90dc-core 1.10.16 → 1.10.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthenticationUtil.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/AuthenticationUtil.ts"],"names":[],"mappings":"AACA,OAAO,GAAyC,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"AuthenticationUtil.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/AuthenticationUtil.ts"],"names":[],"mappings":"AACA,OAAO,GAAyC,MAAM,cAAc,CAAC;AAIrE,OAAO,KAAK,EAAC,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGtD,OAAO,EAAC,aAAa,EAAC,MAAM,8BAA8B,CAAC;AAC3D,OAAO,KAAK,EACV,WAAW,IAAI,eAAe,EAC9B,kBAAkB,EAIlB,wBAAwB,EAExB,SAAS,EACT,kBAAkB,EACnB,MAAM,6BAA6B,CAAC;AAmCrC,qBAAa,kBAAkB;IAC7B,gBAAuB,aAAa,EAAsC,MAAM,CAAC;IACjF,gBAAuB,cAAc,EAAuC,MAAM,CAAC;WAI/D,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;WAQ1E,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,GAAG,KAAK,CAAC;IAmC3F;;OAEG;WACW,eAAe,CAAC,IAAI,EAAE,SAAS,GAAG,MAAM;IAMtD;;OAEG;WACW,gBAAgB,CAAC,IAAI,EAAE,SAAS,GAAG,MAAM;IAIvD;;OAEG;WACW,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,GAAG,KAAK,CAAC;IA0BtF;;OAEG;WACiB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAInE;;OAEG;WACiB,eAAe,CAAC,aAAa,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAM1F;;OAEG;WACiB,4BAA4B,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAM7F;;OAEG;WACiB,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAmBzF;;OAEG;WACiB,iBAAiB,CACjC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACjB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAU9B;;OAEG;WACW,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAerE;;OAEG;WACkB,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;IAoBxD;;OAEG;WACW,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM;IAS1D;;OAEG;WACiB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAU/E;;OAEG;WACiB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAajF;;OAEG;WACiB,oBAAoB,CACpC,qBAAqB,EAAE,MAAM,GAC9B,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAwDhC;;OAEG;WACiB,6BAA6B,CAC7C,aAAa,EAAE,MAAM,GACtB,OAAO,CAAC,wBAAwB,EAAE,CAAC;IAkEtC;;OAEG;WACiB,yBAAyB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA6BtF;;OAEG;WACiB,8BAA8B,CAAC,aAAa,EAAE,MAAM;;;IA8CxE;;OAEG;WACiB,wBAAwB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAyBtF;;OAEG;WACiB,uBAAuB,CACvC,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GACrB,OAAO,CAAC,GAAG,CAAC;IAoBf;;OAEG;WACiB,qBAAqB,IAAI,OAAO,CAAC,eAAe,CAAC;IAYrE;;OAEG;WACiB,+BAA+B,CAAC,KAAK,EAAE,MAAM;IAiCjE;;OAEG;WACiB,4BAA4B,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAwBlF"}
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
import * as dotenv from "dotenv";
|
|
2
2
|
import jwt from "jsonwebtoken";
|
|
3
3
|
import axios, { isAxiosError } from "axios";
|
|
4
|
-
import fs from "fs";
|
|
5
4
|
import { google } from "googleapis";
|
|
6
5
|
import * as bcrypt from "bcryptjs";
|
|
7
6
|
import { OAuth2Client as OAuth2ClientImpl } from "google-auth-library";
|
|
@@ -34,6 +33,14 @@ async function loadAndroidServiceAccount() {
|
|
|
34
33
|
private_key
|
|
35
34
|
};
|
|
36
35
|
}
|
|
36
|
+
async function loadAppleSubscriptionkey() {
|
|
37
|
+
const client = new SecretManagerServiceClient();
|
|
38
|
+
const name = "projects/1033066542238/secrets/APPLE_SUB_KEY/versions/latest";
|
|
39
|
+
const [v] = await client.accessSecretVersion({
|
|
40
|
+
name
|
|
41
|
+
});
|
|
42
|
+
return v.payload?.data?.toString("utf8") ?? "";
|
|
43
|
+
}
|
|
37
44
|
export class AuthenticationUtil {
|
|
38
45
|
static ACCESS_SECRET = process.env.ACCESS_TOKEN_SECRET;
|
|
39
46
|
static REFRESH_SECRET = process.env.REFRESH_TOKEN_SECRET;
|
|
@@ -173,8 +180,8 @@ export class AuthenticationUtil {
|
|
|
173
180
|
// ==================== Apple OAuth & Subscriptions ====================
|
|
174
181
|
/**
|
|
175
182
|
* Generate Apple JWT for App Store Connect API
|
|
176
|
-
*/ static generateAppleJWT() {
|
|
177
|
-
const privateKey =
|
|
183
|
+
*/ static async generateAppleJWT() {
|
|
184
|
+
const privateKey = await loadAppleSubscriptionkey();
|
|
178
185
|
const header = {
|
|
179
186
|
alg: "ES256",
|
|
180
187
|
kid: process.env.APPLE_KID,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/lib/utils/AuthenticationUtil.ts"],"sourcesContent":["import * as dotenv from \"dotenv\";\nimport jwt, {type JwtPayload, type VerifyErrors} from \"jsonwebtoken\";\nimport axios, {type AxiosResponse, isAxiosError} from \"axios\";\nimport fs from \"fs\";\nimport {google} from \"googleapis\";\nimport * as bcrypt from \"bcryptjs\";\nimport type {LoginTicket,} from \"google-auth-library\";\nimport {OAuth2Client as OAuth2ClientImpl} from \"google-auth-library\";\nimport jwksClient, {type SigningKey} from \"jwks-rsa\";\nimport {PersistedUser} from '../dbmodels/PersistedUser.js';\nimport type {\n Credentials as CredentialsType,\n SignedTransactions,\n SingleTransactionResponse,\n SubscriptionStatusResponse,\n SubscriptionStatusResponseError,\n SubscriptionStatusResult,\n TransactionsResponse,\n UserTypes,\n VerificationStatus,\n} from '../models/UserInterfaces.js';\nimport {AppleTransactionError} from '../Errors/Errors.js';\nimport {SecretManagerServiceClient} from \"@google-cloud/secret-manager\";\n\ndotenv.config();\n\nenum TokenExpiration {\n ACCESS = 30 * 24 * 60 * 60,\n REFRESH = 356 * 24 * 60 * 60,\n}\n\nconst appleJwksClient = jwksClient({\n jwksUri: \"https://appleid.apple.com/auth/keys\",\n});\n\nasync function loadAndroidServiceAccount(): Promise<{client_email: string; private_key: string}> {\n const sm = new SecretManagerServiceClient();\n const name = \"projects/1033066542238/secrets/ANDROID_SUB_KEY/versions/latest\";\n const [v] = await sm.accessSecretVersion({ name });\n const raw = v.payload?.data?.toString(\"utf8\") ?? \"\";\n\n // Secret should be the full JSON key. Parse and normalize newlines.\n const json = JSON.parse(raw);\n const client_email = json.client_email as string;\n const private_key = String(json.private_key).replace(/\\\\n/g, \"\\n\");\n return { client_email, private_key };\n}\n\nexport class AuthenticationUtil {\n public static readonly ACCESS_SECRET = process.env.ACCESS_TOKEN_SECRET as string;\n public static readonly REFRESH_SECRET = process.env.REFRESH_TOKEN_SECRET as string;\n\n\n\n public static async fetchUserWithTokenInfo(token: string): Promise<PersistedUser | null> {\n const userInToken = await AuthenticationUtil.verifyTokenAndFetchUser(token);\n if (!userInToken || !userInToken.userUuid) {\n return null;\n }\n return userInToken;\n }\n\n public static verifyTokenAndFetchUser(token: string): Promise<PersistedUser | null | false> {\n return new Promise<PersistedUser | null | false>((resolve, reject) => {\n jwt.verify(\n token,\n this.ACCESS_SECRET,\n (err: VerifyErrors | null, decoded: JwtPayload | string | undefined) => {\n if (err) {\n reject(err);\n return;\n }\n\n if (decoded === undefined) {\n resolve(null);\n return;\n }\n\n const user: UserTypes = <UserTypes>decoded;\n\n if (!user.userUuid) {\n resolve(false);\n return;\n }\n\n PersistedUser.findByPk(user.userUuid)\n .then((persistedUser: PersistedUser | null) => {\n resolve(persistedUser);\n })\n .catch((e: Error) => {\n reject(e);\n });\n }\n );\n });\n }\n\n /**\n * Sign access token\n */\n public static signAccessToken(user: UserTypes): string {\n return jwt.sign(user, this.ACCESS_SECRET, {\n expiresIn: TokenExpiration.ACCESS,\n });\n }\n\n /**\n * Sign refresh token\n */\n public static signRefreshToken(user: UserTypes): string {\n return jwt.sign(user, this.REFRESH_SECRET);\n }\n\n /**\n * Verify refresh token and return new access token\n */\n public static verifyRefreshToken(refreshToken: string): Promise<string | null | false> {\n return new Promise<string | null | false>((resolve, reject) => {\n jwt.verify(\n refreshToken,\n this.REFRESH_SECRET,\n async (err: VerifyErrors | null, user: JwtPayload | string | undefined) => {\n if (err) {\n reject(err);\n return;\n }\n\n if (user === undefined) {\n resolve(null);\n return;\n }\n\n const userTypes = <UserTypes>user;\n const newAccessToken = this.signAccessToken(userTypes);\n resolve(newAccessToken);\n }\n );\n });\n }\n\n // ==================== Password Management ====================\n\n /**\n * Hash password using bcrypt\n */\n public static async hashPassword(password: string): Promise<string> {\n return bcrypt.hash(password, 10);\n }\n\n /**\n * Compare password with hash\n */\n public static async comparePassword(plainPassword: string, hash: string): Promise<boolean> {\n return bcrypt.compare(plainPassword, hash);\n }\n\n // ==================== User Registration & Login ====================\n\n /**\n * Check if user is already registered\n */\n public static async checkIfUserAlreadyRegistered(email: string | undefined): Promise<boolean> {\n if (!email) return false;\n const user = await PersistedUser.findOne({ where: { email } });\n return user !== null;\n }\n\n /**\n * Login user with email and password\n */\n public static async login(email: string, password: string): Promise<PersistedUser | null> {\n const users = await PersistedUser.findAll({ where: { email } });\n\n if (!users || users.length === 0) {\n return null;\n }\n\n for (const user of users) {\n const passwordsMatch = await this.comparePassword(password, user.password);\n if (passwordsMatch) {\n return user;\n }\n }\n\n return null;\n }\n\n // ==================== Google OAuth ====================\n\n /**\n * Verify Google OAuth token\n */\n public static async verifyGoogleToken(\n idToken: string,\n audience: string\n ): Promise<LoginTicket | null> {\n const client = new OAuth2ClientImpl(audience);\n try {\n return await client.verifyIdToken({ idToken, audience });\n } catch (error) {\n console.error(\"Google Token Verification Error:\", error);\n return null;\n }\n }\n\n /**\n * Get Google OAuth client ID based on platform\n */\n public static getGoogleClientId(platform: string): string | undefined {\n switch (platform) {\n case \"android\":\n return process.env.ANDROID_GOOGLE_CLIENT_ID;\n case \"ios\":\n return process.env.IOS_GOOGLE_CLIENT_ID;\n case \"web\":\n return process.env.WEB_GOOGLE_CLIENT_ID;\n default:\n return undefined;\n }\n }\n\n // ==================== Apple OAuth & Subscriptions ====================\n\n /**\n * Generate Apple JWT for App Store Connect API\n */\n public static generateAppleJWT(): string {\n const privateKey: string = fs.readFileSync(\n process.env.APPLE_SUBSCRIPTION_KEY_PATH as string,\n \"utf-8\"\n );\n\n const header = {\n alg: \"ES256\",\n kid: process.env.APPLE_KID as string,\n typ: \"JWT\",\n };\n\n const payload = {\n iss: process.env.APPLE_ISSUER as string,\n iat: Math.floor(Date.now() / 1000),\n exp: Math.floor(Date.now() / 1000) + 3600,\n aud: \"appstoreconnect-v1\",\n bid: process.env.APPLE_BUNDLE_ID as string,\n };\n\n return jwt.sign(payload, privateKey, { header });\n }\n\n /**\n * Verify Apple JWT for Sign in with Apple\n */\n public static verifyAppleJwt(userData: string, key: string) {\n try {\n return jwt.verify(userData, key);\n } catch (e) {\n console.error(e);\n return null;\n }\n }\n\n /**\n * Get Apple Sign In public key\n */\n public static async getAppleSignInKey(kid: string): Promise<string | undefined> {\n try {\n const key: SigningKey = await appleJwksClient.getSigningKey(kid);\n return key.getPublicKey();\n } catch (e) {\n console.error(e);\n return undefined;\n }\n }\n\n /**\n * Verify Apple receipt (legacy)\n */\n public static async verifyAppleReceipt(data: string): Promise<VerificationStatus> {\n const response: AxiosResponse = await axios.post(\n \"https://buy.itunes.apple.com/verifyReceipt\",\n {\n \"receipt-data\": data,\n password: process.env.APPLE_SHARED_SECRET as string,\n \"exclude-old-transactions\": true,\n }\n );\n\n return response.data as VerificationStatus;\n }\n\n /**\n * Get Apple transaction history\n */\n public static async getAppleTransactions(\n originalTransactionId: string\n ): Promise<SignedTransactions[]> {\n const result: SignedTransactions[] = [];\n\n try {\n const response: AxiosResponse<TransactionsResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/history/${originalTransactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const token of response.data.signedTransactions) {\n result.push(jwt.decode(token) as SignedTransactions);\n }\n\n return result;\n } catch (error) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n\n // Try sandbox environment\n if (\n isAxiosError(error) &&\n (error.response?.data.errorCode === 4040010 || error.response?.status === 401)\n ) {\n try {\n const response: AxiosResponse<TransactionsResponse> = await axios.get(\n `https://api.storekit-sandbox.itunes.apple.com/inApps/v1/history/${originalTransactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const token of response.data.signedTransactions) {\n result.push(jwt.decode(token) as SignedTransactions);\n }\n\n return result;\n } catch (e) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n }\n throw new AppleTransactionError(\"Transaction was not found in both environments.\");\n }\n throw error;\n }\n }\n\n /**\n * Get Apple subscription status\n */\n public static async getAppleSubscriptionsStatuses(\n transactionId: string\n ): Promise<SubscriptionStatusResult[]> {\n const result: SubscriptionStatusResult[] = [];\n\n try {\n const response: AxiosResponse<SubscriptionStatusResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const transaction of response.data.data[0].lastTransactions) {\n result.push({\n originalTransactionId: transaction.originalTransactionId,\n status: transaction.status,\n signedTransactionInfo: jwt.decode(transaction.signedTransactionInfo),\n signedRenewalInfo: jwt.decode(transaction.signedRenewalInfo),\n });\n }\n\n return result;\n } catch (error: unknown) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n\n // Try sandbox\n if (\n isAxiosError(error) &&\n (error.response?.data.errorCode === 4040010 || error.response?.status === 401)\n ) {\n try {\n const response: AxiosResponse<SubscriptionStatusResponse> = await axios.get(\n `https://api.storekit-sandbox.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const transaction of response.data.data[0].lastTransactions) {\n result.push({\n originalTransactionId: transaction.originalTransactionId,\n status: transaction.status,\n signedTransactionInfo: jwt.decode(transaction.signedTransactionInfo),\n signedRenewalInfo: jwt.decode(transaction.signedRenewalInfo),\n });\n }\n\n return result;\n } catch (e) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n }\n throw new AppleTransactionError(\"Transaction was not found in both environments.\");\n }\n throw error;\n }\n }\n\n /**\n * Check if Apple subscription is active\n */\n public static async isAppleSubscriptionActive(transactionId: string): Promise<boolean> {\n try {\n const response: AxiosResponse<SubscriptionStatusResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n return (\n response.data.data[0].lastTransactions[0].status === 0 ||\n response.data.data[0].lastTransactions[0].status === 2\n );\n } catch (e) {\n if (\n axios.isAxiosError(e) &&\n e.response &&\n (e.response.data as SubscriptionStatusResponseError)[\"errorMessage\"] ===\n \"Invalid transaction id.\"\n ) {\n return false;\n }\n return false;\n }\n }\n\n /**\n * Get single Apple transaction info\n */\n public static async getSingleAppleTransactionsInfo(transactionId: string) {\n try {\n const response: AxiosResponse<SingleTransactionResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/transactions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n return { signedTransactionInfo: jwt.decode(response.data.signedTransactionInfo) };\n } catch (error) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n\n // Try sandbox\n if (\n isAxiosError(error) &&\n (error.response?.data.errorCode === 4040010 || error.response?.status === 401)\n ) {\n try {\n const response: AxiosResponse<SingleTransactionResponse> = await axios.get(\n `https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n return { signedTransactionInfo: jwt.decode(response.data.signedTransactionInfo) };\n } catch (e) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n }\n throw new AppleTransactionError(\"Transaction was not found in both environments.\");\n }\n throw error;\n }\n }\n\n /**\n * Check if user bought a program (non-consumable)\n */\n public static async checkIfUserBoughtProgram(transactionId: string): Promise<string[]> {\n try {\n const productIds: string[] = [];\n const url = process.env.PURCHASE_HISTORY_URL || \"https://api.storekit.itunes.apple.com\";\n const response: AxiosResponse = await axios.get(\n `${url}/inApps/v2/history/${transactionId}?productType=NON_CONSUMABLE`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const transaction of response.data.signedTransactions) {\n productIds.push((jwt.decode(transaction) as { productId: string }).productId);\n }\n\n return productIds;\n } catch (e) {\n console.error((e as Error).message);\n return [];\n }\n }\n\n /**\n * Extend Apple subscription\n */\n public static async extendAppleSubscription(\n transactionId: string,\n extendByDays: number\n ): Promise<any> {\n const response: AxiosResponse = await axios.put(\n `https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/extend/${transactionId}`,\n {\n extendByDays,\n extendReasonCode: 1,\n requestIdentifier: require(\"crypto\").randomUUID(),\n },\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n },\n }\n );\n\n return response.data;\n }\n\n // ==================== Android (Google Play) Subscriptions ====================\n\n /**\n * Get Android access token for Google Play API\n */\n public static async getAndroidAccessToken(): Promise<CredentialsType> {\n const { client_email, private_key } = await loadAndroidServiceAccount();\n\n const jwtClient = new google.auth.JWT({\n email: client_email,\n key: private_key, // unesc\n scopes: [\"https://www.googleapis.com/auth/androidpublisher\"],\n });\n\n return await jwtClient.authorize();\n }\n\n /**\n * Get Android subscription status\n */\n public static async getAndroidSubscriptionsStatuses(token: string) {\n try {\n const credentials = await this.getAndroidAccessToken();\n\n const response: AxiosResponse = await axios.get(\n `https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${process.env.ANDROID_PACKAGE_NAME || \"nl.browney.nintydayschallenge\"}/purchases/subscriptionsv2/tokens/${token}`,\n {\n headers: {\n Authorization: `Bearer ${credentials.access_token as string}`,\n },\n }\n );\n\n return response.data;\n } catch (error) {\n if (isAxiosError(error) && error.response && error.response.status === 410) {\n // Subscription expired\n return {\n lineItems: [\n {\n expiryTime: new Date(Date.now() - 86400000).toISOString(), // Yesterday\n },\n ],\n };\n } else {\n if (isAxiosError(error)) {\n console.error(\"Android subscription error:\", error.message);\n return false;\n }\n }\n }\n }\n\n /**\n * Check if Android subscription is active\n */\n public static async isAndroidSubscriptionsActive(token: string): Promise<boolean> {\n try {\n const credentials = await this.getAndroidAccessToken();\n\n const response: AxiosResponse = await axios.get(\n `https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${process.env.ANDROID_PACKAGE_NAME || \"nl.browney.nintydayschallenge\"}/purchases/subscriptionsv2/tokens/${token}`,\n {\n headers: {\n Authorization: `Bearer ${credentials.access_token as string}`,\n },\n }\n );\n\n return (\n (response.data as { subscriptionState: string }).subscriptionState ===\n \"SUBSCRIPTION_STATE_ACTIVE\"\n );\n } catch (error) {\n if (isAxiosError(error)) {\n console.error(\"An error occurred:\", error.message);\n }\n return false;\n }\n }\n}\n"],"names":["dotenv","jwt","axios","isAxiosError","fs","google","bcrypt","OAuth2Client","OAuth2ClientImpl","jwksClient","PersistedUser","AppleTransactionError","SecretManagerServiceClient","config","TokenExpiration","appleJwksClient","jwksUri","loadAndroidServiceAccount","sm","name","v","accessSecretVersion","raw","payload","data","toString","json","JSON","parse","client_email","private_key","String","replace","AuthenticationUtil","ACCESS_SECRET","process","env","ACCESS_TOKEN_SECRET","REFRESH_SECRET","REFRESH_TOKEN_SECRET","fetchUserWithTokenInfo","token","userInToken","verifyTokenAndFetchUser","userUuid","Promise","resolve","reject","verify","err","decoded","undefined","user","findByPk","then","persistedUser","catch","e","signAccessToken","sign","expiresIn","signRefreshToken","verifyRefreshToken","refreshToken","userTypes","newAccessToken","hashPassword","password","hash","comparePassword","plainPassword","compare","checkIfUserAlreadyRegistered","email","findOne","where","login","users","findAll","length","passwordsMatch","verifyGoogleToken","idToken","audience","client","verifyIdToken","error","console","getGoogleClientId","platform","ANDROID_GOOGLE_CLIENT_ID","IOS_GOOGLE_CLIENT_ID","WEB_GOOGLE_CLIENT_ID","generateAppleJWT","privateKey","readFileSync","APPLE_SUBSCRIPTION_KEY_PATH","header","alg","kid","APPLE_KID","typ","iss","APPLE_ISSUER","iat","Math","floor","Date","now","exp","aud","bid","APPLE_BUNDLE_ID","verifyAppleJwt","userData","key","getAppleSignInKey","getSigningKey","getPublicKey","verifyAppleReceipt","response","post","APPLE_SHARED_SECRET","getAppleTransactions","originalTransactionId","result","get","headers","Authorization","signedTransactions","push","decode","status","errorCode","getAppleSubscriptionsStatuses","transactionId","transaction","lastTransactions","signedTransactionInfo","signedRenewalInfo","isAppleSubscriptionActive","getSingleAppleTransactionsInfo","checkIfUserBoughtProgram","productIds","url","PURCHASE_HISTORY_URL","productId","message","extendAppleSubscription","extendByDays","put","extendReasonCode","requestIdentifier","require","randomUUID","getAndroidAccessToken","jwtClient","auth","JWT","scopes","authorize","getAndroidSubscriptionsStatuses","credentials","ANDROID_PACKAGE_NAME","access_token","lineItems","expiryTime","toISOString","isAndroidSubscriptionsActive","subscriptionState"],"mappings":"AAAA,YAAYA,YAAY,SAAS;AACjC,OAAOC,SAA+C,eAAe;AACrE,OAAOC,SAA4BC,YAAY,QAAO,QAAQ;AAC9D,OAAOC,QAAQ,KAAK;AACpB,SAAQC,MAAM,QAAO,aAAa;AAClC,YAAYC,YAAY,WAAW;AAEnC,SAAQC,gBAAgBC,gBAAgB,QAAO,sBAAsB;AACrE,OAAOC,gBAAmC,WAAW;AACrD,SAAQC,aAAa,QAAO,+BAA+B;AAY3D,SAAQC,qBAAqB,QAAO,sBAAsB;AAC1D,SAAQC,0BAA0B,QAAO,+BAA+B;AAExEZ,OAAOa,MAAM;AAEb,IAAA,AAAKC,yCAAAA;;;WAAAA;EAAAA;AAKL,MAAMC,kBAAkBN,WAAW;IACjCO,SAAS;AACX;AAEA,eAAeC;IACb,MAAMC,KAAK,IAAIN;IACf,MAAMO,OAAO;IACb,MAAM,CAACC,EAAE,GAAG,MAAMF,GAAGG,mBAAmB,CAAC;QAAEF;IAAK;IAChD,MAAMG,MAAMF,EAAEG,OAAO,EAAEC,MAAMC,SAAS,WAAW;IAEjD,oEAAoE;IACpE,MAAMC,OAAOC,KAAKC,KAAK,CAACN;IACxB,MAAMO,eAAeH,KAAKG,YAAY;IACtC,MAAMC,cAAcC,OAAOL,KAAKI,WAAW,EAAEE,OAAO,CAAC,QAAQ;IAC7D,OAAO;QAAEH;QAAcC;IAAY;AACrC;AAEA,OAAO,MAAMG;IACX,OAAuBC,gBAAgBC,QAAQC,GAAG,CAACC,mBAAmB,CAAW;IACjF,OAAuBC,iBAAiBH,QAAQC,GAAG,CAACG,oBAAoB,CAAW;IAInF,aAAoBC,uBAAuBC,KAAa,EAAiC;QACvF,MAAMC,cAAc,MAAMT,mBAAmBU,uBAAuB,CAACF;QACrE,IAAI,CAACC,eAAe,CAACA,YAAYE,QAAQ,EAAE;YACzC,OAAO;QACT;QACA,OAAOF;IACT;IAEA,OAAcC,wBAAwBF,KAAa,EAAyC;QAC1F,OAAO,IAAII,QAAsC,CAACC,SAASC;YACzD9C,IAAI+C,MAAM,CACNP,OACA,IAAI,CAACP,aAAa,EAClB,CAACe,KAA0BC;gBACzB,IAAID,KAAK;oBACPF,OAAOE;oBACP;gBACF;gBAEA,IAAIC,YAAYC,WAAW;oBACzBL,QAAQ;oBACR;gBACF;gBAEA,MAAMM,OAA6BF;gBAEnC,IAAI,CAACE,KAAKR,QAAQ,EAAE;oBAClBE,QAAQ;oBACR;gBACF;gBAEApC,cAAc2C,QAAQ,CAACD,KAAKR,QAAQ,EAC/BU,IAAI,CAAC,CAACC;oBACLT,QAAQS;gBACV,GACCC,KAAK,CAAC,CAACC;oBACNV,OAAOU;gBACT;YACN;QAEN;IACF;IAEA;;GAEC,GACD,OAAcC,gBAAgBN,IAAe,EAAU;QACrD,OAAOnD,IAAI0D,IAAI,CAACP,MAAM,IAAI,CAAClB,aAAa,EAAE;YACxC0B,SAAS;QACX;IACF;IAEA;;GAEC,GACD,OAAcC,iBAAiBT,IAAe,EAAU;QACtD,OAAOnD,IAAI0D,IAAI,CAACP,MAAM,IAAI,CAACd,cAAc;IAC3C;IAEA;;GAEC,GACD,OAAcwB,mBAAmBC,YAAoB,EAAkC;QACrF,OAAO,IAAIlB,QAA+B,CAACC,SAASC;YAClD9C,IAAI+C,MAAM,CACNe,cACA,IAAI,CAACzB,cAAc,EACnB,OAAOW,KAA0BG;gBAC/B,IAAIH,KAAK;oBACPF,OAAOE;oBACP;gBACF;gBAEA,IAAIG,SAASD,WAAW;oBACtBL,QAAQ;oBACR;gBACF;gBAEA,MAAMkB,YAAuBZ;gBAC7B,MAAMa,iBAAiB,IAAI,CAACP,eAAe,CAACM;gBAC5ClB,QAAQmB;YACV;QAEN;IACF;IAEA,gEAAgE;IAEhE;;GAEC,GACD,aAAoBC,aAAaC,QAAgB,EAAmB;QAClE,OAAO7D,OAAO8D,IAAI,CAACD,UAAU;IAC/B;IAEA;;GAEC,GACD,aAAoBE,gBAAgBC,aAAqB,EAAEF,IAAY,EAAoB;QACzF,OAAO9D,OAAOiE,OAAO,CAACD,eAAeF;IACvC;IAEA,sEAAsE;IAEtE;;GAEC,GACD,aAAoBI,6BAA6BC,KAAyB,EAAoB;QAC5F,IAAI,CAACA,OAAO,OAAO;QACnB,MAAMrB,OAAO,MAAM1C,cAAcgE,OAAO,CAAC;YAAEC,OAAO;gBAAEF;YAAM;QAAE;QAC5D,OAAOrB,SAAS;IAClB;IAEA;;GAEC,GACD,aAAoBwB,MAAMH,KAAa,EAAEN,QAAgB,EAAiC;QACxF,MAAMU,QAAQ,MAAMnE,cAAcoE,OAAO,CAAC;YAAEH,OAAO;gBAAEF;YAAM;QAAE;QAE7D,IAAI,CAACI,SAASA,MAAME,MAAM,KAAK,GAAG;YAChC,OAAO;QACT;QAEA,KAAK,MAAM3B,QAAQyB,MAAO;YACxB,MAAMG,iBAAiB,MAAM,IAAI,CAACX,eAAe,CAACF,UAAUf,KAAKe,QAAQ;YACzE,IAAIa,gBAAgB;gBAClB,OAAO5B;YACT;QACF;QAEA,OAAO;IACT;IAEA,yDAAyD;IAEzD;;GAEC,GACD,aAAoB6B,kBAChBC,OAAe,EACfC,QAAgB,EACW;QAC7B,MAAMC,SAAS,IAAI5E,iBAAiB2E;QACpC,IAAI;YACF,OAAO,MAAMC,OAAOC,aAAa,CAAC;gBAAEH;gBAASC;YAAS;QACxD,EAAE,OAAOG,OAAO;YACdC,QAAQD,KAAK,CAAC,oCAAoCA;YAClD,OAAO;QACT;IACF;IAEA;;GAEC,GACD,OAAcE,kBAAkBC,QAAgB,EAAsB;QACpE,OAAQA;YACN,KAAK;gBACH,OAAOtD,QAAQC,GAAG,CAACsD,wBAAwB;YAC7C,KAAK;gBACH,OAAOvD,QAAQC,GAAG,CAACuD,oBAAoB;YACzC,KAAK;gBACH,OAAOxD,QAAQC,GAAG,CAACwD,oBAAoB;YACzC;gBACE,OAAOzC;QACX;IACF;IAEA,wEAAwE;IAExE;;GAEC,GACD,OAAc0C,mBAA2B;QACvC,MAAMC,aAAqB1F,GAAG2F,YAAY,CACtC5D,QAAQC,GAAG,CAAC4D,2BAA2B,EACvC;QAGJ,MAAMC,SAAS;YACbC,KAAK;YACLC,KAAKhE,QAAQC,GAAG,CAACgE,SAAS;YAC1BC,KAAK;QACP;QAEA,MAAM9E,UAAU;YACd+E,KAAKnE,QAAQC,GAAG,CAACmE,YAAY;YAC7BC,KAAKC,KAAKC,KAAK,CAACC,KAAKC,GAAG,KAAK;YAC7BC,KAAKJ,KAAKC,KAAK,CAACC,KAAKC,GAAG,KAAK,QAAQ;YACrCE,KAAK;YACLC,KAAK5E,QAAQC,GAAG,CAAC4E,eAAe;QAClC;QAEA,OAAO/G,IAAI0D,IAAI,CAACpC,SAASuE,YAAY;YAAEG;QAAO;IAChD;IAEA;;GAEC,GACD,OAAcgB,eAAeC,QAAgB,EAAEC,GAAW,EAAE;QAC1D,IAAI;YACF,OAAOlH,IAAI+C,MAAM,CAACkE,UAAUC;QAC9B,EAAE,OAAO1D,GAAG;YACV8B,QAAQD,KAAK,CAAC7B;YACd,OAAO;QACT;IACF;IAEA;;GAEC,GACD,aAAoB2D,kBAAkBjB,GAAW,EAA+B;QAC9E,IAAI;YACF,MAAMgB,MAAkB,MAAMpG,gBAAgBsG,aAAa,CAAClB;YAC5D,OAAOgB,IAAIG,YAAY;QACzB,EAAE,OAAO7D,GAAG;YACV8B,QAAQD,KAAK,CAAC7B;YACd,OAAON;QACT;IACF;IAEA;;GAEC,GACD,aAAoBoE,mBAAmB/F,IAAY,EAA+B;QAChF,MAAMgG,WAA0B,MAAMtH,MAAMuH,IAAI,CAC5C,8CACA;YACE,gBAAgBjG;YAChB2C,UAAUhC,QAAQC,GAAG,CAACsF,mBAAmB;YACzC,4BAA4B;QAC9B;QAGJ,OAAOF,SAAShG,IAAI;IACtB;IAEA;;GAEC,GACD,aAAoBmG,qBAChBC,qBAA6B,EACA;QAC/B,MAAMC,SAA+B,EAAE;QAEvC,IAAI;YACF,MAAML,WAAgD,MAAMtH,MAAM4H,GAAG,CACjE,CAAC,wDAAwD,EAAEF,uBAAuB,EAClF;gBACEG,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACnC,gBAAgB,IAAI;oBAClD,gBAAgB;gBAClB;YACF;YAGJ,KAAK,MAAMpD,SAAS+E,SAAShG,IAAI,CAACyG,kBAAkB,CAAE;gBACpDJ,OAAOK,IAAI,CAACjI,IAAIkI,MAAM,CAAC1F;YACzB;YAEA,OAAOoF;QACT,EAAE,OAAOvC,OAAO;YACd,IAAInF,aAAamF,UAAUA,MAAMkC,QAAQ,EAAEY,WAAW,KAAK;gBACzD,MAAM,IAAIzH,sBAAsB;YAClC;YAEA,0BAA0B;YAC1B,IACIR,aAAamF,UACZA,CAAAA,MAAMkC,QAAQ,EAAEhG,KAAK6G,cAAc,WAAW/C,MAAMkC,QAAQ,EAAEY,WAAW,GAAE,GAC9E;gBACA,IAAI;oBACF,MAAMZ,WAAgD,MAAMtH,MAAM4H,GAAG,CACjE,CAAC,gEAAgE,EAAEF,uBAAuB,EAC1F;wBACEG,SAAS;4BACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACnC,gBAAgB,IAAI;4BAClD,gBAAgB;wBAClB;oBACF;oBAGJ,KAAK,MAAMpD,SAAS+E,SAAShG,IAAI,CAACyG,kBAAkB,CAAE;wBACpDJ,OAAOK,IAAI,CAACjI,IAAIkI,MAAM,CAAC1F;oBACzB;oBAEA,OAAOoF;gBACT,EAAE,OAAOpE,GAAG;oBACV,IAAItD,aAAamF,UAAUA,MAAMkC,QAAQ,EAAEY,WAAW,KAAK;wBACzD,MAAM,IAAIzH,sBAAsB;oBAClC;gBACF;gBACA,MAAM,IAAIA,sBAAsB;YAClC;YACA,MAAM2E;QACR;IACF;IAEA;;GAEC,GACD,aAAoBgD,8BAChBC,aAAqB,EACc;QACrC,MAAMV,SAAqC,EAAE;QAE7C,IAAI;YACF,MAAML,WAAsD,MAAMtH,MAAM4H,GAAG,CACvE,CAAC,8DAA8D,EAAES,eAAe,EAChF;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACnC,gBAAgB,IAAI;oBAClD,gBAAgB;gBAClB;YACF;YAGJ,KAAK,MAAM2C,eAAehB,SAAShG,IAAI,CAACA,IAAI,CAAC,EAAE,CAACiH,gBAAgB,CAAE;gBAChEZ,OAAOK,IAAI,CAAC;oBACVN,uBAAuBY,YAAYZ,qBAAqB;oBACxDQ,QAAQI,YAAYJ,MAAM;oBAC1BM,uBAAuBzI,IAAIkI,MAAM,CAACK,YAAYE,qBAAqB;oBACnEC,mBAAmB1I,IAAIkI,MAAM,CAACK,YAAYG,iBAAiB;gBAC7D;YACF;YAEA,OAAOd;QACT,EAAE,OAAOvC,OAAgB;YACvB,IAAInF,aAAamF,UAAUA,MAAMkC,QAAQ,EAAEY,WAAW,KAAK;gBACzD,MAAM,IAAIzH,sBAAsB;YAClC;YAEA,cAAc;YACd,IACIR,aAAamF,UACZA,CAAAA,MAAMkC,QAAQ,EAAEhG,KAAK6G,cAAc,WAAW/C,MAAMkC,QAAQ,EAAEY,WAAW,GAAE,GAC9E;gBACA,IAAI;oBACF,MAAMZ,WAAsD,MAAMtH,MAAM4H,GAAG,CACvE,CAAC,sEAAsE,EAAES,eAAe,EACxF;wBACER,SAAS;4BACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACnC,gBAAgB,IAAI;4BAClD,gBAAgB;wBAClB;oBACF;oBAGJ,KAAK,MAAM2C,eAAehB,SAAShG,IAAI,CAACA,IAAI,CAAC,EAAE,CAACiH,gBAAgB,CAAE;wBAChEZ,OAAOK,IAAI,CAAC;4BACVN,uBAAuBY,YAAYZ,qBAAqB;4BACxDQ,QAAQI,YAAYJ,MAAM;4BAC1BM,uBAAuBzI,IAAIkI,MAAM,CAACK,YAAYE,qBAAqB;4BACnEC,mBAAmB1I,IAAIkI,MAAM,CAACK,YAAYG,iBAAiB;wBAC7D;oBACF;oBAEA,OAAOd;gBACT,EAAE,OAAOpE,GAAG;oBACV,IAAItD,aAAamF,UAAUA,MAAMkC,QAAQ,EAAEY,WAAW,KAAK;wBACzD,MAAM,IAAIzH,sBAAsB;oBAClC;gBACF;gBACA,MAAM,IAAIA,sBAAsB;YAClC;YACA,MAAM2E;QACR;IACF;IAEA;;GAEC,GACD,aAAoBsD,0BAA0BL,aAAqB,EAAoB;QACrF,IAAI;YACF,MAAMf,WAAsD,MAAMtH,MAAM4H,GAAG,CACvE,CAAC,8DAA8D,EAAES,eAAe,EAChF;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACnC,gBAAgB,IAAI;oBAClD,gBAAgB;gBAClB;YACF;YAGJ,OACI2B,SAAShG,IAAI,CAACA,IAAI,CAAC,EAAE,CAACiH,gBAAgB,CAAC,EAAE,CAACL,MAAM,KAAK,KACrDZ,SAAShG,IAAI,CAACA,IAAI,CAAC,EAAE,CAACiH,gBAAgB,CAAC,EAAE,CAACL,MAAM,KAAK;QAE3D,EAAE,OAAO3E,GAAG;YACV,IACIvD,MAAMC,YAAY,CAACsD,MACnBA,EAAE+D,QAAQ,IACV,AAAC/D,EAAE+D,QAAQ,CAAChG,IAAI,AAAoC,CAAC,eAAe,KACpE,2BACF;gBACA,OAAO;YACT;YACA,OAAO;QACT;IACF;IAEA;;GAEC,GACD,aAAoBqH,+BAA+BN,aAAqB,EAAE;QACxE,IAAI;YACF,MAAMf,WAAqD,MAAMtH,MAAM4H,GAAG,CACtE,CAAC,6DAA6D,EAAES,eAAe,EAC/E;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACnC,gBAAgB,IAAI;oBAClD,gBAAgB;gBAClB;YACF;YAGJ,OAAO;gBAAE6C,uBAAuBzI,IAAIkI,MAAM,CAACX,SAAShG,IAAI,CAACkH,qBAAqB;YAAE;QAClF,EAAE,OAAOpD,OAAO;YACd,IAAInF,aAAamF,UAAUA,MAAMkC,QAAQ,EAAEY,WAAW,KAAK;gBACzD,MAAM,IAAIzH,sBAAsB;YAClC;YAEA,cAAc;YACd,IACIR,aAAamF,UACZA,CAAAA,MAAMkC,QAAQ,EAAEhG,KAAK6G,cAAc,WAAW/C,MAAMkC,QAAQ,EAAEY,WAAW,GAAE,GAC9E;gBACA,IAAI;oBACF,MAAMZ,WAAqD,MAAMtH,MAAM4H,GAAG,CACtE,CAAC,qEAAqE,EAAES,eAAe,EACvF;wBACER,SAAS;4BACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACnC,gBAAgB,IAAI;4BAClD,gBAAgB;wBAClB;oBACF;oBAGJ,OAAO;wBAAE6C,uBAAuBzI,IAAIkI,MAAM,CAACX,SAAShG,IAAI,CAACkH,qBAAqB;oBAAE;gBAClF,EAAE,OAAOjF,GAAG;oBACV,IAAItD,aAAamF,UAAUA,MAAMkC,QAAQ,EAAEY,WAAW,KAAK;wBACzD,MAAM,IAAIzH,sBAAsB;oBAClC;gBACF;gBACA,MAAM,IAAIA,sBAAsB;YAClC;YACA,MAAM2E;QACR;IACF;IAEA;;GAEC,GACD,aAAoBwD,yBAAyBP,aAAqB,EAAqB;QACrF,IAAI;YACF,MAAMQ,aAAuB,EAAE;YAC/B,MAAMC,MAAM7G,QAAQC,GAAG,CAAC6G,oBAAoB,IAAI;YAChD,MAAMzB,WAA0B,MAAMtH,MAAM4H,GAAG,CAC3C,GAAGkB,IAAI,mBAAmB,EAAET,cAAc,2BAA2B,CAAC,EACtE;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACnC,gBAAgB,IAAI;oBAClD,gBAAgB;gBAClB;YACF;YAGJ,KAAK,MAAM2C,eAAehB,SAAShG,IAAI,CAACyG,kBAAkB,CAAE;gBAC1Dc,WAAWb,IAAI,CAAC,AAACjI,IAAIkI,MAAM,CAACK,aAAuCU,SAAS;YAC9E;YAEA,OAAOH;QACT,EAAE,OAAOtF,GAAG;YACV8B,QAAQD,KAAK,CAAC,AAAC7B,EAAY0F,OAAO;YAClC,OAAO,EAAE;QACX;IACF;IAEA;;GAEC,GACD,aAAoBC,wBAChBb,aAAqB,EACrBc,YAAoB,EACR;QACd,MAAM7B,WAA0B,MAAMtH,MAAMoJ,GAAG,CAC3C,CAAC,qEAAqE,EAAEf,eAAe,EACvF;YACEc;YACAE,kBAAkB;YAClBC,mBAAmBC,QAAQ,UAAUC,UAAU;QACjD,GACA;YACE3B,SAAS;gBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACnC,gBAAgB,IAAI;YACpD;QACF;QAGJ,OAAO2B,SAAShG,IAAI;IACtB;IAEA,gFAAgF;IAEhF;;GAEC,GACD,aAAoBmI,wBAAkD;QACpE,MAAM,EAAE9H,YAAY,EAAEC,WAAW,EAAE,GAAG,MAAMb;QAE5C,MAAM2I,YAAY,IAAIvJ,OAAOwJ,IAAI,CAACC,GAAG,CAAC;YACpCrF,OAAO5C;YACPsF,KAAKrF;YACLiI,QAAQ;gBAAC;aAAmD;QAC9D;QAEA,OAAO,MAAMH,UAAUI,SAAS;IAClC;IAEA;;GAEC,GACD,aAAoBC,gCAAgCxH,KAAa,EAAE;QACjE,IAAI;YACF,MAAMyH,cAAc,MAAM,IAAI,CAACP,qBAAqB;YAEpD,MAAMnC,WAA0B,MAAMtH,MAAM4H,GAAG,CAC3C,CAAC,yEAAyE,EAAE3F,QAAQC,GAAG,CAAC+H,oBAAoB,IAAI,gCAAgC,kCAAkC,EAAE1H,OAAO,EAC3L;gBACEsF,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAEkC,YAAYE,YAAY,EAAY;gBAC/D;YACF;YAGJ,OAAO5C,SAAShG,IAAI;QACtB,EAAE,OAAO8D,OAAO;YACd,IAAInF,aAAamF,UAAUA,MAAMkC,QAAQ,IAAIlC,MAAMkC,QAAQ,CAACY,MAAM,KAAK,KAAK;gBAC1E,uBAAuB;gBACvB,OAAO;oBACLiC,WAAW;wBACT;4BACEC,YAAY,IAAI3D,KAAKA,KAAKC,GAAG,KAAK,UAAU2D,WAAW;wBACzD;qBACD;gBACH;YACF,OAAO;gBACL,IAAIpK,aAAamF,QAAQ;oBACvBC,QAAQD,KAAK,CAAC,+BAA+BA,MAAM6D,OAAO;oBAC1D,OAAO;gBACT;YACF;QACF;IACF;IAEA;;GAEC,GACD,aAAoBqB,6BAA6B/H,KAAa,EAAoB;QAChF,IAAI;YACF,MAAMyH,cAAc,MAAM,IAAI,CAACP,qBAAqB;YAEpD,MAAMnC,WAA0B,MAAMtH,MAAM4H,GAAG,CAC3C,CAAC,yEAAyE,EAAE3F,QAAQC,GAAG,CAAC+H,oBAAoB,IAAI,gCAAgC,kCAAkC,EAAE1H,OAAO,EAC3L;gBACEsF,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAEkC,YAAYE,YAAY,EAAY;gBAC/D;YACF;YAGJ,OACI,AAAC5C,SAAShG,IAAI,CAAmCiJ,iBAAiB,KAClE;QAEN,EAAE,OAAOnF,OAAO;YACd,IAAInF,aAAamF,QAAQ;gBACvBC,QAAQD,KAAK,CAAC,sBAAsBA,MAAM6D,OAAO;YACnD;YACA,OAAO;QACT;IACF;AACF"}
|
|
1
|
+
{"version":3,"sources":["../../../src/lib/utils/AuthenticationUtil.ts"],"sourcesContent":["import * as dotenv from \"dotenv\";\nimport jwt, {type JwtPayload, type VerifyErrors} from \"jsonwebtoken\";\nimport axios, {type AxiosResponse, isAxiosError} from \"axios\";\nimport {google} from \"googleapis\";\nimport * as bcrypt from \"bcryptjs\";\nimport type {LoginTicket,} from \"google-auth-library\";\nimport {OAuth2Client as OAuth2ClientImpl} from \"google-auth-library\";\nimport jwksClient, {type SigningKey} from \"jwks-rsa\";\nimport {PersistedUser} from '../dbmodels/PersistedUser.js';\nimport type {\n Credentials as CredentialsType,\n SignedTransactions,\n SingleTransactionResponse,\n SubscriptionStatusResponse,\n SubscriptionStatusResponseError,\n SubscriptionStatusResult,\n TransactionsResponse,\n UserTypes,\n VerificationStatus,\n} from '../models/UserInterfaces.js';\nimport {AppleTransactionError} from '../Errors/Errors.js';\nimport {SecretManagerServiceClient} from \"@google-cloud/secret-manager\";\n\ndotenv.config();\n\nenum TokenExpiration {\n ACCESS = 30 * 24 * 60 * 60,\n REFRESH = 356 * 24 * 60 * 60,\n}\n\nconst appleJwksClient = jwksClient({\n jwksUri: \"https://appleid.apple.com/auth/keys\",\n});\n\nasync function loadAndroidServiceAccount(): Promise<{client_email: string; private_key: string}> {\n const sm = new SecretManagerServiceClient();\n const name = \"projects/1033066542238/secrets/ANDROID_SUB_KEY/versions/latest\";\n const [v] = await sm.accessSecretVersion({ name });\n const raw = v.payload?.data?.toString(\"utf8\") ?? \"\";\n\n // Secret should be the full JSON key. Parse and normalize newlines.\n const json = JSON.parse(raw);\n const client_email = json.client_email as string;\n const private_key = String(json.private_key).replace(/\\\\n/g, \"\\n\");\n return { client_email, private_key };\n}\n\nasync function loadAppleSubscriptionkey(): Promise<string> {\n const client = new SecretManagerServiceClient();\n const name = \"projects/1033066542238/secrets/APPLE_SUB_KEY/versions/latest\";\n const [v] = await client.accessSecretVersion({ name });\n return v.payload?.data?.toString(\"utf8\") ?? \"\";\n}\n\nexport class AuthenticationUtil {\n public static readonly ACCESS_SECRET = process.env.ACCESS_TOKEN_SECRET as string;\n public static readonly REFRESH_SECRET = process.env.REFRESH_TOKEN_SECRET as string;\n\n\n\n public static async fetchUserWithTokenInfo(token: string): Promise<PersistedUser | null> {\n const userInToken = await AuthenticationUtil.verifyTokenAndFetchUser(token);\n if (!userInToken || !userInToken.userUuid) {\n return null;\n }\n return userInToken;\n }\n\n public static verifyTokenAndFetchUser(token: string): Promise<PersistedUser | null | false> {\n return new Promise<PersistedUser | null | false>((resolve, reject) => {\n jwt.verify(\n token,\n this.ACCESS_SECRET,\n (err: VerifyErrors | null, decoded: JwtPayload | string | undefined) => {\n if (err) {\n reject(err);\n return;\n }\n\n if (decoded === undefined) {\n resolve(null);\n return;\n }\n\n const user: UserTypes = <UserTypes>decoded;\n\n if (!user.userUuid) {\n resolve(false);\n return;\n }\n\n PersistedUser.findByPk(user.userUuid)\n .then((persistedUser: PersistedUser | null) => {\n resolve(persistedUser);\n })\n .catch((e: Error) => {\n reject(e);\n });\n }\n );\n });\n }\n\n /**\n * Sign access token\n */\n public static signAccessToken(user: UserTypes): string {\n return jwt.sign(user, this.ACCESS_SECRET, {\n expiresIn: TokenExpiration.ACCESS,\n });\n }\n\n /**\n * Sign refresh token\n */\n public static signRefreshToken(user: UserTypes): string {\n return jwt.sign(user, this.REFRESH_SECRET);\n }\n\n /**\n * Verify refresh token and return new access token\n */\n public static verifyRefreshToken(refreshToken: string): Promise<string | null | false> {\n return new Promise<string | null | false>((resolve, reject) => {\n jwt.verify(\n refreshToken,\n this.REFRESH_SECRET,\n async (err: VerifyErrors | null, user: JwtPayload | string | undefined) => {\n if (err) {\n reject(err);\n return;\n }\n\n if (user === undefined) {\n resolve(null);\n return;\n }\n\n const userTypes = <UserTypes>user;\n const newAccessToken = this.signAccessToken(userTypes);\n resolve(newAccessToken);\n }\n );\n });\n }\n\n // ==================== Password Management ====================\n\n /**\n * Hash password using bcrypt\n */\n public static async hashPassword(password: string): Promise<string> {\n return bcrypt.hash(password, 10);\n }\n\n /**\n * Compare password with hash\n */\n public static async comparePassword(plainPassword: string, hash: string): Promise<boolean> {\n return bcrypt.compare(plainPassword, hash);\n }\n\n // ==================== User Registration & Login ====================\n\n /**\n * Check if user is already registered\n */\n public static async checkIfUserAlreadyRegistered(email: string | undefined): Promise<boolean> {\n if (!email) return false;\n const user = await PersistedUser.findOne({ where: { email } });\n return user !== null;\n }\n\n /**\n * Login user with email and password\n */\n public static async login(email: string, password: string): Promise<PersistedUser | null> {\n const users = await PersistedUser.findAll({ where: { email } });\n\n if (!users || users.length === 0) {\n return null;\n }\n\n for (const user of users) {\n const passwordsMatch = await this.comparePassword(password, user.password);\n if (passwordsMatch) {\n return user;\n }\n }\n\n return null;\n }\n\n // ==================== Google OAuth ====================\n\n /**\n * Verify Google OAuth token\n */\n public static async verifyGoogleToken(\n idToken: string,\n audience: string\n ): Promise<LoginTicket | null> {\n const client = new OAuth2ClientImpl(audience);\n try {\n return await client.verifyIdToken({ idToken, audience });\n } catch (error) {\n console.error(\"Google Token Verification Error:\", error);\n return null;\n }\n }\n\n /**\n * Get Google OAuth client ID based on platform\n */\n public static getGoogleClientId(platform: string): string | undefined {\n switch (platform) {\n case \"android\":\n return process.env.ANDROID_GOOGLE_CLIENT_ID;\n case \"ios\":\n return process.env.IOS_GOOGLE_CLIENT_ID;\n case \"web\":\n return process.env.WEB_GOOGLE_CLIENT_ID;\n default:\n return undefined;\n }\n }\n\n // ==================== Apple OAuth & Subscriptions ====================\n\n /**\n * Generate Apple JWT for App Store Connect API\n */\n public static async generateAppleJWT(): Promise<string> {\n const privateKey: string = await loadAppleSubscriptionkey()\n\n const header = {\n alg: \"ES256\",\n kid: process.env.APPLE_KID as string,\n typ: \"JWT\",\n };\n\n const payload = {\n iss: process.env.APPLE_ISSUER as string,\n iat: Math.floor(Date.now() / 1000),\n exp: Math.floor(Date.now() / 1000) + 3600,\n aud: \"appstoreconnect-v1\",\n bid: process.env.APPLE_BUNDLE_ID as string,\n };\n\n return jwt.sign(payload, privateKey, { header });\n }\n\n /**\n * Verify Apple JWT for Sign in with Apple\n */\n public static verifyAppleJwt(userData: string, key: string) {\n try {\n return jwt.verify(userData, key);\n } catch (e) {\n console.error(e);\n return null;\n }\n }\n\n /**\n * Get Apple Sign In public key\n */\n public static async getAppleSignInKey(kid: string): Promise<string | undefined> {\n try {\n const key: SigningKey = await appleJwksClient.getSigningKey(kid);\n return key.getPublicKey();\n } catch (e) {\n console.error(e);\n return undefined;\n }\n }\n\n /**\n * Verify Apple receipt (legacy)\n */\n public static async verifyAppleReceipt(data: string): Promise<VerificationStatus> {\n const response: AxiosResponse = await axios.post(\n \"https://buy.itunes.apple.com/verifyReceipt\",\n {\n \"receipt-data\": data,\n password: process.env.APPLE_SHARED_SECRET as string,\n \"exclude-old-transactions\": true,\n }\n );\n\n return response.data as VerificationStatus;\n }\n\n /**\n * Get Apple transaction history\n */\n public static async getAppleTransactions(\n originalTransactionId: string\n ): Promise<SignedTransactions[]> {\n const result: SignedTransactions[] = [];\n\n try {\n const response: AxiosResponse<TransactionsResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/history/${originalTransactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const token of response.data.signedTransactions) {\n result.push(jwt.decode(token) as SignedTransactions);\n }\n\n return result;\n } catch (error) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n\n // Try sandbox environment\n if (\n isAxiosError(error) &&\n (error.response?.data.errorCode === 4040010 || error.response?.status === 401)\n ) {\n try {\n const response: AxiosResponse<TransactionsResponse> = await axios.get(\n `https://api.storekit-sandbox.itunes.apple.com/inApps/v1/history/${originalTransactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const token of response.data.signedTransactions) {\n result.push(jwt.decode(token) as SignedTransactions);\n }\n\n return result;\n } catch (e) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n }\n throw new AppleTransactionError(\"Transaction was not found in both environments.\");\n }\n throw error;\n }\n }\n\n /**\n * Get Apple subscription status\n */\n public static async getAppleSubscriptionsStatuses(\n transactionId: string\n ): Promise<SubscriptionStatusResult[]> {\n const result: SubscriptionStatusResult[] = [];\n\n try {\n const response: AxiosResponse<SubscriptionStatusResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const transaction of response.data.data[0].lastTransactions) {\n result.push({\n originalTransactionId: transaction.originalTransactionId,\n status: transaction.status,\n signedTransactionInfo: jwt.decode(transaction.signedTransactionInfo),\n signedRenewalInfo: jwt.decode(transaction.signedRenewalInfo),\n });\n }\n\n return result;\n } catch (error: unknown) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n\n // Try sandbox\n if (\n isAxiosError(error) &&\n (error.response?.data.errorCode === 4040010 || error.response?.status === 401)\n ) {\n try {\n const response: AxiosResponse<SubscriptionStatusResponse> = await axios.get(\n `https://api.storekit-sandbox.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const transaction of response.data.data[0].lastTransactions) {\n result.push({\n originalTransactionId: transaction.originalTransactionId,\n status: transaction.status,\n signedTransactionInfo: jwt.decode(transaction.signedTransactionInfo),\n signedRenewalInfo: jwt.decode(transaction.signedRenewalInfo),\n });\n }\n\n return result;\n } catch (e) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n }\n throw new AppleTransactionError(\"Transaction was not found in both environments.\");\n }\n throw error;\n }\n }\n\n /**\n * Check if Apple subscription is active\n */\n public static async isAppleSubscriptionActive(transactionId: string): Promise<boolean> {\n try {\n const response: AxiosResponse<SubscriptionStatusResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n return (\n response.data.data[0].lastTransactions[0].status === 0 ||\n response.data.data[0].lastTransactions[0].status === 2\n );\n } catch (e) {\n if (\n axios.isAxiosError(e) &&\n e.response &&\n (e.response.data as SubscriptionStatusResponseError)[\"errorMessage\"] ===\n \"Invalid transaction id.\"\n ) {\n return false;\n }\n return false;\n }\n }\n\n /**\n * Get single Apple transaction info\n */\n public static async getSingleAppleTransactionsInfo(transactionId: string) {\n try {\n const response: AxiosResponse<SingleTransactionResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/transactions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n return { signedTransactionInfo: jwt.decode(response.data.signedTransactionInfo) };\n } catch (error) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n\n // Try sandbox\n if (\n isAxiosError(error) &&\n (error.response?.data.errorCode === 4040010 || error.response?.status === 401)\n ) {\n try {\n const response: AxiosResponse<SingleTransactionResponse> = await axios.get(\n `https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n return { signedTransactionInfo: jwt.decode(response.data.signedTransactionInfo) };\n } catch (e) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n }\n throw new AppleTransactionError(\"Transaction was not found in both environments.\");\n }\n throw error;\n }\n }\n\n /**\n * Check if user bought a program (non-consumable)\n */\n public static async checkIfUserBoughtProgram(transactionId: string): Promise<string[]> {\n try {\n const productIds: string[] = [];\n const url = process.env.PURCHASE_HISTORY_URL || \"https://api.storekit.itunes.apple.com\";\n const response: AxiosResponse = await axios.get(\n `${url}/inApps/v2/history/${transactionId}?productType=NON_CONSUMABLE`,\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const transaction of response.data.signedTransactions) {\n productIds.push((jwt.decode(transaction) as { productId: string }).productId);\n }\n\n return productIds;\n } catch (e) {\n console.error((e as Error).message);\n return [];\n }\n }\n\n /**\n * Extend Apple subscription\n */\n public static async extendAppleSubscription(\n transactionId: string,\n extendByDays: number\n ): Promise<any> {\n const response: AxiosResponse = await axios.put(\n `https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/extend/${transactionId}`,\n {\n extendByDays,\n extendReasonCode: 1,\n requestIdentifier: require(\"crypto\").randomUUID(),\n },\n {\n headers: {\n Authorization: `Bearer ${this.generateAppleJWT()}`,\n },\n }\n );\n\n return response.data;\n }\n\n // ==================== Android (Google Play) Subscriptions ====================\n\n /**\n * Get Android access token for Google Play API\n */\n public static async getAndroidAccessToken(): Promise<CredentialsType> {\n const { client_email, private_key } = await loadAndroidServiceAccount();\n\n const jwtClient = new google.auth.JWT({\n email: client_email,\n key: private_key, // unesc\n scopes: [\"https://www.googleapis.com/auth/androidpublisher\"],\n });\n\n return await jwtClient.authorize();\n }\n\n /**\n * Get Android subscription status\n */\n public static async getAndroidSubscriptionsStatuses(token: string) {\n try {\n const credentials = await this.getAndroidAccessToken();\n\n const response: AxiosResponse = await axios.get(\n `https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${process.env.ANDROID_PACKAGE_NAME || \"nl.browney.nintydayschallenge\"}/purchases/subscriptionsv2/tokens/${token}`,\n {\n headers: {\n Authorization: `Bearer ${credentials.access_token as string}`,\n },\n }\n );\n\n return response.data;\n } catch (error) {\n if (isAxiosError(error) && error.response && error.response.status === 410) {\n // Subscription expired\n return {\n lineItems: [\n {\n expiryTime: new Date(Date.now() - 86400000).toISOString(), // Yesterday\n },\n ],\n };\n } else {\n if (isAxiosError(error)) {\n console.error(\"Android subscription error:\", error.message);\n return false;\n }\n }\n }\n }\n\n /**\n * Check if Android subscription is active\n */\n public static async isAndroidSubscriptionsActive(token: string): Promise<boolean> {\n try {\n const credentials = await this.getAndroidAccessToken();\n\n const response: AxiosResponse = await axios.get(\n `https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${process.env.ANDROID_PACKAGE_NAME || \"nl.browney.nintydayschallenge\"}/purchases/subscriptionsv2/tokens/${token}`,\n {\n headers: {\n Authorization: `Bearer ${credentials.access_token as string}`,\n },\n }\n );\n\n return (\n (response.data as { subscriptionState: string }).subscriptionState ===\n \"SUBSCRIPTION_STATE_ACTIVE\"\n );\n } catch (error) {\n if (isAxiosError(error)) {\n console.error(\"An error occurred:\", error.message);\n }\n return false;\n }\n }\n}\n"],"names":["dotenv","jwt","axios","isAxiosError","google","bcrypt","OAuth2Client","OAuth2ClientImpl","jwksClient","PersistedUser","AppleTransactionError","SecretManagerServiceClient","config","TokenExpiration","appleJwksClient","jwksUri","loadAndroidServiceAccount","sm","name","v","accessSecretVersion","raw","payload","data","toString","json","JSON","parse","client_email","private_key","String","replace","loadAppleSubscriptionkey","client","AuthenticationUtil","ACCESS_SECRET","process","env","ACCESS_TOKEN_SECRET","REFRESH_SECRET","REFRESH_TOKEN_SECRET","fetchUserWithTokenInfo","token","userInToken","verifyTokenAndFetchUser","userUuid","Promise","resolve","reject","verify","err","decoded","undefined","user","findByPk","then","persistedUser","catch","e","signAccessToken","sign","expiresIn","signRefreshToken","verifyRefreshToken","refreshToken","userTypes","newAccessToken","hashPassword","password","hash","comparePassword","plainPassword","compare","checkIfUserAlreadyRegistered","email","findOne","where","login","users","findAll","length","passwordsMatch","verifyGoogleToken","idToken","audience","verifyIdToken","error","console","getGoogleClientId","platform","ANDROID_GOOGLE_CLIENT_ID","IOS_GOOGLE_CLIENT_ID","WEB_GOOGLE_CLIENT_ID","generateAppleJWT","privateKey","header","alg","kid","APPLE_KID","typ","iss","APPLE_ISSUER","iat","Math","floor","Date","now","exp","aud","bid","APPLE_BUNDLE_ID","verifyAppleJwt","userData","key","getAppleSignInKey","getSigningKey","getPublicKey","verifyAppleReceipt","response","post","APPLE_SHARED_SECRET","getAppleTransactions","originalTransactionId","result","get","headers","Authorization","signedTransactions","push","decode","status","errorCode","getAppleSubscriptionsStatuses","transactionId","transaction","lastTransactions","signedTransactionInfo","signedRenewalInfo","isAppleSubscriptionActive","getSingleAppleTransactionsInfo","checkIfUserBoughtProgram","productIds","url","PURCHASE_HISTORY_URL","productId","message","extendAppleSubscription","extendByDays","put","extendReasonCode","requestIdentifier","require","randomUUID","getAndroidAccessToken","jwtClient","auth","JWT","scopes","authorize","getAndroidSubscriptionsStatuses","credentials","ANDROID_PACKAGE_NAME","access_token","lineItems","expiryTime","toISOString","isAndroidSubscriptionsActive","subscriptionState"],"mappings":"AAAA,YAAYA,YAAY,SAAS;AACjC,OAAOC,SAA+C,eAAe;AACrE,OAAOC,SAA4BC,YAAY,QAAO,QAAQ;AAC9D,SAAQC,MAAM,QAAO,aAAa;AAClC,YAAYC,YAAY,WAAW;AAEnC,SAAQC,gBAAgBC,gBAAgB,QAAO,sBAAsB;AACrE,OAAOC,gBAAmC,WAAW;AACrD,SAAQC,aAAa,QAAO,+BAA+B;AAY3D,SAAQC,qBAAqB,QAAO,sBAAsB;AAC1D,SAAQC,0BAA0B,QAAO,+BAA+B;AAExEX,OAAOY,MAAM;AAEb,IAAA,AAAKC,yCAAAA;;;WAAAA;EAAAA;AAKL,MAAMC,kBAAkBN,WAAW;IACjCO,SAAS;AACX;AAEA,eAAeC;IACb,MAAMC,KAAK,IAAIN;IACf,MAAMO,OAAO;IACb,MAAM,CAACC,EAAE,GAAG,MAAMF,GAAGG,mBAAmB,CAAC;QAAEF;IAAK;IAChD,MAAMG,MAAMF,EAAEG,OAAO,EAAEC,MAAMC,SAAS,WAAW;IAEjD,oEAAoE;IACpE,MAAMC,OAAOC,KAAKC,KAAK,CAACN;IACxB,MAAMO,eAAeH,KAAKG,YAAY;IACtC,MAAMC,cAAcC,OAAOL,KAAKI,WAAW,EAAEE,OAAO,CAAC,QAAQ;IAC7D,OAAO;QAAEH;QAAcC;IAAY;AACrC;AAEA,eAAeG;IACb,MAAMC,SAAS,IAAItB;IACnB,MAAMO,OAAO;IACb,MAAM,CAACC,EAAE,GAAG,MAAMc,OAAOb,mBAAmB,CAAC;QAAEF;IAAK;IACpD,OAAOC,EAAEG,OAAO,EAAEC,MAAMC,SAAS,WAAW;AAC9C;AAEA,OAAO,MAAMU;IACX,OAAuBC,gBAAgBC,QAAQC,GAAG,CAACC,mBAAmB,CAAW;IACjF,OAAuBC,iBAAiBH,QAAQC,GAAG,CAACG,oBAAoB,CAAW;IAInF,aAAoBC,uBAAuBC,KAAa,EAAiC;QACvF,MAAMC,cAAc,MAAMT,mBAAmBU,uBAAuB,CAACF;QACrE,IAAI,CAACC,eAAe,CAACA,YAAYE,QAAQ,EAAE;YACzC,OAAO;QACT;QACA,OAAOF;IACT;IAEA,OAAcC,wBAAwBF,KAAa,EAAyC;QAC1F,OAAO,IAAII,QAAsC,CAACC,SAASC;YACzD/C,IAAIgD,MAAM,CACNP,OACA,IAAI,CAACP,aAAa,EAClB,CAACe,KAA0BC;gBACzB,IAAID,KAAK;oBACPF,OAAOE;oBACP;gBACF;gBAEA,IAAIC,YAAYC,WAAW;oBACzBL,QAAQ;oBACR;gBACF;gBAEA,MAAMM,OAA6BF;gBAEnC,IAAI,CAACE,KAAKR,QAAQ,EAAE;oBAClBE,QAAQ;oBACR;gBACF;gBAEAtC,cAAc6C,QAAQ,CAACD,KAAKR,QAAQ,EAC/BU,IAAI,CAAC,CAACC;oBACLT,QAAQS;gBACV,GACCC,KAAK,CAAC,CAACC;oBACNV,OAAOU;gBACT;YACN;QAEN;IACF;IAEA;;GAEC,GACD,OAAcC,gBAAgBN,IAAe,EAAU;QACrD,OAAOpD,IAAI2D,IAAI,CAACP,MAAM,IAAI,CAAClB,aAAa,EAAE;YACxC0B,SAAS;QACX;IACF;IAEA;;GAEC,GACD,OAAcC,iBAAiBT,IAAe,EAAU;QACtD,OAAOpD,IAAI2D,IAAI,CAACP,MAAM,IAAI,CAACd,cAAc;IAC3C;IAEA;;GAEC,GACD,OAAcwB,mBAAmBC,YAAoB,EAAkC;QACrF,OAAO,IAAIlB,QAA+B,CAACC,SAASC;YAClD/C,IAAIgD,MAAM,CACNe,cACA,IAAI,CAACzB,cAAc,EACnB,OAAOW,KAA0BG;gBAC/B,IAAIH,KAAK;oBACPF,OAAOE;oBACP;gBACF;gBAEA,IAAIG,SAASD,WAAW;oBACtBL,QAAQ;oBACR;gBACF;gBAEA,MAAMkB,YAAuBZ;gBAC7B,MAAMa,iBAAiB,IAAI,CAACP,eAAe,CAACM;gBAC5ClB,QAAQmB;YACV;QAEN;IACF;IAEA,gEAAgE;IAEhE;;GAEC,GACD,aAAoBC,aAAaC,QAAgB,EAAmB;QAClE,OAAO/D,OAAOgE,IAAI,CAACD,UAAU;IAC/B;IAEA;;GAEC,GACD,aAAoBE,gBAAgBC,aAAqB,EAAEF,IAAY,EAAoB;QACzF,OAAOhE,OAAOmE,OAAO,CAACD,eAAeF;IACvC;IAEA,sEAAsE;IAEtE;;GAEC,GACD,aAAoBI,6BAA6BC,KAAyB,EAAoB;QAC5F,IAAI,CAACA,OAAO,OAAO;QACnB,MAAMrB,OAAO,MAAM5C,cAAckE,OAAO,CAAC;YAAEC,OAAO;gBAAEF;YAAM;QAAE;QAC5D,OAAOrB,SAAS;IAClB;IAEA;;GAEC,GACD,aAAoBwB,MAAMH,KAAa,EAAEN,QAAgB,EAAiC;QACxF,MAAMU,QAAQ,MAAMrE,cAAcsE,OAAO,CAAC;YAAEH,OAAO;gBAAEF;YAAM;QAAE;QAE7D,IAAI,CAACI,SAASA,MAAME,MAAM,KAAK,GAAG;YAChC,OAAO;QACT;QAEA,KAAK,MAAM3B,QAAQyB,MAAO;YACxB,MAAMG,iBAAiB,MAAM,IAAI,CAACX,eAAe,CAACF,UAAUf,KAAKe,QAAQ;YACzE,IAAIa,gBAAgB;gBAClB,OAAO5B;YACT;QACF;QAEA,OAAO;IACT;IAEA,yDAAyD;IAEzD;;GAEC,GACD,aAAoB6B,kBAChBC,OAAe,EACfC,QAAgB,EACW;QAC7B,MAAMnD,SAAS,IAAI1B,iBAAiB6E;QACpC,IAAI;YACF,OAAO,MAAMnD,OAAOoD,aAAa,CAAC;gBAAEF;gBAASC;YAAS;QACxD,EAAE,OAAOE,OAAO;YACdC,QAAQD,KAAK,CAAC,oCAAoCA;YAClD,OAAO;QACT;IACF;IAEA;;GAEC,GACD,OAAcE,kBAAkBC,QAAgB,EAAsB;QACpE,OAAQA;YACN,KAAK;gBACH,OAAOrD,QAAQC,GAAG,CAACqD,wBAAwB;YAC7C,KAAK;gBACH,OAAOtD,QAAQC,GAAG,CAACsD,oBAAoB;YACzC,KAAK;gBACH,OAAOvD,QAAQC,GAAG,CAACuD,oBAAoB;YACzC;gBACE,OAAOxC;QACX;IACF;IAEA,wEAAwE;IAExE;;GAEC,GACD,aAAqByC,mBAAoC;QACvD,MAAMC,aAAqB,MAAM9D;QAEjC,MAAM+D,SAAS;YACbC,KAAK;YACLC,KAAK7D,QAAQC,GAAG,CAAC6D,SAAS;YAC1BC,KAAK;QACP;QAEA,MAAM7E,UAAU;YACd8E,KAAKhE,QAAQC,GAAG,CAACgE,YAAY;YAC7BC,KAAKC,KAAKC,KAAK,CAACC,KAAKC,GAAG,KAAK;YAC7BC,KAAKJ,KAAKC,KAAK,CAACC,KAAKC,GAAG,KAAK,QAAQ;YACrCE,KAAK;YACLC,KAAKzE,QAAQC,GAAG,CAACyE,eAAe;QAClC;QAEA,OAAO7G,IAAI2D,IAAI,CAACtC,SAASwE,YAAY;YAAEC;QAAO;IAChD;IAEA;;GAEC,GACD,OAAcgB,eAAeC,QAAgB,EAAEC,GAAW,EAAE;QAC1D,IAAI;YACF,OAAOhH,IAAIgD,MAAM,CAAC+D,UAAUC;QAC9B,EAAE,OAAOvD,GAAG;YACV6B,QAAQD,KAAK,CAAC5B;YACd,OAAO;QACT;IACF;IAEA;;GAEC,GACD,aAAoBwD,kBAAkBjB,GAAW,EAA+B;QAC9E,IAAI;YACF,MAAMgB,MAAkB,MAAMnG,gBAAgBqG,aAAa,CAAClB;YAC5D,OAAOgB,IAAIG,YAAY;QACzB,EAAE,OAAO1D,GAAG;YACV6B,QAAQD,KAAK,CAAC5B;YACd,OAAON;QACT;IACF;IAEA;;GAEC,GACD,aAAoBiE,mBAAmB9F,IAAY,EAA+B;QAChF,MAAM+F,WAA0B,MAAMpH,MAAMqH,IAAI,CAC5C,8CACA;YACE,gBAAgBhG;YAChB6C,UAAUhC,QAAQC,GAAG,CAACmF,mBAAmB;YACzC,4BAA4B;QAC9B;QAGJ,OAAOF,SAAS/F,IAAI;IACtB;IAEA;;GAEC,GACD,aAAoBkG,qBAChBC,qBAA6B,EACA;QAC/B,MAAMC,SAA+B,EAAE;QAEvC,IAAI;YACF,MAAML,WAAgD,MAAMpH,MAAM0H,GAAG,CACjE,CAAC,wDAAwD,EAAEF,uBAAuB,EAClF;gBACEG,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACjC,gBAAgB,IAAI;oBAClD,gBAAgB;gBAClB;YACF;YAGJ,KAAK,MAAMnD,SAAS4E,SAAS/F,IAAI,CAACwG,kBAAkB,CAAE;gBACpDJ,OAAOK,IAAI,CAAC/H,IAAIgI,MAAM,CAACvF;YACzB;YAEA,OAAOiF;QACT,EAAE,OAAOrC,OAAO;YACd,IAAInF,aAAamF,UAAUA,MAAMgC,QAAQ,EAAEY,WAAW,KAAK;gBACzD,MAAM,IAAIxH,sBAAsB;YAClC;YAEA,0BAA0B;YAC1B,IACIP,aAAamF,UACZA,CAAAA,MAAMgC,QAAQ,EAAE/F,KAAK4G,cAAc,WAAW7C,MAAMgC,QAAQ,EAAEY,WAAW,GAAE,GAC9E;gBACA,IAAI;oBACF,MAAMZ,WAAgD,MAAMpH,MAAM0H,GAAG,CACjE,CAAC,gEAAgE,EAAEF,uBAAuB,EAC1F;wBACEG,SAAS;4BACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACjC,gBAAgB,IAAI;4BAClD,gBAAgB;wBAClB;oBACF;oBAGJ,KAAK,MAAMnD,SAAS4E,SAAS/F,IAAI,CAACwG,kBAAkB,CAAE;wBACpDJ,OAAOK,IAAI,CAAC/H,IAAIgI,MAAM,CAACvF;oBACzB;oBAEA,OAAOiF;gBACT,EAAE,OAAOjE,GAAG;oBACV,IAAIvD,aAAamF,UAAUA,MAAMgC,QAAQ,EAAEY,WAAW,KAAK;wBACzD,MAAM,IAAIxH,sBAAsB;oBAClC;gBACF;gBACA,MAAM,IAAIA,sBAAsB;YAClC;YACA,MAAM4E;QACR;IACF;IAEA;;GAEC,GACD,aAAoB8C,8BAChBC,aAAqB,EACc;QACrC,MAAMV,SAAqC,EAAE;QAE7C,IAAI;YACF,MAAML,WAAsD,MAAMpH,MAAM0H,GAAG,CACvE,CAAC,8DAA8D,EAAES,eAAe,EAChF;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACjC,gBAAgB,IAAI;oBAClD,gBAAgB;gBAClB;YACF;YAGJ,KAAK,MAAMyC,eAAehB,SAAS/F,IAAI,CAACA,IAAI,CAAC,EAAE,CAACgH,gBAAgB,CAAE;gBAChEZ,OAAOK,IAAI,CAAC;oBACVN,uBAAuBY,YAAYZ,qBAAqB;oBACxDQ,QAAQI,YAAYJ,MAAM;oBAC1BM,uBAAuBvI,IAAIgI,MAAM,CAACK,YAAYE,qBAAqB;oBACnEC,mBAAmBxI,IAAIgI,MAAM,CAACK,YAAYG,iBAAiB;gBAC7D;YACF;YAEA,OAAOd;QACT,EAAE,OAAOrC,OAAgB;YACvB,IAAInF,aAAamF,UAAUA,MAAMgC,QAAQ,EAAEY,WAAW,KAAK;gBACzD,MAAM,IAAIxH,sBAAsB;YAClC;YAEA,cAAc;YACd,IACIP,aAAamF,UACZA,CAAAA,MAAMgC,QAAQ,EAAE/F,KAAK4G,cAAc,WAAW7C,MAAMgC,QAAQ,EAAEY,WAAW,GAAE,GAC9E;gBACA,IAAI;oBACF,MAAMZ,WAAsD,MAAMpH,MAAM0H,GAAG,CACvE,CAAC,sEAAsE,EAAES,eAAe,EACxF;wBACER,SAAS;4BACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACjC,gBAAgB,IAAI;4BAClD,gBAAgB;wBAClB;oBACF;oBAGJ,KAAK,MAAMyC,eAAehB,SAAS/F,IAAI,CAACA,IAAI,CAAC,EAAE,CAACgH,gBAAgB,CAAE;wBAChEZ,OAAOK,IAAI,CAAC;4BACVN,uBAAuBY,YAAYZ,qBAAqB;4BACxDQ,QAAQI,YAAYJ,MAAM;4BAC1BM,uBAAuBvI,IAAIgI,MAAM,CAACK,YAAYE,qBAAqB;4BACnEC,mBAAmBxI,IAAIgI,MAAM,CAACK,YAAYG,iBAAiB;wBAC7D;oBACF;oBAEA,OAAOd;gBACT,EAAE,OAAOjE,GAAG;oBACV,IAAIvD,aAAamF,UAAUA,MAAMgC,QAAQ,EAAEY,WAAW,KAAK;wBACzD,MAAM,IAAIxH,sBAAsB;oBAClC;gBACF;gBACA,MAAM,IAAIA,sBAAsB;YAClC;YACA,MAAM4E;QACR;IACF;IAEA;;GAEC,GACD,aAAoBoD,0BAA0BL,aAAqB,EAAoB;QACrF,IAAI;YACF,MAAMf,WAAsD,MAAMpH,MAAM0H,GAAG,CACvE,CAAC,8DAA8D,EAAES,eAAe,EAChF;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACjC,gBAAgB,IAAI;oBAClD,gBAAgB;gBAClB;YACF;YAGJ,OACIyB,SAAS/F,IAAI,CAACA,IAAI,CAAC,EAAE,CAACgH,gBAAgB,CAAC,EAAE,CAACL,MAAM,KAAK,KACrDZ,SAAS/F,IAAI,CAACA,IAAI,CAAC,EAAE,CAACgH,gBAAgB,CAAC,EAAE,CAACL,MAAM,KAAK;QAE3D,EAAE,OAAOxE,GAAG;YACV,IACIxD,MAAMC,YAAY,CAACuD,MACnBA,EAAE4D,QAAQ,IACV,AAAC5D,EAAE4D,QAAQ,CAAC/F,IAAI,AAAoC,CAAC,eAAe,KACpE,2BACF;gBACA,OAAO;YACT;YACA,OAAO;QACT;IACF;IAEA;;GAEC,GACD,aAAoBoH,+BAA+BN,aAAqB,EAAE;QACxE,IAAI;YACF,MAAMf,WAAqD,MAAMpH,MAAM0H,GAAG,CACtE,CAAC,6DAA6D,EAAES,eAAe,EAC/E;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACjC,gBAAgB,IAAI;oBAClD,gBAAgB;gBAClB;YACF;YAGJ,OAAO;gBAAE2C,uBAAuBvI,IAAIgI,MAAM,CAACX,SAAS/F,IAAI,CAACiH,qBAAqB;YAAE;QAClF,EAAE,OAAOlD,OAAO;YACd,IAAInF,aAAamF,UAAUA,MAAMgC,QAAQ,EAAEY,WAAW,KAAK;gBACzD,MAAM,IAAIxH,sBAAsB;YAClC;YAEA,cAAc;YACd,IACIP,aAAamF,UACZA,CAAAA,MAAMgC,QAAQ,EAAE/F,KAAK4G,cAAc,WAAW7C,MAAMgC,QAAQ,EAAEY,WAAW,GAAE,GAC9E;gBACA,IAAI;oBACF,MAAMZ,WAAqD,MAAMpH,MAAM0H,GAAG,CACtE,CAAC,qEAAqE,EAAES,eAAe,EACvF;wBACER,SAAS;4BACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACjC,gBAAgB,IAAI;4BAClD,gBAAgB;wBAClB;oBACF;oBAGJ,OAAO;wBAAE2C,uBAAuBvI,IAAIgI,MAAM,CAACX,SAAS/F,IAAI,CAACiH,qBAAqB;oBAAE;gBAClF,EAAE,OAAO9E,GAAG;oBACV,IAAIvD,aAAamF,UAAUA,MAAMgC,QAAQ,EAAEY,WAAW,KAAK;wBACzD,MAAM,IAAIxH,sBAAsB;oBAClC;gBACF;gBACA,MAAM,IAAIA,sBAAsB;YAClC;YACA,MAAM4E;QACR;IACF;IAEA;;GAEC,GACD,aAAoBsD,yBAAyBP,aAAqB,EAAqB;QACrF,IAAI;YACF,MAAMQ,aAAuB,EAAE;YAC/B,MAAMC,MAAM1G,QAAQC,GAAG,CAAC0G,oBAAoB,IAAI;YAChD,MAAMzB,WAA0B,MAAMpH,MAAM0H,GAAG,CAC3C,GAAGkB,IAAI,mBAAmB,EAAET,cAAc,2BAA2B,CAAC,EACtE;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACjC,gBAAgB,IAAI;oBAClD,gBAAgB;gBAClB;YACF;YAGJ,KAAK,MAAMyC,eAAehB,SAAS/F,IAAI,CAACwG,kBAAkB,CAAE;gBAC1Dc,WAAWb,IAAI,CAAC,AAAC/H,IAAIgI,MAAM,CAACK,aAAuCU,SAAS;YAC9E;YAEA,OAAOH;QACT,EAAE,OAAOnF,GAAG;YACV6B,QAAQD,KAAK,CAAC,AAAC5B,EAAYuF,OAAO;YAClC,OAAO,EAAE;QACX;IACF;IAEA;;GAEC,GACD,aAAoBC,wBAChBb,aAAqB,EACrBc,YAAoB,EACR;QACd,MAAM7B,WAA0B,MAAMpH,MAAMkJ,GAAG,CAC3C,CAAC,qEAAqE,EAAEf,eAAe,EACvF;YACEc;YACAE,kBAAkB;YAClBC,mBAAmBC,QAAQ,UAAUC,UAAU;QACjD,GACA;YACE3B,SAAS;gBACPC,eAAe,CAAC,OAAO,EAAE,IAAI,CAACjC,gBAAgB,IAAI;YACpD;QACF;QAGJ,OAAOyB,SAAS/F,IAAI;IACtB;IAEA,gFAAgF;IAEhF;;GAEC,GACD,aAAoBkI,wBAAkD;QACpE,MAAM,EAAE7H,YAAY,EAAEC,WAAW,EAAE,GAAG,MAAMb;QAE5C,MAAM0I,YAAY,IAAItJ,OAAOuJ,IAAI,CAACC,GAAG,CAAC;YACpClF,OAAO9C;YACPqF,KAAKpF;YACLgI,QAAQ;gBAAC;aAAmD;QAC9D;QAEA,OAAO,MAAMH,UAAUI,SAAS;IAClC;IAEA;;GAEC,GACD,aAAoBC,gCAAgCrH,KAAa,EAAE;QACjE,IAAI;YACF,MAAMsH,cAAc,MAAM,IAAI,CAACP,qBAAqB;YAEpD,MAAMnC,WAA0B,MAAMpH,MAAM0H,GAAG,CAC3C,CAAC,yEAAyE,EAAExF,QAAQC,GAAG,CAAC4H,oBAAoB,IAAI,gCAAgC,kCAAkC,EAAEvH,OAAO,EAC3L;gBACEmF,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAEkC,YAAYE,YAAY,EAAY;gBAC/D;YACF;YAGJ,OAAO5C,SAAS/F,IAAI;QACtB,EAAE,OAAO+D,OAAO;YACd,IAAInF,aAAamF,UAAUA,MAAMgC,QAAQ,IAAIhC,MAAMgC,QAAQ,CAACY,MAAM,KAAK,KAAK;gBAC1E,uBAAuB;gBACvB,OAAO;oBACLiC,WAAW;wBACT;4BACEC,YAAY,IAAI3D,KAAKA,KAAKC,GAAG,KAAK,UAAU2D,WAAW;wBACzD;qBACD;gBACH;YACF,OAAO;gBACL,IAAIlK,aAAamF,QAAQ;oBACvBC,QAAQD,KAAK,CAAC,+BAA+BA,MAAM2D,OAAO;oBAC1D,OAAO;gBACT;YACF;QACF;IACF;IAEA;;GAEC,GACD,aAAoBqB,6BAA6B5H,KAAa,EAAoB;QAChF,IAAI;YACF,MAAMsH,cAAc,MAAM,IAAI,CAACP,qBAAqB;YAEpD,MAAMnC,WAA0B,MAAMpH,MAAM0H,GAAG,CAC3C,CAAC,yEAAyE,EAAExF,QAAQC,GAAG,CAAC4H,oBAAoB,IAAI,gCAAgC,kCAAkC,EAAEvH,OAAO,EAC3L;gBACEmF,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAEkC,YAAYE,YAAY,EAAY;gBAC/D;YACF;YAGJ,OACI,AAAC5C,SAAS/F,IAAI,CAAmCgJ,iBAAiB,KAClE;QAEN,EAAE,OAAOjF,OAAO;YACd,IAAInF,aAAamF,QAAQ;gBACvBC,QAAQD,KAAK,CAAC,sBAAsBA,MAAM2D,OAAO;YACnD;YACA,OAAO;QACT;IACF;AACF"}
|