@actuate-media/cms-core 0.10.3 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/api/admin-contracts.test.js +1 -0
- package/dist/__tests__/api/admin-contracts.test.js.map +1 -1
- package/dist/__tests__/api/public-globals.test.js +8 -4
- package/dist/__tests__/api/public-globals.test.js.map +1 -1
- package/dist/__tests__/security/audit.test.d.ts +2 -0
- package/dist/__tests__/security/audit.test.d.ts.map +1 -0
- package/dist/__tests__/security/audit.test.js +50 -0
- package/dist/__tests__/security/audit.test.js.map +1 -0
- package/dist/__tests__/security/client-ip.test.d.ts +2 -0
- package/dist/__tests__/security/client-ip.test.d.ts.map +1 -0
- package/dist/__tests__/security/client-ip.test.js +37 -0
- package/dist/__tests__/security/client-ip.test.js.map +1 -0
- package/dist/__tests__/security/ip-allowlist.test.d.ts +2 -0
- package/dist/__tests__/security/ip-allowlist.test.d.ts.map +1 -0
- package/dist/__tests__/security/ip-allowlist.test.js +40 -0
- package/dist/__tests__/security/ip-allowlist.test.js.map +1 -0
- package/dist/__tests__/security/redact.test.d.ts +2 -0
- package/dist/__tests__/security/redact.test.d.ts.map +1 -0
- package/dist/__tests__/security/redact.test.js +31 -0
- package/dist/__tests__/security/redact.test.js.map +1 -0
- package/dist/__tests__/security/secret-storage.test.d.ts +2 -0
- package/dist/__tests__/security/secret-storage.test.d.ts.map +1 -0
- package/dist/__tests__/security/secret-storage.test.js +42 -0
- package/dist/__tests__/security/secret-storage.test.js.map +1 -0
- package/dist/__tests__/security/upload-magic.test.d.ts +2 -0
- package/dist/__tests__/security/upload-magic.test.d.ts.map +1 -0
- package/dist/__tests__/security/upload-magic.test.js +55 -0
- package/dist/__tests__/security/upload-magic.test.js.map +1 -0
- package/dist/__tests__/seo/robots.test.d.ts +2 -0
- package/dist/__tests__/seo/robots.test.d.ts.map +1 -0
- package/dist/__tests__/seo/robots.test.js +51 -0
- package/dist/__tests__/seo/robots.test.js.map +1 -0
- package/dist/__tests__/server-site.test.d.ts +2 -0
- package/dist/__tests__/server-site.test.d.ts.map +1 -0
- package/dist/__tests__/server-site.test.js +123 -0
- package/dist/__tests__/server-site.test.js.map +1 -0
- package/dist/actions.d.ts.map +1 -1
- package/dist/actions.js +170 -34
- package/dist/actions.js.map +1 -1
- package/dist/api/handler-factory.d.ts.map +1 -1
- package/dist/api/handler-factory.js +64 -9
- package/dist/api/handler-factory.js.map +1 -1
- package/dist/api/handlers.d.ts.map +1 -1
- package/dist/api/handlers.js +692 -118
- package/dist/api/handlers.js.map +1 -1
- package/dist/api/openapi.d.ts.map +1 -1
- package/dist/api/openapi.js +38 -0
- package/dist/api/openapi.js.map +1 -1
- package/dist/auth/mfa-pending.d.ts +24 -0
- package/dist/auth/mfa-pending.d.ts.map +1 -0
- package/dist/auth/mfa-pending.js +38 -0
- package/dist/auth/mfa-pending.js.map +1 -0
- package/dist/auth/oauth.d.ts +25 -3
- package/dist/auth/oauth.d.ts.map +1 -1
- package/dist/auth/oauth.js +109 -20
- package/dist/auth/oauth.js.map +1 -1
- package/dist/auth/reset.d.ts.map +1 -1
- package/dist/auth/reset.js +26 -2
- package/dist/auth/reset.js.map +1 -1
- package/dist/auth/session.d.ts +9 -2
- package/dist/auth/session.d.ts.map +1 -1
- package/dist/auth/session.js +20 -2
- package/dist/auth/session.js.map +1 -1
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware.d.ts.map +1 -1
- package/dist/middleware.js +21 -34
- package/dist/middleware.js.map +1 -1
- package/dist/page-builder/__tests__/blocks.test.js +104 -1
- package/dist/page-builder/__tests__/blocks.test.js.map +1 -1
- package/dist/page-builder/blocks.d.ts +18 -1
- package/dist/page-builder/blocks.d.ts.map +1 -1
- package/dist/page-builder/blocks.js +22 -2
- package/dist/page-builder/blocks.js.map +1 -1
- package/dist/security/audit.d.ts.map +1 -1
- package/dist/security/audit.js +8 -4
- package/dist/security/audit.js.map +1 -1
- package/dist/security/client-ip.d.ts +33 -0
- package/dist/security/client-ip.d.ts.map +1 -0
- package/dist/security/client-ip.js +39 -0
- package/dist/security/client-ip.js.map +1 -0
- package/dist/security/index.d.ts +7 -0
- package/dist/security/index.d.ts.map +1 -1
- package/dist/security/index.js +5 -0
- package/dist/security/index.js.map +1 -1
- package/dist/security/internal-keys.d.ts +15 -0
- package/dist/security/internal-keys.d.ts.map +1 -0
- package/dist/security/internal-keys.js +33 -0
- package/dist/security/internal-keys.js.map +1 -0
- package/dist/security/ip-allowlist.d.ts +13 -1
- package/dist/security/ip-allowlist.d.ts.map +1 -1
- package/dist/security/ip-allowlist.js +120 -12
- package/dist/security/ip-allowlist.js.map +1 -1
- package/dist/security/rate-limit.d.ts.map +1 -1
- package/dist/security/rate-limit.js +49 -17
- package/dist/security/rate-limit.js.map +1 -1
- package/dist/security/redact.d.ts +12 -0
- package/dist/security/redact.d.ts.map +1 -0
- package/dist/security/redact.js +41 -0
- package/dist/security/redact.js.map +1 -0
- package/dist/security/safe-fetch.d.ts +35 -0
- package/dist/security/safe-fetch.d.ts.map +1 -0
- package/dist/security/safe-fetch.js +45 -0
- package/dist/security/safe-fetch.js.map +1 -0
- package/dist/security/secret-storage.d.ts +22 -0
- package/dist/security/secret-storage.d.ts.map +1 -0
- package/dist/security/secret-storage.js +75 -0
- package/dist/security/secret-storage.js.map +1 -0
- package/dist/security/upload.d.ts +23 -4
- package/dist/security/upload.d.ts.map +1 -1
- package/dist/security/upload.js +110 -21
- package/dist/security/upload.js.map +1 -1
- package/dist/seo/index.d.ts +2 -0
- package/dist/seo/index.d.ts.map +1 -1
- package/dist/seo/index.js +1 -0
- package/dist/seo/index.js.map +1 -1
- package/dist/seo/robots.d.ts +16 -0
- package/dist/seo/robots.d.ts.map +1 -0
- package/dist/seo/robots.js +35 -0
- package/dist/seo/robots.js.map +1 -0
- package/dist/server-site.d.ts +54 -0
- package/dist/server-site.d.ts.map +1 -0
- package/dist/server-site.js +149 -0
- package/dist/server-site.js.map +1 -0
- package/dist/site.d.ts.map +1 -1
- package/dist/site.js +19 -1
- package/dist/site.js.map +1 -1
- package/dist/storage/index.d.ts +20 -10
- package/dist/storage/index.d.ts.map +1 -1
- package/dist/storage/index.js +6 -3
- package/dist/storage/index.js.map +1 -1
- package/dist/webhooks/index.d.ts.map +1 -1
- package/dist/webhooks/index.js +20 -9
- package/dist/webhooks/index.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"openapi.d.ts","sourceRoot":"","sources":["../../src/api/openapi.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAgC,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"openapi.d.ts","sourceRoot":"","sources":["../../src/api/openapi.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAgC,MAAM,oBAAoB,CAAC;AA8WzF,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CA4CrF"}
|
package/dist/api/openapi.js
CHANGED
|
@@ -207,6 +207,44 @@ function staticPaths() {
|
|
|
207
207
|
},
|
|
208
208
|
},
|
|
209
209
|
},
|
|
210
|
+
'/public/globals/{slug}': {
|
|
211
|
+
get: {
|
|
212
|
+
operationId: 'getPublicGlobal',
|
|
213
|
+
tags: ['Public'],
|
|
214
|
+
summary: 'Read a public global document',
|
|
215
|
+
description: 'Returns global data without requiring an authenticated session. Honours the global\'s `access.read` policy when set; defaults to public when no policy is configured. Used by createSiteClient.getGlobal() and createServerSiteClient(prisma, config).getGlobal().',
|
|
216
|
+
parameters: [
|
|
217
|
+
{ name: 'slug', in: 'path', required: true, schema: { type: 'string' } },
|
|
218
|
+
],
|
|
219
|
+
responses: {
|
|
220
|
+
'200': {
|
|
221
|
+
description: 'Global data',
|
|
222
|
+
content: { 'application/json': { schema: { type: 'object', properties: { data: { type: 'object', additionalProperties: true } } } } },
|
|
223
|
+
},
|
|
224
|
+
'403': { description: 'Forbidden by access.read' },
|
|
225
|
+
'404': { description: 'Global not declared or no document exists' },
|
|
226
|
+
},
|
|
227
|
+
},
|
|
228
|
+
},
|
|
229
|
+
'/resolve': {
|
|
230
|
+
get: {
|
|
231
|
+
operationId: 'resolveDocument',
|
|
232
|
+
tags: ['Public'],
|
|
233
|
+
summary: 'Resolve a public URL path to a published document',
|
|
234
|
+
description: 'Maps a path (e.g. `/blog/hello-world`) to the matching PUBLISHED document by walking collection url-prefixes, then by slug. Returns the document data plus any layout variants. Internal `_layout` is lifted to the top-level `layout` field. Powers createSiteClient().resolveDocument().',
|
|
235
|
+
parameters: [
|
|
236
|
+
{ name: 'path', in: 'query', required: true, schema: { type: 'string' }, description: 'URL path with leading slash, e.g. "/about" or "/"' },
|
|
237
|
+
],
|
|
238
|
+
responses: {
|
|
239
|
+
'200': {
|
|
240
|
+
description: 'Resolved document',
|
|
241
|
+
content: { 'application/json': { schema: { type: 'object', properties: { data: { type: 'object', properties: { id: { type: 'string' }, collection: { type: 'string' }, status: { type: 'string' }, publishedAt: { type: 'string', format: 'date-time', nullable: true }, data: { type: 'object', additionalProperties: true }, structuredData: { type: 'object', nullable: true } } }, layout: { type: 'object', additionalProperties: true } } } } },
|
|
242
|
+
},
|
|
243
|
+
'400': { description: 'Missing required `path` parameter' },
|
|
244
|
+
'404': { description: 'No published document at the given path' },
|
|
245
|
+
},
|
|
246
|
+
},
|
|
247
|
+
},
|
|
210
248
|
'/media': {
|
|
211
249
|
get: {
|
|
212
250
|
operationId: 'listMedia',
|
package/dist/api/openapi.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"openapi.js","sourceRoot":"","sources":["../../src/api/openapi.ts"],"names":[],"mappings":"AAIA,SAAS,aAAa,CAAC,KAAsB;IAC3C,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,UAAU;YACb,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAC5C,KAAK,QAAQ;YACX,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,SAAS;YACZ,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAC7B,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;QACjD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,GAAG,GAAG,KAAoB,CAAC;YACjC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YAC/C,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC1C,CAAC;QACD,KAAK,cAAc;YACjB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;QAChE,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;QACtD,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3B,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC7C,KAAK,KAAK;YACR,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3C,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,QAAQ;YACX,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3B;YACE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAC5B,MAAuC;IAEvC,MAAM,UAAU,GAA+B,EAAE,CAAC;IAClD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnD,UAAU,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,QAAQ;YAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,MAAM,GAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAC1D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;IACpD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI;SACR,KAAK,CAAC,MAAM,CAAC;SACb,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAClD,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,MAA4C,EAC5C,SAAiB;IAEjB,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;IAE1B,MAAM,aAAa,GAA4B;QAC7C,GAAG,EAAE;YACH,WAAW,EAAE,OAAO,UAAU,CAAC,IAAI,CAAC,EAAE;YACtC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,QAAQ,MAAM,CAAC,MAAM,EAAE;YAChC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;gBACtE,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;gBACzF,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;gBAC3D,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,CAAC,EAAE,EAAE;gBAClH,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;gBAC3D,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;gBACzD,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE;aAClF;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,qBAAqB,MAAM,CAAC,MAAM,EAAE;oBACjD,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;iBACrQ;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;aACvC;SACF;QACD,IAAI,EAAE;YACJ,WAAW,EAAE,SAAS,UAAU,CAAC,IAAI,CAAC,EAAE;YACxC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,YAAY,MAAM,CAAC,QAAQ,EAAE;YACtC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,WAAW,EAAE;gBACX,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;aACjE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3G;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;aACnD;SACF;KACF,CAAC;IAEF,MAAM,UAAU,GAA4B;QAC1C,GAAG,EAAE;YACH,WAAW,EAAE,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE;YACrC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,SAAS,MAAM,CAAC,QAAQ,QAAQ;YACzC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;aACvE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3G;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE;aACpC;SACF;QACD,GAAG,EAAE;YACH,WAAW,EAAE,SAAS,UAAU,CAAC,IAAI,CAAC,EAAE;YACxC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,YAAY,MAAM,CAAC,QAAQ,EAAE;YACtC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;aACvE;YACD,WAAW,EAAE;gBACX,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;aACjE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3G;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;gBAClD,KAAK,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE;aACpC;SACF;QACD,MAAM,EAAE;YACN,WAAW,EAAE,SAAS,UAAU,CAAC,IAAI,CAAC,EAAE;YACxC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,YAAY,MAAM,CAAC,QAAQ,EAAE;YACtC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;aACvE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;iBACxJ;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;gBAClD,KAAK,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE;aACpC;SACF;KACF,CAAC;IAEF,OAAO;QACL,CAAC,gBAAgB,IAAI,EAAE,CAAC,EAAE,aAAa;QACvC,CAAC,gBAAgB,IAAI,OAAO,CAAC,EAAE,UAAU;KAC1C,CAAC;AACJ,CAAC;AAED,SAAS,WAAW;IAClB,OAAO;QACL,aAAa,EAAE;YACb,IAAI,EAAE;gBACJ,WAAW,EAAE,OAAO;gBACpB,IAAI,EAAE,CAAC,MAAM,CAAC;gBACd,OAAO,EAAE,sCAAsC;gBAC/C,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3L;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,kBAAkB,EAAE;oBAC1C,KAAK,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE;oBAC7C,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,cAAc,EAAE;YACd,IAAI,EAAE;gBACJ,WAAW,EAAE,QAAQ;gBACrB,IAAI,EAAE,CAAC,MAAM,CAAC;gBACd,OAAO,EAAE,yBAAyB;gBAClC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE;oBACpC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,YAAY,EAAE;YACZ,GAAG,EAAE;gBACH,WAAW,EAAE,cAAc;gBAC3B,IAAI,EAAE,CAAC,MAAM,CAAC;gBACd,OAAO,EAAE,kBAAkB;gBAC3B,SAAS,EAAE;oBACT,KAAK,EAAE;wBACL,WAAW,EAAE,YAAY;wBACzB,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;qBACrJ;iBACF;aACF;SACF;QACD,QAAQ,EAAE;YACR,GAAG,EAAE;gBACH,WAAW,EAAE,WAAW;gBACxB,IAAI,EAAE,CAAC,OAAO,CAAC;gBACf,OAAO,EAAE,2BAA2B;gBACpC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;oBACtE,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE;oBAC3E,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iBAC9D;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,sBAAsB,EAAE;oBAC9C,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,eAAe,EAAE;YACf,IAAI,EAAE;gBACJ,WAAW,EAAE,aAAa;gBAC1B,IAAI,EAAE,CAAC,OAAO,CAAC;gBACf,OAAO,EAAE,qBAAqB;gBAC9B,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,qBAAqB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE;iBAC9M;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;iBACzC;aACF;SACF;QACD,SAAS,EAAE;YACT,GAAG,EAAE;gBACH,WAAW,EAAE,QAAQ;gBACrB,IAAI,EAAE,CAAC,QAAQ,CAAC;gBAChB,OAAO,EAAE,mCAAmC;gBAC5C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;oBACtE,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;oBAC/D,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;oBACtE,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE;iBAC5E;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,WAAW,EAAE;YACX,GAAG,EAAE;gBACH,WAAW,EAAE,cAAc;gBAC3B,IAAI,EAAE,CAAC,UAAU,CAAC;gBAClB,OAAO,EAAE,mCAAmC;gBAC5C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACnD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE;iBAChD;aACF;YACD,IAAI,EAAE;gBACJ,WAAW,EAAE,eAAe;gBAC5B,IAAI,EAAE,CAAC,UAAU,CAAC;gBAClB,OAAO,EAAE,iCAAiC;gBAC1C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,UAAU,EAAE,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC7S;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACzC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE;iBAChD;aACF;SACF;QACD,oBAAoB,EAAE;YACpB,IAAI,EAAE;gBACJ,WAAW,EAAE,YAAY;gBACzB,IAAI,EAAE,CAAC,OAAO,CAAC;gBACf,OAAO,EAAE,sBAAsB;gBAC/B,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iBACvE;gBACD,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3N;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,MAAwB;IAC1D,MAAM,OAAO,GAA+B,EAAE,CAAC;IAC/C,MAAM,KAAK,GAA4B,EAAE,CAAC;IAE1C,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;QACpE,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;QACpC,OAAO,CAAC,UAAU,CAAC,GAAG,qBAAqB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAE/D,MAAM,SAAS,GAAG,eAAe,CAC/B,IAAI,EACJ,UAAU,CAAC,MAAM,EACjB,wBAAwB,UAAU,EAAE,CACrC,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;IAEpC,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE;YACJ,KAAK,EAAE,iBAAiB;YACxB,OAAO,EAAE,OAAO;YAChB,WAAW,EAAE,iEAAiE;SAC/E;QACD,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;QAC9B,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAClD,KAAK;QACL,UAAU,EAAE;YACV,eAAe,EAAE;gBACf,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,EAAE,EAAE,QAAQ;oBACZ,IAAI,EAAE,iBAAiB;iBACxB;gBACD,UAAU,EAAE;oBACV,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,QAAQ;oBAChB,YAAY,EAAE,KAAK;iBACpB;aACF;YACD,OAAO;SACR;KACF,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"openapi.js","sourceRoot":"","sources":["../../src/api/openapi.ts"],"names":[],"mappings":"AAIA,SAAS,aAAa,CAAC,KAAsB;IAC3C,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,UAAU;YACb,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAC5C,KAAK,QAAQ;YACX,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,SAAS;YACZ,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAC7B,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;QACjD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,GAAG,GAAG,KAAoB,CAAC;YACjC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YAC/C,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC1C,CAAC;QACD,KAAK,cAAc;YACjB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;QAChE,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;QACtD,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3B,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC7C,KAAK,KAAK;YACR,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3C,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,QAAQ;YACX,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3B;YACE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAC5B,MAAuC;IAEvC,MAAM,UAAU,GAA+B,EAAE,CAAC;IAClD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnD,UAAU,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,QAAQ;YAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,MAAM,GAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAC1D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;IACpD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI;SACR,KAAK,CAAC,MAAM,CAAC;SACb,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAClD,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,MAA4C,EAC5C,SAAiB;IAEjB,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;IAE1B,MAAM,aAAa,GAA4B;QAC7C,GAAG,EAAE;YACH,WAAW,EAAE,OAAO,UAAU,CAAC,IAAI,CAAC,EAAE;YACtC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,QAAQ,MAAM,CAAC,MAAM,EAAE;YAChC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;gBACtE,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;gBACzF,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;gBAC3D,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,CAAC,EAAE,EAAE;gBAClH,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;gBAC3D,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;gBACzD,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE;aAClF;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,qBAAqB,MAAM,CAAC,MAAM,EAAE;oBACjD,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;iBACrQ;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;aACvC;SACF;QACD,IAAI,EAAE;YACJ,WAAW,EAAE,SAAS,UAAU,CAAC,IAAI,CAAC,EAAE;YACxC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,YAAY,MAAM,CAAC,QAAQ,EAAE;YACtC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,WAAW,EAAE;gBACX,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;aACjE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3G;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;aACnD;SACF;KACF,CAAC;IAEF,MAAM,UAAU,GAA4B;QAC1C,GAAG,EAAE;YACH,WAAW,EAAE,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE;YACrC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,SAAS,MAAM,CAAC,QAAQ,QAAQ;YACzC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;aACvE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3G;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE;aACpC;SACF;QACD,GAAG,EAAE;YACH,WAAW,EAAE,SAAS,UAAU,CAAC,IAAI,CAAC,EAAE;YACxC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,YAAY,MAAM,CAAC,QAAQ,EAAE;YACtC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;aACvE;YACD,WAAW,EAAE;gBACX,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;aACjE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3G;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;gBAClD,KAAK,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE;aACpC;SACF;QACD,MAAM,EAAE;YACN,WAAW,EAAE,SAAS,UAAU,CAAC,IAAI,CAAC,EAAE;YACxC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,YAAY,MAAM,CAAC,QAAQ,EAAE;YACtC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;aACvE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;iBACxJ;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;gBAClD,KAAK,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE;aACpC;SACF;KACF,CAAC;IAEF,OAAO;QACL,CAAC,gBAAgB,IAAI,EAAE,CAAC,EAAE,aAAa;QACvC,CAAC,gBAAgB,IAAI,OAAO,CAAC,EAAE,UAAU;KAC1C,CAAC;AACJ,CAAC;AAED,SAAS,WAAW;IAClB,OAAO;QACL,aAAa,EAAE;YACb,IAAI,EAAE;gBACJ,WAAW,EAAE,OAAO;gBACpB,IAAI,EAAE,CAAC,MAAM,CAAC;gBACd,OAAO,EAAE,sCAAsC;gBAC/C,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3L;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,kBAAkB,EAAE;oBAC1C,KAAK,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE;oBAC7C,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,cAAc,EAAE;YACd,IAAI,EAAE;gBACJ,WAAW,EAAE,QAAQ;gBACrB,IAAI,EAAE,CAAC,MAAM,CAAC;gBACd,OAAO,EAAE,yBAAyB;gBAClC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE;oBACpC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,YAAY,EAAE;YACZ,GAAG,EAAE;gBACH,WAAW,EAAE,cAAc;gBAC3B,IAAI,EAAE,CAAC,MAAM,CAAC;gBACd,OAAO,EAAE,kBAAkB;gBAC3B,SAAS,EAAE;oBACT,KAAK,EAAE;wBACL,WAAW,EAAE,YAAY;wBACzB,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;qBACrJ;iBACF;aACF;SACF;QACD,wBAAwB,EAAE;YACxB,GAAG,EAAE;gBACH,WAAW,EAAE,iBAAiB;gBAC9B,IAAI,EAAE,CAAC,QAAQ,CAAC;gBAChB,OAAO,EAAE,+BAA+B;gBACxC,WAAW,EAAE,oQAAoQ;gBACjR,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iBACzE;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE;wBACL,WAAW,EAAE,aAAa;wBAC1B,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;qBACtI;oBACD,KAAK,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;oBAClD,KAAK,EAAE,EAAE,WAAW,EAAE,2CAA2C,EAAE;iBACpE;aACF;SACF;QACD,UAAU,EAAE;YACV,GAAG,EAAE;gBACH,WAAW,EAAE,iBAAiB;gBAC9B,IAAI,EAAE,CAAC,QAAQ,CAAC;gBAChB,OAAO,EAAE,mDAAmD;gBAC5D,WAAW,EAAE,4RAA4R;gBACzS,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,WAAW,EAAE,mDAAmD,EAAE;iBAC5I;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE;wBACL,WAAW,EAAE,mBAAmB;wBAChC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;qBACtb;oBACD,KAAK,EAAE,EAAE,WAAW,EAAE,mCAAmC,EAAE;oBAC3D,KAAK,EAAE,EAAE,WAAW,EAAE,yCAAyC,EAAE;iBAClE;aACF;SACF;QACD,QAAQ,EAAE;YACR,GAAG,EAAE;gBACH,WAAW,EAAE,WAAW;gBACxB,IAAI,EAAE,CAAC,OAAO,CAAC;gBACf,OAAO,EAAE,2BAA2B;gBACpC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;oBACtE,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE;oBAC3E,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iBAC9D;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,sBAAsB,EAAE;oBAC9C,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,eAAe,EAAE;YACf,IAAI,EAAE;gBACJ,WAAW,EAAE,aAAa;gBAC1B,IAAI,EAAE,CAAC,OAAO,CAAC;gBACf,OAAO,EAAE,qBAAqB;gBAC9B,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,qBAAqB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE;iBAC9M;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;iBACzC;aACF;SACF;QACD,SAAS,EAAE;YACT,GAAG,EAAE;gBACH,WAAW,EAAE,QAAQ;gBACrB,IAAI,EAAE,CAAC,QAAQ,CAAC;gBAChB,OAAO,EAAE,mCAAmC;gBAC5C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;oBACtE,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;oBAC/D,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;oBACtE,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE;iBAC5E;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,WAAW,EAAE;YACX,GAAG,EAAE;gBACH,WAAW,EAAE,cAAc;gBAC3B,IAAI,EAAE,CAAC,UAAU,CAAC;gBAClB,OAAO,EAAE,mCAAmC;gBAC5C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACnD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE;iBAChD;aACF;YACD,IAAI,EAAE;gBACJ,WAAW,EAAE,eAAe;gBAC5B,IAAI,EAAE,CAAC,UAAU,CAAC;gBAClB,OAAO,EAAE,iCAAiC;gBAC1C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,UAAU,EAAE,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC7S;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACzC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE;iBAChD;aACF;SACF;QACD,oBAAoB,EAAE;YACpB,IAAI,EAAE;gBACJ,WAAW,EAAE,YAAY;gBACzB,IAAI,EAAE,CAAC,OAAO,CAAC;gBACf,OAAO,EAAE,sBAAsB;gBAC/B,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iBACvE;gBACD,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3N;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,MAAwB;IAC1D,MAAM,OAAO,GAA+B,EAAE,CAAC;IAC/C,MAAM,KAAK,GAA4B,EAAE,CAAC;IAE1C,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;QACpE,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;QACpC,OAAO,CAAC,UAAU,CAAC,GAAG,qBAAqB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAE/D,MAAM,SAAS,GAAG,eAAe,CAC/B,IAAI,EACJ,UAAU,CAAC,MAAM,EACjB,wBAAwB,UAAU,EAAE,CACrC,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;IAEpC,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE;YACJ,KAAK,EAAE,iBAAiB;YACxB,OAAO,EAAE,OAAO;YAChB,WAAW,EAAE,iEAAiE;SAC/E;QACD,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;QAC9B,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAClD,KAAK;QACL,UAAU,EAAE;YACV,eAAe,EAAE;gBACf,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,EAAE,EAAE,QAAQ;oBACZ,IAAI,EAAE,iBAAiB;iBACxB;gBACD,UAAU,EAAE;oBACV,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,QAAQ;oBAChB,YAAY,EAAE,KAAK;iBACpB;aACF;YACD,OAAO;SACR;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Short-lived "you have proven your password, now show your second factor" token.
|
|
3
|
+
*
|
|
4
|
+
* Returned by `/auth/login` instead of the raw `userId` when a user has TOTP
|
|
5
|
+
* enabled. The client then submits this token together with the TOTP code to
|
|
6
|
+
* `/auth/totp/login`; the endpoint verifies the token before checking the code.
|
|
7
|
+
*
|
|
8
|
+
* Without this gate, anyone who learns or guesses a userId can brute-force
|
|
9
|
+
* the 6-digit TOTP space directly. The token also pins the IP and user-agent
|
|
10
|
+
* fingerprint, making session smuggling between hosts noticeably harder.
|
|
11
|
+
*/
|
|
12
|
+
export interface MfaPendingPayload {
|
|
13
|
+
userId: string;
|
|
14
|
+
fingerprint: string;
|
|
15
|
+
}
|
|
16
|
+
export declare function createMfaPendingToken(payload: MfaPendingPayload, secret: string): Promise<string>;
|
|
17
|
+
export declare function verifyMfaPendingToken(token: string, secret: string): Promise<MfaPendingPayload>;
|
|
18
|
+
/**
|
|
19
|
+
* Compute a stable fingerprint of the request (IP + user-agent). Used so the
|
|
20
|
+
* MFA-pending token can only be redeemed from the same device that completed
|
|
21
|
+
* the password step.
|
|
22
|
+
*/
|
|
23
|
+
export declare function computeRequestFingerprint(ip: string, userAgent: string | null): Promise<string>;
|
|
24
|
+
//# sourceMappingURL=mfa-pending.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mfa-pending.d.ts","sourceRoot":"","sources":["../../src/auth/mfa-pending.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,iBAAiB,EAC1B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CASjB;AAED,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC,CAU5B;AAED;;;;GAIG;AACH,wBAAsB,yBAAyB,CAC7C,EAAE,EAAE,MAAM,EACV,SAAS,EAAE,MAAM,GAAG,IAAI,GACvB,OAAO,CAAC,MAAM,CAAC,CAMjB"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import * as jose from 'jose';
|
|
2
|
+
const ISSUER = 'actuate-cms';
|
|
3
|
+
const AUDIENCE = 'actuate-mfa-pending';
|
|
4
|
+
const TTL_SECONDS = 300; // 5 minutes
|
|
5
|
+
export async function createMfaPendingToken(payload, secret) {
|
|
6
|
+
const key = new TextEncoder().encode(secret);
|
|
7
|
+
return new jose.SignJWT({ ...payload })
|
|
8
|
+
.setProtectedHeader({ alg: 'HS256' })
|
|
9
|
+
.setIssuedAt()
|
|
10
|
+
.setIssuer(ISSUER)
|
|
11
|
+
.setAudience(AUDIENCE)
|
|
12
|
+
.setExpirationTime(`${TTL_SECONDS}s`)
|
|
13
|
+
.sign(key);
|
|
14
|
+
}
|
|
15
|
+
export async function verifyMfaPendingToken(token, secret) {
|
|
16
|
+
const key = new TextEncoder().encode(secret);
|
|
17
|
+
const { payload } = await jose.jwtVerify(token, key, {
|
|
18
|
+
issuer: ISSUER,
|
|
19
|
+
audience: AUDIENCE,
|
|
20
|
+
});
|
|
21
|
+
return {
|
|
22
|
+
userId: String(payload.userId ?? ''),
|
|
23
|
+
fingerprint: String(payload.fingerprint ?? ''),
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Compute a stable fingerprint of the request (IP + user-agent). Used so the
|
|
28
|
+
* MFA-pending token can only be redeemed from the same device that completed
|
|
29
|
+
* the password step.
|
|
30
|
+
*/
|
|
31
|
+
export async function computeRequestFingerprint(ip, userAgent) {
|
|
32
|
+
const data = new TextEncoder().encode(`${ip}::${userAgent ?? ''}`);
|
|
33
|
+
const digest = await crypto.subtle.digest('SHA-256', data);
|
|
34
|
+
return Array.from(new Uint8Array(digest))
|
|
35
|
+
.map((b) => b.toString(16).padStart(2, '0'))
|
|
36
|
+
.join('');
|
|
37
|
+
}
|
|
38
|
+
//# sourceMappingURL=mfa-pending.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mfa-pending.js","sourceRoot":"","sources":["../../src/auth/mfa-pending.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAmB7B,MAAM,MAAM,GAAG,aAAa,CAAC;AAC7B,MAAM,QAAQ,GAAG,qBAAqB,CAAC;AACvC,MAAM,WAAW,GAAG,GAAG,CAAC,CAAC,YAAY;AAErC,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,OAA0B,EAC1B,MAAc;IAEd,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC;SACpC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;SACpC,WAAW,EAAE;SACb,SAAS,CAAC,MAAM,CAAC;SACjB,WAAW,CAAC,QAAQ,CAAC;SACrB,iBAAiB,CAAC,GAAG,WAAW,GAAG,CAAC;SACpC,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,KAAa,EACb,MAAc;IAEd,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC7C,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE;QACnD,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;QACpC,WAAW,EAAE,MAAM,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;KAC/C,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,EAAU,EACV,SAAwB;IAExB,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,SAAS,IAAI,EAAE,EAAE,CAAC,CAAC;IACnE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;SACtC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC"}
|
package/dist/auth/oauth.d.ts
CHANGED
|
@@ -13,6 +13,24 @@ export interface OAuthState {
|
|
|
13
13
|
provider: string;
|
|
14
14
|
codeVerifier: string;
|
|
15
15
|
returnTo: string;
|
|
16
|
+
/** Optional nonce that the callback compares against a cookie value to prevent state-replay. */
|
|
17
|
+
nonce?: string;
|
|
18
|
+
}
|
|
19
|
+
export interface OAuthCallbackOptions {
|
|
20
|
+
/**
|
|
21
|
+
* When true, allow self-signup: an OAuth login with no matching local user
|
|
22
|
+
* creates a new CLIENT user. Defaults to false — without this flag, OAuth
|
|
23
|
+
* logins for unknown emails are rejected and an admin must invite the user.
|
|
24
|
+
*
|
|
25
|
+
* Even when enabled, the integrator should restrict provisioning further
|
|
26
|
+
* (for example, by checking the email domain) via the `onProvision` hook.
|
|
27
|
+
*/
|
|
28
|
+
allowSelfSignup?: boolean;
|
|
29
|
+
/**
|
|
30
|
+
* Hook called immediately before a new user is created during self-signup.
|
|
31
|
+
* Throw to reject the signup with a custom error.
|
|
32
|
+
*/
|
|
33
|
+
onProvision?: (profile: OAuthUserProfile, provider: string) => Promise<void> | void;
|
|
16
34
|
}
|
|
17
35
|
export interface OAuthCallbackResult {
|
|
18
36
|
provider: string;
|
|
@@ -53,7 +71,9 @@ declare const PROVIDER_URLS: {
|
|
|
53
71
|
export type OAuthProviderType = keyof typeof PROVIDER_URLS;
|
|
54
72
|
export declare function generateCodeVerifier(): string;
|
|
55
73
|
export declare function generateCodeChallenge(codeVerifier: string): Promise<string>;
|
|
56
|
-
export declare function generateState(provider: string, codeVerifier: string, returnTo: string, secret: string): Promise<string>;
|
|
74
|
+
export declare function generateState(provider: string, codeVerifier: string, returnTo: string, secret: string, nonce?: string): Promise<string>;
|
|
75
|
+
/** Generate a random base64url nonce suitable for binding state to a browser cookie. */
|
|
76
|
+
export declare function generateOAuthNonce(): string;
|
|
57
77
|
export declare function verifyState(stateToken: string, secret: string): Promise<OAuthState>;
|
|
58
78
|
export declare function getAuthorizationUrl(provider: OAuthProviderType, config: OAuthProviderConfig, state: string, codeChallenge: string): string;
|
|
59
79
|
export declare function exchangeCodeForTokens(provider: OAuthProviderType, code: string, codeVerifier: string, config: OAuthProviderConfig): Promise<{
|
|
@@ -62,7 +82,9 @@ export declare function exchangeCodeForTokens(provider: OAuthProviderType, code:
|
|
|
62
82
|
refresh_token?: string;
|
|
63
83
|
}>;
|
|
64
84
|
export declare function getUserProfile(provider: OAuthProviderType, accessToken: string): Promise<OAuthUserProfile>;
|
|
65
|
-
export declare function handleOAuthCallback(provider: string, code: string, stateToken: string, providers: OAuthProviders, secret: string, db: any
|
|
85
|
+
export declare function handleOAuthCallback(provider: string, code: string, stateToken: string, providers: OAuthProviders, secret: string, db: any, options?: OAuthCallbackOptions & {
|
|
86
|
+
expectedNonce?: string | null;
|
|
87
|
+
}): Promise<{
|
|
66
88
|
token: string;
|
|
67
89
|
user: {
|
|
68
90
|
id: string;
|
|
@@ -78,7 +100,7 @@ export declare function initiateOAuth(_providerConfig: AuthProviderConfig, _call
|
|
|
78
100
|
}>;
|
|
79
101
|
/** @deprecated Use `handleOAuthCallback` — kept for backward compat with auth/index.ts re-exports */
|
|
80
102
|
export declare function handleCallback(_providerConfig: AuthProviderConfig, _code: string, _state: OAuthState): Promise<OAuthCallbackResult>;
|
|
81
|
-
/** Link an OAuth account to an existing user. */
|
|
103
|
+
/** Link an OAuth account to an existing, already-authenticated user. */
|
|
82
104
|
export declare function linkAccount(userId: string, result: OAuthCallbackResult, db: unknown): Promise<void>;
|
|
83
105
|
export {};
|
|
84
106
|
//# sourceMappingURL=oauth.d.ts.map
|
package/dist/auth/oauth.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,SAAS,CAAC,EAAE,mBAAmB,CAAC;CACjC;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,gGAAgG;IAChG,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,oBAAoB;IACnC;;;;;;;OAOG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B;;;OAGG;IACH,WAAW,CAAC,EAAE,CAAC,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CACrF;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,QAAA,MAAM,aAAa;;;;;;;;;;;;;;;;;;;CAmBT,CAAC;AAEX,MAAM,MAAM,iBAAiB,GAAG,MAAM,OAAO,aAAa,CAAC;AAW3D,wBAAgB,oBAAoB,IAAI,MAAM,CAG7C;AAED,wBAAsB,qBAAqB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAIjF;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAWjB;AAED,wFAAwF;AACxF,wBAAgB,kBAAkB,IAAI,MAAM,CAG3C;AAED,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAIzF;AAED,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,iBAAiB,EAC3B,MAAM,EAAE,mBAAmB,EAC3B,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,GACpB,MAAM,CAaR;AAED,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,iBAAiB,EAC3B,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA2B9E;AAED,wBAAsB,cAAc,CAClC,QAAQ,EAAE,iBAAiB,EAC3B,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,gBAAgB,CAAC,CAmD3B;AAED,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,cAAc,EACzB,MAAM,EAAE,MAAM,EACd,EAAE,EAAE,GAAG,EACP,OAAO,GAAE,oBAAoB,GAAG;IAAE,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAAO,GACrE,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,CAAC,CAgI7F;AAED,uGAAuG;AACvG,wBAAsB,aAAa,CACjC,eAAe,EAAE,kBAAkB,EACnC,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,UAAU,CAAA;CAAE,CAAC,CAErD;AAED,qGAAqG;AACrG,wBAAsB,cAAc,CAClC,eAAe,EAAE,kBAAkB,EACnC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,mBAAmB,CAAC,CAE9B;AAED,wEAAwE;AACxE,wBAAsB,WAAW,CAC/B,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,mBAAmB,EAC3B,EAAE,EAAE,OAAO,GACV,OAAO,CAAC,IAAI,CAAC,CA6Bf"}
|
package/dist/auth/oauth.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { SignJWT, jwtVerify } from 'jose';
|
|
2
2
|
import { createSession } from './session.js';
|
|
3
|
+
import { encryptSecret } from '../security/secret-storage.js';
|
|
3
4
|
const PROVIDER_URLS = {
|
|
4
5
|
google: {
|
|
5
6
|
authorize: 'https://accounts.google.com/o/oauth2/v2/auth',
|
|
@@ -37,15 +38,23 @@ export async function generateCodeChallenge(codeVerifier) {
|
|
|
37
38
|
const digest = await crypto.subtle.digest('SHA-256', encoded);
|
|
38
39
|
return base64url(digest);
|
|
39
40
|
}
|
|
40
|
-
export async function generateState(provider, codeVerifier, returnTo, secret) {
|
|
41
|
+
export async function generateState(provider, codeVerifier, returnTo, secret, nonce) {
|
|
41
42
|
const secretKey = new TextEncoder().encode(secret);
|
|
42
|
-
|
|
43
|
+
const payload = nonce
|
|
44
|
+
? { provider, codeVerifier, returnTo, nonce }
|
|
45
|
+
: { provider, codeVerifier, returnTo };
|
|
46
|
+
return new SignJWT({ ...payload })
|
|
43
47
|
.setProtectedHeader({ alg: 'HS256' })
|
|
44
48
|
.setIssuedAt()
|
|
45
49
|
.setExpirationTime('10m')
|
|
46
50
|
.setIssuer('actuate-cms')
|
|
47
51
|
.sign(secretKey);
|
|
48
52
|
}
|
|
53
|
+
/** Generate a random base64url nonce suitable for binding state to a browser cookie. */
|
|
54
|
+
export function generateOAuthNonce() {
|
|
55
|
+
const bytes = crypto.getRandomValues(new Uint8Array(16));
|
|
56
|
+
return base64url(bytes.buffer);
|
|
57
|
+
}
|
|
49
58
|
export async function verifyState(stateToken, secret) {
|
|
50
59
|
const secretKey = new TextEncoder().encode(secret);
|
|
51
60
|
const { payload } = await jwtVerify(stateToken, secretKey, { issuer: 'actuate-cms' });
|
|
@@ -134,11 +143,19 @@ export async function getUserProfile(provider, accessToken) {
|
|
|
134
143
|
avatar: data.picture,
|
|
135
144
|
};
|
|
136
145
|
}
|
|
137
|
-
export async function handleOAuthCallback(provider, code, stateToken, providers, secret, db) {
|
|
146
|
+
export async function handleOAuthCallback(provider, code, stateToken, providers, secret, db, options = {}) {
|
|
138
147
|
const state = await verifyState(stateToken, secret);
|
|
139
148
|
if (state.provider !== provider) {
|
|
140
149
|
throw new Error('Provider mismatch in OAuth state');
|
|
141
150
|
}
|
|
151
|
+
// Bind the state to the browser that initiated the flow. If the state was
|
|
152
|
+
// signed with a nonce, the same value must come back in the cookie that the
|
|
153
|
+
// /auth/oauth/:provider handler set.
|
|
154
|
+
if (state.nonce) {
|
|
155
|
+
if (!options.expectedNonce || options.expectedNonce !== state.nonce) {
|
|
156
|
+
throw new Error('OAuth state nonce mismatch — possible cross-site flow injection');
|
|
157
|
+
}
|
|
158
|
+
}
|
|
142
159
|
const providerType = provider;
|
|
143
160
|
const providerConfig = providers[providerType];
|
|
144
161
|
if (!providerConfig) {
|
|
@@ -149,26 +166,75 @@ export async function handleOAuthCallback(provider, code, stateToken, providers,
|
|
|
149
166
|
if (!profile.email) {
|
|
150
167
|
throw new Error('OAuth provider did not return an email address');
|
|
151
168
|
}
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
169
|
+
const normalizedEmail = profile.email.toLowerCase().trim();
|
|
170
|
+
// Lookup precedence:
|
|
171
|
+
// 1. An existing OAuth account with the same (provider, providerAccountId).
|
|
172
|
+
// This is the only safe auto-link target — the provider asserted that
|
|
173
|
+
// this account is the same one the user previously linked.
|
|
174
|
+
// 2. Otherwise, an existing local user with the same email — but ONLY if
|
|
175
|
+
// they have no password set (i.e., this is a returning OAuth-only user
|
|
176
|
+
// whose account was provisioned by an earlier login). Linking a
|
|
177
|
+
// password-protected account requires the user to be already
|
|
178
|
+
// authenticated (use `linkAccount()` for that flow).
|
|
179
|
+
// 3. Otherwise, self-signup if `allowSelfSignup` is true; otherwise reject.
|
|
180
|
+
const oauthAccount = await db.oAuthAccount?.findUnique?.({
|
|
181
|
+
where: { provider_providerAccountId: { provider, providerAccountId: profile.id } },
|
|
182
|
+
include: { user: true },
|
|
183
|
+
}).catch(() => null);
|
|
184
|
+
let user = oauthAccount?.user ?? null;
|
|
185
|
+
if (!user) {
|
|
186
|
+
const candidate = await db.user.findFirst({
|
|
187
|
+
where: { email: { equals: normalizedEmail, mode: 'insensitive' } },
|
|
159
188
|
});
|
|
189
|
+
if (candidate) {
|
|
190
|
+
const hasPassword = typeof candidate.passwordHash === 'string' && candidate.passwordHash.length > 0;
|
|
191
|
+
if (hasPassword) {
|
|
192
|
+
// Refuse to silently link a password-protected account on the basis of
|
|
193
|
+
// a matched email. The legitimate user must explicitly link their
|
|
194
|
+
// account from inside the admin (an authenticated session).
|
|
195
|
+
throw new Error('An account already exists for this email. Sign in with your password and link your account from Settings to enable OAuth.');
|
|
196
|
+
}
|
|
197
|
+
user = candidate;
|
|
198
|
+
}
|
|
160
199
|
}
|
|
161
|
-
|
|
200
|
+
if (!user) {
|
|
201
|
+
if (!options.allowSelfSignup) {
|
|
202
|
+
throw new Error('No account found for this email. Ask an administrator to invite you before signing in with OAuth.');
|
|
203
|
+
}
|
|
204
|
+
if (options.onProvision) {
|
|
205
|
+
await options.onProvision(profile, provider);
|
|
206
|
+
}
|
|
162
207
|
user = await db.user.create({
|
|
163
208
|
data: {
|
|
164
|
-
email:
|
|
209
|
+
email: normalizedEmail,
|
|
165
210
|
name: profile.name,
|
|
166
211
|
role: 'CLIENT',
|
|
167
212
|
isActive: true,
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
213
|
+
passwordHash: null,
|
|
214
|
+
},
|
|
215
|
+
});
|
|
216
|
+
}
|
|
217
|
+
// Ensure an OAuthAccount row exists for this (provider, providerAccountId)
|
|
218
|
+
// and store the access/refresh tokens encrypted at rest. Use upsert against
|
|
219
|
+
// the unique compound index so we never overwrite a different user's link.
|
|
220
|
+
if (db.oAuthAccount?.upsert) {
|
|
221
|
+
const accessTokenEncrypted = tokens.access_token ? await encryptSecret(tokens.access_token) : null;
|
|
222
|
+
const refreshTokenEncrypted = tokens.refresh_token ? await encryptSecret(tokens.refresh_token) : null;
|
|
223
|
+
await db.oAuthAccount.upsert({
|
|
224
|
+
where: { provider_providerAccountId: { provider, providerAccountId: profile.id } },
|
|
225
|
+
create: {
|
|
226
|
+
userId: user.id,
|
|
227
|
+
provider,
|
|
228
|
+
providerAccountId: profile.id,
|
|
229
|
+
accessToken: accessTokenEncrypted,
|
|
230
|
+
refreshToken: refreshTokenEncrypted,
|
|
231
|
+
},
|
|
232
|
+
update: {
|
|
233
|
+
accessToken: accessTokenEncrypted,
|
|
234
|
+
refreshToken: refreshTokenEncrypted,
|
|
171
235
|
},
|
|
236
|
+
}).catch((err) => {
|
|
237
|
+
console.error('[actuate][oauth] Failed to persist OAuthAccount:', err instanceof Error ? err.message : err);
|
|
172
238
|
});
|
|
173
239
|
}
|
|
174
240
|
const oauthSession = await db.session.create({
|
|
@@ -191,11 +257,34 @@ export async function initiateOAuth(_providerConfig, _callbackUrl) {
|
|
|
191
257
|
export async function handleCallback(_providerConfig, _code, _state) {
|
|
192
258
|
throw new Error('Use handleOAuthCallback instead');
|
|
193
259
|
}
|
|
194
|
-
/** Link an OAuth account to an existing user. */
|
|
260
|
+
/** Link an OAuth account to an existing, already-authenticated user. */
|
|
195
261
|
export async function linkAccount(userId, result, db) {
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
262
|
+
const d = db;
|
|
263
|
+
const accessToken = result.accessToken ? await encryptSecret(result.accessToken) : null;
|
|
264
|
+
const refreshToken = result.refreshToken ? await encryptSecret(result.refreshToken) : null;
|
|
265
|
+
if (d.oAuthAccount?.upsert) {
|
|
266
|
+
await d.oAuthAccount.upsert({
|
|
267
|
+
where: {
|
|
268
|
+
provider_providerAccountId: {
|
|
269
|
+
provider: result.provider,
|
|
270
|
+
providerAccountId: result.providerAccountId,
|
|
271
|
+
},
|
|
272
|
+
},
|
|
273
|
+
create: {
|
|
274
|
+
userId,
|
|
275
|
+
provider: result.provider,
|
|
276
|
+
providerAccountId: result.providerAccountId,
|
|
277
|
+
accessToken,
|
|
278
|
+
refreshToken,
|
|
279
|
+
expiresAt: result.expiresAt ?? null,
|
|
280
|
+
},
|
|
281
|
+
update: {
|
|
282
|
+
userId,
|
|
283
|
+
accessToken,
|
|
284
|
+
refreshToken,
|
|
285
|
+
expiresAt: result.expiresAt ?? null,
|
|
286
|
+
},
|
|
287
|
+
});
|
|
288
|
+
}
|
|
200
289
|
}
|
|
201
290
|
//# sourceMappingURL=oauth.js.map
|
package/dist/auth/oauth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AA0D9D,MAAM,aAAa,GAAG;IACpB,MAAM,EAAE;QACN,SAAS,EAAE,8CAA8C;QACzD,KAAK,EAAE,qCAAqC;QAC5C,QAAQ,EAAE,+CAA+C;QACzD,MAAM,EAAE,sBAAsB;KAC/B;IACD,MAAM,EAAE;QACN,SAAS,EAAE,0CAA0C;QACrD,KAAK,EAAE,6CAA6C;QACpD,QAAQ,EAAE,6BAA6B;QACvC,MAAM,EAAE,sBAAsB;KAC/B;IACD,SAAS,EAAE;QACT,SAAS,EAAE,gEAAgE;QAC3E,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,qCAAqC;QAC/C,MAAM,EAAE,sBAAsB;KAC/B;CACO,CAAC;AAIX,SAAS,SAAS,CAAC,MAAmB;IACpC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACjF,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,YAAoB;IAC9D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC9D,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAgB,EAChB,YAAoB,EACpB,QAAgB,EAChB,MAAc,EACd,KAAc;IAEd,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnD,MAAM,OAAO,GAAe,KAAK;QAC/B,CAAC,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE;QAC7C,CAAC,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;IACzC,OAAO,IAAI,OAAO,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC;SAC/B,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;SACpC,WAAW,EAAE;SACb,iBAAiB,CAAC,KAAK,CAAC;SACxB,SAAS,CAAC,aAAa,CAAC;SACxB,IAAI,CAAC,SAAS,CAAC,CAAC;AACrB,CAAC;AAED,wFAAwF;AACxF,MAAM,UAAU,kBAAkB;IAChC,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,UAAkB,EAAE,MAAc;IAClE,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;IACtF,OAAO,OAAgC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,QAA2B,EAC3B,MAA2B,EAC3B,KAAa,EACb,aAAqB;IAErB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,aAAa,EAAE,MAAM;QACrB,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,KAAK,EAAE,IAAI,CAAC,MAAM;QAClB,KAAK;QACL,cAAc,EAAE,aAAa;QAC7B,qBAAqB,EAAE,MAAM;KAC9B,CAAC,CAAC;IAEH,OAAO,GAAG,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;AAClD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,QAA2B,EAC3B,IAAY,EACZ,YAAoB,EACpB,MAA2B;IAE3B,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAErC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,oBAAoB;QAChC,IAAI;QACJ,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;QAClC,aAAa,EAAE,YAAY;KAC5B,CAAC,CAAC;IAEH,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,mCAAmC;KACpD,CAAC;IACF,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,CAAC,QAAQ,CAAC,GAAG,kBAAkB,CAAC;IACzC,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAE7F,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAA2B,EAC3B,WAAmB;IAEnB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAErC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;QAC1C,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;KACpD,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAEnC,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,KAAK,GAAW,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QACrC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,oCAAoC,EAAE;gBACjE,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,WAAW,EAAE;oBACtC,MAAM,EAAE,6BAA6B;iBACtC;aACF,CAAC,CAAC;YACH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAmE,CAAC;gBACtG,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAC9F,IAAI,OAAO;oBAAE,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;YACrC,CAAC;QACH,CAAC;QACD,OAAO;YACL,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACnB,KAAK;YACL,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,IAAI,EAAE;YACnC,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC7B,OAAO;YACL,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,iBAAiB,IAAI,EAAE;YAChD,IAAI,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE;SAC7B,CAAC;IACJ,CAAC;IAED,SAAS;IACT,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,GAAG;QACZ,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,EAAE;QACvB,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;QACrB,MAAM,EAAE,IAAI,CAAC,OAAO;KACrB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,QAAgB,EAChB,IAAY,EACZ,UAAkB,EAClB,SAAyB,EACzB,MAAc,EACd,EAAO,EACP,UAAoE,EAAE;IAEtE,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAEpD,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,0EAA0E;IAC1E,4EAA4E;IAC5E,qCAAqC;IACrC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,IAAI,CAAC,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,aAAa,KAAK,KAAK,CAAC,KAAK,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,QAA6B,CAAC;IACnD,MAAM,cAAc,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC;IAC/C,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,qBAAqB,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IACnG,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IAExE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAE3D,qBAAqB;IACrB,8EAA8E;IAC9E,2EAA2E;IAC3E,gEAAgE;IAChE,2EAA2E;IAC3E,4EAA4E;IAC5E,qEAAqE;IACrE,kEAAkE;IAClE,0DAA0D;IAC1D,8EAA8E;IAC9E,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC,YAAY,EAAE,UAAU,EAAE,CAAC;QACvD,KAAK,EAAE,EAAE,0BAA0B,EAAE,EAAE,QAAQ,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE;QAClF,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;KACxB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IAErB,IAAI,IAAI,GAAG,YAAY,EAAE,IAAI,IAAI,IAAI,CAAC;IAEtC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;YACxC,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE;SACnE,CAAC,CAAC;QAEH,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,WAAW,GAAG,OAAO,SAAS,CAAC,YAAY,KAAK,QAAQ,IAAI,SAAS,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;YACpG,IAAI,WAAW,EAAE,CAAC;gBAChB,uEAAuE;gBACvE,kEAAkE;gBAClE,4DAA4D;gBAC5D,MAAM,IAAI,KAAK,CACb,2HAA2H,CAC5H,CAAC;YACJ,CAAC;YACD,IAAI,GAAG,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YAC1B,IAAI,EAAE;gBACJ,KAAK,EAAE,eAAe;gBACtB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,IAAI;gBACd,YAAY,EAAE,IAAI;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,2EAA2E;IAC3E,4EAA4E;IAC5E,2EAA2E;IAC3E,IAAI,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;QAC5B,MAAM,oBAAoB,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACnG,MAAM,qBAAqB,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEtG,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC3B,KAAK,EAAE,EAAE,0BAA0B,EAAE,EAAE,QAAQ,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE;YAClF,MAAM,EAAE;gBACN,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,QAAQ;gBACR,iBAAiB,EAAE,OAAO,CAAC,EAAE;gBAC7B,WAAW,EAAE,oBAAoB;gBACjC,YAAY,EAAE,qBAAqB;aACpC;YACD,MAAM,EAAE;gBACN,WAAW,EAAE,oBAAoB;gBACjC,YAAY,EAAE,qBAAqB;aACpC;SACF,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;YACxB,OAAO,CAAC,KAAK,CAAC,kDAAkD,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC9G,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;QAC3C,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;SAC1D;KACF,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,MAAM,aAAa,CAC/B,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,YAAY,CAAC,EAAE,EAAE,EAChE,EAAE,MAAM,EAAE,CACX,CAAC;IAEF,OAAO;QACL,KAAK;QACL,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;KAC3E,CAAC;AACJ,CAAC;AAED,uGAAuG;AACvG,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,eAAmC,EACnC,YAAoB;IAEpB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED,qGAAqG;AACrG,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,eAAmC,EACnC,KAAa,EACb,MAAkB;IAElB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;AACrD,CAAC;AAED,wEAAwE;AACxE,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAc,EACd,MAA2B,EAC3B,EAAW;IAEX,MAAM,CAAC,GAAG,EAAS,CAAC;IACpB,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,aAAa,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxF,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE3F,IAAI,CAAC,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC;YAC1B,KAAK,EAAE;gBACL,0BAA0B,EAAE;oBAC1B,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;iBAC5C;aACF;YACD,MAAM,EAAE;gBACN,MAAM;gBACN,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;gBAC3C,WAAW;gBACX,YAAY;gBACZ,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI;aACpC;YACD,MAAM,EAAE;gBACN,MAAM;gBACN,WAAW;gBACX,YAAY;gBACZ,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI;aACpC;SACF,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
|
package/dist/auth/reset.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"reset.d.ts","sourceRoot":"","sources":["../../src/auth/reset.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;CACd;AAID,4EAA4E;AAC5E,wBAAgB,kBAAkB,IAAI,UAAU,CAI/C;AAED,2EAA2E;AAC3E,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE7C;AAED;;;;GAIG;AACH,wBAAsB,mBAAmB,CACvC,EAAE,EAAE,GAAG,EACP,KAAK,EAAE,MAAM,EACb,MAAM,EAAE;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE;YAAE,IAAI,EAAE,CAAC,IAAI,EAAE;gBAAE,EAAE,EAAE,MAAM,CAAC;gBAAC,OAAO,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAC;gBAAC,IAAI,CAAC,EAAE,MAAM,CAAA;aAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;SAAE,CAAA;KAAE,CAAA;CAAE,GAClJ,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"reset.d.ts","sourceRoot":"","sources":["../../src/auth/reset.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;CACd;AAID,4EAA4E;AAC5E,wBAAgB,kBAAkB,IAAI,UAAU,CAI/C;AAED,2EAA2E;AAC3E,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE7C;AAED;;;;GAIG;AACH,wBAAsB,mBAAmB,CACvC,EAAE,EAAE,GAAG,EACP,KAAK,EAAE,MAAM,EACb,MAAM,EAAE;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE;YAAE,IAAI,EAAE,CAAC,IAAI,EAAE;gBAAE,EAAE,EAAE,MAAM,CAAC;gBAAC,OAAO,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAC;gBAAC,IAAI,CAAC,EAAE,MAAM,CAAA;aAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;SAAE,CAAA;KAAE,CAAA;CAAE,GAClJ,OAAO,CAAC,IAAI,CAAC,CAqCf;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,EAAE,EAAE,GAAG,EACP,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAuD/C"}
|
package/dist/auth/reset.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { randomBytes, createHash } from "node:crypto";
|
|
2
|
-
import { hashPassword } from "./password.js";
|
|
2
|
+
import { hashPassword, validatePasswordPolicy } from "./password.js";
|
|
3
3
|
const TOKEN_EXPIRY_MS = 60 * 60 * 1000; // 1 hour
|
|
4
4
|
/** Generate a cryptographically random reset token and its SHA-256 hash. */
|
|
5
5
|
export function generateResetToken() {
|
|
@@ -17,7 +17,15 @@ export function hashToken(raw) {
|
|
|
17
17
|
* to prevent user enumeration.
|
|
18
18
|
*/
|
|
19
19
|
export async function createPasswordReset(db, email, config) {
|
|
20
|
-
|
|
20
|
+
// Normalise the email so signup and reset agree on the same canonical form.
|
|
21
|
+
// Without this a user who signed up with "Brad@Example.com " can lose access
|
|
22
|
+
// simply because the lookup uses a slightly different string.
|
|
23
|
+
const normalized = email.toLowerCase().trim();
|
|
24
|
+
if (!normalized)
|
|
25
|
+
return;
|
|
26
|
+
const user = await db.user.findFirst({
|
|
27
|
+
where: { email: { equals: normalized, mode: 'insensitive' } },
|
|
28
|
+
});
|
|
21
29
|
if (!user || !user.isActive)
|
|
22
30
|
return;
|
|
23
31
|
await db.passwordResetToken.updateMany({
|
|
@@ -63,6 +71,22 @@ export async function executePasswordReset(db, rawToken, newPassword) {
|
|
|
63
71
|
if (!resetToken.user.isActive) {
|
|
64
72
|
return { success: false, error: "This account has been deactivated." };
|
|
65
73
|
}
|
|
74
|
+
// Enforce the same password policy that the rest of the app uses. Without
|
|
75
|
+
// this, the reset endpoint becomes a back-door for weak passwords. We use
|
|
76
|
+
// a sensible default; integrators that want stricter rules should call
|
|
77
|
+
// this through their own wrapper.
|
|
78
|
+
const cmsConfig = globalThis.__actuateConfig;
|
|
79
|
+
const passwordPolicy = cmsConfig?.auth?.passwordPolicy ?? {
|
|
80
|
+
minLength: 12,
|
|
81
|
+
requireUppercase: true,
|
|
82
|
+
requireLowercase: true,
|
|
83
|
+
requireNumbers: true,
|
|
84
|
+
requireSpecialChars: false,
|
|
85
|
+
};
|
|
86
|
+
const policy = validatePasswordPolicy(newPassword, passwordPolicy);
|
|
87
|
+
if (!policy.valid) {
|
|
88
|
+
return { success: false, error: policy.errors[0] ?? 'Password does not meet requirements.' };
|
|
89
|
+
}
|
|
66
90
|
const passwordHash = await hashPassword(newPassword);
|
|
67
91
|
await db.$transaction([
|
|
68
92
|
db.user.update({
|
package/dist/auth/reset.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"reset.js","sourceRoot":"","sources":["../../src/auth/reset.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"reset.js","sourceRoot":"","sources":["../../src/auth/reset.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AAOrE,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;AAEjD,4EAA4E;AAC5E,MAAM,UAAU,kBAAkB;IAChC,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5D,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;AACvB,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,SAAS,CAAC,GAAW;IACnC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACxD,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,EAAO,EACP,KAAa,EACb,MAAmJ;IAEnJ,4EAA4E;IAC5E,6EAA6E;IAC7E,8DAA8D;IAC9D,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAC9C,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;QACnC,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE;KAC9D,CAAC,CAAC;IACH,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ;QAAE,OAAO;IAEpC,MAAM,EAAE,CAAC,kBAAkB,CAAC,UAAU,CAAC;QACrC,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;QACxC,IAAI,EAAE,EAAE,MAAM,EAAE,IAAI,IAAI,EAAE,EAAE;KAC7B,CAAC,CAAC;IAEH,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,kBAAkB,EAAE,CAAC;IAC3C,MAAM,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC;QACjC,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,SAAS,EAAE,IAAI;YACf,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;SAClD;KACF,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,OAAO,+BAA+B,GAAG,EAAE,CAAC;QACvE,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACnE,MAAM,GAAG,GAAG,qBAAqB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACrE,MAAM,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC;YAC/B,EAAE,EAAE,IAAI,CAAC,KAAK;YACd,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI,EAAE,GAAG,CAAC,IAAI;SACf,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,EAAO,EACP,QAAgB,EAChB,WAAmB;IAEnB,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAEtC,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,kBAAkB,CAAC,SAAS,CAAC;QACvD,KAAK,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE;QAClC,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;KACxB,CAAC,CAAC;IAEH,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC;IACrE,CAAC;IAED,IAAI,UAAU,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QACtC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,wDAAwD,EAAE,CAAC;IAC7F,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC;IACzE,CAAC;IAED,0EAA0E;IAC1E,0EAA0E;IAC1E,uEAAuE;IACvE,kCAAkC;IAClC,MAAM,SAAS,GAAI,UAAkB,CAAC,eAAe,CAAC;IACtD,MAAM,cAAc,GAAG,SAAS,EAAE,IAAI,EAAE,cAAc,IAAI;QACxD,SAAS,EAAE,EAAE;QACb,gBAAgB,EAAE,IAAI;QACtB,gBAAgB,EAAE,IAAI;QACtB,cAAc,EAAE,IAAI;QACpB,mBAAmB,EAAE,KAAK;KAC3B,CAAC;IACF,MAAM,MAAM,GAAG,sBAAsB,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IACnE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,sCAAsC,EAAE,CAAC;IAC/F,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,CAAC;IAErD,MAAM,EAAE,CAAC,YAAY,CAAC;QACpB,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACb,KAAK,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,MAAM,EAAE;YAChC,IAAI,EAAE,EAAE,YAAY,EAAE;SACvB,CAAC;QACF,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC;YAC3B,KAAK,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE;YAC5B,IAAI,EAAE,EAAE,MAAM,EAAE,IAAI,IAAI,EAAE,EAAE;SAC7B,CAAC;QACF,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC;YACpB,KAAK,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE;YACrD,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SAChC,CAAC;KACH,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC"}
|
package/dist/auth/session.d.ts
CHANGED
|
@@ -16,6 +16,13 @@ export declare function createSession(payload: SessionPayload, options: SessionO
|
|
|
16
16
|
export declare function verifySession(token: string, options: SessionOptions): Promise<SessionPayload>;
|
|
17
17
|
/** Revoke a session by marking it in the database. */
|
|
18
18
|
export declare function revokeSession(sessionId: string, db: any): Promise<void>;
|
|
19
|
-
/**
|
|
20
|
-
|
|
19
|
+
/**
|
|
20
|
+
* Refresh a session token, issuing a new JWT with an extended expiry.
|
|
21
|
+
*
|
|
22
|
+
* When `db` is supplied, the existing `Session` row is verified to be active
|
|
23
|
+
* and its `expiresAt` is extended in lockstep with the new JWT. Without that
|
|
24
|
+
* check, a revoked session that was still in a user's cookie could be
|
|
25
|
+
* "un-revoked" simply by refreshing it.
|
|
26
|
+
*/
|
|
27
|
+
export declare function refreshSession(token: string, options: SessionOptions, db?: any): Promise<string>;
|
|
21
28
|
//# sourceMappingURL=session.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/auth/session.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAID,yCAAyC;AACzC,wBAAsB,aAAa,CACjC,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,MAAM,CAAC,CASjB;AAED,6CAA6C;AAC7C,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,cAAc,CAAC,CAOzB;AAED,sDAAsD;AACtD,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAK7E;AAED
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/auth/session.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAID,yCAAyC;AACzC,wBAAsB,aAAa,CACjC,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,MAAM,CAAC,CASjB;AAED,6CAA6C;AAC7C,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,cAAc,CAAC,CAOzB;AAED,sDAAsD;AACtD,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAK7E;AAED;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAClC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,cAAc,EACvB,EAAE,CAAC,EAAE,GAAG,GACP,OAAO,CAAC,MAAM,CAAC,CAgBjB"}
|
package/dist/auth/session.js
CHANGED
|
@@ -27,9 +27,27 @@ export async function revokeSession(sessionId, db) {
|
|
|
27
27
|
data: { revokedAt: new Date() },
|
|
28
28
|
});
|
|
29
29
|
}
|
|
30
|
-
/**
|
|
31
|
-
|
|
30
|
+
/**
|
|
31
|
+
* Refresh a session token, issuing a new JWT with an extended expiry.
|
|
32
|
+
*
|
|
33
|
+
* When `db` is supplied, the existing `Session` row is verified to be active
|
|
34
|
+
* and its `expiresAt` is extended in lockstep with the new JWT. Without that
|
|
35
|
+
* check, a revoked session that was still in a user's cookie could be
|
|
36
|
+
* "un-revoked" simply by refreshing it.
|
|
37
|
+
*/
|
|
38
|
+
export async function refreshSession(token, options, db) {
|
|
32
39
|
const payload = await verifySession(token, options);
|
|
40
|
+
if (db) {
|
|
41
|
+
const session = await db.session.findUnique({ where: { id: payload.sessionId } });
|
|
42
|
+
if (!session || session.revokedAt || session.expiresAt < new Date()) {
|
|
43
|
+
throw new Error('Session is no longer active');
|
|
44
|
+
}
|
|
45
|
+
const maxAge = options.maxAge ?? DEFAULT_MAX_AGE;
|
|
46
|
+
await db.session.update({
|
|
47
|
+
where: { id: payload.sessionId },
|
|
48
|
+
data: { expiresAt: new Date(Date.now() + maxAge * 1000) },
|
|
49
|
+
});
|
|
50
|
+
}
|
|
33
51
|
return createSession(payload, options);
|
|
34
52
|
}
|
|
35
53
|
//# sourceMappingURL=session.js.map
|