{"version":3,"file":"Authorization.mjs","sources":["../../src/Authorization.ts"],"sourcesContent":["const __data = Symbol('data');\n/**\n * All possible providers.\n *\n * This list should not be used if you need to restrict available providers\n * according to an auth strategcy. E.g., `public` auth can only be facilitated\n * by `apiKey` and `identityPool` providers.\n */\nexport const Providers = [\n    'apiKey',\n    'identityPool',\n    'userPools',\n    'oidc',\n    'function',\n];\n/**\n * The subset of auth providers that can facilitate `public` auth.\n */\nexport const PublicProviders = ['apiKey', 'identityPool'];\n/**\n * The subset of auth providers that can facilitate `private` auth.\n */\nexport const PrivateProviders = ['userPools', 'oidc', 'identityPool'];\n/**\n * The subset of auth providers that can facilitate `owner` auth.\n */\nexport const OwnerProviders = ['userPools', 'oidc'];\n/**\n * The subset of auth providers that can facilitate `group` auth.\n */\nexport const GroupProviders = ['userPools', 'oidc'];\n/**\n * The subset of auth providers that can facilitate `custom` auth.\n */\nexport const CustomProviders = ['function'];\nexport const Strategies = [\n    'public',\n    'private',\n    'owner',\n    'groups',\n    'custom',\n];\n/**\n * The operations that can be performed against an API.\n */\nexport const Operations = [\n    'create',\n    'update',\n    'delete',\n    'read',\n    'get',\n    'list',\n    'sync',\n    'listen',\n    'search',\n];\n/**\n * The operations that can be performed against an API by a Lambda function.\n */\nexport const ResourceOperations = ['query', 'mutate', 'listen'];\n/**\n * Creates a shallow copy of an object with an individual field pruned away.\n *\n * @param original The original object to prune.\n * @param without The field to prune.\n * @returns The pruned object.\n */\nfunction omit(original, without) {\n    const pruned = { ...original };\n    delete pruned[without];\n    return pruned;\n}\nfunction to(operations) {\n    this[__data].operations = operations;\n    return omit(this, 'to');\n}\n/**\n * Specifies a property of the identity JWT to use in place of `sub::username`\n * as the value to match against the owner field for authorization.\n *\n * @param this Authorization object to operate against.\n * @param property A property of identity JWT.\n * @returns A copy of the Authorization object with the claim attached.\n */\nfunction identityClaim(property) {\n    this[__data].identityClaim = property;\n    return omit(this, 'identityClaim');\n}\nfunction withClaimIn(property) {\n    this[__data].groupClaim = property;\n    return omit(this, 'withClaimIn');\n}\nfunction validateProvider(needle, haystack) {\n    if (needle && !haystack.includes(needle)) {\n        throw new Error(`Invalid provider (${needle}) given!`);\n    }\n}\nfunction authData(defaults, builderMethods) {\n    return {\n        [__data]: {\n            strategy: 'public',\n            provider: undefined,\n            operations: undefined,\n            groupOrOwnerField: undefined,\n            multiOwner: false,\n            identityClaim: undefined,\n            groups: undefined,\n            ...defaults,\n        },\n        ...builderMethods,\n    };\n}\n/**\n * Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,\n * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `identitypool`, `userPools`, `oidc`, or `function`)\n * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.\n */\nexport const allow = {\n    /**\n     * Authorize unauthenticated users by using API key based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    publicApiKey() {\n        return authData({\n            strategy: 'public',\n            provider: 'apiKey',\n        }, {\n            to,\n        });\n    },\n    /**\n     * Authorize unauthenticated users by using IDENTITYPOOL based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    guest() {\n        return authData({\n            strategy: 'public',\n            provider: 'identityPool',\n        }, {\n            to,\n        });\n    },\n    /**\n     * Authorize authenticated users. By default, `.authenticated()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.authenticated(\"identityPool\")` or `.authenticated(\"oidc\")` to use identityPool or OIDC based authorization for authenticated users.\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    authenticated(provider) {\n        validateProvider(provider, PrivateProviders);\n        return authData({\n            strategy: 'private',\n            provider,\n        }, {\n            to,\n        });\n    },\n    /**\n     * Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new `owner: a.string()`\n     * field will be added to the model to store which user \"owns\" the item. Upon item creation, the \"owner field\" is\n     * auto-populated with the authenticated user's information. If you want to specify which field should be used as\n     * the owner field, you can use the `ownerDefinedIn` builder function instead.\n     *\n     * By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.owner(\"oidc\")` to use OIDC based authentication to designate the owner.\n     *\n     * To change the specific claim that should be used as the user identifier within the owner field, chain the\n     * `.identityClaim(...)` method.\n     *\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    owner(provider) {\n        validateProvider(provider, OwnerProviders);\n        return authData({\n            strategy: 'owner',\n            provider,\n            groupOrOwnerField: 'owner',\n        }, {\n            to,\n            identityClaim,\n        });\n    },\n    /**\n     * Authorize access on a per-user (owner) basis with specifying which field should be used as the owner field.\n     *\n     * By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.ownerDefinedIn(\"owner\", \"oidc\")` to use OIDC based authentication to designate the owner.\n     *\n     * To change the specific claim that should be used as the user identifier within the owner field, chain the\n     * `.identityClaim(...)` method.\n     *\n     * @param ownerField the field that contains the owner information\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    ownerDefinedIn(ownerField, provider) {\n        validateProvider(provider, OwnerProviders);\n        return authData({\n            strategy: 'owner',\n            provider,\n            groupOrOwnerField: ownerField,\n        }, {\n            to,\n            identityClaim,\n        });\n    },\n    /**\n     * Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new `owners: a.string().array()`\n     * field will be added to the model to store which users \"own\" the item. Upon item creation, the \"owners field\" is\n     * auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the `owners` array.\n     *\n     * You can specify which field should be used as the owners field by passing the `ownersField` parameter.\n     *\n     * By default, `.ownersDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.ownersDefinedIn(\"owners\", \"oidc\")` to use OIDC based authentication to designate the owner.\n     *\n     * To change the specific claim that should be used as the user identifier within the owners field, chain the\n     * `.identityClaim(...)` method.\n     *\n     * @param ownersField the field that contains the owners information\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    ownersDefinedIn(ownersField, provider) {\n        validateProvider(provider, OwnerProviders);\n        return authData({\n            strategy: 'owner',\n            provider,\n            groupOrOwnerField: ownersField,\n            multiOwner: true,\n        }, {\n            to,\n            identityClaim,\n        });\n    },\n    /**\n     * Authorize a specific user group. Provide the name of the specific user group to have access.\n     *\n     * By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier, chain the\n     * `.withClaimIn(...)` method.\n     * @param group the name of the group to authorize\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    group(group, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups: [group],\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    /**\n     * Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n     *\n     * By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier, chain the\n     * `.withClaimIn(...)` method.\n     * @param groups the names of the group to authorize defined as an array\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groups(groups, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups,\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    /**\n     * Authorize if a user is part of a group defined in a data model field.\n     *\n     * By default, `.groupDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groupDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier within the groups field, chain the\n     * `.withClaimIn(...)` method.\n     * @param groupsField the field that should store the authorized user group information\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groupDefinedIn(groupsField, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groupOrOwnerField: groupsField,\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    /**\n     * Authorize if a user is part of a one of the groups defined in a data model field.\n     *\n     * By default, `.groupsDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groupsDefinedIn(\"field-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * To change the specific claim that should be used as the user group identifier within the groups field, chain the\n     * `.withClaimIn(...)` method.\n     * @param groupsField the field that should store the list of authorized user groups\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groupsDefinedIn(groupsField, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groupOrOwnerField: groupsField,\n            multiOwner: true,\n        }, {\n            to,\n            withClaimIn,\n        });\n    },\n    custom(provider) {\n        return authData({\n            strategy: 'custom',\n            provider,\n        }, {\n            to,\n        });\n    },\n    resource(fn) {\n        return resourceAuthData(fn, {\n            to: resourceTo,\n        });\n    },\n};\n/**\n * This is a copy of the {@link allow} defined above, with modifications for custom operations.\n *\n * Removed builder methods:\n *\n * * `owner`\n * * `ownerDefinedIn`\n * * `ownersDefinedIn`\n * * `groupDefinedIn`\n * * `groupsDefinedIn`\n * * `resource`\n * * `.to()` builder method from each available rule builder\n */\nexport const allowForCustomOperations = {\n    /**\n     * Authorize unauthenticated users by using API key based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    publicApiKey() {\n        return authData({\n            strategy: 'public',\n            provider: 'apiKey',\n        }, {});\n    },\n    /**\n     * Authorize unauthenticated users by using identityPool based authorization.\n     * @returns an authorization rule for unauthenticated users\n     */\n    guest() {\n        return authData({\n            strategy: 'public',\n            provider: 'identityPool',\n        }, {});\n    },\n    /**\n     * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.authenticated(\"identityPool\")` or `.authenticated(\"oidc\")` to use Identity Pool or OIDC based authorization for authenticated users.\n     * @param provider the authentication provider - supports \"userPools\", \"identityPool\", or \"oidc\"\n     * @returns an authorization rule for authenticated users\n     */\n    authenticated(provider) {\n        validateProvider(provider, PrivateProviders);\n        return authData({\n            strategy: 'private',\n            provider,\n        }, {});\n    },\n    /**\n     * Authorize a specific user group. Provide the name of the specific user group to have access.\n     *\n     * By default, `.group()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.group(\"group-name\", \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * @param group the name of the group to authorize\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    group(group, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups: [group],\n        }, {});\n    },\n    /**\n     * Authorize multiple specific user groups. Provide the names of the specific user groups to have access.\n     *\n     * By default, `.groups()` uses an Amazon Cognito user pool based authorization. You can additionally\n     * use `.groups([\"group-a\", \"group-b\"], \"oidc\")` to use OIDC based authentication to designate the user group.\n     *\n     * @param groups the names of the group to authorize defined as an array\n     * @param provider the authentication provider - supports \"userPools\" or \"oidc\"\n     * @returns an authorization rule to grant access by a specific group\n     */\n    groups(groups, provider) {\n        return authData({\n            strategy: 'groups',\n            provider,\n            groups,\n        }, {});\n    },\n    custom(provider) {\n        return authData({\n            strategy: 'custom',\n            provider,\n        }, {});\n    },\n};\nexport const allowForConversations = {\n    owner() {\n        return authData({\n            strategy: 'owner',\n            provider: 'userPools',\n        }, {\n            to,\n            identityClaim,\n        });\n    },\n};\nfunction resourceTo(operations) {\n    this[__data].operations = operations;\n    return omit(this, 'to');\n}\nfunction resourceAuthData(resource, builderMethods) {\n    return {\n        [__data]: {\n            strategy: 'resource',\n            resource,\n        },\n        ...builderMethods,\n    };\n}\nexport const accessData = (authorization) => authorization[__data];\n// TODO: delete when we make resource auth available at each level in the schema (model, field)\nexport const accessSchemaData = (authorization) => authorization[__data];\n"],"names":[],"mappings":"AAAA,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,SAAS,GAAG;AACzB,IAAI,QAAQ;AACZ,IAAI,cAAc;AAClB,IAAI,WAAW;AACf,IAAI,MAAM;AACV,IAAI,UAAU;AACd;AACA;AACA;AACA;AACY,MAAC,eAAe,GAAG,CAAC,QAAQ,EAAE,cAAc;AACxD;AACA;AACA;AACY,MAAC,gBAAgB,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc;AACpE;AACA;AACA;AACY,MAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM;AAClD;AACA;AACA;AACY,MAAC,cAAc,GAAG,CAAC,WAAW,EAAE,MAAM;AAClD;AACA;AACA;AACY,MAAC,eAAe,GAAG,CAAC,UAAU;AAC9B,MAAC,UAAU,GAAG;AAC1B,IAAI,QAAQ;AACZ,IAAI,SAAS;AACb,IAAI,OAAO;AACX,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ;AACA;AACA;AACA;AACY,MAAC,UAAU,GAAG;AAC1B,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ,IAAI,MAAM;AACV,IAAI,KAAK;AACT,IAAI,MAAM;AACV,IAAI,MAAM;AACV,IAAI,QAAQ;AACZ,IAAI,QAAQ;AACZ;AACA;AACA;AACA;AACY,MAAC,kBAAkB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ;AAC9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE;AACjC,IAAI,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE;AAClC,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC;AAC1B,IAAI,OAAO,MAAM;AACjB;AACA,SAAS,EAAE,CAAC,UAAU,EAAE;AACxB,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU;AACxC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAa,CAAC,QAAQ,EAAE;AACjC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,aAAa,GAAG,QAAQ;AACzC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC;AACtC;AACA,SAAS,WAAW,CAAC,QAAQ,EAAE;AAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,QAAQ;AACtC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC;AACpC;AACA,SAAS,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC5C,IAAI,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;AAC9C,QAAQ,MAAM,IAAI,KAAK,CAAC,CAAC,kBAAkB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;AAC9D,IAAI;AACJ;AACA,SAAS,QAAQ,CAAC,QAAQ,EAAE,cAAc,EAAE;AAC5C,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,UAAU,EAAE,SAAS;AACjC,YAAY,iBAAiB,EAAE,SAAS;AACxC,YAAY,UAAU,EAAE,KAAK;AAC7B,YAAY,aAAa,EAAE,SAAS;AACpC,YAAY,MAAM,EAAE,SAAS;AAC7B,YAAY,GAAG,QAAQ;AACvB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,KAAK,GAAG;AACrB;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC;AACV,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,cAAc;AACpC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC;AACV,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC;AACpD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC;AACV,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,QAAQ,EAAE;AACpB,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,cAAc,CAAC;AAClD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,OAAO;AACtC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC;AACV,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,UAAU,EAAE,QAAQ,EAAE;AACzC,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,cAAc,CAAC;AAClD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,UAAU;AACzC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC;AACV,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,cAAc,CAAC;AAClD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC;AACV,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC;AACV,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC;AACV,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC1C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC;AACV,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC3C,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,iBAAiB,EAAE,WAAW;AAC1C,YAAY,UAAU,EAAE,IAAI;AAC5B,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,SAAS,CAAC;AACV,IAAI,CAAC;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE;AACX,YAAY,EAAE;AACd,SAAS,CAAC;AACV,IAAI,CAAC;AACL,IAAI,QAAQ,CAAC,EAAE,EAAE;AACjB,QAAQ,OAAO,gBAAgB,CAAC,EAAE,EAAE;AACpC,YAAY,EAAE,EAAE,UAAU;AAC1B,SAAS,CAAC;AACV,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,wBAAwB,GAAG;AACxC;AACA;AACA;AACA;AACA,IAAI,YAAY,GAAG;AACnB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,QAAQ;AAC9B,SAAS,EAAE,EAAE,CAAC;AACd,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ,EAAE,cAAc;AACpC,SAAS,EAAE,EAAE,CAAC;AACd,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,aAAa,CAAC,QAAQ,EAAE;AAC5B,QAAQ,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC;AACpD,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC;AACd,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE;AAC3B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM,EAAE,CAAC,KAAK,CAAC;AAC3B,SAAS,EAAE,EAAE,CAAC;AACd,IAAI,CAAC;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC7B,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,YAAY,MAAM;AAClB,SAAS,EAAE,EAAE,CAAC;AACd,IAAI,CAAC;AACL,IAAI,MAAM,CAAC,QAAQ,EAAE;AACrB,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,QAAQ;AAC9B,YAAY,QAAQ;AACpB,SAAS,EAAE,EAAE,CAAC;AACd,IAAI,CAAC;AACL;AACY,MAAC,qBAAqB,GAAG;AACrC,IAAI,KAAK,GAAG;AACZ,QAAQ,OAAO,QAAQ,CAAC;AACxB,YAAY,QAAQ,EAAE,OAAO;AAC7B,YAAY,QAAQ,EAAE,WAAW;AACjC,SAAS,EAAE;AACX,YAAY,EAAE;AACd,YAAY,aAAa;AACzB,SAAS,CAAC;AACV,IAAI,CAAC;AACL;AACA,SAAS,UAAU,CAAC,UAAU,EAAE;AAChC,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,UAAU;AACxC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;AAC3B;AACA,SAAS,gBAAgB,CAAC,QAAQ,EAAE,cAAc,EAAE;AACpD,IAAI,OAAO;AACX,QAAQ,CAAC,MAAM,GAAG;AAClB,YAAY,QAAQ,EAAE,UAAU;AAChC,YAAY,QAAQ;AACpB,SAAS;AACT,QAAQ,GAAG,cAAc;AACzB,KAAK;AACL;AACY,MAAC,UAAU,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM;AACjE;AACY,MAAC,gBAAgB,GAAG,CAAC,aAAa,KAAK,aAAa,CAAC,MAAM;;;;"}