{"version":3,"file":"ResponseHandler.js","sources":["../../src/response/ResponseHandler.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ServerAuthorizationTokenResponse } from \"./ServerAuthorizationTokenResponse\";\nimport { buildClientInfo} from \"../account/ClientInfo\";\nimport { ICrypto } from \"../crypto/ICrypto\";\nimport { ClientAuthError } from \"../error/ClientAuthError\";\nimport { StringUtils } from \"../utils/StringUtils\";\nimport { ServerAuthorizationCodeResponse } from \"./ServerAuthorizationCodeResponse\";\nimport { Logger } from \"../logger/Logger\";\nimport { ServerError } from \"../error/ServerError\";\nimport { AuthToken } from \"../account/AuthToken\";\nimport { ScopeSet } from \"../request/ScopeSet\";\nimport { AuthenticationResult } from \"./AuthenticationResult\";\nimport { AccountEntity } from \"../cache/entities/AccountEntity\";\nimport { Authority } from \"../authority/Authority\";\nimport { AuthorityType } from \"../authority/AuthorityType\";\nimport { IdTokenEntity } from \"../cache/entities/IdTokenEntity\";\nimport { AccessTokenEntity } from \"../cache/entities/AccessTokenEntity\";\nimport { RefreshTokenEntity } from \"../cache/entities/RefreshTokenEntity\";\nimport { InteractionRequiredAuthError } from \"../error/InteractionRequiredAuthError\";\nimport { CacheRecord } from \"../cache/entities/CacheRecord\";\nimport { CacheManager } from \"../cache/CacheManager\";\nimport { ProtocolUtils, RequestStateObject } from \"../utils/ProtocolUtils\";\nimport { AuthenticationScheme, Constants, THE_FAMILY_ID } from \"../utils/Constants\";\nimport { PopTokenGenerator } from \"../crypto/PopTokenGenerator\";\nimport { AppMetadataEntity } from \"../cache/entities/AppMetadataEntity\";\nimport { ICachePlugin } from \"../cache/interface/ICachePlugin\";\nimport { TokenCacheContext } from \"../cache/persistence/TokenCacheContext\";\nimport { ISerializableTokenCache } from \"../cache/interface/ISerializableTokenCache\";\nimport { AuthorizationCodePayload } from \"./AuthorizationCodePayload\";\nimport { BaseAuthRequest } from \"../request/BaseAuthRequest\";\n\n/**\n * Class that handles response parsing.\n */\nexport class ResponseHandler {\n private clientId: string;\n private cacheStorage: CacheManager;\n private cryptoObj: ICrypto;\n private logger: Logger;\n private homeAccountIdentifier: string;\n private serializableCache: ISerializableTokenCache | null;\n private persistencePlugin: ICachePlugin | null;\n\n constructor(clientId: string, cacheStorage: CacheManager, cryptoObj: ICrypto, logger: Logger, serializableCache: ISerializableTokenCache | null, persistencePlugin: ICachePlugin | null) {\n this.clientId = clientId;\n this.cacheStorage = cacheStorage;\n this.cryptoObj = cryptoObj;\n this.logger = logger;\n this.serializableCache = serializableCache;\n this.persistencePlugin = persistencePlugin;\n }\n\n /**\n * Function which validates server authorization code response.\n * @param serverResponseHash\n * @param cachedState\n * @param cryptoObj\n */\n validateServerAuthorizationCodeResponse(serverResponseHash: ServerAuthorizationCodeResponse, cachedState: string, cryptoObj: ICrypto): void {\n\n if (!serverResponseHash.state || !cachedState) {\n throw !serverResponseHash.state ? ClientAuthError.createStateNotFoundError(\"Server State\") : ClientAuthError.createStateNotFoundError(\"Cached State\");\n }\n\n if (decodeURIComponent(serverResponseHash.state) !== decodeURIComponent(cachedState)) {\n throw ClientAuthError.createStateMismatchError();\n }\n\n // Check for error\n if (serverResponseHash.error || serverResponseHash.error_description || serverResponseHash.suberror) {\n if (InteractionRequiredAuthError.isInteractionRequiredError(serverResponseHash.error, serverResponseHash.error_description, serverResponseHash.suberror)) {\n throw new InteractionRequiredAuthError(serverResponseHash.error || Constants.EMPTY_STRING, serverResponseHash.error_description, serverResponseHash.suberror);\n }\n\n throw new ServerError(serverResponseHash.error || Constants.EMPTY_STRING, serverResponseHash.error_description, serverResponseHash.suberror);\n }\n\n if (serverResponseHash.client_info) {\n buildClientInfo(serverResponseHash.client_info, cryptoObj);\n }\n }\n\n /**\n * Function which validates server authorization token response.\n * @param serverResponse\n */\n validateTokenResponse(serverResponse: ServerAuthorizationTokenResponse): void {\n // Check for error\n if (serverResponse.error || serverResponse.error_description || serverResponse.suberror) {\n if (InteractionRequiredAuthError.isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) {\n throw new InteractionRequiredAuthError(serverResponse.error, serverResponse.error_description, serverResponse.suberror);\n }\n\n const errString = `${serverResponse.error_codes} - [${serverResponse.timestamp}]: ${serverResponse.error_description} - Correlation ID: ${serverResponse.correlation_id} - Trace ID: ${serverResponse.trace_id}`;\n throw new ServerError(serverResponse.error, errString, serverResponse.suberror);\n }\n }\n\n /**\n * Returns a constructed token response based on given string. Also manages the cache updates and cleanups.\n * @param serverTokenResponse\n * @param authority\n */\n async handleServerTokenResponse(\n serverTokenResponse: ServerAuthorizationTokenResponse,\n authority: Authority,\n reqTimestamp: number,\n request: BaseAuthRequest,\n authCodePayload?: AuthorizationCodePayload,\n userAssertionHash?: string,\n handlingRefreshTokenResponse?: boolean,\n forceCacheRefreshTokenResponse?: boolean,\n serverRequestId?: string): Promise {\n\n // create an idToken object (not entity)\n let idTokenObj: AuthToken | undefined;\n if (serverTokenResponse.id_token) {\n idTokenObj = new AuthToken(serverTokenResponse.id_token || Constants.EMPTY_STRING, this.cryptoObj);\n\n // token nonce check (TODO: Add a warning if no nonce is given?)\n if (authCodePayload && !StringUtils.isEmpty(authCodePayload.nonce)) {\n if (idTokenObj.claims.nonce !== authCodePayload.nonce) {\n throw ClientAuthError.createNonceMismatchError();\n }\n }\n\n // token max_age check\n if (request.maxAge || (request.maxAge === 0)) {\n const authTime = idTokenObj.claims.auth_time;\n if (!authTime) {\n throw ClientAuthError.createAuthTimeNotFoundError();\n }\n\n AuthToken.checkMaxAge(authTime, request.maxAge);\n }\n }\n\n // generate homeAccountId\n this.homeAccountIdentifier = AccountEntity.generateHomeAccountId(serverTokenResponse.client_info || Constants.EMPTY_STRING, authority.authorityType, this.logger, this.cryptoObj, idTokenObj);\n\n // save the response tokens\n let requestStateObj: RequestStateObject | undefined;\n if (!!authCodePayload && !!authCodePayload.state) {\n requestStateObj = ProtocolUtils.parseRequestState(this.cryptoObj, authCodePayload.state);\n }\n\n // Add keyId from request to serverTokenResponse if defined\n serverTokenResponse.key_id = serverTokenResponse.key_id || request.sshKid || undefined;\n\n const cacheRecord = this.generateCacheRecord(serverTokenResponse, authority, reqTimestamp, request, idTokenObj, userAssertionHash, authCodePayload);\n let cacheContext;\n try {\n if (this.persistencePlugin && this.serializableCache) {\n this.logger.verbose(\"Persistence enabled, calling beforeCacheAccess\");\n cacheContext = new TokenCacheContext(this.serializableCache, true);\n await this.persistencePlugin.beforeCacheAccess(cacheContext);\n }\n /*\n * When saving a refreshed tokens to the cache, it is expected that the account that was used is present in the cache.\n * If not present, we should return null, as it's the case that another application called removeAccount in between\n * the calls to getAllAccounts and acquireTokenSilent. We should not overwrite that removal, unless explicitly flagged by\n * the developer, as in the case of refresh token flow used in ADAL Node to MSAL Node migration.\n */\n if (handlingRefreshTokenResponse && !forceCacheRefreshTokenResponse && cacheRecord.account) {\n const key = cacheRecord.account.generateAccountKey();\n const account = this.cacheStorage.getAccount(key);\n if (!account) {\n this.logger.warning(\"Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache\");\n return ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenObj, requestStateObj, undefined, serverRequestId);\n }\n }\n await this.cacheStorage.saveCacheRecord(cacheRecord);\n } finally {\n if (this.persistencePlugin && this.serializableCache && cacheContext) {\n this.logger.verbose(\"Persistence enabled, calling afterCacheAccess\");\n await this.persistencePlugin.afterCacheAccess(cacheContext);\n }\n }\n return ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenObj, requestStateObj, serverTokenResponse.spa_code, serverRequestId);\n }\n\n /**\n * Generates CacheRecord\n * @param serverTokenResponse\n * @param idTokenObj\n * @param authority\n */\n private generateCacheRecord(serverTokenResponse: ServerAuthorizationTokenResponse, authority: Authority, reqTimestamp: number, request: BaseAuthRequest, idTokenObj?: AuthToken, userAssertionHash?: string, authCodePayload?: AuthorizationCodePayload): CacheRecord {\n const env = authority.getPreferredCache();\n if (StringUtils.isEmpty(env)) {\n throw ClientAuthError.createInvalidCacheEnvironmentError();\n }\n\n // IdToken: non AAD scenarios can have empty realm\n let cachedIdToken: IdTokenEntity | undefined;\n let cachedAccount: AccountEntity | undefined;\n if (!StringUtils.isEmpty(serverTokenResponse.id_token) && !!idTokenObj) {\n cachedIdToken = IdTokenEntity.createIdTokenEntity(\n this.homeAccountIdentifier,\n env,\n serverTokenResponse.id_token || Constants.EMPTY_STRING,\n this.clientId,\n idTokenObj.claims.tid || Constants.EMPTY_STRING,\n );\n\n cachedAccount = this.generateAccountEntity(\n serverTokenResponse,\n idTokenObj,\n authority,\n authCodePayload\n );\n }\n\n // AccessToken\n let cachedAccessToken: AccessTokenEntity | null = null;\n if (!StringUtils.isEmpty(serverTokenResponse.access_token)) {\n\n // If scopes not returned in server response, use request scopes\n const responseScopes = serverTokenResponse.scope ? ScopeSet.fromString(serverTokenResponse.scope) : new ScopeSet(request.scopes || []);\n\n /*\n * Use timestamp calculated before request\n * Server may return timestamps as strings, parse to numbers if so.\n */\n const expiresIn: number = (typeof serverTokenResponse.expires_in === \"string\" ? parseInt(serverTokenResponse.expires_in, 10) : serverTokenResponse.expires_in) || 0;\n const extExpiresIn: number = (typeof serverTokenResponse.ext_expires_in === \"string\" ? parseInt(serverTokenResponse.ext_expires_in, 10) : serverTokenResponse.ext_expires_in) || 0;\n const refreshIn: number | undefined = (typeof serverTokenResponse.refresh_in === \"string\" ? parseInt(serverTokenResponse.refresh_in, 10) : serverTokenResponse.refresh_in) || undefined;\n const tokenExpirationSeconds = reqTimestamp + expiresIn;\n const extendedTokenExpirationSeconds = tokenExpirationSeconds + extExpiresIn;\n const refreshOnSeconds = refreshIn && refreshIn > 0 ? reqTimestamp + refreshIn : undefined;\n\n // non AAD scenarios can have empty realm\n cachedAccessToken = AccessTokenEntity.createAccessTokenEntity(\n this.homeAccountIdentifier,\n env,\n serverTokenResponse.access_token || Constants.EMPTY_STRING,\n this.clientId,\n idTokenObj ? idTokenObj.claims.tid || Constants.EMPTY_STRING : authority.tenant,\n responseScopes.printScopes(),\n tokenExpirationSeconds,\n extendedTokenExpirationSeconds,\n this.cryptoObj,\n refreshOnSeconds,\n serverTokenResponse.token_type,\n userAssertionHash,\n serverTokenResponse.key_id,\n request.claims,\n request.requestedClaimsHash\n );\n }\n\n // refreshToken\n let cachedRefreshToken: RefreshTokenEntity | null = null;\n if (!StringUtils.isEmpty(serverTokenResponse.refresh_token)) {\n cachedRefreshToken = RefreshTokenEntity.createRefreshTokenEntity(\n this.homeAccountIdentifier,\n env,\n serverTokenResponse.refresh_token || Constants.EMPTY_STRING,\n this.clientId,\n serverTokenResponse.foci,\n userAssertionHash\n );\n }\n\n // appMetadata\n let cachedAppMetadata: AppMetadataEntity | null = null;\n if (!StringUtils.isEmpty(serverTokenResponse.foci)) {\n cachedAppMetadata = AppMetadataEntity.createAppMetadataEntity(this.clientId, env, serverTokenResponse.foci);\n }\n\n return new CacheRecord(cachedAccount, cachedIdToken, cachedAccessToken, cachedRefreshToken, cachedAppMetadata);\n }\n\n /**\n * Generate Account\n * @param serverTokenResponse\n * @param idToken\n * @param authority\n */\n private generateAccountEntity(serverTokenResponse: ServerAuthorizationTokenResponse, idToken: AuthToken, authority: Authority, authCodePayload?: AuthorizationCodePayload): AccountEntity {\n const authorityType = authority.authorityType;\n const cloudGraphHostName = authCodePayload ? authCodePayload.cloud_graph_host_name : Constants.EMPTY_STRING;\n const msGraphhost = authCodePayload ? authCodePayload.msgraph_host : Constants.EMPTY_STRING;\n\n // ADFS does not require client_info in the response\n if (authorityType === AuthorityType.Adfs) {\n this.logger.verbose(\"Authority type is ADFS, creating ADFS account\");\n return AccountEntity.createGenericAccount(this.homeAccountIdentifier, idToken, authority, cloudGraphHostName, msGraphhost);\n }\n\n // This fallback applies to B2C as well as they fall under an AAD account type.\n if (StringUtils.isEmpty(serverTokenResponse.client_info) && authority.protocolMode === \"AAD\") {\n throw ClientAuthError.createClientInfoEmptyError();\n }\n\n return serverTokenResponse.client_info ?\n AccountEntity.createAccount(serverTokenResponse.client_info, this.homeAccountIdentifier, idToken, authority, cloudGraphHostName, msGraphhost) :\n AccountEntity.createGenericAccount(this.homeAccountIdentifier, idToken, authority, cloudGraphHostName, msGraphhost);\n }\n\n /**\n * Creates an @AuthenticationResult from @CacheRecord , @IdToken , and a boolean that states whether or not the result is from cache.\n *\n * Optionally takes a state string that is set as-is in the response.\n *\n * @param cacheRecord\n * @param idTokenObj\n * @param fromTokenCache\n * @param stateString\n */\n static async generateAuthenticationResult(\n cryptoObj: ICrypto,\n authority: Authority,\n cacheRecord: CacheRecord,\n fromTokenCache: boolean,\n request: BaseAuthRequest,\n idTokenObj?: AuthToken,\n requestState?: RequestStateObject,\n code?: string,\n requestId?: string\n ): Promise {\n let accessToken: string = Constants.EMPTY_STRING;\n let responseScopes: Array = [];\n let expiresOn: Date | null = null;\n let extExpiresOn: Date | undefined;\n let familyId: string = Constants.EMPTY_STRING;\n\n if (cacheRecord.accessToken) {\n if (cacheRecord.accessToken.tokenType === AuthenticationScheme.POP) {\n const popTokenGenerator: PopTokenGenerator = new PopTokenGenerator(cryptoObj);\n const { secret, keyId } = cacheRecord.accessToken;\n\n if (!keyId) {\n throw ClientAuthError.createKeyIdMissingError();\n }\n\n accessToken = await popTokenGenerator.signPopToken(secret, keyId, request);\n } else {\n accessToken = cacheRecord.accessToken.secret;\n }\n responseScopes = ScopeSet.fromString(cacheRecord.accessToken.target).asArray();\n expiresOn = new Date(Number(cacheRecord.accessToken.expiresOn) * 1000);\n extExpiresOn = new Date(Number(cacheRecord.accessToken.extendedExpiresOn) * 1000);\n }\n\n if (cacheRecord.appMetadata) {\n familyId = cacheRecord.appMetadata.familyId === THE_FAMILY_ID ? THE_FAMILY_ID : Constants.EMPTY_STRING;\n }\n const uid = idTokenObj?.claims.oid || idTokenObj?.claims.sub || Constants.EMPTY_STRING;\n const tid = idTokenObj?.claims.tid || Constants.EMPTY_STRING;\n\n return {\n authority: authority.canonicalAuthority,\n uniqueId: uid,\n tenantId: tid,\n scopes: responseScopes,\n account: cacheRecord.account ? cacheRecord.account.getAccountInfo() : null,\n idToken: idTokenObj ? idTokenObj.rawToken : Constants.EMPTY_STRING,\n idTokenClaims: idTokenObj ? idTokenObj.claims : {},\n accessToken: accessToken,\n fromCache: fromTokenCache,\n expiresOn: expiresOn,\n correlationId: request.correlationId,\n requestId: requestId || Constants.EMPTY_STRING,\n extExpiresOn: extExpiresOn,\n familyId: familyId,\n tokenType: cacheRecord.accessToken?.tokenType || Constants.EMPTY_STRING,\n state: requestState ? requestState.userRequestState : Constants.EMPTY_STRING,\n cloudGraphHostName: cacheRecord.account?.cloudGraphHostName || Constants.EMPTY_STRING,\n msGraphHost: cacheRecord.account?.msGraphHost || Constants.EMPTY_STRING,\n code,\n fromNativeBroker: false\n };\n }\n}\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA;;;AAGG;AAgCH;;AAEG;AACH,IAAA,eAAA,kBAAA,YAAA;IASI,SAAY,eAAA,CAAA,QAAgB,EAAE,YAA0B,EAAE,SAAkB,EAAE,MAAc,EAAE,iBAAiD,EAAE,iBAAsC,EAAA;AACnL,QAAA,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;AACzB,QAAA,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;AACjC,QAAA,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;AAC3B,QAAA,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;AACrB,QAAA,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;AAC3C,QAAA,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;KAC9C;AAED;;;;;AAKG;AACH,IAAA,eAAA,CAAA,SAAA,CAAA,uCAAuC,GAAvC,UAAwC,kBAAmD,EAAE,WAAmB,EAAE,SAAkB,EAAA;AAEhI,QAAA,IAAI,CAAC,kBAAkB,CAAC,KAAK,IAAI,CAAC,WAAW,EAAE;YAC3C,MAAM,CAAC,kBAAkB,CAAC,KAAK,GAAG,eAAe,CAAC,wBAAwB,CAAC,cAAc,CAAC,GAAG,eAAe,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;AACzJ,SAAA;QAED,IAAI,kBAAkB,CAAC,kBAAkB,CAAC,KAAK,CAAC,KAAK,kBAAkB,CAAC,WAAW,CAAC,EAAE;AAClF,YAAA,MAAM,eAAe,CAAC,wBAAwB,EAAE,CAAC;AACpD,SAAA;;QAGD,IAAI,kBAAkB,CAAC,KAAK,IAAI,kBAAkB,CAAC,iBAAiB,IAAI,kBAAkB,CAAC,QAAQ,EAAE;AACjG,YAAA,IAAI,4BAA4B,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,KAAK,EAAE,kBAAkB,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,QAAQ,CAAC,EAAE;AACtJ,gBAAA,MAAM,IAAI,4BAA4B,CAAC,kBAAkB,CAAC,KAAK,IAAI,SAAS,CAAC,YAAY,EAAE,kBAAkB,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;AACjK,aAAA;AAED,YAAA,MAAM,IAAI,WAAW,CAAC,kBAAkB,CAAC,KAAK,IAAI,SAAS,CAAC,YAAY,EAAE,kBAAkB,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;AAChJ,SAAA;QAED,IAAI,kBAAkB,CAAC,WAAW,EAAE;AAChC,YAAA,eAAe,CAAC,kBAAkB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;AAC9D,SAAA;KACJ,CAAA;AAED;;;AAGG;IACH,eAAqB,CAAA,SAAA,CAAA,qBAAA,GAArB,UAAsB,cAAgD,EAAA;;QAElE,IAAI,cAAc,CAAC,KAAK,IAAI,cAAc,CAAC,iBAAiB,IAAI,cAAc,CAAC,QAAQ,EAAE;AACrF,YAAA,IAAI,4BAA4B,CAAC,0BAA0B,CAAC,cAAc,CAAC,KAAK,EAAE,cAAc,CAAC,iBAAiB,EAAE,cAAc,CAAC,QAAQ,CAAC,EAAE;AAC1I,gBAAA,MAAM,IAAI,4BAA4B,CAAC,cAAc,CAAC,KAAK,EAAE,cAAc,CAAC,iBAAiB,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC;AAC3H,aAAA;YAED,IAAM,SAAS,GAAM,cAAc,CAAC,WAAW,GAAO,MAAA,GAAA,cAAc,CAAC,SAAS,GAAA,KAAA,GAAM,cAAc,CAAC,iBAAiB,2BAAsB,cAAc,CAAC,cAAc,GAAgB,eAAA,GAAA,cAAc,CAAC,QAAU,CAAC;AACjN,YAAA,MAAM,IAAI,WAAW,CAAC,cAAc,CAAC,KAAK,EAAE,SAAS,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC;AACnF,SAAA;KACJ,CAAA;AAED;;;;AAIG;AACG,IAAA,eAAA,CAAA,SAAA,CAAA,yBAAyB,GAA/B,UACI,mBAAqD,EACrD,SAAoB,EACpB,YAAoB,EACpB,OAAwB,EACxB,eAA0C,EAC1C,iBAA0B,EAC1B,4BAAsC,EACtC,8BAAwC,EACxC,eAAwB,EAAA;;;;;;wBAIxB,IAAI,mBAAmB,CAAC,QAAQ,EAAE;AAC9B,4BAAA,UAAU,GAAG,IAAI,SAAS,CAAC,mBAAmB,CAAC,QAAQ,IAAI,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;;4BAGnG,IAAI,eAAe,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE;gCAChE,IAAI,UAAU,CAAC,MAAM,CAAC,KAAK,KAAK,eAAe,CAAC,KAAK,EAAE;AACnD,oCAAA,MAAM,eAAe,CAAC,wBAAwB,EAAE,CAAC;AACpD,iCAAA;AACJ,6BAAA;;4BAGD,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE;AACpC,gCAAA,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;gCAC7C,IAAI,CAAC,QAAQ,EAAE;AACX,oCAAA,MAAM,eAAe,CAAC,2BAA2B,EAAE,CAAC;AACvD,iCAAA;gCAED,SAAS,CAAC,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;AACnD,6BAAA;AACJ,yBAAA;;AAGD,wBAAA,IAAI,CAAC,qBAAqB,GAAG,aAAa,CAAC,qBAAqB,CAAC,mBAAmB,CAAC,WAAW,IAAI,SAAS,CAAC,YAAY,EAAE,SAAS,CAAC,aAAa,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;wBAI9L,IAAI,CAAC,CAAC,eAAe,IAAI,CAAC,CAAC,eAAe,CAAC,KAAK,EAAE;AAC9C,4BAAA,eAAe,GAAG,aAAa,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC;AAC5F,yBAAA;;AAGD,wBAAA,mBAAmB,CAAC,MAAM,GAAG,mBAAmB,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,IAAI,SAAS,CAAC;AAEjF,wBAAA,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,eAAe,CAAC,CAAC;;;;8BAG5I,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,iBAAiB,CAAA,EAAhD,OAAgD,CAAA,CAAA,YAAA,CAAA,CAAA,CAAA;AAChD,wBAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,gDAAgD,CAAC,CAAC;wBACtE,YAAY,GAAG,IAAI,iBAAiB,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;wBACnE,OAAM,CAAA,CAAA,YAAA,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAA,CAAA;;AAA5D,wBAAA,EAAA,CAAA,IAAA,EAA4D,CAAC;;;AAEjE;;;;;AAKG;wBACH,IAAI,4BAA4B,IAAI,CAAC,8BAA8B,IAAI,WAAW,CAAC,OAAO,EAAE;AAClF,4BAAA,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;4BAC/C,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;4BAClD,IAAI,CAAC,OAAO,EAAE;AACV,gCAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,qGAAqG,CAAC,CAAC;gCAC3H,OAAO,CAAA,CAAA,aAAA,eAAe,CAAC,4BAA4B,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC,CAAA;AACxK,6BAAA;AACJ,yBAAA;wBACD,OAAM,CAAA,CAAA,YAAA,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,WAAW,CAAC,CAAA,CAAA;;AAApD,wBAAA,EAAA,CAAA,IAAA,EAAoD,CAAC;;;8BAEjD,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,iBAAiB,IAAI,YAAY,CAAA,EAAhE,OAAgE,CAAA,CAAA,YAAA,CAAA,CAAA,CAAA;AAChE,wBAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;wBACrE,OAAM,CAAA,CAAA,YAAA,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAA,CAAA;;AAA3D,wBAAA,EAAA,CAAA,IAAA,EAA2D,CAAC;;;4BAGpE,OAAO,CAAA,CAAA,aAAA,eAAe,CAAC,4BAA4B,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,mBAAmB,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAA;;;;AAC3L,KAAA,CAAA;AAED;;;;;AAKG;AACK,IAAA,eAAA,CAAA,SAAA,CAAA,mBAAmB,GAA3B,UAA4B,mBAAqD,EAAE,SAAoB,EAAE,YAAoB,EAAE,OAAwB,EAAE,UAAsB,EAAE,iBAA0B,EAAE,eAA0C,EAAA;AACnP,QAAA,IAAM,GAAG,GAAG,SAAS,CAAC,iBAAiB,EAAE,CAAC;AAC1C,QAAA,IAAI,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;AAC1B,YAAA,MAAM,eAAe,CAAC,kCAAkC,EAAE,CAAC;AAC9D,SAAA;;AAGD,QAAA,IAAI,aAAwC,CAAC;AAC7C,QAAA,IAAI,aAAwC,CAAC;AAC7C,QAAA,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE;AACpE,YAAA,aAAa,GAAG,aAAa,CAAC,mBAAmB,CAC7C,IAAI,CAAC,qBAAqB,EAC1B,GAAG,EACH,mBAAmB,CAAC,QAAQ,IAAI,SAAS,CAAC,YAAY,EACtD,IAAI,CAAC,QAAQ,EACb,UAAU,CAAC,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC,YAAY,CAClD,CAAC;AAEF,YAAA,aAAa,GAAG,IAAI,CAAC,qBAAqB,CACtC,mBAAmB,EACnB,UAAU,EACV,SAAS,EACT,eAAe,CAClB,CAAC;AACL,SAAA;;QAGD,IAAI,iBAAiB,GAA6B,IAAI,CAAC;QACvD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,EAAE;;AAGxD,YAAA,IAAM,cAAc,GAAG,mBAAmB,CAAC,KAAK,GAAG,QAAQ,CAAC,UAAU,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;AAEvI;;;AAGG;AACH,YAAA,IAAM,SAAS,GAAW,CAAC,OAAO,mBAAmB,CAAC,UAAU,KAAK,QAAQ,GAAG,QAAQ,CAAC,mBAAmB,CAAC,UAAU,EAAE,EAAE,CAAC,GAAG,mBAAmB,CAAC,UAAU,KAAK,CAAC,CAAC;AACpK,YAAA,IAAM,YAAY,GAAW,CAAC,OAAO,mBAAmB,CAAC,cAAc,KAAK,QAAQ,GAAG,QAAQ,CAAC,mBAAmB,CAAC,cAAc,EAAE,EAAE,CAAC,GAAG,mBAAmB,CAAC,cAAc,KAAK,CAAC,CAAC;AACnL,YAAA,IAAM,SAAS,GAAuB,CAAC,OAAO,mBAAmB,CAAC,UAAU,KAAK,QAAQ,GAAG,QAAQ,CAAC,mBAAmB,CAAC,UAAU,EAAE,EAAE,CAAC,GAAG,mBAAmB,CAAC,UAAU,KAAK,SAAS,CAAC;AACxL,YAAA,IAAM,sBAAsB,GAAG,YAAY,GAAG,SAAS,CAAC;AACxD,YAAA,IAAM,8BAA8B,GAAG,sBAAsB,GAAG,YAAY,CAAC;AAC7E,YAAA,IAAM,gBAAgB,GAAG,SAAS,IAAI,SAAS,GAAG,CAAC,GAAG,YAAY,GAAG,SAAS,GAAG,SAAS,CAAC;;AAG3F,YAAA,iBAAiB,GAAG,iBAAiB,CAAC,uBAAuB,CACzD,IAAI,CAAC,qBAAqB,EAC1B,GAAG,EACH,mBAAmB,CAAC,YAAY,IAAI,SAAS,CAAC,YAAY,EAC1D,IAAI,CAAC,QAAQ,EACb,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC,YAAY,GAAG,SAAS,CAAC,MAAM,EAC/E,cAAc,CAAC,WAAW,EAAE,EAC5B,sBAAsB,EACtB,8BAA8B,EAC9B,IAAI,CAAC,SAAS,EACd,gBAAgB,EAChB,mBAAmB,CAAC,UAAU,EAC9B,iBAAiB,EACjB,mBAAmB,CAAC,MAAM,EAC1B,OAAO,CAAC,MAAM,EACd,OAAO,CAAC,mBAAmB,CAC9B,CAAC;AACL,SAAA;;QAGD,IAAI,kBAAkB,GAA8B,IAAI,CAAC;QACzD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,mBAAmB,CAAC,aAAa,CAAC,EAAE;AACzD,YAAA,kBAAkB,GAAG,kBAAkB,CAAC,wBAAwB,CAC5D,IAAI,CAAC,qBAAqB,EAC1B,GAAG,EACH,mBAAmB,CAAC,aAAa,IAAI,SAAS,CAAC,YAAY,EAC3D,IAAI,CAAC,QAAQ,EACb,mBAAmB,CAAC,IAAI,EACxB,iBAAiB,CACpB,CAAC;AACL,SAAA;;QAGD,IAAI,iBAAiB,GAA6B,IAAI,CAAC;QACvD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE;AAChD,YAAA,iBAAiB,GAAG,iBAAiB,CAAC,uBAAuB,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,IAAI,CAAC,CAAC;AAC/G,SAAA;AAED,QAAA,OAAO,IAAI,WAAW,CAAC,aAAa,EAAE,aAAa,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,iBAAiB,CAAC,CAAC;KAClH,CAAA;AAED;;;;;AAKG;IACK,eAAqB,CAAA,SAAA,CAAA,qBAAA,GAA7B,UAA8B,mBAAqD,EAAE,OAAkB,EAAE,SAAoB,EAAE,eAA0C,EAAA;AACrK,QAAA,IAAM,aAAa,GAAG,SAAS,CAAC,aAAa,CAAC;AAC9C,QAAA,IAAM,kBAAkB,GAAG,eAAe,GAAG,eAAe,CAAC,qBAAqB,GAAG,SAAS,CAAC,YAAY,CAAC;AAC5G,QAAA,IAAM,WAAW,GAAG,eAAe,GAAG,eAAe,CAAC,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC;;AAG5F,QAAA,IAAI,aAAa,KAAK,aAAa,CAAC,IAAI,EAAE;AACtC,YAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;AACrE,YAAA,OAAO,aAAa,CAAC,oBAAoB,CAAC,IAAI,CAAC,qBAAqB,EAAE,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,WAAW,CAAC,CAAC;AAC9H,SAAA;;AAGD,QAAA,IAAI,WAAW,CAAC,OAAO,CAAC,mBAAmB,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,YAAY,KAAK,KAAK,EAAE;AAC1F,YAAA,MAAM,eAAe,CAAC,0BAA0B,EAAE,CAAC;AACtD,SAAA;AAED,QAAA,OAAO,mBAAmB,CAAC,WAAW;YAClC,aAAa,CAAC,aAAa,CAAC,mBAAmB,CAAC,WAAW,EAAE,IAAI,CAAC,qBAAqB,EAAE,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,WAAW,CAAC;AAC7I,YAAA,aAAa,CAAC,oBAAoB,CAAC,IAAI,CAAC,qBAAqB,EAAE,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,WAAW,CAAC,CAAC;KAC3H,CAAA;AAED;;;;;;;;;AASG;AACU,IAAA,eAAA,CAAA,4BAA4B,GAAzC,UACI,SAAkB,EAClB,SAAoB,EACpB,WAAwB,EACxB,cAAuB,EACvB,OAAwB,EACxB,UAAsB,EACtB,YAAiC,EACjC,IAAa,EACb,SAAkB,EAAA;;;;;;;AAEd,wBAAA,WAAW,GAAW,SAAS,CAAC,YAAY,CAAC;wBAC7C,cAAc,GAAkB,EAAE,CAAC;wBACnC,SAAS,GAAgB,IAAI,CAAC;AAE9B,wBAAA,QAAQ,GAAW,SAAS,CAAC,YAAY,CAAC;6BAE1C,WAAW,CAAC,WAAW,EAAvB,OAAuB,CAAA,CAAA,YAAA,CAAA,CAAA,CAAA;8BACnB,WAAW,CAAC,WAAW,CAAC,SAAS,KAAK,oBAAoB,CAAC,GAAG,CAAA,EAA9D,OAA8D,CAAA,CAAA,YAAA,CAAA,CAAA,CAAA;AACxD,wBAAA,iBAAiB,GAAsB,IAAI,iBAAiB,CAAC,SAAS,CAAC,CAAC;wBACxE,EAAoB,GAAA,WAAW,CAAC,WAAW,EAAzC,MAAM,GAAA,EAAA,CAAA,MAAA,EAAE,KAAK,GAAA,EAAA,CAAA,KAAA,CAA6B;wBAElD,IAAI,CAAC,KAAK,EAAE;AACR,4BAAA,MAAM,eAAe,CAAC,uBAAuB,EAAE,CAAC;AACnD,yBAAA;wBAEa,OAAM,CAAA,CAAA,YAAA,iBAAiB,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA,CAAA;;wBAA1E,WAAW,GAAG,SAA4D,CAAC;;;AAE3E,wBAAA,WAAW,GAAG,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC;;;AAEjD,wBAAA,cAAc,GAAG,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC;AAC/E,wBAAA,SAAS,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC;AACvE,wBAAA,YAAY,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC;;;wBAGtF,IAAI,WAAW,CAAC,WAAW,EAAE;AACzB,4BAAA,QAAQ,GAAG,WAAW,CAAC,WAAW,CAAC,QAAQ,KAAK,aAAa,GAAG,aAAa,GAAG,SAAS,CAAC,YAAY,CAAC;AAC1G,yBAAA;wBACK,GAAG,GAAG,CAAA,UAAU,KAAV,IAAA,IAAA,UAAU,KAAV,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,UAAU,CAAE,MAAM,CAAC,GAAG,MAAI,UAAU,aAAV,UAAU,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAV,UAAU,CAAE,MAAM,CAAC,GAAG,CAAA,IAAI,SAAS,CAAC,YAAY,CAAC;AACjF,wBAAA,GAAG,GAAG,CAAA,UAAU,KAAA,IAAA,IAAV,UAAU,KAAV,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,UAAU,CAAE,MAAM,CAAC,GAAG,KAAI,SAAS,CAAC,YAAY,CAAC;wBAE7D,OAAO,CAAA,CAAA,aAAA;gCACH,SAAS,EAAE,SAAS,CAAC,kBAAkB;AACvC,gCAAA,QAAQ,EAAE,GAAG;AACb,gCAAA,QAAQ,EAAE,GAAG;AACb,gCAAA,MAAM,EAAE,cAAc;AACtB,gCAAA,OAAO,EAAE,WAAW,CAAC,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,IAAI;AAC1E,gCAAA,OAAO,EAAE,UAAU,GAAG,UAAU,CAAC,QAAQ,GAAG,SAAS,CAAC,YAAY;gCAClE,aAAa,EAAE,UAAU,GAAG,UAAU,CAAC,MAAM,GAAG,EAAE;AAClD,gCAAA,WAAW,EAAE,WAAW;AACxB,gCAAA,SAAS,EAAE,cAAc;AACzB,gCAAA,SAAS,EAAE,SAAS;gCACpB,aAAa,EAAE,OAAO,CAAC,aAAa;AACpC,gCAAA,SAAS,EAAE,SAAS,IAAI,SAAS,CAAC,YAAY;AAC9C,gCAAA,YAAY,EAAE,YAAY;AAC1B,gCAAA,QAAQ,EAAE,QAAQ;gCAClB,SAAS,EAAE,CAAA,CAAA,EAAA,GAAA,WAAW,CAAC,WAAW,0CAAE,SAAS,KAAI,SAAS,CAAC,YAAY;AACvE,gCAAA,KAAK,EAAE,YAAY,GAAG,YAAY,CAAC,gBAAgB,GAAG,SAAS,CAAC,YAAY;gCAC5E,kBAAkB,EAAE,CAAA,CAAA,EAAA,GAAA,WAAW,CAAC,OAAO,0CAAE,kBAAkB,KAAI,SAAS,CAAC,YAAY;gCACrF,WAAW,EAAE,CAAA,CAAA,EAAA,GAAA,WAAW,CAAC,OAAO,0CAAE,WAAW,KAAI,SAAS,CAAC,YAAY;AACvE,gCAAA,IAAI,EAAA,IAAA;AACJ,gCAAA,gBAAgB,EAAE,KAAK;6BAC1B,CAAC,CAAA;;;;AACL,KAAA,CAAA;IACL,OAAC,eAAA,CAAA;AAAD,CAAC,EAAA;;;;"}