django-admin-react 0.1.0a1__py3-none-any.whl

django_admin_react/api/writes.py

@@ -0,0 +1,325 @@
+"""Shared helpers for the write endpoints (POST / PATCH / DELETE).
+
+Wire contract: ``docs/api-contract.md`` §5 and §6.
+
+Hard rules (`SECURITY.md` §3, `ACCEPTANCE.md` §3.1):
+
+- Rule 6:  Writes go through ``ModelAdmin.get_form()`` — never
+           ``setattr(obj, ...)`` directly (B-3).
+- Rule 7:  Deletes go through ``ModelAdmin.delete_model()`` — never
+           ``obj.delete()`` (B-4).
+- Rule 12: ``readonly`` / ``exclude`` field names in the payload are a
+           400 ``bad_request`` (S-31, B-3).
+- Defense-in-depth: sensitive-name denylist is applied on top of the
+  admin's own ``exclude`` so a misconfigured admin still cannot leak.
+
+Public surface — every view layer should reach for one of these first:
+
+- :func:`bad_request`            — uniform 400 envelope.
+- :func:`validation_failed`      — uniform 400 with per-field errors.
+- :func:`not_found_response`     — canonical 404 envelope.
+- :func:`parse_json_body`        — decode a JSON object or return 400.
+- :func:`load_object_or_none`    — fetch through ``get_queryset`` or
+                                   return ``None`` (caller emits 404).
+- :func:`writable_field_names`   — fields the API will accept on write.
+- :func:`readonly_or_excluded_names`
+                                 — fields the payload may not mention.
+- :func:`reject_forbidden_keys`  — payload-shape validation gate.
+- :func:`coerce_fk_values`       — accept FK envelope on input.
+- :func:`form_errors_to_envelope`
+                                 — Django form errors → wire shape.
+- :func:`merged_initial_for_update`
+                                 — instance + payload → form data.
+"""
+
+from __future__ import annotations
+
+import json
+from typing import Any
+
+from django.contrib.admin.options import ModelAdmin
+from django.db.models import ForeignKey
+from django.db.models import ManyToManyField
+from django.db.models import Model
+from django.http import HttpRequest
+from django.http import HttpResponse
+from django.http import JsonResponse
+
+from django_admin_react.api.serializers import filter_sensitive
+from django_admin_react.api.serializers import is_sensitive_field_name
+
+# Canonical 404 body. Deliberately omits the requested app/model/pk —
+# leaking those would give an attacker an oracle for what *would* have
+# existed had they been authorized. See ``SECURITY.md`` §3 rule 12.
+_NOT_FOUND_BODY: dict[str, Any] = {
+    "error": {"code": "not_found", "message": "Not found."},
+}
+
+
+# --------------------------------------------------------------------------- #
+# Response factories                                                          #
+# --------------------------------------------------------------------------- #
+def bad_request(message: str = "Malformed request.") -> HttpResponse:
+    """Return the package's canonical 400 ``bad_request`` envelope.
+
+    The ``message`` is safe to surface to the client; never include
+    request-derived strings here unless they are ``repr()``-quoted
+    (``SECURITY.md`` §3 rule 12).
+    """
+    body = {"error": {"code": "bad_request", "message": message}}
+    response = JsonResponse(body, status=400)
+    response["Cache-Control"] = "no-store"
+    return response
+
+
+def validation_failed(errors: dict[str, list[str]]) -> HttpResponse:
+    """Return a 400 ``validation_failed`` envelope (contract §6).
+
+    The ``errors`` mapping is already the wire shape — see
+    :func:`form_errors_to_envelope` for the canonical converter from
+    Django's ``form.errors`` to this shape.
+    """
+    body = {
+        "error": {
+            "code": "validation_failed",
+            "message": "One or more fields are invalid.",
+            "fields": errors,
+        }
+    }
+    response = JsonResponse(body, status=400)
+    response["Cache-Control"] = "no-store"
+    return response
+
+
+def not_found_response() -> HttpResponse:
+    """Return the package's canonical 404 envelope (contract §6).
+
+    Single source of truth for 404 bodies across the view layer; every
+    view that needs to emit a 404 imports this rather than rolling its
+    own envelope (keeps the leak surface to zero, per
+    ``SECURITY.md`` §3 rule 12).
+    """
+    response = JsonResponse(_NOT_FOUND_BODY, status=404)
+    response["Cache-Control"] = "no-store"
+    return response
+
+
+# --------------------------------------------------------------------------- #
+# Request / object lookup                                                     #
+# --------------------------------------------------------------------------- #
+def parse_json_body(request: HttpRequest) -> dict[str, Any] | HttpResponse:
+    """Decode ``request.body`` as a JSON object, or return a 400.
+
+    Returns:
+        - ``{}`` if the body is empty (PATCH with no fields is valid).
+        - The parsed dict on success.
+        - A ``HttpResponse`` (400) if the body is invalid UTF-8, invalid
+          JSON, or not a JSON object (arrays, scalars, etc. are
+          rejected — the contract only ever speaks objects).
+
+    Callers check ``isinstance(result, HttpResponse)`` to branch.
+    """
+    raw = request.body or b""
+    if not raw:
+        return {}
+    try:
+        decoded = json.loads(raw.decode("utf-8"))
+    except (UnicodeDecodeError, json.JSONDecodeError):
+        return bad_request("Request body must be valid UTF-8 JSON.")
+    if not isinstance(decoded, dict):
+        return bad_request("Request body must be a JSON object.")
+    return decoded
+
+
+def load_object_or_none(
+    model: type[Model],
+    model_admin: ModelAdmin,
+    request: HttpRequest,
+    pk: Any,
+) -> Model | None:
+    """Fetch one row through the admin's queryset, or ``None`` on miss.
+
+    Three lookup failures collapse to ``None`` (callers convert to
+    404, never to 500):
+
+    - ``DoesNotExist`` — pk valid but no matching row, or the row was
+      filtered out by ``ModelAdmin.get_queryset(request)``.
+    - ``ValueError`` — pk could not be parsed for the field's type
+      (e.g., ``"abc"`` against an ``IntegerField``).
+    - ``TypeError`` — similar parse failure for a custom pk type.
+
+    Centralizing this here means every "load or 404" call site has
+    the same exception surface and the same security posture
+    (queryset never bypassed, parse errors never leak).
+    """
+    try:
+        return model_admin.get_queryset(request).get(pk=pk)
+    except (model.DoesNotExist, ValueError, TypeError):
+        return None
+
+
+# --------------------------------------------------------------------------- #
+# Field-set computation                                                       #
+# --------------------------------------------------------------------------- #
+def writable_field_names(
+    model: type[Model],
+    model_admin: ModelAdmin,
+    request: HttpRequest,
+    obj: Model | None,
+) -> list[str]:
+    """Field names the API will accept in a create or update payload.
+
+    Computed as ``get_fields`` minus ``get_exclude`` minus
+    ``get_readonly_fields`` minus the sensitive-name denylist
+    (``ACCEPTANCE.md`` §4.7 S-31) minus ``ManyToManyField``
+    (unsupported in v1 per ``docs/api-contract.md`` §4).
+
+    Defense-in-depth: even if a ``ModelAdmin`` author forgets to
+    ``exclude`` a sensitive-named field, the substring match keeps
+    it out of the writable set.
+    """
+    declared = list(model_admin.get_fields(request, obj) or ())
+    excluded = set(model_admin.get_exclude(request, obj) or ())
+    readonly = set(model_admin.get_readonly_fields(request, obj) or ())
+    out: list[str] = []
+    for name in declared:
+        if name in excluded or name in readonly or is_sensitive_field_name(name):
+            continue
+        if isinstance(_safe_get_field(model, name), ManyToManyField):
+            continue
+        out.append(name)
+    return filter_sensitive(out)
+
+
+def readonly_or_excluded_names(
+    model_admin: ModelAdmin,
+    request: HttpRequest,
+    obj: Model | None,
+) -> set[str]:
+    """Field names a payload may not even mention.
+
+    Used by :func:`reject_forbidden_keys` to emit the precise message
+    ``"Field 'x' is read-only."`` instead of the generic
+    ``"Unknown field 'x'."`` when the admin marks a field as
+    readonly or excluded. Both responses are 400 per contract §5;
+    the distinction is a UX courtesy for the SPA.
+    """
+    excluded = set(model_admin.get_exclude(request, obj) or ())
+    readonly = set(model_admin.get_readonly_fields(request, obj) or ())
+    return excluded | readonly
+
+
+# --------------------------------------------------------------------------- #
+# Payload validation                                                          #
+# --------------------------------------------------------------------------- #
+def reject_forbidden_keys(
+    payload: dict[str, Any],
+    writable: list[str],
+    forbidden: set[str],
+) -> HttpResponse | None:
+    """Validate the shape of a write payload — return a 400 or ``None``.
+
+    Three rejection reasons, each yielding ``bad_request`` per
+    ``docs/api-contract.md`` §6:
+
+    1. The key is read-only or excluded by the admin (§5.2).
+    2. The key matches the sensitive-name denylist
+       (defense-in-depth, even if the admin's ``writable`` list let
+       it through somehow).
+    3. The key is not in ``writable`` at all (§5.1, unknown field).
+
+    Rejecting *before* form construction means a hostile payload
+    cannot trigger ``ModelForm`` side effects (e.g. FK queries) on
+    field names the admin never declared.
+    """
+    writable_set = set(writable)
+    for key in payload:
+        if key in forbidden:
+            return bad_request(f"Field {key!r} is read-only.")
+        if is_sensitive_field_name(key):
+            return bad_request(f"Field {key!r} is not writable.")
+        if key not in writable_set:
+            return bad_request(f"Unknown field {key!r}.")
+    return None
+
+
+def coerce_fk_values(
+    payload: dict[str, Any],
+    model: type[Model],
+) -> dict[str, Any]:
+    """Normalize ForeignKey values to the bare pk the form layer expects.
+
+    The wire contract sends FKs *out* as ``{"id": pk, "label": str}``
+    (§4) but accepts bare pk *in* (§5.1). Clients that echo the read
+    shape back would otherwise hit a form-validation error even when
+    their intent is clear. Recognizing the envelope on input keeps
+    the SPA's edit-in-place flow honest without weakening
+    validation — Django will still reject any pk that does not
+    resolve to a real related row.
+    """
+    out: dict[str, Any] = {}
+    for key, value in payload.items():
+        model_field = _safe_get_field(model, key)
+        is_fk_envelope = (
+            isinstance(model_field, ForeignKey) and isinstance(value, dict) and "id" in value
+        )
+        out[key] = value["id"] if is_fk_envelope else value
+    return out
+
+
+def form_errors_to_envelope(form: Any) -> dict[str, list[str]]:
+    """Convert a Django form's ``errors`` mapping to the wire shape.
+
+    Non-field errors are surfaced under the empty-string key
+    (normalized from Django's ``__all__`` convention so clients
+    don't have to know that magic name).
+    """
+    errors: dict[str, list[str]] = {}
+    for field_name, error_list in form.errors.items():
+        key = "" if field_name == "__all__" else field_name
+        errors[key] = [str(e) for e in error_list]
+    return errors
+
+
+def merged_initial_for_update(
+    obj: Model,
+    writable: list[str],
+    payload: dict[str, Any],
+    model: type[Model],
+) -> dict[str, Any]:
+    """Build the ``data`` dict for a PATCH form: instance values + payload.
+
+    Django ``ModelForm`` validates the whole form on every save, even
+    on partial updates. We therefore seed every writable field with
+    the instance's current value, then overlay the user-supplied
+    payload. This mirrors what Django admin's change-view does.
+
+    FK fields are seeded with ``<name>_id`` because that is the wire
+    shape the form's choice field expects — passing the related
+    instance directly would trigger an extra DB query on a hot path.
+    """
+    merged: dict[str, Any] = {}
+    for name in writable:
+        if isinstance(_safe_get_field(model, name), ForeignKey):
+            merged[name] = getattr(obj, f"{name}_id", None)
+        else:
+            merged[name] = getattr(obj, name, None)
+    merged.update(coerce_fk_values(payload, model))
+    return merged
+
+
+# --------------------------------------------------------------------------- #
+# Internals                                                                   #
+# --------------------------------------------------------------------------- #
+def _safe_get_field(model: type[Model], name: str):
+    """Return ``model._meta.get_field(name)`` or ``None`` if not found.
+
+    Centralized so callers don't need to know that ``get_field``
+    raises ``FieldDoesNotExist`` (or any subclass) — the contract
+    here is "field or None", which is what every call site in this
+    module actually wants.
+    """
+    try:
+        return model._meta.get_field(name)
+    except Exception:
+        return None

django_admin_react/apps.py

@@ -0,0 +1,27 @@
+"""Django AppConfig for django_admin_react.
+
+Registering this AppConfig in the consumer's `INSTALLED_APPS` is the
+only side effect of adding the package. The real wiring (URLs, API,
+templates, static assets) is opt-in via the consumer's own `urls.py`.
+"""
+
+from django.apps import AppConfig
+
+
+class DjangoAdminReactConfig(AppConfig):
+    """Django app config — the only side effect of adding the package.
+
+    The four attributes are the standard Django ``AppConfig`` contract:
+
+    - ``name`` — Python import path; required by Django's app registry.
+    - ``label`` — short identifier used in migrations and admin URLs.
+    - ``verbose_name`` — human-readable name shown in the admin index.
+    - ``default_auto_field`` — bigint primary keys for any future models
+      the package adds (none today, but pinning the default avoids a
+      Django warning and locks the choice in for forwards compat).
+    """
+
+    name = "django_admin_react"
+    label = "django_admin_react"
+    verbose_name = "Django Admin React"
+    default_auto_field = "django.db.models.BigAutoField"

django_admin_react/conf.py

@@ -0,0 +1,77 @@
+"""Lazy settings wrapper for django_admin_react.
+
+All package settings live under a single optional dict
+``settings.DJANGO_ADMIN_REACT``. Defaults are applied lazily so that
+adding the app to ``INSTALLED_APPS`` does not require a settings entry.
+
+Usage in package code:
+
+    from django_admin_react.conf import settings
+    settings.MAX_PAGE_SIZE
+
+Nothing in the package should read ``django.conf.settings.DJANGO_ADMIN_REACT``
+directly — go through this module so defaults are consistent.
+"""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Any
+
+from django.conf import settings as django_settings
+
+DEFAULTS: dict[str, Any] = {
+    "ADMIN_SITE": "django.contrib.admin.site",
+    "DEFAULT_PAGE_SIZE": 25,
+    "MAX_PAGE_SIZE": 200,
+    "ENABLE_PROFILING": False,
+}
+
+
+@dataclass(frozen=True)
+class _PackageSettings:
+    """Resolved package settings.
+
+    Real implementation lands in PR #2. For now this is a stub so other
+    modules can import the typed attribute names.
+    """
+
+    ADMIN_SITE: str = DEFAULTS["ADMIN_SITE"]
+    DEFAULT_PAGE_SIZE: int = DEFAULTS["DEFAULT_PAGE_SIZE"]
+    MAX_PAGE_SIZE: int = DEFAULTS["MAX_PAGE_SIZE"]
+    ENABLE_PROFILING: bool = DEFAULTS["ENABLE_PROFILING"]
+
+
+def _load() -> _PackageSettings:
+    """Merge the consumer's overrides with ``DEFAULTS``.
+
+    Unknown keys raise ``ValueError`` so a typo in
+    ``settings.DJANGO_ADMIN_REACT`` is caught at startup rather than
+    silently ignored. Returns an immutable ``_PackageSettings``.
+    """
+    user_overrides = getattr(django_settings, "DJANGO_ADMIN_REACT", {}) or {}
+    merged = {**DEFAULTS, **user_overrides}
+    # Reject unknown keys defensively to surface typos early.
+    unknown = set(merged) - set(DEFAULTS)
+    if unknown:
+        raise ValueError("Unknown DJANGO_ADMIN_REACT keys: " + ", ".join(sorted(unknown)))
+    return _PackageSettings(**merged)
+
+
+# Lazily resolve on first access; cache.
+_cached: _PackageSettings | None = None
+
+
+def __getattr__(name: str) -> Any:  # pragma: no cover — thin shim
+    """Module-level ``__getattr__`` (PEP 562) so callers can write
+    ``from django_admin_react.conf import settings`` or
+    ``conf.MAX_PAGE_SIZE`` without a separate accessor.
+
+    First access triggers ``_load()`` and caches the result; later
+    accesses return cached attributes. Reload requires re-importing
+    the module (matches Django's own settings semantics).
+    """
+    global _cached
+    if _cached is None:
+        _cached = _load()
+    return getattr(_cached, name)

django_admin_react/static/admin_react/.vite/manifest.json

@@ -0,0 +1,11 @@
+{
+  "index.html": {
+    "file": "assets/index-itk7hrnq.js",
+    "name": "index",
+    "src": "index.html",
+    "isEntry": true,
+    "css": [
+      "assets/index-CKxeWYBA.css"
+    ]
+  }
+}

django_admin_react/static/admin_react/assets/index-CKxeWYBA.css

@@ -0,0 +1 @@
+*,:before,:after{--tw-border-spacing-x: 0;--tw-border-spacing-y: 0;--tw-translate-x: 0;--tw-translate-y: 0;--tw-rotate: 0;--tw-skew-x: 0;--tw-skew-y: 0;--tw-scale-x: 1;--tw-scale-y: 1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness: proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width: 0px;--tw-ring-offset-color: #fff;--tw-ring-color: rgb(59 130 246 / .5);--tw-ring-offset-shadow: 0 0 #0000;--tw-ring-shadow: 0 0 #0000;--tw-shadow: 0 0 #0000;--tw-shadow-colored: 0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }::backdrop{--tw-border-spacing-x: 0;--tw-border-spacing-y: 0;--tw-translate-x: 0;--tw-translate-y: 0;--tw-rotate: 0;--tw-skew-x: 0;--tw-skew-y: 0;--tw-scale-x: 1;--tw-scale-y: 1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness: proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width: 0px;--tw-ring-offset-color: #fff;--tw-ring-color: rgb(59 130 246 / .5);--tw-ring-offset-shadow: 0 0 #0000;--tw-ring-shadow: 0 0 #0000;--tw-shadow: 0 0 #0000;--tw-shadow-colored: 0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }*,:before,:after{box-sizing:border-box;border-width:0;border-style:solid;border-color:#e5e7eb}:before,:after{--tw-content: ""}html,:host{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,sans-serif,"Apple Color Emoji","Segoe UI Emoji",Segoe UI Symbol,"Noto Color Emoji";font-feature-settings:normal;font-variation-settings:normal;-webkit-tap-highlight-color:transparent}body{margin:0;line-height:inherit}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,samp,pre{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace;font-feature-settings:normal;font-variation-settings:normal;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit;border-collapse:collapse}button,input,optgroup,select,textarea{font-family:inherit;font-feature-settings:inherit;font-variation-settings:inherit;font-size:100%;font-weight:inherit;line-height:inherit;letter-spacing:inherit;color:inherit;margin:0;padding:0}button,select{text-transform:none}button,input:where([type=button]),input:where([type=reset]),input:where([type=submit]){-webkit-appearance:button;background-color:transparent;background-image:none}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}blockquote,dl,dd,h1,h2,h3,h4,h5,h6,hr,figure,p,pre{margin:0}fieldset{margin:0;padding:0}legend{padding:0}ol,ul,menu{list-style:none;margin:0;padding:0}dialog{padding:0}textarea{resize:vertical}input::-moz-placeholder,textarea::-moz-placeholder{opacity:1;color:#9ca3af}input::placeholder,textarea::placeholder{opacity:1;color:#9ca3af}button,[role=button]{cursor:pointer}:disabled{cursor:default}img,svg,video,canvas,audio,iframe,embed,object{display:block;vertical-align:middle}img,video{max-width:100%;height:auto}[hidden]:where(:not([hidden=until-found])){display:none}.visible{visibility:visible}.col-span-2{grid-column:span 2 / span 2}.mb-1{margin-bottom:.25rem}.mb-6{margin-bottom:1.5rem}.ml-2{margin-left:.5rem}.mt-1{margin-top:.25rem}.mt-2{margin-top:.5rem}.mt-4{margin-top:1rem}.block{display:block}.flex{display:flex}.inline-flex{display:inline-flex}.table{display:table}.grid{display:grid}.h-10{height:2.5rem}.h-4{height:1rem}.h-6{height:1.5rem}.h-full{height:100%}.min-h-screen{min-height:100vh}.w-10{width:2.5rem}.w-4{width:1rem}.w-6{width:1.5rem}.w-64{width:16rem}.w-full{width:100%}.min-w-full{min-width:100%}.max-w-prose{max-width:65ch}.flex-1{flex:1 1 0%}.shrink-0{flex-shrink:0}@keyframes spin{to{transform:rotate(360deg)}}.animate-spin{animation:spin 1s linear infinite}.cursor-not-allowed{cursor:not-allowed}.cursor-pointer{cursor:pointer}.grid-cols-1{grid-template-columns:repeat(1,minmax(0,1fr))}.grid-cols-3{grid-template-columns:repeat(3,minmax(0,1fr))}.flex-col{flex-direction:column}.items-end{align-items:flex-end}.items-center{align-items:center}.justify-center{justify-content:center}.justify-between{justify-content:space-between}.gap-1{gap:.25rem}.gap-2{gap:.5rem}.gap-4{gap:1rem}.space-y-1>:not([hidden])~:not([hidden]){--tw-space-y-reverse: 0;margin-top:calc(.25rem * calc(1 - var(--tw-space-y-reverse)));margin-bottom:calc(.25rem * var(--tw-space-y-reverse))}.space-y-4>:not([hidden])~:not([hidden]){--tw-space-y-reverse: 0;margin-top:calc(1rem * calc(1 - var(--tw-space-y-reverse)));margin-bottom:calc(1rem * var(--tw-space-y-reverse))}.space-y-6>:not([hidden])~:not([hidden]){--tw-space-y-reverse: 0;margin-top:calc(1.5rem * calc(1 - var(--tw-space-y-reverse)));margin-bottom:calc(1.5rem * var(--tw-space-y-reverse))}.divide-y>:not([hidden])~:not([hidden]){--tw-divide-y-reverse: 0;border-top-width:calc(1px * calc(1 - var(--tw-divide-y-reverse)));border-bottom-width:calc(1px * var(--tw-divide-y-reverse))}.divide-gray-100>:not([hidden])~:not([hidden]){--tw-divide-opacity: 1;border-color:rgb(243 244 246 / var(--tw-divide-opacity, 1))}.overflow-x-auto{overflow-x:auto}.overflow-y-auto{overflow-y:auto}.whitespace-pre-wrap{white-space:pre-wrap}.rounded{border-radius:.25rem}.rounded-lg{border-radius:.5rem}.rounded-md{border-radius:.375rem}.border{border-width:1px}.border-b{border-bottom-width:1px}.border-blue-600{--tw-border-opacity: 1;border-color:rgb(37 99 235 / var(--tw-border-opacity, 1))}.border-gray-200{--tw-border-opacity: 1;border-color:rgb(229 231 235 / var(--tw-border-opacity, 1))}.border-gray-300{--tw-border-opacity: 1;border-color:rgb(209 213 219 / var(--tw-border-opacity, 1))}.border-red-500{--tw-border-opacity: 1;border-color:rgb(239 68 68 / var(--tw-border-opacity, 1))}.border-red-600{--tw-border-opacity: 1;border-color:rgb(220 38 38 / var(--tw-border-opacity, 1))}.border-transparent{border-color:transparent}.bg-amber-50{--tw-bg-opacity: 1;background-color:rgb(255 251 235 / var(--tw-bg-opacity, 1))}.bg-blue-50{--tw-bg-opacity: 1;background-color:rgb(239 246 255 / var(--tw-bg-opacity, 1))}.bg-blue-600{--tw-bg-opacity: 1;background-color:rgb(37 99 235 / var(--tw-bg-opacity, 1))}.bg-gray-50{--tw-bg-opacity: 1;background-color:rgb(249 250 251 / var(--tw-bg-opacity, 1))}.bg-gray-900{--tw-bg-opacity: 1;background-color:rgb(17 24 39 / var(--tw-bg-opacity, 1))}.bg-green-50{--tw-bg-opacity: 1;background-color:rgb(240 253 244 / var(--tw-bg-opacity, 1))}.bg-red-50{--tw-bg-opacity: 1;background-color:rgb(254 242 242 / var(--tw-bg-opacity, 1))}.bg-red-600{--tw-bg-opacity: 1;background-color:rgb(220 38 38 / var(--tw-bg-opacity, 1))}.bg-transparent{background-color:transparent}.bg-white{--tw-bg-opacity: 1;background-color:rgb(255 255 255 / var(--tw-bg-opacity, 1))}.p-4{padding:1rem}.p-6{padding:1.5rem}.px-2{padding-left:.5rem;padding-right:.5rem}.px-3{padding-left:.75rem;padding-right:.75rem}.px-4{padding-left:1rem;padding-right:1rem}.py-0\.5{padding-top:.125rem;padding-bottom:.125rem}.py-1{padding-top:.25rem;padding-bottom:.25rem}.py-12{padding-top:3rem;padding-bottom:3rem}.py-2{padding-top:.5rem;padding-bottom:.5rem}.py-3{padding-top:.75rem;padding-bottom:.75rem}.py-8{padding-top:2rem;padding-bottom:2rem}.text-left{text-align:left}.text-center{text-align:center}.text-right{text-align:right}.text-2xl{font-size:1.5rem;line-height:2rem}.text-base{font-size:1rem;line-height:1.5rem}.text-lg{font-size:1.125rem;line-height:1.75rem}.text-sm{font-size:.875rem;line-height:1.25rem}.text-xs{font-size:.75rem;line-height:1rem}.font-medium{font-weight:500}.font-semibold{font-weight:600}.uppercase{text-transform:uppercase}.capitalize{text-transform:capitalize}.tracking-wide{letter-spacing:.025em}.text-amber-700{--tw-text-opacity: 1;color:rgb(180 83 9 / var(--tw-text-opacity, 1))}.text-blue-600{--tw-text-opacity: 1;color:rgb(37 99 235 / var(--tw-text-opacity, 1))}.text-blue-700{--tw-text-opacity: 1;color:rgb(29 78 216 / var(--tw-text-opacity, 1))}.text-gray-100{--tw-text-opacity: 1;color:rgb(243 244 246 / var(--tw-text-opacity, 1))}.text-gray-300{--tw-text-opacity: 1;color:rgb(209 213 219 / var(--tw-text-opacity, 1))}.text-gray-400{--tw-text-opacity: 1;color:rgb(156 163 175 / var(--tw-text-opacity, 1))}.text-gray-500{--tw-text-opacity: 1;color:rgb(107 114 128 / var(--tw-text-opacity, 1))}.text-gray-600{--tw-text-opacity: 1;color:rgb(75 85 99 / var(--tw-text-opacity, 1))}.text-gray-700{--tw-text-opacity: 1;color:rgb(55 65 81 / var(--tw-text-opacity, 1))}.text-gray-900{--tw-text-opacity: 1;color:rgb(17 24 39 / var(--tw-text-opacity, 1))}.text-green-700{--tw-text-opacity: 1;color:rgb(21 128 61 / var(--tw-text-opacity, 1))}.text-red-600{--tw-text-opacity: 1;color:rgb(220 38 38 / var(--tw-text-opacity, 1))}.text-red-700{--tw-text-opacity: 1;color:rgb(185 28 28 / var(--tw-text-opacity, 1))}.text-white{--tw-text-opacity: 1;color:rgb(255 255 255 / var(--tw-text-opacity, 1))}.antialiased{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.opacity-25{opacity:.25}.opacity-75{opacity:.75}.shadow-sm{--tw-shadow: 0 1px 2px 0 rgb(0 0 0 / .05);--tw-shadow-colored: 0 1px 2px 0 var(--tw-shadow-color);box-shadow:var(--tw-ring-offset-shadow, 0 0 #0000),var(--tw-ring-shadow, 0 0 #0000),var(--tw-shadow)}.transition-colors{transition-property:color,background-color,border-color,text-decoration-color,fill,stroke;transition-timing-function:cubic-bezier(.4,0,.2,1);transition-duration:.15s}html,body,#root{height:100%}.hover\:bg-blue-700:hover{--tw-bg-opacity: 1;background-color:rgb(29 78 216 / var(--tw-bg-opacity, 1))}.hover\:bg-gray-100:hover{--tw-bg-opacity: 1;background-color:rgb(243 244 246 / var(--tw-bg-opacity, 1))}.hover\:bg-gray-50:hover{--tw-bg-opacity: 1;background-color:rgb(249 250 251 / var(--tw-bg-opacity, 1))}.hover\:bg-gray-800:hover{--tw-bg-opacity: 1;background-color:rgb(31 41 55 / var(--tw-bg-opacity, 1))}.hover\:bg-red-700:hover{--tw-bg-opacity: 1;background-color:rgb(185 28 28 / var(--tw-bg-opacity, 1))}.hover\:text-white:hover{--tw-text-opacity: 1;color:rgb(255 255 255 / var(--tw-text-opacity, 1))}.hover\:underline:hover{text-decoration-line:underline}.hover\:no-underline:hover{text-decoration-line:none}.focus\:border-blue-500:focus{--tw-border-opacity: 1;border-color:rgb(59 130 246 / var(--tw-border-opacity, 1))}.focus\:outline-none:focus{outline:2px solid transparent;outline-offset:2px}.focus\:ring-2:focus{--tw-ring-offset-shadow: var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow: var(--tw-ring-inset) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color);box-shadow:var(--tw-ring-offset-shadow),var(--tw-ring-shadow),var(--tw-shadow, 0 0 #0000)}.focus\:ring-blue-500:focus{--tw-ring-opacity: 1;--tw-ring-color: rgb(59 130 246 / var(--tw-ring-opacity, 1))}.disabled\:cursor-not-allowed:disabled{cursor:not-allowed}.disabled\:opacity-50:disabled{opacity:.5}@media (min-width: 640px){.sm\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}}@media (min-width: 1024px){.lg\:grid-cols-3{grid-template-columns:repeat(3,minmax(0,1fr))}}