@atproto/pds 0.4.34 → 0.4.36
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGELOG.md +17 -0
- package/dist/account-manager/db/migrations/004-oauth.d.ts +4 -0
- package/dist/account-manager/db/migrations/004-oauth.d.ts.map +1 -0
- package/dist/account-manager/db/migrations/004-oauth.js +106 -0
- package/dist/account-manager/db/migrations/004-oauth.js.map +1 -0
- package/dist/account-manager/db/migrations/index.d.ts +2 -0
- package/dist/account-manager/db/migrations/index.d.ts.map +1 -1
- package/dist/account-manager/db/migrations/index.js +2 -0
- package/dist/account-manager/db/migrations/index.js.map +1 -1
- package/dist/account-manager/db/schema/authorization-request.d.ts +19 -0
- package/dist/account-manager/db/schema/authorization-request.d.ts.map +1 -0
- package/dist/account-manager/db/schema/authorization-request.js +5 -0
- package/dist/account-manager/db/schema/authorization-request.js.map +1 -0
- package/dist/account-manager/db/schema/device-account.d.ts +14 -0
- package/dist/account-manager/db/schema/device-account.d.ts.map +1 -0
- package/dist/account-manager/db/schema/device-account.js +5 -0
- package/dist/account-manager/db/schema/device-account.js.map +1 -0
- package/dist/account-manager/db/schema/device.d.ts +16 -0
- package/dist/account-manager/db/schema/device.d.ts.map +1 -0
- package/dist/account-manager/db/schema/device.js +5 -0
- package/dist/account-manager/db/schema/device.js.map +1 -0
- package/dist/account-manager/db/schema/index.d.ts +11 -1
- package/dist/account-manager/db/schema/index.d.ts.map +1 -1
- package/dist/account-manager/db/schema/token.d.ts +24 -0
- package/dist/account-manager/db/schema/token.d.ts.map +1 -0
- package/dist/account-manager/db/schema/token.js +5 -0
- package/dist/account-manager/db/schema/token.js.map +1 -0
- package/dist/account-manager/db/schema/used-refresh-token.d.ts +12 -0
- package/dist/account-manager/db/schema/used-refresh-token.d.ts.map +1 -0
- package/dist/account-manager/db/schema/used-refresh-token.js +5 -0
- package/dist/account-manager/db/schema/used-refresh-token.js.map +1 -0
- package/dist/account-manager/helpers/account.d.ts +27 -5
- package/dist/account-manager/helpers/account.d.ts.map +1 -1
- package/dist/account-manager/helpers/account.js +15 -14
- package/dist/account-manager/helpers/account.js.map +1 -1
- package/dist/account-manager/helpers/authorization-request.d.ts +12 -0
- package/dist/account-manager/helpers/authorization-request.d.ts.map +1 -0
- package/dist/account-manager/helpers/authorization-request.js +59 -0
- package/dist/account-manager/helpers/authorization-request.js.map +1 -0
- package/dist/account-manager/helpers/device-account.d.ts +108 -0
- package/dist/account-manager/helpers/device-account.d.ts.map +1 -0
- package/dist/account-manager/helpers/device-account.js +82 -0
- package/dist/account-manager/helpers/device-account.js.map +1 -0
- package/dist/account-manager/helpers/device.d.ts +9 -0
- package/dist/account-manager/helpers/device.d.ts.map +1 -0
- package/dist/account-manager/helpers/device.js +32 -0
- package/dist/account-manager/helpers/device.js.map +1 -0
- package/dist/account-manager/helpers/token.d.ts +485 -0
- package/dist/account-manager/helpers/token.d.ts.map +1 -0
- package/dist/account-manager/helpers/token.js +123 -0
- package/dist/account-manager/helpers/token.js.map +1 -0
- package/dist/account-manager/helpers/used-refresh-token.d.ts +10 -0
- package/dist/account-manager/helpers/used-refresh-token.d.ts.map +1 -0
- package/dist/account-manager/helpers/used-refresh-token.js +25 -0
- package/dist/account-manager/helpers/used-refresh-token.js.map +1 -0
- package/dist/account-manager/index.d.ts +36 -6
- package/dist/account-manager/index.d.ts.map +1 -1
- package/dist/account-manager/index.js +223 -22
- package/dist/account-manager/index.js.map +1 -1
- package/dist/actor-store/preference/reader.js.map +1 -1
- package/dist/actor-store/record/reader.d.ts +1 -1
- package/dist/api/app/bsky/util/resolver.d.ts +1 -1
- package/dist/api/com/atproto/server/createSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/createSession.js +7 -31
- package/dist/api/com/atproto/server/createSession.js.map +1 -1
- package/dist/api/com/atproto/server/deleteSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/deleteSession.js +14 -13
- package/dist/api/com/atproto/server/deleteSession.js.map +1 -1
- package/dist/api/com/atproto/server/getSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/getSession.js +4 -2
- package/dist/api/com/atproto/server/getSession.js.map +1 -1
- package/dist/api/com/atproto/server/refreshSession.d.ts.map +1 -1
- package/dist/api/com/atproto/server/refreshSession.js +4 -2
- package/dist/api/com/atproto/server/refreshSession.js.map +1 -1
- package/dist/api/com/atproto/sync/getRepoStatus.d.ts.map +1 -1
- package/dist/api/com/atproto/sync/getRepoStatus.js +2 -1
- package/dist/api/com/atproto/sync/getRepoStatus.js.map +1 -1
- package/dist/api/com/atproto/sync/listRepos.js +2 -2
- package/dist/api/com/atproto/sync/listRepos.js.map +1 -1
- package/dist/api/proxy.d.ts.map +1 -1
- package/dist/api/proxy.js +15 -2
- package/dist/api/proxy.js.map +1 -1
- package/dist/auth-routes.d.ts +4 -0
- package/dist/auth-routes.d.ts.map +1 -0
- package/dist/auth-routes.js +24 -0
- package/dist/auth-routes.js.map +1 -0
- package/dist/auth-verifier.d.ts +32 -11
- package/dist/auth-verifier.d.ts.map +1 -1
- package/dist/auth-verifier.js +238 -79
- package/dist/auth-verifier.js.map +1 -1
- package/dist/config/config.d.ts +12 -0
- package/dist/config/config.d.ts.map +1 -1
- package/dist/config/config.js +45 -0
- package/dist/config/config.js.map +1 -1
- package/dist/config/env.d.ts +8 -0
- package/dist/config/env.d.ts.map +1 -1
- package/dist/config/env.js +10 -0
- package/dist/config/env.js.map +1 -1
- package/dist/config/secrets.d.ts +1 -0
- package/dist/config/secrets.d.ts.map +1 -1
- package/dist/config/secrets.js +1 -0
- package/dist/config/secrets.js.map +1 -1
- package/dist/context.d.ts +6 -0
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +71 -13
- package/dist/context.js.map +1 -1
- package/dist/db/cast.d.ts +15 -0
- package/dist/db/cast.d.ts.map +1 -0
- package/dist/db/cast.js +66 -0
- package/dist/db/cast.js.map +1 -0
- package/dist/db/db.d.ts +2 -2
- package/dist/db/db.d.ts.map +1 -1
- package/dist/db/db.js +9 -7
- package/dist/db/db.js.map +1 -1
- package/dist/db/index.d.ts +1 -0
- package/dist/db/index.d.ts.map +1 -1
- package/dist/db/index.js +1 -0
- package/dist/db/index.js.map +1 -1
- package/dist/error.d.ts.map +1 -1
- package/dist/error.js +5 -0
- package/dist/error.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/logger.d.ts +13 -11
- package/dist/logger.d.ts.map +1 -1
- package/dist/logger.js +80 -64
- package/dist/logger.js.map +1 -1
- package/dist/oauth/detailed-account-store.d.ts +27 -0
- package/dist/oauth/detailed-account-store.d.ts.map +1 -0
- package/dist/oauth/detailed-account-store.js +76 -0
- package/dist/oauth/detailed-account-store.js.map +1 -0
- package/dist/oauth/provider.d.ts +16 -0
- package/dist/oauth/provider.d.ts.map +1 -0
- package/dist/oauth/provider.js +45 -0
- package/dist/oauth/provider.js.map +1 -0
- package/dist/pipethrough.d.ts.map +1 -1
- package/dist/pipethrough.js.map +1 -1
- package/dist/sequencer/events.d.ts +2 -2
- package/example.env +21 -3
- package/package.json +9 -7
- package/src/account-manager/db/migrations/004-oauth.ts +122 -0
- package/src/account-manager/db/migrations/index.ts +2 -0
- package/src/account-manager/db/schema/authorization-request.ts +26 -0
- package/src/account-manager/db/schema/device-account.ts +15 -0
- package/src/account-manager/db/schema/device.ts +18 -0
- package/src/account-manager/db/schema/index.ts +15 -0
- package/src/account-manager/db/schema/token.ts +34 -0
- package/src/account-manager/db/schema/used-refresh-token.ts +13 -0
- package/src/account-manager/helpers/account.ts +16 -21
- package/src/account-manager/helpers/authorization-request.ts +82 -0
- package/src/account-manager/helpers/device-account.ts +135 -0
- package/src/account-manager/helpers/device.ts +45 -0
- package/src/account-manager/helpers/token.ts +185 -0
- package/src/account-manager/helpers/used-refresh-token.ts +30 -0
- package/src/account-manager/index.ts +325 -20
- package/src/actor-store/preference/reader.ts +1 -1
- package/src/api/com/atproto/server/createSession.ts +8 -44
- package/src/api/com/atproto/server/deleteSession.ts +14 -20
- package/src/api/com/atproto/server/getSession.ts +7 -2
- package/src/api/com/atproto/server/refreshSession.ts +6 -2
- package/src/api/com/atproto/sync/getRepoStatus.ts +3 -1
- package/src/api/com/atproto/sync/listRepos.ts +1 -1
- package/src/api/proxy.ts +18 -2
- package/src/auth-routes.ts +27 -0
- package/src/auth-verifier.ts +312 -92
- package/src/config/config.ts +66 -0
- package/src/config/env.ts +24 -0
- package/src/config/secrets.ts +2 -0
- package/src/context.ts +80 -14
- package/src/db/cast.ts +59 -0
- package/src/db/db.ts +15 -12
- package/src/db/index.ts +1 -0
- package/src/error.ts +7 -0
- package/src/index.ts +2 -0
- package/src/logger.ts +83 -38
- package/src/oauth/detailed-account-store.ts +96 -0
- package/src/oauth/provider.ts +77 -0
- package/src/pipethrough.ts +3 -2
package/dist/auth-verifier.js
CHANGED
|
@@ -26,11 +26,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
26
26
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
27
27
|
};
|
|
28
28
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
|
-
exports.createPublicKeyObject = exports.createSecretKeyObject = exports.parseBasicAuth = exports.AuthVerifier = exports.RoleStatus = exports.AuthScope = void 0;
|
|
29
|
+
exports.createPublicKeyObject = exports.createSecretKeyObject = exports.parseBasicAuth = exports.parseAuthorizationHeader = exports.AuthVerifier = exports.RoleStatus = exports.AuthScope = void 0;
|
|
30
30
|
const node_crypto_1 = require("node:crypto");
|
|
31
|
+
const oauth_provider_1 = require("@atproto/oauth-provider");
|
|
31
32
|
const xrpc_server_1 = require("@atproto/xrpc-server");
|
|
32
33
|
const identity_1 = require("@atproto/identity");
|
|
33
|
-
const ui8 = __importStar(require("uint8arrays"));
|
|
34
34
|
const jose = __importStar(require("jose"));
|
|
35
35
|
const key_encoder_1 = __importDefault(require("key-encoder"));
|
|
36
36
|
const db_1 = require("./db");
|
|
@@ -51,7 +51,7 @@ var RoleStatus;
|
|
|
51
51
|
RoleStatus[RoleStatus["Missing"] = 2] = "Missing";
|
|
52
52
|
})(RoleStatus || (exports.RoleStatus = RoleStatus = {}));
|
|
53
53
|
class AuthVerifier {
|
|
54
|
-
constructor(accountManager, idResolver, opts) {
|
|
54
|
+
constructor(accountManager, idResolver, oauthVerifier, opts) {
|
|
55
55
|
Object.defineProperty(this, "accountManager", {
|
|
56
56
|
enumerable: true,
|
|
57
57
|
configurable: true,
|
|
@@ -64,6 +64,18 @@ class AuthVerifier {
|
|
|
64
64
|
writable: true,
|
|
65
65
|
value: idResolver
|
|
66
66
|
});
|
|
67
|
+
Object.defineProperty(this, "oauthVerifier", {
|
|
68
|
+
enumerable: true,
|
|
69
|
+
configurable: true,
|
|
70
|
+
writable: true,
|
|
71
|
+
value: oauthVerifier
|
|
72
|
+
});
|
|
73
|
+
Object.defineProperty(this, "_publicUrl", {
|
|
74
|
+
enumerable: true,
|
|
75
|
+
configurable: true,
|
|
76
|
+
writable: true,
|
|
77
|
+
value: void 0
|
|
78
|
+
});
|
|
67
79
|
Object.defineProperty(this, "_jwtKey", {
|
|
68
80
|
enumerable: true,
|
|
69
81
|
configurable: true,
|
|
@@ -88,7 +100,7 @@ class AuthVerifier {
|
|
|
88
100
|
configurable: true,
|
|
89
101
|
writable: true,
|
|
90
102
|
value: (opts = {}) => (ctx) => {
|
|
91
|
-
return this.validateAccessToken(ctx
|
|
103
|
+
return this.validateAccessToken(ctx, [
|
|
92
104
|
AuthScope.Access,
|
|
93
105
|
AuthScope.AppPassPrivileged,
|
|
94
106
|
AuthScope.AppPass,
|
|
@@ -101,7 +113,7 @@ class AuthVerifier {
|
|
|
101
113
|
configurable: true,
|
|
102
114
|
writable: true,
|
|
103
115
|
value: (opts = {}) => (ctx) => {
|
|
104
|
-
return this.validateAccessToken(ctx
|
|
116
|
+
return this.validateAccessToken(ctx, [AuthScope.Access, ...(opts.additional ?? [])], opts);
|
|
105
117
|
}
|
|
106
118
|
});
|
|
107
119
|
Object.defineProperty(this, "accessPrivileged", {
|
|
@@ -109,7 +121,7 @@ class AuthVerifier {
|
|
|
109
121
|
configurable: true,
|
|
110
122
|
writable: true,
|
|
111
123
|
value: (opts = {}) => (ctx) => {
|
|
112
|
-
return this.validateAccessToken(ctx
|
|
124
|
+
return this.validateAccessToken(ctx, [
|
|
113
125
|
AuthScope.Access,
|
|
114
126
|
AuthScope.AppPassPrivileged,
|
|
115
127
|
...(opts.additional ?? []),
|
|
@@ -121,20 +133,32 @@ class AuthVerifier {
|
|
|
121
133
|
configurable: true,
|
|
122
134
|
writable: true,
|
|
123
135
|
value: async (ctx) => {
|
|
124
|
-
const { did, scope, token,
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
136
|
+
const { did, scope, token, tokenId, audience } = await this.validateRefreshToken(ctx);
|
|
137
|
+
return {
|
|
138
|
+
credentials: {
|
|
139
|
+
type: 'refresh',
|
|
140
|
+
did,
|
|
141
|
+
scope,
|
|
142
|
+
audience,
|
|
143
|
+
tokenId,
|
|
144
|
+
},
|
|
145
|
+
artifacts: token,
|
|
146
|
+
};
|
|
147
|
+
}
|
|
148
|
+
});
|
|
149
|
+
Object.defineProperty(this, "refreshExpired", {
|
|
150
|
+
enumerable: true,
|
|
151
|
+
configurable: true,
|
|
152
|
+
writable: true,
|
|
153
|
+
value: async (ctx) => {
|
|
154
|
+
const { did, scope, token, tokenId, audience } = await this.validateRefreshToken(ctx, { clockTolerance: Infinity });
|
|
131
155
|
return {
|
|
132
156
|
credentials: {
|
|
133
157
|
type: 'refresh',
|
|
134
158
|
did,
|
|
135
159
|
scope,
|
|
136
160
|
audience,
|
|
137
|
-
tokenId
|
|
161
|
+
tokenId,
|
|
138
162
|
},
|
|
139
163
|
artifacts: token,
|
|
140
164
|
};
|
|
@@ -144,16 +168,9 @@ class AuthVerifier {
|
|
|
144
168
|
enumerable: true,
|
|
145
169
|
configurable: true,
|
|
146
170
|
writable: true,
|
|
147
|
-
value: (ctx) => {
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
throw new xrpc_server_1.AuthRequiredError();
|
|
151
|
-
}
|
|
152
|
-
const { username, password } = parsed;
|
|
153
|
-
if (username !== 'admin' || password !== this._adminPass) {
|
|
154
|
-
throw new xrpc_server_1.AuthRequiredError();
|
|
155
|
-
}
|
|
156
|
-
return { credentials: { type: 'admin_token' } };
|
|
171
|
+
value: async (ctx) => {
|
|
172
|
+
this.setAuthHeaders(ctx);
|
|
173
|
+
return this.validateAdminToken(ctx);
|
|
157
174
|
}
|
|
158
175
|
});
|
|
159
176
|
Object.defineProperty(this, "optionalAccessOrAdminToken", {
|
|
@@ -161,14 +178,14 @@ class AuthVerifier {
|
|
|
161
178
|
configurable: true,
|
|
162
179
|
writable: true,
|
|
163
180
|
value: async (ctx) => {
|
|
164
|
-
if (
|
|
181
|
+
if (isAccessToken(ctx.req)) {
|
|
165
182
|
return await this.accessStandard()(ctx);
|
|
166
183
|
}
|
|
167
184
|
else if (isBasicToken(ctx.req)) {
|
|
168
185
|
return await this.adminToken(ctx);
|
|
169
186
|
}
|
|
170
187
|
else {
|
|
171
|
-
return this.null();
|
|
188
|
+
return this.null(ctx);
|
|
172
189
|
}
|
|
173
190
|
}
|
|
174
191
|
});
|
|
@@ -176,8 +193,8 @@ class AuthVerifier {
|
|
|
176
193
|
enumerable: true,
|
|
177
194
|
configurable: true,
|
|
178
195
|
writable: true,
|
|
179
|
-
value: async (
|
|
180
|
-
const payload = await this.verifyServiceJwt(
|
|
196
|
+
value: async (ctx) => {
|
|
197
|
+
const payload = await this.verifyServiceJwt(ctx, {
|
|
181
198
|
aud: this.dids.entryway ?? this.dids.pds,
|
|
182
199
|
iss: null,
|
|
183
200
|
});
|
|
@@ -194,12 +211,12 @@ class AuthVerifier {
|
|
|
194
211
|
enumerable: true,
|
|
195
212
|
configurable: true,
|
|
196
213
|
writable: true,
|
|
197
|
-
value: async (
|
|
198
|
-
if (isBearerToken(
|
|
199
|
-
return await this.userDidAuth(
|
|
214
|
+
value: async (ctx) => {
|
|
215
|
+
if (isBearerToken(ctx.req)) {
|
|
216
|
+
return await this.userDidAuth(ctx);
|
|
200
217
|
}
|
|
201
218
|
else {
|
|
202
|
-
return this.null();
|
|
219
|
+
return this.null(ctx);
|
|
203
220
|
}
|
|
204
221
|
}
|
|
205
222
|
});
|
|
@@ -207,11 +224,11 @@ class AuthVerifier {
|
|
|
207
224
|
enumerable: true,
|
|
208
225
|
configurable: true,
|
|
209
226
|
writable: true,
|
|
210
|
-
value: async (
|
|
227
|
+
value: async (ctx) => {
|
|
211
228
|
if (!this.dids.modService) {
|
|
212
229
|
throw new xrpc_server_1.AuthRequiredError('Untrusted issuer', 'UntrustedIss');
|
|
213
230
|
}
|
|
214
|
-
const payload = await this.verifyServiceJwt(
|
|
231
|
+
const payload = await this.verifyServiceJwt(ctx, {
|
|
215
232
|
aud: null,
|
|
216
233
|
iss: [this.dids.modService, `${this.dids.modService}#atproto_labeler`],
|
|
217
234
|
});
|
|
@@ -232,25 +249,57 @@ class AuthVerifier {
|
|
|
232
249
|
enumerable: true,
|
|
233
250
|
configurable: true,
|
|
234
251
|
writable: true,
|
|
235
|
-
value: async (
|
|
236
|
-
if (isBearerToken(
|
|
237
|
-
return this.modService(
|
|
252
|
+
value: async (ctx) => {
|
|
253
|
+
if (isBearerToken(ctx.req)) {
|
|
254
|
+
return this.modService(ctx);
|
|
238
255
|
}
|
|
239
256
|
else {
|
|
240
|
-
return this.adminToken(
|
|
257
|
+
return this.adminToken(ctx);
|
|
241
258
|
}
|
|
242
259
|
}
|
|
243
260
|
});
|
|
261
|
+
this._publicUrl = opts.publicUrl;
|
|
244
262
|
this._jwtKey = opts.jwtKey;
|
|
245
263
|
this._adminPass = opts.adminPass;
|
|
246
264
|
this.dids = opts.dids;
|
|
247
265
|
}
|
|
248
|
-
async
|
|
249
|
-
const
|
|
266
|
+
async validateAdminToken({ req, }) {
|
|
267
|
+
const parsed = (0, exports.parseBasicAuth)(req.headers.authorization);
|
|
268
|
+
if (!parsed) {
|
|
269
|
+
throw new xrpc_server_1.AuthRequiredError();
|
|
270
|
+
}
|
|
271
|
+
const { username, password } = parsed;
|
|
272
|
+
if (username !== 'admin' || password !== this._adminPass) {
|
|
273
|
+
throw new xrpc_server_1.AuthRequiredError();
|
|
274
|
+
}
|
|
275
|
+
return { credentials: { type: 'admin_token' } };
|
|
276
|
+
}
|
|
277
|
+
async validateRefreshToken(ctx, verifyOptions) {
|
|
278
|
+
const result = await this.validateBearerToken(ctx, [AuthScope.Refresh], {
|
|
279
|
+
...verifyOptions,
|
|
280
|
+
// when using entryway, proxying refresh credentials
|
|
281
|
+
audience: this.dids.entryway ? this.dids.entryway : this.dids.pds,
|
|
282
|
+
});
|
|
283
|
+
const tokenId = result.payload.jti;
|
|
284
|
+
if (!tokenId) {
|
|
285
|
+
throw new xrpc_server_1.AuthRequiredError('Unexpected missing refresh token id', 'MissingTokenId');
|
|
286
|
+
}
|
|
287
|
+
return { ...result, tokenId };
|
|
288
|
+
}
|
|
289
|
+
async validateBearerToken(ctx, scopes, verifyOptions) {
|
|
290
|
+
this.setAuthHeaders(ctx);
|
|
291
|
+
const token = bearerTokenFromReq(ctx.req);
|
|
250
292
|
if (!token) {
|
|
251
293
|
throw new xrpc_server_1.AuthRequiredError(undefined, 'AuthMissing');
|
|
252
294
|
}
|
|
253
|
-
const payload = await
|
|
295
|
+
const { payload, protectedHeader } = await this.jwtVerify(token, verifyOptions);
|
|
296
|
+
if (protectedHeader.typ === 'dpop+jwt') {
|
|
297
|
+
// @TODO we should make sure that bearer access tokens do have their "typ"
|
|
298
|
+
// claim, and allow list the possible value(s) here (typically "at+jwt"),
|
|
299
|
+
// instead of using a deny list. This would be more secure & future proof
|
|
300
|
+
// against new token types that would be introduced in the future
|
|
301
|
+
throw new xrpc_server_1.InvalidRequestError('Malformed token', 'InvalidToken');
|
|
302
|
+
}
|
|
254
303
|
const { sub, aud, scope } = payload;
|
|
255
304
|
if (typeof sub !== 'string' || !sub.startsWith('did:')) {
|
|
256
305
|
throw new xrpc_server_1.InvalidRequestError('Malformed token', 'InvalidToken');
|
|
@@ -259,6 +308,10 @@ class AuthVerifier {
|
|
|
259
308
|
(typeof aud !== 'string' || !aud.startsWith('did:'))) {
|
|
260
309
|
throw new xrpc_server_1.InvalidRequestError('Malformed token', 'InvalidToken');
|
|
261
310
|
}
|
|
311
|
+
if (payload.cnf?.jkt) {
|
|
312
|
+
// DPoP bound tokens must not be usable as regular Bearer tokens
|
|
313
|
+
throw new xrpc_server_1.InvalidRequestError('Malformed token', 'InvalidToken');
|
|
314
|
+
}
|
|
262
315
|
if (!isAuthScope(scope) || (scopes.length > 0 && !scopes.includes(scope))) {
|
|
263
316
|
throw new xrpc_server_1.InvalidRequestError('Bad token scope', 'InvalidToken');
|
|
264
317
|
}
|
|
@@ -270,11 +323,26 @@ class AuthVerifier {
|
|
|
270
323
|
payload,
|
|
271
324
|
};
|
|
272
325
|
}
|
|
273
|
-
async validateAccessToken(
|
|
274
|
-
|
|
275
|
-
|
|
326
|
+
async validateAccessToken(ctx, scopes, { checkTakedown = false, checkDeactivated = false, } = {}) {
|
|
327
|
+
this.setAuthHeaders(ctx);
|
|
328
|
+
let accessOutput;
|
|
329
|
+
const [type] = (0, exports.parseAuthorizationHeader)(ctx.req.headers.authorization);
|
|
330
|
+
switch (type) {
|
|
331
|
+
case AuthType.BEARER: {
|
|
332
|
+
accessOutput = await this.validateBearerAccessToken(ctx, scopes);
|
|
333
|
+
break;
|
|
334
|
+
}
|
|
335
|
+
case AuthType.DPOP: {
|
|
336
|
+
accessOutput = await this.validateDpopAccessToken(ctx, scopes);
|
|
337
|
+
break;
|
|
338
|
+
}
|
|
339
|
+
case null:
|
|
340
|
+
throw new xrpc_server_1.AuthRequiredError(undefined, 'AuthMissing');
|
|
341
|
+
default:
|
|
342
|
+
throw new xrpc_server_1.InvalidRequestError('Unexpected authorization type', 'InvalidToken');
|
|
343
|
+
}
|
|
276
344
|
if (checkTakedown || checkDeactivated) {
|
|
277
|
-
const found = await this.accountManager.getAccount(did, {
|
|
345
|
+
const found = await this.accountManager.getAccount(accessOutput.credentials.did, {
|
|
278
346
|
includeDeactivated: true,
|
|
279
347
|
includeTakenDown: true,
|
|
280
348
|
});
|
|
@@ -289,6 +357,54 @@ class AuthVerifier {
|
|
|
289
357
|
throw new xrpc_server_1.AuthRequiredError('Account is deactivated', 'AccountDeactivated');
|
|
290
358
|
}
|
|
291
359
|
}
|
|
360
|
+
return accessOutput;
|
|
361
|
+
}
|
|
362
|
+
async validateDpopAccessToken(ctx, scopes) {
|
|
363
|
+
if (!scopes.includes(AuthScope.Access)) {
|
|
364
|
+
throw new xrpc_server_1.InvalidRequestError('DPoP access token cannot be used for this request', 'InvalidToken');
|
|
365
|
+
}
|
|
366
|
+
this.setAuthHeaders(ctx);
|
|
367
|
+
const { req, res } = ctx;
|
|
368
|
+
// https://datatracker.ietf.org/doc/html/rfc9449#section-8.2
|
|
369
|
+
if (res) {
|
|
370
|
+
const dpopNonce = this.oauthVerifier.nextDpopNonce();
|
|
371
|
+
if (dpopNonce) {
|
|
372
|
+
res.setHeader('DPoP-Nonce', dpopNonce);
|
|
373
|
+
res.appendHeader('Access-Control-Expose-Headers', 'DPoP-Nonce');
|
|
374
|
+
}
|
|
375
|
+
}
|
|
376
|
+
try {
|
|
377
|
+
const url = new URL(req.originalUrl || req.url, this._publicUrl);
|
|
378
|
+
const result = await this.oauthVerifier.authenticateRequest(req.method, url, req.headers, { audience: [this.dids.pds] });
|
|
379
|
+
const { sub } = result.claims;
|
|
380
|
+
if (typeof sub !== 'string' || !sub.startsWith('did:')) {
|
|
381
|
+
throw new xrpc_server_1.InvalidRequestError('Malformed token', 'InvalidToken');
|
|
382
|
+
}
|
|
383
|
+
return {
|
|
384
|
+
credentials: {
|
|
385
|
+
type: 'access',
|
|
386
|
+
did: result.claims.sub,
|
|
387
|
+
scope: AuthScope.Access,
|
|
388
|
+
audience: this.dids.pds,
|
|
389
|
+
},
|
|
390
|
+
artifacts: result.token,
|
|
391
|
+
};
|
|
392
|
+
}
|
|
393
|
+
catch (err) {
|
|
394
|
+
// Make sure to include any WWW-Authenticate header in the response
|
|
395
|
+
// (particularly useful for DPoP's "use_dpop_nonce" error)
|
|
396
|
+
if (res && err instanceof oauth_provider_1.WWWAuthenticateError) {
|
|
397
|
+
res.setHeader('WWW-Authenticate', err.wwwAuthenticateHeader);
|
|
398
|
+
res.appendHeader('Access-Control-Expose-Headers', 'WWW-Authenticate');
|
|
399
|
+
}
|
|
400
|
+
if (err instanceof oauth_provider_1.OAuthError) {
|
|
401
|
+
throw new xrpc_server_1.XRPCError(err.status, err.error_description, err.error);
|
|
402
|
+
}
|
|
403
|
+
throw err;
|
|
404
|
+
}
|
|
405
|
+
}
|
|
406
|
+
async validateBearerAccessToken(ctx, scopes) {
|
|
407
|
+
const { did, scope, token, audience } = await this.validateBearerToken(ctx, scopes, { audience: this.dids.pds });
|
|
292
408
|
return {
|
|
293
409
|
credentials: {
|
|
294
410
|
type: 'access',
|
|
@@ -299,7 +415,8 @@ class AuthVerifier {
|
|
|
299
415
|
artifacts: token,
|
|
300
416
|
};
|
|
301
417
|
}
|
|
302
|
-
async verifyServiceJwt(
|
|
418
|
+
async verifyServiceJwt(ctx, opts) {
|
|
419
|
+
this.setAuthHeaders(ctx);
|
|
303
420
|
const getSigningKey = async (iss, forceRefresh) => {
|
|
304
421
|
if (opts.iss !== null && !opts.iss.includes(iss)) {
|
|
305
422
|
throw new xrpc_server_1.AuthRequiredError('Untrusted issuer', 'UntrustedIss');
|
|
@@ -320,14 +437,15 @@ class AuthVerifier {
|
|
|
320
437
|
}
|
|
321
438
|
return didKey;
|
|
322
439
|
};
|
|
323
|
-
const jwtStr = bearerTokenFromReq(
|
|
440
|
+
const jwtStr = bearerTokenFromReq(ctx.req);
|
|
324
441
|
if (!jwtStr) {
|
|
325
442
|
throw new xrpc_server_1.AuthRequiredError('missing jwt', 'MissingJwt');
|
|
326
443
|
}
|
|
327
444
|
const payload = await (0, xrpc_server_1.verifyJwt)(jwtStr, opts.aud, getSigningKey);
|
|
328
445
|
return { iss: payload.iss, aud: payload.aud };
|
|
329
446
|
}
|
|
330
|
-
null() {
|
|
447
|
+
null(ctx) {
|
|
448
|
+
this.setAuthHeaders(ctx);
|
|
331
449
|
return {
|
|
332
450
|
credentials: null,
|
|
333
451
|
};
|
|
@@ -343,52 +461,79 @@ class AuthVerifier {
|
|
|
343
461
|
return auth.credentials.did === did;
|
|
344
462
|
}
|
|
345
463
|
}
|
|
464
|
+
async jwtVerify(token, verifyOptions) {
|
|
465
|
+
try {
|
|
466
|
+
return await jose.jwtVerify(token, this._jwtKey, verifyOptions);
|
|
467
|
+
}
|
|
468
|
+
catch (err) {
|
|
469
|
+
if (err?.['code'] === 'ERR_JWT_EXPIRED') {
|
|
470
|
+
throw new xrpc_server_1.InvalidRequestError('Token has expired', 'ExpiredToken');
|
|
471
|
+
}
|
|
472
|
+
throw new xrpc_server_1.InvalidRequestError('Token could not be verified', 'InvalidToken');
|
|
473
|
+
}
|
|
474
|
+
}
|
|
475
|
+
setAuthHeaders({ res }) {
|
|
476
|
+
if (res) {
|
|
477
|
+
res.setHeader('Cache-Control', 'private');
|
|
478
|
+
vary(res, 'Authorization');
|
|
479
|
+
}
|
|
480
|
+
}
|
|
346
481
|
}
|
|
347
482
|
exports.AuthVerifier = AuthVerifier;
|
|
348
483
|
// HELPERS
|
|
349
484
|
// ---------
|
|
350
|
-
|
|
351
|
-
|
|
485
|
+
var AuthType;
|
|
486
|
+
(function (AuthType) {
|
|
487
|
+
AuthType["BASIC"] = "Basic";
|
|
488
|
+
AuthType["BEARER"] = "Bearer";
|
|
489
|
+
AuthType["DPOP"] = "DPoP";
|
|
490
|
+
})(AuthType || (AuthType = {}));
|
|
491
|
+
const parseAuthorizationHeader = (authorization) => {
|
|
492
|
+
const result = authorization?.split(' ', 3);
|
|
493
|
+
if (result?.length === 2) {
|
|
494
|
+
for (const [name, type] of Object.entries(AuthType)) {
|
|
495
|
+
// authorization type is case-insensitive
|
|
496
|
+
if (name === result[0].toUpperCase()) {
|
|
497
|
+
return [type, result[1]];
|
|
498
|
+
}
|
|
499
|
+
}
|
|
500
|
+
}
|
|
501
|
+
return [null];
|
|
502
|
+
};
|
|
503
|
+
exports.parseAuthorizationHeader = parseAuthorizationHeader;
|
|
504
|
+
const isAccessToken = (req) => {
|
|
505
|
+
const [type] = (0, exports.parseAuthorizationHeader)(req.headers.authorization);
|
|
506
|
+
return type === AuthType.BEARER || type === AuthType.DPOP;
|
|
507
|
+
};
|
|
352
508
|
const isBearerToken = (req) => {
|
|
353
|
-
|
|
509
|
+
const [type] = (0, exports.parseAuthorizationHeader)(req.headers.authorization);
|
|
510
|
+
return type === AuthType.BEARER;
|
|
354
511
|
};
|
|
355
512
|
const isBasicToken = (req) => {
|
|
356
|
-
|
|
513
|
+
const [type] = (0, exports.parseAuthorizationHeader)(req.headers.authorization);
|
|
514
|
+
return type === AuthType.BASIC;
|
|
357
515
|
};
|
|
358
516
|
const bearerTokenFromReq = (req) => {
|
|
359
|
-
const
|
|
360
|
-
|
|
361
|
-
return null;
|
|
362
|
-
return header.slice(BEARER.length);
|
|
363
|
-
};
|
|
364
|
-
const verifyJwt = async (params) => {
|
|
365
|
-
const { key, token, verifyOptions } = params;
|
|
366
|
-
try {
|
|
367
|
-
const result = await jose.jwtVerify(token, key, verifyOptions);
|
|
368
|
-
return result.payload;
|
|
369
|
-
}
|
|
370
|
-
catch (err) {
|
|
371
|
-
if (err?.['code'] === 'ERR_JWT_EXPIRED') {
|
|
372
|
-
throw new xrpc_server_1.InvalidRequestError('Token has expired', 'ExpiredToken');
|
|
373
|
-
}
|
|
374
|
-
throw new xrpc_server_1.InvalidRequestError('Token could not be verified', 'InvalidToken');
|
|
375
|
-
}
|
|
517
|
+
const [type, token] = (0, exports.parseAuthorizationHeader)(req.headers.authorization);
|
|
518
|
+
return type === AuthType.BEARER ? token : null;
|
|
376
519
|
};
|
|
377
|
-
const parseBasicAuth = (
|
|
378
|
-
if (!token.startsWith(BASIC))
|
|
379
|
-
return null;
|
|
380
|
-
const b64 = token.slice(BASIC.length);
|
|
381
|
-
let parsed;
|
|
520
|
+
const parseBasicAuth = (authorizationHeader) => {
|
|
382
521
|
try {
|
|
383
|
-
|
|
522
|
+
const [type, b64] = (0, exports.parseAuthorizationHeader)(authorizationHeader);
|
|
523
|
+
if (type !== AuthType.BASIC)
|
|
524
|
+
return null;
|
|
525
|
+
const decoded = Buffer.from(b64, 'base64').toString('utf8');
|
|
526
|
+
// We must not use split(':') because the password can contain colons
|
|
527
|
+
const colon = decoded.indexOf(':');
|
|
528
|
+
if (colon === -1)
|
|
529
|
+
return null;
|
|
530
|
+
const username = decoded.slice(0, colon);
|
|
531
|
+
const password = decoded.slice(colon + 1);
|
|
532
|
+
return { username, password };
|
|
384
533
|
}
|
|
385
534
|
catch (err) {
|
|
386
535
|
return null;
|
|
387
536
|
}
|
|
388
|
-
const [username, password] = parsed;
|
|
389
|
-
if (!username || !password)
|
|
390
|
-
return null;
|
|
391
|
-
return { username, password };
|
|
392
537
|
};
|
|
393
538
|
exports.parseBasicAuth = parseBasicAuth;
|
|
394
539
|
const authScopes = new Set(Object.values(AuthScope));
|
|
@@ -405,4 +550,18 @@ const createPublicKeyObject = (publicKeyHex) => {
|
|
|
405
550
|
};
|
|
406
551
|
exports.createPublicKeyObject = createPublicKeyObject;
|
|
407
552
|
const keyEncoder = new key_encoder_1.default('secp256k1');
|
|
553
|
+
function vary(res, value) {
|
|
554
|
+
const current = res.getHeader('Vary');
|
|
555
|
+
if (current == null || typeof current === 'number') {
|
|
556
|
+
res.setHeader('Vary', value);
|
|
557
|
+
}
|
|
558
|
+
else {
|
|
559
|
+
const alreadyIncluded = Array.isArray(current)
|
|
560
|
+
? current.some((value) => value.includes(value))
|
|
561
|
+
: current.includes(value);
|
|
562
|
+
if (!alreadyIncluded) {
|
|
563
|
+
res.appendHeader('Vary', value);
|
|
564
|
+
}
|
|
565
|
+
}
|
|
566
|
+
}
|
|
408
567
|
//# sourceMappingURL=auth-verifier.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-verifier.js","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6CAAyE;AACzE,sDAK6B;AAC7B,gDAAsE;AACtE,iDAAkC;AAElC,2CAA4B;AAC5B,8DAAoC;AAEpC,6BAAkC;AAClC,4CAAyD;AAMzD,sEAAsE;AACtE,IAAY,SAMX;AAND,WAAY,SAAS;IACnB,0CAA6B,CAAA;IAC7B,4CAA+B,CAAA;IAC/B,4CAA+B,CAAA;IAC/B,gEAAmD,CAAA;IACnD,sDAAyC,CAAA;AAC3C,CAAC,EANW,SAAS,yBAAT,SAAS,QAMpB;AAQD,IAAY,UAIX;AAJD,WAAY,UAAU;IACpB,6CAAK,CAAA;IACL,iDAAO,CAAA;IACP,iDAAO,CAAA;AACT,CAAC,EAJW,UAAU,0BAAV,UAAU,QAIrB;AAmED,MAAa,YAAY;IAKvB,YACS,cAA8B,EAC9B,UAAsB,EAC7B,IAAsB;QAFtB;;;;mBAAO,cAAc;WAAgB;QACrC;;;;mBAAO,UAAU;WAAY;QANvB;;;;;WAAkB;QAClB;;;;;WAAkB;QACnB;;;;;WAA8B;QAYrC,0CAA0C;QAE1C;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAC7B,GAAG,CAAC,GAAG,EACP;oBACE,SAAS,CAAC,MAAM;oBAChB,SAAS,CAAC,iBAAiB;oBAC3B,SAAS,CAAC,OAAO;oBACjB,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;iBAC3B,EACD,IAAI,CACL,CAAA;YACH,CAAC;WAAA;QAEH;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAC7B,GAAG,CAAC,GAAG,EACP,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,EAC9C,IAAI,CACL,CAAA;YACH,CAAC;WAAA;QAEH;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,EAAE;oBACvC,SAAS,CAAC,MAAM;oBAChB,SAAS,CAAC,iBAAiB;oBAC3B,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;iBAC3B,CAAC,CAAA;YACJ,CAAC;WAAA;QAEH;;;;mBAAU,KAAK,EAAE,GAAW,EAA0B,EAAE;gBACtD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,GAC5C,MAAM,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE;oBAC3D,oDAAoD;oBACpD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;iBAClE,CAAC,CAAA;gBACJ,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBACjB,MAAM,IAAI,+BAAiB,CACzB,qCAAqC,EACrC,gBAAgB,CACjB,CAAA;gBACH,CAAC;gBACD,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,SAAS;wBACf,GAAG;wBACH,KAAK;wBACL,QAAQ;wBACR,OAAO,EAAE,OAAO,CAAC,GAAG;qBACrB;oBACD,SAAS,EAAE,KAAK;iBACjB,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAa,CAAC,GAAW,EAAoB,EAAE;gBAC7C,MAAM,MAAM,GAAG,IAAA,sBAAc,EAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC,CAAA;gBAClE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,+BAAiB,EAAE,CAAA;gBAC/B,CAAC;gBACD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;gBACrC,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;oBACzD,MAAM,IAAI,+BAAiB,EAAE,CAAA;gBAC/B,CAAC;gBACD,OAAO,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,CAAA;YACjD,CAAC;WAAA;QAED;;;;mBAA6B,KAAK,EAChC,GAAW,EAC4C,EAAE;gBACzD,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3B,OAAO,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC,GAAG,CAAC,CAAA;gBACzC,CAAC;qBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBACnC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;gBACpB,CAAC;YACH,CAAC;WAAA;QAED;;;;mBAAc,KAAK,EAAE,MAAc,EAA0B,EAAE;gBAC7D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;oBAClD,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG;oBACxC,GAAG,EAAE,IAAI;iBACV,CAAC,CAAA;gBACF,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,UAAU;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAsB,KAAK,EACzB,MAAc,EACuB,EAAE;gBACvC,IAAI,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9B,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;gBACvC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,IAAI,EAAE,CAAA;gBACpB,CAAC;YACH,CAAC;WAAA;QAED;;;;mBAAa,KAAK,EAAE,MAAc,EAA6B,EAAE;gBAC/D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC1B,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;gBACjE,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;oBAClD,GAAG,EAAE,IAAI;oBACT,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,kBAAkB,CAAC;iBACvE,CAAC,CAAA;gBACF,IACE,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,GAAG;oBAC7B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAC3D,CAAC;oBACD,MAAM,IAAI,+BAAiB,CACzB,yCAAyC,EACzC,gBAAgB,CACjB,CAAA;gBACH,CAAC;gBACD,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,aAAa;wBACnB,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAY,KAAK,EACf,MAAc,EACgC,EAAE;gBAChD,IAAI,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9B,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;gBAChC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;gBAChC,CAAC;YACH,CAAC;WAAA;QApJC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAA;QAC1B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAA;IACvB,CAAC;IAmJD,KAAK,CAAC,mBAAmB,CACvB,GAAoB,EACpB,MAAmB,EACnB,aAAqC;QAErC,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAA;QACrC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,+BAAiB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;QACvD,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,CAAA;QAC5E,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;QACnC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IACE,GAAG,KAAK,SAAS;YACjB,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EACpD,CAAC;YACD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,OAAO;YACL,GAAG,EAAE,GAAG;YACR,KAAK;YACL,QAAQ,EAAE,GAAG;YACb,KAAK;YACL,OAAO;SACR,CAAA;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,GAAoB,EACpB,MAAmB,EACnB,IAA8D;QAE9D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,mBAAmB,CACpE,GAAG,EACH,MAAM,EACN,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAC5B,CAAA;QACD,MAAM,EAAE,aAAa,GAAG,KAAK,EAAE,gBAAgB,GAAG,KAAK,EAAE,GAAG,IAAI,IAAI,EAAE,CAAA;QACtE,IAAI,aAAa,IAAI,gBAAgB,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACtD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,yEAAyE;gBACzE,MAAM,IAAI,4BAAc,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAA;YAClE,CAAC;YACD,IAAI,aAAa,IAAI,IAAA,gBAAW,EAAC,KAAK,CAAC,EAAE,CAAC;gBACxC,MAAM,IAAI,+BAAiB,CACzB,6BAA6B,EAC7B,iBAAiB,CAClB,CAAA;YACH,CAAC;YACD,IAAI,gBAAgB,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;gBAC5C,MAAM,IAAI,+BAAiB,CACzB,wBAAwB,EACxB,oBAAoB,CACrB,CAAA;YACH,CAAC;QACH,CAAC;QACD,OAAO;YACL,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,GAAG;gBACH,KAAK;gBACL,QAAQ;aACT;YACD,SAAS,EAAE,KAAK;SACjB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,MAAc,EACd,IAAkD;QAElD,MAAM,aAAa,GAAG,KAAK,EACzB,GAAW,EACX,YAAqB,EACJ,EAAE;YACnB,IAAI,IAAI,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjD,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;YACjE,CAAC;YACD,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YACvC,MAAM,KAAK,GACT,SAAS,KAAK,iBAAiB,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAA;YAC/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YACnE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,2BAA2B,CAAC,CAAA;YAC1D,CAAC;YACD,MAAM,SAAS,GAAG,IAAA,gCAAuB,EAAC,MAAM,EAAE,KAAK,CAAC,CAAA;YACxD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,MAAM,MAAM,GAAG,IAAA,iCAAsB,EAAC,SAAS,CAAC,CAAA;YAChD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC,CAAA;QAED,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAC7C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,+BAAiB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAA;QAC1D,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,IAAA,uBAAgB,EAAC,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;QACvE,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAA;IAC/C,CAAC;IAED,IAAI;QACF,OAAO;YACL,WAAW,EAAE,IAAI;SAClB,CAAA;IACH,CAAC;IAED,aAAa,CACX,IAAkD,EAClD,GAAW;QAEX,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,KAAK,CAAA;QACd,CAAC;aAAM,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YACnD,OAAO,IAAI,CAAA;QACb,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,KAAK,GAAG,CAAA;QACrC,CAAC;IACH,CAAC;CACF;AAnSD,oCAmSC;AAED,UAAU;AACV,YAAY;AAEZ,MAAM,MAAM,GAAG,SAAS,CAAA;AACxB,MAAM,KAAK,GAAG,QAAQ,CAAA;AAEtB,MAAM,aAAa,GAAG,CAAC,GAAoB,EAAW,EAAE;IACtD,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,CAAA;AAC/D,CAAC,CAAA;AAED,MAAM,YAAY,GAAG,CAAC,GAAoB,EAAW,EAAE;IACrD,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,UAAU,CAAC,KAAK,CAAC,IAAI,KAAK,CAAA;AAC9D,CAAC,CAAA;AAED,MAAM,kBAAkB,GAAG,CAAC,GAAoB,EAAE,EAAE;IAClD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAA;IAC9C,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAA;IAC3C,OAAO,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;AACpC,CAAC,CAAA;AAED,MAAM,SAAS,GAAG,KAAK,EAAE,MAIxB,EAA4B,EAAE;IAC7B,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,MAAM,CAAA;IAC5C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,aAAa,CAAC,CAAA;QAC9D,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,iBAAiB,EAAE,CAAC;YACxC,MAAM,IAAI,iCAAmB,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAA;QACpE,CAAC;QACD,MAAM,IAAI,iCAAmB,CAAC,6BAA6B,EAAE,cAAc,CAAC,CAAA;IAC9E,CAAC;AACH,CAAC,CAAA;AAEM,MAAM,cAAc,GAAG,CAC5B,KAAa,EACkC,EAAE;IACjD,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACzC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IACrC,IAAI,MAAgB,CAAA;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5E,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,IAAI,CAAA;IACb,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,MAAM,CAAA;IACnC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAA;IACvC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAA;AAC/B,CAAC,CAAA;AAdY,QAAA,cAAc,kBAc1B;AAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAA;AACpD,MAAM,WAAW,GAAG,CAAC,GAAY,EAAoB,EAAE;IACrD,OAAO,UAAU,CAAC,GAAG,CAAC,GAAU,CAAC,CAAA;AACnC,CAAC,CAAA;AAEM,MAAM,qBAAqB,GAAG,CAAC,MAAc,EAAa,EAAE;IACjE,OAAO,IAAA,6BAAe,EAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;AAC7C,CAAC,CAAA;AAFY,QAAA,qBAAqB,yBAEjC;AAEM,MAAM,qBAAqB,GAAG,CAAC,YAAoB,EAAa,EAAE;IACvE,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAC,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;IAC/D,OAAO,IAAA,6BAAe,EAAC,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;AAChD,CAAC,CAAA;AAHY,QAAA,qBAAqB,yBAGjC;AAED,MAAM,UAAU,GAAG,IAAI,qBAAU,CAAC,WAAW,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"auth-verifier.js","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6CAAyE;AAEzE,4DAIgC;AAChC,sDAM6B;AAC7B,gDAAsE;AAEtE,2CAA4B;AAC5B,8DAAoC;AAEpC,6BAAkC;AAClC,4CAAyD;AAQzD,sEAAsE;AACtE,IAAY,SAMX;AAND,WAAY,SAAS;IACnB,0CAA6B,CAAA;IAC7B,4CAA+B,CAAA;IAC/B,4CAA+B,CAAA;IAC/B,gEAAmD,CAAA;IACnD,sDAAyC,CAAA;AAC3C,CAAC,EANW,SAAS,yBAAT,SAAS,QAMpB;AAQD,IAAY,UAIX;AAJD,WAAY,UAAU;IACpB,6CAAK,CAAA;IACL,iDAAO,CAAA;IACP,iDAAO,CAAA;AACT,CAAC,EAJW,UAAU,0BAAV,UAAU,QAIrB;AAwED,MAAa,YAAY;IAMvB,YACS,cAA8B,EAC9B,UAAsB,EACtB,aAA4B,EACnC,IAAsB;QAHtB;;;;mBAAO,cAAc;WAAgB;QACrC;;;;mBAAO,UAAU;WAAY;QAC7B;;;;mBAAO,aAAa;WAAe;QAR7B;;;;;WAAkB;QAClB;;;;;WAAkB;QAClB;;;;;WAAkB;QACnB;;;;;WAA8B;QAcrC,0CAA0C;QAE1C;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAC7B,GAAG,EACH;oBACE,SAAS,CAAC,MAAM;oBAChB,SAAS,CAAC,iBAAiB;oBAC3B,SAAS,CAAC,OAAO;oBACjB,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;iBAC3B,EACD,IAAI,CACL,CAAA;YACH,CAAC;WAAA;QAEH;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAC7B,GAAG,EACH,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,EAC9C,IAAI,CACL,CAAA;YACH,CAAC;WAAA;QAEH;;;;mBACE,CAAC,OAA4B,EAAE,EAAE,EAAE,CACnC,CAAC,GAAW,EAAyB,EAAE;gBACrC,OAAO,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE;oBACnC,SAAS,CAAC,MAAM;oBAChB,SAAS,CAAC,iBAAiB;oBAC3B,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;iBAC3B,CAAC,CAAA;YACJ,CAAC;WAAA;QAEH;;;;mBAAU,KAAK,EAAE,GAAW,EAA0B,EAAE;gBACtD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,GAC5C,MAAM,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAA;gBAEtC,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,SAAS;wBACf,GAAG;wBACH,KAAK;wBACL,QAAQ;wBACR,OAAO;qBACR;oBACD,SAAS,EAAE,KAAK;iBACjB,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAiB,KAAK,EAAE,GAAW,EAA0B,EAAE;gBAC7D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,GAC5C,MAAM,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAA;gBAEpE,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,SAAS;wBACf,GAAG;wBACH,KAAK;wBACL,QAAQ;wBACR,OAAO;qBACR;oBACD,SAAS,EAAE,KAAK;iBACjB,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAa,KAAK,EAAE,GAAW,EAA6B,EAAE;gBAC5D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;gBACxB,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;YACrC,CAAC;WAAA;QAED;;;;mBAA6B,KAAK,EAChC,GAAW,EAC4C,EAAE;gBACzD,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3B,OAAO,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC,GAAG,CAAC,CAAA;gBACzC,CAAC;qBAAM,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBACnC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACvB,CAAC;YACH,CAAC;WAAA;QAED;;;;mBAAc,KAAK,EAAE,GAAW,EAA0B,EAAE;gBAC1D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;oBAC/C,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG;oBACxC,GAAG,EAAE,IAAI;iBACV,CAAC,CAAA;gBACF,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,UAAU;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAsB,KAAK,EACzB,GAAW,EAC0B,EAAE;gBACvC,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3B,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;gBACpC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACvB,CAAC;YACH,CAAC;WAAA;QAED;;;;mBAAa,KAAK,EAAE,GAAW,EAA6B,EAAE;gBAC5D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC1B,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;gBACjE,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;oBAC/C,GAAG,EAAE,IAAI;oBACT,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,kBAAkB,CAAC;iBACvE,CAAC,CAAA;gBACF,IACE,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,GAAG;oBAC7B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAC3D,CAAC;oBACD,MAAM,IAAI,+BAAiB,CACzB,yCAAyC,EACzC,gBAAgB,CACjB,CAAA;gBACH,CAAC;gBACD,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,aAAa;wBACnB,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAED;;;;mBAAY,KAAK,EACf,GAAW,EACmC,EAAE;gBAChD,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBAC7B,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBAC7B,CAAC;YACH,CAAC;WAAA;QAtJC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAA;QAC1B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAA;IACvB,CAAC;IAoJS,KAAK,CAAC,kBAAkB,CAAC,EACjC,GAAG,GACI;QACP,MAAM,MAAM,GAAG,IAAA,sBAAc,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QACxD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,+BAAiB,EAAE,CAAA;QAC/B,CAAC;QACD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;QACrC,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;YACzD,MAAM,IAAI,+BAAiB,EAAE,CAAA;QAC/B,CAAC;QAED,OAAO,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,CAAA;IACjD,CAAC;IAES,KAAK,CAAC,oBAAoB,CAClC,GAAW,EACX,aAAuD;QAEvD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE;YACtE,GAAG,aAAa;YAChB,oDAAoD;YACpD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;SAClE,CAAC,CAAA;QACF,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAA;QAClC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,+BAAiB,CACzB,qCAAqC,EACrC,gBAAgB,CACjB,CAAA;QACH,CAAC;QACD,OAAO,EAAE,GAAG,MAAM,EAAE,OAAO,EAAE,CAAA;IAC/B,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,GAAW,EACX,MAAmB,EACnB,aAAqC;QAErC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;QAExB,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,+BAAiB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;QACvD,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CACvD,KAAK,EACL,aAAa,CACd,CAAA;QAED,IAAI,eAAe,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;YACvC,0EAA0E;YAC1E,yEAAyE;YACzE,yEAAyE;YACzE,iEAAiE;YACjE,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;QACnC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IACE,GAAG,KAAK,SAAS;YACjB,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EACpD,CAAC;YACD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAK,OAAO,CAAC,GAAW,EAAE,GAAG,EAAE,CAAC;YAC9B,gEAAgE;YAChE,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,OAAO;YACL,GAAG,EAAE,GAAG;YACR,KAAK;YACL,QAAQ,EAAE,GAAG;YACb,KAAK;YACL,OAAO;SACR,CAAA;IACH,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,GAAW,EACX,MAAmB,EACnB,EACE,aAAa,GAAG,KAAK,EACrB,gBAAgB,GAAG,KAAK,MACmC,EAAE;QAE/D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;QAExB,IAAI,YAA0B,CAAA;QAE9B,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,gCAAwB,EAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QACtE,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;gBACrB,YAAY,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBAChE,MAAK;YACP,CAAC;YACD,KAAK,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;gBACnB,YAAY,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBAC9D,MAAK;YACP,CAAC;YACD,KAAK,IAAI;gBACP,MAAM,IAAI,+BAAiB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;YACvD;gBACE,MAAM,IAAI,iCAAmB,CAC3B,+BAA+B,EAC/B,cAAc,CACf,CAAA;QACL,CAAC;QAED,IAAI,aAAa,IAAI,gBAAgB,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAChD,YAAY,CAAC,WAAW,CAAC,GAAG,EAC5B;gBACE,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CACF,CAAA;YACD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,yEAAyE;gBACzE,MAAM,IAAI,4BAAc,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAA;YAClE,CAAC;YACD,IAAI,aAAa,IAAI,IAAA,gBAAW,EAAC,KAAK,CAAC,EAAE,CAAC;gBACxC,MAAM,IAAI,+BAAiB,CACzB,6BAA6B,EAC7B,iBAAiB,CAClB,CAAA;YACH,CAAC;YACD,IAAI,gBAAgB,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;gBAC5C,MAAM,IAAI,+BAAiB,CACzB,wBAAwB,EACxB,oBAAoB,CACrB,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,YAAY,CAAA;IACrB,CAAC;IAES,KAAK,CAAC,uBAAuB,CACrC,GAAW,EACX,MAAmB;QAEnB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,iCAAmB,CAC3B,mDAAmD,EACnD,cAAc,CACf,CAAA;QACH,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;QAExB,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,CAAA;QAExB,4DAA4D;QAC5D,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,CAAA;YACpD,IAAI,SAAS,EAAE,CAAC;gBACd,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;gBACtC,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,YAAY,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;YAChE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CACzD,GAAG,CAAC,MAAM,EACV,GAAG,EACH,GAAG,CAAC,OAAO,EACX,EAAE,QAAQ,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAC9B,CAAA;YAED,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,CAAA;YAC7B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACvD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;YAClE,CAAC;YAED,OAAO;gBACL,WAAW,EAAE;oBACX,IAAI,EAAE,QAAQ;oBACd,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;oBACtB,KAAK,EAAE,SAAS,CAAC,MAAM;oBACvB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG;iBACxB;gBACD,SAAS,EAAE,MAAM,CAAC,KAAK;aACxB,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,mEAAmE;YACnE,0DAA0D;YAC1D,IAAI,GAAG,IAAI,GAAG,YAAY,qCAAoB,EAAE,CAAC;gBAC/C,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,GAAG,CAAC,qBAAqB,CAAC,CAAA;gBAC5D,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,kBAAkB,CAAC,CAAA;YACvE,CAAC;YAED,IAAI,GAAG,YAAY,2BAAU,EAAE,CAAC;gBAC9B,MAAM,IAAI,uBAAS,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,iBAAiB,EAAE,GAAG,CAAC,KAAK,CAAC,CAAA;YACnE,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAES,KAAK,CAAC,yBAAyB,CACvC,GAAW,EACX,MAAmB;QAEnB,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,mBAAmB,CACpE,GAAG,EACH,MAAM,EACN,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAC5B,CAAA;QACD,OAAO;YACL,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,GAAG;gBACH,KAAK;gBACL,QAAQ;aACT;YACD,SAAS,EAAE,KAAK;SACjB,CAAA;IACH,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC9B,GAAW,EACX,IAAkD;QAElD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;QAExB,MAAM,aAAa,GAAG,KAAK,EACzB,GAAW,EACX,YAAqB,EACJ,EAAE;YACnB,IAAI,IAAI,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjD,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;YACjE,CAAC;YACD,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YACvC,MAAM,KAAK,GACT,SAAS,KAAK,iBAAiB,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAA;YAC/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YACnE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,2BAA2B,CAAC,CAAA;YAC1D,CAAC;YACD,MAAM,SAAS,GAAG,IAAA,gCAAuB,EAAC,MAAM,EAAE,KAAK,CAAC,CAAA;YACxD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,MAAM,MAAM,GAAG,IAAA,iCAAsB,EAAC,SAAS,CAAC,CAAA;YAChD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC,CAAA;QAED,MAAM,MAAM,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,+BAAiB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAA;QAC1D,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,IAAA,uBAAgB,EAAC,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;QACvE,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAA;IAC/C,CAAC;IAES,IAAI,CAAC,GAAW;QACxB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;QACxB,OAAO;YACL,WAAW,EAAE,IAAI;SAClB,CAAA;IACH,CAAC;IAED,aAAa,CACX,IAAkD,EAClD,GAAW;QAEX,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,KAAK,CAAA;QACd,CAAC;aAAM,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YACnD,OAAO,IAAI,CAAA;QACb,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,KAAK,GAAG,CAAA;QACrC,CAAC;IACH,CAAC;IAES,KAAK,CAAC,SAAS,CACvB,KAAa,EACb,aAAqC;QAErC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,iBAAiB,EAAE,CAAC;gBACxC,MAAM,IAAI,iCAAmB,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAA;YACpE,CAAC;YACD,MAAM,IAAI,iCAAmB,CAC3B,6BAA6B,EAC7B,cAAc,CACf,CAAA;QACH,CAAC;IACH,CAAC;IAES,cAAc,CAAC,EAAE,GAAG,EAAU;QACtC,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;YACzC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAA;QAC5B,CAAC;IACH,CAAC;CACF;AA1dD,oCA0dC;AAED,UAAU;AACV,YAAY;AAEZ,IAAK,QAIJ;AAJD,WAAK,QAAQ;IACX,2BAAe,CAAA;IACf,6BAAiB,CAAA;IACjB,yBAAa,CAAA;AACf,CAAC,EAJI,QAAQ,KAAR,QAAQ,QAIZ;AAEM,MAAM,wBAAwB,GAAG,CACtC,aAAsB,EAC0B,EAAE;IAClD,MAAM,MAAM,GAAG,aAAa,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;IAC3C,IAAI,MAAM,EAAE,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpD,yCAAyC;YACzC,IAAI,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;gBACrC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAoC,CAAA;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,IAAI,CAAiB,CAAA;AAC/B,CAAC,CAAA;AAdY,QAAA,wBAAwB,4BAcpC;AAED,MAAM,aAAa,GAAG,CAAC,GAAoB,EAAW,EAAE;IACtD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,gCAAwB,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAClE,OAAO,IAAI,KAAK,QAAQ,CAAC,MAAM,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI,CAAA;AAC3D,CAAC,CAAA;AAED,MAAM,aAAa,GAAG,CAAC,GAAoB,EAAW,EAAE;IACtD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,gCAAwB,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAClE,OAAO,IAAI,KAAK,QAAQ,CAAC,MAAM,CAAA;AACjC,CAAC,CAAA;AAED,MAAM,YAAY,GAAG,CAAC,GAAoB,EAAW,EAAE;IACrD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,gCAAwB,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAClE,OAAO,IAAI,KAAK,QAAQ,CAAC,KAAK,CAAA;AAChC,CAAC,CAAA;AAED,MAAM,kBAAkB,GAAG,CAAC,GAAoB,EAAE,EAAE;IAClD,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,IAAA,gCAAwB,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IACzE,OAAO,IAAI,KAAK,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAA;AAChD,CAAC,CAAA;AAEM,MAAM,cAAc,GAAG,CAC5B,mBAA4B,EACmB,EAAE;IACjD,IAAI,CAAC;QACH,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,IAAA,gCAAwB,EAAC,mBAAmB,CAAC,CAAA;QACjE,IAAI,IAAI,KAAK,QAAQ,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACxC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAC3D,qEAAqE;QACrE,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAClC,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAA;QAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;QACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAA;QACzC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAA;IAC/B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC,CAAA;AAhBY,QAAA,cAAc,kBAgB1B;AAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAA;AACpD,MAAM,WAAW,GAAG,CAAC,GAAY,EAAoB,EAAE;IACrD,OAAO,UAAU,CAAC,GAAG,CAAC,GAAU,CAAC,CAAA;AACnC,CAAC,CAAA;AAEM,MAAM,qBAAqB,GAAG,CAAC,MAAc,EAAa,EAAE;IACjE,OAAO,IAAA,6BAAe,EAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;AAC7C,CAAC,CAAA;AAFY,QAAA,qBAAqB,yBAEjC;AAEM,MAAM,qBAAqB,GAAG,CAAC,YAAoB,EAAa,EAAE;IACvE,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAC,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;IAC/D,OAAO,IAAA,6BAAe,EAAC,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;AAChD,CAAC,CAAA;AAHY,QAAA,qBAAqB,yBAGjC;AAED,MAAM,UAAU,GAAG,IAAI,qBAAU,CAAC,WAAW,CAAC,CAAA;AAE9C,SAAS,IAAI,CAAC,GAAqB,EAAE,KAAa;IAChD,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;IACrC,IAAI,OAAO,IAAI,IAAI,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QACnD,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAC9B,CAAC;SAAM,CAAC;QACN,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAC5C,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAChD,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAC3B,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QACjC,CAAC;IACH,CAAC;AACH,CAAC"}
|
package/dist/config/config.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { Customization } from '@atproto/oauth-provider';
|
|
1
2
|
import { ServerEnvironment } from './env';
|
|
2
3
|
export declare const envToCfg: (env: ServerEnvironment) => ServerConfig;
|
|
3
4
|
export type ServerConfig = {
|
|
@@ -17,6 +18,8 @@ export type ServerConfig = {
|
|
|
17
18
|
redis: RedisScratchConfig | null;
|
|
18
19
|
rateLimits: RateLimitsConfig;
|
|
19
20
|
crawlers: string[];
|
|
21
|
+
fetch: FetchConfig;
|
|
22
|
+
oauth: OAuthConfig;
|
|
20
23
|
};
|
|
21
24
|
export type ServiceConfig = {
|
|
22
25
|
port: number;
|
|
@@ -75,6 +78,15 @@ export type EntrywayConfig = {
|
|
|
75
78
|
jwtPublicKeyHex: string;
|
|
76
79
|
plcRotationKey: string;
|
|
77
80
|
};
|
|
81
|
+
export type FetchConfig = {
|
|
82
|
+
disableSsrfProtection: boolean;
|
|
83
|
+
};
|
|
84
|
+
export type OAuthConfig = {
|
|
85
|
+
issuer: string;
|
|
86
|
+
provider: false | {
|
|
87
|
+
customization: Customization;
|
|
88
|
+
};
|
|
89
|
+
};
|
|
78
90
|
export type InvitesConfig = {
|
|
79
91
|
required: true;
|
|
80
92
|
interval: number | null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config/config.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAA;AAKzC,eAAO,MAAM,QAAQ,QAAS,iBAAiB,KAAG,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config/config.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAA;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAA;AAKzC,eAAO,MAAM,QAAQ,QAAS,iBAAiB,KAAG,YAwSjD,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,aAAa,CAAA;IACtB,EAAE,EAAE,cAAc,CAAA;IAClB,UAAU,EAAE,gBAAgB,CAAA;IAC5B,SAAS,EAAE,iBAAiB,GAAG,mBAAmB,CAAA;IAClD,QAAQ,EAAE,cAAc,CAAA;IACxB,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAA;IAC/B,OAAO,EAAE,aAAa,CAAA;IACtB,KAAK,EAAE,WAAW,GAAG,IAAI,CAAA;IACzB,eAAe,EAAE,WAAW,GAAG,IAAI,CAAA;IACnC,YAAY,EAAE,kBAAkB,CAAA;IAChC,WAAW,EAAE,iBAAiB,GAAG,IAAI,CAAA;IACrC,UAAU,EAAE,gBAAgB,GAAG,IAAI,CAAA;IACnC,aAAa,EAAE,mBAAmB,GAAG,IAAI,CAAA;IACzC,KAAK,EAAE,kBAAkB,GAAG,IAAI,CAAA;IAChC,UAAU,EAAE,gBAAgB,CAAA;IAC5B,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,gBAAgB,EAAE,OAAO,CAAA;IACzB,eAAe,EAAE,MAAM,CAAA;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,EAAE,MAAM,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,IAAI,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,WAAW,CAAC,EAAE;QACZ,WAAW,EAAE,MAAM,CAAA;QACnB,eAAe,EAAE,MAAM,CAAA;KACxB,CAAA;CACF,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,eAAe,EAAE,MAAM,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,oBAAoB,EAAE,MAAM,EAAE,CAAA;IAC9B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAA;IAClC,uBAAuB,EAAE,OAAO,CAAA;CACjC,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,eAAe,EAAE,MAAM,CAAA;IACvB,cAAc,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,qBAAqB,EAAE,OAAO,CAAA;CAC/B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EACJ,KAAK,GACL;QACE,aAAa,EAAE,aAAa,CAAA;KAC7B,CAAA;CACN,CAAA;AAED,MAAM,MAAM,aAAa,GACrB;IACE,QAAQ,EAAE,IAAI,CAAA;IACd,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,EAAE,MAAM,CAAA;CACd,GACD;IACE,QAAQ,EAAE,KAAK,CAAA;CAChB,CAAA;AAEL,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,mBAAmB,EAAE,MAAM,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,gBAAgB,GACxB;IACE,OAAO,EAAE,IAAI,CAAA;IACb,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAA;IACxB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;CACrB,GACD;IAAE,OAAO,EAAE,KAAK,CAAA;CAAE,CAAA;AAEtB,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA"}
|
package/dist/config/config.js
CHANGED
|
@@ -199,6 +199,49 @@ const envToCfg = (env) => {
|
|
|
199
199
|
}
|
|
200
200
|
: { enabled: false };
|
|
201
201
|
const crawlersCfg = env.crawlers ?? [];
|
|
202
|
+
const fetchCfg = {
|
|
203
|
+
disableSsrfProtection: env.fetchDisableSsrfProtection ?? false,
|
|
204
|
+
};
|
|
205
|
+
const oauthCfg = entrywayCfg
|
|
206
|
+
? {
|
|
207
|
+
issuer: entrywayCfg.url,
|
|
208
|
+
provider: false,
|
|
209
|
+
}
|
|
210
|
+
: {
|
|
211
|
+
issuer: serviceCfg.publicUrl,
|
|
212
|
+
provider: {
|
|
213
|
+
customization: {
|
|
214
|
+
name: env.serviceName ?? 'Personal PDS',
|
|
215
|
+
logo: env.logoUrl,
|
|
216
|
+
colors: {
|
|
217
|
+
primary: env.primaryColor,
|
|
218
|
+
error: env.errorColor,
|
|
219
|
+
},
|
|
220
|
+
links: [
|
|
221
|
+
{
|
|
222
|
+
title: 'Home',
|
|
223
|
+
href: env.homeUrl,
|
|
224
|
+
rel: 'bookmark',
|
|
225
|
+
},
|
|
226
|
+
{
|
|
227
|
+
title: 'Terms of Service',
|
|
228
|
+
href: env.termsOfServiceUrl,
|
|
229
|
+
rel: 'terms-of-service',
|
|
230
|
+
},
|
|
231
|
+
{
|
|
232
|
+
title: 'Privacy Policy',
|
|
233
|
+
href: env.privacyPolicyUrl,
|
|
234
|
+
rel: 'privacy-policy',
|
|
235
|
+
},
|
|
236
|
+
{
|
|
237
|
+
title: 'Support',
|
|
238
|
+
href: env.supportUrl,
|
|
239
|
+
rel: 'help',
|
|
240
|
+
},
|
|
241
|
+
].filter((f) => f.href != null),
|
|
242
|
+
},
|
|
243
|
+
},
|
|
244
|
+
};
|
|
202
245
|
return {
|
|
203
246
|
service: serviceCfg,
|
|
204
247
|
db: dbCfg,
|
|
@@ -216,6 +259,8 @@ const envToCfg = (env) => {
|
|
|
216
259
|
redis: redisCfg,
|
|
217
260
|
rateLimits: rateLimitsCfg,
|
|
218
261
|
crawlers: crawlersCfg,
|
|
262
|
+
fetch: fetchCfg,
|
|
263
|
+
oauth: oauthCfg,
|
|
219
264
|
};
|
|
220
265
|
};
|
|
221
266
|
exports.envToCfg = envToCfg;
|