@apart-tech/intelligence-core 1.10.0 → 1.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +2 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -1
- package/dist/index.js.map +1 -1
- package/dist/lib/__tests__/crypto.test.js +95 -27
- package/dist/lib/__tests__/crypto.test.js.map +1 -1
- package/dist/lib/crypto.d.ts +19 -5
- package/dist/lib/crypto.d.ts.map +1 -1
- package/dist/lib/crypto.js +71 -14
- package/dist/lib/crypto.js.map +1 -1
- package/dist/lib/encryption-keys.d.ts +6 -0
- package/dist/lib/encryption-keys.d.ts.map +1 -0
- package/dist/lib/encryption-keys.js +40 -0
- package/dist/lib/encryption-keys.js.map +1 -0
- package/dist/services/agent-schedule-service.d.ts.map +1 -1
- package/dist/services/agent-schedule-service.js +4 -7
- package/dist/services/agent-schedule-service.js.map +1 -1
- package/dist/services/invite-service.d.ts +1 -1
- package/dist/services/invite-service.d.ts.map +1 -1
- package/dist/services/invite-service.js +6 -1
- package/dist/services/invite-service.js.map +1 -1
- package/dist/services/membership-service.d.ts +1 -1
- package/dist/services/membership-service.d.ts.map +1 -1
- package/dist/services/membership-service.js +6 -1
- package/dist/services/membership-service.js.map +1 -1
- package/dist/services/org-agent-config-service.d.ts.map +1 -1
- package/dist/services/org-agent-config-service.js +4 -7
- package/dist/services/org-agent-config-service.js.map +1 -1
- package/dist/services/org-embedding-config-service.d.ts.map +1 -1
- package/dist/services/org-embedding-config-service.js +4 -7
- package/dist/services/org-embedding-config-service.js.map +1 -1
- package/dist/services/org-mcp-server-service.d.ts.map +1 -1
- package/dist/services/org-mcp-server-service.js +4 -7
- package/dist/services/org-mcp-server-service.js.map +1 -1
- package/dist/services/org-pii-config-service.d.ts.map +1 -1
- package/dist/services/org-pii-config-service.js +4 -7
- package/dist/services/org-pii-config-service.js.map +1 -1
- package/dist/services/user-service.d.ts.map +1 -1
- package/dist/services/user-service.js +8 -11
- package/dist/services/user-service.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -3,7 +3,8 @@ export type { Database } from "./db/connection.js";
|
|
|
3
3
|
export { PrismaClient } from "@prisma/client";
|
|
4
4
|
export { createTenantClient, tenantWhere, SINGLE_TENANT_ORG_ID } from "./db/tenant.js";
|
|
5
5
|
export type { TenantContext } from "./db/tenant.js";
|
|
6
|
-
export { encryptAesGcm, decryptAesGcm, deriveKey } from "./lib/crypto.js";
|
|
6
|
+
export { encryptAesGcm, decryptAesGcm, deriveKey, deriveKeyV2 } from "./lib/crypto.js";
|
|
7
|
+
export { getAgentKeySecret, getPiiKeySecret, getEmbeddingKeySecret } from "./lib/encryption-keys.js";
|
|
7
8
|
export { verifyAuth0Jwt } from "./lib/jwt.js";
|
|
8
9
|
export type { Auth0Config, Auth0JwtPayload } from "./lib/jwt.js";
|
|
9
10
|
export * from "./types/index.js";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AACjE,YAAY,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AACvF,YAAY,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAGpD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AACjE,YAAY,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AACvF,YAAY,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAGpD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAGrG,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAGjE,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAG/C,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,YAAY,EAAE,eAAe,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,iCAAiC,CAAC;AACnH,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,YAAY,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACvF,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5E,YAAY,EAAE,oBAAoB,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AACjH,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAC3E,YAAY,EAAE,YAAY,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,sCAAsC,CAAC;AACvG,YAAY,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AAChH,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,YAAY,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,wCAAwC,CAAC;AACrG,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAC3E,YAAY,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AACjI,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAC3E,YAAY,EAAE,kBAAkB,EAAE,eAAe,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAClJ,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,YAAY,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5E,YAAY,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAC;AACpI,OAAO,EAAE,aAAa,EAAE,MAAM,mCAAmC,CAAC;AAClE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACrP,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,YAAY,EAAE,IAAI,EAAE,iBAAiB,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAC5G,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,YAAY,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,YAAY,EAAE,MAAM,EAAE,MAAM,8BAA8B,CAAC;AAG3D,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAChK,YAAY,EAAE,8BAA8B,EAAE,MAAM,sBAAsB,CAAC;AAC3E,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACpE,YAAY,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACpG,YAAY,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,YAAY,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -3,7 +3,8 @@ export { getDb, getTenantDb, closeDb } from "./db/connection.js";
|
|
|
3
3
|
export { PrismaClient } from "@prisma/client";
|
|
4
4
|
export { createTenantClient, tenantWhere, SINGLE_TENANT_ORG_ID } from "./db/tenant.js";
|
|
5
5
|
// Crypto
|
|
6
|
-
export { encryptAesGcm, decryptAesGcm, deriveKey } from "./lib/crypto.js";
|
|
6
|
+
export { encryptAesGcm, decryptAesGcm, deriveKey, deriveKeyV2 } from "./lib/crypto.js";
|
|
7
|
+
export { getAgentKeySecret, getPiiKeySecret, getEmbeddingKeySecret } from "./lib/encryption-keys.js";
|
|
7
8
|
// JWT
|
|
8
9
|
export { verifyAuth0Jwt } from "./lib/jwt.js";
|
|
9
10
|
// Types
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,WAAW;AACX,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAEjE,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAGvF,SAAS;AACT,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,WAAW;AACX,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAEjE,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAGvF,SAAS;AACT,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAErG,MAAM;AACN,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAG9C,QAAQ;AACR,cAAc,kBAAkB,CAAC;AAEjC,SAAS;AACT,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,WAAW;AACX,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAEnE,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAExE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAG3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAE/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAE3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAE3E,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAElE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAE,aAAa,EAAE,MAAM,mCAAmC,CAAC;AAElE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAErE,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAG7D,YAAY;AACZ,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAEhK,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AAEpE,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEpG,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC"}
|
|
@@ -1,62 +1,130 @@
|
|
|
1
1
|
import { describe, it, expect } from "vitest";
|
|
2
|
-
import {
|
|
2
|
+
import { randomBytes } from "node:crypto";
|
|
3
|
+
import { encryptAesGcm, decryptAesGcm, deriveKey, deriveKeyV2 } from "../crypto.js";
|
|
3
4
|
describe("crypto", () => {
|
|
4
|
-
const
|
|
5
|
-
describe("deriveKey", () => {
|
|
5
|
+
const legacyKey = deriveKey("test-secret");
|
|
6
|
+
describe("deriveKey (legacy)", () => {
|
|
6
7
|
it("returns a 32-byte buffer", () => {
|
|
7
|
-
expect(
|
|
8
|
+
expect(legacyKey.length).toBe(32);
|
|
8
9
|
});
|
|
9
10
|
it("is deterministic", () => {
|
|
10
|
-
expect(deriveKey("test-secret")).toEqual(
|
|
11
|
+
expect(deriveKey("test-secret")).toEqual(legacyKey);
|
|
11
12
|
});
|
|
12
13
|
it("produces different keys for different secrets", () => {
|
|
13
|
-
expect(deriveKey("other-secret")).not.toEqual(
|
|
14
|
+
expect(deriveKey("other-secret")).not.toEqual(legacyKey);
|
|
14
15
|
});
|
|
15
16
|
});
|
|
16
|
-
describe("
|
|
17
|
+
describe("deriveKeyV2 (PBKDF2)", () => {
|
|
18
|
+
it("returns a 32-byte buffer", () => {
|
|
19
|
+
const salt = randomBytes(16);
|
|
20
|
+
expect(deriveKeyV2("test-secret", salt).length).toBe(32);
|
|
21
|
+
});
|
|
22
|
+
it("is deterministic for same secret + salt", () => {
|
|
23
|
+
const salt = randomBytes(16);
|
|
24
|
+
expect(deriveKeyV2("test-secret", salt)).toEqual(deriveKeyV2("test-secret", salt));
|
|
25
|
+
});
|
|
26
|
+
it("produces different keys for different salts", () => {
|
|
27
|
+
const salt1 = randomBytes(16);
|
|
28
|
+
const salt2 = randomBytes(16);
|
|
29
|
+
expect(deriveKeyV2("test-secret", salt1)).not.toEqual(deriveKeyV2("test-secret", salt2));
|
|
30
|
+
});
|
|
31
|
+
it("produces different keys for different secrets", () => {
|
|
32
|
+
const salt = randomBytes(16);
|
|
33
|
+
expect(deriveKeyV2("secret-a", salt)).not.toEqual(deriveKeyV2("secret-b", salt));
|
|
34
|
+
});
|
|
35
|
+
});
|
|
36
|
+
describe("V1 format (Buffer key)", () => {
|
|
17
37
|
it("roundtrips plaintext correctly", () => {
|
|
18
38
|
const plaintext = "hello world";
|
|
19
|
-
const encrypted = encryptAesGcm(plaintext,
|
|
20
|
-
const decrypted = decryptAesGcm(encrypted,
|
|
39
|
+
const encrypted = encryptAesGcm(plaintext, legacyKey);
|
|
40
|
+
const decrypted = decryptAesGcm(encrypted, legacyKey);
|
|
21
41
|
expect(decrypted).toBe(plaintext);
|
|
22
42
|
});
|
|
23
|
-
it("produces iv:tag:ciphertext format", () => {
|
|
24
|
-
const encrypted = encryptAesGcm("test",
|
|
43
|
+
it("produces iv:tag:ciphertext format (3 parts)", () => {
|
|
44
|
+
const encrypted = encryptAesGcm("test", legacyKey);
|
|
25
45
|
const parts = encrypted.split(":");
|
|
26
46
|
expect(parts).toHaveLength(3);
|
|
27
|
-
// Each part should be valid base64
|
|
28
47
|
for (const part of parts) {
|
|
29
48
|
expect(() => Buffer.from(part, "base64")).not.toThrow();
|
|
30
49
|
}
|
|
31
50
|
});
|
|
32
51
|
it("produces different ciphertext each time (random IV)", () => {
|
|
33
|
-
const a = encryptAesGcm("same text",
|
|
34
|
-
const b = encryptAesGcm("same text",
|
|
52
|
+
const a = encryptAesGcm("same text", legacyKey);
|
|
53
|
+
const b = encryptAesGcm("same text", legacyKey);
|
|
35
54
|
expect(a).not.toBe(b);
|
|
36
|
-
|
|
37
|
-
expect(decryptAesGcm(
|
|
38
|
-
expect(decryptAesGcm(b, key)).toBe("same text");
|
|
55
|
+
expect(decryptAesGcm(a, legacyKey)).toBe("same text");
|
|
56
|
+
expect(decryptAesGcm(b, legacyKey)).toBe("same text");
|
|
39
57
|
});
|
|
40
58
|
it("fails with wrong key", () => {
|
|
41
|
-
const encrypted = encryptAesGcm("secret",
|
|
59
|
+
const encrypted = encryptAesGcm("secret", legacyKey);
|
|
42
60
|
const wrongKey = deriveKey("wrong-secret");
|
|
43
61
|
expect(() => decryptAesGcm(encrypted, wrongKey)).toThrow();
|
|
44
62
|
});
|
|
45
|
-
it("
|
|
46
|
-
const encrypted = encryptAesGcm("
|
|
63
|
+
it("handles empty string", () => {
|
|
64
|
+
const encrypted = encryptAesGcm("", legacyKey);
|
|
65
|
+
expect(decryptAesGcm(encrypted, legacyKey)).toBe("");
|
|
66
|
+
});
|
|
67
|
+
it("handles unicode", () => {
|
|
68
|
+
const plaintext = "Hello 🌍 — résumé";
|
|
69
|
+
const encrypted = encryptAesGcm(plaintext, legacyKey);
|
|
70
|
+
expect(decryptAesGcm(encrypted, plaintext === plaintext ? legacyKey : legacyKey)).toBe(plaintext);
|
|
71
|
+
});
|
|
72
|
+
});
|
|
73
|
+
describe("V2 format (string secret with PBKDF2)", () => {
|
|
74
|
+
const secret = "my-test-secret-for-v2";
|
|
75
|
+
it("roundtrips plaintext correctly", () => {
|
|
76
|
+
const encrypted = encryptAesGcm("hello world", secret);
|
|
77
|
+
const decrypted = decryptAesGcm(encrypted, secret);
|
|
78
|
+
expect(decrypted).toBe("hello world");
|
|
79
|
+
});
|
|
80
|
+
it("produces v2:salt:iv:tag:ciphertext format (5 parts)", () => {
|
|
81
|
+
const encrypted = encryptAesGcm("test", secret);
|
|
47
82
|
const parts = encrypted.split(":");
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
83
|
+
expect(parts).toHaveLength(5);
|
|
84
|
+
expect(parts[0]).toBe("v2");
|
|
85
|
+
for (const part of parts.slice(1)) {
|
|
86
|
+
expect(() => Buffer.from(part, "base64")).not.toThrow();
|
|
87
|
+
}
|
|
88
|
+
});
|
|
89
|
+
it("produces different ciphertext each time (random salt + IV)", () => {
|
|
90
|
+
const a = encryptAesGcm("same text", secret);
|
|
91
|
+
const b = encryptAesGcm("same text", secret);
|
|
92
|
+
expect(a).not.toBe(b);
|
|
93
|
+
expect(decryptAesGcm(a, secret)).toBe("same text");
|
|
94
|
+
expect(decryptAesGcm(b, secret)).toBe("same text");
|
|
95
|
+
});
|
|
96
|
+
it("fails with wrong secret", () => {
|
|
97
|
+
const encrypted = encryptAesGcm("secret", secret);
|
|
98
|
+
expect(() => decryptAesGcm(encrypted, "wrong-secret")).toThrow();
|
|
51
99
|
});
|
|
52
100
|
it("handles empty string", () => {
|
|
53
|
-
const encrypted = encryptAesGcm("",
|
|
54
|
-
expect(decryptAesGcm(encrypted,
|
|
101
|
+
const encrypted = encryptAesGcm("", secret);
|
|
102
|
+
expect(decryptAesGcm(encrypted, secret)).toBe("");
|
|
55
103
|
});
|
|
56
104
|
it("handles unicode", () => {
|
|
57
105
|
const plaintext = "Hello 🌍 — résumé";
|
|
58
|
-
const encrypted = encryptAesGcm(plaintext,
|
|
59
|
-
expect(decryptAesGcm(encrypted,
|
|
106
|
+
const encrypted = encryptAesGcm(plaintext, secret);
|
|
107
|
+
expect(decryptAesGcm(encrypted, secret)).toBe(plaintext);
|
|
108
|
+
});
|
|
109
|
+
});
|
|
110
|
+
describe("V1/V2 backwards compatibility", () => {
|
|
111
|
+
it("V1 ciphertext can be decrypted with string secret (legacy path)", () => {
|
|
112
|
+
// Encrypt with legacy Buffer key derived from "test-secret"
|
|
113
|
+
const encrypted = encryptAesGcm("legacy data", legacyKey);
|
|
114
|
+
expect(encrypted.split(":")).toHaveLength(3); // V1 format
|
|
115
|
+
// Decrypt with the same secret as a string — should use legacy SHA-256 derivation
|
|
116
|
+
const decrypted = decryptAesGcm(encrypted, "test-secret");
|
|
117
|
+
expect(decrypted).toBe("legacy data");
|
|
118
|
+
});
|
|
119
|
+
it("V2 ciphertext requires string secret, not Buffer", () => {
|
|
120
|
+
const encrypted = encryptAesGcm("v2 data", "my-secret");
|
|
121
|
+
expect(encrypted.startsWith("v2:")).toBe(true);
|
|
122
|
+
// Passing a Buffer to V2 ciphertext should throw
|
|
123
|
+
expect(() => decryptAesGcm(encrypted, legacyKey)).toThrow("V2 encrypted format requires a secret string");
|
|
124
|
+
});
|
|
125
|
+
it("rejects unknown format", () => {
|
|
126
|
+
expect(() => decryptAesGcm("a:b:c:d", "secret")).toThrow("Unknown encryption format");
|
|
127
|
+
expect(() => decryptAesGcm("a:b", "secret")).toThrow("Unknown encryption format");
|
|
60
128
|
});
|
|
61
129
|
});
|
|
62
130
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.test.js","sourceRoot":"","sources":["../../../src/lib/__tests__/crypto.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"crypto.test.js","sourceRoot":"","sources":["../../../src/lib/__tests__/crypto.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEpF,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;IACtB,MAAM,SAAS,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IAE3C,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kBAAkB,EAAE,GAAG,EAAE;YAC1B,MAAM,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YAC7B,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YAC7B,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC;QACrF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YAC9B,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YAC9B,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC;QAC3F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YAC7B,MAAM,CAAC,WAAW,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,SAAS,GAAG,aAAa,CAAC;YAChC,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YACtD,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YACtD,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC7D,MAAM,CAAC,GAAG,aAAa,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;YAChD,MAAM,CAAC,GAAG,aAAa,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;YAChD,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACtD,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,SAAS,GAAG,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,SAAS,CAAC,cAAc,CAAC,CAAC;YAC3C,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,SAAS,GAAG,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC/C,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iBAAiB,EAAE,GAAG,EAAE;YACzB,MAAM,SAAS,GAAG,mBAAmB,CAAC;YACtC,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YACtD,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACpG,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uCAAuC,EAAE,GAAG,EAAE;QACrD,MAAM,MAAM,GAAG,uBAAuB,CAAC;QAEvC,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,SAAS,GAAG,aAAa,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YACvD,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACnD,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC7D,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAChD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5B,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClC,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;YACpE,MAAM,CAAC,GAAG,aAAa,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAC7C,MAAM,CAAC,GAAG,aAAa,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAC7C,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACnD,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,SAAS,GAAG,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAClD,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,SAAS,GAAG,aAAa,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;YAC5C,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iBAAiB,EAAE,GAAG,EAAE;YACzB,MAAM,SAAS,GAAG,mBAAmB,CAAC;YACtC,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACnD,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;QAC7C,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;YACzE,4DAA4D;YAC5D,MAAM,SAAS,GAAG,aAAa,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YAC1D,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY;YAE1D,kFAAkF;YAClF,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;YAC1D,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;YACxD,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE/C,iDAAiD;YACjD,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CACvD,8CAA8C,CAC/C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;YACtF,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;QACpF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
package/dist/lib/crypto.d.ts
CHANGED
|
@@ -1,14 +1,28 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* Legacy key derivation using SHA-256.
|
|
3
|
+
* @deprecated Only used for decrypting existing v1 data. New code should pass
|
|
4
|
+
* a secret string directly to encryptAesGcm/decryptAesGcm.
|
|
3
5
|
*/
|
|
4
6
|
export declare function deriveKey(secret: string): Buffer;
|
|
7
|
+
/**
|
|
8
|
+
* Derive a 32-byte AES key using PBKDF2 (100k iterations, SHA-512).
|
|
9
|
+
*/
|
|
10
|
+
export declare function deriveKeyV2(secret: string, salt: Buffer): Buffer;
|
|
5
11
|
/**
|
|
6
12
|
* Encrypt plaintext using AES-256-GCM.
|
|
7
|
-
*
|
|
13
|
+
*
|
|
14
|
+
* - When `keyOrSecret` is a Buffer: uses the key directly (v1 format: iv:tag:ciphertext).
|
|
15
|
+
* Used by PII encryption which already has a proper random key.
|
|
16
|
+
* - When `keyOrSecret` is a string: uses PBKDF2 key derivation with random salt
|
|
17
|
+
* (v2 format: v2:salt:iv:tag:ciphertext).
|
|
8
18
|
*/
|
|
9
|
-
export declare function encryptAesGcm(plaintext: string,
|
|
19
|
+
export declare function encryptAesGcm(plaintext: string, keyOrSecret: Buffer | string): string;
|
|
10
20
|
/**
|
|
11
|
-
* Decrypt an AES-256-GCM encoded string
|
|
21
|
+
* Decrypt an AES-256-GCM encoded string.
|
|
22
|
+
*
|
|
23
|
+
* Auto-detects format:
|
|
24
|
+
* - v2:salt:iv:tag:ciphertext → PBKDF2 key derivation (requires string secret)
|
|
25
|
+
* - iv:tag:ciphertext → legacy format (accepts Buffer key or string secret via SHA-256)
|
|
12
26
|
*/
|
|
13
|
-
export declare function decryptAesGcm(encoded: string,
|
|
27
|
+
export declare function decryptAesGcm(encoded: string, keyOrSecret: Buffer | string): string;
|
|
14
28
|
//# sourceMappingURL=crypto.d.ts.map
|
package/dist/lib/crypto.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"AASA;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEhE;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAwBrF;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CA+BnF"}
|
package/dist/lib/crypto.js
CHANGED
|
@@ -1,33 +1,90 @@
|
|
|
1
|
-
import { createCipheriv, createDecipheriv, randomBytes, createHash } from "node:crypto";
|
|
1
|
+
import { createCipheriv, createDecipheriv, randomBytes, createHash, pbkdf2Sync } from "node:crypto";
|
|
2
2
|
const ALGORITHM = "aes-256-gcm";
|
|
3
3
|
const IV_LENGTH = 16;
|
|
4
|
+
const SALT_LENGTH = 16;
|
|
5
|
+
const PBKDF2_ITERATIONS = 100_000;
|
|
6
|
+
const PBKDF2_DIGEST = "sha512";
|
|
7
|
+
const V2_PREFIX = "v2";
|
|
4
8
|
/**
|
|
5
|
-
*
|
|
9
|
+
* Legacy key derivation using SHA-256.
|
|
10
|
+
* @deprecated Only used for decrypting existing v1 data. New code should pass
|
|
11
|
+
* a secret string directly to encryptAesGcm/decryptAesGcm.
|
|
6
12
|
*/
|
|
7
13
|
export function deriveKey(secret) {
|
|
8
14
|
return createHash("sha256").update(secret).digest();
|
|
9
15
|
}
|
|
16
|
+
/**
|
|
17
|
+
* Derive a 32-byte AES key using PBKDF2 (100k iterations, SHA-512).
|
|
18
|
+
*/
|
|
19
|
+
export function deriveKeyV2(secret, salt) {
|
|
20
|
+
return pbkdf2Sync(secret, salt, PBKDF2_ITERATIONS, 32, PBKDF2_DIGEST);
|
|
21
|
+
}
|
|
10
22
|
/**
|
|
11
23
|
* Encrypt plaintext using AES-256-GCM.
|
|
12
|
-
*
|
|
24
|
+
*
|
|
25
|
+
* - When `keyOrSecret` is a Buffer: uses the key directly (v1 format: iv:tag:ciphertext).
|
|
26
|
+
* Used by PII encryption which already has a proper random key.
|
|
27
|
+
* - When `keyOrSecret` is a string: uses PBKDF2 key derivation with random salt
|
|
28
|
+
* (v2 format: v2:salt:iv:tag:ciphertext).
|
|
13
29
|
*/
|
|
14
|
-
export function encryptAesGcm(plaintext,
|
|
30
|
+
export function encryptAesGcm(plaintext, keyOrSecret) {
|
|
31
|
+
if (typeof keyOrSecret === "string") {
|
|
32
|
+
// V2: PBKDF2 with per-encryption salt
|
|
33
|
+
const salt = randomBytes(SALT_LENGTH);
|
|
34
|
+
const key = deriveKeyV2(keyOrSecret, salt);
|
|
35
|
+
const iv = randomBytes(IV_LENGTH);
|
|
36
|
+
const cipher = createCipheriv(ALGORITHM, key, iv);
|
|
37
|
+
const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
|
|
38
|
+
const tag = cipher.getAuthTag();
|
|
39
|
+
return [
|
|
40
|
+
V2_PREFIX,
|
|
41
|
+
salt.toString("base64"),
|
|
42
|
+
iv.toString("base64"),
|
|
43
|
+
tag.toString("base64"),
|
|
44
|
+
encrypted.toString("base64"),
|
|
45
|
+
].join(":");
|
|
46
|
+
}
|
|
47
|
+
// V1: use Buffer key directly (PII encryption path)
|
|
15
48
|
const iv = randomBytes(IV_LENGTH);
|
|
16
|
-
const cipher = createCipheriv(ALGORITHM,
|
|
49
|
+
const cipher = createCipheriv(ALGORITHM, keyOrSecret, iv);
|
|
17
50
|
const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
|
|
18
51
|
const tag = cipher.getAuthTag();
|
|
19
52
|
return `${iv.toString("base64")}:${tag.toString("base64")}:${encrypted.toString("base64")}`;
|
|
20
53
|
}
|
|
21
54
|
/**
|
|
22
|
-
* Decrypt an AES-256-GCM encoded string
|
|
55
|
+
* Decrypt an AES-256-GCM encoded string.
|
|
56
|
+
*
|
|
57
|
+
* Auto-detects format:
|
|
58
|
+
* - v2:salt:iv:tag:ciphertext → PBKDF2 key derivation (requires string secret)
|
|
59
|
+
* - iv:tag:ciphertext → legacy format (accepts Buffer key or string secret via SHA-256)
|
|
23
60
|
*/
|
|
24
|
-
export function decryptAesGcm(encoded,
|
|
25
|
-
const
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
61
|
+
export function decryptAesGcm(encoded, keyOrSecret) {
|
|
62
|
+
const parts = encoded.split(":");
|
|
63
|
+
if (parts[0] === V2_PREFIX && parts.length === 5) {
|
|
64
|
+
// V2 format: v2:salt:iv:tag:ciphertext
|
|
65
|
+
if (typeof keyOrSecret !== "string") {
|
|
66
|
+
throw new Error("V2 encrypted format requires a secret string for decryption, not a Buffer key");
|
|
67
|
+
}
|
|
68
|
+
const salt = Buffer.from(parts[1], "base64");
|
|
69
|
+
const iv = Buffer.from(parts[2], "base64");
|
|
70
|
+
const tag = Buffer.from(parts[3], "base64");
|
|
71
|
+
const ciphertext = Buffer.from(parts[4], "base64");
|
|
72
|
+
const key = deriveKeyV2(keyOrSecret, salt);
|
|
73
|
+
const decipher = createDecipheriv(ALGORITHM, key, iv);
|
|
74
|
+
decipher.setAuthTag(tag);
|
|
75
|
+
return Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8");
|
|
76
|
+
}
|
|
77
|
+
// V1 (legacy) format: iv:tag:ciphertext
|
|
78
|
+
if (parts.length === 3) {
|
|
79
|
+
const iv = Buffer.from(parts[0], "base64");
|
|
80
|
+
const tag = Buffer.from(parts[1], "base64");
|
|
81
|
+
const ciphertext = Buffer.from(parts[2], "base64");
|
|
82
|
+
// Accept either a pre-derived Buffer key or a string secret (legacy SHA-256)
|
|
83
|
+
const key = typeof keyOrSecret === "string" ? deriveKey(keyOrSecret) : keyOrSecret;
|
|
84
|
+
const decipher = createDecipheriv(ALGORITHM, key, iv);
|
|
85
|
+
decipher.setAuthTag(tag);
|
|
86
|
+
return Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8");
|
|
87
|
+
}
|
|
88
|
+
throw new Error("Unknown encryption format");
|
|
32
89
|
}
|
|
33
90
|
//# sourceMappingURL=crypto.js.map
|
package/dist/lib/crypto.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEpG,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,WAAW,GAAG,EAAE,CAAC;AACvB,MAAM,iBAAiB,GAAG,OAAO,CAAC;AAClC,MAAM,aAAa,GAAG,QAAQ,CAAC;AAC/B,MAAM,SAAS,GAAG,IAAI,CAAC;AAEvB;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,MAAc;IACtC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,MAAc,EAAE,IAAY;IACtD,OAAO,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,iBAAiB,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC;AACxE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAAC,SAAiB,EAAE,WAA4B;IAC3E,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;QACpC,sCAAsC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,WAAW,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC3C,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACpF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAChC,OAAO;YACL,SAAS;YACT,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACvB,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACrB,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACtB,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAC7B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACd,CAAC;IAED,oDAAoD;IACpD,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;IAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACpF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;AAC9F,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,WAA4B;IACzE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEjC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,uCAAuC;QACvC,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAC;QACnG,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC5C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,WAAW,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC3C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QACtD,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACzF,CAAC;IAED,wCAAwC;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC5C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACnD,6EAA6E;QAC7E,MAAM,GAAG,GAAG,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QACnF,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QACtD,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;AAC/C,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export declare function getAgentKeySecret(): string;
|
|
2
|
+
export declare function getPiiKeySecret(): string;
|
|
3
|
+
export declare function getEmbeddingKeySecret(): string;
|
|
4
|
+
/** Reset cached secrets — for testing only. */
|
|
5
|
+
export declare function _resetKeyCache(): void;
|
|
6
|
+
//# sourceMappingURL=encryption-keys.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"encryption-keys.d.ts","sourceRoot":"","sources":["../../src/lib/encryption-keys.ts"],"names":[],"mappings":"AAsBA,wBAAgB,iBAAiB,IAAI,MAAM,CAK1C;AAED,wBAAgB,eAAe,IAAI,MAAM,CAKxC;AAED,wBAAgB,qBAAqB,IAAI,MAAM,CAK9C;AAED,+CAA+C;AAC/C,wBAAgB,cAAc,IAAI,IAAI,CAIrC"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
const MIN_SECRET_LENGTH = 16;
|
|
2
|
+
let _agentSecret;
|
|
3
|
+
let _piiSecret;
|
|
4
|
+
let _embeddingSecret;
|
|
5
|
+
function requireEnv(name) {
|
|
6
|
+
const value = process.env[name];
|
|
7
|
+
if (!value) {
|
|
8
|
+
throw new Error(`Missing required environment variable: ${name}. ` +
|
|
9
|
+
`Encryption keys must be set explicitly — no defaults are used.`);
|
|
10
|
+
}
|
|
11
|
+
if (value.length < MIN_SECRET_LENGTH) {
|
|
12
|
+
throw new Error(`${name} must be at least ${MIN_SECRET_LENGTH} characters long.`);
|
|
13
|
+
}
|
|
14
|
+
return value;
|
|
15
|
+
}
|
|
16
|
+
export function getAgentKeySecret() {
|
|
17
|
+
if (!_agentSecret) {
|
|
18
|
+
_agentSecret = requireEnv("AGENT_KEY_SECRET");
|
|
19
|
+
}
|
|
20
|
+
return _agentSecret;
|
|
21
|
+
}
|
|
22
|
+
export function getPiiKeySecret() {
|
|
23
|
+
if (!_piiSecret) {
|
|
24
|
+
_piiSecret = requireEnv("PII_KEY_SECRET");
|
|
25
|
+
}
|
|
26
|
+
return _piiSecret;
|
|
27
|
+
}
|
|
28
|
+
export function getEmbeddingKeySecret() {
|
|
29
|
+
if (!_embeddingSecret) {
|
|
30
|
+
_embeddingSecret = requireEnv("EMBEDDING_KEY_SECRET");
|
|
31
|
+
}
|
|
32
|
+
return _embeddingSecret;
|
|
33
|
+
}
|
|
34
|
+
/** Reset cached secrets — for testing only. */
|
|
35
|
+
export function _resetKeyCache() {
|
|
36
|
+
_agentSecret = undefined;
|
|
37
|
+
_piiSecret = undefined;
|
|
38
|
+
_embeddingSecret = undefined;
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=encryption-keys.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"encryption-keys.js","sourceRoot":"","sources":["../../src/lib/encryption-keys.ts"],"names":[],"mappings":"AAAA,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAE7B,IAAI,YAAgC,CAAC;AACrC,IAAI,UAA8B,CAAC;AACnC,IAAI,gBAAoC,CAAC;AAEzC,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,0CAA0C,IAAI,IAAI;YAClD,gEAAgE,CACjE,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,GAAG,iBAAiB,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,qBAAqB,iBAAiB,mBAAmB,CACjE,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,UAAU,CAAC,kBAAkB,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,UAAU,GAAG,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,gBAAgB,GAAG,UAAU,CAAC,sBAAsB,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,+CAA+C;AAC/C,MAAM,UAAU,cAAc;IAC5B,YAAY,GAAG,SAAS,CAAC;IACzB,UAAU,GAAG,SAAS,CAAC;IACvB,gBAAgB,GAAG,SAAS,CAAC;AAC/B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-schedule-service.d.ts","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"agent-schedule-service.d.ts","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAiBnD,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;IAC7B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,qBAAa,oBAAoB;IACnB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,MAAM,CACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,wBAAwB,EAC/B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,mBAAmB,CAAC;IAoBzB,MAAM,CACV,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,wBAAwB,GAC9B,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAsBhC,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW5D,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAQhF,IAAI,CACR,cAAc,EAAE,MAAM,EACtB,IAAI,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE,GAC3B,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAW3B,UAAU,CACd,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAYhC,aAAa,CACjB,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC;IAOV,aAAa,CACjB,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC;IAUV,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IASpF,OAAO,CAAC,QAAQ;CAoBjB"}
|
|
@@ -1,14 +1,11 @@
|
|
|
1
1
|
import { createHash } from "node:crypto";
|
|
2
|
-
import { encryptAesGcm, decryptAesGcm
|
|
3
|
-
|
|
4
|
-
const secret = process.env.AGENT_KEY_SECRET ?? "apart-default-agent-key-secret-change-me";
|
|
5
|
-
return deriveKey(secret);
|
|
6
|
-
}
|
|
2
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
3
|
+
import { getAgentKeySecret } from "../lib/encryption-keys.js";
|
|
7
4
|
function encrypt(plaintext) {
|
|
8
|
-
return encryptAesGcm(plaintext,
|
|
5
|
+
return encryptAesGcm(plaintext, getAgentKeySecret());
|
|
9
6
|
}
|
|
10
7
|
function decrypt(encoded) {
|
|
11
|
-
return decryptAesGcm(encoded,
|
|
8
|
+
return decryptAesGcm(encoded, getAgentKeySecret());
|
|
12
9
|
}
|
|
13
10
|
function hashApiKey(rawKey) {
|
|
14
11
|
return createHash("sha256").update(rawKey).digest("hex");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-schedule-service.js","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"agent-schedule-service.js","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,SAAS,OAAO,CAAC,SAAiB;IAChC,OAAO,aAAa,CAAC,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC9B,OAAO,aAAa,CAAC,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC3D,CAAC;AA2CD,MAAM,OAAO,oBAAoB;IACX;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,MAAM,CACV,cAAsB,EACtB,KAA+B,EAC/B,SAAiB,EACjB,SAAiB;QAEjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;YAClD,IAAI,EAAE;gBACJ,cAAc;gBACd,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,EAAE;gBACpC,cAAc,EAAE,KAAK,CAAC,cAAc;gBACpC,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,KAAK;gBACjC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,YAAY;gBAC1C,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,QAAQ;gBAC9B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;gBAClC,eAAe,EAAE,OAAO,CAAC,SAAS,CAAC;gBACnC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;gBACjC,SAAS;aACV;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,EAAU,EACV,cAAsB,EACtB,KAA+B;QAE/B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;gBAClD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;gBAC7B,IAAI,EAAE;oBACJ,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACzD,GAAG,CAAC,KAAK,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC9E,GAAG,CAAC,KAAK,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvF,GAAG,CAAC,KAAK,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACrE,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxE,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC/D,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5D,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxE,SAAS,EAAE,IAAI,IAAI,EAAE;iBACtB;aACF,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,cAAsB;QAC7C,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;gBACjC,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;aAC9B,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EAAU,EAAE,cAAsB;QAC9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC;YACrD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;SAC9B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3B,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,IAAI,CACR,cAAsB,EACtB,IAA4B;QAE5B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC;YACrD,KAAK,EAAE;gBACL,cAAc;gBACd,GAAG,CAAC,IAAI,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAClE;YACD,OAAO,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE;SAC/B,CAAC,CAAC;QACH,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,UAAU,CACd,EAAU,EACV,cAAsB,EACtB,OAAgB;QAEhB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;gBAClD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;gBAC7B,IAAI,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;aACzC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,EAAU,EACV,cAAsB,EACtB,UAAkB;QAElB,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;YACjC,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;YAC7B,IAAI,EAAE,EAAE,UAAU,EAAE;SACrB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,EAAU,EACV,cAAsB,EACtB,KAAa;QAEb,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;YACjC,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;YAC7B,IAAI,EAAE;gBACJ,eAAe,EAAE,IAAI,IAAI,EAAE;gBAC3B,SAAS,EAAE,KAAK;aACjB;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU,EAAE,cAAsB;QACzD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC;YACrD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;YAC7B,MAAM,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE;SAClC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3B,OAAO,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IAC3C,CAAC;IAEO,QAAQ,CAAC,QAAa;QAC5B,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,cAAc,EAAE,QAAQ,CAAC,cAAc;YACvC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,eAAe,EAAE,QAAQ,CAAC,eAAe;YACzC,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;SAC9B,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -7,6 +7,6 @@ export declare class InviteService {
|
|
|
7
7
|
getByToken(token: string): Promise<Invite | null>;
|
|
8
8
|
listByOrg(organizationId: string): Promise<Invite[]>;
|
|
9
9
|
accept(token: string, userId: string): Promise<Invite>;
|
|
10
|
-
revoke(id: string): Promise<Invite>;
|
|
10
|
+
revoke(id: string, organizationId: string): Promise<Invite>;
|
|
11
11
|
}
|
|
12
12
|
//# sourceMappingURL=invite-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"invite-service.d.ts","sourceRoot":"","sources":["../../src/services/invite-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAE3D,YAAY,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAI7C,qBAAa,aAAa;IACZ,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,MAAM,CACV,KAAK,EAAE,MAAM,EACb,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;IAgBZ,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAIjD,SAAS,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAOpD,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwBtD,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"invite-service.d.ts","sourceRoot":"","sources":["../../src/services/invite-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAE3D,YAAY,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAI7C,qBAAa,aAAa;IACZ,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,MAAM,CACV,KAAK,EAAE,MAAM,EACb,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;IAgBZ,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAIjD,SAAS,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAOpD,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwBtD,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAUlE"}
|
|
@@ -52,7 +52,12 @@ export class InviteService {
|
|
|
52
52
|
]);
|
|
53
53
|
return updated;
|
|
54
54
|
}
|
|
55
|
-
async revoke(id) {
|
|
55
|
+
async revoke(id, organizationId) {
|
|
56
|
+
const invite = await this.db.invite.findFirst({
|
|
57
|
+
where: { id, organizationId, status: "pending" },
|
|
58
|
+
});
|
|
59
|
+
if (!invite)
|
|
60
|
+
throw new Error("Invite not found");
|
|
56
61
|
return this.db.invite.update({
|
|
57
62
|
where: { id },
|
|
58
63
|
data: { status: "revoked" },
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"invite-service.js","sourceRoot":"","sources":["../../src/services/invite-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAKrC,MAAM,eAAe,GAAG,CAAC,CAAC;AAE1B,MAAM,OAAO,aAAa;IACJ;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,MAAM,CACV,KAAa,EACb,cAAsB,EACtB,IAAY,EACZ,SAAiB;QAEjB,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE/E,OAAO,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;YAC3B,IAAI,EAAE;gBACJ,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;gBAC1B,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,SAAS;gBACT,SAAS;aACV;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAa;QAC5B,OAAO,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,cAAsB;QACpC,OAAO,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;YAC7B,KAAK,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,SAAS,EAAE;YAC5C,OAAO,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAAc;QACxC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACjD,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACxE,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAErE,8DAA8D;QAC9D,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC;YAC3C,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;gBACpB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE;gBACxB,IAAI,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE;aAC7B,CAAC;YACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;gBACxB,IAAI,EAAE;oBACJ,MAAM;oBACN,cAAc,EAAE,MAAM,CAAC,cAAc;oBACrC,IAAI,EAAE,MAAM,CAAC,IAAI;iBAClB;aACF,CAAC;SACH,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU;
|
|
1
|
+
{"version":3,"file":"invite-service.js","sourceRoot":"","sources":["../../src/services/invite-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAKrC,MAAM,eAAe,GAAG,CAAC,CAAC;AAE1B,MAAM,OAAO,aAAa;IACJ;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,MAAM,CACV,KAAa,EACb,cAAsB,EACtB,IAAY,EACZ,SAAiB;QAEjB,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE/E,OAAO,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;YAC3B,IAAI,EAAE;gBACJ,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;gBAC1B,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,SAAS;gBACT,SAAS;aACV;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAa;QAC5B,OAAO,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,cAAsB;QACpC,OAAO,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;YAC7B,KAAK,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,SAAS,EAAE;YAC5C,OAAO,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAAc;QACxC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACjD,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACxE,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAErE,8DAA8D;QAC9D,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC;YAC3C,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;gBACpB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE;gBACxB,IAAI,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE;aAC7B,CAAC;YACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;gBACxB,IAAI,EAAE;oBACJ,MAAM;oBACN,cAAc,EAAE,MAAM,CAAC,cAAc;oBACrC,IAAI,EAAE,MAAM,CAAC,IAAI;iBAClB;aACF,CAAC;SACH,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,cAAsB;QAC7C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC;YAC5C,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,SAAS,EAAE;SACjD,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;YAC3B,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,IAAI,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;SAC5B,CAAC,CAAC;IACL,CAAC;CACF"}
|
|
@@ -12,7 +12,7 @@ export declare class MembershipService {
|
|
|
12
12
|
findByUserAndOrg(userId: string, organizationId: string): Promise<Membership | null>;
|
|
13
13
|
listByUser(userId: string): Promise<MembershipWithOrg[]>;
|
|
14
14
|
listByOrg(organizationId: string): Promise<MembershipWithUser[]>;
|
|
15
|
-
updateRole(id: string, role: string): Promise<Membership>;
|
|
15
|
+
updateRole(id: string, organizationId: string, role: string): Promise<Membership>;
|
|
16
16
|
remove(id: string): Promise<void>;
|
|
17
17
|
countOwners(organizationId: string): Promise<number>;
|
|
18
18
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"membership-service.d.ts","sourceRoot":"","sources":["../../src/services/membership-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnF,MAAM,MAAM,kBAAkB,GAAG,UAAU,GAAG;IAAE,IAAI,EAAE,IAAI,CAAA;CAAE,CAAC;AAC7D,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG;IAAE,YAAY,EAAE,YAAY,CAAA;CAAE,CAAC;AAE5E,qBAAa,iBAAiB;IAChB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,IAAI,GAAE,MAAiB,GAAG,OAAO,CAAC,UAAU,CAAC;IAM5F,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAMpF,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAOxD,SAAS,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAOhE,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"membership-service.d.ts","sourceRoot":"","sources":["../../src/services/membership-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnF,MAAM,MAAM,kBAAkB,GAAG,UAAU,GAAG;IAAE,IAAI,EAAE,IAAI,CAAA;CAAE,CAAC;AAC7D,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG;IAAE,YAAY,EAAE,YAAY,CAAA;CAAE,CAAC;AAE5E,qBAAa,iBAAiB;IAChB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,IAAI,GAAE,MAAiB,GAAG,OAAO,CAAC,UAAU,CAAC;IAM5F,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAMpF,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAOxD,SAAS,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAOhE,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAWjF,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjC,WAAW,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAK3D"}
|
|
@@ -25,7 +25,12 @@ export class MembershipService {
|
|
|
25
25
|
include: { user: true },
|
|
26
26
|
});
|
|
27
27
|
}
|
|
28
|
-
async updateRole(id, role) {
|
|
28
|
+
async updateRole(id, organizationId, role) {
|
|
29
|
+
const membership = await this.db.membership.findFirst({
|
|
30
|
+
where: { id, organizationId },
|
|
31
|
+
});
|
|
32
|
+
if (!membership)
|
|
33
|
+
throw new Error("Membership not found");
|
|
29
34
|
return this.db.membership.update({
|
|
30
35
|
where: { id },
|
|
31
36
|
data: { role },
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"membership-service.js","sourceRoot":"","sources":["../../src/services/membership-service.ts"],"names":[],"mappings":"AAKA,MAAM,OAAO,iBAAiB;IACR;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,cAAsB,EAAE,OAAe,QAAQ;QAC1E,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;YAC/B,IAAI,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE;SACvC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,MAAc,EAAE,cAAsB;QAC3D,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;YACnC,KAAK,EAAE,EAAE,qBAAqB,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,EAAE;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAc;QAC7B,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YACjC,KAAK,EAAE,EAAE,MAAM,EAAE;YACjB,OAAO,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,cAAsB;QACpC,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YACjC,KAAK,EAAE,EAAE,cAAc,EAAE;YACzB,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;SACxB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,EAAU,EAAE,IAAY;
|
|
1
|
+
{"version":3,"file":"membership-service.js","sourceRoot":"","sources":["../../src/services/membership-service.ts"],"names":[],"mappings":"AAKA,MAAM,OAAO,iBAAiB;IACR;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,cAAsB,EAAE,OAAe,QAAQ;QAC1E,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;YAC/B,IAAI,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE;SACvC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,MAAc,EAAE,cAAsB;QAC3D,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;YACnC,KAAK,EAAE,EAAE,qBAAqB,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,EAAE;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAc;QAC7B,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YACjC,KAAK,EAAE,EAAE,MAAM,EAAE;YACjB,OAAO,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,cAAsB;QACpC,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YACjC,KAAK,EAAE,EAAE,cAAc,EAAE;YACzB,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;SACxB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,EAAU,EAAE,cAAsB,EAAE,IAAY;QAC/D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;YACpD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;SAC9B,CAAC,CAAC;QACH,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;YAC/B,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,IAAI,EAAE,EAAE,IAAI,EAAE;SACf,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,MAAM,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,cAAsB;QACtC,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC;YAC9B,KAAK,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE;SACzC,CAAC,CAAC;IACL,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-agent-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-agent-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"org-agent-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-agent-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAYnD,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,qBAAqB;IACpB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,GAAG,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAe3D,WAAW,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IA2B3E,GAAG,CACP,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE;QACL,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,cAAc,CAAC;IAkCpB,MAAM,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAQvD"}
|
|
@@ -1,13 +1,10 @@
|
|
|
1
|
-
import { encryptAesGcm, decryptAesGcm
|
|
2
|
-
|
|
3
|
-
const secret = process.env.AGENT_KEY_SECRET ?? "apart-default-agent-key-secret-change-me";
|
|
4
|
-
return deriveKey(secret);
|
|
5
|
-
}
|
|
1
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
2
|
+
import { getAgentKeySecret } from "../lib/encryption-keys.js";
|
|
6
3
|
function encrypt(plaintext) {
|
|
7
|
-
return encryptAesGcm(plaintext,
|
|
4
|
+
return encryptAesGcm(plaintext, getAgentKeySecret());
|
|
8
5
|
}
|
|
9
6
|
function decrypt(encoded) {
|
|
10
|
-
return decryptAesGcm(encoded,
|
|
7
|
+
return decryptAesGcm(encoded, getAgentKeySecret());
|
|
11
8
|
}
|
|
12
9
|
export class OrgAgentConfigService {
|
|
13
10
|
db;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-agent-config-service.js","sourceRoot":"","sources":["../../src/services/org-agent-config-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"org-agent-config-service.js","sourceRoot":"","sources":["../../src/services/org-agent-config-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,SAAS,OAAO,CAAC,SAAiB;IAChC,OAAO,aAAa,CAAC,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC9B,OAAO,aAAa,CAAC,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACrD,CAAC;AAgBD,MAAM,OAAO,qBAAqB;IACZ;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,GAAG,CAAC,cAAsB;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC;YACrD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;YAC3C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,cAAsB;QACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC;YACrD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,oDAAoD;QACpD,MAAM,SAAS,GAAG,MAAM,CAAC,kBAAkB;YACzC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC;YACpC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;QAE5B,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,oGAAoG,CAAC,CAAC;QACxH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;YAC3C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC;YACnD,SAAS;YACT,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,GAAG,CACP,cAAsB,EACtB,KAOC;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACpD,MAAM,YAAY,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACvE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC;YACjD,KAAK,EAAE,EAAE,cAAc,EAAE;YACzB,MAAM,EAAE;gBACN,cAAc;gBACd,qBAAqB,EAAE,eAAe;gBACtC,kBAAkB,EAAE,YAAY;gBAChC,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,QAAQ;gBAC9B,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,EAAE;gBAC1C,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,EAAE;gBAChD,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;YACD,MAAM,EAAE;gBACN,qBAAqB,EAAE,eAAe;gBACtC,kBAAkB,EAAE,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;gBACzE,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,SAAS;gBAC/B,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,SAAS;gBACjD,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,SAAS;gBACvD,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;SACF,CAAC,CAAC;QACH,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;YAC3C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAAsB;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-embedding-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-embedding-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"org-embedding-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-embedding-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAYnD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,yBAA0B,SAAQ,kBAAkB;IACnE,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,yBAAyB;IACxB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,GAAG,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAc/D,UAAU,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,GAAG,IAAI,CAAC;IAe7E,GAAG,CACP,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GACjG,OAAO,CAAC,kBAAkB,CAAC;IA8BxB,MAAM,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAQvD"}
|
|
@@ -1,13 +1,10 @@
|
|
|
1
|
-
import { encryptAesGcm, decryptAesGcm
|
|
2
|
-
|
|
3
|
-
const secret = process.env.EMBEDDING_KEY_SECRET ?? "apart-default-embedding-key-secret-change-me";
|
|
4
|
-
return deriveKey(secret);
|
|
5
|
-
}
|
|
1
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
2
|
+
import { getEmbeddingKeySecret } from "../lib/encryption-keys.js";
|
|
6
3
|
function encrypt(plaintext) {
|
|
7
|
-
return encryptAesGcm(plaintext,
|
|
4
|
+
return encryptAesGcm(plaintext, getEmbeddingKeySecret());
|
|
8
5
|
}
|
|
9
6
|
function decrypt(encoded) {
|
|
10
|
-
return decryptAesGcm(encoded,
|
|
7
|
+
return decryptAesGcm(encoded, getEmbeddingKeySecret());
|
|
11
8
|
}
|
|
12
9
|
export class OrgEmbeddingConfigService {
|
|
13
10
|
db;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-embedding-config-service.js","sourceRoot":"","sources":["../../src/services/org-embedding-config-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"org-embedding-config-service.js","sourceRoot":"","sources":["../../src/services/org-embedding-config-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE,SAAS,OAAO,CAAC,SAAiB;IAChC,OAAO,aAAa,CAAC,SAAS,EAAE,qBAAqB,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC9B,OAAO,aAAa,CAAC,OAAO,EAAE,qBAAqB,EAAE,CAAC,CAAC;AACzD,CAAC;AAcD,MAAM,OAAO,yBAAyB;IAChB;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,GAAG,CAAC,cAAsB;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,kBAAkB,CAAC,UAAU,CAAC;YACzD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,cAAsB;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,kBAAkB,CAAC,UAAU,CAAC;YACzD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC;YACvC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,GAAG,CACP,cAAsB,EACtB,KAAkG;QAElG,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC;YACrD,KAAK,EAAE,EAAE,cAAc,EAAE;YACzB,MAAM,EAAE;gBACN,cAAc;gBACd,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,eAAe,EAAE,SAAS;gBAC1B,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;YACD,MAAM,EAAE;gBACN,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,eAAe,EAAE,SAAS;gBAC1B,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;SACF,CAAC,CAAC;QACH,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAAsB;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;YACvE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-mcp-server-service.d.ts","sourceRoot":"","sources":["../../src/services/org-mcp-server-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"org-mcp-server-service.d.ts","sourceRoot":"","sources":["../../src/services/org-mcp-server-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAYnD,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC7B;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AA2BD,qBAAa,mBAAmB;IAClB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,IAAI,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAQ3D,SAAS,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAOnF,MAAM,CACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC;IAuBxB,MAAM,CACV,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC;IAkBxB,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW9D,eAAe,CAAC,cAAc,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;CA8B7F"}
|
|
@@ -1,13 +1,10 @@
|
|
|
1
|
-
import { encryptAesGcm, decryptAesGcm
|
|
2
|
-
|
|
3
|
-
const secret = process.env.AGENT_KEY_SECRET ?? "apart-default-agent-key-secret-change-me";
|
|
4
|
-
return deriveKey(secret);
|
|
5
|
-
}
|
|
1
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
2
|
+
import { getAgentKeySecret } from "../lib/encryption-keys.js";
|
|
6
3
|
function encrypt(plaintext) {
|
|
7
|
-
return encryptAesGcm(plaintext,
|
|
4
|
+
return encryptAesGcm(plaintext, getAgentKeySecret());
|
|
8
5
|
}
|
|
9
6
|
function decrypt(encoded) {
|
|
10
|
-
return decryptAesGcm(encoded,
|
|
7
|
+
return decryptAesGcm(encoded, getAgentKeySecret());
|
|
11
8
|
}
|
|
12
9
|
const NAME_REGEX = /^[a-z][a-z0-9-]*$/;
|
|
13
10
|
function toRecord(row) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-mcp-server-service.js","sourceRoot":"","sources":["../../src/services/org-mcp-server-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"org-mcp-server-service.js","sourceRoot":"","sources":["../../src/services/org-mcp-server-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,SAAS,OAAO,CAAC,SAAiB;IAChC,OAAO,aAAa,CAAC,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC9B,OAAO,aAAa,CAAC,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACrD,CAAC;AAoCD,MAAM,UAAU,GAAG,mBAAmB,CAAC;AAEvC,SAAS,QAAQ,CAAC,GAAQ;IACxB,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;YACxD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,IAAI,EAAE,GAAG,CAAC,IAAgB;QAC1B,OAAO;QACP,UAAU,EAAE,GAAG,CAAC,UAAsB;QACtC,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,mBAAmB;IACV;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,IAAI,CAAC,cAAsB;QAC/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;YAC/C,KAAK,EAAE,EAAE,cAAc,EAAE;YACzB,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;SACzB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,cAAsB,EAAE,IAAY;QAClD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC;YAChD,KAAK,EAAE,EAAE,mBAAmB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE;SACzD,CAAC,CAAC;QACH,OAAO,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,cAAsB,EACtB,KAA8B;QAE9B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,sFAAsF,CAAC,CAAC;QAC1G,CAAC;QAED,MAAM,YAAY,GAAG,KAAK,CAAC,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC;YACjE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC,CAAC,IAAI,CAAC;QAET,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC5C,IAAI,EAAE;gBACJ,cAAc;gBACd,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,KAAK;gBAC/B,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,YAAY;gBACZ,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE;gBAClC,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B;SACF,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,MAAM,CACV,cAAsB,EACtB,IAAY,EACZ,KAA8B;QAE9B,MAAM,IAAI,GAAwB,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;QAC5D,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS;YAAE,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9D,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS;YAAE,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QACrD,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC5B,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC;gBACnD,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACpC,CAAC,CAAC,IAAI,CAAC;QACX,CAAC;QACD,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS;YAAE,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;QAEvE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC5C,KAAK,EAAE,EAAE,mBAAmB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE;YACxD,IAAI;SACL,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAAsB,EAAE,IAAY;QAC/C,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;gBAChC,KAAK,EAAE,EAAE,mBAAmB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE;aACzD,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,cAAsB,EAAE,SAAiB;QAC7D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;YAC/C,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QAEH,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,GAAG,CAAC,UAAsB,CAAC;YACzC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAAE,SAAS;YAE7D,IAAI,GAAG,GAA2B,EAAE,CAAC;YACrC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;gBACrB,IAAI,CAAC;oBACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC9C,CAAC;gBAAC,MAAM,CAAC;oBACP,uCAAuC;oBACvC,SAAS;gBACX,CAAC;YACH,CAAC;YAED,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAgB;gBAC1B,GAAG;aACJ,CAAC,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-pii-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-pii-config-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"org-pii-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-pii-config-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAYnD,MAAM,MAAM,OAAO,GAAG,SAAS,GAAG,aAAa,GAAG,UAAU,CAAC;AAE7D,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,CAAC;IACd,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAoB,SAAQ,YAAY;IACvD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,mBAAmB;IAClB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,GAAG,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAczD,UAAU,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAevE,GAAG,CACP,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE;QACL,IAAI,EAAE,OAAO,CAAC;QACd,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,YAAY,CAAC;IAsClB,MAAM,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAStD;;OAEG;IACH,WAAW,IAAI,MAAM;CAGtB"}
|
|
@@ -1,14 +1,11 @@
|
|
|
1
1
|
import { randomBytes } from "node:crypto";
|
|
2
|
-
import { encryptAesGcm, decryptAesGcm
|
|
3
|
-
|
|
4
|
-
const secret = process.env.PII_KEY_SECRET ?? "apart-default-pii-key-secret-change-me";
|
|
5
|
-
return deriveKey(secret);
|
|
6
|
-
}
|
|
2
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
3
|
+
import { getPiiKeySecret } from "../lib/encryption-keys.js";
|
|
7
4
|
function encryptPiiKey(plaintext) {
|
|
8
|
-
return encryptAesGcm(plaintext,
|
|
5
|
+
return encryptAesGcm(plaintext, getPiiKeySecret());
|
|
9
6
|
}
|
|
10
7
|
function decryptPiiKey(encoded) {
|
|
11
|
-
return decryptAesGcm(encoded,
|
|
8
|
+
return decryptAesGcm(encoded, getPiiKeySecret());
|
|
12
9
|
}
|
|
13
10
|
export class OrgPiiConfigService {
|
|
14
11
|
db;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-pii-config-service.js","sourceRoot":"","sources":["../../src/services/org-pii-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"org-pii-config-service.js","sourceRoot":"","sources":["../../src/services/org-pii-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAE5D,SAAS,aAAa,CAAC,SAAiB;IACtC,OAAO,aAAa,CAAC,SAAS,EAAE,eAAe,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,aAAa,CAAC,OAAe;IACpC,OAAO,aAAa,CAAC,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC;AACnD,CAAC;AAgBD,MAAM,OAAO,mBAAmB;IACV;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,GAAG,CAAC,cAAsB;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC;YACnD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAe;YAC5B,eAAe,EAAE,MAAM,CAAC,eAA2B;YACnD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,cAAsB;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC;YACnD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAe;YAC5B,eAAe,EAAE,MAAM,CAAC,eAA2B;YACnD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC;YACjE,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,GAAG,CACP,cAAsB,EACtB,KAKC;QAED,0DAA0D;QAC1D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC;YACrD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QAEH,MAAM,eAAe,GAAG,QAAQ;YAC9B,CAAC,CAAC,QAAQ,CAAC,eAAe;YAC1B,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC/C,KAAK,EAAE,EAAE,cAAc,EAAE;YACzB,MAAM,EAAE;gBACN,cAAc;gBACd,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,eAAe;gBACf,eAAe,EAAE,CAAC,KAAK,CAAC,eAAe,IAAI,EAAE,CAA8D;gBAC3G,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,KAAK;gBACvC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;YACD,MAAM,EAAE;gBACN,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,eAAe,EAAE,CAAC,KAAK,CAAC,eAAe,IAAI,QAAQ,EAAE,eAAe,IAAI,EAAE,CAA8D;gBACxI,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,QAAQ,EAAE,WAAW,IAAI,KAAK;gBAChE,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;SACF,CAAC,CAAC;QAEH,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAe;YAC5B,eAAe,EAAE,MAAM,CAAC,eAA2B;YACnD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAAsB;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;YACjE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;IACzB,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-service.d.ts","sourceRoot":"","sources":["../../src/services/user-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"user-service.d.ts","sourceRoot":"","sources":["../../src/services/user-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAInF,YAAY,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAE3C,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG;IAAE,YAAY,EAAE,YAAY,CAAA;CAAE,CAAC;AAE5E,qBAAa,WAAW;IACV,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,sBAAsB,CAC1B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC;IAsBV,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAIzC,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAIrD,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAO5D,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQjE,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAStD,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOhD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQvE,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAS5D,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAStD,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAQrE,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAU7D,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAMxD;AAID,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;CAChD"}
|
|
@@ -1,8 +1,5 @@
|
|
|
1
|
-
import { encryptAesGcm, decryptAesGcm
|
|
2
|
-
|
|
3
|
-
const secret = process.env.AGENT_KEY_SECRET ?? "apart-default-agent-key-secret-change-me";
|
|
4
|
-
return deriveKey(secret);
|
|
5
|
-
}
|
|
1
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
2
|
+
import { getAgentKeySecret } from "../lib/encryption-keys.js";
|
|
6
3
|
export class UserService {
|
|
7
4
|
db;
|
|
8
5
|
constructor(db) {
|
|
@@ -41,7 +38,7 @@ export class UserService {
|
|
|
41
38
|
});
|
|
42
39
|
}
|
|
43
40
|
async setClaudeToken(userId, plainToken) {
|
|
44
|
-
const encrypted = encryptAesGcm(plainToken,
|
|
41
|
+
const encrypted = encryptAesGcm(plainToken, getAgentKeySecret());
|
|
45
42
|
await this.db.user.update({
|
|
46
43
|
where: { id: userId },
|
|
47
44
|
data: { claudeOauthTokenEncrypted: encrypted, updatedAt: new Date() },
|
|
@@ -54,7 +51,7 @@ export class UserService {
|
|
|
54
51
|
});
|
|
55
52
|
if (!user?.claudeOauthTokenEncrypted)
|
|
56
53
|
return null;
|
|
57
|
-
return decryptAesGcm(user.claudeOauthTokenEncrypted,
|
|
54
|
+
return decryptAesGcm(user.claudeOauthTokenEncrypted, getAgentKeySecret());
|
|
58
55
|
}
|
|
59
56
|
async deleteClaudeToken(userId) {
|
|
60
57
|
await this.db.user.update({
|
|
@@ -63,7 +60,7 @@ export class UserService {
|
|
|
63
60
|
});
|
|
64
61
|
}
|
|
65
62
|
async setApartRefreshToken(userId, plainToken) {
|
|
66
|
-
const encrypted = encryptAesGcm(plainToken,
|
|
63
|
+
const encrypted = encryptAesGcm(plainToken, getAgentKeySecret());
|
|
67
64
|
await this.db.user.update({
|
|
68
65
|
where: { id: userId },
|
|
69
66
|
data: { apartRefreshTokenEncrypted: encrypted, updatedAt: new Date() },
|
|
@@ -76,7 +73,7 @@ export class UserService {
|
|
|
76
73
|
});
|
|
77
74
|
if (!user?.apartRefreshTokenEncrypted)
|
|
78
75
|
return null;
|
|
79
|
-
return decryptAesGcm(user.apartRefreshTokenEncrypted,
|
|
76
|
+
return decryptAesGcm(user.apartRefreshTokenEncrypted, getAgentKeySecret());
|
|
80
77
|
}
|
|
81
78
|
async deleteApartRefreshToken(userId) {
|
|
82
79
|
await this.db.user.update({
|
|
@@ -86,7 +83,7 @@ export class UserService {
|
|
|
86
83
|
}
|
|
87
84
|
// ── Agent secrets (encrypted JSON blob) ──────────────────────────────────
|
|
88
85
|
async setAgentSecrets(userId, secrets) {
|
|
89
|
-
const encrypted = encryptAesGcm(JSON.stringify(secrets),
|
|
86
|
+
const encrypted = encryptAesGcm(JSON.stringify(secrets), getAgentKeySecret());
|
|
90
87
|
await this.db.user.update({
|
|
91
88
|
where: { id: userId },
|
|
92
89
|
data: { agentSecretsEncrypted: encrypted, updatedAt: new Date() },
|
|
@@ -99,7 +96,7 @@ export class UserService {
|
|
|
99
96
|
});
|
|
100
97
|
if (!user?.agentSecretsEncrypted)
|
|
101
98
|
return null;
|
|
102
|
-
const json = decryptAesGcm(user.agentSecretsEncrypted,
|
|
99
|
+
const json = decryptAesGcm(user.agentSecretsEncrypted, getAgentKeySecret());
|
|
103
100
|
return JSON.parse(json);
|
|
104
101
|
}
|
|
105
102
|
async deleteAgentSecrets(userId) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-service.js","sourceRoot":"","sources":["../../src/services/user-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"user-service.js","sourceRoot":"","sources":["../../src/services/user-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAM9D,MAAM,OAAO,WAAW;IACF;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,sBAAsB,CAC1B,QAAgB,EAChB,KAAa,EACb,IAAa;QAEb,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QACxE,IAAI,QAAQ,EAAE,CAAC;YACb,+BAA+B;YAC/B,IAAI,QAAQ,CAAC,KAAK,KAAK,KAAK,IAAI,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;gBACjE,OAAO,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;oBACzB,KAAK,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE;oBAC1B,IAAI,EAAE;wBACJ,KAAK;wBACL,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACzB,SAAS,EAAE,IAAI,IAAI,EAAE;qBACtB;iBACF,CAAC,CAAC;YACL,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,OAAO,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACzB,IAAI,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EAAU;QACtB,OAAO,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YACjC,KAAK,EAAE,EAAE,MAAM,EAAE;YACjB,OAAO,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,UAAkB;QACrD,MAAM,SAAS,GAAG,aAAa,CAAC,UAAU,EAAE,iBAAiB,EAAE,CAAC,CAAC;QACjE,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,yBAAyB,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SACtE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;YACzC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,yBAAyB,EAAE,IAAI,EAAE;SAC5C,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,yBAAyB;YAAE,OAAO,IAAI,CAAC;QAClD,OAAO,aAAa,CAAC,IAAI,CAAC,yBAAyB,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,MAAc;QACpC,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,yBAAyB,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SACjE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,MAAc,EAAE,UAAkB;QAC3D,MAAM,SAAS,GAAG,aAAa,CAAC,UAAU,EAAE,iBAAiB,EAAE,CAAC,CAAC;QACjE,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,0BAA0B,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SACvE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,MAAc;QACvC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;YACzC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,0BAA0B,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,0BAA0B;YAAE,OAAO,IAAI,CAAC;QACnD,OAAO,aAAa,CAAC,IAAI,CAAC,0BAA0B,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,MAAc;QAC1C,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,0BAA0B,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SAClE,CAAC,CAAC;IACL,CAAC;IAED,4EAA4E;IAE5E,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,OAAqB;QACzD,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC9E,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,qBAAqB,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SAClE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;YACzC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE;SACxC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,qBAAqB;YAAE,OAAO,IAAI,CAAC;QAC9C,MAAM,IAAI,GAAG,aAAa,CAAC,IAAI,CAAC,qBAAqB,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,MAAc;QACrC,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SAC7D,CAAC,CAAC;IACL,CAAC;CACF"}
|