saas-backend-kit 1.0.1 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +205 -6
- package/dist/auth/index.js +2 -1
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/index.mjs +2 -1
- package/dist/auth/index.mjs.map +1 -1
- package/dist/config/index.js +1 -0
- package/dist/config/index.js.map +1 -1
- package/dist/config/index.mjs +1 -0
- package/dist/config/index.mjs.map +1 -1
- package/dist/index.js +124 -41
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +122 -42
- package/dist/index.mjs.map +1 -1
- package/dist/logger/index.js +1 -0
- package/dist/logger/index.js.map +1 -1
- package/dist/logger/index.mjs +1 -0
- package/dist/logger/index.mjs.map +1 -1
- package/dist/notifications/index.js +1 -0
- package/dist/notifications/index.js.map +1 -1
- package/dist/notifications/index.mjs +1 -0
- package/dist/notifications/index.mjs.map +1 -1
- package/dist/queue/index.js +1 -0
- package/dist/queue/index.js.map +1 -1
- package/dist/queue/index.mjs +1 -0
- package/dist/queue/index.mjs.map +1 -1
- package/dist/rate-limit/index.js +2 -0
- package/dist/rate-limit/index.js.map +1 -1
- package/dist/rate-limit/index.mjs +2 -0
- package/dist/rate-limit/index.mjs.map +1 -1
- package/dist/response/index.js +51 -40
- package/dist/response/index.js.map +1 -1
- package/dist/response/index.mjs +51 -40
- package/dist/response/index.mjs.map +1 -1
- package/dist/upload/index.js +1 -0
- package/dist/upload/index.js.map +1 -1
- package/dist/upload/index.mjs +1 -0
- package/dist/upload/index.mjs.map +1 -1
- package/examples/express/.env.example +4 -1
- package/jest-output.json +72 -0
- package/jest.config.js +19 -0
- package/package.json +10 -7
- package/src/auth/jwt.ts +1 -1
- package/src/config/index.ts +1 -0
- package/src/database/index.ts +102 -0
- package/src/index.ts +1 -0
- package/src/rate-limit/express.ts +1 -0
- package/src/response/index.ts +49 -40
- package/tests/auth.test.ts +134 -0
- package/tests/config.test.ts +36 -0
- package/tests/logger.test.ts +47 -0
- package/tests/notifications.test.ts +19 -0
- package/tests/rate-limit.test.ts +50 -0
- package/tests/upload.test.ts +33 -0
- package/tsconfig.test.json +14 -0
- package/tsup.config.ts +2 -1
package/README.md
CHANGED
|
@@ -61,6 +61,170 @@ app.listen(3000, () => logger.info('Server running'));
|
|
|
61
61
|
|
|
62
62
|
---
|
|
63
63
|
|
|
64
|
+
## 🗄️ Database
|
|
65
|
+
|
|
66
|
+
This toolkit supports both **PostgreSQL** and **MongoDB**.
|
|
67
|
+
|
|
68
|
+
### PostgreSQL
|
|
69
|
+
|
|
70
|
+
#### 1. Set the Database URL
|
|
71
|
+
|
|
72
|
+
Add the following to your `.env` file:
|
|
73
|
+
|
|
74
|
+
```env
|
|
75
|
+
DATABASE_URL=postgresql://user:password@localhost:5432/mydb
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
Replace the values with your actual database credentials:
|
|
79
|
+
- `user` - Your PostgreSQL username
|
|
80
|
+
- `password` - Your PostgreSQL password
|
|
81
|
+
- `localhost` - Database host (use `localhost` for local, or your cloud provider's host)
|
|
82
|
+
- `5432` - PostgreSQL port (default is 5432)
|
|
83
|
+
- `mydb` - Your database name
|
|
84
|
+
|
|
85
|
+
#### 2. Using Prisma (Recommended)
|
|
86
|
+
|
|
87
|
+
If you're using Prisma, create a `prisma/schema.prisma` file:
|
|
88
|
+
|
|
89
|
+
```prisma
|
|
90
|
+
generator client {
|
|
91
|
+
provider = "prisma-client-js"
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
datasource db {
|
|
95
|
+
provider = "postgresql"
|
|
96
|
+
url = env("DATABASE_URL")
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
model User {
|
|
100
|
+
id String @id @default(uuid())
|
|
101
|
+
email String @unique
|
|
102
|
+
name String?
|
|
103
|
+
createdAt DateTime @default(now())
|
|
104
|
+
updatedAt DateTime @updatedAt
|
|
105
|
+
}
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
Then run migrations:
|
|
109
|
+
|
|
110
|
+
```bash
|
|
111
|
+
npx prisma migrate dev --name init
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
#### 3. Using pg (Native PostgreSQL Client)
|
|
115
|
+
|
|
116
|
+
```typescript
|
|
117
|
+
import pg from 'pg';
|
|
118
|
+
const { Pool } = pg;
|
|
119
|
+
|
|
120
|
+
const pool = new Pool({
|
|
121
|
+
connectionString: process.env.DATABASE_URL,
|
|
122
|
+
});
|
|
123
|
+
|
|
124
|
+
const result = await pool.query('SELECT * FROM users WHERE email = $1', [email]);
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
#### 4. Connection Pooling
|
|
128
|
+
|
|
129
|
+
For production, ensure your database connection is properly configured:
|
|
130
|
+
|
|
131
|
+
```typescript
|
|
132
|
+
const pool = new Pool({
|
|
133
|
+
connectionString: process.env.DATABASE_URL,
|
|
134
|
+
max: 20,
|
|
135
|
+
idleTimeoutMillis: 30000,
|
|
136
|
+
connectionTimeoutMillis: 2000,
|
|
137
|
+
});
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
---
|
|
141
|
+
|
|
142
|
+
### MongoDB
|
|
143
|
+
|
|
144
|
+
First, install the MongoDB driver:
|
|
145
|
+
|
|
146
|
+
```bash
|
|
147
|
+
npm install mongodb
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
#### 1. Set the MongoDB URL
|
|
151
|
+
|
|
152
|
+
Add the following to your `.env` file:
|
|
153
|
+
|
|
154
|
+
```env
|
|
155
|
+
MONGODB_URL=mongodb://user:password@localhost:27017/mydb
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
Replace the values with your actual MongoDB credentials:
|
|
159
|
+
- `user` - Your MongoDB username
|
|
160
|
+
- `password` - Your MongoDB password
|
|
161
|
+
- `localhost` - Database host
|
|
162
|
+
- `27017` - MongoDB port (default is 27017)
|
|
163
|
+
- `mydb` - Your database name
|
|
164
|
+
|
|
165
|
+
#### 2. Using the Database Module
|
|
166
|
+
|
|
167
|
+
```typescript
|
|
168
|
+
import { database, config } from 'saas-backend-kit';
|
|
169
|
+
|
|
170
|
+
config.load();
|
|
171
|
+
|
|
172
|
+
await database.connect({
|
|
173
|
+
url: config.get('MONGODB_URL') || 'mongodb://localhost:27017/mydb',
|
|
174
|
+
});
|
|
175
|
+
|
|
176
|
+
const usersCollection = database.collection('users');
|
|
177
|
+
|
|
178
|
+
const user = await usersCollection.findOne({ email: 'user@example.com' });
|
|
179
|
+
await usersCollection.insertOne({ name: 'John', email: 'john@example.com' });
|
|
180
|
+
```
|
|
181
|
+
|
|
182
|
+
#### 3. Using connectTo for Custom Database Name
|
|
183
|
+
|
|
184
|
+
```typescript
|
|
185
|
+
await database.connectTo(
|
|
186
|
+
'mongodb://localhost:27017',
|
|
187
|
+
'mydb',
|
|
188
|
+
{ maxPoolSize: 10 }
|
|
189
|
+
);
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
#### 4. Connection Options
|
|
193
|
+
|
|
194
|
+
```typescript
|
|
195
|
+
await database.connect({
|
|
196
|
+
url: process.env.MONGODB_URL!,
|
|
197
|
+
options: {
|
|
198
|
+
maxPoolSize: 20,
|
|
199
|
+
minPoolSize: 5,
|
|
200
|
+
serverSelectionTimeoutMS: 5000,
|
|
201
|
+
socketTimeoutMS: 45000,
|
|
202
|
+
w: 'majority',
|
|
203
|
+
}
|
|
204
|
+
});
|
|
205
|
+
```
|
|
206
|
+
|
|
207
|
+
#### 5. CRUD Operations
|
|
208
|
+
|
|
209
|
+
```typescript
|
|
210
|
+
const users = database.collection('users');
|
|
211
|
+
|
|
212
|
+
await users.insertOne({ name: 'John', email: 'john@example.com' });
|
|
213
|
+
|
|
214
|
+
const user = await users.findOne({ email: 'john@example.com' });
|
|
215
|
+
|
|
216
|
+
await users.updateOne(
|
|
217
|
+
{ email: 'john@example.com' },
|
|
218
|
+
{ $set: { name: 'John Doe' } }
|
|
219
|
+
);
|
|
220
|
+
|
|
221
|
+
await users.deleteOne({ email: 'john@example.com' });
|
|
222
|
+
|
|
223
|
+
const allUsers = await users.find().toArray();
|
|
224
|
+
```
|
|
225
|
+
|
|
226
|
+
---
|
|
227
|
+
|
|
64
228
|
## 🔐 Authentication
|
|
65
229
|
|
|
66
230
|
```typescript
|
|
@@ -177,14 +341,49 @@ res.error('Error message');
|
|
|
177
341
|
```env
|
|
178
342
|
NODE_ENV=development
|
|
179
343
|
PORT=3000
|
|
180
|
-
|
|
344
|
+
|
|
345
|
+
# JWT
|
|
346
|
+
JWT_SECRET=your-super-secret-jwt-key-change-in-production-min-32-chars
|
|
347
|
+
JWT_EXPIRES_IN=7d
|
|
348
|
+
JWT_REFRESH_SECRET=your-super-secret-refresh-key-change-in-production
|
|
349
|
+
JWT_REFRESH_EXPIRES_IN=30d
|
|
350
|
+
|
|
351
|
+
# Redis
|
|
181
352
|
REDIS_URL=redis://localhost:6379
|
|
182
353
|
|
|
183
|
-
#
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
354
|
+
# Database (PostgreSQL)
|
|
355
|
+
DATABASE_URL=postgresql://user:password@localhost:5432/mydb
|
|
356
|
+
|
|
357
|
+
# Database (MongoDB)
|
|
358
|
+
MONGODB_URL=mongodb://user:password@localhost:27017/mydb
|
|
359
|
+
|
|
360
|
+
# Google OAuth (optional)
|
|
361
|
+
GOOGLE_CLIENT_ID=
|
|
362
|
+
GOOGLE_CLIENT_SECRET=
|
|
363
|
+
GOOGLE_REDIRECT_URI=http://localhost:3000/auth/google/callback
|
|
364
|
+
|
|
365
|
+
# Email (SMTP) (optional)
|
|
366
|
+
SMTP_HOST=smtp.example.com
|
|
367
|
+
SMTP_PORT=587
|
|
368
|
+
SMTP_USER=your-smtp-user
|
|
369
|
+
SMTP_PASS=your-smtp-password
|
|
370
|
+
SMTP_FROM=noreply@yourdomain.com
|
|
371
|
+
|
|
372
|
+
# Twilio SMS (optional)
|
|
373
|
+
TWILIO_ACCOUNT_SID=
|
|
374
|
+
TWILIO_AUTH_TOKEN=
|
|
375
|
+
TWILIO_PHONE_NUMBER=
|
|
376
|
+
|
|
377
|
+
# Slack (optional)
|
|
378
|
+
SLACK_WEBHOOK_URL=
|
|
379
|
+
|
|
380
|
+
# Rate Limiting
|
|
381
|
+
RATE_LIMIT_WINDOW=1m
|
|
382
|
+
RATE_LIMIT_LIMIT=100
|
|
383
|
+
|
|
384
|
+
# Logger
|
|
385
|
+
LOG_LEVEL=info
|
|
386
|
+
|
|
188
387
|
```
|
|
189
388
|
|
|
190
389
|
---
|
package/dist/auth/index.js
CHANGED
|
@@ -111,6 +111,7 @@ var envSchema = zod.z.object({
|
|
|
111
111
|
NODE_ENV: zod.z.enum(["development", "production", "test"]).default("development"),
|
|
112
112
|
PORT: zod.z.string().default("3000"),
|
|
113
113
|
DATABASE_URL: zod.z.string().optional(),
|
|
114
|
+
MONGODB_URL: zod.z.string().optional(),
|
|
114
115
|
REDIS_URL: zod.z.string().default("redis://localhost:6379"),
|
|
115
116
|
JWT_SECRET: zod.z.string().min(32).optional(),
|
|
116
117
|
JWT_EXPIRES_IN: zod.z.string().default("7d"),
|
|
@@ -236,7 +237,7 @@ var JWTService = class {
|
|
|
236
237
|
return jwt__default.default.verify(token, this.refreshSecret);
|
|
237
238
|
}
|
|
238
239
|
refreshTokens(refreshToken) {
|
|
239
|
-
const payload = this.verifyRefreshToken(refreshToken);
|
|
240
|
+
const { iat, exp, nbf, ...payload } = this.verifyRefreshToken(refreshToken);
|
|
240
241
|
return this.generateTokenPair(payload);
|
|
241
242
|
}
|
|
242
243
|
};
|
package/dist/auth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/auth/types.ts","../../src/auth/rbac.ts","../../src/auth/index.ts","../../src/config/index.ts","../../src/auth/jwt.ts","../../src/auth/oauth.ts","../../src/auth/express.ts","../../src/auth/fastify.ts"],"names":["DEFAULT_PERMISSIONS","RBACService","rbacService","z","jwt","bcrypt"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AA4CaA;AA5Cb,IAAA,UAAA,GAAA,KAAA,CAAA;AAAA,EAAA,mBAAA,GAAA;AA4CO,IAAMA,2BAAA,GAAuC;AAAA,MAClD,KAAA,EAAO,CAAC,GAAG,CAAA;AAAA,MACX,IAAA,EAAM,CAAC,MAAA,EAAQ,WAAW,CAAA;AAAA,MAC1B,KAAA,EAAO,CAAC,aAAa;AAAA,KACvB;AAAA,EAAA;AAAA,CAAA,CAAA;;;AChDA,IAAA,YAAA,GAAA,EAAA;AAAA,QAAA,CAAA,YAAA,EAAA;AAAA,EAAA,WAAA,EAAA,MAAAC,mBAAA;AAAA,EAAA,WAAA,EAAA,MAAAC;AAAA,CAAA,CAAA;AAEaD,4BAAA,CAAA,CA+EAC;AAjFb,IAAA,SAAA,GAAA,KAAA,CAAA;AAAA,EAAA,kBAAA,GAAA;AAAA,IAAA,UAAA,EAAA;AAEO,IAAMD,sBAAN,MAAkB;AAAA,MACf,WAAA;AAAA,MAER,WAAA,CAAY,cAA+BD,2BAAA,EAAqB;AAC9D,QAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AAAA,MACrB;AAAA,MAEA,eAAe,WAAA,EAAoC;AACjD,QAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AAAA,MACrB;AAAA,MAEA,aAAA,CAAc,MAAY,UAAA,EAA8B;AACtD,QAAA,IAAI,CAAC,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,EAAG;AAC3B,UAAA,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,GAAI,EAAC;AAAA,QAC5B;AACA,QAAA,IAAI,CAAC,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,CAAE,QAAA,CAAS,UAAU,CAAA,EAAG;AAChD,UAAA,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,CAAE,IAAA,CAAK,UAAU,CAAA;AAAA,QACxC;AAAA,MACF;AAAA,MAEA,gBAAA,CAAiB,MAAY,UAAA,EAA8B;AACzD,QAAA,IAAI,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,EAAG;AAC1B,UAAA,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,GAAI,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,CAAE,MAAA,CAAO,CAAA,CAAA,KAAK,CAAA,KAAM,UAAU,CAAA;AAAA,QAC9E;AAAA,MACF;AAAA,MAEA,eAAe,IAAA,EAA0B;AACvC,QAAA,OAAO,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,IAAK,EAAC;AAAA,MACpC;AAAA,MAEA,aAAA,CAAc,MAAY,kBAAA,EAAyC;AACjE,QAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA;AAEhD,QAAA,IAAI,eAAA,CAAgB,QAAA,CAAS,GAAG,CAAA,EAAG;AACjC,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,IAAI,eAAA,CAAgB,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAChD,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,MAAM,CAAC,cAAA,EAAgB,aAAa,CAAA,GAAI,kBAAA,CAAmB,MAAM,GAAG,CAAA;AAEpE,QAAA,KAAA,MAAW,QAAQ,eAAA,EAAiB;AAClC,UAAA,MAAM,CAAC,MAAA,EAAQ,KAAK,CAAA,GAAI,IAAA,CAAK,MAAM,GAAG,CAAA;AAEtC,UAAA,IAAI,MAAA,KAAW,GAAA,KAAQ,KAAA,KAAU,GAAA,IAAO,UAAU,aAAA,CAAA,EAAgB;AAChE,YAAA,OAAO,IAAA;AAAA,UACT;AAEA,UAAA,IAAI,MAAA,KAAW,cAAA,KAAmB,KAAA,KAAU,GAAA,IAAO,UAAU,aAAA,CAAA,EAAgB;AAC3E,YAAA,OAAO,IAAA;AAAA,UACT;AAAA,QACF;AAEA,QAAA,OAAO,KAAA;AAAA,MACT;AAAA,MAEA,OAAA,CAAQ,UAAgB,YAAA,EAA6B;AACnD,QAAA,MAAM,SAAA,GAAoB,CAAC,OAAA,EAAS,MAAA,EAAQ,OAAO,CAAA;AACnD,QAAA,MAAM,SAAA,GAAY,SAAA,CAAU,OAAA,CAAQ,QAAe,CAAA;AACnD,QAAA,MAAM,aAAA,GAAgB,SAAA,CAAU,OAAA,CAAQ,YAAmB,CAAA;AAE3D,QAAA,IAAI,SAAA,KAAc,EAAA,IAAM,aAAA,KAAkB,EAAA,EAAI;AAC5C,UAAA,OAAO,QAAA,KAAa,YAAA;AAAA,QACtB;AAEA,QAAA,OAAO,SAAA,IAAa,aAAA;AAAA,MACtB;AAAA,MAEA,UAAU,UAAA,EAAwB;AAChC,QAAA,OAAO,CAAC,IAAA,KAAwB,IAAA,CAAK,aAAA,CAAc,MAAM,UAAU,CAAA;AAAA,MACrE;AAAA,MAEA,cAAc,YAAA,EAAoB;AAChC,QAAA,OAAO,CAAC,IAAA,KAAwB,IAAA,CAAK,OAAA,CAAQ,MAAM,YAAY,CAAA;AAAA,MACjE;AAAA,KACF;AAEO,IAAME,mBAAA,GAAc,IAAID,mBAAA,EAAY;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACjF3C,UAAA,EAAA;ACEO,IAAM,SAAA,GAAYE,MAAE,MAAA,CAAO;AAAA,EAChC,QAAA,EAAUA,KAAA,CAAE,IAAA,CAAK,CAAC,aAAA,EAAe,cAAc,MAAM,CAAC,CAAA,CAAE,OAAA,CAAQ,aAAa,CAAA;AAAA,EAC7E,IAAA,EAAMA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,MAAM,CAAA;AAAA,EAC/B,YAAA,EAAcA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAClC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,wBAAwB,CAAA;AAAA,EACtD,YAAYA,KAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA,EACxC,cAAA,EAAgBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,IAAI,CAAA;AAAA,EACvC,oBAAoBA,KAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA,EAChD,sBAAA,EAAwBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,KAAK,CAAA;AAAA,EAChD,gBAAA,EAAkBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACtC,oBAAA,EAAsBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1C,mBAAA,EAAqBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,KAAK,CAAA;AAAA,EACnC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,kBAAA,EAAoBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACxC,iBAAA,EAAmBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACvC,mBAAA,EAAqBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzC,iBAAA,EAAmBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACvC,iBAAA,EAAmBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,IAAI,CAAA;AAAA,EAC1C,gBAAA,EAAkBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,KAAK,CAAA;AAAA,EAC1C,SAAA,EAAWA,KAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,MAAA,EAAQ,OAAA,EAAS,OAAO,CAAC,CAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,EACtF,UAAA,EAAYA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,WAAW,CAAA;AAAA,EAC1C,iBAAA,EAAmBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACvC,qBAAA,EAAuBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3C,aAAA,EAAeA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACnC,YAAA,EAAcA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC3B,CAAC,CAAA;AAUD,IAAM,gBAAN,MAAoB;AAAA,EACV,MAAA,GAA2B,IAAA;AAAA,EAC3B,MAAA;AAAA,EACA,QAAA;AAAA,EAER,WAAA,CAAY,OAAA,GAAyB,EAAC,EAAG;AACvC,IAAA,IAAA,CAAK,MAAA,GAAS,QAAQ,MAAA,IAAU,SAAA;AAChC,IAAA,IAAA,CAAK,QAAA,GAAW,QAAQ,QAAA,IAAY,IAAA;AAAA,EACtC;AAAA,EAEA,IAAA,GAAkB;AAChB,IAAA,IAAI,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA,CAAK,MAAA;AAE7B,IAAA,MAAM,MAA0C,EAAC;AAEjD,IAAA,KAAA,MAAW,OAAO,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA,EAAG;AAChD,MAAA,GAAA,CAAI,GAAG,CAAA,GAAI,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,IAC5B;AAEA,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,CAAO,SAAA,CAAU,GAAG,CAAA;AACxC,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,MAAM,SAAS,MAAA,CAAO,KAAA,CAAM,OAAO,GAAA,CAAI,CAAA,CAAA,KAAK,GAAG,CAAA,CAAE,IAAA,CAAK,IAAA,CAAK,GAAG,CAAC,CAAA,EAAA,EAAK,CAAA,CAAE,OAAO,CAAA,CAAE,CAAA,CAAE,KAAK,IAAI,CAAA;AAC1F,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,MAAM,CAAA,CAAE,CAAA;AAAA,MACvD;AACA,MAAA,IAAA,CAAK,SAAS,MAAA,CAAO,IAAA;AAAA,IACvB,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,MAAA,GAAS,GAAA;AAAA,IAChB;AAEA,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA,EAEA,IAA+B,GAAA,EAAsB;AACnD,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,IAAA,CAAK,IAAA,EAAK;AAC5B,IAAA,OAAO,IAAA,CAAK,OAAQ,GAAG,CAAA;AAAA,EACzB;AAAA,EAEA,IAAI,GAAA,EAA8B;AAChC,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,QAAA,CAAS,OAAO,EAAE,CAAA;AACxD,IAAA,OAAO,OAAO,KAAK,CAAA;AAAA,EACrB;AAAA,EAEA,KAAK,GAAA,EAA+B;AAClC,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,IAAI,OAAO,KAAA,KAAU,SAAA,EAAW,OAAO,KAAA;AACvC,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA,CAAM,aAAY,KAAM,MAAA;AAC9D,IAAA,OAAO,QAAQ,KAAK,CAAA;AAAA,EACtB;AAAA,EAEA,YAAA,GAAwB;AACtB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA,KAAM,YAAA;AAAA,EAClC;AAAA,EAEA,aAAA,GAAyB;AACvB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA,KAAM,aAAA;AAAA,EAClC;AAAA,EAEA,MAAA,GAAkB;AAChB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA,KAAM,MAAA;AAAA,EAClC;AAAA,EAEA,MAAA,GAAoB;AAClB,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,IAAA,CAAK,IAAA,EAAK;AAC5B,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AACF,CAAA;AAEA,IAAM,YAAA,GAAe,IAAI,aAAA,EAAc;AAEhC,IAAM,MAAA,GAAS;AAAA,EACpB,IAAA,EAAM,MAAM,YAAA,CAAa,IAAA,EAAK;AAAA,EAC9B,GAAA,EAAK,CAA4B,GAAA,KAAW,YAAA,CAAa,IAAI,GAAG,CAAA;AAAA,EAChE,GAAA,EAAK,CAAC,GAAA,KAAyB,YAAA,CAAa,IAAI,GAAG,CAAA;AAAA,EACnD,IAAA,EAAM,CAAC,GAAA,KAAyB,YAAA,CAAa,KAAK,GAAG,CAAA;AAAA,EACrD,YAAA,EAAc,MAAM,YAAA,CAAa,YAAA,EAAa;AAAA,EAC9C,aAAA,EAAe,MAAM,YAAA,CAAa,aAAA,EAAc;AAAA,EAChD,MAAA,EAAQ,MAAM,YAAA,CAAa,MAAA,EAAO;AAAA,EAClC,MAAA,EAAQ,MAAM,YAAA,CAAa,MAAA,EAAO;AAAA,EAClC,MAAA,EAAQ,CAAC,OAAA,KAA4B,IAAI,cAAc,OAAO;AAChE,CAAA;;;ACtHO,IAAM,aAAN,MAAiB;AAAA,EACd,MAAA;AAAA,EACA,SAAA;AAAA,EACA,aAAA;AAAA,EACA,gBAAA;AAAA,EAER,WAAA,CAAY,OAAA,GAA4G,EAAC,EAAG;AAC1H,IAAA,IAAA,CAAK,SAAS,OAAA,CAAQ,SAAA,IAAa,MAAA,CAAO,GAAA,CAAI,YAAY,CAAA,IAAK,qCAAA;AAC/D,IAAA,IAAA,CAAK,YAAY,OAAA,CAAQ,YAAA,IAAgB,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,IAAK,IAAA;AACzE,IAAA,IAAA,CAAK,gBAAgB,OAAA,CAAQ,aAAA,IAAiB,OAAO,GAAA,CAAI,oBAAoB,KAAK,IAAA,CAAK,MAAA;AACvF,IAAA,IAAA,CAAK,mBAAmB,OAAA,CAAQ,gBAAA,IAAoB,MAAA,CAAO,GAAA,CAAI,wBAAwB,CAAA,IAAK,KAAA;AAAA,EAC9F;AAAA,EAEA,cAAc,OAAA,EAA6B;AACzC,IAAA,OAAOC,oBAAA,CAAI,KAAK,OAAA,EAAS,IAAA,CAAK,QAAQ,EAAE,SAAA,EAAW,IAAA,CAAK,SAAA,EAAW,CAAA;AAAA,EACrE;AAAA,EAEA,qBAAqB,OAAA,EAA6B;AAChD,IAAA,OAAOA,oBAAA,CAAI,KAAK,OAAA,EAAS,IAAA,CAAK,eAAe,EAAE,SAAA,EAAW,IAAA,CAAK,gBAAA,EAAkB,CAAA;AAAA,EACnF;AAAA,EAEA,kBAAkB,OAAA,EAAgC;AAChD,IAAA,OAAO;AAAA,MACL,WAAA,EAAa,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAAA,MACvC,YAAA,EAAc,IAAA,CAAK,oBAAA,CAAqB,OAAO;AAAA,KACjD;AAAA,EACF;AAAA,EAEA,YAAY,KAAA,EAA2B;AACrC,IAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,mBAAmB,KAAA,EAA2B;AAC5C,IAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,aAAa,CAAA;AAAA,EAC7C;AAAA,EAEA,cAAc,YAAA,EAAiC;AAC7C,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,kBAAA,CAAmB,YAAY,CAAA;AACpD,IAAA,OAAO,IAAA,CAAK,kBAAkB,OAAO,CAAA;AAAA,EACvC;AACF;AAEO,IAAM,UAAA,GAAa,IAAI,UAAA;;;AF5C9B,SAAA,EAAA;;;AGQO,IAAM,eAAN,MAAmB;AAAA,EAChB,SAAA,uBAA4C,GAAA,EAAI;AAAA,EAExD,WAAA,GAAc;AACZ,IAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,GAAA,CAAI,kBAAkB,CAAA;AACpD,IAAA,MAAM,kBAAA,GAAqB,MAAA,CAAO,GAAA,CAAI,sBAAsB,CAAA;AAC5D,IAAA,MAAM,iBAAA,GAAoB,MAAA,CAAO,GAAA,CAAI,qBAAqB,CAAA;AAE1D,IAAA,IAAI,cAAA,IAAkB,sBAAsB,iBAAA,EAAmB;AAC7D,MAAA,IAAA,CAAK,iBAAiB,QAAA,EAAU;AAAA,QAC9B,IAAA,EAAM,QAAA;AAAA,QACN,QAAA,EAAU,cAAA;AAAA,QACV,YAAA,EAAc,kBAAA;AAAA,QACd,WAAA,EAAa,iBAAA;AAAA,QACb,gBAAA,EAAkB,8CAAA;AAAA,QAClB,QAAA,EAAU,qCAAA;AAAA,QACV,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AAAA,EACF;AAAA,EAEA,gBAAA,CAAiB,MAAc,QAAA,EAA+B;AAC5D,IAAA,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,IAAA,EAAM,QAAQ,CAAA;AAAA,EACnC;AAAA,EAEA,YAAY,IAAA,EAAyC;AACnD,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,IAAI,CAAA;AAAA,EAChC;AAAA,EAEA,mBAAA,CAAoB,cAAsB,KAAA,EAAwB;AAChE,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,YAAY,CAAA;AAC9C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,YAAY,CAAA,eAAA,CAAiB,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,MACjC,WAAW,QAAA,CAAS,QAAA;AAAA,MACpB,cAAc,QAAA,CAAS,WAAA;AAAA,MACvB,aAAA,EAAe,MAAA;AAAA,MACf,KAAA,EAAO,sBAAA;AAAA,MACP,OAAO,KAAA,IAAS;AAAA,KACjB,CAAA;AAED,IAAA,OAAO,GAAG,QAAA,CAAS,gBAAgB,CAAA,CAAA,EAAI,MAAA,CAAO,UAAU,CAAA,CAAA;AAAA,EAC1D;AAAA,EAEA,MAAM,YAAA,CAAa,YAAA,EAAsB,IAAA,EAAuE;AAC9G,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,YAAY,CAAA;AAC9C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,YAAY,CAAA,eAAA,CAAiB,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,QAAA,CAAS,QAAA,EAAU;AAAA,MAC9C,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,QACxB,WAAW,QAAA,CAAS,QAAA;AAAA,QACpB,eAAe,QAAA,CAAS,YAAA;AAAA,QACxB,IAAA;AAAA,QACA,UAAA,EAAY,oBAAA;AAAA,QACZ,cAAc,QAAA,CAAS;AAAA,OACxB;AAAA,KACF,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,KAAK,CAAA,CAAE,CAAA;AAAA,IACzD;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,IAAA,OAAO;AAAA,MACL,aAAa,IAAA,CAAK,YAAA;AAAA,MAClB,cAAc,IAAA,CAAK;AAAA,KACrB;AAAA,EACF;AAAA,EAEA,MAAM,WAAA,CAAY,YAAA,EAAsB,WAAA,EAA6C;AACnF,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,YAAY,CAAA;AAC9C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,YAAY,CAAA,eAAA,CAAiB,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,QAAA,CAAS,WAAA,EAAa;AAAA,MACjD,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA;AACtC,KACD,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,8BAAA,EAAiC,KAAK,CAAA,CAAE,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAEjC,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,SAAS,IAAA,CAAK;AAAA,KAChB;AAAA,EACF;AACF;AAEO,IAAM,YAAA,GAAe,IAAI,YAAA;AChHhC,SAAA,EAAA;AAwBA,IAAM,oBAAN,MAA6C;AAAA,EACnC,KAAA,uBAA+B,GAAA,EAAI;AAAA,EAE3C,MAAM,YAAY,KAAA,EAAqC;AACrD,IAAA,KAAA,MAAW,IAAA,IAAQ,IAAA,CAAK,KAAA,CAAM,MAAA,EAAO,EAAG;AACtC,MAAA,IAAI,IAAA,CAAK,KAAA,KAAU,KAAA,EAAO,OAAO,IAAA;AAAA,IACnC;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,EAAA,EAAkC;AAC/C,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAE,CAAA,IAAK,IAAA;AAAA,EAC/B;AAAA,EAEA,MAAM,OAAO,IAAA,EAAmC;AAC9C,IAAA,MAAM,EAAA,GAAK,KAAK,MAAA,EAAO,CAAE,SAAS,EAAE,CAAA,CAAE,MAAA,CAAO,CAAA,EAAG,CAAC,CAAA;AACjD,IAAA,MAAM,iBAAiB,MAAMC,uBAAA,CAAO,IAAA,CAAK,IAAA,CAAK,UAAU,EAAE,CAAA;AAC1D,IAAA,MAAM,IAAA,GAAa;AAAA,MACjB,EAAA;AAAA,MACA,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,QAAA,EAAU,cAAA;AAAA,MACV,IAAA,EAAM,KAAK,IAAA,IAAQ,MAAA;AAAA,MACnB,MAAM,IAAA,CAAK;AAAA,KACb;AACA,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAA,EAAI,IAAI,CAAA;AACvB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,MAAA,CAAO,EAAA,EAAY,IAAA,EAAoC;AAC3D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAE,CAAA;AAC9B,IAAA,IAAI,CAAC,IAAA,EAAM,MAAM,IAAI,MAAM,gBAAgB,CAAA;AAC3C,IAAA,MAAM,OAAA,GAAU,EAAE,GAAG,IAAA,EAAM,GAAG,IAAA,EAAK;AACnC,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAA,EAAI,OAAO,CAAA;AAC1B,IAAA,OAAO,OAAA;AAAA,EACT;AACF,CAAA;AAEO,IAAM,cAAN,MAAkB;AAAA,EACf,SAAA;AAAA,EACA,OAAA;AAAA,EACA,WAAA,GAAuB,KAAA;AAAA,EAE/B,WAAA,CAAY,OAAA,GAAuB,EAAC,EAAG,SAAA,EAAuB;AAC5D,IAAA,IAAA,CAAK,OAAA,GAAU;AAAA,MACb,SAAA,EAAW,OAAA,CAAQ,SAAA,IAAa,OAAA,CAAQ,IAAI,UAAA,IAAc,qCAAA;AAAA,MAC1D,YAAA,EAAc,QAAQ,YAAA,IAAgB,IAAA;AAAA,MACtC,aAAA,EAAe,OAAA,CAAQ,aAAA,IAAiB,OAAA,CAAQ,IAAI,kBAAA,IAAsB,qCAAA;AAAA,MAC1E,gBAAA,EAAkB,QAAQ,gBAAA,IAAoB,KAAA;AAAA,MAC9C,cAAA,EAAgB,OAAA,CAAQ,cAAA,IAAkB,OAAA,CAAQ,IAAI,gBAAA,IAAoB,EAAA;AAAA,MAC1E,kBAAA,EAAoB,OAAA,CAAQ,kBAAA,IAAsB,OAAA,CAAQ,IAAI,oBAAA,IAAwB,EAAA;AAAA,MACtF,iBAAA,EAAmB,OAAA,CAAQ,iBAAA,IAAqB,OAAA,CAAQ,IAAI,mBAAA,IAAuB;AAAA,KACrF;AAEA,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA,IAAa,IAAI,iBAAA,EAAkB;AAAA,EACtD;AAAA,EAEA,MAAM,UAAA,GAA4B;AAChC,IAAA,IAAI,IAAA,CAAK,QAAQ,cAAA,IAAkB,IAAA,CAAK,QAAQ,kBAAA,IAAsB,IAAA,CAAK,QAAQ,iBAAA,EAAmB;AACpG,MAAA,YAAA,CAAa,iBAAiB,QAAA,EAAU;AAAA,QACtC,IAAA,EAAM,QAAA;AAAA,QACN,QAAA,EAAU,KAAK,OAAA,CAAQ,cAAA;AAAA,QACvB,YAAA,EAAc,KAAK,OAAA,CAAQ,kBAAA;AAAA,QAC3B,WAAA,EAAa,KAAK,OAAA,CAAQ,iBAAA;AAAA,QAC1B,gBAAA,EAAkB,8CAAA;AAAA,QAClB,QAAA,EAAU,qCAAA;AAAA,QACV,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AACA,IAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAAA,EACrB;AAAA,EAEA,MAAM,SAAS,IAAA,EAAoG;AACjH,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,KAAK,KAAK,CAAA;AAC5D,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,OAAO,IAAI,CAAA;AAC7C,IAAA,MAAM,MAAA,GAAS,WAAW,iBAAA,CAAkB;AAAA,MAC1C,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,MAAM,MAAA,EAAO;AAAA,EACxB;AAAA,EAEA,MAAM,MAAM,WAAA,EAA+G;AACzH,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,YAAY,KAAK,CAAA;AAC/D,IAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,IAAA,CAAK,QAAA,EAAU;AAC3B,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,UAAU,MAAMA,uBAAA,CAAO,QAAQ,WAAA,CAAY,QAAA,EAAU,KAAK,QAAQ,CAAA;AACxE,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,MAAA,GAAS,WAAW,iBAAA,CAAkB;AAAA,MAC1C,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,MAAM,MAAA,EAAO;AAAA,EACxB;AAAA,EAEA,MAAM,QAAQ,YAAA,EAA8E;AAC1F,IAAA,OAAO,UAAA,CAAW,cAAc,YAAY,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,iBAAiB,KAAA,EAAiC;AACtD,IAAA,OAAO,YAAA,CAAa,mBAAA,CAAoB,QAAA,EAAU,KAAK,CAAA;AAAA,EACzD;AAAA,EAEA,MAAM,qBAAqB,IAAA,EAA8F;AACvH,IAAA,MAAM,EAAE,WAAA,EAAY,GAAI,MAAM,YAAA,CAAa,YAAA,CAAa,UAAU,IAAI,CAAA;AACtE,IAAA,MAAM,QAAA,GAAW,MAAM,YAAA,CAAa,WAAA,CAAY,UAAU,WAAW,CAAA;AAErE,IAAA,IAAI,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,SAAS,KAAK,CAAA;AAE1D,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO;AAAA,QACjC,OAAO,QAAA,CAAS,KAAA;AAAA,QAChB,QAAA,EAAU,KAAK,MAAA,EAAO,CAAE,SAAS,EAAE,CAAA,CAAE,MAAA,CAAO,CAAA,EAAG,EAAE,CAAA;AAAA,QACjD,MAAM,QAAA,CAAS,IAAA;AAAA,QACf,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,MAAA,GAAS,WAAW,iBAAA,CAAkB;AAAA,MAC1C,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,MAAM,MAAA,EAAO;AAAA,EACxB;AAAA,EAEA,aAAA,GAAgC;AAC9B,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,MAAM,UAAA,GAAa,IAAI,OAAA,CAAQ,aAAA;AAE/B,MAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AACpD,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AAAA,MAC5D;AAEA,MAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,SAAA,CAAU,CAAC,CAAA;AAEpC,MAAA,IAAI;AACF,QAAA,MAAM,OAAA,GAAU,UAAA,CAAW,WAAA,CAAY,KAAK,CAAA;AAC5C,QAAA,GAAA,CAAI,IAAA,GAAO;AAAA,UACT,GAAG,OAAA;AAAA,UACH,IAAI,OAAA,CAAQ;AAAA,SACd;AACA,QAAA,IAAA,EAAK;AAAA,MACP,SAAS,KAAA,EAAO;AACd,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,MACxD;AAAA,IACF,CAAA;AAAA,EACF;AAAA,EAEA,WAAA,GAA8B;AAC5B,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,IAAI,CAAC,IAAI,IAAA,EAAM;AACb,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MAClE;AACA,MAAA,IAAA,EAAK;AAAA,IACP,CAAA;AAAA,EACF;AAAA,EAEA,YAAY,IAAA,EAA8B;AACxC,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,IAAI,CAAC,IAAI,IAAA,EAAM;AACb,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MAClE;AACA,MAAA,IAAI,CAACH,mBAAA,CAAY,OAAA,CAAQ,IAAI,IAAA,CAAK,IAAA,EAAM,IAAI,CAAA,EAAG;AAC7C,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACnE;AACA,MAAA,IAAA,EAAK;AAAA,IACP,CAAA;AAAA,EACF;AAAA,EAEA,kBAAkB,UAAA,EAAoC;AACpD,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,IAAI,CAAC,IAAI,IAAA,EAAM;AACb,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MAClE;AACA,MAAA,IAAI,CAACA,mBAAA,CAAY,aAAA,CAAc,IAAI,IAAA,CAAK,IAAA,EAAM,UAAU,CAAA,EAAG;AACzD,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACnE;AACA,MAAA,IAAA,EAAK;AAAA,IACP,CAAA;AAAA,EACF;AACF;AAEA,IAAI,mBAAA,GAA0C,IAAA;AAEvC,SAAS,UAAA,CAAW,SAAuB,SAAA,EAAoC;AACpF,EAAA,mBAAA,GAAsB,IAAI,WAAA,CAAY,OAAA,EAAS,SAAS,CAAA;AACxD,EAAA,OAAO,mBAAA;AACT;AAEO,SAAS,IAAA,GAAoB;AAClC,EAAA,IAAI,CAAC,mBAAA,EAAqB;AACxB,IAAA,mBAAA,GAAsB,IAAI,WAAA,EAAY;AAAA,EACxC;AACA,EAAA,OAAO,mBAAA;AACT;AAEO,IAAM,IAAA,GAAO;AAAA,EAClB,UAAA,EAAY,CAAC,OAAA,KAA0B;AACrC,IAAA,MAAM,OAAA,GAAU,WAAW,OAAO,CAAA;AAClC,IAAA,OAAO;AAAA,MACL,OAAA;AAAA,MACA,aAAA,EAAe,MAAM,OAAA,CAAQ,aAAA,EAAc;AAAA,MAC3C,WAAA,EAAa,MAAM,OAAA,CAAQ,WAAA,EAAY;AAAA,MACvC,WAAA,EAAa,CAAC,IAAA,KAAiB,OAAA,CAAQ,YAAY,IAAI,CAAA;AAAA,MACvD,iBAAA,EAAmB,CAAC,UAAA,KAAuB,OAAA,CAAQ,kBAAkB,UAAU;AAAA,KACjF;AAAA,EACF;AACF;;;AC/OO,SAAS,kBAAA,CAAmB,OAAA,EAA0B,OAAA,EAAuC,IAAA,EAA+B;AACjI,EAAA,MAAM,EAAE,aAAY,GAAI,OAAA;AAExB,EAAA,OAAA,CAAQ,QAAA,CAAS,cAAA,EAAgB,OAAO,OAAA,EAAyB,KAAA,KAAwB;AACvF,IAAA,MAAM,UAAA,GAAa,QAAQ,OAAA,CAAQ,aAAA;AAEnC,IAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AACpD,MAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AAAA,IAC9D;AAEA,IAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,SAAA,CAAU,CAAC,CAAA;AAEpC,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,WAAA,CAAY,YAAY,CAAA,CAAE,YAAY,KAAK,CAAA;AAC3D,MAAA,OAAA,CAAQ,IAAA,GAAO;AAAA,QACb,GAAG,OAAA;AAAA,QACH,IAAI,OAAA,CAAQ;AAAA,OACd;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,IAC1D;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,QAAA,CAAS,aAAA,EAAe,OAAO,OAAA,EAAyB,KAAA,KAAwB;AACtF,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,IACpE;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,QAAA,CAAS,aAAA,EAAe,CAAC,IAAA,KAAiB;AAChD,IAAA,OAAO,OAAO,SAAyB,KAAA,KAAwB;AAC7D,MAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MACpE;AACA,MAAA,MAAM,EAAE,WAAA,EAAAA,YAAAA,EAAY,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,SAAA,EAAA,EAAA,YAAA,CAAA,CAAA;AAC9B,MAAA,IAAI,CAACA,YAAAA,CAAY,OAAA,CAAQ,QAAQ,IAAA,CAAK,IAAA,EAAM,IAAI,CAAA,EAAG;AACjD,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACrE;AAAA,IACF,CAAA;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,QAAA,CAAS,mBAAA,EAAqB,CAAC,UAAA,KAAuB;AAC5D,IAAA,OAAO,OAAO,SAAyB,KAAA,KAAwB;AAC7D,MAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MACpE;AACA,MAAA,MAAM,EAAE,WAAA,EAAAA,YAAAA,EAAY,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,SAAA,EAAA,EAAA,YAAA,CAAA,CAAA;AAC9B,MAAA,IAAI,CAACA,YAAAA,CAAY,aAAA,CAAc,QAAQ,IAAA,CAAK,IAAA,EAAM,UAAU,CAAA,EAAG;AAC7D,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACrE;AAAA,IACF,CAAA;AAAA,EACF,CAAC,CAAA;AAED,EAAA,IAAA,EAAK;AACP","file":"index.js","sourcesContent":["export type Role = 'admin' | 'user' | 'guest' | string;\n\nexport interface User {\n id: string;\n email: string;\n password?: string;\n role: Role;\n name?: string;\n picture?: string;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport interface JWTPayload {\n userId: string;\n email: string;\n role: Role;\n}\n\nexport interface TokenPair {\n accessToken: string;\n refreshToken: string;\n}\n\nexport interface AuthOptions {\n jwtSecret?: string;\n jwtExpiresIn?: string;\n refreshSecret?: string;\n refreshExpiresIn?: string;\n googleClientId?: string;\n googleClientSecret?: string;\n googleRedirectUri?: string;\n}\n\nexport interface AuthUserRequest extends Request {\n user?: JWTPayload;\n}\n\nexport type Permission = string;\n\nexport interface RolePermissions {\n [role: string]: Permission[];\n}\n\nexport const DEFAULT_PERMISSIONS: RolePermissions = {\n admin: ['*'],\n user: ['read', 'write:own'],\n guest: ['read:public'],\n};\n\nexport interface LoginCredentials {\n email: string;\n password: string;\n}\n\nexport interface RegisterData extends LoginCredentials {\n name?: string;\n role?: Role;\n}\n\nexport interface OAuthProvider {\n name: string;\n clientId: string;\n clientSecret: string;\n redirectUri: string;\n authorizationUrl: string;\n tokenUrl: string;\n userInfoUrl: string;\n}\n","import { Role, Permission, RolePermissions, DEFAULT_PERMISSIONS } from './types';\n\nexport class RBACService {\n private permissions: RolePermissions;\n\n constructor(permissions: RolePermissions = DEFAULT_PERMISSIONS) {\n this.permissions = permissions;\n }\n\n setPermissions(permissions: RolePermissions): void {\n this.permissions = permissions;\n }\n\n addPermission(role: Role, permission: Permission): void {\n if (!this.permissions[role]) {\n this.permissions[role] = [];\n }\n if (!this.permissions[role].includes(permission)) {\n this.permissions[role].push(permission);\n }\n }\n\n removePermission(role: Role, permission: Permission): void {\n if (this.permissions[role]) {\n this.permissions[role] = this.permissions[role].filter(p => p !== permission);\n }\n }\n\n getPermissions(role: Role): Permission[] {\n return this.permissions[role] || [];\n }\n\n hasPermission(role: Role, requiredPermission: Permission): boolean {\n const rolePermissions = this.getPermissions(role);\n \n if (rolePermissions.includes('*')) {\n return true;\n }\n\n if (rolePermissions.includes(requiredPermission)) {\n return true;\n }\n\n const [requiredAction, requiredScope] = requiredPermission.split(':');\n \n for (const perm of rolePermissions) {\n const [action, scope] = perm.split(':');\n \n if (action === '*' && (scope === '*' || scope === requiredScope)) {\n return true;\n }\n \n if (action === requiredAction && (scope === '*' || scope === requiredScope)) {\n return true;\n }\n }\n\n return false;\n }\n\n hasRole(userRole: Role, requiredRole: Role): boolean {\n const hierarchy: Role[] = ['guest', 'user', 'admin'];\n const userIndex = hierarchy.indexOf(userRole as any);\n const requiredIndex = hierarchy.indexOf(requiredRole as any);\n \n if (userIndex === -1 || requiredIndex === -1) {\n return userRole === requiredRole;\n }\n \n return userIndex >= requiredIndex;\n }\n\n authorize(permission: Permission) {\n return (role: Role): boolean => this.hasPermission(role, permission);\n }\n\n authorizeRole(requiredRole: Role) {\n return (role: Role): boolean => this.hasRole(role, requiredRole);\n }\n}\n\nexport const rbacService = new RBACService();\n","export * from './types';\nexport * from './jwt';\nexport * from './rbac';\nexport * from './oauth';\nexport * from './express';\nexport * from './fastify';\n","import { z } from 'zod';\n\nexport const envSchema = z.object({\n NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),\n PORT: z.string().default('3000'),\n DATABASE_URL: z.string().optional(),\n REDIS_URL: z.string().default('redis://localhost:6379'),\n JWT_SECRET: z.string().min(32).optional(),\n JWT_EXPIRES_IN: z.string().default('7d'),\n JWT_REFRESH_SECRET: z.string().min(32).optional(),\n JWT_REFRESH_EXPIRES_IN: z.string().default('30d'),\n GOOGLE_CLIENT_ID: z.string().optional(),\n GOOGLE_CLIENT_SECRET: z.string().optional(),\n GOOGLE_REDIRECT_URI: z.string().optional(),\n SMTP_HOST: z.string().optional(),\n SMTP_PORT: z.string().default('587'),\n SMTP_USER: z.string().optional(),\n SMTP_PASS: z.string().optional(),\n SMTP_FROM: z.string().optional(),\n TWILIO_ACCOUNT_SID: z.string().optional(),\n TWILIO_AUTH_TOKEN: z.string().optional(),\n TWILIO_PHONE_NUMBER: z.string().optional(),\n SLACK_WEBHOOK_URL: z.string().optional(),\n RATE_LIMIT_WINDOW: z.string().default('1m'),\n RATE_LIMIT_LIMIT: z.string().default('100'),\n LOG_LEVEL: z.enum(['fatal', 'error', 'warn', 'info', 'debug', 'trace']).default('info'),\n AWS_REGION: z.string().default('us-east-1'),\n AWS_ACCESS_KEY_ID: z.string().optional(),\n AWS_SECRET_ACCESS_KEY: z.string().optional(),\n AWS_S3_BUCKET: z.string().optional(),\n AWS_ENDPOINT: z.string().optional(),\n});\n\nexport type EnvConfig = z.infer<typeof envSchema>;\n\nexport interface ConfigOptions {\n schema?: z.ZodSchema;\n envPath?: string;\n validate?: boolean;\n}\n\nclass ConfigManager {\n private config: EnvConfig | null = null;\n private schema: z.ZodSchema;\n private validate: boolean;\n\n constructor(options: ConfigOptions = {}) {\n this.schema = options.schema || envSchema;\n this.validate = options.validate ?? true;\n }\n\n load(): EnvConfig {\n if (this.config) return this.config;\n\n const env: Record<string, string | undefined> = {};\n \n for (const key of Object.keys(this.schema.shape)) {\n env[key] = process.env[key];\n }\n\n if (this.validate) {\n const result = this.schema.safeParse(env);\n if (!result.success) {\n const errors = result.error.errors.map(e => `${e.path.join('.')}: ${e.message}`).join(', ');\n throw new Error(`Config validation failed: ${errors}`);\n }\n this.config = result.data;\n } else {\n this.config = env as EnvConfig;\n }\n\n return this.config;\n }\n\n get<K extends keyof EnvConfig>(key: K): EnvConfig[K] {\n if (!this.config) this.load();\n return this.config![key];\n }\n\n int(key: keyof EnvConfig): number {\n const value = this.get(key);\n if (typeof value === 'string') return parseInt(value, 10);\n return Number(value);\n }\n\n bool(key: keyof EnvConfig): boolean {\n const value = this.get(key);\n if (typeof value === 'boolean') return value;\n if (typeof value === 'string') return value.toLowerCase() === 'true';\n return Boolean(value);\n }\n\n isProduction(): boolean {\n return this.get('NODE_ENV') === 'production';\n }\n\n isDevelopment(): boolean {\n return this.get('NODE_ENV') === 'development';\n }\n\n isTest(): boolean {\n return this.get('NODE_ENV') === 'test';\n }\n\n getAll(): EnvConfig {\n if (!this.config) this.load();\n return this.config!;\n }\n}\n\nconst globalConfig = new ConfigManager();\n\nexport const config = {\n load: () => globalConfig.load(),\n get: <K extends keyof EnvConfig>(key: K) => globalConfig.get(key),\n int: (key: keyof EnvConfig) => globalConfig.int(key),\n bool: (key: keyof EnvConfig) => globalConfig.bool(key),\n isProduction: () => globalConfig.isProduction(),\n isDevelopment: () => globalConfig.isDevelopment(),\n isTest: () => globalConfig.isTest(),\n getAll: () => globalConfig.getAll(),\n create: (options?: ConfigOptions) => new ConfigManager(options),\n};\n\nexport default config;\n","import jwt from 'jsonwebtoken';\nimport { JWTPayload, TokenPair } from './types';\nimport { config } from '../config';\n\nexport class JWTService {\n private secret: string;\n private expiresIn: string;\n private refreshSecret: string;\n private refreshExpiresIn: string;\n\n constructor(options: { jwtSecret?: string; jwtExpiresIn?: string; refreshSecret?: string; refreshExpiresIn?: string } = {}) {\n this.secret = options.jwtSecret || config.get('JWT_SECRET') || 'default-secret-change-in-production';\n this.expiresIn = options.jwtExpiresIn || config.get('JWT_EXPIRES_IN') || '7d';\n this.refreshSecret = options.refreshSecret || config.get('JWT_REFRESH_SECRET') || this.secret;\n this.refreshExpiresIn = options.refreshExpiresIn || config.get('JWT_REFRESH_EXPIRES_IN') || '30d';\n }\n\n generateToken(payload: JWTPayload): string {\n return jwt.sign(payload, this.secret, { expiresIn: this.expiresIn });\n }\n\n generateRefreshToken(payload: JWTPayload): string {\n return jwt.sign(payload, this.refreshSecret, { expiresIn: this.refreshExpiresIn });\n }\n\n generateTokenPair(payload: JWTPayload): TokenPair {\n return {\n accessToken: this.generateToken(payload),\n refreshToken: this.generateRefreshToken(payload),\n };\n }\n\n verifyToken(token: string): JWTPayload {\n return jwt.verify(token, this.secret) as JWTPayload;\n }\n\n verifyRefreshToken(token: string): JWTPayload {\n return jwt.verify(token, this.refreshSecret) as JWTPayload;\n }\n\n refreshTokens(refreshToken: string): TokenPair {\n const payload = this.verifyRefreshToken(refreshToken);\n return this.generateTokenPair(payload);\n }\n}\n\nexport const jwtService = new JWTService();\n","import { OAuthProvider } from './types';\nimport { config } from '../config';\n\nexport interface OAuthUserInfo {\n id: string;\n email: string;\n name?: string;\n picture?: string;\n}\n\nexport class OAuthService {\n private providers: Map<string, OAuthProvider> = new Map();\n\n constructor() {\n const googleClientId = config.get('GOOGLE_CLIENT_ID');\n const googleClientSecret = config.get('GOOGLE_CLIENT_SECRET');\n const googleRedirectUri = config.get('GOOGLE_REDIRECT_URI');\n\n if (googleClientId && googleClientSecret && googleRedirectUri) {\n this.registerProvider('google', {\n name: 'google',\n clientId: googleClientId,\n clientSecret: googleClientSecret,\n redirectUri: googleRedirectUri,\n authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n tokenUrl: 'https://oauth2.googleapis.com/token',\n userInfoUrl: 'https://www.googleapis.com/oauth2/v2/userinfo',\n });\n }\n }\n\n registerProvider(name: string, provider: OAuthProvider): void {\n this.providers.set(name, provider);\n }\n\n getProvider(name: string): OAuthProvider | undefined {\n return this.providers.get(name);\n }\n\n getAuthorizationUrl(providerName: string, state?: string): string {\n const provider = this.getProvider(providerName);\n if (!provider) {\n throw new Error(`OAuth provider ${providerName} not registered`);\n }\n\n const params = new URLSearchParams({\n client_id: provider.clientId,\n redirect_uri: provider.redirectUri,\n response_type: 'code',\n scope: 'openid email profile',\n state: state || '',\n });\n\n return `${provider.authorizationUrl}?${params.toString()}`;\n }\n\n async exchangeCode(providerName: string, code: string): Promise<{ accessToken: string; refreshToken?: string }> {\n const provider = this.getProvider(providerName);\n if (!provider) {\n throw new Error(`OAuth provider ${providerName} not registered`);\n }\n\n const response = await fetch(provider.tokenUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n client_id: provider.clientId,\n client_secret: provider.clientSecret,\n code,\n grant_type: 'authorization_code',\n redirect_uri: provider.redirectUri,\n }),\n });\n\n if (!response.ok) {\n const error = await response.text();\n throw new Error(`OAuth token exchange failed: ${error}`);\n }\n\n const data = await response.json();\n return {\n accessToken: data.access_token,\n refreshToken: data.refresh_token,\n };\n }\n\n async getUserInfo(providerName: string, accessToken: string): Promise<OAuthUserInfo> {\n const provider = this.getProvider(providerName);\n if (!provider) {\n throw new Error(`OAuth provider ${providerName} not registered`);\n }\n\n const response = await fetch(provider.userInfoUrl, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n });\n\n if (!response.ok) {\n const error = await response.text();\n throw new Error(`OAuth user info fetch failed: ${error}`);\n }\n\n const data = await response.json();\n\n return {\n id: data.id,\n email: data.email,\n name: data.name,\n picture: data.picture,\n };\n }\n}\n\nexport const oauthService = new OAuthService();\n","import bcrypt from 'bcryptjs';\nimport { Request, Response, NextFunction, RequestHandler } from 'express';\nimport { JWTPayload, LoginCredentials, RegisterData, User, AuthOptions } from './types';\nimport { jwtService } from './jwt';\nimport { rbacService } from './rbac';\nimport { oauthService } from './oauth';\n\nexport interface AuthUser extends JWTPayload {\n id: string;\n email: string;\n role: string;\n}\n\ndeclare global {\n namespace Express {\n interface Request {\n user?: AuthUser;\n }\n }\n}\n\nexport interface UserStore {\n findByEmail(email: string): Promise<User | null>;\n findById(id: string): Promise<User | null>;\n create(data: RegisterData): Promise<User>;\n update(id: string, data: Partial<User>): Promise<User>;\n}\n\nclass InMemoryUserStore implements UserStore {\n private users: Map<string, User> = new Map();\n\n async findByEmail(email: string): Promise<User | null> {\n for (const user of this.users.values()) {\n if (user.email === email) return user;\n }\n return null;\n }\n\n async findById(id: string): Promise<User | null> {\n return this.users.get(id) || null;\n }\n\n async create(data: RegisterData): Promise<User> {\n const id = Math.random().toString(36).substr(2, 9);\n const hashedPassword = await bcrypt.hash(data.password, 10);\n const user: User = {\n id,\n email: data.email,\n password: hashedPassword,\n role: data.role || 'user',\n name: data.name,\n };\n this.users.set(id, user);\n return user;\n }\n\n async update(id: string, data: Partial<User>): Promise<User> {\n const user = this.users.get(id);\n if (!user) throw new Error('User not found');\n const updated = { ...user, ...data };\n this.users.set(id, updated);\n return updated;\n }\n}\n\nexport class AuthService {\n private userStore: UserStore;\n private options: Required<AuthOptions>;\n private initialized: boolean = false;\n\n constructor(options: AuthOptions = {}, userStore?: UserStore) {\n this.options = {\n jwtSecret: options.jwtSecret || process.env.JWT_SECRET || 'default-secret-change-in-production',\n jwtExpiresIn: options.jwtExpiresIn || '7d',\n refreshSecret: options.refreshSecret || process.env.JWT_REFRESH_SECRET || 'default-secret-change-in-production',\n refreshExpiresIn: options.refreshExpiresIn || '30d',\n googleClientId: options.googleClientId || process.env.GOOGLE_CLIENT_ID || '',\n googleClientSecret: options.googleClientSecret || process.env.GOOGLE_CLIENT_SECRET || '',\n googleRedirectUri: options.googleRedirectUri || process.env.GOOGLE_REDIRECT_URI || '',\n };\n\n this.userStore = userStore || new InMemoryUserStore();\n }\n\n async initialize(): Promise<void> {\n if (this.options.googleClientId && this.options.googleClientSecret && this.options.googleRedirectUri) {\n oauthService.registerProvider('google', {\n name: 'google',\n clientId: this.options.googleClientId,\n clientSecret: this.options.googleClientSecret,\n redirectUri: this.options.googleRedirectUri,\n authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n tokenUrl: 'https://oauth2.googleapis.com/token',\n userInfoUrl: 'https://www.googleapis.com/oauth2/v2/userinfo',\n });\n }\n this.initialized = true;\n }\n\n async register(data: RegisterData): Promise<{ user: User; tokens: { accessToken: string; refreshToken: string } }> {\n const existing = await this.userStore.findByEmail(data.email);\n if (existing) {\n throw new Error('User already exists');\n }\n\n const user = await this.userStore.create(data);\n const tokens = jwtService.generateTokenPair({\n userId: user.id,\n email: user.email,\n role: user.role,\n });\n\n return { user, tokens };\n }\n\n async login(credentials: LoginCredentials): Promise<{ user: User; tokens: { accessToken: string; refreshToken: string } }> {\n const user = await this.userStore.findByEmail(credentials.email);\n if (!user || !user.password) {\n throw new Error('Invalid credentials');\n }\n\n const isValid = await bcrypt.compare(credentials.password, user.password);\n if (!isValid) {\n throw new Error('Invalid credentials');\n }\n\n const tokens = jwtService.generateTokenPair({\n userId: user.id,\n email: user.email,\n role: user.role,\n });\n\n return { user, tokens };\n }\n\n async refresh(refreshToken: string): Promise<{ accessToken: string; refreshToken: string }> {\n return jwtService.refreshTokens(refreshToken);\n }\n\n async getGoogleAuthUrl(state?: string): Promise<string> {\n return oauthService.getAuthorizationUrl('google', state);\n }\n\n async handleGoogleCallback(code: string): Promise<{ user: User; tokens: { accessToken: string; refreshToken: string } }> {\n const { accessToken } = await oauthService.exchangeCode('google', code);\n const userInfo = await oauthService.getUserInfo('google', accessToken);\n\n let user = await this.userStore.findByEmail(userInfo.email);\n \n if (!user) {\n user = await this.userStore.create({\n email: userInfo.email,\n password: Math.random().toString(36).substr(2, 20),\n name: userInfo.name,\n role: 'user',\n });\n }\n\n const tokens = jwtService.generateTokenPair({\n userId: user.id,\n email: user.email,\n role: user.role,\n });\n\n return { user, tokens };\n }\n\n getMiddleware(): RequestHandler {\n return (req: Request, res: Response, next: NextFunction) => {\n const authHeader = req.headers.authorization;\n \n if (!authHeader || !authHeader.startsWith('Bearer ')) {\n return res.status(401).json({ error: 'No token provided' });\n }\n\n const token = authHeader.substring(7);\n \n try {\n const payload = jwtService.verifyToken(token);\n req.user = {\n ...payload,\n id: payload.userId,\n };\n next();\n } catch (error) {\n return res.status(401).json({ error: 'Invalid token' });\n }\n };\n }\n\n requireUser(): RequestHandler {\n return (req: Request, res: Response, next: NextFunction) => {\n if (!req.user) {\n return res.status(401).json({ error: 'Authentication required' });\n }\n next();\n };\n }\n\n requireRole(role: string): RequestHandler {\n return (req: Request, res: Response, next: NextFunction) => {\n if (!req.user) {\n return res.status(401).json({ error: 'Authentication required' });\n }\n if (!rbacService.hasRole(req.user.role, role)) {\n return res.status(403).json({ error: 'Insufficient permissions' });\n }\n next();\n };\n }\n\n requirePermission(permission: string): RequestHandler {\n return (req: Request, res: Response, next: NextFunction) => {\n if (!req.user) {\n return res.status(401).json({ error: 'Authentication required' });\n }\n if (!rbacService.hasPermission(req.user.role, permission)) {\n return res.status(403).json({ error: 'Insufficient permissions' });\n }\n next();\n };\n }\n}\n\nlet authServiceInstance: AuthService | null = null;\n\nexport function createAuth(options?: AuthOptions, userStore?: UserStore): AuthService {\n authServiceInstance = new AuthService(options, userStore);\n return authServiceInstance;\n}\n\nexport function auth(): AuthService {\n if (!authServiceInstance) {\n authServiceInstance = new AuthService();\n }\n return authServiceInstance;\n}\n\nexport const Auth = {\n initialize: (options?: AuthOptions) => {\n const service = createAuth(options);\n return {\n service,\n getMiddleware: () => service.getMiddleware(),\n requireUser: () => service.requireUser(),\n requireRole: (role: string) => service.requireRole(role),\n requirePermission: (permission: string) => service.requirePermission(permission),\n };\n },\n};\n","import { FastifyInstance, FastifyRequest, FastifyReply, HookHandlerDoneFunction } from 'fastify';\nimport { AuthService } from './express';\nimport { JWTPayload } from './types';\n\ndeclare module 'fastify' {\n interface FastifyRequest {\n user?: JWTPayload & { id: string };\n }\n}\n\nexport function registerAuthPlugin(fastify: FastifyInstance, options: { authService: AuthService }, done: HookHandlerDoneFunction) {\n const { authService } = options;\n\n fastify.decorate('authenticate', async (request: FastifyRequest, reply: FastifyReply) => {\n const authHeader = request.headers.authorization;\n \n if (!authHeader || !authHeader.startsWith('Bearer ')) {\n return reply.status(401).send({ error: 'No token provided' });\n }\n\n const token = authHeader.substring(7);\n \n try {\n const payload = authService['jwtService'].verifyToken(token);\n request.user = {\n ...payload,\n id: payload.userId,\n };\n } catch (error) {\n return reply.status(401).send({ error: 'Invalid token' });\n }\n });\n\n fastify.decorate('requireUser', async (request: FastifyRequest, reply: FastifyReply) => {\n if (!request.user) {\n return reply.status(401).send({ error: 'Authentication required' });\n }\n });\n\n fastify.decorate('requireRole', (role: string) => {\n return async (request: FastifyRequest, reply: FastifyReply) => {\n if (!request.user) {\n return reply.status(401).send({ error: 'Authentication required' });\n }\n const { rbacService } = await import('./rbac');\n if (!rbacService.hasRole(request.user.role, role)) {\n return reply.status(403).send({ error: 'Insufficient permissions' });\n }\n };\n });\n\n fastify.decorate('requirePermission', (permission: string) => {\n return async (request: FastifyRequest, reply: FastifyReply) => {\n if (!request.user) {\n return reply.status(401).send({ error: 'Authentication required' });\n }\n const { rbacService } = await import('./rbac');\n if (!rbacService.hasPermission(request.user.role, permission)) {\n return reply.status(403).send({ error: 'Insufficient permissions' });\n }\n };\n });\n\n done();\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../../src/auth/types.ts","../../src/auth/rbac.ts","../../src/auth/index.ts","../../src/config/index.ts","../../src/auth/jwt.ts","../../src/auth/oauth.ts","../../src/auth/express.ts","../../src/auth/fastify.ts"],"names":["DEFAULT_PERMISSIONS","RBACService","rbacService","z","jwt","bcrypt"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AA4CaA;AA5Cb,IAAA,UAAA,GAAA,KAAA,CAAA;AAAA,EAAA,mBAAA,GAAA;AA4CO,IAAMA,2BAAA,GAAuC;AAAA,MAClD,KAAA,EAAO,CAAC,GAAG,CAAA;AAAA,MACX,IAAA,EAAM,CAAC,MAAA,EAAQ,WAAW,CAAA;AAAA,MAC1B,KAAA,EAAO,CAAC,aAAa;AAAA,KACvB;AAAA,EAAA;AAAA,CAAA,CAAA;;;AChDA,IAAA,YAAA,GAAA,EAAA;AAAA,QAAA,CAAA,YAAA,EAAA;AAAA,EAAA,WAAA,EAAA,MAAAC,mBAAA;AAAA,EAAA,WAAA,EAAA,MAAAC;AAAA,CAAA,CAAA;AAEaD,4BAAA,CAAA,CA+EAC;AAjFb,IAAA,SAAA,GAAA,KAAA,CAAA;AAAA,EAAA,kBAAA,GAAA;AAAA,IAAA,UAAA,EAAA;AAEO,IAAMD,sBAAN,MAAkB;AAAA,MACf,WAAA;AAAA,MAER,WAAA,CAAY,cAA+BD,2BAAA,EAAqB;AAC9D,QAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AAAA,MACrB;AAAA,MAEA,eAAe,WAAA,EAAoC;AACjD,QAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AAAA,MACrB;AAAA,MAEA,aAAA,CAAc,MAAY,UAAA,EAA8B;AACtD,QAAA,IAAI,CAAC,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,EAAG;AAC3B,UAAA,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,GAAI,EAAC;AAAA,QAC5B;AACA,QAAA,IAAI,CAAC,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,CAAE,QAAA,CAAS,UAAU,CAAA,EAAG;AAChD,UAAA,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,CAAE,IAAA,CAAK,UAAU,CAAA;AAAA,QACxC;AAAA,MACF;AAAA,MAEA,gBAAA,CAAiB,MAAY,UAAA,EAA8B;AACzD,QAAA,IAAI,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,EAAG;AAC1B,UAAA,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,GAAI,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,CAAE,MAAA,CAAO,CAAA,CAAA,KAAK,CAAA,KAAM,UAAU,CAAA;AAAA,QAC9E;AAAA,MACF;AAAA,MAEA,eAAe,IAAA,EAA0B;AACvC,QAAA,OAAO,IAAA,CAAK,WAAA,CAAY,IAAI,CAAA,IAAK,EAAC;AAAA,MACpC;AAAA,MAEA,aAAA,CAAc,MAAY,kBAAA,EAAyC;AACjE,QAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA;AAEhD,QAAA,IAAI,eAAA,CAAgB,QAAA,CAAS,GAAG,CAAA,EAAG;AACjC,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,IAAI,eAAA,CAAgB,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAChD,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,MAAM,CAAC,cAAA,EAAgB,aAAa,CAAA,GAAI,kBAAA,CAAmB,MAAM,GAAG,CAAA;AAEpE,QAAA,KAAA,MAAW,QAAQ,eAAA,EAAiB;AAClC,UAAA,MAAM,CAAC,MAAA,EAAQ,KAAK,CAAA,GAAI,IAAA,CAAK,MAAM,GAAG,CAAA;AAEtC,UAAA,IAAI,MAAA,KAAW,GAAA,KAAQ,KAAA,KAAU,GAAA,IAAO,UAAU,aAAA,CAAA,EAAgB;AAChE,YAAA,OAAO,IAAA;AAAA,UACT;AAEA,UAAA,IAAI,MAAA,KAAW,cAAA,KAAmB,KAAA,KAAU,GAAA,IAAO,UAAU,aAAA,CAAA,EAAgB;AAC3E,YAAA,OAAO,IAAA;AAAA,UACT;AAAA,QACF;AAEA,QAAA,OAAO,KAAA;AAAA,MACT;AAAA,MAEA,OAAA,CAAQ,UAAgB,YAAA,EAA6B;AACnD,QAAA,MAAM,SAAA,GAAoB,CAAC,OAAA,EAAS,MAAA,EAAQ,OAAO,CAAA;AACnD,QAAA,MAAM,SAAA,GAAY,SAAA,CAAU,OAAA,CAAQ,QAAe,CAAA;AACnD,QAAA,MAAM,aAAA,GAAgB,SAAA,CAAU,OAAA,CAAQ,YAAmB,CAAA;AAE3D,QAAA,IAAI,SAAA,KAAc,EAAA,IAAM,aAAA,KAAkB,EAAA,EAAI;AAC5C,UAAA,OAAO,QAAA,KAAa,YAAA;AAAA,QACtB;AAEA,QAAA,OAAO,SAAA,IAAa,aAAA;AAAA,MACtB;AAAA,MAEA,UAAU,UAAA,EAAwB;AAChC,QAAA,OAAO,CAAC,IAAA,KAAwB,IAAA,CAAK,aAAA,CAAc,MAAM,UAAU,CAAA;AAAA,MACrE;AAAA,MAEA,cAAc,YAAA,EAAoB;AAChC,QAAA,OAAO,CAAC,IAAA,KAAwB,IAAA,CAAK,OAAA,CAAQ,MAAM,YAAY,CAAA;AAAA,MACjE;AAAA,KACF;AAEO,IAAME,mBAAA,GAAc,IAAID,mBAAA,EAAY;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACjF3C,UAAA,EAAA;ACEO,IAAM,SAAA,GAAYE,MAAE,MAAA,CAAO;AAAA,EAChC,QAAA,EAAUA,KAAA,CAAE,IAAA,CAAK,CAAC,aAAA,EAAe,cAAc,MAAM,CAAC,CAAA,CAAE,OAAA,CAAQ,aAAa,CAAA;AAAA,EAC7E,IAAA,EAAMA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,MAAM,CAAA;AAAA,EAC/B,YAAA,EAAcA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAClC,WAAA,EAAaA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACjC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,wBAAwB,CAAA;AAAA,EACtD,YAAYA,KAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA,EACxC,cAAA,EAAgBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,IAAI,CAAA;AAAA,EACvC,oBAAoBA,KAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA,EAChD,sBAAA,EAAwBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,KAAK,CAAA;AAAA,EAChD,gBAAA,EAAkBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACtC,oBAAA,EAAsBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1C,mBAAA,EAAqBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,KAAK,CAAA;AAAA,EACnC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,kBAAA,EAAoBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACxC,iBAAA,EAAmBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACvC,mBAAA,EAAqBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzC,iBAAA,EAAmBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACvC,iBAAA,EAAmBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,IAAI,CAAA;AAAA,EAC1C,gBAAA,EAAkBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,KAAK,CAAA;AAAA,EAC1C,SAAA,EAAWA,KAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,MAAA,EAAQ,OAAA,EAAS,OAAO,CAAC,CAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,EACtF,UAAA,EAAYA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAQ,WAAW,CAAA;AAAA,EAC1C,iBAAA,EAAmBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACvC,qBAAA,EAAuBA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3C,aAAA,EAAeA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACnC,YAAA,EAAcA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC3B,CAAC,CAAA;AAUD,IAAM,gBAAN,MAAoB;AAAA,EACV,MAAA,GAA2B,IAAA;AAAA,EAC3B,MAAA;AAAA,EACA,QAAA;AAAA,EAER,WAAA,CAAY,OAAA,GAAyB,EAAC,EAAG;AACvC,IAAA,IAAA,CAAK,MAAA,GAAS,QAAQ,MAAA,IAAU,SAAA;AAChC,IAAA,IAAA,CAAK,QAAA,GAAW,QAAQ,QAAA,IAAY,IAAA;AAAA,EACtC;AAAA,EAEA,IAAA,GAAkB;AAChB,IAAA,IAAI,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA,CAAK,MAAA;AAE7B,IAAA,MAAM,MAA0C,EAAC;AAEjD,IAAA,KAAA,MAAW,OAAO,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA,EAAG;AAChD,MAAA,GAAA,CAAI,GAAG,CAAA,GAAI,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,IAC5B;AAEA,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,CAAO,SAAA,CAAU,GAAG,CAAA;AACxC,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,MAAM,SAAS,MAAA,CAAO,KAAA,CAAM,OAAO,GAAA,CAAI,CAAA,CAAA,KAAK,GAAG,CAAA,CAAE,IAAA,CAAK,IAAA,CAAK,GAAG,CAAC,CAAA,EAAA,EAAK,CAAA,CAAE,OAAO,CAAA,CAAE,CAAA,CAAE,KAAK,IAAI,CAAA;AAC1F,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,MAAM,CAAA,CAAE,CAAA;AAAA,MACvD;AACA,MAAA,IAAA,CAAK,SAAS,MAAA,CAAO,IAAA;AAAA,IACvB,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,MAAA,GAAS,GAAA;AAAA,IAChB;AAEA,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA,EAEA,IAA+B,GAAA,EAAsB;AACnD,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,IAAA,CAAK,IAAA,EAAK;AAC5B,IAAA,OAAO,IAAA,CAAK,OAAQ,GAAG,CAAA;AAAA,EACzB;AAAA,EAEA,IAAI,GAAA,EAA8B;AAChC,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,QAAA,CAAS,OAAO,EAAE,CAAA;AACxD,IAAA,OAAO,OAAO,KAAK,CAAA;AAAA,EACrB;AAAA,EAEA,KAAK,GAAA,EAA+B;AAClC,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,IAAI,OAAO,KAAA,KAAU,SAAA,EAAW,OAAO,KAAA;AACvC,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA,CAAM,aAAY,KAAM,MAAA;AAC9D,IAAA,OAAO,QAAQ,KAAK,CAAA;AAAA,EACtB;AAAA,EAEA,YAAA,GAAwB;AACtB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA,KAAM,YAAA;AAAA,EAClC;AAAA,EAEA,aAAA,GAAyB;AACvB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA,KAAM,aAAA;AAAA,EAClC;AAAA,EAEA,MAAA,GAAkB;AAChB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA,KAAM,MAAA;AAAA,EAClC;AAAA,EAEA,MAAA,GAAoB;AAClB,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,IAAA,CAAK,IAAA,EAAK;AAC5B,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AACF,CAAA;AAEA,IAAM,YAAA,GAAe,IAAI,aAAA,EAAc;AAEhC,IAAM,MAAA,GAAS;AAAA,EACpB,IAAA,EAAM,MAAM,YAAA,CAAa,IAAA,EAAK;AAAA,EAC9B,GAAA,EAAK,CAA4B,GAAA,KAAW,YAAA,CAAa,IAAI,GAAG,CAAA;AAAA,EAChE,GAAA,EAAK,CAAC,GAAA,KAAyB,YAAA,CAAa,IAAI,GAAG,CAAA;AAAA,EACnD,IAAA,EAAM,CAAC,GAAA,KAAyB,YAAA,CAAa,KAAK,GAAG,CAAA;AAAA,EACrD,YAAA,EAAc,MAAM,YAAA,CAAa,YAAA,EAAa;AAAA,EAC9C,aAAA,EAAe,MAAM,YAAA,CAAa,aAAA,EAAc;AAAA,EAChD,MAAA,EAAQ,MAAM,YAAA,CAAa,MAAA,EAAO;AAAA,EAClC,MAAA,EAAQ,MAAM,YAAA,CAAa,MAAA,EAAO;AAAA,EAClC,MAAA,EAAQ,CAAC,OAAA,KAA4B,IAAI,cAAc,OAAO;AAChE,CAAA;;;ACvHO,IAAM,aAAN,MAAiB;AAAA,EACd,MAAA;AAAA,EACA,SAAA;AAAA,EACA,aAAA;AAAA,EACA,gBAAA;AAAA,EAER,WAAA,CAAY,OAAA,GAA4G,EAAC,EAAG;AAC1H,IAAA,IAAA,CAAK,SAAS,OAAA,CAAQ,SAAA,IAAa,MAAA,CAAO,GAAA,CAAI,YAAY,CAAA,IAAK,qCAAA;AAC/D,IAAA,IAAA,CAAK,YAAY,OAAA,CAAQ,YAAA,IAAgB,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,IAAK,IAAA;AACzE,IAAA,IAAA,CAAK,gBAAgB,OAAA,CAAQ,aAAA,IAAiB,OAAO,GAAA,CAAI,oBAAoB,KAAK,IAAA,CAAK,MAAA;AACvF,IAAA,IAAA,CAAK,mBAAmB,OAAA,CAAQ,gBAAA,IAAoB,MAAA,CAAO,GAAA,CAAI,wBAAwB,CAAA,IAAK,KAAA;AAAA,EAC9F;AAAA,EAEA,cAAc,OAAA,EAA6B;AACzC,IAAA,OAAOC,oBAAA,CAAI,KAAK,OAAA,EAAS,IAAA,CAAK,QAAQ,EAAE,SAAA,EAAW,IAAA,CAAK,SAAA,EAAW,CAAA;AAAA,EACrE;AAAA,EAEA,qBAAqB,OAAA,EAA6B;AAChD,IAAA,OAAOA,oBAAA,CAAI,KAAK,OAAA,EAAS,IAAA,CAAK,eAAe,EAAE,SAAA,EAAW,IAAA,CAAK,gBAAA,EAAkB,CAAA;AAAA,EACnF;AAAA,EAEA,kBAAkB,OAAA,EAAgC;AAChD,IAAA,OAAO;AAAA,MACL,WAAA,EAAa,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAAA,MACvC,YAAA,EAAc,IAAA,CAAK,oBAAA,CAAqB,OAAO;AAAA,KACjD;AAAA,EACF;AAAA,EAEA,YAAY,KAAA,EAA2B;AACrC,IAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,mBAAmB,KAAA,EAA2B;AAC5C,IAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,aAAa,CAAA;AAAA,EAC7C;AAAA,EAEA,cAAc,YAAA,EAAiC;AAC7C,IAAA,MAAM,EAAE,KAAK,GAAA,EAAK,GAAA,EAAK,GAAG,OAAA,EAAQ,GAAI,IAAA,CAAK,kBAAA,CAAmB,YAAY,CAAA;AAC1E,IAAA,OAAO,IAAA,CAAK,kBAAkB,OAAO,CAAA;AAAA,EACvC;AACF;AAEO,IAAM,UAAA,GAAa,IAAI,UAAA;;;AF5C9B,SAAA,EAAA;;;AGQO,IAAM,eAAN,MAAmB;AAAA,EAChB,SAAA,uBAA4C,GAAA,EAAI;AAAA,EAExD,WAAA,GAAc;AACZ,IAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,GAAA,CAAI,kBAAkB,CAAA;AACpD,IAAA,MAAM,kBAAA,GAAqB,MAAA,CAAO,GAAA,CAAI,sBAAsB,CAAA;AAC5D,IAAA,MAAM,iBAAA,GAAoB,MAAA,CAAO,GAAA,CAAI,qBAAqB,CAAA;AAE1D,IAAA,IAAI,cAAA,IAAkB,sBAAsB,iBAAA,EAAmB;AAC7D,MAAA,IAAA,CAAK,iBAAiB,QAAA,EAAU;AAAA,QAC9B,IAAA,EAAM,QAAA;AAAA,QACN,QAAA,EAAU,cAAA;AAAA,QACV,YAAA,EAAc,kBAAA;AAAA,QACd,WAAA,EAAa,iBAAA;AAAA,QACb,gBAAA,EAAkB,8CAAA;AAAA,QAClB,QAAA,EAAU,qCAAA;AAAA,QACV,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AAAA,EACF;AAAA,EAEA,gBAAA,CAAiB,MAAc,QAAA,EAA+B;AAC5D,IAAA,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,IAAA,EAAM,QAAQ,CAAA;AAAA,EACnC;AAAA,EAEA,YAAY,IAAA,EAAyC;AACnD,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,IAAI,CAAA;AAAA,EAChC;AAAA,EAEA,mBAAA,CAAoB,cAAsB,KAAA,EAAwB;AAChE,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,YAAY,CAAA;AAC9C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,YAAY,CAAA,eAAA,CAAiB,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,MACjC,WAAW,QAAA,CAAS,QAAA;AAAA,MACpB,cAAc,QAAA,CAAS,WAAA;AAAA,MACvB,aAAA,EAAe,MAAA;AAAA,MACf,KAAA,EAAO,sBAAA;AAAA,MACP,OAAO,KAAA,IAAS;AAAA,KACjB,CAAA;AAED,IAAA,OAAO,GAAG,QAAA,CAAS,gBAAgB,CAAA,CAAA,EAAI,MAAA,CAAO,UAAU,CAAA,CAAA;AAAA,EAC1D;AAAA,EAEA,MAAM,YAAA,CAAa,YAAA,EAAsB,IAAA,EAAuE;AAC9G,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,YAAY,CAAA;AAC9C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,YAAY,CAAA,eAAA,CAAiB,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,QAAA,CAAS,QAAA,EAAU;AAAA,MAC9C,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,QACxB,WAAW,QAAA,CAAS,QAAA;AAAA,QACpB,eAAe,QAAA,CAAS,YAAA;AAAA,QACxB,IAAA;AAAA,QACA,UAAA,EAAY,oBAAA;AAAA,QACZ,cAAc,QAAA,CAAS;AAAA,OACxB;AAAA,KACF,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,KAAK,CAAA,CAAE,CAAA;AAAA,IACzD;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,IAAA,OAAO;AAAA,MACL,aAAa,IAAA,CAAK,YAAA;AAAA,MAClB,cAAc,IAAA,CAAK;AAAA,KACrB;AAAA,EACF;AAAA,EAEA,MAAM,WAAA,CAAY,YAAA,EAAsB,WAAA,EAA6C;AACnF,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,YAAY,CAAA;AAC9C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,YAAY,CAAA,eAAA,CAAiB,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,QAAA,CAAS,WAAA,EAAa;AAAA,MACjD,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA;AACtC,KACD,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,8BAAA,EAAiC,KAAK,CAAA,CAAE,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAEjC,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,SAAS,IAAA,CAAK;AAAA,KAChB;AAAA,EACF;AACF;AAEO,IAAM,YAAA,GAAe,IAAI,YAAA;AChHhC,SAAA,EAAA;AAwBA,IAAM,oBAAN,MAA6C;AAAA,EACnC,KAAA,uBAA+B,GAAA,EAAI;AAAA,EAE3C,MAAM,YAAY,KAAA,EAAqC;AACrD,IAAA,KAAA,MAAW,IAAA,IAAQ,IAAA,CAAK,KAAA,CAAM,MAAA,EAAO,EAAG;AACtC,MAAA,IAAI,IAAA,CAAK,KAAA,KAAU,KAAA,EAAO,OAAO,IAAA;AAAA,IACnC;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,EAAA,EAAkC;AAC/C,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAE,CAAA,IAAK,IAAA;AAAA,EAC/B;AAAA,EAEA,MAAM,OAAO,IAAA,EAAmC;AAC9C,IAAA,MAAM,EAAA,GAAK,KAAK,MAAA,EAAO,CAAE,SAAS,EAAE,CAAA,CAAE,MAAA,CAAO,CAAA,EAAG,CAAC,CAAA;AACjD,IAAA,MAAM,iBAAiB,MAAMC,uBAAA,CAAO,IAAA,CAAK,IAAA,CAAK,UAAU,EAAE,CAAA;AAC1D,IAAA,MAAM,IAAA,GAAa;AAAA,MACjB,EAAA;AAAA,MACA,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,QAAA,EAAU,cAAA;AAAA,MACV,IAAA,EAAM,KAAK,IAAA,IAAQ,MAAA;AAAA,MACnB,MAAM,IAAA,CAAK;AAAA,KACb;AACA,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAA,EAAI,IAAI,CAAA;AACvB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,MAAA,CAAO,EAAA,EAAY,IAAA,EAAoC;AAC3D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAE,CAAA;AAC9B,IAAA,IAAI,CAAC,IAAA,EAAM,MAAM,IAAI,MAAM,gBAAgB,CAAA;AAC3C,IAAA,MAAM,OAAA,GAAU,EAAE,GAAG,IAAA,EAAM,GAAG,IAAA,EAAK;AACnC,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,EAAA,EAAI,OAAO,CAAA;AAC1B,IAAA,OAAO,OAAA;AAAA,EACT;AACF,CAAA;AAEO,IAAM,cAAN,MAAkB;AAAA,EACf,SAAA;AAAA,EACA,OAAA;AAAA,EACA,WAAA,GAAuB,KAAA;AAAA,EAE/B,WAAA,CAAY,OAAA,GAAuB,EAAC,EAAG,SAAA,EAAuB;AAC5D,IAAA,IAAA,CAAK,OAAA,GAAU;AAAA,MACb,SAAA,EAAW,OAAA,CAAQ,SAAA,IAAa,OAAA,CAAQ,IAAI,UAAA,IAAc,qCAAA;AAAA,MAC1D,YAAA,EAAc,QAAQ,YAAA,IAAgB,IAAA;AAAA,MACtC,aAAA,EAAe,OAAA,CAAQ,aAAA,IAAiB,OAAA,CAAQ,IAAI,kBAAA,IAAsB,qCAAA;AAAA,MAC1E,gBAAA,EAAkB,QAAQ,gBAAA,IAAoB,KAAA;AAAA,MAC9C,cAAA,EAAgB,OAAA,CAAQ,cAAA,IAAkB,OAAA,CAAQ,IAAI,gBAAA,IAAoB,EAAA;AAAA,MAC1E,kBAAA,EAAoB,OAAA,CAAQ,kBAAA,IAAsB,OAAA,CAAQ,IAAI,oBAAA,IAAwB,EAAA;AAAA,MACtF,iBAAA,EAAmB,OAAA,CAAQ,iBAAA,IAAqB,OAAA,CAAQ,IAAI,mBAAA,IAAuB;AAAA,KACrF;AAEA,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA,IAAa,IAAI,iBAAA,EAAkB;AAAA,EACtD;AAAA,EAEA,MAAM,UAAA,GAA4B;AAChC,IAAA,IAAI,IAAA,CAAK,QAAQ,cAAA,IAAkB,IAAA,CAAK,QAAQ,kBAAA,IAAsB,IAAA,CAAK,QAAQ,iBAAA,EAAmB;AACpG,MAAA,YAAA,CAAa,iBAAiB,QAAA,EAAU;AAAA,QACtC,IAAA,EAAM,QAAA;AAAA,QACN,QAAA,EAAU,KAAK,OAAA,CAAQ,cAAA;AAAA,QACvB,YAAA,EAAc,KAAK,OAAA,CAAQ,kBAAA;AAAA,QAC3B,WAAA,EAAa,KAAK,OAAA,CAAQ,iBAAA;AAAA,QAC1B,gBAAA,EAAkB,8CAAA;AAAA,QAClB,QAAA,EAAU,qCAAA;AAAA,QACV,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AACA,IAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAAA,EACrB;AAAA,EAEA,MAAM,SAAS,IAAA,EAAoG;AACjH,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,KAAK,KAAK,CAAA;AAC5D,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,OAAO,IAAI,CAAA;AAC7C,IAAA,MAAM,MAAA,GAAS,WAAW,iBAAA,CAAkB;AAAA,MAC1C,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,MAAM,MAAA,EAAO;AAAA,EACxB;AAAA,EAEA,MAAM,MAAM,WAAA,EAA+G;AACzH,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,YAAY,KAAK,CAAA;AAC/D,IAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,IAAA,CAAK,QAAA,EAAU;AAC3B,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,UAAU,MAAMA,uBAAA,CAAO,QAAQ,WAAA,CAAY,QAAA,EAAU,KAAK,QAAQ,CAAA;AACxE,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,MAAA,GAAS,WAAW,iBAAA,CAAkB;AAAA,MAC1C,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,MAAM,MAAA,EAAO;AAAA,EACxB;AAAA,EAEA,MAAM,QAAQ,YAAA,EAA8E;AAC1F,IAAA,OAAO,UAAA,CAAW,cAAc,YAAY,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,iBAAiB,KAAA,EAAiC;AACtD,IAAA,OAAO,YAAA,CAAa,mBAAA,CAAoB,QAAA,EAAU,KAAK,CAAA;AAAA,EACzD;AAAA,EAEA,MAAM,qBAAqB,IAAA,EAA8F;AACvH,IAAA,MAAM,EAAE,WAAA,EAAY,GAAI,MAAM,YAAA,CAAa,YAAA,CAAa,UAAU,IAAI,CAAA;AACtE,IAAA,MAAM,QAAA,GAAW,MAAM,YAAA,CAAa,WAAA,CAAY,UAAU,WAAW,CAAA;AAErE,IAAA,IAAI,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,WAAA,CAAY,SAAS,KAAK,CAAA;AAE1D,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO;AAAA,QACjC,OAAO,QAAA,CAAS,KAAA;AAAA,QAChB,QAAA,EAAU,KAAK,MAAA,EAAO,CAAE,SAAS,EAAE,CAAA,CAAE,MAAA,CAAO,CAAA,EAAG,EAAE,CAAA;AAAA,QACjD,MAAM,QAAA,CAAS,IAAA;AAAA,QACf,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,MAAA,GAAS,WAAW,iBAAA,CAAkB;AAAA,MAC1C,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,MAAM,MAAA,EAAO;AAAA,EACxB;AAAA,EAEA,aAAA,GAAgC;AAC9B,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,MAAM,UAAA,GAAa,IAAI,OAAA,CAAQ,aAAA;AAE/B,MAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AACpD,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AAAA,MAC5D;AAEA,MAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,SAAA,CAAU,CAAC,CAAA;AAEpC,MAAA,IAAI;AACF,QAAA,MAAM,OAAA,GAAU,UAAA,CAAW,WAAA,CAAY,KAAK,CAAA;AAC5C,QAAA,GAAA,CAAI,IAAA,GAAO;AAAA,UACT,GAAG,OAAA;AAAA,UACH,IAAI,OAAA,CAAQ;AAAA,SACd;AACA,QAAA,IAAA,EAAK;AAAA,MACP,SAAS,KAAA,EAAO;AACd,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,MACxD;AAAA,IACF,CAAA;AAAA,EACF;AAAA,EAEA,WAAA,GAA8B;AAC5B,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,IAAI,CAAC,IAAI,IAAA,EAAM;AACb,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MAClE;AACA,MAAA,IAAA,EAAK;AAAA,IACP,CAAA;AAAA,EACF;AAAA,EAEA,YAAY,IAAA,EAA8B;AACxC,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,IAAI,CAAC,IAAI,IAAA,EAAM;AACb,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MAClE;AACA,MAAA,IAAI,CAACH,mBAAA,CAAY,OAAA,CAAQ,IAAI,IAAA,CAAK,IAAA,EAAM,IAAI,CAAA,EAAG;AAC7C,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACnE;AACA,MAAA,IAAA,EAAK;AAAA,IACP,CAAA;AAAA,EACF;AAAA,EAEA,kBAAkB,UAAA,EAAoC;AACpD,IAAA,OAAO,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC1D,MAAA,IAAI,CAAC,IAAI,IAAA,EAAM;AACb,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MAClE;AACA,MAAA,IAAI,CAACA,mBAAA,CAAY,aAAA,CAAc,IAAI,IAAA,CAAK,IAAA,EAAM,UAAU,CAAA,EAAG;AACzD,QAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACnE;AACA,MAAA,IAAA,EAAK;AAAA,IACP,CAAA;AAAA,EACF;AACF;AAEA,IAAI,mBAAA,GAA0C,IAAA;AAEvC,SAAS,UAAA,CAAW,SAAuB,SAAA,EAAoC;AACpF,EAAA,mBAAA,GAAsB,IAAI,WAAA,CAAY,OAAA,EAAS,SAAS,CAAA;AACxD,EAAA,OAAO,mBAAA;AACT;AAEO,SAAS,IAAA,GAAoB;AAClC,EAAA,IAAI,CAAC,mBAAA,EAAqB;AACxB,IAAA,mBAAA,GAAsB,IAAI,WAAA,EAAY;AAAA,EACxC;AACA,EAAA,OAAO,mBAAA;AACT;AAEO,IAAM,IAAA,GAAO;AAAA,EAClB,UAAA,EAAY,CAAC,OAAA,KAA0B;AACrC,IAAA,MAAM,OAAA,GAAU,WAAW,OAAO,CAAA;AAClC,IAAA,OAAO;AAAA,MACL,OAAA;AAAA,MACA,aAAA,EAAe,MAAM,OAAA,CAAQ,aAAA,EAAc;AAAA,MAC3C,WAAA,EAAa,MAAM,OAAA,CAAQ,WAAA,EAAY;AAAA,MACvC,WAAA,EAAa,CAAC,IAAA,KAAiB,OAAA,CAAQ,YAAY,IAAI,CAAA;AAAA,MACvD,iBAAA,EAAmB,CAAC,UAAA,KAAuB,OAAA,CAAQ,kBAAkB,UAAU;AAAA,KACjF;AAAA,EACF;AACF;;;AC/OO,SAAS,kBAAA,CAAmB,OAAA,EAA0B,OAAA,EAAuC,IAAA,EAA+B;AACjI,EAAA,MAAM,EAAE,aAAY,GAAI,OAAA;AAExB,EAAA,OAAA,CAAQ,QAAA,CAAS,cAAA,EAAgB,OAAO,OAAA,EAAyB,KAAA,KAAwB;AACvF,IAAA,MAAM,UAAA,GAAa,QAAQ,OAAA,CAAQ,aAAA;AAEnC,IAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AACpD,MAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,qBAAqB,CAAA;AAAA,IAC9D;AAEA,IAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,SAAA,CAAU,CAAC,CAAA;AAEpC,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,WAAA,CAAY,YAAY,CAAA,CAAE,YAAY,KAAK,CAAA;AAC3D,MAAA,OAAA,CAAQ,IAAA,GAAO;AAAA,QACb,GAAG,OAAA;AAAA,QACH,IAAI,OAAA,CAAQ;AAAA,OACd;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,IAC1D;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,QAAA,CAAS,aAAA,EAAe,OAAO,OAAA,EAAyB,KAAA,KAAwB;AACtF,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,IACpE;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,QAAA,CAAS,aAAA,EAAe,CAAC,IAAA,KAAiB;AAChD,IAAA,OAAO,OAAO,SAAyB,KAAA,KAAwB;AAC7D,MAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MACpE;AACA,MAAA,MAAM,EAAE,WAAA,EAAAA,YAAAA,EAAY,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,SAAA,EAAA,EAAA,YAAA,CAAA,CAAA;AAC9B,MAAA,IAAI,CAACA,YAAAA,CAAY,OAAA,CAAQ,QAAQ,IAAA,CAAK,IAAA,EAAM,IAAI,CAAA,EAAG;AACjD,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACrE;AAAA,IACF,CAAA;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,QAAA,CAAS,mBAAA,EAAqB,CAAC,UAAA,KAAuB;AAC5D,IAAA,OAAO,OAAO,SAAyB,KAAA,KAAwB;AAC7D,MAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,MACpE;AACA,MAAA,MAAM,EAAE,WAAA,EAAAA,YAAAA,EAAY,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,SAAA,EAAA,EAAA,YAAA,CAAA,CAAA;AAC9B,MAAA,IAAI,CAACA,YAAAA,CAAY,aAAA,CAAc,QAAQ,IAAA,CAAK,IAAA,EAAM,UAAU,CAAA,EAAG;AAC7D,QAAA,OAAO,KAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,MACrE;AAAA,IACF,CAAA;AAAA,EACF,CAAC,CAAA;AAED,EAAA,IAAA,EAAK;AACP","file":"index.js","sourcesContent":["export type Role = 'admin' | 'user' | 'guest' | string;\n\nexport interface User {\n id: string;\n email: string;\n password?: string;\n role: Role;\n name?: string;\n picture?: string;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport interface JWTPayload {\n userId: string;\n email: string;\n role: Role;\n}\n\nexport interface TokenPair {\n accessToken: string;\n refreshToken: string;\n}\n\nexport interface AuthOptions {\n jwtSecret?: string;\n jwtExpiresIn?: string;\n refreshSecret?: string;\n refreshExpiresIn?: string;\n googleClientId?: string;\n googleClientSecret?: string;\n googleRedirectUri?: string;\n}\n\nexport interface AuthUserRequest extends Request {\n user?: JWTPayload;\n}\n\nexport type Permission = string;\n\nexport interface RolePermissions {\n [role: string]: Permission[];\n}\n\nexport const DEFAULT_PERMISSIONS: RolePermissions = {\n admin: ['*'],\n user: ['read', 'write:own'],\n guest: ['read:public'],\n};\n\nexport interface LoginCredentials {\n email: string;\n password: string;\n}\n\nexport interface RegisterData extends LoginCredentials {\n name?: string;\n role?: Role;\n}\n\nexport interface OAuthProvider {\n name: string;\n clientId: string;\n clientSecret: string;\n redirectUri: string;\n authorizationUrl: string;\n tokenUrl: string;\n userInfoUrl: string;\n}\n","import { Role, Permission, RolePermissions, DEFAULT_PERMISSIONS } from './types';\n\nexport class RBACService {\n private permissions: RolePermissions;\n\n constructor(permissions: RolePermissions = DEFAULT_PERMISSIONS) {\n this.permissions = permissions;\n }\n\n setPermissions(permissions: RolePermissions): void {\n this.permissions = permissions;\n }\n\n addPermission(role: Role, permission: Permission): void {\n if (!this.permissions[role]) {\n this.permissions[role] = [];\n }\n if (!this.permissions[role].includes(permission)) {\n this.permissions[role].push(permission);\n }\n }\n\n removePermission(role: Role, permission: Permission): void {\n if (this.permissions[role]) {\n this.permissions[role] = this.permissions[role].filter(p => p !== permission);\n }\n }\n\n getPermissions(role: Role): Permission[] {\n return this.permissions[role] || [];\n }\n\n hasPermission(role: Role, requiredPermission: Permission): boolean {\n const rolePermissions = this.getPermissions(role);\n \n if (rolePermissions.includes('*')) {\n return true;\n }\n\n if (rolePermissions.includes(requiredPermission)) {\n return true;\n }\n\n const [requiredAction, requiredScope] = requiredPermission.split(':');\n \n for (const perm of rolePermissions) {\n const [action, scope] = perm.split(':');\n \n if (action === '*' && (scope === '*' || scope === requiredScope)) {\n return true;\n }\n \n if (action === requiredAction && (scope === '*' || scope === requiredScope)) {\n return true;\n }\n }\n\n return false;\n }\n\n hasRole(userRole: Role, requiredRole: Role): boolean {\n const hierarchy: Role[] = ['guest', 'user', 'admin'];\n const userIndex = hierarchy.indexOf(userRole as any);\n const requiredIndex = hierarchy.indexOf(requiredRole as any);\n \n if (userIndex === -1 || requiredIndex === -1) {\n return userRole === requiredRole;\n }\n \n return userIndex >= requiredIndex;\n }\n\n authorize(permission: Permission) {\n return (role: Role): boolean => this.hasPermission(role, permission);\n }\n\n authorizeRole(requiredRole: Role) {\n return (role: Role): boolean => this.hasRole(role, requiredRole);\n }\n}\n\nexport const rbacService = new RBACService();\n","export * from './types';\nexport * from './jwt';\nexport * from './rbac';\nexport * from './oauth';\nexport * from './express';\nexport * from './fastify';\n","import { z } from 'zod';\n\nexport const envSchema = z.object({\n NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),\n PORT: z.string().default('3000'),\n DATABASE_URL: z.string().optional(),\n MONGODB_URL: z.string().optional(),\n REDIS_URL: z.string().default('redis://localhost:6379'),\n JWT_SECRET: z.string().min(32).optional(),\n JWT_EXPIRES_IN: z.string().default('7d'),\n JWT_REFRESH_SECRET: z.string().min(32).optional(),\n JWT_REFRESH_EXPIRES_IN: z.string().default('30d'),\n GOOGLE_CLIENT_ID: z.string().optional(),\n GOOGLE_CLIENT_SECRET: z.string().optional(),\n GOOGLE_REDIRECT_URI: z.string().optional(),\n SMTP_HOST: z.string().optional(),\n SMTP_PORT: z.string().default('587'),\n SMTP_USER: z.string().optional(),\n SMTP_PASS: z.string().optional(),\n SMTP_FROM: z.string().optional(),\n TWILIO_ACCOUNT_SID: z.string().optional(),\n TWILIO_AUTH_TOKEN: z.string().optional(),\n TWILIO_PHONE_NUMBER: z.string().optional(),\n SLACK_WEBHOOK_URL: z.string().optional(),\n RATE_LIMIT_WINDOW: z.string().default('1m'),\n RATE_LIMIT_LIMIT: z.string().default('100'),\n LOG_LEVEL: z.enum(['fatal', 'error', 'warn', 'info', 'debug', 'trace']).default('info'),\n AWS_REGION: z.string().default('us-east-1'),\n AWS_ACCESS_KEY_ID: z.string().optional(),\n AWS_SECRET_ACCESS_KEY: z.string().optional(),\n AWS_S3_BUCKET: z.string().optional(),\n AWS_ENDPOINT: z.string().optional(),\n});\n\nexport type EnvConfig = z.infer<typeof envSchema>;\n\nexport interface ConfigOptions {\n schema?: z.ZodSchema;\n envPath?: string;\n validate?: boolean;\n}\n\nclass ConfigManager {\n private config: EnvConfig | null = null;\n private schema: z.ZodSchema;\n private validate: boolean;\n\n constructor(options: ConfigOptions = {}) {\n this.schema = options.schema || envSchema;\n this.validate = options.validate ?? true;\n }\n\n load(): EnvConfig {\n if (this.config) return this.config;\n\n const env: Record<string, string | undefined> = {};\n \n for (const key of Object.keys(this.schema.shape)) {\n env[key] = process.env[key];\n }\n\n if (this.validate) {\n const result = this.schema.safeParse(env);\n if (!result.success) {\n const errors = result.error.errors.map(e => `${e.path.join('.')}: ${e.message}`).join(', ');\n throw new Error(`Config validation failed: ${errors}`);\n }\n this.config = result.data;\n } else {\n this.config = env as EnvConfig;\n }\n\n return this.config;\n }\n\n get<K extends keyof EnvConfig>(key: K): EnvConfig[K] {\n if (!this.config) this.load();\n return this.config![key];\n }\n\n int(key: keyof EnvConfig): number {\n const value = this.get(key);\n if (typeof value === 'string') return parseInt(value, 10);\n return Number(value);\n }\n\n bool(key: keyof EnvConfig): boolean {\n const value = this.get(key);\n if (typeof value === 'boolean') return value;\n if (typeof value === 'string') return value.toLowerCase() === 'true';\n return Boolean(value);\n }\n\n isProduction(): boolean {\n return this.get('NODE_ENV') === 'production';\n }\n\n isDevelopment(): boolean {\n return this.get('NODE_ENV') === 'development';\n }\n\n isTest(): boolean {\n return this.get('NODE_ENV') === 'test';\n }\n\n getAll(): EnvConfig {\n if (!this.config) this.load();\n return this.config!;\n }\n}\n\nconst globalConfig = new ConfigManager();\n\nexport const config = {\n load: () => globalConfig.load(),\n get: <K extends keyof EnvConfig>(key: K) => globalConfig.get(key),\n int: (key: keyof EnvConfig) => globalConfig.int(key),\n bool: (key: keyof EnvConfig) => globalConfig.bool(key),\n isProduction: () => globalConfig.isProduction(),\n isDevelopment: () => globalConfig.isDevelopment(),\n isTest: () => globalConfig.isTest(),\n getAll: () => globalConfig.getAll(),\n create: (options?: ConfigOptions) => new ConfigManager(options),\n};\n\nexport default config;\n","import jwt from 'jsonwebtoken';\nimport { JWTPayload, TokenPair } from './types';\nimport { config } from '../config';\n\nexport class JWTService {\n private secret: string;\n private expiresIn: string;\n private refreshSecret: string;\n private refreshExpiresIn: string;\n\n constructor(options: { jwtSecret?: string; jwtExpiresIn?: string; refreshSecret?: string; refreshExpiresIn?: string } = {}) {\n this.secret = options.jwtSecret || config.get('JWT_SECRET') || 'default-secret-change-in-production';\n this.expiresIn = options.jwtExpiresIn || config.get('JWT_EXPIRES_IN') || '7d';\n this.refreshSecret = options.refreshSecret || config.get('JWT_REFRESH_SECRET') || this.secret;\n this.refreshExpiresIn = options.refreshExpiresIn || config.get('JWT_REFRESH_EXPIRES_IN') || '30d';\n }\n\n generateToken(payload: JWTPayload): string {\n return jwt.sign(payload, this.secret, { expiresIn: this.expiresIn });\n }\n\n generateRefreshToken(payload: JWTPayload): string {\n return jwt.sign(payload, this.refreshSecret, { expiresIn: this.refreshExpiresIn });\n }\n\n generateTokenPair(payload: JWTPayload): TokenPair {\n return {\n accessToken: this.generateToken(payload),\n refreshToken: this.generateRefreshToken(payload),\n };\n }\n\n verifyToken(token: string): JWTPayload {\n return jwt.verify(token, this.secret) as JWTPayload;\n }\n\n verifyRefreshToken(token: string): JWTPayload {\n return jwt.verify(token, this.refreshSecret) as JWTPayload;\n }\n\n refreshTokens(refreshToken: string): TokenPair {\n const { iat, exp, nbf, ...payload } = this.verifyRefreshToken(refreshToken) as JWTPayload & { iat?: number; exp?: number; nbf?: number };\n return this.generateTokenPair(payload);\n }\n}\n\nexport const jwtService = new JWTService();\n","import { OAuthProvider } from './types';\nimport { config } from '../config';\n\nexport interface OAuthUserInfo {\n id: string;\n email: string;\n name?: string;\n picture?: string;\n}\n\nexport class OAuthService {\n private providers: Map<string, OAuthProvider> = new Map();\n\n constructor() {\n const googleClientId = config.get('GOOGLE_CLIENT_ID');\n const googleClientSecret = config.get('GOOGLE_CLIENT_SECRET');\n const googleRedirectUri = config.get('GOOGLE_REDIRECT_URI');\n\n if (googleClientId && googleClientSecret && googleRedirectUri) {\n this.registerProvider('google', {\n name: 'google',\n clientId: googleClientId,\n clientSecret: googleClientSecret,\n redirectUri: googleRedirectUri,\n authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n tokenUrl: 'https://oauth2.googleapis.com/token',\n userInfoUrl: 'https://www.googleapis.com/oauth2/v2/userinfo',\n });\n }\n }\n\n registerProvider(name: string, provider: OAuthProvider): void {\n this.providers.set(name, provider);\n }\n\n getProvider(name: string): OAuthProvider | undefined {\n return this.providers.get(name);\n }\n\n getAuthorizationUrl(providerName: string, state?: string): string {\n const provider = this.getProvider(providerName);\n if (!provider) {\n throw new Error(`OAuth provider ${providerName} not registered`);\n }\n\n const params = new URLSearchParams({\n client_id: provider.clientId,\n redirect_uri: provider.redirectUri,\n response_type: 'code',\n scope: 'openid email profile',\n state: state || '',\n });\n\n return `${provider.authorizationUrl}?${params.toString()}`;\n }\n\n async exchangeCode(providerName: string, code: string): Promise<{ accessToken: string; refreshToken?: string }> {\n const provider = this.getProvider(providerName);\n if (!provider) {\n throw new Error(`OAuth provider ${providerName} not registered`);\n }\n\n const response = await fetch(provider.tokenUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n client_id: provider.clientId,\n client_secret: provider.clientSecret,\n code,\n grant_type: 'authorization_code',\n redirect_uri: provider.redirectUri,\n }),\n });\n\n if (!response.ok) {\n const error = await response.text();\n throw new Error(`OAuth token exchange failed: ${error}`);\n }\n\n const data = await response.json();\n return {\n accessToken: data.access_token,\n refreshToken: data.refresh_token,\n };\n }\n\n async getUserInfo(providerName: string, accessToken: string): Promise<OAuthUserInfo> {\n const provider = this.getProvider(providerName);\n if (!provider) {\n throw new Error(`OAuth provider ${providerName} not registered`);\n }\n\n const response = await fetch(provider.userInfoUrl, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n });\n\n if (!response.ok) {\n const error = await response.text();\n throw new Error(`OAuth user info fetch failed: ${error}`);\n }\n\n const data = await response.json();\n\n return {\n id: data.id,\n email: data.email,\n name: data.name,\n picture: data.picture,\n };\n }\n}\n\nexport const oauthService = new OAuthService();\n","import bcrypt from 'bcryptjs';\nimport { Request, Response, NextFunction, RequestHandler } from 'express';\nimport { JWTPayload, LoginCredentials, RegisterData, User, AuthOptions } from './types';\nimport { jwtService } from './jwt';\nimport { rbacService } from './rbac';\nimport { oauthService } from './oauth';\n\nexport interface AuthUser extends JWTPayload {\n id: string;\n email: string;\n role: string;\n}\n\ndeclare global {\n namespace Express {\n interface Request {\n user?: AuthUser;\n }\n }\n}\n\nexport interface UserStore {\n findByEmail(email: string): Promise<User | null>;\n findById(id: string): Promise<User | null>;\n create(data: RegisterData): Promise<User>;\n update(id: string, data: Partial<User>): Promise<User>;\n}\n\nclass InMemoryUserStore implements UserStore {\n private users: Map<string, User> = new Map();\n\n async findByEmail(email: string): Promise<User | null> {\n for (const user of this.users.values()) {\n if (user.email === email) return user;\n }\n return null;\n }\n\n async findById(id: string): Promise<User | null> {\n return this.users.get(id) || null;\n }\n\n async create(data: RegisterData): Promise<User> {\n const id = Math.random().toString(36).substr(2, 9);\n const hashedPassword = await bcrypt.hash(data.password, 10);\n const user: User = {\n id,\n email: data.email,\n password: hashedPassword,\n role: data.role || 'user',\n name: data.name,\n };\n this.users.set(id, user);\n return user;\n }\n\n async update(id: string, data: Partial<User>): Promise<User> {\n const user = this.users.get(id);\n if (!user) throw new Error('User not found');\n const updated = { ...user, ...data };\n this.users.set(id, updated);\n return updated;\n }\n}\n\nexport class AuthService {\n private userStore: UserStore;\n private options: Required<AuthOptions>;\n private initialized: boolean = false;\n\n constructor(options: AuthOptions = {}, userStore?: UserStore) {\n this.options = {\n jwtSecret: options.jwtSecret || process.env.JWT_SECRET || 'default-secret-change-in-production',\n jwtExpiresIn: options.jwtExpiresIn || '7d',\n refreshSecret: options.refreshSecret || process.env.JWT_REFRESH_SECRET || 'default-secret-change-in-production',\n refreshExpiresIn: options.refreshExpiresIn || '30d',\n googleClientId: options.googleClientId || process.env.GOOGLE_CLIENT_ID || '',\n googleClientSecret: options.googleClientSecret || process.env.GOOGLE_CLIENT_SECRET || '',\n googleRedirectUri: options.googleRedirectUri || process.env.GOOGLE_REDIRECT_URI || '',\n };\n\n this.userStore = userStore || new InMemoryUserStore();\n }\n\n async initialize(): Promise<void> {\n if (this.options.googleClientId && this.options.googleClientSecret && this.options.googleRedirectUri) {\n oauthService.registerProvider('google', {\n name: 'google',\n clientId: this.options.googleClientId,\n clientSecret: this.options.googleClientSecret,\n redirectUri: this.options.googleRedirectUri,\n authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n tokenUrl: 'https://oauth2.googleapis.com/token',\n userInfoUrl: 'https://www.googleapis.com/oauth2/v2/userinfo',\n });\n }\n this.initialized = true;\n }\n\n async register(data: RegisterData): Promise<{ user: User; tokens: { accessToken: string; refreshToken: string } }> {\n const existing = await this.userStore.findByEmail(data.email);\n if (existing) {\n throw new Error('User already exists');\n }\n\n const user = await this.userStore.create(data);\n const tokens = jwtService.generateTokenPair({\n userId: user.id,\n email: user.email,\n role: user.role,\n });\n\n return { user, tokens };\n }\n\n async login(credentials: LoginCredentials): Promise<{ user: User; tokens: { accessToken: string; refreshToken: string } }> {\n const user = await this.userStore.findByEmail(credentials.email);\n if (!user || !user.password) {\n throw new Error('Invalid credentials');\n }\n\n const isValid = await bcrypt.compare(credentials.password, user.password);\n if (!isValid) {\n throw new Error('Invalid credentials');\n }\n\n const tokens = jwtService.generateTokenPair({\n userId: user.id,\n email: user.email,\n role: user.role,\n });\n\n return { user, tokens };\n }\n\n async refresh(refreshToken: string): Promise<{ accessToken: string; refreshToken: string }> {\n return jwtService.refreshTokens(refreshToken);\n }\n\n async getGoogleAuthUrl(state?: string): Promise<string> {\n return oauthService.getAuthorizationUrl('google', state);\n }\n\n async handleGoogleCallback(code: string): Promise<{ user: User; tokens: { accessToken: string; refreshToken: string } }> {\n const { accessToken } = await oauthService.exchangeCode('google', code);\n const userInfo = await oauthService.getUserInfo('google', accessToken);\n\n let user = await this.userStore.findByEmail(userInfo.email);\n \n if (!user) {\n user = await this.userStore.create({\n email: userInfo.email,\n password: Math.random().toString(36).substr(2, 20),\n name: userInfo.name,\n role: 'user',\n });\n }\n\n const tokens = jwtService.generateTokenPair({\n userId: user.id,\n email: user.email,\n role: user.role,\n });\n\n return { user, tokens };\n }\n\n getMiddleware(): RequestHandler {\n return (req: Request, res: Response, next: NextFunction) => {\n const authHeader = req.headers.authorization;\n \n if (!authHeader || !authHeader.startsWith('Bearer ')) {\n return res.status(401).json({ error: 'No token provided' });\n }\n\n const token = authHeader.substring(7);\n \n try {\n const payload = jwtService.verifyToken(token);\n req.user = {\n ...payload,\n id: payload.userId,\n };\n next();\n } catch (error) {\n return res.status(401).json({ error: 'Invalid token' });\n }\n };\n }\n\n requireUser(): RequestHandler {\n return (req: Request, res: Response, next: NextFunction) => {\n if (!req.user) {\n return res.status(401).json({ error: 'Authentication required' });\n }\n next();\n };\n }\n\n requireRole(role: string): RequestHandler {\n return (req: Request, res: Response, next: NextFunction) => {\n if (!req.user) {\n return res.status(401).json({ error: 'Authentication required' });\n }\n if (!rbacService.hasRole(req.user.role, role)) {\n return res.status(403).json({ error: 'Insufficient permissions' });\n }\n next();\n };\n }\n\n requirePermission(permission: string): RequestHandler {\n return (req: Request, res: Response, next: NextFunction) => {\n if (!req.user) {\n return res.status(401).json({ error: 'Authentication required' });\n }\n if (!rbacService.hasPermission(req.user.role, permission)) {\n return res.status(403).json({ error: 'Insufficient permissions' });\n }\n next();\n };\n }\n}\n\nlet authServiceInstance: AuthService | null = null;\n\nexport function createAuth(options?: AuthOptions, userStore?: UserStore): AuthService {\n authServiceInstance = new AuthService(options, userStore);\n return authServiceInstance;\n}\n\nexport function auth(): AuthService {\n if (!authServiceInstance) {\n authServiceInstance = new AuthService();\n }\n return authServiceInstance;\n}\n\nexport const Auth = {\n initialize: (options?: AuthOptions) => {\n const service = createAuth(options);\n return {\n service,\n getMiddleware: () => service.getMiddleware(),\n requireUser: () => service.requireUser(),\n requireRole: (role: string) => service.requireRole(role),\n requirePermission: (permission: string) => service.requirePermission(permission),\n };\n },\n};\n","import { FastifyInstance, FastifyRequest, FastifyReply, HookHandlerDoneFunction } from 'fastify';\nimport { AuthService } from './express';\nimport { JWTPayload } from './types';\n\ndeclare module 'fastify' {\n interface FastifyRequest {\n user?: JWTPayload & { id: string };\n }\n}\n\nexport function registerAuthPlugin(fastify: FastifyInstance, options: { authService: AuthService }, done: HookHandlerDoneFunction) {\n const { authService } = options;\n\n fastify.decorate('authenticate', async (request: FastifyRequest, reply: FastifyReply) => {\n const authHeader = request.headers.authorization;\n \n if (!authHeader || !authHeader.startsWith('Bearer ')) {\n return reply.status(401).send({ error: 'No token provided' });\n }\n\n const token = authHeader.substring(7);\n \n try {\n const payload = authService['jwtService'].verifyToken(token);\n request.user = {\n ...payload,\n id: payload.userId,\n };\n } catch (error) {\n return reply.status(401).send({ error: 'Invalid token' });\n }\n });\n\n fastify.decorate('requireUser', async (request: FastifyRequest, reply: FastifyReply) => {\n if (!request.user) {\n return reply.status(401).send({ error: 'Authentication required' });\n }\n });\n\n fastify.decorate('requireRole', (role: string) => {\n return async (request: FastifyRequest, reply: FastifyReply) => {\n if (!request.user) {\n return reply.status(401).send({ error: 'Authentication required' });\n }\n const { rbacService } = await import('./rbac');\n if (!rbacService.hasRole(request.user.role, role)) {\n return reply.status(403).send({ error: 'Insufficient permissions' });\n }\n };\n });\n\n fastify.decorate('requirePermission', (permission: string) => {\n return async (request: FastifyRequest, reply: FastifyReply) => {\n if (!request.user) {\n return reply.status(401).send({ error: 'Authentication required' });\n }\n const { rbacService } = await import('./rbac');\n if (!rbacService.hasPermission(request.user.role, permission)) {\n return reply.status(403).send({ error: 'Insufficient permissions' });\n }\n };\n });\n\n done();\n}\n"]}
|
package/dist/auth/index.mjs
CHANGED
|
@@ -104,6 +104,7 @@ var envSchema = z.object({
|
|
|
104
104
|
NODE_ENV: z.enum(["development", "production", "test"]).default("development"),
|
|
105
105
|
PORT: z.string().default("3000"),
|
|
106
106
|
DATABASE_URL: z.string().optional(),
|
|
107
|
+
MONGODB_URL: z.string().optional(),
|
|
107
108
|
REDIS_URL: z.string().default("redis://localhost:6379"),
|
|
108
109
|
JWT_SECRET: z.string().min(32).optional(),
|
|
109
110
|
JWT_EXPIRES_IN: z.string().default("7d"),
|
|
@@ -229,7 +230,7 @@ var JWTService = class {
|
|
|
229
230
|
return jwt.verify(token, this.refreshSecret);
|
|
230
231
|
}
|
|
231
232
|
refreshTokens(refreshToken) {
|
|
232
|
-
const payload = this.verifyRefreshToken(refreshToken);
|
|
233
|
+
const { iat, exp, nbf, ...payload } = this.verifyRefreshToken(refreshToken);
|
|
233
234
|
return this.generateTokenPair(payload);
|
|
234
235
|
}
|
|
235
236
|
};
|