{"version":3,"file":"index.cjs","sources":["../../../src/auth/decodeGoogleIdToken.ts","../../../src/auth/email-utils.ts","../../../src/server/build-google-auth-middleware.ts","../../../src/api/rest-api-response-zod.ts","../../../src/server/oak-response.ts","../../../src/server/errors.ts","../../../src/server/oak-middlewares.ts"],"sourcesContent":["import { OAuth2Client, type TokenPayload } from 'google-auth-library';\n\nexport type GoogleIdTokenPayloadType = TokenPayload & {\n  email: string;\n};\n\n/**\n * Verifies a Google ID token and returns the email address if the token is valid and the email is authorized.\n * @param googleClientId - The client ID of the Google application.\n * @param idToken - The ID token to verify.\n * @returns The email address if the token is valid and the email is authorized, or null if not.\n */\nexport async function decodeGoogleIdToken(googleClientId: string, idToken: string): Promise<GoogleIdTokenPayloadType> {\n  const oauth2Client = new OAuth2Client(googleClientId);\n\n  const ticket = await oauth2Client.verifyIdToken({\n    audience: googleClientId,\n    idToken: idToken.trim(),\n  });\n  const payload = ticket.getPayload();\n\n  if (!payload) {\n    throw new Error('Invalid token', {\n      cause: 'INVALID_GOOGLE_ID_TOKEN',\n    });\n  }\n\n  return payload as GoogleIdTokenPayloadType;\n}\n","interface ParsedEmailAddressType {\n  originalValue: string;\n  username: string;\n  domain: string;\n  isValid: boolean;\n}\n\nconst emailRegex = /^[a-zA-Z0-9._%+-]+@([a-zA-Z0-9.-]+\\.[a-zA-Z]{2,})$/;\n\nexport function parseEmailAddress(email: string): ParsedEmailAddressType {\n  // Normalize the email to lowercase\n  email = email?.toLowerCase() ?? '';\n\n  const isValid = emailRegex.test(email);\n  if (!isValid) {\n    return {\n      originalValue: email,\n      username: '',\n      domain: '',\n      isValid: false,\n    };\n  }\n\n  const [username, domain] = email.split('@');\n\n  return {\n    originalValue: email,\n    username,\n    domain,\n    isValid: true,\n  };\n}\n","/** @ts-self=\"@oak/oak\" */\nimport type { Middleware, State } from '@oak/oak';\nimport type { GenericOakMiddlewareErrorHandler } from './oak-middlewares.js';\nimport {\n  decodeGoogleIdToken as defaultDecodeGoogleIdToken,\n  type GoogleIdTokenPayloadType,\n} from '../auth/decodeGoogleIdToken.js';\nimport { parseEmailAddress } from '../auth/email-utils.js';\n\nexport class GoogleMiddlewareAuthError extends Error {\n  constructor(\n    message: string,\n    public readonly code: string,\n    public readonly idToken: string,\n  ) {\n    super(message);\n    this.name = this.constructor.name;\n  }\n\n  toJson() {\n    return {\n      name: this.name,\n      message: this.message,\n      code: this.code,\n      idToken: this.idToken,\n    };\n  }\n}\n\nexport class MissingAuthorizationTokenError extends GoogleMiddlewareAuthError {\n  constructor() {\n    super('Missing authorization token', 'MISSING_AUTHORIZATION_TOKEN', '');\n  }\n}\n\nexport class EmailNotPresentError extends GoogleMiddlewareAuthError {\n  constructor(\n    idToken: string,\n    public readonly idTokenPayload: GoogleIdTokenPayloadType,\n  ) {\n    super('Email not present in token payload', 'EMAIL_NOT_PRESENT', idToken);\n  }\n\n  override toJson() {\n    return {\n      ...super.toJson(),\n      idTokenPayload: this.idTokenPayload,\n    };\n  }\n}\n\nexport class DomainNotAuthorizedError extends GoogleMiddlewareAuthError {\n  constructor(\n    idToken: string,\n    public readonly idTokenPayload: GoogleIdTokenPayloadType,\n    public readonly allowedDomains: readonly string[],\n  ) {\n    const domain = idTokenPayload.hd;\n    super(\n      `Domain not authorized: ${domain}. Allowed domains: ${allowedDomains.join(', ')}`,\n      'DOMAIN_NOT_AUTHORIZED',\n      idToken,\n    );\n  }\n\n  override toJson() {\n    return {\n      ...super.toJson(),\n      domain: this.idTokenPayload.hd,\n      idTokenPayload: this.idTokenPayload,\n    };\n  }\n}\n\nexport class EmailNotAuthorizedError extends GoogleMiddlewareAuthError {\n  constructor(\n    idToken: string,\n    public readonly idTokenPayload: GoogleIdTokenPayloadType,\n    public readonly allowedEmails: string[],\n  ) {\n    const email = idTokenPayload.email;\n    super(\n      `Email not authorized: ${email}. Allowed emails: ${allowedEmails.join(', ')}`,\n      'EMAIL_NOT_AUTHORIZED',\n      idToken,\n    );\n  }\n\n  override toJson() {\n    return {\n      ...super.toJson(),\n      email: this.idTokenPayload.email,\n      idTokenPayload: this.idTokenPayload,\n    };\n  }\n}\n\nexport interface BuildGoogleAuthMiddlewareOptions {\n  /**\n   * The allowed domains to authenticate.\n   * If not provided, the email must end with '@karpatkey.com' by default.\n   */\n  allowedDomains?: string[];\n  /**\n   * The allowed emails to authenticate.\n   * If not provided, the email must end with '@karpatkey.com' by default.\n   */\n  allowedEmails?: string[];\n  /**\n   * The Google client ID to use for authentication.\n   */\n  googleClientId: string;\n  /**\n   * The error handler to use for the middleware. You must provide this function.\n   */\n  errorHandler: GenericOakMiddlewareErrorHandler;\n  /**\n   * The function to use to decode the Google ID token.\n   * If not provided, the default function will be used.\n   */\n  decodeGoogleIdToken?: typeof defaultDecodeGoogleIdToken;\n}\n\ntype AuthState = {\n  /**\n   * @deprecated Use googleUser instead.\n   */\n  user: GoogleIdTokenPayloadType;\n  /**\n   * The Google ID token payload.\n   */\n  googleUser: GoogleIdTokenPayloadType;\n};\n\n/**\n * Returns an Oak middleware function that verifies the Google ID token.\n * You can configure it to only allow certain emails via the `allowedEmails` option.\n *\n * If `allowedEmails` is provided, the authenticated email must exactly match one of the strings.\n * Otherwise, the email must end with '@karpatkey.com' by default.\n *\n * When `requireGoogleAuth` is disabled, the middleware will simply call next().\n */\nexport function buildGoogleAuthMiddleware<S extends State>(options: BuildGoogleAuthMiddlewareOptions) {\n  const { googleClientId, decodeGoogleIdToken } = options;\n\n  const allowedDomains = createAllowedDomains({\n    allowedDomains: options.allowedDomains,\n  });\n  const allowedEmails = createAllowedEmails({\n    allowedEmails: options.allowedEmails,\n  });\n\n  if (!googleClientId || googleClientId.trim().length === 0) {\n    throw new Error('a googleClientId is required to use the Google Auth middleware');\n  }\n\n  const authMiddleware: Middleware<S & AuthState> = async (ctx, next) => {\n    const authHeader = ctx.request.headers.get('Authorization');\n    if (!authHeader || !authHeader.startsWith('Bearer ')) {\n      const error = new MissingAuthorizationTokenError();\n      return options.errorHandler({\n        ctx,\n        next,\n        error,\n      });\n    }\n\n    const idToken = authHeader.split(' ')[1];\n    const idTokenPayload = await (decodeGoogleIdToken ?? defaultDecodeGoogleIdToken)(googleClientId, idToken);\n\n    if (!idTokenPayload.email) {\n      return options.errorHandler({\n        ctx,\n        next,\n        error: new EmailNotPresentError(idToken, idTokenPayload),\n      });\n    }\n\n    const parsedUserEmail = parseEmailAddress(idTokenPayload.email);\n\n    const isDomainAllowed = allowedDomains.length > 0 && allowedDomains.includes(parsedUserEmail.domain);\n    const isEmailAllowed = allowedEmails.length > 0 && allowedEmails.includes(parsedUserEmail.originalValue);\n\n    // If there are any authorization rules, at least one must be met.\n    const hasAuthorizationRules = allowedDomains.length > 0 || allowedEmails.length > 0;\n    if (hasAuthorizationRules && !isDomainAllowed && !isEmailAllowed) {\n      // If domain rules exist and the domain doesn't match, prioritize the domain error.\n      if (allowedDomains.length > 0 && !isDomainAllowed) {\n        return options.errorHandler({\n          ctx,\n          next,\n          error: new DomainNotAuthorizedError(idToken, idTokenPayload, allowedDomains),\n        });\n      }\n      // Otherwise, it must be an email mismatch.\n      return options.errorHandler({\n        ctx,\n        next,\n        error: new EmailNotAuthorizedError(idToken, idTokenPayload, allowedEmails),\n      });\n    }\n\n    // Add the decoded payload to the context state\n    // Ensure ctx.state is initialized if it doesn't exist\n    ctx.state = ctx.state || {};\n    ctx.state.user = idTokenPayload; // Attach the full payload\n    ctx.state.googleUser = idTokenPayload; // Attach the full payload\n\n    // Call the next middleware\n    await next();\n  };\n\n  return authMiddleware;\n}\n\n/**\n * Creates a set of allowed domains from the allowedDomains and allowedEmails options.\n *\n * @param params - The parameters to create the allowed domains from.\n * @returns A set of allowed domains.\n */\nfunction createAllowedDomains(params: { allowedDomains?: string[] }): readonly string[] {\n  const uniqueDomains = new Set<string>();\n  const allowedDomains = params.allowedDomains || [];\n\n  if (allowedDomains.length > 0) {\n    for (const domain of allowedDomains) {\n      uniqueDomains.add(domain.toLowerCase());\n    }\n  }\n\n  return Array.from(uniqueDomains);\n}\n\nfunction createAllowedEmails(params: { allowedEmails?: string[] }): string[] {\n  const emails = new Set<string>();\n  const allowedEmails = params.allowedEmails || [];\n\n  if (allowedEmails.length > 0) {\n    for (const email of allowedEmails) {\n      const parsedEmail = parseEmailAddress(email);\n      if (parsedEmail.isValid) {\n        emails.add(parsedEmail.originalValue.toLowerCase());\n      }\n    }\n  }\n\n  return Array.from(emails);\n}\n","import { z } from 'zod';\n\n// Zod schemas for API response structures\nexport const errorDetailBodySchema = z.object({\n  message: z.string(),\n  code: z.string().optional(),\n  field: z.string().optional(),\n  path: z.string().optional(),\n});\n\nconst errorBodySchema = z.object({\n  message: z.string(),\n  code: z.string(),\n  details: z.array(errorDetailBodySchema).optional(),\n});\n\nexport const apiErrorResponseBodyZodSchema = z.object({\n  meta: z.object({\n    status: z.number().min(400).max(599),\n  }),\n  errors: z.array(errorBodySchema),\n});\n\n/**\n * Standard response schema\n * @description A standard response schema for all API responses\n * @example\n * {\n *   \"data\": { ... },\n *   \"meta\": { ... }\n * }\n */\nexport const apiSuccessResponseBodyZodSchema = z.object({\n  data: z.unknown(),\n  meta: z.object({\n    status: z.number().min(200).max(399),\n    cache: z\n      .object({\n        hit: z.boolean(),\n        source: z.string().optional(),\n        ttl: z.number().optional(),\n        expireAt: z.number().optional(),\n      })\n      .optional(),\n  }),\n});\n\nexport type ErrorDetailBodyZodSchemaType = z.infer<typeof errorDetailBodySchema>;\nexport type ErrorBodyZodSchemaType = z.infer<typeof errorBodySchema>;\nexport type ApiErrorResponseBodyZodSchemaType = z.infer<typeof apiErrorResponseBodyZodSchema>;\nexport type ApiSuccessResponseBodyZodSchemaType<DataType = unknown> = Exclude<\n  z.infer<typeof apiSuccessResponseBodyZodSchema>,\n  'data'\n> & {\n  data: DataType;\n};\n\nexport const apiPaginationZodSchema = z.object({\n  items: z.array(z.unknown()),\n  totalItems: z.number(),\n  limit: z.number().int().positive(),\n  page: z.number().int().positive(),\n  totalPages: z.number().int().positive(),\n  hasNextPage: z.boolean(),\n  hasPrevPage: z.boolean(),\n  pagingCounter: z.number().int().positive(),\n  prevPage: z.number().int().positive(),\n  nextPage: z.number().int().positive(),\n});\n\nexport type ApiPaginationZodSchemaType<ItemsType = unknown> = Omit<z.infer<typeof apiPaginationZodSchema>, 'items'> & {\n  items: ItemsType[];\n};\n\n/**\n * Custom labels for the api paginated response body\n */\nexport const mongoosePaginateCustomLabels = {\n  docs: 'items',\n  totalDocs: 'totalItems',\n  limit: 'limit',\n  page: 'page',\n} as const;\n\n/**\n * The body of a paginated response from the api\n */\nexport type ApiPaginatedResponseBodyZodSchemaType<ItemsType = unknown> = ApiSuccessResponseBodyZodSchemaType<\n  ApiPaginationZodSchemaType<ItemsType>\n>;\n\n/**\n * Method to create a success response body\n * @param meta\n * @param data\n * @returns\n */\nexport function createApiSuccessResponseBody<T>(meta: ApiSuccessResponseBodyZodSchemaType['meta'], data: T) {\n  return apiSuccessResponseBodyZodSchema.parse({\n    data,\n    meta,\n  }) as ApiSuccessResponseBodyZodSchemaType<T>;\n}\n\n/**\n * Creates an error response with a single error\n */\nexport function createApiErrorResponseBody(\n  meta: ApiErrorResponseBodyZodSchemaType['meta'],\n  errors: ApiErrorResponseBodyZodSchemaType['errors'],\n): ApiErrorResponseBodyZodSchemaType {\n  const response: ApiErrorResponseBodyZodSchemaType = {\n    meta,\n    errors,\n  };\n\n  return apiErrorResponseBodyZodSchema.parse(response);\n}\n","import type { Context } from '@oak/oak';\nimport {\n  type ApiErrorResponseBodyZodSchemaType,\n  type ApiSuccessResponseBodyZodSchemaType,\n} from '../api/rest-api-response-zod.js';\n\n/**\n * Returns a successful response to the client\n * @param ctx Oak context\n * @param body Success response body\n */\nexport function returnOakSuccessResponse(ctx: Context, body: ApiSuccessResponseBodyZodSchemaType): void {\n  ctx.response.status = body.meta.status;\n  ctx.response.body = body;\n}\n\n/**\n * Set error response on context\n * @param ctx Oak context\n * @param errors Array of error objects\n */\nexport function returnOakErrorResponse(ctx: Context, body: ApiErrorResponseBodyZodSchemaType): void {\n  ctx.response.status = body.meta.status;\n  ctx.response.body = body;\n}\n","export class NotFoundError extends Error {\n  statusCode = 404;\n  constructor(message: string) {\n    super(message);\n    this.name = 'NotFoundError';\n  }\n}\n\nexport class BadRequestError extends Error {\n  statusCode = 400;\n  constructor(message: string) {\n    super(message);\n    this.name = 'BadRequestError';\n  }\n}\n\nexport class ForbiddenError extends Error {\n  statusCode = 403;\n  constructor(message: string) {\n    super(message);\n    this.name = 'ForbiddenError';\n  }\n}\n\nexport class InternalServerError extends Error {\n  statusCode = 500;\n  constructor(message: string) {\n    super(message);\n    this.name = 'InternalServerError';\n  }\n}\n","import type { Context, Middleware, Next } from '@oak/oak';\nimport { ZodError, type ZodType } from 'zod';\nimport { createApiErrorResponseBody, createApiSuccessResponseBody } from '../api/rest-api-response-zod.js';\nimport { returnOakErrorResponse } from './oak-response.js';\nimport { NotFoundError, ForbiddenError } from './errors.js';\n\nexport type GenericOakMiddlewareErrorHandler = ({\n  error,\n  ctx,\n  next,\n}: {\n  error: Error;\n  ctx: Context;\n  next: Next;\n}) => void;\n\nexport function withZodValidation<T extends ZodType>(schema: T): Middleware {\n  return async (ctx: Context, next: Next) => {\n    try {\n      // Get query parameters\n      const params = Object.fromEntries(ctx.request.url.searchParams.entries());\n\n      // Only try to parse body for non-GET requests\n      let body = {};\n      if (ctx.request.method !== 'GET') {\n        body = await ctx.request.body.json();\n      }\n\n      // Merge query parameters with the body and validate them\n      const validatedData = schema.parse({ ...params, ...body });\n\n      // Attach validated data to state for use in downstream handlers\n      ctx.state.validatedData = validatedData;\n\n      await next();\n    } catch (error) {\n      if (error instanceof ZodError) {\n        ctx.response.status = 400;\n        ctx.response.body = createApiErrorResponseBody({ status: 400 }, [\n          {\n            message: 'Validation error',\n            code: 'VALIDATION_ERROR',\n            details: error.issues.map((issue) => ({\n              message: issue.message,\n              code: issue.code,\n              path: issue.path.join('.'),\n            })),\n          },\n        ]);\n      } else {\n        throw error;\n      }\n    }\n  };\n}\n\nexport function withErrorHandler(): Middleware {\n  return async (ctx: Context, next: Next) => {\n    try {\n      await next();\n    } catch (error) {\n      // Determine appropriate status code based on error type\n      let statusCode = 500;\n      let errorCode = 'INTERNAL_SERVER_ERROR';\n      let message = 'Internal server error';\n\n      if (error instanceof Error) {\n        // Handle authentication errors\n        if (error.name === 'MissingAuthorizationTokenError') {\n          statusCode = 403;\n          errorCode = 'MISSING_AUTHORIZATION_TOKEN';\n          message = 'Missing authorization token';\n        } else if (error.name === 'InvalidTokenError' || error.name === 'TokenExpiredError') {\n          statusCode = 401;\n          errorCode = 'INVALID_TOKEN';\n          message = 'Invalid or expired token';\n        } else if (error.name === 'ForbiddenError' || error instanceof ForbiddenError) {\n          statusCode = 403;\n          errorCode = 'FORBIDDEN';\n          message = error.message || 'Access forbidden';\n        } else if (error.name === 'NotFoundError' || error instanceof NotFoundError) {\n          statusCode = 404;\n          errorCode = 'NOT_FOUND';\n          message = error.message || 'Resource not found';\n        } else if (error.name === 'ValidationError' || error instanceof ZodError) {\n          statusCode = 400;\n          errorCode = 'VALIDATION_ERROR';\n          message = error.message || 'Validation failed';\n        } else {\n          // Use the error message if available\n          message = error.message || 'Internal server error';\n          errorCode = (error.cause as string) || 'INTERNAL_SERVER_ERROR';\n        }\n      }\n\n      returnOakErrorResponse(ctx, {\n        meta: {\n          status: statusCode,\n        },\n        errors: [\n          {\n            code: errorCode,\n            message,\n          },\n        ],\n      });\n    }\n  };\n}\n\nexport function withResponseSchema(): Middleware {\n  return async (ctx: Context, next: Next) => {\n    await next();\n\n    // Only wrap successful responses\n    if (ctx.response.status < 400 && ctx.response.body) {\n      // Check if response is already in the correct format\n      const body = ctx.response.body;\n      if (body && typeof body === 'object' && 'data' in body && 'meta' in body) {\n        return; // Response is already wrapped, don't wrap it again\n      }\n\n      ctx.response.body = createApiSuccessResponseBody(\n        {\n          status: ctx.response.status,\n        },\n        ctx.response.body,\n      );\n    }\n  };\n}\n"],"names":["OAuth2Client","decodeGoogleIdToken","defaultDecodeGoogleIdToken","z","ZodError"],"mappings":";;;;;AAMA;;;;;AAKG;AACI,eAAe,mBAAmB,CAAC,cAAsB,EAAE,OAAe,EAAA;AAC/E,IAAA,MAAM,YAAY,GAAG,IAAIA,8BAAY,CAAC,cAAc,CAAC;AAErD,IAAA,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,aAAa,CAAC;AAC9C,QAAA,QAAQ,EAAE,cAAc;AACxB,QAAA,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE;AACxB,KAAA,CAAC;AACF,IAAA,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE;IAEnC,IAAI,CAAC,OAAO,EAAE;AACZ,QAAA,MAAM,IAAI,KAAK,CAAC,eAAe,EAAE;AAC/B,YAAA,KAAK,EAAE,yBAAyB;AACjC,SAAA,CAAC;;AAGJ,IAAA,OAAO,OAAmC;AAC5C;;ACrBA,MAAM,UAAU,GAAG,oDAAoD;AAEjE,SAAU,iBAAiB,CAAC,KAAa,EAAA;;AAE7C,IAAA,KAAK,GAAG,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE;IAElC,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;IACtC,IAAI,CAAC,OAAO,EAAE;QACZ,OAAO;AACL,YAAA,aAAa,EAAE,KAAK;AACpB,YAAA,QAAQ,EAAE,EAAE;AACZ,YAAA,MAAM,EAAE,EAAE;AACV,YAAA,OAAO,EAAE,KAAK;SACf;;AAGH,IAAA,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;IAE3C,OAAO;AACL,QAAA,aAAa,EAAE,KAAK;QACpB,QAAQ;QACR,MAAM;AACN,QAAA,OAAO,EAAE,IAAI;KACd;AACH;;ACtBM,MAAO,yBAA0B,SAAQ,KAAK,CAAA;AAClD,IAAA,WAAA,CACE,OAAe,EACC,IAAY,EACZ,OAAe,EAAA;QAE/B,KAAK,CAAC,OAAO,CAAC;AAHd,QAAA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,MAAA,EAAA;;;;mBAAgB;AAAY,SAAA,CAAA;AAC5B,QAAA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,SAAA,EAAA;;;;mBAAgB;AAAe,SAAA,CAAA;QAG/B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI;;IAGnC,MAAM,GAAA;QACJ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB;;AAEJ;AAEK,MAAO,8BAA+B,SAAQ,yBAAyB,CAAA;AAC3E,IAAA,WAAA,GAAA;AACE,QAAA,KAAK,CAAC,6BAA6B,EAAE,6BAA6B,EAAE,EAAE,CAAC;;AAE1E;AAEK,MAAO,oBAAqB,SAAQ,yBAAyB,CAAA;IACjE,WACE,CAAA,OAAe,EACC,cAAwC,EAAA;AAExD,QAAA,KAAK,CAAC,oCAAoC,EAAE,mBAAmB,EAAE,OAAO,CAAC;AAFzE,QAAA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,gBAAA,EAAA;;;;mBAAgB;AAAwC,SAAA,CAAA;;IAKjD,MAAM,GAAA;QACb,OAAO;YACL,GAAG,KAAK,CAAC,MAAM,EAAE;YACjB,cAAc,EAAE,IAAI,CAAC,cAAc;SACpC;;AAEJ;AAEK,MAAO,wBAAyB,SAAQ,yBAAyB,CAAA;AACrE,IAAA,WAAA,CACE,OAAe,EACC,cAAwC,EACxC,cAAiC,EAAA;AAEjD,QAAA,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE;AAChC,QAAA,KAAK,CACH,CAA0B,uBAAA,EAAA,MAAM,CAAsB,mBAAA,EAAA,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACjF,uBAAuB,EACvB,OAAO,CACR;AARD,QAAA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,gBAAA,EAAA;;;;mBAAgB;AAAwC,SAAA,CAAA;AACxD,QAAA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,gBAAA,EAAA;;;;mBAAgB;AAAiC,SAAA,CAAA;;IAU1C,MAAM,GAAA;QACb,OAAO;YACL,GAAG,KAAK,CAAC,MAAM,EAAE;AACjB,YAAA,MAAM,EAAE,IAAI,CAAC,cAAc,CAAC,EAAE;YAC9B,cAAc,EAAE,IAAI,CAAC,cAAc;SACpC;;AAEJ;AAEK,MAAO,uBAAwB,SAAQ,yBAAyB,CAAA;AACpE,IAAA,WAAA,CACE,OAAe,EACC,cAAwC,EACxC,aAAuB,EAAA;AAEvC,QAAA,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK;AAClC,QAAA,KAAK,CACH,CAAyB,sBAAA,EAAA,KAAK,CAAqB,kBAAA,EAAA,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAC7E,sBAAsB,EACtB,OAAO,CACR;AARD,QAAA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,gBAAA,EAAA;;;;mBAAgB;AAAwC,SAAA,CAAA;AACxD,QAAA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,eAAA,EAAA;;;;mBAAgB;AAAuB,SAAA,CAAA;;IAUhC,MAAM,GAAA;QACb,OAAO;YACL,GAAG,KAAK,CAAC,MAAM,EAAE;AACjB,YAAA,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,KAAK;YAChC,cAAc,EAAE,IAAI,CAAC,cAAc;SACpC;;AAEJ;AAuCD;;;;;;;;AAQG;AACG,SAAU,yBAAyB,CAAkB,OAAyC,EAAA;AAClG,IAAA,MAAM,EAAE,cAAc,uBAAEC,qBAAmB,EAAE,GAAG,OAAO;IAEvD,MAAM,cAAc,GAAG,oBAAoB,CAAC;QAC1C,cAAc,EAAE,OAAO,CAAC,cAAc;AACvC,KAAA,CAAC;IACF,MAAM,aAAa,GAAG,mBAAmB,CAAC;QACxC,aAAa,EAAE,OAAO,CAAC,aAAa;AACrC,KAAA,CAAC;AAEF,IAAA,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE;AACzD,QAAA,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC;;IAGnF,MAAM,cAAc,GAA8B,OAAO,GAAG,EAAE,IAAI,KAAI;AACpE,QAAA,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3D,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;AACpD,YAAA,MAAM,KAAK,GAAG,IAAI,8BAA8B,EAAE;YAClD,OAAO,OAAO,CAAC,YAAY,CAAC;gBAC1B,GAAG;gBACH,IAAI;gBACJ,KAAK;AACN,aAAA,CAAC;;QAGJ,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACxC,QAAA,MAAM,cAAc,GAAG,MAAM,CAACA,qBAAmB,IAAIC,mBAA0B,EAAE,cAAc,EAAE,OAAO,CAAC;AAEzG,QAAA,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE;YACzB,OAAO,OAAO,CAAC,YAAY,CAAC;gBAC1B,GAAG;gBACH,IAAI;AACJ,gBAAA,KAAK,EAAE,IAAI,oBAAoB,CAAC,OAAO,EAAE,cAAc,CAAC;AACzD,aAAA,CAAC;;QAGJ,MAAM,eAAe,GAAG,iBAAiB,CAAC,cAAc,CAAC,KAAK,CAAC;AAE/D,QAAA,MAAM,eAAe,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,QAAQ,CAAC,eAAe,CAAC,MAAM,CAAC;AACpG,QAAA,MAAM,cAAc,GAAG,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,eAAe,CAAC,aAAa,CAAC;;AAGxG,QAAA,MAAM,qBAAqB,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC;QACnF,IAAI,qBAAqB,IAAI,CAAC,eAAe,IAAI,CAAC,cAAc,EAAE;;YAEhE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE;gBACjD,OAAO,OAAO,CAAC,YAAY,CAAC;oBAC1B,GAAG;oBACH,IAAI;oBACJ,KAAK,EAAE,IAAI,wBAAwB,CAAC,OAAO,EAAE,cAAc,EAAE,cAAc,CAAC;AAC7E,iBAAA,CAAC;;;YAGJ,OAAO,OAAO,CAAC,YAAY,CAAC;gBAC1B,GAAG;gBACH,IAAI;gBACJ,KAAK,EAAE,IAAI,uBAAuB,CAAC,OAAO,EAAE,cAAc,EAAE,aAAa,CAAC;AAC3E,aAAA,CAAC;;;;QAKJ,GAAG,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,IAAI,EAAE;QAC3B,GAAG,CAAC,KAAK,CAAC,IAAI,GAAG,cAAc,CAAC;QAChC,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,cAAc,CAAC;;QAGtC,MAAM,IAAI,EAAE;AACd,KAAC;AAED,IAAA,OAAO,cAAc;AACvB;AAEA;;;;;AAKG;AACH,SAAS,oBAAoB,CAAC,MAAqC,EAAA;AACjE,IAAA,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU;AACvC,IAAA,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,EAAE;AAElD,IAAA,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE;AAC7B,QAAA,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE;YACnC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;;;AAI3C,IAAA,OAAO,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC;AAClC;AAEA,SAAS,mBAAmB,CAAC,MAAoC,EAAA;AAC/D,IAAA,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU;AAChC,IAAA,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,EAAE;AAEhD,IAAA,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;AAC5B,QAAA,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE;AACjC,YAAA,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC;AAC5C,YAAA,IAAI,WAAW,CAAC,OAAO,EAAE;gBACvB,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC;;;;AAKzD,IAAA,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;AAC3B;;ACvPA;AACO,MAAM,qBAAqB,GAAGC,KAAC,CAAC,MAAM,CAAC;AAC5C,IAAA,OAAO,EAAEA,KAAC,CAAC,MAAM,EAAE;AACnB,IAAA,IAAI,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC3B,IAAA,KAAK,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC5B,IAAA,IAAI,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC5B,CAAA,CAAC;AAEF,MAAM,eAAe,GAAGA,KAAC,CAAC,MAAM,CAAC;AAC/B,IAAA,OAAO,EAAEA,KAAC,CAAC,MAAM,EAAE;AACnB,IAAA,IAAI,EAAEA,KAAC,CAAC,MAAM,EAAE;IAChB,OAAO,EAAEA,KAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,QAAQ,EAAE;AACnD,CAAA,CAAC;AAEK,MAAM,6BAA6B,GAAGA,KAAC,CAAC,MAAM,CAAC;AACpD,IAAA,IAAI,EAAEA,KAAC,CAAC,MAAM,CAAC;AACb,QAAA,MAAM,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;KACrC,CAAC;AACF,IAAA,MAAM,EAAEA,KAAC,CAAC,KAAK,CAAC,eAAe,CAAC;AACjC,CAAA,CAAC;AAEF;;;;;;;;AAQG;AACI,MAAM,+BAA+B,GAAGA,KAAC,CAAC,MAAM,CAAC;AACtD,IAAA,IAAI,EAAEA,KAAC,CAAC,OAAO,EAAE;AACjB,IAAA,IAAI,EAAEA,KAAC,CAAC,MAAM,CAAC;AACb,QAAA,MAAM,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;AACpC,QAAA,KAAK,EAAEA;AACJ,aAAA,MAAM,CAAC;AACN,YAAA,GAAG,EAAEA,KAAC,CAAC,OAAO,EAAE;AAChB,YAAA,MAAM,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC7B,YAAA,GAAG,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC1B,YAAA,QAAQ,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SAChC;AACA,aAAA,QAAQ,EAAE;KACd,CAAC;AACH,CAAA,CAAC;AAYoCA,KAAC,CAAC,MAAM,CAAC;IAC7C,KAAK,EAAEA,KAAC,CAAC,KAAK,CAACA,KAAC,CAAC,OAAO,EAAE,CAAC;AAC3B,IAAA,UAAU,EAAEA,KAAC,CAAC,MAAM,EAAE;IACtB,KAAK,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAClC,IAAI,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;AACvC,IAAA,WAAW,EAAEA,KAAC,CAAC,OAAO,EAAE;AACxB,IAAA,WAAW,EAAEA,KAAC,CAAC,OAAO,EAAE;IACxB,aAAa,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAC1C,QAAQ,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACrC,QAAQ,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;AACtC,CAAA;AAuBD;;;;;AAKG;AACa,SAAA,4BAA4B,CAAI,IAAiD,EAAE,IAAO,EAAA;IACxG,OAAO,+BAA+B,CAAC,KAAK,CAAC;QAC3C,IAAI;QACJ,IAAI;AACL,KAAA,CAA2C;AAC9C;AAEA;;AAEG;AACa,SAAA,0BAA0B,CACxC,IAA+C,EAC/C,MAAmD,EAAA;AAEnD,IAAA,MAAM,QAAQ,GAAsC;QAClD,IAAI;QACJ,MAAM;KACP;AAED,IAAA,OAAO,6BAA6B,CAAC,KAAK,CAAC,QAAQ,CAAC;AACtD;;AC/GA;;;;AAIG;AACa,SAAA,wBAAwB,CAAC,GAAY,EAAE,IAAyC,EAAA;IAC9F,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM;AACtC,IAAA,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,IAAI;AAC1B;AAEA;;;;AAIG;AACa,SAAA,sBAAsB,CAAC,GAAY,EAAE,IAAuC,EAAA;IAC1F,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM;AACtC,IAAA,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,IAAI;AAC1B;;ACxBM,MAAO,aAAc,SAAQ,KAAK,CAAA;AAEtC,IAAA,WAAA,CAAY,OAAe,EAAA;QACzB,KAAK,CAAC,OAAO,CAAC;AAFhB,QAAA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,YAAA,EAAA;;;;mBAAa;AAAI,SAAA,CAAA;AAGf,QAAA,IAAI,CAAC,IAAI,GAAG,eAAe;;AAE9B;AAEK,MAAO,eAAgB,SAAQ,KAAK,CAAA;AAExC,IAAA,WAAA,CAAY,OAAe,EAAA;QACzB,KAAK,CAAC,OAAO,CAAC;AAFhB,QAAA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,YAAA,EAAA;;;;mBAAa;AAAI,SAAA,CAAA;AAGf,QAAA,IAAI,CAAC,IAAI,GAAG,iBAAiB;;AAEhC;AAEK,MAAO,cAAe,SAAQ,KAAK,CAAA;AAEvC,IAAA,WAAA,CAAY,OAAe,EAAA;QACzB,KAAK,CAAC,OAAO,CAAC;AAFhB,QAAA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,YAAA,EAAA;;;;mBAAa;AAAI,SAAA,CAAA;AAGf,QAAA,IAAI,CAAC,IAAI,GAAG,gBAAgB;;AAE/B;AAEK,MAAO,mBAAoB,SAAQ,KAAK,CAAA;AAE5C,IAAA,WAAA,CAAY,OAAe,EAAA;QACzB,KAAK,CAAC,OAAO,CAAC;AAFhB,QAAA,MAAA,CAAA,cAAA,CAAA,IAAA,EAAA,YAAA,EAAA;;;;mBAAa;AAAI,SAAA,CAAA;AAGf,QAAA,IAAI,CAAC,IAAI,GAAG,qBAAqB;;AAEpC;;ACdK,SAAU,iBAAiB,CAAoB,MAAS,EAAA;AAC5D,IAAA,OAAO,OAAO,GAAY,EAAE,IAAU,KAAI;AACxC,QAAA,IAAI;;AAEF,YAAA,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;;YAGzE,IAAI,IAAI,GAAG,EAAE;YACb,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;gBAChC,IAAI,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE;;;AAItC,YAAA,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,MAAM,EAAE,GAAG,IAAI,EAAE,CAAC;;AAG1D,YAAA,GAAG,CAAC,KAAK,CAAC,aAAa,GAAG,aAAa;YAEvC,MAAM,IAAI,EAAE;;QACZ,OAAO,KAAK,EAAE;AACd,YAAA,IAAI,KAAK,YAAYC,YAAQ,EAAE;AAC7B,gBAAA,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,GAAG;AACzB,gBAAA,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,0BAA0B,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;AAC9D,oBAAA;AACE,wBAAA,OAAO,EAAE,kBAAkB;AAC3B,wBAAA,IAAI,EAAE,kBAAkB;AACxB,wBAAA,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,MAAM;4BACpC,OAAO,EAAE,KAAK,CAAC,OAAO;4BACtB,IAAI,EAAE,KAAK,CAAC,IAAI;4BAChB,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;AAC3B,yBAAA,CAAC,CAAC;AACJ,qBAAA;AACF,iBAAA,CAAC;;iBACG;AACL,gBAAA,MAAM,KAAK;;;AAGjB,KAAC;AACH;SAEgB,gBAAgB,GAAA;AAC9B,IAAA,OAAO,OAAO,GAAY,EAAE,IAAU,KAAI;AACxC,QAAA,IAAI;YACF,MAAM,IAAI,EAAE;;QACZ,OAAO,KAAK,EAAE;;YAEd,IAAI,UAAU,GAAG,GAAG;YACpB,IAAI,SAAS,GAAG,uBAAuB;YACvC,IAAI,OAAO,GAAG,uBAAuB;AAErC,YAAA,IAAI,KAAK,YAAY,KAAK,EAAE;;AAE1B,gBAAA,IAAI,KAAK,CAAC,IAAI,KAAK,gCAAgC,EAAE;oBACnD,UAAU,GAAG,GAAG;oBAChB,SAAS,GAAG,6BAA6B;oBACzC,OAAO,GAAG,6BAA6B;;AAClC,qBAAA,IAAI,KAAK,CAAC,IAAI,KAAK,mBAAmB,IAAI,KAAK,CAAC,IAAI,KAAK,mBAAmB,EAAE;oBACnF,UAAU,GAAG,GAAG;oBAChB,SAAS,GAAG,eAAe;oBAC3B,OAAO,GAAG,0BAA0B;;qBAC/B,IAAI,KAAK,CAAC,IAAI,KAAK,gBAAgB,IAAI,KAAK,YAAY,cAAc,EAAE;oBAC7E,UAAU,GAAG,GAAG;oBAChB,SAAS,GAAG,WAAW;AACvB,oBAAA,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,kBAAkB;;qBACxC,IAAI,KAAK,CAAC,IAAI,KAAK,eAAe,IAAI,KAAK,YAAY,aAAa,EAAE;oBAC3E,UAAU,GAAG,GAAG;oBAChB,SAAS,GAAG,WAAW;AACvB,oBAAA,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,oBAAoB;;qBAC1C,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,IAAI,KAAK,YAAYA,YAAQ,EAAE;oBACxE,UAAU,GAAG,GAAG;oBAChB,SAAS,GAAG,kBAAkB;AAC9B,oBAAA,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,mBAAmB;;qBACzC;;AAEL,oBAAA,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,uBAAuB;AAClD,oBAAA,SAAS,GAAI,KAAK,CAAC,KAAgB,IAAI,uBAAuB;;;YAIlE,sBAAsB,CAAC,GAAG,EAAE;AAC1B,gBAAA,IAAI,EAAE;AACJ,oBAAA,MAAM,EAAE,UAAU;AACnB,iBAAA;AACD,gBAAA,MAAM,EAAE;AACN,oBAAA;AACE,wBAAA,IAAI,EAAE,SAAS;wBACf,OAAO;AACR,qBAAA;AACF,iBAAA;AACF,aAAA,CAAC;;AAEN,KAAC;AACH;SAEgB,kBAAkB,GAAA;AAChC,IAAA,OAAO,OAAO,GAAY,EAAE,IAAU,KAAI;QACxC,MAAM,IAAI,EAAE;;AAGZ,QAAA,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE;;AAElD,YAAA,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,IAAI;AAC9B,YAAA,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,MAAM,IAAI,IAAI,IAAI,MAAM,IAAI,IAAI,EAAE;AACxE,gBAAA,OAAO;;AAGT,YAAA,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,4BAA4B,CAC9C;AACE,gBAAA,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM;AAC5B,aAAA,EACD,GAAG,CAAC,QAAQ,CAAC,IAAI,CAClB;;AAEL,KAAC;AACH;;;;;;;;;;;;;;;;;;"}