UNPKG

better-auth

Version:

The most comprehensive authentication framework for TypeScript.

better-auth.com

better-auth/better-auth

1 lines • 22 kB
1
{"version":3,"file":"email-verification.mjs","names":["jwt: JWTVerifyResult<JWTPayload>","newToken","updateCallbackURL","updatedUser"],"sources":["../../../src/api/routes/email-verification.ts"],"sourcesContent":["import type { GenericEndpointContext } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { APIError } from \"better-call\";\nimport type { JWTPayload, JWTVerifyResult } from \"jose\";\nimport { jwtVerify } from \"jose\";\nimport { JWTExpired } from \"jose/errors\";\nimport * as z from \"zod\";\nimport { setSessionCookie } from \"../../cookies\";\nimport { signJWT } from \"../../crypto/jwt\";\nimport type { User } from \"../../types\";\nimport { originCheck } from \"../middlewares\";\nimport { getSessionFromCtx } from \"./session\";\n\nexport async function createEmailVerificationToken(\n\tsecret: string,\n\temail: string,\n\t/**\n\t * The email to update from\n\t */\n\tupdateTo?: string | undefined,\n\t/**\n\t * The time in seconds for the token to expire\n\t */\n\texpiresIn: number = 3600,\n\t/**\n\t * Extra payload to include in the token\n\t */\n\textraPayload?: Record<string, any>,\n) {\n\tconst token = await signJWT(\n\t\t{\n\t\t\temail: email.toLowerCase(),\n\t\t\tupdateTo,\n\t\t\t...extraPayload,\n\t\t},\n\t\tsecret,\n\t\texpiresIn,\n\t);\n\treturn token;\n}\n\n/**\n * A function to send a verification email to the user\n */\nexport async function sendVerificationEmailFn(\n\tctx: GenericEndpointContext,\n\tuser: User,\n) {\n\tif (!ctx.context.options.emailVerification?.sendVerificationEmail) {\n\t\tctx.context.logger.error(\"Verification email isn't enabled.\");\n\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\tmessage: \"Verification email isn't enabled\",\n\t\t});\n\t}\n\tconst token = await createEmailVerificationToken(\n\t\tctx.context.secret,\n\t\tuser.email,\n\t\tundefined,\n\t\tctx.context.options.emailVerification?.expiresIn,\n\t);\n\tconst callbackURL = ctx.body.callbackURL\n\t\t? encodeURIComponent(ctx.body.callbackURL)\n\t\t: encodeURIComponent(\"/\");\n\tconst url = `${ctx.context.baseURL}/verify-email?token=${token}&callbackURL=${callbackURL}`;\n\tawait ctx.context.runInBackgroundOrAwait(\n\t\tctx.context.options.emailVerification.sendVerificationEmail(\n\t\t\t{\n\t\t\t\tuser: user,\n\t\t\t\turl,\n\t\t\t\ttoken,\n\t\t\t},\n\t\t\tctx.request,\n\t\t),\n\t);\n}\nexport const sendVerificationEmail = createAuthEndpoint(\n\t\"/send-verification-email\",\n\t{\n\t\tmethod: \"POST\",\n\t\toperationId: \"sendVerificationEmail\",\n\t\tbody: z.object({\n\t\t\temail: z.email().meta({\n\t\t\t\tdescription: \"The email to send the verification email to\",\n\t\t\t}),\n\t\t\tcallbackURL: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The URL to use for email verification callback\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\toperationId: \"sendVerificationEmail\",\n\t\t\t\tdescription: \"Send a verification email to the user\",\n\t\t\t\trequestBody: {\n\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\temail: {\n\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\tdescription: \"The email to send the verification email to\",\n\t\t\t\t\t\t\t\t\t\texample: \"user@example.com\",\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\tcallbackURL: {\n\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\"The URL to use for email verification callback\",\n\t\t\t\t\t\t\t\t\t\texample: \"https://example.com/callback\",\n\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\trequired: [\"email\"],\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"Indicates if the email was sent successfully\",\n\t\t\t\t\t\t\t\t\t\t\texample: true,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\"400\": {\n\t\t\t\t\t\tdescription: \"Bad Request\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"Error message\",\n\t\t\t\t\t\t\t\t\t\t\texample: \"Verification email isn't enabled\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tif (!ctx.context.options.emailVerification?.sendVerificationEmail) {\n\t\t\tctx.context.logger.error(\"Verification email isn't enabled.\");\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Verification email isn't enabled\",\n\t\t\t});\n\t\t}\n\t\tconst { email } = ctx.body;\n\t\tconst session = await getSessionFromCtx(ctx);\n\t\tif (!session) {\n\t\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email);\n\t\t\tif (!user) {\n\t\t\t\tawait createEmailVerificationToken(\n\t\t\t\t\tctx.context.secret,\n\t\t\t\t\temail,\n\t\t\t\t\tundefined,\n\t\t\t\t\tctx.context.options.emailVerification?.expiresIn,\n\t\t\t\t);\n\t\t\t\t//we're returning true to avoid leaking information about the user\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tstatus: true,\n\t\t\t\t});\n\t\t\t}\n\t\t\tawait sendVerificationEmailFn(ctx, user.user);\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t});\n\t\t}\n\t\tif (session?.user.emailVerified) {\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\tmessage:\n\t\t\t\t\t\"You can only send a verification email to an unverified email\",\n\t\t\t});\n\t\t}\n\t\tif (session?.user.email !== email) {\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"You can only send a verification email to your own email\",\n\t\t\t});\n\t\t}\n\t\tawait sendVerificationEmailFn(ctx, session.user);\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n\nexport const verifyEmail = createAuthEndpoint(\n\t\"/verify-email\",\n\t{\n\t\tmethod: \"GET\",\n\t\toperationId: \"verifyEmail\",\n\t\tquery: z.object({\n\t\t\ttoken: z.string().meta({\n\t\t\t\tdescription: \"The token to verify the email\",\n\t\t\t}),\n\t\t\tcallbackURL: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The URL to redirect to after email verification\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tuse: [originCheck((ctx) => ctx.query.callbackURL)],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Verify the email of the user\",\n\t\t\t\tparameters: [\n\t\t\t\t\t{\n\t\t\t\t\t\tname: \"token\",\n\t\t\t\t\t\tin: \"query\",\n\t\t\t\t\t\tdescription: \"The token to verify the email\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tname: \"callbackURL\",\n\t\t\t\t\t\tin: \"query\",\n\t\t\t\t\t\tdescription: \"The URL to redirect to after email verification\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"Indicates if the email was verified successfully\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"user\", \"status\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tfunction redirectOnError(error: string) {\n\t\t\tif (ctx.query.callbackURL) {\n\t\t\t\tif (ctx.query.callbackURL.includes(\"?\")) {\n\t\t\t\t\tthrow ctx.redirect(`${ctx.query.callbackURL}&error=${error}`);\n\t\t\t\t}\n\t\t\t\tthrow ctx.redirect(`${ctx.query.callbackURL}?error=${error}`);\n\t\t\t}\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: error,\n\t\t\t});\n\t\t}\n\t\tconst { token } = ctx.query;\n\t\tlet jwt: JWTVerifyResult<JWTPayload>;\n\t\ttry {\n\t\t\tjwt = await jwtVerify(\n\t\t\t\ttoken,\n\t\t\t\tnew TextEncoder().encode(ctx.context.secret),\n\t\t\t\t{\n\t\t\t\t\talgorithms: [\"HS256\"],\n\t\t\t\t},\n\t\t\t);\n\t\t} catch (e) {\n\t\t\tif (e instanceof JWTExpired) {\n\t\t\t\treturn redirectOnError(\"token_expired\");\n\t\t\t}\n\t\t\treturn redirectOnError(\"invalid_token\");\n\t\t}\n\t\tconst schema = z.object({\n\t\t\temail: z.email(),\n\t\t\tupdateTo: z.string().optional(),\n\t\t\trequestType: z.string().optional(),\n\t\t});\n\t\tconst parsed = schema.parse(jwt.payload);\n\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(\n\t\t\tparsed.email,\n\t\t);\n\t\tif (!user) {\n\t\t\treturn redirectOnError(\"user_not_found\");\n\t\t}\n\t\tif (parsed.updateTo) {\n\t\t\tlet session = await getSessionFromCtx(ctx);\n\t\t\tif (session && session.user.email !== parsed.email) {\n\t\t\t\treturn redirectOnError(\"unauthorized\");\n\t\t\t}\n\t\t\tif (parsed.requestType === \"change-email-confirmation\") {\n\t\t\t\tconst newToken = await createEmailVerificationToken(\n\t\t\t\t\tctx.context.secret,\n\t\t\t\t\tparsed.email,\n\t\t\t\t\tparsed.updateTo,\n\t\t\t\t\tctx.context.options.emailVerification?.expiresIn,\n\t\t\t\t\t{\n\t\t\t\t\t\trequestType: \"change-email-verification\",\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tconst updateCallbackURL = ctx.query.callbackURL\n\t\t\t\t\t? encodeURIComponent(ctx.query.callbackURL)\n\t\t\t\t\t: encodeURIComponent(\"/\");\n\t\t\t\tconst url = `${ctx.context.baseURL}/verify-email?token=${newToken}&callbackURL=${updateCallbackURL}`;\n\t\t\t\tif (ctx.context.options.emailVerification?.sendVerificationEmail) {\n\t\t\t\t\tawait ctx.context.runInBackgroundOrAwait(\n\t\t\t\t\t\tctx.context.options.emailVerification.sendVerificationEmail(\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t...user.user,\n\t\t\t\t\t\t\t\t\temail: parsed.updateTo,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\turl,\n\t\t\t\t\t\t\t\ttoken: newToken,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tctx.request,\n\t\t\t\t\t\t),\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tif (ctx.query.callbackURL) {\n\t\t\t\t\tthrow ctx.redirect(ctx.query.callbackURL);\n\t\t\t\t}\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tstatus: true,\n\t\t\t\t});\n\t\t\t}\n\t\t\tif (!session) {\n\t\t\t\tconst newSession = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\tuser.user.id,\n\t\t\t\t);\n\t\t\t\tif (!newSession) {\n\t\t\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\t\tmessage: \"Failed to create session\",\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t\tsession = {\n\t\t\t\t\tsession: newSession,\n\t\t\t\t\tuser: user.user,\n\t\t\t\t};\n\t\t\t}\n\t\t\tif (parsed.requestType === \"change-email-verification\") {\n\t\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUserByEmail(\n\t\t\t\t\tparsed.email,\n\t\t\t\t\t{\n\t\t\t\t\t\temail: parsed.updateTo,\n\t\t\t\t\t\temailVerified: true,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\t\tsession: session.session,\n\t\t\t\t\tuser: {\n\t\t\t\t\t\t...session.user,\n\t\t\t\t\t\temail: parsed.updateTo,\n\t\t\t\t\t\temailVerified: true,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (ctx.query.callbackURL) {\n\t\t\t\t\tthrow ctx.redirect(ctx.query.callbackURL);\n\t\t\t\t}\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tstatus: true,\n\t\t\t\t\tuser: updatedUser,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUserByEmail(\n\t\t\t\tparsed.email,\n\t\t\t\t{\n\t\t\t\t\temail: parsed.updateTo,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tconst newToken = await createEmailVerificationToken(\n\t\t\t\tctx.context.secret,\n\t\t\t\tparsed.updateTo,\n\t\t\t);\n\n\t\t\t//send verification email to the new email\n\t\t\tconst updateCallbackURL = ctx.query.callbackURL\n\t\t\t\t? encodeURIComponent(ctx.query.callbackURL)\n\t\t\t\t: encodeURIComponent(\"/\");\n\t\t\tif (ctx.context.options.emailVerification?.sendVerificationEmail) {\n\t\t\t\tawait ctx.context.runInBackgroundOrAwait(\n\t\t\t\t\tctx.context.options.emailVerification.sendVerificationEmail(\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tuser: updatedUser,\n\t\t\t\t\t\t\turl: `${ctx.context.baseURL}/verify-email?token=${newToken}&callbackURL=${updateCallbackURL}`,\n\t\t\t\t\t\t\ttoken: newToken,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tctx.request,\n\t\t\t\t\t),\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\tsession: session.session,\n\t\t\t\tuser: {\n\t\t\t\t\t...session.user,\n\t\t\t\t\temail: parsed.updateTo,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (ctx.query.callbackURL) {\n\t\t\t\tthrow ctx.redirect(ctx.query.callbackURL);\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t\tuser: {\n\t\t\t\t\tid: updatedUser.id,\n\t\t\t\t\temail: updatedUser.email,\n\t\t\t\t\tname: updatedUser.name,\n\t\t\t\t\timage: updatedUser.image,\n\t\t\t\t\temailVerified: updatedUser.emailVerified,\n\t\t\t\t\tcreatedAt: updatedUser.createdAt,\n\t\t\t\t\tupdatedAt: updatedUser.updatedAt,\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tif (user.user.emailVerified) {\n\t\t\tif (ctx.query.callbackURL) {\n\t\t\t\tthrow ctx.redirect(ctx.query.callbackURL);\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t\tuser: null,\n\t\t\t});\n\t\t}\n\t\tif (ctx.context.options.emailVerification?.onEmailVerification) {\n\t\t\tawait ctx.context.options.emailVerification.onEmailVerification(\n\t\t\t\tuser.user,\n\t\t\t\tctx.request,\n\t\t\t);\n\t\t}\n\t\tconst updatedUser = await ctx.context.internalAdapter.updateUserByEmail(\n\t\t\tparsed.email,\n\t\t\t{\n\t\t\t\temailVerified: true,\n\t\t\t},\n\t\t);\n\t\tif (ctx.context.options.emailVerification?.afterEmailVerification) {\n\t\t\tawait ctx.context.options.emailVerification.afterEmailVerification(\n\t\t\t\tupdatedUser,\n\t\t\t\tctx.request,\n\t\t\t);\n\t\t}\n\t\tif (ctx.context.options.emailVerification?.autoSignInAfterVerification) {\n\t\t\tconst currentSession = await getSessionFromCtx(ctx);\n\t\t\tif (!currentSession || currentSession.user.email !== parsed.email) {\n\t\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\tuser.user.id,\n\t\t\t\t);\n\t\t\t\tif (!session) {\n\t\t\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\t\tmessage: \"Failed to create session\",\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\t\tsession,\n\t\t\t\t\tuser: {\n\t\t\t\t\t\t...user.user,\n\t\t\t\t\t\temailVerified: true,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t} else {\n\t\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\t\tsession: currentSession.session,\n\t\t\t\t\tuser: {\n\t\t\t\t\t\t...currentSession.user,\n\t\t\t\t\t\temailVerified: true,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t}\n\n\t\tif (ctx.query.callbackURL) {\n\t\t\tthrow ctx.redirect(ctx.query.callbackURL);\n\t\t}\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t\tuser: null,\n\t\t});\n\t},\n);\n"],"mappings":";;;;;;;;;;;;AAaA,eAAsB,6BACrB,QACA,OAIA,UAIA,YAAoB,MAIpB,cACC;AAUD,QATc,MAAM,QACnB;EACC,OAAO,MAAM,aAAa;EAC1B;EACA,GAAG;EACH,EACD,QACA,UACA;;;;;AAOF,eAAsB,wBACrB,KACA,MACC;AACD,KAAI,CAAC,IAAI,QAAQ,QAAQ,mBAAmB,uBAAuB;AAClE,MAAI,QAAQ,OAAO,MAAM,oCAAoC;AAC7D,QAAM,IAAI,SAAS,eAAe,EACjC,SAAS,oCACT,CAAC;;CAEH,MAAM,QAAQ,MAAM,6BACnB,IAAI,QAAQ,QACZ,KAAK,OACL,QACA,IAAI,QAAQ,QAAQ,mBAAmB,UACvC;CACD,MAAM,cAAc,IAAI,KAAK,cAC1B,mBAAmB,IAAI,KAAK,YAAY,GACxC,mBAAmB,IAAI;CAC1B,MAAM,MAAM,GAAG,IAAI,QAAQ,QAAQ,sBAAsB,MAAM,eAAe;AAC9E,OAAM,IAAI,QAAQ,uBACjB,IAAI,QAAQ,QAAQ,kBAAkB,sBACrC;EACO;EACN;EACA;EACA,EACD,IAAI,QACJ,CACD;;AAEF,MAAa,wBAAwB,mBACpC,4BACA;CACC,QAAQ;CACR,aAAa;CACb,MAAM,EAAE,OAAO;EACd,OAAO,EAAE,OAAO,CAAC,KAAK,EACrB,aAAa,+CACb,CAAC;EACF,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,kDACb,CAAC,CACD,UAAU;EACZ,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;GACP,MAAM;GACN,YAAY;IACX,OAAO;KACN,MAAM;KACN,aAAa;KACb,SAAS;KACT;IACD,aAAa;KACZ,MAAM;KACN,aACC;KACD,SAAS;KACT,UAAU;KACV;IACD;GACD,UAAU,CAAC,QAAQ;GACnB,EACD,EACD,EACD;EACD,WAAW;GACV,OAAO;IACN,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,QAAQ;MACP,MAAM;MACN,aACC;MACD,SAAS;MACT,EACD;KACD,EACD,EACD;IACD;GACD,OAAO;IACN,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,SAAS;MACR,MAAM;MACN,aAAa;MACb,SAAS;MACT,EACD;KACD,EACD,EACD;IACD;GACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AACd,KAAI,CAAC,IAAI,QAAQ,QAAQ,mBAAmB,uBAAuB;AAClE,MAAI,QAAQ,OAAO,MAAM,oCAAoC;AAC7D,QAAM,IAAI,SAAS,eAAe,EACjC,SAAS,oCACT,CAAC;;CAEH,MAAM,EAAE,UAAU,IAAI;CACtB,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,CAAC,SAAS;EACb,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,MAAM;AACrE,MAAI,CAAC,MAAM;AACV,SAAM,6BACL,IAAI,QAAQ,QACZ,OACA,QACA,IAAI,QAAQ,QAAQ,mBAAmB,UACvC;AAED,UAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;;AAEH,QAAM,wBAAwB,KAAK,KAAK,KAAK;AAC7C,SAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;;AAEH,KAAI,SAAS,KAAK,cACjB,OAAM,IAAI,SAAS,eAAe,EACjC,SACC,iEACD,CAAC;AAEH,KAAI,SAAS,KAAK,UAAU,MAC3B,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,4DACT,CAAC;AAEH,OAAM,wBAAwB,KAAK,QAAQ,KAAK;AAChD,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAED,MAAa,cAAc,mBAC1B,iBACA;CACC,QAAQ;CACR,aAAa;CACb,OAAO,EAAE,OAAO;EACf,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,iCACb,CAAC;EACF,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,mDACb,CAAC,CACD,UAAU;EACZ,CAAC;CACF,KAAK,CAAC,aAAa,QAAQ,IAAI,MAAM,YAAY,CAAC;CAClD,UAAU,EACT,SAAS;EACR,aAAa;EACb,YAAY,CACX;GACC,MAAM;GACN,IAAI;GACJ,aAAa;GACb,UAAU;GACV,QAAQ,EACP,MAAM,UACN;GACD,EACD;GACC,MAAM;GACN,IAAI;GACJ,aAAa;GACb,UAAU;GACV,QAAQ,EACP,MAAM,UACN;GACD,CACD;EACD,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,MAAM;MACL,MAAM;MACN,MAAM;MACN;KACD,QAAQ;MACP,MAAM;MACN,aACC;MACD;KACD;IACD,UAAU,CAAC,QAAQ,SAAS;IAC5B,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,SAAS,gBAAgB,OAAe;AACvC,MAAI,IAAI,MAAM,aAAa;AAC1B,OAAI,IAAI,MAAM,YAAY,SAAS,IAAI,CACtC,OAAM,IAAI,SAAS,GAAG,IAAI,MAAM,YAAY,SAAS,QAAQ;AAE9D,SAAM,IAAI,SAAS,GAAG,IAAI,MAAM,YAAY,SAAS,QAAQ;;AAE9D,QAAM,IAAI,SAAS,gBAAgB,EAClC,SAAS,OACT,CAAC;;CAEH,MAAM,EAAE,UAAU,IAAI;CACtB,IAAIA;AACJ,KAAI;AACH,QAAM,MAAM,UACX,OACA,IAAI,aAAa,CAAC,OAAO,IAAI,QAAQ,OAAO,EAC5C,EACC,YAAY,CAAC,QAAQ,EACrB,CACD;UACO,GAAG;AACX,MAAI,aAAa,WAChB,QAAO,gBAAgB,gBAAgB;AAExC,SAAO,gBAAgB,gBAAgB;;CAOxC,MAAM,SALS,EAAE,OAAO;EACvB,OAAO,EAAE,OAAO;EAChB,UAAU,EAAE,QAAQ,CAAC,UAAU;EAC/B,aAAa,EAAE,QAAQ,CAAC,UAAU;EAClC,CAAC,CACoB,MAAM,IAAI,QAAQ;CACxC,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAC9C,OAAO,MACP;AACD,KAAI,CAAC,KACJ,QAAO,gBAAgB,iBAAiB;AAEzC,KAAI,OAAO,UAAU;EACpB,IAAI,UAAU,MAAM,kBAAkB,IAAI;AAC1C,MAAI,WAAW,QAAQ,KAAK,UAAU,OAAO,MAC5C,QAAO,gBAAgB,eAAe;AAEvC,MAAI,OAAO,gBAAgB,6BAA6B;GACvD,MAAMC,aAAW,MAAM,6BACtB,IAAI,QAAQ,QACZ,OAAO,OACP,OAAO,UACP,IAAI,QAAQ,QAAQ,mBAAmB,WACvC,EACC,aAAa,6BACb,CACD;GACD,MAAMC,sBAAoB,IAAI,MAAM,cACjC,mBAAmB,IAAI,MAAM,YAAY,GACzC,mBAAmB,IAAI;GAC1B,MAAM,MAAM,GAAG,IAAI,QAAQ,QAAQ,sBAAsBD,WAAS,eAAeC;AACjF,OAAI,IAAI,QAAQ,QAAQ,mBAAmB,sBAC1C,OAAM,IAAI,QAAQ,uBACjB,IAAI,QAAQ,QAAQ,kBAAkB,sBACrC;IACC,MAAM;KACL,GAAG,KAAK;KACR,OAAO,OAAO;KACd;IACD;IACA,OAAOD;IACP,EACD,IAAI,QACJ,CACD;AAEF,OAAI,IAAI,MAAM,YACb,OAAM,IAAI,SAAS,IAAI,MAAM,YAAY;AAE1C,UAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;;AAEH,MAAI,CAAC,SAAS;GACb,MAAM,aAAa,MAAM,IAAI,QAAQ,gBAAgB,cACpD,KAAK,KAAK,GACV;AACD,OAAI,CAAC,WACJ,OAAM,IAAI,SAAS,yBAAyB,EAC3C,SAAS,4BACT,CAAC;AAEH,aAAU;IACT,SAAS;IACT,MAAM,KAAK;IACX;;AAEF,MAAI,OAAO,gBAAgB,6BAA6B;GACvD,MAAME,gBAAc,MAAM,IAAI,QAAQ,gBAAgB,kBACrD,OAAO,OACP;IACC,OAAO,OAAO;IACd,eAAe;IACf,CACD;AACD,SAAM,iBAAiB,KAAK;IAC3B,SAAS,QAAQ;IACjB,MAAM;KACL,GAAG,QAAQ;KACX,OAAO,OAAO;KACd,eAAe;KACf;IACD,CAAC;AACF,OAAI,IAAI,MAAM,YACb,OAAM,IAAI,SAAS,IAAI,MAAM,YAAY;AAE1C,UAAO,IAAI,KAAK;IACf,QAAQ;IACR,MAAMA;IACN,CAAC;;EAGH,MAAMA,gBAAc,MAAM,IAAI,QAAQ,gBAAgB,kBACrD,OAAO,OACP;GACC,OAAO,OAAO;GACd,eAAe;GACf,CACD;EAED,MAAM,WAAW,MAAM,6BACtB,IAAI,QAAQ,QACZ,OAAO,SACP;EAGD,MAAM,oBAAoB,IAAI,MAAM,cACjC,mBAAmB,IAAI,MAAM,YAAY,GACzC,mBAAmB,IAAI;AAC1B,MAAI,IAAI,QAAQ,QAAQ,mBAAmB,sBAC1C,OAAM,IAAI,QAAQ,uBACjB,IAAI,QAAQ,QAAQ,kBAAkB,sBACrC;GACC,MAAMA;GACN,KAAK,GAAG,IAAI,QAAQ,QAAQ,sBAAsB,SAAS,eAAe;GAC1E,OAAO;GACP,EACD,IAAI,QACJ,CACD;AAGF,QAAM,iBAAiB,KAAK;GAC3B,SAAS,QAAQ;GACjB,MAAM;IACL,GAAG,QAAQ;IACX,OAAO,OAAO;IACd,eAAe;IACf;GACD,CAAC;AAEF,MAAI,IAAI,MAAM,YACb,OAAM,IAAI,SAAS,IAAI,MAAM,YAAY;AAE1C,SAAO,IAAI,KAAK;GACf,QAAQ;GACR,MAAM;IACL,IAAIA,cAAY;IAChB,OAAOA,cAAY;IACnB,MAAMA,cAAY;IAClB,OAAOA,cAAY;IACnB,eAAeA,cAAY;IAC3B,WAAWA,cAAY;IACvB,WAAWA,cAAY;IACvB;GACD,CAAC;;AAEH,KAAI,KAAK,KAAK,eAAe;AAC5B,MAAI,IAAI,MAAM,YACb,OAAM,IAAI,SAAS,IAAI,MAAM,YAAY;AAE1C,SAAO,IAAI,KAAK;GACf,QAAQ;GACR,MAAM;GACN,CAAC;;AAEH,KAAI,IAAI,QAAQ,QAAQ,mBAAmB,oBAC1C,OAAM,IAAI,QAAQ,QAAQ,kBAAkB,oBAC3C,KAAK,MACL,IAAI,QACJ;CAEF,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,kBACrD,OAAO,OACP,EACC,eAAe,MACf,CACD;AACD,KAAI,IAAI,QAAQ,QAAQ,mBAAmB,uBAC1C,OAAM,IAAI,QAAQ,QAAQ,kBAAkB,uBAC3C,aACA,IAAI,QACJ;AAEF,KAAI,IAAI,QAAQ,QAAQ,mBAAmB,6BAA6B;EACvE,MAAM,iBAAiB,MAAM,kBAAkB,IAAI;AACnD,MAAI,CAAC,kBAAkB,eAAe,KAAK,UAAU,OAAO,OAAO;GAClE,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,KAAK,KAAK,GACV;AACD,OAAI,CAAC,QACJ,OAAM,IAAI,SAAS,yBAAyB,EAC3C,SAAS,4BACT,CAAC;AAEH,SAAM,iBAAiB,KAAK;IAC3B;IACA,MAAM;KACL,GAAG,KAAK;KACR,eAAe;KACf;IACD,CAAC;QAEF,OAAM,iBAAiB,KAAK;GAC3B,SAAS,eAAe;GACxB,MAAM;IACL,GAAG,eAAe;IAClB,eAAe;IACf;GACD,CAAC;;AAIJ,KAAI,IAAI,MAAM,YACb,OAAM,IAAI,SAAS,IAAI,MAAM,YAAY;AAE1C,QAAO,IAAI,KAAK;EACf,QAAQ;EACR,MAAM;EACN,CAAC;EAEH"}