@actuate-media/cms-core 0.36.0 → 0.37.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/api/security-routes.test.d.ts +2 -0
- package/dist/__tests__/api/security-routes.test.d.ts.map +1 -0
- package/dist/__tests__/api/security-routes.test.js +212 -0
- package/dist/__tests__/api/security-routes.test.js.map +1 -0
- package/dist/__tests__/security/center.test.d.ts +2 -0
- package/dist/__tests__/security/center.test.d.ts.map +1 -0
- package/dist/__tests__/security/center.test.js +226 -0
- package/dist/__tests__/security/center.test.js.map +1 -0
- package/dist/api/handlers.d.ts.map +1 -1
- package/dist/api/handlers.js +201 -4
- package/dist/api/handlers.js.map +1 -1
- package/dist/security/center/gather.d.ts +12 -0
- package/dist/security/center/gather.d.ts.map +1 -0
- package/dist/security/center/gather.js +185 -0
- package/dist/security/center/gather.js.map +1 -0
- package/dist/security/center/index.d.ts +13 -0
- package/dist/security/center/index.d.ts.map +1 -0
- package/dist/security/center/index.js +4 -0
- package/dist/security/center/index.js.map +1 -0
- package/dist/security/center/settings.d.ts +38 -0
- package/dist/security/center/settings.d.ts.map +1 -0
- package/dist/security/center/settings.js +121 -0
- package/dist/security/center/settings.js.map +1 -0
- package/dist/security/center/status.d.ts +10 -0
- package/dist/security/center/status.d.ts.map +1 -0
- package/dist/security/center/status.js +249 -0
- package/dist/security/center/status.js.map +1 -0
- package/dist/security/center/summaries.d.ts +21 -0
- package/dist/security/center/summaries.d.ts.map +1 -0
- package/dist/security/center/summaries.js +65 -0
- package/dist/security/center/summaries.js.map +1 -0
- package/dist/security/center/types.d.ts +127 -0
- package/dist/security/center/types.d.ts.map +1 -0
- package/dist/security/center/types.js +12 -0
- package/dist/security/center/types.js.map +1 -0
- package/package.json +6 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-routes.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/api/security-routes.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,212 @@
|
|
|
1
|
+
import { beforeEach, describe, expect, it } from 'vitest';
|
|
2
|
+
import { handleActuateAPI } from '../../api/index.js';
|
|
3
|
+
import { initDB } from '../../db.js';
|
|
4
|
+
import { generateApiKey } from '../../security/api-key-enhanced.js';
|
|
5
|
+
/**
|
|
6
|
+
* Contract tests for the Security Center endpoints:
|
|
7
|
+
* - GET /security → authed (admin), computed posture.
|
|
8
|
+
* - PUT /security → persists enforced policy, lockout-safe.
|
|
9
|
+
* - POST /security/sessions/revoke-all → revokes the caller's other sessions.
|
|
10
|
+
*
|
|
11
|
+
* Proves the response never leaks secret values, that lockout-safe MFA enabling
|
|
12
|
+
* is enforced server-side, and that policy round-trips through the settings global.
|
|
13
|
+
*/
|
|
14
|
+
const VALID_SECRET = 'a'.repeat(48);
|
|
15
|
+
function createMockDB(state, apiKey) {
|
|
16
|
+
const tx = {
|
|
17
|
+
document: {
|
|
18
|
+
update: async ({ data }) => {
|
|
19
|
+
state.settings = data.data;
|
|
20
|
+
return { id: 'settings-doc', data: state.settings };
|
|
21
|
+
},
|
|
22
|
+
create: async ({ data }) => {
|
|
23
|
+
state.settings = data.data;
|
|
24
|
+
return { id: 'settings-doc', data: state.settings };
|
|
25
|
+
},
|
|
26
|
+
},
|
|
27
|
+
version: { create: async () => ({ id: 'v1' }) },
|
|
28
|
+
};
|
|
29
|
+
return {
|
|
30
|
+
apiKey: {
|
|
31
|
+
findMany: async () => (apiKey ? [apiKey] : []),
|
|
32
|
+
findUnique: async ({ where }) => apiKey && apiKey.keyHash === where.keyHash ? apiKey : null,
|
|
33
|
+
update: async () => apiKey,
|
|
34
|
+
},
|
|
35
|
+
document: {
|
|
36
|
+
findFirst: async () => ({ id: 'settings-doc', data: state.settings }),
|
|
37
|
+
findMany: async () => [],
|
|
38
|
+
count: async () => 0,
|
|
39
|
+
},
|
|
40
|
+
version: { create: async () => ({ id: 'v1' }) },
|
|
41
|
+
user: {
|
|
42
|
+
findMany: async () => [
|
|
43
|
+
{ role: 'ADMIN', isActive: true, totpEnabled: state.viewerHasMfa },
|
|
44
|
+
{ role: 'EDITOR', isActive: true, totpEnabled: false },
|
|
45
|
+
],
|
|
46
|
+
findUnique: async () => ({ totpEnabled: state.viewerHasMfa }),
|
|
47
|
+
count: async () => 1,
|
|
48
|
+
},
|
|
49
|
+
session: {
|
|
50
|
+
findMany: async () => [],
|
|
51
|
+
count: async () => 2,
|
|
52
|
+
updateMany: async (args) => {
|
|
53
|
+
state.revokeAllArgs = args;
|
|
54
|
+
return { count: state.revokeAllResult };
|
|
55
|
+
},
|
|
56
|
+
},
|
|
57
|
+
auditLog: {
|
|
58
|
+
count: async () => 3,
|
|
59
|
+
create: async () => ({ id: 'log1' }),
|
|
60
|
+
},
|
|
61
|
+
$transaction: async (fn) => fn(tx),
|
|
62
|
+
};
|
|
63
|
+
}
|
|
64
|
+
async function makeKey(scopes) {
|
|
65
|
+
const { key, keyHash, keyPrefix } = await generateApiKey({ prefix: 'act_sk', scopes });
|
|
66
|
+
return {
|
|
67
|
+
key,
|
|
68
|
+
record: {
|
|
69
|
+
id: 'apikey-1',
|
|
70
|
+
keyHash,
|
|
71
|
+
keyPrefix,
|
|
72
|
+
userId: 'user-1',
|
|
73
|
+
scopes,
|
|
74
|
+
ipRestrictions: null,
|
|
75
|
+
expiresAt: null,
|
|
76
|
+
lastUsedAt: null,
|
|
77
|
+
revokedAt: null,
|
|
78
|
+
},
|
|
79
|
+
};
|
|
80
|
+
}
|
|
81
|
+
function freshState() {
|
|
82
|
+
return {
|
|
83
|
+
settings: { siteTitle: 'Actuate Media' },
|
|
84
|
+
viewerHasMfa: false,
|
|
85
|
+
revokeAllResult: 2,
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
beforeEach(() => {
|
|
89
|
+
delete globalThis.__actuateConfig;
|
|
90
|
+
process.env.CMS_SECRET = VALID_SECRET;
|
|
91
|
+
});
|
|
92
|
+
describe('GET /security', () => {
|
|
93
|
+
it('requires authentication', async () => {
|
|
94
|
+
const db = createMockDB(freshState());
|
|
95
|
+
initDB(db);
|
|
96
|
+
const handler = handleActuateAPI({ prismaClient: db, config: { collections: {} } });
|
|
97
|
+
const res = await handler(new Request('https://example.com/api/cms/security'));
|
|
98
|
+
expect(res.status).toBe(401);
|
|
99
|
+
});
|
|
100
|
+
it('rejects non-admin API keys', async () => {
|
|
101
|
+
const { key, record } = await makeKey({ media: true });
|
|
102
|
+
const db = createMockDB(freshState(), record);
|
|
103
|
+
initDB(db);
|
|
104
|
+
const handler = handleActuateAPI({ prismaClient: db, config: { collections: {} } });
|
|
105
|
+
const res = await handler(new Request('https://example.com/api/cms/security', {
|
|
106
|
+
headers: { Authorization: `Bearer ${key}` },
|
|
107
|
+
}));
|
|
108
|
+
expect(res.status).toBe(403);
|
|
109
|
+
});
|
|
110
|
+
it('returns computed posture + summaries and never leaks secret values', async () => {
|
|
111
|
+
const { key, record } = await makeKey({ admin: true });
|
|
112
|
+
const db = createMockDB(freshState(), record);
|
|
113
|
+
initDB(db);
|
|
114
|
+
const handler = handleActuateAPI({ prismaClient: db, config: { collections: {} } });
|
|
115
|
+
const res = await handler(new Request('https://example.com/api/cms/security', {
|
|
116
|
+
headers: { Authorization: `Bearer ${key}` },
|
|
117
|
+
}));
|
|
118
|
+
expect(res.status).toBe(200);
|
|
119
|
+
const body = (await res.json());
|
|
120
|
+
expect(body.data.status.status).toBeDefined();
|
|
121
|
+
expect(Array.isArray(body.data.status.checks)).toBe(true);
|
|
122
|
+
expect(body.data.users.totalAdmins).toBe(1);
|
|
123
|
+
expect(body.data.secrets.cmsSecret).toBe('pass');
|
|
124
|
+
expect(body.data.activeSessions).toBe(2);
|
|
125
|
+
expect(body.data.failedLogins24h).toBe(3);
|
|
126
|
+
// The raw secret value must never appear anywhere in the payload.
|
|
127
|
+
expect(JSON.stringify(body)).not.toContain(VALID_SECRET);
|
|
128
|
+
});
|
|
129
|
+
});
|
|
130
|
+
describe('PUT /security', () => {
|
|
131
|
+
it('persists the enforced policy and reflects it on read-back', async () => {
|
|
132
|
+
const { key, record } = await makeKey({ admin: true });
|
|
133
|
+
const state = freshState();
|
|
134
|
+
const db = createMockDB(state, record);
|
|
135
|
+
initDB(db);
|
|
136
|
+
const handler = handleActuateAPI({ prismaClient: db, config: { collections: {} } });
|
|
137
|
+
const res = await handler(new Request('https://example.com/api/cms/security', {
|
|
138
|
+
method: 'PUT',
|
|
139
|
+
headers: { Authorization: `Bearer ${key}`, 'Content-Type': 'application/json' },
|
|
140
|
+
body: JSON.stringify({
|
|
141
|
+
mfa: { required: false, gracePeriodDays: 14 },
|
|
142
|
+
session: { maxConcurrentSessions: 3 },
|
|
143
|
+
}),
|
|
144
|
+
}));
|
|
145
|
+
expect(res.status).toBe(200);
|
|
146
|
+
const body = (await res.json());
|
|
147
|
+
expect(body.data.settings.session.maxConcurrentSessions).toBe(3);
|
|
148
|
+
expect(body.data.settings.mfa.gracePeriodDays).toBe(14);
|
|
149
|
+
// Persisted into the settings global without clobbering siblings.
|
|
150
|
+
expect(state.settings.security.session.maxConcurrentSessions).toBe(3);
|
|
151
|
+
expect(state.settings.siteTitle).toBe('Actuate Media');
|
|
152
|
+
});
|
|
153
|
+
it('blocks enabling MFA when the acting admin has no MFA (lockout-safe)', async () => {
|
|
154
|
+
const { key, record } = await makeKey({ admin: true });
|
|
155
|
+
const state = freshState();
|
|
156
|
+
state.viewerHasMfa = false;
|
|
157
|
+
const db = createMockDB(state, record);
|
|
158
|
+
initDB(db);
|
|
159
|
+
const handler = handleActuateAPI({ prismaClient: db, config: { collections: {} } });
|
|
160
|
+
const res = await handler(new Request('https://example.com/api/cms/security', {
|
|
161
|
+
method: 'PUT',
|
|
162
|
+
headers: { Authorization: `Bearer ${key}`, 'Content-Type': 'application/json' },
|
|
163
|
+
body: JSON.stringify({
|
|
164
|
+
mfa: { required: true, gracePeriodDays: 7 },
|
|
165
|
+
session: { maxConcurrentSessions: 5 },
|
|
166
|
+
}),
|
|
167
|
+
}));
|
|
168
|
+
expect(res.status).toBe(409);
|
|
169
|
+
const body = (await res.json());
|
|
170
|
+
expect(body.code).toBe('MFA_LOCKOUT_RISK');
|
|
171
|
+
// Nothing should have been persisted.
|
|
172
|
+
expect(state.settings.security).toBeUndefined();
|
|
173
|
+
});
|
|
174
|
+
it('allows enabling MFA when the acting admin has MFA', async () => {
|
|
175
|
+
const { key, record } = await makeKey({ admin: true });
|
|
176
|
+
const state = freshState();
|
|
177
|
+
state.viewerHasMfa = true;
|
|
178
|
+
const db = createMockDB(state, record);
|
|
179
|
+
initDB(db);
|
|
180
|
+
const handler = handleActuateAPI({ prismaClient: db, config: { collections: {} } });
|
|
181
|
+
const res = await handler(new Request('https://example.com/api/cms/security', {
|
|
182
|
+
method: 'PUT',
|
|
183
|
+
headers: { Authorization: `Bearer ${key}`, 'Content-Type': 'application/json' },
|
|
184
|
+
body: JSON.stringify({
|
|
185
|
+
mfa: { required: true, gracePeriodDays: 7 },
|
|
186
|
+
session: { maxConcurrentSessions: 5 },
|
|
187
|
+
}),
|
|
188
|
+
}));
|
|
189
|
+
expect(res.status).toBe(200);
|
|
190
|
+
expect(state.settings.security.mfa.required).toBe(true);
|
|
191
|
+
expect(typeof state.settings.security.mfa.requiredAt).toBe('string');
|
|
192
|
+
});
|
|
193
|
+
});
|
|
194
|
+
describe('POST /security/sessions/revoke-all', () => {
|
|
195
|
+
it("revokes the caller's other sessions and returns the count", async () => {
|
|
196
|
+
const { key, record } = await makeKey({ admin: true });
|
|
197
|
+
const state = freshState();
|
|
198
|
+
const db = createMockDB(state, record);
|
|
199
|
+
initDB(db);
|
|
200
|
+
const handler = handleActuateAPI({ prismaClient: db, config: { collections: {} } });
|
|
201
|
+
const res = await handler(new Request('https://example.com/api/cms/security/sessions/revoke-all', {
|
|
202
|
+
method: 'POST',
|
|
203
|
+
headers: { Authorization: `Bearer ${key}` },
|
|
204
|
+
}));
|
|
205
|
+
expect(res.status).toBe(200);
|
|
206
|
+
const body = (await res.json());
|
|
207
|
+
expect(body.data.revoked).toBe(2);
|
|
208
|
+
// Excludes the current session id.
|
|
209
|
+
expect(state.revokeAllArgs?.where?.id?.not).toBe('apikey-1');
|
|
210
|
+
});
|
|
211
|
+
});
|
|
212
|
+
//# sourceMappingURL=security-routes.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-routes.test.js","sourceRoot":"","sources":["../../../src/__tests__/api/security-routes.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAA;AAEzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAA;AAGnE;;;;;;;;GAQG;AACH,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;AAqBnC,SAAS,YAAY,CAAC,KAAgB,EAAE,MAAyB;IAC/D,MAAM,EAAE,GAAG;QACT,QAAQ,EAAE;YACR,MAAM,EAAE,KAAK,EAAE,EAAE,IAAI,EAA+C,EAAE,EAAE;gBACtE,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAA;gBAC1B,OAAO,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAA;YACrD,CAAC;YACD,MAAM,EAAE,KAAK,EAAE,EAAE,IAAI,EAA+C,EAAE,EAAE;gBACtE,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAA;gBAC1B,OAAO,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAA;YACrD,CAAC;SACF;QACD,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;KAChD,CAAA;IACD,OAAO;QACL,MAAM,EAAE;YACN,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9C,UAAU,EAAE,KAAK,EAAE,EAAE,KAAK,EAAkC,EAAE,EAAE,CAC9D,MAAM,IAAI,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;YAC5D,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC,MAAM;SAC3B;QACD,QAAQ,EAAE;YACR,SAAS,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC;YACrE,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;YACxB,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;SACrB;QACD,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;QAC/C,IAAI,EAAE;YACJ,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC;gBACpB,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,CAAC,YAAY,EAAE;gBAClE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE;aACvD;YACD,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC;YAC7D,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;SACrB;QACD,OAAO,EAAE;YACP,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;YACxB,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;YACpB,UAAU,EAAE,KAAK,EAAE,IAA2C,EAAE,EAAE;gBAChE,KAAK,CAAC,aAAa,GAAG,IAAI,CAAA;gBAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,eAAe,EAAE,CAAA;YACzC,CAAC;SACF;QACD,QAAQ,EAAE;YACR,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;YACpB,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;SACrC;QACD,YAAY,EAAE,KAAK,EAAE,EAAsC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;KAChE,CAAA;AACV,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,MAAmB;IACxC,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,MAAM,cAAc,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;IACtF,OAAO;QACL,GAAG;QACH,MAAM,EAAE;YACN,EAAE,EAAE,UAAU;YACd,OAAO;YACP,SAAS;YACT,MAAM,EAAE,QAAQ;YAChB,MAAM;YACN,cAAc,EAAE,IAAI;YACpB,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,IAAI;YAChB,SAAS,EAAE,IAAI;SAChB;KACF,CAAA;AACH,CAAC;AAED,SAAS,UAAU;IACjB,OAAO;QACL,QAAQ,EAAE,EAAE,SAAS,EAAE,eAAe,EAAE;QACxC,YAAY,EAAE,KAAK;QACnB,eAAe,EAAE,CAAC;KACnB,CAAA;AACH,CAAC;AAED,UAAU,CAAC,GAAG,EAAE;IACd,OAAQ,UAAkB,CAAC,eAAe,CAAA;IAC1C,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,YAAY,CAAA;AACvC,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;QACvC,MAAM,EAAE,GAAG,YAAY,CAAC,UAAU,EAAE,CAAC,CAAA;QACrC,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAA;QACnF,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,sCAAsC,CAAC,CAAC,CAAA;QAC9E,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC9B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACtD,MAAM,EAAE,GAAG,YAAY,CAAC,UAAU,EAAE,EAAE,MAAM,CAAC,CAAA;QAC7C,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAA;QACnF,MAAM,GAAG,GAAG,MAAM,OAAO,CACvB,IAAI,OAAO,CAAC,sCAAsC,EAAE;YAClD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE;SAC5C,CAAC,CACH,CAAA;QACD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC9B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACtD,MAAM,EAAE,GAAG,YAAY,CAAC,UAAU,EAAE,EAAE,MAAM,CAAC,CAAA;QAC7C,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAA;QACnF,MAAM,GAAG,GAAG,MAAM,OAAO,CACvB,IAAI,OAAO,CAAC,sCAAsC,EAAE;YAClD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE;SAC5C,CAAC,CACH,CAAA;QACD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAQ,CAAA;QAEtC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAA;QAC7C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAC3C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAChD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACxC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACzC,kEAAkE;QAClE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;IAC1D,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACtD,MAAM,KAAK,GAAG,UAAU,EAAE,CAAA;QAC1B,MAAM,EAAE,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QACtC,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAA;QAEnF,MAAM,GAAG,GAAG,MAAM,OAAO,CACvB,IAAI,OAAO,CAAC,sCAAsC,EAAE;YAClD,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,GAAG,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,EAAE,EAAE;gBAC7C,OAAO,EAAE,EAAE,qBAAqB,EAAE,CAAC,EAAE;aACtC,CAAC;SACH,CAAC,CACH,CAAA;QACD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAQ,CAAA;QACtC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAChE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACvD,kEAAkE;QAClE,MAAM,CAAE,KAAK,CAAC,QAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAC9E,MAAM,CAAE,KAAK,CAAC,QAAgB,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IACjE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACtD,MAAM,KAAK,GAAG,UAAU,EAAE,CAAA;QAC1B,KAAK,CAAC,YAAY,GAAG,KAAK,CAAA;QAC1B,MAAM,EAAE,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QACtC,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAA;QAEnF,MAAM,GAAG,GAAG,MAAM,OAAO,CACvB,IAAI,OAAO,CAAC,sCAAsC,EAAE;YAClD,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,GAAG,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,EAAE;gBAC3C,OAAO,EAAE,EAAE,qBAAqB,EAAE,CAAC,EAAE;aACtC,CAAC;SACH,CAAC,CACH,CAAA;QACD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAQ,CAAA;QACtC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAC1C,sCAAsC;QACtC,MAAM,CAAE,KAAK,CAAC,QAAgB,CAAC,QAAQ,CAAC,CAAC,aAAa,EAAE,CAAA;IAC1D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACtD,MAAM,KAAK,GAAG,UAAU,EAAE,CAAA;QAC1B,KAAK,CAAC,YAAY,GAAG,IAAI,CAAA;QACzB,MAAM,EAAE,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QACtC,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAA;QAEnF,MAAM,GAAG,GAAG,MAAM,OAAO,CACvB,IAAI,OAAO,CAAC,sCAAsC,EAAE;YAClD,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,GAAG,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,EAAE;gBAC3C,OAAO,EAAE,EAAE,qBAAqB,EAAE,CAAC,EAAE;aACtC,CAAC;SACH,CAAC,CACH,CAAA;QACD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,CAAE,KAAK,CAAC,QAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAChE,MAAM,CAAC,OAAQ,KAAK,CAAC,QAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IAC/E,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACtD,MAAM,KAAK,GAAG,UAAU,EAAE,CAAA;QAC1B,MAAM,EAAE,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QACtC,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAA;QAEnF,MAAM,GAAG,GAAG,MAAM,OAAO,CACvB,IAAI,OAAO,CAAC,0DAA0D,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE;SAC5C,CAAC,CACH,CAAA;QACD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAQ,CAAA;QACtC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjC,mCAAmC;QACnC,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAC9D,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"center.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/security/center.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,226 @@
|
|
|
1
|
+
import { describe, expect, it } from 'vitest';
|
|
2
|
+
import { DEFAULT_SECURITY_SETTINGS, computeSecurityStatus, mfaEnableLockoutError, parseSecuritySettings, summarizeApiKeys, summarizeUsers, validateIpRange, validateSecuritySettings, } from '../../security/center/index.js';
|
|
3
|
+
function baseInput(overrides = {}) {
|
|
4
|
+
return {
|
|
5
|
+
isProduction: true,
|
|
6
|
+
settings: {
|
|
7
|
+
mfa: { required: true, gracePeriodDays: 7 },
|
|
8
|
+
session: { maxConcurrentSessions: 5 },
|
|
9
|
+
},
|
|
10
|
+
users: {
|
|
11
|
+
totalUsers: 3,
|
|
12
|
+
totalAdmins: 2,
|
|
13
|
+
withMfa: 2,
|
|
14
|
+
withoutMfa: 1,
|
|
15
|
+
adminsWithoutMfa: 0,
|
|
16
|
+
inactive: 0,
|
|
17
|
+
},
|
|
18
|
+
apiKeys: { active: 1, withoutExpiration: 0, broadScope: 0, staleUnused90d: 0 },
|
|
19
|
+
secrets: {
|
|
20
|
+
cmsSecret: 'pass',
|
|
21
|
+
encryptionKey: 'pass',
|
|
22
|
+
rateLimitBackend: 'distributed',
|
|
23
|
+
apiKeysHashed: true,
|
|
24
|
+
webhookSecretsEncrypted: true,
|
|
25
|
+
},
|
|
26
|
+
ipAllowlist: {
|
|
27
|
+
enabled: false,
|
|
28
|
+
source: 'none',
|
|
29
|
+
ranges: [],
|
|
30
|
+
currentIp: '1.2.3.4',
|
|
31
|
+
currentIpAllowed: null,
|
|
32
|
+
},
|
|
33
|
+
failedLogins24h: 0,
|
|
34
|
+
activeSessions: 1,
|
|
35
|
+
csrfEnabled: true,
|
|
36
|
+
uploadValidation: true,
|
|
37
|
+
auditEnabled: true,
|
|
38
|
+
...overrides,
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
describe('computeSecurityStatus', () => {
|
|
42
|
+
it('reports secure when all controls pass', () => {
|
|
43
|
+
const status = computeSecurityStatus(baseInput());
|
|
44
|
+
expect(status.status).toBe('secure');
|
|
45
|
+
expect(status.score).toBe(100);
|
|
46
|
+
expect(status.warnings).toHaveLength(0);
|
|
47
|
+
// Every advertised check is present.
|
|
48
|
+
const keys = status.checks.map((c) => c.key);
|
|
49
|
+
expect(keys).toEqual(expect.arrayContaining([
|
|
50
|
+
'mfa',
|
|
51
|
+
'sessions',
|
|
52
|
+
'api_keys',
|
|
53
|
+
'csrf',
|
|
54
|
+
'rate_limit',
|
|
55
|
+
'cms_secret',
|
|
56
|
+
'audit',
|
|
57
|
+
]));
|
|
58
|
+
});
|
|
59
|
+
it('is at_risk when CSRF is disabled', () => {
|
|
60
|
+
const status = computeSecurityStatus(baseInput({ csrfEnabled: false }));
|
|
61
|
+
expect(status.status).toBe('at_risk');
|
|
62
|
+
expect(status.warnings.some((w) => w.id === 'csrf-disabled' && w.severity === 'critical')).toBe(true);
|
|
63
|
+
expect(status.score).toBeLessThan(100);
|
|
64
|
+
});
|
|
65
|
+
it('is at_risk when MFA is required but an admin has not enrolled', () => {
|
|
66
|
+
const status = computeSecurityStatus(baseInput({
|
|
67
|
+
users: {
|
|
68
|
+
totalUsers: 3,
|
|
69
|
+
totalAdmins: 2,
|
|
70
|
+
withMfa: 1,
|
|
71
|
+
withoutMfa: 1,
|
|
72
|
+
adminsWithoutMfa: 1,
|
|
73
|
+
inactive: 0,
|
|
74
|
+
},
|
|
75
|
+
}));
|
|
76
|
+
expect(status.status).toBe('at_risk');
|
|
77
|
+
expect(status.warnings.some((w) => w.id === 'mfa-required-gap')).toBe(true);
|
|
78
|
+
const mfaCheck = status.checks.find((c) => c.key === 'mfa');
|
|
79
|
+
expect(mfaCheck?.status).toBe('fail');
|
|
80
|
+
});
|
|
81
|
+
it('is at_risk in production when CMS_SECRET is missing', () => {
|
|
82
|
+
const status = computeSecurityStatus(baseInput({ secrets: { ...baseInput().secrets, cmsSecret: 'fail' } }));
|
|
83
|
+
expect(status.status).toBe('at_risk');
|
|
84
|
+
expect(status.warnings.some((w) => w.id === 'cms-secret-missing')).toBe(true);
|
|
85
|
+
});
|
|
86
|
+
it('needs_attention when MFA is not required in production', () => {
|
|
87
|
+
const status = computeSecurityStatus(baseInput({
|
|
88
|
+
settings: {
|
|
89
|
+
mfa: { required: false, gracePeriodDays: 7 },
|
|
90
|
+
session: { maxConcurrentSessions: 5 },
|
|
91
|
+
},
|
|
92
|
+
}));
|
|
93
|
+
expect(status.status).toBe('needs_attention');
|
|
94
|
+
expect(status.warnings.some((w) => w.id === 'mfa-not-required')).toBe(true);
|
|
95
|
+
});
|
|
96
|
+
it('warns (not critical) about in-memory rate limiting in production', () => {
|
|
97
|
+
const status = computeSecurityStatus(baseInput({ secrets: { ...baseInput().secrets, rateLimitBackend: 'in_memory' } }));
|
|
98
|
+
expect(status.status).toBe('needs_attention');
|
|
99
|
+
expect(status.warnings.some((w) => w.id === 'rate-limit-in-memory')).toBe(true);
|
|
100
|
+
});
|
|
101
|
+
it('is unknown when secret state cannot be determined', () => {
|
|
102
|
+
const status = computeSecurityStatus(baseInput({ secrets: { ...baseInput().secrets, cmsSecret: 'unknown' } }));
|
|
103
|
+
expect(status.status).toBe('unknown');
|
|
104
|
+
});
|
|
105
|
+
it('flags broad-scope API keys as a failing check', () => {
|
|
106
|
+
const status = computeSecurityStatus(baseInput({ apiKeys: { active: 2, withoutExpiration: 0, broadScope: 1, staleUnused90d: 0 } }));
|
|
107
|
+
expect(status.checks.find((c) => c.key === 'api_keys')?.status).toBe('fail');
|
|
108
|
+
expect(status.warnings.some((w) => w.id === 'api-keys-broad')).toBe(true);
|
|
109
|
+
});
|
|
110
|
+
});
|
|
111
|
+
describe('validateSecuritySettings', () => {
|
|
112
|
+
it('accepts valid settings', () => {
|
|
113
|
+
expect(validateSecuritySettings(DEFAULT_SECURITY_SETTINGS)).toEqual([]);
|
|
114
|
+
});
|
|
115
|
+
it('rejects an out-of-range grace period', () => {
|
|
116
|
+
const issues = validateSecuritySettings({
|
|
117
|
+
mfa: { required: true, gracePeriodDays: 999 },
|
|
118
|
+
session: { maxConcurrentSessions: 5 },
|
|
119
|
+
});
|
|
120
|
+
expect(issues.some((i) => i.field === 'mfaGracePeriodDays' && i.severity === 'error')).toBe(true);
|
|
121
|
+
});
|
|
122
|
+
it('rejects an out-of-range concurrent session cap', () => {
|
|
123
|
+
const issues = validateSecuritySettings({
|
|
124
|
+
mfa: { required: false, gracePeriodDays: 0 },
|
|
125
|
+
session: { maxConcurrentSessions: -1 },
|
|
126
|
+
});
|
|
127
|
+
expect(issues.some((i) => i.field === 'maxConcurrentSessions')).toBe(true);
|
|
128
|
+
});
|
|
129
|
+
});
|
|
130
|
+
describe('parseSecuritySettings', () => {
|
|
131
|
+
it('returns defaults for an empty blob', () => {
|
|
132
|
+
expect(parseSecuritySettings({})).toEqual(DEFAULT_SECURITY_SETTINGS);
|
|
133
|
+
});
|
|
134
|
+
it('coerces and clamps values', () => {
|
|
135
|
+
const parsed = parseSecuritySettings({
|
|
136
|
+
security: {
|
|
137
|
+
mfa: { required: 'yes', gracePeriodDays: 9999 },
|
|
138
|
+
session: { maxConcurrentSessions: -5 },
|
|
139
|
+
},
|
|
140
|
+
});
|
|
141
|
+
expect(parsed.mfa.required).toBe(true);
|
|
142
|
+
expect(parsed.mfa.gracePeriodDays).toBe(365);
|
|
143
|
+
expect(parsed.session.maxConcurrentSessions).toBe(0);
|
|
144
|
+
});
|
|
145
|
+
it('preserves requiredAt when present', () => {
|
|
146
|
+
const parsed = parseSecuritySettings({
|
|
147
|
+
security: {
|
|
148
|
+
mfa: { required: true, gracePeriodDays: 1, requiredAt: '2026-01-01T00:00:00.000Z' },
|
|
149
|
+
},
|
|
150
|
+
});
|
|
151
|
+
expect(parsed.mfa.requiredAt).toBe('2026-01-01T00:00:00.000Z');
|
|
152
|
+
});
|
|
153
|
+
});
|
|
154
|
+
describe('validateIpRange', () => {
|
|
155
|
+
it.each([
|
|
156
|
+
'192.168.1.1',
|
|
157
|
+
'10.0.0.0/8',
|
|
158
|
+
'172.16.0.0/12',
|
|
159
|
+
'0.0.0.0/0',
|
|
160
|
+
'2001:db8::1',
|
|
161
|
+
'2001:db8::/32',
|
|
162
|
+
'::1',
|
|
163
|
+
])('accepts %s', (entry) => {
|
|
164
|
+
expect(validateIpRange(entry)).toBe(true);
|
|
165
|
+
});
|
|
166
|
+
it.each(['', 'not-an-ip', '999.1.1.1', '10.0.0.0/33', '1.2.3.4/abc', '2001:db8::/129', '1.2.3'])('rejects %s', (entry) => {
|
|
167
|
+
expect(validateIpRange(entry)).toBe(false);
|
|
168
|
+
});
|
|
169
|
+
});
|
|
170
|
+
describe('mfaEnableLockoutError', () => {
|
|
171
|
+
it('blocks enabling MFA when the acting admin has no MFA', () => {
|
|
172
|
+
expect(mfaEnableLockoutError({ enabling: true, viewerHasMfa: false, totalAdmins: 1 })).toMatch(/lock yourself out/i);
|
|
173
|
+
});
|
|
174
|
+
it('allows enabling when the acting admin has MFA', () => {
|
|
175
|
+
expect(mfaEnableLockoutError({ enabling: true, viewerHasMfa: true, totalAdmins: 1 })).toBeNull();
|
|
176
|
+
});
|
|
177
|
+
it('never blocks when not enabling', () => {
|
|
178
|
+
expect(mfaEnableLockoutError({ enabling: false, viewerHasMfa: false, totalAdmins: 3 })).toBeNull();
|
|
179
|
+
});
|
|
180
|
+
});
|
|
181
|
+
describe('summarizeUsers', () => {
|
|
182
|
+
it('counts admin MFA coverage and inactive accounts', () => {
|
|
183
|
+
const summary = summarizeUsers([
|
|
184
|
+
{ role: 'ADMIN', isActive: true, totpEnabled: true },
|
|
185
|
+
{ role: 'ADMIN', isActive: true, totpEnabled: false },
|
|
186
|
+
{ role: 'EDITOR', isActive: true, totpEnabled: false },
|
|
187
|
+
{ role: 'ADMIN', isActive: false, totpEnabled: false },
|
|
188
|
+
]);
|
|
189
|
+
expect(summary.totalUsers).toBe(4);
|
|
190
|
+
expect(summary.totalAdmins).toBe(3);
|
|
191
|
+
expect(summary.withMfa).toBe(1);
|
|
192
|
+
expect(summary.adminsWithoutMfa).toBe(1); // inactive admin excluded
|
|
193
|
+
expect(summary.inactive).toBe(1);
|
|
194
|
+
});
|
|
195
|
+
});
|
|
196
|
+
describe('summarizeApiKeys', () => {
|
|
197
|
+
const now = Date.parse('2026-06-01T00:00:00.000Z');
|
|
198
|
+
it('classifies risk and excludes revoked/expired keys', () => {
|
|
199
|
+
const summary = summarizeApiKeys([
|
|
200
|
+
{ scopes: { admin: true }, expiresAt: null, lastUsedAt: null, revokedAt: null },
|
|
201
|
+
{
|
|
202
|
+
scopes: { media: true },
|
|
203
|
+
expiresAt: '2026-12-01T00:00:00.000Z',
|
|
204
|
+
lastUsedAt: '2026-01-01T00:00:00.000Z',
|
|
205
|
+
revokedAt: null,
|
|
206
|
+
},
|
|
207
|
+
{
|
|
208
|
+
scopes: { media: true },
|
|
209
|
+
expiresAt: '2020-01-01T00:00:00.000Z',
|
|
210
|
+
lastUsedAt: null,
|
|
211
|
+
revokedAt: null,
|
|
212
|
+
}, // expired
|
|
213
|
+
{
|
|
214
|
+
scopes: { admin: true },
|
|
215
|
+
expiresAt: null,
|
|
216
|
+
lastUsedAt: null,
|
|
217
|
+
revokedAt: '2026-01-01T00:00:00.000Z',
|
|
218
|
+
}, // revoked
|
|
219
|
+
], now);
|
|
220
|
+
expect(summary.active).toBe(2);
|
|
221
|
+
expect(summary.broadScope).toBe(1);
|
|
222
|
+
expect(summary.withoutExpiration).toBe(1);
|
|
223
|
+
expect(summary.staleUnused90d).toBe(1); // key 2 last used > 90d before `now`
|
|
224
|
+
});
|
|
225
|
+
});
|
|
226
|
+
//# sourceMappingURL=center.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"center.test.js","sourceRoot":"","sources":["../../../src/__tests__/security/center.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,EACL,yBAAyB,EACzB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,wBAAwB,GAEzB,MAAM,gCAAgC,CAAA;AAEvC,SAAS,SAAS,CAAC,YAA0C,EAAE;IAC7D,OAAO;QACL,YAAY,EAAE,IAAI;QAClB,QAAQ,EAAE;YACR,GAAG,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,EAAE;YAC3C,OAAO,EAAE,EAAE,qBAAqB,EAAE,CAAC,EAAE;SACtC;QACD,KAAK,EAAE;YACL,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,CAAC;YACd,OAAO,EAAE,CAAC;YACV,UAAU,EAAE,CAAC;YACb,gBAAgB,EAAE,CAAC;YACnB,QAAQ,EAAE,CAAC;SACZ;QACD,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,iBAAiB,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE;QAC9E,OAAO,EAAE;YACP,SAAS,EAAE,MAAM;YACjB,aAAa,EAAE,MAAM;YACrB,gBAAgB,EAAE,aAAa;YAC/B,aAAa,EAAE,IAAI;YACnB,uBAAuB,EAAE,IAAI;SAC9B;QACD,WAAW,EAAE;YACX,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,EAAE;YACV,SAAS,EAAE,SAAS;YACpB,gBAAgB,EAAE,IAAI;SACvB;QACD,eAAe,EAAE,CAAC;QAClB,cAAc,EAAE,CAAC;QACjB,WAAW,EAAE,IAAI;QACjB,gBAAgB,EAAE,IAAI;QACtB,YAAY,EAAE,IAAI;QAClB,GAAG,SAAS;KACb,CAAA;AACH,CAAC;AAED,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,MAAM,GAAG,qBAAqB,CAAC,SAAS,EAAE,CAAC,CAAA;QACjD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACpC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC9B,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QACvC,qCAAqC;QACrC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAC5C,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAClB,MAAM,CAAC,eAAe,CAAC;YACrB,KAAK;YACL,UAAU;YACV,UAAU;YACV,MAAM;YACN,YAAY;YACZ,YAAY;YACZ,OAAO;SACR,CAAC,CACH,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,MAAM,GAAG,qBAAqB,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,CAAC,CAAA;QACvE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACrC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAC7F,IAAI,CACL,CAAA;QACD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAA;IACxC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,MAAM,GAAG,qBAAqB,CAClC,SAAS,CAAC;YACR,KAAK,EAAE;gBACL,UAAU,EAAE,CAAC;gBACb,WAAW,EAAE,CAAC;gBACd,OAAO,EAAE,CAAC;gBACV,UAAU,EAAE,CAAC;gBACb,gBAAgB,EAAE,CAAC;gBACnB,QAAQ,EAAE,CAAC;aACZ;SACF,CAAC,CACH,CAAA;QACD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACrC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3E,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,CAAC,CAAA;QAC3D,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,MAAM,GAAG,qBAAqB,CAClC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,GAAG,SAAS,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,CAAC,CACtE,CAAA;QACD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACrC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC/E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,MAAM,GAAG,qBAAqB,CAClC,SAAS,CAAC;YACR,QAAQ,EAAE;gBACR,GAAG,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EAAE;gBAC5C,OAAO,EAAE,EAAE,qBAAqB,EAAE,CAAC,EAAE;aACtC;SACF,CAAC,CACH,CAAA;QACD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;QAC7C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC7E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;QAC1E,MAAM,MAAM,GAAG,qBAAqB,CAClC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,GAAG,SAAS,EAAE,CAAC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,EAAE,CAAC,CAClF,CAAA;QACD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;QAC7C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACjF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,MAAM,GAAG,qBAAqB,CAClC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,GAAG,SAAS,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,CAAC,CACzE,CAAA;QACD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,MAAM,GAAG,qBAAqB,CAClC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,iBAAiB,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,CAAC,CAC9F,CAAA;QACD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,UAAU,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC5E,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3E,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,CAAC,wBAAwB,CAAC,yBAAyB,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;IACzE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,GAAG,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,EAAE;YAC7C,OAAO,EAAE,EAAE,qBAAqB,EAAE,CAAC,EAAE;SACtC,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,oBAAoB,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CACzF,IAAI,CACL,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,MAAM,GAAG,wBAAwB,CAAC;YACtC,GAAG,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EAAE;YAC5C,OAAO,EAAE,EAAE,qBAAqB,EAAE,CAAC,CAAC,EAAE;SACvC,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC5E,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAA;IACtE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,MAAM,GAAG,qBAAqB,CAAC;YACnC,QAAQ,EAAE;gBACR,GAAG,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,EAAE;gBAC/C,OAAO,EAAE,EAAE,qBAAqB,EAAE,CAAC,CAAC,EAAE;aACvC;SACF,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACtC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,MAAM,GAAG,qBAAqB,CAAC;YACnC,QAAQ,EAAE;gBACR,GAAG,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,EAAE,UAAU,EAAE,0BAA0B,EAAE;aACpF;SACF,CAAC,CAAA;QACF,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAA;IAChE,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,IAAI,CAAC;QACN,aAAa;QACb,YAAY;QACZ,eAAe;QACf,WAAW;QACX,aAAa;QACb,eAAe;QACf,KAAK;KACN,CAAC,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,EAAE;QACzB,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAC9F,YAAY,EACZ,CAAC,KAAK,EAAE,EAAE;QACR,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC5C,CAAC,CACF,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,CAAC,qBAAqB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAC5F,oBAAoB,CACrB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,CAAC,qBAAqB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IAClG,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,CACJ,qBAAqB,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAChF,CAAC,QAAQ,EAAE,CAAA;IACd,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,OAAO,GAAG,cAAc,CAAC;YAC7B,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;YACpD,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE;YACrD,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE;YACtD,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE;SACvD,CAAC,CAAA;QACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAClC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACnC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAC/B,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA,CAAC,0BAA0B;QACnE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IAClC,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAElD,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,OAAO,GAAG,gBAAgB,CAC9B;YACE,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;YAC/E;gBACE,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;gBACvB,SAAS,EAAE,0BAA0B;gBACrC,UAAU,EAAE,0BAA0B;gBACtC,SAAS,EAAE,IAAI;aAChB;YACD;gBACE,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;gBACvB,SAAS,EAAE,0BAA0B;gBACrC,UAAU,EAAE,IAAI;gBAChB,SAAS,EAAE,IAAI;aAChB,EAAE,UAAU;YACb;gBACE,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;gBACvB,SAAS,EAAE,IAAI;gBACf,UAAU,EAAE,IAAI;gBAChB,SAAS,EAAE,0BAA0B;aACtC,EAAE,UAAU;SACd,EACD,GAAG,CACJ,CAAA;QACD,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAC9B,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAClC,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACzC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA,CAAC,qCAAqC;IAC9E,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/api/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AA+/B5C,iFAAiF;AACjF,wBAAgB,wBAAwB,IAAI,IAAI,CAE/C;AA8JD,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAS9E;
|
|
1
|
+
{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/api/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AA+/B5C,iFAAiF;AACjF,wBAAgB,wBAAwB,IAAI,IAAI,CAE/C;AA8JD,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAS9E;AAiTD,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA68UzD"}
|