csp-typed-directives
Version:
Provides type information for all CSP directives and related headers' directives; as well as a basic utility funtion that helps convert the typed properties to the header content's policy string.
8 lines (7 loc) • 23.7 kB
Source Map (JSON)
{
"version": 3,
"sources": ["../src/index.ts", "../node_modules/tsup/assets/cjs_shims.js", "../src/csp.types.ts"],
"sourcesContent": ["import {\n\tdirectiveMap,\n\tDirectives,\n\tReportTo,\n\tReferrerHeaderOptions,\n\treferrerHeaderOptions,\n\tdirectiveValuesByCategory,\n\tvalidHashes,\n\tvalidCrypto,\n\tSource,\n\tactionSource,\n\tbaseSources,\n\ttrustedTypesPolicy,\n\trequireTrustedTypePolicy,\n\tsriPolicy,\n\tsandboxDirectives,\n} from './csp.types.js';\n\nexport type ValidSource = Source;\ntype ReportTos = ReportTo | ReportTo[]\nfunction normalizeArrayString<T> (arrS: T[] | T): T[] {\n\treturn Array.isArray(arrS) ? arrS : [arrS];\n}\nexport const ValidHashes = validHashes;\nexport const ValidCrypto = validCrypto;\nexport const directiveNamesList = <(keyof typeof directiveMap)[]>Object.keys(directiveMap);\ntype DirectiveName = keyof typeof directiveMap;\ntype DirectiveValue = typeof directiveMap[DirectiveName]\ntype DirectiveMapPair = [DirectiveName,DirectiveValue]\ntype CategoryValue = FlatArray<(typeof directiveValuesByCategory[DirectiveValue[number]]),1>\ntype DirectiveResult = {\n\tvalues: Partial<CategoryValue>[]\n\tcategories: DirectiveValue\n}\nexport const DirectiveMap = new Map<DirectiveName,DirectiveResult>(Object.entries(directiveMap).map((dPair) => {\n\tconst [k,v] = <DirectiveMapPair>dPair;\n\treturn [k,{\n\t\tget values (): Partial<CategoryValue>[] {\n\t\t\treturn this.categories.map((category) => directiveValuesByCategory[category]).flat(1);\n\t\t},\n\t\tcategories: v,\n\t}];\n}));\nexport const referrerHeaderOptionsList = referrerHeaderOptions;\nexport type DirectivesObj = Directives;\nexport type ReportToObj = ReportTo;\nexport type ReferrerHeaderOptionsList = ReferrerHeaderOptions;\nexport type CspDirectiveHeaders = {\n\t'Content-Security-Policy-Report-Only': string\n\t'Content-Security-Policy': string\n\t'Report-To': string\n\t'Referrer-Policy': string\n}\n\nconst PolicySet = new Set([\n\t...actionSource,\n\t...baseSources,\n\t...trustedTypesPolicy,\n\t...requireTrustedTypePolicy,\n\t...sriPolicy,\n\t...referrerHeaderOptions,\n\t...actionSource,\n\t...sandboxDirectives,\n]);\nfunction isQuotedPolicy (policy: string): boolean {\n\tif (policy === '*') return false;\n\t// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n\t// @ts-ignore\n\tif (PolicySet.has(policy)) return true;\n\tif (validCrypto.some((v) => policy.startsWith(`${v}-`))) return true;\n\treturn false;\n}\n\nexport class CspDirectives {\n\tpublic CSP: Directives\n\tpublic ReportOnly: Directives | false\n\tpublic ReportTo: ReportTos\n\tpublic ReferrerHeader: ReferrerHeaderOptions\n\tconstructor (\n\t\tcsp?: Directives,\n\t\tsendReportsTo?: ReportTos,\n\t\treportSubset?: Directives,\n\t\treferrerHeaderOverride?: ReferrerHeaderOptions,\n\t){\n\t\tthis.CSP = csp || {};\n\t\tthis.ReportOnly = reportSubset || false;\n\t\tthis.ReportTo = sendReportsTo || [];\n\t\tthis.ReferrerHeader = referrerHeaderOverride || 'strict-origin-when-cross-origin';\n\t\tfunction inReferrerOptions (r: string): r is ReferrerHeaderOptions {\n\t\t\treturn referrerHeaderOptions.some((v) => v === r);\n\t\t}\n\t\tif (!referrerHeaderOverride && csp?.referrer && inReferrerOptions(csp.referrer)) {\n\t\t\tthis.ReferrerHeader = csp.referrer;\n\t\t}\n\t}\n\tcheckReportTo (): void {\n\t\tconst reportTo = this.CSP?.['report-to'];\n\t\tif (reportTo === undefined) return;\n\t\telse {\n\t\t\tconst reportsTo = normalizeArrayString(this.ReportTo);\n\t\t\tif (!reportsTo.some((v) => v.group === reportTo)) {\n\t\t\t\tthrow Error('Undefined ReportTo group specified in policy \"report-to\"');\n\t\t\t}\n\t\t}\n\t}\n\tgetHeaders (): CspDirectiveHeaders {\n\t\tthis.checkReportTo();\n\t\tconst results = {\n\t\t\t'Content-Security-Policy-Report-Only':'',\n\t\t\t'Content-Security-Policy':'',\n\t\t\t'Report-To': normalizeArrayString(this.ReportTo).length ? JSON.stringify(this.ReportTo) : '',\n\t\t\t'Referrer-Policy':this.ReferrerHeader,\n\t\t};\n\t\tdirectiveNamesList.forEach((directive) => {\n\t\t\tlet result = '';\n\t\t\tconst getRes = (obj: Directives) => {\n\t\t\t\tlet res = '';\n\t\t\t\tif (typeof obj[directive] !== 'boolean') {\n\t\t\t\t\tres = normalizeArrayString(obj[directive]).map((v) => {\n\t\t\t\t\t\tif (typeof v === 'string') {\n\t\t\t\t\t\t\t// if (v.includes(':') || v.includes('.')) debugger;\n\t\t\t\t\t\t\treturn isQuotedPolicy(v) ? ` '${v}'` : ` ${v}`;\n\t\t\t\t\t\t}\n\t\t\t\t\t\treturn;\n\t\t\t\t\t}).join('');\n\t\t\t\t}\n\t\t\t\tresult = ` ${directive}${res};`;\n\t\t\t};\n\t\t\tif (this.CSP[directive]) {\n\t\t\t\tgetRes(this.CSP);\n\t\t\t\tresults['Content-Security-Policy'] += result;\n\t\t\t}\n\t\t\tif (this.ReportOnly && this.ReportOnly[directive]) {\n\t\t\t\tresults['Content-Security-Policy-Report-Only'] += result || (getRes(this.ReportOnly),result);\n\t\t\t}\n\t\t});\n\t\tresults['Content-Security-Policy-Report-Only'] =\n\t\t\tresults['Content-Security-Policy-Report-Only'].trim();\n\t\tresults['Content-Security-Policy'] =\n\t\t\tresults['Content-Security-Policy'].trim();\n\t\treturn results;\n\t}\n}\n", "export const importMetaUrlShim =\n typeof document === 'undefined'\n ? new (require('u' + 'rl').URL)('file:' + __filename).href\n : (document.currentScript && document.currentScript.src) ||\n new URL('main.js', document.baseURI).href\n", "/*\n * Descriptions and other information taken from the Mozilla developer docs\n * @ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy\n */\n// Scheme Source Definition\nexport const schemeSource = ['http:', 'https:', 'data:', 'mediastream:', 'blob:', 'filesystem:'] as const;\ntype SchemeSource = typeof schemeSource[number];\n\ntype OptionalPath = `${HttpDelineators}${string}` | ''\ntype UrlString = `${HostSource}${OptionalPath}`;\n\n// Hosts Source Definition\ntype HostProtocolSchemes = `${string}://` | ''\ntype PortScheme = `:${number}` | '' | ':*'\n/** Can actually be any string, but typed more explicitly to\n * restrict the combined optional types of Source from collapsing to just bing `string` */\ntype HostNameScheme = `${string}.${string}` | `localhost`\ntype HostSource = `${HostProtocolSchemes}${HostNameScheme}${PortScheme}`\n\n// Crypto Source Definition\nexport const validHashes = ['sha256', 'sha384', 'sha512'] as const;\nexport const validCrypto = ['nonce', ...validHashes] as const;\ntype ValidCrypto = typeof validCrypto[number];\ntype CryptoSources = `${ValidCrypto}-${string}`\n\n// URI Definition\nexport const httpDelineators = ['/', '?', '#', '\\\\'] as const;\ntype HttpDelineators = typeof httpDelineators[number];\ntype UriPath = `${HttpDelineators}${string}`\n\n// Base Source Directives\nexport const baseSources = ['self', 'unsafe-eval', 'unsafe-hashes', 'unsafe-inline', 'none', '*'] as const;\ntype BaseSources = typeof baseSources[number]\n\n// Combined all source directives\nexport const source = [...baseSources, ...schemeSource] as const;\nexport type Source = BaseSources | HostSource | SchemeSource | CryptoSources\ntype Sources = Source | Source[]\n\nexport const referrerHeaderOptions = [\n\t/**\n\t * The Referer header will be omitted entirely. No referrer information is sent along with requests. */\n\t'no-referrer',\n\t/**\n\t * Send the origin, path, and querystring in Referer when the protocol security level stays the same or improves (HTTP\u2192HTTP, HTTP\u2192HTTPS, HTTPS\u2192HTTPS). Don't send the Referer header for requests to less secure destinations (HTTPS\u2192HTTP, HTTPS\u2192file). */\n\t'no-referrer-when-downgrade',\n\t/** Send the origin (only) in the Referer header.\n\t * For example, a document at https://example.com/page.html will send the referrer https://example.com/. */\n\t'origin',\n\t/**\n\t * Send the origin, path, and query string when performing a same-origin request to the same protocol level. Send origin (only) for cross origin requests and requests to less secure destinations. */\n\t'origin-when-cross-origin',\n\t/**\n\t * Send the origin, path, and query string for same-origin requests. Don't send the Referer header for cross-origin requests. */\n\t'same-origin',\n\t/**\n\t * Send the origin (only) when the protocol security level stays the same (HTTPS\u2192HTTPS). Don't send the Referer header to less secure destinations (HTTPS\u2192HTTP). */\n\t'strict-origin',\n\t/**\n\t * Send the origin, path, and querystring when performing a same-origin request. For cross-origin requests send the origin (only) when the protocol security level stays same (HTTPS\u2192HTTPS). Don't send the Referer header to less secure destinations (HTTPS\u2192HTTP).\n\t * * NOTE\n\t * * This is the default policy if no policy is specified,\n\t * * or if the provided value is invalid (see spec revision November 2020).\n\t * * Previously the default was no-referrer-when-downgrade. */\n\t'strict-origin-when-cross-origin', // default\n\t/**\n\t * Send the origin, path, and query string when performing any request, regardless of security.\n\t * * Warning\n\t * * This policy will leak potentially-private information from HTTPS resource URLs to insecure origins.\n\t * * Carefully consider the impact of this setting. */\n\t'unsafe-url',\n\t'none',\n] as const;\nexport type ReferrerHeaderOptions = typeof referrerHeaderOptions[number]\n\ntype ChildDirectives = {\n\t'child-src'?: Sources\n\t'frame-src'?: Sources\n\t'worker-src'?: Sources\n}\n\ntype SourceDirectives = {\n\t'connect-src'?: Sources\n\t'default-src'?: ActionSource | ActionSource[]\n\t'font-src'?: Sources\n\t'frame-src'?: Sources\n\t'img-src'?: Sources\n\t'manifest-src'?: Sources\n\t'media-src'?: Sources\n\t'object-src'?: Sources\n\t'prefetch-src'?: Sources\n\t'script-src'?: ActionSource | ActionSource[]\n\t'script-src-elem'?: Sources\n\t'script-src-attr'?: Sources\n\t'style-src'?: Sources\n\t'style-src-elem'?: Sources\n\t'style-src-attr'?: Sources\n}\n\n\nexport const sandboxDirectives = [\n\t/** Allows for downloads to occur without a gesture from the user. */\n\t'allow-downloads-without-user-activation',\n\t/** Allows the page to submit forms. If this keyword is not used, this operation is not allowed. */\n\t'allow-forms',\n\t/** Allows the page to open modal windows. */\n\t'allow-modals',\n\t/** Allows the page to disable the ability to lock the screen orientation. */\n\t'allow-orientation-lock',\n\t/** Allows the page to use the Pointer Lock API. */\n\t'allow-pointer-lock',\n\t/** Allows popups (like from window.open, target=\"_blank\", showModalDialog).\n\t * If this keyword is not used, that functionality will silently fail. */\n\t'allow-popups',\n\t/** Allows a sandboxed document to open new windows without forcing the sandboxing flags upon them.\n\t * This will allow, for example, a third-party advertisement to be safely sandboxed without\n\t * forcing the same restrictions upon a landing page. */\n\t'allow-popups-to-escape-sandbox',\n\t/** Allows embedders to have control over whether an iframe can start a presentation session. */\n\t'allow-presentation',\n\t/** Allows the content to be treated as being from its normal origin.\n\t * If this keyword is not used, the embedded content is treated as being from a unique origin. */\n\t'allow-same-origin',\n\t/** Allows the page to run scripts (but not create pop-up windows).\n\t * If this keyword is not used, this operation is not allowed. */\n\t'allow-scripts',\n\t/** Lets the resource request access to the parent's storage capabilities with the Storage Access API. */\n\t'allow-storage-access-by-user-activation',\n\t/** Allows the page to navigate (load) content to the top-level browsing context.\n\t * If this keyword is not used, this operation is not allowed. */\n\t'allow-top-navigation',\n\t/** Lets the resource navigate the top-level browsing context, but only if initiated by a user gesture. */\n\t'allow-top-navigation-by-user-activation',\n\n] as const;\ntype SandboxOption = typeof sandboxDirectives[number]\n\ntype PluginSource = `${string}/${string}` | 'none'\n\ntype DocumentDirectives = {\n\t/**\n\t * Restricts the URLs which can be used in a document's <base> element. */\n\t'base-uri'?: ActionSource | ActionSource[]\n\n\t/**\n\t * Restricts the set of plugins that can be embedded into a document by\n\t * limiting the types of resources which can be loaded.\n\t * @deprecated */\n\t'plugin-types'?: PluginSource | PluginSource[]\n\n\t/**\n\t * Enables a sandbox for the requested resource similar to the <iframe> sandbox attribute. */\n\t'sandbox'?: SandboxOption\n}\n\nexport const actionSource = ['strict-dynamic', 'report-sample'] as const;\ntype ActionSource = Source | typeof actionSource[number]\n\n\ntype FrameSource = HostSource | SchemeSource | 'self' | 'none'\n\n/**\n * Navigation directives govern to which locations a user can navigate or submit a form, for example.\n */\ntype NavigationDirectives = {\n\t/**\n\t * Restricts the URLs which can be used as the target of a form submissions from a given context. */\n\t'form-action'?: ActionSource | ActionSource[]\n\t/**\n\t * Specifies valid parents that may embed a page using <frame>, <iframe>, <object>, <embed>, or <applet>. */\n\t'frame-ancestors'?: FrameSource | FrameSource[]\n\t/**\n\t * Restricts the URLs to which a document can initiate navigation by any means,\n\t * including <form> (if form-action is not specified), <a>, window.location, window.open, etc.\n\t * @experimental */\n\t'navigate-to'?: ActionSource | ActionSource[]\n}\n\n/**\n * Reporting directives control the reporting process of CSP violations.\n * See also the Content-Security-Policy-Report-Only header.\n */\ntype ReportingDirectives = {\n\t/** @deprecated */\n\t'report-uri'?: UriPath\n\t/** @experimental */\n\t'report-to'?: ReportTo['group']\n}\n/** Disallows using strings with DOM XSS injection sink functions,\n * and requires matching types created by Trusted Type policies. */\nexport const requireTrustedTypePolicy = ['script'] as const;\ntype RequireTrustedTypePolicy = typeof requireTrustedTypePolicy[number];\n\nexport const trustedTypesPolicy = ['none', 'allow-duplicates', '*'] as const;\ntype TrustedTypesPolicy = typeof trustedTypesPolicy[number] | string\n\nexport const sriPolicy = ['script', 'style', 'script style'] as const;\ntype SriPolicy = typeof sriPolicy[number]\n\ntype OtherDirectives = {\n\t/** Prevents loading any assets using HTTP when the page is loaded using HTTPS.\n\t\t@deprecated */\n\t'block-all-mixed-content'?: boolean\n\n\t/** Used to specify information in the Referer (sic) header for links away from a page.\n\t * Use the Referrer-Policy header instead.\n\t\t@deprecated */\n\t'referrer'?: ReferrerHeaderOptions\n\n\t/** Requires the use of SRI for scripts or styles on the page.\n\t\t@deprecated */\n\t'require-sri-for'?: SriPolicy\n\n\t/** Enforces Trusted Types at the DOM XSS injection sinks. */\n\t'require-trusted-types-for'?: RequireTrustedTypePolicy\n\n\t/** Used to specify an allow-list of Trusted Types policies.\n\t * Trusted Types allows applications to lock down\n\t * DOM XSS injection sinks to only accept non-spoofable,\n\t * typed values in place of strings. */\n\t'trusted-types'?: TrustedTypesPolicy | TrustedTypesPolicy[]\n\n\t/** Instructs user agents to treat all of a site's insecure URLs (those served over HTTP)\n\t * as though they have been replaced with secure URLs (those served over HTTPS).\n\t * This directive is intended for web sites with large numbers of insecure legacy\n\t * URLs that need to be rewritten. */\n\t'upgrade-insecure-requests'?: boolean\n}\n\n\nexport const directiveValuesByCategory = {\n\thostSource: [\n\t\t{\n\t\t\tdisplayName: 'Hostname/URL Source',\n\t\t\tconsumes: {\n\t\t\t\t'Port': 'number',\n\t\t\t\t'Hostname': 'string',\n\t\t\t\t'Protocol': 'string://',\n\t\t\t},\n\t\t\tcompose: (args: {\n\t\t\t\t'Port'?: number,\n\t\t\t\t'Hostname'?: string,\n\t\t\t\t'Protocol'?: HostProtocolSchemes,\n\t\t\t}) => <HostSource>(\n\t\t\t\t(args?.Protocol || '') +\n\t\t\t\t(args?.Hostname || '') +\n\t\t\t\t(args?.Port\n\t\t\t\t\t? ':' + args?.Port\n\t\t\t\t\t: ''\n\t\t\t\t)\n\t\t\t),\n\t\t},\n\t],\n\tschemeSource,\n\tcryptoSource: [\n\t\t{\n\t\t\tdisplayName: 'Crypto Nonce/Hash Source',\n\t\t\tconsumes: {\n\t\t\t\t'Hash': 'string',\n\t\t\t\t'Algorithm': validCrypto,\n\t\t\t},\n\t\t\tcompose: (args: {Hash:string,Algorithm: ValidCrypto}) => <CryptoSources>`${args.Algorithm}-${args.Hash}`,\n\t\t},\n\t],\n\tbaseSources,\n\tprimitiveSourceBool: [\n\t\ttrue,\n\t\tfalse,\n\t],\n\tprimitiveSourceString: [\n\t\t{\n\t\t\tdisplayName: 'Any String',\n\t\t\tconsumes: {\n\t\t\t\t'String': 'string',\n\t\t\t},\n\t\t\tcompose: (args: {String:string}) => args.String,\n\t\t},\n\t],\n\ttrustedTypesPolicy,\n\trequireTrustedTypePolicy,\n\tsriPolicy,\n\treferrerHeaderOptions,\n\turiPath: [\n\t\t{\n\t\t\tdisplayName: 'URI Source',\n\t\t\tconsumes: {\n\t\t\t\t'Beginning Delineator': httpDelineators,\n\t\t\t\t'Remaining Path': 'string',\n\t\t\t},\n\t\t\tcompose: (args: {'Beginning Delineator':HttpDelineators,'Remaining Path': string}) =>\n\t\t\t\t<UriPath>`${args['Beginning Delineator']}${args['Remaining Path']}`,\n\t\t},\n\t],\n\tactionSource,\n\tpluginSource: [\n\t\t{\n\t\t\tdisplayName: 'Plugin MIME Type Source',\n\t\t\tconsumes: {\n\t\t\t\t'MIME Category': 'string',\n\t\t\t\t'MIME Implementation': 'string',\n\t\t\t},\n\t\t\tcompose: (args: {'MIME Category':string,'MIME Implementation': string}) =>\n\t\t\t\t<PluginSource>`${args['MIME Category']}/${args['MIME Implementation']}`,\n\t\t},\n\t\t'none',\n\t],\n\tframeSource:[\n\t\t'self',\n\t\t'none',\n\t],\n\tsandboxDirectives,\n} as const;\n\nexport const directiveMap: Readonly<Record<(keyof Directives),Readonly<(keyof typeof directiveValuesByCategory)[]>>> = {\n\t'child-src': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'default-src': ['hostSource', 'schemeSource', 'cryptoSource', 'baseSources', 'actionSource'],\n\t'frame-src': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'worker-src': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'connect-src': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'font-src': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'img-src': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'manifest-src': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'media-src': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'object-src': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'prefetch-src': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'script-src': ['hostSource','schemeSource','cryptoSource','baseSources', 'actionSource'],\n\t'script-src-elem': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'script-src-attr': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'style-src': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'style-src-elem': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'style-src-attr': ['hostSource','schemeSource','cryptoSource','baseSources'],\n\t'base-uri': ['hostSource','schemeSource','cryptoSource','baseSources','actionSource'],\n\t'plugin-types': ['pluginSource'],\n\t'sandbox': ['sandboxDirectives'],\n\t'form-action': ['hostSource','schemeSource','cryptoSource','baseSources','actionSource'],\n\t'frame-ancestors': ['hostSource','schemeSource','frameSource'],\n\t'navigate-to': ['hostSource','schemeSource','cryptoSource','baseSources','actionSource'],\n\t'report-uri': ['uriPath'],\n\t'report-to': ['primitiveSourceString'],\n\t'block-all-mixed-content': ['primitiveSourceBool'],\n\t'referrer': ['referrerHeaderOptions'],\n\t'require-sri-for': ['sriPolicy'],\n\t'require-trusted-types-for': ['requireTrustedTypePolicy'],\n\t'trusted-types': ['trustedTypesPolicy','primitiveSourceString'],\n\t'upgrade-insecure-requests': ['primitiveSourceBool'],\n} as const;\n\nexport type Directives =\n\tChildDirectives\n\t& SourceDirectives\n\t& OtherDirectives\n\t& ReportingDirectives\n\t& NavigationDirectives\n\t& DocumentDirectives\n\nexport type ReportTo = {\n\tgroup: string;\n\tmax_age: number;\n\tendpoints: {url:UrlString}[]\n}\n"],
"mappings": "mPAAA,iJCAO,GAAM,GACX,MAAO,WAAa,YAChB,GAAK,SAAQ,QAAY,IAAK,QAAU,YAAY,KACnD,SAAS,eAAiB,SAAS,cAAc,KAClD,GAAI,KAAI,UAAW,SAAS,SAAS,KCCpC,GAAM,GAAe,CAAC,QAAS,SAAU,QAAS,eAAgB,QAAS,eAerE,EAAc,CAAC,SAAU,SAAU,UACnC,EAAc,CAAC,QAAS,GAAG,GAK3B,EAAkB,CAAC,IAAK,IAAK,IAAK,MAKlC,EAAc,CAAC,OAAQ,cAAe,gBAAiB,gBAAiB,OAAQ,KAIhF,EAAS,CAAC,GAAG,EAAa,GAAG,GAI7B,EAAwB,CAGpC,cAGA,6BAGA,SAGA,2BAGA,cAGA,gBAOA,kCAMA,aACA,QA6BY,EAAoB,CAEhC,0CAEA,cAEA,eAEA,yBAEA,qBAGA,eAIA,iCAEA,qBAGA,oBAGA,gBAEA,0CAGA,uBAEA,2CAuBY,EAAe,CAAC,iBAAkB,iBAmClC,EAA2B,CAAC,UAG5B,EAAqB,CAAC,OAAQ,mBAAoB,KAGlD,EAAY,CAAC,SAAU,QAAS,gBAkChC,EAA4B,CACxC,WAAY,CACX,CACC,YAAa,sBACb,SAAU,CACT,KAAQ,SACR,SAAY,SACZ,SAAY,aAEb,QAAS,AAAC,GAKR,mBAAM,WAAY,IAClB,mBAAM,WAAY,IAClB,mBAAM,MACJ,IAAM,kBAAM,MACZ,MAKN,eACA,aAAc,CACb,CACC,YAAa,2BACb,SAAU,CACT,KAAQ,SACR,UAAa,GAEd,QAAS,AAAC,GAA8D,GAAG,EAAK,aAAa,EAAK,SAGpG,cACA,oBAAqB,CACpB,GACA,IAED,sBAAuB,CACtB,CACC,YAAa,aACb,SAAU,CACT,OAAU,UAEX,QAAS,AAAC,GAA0B,EAAK,SAG3C,qBACA,2BACA,YACA,wBACA,QAAS,CACR,CACC,YAAa,aACb,SAAU,CACT,uBAAwB,EACxB,iBAAkB,UAEnB,QAAS,AAAC,GACA,GAAG,EAAK,0BAA0B,EAAK,sBAGnD,eACA,aAAc,CACb,CACC,YAAa,0BACb,SAAU,CACT,gBAAiB,SACjB,sBAAuB,UAExB,QAAS,AAAC,GACK,GAAG,EAAK,oBAAoB,EAAK,0BAEjD,QAED,YAAY,CACX,OACA,QAED,qBAGY,EAA0G,CACtH,YAAa,CAAC,aAAa,eAAe,eAAe,eACzD,cAAe,CAAC,aAAc,eAAgB,eAAgB,cAAe,gBAC7E,YAAa,CAAC,aAAa,eAAe,eAAe,eACzD,aAAc,CAAC,aAAa,eAAe,eAAe,eAC1D,cAAe,CAAC,aAAa,eAAe,eAAe,eAC3D,WAAY,CAAC,aAAa,eAAe,eAAe,eACxD,UAAW,CAAC,aAAa,eAAe,eAAe,eACvD,eAAgB,CAAC,aAAa,eAAe,eAAe,eAC5D,YAAa,CAAC,aAAa,eAAe,eAAe,eACzD,aAAc,CAAC,aAAa,eAAe,eAAe,eAC1D,eAAgB,CAAC,aAAa,eAAe,eAAe,eAC5D,aAAc,CAAC,aAAa,eAAe,eAAe,cAAe,gBACzE,kBAAmB,CAAC,aAAa,eAAe,eAAe,eAC/D,kBAAmB,CAAC,aAAa,eAAe,eAAe,eAC/D,YAAa,CAAC,aAAa,eAAe,eAAe,eACzD,iBAAkB,CAAC,aAAa,eAAe,eAAe,eAC9D,iBAAkB,CAAC,aAAa,eAAe,eAAe,eAC9D,WAAY,CAAC,aAAa,eAAe,eAAe,cAAc,gBACtE,eAAgB,CAAC,gBACjB,QAAW,CAAC,qBACZ,cAAe,CAAC,aAAa,eAAe,eAAe,cAAc,gBACzE,kBAAmB,CAAC,aAAa,eAAe,eAChD,cAAe,CAAC,aAAa,eAAe,eAAe,cAAc,gBACzE,aAAc,CAAC,WACf,YAAa,CAAC,yBACd,0BAA2B,CAAC,uBAC5B,SAAY,CAAC,yBACb,kBAAmB,CAAC,aACpB,4BAA6B,CAAC,4BAC9B,gBAAiB,CAAC,qBAAqB,yBACvC,4BAA6B,CAAC,wBFpU/B,WAAkC,EAAoB,CACrD,MAAO,OAAM,QAAQ,GAAQ,EAAO,CAAC,GAE/B,GAAM,GAAc,EACd,EAAc,EACd,EAAoD,OAAO,KAAK,GAShE,EAAe,GAAI,KAAmC,OAAO,QAAQ,GAAc,IAAI,AAAC,GAAU,CAC9G,GAAM,CAAC,EAAE,GAAuB,EAChC,MAAO,CAAC,EAAE,IACL,SAAoC,CACvC,MAAO,MAAK,WAAW,IAAI,AAAC,GAAa,EAA0B,IAAW,KAAK,IAEpF,WAAY,OAGD,EAA4B,EAWnC,EAAY,GAAI,KAAI,CACzB,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,IAEJ,WAAyB,EAAyB,CACjD,MAAI,KAAW,IAAY,GAGvB,KAAU,IAAI,IACd,EAAY,KAAK,AAAC,GAAM,EAAO,WAAW,GAAG,QAI3C,WAAoB,CAK1B,YACC,EACA,EACA,EACA,EACA,CACA,KAAK,IAAM,GAAO,GAClB,KAAK,WAAa,GAAgB,GAClC,KAAK,SAAW,GAAiB,GACjC,KAAK,eAAiB,GAA0B,kCAChD,WAA4B,EAAuC,CAClE,MAAO,GAAsB,KAAK,AAAC,GAAM,IAAM,GAEhD,AAAI,CAAC,GAA0B,kBAAK,WAAY,EAAkB,EAAI,WACrE,MAAK,eAAiB,EAAI,UAG5B,eAAuB,CA/FxB,MAgGE,GAAM,GAAW,QAAK,MAAL,cAAW,aAC5B,GAAI,IAAa,QAGZ,CAAC,AADa,EAAqB,KAAK,UAC7B,KAAK,AAAC,GAAM,EAAE,QAAU,GACtC,KAAM,OAAM,4DAIf,YAAmC,CAClC,KAAK,gBACL,GAAM,GAAU,CACf,sCAAsC,GACtC,0BAA0B,GAC1B,YAAa,EAAqB,KAAK,UAAU,OAAS,KAAK,UAAU,KAAK,UAAY,GAC1F,kBAAkB,KAAK,gBAExB,SAAmB,QAAQ,AAAC,GAAc,CACzC,GAAI,GAAS,GACP,EAAS,AAAC,GAAoB,CACnC,GAAI,GAAM,GACV,AAAI,MAAO,GAAI,IAAe,WAC7B,GAAM,EAAqB,EAAI,IAAY,IAAI,AAAC,GAAM,CACrD,GAAI,MAAO,IAAM,SAEhB,MAAO,GAAe,GAAK,KAAK,KAAO,IAAI,MAG1C,KAAK,KAET,EAAS,IAAI,IAAY,MAE1B,AAAI,KAAK,IAAI,IACZ,GAAO,KAAK,KACZ,EAAQ,4BAA8B,GAEnC,KAAK,YAAc,KAAK,WAAW,IACtC,GAAQ,wCAA0C,GAAW,GAAO,KAAK,YAAY,MAGvF,EAAQ,uCACP,EAAQ,uCAAuC,OAChD,EAAQ,2BACP,EAAQ,2BAA2B,OAC7B",
"names": []
}