@actuate-media/cms-core 0.11.2 → 0.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/api/cron-routes.test.d.ts +2 -0
- package/dist/__tests__/api/cron-routes.test.d.ts.map +1 -0
- package/dist/__tests__/api/cron-routes.test.js +67 -0
- package/dist/__tests__/api/cron-routes.test.js.map +1 -0
- package/dist/__tests__/api/health.test.d.ts +2 -0
- package/dist/__tests__/api/health.test.d.ts.map +1 -0
- package/dist/__tests__/api/health.test.js +140 -0
- package/dist/__tests__/api/health.test.js.map +1 -0
- package/dist/__tests__/auth/oauth.test.d.ts +2 -0
- package/dist/__tests__/auth/oauth.test.d.ts.map +1 -0
- package/dist/__tests__/auth/oauth.test.js +406 -0
- package/dist/__tests__/auth/oauth.test.js.map +1 -0
- package/dist/__tests__/auth/password.test.js +82 -3
- package/dist/__tests__/auth/password.test.js.map +1 -1
- package/dist/__tests__/auth/reset.test.d.ts +2 -0
- package/dist/__tests__/auth/reset.test.d.ts.map +1 -0
- package/dist/__tests__/auth/reset.test.js +303 -0
- package/dist/__tests__/auth/reset.test.js.map +1 -0
- package/dist/__tests__/auth/session.test.js +54 -1
- package/dist/__tests__/auth/session.test.js.map +1 -1
- package/dist/__tests__/cron/cron.test.d.ts +2 -0
- package/dist/__tests__/cron/cron.test.d.ts.map +1 -0
- package/dist/__tests__/cron/cron.test.js +262 -0
- package/dist/__tests__/cron/cron.test.js.map +1 -0
- package/dist/__tests__/diagnostics/env.test.d.ts +2 -0
- package/dist/__tests__/diagnostics/env.test.d.ts.map +1 -0
- package/dist/__tests__/diagnostics/env.test.js +119 -0
- package/dist/__tests__/diagnostics/env.test.js.map +1 -0
- package/dist/__tests__/diagnostics/logger.test.d.ts +2 -0
- package/dist/__tests__/diagnostics/logger.test.d.ts.map +1 -0
- package/dist/__tests__/diagnostics/logger.test.js +111 -0
- package/dist/__tests__/diagnostics/logger.test.js.map +1 -0
- package/dist/__tests__/security/encrypted-fields.test.d.ts +2 -0
- package/dist/__tests__/security/encrypted-fields.test.d.ts.map +1 -0
- package/dist/__tests__/security/encrypted-fields.test.js +60 -0
- package/dist/__tests__/security/encrypted-fields.test.js.map +1 -0
- package/dist/__tests__/security/rate-limit.test.js +42 -0
- package/dist/__tests__/security/rate-limit.test.js.map +1 -1
- package/dist/__tests__/security/safe-fetch.test.d.ts +2 -0
- package/dist/__tests__/security/safe-fetch.test.d.ts.map +1 -0
- package/dist/__tests__/security/safe-fetch.test.js +97 -0
- package/dist/__tests__/security/safe-fetch.test.js.map +1 -0
- package/dist/__tests__/security/ssrf.test.d.ts +2 -0
- package/dist/__tests__/security/ssrf.test.d.ts.map +1 -0
- package/dist/__tests__/security/ssrf.test.js +209 -0
- package/dist/__tests__/security/ssrf.test.js.map +1 -0
- package/dist/actions.d.ts.map +1 -1
- package/dist/actions.js +7 -6
- package/dist/actions.js.map +1 -1
- package/dist/api/handler-factory.d.ts.map +1 -1
- package/dist/api/handler-factory.js +15 -6
- package/dist/api/handler-factory.js.map +1 -1
- package/dist/api/handlers.d.ts.map +1 -1
- package/dist/api/handlers.js +165 -26
- package/dist/api/handlers.js.map +1 -1
- package/dist/auth/oauth.d.ts +8 -0
- package/dist/auth/oauth.d.ts.map +1 -1
- package/dist/auth/oauth.js +44 -2
- package/dist/auth/oauth.js.map +1 -1
- package/dist/auth/password.d.ts +35 -2
- package/dist/auth/password.d.ts.map +1 -1
- package/dist/auth/password.js +97 -7
- package/dist/auth/password.js.map +1 -1
- package/dist/auth/reset.d.ts.map +1 -1
- package/dist/auth/reset.js +2 -1
- package/dist/auth/reset.js.map +1 -1
- package/dist/auth/session.d.ts +9 -0
- package/dist/auth/session.d.ts.map +1 -1
- package/dist/auth/session.js +54 -1
- package/dist/auth/session.js.map +1 -1
- package/dist/config/runtime.d.ts +99 -0
- package/dist/config/runtime.d.ts.map +1 -0
- package/dist/config/runtime.js +43 -0
- package/dist/config/runtime.js.map +1 -0
- package/dist/config/types.d.ts +21 -0
- package/dist/config/types.d.ts.map +1 -1
- package/dist/cron/index.d.ts +72 -0
- package/dist/cron/index.d.ts.map +1 -0
- package/dist/cron/index.js +222 -0
- package/dist/cron/index.js.map +1 -0
- package/dist/diagnostics/env.d.ts +44 -0
- package/dist/diagnostics/env.d.ts.map +1 -0
- package/dist/diagnostics/env.js +293 -0
- package/dist/diagnostics/env.js.map +1 -0
- package/dist/diagnostics/logger.d.ts +38 -0
- package/dist/diagnostics/logger.d.ts.map +1 -0
- package/dist/diagnostics/logger.js +89 -0
- package/dist/diagnostics/logger.js.map +1 -0
- package/dist/page-builder/blocks.d.ts.map +1 -1
- package/dist/page-builder/blocks.js +6 -1
- package/dist/page-builder/blocks.js.map +1 -1
- package/dist/security/audit.d.ts.map +1 -1
- package/dist/security/audit.js +3 -1
- package/dist/security/audit.js.map +1 -1
- package/dist/security/encrypted-fields.d.ts +9 -0
- package/dist/security/encrypted-fields.d.ts.map +1 -1
- package/dist/security/encrypted-fields.js +52 -1
- package/dist/security/encrypted-fields.js.map +1 -1
- package/dist/security/ip-canon.d.ts +71 -0
- package/dist/security/ip-canon.d.ts.map +1 -0
- package/dist/security/ip-canon.js +352 -0
- package/dist/security/ip-canon.js.map +1 -0
- package/dist/security/rate-limit.d.ts +8 -0
- package/dist/security/rate-limit.d.ts.map +1 -1
- package/dist/security/rate-limit.js +81 -3
- package/dist/security/rate-limit.js.map +1 -1
- package/dist/security/safe-fetch.d.ts +30 -8
- package/dist/security/safe-fetch.d.ts.map +1 -1
- package/dist/security/safe-fetch.js +32 -6
- package/dist/security/safe-fetch.js.map +1 -1
- package/dist/security/webhook.d.ts +20 -2
- package/dist/security/webhook.d.ts.map +1 -1
- package/dist/security/webhook.js +100 -30
- package/dist/security/webhook.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth.test.js","sourceRoot":"","sources":["../../../src/__tests__/auth/oauth.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAA;AACxE,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,aAAa,EACb,kBAAkB,EAClB,WAAW,EACX,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AAE5B,MAAM,WAAW,GAAG,+CAA+C,CAAA;AACnE,MAAM,SAAS,GAAG,kBAAkB,CAAA;AAEpC,MAAM,eAAe,GAAG;IACtB,QAAQ,EAAE,eAAe;IACzB,YAAY,EAAE,mBAAmB;IACjC,WAAW,EAAE,wDAAwD;CACtE,CAAA;AAED,2EAA2E;AAE3E,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,GAAG,oBAAoB,EAAE,CAAA;QAChC,2EAA2E;QAC3E,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAA;QAC5C,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;IAC9B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,CAAC,GAAG,oBAAoB,EAAE,CAAA;QAChC,MAAM,CAAC,GAAG,oBAAoB,EAAE,CAAA;QAChC,MAAM,CAAC,GAAG,oBAAoB,EAAE,CAAA;QAChC,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACzC,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,yFAAyF;QACzF,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,6CAA6C,CAAA;QAC9D,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,QAAQ,CAAC,CAAA;QACvD,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAA;IACvE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,qCAAqC,CAAC,CAAA;QACpF,MAAM,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAA;QAC7C,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;IACtC,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,CAAC,GAAG,kBAAkB,EAAE,CAAA;QAC9B,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAA;QACrC,6CAA6C;QAC7C,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC3B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAA;QAC3E,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC3B,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,2EAA2E;AAE3E,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAA;QACvC,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC7E,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,CAAA;QACrD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACvC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAC3C,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACxC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,CAAA;IACvC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAA;QAClC,MAAM,KAAK,GAAG,MAAM,aAAa,CAC/B,QAAQ,EACR,oBAAoB,EAAE,EACtB,QAAQ,EACR,WAAW,EACX,KAAK,CACN,CAAA;QACD,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,CAAA;QACrD,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAA;QACvC,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC7E,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,CAAA;QACrD,2EAA2E;QAC3E,mCAAmC;QACnC,MAAM,CAAE,OAA8C,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,CAAA;QAC3E,MAAM,CAAE,OAA8C,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,CAAA;QAC3E,MAAM,CAAE,OAA8C,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,CAAA;IAC7E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,MAAM,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,2CAA2C,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IACjG,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QACxC,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,mDAAmD;QACnD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9B,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QAC7E,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAChC,MAAM,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IACpE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,gEAAgE;QAChE,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACjD,MAAM,IAAI,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC;YAClC,QAAQ,EAAE,QAAQ;YAClB,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,QAAQ,EAAE,GAAG;SACd,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,WAAW,EAAE;aACb,iBAAiB,CAAC,KAAK,CAAC;aACxB,SAAS,CAAC,iBAAiB,CAAC;aAC5B,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IAChE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC;YACvC,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,QAAQ,EAAE,GAAG;SACd,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,WAAW,EAAE;aACb,iBAAiB,CAAC,KAAK,CAAC;aACxB,SAAS,CAAC,aAAa,CAAC;aACxB,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,MAAM,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAA;IAC3F,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC;YACvC,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,GAAG;SACd,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,WAAW,EAAE;aACb,iBAAiB,CAAC,KAAK,CAAC;aACxB,SAAS,CAAC,aAAa,CAAC;aACxB,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,MAAM,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAA;IAC3F,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACjD,MAAM,SAAS,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC;YACvC,QAAQ,EAAE,QAAQ;YAClB,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,QAAQ,EAAE,GAAG;YACb,KAAK,EAAE,KAAK;SACb,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,WAAW,EAAE;aACb,iBAAiB,CAAC,KAAK,CAAC;aACxB,SAAS,CAAC,aAAa,CAAC;aACxB,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,MAAM,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAA;IAC3F,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,2EAA2E;AAE3E,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,QAAQ,EAAE,eAAe,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC,CAAA;QAC/F,MAAM,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAA;QACtF,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC1D,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAA;QACxE,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAA;QAC9E,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QACvD,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAClE,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAClE,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAA;QAC7E,MAAM,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAA;IACpF,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAYF,SAAS,YAAY,CACnB,UAGI,EAAE;IAEN,MAAM,KAAK,GAAe,OAAO,CAAC,KAAK,IAAI,EAAE,CAAA;IAC7C,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,EAAE,CAAA;IACjD,MAAM,QAAQ,GAA2D,EAAE,CAAA;IAE3E,OAAO;QACL,KAAK;QACL,aAAa;QACb,QAAQ;QACR,IAAI,EAAE;YACJ,SAAS,EAAE,EAAE,CAAC,EAAE,CACd,KAAK,EAAE,EAAE,KAAK,EAA0D,EAAE,EAAE;gBAC1E,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,CAAA;gBAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,IAAI,IAAI,CAAA;YACpE,CAAC,CACF;YACD,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,IAAI,EAAkC,EAAE,EAAE;gBAC/D,MAAM,CAAC,GAAa,EAAE,EAAE,EAAE,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,GAAG,IAAI,EAAE,CAAA;gBAC5D,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gBACb,OAAO,CAAC,CAAA;YACV,CAAC,CAAC;SACH;QACD,YAAY,EAAE;YACZ,UAAU,EAAE,EAAE,CAAC,EAAE,CACf,KAAK,EAAE,EACL,KAAK,GAGN,EAAE,EAAE;gBACH,MAAM,CAAC,GAAG,KAAK,CAAC,0BAA0B,CAAA;gBAC1C,MAAM,GAAG,GAAG,aAAa,CAAC,IAAI,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,iBAAiB,KAAK,CAAC,CAAC,iBAAiB,CAChF,CAAA;gBACD,IAAI,CAAC,GAAG;oBAAE,OAAO,IAAI,CAAA;gBACrB,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,CAAA;gBAC3D,OAAO,EAAE,GAAG,GAAG,EAAE,IAAI,EAAE,CAAA;YACzB,CAAC,CACF;YACD,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,EAAO,EAAE,EAAE;gBAC7C,MAAM,CAAC,GAAG,KAAK,CAAC,0BAA0B,CAAA;gBAC1C,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,iBAAiB,KAAK,CAAC,CAAC,iBAAiB,CAChF,CAAA;gBACD,IAAI,QAAQ;oBAAE,OAAO,QAAQ,CAAA;gBAC7B,aAAa,CAAC,IAAI,CAAC;oBACjB,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,iBAAiB,EAAE,CAAC,CAAC,iBAAiB;oBACtC,MAAM,EAAE,MAAM,CAAC,MAAM;iBACtB,CAAC,CAAA;gBACF,OAAO,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;YAChD,CAAC,CAAC;SACH;QACD,OAAO,EAAE;YACP,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,IAAI,EAAiD,EAAE,EAAE;gBAC9E,MAAM,CAAC,GAAG,EAAE,EAAE,EAAE,KAAK,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,GAAG,IAAI,EAAE,CAAA;gBACrD,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gBAChB,OAAO,CAAC,CAAA;YACV,CAAC,CAAC;SACH;KACF,CAAA;AACH,CAAC;AAED,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,MAAM,SAAS,GAAG,EAAE,MAAM,EAAE,eAAe,EAAE,CAAA;IAC7C,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAA;IACtC,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAA;IAE5D,UAAU,CAAC,GAAG,EAAE;QACd,qEAAqE;QACrE,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;IACjD,CAAC,CAAC,CAAA;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,UAAU,CAAC,KAAK,GAAG,aAAa,CAAA;QAChC,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;YACxC,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAA;QACvC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,qBAAqB,CAAA;QACxD,CAAC;QACD,EAAE,CAAC,eAAe,EAAE,CAAA;IACtB,CAAC,CAAC,CAAA;IAEF,SAAS,qBAAqB,CAAC,IAG9B;QACC,UAAU,CAAC,KAAK,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,KAA6B,EAAE,EAAE;YAC/D,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAE,KAAiB,CAAC,GAAG,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAA;YAC5F,IAAI,GAAG,CAAC,QAAQ,CAAC,6BAA6B,CAAC,EAAE,CAAC;gBAChD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,WAAW,IAAI,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,EACxF,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAA;YACH,CAAC;YACD,IAAI,GAAG,CAAC,QAAQ,CAAC,mCAAmC,CAAC,EAAE,CAAC;gBACtD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;oBACb,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;oBACpB,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK;oBACzB,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;iBACxB,CAAC,EACF,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAA;YACH,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAA;QACrD,CAAC,CAAiB,CAAA;IACpB,CAAC;IAED,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,MAAM,EAAE,GAAG,YAAY,EAAE,CAAA;QACzB,MAAM,MAAM,CACV,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,CAAC,CAC3E,CAAC,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;IACxC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAA;QAClC,MAAM,KAAK,GAAG,MAAM,aAAa,CAC/B,QAAQ,EACR,oBAAoB,EAAE,EACtB,SAAS,EACT,WAAW,EACX,KAAK,CACN,CAAA;QACD,MAAM,EAAE,GAAG,YAAY,EAAE,CAAA;QACzB,MAAM,MAAM,CACV,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,EAAE;YACzE,aAAa,EAAE,mBAAmB;SACnC,CAAC,CACH,CAAC,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAA;IACtC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAA;QAClC,MAAM,KAAK,GAAG,MAAM,aAAa,CAC/B,QAAQ,EACR,oBAAoB,EAAE,EACtB,SAAS,EACT,WAAW,EACX,KAAK,CACN,CAAA;QACD,MAAM,EAAE,GAAG,YAAY,EAAE,CAAA;QACzB,MAAM,MAAM,CACV,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,EAAE;YACzE,aAAa,EAAE,IAAI;SACpB,CAAC,CACH,CAAC,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAA;IACtC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,MAAM,EAAE,GAAG,YAAY,EAAE,CAAA;QACzB,MAAM,MAAM,CACV,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,CAAC,CAC3E,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IACrC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,qBAAqB,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAA;QAC5E,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,MAAM,EAAE,GAAG,YAAY,EAAE,CAAA;QACzB,MAAM,MAAM,CACV,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,CAAC,CAC3E,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6DAA6D,EAAE,KAAK,IAAI,EAAE;QAC3E,qBAAqB,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC,CAAA;QAC7F,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,MAAM,EAAE,GAAG,YAAY,EAAE,CAAA;QACzB,MAAM,MAAM,CACV,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,CAAC,CAC3E,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAA;QACrC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAC/C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,qBAAqB,CAAC;YACpB,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE;SACnE,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,YAAY;oBAChB,KAAK,EAAE,iBAAiB;oBACxB,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,QAAQ;oBACd,YAAY,EAAE,uBAAuB;iBACtC;aACF;SACF,CAAC,CAAA;QACF,MAAM,MAAM,CACV,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,CAAC,CAC3E,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IACrC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6EAA6E,EAAE,KAAK,IAAI,EAAE;QAC3F,qBAAqB,CAAC;YACpB,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,IAAI,EAAE,YAAY,EAAE;SACvE,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,cAAc;oBAClB,KAAK,EAAE,mBAAmB;oBAC1B,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,QAAQ;oBACd,YAAY,EAAE,IAAI;iBACnB;aACF;SACF,CAAC,CAAA;QACF,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,CAAC,CAAA;QAC/F,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;QAC3C,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;QAC7C,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,CAAA;IAClD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0EAA0E,EAAE,KAAK,IAAI,EAAE;QACxF,qBAAqB,CAAC;YACpB,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,IAAI,EAAE,YAAY,EAAE;SACvE,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,MAAM,EAAE,GAAG,YAAY,EAAE,CAAA;QACzB,MAAM,WAAW,GAAG,EAAE,CAAC,EAAE,EAAE,CAAA;QAC3B,MAAM,MAAM,GAAG,MAAM,mBAAmB,CACtC,QAAQ,EACR,QAAQ,EACR,KAAK,EACL,SAAS,EACT,WAAW,EACX,EAAE,EACF,EAAE,eAAe,EAAE,IAAI,EAAE,WAAW,EAAE,CACvC,CAAA;QACD,MAAM,CAAC,WAAW,CAAC,CAAC,oBAAoB,EAAE,CAAA;QAC1C,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,CAAA;QAC7C,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAE,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAA;QACtE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;QACnD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACzC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,qBAAqB,CAAC;YACpB,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,kBAAkB,EAAE,IAAI,EAAE,SAAS,EAAE;SACnE,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,MAAM,EAAE,GAAG,YAAY,EAAE,CAAA;QACzB,MAAM,WAAW,GAAG,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE;YAC7B,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;QAC7C,CAAC,CAAC,CAAA;QACF,MAAM,MAAM,CACV,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,EAAE;YACzE,eAAe,EAAE,IAAI;YACrB,WAAW;SACZ,CAAC,CACH,CAAC,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAA;QACvC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAC/C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACrF,qBAAqB,CAAC;YACpB,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,IAAI,EAAE,aAAa,EAAE;SACtE,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,UAAU;oBACd,KAAK,EAAE,iBAAiB,EAAE,qCAAqC;oBAC/D,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,OAAO;oBACb,YAAY,EAAE,mBAAmB;iBAClC;aACF;YACD,aAAa,EAAE,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;SACtF,CAAC,CAAA;QACF,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,CAAC,CAAA;QAC/F,iEAAiE;QACjE,wDAAwD;QACxD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACxC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,qBAAqB,CAAC;YACpB,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,cAAc,EAAE;SAC3E,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;QAC3F,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,QAAQ;oBACZ,KAAK,EAAE,qBAAqB;oBAC5B,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,QAAQ;oBACd,YAAY,EAAE,IAAI;iBACnB;aACF;SACF,CAAC,CAAA;QACF,MAAM,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,CAAC,CAAA;QAChF,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,CAAA;QAChD,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAE,CAAA;QACjD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACvC,0DAA0D;QAC1D,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;IACnE,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}
|
|
@@ -1,15 +1,18 @@
|
|
|
1
1
|
import { describe, it, expect } from 'vitest';
|
|
2
|
-
import { hashPassword, verifyPassword, validatePasswordPolicy } from '../../auth/password.js';
|
|
2
|
+
import { hashPassword, verifyPassword, validatePasswordPolicy, needsRehash, compareToDummyHash, PBKDF2_ITERATIONS, } from '../../auth/password.js';
|
|
3
3
|
describe('hashPassword', () => {
|
|
4
|
-
it(
|
|
4
|
+
it(`returns a string in format "pbkdf2:${PBKDF2_ITERATIONS}:salt:hash"`, async () => {
|
|
5
5
|
const hash = await hashPassword('MySecret123!');
|
|
6
6
|
const parts = hash.split(':');
|
|
7
7
|
expect(parts).toHaveLength(4);
|
|
8
8
|
expect(parts[0]).toBe('pbkdf2');
|
|
9
|
-
expect(parts[1]).toBe(
|
|
9
|
+
expect(parts[1]).toBe(String(PBKDF2_ITERATIONS));
|
|
10
10
|
expect(parts[2]).toMatch(/^[0-9a-f]{32}$/);
|
|
11
11
|
expect(parts[3]).toMatch(/^[0-9a-f]{64}$/);
|
|
12
12
|
});
|
|
13
|
+
it('uses at least 600,000 iterations (OWASP 2023+ guidance)', () => {
|
|
14
|
+
expect(PBKDF2_ITERATIONS).toBeGreaterThanOrEqual(600_000);
|
|
15
|
+
});
|
|
13
16
|
it('produces different hashes for the same password (random salt)', async () => {
|
|
14
17
|
const hash1 = await hashPassword('SamePassword');
|
|
15
18
|
const hash2 = await hashPassword('SamePassword');
|
|
@@ -35,6 +38,82 @@ describe('verifyPassword', () => {
|
|
|
35
38
|
const result = await verifyPassword('anything', 'pbkdf2:100000::');
|
|
36
39
|
expect(result).toBe(false);
|
|
37
40
|
});
|
|
41
|
+
it('verifies legacy 100k-iteration hashes (back-compat)', async () => {
|
|
42
|
+
// Build a legacy-style hash by hand with 100k iterations.
|
|
43
|
+
const password = 'LegacyPass1!';
|
|
44
|
+
const salt = crypto.getRandomValues(new Uint8Array(16));
|
|
45
|
+
const key = await crypto.subtle.importKey('raw', new TextEncoder().encode(password), 'PBKDF2', false, ['deriveBits']);
|
|
46
|
+
const derived = await crypto.subtle.deriveBits({ name: 'PBKDF2', salt, iterations: 100_000, hash: 'SHA-256' }, key, 256);
|
|
47
|
+
const legacy = `pbkdf2:100000:${Buffer.from(salt).toString('hex')}:${Buffer.from(derived).toString('hex')}`;
|
|
48
|
+
expect(await verifyPassword(password, legacy)).toBe(true);
|
|
49
|
+
expect(await verifyPassword('wrong', legacy)).toBe(false);
|
|
50
|
+
});
|
|
51
|
+
it('rejects absurdly low iteration counts (corruption guard)', async () => {
|
|
52
|
+
const result = await verifyPassword('anything', 'pbkdf2:100:abc:def');
|
|
53
|
+
expect(result).toBe(false);
|
|
54
|
+
});
|
|
55
|
+
it('rejects absurdly high iteration counts (DoS guard)', async () => {
|
|
56
|
+
const result = await verifyPassword('anything', 'pbkdf2:99999999:abc:def');
|
|
57
|
+
expect(result).toBe(false);
|
|
58
|
+
});
|
|
59
|
+
});
|
|
60
|
+
describe('needsRehash', () => {
|
|
61
|
+
it('returns true for old 100k-iteration hashes', () => {
|
|
62
|
+
expect(needsRehash('pbkdf2:100000:abc:def')).toBe(true);
|
|
63
|
+
});
|
|
64
|
+
it('returns false for current 600k-iteration hashes', async () => {
|
|
65
|
+
const hash = await hashPassword('Test1234!');
|
|
66
|
+
expect(needsRehash(hash)).toBe(false);
|
|
67
|
+
});
|
|
68
|
+
it('returns false for malformed hash', () => {
|
|
69
|
+
expect(needsRehash('not-a-hash')).toBe(false);
|
|
70
|
+
expect(needsRehash('pbkdf2:notanumber:abc:def')).toBe(false);
|
|
71
|
+
});
|
|
72
|
+
});
|
|
73
|
+
describe('compareToDummyHash', () => {
|
|
74
|
+
it('always returns false (dummy hash never matches a real password)', async () => {
|
|
75
|
+
const a = await compareToDummyHash('any password');
|
|
76
|
+
const b = await compareToDummyHash('different password');
|
|
77
|
+
const c = await compareToDummyHash('');
|
|
78
|
+
expect(a).toBe(false);
|
|
79
|
+
expect(b).toBe(false);
|
|
80
|
+
expect(c).toBe(false);
|
|
81
|
+
});
|
|
82
|
+
it('takes meaningful CPU time (defends user-enumeration timing channel)', async () => {
|
|
83
|
+
// The whole point is that this isn't a no-op. We can't assert exact ms in
|
|
84
|
+
// CI, but we can confirm it doesn't return synchronously.
|
|
85
|
+
const start = performance.now();
|
|
86
|
+
await compareToDummyHash('Some submitted password');
|
|
87
|
+
const elapsed = performance.now() - start;
|
|
88
|
+
// 600k iterations of PBKDF2-HMAC-SHA256 takes ~50-300ms on a typical CI
|
|
89
|
+
// worker. We assert >5ms as a generous lower bound that still catches
|
|
90
|
+
// a stub returning instantly.
|
|
91
|
+
expect(elapsed).toBeGreaterThan(5);
|
|
92
|
+
});
|
|
93
|
+
// Bugbot review #4 (PR #40): the original implementation lazily
|
|
94
|
+
// initialised the dummy hash on first call, making the first non-existent
|
|
95
|
+
// user login take ~2× the time of subsequent ones (one hashPassword +
|
|
96
|
+
// one verifyPassword vs just verifyPassword). That recreated the
|
|
97
|
+
// user-enumeration timing channel the dummy hash exists to close. The
|
|
98
|
+
// fix precomputes the hash via a top-level Promise — by the time the
|
|
99
|
+
// first user request arrives, the work is either done or already
|
|
100
|
+
// in-flight. We can't directly assert "module load started the hash",
|
|
101
|
+
// but we can verify that two back-to-back calls have the same order of
|
|
102
|
+
// magnitude of cost (i.e. the first isn't ~2× the second).
|
|
103
|
+
it('first call is not measurably slower than subsequent calls (eager init)', async () => {
|
|
104
|
+
// Warm up — actual first invocation in the test process.
|
|
105
|
+
const t1 = performance.now();
|
|
106
|
+
await compareToDummyHash('warmup');
|
|
107
|
+
const e1 = performance.now() - t1;
|
|
108
|
+
const t2 = performance.now();
|
|
109
|
+
await compareToDummyHash('subsequent');
|
|
110
|
+
const e2 = performance.now() - t2;
|
|
111
|
+
// The first call should NOT be more than 1.6× the second. Without
|
|
112
|
+
// eager init it was ~2× because it ran hashPassword (600k iter) +
|
|
113
|
+
// verifyPassword (600k iter); after eager init it's just verifyPassword.
|
|
114
|
+
// We use a generous bound to avoid flakes from CI scheduler jitter.
|
|
115
|
+
expect(e1).toBeLessThan(e2 * 1.6 + 50);
|
|
116
|
+
});
|
|
38
117
|
});
|
|
39
118
|
describe('validatePasswordPolicy', () => {
|
|
40
119
|
it('passes when password meets all requirements', () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"password.test.js","sourceRoot":"","sources":["../../../src/__tests__/auth/password.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,
|
|
1
|
+
{"version":3,"file":"password.test.js","sourceRoot":"","sources":["../../../src/__tests__/auth/password.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,EACL,YAAY,EACZ,cAAc,EACd,sBAAsB,EACtB,WAAW,EACX,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,wBAAwB,CAAA;AAE/B,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,sCAAsC,iBAAiB,aAAa,EAAE,KAAK,IAAI,EAAE;QAClF,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,cAAc,CAAC,CAAA;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC7B,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QAC7B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAC/B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAA;QAChD,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;QAC1C,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAC5C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,CAAC,iBAAiB,CAAC,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,cAAc,CAAC,CAAA;QAChD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,cAAc,CAAC,CAAA;QAChD,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC/B,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,gBAAgB,CAAC,CAAA;QACjD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAA;QAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,gBAAgB,CAAC,CAAA;QACjD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAA;QAC5D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAA;QACnE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAA;QAClE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,0DAA0D;QAC1D,MAAM,QAAQ,GAAG,cAAc,CAAA;QAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;QACvD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAClC,QAAQ,EACR,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAA;QACD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAC5C,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAC9D,GAAG,EACH,GAAG,CACJ,CAAA;QACD,MAAM,MAAM,GAAG,iBAAiB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAA;QAC3G,MAAM,CAAC,MAAM,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzD,MAAM,CAAC,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAA;QACrE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,yBAAyB,CAAC,CAAA;QAC1E,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,WAAW,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACzD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,CAAA;QAC5C,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC7C,MAAM,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC9D,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,CAAC,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,CAAA;QAClD,MAAM,CAAC,GAAG,MAAM,kBAAkB,CAAC,oBAAoB,CAAC,CAAA;QACxD,MAAM,CAAC,GAAG,MAAM,kBAAkB,CAAC,EAAE,CAAC,CAAA;QACtC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACrB,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACrB,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACvB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,0EAA0E;QAC1E,0DAA0D;QAC1D,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QAC/B,MAAM,kBAAkB,CAAC,yBAAyB,CAAC,CAAA;QACnD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAA;QACzC,wEAAwE;QACxE,sEAAsE;QACtE,8BAA8B;QAC9B,MAAM,CAAC,OAAO,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC,CAAC,CAAA;IAEF,gEAAgE;IAChE,0EAA0E;IAC1E,sEAAsE;IACtE,iEAAiE;IACjE,sEAAsE;IACtE,qEAAqE;IACrE,iEAAiE;IACjE,sEAAsE;IACtE,uEAAuE;IACvE,2DAA2D;IAC3D,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,yDAAyD;QACzD,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QAC5B,MAAM,kBAAkB,CAAC,QAAQ,CAAC,CAAA;QAClC,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,CAAA;QAEjC,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QAC5B,MAAM,kBAAkB,CAAC,YAAY,CAAC,CAAA;QACtC,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,CAAA;QAEjC,kEAAkE;QAClE,kEAAkE;QAClE,yEAAyE;QACzE,oEAAoE;QACpE,MAAM,CAAC,EAAE,CAAC,CAAC,YAAY,CAAC,EAAE,GAAG,GAAG,GAAG,EAAE,CAAC,CAAA;IACxC,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,MAAM,GAAG,sBAAsB,CAAC,aAAa,EAAE;YACnD,SAAS,EAAE,CAAC;YACZ,gBAAgB,EAAE,IAAI;YACtB,gBAAgB,EAAE,IAAI;YACtB,cAAc,EAAE,IAAI;YACpB,mBAAmB,EAAE,IAAI;SAC1B,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,MAAM,GAAG,sBAAsB,CAAC,MAAM,EAAE;YAC5C,SAAS,EAAE,CAAC;SACb,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,wCAAwC,CAAC,CAAA;IAC3E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,sBAAsB,CAAC,gBAAgB,EAAE;YACtD,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,2CAA2C,CAAC,CAAA;IAC9E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,sBAAsB,CAAC,gBAAgB,EAAE;YACtD,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,0CAA0C,CAAC,CAAA;IAC7E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,MAAM,GAAG,sBAAsB,CAAC,eAAe,EAAE;YACrD,cAAc,EAAE,IAAI;SACrB,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,+BAA+B,CAAC,CAAA;IAClE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,MAAM,GAAG,sBAAsB,CAAC,iBAAiB,EAAE;YACvD,mBAAmB,EAAE,IAAI;SAC1B,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,2CAA2C,CAAC,CAAA;IAC9E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,EAAE;YAC3C,SAAS,EAAE,CAAC;YACZ,gBAAgB,EAAE,IAAI;YACtB,cAAc,EAAE,IAAI;YACpB,mBAAmB,EAAE,IAAI;SAC1B,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,MAAM,GAAG,sBAAsB,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;QACrD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"reset.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/auth/reset.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,303 @@
|
|
|
1
|
+
import { describe, it, expect, vi, beforeEach } from 'vitest';
|
|
2
|
+
import { generateResetToken, hashToken, createPasswordReset, executePasswordReset, } from '../../auth/reset.js';
|
|
3
|
+
import { verifyPassword } from '../../auth/password.js';
|
|
4
|
+
function createFakeDb(initial = {}) {
|
|
5
|
+
const users = initial.users ?? [];
|
|
6
|
+
const tokens = [];
|
|
7
|
+
const sessions = initial.sessions ?? [];
|
|
8
|
+
const emailsSent = [];
|
|
9
|
+
const db = {
|
|
10
|
+
users,
|
|
11
|
+
tokens,
|
|
12
|
+
sessions,
|
|
13
|
+
emailsSent,
|
|
14
|
+
user: {
|
|
15
|
+
findFirst: vi.fn(async ({ where }) => {
|
|
16
|
+
const target = where.email.equals.toLowerCase();
|
|
17
|
+
return users.find((u) => u.email.toLowerCase() === target) ?? null;
|
|
18
|
+
}),
|
|
19
|
+
update: vi.fn(async ({ where, data }) => {
|
|
20
|
+
const u = users.find((u) => u.id === where.id);
|
|
21
|
+
if (u)
|
|
22
|
+
Object.assign(u, data);
|
|
23
|
+
return u;
|
|
24
|
+
}),
|
|
25
|
+
},
|
|
26
|
+
passwordResetToken: {
|
|
27
|
+
findFirst: vi.fn(async ({ where }) => {
|
|
28
|
+
return (tokens.find((t) => t.tokenHash === where.tokenHash && t.usedAt === where.usedAt) ?? null);
|
|
29
|
+
}),
|
|
30
|
+
create: vi.fn(async ({ data }) => {
|
|
31
|
+
const user = users.find((u) => u.id === data.userId);
|
|
32
|
+
const t = {
|
|
33
|
+
id: `rt_${tokens.length + 1}`,
|
|
34
|
+
userId: data.userId,
|
|
35
|
+
tokenHash: data.tokenHash,
|
|
36
|
+
expiresAt: data.expiresAt,
|
|
37
|
+
usedAt: null,
|
|
38
|
+
user,
|
|
39
|
+
};
|
|
40
|
+
tokens.push(t);
|
|
41
|
+
return t;
|
|
42
|
+
}),
|
|
43
|
+
update: vi.fn(async ({ where, data }) => {
|
|
44
|
+
const t = tokens.find((t) => t.id === where.id);
|
|
45
|
+
if (t)
|
|
46
|
+
Object.assign(t, data);
|
|
47
|
+
return t;
|
|
48
|
+
}),
|
|
49
|
+
updateMany: vi.fn(async ({ where, data }) => {
|
|
50
|
+
let count = 0;
|
|
51
|
+
for (const t of tokens) {
|
|
52
|
+
if (t.userId === where.userId && t.usedAt === where.usedAt) {
|
|
53
|
+
Object.assign(t, data);
|
|
54
|
+
count++;
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
return { count };
|
|
58
|
+
}),
|
|
59
|
+
},
|
|
60
|
+
session: {
|
|
61
|
+
updateMany: vi.fn(async ({ where, data }) => {
|
|
62
|
+
let count = 0;
|
|
63
|
+
for (const s of sessions) {
|
|
64
|
+
if (s.userId === where.userId && s.revokedAt === where.revokedAt) {
|
|
65
|
+
Object.assign(s, data);
|
|
66
|
+
count++;
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
return { count };
|
|
70
|
+
}),
|
|
71
|
+
},
|
|
72
|
+
$transaction: vi.fn(async (ops) => Promise.all(ops)),
|
|
73
|
+
};
|
|
74
|
+
return db;
|
|
75
|
+
}
|
|
76
|
+
const TEST_CONFIG = {
|
|
77
|
+
siteUrl: 'https://example.com',
|
|
78
|
+
platform: {
|
|
79
|
+
email: {
|
|
80
|
+
send: vi.fn(),
|
|
81
|
+
},
|
|
82
|
+
},
|
|
83
|
+
};
|
|
84
|
+
beforeEach(() => {
|
|
85
|
+
TEST_CONFIG.platform.email.send.mockClear();
|
|
86
|
+
});
|
|
87
|
+
// ─── Token generation ───────────────────────────────────────────────────
|
|
88
|
+
describe('generateResetToken', () => {
|
|
89
|
+
it('returns a 64-char hex raw token (32 random bytes)', () => {
|
|
90
|
+
const t = generateResetToken();
|
|
91
|
+
expect(t.raw).toMatch(/^[0-9a-f]{64}$/);
|
|
92
|
+
});
|
|
93
|
+
it('returns a SHA-256 hash of the raw token', () => {
|
|
94
|
+
const t = generateResetToken();
|
|
95
|
+
expect(t.hash).toBe(hashToken(t.raw));
|
|
96
|
+
expect(t.hash).toMatch(/^[0-9a-f]{64}$/);
|
|
97
|
+
});
|
|
98
|
+
it('produces unique tokens (≥ 100 entropy bits)', () => {
|
|
99
|
+
const set = new Set(Array.from({ length: 200 }, () => generateResetToken().raw));
|
|
100
|
+
expect(set.size).toBe(200);
|
|
101
|
+
});
|
|
102
|
+
});
|
|
103
|
+
// ─── createPasswordReset (request flow) ─────────────────────────────────
|
|
104
|
+
describe('createPasswordReset', () => {
|
|
105
|
+
it('silently succeeds for an unknown email (user enumeration defence)', async () => {
|
|
106
|
+
const db = createFakeDb();
|
|
107
|
+
await expect(createPasswordReset(db, 'unknown@example.com', TEST_CONFIG)).resolves.toBeUndefined();
|
|
108
|
+
expect(db.passwordResetToken.create).not.toHaveBeenCalled();
|
|
109
|
+
expect(TEST_CONFIG.platform.email.send).not.toHaveBeenCalled();
|
|
110
|
+
});
|
|
111
|
+
it('silently succeeds for a deactivated user (no token, no email)', async () => {
|
|
112
|
+
const db = createFakeDb({
|
|
113
|
+
users: [
|
|
114
|
+
{
|
|
115
|
+
id: 'u_off',
|
|
116
|
+
email: 'off@example.com',
|
|
117
|
+
name: 'Off',
|
|
118
|
+
isActive: false,
|
|
119
|
+
passwordHash: 'pbkdf2:600000:a:b',
|
|
120
|
+
},
|
|
121
|
+
],
|
|
122
|
+
});
|
|
123
|
+
await createPasswordReset(db, 'off@example.com', TEST_CONFIG);
|
|
124
|
+
expect(db.passwordResetToken.create).not.toHaveBeenCalled();
|
|
125
|
+
expect(TEST_CONFIG.platform.email.send).not.toHaveBeenCalled();
|
|
126
|
+
});
|
|
127
|
+
it('creates a token, expires prior outstanding tokens, and sends an email', async () => {
|
|
128
|
+
const db = createFakeDb({
|
|
129
|
+
users: [
|
|
130
|
+
{
|
|
131
|
+
id: 'u_1',
|
|
132
|
+
email: 'a@example.com',
|
|
133
|
+
name: 'A',
|
|
134
|
+
isActive: true,
|
|
135
|
+
passwordHash: 'pbkdf2:600000:a:b',
|
|
136
|
+
},
|
|
137
|
+
],
|
|
138
|
+
});
|
|
139
|
+
await createPasswordReset(db, 'a@example.com', TEST_CONFIG);
|
|
140
|
+
expect(db.passwordResetToken.updateMany).toHaveBeenCalledWith({
|
|
141
|
+
where: { userId: 'u_1', usedAt: null },
|
|
142
|
+
data: { usedAt: expect.any(Date) },
|
|
143
|
+
});
|
|
144
|
+
expect(db.passwordResetToken.create).toHaveBeenCalledOnce();
|
|
145
|
+
expect(TEST_CONFIG.platform.email.send).toHaveBeenCalledOnce();
|
|
146
|
+
const tokenRecord = db.tokens[0];
|
|
147
|
+
// Stored value is the hash, not the raw token
|
|
148
|
+
expect(tokenRecord.tokenHash).toMatch(/^[0-9a-f]{64}$/);
|
|
149
|
+
// 1 hour expiry, give or take a few seconds
|
|
150
|
+
const ttlMs = tokenRecord.expiresAt.getTime() - Date.now();
|
|
151
|
+
expect(ttlMs).toBeGreaterThan(59 * 60 * 1000);
|
|
152
|
+
expect(ttlMs).toBeLessThanOrEqual(60 * 60 * 1000 + 5_000);
|
|
153
|
+
});
|
|
154
|
+
it('puts a fresh raw token into the email URL (not the hash)', async () => {
|
|
155
|
+
const db = createFakeDb({
|
|
156
|
+
users: [
|
|
157
|
+
{
|
|
158
|
+
id: 'u_1',
|
|
159
|
+
email: 'a@example.com',
|
|
160
|
+
name: 'A',
|
|
161
|
+
isActive: true,
|
|
162
|
+
passwordHash: null,
|
|
163
|
+
},
|
|
164
|
+
],
|
|
165
|
+
});
|
|
166
|
+
await createPasswordReset(db, 'A@Example.com ', TEST_CONFIG);
|
|
167
|
+
const sent = TEST_CONFIG.platform.email.send.mock.calls[0][0];
|
|
168
|
+
const tokenInUrl = sent.html.match(/token=([0-9a-f]{64})/)?.[1];
|
|
169
|
+
expect(tokenInUrl).toBeDefined();
|
|
170
|
+
expect(hashToken(tokenInUrl)).toBe(db.tokens[0].tokenHash);
|
|
171
|
+
});
|
|
172
|
+
it('normalises email casing/whitespace before lookup', async () => {
|
|
173
|
+
const db = createFakeDb({
|
|
174
|
+
users: [
|
|
175
|
+
{
|
|
176
|
+
id: 'u_1',
|
|
177
|
+
email: 'a@example.com',
|
|
178
|
+
name: 'A',
|
|
179
|
+
isActive: true,
|
|
180
|
+
passwordHash: null,
|
|
181
|
+
},
|
|
182
|
+
],
|
|
183
|
+
});
|
|
184
|
+
await createPasswordReset(db, ' A@Example.COM ', TEST_CONFIG);
|
|
185
|
+
expect(db.passwordResetToken.create).toHaveBeenCalledOnce();
|
|
186
|
+
});
|
|
187
|
+
it('does nothing when the email is empty / whitespace-only', async () => {
|
|
188
|
+
const db = createFakeDb();
|
|
189
|
+
await createPasswordReset(db, ' ', TEST_CONFIG);
|
|
190
|
+
expect(db.user.findFirst).not.toHaveBeenCalled();
|
|
191
|
+
});
|
|
192
|
+
it('skips email send gracefully when no email adapter is configured', async () => {
|
|
193
|
+
const db = createFakeDb({
|
|
194
|
+
users: [
|
|
195
|
+
{
|
|
196
|
+
id: 'u_1',
|
|
197
|
+
email: 'a@example.com',
|
|
198
|
+
name: 'A',
|
|
199
|
+
isActive: true,
|
|
200
|
+
passwordHash: null,
|
|
201
|
+
},
|
|
202
|
+
],
|
|
203
|
+
});
|
|
204
|
+
await createPasswordReset(db, 'a@example.com', { siteUrl: 'https://e.com' });
|
|
205
|
+
expect(db.passwordResetToken.create).toHaveBeenCalledOnce();
|
|
206
|
+
expect(TEST_CONFIG.platform.email.send).not.toHaveBeenCalled();
|
|
207
|
+
});
|
|
208
|
+
});
|
|
209
|
+
// ─── executePasswordReset (consume flow) ────────────────────────────────
|
|
210
|
+
describe('executePasswordReset', () => {
|
|
211
|
+
function seedDbWithToken(opts = {}) {
|
|
212
|
+
const raw = '0'.repeat(64);
|
|
213
|
+
const db = createFakeDb({
|
|
214
|
+
users: [
|
|
215
|
+
{
|
|
216
|
+
id: 'u_1',
|
|
217
|
+
email: 'a@example.com',
|
|
218
|
+
name: 'A',
|
|
219
|
+
isActive: opts.isActive ?? true,
|
|
220
|
+
passwordHash: null,
|
|
221
|
+
},
|
|
222
|
+
],
|
|
223
|
+
sessions: [
|
|
224
|
+
{ id: 's_active', userId: 'u_1', revokedAt: null },
|
|
225
|
+
{ id: 's_other', userId: 'u_1', revokedAt: null },
|
|
226
|
+
],
|
|
227
|
+
});
|
|
228
|
+
const t = {
|
|
229
|
+
id: 'rt_1',
|
|
230
|
+
userId: 'u_1',
|
|
231
|
+
tokenHash: hashToken(raw),
|
|
232
|
+
expiresAt: opts.expiresAt ?? new Date(Date.now() + 30 * 60 * 1000),
|
|
233
|
+
usedAt: opts.usedAt ?? null,
|
|
234
|
+
user: db.users[0],
|
|
235
|
+
};
|
|
236
|
+
db.tokens.push(t);
|
|
237
|
+
return { db, raw };
|
|
238
|
+
}
|
|
239
|
+
it('rejects an unknown token without leaking which user it belonged to', async () => {
|
|
240
|
+
const { db } = seedDbWithToken();
|
|
241
|
+
const result = await executePasswordReset(db, 'a-token-that-does-not-exist', 'P@ssword1234');
|
|
242
|
+
expect(result.success).toBe(false);
|
|
243
|
+
expect(result.error).toBe('Invalid or expired reset link.');
|
|
244
|
+
expect(db.user.update).not.toHaveBeenCalled();
|
|
245
|
+
});
|
|
246
|
+
it('rejects an expired token', async () => {
|
|
247
|
+
const { db, raw } = seedDbWithToken({
|
|
248
|
+
expiresAt: new Date(Date.now() - 60 * 1000),
|
|
249
|
+
});
|
|
250
|
+
const result = await executePasswordReset(db, raw, 'P@ssword1234');
|
|
251
|
+
expect(result.success).toBe(false);
|
|
252
|
+
expect(result.error).toMatch(/expired/i);
|
|
253
|
+
expect(db.user.update).not.toHaveBeenCalled();
|
|
254
|
+
});
|
|
255
|
+
it('rejects a token that has already been used (single-use)', async () => {
|
|
256
|
+
const { db, raw } = seedDbWithToken({ usedAt: new Date(Date.now() - 1000) });
|
|
257
|
+
const result = await executePasswordReset(db, raw, 'P@ssword1234');
|
|
258
|
+
expect(result.success).toBe(false);
|
|
259
|
+
// The "usedAt: null" filter means the token isn't found -> generic error.
|
|
260
|
+
expect(result.error).toBe('Invalid or expired reset link.');
|
|
261
|
+
});
|
|
262
|
+
it('rejects when the underlying user is deactivated', async () => {
|
|
263
|
+
const { db, raw } = seedDbWithToken({ isActive: false });
|
|
264
|
+
const result = await executePasswordReset(db, raw, 'P@ssword1234');
|
|
265
|
+
expect(result.success).toBe(false);
|
|
266
|
+
expect(result.error).toMatch(/deactivated/i);
|
|
267
|
+
});
|
|
268
|
+
it('rejects passwords that do not meet the default policy', async () => {
|
|
269
|
+
const { db, raw } = seedDbWithToken();
|
|
270
|
+
const tooShort = await executePasswordReset(db, raw, 'short1A');
|
|
271
|
+
expect(tooShort.success).toBe(false);
|
|
272
|
+
const noUpper = await executePasswordReset(db, raw, 'lowercase-only-1234');
|
|
273
|
+
expect(noUpper.success).toBe(false);
|
|
274
|
+
const noNumber = await executePasswordReset(db, raw, 'NoNumbersAtAll!');
|
|
275
|
+
expect(noNumber.success).toBe(false);
|
|
276
|
+
});
|
|
277
|
+
it('updates the password, marks the token used, and revokes all sessions atomically', async () => {
|
|
278
|
+
const { db, raw } = seedDbWithToken();
|
|
279
|
+
const result = await executePasswordReset(db, raw, 'F#reshPassword2026!');
|
|
280
|
+
expect(result.success).toBe(true);
|
|
281
|
+
expect(db.$transaction).toHaveBeenCalledOnce();
|
|
282
|
+
// 1. Password hash was updated
|
|
283
|
+
const user = db.users[0];
|
|
284
|
+
expect(user.passwordHash).toBeTruthy();
|
|
285
|
+
expect(user.passwordHash).toMatch(/^pbkdf2:/);
|
|
286
|
+
// 2. New password actually verifies against the stored hash
|
|
287
|
+
expect(await verifyPassword('F#reshPassword2026!', user.passwordHash)).toBe(true);
|
|
288
|
+
// 3. Token is marked used (single-use enforced for replay attempts)
|
|
289
|
+
const t = db.tokens[0];
|
|
290
|
+
expect(t.usedAt).toBeInstanceOf(Date);
|
|
291
|
+
// 4. All non-revoked sessions revoked
|
|
292
|
+
expect(db.sessions.every((s) => s.revokedAt !== null)).toBe(true);
|
|
293
|
+
});
|
|
294
|
+
it('a second use of the same token after a successful reset is rejected', async () => {
|
|
295
|
+
const { db, raw } = seedDbWithToken();
|
|
296
|
+
const first = await executePasswordReset(db, raw, 'F#reshPassword2026!');
|
|
297
|
+
expect(first.success).toBe(true);
|
|
298
|
+
const second = await executePasswordReset(db, raw, 'AnotherV@lidPwd2026!');
|
|
299
|
+
expect(second.success).toBe(false);
|
|
300
|
+
expect(second.error).toBe('Invalid or expired reset link.');
|
|
301
|
+
});
|
|
302
|
+
});
|
|
303
|
+
//# sourceMappingURL=reset.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"reset.test.js","sourceRoot":"","sources":["../../../src/__tests__/auth/reset.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AAC7D,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAyBvD,SAAS,YAAY,CAAC,UAA4D,EAAE;IAClF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAA;IACjC,MAAM,MAAM,GAAqB,EAAE,CAAA;IACnC,MAAM,QAAQ,GAAkB,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAA;IACtD,MAAM,UAAU,GAA2C,EAAE,CAAA;IAE7D,MAAM,EAAE,GAAG;QACT,KAAK;QACL,MAAM;QACN,QAAQ;QACR,UAAU;QACV,IAAI,EAAE;YACJ,SAAS,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,KAAK,EAAO,EAAE,EAAE;gBACxC,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,CAAA;gBAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,IAAI,IAAI,CAAA;YACpE,CAAC,CAAC;YACF,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,IAAI,EAAO,EAAE,EAAE;gBAC3C,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,EAAE,CAAC,CAAA;gBAC9C,IAAI,CAAC;oBAAE,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;gBAC7B,OAAO,CAAE,CAAA;YACX,CAAC,CAAC;SACH;QACD,kBAAkB,EAAE;YAClB,SAAS,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,KAAK,EAAO,EAAE,EAAE;gBACxC,OAAO,CACL,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,KAAK,CAAC,SAAS,IAAI,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,CAAC,IAAI,IAAI,CACzF,CAAA;YACH,CAAC,CAAC;YACF,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,IAAI,EAAO,EAAE,EAAE;gBACpC,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,MAAM,CAAE,CAAA;gBACrD,MAAM,CAAC,GAAmB;oBACxB,EAAE,EAAE,MAAM,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,MAAM,EAAE,IAAI;oBACZ,IAAI;iBACL,CAAA;gBACD,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gBACd,OAAO,CAAC,CAAA;YACV,CAAC,CAAC;YACF,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,IAAI,EAAO,EAAE,EAAE;gBAC3C,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,EAAE,CAAC,CAAA;gBAC/C,IAAI,CAAC;oBAAE,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;gBAC7B,OAAO,CAAE,CAAA;YACX,CAAC,CAAC;YACF,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,IAAI,EAAO,EAAE,EAAE;gBAC/C,IAAI,KAAK,GAAG,CAAC,CAAA;gBACb,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;oBACvB,IAAI,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;wBAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;wBACtB,KAAK,EAAE,CAAA;oBACT,CAAC;gBACH,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,CAAA;YAClB,CAAC,CAAC;SACH;QACD,OAAO,EAAE;YACP,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,IAAI,EAAO,EAAE,EAAE;gBAC/C,IAAI,KAAK,GAAG,CAAC,CAAA;gBACb,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;oBACzB,IAAI,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK,CAAC,SAAS,EAAE,CAAC;wBACjE,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;wBACtB,KAAK,EAAE,CAAA;oBACT,CAAC;gBACH,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,CAAA;YAClB,CAAC,CAAC;SACH;QACD,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,GAAuB,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;KACzE,CAAA;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED,MAAM,WAAW,GAAG;IAClB,OAAO,EAAE,qBAAqB;IAC9B,QAAQ,EAAE;QACR,KAAK,EAAE;YACL,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE;SACd;KACF;CACF,CAAA;AAED,UAAU,CAAC,GAAG,EAAE;IACd,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,CAAA;AAC7C,CAAC,CAAC,CAAA;AAEF,2EAA2E;AAE3E,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,CAAC,GAAG,kBAAkB,EAAE,CAAA;QAC9B,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IACzC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,CAAC,GAAG,kBAAkB,EAAE,CAAA;QAC9B,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QACrC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAC1C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,CAAC,kBAAkB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAA;QAChF,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,2EAA2E;AAE3E,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,EAAE,GAAG,YAAY,EAAE,CAAA;QACzB,MAAM,MAAM,CACV,mBAAmB,CAAC,EAAE,EAAE,qBAAqB,EAAE,WAAW,CAAC,CAC5D,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAA;QAC1B,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;QAC3D,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAChE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,OAAO;oBACX,KAAK,EAAE,iBAAiB;oBACxB,IAAI,EAAE,KAAK;oBACX,QAAQ,EAAE,KAAK;oBACf,YAAY,EAAE,mBAAmB;iBAClC;aACF;SACF,CAAC,CAAA;QACF,MAAM,mBAAmB,CAAC,EAAE,EAAE,iBAAiB,EAAE,WAAW,CAAC,CAAA;QAC7D,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;QAC3D,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAChE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACrF,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,eAAe;oBACtB,IAAI,EAAE,GAAG;oBACT,QAAQ,EAAE,IAAI;oBACd,YAAY,EAAE,mBAAmB;iBAClC;aACF;SACF,CAAC,CAAA;QACF,MAAM,mBAAmB,CAAC,EAAE,EAAE,eAAe,EAAE,WAAW,CAAC,CAAA;QAC3D,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,oBAAoB,CAAC;YAC5D,KAAK,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE;YACtC,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;SACnC,CAAC,CAAA;QACF,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,CAAA;QAC3D,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,oBAAoB,EAAE,CAAA;QAE9D,MAAM,WAAW,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAE,CAAA;QACjC,8CAA8C;QAC9C,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;QACvD,4CAA4C;QAC5C,MAAM,KAAK,GAAG,WAAW,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAC1D,MAAM,CAAC,KAAK,CAAC,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;QAC7C,MAAM,CAAC,KAAK,CAAC,CAAC,mBAAmB,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,GAAG,KAAK,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,eAAe;oBACtB,IAAI,EAAE,GAAG;oBACT,QAAQ,EAAE,IAAI;oBACd,YAAY,EAAE,IAAI;iBACnB;aACF;SACF,CAAC,CAAA;QACF,MAAM,mBAAmB,CAAC,EAAE,EAAE,iBAAiB,EAAE,WAAW,CAAC,CAAA;QAC7D,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAE,CAAA;QAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QAC/D,MAAM,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAA;QAChC,MAAM,CAAC,SAAS,CAAC,UAAW,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,SAAS,CAAC,CAAA;IAC9D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,eAAe;oBACtB,IAAI,EAAE,GAAG;oBACT,QAAQ,EAAE,IAAI;oBACd,YAAY,EAAE,IAAI;iBACnB;aACF;SACF,CAAC,CAAA;QACF,MAAM,mBAAmB,CAAC,EAAE,EAAE,kBAAkB,EAAE,WAAW,CAAC,CAAA;QAC9D,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,CAAA;IAC7D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,GAAG,YAAY,EAAE,CAAA;QACzB,MAAM,mBAAmB,CAAC,EAAE,EAAE,KAAK,EAAE,WAAW,CAAC,CAAA;QACjD,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAClD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,eAAe;oBACtB,IAAI,EAAE,GAAG;oBACT,QAAQ,EAAE,IAAI;oBACd,YAAY,EAAE,IAAI;iBACnB;aACF;SACF,CAAC,CAAA;QACF,MAAM,mBAAmB,CAAC,EAAE,EAAE,eAAe,EAAE,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAA;QAC5E,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,CAAA;QAC3D,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAChE,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,2EAA2E;AAE3E,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,SAAS,eAAe,CACtB,OAII,EAAE;QAEN,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QAC1B,MAAM,EAAE,GAAG,YAAY,CAAC;YACtB,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,eAAe;oBACtB,IAAI,EAAE,GAAG;oBACT,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI;oBAC/B,YAAY,EAAE,IAAI;iBACnB;aACF;YACD,QAAQ,EAAE;gBACR,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE;gBAClD,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE;aAClD;SACF,CAAC,CAAA;QACF,MAAM,CAAC,GAAmB;YACxB,EAAE,EAAE,MAAM;YACV,MAAM,EAAE,KAAK;YACb,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;YAClE,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,IAAI;YAC3B,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAE;SACnB,CAAA;QACD,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,CAAA;IACpB,CAAC;IAED,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,MAAM,EAAE,EAAE,EAAE,GAAG,eAAe,EAAE,CAAA;QAChC,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,EAAE,EAAE,6BAA6B,EAAE,cAAc,CAAC,CAAA;QAC5F,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAClC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAA;QAC3D,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAC/C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QACxC,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,eAAe,CAAC;YAClC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;SAC5C,CAAC,CAAA;QACF,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,EAAE,EAAE,GAAG,EAAE,cAAc,CAAC,CAAA;QAClE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAClC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;QACxC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAC/C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,eAAe,CAAC,EAAE,MAAM,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC,CAAA;QAC5E,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,EAAE,EAAE,GAAG,EAAE,cAAc,CAAC,CAAA;QAClE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAClC,0EAA0E;QAC1E,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAA;IAC7D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,eAAe,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAA;QACxD,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,EAAE,EAAE,GAAG,EAAE,cAAc,CAAC,CAAA;QAClE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAClC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;IAC9C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,eAAe,EAAE,CAAA;QACrC,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;QAC/D,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAEpC,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,EAAE,EAAE,GAAG,EAAE,qBAAqB,CAAC,CAAA;QAC1E,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAEnC,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,EAAE,EAAE,GAAG,EAAE,iBAAiB,CAAC,CAAA;QACvE,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACtC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iFAAiF,EAAE,KAAK,IAAI,EAAE;QAC/F,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,eAAe,EAAE,CAAA;QACrC,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,EAAE,EAAE,GAAG,EAAE,qBAAqB,CAAC,CAAA;QACzE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACjC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,oBAAoB,EAAE,CAAA;QAE9C,+BAA+B;QAC/B,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAE,CAAA;QACzB,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,UAAU,EAAE,CAAA;QACtC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;QAC7C,4DAA4D;QAC5D,MAAM,CAAC,MAAM,cAAc,CAAC,qBAAqB,EAAE,IAAI,CAAC,YAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAClF,oEAAoE;QACpE,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAE,CAAA;QACvB,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;QACrC,sCAAsC;QACtC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACnE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,eAAe,EAAE,CAAA;QACrC,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,EAAE,EAAE,GAAG,EAAE,qBAAqB,CAAC,CAAA;QACxE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAChC,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,EAAE,EAAE,GAAG,EAAE,sBAAsB,CAAC,CAAA;QAC1E,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAClC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAA;IAC7D,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { describe, it, expect } from 'vitest';
|
|
2
|
-
import
|
|
2
|
+
import * as jose from 'jose';
|
|
3
|
+
import { createSession, verifySession, refreshSession, InvalidSessionPayloadError, } from '../../auth/session.js';
|
|
3
4
|
const TEST_SECRET = 'a-secret-key-that-is-at-least-32-chars-long!!';
|
|
4
5
|
const TEST_PAYLOAD = {
|
|
5
6
|
userId: 'user_001',
|
|
@@ -47,6 +48,58 @@ describe('verifySession', () => {
|
|
|
47
48
|
await expect(verifySession(tampered, { secret: TEST_SECRET })).rejects.toThrow();
|
|
48
49
|
});
|
|
49
50
|
});
|
|
51
|
+
describe('verifySession payload validation', () => {
|
|
52
|
+
// Forge a JWT signed with the right secret but with a malformed payload.
|
|
53
|
+
// jose.jwtVerify accepts these; assertSessionPayload is the line of defense.
|
|
54
|
+
async function forgeJWT(payload) {
|
|
55
|
+
const secret = new TextEncoder().encode(TEST_SECRET);
|
|
56
|
+
return new jose.SignJWT(payload)
|
|
57
|
+
.setProtectedHeader({ alg: 'HS256' })
|
|
58
|
+
.setIssuedAt()
|
|
59
|
+
.setExpirationTime('1h')
|
|
60
|
+
.setIssuer('actuate-cms')
|
|
61
|
+
.setAudience('actuate-cms')
|
|
62
|
+
.sign(secret);
|
|
63
|
+
}
|
|
64
|
+
it('rejects payload missing userId', async () => {
|
|
65
|
+
const token = await forgeJWT({ role: 'admin', sessionId: 'sess1' });
|
|
66
|
+
await expect(verifySession(token, { secret: TEST_SECRET })).rejects.toBeInstanceOf(InvalidSessionPayloadError);
|
|
67
|
+
});
|
|
68
|
+
it('rejects payload missing role', async () => {
|
|
69
|
+
const token = await forgeJWT({ userId: 'u1', sessionId: 'sess1' });
|
|
70
|
+
await expect(verifySession(token, { secret: TEST_SECRET })).rejects.toBeInstanceOf(InvalidSessionPayloadError);
|
|
71
|
+
});
|
|
72
|
+
it('rejects payload missing sessionId', async () => {
|
|
73
|
+
const token = await forgeJWT({ userId: 'u1', role: 'admin' });
|
|
74
|
+
await expect(verifySession(token, { secret: TEST_SECRET })).rejects.toBeInstanceOf(InvalidSessionPayloadError);
|
|
75
|
+
});
|
|
76
|
+
it('rejects empty-string userId', async () => {
|
|
77
|
+
const token = await forgeJWT({ userId: '', role: 'admin', sessionId: 'sess1' });
|
|
78
|
+
await expect(verifySession(token, { secret: TEST_SECRET })).rejects.toBeInstanceOf(InvalidSessionPayloadError);
|
|
79
|
+
});
|
|
80
|
+
it('rejects non-string fingerprint when present', async () => {
|
|
81
|
+
const token = await forgeJWT({
|
|
82
|
+
userId: 'u1',
|
|
83
|
+
role: 'admin',
|
|
84
|
+
sessionId: 'sess1',
|
|
85
|
+
fingerprint: 12345,
|
|
86
|
+
});
|
|
87
|
+
await expect(verifySession(token, { secret: TEST_SECRET })).rejects.toBeInstanceOf(InvalidSessionPayloadError);
|
|
88
|
+
});
|
|
89
|
+
it('strips extra attacker-supplied claims from the returned payload', async () => {
|
|
90
|
+
const token = await forgeJWT({
|
|
91
|
+
userId: 'u1',
|
|
92
|
+
role: 'CLIENT',
|
|
93
|
+
sessionId: 'sess1',
|
|
94
|
+
isSuperUser: true,
|
|
95
|
+
injectedField: 'pwn',
|
|
96
|
+
});
|
|
97
|
+
const decoded = await verifySession(token, { secret: TEST_SECRET });
|
|
98
|
+
expect(Object.keys(decoded).sort()).toEqual(['role', 'sessionId', 'userId']);
|
|
99
|
+
expect(decoded.isSuperUser).toBeUndefined();
|
|
100
|
+
expect(decoded.injectedField).toBeUndefined();
|
|
101
|
+
});
|
|
102
|
+
});
|
|
50
103
|
describe('refreshSession', () => {
|
|
51
104
|
it('returns a new valid token with the same payload', async () => {
|
|
52
105
|
const original = await createSession(TEST_PAYLOAD, {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.test.js","sourceRoot":"","sources":["../../../src/__tests__/auth/session.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,
|
|
1
|
+
{"version":3,"file":"session.test.js","sourceRoot":"","sources":["../../../src/__tests__/auth/session.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,EACL,aAAa,EACb,aAAa,EACb,cAAc,EACd,0BAA0B,GAC3B,MAAM,uBAAuB,CAAA;AAE9B,MAAM,WAAW,GAAG,+CAA+C,CAAA;AAEnE,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,UAAU;IAClB,IAAI,EAAE,OAAO;IACb,SAAS,EAAE,aAAa;CACzB,CAAA;AAED,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACxE,MAAM,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IAC/B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACxE,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACnE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAChD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;IACxD,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACxE,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACnE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAClC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;IAC/C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;QACvC,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE;YAC9C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,CAAC;SACV,CAAC,CAAA;QAEF,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAA;QAEzD,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IAC/E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QACxC,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QAExE,MAAM,MAAM,CACV,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC,CACzE,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IACrB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QACxC,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACxE,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,OAAO,CAAA;QAE7C,MAAM,MAAM,CAAC,aAAa,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IAClF,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;IAChD,yEAAyE;IACzE,6EAA6E;IAC7E,KAAK,UAAU,QAAQ,CAAC,OAAgC;QACtD,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QACpD,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;aAC7B,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC;aACvB,SAAS,CAAC,aAAa,CAAC;aACxB,WAAW,CAAC,aAAa,CAAC;aAC1B,IAAI,CAAC,MAAM,CAAC,CAAA;IACjB,CAAC;IAED,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAA;QACnE,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAChF,0BAA0B,CAC3B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAA;QAClE,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAChF,0BAA0B,CAC3B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;QAC7D,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAChF,0BAA0B,CAC3B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QAC3C,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAA;QAC/E,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAChF,0BAA0B,CAC3B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC;YAC3B,MAAM,EAAE,IAAI;YACZ,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,OAAO;YAClB,WAAW,EAAE,KAAK;SACnB,CAAC,CAAA;QACF,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAChF,0BAA0B,CAC3B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC;YAC3B,MAAM,EAAE,IAAI;YACZ,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,OAAO;YAClB,WAAW,EAAE,IAAI;YACjB,aAAa,EAAE,KAAK;SACrB,CAAC,CAAA;QACF,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACnE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC5E,MAAM,CAAE,OAA8C,CAAC,WAAW,CAAC,CAAC,aAAa,EAAE,CAAA;QACnF,MAAM,CAAE,OAA8C,CAAC,aAAa,CAAC,CAAC,aAAa,EAAE,CAAA;IACvF,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE;YACjD,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,EAAE;SACX,CAAC,CAAA;QAEF,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAA;QAEzD,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QAEzE,MAAM,CAAC,OAAO,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACvC,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAEpC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAA;QACvE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAChD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;IACxD,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cron.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/cron/cron.test.ts"],"names":[],"mappings":""}
|