missing_session',\n message: 'Session required',\n status: 401,\n })\n }\n\n const user = await config.validate(sessionId, req)\n\n if (!user) {\n return defaultErrorResponse(req, {\n code: 'invalid_session',\n message: 'Invalid or expired session',\n status: 401,\n })\n }\n\n return handler(req, { user })\n }\n}\n\n/\n Role-based access control middleware\n * Must be used after authentication middleware\n /\nexport function withRoles(\n handler: AuthenticatedHandler,\n config: RBACConfig\n): (req: NextRequest, ctx: { user: AuthUser; token?: string }) => Promise<Response> {\n return async (\n req: NextRequest,\n ctx: { user: AuthUser; token?: string }\n ): Promise<Response> => {\n const { user } = ctx\n\n // Get user roles\n const userRoles = config.getUserRoles\n ? config.getUserRoles(user)\n : user.roles \|\| []\n\n // Check required roles (any match)\n if (config.roles && config.roles.length > 0) {\n const hasRole = config.roles.some((role) => userRoles.includes(role))\n if (!hasRole) {\n return defaultErrorResponse(req, {\n code: 'insufficient_roles',\n message: 'Insufficient permissions',\n status: 403,\n })\n }\n }\n\n // Get user permissions\n const userPermissions = config.getUserPermissions\n ? config.getUserPermissions(user)\n : user.permissions \|\| []\n\n // Check required permissions (all required)\n if (config.permissions && config.permissions.length > 0) {\n const hasAllPermissions = config.permissions.every((perm) =>\n userPermissions.includes(perm)\n )\n if (!hasAllPermissions) {\n return defaultErrorResponse(req, {\n code: 'insufficient_permissions',\n message: 'Insufficient permissions',\n status: 403,\n })\n }\n }\n\n // Custom authorization\n if (config.authorize) {\n const authorized = await config.authorize(user, req)\n if (!authorized) {\n return defaultErrorResponse(req, {\n code: 'unauthorized',\n message: 'Unauthorized',\n status: 403,\n })\n }\n }\n\n return handler(req, ctx)\n }\n}\n\n/\n Combined auth middleware with multiple strategies\n /\nexport function withAuth(\n handler: AuthenticatedHandler,\n config: AuthConfig\n): RouteHandler {\n const onError = config.onError \|\| defaultErrorResponse\n\n return async (req: NextRequest): Promise<Response> => {\n let user: AuthUser \| null = null\n let token: string \| undefined\n\n // Try JWT auth\n if (config.jwt) {\n const secret = config.jwt.secret \|\| process.env.JWT_SECRET\n const jwtConfig = { ...config.jwt, secret }\n const jwtToken = await getTokenFromRequest(req, jwtConfig)\n\n if (jwtToken) {\n const { payload, error } = await verifyJWT(jwtToken, jwtConfig)\n if (!error && payload) {\n user = jwtConfig.mapUser\n ? await jwtConfig.mapUser(payload)\n : {\n id: payload.sub \|\| '',\n email: payload.email as string \| undefined,\n name: payload.name as string \| undefined,\n roles: payload.roles as string[] \| undefined,\n }\n token = jwtToken\n }\n }\n }\n\n // Try API Key auth\n if (!user && config.apiKey) {\n const headerName = config.apiKey.headerName \|\| 'x-api-key'\n const queryParam = config.apiKey.queryParam \|\| 'api_key'\n\n let apiKey = req.headers.get(headerName)\n if (!apiKey) {\n const url = new URL(req.url)\n apiKey = url.searchParams.get(queryParam)\n }\n\n if (apiKey) {\n const apiUser = await config.apiKey.validate(apiKey, req)\n if (apiUser) {\n user = apiUser\n }\n }\n }\n\n // Try Session auth\n if (!user && config.session) {\n const cookieName = config.session.cookieName \|\| 'session'\n const sessionId = req.cookies.get(cookieName)?.value\n\n if (sessionId) {\n const sessionUser = await config.session.validate(sessionId, req)\n if (sessionUser) {\n user = sessionUser\n }\n }\n }\n\n // No authentication found\n if (!user) {\n return onError(req, {\n code: 'unauthorized',\n message: 'Authentication required',\n status: 401,\n })\n }\n\n // RBAC check\n if (config.rbac) {\n const userRoles = config.rbac.getUserRoles\n ? config.rbac.getUserRoles(user)\n : user.roles \|\| []\n\n if (config.rbac.roles && config.rbac.roles.length > 0) {\n const hasRole = config.rbac.roles.some((role) => userRoles.includes(role))\n if (!hasRole) {\n return onError(req, {\n code: 'insufficient_roles',\n message: 'Insufficient permissions',\n status: 403,\n })\n }\n }\n\n const userPermissions = config.rbac.getUserPermissions\n ? config.rbac.getUserPermissions(user)\n : user.permissions \|\| []\n\n if (config.rbac.permissions && config.rbac.permissions.length > 0) {\n const hasAllPermissions = config.rbac.permissions.every((perm) =>\n userPermissions.includes(perm)\n )\n if (!hasAllPermissions) {\n return onError(req, {\n code: 'insufficient_permissions',\n message: 'Insufficient permissions',\n status: 403,\n })\n }\n }\n\n if (config.rbac.authorize) {\n const authorized = await config.rbac.authorize(user, req)\n if (!authorized) {\n return onError(req, {\n code: 'unauthorized',\n message: 'Unauthorized',\n status: 403,\n })\n }\n }\n }\n\n // Success callback\n if (config.onSuccess) {\n await config.onSuccess(req, user)\n }\n\n return handler(req, { user, token })\n }\n}\n\n/\n Optional auth - doesn't fail if no auth present\n /\nexport function withOptionalAuth(\n handler: (\n req: NextRequest,\n ctx: { user: AuthUser \| null; token?: string }\n ) => Response \| Promise<Response>,\n config: Omit<AuthConfig, 'rbac'>\n): RouteHandler {\n return async (req: NextRequest): Promise<Response> => {\n let user: AuthUser \| null = null\n let token: string \| undefined\n\n // Try JWT auth\n if (config.jwt) {\n const secret = config.jwt.secret \|\| process.env.JWT_SECRET\n const jwtConfig = { ...config.jwt, secret }\n const jwtToken = await getTokenFromRequest(req, jwtConfig)\n\n if (jwtToken) {\n const { payload, error } = await verifyJWT(jwtToken, jwtConfig)\n if (!error && payload) {\n user = jwtConfig.mapUser\n ? await jwtConfig.mapUser(payload)\n : {\n id: payload.sub \|\| '',\n email: payload.email as string \| undefined,\n name: payload.name as string \| undefined,\n roles: payload.roles as string[] \| undefined,\n }\n token = jwtToken\n }\n }\n }\n\n // Try API Key auth\n if (!user && config.apiKey) {\n const headerName = config.apiKey.headerName \|\| 'x-api-key'\n let apiKey = req.headers.get(headerName)\n\n if (apiKey) {\n const apiUser = await config.apiKey.validate(apiKey, req)\n if (apiUser) user = apiUser\n }\n }\n\n // Try Session auth\n if (!user && config.session) {\n const cookieName = config.session.cookieName \|\| 'session'\n const sessionId = req.cookies.get(cookieName)?.value\n\n if (sessionId) {\n const sessionUser = await config.session.validate(sessionId, req)\n if (sessionUser) user = sessionUser\n }\n }\n\n return handler(req, { user, token })\n }\n}\n","import type { Schema, CustomSchema, FieldRule, ValidationError, ValidationResult } from './types'\n\n/\n Check if a schema is a Zod-like schema (has safeParse method)\n /\nexport function isZodSchema(schema: unknown): schema is Schema {\n return (\n typeof schema === 'object' &&\n schema !== null &&\n 'safeParse' in schema &&\n typeof (schema as Schema).safeParse === 'function'\n )\n}\n\n/\n Check if a schema is a custom schema (plain object with field rules)\n /\nexport function isCustomSchema(schema: unknown): schema is CustomSchema {\n if (typeof schema !== 'object' \|\| schema === null) return false\n if ('safeParse' in schema) return false\n\n const entries = Object.entries(schema)\n if (entries.length === 0) return false\n\n return entries.every(([_, rule]) => {\n return typeof rule === 'object' && rule !== null && 'type' in rule\n })\n}\n\n/\n Email regex pattern (RFC 5322 simplified)\n /\nconst EMAIL_PATTERN = /^[a-zA-Z0-9.!#$%&'+/=?^_`{\|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)$/\n\n/\n URL regex pattern (supports domain names, localhost, and IP addresses)\n /\nconst URL_PATTERN = /^https?:\\/\\/(?:(?:www\\.)?[-a-zA-Z0-9@:%._+~#=]{1,256}\\.[a-zA-Z0-9()]{1,6}\|localhost\|(?:\\d{1,3}\\.){3}\\d{1,3})(?::\\d{1,5})?(?:[-a-zA-Z0-9()@:%_+.~#?&/=])$/\n\n/*\n UUID regex pattern (v4)\n /\nconst UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i\n\n/\n ISO date pattern\n /\nconst DATE_PATTERN = /^\\d{4}-\\d{2}-\\d{2}(?:T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?(?:Z\|[+-]\\d{2}:?\\d{2})?)?$/\n\n/\n Validate a single field with a rule\n /\nexport function validateField(value: unknown, rule: FieldRule, fieldName: string): ValidationError \| null {\n // Handle required\n if (value === undefined \|\| value === null \|\| value === '') {\n if (rule.required) {\n return {\n field: fieldName,\n code: 'required',\n message: rule.message \|\| `${fieldName} is required`,\n received: value,\n }\n }\n return null // Optional field with no value\n }\n\n // Type validation\n switch (rule.type) {\n case 'string':\n if (typeof value !== 'string') {\n return {\n field: fieldName,\n code: 'invalid_type',\n message: rule.message \|\| `${fieldName} must be a string`,\n expected: 'string',\n received: typeof value,\n }\n }\n // String length validation\n if (rule.minLength !== undefined && value.length < rule.minLength) {\n return {\n field: fieldName,\n code: 'too_short',\n message: rule.message \|\| `${fieldName} must be at least ${rule.minLength} characters`,\n received: value.length,\n }\n }\n if (rule.maxLength !== undefined && value.length > rule.maxLength) {\n return {\n field: fieldName,\n code: 'too_long',\n message: rule.message \|\| `${fieldName} must be at most ${rule.maxLength} characters`,\n received: value.length,\n }\n }\n // Pattern validation\n if (rule.pattern && !rule.pattern.test(value)) {\n return {\n field: fieldName,\n code: 'invalid_pattern',\n message: rule.message \|\| `${fieldName} has invalid format`,\n received: value,\n }\n }\n break\n\n case 'number':\n const num = typeof value === 'number' ? value : Number(value)\n if (isNaN(num)) {\n return {\n field: fieldName,\n code: 'invalid_type',\n message: rule.message \|\| `${fieldName} must be a number`,\n expected: 'number',\n received: typeof value,\n }\n }\n if (rule.integer && !Number.isInteger(num)) {\n return {\n field: fieldName,\n code: 'invalid_integer',\n message: rule.message \|\| `${fieldName} must be an integer`,\n received: num,\n }\n }\n if (rule.min !== undefined && num < rule.min) {\n return {\n field: fieldName,\n code: 'too_small',\n message: rule.message \|\| `${fieldName} must be at least ${rule.min}`,\n received: num,\n }\n }\n if (rule.max !== undefined && num > rule.max) {\n return {\n field: fieldName,\n code: 'too_large',\n message: rule.message \|\| `${fieldName} must be at most ${rule.max}`,\n received: num,\n }\n }\n break\n\n case 'boolean':\n if (typeof value !== 'boolean' && value !== 'true' && value !== 'false') {\n return {\n field: fieldName,\n code: 'invalid_type',\n message: rule.message \|\| `${fieldName} must be a boolean`,\n expected: 'boolean',\n received: typeof value,\n }\n }\n break\n\n case 'email':\n if (typeof value !== 'string' \|\| !EMAIL_PATTERN.test(value)) {\n return {\n field: fieldName,\n code: 'invalid_email',\n message: rule.message \|\| `${fieldName} must be a valid email address`,\n received: value,\n }\n }\n break\n\n case 'url':\n if (typeof value !== 'string' \|\| !URL_PATTERN.test(value)) {\n return {\n field: fieldName,\n code: 'invalid_url',\n message: rule.message \|\| `${fieldName} must be a valid URL`,\n received: value,\n }\n }\n break\n\n case 'uuid':\n if (typeof value !== 'string' \|\| !UUID_PATTERN.test(value)) {\n return {\n field: fieldName,\n code: 'invalid_uuid',\n message: rule.message \|\| `${fieldName} must be a valid UUID`,\n received: value,\n }\n }\n break\n\n case 'date':\n if (typeof value !== 'string' \|\| !DATE_PATTERN.test(value)) {\n const parsed = new Date(value as string)\n if (isNaN(parsed.getTime())) {\n return {\n field: fieldName,\n code: 'invalid_date',\n message: rule.message \|\| `${fieldName} must be a valid date`,\n received: value,\n }\n }\n }\n break\n\n case 'array':\n if (!Array.isArray(value)) {\n return {\n field: fieldName,\n code: 'invalid_type',\n message: rule.message \|\| `${fieldName} must be an array`,\n expected: 'array',\n received: typeof value,\n }\n }\n if (rule.minItems !== undefined && value.length < rule.minItems) {\n return {\n field: fieldName,\n code: 'too_few_items',\n message: rule.message \|\| `${fieldName} must have at least ${rule.minItems} items`,\n received: value.length,\n }\n }\n if (rule.maxItems !== undefined && value.length > rule.maxItems) {\n return {\n field: fieldName,\n code: 'too_many_items',\n message: rule.message \|\| `${fieldName} must have at most ${rule.maxItems} items`,\n received: value.length,\n }\n }\n // Validate items if rule provided\n if (rule.items) {\n for (let i = 0; i < value.length; i++) {\n const itemError = validateField(value[i], rule.items, `${fieldName}[${i}]`)\n if (itemError) return itemError\n }\n }\n break\n\n case 'object':\n if (typeof value !== 'object' \|\| value === null \|\| Array.isArray(value)) {\n return {\n field: fieldName,\n code: 'invalid_type',\n message: rule.message \|\| `${fieldName} must be an object`,\n expected: 'object',\n received: Array.isArray(value) ? 'array' : typeof value,\n }\n }\n break\n }\n\n // Custom validation\n if (rule.custom) {\n const result = rule.custom(value)\n if (result !== true) {\n return {\n field: fieldName,\n code: 'custom_validation',\n message: typeof result === 'string' ? result : rule.message \|\| `${fieldName} failed validation`,\n received: value,\n }\n }\n }\n\n return null\n}\n\n/\n Validate data against a custom schema\n /\nexport function validateCustomSchema<T>(data: unknown, schema: CustomSchema): ValidationResult<T> {\n if (typeof data !== 'object' \|\| data === null) {\n return {\n success: false,\n errors: [{\n field: '_root',\n code: 'invalid_type',\n message: 'Expected an object',\n received: data,\n }],\n }\n }\n\n const errors: ValidationError[] = []\n const record = data as Record<string, unknown>\n\n for (const [fieldName, rule] of Object.entries(schema)) {\n const error = validateField(record[fieldName], rule, fieldName)\n if (error) {\n errors.push(error)\n }\n }\n\n if (errors.length > 0) {\n return { success: false, errors }\n }\n\n return { success: true, data: data as T }\n}\n\n/\n Validate data against a Zod schema\n /\nexport function validateZodSchema<T>(data: unknown, schema: Schema<T>): ValidationResult<T> {\n const result = schema.safeParse(data)\n\n if (result.success) {\n return { success: true, data: result.data }\n }\n\n const errors: ValidationError[] = result.error.issues.map(issue => ({\n field: issue.path.join('.') \|\| '_root',\n code: issue.code,\n message: issue.message,\n path: issue.path.map(String),\n }))\n\n return { success: false, errors }\n}\n\n/\n Deep get value from object by path\n /\nexport function getByPath(obj: unknown, path: string): unknown {\n if (typeof obj !== 'object' \|\| obj === null) return undefined\n\n const parts = path.split('.')\n let current: unknown = obj\n\n for (const part of parts) {\n if (typeof current !== 'object' \|\| current === null) return undefined\n current = (current as Record<string, unknown>)[part]\n }\n\n return current\n}\n\n/\n Deep set value in object by path\n /\nexport function setByPath(obj: Record<string, unknown>, path: string, value: unknown): void {\n const parts = path.split('.')\n let current = obj\n\n for (let i = 0; i < parts.length - 1; i++) {\n const part = parts[i]\n if (!(part in current) \|\| typeof current[part] !== 'object') {\n current[part] = {}\n }\n current = current[part] as Record<string, unknown>\n }\n\n current[parts[parts.length - 1]] = value\n}\n\n/\n Walk through object and apply function to all string values\n /\nexport function walkObject(\n obj: unknown,\n fn: (value: string, path: string) => string,\n path = ''\n): unknown {\n if (typeof obj === 'string') {\n return fn(obj, path)\n }\n\n if (Array.isArray(obj)) {\n return obj.map((item, i) => walkObject(item, fn, `${path}[${i}]`))\n }\n\n if (typeof obj === 'object' && obj !== null) {\n const result: Record<string, unknown> = {}\n for (const [key, value] of Object.entries(obj)) {\n const newPath = path ? `${path}.${key}` : key\n result[key] = walkObject(value, fn, newPath)\n }\n return result\n }\n\n return obj\n}\n\n/\n Parse query string to object\n /\nexport function parseQueryString(url: string): Record<string, string \| string[]> {\n const result: Record<string, string \| string[]> = {}\n\n try {\n const urlObj = new URL(url)\n for (const [key, value] of urlObj.searchParams.entries()) {\n if (key in result) {\n const existing = result[key]\n if (Array.isArray(existing)) {\n existing.push(value)\n } else {\n result[key] = [existing, value]\n }\n } else {\n result[key] = value\n }\n }\n } catch {\n // Invalid URL, return empty\n }\n\n return result\n}\n","import type { NextRequest } from 'next/server'\nimport type {\n Schema,\n CustomSchema,\n ValidationResult,\n ValidationError,\n ValidatedContext,\n} from '../types'\nimport { isZodSchema, isCustomSchema, validateCustomSchema, validateZodSchema, parseQueryString } from '../utils'\n\n/\n Validate data against a schema (Zod or custom)\n /\nexport function validate<T>(\n data: unknown,\n schema: Schema<T> \| CustomSchema\n): ValidationResult<T> {\n if (isZodSchema(schema)) {\n return validateZodSchema(data, schema)\n }\n\n if (isCustomSchema(schema)) {\n return validateCustomSchema<T>(data, schema)\n }\n\n // Unknown schema type\n return {\n success: false,\n errors: [{\n field: '_schema',\n code: 'invalid_schema',\n message: 'Invalid schema provided',\n }],\n }\n}\n\n/\n Extract and validate request body\n /\nexport async function validateBody<T>(\n request: NextRequest,\n schema: Schema<T> \| CustomSchema\n): Promise<ValidationResult<T>> {\n let body: unknown\n\n try {\n const contentType = request.headers.get('content-type') \|\| ''\n\n if (contentType.includes('application/json')) {\n body = await request.json()\n } else if (contentType.includes('application/x-www-form-urlencoded')) {\n const text = await request.text()\n body = Object.fromEntries(new URLSearchParams(text))\n } else if (contentType.includes('multipart/form-data')) {\n const formData = await request.formData()\n const obj: Record<string, unknown> = {}\n formData.forEach((value, key) => {\n // Skip File objects for validation, only include strings\n if (typeof value === 'string') {\n obj[key] = value\n }\n })\n body = obj\n } else {\n // Try JSON as fallback\n try {\n body = await request.json()\n } catch {\n body = {}\n }\n }\n } catch (error) {\n return {\n success: false,\n errors: [{\n field: '_body',\n code: 'parse_error',\n message: 'Failed to parse request body',\n }],\n }\n }\n\n return validate<T>(body, schema)\n}\n\n/\n Extract and validate query parameters\n /\nexport function validateQuery<T>(\n request: NextRequest,\n schema: Schema<T> \| CustomSchema\n): ValidationResult<T> {\n const query = parseQueryString(request.url)\n return validate<T>(query, schema)\n}\n\n/\n Validate path parameters (from URL pattern)\n /\nexport function validateParams<T>(\n params: Record<string, string \| string[]>,\n schema: Schema<T> \| CustomSchema\n): ValidationResult<T> {\n return validate<T>(params, schema)\n}\n\n/\n Combined request validation\n /\nexport async function validateRequest<\n TBody = unknown,\n TQuery = unknown,\n TParams = unknown\n>(\n request: NextRequest,\n config: {\n body?: Schema<TBody> \| CustomSchema\n query?: Schema<TQuery> \| CustomSchema\n params?: Schema<TParams> \| CustomSchema\n routeParams?: Record<string, string \| string[]>\n }\n): Promise<{\n success: boolean\n data?: ValidatedContext<TBody, TQuery, TParams>\n errors?: ValidationError[]\n}> {\n const allErrors: ValidationError[] = []\n const data: Partial<ValidatedContext<TBody, TQuery, TParams>> = {}\n\n // Validate body\n if (config.body) {\n const bodyResult = await validateBody<TBody>(request, config.body)\n if (!bodyResult.success) {\n allErrors.push(...(bodyResult.errors \|\| []).map(e => ({\n ...e,\n field: `body.${e.field}`.replace('body._root', 'body'),\n })))\n } else {\n data.body = bodyResult.data\n }\n } else {\n data.body = {} as TBody\n }\n\n // Validate query\n if (config.query) {\n const queryResult = validateQuery<TQuery>(request, config.query)\n if (!queryResult.success) {\n allErrors.push(...(queryResult.errors \|\| []).map(e => ({\n ...e,\n field: `query.${e.field}`.replace('query._root', 'query'),\n })))\n } else {\n data.query = queryResult.data\n }\n } else {\n data.query = {} as TQuery\n }\n\n // Validate params\n if (config.params && config.routeParams) {\n const paramsResult = validateParams<TParams>(config.routeParams, config.params)\n if (!paramsResult.success) {\n allErrors.push(...(paramsResult.errors \|\| []).map(e => ({\n ...e,\n field: `params.${e.field}`.replace('params._root', 'params'),\n })))\n } else {\n data.params = paramsResult.data\n }\n } else {\n data.params = {} as TParams\n }\n\n if (allErrors.length > 0) {\n return { success: false, errors: allErrors }\n }\n\n return {\n success: true,\n data: data as ValidatedContext<TBody, TQuery, TParams>,\n }\n}\n\n/\n Default validation error response\n /\nexport function defaultValidationErrorResponse(\n errors: ValidationError[]\n): Response {\n return new Response(\n JSON.stringify({\n error: 'validation_error',\n message: 'Request validation failed',\n details: errors.map(e => ({\n field: e.field,\n code: e.code,\n message: e.message,\n })),\n }),\n {\n status: 400,\n headers: { 'Content-Type': 'application/json' },\n }\n )\n}\n\n/\n Create a validation function for a schema\n /\nexport function createValidator<T>(\n schema: Schema<T> \| CustomSchema\n): (data: unknown) => ValidationResult<T> {\n return (data: unknown) => validate<T>(data, schema)\n}\n\n/\n Check if all validation results are successful\n /\nexport function allValid(...results: ValidationResult[]): boolean {\n return results.every(r => r.success)\n}\n\n/\n Merge validation errors from multiple results\n /\nexport function mergeErrors(...results: ValidationResult[]): ValidationError[] {\n const errors: ValidationError[] = []\n for (const result of results) {\n if (result.errors) {\n errors.push(...result.errors)\n }\n }\n return errors\n}\n","import type { NextRequest } from 'next/server'\nimport type { ContentTypeConfig } from '../types'\n\n/\n Common MIME types\n /\nexport const MIME_TYPES = {\n // Text\n TEXT_PLAIN: 'text/plain',\n TEXT_HTML: 'text/html',\n TEXT_CSS: 'text/css',\n TEXT_JAVASCRIPT: 'text/javascript',\n\n // Application\n JSON: 'application/json',\n FORM_URLENCODED: 'application/x-www-form-urlencoded',\n MULTIPART_FORM: 'multipart/form-data',\n XML: 'application/xml',\n PDF: 'application/pdf',\n ZIP: 'application/zip',\n GZIP: 'application/gzip',\n OCTET_STREAM: 'application/octet-stream',\n\n // Image\n IMAGE_PNG: 'image/png',\n IMAGE_JPEG: 'image/jpeg',\n IMAGE_GIF: 'image/gif',\n IMAGE_WEBP: 'image/webp',\n IMAGE_SVG: 'image/svg+xml',\n\n // Audio\n AUDIO_MP3: 'audio/mpeg',\n AUDIO_WAV: 'audio/wav',\n AUDIO_OGG: 'audio/ogg',\n\n // Video\n VIDEO_MP4: 'video/mp4',\n VIDEO_WEBM: 'video/webm',\n} as const\n\n/\n Parse Content-Type header\n /\nexport function parseContentType(header: string \| null): {\n type: string\n subtype: string\n mediaType: string\n charset?: string\n boundary?: string\n parameters: Record<string, string>\n} {\n if (!header) {\n return {\n type: '',\n subtype: '',\n mediaType: '',\n parameters: {},\n }\n }\n\n // Split by semicolon to separate media type from parameters\n const parts = header.split(';').map(p => p.trim())\n const mediaType = parts[0].toLowerCase()\n\n // Split media type into type/subtype\n const [type = '', subtype = ''] = mediaType.split('/')\n\n // Parse parameters\n const parameters: Record<string, string> = {}\n for (let i = 1; i < parts.length; i++) {\n const [key, value] = parts[i].split('=').map(p => p.trim())\n if (key && value) {\n // Remove quotes if present\n parameters[key.toLowerCase()] = value.replace(/^[\"']\|[\"']$/g, '')\n }\n }\n\n return {\n type,\n subtype,\n mediaType,\n charset: parameters['charset'],\n boundary: parameters['boundary'],\n parameters,\n }\n}\n\n/\n Check if Content-Type matches allowed types\n /\nexport function isAllowedContentType(\n contentType: string \| null,\n allowedTypes: string[],\n strict = false\n): boolean {\n if (!contentType) {\n return !strict\n }\n\n const { mediaType } = parseContentType(contentType)\n\n return allowedTypes.some(allowed => {\n const normalizedAllowed = allowed.toLowerCase().trim()\n\n // Exact match\n if (mediaType === normalizedAllowed) {\n return true\n }\n\n // Wildcard match (e.g., 'application/' matches 'application/json')\n if (normalizedAllowed.endsWith('/')) {\n const prefix = normalizedAllowed.slice(0, -2)\n return mediaType.startsWith(prefix + '/')\n }\n\n // Type-only match (e.g., 'application' matches 'application/json')\n if (!normalizedAllowed.includes('/')) {\n const { type } = parseContentType(contentType)\n return type === normalizedAllowed\n }\n\n return false\n })\n}\n\n/\n Validate Content-Type header\n /\nexport function validateContentType(\n request: NextRequest,\n config: ContentTypeConfig\n): { valid: boolean; contentType: string \| null; reason?: string } {\n const contentType = request.headers.get('content-type')\n const { allowed, strict = false, charset } = config\n\n // Check if Content-Type is required but missing\n if (strict && !contentType) {\n return {\n valid: false,\n contentType: null,\n reason: 'Content-Type header is required',\n }\n }\n\n // Check if Content-Type is allowed\n if (contentType && !isAllowedContentType(contentType, allowed, strict)) {\n return {\n valid: false,\n contentType,\n reason: `Content-Type '${contentType}' is not allowed`,\n }\n }\n\n // Check charset if specified\n if (charset && contentType) {\n const parsed = parseContentType(contentType)\n if (parsed.charset && parsed.charset.toLowerCase() !== charset.toLowerCase()) {\n return {\n valid: false,\n contentType,\n reason: `Charset '${parsed.charset}' is not allowed, expected '${charset}'`,\n }\n }\n }\n\n return { valid: true, contentType }\n}\n\n/\n Default Content-Type validation error response\n /\nexport function defaultContentTypeErrorResponse(\n contentType: string \| null,\n reason: string\n): Response {\n return new Response(\n JSON.stringify({\n error: 'invalid_content_type',\n message: reason,\n received: contentType,\n }),\n {\n status: 415, // Unsupported Media Type\n headers: { 'Content-Type': 'application/json' },\n }\n )\n}\n\n/\n Check if request has JSON content type\n /\nexport function isJsonRequest(request: NextRequest): boolean {\n return isAllowedContentType(\n request.headers.get('content-type'),\n [MIME_TYPES.JSON]\n )\n}\n\n/\n Check if request has form content type\n /\nexport function isFormRequest(request: NextRequest): boolean {\n return isAllowedContentType(\n request.headers.get('content-type'),\n [MIME_TYPES.FORM_URLENCODED, MIME_TYPES.MULTIPART_FORM]\n )\n}\n\n/\n Check if request has multipart content type\n /\nexport function isMultipartRequest(request: NextRequest): boolean {\n return isAllowedContentType(\n request.headers.get('content-type'),\n [MIME_TYPES.MULTIPART_FORM]\n )\n}\n\n/\n Get boundary from multipart Content-Type\n /\nexport function getMultipartBoundary(request: NextRequest): string \| null {\n const contentType = request.headers.get('content-type')\n if (!contentType) return null\n\n const { boundary } = parseContentType(contentType)\n return boundary \|\| null\n}\n","import type { PathValidationConfig, PathValidationResult } from '../types'\n\n/\n Dangerous path patterns\n /\nconst DANGEROUS_PATTERNS = [\n // Unix path traversal\n /\\.\\.\\//g,\n /\\.\\./g,\n // Windows path traversal\n /\\.\\.\\\\/g,\n // Null byte (can truncate paths in some systems)\n /%00/g,\n /\\0/g,\n // URL encoded traversal\n /%2e%2e%2f/gi, // ../\n /%2e%2e\\//gi, // ../\n /%2e%2e%5c/gi, // ..\\\n /%2e%2e\\\\/gi, // ..\\\n // Double URL encoding\n /%252e%252e%252f/gi,\n /%252e%252e%255c/gi,\n // Unicode encoding\n /\\.%u002e\\//gi,\n /%u002e%u002e%u002f/gi,\n // Overlong UTF-8 encoding\n /%c0%ae%c0%ae%c0%af/gi,\n /%c1%9c/gi, // Backslash variant\n]\n\n/\n Default blocked extensions\n /\nconst DEFAULT_BLOCKED_EXTENSIONS = [\n '.exe', '.dll', '.so', '.dylib', // Executables\n '.sh', '.bash', '.bat', '.cmd', '.ps1', // Scripts\n '.php', '.asp', '.aspx', '.jsp', '.cgi', // Server scripts\n '.htaccess', '.htpasswd', // Apache config\n '.env', '.git', '.svn', // Config/VCS\n]\n\n/\n Normalize path separators\n /\nfunction normalizePathSeparators(path: string): string {\n return path.replace(/\\\\/g, '/')\n}\n\n/\n URL decode a path (handles double encoding)\n /\nfunction decodePathComponent(path: string): string {\n let result = path\n let previous = ''\n\n // Keep decoding until no more changes (handles double encoding)\n while (result !== previous) {\n previous = result\n try {\n result = decodeURIComponent(result)\n } catch {\n break\n }\n }\n\n return result\n}\n\n/\n Check if path contains traversal patterns\n /\nexport function hasPathTraversal(path: string): boolean {\n if (!path \|\| typeof path !== 'string') return false\n\n // Normalize and decode\n const normalized = normalizePathSeparators(decodePathComponent(path))\n\n // Check for dangerous patterns\n for (const pattern of DANGEROUS_PATTERNS) {\n pattern.lastIndex = 0\n if (pattern.test(normalized)) {\n return true\n }\n }\n\n // Check for .. sequences (already handled by patterns but double check)\n if (normalized.includes('..')) {\n return true\n }\n\n return false\n}\n\n/\n Validate and sanitize a path\n /\nexport function validatePath(\n path: string,\n config: PathValidationConfig = {}\n): PathValidationResult {\n if (!path \|\| typeof path !== 'string') {\n return { valid: false, reason: 'Path is empty or not a string' }\n }\n\n const {\n allowAbsolute = false,\n allowedPrefixes = [],\n allowedExtensions,\n blockedExtensions = DEFAULT_BLOCKED_EXTENSIONS,\n maxDepth = 10,\n maxLength = 255,\n normalize = true,\n } = config\n\n // Check length\n if (path.length > maxLength) {\n return { valid: false, reason: `Path exceeds maximum length of ${maxLength}` }\n }\n\n // Decode and normalize\n let normalized = decodePathComponent(path)\n if (normalize) {\n normalized = normalizePathSeparators(normalized)\n }\n\n // Check for null bytes\n if (normalized.includes('\\0') \|\| path.includes('%00')) {\n return { valid: false, reason: 'Path contains null bytes' }\n }\n\n // Check for path traversal\n if (hasPathTraversal(path)) {\n return { valid: false, reason: 'Path contains traversal sequences' }\n }\n\n // Check absolute path\n const isAbsolute = normalized.startsWith('/') \|\|\n /^[a-zA-Z]:/.test(normalized) \|\| // Windows drive letter\n normalized.startsWith('\\\\\\\\') // UNC path\n\n if (isAbsolute && !allowAbsolute) {\n return { valid: false, reason: 'Absolute paths are not allowed' }\n }\n\n // Check allowed prefixes\n if (allowedPrefixes.length > 0) {\n const hasValidPrefix = allowedPrefixes.some(prefix => {\n const normalizedPrefix = normalizePathSeparators(prefix)\n return normalized.startsWith(normalizedPrefix)\n })\n\n if (!hasValidPrefix) {\n return { valid: false, reason: 'Path does not start with an allowed prefix' }\n }\n }\n\n // Check path depth\n const segments = normalized.split('/').filter(s => s && s !== '.')\n if (segments.length > maxDepth) {\n return { valid: false, reason: `Path depth exceeds maximum of ${maxDepth}` }\n }\n\n // Get extension\n const lastSegment = segments[segments.length - 1] \|\| ''\n const dotIndex = lastSegment.lastIndexOf('.')\n const extension = dotIndex > 0 ? lastSegment.slice(dotIndex).toLowerCase() : ''\n\n // Check blocked extensions\n if (extension && blockedExtensions.length > 0) {\n if (blockedExtensions.map(e => e.toLowerCase()).includes(extension)) {\n return { valid: false, reason: `Extension ${extension} is not allowed` }\n }\n }\n\n // Check allowed extensions\n if (extension && allowedExtensions && allowedExtensions.length > 0) {\n if (!allowedExtensions.map(e => e.toLowerCase()).includes(extension)) {\n return { valid: false, reason: `Extension ${extension} is not in allowed list` }\n }\n }\n\n // Normalize double slashes\n const sanitized = normalized.replace(/\\/+/g, '/')\n\n return { valid: true, sanitized }\n}\n\n/\n Sanitize a path by removing dangerous elements\n /\nexport function sanitizePath(\n path: string,\n config: PathValidationConfig = {}\n): string {\n if (!path \|\| typeof path !== 'string') return ''\n\n const { normalize = true, maxLength = 255 } = config\n\n // Decode\n let result = decodePathComponent(path)\n\n // Normalize separators\n if (normalize) {\n result = normalizePathSeparators(result)\n }\n\n // Remove null bytes\n result = result.replace(/\\0/g, '').replace(/%00/g, '')\n\n // Remove traversal sequences\n result = result.replace(/\\.\\.\\//g, '').replace(/\\.\\.\\\\/g, '')\n\n // Remove leading slashes if not allowed absolute\n if (!config.allowAbsolute) {\n result = result.replace(/^\\/+/, '')\n result = result.replace(/^[a-zA-Z]:/, '')\n result = result.replace(/^\\\\\\\\/, '')\n }\n\n // Remove double slashes\n result = result.replace(/\\/+/g, '/')\n\n // Remove trailing slashes\n result = result.replace(/\\/+$/, '')\n\n // Limit length\n if (result.length > maxLength) {\n result = result.slice(0, maxLength)\n }\n\n return result\n}\n\n/\n Check if a path is within a base directory (safe containment)\n /\nexport function isPathContained(path: string, baseDir: string): boolean {\n if (!path \|\| !baseDir) return false\n\n // Normalize both paths\n const normalizedPath = normalizePathSeparators(decodePathComponent(path))\n const normalizedBase = normalizePathSeparators(baseDir)\n\n // Resolve the path (simulate what a file system would do)\n const resolvedPath = resolvePath(normalizedPath, normalizedBase)\n\n // Check if resolved path starts with base directory\n return resolvedPath.startsWith(normalizedBase.replace(/\\/$/, '') + '/')\n}\n\n/\n Simple path resolver (simulates path.resolve)\n /\nfunction resolvePath(path: string, base: string): string {\n // Combine base and path\n let combined: string\n if (path.startsWith('/')) {\n combined = path\n } else {\n combined = `${base.replace(/\\/$/, '')}/${path}`\n }\n\n // Resolve . and ..\n const segments: string[] = []\n for (const segment of combined.split('/')) {\n if (segment === '' \|\| segment === '.') {\n continue\n }\n if (segment === '..') {\n segments.pop()\n } else {\n segments.push(segment)\n }\n }\n\n return '/' + segments.join('/')\n}\n\n/\n Get the file extension from a path\n /\nexport function getExtension(path: string): string {\n if (!path \|\| typeof path !== 'string') return ''\n\n const normalized = normalizePathSeparators(path)\n const segments = normalized.split('/')\n const filename = segments[segments.length - 1] \|\| ''\n\n const dotIndex = filename.lastIndexOf('.')\n if (dotIndex <= 0) return '' // No extension or hidden file\n\n return filename.slice(dotIndex).toLowerCase()\n}\n\n/\n Get the filename from a path\n /\nexport function getFilename(path: string): string {\n if (!path \|\| typeof path !== 'string') return ''\n\n const normalized = normalizePathSeparators(path)\n const segments = normalized.split('/')\n\n return segments[segments.length - 1] \|\| ''\n}\n\n/\n Sanitize a filename (remove dangerous characters)\n /\nexport function sanitizeFilename(filename: string): string {\n if (typeof filename !== 'string') return 'file'\n if (!filename) return 'file'\n\n let result = filename\n\n // Remove path separators\n result = result.replace(/[/\\\\]/g, '')\n\n // Remove null bytes\n result = result.replace(/\\0/g, '')\n\n // Remove control characters\n result = result.replace(/[\\x00-\\x1f\\x7f]/g, '')\n\n // Remove dangerous characters for file systems\n result = result.replace(/[<>:\"\|?]/g, '')\n\n // Remove leading/trailing dots and spaces\n result = result.replace(/^[.\\s]+\|[.\\s]+$/g, '')\n\n // Limit length (common file system limit)\n if (result.length > 255) {\n const ext = getExtension(result)\n const name = result.slice(0, 255 - ext.length)\n result = name + ext\n }\n\n return result \|\| 'file'\n}\n\n/*\n Check if path is a hidden file (starts with dot)\n /\nexport function isHiddenPath(path: string): boolean {\n if (!path) return false\n\n const normalized = normalizePathSeparators(path)\n const segments = normalized.split('/').filter(Boolean)\n\n return segments.some(segment => segment.startsWith('.'))\n}\n","import type { NextRequest } from 'next/server'\nimport type { FileValidationConfig, FileValidationError, FileInfo, MagicNumber } from '../types'\nimport { sanitizeFilename, getExtension } from '../sanitizers/path'\n\n/\n Known magic numbers for file type validation\n /\nconst MAGIC_NUMBERS: MagicNumber[] = [\n // Images\n { type: 'image/jpeg', extension: '.jpg', signature: [0xFF, 0xD8, 0xFF] },\n { type: 'image/png', extension: '.png', signature: [0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A] },\n { type: 'image/gif', extension: '.gif', signature: [0x47, 0x49, 0x46, 0x38] }, // GIF87a or GIF89a\n { type: 'image/webp', extension: '.webp', signature: [0x52, 0x49, 0x46, 0x46], offset: 0 }, // RIFF\n { type: 'image/bmp', extension: '.bmp', signature: [0x42, 0x4D] },\n { type: 'image/tiff', extension: '.tiff', signature: [0x49, 0x49, 0x2A, 0x00] }, // Little endian\n { type: 'image/tiff', extension: '.tiff', signature: [0x4D, 0x4D, 0x00, 0x2A] }, // Big endian\n { type: 'image/x-icon', extension: '.ico', signature: [0x00, 0x00, 0x01, 0x00] },\n { type: 'image/svg+xml', extension: '.svg', signature: [0x3C, 0x3F, 0x78, 0x6D, 0x6C] }, // <?xml\n\n // Documents\n { type: 'application/pdf', extension: '.pdf', signature: [0x25, 0x50, 0x44, 0x46] }, // %PDF\n { type: 'application/zip', extension: '.zip', signature: [0x50, 0x4B, 0x03, 0x04] }, // PK\n { type: 'application/gzip', extension: '.gz', signature: [0x1F, 0x8B] },\n { type: 'application/x-rar-compressed', extension: '.rar', signature: [0x52, 0x61, 0x72, 0x21] },\n { type: 'application/x-7z-compressed', extension: '.7z', signature: [0x37, 0x7A, 0xBC, 0xAF, 0x27, 0x1C] },\n\n // Microsoft Office (new format - zip based)\n { type: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', extension: '.xlsx', signature: [0x50, 0x4B, 0x03, 0x04] },\n { type: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', extension: '.docx', signature: [0x50, 0x4B, 0x03, 0x04] },\n { type: 'application/vnd.openxmlformats-officedocument.presentationml.presentation', extension: '.pptx', signature: [0x50, 0x4B, 0x03, 0x04] },\n\n // Microsoft Office (old format)\n { type: 'application/msword', extension: '.doc', signature: [0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1] },\n { type: 'application/vnd.ms-excel', extension: '.xls', signature: [0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1] },\n\n // Audio\n { type: 'audio/mpeg', extension: '.mp3', signature: [0xFF, 0xFB] }, // MP3 frame sync\n { type: 'audio/mpeg', extension: '.mp3', signature: [0x49, 0x44, 0x33] }, // ID3\n { type: 'audio/wav', extension: '.wav', signature: [0x52, 0x49, 0x46, 0x46] }, // RIFF\n { type: 'audio/ogg', extension: '.ogg', signature: [0x4F, 0x67, 0x67, 0x53] },\n { type: 'audio/flac', extension: '.flac', signature: [0x66, 0x4C, 0x61, 0x43] },\n\n // Video\n { type: 'video/mp4', extension: '.mp4', signature: [0x00, 0x00, 0x00], offset: 0 }, // Partial match\n { type: 'video/webm', extension: '.webm', signature: [0x1A, 0x45, 0xDF, 0xA3] },\n { type: 'video/avi', extension: '.avi', signature: [0x52, 0x49, 0x46, 0x46] }, // RIFF\n { type: 'video/quicktime', extension: '.mov', signature: [0x00, 0x00, 0x00, 0x14, 0x66, 0x74, 0x79, 0x70] },\n\n // Web\n { type: 'application/wasm', extension: '.wasm', signature: [0x00, 0x61, 0x73, 0x6D] }, // \\0asm\n\n // Fonts\n { type: 'font/woff', extension: '.woff', signature: [0x77, 0x4F, 0x46, 0x46] },\n { type: 'font/woff2', extension: '.woff2', signature: [0x77, 0x4F, 0x46, 0x32] },\n]\n\n/\n Default file size limits\n /\nexport const DEFAULT_MAX_FILE_SIZE = 10 1024 * 1024 // 10MB\nexport const DEFAULT_MAX_FILES = 10\n\n/*\n Dangerous file extensions to block by default\n /\nexport const DANGEROUS_EXTENSIONS = [\n '.exe', '.dll', '.so', '.dylib', '.bin',\n '.sh', '.bash', '.bat', '.cmd', '.ps1', '.vbs',\n '.php', '.asp', '.aspx', '.jsp', '.cgi', '.pl',\n '.py', '.rb', '.jar', '.class',\n '.msi', '.dmg', '.pkg', '.deb', '.rpm',\n '.scr', '.pif', '.com', '.hta',\n]\n\n/\n Check magic number signature\n /\nexport function checkMagicNumber(bytes: Uint8Array, magicNumber: MagicNumber): boolean {\n const offset = magicNumber.offset \|\| 0\n const signature = magicNumber.signature\n\n if (bytes.length < offset + signature.length) {\n return false\n }\n\n for (let i = 0; i < signature.length; i++) {\n if (bytes[offset + i] !== signature[i]) {\n return false\n }\n }\n\n return true\n}\n\n/\n Detect file type from magic number\n /\nexport function detectFileType(bytes: Uint8Array): { type: string; extension: string } \| null {\n for (const magic of MAGIC_NUMBERS) {\n if (checkMagicNumber(bytes, magic)) {\n return { type: magic.type, extension: magic.extension }\n }\n }\n return null\n}\n\n/\n Validate a single file\n /\nexport async function validateFile(\n file: File,\n config: FileValidationConfig = {}\n): Promise<{ valid: boolean; info: FileInfo; errors: FileValidationError[] }> {\n const {\n maxSize = DEFAULT_MAX_FILE_SIZE,\n minSize = 0,\n allowedTypes = [],\n blockedTypes = [],\n allowedExtensions = [],\n blockedExtensions = DANGEROUS_EXTENSIONS,\n validateMagicNumbers = true,\n sanitizeFilename: doSanitize = true,\n } = config\n\n const errors: FileValidationError[] = []\n const extension = getExtension(file.name)\n\n const info: FileInfo = {\n filename: doSanitize ? sanitizeFilename(file.name) : file.name,\n size: file.size,\n type: file.type,\n extension,\n }\n\n // Check size\n if (file.size > maxSize) {\n errors.push({\n filename: file.name,\n code: 'size_exceeded',\n message: `File size (${formatBytes(file.size)}) exceeds maximum allowed (${formatBytes(maxSize)})`,\n details: { size: file.size, maxSize },\n })\n }\n\n if (file.size < minSize) {\n errors.push({\n filename: file.name,\n code: 'size_too_small',\n message: `File size (${formatBytes(file.size)}) is below minimum required (${formatBytes(minSize)})`,\n details: { size: file.size, minSize },\n })\n }\n\n // Check extension\n if (blockedExtensions.length > 0 && extension) {\n if (blockedExtensions.map(e => e.toLowerCase()).includes(extension.toLowerCase())) {\n errors.push({\n filename: file.name,\n code: 'extension_not_allowed',\n message: `File extension '${extension}' is not allowed`,\n details: { extension, blockedExtensions },\n })\n }\n }\n\n if (allowedExtensions.length > 0 && extension) {\n if (!allowedExtensions.map(e => e.toLowerCase()).includes(extension.toLowerCase())) {\n errors.push({\n filename: file.name,\n code: 'extension_not_allowed',\n message: `File extension '${extension}' is not in allowed list`,\n details: { extension, allowedExtensions },\n })\n }\n }\n\n // Check MIME type\n if (blockedTypes.length > 0 && file.type) {\n if (blockedTypes.includes(file.type)) {\n errors.push({\n filename: file.name,\n code: 'type_not_allowed',\n message: `File type '${file.type}' is not allowed`,\n details: { type: file.type, blockedTypes },\n })\n }\n }\n\n if (allowedTypes.length > 0) {\n if (!allowedTypes.includes(file.type)) {\n errors.push({\n filename: file.name,\n code: 'type_not_allowed',\n message: `File type '${file.type}' is not in allowed list`,\n details: { type: file.type, allowedTypes },\n })\n }\n }\n\n // Validate magic numbers\n if (validateMagicNumbers && errors.length === 0) {\n try {\n const buffer = await file.arrayBuffer()\n const bytes = new Uint8Array(buffer.slice(0, 32)) // Read first 32 bytes\n const detected = detectFileType(bytes)\n\n if (detected) {\n // Check if detected type matches claimed type\n if (file.type && detected.type !== file.type) {\n // Allow some flexibility for similar types\n const isSimilar =\n (detected.type.startsWith('image/') && file.type.startsWith('image/')) \|\|\n (detected.type.startsWith('audio/') && file.type.startsWith('audio/')) \|\|\n (detected.type.startsWith('video/') && file.type.startsWith('video/'))\n\n if (!isSimilar) {\n errors.push({\n filename: file.name,\n code: 'invalid_content',\n message: `File content doesn't match declared type (claimed: ${file.type}, detected: ${detected.type})`,\n details: { claimed: file.type, detected: detected.type },\n })\n }\n }\n }\n } catch {\n // Ignore read errors\n }\n }\n\n return {\n valid: errors.length === 0,\n info,\n errors,\n }\n}\n\n/\n Validate multiple files\n /\nexport async function validateFiles(\n files: File[],\n config: FileValidationConfig = {}\n): Promise<{ valid: boolean; infos: FileInfo[]; errors: FileValidationError[] }> {\n const { maxFiles = DEFAULT_MAX_FILES } = config\n\n const allErrors: FileValidationError[] = []\n const infos: FileInfo[] = []\n\n // Check total file count\n if (files.length > maxFiles) {\n allErrors.push({\n filename: '',\n code: 'too_many_files',\n message: `Too many files (${files.length}), maximum allowed is ${maxFiles}`,\n details: { count: files.length, maxFiles },\n })\n }\n\n // Validate each file\n for (const file of files) {\n const result = await validateFile(file, config)\n infos.push(result.info)\n allErrors.push(...result.errors)\n }\n\n return {\n valid: allErrors.length === 0,\n infos,\n errors: allErrors,\n }\n}\n\n/\n Extract files from FormData\n /\nexport function extractFilesFromFormData(formData: FormData): Map<string, File[]> {\n const files = new Map<string, File[]>()\n\n formData.forEach((value, key) => {\n if (value instanceof File) {\n const existing = files.get(key) \|\| []\n existing.push(value)\n files.set(key, existing)\n }\n })\n\n return files\n}\n\n/\n Validate files from a request\n /\nexport async function validateFilesFromRequest(\n request: NextRequest,\n config: FileValidationConfig = {}\n): Promise<{ valid: boolean; files: Map<string, FileInfo[]>; errors: FileValidationError[] }> {\n const contentType = request.headers.get('content-type') \|\| ''\n\n if (!contentType.includes('multipart/form-data')) {\n return { valid: true, files: new Map(), errors: [] }\n }\n\n try {\n const formData = await request.formData()\n const fileMap = extractFilesFromFormData(formData)\n\n const allInfos = new Map<string, FileInfo[]>()\n const allErrors: FileValidationError[] = []\n\n let totalFileCount = 0\n\n for (const [field, files] of fileMap.entries()) {\n totalFileCount += files.length\n const result = await validateFiles(files, { ...config, maxFiles: Infinity }) // Check max later\n\n allInfos.set(field, result.infos)\n allErrors.push(...result.errors.map(e => ({ ...e, field })))\n }\n\n // Check total file count across all fields\n const maxFiles = config.maxFiles ?? DEFAULT_MAX_FILES\n if (totalFileCount > maxFiles) {\n allErrors.push({\n filename: '',\n code: 'too_many_files',\n message: `Total file count (${totalFileCount}) exceeds maximum (${maxFiles})`,\n details: { count: totalFileCount, maxFiles },\n })\n }\n\n return {\n valid: allErrors.length === 0,\n files: allInfos,\n errors: allErrors,\n }\n } catch {\n return {\n valid: false,\n files: new Map(),\n errors: [{\n filename: '',\n code: 'invalid_content',\n message: 'Failed to parse multipart form data',\n }],\n }\n }\n}\n\n/\n Default file validation error response\n /\nexport function defaultFileErrorResponse(errors: FileValidationError[]): Response {\n return new Response(\n JSON.stringify({\n error: 'file_validation_error',\n message: 'File validation failed',\n details: errors.map(e => ({\n filename: e.filename,\n field: e.field,\n code: e.code,\n message: e.message,\n })),\n }),\n {\n status: 400,\n headers: { 'Content-Type': 'application/json' },\n }\n )\n}\n\n/\n Format bytes to human readable string\n /\nfunction formatBytes(bytes: number): string {\n if (bytes === 0) return '0 B'\n\n const units = ['B', 'KB', 'MB', 'GB']\n const k = 1024\n const i = Math.floor(Math.log(bytes) / Math.log(k))\n\n return `${parseFloat((bytes / Math.pow(k, i)).toFixed(2))} ${units[i]}`\n}\n","import type { SanitizeConfig } from '../types'\n\n/\n Default allowed tags for 'allow-safe' mode\n /\nconst DEFAULT_ALLOWED_TAGS = [\n 'a', 'abbr', 'b', 'blockquote', 'br', 'code', 'del', 'em', 'h1', 'h2', 'h3',\n 'h4', 'h5', 'h6', 'hr', 'i', 'ins', 'li', 'mark', 'ol', 'p', 'pre', 'q',\n 's', 'small', 'span', 'strong', 'sub', 'sup', 'u', 'ul',\n]\n\n/\n Default allowed attributes per tag\n /\nconst DEFAULT_ALLOWED_ATTRIBUTES: Record<string, string[]> = {\n a: ['href', 'title', 'target', 'rel'],\n img: ['src', 'alt', 'title', 'width', 'height'],\n abbr: ['title'],\n q: ['cite'],\n blockquote: ['cite'],\n}\n\n/\n Safe protocols for URLs\n /\nconst DEFAULT_SAFE_PROTOCOLS = ['http:', 'https:', 'mailto:', 'tel:']\n\n/\n Dangerous patterns to detect\n /\nconst DANGEROUS_PATTERNS = [\n // Event handlers\n /\\bon\\w+\\s=/gi,\n // JavaScript protocol\n /javascript\\s:/gi,\n // VBScript protocol\n /vbscript\\s:/gi,\n // Data URI with scripts\n /data\\s:[^,](?:text\\/html\|application\\/javascript\|text\\/javascript)/gi,\n // Expression in CSS\n /expression\\s\\(/gi,\n // Binding in CSS (Firefox)\n /-moz-binding\\s:/gi,\n // Behavior in CSS (IE)\n /behavior\\s:/gi,\n // Import in CSS\n /@import/gi,\n // Script tags\n /<\\sscript/gi,\n // Style tags with expressions\n /<\\sstyle[^>]>[^<]expression/gi,\n // SVG with scripts\n /<\\ssvg[^>]onload/gi,\n // Object/embed/applet tags\n /<\\s(object\|embed\|applet)/gi,\n // Base tag (can redirect resources)\n /<\\sbase/gi,\n // Meta refresh\n /<\\smeta[^>]http-equiv\\s=\\s[\"']?refresh/gi,\n // Form action hijacking\n /<\\sform[^>]action\\s=\\s[\"']?javascript/gi,\n // Link tag with import\n /<\\slink[^>]rel\\s=\\s[\"']?import/gi,\n]\n\n/\n HTML entities map\n /\nconst HTML_ENTITIES: Record<string, string> = {\n '&': '&',\n '<': '<',\n '>': '>',\n '\"': '"',\n \"'\": ''',\n '/': '/',\n '`': '`',\n '=': '=',\n}\n\n/\n Escape HTML special characters\n /\nexport function escapeHtml(str: string): string {\n return str.replace(/[&<>\"'`=/]/g, char => HTML_ENTITIES[char] \|\| char)\n}\n\n/\n Unescape HTML entities\n /\nexport function unescapeHtml(str: string): string {\n const entityMap: Record<string, string> = {\n '&': '&',\n '<': '<',\n '>': '>',\n '"': '\"',\n ''': \"'\",\n '/': '/',\n '`': '`',\n '=': '=',\n ''': \"'\",\n '/': '/',\n }\n\n return str.replace(/&(?:amp\|lt\|gt\|quot\|#x27\|#x2F\|#x60\|#x3D\|#39\|#47);/gi, entity => {\n return entityMap[entity.toLowerCase()] \|\| entity\n })\n}\n\n/\n Strip all HTML tags\n /\nexport function stripHtml(str: string): string {\n // Remove script and style content completely\n let result = str.replace(/<script[^>]>[\\s\\S]?<\\/script>/gi, '')\n result = result.replace(/<style[^>]>[\\s\\S]?<\\/style>/gi, '')\n\n // Remove all HTML tags\n result = result.replace(/<[^>]>/g, '')\n\n // Decode entities\n result = unescapeHtml(result)\n\n // Remove null bytes\n result = result.replace(/\\0/g, '')\n\n return result.trim()\n}\n\n/*\n Check if a URL is safe\n /\nexport function isSafeUrl(url: string, allowedProtocols: string[] = DEFAULT_SAFE_PROTOCOLS): boolean {\n if (!url) return true\n\n // Normalize\n const trimmed = url.trim().toLowerCase()\n\n // Check for dangerous protocols\n if (trimmed.startsWith('javascript:')) return false\n if (trimmed.startsWith('vbscript:')) return false\n\n // Allow data:image URLs (commonly used for base64 images)\n if (trimmed.startsWith('data:image/')) return true\n\n // Block other data URLs\n if (trimmed.startsWith('data:')) return false\n\n // Check if protocol is allowed\n try {\n const parsed = new URL(url, 'https://example.com')\n if (parsed.protocol && !allowedProtocols.includes(parsed.protocol)) {\n // Allow relative URLs\n if (!url.includes(':')) return true\n return false\n }\n } catch {\n // Relative URL, allow\n return true\n }\n\n return true\n}\n\n/\n Sanitize HTML with allowed tags\n /\nexport function sanitizeHtml(\n str: string,\n allowedTags: string[] = DEFAULT_ALLOWED_TAGS,\n allowedAttributes: Record<string, string[]> = DEFAULT_ALLOWED_ATTRIBUTES,\n allowedProtocols: string[] = DEFAULT_SAFE_PROTOCOLS\n): string {\n // Remove null bytes first\n let result = str.replace(/\\0/g, '')\n\n // Remove script and style content completely\n result = result.replace(/<script[^>]>[\\s\\S]?<\\/script>/gi, '')\n result = result.replace(/<style[^>]>[\\s\\S]?<\\/style>/gi, '')\n\n // Remove comments\n result = result.replace(/<!--[\\s\\S]?-->/g, '')\n\n // Process tags\n result = result.replace(/<\\/?([a-z][a-z0-9])\\b([^>])>/gi, (match, tagName, attributes) => {\n const lowerTag = tagName.toLowerCase()\n const isClosing = match.startsWith('</')\n\n // Check if tag is allowed\n if (!allowedTags.includes(lowerTag)) {\n return ''\n }\n\n if (isClosing) {\n return `</${lowerTag}>`\n }\n\n // Process attributes\n const allowedAttrs = allowedAttributes[lowerTag] \|\| []\n const safeAttrs: string[] = []\n\n // Parse attributes\n const attrRegex = /([a-z][a-z0-9-])\\s=\\s(?:\"([^\"])\"\|'([^'])'\|([^\\s>]))/gi\n let attrMatch\n\n while ((attrMatch = attrRegex.exec(attributes)) !== null) {\n const attrName = attrMatch[1].toLowerCase()\n const attrValue = attrMatch[2] \|\| attrMatch[3] \|\| attrMatch[4] \|\| ''\n\n // Check if attribute is allowed\n if (!allowedAttrs.includes(attrName)) continue\n\n // Check for dangerous patterns in value\n if (DANGEROUS_PATTERNS.some(pattern => pattern.test(attrValue))) continue\n\n // Check URL attributes\n if (['href', 'src', 'action', 'formaction'].includes(attrName)) {\n if (!isSafeUrl(attrValue, allowedProtocols)) continue\n }\n\n // Escape attribute value\n const safeValue = escapeHtml(attrValue)\n safeAttrs.push(`${attrName}=\"${safeValue}\"`)\n }\n\n const attrStr = safeAttrs.length > 0 ? ' ' + safeAttrs.join(' ') : ''\n return `<${lowerTag}${attrStr}>`\n })\n\n // Final check for any remaining dangerous patterns\n for (const pattern of DANGEROUS_PATTERNS) {\n result = result.replace(pattern, '')\n }\n\n return result\n}\n\n/*\n Detect if string contains potential XSS\n /\nexport function detectXSS(str: string): boolean {\n if (!str \|\| typeof str !== 'string') return false\n\n // Normalize\n const normalized = str\n .replace(/\\\\x([0-9a-f]{2})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)))\n .replace(/\\\\u([0-9a-f]{4})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)))\n .replace(/&#x([0-9a-f]+);?/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)))\n .replace(/&#(\\d+);?/gi, (_, dec) => String.fromCharCode(parseInt(dec, 10)))\n\n // Reset lastIndex for global regexes before testing\n for (const pattern of DANGEROUS_PATTERNS) {\n pattern.lastIndex = 0\n if (pattern.test(normalized)) {\n return true\n }\n }\n\n return false\n}\n\n/\n Main sanitize function\n /\nexport function sanitize(input: string, config: SanitizeConfig = {}): string {\n if (!input \|\| typeof input !== 'string') return ''\n\n const {\n mode = 'escape',\n allowedTags = DEFAULT_ALLOWED_TAGS,\n allowedAttributes = DEFAULT_ALLOWED_ATTRIBUTES,\n allowedProtocols = DEFAULT_SAFE_PROTOCOLS,\n maxLength,\n stripNull = true,\n } = config\n\n let result = input\n\n // Strip null bytes\n if (stripNull) {\n result = result.replace(/\\0/g, '')\n }\n\n // Apply sanitization based on mode\n switch (mode) {\n case 'escape':\n result = escapeHtml(result)\n break\n\n case 'strip':\n result = stripHtml(result)\n break\n\n case 'allow-safe':\n result = sanitizeHtml(result, allowedTags, allowedAttributes, allowedProtocols)\n break\n }\n\n // Apply max length\n if (maxLength !== undefined && result.length > maxLength) {\n result = result.slice(0, maxLength)\n }\n\n return result\n}\n\n/\n Sanitize object values recursively\n /\nexport function sanitizeObject<T>(obj: T, config: SanitizeConfig = {}): T {\n if (typeof obj === 'string') {\n return sanitize(obj, config) as T\n }\n\n if (Array.isArray(obj)) {\n return obj.map(item => sanitizeObject(item, config)) as T\n }\n\n if (typeof obj === 'object' && obj !== null) {\n const result: Record<string, unknown> = {}\n for (const [key, value] of Object.entries(obj)) {\n result[key] = sanitizeObject(value, config)\n }\n return result as T\n }\n\n return obj\n}\n\n/\n Sanitize specific fields in an object\n /\nexport function sanitizeFields<T extends Record<string, unknown>>(\n obj: T,\n fields: string[],\n config: SanitizeConfig = {}\n): T {\n const result = { ...obj }\n\n for (const field of fields) {\n if (field in result && typeof result[field] === 'string') {\n (result as Record<string, unknown>)[field] = sanitize(result[field] as string, config)\n }\n }\n\n return result\n}\n","import type { SQLDetection } from '../types'\n\n/\n SQL injection patterns with severity levels\n /\ninterface SQLPattern {\n pattern: RegExp\n name: string\n severity: 'low' \| 'medium' \| 'high'\n}\n\n/\n Common SQL injection patterns\n /\nconst SQL_PATTERNS: SQLPattern[] = [\n // High severity - Definite attacks\n {\n pattern: /'\\sOR\\s+'?\\d+'?\\s=\\s'?\\d+'?/gi,\n name: \"OR '1'='1' attack\",\n severity: 'high',\n },\n {\n pattern: /'\\sOR\\s+'[^']'\\s=\\s'[^']'/gi,\n name: \"OR 'x'='x' attack\",\n severity: 'high',\n },\n {\n pattern: /;\\sDROP\\s+(TABLE\|DATABASE\|INDEX\|VIEW)/gi,\n name: 'DROP statement',\n severity: 'high',\n },\n {\n pattern: /;\\sDELETE\\s+FROM/gi,\n name: 'DELETE statement',\n severity: 'high',\n },\n {\n pattern: /;\\sTRUNCATE\\s+/gi,\n name: 'TRUNCATE statement',\n severity: 'high',\n },\n {\n pattern: /;\\sINSERT\\s+INTO/gi,\n name: 'INSERT statement',\n severity: 'high',\n },\n {\n pattern: /;\\sUPDATE\\s+\\w+\\s+SET/gi,\n name: 'UPDATE statement',\n severity: 'high',\n },\n {\n pattern: /UNION\\s+(ALL\\s+)?SELECT/gi,\n name: 'UNION SELECT attack',\n severity: 'high',\n },\n {\n pattern: /EXEC(\\s+\|\$)+(sp_\|xp_)/gi,\n name: 'SQL Server stored procedure',\n severity: 'high',\n },\n {\n pattern: /EXECUTE\\s+IMMEDIATE/gi,\n name: 'Oracle EXECUTE IMMEDIATE',\n severity: 'high',\n },\n {\n pattern: /INTO\\s+(OUT\|DUMP)FILE/gi,\n name: 'MySQL file write',\n severity: 'high',\n },\n {\n pattern: /LOAD_FILE\\s\\(/gi,\n name: 'MySQL file read',\n severity: 'high',\n },\n {\n pattern: /BENCHMARK\\s\\(\\s\\d+\\s,/gi,\n name: 'MySQL BENCHMARK DoS',\n severity: 'high',\n },\n {\n pattern: /SLEEP\\s\\(\\s\\d+\\s\$/gi,\n name: 'SQL SLEEP time-based attack',\n severity: 'high',\n },\n {\n pattern: /WAITFOR\\s+DELAY/gi,\n name: 'SQL Server WAITFOR DELAY',\n severity: 'high',\n },\n {\n pattern: /PG_SLEEP\\s\$/gi,\n name: 'PostgreSQL pg_sleep',\n severity: 'high',\n },\n\n // Medium severity - Likely attacks\n {\n pattern: /'\\s--/g,\n name: 'SQL comment injection',\n severity: 'medium',\n },\n {\n pattern: /'\\s#/g,\n name: 'MySQL comment injection',\n severity: 'medium',\n },\n {\n pattern: /\\/\\[\\s\\S]?\\\\//g,\n name: 'Block comment',\n severity: 'medium',\n },\n {\n pattern: /'\\s;\\s$/g,\n name: 'Statement terminator',\n severity: 'medium',\n },\n {\n pattern: /HAVING\\s+\\d+\\s=\\s\\d+/gi,\n name: 'HAVING clause injection',\n severity: 'medium',\n },\n {\n pattern: /GROUP\\s+BY\\s+\\d+/gi,\n name: 'GROUP BY injection',\n severity: 'medium',\n },\n {\n pattern: /ORDER\\s+BY\\s+\\d+/gi,\n name: 'ORDER BY injection',\n severity: 'medium',\n },\n {\n pattern: /CONCAT\\s\\(/gi,\n name: 'CONCAT function',\n severity: 'medium',\n },\n {\n pattern: /CHAR\\s\\(\\s\\d+\\s\$/gi,\n name: 'CHAR function bypass',\n severity: 'medium',\n },\n {\n pattern: /0x[0-9a-f]{2,}/gi,\n name: 'Hex encoded value',\n severity: 'medium',\n },\n {\n pattern: /CONVERT\\s\\(/gi,\n name: 'CONVERT function',\n severity: 'medium',\n },\n {\n pattern: /CAST\\s\\(/gi,\n name: 'CAST function',\n severity: 'medium',\n },\n\n // Low severity - Suspicious but may be false positives\n {\n pattern: /'\\sAND\\s+'?\\d+'?\\s=\\s'?\\d+'?/gi,\n name: \"AND '1'='1' pattern\",\n severity: 'low',\n },\n {\n pattern: /'\\sAND\\s+'[^']'\\s=\\s'[^']'/gi,\n name: \"AND 'x'='x' pattern\",\n severity: 'low',\n },\n {\n pattern: /SELECT\\s+[\\w\\s,]+\\s+FROM/gi,\n name: 'SELECT statement',\n severity: 'low',\n },\n {\n pattern: /'\\s\\+\\s'/g,\n name: 'String concatenation',\n severity: 'low',\n },\n {\n pattern: /'\\s\\\|\\\|\\s'/g,\n name: 'Oracle string concatenation',\n severity: 'low',\n },\n]\n\n/*\n Additional encoded patterns (URL, hex, unicode)\n * Note: These match on the NORMALIZED (decoded) input\n /\nconst ENCODED_PATTERNS: SQLPattern[] = [\n {\n pattern: /%27\\s%4f%52\\s%27/gi, // URL encoded ' OR '\n name: 'URL encoded OR injection',\n severity: 'high',\n },\n {\n pattern: /%27\\s%2d%2d/gi, // URL encoded ' --\n name: 'URL encoded comment injection',\n severity: 'medium',\n },\n {\n pattern: /\\0\|%00/g, // Null byte (decoded or encoded)\n name: 'Null byte injection',\n severity: 'high',\n },\n {\n pattern: /\\\\x27/gi, // Hex escape\n name: 'Hex escaped quote',\n severity: 'medium',\n },\n {\n pattern: /\\\\u0027/gi, // Unicode escape\n name: 'Unicode escaped quote',\n severity: 'medium',\n },\n]\n\n/*\n Normalize input by decoding common encodings\n /\nfunction normalizeInput(input: string): string {\n let result = input\n\n // URL decode\n try {\n result = decodeURIComponent(result)\n } catch {\n // Ignore decode errors\n }\n\n // HTML entity decode\n result = result\n .replace(/&#x([0-9a-f]+);?/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)))\n .replace(/&#(\\d+);?/gi, (_, dec) => String.fromCharCode(parseInt(dec, 10)))\n .replace(/"/gi, '\"')\n .replace(/'/gi, \"'\")\n .replace(/</gi, '<')\n .replace(/>/gi, '>')\n .replace(/&/gi, '&')\n\n // Hex escape decode\n result = result.replace(/\\\\x([0-9a-f]{2})/gi, (_, hex) =>\n String.fromCharCode(parseInt(hex, 16))\n )\n\n // Unicode escape decode\n result = result.replace(/\\\\u([0-9a-f]{4})/gi, (_, hex) =>\n String.fromCharCode(parseInt(hex, 16))\n )\n\n return result\n}\n\n/\n Detect SQL injection in a string\n /\nexport function detectSQLInjection(\n input: string,\n options: {\n customPatterns?: RegExp[]\n checkEncoded?: boolean\n minSeverity?: 'low' \| 'medium' \| 'high'\n } = {}\n): SQLDetection[] {\n if (!input \|\| typeof input !== 'string') return []\n\n const {\n customPatterns = [],\n checkEncoded = true,\n minSeverity = 'low',\n } = options\n\n const severityOrder = { low: 0, medium: 1, high: 2 }\n const minSeverityLevel = severityOrder[minSeverity]\n\n const detections: SQLDetection[] = []\n const seenPatterns = new Set<string>()\n\n // Normalize input for encoded pattern detection\n const normalizedInput = checkEncoded ? normalizeInput(input) : input\n\n // Check all patterns\n const allPatterns = [\n ...SQL_PATTERNS,\n ...(checkEncoded ? ENCODED_PATTERNS : []),\n ...customPatterns.map(p => ({ pattern: p, name: 'Custom pattern', severity: 'high' as const })),\n ]\n\n for (const { pattern, name, severity } of allPatterns) {\n if (severityOrder[severity] < minSeverityLevel) continue\n\n // Reset regex state\n pattern.lastIndex = 0\n\n const testInput = checkEncoded ? normalizedInput : input\n if (pattern.test(testInput)) {\n const key = `${name}:${severity}`\n if (!seenPatterns.has(key)) {\n seenPatterns.add(key)\n detections.push({\n field: '', // Will be set by caller\n value: input,\n pattern: name,\n severity,\n })\n }\n }\n }\n\n return detections\n}\n\n/\n Check if string contains SQL injection (boolean check)\n /\nexport function hasSQLInjection(\n input: string,\n minSeverity: 'low' \| 'medium' \| 'high' = 'medium'\n): boolean {\n return detectSQLInjection(input, { minSeverity }).length > 0\n}\n\n/\n Sanitize input to prevent SQL injection\n * NOTE: This should NOT be a replacement for parameterized queries!\n /\nexport function sanitizeSQLInput(input: string): string {\n if (!input \|\| typeof input !== 'string') return ''\n\n let result = input\n\n // Remove null bytes\n result = result.replace(/\\0/g, '')\n\n // Escape single quotes\n result = result.replace(/'/g, \"''\")\n\n // Remove dangerous characters\n result = result.replace(/;/g, '')\n result = result.replace(/--/g, '')\n result = result.replace(/\\/\\/g, '')\n result = result.replace(/\\\\//g, '')\n\n // Remove hex encoded values\n result = result.replace(/0x[0-9a-f]+/gi, '')\n\n return result\n}\n\n/\n Detect SQL injection in object fields\n /\nexport function detectSQLInjectionInObject(\n obj: unknown,\n options: {\n fields?: string[]\n deep?: boolean\n customPatterns?: RegExp[]\n minSeverity?: 'low' \| 'medium' \| 'high'\n } = {}\n): SQLDetection[] {\n const { fields, deep = true, customPatterns, minSeverity } = options\n const detections: SQLDetection[] = []\n\n function walk(value: unknown, path: string): void {\n if (typeof value === 'string') {\n // If fields specified, only check those\n if (fields && fields.length > 0) {\n const fieldName = path.split('.').pop() \|\| path\n if (!fields.includes(fieldName)) return\n }\n\n const detected = detectSQLInjection(value, { customPatterns, minSeverity })\n for (const d of detected) {\n detections.push({ ...d, field: path })\n }\n } else if (deep && Array.isArray(value)) {\n value.forEach((item, i) => walk(item, `${path}[${i}]`))\n } else if (deep && typeof value === 'object' && value !== null) {\n for (const [key, val] of Object.entries(value)) {\n walk(val, path ? `${path}.${key}` : key)\n }\n }\n }\n\n walk(obj, '')\n return detections\n}\n\n/\n Check if value is in allowlist (safe values)\n /\nexport function isAllowedValue(value: string, allowList: string[]): boolean {\n if (!allowList \|\| allowList.length === 0) return false\n return allowList.includes(value)\n}\n","import type { NextRequest } from 'next/server'\nimport type {\n ValidationConfig,\n ValidatedContext,\n ValidationError,\n SanitizationMiddlewareConfig,\n SanitizationChange,\n SQLProtectionConfig,\n ContentTypeConfig,\n FileValidationConfig,\n FileInfo,\n Schema,\n CustomSchema,\n} from './types'\nimport { validateRequest, defaultValidationErrorResponse } from './validators/schema'\nimport { validateContentType, defaultContentTypeErrorResponse } from './validators/content-type'\nimport { validateFilesFromRequest, defaultFileErrorResponse } from './validators/file'\nimport { sanitize, detectXSS } from './sanitizers/xss'\nimport { detectSQLInjectionInObject } from './sanitizers/sql'\nimport { walkObject } from './utils'\n\ntype RouteHandler = (req: NextRequest) => Response \| Promise<Response>\n\n/\n Validation middleware\n * Validates request body, query, and params against schemas\n /\nexport function withValidation<\n TBody = unknown,\n TQuery = unknown,\n TParams = unknown\n>(\n handler: (\n req: NextRequest,\n ctx: { validated: ValidatedContext<TBody, TQuery, TParams> }\n ) => Response \| Promise<Response>,\n config: ValidationConfig<TBody, TQuery, TParams> & {\n routeParams?: Record<string, string \| string[]>\n }\n): RouteHandler {\n const onError = config.onError \|\| ((_, errors) => defaultValidationErrorResponse(errors))\n\n return async (req: NextRequest): Promise<Response> => {\n const result = await validateRequest<TBody, TQuery, TParams>(req, {\n body: config.body as Schema<TBody> \| CustomSchema \| undefined,\n query: config.query as Schema<TQuery> \| CustomSchema \| undefined,\n params: config.params as Schema<TParams> \| CustomSchema \| undefined,\n routeParams: config.routeParams,\n })\n\n if (!result.success) {\n return onError(req, result.errors \|\| [])\n }\n\n return handler(req, { validated: result.data! })\n }\n}\n\n/\n XSS Sanitization middleware\n * Sanitizes string values in request body\n /\nexport function withSanitization(\n handler: (\n req: NextRequest,\n ctx: { sanitized: unknown; changes: SanitizationChange[] }\n ) => Response \| Promise<Response>,\n config: SanitizationMiddlewareConfig = {}\n): RouteHandler {\n const {\n fields,\n mode = 'escape',\n allowedTags,\n skip,\n onSanitized,\n } = config\n\n return async (req: NextRequest): Promise<Response> => {\n // Check skip condition\n if (skip && await skip(req)) {\n return handler(req, { sanitized: null, changes: [] })\n }\n\n let body: unknown\n try {\n body = await req.json()\n } catch {\n return handler(req, { sanitized: null, changes: [] })\n }\n\n const changes: SanitizationChange[] = []\n\n const sanitized = walkObject(body, (value, path) => {\n // If specific fields are specified, only sanitize those\n if (fields && fields.length > 0) {\n const fieldName = path.split('.').pop() \|\| path\n if (!fields.includes(fieldName)) {\n return value\n }\n }\n\n const cleaned = sanitize(value, { mode, allowedTags })\n\n if (cleaned !== value) {\n changes.push({\n field: path,\n original: value,\n sanitized: cleaned,\n })\n }\n\n return cleaned\n }, '')\n\n // Callback for tracking\n if (onSanitized && changes.length > 0) {\n onSanitized(req, changes)\n }\n\n return handler(req, { sanitized, changes })\n }\n}\n\n/\n XSS Detection middleware\n * Blocks requests with potential XSS payloads in body and query parameters\n /\nexport function withXSSProtection(\n handler: RouteHandler,\n config: {\n fields?: string[]\n deep?: boolean\n checkQuery?: boolean\n onDetection?: (req: NextRequest, field: string, value: string) => Response \| void \| Promise<Response \| void>\n } = {}\n): RouteHandler {\n const { fields, onDetection, checkQuery = true } = config\n\n return async (req: NextRequest): Promise<Response> => {\n const detections: { field: string; value: string }[] = []\n\n // Check query parameters for XSS\n if (checkQuery) {\n const url = new URL(req.url)\n for (const [key, value] of url.searchParams.entries()) {\n if (detectXSS(value)) {\n detections.push({ field: `query.${key}`, value })\n }\n }\n }\n\n // Check body\n let body: unknown\n try {\n body = await req.json()\n } catch {\n // No body or invalid JSON, skip body check\n body = null\n }\n\n if (body) {\n walkObject(body, (value, path) => {\n // If specific fields are specified, only check those\n if (fields && fields.length > 0) {\n const fieldName = path.split('.').pop() \|\| path\n if (!fields.includes(fieldName)) {\n return value\n }\n }\n\n if (detectXSS(value)) {\n detections.push({ field: path, value })\n }\n\n return value\n }, '')\n }\n\n if (detections.length > 0) {\n if (onDetection) {\n for (const { field, value } of detections) {\n const result = await onDetection(req, field, value)\n if (result instanceof Response) {\n return result\n }\n }\n }\n\n // Default: block request\n return new Response(\n JSON.stringify({\n error: 'xss_detected',\n message: 'Potentially malicious content detected',\n fields: detections.map(d => d.field),\n }),\n {\n status: 400,\n headers: { 'Content-Type': 'application/json' },\n }\n )\n }\n\n return handler(req)\n }\n}\n\n/\n SQL Injection Protection middleware\n /\nexport function withSQLProtection(\n handler: RouteHandler,\n config: SQLProtectionConfig = {}\n): RouteHandler {\n const {\n fields,\n deep = true,\n mode = 'block',\n customPatterns,\n allowList = [],\n onDetection,\n } = config\n\n return async (req: NextRequest): Promise<Response> => {\n let body: unknown\n try {\n body = await req.json()\n } catch {\n return handler(req)\n }\n\n const detections = detectSQLInjectionInObject(body, {\n fields,\n deep,\n customPatterns,\n minSeverity: mode === 'detect' ? 'low' : 'medium',\n })\n\n // Filter out allowed values\n const filtered = detections.filter(d => !allowList.includes(d.value))\n\n if (filtered.length > 0) {\n if (onDetection) {\n const result = await onDetection(req, filtered)\n if (result instanceof Response) {\n return result\n }\n }\n\n if (mode === 'block') {\n return new Response(\n JSON.stringify({\n error: 'sql_injection_detected',\n message: 'Potentially malicious SQL detected',\n detections: filtered.map(d => ({\n field: d.field,\n pattern: d.pattern,\n severity: d.severity,\n })),\n }),\n {\n status: 400,\n headers: { 'Content-Type': 'application/json' },\n }\n )\n }\n }\n\n return handler(req)\n }\n}\n\n/\n Content-Type validation middleware\n /\nexport function withContentType(\n handler: RouteHandler,\n config: ContentTypeConfig\n): RouteHandler {\n const onInvalid = config.onInvalid \|\| ((_, contentType) =>\n defaultContentTypeErrorResponse(contentType, `Content-Type '${contentType}' is not allowed`)\n )\n\n return async (req: NextRequest): Promise<Response> => {\n const result = validateContentType(req, config)\n\n if (!result.valid) {\n return onInvalid(req, result.contentType)\n }\n\n return handler(req)\n }\n}\n\n/\n File upload validation middleware\n /\nexport function withFileValidation(\n handler: (\n req: NextRequest,\n ctx: { files: Map<string, FileInfo[]> }\n ) => Response \| Promise<Response>,\n config: FileValidationConfig = {}\n): RouteHandler {\n const onInvalid = config.onInvalid \|\| ((_, errors) => defaultFileErrorResponse(errors))\n\n return async (req: NextRequest): Promise<Response> => {\n const result = await validateFilesFromRequest(req, config)\n\n if (!result.valid) {\n return onInvalid(req, result.errors)\n }\n\n return handler(req, { files: result.files })\n }\n}\n\n/\n Combined validation middleware\n * Combines schema validation, sanitization, and protection\n /\nexport function withSecureValidation<\n TBody = unknown,\n TQuery = unknown,\n TParams = unknown\n>(\n handler: (\n req: NextRequest,\n ctx: {\n validated: ValidatedContext<TBody, TQuery, TParams>\n files?: Map<string, FileInfo[]>\n }\n ) => Response \| Promise<Response>,\n config: {\n schema?: ValidationConfig<TBody, TQuery, TParams>\n routeParams?: Record<string, string \| string[]>\n contentType?: ContentTypeConfig\n files?: FileValidationConfig\n sanitize?: SanitizationMiddlewareConfig\n xss?: { enabled: boolean; fields?: string[] }\n sql?: SQLProtectionConfig\n onError?: (req: NextRequest, errors: ValidationError[]) => Response \| Promise<Response>\n }\n): RouteHandler {\n return async (req: NextRequest): Promise<Response> => {\n const allErrors: ValidationError[] = []\n\n // 1. Content-Type validation\n if (config.contentType) {\n const ctResult = validateContentType(req, config.contentType)\n if (!ctResult.valid) {\n allErrors.push({\n field: 'Content-Type',\n code: 'invalid_content_type',\n message: ctResult.reason \|\| 'Invalid Content-Type',\n })\n }\n }\n\n // 2. File validation (if multipart)\n let files: Map<string, FileInfo[]> \| undefined\n if (config.files) {\n const fileResult = await validateFilesFromRequest(req, config.files)\n if (!fileResult.valid) {\n allErrors.push(...fileResult.errors.map(e => ({\n field: e.field \|\| e.filename,\n code: e.code,\n message: e.message,\n })))\n } else {\n files = fileResult.files\n }\n }\n\n // Early return on content errors\n if (allErrors.length > 0) {\n const onError = config.onError \|\| ((_, errors) => defaultValidationErrorResponse(errors))\n return onError(req, allErrors)\n }\n\n // 3. Schema validation\n let validated: ValidatedContext<TBody, TQuery, TParams> \| undefined\n if (config.schema) {\n const schemaResult = await validateRequest<TBody, TQuery, TParams>(req, {\n body: config.schema.body as Schema<TBody> \| CustomSchema \| undefined,\n query: config.schema.query as Schema<TQuery> \| CustomSchema \| undefined,\n params: config.schema.params as Schema<TParams> \| CustomSchema \| undefined,\n routeParams: config.routeParams,\n })\n\n if (!schemaResult.success) {\n allErrors.push(...(schemaResult.errors \|\| []))\n } else {\n validated = schemaResult.data\n }\n } else {\n validated = {\n body: {} as TBody,\n query: {} as TQuery,\n params: {} as TParams,\n }\n }\n\n // 4. SQL injection detection\n if (config.sql && validated?.body) {\n const sqlDetections = detectSQLInjectionInObject(validated.body, {\n fields: config.sql.fields,\n deep: config.sql.deep,\n customPatterns: config.sql.customPatterns,\n })\n\n if (sqlDetections.length > 0 && config.sql.mode !== 'detect') {\n allErrors.push(...sqlDetections.map(d => ({\n field: d.field,\n code: 'sql_injection',\n message: `Potential SQL injection detected: ${d.pattern}`,\n })))\n }\n }\n\n // 5. XSS detection\n if (config.xss?.enabled && validated?.body) {\n walkObject(validated.body, (value, path) => {\n if (config.xss?.fields && config.xss.fields.length > 0) {\n const fieldName = path.split('.').pop() \|\| path\n if (!config.xss.fields.includes(fieldName)) {\n return value\n }\n }\n\n if (detectXSS(value)) {\n allErrors.push({\n field: path,\n code: 'xss_detected',\n message: 'Potentially malicious content detected',\n })\n }\n\n return value\n }, '')\n }\n\n // Return errors\n if (allErrors.length > 0) {\n const onError = config.onError \|\| ((_, errors) => defaultValidationErrorResponse(errors))\n return onError(req, allErrors)\n }\n\n return handler(req, { validated: validated!, files })\n }\n}\n","/\n next-secure\n \n Production-ready security middleware for Next.js 13+ App Router.\n \n @example\n * ```typescript\n * import { withRateLimit, withAuth, secure } from 'next-secure'\n \n // Simple rate limiting\n * export const GET = withRateLimit(\n * async (req) => Response.json({ ok: true }),\n * { limit: 100, window: '15m' }\n * )\n \n // Builder pattern\n * export const POST = secure()\n * .rateLimit({ limit: 10, window: '1m' })\n * .auth({ roles: ['admin'] })\n * .handle(async (req, ctx) => {\n * return Response.json({ user: ctx.user })\n * })\n * ```\n \n @packageDocumentation\n /\n\n// =============================================================================\n// Core\n// =============================================================================\n\nexport type {\n NextRequest,\n SecureContext,\n SecureHandler,\n Middleware,\n ErrorResponse,\n RateLimitInfo,\n Duration,\n RateLimitAlgorithm,\n RateLimitIdentifier,\n} from './core/types'\n\nexport {\n SecureError,\n RateLimitError,\n AuthenticationError,\n AuthorizationError,\n ValidationError,\n CsrfError,\n ConfigurationError,\n isSecureError,\n toSecureError,\n} from './core/errors'\n\n// =============================================================================\n// Rate Limiting\n// =============================================================================\n\nexport {\n withRateLimit,\n createRateLimiter,\n checkRateLimit,\n resetRateLimit,\n getRateLimitStatus,\n clearAllRateLimits,\n} from './middleware/rate-limit'\n\nexport type {\n RateLimitConfig,\n RateLimitStore,\n MemoryStoreOptions,\n RedisStoreOptions,\n UpstashStoreOptions,\n} from './middleware/rate-limit'\n\nexport {\n MemoryStore,\n createMemoryStore,\n getGlobalMemoryStore,\n} from './middleware/rate-limit'\n\n// =============================================================================\n// CSRF Protection\n// =============================================================================\n\nexport {\n withCSRF,\n generateCSRF,\n validateCSRF,\n createToken as createCSRFToken,\n verifyToken as verifyCSRFToken,\n tokensMatch,\n} from './middleware/csrf'\n\nexport type {\n CSRFConfig,\n CSRFCookieOptions,\n CSRFToken,\n} from './middleware/csrf'\n\n// =============================================================================\n// Security Headers\n// =============================================================================\n\nexport {\n withSecurityHeaders,\n createSecurityHeaders,\n createSecurityHeadersObject,\n buildCSP,\n buildHSTS,\n buildPermissionsPolicy,\n getPreset,\n PRESET_STRICT,\n PRESET_RELAXED,\n PRESET_API,\n} from './middleware/headers'\n\nexport type {\n ContentSecurityPolicy,\n StrictTransportSecurity,\n PermissionsPolicy,\n SecurityHeadersConfig,\n SecurityHeadersPreset,\n XFrameOptions,\n ReferrerPolicy,\n} from './middleware/headers'\n\n// =============================================================================\n// Authentication\n// =============================================================================\n\nexport {\n withJWT,\n withAPIKey,\n withSession,\n withAuth,\n withRoles,\n withOptionalAuth,\n verifyJWT,\n decodeJWT,\n extractBearerToken,\n} from './middleware/auth'\n\nexport type {\n AuthUser,\n AuthConfig,\n AuthError,\n AuthErrorCode,\n JWTConfig,\n JWTPayload,\n APIKeyConfig,\n SessionConfig,\n RBACConfig,\n} from './middleware/auth'\n\n// =============================================================================\n// Input Validation\n// =============================================================================\n\nexport {\n // Middleware\n withValidation,\n withSanitization,\n withXSSProtection,\n withSQLProtection,\n withContentType,\n withFileValidation,\n withSecureValidation,\n // Schema validation\n validate,\n validateBody,\n validateQuery,\n validateRequest,\n createValidator,\n // XSS\n sanitize,\n sanitizeObject,\n sanitizeFields,\n escapeHtml,\n stripHtml,\n detectXSS,\n // SQL\n detectSQLInjection,\n hasSQLInjection,\n sanitizeSQLInput,\n // Path\n validatePath,\n sanitizePath,\n hasPathTraversal,\n sanitizeFilename,\n // Content-Type\n validateContentType,\n isJsonRequest,\n isFormRequest,\n MIME_TYPES,\n // File\n validateFile,\n validateFiles,\n detectFileType,\n DANGEROUS_EXTENSIONS,\n} from './middleware/validation'\n\nexport type {\n ValidationError as InputValidationError,\n ValidationResult,\n ValidationConfig,\n ValidatedContext,\n SanitizeConfig,\n SanitizeMode,\n SQLDetection,\n SQLProtectionConfig,\n PathValidationConfig,\n PathValidationResult,\n ContentTypeConfig,\n FileValidationConfig,\n FileValidationError,\n FileInfo,\n FieldRule,\n FieldType,\n CustomSchema,\n} from './middleware/validation'\n\n// =============================================================================\n// Utilities\n// =============================================================================\n\nexport {\n parseDuration,\n formatDuration,\n nowInSeconds,\n nowInMs,\n sleep,\n} from './utils/time'\n\nexport {\n getClientIp,\n normalizeIp,\n isValidIp,\n isPrivateIp,\n isLocalhost,\n anonymizeIp,\n getGeoInfo,\n} from './utils/ip'\n\n// =============================================================================\n// Version\n// =============================================================================\n\n/\n Package version\n */\nexport const VERSION = '0.5.0'\n"]}