@autofleet/zehut 4.2.3-beta-191fadb9.0 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/index.cjs +2 -2
- package/lib/index.cjs.map +1 -1
- package/lib/index.d.cts +11 -10
- package/lib/index.d.ts +11 -10
- package/lib/index.js +2 -2
- package/lib/index.js.map +1 -1
- package/package.json +2 -2
package/lib/index.cjs
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
'use strict';Object.defineProperty(exports,'__esModule',{value:true});var y=require('@autofleet/outbreak'),S=require('jsonwebtoken'),Ue=require('node-cache'),$=require('object-hash'),b=require('moment'),F=require('@autofleet/network');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}function _interopNamespace(e){if(e&&e.__esModule)return e;var n=Object.create(null);if(e){Object.keys(e).forEach(function(k){if(k!=='default'){var d=Object.getOwnPropertyDescriptor(e,k);Object.defineProperty(n,k,d.get?d:{enumerable:true,get:function(){return e[k]}});}})}n.default=e;return Object.freeze(n)}var y__namespace=/*#__PURE__*/_interopNamespace(y);var S__default=/*#__PURE__*/_interopDefault(S);var Ue__default=/*#__PURE__*/_interopDefault(Ue);var $__default=/*#__PURE__*/_interopDefault($);var b__default=/*#__PURE__*/_interopDefault(b);var F__default=/*#__PURE__*/_interopDefault(F);var {DEPRECATED_JWT_SECRET:de,JWT_NEW_SECRET:ue,DEPRECATED_REFRESH_JWT_SECRET:pe,REFRESH_JWT_SECRET:me,DEPRECATION_UNIX_TIMESTAMP:fe}=process.env,k=(s,e,t)=>{let r=b__default.default(parseInt(fe,10)*1e3);try{let o;if(s){let{iat:i}=S__default.default.decode(s);o=b__default.default(i*1e3);}else o=b__default.default();return o.isBefore(r)?e:t}catch{return t}},le=s=>k(s,pe,me),C=s=>k(s,de,ue);var w=s=>s.replace("Bearer ",""),_=(s,e)=>{let t=w(s);return S__default.default.verify(t,C(t))};var ge="00000000-0000-0000-0000-000000000000",ye="ffffffff-ffff-ffff-ffff-ffffffffffff",h="[0-9a-f]",Pe="[1-8]",he=new RegExp(`^(?:${h}{8}-${h}{4}-${Pe}${h}{3}-[89ab]${h}{3}-${h}{12}|${ge}|${ye})$`,"i");function M(s){return typeof s=="string"&&he.test(s)}var B=10,j=process.env.API_GATEWAY_URL||"https://api.autofleet.io",O=new F__default.default({serviceName:"IDENTITY_MS",retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:B*1e3}:void 0}),A=new F__default.default({baseURL:j,serviceUrl:j,retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:B*1e3}:void 0});var l="x-af-elevated-permissions",E="x-af-context-ids",m=new Ue__default.default({stdTTL:10}),J=(s,e)=>{let t={...s,fleets:{...s?.fleets},businessModels:{...s?.businessModels},demandSources:{...s?.demandSources}};for(let r of e)Object.keys(r).forEach(o=>{t[o]??={},Object.entries(r[o]).forEach(([i,n])=>{t[o][i]=(t[o][i]||[]).concat(n);});});return t},u=class{constructor(e,t,r,o){this.id=e;this.accountType=t;this.contextIds=o;this.privateElevatedPermissionsHash=new Map;this.appPermission={};this.emptyUser=!!e,r&&this.privateElevatedPermissionsHash.set(Symbol("initial"),r);}async getUserPermissions(){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let e=$__default.default({id:this.id,contextIds:this.contextIds}),t=m.get(e);return t||({data:t}=await O.get(`/api/v1/users/${this.id}/authorization-payload`,{params:{contextIds:this.contextIds}}),m.set(e,t)),this.accountType=t.accountType,this.privatePermissions=t,this.privatePermissions}async useCustomPermissionLoader(e){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let t=this.id,r=m.get(t);if(r)return this.privatePermissions=r,r;let o=await e(this.id);return m.set(t,o),this.privatePermissions=o,this.privatePermissions}get businessModels(){return this.getUserProperty("businessModels")}get fleets(){return this.getUserProperty("fleets")}get demandSources(){return this.getUserProperty("demandSources")}getUserProperty(e){if(!this.privatePermissions)throw new Error(`Cannot get ${e} without calling (async) getUserPermissions before`);return Object.keys(this.privatePermissions[e]||{})}get elevatedPermissions(){return J(void 0,this.privateElevatedPermissionsHash.values())}get permissions(){if(!this.privatePermissions)throw new Error("Cannot get permissions without calling (async) getUserPermissions before");return J(this.privatePermissions,this.privateElevatedPermissionsHash.values())}elevatePermissions(e){let t=Symbol();Object.values(e).forEach(n=>{Object.keys(n).forEach(a=>{if(!M(a))throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${a}`)});});let r=y.getCurrentContext();if(!r)throw new Error("Cannot find current user cross services trace");let o=JSON.parse(r.context[l]||"{}"),i=Object.assign(o,e);return this.privateElevatedPermissionsHash.set(t,i),r.context.set(l,JSON.stringify(this.elevatedPermissions)),()=>{this.privateElevatedPermissionsHash.delete(t),r.context.set(l,JSON.stringify(this.elevatedPermissions));}}async getUserPermissionsLegacy(){if(!this.id)return;if(this.privatePermissionsLegacy)return this.privatePermissionsLegacy;let e=$__default.default({id:this.id,contextIds:this.contextIds,legacy:true}),t=m.get(e);return t||({data:t}=await O.get(`/api/v1/users/${this.id}/authorization-payload-legacy`,{params:{contextIds:this.contextIds}}),m.set(e,t)),this.privatePermissionsLegacy=t,this.privatePermissionsLegacy}get permissionsLegacy(){if(!this.privatePermissionsLegacy)throw new Error("Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before");return this.privatePermissionsLegacy}async getUserAppPermissions(e,t){if(!this.id||!e||!t)return;let r=this.appPermission[e];if(r)return r;let o=`${this.id}:${e}`,i=m.get(o);if(i)return this.appPermission[e]=i,i;let{data:n}=await A.post(`/api/v1/apps/${e}/get-user-payload`,{userId:this.id},{headers:{"x-autofleet-apps-secret":t}});return m.set(o,n),this.appPermission[e]=n,this.appPermission[e]}};var W=async(s,e)=>{let{data:t}=await A.post("/api/v1/auth",{bearer:s,appId:e});return t};var g=class extends Error{constructor(){super(...arguments);this.name="AppDoesNotExist";this.message="app does not exist";}};var G="identity-ms",z="accessToken",f="userObject",U="x-af-user-id",H="X-IAF-ORIGIN-SERVICE",I="x-af-user-permissions",X=H.toLowerCase(),V="x-autofleet-apps-secret";var T=async(s,e)=>{let t=e[H]||e[X]||"";if(!Array.isArray(t)&&t.toLowerCase()===G)return;let{eagerLoadUserPermissions:r,eagerLoadUserPermissionsLegacy:o,customPermissionLoader:i}=s,n=e[U];if(!n||Array.isArray(n))return;let a=e[l]?.length>0?JSON.parse(e[l]):{},c=e?.[E]?.split(","),d=new u(n,"user",a,c);return r&&(i?await d.useCustomPermissionLoader(i):await d.getUserPermissions()),o&&await d.getUserPermissionsLegacy(),y.getCurrentContext().nonHeaderContext?.set(f,d),d};var Y=(s={})=>async(e,t,r)=>{try{let o=await T(s,e.headers);o&&(e.user=o,e.headers[I]=o),r();}catch{t.status(401).json({error:"cannot authenticate user"});}},Z=(s={})=>async(e,t,r)=>{let{eagerLoadUserPermissions:o,eagerLoadUserPermissionsLegacy:i,returnErrorIfNoToken:n}=s,a;if(e.headers.authorization){try{a=await _(e.headers.authorization);}catch(P){P instanceof S__default.default.TokenExpiredError?t.status(401).json({errors:["Access token expired"]}):P instanceof S__default.default.JsonWebTokenError?t.status(400).json({errors:[P.message]}):t.status(500).json({errors:["Server error while parsing token"]});return}let c=a?.user?.id;c&&(e.headers[U]=c);let d=e.headers?.[E]?.split(","),p=new u(c,a?.user?.accountType,void 0,d);(o||i)&&await Promise.all([o&&p.getUserPermissions(),i&&p.getUserPermissionsLegacy()]),e.user=p,y.getCurrentContext().nonHeaderContext?.set(f,p),e.headers[I]=p;}else if(n){t.status(401).json({errors:["No token provided"]});return}r();},Q=s=>async(e,t,r)=>{let{appId:o,clientSecret:i}=s,n;if(!e.headers.authorization){t.status(401).json({errors:["No token provided"]});return}try{if(n=await W(e.headers.authorization,o),!n)throw new g}catch(p){if(p instanceof S__default.default.TokenExpiredError){t.status(401).json({errors:["Access token expired"]});return}if([S__default.default.JsonWebTokenError,g].some(P=>p instanceof P)){t.status(400).json({errors:[p.message]});return}t.status(500).json({errors:["Server error while parsing token"]});return}let a=n?.userId;a&&(e.headers[U]=a);let c=new u(a);o&&(e.headers[V]=i,await c.getUserAppPermissions(o,i)),e.user=c;let d=y.getCurrentContext().nonHeaderContext;d?.set(f,c),d?.set(z,w(e.headers.authorization)),e.headers[I]=c,r();},q=async(s,e,t)=>{await s.user.getUserPermissions(),t();},ee=s=>s.headers.authorization?_(s.headers.authorization):null,se=async(s,e)=>{let t=new u(e);await t.getUserPermissions(),s??=y.newTrace(y.traceTypes.RABBIT),s.nonHeaderContext.set(f,t);},te=u;var N=(s,e,t)=>{s.decorateRequest("user",void 0),s.addHook("onRequest",async(r,o)=>{try{let i=await T(e,r.headers);i&&(r.user=i);}catch{o.status(401).send({error:"cannot authenticate user"});}}),t();};N[Symbol.for("skip-override")]=true;var v=()=>y.getCurrentContext().nonHeaderContext?.get(f),L=()=>v()?.id,D=(s,e)=>!L()||Object.hasOwn(v().permissions[e],s),re=s=>D(s,"fleets"),oe=s=>D(s,"businessModels"),ie=s=>D(s,"demandSources");var R=class extends Error{constructor(t=null,r="UnauthorizedAccessError"){super(r);this.user=t;this.name="UnauthorizedAccessError";}};var x={NONE:"NONE",BASIC:"BASIC",JWT:"JWT"},ne={[x.NONE]:()=>{},[x.BASIC]:s=>{let{username:e,password:t}=s;return `Basic ${Buffer.from(`${e}:${t}`).toString("base64")}`},[x.JWT]:s=>{let{secret:e}=s;if(e)return `Bearer ${S__default.default.sign({},e,{expiresIn:10})}`}},ae=s=>{let e=s?.method;if(!(!e||!ne[e]))return ne[e](s)};var Re=y__namespace.getCurrentContext,Ts=({outbreakOptions:s={},logger:e}={})=>{y__namespace.default({headersPrefix:"x-af",contextMiddlewareGetter:e?.addContextMiddleware,...s});},{traceTypes:be,newTrace:Ce}=y__namespace;var Ss={traceTypes:be,newTrace:Ce,User:te,middleware:Y,middlewareWithDecode:Z,eagerLoadPermissionsMiddleware:q,getCurrentPayload:Re,getDecodedBearer:ee,checkFleetPermission:re,checkBusinessModelPermission:oe,checkDemandSourcePermission:ie,isUserExist:L,getUser:v,UnauthorizedAccessError:R,appMiddleware:Q,createOrSetRabbitTrace:se,outbreak:y__namespace,AUTHORIZATION_METHODS:x,getAuthorizationHeader:ae,CONTEXTS_IDS_HEADER:E,authFromUserIdHeaderPlugin:N};
|
|
2
|
-
exports.outbreak=
|
|
1
|
+
'use strict';Object.defineProperty(exports,'__esModule',{value:true});var P=require('@autofleet/outbreak'),T=require('jsonwebtoken'),xe=require('node-cache'),$=require('object-hash'),v=require('moment'),F=require('@autofleet/network');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}function _interopNamespace(e){if(e&&e.__esModule)return e;var n=Object.create(null);if(e){Object.keys(e).forEach(function(k){if(k!=='default'){var d=Object.getOwnPropertyDescriptor(e,k);Object.defineProperty(n,k,d.get?d:{enumerable:true,get:function(){return e[k]}});}})}n.default=e;return Object.freeze(n)}var P__namespace=/*#__PURE__*/_interopNamespace(P);var T__default=/*#__PURE__*/_interopDefault(T);var xe__default=/*#__PURE__*/_interopDefault(xe);var $__default=/*#__PURE__*/_interopDefault($);var v__default=/*#__PURE__*/_interopDefault(v);var F__default=/*#__PURE__*/_interopDefault(F);var {DEPRECATED_JWT_SECRET:de,JWT_NEW_SECRET:ue,DEPRECATED_REFRESH_JWT_SECRET:pe,REFRESH_JWT_SECRET:me,DEPRECATION_UNIX_TIMESTAMP:fe}=process.env,L=(t,e,s)=>{let r=v__default.default(parseInt(fe,10)*1e3);try{let o;if(t){let{iat:i}=T__default.default.decode(t);o=v__default.default(i*1e3);}else o=v__default.default();return o.isBefore(r)?e:s}catch{return s}},le=t=>L(t,pe,me),_=t=>L(t,de,ue);var R=t=>t.replace("Bearer ",""),O=(t,e)=>{let s=R(t);return T__default.default.verify(s,_(s))};var Ee="00000000-0000-0000-0000-000000000000",Pe="ffffffff-ffff-ffff-ffff-ffffffffffff",h="[0-9a-f]",ge="[1-8]",he=new RegExp(`^(?:${h}{8}-${h}{4}-${ge}${h}{3}-[89ab]${h}{3}-${h}{12}|${Ee}|${Pe})$`,"i");function M(t){return typeof t=="string"&&he.test(t)}var B=10,j=process.env.API_GATEWAY_URL||"https://api.autofleet.io",w=new F__default.default({serviceName:"IDENTITY_MS",retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:B*1e3}:void 0}),S=new F__default.default({baseURL:j,serviceUrl:j,retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:B*1e3}:void 0});var l="x-af-elevated-permissions",y="x-af-context-ids",m=new xe__default.default({stdTTL:10}),J=(t,e)=>{let s={...t,fleets:{...t?.fleets},businessModels:{...t?.businessModels},demandSources:{...t?.demandSources}};for(let r of e)Object.keys(r).forEach(o=>{s[o]??={},Object.entries(r[o]).forEach(([i,n])=>{s[o][i]=(s[o][i]||[]).concat(n);});});return s};typeof Symbol.dispose!="symbol"&&Object.defineProperty(Symbol,"dispose",{__proto__:null,configurable:false,enumerable:false,value:Symbol.for("nodejs.dispose"),writable:false});typeof Symbol.asyncDispose!="symbol"&&Object.defineProperty(Symbol,"asyncDispose",{__proto__:null,configurable:false,enumerable:false,value:Symbol.for("nodejs.asyncDispose"),writable:false});var u=class{constructor(e,s,r,o){this.id=e;this.accountType=s;this.contextIds=o;this.privateElevatedPermissionsHash=new Map;this.appPermission={};this.emptyUser=!!e,r&&this.privateElevatedPermissionsHash.set(Symbol("initial"),r);}async getUserPermissions(){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let e=$__default.default({id:this.id,contextIds:this.contextIds}),s=m.get(e);return s||({data:s}=await w.get(`/api/v1/users/${this.id}/authorization-payload`,{params:{contextIds:this.contextIds}}),m.set(e,s)),this.accountType=s.accountType,this.privatePermissions=s,this.privatePermissions}async useCustomPermissionLoader(e){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let s=this.id,r=m.get(s);if(r)return this.privatePermissions=r,r;let o=await e(this.id);return m.set(s,o),this.privatePermissions=o,this.privatePermissions}get businessModels(){return this.getUserProperty("businessModels")}get fleets(){return this.getUserProperty("fleets")}get demandSources(){return this.getUserProperty("demandSources")}getUserProperty(e){if(!this.privatePermissions)throw new Error(`Cannot get ${e} without calling (async) getUserPermissions before`);return Object.keys(this.privatePermissions[e]||{})}get elevatedPermissions(){return J(void 0,this.privateElevatedPermissionsHash.values())}get permissions(){if(!this.privatePermissions)throw new Error("Cannot get permissions without calling (async) getUserPermissions before");return J(this.privatePermissions,this.privateElevatedPermissionsHash.values())}elevatePermissions(e){let s=Symbol();Object.values(e).forEach(c=>{Object.keys(c).forEach(a=>{if(!M(a))throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${a}`)});});let r=P.getCurrentContext();if(!r)throw new Error("Cannot find current user cross services trace");let o=JSON.parse(r.context[l]||"{}"),i=Object.assign(o,e);this.privateElevatedPermissionsHash.set(s,i),r.context.set(l,JSON.stringify(this.elevatedPermissions));let n=()=>{this.privateElevatedPermissionsHash.delete(s),r.context.set(l,JSON.stringify(this.elevatedPermissions));};return n[Symbol.dispose]=n,n}async getUserPermissionsLegacy(){if(!this.id)return;if(this.privatePermissionsLegacy)return this.privatePermissionsLegacy;let e=$__default.default({id:this.id,contextIds:this.contextIds,legacy:true}),s=m.get(e);return s||({data:s}=await w.get(`/api/v1/users/${this.id}/authorization-payload-legacy`,{params:{contextIds:this.contextIds}}),m.set(e,s)),this.privatePermissionsLegacy=s,this.privatePermissionsLegacy}get permissionsLegacy(){if(!this.privatePermissionsLegacy)throw new Error("Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before");return this.privatePermissionsLegacy}async getUserAppPermissions(e,s){if(!this.id||!e||!s)return;let r=this.appPermission[e];if(r)return r;let o=`${this.id}:${e}`,i=m.get(o);if(i)return this.appPermission[e]=i,i;let{data:n}=await S.post(`/api/v1/apps/${e}/get-user-payload`,{userId:this.id},{headers:{"x-autofleet-apps-secret":s}});return m.set(o,n),this.appPermission[e]=n,this.appPermission[e]}};var W=async(t,e)=>{let{data:s}=await S.post("/api/v1/auth",{bearer:t,appId:e});return s};var E=class extends Error{constructor(){super(...arguments);this.name="AppDoesNotExist";this.message="app does not exist";}};var G="identity-ms",X="accessToken",f="userObject",x="x-af-user-id",H="X-IAF-ORIGIN-SERVICE",A="x-af-user-permissions",z=H.toLowerCase(),V="x-autofleet-apps-secret";var b=async(t,e)=>{let s=e[H]||e[z]||"";if(!Array.isArray(s)&&s.toLowerCase()===G)return;let{eagerLoadUserPermissions:r,eagerLoadUserPermissionsLegacy:o,customPermissionLoader:i}=t,n=e[x];if(!n||Array.isArray(n))return;let c=e[l]?.length>0?JSON.parse(e[l]):{},a=e?.[y]?.split(","),d=new u(n,"user",c,a);return r&&(i?await d.useCustomPermissionLoader(i):await d.getUserPermissions()),o&&await d.getUserPermissionsLegacy(),P.getCurrentContext().nonHeaderContext?.set(f,d),d};var Y=(t={})=>async(e,s,r)=>{try{let o=await b(t,e.headers);o&&(e.user=o,e.headers[A]=o),r();}catch{s.status(401).json({error:"cannot authenticate user"});}},Z=(t={})=>async(e,s,r)=>{let{eagerLoadUserPermissions:o,eagerLoadUserPermissionsLegacy:i,returnErrorIfNoToken:n}=t,c;if(e.headers.authorization){try{c=await O(e.headers.authorization);}catch(g){g instanceof T__default.default.TokenExpiredError?s.status(401).json({errors:["Access token expired"]}):g instanceof T__default.default.JsonWebTokenError?s.status(400).json({errors:[g.message]}):s.status(500).json({errors:["Server error while parsing token"]});return}let a=c?.user?.id;a&&(e.headers[x]=a);let d=e.headers?.[y]?.split(","),p=new u(a,c?.user?.accountType,void 0,d);(o||i)&&await Promise.all([o&&p.getUserPermissions(),i&&p.getUserPermissionsLegacy()]),e.user=p,P.getCurrentContext().nonHeaderContext?.set(f,p),e.headers[A]=p;}else if(n){s.status(401).json({errors:["No token provided"]});return}r();},Q=t=>async(e,s,r)=>{let{appId:o,clientSecret:i}=t,n;if(!e.headers.authorization){s.status(401).json({errors:["No token provided"]});return}try{if(n=await W(e.headers.authorization,o),!n)throw new E}catch(p){if(p instanceof T__default.default.TokenExpiredError){s.status(401).json({errors:["Access token expired"]});return}if([T__default.default.JsonWebTokenError,E].some(g=>p instanceof g)){s.status(400).json({errors:[p.message]});return}s.status(500).json({errors:["Server error while parsing token"]});return}let c=n?.userId;c&&(e.headers[x]=c);let a=new u(c);o&&(e.headers[V]=i,await a.getUserAppPermissions(o,i)),e.user=a;let d=P.getCurrentContext().nonHeaderContext;d?.set(f,a),d?.set(X,R(e.headers.authorization)),e.headers[A]=a,r();},q=async(t,e,s)=>{await t.user.getUserPermissions(),s();},ee=t=>t.headers.authorization?O(t.headers.authorization):null,te=async(t,e)=>{let s=new u(e);await s.getUserPermissions(),t??=P.newTrace(P.traceTypes.RABBIT),t.nonHeaderContext.set(f,s);},se=u;var N=(t,e,s)=>{t.decorateRequest("user",void 0),t.addHook("onRequest",async(r,o)=>{try{let i=await b(e,r.headers);i&&(r.user=i);}catch{o.status(401).send({error:"cannot authenticate user"});}}),s();};N[Symbol.for("skip-override")]=true;var I=()=>P.getCurrentContext().nonHeaderContext?.get(f),D=()=>I()?.id,k=(t,e)=>!D()||Object.hasOwn(I().permissions[e],t),re=t=>k(t,"fleets"),oe=t=>k(t,"businessModels"),ie=t=>k(t,"demandSources");var C=class extends Error{constructor(s=null,r="UnauthorizedAccessError"){super(r);this.user=s;this.name="UnauthorizedAccessError";}};var U={NONE:"NONE",BASIC:"BASIC",JWT:"JWT"},ne={[U.NONE]:()=>{},[U.BASIC]:t=>{let{username:e,password:s}=t;return `Basic ${Buffer.from(`${e}:${s}`).toString("base64")}`},[U.JWT]:t=>{let{secret:e}=t;if(e)return `Bearer ${T__default.default.sign({},e,{expiresIn:10})}`}},ae=t=>{let e=t?.method;if(!(!e||!ne[e]))return ne[e](t)};var Ce=P__namespace.getCurrentContext,bt=({outbreakOptions:t={},logger:e}={})=>{P__namespace.default({headersPrefix:"x-af",contextMiddlewareGetter:e?.addContextMiddleware,...t});},{traceTypes:ve,newTrace:_e}=P__namespace;var Tt={traceTypes:ve,newTrace:_e,User:se,middleware:Y,middlewareWithDecode:Z,eagerLoadPermissionsMiddleware:q,getCurrentPayload:Ce,getDecodedBearer:ee,checkFleetPermission:re,checkBusinessModelPermission:oe,checkDemandSourcePermission:ie,isUserExist:D,getUser:I,UnauthorizedAccessError:C,appMiddleware:Q,createOrSetRabbitTrace:te,outbreak:P__namespace,AUTHORIZATION_METHODS:U,getAuthorizationHeader:ae,CONTEXTS_IDS_HEADER:y,authFromUserIdHeaderPlugin:N};
|
|
2
|
+
exports.outbreak=P__namespace;exports.AUTHORIZATION_METHODS=U;exports.CONTEXTS_IDS_HEADER=y;exports.UnauthorizedAccessError=C;exports.User=se;exports.appMiddleware=Q;exports.authFromUserIdHeaderPlugin=N;exports.checkBusinessModelPermission=oe;exports.checkDemandSourcePermission=ie;exports.checkFleetPermission=re;exports.createOrSetRabbitTrace=te;exports.default=Tt;exports.eagerLoadPermissionsMiddleware=q;exports.enableTracing=bt;exports.getAuthorizationHeader=ae;exports.getCurrentPayload=Ce;exports.getDecodedBearer=ee;exports.getRefreshTokenSecret=le;exports.getTokenSecret=_;exports.getUser=I;exports.isUserExist=D;exports.middleware=Y;exports.middlewareWithDecode=Z;exports.newTrace=_e;exports.traceTypes=ve;//# sourceMappingURL=index.cjs.map
|
|
3
3
|
//# sourceMappingURL=index.cjs.map
|
package/lib/index.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/secret-getter.ts","../src/utils.ts","../src/services.ts","../src/user/ApiUser.ts","../src/app-auth.ts","../src/exceptions/appDoesNotExist.ts","../src/user/const.ts","../src/user/common.ts","../src/user/index.ts","../src/user/fastify.ts","../src/check-permission.ts","../src/errors.ts","../src/authorization.ts","../src/index.ts"],"names":["DEPRECATED_JWT_SECRET","JWT_NEW_SECRET","DEPRECATED_REFRESH_JWT_SECRET","REFRESH_JWT_SECRET","DEPRECATION_UNIX_TIMESTAMP","getRelevantSecret","token","deprecatedSecret","newSecret","deprecationTime","moment","unixTime","iat","jwt","getRefreshTokenSecret","getTokenSecret","getAuthFromBearer","bearer","decodeBearer","appSecret","EMPTY_UUID","FULL_UUID","VALID_CHARS_REGEX","UUID_VERSION_REGEX","UUID_REGEX","validateUUID","uuid","CACHE_LIFETIME_IN_SEC","apiGwUrl","IdentityNetwork","Network","AutofleetApiNetwork","ELEVATED_PERMISSIONS_HEADER","CONTEXTS_IDS_HEADER","userCache","NodeCache","mergePermissions","target","sources","permissions","source","entityType","entityId","perms","ApiUser","id","accountType","elevatedPermissions","contextIds","cacheKey","objectHash","data","customPermissionLoader","cachedResult","key","addedPermissions","elevationId","entityIds","currentUserTrace","getCurrentContext","currentElevation","newElevation","appId","clientSecret","currentAppPermission","decodeAppBearer","decoded","AppDoesNotExist","IDENTITY_MS","ACCESS_TOKEN","USER_OBJECT","USER_TRACING_HEADER","ORIGIN_HEADER","USER_PERMISSIONS_HEADER","LOWER_CASE_ORIGIN_HEADER","AUTOFLEET_APPS_SECRET_HEADER","authFromUserIdHeader","options","headers","originHeader","eagerLoadUserPermissions","eagerLoadUserPermissionsLegacy","userId","elevatedPermissionsFromHeader","userObject","middleware","req","res","next","middlewareWithDecode","returnErrorIfNoToken","e","appMiddleware","Err","currentTraceContext","eagerLoadPermissionsMiddleware","getDecodedBearer","createOrSetRabbitTrace","trace","newTrace","traceTypes","user_default","authFromUserIdHeaderPlugin","fastify","done","request","reply","user","getUser","isUserExist","checkUserPermissions","checkFleetPermission","fleetId","checkBusinessModelPermission","businessModelId","checkDemandSourcePermission","demandSourceId","UnauthorizedAccessError","message","AUTHORIZATION_METHODS","AUTHORIZATION_ACTIONS","authorizationSettings","username","password","secret","getAuthorizationHeader","authorizationMethod","getCurrentPayload","y","enableTracing","outbreakOptions","logger","outbreak","index_default"],"mappings":"m4BAGM,CACJ,qBAAA,CAAAA,EAAuB,CAAA,cAAA,CAAAC,EACvB,CAAA,6BAAA,CAAAC,GAA+B,kBAAAC,CAAAA,EAAAA,CAC/B,0BAAAC,CAAAA,EACF,CAAI,CAAA,OAAA,CAAQ,IAENC,CAAoB,CAAA,CAACC,CAA2BC,CAAAA,CAAAA,CAA0BC,CAA8B,GAAA,CAC5G,IAAMC,CAAkBC,CAAAA,kBAAAA,CAAO,SAASN,EAA4B,CAAA,EAAE,EAAI,GAAI,CAAA,CAC9E,GAAI,CACF,IAAIO,CAAAA,CACJ,GAAIL,CAAO,CAAA,CACT,GAAM,CAAE,GAAAM,CAAAA,CAAI,EAAIC,kBAAI,CAAA,MAAA,CAAOP,CAAK,CAAA,CAChCK,CAAWD,CAAAA,kBAAAA,CAAOE,EAAM,GAAI,EAC9B,CACED,KAAAA,CAAAA,CAAWD,kBAAO,EAAA,CAEpB,OAAOC,CAAS,CAAA,QAAA,CAASF,CAAe,CAAA,CAAIF,CAAmBC,CAAAA,CACjE,MAAY,CACV,OAAOA,CACT,CACF,CAEaM,CAAAA,EAAAA,CAAyBR,GAA2BD,CAAkBC,CAAAA,CAAAA,CAAOJ,EAA+BC,CAAAA,EAAkB,CAC9HY,CAAAA,CAAAA,CAAkBT,GAA2BD,CAAkBC,CAAAA,CAAAA,CAAON,GAAuBC,EAAc,ECfjH,IAAMe,CAAqBC,CAAAA,CAAAA,EAA2BA,CAAO,CAAA,OAAA,CAAQ,SAAW,CAAA,EAAE,EAE5EC,CAAe,CAAA,CAACD,CAAgBE,CAAAA,CAAAA,GAA4B,CACvE,IAAMb,EAAQU,CAAkBC,CAAAA,CAAM,CAEtC,CAAA,OADgBJ,kBAAI,CAAA,MAAA,CAAOP,EAAoBS,CAAAA,CAAeT,CAAK,CAAC,CAEtE,CAAA,CAqDA,IAAMc,EAAa,CAAA,sCAAA,CACbC,EAAY,CAAA,sCAAA,CACZC,CAAoB,CAAA,UAAA,CACpBC,GAAqB,OACrBC,CAAAA,EAAAA,CAAa,IAAI,MAAA,CACrB,CAAOF,IAAAA,EAAAA,CAAiB,OAAOA,CAAiB,CAAA,IAAA,EAAOC,EAAkB,CAAA,EAAGD,CAAiB,CAAA,UAAA,EAAaA,CAAiB,CAAOA,IAAAA,EAAAA,CAAiB,QAAQF,EAAU,CAAA,CAAA,EAAIC,EAAS,CAClL,EAAA,CAAA,CAAA,GACF,CACO,CAAA,SAASI,CAAaC,CAAAA,CAAAA,CAA6B,CACxD,OAAO,OAAOA,CAAS,EAAA,QAAA,EAAYF,EAAW,CAAA,IAAA,CAAKE,CAAI,CACzD,CC9EA,IAAMC,EAAwB,EACxBC,CAAAA,CAAAA,CAAW,OAAQ,CAAA,GAAA,CAAI,eAAmB,EAAA,0BAAA,CAGnCC,EAAkB,IAAIC,kBAAAA,CAAQ,CACzC,WAAA,CAAa,aACb,CAAA,OAAA,CAAS,EACT,cAAgB,CAAA,IAAM,IACtB,CAAA,KAAA,CAAO,OAAQ,CAAA,GAAA,CAAI,WAAa,MAAS,CAAA,CACvC,MAAQH,CAAAA,CAAAA,CAAwB,GAClC,CAAA,CAAI,MACN,CAAC,CAAA,CAEYI,EAAsB,IAAID,kBAAAA,CAAQ,CAC7C,OAASF,CAAAA,CAAAA,CACT,UAAYA,CAAAA,CAAAA,CACZ,OAAS,CAAA,CAAA,CACT,eAAgB,IAAM,IAAA,CACtB,KAAO,CAAA,OAAA,CAAQ,GAAI,CAAA,QAAA,GAAa,OAAS,CACvC,MAAA,CAAQD,CAAwB,CAAA,GAClC,CAAI,CAAA,MACN,CAAC,CCZM,CAAA,IAAMK,CAA8B,CAAA,2BAAA,CAC9BC,CAAsB,CAAA,kBAAA,CAqB7BC,EAAY,IAAIC,mBAAAA,CAAU,CAAE,MAAA,CAAQ,EAAG,CAAC,EAExCC,CAAmB,CAAA,CAACC,CAAqBC,CAAAA,CAAAA,GAAuD,CACpG,IAAMC,EAA2B,CAC/B,GAAGF,CACH,CAAA,MAAA,CAAQ,CAAE,GAAGA,GAAQ,MAAO,CAAA,CAC5B,eAAgB,CAAE,GAAGA,GAAQ,cAAe,CAAA,CAC5C,aAAe,CAAA,CAAE,GAAGA,CAAAA,EAAQ,aAAc,CAE5C,CAAA,CAGA,IAAWG,IAAAA,CAAAA,IAAUF,CACnB,CAAA,MAAA,CAAO,KAAKE,CAAM,CAAA,CAAE,OAASC,CAAAA,CAAAA,EAAe,CAE1CF,CAAAA,CAAYE,CAAU,CAAM,GAAA,EAC5B,CAAA,MAAA,CAAO,OAAQD,CAAAA,CAAAA,CAAOC,CAAU,CAAE,CAAA,CAAE,OAAQ,CAAA,CAAC,CAACC,CAAAA,CAAUC,CAAK,CAAM,GAAA,CAEjEJ,CAAYE,CAAAA,CAAU,CAAEC,CAAAA,CAAQ,GAAKH,CAAYE,CAAAA,CAAU,CAAEC,CAAAA,CAAQ,CAAK,EAAA,IAAI,MAAOC,CAAAA,CAAK,EAC5F,CAAC,EACH,CAAC,CAGH,CAAA,OAAOJ,CACT,CAAA,CAEqBK,CAArB,CAAA,KAA6B,CAW3B,WAAmBC,CAAAA,CAAAA,CAAqBC,CAA2BC,CAAAA,CAAAA,CAAiDC,CAAuB,CAAA,CAAxH,QAAAH,CAAqB,CAAA,IAAA,CAAA,WAAA,CAAAC,CAA4E,CAAA,IAAA,CAAA,UAAA,CAAAE,CARpH,CAAA,IAAA,CAAiB,+BAAiC,IAAI,GAAA,CAItD,IAAiB,CAAA,aAAA,CAAwC,EAAC,CAKxD,KAAK,SAAY,CAAA,CAAC,CAACH,CAAAA,CACfE,CACF,EAAA,IAAA,CAAK,+BAA+B,GAAI,CAAA,MAAA,CAAO,SAAS,CAAA,CAAGA,CAAmB,EAElF,CAEA,MAAa,kBAAA,EAA2C,CACtD,GAAI,CAAC,IAAA,CAAK,GACR,OAEF,GAAI,KAAK,kBACP,CAAA,OAAO,KAAK,kBAEd,CAAA,IAAME,CAAWC,CAAAA,kBAAAA,CAAW,CAC1B,EAAA,CAAI,KAAK,EACT,CAAA,UAAA,CAAY,IAAK,CAAA,UACnB,CAAC,CAAA,CAEGC,EAAOjB,CAAU,CAAA,GAAA,CAAiBe,CAAQ,CAAA,CAE9C,OAAKE,CAAAA,GACF,CAAE,IAAAA,CAAAA,CAAK,CAAI,CAAA,MAAMtB,CAAgB,CAAA,GAAA,CAAiB,iBAAiB,IAAK,CAAA,EAAE,CAA0B,sBAAA,CAAA,CAAA,CAAE,MAAQ,CAAA,CAAE,WAAY,IAAK,CAAA,UAAW,CAAE,CAAC,CAChJK,CAAAA,CAAAA,CAAU,IAAIe,CAAUE,CAAAA,CAAI,CAG9B,CAAA,CAAA,IAAA,CAAK,WAAcA,CAAAA,CAAAA,CAAK,YACxB,IAAK,CAAA,kBAAA,CAAqBA,EACnB,IAAK,CAAA,kBACd,CAEA,MAAa,yBAAA,CAA0BC,CAA0G,CAAA,CAC/I,GAAI,CAAC,KAAK,EACR,CAAA,OAEF,GAAI,IAAA,CAAK,kBACP,CAAA,OAAO,KAAK,kBAGd,CAAA,IAAMH,CAAW,CAAA,IAAA,CAAK,EAEhBI,CAAAA,CAAAA,CAAenB,EAAU,GAAiBe,CAAAA,CAAQ,CACxD,CAAA,GAAII,CACF,CAAA,OAAA,IAAA,CAAK,mBAAqBA,CACnBA,CAAAA,CAAAA,CAGT,IAAMF,CAAAA,CAAO,MAAMC,CAAAA,CAAuB,KAAK,EAAE,CAAA,CACjD,OAAAlB,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAE5B,CAAA,IAAA,CAAK,kBAAqBA,CAAAA,CAAAA,CACnB,IAAK,CAAA,kBACd,CAEA,IAAW,cAAA,EAAuC,CAChD,OAAO,IAAA,CAAK,gBAAgB,gBAAgB,CAC9C,CAEA,IAAW,MAA+B,EAAA,CACxC,OAAO,IAAK,CAAA,eAAA,CAAgB,QAAQ,CACtC,CAEA,IAAW,eAAsC,CAC/C,OAAO,IAAK,CAAA,eAAA,CAAgB,eAAe,CAC7C,CAEQ,eAAgBG,CAAAA,CAAAA,CAA8C,CACpE,GAAI,CAAC,IAAA,CAAK,mBACR,MAAM,IAAI,KAAM,CAAA,CAAA,WAAA,EAAcA,CAAG,CAAA,kDAAA,CAAoD,EAEvF,OAAO,MAAA,CAAO,IAAK,CAAA,IAAA,CAAK,kBAAmBA,CAAAA,CAAG,GAAK,EAAE,CACvD,CAEA,IAAW,mBAAA,EAAmC,CAC5C,OAAOlB,CAAAA,CAAiB,OAAW,IAAK,CAAA,8BAAA,CAA+B,QAAQ,CACjF,CAEA,IAAW,WAAuC,EAAA,CAChD,GAAI,CAAC,IAAA,CAAK,kBACR,CAAA,MAAM,IAAI,KAAA,CAAM,0EAA0E,CAG5F,CAAA,OAAOA,CAAiB,CAAA,IAAA,CAAK,kBAAoB,CAAA,IAAA,CAAK,+BAA+B,MAAO,EAAC,CAC/F,CAEO,kBAAmBmB,CAAAA,CAAAA,CAAkD,CAG1E,IAAMC,CAAAA,CAAc,MAAO,EAAA,CAG3B,MAAO,CAAA,MAAA,CAAOD,CAAgB,CAAE,CAAA,OAAA,CAASE,CAAc,EAAA,CACrD,MAAO,CAAA,IAAA,CAAKA,CAAS,CAAE,CAAA,OAAA,CAASf,CAAa,EAAA,CAC3C,GAAI,CAACjB,EAAaiB,CAAQ,CAAA,CACxB,MAAM,IAAI,KAAA,CAAM,kEAAkEA,CAAQ,CAAA,CAAE,CAEhG,CAAC,EACH,CAAC,EAED,IAAMgB,CAAAA,CAAmBC,mBAAkB,EAAA,CAC3C,GAAI,CAACD,EACH,MAAM,IAAI,KAAM,CAAA,+CAA+C,CAGjE,CAAA,IAAME,EAAmB,IAAK,CAAA,KAAA,CAAMF,CAAiB,CAAA,OAAA,CAAQ1B,CAA2B,CAAA,EAAK,IAAI,CAC3F6B,CAAAA,CAAAA,CAAe,MAAO,CAAA,MAAA,CAAOD,CAAkBL,CAAAA,CAAgB,EACrE,OAAK,IAAA,CAAA,8BAAA,CAA+B,GAAIC,CAAAA,CAAAA,CAAaK,CAAY,CAAA,CACjEH,EAAiB,OAAQ,CAAA,GAAA,CAAI1B,CAA6B,CAAA,IAAA,CAAK,SAAU,CAAA,IAAA,CAAK,mBAAmB,CAAC,CAAA,CAC3F,IAAM,CACX,IAAA,CAAK,+BAA+B,MAAOwB,CAAAA,CAAW,CACtDE,CAAAA,CAAAA,CAAiB,OAAQ,CAAA,GAAA,CAAI1B,EAA6B,IAAK,CAAA,SAAA,CAAU,IAAK,CAAA,mBAAmB,CAAC,EACpG,CACF,CAEA,MAAa,wBAA2B,EAAA,CACtC,GAAI,CAAC,KAAK,EACR,CAAA,OAEF,GAAI,IAAA,CAAK,wBACP,CAAA,OAAO,KAAK,wBAGd,CAAA,IAAMiB,CAAWC,CAAAA,kBAAAA,CAAW,CAC1B,EAAA,CAAI,KAAK,EACT,CAAA,UAAA,CAAY,IAAK,CAAA,UAAA,CACjB,MAAQ,CAAA,IACV,CAAC,CACGC,CAAAA,CAAAA,CAAOjB,CAAU,CAAA,GAAA,CAAIe,CAAQ,CAAA,CAEjC,OAAKE,CACF,GAAA,CAAE,KAAAA,CAAK,CAAA,CAAI,MAAMtB,CAAgB,CAAA,GAAA,CAAI,CAAiB,cAAA,EAAA,IAAA,CAAK,EAAE,CAAA,6BAAA,CAAA,CAAiC,CAAE,MAAQ,CAAA,CAAE,UAAY,CAAA,IAAA,CAAK,UAAW,CAAE,CAAC,CAC1IK,CAAAA,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAAA,CAAA,CAG9B,KAAK,wBAA2BA,CAAAA,CAAAA,CACzB,IAAK,CAAA,wBACd,CAEA,IAAW,mBAAyB,CAClC,GAAI,CAAC,IAAA,CAAK,wBACR,CAAA,MAAM,IAAI,KAAM,CAAA,sFAAsF,CAExG,CAAA,OAAO,IAAK,CAAA,wBACd,CAEA,MAAa,qBAAA,CAAsBW,CAAOC,CAAAA,CAAAA,CAAc,CACtD,GAAI,CAAC,IAAK,CAAA,EAAA,EAAM,CAACD,CAAS,EAAA,CAACC,EACzB,OAEF,IAAMC,CAAuB,CAAA,IAAA,CAAK,aAAcF,CAAAA,CAAK,EAErD,GAAIE,CAAAA,CACF,OAAOA,CAAAA,CAGT,IAAMf,CAAAA,CAAW,GAAG,IAAK,CAAA,EAAE,CAAIa,CAAAA,EAAAA,CAAK,CAE9BT,CAAAA,CAAAA,CAAAA,CAAenB,EAAU,GAAiBe,CAAAA,CAAQ,CACxD,CAAA,GAAII,CACF,CAAA,OAAA,IAAA,CAAK,cAAcS,CAAK,CAAA,CAAIT,CACrBA,CAAAA,CAAAA,CAGT,GAAM,CAAE,KAAAF,CAAK,CAAA,CAAI,MAAMpB,CAAAA,CAAoB,IAAkB,CAAA,CAAA,aAAA,EAAgB+B,CAAK,CAAqB,iBAAA,CAAA,CAAA,CACrG,MAAQ,CAAA,IAAA,CAAK,EACf,CAAA,CAAG,CACD,OAAS,CAAA,CACP,yBAA2BC,CAAAA,CAC7B,CACF,CAAC,EAED,OAAA7B,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAAA,CAC5B,KAAK,aAAcW,CAAAA,CAAK,CAAIX,CAAAA,CAAAA,CACrB,IAAK,CAAA,aAAA,CAAcW,CAAK,CACjC,CACF,ECnPO,IAAMG,CAAkB,CAAA,MAAOhD,EAAgB6C,CAAgC,GAAA,CACpF,GAAM,CAAE,IAAMI,CAAAA,CAAQ,EAAI,MAAMnC,CAAAA,CAAoB,IAAK,CAAA,cAAA,CAAgB,CAAE,MAAA,CAAAd,EAAQ,KAAA6C,CAAAA,CAAM,CAAC,CAAA,CAC1F,OAAOI,CACT,ECLA,IAAqBC,CAAAA,CAArB,cAA6C,KAAM,CAAnD,WAAA,EAAA,CAAA,KAAA,CAAA,GAAA,SAAA,CAAA,CACE,UAAO,iBAEP,CAAA,IAAA,CAAA,OAAA,CAAU,sBACZ,CCJO,CAAA,IAAMC,EAAc,aACdC,CAAAA,CAAAA,CAAe,aACfC,CAAAA,CAAAA,CAAc,YACdC,CAAAA,CAAAA,CAAsB,eACtBC,CAAgB,CAAA,sBAAA,CAChBC,CAA0B,CAAA,uBAAA,CAC1BC,CAA2BF,CAAAA,CAAAA,CAAc,aACzCG,CAAAA,CAAAA,CAA+B,yBCN5C,CAiBO,IAAMC,CAAAA,CAAuB,MAAOC,CAAAA,CAAsCC,CAA+D,GAAA,CAC9I,IAAMC,CAAeD,CAAAA,CAAAA,CAAQN,CAAa,CAAA,EAAKM,CAAQJ,CAAAA,CAAwB,GAAK,EACpF,CAAA,GAAI,CAAC,KAAA,CAAM,OAAQK,CAAAA,CAAY,GAAKA,CAAa,CAAA,WAAA,EAAkBX,GAAAA,CAAAA,CACjE,OAEF,GAAM,CACJ,wBAAAY,CAAAA,CAAAA,CACA,+BAAAC,CACA,CAAA,sBAAA,CAAA7B,CACF,CAAIyB,CAAAA,CAAAA,CACEK,CAASJ,CAAAA,CAAAA,CAAQP,CAAmB,CAAA,CAC1C,GAAI,CAACW,CAAAA,EAAU,KAAM,CAAA,OAAA,CAAQA,CAAM,CAAA,CACjC,OAGF,IAAMC,CAAAA,CAAgCL,CAAQ9C,CAAAA,CAA2B,CAAG,EAAA,MAAA,CAAS,EAAI,IAAK,CAAA,KAAA,CAAM8C,CAAQ9C,CAAAA,CAA2B,CAAW,CAAA,CAAI,EAChJgB,CAAAA,CAAAA,CAAc8B,CAAU7C,GAAAA,CAAmB,CAAc,EAAA,KAAA,CAAM,GAAG,CAElEmD,CAAAA,CAAAA,CAAa,IAAIxC,CAAAA,CAAQsC,CAAQ,CAAA,MAAA,CAAQC,EAA+BnC,CAAU,CAAA,CACxF,OAAIgC,CAAAA,GACE5B,CACF,CAAA,MAAMgC,EAAW,yBAA0BhC,CAAAA,CAAsB,EAEjE,MAAMgC,CAAAA,CAAW,oBAIjBH,CAAAA,CAAAA,CAAAA,EACF,MAAMG,CAAAA,CAAW,wBAAyB,EAAA,CAG5CzB,qBAAoB,CAAA,gBAAA,EAAkB,GAAIW,CAAAA,CAAAA,CAAac,CAAU,CAAA,CAC1DA,CACT,CC5BO,CAAA,IAAMC,CAAa,CAAA,CAACR,CAAuC,CAAA,KAAgB,MAAOS,CAAAA,CAAKC,CAAKC,CAAAA,CAAAA,GAAuB,CACxH,GAAI,CACF,IAAMJ,CAAAA,CAAa,MAAMR,CAAAA,CAAqBC,CAASS,CAAAA,CAAAA,CAAI,OAAO,CAC9DF,CAAAA,CAAAA,GACFE,CAAI,CAAA,IAAA,CAAOF,CAGXE,CAAAA,CAAAA,CAAI,QAAQb,CAAuB,CAAA,CAAIW,CAGzCI,CAAAA,CAAAA,CAAAA,GACF,CAAA,KAAY,CACVD,CAAI,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,KAAO,CAAA,0BAA2B,CAAC,EAC5D,CACF,CAAA,CAEaE,EAAuB,CAACZ,CAAAA,CAIjC,EAAC,GAAe,MAAOS,CAAAA,CAAKC,EAAKC,CAAwB,GAAA,CAC3D,GAAM,CACJ,wBAAAR,CAAAA,CAAAA,CACA,+BAAAC,CACA,CAAA,oBAAA,CAAAS,CACF,CAAA,CAAIb,CACAX,CAAAA,CAAAA,CACJ,GAAIoB,CAAI,CAAA,OAAA,CAAQ,aAAe,CAAA,CAC7B,GAAI,CACFpB,EAAU,MAAMhD,CAAAA,CAAaoE,CAAI,CAAA,OAAA,CAAQ,aAAa,EACxD,OAASK,CAAG,CAAA,CACNA,CAAa9E,YAAAA,kBAAAA,CAAI,iBACnB0E,CAAAA,CAAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,CAAE,MAAA,CAAQ,CAAC,sBAAsB,CAAE,CAAC,CAAA,CAChDI,CAAa9E,YAAAA,kBAAAA,CAAI,kBAC1B0E,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA,CAAE,OAAQ,CAACI,CAAAA,CAAE,OAAO,CAAE,CAAC,CAAA,CAE5CJ,EAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAA,CAAQ,CAAC,kCAAkC,CAAE,CAAC,CAAA,CAEvE,MACF,CACA,IAAML,CAAShB,CAAAA,CAAAA,EAAS,IAAM,EAAA,EAAA,CAE1BgB,CACFI,GAAAA,CAAAA,CAAI,QAAQf,CAAmB,CAAA,CAAIW,CAGrC,CAAA,CAAA,IAAMlC,CAAcsC,CAAAA,CAAAA,CAAI,UAAUrD,CAAmB,CAAA,EAAc,MAAM,GAAG,CAAA,CACtEmD,EAAa,IAAIxC,CAAAA,CAAQsC,CAAQhB,CAAAA,CAAAA,EAAS,IAAM,EAAA,WAAA,CAAa,OAAWlB,CAAU,CAAA,CAAA,CAEpFgC,CAA4BC,EAAAA,CAAAA,GAC9B,MAAM,OAAA,CAAQ,IAAI,CAChBD,CAAAA,EAA4BI,CAAW,CAAA,kBAAA,EACvCH,CAAAA,CAAAA,EAAkCG,EAAW,wBAAyB,EACxE,CAAC,CAAA,CAGHE,CAAI,CAAA,IAAA,CAAOF,EACXzB,mBAAkB,EAAA,CAAE,gBAAkB,EAAA,GAAA,CAAIW,CAAac,CAAAA,CAAU,EAIjEE,CAAI,CAAA,OAAA,CAAQb,CAAuB,CAAA,CAAIW,EACzC,CAAA,KAAA,GAAWM,EAAsB,CAC/BH,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAAC,mBAAmB,CAAE,CAAC,EACtD,MACF,CACAC,CAAK,GACP,CAEaI,CAAAA,CAAAA,CAAiBf,GAGf,MAAOS,CAAAA,CAAKC,CAAKC,CAAAA,CAAAA,GAAwB,CACtD,GAAM,CACJ,KAAA1B,CAAAA,CAAAA,CACA,YAAAC,CAAAA,CACF,CAAIc,CAAAA,CAAAA,CACAX,EAEJ,GAAI,CAACoB,CAAI,CAAA,OAAA,CAAQ,aAAe,CAAA,CAC9BC,EAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAA,CAAQ,CAAC,mBAAmB,CAAE,CAAC,CAAA,CACtD,MACF,CAEA,GAAI,CAEF,GADArB,CAAU,CAAA,MAAMD,CAAgBqB,CAAAA,CAAAA,CAAI,QAAQ,aAAexB,CAAAA,CAAK,EAC5D,CAACI,CAAAA,CACH,MAAM,IAAIC,CAEd,CAASwB,MAAAA,CAAAA,CAAG,CACV,GAAIA,aAAa9E,kBAAI,CAAA,iBAAA,CAAmB,CACtC0E,CAAAA,CAAI,MAAO,CAAA,GAAG,EAAE,IAAK,CAAA,CAAE,MAAQ,CAAA,CAAC,sBAAsB,CAAE,CAAC,CACzD,CAAA,MACF,CACA,GAAI,CAAC1E,kBAAAA,CAAI,kBAAmBsD,CAAe,CAAA,CAAE,IAAM0B,CAAAA,CAAAA,EAAQF,CAAaE,YAAAA,CAAG,EAAG,CAC5EN,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAACI,CAAE,CAAA,OAAO,CAAE,CAAC,EAC5C,MACF,CACAJ,EAAI,MAAO,CAAA,GAAG,EAAE,IAAK,CAAA,CAAE,MAAQ,CAAA,CAAC,kCAAkC,CAAE,CAAC,CACrE,CAAA,MACF,CACA,IAAML,CAAShB,CAAAA,CAAAA,EAAS,OACpBgB,CACFI,GAAAA,CAAAA,CAAI,OAAQf,CAAAA,CAAmB,CAAIW,CAAAA,CAAAA,CAAAA,CAGrC,IAAME,CAAa,CAAA,IAAIxC,CAAQsC,CAAAA,CAAM,CAEjCpB,CAAAA,CAAAA,GACFwB,EAAI,OAAQX,CAAAA,CAA4B,CAAIZ,CAAAA,CAAAA,CAE5C,MAAMqB,CAAAA,CAAW,sBAAsBtB,CAAOC,CAAAA,CAAY,CAG5DuB,CAAAA,CAAAA,CAAAA,CAAI,IAAOF,CAAAA,CAAAA,CACX,IAAMU,CAAsBnC,CAAAA,mBAAAA,EAAoB,CAAA,gBAAA,CAChDmC,CAAqB,EAAA,GAAA,CAAIxB,EAAac,CAAU,CAAA,CAChDU,GAAqB,GAAIzB,CAAAA,CAAAA,CAAcrD,EAAkBsE,CAAI,CAAA,OAAA,CAAQ,aAAa,CAAC,CAInFA,CAAAA,CAAAA,CAAI,QAAQb,CAAuB,CAAA,CAAIW,CAEvCI,CAAAA,CAAAA,GACF,CAAA,CAEaO,EAA0C,MAAOT,CAAAA,CAAKC,CAAKC,CAAAA,CAAAA,GAAS,CAC/E,MAAMF,EAAI,IAAK,CAAA,kBAAA,EACfE,CAAAA,CAAAA,GACF,CAAA,CAEaQ,GAAoBV,CAC1BA,EAAAA,CAAAA,CAAI,OAAQ,CAAA,aAAA,CAGVpE,CAAaoE,CAAAA,CAAAA,CAAI,QAAQ,aAAa,CAAA,CAFpC,IAKEW,CAAAA,EAAAA,CAAyB,MAAOC,CAAAA,CAAgDhB,IAA+B,CAC1H,IAAME,CAAa,CAAA,IAAIxC,CAAQsC,CAAAA,CAAM,EAErC,MAAME,CAAAA,CAAW,oBAEjBc,CAAAA,CAAAA,GAAUC,WAASC,YAAW,CAAA,MAAM,CACpCF,CAAAA,CAAAA,CAAM,gBAAiB,CAAA,GAAA,CAAI5B,EAAac,CAAU,EACpD,CAEOiB,CAAAA,EAAAA,CAAQzD,EC/JR,IAAM0D,EAAiF,CAACC,CAAAA,CAAS1B,CAAS2B,CAAAA,CAAAA,GAAS,CACxHD,CAAAA,CAAQ,gBAAgB,MAAQ,CAAA,MAAS,CACzCA,CAAAA,CAAAA,CAAQ,OAAQ,CAAA,WAAA,CAAa,MAAOE,CAASC,CAAAA,CAAAA,GAAU,CACrD,GAAI,CACF,IAAMC,EAAO,MAAM/B,CAAAA,CAAqBC,CAAS4B,CAAAA,CAAAA,CAAQ,OAAO,CAAA,CAC5DE,IACFF,CAAQ,CAAA,IAAA,CAAOE,CAEnB,EAAA,CAAA,KAAY,CACVD,CAAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,CAAE,KAAA,CAAO,0BAA2B,CAAC,EAC9D,CACF,CAAC,CAEDF,CAAAA,CAAAA,GACF,EACAF,CAAAA,CAA2B,MAAO,CAAA,GAAA,CAAI,eAAe,CAAC,EAAI,IC1B1D,CAIO,IAAMM,EAAU,IAA4BjD,mBAAAA,EAAoB,CAAA,gBAAA,EAAkB,GAAIW,CAAAA,CAAW,EAE3FuC,CAAc,CAAA,IAAMD,CAAQ,EAAA,EAAG,EAEtCE,CAAAA,CAAAA,CAAuB,CAC3BpE,CACAD,CAAAA,CAAAA,GACG,CAACoE,CAAAA,EAAiB,EAAA,MAAA,CAAO,OAAOD,CAAQ,EAAA,CAAG,WAAYnE,CAAAA,CAAU,CAAGC,CAAAA,CAAQ,EAEpEqE,EAAwBC,CAAAA,CAAAA,EAAoBF,EAAqBE,CAAS,CAAA,QAAQ,EAClFC,EAAgCC,CAAAA,CAAAA,EAA4BJ,CAAqBI,CAAAA,CAAAA,CAAiB,gBAAgB,CAAA,CAClHC,GAA+BC,CAA2BN,EAAAA,CAAAA,CAAqBM,CAAgB,CAAA,eAAe,ECZpH,IAAMC,EAAN,cAAsC,KAAM,CACjD,WAAA,CAAmBV,CAAuB,CAAA,IAAA,CAAMW,EAAU,yBAA2B,CAAA,CACnF,KAAMA,CAAAA,CAAO,CADI,CAAA,IAAA,CAAA,IAAA,CAAAX,EAEjB,IAAK,CAAA,IAAA,CAAO,0BACd,CACF,ECNO,IAAMY,CAAwB,CAAA,CACnC,IAAM,CAAA,MAAA,CACN,MAAO,OACP,CAAA,GAAA,CAAK,KACP,CAAA,CAEMC,EAAwB,CAAA,CAC5B,CAACD,CAAsB,CAAA,IAAI,EAAG,IAAG,EAAA,CACjC,CAACA,CAAsB,CAAA,KAAK,EAAIE,CAAAA,EAA+B,CAC7D,GAAM,CAAE,QAAAC,CAAAA,CAAAA,CAAU,QAAAC,CAAAA,CAAS,CAAIF,CAAAA,CAAAA,CAE/B,OAAO,CADoB,MAAA,EAAA,MAAA,CAAO,IAAK,CAAA,CAAA,EAAGC,CAAQ,CAAA,CAAA,EAAIC,CAAQ,CAAE,CAAA,CAAA,CAAE,QAAS,CAAA,QAAQ,CACjD,CAAA,CACpC,EACA,CAACJ,CAAAA,CAAsB,GAAG,EAAIE,CAA+B,EAAA,CAC3D,GAAM,CAAE,MAAA,CAAAG,CAAO,CAAA,CAAIH,CACnB,CAAA,GAAIG,EACF,OAAO,CAAA,OAAA,EAAU/G,kBAAI,CAAA,IAAA,CAAK,EAAC,CAAG+G,EAAQ,CAAE,SAAA,CAAW,EAAG,CAAC,CAAC,EAG5D,CACF,CAAA,CAEaC,EAA0BJ,CAAAA,CAAAA,EAA8E,CACnH,IAAMK,EAAsBL,CAAuB,EAAA,MAAA,CAEnD,GAAI,EAAA,CAACK,CAAuB,EAAA,CAACN,GAAsBM,CAAmB,CAAA,CAAA,CAItE,OAAON,EAAAA,CAAsBM,CAAmB,CAAA,CAAEL,CAAqB,CACzE,ECTMM,IAAAA,EAAAA,CAA6BC,YAI7BC,CAAAA,iBAAAA,CAAAA,EAAAA,CAAgB,CAAC,CAAE,eAAA,CAAAC,CAAkB,CAAA,EAAI,CAAA,MAAA,CAAAC,CAAO,CAAiF,CAAA,EAAa,GAAA,CACzIH,YAAQ,CAAA,OAAA,CAAA,CACf,cAAe,MACf,CAAA,uBAAA,CAAyBG,CAAQ,EAAA,oBAAA,CACjC,GAAGD,CACL,CAAC,EACH,CAAA,CAEM,CAAE,UAAA,CAAA9B,EAAY,CAAA,QAAA,CAAAD,EAAS,CAAIiC,CAAAA,aA8B1BC,IAAAA,EAAAA,CAAQ,CACb,UAAA,CAAAjC,GACA,QAAAD,CAAAA,EAAAA,CACA,IAAAE,CAAAA,EAAAA,CACA,UAAAhB,CAAAA,CAAAA,CACA,qBAAAI,CACA,CAAA,8BAAA,CAAAM,CACA,CAAA,iBAAA,CAAAgC,EACA,CAAA,gBAAA,CAAA/B,GACA,oBAAAe,CAAAA,EAAAA,CACA,4BAAAE,CAAAA,EAAAA,CACA,2BAAAE,CAAAA,EAAAA,CACA,YAAAN,CACA,CAAA,OAAA,CAAAD,CACA,CAAA,uBAAA,CAAAS,CACA,CAAA,aAAA,CAAAzB,EACA,sBAAAK,CAAAA,EAAAA,CACA,QAAAmC,CAAAA,YAAAA,CACA,qBAAAb,CAAAA,CAAAA,CACA,uBAAAM,EACA,CAAA,mBAAA,CAAA5F,CACA,CAAA,0BAAA,CAAAqE,CACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport moment from 'moment';\n\nconst {\n DEPRECATED_JWT_SECRET, JWT_NEW_SECRET,\n DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET,\n DEPRECATION_UNIX_TIMESTAMP,\n} = process.env;\n\nconst getRelevantSecret = (token: string | undefined, deprecatedSecret: string, newSecret: string): string => {\n const deprecationTime = moment(parseInt(DEPRECATION_UNIX_TIMESTAMP, 10) * 1000);\n try {\n let unixTime: moment.Moment;\n if (token) {\n const { iat } = jwt.decode(token) as jwt.JwtPayload;\n unixTime = moment(iat * 1000);\n } else {\n unixTime = moment();\n }\n return unixTime.isBefore(deprecationTime) ? deprecatedSecret : newSecret;\n } catch (e) {\n return newSecret;\n }\n};\n\nexport const getRefreshTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET);\nexport const getTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_JWT_SECRET, JWT_NEW_SECRET);\n","import type { UUID } from 'node:crypto';\nimport jwt from 'jsonwebtoken';\nimport { getTokenSecret } from './secret-getter';\n\nconst CONTEXT_PROPS = ['fleetId', 'businessModelId', 'demandSourceId'];\nconst CONTEXT_MAP_PROPS = {\n fleet: 'fleets',\n business: 'businessModels',\n demand: 'demandSources',\n};\n\nexport const getAuthFromBearer = (bearer: string): string => bearer.replace('Bearer ', '');\n\nexport const decodeBearer = (bearer: string, appSecret?: string): any => {\n const token = getAuthFromBearer(bearer);\n const decoded = jwt.verify(token, appSecret || getTokenSecret(token));\n return decoded;\n};\n\nexport const parsePermissions = (contextId, decodedToken): any => {\n if (!decodedToken) { return []; }\n const { contexts } = decodedToken;\n const activeContext = contexts.find((context) => context.id === contextId);\n\n const permissionsValue = `${activeContext.permissions?.map((cp) => `${cp},`)}`;\n\n return {\n key: activeContext.entityId,\n value: permissionsValue,\n };\n};\n\nexport const getEntitiesFromContext = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n\n const attributes = {};\n contexts.forEach((context) => {\n const prop = CONTEXT_MAP_PROPS[context.subSystem || 'business'];\n\n const permissions = parsePermissions(context.id, decodedToken);\n attributes[prop] ||= {};\n attributes[prop][permissions.key] = permissions.value;\n });\n\n return attributes;\n};\n\nexport const getContextAttributes = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n const attributes = {};\n contexts.forEach((context) => {\n CONTEXT_PROPS.forEach((prop) => {\n if (context[prop]) {\n const contextPropWrapped = [context[prop]];\n attributes[prop] ||= [];\n attributes[prop] = attributes[prop].concat(contextPropWrapped);\n }\n });\n });\n return attributes;\n};\n\nconst EMPTY_UUID = '00000000-0000-0000-0000-000000000000';\nconst FULL_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff';\nconst VALID_CHARS_REGEX = '[0-9a-f]';\nconst UUID_VERSION_REGEX = '[1-8]';\nconst UUID_REGEX = new RegExp(\n `^(?:${VALID_CHARS_REGEX}{8}-${VALID_CHARS_REGEX}{4}-${UUID_VERSION_REGEX}${VALID_CHARS_REGEX}{3}-[89ab]${VALID_CHARS_REGEX}{3}-${VALID_CHARS_REGEX}{12}|${EMPTY_UUID}|${FULL_UUID})$`,\n 'i',\n);\nexport function validateUUID(uuid: unknown): uuid is UUID {\n return typeof uuid === 'string' && UUID_REGEX.test(uuid);\n}\n","import Network from '@autofleet/network';\n\nconst CACHE_LIFETIME_IN_SEC = 10;\nconst apiGwUrl = process.env.API_GATEWAY_URL || 'https://api.autofleet.io';\n\n// eslint-disable-next-line import/prefer-default-export\nexport const IdentityNetwork = new Network({\n serviceName: 'IDENTITY_MS',\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n\nexport const AutofleetApiNetwork = new Network({\n baseURL: apiGwUrl,\n serviceUrl: apiGwUrl,\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n","import NodeCache from 'node-cache';\nimport objectHash from 'object-hash';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport { validateUUID } from '../utils';\nimport { AutofleetApiNetwork, IdentityNetwork } from '../services';\n\nexport type AccountType = 'client' | 'user' | 'service' | 'driver'\ninterface EntityPermissions {\n [key: string]: string[];\n}\n\nexport const ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';\nexport const CONTEXTS_IDS_HEADER = 'x-af-context-ids';\n\nexport interface UserPayload {\n businessModels: EntityPermissions;\n fleets: EntityPermissions;\n demandSources: EntityPermissions;\n businessAccounts?: EntityPermissions;\n accountType?: AccountType;\n contexts?: EntityPermissions;\n createdAt?: string;\n}\n\nexport interface PartialUserPayload {\n businessModels?: EntityPermissions;\n fleets?: EntityPermissions;\n demandSources?: EntityPermissions;\n vehicles?: EntityPermissions;\n drivers?: EntityPermissions;\n businessAccounts?: EntityPermissions;\n}\n\nconst userCache = new NodeCache({ stdTTL: 10 });\n\nconst mergePermissions = (target: UserPayload, sources: Iterable<PartialUserPayload>): UserPayload => {\n const permissions: UserPayload = {\n ...target,\n fleets: { ...target?.fleets },\n businessModels: { ...target?.businessModels },\n demandSources: { ...target?.demandSources },\n // Clone other nested objects as needed\n };\n\n // eslint-disable-next-line no-restricted-syntax\n for (const source of sources) {\n Object.keys(source).forEach((entityType) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType] ??= {};\n Object.entries(source[entityType]!).forEach(([entityId, perms]) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType][entityId] = (permissions[entityType][entityId] || []).concat(perms);\n });\n });\n }\n\n return permissions;\n};\n\nexport default class ApiUser {\n private privatePermissions: UserPayload | undefined;\n\n private readonly privateElevatedPermissionsHash = new Map<symbol, PartialUserPayload | undefined>();\n\n private privatePermissionsLegacy: any;\n\n private readonly appPermission: {[key: string]: any; } = {};\n\n public readonly emptyUser: boolean;\n\n constructor(public id? : string, public accountType?: AccountType, elevatedPermissions?: PartialUserPayload, public contextIds?: string[]) {\n this.emptyUser = !!id;\n if (elevatedPermissions) {\n this.privateElevatedPermissionsHash.set(Symbol('initial'), elevatedPermissions);\n }\n }\n\n public async getUserPermissions(): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n });\n\n let data = userCache.get<UserPayload>(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get<UserPayload>(`/api/v1/users/${this.id}/authorization-payload`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.accountType = data.accountType;\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public async useCustomPermissionLoader(customPermissionLoader: (userId: string) => UserPayload | PromiseLike<UserPayload>): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n\n const cacheKey = this.id;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.privatePermissions = cachedResult;\n return cachedResult;\n }\n\n const data = await customPermissionLoader(this.id);\n userCache.set(cacheKey, data);\n\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public get businessModels(): string[] | undefined {\n return this.getUserProperty('businessModels');\n }\n\n public get fleets(): string[] | undefined {\n return this.getUserProperty('fleets');\n }\n\n public get demandSources(): string[] | undefined {\n return this.getUserProperty('demandSources');\n }\n\n private getUserProperty(key: keyof UserPayload): string[] | undefined {\n if (!this.privatePermissions) {\n throw new Error(`Cannot get ${key} without calling (async) getUserPermissions before`);\n }\n return Object.keys(this.privatePermissions[key] || {});\n }\n\n public get elevatedPermissions(): UserPayload {\n return mergePermissions(undefined, this.privateElevatedPermissionsHash.values());\n }\n\n public get permissions(): UserPayload | undefined {\n if (!this.privatePermissions) {\n throw new Error('Cannot get permissions without calling (async) getUserPermissions before');\n }\n\n return mergePermissions(this.privatePermissions, this.privateElevatedPermissionsHash.values());\n }\n\n public elevatePermissions(addedPermissions: PartialUserPayload): () => void {\n // @itayankri is concerned about memory consumption, so create a symbol with no description, to avoid assigning memory for the description string\n // eslint-disable-next-line symbol-description\n const elevationId = Symbol();\n\n // Validate that the added permissions are valid UUIDs\n Object.values(addedPermissions).forEach((entityIds) => {\n Object.keys(entityIds).forEach((entityId) => {\n if (!validateUUID(entityId)) {\n throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${entityId}`);\n }\n });\n });\n\n const currentUserTrace = getCurrentContext();\n if (!currentUserTrace) {\n throw new Error('Cannot find current user cross services trace');\n }\n\n const currentElevation = JSON.parse(currentUserTrace.context[ELEVATED_PERMISSIONS_HEADER] || '{}');\n const newElevation = Object.assign(currentElevation, addedPermissions);\n this.privateElevatedPermissionsHash.set(elevationId, newElevation);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n return () => {\n this.privateElevatedPermissionsHash.delete(elevationId);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n };\n }\n\n public async getUserPermissionsLegacy() {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissionsLegacy) {\n return this.privatePermissionsLegacy;\n }\n\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n legacy: true,\n });\n let data = userCache.get(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload-legacy`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.privatePermissionsLegacy = data;\n return this.privatePermissionsLegacy;\n }\n\n public get permissionsLegacy(): any {\n if (!this.privatePermissionsLegacy) {\n throw new Error('Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before');\n }\n return this.privatePermissionsLegacy;\n }\n\n public async getUserAppPermissions(appId, clientSecret) {\n if (!this.id || !appId || !clientSecret) {\n return undefined;\n }\n const currentAppPermission = this.appPermission[appId];\n\n if (currentAppPermission) {\n return currentAppPermission;\n }\n\n const cacheKey = `${this.id}:${appId}`;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.appPermission[appId] = cachedResult;\n return cachedResult;\n }\n\n const { data } = await AutofleetApiNetwork.post<UserPayload>(`/api/v1/apps/${appId}/get-user-payload`, {\n userId: this.id,\n }, {\n headers: {\n 'x-autofleet-apps-secret': clientSecret,\n },\n });\n\n userCache.set(cacheKey, data);\n this.appPermission[appId] = data;\n return this.appPermission[appId];\n }\n}\n","import { AutofleetApiNetwork } from './services';\n\nexport const decodeAppBearer = async (bearer: string, appId: string): Promise<any> => {\n const { data: decoded } = await AutofleetApiNetwork.post('/api/v1/auth', { bearer, appId });\n return decoded;\n};\n\nexport const getClientSecret = async (appId: string): Promise<any> => {\n const { data: secret } = await AutofleetApiNetwork.get(`/api/v1/auth/client-secret/${appId}`);\n return secret;\n};\n","export default class AppDoesNotExist extends Error {\n name = 'AppDoesNotExist';\n\n message = 'app does not exist';\n}\n","export const IDENTITY_MS = 'identity-ms';\nexport const ACCESS_TOKEN = 'accessToken';\nexport const USER_OBJECT = 'userObject';\nexport const USER_TRACING_HEADER = 'x-af-user-id';\nexport const ORIGIN_HEADER = 'X-IAF-ORIGIN-SERVICE';\nexport const USER_PERMISSIONS_HEADER = 'x-af-user-permissions';\nexport const LOWER_CASE_ORIGIN_HEADER = ORIGIN_HEADER.toLowerCase();\nexport const AUTOFLEET_APPS_SECRET_HEADER = 'x-autofleet-apps-secret';\n","import type { IncomingHttpHeaders } from 'node:http';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport ApiUser, { CONTEXTS_IDS_HEADER, ELEVATED_PERMISSIONS_HEADER, type UserPayload } from './ApiUser';\nimport {\n IDENTITY_MS,\n USER_OBJECT,\n USER_TRACING_HEADER,\n ORIGIN_HEADER,\n LOWER_CASE_ORIGIN_HEADER,\n} from './const';\n\nexport type CustomPermissionLoader = (userId: string) => Promise<UserPayload>;\nexport interface AuthFromUserIdHeaderOptions {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n customPermissionLoader?: CustomPermissionLoader;\n}\n\nexport const authFromUserIdHeader = async (options: AuthFromUserIdHeaderOptions, headers: IncomingHttpHeaders): Promise<ApiUser | undefined> => {\n const originHeader = headers[ORIGIN_HEADER] || headers[LOWER_CASE_ORIGIN_HEADER] || '';\n if (!Array.isArray(originHeader) && originHeader.toLowerCase() === IDENTITY_MS) {\n return undefined;\n }\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n customPermissionLoader,\n } = options;\n const userId = headers[USER_TRACING_HEADER] as string;\n if (!userId || Array.isArray(userId)) {\n return undefined;\n }\n\n const elevatedPermissionsFromHeader = headers[ELEVATED_PERMISSIONS_HEADER]?.length > 0 ? JSON.parse(headers[ELEVATED_PERMISSIONS_HEADER] as string) : {};\n const contextIds = (headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n\n const userObject = new ApiUser(userId, 'user', elevatedPermissionsFromHeader, contextIds);\n if (eagerLoadUserPermissions) {\n if (customPermissionLoader) {\n await userObject.useCustomPermissionLoader(customPermissionLoader);\n } else {\n await userObject.getUserPermissions();\n }\n }\n\n if (eagerLoadUserPermissionsLegacy) {\n await userObject.getUserPermissionsLegacy();\n }\n\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n return userObject;\n};\n","import type { Handler, Request } from 'express';\nimport { getCurrentContext, newTrace, traceTypes } from '@autofleet/outbreak';\nimport jwt from 'jsonwebtoken';\nimport ApiUser, { CONTEXTS_IDS_HEADER } from './ApiUser';\nimport { decodeAppBearer } from '../app-auth';\nimport AppDoesNotExist from '../exceptions/appDoesNotExist';\nimport { decodeBearer, getAuthFromBearer } from '../utils';\nimport {\n ACCESS_TOKEN,\n USER_OBJECT,\n USER_TRACING_HEADER,\n USER_PERMISSIONS_HEADER,\n AUTOFLEET_APPS_SECRET_HEADER,\n} from './const';\nimport { authFromUserIdHeader, AuthFromUserIdHeaderOptions } from './common';\n\ndeclare module 'express-serve-static-core' {\n // eslint-disable-next-line @typescript-eslint/no-shadow\n interface Request {\n user: ApiUser;\n }\n}\n\nexport const middleware = (options: AuthFromUserIdHeaderOptions = {}): Handler => async (req, res, next): Promise<any> => {\n try {\n const userObject = await authFromUserIdHeader(options, req.headers);\n if (userObject) {\n req.user = userObject;\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n }\n\n next();\n } catch (e) {\n res.status(401).json({ error: 'cannot authenticate user' });\n }\n};\n\nexport const middlewareWithDecode = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n returnErrorIfNoToken?: boolean\n} = {}): Handler => async (req, res, next): Promise<void> => {\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n returnErrorIfNoToken,\n } = options;\n let decoded;\n if (req.headers.authorization) {\n try {\n decoded = await decodeBearer(req.headers.authorization);\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n } else if (e instanceof jwt.JsonWebTokenError) {\n res.status(400).json({ errors: [e.message] });\n } else {\n res.status(500).json({ errors: ['Server error while parsing token'] });\n }\n return;\n }\n const userId = decoded?.user?.id;\n\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n const userObject = new ApiUser(userId, decoded?.user?.accountType, undefined, contextIds);\n\n if (eagerLoadUserPermissions || eagerLoadUserPermissionsLegacy) {\n await Promise.all([\n eagerLoadUserPermissions && userObject.getUserPermissions(),\n eagerLoadUserPermissionsLegacy && userObject.getUserPermissionsLegacy(),\n ]);\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n } else if (returnErrorIfNoToken) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n next();\n};\n\nexport const appMiddleware = (options: {\n appId: string,\n clientSecret: string\n}): Handler => async (req, res, next): Promise<void> => {\n const {\n appId,\n clientSecret,\n } = options;\n let decoded;\n\n if (!req.headers.authorization) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n\n try {\n decoded = await decodeAppBearer(req.headers.authorization, appId);\n if (!decoded) {\n throw new AppDoesNotExist();\n }\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n return;\n }\n if ([jwt.JsonWebTokenError, AppDoesNotExist].some((Err) => e instanceof Err)) {\n res.status(400).json({ errors: [e.message] });\n return;\n }\n res.status(500).json({ errors: ['Server error while parsing token'] });\n return;\n }\n const userId = decoded?.userId;\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const userObject = new ApiUser(userId);\n\n if (appId) {\n req.headers[AUTOFLEET_APPS_SECRET_HEADER] = clientSecret;\n // Won't work until we find a better solution for identity ms\n await userObject.getUserAppPermissions(appId, clientSecret);\n }\n\n req.user = userObject;\n const currentTraceContext = getCurrentContext().nonHeaderContext;\n currentTraceContext?.set(USER_OBJECT, userObject);\n currentTraceContext?.set(ACCESS_TOKEN, getAuthFromBearer(req.headers.authorization));\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n next();\n};\n\nexport const eagerLoadPermissionsMiddleware: Handler = async (req, res, next) => {\n await req.user.getUserPermissions();\n next();\n};\n\nexport const getDecodedBearer = (req: Request) => {\n if (!req.headers.authorization) {\n return null;\n }\n return decodeBearer(req.headers.authorization);\n};\n\nexport const createOrSetRabbitTrace = async (trace: ReturnType<typeof newTrace> | undefined, userId: string | undefined) => {\n const userObject = new ApiUser(userId);\n\n await userObject.getUserPermissions();\n // eslint-disable-next-line no-param-reassign\n trace ??= newTrace(traceTypes.RABBIT);\n trace.nonHeaderContext.set(USER_OBJECT, userObject);\n};\n\nexport default ApiUser;\n","import type { FastifyPluginCallback } from 'fastify';\nimport type ApiUser from './ApiUser';\nimport { AuthFromUserIdHeaderOptions, authFromUserIdHeader } from './common';\n\ndeclare module 'fastify' {\n interface FastifyRequest {\n user?: ApiUser;\n }\n}\n\n// eslint-disable-next-line import/prefer-default-export\nexport const authFromUserIdHeaderPlugin: FastifyPluginCallback<AuthFromUserIdHeaderOptions> = (fastify, options, done) => {\n fastify.decorateRequest('user', undefined);\n fastify.addHook('onRequest', async (request, reply) => {\n try {\n const user = await authFromUserIdHeader(options, request.headers);\n if (user) {\n request.user = user;\n }\n } catch (e) {\n reply.status(401).send({ error: 'cannot authenticate user' });\n }\n });\n\n done();\n};\nauthFromUserIdHeaderPlugin[Symbol.for('skip-override')] = true; // Prevent Fastify from overriding the plugin\n","import { getCurrentContext } from '@autofleet/outbreak';\nimport { USER_OBJECT } from './user/const';\nimport ApiUser, { type UserPayload } from './user/ApiUser';\n\nexport const getUser = () : ApiUser | undefined => getCurrentContext().nonHeaderContext?.get(USER_OBJECT) as ApiUser | undefined;\n\nexport const isUserExist = () => getUser()?.id;\n\nconst checkUserPermissions = (\n entityId: string,\n entityType: Exclude<keyof UserPayload, 'accountType' | 'createdAt'>,\n) => !isUserExist() || Object.hasOwn(getUser()!.permissions[entityType], entityId);\n\nexport const checkFleetPermission = (fleetId: string) => checkUserPermissions(fleetId, 'fleets');\nexport const checkBusinessModelPermission = (businessModelId: string) => checkUserPermissions(businessModelId, 'businessModels');\nexport const checkDemandSourcePermission = (demandSourceId: string) => checkUserPermissions(demandSourceId, 'demandSources');\n","import type ApiUser from './user';\n\n// eslint-disable-next-line import/prefer-default-export\nexport class UnauthorizedAccessError extends Error {\n constructor(public user: ApiUser | null = null, message = 'UnauthorizedAccessError') {\n super(message);\n this.name = 'UnauthorizedAccessError';\n }\n}\n","import jwt from 'jsonwebtoken';\n\nexport const AUTHORIZATION_METHODS = {\n NONE: 'NONE',\n BASIC: 'BASIC',\n JWT: 'JWT',\n};\n\nconst AUTHORIZATION_ACTIONS = {\n [AUTHORIZATION_METHODS.NONE]: () => undefined,\n [AUTHORIZATION_METHODS.BASIC]: (authorizationSettings: any) => {\n const { username, password } = authorizationSettings;\n const encodedCredentials = Buffer.from(`${username}:${password}`).toString('base64');\n return `Basic ${encodedCredentials}`;\n },\n [AUTHORIZATION_METHODS.JWT]: (authorizationSettings: any) => {\n const { secret } = authorizationSettings;\n if (secret) {\n return `Bearer ${jwt.sign({}, secret, { expiresIn: 10 })}`;\n }\n return undefined;\n },\n};\n\nexport const getAuthorizationHeader = (authorizationSettings: { method: string } | undefined): string | undefined => {\n const authorizationMethod = authorizationSettings?.method;\n\n if (!authorizationMethod || !AUTHORIZATION_ACTIONS[authorizationMethod]) {\n return undefined;\n }\n\n return AUTHORIZATION_ACTIONS[authorizationMethod](authorizationSettings);\n};\n","import type { LoggerInstanceManager } from '@autofleet/logger';\nimport * as outbreak from '@autofleet/outbreak';\nimport User, {\n middleware,\n eagerLoadPermissionsMiddleware,\n middlewareWithDecode,\n getDecodedBearer,\n appMiddleware,\n createOrSetRabbitTrace,\n} from './user';\nimport { authFromUserIdHeaderPlugin } from './user/fastify';\nimport { type UserPayload, CONTEXTS_IDS_HEADER } from './user/ApiUser';\nimport {\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n} from './check-permission';\nimport { UnauthorizedAccessError } from './errors';\nimport { getRefreshTokenSecret, getTokenSecret } from './secret-getter';\nimport { AUTHORIZATION_METHODS, getAuthorizationHeader } from './authorization';\n\nconst getCurrentPayload = outbreak.getCurrentContext;\n\ntype OutbreakOptions = Parameters<typeof outbreak.default>[0];\ntype LoggerWithContextMiddleware = Partial<Pick<LoggerInstanceManager, 'addContextMiddleware'>>;\nconst enableTracing = ({ outbreakOptions = {}, logger }: { outbreakOptions?: OutbreakOptions, logger?: LoggerWithContextMiddleware } = {}): void => {\n outbreak.default({\n headersPrefix: 'x-af',\n contextMiddlewareGetter: logger?.addContextMiddleware,\n ...outbreakOptions,\n });\n};\n\nconst { traceTypes, newTrace } = outbreak;\n\nexport {\n traceTypes,\n newTrace,\n enableTracing,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n getRefreshTokenSecret,\n getTokenSecret,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n type UserPayload,\n CONTEXTS_IDS_HEADER,\n authFromUserIdHeaderPlugin,\n};\n\nexport default {\n traceTypes,\n newTrace,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n CONTEXTS_IDS_HEADER,\n authFromUserIdHeaderPlugin,\n};\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/secret-getter.ts","../src/utils.ts","../src/services.ts","../src/user/ApiUser.ts","../src/app-auth.ts","../src/exceptions/appDoesNotExist.ts","../src/user/const.ts","../src/user/common.ts","../src/user/index.ts","../src/user/fastify.ts","../src/check-permission.ts","../src/errors.ts","../src/authorization.ts","../src/index.ts"],"names":["DEPRECATED_JWT_SECRET","JWT_NEW_SECRET","DEPRECATED_REFRESH_JWT_SECRET","REFRESH_JWT_SECRET","DEPRECATION_UNIX_TIMESTAMP","getRelevantSecret","token","deprecatedSecret","newSecret","deprecationTime","moment","unixTime","iat","jwt","getRefreshTokenSecret","getTokenSecret","getAuthFromBearer","bearer","decodeBearer","appSecret","EMPTY_UUID","FULL_UUID","VALID_CHARS_REGEX","UUID_VERSION_REGEX","UUID_REGEX","validateUUID","uuid","CACHE_LIFETIME_IN_SEC","apiGwUrl","IdentityNetwork","Network","AutofleetApiNetwork","ELEVATED_PERMISSIONS_HEADER","CONTEXTS_IDS_HEADER","userCache","NodeCache","mergePermissions","target","sources","permissions","source","entityType","entityId","perms","ApiUser","id","accountType","elevatedPermissions","contextIds","cacheKey","objectHash","data","customPermissionLoader","cachedResult","key","addedPermissions","elevationId","entityIds","currentUserTrace","getCurrentContext","currentElevation","newElevation","cleanup","appId","clientSecret","currentAppPermission","decodeAppBearer","decoded","AppDoesNotExist","IDENTITY_MS","ACCESS_TOKEN","USER_OBJECT","USER_TRACING_HEADER","ORIGIN_HEADER","USER_PERMISSIONS_HEADER","LOWER_CASE_ORIGIN_HEADER","AUTOFLEET_APPS_SECRET_HEADER","authFromUserIdHeader","options","headers","originHeader","eagerLoadUserPermissions","eagerLoadUserPermissionsLegacy","userId","elevatedPermissionsFromHeader","userObject","middleware","req","res","next","middlewareWithDecode","returnErrorIfNoToken","e","appMiddleware","Err","currentTraceContext","eagerLoadPermissionsMiddleware","getDecodedBearer","createOrSetRabbitTrace","trace","newTrace","traceTypes","user_default","authFromUserIdHeaderPlugin","fastify","done","request","reply","user","getUser","isUserExist","checkUserPermissions","checkFleetPermission","fleetId","checkBusinessModelPermission","businessModelId","checkDemandSourcePermission","demandSourceId","UnauthorizedAccessError","message","AUTHORIZATION_METHODS","AUTHORIZATION_ACTIONS","authorizationSettings","username","password","secret","getAuthorizationHeader","authorizationMethod","getCurrentPayload","P","enableTracing","outbreakOptions","logger","outbreak","index_default"],"mappings":"+3BAGA,IAAM,CACJ,qBAAAA,CAAAA,EAAAA,CAAuB,cAAAC,CAAAA,EAAAA,CACvB,6BAAAC,CAAAA,EAAAA,CAA+B,mBAAAC,EAC/B,CAAA,0BAAA,CAAAC,EACF,CAAA,CAAI,OAAQ,CAAA,GAAA,CAENC,EAAoB,CAACC,CAAAA,CAA2BC,CAA0BC,CAAAA,CAAAA,GAA8B,CAC5G,IAAMC,EAAkBC,kBAAO,CAAA,QAAA,CAASN,EAA4B,CAAA,EAAE,CAAI,CAAA,GAAI,EAC9E,GAAI,CACF,IAAIO,CAAAA,CACJ,GAAIL,CAAAA,CAAO,CACT,GAAM,CAAE,GAAAM,CAAAA,CAAI,CAAIC,CAAAA,kBAAAA,CAAI,OAAOP,CAAK,CAAA,CAChCK,CAAWD,CAAAA,kBAAAA,CAAOE,CAAM,CAAA,GAAI,EAC9B,CACED,KAAAA,CAAAA,CAAWD,kBAAO,EAAA,CAEpB,OAAOC,CAAAA,CAAS,SAASF,CAAe,CAAA,CAAIF,CAAmBC,CAAAA,CACjE,CAAY,KAAA,CACV,OAAOA,CACT,CACF,CAEaM,CAAAA,EAAAA,CAAyBR,CAA2BD,EAAAA,CAAAA,CAAkBC,CAAOJ,CAAAA,EAAAA,CAA+BC,EAAkB,CAAA,CAC9HY,CAAkBT,CAAAA,CAAAA,EAA2BD,CAAkBC,CAAAA,CAAAA,CAAON,GAAuBC,EAAc,ECVjH,IAAMe,CAAAA,CAAqBC,CAA2BA,EAAAA,CAAAA,CAAO,QAAQ,SAAW,CAAA,EAAE,CAE5EC,CAAAA,CAAAA,CAAe,CAACD,CAAAA,CAAgBE,IAA4B,CACvE,IAAMb,CAAQU,CAAAA,CAAAA,CAAkBC,CAAM,CAAA,CAEtC,OADgBJ,kBAAI,CAAA,MAAA,CAAOP,CAAOa,CAAaJ,CAAeT,CAAAA,CAAK,CAAC,CAEtE,CAAA,CAuDA,IAAMc,EAAAA,CAAa,sCACbC,CAAAA,EAAAA,CAAY,uCACZC,CAAoB,CAAA,UAAA,CACpBC,EAAqB,CAAA,OAAA,CACrBC,EAAa,CAAA,IAAI,OACrB,CAAOF,IAAAA,EAAAA,CAAiB,CAAOA,IAAAA,EAAAA,CAAiB,CAAOC,IAAAA,EAAAA,EAAkB,CAAGD,EAAAA,CAAiB,CAAaA,UAAAA,EAAAA,CAAiB,CAAOA,IAAAA,EAAAA,CAAiB,CAAQF,KAAAA,EAAAA,EAAU,IAAIC,EAAS,CAAA,EAAA,CAAA,CAClL,GACF,CAAA,CACO,SAASI,CAAAA,CAAaC,EAA6B,CACxD,OAAO,OAAOA,CAAAA,EAAS,QAAYF,EAAAA,EAAAA,CAAW,KAAKE,CAAI,CACzD,CCrFA,IAAMC,CAAwB,CAAA,EAAA,CACxBC,CAAW,CAAA,OAAA,CAAQ,GAAI,CAAA,eAAA,EAAmB,2BAGnCC,CAAkB,CAAA,IAAIC,kBAAQ,CAAA,CACzC,WAAa,CAAA,aAAA,CACb,QAAS,CACT,CAAA,cAAA,CAAgB,IAAM,IAAA,CACtB,KAAO,CAAA,OAAA,CAAQ,IAAI,QAAa,GAAA,MAAA,CAAS,CACvC,MAAA,CAAQH,CAAwB,CAAA,GAClC,CAAI,CAAA,MACN,CAAC,CAAA,CAEYI,CAAsB,CAAA,IAAID,kBAAQ,CAAA,CAC7C,QAASF,CACT,CAAA,UAAA,CAAYA,CACZ,CAAA,OAAA,CAAS,CACT,CAAA,cAAA,CAAgB,IAAM,IACtB,CAAA,KAAA,CAAO,OAAQ,CAAA,GAAA,CAAI,QAAa,GAAA,MAAA,CAAS,CACvC,MAAQD,CAAAA,CAAAA,CAAwB,GAClC,CAAA,CAAI,MACN,CAAC,ECZYK,IAAAA,CAAAA,CAA8B,2BAC9BC,CAAAA,CAAAA,CAAsB,kBAqB7BC,CAAAA,CAAAA,CAAY,IAAIC,mBAAU,CAAA,CAAE,MAAQ,CAAA,EAAG,CAAC,CAAA,CAExCC,EAAmB,CAACC,CAAAA,CAAqBC,CAAuD,GAAA,CACpG,IAAMC,CAAAA,CAA2B,CAC/B,GAAGF,CAAAA,CACH,MAAQ,CAAA,CAAE,GAAGA,CAAAA,EAAQ,MAAO,CAAA,CAC5B,cAAgB,CAAA,CAAE,GAAGA,CAAAA,EAAQ,cAAe,CAAA,CAC5C,cAAe,CAAE,GAAGA,CAAQ,EAAA,aAAc,CAE5C,CAAA,CAGA,QAAWG,CAAUF,IAAAA,CAAAA,CACnB,MAAO,CAAA,IAAA,CAAKE,CAAM,CAAA,CAAE,QAASC,CAAe,EAAA,CAE1CF,CAAYE,CAAAA,CAAU,CAAM,GAAA,GAC5B,MAAO,CAAA,OAAA,CAAQD,CAAOC,CAAAA,CAAU,CAAE,CAAA,CAAE,QAAQ,CAAC,CAACC,CAAUC,CAAAA,CAAK,CAAM,GAAA,CAEjEJ,EAAYE,CAAU,CAAA,CAAEC,CAAQ,CAAA,CAAA,CAAKH,CAAYE,CAAAA,CAAU,EAAEC,CAAQ,CAAA,EAAK,EAAC,EAAG,MAAOC,CAAAA,CAAK,EAC5F,CAAC,EACH,CAAC,CAGH,CAAA,OAAOJ,CACT,EAEI,OAAO,MAAO,CAAA,OAAA,EAAY,QAE5B,EAAA,MAAA,CAAO,cAAe,CAAA,MAAA,CAAQ,UAAW,CAEvC,SAAA,CAAW,IACX,CAAA,YAAA,CAAc,KACd,CAAA,UAAA,CAAY,MACZ,KAAO,CAAA,MAAA,CAAO,GAAI,CAAA,gBAAgB,CAClC,CAAA,QAAA,CAAU,KACZ,CAAC,CAAA,CAEC,OAAO,MAAA,CAAO,YAAiB,EAAA,QAAA,EAEjC,OAAO,cAAe,CAAA,MAAA,CAAQ,cAAgB,CAAA,CAE5C,SAAW,CAAA,IAAA,CACX,aAAc,KACd,CAAA,UAAA,CAAY,KACZ,CAAA,KAAA,CAAO,MAAO,CAAA,GAAA,CAAI,qBAAqB,CACvC,CAAA,QAAA,CAAU,KACZ,CAAC,CAGH,CAAA,IAAqBK,CAArB,CAAA,KAA6B,CAW3B,WAAA,CAAmBC,CAAqBC,CAAAA,CAAAA,CAA2BC,CAAiDC,CAAAA,CAAAA,CAAuB,CAAxH,IAAAH,CAAAA,EAAAA,CAAAA,CAAAA,CAAqB,IAAAC,CAAAA,WAAAA,CAAAA,CAAAA,CAA4E,IAAAE,CAAAA,UAAAA,CAAAA,CAAAA,CARpH,KAAiB,8BAAiC,CAAA,IAAI,GAItD,CAAA,IAAA,CAAiB,aAAwC,CAAA,GAKvD,IAAK,CAAA,SAAA,CAAY,CAAC,CAACH,CACfE,CAAAA,CAAAA,EACF,KAAK,8BAA+B,CAAA,GAAA,CAAI,MAAO,CAAA,SAAS,CAAGA,CAAAA,CAAmB,EAElF,CAEA,MAAa,kBAA2C,EAAA,CACtD,GAAI,CAAC,KAAK,EACR,CAAA,OAEF,GAAI,IAAA,CAAK,kBACP,CAAA,OAAO,KAAK,kBAEd,CAAA,IAAME,CAAWC,CAAAA,kBAAAA,CAAW,CAC1B,EAAA,CAAI,IAAK,CAAA,EAAA,CACT,UAAY,CAAA,IAAA,CAAK,UACnB,CAAC,CAEGC,CAAAA,CAAAA,CAAOjB,EAAU,GAAiBe,CAAAA,CAAQ,CAE9C,CAAA,OAAKE,CACF,GAAA,CAAE,KAAAA,CAAK,CAAA,CAAI,MAAMtB,CAAAA,CAAgB,GAAiB,CAAA,CAAA,cAAA,EAAiB,KAAK,EAAE,CAAA,sBAAA,CAAA,CAA0B,CAAE,MAAA,CAAQ,CAAE,UAAA,CAAY,KAAK,UAAW,CAAE,CAAC,CAAA,CAChJK,CAAU,CAAA,GAAA,CAAIe,EAAUE,CAAI,CAAA,CAAA,CAG9B,IAAK,CAAA,WAAA,CAAcA,CAAK,CAAA,WAAA,CACxB,KAAK,kBAAqBA,CAAAA,CAAAA,CACnB,IAAK,CAAA,kBACd,CAEA,MAAa,0BAA0BC,CAA0G,CAAA,CAC/I,GAAI,CAAC,IAAK,CAAA,EAAA,CACR,OAEF,GAAI,IAAA,CAAK,kBACP,CAAA,OAAO,IAAK,CAAA,kBAAA,CAGd,IAAMH,CAAW,CAAA,IAAA,CAAK,EAEhBI,CAAAA,CAAAA,CAAenB,CAAU,CAAA,GAAA,CAAiBe,CAAQ,CACxD,CAAA,GAAII,CACF,CAAA,OAAA,IAAA,CAAK,kBAAqBA,CAAAA,CAAAA,CACnBA,EAGT,IAAMF,CAAAA,CAAO,MAAMC,CAAAA,CAAuB,IAAK,CAAA,EAAE,EACjD,OAAAlB,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAAA,CAE5B,KAAK,kBAAqBA,CAAAA,CAAAA,CACnB,IAAK,CAAA,kBACd,CAEA,IAAW,gBAA2B,CACpC,OAAO,IAAK,CAAA,eAAA,CAAgB,gBAAgB,CAC9C,CAEA,IAAW,MAAA,EAAmB,CAC5B,OAAO,IAAK,CAAA,eAAA,CAAgB,QAAQ,CACtC,CAEA,IAAW,aAA0B,EAAA,CACnC,OAAO,IAAA,CAAK,gBAAgB,eAAe,CAC7C,CAEQ,eAAA,CAAgBG,CAAkC,CAAA,CACxD,GAAI,CAAC,IAAA,CAAK,kBACR,CAAA,MAAM,IAAI,KAAA,CAAM,cAAcA,CAAG,CAAA,kDAAA,CAAoD,CAEvF,CAAA,OAAO,MAAO,CAAA,IAAA,CAAK,KAAK,kBAAmBA,CAAAA,CAAG,CAAK,EAAA,EAAE,CACvD,CAEA,IAAW,mBAAA,EAAmC,CAC5C,OAAOlB,CAAiB,CAAA,MAAA,CAAW,KAAK,8BAA+B,CAAA,MAAA,EAAQ,CACjF,CAEA,IAAW,aAAuC,CAChD,GAAI,CAAC,IAAA,CAAK,kBACR,CAAA,MAAM,IAAI,KAAA,CAAM,0EAA0E,CAAA,CAG5F,OAAOA,CAAAA,CAAiB,IAAK,CAAA,kBAAA,CAAoB,KAAK,8BAA+B,CAAA,MAAA,EAAQ,CAC/F,CAEO,kBAAA,CAAmBmB,EAAuF,CAG/G,IAAMC,CAAc,CAAA,MAAA,EAGpB,CAAA,MAAA,CAAO,OAAOD,CAAgB,CAAA,CAAE,OAASE,CAAAA,CAAAA,EAAc,CACrD,MAAA,CAAO,KAAKA,CAAS,CAAA,CAAE,OAASf,CAAAA,CAAAA,EAAa,CAC3C,GAAI,CAACjB,CAAaiB,CAAAA,CAAQ,CACxB,CAAA,MAAM,IAAI,KAAA,CAAM,kEAAkEA,CAAQ,CAAA,CAAE,CAEhG,CAAC,EACH,CAAC,EAED,IAAMgB,CAAAA,CAAmBC,mBAAkB,EAAA,CAC3C,GAAI,CAACD,CACH,CAAA,MAAM,IAAI,KAAA,CAAM,+CAA+C,CAAA,CAGjE,IAAME,CAAAA,CAAmB,KAAK,KAAMF,CAAAA,CAAAA,CAAiB,OAAQ1B,CAAAA,CAA2B,CAAK,EAAA,IAAI,EAC3F6B,CAAe,CAAA,MAAA,CAAO,MAAOD,CAAAA,CAAAA,CAAkBL,CAAgB,CAAA,CACrE,KAAK,8BAA+B,CAAA,GAAA,CAAIC,CAAaK,CAAAA,CAAY,CACjEH,CAAAA,CAAAA,CAAiB,QAAQ,GAAI1B,CAAAA,CAAAA,CAA6B,IAAK,CAAA,SAAA,CAAU,IAAK,CAAA,mBAAmB,CAAC,CAClG,CAAA,IAAM8B,CAAU,CAAA,IAAM,CACpB,IAAA,CAAK,+BAA+B,MAAON,CAAAA,CAAW,CACtDE,CAAAA,CAAAA,CAAiB,OAAQ,CAAA,GAAA,CAAI1B,EAA6B,IAAK,CAAA,SAAA,CAAU,IAAK,CAAA,mBAAmB,CAAC,EACpG,CACA,CAAA,OAAA8B,CAAQ,CAAA,MAAA,CAAO,OAAO,CAAA,CAAIA,CACnBA,CAAAA,CACT,CAEA,MAAa,wBAAA,EAA2B,CACtC,GAAI,CAAC,IAAA,CAAK,GACR,OAEF,GAAI,IAAK,CAAA,wBAAA,CACP,OAAO,IAAA,CAAK,yBAGd,IAAMb,CAAAA,CAAWC,kBAAW,CAAA,CAC1B,EAAI,CAAA,IAAA,CAAK,GACT,UAAY,CAAA,IAAA,CAAK,UACjB,CAAA,MAAA,CAAQ,IACV,CAAC,EACGC,CAAOjB,CAAAA,CAAAA,CAAU,GAAIe,CAAAA,CAAQ,CAEjC,CAAA,OAAKE,IACF,CAAE,IAAA,CAAAA,CAAK,CAAA,CAAI,MAAMtB,CAAAA,CAAgB,IAAI,CAAiB,cAAA,EAAA,IAAA,CAAK,EAAE,CAAA,6BAAA,CAAA,CAAiC,CAAE,MAAA,CAAQ,CAAE,UAAA,CAAY,IAAK,CAAA,UAAW,CAAE,CAAC,CAC1IK,CAAAA,CAAAA,CAAU,IAAIe,CAAUE,CAAAA,CAAI,CAG9B,CAAA,CAAA,IAAA,CAAK,wBAA2BA,CAAAA,CAAAA,CACzB,KAAK,wBACd,CAEA,IAAW,iBAAA,EAAyB,CAClC,GAAI,CAAC,IAAK,CAAA,wBAAA,CACR,MAAM,IAAI,KAAM,CAAA,sFAAsF,EAExG,OAAO,IAAA,CAAK,wBACd,CAEA,MAAa,qBAAA,CAAsBY,EAAeC,CAAwD,CAAA,CACxG,GAAI,CAAC,IAAK,CAAA,EAAA,EAAM,CAACD,CAAS,EAAA,CAACC,CACzB,CAAA,OAEF,IAAMC,CAAAA,CAAuB,KAAK,aAAcF,CAAAA,CAAK,CAErD,CAAA,GAAIE,CACF,CAAA,OAAOA,CAGT,CAAA,IAAMhB,CAAW,CAAA,CAAA,EAAG,IAAK,CAAA,EAAE,CAAIc,CAAAA,EAAAA,CAAK,GAE9BV,CAAenB,CAAAA,CAAAA,CAAU,GAAiBe,CAAAA,CAAQ,CACxD,CAAA,GAAII,EACF,OAAK,IAAA,CAAA,aAAA,CAAcU,CAAK,CAAA,CAAIV,CACrBA,CAAAA,CAAAA,CAGT,GAAM,CAAE,IAAA,CAAAF,CAAK,CAAA,CAAI,MAAMpB,CAAAA,CAAoB,KAAkB,CAAgBgC,aAAAA,EAAAA,CAAK,CAAqB,iBAAA,CAAA,CAAA,CACrG,MAAQ,CAAA,IAAA,CAAK,EACf,CAAG,CAAA,CACD,OAAS,CAAA,CACP,yBAA2BC,CAAAA,CAC7B,CACF,CAAC,CAAA,CAED,OAAA9B,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAC5B,CAAA,IAAA,CAAK,aAAcY,CAAAA,CAAK,CAAIZ,CAAAA,CAAAA,CACrB,IAAK,CAAA,aAAA,CAAcY,CAAK,CACjC,CACF,CAAA,CC5QO,IAAMG,CAAAA,CAAkB,MAAOjD,CAAgB8C,CAAAA,CAAAA,GAAgC,CACpF,GAAM,CAAE,IAAA,CAAMI,CAAQ,CAAI,CAAA,MAAMpC,CAAoB,CAAA,IAAA,CAAK,cAAgB,CAAA,CAAE,OAAAd,CAAQ,CAAA,KAAA,CAAA8C,CAAM,CAAC,CAC1F,CAAA,OAAOI,CACT,CCLA,CAAA,IAAqBC,CAArB,CAAA,cAA6C,KAAM,CAAnD,kCACE,IAAO,CAAA,IAAA,CAAA,iBAAA,CAEP,IAAU,CAAA,OAAA,CAAA,qBAAA,CACZ,CCJO,CAAA,IAAMC,EAAc,aACdC,CAAAA,CAAAA,CAAe,aACfC,CAAAA,CAAAA,CAAc,YACdC,CAAAA,CAAAA,CAAsB,eACtBC,CAAgB,CAAA,sBAAA,CAChBC,CAA0B,CAAA,uBAAA,CAC1BC,CAA2BF,CAAAA,CAAAA,CAAc,aACzCG,CAAAA,CAAAA,CAA+B,yBCN5C,CAiBO,IAAMC,CAAAA,CAAuB,MAAOC,CAAAA,CAAsCC,CAA+D,GAAA,CAC9I,IAAMC,CAAeD,CAAAA,CAAAA,CAAQN,CAAa,CAAA,EAAKM,CAAQJ,CAAAA,CAAwB,GAAK,EACpF,CAAA,GAAI,CAAC,KAAA,CAAM,OAAQK,CAAAA,CAAY,GAAKA,CAAa,CAAA,WAAA,EAAkBX,GAAAA,CAAAA,CACjE,OAEF,GAAM,CACJ,wBAAAY,CAAAA,CAAAA,CACA,8BAAAC,CAAAA,CAAAA,CACA,sBAAA9B,CAAAA,CACF,EAAI0B,CACEK,CAAAA,CAAAA,CAASJ,CAAQP,CAAAA,CAAmB,CAC1C,CAAA,GAAI,CAACW,CAAU,EAAA,KAAA,CAAM,OAAQA,CAAAA,CAAM,CACjC,CAAA,OAGF,IAAMC,CAAAA,CAAgCL,CAAQ/C,CAAAA,CAA2B,CAAG,EAAA,MAAA,CAAS,CAAI,CAAA,IAAA,CAAK,MAAM+C,CAAQ/C,CAAAA,CAA2B,CAAW,CAAA,CAAI,EAAC,CACjJgB,EAAc+B,CAAU9C,GAAAA,CAAmB,CAAc,EAAA,KAAA,CAAM,GAAG,CAAA,CAElEoD,EAAa,IAAIzC,CAAAA,CAAQuC,CAAQ,CAAA,MAAA,CAAQC,CAA+BpC,CAAAA,CAAU,EACxF,OAAIiC,CAAAA,GACE7B,CACF,CAAA,MAAMiC,CAAW,CAAA,yBAAA,CAA0BjC,CAAsB,CAEjE,CAAA,MAAMiC,CAAW,CAAA,kBAAA,EAIjBH,CAAAA,CAAAA,CAAAA,EACF,MAAMG,CAAW,CAAA,wBAAA,EAGnB1B,CAAAA,mBAAAA,EAAoB,CAAA,gBAAA,EAAkB,IAAIY,CAAac,CAAAA,CAAU,CAC1DA,CAAAA,CACT,CC5BO,CAAA,IAAMC,CAAa,CAAA,CAACR,CAAuC,CAAA,EAAgB,GAAA,MAAOS,CAAKC,CAAAA,CAAAA,CAAKC,IAAuB,CACxH,GAAI,CACF,IAAMJ,CAAa,CAAA,MAAMR,EAAqBC,CAASS,CAAAA,CAAAA,CAAI,OAAO,CAAA,CAC9DF,CACFE,GAAAA,CAAAA,CAAI,KAAOF,CAGXE,CAAAA,CAAAA,CAAI,OAAQb,CAAAA,CAAuB,CAAIW,CAAAA,CAAAA,CAAAA,CAGzCI,IACF,CAAA,KAAY,CACVD,CAAAA,CAAI,MAAO,CAAA,GAAG,EAAE,IAAK,CAAA,CAAE,KAAO,CAAA,0BAA2B,CAAC,EAC5D,CACF,CAEaE,CAAAA,CAAAA,CAAuB,CAACZ,CAAAA,CAIjC,EAAC,GAAe,MAAOS,CAAKC,CAAAA,CAAAA,CAAKC,CAAwB,GAAA,CAC3D,GAAM,CACJ,wBAAAR,CAAAA,CAAAA,CACA,8BAAAC,CAAAA,CAAAA,CACA,oBAAAS,CAAAA,CACF,CAAIb,CAAAA,CAAAA,CACAX,EACJ,GAAIoB,CAAAA,CAAI,OAAQ,CAAA,aAAA,CAAe,CAC7B,GAAI,CACFpB,CAAU,CAAA,MAAMjD,CAAaqE,CAAAA,CAAAA,CAAI,OAAQ,CAAA,aAAa,EACxD,CAASK,MAAAA,CAAAA,CAAG,CACNA,CAAAA,YAAa/E,kBAAI,CAAA,iBAAA,CACnB2E,EAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAA,CAAQ,CAAC,sBAAsB,CAAE,CAAC,CAAA,CAChDI,CAAa/E,YAAAA,kBAAAA,CAAI,kBAC1B2E,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA,CAAE,OAAQ,CAACI,CAAAA,CAAE,OAAO,CAAE,CAAC,CAAA,CAE5CJ,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA,CAAE,MAAQ,CAAA,CAAC,kCAAkC,CAAE,CAAC,CAEvE,CAAA,MACF,CACA,IAAML,EAAShB,CAAS,EAAA,IAAA,EAAM,EAE1BgB,CAAAA,CAAAA,GACFI,CAAI,CAAA,OAAA,CAAQf,CAAmB,CAAIW,CAAAA,CAAAA,CAAAA,CAGrC,IAAMnC,CAAAA,CAAcuC,CAAI,CAAA,OAAA,GAAUtD,CAAmB,CAAc,EAAA,KAAA,CAAM,GAAG,CAAA,CACtEoD,CAAa,CAAA,IAAIzC,EAAQuC,CAAQhB,CAAAA,CAAAA,EAAS,IAAM,EAAA,WAAA,CAAa,MAAWnB,CAAAA,CAAU,GAEpFiC,CAA4BC,EAAAA,CAAAA,GAC9B,MAAM,OAAA,CAAQ,GAAI,CAAA,CAChBD,GAA4BI,CAAW,CAAA,kBAAA,EACvCH,CAAAA,CAAAA,EAAkCG,CAAW,CAAA,wBAAA,EAC/C,CAAC,CAGHE,CAAAA,CAAAA,CAAI,IAAOF,CAAAA,CAAAA,CACX1B,mBAAkB,EAAA,CAAE,kBAAkB,GAAIY,CAAAA,CAAAA,CAAac,CAAU,CAAA,CAIjEE,CAAI,CAAA,OAAA,CAAQb,CAAuB,CAAIW,CAAAA,EACzC,CAAWM,KAAAA,GAAAA,CAAAA,CAAsB,CAC/BH,CAAAA,CAAI,OAAO,GAAG,CAAA,CAAE,IAAK,CAAA,CAAE,MAAQ,CAAA,CAAC,mBAAmB,CAAE,CAAC,CACtD,CAAA,MACF,CACAC,CAAAA,GACF,CAEaI,CAAAA,CAAAA,CAAiBf,CAGf,EAAA,MAAOS,CAAKC,CAAAA,CAAAA,CAAKC,IAAwB,CACtD,GAAM,CACJ,KAAA,CAAA1B,CACA,CAAA,YAAA,CAAAC,CACF,CAAIc,CAAAA,CAAAA,CACAX,CAEJ,CAAA,GAAI,CAACoB,CAAAA,CAAI,OAAQ,CAAA,aAAA,CAAe,CAC9BC,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAAC,mBAAmB,CAAE,CAAC,CAAA,CACtD,MACF,CAEA,GAAI,CAEF,GADArB,CAAU,CAAA,MAAMD,EAAgBqB,CAAI,CAAA,OAAA,CAAQ,aAAexB,CAAAA,CAAK,CAC5D,CAAA,CAACI,EACH,MAAM,IAAIC,CAEd,CAAA,MAASwB,CAAG,CAAA,CACV,GAAIA,CAAa/E,YAAAA,kBAAAA,CAAI,iBAAmB,CAAA,CACtC2E,CAAI,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAA,CAAQ,CAAC,sBAAsB,CAAE,CAAC,CAAA,CACzD,MACF,CACA,GAAI,CAAC3E,kBAAI,CAAA,iBAAA,CAAmBuD,CAAe,CAAA,CAAE,IAAM0B,CAAAA,CAAAA,EAAQF,CAAaE,YAAAA,CAAG,EAAG,CAC5EN,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAACI,CAAE,CAAA,OAAO,CAAE,CAAC,EAC5C,MACF,CACAJ,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,KAAK,CAAE,MAAA,CAAQ,CAAC,kCAAkC,CAAE,CAAC,EACrE,MACF,CACA,IAAML,CAAAA,CAAShB,CAAS,EAAA,MAAA,CACpBgB,IACFI,CAAI,CAAA,OAAA,CAAQf,CAAmB,CAAA,CAAIW,CAGrC,CAAA,CAAA,IAAME,EAAa,IAAIzC,CAAAA,CAAQuC,CAAM,CAAA,CAEjCpB,CACFwB,GAAAA,CAAAA,CAAI,QAAQX,CAA4B,CAAA,CAAIZ,CAE5C,CAAA,MAAMqB,CAAW,CAAA,qBAAA,CAAsBtB,EAAOC,CAAY,CAAA,CAAA,CAG5DuB,CAAI,CAAA,IAAA,CAAOF,CACX,CAAA,IAAMU,EAAsBpC,mBAAkB,EAAA,CAAE,gBAChDoC,CAAAA,CAAAA,EAAqB,GAAIxB,CAAAA,CAAAA,CAAac,CAAU,CAChDU,CAAAA,CAAAA,EAAqB,GAAIzB,CAAAA,CAAAA,CAActD,CAAkBuE,CAAAA,CAAAA,CAAI,QAAQ,aAAa,CAAC,CAInFA,CAAAA,CAAAA,CAAI,OAAQb,CAAAA,CAAuB,EAAIW,CAEvCI,CAAAA,CAAAA,GACF,CAAA,CAEaO,CAA0C,CAAA,MAAOT,EAAKC,CAAKC,CAAAA,CAAAA,GAAS,CAC/E,MAAMF,CAAI,CAAA,IAAA,CAAK,oBACfE,CAAAA,CAAAA,GACF,CAAA,CAEaQ,EAAoBV,CAAAA,CAAAA,EAC1BA,CAAI,CAAA,OAAA,CAAQ,aAGVrE,CAAAA,CAAAA,CAAaqE,CAAI,CAAA,OAAA,CAAQ,aAAa,CAAA,CAFpC,KAKEW,EAAyB,CAAA,MAAOC,CAAgDhB,CAAAA,CAAAA,GAA+B,CAC1H,IAAME,EAAa,IAAIzC,CAAAA,CAAQuC,CAAM,CAAA,CAErC,MAAME,CAAAA,CAAW,oBAEjBc,CAAAA,CAAAA,GAAUC,UAASC,CAAAA,YAAAA,CAAW,MAAM,CAAA,CACpCF,EAAM,gBAAiB,CAAA,GAAA,CAAI5B,CAAac,CAAAA,CAAU,EACpD,CAAA,CAEOiB,GAAQ1D,EC/JR,IAAM2D,CAAiF,CAAA,CAACC,CAAS1B,CAAAA,CAAAA,CAAS2B,IAAS,CACxHD,CAAAA,CAAQ,eAAgB,CAAA,MAAA,CAAQ,MAAS,CAAA,CACzCA,EAAQ,OAAQ,CAAA,WAAA,CAAa,MAAOE,CAAAA,CAASC,CAAU,GAAA,CACrD,GAAI,CACF,IAAMC,CAAAA,CAAO,MAAM/B,CAAAA,CAAqBC,CAAS4B,CAAAA,CAAAA,CAAQ,OAAO,CAC5DE,CAAAA,CAAAA,GACFF,CAAQ,CAAA,IAAA,CAAOE,CAEnB,EAAA,CAAA,KAAY,CACVD,CAAM,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA,CAAE,MAAO,0BAA2B,CAAC,EAC9D,CACF,CAAC,CAAA,CAEDF,IACF,EACAF,CAA2B,CAAA,MAAA,CAAO,GAAI,CAAA,eAAe,CAAC,CAAI,CAAA,IAAA,KCtB7CM,CAAU,CAAA,IAA4BlD,mBAAkB,EAAA,CAAE,gBAAkB,EAAA,GAAA,CAAIY,CAAW,CAE3FuC,CAAAA,CAAAA,CAAc,IAAMD,CAAAA,EAAW,EAAA,EAAA,CAEtCE,CAAuB,CAAA,CAC3BrE,CACAD,CAAAA,CAAAA,GACG,CAACqE,CAAAA,EAAiB,EAAA,MAAA,CAAO,OAAOD,CAAQ,EAAA,CAAG,WAAYpE,CAAAA,CAAU,CAAGC,CAAAA,CAAQ,EAEpEsE,EAAwBC,CAAAA,CAAAA,EAAoBF,CAAqBE,CAAAA,CAAAA,CAAS,QAAQ,CAAA,CAClFC,GAAgCC,CAA4BJ,EAAAA,CAAAA,CAAqBI,CAAiB,CAAA,gBAAgB,CAClHC,CAAAA,EAAAA,CAA+BC,GAA2BN,CAAqBM,CAAAA,CAAAA,CAAgB,eAAe,ECZ9GC,IAAAA,CAAAA,CAAN,cAAsC,KAAM,CACjD,WAAmBV,CAAAA,CAAAA,CAAuB,IAAMW,CAAAA,CAAAA,CAAU,0BAA2B,CACnF,KAAA,CAAMA,CAAO,CAAA,CADI,IAAAX,CAAAA,IAAAA,CAAAA,CAAAA,CAEjB,KAAK,IAAO,CAAA,0BACd,CACF,ECNO,IAAMY,CAAwB,CAAA,CACnC,IAAM,CAAA,MAAA,CACN,KAAO,CAAA,OAAA,CACP,IAAK,KACP,CAAA,CAEMC,EAAwB,CAAA,CAC5B,CAACD,CAAAA,CAAsB,IAAI,EAAG,IAAG,EACjC,CAAA,CAACA,CAAsB,CAAA,KAAK,EAAIE,CAA+B,EAAA,CAC7D,GAAM,CAAE,QAAAC,CAAAA,CAAAA,CAAU,SAAAC,CAAS,CAAA,CAAIF,CAE/B,CAAA,OAAO,CADoB,MAAA,EAAA,MAAA,CAAO,KAAK,CAAGC,EAAAA,CAAQ,CAAIC,CAAAA,EAAAA,CAAQ,CAAE,CAAA,CAAA,CAAE,SAAS,QAAQ,CACjD,CACpC,CAAA,CAAA,CACA,CAACJ,CAAAA,CAAsB,GAAG,EAAIE,CAAAA,EAA+B,CAC3D,GAAM,CAAE,MAAA,CAAAG,CAAO,CAAA,CAAIH,CACnB,CAAA,GAAIG,CACF,CAAA,OAAO,CAAUhH,OAAAA,EAAAA,kBAAAA,CAAI,KAAK,EAAC,CAAGgH,CAAQ,CAAA,CAAE,SAAW,CAAA,EAAG,CAAC,CAAC,CAAA,CAG5D,CACF,CAAA,CAEaC,EAA0BJ,CAAAA,CAAAA,EAA8E,CACnH,IAAMK,CAAAA,CAAsBL,CAAuB,EAAA,MAAA,CAEnD,GAAI,EAAA,CAACK,GAAuB,CAACN,EAAAA,CAAsBM,CAAmB,CAAA,CAAA,CAItE,OAAON,EAAAA,CAAsBM,CAAmB,CAAEL,CAAAA,CAAqB,CACzE,ECTMM,IAAAA,EAAAA,CAA6BC,+BAI7BC,EAAgB,CAAA,CAAC,CAAE,eAAA,CAAAC,CAAkB,CAAA,GAAI,MAAAC,CAAAA,CAAO,CAAiF,CAAA,EAAa,GAAA,CACzIH,YAAQ,CAAA,OAAA,CAAA,CACf,aAAe,CAAA,MAAA,CACf,uBAAyBG,CAAAA,CAAAA,EAAQ,oBACjC,CAAA,GAAGD,CACL,CAAC,EACH,CAEM,CAAA,CAAE,UAAA9B,CAAAA,EAAAA,CAAY,SAAAD,EAAS,CAAA,CAAIiC,aA8BjC,IAAOC,EAAQ,CAAA,CACb,WAAAjC,EACA,CAAA,QAAA,CAAAD,EACA,CAAA,IAAA,CAAAE,EACA,CAAA,UAAA,CAAAhB,EACA,oBAAAI,CAAAA,CAAAA,CACA,8BAAAM,CAAAA,CAAAA,CACA,iBAAAgC,CAAAA,EAAAA,CACA,iBAAA/B,EACA,CAAA,oBAAA,CAAAe,EACA,CAAA,4BAAA,CAAAE,EACA,CAAA,2BAAA,CAAAE,GACA,WAAAN,CAAAA,CAAAA,CACA,OAAAD,CAAAA,CAAAA,CACA,uBAAAS,CAAAA,CAAAA,CACA,cAAAzB,CACA,CAAA,sBAAA,CAAAK,EACA,CAAA,QAAA,CAAAmC,YACA,CAAA,qBAAA,CAAAb,CACA,CAAA,sBAAA,CAAAM,EACA,CAAA,mBAAA,CAAA7F,CACA,CAAA,0BAAA,CAAAsE,CACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport moment from 'moment';\n\nconst {\n DEPRECATED_JWT_SECRET, JWT_NEW_SECRET,\n DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET,\n DEPRECATION_UNIX_TIMESTAMP,\n} = process.env;\n\nconst getRelevantSecret = (token: string | undefined, deprecatedSecret: string, newSecret: string): string => {\n const deprecationTime = moment(parseInt(DEPRECATION_UNIX_TIMESTAMP, 10) * 1000);\n try {\n let unixTime: moment.Moment;\n if (token) {\n const { iat } = jwt.decode(token) as jwt.JwtPayload;\n unixTime = moment(iat * 1000);\n } else {\n unixTime = moment();\n }\n return unixTime.isBefore(deprecationTime) ? deprecatedSecret : newSecret;\n } catch (e) {\n return newSecret;\n }\n};\n\nexport const getRefreshTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET);\nexport const getTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_JWT_SECRET, JWT_NEW_SECRET);\n","import type { UUID } from 'node:crypto';\nimport jwt from 'jsonwebtoken';\nimport { getTokenSecret } from './secret-getter';\n\ntype Context = Partial<Record<ContextProp | 'id', string>> & { subSystem?: SubSystemType; permissions?: string[]; entityId: string; };\n\nconst CONTEXT_PROPS = ['fleetId', 'businessModelId', 'demandSourceId'] as const;\ntype ContextProp = typeof CONTEXT_PROPS[number];\nconst CONTEXT_MAP_PROPS = {\n fleet: 'fleets',\n business: 'businessModels',\n demand: 'demandSources',\n} as const;\ntype SubSystemType = keyof typeof CONTEXT_MAP_PROPS;\ntype ContextSubSystemProp = typeof CONTEXT_MAP_PROPS[SubSystemType];\n\nexport const getAuthFromBearer = (bearer: string): string => bearer.replace('Bearer ', '');\n\nexport const decodeBearer = (bearer: string, appSecret?: string): any => {\n const token = getAuthFromBearer(bearer);\n const decoded = jwt.verify(token, appSecret || getTokenSecret(token));\n return decoded;\n};\n\nexport const parsePermissions = (contextId: string, decodedToken: { contexts: Context[]; }): { key: string; value: string; } | undefined => {\n if (!decodedToken) return undefined;\n const { contexts } = decodedToken;\n const activeContext = contexts.find((context) => context.id === contextId);\n\n const permissionsValue = `${activeContext.permissions?.map((cp) => `${cp},`)}`;\n\n return {\n key: activeContext.entityId,\n value: permissionsValue,\n };\n};\n\ntype EntitiesFromContext = { [key in ContextSubSystemProp]?: Record<string, string> };\nexport const getEntitiesFromContext = (contextId: string | undefined, decodedToken: { contexts: Context[]; }): EntitiesFromContext => {\n if (!decodedToken) return {};\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n\n const attributes: EntitiesFromContext = {};\n contexts.forEach((context) => {\n const prop = CONTEXT_MAP_PROPS[context.subSystem || 'business'];\n\n const permissions = parsePermissions(context.id, decodedToken);\n if (!permissions) return;\n attributes[prop] ||= {};\n attributes[prop][permissions.key] = permissions.value;\n });\n\n return attributes;\n};\n\ntype ContextAttributes = { [key in ContextProp]?: string[] };\nexport const getContextAttributes = (contextId: string | undefined, decodedToken: { contexts: Context[]; }): ContextAttributes => {\n if (!decodedToken) return {};\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n const attributes: ContextAttributes = {};\n contexts.forEach((context) => {\n CONTEXT_PROPS.forEach((prop) => {\n if (context[prop]) {\n attributes[prop] ||= [];\n attributes[prop].push(context[prop]);\n }\n });\n });\n return attributes;\n};\n\nconst EMPTY_UUID = '00000000-0000-0000-0000-000000000000';\nconst FULL_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff';\nconst VALID_CHARS_REGEX = '[0-9a-f]';\nconst UUID_VERSION_REGEX = '[1-8]';\nconst UUID_REGEX = new RegExp(\n `^(?:${VALID_CHARS_REGEX}{8}-${VALID_CHARS_REGEX}{4}-${UUID_VERSION_REGEX}${VALID_CHARS_REGEX}{3}-[89ab]${VALID_CHARS_REGEX}{3}-${VALID_CHARS_REGEX}{12}|${EMPTY_UUID}|${FULL_UUID})$`,\n 'i',\n);\nexport function validateUUID(uuid: unknown): uuid is UUID {\n return typeof uuid === 'string' && UUID_REGEX.test(uuid);\n}\n","import Network from '@autofleet/network';\n\nconst CACHE_LIFETIME_IN_SEC = 10;\nconst apiGwUrl = process.env.API_GATEWAY_URL || 'https://api.autofleet.io';\n\n// eslint-disable-next-line import/prefer-default-export\nexport const IdentityNetwork = new Network({\n serviceName: 'IDENTITY_MS',\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n\nexport const AutofleetApiNetwork = new Network({\n baseURL: apiGwUrl,\n serviceUrl: apiGwUrl,\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n","import NodeCache from 'node-cache';\nimport objectHash from 'object-hash';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport { validateUUID } from '../utils';\nimport { AutofleetApiNetwork, IdentityNetwork } from '../services';\n\nexport type AccountType = 'client' | 'user' | 'service' | 'driver'\ninterface EntityPermissions {\n [key: string]: string[];\n}\n\nexport const ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';\nexport const CONTEXTS_IDS_HEADER = 'x-af-context-ids';\n\nexport interface UserPayload {\n businessModels: EntityPermissions;\n fleets: EntityPermissions;\n demandSources: EntityPermissions;\n businessAccounts?: EntityPermissions;\n accountType?: AccountType;\n contexts?: EntityPermissions;\n createdAt?: string;\n}\n\nexport interface PartialUserPayload {\n businessModels?: EntityPermissions;\n fleets?: EntityPermissions;\n demandSources?: EntityPermissions;\n vehicles?: EntityPermissions;\n drivers?: EntityPermissions;\n businessAccounts?: EntityPermissions;\n}\n\nconst userCache = new NodeCache({ stdTTL: 10 });\n\nconst mergePermissions = (target: UserPayload, sources: Iterable<PartialUserPayload>): UserPayload => {\n const permissions: UserPayload = {\n ...target,\n fleets: { ...target?.fleets },\n businessModels: { ...target?.businessModels },\n demandSources: { ...target?.demandSources },\n // Clone other nested objects as needed\n };\n\n // eslint-disable-next-line no-restricted-syntax\n for (const source of sources) {\n Object.keys(source).forEach((entityType) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType] ??= {};\n Object.entries(source[entityType]!).forEach(([entityId, perms]) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType][entityId] = (permissions[entityType][entityId] || []).concat(perms);\n });\n });\n }\n\n return permissions;\n};\n\nif (typeof Symbol.dispose !== 'symbol') {\n // Polyfill for dispose if it does not exist, based on https://github.com/nodejs/node/blob/9a9409ff1f45c968173118de4cd37dea784f8ec9/lib/internal/process/pre_execution.js#L163-L171\n Object.defineProperty(Symbol, 'dispose', {\n // @ts-expect-error: TypeScript does not recognize __proto__ as a valid property\n __proto__: null,\n configurable: false,\n enumerable: false,\n value: Symbol.for('nodejs.dispose'),\n writable: false,\n });\n}\nif (typeof Symbol.asyncDispose !== 'symbol') {\n // Polyfill for asyncDispose if it does not exist, based on https://github.com/nodejs/node/blob/9a9409ff1f45c968173118de4cd37dea784f8ec9/lib/internal/process/pre_execution.js#L174-L183\n Object.defineProperty(Symbol, 'asyncDispose', {\n // @ts-expect-error: TypeScript does not recognize __proto__ as a valid property\n __proto__: null,\n configurable: false,\n enumerable: false,\n value: Symbol.for('nodejs.asyncDispose'),\n writable: false,\n });\n}\n\nexport default class ApiUser {\n private privatePermissions: UserPayload | undefined;\n\n private readonly privateElevatedPermissionsHash = new Map<symbol, PartialUserPayload | undefined>();\n\n private privatePermissionsLegacy: any;\n\n private readonly appPermission: {[key: string]: any; } = {};\n\n public readonly emptyUser: boolean;\n\n constructor(public id? : string, public accountType?: AccountType, elevatedPermissions?: PartialUserPayload, public contextIds?: string[]) {\n this.emptyUser = !!id;\n if (elevatedPermissions) {\n this.privateElevatedPermissionsHash.set(Symbol('initial'), elevatedPermissions);\n }\n }\n\n public async getUserPermissions(): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n });\n\n let data = userCache.get<UserPayload>(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get<UserPayload>(`/api/v1/users/${this.id}/authorization-payload`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.accountType = data.accountType;\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public async useCustomPermissionLoader(customPermissionLoader: (userId: string) => UserPayload | PromiseLike<UserPayload>): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n\n const cacheKey = this.id;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.privatePermissions = cachedResult;\n return cachedResult;\n }\n\n const data = await customPermissionLoader(this.id);\n userCache.set(cacheKey, data);\n\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public get businessModels(): string[] {\n return this.getUserProperty('businessModels');\n }\n\n public get fleets(): string[] {\n return this.getUserProperty('fleets');\n }\n\n public get demandSources(): string[] {\n return this.getUserProperty('demandSources');\n }\n\n private getUserProperty(key: keyof UserPayload): string[] {\n if (!this.privatePermissions) {\n throw new Error(`Cannot get ${key} without calling (async) getUserPermissions before`);\n }\n return Object.keys(this.privatePermissions[key] || {});\n }\n\n public get elevatedPermissions(): UserPayload {\n return mergePermissions(undefined, this.privateElevatedPermissionsHash.values());\n }\n\n public get permissions(): UserPayload | undefined {\n if (!this.privatePermissions) {\n throw new Error('Cannot get permissions without calling (async) getUserPermissions before');\n }\n\n return mergePermissions(this.privatePermissions, this.privateElevatedPermissionsHash.values());\n }\n\n public elevatePermissions(addedPermissions: PartialUserPayload): (() => void) & { [Symbol.dispose]: () => void } {\n // @itayankri is concerned about memory consumption, so create a symbol with no description, to avoid assigning memory for the description string\n // eslint-disable-next-line symbol-description\n const elevationId = Symbol();\n\n // Validate that the added permissions are valid UUIDs\n Object.values(addedPermissions).forEach((entityIds) => {\n Object.keys(entityIds).forEach((entityId) => {\n if (!validateUUID(entityId)) {\n throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${entityId}`);\n }\n });\n });\n\n const currentUserTrace = getCurrentContext();\n if (!currentUserTrace) {\n throw new Error('Cannot find current user cross services trace');\n }\n\n const currentElevation = JSON.parse(currentUserTrace.context[ELEVATED_PERMISSIONS_HEADER] || '{}');\n const newElevation = Object.assign(currentElevation, addedPermissions);\n this.privateElevatedPermissionsHash.set(elevationId, newElevation);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n const cleanup = () => {\n this.privateElevatedPermissionsHash.delete(elevationId);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n };\n cleanup[Symbol.dispose] = cleanup;\n return cleanup;\n }\n\n public async getUserPermissionsLegacy() {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissionsLegacy) {\n return this.privatePermissionsLegacy;\n }\n\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n legacy: true,\n });\n let data = userCache.get(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload-legacy`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.privatePermissionsLegacy = data;\n return this.privatePermissionsLegacy;\n }\n\n public get permissionsLegacy(): any {\n if (!this.privatePermissionsLegacy) {\n throw new Error('Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before');\n }\n return this.privatePermissionsLegacy;\n }\n\n public async getUserAppPermissions(appId: string, clientSecret: string): Promise<UserPayload | undefined> {\n if (!this.id || !appId || !clientSecret) {\n return undefined;\n }\n const currentAppPermission = this.appPermission[appId];\n\n if (currentAppPermission) {\n return currentAppPermission;\n }\n\n const cacheKey = `${this.id}:${appId}`;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.appPermission[appId] = cachedResult;\n return cachedResult;\n }\n\n const { data } = await AutofleetApiNetwork.post<UserPayload>(`/api/v1/apps/${appId}/get-user-payload`, {\n userId: this.id,\n }, {\n headers: {\n 'x-autofleet-apps-secret': clientSecret,\n },\n });\n\n userCache.set(cacheKey, data);\n this.appPermission[appId] = data;\n return this.appPermission[appId];\n }\n}\n","import { AutofleetApiNetwork } from './services';\n\nexport const decodeAppBearer = async (bearer: string, appId: string): Promise<any> => {\n const { data: decoded } = await AutofleetApiNetwork.post('/api/v1/auth', { bearer, appId });\n return decoded;\n};\n\nexport const getClientSecret = async (appId: string): Promise<any> => {\n const { data: secret } = await AutofleetApiNetwork.get(`/api/v1/auth/client-secret/${appId}`);\n return secret;\n};\n","export default class AppDoesNotExist extends Error {\n name = 'AppDoesNotExist';\n\n message = 'app does not exist';\n}\n","export const IDENTITY_MS = 'identity-ms';\nexport const ACCESS_TOKEN = 'accessToken';\nexport const USER_OBJECT = 'userObject';\nexport const USER_TRACING_HEADER = 'x-af-user-id';\nexport const ORIGIN_HEADER = 'X-IAF-ORIGIN-SERVICE';\nexport const USER_PERMISSIONS_HEADER = 'x-af-user-permissions';\nexport const LOWER_CASE_ORIGIN_HEADER = ORIGIN_HEADER.toLowerCase();\nexport const AUTOFLEET_APPS_SECRET_HEADER = 'x-autofleet-apps-secret';\n","import type { IncomingHttpHeaders } from 'node:http';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport ApiUser, { CONTEXTS_IDS_HEADER, ELEVATED_PERMISSIONS_HEADER, type UserPayload } from './ApiUser';\nimport {\n IDENTITY_MS,\n USER_OBJECT,\n USER_TRACING_HEADER,\n ORIGIN_HEADER,\n LOWER_CASE_ORIGIN_HEADER,\n} from './const';\n\nexport type CustomPermissionLoader = (userId: string) => Promise<UserPayload>;\nexport interface AuthFromUserIdHeaderOptions {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n customPermissionLoader?: CustomPermissionLoader;\n}\n\nexport const authFromUserIdHeader = async (options: AuthFromUserIdHeaderOptions, headers: IncomingHttpHeaders): Promise<ApiUser | undefined> => {\n const originHeader = headers[ORIGIN_HEADER] || headers[LOWER_CASE_ORIGIN_HEADER] || '';\n if (!Array.isArray(originHeader) && originHeader.toLowerCase() === IDENTITY_MS) {\n return undefined;\n }\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n customPermissionLoader,\n } = options;\n const userId = headers[USER_TRACING_HEADER] as string;\n if (!userId || Array.isArray(userId)) {\n return undefined;\n }\n\n const elevatedPermissionsFromHeader = headers[ELEVATED_PERMISSIONS_HEADER]?.length > 0 ? JSON.parse(headers[ELEVATED_PERMISSIONS_HEADER] as string) : {};\n const contextIds = (headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n\n const userObject = new ApiUser(userId, 'user', elevatedPermissionsFromHeader, contextIds);\n if (eagerLoadUserPermissions) {\n if (customPermissionLoader) {\n await userObject.useCustomPermissionLoader(customPermissionLoader);\n } else {\n await userObject.getUserPermissions();\n }\n }\n\n if (eagerLoadUserPermissionsLegacy) {\n await userObject.getUserPermissionsLegacy();\n }\n\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n return userObject;\n};\n","import type { Handler, Request } from 'express';\nimport { getCurrentContext, newTrace, traceTypes } from '@autofleet/outbreak';\nimport jwt from 'jsonwebtoken';\nimport ApiUser, { CONTEXTS_IDS_HEADER } from './ApiUser';\nimport { decodeAppBearer } from '../app-auth';\nimport AppDoesNotExist from '../exceptions/appDoesNotExist';\nimport { decodeBearer, getAuthFromBearer } from '../utils';\nimport {\n ACCESS_TOKEN,\n USER_OBJECT,\n USER_TRACING_HEADER,\n USER_PERMISSIONS_HEADER,\n AUTOFLEET_APPS_SECRET_HEADER,\n} from './const';\nimport { authFromUserIdHeader, AuthFromUserIdHeaderOptions } from './common';\n\ndeclare module 'express-serve-static-core' {\n // eslint-disable-next-line @typescript-eslint/no-shadow\n interface Request {\n user: ApiUser;\n }\n}\n\nexport const middleware = (options: AuthFromUserIdHeaderOptions = {}): Handler => async (req, res, next): Promise<any> => {\n try {\n const userObject = await authFromUserIdHeader(options, req.headers);\n if (userObject) {\n req.user = userObject;\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n }\n\n next();\n } catch (e) {\n res.status(401).json({ error: 'cannot authenticate user' });\n }\n};\n\nexport const middlewareWithDecode = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n returnErrorIfNoToken?: boolean\n} = {}): Handler => async (req, res, next): Promise<void> => {\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n returnErrorIfNoToken,\n } = options;\n let decoded;\n if (req.headers.authorization) {\n try {\n decoded = await decodeBearer(req.headers.authorization);\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n } else if (e instanceof jwt.JsonWebTokenError) {\n res.status(400).json({ errors: [e.message] });\n } else {\n res.status(500).json({ errors: ['Server error while parsing token'] });\n }\n return;\n }\n const userId = decoded?.user?.id;\n\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n const userObject = new ApiUser(userId, decoded?.user?.accountType, undefined, contextIds);\n\n if (eagerLoadUserPermissions || eagerLoadUserPermissionsLegacy) {\n await Promise.all([\n eagerLoadUserPermissions && userObject.getUserPermissions(),\n eagerLoadUserPermissionsLegacy && userObject.getUserPermissionsLegacy(),\n ]);\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n } else if (returnErrorIfNoToken) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n next();\n};\n\nexport const appMiddleware = (options: {\n appId: string,\n clientSecret: string\n}): Handler => async (req, res, next): Promise<void> => {\n const {\n appId,\n clientSecret,\n } = options;\n let decoded;\n\n if (!req.headers.authorization) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n\n try {\n decoded = await decodeAppBearer(req.headers.authorization, appId);\n if (!decoded) {\n throw new AppDoesNotExist();\n }\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n return;\n }\n if ([jwt.JsonWebTokenError, AppDoesNotExist].some((Err) => e instanceof Err)) {\n res.status(400).json({ errors: [e.message] });\n return;\n }\n res.status(500).json({ errors: ['Server error while parsing token'] });\n return;\n }\n const userId = decoded?.userId;\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const userObject = new ApiUser(userId);\n\n if (appId) {\n req.headers[AUTOFLEET_APPS_SECRET_HEADER] = clientSecret;\n // Won't work until we find a better solution for identity ms\n await userObject.getUserAppPermissions(appId, clientSecret);\n }\n\n req.user = userObject;\n const currentTraceContext = getCurrentContext().nonHeaderContext;\n currentTraceContext?.set(USER_OBJECT, userObject);\n currentTraceContext?.set(ACCESS_TOKEN, getAuthFromBearer(req.headers.authorization));\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n next();\n};\n\nexport const eagerLoadPermissionsMiddleware: Handler = async (req, res, next) => {\n await req.user.getUserPermissions();\n next();\n};\n\nexport const getDecodedBearer = (req: Request) => {\n if (!req.headers.authorization) {\n return null;\n }\n return decodeBearer(req.headers.authorization);\n};\n\nexport const createOrSetRabbitTrace = async (trace: ReturnType<typeof newTrace> | undefined, userId: string | undefined) => {\n const userObject = new ApiUser(userId);\n\n await userObject.getUserPermissions();\n // eslint-disable-next-line no-param-reassign\n trace ??= newTrace(traceTypes.RABBIT);\n trace.nonHeaderContext.set(USER_OBJECT, userObject);\n};\n\nexport default ApiUser;\n","import type { FastifyPluginCallback } from 'fastify';\nimport type ApiUser from './ApiUser';\nimport { AuthFromUserIdHeaderOptions, authFromUserIdHeader } from './common';\n\ndeclare module 'fastify' {\n interface FastifyRequest {\n user?: ApiUser;\n }\n}\n\n// eslint-disable-next-line import/prefer-default-export\nexport const authFromUserIdHeaderPlugin: FastifyPluginCallback<AuthFromUserIdHeaderOptions> = (fastify, options, done) => {\n fastify.decorateRequest('user', undefined);\n fastify.addHook('onRequest', async (request, reply) => {\n try {\n const user = await authFromUserIdHeader(options, request.headers);\n if (user) {\n request.user = user;\n }\n } catch (e) {\n reply.status(401).send({ error: 'cannot authenticate user' });\n }\n });\n\n done();\n};\nauthFromUserIdHeaderPlugin[Symbol.for('skip-override')] = true; // Prevent Fastify from overriding the plugin\n","import { getCurrentContext } from '@autofleet/outbreak';\nimport { USER_OBJECT } from './user/const';\nimport ApiUser, { type UserPayload } from './user/ApiUser';\n\nexport const getUser = () : ApiUser | undefined => getCurrentContext().nonHeaderContext?.get(USER_OBJECT) as ApiUser | undefined;\n\nexport const isUserExist = () => getUser()?.id;\n\nconst checkUserPermissions = (\n entityId: string,\n entityType: Exclude<keyof UserPayload, 'accountType' | 'createdAt'>,\n) => !isUserExist() || Object.hasOwn(getUser()!.permissions[entityType], entityId);\n\nexport const checkFleetPermission = (fleetId: string) => checkUserPermissions(fleetId, 'fleets');\nexport const checkBusinessModelPermission = (businessModelId: string) => checkUserPermissions(businessModelId, 'businessModels');\nexport const checkDemandSourcePermission = (demandSourceId: string) => checkUserPermissions(demandSourceId, 'demandSources');\n","import type ApiUser from './user';\n\n// eslint-disable-next-line import/prefer-default-export\nexport class UnauthorizedAccessError extends Error {\n constructor(public user: ApiUser | null = null, message = 'UnauthorizedAccessError') {\n super(message);\n this.name = 'UnauthorizedAccessError';\n }\n}\n","import jwt from 'jsonwebtoken';\n\nexport const AUTHORIZATION_METHODS = {\n NONE: 'NONE',\n BASIC: 'BASIC',\n JWT: 'JWT',\n};\n\nconst AUTHORIZATION_ACTIONS = {\n [AUTHORIZATION_METHODS.NONE]: () => undefined,\n [AUTHORIZATION_METHODS.BASIC]: (authorizationSettings: any) => {\n const { username, password } = authorizationSettings;\n const encodedCredentials = Buffer.from(`${username}:${password}`).toString('base64');\n return `Basic ${encodedCredentials}`;\n },\n [AUTHORIZATION_METHODS.JWT]: (authorizationSettings: any) => {\n const { secret } = authorizationSettings;\n if (secret) {\n return `Bearer ${jwt.sign({}, secret, { expiresIn: 10 })}`;\n }\n return undefined;\n },\n};\n\nexport const getAuthorizationHeader = (authorizationSettings: { method: string } | undefined): string | undefined => {\n const authorizationMethod = authorizationSettings?.method;\n\n if (!authorizationMethod || !AUTHORIZATION_ACTIONS[authorizationMethod]) {\n return undefined;\n }\n\n return AUTHORIZATION_ACTIONS[authorizationMethod](authorizationSettings);\n};\n","import type { LoggerInstanceManager } from '@autofleet/logger';\nimport * as outbreak from '@autofleet/outbreak';\nimport User, {\n middleware,\n eagerLoadPermissionsMiddleware,\n middlewareWithDecode,\n getDecodedBearer,\n appMiddleware,\n createOrSetRabbitTrace,\n} from './user';\nimport { authFromUserIdHeaderPlugin } from './user/fastify';\nimport { type UserPayload, CONTEXTS_IDS_HEADER } from './user/ApiUser';\nimport {\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n} from './check-permission';\nimport { UnauthorizedAccessError } from './errors';\nimport { getRefreshTokenSecret, getTokenSecret } from './secret-getter';\nimport { AUTHORIZATION_METHODS, getAuthorizationHeader } from './authorization';\n\nconst getCurrentPayload = outbreak.getCurrentContext;\n\ntype OutbreakOptions = Parameters<typeof outbreak.default>[0];\ntype LoggerWithContextMiddleware = Partial<Pick<LoggerInstanceManager, 'addContextMiddleware'>>;\nconst enableTracing = ({ outbreakOptions = {}, logger }: { outbreakOptions?: OutbreakOptions, logger?: LoggerWithContextMiddleware } = {}): void => {\n outbreak.default({\n headersPrefix: 'x-af',\n contextMiddlewareGetter: logger?.addContextMiddleware,\n ...outbreakOptions,\n });\n};\n\nconst { traceTypes, newTrace } = outbreak;\n\nexport {\n traceTypes,\n newTrace,\n enableTracing,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n getRefreshTokenSecret,\n getTokenSecret,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n type UserPayload,\n CONTEXTS_IDS_HEADER,\n authFromUserIdHeaderPlugin,\n};\n\nexport default {\n traceTypes,\n newTrace,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n CONTEXTS_IDS_HEADER,\n authFromUserIdHeaderPlugin,\n};\n"]}
|
package/lib/index.d.cts
CHANGED
|
@@ -2,7 +2,6 @@ import * as fastify from 'fastify';
|
|
|
2
2
|
import { FastifyPluginCallback } from 'fastify';
|
|
3
3
|
import * as express from 'express';
|
|
4
4
|
import { Handler, Request } from 'express';
|
|
5
|
-
import * as crypto from 'crypto';
|
|
6
5
|
import { LoggerInstanceManager } from '@autofleet/logger';
|
|
7
6
|
import * as outbreak from '@autofleet/outbreak';
|
|
8
7
|
import { newTrace as newTrace$1 } from '@autofleet/outbreak';
|
|
@@ -42,16 +41,18 @@ declare class ApiUser {
|
|
|
42
41
|
constructor(id?: string, accountType?: AccountType, elevatedPermissions?: PartialUserPayload, contextIds?: string[]);
|
|
43
42
|
getUserPermissions(): Promise<UserPayload>;
|
|
44
43
|
useCustomPermissionLoader(customPermissionLoader: (userId: string) => UserPayload | PromiseLike<UserPayload>): Promise<UserPayload>;
|
|
45
|
-
get businessModels(): string[]
|
|
46
|
-
get fleets(): string[]
|
|
47
|
-
get demandSources(): string[]
|
|
44
|
+
get businessModels(): string[];
|
|
45
|
+
get fleets(): string[];
|
|
46
|
+
get demandSources(): string[];
|
|
48
47
|
private getUserProperty;
|
|
49
48
|
get elevatedPermissions(): UserPayload;
|
|
50
49
|
get permissions(): UserPayload | undefined;
|
|
51
|
-
elevatePermissions(addedPermissions: PartialUserPayload): () => void
|
|
50
|
+
elevatePermissions(addedPermissions: PartialUserPayload): (() => void) & {
|
|
51
|
+
[Symbol.dispose]: () => void;
|
|
52
|
+
};
|
|
52
53
|
getUserPermissionsLegacy(): Promise<any>;
|
|
53
54
|
get permissionsLegacy(): any;
|
|
54
|
-
getUserAppPermissions(appId:
|
|
55
|
+
getUserAppPermissions(appId: string, clientSecret: string): Promise<UserPayload | undefined>;
|
|
55
56
|
}
|
|
56
57
|
|
|
57
58
|
type CustomPermissionLoader = (userId: string) => Promise<UserPayload>;
|
|
@@ -112,7 +113,7 @@ declare const getAuthorizationHeader: (authorizationSettings: {
|
|
|
112
113
|
|
|
113
114
|
declare const getCurrentPayload: () => {
|
|
114
115
|
type: "httpRequest" | "webSocket" | "rabbit" | "bull";
|
|
115
|
-
readonly id:
|
|
116
|
+
readonly id: `${string}-${string}-${string}-${string}-${string}`;
|
|
116
117
|
readonly context: Map<string, unknown>;
|
|
117
118
|
readonly nonHeaderContext: Map<string, unknown>;
|
|
118
119
|
} | Record<string, never>;
|
|
@@ -130,7 +131,7 @@ declare const traceTypes: {
|
|
|
130
131
|
};
|
|
131
132
|
declare const newTrace: (type: "httpRequest" | "webSocket" | "rabbit" | "bull") => {
|
|
132
133
|
type: "httpRequest" | "webSocket" | "rabbit" | "bull";
|
|
133
|
-
readonly id:
|
|
134
|
+
readonly id: `${string}-${string}-${string}-${string}-${string}`;
|
|
134
135
|
readonly context: Map<string, unknown>;
|
|
135
136
|
readonly nonHeaderContext: Map<string, unknown>;
|
|
136
137
|
};
|
|
@@ -144,7 +145,7 @@ declare const _default: {
|
|
|
144
145
|
};
|
|
145
146
|
newTrace: (type: "httpRequest" | "webSocket" | "rabbit" | "bull") => {
|
|
146
147
|
type: "httpRequest" | "webSocket" | "rabbit" | "bull";
|
|
147
|
-
readonly id:
|
|
148
|
+
readonly id: `${string}-${string}-${string}-${string}-${string}`;
|
|
148
149
|
readonly context: Map<string, unknown>;
|
|
149
150
|
readonly nonHeaderContext: Map<string, unknown>;
|
|
150
151
|
};
|
|
@@ -158,7 +159,7 @@ declare const _default: {
|
|
|
158
159
|
eagerLoadPermissionsMiddleware: express.Handler;
|
|
159
160
|
getCurrentPayload: () => {
|
|
160
161
|
type: "httpRequest" | "webSocket" | "rabbit" | "bull";
|
|
161
|
-
readonly id:
|
|
162
|
+
readonly id: `${string}-${string}-${string}-${string}-${string}`;
|
|
162
163
|
readonly context: Map<string, unknown>;
|
|
163
164
|
readonly nonHeaderContext: Map<string, unknown>;
|
|
164
165
|
} | Record<string, never>;
|
package/lib/index.d.ts
CHANGED
|
@@ -2,7 +2,6 @@ import * as fastify from 'fastify';
|
|
|
2
2
|
import { FastifyPluginCallback } from 'fastify';
|
|
3
3
|
import * as express from 'express';
|
|
4
4
|
import { Handler, Request } from 'express';
|
|
5
|
-
import * as crypto from 'crypto';
|
|
6
5
|
import { LoggerInstanceManager } from '@autofleet/logger';
|
|
7
6
|
import * as outbreak from '@autofleet/outbreak';
|
|
8
7
|
import { newTrace as newTrace$1 } from '@autofleet/outbreak';
|
|
@@ -42,16 +41,18 @@ declare class ApiUser {
|
|
|
42
41
|
constructor(id?: string, accountType?: AccountType, elevatedPermissions?: PartialUserPayload, contextIds?: string[]);
|
|
43
42
|
getUserPermissions(): Promise<UserPayload>;
|
|
44
43
|
useCustomPermissionLoader(customPermissionLoader: (userId: string) => UserPayload | PromiseLike<UserPayload>): Promise<UserPayload>;
|
|
45
|
-
get businessModels(): string[]
|
|
46
|
-
get fleets(): string[]
|
|
47
|
-
get demandSources(): string[]
|
|
44
|
+
get businessModels(): string[];
|
|
45
|
+
get fleets(): string[];
|
|
46
|
+
get demandSources(): string[];
|
|
48
47
|
private getUserProperty;
|
|
49
48
|
get elevatedPermissions(): UserPayload;
|
|
50
49
|
get permissions(): UserPayload | undefined;
|
|
51
|
-
elevatePermissions(addedPermissions: PartialUserPayload): () => void
|
|
50
|
+
elevatePermissions(addedPermissions: PartialUserPayload): (() => void) & {
|
|
51
|
+
[Symbol.dispose]: () => void;
|
|
52
|
+
};
|
|
52
53
|
getUserPermissionsLegacy(): Promise<any>;
|
|
53
54
|
get permissionsLegacy(): any;
|
|
54
|
-
getUserAppPermissions(appId:
|
|
55
|
+
getUserAppPermissions(appId: string, clientSecret: string): Promise<UserPayload | undefined>;
|
|
55
56
|
}
|
|
56
57
|
|
|
57
58
|
type CustomPermissionLoader = (userId: string) => Promise<UserPayload>;
|
|
@@ -112,7 +113,7 @@ declare const getAuthorizationHeader: (authorizationSettings: {
|
|
|
112
113
|
|
|
113
114
|
declare const getCurrentPayload: () => {
|
|
114
115
|
type: "httpRequest" | "webSocket" | "rabbit" | "bull";
|
|
115
|
-
readonly id:
|
|
116
|
+
readonly id: `${string}-${string}-${string}-${string}-${string}`;
|
|
116
117
|
readonly context: Map<string, unknown>;
|
|
117
118
|
readonly nonHeaderContext: Map<string, unknown>;
|
|
118
119
|
} | Record<string, never>;
|
|
@@ -130,7 +131,7 @@ declare const traceTypes: {
|
|
|
130
131
|
};
|
|
131
132
|
declare const newTrace: (type: "httpRequest" | "webSocket" | "rabbit" | "bull") => {
|
|
132
133
|
type: "httpRequest" | "webSocket" | "rabbit" | "bull";
|
|
133
|
-
readonly id:
|
|
134
|
+
readonly id: `${string}-${string}-${string}-${string}-${string}`;
|
|
134
135
|
readonly context: Map<string, unknown>;
|
|
135
136
|
readonly nonHeaderContext: Map<string, unknown>;
|
|
136
137
|
};
|
|
@@ -144,7 +145,7 @@ declare const _default: {
|
|
|
144
145
|
};
|
|
145
146
|
newTrace: (type: "httpRequest" | "webSocket" | "rabbit" | "bull") => {
|
|
146
147
|
type: "httpRequest" | "webSocket" | "rabbit" | "bull";
|
|
147
|
-
readonly id:
|
|
148
|
+
readonly id: `${string}-${string}-${string}-${string}-${string}`;
|
|
148
149
|
readonly context: Map<string, unknown>;
|
|
149
150
|
readonly nonHeaderContext: Map<string, unknown>;
|
|
150
151
|
};
|
|
@@ -158,7 +159,7 @@ declare const _default: {
|
|
|
158
159
|
eagerLoadPermissionsMiddleware: express.Handler;
|
|
159
160
|
getCurrentPayload: () => {
|
|
160
161
|
type: "httpRequest" | "webSocket" | "rabbit" | "bull";
|
|
161
|
-
readonly id:
|
|
162
|
+
readonly id: `${string}-${string}-${string}-${string}-${string}`;
|
|
162
163
|
readonly context: Map<string, unknown>;
|
|
163
164
|
readonly nonHeaderContext: Map<string, unknown>;
|
|
164
165
|
} | Record<string, never>;
|
package/lib/index.js
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import*as
|
|
2
|
-
export{
|
|
1
|
+
import*as P from'@autofleet/outbreak';import {getCurrentContext,newTrace,traceTypes}from'@autofleet/outbreak';export{P as outbreak };import T from'jsonwebtoken';import xe from'node-cache';import $ from'object-hash';import v from'moment';import F from'@autofleet/network';var {DEPRECATED_JWT_SECRET:de,JWT_NEW_SECRET:ue,DEPRECATED_REFRESH_JWT_SECRET:pe,REFRESH_JWT_SECRET:me,DEPRECATION_UNIX_TIMESTAMP:fe}=process.env,L=(t,e,s)=>{let r=v(parseInt(fe,10)*1e3);try{let o;if(t){let{iat:i}=T.decode(t);o=v(i*1e3);}else o=v();return o.isBefore(r)?e:s}catch{return s}},le=t=>L(t,pe,me),_=t=>L(t,de,ue);var R=t=>t.replace("Bearer ",""),O=(t,e)=>{let s=R(t);return T.verify(s,_(s))};var Ee="00000000-0000-0000-0000-000000000000",Pe="ffffffff-ffff-ffff-ffff-ffffffffffff",h="[0-9a-f]",ge="[1-8]",he=new RegExp(`^(?:${h}{8}-${h}{4}-${ge}${h}{3}-[89ab]${h}{3}-${h}{12}|${Ee}|${Pe})$`,"i");function M(t){return typeof t=="string"&&he.test(t)}var B=10,j=process.env.API_GATEWAY_URL||"https://api.autofleet.io",w=new F({serviceName:"IDENTITY_MS",retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:B*1e3}:void 0}),S=new F({baseURL:j,serviceUrl:j,retries:3,retryCondition:()=>true,cache:process.env.NODE_ENV!=="test"?{maxAge:B*1e3}:void 0});var l="x-af-elevated-permissions",y="x-af-context-ids",m=new xe({stdTTL:10}),J=(t,e)=>{let s={...t,fleets:{...t?.fleets},businessModels:{...t?.businessModels},demandSources:{...t?.demandSources}};for(let r of e)Object.keys(r).forEach(o=>{s[o]??={},Object.entries(r[o]).forEach(([i,n])=>{s[o][i]=(s[o][i]||[]).concat(n);});});return s};typeof Symbol.dispose!="symbol"&&Object.defineProperty(Symbol,"dispose",{__proto__:null,configurable:false,enumerable:false,value:Symbol.for("nodejs.dispose"),writable:false});typeof Symbol.asyncDispose!="symbol"&&Object.defineProperty(Symbol,"asyncDispose",{__proto__:null,configurable:false,enumerable:false,value:Symbol.for("nodejs.asyncDispose"),writable:false});var u=class{constructor(e,s,r,o){this.id=e;this.accountType=s;this.contextIds=o;this.privateElevatedPermissionsHash=new Map;this.appPermission={};this.emptyUser=!!e,r&&this.privateElevatedPermissionsHash.set(Symbol("initial"),r);}async getUserPermissions(){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let e=$({id:this.id,contextIds:this.contextIds}),s=m.get(e);return s||({data:s}=await w.get(`/api/v1/users/${this.id}/authorization-payload`,{params:{contextIds:this.contextIds}}),m.set(e,s)),this.accountType=s.accountType,this.privatePermissions=s,this.privatePermissions}async useCustomPermissionLoader(e){if(!this.id)return;if(this.privatePermissions)return this.privatePermissions;let s=this.id,r=m.get(s);if(r)return this.privatePermissions=r,r;let o=await e(this.id);return m.set(s,o),this.privatePermissions=o,this.privatePermissions}get businessModels(){return this.getUserProperty("businessModels")}get fleets(){return this.getUserProperty("fleets")}get demandSources(){return this.getUserProperty("demandSources")}getUserProperty(e){if(!this.privatePermissions)throw new Error(`Cannot get ${e} without calling (async) getUserPermissions before`);return Object.keys(this.privatePermissions[e]||{})}get elevatedPermissions(){return J(void 0,this.privateElevatedPermissionsHash.values())}get permissions(){if(!this.privatePermissions)throw new Error("Cannot get permissions without calling (async) getUserPermissions before");return J(this.privatePermissions,this.privateElevatedPermissionsHash.values())}elevatePermissions(e){let s=Symbol();Object.values(e).forEach(c=>{Object.keys(c).forEach(a=>{if(!M(a))throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${a}`)});});let r=getCurrentContext();if(!r)throw new Error("Cannot find current user cross services trace");let o=JSON.parse(r.context[l]||"{}"),i=Object.assign(o,e);this.privateElevatedPermissionsHash.set(s,i),r.context.set(l,JSON.stringify(this.elevatedPermissions));let n=()=>{this.privateElevatedPermissionsHash.delete(s),r.context.set(l,JSON.stringify(this.elevatedPermissions));};return n[Symbol.dispose]=n,n}async getUserPermissionsLegacy(){if(!this.id)return;if(this.privatePermissionsLegacy)return this.privatePermissionsLegacy;let e=$({id:this.id,contextIds:this.contextIds,legacy:true}),s=m.get(e);return s||({data:s}=await w.get(`/api/v1/users/${this.id}/authorization-payload-legacy`,{params:{contextIds:this.contextIds}}),m.set(e,s)),this.privatePermissionsLegacy=s,this.privatePermissionsLegacy}get permissionsLegacy(){if(!this.privatePermissionsLegacy)throw new Error("Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before");return this.privatePermissionsLegacy}async getUserAppPermissions(e,s){if(!this.id||!e||!s)return;let r=this.appPermission[e];if(r)return r;let o=`${this.id}:${e}`,i=m.get(o);if(i)return this.appPermission[e]=i,i;let{data:n}=await S.post(`/api/v1/apps/${e}/get-user-payload`,{userId:this.id},{headers:{"x-autofleet-apps-secret":s}});return m.set(o,n),this.appPermission[e]=n,this.appPermission[e]}};var W=async(t,e)=>{let{data:s}=await S.post("/api/v1/auth",{bearer:t,appId:e});return s};var E=class extends Error{constructor(){super(...arguments);this.name="AppDoesNotExist";this.message="app does not exist";}};var G="identity-ms",X="accessToken",f="userObject",x="x-af-user-id",H="X-IAF-ORIGIN-SERVICE",A="x-af-user-permissions",z=H.toLowerCase(),V="x-autofleet-apps-secret";var b=async(t,e)=>{let s=e[H]||e[z]||"";if(!Array.isArray(s)&&s.toLowerCase()===G)return;let{eagerLoadUserPermissions:r,eagerLoadUserPermissionsLegacy:o,customPermissionLoader:i}=t,n=e[x];if(!n||Array.isArray(n))return;let c=e[l]?.length>0?JSON.parse(e[l]):{},a=e?.[y]?.split(","),d=new u(n,"user",c,a);return r&&(i?await d.useCustomPermissionLoader(i):await d.getUserPermissions()),o&&await d.getUserPermissionsLegacy(),getCurrentContext().nonHeaderContext?.set(f,d),d};var Y=(t={})=>async(e,s,r)=>{try{let o=await b(t,e.headers);o&&(e.user=o,e.headers[A]=o),r();}catch{s.status(401).json({error:"cannot authenticate user"});}},Z=(t={})=>async(e,s,r)=>{let{eagerLoadUserPermissions:o,eagerLoadUserPermissionsLegacy:i,returnErrorIfNoToken:n}=t,c;if(e.headers.authorization){try{c=await O(e.headers.authorization);}catch(g){g instanceof T.TokenExpiredError?s.status(401).json({errors:["Access token expired"]}):g instanceof T.JsonWebTokenError?s.status(400).json({errors:[g.message]}):s.status(500).json({errors:["Server error while parsing token"]});return}let a=c?.user?.id;a&&(e.headers[x]=a);let d=e.headers?.[y]?.split(","),p=new u(a,c?.user?.accountType,void 0,d);(o||i)&&await Promise.all([o&&p.getUserPermissions(),i&&p.getUserPermissionsLegacy()]),e.user=p,getCurrentContext().nonHeaderContext?.set(f,p),e.headers[A]=p;}else if(n){s.status(401).json({errors:["No token provided"]});return}r();},Q=t=>async(e,s,r)=>{let{appId:o,clientSecret:i}=t,n;if(!e.headers.authorization){s.status(401).json({errors:["No token provided"]});return}try{if(n=await W(e.headers.authorization,o),!n)throw new E}catch(p){if(p instanceof T.TokenExpiredError){s.status(401).json({errors:["Access token expired"]});return}if([T.JsonWebTokenError,E].some(g=>p instanceof g)){s.status(400).json({errors:[p.message]});return}s.status(500).json({errors:["Server error while parsing token"]});return}let c=n?.userId;c&&(e.headers[x]=c);let a=new u(c);o&&(e.headers[V]=i,await a.getUserAppPermissions(o,i)),e.user=a;let d=getCurrentContext().nonHeaderContext;d?.set(f,a),d?.set(X,R(e.headers.authorization)),e.headers[A]=a,r();},q=async(t,e,s)=>{await t.user.getUserPermissions(),s();},ee=t=>t.headers.authorization?O(t.headers.authorization):null,te=async(t,e)=>{let s=new u(e);await s.getUserPermissions(),t??=newTrace(traceTypes.RABBIT),t.nonHeaderContext.set(f,s);},se=u;var N=(t,e,s)=>{t.decorateRequest("user",void 0),t.addHook("onRequest",async(r,o)=>{try{let i=await b(e,r.headers);i&&(r.user=i);}catch{o.status(401).send({error:"cannot authenticate user"});}}),s();};N[Symbol.for("skip-override")]=true;var I=()=>getCurrentContext().nonHeaderContext?.get(f),D=()=>I()?.id,k=(t,e)=>!D()||Object.hasOwn(I().permissions[e],t),re=t=>k(t,"fleets"),oe=t=>k(t,"businessModels"),ie=t=>k(t,"demandSources");var C=class extends Error{constructor(s=null,r="UnauthorizedAccessError"){super(r);this.user=s;this.name="UnauthorizedAccessError";}};var U={NONE:"NONE",BASIC:"BASIC",JWT:"JWT"},ne={[U.NONE]:()=>{},[U.BASIC]:t=>{let{username:e,password:s}=t;return `Basic ${Buffer.from(`${e}:${s}`).toString("base64")}`},[U.JWT]:t=>{let{secret:e}=t;if(e)return `Bearer ${T.sign({},e,{expiresIn:10})}`}},ae=t=>{let e=t?.method;if(!(!e||!ne[e]))return ne[e](t)};var Ce=P.getCurrentContext,bt=({outbreakOptions:t={},logger:e}={})=>{P.default({headersPrefix:"x-af",contextMiddlewareGetter:e?.addContextMiddleware,...t});},{traceTypes:ve,newTrace:_e}=P;var Tt={traceTypes:ve,newTrace:_e,User:se,middleware:Y,middlewareWithDecode:Z,eagerLoadPermissionsMiddleware:q,getCurrentPayload:Ce,getDecodedBearer:ee,checkFleetPermission:re,checkBusinessModelPermission:oe,checkDemandSourcePermission:ie,isUserExist:D,getUser:I,UnauthorizedAccessError:C,appMiddleware:Q,createOrSetRabbitTrace:te,outbreak:P,AUTHORIZATION_METHODS:U,getAuthorizationHeader:ae,CONTEXTS_IDS_HEADER:y,authFromUserIdHeaderPlugin:N};
|
|
2
|
+
export{U as AUTHORIZATION_METHODS,y as CONTEXTS_IDS_HEADER,C as UnauthorizedAccessError,se as User,Q as appMiddleware,N as authFromUserIdHeaderPlugin,oe as checkBusinessModelPermission,ie as checkDemandSourcePermission,re as checkFleetPermission,te as createOrSetRabbitTrace,Tt as default,q as eagerLoadPermissionsMiddleware,bt as enableTracing,ae as getAuthorizationHeader,Ce as getCurrentPayload,ee as getDecodedBearer,le as getRefreshTokenSecret,_ as getTokenSecret,I as getUser,D as isUserExist,Y as middleware,Z as middlewareWithDecode,_e as newTrace,ve as traceTypes};//# sourceMappingURL=index.js.map
|
|
3
3
|
//# sourceMappingURL=index.js.map
|
package/lib/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/secret-getter.ts","../src/utils.ts","../src/services.ts","../src/user/ApiUser.ts","../src/app-auth.ts","../src/exceptions/appDoesNotExist.ts","../src/user/const.ts","../src/user/common.ts","../src/user/index.ts","../src/user/fastify.ts","../src/check-permission.ts","../src/errors.ts","../src/authorization.ts","../src/index.ts"],"names":["DEPRECATED_JWT_SECRET","JWT_NEW_SECRET","DEPRECATED_REFRESH_JWT_SECRET","REFRESH_JWT_SECRET","DEPRECATION_UNIX_TIMESTAMP","getRelevantSecret","token","deprecatedSecret","newSecret","deprecationTime","moment","unixTime","iat","jwt","getRefreshTokenSecret","getTokenSecret","getAuthFromBearer","bearer","decodeBearer","appSecret","EMPTY_UUID","FULL_UUID","VALID_CHARS_REGEX","UUID_VERSION_REGEX","UUID_REGEX","validateUUID","uuid","CACHE_LIFETIME_IN_SEC","apiGwUrl","IdentityNetwork","Network","AutofleetApiNetwork","ELEVATED_PERMISSIONS_HEADER","CONTEXTS_IDS_HEADER","userCache","NodeCache","mergePermissions","target","sources","permissions","source","entityType","entityId","perms","ApiUser","id","accountType","elevatedPermissions","contextIds","cacheKey","objectHash","data","customPermissionLoader","cachedResult","key","addedPermissions","elevationId","entityIds","currentUserTrace","getCurrentContext","currentElevation","newElevation","appId","clientSecret","currentAppPermission","decodeAppBearer","decoded","AppDoesNotExist","IDENTITY_MS","ACCESS_TOKEN","USER_OBJECT","USER_TRACING_HEADER","ORIGIN_HEADER","USER_PERMISSIONS_HEADER","LOWER_CASE_ORIGIN_HEADER","AUTOFLEET_APPS_SECRET_HEADER","authFromUserIdHeader","options","headers","originHeader","eagerLoadUserPermissions","eagerLoadUserPermissionsLegacy","userId","elevatedPermissionsFromHeader","userObject","middleware","req","res","next","middlewareWithDecode","returnErrorIfNoToken","e","appMiddleware","Err","currentTraceContext","eagerLoadPermissionsMiddleware","getDecodedBearer","createOrSetRabbitTrace","trace","newTrace","traceTypes","user_default","authFromUserIdHeaderPlugin","fastify","done","request","reply","user","getUser","isUserExist","checkUserPermissions","checkFleetPermission","fleetId","checkBusinessModelPermission","businessModelId","checkDemandSourcePermission","demandSourceId","UnauthorizedAccessError","message","AUTHORIZATION_METHODS","AUTHORIZATION_ACTIONS","authorizationSettings","username","password","secret","getAuthorizationHeader","authorizationMethod","getCurrentPayload","enableTracing","outbreakOptions","logger","outbreak","index_default"],"mappings":"mRAGM,CACJ,qBAAA,CAAAA,EAAuB,CAAA,cAAA,CAAAC,EACvB,CAAA,6BAAA,CAAAC,GAA+B,kBAAAC,CAAAA,EAAAA,CAC/B,0BAAAC,CAAAA,EACF,CAAI,CAAA,OAAA,CAAQ,IAENC,CAAoB,CAAA,CAACC,CAA2BC,CAAAA,CAAAA,CAA0BC,CAA8B,GAAA,CAC5G,IAAMC,CAAkBC,CAAAA,CAAAA,CAAO,SAASN,EAA4B,CAAA,EAAE,EAAI,GAAI,CAAA,CAC9E,GAAI,CACF,IAAIO,CAAAA,CACJ,GAAIL,CAAO,CAAA,CACT,GAAM,CAAE,GAAAM,CAAAA,CAAI,EAAIC,CAAI,CAAA,MAAA,CAAOP,CAAK,CAAA,CAChCK,CAAWD,CAAAA,CAAAA,CAAOE,EAAM,GAAI,EAC9B,CACED,KAAAA,CAAAA,CAAWD,CAAO,EAAA,CAEpB,OAAOC,CAAS,CAAA,QAAA,CAASF,CAAe,CAAA,CAAIF,CAAmBC,CAAAA,CACjE,MAAY,CACV,OAAOA,CACT,CACF,CAEaM,CAAAA,EAAAA,CAAyBR,GAA2BD,CAAkBC,CAAAA,CAAAA,CAAOJ,EAA+BC,CAAAA,EAAkB,CAC9HY,CAAAA,CAAAA,CAAkBT,GAA2BD,CAAkBC,CAAAA,CAAAA,CAAON,GAAuBC,EAAc,ECfjH,IAAMe,CAAqBC,CAAAA,CAAAA,EAA2BA,CAAO,CAAA,OAAA,CAAQ,SAAW,CAAA,EAAE,EAE5EC,CAAe,CAAA,CAACD,CAAgBE,CAAAA,CAAAA,GAA4B,CACvE,IAAMb,EAAQU,CAAkBC,CAAAA,CAAM,CAEtC,CAAA,OADgBJ,CAAI,CAAA,MAAA,CAAOP,EAAoBS,CAAAA,CAAeT,CAAK,CAAC,CAEtE,CAAA,CAqDA,IAAMc,EAAa,CAAA,sCAAA,CACbC,EAAY,CAAA,sCAAA,CACZC,CAAoB,CAAA,UAAA,CACpBC,GAAqB,OACrBC,CAAAA,EAAAA,CAAa,IAAI,MAAA,CACrB,CAAOF,IAAAA,EAAAA,CAAiB,OAAOA,CAAiB,CAAA,IAAA,EAAOC,EAAkB,CAAA,EAAGD,CAAiB,CAAA,UAAA,EAAaA,CAAiB,CAAOA,IAAAA,EAAAA,CAAiB,QAAQF,EAAU,CAAA,CAAA,EAAIC,EAAS,CAClL,EAAA,CAAA,CAAA,GACF,CACO,CAAA,SAASI,CAAaC,CAAAA,CAAAA,CAA6B,CACxD,OAAO,OAAOA,CAAS,EAAA,QAAA,EAAYF,EAAW,CAAA,IAAA,CAAKE,CAAI,CACzD,CC9EA,IAAMC,EAAwB,EACxBC,CAAAA,CAAAA,CAAW,OAAQ,CAAA,GAAA,CAAI,eAAmB,EAAA,0BAAA,CAGnCC,EAAkB,IAAIC,CAAAA,CAAQ,CACzC,WAAA,CAAa,aACb,CAAA,OAAA,CAAS,EACT,cAAgB,CAAA,IAAM,IACtB,CAAA,KAAA,CAAO,OAAQ,CAAA,GAAA,CAAI,WAAa,MAAS,CAAA,CACvC,MAAQH,CAAAA,CAAAA,CAAwB,GAClC,CAAA,CAAI,MACN,CAAC,CAAA,CAEYI,EAAsB,IAAID,CAAAA,CAAQ,CAC7C,OAASF,CAAAA,CAAAA,CACT,UAAYA,CAAAA,CAAAA,CACZ,OAAS,CAAA,CAAA,CACT,eAAgB,IAAM,IAAA,CACtB,KAAO,CAAA,OAAA,CAAQ,GAAI,CAAA,QAAA,GAAa,OAAS,CACvC,MAAA,CAAQD,CAAwB,CAAA,GAClC,CAAI,CAAA,MACN,CAAC,CCZM,CAAA,IAAMK,CAA8B,CAAA,2BAAA,CAC9BC,CAAsB,CAAA,kBAAA,CAqB7BC,EAAY,IAAIC,EAAAA,CAAU,CAAE,MAAA,CAAQ,EAAG,CAAC,EAExCC,CAAmB,CAAA,CAACC,CAAqBC,CAAAA,CAAAA,GAAuD,CACpG,IAAMC,EAA2B,CAC/B,GAAGF,CACH,CAAA,MAAA,CAAQ,CAAE,GAAGA,GAAQ,MAAO,CAAA,CAC5B,eAAgB,CAAE,GAAGA,GAAQ,cAAe,CAAA,CAC5C,aAAe,CAAA,CAAE,GAAGA,CAAAA,EAAQ,aAAc,CAE5C,CAAA,CAGA,IAAWG,IAAAA,CAAAA,IAAUF,CACnB,CAAA,MAAA,CAAO,KAAKE,CAAM,CAAA,CAAE,OAASC,CAAAA,CAAAA,EAAe,CAE1CF,CAAAA,CAAYE,CAAU,CAAM,GAAA,EAC5B,CAAA,MAAA,CAAO,OAAQD,CAAAA,CAAAA,CAAOC,CAAU,CAAE,CAAA,CAAE,OAAQ,CAAA,CAAC,CAACC,CAAAA,CAAUC,CAAK,CAAM,GAAA,CAEjEJ,CAAYE,CAAAA,CAAU,CAAEC,CAAAA,CAAQ,GAAKH,CAAYE,CAAAA,CAAU,CAAEC,CAAAA,CAAQ,CAAK,EAAA,IAAI,MAAOC,CAAAA,CAAK,EAC5F,CAAC,EACH,CAAC,CAGH,CAAA,OAAOJ,CACT,CAAA,CAEqBK,CAArB,CAAA,KAA6B,CAW3B,WAAmBC,CAAAA,CAAAA,CAAqBC,CAA2BC,CAAAA,CAAAA,CAAiDC,CAAuB,CAAA,CAAxH,QAAAH,CAAqB,CAAA,IAAA,CAAA,WAAA,CAAAC,CAA4E,CAAA,IAAA,CAAA,UAAA,CAAAE,CARpH,CAAA,IAAA,CAAiB,+BAAiC,IAAI,GAAA,CAItD,IAAiB,CAAA,aAAA,CAAwC,EAAC,CAKxD,KAAK,SAAY,CAAA,CAAC,CAACH,CAAAA,CACfE,CACF,EAAA,IAAA,CAAK,+BAA+B,GAAI,CAAA,MAAA,CAAO,SAAS,CAAA,CAAGA,CAAmB,EAElF,CAEA,MAAa,kBAAA,EAA2C,CACtD,GAAI,CAAC,IAAA,CAAK,GACR,OAEF,GAAI,KAAK,kBACP,CAAA,OAAO,KAAK,kBAEd,CAAA,IAAME,CAAWC,CAAAA,CAAAA,CAAW,CAC1B,EAAA,CAAI,KAAK,EACT,CAAA,UAAA,CAAY,IAAK,CAAA,UACnB,CAAC,CAAA,CAEGC,EAAOjB,CAAU,CAAA,GAAA,CAAiBe,CAAQ,CAAA,CAE9C,OAAKE,CAAAA,GACF,CAAE,IAAAA,CAAAA,CAAK,CAAI,CAAA,MAAMtB,CAAgB,CAAA,GAAA,CAAiB,iBAAiB,IAAK,CAAA,EAAE,CAA0B,sBAAA,CAAA,CAAA,CAAE,MAAQ,CAAA,CAAE,WAAY,IAAK,CAAA,UAAW,CAAE,CAAC,CAChJK,CAAAA,CAAAA,CAAU,IAAIe,CAAUE,CAAAA,CAAI,CAG9B,CAAA,CAAA,IAAA,CAAK,WAAcA,CAAAA,CAAAA,CAAK,YACxB,IAAK,CAAA,kBAAA,CAAqBA,EACnB,IAAK,CAAA,kBACd,CAEA,MAAa,yBAAA,CAA0BC,CAA0G,CAAA,CAC/I,GAAI,CAAC,KAAK,EACR,CAAA,OAEF,GAAI,IAAA,CAAK,kBACP,CAAA,OAAO,KAAK,kBAGd,CAAA,IAAMH,CAAW,CAAA,IAAA,CAAK,EAEhBI,CAAAA,CAAAA,CAAenB,EAAU,GAAiBe,CAAAA,CAAQ,CACxD,CAAA,GAAII,CACF,CAAA,OAAA,IAAA,CAAK,mBAAqBA,CACnBA,CAAAA,CAAAA,CAGT,IAAMF,CAAAA,CAAO,MAAMC,CAAAA,CAAuB,KAAK,EAAE,CAAA,CACjD,OAAAlB,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAE5B,CAAA,IAAA,CAAK,kBAAqBA,CAAAA,CAAAA,CACnB,IAAK,CAAA,kBACd,CAEA,IAAW,cAAA,EAAuC,CAChD,OAAO,IAAA,CAAK,gBAAgB,gBAAgB,CAC9C,CAEA,IAAW,MAA+B,EAAA,CACxC,OAAO,IAAK,CAAA,eAAA,CAAgB,QAAQ,CACtC,CAEA,IAAW,eAAsC,CAC/C,OAAO,IAAK,CAAA,eAAA,CAAgB,eAAe,CAC7C,CAEQ,eAAgBG,CAAAA,CAAAA,CAA8C,CACpE,GAAI,CAAC,IAAA,CAAK,mBACR,MAAM,IAAI,KAAM,CAAA,CAAA,WAAA,EAAcA,CAAG,CAAA,kDAAA,CAAoD,EAEvF,OAAO,MAAA,CAAO,IAAK,CAAA,IAAA,CAAK,kBAAmBA,CAAAA,CAAG,GAAK,EAAE,CACvD,CAEA,IAAW,mBAAA,EAAmC,CAC5C,OAAOlB,CAAAA,CAAiB,OAAW,IAAK,CAAA,8BAAA,CAA+B,QAAQ,CACjF,CAEA,IAAW,WAAuC,EAAA,CAChD,GAAI,CAAC,IAAA,CAAK,kBACR,CAAA,MAAM,IAAI,KAAA,CAAM,0EAA0E,CAG5F,CAAA,OAAOA,CAAiB,CAAA,IAAA,CAAK,kBAAoB,CAAA,IAAA,CAAK,+BAA+B,MAAO,EAAC,CAC/F,CAEO,kBAAmBmB,CAAAA,CAAAA,CAAkD,CAG1E,IAAMC,CAAAA,CAAc,MAAO,EAAA,CAG3B,MAAO,CAAA,MAAA,CAAOD,CAAgB,CAAE,CAAA,OAAA,CAASE,CAAc,EAAA,CACrD,MAAO,CAAA,IAAA,CAAKA,CAAS,CAAE,CAAA,OAAA,CAASf,CAAa,EAAA,CAC3C,GAAI,CAACjB,EAAaiB,CAAQ,CAAA,CACxB,MAAM,IAAI,KAAA,CAAM,kEAAkEA,CAAQ,CAAA,CAAE,CAEhG,CAAC,EACH,CAAC,EAED,IAAMgB,CAAAA,CAAmBC,iBAAkB,EAAA,CAC3C,GAAI,CAACD,EACH,MAAM,IAAI,KAAM,CAAA,+CAA+C,CAGjE,CAAA,IAAME,EAAmB,IAAK,CAAA,KAAA,CAAMF,CAAiB,CAAA,OAAA,CAAQ1B,CAA2B,CAAA,EAAK,IAAI,CAC3F6B,CAAAA,CAAAA,CAAe,MAAO,CAAA,MAAA,CAAOD,CAAkBL,CAAAA,CAAgB,EACrE,OAAK,IAAA,CAAA,8BAAA,CAA+B,GAAIC,CAAAA,CAAAA,CAAaK,CAAY,CAAA,CACjEH,EAAiB,OAAQ,CAAA,GAAA,CAAI1B,CAA6B,CAAA,IAAA,CAAK,SAAU,CAAA,IAAA,CAAK,mBAAmB,CAAC,CAAA,CAC3F,IAAM,CACX,IAAA,CAAK,+BAA+B,MAAOwB,CAAAA,CAAW,CACtDE,CAAAA,CAAAA,CAAiB,OAAQ,CAAA,GAAA,CAAI1B,EAA6B,IAAK,CAAA,SAAA,CAAU,IAAK,CAAA,mBAAmB,CAAC,EACpG,CACF,CAEA,MAAa,wBAA2B,EAAA,CACtC,GAAI,CAAC,KAAK,EACR,CAAA,OAEF,GAAI,IAAA,CAAK,wBACP,CAAA,OAAO,KAAK,wBAGd,CAAA,IAAMiB,CAAWC,CAAAA,CAAAA,CAAW,CAC1B,EAAA,CAAI,KAAK,EACT,CAAA,UAAA,CAAY,IAAK,CAAA,UAAA,CACjB,MAAQ,CAAA,IACV,CAAC,CACGC,CAAAA,CAAAA,CAAOjB,CAAU,CAAA,GAAA,CAAIe,CAAQ,CAAA,CAEjC,OAAKE,CACF,GAAA,CAAE,KAAAA,CAAK,CAAA,CAAI,MAAMtB,CAAgB,CAAA,GAAA,CAAI,CAAiB,cAAA,EAAA,IAAA,CAAK,EAAE,CAAA,6BAAA,CAAA,CAAiC,CAAE,MAAQ,CAAA,CAAE,UAAY,CAAA,IAAA,CAAK,UAAW,CAAE,CAAC,CAC1IK,CAAAA,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAAA,CAAA,CAG9B,KAAK,wBAA2BA,CAAAA,CAAAA,CACzB,IAAK,CAAA,wBACd,CAEA,IAAW,mBAAyB,CAClC,GAAI,CAAC,IAAA,CAAK,wBACR,CAAA,MAAM,IAAI,KAAM,CAAA,sFAAsF,CAExG,CAAA,OAAO,IAAK,CAAA,wBACd,CAEA,MAAa,qBAAA,CAAsBW,CAAOC,CAAAA,CAAAA,CAAc,CACtD,GAAI,CAAC,IAAK,CAAA,EAAA,EAAM,CAACD,CAAS,EAAA,CAACC,EACzB,OAEF,IAAMC,CAAuB,CAAA,IAAA,CAAK,aAAcF,CAAAA,CAAK,EAErD,GAAIE,CAAAA,CACF,OAAOA,CAAAA,CAGT,IAAMf,CAAAA,CAAW,GAAG,IAAK,CAAA,EAAE,CAAIa,CAAAA,EAAAA,CAAK,CAE9BT,CAAAA,CAAAA,CAAAA,CAAenB,EAAU,GAAiBe,CAAAA,CAAQ,CACxD,CAAA,GAAII,CACF,CAAA,OAAA,IAAA,CAAK,cAAcS,CAAK,CAAA,CAAIT,CACrBA,CAAAA,CAAAA,CAGT,GAAM,CAAE,KAAAF,CAAK,CAAA,CAAI,MAAMpB,CAAAA,CAAoB,IAAkB,CAAA,CAAA,aAAA,EAAgB+B,CAAK,CAAqB,iBAAA,CAAA,CAAA,CACrG,MAAQ,CAAA,IAAA,CAAK,EACf,CAAA,CAAG,CACD,OAAS,CAAA,CACP,yBAA2BC,CAAAA,CAC7B,CACF,CAAC,EAED,OAAA7B,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAAA,CAC5B,KAAK,aAAcW,CAAAA,CAAK,CAAIX,CAAAA,CAAAA,CACrB,IAAK,CAAA,aAAA,CAAcW,CAAK,CACjC,CACF,ECnPO,IAAMG,CAAkB,CAAA,MAAOhD,EAAgB6C,CAAgC,GAAA,CACpF,GAAM,CAAE,IAAMI,CAAAA,CAAQ,EAAI,MAAMnC,CAAAA,CAAoB,IAAK,CAAA,cAAA,CAAgB,CAAE,MAAA,CAAAd,EAAQ,KAAA6C,CAAAA,CAAM,CAAC,CAAA,CAC1F,OAAOI,CACT,ECLA,IAAqBC,CAAAA,CAArB,cAA6C,KAAM,CAAnD,WAAA,EAAA,CAAA,KAAA,CAAA,GAAA,SAAA,CAAA,CACE,UAAO,iBAEP,CAAA,IAAA,CAAA,OAAA,CAAU,sBACZ,CCJO,CAAA,IAAMC,EAAc,aACdC,CAAAA,CAAAA,CAAe,aACfC,CAAAA,CAAAA,CAAc,YACdC,CAAAA,CAAAA,CAAsB,eACtBC,CAAgB,CAAA,sBAAA,CAChBC,CAA0B,CAAA,uBAAA,CAC1BC,CAA2BF,CAAAA,CAAAA,CAAc,aACzCG,CAAAA,CAAAA,CAA+B,yBCN5C,CAiBO,IAAMC,CAAAA,CAAuB,MAAOC,CAAAA,CAAsCC,CAA+D,GAAA,CAC9I,IAAMC,CAAeD,CAAAA,CAAAA,CAAQN,CAAa,CAAA,EAAKM,CAAQJ,CAAAA,CAAwB,GAAK,EACpF,CAAA,GAAI,CAAC,KAAA,CAAM,OAAQK,CAAAA,CAAY,GAAKA,CAAa,CAAA,WAAA,EAAkBX,GAAAA,CAAAA,CACjE,OAEF,GAAM,CACJ,wBAAAY,CAAAA,CAAAA,CACA,+BAAAC,CACA,CAAA,sBAAA,CAAA7B,CACF,CAAIyB,CAAAA,CAAAA,CACEK,CAASJ,CAAAA,CAAAA,CAAQP,CAAmB,CAAA,CAC1C,GAAI,CAACW,CAAAA,EAAU,KAAM,CAAA,OAAA,CAAQA,CAAM,CAAA,CACjC,OAGF,IAAMC,CAAAA,CAAgCL,CAAQ9C,CAAAA,CAA2B,CAAG,EAAA,MAAA,CAAS,EAAI,IAAK,CAAA,KAAA,CAAM8C,CAAQ9C,CAAAA,CAA2B,CAAW,CAAA,CAAI,EAChJgB,CAAAA,CAAAA,CAAc8B,CAAU7C,GAAAA,CAAmB,CAAc,EAAA,KAAA,CAAM,GAAG,CAElEmD,CAAAA,CAAAA,CAAa,IAAIxC,CAAAA,CAAQsC,CAAQ,CAAA,MAAA,CAAQC,EAA+BnC,CAAU,CAAA,CACxF,OAAIgC,CAAAA,GACE5B,CACF,CAAA,MAAMgC,EAAW,yBAA0BhC,CAAAA,CAAsB,EAEjE,MAAMgC,CAAAA,CAAW,oBAIjBH,CAAAA,CAAAA,CAAAA,EACF,MAAMG,CAAAA,CAAW,wBAAyB,EAAA,CAG5CzB,mBAAoB,CAAA,gBAAA,EAAkB,GAAIW,CAAAA,CAAAA,CAAac,CAAU,CAAA,CAC1DA,CACT,CC5BO,CAAA,IAAMC,CAAa,CAAA,CAACR,CAAuC,CAAA,KAAgB,MAAOS,CAAAA,CAAKC,CAAKC,CAAAA,CAAAA,GAAuB,CACxH,GAAI,CACF,IAAMJ,CAAAA,CAAa,MAAMR,CAAAA,CAAqBC,CAASS,CAAAA,CAAAA,CAAI,OAAO,CAC9DF,CAAAA,CAAAA,GACFE,CAAI,CAAA,IAAA,CAAOF,CAGXE,CAAAA,CAAAA,CAAI,QAAQb,CAAuB,CAAA,CAAIW,CAGzCI,CAAAA,CAAAA,CAAAA,GACF,CAAA,KAAY,CACVD,CAAI,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,KAAO,CAAA,0BAA2B,CAAC,EAC5D,CACF,CAAA,CAEaE,EAAuB,CAACZ,CAAAA,CAIjC,EAAC,GAAe,MAAOS,CAAAA,CAAKC,EAAKC,CAAwB,GAAA,CAC3D,GAAM,CACJ,wBAAAR,CAAAA,CAAAA,CACA,+BAAAC,CACA,CAAA,oBAAA,CAAAS,CACF,CAAA,CAAIb,CACAX,CAAAA,CAAAA,CACJ,GAAIoB,CAAI,CAAA,OAAA,CAAQ,aAAe,CAAA,CAC7B,GAAI,CACFpB,EAAU,MAAMhD,CAAAA,CAAaoE,CAAI,CAAA,OAAA,CAAQ,aAAa,EACxD,OAASK,CAAG,CAAA,CACNA,CAAa9E,YAAAA,CAAAA,CAAI,iBACnB0E,CAAAA,CAAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,CAAE,MAAA,CAAQ,CAAC,sBAAsB,CAAE,CAAC,CAAA,CAChDI,CAAa9E,YAAAA,CAAAA,CAAI,kBAC1B0E,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA,CAAE,OAAQ,CAACI,CAAAA,CAAE,OAAO,CAAE,CAAC,CAAA,CAE5CJ,EAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAA,CAAQ,CAAC,kCAAkC,CAAE,CAAC,CAAA,CAEvE,MACF,CACA,IAAML,CAAShB,CAAAA,CAAAA,EAAS,IAAM,EAAA,EAAA,CAE1BgB,CACFI,GAAAA,CAAAA,CAAI,QAAQf,CAAmB,CAAA,CAAIW,CAGrC,CAAA,CAAA,IAAMlC,CAAcsC,CAAAA,CAAAA,CAAI,UAAUrD,CAAmB,CAAA,EAAc,MAAM,GAAG,CAAA,CACtEmD,EAAa,IAAIxC,CAAAA,CAAQsC,CAAQhB,CAAAA,CAAAA,EAAS,IAAM,EAAA,WAAA,CAAa,OAAWlB,CAAU,CAAA,CAAA,CAEpFgC,CAA4BC,EAAAA,CAAAA,GAC9B,MAAM,OAAA,CAAQ,IAAI,CAChBD,CAAAA,EAA4BI,CAAW,CAAA,kBAAA,EACvCH,CAAAA,CAAAA,EAAkCG,EAAW,wBAAyB,EACxE,CAAC,CAAA,CAGHE,CAAI,CAAA,IAAA,CAAOF,EACXzB,iBAAkB,EAAA,CAAE,gBAAkB,EAAA,GAAA,CAAIW,CAAac,CAAAA,CAAU,EAIjEE,CAAI,CAAA,OAAA,CAAQb,CAAuB,CAAA,CAAIW,EACzC,CAAA,KAAA,GAAWM,EAAsB,CAC/BH,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAAC,mBAAmB,CAAE,CAAC,EACtD,MACF,CACAC,CAAK,GACP,CAEaI,CAAAA,CAAAA,CAAiBf,GAGf,MAAOS,CAAAA,CAAKC,CAAKC,CAAAA,CAAAA,GAAwB,CACtD,GAAM,CACJ,KAAA1B,CAAAA,CAAAA,CACA,YAAAC,CAAAA,CACF,CAAIc,CAAAA,CAAAA,CACAX,EAEJ,GAAI,CAACoB,CAAI,CAAA,OAAA,CAAQ,aAAe,CAAA,CAC9BC,EAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAA,CAAQ,CAAC,mBAAmB,CAAE,CAAC,CAAA,CACtD,MACF,CAEA,GAAI,CAEF,GADArB,CAAU,CAAA,MAAMD,CAAgBqB,CAAAA,CAAAA,CAAI,QAAQ,aAAexB,CAAAA,CAAK,EAC5D,CAACI,CAAAA,CACH,MAAM,IAAIC,CAEd,CAASwB,MAAAA,CAAAA,CAAG,CACV,GAAIA,aAAa9E,CAAI,CAAA,iBAAA,CAAmB,CACtC0E,CAAAA,CAAI,MAAO,CAAA,GAAG,EAAE,IAAK,CAAA,CAAE,MAAQ,CAAA,CAAC,sBAAsB,CAAE,CAAC,CACzD,CAAA,MACF,CACA,GAAI,CAAC1E,CAAAA,CAAI,kBAAmBsD,CAAe,CAAA,CAAE,IAAM0B,CAAAA,CAAAA,EAAQF,CAAaE,YAAAA,CAAG,EAAG,CAC5EN,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAACI,CAAE,CAAA,OAAO,CAAE,CAAC,EAC5C,MACF,CACAJ,EAAI,MAAO,CAAA,GAAG,EAAE,IAAK,CAAA,CAAE,MAAQ,CAAA,CAAC,kCAAkC,CAAE,CAAC,CACrE,CAAA,MACF,CACA,IAAML,CAAShB,CAAAA,CAAAA,EAAS,OACpBgB,CACFI,GAAAA,CAAAA,CAAI,OAAQf,CAAAA,CAAmB,CAAIW,CAAAA,CAAAA,CAAAA,CAGrC,IAAME,CAAa,CAAA,IAAIxC,CAAQsC,CAAAA,CAAM,CAEjCpB,CAAAA,CAAAA,GACFwB,EAAI,OAAQX,CAAAA,CAA4B,CAAIZ,CAAAA,CAAAA,CAE5C,MAAMqB,CAAAA,CAAW,sBAAsBtB,CAAOC,CAAAA,CAAY,CAG5DuB,CAAAA,CAAAA,CAAAA,CAAI,IAAOF,CAAAA,CAAAA,CACX,IAAMU,CAAsBnC,CAAAA,iBAAAA,EAAoB,CAAA,gBAAA,CAChDmC,CAAqB,EAAA,GAAA,CAAIxB,EAAac,CAAU,CAAA,CAChDU,GAAqB,GAAIzB,CAAAA,CAAAA,CAAcrD,EAAkBsE,CAAI,CAAA,OAAA,CAAQ,aAAa,CAAC,CAInFA,CAAAA,CAAAA,CAAI,QAAQb,CAAuB,CAAA,CAAIW,CAEvCI,CAAAA,CAAAA,GACF,CAAA,CAEaO,EAA0C,MAAOT,CAAAA,CAAKC,CAAKC,CAAAA,CAAAA,GAAS,CAC/E,MAAMF,EAAI,IAAK,CAAA,kBAAA,EACfE,CAAAA,CAAAA,GACF,CAAA,CAEaQ,GAAoBV,CAC1BA,EAAAA,CAAAA,CAAI,OAAQ,CAAA,aAAA,CAGVpE,CAAaoE,CAAAA,CAAAA,CAAI,QAAQ,aAAa,CAAA,CAFpC,IAKEW,CAAAA,EAAAA,CAAyB,MAAOC,CAAAA,CAAgDhB,IAA+B,CAC1H,IAAME,CAAa,CAAA,IAAIxC,CAAQsC,CAAAA,CAAM,EAErC,MAAME,CAAAA,CAAW,oBAEjBc,CAAAA,CAAAA,GAAUC,SAASC,UAAW,CAAA,MAAM,CACpCF,CAAAA,CAAAA,CAAM,gBAAiB,CAAA,GAAA,CAAI5B,EAAac,CAAU,EACpD,CAEOiB,CAAAA,EAAAA,CAAQzD,EC/JR,IAAM0D,EAAiF,CAACC,CAAAA,CAAS1B,CAAS2B,CAAAA,CAAAA,GAAS,CACxHD,CAAAA,CAAQ,gBAAgB,MAAQ,CAAA,MAAS,CACzCA,CAAAA,CAAAA,CAAQ,OAAQ,CAAA,WAAA,CAAa,MAAOE,CAASC,CAAAA,CAAAA,GAAU,CACrD,GAAI,CACF,IAAMC,EAAO,MAAM/B,CAAAA,CAAqBC,CAAS4B,CAAAA,CAAAA,CAAQ,OAAO,CAAA,CAC5DE,IACFF,CAAQ,CAAA,IAAA,CAAOE,CAEnB,EAAA,CAAA,KAAY,CACVD,CAAAA,CAAM,OAAO,GAAG,CAAA,CAAE,KAAK,CAAE,KAAA,CAAO,0BAA2B,CAAC,EAC9D,CACF,CAAC,CAEDF,CAAAA,CAAAA,GACF,EACAF,CAAAA,CAA2B,MAAO,CAAA,GAAA,CAAI,eAAe,CAAC,EAAI,IC1B1D,CAIO,IAAMM,EAAU,IAA4BjD,iBAAAA,EAAoB,CAAA,gBAAA,EAAkB,GAAIW,CAAAA,CAAW,EAE3FuC,CAAc,CAAA,IAAMD,CAAQ,EAAA,EAAG,EAEtCE,CAAAA,CAAAA,CAAuB,CAC3BpE,CACAD,CAAAA,CAAAA,GACG,CAACoE,CAAAA,EAAiB,EAAA,MAAA,CAAO,OAAOD,CAAQ,EAAA,CAAG,WAAYnE,CAAAA,CAAU,CAAGC,CAAAA,CAAQ,EAEpEqE,EAAwBC,CAAAA,CAAAA,EAAoBF,EAAqBE,CAAS,CAAA,QAAQ,EAClFC,EAAgCC,CAAAA,CAAAA,EAA4BJ,CAAqBI,CAAAA,CAAAA,CAAiB,gBAAgB,CAAA,CAClHC,GAA+BC,CAA2BN,EAAAA,CAAAA,CAAqBM,CAAgB,CAAA,eAAe,ECZpH,IAAMC,EAAN,cAAsC,KAAM,CACjD,WAAA,CAAmBV,CAAuB,CAAA,IAAA,CAAMW,EAAU,yBAA2B,CAAA,CACnF,KAAMA,CAAAA,CAAO,CADI,CAAA,IAAA,CAAA,IAAA,CAAAX,EAEjB,IAAK,CAAA,IAAA,CAAO,0BACd,CACF,ECNO,IAAMY,CAAwB,CAAA,CACnC,IAAM,CAAA,MAAA,CACN,MAAO,OACP,CAAA,GAAA,CAAK,KACP,CAAA,CAEMC,EAAwB,CAAA,CAC5B,CAACD,CAAsB,CAAA,IAAI,EAAG,IAAG,EAAA,CACjC,CAACA,CAAsB,CAAA,KAAK,EAAIE,CAAAA,EAA+B,CAC7D,GAAM,CAAE,QAAAC,CAAAA,CAAAA,CAAU,QAAAC,CAAAA,CAAS,CAAIF,CAAAA,CAAAA,CAE/B,OAAO,CADoB,MAAA,EAAA,MAAA,CAAO,IAAK,CAAA,CAAA,EAAGC,CAAQ,CAAA,CAAA,EAAIC,CAAQ,CAAE,CAAA,CAAA,CAAE,QAAS,CAAA,QAAQ,CACjD,CAAA,CACpC,EACA,CAACJ,CAAAA,CAAsB,GAAG,EAAIE,CAA+B,EAAA,CAC3D,GAAM,CAAE,MAAA,CAAAG,CAAO,CAAA,CAAIH,CACnB,CAAA,GAAIG,EACF,OAAO,CAAA,OAAA,EAAU/G,CAAI,CAAA,IAAA,CAAK,EAAC,CAAG+G,EAAQ,CAAE,SAAA,CAAW,EAAG,CAAC,CAAC,EAG5D,CACF,CAAA,CAEaC,EAA0BJ,CAAAA,CAAAA,EAA8E,CACnH,IAAMK,EAAsBL,CAAuB,EAAA,MAAA,CAEnD,GAAI,EAAA,CAACK,CAAuB,EAAA,CAACN,GAAsBM,CAAmB,CAAA,CAAA,CAItE,OAAON,EAAAA,CAAsBM,CAAmB,CAAA,CAAEL,CAAqB,CACzE,ECTMM,IAAAA,EAAAA,CAA6B,CAI7BC,CAAAA,iBAAAA,CAAAA,EAAAA,CAAgB,CAAC,CAAE,eAAA,CAAAC,CAAkB,CAAA,EAAI,CAAA,MAAA,CAAAC,CAAO,CAAiF,CAAA,EAAa,GAAA,CACzI,CAAQ,CAAA,OAAA,CAAA,CACf,cAAe,MACf,CAAA,uBAAA,CAAyBA,CAAQ,EAAA,oBAAA,CACjC,GAAGD,CACL,CAAC,EACH,CAAA,CAEM,CAAE,UAAA,CAAA7B,EAAY,CAAA,QAAA,CAAAD,EAAS,CAAIgC,CAAAA,EA8B1BC,IAAAA,EAAAA,CAAQ,CACb,UAAA,CAAAhC,GACA,QAAAD,CAAAA,EAAAA,CACA,IAAAE,CAAAA,EAAAA,CACA,UAAAhB,CAAAA,CAAAA,CACA,qBAAAI,CACA,CAAA,8BAAA,CAAAM,CACA,CAAA,iBAAA,CAAAgC,EACA,CAAA,gBAAA,CAAA/B,GACA,oBAAAe,CAAAA,EAAAA,CACA,4BAAAE,CAAAA,EAAAA,CACA,2BAAAE,CAAAA,EAAAA,CACA,YAAAN,CACA,CAAA,OAAA,CAAAD,CACA,CAAA,uBAAA,CAAAS,CACA,CAAA,aAAA,CAAAzB,EACA,sBAAAK,CAAAA,EAAAA,CACA,QAAAkC,CAAAA,CAAAA,CACA,qBAAAZ,CAAAA,CAAAA,CACA,uBAAAM,EACA,CAAA,mBAAA,CAAA5F,CACA,CAAA,0BAAA,CAAAqE,CACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport moment from 'moment';\n\nconst {\n DEPRECATED_JWT_SECRET, JWT_NEW_SECRET,\n DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET,\n DEPRECATION_UNIX_TIMESTAMP,\n} = process.env;\n\nconst getRelevantSecret = (token: string | undefined, deprecatedSecret: string, newSecret: string): string => {\n const deprecationTime = moment(parseInt(DEPRECATION_UNIX_TIMESTAMP, 10) * 1000);\n try {\n let unixTime: moment.Moment;\n if (token) {\n const { iat } = jwt.decode(token) as jwt.JwtPayload;\n unixTime = moment(iat * 1000);\n } else {\n unixTime = moment();\n }\n return unixTime.isBefore(deprecationTime) ? deprecatedSecret : newSecret;\n } catch (e) {\n return newSecret;\n }\n};\n\nexport const getRefreshTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET);\nexport const getTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_JWT_SECRET, JWT_NEW_SECRET);\n","import type { UUID } from 'node:crypto';\nimport jwt from 'jsonwebtoken';\nimport { getTokenSecret } from './secret-getter';\n\nconst CONTEXT_PROPS = ['fleetId', 'businessModelId', 'demandSourceId'];\nconst CONTEXT_MAP_PROPS = {\n fleet: 'fleets',\n business: 'businessModels',\n demand: 'demandSources',\n};\n\nexport const getAuthFromBearer = (bearer: string): string => bearer.replace('Bearer ', '');\n\nexport const decodeBearer = (bearer: string, appSecret?: string): any => {\n const token = getAuthFromBearer(bearer);\n const decoded = jwt.verify(token, appSecret || getTokenSecret(token));\n return decoded;\n};\n\nexport const parsePermissions = (contextId, decodedToken): any => {\n if (!decodedToken) { return []; }\n const { contexts } = decodedToken;\n const activeContext = contexts.find((context) => context.id === contextId);\n\n const permissionsValue = `${activeContext.permissions?.map((cp) => `${cp},`)}`;\n\n return {\n key: activeContext.entityId,\n value: permissionsValue,\n };\n};\n\nexport const getEntitiesFromContext = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n\n const attributes = {};\n contexts.forEach((context) => {\n const prop = CONTEXT_MAP_PROPS[context.subSystem || 'business'];\n\n const permissions = parsePermissions(context.id, decodedToken);\n attributes[prop] ||= {};\n attributes[prop][permissions.key] = permissions.value;\n });\n\n return attributes;\n};\n\nexport const getContextAttributes = (contextId: string, decodedToken: any): any => {\n if (!decodedToken) { return []; }\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n const attributes = {};\n contexts.forEach((context) => {\n CONTEXT_PROPS.forEach((prop) => {\n if (context[prop]) {\n const contextPropWrapped = [context[prop]];\n attributes[prop] ||= [];\n attributes[prop] = attributes[prop].concat(contextPropWrapped);\n }\n });\n });\n return attributes;\n};\n\nconst EMPTY_UUID = '00000000-0000-0000-0000-000000000000';\nconst FULL_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff';\nconst VALID_CHARS_REGEX = '[0-9a-f]';\nconst UUID_VERSION_REGEX = '[1-8]';\nconst UUID_REGEX = new RegExp(\n `^(?:${VALID_CHARS_REGEX}{8}-${VALID_CHARS_REGEX}{4}-${UUID_VERSION_REGEX}${VALID_CHARS_REGEX}{3}-[89ab]${VALID_CHARS_REGEX}{3}-${VALID_CHARS_REGEX}{12}|${EMPTY_UUID}|${FULL_UUID})$`,\n 'i',\n);\nexport function validateUUID(uuid: unknown): uuid is UUID {\n return typeof uuid === 'string' && UUID_REGEX.test(uuid);\n}\n","import Network from '@autofleet/network';\n\nconst CACHE_LIFETIME_IN_SEC = 10;\nconst apiGwUrl = process.env.API_GATEWAY_URL || 'https://api.autofleet.io';\n\n// eslint-disable-next-line import/prefer-default-export\nexport const IdentityNetwork = new Network({\n serviceName: 'IDENTITY_MS',\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n\nexport const AutofleetApiNetwork = new Network({\n baseURL: apiGwUrl,\n serviceUrl: apiGwUrl,\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n","import NodeCache from 'node-cache';\nimport objectHash from 'object-hash';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport { validateUUID } from '../utils';\nimport { AutofleetApiNetwork, IdentityNetwork } from '../services';\n\nexport type AccountType = 'client' | 'user' | 'service' | 'driver'\ninterface EntityPermissions {\n [key: string]: string[];\n}\n\nexport const ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';\nexport const CONTEXTS_IDS_HEADER = 'x-af-context-ids';\n\nexport interface UserPayload {\n businessModels: EntityPermissions;\n fleets: EntityPermissions;\n demandSources: EntityPermissions;\n businessAccounts?: EntityPermissions;\n accountType?: AccountType;\n contexts?: EntityPermissions;\n createdAt?: string;\n}\n\nexport interface PartialUserPayload {\n businessModels?: EntityPermissions;\n fleets?: EntityPermissions;\n demandSources?: EntityPermissions;\n vehicles?: EntityPermissions;\n drivers?: EntityPermissions;\n businessAccounts?: EntityPermissions;\n}\n\nconst userCache = new NodeCache({ stdTTL: 10 });\n\nconst mergePermissions = (target: UserPayload, sources: Iterable<PartialUserPayload>): UserPayload => {\n const permissions: UserPayload = {\n ...target,\n fleets: { ...target?.fleets },\n businessModels: { ...target?.businessModels },\n demandSources: { ...target?.demandSources },\n // Clone other nested objects as needed\n };\n\n // eslint-disable-next-line no-restricted-syntax\n for (const source of sources) {\n Object.keys(source).forEach((entityType) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType] ??= {};\n Object.entries(source[entityType]!).forEach(([entityId, perms]) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType][entityId] = (permissions[entityType][entityId] || []).concat(perms);\n });\n });\n }\n\n return permissions;\n};\n\nexport default class ApiUser {\n private privatePermissions: UserPayload | undefined;\n\n private readonly privateElevatedPermissionsHash = new Map<symbol, PartialUserPayload | undefined>();\n\n private privatePermissionsLegacy: any;\n\n private readonly appPermission: {[key: string]: any; } = {};\n\n public readonly emptyUser: boolean;\n\n constructor(public id? : string, public accountType?: AccountType, elevatedPermissions?: PartialUserPayload, public contextIds?: string[]) {\n this.emptyUser = !!id;\n if (elevatedPermissions) {\n this.privateElevatedPermissionsHash.set(Symbol('initial'), elevatedPermissions);\n }\n }\n\n public async getUserPermissions(): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n });\n\n let data = userCache.get<UserPayload>(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get<UserPayload>(`/api/v1/users/${this.id}/authorization-payload`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.accountType = data.accountType;\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public async useCustomPermissionLoader(customPermissionLoader: (userId: string) => UserPayload | PromiseLike<UserPayload>): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n\n const cacheKey = this.id;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.privatePermissions = cachedResult;\n return cachedResult;\n }\n\n const data = await customPermissionLoader(this.id);\n userCache.set(cacheKey, data);\n\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public get businessModels(): string[] | undefined {\n return this.getUserProperty('businessModels');\n }\n\n public get fleets(): string[] | undefined {\n return this.getUserProperty('fleets');\n }\n\n public get demandSources(): string[] | undefined {\n return this.getUserProperty('demandSources');\n }\n\n private getUserProperty(key: keyof UserPayload): string[] | undefined {\n if (!this.privatePermissions) {\n throw new Error(`Cannot get ${key} without calling (async) getUserPermissions before`);\n }\n return Object.keys(this.privatePermissions[key] || {});\n }\n\n public get elevatedPermissions(): UserPayload {\n return mergePermissions(undefined, this.privateElevatedPermissionsHash.values());\n }\n\n public get permissions(): UserPayload | undefined {\n if (!this.privatePermissions) {\n throw new Error('Cannot get permissions without calling (async) getUserPermissions before');\n }\n\n return mergePermissions(this.privatePermissions, this.privateElevatedPermissionsHash.values());\n }\n\n public elevatePermissions(addedPermissions: PartialUserPayload): () => void {\n // @itayankri is concerned about memory consumption, so create a symbol with no description, to avoid assigning memory for the description string\n // eslint-disable-next-line symbol-description\n const elevationId = Symbol();\n\n // Validate that the added permissions are valid UUIDs\n Object.values(addedPermissions).forEach((entityIds) => {\n Object.keys(entityIds).forEach((entityId) => {\n if (!validateUUID(entityId)) {\n throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${entityId}`);\n }\n });\n });\n\n const currentUserTrace = getCurrentContext();\n if (!currentUserTrace) {\n throw new Error('Cannot find current user cross services trace');\n }\n\n const currentElevation = JSON.parse(currentUserTrace.context[ELEVATED_PERMISSIONS_HEADER] || '{}');\n const newElevation = Object.assign(currentElevation, addedPermissions);\n this.privateElevatedPermissionsHash.set(elevationId, newElevation);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n return () => {\n this.privateElevatedPermissionsHash.delete(elevationId);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n };\n }\n\n public async getUserPermissionsLegacy() {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissionsLegacy) {\n return this.privatePermissionsLegacy;\n }\n\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n legacy: true,\n });\n let data = userCache.get(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload-legacy`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.privatePermissionsLegacy = data;\n return this.privatePermissionsLegacy;\n }\n\n public get permissionsLegacy(): any {\n if (!this.privatePermissionsLegacy) {\n throw new Error('Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before');\n }\n return this.privatePermissionsLegacy;\n }\n\n public async getUserAppPermissions(appId, clientSecret) {\n if (!this.id || !appId || !clientSecret) {\n return undefined;\n }\n const currentAppPermission = this.appPermission[appId];\n\n if (currentAppPermission) {\n return currentAppPermission;\n }\n\n const cacheKey = `${this.id}:${appId}`;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.appPermission[appId] = cachedResult;\n return cachedResult;\n }\n\n const { data } = await AutofleetApiNetwork.post<UserPayload>(`/api/v1/apps/${appId}/get-user-payload`, {\n userId: this.id,\n }, {\n headers: {\n 'x-autofleet-apps-secret': clientSecret,\n },\n });\n\n userCache.set(cacheKey, data);\n this.appPermission[appId] = data;\n return this.appPermission[appId];\n }\n}\n","import { AutofleetApiNetwork } from './services';\n\nexport const decodeAppBearer = async (bearer: string, appId: string): Promise<any> => {\n const { data: decoded } = await AutofleetApiNetwork.post('/api/v1/auth', { bearer, appId });\n return decoded;\n};\n\nexport const getClientSecret = async (appId: string): Promise<any> => {\n const { data: secret } = await AutofleetApiNetwork.get(`/api/v1/auth/client-secret/${appId}`);\n return secret;\n};\n","export default class AppDoesNotExist extends Error {\n name = 'AppDoesNotExist';\n\n message = 'app does not exist';\n}\n","export const IDENTITY_MS = 'identity-ms';\nexport const ACCESS_TOKEN = 'accessToken';\nexport const USER_OBJECT = 'userObject';\nexport const USER_TRACING_HEADER = 'x-af-user-id';\nexport const ORIGIN_HEADER = 'X-IAF-ORIGIN-SERVICE';\nexport const USER_PERMISSIONS_HEADER = 'x-af-user-permissions';\nexport const LOWER_CASE_ORIGIN_HEADER = ORIGIN_HEADER.toLowerCase();\nexport const AUTOFLEET_APPS_SECRET_HEADER = 'x-autofleet-apps-secret';\n","import type { IncomingHttpHeaders } from 'node:http';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport ApiUser, { CONTEXTS_IDS_HEADER, ELEVATED_PERMISSIONS_HEADER, type UserPayload } from './ApiUser';\nimport {\n IDENTITY_MS,\n USER_OBJECT,\n USER_TRACING_HEADER,\n ORIGIN_HEADER,\n LOWER_CASE_ORIGIN_HEADER,\n} from './const';\n\nexport type CustomPermissionLoader = (userId: string) => Promise<UserPayload>;\nexport interface AuthFromUserIdHeaderOptions {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n customPermissionLoader?: CustomPermissionLoader;\n}\n\nexport const authFromUserIdHeader = async (options: AuthFromUserIdHeaderOptions, headers: IncomingHttpHeaders): Promise<ApiUser | undefined> => {\n const originHeader = headers[ORIGIN_HEADER] || headers[LOWER_CASE_ORIGIN_HEADER] || '';\n if (!Array.isArray(originHeader) && originHeader.toLowerCase() === IDENTITY_MS) {\n return undefined;\n }\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n customPermissionLoader,\n } = options;\n const userId = headers[USER_TRACING_HEADER] as string;\n if (!userId || Array.isArray(userId)) {\n return undefined;\n }\n\n const elevatedPermissionsFromHeader = headers[ELEVATED_PERMISSIONS_HEADER]?.length > 0 ? JSON.parse(headers[ELEVATED_PERMISSIONS_HEADER] as string) : {};\n const contextIds = (headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n\n const userObject = new ApiUser(userId, 'user', elevatedPermissionsFromHeader, contextIds);\n if (eagerLoadUserPermissions) {\n if (customPermissionLoader) {\n await userObject.useCustomPermissionLoader(customPermissionLoader);\n } else {\n await userObject.getUserPermissions();\n }\n }\n\n if (eagerLoadUserPermissionsLegacy) {\n await userObject.getUserPermissionsLegacy();\n }\n\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n return userObject;\n};\n","import type { Handler, Request } from 'express';\nimport { getCurrentContext, newTrace, traceTypes } from '@autofleet/outbreak';\nimport jwt from 'jsonwebtoken';\nimport ApiUser, { CONTEXTS_IDS_HEADER } from './ApiUser';\nimport { decodeAppBearer } from '../app-auth';\nimport AppDoesNotExist from '../exceptions/appDoesNotExist';\nimport { decodeBearer, getAuthFromBearer } from '../utils';\nimport {\n ACCESS_TOKEN,\n USER_OBJECT,\n USER_TRACING_HEADER,\n USER_PERMISSIONS_HEADER,\n AUTOFLEET_APPS_SECRET_HEADER,\n} from './const';\nimport { authFromUserIdHeader, AuthFromUserIdHeaderOptions } from './common';\n\ndeclare module 'express-serve-static-core' {\n // eslint-disable-next-line @typescript-eslint/no-shadow\n interface Request {\n user: ApiUser;\n }\n}\n\nexport const middleware = (options: AuthFromUserIdHeaderOptions = {}): Handler => async (req, res, next): Promise<any> => {\n try {\n const userObject = await authFromUserIdHeader(options, req.headers);\n if (userObject) {\n req.user = userObject;\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n }\n\n next();\n } catch (e) {\n res.status(401).json({ error: 'cannot authenticate user' });\n }\n};\n\nexport const middlewareWithDecode = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n returnErrorIfNoToken?: boolean\n} = {}): Handler => async (req, res, next): Promise<void> => {\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n returnErrorIfNoToken,\n } = options;\n let decoded;\n if (req.headers.authorization) {\n try {\n decoded = await decodeBearer(req.headers.authorization);\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n } else if (e instanceof jwt.JsonWebTokenError) {\n res.status(400).json({ errors: [e.message] });\n } else {\n res.status(500).json({ errors: ['Server error while parsing token'] });\n }\n return;\n }\n const userId = decoded?.user?.id;\n\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n const userObject = new ApiUser(userId, decoded?.user?.accountType, undefined, contextIds);\n\n if (eagerLoadUserPermissions || eagerLoadUserPermissionsLegacy) {\n await Promise.all([\n eagerLoadUserPermissions && userObject.getUserPermissions(),\n eagerLoadUserPermissionsLegacy && userObject.getUserPermissionsLegacy(),\n ]);\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n } else if (returnErrorIfNoToken) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n next();\n};\n\nexport const appMiddleware = (options: {\n appId: string,\n clientSecret: string\n}): Handler => async (req, res, next): Promise<void> => {\n const {\n appId,\n clientSecret,\n } = options;\n let decoded;\n\n if (!req.headers.authorization) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n\n try {\n decoded = await decodeAppBearer(req.headers.authorization, appId);\n if (!decoded) {\n throw new AppDoesNotExist();\n }\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n return;\n }\n if ([jwt.JsonWebTokenError, AppDoesNotExist].some((Err) => e instanceof Err)) {\n res.status(400).json({ errors: [e.message] });\n return;\n }\n res.status(500).json({ errors: ['Server error while parsing token'] });\n return;\n }\n const userId = decoded?.userId;\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const userObject = new ApiUser(userId);\n\n if (appId) {\n req.headers[AUTOFLEET_APPS_SECRET_HEADER] = clientSecret;\n // Won't work until we find a better solution for identity ms\n await userObject.getUserAppPermissions(appId, clientSecret);\n }\n\n req.user = userObject;\n const currentTraceContext = getCurrentContext().nonHeaderContext;\n currentTraceContext?.set(USER_OBJECT, userObject);\n currentTraceContext?.set(ACCESS_TOKEN, getAuthFromBearer(req.headers.authorization));\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n next();\n};\n\nexport const eagerLoadPermissionsMiddleware: Handler = async (req, res, next) => {\n await req.user.getUserPermissions();\n next();\n};\n\nexport const getDecodedBearer = (req: Request) => {\n if (!req.headers.authorization) {\n return null;\n }\n return decodeBearer(req.headers.authorization);\n};\n\nexport const createOrSetRabbitTrace = async (trace: ReturnType<typeof newTrace> | undefined, userId: string | undefined) => {\n const userObject = new ApiUser(userId);\n\n await userObject.getUserPermissions();\n // eslint-disable-next-line no-param-reassign\n trace ??= newTrace(traceTypes.RABBIT);\n trace.nonHeaderContext.set(USER_OBJECT, userObject);\n};\n\nexport default ApiUser;\n","import type { FastifyPluginCallback } from 'fastify';\nimport type ApiUser from './ApiUser';\nimport { AuthFromUserIdHeaderOptions, authFromUserIdHeader } from './common';\n\ndeclare module 'fastify' {\n interface FastifyRequest {\n user?: ApiUser;\n }\n}\n\n// eslint-disable-next-line import/prefer-default-export\nexport const authFromUserIdHeaderPlugin: FastifyPluginCallback<AuthFromUserIdHeaderOptions> = (fastify, options, done) => {\n fastify.decorateRequest('user', undefined);\n fastify.addHook('onRequest', async (request, reply) => {\n try {\n const user = await authFromUserIdHeader(options, request.headers);\n if (user) {\n request.user = user;\n }\n } catch (e) {\n reply.status(401).send({ error: 'cannot authenticate user' });\n }\n });\n\n done();\n};\nauthFromUserIdHeaderPlugin[Symbol.for('skip-override')] = true; // Prevent Fastify from overriding the plugin\n","import { getCurrentContext } from '@autofleet/outbreak';\nimport { USER_OBJECT } from './user/const';\nimport ApiUser, { type UserPayload } from './user/ApiUser';\n\nexport const getUser = () : ApiUser | undefined => getCurrentContext().nonHeaderContext?.get(USER_OBJECT) as ApiUser | undefined;\n\nexport const isUserExist = () => getUser()?.id;\n\nconst checkUserPermissions = (\n entityId: string,\n entityType: Exclude<keyof UserPayload, 'accountType' | 'createdAt'>,\n) => !isUserExist() || Object.hasOwn(getUser()!.permissions[entityType], entityId);\n\nexport const checkFleetPermission = (fleetId: string) => checkUserPermissions(fleetId, 'fleets');\nexport const checkBusinessModelPermission = (businessModelId: string) => checkUserPermissions(businessModelId, 'businessModels');\nexport const checkDemandSourcePermission = (demandSourceId: string) => checkUserPermissions(demandSourceId, 'demandSources');\n","import type ApiUser from './user';\n\n// eslint-disable-next-line import/prefer-default-export\nexport class UnauthorizedAccessError extends Error {\n constructor(public user: ApiUser | null = null, message = 'UnauthorizedAccessError') {\n super(message);\n this.name = 'UnauthorizedAccessError';\n }\n}\n","import jwt from 'jsonwebtoken';\n\nexport const AUTHORIZATION_METHODS = {\n NONE: 'NONE',\n BASIC: 'BASIC',\n JWT: 'JWT',\n};\n\nconst AUTHORIZATION_ACTIONS = {\n [AUTHORIZATION_METHODS.NONE]: () => undefined,\n [AUTHORIZATION_METHODS.BASIC]: (authorizationSettings: any) => {\n const { username, password } = authorizationSettings;\n const encodedCredentials = Buffer.from(`${username}:${password}`).toString('base64');\n return `Basic ${encodedCredentials}`;\n },\n [AUTHORIZATION_METHODS.JWT]: (authorizationSettings: any) => {\n const { secret } = authorizationSettings;\n if (secret) {\n return `Bearer ${jwt.sign({}, secret, { expiresIn: 10 })}`;\n }\n return undefined;\n },\n};\n\nexport const getAuthorizationHeader = (authorizationSettings: { method: string } | undefined): string | undefined => {\n const authorizationMethod = authorizationSettings?.method;\n\n if (!authorizationMethod || !AUTHORIZATION_ACTIONS[authorizationMethod]) {\n return undefined;\n }\n\n return AUTHORIZATION_ACTIONS[authorizationMethod](authorizationSettings);\n};\n","import type { LoggerInstanceManager } from '@autofleet/logger';\nimport * as outbreak from '@autofleet/outbreak';\nimport User, {\n middleware,\n eagerLoadPermissionsMiddleware,\n middlewareWithDecode,\n getDecodedBearer,\n appMiddleware,\n createOrSetRabbitTrace,\n} from './user';\nimport { authFromUserIdHeaderPlugin } from './user/fastify';\nimport { type UserPayload, CONTEXTS_IDS_HEADER } from './user/ApiUser';\nimport {\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n} from './check-permission';\nimport { UnauthorizedAccessError } from './errors';\nimport { getRefreshTokenSecret, getTokenSecret } from './secret-getter';\nimport { AUTHORIZATION_METHODS, getAuthorizationHeader } from './authorization';\n\nconst getCurrentPayload = outbreak.getCurrentContext;\n\ntype OutbreakOptions = Parameters<typeof outbreak.default>[0];\ntype LoggerWithContextMiddleware = Partial<Pick<LoggerInstanceManager, 'addContextMiddleware'>>;\nconst enableTracing = ({ outbreakOptions = {}, logger }: { outbreakOptions?: OutbreakOptions, logger?: LoggerWithContextMiddleware } = {}): void => {\n outbreak.default({\n headersPrefix: 'x-af',\n contextMiddlewareGetter: logger?.addContextMiddleware,\n ...outbreakOptions,\n });\n};\n\nconst { traceTypes, newTrace } = outbreak;\n\nexport {\n traceTypes,\n newTrace,\n enableTracing,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n getRefreshTokenSecret,\n getTokenSecret,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n type UserPayload,\n CONTEXTS_IDS_HEADER,\n authFromUserIdHeaderPlugin,\n};\n\nexport default {\n traceTypes,\n newTrace,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n CONTEXTS_IDS_HEADER,\n authFromUserIdHeaderPlugin,\n};\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/secret-getter.ts","../src/utils.ts","../src/services.ts","../src/user/ApiUser.ts","../src/app-auth.ts","../src/exceptions/appDoesNotExist.ts","../src/user/const.ts","../src/user/common.ts","../src/user/index.ts","../src/user/fastify.ts","../src/check-permission.ts","../src/errors.ts","../src/authorization.ts","../src/index.ts"],"names":["DEPRECATED_JWT_SECRET","JWT_NEW_SECRET","DEPRECATED_REFRESH_JWT_SECRET","REFRESH_JWT_SECRET","DEPRECATION_UNIX_TIMESTAMP","getRelevantSecret","token","deprecatedSecret","newSecret","deprecationTime","moment","unixTime","iat","jwt","getRefreshTokenSecret","getTokenSecret","getAuthFromBearer","bearer","decodeBearer","appSecret","EMPTY_UUID","FULL_UUID","VALID_CHARS_REGEX","UUID_VERSION_REGEX","UUID_REGEX","validateUUID","uuid","CACHE_LIFETIME_IN_SEC","apiGwUrl","IdentityNetwork","Network","AutofleetApiNetwork","ELEVATED_PERMISSIONS_HEADER","CONTEXTS_IDS_HEADER","userCache","NodeCache","mergePermissions","target","sources","permissions","source","entityType","entityId","perms","ApiUser","id","accountType","elevatedPermissions","contextIds","cacheKey","objectHash","data","customPermissionLoader","cachedResult","key","addedPermissions","elevationId","entityIds","currentUserTrace","getCurrentContext","currentElevation","newElevation","cleanup","appId","clientSecret","currentAppPermission","decodeAppBearer","decoded","AppDoesNotExist","IDENTITY_MS","ACCESS_TOKEN","USER_OBJECT","USER_TRACING_HEADER","ORIGIN_HEADER","USER_PERMISSIONS_HEADER","LOWER_CASE_ORIGIN_HEADER","AUTOFLEET_APPS_SECRET_HEADER","authFromUserIdHeader","options","headers","originHeader","eagerLoadUserPermissions","eagerLoadUserPermissionsLegacy","userId","elevatedPermissionsFromHeader","userObject","middleware","req","res","next","middlewareWithDecode","returnErrorIfNoToken","e","appMiddleware","Err","currentTraceContext","eagerLoadPermissionsMiddleware","getDecodedBearer","createOrSetRabbitTrace","trace","newTrace","traceTypes","user_default","authFromUserIdHeaderPlugin","fastify","done","request","reply","user","getUser","isUserExist","checkUserPermissions","checkFleetPermission","fleetId","checkBusinessModelPermission","businessModelId","checkDemandSourcePermission","demandSourceId","UnauthorizedAccessError","message","AUTHORIZATION_METHODS","AUTHORIZATION_ACTIONS","authorizationSettings","username","password","secret","getAuthorizationHeader","authorizationMethod","getCurrentPayload","enableTracing","outbreakOptions","logger","outbreak","index_default"],"mappings":"+QAGA,IAAM,CACJ,qBAAAA,CAAAA,EAAAA,CAAuB,cAAAC,CAAAA,EAAAA,CACvB,6BAAAC,CAAAA,EAAAA,CAA+B,mBAAAC,EAC/B,CAAA,0BAAA,CAAAC,EACF,CAAA,CAAI,OAAQ,CAAA,GAAA,CAENC,EAAoB,CAACC,CAAAA,CAA2BC,CAA0BC,CAAAA,CAAAA,GAA8B,CAC5G,IAAMC,EAAkBC,CAAO,CAAA,QAAA,CAASN,EAA4B,CAAA,EAAE,CAAI,CAAA,GAAI,EAC9E,GAAI,CACF,IAAIO,CAAAA,CACJ,GAAIL,CAAAA,CAAO,CACT,GAAM,CAAE,GAAAM,CAAAA,CAAI,CAAIC,CAAAA,CAAAA,CAAI,OAAOP,CAAK,CAAA,CAChCK,CAAWD,CAAAA,CAAAA,CAAOE,CAAM,CAAA,GAAI,EAC9B,CACED,KAAAA,CAAAA,CAAWD,CAAO,EAAA,CAEpB,OAAOC,CAAAA,CAAS,SAASF,CAAe,CAAA,CAAIF,CAAmBC,CAAAA,CACjE,CAAY,KAAA,CACV,OAAOA,CACT,CACF,CAEaM,CAAAA,EAAAA,CAAyBR,CAA2BD,EAAAA,CAAAA,CAAkBC,CAAOJ,CAAAA,EAAAA,CAA+BC,EAAkB,CAAA,CAC9HY,CAAkBT,CAAAA,CAAAA,EAA2BD,CAAkBC,CAAAA,CAAAA,CAAON,GAAuBC,EAAc,ECVjH,IAAMe,CAAAA,CAAqBC,CAA2BA,EAAAA,CAAAA,CAAO,QAAQ,SAAW,CAAA,EAAE,CAE5EC,CAAAA,CAAAA,CAAe,CAACD,CAAAA,CAAgBE,IAA4B,CACvE,IAAMb,CAAQU,CAAAA,CAAAA,CAAkBC,CAAM,CAAA,CAEtC,OADgBJ,CAAI,CAAA,MAAA,CAAOP,CAAOa,CAAaJ,CAAeT,CAAAA,CAAK,CAAC,CAEtE,CAAA,CAuDA,IAAMc,EAAAA,CAAa,sCACbC,CAAAA,EAAAA,CAAY,uCACZC,CAAoB,CAAA,UAAA,CACpBC,EAAqB,CAAA,OAAA,CACrBC,EAAa,CAAA,IAAI,OACrB,CAAOF,IAAAA,EAAAA,CAAiB,CAAOA,IAAAA,EAAAA,CAAiB,CAAOC,IAAAA,EAAAA,EAAkB,CAAGD,EAAAA,CAAiB,CAAaA,UAAAA,EAAAA,CAAiB,CAAOA,IAAAA,EAAAA,CAAiB,CAAQF,KAAAA,EAAAA,EAAU,IAAIC,EAAS,CAAA,EAAA,CAAA,CAClL,GACF,CAAA,CACO,SAASI,CAAAA,CAAaC,EAA6B,CACxD,OAAO,OAAOA,CAAAA,EAAS,QAAYF,EAAAA,EAAAA,CAAW,KAAKE,CAAI,CACzD,CCrFA,IAAMC,CAAwB,CAAA,EAAA,CACxBC,CAAW,CAAA,OAAA,CAAQ,GAAI,CAAA,eAAA,EAAmB,2BAGnCC,CAAkB,CAAA,IAAIC,CAAQ,CAAA,CACzC,WAAa,CAAA,aAAA,CACb,QAAS,CACT,CAAA,cAAA,CAAgB,IAAM,IAAA,CACtB,KAAO,CAAA,OAAA,CAAQ,IAAI,QAAa,GAAA,MAAA,CAAS,CACvC,MAAA,CAAQH,CAAwB,CAAA,GAClC,CAAI,CAAA,MACN,CAAC,CAAA,CAEYI,CAAsB,CAAA,IAAID,CAAQ,CAAA,CAC7C,QAASF,CACT,CAAA,UAAA,CAAYA,CACZ,CAAA,OAAA,CAAS,CACT,CAAA,cAAA,CAAgB,IAAM,IACtB,CAAA,KAAA,CAAO,OAAQ,CAAA,GAAA,CAAI,QAAa,GAAA,MAAA,CAAS,CACvC,MAAQD,CAAAA,CAAAA,CAAwB,GAClC,CAAA,CAAI,MACN,CAAC,ECZYK,IAAAA,CAAAA,CAA8B,2BAC9BC,CAAAA,CAAAA,CAAsB,kBAqB7BC,CAAAA,CAAAA,CAAY,IAAIC,EAAU,CAAA,CAAE,MAAQ,CAAA,EAAG,CAAC,CAAA,CAExCC,EAAmB,CAACC,CAAAA,CAAqBC,CAAuD,GAAA,CACpG,IAAMC,CAAAA,CAA2B,CAC/B,GAAGF,CAAAA,CACH,MAAQ,CAAA,CAAE,GAAGA,CAAAA,EAAQ,MAAO,CAAA,CAC5B,cAAgB,CAAA,CAAE,GAAGA,CAAAA,EAAQ,cAAe,CAAA,CAC5C,cAAe,CAAE,GAAGA,CAAQ,EAAA,aAAc,CAE5C,CAAA,CAGA,QAAWG,CAAUF,IAAAA,CAAAA,CACnB,MAAO,CAAA,IAAA,CAAKE,CAAM,CAAA,CAAE,QAASC,CAAe,EAAA,CAE1CF,CAAYE,CAAAA,CAAU,CAAM,GAAA,GAC5B,MAAO,CAAA,OAAA,CAAQD,CAAOC,CAAAA,CAAU,CAAE,CAAA,CAAE,QAAQ,CAAC,CAACC,CAAUC,CAAAA,CAAK,CAAM,GAAA,CAEjEJ,EAAYE,CAAU,CAAA,CAAEC,CAAQ,CAAA,CAAA,CAAKH,CAAYE,CAAAA,CAAU,EAAEC,CAAQ,CAAA,EAAK,EAAC,EAAG,MAAOC,CAAAA,CAAK,EAC5F,CAAC,EACH,CAAC,CAGH,CAAA,OAAOJ,CACT,EAEI,OAAO,MAAO,CAAA,OAAA,EAAY,QAE5B,EAAA,MAAA,CAAO,cAAe,CAAA,MAAA,CAAQ,UAAW,CAEvC,SAAA,CAAW,IACX,CAAA,YAAA,CAAc,KACd,CAAA,UAAA,CAAY,MACZ,KAAO,CAAA,MAAA,CAAO,GAAI,CAAA,gBAAgB,CAClC,CAAA,QAAA,CAAU,KACZ,CAAC,CAAA,CAEC,OAAO,MAAA,CAAO,YAAiB,EAAA,QAAA,EAEjC,OAAO,cAAe,CAAA,MAAA,CAAQ,cAAgB,CAAA,CAE5C,SAAW,CAAA,IAAA,CACX,aAAc,KACd,CAAA,UAAA,CAAY,KACZ,CAAA,KAAA,CAAO,MAAO,CAAA,GAAA,CAAI,qBAAqB,CACvC,CAAA,QAAA,CAAU,KACZ,CAAC,CAGH,CAAA,IAAqBK,CAArB,CAAA,KAA6B,CAW3B,WAAA,CAAmBC,CAAqBC,CAAAA,CAAAA,CAA2BC,CAAiDC,CAAAA,CAAAA,CAAuB,CAAxH,IAAAH,CAAAA,EAAAA,CAAAA,CAAAA,CAAqB,IAAAC,CAAAA,WAAAA,CAAAA,CAAAA,CAA4E,IAAAE,CAAAA,UAAAA,CAAAA,CAAAA,CARpH,KAAiB,8BAAiC,CAAA,IAAI,GAItD,CAAA,IAAA,CAAiB,aAAwC,CAAA,GAKvD,IAAK,CAAA,SAAA,CAAY,CAAC,CAACH,CACfE,CAAAA,CAAAA,EACF,KAAK,8BAA+B,CAAA,GAAA,CAAI,MAAO,CAAA,SAAS,CAAGA,CAAAA,CAAmB,EAElF,CAEA,MAAa,kBAA2C,EAAA,CACtD,GAAI,CAAC,KAAK,EACR,CAAA,OAEF,GAAI,IAAA,CAAK,kBACP,CAAA,OAAO,KAAK,kBAEd,CAAA,IAAME,CAAWC,CAAAA,CAAAA,CAAW,CAC1B,EAAA,CAAI,IAAK,CAAA,EAAA,CACT,UAAY,CAAA,IAAA,CAAK,UACnB,CAAC,CAEGC,CAAAA,CAAAA,CAAOjB,EAAU,GAAiBe,CAAAA,CAAQ,CAE9C,CAAA,OAAKE,CACF,GAAA,CAAE,KAAAA,CAAK,CAAA,CAAI,MAAMtB,CAAAA,CAAgB,GAAiB,CAAA,CAAA,cAAA,EAAiB,KAAK,EAAE,CAAA,sBAAA,CAAA,CAA0B,CAAE,MAAA,CAAQ,CAAE,UAAA,CAAY,KAAK,UAAW,CAAE,CAAC,CAAA,CAChJK,CAAU,CAAA,GAAA,CAAIe,EAAUE,CAAI,CAAA,CAAA,CAG9B,IAAK,CAAA,WAAA,CAAcA,CAAK,CAAA,WAAA,CACxB,KAAK,kBAAqBA,CAAAA,CAAAA,CACnB,IAAK,CAAA,kBACd,CAEA,MAAa,0BAA0BC,CAA0G,CAAA,CAC/I,GAAI,CAAC,IAAK,CAAA,EAAA,CACR,OAEF,GAAI,IAAA,CAAK,kBACP,CAAA,OAAO,IAAK,CAAA,kBAAA,CAGd,IAAMH,CAAW,CAAA,IAAA,CAAK,EAEhBI,CAAAA,CAAAA,CAAenB,CAAU,CAAA,GAAA,CAAiBe,CAAQ,CACxD,CAAA,GAAII,CACF,CAAA,OAAA,IAAA,CAAK,kBAAqBA,CAAAA,CAAAA,CACnBA,EAGT,IAAMF,CAAAA,CAAO,MAAMC,CAAAA,CAAuB,IAAK,CAAA,EAAE,EACjD,OAAAlB,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAAA,CAE5B,KAAK,kBAAqBA,CAAAA,CAAAA,CACnB,IAAK,CAAA,kBACd,CAEA,IAAW,gBAA2B,CACpC,OAAO,IAAK,CAAA,eAAA,CAAgB,gBAAgB,CAC9C,CAEA,IAAW,MAAA,EAAmB,CAC5B,OAAO,IAAK,CAAA,eAAA,CAAgB,QAAQ,CACtC,CAEA,IAAW,aAA0B,EAAA,CACnC,OAAO,IAAA,CAAK,gBAAgB,eAAe,CAC7C,CAEQ,eAAA,CAAgBG,CAAkC,CAAA,CACxD,GAAI,CAAC,IAAA,CAAK,kBACR,CAAA,MAAM,IAAI,KAAA,CAAM,cAAcA,CAAG,CAAA,kDAAA,CAAoD,CAEvF,CAAA,OAAO,MAAO,CAAA,IAAA,CAAK,KAAK,kBAAmBA,CAAAA,CAAG,CAAK,EAAA,EAAE,CACvD,CAEA,IAAW,mBAAA,EAAmC,CAC5C,OAAOlB,CAAiB,CAAA,MAAA,CAAW,KAAK,8BAA+B,CAAA,MAAA,EAAQ,CACjF,CAEA,IAAW,aAAuC,CAChD,GAAI,CAAC,IAAA,CAAK,kBACR,CAAA,MAAM,IAAI,KAAA,CAAM,0EAA0E,CAAA,CAG5F,OAAOA,CAAAA,CAAiB,IAAK,CAAA,kBAAA,CAAoB,KAAK,8BAA+B,CAAA,MAAA,EAAQ,CAC/F,CAEO,kBAAA,CAAmBmB,EAAuF,CAG/G,IAAMC,CAAc,CAAA,MAAA,EAGpB,CAAA,MAAA,CAAO,OAAOD,CAAgB,CAAA,CAAE,OAASE,CAAAA,CAAAA,EAAc,CACrD,MAAA,CAAO,KAAKA,CAAS,CAAA,CAAE,OAASf,CAAAA,CAAAA,EAAa,CAC3C,GAAI,CAACjB,CAAaiB,CAAAA,CAAQ,CACxB,CAAA,MAAM,IAAI,KAAA,CAAM,kEAAkEA,CAAQ,CAAA,CAAE,CAEhG,CAAC,EACH,CAAC,EAED,IAAMgB,CAAAA,CAAmBC,iBAAkB,EAAA,CAC3C,GAAI,CAACD,CACH,CAAA,MAAM,IAAI,KAAA,CAAM,+CAA+C,CAAA,CAGjE,IAAME,CAAAA,CAAmB,KAAK,KAAMF,CAAAA,CAAAA,CAAiB,OAAQ1B,CAAAA,CAA2B,CAAK,EAAA,IAAI,EAC3F6B,CAAe,CAAA,MAAA,CAAO,MAAOD,CAAAA,CAAAA,CAAkBL,CAAgB,CAAA,CACrE,KAAK,8BAA+B,CAAA,GAAA,CAAIC,CAAaK,CAAAA,CAAY,CACjEH,CAAAA,CAAAA,CAAiB,QAAQ,GAAI1B,CAAAA,CAAAA,CAA6B,IAAK,CAAA,SAAA,CAAU,IAAK,CAAA,mBAAmB,CAAC,CAClG,CAAA,IAAM8B,CAAU,CAAA,IAAM,CACpB,IAAA,CAAK,+BAA+B,MAAON,CAAAA,CAAW,CACtDE,CAAAA,CAAAA,CAAiB,OAAQ,CAAA,GAAA,CAAI1B,EAA6B,IAAK,CAAA,SAAA,CAAU,IAAK,CAAA,mBAAmB,CAAC,EACpG,CACA,CAAA,OAAA8B,CAAQ,CAAA,MAAA,CAAO,OAAO,CAAA,CAAIA,CACnBA,CAAAA,CACT,CAEA,MAAa,wBAAA,EAA2B,CACtC,GAAI,CAAC,IAAA,CAAK,GACR,OAEF,GAAI,IAAK,CAAA,wBAAA,CACP,OAAO,IAAA,CAAK,yBAGd,IAAMb,CAAAA,CAAWC,CAAW,CAAA,CAC1B,EAAI,CAAA,IAAA,CAAK,GACT,UAAY,CAAA,IAAA,CAAK,UACjB,CAAA,MAAA,CAAQ,IACV,CAAC,EACGC,CAAOjB,CAAAA,CAAAA,CAAU,GAAIe,CAAAA,CAAQ,CAEjC,CAAA,OAAKE,IACF,CAAE,IAAA,CAAAA,CAAK,CAAA,CAAI,MAAMtB,CAAAA,CAAgB,IAAI,CAAiB,cAAA,EAAA,IAAA,CAAK,EAAE,CAAA,6BAAA,CAAA,CAAiC,CAAE,MAAA,CAAQ,CAAE,UAAA,CAAY,IAAK,CAAA,UAAW,CAAE,CAAC,CAC1IK,CAAAA,CAAAA,CAAU,IAAIe,CAAUE,CAAAA,CAAI,CAG9B,CAAA,CAAA,IAAA,CAAK,wBAA2BA,CAAAA,CAAAA,CACzB,KAAK,wBACd,CAEA,IAAW,iBAAA,EAAyB,CAClC,GAAI,CAAC,IAAK,CAAA,wBAAA,CACR,MAAM,IAAI,KAAM,CAAA,sFAAsF,EAExG,OAAO,IAAA,CAAK,wBACd,CAEA,MAAa,qBAAA,CAAsBY,EAAeC,CAAwD,CAAA,CACxG,GAAI,CAAC,IAAK,CAAA,EAAA,EAAM,CAACD,CAAS,EAAA,CAACC,CACzB,CAAA,OAEF,IAAMC,CAAAA,CAAuB,KAAK,aAAcF,CAAAA,CAAK,CAErD,CAAA,GAAIE,CACF,CAAA,OAAOA,CAGT,CAAA,IAAMhB,CAAW,CAAA,CAAA,EAAG,IAAK,CAAA,EAAE,CAAIc,CAAAA,EAAAA,CAAK,GAE9BV,CAAenB,CAAAA,CAAAA,CAAU,GAAiBe,CAAAA,CAAQ,CACxD,CAAA,GAAII,EACF,OAAK,IAAA,CAAA,aAAA,CAAcU,CAAK,CAAA,CAAIV,CACrBA,CAAAA,CAAAA,CAGT,GAAM,CAAE,IAAA,CAAAF,CAAK,CAAA,CAAI,MAAMpB,CAAAA,CAAoB,KAAkB,CAAgBgC,aAAAA,EAAAA,CAAK,CAAqB,iBAAA,CAAA,CAAA,CACrG,MAAQ,CAAA,IAAA,CAAK,EACf,CAAG,CAAA,CACD,OAAS,CAAA,CACP,yBAA2BC,CAAAA,CAC7B,CACF,CAAC,CAAA,CAED,OAAA9B,CAAAA,CAAU,GAAIe,CAAAA,CAAAA,CAAUE,CAAI,CAC5B,CAAA,IAAA,CAAK,aAAcY,CAAAA,CAAK,CAAIZ,CAAAA,CAAAA,CACrB,IAAK,CAAA,aAAA,CAAcY,CAAK,CACjC,CACF,CAAA,CC5QO,IAAMG,CAAAA,CAAkB,MAAOjD,CAAgB8C,CAAAA,CAAAA,GAAgC,CACpF,GAAM,CAAE,IAAA,CAAMI,CAAQ,CAAI,CAAA,MAAMpC,CAAoB,CAAA,IAAA,CAAK,cAAgB,CAAA,CAAE,OAAAd,CAAQ,CAAA,KAAA,CAAA8C,CAAM,CAAC,CAC1F,CAAA,OAAOI,CACT,CCLA,CAAA,IAAqBC,CAArB,CAAA,cAA6C,KAAM,CAAnD,kCACE,IAAO,CAAA,IAAA,CAAA,iBAAA,CAEP,IAAU,CAAA,OAAA,CAAA,qBAAA,CACZ,CCJO,CAAA,IAAMC,EAAc,aACdC,CAAAA,CAAAA,CAAe,aACfC,CAAAA,CAAAA,CAAc,YACdC,CAAAA,CAAAA,CAAsB,eACtBC,CAAgB,CAAA,sBAAA,CAChBC,CAA0B,CAAA,uBAAA,CAC1BC,CAA2BF,CAAAA,CAAAA,CAAc,aACzCG,CAAAA,CAAAA,CAA+B,yBCN5C,CAiBO,IAAMC,CAAAA,CAAuB,MAAOC,CAAAA,CAAsCC,CAA+D,GAAA,CAC9I,IAAMC,CAAeD,CAAAA,CAAAA,CAAQN,CAAa,CAAA,EAAKM,CAAQJ,CAAAA,CAAwB,GAAK,EACpF,CAAA,GAAI,CAAC,KAAA,CAAM,OAAQK,CAAAA,CAAY,GAAKA,CAAa,CAAA,WAAA,EAAkBX,GAAAA,CAAAA,CACjE,OAEF,GAAM,CACJ,wBAAAY,CAAAA,CAAAA,CACA,8BAAAC,CAAAA,CAAAA,CACA,sBAAA9B,CAAAA,CACF,EAAI0B,CACEK,CAAAA,CAAAA,CAASJ,CAAQP,CAAAA,CAAmB,CAC1C,CAAA,GAAI,CAACW,CAAU,EAAA,KAAA,CAAM,OAAQA,CAAAA,CAAM,CACjC,CAAA,OAGF,IAAMC,CAAAA,CAAgCL,CAAQ/C,CAAAA,CAA2B,CAAG,EAAA,MAAA,CAAS,CAAI,CAAA,IAAA,CAAK,MAAM+C,CAAQ/C,CAAAA,CAA2B,CAAW,CAAA,CAAI,EAAC,CACjJgB,EAAc+B,CAAU9C,GAAAA,CAAmB,CAAc,EAAA,KAAA,CAAM,GAAG,CAAA,CAElEoD,EAAa,IAAIzC,CAAAA,CAAQuC,CAAQ,CAAA,MAAA,CAAQC,CAA+BpC,CAAAA,CAAU,EACxF,OAAIiC,CAAAA,GACE7B,CACF,CAAA,MAAMiC,CAAW,CAAA,yBAAA,CAA0BjC,CAAsB,CAEjE,CAAA,MAAMiC,CAAW,CAAA,kBAAA,EAIjBH,CAAAA,CAAAA,CAAAA,EACF,MAAMG,CAAW,CAAA,wBAAA,EAGnB1B,CAAAA,iBAAAA,EAAoB,CAAA,gBAAA,EAAkB,IAAIY,CAAac,CAAAA,CAAU,CAC1DA,CAAAA,CACT,CC5BO,CAAA,IAAMC,CAAa,CAAA,CAACR,CAAuC,CAAA,EAAgB,GAAA,MAAOS,CAAKC,CAAAA,CAAAA,CAAKC,IAAuB,CACxH,GAAI,CACF,IAAMJ,CAAa,CAAA,MAAMR,EAAqBC,CAASS,CAAAA,CAAAA,CAAI,OAAO,CAAA,CAC9DF,CACFE,GAAAA,CAAAA,CAAI,KAAOF,CAGXE,CAAAA,CAAAA,CAAI,OAAQb,CAAAA,CAAuB,CAAIW,CAAAA,CAAAA,CAAAA,CAGzCI,IACF,CAAA,KAAY,CACVD,CAAAA,CAAI,MAAO,CAAA,GAAG,EAAE,IAAK,CAAA,CAAE,KAAO,CAAA,0BAA2B,CAAC,EAC5D,CACF,CAEaE,CAAAA,CAAAA,CAAuB,CAACZ,CAAAA,CAIjC,EAAC,GAAe,MAAOS,CAAKC,CAAAA,CAAAA,CAAKC,CAAwB,GAAA,CAC3D,GAAM,CACJ,wBAAAR,CAAAA,CAAAA,CACA,8BAAAC,CAAAA,CAAAA,CACA,oBAAAS,CAAAA,CACF,CAAIb,CAAAA,CAAAA,CACAX,EACJ,GAAIoB,CAAAA,CAAI,OAAQ,CAAA,aAAA,CAAe,CAC7B,GAAI,CACFpB,CAAU,CAAA,MAAMjD,CAAaqE,CAAAA,CAAAA,CAAI,OAAQ,CAAA,aAAa,EACxD,CAASK,MAAAA,CAAAA,CAAG,CACNA,CAAAA,YAAa/E,CAAI,CAAA,iBAAA,CACnB2E,EAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAA,CAAQ,CAAC,sBAAsB,CAAE,CAAC,CAAA,CAChDI,CAAa/E,YAAAA,CAAAA,CAAI,kBAC1B2E,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA,CAAE,OAAQ,CAACI,CAAAA,CAAE,OAAO,CAAE,CAAC,CAAA,CAE5CJ,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA,CAAE,MAAQ,CAAA,CAAC,kCAAkC,CAAE,CAAC,CAEvE,CAAA,MACF,CACA,IAAML,EAAShB,CAAS,EAAA,IAAA,EAAM,EAE1BgB,CAAAA,CAAAA,GACFI,CAAI,CAAA,OAAA,CAAQf,CAAmB,CAAIW,CAAAA,CAAAA,CAAAA,CAGrC,IAAMnC,CAAAA,CAAcuC,CAAI,CAAA,OAAA,GAAUtD,CAAmB,CAAc,EAAA,KAAA,CAAM,GAAG,CAAA,CACtEoD,CAAa,CAAA,IAAIzC,EAAQuC,CAAQhB,CAAAA,CAAAA,EAAS,IAAM,EAAA,WAAA,CAAa,MAAWnB,CAAAA,CAAU,GAEpFiC,CAA4BC,EAAAA,CAAAA,GAC9B,MAAM,OAAA,CAAQ,GAAI,CAAA,CAChBD,GAA4BI,CAAW,CAAA,kBAAA,EACvCH,CAAAA,CAAAA,EAAkCG,CAAW,CAAA,wBAAA,EAC/C,CAAC,CAGHE,CAAAA,CAAAA,CAAI,IAAOF,CAAAA,CAAAA,CACX1B,iBAAkB,EAAA,CAAE,kBAAkB,GAAIY,CAAAA,CAAAA,CAAac,CAAU,CAAA,CAIjEE,CAAI,CAAA,OAAA,CAAQb,CAAuB,CAAIW,CAAAA,EACzC,CAAWM,KAAAA,GAAAA,CAAAA,CAAsB,CAC/BH,CAAAA,CAAI,OAAO,GAAG,CAAA,CAAE,IAAK,CAAA,CAAE,MAAQ,CAAA,CAAC,mBAAmB,CAAE,CAAC,CACtD,CAAA,MACF,CACAC,CAAAA,GACF,CAEaI,CAAAA,CAAAA,CAAiBf,CAGf,EAAA,MAAOS,CAAKC,CAAAA,CAAAA,CAAKC,IAAwB,CACtD,GAAM,CACJ,KAAA,CAAA1B,CACA,CAAA,YAAA,CAAAC,CACF,CAAIc,CAAAA,CAAAA,CACAX,CAEJ,CAAA,GAAI,CAACoB,CAAAA,CAAI,OAAQ,CAAA,aAAA,CAAe,CAC9BC,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAAC,mBAAmB,CAAE,CAAC,CAAA,CACtD,MACF,CAEA,GAAI,CAEF,GADArB,CAAU,CAAA,MAAMD,EAAgBqB,CAAI,CAAA,OAAA,CAAQ,aAAexB,CAAAA,CAAK,CAC5D,CAAA,CAACI,EACH,MAAM,IAAIC,CAEd,CAAA,MAASwB,CAAG,CAAA,CACV,GAAIA,CAAa/E,YAAAA,CAAAA,CAAI,iBAAmB,CAAA,CACtC2E,CAAI,CAAA,MAAA,CAAO,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAA,CAAQ,CAAC,sBAAsB,CAAE,CAAC,CAAA,CACzD,MACF,CACA,GAAI,CAAC3E,CAAI,CAAA,iBAAA,CAAmBuD,CAAe,CAAA,CAAE,IAAM0B,CAAAA,CAAAA,EAAQF,CAAaE,YAAAA,CAAG,EAAG,CAC5EN,CAAAA,CAAI,MAAO,CAAA,GAAG,CAAE,CAAA,IAAA,CAAK,CAAE,MAAQ,CAAA,CAACI,CAAE,CAAA,OAAO,CAAE,CAAC,EAC5C,MACF,CACAJ,CAAI,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,KAAK,CAAE,MAAA,CAAQ,CAAC,kCAAkC,CAAE,CAAC,EACrE,MACF,CACA,IAAML,CAAAA,CAAShB,CAAS,EAAA,MAAA,CACpBgB,IACFI,CAAI,CAAA,OAAA,CAAQf,CAAmB,CAAA,CAAIW,CAGrC,CAAA,CAAA,IAAME,EAAa,IAAIzC,CAAAA,CAAQuC,CAAM,CAAA,CAEjCpB,CACFwB,GAAAA,CAAAA,CAAI,QAAQX,CAA4B,CAAA,CAAIZ,CAE5C,CAAA,MAAMqB,CAAW,CAAA,qBAAA,CAAsBtB,EAAOC,CAAY,CAAA,CAAA,CAG5DuB,CAAI,CAAA,IAAA,CAAOF,CACX,CAAA,IAAMU,EAAsBpC,iBAAkB,EAAA,CAAE,gBAChDoC,CAAAA,CAAAA,EAAqB,GAAIxB,CAAAA,CAAAA,CAAac,CAAU,CAChDU,CAAAA,CAAAA,EAAqB,GAAIzB,CAAAA,CAAAA,CAActD,CAAkBuE,CAAAA,CAAAA,CAAI,QAAQ,aAAa,CAAC,CAInFA,CAAAA,CAAAA,CAAI,OAAQb,CAAAA,CAAuB,EAAIW,CAEvCI,CAAAA,CAAAA,GACF,CAAA,CAEaO,CAA0C,CAAA,MAAOT,EAAKC,CAAKC,CAAAA,CAAAA,GAAS,CAC/E,MAAMF,CAAI,CAAA,IAAA,CAAK,oBACfE,CAAAA,CAAAA,GACF,CAAA,CAEaQ,EAAoBV,CAAAA,CAAAA,EAC1BA,CAAI,CAAA,OAAA,CAAQ,aAGVrE,CAAAA,CAAAA,CAAaqE,CAAI,CAAA,OAAA,CAAQ,aAAa,CAAA,CAFpC,KAKEW,EAAyB,CAAA,MAAOC,CAAgDhB,CAAAA,CAAAA,GAA+B,CAC1H,IAAME,EAAa,IAAIzC,CAAAA,CAAQuC,CAAM,CAAA,CAErC,MAAME,CAAAA,CAAW,oBAEjBc,CAAAA,CAAAA,GAAUC,QAASC,CAAAA,UAAAA,CAAW,MAAM,CAAA,CACpCF,EAAM,gBAAiB,CAAA,GAAA,CAAI5B,CAAac,CAAAA,CAAU,EACpD,CAAA,CAEOiB,GAAQ1D,EC/JR,IAAM2D,CAAiF,CAAA,CAACC,CAAS1B,CAAAA,CAAAA,CAAS2B,IAAS,CACxHD,CAAAA,CAAQ,eAAgB,CAAA,MAAA,CAAQ,MAAS,CAAA,CACzCA,EAAQ,OAAQ,CAAA,WAAA,CAAa,MAAOE,CAAAA,CAASC,CAAU,GAAA,CACrD,GAAI,CACF,IAAMC,CAAAA,CAAO,MAAM/B,CAAAA,CAAqBC,CAAS4B,CAAAA,CAAAA,CAAQ,OAAO,CAC5DE,CAAAA,CAAAA,GACFF,CAAQ,CAAA,IAAA,CAAOE,CAEnB,EAAA,CAAA,KAAY,CACVD,CAAM,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA,CAAE,MAAO,0BAA2B,CAAC,EAC9D,CACF,CAAC,CAAA,CAEDF,IACF,EACAF,CAA2B,CAAA,MAAA,CAAO,GAAI,CAAA,eAAe,CAAC,CAAI,CAAA,IAAA,KCtB7CM,CAAU,CAAA,IAA4BlD,iBAAkB,EAAA,CAAE,gBAAkB,EAAA,GAAA,CAAIY,CAAW,CAE3FuC,CAAAA,CAAAA,CAAc,IAAMD,CAAAA,EAAW,EAAA,EAAA,CAEtCE,CAAuB,CAAA,CAC3BrE,CACAD,CAAAA,CAAAA,GACG,CAACqE,CAAAA,EAAiB,EAAA,MAAA,CAAO,OAAOD,CAAQ,EAAA,CAAG,WAAYpE,CAAAA,CAAU,CAAGC,CAAAA,CAAQ,EAEpEsE,EAAwBC,CAAAA,CAAAA,EAAoBF,CAAqBE,CAAAA,CAAAA,CAAS,QAAQ,CAAA,CAClFC,GAAgCC,CAA4BJ,EAAAA,CAAAA,CAAqBI,CAAiB,CAAA,gBAAgB,CAClHC,CAAAA,EAAAA,CAA+BC,GAA2BN,CAAqBM,CAAAA,CAAAA,CAAgB,eAAe,ECZ9GC,IAAAA,CAAAA,CAAN,cAAsC,KAAM,CACjD,WAAmBV,CAAAA,CAAAA,CAAuB,IAAMW,CAAAA,CAAAA,CAAU,0BAA2B,CACnF,KAAA,CAAMA,CAAO,CAAA,CADI,IAAAX,CAAAA,IAAAA,CAAAA,CAAAA,CAEjB,KAAK,IAAO,CAAA,0BACd,CACF,ECNO,IAAMY,CAAwB,CAAA,CACnC,IAAM,CAAA,MAAA,CACN,KAAO,CAAA,OAAA,CACP,IAAK,KACP,CAAA,CAEMC,EAAwB,CAAA,CAC5B,CAACD,CAAAA,CAAsB,IAAI,EAAG,IAAG,EACjC,CAAA,CAACA,CAAsB,CAAA,KAAK,EAAIE,CAA+B,EAAA,CAC7D,GAAM,CAAE,QAAAC,CAAAA,CAAAA,CAAU,SAAAC,CAAS,CAAA,CAAIF,CAE/B,CAAA,OAAO,CADoB,MAAA,EAAA,MAAA,CAAO,KAAK,CAAGC,EAAAA,CAAQ,CAAIC,CAAAA,EAAAA,CAAQ,CAAE,CAAA,CAAA,CAAE,SAAS,QAAQ,CACjD,CACpC,CAAA,CAAA,CACA,CAACJ,CAAAA,CAAsB,GAAG,EAAIE,CAAAA,EAA+B,CAC3D,GAAM,CAAE,MAAA,CAAAG,CAAO,CAAA,CAAIH,CACnB,CAAA,GAAIG,CACF,CAAA,OAAO,CAAUhH,OAAAA,EAAAA,CAAAA,CAAI,KAAK,EAAC,CAAGgH,CAAQ,CAAA,CAAE,SAAW,CAAA,EAAG,CAAC,CAAC,CAAA,CAG5D,CACF,CAAA,CAEaC,EAA0BJ,CAAAA,CAAAA,EAA8E,CACnH,IAAMK,CAAAA,CAAsBL,CAAuB,EAAA,MAAA,CAEnD,GAAI,EAAA,CAACK,GAAuB,CAACN,EAAAA,CAAsBM,CAAmB,CAAA,CAAA,CAItE,OAAON,EAAAA,CAAsBM,CAAmB,CAAEL,CAAAA,CAAqB,CACzE,ECTMM,IAAAA,EAAAA,CAA6B,oBAI7BC,EAAgB,CAAA,CAAC,CAAE,eAAA,CAAAC,CAAkB,CAAA,GAAI,MAAAC,CAAAA,CAAO,CAAiF,CAAA,EAAa,GAAA,CACzI,CAAQ,CAAA,OAAA,CAAA,CACf,aAAe,CAAA,MAAA,CACf,uBAAyBA,CAAAA,CAAAA,EAAQ,oBACjC,CAAA,GAAGD,CACL,CAAC,EACH,CAEM,CAAA,CAAE,UAAA7B,CAAAA,EAAAA,CAAY,SAAAD,EAAS,CAAA,CAAIgC,EA8BjC,IAAOC,EAAQ,CAAA,CACb,WAAAhC,EACA,CAAA,QAAA,CAAAD,EACA,CAAA,IAAA,CAAAE,EACA,CAAA,UAAA,CAAAhB,EACA,oBAAAI,CAAAA,CAAAA,CACA,8BAAAM,CAAAA,CAAAA,CACA,iBAAAgC,CAAAA,EAAAA,CACA,iBAAA/B,EACA,CAAA,oBAAA,CAAAe,EACA,CAAA,4BAAA,CAAAE,EACA,CAAA,2BAAA,CAAAE,GACA,WAAAN,CAAAA,CAAAA,CACA,OAAAD,CAAAA,CAAAA,CACA,uBAAAS,CAAAA,CAAAA,CACA,cAAAzB,CACA,CAAA,sBAAA,CAAAK,EACA,CAAA,QAAA,CAAAkC,CACA,CAAA,qBAAA,CAAAZ,CACA,CAAA,sBAAA,CAAAM,EACA,CAAA,mBAAA,CAAA7F,CACA,CAAA,0BAAA,CAAAsE,CACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport moment from 'moment';\n\nconst {\n DEPRECATED_JWT_SECRET, JWT_NEW_SECRET,\n DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET,\n DEPRECATION_UNIX_TIMESTAMP,\n} = process.env;\n\nconst getRelevantSecret = (token: string | undefined, deprecatedSecret: string, newSecret: string): string => {\n const deprecationTime = moment(parseInt(DEPRECATION_UNIX_TIMESTAMP, 10) * 1000);\n try {\n let unixTime: moment.Moment;\n if (token) {\n const { iat } = jwt.decode(token) as jwt.JwtPayload;\n unixTime = moment(iat * 1000);\n } else {\n unixTime = moment();\n }\n return unixTime.isBefore(deprecationTime) ? deprecatedSecret : newSecret;\n } catch (e) {\n return newSecret;\n }\n};\n\nexport const getRefreshTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_REFRESH_JWT_SECRET, REFRESH_JWT_SECRET);\nexport const getTokenSecret = (token?: string): string => getRelevantSecret(token, DEPRECATED_JWT_SECRET, JWT_NEW_SECRET);\n","import type { UUID } from 'node:crypto';\nimport jwt from 'jsonwebtoken';\nimport { getTokenSecret } from './secret-getter';\n\ntype Context = Partial<Record<ContextProp | 'id', string>> & { subSystem?: SubSystemType; permissions?: string[]; entityId: string; };\n\nconst CONTEXT_PROPS = ['fleetId', 'businessModelId', 'demandSourceId'] as const;\ntype ContextProp = typeof CONTEXT_PROPS[number];\nconst CONTEXT_MAP_PROPS = {\n fleet: 'fleets',\n business: 'businessModels',\n demand: 'demandSources',\n} as const;\ntype SubSystemType = keyof typeof CONTEXT_MAP_PROPS;\ntype ContextSubSystemProp = typeof CONTEXT_MAP_PROPS[SubSystemType];\n\nexport const getAuthFromBearer = (bearer: string): string => bearer.replace('Bearer ', '');\n\nexport const decodeBearer = (bearer: string, appSecret?: string): any => {\n const token = getAuthFromBearer(bearer);\n const decoded = jwt.verify(token, appSecret || getTokenSecret(token));\n return decoded;\n};\n\nexport const parsePermissions = (contextId: string, decodedToken: { contexts: Context[]; }): { key: string; value: string; } | undefined => {\n if (!decodedToken) return undefined;\n const { contexts } = decodedToken;\n const activeContext = contexts.find((context) => context.id === contextId);\n\n const permissionsValue = `${activeContext.permissions?.map((cp) => `${cp},`)}`;\n\n return {\n key: activeContext.entityId,\n value: permissionsValue,\n };\n};\n\ntype EntitiesFromContext = { [key in ContextSubSystemProp]?: Record<string, string> };\nexport const getEntitiesFromContext = (contextId: string | undefined, decodedToken: { contexts: Context[]; }): EntitiesFromContext => {\n if (!decodedToken) return {};\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n\n const attributes: EntitiesFromContext = {};\n contexts.forEach((context) => {\n const prop = CONTEXT_MAP_PROPS[context.subSystem || 'business'];\n\n const permissions = parsePermissions(context.id, decodedToken);\n if (!permissions) return;\n attributes[prop] ||= {};\n attributes[prop][permissions.key] = permissions.value;\n });\n\n return attributes;\n};\n\ntype ContextAttributes = { [key in ContextProp]?: string[] };\nexport const getContextAttributes = (contextId: string | undefined, decodedToken: { contexts: Context[]; }): ContextAttributes => {\n if (!decodedToken) return {};\n let { contexts } = decodedToken;\n if (contextId) {\n contexts = contexts.filter((context) => context.id === contextId);\n }\n const attributes: ContextAttributes = {};\n contexts.forEach((context) => {\n CONTEXT_PROPS.forEach((prop) => {\n if (context[prop]) {\n attributes[prop] ||= [];\n attributes[prop].push(context[prop]);\n }\n });\n });\n return attributes;\n};\n\nconst EMPTY_UUID = '00000000-0000-0000-0000-000000000000';\nconst FULL_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff';\nconst VALID_CHARS_REGEX = '[0-9a-f]';\nconst UUID_VERSION_REGEX = '[1-8]';\nconst UUID_REGEX = new RegExp(\n `^(?:${VALID_CHARS_REGEX}{8}-${VALID_CHARS_REGEX}{4}-${UUID_VERSION_REGEX}${VALID_CHARS_REGEX}{3}-[89ab]${VALID_CHARS_REGEX}{3}-${VALID_CHARS_REGEX}{12}|${EMPTY_UUID}|${FULL_UUID})$`,\n 'i',\n);\nexport function validateUUID(uuid: unknown): uuid is UUID {\n return typeof uuid === 'string' && UUID_REGEX.test(uuid);\n}\n","import Network from '@autofleet/network';\n\nconst CACHE_LIFETIME_IN_SEC = 10;\nconst apiGwUrl = process.env.API_GATEWAY_URL || 'https://api.autofleet.io';\n\n// eslint-disable-next-line import/prefer-default-export\nexport const IdentityNetwork = new Network({\n serviceName: 'IDENTITY_MS',\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n\nexport const AutofleetApiNetwork = new Network({\n baseURL: apiGwUrl,\n serviceUrl: apiGwUrl,\n retries: 3,\n retryCondition: () => true,\n cache: process.env.NODE_ENV !== 'test' ? {\n maxAge: CACHE_LIFETIME_IN_SEC * 1000,\n } : undefined,\n});\n","import NodeCache from 'node-cache';\nimport objectHash from 'object-hash';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport { validateUUID } from '../utils';\nimport { AutofleetApiNetwork, IdentityNetwork } from '../services';\n\nexport type AccountType = 'client' | 'user' | 'service' | 'driver'\ninterface EntityPermissions {\n [key: string]: string[];\n}\n\nexport const ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';\nexport const CONTEXTS_IDS_HEADER = 'x-af-context-ids';\n\nexport interface UserPayload {\n businessModels: EntityPermissions;\n fleets: EntityPermissions;\n demandSources: EntityPermissions;\n businessAccounts?: EntityPermissions;\n accountType?: AccountType;\n contexts?: EntityPermissions;\n createdAt?: string;\n}\n\nexport interface PartialUserPayload {\n businessModels?: EntityPermissions;\n fleets?: EntityPermissions;\n demandSources?: EntityPermissions;\n vehicles?: EntityPermissions;\n drivers?: EntityPermissions;\n businessAccounts?: EntityPermissions;\n}\n\nconst userCache = new NodeCache({ stdTTL: 10 });\n\nconst mergePermissions = (target: UserPayload, sources: Iterable<PartialUserPayload>): UserPayload => {\n const permissions: UserPayload = {\n ...target,\n fleets: { ...target?.fleets },\n businessModels: { ...target?.businessModels },\n demandSources: { ...target?.demandSources },\n // Clone other nested objects as needed\n };\n\n // eslint-disable-next-line no-restricted-syntax\n for (const source of sources) {\n Object.keys(source).forEach((entityType) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType] ??= {};\n Object.entries(source[entityType]!).forEach(([entityId, perms]) => {\n // eslint-disable-next-line no-param-reassign\n permissions[entityType][entityId] = (permissions[entityType][entityId] || []).concat(perms);\n });\n });\n }\n\n return permissions;\n};\n\nif (typeof Symbol.dispose !== 'symbol') {\n // Polyfill for dispose if it does not exist, based on https://github.com/nodejs/node/blob/9a9409ff1f45c968173118de4cd37dea784f8ec9/lib/internal/process/pre_execution.js#L163-L171\n Object.defineProperty(Symbol, 'dispose', {\n // @ts-expect-error: TypeScript does not recognize __proto__ as a valid property\n __proto__: null,\n configurable: false,\n enumerable: false,\n value: Symbol.for('nodejs.dispose'),\n writable: false,\n });\n}\nif (typeof Symbol.asyncDispose !== 'symbol') {\n // Polyfill for asyncDispose if it does not exist, based on https://github.com/nodejs/node/blob/9a9409ff1f45c968173118de4cd37dea784f8ec9/lib/internal/process/pre_execution.js#L174-L183\n Object.defineProperty(Symbol, 'asyncDispose', {\n // @ts-expect-error: TypeScript does not recognize __proto__ as a valid property\n __proto__: null,\n configurable: false,\n enumerable: false,\n value: Symbol.for('nodejs.asyncDispose'),\n writable: false,\n });\n}\n\nexport default class ApiUser {\n private privatePermissions: UserPayload | undefined;\n\n private readonly privateElevatedPermissionsHash = new Map<symbol, PartialUserPayload | undefined>();\n\n private privatePermissionsLegacy: any;\n\n private readonly appPermission: {[key: string]: any; } = {};\n\n public readonly emptyUser: boolean;\n\n constructor(public id? : string, public accountType?: AccountType, elevatedPermissions?: PartialUserPayload, public contextIds?: string[]) {\n this.emptyUser = !!id;\n if (elevatedPermissions) {\n this.privateElevatedPermissionsHash.set(Symbol('initial'), elevatedPermissions);\n }\n }\n\n public async getUserPermissions(): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n });\n\n let data = userCache.get<UserPayload>(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get<UserPayload>(`/api/v1/users/${this.id}/authorization-payload`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.accountType = data.accountType;\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public async useCustomPermissionLoader(customPermissionLoader: (userId: string) => UserPayload | PromiseLike<UserPayload>): Promise<UserPayload> {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissions) {\n return this.privatePermissions;\n }\n\n const cacheKey = this.id;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.privatePermissions = cachedResult;\n return cachedResult;\n }\n\n const data = await customPermissionLoader(this.id);\n userCache.set(cacheKey, data);\n\n this.privatePermissions = data;\n return this.privatePermissions;\n }\n\n public get businessModels(): string[] {\n return this.getUserProperty('businessModels');\n }\n\n public get fleets(): string[] {\n return this.getUserProperty('fleets');\n }\n\n public get demandSources(): string[] {\n return this.getUserProperty('demandSources');\n }\n\n private getUserProperty(key: keyof UserPayload): string[] {\n if (!this.privatePermissions) {\n throw new Error(`Cannot get ${key} without calling (async) getUserPermissions before`);\n }\n return Object.keys(this.privatePermissions[key] || {});\n }\n\n public get elevatedPermissions(): UserPayload {\n return mergePermissions(undefined, this.privateElevatedPermissionsHash.values());\n }\n\n public get permissions(): UserPayload | undefined {\n if (!this.privatePermissions) {\n throw new Error('Cannot get permissions without calling (async) getUserPermissions before');\n }\n\n return mergePermissions(this.privatePermissions, this.privateElevatedPermissionsHash.values());\n }\n\n public elevatePermissions(addedPermissions: PartialUserPayload): (() => void) & { [Symbol.dispose]: () => void } {\n // @itayankri is concerned about memory consumption, so create a symbol with no description, to avoid assigning memory for the description string\n // eslint-disable-next-line symbol-description\n const elevationId = Symbol();\n\n // Validate that the added permissions are valid UUIDs\n Object.values(addedPermissions).forEach((entityIds) => {\n Object.keys(entityIds).forEach((entityId) => {\n if (!validateUUID(entityId)) {\n throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${entityId}`);\n }\n });\n });\n\n const currentUserTrace = getCurrentContext();\n if (!currentUserTrace) {\n throw new Error('Cannot find current user cross services trace');\n }\n\n const currentElevation = JSON.parse(currentUserTrace.context[ELEVATED_PERMISSIONS_HEADER] || '{}');\n const newElevation = Object.assign(currentElevation, addedPermissions);\n this.privateElevatedPermissionsHash.set(elevationId, newElevation);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n const cleanup = () => {\n this.privateElevatedPermissionsHash.delete(elevationId);\n currentUserTrace.context.set(ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));\n };\n cleanup[Symbol.dispose] = cleanup;\n return cleanup;\n }\n\n public async getUserPermissionsLegacy() {\n if (!this.id) {\n return undefined;\n }\n if (this.privatePermissionsLegacy) {\n return this.privatePermissionsLegacy;\n }\n\n const cacheKey = objectHash({\n id: this.id,\n contextIds: this.contextIds,\n legacy: true,\n });\n let data = userCache.get(cacheKey);\n\n if (!data) {\n ({ data } = await IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload-legacy`, { params: { contextIds: this.contextIds } }));\n userCache.set(cacheKey, data);\n }\n\n this.privatePermissionsLegacy = data;\n return this.privatePermissionsLegacy;\n }\n\n public get permissionsLegacy(): any {\n if (!this.privatePermissionsLegacy) {\n throw new Error('Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before');\n }\n return this.privatePermissionsLegacy;\n }\n\n public async getUserAppPermissions(appId: string, clientSecret: string): Promise<UserPayload | undefined> {\n if (!this.id || !appId || !clientSecret) {\n return undefined;\n }\n const currentAppPermission = this.appPermission[appId];\n\n if (currentAppPermission) {\n return currentAppPermission;\n }\n\n const cacheKey = `${this.id}:${appId}`;\n\n const cachedResult = userCache.get<UserPayload>(cacheKey);\n if (cachedResult) {\n this.appPermission[appId] = cachedResult;\n return cachedResult;\n }\n\n const { data } = await AutofleetApiNetwork.post<UserPayload>(`/api/v1/apps/${appId}/get-user-payload`, {\n userId: this.id,\n }, {\n headers: {\n 'x-autofleet-apps-secret': clientSecret,\n },\n });\n\n userCache.set(cacheKey, data);\n this.appPermission[appId] = data;\n return this.appPermission[appId];\n }\n}\n","import { AutofleetApiNetwork } from './services';\n\nexport const decodeAppBearer = async (bearer: string, appId: string): Promise<any> => {\n const { data: decoded } = await AutofleetApiNetwork.post('/api/v1/auth', { bearer, appId });\n return decoded;\n};\n\nexport const getClientSecret = async (appId: string): Promise<any> => {\n const { data: secret } = await AutofleetApiNetwork.get(`/api/v1/auth/client-secret/${appId}`);\n return secret;\n};\n","export default class AppDoesNotExist extends Error {\n name = 'AppDoesNotExist';\n\n message = 'app does not exist';\n}\n","export const IDENTITY_MS = 'identity-ms';\nexport const ACCESS_TOKEN = 'accessToken';\nexport const USER_OBJECT = 'userObject';\nexport const USER_TRACING_HEADER = 'x-af-user-id';\nexport const ORIGIN_HEADER = 'X-IAF-ORIGIN-SERVICE';\nexport const USER_PERMISSIONS_HEADER = 'x-af-user-permissions';\nexport const LOWER_CASE_ORIGIN_HEADER = ORIGIN_HEADER.toLowerCase();\nexport const AUTOFLEET_APPS_SECRET_HEADER = 'x-autofleet-apps-secret';\n","import type { IncomingHttpHeaders } from 'node:http';\nimport { getCurrentContext } from '@autofleet/outbreak';\nimport ApiUser, { CONTEXTS_IDS_HEADER, ELEVATED_PERMISSIONS_HEADER, type UserPayload } from './ApiUser';\nimport {\n IDENTITY_MS,\n USER_OBJECT,\n USER_TRACING_HEADER,\n ORIGIN_HEADER,\n LOWER_CASE_ORIGIN_HEADER,\n} from './const';\n\nexport type CustomPermissionLoader = (userId: string) => Promise<UserPayload>;\nexport interface AuthFromUserIdHeaderOptions {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n customPermissionLoader?: CustomPermissionLoader;\n}\n\nexport const authFromUserIdHeader = async (options: AuthFromUserIdHeaderOptions, headers: IncomingHttpHeaders): Promise<ApiUser | undefined> => {\n const originHeader = headers[ORIGIN_HEADER] || headers[LOWER_CASE_ORIGIN_HEADER] || '';\n if (!Array.isArray(originHeader) && originHeader.toLowerCase() === IDENTITY_MS) {\n return undefined;\n }\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n customPermissionLoader,\n } = options;\n const userId = headers[USER_TRACING_HEADER] as string;\n if (!userId || Array.isArray(userId)) {\n return undefined;\n }\n\n const elevatedPermissionsFromHeader = headers[ELEVATED_PERMISSIONS_HEADER]?.length > 0 ? JSON.parse(headers[ELEVATED_PERMISSIONS_HEADER] as string) : {};\n const contextIds = (headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n\n const userObject = new ApiUser(userId, 'user', elevatedPermissionsFromHeader, contextIds);\n if (eagerLoadUserPermissions) {\n if (customPermissionLoader) {\n await userObject.useCustomPermissionLoader(customPermissionLoader);\n } else {\n await userObject.getUserPermissions();\n }\n }\n\n if (eagerLoadUserPermissionsLegacy) {\n await userObject.getUserPermissionsLegacy();\n }\n\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n return userObject;\n};\n","import type { Handler, Request } from 'express';\nimport { getCurrentContext, newTrace, traceTypes } from '@autofleet/outbreak';\nimport jwt from 'jsonwebtoken';\nimport ApiUser, { CONTEXTS_IDS_HEADER } from './ApiUser';\nimport { decodeAppBearer } from '../app-auth';\nimport AppDoesNotExist from '../exceptions/appDoesNotExist';\nimport { decodeBearer, getAuthFromBearer } from '../utils';\nimport {\n ACCESS_TOKEN,\n USER_OBJECT,\n USER_TRACING_HEADER,\n USER_PERMISSIONS_HEADER,\n AUTOFLEET_APPS_SECRET_HEADER,\n} from './const';\nimport { authFromUserIdHeader, AuthFromUserIdHeaderOptions } from './common';\n\ndeclare module 'express-serve-static-core' {\n // eslint-disable-next-line @typescript-eslint/no-shadow\n interface Request {\n user: ApiUser;\n }\n}\n\nexport const middleware = (options: AuthFromUserIdHeaderOptions = {}): Handler => async (req, res, next): Promise<any> => {\n try {\n const userObject = await authFromUserIdHeader(options, req.headers);\n if (userObject) {\n req.user = userObject;\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n }\n\n next();\n } catch (e) {\n res.status(401).json({ error: 'cannot authenticate user' });\n }\n};\n\nexport const middlewareWithDecode = (options: {\n eagerLoadUserPermissions?: boolean;\n eagerLoadUserPermissionsLegacy?: boolean;\n returnErrorIfNoToken?: boolean\n} = {}): Handler => async (req, res, next): Promise<void> => {\n const {\n eagerLoadUserPermissions,\n eagerLoadUserPermissionsLegacy,\n returnErrorIfNoToken,\n } = options;\n let decoded;\n if (req.headers.authorization) {\n try {\n decoded = await decodeBearer(req.headers.authorization);\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n } else if (e instanceof jwt.JsonWebTokenError) {\n res.status(400).json({ errors: [e.message] });\n } else {\n res.status(500).json({ errors: ['Server error while parsing token'] });\n }\n return;\n }\n const userId = decoded?.user?.id;\n\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const contextIds = (req.headers?.[CONTEXTS_IDS_HEADER] as string)?.split(',');\n const userObject = new ApiUser(userId, decoded?.user?.accountType, undefined, contextIds);\n\n if (eagerLoadUserPermissions || eagerLoadUserPermissionsLegacy) {\n await Promise.all([\n eagerLoadUserPermissions && userObject.getUserPermissions(),\n eagerLoadUserPermissionsLegacy && userObject.getUserPermissionsLegacy(),\n ]);\n }\n\n req.user = userObject;\n getCurrentContext().nonHeaderContext?.set(USER_OBJECT, userObject);\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n } else if (returnErrorIfNoToken) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n next();\n};\n\nexport const appMiddleware = (options: {\n appId: string,\n clientSecret: string\n}): Handler => async (req, res, next): Promise<void> => {\n const {\n appId,\n clientSecret,\n } = options;\n let decoded;\n\n if (!req.headers.authorization) {\n res.status(401).json({ errors: ['No token provided'] });\n return;\n }\n\n try {\n decoded = await decodeAppBearer(req.headers.authorization, appId);\n if (!decoded) {\n throw new AppDoesNotExist();\n }\n } catch (e) {\n if (e instanceof jwt.TokenExpiredError) {\n res.status(401).json({ errors: ['Access token expired'] });\n return;\n }\n if ([jwt.JsonWebTokenError, AppDoesNotExist].some((Err) => e instanceof Err)) {\n res.status(400).json({ errors: [e.message] });\n return;\n }\n res.status(500).json({ errors: ['Server error while parsing token'] });\n return;\n }\n const userId = decoded?.userId;\n if (userId) {\n req.headers[USER_TRACING_HEADER] = userId;\n }\n\n const userObject = new ApiUser(userId);\n\n if (appId) {\n req.headers[AUTOFLEET_APPS_SECRET_HEADER] = clientSecret;\n // Won't work until we find a better solution for identity ms\n await userObject.getUserAppPermissions(appId, clientSecret);\n }\n\n req.user = userObject;\n const currentTraceContext = getCurrentContext().nonHeaderContext;\n currentTraceContext?.set(USER_OBJECT, userObject);\n currentTraceContext?.set(ACCESS_TOKEN, getAuthFromBearer(req.headers.authorization));\n\n // Added in order to support outbreak.\n // @ts-expect-error we are setting an object onto the request headers.\n req.headers[USER_PERMISSIONS_HEADER] = userObject;\n\n next();\n};\n\nexport const eagerLoadPermissionsMiddleware: Handler = async (req, res, next) => {\n await req.user.getUserPermissions();\n next();\n};\n\nexport const getDecodedBearer = (req: Request) => {\n if (!req.headers.authorization) {\n return null;\n }\n return decodeBearer(req.headers.authorization);\n};\n\nexport const createOrSetRabbitTrace = async (trace: ReturnType<typeof newTrace> | undefined, userId: string | undefined) => {\n const userObject = new ApiUser(userId);\n\n await userObject.getUserPermissions();\n // eslint-disable-next-line no-param-reassign\n trace ??= newTrace(traceTypes.RABBIT);\n trace.nonHeaderContext.set(USER_OBJECT, userObject);\n};\n\nexport default ApiUser;\n","import type { FastifyPluginCallback } from 'fastify';\nimport type ApiUser from './ApiUser';\nimport { AuthFromUserIdHeaderOptions, authFromUserIdHeader } from './common';\n\ndeclare module 'fastify' {\n interface FastifyRequest {\n user?: ApiUser;\n }\n}\n\n// eslint-disable-next-line import/prefer-default-export\nexport const authFromUserIdHeaderPlugin: FastifyPluginCallback<AuthFromUserIdHeaderOptions> = (fastify, options, done) => {\n fastify.decorateRequest('user', undefined);\n fastify.addHook('onRequest', async (request, reply) => {\n try {\n const user = await authFromUserIdHeader(options, request.headers);\n if (user) {\n request.user = user;\n }\n } catch (e) {\n reply.status(401).send({ error: 'cannot authenticate user' });\n }\n });\n\n done();\n};\nauthFromUserIdHeaderPlugin[Symbol.for('skip-override')] = true; // Prevent Fastify from overriding the plugin\n","import { getCurrentContext } from '@autofleet/outbreak';\nimport { USER_OBJECT } from './user/const';\nimport ApiUser, { type UserPayload } from './user/ApiUser';\n\nexport const getUser = () : ApiUser | undefined => getCurrentContext().nonHeaderContext?.get(USER_OBJECT) as ApiUser | undefined;\n\nexport const isUserExist = () => getUser()?.id;\n\nconst checkUserPermissions = (\n entityId: string,\n entityType: Exclude<keyof UserPayload, 'accountType' | 'createdAt'>,\n) => !isUserExist() || Object.hasOwn(getUser()!.permissions[entityType], entityId);\n\nexport const checkFleetPermission = (fleetId: string) => checkUserPermissions(fleetId, 'fleets');\nexport const checkBusinessModelPermission = (businessModelId: string) => checkUserPermissions(businessModelId, 'businessModels');\nexport const checkDemandSourcePermission = (demandSourceId: string) => checkUserPermissions(demandSourceId, 'demandSources');\n","import type ApiUser from './user';\n\n// eslint-disable-next-line import/prefer-default-export\nexport class UnauthorizedAccessError extends Error {\n constructor(public user: ApiUser | null = null, message = 'UnauthorizedAccessError') {\n super(message);\n this.name = 'UnauthorizedAccessError';\n }\n}\n","import jwt from 'jsonwebtoken';\n\nexport const AUTHORIZATION_METHODS = {\n NONE: 'NONE',\n BASIC: 'BASIC',\n JWT: 'JWT',\n};\n\nconst AUTHORIZATION_ACTIONS = {\n [AUTHORIZATION_METHODS.NONE]: () => undefined,\n [AUTHORIZATION_METHODS.BASIC]: (authorizationSettings: any) => {\n const { username, password } = authorizationSettings;\n const encodedCredentials = Buffer.from(`${username}:${password}`).toString('base64');\n return `Basic ${encodedCredentials}`;\n },\n [AUTHORIZATION_METHODS.JWT]: (authorizationSettings: any) => {\n const { secret } = authorizationSettings;\n if (secret) {\n return `Bearer ${jwt.sign({}, secret, { expiresIn: 10 })}`;\n }\n return undefined;\n },\n};\n\nexport const getAuthorizationHeader = (authorizationSettings: { method: string } | undefined): string | undefined => {\n const authorizationMethod = authorizationSettings?.method;\n\n if (!authorizationMethod || !AUTHORIZATION_ACTIONS[authorizationMethod]) {\n return undefined;\n }\n\n return AUTHORIZATION_ACTIONS[authorizationMethod](authorizationSettings);\n};\n","import type { LoggerInstanceManager } from '@autofleet/logger';\nimport * as outbreak from '@autofleet/outbreak';\nimport User, {\n middleware,\n eagerLoadPermissionsMiddleware,\n middlewareWithDecode,\n getDecodedBearer,\n appMiddleware,\n createOrSetRabbitTrace,\n} from './user';\nimport { authFromUserIdHeaderPlugin } from './user/fastify';\nimport { type UserPayload, CONTEXTS_IDS_HEADER } from './user/ApiUser';\nimport {\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n} from './check-permission';\nimport { UnauthorizedAccessError } from './errors';\nimport { getRefreshTokenSecret, getTokenSecret } from './secret-getter';\nimport { AUTHORIZATION_METHODS, getAuthorizationHeader } from './authorization';\n\nconst getCurrentPayload = outbreak.getCurrentContext;\n\ntype OutbreakOptions = Parameters<typeof outbreak.default>[0];\ntype LoggerWithContextMiddleware = Partial<Pick<LoggerInstanceManager, 'addContextMiddleware'>>;\nconst enableTracing = ({ outbreakOptions = {}, logger }: { outbreakOptions?: OutbreakOptions, logger?: LoggerWithContextMiddleware } = {}): void => {\n outbreak.default({\n headersPrefix: 'x-af',\n contextMiddlewareGetter: logger?.addContextMiddleware,\n ...outbreakOptions,\n });\n};\n\nconst { traceTypes, newTrace } = outbreak;\n\nexport {\n traceTypes,\n newTrace,\n enableTracing,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n getRefreshTokenSecret,\n getTokenSecret,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n type UserPayload,\n CONTEXTS_IDS_HEADER,\n authFromUserIdHeaderPlugin,\n};\n\nexport default {\n traceTypes,\n newTrace,\n User,\n middleware,\n middlewareWithDecode,\n eagerLoadPermissionsMiddleware,\n getCurrentPayload,\n getDecodedBearer,\n checkFleetPermission,\n checkBusinessModelPermission,\n checkDemandSourcePermission,\n isUserExist,\n getUser,\n UnauthorizedAccessError,\n appMiddleware,\n createOrSetRabbitTrace,\n outbreak,\n AUTHORIZATION_METHODS,\n getAuthorizationHeader,\n CONTEXTS_IDS_HEADER,\n authFromUserIdHeaderPlugin,\n};\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@autofleet/zehut",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.3.0",
|
|
4
4
|
"description": "manage user's identity",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./lib/index.js",
|
|
@@ -40,7 +40,7 @@
|
|
|
40
40
|
"homepage": "https://github.com/Autofleet/zehut",
|
|
41
41
|
"dependencies": {
|
|
42
42
|
"@autofleet/network": "^1.7.4",
|
|
43
|
-
"@autofleet/outbreak": "^
|
|
43
|
+
"@autofleet/outbreak": "^2.4.0",
|
|
44
44
|
"jsonwebtoken": "^8.5.1",
|
|
45
45
|
"moment": "^2.30.1",
|
|
46
46
|
"node-cache": "^5.1.2",
|