npm - @autofleet/zehut - Versions diffs - 4.0.1-beta-5973b326.0 → 4.0.1 - Mend

@autofleet/zehut 4.0.1-beta-5973b326.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -4,7 +4,38 @@ This package handles authorization and authentication for AutoFleet services.
 ## V4 migration
-When upgrading from V3 to V4, the tracing system has been de-duped to use outbreak v2. This means that the context of the trace is now spread onto the headers.
-Using `getUser` will keep working, but reading anything else from the context will work only if you read from the correct context (there are now 2: `context`, and `nonHeaderContext`).
+### Outbreak v2
+When upgrading from V3 to V4, the tracing system has been de-duped to use outbreak v2.
+Historically, `zehut` and `outbreak` both added a layer of `async_hooks`, which each had a context that could store data.
+The 2 had a nearly identical API, but did not communicate with each other, nor did they share data.
+This version removes the trace added by `zehut` and only uses the `outbreak` one. This means that the context of the trace is now spread onto the headers of any outgoing HTTP request.
+In order to allow keeping data in the context, without having `outbreak` add it to the headers, a new context has been added to the `outbreak` traces - `nonHeaderContext`.
+Using the `getUser` function will keep working regularly, but reading anything else from the context will work only if you read from the correct context.
-In addition, when calling the `enableTracing` function, you can now pass in the logger, and drop the call for `logger.addContextMiddleware`.
+```diff
+- const { context } = zehut.getCurrentPayload();
+- const user = context?.get('userObject');
++ const user = zehut.getUser();
+```
+If you need to read any other data from the context, you should now read and write to `nonHeaderContext`, unless you wish for the values to be sent through to the headers of any outgoing request/response.
+```diff
+const currentTrace = zehut.getCurrentPayload();
+-const dataFromContext = currentTrace?.context?.get('DATA_FROM_CONTEXT');
++const dataFromContext = currentTrace?.nonHeaderContext?.get('DATA_FROM_CONTEXT');
+```
+### Logger
+The tracing mechanism has been updated to reduce boilerplate code.
+Now, when calling the `enableTracing` function, you can now pass in the instance of the `logger`, and drop the call for `logger.addContextMiddleware`.
+```diff
+-zehut.enableTracing();
+-
+-logger.addContextMiddleware(() => ({
+-  traceId: zehut.outbreak.getCurrentContext()?.context?.get('x-trace-id'),
+-}));
++zehut.enableTracing({ logger });
+```

package/lib/index.cjs CHANGED Viewed

@@ -1,3 +1,3 @@
-'use strict';Object.defineProperty(exports,'__esModule',{value:true});var y=require('@autofleet/outbreak'),re=require('jsonwebtoken'),le=require('node-cache'),ge=require('object-hash'),S=require('moment'),D=require('@autofleet/network');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}function _interopNamespace(e){if(e&&e.__esModule)return e;var n=Object.create(null);if(e){Object.keys(e).forEach(function(k){if(k!=='default'){var d=Object.getOwnPropertyDescriptor(e,k);Object.defineProperty(n,k,d.get?d:{enumerable:true,get:function(){return e[k]}});}})}n.default=e;return Object.freeze(n)}var y__namespace=/*#__PURE__*/_interopNamespace(y);var re__namespace=/*#__PURE__*/_interopNamespace(re);var le__default=/*#__PURE__*/_interopDefault(le);var ge__default=/*#__PURE__*/_interopDefault(ge);var S__default=/*#__PURE__*/_interopDefault(S);var D__default=/*#__PURE__*/_interopDefault(D);var {DEPRECATED_JWT_SECRET:ie,JWT_NEW_SECRET:oe,DEPRECATED_REFRESH_JWT_SECRET:ne,REFRESH_JWT_SECRET:ae,DEPRECATION_UNIX_TIMESTAMP:ce}=process.env,_=(t,e,s)=>{let r=S__default.default(parseInt(ce,10)*1e3);try{let i;if(t){let{iat:o}=re__namespace.default.decode(t);i=S__default.default(o*1e3);}else i=S__default.default();return i.isBefore(r)?e:s}catch{return s}},de=t=>_(t,ne,ae),A=t=>_(t,ie,oe);var I=t=>t.replace("Bearer ",""),C=(t,e)=>{let s=I(t);return re__namespace.verify(s,A(s))};var ue="00000000-0000-0000-0000-000000000000",me="ffffffff-ffff-ffff-ffff-ffffffffffff",E="[0-9a-f]",pe="[1-8]",fe=new RegExp(`^(?:${E}{8}-${E}{4}-${pe}${E}{3}-[89ab]${E}{3}-${E}{12}|${ue}|${me})$`,"i");function L(t){return typeof t=="string"&&fe.test(t)}var M=10,k=process.env.API_GATEWAY_URL||"https://api.autofleet.io",b=new D__default.default({serviceName:"IDENTITY_MS",retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:M*1e3}:undefined}),w=new D__default.default({baseURL:k,serviceUrl:k,retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:M*1e3}:undefined});var g="x-af-elevated-permissions",U="x-af-context-ids",l=new le__default.default({stdTTL:10}),H=(t,e)=>{let s={...t,fleets:{...t?.fleets},businessModels:{...t?.businessModels},demandSources:{...t?.demandSources}};for(let r of e)Object.keys(r).forEach(i=>{s[i]??={},Object.entries(r[i]).forEach(([o,n])=>{s[i][o]=(s[i][o]||[]).concat(n);});});return s},m=class{constructor(e,s,r,i){this.id=e;this.accountType=s;this.contextIds=i;this.privateElevatedPermissionsHash=new Map;this.appPermission={};this.emptyUser=!!e,r&&this.privateElevatedPermissionsHash.set(Symbol("initial"),r);}async getUserPermissions(){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let e=ge__default.default({id:this.id,contextIds:this.contextIds}),s=l.get(e);return s||({data:s}=await b.get(`/api/v1/users/${this.id}/authorization-payload`,{params:{contextIds:this.contextIds}}),l.set(e,s)),this.accountType=s.accountType,this.privatePermissions=s,this.privatePermissions}async useCustomPermissionLoader(e){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let s=this.id,r=l.get(s);if(r)return this.privatePermissions=r,r;let i=await e(this.id);return l.set(s,i),this.privatePermissions=i,this.privatePermissions}get businessModels(){return this.getUserProperty("businessModels")}get fleets(){return this.getUserProperty("fleets")}get demandSources(){return this.getUserProperty("demandSources")}getUserProperty(e){if(!this.privatePermissions)throw new Error(`Cannot get ${e} without calling (async) getUserPermissions before`);return Object.keys(this.privatePermissions[e]||{})}get elevatedPermissions(){return H(undefined,this.privateElevatedPermissionsHash.values())}get permissions(){if(!this.privatePermissions)throw new Error("Cannot get permissions without calling (async) getUserPermissions before");return H(this.privatePermissions,this.privateElevatedPermissionsHash.values())}elevatePermissions(e){let s=Symbol();Object.values(e).forEach(n=>{Object.keys(n).forEach(a=>{if(!L(a))throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${a}`)});});let r=y.getCurrentContext();if(!r)throw new Error("Cannot find current user cross services trace");let i=JSON.parse(r.context[g]||"{}"),o=Object.assign(i,e);return this.privateElevatedPermissionsHash.set(s,o),r.context.set(g,JSON.stringify(this.elevatedPermissions)),()=>{this.privateElevatedPermissionsHash.delete(s),r.context.set(g,JSON.stringify(this.elevatedPermissions));}}async getUserPermissionsLegacy(){if(!this.id)return;if(this.privatePermissionsLegacy)return this.privatePermissionsLegacy;let{data:e}=await b.get(`/api/v1/users/${this.id}/authorization-payload-legacy`);return this.privatePermissionsLegacy=e,this.privatePermissionsLegacy}get permissionsLegacy(){if(!this.privatePermissionsLegacy)throw new Error("Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before");return this.privatePermissionsLegacy}async getUserAppPermissions(e,s){if(!this.id||!e||!s)return;let r=this.appPermission[e];if(r)return r;let i=`${this.id}:${e}`,o=l.get(i);if(o)return this.appPermission[e]=o,o;let{data:n}=await w.post(`/api/v1/apps/${e}/get-user-payload`,{userId:this.id},{headers:{"x-autofleet-apps-secret":s}});return l.set(i,n),this.appPermission[e]=n,this.appPermission[e]}};var j=async(t,e)=>{let{data:s}=await w.post("/api/v1/auth",{bearer:t,appId:e});return s};var P=class extends Error{constructor(){super(...arguments);this.name="AppDoesNotExist";this.message="app does not exist";}};var Ee="identity-ms",Ue="accessToken",p="userObject",W="x-af-user-id",J="X-IAF-ORIGIN-SERVICE",R="x-af-user-permissions",xe=J.toLowerCase(),z=(t={})=>async(e,s,r)=>{try{if((e.headers[J]||e.headers[xe]||"").toLowerCase()===Ee)return r();let{eagerLoadUserPermissions:o,eagerLoadUserPermissionsLegacy:n,customPermissionLoader:a}=t,d=e.headers[W];if(!d)return r();let f=e.headers[g]?.length>0?JSON.parse(e.headers[g]):{},u=e.headers?.[U]?.split(","),c=new m(d,"user",f,u);return o&&(a?await c.useCustomPermissionLoader(a):await c.getUserPermissions()),n&&await c.getUserPermissionsLegacy(),e.user=c,y.getCurrentContext().nonHeaderContext?.set(p,c),e.headers[R]=c,r()}catch{return s.status(401),s.json({error:"cannot authenticate user"})}},F=(t={})=>async(e,s,r)=>{let{eagerLoadUserPermissions:i,eagerLoadUserPermissionsLegacy:o,returnErrorIfNoToken:n}=t,a;if(e.headers.authorization){try{a=await C(e.headers.authorization);}catch(c){c instanceof re.TokenExpiredError?(s.status(401),s.json({errors:["Access token expired"]})):c instanceof re.JsonWebTokenError?(s.status(400),s.json({errors:[c.message]})):(s.status(500),s.json({errors:["Server error while parsing token"]}));return}let d=a?.user?.id;d&&(e.headers[W]=d);let f=e.headers?.[U]?.split(","),u=new m(d,a?.user?.accountType,undefined,f);i&&await u.getUserPermissions(),o&&await u.getUserPermissionsLegacy(),e.user=u,y.getCurrentContext().nonHeaderContext?.set(p,u),e.headers[R]=u;}else if(n)return s.status(401),s.json({errors:["No token provided"]});return r()},G=t=>async(e,s,r)=>{let{appId:i,clientSecret:o}=t,n;if(!e.headers.authorization)return s.status(401),s.json({errors:["No token provided"]});try{if(n=await j(e.headers.authorization,i),!n)throw new P}catch(u){return u instanceof re.TokenExpiredError?s.status(401).json({errors:["Access token expired"]}):[re.JsonWebTokenError,P].some(c=>u instanceof c)?s.status(400).json({errors:[u.message]}):s.status(500).json({errors:["Server error while parsing token"]})}let a=n?.userId;a&&(e.headers[p]=a);let d=new m(a);i&&(e.headers["x-autofleet-apps-secret"]=o,await d.getUserAppPermissions(i,o)),e.user=d;let f=y.getCurrentContext().nonHeaderContext;return f?.set(p,d),f?.set(Ue,I(e.headers.authorization)),e.headers[R]=d,r()},X=async(t,e,s)=>(await t.user.getUserPermissions(),s()),V=t=>t.headers.authorization?C(t.headers.authorization):null,K=async(t,e)=>{let s=new m(e);await s.getUserPermissions(),t??=y.newTrace(y.traceTypes.RABBIT),t.nonHeaderContext.set(p,s);},Y=m;var h=()=>y.getCurrentContext().nonHeaderContext?.get(p),x=()=>h()?.id,Z=t=>!x()||Object.keys(h().permissions.fleets).includes(t),Q=t=>!x()||Object.keys(h().permissions.businessModels).includes(t),q=t=>!x()||Object.keys(h().permissions.demandSources).includes(t);var T=class extends Error{constructor(s=null,r="UnauthorizedAccessError"){super(r);this.user=s;this.name="UnauthorizedAccessError";}};var v={NONE:"NONE",BASIC:"BASIC",JWT:"JWT"},ee={[v.NONE]:()=>{},[v.BASIC]:t=>{let{username:e,password:s}=t;return `Basic ${Buffer.from(`${e}:${s}`).toString("base64")}`},[v.JWT]:t=>{let{secret:e}=t;if(e)return `Bearer ${re__namespace.sign({},e,{expiresIn:10})}`}},te=t=>{let e=t?.method;if(!(!e||!ee[e]))return ee[e](t)};var we=y__namespace.getCurrentContext,as=({outbreakOptions:t={},logger:e}={})=>{y__namespace.default({headersPrefix:"x-af",contextMiddlewareGetter:e?.addContextMiddleware,...t});},{traceTypes:Te,newTrace:Se}=y__namespace;var cs={traceTypes:Te,newTrace:Se,User:Y,middleware:z,middlewareWithDecode:F,eagerLoadPermissionsMiddleware:X,getCurrentPayload:we,getDecodedBearer:V,checkFleetPermission:Z,checkBusinessModelPermission:Q,checkDemandSourcePermission:q,isUserExist:x,getUser:h,UnauthorizedAccessError:T,appMiddleware:G,createOrSetRabbitTrace:K,outbreak:y__namespace,AUTHORIZATION_METHODS:v,getAuthorizationHeader:te,CONTEXTS_IDS_HEADER:U};
-exports.outbreak=y__namespace;exports.AUTHORIZATION_METHODS=v;exports.CONTEXTS_IDS_HEADER=U;exports.UnauthorizedAccessError=T;exports.User=Y;exports.appMiddleware=G;exports.checkBusinessModelPermission=Q;exports.checkDemandSourcePermission=q;exports.checkFleetPermission=Z;exports.createOrSetRabbitTrace=K;exports.default=cs;exports.eagerLoadPermissionsMiddleware=X;exports.enableTracing=as;exports.getAuthorizationHeader=te;exports.getCurrentPayload=we;exports.getDecodedBearer=V;exports.getRefreshTokenSecret=de;exports.getTokenSecret=A;exports.getUser=h;exports.isUserExist=x;exports.middleware=z;exports.middlewareWithDecode=F;exports.newTrace=Se;exports.traceTypes=Te;//# sourceMappingURL=index.cjs.map
+'use strict';Object.defineProperty(exports,'__esModule',{value:true});var h=require('@autofleet/outbreak'),v=require('jsonwebtoken'),le=require('node-cache'),ge=require('object-hash'),b=require('moment'),j=require('@autofleet/network');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}function _interopNamespace(e){if(e&&e.__esModule)return e;var n=Object.create(null);if(e){Object.keys(e).forEach(function(k){if(k!=='default'){var d=Object.getOwnPropertyDescriptor(e,k);Object.defineProperty(n,k,d.get?d:{enumerable:true,get:function(){return e[k]}});}})}n.default=e;return Object.freeze(n)}var h__namespace=/*#__PURE__*/_interopNamespace(h);var v__namespace=/*#__PURE__*/_interopNamespace(v);var le__default=/*#__PURE__*/_interopDefault(le);var ge__default=/*#__PURE__*/_interopDefault(ge);var b__default=/*#__PURE__*/_interopDefault(b);var j__default=/*#__PURE__*/_interopDefault(j);var {DEPRECATED_JWT_SECRET:ie,JWT_NEW_SECRET:oe,DEPRECATED_REFRESH_JWT_SECRET:ne,REFRESH_JWT_SECRET:ae,DEPRECATION_UNIX_TIMESTAMP:ce}=process.env,k=(s,e,t)=>{let r=b__default.default(parseInt(ce,10)*1e3);try{let i;if(s){let{iat:o}=v__namespace.default.decode(s);i=b__default.default(o*1e3);}else i=b__default.default();return i.isBefore(r)?e:t}catch{return t}},de=s=>k(s,ne,ae),A=s=>k(s,ie,oe);var S=s=>s.replace("Bearer ",""),I=(s,e)=>{let t=S(s);return v__namespace.verify(t,A(t))};var ue="00000000-0000-0000-0000-000000000000",pe="ffffffff-ffff-ffff-ffff-ffffffffffff",y="[0-9a-f]",me="[1-8]",fe=new RegExp(`^(?:${y}{8}-${y}{4}-${me}${y}{3}-[89ab]${y}{3}-${y}{12}|${ue}|${pe})$`,"i");function H(s){return typeof s=="string"&&fe.test(s)}var $=10,M=process.env.API_GATEWAY_URL||"https://api.autofleet.io",C=new j__default.default({serviceName:"IDENTITY_MS",retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:$*1e3}:void 0}),x=new j__default.default({baseURL:M,serviceUrl:M,retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:$*1e3}:void 0});var m="x-af-elevated-permissions",E="x-af-context-ids",l=new le__default.default({stdTTL:10}),B=(s,e)=>{let t={...s,fleets:{...s?.fleets},businessModels:{...s?.businessModels},demandSources:{...s?.demandSources}};for(let r of e)Object.keys(r).forEach(i=>{t[i]??={},Object.entries(r[i]).forEach(([o,n])=>{t[i][o]=(t[i][o]||[]).concat(n);});});return t},p=class{constructor(e,t,r,i){this.id=e;this.accountType=t;this.contextIds=i;this.privateElevatedPermissionsHash=new Map;this.appPermission={};this.emptyUser=!!e,r&&this.privateElevatedPermissionsHash.set(Symbol("initial"),r);}async getUserPermissions(){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let e=ge__default.default({id:this.id,contextIds:this.contextIds}),t=l.get(e);return t||({data:t}=await C.get(`/api/v1/users/${this.id}/authorization-payload`,{params:{contextIds:this.contextIds}}),l.set(e,t)),this.accountType=t.accountType,this.privatePermissions=t,this.privatePermissions}async useCustomPermissionLoader(e){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let t=this.id,r=l.get(t);if(r)return this.privatePermissions=r,r;let i=await e(this.id);return l.set(t,i),this.privatePermissions=i,this.privatePermissions}get businessModels(){return this.getUserProperty("businessModels")}get fleets(){return this.getUserProperty("fleets")}get demandSources(){return this.getUserProperty("demandSources")}getUserProperty(e){if(!this.privatePermissions)throw new Error(`Cannot get ${e} without calling (async) getUserPermissions before`);return Object.keys(this.privatePermissions[e]||{})}get elevatedPermissions(){return B(void 0,this.privateElevatedPermissionsHash.values())}get permissions(){if(!this.privatePermissions)throw new Error("Cannot get permissions without calling (async) getUserPermissions before");return B(this.privatePermissions,this.privateElevatedPermissionsHash.values())}elevatePermissions(e){let t=Symbol();Object.values(e).forEach(n=>{Object.keys(n).forEach(a=>{if(!H(a))throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${a}`)});});let r=h.getCurrentContext();if(!r)throw new Error("Cannot find current user cross services trace");let i=JSON.parse(r.context[m]||"{}"),o=Object.assign(i,e);return this.privateElevatedPermissionsHash.set(t,o),r.context.set(m,JSON.stringify(this.elevatedPermissions)),()=>{this.privateElevatedPermissionsHash.delete(t),r.context.set(m,JSON.stringify(this.elevatedPermissions));}}async getUserPermissionsLegacy(){if(!this.id)return;if(this.privatePermissionsLegacy)return this.privatePermissionsLegacy;let{data:e}=await C.get(`/api/v1/users/${this.id}/authorization-payload-legacy`);return this.privatePermissionsLegacy=e,this.privatePermissionsLegacy}get permissionsLegacy(){if(!this.privatePermissionsLegacy)throw new Error("Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before");return this.privatePermissionsLegacy}async getUserAppPermissions(e,t){if(!this.id||!e||!t)return;let r=this.appPermission[e];if(r)return r;let i=`${this.id}:${e}`,o=l.get(i);if(o)return this.appPermission[e]=o,o;let{data:n}=await x.post(`/api/v1/apps/${e}/get-user-payload`,{userId:this.id},{headers:{"x-autofleet-apps-secret":t}});return l.set(i,n),this.appPermission[e]=n,this.appPermission[e]}};var W=async(s,e)=>{let{data:t}=await x.post("/api/v1/auth",{bearer:s,appId:e});return t};var g=class extends Error{constructor(){super(...arguments);this.name="AppDoesNotExist";this.message="app does not exist";}};var Ee="identity-ms",Ue="accessToken",P="userObject",O="x-af-user-id",J="X-IAF-ORIGIN-SERVICE",_="x-af-user-permissions",xe=J.toLowerCase(),ve="x-autofleet-apps-secret",z=(s={})=>async(e,t,r)=>{try{if((e.headers[J]||e.headers[xe]||"").toLowerCase()===Ee){r();return}let{eagerLoadUserPermissions:o,eagerLoadUserPermissionsLegacy:n,customPermissionLoader:a}=s,d=e.headers[O];if(!d){r();return}let f=e.headers[m]&&e.headers[m].length>0?JSON.parse(e.headers[m]):{},u=e.headers?.[E]?.split(","),c=new p(d,"user",f,u);o&&(a?await c.useCustomPermissionLoader(a):await c.getUserPermissions()),n&&await c.getUserPermissionsLegacy(),e.user=c,h.getCurrentContext().nonHeaderContext?.set(P,c),e.headers[_]=c,r();}catch{t.status(401).json({error:"cannot authenticate user"});}},F=(s={})=>async(e,t,r)=>{let{eagerLoadUserPermissions:i,eagerLoadUserPermissionsLegacy:o,returnErrorIfNoToken:n}=s,a;if(e.headers.authorization){try{a=await I(e.headers.authorization);}catch(c){c instanceof v__namespace.default.TokenExpiredError?t.status(401).json({errors:["Access token expired"]}):c instanceof v__namespace.default.JsonWebTokenError?t.status(400).json({errors:[c.message]}):t.status(500).json({errors:["Server error while parsing token"]});return}let d=a?.user?.id;d&&(e.headers[O]=d);let f=e.headers?.[E]?.split(","),u=new p(d,a?.user?.accountType,void 0,f);(i||o)&&await Promise.all([i&&u.getUserPermissions(),o&&u.getUserPermissionsLegacy()]),e.user=u,h.getCurrentContext().nonHeaderContext?.set(P,u),e.headers[_]=u;}else if(n){t.status(401).json({errors:["No token provided"]});return}r();},G=s=>async(e,t,r)=>{let{appId:i,clientSecret:o}=s,n;if(!e.headers.authorization){t.status(401).json({errors:["No token provided"]});return}try{if(n=await W(e.headers.authorization,i),!n)throw new g}catch(u){if(u instanceof v__namespace.default.TokenExpiredError){t.status(401).json({errors:["Access token expired"]});return}if([v__namespace.default.JsonWebTokenError,g].some(c=>u instanceof c)){t.status(400).json({errors:[u.message]});return}t.status(500).json({errors:["Server error while parsing token"]});return}let a=n?.userId;a&&(e.headers[O]=a);let d=new p(a);i&&(e.headers[ve]=o,await d.getUserAppPermissions(i,o)),e.user=d;let f=h.getCurrentContext().nonHeaderContext;f?.set(P,d),f?.set(Ue,S(e.headers.authorization)),e.headers[_]=d,r();},X=async(s,e,t)=>{await s.user.getUserPermissions(),t();},V=s=>s.headers.authorization?I(s.headers.authorization):null,K=async(s,e)=>{let t=new p(e);await t.getUserPermissions(),s??=h.newTrace(h.traceTypes.RABBIT),s.nonHeaderContext.set(P,t);},Y=p;var T=()=>h.getCurrentContext().nonHeaderContext?.get(P),L=()=>T()?.id,N=(s,e)=>!L()||Object.hasOwn(T().permissions[e],s),Z=s=>N(s,"fleets"),Q=s=>N(s,"businessModels"),q=s=>N(s,"demandSources");var w=class extends Error{constructor(t=null,r="UnauthorizedAccessError"){super(r);this.user=t;this.name="UnauthorizedAccessError";}};var U={NONE:"NONE",BASIC:"BASIC",JWT:"JWT"},ee={[U.NONE]:()=>{},[U.BASIC]:s=>{let{username:e,password:t}=s;return `Basic ${Buffer.from(`${e}:${t}`).toString("base64")}`},[U.JWT]:s=>{let{secret:e}=s;if(e)return `Bearer ${v__namespace.sign({},e,{expiresIn:10})}`}},te=s=>{let e=s?.method;if(!(!e||!ee[e]))return ee[e](s)};var we=h__namespace.getCurrentContext,cs=({outbreakOptions:s={},logger:e}={})=>{h__namespace.default({headersPrefix:"x-af",contextMiddlewareGetter:e?.addContextMiddleware,...s});},{traceTypes:be,newTrace:Ae}=h__namespace;var ds={traceTypes:be,newTrace:Ae,User:Y,middleware:z,middlewareWithDecode:F,eagerLoadPermissionsMiddleware:X,getCurrentPayload:we,getDecodedBearer:V,checkFleetPermission:Z,checkBusinessModelPermission:Q,checkDemandSourcePermission:q,isUserExist:L,getUser:T,UnauthorizedAccessError:w,appMiddleware:G,createOrSetRabbitTrace:K,outbreak:h__namespace,AUTHORIZATION_METHODS:U,getAuthorizationHeader:te,CONTEXTS_IDS_HEADER:E};
+exports.outbreak=h__namespace;exports.AUTHORIZATION_METHODS=U;exports.CONTEXTS_IDS_HEADER=E;exports.UnauthorizedAccessError=w;exports.User=Y;exports.appMiddleware=G;exports.checkBusinessModelPermission=Q;exports.checkDemandSourcePermission=q;exports.checkFleetPermission=Z;exports.createOrSetRabbitTrace=K;exports.default=ds;exports.eagerLoadPermissionsMiddleware=X;exports.enableTracing=cs;exports.getAuthorizationHeader=te;exports.getCurrentPayload=we;exports.getDecodedBearer=V;exports.getRefreshTokenSecret=de;exports.getTokenSecret=A;exports.getUser=T;exports.isUserExist=L;exports.middleware=z;exports.middlewareWithDecode=F;exports.newTrace=Ae;exports.traceTypes=be;//# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map

package/lib/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/secret-getter.ts","../src/utils.ts","../src/services.ts","../src/user/ApiUser.ts","../src/app-auth.ts","../src/exceptions/appDoesNotExist.ts","../src/user/index.ts","../src/check-permission.ts","../src/errors.ts","../src/authorization.ts","../src/index.ts"],"names":["DEPRECATED_JWT_SECRET","JWT_NEW_SECRET","DEPRECATED_REFRESH_JWT_SECRET","REFRESH_JWT_SECRET","DEPRECATION_UNIX_TIMESTAMP","getRelevantSecret","token","deprecatedSecret","newSecret","deprecationTime","moment","unixTime","iat","jwt","getRefreshTokenSecret","getTokenSecret","getAuthFromBearer","bearer","decodeBearer","appSecret","N","EMPTY_UUID","FULL_UUID","VALID_CHARS_REGEX","UUID_VERSION_REGEX","UUID_REGEX","validateUUID","uuid","CACHE_LIFETIME_IN_SEC","apiGwUrl","IdentityNetwork","Network","AutofleetApiNetwork","ELEVATED_PERMISSIONS_HEADER","CONTEXTS_IDS_HEADER","userCache","NodeCache","mergePermissions","target","sources","permissions","source","entityType","entityId","perms","ApiUser","id","accountType","elevatedPermissions","contextIds","cacheKey","objectHash","data","customPermissionLoader","cachedResult","key","addedPermissions","elevationId","entityIds","currentUserTrace","getCurrentContext","currentElevation","newElevation","appId","clientSecret","currentAppPermission","decodeAppBearer","decoded","AppDoesNotExist","IDENTITY_MS","ACCESS_TOKEN","USER_OBJECT","USER_TRACING_HEADER","ORIGIN_HEADER","USER_PERMISSIONS_HEADER","LOWER_CASE_ORIGIN_HEADER","middleware","options","req","res","next","eagerLoadUserPermissions","eagerLoadUserPermissionsLegacy","userId","elevatedPermissionsFromHeader","userObject","middlewareWithDecode","returnErrorIfNoToken","e","TokenExpiredError","JsonWebTokenError","appMiddleware","Err","currentTraceContext","eagerLoadPermissionsMiddleware","getDecodedBearer","createOrSetRabbitTrace","trace","newTrace","traceTypes","user_default","getUser","isUserExist","checkFleetPermission","fleetId","checkBusinessModelPermission","businessModelId","checkDemandSourcePermission","demandSourceId","UnauthorizedAccessError","user","message","AUTHORIZATION_METHODS","AUTHORIZATION_ACTIONS","authorizationSettings","username","password","secret","se","getAuthorizationHeader","authorizationMethod","getCurrentPayload","y","enableTracing","outbreakOptions","logger","outbreak","index_default"],"mappings":"y4BAGA,IAAM,CACJ,qBAAAA,CAAAA,EAAAA,CAAuB,eAAAC,EACvB,CAAA,6BAAA,CAAAC,GAA+B,kBAAAC,CAAAA,EAAAA,CAC/B,0BAAAC,CAAAA,EACF,CAAI,CAAA,OAAA,CAAQ,IAENC,CAAoB,CAAA,CAACC,EAA2BC,CAA0BC,CAAAA,CAAAA,GAA8B,CAC5G,IAAMC,CAAAA,CAAkBC,mBAAO,QAASN,CAAAA,EAAAA,CAA4B,EAAE,CAAI,CAAA,GAAI,EAC9E,GAAI,CACF,IAAIO,CACJ,CAAA,GAAIL,CAAO,CAAA,CACT,GAAM,CAAE,IAAAM,CAAI,CAAA,CAAIC,sBAAI,MAAOP,CAAAA,CAAK,EAChCK,CAAWD,CAAAA,kBAAAA,CAAOE,CAAM,CAAA,GAAI,EAC9B,CAAA,KACED,EAAWD,kBAAO,EAAA,CAEpB,OAAOC,CAAS,CAAA,QAAA,CAASF,CAAe,CAAIF,CAAAA,CAAAA,CAAmBC,CACjE,CAAA,KAAY,CACV,OAAOA,CACT,CACF,CAAA,CAEaM,GAAyBR,CAA2BD,EAAAA,CAAAA,CAAkBC,EAAOJ,EAA+BC,CAAAA,EAAkB,EAC9HY,CAAkBT,CAAAA,CAAAA,EAA2BD,EAAkBC,CAAON,CAAAA,EAAAA,CAAuBC,EAAc,ECfjH,IAAMe,EAAqBC,CAA2BA,EAAAA,CAAAA,CAAO,OAAQ,CAAA,SAAA,CAAW,EAAE,CAAA,CAE5EC,EAAe,CAACD,CAAAA,CAAgBE,IAA4B,CACvE,IAAMb,EAAQU,CAAkBC,CAAAA,CAAM,CAEtC,CAAA,OADoBG,aAAOd,CAAAA,MAAAA,CAAAA,CAAAA,CAAoBS,CAAeT,CAAAA,CAAK,CAAC,CAEtE,CAAA,CAyDA,IAAMe,EAAa,CAAA,sCAAA,CACbC,EAAY,CAAA,sCAAA,CACZC,CAAoB,CAAA,UAAA,CACpBC,GAAqB,OACrBC,CAAAA,EAAAA,CAAa,IAAI,MAAO,CAAA,CAAA,IAAA,EAAOF,CAAiB,CAAOA,IAAAA,EAAAA,CAAiB,CAAOC,IAAAA,EAAAA,EAAkB,CAAGD,EAAAA,CAAiB,aAAaA,CAAiB,CAAA,IAAA,EAAOA,CAAiB,CAAQF,KAAAA,EAAAA,EAAU,IAAIC,EAAS,CAAA,EAAA,CAAA,CAAM,GAAG,CAAA,CAClN,SAASI,CAAAA,CAAaC,EAA6B,CACxD,OAAO,OAAOA,CAAS,EAAA,QAAA,EAAYF,GAAW,IAAKE,CAAAA,CAAI,CACzD,CC/EA,IAAMC,CAAAA,CAAwB,GACxBC,CAAW,CAAA,OAAA,CAAQ,IAAI,eAAmB,EAAA,0BAAA,CAGnCC,CAAkB,CAAA,IAAIC,kBAAQ,CAAA,CACzC,YAAa,aACb,CAAA,OAAA,CAAS,EACT,cAAgB,CAAA,IAAM,KACtB,KAAO,CAAA,OAAA,CAAQ,IAAI,QAAa,GAAA,MAAA,CAAS,CACvC,MAAQH,CAAAA,CAAAA,CAAwB,GAClC,CAAI,CAAA,SACN,CAAC,CAEYI,CAAAA,CAAAA,CAAsB,IAAID,kBAAAA,CAAQ,CAC7C,OAAA,CAASF,EACT,UAAYA,CAAAA,CAAAA,CACZ,QAAS,CACT,CAAA,cAAA,CAAgB,IAAM,IACtB,CAAA,KAAA,CAAO,OAAQ,CAAA,GAAA,CAAI,QAAa,GAAA,MAAA,CAAS,CACvC,MAAQD,CAAAA,CAAAA,CAAwB,GAClC,CAAI,CAAA,SACN,CAAC,CCZM,CAAA,IAAMK,CAA8B,CAAA,2BAAA,CAC9BC,CAAsB,CAAA,kBAAA,CAuB7BC,EAAY,IAAIC,mBAAAA,CAAU,CAAE,MAAQ,CAAA,EAAG,CAAC,CAExCC,CAAAA,CAAAA,CAAmB,CAACC,CAAqBC,CAAAA,CAAAA,GAAuD,CACpG,IAAMC,CAAAA,CAA2B,CAC/B,GAAGF,CAAAA,CACH,OAAQ,CAAE,GAAGA,CAAQ,EAAA,MAAO,CAC5B,CAAA,cAAA,CAAgB,CAAE,GAAGA,CAAAA,EAAQ,cAAe,CAC5C,CAAA,aAAA,CAAe,CAAE,GAAGA,CAAAA,EAAQ,aAAc,CAE5C,CAGA,CAAA,IAAA,IAAWG,KAAUF,CACnB,CAAA,MAAA,CAAO,KAAKE,CAAM,CAAA,CAAE,QAASC,CAAe,EAAA,CAE1CF,CAAYE,CAAAA,CAAU,CAAM,GAAA,GAC5B,MAAO,CAAA,OAAA,CAAQD,EAAOC,CAAU,CAAE,EAAE,OAAQ,CAAA,CAAC,CAACC,CAAUC,CAAAA,CAAK,IAAM,CAEjEJ,CAAAA,CAAYE,CAAU,CAAEC,CAAAA,CAAQ,GAAKH,CAAYE,CAAAA,CAAU,CAAEC,CAAAA,CAAQ,CAAK,EAAA,IAAI,MAAOC,CAAAA,CAAK,EAC5F,CAAC,EACH,CAAC,CAGH,CAAA,OAAOJ,CACT,CAAA,CAEqBK,CAArB,CAAA,KAA6B,CAW3B,WAAmBC,CAAAA,CAAAA,CAAqBC,EAA2BC,CAAiDC,CAAAA,CAAAA,CAAuB,CAAxH,IAAAH,CAAAA,EAAAA,CAAAA,CAAAA,CAAqB,IAAAC,CAAAA,WAAAA,CAAAA,CAAAA,CAA4E,IAAAE,CAAAA,UAAAA,CAAAA,CAAAA,CARpH,KAAiB,8BAAiC,CAAA,IAAI,IAItD,IAAiB,CAAA,aAAA,CAAwC,EAKvD,CAAA,IAAA,CAAK,SAAY,CAAA,CAAC,CAACH,CAAAA,CACfE,GACF,IAAK,CAAA,8BAAA,CAA+B,IAAI,MAAO,CAAA,SAAS,EAAGA,CAAmB,EAElF,CAEA,MAAM,kBAA2C,EAAA,CAC/C,GAAI,CAAC,IAAA,CAAK,GACR,OAEF,GAAI,KAAK,kBACP,CAAA,OAAO,IAAK,CAAA,kBAAA,CAEd,IAAME,CAAAA,CAAWC,oBAAW,CAC1B,EAAA,CAAI,KAAK,EACT,CAAA,UAAA,CAAY,KAAK,UACnB,CAAC,CAEGC,CAAAA,CAAAA,CAAOjB,CAAU,CAAA,GAAA,CAAiBe,CAAQ,CAE9C,CAAA,OAAKE,IACF,CAAE,IAAA,CAAAA,CAAK,CAAI,CAAA,MAAMtB,EAAgB,GAAI,CAAA,CAAA,cAAA,EAAiB,KAAK,EAAE,CAAA,sBAAA,CAAA,CAA0B,CAAE,MAAQ,CAAA,CAAE,WAAY,IAAK,CAAA,UAAW,CAAE,CAAC,CACnIK,CAAAA,CAAAA,CAAU,IAAIe,CAAUE,CAAAA,CAAI,GAG9B,IAAK,CAAA,WAAA,CAAcA,EAAK,WACxB,CAAA,IAAA,CAAK,kBAAqBA,CAAAA,CAAAA,CACnB,IAAK,CAAA,kBACd,CAEA,MAAM,yBAAA,CAA0BC,EAAmD,CACjF,GAAI,CAAC,IAAK,CAAA,EAAA,CACR,OAEF,GAAI,IAAK,CAAA,kBAAA,CACP,OAAO,IAAK,CAAA,kBAAA,CAGd,IAAMH,CAAW,CAAA,IAAA,CAAK,GAEhBI,CAAenB,CAAAA,CAAAA,CAAU,IAAiBe,CAAQ,CAAA,CACxD,GAAII,CACF,CAAA,OAAA,IAAA,CAAK,mBAAqBA,CACnBA,CAAAA,CAAAA,CAGT,IAAMF,CAAO,CAAA,MAAMC,CAAuB,CAAA,IAAA,CAAK,EAAE,CAAA,CACjD,OAAAlB,CAAU,CAAA,GAAA,CAAIe,EAAUE,CAAI,CAAA,CAE5B,KAAK,kBAAqBA,CAAAA,CAAAA,CACnB,IAAK,CAAA,kBACd,CAEA,IAAI,gBAAuC,CACzC,OAAO,KAAK,eAAgB,CAAA,gBAAgB,CAC9C,CAEA,IAAI,MAA+B,EAAA,CACjC,OAAO,IAAA,CAAK,gBAAgB,QAAQ,CACtC,CAEA,IAAI,aAAA,EAAsC,CACxC,OAAO,IAAA,CAAK,gBAAgB,eAAe,CAC7C,CAEQ,eAAgBG,CAAAA,CAAAA,CAA8C,CACpE,GAAI,CAAC,KAAK,kBACR,CAAA,MAAM,IAAI,KAAA,CAAM,CAAcA,WAAAA,EAAAA,CAAG,oDAAoD,CAEvF,CAAA,OAAO,OAAO,IAAK,CAAA,IAAA,CAAK,mBAAmBA,CAAG,CAAA,EAAK,EAAE,CACvD,CAEA,IAAI,mBAAmC,EAAA,CACrC,OAAOlB,CAAiB,CAAA,SAAA,CAAW,KAAK,8BAA+B,CAAA,MAAA,EAAQ,CACjF,CAEA,IAAI,aAAuC,CACzC,GAAI,CAAC,IAAK,CAAA,kBAAA,CACR,MAAM,IAAI,KAAA,CAAM,0EAA0E,CAAA,CAG5F,OAAOA,CAAAA,CAAiB,KAAK,kBAAoB,CAAA,IAAA,CAAK,+BAA+B,MAAO,EAAC,CAC/F,CAEA,kBAAA,CAAmBmB,CAAkD,CAAA,CAGnE,IAAMC,CAAAA,CAAc,QAGpB,CAAA,MAAA,CAAO,OAAOD,CAAgB,CAAA,CAAE,QAASE,CAAc,EAAA,CACrD,MAAO,CAAA,IAAA,CAAKA,CAAS,CAAA,CAAE,QAASf,CAAa,EAAA,CAC3C,GAAI,CAACjB,CAAAA,CAAaiB,CAAQ,CACxB,CAAA,MAAM,IAAI,KAAA,CAAM,CAAkEA,+DAAAA,EAAAA,CAAQ,EAAE,CAEhG,CAAC,EACH,CAAC,CAAA,CAED,IAAMgB,CAAmBC,CAAAA,mBAAAA,GACzB,GAAI,CAACD,EACH,MAAM,IAAI,MAAM,+CAA+C,CAAA,CAGjE,IAAME,CAAmB,CAAA,IAAA,CAAK,KAAMF,CAAAA,CAAAA,CAAiB,OAAQ1B,CAAAA,CAA2B,GAAK,IAAI,CAAA,CAC3F6B,EAAe,MAAO,CAAA,MAAA,CAAOD,EAAkBL,CAAgB,CAAA,CACrE,OAAK,IAAA,CAAA,8BAAA,CAA+B,GAAIC,CAAAA,CAAAA,CAAaK,CAAY,CACjEH,CAAAA,CAAAA,CAAiB,QAAQ,GAAI1B,CAAAA,CAAAA,CAA6B,KAAK,SAAU,CAAA,IAAA,CAAK,mBAAmB,CAAC,CAC3F,CAAA,IAAM,CACX,IAAK,CAAA,8BAAA,CAA+B,OAAOwB,CAAW,CAAA,CACtDE,EAAiB,OAAQ,CAAA,GAAA,CAAI1B,EAA6B,IAAK,CAAA,SAAA,CAAU,KAAK,mBAAmB,CAAC,EACpG,CACF,CAEA,MAAM,wBAA2B,EAAA,CAC/B,GAAI,CAAC,IAAK,CAAA,EAAA,CACR,OAEF,GAAI,IAAA,CAAK,yBACP,OAAO,IAAA,CAAK,yBAEd,GAAM,CAAE,IAAAmB,CAAAA,CAAK,CAAI,CAAA,MAAMtB,EAAgB,GAAI,CAAA,CAAA,cAAA,EAAiB,KAAK,EAAE,CAAA,6BAAA,CAA+B,EAElG,OAAK,IAAA,CAAA,wBAAA,CAA2BsB,CACzB,CAAA,IAAA,CAAK,wBACd,CAEA,IAAI,iBAAyB,EAAA,CAC3B,GAAI,CAAC,IAAA,CAAK,yBACR,MAAM,IAAI,MAAM,sFAAsF,CAAA,CAExG,OAAO,IAAK,CAAA,wBACd,CAEA,MAAM,qBAAA,CAAsBW,EAAOC,CAAc,CAAA,CAC/C,GAAI,CAAC,IAAK,CAAA,EAAA,EAAM,CAACD,CAAS,EAAA,CAACC,EACzB,OAEF,IAAMC,EAAuB,IAAK,CAAA,aAAA,CAAcF,CAAK,CAAA,CAErD,GAAIE,CAAAA,CACF,OAAOA,CAGT,CAAA,IAAMf,EAAW,CAAG,EAAA,IAAA,CAAK,EAAE,CAAIa,CAAAA,EAAAA,CAAK,CAE9BT,CAAAA,CAAAA,CAAAA,CAAenB,CAAU,CAAA,GAAA,CAAiBe,CAAQ,CACxD,CAAA,GAAII,EACF,OAAK,IAAA,CAAA,aAAA,CAAcS,CAAK,CAAIT,CAAAA,CAAAA,CACrBA,CAGT,CAAA,GAAM,CAAE,IAAA,CAAAF,CAAK,CAAI,CAAA,MAAMpB,EAAoB,IAAK,CAAA,CAAA,aAAA,EAAgB+B,CAAK,CAAqB,iBAAA,CAAA,CAAA,CACxF,MAAQ,CAAA,IAAA,CAAK,EACf,CAAA,CAAG,CACD,OAAS,CAAA,CACP,0BAA2BC,CAC7B,CACF,CAAC,CAED,CAAA,OAAA7B,CAAU,CAAA,GAAA,CAAIe,CAAUE,CAAAA,CAAI,EAC5B,IAAK,CAAA,aAAA,CAAcW,CAAK,CAAIX,CAAAA,CAAAA,CACrB,KAAK,aAAcW,CAAAA,CAAK,CACjC,CACF,EC1OO,IAAMG,EAAkB,MAAOjD,CAAAA,CAAgB8C,IAAgC,CACpF,GAAM,CAAE,IAAMI,CAAAA,CAAQ,EAAI,MAAMnC,CAAAA,CAAoB,KAAK,cAAgB,CAAA,CAAE,OAAAf,CAAQ,CAAA,KAAA,CAAA8C,CAAM,CAAC,CAAA,CAC1F,OAAOI,CACT,CCLA,CAAA,IAAqBC,EAArB,cAA6C,KAAM,CAAnD,WACE,EAAA,CAAA,KAAA,CAAA,GAAA,SAAA,CAAA,CAAA,IAAA,CAAA,IAAA,CAAO,kBAEP,IAAU,CAAA,OAAA,CAAA,qBAAA,CACZ,CCGA,CAAA,IAAMC,EAAc,CAAA,aAAA,CACdC,GAAe,aACRC,CAAAA,CAAAA,CAAc,aACrBC,CAAsB,CAAA,cAAA,CACtBC,EAAgB,sBAChBC,CAAAA,CAAAA,CAA0B,uBAC1BC,CAAAA,EAAAA,CAA2BF,CAAc,CAAA,WAAA,GAElCG,CAAa,CAAA,CAACC,EAIvB,EAAC,GAAM,MAAOC,CAAKC,CAAAA,CAAAA,CAAKC,IAAuB,CACjD,GAAI,CAEF,GAD6BF,CAAAA,CAAAA,CAAI,QAAQL,CAAa,CAAA,EAAKK,EAAI,OAAQH,CAAAA,EAAwB,CAAK,EAAA,EAAA,EACnF,WAAY,EAAA,GAAMN,GACjC,OAAOW,CAAAA,GAET,GAAM,CACJ,yBAAAC,CACA,CAAA,8BAAA,CAAAC,CACA,CAAA,sBAAA,CAAA7B,CACF,CAAA,CAAIwB,EACEM,CAASL,CAAAA,CAAAA,CAAI,QAAQN,CAAmB,CAAA,CAC9C,GAAI,CAACW,CAAAA,CACH,OAAOH,CAAAA,EAGT,CAAA,IAAMI,EAAgCN,CAAI,CAAA,OAAA,CAAQ7C,CAA2B,CAAG,EAAA,MAAA,CAAS,EAAI,IAAK,CAAA,KAAA,CAAM6C,EAAI,OAAQ7C,CAAAA,CAA2B,CAAC,CAAI,CAAA,GAC9IgB,CAAc6B,CAAAA,CAAAA,CAAI,UAAU5C,CAAmB,CAAA,EAAc,KAAM,CAAA,GAAG,CAEtEmD,CAAAA,CAAAA,CAAa,IAAIxC,CAAQsC,CAAAA,CAAAA,CAAQ,OAAQC,CAA+BnC,CAAAA,CAAU,EACxF,OAAIgC,CAAAA,GACE5B,CACF,CAAA,MAAMgC,CAAW,CAAA,yBAAA,CAA0BhC,CAAsB,CAEjE,CAAA,MAAMgC,EAAW,kBAAmB,EAAA,CAAA,CAIpCH,GACF,MAAMG,CAAAA,CAAW,wBAAyB,EAAA,CAG5CP,CAAI,CAAA,IAAA,CAAOO,EACXzB,mBAAkB,EAAA,CAAE,kBAAkB,GAAIW,CAAAA,CAAAA,CAAac,CAAU,CAGjEP,CAAAA,CAAAA,CAAI,OAAQJ,CAAAA,CAAuB,CAAIW,CAAAA,CAAAA,CAEhCL,GACT,CAAA,KAAY,CACV,OAAAD,CAAAA,CAAI,OAAO,GAAG,CAAA,CACPA,CAAI,CAAA,IAAA,CAAK,CACd,KAAA,CAAO,0BACT,CAAC,CACH,CACF,CAEaO,CAAAA,CAAAA,CAAuB,CAACT,CAIjC,CAAA,EAAO,GAAA,MAAOC,CAAKC,CAAAA,CAAAA,CAAKC,IAAwB,CAClD,GAAM,CACJ,wBAAAC,CAAAA,CAAAA,CACA,+BAAAC,CACA,CAAA,oBAAA,CAAAK,CACF,CAAA,CAAIV,CACAV,CAAAA,CAAAA,CACJ,GAAIW,CAAI,CAAA,OAAA,CAAQ,cAAe,CAC7B,GAAI,CACFX,CAAU,CAAA,MAAMjD,EAAa4D,CAAI,CAAA,OAAA,CAAQ,aAAa,EACxD,CAAA,MAASU,EAAG,CACNA,CAAAA,YAAaC,sBACfV,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CACdA,CAAI,CAAA,IAAA,CAAK,CACP,MAAQ,CAAA,CAAC,sBAAsB,CACjC,CAAC,GACQS,CAAaE,YAAAA,oBAAAA,EACtBX,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CACdA,EAAI,IAAK,CAAA,CACP,OAAQ,CAACS,CAAAA,CAAE,OAAO,CACpB,CAAC,CAEDT,GAAAA,CAAAA,CAAI,MAAO,CAAA,GAAG,EACdA,CAAI,CAAA,IAAA,CAAK,CACP,MAAQ,CAAA,CAAC,kCAAkC,CAC7C,CAAC,GAEH,MACF,CACA,IAAMI,CAAShB,CAAAA,CAAAA,EAAS,MAAM,EAE1BgB,CAAAA,CAAAA,GACFL,EAAI,OAAQN,CAAAA,CAAmB,CAAIW,CAAAA,CAAAA,CAAAA,CAGrC,IAAMlC,CAAAA,CAAc6B,EAAI,OAAU5C,GAAAA,CAAmB,GAAc,KAAM,CAAA,GAAG,EACtEmD,CAAa,CAAA,IAAIxC,CAAQsC,CAAAA,CAAAA,CAAQhB,CAAS,EAAA,IAAA,EAAM,YAAa,SAAWlB,CAAAA,CAAU,EAEpFgC,CACF,EAAA,MAAMI,EAAW,kBAAmB,EAAA,CAGlCH,CACF,EAAA,MAAMG,CAAW,CAAA,wBAAA,GAGnBP,CAAI,CAAA,IAAA,CAAOO,EACXzB,mBAAkB,EAAA,CAAE,kBAAkB,GAAIW,CAAAA,CAAAA,CAAac,CAAU,CAGjEP,CAAAA,CAAAA,CAAI,QAAQJ,CAAuB,CAAA,CAAIW,EACzC,CAAWE,KAAAA,GAAAA,CAAAA,CACT,OAAAR,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CACPA,CAAI,CAAA,IAAA,CAAK,CACd,MAAQ,CAAA,CAAC,mBAAmB,CAC9B,CAAC,EAEH,OAAOC,CAAAA,EACT,CAAA,CAEaW,CAAiBd,CAAAA,CAAAA,EAGxB,MAAOC,CAAKC,CAAAA,CAAAA,CAAKC,IAAwB,CAC7C,GAAM,CACJ,KAAAjB,CAAAA,CAAAA,CACA,YAAAC,CAAAA,CACF,CAAIa,CAAAA,CAAAA,CACAV,EAEJ,GAAI,CAACW,EAAI,OAAQ,CAAA,aAAA,CACf,OAAAC,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CACPA,CAAI,CAAA,IAAA,CAAK,CACd,MAAQ,CAAA,CAAC,mBAAmB,CAC9B,CAAC,EAGH,GAAI,CAEF,GADAZ,CAAAA,CAAU,MAAMD,CAAAA,CAAgBY,EAAI,OAAQ,CAAA,aAAA,CAAef,CAAK,CAC5D,CAAA,CAACI,EACH,MAAM,IAAIC,CAEd,CAAA,MAASoB,CAAG,CAAA,CACV,OAAIA,CAAaC,YAAAA,oBAAAA,CACRV,EAAI,MAAO,CAAA,GAAG,EAAE,IAAK,CAAA,CAC1B,MAAQ,CAAA,CAAC,sBAAsB,CACjC,CAAC,CAEC,CAAA,CAACW,qBAAmBtB,CAAe,CAAA,CAAE,KAAMwB,CAAQJ,EAAAA,CAAAA,YAAaI,CAAG,CAC9Db,CAAAA,CAAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,CAC1B,MAAA,CAAQ,CAACS,CAAE,CAAA,OAAO,CACpB,CAAC,CAEIT,CAAAA,CAAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,CAC1B,MAAA,CAAQ,CAAC,kCAAkC,CAC7C,CAAC,CACH,CACA,IAAMI,EAAShB,CAAS,EAAA,MAAA,CACpBgB,IACFL,CAAI,CAAA,OAAA,CAAQP,CAAW,CAAIY,CAAAA,CAAAA,CAAAA,CAG7B,IAAME,CAAAA,CAAa,IAAIxC,CAAAA,CAAQsC,CAAM,CAEjCpB,CAAAA,CAAAA,GACFe,EAAI,OAAQ,CAAA,yBAAyB,EAAId,CAEzC,CAAA,MAAMqB,EAAW,qBAAsBtB,CAAAA,CAAAA,CAAOC,CAAY,CAG5Dc,CAAAA,CAAAA,CAAAA,CAAI,KAAOO,CACX,CAAA,IAAMQ,EAAsBjC,mBAAkB,EAAA,CAAE,gBAChD,CAAA,OAAAiC,CAAqB,EAAA,GAAA,CAAItB,EAAac,CAAU,CAAA,CAChDQ,GAAqB,GAAIvB,CAAAA,EAAAA,CAActD,EAAkB8D,CAAI,CAAA,OAAA,CAAQ,aAAa,CAAC,CAGnFA,CAAAA,CAAAA,CAAI,QAAQJ,CAAuB,CAAA,CAAIW,EAEhCL,CAAK,EACd,EAEac,CAAiC,CAAA,MAAOhB,CAAKC,CAAAA,CAAAA,CAAKC,CAC7D,IAAA,MAAMF,EAAI,IAAK,CAAA,kBAAA,GACRE,CAAK,EAAA,CAAA,CAGDe,EAAoBjB,CAC3BA,EAAAA,CAAAA,CAAI,QAAQ,aACP5D,CAAAA,CAAAA,CAAa4D,EAAI,OAAQ,CAAA,aAAa,EAGxC,IAGIkB,CAAAA,CAAAA,CAAyB,MAAOC,CAAgDd,CAAAA,CAAAA,GAA+B,CAC1H,IAAME,CAAa,CAAA,IAAIxC,EAAQsC,CAAM,CAAA,CAErC,MAAME,CAAW,CAAA,kBAAA,GAEjBY,CAAUC,GAAAA,UAAAA,CAASC,YAAW,CAAA,MAAM,CACpCF,CAAAA,CAAAA,CAAM,iBAAiB,GAAI1B,CAAAA,CAAAA,CAAac,CAAU,EACpD,CAAA,CAEOe,EAAQvD,ECjNR,IAAMwD,EAAU,IAA4BzC,mBAAAA,GAAoB,gBAAkB,EAAA,GAAA,CAAIW,CAAW,CAE3F+B,CAAAA,CAAAA,CAAc,IAAMD,CAAAA,EAAW,EAAA,EAAA,CAE/BE,EAAwBC,CAAoB,EAAA,CAACF,GAAiB,EAAA,MAAA,CAAO,KAAKD,CAAQ,EAAA,CAAG,WAAY,CAAA,MAAM,CAAE,CAAA,QAAA,CAASG,CAAO,CAEzHC,CAAAA,CAAAA,CAAgCC,GAA4B,CAACJ,CAAAA,IAAiB,MAAO,CAAA,IAAA,CAAKD,CAAQ,EAAA,CAAG,WAAY,CAAA,cAAc,EAAE,QAASK,CAAAA,CAAe,EAEzJC,CAA+BC,CAAAA,CAAAA,EAA2B,CAACN,CAAY,EAAA,EAAK,MAAO,CAAA,IAAA,CAAKD,CAAQ,EAAA,CAAG,YAAY,aAAa,CAAA,CAAE,SAASO,CAAc,MCTrJC,CAAN,CAAA,cAAsC,KAAM,CACjD,WAAA,CAAmBC,EAAuB,IAAMC,CAAAA,CAAAA,CAAU,0BAA2B,CACnF,KAAA,CAAMA,CAAO,CADI,CAAA,IAAA,CAAA,IAAA,CAAAD,CAEjB,CAAA,IAAA,CAAK,IAAO,CAAA,0BACd,CACF,ECNO,IAAME,EAAwB,CACnC,IAAA,CAAM,MACN,CAAA,KAAA,CAAO,OACP,CAAA,GAAA,CAAK,KACP,CAEMC,CAAAA,EAAAA,CAAwB,CAC5B,CAACD,CAAAA,CAAsB,IAAI,EAAG,IAAG,EACjC,CAAA,CAACA,CAAsB,CAAA,KAAK,EAAIE,CAA+B,EAAA,CAC7D,GAAM,CAAE,QAAA,CAAAC,EAAU,QAAAC,CAAAA,CAAS,EAAIF,CAE/B,CAAA,OAAO,SADoB,MAAO,CAAA,IAAA,CAAK,GAAGC,CAAQ,CAAA,CAAA,EAAIC,CAAQ,CAAE,CAAA,CAAA,CAAE,QAAS,CAAA,QAAQ,CACjD,CAAA,CACpC,EACA,CAACJ,CAAAA,CAAsB,GAAG,EAAIE,CAAAA,EAA+B,CAC3D,GAAM,CAAE,MAAAG,CAAAA,CAAO,CAAIH,CAAAA,CAAAA,CACnB,GAAIG,CACF,CAAA,OAAO,UAAcC,aAAK,CAAA,IAAA,CAAA,GAAID,CAAQ,CAAA,CAAE,SAAW,CAAA,EAAG,CAAC,CAAC,EAG5D,CACF,CAAA,CAEaE,GAA0BL,CAA8E,EAAA,CACnH,IAAMM,CAAsBN,CAAAA,CAAAA,EAAuB,OAEnD,GAAI,EAAA,CAACM,GAAuB,CAACP,EAAAA,CAAsBO,CAAmB,CAItE,CAAA,CAAA,OAAOP,GAAsBO,CAAmB,CAAA,CAAEN,CAAqB,CACzE,ECVA,IAAMO,GAA6BC,YAI7BC,CAAAA,iBAAAA,CAAAA,EAAAA,CAAgB,CAAC,CAAE,eAAA,CAAAC,EAAkB,EAAC,CAAG,MAAAC,CAAAA,CAAO,CAAiF,CAAA,KAAa,CACzIH,YAAA,CAAA,OAAA,CAAQ,CACf,aAAe,CAAA,MAAA,CACf,wBAAyBG,CAAQ,EAAA,oBAAA,CACjC,GAAGD,CACL,CAAC,EACH,EAEM,CAAE,UAAA,CAAAzB,GAAY,QAAAD,CAAAA,EAAS,EAAI4B,aA6BjC,IAAOC,EAAQ,CAAA,CACb,UAAA5B,CAAAA,EAAAA,CACA,SAAAD,EACA,CAAA,IAAA,CAAAE,EACA,UAAAxB,CAAAA,CAAAA,CACA,qBAAAU,CACA,CAAA,8BAAA,CAAAQ,CACA,CAAA,iBAAA,CAAA2B,EACA,CAAA,gBAAA,CAAA1B,EACA,oBAAAQ,CAAAA,CAAAA,CACA,6BAAAE,CACA,CAAA,2BAAA,CAAAE,EACA,WAAAL,CAAAA,CAAAA,CACA,OAAAD,CAAAA,CAAAA,CACA,uBAAAQ,CAAAA,CAAAA,CACA,cAAAlB,CACA,CAAA,sBAAA,CAAAK,EACA,QAAA8B,CAAAA,YAAAA,CACA,sBAAAd,CACA,CAAA,sBAAA,CAAAO,EACA,CAAA,mBAAA,CAAArF,CACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport moment from 'moment';\n\nconst {\n DEPRECATED_JWT_SECRET, JWT_NEW_SECRET,\n DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET,\n DEPRECATION_UNIX_TIMESTAMP,\n} = process.env;\n\nconst getRelevantSecret = (token: string \| undefined, deprecatedSecret: string, newSecret: string): string => {\n const deprecationTime = moment(parseInt(DEPRECATION_UNIX_TIMESTAMP, 10) * 1000);\n try {\n let unixTime: moment.Moment;\n if (token) {\n const { iat } = jwt.decode(token) as jwt.JwtPayload;\n unixTime = moment(iat * 1000);\n } else {\n unixTime = moment();\n }\n return unixTime.isBefore(deprecationTime) ? deprecatedSecret : newSecret;\n } catch (e) {\n return newSecret;\n }\n};\n\nexport const getRefreshTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET);\nexport const getTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_JWT_SECRET, JWT_NEW_SECRET);\n","import type { UUID } from 'node:crypto';\nimport * as jwt from 'jsonwebtoken';\nimport { getTokenSecret } from './secret-getter';\n\nconst CONTEXT_PROPS = ['fleetId', 'businessModelId', 'demandSourceId'];\nconst CONTEXT_MAP_PROPS = {\n fleet: 'fleets',\n business: 'businessModels',\n demand: 'demandSources',\n};\n\nexport const getAuthFromBearer = (bearer: string): string => bearer.replace('Bearer ', '');\n\nexport const decodeBearer = (bearer: string, appSecret?: string): any => {\n const token = getAuthFromBearer(bearer);\n const decoded = jwt.verify(token, appSecret \|\| getTokenSecret(token));\n return decoded;\n};\n\nexport const parsePermissions = (contextId, decodedToken): any => {\n if (!decodedToken) { return []; }\n const { contexts } = decodedToken;\n const activeContext = contexts.find((context) => context.id === contextId);\n\n const permissionsValue = `${activeContext.permissions?.map((cp) => `${cp},`)}`;\n\n return {\n key: activeContext.entityId,\n value: permissionsValue,\n };\n};\n\nexport const getEntitiesFromContext = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n\n const attributes = {};\n contexts.forEach((context) => {\n const prop = CONTEXT_MAP_PROPS[context.subSystem \|\| 'business'];\n\n const permissions = parsePermissions(context.id, decodedToken);\n // eslint-disable-next-line no-unused-expressions\n attributes[prop]\n ? attributes[prop][permissions.key] = permissions.value\n : attributes[prop] = { [permissions.key]: permissions.value };\n });\n\n return attributes;\n};\n\nexport const getContextAttributes = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n const attributes = {};\n contexts.forEach((context) => {\n CONTEXT_PROPS.forEach((prop) => {\n if (context[prop]) {\n const contextPropWrapped = [context[prop]];\n // eslint-disable-next-line no-unused-expressions\n attributes[prop]\n ? attributes[prop] = attributes[prop].concat(contextPropWrapped)\n : attributes[prop] = contextPropWrapped;\n }\n });\n });\n return attributes;\n};\n\nconst EMPTY_UUID = '00000000-0000-0000-0000-000000000000';\nconst FULL_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff';\nconst VALID_CHARS_REGEX = '[0-9a-f]';\nconst UUID_VERSION_REGEX = '[1-8]';\nconst UUID_REGEX = new RegExp(`^(?:${VALID_CHARS_REGEX}{8}-${VALID_CHARS_REGEX}{4}-${UUID_VERSION_REGEX}${VALID_CHARS_REGEX}{3}-[89ab]${VALID_CHARS_REGEX}{3}-${VALID_CHARS_REGEX}{12}\|${EMPTY_UUID}\|${FULL_UUID})$`, 'i');\nexport function validateUUID(uuid: unknown): uuid is UUID {\n return typeof uuid === 'string' && UUID_REGEX.test(uuid);\n}\n","import Network from '@autofleet/network';\n\nconst CACHE_LIFETIME_IN_SEC = 10;\nconst apiGwUrl = process.env.API_GATEWAY_URL \|\| 'https://api.autofleet.io';\n\n// eslint-disable-next-line import/prefer-default-export\nexport const IdentityNetwork = new Network({\n serviceName: 'IDENTITY_MS',\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n\nexport const AutofleetApiNetwork = new Network({\n baseURL: apiGwUrl,\n serviceUrl: apiGwUrl,\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n","import NodeCache from 'node-cache';\nimport objectHash from 'object-hash';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport { validateUUID } from '../utils';\nimport { AutofleetApiNetwork, IdentityNetwork } from '../services';\n\nexport type AccountType = 'client' \| 'user' \| 'service' \| 'driver'\ninterface EntityPermissions {\n [key: string]: string[];\n}\n\nexport const ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';\nexport const CONTEXTS_IDS_HEADER = 'x-af-context-ids';\n\nexport interface UserPayload {\n businessModels: EntityPermissions;\n fleets: EntityPermissions;\n demandSources: EntityPermissions;\n businessAccounts?: EntityPermissions;\n accountType?: AccountType;\n contexts?: EntityPermissions;\n createdAt?: string;\n}\n\nexport interface PartialUserPayload {\n businessModels?: EntityPermissions;\n fleets?: EntityPermissions;\n demandSources?: EntityPermissions;\n vehicles?: EntityPermissions;\n drivers?: EntityPermissions;\n businessAccounts?: EntityPermissions;\n}\n\nexport type CustomPermissionLoader = (string) => Promise<UserPayload>;\n\nconst userCache = new NodeCache({ stdTTL: 10 });\n\nconst mergePermissions = (target: UserPayload, sources: Iterable<PartialUserPayload>): UserPayload => {\n const permissions: UserPayload = {\n ...target,\n fleets: { ...target?.fleets },\n businessModels: { ...target?.businessModels },\n demandSources: { ...target?.demandSources },\n // Clone other nested objects as needed\n };\n\n // eslint-disable-next-line no-restricted-syntax\n for (const source of sources) {\n Object.keys(source).forEach((entityType) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType] ??= {};\n Object.entries(source[entityType]!).forEach(([entityId, perms]) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType][entityId] = (permissions[entityType][entityId] \|\| []).concat(perms);\n });\n });\n }\n\n return permissions;\n};\n\nexport default class ApiUser {\n private privatePermissions: UserPayload \| undefined;\n\n private readonly privateElevatedPermissionsHash = new Map<symbol, PartialUserPayload \| undefined>();\n\n private privatePermissionsLegacy: any;\n\n private readonly appPermission: {[key: string]: any; } = {};\n\n public readonly emptyUser: boolean;\n\n constructor(public id? : string, public accountType?: AccountType, elevatedPermissions?: PartialUserPayload, public contextIds?: string[]) {\n this.emptyUser = !!id;\n if (elevatedPermissions) {\n this.privateElevatedPermissionsHash.set(Symbol('initial'), elevatedPermissions);\n }\n }\n\n async getUserPermissions(): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n });\n\n let data = userCache.get<UserPayload>(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.accountType = data.accountType;\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n async useCustomPermissionLoader(customPermissionLoader: any): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n\n const cacheKey = this.id;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.privatePermissions = cachedResult;\n return cachedResult;\n }\n\n const data = await customPermissionLoader(this.id);\n userCache.set(cacheKey, data);\n\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n get businessModels(): string[] \| undefined {\n return this.getUserProperty('businessModels');\n }\n\n get fleets(): string[] \| undefined {\n return this.getUserProperty('fleets');\n }\n\n get demandSources(): string[] \| undefined {\n return this.getUserProperty('demandSources');\n }\n\n private getUserProperty(key: keyof UserPayload): string[] \| undefined {\n if (!this.privatePermissions) {\n throw new Error(`Cannot get ${key} without calling (async) getUserPermissions before`);\n }\n return Object.keys(this.privatePermissions[key] \|\| {});\n }\n\n get elevatedPermissions(): UserPayload {\n return mergePermissions(undefined, this.privateElevatedPermissionsHash.values());\n }\n\n get permissions(): UserPayload \| undefined {\n if (!this.privatePermissions) {\n throw new Error('Cannot get permissions without calling (async) getUserPermissions before');\n }\n\n return mergePermissions(this.privatePermissions, this.privateElevatedPermissionsHash.values());\n }\n\n elevatePermissions(addedPermissions: PartialUserPayload): () => void {\n // @itayankri is concerned about memory consumption, so create a symbol with no description, to avoid assigning memory for the description string\n // eslint-disable-next-line symbol-description\n const elevationId = Symbol();\n\n // Validate that the added permissions are valid UUIDs\n Object.values(addedPermissions).forEach((entityIds) => {\n Object.keys(entityIds).forEach((entityId) => {\n if (!validateUUID(entityId)) {\n throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${entityId}`);\n }\n });\n });\n\n const currentUserTrace = getCurrentContext();\n if (!currentUserTrace) {\n throw new Error('Cannot find current user cross services trace');\n }\n\n const currentElevation = JSON.parse(currentUserTrace.context[ELEVATED_PERMISSIONS_HEADER] \|\| '{}');\n const newElevation = Object.assign(currentElevation, addedPermissions);\n this.privateElevatedPermissionsHash.set(elevationId, newElevation);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n return () => {\n this.privateElevatedPermissionsHash.delete(elevationId);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n };\n }\n\n async getUserPermissionsLegacy() {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissionsLegacy) {\n return this.privatePermissionsLegacy;\n }\n const { data } = await IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload-legacy`);\n\n this.privatePermissionsLegacy = data;\n return this.privatePermissionsLegacy;\n }\n\n get permissionsLegacy(): any {\n if (!this.privatePermissionsLegacy) {\n throw new Error('Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before');\n }\n return this.privatePermissionsLegacy;\n }\n\n async getUserAppPermissions(appId, clientSecret) {\n if (!this.id \|\| !appId \|\| !clientSecret) {\n return undefined;\n }\n const currentAppPermission = this.appPermission[appId];\n\n if (currentAppPermission) {\n return currentAppPermission;\n }\n\n const cacheKey = `${this.id}:${appId}`;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.appPermission[appId] = cachedResult;\n return cachedResult;\n }\n\n const { data } = await AutofleetApiNetwork.post(`/api/v1/apps/${appId}/get-user-payload`, {\n userId: this.id,\n }, {\n headers: {\n 'x-autofleet-apps-secret': clientSecret,\n },\n });\n\n userCache.set(cacheKey, data);\n this.appPermission[appId] = data;\n return this.appPermission[appId];\n }\n}\n","import { AutofleetApiNetwork } from './services';\n\nexport const decodeAppBearer = async (bearer: string, appId: string): Promise<any> => {\n const { data: decoded } = await AutofleetApiNetwork.post('/api/v1/auth', { bearer, appId });\n return decoded;\n};\n\nexport const getClientSecret = async (appId: string): Promise<any> => {\n const { data: secret } = await AutofleetApiNetwork.get(`/api/v1/auth/client-secret/${appId}`);\n return secret;\n};\n","export default class AppDoesNotExist extends Error {\n name = 'AppDoesNotExist';\n\n message = 'app does not exist';\n}\n","import { getCurrentContext, newTrace, traceTypes } from '@autofleet/outbreak';\nimport { TokenExpiredError, JsonWebTokenError } from 'jsonwebtoken';\nimport ApiUser, { CONTEXTS_IDS_HEADER, CustomPermissionLoader, ELEVATED_PERMISSIONS_HEADER } from './ApiUser';\nimport { decodeAppBearer } from '../app-auth';\nimport AppDoesNotExist from '../exceptions/appDoesNotExist';\nimport { decodeBearer, getAuthFromBearer } from '../utils';\n\nconst IDENTITY_MS = 'identity-ms';\nconst ACCESS_TOKEN = 'accessToken';\nexport const USER_OBJECT = 'userObject';\nconst USER_TRACING_HEADER = 'x-af-user-id';\nconst ORIGIN_HEADER = 'X-IAF-ORIGIN-SERVICE';\nconst USER_PERMISSIONS_HEADER = 'x-af-user-permissions';\nconst LOWER_CASE_ORIGIN_HEADER = ORIGIN_HEADER.toLowerCase();\n\nexport const middleware = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n customPermissionLoader?: CustomPermissionLoader;\n} = {}) => async (req, res, next): Promise<any> => {\n try {\n const originHeader: string = req.headers[ORIGIN_HEADER] \|\| req.headers[LOWER_CASE_ORIGIN_HEADER] \|\| '';\n if (originHeader.toLowerCase() === IDENTITY_MS) {\n return next();\n }\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n customPermissionLoader,\n } = options;\n const userId = req.headers[USER_TRACING_HEADER];\n if (!userId) {\n return next();\n }\n\n const elevatedPermissionsFromHeader = req.headers[ELEVATED_PERMISSIONS_HEADER]?.length > 0 ? JSON.parse(req.headers[ELEVATED_PERMISSIONS_HEADER]) : {};\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n\n const userObject = new ApiUser(userId, 'user', elevatedPermissionsFromHeader, contextIds);\n if (eagerLoadUserPermissions) {\n if (customPermissionLoader) {\n await userObject.useCustomPermissionLoader(customPermissionLoader);\n } else {\n await userObject.getUserPermissions();\n }\n }\n\n if (eagerLoadUserPermissionsLegacy) {\n await userObject.getUserPermissionsLegacy();\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n return next();\n } catch (e) {\n res.status(401);\n return res.json({\n error: 'cannot authenticate user',\n });\n }\n};\n\nexport const middlewareWithDecode = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n returnErrorIfNoToken?: boolean\n} = {}) => async (req, res, next): Promise<void> => {\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n returnErrorIfNoToken,\n } = options;\n let decoded;\n if (req.headers.authorization) {\n try {\n decoded = await decodeBearer(req.headers.authorization);\n } catch (e) {\n if (e instanceof TokenExpiredError) {\n res.status(401);\n res.json({\n errors: ['Access token expired'],\n });\n } else if (e instanceof JsonWebTokenError) {\n res.status(400);\n res.json({\n errors: [e.message],\n });\n } else {\n res.status(500);\n res.json({\n errors: ['Server error while parsing token'],\n });\n }\n return undefined;\n }\n const userId = decoded?.user?.id;\n\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n const userObject = new ApiUser(userId, decoded?.user?.accountType, undefined, contextIds);\n\n if (eagerLoadUserPermissions) {\n await userObject.getUserPermissions();\n }\n\n if (eagerLoadUserPermissionsLegacy) {\n await userObject.getUserPermissionsLegacy();\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n } else if (returnErrorIfNoToken) {\n res.status(401);\n return res.json({\n errors: ['No token provided'],\n });\n }\n return next();\n};\n\nexport const appMiddleware = (options: {\n appId: string,\n clientSecret: string\n}) => async (req, res, next): Promise<void> => {\n const {\n appId,\n clientSecret,\n } = options;\n let decoded;\n\n if (!req.headers.authorization) {\n res.status(401);\n return res.json({\n errors: ['No token provided'],\n });\n }\n\n try {\n decoded = await decodeAppBearer(req.headers.authorization, appId);\n if (!decoded) {\n throw new AppDoesNotExist();\n }\n } catch (e) {\n if (e instanceof TokenExpiredError) {\n return res.status(401).json({\n errors: ['Access token expired'],\n });\n }\n if ([JsonWebTokenError, AppDoesNotExist].some((Err) => e instanceof Err)) {\n return res.status(400).json({\n errors: [e.message],\n });\n }\n return res.status(500).json({\n errors: ['Server error while parsing token'],\n });\n }\n const userId = decoded?.userId;\n if (userId) {\n req.headers[USER_OBJECT] = userId;\n }\n\n const userObject = new ApiUser(userId);\n\n if (appId) {\n req.headers['x-autofleet-apps-secret'] = clientSecret;\n // Won't work until we find a better solution for identity ms\n await userObject.getUserAppPermissions(appId, clientSecret);\n }\n\n req.user = userObject;\n const currentTraceContext = getCurrentContext().nonHeaderContext;\n currentTraceContext?.set(USER_OBJECT, userObject);\n currentTraceContext?.set(ACCESS_TOKEN, getAuthFromBearer(req.headers.authorization));\n\n // Added in order to support outbreak.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n return next();\n};\n\nexport const eagerLoadPermissionsMiddleware = async (req, res, next) => {\n await req.user.getUserPermissions();\n return next();\n};\n\nexport const getDecodedBearer = (req) => {\n if (req.headers.authorization) {\n return decodeBearer(req.headers.authorization);\n }\n\n return null;\n};\n\nexport const createOrSetRabbitTrace = async (trace: ReturnType<typeof newTrace> \| undefined, userId: string \| undefined) => {\n const userObject = new ApiUser(userId);\n\n await userObject.getUserPermissions();\n // eslint-disable-next-line no-param-reassign\n trace ??= newTrace(traceTypes.RABBIT);\n trace.nonHeaderContext.set(USER_OBJECT, userObject);\n};\n\nexport default ApiUser;\n","import { getCurrentContext } from '@autofleet/outbreak';\nimport ApiUser from './user/ApiUser';\nimport { USER_OBJECT } from './user';\n\nexport const getUser = () : ApiUser \| undefined => getCurrentContext().nonHeaderContext?.get(USER_OBJECT) as ApiUser \| undefined;\n\nexport const isUserExist = () => getUser()?.id;\n\nexport const checkFleetPermission = (fleetId: string) => !isUserExist() \|\| Object.keys(getUser()!.permissions.fleets).includes(fleetId);\n\nexport const checkBusinessModelPermission = (businessModelId: string) => !isUserExist() \|\| Object.keys(getUser()!.permissions.businessModels).includes(businessModelId);\n\nexport const checkDemandSourcePermission = (demandSourceId: string) => !isUserExist() \|\| Object.keys(getUser()!.permissions.demandSources).includes(demandSourceId);\n","import type ApiUser from './user';\n\n// eslint-disable-next-line import/prefer-default-export\nexport class UnauthorizedAccessError extends Error {\n constructor(public user: ApiUser \| null = null, message = 'UnauthorizedAccessError') {\n super(message);\n this.name = 'UnauthorizedAccessError';\n }\n}\n","import * as jwt from 'jsonwebtoken';\n\nexport const AUTHORIZATION_METHODS = {\n NONE: 'NONE',\n BASIC: 'BASIC',\n JWT: 'JWT',\n};\n\nconst AUTHORIZATION_ACTIONS = {\n [AUTHORIZATION_METHODS.NONE]: () => undefined,\n [AUTHORIZATION_METHODS.BASIC]: (authorizationSettings: any) => {\n const { username, password } = authorizationSettings;\n const encodedCredentials = Buffer.from(`${username}:${password}`).toString('base64');\n return `Basic ${encodedCredentials}`;\n },\n [AUTHORIZATION_METHODS.JWT]: (authorizationSettings: any) => {\n const { secret } = authorizationSettings;\n if (secret) {\n return `Bearer ${jwt.sign({}, secret, { expiresIn: 10 })}`;\n }\n return undefined;\n },\n};\n\nexport const getAuthorizationHeader = (authorizationSettings: { method: string } \| undefined): string \| undefined => {\n const authorizationMethod = authorizationSettings?.method;\n\n if (!authorizationMethod \|\| !AUTHORIZATION_ACTIONS[authorizationMethod]) {\n return undefined;\n }\n\n return AUTHORIZATION_ACTIONS[authorizationMethod](authorizationSettings);\n};\n","import type { LoggerInstanceManager } from '@autofleet/logger';\nimport * as outbreak from '@autofleet/outbreak';\nimport User, {\n middleware,\n eagerLoadPermissionsMiddleware,\n middlewareWithDecode,\n getDecodedBearer,\n appMiddleware,\n createOrSetRabbitTrace,\n} from './user';\nimport { type UserPayload, CONTEXTS_IDS_HEADER } from './user/ApiUser';\nimport {\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n} from './check-permission';\nimport { UnauthorizedAccessError } from './errors';\nimport { getRefreshTokenSecret, getTokenSecret } from './secret-getter';\nimport { AUTHORIZATION_METHODS, getAuthorizationHeader } from './authorization';\n\nconst getCurrentPayload = outbreak.getCurrentContext;\n\ntype OutbreakOptions = Parameters<typeof outbreak.default>[0];\ntype LoggerWithContextMiddleware = Partial<Pick<LoggerInstanceManager, 'addContextMiddleware'>>;\nconst enableTracing = ({ outbreakOptions = {}, logger }: { outbreakOptions?: OutbreakOptions, logger?: LoggerWithContextMiddleware } = {}): void => {\n outbreak.default({\n headersPrefix: 'x-af',\n contextMiddlewareGetter: logger?.addContextMiddleware,\n ...outbreakOptions,\n });\n};\n\nconst { traceTypes, newTrace } = outbreak;\n\nexport {\n traceTypes,\n newTrace,\n enableTracing,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n getRefreshTokenSecret,\n getTokenSecret,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n type UserPayload,\n CONTEXTS_IDS_HEADER,\n};\n\nexport default {\n traceTypes,\n newTrace,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n CONTEXTS_IDS_HEADER,\n};\n"]}
1	+ {"version":3,"sources":["../src/secret-getter.ts","../src/utils.ts","../src/services.ts","../src/user/ApiUser.ts","../src/app-auth.ts","../src/exceptions/appDoesNotExist.ts","../src/user/index.ts","../src/check-permission.ts","../src/errors.ts","../src/authorization.ts","../src/index.ts"],"names":["DEPRECATED_JWT_SECRET","JWT_NEW_SECRET","DEPRECATED_REFRESH_JWT_SECRET","REFRESH_JWT_SECRET","DEPRECATION_UNIX_TIMESTAMP","getRelevantSecret","token","deprecatedSecret","newSecret","deprecationTime","moment","unixTime","iat","jwt","getRefreshTokenSecret","getTokenSecret","getAuthFromBearer","bearer","decodeBearer","appSecret","D","EMPTY_UUID","FULL_UUID","VALID_CHARS_REGEX","UUID_VERSION_REGEX","UUID_REGEX","validateUUID","uuid","CACHE_LIFETIME_IN_SEC","apiGwUrl","IdentityNetwork","Network","AutofleetApiNetwork","ELEVATED_PERMISSIONS_HEADER","CONTEXTS_IDS_HEADER","userCache","NodeCache","mergePermissions","target","sources","permissions","source","entityType","entityId","perms","ApiUser","id","accountType","elevatedPermissions","contextIds","cacheKey","objectHash","data","customPermissionLoader","cachedResult","key","addedPermissions","elevationId","entityIds","currentUserTrace","getCurrentContext","currentElevation","newElevation","appId","clientSecret","currentAppPermission","decodeAppBearer","decoded","AppDoesNotExist","IDENTITY_MS","ACCESS_TOKEN","USER_OBJECT","USER_TRACING_HEADER","ORIGIN_HEADER","USER_PERMISSIONS_HEADER","LOWER_CASE_ORIGIN_HEADER","AUTOFLEET_APPS_SECRET_HEADER","middleware","options","req","res","next","eagerLoadUserPermissions","eagerLoadUserPermissionsLegacy","userId","elevatedPermissionsFromHeader","userObject","middlewareWithDecode","returnErrorIfNoToken","e","appMiddleware","Err","currentTraceContext","eagerLoadPermissionsMiddleware","getDecodedBearer","createOrSetRabbitTrace","trace","newTrace","traceTypes","user_default","getUser","isUserExist","checkUserPermissions","checkFleetPermission","fleetId","checkBusinessModelPermission","businessModelId","checkDemandSourcePermission","demandSourceId","UnauthorizedAccessError","user","message","AUTHORIZATION_METHODS","AUTHORIZATION_ACTIONS","authorizationSettings","username","password","secret","se","getAuthorizationHeader","authorizationMethod","getCurrentPayload","h","enableTracing","outbreakOptions","logger","outbreak","index_default"],"mappings":"s4BAGM,IAAA,CACJ,qBAAAA,CAAAA,EAAAA,CAAuB,eAAAC,EACvB,CAAA,6BAAA,CAAAC,GAA+B,kBAAAC,CAAAA,EAAAA,CAC/B,2BAAAC,EACF,CAAA,CAAI,OAAQ,CAAA,GAAA,CAENC,CAAoB,CAAA,CAACC,EAA2BC,CAA0BC,CAAAA,CAAAA,GAA8B,CAC5G,IAAMC,CAAAA,CAAkBC,mBAAO,QAASN,CAAAA,EAAAA,CAA4B,EAAE,CAAA,CAAI,GAAI,CAAA,CAC9E,GAAI,CACF,IAAIO,EACJ,GAAIL,CAAAA,CAAO,CACT,GAAM,CAAE,GAAAM,CAAAA,CAAI,CAAIC,CAAAA,oBAAAA,CAAI,OAAOP,CAAK,CAAA,CAChCK,EAAWD,kBAAOE,CAAAA,CAAAA,CAAM,GAAI,EAC9B,CAAA,KACED,CAAWD,CAAAA,kBAAAA,EAEb,CAAA,OAAOC,EAAS,QAASF,CAAAA,CAAe,EAAIF,CAAmBC,CAAAA,CACjE,MAAY,CACV,OAAOA,CACT,CACF,CAEaM,CAAAA,EAAAA,CAAyBR,GAA2BD,CAAkBC,CAAAA,CAAAA,CAAOJ,GAA+BC,EAAkB,CAAA,CAC9HY,EAAkBT,CAA2BD,EAAAA,CAAAA,CAAkBC,EAAON,EAAuBC,CAAAA,EAAc,ECfjH,IAAMe,CAAAA,CAAqBC,GAA2BA,CAAO,CAAA,OAAA,CAAQ,UAAW,EAAE,CAAA,CAE5EC,CAAe,CAAA,CAACD,CAAgBE,CAAAA,CAAAA,GAA4B,CACvE,IAAMb,CAAAA,CAAQU,EAAkBC,CAAM,CAAA,CAEtC,OADoBG,YAAOd,CAAAA,MAAAA,CAAAA,CAAAA,CAAoBS,CAAAA,CAAeT,CAAK,CAAC,CAEtE,CAqDA,CAAA,IAAMe,GAAa,sCACbC,CAAAA,EAAAA,CAAY,uCACZC,CAAoB,CAAA,UAAA,CACpBC,EAAqB,CAAA,OAAA,CACrBC,EAAa,CAAA,IAAI,OACrB,CAAOF,IAAAA,EAAAA,CAAiB,OAAOA,CAAiB,CAAA,IAAA,EAAOC,EAAkB,CAAGD,EAAAA,CAAiB,CAAaA,UAAAA,EAAAA,CAAiB,CAAOA,IAAAA,EAAAA,CAAiB,QAAQF,EAAU,CAAA,CAAA,EAAIC,EAAS,CAClL,EAAA,CAAA,CAAA,GACF,EACO,SAASI,CAAAA,CAAaC,CAA6B,CAAA,CACxD,OAAO,OAAOA,GAAS,QAAYF,EAAAA,EAAAA,CAAW,KAAKE,CAAI,CACzD,CC9EA,IAAMC,CAAwB,CAAA,EAAA,CACxBC,EAAW,OAAQ,CAAA,GAAA,CAAI,iBAAmB,0BAGnCC,CAAAA,CAAAA,CAAkB,IAAIC,kBAAQ,CAAA,CACzC,WAAa,CAAA,aAAA,CACb,OAAS,CAAA,CAAA,CACT,eAAgB,IAAM,IAAA,CACtB,MAAO,OAAQ,CAAA,GAAA,CAAI,WAAa,MAAS,CAAA,CACvC,OAAQH,CAAwB,CAAA,GAClC,EAAI,MACN,CAAC,EAEYI,CAAsB,CAAA,IAAID,mBAAQ,CAC7C,OAAA,CAASF,CACT,CAAA,UAAA,CAAYA,CACZ,CAAA,OAAA,CAAS,EACT,cAAgB,CAAA,IAAM,KACtB,KAAO,CAAA,OAAA,CAAQ,IAAI,QAAa,GAAA,MAAA,CAAS,CACvC,MAAA,CAAQD,CAAwB,CAAA,GAClC,EAAI,MACN,CAAC,ECZYK,IAAAA,CAAAA,CAA8B,4BAC9BC,CAAsB,CAAA,kBAAA,CAuB7BC,CAAY,CAAA,IAAIC,mBAAU,CAAA,CAAE,OAAQ,EAAG,CAAC,EAExCC,CAAmB,CAAA,CAACC,EAAqBC,CAAuD,GAAA,CACpG,IAAMC,CAAAA,CAA2B,CAC/B,GAAGF,EACH,MAAQ,CAAA,CAAE,GAAGA,CAAQ,EAAA,MAAO,EAC5B,cAAgB,CAAA,CAAE,GAAGA,CAAAA,EAAQ,cAAe,CAAA,CAC5C,cAAe,CAAE,GAAGA,GAAQ,aAAc,CAE5C,EAGA,IAAWG,IAAAA,CAAAA,IAAUF,CACnB,CAAA,MAAA,CAAO,IAAKE,CAAAA,CAAM,EAAE,OAASC,CAAAA,CAAAA,EAAe,CAE1CF,CAAYE,CAAAA,CAAU,IAAM,EAAC,CAC7B,MAAO,CAAA,OAAA,CAAQD,CAAOC,CAAAA,CAAU,CAAE,CAAE,CAAA,OAAA,CAAQ,CAAC,CAACC,CAAAA,CAAUC,CAAK,CAAM,GAAA,CAEjEJ,EAAYE,CAAU,CAAA,CAAEC,CAAQ,CAAKH,CAAAA,CAAAA,CAAAA,CAAYE,CAAU,CAAEC,CAAAA,CAAQ,GAAK,EAAC,EAAG,MAAOC,CAAAA,CAAK,EAC5F,CAAC,EACH,CAAC,CAAA,CAGH,OAAOJ,CACT,CAAA,CAEqBK,EAArB,KAA6B,CAW3B,WAAmBC,CAAAA,CAAAA,CAAqBC,CAA2BC,CAAAA,CAAAA,CAAiDC,EAAuB,CAAxH,IAAA,CAAA,EAAA,CAAAH,EAAqB,IAAAC,CAAAA,WAAAA,CAAAA,CAAAA,CAA4E,gBAAAE,CARpH,CAAA,IAAA,CAAiB,8BAAiC,CAAA,IAAI,GAItD,CAAA,IAAA,CAAiB,cAAwC,EAAC,CAKxD,KAAK,SAAY,CAAA,CAAC,CAACH,CACfE,CAAAA,CAAAA,EACF,IAAK,CAAA,8BAAA,CAA+B,GAAI,CAAA,MAAA,CAAO,SAAS,CAAGA,CAAAA,CAAmB,EAElF,CAEA,MAAa,oBAA2C,CACtD,GAAI,CAAC,IAAA,CAAK,EACR,CAAA,OAEF,GAAI,IAAK,CAAA,kBAAA,CACP,OAAO,IAAK,CAAA,kBAAA,CAEd,IAAME,CAAWC,CAAAA,mBAAAA,CAAW,CAC1B,EAAA,CAAI,IAAK,CAAA,EAAA,CACT,WAAY,IAAK,CAAA,UACnB,CAAC,CAEGC,CAAAA,CAAAA,CAAOjB,EAAU,GAAiBe,CAAAA,CAAQ,CAE9C,CAAA,OAAKE,CACF,GAAA,CAAE,KAAAA,CAAK,CAAA,CAAI,MAAMtB,CAAgB,CAAA,GAAA,CAAiB,iBAAiB,IAAK,CAAA,EAAE,yBAA0B,CAAE,MAAA,CAAQ,CAAE,UAAY,CAAA,IAAA,CAAK,UAAW,CAAE,CAAC,EAChJK,CAAU,CAAA,GAAA,CAAIe,CAAUE,CAAAA,CAAI,CAG9B,CAAA,CAAA,IAAA,CAAK,YAAcA,CAAK,CAAA,WAAA,CACxB,KAAK,kBAAqBA,CAAAA,CAAAA,CACnB,KAAK,kBACd,CAEA,MAAa,yBAAA,CAA0BC,CAA0G,CAAA,CAC/I,GAAI,CAAC,IAAA,CAAK,GACR,OAEF,GAAI,KAAK,kBACP,CAAA,OAAO,IAAK,CAAA,kBAAA,CAGd,IAAMH,CAAAA,CAAW,KAAK,EAEhBI,CAAAA,CAAAA,CAAenB,EAAU,GAAiBe,CAAAA,CAAQ,EACxD,GAAII,CAAAA,CACF,OAAK,IAAA,CAAA,kBAAA,CAAqBA,CACnBA,CAAAA,CAAAA,CAGT,IAAMF,CAAO,CAAA,MAAMC,EAAuB,IAAK,CAAA,EAAE,EACjD,OAAAlB,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAAA,CAE5B,KAAK,kBAAqBA,CAAAA,CAAAA,CACnB,KAAK,kBACd,CAEA,IAAW,cAAuC,EAAA,CAChD,OAAO,IAAA,CAAK,eAAgB,CAAA,gBAAgB,CAC9C,CAEA,IAAW,QAA+B,CACxC,OAAO,KAAK,eAAgB,CAAA,QAAQ,CACtC,CAEA,IAAW,aAAA,EAAsC,CAC/C,OAAO,IAAA,CAAK,gBAAgB,eAAe,CAC7C,CAEQ,eAAgBG,CAAAA,CAAAA,CAA8C,CACpE,GAAI,CAAC,KAAK,kBACR,CAAA,MAAM,IAAI,KAAM,CAAA,CAAA,WAAA,EAAcA,CAAG,CAAoD,kDAAA,CAAA,CAAA,CAEvF,OAAO,MAAA,CAAO,IAAK,CAAA,IAAA,CAAK,mBAAmBA,CAAG,CAAA,EAAK,EAAE,CACvD,CAEA,IAAW,mBAAA,EAAmC,CAC5C,OAAOlB,CAAiB,CAAA,MAAA,CAAW,KAAK,8BAA+B,CAAA,MAAA,EAAQ,CACjF,CAEA,IAAW,WAAuC,EAAA,CAChD,GAAI,CAAC,IAAK,CAAA,kBAAA,CACR,MAAM,IAAI,KAAA,CAAM,0EAA0E,CAG5F,CAAA,OAAOA,EAAiB,IAAK,CAAA,kBAAA,CAAoB,IAAK,CAAA,8BAAA,CAA+B,MAAO,EAAC,CAC/F,CAEO,kBAAA,CAAmBmB,EAAkD,CAG1E,IAAMC,EAAc,MAAO,EAAA,CAG3B,MAAO,CAAA,MAAA,CAAOD,CAAgB,CAAA,CAAE,QAASE,CAAc,EAAA,CACrD,OAAO,IAAKA,CAAAA,CAAS,EAAE,OAASf,CAAAA,CAAAA,EAAa,CAC3C,GAAI,CAACjB,CAAAA,CAAaiB,CAAQ,CACxB,CAAA,MAAM,IAAI,KAAM,CAAA,CAAA,+DAAA,EAAkEA,CAAQ,CAAE,CAAA,CAEhG,CAAC,EACH,CAAC,CAAA,CAED,IAAMgB,CAAmBC,CAAAA,mBAAAA,GACzB,GAAI,CAACD,EACH,MAAM,IAAI,MAAM,+CAA+C,CAAA,CAGjE,IAAME,CAAmB,CAAA,IAAA,CAAK,MAAMF,CAAiB,CAAA,OAAA,CAAQ1B,CAA2B,CAAK,EAAA,IAAI,CAC3F6B,CAAAA,CAAAA,CAAe,MAAO,CAAA,MAAA,CAAOD,EAAkBL,CAAgB,CAAA,CACrE,YAAK,8BAA+B,CAAA,GAAA,CAAIC,EAAaK,CAAY,CAAA,CACjEH,CAAiB,CAAA,OAAA,CAAQ,GAAI1B,CAAAA,CAAAA,CAA6B,KAAK,SAAU,CAAA,IAAA,CAAK,mBAAmB,CAAC,CAAA,CAC3F,IAAM,CACX,IAAA,CAAK,8BAA+B,CAAA,MAAA,CAAOwB,CAAW,CAAA,CACtDE,EAAiB,OAAQ,CAAA,GAAA,CAAI1B,EAA6B,IAAK,CAAA,SAAA,CAAU,KAAK,mBAAmB,CAAC,EACpG,CACF,CAEA,MAAa,0BAA2B,CACtC,GAAI,CAAC,IAAK,CAAA,EAAA,CACR,OAEF,GAAI,IAAA,CAAK,wBACP,CAAA,OAAO,IAAK,CAAA,wBAAA,CAEd,GAAM,CAAE,IAAA,CAAAmB,CAAK,CAAI,CAAA,MAAMtB,EAAgB,GAAI,CAAA,CAAA,cAAA,EAAiB,IAAK,CAAA,EAAE,CAA+B,6BAAA,CAAA,CAAA,CAElG,YAAK,wBAA2BsB,CAAAA,CAAAA,CACzB,KAAK,wBACd,CAEA,IAAW,iBAAyB,EAAA,CAClC,GAAI,CAAC,IAAK,CAAA,wBAAA,CACR,MAAM,IAAI,KAAA,CAAM,sFAAsF,CAExG,CAAA,OAAO,KAAK,wBACd,CAEA,MAAa,qBAAA,CAAsBW,CAAOC,CAAAA,CAAAA,CAAc,CACtD,GAAI,CAAC,KAAK,EAAM,EAAA,CAACD,GAAS,CAACC,CAAAA,CACzB,OAEF,IAAMC,CAAuB,CAAA,IAAA,CAAK,cAAcF,CAAK,CAAA,CAErD,GAAIE,CACF,CAAA,OAAOA,EAGT,IAAMf,CAAAA,CAAW,CAAG,EAAA,IAAA,CAAK,EAAE,CAAA,CAAA,EAAIa,CAAK,CAE9BT,CAAAA,CAAAA,CAAAA,CAAenB,EAAU,GAAiBe,CAAAA,CAAQ,EACxD,GAAII,CAAAA,CACF,OAAK,IAAA,CAAA,aAAA,CAAcS,CAAK,CAAA,CAAIT,EACrBA,CAGT,CAAA,GAAM,CAAE,IAAAF,CAAAA,CAAK,EAAI,MAAMpB,CAAAA,CAAoB,IAAkB,CAAA,CAAA,aAAA,EAAgB+B,CAAK,CAAA,iBAAA,CAAA,CAAqB,CACrG,MAAQ,CAAA,IAAA,CAAK,EACf,CAAG,CAAA,CACD,QAAS,CACP,yBAAA,CAA2BC,CAC7B,CACF,CAAC,CAAA,CAED,OAAA7B,CAAU,CAAA,GAAA,CAAIe,EAAUE,CAAI,CAAA,CAC5B,KAAK,aAAcW,CAAAA,CAAK,CAAIX,CAAAA,CAAAA,CACrB,IAAK,CAAA,aAAA,CAAcW,CAAK,CACjC,CACF,EC1OO,IAAMG,CAAAA,CAAkB,MAAOjD,CAAgB8C,CAAAA,CAAAA,GAAgC,CACpF,GAAM,CAAE,IAAA,CAAMI,CAAQ,CAAI,CAAA,MAAMnC,EAAoB,IAAK,CAAA,cAAA,CAAgB,CAAE,MAAAf,CAAAA,CAAAA,CAAQ,MAAA8C,CAAM,CAAC,EAC1F,OAAOI,CACT,ECLA,IAAqBC,CAAAA,CAArB,cAA6C,KAAM,CAAnD,WACE,EAAA,CAAA,KAAA,CAAA,GAAA,SAAA,CAAA,CAAA,IAAA,CAAA,IAAA,CAAO,iBAEP,CAAA,IAAA,CAAA,OAAA,CAAU,sBACZ,CCIA,CAAA,IAAMC,GAAc,aACdC,CAAAA,EAAAA,CAAe,cACRC,CAAc,CAAA,YAAA,CACrBC,CAAsB,CAAA,cAAA,CACtBC,CAAgB,CAAA,sBAAA,CAChBC,EAA0B,uBAC1BC,CAAAA,EAAAA,CAA2BF,EAAc,WAAY,EAAA,CACrDG,GAA+B,yBASxBC,CAAAA,CAAAA,CAAa,CAACC,CAAAA,CAIvB,EAAC,GAAe,MAAOC,CAAKC,CAAAA,CAAAA,CAAKC,IAAuB,CAC1D,GAAI,CAEF,GADsBF,CAAAA,CAAAA,CAAI,OAAQN,CAAAA,CAAa,CAAKM,EAAAA,CAAAA,CAAI,QAAQJ,EAAwB,CAAA,EAAK,IAC5E,WAAY,EAAA,GAAMN,GAAa,CAC9CY,CAAAA,EACA,CAAA,MACF,CACA,GAAM,CACJ,wBAAAC,CAAAA,CAAAA,CACA,+BAAAC,CACA,CAAA,sBAAA,CAAA9B,CACF,CAAIyB,CAAAA,CAAAA,CACEM,CAASL,CAAAA,CAAAA,CAAI,OAAQP,CAAAA,CAAmB,EAC9C,GAAI,CAACY,EAAQ,CACXH,CAAAA,GACA,MACF,CAEA,IAAMI,CAAAA,CAAgCN,CAAI,CAAA,OAAA,CAAQ9C,CAA2B,CAAK8C,EAAAA,CAAAA,CAAI,QAAQ9C,CAA2B,CAAA,CAAE,OAAS,CAChI,CAAA,IAAA,CAAK,MAAM8C,CAAI,CAAA,OAAA,CAAQ9C,CAA2B,CAAW,CAAA,CAC7D,EACEgB,CAAAA,CAAAA,CAAc8B,EAAI,OAAU7C,GAAAA,CAAmB,CAAc,EAAA,KAAA,CAAM,GAAG,CAAA,CAEtEoD,EAAa,IAAIzC,CAAAA,CAAQuC,EAAQ,MAAQC,CAAAA,CAAAA,CAA+BpC,CAAU,CACpFiC,CAAAA,CAAAA,GACE7B,CACF,CAAA,MAAMiC,CAAW,CAAA,yBAAA,CAA0BjC,CAAsB,CAEjE,CAAA,MAAMiC,EAAW,kBAAmB,EAAA,CAAA,CAIpCH,GACF,MAAMG,CAAAA,CAAW,wBAAyB,EAAA,CAG5CP,CAAI,CAAA,IAAA,CAAOO,EACX1B,mBAAkB,EAAA,CAAE,kBAAkB,GAAIW,CAAAA,CAAAA,CAAae,CAAU,CAIjEP,CAAAA,CAAAA,CAAI,OAAQL,CAAAA,CAAuB,CAAIY,CAAAA,CAAAA,CAEvCL,IACF,CAAA,KAAY,CACVD,CAAI,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,KAAA,CAAO,0BAA2B,CAAC,EAC5D,CACF,CAAA,CAEaO,EAAuB,CAACT,CAAAA,CAIjC,EAAgB,GAAA,MAAOC,CAAKC,CAAAA,CAAAA,CAAKC,CAAwB,GAAA,CAC3D,GAAM,CACJ,wBAAA,CAAAC,EACA,8BAAAC,CAAAA,CAAAA,CACA,qBAAAK,CACF,CAAA,CAAIV,CACAX,CAAAA,CAAAA,CACJ,GAAIY,CAAAA,CAAI,QAAQ,aAAe,CAAA,CAC7B,GAAI,CACFZ,CAAAA,CAAU,MAAMjD,CAAa6D,CAAAA,CAAAA,CAAI,QAAQ,aAAa,EACxD,OAASU,CAAG,CAAA,CACNA,aAAa5E,oBAAI,CAAA,iBAAA,CACnBmE,EAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAA,CAAQ,CAAC,sBAAsB,CAAE,CAAC,CAChDS,CAAAA,CAAAA,YAAa5E,qBAAI,iBAC1BmE,CAAAA,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAACS,EAAE,OAAO,CAAE,CAAC,CAE5CT,CAAAA,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAAC,kCAAkC,CAAE,CAAC,EAEvE,MACF,CACA,IAAMI,CAAAA,CAASjB,CAAS,EAAA,IAAA,EAAM,GAE1BiB,CACFL,GAAAA,CAAAA,CAAI,QAAQP,CAAmB,CAAA,CAAIY,GAGrC,IAAMnC,CAAAA,CAAc8B,CAAI,CAAA,OAAA,GAAU7C,CAAmB,CAAA,EAAc,MAAM,GAAG,CAAA,CACtEoD,EAAa,IAAIzC,CAAAA,CAAQuC,EAAQjB,CAAS,EAAA,IAAA,EAAM,WAAa,CAAA,MAAA,CAAWlB,CAAU,CAAA,CAAA,CAEpFiC,GAA4BC,CAC9B,GAAA,MAAM,QAAQ,GAAI,CAAA,CAChBD,GAA4BI,CAAW,CAAA,kBAAA,EACvCH,CAAAA,CAAAA,EAAkCG,CAAW,CAAA,wBAAA,EAC/C,CAAC,CAAA,CAGHP,EAAI,IAAOO,CAAAA,CAAAA,CACX1B,qBAAoB,CAAA,gBAAA,EAAkB,IAAIW,CAAae,CAAAA,CAAU,EAIjEP,CAAI,CAAA,OAAA,CAAQL,CAAuB,CAAIY,CAAAA,EACzC,SAAWE,CAAsB,CAAA,CAC/BR,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,KAAK,CAAE,MAAA,CAAQ,CAAC,mBAAmB,CAAE,CAAC,CACtD,CAAA,MACF,CACAC,CAAAA,GACF,CAAA,CAEaS,EAAiBZ,CAGf,EAAA,MAAOC,EAAKC,CAAKC,CAAAA,CAAAA,GAAwB,CACtD,GAAM,CACJ,KAAAlB,CAAAA,CAAAA,CACA,YAAAC,CAAAA,CACF,EAAIc,CACAX,CAAAA,CAAAA,CAEJ,GAAI,CAACY,CAAAA,CAAI,QAAQ,aAAe,CAAA,CAC9BC,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,KAAK,CAAE,MAAA,CAAQ,CAAC,mBAAmB,CAAE,CAAC,CACtD,CAAA,MACF,CAEA,GAAI,CAEF,GADAb,EAAU,MAAMD,CAAAA,CAAgBa,EAAI,OAAQ,CAAA,aAAA,CAAehB,CAAK,CAC5D,CAAA,CAACI,CACH,CAAA,MAAM,IAAIC,CAEd,OAASqB,CAAG,CAAA,CACV,GAAIA,CAAa5E,YAAAA,oBAAAA,CAAI,kBAAmB,CACtCmE,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAAC,sBAAsB,CAAE,CAAC,EACzD,MACF,CACA,GAAI,CAACnE,oBAAAA,CAAI,kBAAmBuD,CAAe,CAAA,CAAE,KAAMuB,CAAQF,EAAAA,CAAAA,YAAaE,CAAG,CAAG,CAAA,CAC5EX,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,KAAK,CAAE,MAAA,CAAQ,CAACS,CAAE,CAAA,OAAO,CAAE,CAAC,CAAA,CAC5C,MACF,CACAT,CAAI,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAAC,kCAAkC,CAAE,CAAC,CACrE,CAAA,MACF,CACA,IAAMI,EAASjB,CAAS,EAAA,MAAA,CACpBiB,IACFL,CAAI,CAAA,OAAA,CAAQP,CAAmB,CAAIY,CAAAA,CAAAA,CAAAA,CAGrC,IAAME,CAAAA,CAAa,IAAIzC,CAAAA,CAAQuC,CAAM,CAEjCrB,CAAAA,CAAAA,GACFgB,EAAI,OAAQH,CAAAA,EAA4B,EAAIZ,CAE5C,CAAA,MAAMsB,CAAW,CAAA,qBAAA,CAAsBvB,CAAOC,CAAAA,CAAY,GAG5De,CAAI,CAAA,IAAA,CAAOO,EACX,IAAMM,CAAAA,CAAsBhC,qBAAoB,CAAA,gBAAA,CAChDgC,CAAqB,EAAA,GAAA,CAAIrB,CAAae,CAAAA,CAAU,EAChDM,CAAqB,EAAA,GAAA,CAAItB,GAActD,CAAkB+D,CAAAA,CAAAA,CAAI,QAAQ,aAAa,CAAC,CAInFA,CAAAA,CAAAA,CAAI,OAAQL,CAAAA,CAAuB,EAAIY,CAEvCL,CAAAA,CAAAA,GACF,CAEaY,CAAAA,CAAAA,CAA0C,MAAOd,CAAKC,CAAAA,CAAAA,CAAKC,IAAS,CAC/E,MAAMF,EAAI,IAAK,CAAA,kBAAA,GACfE,CAAK,GACP,EAEaa,CAAoBf,CAAAA,CAAAA,EAC1BA,CAAI,CAAA,OAAA,CAAQ,aAGV7D,CAAAA,CAAAA,CAAa6D,EAAI,OAAQ,CAAA,aAAa,EAFpC,IAKEgB,CAAAA,CAAAA,CAAyB,MAAOC,CAAgDZ,CAAAA,CAAAA,GAA+B,CAC1H,IAAME,CAAa,CAAA,IAAIzC,EAAQuC,CAAM,CAAA,CAErC,MAAME,CAAW,CAAA,kBAAA,GAEjBU,CAAUC,GAAAA,UAAAA,CAASC,YAAW,CAAA,MAAM,CACpCF,CAAAA,CAAAA,CAAM,iBAAiB,GAAIzB,CAAAA,CAAAA,CAAae,CAAU,EACpD,CAAA,CAEOa,EAAQtD,EC5MR,IAAMuD,EAAU,IAA4BxC,mBAAAA,GAAoB,gBAAkB,EAAA,GAAA,CAAIW,CAAW,CAE3F8B,CAAAA,CAAAA,CAAc,IAAMD,CAAAA,EAAW,EAAA,EAAA,CAEtCE,EAAuB,CAC3B3D,CAAAA,CACAD,IACG,CAAC2D,CAAAA,IAAiB,MAAO,CAAA,MAAA,CAAOD,CAAQ,EAAA,CAAG,WAAY1D,CAAAA,CAAU,EAAGC,CAAQ,CAAA,CAEpE4D,EAAwBC,CAAoBF,EAAAA,CAAAA,CAAqBE,EAAS,QAAQ,CAAA,CAClFC,CAAgCC,CAAAA,CAAAA,EAA4BJ,CAAqBI,CAAAA,CAAAA,CAAiB,gBAAgB,CAClHC,CAAAA,CAAAA,CAA+BC,GAA2BN,CAAqBM,CAAAA,CAAAA,CAAgB,eAAe,ECZpH,IAAMC,EAAN,cAAsC,KAAM,CACjD,WAAmBC,CAAAA,CAAAA,CAAuB,KAAMC,CAAU,CAAA,yBAAA,CAA2B,CACnF,KAAMA,CAAAA,CAAO,CADI,CAAA,IAAA,CAAA,IAAA,CAAAD,CAEjB,CAAA,IAAA,CAAK,KAAO,0BACd,CACF,ECNaE,IAAAA,CAAAA,CAAwB,CACnC,IAAA,CAAM,MACN,CAAA,KAAA,CAAO,QACP,GAAK,CAAA,KACP,EAEMC,EAAwB,CAAA,CAC5B,CAACD,CAAsB,CAAA,IAAI,EAAG,IAAG,EACjC,CAAA,CAACA,EAAsB,KAAK,EAAIE,GAA+B,CAC7D,GAAM,CAAE,QAAAC,CAAAA,CAAAA,CAAU,QAAAC,CAAAA,CAAS,CAAIF,CAAAA,CAAAA,CAE/B,OAAO,CADoB,MAAA,EAAA,MAAA,CAAO,KAAK,CAAGC,EAAAA,CAAQ,IAAIC,CAAQ,CAAA,CAAE,CAAE,CAAA,QAAA,CAAS,QAAQ,CACjD,EACpC,CACA,CAAA,CAACJ,EAAsB,GAAG,EAAIE,GAA+B,CAC3D,GAAM,CAAE,MAAA,CAAAG,CAAO,CAAA,CAAIH,EACnB,GAAIG,CAAAA,CACF,OAAO,CAAc,OAAA,EAAAC,YAAA,CAAA,IAAA,CAAK,EAAID,CAAAA,CAAAA,CAAQ,CAAE,SAAA,CAAW,EAAG,CAAC,CAAC,CAG5D,CAAA,CACF,EAEaE,EAA0BL,CAAAA,CAAAA,EAA8E,CACnH,IAAMM,CAAAA,CAAsBN,CAAuB,EAAA,MAAA,CAEnD,GAAI,EAAA,CAACM,GAAuB,CAACP,EAAAA,CAAsBO,CAAmB,CAItE,CAAA,CAAA,OAAOP,GAAsBO,CAAmB,CAAA,CAAEN,CAAqB,CACzE,ECVA,IAAMO,GAA6BC,YAI7BC,CAAAA,iBAAAA,CAAAA,EAAAA,CAAgB,CAAC,CAAE,eAAA,CAAAC,EAAkB,EAAC,CAAG,MAAAC,CAAAA,CAAO,CAAiF,CAAA,KAAa,CACzIH,YAAA,CAAA,OAAA,CAAQ,CACf,aAAe,CAAA,MAAA,CACf,wBAAyBG,CAAQ,EAAA,oBAAA,CACjC,GAAGD,CACL,CAAC,EACH,EAEM,CAAE,UAAA,CAAA1B,GAAY,QAAAD,CAAAA,EAAS,EAAI6B,aA6BjC,IAAOC,EAAQ,CAAA,CACb,UAAA7B,CAAAA,EAAAA,CACA,SAAAD,EACA,CAAA,IAAA,CAAAE,EACA,UAAAtB,CAAAA,CAAAA,CACA,qBAAAU,CACA,CAAA,8BAAA,CAAAM,CACA,CAAA,iBAAA,CAAA4B,EACA,CAAA,gBAAA,CAAA3B,EACA,oBAAAS,CAAAA,CAAAA,CACA,6BAAAE,CACA,CAAA,2BAAA,CAAAE,EACA,WAAAN,CAAAA,CAAAA,CACA,OAAAD,CAAAA,CAAAA,CACA,uBAAAS,CAAAA,CAAAA,CACA,cAAAnB,CACA,CAAA,sBAAA,CAAAK,EACA,QAAA+B,CAAAA,YAAAA,CACA,sBAAAd,CACA,CAAA,sBAAA,CAAAO,EACA,CAAA,mBAAA,CAAArF,CACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport moment from 'moment';\n\nconst {\n DEPRECATED_JWT_SECRET, JWT_NEW_SECRET,\n DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET,\n DEPRECATION_UNIX_TIMESTAMP,\n} = process.env;\n\nconst getRelevantSecret = (token: string \| undefined, deprecatedSecret: string, newSecret: string): string => {\n const deprecationTime = moment(parseInt(DEPRECATION_UNIX_TIMESTAMP, 10) * 1000);\n try {\n let unixTime: moment.Moment;\n if (token) {\n const { iat } = jwt.decode(token) as jwt.JwtPayload;\n unixTime = moment(iat * 1000);\n } else {\n unixTime = moment();\n }\n return unixTime.isBefore(deprecationTime) ? deprecatedSecret : newSecret;\n } catch (e) {\n return newSecret;\n }\n};\n\nexport const getRefreshTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET);\nexport const getTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_JWT_SECRET, JWT_NEW_SECRET);\n","import type { UUID } from 'node:crypto';\nimport * as jwt from 'jsonwebtoken';\nimport { getTokenSecret } from './secret-getter';\n\nconst CONTEXT_PROPS = ['fleetId', 'businessModelId', 'demandSourceId'];\nconst CONTEXT_MAP_PROPS = {\n fleet: 'fleets',\n business: 'businessModels',\n demand: 'demandSources',\n};\n\nexport const getAuthFromBearer = (bearer: string): string => bearer.replace('Bearer ', '');\n\nexport const decodeBearer = (bearer: string, appSecret?: string): any => {\n const token = getAuthFromBearer(bearer);\n const decoded = jwt.verify(token, appSecret \|\| getTokenSecret(token));\n return decoded;\n};\n\nexport const parsePermissions = (contextId, decodedToken): any => {\n if (!decodedToken) { return []; }\n const { contexts } = decodedToken;\n const activeContext = contexts.find((context) => context.id === contextId);\n\n const permissionsValue = `${activeContext.permissions?.map((cp) => `${cp},`)}`;\n\n return {\n key: activeContext.entityId,\n value: permissionsValue,\n };\n};\n\nexport const getEntitiesFromContext = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n\n const attributes = {};\n contexts.forEach((context) => {\n const prop = CONTEXT_MAP_PROPS[context.subSystem \|\| 'business'];\n\n const permissions = parsePermissions(context.id, decodedToken);\n attributes[prop] \|\|= {};\n attributes[prop][permissions.key] = permissions.value;\n });\n\n return attributes;\n};\n\nexport const getContextAttributes = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n const attributes = {};\n contexts.forEach((context) => {\n CONTEXT_PROPS.forEach((prop) => {\n if (context[prop]) {\n const contextPropWrapped = [context[prop]];\n attributes[prop] \|\|= [];\n attributes[prop] = attributes[prop].concat(contextPropWrapped);\n }\n });\n });\n return attributes;\n};\n\nconst EMPTY_UUID = '00000000-0000-0000-0000-000000000000';\nconst FULL_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff';\nconst VALID_CHARS_REGEX = '[0-9a-f]';\nconst UUID_VERSION_REGEX = '[1-8]';\nconst UUID_REGEX = new RegExp(\n `^(?:${VALID_CHARS_REGEX}{8}-${VALID_CHARS_REGEX}{4}-${UUID_VERSION_REGEX}${VALID_CHARS_REGEX}{3}-[89ab]${VALID_CHARS_REGEX}{3}-${VALID_CHARS_REGEX}{12}\|${EMPTY_UUID}\|${FULL_UUID})$`,\n 'i',\n);\nexport function validateUUID(uuid: unknown): uuid is UUID {\n return typeof uuid === 'string' && UUID_REGEX.test(uuid);\n}\n","import Network from '@autofleet/network';\n\nconst CACHE_LIFETIME_IN_SEC = 10;\nconst apiGwUrl = process.env.API_GATEWAY_URL \|\| 'https://api.autofleet.io';\n\n// eslint-disable-next-line import/prefer-default-export\nexport const IdentityNetwork = new Network({\n serviceName: 'IDENTITY_MS',\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n\nexport const AutofleetApiNetwork = new Network({\n baseURL: apiGwUrl,\n serviceUrl: apiGwUrl,\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n","import NodeCache from 'node-cache';\nimport objectHash from 'object-hash';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport { validateUUID } from '../utils';\nimport { AutofleetApiNetwork, IdentityNetwork } from '../services';\n\nexport type AccountType = 'client' \| 'user' \| 'service' \| 'driver'\ninterface EntityPermissions {\n [key: string]: string[];\n}\n\nexport const ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';\nexport const CONTEXTS_IDS_HEADER = 'x-af-context-ids';\n\nexport interface UserPayload {\n businessModels: EntityPermissions;\n fleets: EntityPermissions;\n demandSources: EntityPermissions;\n businessAccounts?: EntityPermissions;\n accountType?: AccountType;\n contexts?: EntityPermissions;\n createdAt?: string;\n}\n\nexport interface PartialUserPayload {\n businessModels?: EntityPermissions;\n fleets?: EntityPermissions;\n demandSources?: EntityPermissions;\n vehicles?: EntityPermissions;\n drivers?: EntityPermissions;\n businessAccounts?: EntityPermissions;\n}\n\nexport type CustomPermissionLoader = (string) => Promise<UserPayload>;\n\nconst userCache = new NodeCache({ stdTTL: 10 });\n\nconst mergePermissions = (target: UserPayload, sources: Iterable<PartialUserPayload>): UserPayload => {\n const permissions: UserPayload = {\n ...target,\n fleets: { ...target?.fleets },\n businessModels: { ...target?.businessModels },\n demandSources: { ...target?.demandSources },\n // Clone other nested objects as needed\n };\n\n // eslint-disable-next-line no-restricted-syntax\n for (const source of sources) {\n Object.keys(source).forEach((entityType) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType] ??= {};\n Object.entries(source[entityType]!).forEach(([entityId, perms]) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType][entityId] = (permissions[entityType][entityId] \|\| []).concat(perms);\n });\n });\n }\n\n return permissions;\n};\n\nexport default class ApiUser {\n private privatePermissions: UserPayload \| undefined;\n\n private readonly privateElevatedPermissionsHash = new Map<symbol, PartialUserPayload \| undefined>();\n\n private privatePermissionsLegacy: any;\n\n private readonly appPermission: {[key: string]: any; } = {};\n\n public readonly emptyUser: boolean;\n\n constructor(public id? : string, public accountType?: AccountType, elevatedPermissions?: PartialUserPayload, public contextIds?: string[]) {\n this.emptyUser = !!id;\n if (elevatedPermissions) {\n this.privateElevatedPermissionsHash.set(Symbol('initial'), elevatedPermissions);\n }\n }\n\n public async getUserPermissions(): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n });\n\n let data = userCache.get<UserPayload>(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get<UserPayload>(`/api/v1/users/${this.id}/authorization-payload`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.accountType = data.accountType;\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public async useCustomPermissionLoader(customPermissionLoader: (userId: string) => UserPayload \| PromiseLike<UserPayload>): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n\n const cacheKey = this.id;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.privatePermissions = cachedResult;\n return cachedResult;\n }\n\n const data = await customPermissionLoader(this.id);\n userCache.set(cacheKey, data);\n\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public get businessModels(): string[] \| undefined {\n return this.getUserProperty('businessModels');\n }\n\n public get fleets(): string[] \| undefined {\n return this.getUserProperty('fleets');\n }\n\n public get demandSources(): string[] \| undefined {\n return this.getUserProperty('demandSources');\n }\n\n private getUserProperty(key: keyof UserPayload): string[] \| undefined {\n if (!this.privatePermissions) {\n throw new Error(`Cannot get ${key} without calling (async) getUserPermissions before`);\n }\n return Object.keys(this.privatePermissions[key] \|\| {});\n }\n\n public get elevatedPermissions(): UserPayload {\n return mergePermissions(undefined, this.privateElevatedPermissionsHash.values());\n }\n\n public get permissions(): UserPayload \| undefined {\n if (!this.privatePermissions) {\n throw new Error('Cannot get permissions without calling (async) getUserPermissions before');\n }\n\n return mergePermissions(this.privatePermissions, this.privateElevatedPermissionsHash.values());\n }\n\n public elevatePermissions(addedPermissions: PartialUserPayload): () => void {\n // @itayankri is concerned about memory consumption, so create a symbol with no description, to avoid assigning memory for the description string\n // eslint-disable-next-line symbol-description\n const elevationId = Symbol();\n\n // Validate that the added permissions are valid UUIDs\n Object.values(addedPermissions).forEach((entityIds) => {\n Object.keys(entityIds).forEach((entityId) => {\n if (!validateUUID(entityId)) {\n throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${entityId}`);\n }\n });\n });\n\n const currentUserTrace = getCurrentContext();\n if (!currentUserTrace) {\n throw new Error('Cannot find current user cross services trace');\n }\n\n const currentElevation = JSON.parse(currentUserTrace.context[ELEVATED_PERMISSIONS_HEADER] \|\| '{}');\n const newElevation = Object.assign(currentElevation, addedPermissions);\n this.privateElevatedPermissionsHash.set(elevationId, newElevation);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n return () => {\n this.privateElevatedPermissionsHash.delete(elevationId);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n };\n }\n\n public async getUserPermissionsLegacy() {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissionsLegacy) {\n return this.privatePermissionsLegacy;\n }\n const { data } = await IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload-legacy`);\n\n this.privatePermissionsLegacy = data;\n return this.privatePermissionsLegacy;\n }\n\n public get permissionsLegacy(): any {\n if (!this.privatePermissionsLegacy) {\n throw new Error('Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before');\n }\n return this.privatePermissionsLegacy;\n }\n\n public async getUserAppPermissions(appId, clientSecret) {\n if (!this.id \|\| !appId \|\| !clientSecret) {\n return undefined;\n }\n const currentAppPermission = this.appPermission[appId];\n\n if (currentAppPermission) {\n return currentAppPermission;\n }\n\n const cacheKey = `${this.id}:${appId}`;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.appPermission[appId] = cachedResult;\n return cachedResult;\n }\n\n const { data } = await AutofleetApiNetwork.post<UserPayload>(`/api/v1/apps/${appId}/get-user-payload`, {\n userId: this.id,\n }, {\n headers: {\n 'x-autofleet-apps-secret': clientSecret,\n },\n });\n\n userCache.set(cacheKey, data);\n this.appPermission[appId] = data;\n return this.appPermission[appId];\n }\n}\n","import { AutofleetApiNetwork } from './services';\n\nexport const decodeAppBearer = async (bearer: string, appId: string): Promise<any> => {\n const { data: decoded } = await AutofleetApiNetwork.post('/api/v1/auth', { bearer, appId });\n return decoded;\n};\n\nexport const getClientSecret = async (appId: string): Promise<any> => {\n const { data: secret } = await AutofleetApiNetwork.get(`/api/v1/auth/client-secret/${appId}`);\n return secret;\n};\n","export default class AppDoesNotExist extends Error {\n name = 'AppDoesNotExist';\n\n message = 'app does not exist';\n}\n","import type { Handler, Request } from 'express';\nimport { getCurrentContext, newTrace, traceTypes } from '@autofleet/outbreak';\nimport jwt from 'jsonwebtoken';\nimport ApiUser, { CONTEXTS_IDS_HEADER, CustomPermissionLoader, ELEVATED_PERMISSIONS_HEADER } from './ApiUser';\nimport { decodeAppBearer } from '../app-auth';\nimport AppDoesNotExist from '../exceptions/appDoesNotExist';\nimport { decodeBearer, getAuthFromBearer } from '../utils';\n\nconst IDENTITY_MS = 'identity-ms';\nconst ACCESS_TOKEN = 'accessToken';\nexport const USER_OBJECT = 'userObject';\nconst USER_TRACING_HEADER = 'x-af-user-id';\nconst ORIGIN_HEADER = 'X-IAF-ORIGIN-SERVICE';\nconst USER_PERMISSIONS_HEADER = 'x-af-user-permissions';\nconst LOWER_CASE_ORIGIN_HEADER = ORIGIN_HEADER.toLowerCase();\nconst AUTOFLEET_APPS_SECRET_HEADER = 'x-autofleet-apps-secret';\n\ndeclare module 'express-serve-static-core' {\n // eslint-disable-next-line @typescript-eslint/no-shadow\n interface Request {\n user: ApiUser;\n }\n}\n\nexport const middleware = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n customPermissionLoader?: CustomPermissionLoader;\n} = {}): Handler => async (req, res, next): Promise<any> => {\n try {\n const originHeader = (req.headers[ORIGIN_HEADER] \|\| req.headers[LOWER_CASE_ORIGIN_HEADER] \|\| '') as string;\n if (originHeader.toLowerCase() === IDENTITY_MS) {\n next();\n return;\n }\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n customPermissionLoader,\n } = options;\n const userId = req.headers[USER_TRACING_HEADER] as string;\n if (!userId) {\n next();\n return;\n }\n\n const elevatedPermissionsFromHeader = req.headers[ELEVATED_PERMISSIONS_HEADER] && req.headers[ELEVATED_PERMISSIONS_HEADER].length > 0\n ? JSON.parse(req.headers[ELEVATED_PERMISSIONS_HEADER] as string)\n : {};\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n\n const userObject = new ApiUser(userId, 'user', elevatedPermissionsFromHeader, contextIds);\n if (eagerLoadUserPermissions) {\n if (customPermissionLoader) {\n await userObject.useCustomPermissionLoader(customPermissionLoader);\n } else {\n await userObject.getUserPermissions();\n }\n }\n\n if (eagerLoadUserPermissionsLegacy) {\n await userObject.getUserPermissionsLegacy();\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n next();\n } catch (e) {\n res.status(401).json({ error: 'cannot authenticate user' });\n }\n};\n\nexport const middlewareWithDecode = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n returnErrorIfNoToken?: boolean\n} = {}): Handler => async (req, res, next): Promise<void> => {\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n returnErrorIfNoToken,\n } = options;\n let decoded;\n if (req.headers.authorization) {\n try {\n decoded = await decodeBearer(req.headers.authorization);\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n } else if (e instanceof jwt.JsonWebTokenError) {\n res.status(400).json({ errors: [e.message] });\n } else {\n res.status(500).json({ errors: ['Server error while parsing token'] });\n }\n return;\n }\n const userId = decoded?.user?.id;\n\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n const userObject = new ApiUser(userId, decoded?.user?.accountType, undefined, contextIds);\n\n if (eagerLoadUserPermissions \|\| eagerLoadUserPermissionsLegacy) {\n await Promise.all([\n eagerLoadUserPermissions && userObject.getUserPermissions(),\n eagerLoadUserPermissionsLegacy && userObject.getUserPermissionsLegacy(),\n ]);\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n } else if (returnErrorIfNoToken) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n next();\n};\n\nexport const appMiddleware = (options: {\n appId: string,\n clientSecret: string\n}): Handler => async (req, res, next): Promise<void> => {\n const {\n appId,\n clientSecret,\n } = options;\n let decoded;\n\n if (!req.headers.authorization) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n\n try {\n decoded = await decodeAppBearer(req.headers.authorization, appId);\n if (!decoded) {\n throw new AppDoesNotExist();\n }\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n return;\n }\n if ([jwt.JsonWebTokenError, AppDoesNotExist].some((Err) => e instanceof Err)) {\n res.status(400).json({ errors: [e.message] });\n return;\n }\n res.status(500).json({ errors: ['Server error while parsing token'] });\n return;\n }\n const userId = decoded?.userId;\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const userObject = new ApiUser(userId);\n\n if (appId) {\n req.headers[AUTOFLEET_APPS_SECRET_HEADER] = clientSecret;\n // Won't work until we find a better solution for identity ms\n await userObject.getUserAppPermissions(appId, clientSecret);\n }\n\n req.user = userObject;\n const currentTraceContext = getCurrentContext().nonHeaderContext;\n currentTraceContext?.set(USER_OBJECT, userObject);\n currentTraceContext?.set(ACCESS_TOKEN, getAuthFromBearer(req.headers.authorization));\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n next();\n};\n\nexport const eagerLoadPermissionsMiddleware: Handler = async (req, res, next) => {\n await req.user.getUserPermissions();\n next();\n};\n\nexport const getDecodedBearer = (req: Request) => {\n if (!req.headers.authorization) {\n return null;\n }\n return decodeBearer(req.headers.authorization);\n};\n\nexport const createOrSetRabbitTrace = async (trace: ReturnType<typeof newTrace> \| undefined, userId: string \| undefined) => {\n const userObject = new ApiUser(userId);\n\n await userObject.getUserPermissions();\n // eslint-disable-next-line no-param-reassign\n trace ??= newTrace(traceTypes.RABBIT);\n trace.nonHeaderContext.set(USER_OBJECT, userObject);\n};\n\nexport default ApiUser;\n","import { getCurrentContext } from '@autofleet/outbreak';\nimport { USER_OBJECT } from './user';\nimport ApiUser, { type UserPayload } from './user/ApiUser';\n\nexport const getUser = () : ApiUser \| undefined => getCurrentContext().nonHeaderContext?.get(USER_OBJECT) as ApiUser \| undefined;\n\nexport const isUserExist = () => getUser()?.id;\n\nconst checkUserPermissions = (\n entityId: string,\n entityType: Exclude<keyof UserPayload, 'accountType' \| 'createdAt'>,\n) => !isUserExist() \|\| Object.hasOwn(getUser()!.permissions[entityType], entityId);\n\nexport const checkFleetPermission = (fleetId: string) => checkUserPermissions(fleetId, 'fleets');\nexport const checkBusinessModelPermission = (businessModelId: string) => checkUserPermissions(businessModelId, 'businessModels');\nexport const checkDemandSourcePermission = (demandSourceId: string) => checkUserPermissions(demandSourceId, 'demandSources');\n","import type ApiUser from './user';\n\n// eslint-disable-next-line import/prefer-default-export\nexport class UnauthorizedAccessError extends Error {\n constructor(public user: ApiUser \| null = null, message = 'UnauthorizedAccessError') {\n super(message);\n this.name = 'UnauthorizedAccessError';\n }\n}\n","import * as jwt from 'jsonwebtoken';\n\nexport const AUTHORIZATION_METHODS = {\n NONE: 'NONE',\n BASIC: 'BASIC',\n JWT: 'JWT',\n};\n\nconst AUTHORIZATION_ACTIONS = {\n [AUTHORIZATION_METHODS.NONE]: () => undefined,\n [AUTHORIZATION_METHODS.BASIC]: (authorizationSettings: any) => {\n const { username, password } = authorizationSettings;\n const encodedCredentials = Buffer.from(`${username}:${password}`).toString('base64');\n return `Basic ${encodedCredentials}`;\n },\n [AUTHORIZATION_METHODS.JWT]: (authorizationSettings: any) => {\n const { secret } = authorizationSettings;\n if (secret) {\n return `Bearer ${jwt.sign({}, secret, { expiresIn: 10 })}`;\n }\n return undefined;\n },\n};\n\nexport const getAuthorizationHeader = (authorizationSettings: { method: string } \| undefined): string \| undefined => {\n const authorizationMethod = authorizationSettings?.method;\n\n if (!authorizationMethod \|\| !AUTHORIZATION_ACTIONS[authorizationMethod]) {\n return undefined;\n }\n\n return AUTHORIZATION_ACTIONS[authorizationMethod](authorizationSettings);\n};\n","import type { LoggerInstanceManager } from '@autofleet/logger';\nimport * as outbreak from '@autofleet/outbreak';\nimport User, {\n middleware,\n eagerLoadPermissionsMiddleware,\n middlewareWithDecode,\n getDecodedBearer,\n appMiddleware,\n createOrSetRabbitTrace,\n} from './user';\nimport { type UserPayload, CONTEXTS_IDS_HEADER } from './user/ApiUser';\nimport {\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n} from './check-permission';\nimport { UnauthorizedAccessError } from './errors';\nimport { getRefreshTokenSecret, getTokenSecret } from './secret-getter';\nimport { AUTHORIZATION_METHODS, getAuthorizationHeader } from './authorization';\n\nconst getCurrentPayload = outbreak.getCurrentContext;\n\ntype OutbreakOptions = Parameters<typeof outbreak.default>[0];\ntype LoggerWithContextMiddleware = Partial<Pick<LoggerInstanceManager, 'addContextMiddleware'>>;\nconst enableTracing = ({ outbreakOptions = {}, logger }: { outbreakOptions?: OutbreakOptions, logger?: LoggerWithContextMiddleware } = {}): void => {\n outbreak.default({\n headersPrefix: 'x-af',\n contextMiddlewareGetter: logger?.addContextMiddleware,\n ...outbreakOptions,\n });\n};\n\nconst { traceTypes, newTrace } = outbreak;\n\nexport {\n traceTypes,\n newTrace,\n enableTracing,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n getRefreshTokenSecret,\n getTokenSecret,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n type UserPayload,\n CONTEXTS_IDS_HEADER,\n};\n\nexport default {\n traceTypes,\n newTrace,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n CONTEXTS_IDS_HEADER,\n};\n"]}

package/lib/index.d.cts CHANGED Viewed

@@ -1,3 +1,7 @@
+import * as qs from 'qs';
+import * as express_serve_static_core from 'express-serve-static-core';
+import * as express from 'express';
+import { Handler, Request } from 'express';
 import { LoggerInstanceManager } from '@autofleet/logger';
 import * as outbreak from '@autofleet/outbreak';
 import { newTrace as newTrace$1 } from '@autofleet/outbreak';
@@ -37,7 +41,7 @@ declare class ApiUser {
     readonly emptyUser: boolean;
     constructor(id?: string, accountType?: AccountType, elevatedPermissions?: PartialUserPayload, contextIds?: string[]);
     getUserPermissions(): Promise<UserPayload>;
-    useCustomPermissionLoader(customPermissionLoader: any): Promise<UserPayload>;
+    useCustomPermissionLoader(customPermissionLoader: (userId: string) => UserPayload | PromiseLike<UserPayload>): Promise<UserPayload>;
     get businessModels(): string[] | undefined;
     get fleets(): string[] | undefined;
     get demandSources(): string[] | undefined;
@@ -50,22 +54,27 @@ declare class ApiUser {
     getUserAppPermissions(appId: any, clientSecret: any): Promise<any>;
 }
+declare module 'express-serve-static-core' {
+    interface Request {
+        user: ApiUser;
+    }
+}
 declare const middleware: (options?: {
     eagerLoadUserPermissions?: boolean;
     eagerLoadUserPermissionsLegacy?: boolean;
     customPermissionLoader?: CustomPermissionLoader;
-}) => (req: any, res: any, next: any) => Promise<any>;
+}) => Handler;
 declare const middlewareWithDecode: (options?: {
     eagerLoadUserPermissions?: boolean;
     eagerLoadUserPermissionsLegacy?: boolean;
     returnErrorIfNoToken?: boolean;
-}) => (req: any, res: any, next: any) => Promise<void>;
+}) => Handler;
 declare const appMiddleware: (options: {
     appId: string;
     clientSecret: string;
-}) => (req: any, res: any, next: any) => Promise<void>;
-declare const eagerLoadPermissionsMiddleware: (req: any, res: any, next: any) => Promise<any>;
-declare const getDecodedBearer: (req: any) => any;
+}) => Handler;
+declare const eagerLoadPermissionsMiddleware: Handler;
+declare const getDecodedBearer: (req: Request) => any;
 declare const createOrSetRabbitTrace: (trace: ReturnType<typeof newTrace$1> | undefined, userId: string | undefined) => Promise<void>;
 declare const getUser: () => ApiUser | undefined;
@@ -134,20 +143,20 @@ declare const _default: {
         eagerLoadUserPermissions?: boolean;
         eagerLoadUserPermissionsLegacy?: boolean;
         customPermissionLoader?: CustomPermissionLoader;
-    }) => (req: any, res: any, next: any) => Promise<any>;
+    }) => express.Handler;
     middlewareWithDecode: (options?: {
         eagerLoadUserPermissions?: boolean;
         eagerLoadUserPermissionsLegacy?: boolean;
         returnErrorIfNoToken?: boolean;
-    }) => (req: any, res: any, next: any) => Promise<void>;
-    eagerLoadPermissionsMiddleware: (req: any, res: any, next: any) => Promise<any>;
+    }) => express.Handler;
+    eagerLoadPermissionsMiddleware: express.Handler;
     getCurrentPayload: () => {
         type: "httpRequest" | "webSocket" | "rabbit" | "bull";
         readonly id: `${string}-${string}-${string}-${string}-${string}`;
         readonly context: Map<string, unknown>;
         readonly nonHeaderContext: Map<string, unknown>;
     } | Record<string, never>;
-    getDecodedBearer: (req: any) => any;
+    getDecodedBearer: (req: express.Request<express_serve_static_core.ParamsDictionary, any, any, qs.ParsedQs, Record<string, any>>) => any;
     checkFleetPermission: (fleetId: string) => boolean;
     checkBusinessModelPermission: (businessModelId: string) => boolean;
     checkDemandSourcePermission: (demandSourceId: string) => boolean;
@@ -157,7 +166,7 @@ declare const _default: {
     appMiddleware: (options: {
         appId: string;
         clientSecret: string;
-    }) => (req: any, res: any, next: any) => Promise<void>;
+    }) => express.Handler;
     createOrSetRabbitTrace: (trace: {
         type: "httpRequest" | "webSocket" | "rabbit" | "bull";
         readonly id: `${string}-${string}-${string}-${string}-${string}`;

package/lib/index.d.ts CHANGED Viewed

@@ -1,3 +1,7 @@
+import * as qs from 'qs';
+import * as express_serve_static_core from 'express-serve-static-core';
+import * as express from 'express';
+import { Handler, Request } from 'express';
 import { LoggerInstanceManager } from '@autofleet/logger';
 import * as outbreak from '@autofleet/outbreak';
 import { newTrace as newTrace$1 } from '@autofleet/outbreak';
@@ -37,7 +41,7 @@ declare class ApiUser {
     readonly emptyUser: boolean;
     constructor(id?: string, accountType?: AccountType, elevatedPermissions?: PartialUserPayload, contextIds?: string[]);
     getUserPermissions(): Promise<UserPayload>;
-    useCustomPermissionLoader(customPermissionLoader: any): Promise<UserPayload>;
+    useCustomPermissionLoader(customPermissionLoader: (userId: string) => UserPayload | PromiseLike<UserPayload>): Promise<UserPayload>;
     get businessModels(): string[] | undefined;
     get fleets(): string[] | undefined;
     get demandSources(): string[] | undefined;
@@ -50,22 +54,27 @@ declare class ApiUser {
     getUserAppPermissions(appId: any, clientSecret: any): Promise<any>;
 }
+declare module 'express-serve-static-core' {
+    interface Request {
+        user: ApiUser;
+    }
+}
 declare const middleware: (options?: {
     eagerLoadUserPermissions?: boolean;
     eagerLoadUserPermissionsLegacy?: boolean;
     customPermissionLoader?: CustomPermissionLoader;
-}) => (req: any, res: any, next: any) => Promise<any>;
+}) => Handler;
 declare const middlewareWithDecode: (options?: {
     eagerLoadUserPermissions?: boolean;
     eagerLoadUserPermissionsLegacy?: boolean;
     returnErrorIfNoToken?: boolean;
-}) => (req: any, res: any, next: any) => Promise<void>;
+}) => Handler;
 declare const appMiddleware: (options: {
     appId: string;
     clientSecret: string;
-}) => (req: any, res: any, next: any) => Promise<void>;
-declare const eagerLoadPermissionsMiddleware: (req: any, res: any, next: any) => Promise<any>;
-declare const getDecodedBearer: (req: any) => any;
+}) => Handler;
+declare const eagerLoadPermissionsMiddleware: Handler;
+declare const getDecodedBearer: (req: Request) => any;
 declare const createOrSetRabbitTrace: (trace: ReturnType<typeof newTrace$1> | undefined, userId: string | undefined) => Promise<void>;
 declare const getUser: () => ApiUser | undefined;
@@ -134,20 +143,20 @@ declare const _default: {
         eagerLoadUserPermissions?: boolean;
         eagerLoadUserPermissionsLegacy?: boolean;
         customPermissionLoader?: CustomPermissionLoader;
-    }) => (req: any, res: any, next: any) => Promise<any>;
+    }) => express.Handler;
     middlewareWithDecode: (options?: {
         eagerLoadUserPermissions?: boolean;
         eagerLoadUserPermissionsLegacy?: boolean;
         returnErrorIfNoToken?: boolean;
-    }) => (req: any, res: any, next: any) => Promise<void>;
-    eagerLoadPermissionsMiddleware: (req: any, res: any, next: any) => Promise<any>;
+    }) => express.Handler;
+    eagerLoadPermissionsMiddleware: express.Handler;
     getCurrentPayload: () => {
         type: "httpRequest" | "webSocket" | "rabbit" | "bull";
         readonly id: `${string}-${string}-${string}-${string}-${string}`;
         readonly context: Map<string, unknown>;
         readonly nonHeaderContext: Map<string, unknown>;
     } | Record<string, never>;
-    getDecodedBearer: (req: any) => any;
+    getDecodedBearer: (req: express.Request<express_serve_static_core.ParamsDictionary, any, any, qs.ParsedQs, Record<string, any>>) => any;
     checkFleetPermission: (fleetId: string) => boolean;
     checkBusinessModelPermission: (businessModelId: string) => boolean;
     checkDemandSourcePermission: (demandSourceId: string) => boolean;
@@ -157,7 +166,7 @@ declare const _default: {
     appMiddleware: (options: {
         appId: string;
         clientSecret: string;
-    }) => (req: any, res: any, next: any) => Promise<void>;
+    }) => express.Handler;
     createOrSetRabbitTrace: (trace: {
         type: "httpRequest" | "webSocket" | "rabbit" | "bull";
         readonly id: `${string}-${string}-${string}-${string}-${string}`;

package/lib/index.js CHANGED Viewed

@@ -1,3 +1,3 @@
-import*as y from'@autofleet/outbreak';import {getCurrentContext,newTrace,traceTypes}from'@autofleet/outbreak';export{y as outbreak };import*as re from'jsonwebtoken';import re__default,{TokenExpiredError,JsonWebTokenError}from'jsonwebtoken';import le from'node-cache';import ge from'object-hash';import S from'moment';import D from'@autofleet/network';var {DEPRECATED_JWT_SECRET:ie,JWT_NEW_SECRET:oe,DEPRECATED_REFRESH_JWT_SECRET:ne,REFRESH_JWT_SECRET:ae,DEPRECATION_UNIX_TIMESTAMP:ce}=process.env,_=(t,e,s)=>{let r=S(parseInt(ce,10)*1e3);try{let i;if(t){let{iat:o}=re__default.decode(t);i=S(o*1e3);}else i=S();return i.isBefore(r)?e:s}catch{return s}},de=t=>_(t,ne,ae),A=t=>_(t,ie,oe);var I=t=>t.replace("Bearer ",""),C=(t,e)=>{let s=I(t);return re.verify(s,A(s))};var ue="00000000-0000-0000-0000-000000000000",me="ffffffff-ffff-ffff-ffff-ffffffffffff",E="[0-9a-f]",pe="[1-8]",fe=new RegExp(`^(?:${E}{8}-${E}{4}-${pe}${E}{3}-[89ab]${E}{3}-${E}{12}|${ue}|${me})$`,"i");function L(t){return typeof t=="string"&&fe.test(t)}var M=10,k=process.env.API_GATEWAY_URL||"https://api.autofleet.io",b=new D({serviceName:"IDENTITY_MS",retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:M*1e3}:undefined}),w=new D({baseURL:k,serviceUrl:k,retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:M*1e3}:undefined});var g="x-af-elevated-permissions",U="x-af-context-ids",l=new le({stdTTL:10}),H=(t,e)=>{let s={...t,fleets:{...t?.fleets},businessModels:{...t?.businessModels},demandSources:{...t?.demandSources}};for(let r of e)Object.keys(r).forEach(i=>{s[i]??={},Object.entries(r[i]).forEach(([o,n])=>{s[i][o]=(s[i][o]||[]).concat(n);});});return s},m=class{constructor(e,s,r,i){this.id=e;this.accountType=s;this.contextIds=i;this.privateElevatedPermissionsHash=new Map;this.appPermission={};this.emptyUser=!!e,r&&this.privateElevatedPermissionsHash.set(Symbol("initial"),r);}async getUserPermissions(){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let e=ge({id:this.id,contextIds:this.contextIds}),s=l.get(e);return s||({data:s}=await b.get(`/api/v1/users/${this.id}/authorization-payload`,{params:{contextIds:this.contextIds}}),l.set(e,s)),this.accountType=s.accountType,this.privatePermissions=s,this.privatePermissions}async useCustomPermissionLoader(e){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let s=this.id,r=l.get(s);if(r)return this.privatePermissions=r,r;let i=await e(this.id);return l.set(s,i),this.privatePermissions=i,this.privatePermissions}get businessModels(){return this.getUserProperty("businessModels")}get fleets(){return this.getUserProperty("fleets")}get demandSources(){return this.getUserProperty("demandSources")}getUserProperty(e){if(!this.privatePermissions)throw new Error(`Cannot get ${e} without calling (async) getUserPermissions before`);return Object.keys(this.privatePermissions[e]||{})}get elevatedPermissions(){return H(undefined,this.privateElevatedPermissionsHash.values())}get permissions(){if(!this.privatePermissions)throw new Error("Cannot get permissions without calling (async) getUserPermissions before");return H(this.privatePermissions,this.privateElevatedPermissionsHash.values())}elevatePermissions(e){let s=Symbol();Object.values(e).forEach(n=>{Object.keys(n).forEach(a=>{if(!L(a))throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${a}`)});});let r=getCurrentContext();if(!r)throw new Error("Cannot find current user cross services trace");let i=JSON.parse(r.context[g]||"{}"),o=Object.assign(i,e);return this.privateElevatedPermissionsHash.set(s,o),r.context.set(g,JSON.stringify(this.elevatedPermissions)),()=>{this.privateElevatedPermissionsHash.delete(s),r.context.set(g,JSON.stringify(this.elevatedPermissions));}}async getUserPermissionsLegacy(){if(!this.id)return;if(this.privatePermissionsLegacy)return this.privatePermissionsLegacy;let{data:e}=await b.get(`/api/v1/users/${this.id}/authorization-payload-legacy`);return this.privatePermissionsLegacy=e,this.privatePermissionsLegacy}get permissionsLegacy(){if(!this.privatePermissionsLegacy)throw new Error("Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before");return this.privatePermissionsLegacy}async getUserAppPermissions(e,s){if(!this.id||!e||!s)return;let r=this.appPermission[e];if(r)return r;let i=`${this.id}:${e}`,o=l.get(i);if(o)return this.appPermission[e]=o,o;let{data:n}=await w.post(`/api/v1/apps/${e}/get-user-payload`,{userId:this.id},{headers:{"x-autofleet-apps-secret":s}});return l.set(i,n),this.appPermission[e]=n,this.appPermission[e]}};var j=async(t,e)=>{let{data:s}=await w.post("/api/v1/auth",{bearer:t,appId:e});return s};var P=class extends Error{constructor(){super(...arguments);this.name="AppDoesNotExist";this.message="app does not exist";}};var Ee="identity-ms",Ue="accessToken",p="userObject",W="x-af-user-id",J="X-IAF-ORIGIN-SERVICE",R="x-af-user-permissions",xe=J.toLowerCase(),z=(t={})=>async(e,s,r)=>{try{if((e.headers[J]||e.headers[xe]||"").toLowerCase()===Ee)return r();let{eagerLoadUserPermissions:o,eagerLoadUserPermissionsLegacy:n,customPermissionLoader:a}=t,d=e.headers[W];if(!d)return r();let f=e.headers[g]?.length>0?JSON.parse(e.headers[g]):{},u=e.headers?.[U]?.split(","),c=new m(d,"user",f,u);return o&&(a?await c.useCustomPermissionLoader(a):await c.getUserPermissions()),n&&await c.getUserPermissionsLegacy(),e.user=c,getCurrentContext().nonHeaderContext?.set(p,c),e.headers[R]=c,r()}catch{return s.status(401),s.json({error:"cannot authenticate user"})}},F=(t={})=>async(e,s,r)=>{let{eagerLoadUserPermissions:i,eagerLoadUserPermissionsLegacy:o,returnErrorIfNoToken:n}=t,a;if(e.headers.authorization){try{a=await C(e.headers.authorization);}catch(c){c instanceof TokenExpiredError?(s.status(401),s.json({errors:["Access token expired"]})):c instanceof JsonWebTokenError?(s.status(400),s.json({errors:[c.message]})):(s.status(500),s.json({errors:["Server error while parsing token"]}));return}let d=a?.user?.id;d&&(e.headers[W]=d);let f=e.headers?.[U]?.split(","),u=new m(d,a?.user?.accountType,undefined,f);i&&await u.getUserPermissions(),o&&await u.getUserPermissionsLegacy(),e.user=u,getCurrentContext().nonHeaderContext?.set(p,u),e.headers[R]=u;}else if(n)return s.status(401),s.json({errors:["No token provided"]});return r()},G=t=>async(e,s,r)=>{let{appId:i,clientSecret:o}=t,n;if(!e.headers.authorization)return s.status(401),s.json({errors:["No token provided"]});try{if(n=await j(e.headers.authorization,i),!n)throw new P}catch(u){return u instanceof TokenExpiredError?s.status(401).json({errors:["Access token expired"]}):[JsonWebTokenError,P].some(c=>u instanceof c)?s.status(400).json({errors:[u.message]}):s.status(500).json({errors:["Server error while parsing token"]})}let a=n?.userId;a&&(e.headers[p]=a);let d=new m(a);i&&(e.headers["x-autofleet-apps-secret"]=o,await d.getUserAppPermissions(i,o)),e.user=d;let f=getCurrentContext().nonHeaderContext;return f?.set(p,d),f?.set(Ue,I(e.headers.authorization)),e.headers[R]=d,r()},X=async(t,e,s)=>(await t.user.getUserPermissions(),s()),V=t=>t.headers.authorization?C(t.headers.authorization):null,K=async(t,e)=>{let s=new m(e);await s.getUserPermissions(),t??=newTrace(traceTypes.RABBIT),t.nonHeaderContext.set(p,s);},Y=m;var h=()=>getCurrentContext().nonHeaderContext?.get(p),x=()=>h()?.id,Z=t=>!x()||Object.keys(h().permissions.fleets).includes(t),Q=t=>!x()||Object.keys(h().permissions.businessModels).includes(t),q=t=>!x()||Object.keys(h().permissions.demandSources).includes(t);var T=class extends Error{constructor(s=null,r="UnauthorizedAccessError"){super(r);this.user=s;this.name="UnauthorizedAccessError";}};var v={NONE:"NONE",BASIC:"BASIC",JWT:"JWT"},ee={[v.NONE]:()=>{},[v.BASIC]:t=>{let{username:e,password:s}=t;return `Basic ${Buffer.from(`${e}:${s}`).toString("base64")}`},[v.JWT]:t=>{let{secret:e}=t;if(e)return `Bearer ${re.sign({},e,{expiresIn:10})}`}},te=t=>{let e=t?.method;if(!(!e||!ee[e]))return ee[e](t)};var we=y.getCurrentContext,as=({outbreakOptions:t={},logger:e}={})=>{y.default({headersPrefix:"x-af",contextMiddlewareGetter:e?.addContextMiddleware,...t});},{traceTypes:Te,newTrace:Se}=y;var cs={traceTypes:Te,newTrace:Se,User:Y,middleware:z,middlewareWithDecode:F,eagerLoadPermissionsMiddleware:X,getCurrentPayload:we,getDecodedBearer:V,checkFleetPermission:Z,checkBusinessModelPermission:Q,checkDemandSourcePermission:q,isUserExist:x,getUser:h,UnauthorizedAccessError:T,appMiddleware:G,createOrSetRabbitTrace:K,outbreak:y,AUTHORIZATION_METHODS:v,getAuthorizationHeader:te,CONTEXTS_IDS_HEADER:U};
-export{v as AUTHORIZATION_METHODS,U as CONTEXTS_IDS_HEADER,T as UnauthorizedAccessError,Y as User,G as appMiddleware,Q as checkBusinessModelPermission,q as checkDemandSourcePermission,Z as checkFleetPermission,K as createOrSetRabbitTrace,cs as default,X as eagerLoadPermissionsMiddleware,as as enableTracing,te as getAuthorizationHeader,we as getCurrentPayload,V as getDecodedBearer,de as getRefreshTokenSecret,A as getTokenSecret,h as getUser,x as isUserExist,z as middleware,F as middlewareWithDecode,Se as newTrace,Te as traceTypes};//# sourceMappingURL=index.js.map
+import*as h from'@autofleet/outbreak';import {getCurrentContext,newTrace,traceTypes}from'@autofleet/outbreak';export{h as outbreak };import*as v from'jsonwebtoken';import v__default from'jsonwebtoken';import le from'node-cache';import ge from'object-hash';import b from'moment';import j from'@autofleet/network';var {DEPRECATED_JWT_SECRET:ie,JWT_NEW_SECRET:oe,DEPRECATED_REFRESH_JWT_SECRET:ne,REFRESH_JWT_SECRET:ae,DEPRECATION_UNIX_TIMESTAMP:ce}=process.env,k=(s,e,t)=>{let r=b(parseInt(ce,10)*1e3);try{let i;if(s){let{iat:o}=v__default.decode(s);i=b(o*1e3);}else i=b();return i.isBefore(r)?e:t}catch{return t}},de=s=>k(s,ne,ae),A=s=>k(s,ie,oe);var S=s=>s.replace("Bearer ",""),I=(s,e)=>{let t=S(s);return v.verify(t,A(t))};var ue="00000000-0000-0000-0000-000000000000",pe="ffffffff-ffff-ffff-ffff-ffffffffffff",y="[0-9a-f]",me="[1-8]",fe=new RegExp(`^(?:${y}{8}-${y}{4}-${me}${y}{3}-[89ab]${y}{3}-${y}{12}|${ue}|${pe})$`,"i");function H(s){return typeof s=="string"&&fe.test(s)}var $=10,M=process.env.API_GATEWAY_URL||"https://api.autofleet.io",C=new j({serviceName:"IDENTITY_MS",retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:$*1e3}:void 0}),x=new j({baseURL:M,serviceUrl:M,retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:$*1e3}:void 0});var m="x-af-elevated-permissions",E="x-af-context-ids",l=new le({stdTTL:10}),B=(s,e)=>{let t={...s,fleets:{...s?.fleets},businessModels:{...s?.businessModels},demandSources:{...s?.demandSources}};for(let r of e)Object.keys(r).forEach(i=>{t[i]??={},Object.entries(r[i]).forEach(([o,n])=>{t[i][o]=(t[i][o]||[]).concat(n);});});return t},p=class{constructor(e,t,r,i){this.id=e;this.accountType=t;this.contextIds=i;this.privateElevatedPermissionsHash=new Map;this.appPermission={};this.emptyUser=!!e,r&&this.privateElevatedPermissionsHash.set(Symbol("initial"),r);}async getUserPermissions(){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let e=ge({id:this.id,contextIds:this.contextIds}),t=l.get(e);return t||({data:t}=await C.get(`/api/v1/users/${this.id}/authorization-payload`,{params:{contextIds:this.contextIds}}),l.set(e,t)),this.accountType=t.accountType,this.privatePermissions=t,this.privatePermissions}async useCustomPermissionLoader(e){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let t=this.id,r=l.get(t);if(r)return this.privatePermissions=r,r;let i=await e(this.id);return l.set(t,i),this.privatePermissions=i,this.privatePermissions}get businessModels(){return this.getUserProperty("businessModels")}get fleets(){return this.getUserProperty("fleets")}get demandSources(){return this.getUserProperty("demandSources")}getUserProperty(e){if(!this.privatePermissions)throw new Error(`Cannot get ${e} without calling (async) getUserPermissions before`);return Object.keys(this.privatePermissions[e]||{})}get elevatedPermissions(){return B(void 0,this.privateElevatedPermissionsHash.values())}get permissions(){if(!this.privatePermissions)throw new Error("Cannot get permissions without calling (async) getUserPermissions before");return B(this.privatePermissions,this.privateElevatedPermissionsHash.values())}elevatePermissions(e){let t=Symbol();Object.values(e).forEach(n=>{Object.keys(n).forEach(a=>{if(!H(a))throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${a}`)});});let r=getCurrentContext();if(!r)throw new Error("Cannot find current user cross services trace");let i=JSON.parse(r.context[m]||"{}"),o=Object.assign(i,e);return this.privateElevatedPermissionsHash.set(t,o),r.context.set(m,JSON.stringify(this.elevatedPermissions)),()=>{this.privateElevatedPermissionsHash.delete(t),r.context.set(m,JSON.stringify(this.elevatedPermissions));}}async getUserPermissionsLegacy(){if(!this.id)return;if(this.privatePermissionsLegacy)return this.privatePermissionsLegacy;let{data:e}=await C.get(`/api/v1/users/${this.id}/authorization-payload-legacy`);return this.privatePermissionsLegacy=e,this.privatePermissionsLegacy}get permissionsLegacy(){if(!this.privatePermissionsLegacy)throw new Error("Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before");return this.privatePermissionsLegacy}async getUserAppPermissions(e,t){if(!this.id||!e||!t)return;let r=this.appPermission[e];if(r)return r;let i=`${this.id}:${e}`,o=l.get(i);if(o)return this.appPermission[e]=o,o;let{data:n}=await x.post(`/api/v1/apps/${e}/get-user-payload`,{userId:this.id},{headers:{"x-autofleet-apps-secret":t}});return l.set(i,n),this.appPermission[e]=n,this.appPermission[e]}};var W=async(s,e)=>{let{data:t}=await x.post("/api/v1/auth",{bearer:s,appId:e});return t};var g=class extends Error{constructor(){super(...arguments);this.name="AppDoesNotExist";this.message="app does not exist";}};var Ee="identity-ms",Ue="accessToken",P="userObject",O="x-af-user-id",J="X-IAF-ORIGIN-SERVICE",_="x-af-user-permissions",xe=J.toLowerCase(),ve="x-autofleet-apps-secret",z=(s={})=>async(e,t,r)=>{try{if((e.headers[J]||e.headers[xe]||"").toLowerCase()===Ee){r();return}let{eagerLoadUserPermissions:o,eagerLoadUserPermissionsLegacy:n,customPermissionLoader:a}=s,d=e.headers[O];if(!d){r();return}let f=e.headers[m]&&e.headers[m].length>0?JSON.parse(e.headers[m]):{},u=e.headers?.[E]?.split(","),c=new p(d,"user",f,u);o&&(a?await c.useCustomPermissionLoader(a):await c.getUserPermissions()),n&&await c.getUserPermissionsLegacy(),e.user=c,getCurrentContext().nonHeaderContext?.set(P,c),e.headers[_]=c,r();}catch{t.status(401).json({error:"cannot authenticate user"});}},F=(s={})=>async(e,t,r)=>{let{eagerLoadUserPermissions:i,eagerLoadUserPermissionsLegacy:o,returnErrorIfNoToken:n}=s,a;if(e.headers.authorization){try{a=await I(e.headers.authorization);}catch(c){c instanceof v__default.TokenExpiredError?t.status(401).json({errors:["Access token expired"]}):c instanceof v__default.JsonWebTokenError?t.status(400).json({errors:[c.message]}):t.status(500).json({errors:["Server error while parsing token"]});return}let d=a?.user?.id;d&&(e.headers[O]=d);let f=e.headers?.[E]?.split(","),u=new p(d,a?.user?.accountType,void 0,f);(i||o)&&await Promise.all([i&&u.getUserPermissions(),o&&u.getUserPermissionsLegacy()]),e.user=u,getCurrentContext().nonHeaderContext?.set(P,u),e.headers[_]=u;}else if(n){t.status(401).json({errors:["No token provided"]});return}r();},G=s=>async(e,t,r)=>{let{appId:i,clientSecret:o}=s,n;if(!e.headers.authorization){t.status(401).json({errors:["No token provided"]});return}try{if(n=await W(e.headers.authorization,i),!n)throw new g}catch(u){if(u instanceof v__default.TokenExpiredError){t.status(401).json({errors:["Access token expired"]});return}if([v__default.JsonWebTokenError,g].some(c=>u instanceof c)){t.status(400).json({errors:[u.message]});return}t.status(500).json({errors:["Server error while parsing token"]});return}let a=n?.userId;a&&(e.headers[O]=a);let d=new p(a);i&&(e.headers[ve]=o,await d.getUserAppPermissions(i,o)),e.user=d;let f=getCurrentContext().nonHeaderContext;f?.set(P,d),f?.set(Ue,S(e.headers.authorization)),e.headers[_]=d,r();},X=async(s,e,t)=>{await s.user.getUserPermissions(),t();},V=s=>s.headers.authorization?I(s.headers.authorization):null,K=async(s,e)=>{let t=new p(e);await t.getUserPermissions(),s??=newTrace(traceTypes.RABBIT),s.nonHeaderContext.set(P,t);},Y=p;var T=()=>getCurrentContext().nonHeaderContext?.get(P),L=()=>T()?.id,N=(s,e)=>!L()||Object.hasOwn(T().permissions[e],s),Z=s=>N(s,"fleets"),Q=s=>N(s,"businessModels"),q=s=>N(s,"demandSources");var w=class extends Error{constructor(t=null,r="UnauthorizedAccessError"){super(r);this.user=t;this.name="UnauthorizedAccessError";}};var U={NONE:"NONE",BASIC:"BASIC",JWT:"JWT"},ee={[U.NONE]:()=>{},[U.BASIC]:s=>{let{username:e,password:t}=s;return `Basic ${Buffer.from(`${e}:${t}`).toString("base64")}`},[U.JWT]:s=>{let{secret:e}=s;if(e)return `Bearer ${v.sign({},e,{expiresIn:10})}`}},te=s=>{let e=s?.method;if(!(!e||!ee[e]))return ee[e](s)};var we=h.getCurrentContext,cs=({outbreakOptions:s={},logger:e}={})=>{h.default({headersPrefix:"x-af",contextMiddlewareGetter:e?.addContextMiddleware,...s});},{traceTypes:be,newTrace:Ae}=h;var ds={traceTypes:be,newTrace:Ae,User:Y,middleware:z,middlewareWithDecode:F,eagerLoadPermissionsMiddleware:X,getCurrentPayload:we,getDecodedBearer:V,checkFleetPermission:Z,checkBusinessModelPermission:Q,checkDemandSourcePermission:q,isUserExist:L,getUser:T,UnauthorizedAccessError:w,appMiddleware:G,createOrSetRabbitTrace:K,outbreak:h,AUTHORIZATION_METHODS:U,getAuthorizationHeader:te,CONTEXTS_IDS_HEADER:E};
+export{U as AUTHORIZATION_METHODS,E as CONTEXTS_IDS_HEADER,w as UnauthorizedAccessError,Y as User,G as appMiddleware,Q as checkBusinessModelPermission,q as checkDemandSourcePermission,Z as checkFleetPermission,K as createOrSetRabbitTrace,ds as default,X as eagerLoadPermissionsMiddleware,cs as enableTracing,te as getAuthorizationHeader,we as getCurrentPayload,V as getDecodedBearer,de as getRefreshTokenSecret,A as getTokenSecret,T as getUser,L as isUserExist,z as middleware,F as middlewareWithDecode,Ae as newTrace,be as traceTypes};//# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/lib/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/secret-getter.ts","../src/utils.ts","../src/services.ts","../src/user/ApiUser.ts","../src/app-auth.ts","../src/exceptions/appDoesNotExist.ts","../src/user/index.ts","../src/check-permission.ts","../src/errors.ts","../src/authorization.ts","../src/index.ts"],"names":["DEPRECATED_JWT_SECRET","JWT_NEW_SECRET","DEPRECATED_REFRESH_JWT_SECRET","REFRESH_JWT_SECRET","DEPRECATION_UNIX_TIMESTAMP","getRelevantSecret","token","deprecatedSecret","newSecret","deprecationTime","moment","unixTime","iat","jwt","getRefreshTokenSecret","getTokenSecret","getAuthFromBearer","bearer","decodeBearer","appSecret","N","EMPTY_UUID","FULL_UUID","VALID_CHARS_REGEX","UUID_VERSION_REGEX","UUID_REGEX","validateUUID","uuid","CACHE_LIFETIME_IN_SEC","apiGwUrl","IdentityNetwork","Network","AutofleetApiNetwork","ELEVATED_PERMISSIONS_HEADER","CONTEXTS_IDS_HEADER","userCache","NodeCache","mergePermissions","target","sources","permissions","source","entityType","entityId","perms","ApiUser","id","accountType","elevatedPermissions","contextIds","cacheKey","objectHash","data","customPermissionLoader","cachedResult","key","addedPermissions","elevationId","entityIds","currentUserTrace","getCurrentContext","currentElevation","newElevation","appId","clientSecret","currentAppPermission","decodeAppBearer","decoded","AppDoesNotExist","IDENTITY_MS","ACCESS_TOKEN","USER_OBJECT","USER_TRACING_HEADER","ORIGIN_HEADER","USER_PERMISSIONS_HEADER","LOWER_CASE_ORIGIN_HEADER","middleware","options","req","res","next","eagerLoadUserPermissions","eagerLoadUserPermissionsLegacy","userId","elevatedPermissionsFromHeader","userObject","middlewareWithDecode","returnErrorIfNoToken","e","TokenExpiredError","JsonWebTokenError","appMiddleware","Err","currentTraceContext","eagerLoadPermissionsMiddleware","getDecodedBearer","createOrSetRabbitTrace","trace","newTrace","traceTypes","user_default","getUser","isUserExist","checkFleetPermission","fleetId","checkBusinessModelPermission","businessModelId","checkDemandSourcePermission","demandSourceId","UnauthorizedAccessError","user","message","AUTHORIZATION_METHODS","AUTHORIZATION_ACTIONS","authorizationSettings","username","password","secret","se","getAuthorizationHeader","authorizationMethod","getCurrentPayload","enableTracing","outbreakOptions","logger","outbreak","index_default"],"mappings":"+VAGA,IAAM,CACJ,qBAAAA,CAAAA,EAAAA,CAAuB,eAAAC,EACvB,CAAA,6BAAA,CAAAC,GAA+B,kBAAAC,CAAAA,EAAAA,CAC/B,0BAAAC,CAAAA,EACF,CAAI,CAAA,OAAA,CAAQ,IAENC,CAAoB,CAAA,CAACC,EAA2BC,CAA0BC,CAAAA,CAAAA,GAA8B,CAC5G,IAAMC,CAAAA,CAAkBC,EAAO,QAASN,CAAAA,EAAAA,CAA4B,EAAE,CAAI,CAAA,GAAI,EAC9E,GAAI,CACF,IAAIO,CACJ,CAAA,GAAIL,CAAO,CAAA,CACT,GAAM,CAAE,IAAAM,CAAI,CAAA,CAAIC,YAAI,MAAOP,CAAAA,CAAK,EAChCK,CAAWD,CAAAA,CAAAA,CAAOE,CAAM,CAAA,GAAI,EAC9B,CAAA,KACED,EAAWD,CAAO,EAAA,CAEpB,OAAOC,CAAS,CAAA,QAAA,CAASF,CAAe,CAAIF,CAAAA,CAAAA,CAAmBC,CACjE,CAAA,KAAY,CACV,OAAOA,CACT,CACF,CAAA,CAEaM,GAAyBR,CAA2BD,EAAAA,CAAAA,CAAkBC,EAAOJ,EAA+BC,CAAAA,EAAkB,EAC9HY,CAAkBT,CAAAA,CAAAA,EAA2BD,EAAkBC,CAAON,CAAAA,EAAAA,CAAuBC,EAAc,ECfjH,IAAMe,EAAqBC,CAA2BA,EAAAA,CAAAA,CAAO,OAAQ,CAAA,SAAA,CAAW,EAAE,CAAA,CAE5EC,EAAe,CAACD,CAAAA,CAAgBE,IAA4B,CACvE,IAAMb,EAAQU,CAAkBC,CAAAA,CAAM,CAEtC,CAAA,OADoBG,EAAOd,CAAAA,MAAAA,CAAAA,CAAAA,CAAoBS,CAAeT,CAAAA,CAAK,CAAC,CAEtE,CAAA,CAyDA,IAAMe,EAAa,CAAA,sCAAA,CACbC,EAAY,CAAA,sCAAA,CACZC,CAAoB,CAAA,UAAA,CACpBC,GAAqB,OACrBC,CAAAA,EAAAA,CAAa,IAAI,MAAO,CAAA,CAAA,IAAA,EAAOF,CAAiB,CAAOA,IAAAA,EAAAA,CAAiB,CAAOC,IAAAA,EAAAA,EAAkB,CAAGD,EAAAA,CAAiB,aAAaA,CAAiB,CAAA,IAAA,EAAOA,CAAiB,CAAQF,KAAAA,EAAAA,EAAU,IAAIC,EAAS,CAAA,EAAA,CAAA,CAAM,GAAG,CAAA,CAClN,SAASI,CAAAA,CAAaC,EAA6B,CACxD,OAAO,OAAOA,CAAS,EAAA,QAAA,EAAYF,GAAW,IAAKE,CAAAA,CAAI,CACzD,CC/EA,IAAMC,CAAAA,CAAwB,GACxBC,CAAW,CAAA,OAAA,CAAQ,IAAI,eAAmB,EAAA,0BAAA,CAGnCC,CAAkB,CAAA,IAAIC,CAAQ,CAAA,CACzC,YAAa,aACb,CAAA,OAAA,CAAS,EACT,cAAgB,CAAA,IAAM,KACtB,KAAO,CAAA,OAAA,CAAQ,IAAI,QAAa,GAAA,MAAA,CAAS,CACvC,MAAQH,CAAAA,CAAAA,CAAwB,GAClC,CAAI,CAAA,SACN,CAAC,CAEYI,CAAAA,CAAAA,CAAsB,IAAID,CAAAA,CAAQ,CAC7C,OAAA,CAASF,EACT,UAAYA,CAAAA,CAAAA,CACZ,QAAS,CACT,CAAA,cAAA,CAAgB,IAAM,IACtB,CAAA,KAAA,CAAO,OAAQ,CAAA,GAAA,CAAI,QAAa,GAAA,MAAA,CAAS,CACvC,MAAQD,CAAAA,CAAAA,CAAwB,GAClC,CAAI,CAAA,SACN,CAAC,CCZM,CAAA,IAAMK,CAA8B,CAAA,2BAAA,CAC9BC,CAAsB,CAAA,kBAAA,CAuB7BC,EAAY,IAAIC,EAAAA,CAAU,CAAE,MAAQ,CAAA,EAAG,CAAC,CAExCC,CAAAA,CAAAA,CAAmB,CAACC,CAAqBC,CAAAA,CAAAA,GAAuD,CACpG,IAAMC,CAAAA,CAA2B,CAC/B,GAAGF,CAAAA,CACH,OAAQ,CAAE,GAAGA,CAAQ,EAAA,MAAO,CAC5B,CAAA,cAAA,CAAgB,CAAE,GAAGA,CAAAA,EAAQ,cAAe,CAC5C,CAAA,aAAA,CAAe,CAAE,GAAGA,CAAAA,EAAQ,aAAc,CAE5C,CAGA,CAAA,IAAA,IAAWG,KAAUF,CACnB,CAAA,MAAA,CAAO,KAAKE,CAAM,CAAA,CAAE,QAASC,CAAe,EAAA,CAE1CF,CAAYE,CAAAA,CAAU,CAAM,GAAA,GAC5B,MAAO,CAAA,OAAA,CAAQD,EAAOC,CAAU,CAAE,EAAE,OAAQ,CAAA,CAAC,CAACC,CAAUC,CAAAA,CAAK,IAAM,CAEjEJ,CAAAA,CAAYE,CAAU,CAAEC,CAAAA,CAAQ,GAAKH,CAAYE,CAAAA,CAAU,CAAEC,CAAAA,CAAQ,CAAK,EAAA,IAAI,MAAOC,CAAAA,CAAK,EAC5F,CAAC,EACH,CAAC,CAGH,CAAA,OAAOJ,CACT,CAAA,CAEqBK,CAArB,CAAA,KAA6B,CAW3B,WAAmBC,CAAAA,CAAAA,CAAqBC,EAA2BC,CAAiDC,CAAAA,CAAAA,CAAuB,CAAxH,IAAAH,CAAAA,EAAAA,CAAAA,CAAAA,CAAqB,IAAAC,CAAAA,WAAAA,CAAAA,CAAAA,CAA4E,IAAAE,CAAAA,UAAAA,CAAAA,CAAAA,CARpH,KAAiB,8BAAiC,CAAA,IAAI,IAItD,IAAiB,CAAA,aAAA,CAAwC,EAKvD,CAAA,IAAA,CAAK,SAAY,CAAA,CAAC,CAACH,CAAAA,CACfE,GACF,IAAK,CAAA,8BAAA,CAA+B,IAAI,MAAO,CAAA,SAAS,EAAGA,CAAmB,EAElF,CAEA,MAAM,kBAA2C,EAAA,CAC/C,GAAI,CAAC,IAAA,CAAK,GACR,OAEF,GAAI,KAAK,kBACP,CAAA,OAAO,IAAK,CAAA,kBAAA,CAEd,IAAME,CAAAA,CAAWC,GAAW,CAC1B,EAAA,CAAI,KAAK,EACT,CAAA,UAAA,CAAY,KAAK,UACnB,CAAC,CAEGC,CAAAA,CAAAA,CAAOjB,CAAU,CAAA,GAAA,CAAiBe,CAAQ,CAE9C,CAAA,OAAKE,IACF,CAAE,IAAA,CAAAA,CAAK,CAAI,CAAA,MAAMtB,EAAgB,GAAI,CAAA,CAAA,cAAA,EAAiB,KAAK,EAAE,CAAA,sBAAA,CAAA,CAA0B,CAAE,MAAQ,CAAA,CAAE,WAAY,IAAK,CAAA,UAAW,CAAE,CAAC,CACnIK,CAAAA,CAAAA,CAAU,IAAIe,CAAUE,CAAAA,CAAI,GAG9B,IAAK,CAAA,WAAA,CAAcA,EAAK,WACxB,CAAA,IAAA,CAAK,kBAAqBA,CAAAA,CAAAA,CACnB,IAAK,CAAA,kBACd,CAEA,MAAM,yBAAA,CAA0BC,EAAmD,CACjF,GAAI,CAAC,IAAK,CAAA,EAAA,CACR,OAEF,GAAI,IAAK,CAAA,kBAAA,CACP,OAAO,IAAK,CAAA,kBAAA,CAGd,IAAMH,CAAW,CAAA,IAAA,CAAK,GAEhBI,CAAenB,CAAAA,CAAAA,CAAU,IAAiBe,CAAQ,CAAA,CACxD,GAAII,CACF,CAAA,OAAA,IAAA,CAAK,mBAAqBA,CACnBA,CAAAA,CAAAA,CAGT,IAAMF,CAAO,CAAA,MAAMC,CAAuB,CAAA,IAAA,CAAK,EAAE,CAAA,CACjD,OAAAlB,CAAU,CAAA,GAAA,CAAIe,EAAUE,CAAI,CAAA,CAE5B,KAAK,kBAAqBA,CAAAA,CAAAA,CACnB,IAAK,CAAA,kBACd,CAEA,IAAI,gBAAuC,CACzC,OAAO,KAAK,eAAgB,CAAA,gBAAgB,CAC9C,CAEA,IAAI,MAA+B,EAAA,CACjC,OAAO,IAAA,CAAK,gBAAgB,QAAQ,CACtC,CAEA,IAAI,aAAA,EAAsC,CACxC,OAAO,IAAA,CAAK,gBAAgB,eAAe,CAC7C,CAEQ,eAAgBG,CAAAA,CAAAA,CAA8C,CACpE,GAAI,CAAC,KAAK,kBACR,CAAA,MAAM,IAAI,KAAA,CAAM,CAAcA,WAAAA,EAAAA,CAAG,oDAAoD,CAEvF,CAAA,OAAO,OAAO,IAAK,CAAA,IAAA,CAAK,mBAAmBA,CAAG,CAAA,EAAK,EAAE,CACvD,CAEA,IAAI,mBAAmC,EAAA,CACrC,OAAOlB,CAAiB,CAAA,SAAA,CAAW,KAAK,8BAA+B,CAAA,MAAA,EAAQ,CACjF,CAEA,IAAI,aAAuC,CACzC,GAAI,CAAC,IAAK,CAAA,kBAAA,CACR,MAAM,IAAI,KAAA,CAAM,0EAA0E,CAAA,CAG5F,OAAOA,CAAAA,CAAiB,KAAK,kBAAoB,CAAA,IAAA,CAAK,+BAA+B,MAAO,EAAC,CAC/F,CAEA,kBAAA,CAAmBmB,CAAkD,CAAA,CAGnE,IAAMC,CAAAA,CAAc,QAGpB,CAAA,MAAA,CAAO,OAAOD,CAAgB,CAAA,CAAE,QAASE,CAAc,EAAA,CACrD,MAAO,CAAA,IAAA,CAAKA,CAAS,CAAA,CAAE,QAASf,CAAa,EAAA,CAC3C,GAAI,CAACjB,CAAAA,CAAaiB,CAAQ,CACxB,CAAA,MAAM,IAAI,KAAA,CAAM,CAAkEA,+DAAAA,EAAAA,CAAQ,EAAE,CAEhG,CAAC,EACH,CAAC,CAAA,CAED,IAAMgB,CAAmBC,CAAAA,iBAAAA,GACzB,GAAI,CAACD,EACH,MAAM,IAAI,MAAM,+CAA+C,CAAA,CAGjE,IAAME,CAAmB,CAAA,IAAA,CAAK,KAAMF,CAAAA,CAAAA,CAAiB,OAAQ1B,CAAAA,CAA2B,GAAK,IAAI,CAAA,CAC3F6B,EAAe,MAAO,CAAA,MAAA,CAAOD,EAAkBL,CAAgB,CAAA,CACrE,OAAK,IAAA,CAAA,8BAAA,CAA+B,GAAIC,CAAAA,CAAAA,CAAaK,CAAY,CACjEH,CAAAA,CAAAA,CAAiB,QAAQ,GAAI1B,CAAAA,CAAAA,CAA6B,KAAK,SAAU,CAAA,IAAA,CAAK,mBAAmB,CAAC,CAC3F,CAAA,IAAM,CACX,IAAK,CAAA,8BAAA,CAA+B,OAAOwB,CAAW,CAAA,CACtDE,EAAiB,OAAQ,CAAA,GAAA,CAAI1B,EAA6B,IAAK,CAAA,SAAA,CAAU,KAAK,mBAAmB,CAAC,EACpG,CACF,CAEA,MAAM,wBAA2B,EAAA,CAC/B,GAAI,CAAC,IAAK,CAAA,EAAA,CACR,OAEF,GAAI,IAAA,CAAK,yBACP,OAAO,IAAA,CAAK,yBAEd,GAAM,CAAE,IAAAmB,CAAAA,CAAK,CAAI,CAAA,MAAMtB,EAAgB,GAAI,CAAA,CAAA,cAAA,EAAiB,KAAK,EAAE,CAAA,6BAAA,CAA+B,EAElG,OAAK,IAAA,CAAA,wBAAA,CAA2BsB,CACzB,CAAA,IAAA,CAAK,wBACd,CAEA,IAAI,iBAAyB,EAAA,CAC3B,GAAI,CAAC,IAAA,CAAK,yBACR,MAAM,IAAI,MAAM,sFAAsF,CAAA,CAExG,OAAO,IAAK,CAAA,wBACd,CAEA,MAAM,qBAAA,CAAsBW,EAAOC,CAAc,CAAA,CAC/C,GAAI,CAAC,IAAK,CAAA,EAAA,EAAM,CAACD,CAAS,EAAA,CAACC,EACzB,OAEF,IAAMC,EAAuB,IAAK,CAAA,aAAA,CAAcF,CAAK,CAAA,CAErD,GAAIE,CAAAA,CACF,OAAOA,CAGT,CAAA,IAAMf,EAAW,CAAG,EAAA,IAAA,CAAK,EAAE,CAAIa,CAAAA,EAAAA,CAAK,CAE9BT,CAAAA,CAAAA,CAAAA,CAAenB,CAAU,CAAA,GAAA,CAAiBe,CAAQ,CACxD,CAAA,GAAII,EACF,OAAK,IAAA,CAAA,aAAA,CAAcS,CAAK,CAAIT,CAAAA,CAAAA,CACrBA,CAGT,CAAA,GAAM,CAAE,IAAA,CAAAF,CAAK,CAAI,CAAA,MAAMpB,EAAoB,IAAK,CAAA,CAAA,aAAA,EAAgB+B,CAAK,CAAqB,iBAAA,CAAA,CAAA,CACxF,MAAQ,CAAA,IAAA,CAAK,EACf,CAAA,CAAG,CACD,OAAS,CAAA,CACP,0BAA2BC,CAC7B,CACF,CAAC,CAED,CAAA,OAAA7B,CAAU,CAAA,GAAA,CAAIe,CAAUE,CAAAA,CAAI,EAC5B,IAAK,CAAA,aAAA,CAAcW,CAAK,CAAIX,CAAAA,CAAAA,CACrB,KAAK,aAAcW,CAAAA,CAAK,CACjC,CACF,EC1OO,IAAMG,EAAkB,MAAOjD,CAAAA,CAAgB8C,IAAgC,CACpF,GAAM,CAAE,IAAMI,CAAAA,CAAQ,EAAI,MAAMnC,CAAAA,CAAoB,KAAK,cAAgB,CAAA,CAAE,OAAAf,CAAQ,CAAA,KAAA,CAAA8C,CAAM,CAAC,CAAA,CAC1F,OAAOI,CACT,CCLA,CAAA,IAAqBC,EAArB,cAA6C,KAAM,CAAnD,WACE,EAAA,CAAA,KAAA,CAAA,GAAA,SAAA,CAAA,CAAA,IAAA,CAAA,IAAA,CAAO,kBAEP,IAAU,CAAA,OAAA,CAAA,qBAAA,CACZ,CCGA,CAAA,IAAMC,EAAc,CAAA,aAAA,CACdC,GAAe,aACRC,CAAAA,CAAAA,CAAc,aACrBC,CAAsB,CAAA,cAAA,CACtBC,EAAgB,sBAChBC,CAAAA,CAAAA,CAA0B,uBAC1BC,CAAAA,EAAAA,CAA2BF,CAAc,CAAA,WAAA,GAElCG,CAAa,CAAA,CAACC,EAIvB,EAAC,GAAM,MAAOC,CAAKC,CAAAA,CAAAA,CAAKC,IAAuB,CACjD,GAAI,CAEF,GAD6BF,CAAAA,CAAAA,CAAI,QAAQL,CAAa,CAAA,EAAKK,EAAI,OAAQH,CAAAA,EAAwB,CAAK,EAAA,EAAA,EACnF,WAAY,EAAA,GAAMN,GACjC,OAAOW,CAAAA,GAET,GAAM,CACJ,yBAAAC,CACA,CAAA,8BAAA,CAAAC,CACA,CAAA,sBAAA,CAAA7B,CACF,CAAA,CAAIwB,EACEM,CAASL,CAAAA,CAAAA,CAAI,QAAQN,CAAmB,CAAA,CAC9C,GAAI,CAACW,CAAAA,CACH,OAAOH,CAAAA,EAGT,CAAA,IAAMI,EAAgCN,CAAI,CAAA,OAAA,CAAQ7C,CAA2B,CAAG,EAAA,MAAA,CAAS,EAAI,IAAK,CAAA,KAAA,CAAM6C,EAAI,OAAQ7C,CAAAA,CAA2B,CAAC,CAAI,CAAA,GAC9IgB,CAAc6B,CAAAA,CAAAA,CAAI,UAAU5C,CAAmB,CAAA,EAAc,KAAM,CAAA,GAAG,CAEtEmD,CAAAA,CAAAA,CAAa,IAAIxC,CAAQsC,CAAAA,CAAAA,CAAQ,OAAQC,CAA+BnC,CAAAA,CAAU,EACxF,OAAIgC,CAAAA,GACE5B,CACF,CAAA,MAAMgC,CAAW,CAAA,yBAAA,CAA0BhC,CAAsB,CAEjE,CAAA,MAAMgC,EAAW,kBAAmB,EAAA,CAAA,CAIpCH,GACF,MAAMG,CAAAA,CAAW,wBAAyB,EAAA,CAG5CP,CAAI,CAAA,IAAA,CAAOO,EACXzB,iBAAkB,EAAA,CAAE,kBAAkB,GAAIW,CAAAA,CAAAA,CAAac,CAAU,CAGjEP,CAAAA,CAAAA,CAAI,OAAQJ,CAAAA,CAAuB,CAAIW,CAAAA,CAAAA,CAEhCL,GACT,CAAA,KAAY,CACV,OAAAD,CAAAA,CAAI,OAAO,GAAG,CAAA,CACPA,CAAI,CAAA,IAAA,CAAK,CACd,KAAA,CAAO,0BACT,CAAC,CACH,CACF,CAEaO,CAAAA,CAAAA,CAAuB,CAACT,CAIjC,CAAA,EAAO,GAAA,MAAOC,CAAKC,CAAAA,CAAAA,CAAKC,IAAwB,CAClD,GAAM,CACJ,wBAAAC,CAAAA,CAAAA,CACA,+BAAAC,CACA,CAAA,oBAAA,CAAAK,CACF,CAAA,CAAIV,CACAV,CAAAA,CAAAA,CACJ,GAAIW,CAAI,CAAA,OAAA,CAAQ,cAAe,CAC7B,GAAI,CACFX,CAAU,CAAA,MAAMjD,EAAa4D,CAAI,CAAA,OAAA,CAAQ,aAAa,EACxD,CAAA,MAASU,EAAG,CACNA,CAAAA,YAAaC,mBACfV,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CACdA,CAAI,CAAA,IAAA,CAAK,CACP,MAAQ,CAAA,CAAC,sBAAsB,CACjC,CAAC,GACQS,CAAaE,YAAAA,iBAAAA,EACtBX,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CACdA,EAAI,IAAK,CAAA,CACP,OAAQ,CAACS,CAAAA,CAAE,OAAO,CACpB,CAAC,CAEDT,GAAAA,CAAAA,CAAI,MAAO,CAAA,GAAG,EACdA,CAAI,CAAA,IAAA,CAAK,CACP,MAAQ,CAAA,CAAC,kCAAkC,CAC7C,CAAC,GAEH,MACF,CACA,IAAMI,CAAShB,CAAAA,CAAAA,EAAS,MAAM,EAE1BgB,CAAAA,CAAAA,GACFL,EAAI,OAAQN,CAAAA,CAAmB,CAAIW,CAAAA,CAAAA,CAAAA,CAGrC,IAAMlC,CAAAA,CAAc6B,EAAI,OAAU5C,GAAAA,CAAmB,GAAc,KAAM,CAAA,GAAG,EACtEmD,CAAa,CAAA,IAAIxC,CAAQsC,CAAAA,CAAAA,CAAQhB,CAAS,EAAA,IAAA,EAAM,YAAa,SAAWlB,CAAAA,CAAU,EAEpFgC,CACF,EAAA,MAAMI,EAAW,kBAAmB,EAAA,CAGlCH,CACF,EAAA,MAAMG,CAAW,CAAA,wBAAA,GAGnBP,CAAI,CAAA,IAAA,CAAOO,EACXzB,iBAAkB,EAAA,CAAE,kBAAkB,GAAIW,CAAAA,CAAAA,CAAac,CAAU,CAGjEP,CAAAA,CAAAA,CAAI,QAAQJ,CAAuB,CAAA,CAAIW,EACzC,CAAWE,KAAAA,GAAAA,CAAAA,CACT,OAAAR,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CACPA,CAAI,CAAA,IAAA,CAAK,CACd,MAAQ,CAAA,CAAC,mBAAmB,CAC9B,CAAC,EAEH,OAAOC,CAAAA,EACT,CAAA,CAEaW,CAAiBd,CAAAA,CAAAA,EAGxB,MAAOC,CAAKC,CAAAA,CAAAA,CAAKC,IAAwB,CAC7C,GAAM,CACJ,KAAAjB,CAAAA,CAAAA,CACA,YAAAC,CAAAA,CACF,CAAIa,CAAAA,CAAAA,CACAV,EAEJ,GAAI,CAACW,EAAI,OAAQ,CAAA,aAAA,CACf,OAAAC,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CACPA,CAAI,CAAA,IAAA,CAAK,CACd,MAAQ,CAAA,CAAC,mBAAmB,CAC9B,CAAC,EAGH,GAAI,CAEF,GADAZ,CAAAA,CAAU,MAAMD,CAAAA,CAAgBY,EAAI,OAAQ,CAAA,aAAA,CAAef,CAAK,CAC5D,CAAA,CAACI,EACH,MAAM,IAAIC,CAEd,CAAA,MAASoB,CAAG,CAAA,CACV,OAAIA,CAAaC,YAAAA,iBAAAA,CACRV,EAAI,MAAO,CAAA,GAAG,EAAE,IAAK,CAAA,CAC1B,MAAQ,CAAA,CAAC,sBAAsB,CACjC,CAAC,CAEC,CAAA,CAACW,kBAAmBtB,CAAe,CAAA,CAAE,KAAMwB,CAAQJ,EAAAA,CAAAA,YAAaI,CAAG,CAC9Db,CAAAA,CAAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,CAC1B,MAAA,CAAQ,CAACS,CAAE,CAAA,OAAO,CACpB,CAAC,CAEIT,CAAAA,CAAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,CAC1B,MAAA,CAAQ,CAAC,kCAAkC,CAC7C,CAAC,CACH,CACA,IAAMI,EAAShB,CAAS,EAAA,MAAA,CACpBgB,IACFL,CAAI,CAAA,OAAA,CAAQP,CAAW,CAAIY,CAAAA,CAAAA,CAAAA,CAG7B,IAAME,CAAAA,CAAa,IAAIxC,CAAAA,CAAQsC,CAAM,CAEjCpB,CAAAA,CAAAA,GACFe,EAAI,OAAQ,CAAA,yBAAyB,EAAId,CAEzC,CAAA,MAAMqB,EAAW,qBAAsBtB,CAAAA,CAAAA,CAAOC,CAAY,CAG5Dc,CAAAA,CAAAA,CAAAA,CAAI,KAAOO,CACX,CAAA,IAAMQ,EAAsBjC,iBAAkB,EAAA,CAAE,gBAChD,CAAA,OAAAiC,CAAqB,EAAA,GAAA,CAAItB,EAAac,CAAU,CAAA,CAChDQ,GAAqB,GAAIvB,CAAAA,EAAAA,CAActD,EAAkB8D,CAAI,CAAA,OAAA,CAAQ,aAAa,CAAC,CAGnFA,CAAAA,CAAAA,CAAI,QAAQJ,CAAuB,CAAA,CAAIW,EAEhCL,CAAK,EACd,EAEac,CAAiC,CAAA,MAAOhB,CAAKC,CAAAA,CAAAA,CAAKC,CAC7D,IAAA,MAAMF,EAAI,IAAK,CAAA,kBAAA,GACRE,CAAK,EAAA,CAAA,CAGDe,EAAoBjB,CAC3BA,EAAAA,CAAAA,CAAI,QAAQ,aACP5D,CAAAA,CAAAA,CAAa4D,EAAI,OAAQ,CAAA,aAAa,EAGxC,IAGIkB,CAAAA,CAAAA,CAAyB,MAAOC,CAAgDd,CAAAA,CAAAA,GAA+B,CAC1H,IAAME,CAAa,CAAA,IAAIxC,EAAQsC,CAAM,CAAA,CAErC,MAAME,CAAW,CAAA,kBAAA,GAEjBY,CAAUC,GAAAA,QAAAA,CAASC,UAAW,CAAA,MAAM,CACpCF,CAAAA,CAAAA,CAAM,iBAAiB,GAAI1B,CAAAA,CAAAA,CAAac,CAAU,EACpD,CAAA,CAEOe,EAAQvD,ECjNR,IAAMwD,EAAU,IAA4BzC,iBAAAA,GAAoB,gBAAkB,EAAA,GAAA,CAAIW,CAAW,CAE3F+B,CAAAA,CAAAA,CAAc,IAAMD,CAAAA,EAAW,EAAA,EAAA,CAE/BE,EAAwBC,CAAoB,EAAA,CAACF,GAAiB,EAAA,MAAA,CAAO,KAAKD,CAAQ,EAAA,CAAG,WAAY,CAAA,MAAM,CAAE,CAAA,QAAA,CAASG,CAAO,CAEzHC,CAAAA,CAAAA,CAAgCC,GAA4B,CAACJ,CAAAA,IAAiB,MAAO,CAAA,IAAA,CAAKD,CAAQ,EAAA,CAAG,WAAY,CAAA,cAAc,EAAE,QAASK,CAAAA,CAAe,EAEzJC,CAA+BC,CAAAA,CAAAA,EAA2B,CAACN,CAAY,EAAA,EAAK,MAAO,CAAA,IAAA,CAAKD,CAAQ,EAAA,CAAG,YAAY,aAAa,CAAA,CAAE,SAASO,CAAc,MCTrJC,CAAN,CAAA,cAAsC,KAAM,CACjD,WAAA,CAAmBC,EAAuB,IAAMC,CAAAA,CAAAA,CAAU,0BAA2B,CACnF,KAAA,CAAMA,CAAO,CADI,CAAA,IAAA,CAAA,IAAA,CAAAD,CAEjB,CAAA,IAAA,CAAK,IAAO,CAAA,0BACd,CACF,ECNO,IAAME,EAAwB,CACnC,IAAA,CAAM,MACN,CAAA,KAAA,CAAO,OACP,CAAA,GAAA,CAAK,KACP,CAEMC,CAAAA,EAAAA,CAAwB,CAC5B,CAACD,CAAAA,CAAsB,IAAI,EAAG,IAAG,EACjC,CAAA,CAACA,CAAsB,CAAA,KAAK,EAAIE,CAA+B,EAAA,CAC7D,GAAM,CAAE,QAAA,CAAAC,EAAU,QAAAC,CAAAA,CAAS,EAAIF,CAE/B,CAAA,OAAO,SADoB,MAAO,CAAA,IAAA,CAAK,GAAGC,CAAQ,CAAA,CAAA,EAAIC,CAAQ,CAAE,CAAA,CAAA,CAAE,QAAS,CAAA,QAAQ,CACjD,CAAA,CACpC,EACA,CAACJ,CAAAA,CAAsB,GAAG,EAAIE,CAAAA,EAA+B,CAC3D,GAAM,CAAE,MAAAG,CAAAA,CAAO,CAAIH,CAAAA,CAAAA,CACnB,GAAIG,CACF,CAAA,OAAO,UAAcC,EAAK,CAAA,IAAA,CAAA,GAAID,CAAQ,CAAA,CAAE,SAAW,CAAA,EAAG,CAAC,CAAC,EAG5D,CACF,CAAA,CAEaE,GAA0BL,CAA8E,EAAA,CACnH,IAAMM,CAAsBN,CAAAA,CAAAA,EAAuB,OAEnD,GAAI,EAAA,CAACM,GAAuB,CAACP,EAAAA,CAAsBO,CAAmB,CAItE,CAAA,CAAA,OAAOP,GAAsBO,CAAmB,CAAA,CAAEN,CAAqB,CACzE,ECVA,IAAMO,GAA6B,CAI7BC,CAAAA,iBAAAA,CAAAA,EAAAA,CAAgB,CAAC,CAAE,eAAA,CAAAC,EAAkB,EAAC,CAAG,MAAAC,CAAAA,CAAO,CAAiF,CAAA,KAAa,CACzI,CAAA,CAAA,OAAA,CAAQ,CACf,aAAe,CAAA,MAAA,CACf,wBAAyBA,CAAQ,EAAA,oBAAA,CACjC,GAAGD,CACL,CAAC,EACH,EAEM,CAAE,UAAA,CAAAxB,GAAY,QAAAD,CAAAA,EAAS,EAAI2B,EA6BjC,IAAOC,EAAQ,CAAA,CACb,UAAA3B,CAAAA,EAAAA,CACA,SAAAD,EACA,CAAA,IAAA,CAAAE,EACA,UAAAxB,CAAAA,CAAAA,CACA,qBAAAU,CACA,CAAA,8BAAA,CAAAQ,CACA,CAAA,iBAAA,CAAA2B,EACA,CAAA,gBAAA,CAAA1B,EACA,oBAAAQ,CAAAA,CAAAA,CACA,6BAAAE,CACA,CAAA,2BAAA,CAAAE,EACA,WAAAL,CAAAA,CAAAA,CACA,OAAAD,CAAAA,CAAAA,CACA,uBAAAQ,CAAAA,CAAAA,CACA,cAAAlB,CACA,CAAA,sBAAA,CAAAK,EACA,QAAA6B,CAAAA,CAAAA,CACA,sBAAAb,CACA,CAAA,sBAAA,CAAAO,EACA,CAAA,mBAAA,CAAArF,CACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport moment from 'moment';\n\nconst {\n DEPRECATED_JWT_SECRET, JWT_NEW_SECRET,\n DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET,\n DEPRECATION_UNIX_TIMESTAMP,\n} = process.env;\n\nconst getRelevantSecret = (token: string \| undefined, deprecatedSecret: string, newSecret: string): string => {\n const deprecationTime = moment(parseInt(DEPRECATION_UNIX_TIMESTAMP, 10) * 1000);\n try {\n let unixTime: moment.Moment;\n if (token) {\n const { iat } = jwt.decode(token) as jwt.JwtPayload;\n unixTime = moment(iat * 1000);\n } else {\n unixTime = moment();\n }\n return unixTime.isBefore(deprecationTime) ? deprecatedSecret : newSecret;\n } catch (e) {\n return newSecret;\n }\n};\n\nexport const getRefreshTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET);\nexport const getTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_JWT_SECRET, JWT_NEW_SECRET);\n","import type { UUID } from 'node:crypto';\nimport * as jwt from 'jsonwebtoken';\nimport { getTokenSecret } from './secret-getter';\n\nconst CONTEXT_PROPS = ['fleetId', 'businessModelId', 'demandSourceId'];\nconst CONTEXT_MAP_PROPS = {\n fleet: 'fleets',\n business: 'businessModels',\n demand: 'demandSources',\n};\n\nexport const getAuthFromBearer = (bearer: string): string => bearer.replace('Bearer ', '');\n\nexport const decodeBearer = (bearer: string, appSecret?: string): any => {\n const token = getAuthFromBearer(bearer);\n const decoded = jwt.verify(token, appSecret \|\| getTokenSecret(token));\n return decoded;\n};\n\nexport const parsePermissions = (contextId, decodedToken): any => {\n if (!decodedToken) { return []; }\n const { contexts } = decodedToken;\n const activeContext = contexts.find((context) => context.id === contextId);\n\n const permissionsValue = `${activeContext.permissions?.map((cp) => `${cp},`)}`;\n\n return {\n key: activeContext.entityId,\n value: permissionsValue,\n };\n};\n\nexport const getEntitiesFromContext = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n\n const attributes = {};\n contexts.forEach((context) => {\n const prop = CONTEXT_MAP_PROPS[context.subSystem \|\| 'business'];\n\n const permissions = parsePermissions(context.id, decodedToken);\n // eslint-disable-next-line no-unused-expressions\n attributes[prop]\n ? attributes[prop][permissions.key] = permissions.value\n : attributes[prop] = { [permissions.key]: permissions.value };\n });\n\n return attributes;\n};\n\nexport const getContextAttributes = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n const attributes = {};\n contexts.forEach((context) => {\n CONTEXT_PROPS.forEach((prop) => {\n if (context[prop]) {\n const contextPropWrapped = [context[prop]];\n // eslint-disable-next-line no-unused-expressions\n attributes[prop]\n ? attributes[prop] = attributes[prop].concat(contextPropWrapped)\n : attributes[prop] = contextPropWrapped;\n }\n });\n });\n return attributes;\n};\n\nconst EMPTY_UUID = '00000000-0000-0000-0000-000000000000';\nconst FULL_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff';\nconst VALID_CHARS_REGEX = '[0-9a-f]';\nconst UUID_VERSION_REGEX = '[1-8]';\nconst UUID_REGEX = new RegExp(`^(?:${VALID_CHARS_REGEX}{8}-${VALID_CHARS_REGEX}{4}-${UUID_VERSION_REGEX}${VALID_CHARS_REGEX}{3}-[89ab]${VALID_CHARS_REGEX}{3}-${VALID_CHARS_REGEX}{12}\|${EMPTY_UUID}\|${FULL_UUID})$`, 'i');\nexport function validateUUID(uuid: unknown): uuid is UUID {\n return typeof uuid === 'string' && UUID_REGEX.test(uuid);\n}\n","import Network from '@autofleet/network';\n\nconst CACHE_LIFETIME_IN_SEC = 10;\nconst apiGwUrl = process.env.API_GATEWAY_URL \|\| 'https://api.autofleet.io';\n\n// eslint-disable-next-line import/prefer-default-export\nexport const IdentityNetwork = new Network({\n serviceName: 'IDENTITY_MS',\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n\nexport const AutofleetApiNetwork = new Network({\n baseURL: apiGwUrl,\n serviceUrl: apiGwUrl,\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n","import NodeCache from 'node-cache';\nimport objectHash from 'object-hash';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport { validateUUID } from '../utils';\nimport { AutofleetApiNetwork, IdentityNetwork } from '../services';\n\nexport type AccountType = 'client' \| 'user' \| 'service' \| 'driver'\ninterface EntityPermissions {\n [key: string]: string[];\n}\n\nexport const ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';\nexport const CONTEXTS_IDS_HEADER = 'x-af-context-ids';\n\nexport interface UserPayload {\n businessModels: EntityPermissions;\n fleets: EntityPermissions;\n demandSources: EntityPermissions;\n businessAccounts?: EntityPermissions;\n accountType?: AccountType;\n contexts?: EntityPermissions;\n createdAt?: string;\n}\n\nexport interface PartialUserPayload {\n businessModels?: EntityPermissions;\n fleets?: EntityPermissions;\n demandSources?: EntityPermissions;\n vehicles?: EntityPermissions;\n drivers?: EntityPermissions;\n businessAccounts?: EntityPermissions;\n}\n\nexport type CustomPermissionLoader = (string) => Promise<UserPayload>;\n\nconst userCache = new NodeCache({ stdTTL: 10 });\n\nconst mergePermissions = (target: UserPayload, sources: Iterable<PartialUserPayload>): UserPayload => {\n const permissions: UserPayload = {\n ...target,\n fleets: { ...target?.fleets },\n businessModels: { ...target?.businessModels },\n demandSources: { ...target?.demandSources },\n // Clone other nested objects as needed\n };\n\n // eslint-disable-next-line no-restricted-syntax\n for (const source of sources) {\n Object.keys(source).forEach((entityType) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType] ??= {};\n Object.entries(source[entityType]!).forEach(([entityId, perms]) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType][entityId] = (permissions[entityType][entityId] \|\| []).concat(perms);\n });\n });\n }\n\n return permissions;\n};\n\nexport default class ApiUser {\n private privatePermissions: UserPayload \| undefined;\n\n private readonly privateElevatedPermissionsHash = new Map<symbol, PartialUserPayload \| undefined>();\n\n private privatePermissionsLegacy: any;\n\n private readonly appPermission: {[key: string]: any; } = {};\n\n public readonly emptyUser: boolean;\n\n constructor(public id? : string, public accountType?: AccountType, elevatedPermissions?: PartialUserPayload, public contextIds?: string[]) {\n this.emptyUser = !!id;\n if (elevatedPermissions) {\n this.privateElevatedPermissionsHash.set(Symbol('initial'), elevatedPermissions);\n }\n }\n\n async getUserPermissions(): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n });\n\n let data = userCache.get<UserPayload>(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.accountType = data.accountType;\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n async useCustomPermissionLoader(customPermissionLoader: any): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n\n const cacheKey = this.id;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.privatePermissions = cachedResult;\n return cachedResult;\n }\n\n const data = await customPermissionLoader(this.id);\n userCache.set(cacheKey, data);\n\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n get businessModels(): string[] \| undefined {\n return this.getUserProperty('businessModels');\n }\n\n get fleets(): string[] \| undefined {\n return this.getUserProperty('fleets');\n }\n\n get demandSources(): string[] \| undefined {\n return this.getUserProperty('demandSources');\n }\n\n private getUserProperty(key: keyof UserPayload): string[] \| undefined {\n if (!this.privatePermissions) {\n throw new Error(`Cannot get ${key} without calling (async) getUserPermissions before`);\n }\n return Object.keys(this.privatePermissions[key] \|\| {});\n }\n\n get elevatedPermissions(): UserPayload {\n return mergePermissions(undefined, this.privateElevatedPermissionsHash.values());\n }\n\n get permissions(): UserPayload \| undefined {\n if (!this.privatePermissions) {\n throw new Error('Cannot get permissions without calling (async) getUserPermissions before');\n }\n\n return mergePermissions(this.privatePermissions, this.privateElevatedPermissionsHash.values());\n }\n\n elevatePermissions(addedPermissions: PartialUserPayload): () => void {\n // @itayankri is concerned about memory consumption, so create a symbol with no description, to avoid assigning memory for the description string\n // eslint-disable-next-line symbol-description\n const elevationId = Symbol();\n\n // Validate that the added permissions are valid UUIDs\n Object.values(addedPermissions).forEach((entityIds) => {\n Object.keys(entityIds).forEach((entityId) => {\n if (!validateUUID(entityId)) {\n throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${entityId}`);\n }\n });\n });\n\n const currentUserTrace = getCurrentContext();\n if (!currentUserTrace) {\n throw new Error('Cannot find current user cross services trace');\n }\n\n const currentElevation = JSON.parse(currentUserTrace.context[ELEVATED_PERMISSIONS_HEADER] \|\| '{}');\n const newElevation = Object.assign(currentElevation, addedPermissions);\n this.privateElevatedPermissionsHash.set(elevationId, newElevation);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n return () => {\n this.privateElevatedPermissionsHash.delete(elevationId);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n };\n }\n\n async getUserPermissionsLegacy() {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissionsLegacy) {\n return this.privatePermissionsLegacy;\n }\n const { data } = await IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload-legacy`);\n\n this.privatePermissionsLegacy = data;\n return this.privatePermissionsLegacy;\n }\n\n get permissionsLegacy(): any {\n if (!this.privatePermissionsLegacy) {\n throw new Error('Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before');\n }\n return this.privatePermissionsLegacy;\n }\n\n async getUserAppPermissions(appId, clientSecret) {\n if (!this.id \|\| !appId \|\| !clientSecret) {\n return undefined;\n }\n const currentAppPermission = this.appPermission[appId];\n\n if (currentAppPermission) {\n return currentAppPermission;\n }\n\n const cacheKey = `${this.id}:${appId}`;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.appPermission[appId] = cachedResult;\n return cachedResult;\n }\n\n const { data } = await AutofleetApiNetwork.post(`/api/v1/apps/${appId}/get-user-payload`, {\n userId: this.id,\n }, {\n headers: {\n 'x-autofleet-apps-secret': clientSecret,\n },\n });\n\n userCache.set(cacheKey, data);\n this.appPermission[appId] = data;\n return this.appPermission[appId];\n }\n}\n","import { AutofleetApiNetwork } from './services';\n\nexport const decodeAppBearer = async (bearer: string, appId: string): Promise<any> => {\n const { data: decoded } = await AutofleetApiNetwork.post('/api/v1/auth', { bearer, appId });\n return decoded;\n};\n\nexport const getClientSecret = async (appId: string): Promise<any> => {\n const { data: secret } = await AutofleetApiNetwork.get(`/api/v1/auth/client-secret/${appId}`);\n return secret;\n};\n","export default class AppDoesNotExist extends Error {\n name = 'AppDoesNotExist';\n\n message = 'app does not exist';\n}\n","import { getCurrentContext, newTrace, traceTypes } from '@autofleet/outbreak';\nimport { TokenExpiredError, JsonWebTokenError } from 'jsonwebtoken';\nimport ApiUser, { CONTEXTS_IDS_HEADER, CustomPermissionLoader, ELEVATED_PERMISSIONS_HEADER } from './ApiUser';\nimport { decodeAppBearer } from '../app-auth';\nimport AppDoesNotExist from '../exceptions/appDoesNotExist';\nimport { decodeBearer, getAuthFromBearer } from '../utils';\n\nconst IDENTITY_MS = 'identity-ms';\nconst ACCESS_TOKEN = 'accessToken';\nexport const USER_OBJECT = 'userObject';\nconst USER_TRACING_HEADER = 'x-af-user-id';\nconst ORIGIN_HEADER = 'X-IAF-ORIGIN-SERVICE';\nconst USER_PERMISSIONS_HEADER = 'x-af-user-permissions';\nconst LOWER_CASE_ORIGIN_HEADER = ORIGIN_HEADER.toLowerCase();\n\nexport const middleware = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n customPermissionLoader?: CustomPermissionLoader;\n} = {}) => async (req, res, next): Promise<any> => {\n try {\n const originHeader: string = req.headers[ORIGIN_HEADER] \|\| req.headers[LOWER_CASE_ORIGIN_HEADER] \|\| '';\n if (originHeader.toLowerCase() === IDENTITY_MS) {\n return next();\n }\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n customPermissionLoader,\n } = options;\n const userId = req.headers[USER_TRACING_HEADER];\n if (!userId) {\n return next();\n }\n\n const elevatedPermissionsFromHeader = req.headers[ELEVATED_PERMISSIONS_HEADER]?.length > 0 ? JSON.parse(req.headers[ELEVATED_PERMISSIONS_HEADER]) : {};\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n\n const userObject = new ApiUser(userId, 'user', elevatedPermissionsFromHeader, contextIds);\n if (eagerLoadUserPermissions) {\n if (customPermissionLoader) {\n await userObject.useCustomPermissionLoader(customPermissionLoader);\n } else {\n await userObject.getUserPermissions();\n }\n }\n\n if (eagerLoadUserPermissionsLegacy) {\n await userObject.getUserPermissionsLegacy();\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n return next();\n } catch (e) {\n res.status(401);\n return res.json({\n error: 'cannot authenticate user',\n });\n }\n};\n\nexport const middlewareWithDecode = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n returnErrorIfNoToken?: boolean\n} = {}) => async (req, res, next): Promise<void> => {\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n returnErrorIfNoToken,\n } = options;\n let decoded;\n if (req.headers.authorization) {\n try {\n decoded = await decodeBearer(req.headers.authorization);\n } catch (e) {\n if (e instanceof TokenExpiredError) {\n res.status(401);\n res.json({\n errors: ['Access token expired'],\n });\n } else if (e instanceof JsonWebTokenError) {\n res.status(400);\n res.json({\n errors: [e.message],\n });\n } else {\n res.status(500);\n res.json({\n errors: ['Server error while parsing token'],\n });\n }\n return undefined;\n }\n const userId = decoded?.user?.id;\n\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n const userObject = new ApiUser(userId, decoded?.user?.accountType, undefined, contextIds);\n\n if (eagerLoadUserPermissions) {\n await userObject.getUserPermissions();\n }\n\n if (eagerLoadUserPermissionsLegacy) {\n await userObject.getUserPermissionsLegacy();\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n } else if (returnErrorIfNoToken) {\n res.status(401);\n return res.json({\n errors: ['No token provided'],\n });\n }\n return next();\n};\n\nexport const appMiddleware = (options: {\n appId: string,\n clientSecret: string\n}) => async (req, res, next): Promise<void> => {\n const {\n appId,\n clientSecret,\n } = options;\n let decoded;\n\n if (!req.headers.authorization) {\n res.status(401);\n return res.json({\n errors: ['No token provided'],\n });\n }\n\n try {\n decoded = await decodeAppBearer(req.headers.authorization, appId);\n if (!decoded) {\n throw new AppDoesNotExist();\n }\n } catch (e) {\n if (e instanceof TokenExpiredError) {\n return res.status(401).json({\n errors: ['Access token expired'],\n });\n }\n if ([JsonWebTokenError, AppDoesNotExist].some((Err) => e instanceof Err)) {\n return res.status(400).json({\n errors: [e.message],\n });\n }\n return res.status(500).json({\n errors: ['Server error while parsing token'],\n });\n }\n const userId = decoded?.userId;\n if (userId) {\n req.headers[USER_OBJECT] = userId;\n }\n\n const userObject = new ApiUser(userId);\n\n if (appId) {\n req.headers['x-autofleet-apps-secret'] = clientSecret;\n // Won't work until we find a better solution for identity ms\n await userObject.getUserAppPermissions(appId, clientSecret);\n }\n\n req.user = userObject;\n const currentTraceContext = getCurrentContext().nonHeaderContext;\n currentTraceContext?.set(USER_OBJECT, userObject);\n currentTraceContext?.set(ACCESS_TOKEN, getAuthFromBearer(req.headers.authorization));\n\n // Added in order to support outbreak.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n return next();\n};\n\nexport const eagerLoadPermissionsMiddleware = async (req, res, next) => {\n await req.user.getUserPermissions();\n return next();\n};\n\nexport const getDecodedBearer = (req) => {\n if (req.headers.authorization) {\n return decodeBearer(req.headers.authorization);\n }\n\n return null;\n};\n\nexport const createOrSetRabbitTrace = async (trace: ReturnType<typeof newTrace> \| undefined, userId: string \| undefined) => {\n const userObject = new ApiUser(userId);\n\n await userObject.getUserPermissions();\n // eslint-disable-next-line no-param-reassign\n trace ??= newTrace(traceTypes.RABBIT);\n trace.nonHeaderContext.set(USER_OBJECT, userObject);\n};\n\nexport default ApiUser;\n","import { getCurrentContext } from '@autofleet/outbreak';\nimport ApiUser from './user/ApiUser';\nimport { USER_OBJECT } from './user';\n\nexport const getUser = () : ApiUser \| undefined => getCurrentContext().nonHeaderContext?.get(USER_OBJECT) as ApiUser \| undefined;\n\nexport const isUserExist = () => getUser()?.id;\n\nexport const checkFleetPermission = (fleetId: string) => !isUserExist() \|\| Object.keys(getUser()!.permissions.fleets).includes(fleetId);\n\nexport const checkBusinessModelPermission = (businessModelId: string) => !isUserExist() \|\| Object.keys(getUser()!.permissions.businessModels).includes(businessModelId);\n\nexport const checkDemandSourcePermission = (demandSourceId: string) => !isUserExist() \|\| Object.keys(getUser()!.permissions.demandSources).includes(demandSourceId);\n","import type ApiUser from './user';\n\n// eslint-disable-next-line import/prefer-default-export\nexport class UnauthorizedAccessError extends Error {\n constructor(public user: ApiUser \| null = null, message = 'UnauthorizedAccessError') {\n super(message);\n this.name = 'UnauthorizedAccessError';\n }\n}\n","import * as jwt from 'jsonwebtoken';\n\nexport const AUTHORIZATION_METHODS = {\n NONE: 'NONE',\n BASIC: 'BASIC',\n JWT: 'JWT',\n};\n\nconst AUTHORIZATION_ACTIONS = {\n [AUTHORIZATION_METHODS.NONE]: () => undefined,\n [AUTHORIZATION_METHODS.BASIC]: (authorizationSettings: any) => {\n const { username, password } = authorizationSettings;\n const encodedCredentials = Buffer.from(`${username}:${password}`).toString('base64');\n return `Basic ${encodedCredentials}`;\n },\n [AUTHORIZATION_METHODS.JWT]: (authorizationSettings: any) => {\n const { secret } = authorizationSettings;\n if (secret) {\n return `Bearer ${jwt.sign({}, secret, { expiresIn: 10 })}`;\n }\n return undefined;\n },\n};\n\nexport const getAuthorizationHeader = (authorizationSettings: { method: string } \| undefined): string \| undefined => {\n const authorizationMethod = authorizationSettings?.method;\n\n if (!authorizationMethod \|\| !AUTHORIZATION_ACTIONS[authorizationMethod]) {\n return undefined;\n }\n\n return AUTHORIZATION_ACTIONS[authorizationMethod](authorizationSettings);\n};\n","import type { LoggerInstanceManager } from '@autofleet/logger';\nimport * as outbreak from '@autofleet/outbreak';\nimport User, {\n middleware,\n eagerLoadPermissionsMiddleware,\n middlewareWithDecode,\n getDecodedBearer,\n appMiddleware,\n createOrSetRabbitTrace,\n} from './user';\nimport { type UserPayload, CONTEXTS_IDS_HEADER } from './user/ApiUser';\nimport {\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n} from './check-permission';\nimport { UnauthorizedAccessError } from './errors';\nimport { getRefreshTokenSecret, getTokenSecret } from './secret-getter';\nimport { AUTHORIZATION_METHODS, getAuthorizationHeader } from './authorization';\n\nconst getCurrentPayload = outbreak.getCurrentContext;\n\ntype OutbreakOptions = Parameters<typeof outbreak.default>[0];\ntype LoggerWithContextMiddleware = Partial<Pick<LoggerInstanceManager, 'addContextMiddleware'>>;\nconst enableTracing = ({ outbreakOptions = {}, logger }: { outbreakOptions?: OutbreakOptions, logger?: LoggerWithContextMiddleware } = {}): void => {\n outbreak.default({\n headersPrefix: 'x-af',\n contextMiddlewareGetter: logger?.addContextMiddleware,\n ...outbreakOptions,\n });\n};\n\nconst { traceTypes, newTrace } = outbreak;\n\nexport {\n traceTypes,\n newTrace,\n enableTracing,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n getRefreshTokenSecret,\n getTokenSecret,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n type UserPayload,\n CONTEXTS_IDS_HEADER,\n};\n\nexport default {\n traceTypes,\n newTrace,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n CONTEXTS_IDS_HEADER,\n};\n"]}
1	+ {"version":3,"sources":["../src/secret-getter.ts","../src/utils.ts","../src/services.ts","../src/user/ApiUser.ts","../src/app-auth.ts","../src/exceptions/appDoesNotExist.ts","../src/user/index.ts","../src/check-permission.ts","../src/errors.ts","../src/authorization.ts","../src/index.ts"],"names":["DEPRECATED_JWT_SECRET","JWT_NEW_SECRET","DEPRECATED_REFRESH_JWT_SECRET","REFRESH_JWT_SECRET","DEPRECATION_UNIX_TIMESTAMP","getRelevantSecret","token","deprecatedSecret","newSecret","deprecationTime","moment","unixTime","iat","jwt","getRefreshTokenSecret","getTokenSecret","getAuthFromBearer","bearer","decodeBearer","appSecret","D","EMPTY_UUID","FULL_UUID","VALID_CHARS_REGEX","UUID_VERSION_REGEX","UUID_REGEX","validateUUID","uuid","CACHE_LIFETIME_IN_SEC","apiGwUrl","IdentityNetwork","Network","AutofleetApiNetwork","ELEVATED_PERMISSIONS_HEADER","CONTEXTS_IDS_HEADER","userCache","NodeCache","mergePermissions","target","sources","permissions","source","entityType","entityId","perms","ApiUser","id","accountType","elevatedPermissions","contextIds","cacheKey","objectHash","data","customPermissionLoader","cachedResult","key","addedPermissions","elevationId","entityIds","currentUserTrace","getCurrentContext","currentElevation","newElevation","appId","clientSecret","currentAppPermission","decodeAppBearer","decoded","AppDoesNotExist","IDENTITY_MS","ACCESS_TOKEN","USER_OBJECT","USER_TRACING_HEADER","ORIGIN_HEADER","USER_PERMISSIONS_HEADER","LOWER_CASE_ORIGIN_HEADER","AUTOFLEET_APPS_SECRET_HEADER","middleware","options","req","res","next","eagerLoadUserPermissions","eagerLoadUserPermissionsLegacy","userId","elevatedPermissionsFromHeader","userObject","middlewareWithDecode","returnErrorIfNoToken","e","appMiddleware","Err","currentTraceContext","eagerLoadPermissionsMiddleware","getDecodedBearer","createOrSetRabbitTrace","trace","newTrace","traceTypes","user_default","getUser","isUserExist","checkUserPermissions","checkFleetPermission","fleetId","checkBusinessModelPermission","businessModelId","checkDemandSourcePermission","demandSourceId","UnauthorizedAccessError","user","message","AUTHORIZATION_METHODS","AUTHORIZATION_ACTIONS","authorizationSettings","username","password","secret","se","getAuthorizationHeader","authorizationMethod","getCurrentPayload","enableTracing","outbreakOptions","logger","outbreak","index_default"],"mappings":"wTAGM,IAAA,CACJ,qBAAAA,CAAAA,EAAAA,CAAuB,eAAAC,EACvB,CAAA,6BAAA,CAAAC,GAA+B,kBAAAC,CAAAA,EAAAA,CAC/B,2BAAAC,EACF,CAAA,CAAI,OAAQ,CAAA,GAAA,CAENC,CAAoB,CAAA,CAACC,EAA2BC,CAA0BC,CAAAA,CAAAA,GAA8B,CAC5G,IAAMC,CAAAA,CAAkBC,EAAO,QAASN,CAAAA,EAAAA,CAA4B,EAAE,CAAA,CAAI,GAAI,CAAA,CAC9E,GAAI,CACF,IAAIO,EACJ,GAAIL,CAAAA,CAAO,CACT,GAAM,CAAE,GAAAM,CAAAA,CAAI,CAAIC,CAAAA,UAAAA,CAAI,OAAOP,CAAK,CAAA,CAChCK,EAAWD,CAAOE,CAAAA,CAAAA,CAAM,GAAI,EAC9B,CAAA,KACED,CAAWD,CAAAA,CAAAA,EAEb,CAAA,OAAOC,EAAS,QAASF,CAAAA,CAAe,EAAIF,CAAmBC,CAAAA,CACjE,MAAY,CACV,OAAOA,CACT,CACF,CAEaM,CAAAA,EAAAA,CAAyBR,GAA2BD,CAAkBC,CAAAA,CAAAA,CAAOJ,GAA+BC,EAAkB,CAAA,CAC9HY,EAAkBT,CAA2BD,EAAAA,CAAAA,CAAkBC,EAAON,EAAuBC,CAAAA,EAAc,ECfjH,IAAMe,CAAAA,CAAqBC,GAA2BA,CAAO,CAAA,OAAA,CAAQ,UAAW,EAAE,CAAA,CAE5EC,CAAe,CAAA,CAACD,CAAgBE,CAAAA,CAAAA,GAA4B,CACvE,IAAMb,CAAAA,CAAQU,EAAkBC,CAAM,CAAA,CAEtC,OADoBG,CAAOd,CAAAA,MAAAA,CAAAA,CAAAA,CAAoBS,CAAAA,CAAeT,CAAK,CAAC,CAEtE,CAqDA,CAAA,IAAMe,GAAa,sCACbC,CAAAA,EAAAA,CAAY,uCACZC,CAAoB,CAAA,UAAA,CACpBC,EAAqB,CAAA,OAAA,CACrBC,EAAa,CAAA,IAAI,OACrB,CAAOF,IAAAA,EAAAA,CAAiB,OAAOA,CAAiB,CAAA,IAAA,EAAOC,EAAkB,CAAGD,EAAAA,CAAiB,CAAaA,UAAAA,EAAAA,CAAiB,CAAOA,IAAAA,EAAAA,CAAiB,QAAQF,EAAU,CAAA,CAAA,EAAIC,EAAS,CAClL,EAAA,CAAA,CAAA,GACF,EACO,SAASI,CAAAA,CAAaC,CAA6B,CAAA,CACxD,OAAO,OAAOA,GAAS,QAAYF,EAAAA,EAAAA,CAAW,KAAKE,CAAI,CACzD,CC9EA,IAAMC,CAAwB,CAAA,EAAA,CACxBC,EAAW,OAAQ,CAAA,GAAA,CAAI,iBAAmB,0BAGnCC,CAAAA,CAAAA,CAAkB,IAAIC,CAAQ,CAAA,CACzC,WAAa,CAAA,aAAA,CACb,OAAS,CAAA,CAAA,CACT,eAAgB,IAAM,IAAA,CACtB,MAAO,OAAQ,CAAA,GAAA,CAAI,WAAa,MAAS,CAAA,CACvC,OAAQH,CAAwB,CAAA,GAClC,EAAI,MACN,CAAC,EAEYI,CAAsB,CAAA,IAAID,EAAQ,CAC7C,OAAA,CAASF,CACT,CAAA,UAAA,CAAYA,CACZ,CAAA,OAAA,CAAS,EACT,cAAgB,CAAA,IAAM,KACtB,KAAO,CAAA,OAAA,CAAQ,IAAI,QAAa,GAAA,MAAA,CAAS,CACvC,MAAA,CAAQD,CAAwB,CAAA,GAClC,EAAI,MACN,CAAC,ECZYK,IAAAA,CAAAA,CAA8B,4BAC9BC,CAAsB,CAAA,kBAAA,CAuB7BC,CAAY,CAAA,IAAIC,EAAU,CAAA,CAAE,OAAQ,EAAG,CAAC,EAExCC,CAAmB,CAAA,CAACC,EAAqBC,CAAuD,GAAA,CACpG,IAAMC,CAAAA,CAA2B,CAC/B,GAAGF,EACH,MAAQ,CAAA,CAAE,GAAGA,CAAQ,EAAA,MAAO,EAC5B,cAAgB,CAAA,CAAE,GAAGA,CAAAA,EAAQ,cAAe,CAAA,CAC5C,cAAe,CAAE,GAAGA,GAAQ,aAAc,CAE5C,EAGA,IAAWG,IAAAA,CAAAA,IAAUF,CACnB,CAAA,MAAA,CAAO,IAAKE,CAAAA,CAAM,EAAE,OAASC,CAAAA,CAAAA,EAAe,CAE1CF,CAAYE,CAAAA,CAAU,IAAM,EAAC,CAC7B,MAAO,CAAA,OAAA,CAAQD,CAAOC,CAAAA,CAAU,CAAE,CAAE,CAAA,OAAA,CAAQ,CAAC,CAACC,CAAAA,CAAUC,CAAK,CAAM,GAAA,CAEjEJ,EAAYE,CAAU,CAAA,CAAEC,CAAQ,CAAKH,CAAAA,CAAAA,CAAAA,CAAYE,CAAU,CAAEC,CAAAA,CAAQ,GAAK,EAAC,EAAG,MAAOC,CAAAA,CAAK,EAC5F,CAAC,EACH,CAAC,CAAA,CAGH,OAAOJ,CACT,CAAA,CAEqBK,EAArB,KAA6B,CAW3B,WAAmBC,CAAAA,CAAAA,CAAqBC,CAA2BC,CAAAA,CAAAA,CAAiDC,EAAuB,CAAxH,IAAA,CAAA,EAAA,CAAAH,EAAqB,IAAAC,CAAAA,WAAAA,CAAAA,CAAAA,CAA4E,gBAAAE,CARpH,CAAA,IAAA,CAAiB,8BAAiC,CAAA,IAAI,GAItD,CAAA,IAAA,CAAiB,cAAwC,EAAC,CAKxD,KAAK,SAAY,CAAA,CAAC,CAACH,CACfE,CAAAA,CAAAA,EACF,IAAK,CAAA,8BAAA,CAA+B,GAAI,CAAA,MAAA,CAAO,SAAS,CAAGA,CAAAA,CAAmB,EAElF,CAEA,MAAa,oBAA2C,CACtD,GAAI,CAAC,IAAA,CAAK,EACR,CAAA,OAEF,GAAI,IAAK,CAAA,kBAAA,CACP,OAAO,IAAK,CAAA,kBAAA,CAEd,IAAME,CAAWC,CAAAA,EAAAA,CAAW,CAC1B,EAAA,CAAI,IAAK,CAAA,EAAA,CACT,WAAY,IAAK,CAAA,UACnB,CAAC,CAEGC,CAAAA,CAAAA,CAAOjB,EAAU,GAAiBe,CAAAA,CAAQ,CAE9C,CAAA,OAAKE,CACF,GAAA,CAAE,KAAAA,CAAK,CAAA,CAAI,MAAMtB,CAAgB,CAAA,GAAA,CAAiB,iBAAiB,IAAK,CAAA,EAAE,yBAA0B,CAAE,MAAA,CAAQ,CAAE,UAAY,CAAA,IAAA,CAAK,UAAW,CAAE,CAAC,EAChJK,CAAU,CAAA,GAAA,CAAIe,CAAUE,CAAAA,CAAI,CAG9B,CAAA,CAAA,IAAA,CAAK,YAAcA,CAAK,CAAA,WAAA,CACxB,KAAK,kBAAqBA,CAAAA,CAAAA,CACnB,KAAK,kBACd,CAEA,MAAa,yBAAA,CAA0BC,CAA0G,CAAA,CAC/I,GAAI,CAAC,IAAA,CAAK,GACR,OAEF,GAAI,KAAK,kBACP,CAAA,OAAO,IAAK,CAAA,kBAAA,CAGd,IAAMH,CAAAA,CAAW,KAAK,EAEhBI,CAAAA,CAAAA,CAAenB,EAAU,GAAiBe,CAAAA,CAAQ,EACxD,GAAII,CAAAA,CACF,OAAK,IAAA,CAAA,kBAAA,CAAqBA,CACnBA,CAAAA,CAAAA,CAGT,IAAMF,CAAO,CAAA,MAAMC,EAAuB,IAAK,CAAA,EAAE,EACjD,OAAAlB,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAAA,CAE5B,KAAK,kBAAqBA,CAAAA,CAAAA,CACnB,KAAK,kBACd,CAEA,IAAW,cAAuC,EAAA,CAChD,OAAO,IAAA,CAAK,eAAgB,CAAA,gBAAgB,CAC9C,CAEA,IAAW,QAA+B,CACxC,OAAO,KAAK,eAAgB,CAAA,QAAQ,CACtC,CAEA,IAAW,aAAA,EAAsC,CAC/C,OAAO,IAAA,CAAK,gBAAgB,eAAe,CAC7C,CAEQ,eAAgBG,CAAAA,CAAAA,CAA8C,CACpE,GAAI,CAAC,KAAK,kBACR,CAAA,MAAM,IAAI,KAAM,CAAA,CAAA,WAAA,EAAcA,CAAG,CAAoD,kDAAA,CAAA,CAAA,CAEvF,OAAO,MAAA,CAAO,IAAK,CAAA,IAAA,CAAK,mBAAmBA,CAAG,CAAA,EAAK,EAAE,CACvD,CAEA,IAAW,mBAAA,EAAmC,CAC5C,OAAOlB,CAAiB,CAAA,MAAA,CAAW,KAAK,8BAA+B,CAAA,MAAA,EAAQ,CACjF,CAEA,IAAW,WAAuC,EAAA,CAChD,GAAI,CAAC,IAAK,CAAA,kBAAA,CACR,MAAM,IAAI,KAAA,CAAM,0EAA0E,CAG5F,CAAA,OAAOA,EAAiB,IAAK,CAAA,kBAAA,CAAoB,IAAK,CAAA,8BAAA,CAA+B,MAAO,EAAC,CAC/F,CAEO,kBAAA,CAAmBmB,EAAkD,CAG1E,IAAMC,EAAc,MAAO,EAAA,CAG3B,MAAO,CAAA,MAAA,CAAOD,CAAgB,CAAA,CAAE,QAASE,CAAc,EAAA,CACrD,OAAO,IAAKA,CAAAA,CAAS,EAAE,OAASf,CAAAA,CAAAA,EAAa,CAC3C,GAAI,CAACjB,CAAAA,CAAaiB,CAAQ,CACxB,CAAA,MAAM,IAAI,KAAM,CAAA,CAAA,+DAAA,EAAkEA,CAAQ,CAAE,CAAA,CAEhG,CAAC,EACH,CAAC,CAAA,CAED,IAAMgB,CAAmBC,CAAAA,iBAAAA,GACzB,GAAI,CAACD,EACH,MAAM,IAAI,MAAM,+CAA+C,CAAA,CAGjE,IAAME,CAAmB,CAAA,IAAA,CAAK,MAAMF,CAAiB,CAAA,OAAA,CAAQ1B,CAA2B,CAAK,EAAA,IAAI,CAC3F6B,CAAAA,CAAAA,CAAe,MAAO,CAAA,MAAA,CAAOD,EAAkBL,CAAgB,CAAA,CACrE,YAAK,8BAA+B,CAAA,GAAA,CAAIC,EAAaK,CAAY,CAAA,CACjEH,CAAiB,CAAA,OAAA,CAAQ,GAAI1B,CAAAA,CAAAA,CAA6B,KAAK,SAAU,CAAA,IAAA,CAAK,mBAAmB,CAAC,CAAA,CAC3F,IAAM,CACX,IAAA,CAAK,8BAA+B,CAAA,MAAA,CAAOwB,CAAW,CAAA,CACtDE,EAAiB,OAAQ,CAAA,GAAA,CAAI1B,EAA6B,IAAK,CAAA,SAAA,CAAU,KAAK,mBAAmB,CAAC,EACpG,CACF,CAEA,MAAa,0BAA2B,CACtC,GAAI,CAAC,IAAK,CAAA,EAAA,CACR,OAEF,GAAI,IAAA,CAAK,wBACP,CAAA,OAAO,IAAK,CAAA,wBAAA,CAEd,GAAM,CAAE,IAAA,CAAAmB,CAAK,CAAI,CAAA,MAAMtB,EAAgB,GAAI,CAAA,CAAA,cAAA,EAAiB,IAAK,CAAA,EAAE,CAA+B,6BAAA,CAAA,CAAA,CAElG,YAAK,wBAA2BsB,CAAAA,CAAAA,CACzB,KAAK,wBACd,CAEA,IAAW,iBAAyB,EAAA,CAClC,GAAI,CAAC,IAAK,CAAA,wBAAA,CACR,MAAM,IAAI,KAAA,CAAM,sFAAsF,CAExG,CAAA,OAAO,KAAK,wBACd,CAEA,MAAa,qBAAA,CAAsBW,CAAOC,CAAAA,CAAAA,CAAc,CACtD,GAAI,CAAC,KAAK,EAAM,EAAA,CAACD,GAAS,CAACC,CAAAA,CACzB,OAEF,IAAMC,CAAuB,CAAA,IAAA,CAAK,cAAcF,CAAK,CAAA,CAErD,GAAIE,CACF,CAAA,OAAOA,EAGT,IAAMf,CAAAA,CAAW,CAAG,EAAA,IAAA,CAAK,EAAE,CAAA,CAAA,EAAIa,CAAK,CAE9BT,CAAAA,CAAAA,CAAAA,CAAenB,EAAU,GAAiBe,CAAAA,CAAQ,EACxD,GAAII,CAAAA,CACF,OAAK,IAAA,CAAA,aAAA,CAAcS,CAAK,CAAA,CAAIT,EACrBA,CAGT,CAAA,GAAM,CAAE,IAAAF,CAAAA,CAAK,EAAI,MAAMpB,CAAAA,CAAoB,IAAkB,CAAA,CAAA,aAAA,EAAgB+B,CAAK,CAAA,iBAAA,CAAA,CAAqB,CACrG,MAAQ,CAAA,IAAA,CAAK,EACf,CAAG,CAAA,CACD,QAAS,CACP,yBAAA,CAA2BC,CAC7B,CACF,CAAC,CAAA,CAED,OAAA7B,CAAU,CAAA,GAAA,CAAIe,EAAUE,CAAI,CAAA,CAC5B,KAAK,aAAcW,CAAAA,CAAK,CAAIX,CAAAA,CAAAA,CACrB,IAAK,CAAA,aAAA,CAAcW,CAAK,CACjC,CACF,EC1OO,IAAMG,CAAAA,CAAkB,MAAOjD,CAAgB8C,CAAAA,CAAAA,GAAgC,CACpF,GAAM,CAAE,IAAA,CAAMI,CAAQ,CAAI,CAAA,MAAMnC,EAAoB,IAAK,CAAA,cAAA,CAAgB,CAAE,MAAAf,CAAAA,CAAAA,CAAQ,MAAA8C,CAAM,CAAC,EAC1F,OAAOI,CACT,ECLA,IAAqBC,CAAAA,CAArB,cAA6C,KAAM,CAAnD,WACE,EAAA,CAAA,KAAA,CAAA,GAAA,SAAA,CAAA,CAAA,IAAA,CAAA,IAAA,CAAO,iBAEP,CAAA,IAAA,CAAA,OAAA,CAAU,sBACZ,CCIA,CAAA,IAAMC,GAAc,aACdC,CAAAA,EAAAA,CAAe,cACRC,CAAc,CAAA,YAAA,CACrBC,CAAsB,CAAA,cAAA,CACtBC,CAAgB,CAAA,sBAAA,CAChBC,EAA0B,uBAC1BC,CAAAA,EAAAA,CAA2BF,EAAc,WAAY,EAAA,CACrDG,GAA+B,yBASxBC,CAAAA,CAAAA,CAAa,CAACC,CAAAA,CAIvB,EAAC,GAAe,MAAOC,CAAKC,CAAAA,CAAAA,CAAKC,IAAuB,CAC1D,GAAI,CAEF,GADsBF,CAAAA,CAAAA,CAAI,OAAQN,CAAAA,CAAa,CAAKM,EAAAA,CAAAA,CAAI,QAAQJ,EAAwB,CAAA,EAAK,IAC5E,WAAY,EAAA,GAAMN,GAAa,CAC9CY,CAAAA,EACA,CAAA,MACF,CACA,GAAM,CACJ,wBAAAC,CAAAA,CAAAA,CACA,+BAAAC,CACA,CAAA,sBAAA,CAAA9B,CACF,CAAIyB,CAAAA,CAAAA,CACEM,CAASL,CAAAA,CAAAA,CAAI,OAAQP,CAAAA,CAAmB,EAC9C,GAAI,CAACY,EAAQ,CACXH,CAAAA,GACA,MACF,CAEA,IAAMI,CAAAA,CAAgCN,CAAI,CAAA,OAAA,CAAQ9C,CAA2B,CAAK8C,EAAAA,CAAAA,CAAI,QAAQ9C,CAA2B,CAAA,CAAE,OAAS,CAChI,CAAA,IAAA,CAAK,MAAM8C,CAAI,CAAA,OAAA,CAAQ9C,CAA2B,CAAW,CAAA,CAC7D,EACEgB,CAAAA,CAAAA,CAAc8B,EAAI,OAAU7C,GAAAA,CAAmB,CAAc,EAAA,KAAA,CAAM,GAAG,CAAA,CAEtEoD,EAAa,IAAIzC,CAAAA,CAAQuC,EAAQ,MAAQC,CAAAA,CAAAA,CAA+BpC,CAAU,CACpFiC,CAAAA,CAAAA,GACE7B,CACF,CAAA,MAAMiC,CAAW,CAAA,yBAAA,CAA0BjC,CAAsB,CAEjE,CAAA,MAAMiC,EAAW,kBAAmB,EAAA,CAAA,CAIpCH,GACF,MAAMG,CAAAA,CAAW,wBAAyB,EAAA,CAG5CP,CAAI,CAAA,IAAA,CAAOO,EACX1B,iBAAkB,EAAA,CAAE,kBAAkB,GAAIW,CAAAA,CAAAA,CAAae,CAAU,CAIjEP,CAAAA,CAAAA,CAAI,OAAQL,CAAAA,CAAuB,CAAIY,CAAAA,CAAAA,CAEvCL,IACF,CAAA,KAAY,CACVD,CAAI,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,KAAA,CAAO,0BAA2B,CAAC,EAC5D,CACF,CAAA,CAEaO,EAAuB,CAACT,CAAAA,CAIjC,EAAgB,GAAA,MAAOC,CAAKC,CAAAA,CAAAA,CAAKC,CAAwB,GAAA,CAC3D,GAAM,CACJ,wBAAA,CAAAC,EACA,8BAAAC,CAAAA,CAAAA,CACA,qBAAAK,CACF,CAAA,CAAIV,CACAX,CAAAA,CAAAA,CACJ,GAAIY,CAAAA,CAAI,QAAQ,aAAe,CAAA,CAC7B,GAAI,CACFZ,CAAAA,CAAU,MAAMjD,CAAa6D,CAAAA,CAAAA,CAAI,QAAQ,aAAa,EACxD,OAASU,CAAG,CAAA,CACNA,aAAa5E,UAAI,CAAA,iBAAA,CACnBmE,EAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAA,CAAQ,CAAC,sBAAsB,CAAE,CAAC,CAChDS,CAAAA,CAAAA,YAAa5E,WAAI,iBAC1BmE,CAAAA,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAACS,EAAE,OAAO,CAAE,CAAC,CAE5CT,CAAAA,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAAC,kCAAkC,CAAE,CAAC,EAEvE,MACF,CACA,IAAMI,CAAAA,CAASjB,CAAS,EAAA,IAAA,EAAM,GAE1BiB,CACFL,GAAAA,CAAAA,CAAI,QAAQP,CAAmB,CAAA,CAAIY,GAGrC,IAAMnC,CAAAA,CAAc8B,CAAI,CAAA,OAAA,GAAU7C,CAAmB,CAAA,EAAc,MAAM,GAAG,CAAA,CACtEoD,EAAa,IAAIzC,CAAAA,CAAQuC,EAAQjB,CAAS,EAAA,IAAA,EAAM,WAAa,CAAA,MAAA,CAAWlB,CAAU,CAAA,CAAA,CAEpFiC,GAA4BC,CAC9B,GAAA,MAAM,QAAQ,GAAI,CAAA,CAChBD,GAA4BI,CAAW,CAAA,kBAAA,EACvCH,CAAAA,CAAAA,EAAkCG,CAAW,CAAA,wBAAA,EAC/C,CAAC,CAAA,CAGHP,EAAI,IAAOO,CAAAA,CAAAA,CACX1B,mBAAoB,CAAA,gBAAA,EAAkB,IAAIW,CAAae,CAAAA,CAAU,EAIjEP,CAAI,CAAA,OAAA,CAAQL,CAAuB,CAAIY,CAAAA,EACzC,SAAWE,CAAsB,CAAA,CAC/BR,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,KAAK,CAAE,MAAA,CAAQ,CAAC,mBAAmB,CAAE,CAAC,CACtD,CAAA,MACF,CACAC,CAAAA,GACF,CAAA,CAEaS,EAAiBZ,CAGf,EAAA,MAAOC,EAAKC,CAAKC,CAAAA,CAAAA,GAAwB,CACtD,GAAM,CACJ,KAAAlB,CAAAA,CAAAA,CACA,YAAAC,CAAAA,CACF,EAAIc,CACAX,CAAAA,CAAAA,CAEJ,GAAI,CAACY,CAAAA,CAAI,QAAQ,aAAe,CAAA,CAC9BC,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,KAAK,CAAE,MAAA,CAAQ,CAAC,mBAAmB,CAAE,CAAC,CACtD,CAAA,MACF,CAEA,GAAI,CAEF,GADAb,EAAU,MAAMD,CAAAA,CAAgBa,EAAI,OAAQ,CAAA,aAAA,CAAehB,CAAK,CAC5D,CAAA,CAACI,CACH,CAAA,MAAM,IAAIC,CAEd,OAASqB,CAAG,CAAA,CACV,GAAIA,CAAa5E,YAAAA,UAAAA,CAAI,kBAAmB,CACtCmE,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAAC,sBAAsB,CAAE,CAAC,EACzD,MACF,CACA,GAAI,CAACnE,UAAAA,CAAI,kBAAmBuD,CAAe,CAAA,CAAE,KAAMuB,CAAQF,EAAAA,CAAAA,YAAaE,CAAG,CAAG,CAAA,CAC5EX,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,KAAK,CAAE,MAAA,CAAQ,CAACS,CAAE,CAAA,OAAO,CAAE,CAAC,CAAA,CAC5C,MACF,CACAT,CAAI,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAAC,kCAAkC,CAAE,CAAC,CACrE,CAAA,MACF,CACA,IAAMI,EAASjB,CAAS,EAAA,MAAA,CACpBiB,IACFL,CAAI,CAAA,OAAA,CAAQP,CAAmB,CAAIY,CAAAA,CAAAA,CAAAA,CAGrC,IAAME,CAAAA,CAAa,IAAIzC,CAAAA,CAAQuC,CAAM,CAEjCrB,CAAAA,CAAAA,GACFgB,EAAI,OAAQH,CAAAA,EAA4B,EAAIZ,CAE5C,CAAA,MAAMsB,CAAW,CAAA,qBAAA,CAAsBvB,CAAOC,CAAAA,CAAY,GAG5De,CAAI,CAAA,IAAA,CAAOO,EACX,IAAMM,CAAAA,CAAsBhC,mBAAoB,CAAA,gBAAA,CAChDgC,CAAqB,EAAA,GAAA,CAAIrB,CAAae,CAAAA,CAAU,EAChDM,CAAqB,EAAA,GAAA,CAAItB,GAActD,CAAkB+D,CAAAA,CAAAA,CAAI,QAAQ,aAAa,CAAC,CAInFA,CAAAA,CAAAA,CAAI,OAAQL,CAAAA,CAAuB,EAAIY,CAEvCL,CAAAA,CAAAA,GACF,CAEaY,CAAAA,CAAAA,CAA0C,MAAOd,CAAKC,CAAAA,CAAAA,CAAKC,IAAS,CAC/E,MAAMF,EAAI,IAAK,CAAA,kBAAA,GACfE,CAAK,GACP,EAEaa,CAAoBf,CAAAA,CAAAA,EAC1BA,CAAI,CAAA,OAAA,CAAQ,aAGV7D,CAAAA,CAAAA,CAAa6D,EAAI,OAAQ,CAAA,aAAa,EAFpC,IAKEgB,CAAAA,CAAAA,CAAyB,MAAOC,CAAgDZ,CAAAA,CAAAA,GAA+B,CAC1H,IAAME,CAAa,CAAA,IAAIzC,EAAQuC,CAAM,CAAA,CAErC,MAAME,CAAW,CAAA,kBAAA,GAEjBU,CAAUC,GAAAA,QAAAA,CAASC,UAAW,CAAA,MAAM,CACpCF,CAAAA,CAAAA,CAAM,iBAAiB,GAAIzB,CAAAA,CAAAA,CAAae,CAAU,EACpD,CAAA,CAEOa,EAAQtD,EC5MR,IAAMuD,EAAU,IAA4BxC,iBAAAA,GAAoB,gBAAkB,EAAA,GAAA,CAAIW,CAAW,CAE3F8B,CAAAA,CAAAA,CAAc,IAAMD,CAAAA,EAAW,EAAA,EAAA,CAEtCE,EAAuB,CAC3B3D,CAAAA,CACAD,IACG,CAAC2D,CAAAA,IAAiB,MAAO,CAAA,MAAA,CAAOD,CAAQ,EAAA,CAAG,WAAY1D,CAAAA,CAAU,EAAGC,CAAQ,CAAA,CAEpE4D,EAAwBC,CAAoBF,EAAAA,CAAAA,CAAqBE,EAAS,QAAQ,CAAA,CAClFC,CAAgCC,CAAAA,CAAAA,EAA4BJ,CAAqBI,CAAAA,CAAAA,CAAiB,gBAAgB,CAClHC,CAAAA,CAAAA,CAA+BC,GAA2BN,CAAqBM,CAAAA,CAAAA,CAAgB,eAAe,ECZpH,IAAMC,EAAN,cAAsC,KAAM,CACjD,WAAmBC,CAAAA,CAAAA,CAAuB,KAAMC,CAAU,CAAA,yBAAA,CAA2B,CACnF,KAAMA,CAAAA,CAAO,CADI,CAAA,IAAA,CAAA,IAAA,CAAAD,CAEjB,CAAA,IAAA,CAAK,KAAO,0BACd,CACF,ECNaE,IAAAA,CAAAA,CAAwB,CACnC,IAAA,CAAM,MACN,CAAA,KAAA,CAAO,QACP,GAAK,CAAA,KACP,EAEMC,EAAwB,CAAA,CAC5B,CAACD,CAAsB,CAAA,IAAI,EAAG,IAAG,EACjC,CAAA,CAACA,EAAsB,KAAK,EAAIE,GAA+B,CAC7D,GAAM,CAAE,QAAAC,CAAAA,CAAAA,CAAU,QAAAC,CAAAA,CAAS,CAAIF,CAAAA,CAAAA,CAE/B,OAAO,CADoB,MAAA,EAAA,MAAA,CAAO,KAAK,CAAGC,EAAAA,CAAQ,IAAIC,CAAQ,CAAA,CAAE,CAAE,CAAA,QAAA,CAAS,QAAQ,CACjD,EACpC,CACA,CAAA,CAACJ,EAAsB,GAAG,EAAIE,GAA+B,CAC3D,GAAM,CAAE,MAAA,CAAAG,CAAO,CAAA,CAAIH,EACnB,GAAIG,CAAAA,CACF,OAAO,CAAc,OAAA,EAAAC,CAAA,CAAA,IAAA,CAAK,EAAID,CAAAA,CAAAA,CAAQ,CAAE,SAAA,CAAW,EAAG,CAAC,CAAC,CAG5D,CAAA,CACF,EAEaE,EAA0BL,CAAAA,CAAAA,EAA8E,CACnH,IAAMM,CAAAA,CAAsBN,CAAuB,EAAA,MAAA,CAEnD,GAAI,EAAA,CAACM,GAAuB,CAACP,EAAAA,CAAsBO,CAAmB,CAItE,CAAA,CAAA,OAAOP,GAAsBO,CAAmB,CAAA,CAAEN,CAAqB,CACzE,ECVA,IAAMO,GAA6B,CAI7BC,CAAAA,iBAAAA,CAAAA,EAAAA,CAAgB,CAAC,CAAE,eAAA,CAAAC,EAAkB,EAAC,CAAG,MAAAC,CAAAA,CAAO,CAAiF,CAAA,KAAa,CACzI,CAAA,CAAA,OAAA,CAAQ,CACf,aAAe,CAAA,MAAA,CACf,wBAAyBA,CAAQ,EAAA,oBAAA,CACjC,GAAGD,CACL,CAAC,EACH,EAEM,CAAE,UAAA,CAAAzB,GAAY,QAAAD,CAAAA,EAAS,EAAI4B,EA6BjC,IAAOC,EAAQ,CAAA,CACb,UAAA5B,CAAAA,EAAAA,CACA,SAAAD,EACA,CAAA,IAAA,CAAAE,EACA,UAAAtB,CAAAA,CAAAA,CACA,qBAAAU,CACA,CAAA,8BAAA,CAAAM,CACA,CAAA,iBAAA,CAAA4B,EACA,CAAA,gBAAA,CAAA3B,EACA,oBAAAS,CAAAA,CAAAA,CACA,6BAAAE,CACA,CAAA,2BAAA,CAAAE,EACA,WAAAN,CAAAA,CAAAA,CACA,OAAAD,CAAAA,CAAAA,CACA,uBAAAS,CAAAA,CAAAA,CACA,cAAAnB,CACA,CAAA,sBAAA,CAAAK,EACA,QAAA8B,CAAAA,CAAAA,CACA,sBAAAb,CACA,CAAA,sBAAA,CAAAO,EACA,CAAA,mBAAA,CAAArF,CACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport moment from 'moment';\n\nconst {\n DEPRECATED_JWT_SECRET, JWT_NEW_SECRET,\n DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET,\n DEPRECATION_UNIX_TIMESTAMP,\n} = process.env;\n\nconst getRelevantSecret = (token: string \| undefined, deprecatedSecret: string, newSecret: string): string => {\n const deprecationTime = moment(parseInt(DEPRECATION_UNIX_TIMESTAMP, 10) * 1000);\n try {\n let unixTime: moment.Moment;\n if (token) {\n const { iat } = jwt.decode(token) as jwt.JwtPayload;\n unixTime = moment(iat * 1000);\n } else {\n unixTime = moment();\n }\n return unixTime.isBefore(deprecationTime) ? deprecatedSecret : newSecret;\n } catch (e) {\n return newSecret;\n }\n};\n\nexport const getRefreshTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET);\nexport const getTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_JWT_SECRET, JWT_NEW_SECRET);\n","import type { UUID } from 'node:crypto';\nimport * as jwt from 'jsonwebtoken';\nimport { getTokenSecret } from './secret-getter';\n\nconst CONTEXT_PROPS = ['fleetId', 'businessModelId', 'demandSourceId'];\nconst CONTEXT_MAP_PROPS = {\n fleet: 'fleets',\n business: 'businessModels',\n demand: 'demandSources',\n};\n\nexport const getAuthFromBearer = (bearer: string): string => bearer.replace('Bearer ', '');\n\nexport const decodeBearer = (bearer: string, appSecret?: string): any => {\n const token = getAuthFromBearer(bearer);\n const decoded = jwt.verify(token, appSecret \|\| getTokenSecret(token));\n return decoded;\n};\n\nexport const parsePermissions = (contextId, decodedToken): any => {\n if (!decodedToken) { return []; }\n const { contexts } = decodedToken;\n const activeContext = contexts.find((context) => context.id === contextId);\n\n const permissionsValue = `${activeContext.permissions?.map((cp) => `${cp},`)}`;\n\n return {\n key: activeContext.entityId,\n value: permissionsValue,\n };\n};\n\nexport const getEntitiesFromContext = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n\n const attributes = {};\n contexts.forEach((context) => {\n const prop = CONTEXT_MAP_PROPS[context.subSystem \|\| 'business'];\n\n const permissions = parsePermissions(context.id, decodedToken);\n attributes[prop] \|\|= {};\n attributes[prop][permissions.key] = permissions.value;\n });\n\n return attributes;\n};\n\nexport const getContextAttributes = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n const attributes = {};\n contexts.forEach((context) => {\n CONTEXT_PROPS.forEach((prop) => {\n if (context[prop]) {\n const contextPropWrapped = [context[prop]];\n attributes[prop] \|\|= [];\n attributes[prop] = attributes[prop].concat(contextPropWrapped);\n }\n });\n });\n return attributes;\n};\n\nconst EMPTY_UUID = '00000000-0000-0000-0000-000000000000';\nconst FULL_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff';\nconst VALID_CHARS_REGEX = '[0-9a-f]';\nconst UUID_VERSION_REGEX = '[1-8]';\nconst UUID_REGEX = new RegExp(\n `^(?:${VALID_CHARS_REGEX}{8}-${VALID_CHARS_REGEX}{4}-${UUID_VERSION_REGEX}${VALID_CHARS_REGEX}{3}-[89ab]${VALID_CHARS_REGEX}{3}-${VALID_CHARS_REGEX}{12}\|${EMPTY_UUID}\|${FULL_UUID})$`,\n 'i',\n);\nexport function validateUUID(uuid: unknown): uuid is UUID {\n return typeof uuid === 'string' && UUID_REGEX.test(uuid);\n}\n","import Network from '@autofleet/network';\n\nconst CACHE_LIFETIME_IN_SEC = 10;\nconst apiGwUrl = process.env.API_GATEWAY_URL \|\| 'https://api.autofleet.io';\n\n// eslint-disable-next-line import/prefer-default-export\nexport const IdentityNetwork = new Network({\n serviceName: 'IDENTITY_MS',\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n\nexport const AutofleetApiNetwork = new Network({\n baseURL: apiGwUrl,\n serviceUrl: apiGwUrl,\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n","import NodeCache from 'node-cache';\nimport objectHash from 'object-hash';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport { validateUUID } from '../utils';\nimport { AutofleetApiNetwork, IdentityNetwork } from '../services';\n\nexport type AccountType = 'client' \| 'user' \| 'service' \| 'driver'\ninterface EntityPermissions {\n [key: string]: string[];\n}\n\nexport const ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';\nexport const CONTEXTS_IDS_HEADER = 'x-af-context-ids';\n\nexport interface UserPayload {\n businessModels: EntityPermissions;\n fleets: EntityPermissions;\n demandSources: EntityPermissions;\n businessAccounts?: EntityPermissions;\n accountType?: AccountType;\n contexts?: EntityPermissions;\n createdAt?: string;\n}\n\nexport interface PartialUserPayload {\n businessModels?: EntityPermissions;\n fleets?: EntityPermissions;\n demandSources?: EntityPermissions;\n vehicles?: EntityPermissions;\n drivers?: EntityPermissions;\n businessAccounts?: EntityPermissions;\n}\n\nexport type CustomPermissionLoader = (string) => Promise<UserPayload>;\n\nconst userCache = new NodeCache({ stdTTL: 10 });\n\nconst mergePermissions = (target: UserPayload, sources: Iterable<PartialUserPayload>): UserPayload => {\n const permissions: UserPayload = {\n ...target,\n fleets: { ...target?.fleets },\n businessModels: { ...target?.businessModels },\n demandSources: { ...target?.demandSources },\n // Clone other nested objects as needed\n };\n\n // eslint-disable-next-line no-restricted-syntax\n for (const source of sources) {\n Object.keys(source).forEach((entityType) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType] ??= {};\n Object.entries(source[entityType]!).forEach(([entityId, perms]) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType][entityId] = (permissions[entityType][entityId] \|\| []).concat(perms);\n });\n });\n }\n\n return permissions;\n};\n\nexport default class ApiUser {\n private privatePermissions: UserPayload \| undefined;\n\n private readonly privateElevatedPermissionsHash = new Map<symbol, PartialUserPayload \| undefined>();\n\n private privatePermissionsLegacy: any;\n\n private readonly appPermission: {[key: string]: any; } = {};\n\n public readonly emptyUser: boolean;\n\n constructor(public id? : string, public accountType?: AccountType, elevatedPermissions?: PartialUserPayload, public contextIds?: string[]) {\n this.emptyUser = !!id;\n if (elevatedPermissions) {\n this.privateElevatedPermissionsHash.set(Symbol('initial'), elevatedPermissions);\n }\n }\n\n public async getUserPermissions(): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n });\n\n let data = userCache.get<UserPayload>(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get<UserPayload>(`/api/v1/users/${this.id}/authorization-payload`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.accountType = data.accountType;\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public async useCustomPermissionLoader(customPermissionLoader: (userId: string) => UserPayload \| PromiseLike<UserPayload>): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n\n const cacheKey = this.id;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.privatePermissions = cachedResult;\n return cachedResult;\n }\n\n const data = await customPermissionLoader(this.id);\n userCache.set(cacheKey, data);\n\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public get businessModels(): string[] \| undefined {\n return this.getUserProperty('businessModels');\n }\n\n public get fleets(): string[] \| undefined {\n return this.getUserProperty('fleets');\n }\n\n public get demandSources(): string[] \| undefined {\n return this.getUserProperty('demandSources');\n }\n\n private getUserProperty(key: keyof UserPayload): string[] \| undefined {\n if (!this.privatePermissions) {\n throw new Error(`Cannot get ${key} without calling (async) getUserPermissions before`);\n }\n return Object.keys(this.privatePermissions[key] \|\| {});\n }\n\n public get elevatedPermissions(): UserPayload {\n return mergePermissions(undefined, this.privateElevatedPermissionsHash.values());\n }\n\n public get permissions(): UserPayload \| undefined {\n if (!this.privatePermissions) {\n throw new Error('Cannot get permissions without calling (async) getUserPermissions before');\n }\n\n return mergePermissions(this.privatePermissions, this.privateElevatedPermissionsHash.values());\n }\n\n public elevatePermissions(addedPermissions: PartialUserPayload): () => void {\n // @itayankri is concerned about memory consumption, so create a symbol with no description, to avoid assigning memory for the description string\n // eslint-disable-next-line symbol-description\n const elevationId = Symbol();\n\n // Validate that the added permissions are valid UUIDs\n Object.values(addedPermissions).forEach((entityIds) => {\n Object.keys(entityIds).forEach((entityId) => {\n if (!validateUUID(entityId)) {\n throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${entityId}`);\n }\n });\n });\n\n const currentUserTrace = getCurrentContext();\n if (!currentUserTrace) {\n throw new Error('Cannot find current user cross services trace');\n }\n\n const currentElevation = JSON.parse(currentUserTrace.context[ELEVATED_PERMISSIONS_HEADER] \|\| '{}');\n const newElevation = Object.assign(currentElevation, addedPermissions);\n this.privateElevatedPermissionsHash.set(elevationId, newElevation);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n return () => {\n this.privateElevatedPermissionsHash.delete(elevationId);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n };\n }\n\n public async getUserPermissionsLegacy() {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissionsLegacy) {\n return this.privatePermissionsLegacy;\n }\n const { data } = await IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload-legacy`);\n\n this.privatePermissionsLegacy = data;\n return this.privatePermissionsLegacy;\n }\n\n public get permissionsLegacy(): any {\n if (!this.privatePermissionsLegacy) {\n throw new Error('Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before');\n }\n return this.privatePermissionsLegacy;\n }\n\n public async getUserAppPermissions(appId, clientSecret) {\n if (!this.id \|\| !appId \|\| !clientSecret) {\n return undefined;\n }\n const currentAppPermission = this.appPermission[appId];\n\n if (currentAppPermission) {\n return currentAppPermission;\n }\n\n const cacheKey = `${this.id}:${appId}`;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.appPermission[appId] = cachedResult;\n return cachedResult;\n }\n\n const { data } = await AutofleetApiNetwork.post<UserPayload>(`/api/v1/apps/${appId}/get-user-payload`, {\n userId: this.id,\n }, {\n headers: {\n 'x-autofleet-apps-secret': clientSecret,\n },\n });\n\n userCache.set(cacheKey, data);\n this.appPermission[appId] = data;\n return this.appPermission[appId];\n }\n}\n","import { AutofleetApiNetwork } from './services';\n\nexport const decodeAppBearer = async (bearer: string, appId: string): Promise<any> => {\n const { data: decoded } = await AutofleetApiNetwork.post('/api/v1/auth', { bearer, appId });\n return decoded;\n};\n\nexport const getClientSecret = async (appId: string): Promise<any> => {\n const { data: secret } = await AutofleetApiNetwork.get(`/api/v1/auth/client-secret/${appId}`);\n return secret;\n};\n","export default class AppDoesNotExist extends Error {\n name = 'AppDoesNotExist';\n\n message = 'app does not exist';\n}\n","import type { Handler, Request } from 'express';\nimport { getCurrentContext, newTrace, traceTypes } from '@autofleet/outbreak';\nimport jwt from 'jsonwebtoken';\nimport ApiUser, { CONTEXTS_IDS_HEADER, CustomPermissionLoader, ELEVATED_PERMISSIONS_HEADER } from './ApiUser';\nimport { decodeAppBearer } from '../app-auth';\nimport AppDoesNotExist from '../exceptions/appDoesNotExist';\nimport { decodeBearer, getAuthFromBearer } from '../utils';\n\nconst IDENTITY_MS = 'identity-ms';\nconst ACCESS_TOKEN = 'accessToken';\nexport const USER_OBJECT = 'userObject';\nconst USER_TRACING_HEADER = 'x-af-user-id';\nconst ORIGIN_HEADER = 'X-IAF-ORIGIN-SERVICE';\nconst USER_PERMISSIONS_HEADER = 'x-af-user-permissions';\nconst LOWER_CASE_ORIGIN_HEADER = ORIGIN_HEADER.toLowerCase();\nconst AUTOFLEET_APPS_SECRET_HEADER = 'x-autofleet-apps-secret';\n\ndeclare module 'express-serve-static-core' {\n // eslint-disable-next-line @typescript-eslint/no-shadow\n interface Request {\n user: ApiUser;\n }\n}\n\nexport const middleware = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n customPermissionLoader?: CustomPermissionLoader;\n} = {}): Handler => async (req, res, next): Promise<any> => {\n try {\n const originHeader = (req.headers[ORIGIN_HEADER] \|\| req.headers[LOWER_CASE_ORIGIN_HEADER] \|\| '') as string;\n if (originHeader.toLowerCase() === IDENTITY_MS) {\n next();\n return;\n }\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n customPermissionLoader,\n } = options;\n const userId = req.headers[USER_TRACING_HEADER] as string;\n if (!userId) {\n next();\n return;\n }\n\n const elevatedPermissionsFromHeader = req.headers[ELEVATED_PERMISSIONS_HEADER] && req.headers[ELEVATED_PERMISSIONS_HEADER].length > 0\n ? JSON.parse(req.headers[ELEVATED_PERMISSIONS_HEADER] as string)\n : {};\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n\n const userObject = new ApiUser(userId, 'user', elevatedPermissionsFromHeader, contextIds);\n if (eagerLoadUserPermissions) {\n if (customPermissionLoader) {\n await userObject.useCustomPermissionLoader(customPermissionLoader);\n } else {\n await userObject.getUserPermissions();\n }\n }\n\n if (eagerLoadUserPermissionsLegacy) {\n await userObject.getUserPermissionsLegacy();\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n next();\n } catch (e) {\n res.status(401).json({ error: 'cannot authenticate user' });\n }\n};\n\nexport const middlewareWithDecode = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n returnErrorIfNoToken?: boolean\n} = {}): Handler => async (req, res, next): Promise<void> => {\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n returnErrorIfNoToken,\n } = options;\n let decoded;\n if (req.headers.authorization) {\n try {\n decoded = await decodeBearer(req.headers.authorization);\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n } else if (e instanceof jwt.JsonWebTokenError) {\n res.status(400).json({ errors: [e.message] });\n } else {\n res.status(500).json({ errors: ['Server error while parsing token'] });\n }\n return;\n }\n const userId = decoded?.user?.id;\n\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n const userObject = new ApiUser(userId, decoded?.user?.accountType, undefined, contextIds);\n\n if (eagerLoadUserPermissions \|\| eagerLoadUserPermissionsLegacy) {\n await Promise.all([\n eagerLoadUserPermissions && userObject.getUserPermissions(),\n eagerLoadUserPermissionsLegacy && userObject.getUserPermissionsLegacy(),\n ]);\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n } else if (returnErrorIfNoToken) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n next();\n};\n\nexport const appMiddleware = (options: {\n appId: string,\n clientSecret: string\n}): Handler => async (req, res, next): Promise<void> => {\n const {\n appId,\n clientSecret,\n } = options;\n let decoded;\n\n if (!req.headers.authorization) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n\n try {\n decoded = await decodeAppBearer(req.headers.authorization, appId);\n if (!decoded) {\n throw new AppDoesNotExist();\n }\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n return;\n }\n if ([jwt.JsonWebTokenError, AppDoesNotExist].some((Err) => e instanceof Err)) {\n res.status(400).json({ errors: [e.message] });\n return;\n }\n res.status(500).json({ errors: ['Server error while parsing token'] });\n return;\n }\n const userId = decoded?.userId;\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const userObject = new ApiUser(userId);\n\n if (appId) {\n req.headers[AUTOFLEET_APPS_SECRET_HEADER] = clientSecret;\n // Won't work until we find a better solution for identity ms\n await userObject.getUserAppPermissions(appId, clientSecret);\n }\n\n req.user = userObject;\n const currentTraceContext = getCurrentContext().nonHeaderContext;\n currentTraceContext?.set(USER_OBJECT, userObject);\n currentTraceContext?.set(ACCESS_TOKEN, getAuthFromBearer(req.headers.authorization));\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n next();\n};\n\nexport const eagerLoadPermissionsMiddleware: Handler = async (req, res, next) => {\n await req.user.getUserPermissions();\n next();\n};\n\nexport const getDecodedBearer = (req: Request) => {\n if (!req.headers.authorization) {\n return null;\n }\n return decodeBearer(req.headers.authorization);\n};\n\nexport const createOrSetRabbitTrace = async (trace: ReturnType<typeof newTrace> \| undefined, userId: string \| undefined) => {\n const userObject = new ApiUser(userId);\n\n await userObject.getUserPermissions();\n // eslint-disable-next-line no-param-reassign\n trace ??= newTrace(traceTypes.RABBIT);\n trace.nonHeaderContext.set(USER_OBJECT, userObject);\n};\n\nexport default ApiUser;\n","import { getCurrentContext } from '@autofleet/outbreak';\nimport { USER_OBJECT } from './user';\nimport ApiUser, { type UserPayload } from './user/ApiUser';\n\nexport const getUser = () : ApiUser \| undefined => getCurrentContext().nonHeaderContext?.get(USER_OBJECT) as ApiUser \| undefined;\n\nexport const isUserExist = () => getUser()?.id;\n\nconst checkUserPermissions = (\n entityId: string,\n entityType: Exclude<keyof UserPayload, 'accountType' \| 'createdAt'>,\n) => !isUserExist() \|\| Object.hasOwn(getUser()!.permissions[entityType], entityId);\n\nexport const checkFleetPermission = (fleetId: string) => checkUserPermissions(fleetId, 'fleets');\nexport const checkBusinessModelPermission = (businessModelId: string) => checkUserPermissions(businessModelId, 'businessModels');\nexport const checkDemandSourcePermission = (demandSourceId: string) => checkUserPermissions(demandSourceId, 'demandSources');\n","import type ApiUser from './user';\n\n// eslint-disable-next-line import/prefer-default-export\nexport class UnauthorizedAccessError extends Error {\n constructor(public user: ApiUser \| null = null, message = 'UnauthorizedAccessError') {\n super(message);\n this.name = 'UnauthorizedAccessError';\n }\n}\n","import * as jwt from 'jsonwebtoken';\n\nexport const AUTHORIZATION_METHODS = {\n NONE: 'NONE',\n BASIC: 'BASIC',\n JWT: 'JWT',\n};\n\nconst AUTHORIZATION_ACTIONS = {\n [AUTHORIZATION_METHODS.NONE]: () => undefined,\n [AUTHORIZATION_METHODS.BASIC]: (authorizationSettings: any) => {\n const { username, password } = authorizationSettings;\n const encodedCredentials = Buffer.from(`${username}:${password}`).toString('base64');\n return `Basic ${encodedCredentials}`;\n },\n [AUTHORIZATION_METHODS.JWT]: (authorizationSettings: any) => {\n const { secret } = authorizationSettings;\n if (secret) {\n return `Bearer ${jwt.sign({}, secret, { expiresIn: 10 })}`;\n }\n return undefined;\n },\n};\n\nexport const getAuthorizationHeader = (authorizationSettings: { method: string } \| undefined): string \| undefined => {\n const authorizationMethod = authorizationSettings?.method;\n\n if (!authorizationMethod \|\| !AUTHORIZATION_ACTIONS[authorizationMethod]) {\n return undefined;\n }\n\n return AUTHORIZATION_ACTIONS[authorizationMethod](authorizationSettings);\n};\n","import type { LoggerInstanceManager } from '@autofleet/logger';\nimport * as outbreak from '@autofleet/outbreak';\nimport User, {\n middleware,\n eagerLoadPermissionsMiddleware,\n middlewareWithDecode,\n getDecodedBearer,\n appMiddleware,\n createOrSetRabbitTrace,\n} from './user';\nimport { type UserPayload, CONTEXTS_IDS_HEADER } from './user/ApiUser';\nimport {\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n} from './check-permission';\nimport { UnauthorizedAccessError } from './errors';\nimport { getRefreshTokenSecret, getTokenSecret } from './secret-getter';\nimport { AUTHORIZATION_METHODS, getAuthorizationHeader } from './authorization';\n\nconst getCurrentPayload = outbreak.getCurrentContext;\n\ntype OutbreakOptions = Parameters<typeof outbreak.default>[0];\ntype LoggerWithContextMiddleware = Partial<Pick<LoggerInstanceManager, 'addContextMiddleware'>>;\nconst enableTracing = ({ outbreakOptions = {}, logger }: { outbreakOptions?: OutbreakOptions, logger?: LoggerWithContextMiddleware } = {}): void => {\n outbreak.default({\n headersPrefix: 'x-af',\n contextMiddlewareGetter: logger?.addContextMiddleware,\n ...outbreakOptions,\n });\n};\n\nconst { traceTypes, newTrace } = outbreak;\n\nexport {\n traceTypes,\n newTrace,\n enableTracing,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n getRefreshTokenSecret,\n getTokenSecret,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n type UserPayload,\n CONTEXTS_IDS_HEADER,\n};\n\nexport default {\n traceTypes,\n newTrace,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n CONTEXTS_IDS_HEADER,\n};\n"]}

package/package.json CHANGED Viewed

@@ -1,10 +1,9 @@
 {
   "name": "@autofleet/zehut",
-  "version": "4.0.1-beta-5973b326.0",
+  "version": "4.0.1",
   "description": "manage user's identity",
   "type": "module",
-  "main": "./lib/index.cjs",
-  "module": "./lib/index.js",
+  "main": "./lib/index.js",
   "types": "./lib/index.d.ts",
   "exports": {
     ".": {
@@ -31,7 +30,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+ssh://git@gitlab.com/AutoFleet/zehut.git"
+    "url": "https://github.com/Autofleet/zehut.git"
   },
   "author": "",
   "license": "ISC",
@@ -54,7 +53,7 @@
     "@types/node": "^18.19.75",
     "@typescript-eslint/eslint-plugin": "^6.5.0",
     "@typescript-eslint/parser": "^6.5.0",
-    "@vitest/coverage-v8": "^3.0.5",
+    "@vitest/coverage-v8": "^3.0.6",
     "axios": "^0.29.0",
     "eslint": "^8.48.0",
     "eslint-config-airbnb-typescript": "^17.1.0",
@@ -64,7 +63,7 @@
     "supertest": "^7.0.0",
     "tsup": "^8.3.6",
     "typescript": "^4.9.5",
-    "vitest": "^3.0.5"
+    "vitest": "^3.0.6"
   },
   "peerDependencies": {
     "@autofleet/shtinker": "^1.2.0"
@@ -74,9 +73,6 @@
       "optional": true
     }
   },
-  "optionalDependencies": {
-    "@rollup/rollup-linux-x64-gnu": "*"
-  },
   "files": [
     "lib/**/*"
   ]