@ainetwork/adk-provider-auth-google 0.3.2 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-AVLNEZZD.js → chunk-USWCQIUT.js} +3 -3
- package/dist/chunk-USWCQIUT.js.map +1 -0
- package/dist/implements/google.auth.cjs +1 -1
- package/dist/implements/google.auth.cjs.map +1 -1
- package/dist/implements/google.auth.d.cts +2 -2
- package/dist/implements/google.auth.d.ts +2 -2
- package/dist/implements/google.auth.js +1 -1
- package/dist/index.cjs +1 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +1 -1
- package/implements/google.auth.ts +2 -2
- package/package.json +3 -3
- package/dist/chunk-AVLNEZZD.js.map +0 -1
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
// implements/google.auth.ts
|
|
2
|
-
import {
|
|
2
|
+
import { AuthModule } from "@ainetwork/adk/modules";
|
|
3
3
|
import jwt from "jsonwebtoken";
|
|
4
4
|
import jwksClient from "jwks-rsa";
|
|
5
5
|
var GOOGLE_ISSUERS = [
|
|
6
6
|
"https://accounts.google.com",
|
|
7
7
|
"accounts.google.com"
|
|
8
8
|
];
|
|
9
|
-
var GoogleAuth = class extends
|
|
9
|
+
var GoogleAuth = class extends AuthModule {
|
|
10
10
|
constructor(config) {
|
|
11
11
|
super();
|
|
12
12
|
this.config = config;
|
|
@@ -143,4 +143,4 @@ var GoogleAuth = class extends BaseAuth {
|
|
|
143
143
|
export {
|
|
144
144
|
GoogleAuth
|
|
145
145
|
};
|
|
146
|
-
//# sourceMappingURL=chunk-
|
|
146
|
+
//# sourceMappingURL=chunk-USWCQIUT.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../implements/google.auth.ts"],"sourcesContent":["import { AuthModule } from \"@ainetwork/adk/modules\";\nimport { AuthResponse } from \"@ainetwork/adk/types/auth\";\nimport type { Request } from \"express\";\nimport jwt, { JwtHeader, SigningKeyCallback } from \"jsonwebtoken\";\nimport jwksClient from \"jwks-rsa\";\n\nexport interface GoogleAuthConfig {\n clientId: string;\n nextAuthSecret?: string;\n}\n\ninterface GoogleTokenPayload {\n aud: string;\n iss: string;\n iat: number;\n exp: number;\n sub: string;\n email?: string;\n email_verified?: boolean;\n name?: string;\n picture?: string;\n azp?: string;\n}\n\ninterface GoogleTokenInfoResponse {\n azp: string;\n aud: string;\n sub: string;\n scope: string;\n exp: string;\n expires_in: string;\n email?: string;\n email_verified?: string;\n access_type?: string;\n error?: string;\n error_description?: string;\n}\n\ninterface NextAuthJWTPayload {\n name?: string;\n email?: string;\n picture?: string;\n sub: string;\n iat: number;\n exp: number;\n jti?: string;\n}\n\nconst GOOGLE_ISSUERS: [string, ...string[]] = [\n \"https://accounts.google.com\",\n \"accounts.google.com\",\n];\n\nexport class GoogleAuth extends AuthModule {\n private readonly jwksClient: jwksClient.JwksClient;\n\n constructor(private readonly config: GoogleAuthConfig) {\n super();\n\n this.jwksClient = jwksClient({\n jwksUri: \"https://www.googleapis.com/oauth2/v3/certs\",\n cache: true,\n cacheMaxAge: 86400000, // 24 hours\n rateLimit: true,\n jwksRequestsPerMinute: 10,\n });\n }\n\n private getSigningKey = (header: JwtHeader, callback: SigningKeyCallback): void => {\n this.jwksClient.getSigningKey(header.kid, (err, key) => {\n if (err) {\n callback(err);\n return;\n }\n const signingKey = key?.getPublicKey();\n callback(null, signingKey);\n });\n };\n\n private verifyGoogleIdToken(token: string): Promise<GoogleTokenPayload> {\n return new Promise((resolve, reject) => {\n jwt.verify(\n token,\n this.getSigningKey,\n {\n algorithms: [\"RS256\"],\n audience: this.config.clientId,\n issuer: GOOGLE_ISSUERS,\n },\n (err: Error | null, decoded: unknown) => {\n if (err) {\n reject(err);\n return;\n }\n resolve(decoded as GoogleTokenPayload);\n }\n );\n });\n }\n\n private async verifyGoogleAccessToken(token: string): Promise<GoogleTokenInfoResponse> {\n const response = await fetch(\n `https://oauth2.googleapis.com/tokeninfo?access_token=${encodeURIComponent(token)}`\n );\n\n const data = await response.json() as GoogleTokenInfoResponse;\n\n if (data.error) {\n throw new Error(data.error_description || data.error);\n }\n\n // Verify the token is for our client\n if (data.aud !== this.config.clientId && data.azp !== this.config.clientId) {\n throw new Error(\"Token was not issued for this client\");\n }\n\n return data;\n }\n\n private verifyNextAuthToken(token: string): Promise<NextAuthJWTPayload> {\n return new Promise((resolve, reject) => {\n if (!this.config.nextAuthSecret) {\n reject(new Error(\"NextAuth secret is required for NextAuth token verification\"));\n return;\n }\n\n jwt.verify(\n token,\n this.config.nextAuthSecret,\n {\n algorithms: [\"HS256\"],\n },\n (err, decoded) => {\n if (err) {\n reject(err);\n return;\n }\n resolve(decoded as NextAuthJWTPayload);\n }\n );\n });\n }\n\n private isGoogleAccessToken(token: string): boolean {\n return token.startsWith(\"ya29.\");\n }\n\n public async authenticate(req: any, res: any): Promise<AuthResponse> {\n const token = this.extractBearerToken(req);\n if (!token) {\n return { isAuthenticated: false };\n }\n\n try {\n // First, try to verify as NextAuth JWT token (signed with NEXTAUTH_SECRET)\n if (this.config.nextAuthSecret) {\n try {\n const payload = await this.verifyNextAuthToken(token);\n if (payload.sub) {\n return {\n isAuthenticated: true,\n userId: payload.sub,\n };\n }\n } catch {\n // If NextAuth verification fails, try other methods\n }\n }\n\n // Check if it's a Google Access Token (starts with \"ya29.\")\n if (this.isGoogleAccessToken(token)) {\n const tokenInfo = await this.verifyGoogleAccessToken(token);\n if (tokenInfo.sub) {\n return {\n isAuthenticated: true,\n userId: tokenInfo.sub,\n };\n }\n console.error(\"Google auth verification failed: Token does not contain sub claim\");\n return { isAuthenticated: false };\n }\n\n // Try to verify as Google ID token (JWT)\n const payload = await this.verifyGoogleIdToken(token);\n\n if (!payload.sub) {\n console.error(\"Google auth verification failed: Token does not contain sub claim\");\n return { isAuthenticated: false };\n }\n\n return {\n isAuthenticated: true,\n userId: payload.sub,\n };\n } catch (err) {\n console.error(\"Google auth verification failed:\", (err as Error).message);\n return { isAuthenticated: false };\n }\n }\n\n private extractBearerToken(req: Request): string | null {\n const authHeader = req.headers.authorization;\n if (!authHeader?.startsWith(\"Bearer \")) {\n return null;\n }\n return authHeader.substring(7);\n }\n}\n"],"mappings":";AAAA,SAAS,kBAAkB;AAG3B,OAAO,SAA4C;AACnD,OAAO,gBAAgB;AA4CvB,IAAM,iBAAwC;AAAA,EAC5C;AAAA,EACA;AACF;AAEO,IAAM,aAAN,cAAyB,WAAW;AAAA,EAGzC,YAA6B,QAA0B;AACrD,UAAM;AADqB;AAG3B,SAAK,aAAa,WAAW;AAAA,MAC3B,SAAS;AAAA,MACT,OAAO;AAAA,MACP,aAAa;AAAA;AAAA,MACb,WAAW;AAAA,MACX,uBAAuB;AAAA,IACzB,CAAC;AAAA,EACH;AAAA,EAZiB;AAAA,EAcT,gBAAgB,CAAC,QAAmB,aAAuC;AACjF,SAAK,WAAW,cAAc,OAAO,KAAK,CAAC,KAAK,QAAQ;AACtD,UAAI,KAAK;AACP,iBAAS,GAAG;AACZ;AAAA,MACF;AACA,YAAM,aAAa,KAAK,aAAa;AACrC,eAAS,MAAM,UAAU;AAAA,IAC3B,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAoB,OAA4C;AACtE,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI;AAAA,QACF;AAAA,QACA,KAAK;AAAA,QACL;AAAA,UACE,YAAY,CAAC,OAAO;AAAA,UACpB,UAAU,KAAK,OAAO;AAAA,UACtB,QAAQ;AAAA,QACV;AAAA,QACA,CAAC,KAAmB,YAAqB;AACvC,cAAI,KAAK;AACP,mBAAO,GAAG;AACV;AAAA,UACF;AACA,kBAAQ,OAA6B;AAAA,QACvC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,wBAAwB,OAAiD;AACrF,UAAM,WAAW,MAAM;AAAA,MACrB,wDAAwD,mBAAmB,KAAK,CAAC;AAAA,IACnF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,KAAK,OAAO;AACd,YAAM,IAAI,MAAM,KAAK,qBAAqB,KAAK,KAAK;AAAA,IACtD;AAGA,QAAI,KAAK,QAAQ,KAAK,OAAO,YAAY,KAAK,QAAQ,KAAK,OAAO,UAAU;AAC1E,YAAM,IAAI,MAAM,sCAAsC;AAAA,IACxD;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,oBAAoB,OAA4C;AACtE,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI,CAAC,KAAK,OAAO,gBAAgB;AAC/B,eAAO,IAAI,MAAM,6DAA6D,CAAC;AAC/E;AAAA,MACF;AAEA,UAAI;AAAA,QACF;AAAA,QACA,KAAK,OAAO;AAAA,QACZ;AAAA,UACE,YAAY,CAAC,OAAO;AAAA,QACtB;AAAA,QACA,CAAC,KAAK,YAAY;AAChB,cAAI,KAAK;AACP,mBAAO,GAAG;AACV;AAAA,UACF;AACA,kBAAQ,OAA6B;AAAA,QACvC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAoB,OAAwB;AAClD,WAAO,MAAM,WAAW,OAAO;AAAA,EACjC;AAAA,EAEA,MAAa,aAAa,KAAU,KAAiC;AACnE,UAAM,QAAQ,KAAK,mBAAmB,GAAG;AACzC,QAAI,CAAC,OAAO;AACV,aAAO,EAAE,iBAAiB,MAAM;AAAA,IAClC;AAEA,QAAI;AAEF,UAAI,KAAK,OAAO,gBAAgB;AAC9B,YAAI;AACF,gBAAMA,WAAU,MAAM,KAAK,oBAAoB,KAAK;AACpD,cAAIA,SAAQ,KAAK;AACf,mBAAO;AAAA,cACL,iBAAiB;AAAA,cACjB,QAAQA,SAAQ;AAAA,YAClB;AAAA,UACF;AAAA,QACF,QAAQ;AAAA,QAER;AAAA,MACF;AAGA,UAAI,KAAK,oBAAoB,KAAK,GAAG;AACnC,cAAM,YAAY,MAAM,KAAK,wBAAwB,KAAK;AAC1D,YAAI,UAAU,KAAK;AACjB,iBAAO;AAAA,YACL,iBAAiB;AAAA,YACjB,QAAQ,UAAU;AAAA,UACpB;AAAA,QACF;AACA,gBAAQ,MAAM,mEAAmE;AACjF,eAAO,EAAE,iBAAiB,MAAM;AAAA,MAClC;AAGA,YAAM,UAAU,MAAM,KAAK,oBAAoB,KAAK;AAEpD,UAAI,CAAC,QAAQ,KAAK;AAChB,gBAAQ,MAAM,mEAAmE;AACjF,eAAO,EAAE,iBAAiB,MAAM;AAAA,MAClC;AAEA,aAAO;AAAA,QACL,iBAAiB;AAAA,QACjB,QAAQ,QAAQ;AAAA,MAClB;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,MAAM,oCAAqC,IAAc,OAAO;AACxE,aAAO,EAAE,iBAAiB,MAAM;AAAA,IAClC;AAAA,EACF;AAAA,EAEQ,mBAAmB,KAA6B;AACtD,UAAM,aAAa,IAAI,QAAQ;AAC/B,QAAI,CAAC,YAAY,WAAW,SAAS,GAAG;AACtC,aAAO;AAAA,IACT;AACA,WAAO,WAAW,UAAU,CAAC;AAAA,EAC/B;AACF;","names":["payload"]}
|
|
@@ -40,7 +40,7 @@ var GOOGLE_ISSUERS = [
|
|
|
40
40
|
"https://accounts.google.com",
|
|
41
41
|
"accounts.google.com"
|
|
42
42
|
];
|
|
43
|
-
var GoogleAuth = class extends import_modules.
|
|
43
|
+
var GoogleAuth = class extends import_modules.AuthModule {
|
|
44
44
|
constructor(config) {
|
|
45
45
|
super();
|
|
46
46
|
this.config = config;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../implements/google.auth.ts"],"sourcesContent":["import {
|
|
1
|
+
{"version":3,"sources":["../../implements/google.auth.ts"],"sourcesContent":["import { AuthModule } from \"@ainetwork/adk/modules\";\nimport { AuthResponse } from \"@ainetwork/adk/types/auth\";\nimport type { Request } from \"express\";\nimport jwt, { JwtHeader, SigningKeyCallback } from \"jsonwebtoken\";\nimport jwksClient from \"jwks-rsa\";\n\nexport interface GoogleAuthConfig {\n clientId: string;\n nextAuthSecret?: string;\n}\n\ninterface GoogleTokenPayload {\n aud: string;\n iss: string;\n iat: number;\n exp: number;\n sub: string;\n email?: string;\n email_verified?: boolean;\n name?: string;\n picture?: string;\n azp?: string;\n}\n\ninterface GoogleTokenInfoResponse {\n azp: string;\n aud: string;\n sub: string;\n scope: string;\n exp: string;\n expires_in: string;\n email?: string;\n email_verified?: string;\n access_type?: string;\n error?: string;\n error_description?: string;\n}\n\ninterface NextAuthJWTPayload {\n name?: string;\n email?: string;\n picture?: string;\n sub: string;\n iat: number;\n exp: number;\n jti?: string;\n}\n\nconst GOOGLE_ISSUERS: [string, ...string[]] = [\n \"https://accounts.google.com\",\n \"accounts.google.com\",\n];\n\nexport class GoogleAuth extends AuthModule {\n private readonly jwksClient: jwksClient.JwksClient;\n\n constructor(private readonly config: GoogleAuthConfig) {\n super();\n\n this.jwksClient = jwksClient({\n jwksUri: \"https://www.googleapis.com/oauth2/v3/certs\",\n cache: true,\n cacheMaxAge: 86400000, // 24 hours\n rateLimit: true,\n jwksRequestsPerMinute: 10,\n });\n }\n\n private getSigningKey = (header: JwtHeader, callback: SigningKeyCallback): void => {\n this.jwksClient.getSigningKey(header.kid, (err, key) => {\n if (err) {\n callback(err);\n return;\n }\n const signingKey = key?.getPublicKey();\n callback(null, signingKey);\n });\n };\n\n private verifyGoogleIdToken(token: string): Promise<GoogleTokenPayload> {\n return new Promise((resolve, reject) => {\n jwt.verify(\n token,\n this.getSigningKey,\n {\n algorithms: [\"RS256\"],\n audience: this.config.clientId,\n issuer: GOOGLE_ISSUERS,\n },\n (err: Error | null, decoded: unknown) => {\n if (err) {\n reject(err);\n return;\n }\n resolve(decoded as GoogleTokenPayload);\n }\n );\n });\n }\n\n private async verifyGoogleAccessToken(token: string): Promise<GoogleTokenInfoResponse> {\n const response = await fetch(\n `https://oauth2.googleapis.com/tokeninfo?access_token=${encodeURIComponent(token)}`\n );\n\n const data = await response.json() as GoogleTokenInfoResponse;\n\n if (data.error) {\n throw new Error(data.error_description || data.error);\n }\n\n // Verify the token is for our client\n if (data.aud !== this.config.clientId && data.azp !== this.config.clientId) {\n throw new Error(\"Token was not issued for this client\");\n }\n\n return data;\n }\n\n private verifyNextAuthToken(token: string): Promise<NextAuthJWTPayload> {\n return new Promise((resolve, reject) => {\n if (!this.config.nextAuthSecret) {\n reject(new Error(\"NextAuth secret is required for NextAuth token verification\"));\n return;\n }\n\n jwt.verify(\n token,\n this.config.nextAuthSecret,\n {\n algorithms: [\"HS256\"],\n },\n (err, decoded) => {\n if (err) {\n reject(err);\n return;\n }\n resolve(decoded as NextAuthJWTPayload);\n }\n );\n });\n }\n\n private isGoogleAccessToken(token: string): boolean {\n return token.startsWith(\"ya29.\");\n }\n\n public async authenticate(req: any, res: any): Promise<AuthResponse> {\n const token = this.extractBearerToken(req);\n if (!token) {\n return { isAuthenticated: false };\n }\n\n try {\n // First, try to verify as NextAuth JWT token (signed with NEXTAUTH_SECRET)\n if (this.config.nextAuthSecret) {\n try {\n const payload = await this.verifyNextAuthToken(token);\n if (payload.sub) {\n return {\n isAuthenticated: true,\n userId: payload.sub,\n };\n }\n } catch {\n // If NextAuth verification fails, try other methods\n }\n }\n\n // Check if it's a Google Access Token (starts with \"ya29.\")\n if (this.isGoogleAccessToken(token)) {\n const tokenInfo = await this.verifyGoogleAccessToken(token);\n if (tokenInfo.sub) {\n return {\n isAuthenticated: true,\n userId: tokenInfo.sub,\n };\n }\n console.error(\"Google auth verification failed: Token does not contain sub claim\");\n return { isAuthenticated: false };\n }\n\n // Try to verify as Google ID token (JWT)\n const payload = await this.verifyGoogleIdToken(token);\n\n if (!payload.sub) {\n console.error(\"Google auth verification failed: Token does not contain sub claim\");\n return { isAuthenticated: false };\n }\n\n return {\n isAuthenticated: true,\n userId: payload.sub,\n };\n } catch (err) {\n console.error(\"Google auth verification failed:\", (err as Error).message);\n return { isAuthenticated: false };\n }\n }\n\n private extractBearerToken(req: Request): string | null {\n const authHeader = req.headers.authorization;\n if (!authHeader?.startsWith(\"Bearer \")) {\n return null;\n }\n return authHeader.substring(7);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAA2B;AAG3B,0BAAmD;AACnD,sBAAuB;AA4CvB,IAAM,iBAAwC;AAAA,EAC5C;AAAA,EACA;AACF;AAEO,IAAM,aAAN,cAAyB,0BAAW;AAAA,EAGzC,YAA6B,QAA0B;AACrD,UAAM;AADqB;AAG3B,SAAK,iBAAa,gBAAAA,SAAW;AAAA,MAC3B,SAAS;AAAA,MACT,OAAO;AAAA,MACP,aAAa;AAAA;AAAA,MACb,WAAW;AAAA,MACX,uBAAuB;AAAA,IACzB,CAAC;AAAA,EACH;AAAA,EAZiB;AAAA,EAcT,gBAAgB,CAAC,QAAmB,aAAuC;AACjF,SAAK,WAAW,cAAc,OAAO,KAAK,CAAC,KAAK,QAAQ;AACtD,UAAI,KAAK;AACP,iBAAS,GAAG;AACZ;AAAA,MACF;AACA,YAAM,aAAa,KAAK,aAAa;AACrC,eAAS,MAAM,UAAU;AAAA,IAC3B,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAoB,OAA4C;AACtE,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,0BAAAC,QAAI;AAAA,QACF;AAAA,QACA,KAAK;AAAA,QACL;AAAA,UACE,YAAY,CAAC,OAAO;AAAA,UACpB,UAAU,KAAK,OAAO;AAAA,UACtB,QAAQ;AAAA,QACV;AAAA,QACA,CAAC,KAAmB,YAAqB;AACvC,cAAI,KAAK;AACP,mBAAO,GAAG;AACV;AAAA,UACF;AACA,kBAAQ,OAA6B;AAAA,QACvC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,wBAAwB,OAAiD;AACrF,UAAM,WAAW,MAAM;AAAA,MACrB,wDAAwD,mBAAmB,KAAK,CAAC;AAAA,IACnF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,KAAK,OAAO;AACd,YAAM,IAAI,MAAM,KAAK,qBAAqB,KAAK,KAAK;AAAA,IACtD;AAGA,QAAI,KAAK,QAAQ,KAAK,OAAO,YAAY,KAAK,QAAQ,KAAK,OAAO,UAAU;AAC1E,YAAM,IAAI,MAAM,sCAAsC;AAAA,IACxD;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,oBAAoB,OAA4C;AACtE,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI,CAAC,KAAK,OAAO,gBAAgB;AAC/B,eAAO,IAAI,MAAM,6DAA6D,CAAC;AAC/E;AAAA,MACF;AAEA,0BAAAA,QAAI;AAAA,QACF;AAAA,QACA,KAAK,OAAO;AAAA,QACZ;AAAA,UACE,YAAY,CAAC,OAAO;AAAA,QACtB;AAAA,QACA,CAAC,KAAK,YAAY;AAChB,cAAI,KAAK;AACP,mBAAO,GAAG;AACV;AAAA,UACF;AACA,kBAAQ,OAA6B;AAAA,QACvC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAoB,OAAwB;AAClD,WAAO,MAAM,WAAW,OAAO;AAAA,EACjC;AAAA,EAEA,MAAa,aAAa,KAAU,KAAiC;AACnE,UAAM,QAAQ,KAAK,mBAAmB,GAAG;AACzC,QAAI,CAAC,OAAO;AACV,aAAO,EAAE,iBAAiB,MAAM;AAAA,IAClC;AAEA,QAAI;AAEF,UAAI,KAAK,OAAO,gBAAgB;AAC9B,YAAI;AACF,gBAAMC,WAAU,MAAM,KAAK,oBAAoB,KAAK;AACpD,cAAIA,SAAQ,KAAK;AACf,mBAAO;AAAA,cACL,iBAAiB;AAAA,cACjB,QAAQA,SAAQ;AAAA,YAClB;AAAA,UACF;AAAA,QACF,QAAQ;AAAA,QAER;AAAA,MACF;AAGA,UAAI,KAAK,oBAAoB,KAAK,GAAG;AACnC,cAAM,YAAY,MAAM,KAAK,wBAAwB,KAAK;AAC1D,YAAI,UAAU,KAAK;AACjB,iBAAO;AAAA,YACL,iBAAiB;AAAA,YACjB,QAAQ,UAAU;AAAA,UACpB;AAAA,QACF;AACA,gBAAQ,MAAM,mEAAmE;AACjF,eAAO,EAAE,iBAAiB,MAAM;AAAA,MAClC;AAGA,YAAM,UAAU,MAAM,KAAK,oBAAoB,KAAK;AAEpD,UAAI,CAAC,QAAQ,KAAK;AAChB,gBAAQ,MAAM,mEAAmE;AACjF,eAAO,EAAE,iBAAiB,MAAM;AAAA,MAClC;AAEA,aAAO;AAAA,QACL,iBAAiB;AAAA,QACjB,QAAQ,QAAQ;AAAA,MAClB;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,MAAM,oCAAqC,IAAc,OAAO;AACxE,aAAO,EAAE,iBAAiB,MAAM;AAAA,IAClC;AAAA,EACF;AAAA,EAEQ,mBAAmB,KAA6B;AACtD,UAAM,aAAa,IAAI,QAAQ;AAC/B,QAAI,CAAC,YAAY,WAAW,SAAS,GAAG;AACtC,aAAO;AAAA,IACT;AACA,WAAO,WAAW,UAAU,CAAC;AAAA,EAC/B;AACF;","names":["jwksClient","jwt","payload"]}
|
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { AuthModule } from '@ainetwork/adk/modules';
|
|
2
2
|
import { AuthResponse } from '@ainetwork/adk/types/auth';
|
|
3
3
|
|
|
4
4
|
interface GoogleAuthConfig {
|
|
5
5
|
clientId: string;
|
|
6
6
|
nextAuthSecret?: string;
|
|
7
7
|
}
|
|
8
|
-
declare class GoogleAuth extends
|
|
8
|
+
declare class GoogleAuth extends AuthModule {
|
|
9
9
|
private readonly config;
|
|
10
10
|
private readonly jwksClient;
|
|
11
11
|
constructor(config: GoogleAuthConfig);
|
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { AuthModule } from '@ainetwork/adk/modules';
|
|
2
2
|
import { AuthResponse } from '@ainetwork/adk/types/auth';
|
|
3
3
|
|
|
4
4
|
interface GoogleAuthConfig {
|
|
5
5
|
clientId: string;
|
|
6
6
|
nextAuthSecret?: string;
|
|
7
7
|
}
|
|
8
|
-
declare class GoogleAuth extends
|
|
8
|
+
declare class GoogleAuth extends AuthModule {
|
|
9
9
|
private readonly config;
|
|
10
10
|
private readonly jwksClient;
|
|
11
11
|
constructor(config: GoogleAuthConfig);
|
package/dist/index.cjs
CHANGED
|
@@ -42,7 +42,7 @@ var GOOGLE_ISSUERS = [
|
|
|
42
42
|
"https://accounts.google.com",
|
|
43
43
|
"accounts.google.com"
|
|
44
44
|
];
|
|
45
|
-
var GoogleAuth = class extends import_modules.
|
|
45
|
+
var GoogleAuth = class extends import_modules.AuthModule {
|
|
46
46
|
constructor(config) {
|
|
47
47
|
super();
|
|
48
48
|
this.config = config;
|
package/dist/index.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../index.ts","../implements/google.auth.ts"],"sourcesContent":["export { GoogleAuth, type GoogleAuthConfig } from \"./implements/google.auth\";\n","import {
|
|
1
|
+
{"version":3,"sources":["../index.ts","../implements/google.auth.ts"],"sourcesContent":["export { GoogleAuth, type GoogleAuthConfig } from \"./implements/google.auth\";\n","import { AuthModule } from \"@ainetwork/adk/modules\";\nimport { AuthResponse } from \"@ainetwork/adk/types/auth\";\nimport type { Request } from \"express\";\nimport jwt, { JwtHeader, SigningKeyCallback } from \"jsonwebtoken\";\nimport jwksClient from \"jwks-rsa\";\n\nexport interface GoogleAuthConfig {\n clientId: string;\n nextAuthSecret?: string;\n}\n\ninterface GoogleTokenPayload {\n aud: string;\n iss: string;\n iat: number;\n exp: number;\n sub: string;\n email?: string;\n email_verified?: boolean;\n name?: string;\n picture?: string;\n azp?: string;\n}\n\ninterface GoogleTokenInfoResponse {\n azp: string;\n aud: string;\n sub: string;\n scope: string;\n exp: string;\n expires_in: string;\n email?: string;\n email_verified?: string;\n access_type?: string;\n error?: string;\n error_description?: string;\n}\n\ninterface NextAuthJWTPayload {\n name?: string;\n email?: string;\n picture?: string;\n sub: string;\n iat: number;\n exp: number;\n jti?: string;\n}\n\nconst GOOGLE_ISSUERS: [string, ...string[]] = [\n \"https://accounts.google.com\",\n \"accounts.google.com\",\n];\n\nexport class GoogleAuth extends AuthModule {\n private readonly jwksClient: jwksClient.JwksClient;\n\n constructor(private readonly config: GoogleAuthConfig) {\n super();\n\n this.jwksClient = jwksClient({\n jwksUri: \"https://www.googleapis.com/oauth2/v3/certs\",\n cache: true,\n cacheMaxAge: 86400000, // 24 hours\n rateLimit: true,\n jwksRequestsPerMinute: 10,\n });\n }\n\n private getSigningKey = (header: JwtHeader, callback: SigningKeyCallback): void => {\n this.jwksClient.getSigningKey(header.kid, (err, key) => {\n if (err) {\n callback(err);\n return;\n }\n const signingKey = key?.getPublicKey();\n callback(null, signingKey);\n });\n };\n\n private verifyGoogleIdToken(token: string): Promise<GoogleTokenPayload> {\n return new Promise((resolve, reject) => {\n jwt.verify(\n token,\n this.getSigningKey,\n {\n algorithms: [\"RS256\"],\n audience: this.config.clientId,\n issuer: GOOGLE_ISSUERS,\n },\n (err: Error | null, decoded: unknown) => {\n if (err) {\n reject(err);\n return;\n }\n resolve(decoded as GoogleTokenPayload);\n }\n );\n });\n }\n\n private async verifyGoogleAccessToken(token: string): Promise<GoogleTokenInfoResponse> {\n const response = await fetch(\n `https://oauth2.googleapis.com/tokeninfo?access_token=${encodeURIComponent(token)}`\n );\n\n const data = await response.json() as GoogleTokenInfoResponse;\n\n if (data.error) {\n throw new Error(data.error_description || data.error);\n }\n\n // Verify the token is for our client\n if (data.aud !== this.config.clientId && data.azp !== this.config.clientId) {\n throw new Error(\"Token was not issued for this client\");\n }\n\n return data;\n }\n\n private verifyNextAuthToken(token: string): Promise<NextAuthJWTPayload> {\n return new Promise((resolve, reject) => {\n if (!this.config.nextAuthSecret) {\n reject(new Error(\"NextAuth secret is required for NextAuth token verification\"));\n return;\n }\n\n jwt.verify(\n token,\n this.config.nextAuthSecret,\n {\n algorithms: [\"HS256\"],\n },\n (err, decoded) => {\n if (err) {\n reject(err);\n return;\n }\n resolve(decoded as NextAuthJWTPayload);\n }\n );\n });\n }\n\n private isGoogleAccessToken(token: string): boolean {\n return token.startsWith(\"ya29.\");\n }\n\n public async authenticate(req: any, res: any): Promise<AuthResponse> {\n const token = this.extractBearerToken(req);\n if (!token) {\n return { isAuthenticated: false };\n }\n\n try {\n // First, try to verify as NextAuth JWT token (signed with NEXTAUTH_SECRET)\n if (this.config.nextAuthSecret) {\n try {\n const payload = await this.verifyNextAuthToken(token);\n if (payload.sub) {\n return {\n isAuthenticated: true,\n userId: payload.sub,\n };\n }\n } catch {\n // If NextAuth verification fails, try other methods\n }\n }\n\n // Check if it's a Google Access Token (starts with \"ya29.\")\n if (this.isGoogleAccessToken(token)) {\n const tokenInfo = await this.verifyGoogleAccessToken(token);\n if (tokenInfo.sub) {\n return {\n isAuthenticated: true,\n userId: tokenInfo.sub,\n };\n }\n console.error(\"Google auth verification failed: Token does not contain sub claim\");\n return { isAuthenticated: false };\n }\n\n // Try to verify as Google ID token (JWT)\n const payload = await this.verifyGoogleIdToken(token);\n\n if (!payload.sub) {\n console.error(\"Google auth verification failed: Token does not contain sub claim\");\n return { isAuthenticated: false };\n }\n\n return {\n isAuthenticated: true,\n userId: payload.sub,\n };\n } catch (err) {\n console.error(\"Google auth verification failed:\", (err as Error).message);\n return { isAuthenticated: false };\n }\n }\n\n private extractBearerToken(req: Request): string | null {\n const authHeader = req.headers.authorization;\n if (!authHeader?.startsWith(\"Bearer \")) {\n return null;\n }\n return authHeader.substring(7);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,qBAA2B;AAG3B,0BAAmD;AACnD,sBAAuB;AA4CvB,IAAM,iBAAwC;AAAA,EAC5C;AAAA,EACA;AACF;AAEO,IAAM,aAAN,cAAyB,0BAAW;AAAA,EAGzC,YAA6B,QAA0B;AACrD,UAAM;AADqB;AAG3B,SAAK,iBAAa,gBAAAA,SAAW;AAAA,MAC3B,SAAS;AAAA,MACT,OAAO;AAAA,MACP,aAAa;AAAA;AAAA,MACb,WAAW;AAAA,MACX,uBAAuB;AAAA,IACzB,CAAC;AAAA,EACH;AAAA,EAZiB;AAAA,EAcT,gBAAgB,CAAC,QAAmB,aAAuC;AACjF,SAAK,WAAW,cAAc,OAAO,KAAK,CAAC,KAAK,QAAQ;AACtD,UAAI,KAAK;AACP,iBAAS,GAAG;AACZ;AAAA,MACF;AACA,YAAM,aAAa,KAAK,aAAa;AACrC,eAAS,MAAM,UAAU;AAAA,IAC3B,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAoB,OAA4C;AACtE,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,0BAAAC,QAAI;AAAA,QACF;AAAA,QACA,KAAK;AAAA,QACL;AAAA,UACE,YAAY,CAAC,OAAO;AAAA,UACpB,UAAU,KAAK,OAAO;AAAA,UACtB,QAAQ;AAAA,QACV;AAAA,QACA,CAAC,KAAmB,YAAqB;AACvC,cAAI,KAAK;AACP,mBAAO,GAAG;AACV;AAAA,UACF;AACA,kBAAQ,OAA6B;AAAA,QACvC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,wBAAwB,OAAiD;AACrF,UAAM,WAAW,MAAM;AAAA,MACrB,wDAAwD,mBAAmB,KAAK,CAAC;AAAA,IACnF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,KAAK,OAAO;AACd,YAAM,IAAI,MAAM,KAAK,qBAAqB,KAAK,KAAK;AAAA,IACtD;AAGA,QAAI,KAAK,QAAQ,KAAK,OAAO,YAAY,KAAK,QAAQ,KAAK,OAAO,UAAU;AAC1E,YAAM,IAAI,MAAM,sCAAsC;AAAA,IACxD;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,oBAAoB,OAA4C;AACtE,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI,CAAC,KAAK,OAAO,gBAAgB;AAC/B,eAAO,IAAI,MAAM,6DAA6D,CAAC;AAC/E;AAAA,MACF;AAEA,0BAAAA,QAAI;AAAA,QACF;AAAA,QACA,KAAK,OAAO;AAAA,QACZ;AAAA,UACE,YAAY,CAAC,OAAO;AAAA,QACtB;AAAA,QACA,CAAC,KAAK,YAAY;AAChB,cAAI,KAAK;AACP,mBAAO,GAAG;AACV;AAAA,UACF;AACA,kBAAQ,OAA6B;AAAA,QACvC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAoB,OAAwB;AAClD,WAAO,MAAM,WAAW,OAAO;AAAA,EACjC;AAAA,EAEA,MAAa,aAAa,KAAU,KAAiC;AACnE,UAAM,QAAQ,KAAK,mBAAmB,GAAG;AACzC,QAAI,CAAC,OAAO;AACV,aAAO,EAAE,iBAAiB,MAAM;AAAA,IAClC;AAEA,QAAI;AAEF,UAAI,KAAK,OAAO,gBAAgB;AAC9B,YAAI;AACF,gBAAMC,WAAU,MAAM,KAAK,oBAAoB,KAAK;AACpD,cAAIA,SAAQ,KAAK;AACf,mBAAO;AAAA,cACL,iBAAiB;AAAA,cACjB,QAAQA,SAAQ;AAAA,YAClB;AAAA,UACF;AAAA,QACF,QAAQ;AAAA,QAER;AAAA,MACF;AAGA,UAAI,KAAK,oBAAoB,KAAK,GAAG;AACnC,cAAM,YAAY,MAAM,KAAK,wBAAwB,KAAK;AAC1D,YAAI,UAAU,KAAK;AACjB,iBAAO;AAAA,YACL,iBAAiB;AAAA,YACjB,QAAQ,UAAU;AAAA,UACpB;AAAA,QACF;AACA,gBAAQ,MAAM,mEAAmE;AACjF,eAAO,EAAE,iBAAiB,MAAM;AAAA,MAClC;AAGA,YAAM,UAAU,MAAM,KAAK,oBAAoB,KAAK;AAEpD,UAAI,CAAC,QAAQ,KAAK;AAChB,gBAAQ,MAAM,mEAAmE;AACjF,eAAO,EAAE,iBAAiB,MAAM;AAAA,MAClC;AAEA,aAAO;AAAA,QACL,iBAAiB;AAAA,QACjB,QAAQ,QAAQ;AAAA,MAClB;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,MAAM,oCAAqC,IAAc,OAAO;AACxE,aAAO,EAAE,iBAAiB,MAAM;AAAA,IAClC;AAAA,EACF;AAAA,EAEQ,mBAAmB,KAA6B;AACtD,UAAM,aAAa,IAAI,QAAQ;AAC/B,QAAI,CAAC,YAAY,WAAW,SAAS,GAAG;AACtC,aAAO;AAAA,IACT;AACA,WAAO,WAAW,UAAU,CAAC;AAAA,EAC/B;AACF;","names":["jwksClient","jwt","payload"]}
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { AuthModule } from "@ainetwork/adk/modules";
|
|
2
2
|
import { AuthResponse } from "@ainetwork/adk/types/auth";
|
|
3
3
|
import type { Request } from "express";
|
|
4
4
|
import jwt, { JwtHeader, SigningKeyCallback } from "jsonwebtoken";
|
|
@@ -51,7 +51,7 @@ const GOOGLE_ISSUERS: [string, ...string[]] = [
|
|
|
51
51
|
"accounts.google.com",
|
|
52
52
|
];
|
|
53
53
|
|
|
54
|
-
export class GoogleAuth extends
|
|
54
|
+
export class GoogleAuth extends AuthModule {
|
|
55
55
|
private readonly jwksClient: jwksClient.JwksClient;
|
|
56
56
|
|
|
57
57
|
constructor(private readonly config: GoogleAuthConfig) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ainetwork/adk-provider-auth-google",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.4",
|
|
4
4
|
"author": "AI Network (https://ainetwork.ai)",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"engines": {
|
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
"clean": "rm -rf dist"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"@ainetwork/adk": "^0.3.
|
|
24
|
+
"@ainetwork/adk": "^0.3.4",
|
|
25
25
|
"jsonwebtoken": "^9.0.2",
|
|
26
26
|
"jwks-rsa": "^3.1.0"
|
|
27
27
|
},
|
|
@@ -34,5 +34,5 @@
|
|
|
34
34
|
"publishConfig": {
|
|
35
35
|
"access": "public"
|
|
36
36
|
},
|
|
37
|
-
"gitHead": "
|
|
37
|
+
"gitHead": "a1e19f88b1255e8b5d3fd6f60edb82139b324123"
|
|
38
38
|
}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../implements/google.auth.ts"],"sourcesContent":["import { BaseAuth } from \"@ainetwork/adk/modules\";\nimport { AuthResponse } from \"@ainetwork/adk/types/auth\";\nimport type { Request } from \"express\";\nimport jwt, { JwtHeader, SigningKeyCallback } from \"jsonwebtoken\";\nimport jwksClient from \"jwks-rsa\";\n\nexport interface GoogleAuthConfig {\n clientId: string;\n nextAuthSecret?: string;\n}\n\ninterface GoogleTokenPayload {\n aud: string;\n iss: string;\n iat: number;\n exp: number;\n sub: string;\n email?: string;\n email_verified?: boolean;\n name?: string;\n picture?: string;\n azp?: string;\n}\n\ninterface GoogleTokenInfoResponse {\n azp: string;\n aud: string;\n sub: string;\n scope: string;\n exp: string;\n expires_in: string;\n email?: string;\n email_verified?: string;\n access_type?: string;\n error?: string;\n error_description?: string;\n}\n\ninterface NextAuthJWTPayload {\n name?: string;\n email?: string;\n picture?: string;\n sub: string;\n iat: number;\n exp: number;\n jti?: string;\n}\n\nconst GOOGLE_ISSUERS: [string, ...string[]] = [\n \"https://accounts.google.com\",\n \"accounts.google.com\",\n];\n\nexport class GoogleAuth extends BaseAuth {\n private readonly jwksClient: jwksClient.JwksClient;\n\n constructor(private readonly config: GoogleAuthConfig) {\n super();\n\n this.jwksClient = jwksClient({\n jwksUri: \"https://www.googleapis.com/oauth2/v3/certs\",\n cache: true,\n cacheMaxAge: 86400000, // 24 hours\n rateLimit: true,\n jwksRequestsPerMinute: 10,\n });\n }\n\n private getSigningKey = (header: JwtHeader, callback: SigningKeyCallback): void => {\n this.jwksClient.getSigningKey(header.kid, (err, key) => {\n if (err) {\n callback(err);\n return;\n }\n const signingKey = key?.getPublicKey();\n callback(null, signingKey);\n });\n };\n\n private verifyGoogleIdToken(token: string): Promise<GoogleTokenPayload> {\n return new Promise((resolve, reject) => {\n jwt.verify(\n token,\n this.getSigningKey,\n {\n algorithms: [\"RS256\"],\n audience: this.config.clientId,\n issuer: GOOGLE_ISSUERS,\n },\n (err: Error | null, decoded: unknown) => {\n if (err) {\n reject(err);\n return;\n }\n resolve(decoded as GoogleTokenPayload);\n }\n );\n });\n }\n\n private async verifyGoogleAccessToken(token: string): Promise<GoogleTokenInfoResponse> {\n const response = await fetch(\n `https://oauth2.googleapis.com/tokeninfo?access_token=${encodeURIComponent(token)}`\n );\n\n const data = await response.json() as GoogleTokenInfoResponse;\n\n if (data.error) {\n throw new Error(data.error_description || data.error);\n }\n\n // Verify the token is for our client\n if (data.aud !== this.config.clientId && data.azp !== this.config.clientId) {\n throw new Error(\"Token was not issued for this client\");\n }\n\n return data;\n }\n\n private verifyNextAuthToken(token: string): Promise<NextAuthJWTPayload> {\n return new Promise((resolve, reject) => {\n if (!this.config.nextAuthSecret) {\n reject(new Error(\"NextAuth secret is required for NextAuth token verification\"));\n return;\n }\n\n jwt.verify(\n token,\n this.config.nextAuthSecret,\n {\n algorithms: [\"HS256\"],\n },\n (err, decoded) => {\n if (err) {\n reject(err);\n return;\n }\n resolve(decoded as NextAuthJWTPayload);\n }\n );\n });\n }\n\n private isGoogleAccessToken(token: string): boolean {\n return token.startsWith(\"ya29.\");\n }\n\n public async authenticate(req: any, res: any): Promise<AuthResponse> {\n const token = this.extractBearerToken(req);\n if (!token) {\n return { isAuthenticated: false };\n }\n\n try {\n // First, try to verify as NextAuth JWT token (signed with NEXTAUTH_SECRET)\n if (this.config.nextAuthSecret) {\n try {\n const payload = await this.verifyNextAuthToken(token);\n if (payload.sub) {\n return {\n isAuthenticated: true,\n userId: payload.sub,\n };\n }\n } catch {\n // If NextAuth verification fails, try other methods\n }\n }\n\n // Check if it's a Google Access Token (starts with \"ya29.\")\n if (this.isGoogleAccessToken(token)) {\n const tokenInfo = await this.verifyGoogleAccessToken(token);\n if (tokenInfo.sub) {\n return {\n isAuthenticated: true,\n userId: tokenInfo.sub,\n };\n }\n console.error(\"Google auth verification failed: Token does not contain sub claim\");\n return { isAuthenticated: false };\n }\n\n // Try to verify as Google ID token (JWT)\n const payload = await this.verifyGoogleIdToken(token);\n\n if (!payload.sub) {\n console.error(\"Google auth verification failed: Token does not contain sub claim\");\n return { isAuthenticated: false };\n }\n\n return {\n isAuthenticated: true,\n userId: payload.sub,\n };\n } catch (err) {\n console.error(\"Google auth verification failed:\", (err as Error).message);\n return { isAuthenticated: false };\n }\n }\n\n private extractBearerToken(req: Request): string | null {\n const authHeader = req.headers.authorization;\n if (!authHeader?.startsWith(\"Bearer \")) {\n return null;\n }\n return authHeader.substring(7);\n }\n}\n"],"mappings":";AAAA,SAAS,gBAAgB;AAGzB,OAAO,SAA4C;AACnD,OAAO,gBAAgB;AA4CvB,IAAM,iBAAwC;AAAA,EAC5C;AAAA,EACA;AACF;AAEO,IAAM,aAAN,cAAyB,SAAS;AAAA,EAGvC,YAA6B,QAA0B;AACrD,UAAM;AADqB;AAG3B,SAAK,aAAa,WAAW;AAAA,MAC3B,SAAS;AAAA,MACT,OAAO;AAAA,MACP,aAAa;AAAA;AAAA,MACb,WAAW;AAAA,MACX,uBAAuB;AAAA,IACzB,CAAC;AAAA,EACH;AAAA,EAZiB;AAAA,EAcT,gBAAgB,CAAC,QAAmB,aAAuC;AACjF,SAAK,WAAW,cAAc,OAAO,KAAK,CAAC,KAAK,QAAQ;AACtD,UAAI,KAAK;AACP,iBAAS,GAAG;AACZ;AAAA,MACF;AACA,YAAM,aAAa,KAAK,aAAa;AACrC,eAAS,MAAM,UAAU;AAAA,IAC3B,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAoB,OAA4C;AACtE,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI;AAAA,QACF;AAAA,QACA,KAAK;AAAA,QACL;AAAA,UACE,YAAY,CAAC,OAAO;AAAA,UACpB,UAAU,KAAK,OAAO;AAAA,UACtB,QAAQ;AAAA,QACV;AAAA,QACA,CAAC,KAAmB,YAAqB;AACvC,cAAI,KAAK;AACP,mBAAO,GAAG;AACV;AAAA,UACF;AACA,kBAAQ,OAA6B;AAAA,QACvC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,wBAAwB,OAAiD;AACrF,UAAM,WAAW,MAAM;AAAA,MACrB,wDAAwD,mBAAmB,KAAK,CAAC;AAAA,IACnF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,KAAK,OAAO;AACd,YAAM,IAAI,MAAM,KAAK,qBAAqB,KAAK,KAAK;AAAA,IACtD;AAGA,QAAI,KAAK,QAAQ,KAAK,OAAO,YAAY,KAAK,QAAQ,KAAK,OAAO,UAAU;AAC1E,YAAM,IAAI,MAAM,sCAAsC;AAAA,IACxD;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,oBAAoB,OAA4C;AACtE,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI,CAAC,KAAK,OAAO,gBAAgB;AAC/B,eAAO,IAAI,MAAM,6DAA6D,CAAC;AAC/E;AAAA,MACF;AAEA,UAAI;AAAA,QACF;AAAA,QACA,KAAK,OAAO;AAAA,QACZ;AAAA,UACE,YAAY,CAAC,OAAO;AAAA,QACtB;AAAA,QACA,CAAC,KAAK,YAAY;AAChB,cAAI,KAAK;AACP,mBAAO,GAAG;AACV;AAAA,UACF;AACA,kBAAQ,OAA6B;AAAA,QACvC;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAoB,OAAwB;AAClD,WAAO,MAAM,WAAW,OAAO;AAAA,EACjC;AAAA,EAEA,MAAa,aAAa,KAAU,KAAiC;AACnE,UAAM,QAAQ,KAAK,mBAAmB,GAAG;AACzC,QAAI,CAAC,OAAO;AACV,aAAO,EAAE,iBAAiB,MAAM;AAAA,IAClC;AAEA,QAAI;AAEF,UAAI,KAAK,OAAO,gBAAgB;AAC9B,YAAI;AACF,gBAAMA,WAAU,MAAM,KAAK,oBAAoB,KAAK;AACpD,cAAIA,SAAQ,KAAK;AACf,mBAAO;AAAA,cACL,iBAAiB;AAAA,cACjB,QAAQA,SAAQ;AAAA,YAClB;AAAA,UACF;AAAA,QACF,QAAQ;AAAA,QAER;AAAA,MACF;AAGA,UAAI,KAAK,oBAAoB,KAAK,GAAG;AACnC,cAAM,YAAY,MAAM,KAAK,wBAAwB,KAAK;AAC1D,YAAI,UAAU,KAAK;AACjB,iBAAO;AAAA,YACL,iBAAiB;AAAA,YACjB,QAAQ,UAAU;AAAA,UACpB;AAAA,QACF;AACA,gBAAQ,MAAM,mEAAmE;AACjF,eAAO,EAAE,iBAAiB,MAAM;AAAA,MAClC;AAGA,YAAM,UAAU,MAAM,KAAK,oBAAoB,KAAK;AAEpD,UAAI,CAAC,QAAQ,KAAK;AAChB,gBAAQ,MAAM,mEAAmE;AACjF,eAAO,EAAE,iBAAiB,MAAM;AAAA,MAClC;AAEA,aAAO;AAAA,QACL,iBAAiB;AAAA,QACjB,QAAQ,QAAQ;AAAA,MAClB;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,MAAM,oCAAqC,IAAc,OAAO;AACxE,aAAO,EAAE,iBAAiB,MAAM;AAAA,IAClC;AAAA,EACF;AAAA,EAEQ,mBAAmB,KAA6B;AACtD,UAAM,aAAa,IAAI,QAAQ;AAC/B,QAAI,CAAC,YAAY,WAAW,SAAS,GAAG;AACtC,aAAO;AAAA,IACT;AACA,WAAO,WAAW,UAAU,CAAC;AAAA,EAC/B;AACF;","names":["payload"]}
|