nitro-web 0.0.207 → 0.1.1

package/components/auth/auth.api.js

@@ -6,12 +6,14 @@ import passportLocal from 'passport-local'
 import { Strategy as JwtStrategy, ExtractJwt } from 'passport-jwt'
 import db, { isId } from 'monastery'
 import jsonwebtoken from 'jsonwebtoken'
+import { getDomain } from 'tldts'
 import { sendEmail } from 'nitro-web/server'
 import { isArray, pick, ucFirst, fullNameSplit } from 'nitro-web/util'
 // Todo: detect if the user is already invited to the company, instead of token error
 
 const JWT_SECRET = process.env.JWT_SECRET || 'replace_this_with_secure_env_secret'
 let authConfig = null
+
 export const auth = {
   userFindFromProvider, userSigninGetStore, getStore,
   userCreate, passwordValidate, tokenCreate, tokenParse, tokenSend,
@@ -37,7 +39,7 @@ function setup(middleware, _config, helpers = {}) {
   // Tip: you can pass in your own helpers to override the default helpers, internally all functions are called
   // with `auth` as the context, so `this` context contains all helpers.
   // E.g. setup: (middleware, config, helpers) => authRoutes.setup(middleware, config, { getStore, ... })
-  const configKeys = ['baseUrl', 'emailFrom', 'env', 'name', 'mailgunDomain', 'mailgunKey', 'masterPassword', 'isNotMultiTenant', 
+  const configKeys = ['baseUrl', 'emailFrom', 'env', 'name', 'mailgunDomain', 'mailgunKey', 'masterPassword', 'isNotMultiTenant',
     'confirmInvites']
   authConfig = pick(_config, configKeys)
   for (const key of Object.keys(helpers)) {
@@ -104,13 +106,13 @@ function setup(middleware, _config, helpers = {}) {
 }
 
 async function store(req, res) {
-  res.json(await auth.getStore(req.user))
+  res.json(await auth.getStore(req.user, req))
 }
 
 async function signup(req, res) {
   try {
     const desktop = req.query.desktop
-    const user = await auth.userCreate(req.body)
+    const user = await auth.userCreate(req.body, getBaseUrl(req))
     res.send(await auth.userSigninGetStore(user, desktop))
   } catch (err) {
     res.error(err)
@@ -125,6 +127,9 @@ function signin(req, res) {
   passport.authenticate('local', { session: false }, async (err, user, info) => {
     if (err) return res.error(err)
     if (!user && info) return res.error('email', info.message)
+    if (req.whitelabel && user.company?._id?.toString() !== req.whitelabel._id?.toString()) {
+      return res.error('email', `This sign in page is for ${req.whitelabel.name || req.whitelabel.subdomain} only.`)
+    }
     try {
       const response = await auth.userSigninGetStore(user, desktop)
       res.send(response)
@@ -169,12 +174,12 @@ export async function resetInstructions(req, res) {
     // const desktop = req.query.hasOwnProperty('desktop') ? '?desktop' : '' // see sendToken for future usage
     let email = (req.body.email || '').trim().toLowerCase()
     if (!email) throw { title: 'email', detail: 'The email you entered is incorrect.' }
-
+    
     let user = await db.user.findOne({ query: { email }, _privateData: true })
     if (!user) throw { title: 'email', detail: 'The email you entered is incorrect.' }
 
     // Send reset password email
-    await auth.tokenSend({ _id: user._id, email: user.email, firstName: user.firstName })
+    await auth.tokenSend({ _id: user._id, email: user.email, firstName: user.firstName, baseUrl: getBaseUrl(req) })
     res.json({})
   } catch (err) {
     res.error(err)
@@ -193,7 +198,7 @@ export async function inviteInstructions(req, res) {
     if (authConfig.isNotMultiTenant) {
       const user = await db.user.findOne({ query: { _id: req.body._id }, _privateData: true })
       if (!user) throw new Error('Please pre-create the user first, no user id found.')
-      await auth.tokenSend({ type: 'invite', _id: user._id, email: user.email, firstName: user.firstName })
+      await auth.tokenSend({ type: 'invite', _id: user._id, email: user.email, firstName: user.firstName, baseUrl: getBaseUrl(req) })
       res.json({})
 
     } else {
@@ -212,6 +217,7 @@ export async function inviteInstructions(req, res) {
           type: 'companyInvite', _id: companyId,
           email: req.body.email,
           firstName: existingUser?.firstName || req.body.firstName,
+          baseUrl: getBaseUrl(req),
         })
       }
       res.json({})
@@ -310,8 +316,8 @@ export async function userSigninGetStore(user, isDesktop) {
   return { ...store, jwt }
 }
 
-export async function getStore(user) {
-  // Initial store
+export async function getStore(user, _req) {
+  // Initial store (req only passed from the /store route, not after signin)
   return {
     user: user || undefined,
   }
@@ -325,10 +331,11 @@ export async function getStore(user) {
  * @param {string} [userData.password] - optional
  * @param {string} [userData.password2] - optional, to confirm the password
  * @param {string} [userData.company] - if multi tenant and `user.company` is not an id, create a new company
+ * @param {string} [baseUrl] - baseUrl to use for the email
  * @param {boolean} [skipSendEmail=false] - whether to skip sending the welcome email
  * @returns {Promise<object>} - the created user
  */
-export async function userCreate({ password, password2, company, ...userDataProp }, skipSendEmail) {
+export async function userCreate({ password, password2, company, ...userDataProp }, baseUrl, skipSendEmail) {
   try {
     const userId = db.id()
     const options = { blacklist: ['-_id'] }
@@ -371,7 +378,7 @@ export async function userCreate({ password, password2, company, ...userDataProp
     // Send welcome email
     if (!skipSendEmail) {
       sendEmail({
-        config: authConfig,
+        config: { ...authConfig, baseUrl: baseUrl || authConfig.baseUrl },
         template: 'welcome',
         to: `${ucFirst(userData.firstName)}<${userData.email}>`,
       }).catch(console.error)
@@ -499,9 +506,10 @@ export async function tokenConfirmForMultiTenant(req) {
  * @param {string} options.firstName - recipient first name
  * @param {function} [options.beforeUpdate] - runs before updating the model with the token, return null to skip update
  * @param {function} [options.beforeSendEmail] - runs before sending the email, receives (options, token)
+ * @param {string} [options.baseUrl] - baseUrl to use for the email
  * @returns {Promise<{token: string, mailgunPromise: Promise<unknown>}>}
  */
-export async function tokenSend({ type = 'reset', _id, email, firstName, beforeUpdate, beforeSendEmail }) {
+export async function tokenSend({ type = 'reset', _id, email, firstName, beforeUpdate, beforeSendEmail, baseUrl }) {
   if (!_id) throw new Error(`${type === 'companyInvite' ? 'company' : 'user'} id is required`)
   if (!email) throw new Error('email is required')
   if (!firstName) throw new Error('firstName is required')
@@ -527,7 +535,7 @@ export async function tokenSend({ type = 'reset', _id, email, firstName, beforeU
 
   // Send email
   const options = {
-    config: authConfig,
+    config: { ...authConfig, baseUrl: baseUrl || authConfig.baseUrl },
     template: type === 'reset' ? 'reset-instructions' : 'invite-instructions',
     to: `${ucFirst(firstName)}<${email}>`,
     data: { token: token },
@@ -538,4 +546,29 @@ export async function tokenSend({ type = 'reset', _id, email, firstName, beforeU
 
   // Return the token and mailgun promise
   return { token, mailgunPromise }
+}
+
+function getBaseUrl(req) {
+  return resolveBaseUrl(req?.baseUrl, authConfig.baseUrl)
+}
+
+export function resolveBaseUrl(reqUrl, cfgUrl) {
+  // Use reqUrl if its apex domain matches cfgUrl's apex (e.g. wildcard.example.com matches cfg: app.example.com)
+  if (!reqUrl) return cfgUrl
+  try {
+    const reqHost = new URL(reqUrl).hostname
+    const cfgHost = new URL(cfgUrl).hostname
+    const reqApex = getDomain(reqHost)
+    const cfgApex = getDomain(cfgHost)
+
+    if (reqApex && cfgApex) {
+      return reqApex === cfgApex ? reqUrl : cfgUrl
+    } else if (reqHost === cfgHost || reqHost.endsWith('.' + cfgHost)) {
+      return reqUrl
+    } else {
+      return cfgUrl
+    }
+  } catch (_) {
+    return cfgUrl
+  }
 }

package/components/auth/auth.api.test.js

@@ -0,0 +1,40 @@
+import { test } from 'node:test'
+import assert from 'node:assert/strict'
+import { resolveBaseUrl } from './auth.api.js'
+
+const cases = [
+  // [cfgUrl, reqUrl, expected, description]
+
+  // cfg: match
+  
+  ['https://app.example.com',    'https://app.example.com',         'https://app.example.com',        'match: exact'],
+  ['https://app.example.com',    'https://wildcard.example.com',    'https://wildcard.example.com',   'match: sibling'],
+  ['https://app.example.com',    'https://foo.bar.example.com',     'https://foo.bar.example.com',    'match: nested'],
+  ['https://app.example.com',    'https://example.com',             'https://example.com',            'match: apex'],
+  ['https://app.example.com',    'http://app.example.com:3000',     'http://app.example.com:3000',    'match: port (ignored)'],
+  ['https://example.co.uk',      'https://app.example.co.uk',       'https://app.example.co.uk',      'match: co.uk nested'],
+
+  ['http://localhost:3000',      'http://localhost:3001',           'http://localhost:3001',          'match: localhost: port (ignored)'],
+  ['http://localhost:3000',      'http://app.localhost:3001',       'http://app.localhost:3001',      'match: localhost: nested'],
+  ['http://127.0.0.1:3000',      'http://127.0.0.1:3000',           'http://127.0.0.1:3000',          'match: IP exact'],
+
+  // cfg: mismatch
+
+  ['https://app.example.com',    'https://example2.com',            'https://app.example.com',        'mismatch: apex'],
+  ['https://app.example.com',    'https://evilapp.example.com.bad', 'https://app.example.com',        'mismatch: nested'],
+  ['https://example.co.uk',      'https://other.co.uk',             'https://example.co.uk',          'mismatch: co.uk apex'],
+
+  ['http://otherhost',           'http://app.localhost',            'http://otherhost',               'mismatch: localhost: nested'],
+  ['http://127.0.0.1',           'http://192.168.1.1',              'http://127.0.0.1',               'mismatch: IP different'],
+  ['https://app.example.com',    undefined,                         'https://app.example.com',        'mismatch: undefined'],
+  ['https://app.example.com',    '',                                'https://app.example.com',        'mismatch: empty'],
+  ['https://app.example.com',    'not a url',                       'https://app.example.com',        'mismatch: bad string'],
+]
+
+test('resolveBaseUrl', async (t) => {
+  for (const [cfgUrl, reqUrl, expected, desc] of cases) {
+    await t.test(desc, () => {
+      assert.equal(resolveBaseUrl(reqUrl, cfgUrl), expected)
+    })
+  }
+})

package/components/billing/stripe.api.js

@@ -2,6 +2,7 @@
 import Stripe from 'stripe'
 import db from 'monastery'
 import * as util from 'nitro-web/util'
+import { resolveBaseUrl } from '../auth/auth.api.js'
 
 let stripe = undefined
 let stripeProducts = []
@@ -81,7 +82,7 @@ async function billingPortalSessionCreate(req, res) {
     }
     const session = await stripe.billingPortal.sessions.create({
       customer: req.user.stripeCustomer.id,
-      return_url: config.baseUrl + '/subscriptions',
+      return_url: resolveBaseUrl(req.baseUrl, config.baseUrl) + '/subscriptions',
     })
     res.json(session.url)
   } catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nitro-web",
-  "version": "0.0.207",
+  "version": "0.1.1",
   "repository": "github:boycce/nitro-web",
   "homepage": "https://boycce.github.io/nitro-web/",
   "description": "Nitro is a battle-tested, modular base project to turbocharge your projects, styled using Tailwind 🚀",
@@ -31,6 +31,7 @@
     "minor": "npm run types && standard-version -a --release-as minor && npm publish && cd ../webpack && npm publish",
     "patch": "npm run types && standard-version -a --release-as patch && npm publish && cd ../webpack && npm publish",
     "republish": "npm publish && cd ../webpack && npm publish",
+    "test": "node --test components/**/*.test.js",
     "types": "tsc util.js ./server/index.js --declaration --declarationMap --allowJs --emitDeclarationOnly --jsx react-jsx --esModuleInterop --skipLibCheck --outDir types && cd ../webpack && npm run types -w . && cd ../core"
   },
   "dependencies": {
@@ -55,7 +56,8 @@
     "passport-local": "^1.0.0",
     "sort-route-addresses-nodeps": "0.0.4",
     "standard-version": "github:boycce/standard-version",
-    "tailwind-merge": "^2.6.0"
+    "tailwind-merge": "^2.6.0",
+    "tldts": "^7.0.30"
   },
   "devDependencies": {
     "@typescript-eslint/eslint-plugin": "^8.18.1"

package/server/router.js

@@ -34,6 +34,7 @@ import * as util from 'nitro-web/util'
 let configLocal
 const _dirname = dirname(fileURLToPath(import.meta.url)) + '/'
 
+/** @returns {Promise<{ server: import('http').Server, expressApp: import('express').Application }>} */
 export async function setupRouter (config) {
   configLocal = config
   const { env, middleware: configMiddleware, version } = config
@@ -96,6 +97,7 @@ export async function setupRouter (config) {
       expressApp.use('/assets', compression()) // gzip
       expressApp.use('/assets', express.static(distDir + 'assets/', { maxage: '365d' }))
     } else if (!allMiddleware[name]) {
+      console.error(`SetupRouter: Server middleware '${name}' not found`)
       continue
     } else {
       expressApp.use(allMiddleware[name])
@@ -158,7 +160,7 @@ export async function setupRouter (config) {
     else { res.status(404); res.notFound() }
   })
 
-  return server
+  return { server, expressApp }
 }
 
 function setupErrorResponses (expressApp) {
@@ -335,8 +337,13 @@ export const middleware = {
 
   modifyRequest: (req, res, next) => {
     // Handy boolean denoting that the request wants JSON returned
-    // global.start = new Date().getTime()
     req.json = req.xhr || req.accepts(['html', 'json']) == 'json'
+    // Dynamic baseUrl from the request headers, may require app.set('trust proxy', 1) in the server setup
+    req.baseUrl = req.protocol + '://' + req.headers.host
+    // log the headers if the config.logHeaders is true
+    if (configLocal.logHeaders) {
+      console.info('Headers:', req.headers)
+    }
     next()
   },
 

package/types/components/auth/auth.api.d.ts

@@ -7,7 +7,7 @@ export function userSigninGetStore(user: any, isDesktop: any): Promise<{
     jwt: string;
     user: any;
 }>;
-export function getStore(user: any): Promise<{
+export function getStore(user: any, _req: any): Promise<{
     user: any;
 }>;
 /**
@@ -16,6 +16,7 @@ export function getStore(user: any): Promise<{
  * @param {string} [userData.password] - optional
  * @param {string} [userData.password2] - optional, to confirm the password
  * @param {string} [userData.company] - if multi tenant and `user.company` is not an id, create a new company
+ * @param {string} [baseUrl] - baseUrl to use for the email
  * @param {boolean} [skipSendEmail=false] - whether to skip sending the welcome email
  * @returns {Promise<object>} - the created user
  */
@@ -23,7 +24,7 @@ export function userCreate({ password, password2, company, ...userDataProp }: {
     password?: string;
     password2?: string;
     company?: string;
-}, skipSendEmail?: boolean): Promise<object>;
+}, baseUrl?: string, skipSendEmail?: boolean): Promise<object>;
 export function passwordValidate(password: string, password2: any): Promise<void>;
 export function tokenCreate(modelName: any, id: any): Promise<any>;
 export function tokenParse(token: any, modelName: any, maxAgeMs?: number): any;
@@ -48,19 +49,22 @@ export function tokenConfirmForMultiTenant(req: any): Promise<{
  * @param {string} options.firstName - recipient first name
  * @param {function} [options.beforeUpdate] - runs before updating the model with the token, return null to skip update
  * @param {function} [options.beforeSendEmail] - runs before sending the email, receives (options, token)
+ * @param {string} [options.baseUrl] - baseUrl to use for the email
  * @returns {Promise<{token: string, mailgunPromise: Promise<unknown>}>}
  */
-export function tokenSend({ type, _id, email, firstName, beforeUpdate, beforeSendEmail }: {
+export function tokenSend({ type, _id, email, firstName, beforeUpdate, beforeSendEmail, baseUrl }: {
     type: "reset" | "invite" | "companyInvite";
     _id: string;
     email: string;
     firstName: string;
     beforeUpdate?: Function;
     beforeSendEmail?: Function;
+    baseUrl?: string;
 }): Promise<{
     token: string;
     mailgunPromise: Promise<unknown>;
 }>;
+export function resolveBaseUrl(reqUrl: any, cfgUrl: any): any;
 export namespace auth {
     export { userFindFromProvider };
     export { userSigninGetStore };

package/types/components/auth/auth.api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.api.d.ts","sourceRoot":"","sources":["../../../components/auth/auth.api.js"],"names":[],"mappings":"AAsKA,qEAeC;AAED,sEAsCC;AAED,gEAMC;AAED,iEAgBC;AAID,qGAkDC;AAED;;;GAOC;AAED;;GAKC;AAID;;;;;;;;GAQG;AACH,8EANG;IAA0B,QAAQ,GAA1B,MAAM;IACY,SAAS,GAA3B,MAAM;IACY,OAAO,GAAzB,MAAM;CACd,kBAAQ,OAAO,GACL,OAAO,CAAC,MAAM,CAAC,CA0D3B;AAED,kFAiBC;AAED,mEAOC;AAED,+EAWC;AAED;;;GAEC;AAED;;;GAuBC;AAED;;;GAgCC;AAED;;;;;;;;;;GAUG;AACH,0FARG;IAAsD,IAAI,EAAlD,OAAO,GAAG,QAAQ,GAAG,eAAe;IACpB,GAAG,EAAnB,MAAM;IACU,KAAK,EAArB,MAAM;IACU,SAAS,EAAzB,MAAM;IACa,YAAY;IACZ,eAAe;CAC1C,GAAU,OAAO,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;CAAC,CAAC,CAuCtE;;;;;;;;;;;;;;AAxgBD;;;;;;;;;;;EAaC;AAwED,0DAEC;AA6BD,mDAEC;AAnBD,iDAeC;AAzBD,2DAQC;AAuBD,2DAwBC;AAjID,0EAoEC"}
+{"version":3,"file":"auth.api.d.ts","sourceRoot":"","sources":["../../../components/auth/auth.api.js"],"names":[],"mappings":"AA2KA,qEAeC;AAED,sEAuCC;AAED,gEAMC;AAED,iEAgBC;AAID,qGAkDC;AAED;;;GAOC;AAED;;GAKC;AAID;;;;;;;;;GASG;AACH,8EAPG;IAA0B,QAAQ,GAA1B,MAAM;IACY,SAAS,GAA3B,MAAM;IACY,OAAO,GAAzB,MAAM;CACd,YAAQ,MAAM,kBACN,OAAO,GACL,OAAO,CAAC,MAAM,CAAC,CA0D3B;AAED,kFAiBC;AAED,mEAOC;AAED,+EAWC;AAED;;;GAEC;AAED;;;GAuBC;AAED;;;GAgCC;AAED;;;;;;;;;;;GAWG;AACH,mGATG;IAAsD,IAAI,EAAlD,OAAO,GAAG,QAAQ,GAAG,eAAe;IACpB,GAAG,EAAnB,MAAM;IACU,KAAK,EAArB,MAAM;IACU,SAAS,EAAzB,MAAM;IACa,YAAY;IACZ,eAAe;IACjB,OAAO,GAAxB,MAAM;CACd,GAAU,OAAO,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;CAAC,CAAC,CAuCtE;AAMD,8DAmBC;;;;;;;;;;;;;;AAviBD;;;;;;;;;;;EAaC;AAwED,0DAEC;AAgCD,mDAEC;AAtBD,iDAkBC;AA5BD,2DAQC;AA0BD,2DAwBC;AApID,0EAoEC"}

package/types/components/billing/stripe.api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"stripe.api.d.ts","sourceRoot":"","sources":["../../../components/billing/stripe.api.js"],"names":[],"mappings":"AAiHA,4CA8BC;AAtID;;;;;EAQC;AAkBD,iEAuCC;AAED,+EAaC;AAED,wEAWC;AAnFD,4DAcC"}
+{"version":3,"file":"stripe.api.d.ts","sourceRoot":"","sources":["../../../components/billing/stripe.api.js"],"names":[],"mappings":"AAkHA,4CA8BC;AAtID;;;;;EAQC;AAkBD,iEAuCC;AAED,+EAaC;AAED,wEAWC;AAnFD,4DAcC"}

package/types/server/router.d.ts

@@ -1,4 +1,8 @@
-export function setupRouter(config: any): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;
+/** @returns {Promise<{ server: import('http').Server, expressApp: import('express').Application }>} */
+export function setupRouter(config: any): Promise<{
+    server: import("http").Server;
+    expressApp: import("express").Application;
+}>;
 export function isAdminUser(req: any): boolean;
 export function isValidUserOrRespond(req: any, res: any): boolean;
 /** @type {MiddlewareConfig} */
@@ -18,6 +22,5 @@ export type MiddlewareConfig = {
     order: string[];
     [key: string]: ((req: Request, res: Response, next: Function) => void) | string[];
 };
-import http from 'http';
 import express from 'express';
 //# sourceMappingURL=router.d.ts.map

package/types/server/router.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../server/router.js"],"names":[],"mappings":"AAoCA,wHA6HC;AAoPD,+CAEC;AAED,kEAYC;AApGD,+BAA+B;AAC/B,yBADW,gBAAgB,CAkF1B;sBAnYY,OAAO,CAAC,OAAO,GAAG;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,GAAoB,CAAC;CAC7B;uBACS,OAAO,CAAC,QAAQ,GAAG;IAC3B,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IACjE,YAAY,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACvD,SAAS,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACpD,QAAQ,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACnD,WAAW,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;CACvD;+BACS;IACR,KAAK,EAAE,MAAM,EAAE,CAAC;IACpB,CAAK,GAAG,EAAE,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,UAAU,KAAK,IAAI,CAAC,GAAG,MAAM,EAAE,CAAC;CACnF;iBA1Ba,MAAM;oBAIH,SAAS"}
+{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../server/router.js"],"names":[],"mappings":"AAoCA,uGAAuG;AACvG,0CADc,OAAO,CAAC;IAAE,MAAM,EAAE,OAAO,MAAM,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,OAAO,SAAS,EAAE,WAAW,CAAA;CAAE,CAAC,CA+HlG;AAyPD,+CAEC;AAED,kEAYC;AAzGD,+BAA+B;AAC/B,yBADW,gBAAgB,CAuF1B;sBA1YY,OAAO,CAAC,OAAO,GAAG;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,GAAoB,CAAC;CAC7B;uBACS,OAAO,CAAC,QAAQ,GAAG;IAC3B,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IACjE,YAAY,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACvD,SAAS,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACpD,QAAQ,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACnD,WAAW,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;CACvD;+BACS;IACR,KAAK,EAAE,MAAM,EAAE,CAAC;IACpB,CAAK,GAAG,EAAE,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,UAAU,KAAK,IAAI,CAAC,GAAG,MAAM,EAAE,CAAC;CACnF;oBAtBgB,SAAS"}