saas-backend-kit 1.0.0

package/dist/auth/index.js

@@ -0,0 +1,584 @@
+'use strict';
+
+var jwt = require('jsonwebtoken');
+var zod = require('zod');
+var bcrypt = require('bcryptjs');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var jwt__default = /*#__PURE__*/_interopDefault(jwt);
+var bcrypt__default = /*#__PURE__*/_interopDefault(bcrypt);
+
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/auth/types.ts
+exports.DEFAULT_PERMISSIONS = void 0;
+var init_types = __esm({
+  "src/auth/types.ts"() {
+    exports.DEFAULT_PERMISSIONS = {
+      admin: ["*"],
+      user: ["read", "write:own"],
+      guest: ["read:public"]
+    };
+  }
+});
+
+// src/auth/rbac.ts
+var rbac_exports = {};
+__export(rbac_exports, {
+  RBACService: () => exports.RBACService,
+  rbacService: () => exports.rbacService
+});
+exports.RBACService = void 0; exports.rbacService = void 0;
+var init_rbac = __esm({
+  "src/auth/rbac.ts"() {
+    init_types();
+    exports.RBACService = class {
+      permissions;
+      constructor(permissions = exports.DEFAULT_PERMISSIONS) {
+        this.permissions = permissions;
+      }
+      setPermissions(permissions) {
+        this.permissions = permissions;
+      }
+      addPermission(role, permission) {
+        if (!this.permissions[role]) {
+          this.permissions[role] = [];
+        }
+        if (!this.permissions[role].includes(permission)) {
+          this.permissions[role].push(permission);
+        }
+      }
+      removePermission(role, permission) {
+        if (this.permissions[role]) {
+          this.permissions[role] = this.permissions[role].filter((p) => p !== permission);
+        }
+      }
+      getPermissions(role) {
+        return this.permissions[role] || [];
+      }
+      hasPermission(role, requiredPermission) {
+        const rolePermissions = this.getPermissions(role);
+        if (rolePermissions.includes("*")) {
+          return true;
+        }
+        if (rolePermissions.includes(requiredPermission)) {
+          return true;
+        }
+        const [requiredAction, requiredScope] = requiredPermission.split(":");
+        for (const perm of rolePermissions) {
+          const [action, scope] = perm.split(":");
+          if (action === "*" && (scope === "*" || scope === requiredScope)) {
+            return true;
+          }
+          if (action === requiredAction && (scope === "*" || scope === requiredScope)) {
+            return true;
+          }
+        }
+        return false;
+      }
+      hasRole(userRole, requiredRole) {
+        const hierarchy = ["guest", "user", "admin"];
+        const userIndex = hierarchy.indexOf(userRole);
+        const requiredIndex = hierarchy.indexOf(requiredRole);
+        if (userIndex === -1 || requiredIndex === -1) {
+          return userRole === requiredRole;
+        }
+        return userIndex >= requiredIndex;
+      }
+      authorize(permission) {
+        return (role) => this.hasPermission(role, permission);
+      }
+      authorizeRole(requiredRole) {
+        return (role) => this.hasRole(role, requiredRole);
+      }
+    };
+    exports.rbacService = new exports.RBACService();
+  }
+});
+
+// src/auth/index.ts
+init_types();
+var envSchema = zod.z.object({
+  NODE_ENV: zod.z.enum(["development", "production", "test"]).default("development"),
+  PORT: zod.z.string().default("3000"),
+  DATABASE_URL: zod.z.string().optional(),
+  REDIS_URL: zod.z.string().default("redis://localhost:6379"),
+  JWT_SECRET: zod.z.string().min(32).optional(),
+  JWT_EXPIRES_IN: zod.z.string().default("7d"),
+  JWT_REFRESH_SECRET: zod.z.string().min(32).optional(),
+  JWT_REFRESH_EXPIRES_IN: zod.z.string().default("30d"),
+  GOOGLE_CLIENT_ID: zod.z.string().optional(),
+  GOOGLE_CLIENT_SECRET: zod.z.string().optional(),
+  GOOGLE_REDIRECT_URI: zod.z.string().optional(),
+  SMTP_HOST: zod.z.string().optional(),
+  SMTP_PORT: zod.z.string().default("587"),
+  SMTP_USER: zod.z.string().optional(),
+  SMTP_PASS: zod.z.string().optional(),
+  SMTP_FROM: zod.z.string().optional(),
+  TWILIO_ACCOUNT_SID: zod.z.string().optional(),
+  TWILIO_AUTH_TOKEN: zod.z.string().optional(),
+  TWILIO_PHONE_NUMBER: zod.z.string().optional(),
+  SLACK_WEBHOOK_URL: zod.z.string().optional(),
+  RATE_LIMIT_WINDOW: zod.z.string().default("1m"),
+  RATE_LIMIT_LIMIT: zod.z.string().default("100"),
+  LOG_LEVEL: zod.z.enum(["fatal", "error", "warn", "info", "debug", "trace"]).default("info")
+});
+var ConfigManager = class {
+  config = null;
+  schema;
+  validate;
+  constructor(options = {}) {
+    this.schema = options.schema || envSchema;
+    this.validate = options.validate ?? true;
+  }
+  load() {
+    if (this.config) return this.config;
+    const env = {};
+    for (const key of Object.keys(this.schema.shape)) {
+      env[key] = process.env[key];
+    }
+    if (this.validate) {
+      const result = this.schema.safeParse(env);
+      if (!result.success) {
+        const errors = result.error.errors.map((e) => `${e.path.join(".")}: ${e.message}`).join(", ");
+        throw new Error(`Config validation failed: ${errors}`);
+      }
+      this.config = result.data;
+    } else {
+      this.config = env;
+    }
+    return this.config;
+  }
+  get(key) {
+    if (!this.config) this.load();
+    return this.config[key];
+  }
+  int(key) {
+    const value = this.get(key);
+    if (typeof value === "string") return parseInt(value, 10);
+    return Number(value);
+  }
+  bool(key) {
+    const value = this.get(key);
+    if (typeof value === "boolean") return value;
+    if (typeof value === "string") return value.toLowerCase() === "true";
+    return Boolean(value);
+  }
+  isProduction() {
+    return this.get("NODE_ENV") === "production";
+  }
+  isDevelopment() {
+    return this.get("NODE_ENV") === "development";
+  }
+  isTest() {
+    return this.get("NODE_ENV") === "test";
+  }
+  getAll() {
+    if (!this.config) this.load();
+    return this.config;
+  }
+};
+var globalConfig = new ConfigManager();
+var config = {
+  load: () => globalConfig.load(),
+  get: (key) => globalConfig.get(key),
+  int: (key) => globalConfig.int(key),
+  bool: (key) => globalConfig.bool(key),
+  isProduction: () => globalConfig.isProduction(),
+  isDevelopment: () => globalConfig.isDevelopment(),
+  isTest: () => globalConfig.isTest(),
+  getAll: () => globalConfig.getAll(),
+  create: (options) => new ConfigManager(options)
+};
+
+// src/auth/jwt.ts
+var JWTService = class {
+  secret;
+  expiresIn;
+  refreshSecret;
+  refreshExpiresIn;
+  constructor(options = {}) {
+    this.secret = options.jwtSecret || config.get("JWT_SECRET") || "default-secret-change-in-production";
+    this.expiresIn = options.jwtExpiresIn || config.get("JWT_EXPIRES_IN") || "7d";
+    this.refreshSecret = options.refreshSecret || config.get("JWT_REFRESH_SECRET") || this.secret;
+    this.refreshExpiresIn = options.refreshExpiresIn || config.get("JWT_REFRESH_EXPIRES_IN") || "30d";
+  }
+  generateToken(payload) {
+    return jwt__default.default.sign(payload, this.secret, { expiresIn: this.expiresIn });
+  }
+  generateRefreshToken(payload) {
+    return jwt__default.default.sign(payload, this.refreshSecret, { expiresIn: this.refreshExpiresIn });
+  }
+  generateTokenPair(payload) {
+    return {
+      accessToken: this.generateToken(payload),
+      refreshToken: this.generateRefreshToken(payload)
+    };
+  }
+  verifyToken(token) {
+    return jwt__default.default.verify(token, this.secret);
+  }
+  verifyRefreshToken(token) {
+    return jwt__default.default.verify(token, this.refreshSecret);
+  }
+  refreshTokens(refreshToken) {
+    const payload = this.verifyRefreshToken(refreshToken);
+    return this.generateTokenPair(payload);
+  }
+};
+var jwtService = new JWTService();
+
+// src/auth/index.ts
+init_rbac();
+
+// src/auth/oauth.ts
+var OAuthService = class {
+  providers = /* @__PURE__ */ new Map();
+  constructor() {
+    const googleClientId = config.get("GOOGLE_CLIENT_ID");
+    const googleClientSecret = config.get("GOOGLE_CLIENT_SECRET");
+    const googleRedirectUri = config.get("GOOGLE_REDIRECT_URI");
+    if (googleClientId && googleClientSecret && googleRedirectUri) {
+      this.registerProvider("google", {
+        name: "google",
+        clientId: googleClientId,
+        clientSecret: googleClientSecret,
+        redirectUri: googleRedirectUri,
+        authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+        tokenUrl: "https://oauth2.googleapis.com/token",
+        userInfoUrl: "https://www.googleapis.com/oauth2/v2/userinfo"
+      });
+    }
+  }
+  registerProvider(name, provider) {
+    this.providers.set(name, provider);
+  }
+  getProvider(name) {
+    return this.providers.get(name);
+  }
+  getAuthorizationUrl(providerName, state) {
+    const provider = this.getProvider(providerName);
+    if (!provider) {
+      throw new Error(`OAuth provider ${providerName} not registered`);
+    }
+    const params = new URLSearchParams({
+      client_id: provider.clientId,
+      redirect_uri: provider.redirectUri,
+      response_type: "code",
+      scope: "openid email profile",
+      state: state || ""
+    });
+    return `${provider.authorizationUrl}?${params.toString()}`;
+  }
+  async exchangeCode(providerName, code) {
+    const provider = this.getProvider(providerName);
+    if (!provider) {
+      throw new Error(`OAuth provider ${providerName} not registered`);
+    }
+    const response = await fetch(provider.tokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        client_id: provider.clientId,
+        client_secret: provider.clientSecret,
+        code,
+        grant_type: "authorization_code",
+        redirect_uri: provider.redirectUri
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`OAuth token exchange failed: ${error}`);
+    }
+    const data = await response.json();
+    return {
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token
+    };
+  }
+  async getUserInfo(providerName, accessToken) {
+    const provider = this.getProvider(providerName);
+    if (!provider) {
+      throw new Error(`OAuth provider ${providerName} not registered`);
+    }
+    const response = await fetch(provider.userInfoUrl, {
+      headers: {
+        Authorization: `Bearer ${accessToken}`
+      }
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`OAuth user info fetch failed: ${error}`);
+    }
+    const data = await response.json();
+    return {
+      id: data.id,
+      email: data.email,
+      name: data.name,
+      picture: data.picture
+    };
+  }
+};
+var oauthService = new OAuthService();
+init_rbac();
+var InMemoryUserStore = class {
+  users = /* @__PURE__ */ new Map();
+  async findByEmail(email) {
+    for (const user of this.users.values()) {
+      if (user.email === email) return user;
+    }
+    return null;
+  }
+  async findById(id) {
+    return this.users.get(id) || null;
+  }
+  async create(data) {
+    const id = Math.random().toString(36).substr(2, 9);
+    const hashedPassword = await bcrypt__default.default.hash(data.password, 10);
+    const user = {
+      id,
+      email: data.email,
+      password: hashedPassword,
+      role: data.role || "user",
+      name: data.name
+    };
+    this.users.set(id, user);
+    return user;
+  }
+  async update(id, data) {
+    const user = this.users.get(id);
+    if (!user) throw new Error("User not found");
+    const updated = { ...user, ...data };
+    this.users.set(id, updated);
+    return updated;
+  }
+};
+var AuthService = class {
+  userStore;
+  options;
+  initialized = false;
+  constructor(options = {}, userStore) {
+    this.options = {
+      jwtSecret: options.jwtSecret || process.env.JWT_SECRET || "default-secret-change-in-production",
+      jwtExpiresIn: options.jwtExpiresIn || "7d",
+      refreshSecret: options.refreshSecret || process.env.JWT_REFRESH_SECRET || "default-secret-change-in-production",
+      refreshExpiresIn: options.refreshExpiresIn || "30d",
+      googleClientId: options.googleClientId || process.env.GOOGLE_CLIENT_ID || "",
+      googleClientSecret: options.googleClientSecret || process.env.GOOGLE_CLIENT_SECRET || "",
+      googleRedirectUri: options.googleRedirectUri || process.env.GOOGLE_REDIRECT_URI || ""
+    };
+    this.userStore = userStore || new InMemoryUserStore();
+  }
+  async initialize() {
+    if (this.options.googleClientId && this.options.googleClientSecret && this.options.googleRedirectUri) {
+      oauthService.registerProvider("google", {
+        name: "google",
+        clientId: this.options.googleClientId,
+        clientSecret: this.options.googleClientSecret,
+        redirectUri: this.options.googleRedirectUri,
+        authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+        tokenUrl: "https://oauth2.googleapis.com/token",
+        userInfoUrl: "https://www.googleapis.com/oauth2/v2/userinfo"
+      });
+    }
+    this.initialized = true;
+  }
+  async register(data) {
+    const existing = await this.userStore.findByEmail(data.email);
+    if (existing) {
+      throw new Error("User already exists");
+    }
+    const user = await this.userStore.create(data);
+    const tokens = jwtService.generateTokenPair({
+      userId: user.id,
+      email: user.email,
+      role: user.role
+    });
+    return { user, tokens };
+  }
+  async login(credentials) {
+    const user = await this.userStore.findByEmail(credentials.email);
+    if (!user || !user.password) {
+      throw new Error("Invalid credentials");
+    }
+    const isValid = await bcrypt__default.default.compare(credentials.password, user.password);
+    if (!isValid) {
+      throw new Error("Invalid credentials");
+    }
+    const tokens = jwtService.generateTokenPair({
+      userId: user.id,
+      email: user.email,
+      role: user.role
+    });
+    return { user, tokens };
+  }
+  async refresh(refreshToken) {
+    return jwtService.refreshTokens(refreshToken);
+  }
+  async getGoogleAuthUrl(state) {
+    return oauthService.getAuthorizationUrl("google", state);
+  }
+  async handleGoogleCallback(code) {
+    const { accessToken } = await oauthService.exchangeCode("google", code);
+    const userInfo = await oauthService.getUserInfo("google", accessToken);
+    let user = await this.userStore.findByEmail(userInfo.email);
+    if (!user) {
+      user = await this.userStore.create({
+        email: userInfo.email,
+        password: Math.random().toString(36).substr(2, 20),
+        name: userInfo.name,
+        role: "user"
+      });
+    }
+    const tokens = jwtService.generateTokenPair({
+      userId: user.id,
+      email: user.email,
+      role: user.role
+    });
+    return { user, tokens };
+  }
+  getMiddleware() {
+    return (req, res, next) => {
+      const authHeader = req.headers.authorization;
+      if (!authHeader || !authHeader.startsWith("Bearer ")) {
+        return res.status(401).json({ error: "No token provided" });
+      }
+      const token = authHeader.substring(7);
+      try {
+        const payload = jwtService.verifyToken(token);
+        req.user = {
+          ...payload,
+          id: payload.userId
+        };
+        next();
+      } catch (error) {
+        return res.status(401).json({ error: "Invalid token" });
+      }
+    };
+  }
+  requireUser() {
+    return (req, res, next) => {
+      if (!req.user) {
+        return res.status(401).json({ error: "Authentication required" });
+      }
+      next();
+    };
+  }
+  requireRole(role) {
+    return (req, res, next) => {
+      if (!req.user) {
+        return res.status(401).json({ error: "Authentication required" });
+      }
+      if (!exports.rbacService.hasRole(req.user.role, role)) {
+        return res.status(403).json({ error: "Insufficient permissions" });
+      }
+      next();
+    };
+  }
+  requirePermission(permission) {
+    return (req, res, next) => {
+      if (!req.user) {
+        return res.status(401).json({ error: "Authentication required" });
+      }
+      if (!exports.rbacService.hasPermission(req.user.role, permission)) {
+        return res.status(403).json({ error: "Insufficient permissions" });
+      }
+      next();
+    };
+  }
+};
+var authServiceInstance = null;
+function createAuth(options, userStore) {
+  authServiceInstance = new AuthService(options, userStore);
+  return authServiceInstance;
+}
+function auth() {
+  if (!authServiceInstance) {
+    authServiceInstance = new AuthService();
+  }
+  return authServiceInstance;
+}
+var Auth = {
+  initialize: (options) => {
+    const service = createAuth(options);
+    return {
+      service,
+      getMiddleware: () => service.getMiddleware(),
+      requireUser: () => service.requireUser(),
+      requireRole: (role) => service.requireRole(role),
+      requirePermission: (permission) => service.requirePermission(permission)
+    };
+  }
+};
+
+// src/auth/fastify.ts
+function registerAuthPlugin(fastify, options, done) {
+  const { authService } = options;
+  fastify.decorate("authenticate", async (request, reply) => {
+    const authHeader = request.headers.authorization;
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+      return reply.status(401).send({ error: "No token provided" });
+    }
+    const token = authHeader.substring(7);
+    try {
+      const payload = authService["jwtService"].verifyToken(token);
+      request.user = {
+        ...payload,
+        id: payload.userId
+      };
+    } catch (error) {
+      return reply.status(401).send({ error: "Invalid token" });
+    }
+  });
+  fastify.decorate("requireUser", async (request, reply) => {
+    if (!request.user) {
+      return reply.status(401).send({ error: "Authentication required" });
+    }
+  });
+  fastify.decorate("requireRole", (role) => {
+    return async (request, reply) => {
+      if (!request.user) {
+        return reply.status(401).send({ error: "Authentication required" });
+      }
+      const { rbacService: rbacService2 } = await Promise.resolve().then(() => (init_rbac(), rbac_exports));
+      if (!rbacService2.hasRole(request.user.role, role)) {
+        return reply.status(403).send({ error: "Insufficient permissions" });
+      }
+    };
+  });
+  fastify.decorate("requirePermission", (permission) => {
+    return async (request, reply) => {
+      if (!request.user) {
+        return reply.status(401).send({ error: "Authentication required" });
+      }
+      const { rbacService: rbacService2 } = await Promise.resolve().then(() => (init_rbac(), rbac_exports));
+      if (!rbacService2.hasPermission(request.user.role, permission)) {
+        return reply.status(403).send({ error: "Insufficient permissions" });
+      }
+    };
+  });
+  done();
+}
+
+exports.Auth = Auth;
+exports.AuthService = AuthService;
+exports.JWTService = JWTService;
+exports.OAuthService = OAuthService;
+exports.auth = auth;
+exports.createAuth = createAuth;
+exports.jwtService = jwtService;
+exports.oauthService = oauthService;
+exports.registerAuthPlugin = registerAuthPlugin;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/auth/types.ts","../../src/auth/rbac.ts","../../src/auth/index.ts","../../src/config/index.ts","../../src/auth/jwt.ts","../../src/auth/oauth.ts","../../src/auth/express.ts","../../src/auth/fastify.ts"],"names":["DEFAULT_PERMISSIONS","RBACService","rbacService","z","jwt","bcrypt"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AA4CaA;AA5Cb,IAAA,UAAA,GAAA,KAAA,CAAA;AAAA,EAAA,mBAAA,GAAA;AA4CO,IAAMA,2BAAA,GAAuC;AAAA,MAClD,KAAA,EAAO,CAAC,GAAG,CAAA;AAAA,MACX,IAAA,EAAM,CAAC,MAAA,EAAQ,WAAW,CAAA;AAAA,MAC1B,KAAA,EAAO,CAAC,aAAa;AAAA,KACvB;AAAA,EAAA;AAAA,CAAA,CAAA;;;AChDA,IAAA,YAAA,GAAA,EAAA;AAAA,QAAA,CAAA,YAAA,EAAA;AAAA,EAAA,WAAA,EAAA,MAAAC,mBAAA;AAAA,EAAA,WAAA,EAAA,MAAAC;AAAA,CAAA,CAAA;AAEaD,4BAAA,CAAA,CA+EAC;AAjFb,IAAA,SAAA,GAAA,KAAA,CAAA;AAAA,EAAA,kBAAA,GAAA;AAAA,IAAA,UAAA,EAAA;AAEO,IAAMD,sBAAN,MAAkB;AAAA,MACf,WAAA;AAAA,MAER,WAAA,CAAY,cAA+BD,2BAAA,EAAqB;AAC9D,QAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AAAA,MACrB;AAAA,MAEA,eAAe,WAAA,EAAoC;AACjD,QAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AAAA,MACrB;AAAA,MAEA,aAAA,CAAc,MAAY,UAAA,EAA8B;AACtD,QAAA,IAAI,CAAC,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,EAAG;AAC3B,UAAA,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,GAAI,EAAC;AAAA,QAC5B;AACA,QAAA,IAAI,CAAC,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,CAAE,QAAA,CAAS,UAAU,CAAA,EAAG;AAChD,UAAA,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,CAAE,IAAA,CAAK,UAAU,CAAA;AAAA,QACxC;AAAA,MACF;AAAA,MAEA,gBAAA,CAAiB,MAAY,UAAA,EAA8B;AACzD,QAAA,IAAI,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,EAAG;AAC1B,UAAA,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,GAAI,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,CAAE,MAAA,CAAO,CAAA,CAAA,KAAK,CAAA,KAAM,UAAU,CAAA;AAAA,QAC9E;AAAA,MACF;AAAA,MAEA,eAAe,IAAA,EAA0B;AACvC,QAAA,OAAO,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,IAAK,EAAC;AAAA,MACpC;AAAA,MAEA,aAAA,CAAc,MAAY,kBAAA,EAAyC;AACjE,QAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA;AAEhD,QAAA,IAAI,eAAA,CAAgB,QAAA,CAAS,GAAG,CAAA,EAAG;AACjC,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,IAAI,eAAA,CAAgB,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAChD,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,MAAM,CAAC,cAAA,EAAgB,aAAa,CAAA,GAAI,kBAAA,CAAmB,MAAM,GAAG,CAAA;AAEpE,QAAA,KAAA,MAAW,QAAQ,eAAA,EAAiB;AAClC,UAAA,MAAM,CAAC,MAAA,EAAQ,KAAK,CAAA,GAAI,IAAA,CAAK,MAAM,GAAG,CAAA;AAEtC,UAAA,IAAI,MAAA,KAAW,GAAA,KAAQ,KAAA,KAAU,GAAA,IAAO,UAAU,aAAA,CAAA,EAAgB;AAChE,YAAA,OAAO,IAAA;AAAA,UACT;AAEA,UAAA,IAAI,MAAA,KAAW,cAAA,KAAmB,KAAA,KAAU,GAAA,IAAO,UAAU,aAAA,CAAA,EAAgB;AAC3E,YAAA,OAAO,IAAA;AAAA,UACT;AAAA,QACF;AAEA,QAAA,OAAO,KAAA;AAAA,MACT;AAAA,MAEA,OAAA,CAAQ,UAAgB,YAAA,EAA6B;AACnD,QAAA,MAAM,SAAA,GAAoB,CAAC,OAAA,EAAS,MAAA,EAAQ,OAAO,CAAA;AACnD,QAAA,MAAM,SAAA,GAAY,SAAA,CAAU,OAAA,CAAQ,QAAe,CAAA;AACnD,QAAA,MAAM,aAAA,GAAgB,SAAA,CAAU,OAAA,CAAQ,YAAmB,CAAA;AAE3D,QAAA,IAAI,SAAA,KAAc,EAAA,IAAM,aAAA,KAAkB,EAAA,EAAI;AAC5C,UAAA,OAAO,QAAA,KAAa,YAAA;AAAA,QACtB;AAEA,QAAA,OAAO,SAAA,IAAa,aAAA;AAAA,MACtB;AAAA,MAEA,UAAU,UAAA,EAAwB;AAChC,QAAA,OAAO,CAAC,IAAA,KAAwB,IAAA,CAAK,aAAA,CAAc,MAAM,UAAU,CAAA;AAAA,MACrE;AAAA,MAEA,cAAc,YAAA,EAAoB;AAChC,QAAA,OAAO,CAAC,IAAA,KAAwB,IAAA,CAAK,OAAA,CAAQ,MAAM,YAAY,CAAA;AAAA,MACjE;AAAA,KACF;AAEO,IAAME,mBAAA,GAAc,IAAID,mBAAA,EAAY;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACjF3C,UAAA,EAAA;ACEO,IAAM,SAAA,GAAYE,MAAE,MAAA,CAAO;AAAA,EAChC,QAAA,EAAUA,KAAA,CAAE,IAAA,CAAK,CAAC,aAAA,EAAe,cAAc,MAAM,CAAC,CAAA,CAAE,OAAA,CAAQ,aAAa,CAAA;AAAA,EAC7E,IAAA,EAAMA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,MAAM,CAAA;AAAA,EAC/B,YAAA,EAAcA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAClC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,wBAAwB,CAAA;AAAA,EACtD,YAAYA,KAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA,EACxC,cAAA,EAAgBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,IAAI,CAAA;AAAA,EACvC,oBAAoBA,KAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA,EAChD,sBAAA,EAAwBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,KAAK,CAAA;AAAA,EAChD,gBAAA,EAAkBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACtC,oBAAA,EAAsBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1C,mBAAA,EAAqBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,KAAK,CAAA;AAAA,EACnC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,kBAAA,EAAoBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACxC,iBAAA,EAAmBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACvC,mBAAA,EAAqBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzC,iBAAA,EAAmBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACvC,iBAAA,EAAmBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,IAAI,CAAA;AAAA,EAC1C,gBAAA,EAAkBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,KAAK,CAAA;AAAA,EAC1C,SAAA,EAAWA,KAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,MAAA,EAAQ,OAAA,EAAS,OAAO,CAAC,CAAA,CAAE,QAAQ,MAAM;AACxF,CAAC,CAAA;AAUD,IAAM,gBAAN,MAAoB;AAAA,EACV,MAAA,GAA2B,IAAA;AAAA,EAC3B,MAAA;AAAA,EACA,QAAA;AAAA,EAER,WAAA,CAAY,OAAA,GAAyB,EAAC,EAAG;AACvC,IAAA,IAAA,CAAK,MAAA,GAAS,QAAQ,MAAA,IAAU,SAAA;AAChC,IAAA,IAAA,CAAK,QAAA,GAAW,QAAQ,QAAA,IAAY,IAAA;AAAA,EACtC;AAAA,EAEA,IAAA,GAAkB;AAChB,IAAA,IAAI,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA,CAAK,MAAA;AAE7B,IAAA,MAAM,MAA0C,EAAC;AAEjD,IAAA,KAAA,MAAW,OAAO,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA,EAAG;AAChD,MAAA,GAAA,CAAI,GAAG,CAAA,GAAI,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,IAC5B;AAEA,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,CAAO,SAAA,CAAU,GAAG,CAAA;AACxC,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,MAAM,SAAS,MAAA,CAAO,KAAA,CAAM,OAAO,GAAA,CAAI,CAAA,CAAA,KAAK,GAAG,CAAA,CAAE,IAAA,CAAK,IAAA,CAAK,GAAG,CAAC,CAAA,EAAA,EAAK,CAAA,CAAE,OAAO,CAAA,CAAE,CAAA,CAAE,KAAK,IAAI,CAAA;AAC1F,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,MAAM,CAAA,CAAE,CAAA;AAAA,MACvD;AACA,MAAA,IAAA,CAAK,SAAS,MAAA,CAAO,IAAA;AAAA,IACvB,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,MAAA,GAAS,GAAA;AAAA,IAChB;AAEA,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA,EAEA,IAA+B,GAAA,EAAsB;AACnD,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,IAAA,CAAK,IAAA,EAAK;AAC5B,IAAA,OAAO,IAAA,CAAK,OAAQ,GAAG,CAAA;AAAA,EACzB;AAAA,EAEA,IAAI,GAAA,EAA8B;AAChC,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,QAAA,CAAS,OAAO,EAAE,CAAA;AACxD,IAAA,OAAO,OAAO,KAAK,CAAA;AAAA,EACrB;AAAA,EAEA,KAAK,GAAA,EAA+B;AAClC,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,IAAI,OAAO,KAAA,KAAU,SAAA,EAAW,OAAO,KAAA;AACvC,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA,CAAM,aAAY,KAAM,MAAA;AAC9D,IAAA,OAAO,QAAQ,KAAK,CAAA;AAAA,EACtB;AAAA,EAEA,YAAA,GAAwB;AACtB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA,KAAM,YAAA;AAAA,EAClC;AAAA,EAEA,aAAA,GAAyB;AACvB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA,KAAM,aAAA;AAAA,EAClC;AAAA,EAEA,MAAA,GAAkB;AAChB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA,KAAM,MAAA;AAAA,EAClC;AAAA,EAEA,MAAA,GAAoB;AAClB,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,IAAA,CAAK,IAAA,EAAK;AAC5B,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AACF,CAAA;AAEA,IAAM,YAAA,GAAe,IAAI,aAAA,EAAc;AAEhC,IAAM,MAAA,GAAS;AAAA,EACpB,IAAA,EAAM,MAAM,YAAA,CAAa,IAAA,EAAK;AAAA,EAC9B,GAAA,EAAK,CAA4B,GAAA,KAAW,YAAA,CAAa,IAAI,GAAG,CAAA;AAAA,EAChE,GAAA,EAAK,CAAC,GAAA,KAAyB,YAAA,CAAa,IAAI,GAAG,CAAA;AAAA,EACnD,IAAA,EAAM,CAAC,GAAA,KAAyB,YAAA,CAAa,KAAK,GAAG,CAAA;AAAA,EACrD,YAAA,EAAc,MAAM,YAAA,CAAa,YAAA,EAAa;AAAA,EAC9C,aAAA,EAAe,MAAM,YAAA,CAAa,aAAA,EAAc;AAAA,EAChD,MAAA,EAAQ,MAAM,YAAA,CAAa,MAAA,EAAO;AAAA,EAClC,MAAA,EAAQ,MAAM,YAAA,CAAa,MAAA,EAAO;AAAA,EAClC,MAAA,EAAQ,CAAC,OAAA,KAA4B,IAAI,cAAc,OAAO;AAChE,CAAA;;;ACjHO,IAAM,aAAN,MAAiB;AAAA,EACd,MAAA;AAAA,EACA,SAAA;AAAA,EACA,aAAA;AAAA,EACA,gBAAA;AAAA,EAER,WAAA,CAAY,OAAA,GAA4G,EAAC,EAAG;AAC1H,IAAA,IAAA,CAAK,SAAS,OAAA,CAAQ,SAAA,IAAa,MAAA,CAAO,GAAA,CAAI,YAAY,CAAA,IAAK,qCAAA;AAC/D,IAAA,IAAA,CAAK,YAAY,OAAA,CAAQ,YAAA,IAAgB,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,IAAK,IAAA;AACzE,IAAA,IAAA,CAAK,gBAAgB,OAAA,CAAQ,aAAA,IAAiB,OAAO,GAAA,CAAI,oBAAoB,KAAK,IAAA,CAAK,MAAA;AACvF,IAAA,IAAA,CAAK,mBAAmB,OAAA,CAAQ,gBAAA,IAAoB,MAAA,CAAO,GAAA,CAAI,wBAAwB,CAAA,IAAK,KAAA;AAAA,EAC9F;AAAA,EAEA,cAAc,OAAA,EAA6B;AACzC,IAAA,OAAOC,oBAAA,CAAI,KAAK,OAAA,EAAS,IAAA,CAAK,QAAQ,EAAE,SAAA,EAAW,IAAA,CAAK,SAAA,EAAW,CAAA;AAAA,EACrE;AAAA,EAEA,qBAAqB,OAAA,EAA6B;AAChD,IAAA,OAAOA,oBAAA,CAAI,KAAK,OAAA,EAAS,IAAA,CAAK,eAAe,EAAE,SAAA,EAAW,IAAA,CAAK,gBAAA,EAAkB,CAAA;AAAA,EACnF;AAAA,EAEA,kBAAkB,OAAA,EAAgC;AAChD,IAAA,OAAO;AAAA,MACL,WAAA,EAAa,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAAA,MACvC,YAAA,EAAc,IAAA,CAAK,oBAAA,CAAqB,OAAO;AAAA,KACjD;AAAA,EACF;AAAA,EAEA,YAAY,KAAA,EAA2B;AACrC,IAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,mBAAmB,KAAA,EAA2B;AAC5C,IAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,aAAa,CAAA;AAAA,EAC7C;AAAA,EAEA,cAAc,YAAA,EAAiC;AAC7C,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,kBAAA,CAAmB,YAAY,CAAA;AACpD,IAAA,OAAO,IAAA,CAAK,kBAAkB,OAAO,CAAA;AAAA,EACvC;AACF;AAEO,IAAM,UAAA,GAAa,IAAI,UAAA;;;AF5C9B,SAAA,EAAA;;;AGQO,IAAM,eAAN,MAAmB;AAAA,EAChB,SAAA,uBAA4C,GAAA,EAAI;AAAA,EAExD,WAAA,GAAc;AACZ,IAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,GAAA,CAAI,kBAAkB,CAAA;AACpD,IAAA,MAAM,kBAAA,GAAqB,MAAA,CAAO,GAAA,CAAI,sBAAsB,CAAA;AAC5D,IAAA,MAAM,iBAAA,GAAoB,MAAA,CAAO,GAAA,CAAI,qBAAqB,CAAA;AAE1D,IAAA,IAAI,cAAA,IAAkB,sBAAsB,iBAAA,EAAmB;AAC7D,MAAA,IAAA,CAAK,iBAAiB,QAAA,EAAU;AAAA,QAC9B,IAAA,EAAM,QAAA;AAAA,QACN,QAAA,EAAU,cAAA;AAAA,QACV,YAAA,EAAc,kBAAA;AAAA,QACd,WAAA,EAAa,iBAAA;AAAA,QACb,gBAAA,EAAkB,8CAAA;AAAA,QAClB,QAAA,EAAU,qCAAA;AAAA,QACV,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AAAA,EACF;AAAA,EAEA,gBAAA,CAAiB,MAAc,QAAA,EAA+B;AAC5D,IAAA,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,IAAA,EAAM,QAAQ,CAAA;AAAA,EACnC;AAAA,EAEA,YAAY,IAAA,EAAyC;AACnD,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,IAAI,CAAA;AAAA,EAChC;AAAA,EAEA,mBAAA,CAAoB,cAAsB,KAAA,EAAwB;AAChE,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,YAAY,CAAA;AAC9C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,YAAY,CAAA,eAAA,CAAiB,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,MACjC,WAAW,QAAA,CAAS,QAAA;AAAA,MACpB,cAAc,QAAA,CAAS,WAAA;AAAA,MACvB,aAAA,EAAe,MAAA;AAAA,MACf,KAAA,EAAO,sBAAA;AAAA,MACP,OAAO,KAAA,IAAS;AAAA,KACjB,CAAA;AAED,IAAA,OAAO,GAAG,QAAA,CAAS,gBAAgB,CAAA,CAAA,EAAI,MAAA,CAAO,UAAU,CAAA,CAAA;AAAA,EAC1D;AAAA,EAEA,MAAM,YAAA,CAAa,YAAA,EAAsB,IAAA,EAAuE;AAC9G,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,YAAY,CAAA;AAC9C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,YAAY,CAAA,eAAA,CAAiB,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,QAAA,CAAS,QAAA,EAAU;AAAA,MAC9C,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,QACxB,WAAW,QAAA,CAAS,QAAA;AAAA,QACpB,eAAe,QAAA,CAAS,YAAA;AAAA,QACxB,IAAA;AAAA,QACA,UAAA,EAAY,oBAAA;AAAA,QACZ,cAAc,QAAA,CAAS;AAAA,OACxB;AAAA,KACF,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,KAAK,CAAA,CAAE,CAAA;AAAA,IACzD;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,IAAA,OAAO;AAAA,MACL,aAAa,IAAA,CAAK,YAAA;AAAA,MAClB,cAAc,IAAA,CAAK;AAAA,KACrB;AAAA,EACF;AAAA,EAEA,MAAM,WAAA,CAAY,YAAA,EAAsB,WAAA,EAA6C;AACnF,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,YAAY,CAAA;AAC9C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,YAAY,CAAA,eAAA,CAAiB,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,QAAA,CAAS,WAAA,EAAa;AAAA,MACjD,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA;AACtC,KACD,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,8BAAA,EAAiC,KAAK,CAAA,CAAE,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAEjC,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,SAAS,IAAA,CAAK;AAAA,KAChB;AAAA,EACF;AACF;AAEO,IAAM,YAAA,GAAe,IAAI,YAAA;AChHhC,SAAA,EAAA;AAwBA,IAAM,oBAAN,MAA6C;AAAA,EACnC,KAAA,uBAA+B,GAAA,EAAI;AAAA,EAE3C,MAAM,YAAY,KAAA,EAAqC;AACrD,IAAA,KAAA,MAAW,IAAA,IAAQ,IAAA,CAAK,KAAA,CAAM,MAAA,EAAO,EAAG;AACtC,MAAA,IAAI,IAAA,CAAK,KAAA,KAAU,KAAA,EAAO,OAAO,IAAA;AAAA,IACnC;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,EAAA,EAAkC;AAC/C,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAE,CAAA,IAAK,IAAA;AAAA,EAC/B;AAAA,EAEA,MAAM,OAAO,IAAA,EAAmC;AAC9C,IAAA,MAAM,EAAA,GAAK,KAAK,MAAA,EAAO,CAAE,SAAS,EAAE,CAAA,CAAE,MAAA,CAAO,CAAA,EAAG,CAAC,CAAA;AACjD,IAAA,MAAM,iBAAiB,MAAMC,uBAAA,CAAO,IAAA,CAAK,IAAA,CAAK,UAAU,EAAE,CAAA;AAC1D,IAAA,MAAM,IAAA,GAAa;AAAA,MACjB,EAAA;AAAA,MACA,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,QAAA,EAAU,cAAA;AAAA,MACV,IAAA,EAAM,KAAK,IAAA,IAAQ,MAAA;AAAA,MACnB,MAAM,IAAA,CAAK;AAAA,KACb;AACA,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAA,EAAI,IAAI,CAAA;AACvB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,MAAA,CAAO,EAAA,EAAY,IAAA,EAAoC;AAC3D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAE,CAAA;AAC9B,IAAA,IAAI,CAAC,IAAA,EAAM,MAAM,IAAI,MAAM,gBAAgB,CAAA;AAC3C,IAAA,MAAM,OAAA,GAAU,EAAE,GAAG,IAAA,EAAM,GAAG,IAAA,EAAK;AACnC,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAA,EAAI,OAAO,CAAA;AAC1B,IAAA,OAAO,OAAA;AAAA,EACT;AACF,CAAA;AAEO,IAAM,cAAN,MAAkB;AAAA,EACf,SAAA;AAAA,EACA,OAAA;AAAA,EACA,WAAA,GAAuB,KAAA;AAAA,EAE/B,WAAA,CAAY,OAAA,GAAuB,EAAC,EAAG,SAAA,EAAuB;AAC5D,IAAA,IAAA,CAAK,OAAA,GAAU;AAAA,MACb,SAAA,EAAW,OAAA,CAAQ,SAAA,IAAa,OAAA,CAAQ,IAAI,UAAA,IAAc,qCAAA;AAAA,MAC1D,YAAA,EAAc,QAAQ,YAAA,IAAgB,IAAA;AAAA,MACtC,aAAA,EAAe,OAAA,CAAQ,aAAA,IAAiB,OAAA,CAAQ,IAAI,kBAAA,IAAsB,qCAAA;AAAA,MAC1E,gBAAA,EAAkB,QAAQ,gBAAA,IAAoB,KAAA;AAAA,MAC9C,cAAA,EAAgB,OAAA,CAAQ,cAAA,IAAkB,OAAA,CAAQ,IAAI,gBAAA,IAAoB,EAAA;AAAA,MAC1E,kBAAA,EAAoB,OAAA,CAAQ,kBAAA,IAAsB,OAAA,CAAQ,IAAI,oBAAA,IAAwB,EAAA;AAAA,MACtF,iBAAA,EAAmB,OAAA,CAAQ,iBAAA,IAAqB,OAAA,CAAQ,IAAI,mBAAA,IAAuB;AAAA,KACrF;AAEA,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA,IAAa,IAAI,iBAAA,EAAkB;AAAA,EACtD;AAAA,EAEA,MAAM,UAAA,GAA4B;AAChC,IAAA,IAAI,IAAA,CAAK,QAAQ,cAAA,IAAkB,IAAA,CAAK,QAAQ,kBAAA,IAAsB,IAAA,CAAK,QAAQ,iBAAA,EAAmB;AACpG,MAAA,YAAA,CAAa,iBAAiB,QAAA,EAAU;AAAA,QACtC,IAAA,EAAM,QAAA;AAAA,QACN,QAAA,EAAU,KAAK,OAAA,CAAQ,cAAA;AAAA,QACvB,YAAA,EAAc,KAAK,OAAA,CAAQ,kBAAA;AAAA,QAC3B,WAAA,EAAa,KAAK,OAAA,CAAQ,iBAAA;AAAA,QAC1B,gBAAA,EAAkB,8CAAA;AAAA,QAClB,QAAA,EAAU,qCAAA;AAAA,QACV,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AACA,IAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAAA,EACrB;AAAA,EAEA,MAAM,SAAS,IAAA,EAAoG;AACjH,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,KAAK,KAAK,CAAA;AAC5D,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,OAAO,IAAI,CAAA;AAC7C,IAAA,MAAM,MAAA,GAAS,WAAW,iBAAA,CAAkB;AAAA,MAC1C,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,MAAM,MAAA,EAAO;AAAA,EACxB;AAAA,EAEA,MAAM,MAAM,WAAA,EAA+G;AACzH,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,YAAY,KAAK,CAAA;AAC/D,IAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,IAAA,CAAK,QAAA,EAAU;AAC3B,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,UAAU,MAAMA,uBAAA,CAAO,QAAQ,WAAA,CAAY,QAAA,EAAU,KAAK,QAAQ,CAAA;AACxE,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,MAAA,GAAS,WAAW,iBAAA,CAAkB;AAAA,MAC1C,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,MAAM,MAAA,EAAO;AAAA,EACxB;AAAA,EAEA,MAAM,QAAQ,YAAA,EAA8E;AAC1F,IAAA,OAAO,UAAA,CAAW,cAAc,YAAY,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,iBAAiB,KAAA,EAAiC;AACtD,IAAA,OAAO,YAAA,CAAa,mBAAA,CAAoB,QAAA,EAAU,KAAK,CAAA;AAAA,EACzD;AAAA,EAEA,MAAM,qBAAqB,IAAA,EAA8F;AACvH,IAAA,MAAM,EAAE,WAAA,EAAY,GAAI,MAAM,YAAA,CAAa,YAAA,CAAa,UAAU,IAAI,CAAA;AACtE,IAAA,MAAM,QAAA,GAAW,MAAM,YAAA,CAAa,WAAA,CAAY,UAAU,WAAW,CAAA;AAErE,IAAA,IAAI,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,SAAS,KAAK,CAAA;AAE1D,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO;AAAA,QACjC,OAAO,QAAA,CAAS,KAAA;AAAA,QAChB,QAAA,EAAU,KAAK,MAAA,EAAO,CAAE,SAAS,EAAE,CAAA,CAAE,MAAA,CAAO,CAAA,EAAG,EAAE,CAAA;AAAA,QACjD,MAAM,QAAA,CAAS,IAAA;AAAA,QACf,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,MAAA,GAAS,WAAW,iBAAA,CAAkB;AAAA,MAC1C,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,MAAM,MAAA,EAAO;AAAA,EACxB;AAAA,EAEA,aAAA,GAAgC;AAC9B,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,MAAM,UAAA,GAAa,IAAI,OAAA,CAAQ,aAAA;AAE/B,MAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AACpD,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AAAA,MAC5D;AAEA,MAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,SAAA,CAAU,CAAC,CAAA;AAEpC,MAAA,IAAI;AACF,QAAA,MAAM,OAAA,GAAU,UAAA,CAAW,WAAA,CAAY,KAAK,CAAA;AAC5C,QAAA,GAAA,CAAI,IAAA,GAAO;AAAA,UACT,GAAG,OAAA;AAAA,UACH,IAAI,OAAA,CAAQ;AAAA,SACd;AACA,QAAA,IAAA,EAAK;AAAA,MACP,SAAS,KAAA,EAAO;AACd,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,MACxD;AAAA,IACF,CAAA;AAAA,EACF;AAAA,EAEA,WAAA,GAA8B;AAC5B,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,IAAI,CAAC,IAAI,IAAA,EAAM;AACb,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MAClE;AACA,MAAA,IAAA,EAAK;AAAA,IACP,CAAA;AAAA,EACF;AAAA,EAEA,YAAY,IAAA,EAA8B;AACxC,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,IAAI,CAAC,IAAI,IAAA,EAAM;AACb,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MAClE;AACA,MAAA,IAAI,CAACH,mBAAA,CAAY,OAAA,CAAQ,IAAI,IAAA,CAAK,IAAA,EAAM,IAAI,CAAA,EAAG;AAC7C,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACnE;AACA,MAAA,IAAA,EAAK;AAAA,IACP,CAAA;AAAA,EACF;AAAA,EAEA,kBAAkB,UAAA,EAAoC;AACpD,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,IAAI,CAAC,IAAI,IAAA,EAAM;AACb,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MAClE;AACA,MAAA,IAAI,CAACA,mBAAA,CAAY,aAAA,CAAc,IAAI,IAAA,CAAK,IAAA,EAAM,UAAU,CAAA,EAAG;AACzD,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACnE;AACA,MAAA,IAAA,EAAK;AAAA,IACP,CAAA;AAAA,EACF;AACF;AAEA,IAAI,mBAAA,GAA0C,IAAA;AAEvC,SAAS,UAAA,CAAW,SAAuB,SAAA,EAAoC;AACpF,EAAA,mBAAA,GAAsB,IAAI,WAAA,CAAY,OAAA,EAAS,SAAS,CAAA;AACxD,EAAA,OAAO,mBAAA;AACT;AAEO,SAAS,IAAA,GAAoB;AAClC,EAAA,IAAI,CAAC,mBAAA,EAAqB;AACxB,IAAA,mBAAA,GAAsB,IAAI,WAAA,EAAY;AAAA,EACxC;AACA,EAAA,OAAO,mBAAA;AACT;AAEO,IAAM,IAAA,GAAO;AAAA,EAClB,UAAA,EAAY,CAAC,OAAA,KAA0B;AACrC,IAAA,MAAM,OAAA,GAAU,WAAW,OAAO,CAAA;AAClC,IAAA,OAAO;AAAA,MACL,OAAA;AAAA,MACA,aAAA,EAAe,MAAM,OAAA,CAAQ,aAAA,EAAc;AAAA,MAC3C,WAAA,EAAa,MAAM,OAAA,CAAQ,WAAA,EAAY;AAAA,MACvC,WAAA,EAAa,CAAC,IAAA,KAAiB,OAAA,CAAQ,YAAY,IAAI,CAAA;AAAA,MACvD,iBAAA,EAAmB,CAAC,UAAA,KAAuB,OAAA,CAAQ,kBAAkB,UAAU;AAAA,KACjF;AAAA,EACF;AACF;;;AC/OO,SAAS,kBAAA,CAAmB,OAAA,EAA0B,OAAA,EAAuC,IAAA,EAA+B;AACjI,EAAA,MAAM,EAAE,aAAY,GAAI,OAAA;AAExB,EAAA,OAAA,CAAQ,QAAA,CAAS,cAAA,EAAgB,OAAO,OAAA,EAAyB,KAAA,KAAwB;AACvF,IAAA,MAAM,UAAA,GAAa,QAAQ,OAAA,CAAQ,aAAA;AAEnC,IAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AACpD,MAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AAAA,IAC9D;AAEA,IAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,SAAA,CAAU,CAAC,CAAA;AAEpC,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,WAAA,CAAY,YAAY,CAAA,CAAE,YAAY,KAAK,CAAA;AAC3D,MAAA,OAAA,CAAQ,IAAA,GAAO;AAAA,QACb,GAAG,OAAA;AAAA,QACH,IAAI,OAAA,CAAQ;AAAA,OACd;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,IAC1D;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,QAAA,CAAS,aAAA,EAAe,OAAO,OAAA,EAAyB,KAAA,KAAwB;AACtF,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,IACpE;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,QAAA,CAAS,aAAA,EAAe,CAAC,IAAA,KAAiB;AAChD,IAAA,OAAO,OAAO,SAAyB,KAAA,KAAwB;AAC7D,MAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MACpE;AACA,MAAA,MAAM,EAAE,WAAA,EAAAA,YAAAA,EAAY,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,SAAA,EAAA,EAAA,YAAA,CAAA,CAAA;AAC9B,MAAA,IAAI,CAACA,YAAAA,CAAY,OAAA,CAAQ,QAAQ,IAAA,CAAK,IAAA,EAAM,IAAI,CAAA,EAAG;AACjD,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACrE;AAAA,IACF,CAAA;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,QAAA,CAAS,mBAAA,EAAqB,CAAC,UAAA,KAAuB;AAC5D,IAAA,OAAO,OAAO,SAAyB,KAAA,KAAwB;AAC7D,MAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MACpE;AACA,MAAA,MAAM,EAAE,WAAA,EAAAA,YAAAA,EAAY,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,SAAA,EAAA,EAAA,YAAA,CAAA,CAAA;AAC9B,MAAA,IAAI,CAACA,YAAAA,CAAY,aAAA,CAAc,QAAQ,IAAA,CAAK,IAAA,EAAM,UAAU,CAAA,EAAG;AAC7D,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACrE;AAAA,IACF,CAAA;AAAA,EACF,CAAC,CAAA;AAED,EAAA,IAAA,EAAK;AACP","file":"index.js","sourcesContent":["export type Role = 'admin' | 'user' | 'guest' | string;\n\nexport interface User {\n  id: string;\n  email: string;\n  password?: string;\n  role: Role;\n  name?: string;\n  picture?: string;\n  createdAt?: Date;\n  updatedAt?: Date;\n}\n\nexport interface JWTPayload {\n  userId: string;\n  email: string;\n  role: Role;\n}\n\nexport interface TokenPair {\n  accessToken: string;\n  refreshToken: string;\n}\n\nexport interface AuthOptions {\n  jwtSecret?: string;\n  jwtExpiresIn?: string;\n  refreshSecret?: string;\n  refreshExpiresIn?: string;\n  googleClientId?: string;\n  googleClientSecret?: string;\n  googleRedirectUri?: string;\n}\n\nexport interface AuthUserRequest extends Request {\n  user?: JWTPayload;\n}\n\nexport type Permission = string;\n\nexport interface RolePermissions {\n  [role: string]: Permission[];\n}\n\nexport const DEFAULT_PERMISSIONS: RolePermissions = {\n  admin: ['*'],\n  user: ['read', 'write:own'],\n  guest: ['read:public'],\n};\n\nexport interface LoginCredentials {\n  email: string;\n  password: string;\n}\n\nexport interface RegisterData extends LoginCredentials {\n  name?: string;\n  role?: Role;\n}\n\nexport interface OAuthProvider {\n  name: string;\n  clientId: string;\n  clientSecret: string;\n  redirectUri: string;\n  authorizationUrl: string;\n  tokenUrl: string;\n  userInfoUrl: string;\n}\n","import { Role, Permission, RolePermissions, DEFAULT_PERMISSIONS } from './types';\n\nexport class RBACService {\n  private permissions: RolePermissions;\n\n  constructor(permissions: RolePermissions = DEFAULT_PERMISSIONS) {\n    this.permissions = permissions;\n  }\n\n  setPermissions(permissions: RolePermissions): void {\n    this.permissions = permissions;\n  }\n\n  addPermission(role: Role, permission: Permission): void {\n    if (!this.permissions[role]) {\n      this.permissions[role] = [];\n    }\n    if (!this.permissions[role].includes(permission)) {\n      this.permissions[role].push(permission);\n    }\n  }\n\n  removePermission(role: Role, permission: Permission): void {\n    if (this.permissions[role]) {\n      this.permissions[role] = this.permissions[role].filter(p => p !== permission);\n    }\n  }\n\n  getPermissions(role: Role): Permission[] {\n    return this.permissions[role] || [];\n  }\n\n  hasPermission(role: Role, requiredPermission: Permission): boolean {\n    const rolePermissions = this.getPermissions(role);\n    \n    if (rolePermissions.includes('*')) {\n      return true;\n    }\n\n    if (rolePermissions.includes(requiredPermission)) {\n      return true;\n    }\n\n    const [requiredAction, requiredScope] = requiredPermission.split(':');\n    \n    for (const perm of rolePermissions) {\n      const [action, scope] = perm.split(':');\n      \n      if (action === '*' && (scope === '*' || scope === requiredScope)) {\n        return true;\n      }\n      \n      if (action === requiredAction && (scope === '*' || scope === requiredScope)) {\n        return true;\n      }\n    }\n\n    return false;\n  }\n\n  hasRole(userRole: Role, requiredRole: Role): boolean {\n    const hierarchy: Role[] = ['guest', 'user', 'admin'];\n    const userIndex = hierarchy.indexOf(userRole as any);\n    const requiredIndex = hierarchy.indexOf(requiredRole as any);\n    \n    if (userIndex === -1 || requiredIndex === -1) {\n      return userRole === requiredRole;\n    }\n    \n    return userIndex >= requiredIndex;\n  }\n\n  authorize(permission: Permission) {\n    return (role: Role): boolean => this.hasPermission(role, permission);\n  }\n\n  authorizeRole(requiredRole: Role) {\n    return (role: Role): boolean => this.hasRole(role, requiredRole);\n  }\n}\n\nexport const rbacService = new RBACService();\n","export * from './types';\nexport * from './jwt';\nexport * from './rbac';\nexport * from './oauth';\nexport * from './express';\nexport * from './fastify';\n","import { z } from 'zod';\n\nexport const envSchema = z.object({\n  NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),\n  PORT: z.string().default('3000'),\n  DATABASE_URL: z.string().optional(),\n  REDIS_URL: z.string().default('redis://localhost:6379'),\n  JWT_SECRET: z.string().min(32).optional(),\n  JWT_EXPIRES_IN: z.string().default('7d'),\n  JWT_REFRESH_SECRET: z.string().min(32).optional(),\n  JWT_REFRESH_EXPIRES_IN: z.string().default('30d'),\n  GOOGLE_CLIENT_ID: z.string().optional(),\n  GOOGLE_CLIENT_SECRET: z.string().optional(),\n  GOOGLE_REDIRECT_URI: z.string().optional(),\n  SMTP_HOST: z.string().optional(),\n  SMTP_PORT: z.string().default('587'),\n  SMTP_USER: z.string().optional(),\n  SMTP_PASS: z.string().optional(),\n  SMTP_FROM: z.string().optional(),\n  TWILIO_ACCOUNT_SID: z.string().optional(),\n  TWILIO_AUTH_TOKEN: z.string().optional(),\n  TWILIO_PHONE_NUMBER: z.string().optional(),\n  SLACK_WEBHOOK_URL: z.string().optional(),\n  RATE_LIMIT_WINDOW: z.string().default('1m'),\n  RATE_LIMIT_LIMIT: z.string().default('100'),\n  LOG_LEVEL: z.enum(['fatal', 'error', 'warn', 'info', 'debug', 'trace']).default('info'),\n});\n\nexport type EnvConfig = z.infer<typeof envSchema>;\n\nexport interface ConfigOptions {\n  schema?: z.ZodSchema;\n  envPath?: string;\n  validate?: boolean;\n}\n\nclass ConfigManager {\n  private config: EnvConfig | null = null;\n  private schema: z.ZodSchema;\n  private validate: boolean;\n\n  constructor(options: ConfigOptions = {}) {\n    this.schema = options.schema || envSchema;\n    this.validate = options.validate ?? true;\n  }\n\n  load(): EnvConfig {\n    if (this.config) return this.config;\n\n    const env: Record<string, string | undefined> = {};\n    \n    for (const key of Object.keys(this.schema.shape)) {\n      env[key] = process.env[key];\n    }\n\n    if (this.validate) {\n      const result = this.schema.safeParse(env);\n      if (!result.success) {\n        const errors = result.error.errors.map(e => `${e.path.join('.')}: ${e.message}`).join(', ');\n        throw new Error(`Config validation failed: ${errors}`);\n      }\n      this.config = result.data;\n    } else {\n      this.config = env as EnvConfig;\n    }\n\n    return this.config;\n  }\n\n  get<K extends keyof EnvConfig>(key: K): EnvConfig[K] {\n    if (!this.config) this.load();\n    return this.config![key];\n  }\n\n  int(key: keyof EnvConfig): number {\n    const value = this.get(key);\n    if (typeof value === 'string') return parseInt(value, 10);\n    return Number(value);\n  }\n\n  bool(key: keyof EnvConfig): boolean {\n    const value = this.get(key);\n    if (typeof value === 'boolean') return value;\n    if (typeof value === 'string') return value.toLowerCase() === 'true';\n    return Boolean(value);\n  }\n\n  isProduction(): boolean {\n    return this.get('NODE_ENV') === 'production';\n  }\n\n  isDevelopment(): boolean {\n    return this.get('NODE_ENV') === 'development';\n  }\n\n  isTest(): boolean {\n    return this.get('NODE_ENV') === 'test';\n  }\n\n  getAll(): EnvConfig {\n    if (!this.config) this.load();\n    return this.config!;\n  }\n}\n\nconst globalConfig = new ConfigManager();\n\nexport const config = {\n  load: () => globalConfig.load(),\n  get: <K extends keyof EnvConfig>(key: K) => globalConfig.get(key),\n  int: (key: keyof EnvConfig) => globalConfig.int(key),\n  bool: (key: keyof EnvConfig) => globalConfig.bool(key),\n  isProduction: () => globalConfig.isProduction(),\n  isDevelopment: () => globalConfig.isDevelopment(),\n  isTest: () => globalConfig.isTest(),\n  getAll: () => globalConfig.getAll(),\n  create: (options?: ConfigOptions) => new ConfigManager(options),\n};\n\nexport default config;\n","import jwt from 'jsonwebtoken';\nimport { JWTPayload, TokenPair } from './types';\nimport { config } from '../config';\n\nexport class JWTService {\n  private secret: string;\n  private expiresIn: string;\n  private refreshSecret: string;\n  private refreshExpiresIn: string;\n\n  constructor(options: { jwtSecret?: string; jwtExpiresIn?: string; refreshSecret?: string; refreshExpiresIn?: string } = {}) {\n    this.secret = options.jwtSecret || config.get('JWT_SECRET') || 'default-secret-change-in-production';\n    this.expiresIn = options.jwtExpiresIn || config.get('JWT_EXPIRES_IN') || '7d';\n    this.refreshSecret = options.refreshSecret || config.get('JWT_REFRESH_SECRET') || this.secret;\n    this.refreshExpiresIn = options.refreshExpiresIn || config.get('JWT_REFRESH_EXPIRES_IN') || '30d';\n  }\n\n  generateToken(payload: JWTPayload): string {\n    return jwt.sign(payload, this.secret, { expiresIn: this.expiresIn });\n  }\n\n  generateRefreshToken(payload: JWTPayload): string {\n    return jwt.sign(payload, this.refreshSecret, { expiresIn: this.refreshExpiresIn });\n  }\n\n  generateTokenPair(payload: JWTPayload): TokenPair {\n    return {\n      accessToken: this.generateToken(payload),\n      refreshToken: this.generateRefreshToken(payload),\n    };\n  }\n\n  verifyToken(token: string): JWTPayload {\n    return jwt.verify(token, this.secret) as JWTPayload;\n  }\n\n  verifyRefreshToken(token: string): JWTPayload {\n    return jwt.verify(token, this.refreshSecret) as JWTPayload;\n  }\n\n  refreshTokens(refreshToken: string): TokenPair {\n    const payload = this.verifyRefreshToken(refreshToken);\n    return this.generateTokenPair(payload);\n  }\n}\n\nexport const jwtService = new JWTService();\n","import { OAuthProvider } from './types';\nimport { config } from '../config';\n\nexport interface OAuthUserInfo {\n  id: string;\n  email: string;\n  name?: string;\n  picture?: string;\n}\n\nexport class OAuthService {\n  private providers: Map<string, OAuthProvider> = new Map();\n\n  constructor() {\n    const googleClientId = config.get('GOOGLE_CLIENT_ID');\n    const googleClientSecret = config.get('GOOGLE_CLIENT_SECRET');\n    const googleRedirectUri = config.get('GOOGLE_REDIRECT_URI');\n\n    if (googleClientId && googleClientSecret && googleRedirectUri) {\n      this.registerProvider('google', {\n        name: 'google',\n        clientId: googleClientId,\n        clientSecret: googleClientSecret,\n        redirectUri: googleRedirectUri,\n        authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n        tokenUrl: 'https://oauth2.googleapis.com/token',\n        userInfoUrl: 'https://www.googleapis.com/oauth2/v2/userinfo',\n      });\n    }\n  }\n\n  registerProvider(name: string, provider: OAuthProvider): void {\n    this.providers.set(name, provider);\n  }\n\n  getProvider(name: string): OAuthProvider | undefined {\n    return this.providers.get(name);\n  }\n\n  getAuthorizationUrl(providerName: string, state?: string): string {\n    const provider = this.getProvider(providerName);\n    if (!provider) {\n      throw new Error(`OAuth provider ${providerName} not registered`);\n    }\n\n    const params = new URLSearchParams({\n      client_id: provider.clientId,\n      redirect_uri: provider.redirectUri,\n      response_type: 'code',\n      scope: 'openid email profile',\n      state: state || '',\n    });\n\n    return `${provider.authorizationUrl}?${params.toString()}`;\n  }\n\n  async exchangeCode(providerName: string, code: string): Promise<{ accessToken: string; refreshToken?: string }> {\n    const provider = this.getProvider(providerName);\n    if (!provider) {\n      throw new Error(`OAuth provider ${providerName} not registered`);\n    }\n\n    const response = await fetch(provider.tokenUrl, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/x-www-form-urlencoded',\n      },\n      body: new URLSearchParams({\n        client_id: provider.clientId,\n        client_secret: provider.clientSecret,\n        code,\n        grant_type: 'authorization_code',\n        redirect_uri: provider.redirectUri,\n      }),\n    });\n\n    if (!response.ok) {\n      const error = await response.text();\n      throw new Error(`OAuth token exchange failed: ${error}`);\n    }\n\n    const data = await response.json();\n    return {\n      accessToken: data.access_token,\n      refreshToken: data.refresh_token,\n    };\n  }\n\n  async getUserInfo(providerName: string, accessToken: string): Promise<OAuthUserInfo> {\n    const provider = this.getProvider(providerName);\n    if (!provider) {\n      throw new Error(`OAuth provider ${providerName} not registered`);\n    }\n\n    const response = await fetch(provider.userInfoUrl, {\n      headers: {\n        Authorization: `Bearer ${accessToken}`,\n      },\n    });\n\n    if (!response.ok) {\n      const error = await response.text();\n      throw new Error(`OAuth user info fetch failed: ${error}`);\n    }\n\n    const data = await response.json();\n\n    return {\n      id: data.id,\n      email: data.email,\n      name: data.name,\n      picture: data.picture,\n    };\n  }\n}\n\nexport const oauthService = new OAuthService();\n","import bcrypt from 'bcryptjs';\nimport { Request, Response, NextFunction, RequestHandler } from 'express';\nimport { JWTPayload, LoginCredentials, RegisterData, User, AuthOptions } from './types';\nimport { jwtService } from './jwt';\nimport { rbacService } from './rbac';\nimport { oauthService } from './oauth';\n\nexport interface AuthUser extends JWTPayload {\n  id: string;\n  email: string;\n  role: string;\n}\n\ndeclare global {\n  namespace Express {\n    interface Request {\n      user?: AuthUser;\n    }\n  }\n}\n\nexport interface UserStore {\n  findByEmail(email: string): Promise<User | null>;\n  findById(id: string): Promise<User | null>;\n  create(data: RegisterData): Promise<User>;\n  update(id: string, data: Partial<User>): Promise<User>;\n}\n\nclass InMemoryUserStore implements UserStore {\n  private users: Map<string, User> = new Map();\n\n  async findByEmail(email: string): Promise<User | null> {\n    for (const user of this.users.values()) {\n      if (user.email === email) return user;\n    }\n    return null;\n  }\n\n  async findById(id: string): Promise<User | null> {\n    return this.users.get(id) || null;\n  }\n\n  async create(data: RegisterData): Promise<User> {\n    const id = Math.random().toString(36).substr(2, 9);\n    const hashedPassword = await bcrypt.hash(data.password, 10);\n    const user: User = {\n      id,\n      email: data.email,\n      password: hashedPassword,\n      role: data.role || 'user',\n      name: data.name,\n    };\n    this.users.set(id, user);\n    return user;\n  }\n\n  async update(id: string, data: Partial<User>): Promise<User> {\n    const user = this.users.get(id);\n    if (!user) throw new Error('User not found');\n    const updated = { ...user, ...data };\n    this.users.set(id, updated);\n    return updated;\n  }\n}\n\nexport class AuthService {\n  private userStore: UserStore;\n  private options: Required<AuthOptions>;\n  private initialized: boolean = false;\n\n  constructor(options: AuthOptions = {}, userStore?: UserStore) {\n    this.options = {\n      jwtSecret: options.jwtSecret || process.env.JWT_SECRET || 'default-secret-change-in-production',\n      jwtExpiresIn: options.jwtExpiresIn || '7d',\n      refreshSecret: options.refreshSecret || process.env.JWT_REFRESH_SECRET || 'default-secret-change-in-production',\n      refreshExpiresIn: options.refreshExpiresIn || '30d',\n      googleClientId: options.googleClientId || process.env.GOOGLE_CLIENT_ID || '',\n      googleClientSecret: options.googleClientSecret || process.env.GOOGLE_CLIENT_SECRET || '',\n      googleRedirectUri: options.googleRedirectUri || process.env.GOOGLE_REDIRECT_URI || '',\n    };\n\n    this.userStore = userStore || new InMemoryUserStore();\n  }\n\n  async initialize(): Promise<void> {\n    if (this.options.googleClientId && this.options.googleClientSecret && this.options.googleRedirectUri) {\n      oauthService.registerProvider('google', {\n        name: 'google',\n        clientId: this.options.googleClientId,\n        clientSecret: this.options.googleClientSecret,\n        redirectUri: this.options.googleRedirectUri,\n        authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n        tokenUrl: 'https://oauth2.googleapis.com/token',\n        userInfoUrl: 'https://www.googleapis.com/oauth2/v2/userinfo',\n      });\n    }\n    this.initialized = true;\n  }\n\n  async register(data: RegisterData): Promise<{ user: User; tokens: { accessToken: string; refreshToken: string } }> {\n    const existing = await this.userStore.findByEmail(data.email);\n    if (existing) {\n      throw new Error('User already exists');\n    }\n\n    const user = await this.userStore.create(data);\n    const tokens = jwtService.generateTokenPair({\n      userId: user.id,\n      email: user.email,\n      role: user.role,\n    });\n\n    return { user, tokens };\n  }\n\n  async login(credentials: LoginCredentials): Promise<{ user: User; tokens: { accessToken: string; refreshToken: string } }> {\n    const user = await this.userStore.findByEmail(credentials.email);\n    if (!user || !user.password) {\n      throw new Error('Invalid credentials');\n    }\n\n    const isValid = await bcrypt.compare(credentials.password, user.password);\n    if (!isValid) {\n      throw new Error('Invalid credentials');\n    }\n\n    const tokens = jwtService.generateTokenPair({\n      userId: user.id,\n      email: user.email,\n      role: user.role,\n    });\n\n    return { user, tokens };\n  }\n\n  async refresh(refreshToken: string): Promise<{ accessToken: string; refreshToken: string }> {\n    return jwtService.refreshTokens(refreshToken);\n  }\n\n  async getGoogleAuthUrl(state?: string): Promise<string> {\n    return oauthService.getAuthorizationUrl('google', state);\n  }\n\n  async handleGoogleCallback(code: string): Promise<{ user: User; tokens: { accessToken: string; refreshToken: string } }> {\n    const { accessToken } = await oauthService.exchangeCode('google', code);\n    const userInfo = await oauthService.getUserInfo('google', accessToken);\n\n    let user = await this.userStore.findByEmail(userInfo.email);\n    \n    if (!user) {\n      user = await this.userStore.create({\n        email: userInfo.email,\n        password: Math.random().toString(36).substr(2, 20),\n        name: userInfo.name,\n        role: 'user',\n      });\n    }\n\n    const tokens = jwtService.generateTokenPair({\n      userId: user.id,\n      email: user.email,\n      role: user.role,\n    });\n\n    return { user, tokens };\n  }\n\n  getMiddleware(): RequestHandler {\n    return (req: Request, res: Response, next: NextFunction) => {\n      const authHeader = req.headers.authorization;\n      \n      if (!authHeader || !authHeader.startsWith('Bearer ')) {\n        return res.status(401).json({ error: 'No token provided' });\n      }\n\n      const token = authHeader.substring(7);\n      \n      try {\n        const payload = jwtService.verifyToken(token);\n        req.user = {\n          ...payload,\n          id: payload.userId,\n        };\n        next();\n      } catch (error) {\n        return res.status(401).json({ error: 'Invalid token' });\n      }\n    };\n  }\n\n  requireUser(): RequestHandler {\n    return (req: Request, res: Response, next: NextFunction) => {\n      if (!req.user) {\n        return res.status(401).json({ error: 'Authentication required' });\n      }\n      next();\n    };\n  }\n\n  requireRole(role: string): RequestHandler {\n    return (req: Request, res: Response, next: NextFunction) => {\n      if (!req.user) {\n        return res.status(401).json({ error: 'Authentication required' });\n      }\n      if (!rbacService.hasRole(req.user.role, role)) {\n        return res.status(403).json({ error: 'Insufficient permissions' });\n      }\n      next();\n    };\n  }\n\n  requirePermission(permission: string): RequestHandler {\n    return (req: Request, res: Response, next: NextFunction) => {\n      if (!req.user) {\n        return res.status(401).json({ error: 'Authentication required' });\n      }\n      if (!rbacService.hasPermission(req.user.role, permission)) {\n        return res.status(403).json({ error: 'Insufficient permissions' });\n      }\n      next();\n    };\n  }\n}\n\nlet authServiceInstance: AuthService | null = null;\n\nexport function createAuth(options?: AuthOptions, userStore?: UserStore): AuthService {\n  authServiceInstance = new AuthService(options, userStore);\n  return authServiceInstance;\n}\n\nexport function auth(): AuthService {\n  if (!authServiceInstance) {\n    authServiceInstance = new AuthService();\n  }\n  return authServiceInstance;\n}\n\nexport const Auth = {\n  initialize: (options?: AuthOptions) => {\n    const service = createAuth(options);\n    return {\n      service,\n      getMiddleware: () => service.getMiddleware(),\n      requireUser: () => service.requireUser(),\n      requireRole: (role: string) => service.requireRole(role),\n      requirePermission: (permission: string) => service.requirePermission(permission),\n    };\n  },\n};\n","import { FastifyInstance, FastifyRequest, FastifyReply, HookHandlerDoneFunction } from 'fastify';\nimport { AuthService } from './express';\nimport { JWTPayload } from './types';\n\ndeclare module 'fastify' {\n  interface FastifyRequest {\n    user?: JWTPayload & { id: string };\n  }\n}\n\nexport function registerAuthPlugin(fastify: FastifyInstance, options: { authService: AuthService }, done: HookHandlerDoneFunction) {\n  const { authService } = options;\n\n  fastify.decorate('authenticate', async (request: FastifyRequest, reply: FastifyReply) => {\n    const authHeader = request.headers.authorization;\n    \n    if (!authHeader || !authHeader.startsWith('Bearer ')) {\n      return reply.status(401).send({ error: 'No token provided' });\n    }\n\n    const token = authHeader.substring(7);\n    \n    try {\n      const payload = authService['jwtService'].verifyToken(token);\n      request.user = {\n        ...payload,\n        id: payload.userId,\n      };\n    } catch (error) {\n      return reply.status(401).send({ error: 'Invalid token' });\n    }\n  });\n\n  fastify.decorate('requireUser', async (request: FastifyRequest, reply: FastifyReply) => {\n    if (!request.user) {\n      return reply.status(401).send({ error: 'Authentication required' });\n    }\n  });\n\n  fastify.decorate('requireRole', (role: string) => {\n    return async (request: FastifyRequest, reply: FastifyReply) => {\n      if (!request.user) {\n        return reply.status(401).send({ error: 'Authentication required' });\n      }\n      const { rbacService } = await import('./rbac');\n      if (!rbacService.hasRole(request.user.role, role)) {\n        return reply.status(403).send({ error: 'Insufficient permissions' });\n      }\n    };\n  });\n\n  fastify.decorate('requirePermission', (permission: string) => {\n    return async (request: FastifyRequest, reply: FastifyReply) => {\n      if (!request.user) {\n        return reply.status(401).send({ error: 'Authentication required' });\n      }\n      const { rbacService } = await import('./rbac');\n      if (!rbacService.hasPermission(request.user.role, permission)) {\n        return reply.status(403).send({ error: 'Insufficient permissions' });\n      }\n    };\n  });\n\n  done();\n}\n"]}