@betterportal/auth-authress-io 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bsb-plugin.json +22 -0
- package/bsb-tests.json +14 -0
- package/lib/index.d.ts +2 -0
- package/lib/index.d.ts.map +1 -0
- package/lib/index.js +2 -0
- package/lib/index.js.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/.bp-generated/registry.d.ts +3 -0
- package/lib/plugins/service-betterportal-auth-authress-io/.bp-generated/registry.d.ts.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/.bp-generated/registry.js +82 -0
- package/lib/plugins/service-betterportal-auth-authress-io/.bp-generated/registry.js.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/_background.monitor.d.ts +5 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/_background.monitor.d.ts.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/_background.monitor.js +51 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/_background.monitor.js.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/_nav.profile.d.ts +5 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/_nav.profile.d.ts.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/_nav.profile.js +10 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/_nav.profile.js.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/index.d.ts +5 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/index.d.ts.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/index.js +206 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.bootstrap1/index.js.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.embedded/_background.monitor.d.ts +3 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.embedded/_background.monitor.d.ts.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.embedded/_background.monitor.js +3 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/_theme.embedded/_background.monitor.js.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/index.d.ts +92 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/index.d.ts.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/index.js +187 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/index.js.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.d.ts +27 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.d.ts.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.js +35 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.js.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.d.ts +29 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.d.ts.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.js +87 -0
- package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.js.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/index.d.ts +146 -0
- package/lib/plugins/service-betterportal-auth-authress-io/index.d.ts.map +1 -0
- package/lib/plugins/service-betterportal-auth-authress-io/index.js +366 -0
- package/lib/plugins/service-betterportal-auth-authress-io/index.js.map +1 -0
- package/lib/schemas/service-betterportal-auth-authress-io.json +139 -0
- package/lib/schemas/service-betterportal-auth-authress-io.plugin.json +151 -0
- package/package.json +66 -0
|
@@ -0,0 +1,187 @@
|
|
|
1
|
+
import * as av from "anyvali";
|
|
2
|
+
import { createHandler } from "@betterportal/framework";
|
|
3
|
+
import { resolveAuthressAppConfig, resolveAuthressBrowserConfig } from "../../index.js";
|
|
4
|
+
export const QuerySchema = av.object({
|
|
5
|
+
action: av.optional(av.string()),
|
|
6
|
+
next: av.optional(av.string()),
|
|
7
|
+
redirect: av.optional(av.string())
|
|
8
|
+
}, { unknownKeys: "strip" });
|
|
9
|
+
export const HeadersSchema = av.object({}, { unknownKeys: "strip" });
|
|
10
|
+
export const RequestSchema = av.object({
|
|
11
|
+
accessToken: av.string().minLength(1),
|
|
12
|
+
next: av.optional(av.string()),
|
|
13
|
+
userId: av.optional(av.string()),
|
|
14
|
+
name: av.optional(av.string()),
|
|
15
|
+
email: av.optional(av.string()),
|
|
16
|
+
picture: av.optional(av.string())
|
|
17
|
+
}, { unknownKeys: "strip" });
|
|
18
|
+
export const ResponseSchema = av.object({
|
|
19
|
+
status: av.enum_(["ok", "error"]),
|
|
20
|
+
message: av.optional(av.string()),
|
|
21
|
+
authressApiUrl: av.optional(av.string()),
|
|
22
|
+
authressApplicationId: av.optional(av.string()),
|
|
23
|
+
scopes: av.array(av.string()).default([]),
|
|
24
|
+
alreadyLoggedIn: av.optional(av.bool()),
|
|
25
|
+
loggedOut: av.optional(av.bool()),
|
|
26
|
+
nextUrl: av.optional(av.string()),
|
|
27
|
+
expiresInSeconds: av.optional(av.int().min(1)),
|
|
28
|
+
user: av.optional(av.object({
|
|
29
|
+
id: av.optional(av.string()),
|
|
30
|
+
name: av.optional(av.string()),
|
|
31
|
+
email: av.optional(av.string()),
|
|
32
|
+
picture: av.optional(av.string())
|
|
33
|
+
}, { unknownKeys: "strip" }))
|
|
34
|
+
}, { unknownKeys: "strip" });
|
|
35
|
+
export const title = "Authress Login";
|
|
36
|
+
export const description = "Authenticate with Authress and store the Authress bearer token.";
|
|
37
|
+
export const role = "auth.login";
|
|
38
|
+
export const dependencies = ["logout.index", "refresh.index"];
|
|
39
|
+
export const chrome = { fullScreen: true };
|
|
40
|
+
export const auth = { required: false, permissions: [] };
|
|
41
|
+
export const cacheHints = { ttlSeconds: 0, varyBy: [] };
|
|
42
|
+
function normalizeRedirect(raw) {
|
|
43
|
+
const redirect = raw?.trim();
|
|
44
|
+
if (!redirect)
|
|
45
|
+
return "/";
|
|
46
|
+
if (redirect.startsWith("http://") || redirect.startsWith("https://"))
|
|
47
|
+
return redirect;
|
|
48
|
+
return redirect.startsWith("/") ? redirect : `/${redirect}`;
|
|
49
|
+
}
|
|
50
|
+
function secondsUntilJwtExpiry(token) {
|
|
51
|
+
const [, payload] = token.split(".");
|
|
52
|
+
if (!payload)
|
|
53
|
+
return undefined;
|
|
54
|
+
try {
|
|
55
|
+
const parsed = JSON.parse(Buffer.from(payload, "base64url").toString("utf8"));
|
|
56
|
+
if (typeof parsed.exp !== "number")
|
|
57
|
+
return undefined;
|
|
58
|
+
return Math.max(1, Math.floor(parsed.exp - Date.now() / 1000));
|
|
59
|
+
}
|
|
60
|
+
catch {
|
|
61
|
+
return undefined;
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
function splitScopes(value) {
|
|
65
|
+
return (value ?? "openid profile email")
|
|
66
|
+
.split(/\s+/)
|
|
67
|
+
.map((entry) => entry.trim())
|
|
68
|
+
.filter((entry) => entry.length > 0);
|
|
69
|
+
}
|
|
70
|
+
function pluginFrom(ctx) {
|
|
71
|
+
const plugin = ctx.plugin;
|
|
72
|
+
if (!plugin)
|
|
73
|
+
throw new Error("Authress plugin not available on handler context");
|
|
74
|
+
return plugin;
|
|
75
|
+
}
|
|
76
|
+
function profileValue(value) {
|
|
77
|
+
return typeof value === "string" && value.trim().length > 0 ? value.trim() : undefined;
|
|
78
|
+
}
|
|
79
|
+
export const handleGet = createHandler({ response: ResponseSchema, query: QuerySchema, headers: HeadersSchema }, async (ctx) => {
|
|
80
|
+
const appConfig = resolveAuthressAppConfig(ctx.config);
|
|
81
|
+
const nextUrl = normalizeRedirect(ctx.query.next ?? ctx.query.redirect ?? appConfig?.loginRedirectPath);
|
|
82
|
+
const browserConfig = resolveAuthressBrowserConfig(ctx.config);
|
|
83
|
+
if (ctx.query.action === "logout") {
|
|
84
|
+
const loggedOutUrl = normalizeRedirect(appConfig?.logoutRedirectPath);
|
|
85
|
+
ctx.bpHeaders?.remove("Authorization");
|
|
86
|
+
ctx.bpHeaders?.remove("X-BP-Refresh");
|
|
87
|
+
if (ctx.serviceId)
|
|
88
|
+
ctx.responseHeaders?.set("HX-Trigger", `bp:fragments:${ctx.serviceId}`);
|
|
89
|
+
return {
|
|
90
|
+
status: "ok",
|
|
91
|
+
message: "Signed out.",
|
|
92
|
+
authressApiUrl: browserConfig?.authressApiUrl,
|
|
93
|
+
authressApplicationId: browserConfig?.applicationId,
|
|
94
|
+
loggedOut: true,
|
|
95
|
+
scopes: [],
|
|
96
|
+
nextUrl: loggedOutUrl
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
if (ctx.user) {
|
|
100
|
+
return {
|
|
101
|
+
status: "ok",
|
|
102
|
+
message: "Already signed in.",
|
|
103
|
+
authressApiUrl: browserConfig?.authressApiUrl,
|
|
104
|
+
authressApplicationId: browserConfig?.applicationId,
|
|
105
|
+
alreadyLoggedIn: true,
|
|
106
|
+
scopes: [],
|
|
107
|
+
nextUrl,
|
|
108
|
+
user: {
|
|
109
|
+
id: ctx.user.sub,
|
|
110
|
+
name: ctx.user.name,
|
|
111
|
+
email: ctx.user.email,
|
|
112
|
+
picture: ctx.user.picture
|
|
113
|
+
}
|
|
114
|
+
};
|
|
115
|
+
}
|
|
116
|
+
const config = browserConfig;
|
|
117
|
+
if (!config) {
|
|
118
|
+
return { status: "error", message: "Authress browser config is missing authressApiUrl or applicationId.", scopes: [], nextUrl };
|
|
119
|
+
}
|
|
120
|
+
return {
|
|
121
|
+
status: "ok",
|
|
122
|
+
message: "Start Authress sign in.",
|
|
123
|
+
authressApiUrl: config.authressApiUrl,
|
|
124
|
+
authressApplicationId: config.applicationId,
|
|
125
|
+
scopes: splitScopes(config.scopes),
|
|
126
|
+
nextUrl
|
|
127
|
+
};
|
|
128
|
+
});
|
|
129
|
+
export const handlePost = createHandler({ response: ResponseSchema, query: QuerySchema, request: RequestSchema }, async (ctx) => {
|
|
130
|
+
const request = ctx.request;
|
|
131
|
+
const config = resolveAuthressAppConfig(ctx.config);
|
|
132
|
+
const nextUrl = normalizeRedirect(request.next ?? ctx.query.next ?? config?.loginRedirectPath);
|
|
133
|
+
if (!config) {
|
|
134
|
+
return { status: "error", message: "Authress config is missing authressApiUrl or applicationId.", scopes: [], nextUrl };
|
|
135
|
+
}
|
|
136
|
+
let user;
|
|
137
|
+
try {
|
|
138
|
+
user = await pluginFrom(ctx).verifyAuthressToken(request.accessToken, config, { tenantId: ctx.tenant.id, appId: ctx.app.id });
|
|
139
|
+
}
|
|
140
|
+
catch (error) {
|
|
141
|
+
ctx.obs?.error(error);
|
|
142
|
+
return { status: "error", message: `Authress token verification failed: ${error.message}`, scopes: [], nextUrl };
|
|
143
|
+
}
|
|
144
|
+
if (request.userId && request.userId !== user.sub) {
|
|
145
|
+
return { status: "error", message: "Authress profile subject does not match token subject.", scopes: [], nextUrl };
|
|
146
|
+
}
|
|
147
|
+
const issued = pluginFrom(ctx).issueTokenPair({
|
|
148
|
+
sub: user.sub,
|
|
149
|
+
tenantId: ctx.tenant.id,
|
|
150
|
+
appId: ctx.app.id,
|
|
151
|
+
roles: user.roles,
|
|
152
|
+
authProvider: "authress.io",
|
|
153
|
+
providerSubject: user.sub,
|
|
154
|
+
provider: user.provider,
|
|
155
|
+
name: profileValue(request.name) || user.name,
|
|
156
|
+
email: profileValue(request.email) || user.email,
|
|
157
|
+
picture: profileValue(request.picture) || user.picture
|
|
158
|
+
}, { includeRefreshToken: false });
|
|
159
|
+
ctx.bpHeaders?.set("Authorization", `Bearer ${issued.accessToken}`, {
|
|
160
|
+
locked: true,
|
|
161
|
+
expiresInSeconds: issued.accessTokenExpiresInSeconds,
|
|
162
|
+
refreshPath: "/refresh",
|
|
163
|
+
refreshBeforeSeconds: 60
|
|
164
|
+
});
|
|
165
|
+
ctx.bpHeaders?.set("X-BP-Refresh", request.accessToken, {
|
|
166
|
+
locked: true,
|
|
167
|
+
scopeToOwner: true,
|
|
168
|
+
expiresInSeconds: secondsUntilJwtExpiry(request.accessToken)
|
|
169
|
+
});
|
|
170
|
+
ctx.responseHeaders?.set("HX-Redirect", nextUrl);
|
|
171
|
+
if (ctx.serviceId)
|
|
172
|
+
ctx.responseHeaders?.set("HX-Trigger", `bp:fragments:${ctx.serviceId}`);
|
|
173
|
+
return {
|
|
174
|
+
status: "ok",
|
|
175
|
+
message: "Signed in.",
|
|
176
|
+
scopes: [],
|
|
177
|
+
nextUrl,
|
|
178
|
+
expiresInSeconds: issued.accessTokenExpiresInSeconds,
|
|
179
|
+
user: {
|
|
180
|
+
id: user.sub,
|
|
181
|
+
name: profileValue(request.name) ?? user.name,
|
|
182
|
+
email: profileValue(request.email) ?? user.email,
|
|
183
|
+
picture: profileValue(request.picture) ?? user.picture
|
|
184
|
+
}
|
|
185
|
+
};
|
|
186
|
+
});
|
|
187
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/login/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EACL,aAAa,EAId,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EAAE,wBAAwB,EAAE,4BAA4B,EAAE,MAAM,gBAAgB,CAAC;AAExF,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC,MAAM,CAAC;IACnC,MAAM,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAChC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC9B,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;CACnC,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAErE,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC;IACrC,WAAW,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IACrC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC9B,MAAM,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAChC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC9B,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC/B,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;CAClC,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC,MAAM,CAAC;IACtC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,OAAO,CAAU,CAAC;IAC1C,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACjC,cAAc,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACxC,qBAAqB,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC/C,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACzC,eAAe,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;IACvC,SAAS,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;IACjC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACjC,gBAAgB,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC9C,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,CAAC;QAC1B,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;QAC5B,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;QAC9B,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;QAC/B,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;KAClC,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;CAC9B,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAG7B,MAAM,CAAC,MAAM,KAAK,GAAG,gBAAgB,CAAC;AACtC,MAAM,CAAC,MAAM,WAAW,GAAG,iEAAiE,CAAC;AAC7F,MAAM,CAAC,MAAM,IAAI,GAAG,YAAY,CAAC;AACjC,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC;AAC9D,MAAM,CAAC,MAAM,MAAM,GAA4B,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;AACpE,MAAM,CAAC,MAAM,IAAI,GAAuB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;AAC7E,MAAM,CAAC,MAAM,UAAU,GAAe,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAEpE,SAAS,iBAAiB,CAAC,GAAuB;IAChD,MAAM,QAAQ,GAAG,GAAG,EAAE,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC1B,IAAI,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,QAAQ,CAAC;IACvF,OAAO,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;AAC9D,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAa;IAC1C,MAAM,CAAC,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAsB,CAAC;QACnG,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,OAAO,CAAC,KAAK,IAAI,sBAAsB,CAAC;SACrC,KAAK,CAAC,KAAK,CAAC;SACZ,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,UAAU,CAAC,GAAyB;IAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,MAA4B,CAAC;IAChD,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACjF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACzF,CAAC;AAED,MAAM,CAAC,MAAM,SAAS,GAAG,aAAa,CACpC,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,EACxE,KAAK,EAAE,GAAG,EAAE,EAAE;IACZ,MAAM,SAAS,GAAG,wBAAwB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,iBAAiB,CAAE,GAAG,CAAC,KAAmC,CAAC,IAAI,IAAK,GAAG,CAAC,KAAmC,CAAC,QAAQ,IAAI,SAAS,EAAE,iBAAiB,CAAC,CAAC;IACtK,MAAM,aAAa,GAAG,4BAA4B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/D,IAAK,GAAG,CAAC,KAAmC,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QACjE,MAAM,YAAY,GAAG,iBAAiB,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QACtE,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;QACvC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;QACtC,IAAI,GAAG,CAAC,SAAS;YAAE,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,YAAY,EAAE,gBAAgB,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;QAC3F,OAAO;YACL,MAAM,EAAE,IAAa;YACrB,OAAO,EAAE,aAAa;YACtB,cAAc,EAAE,aAAa,EAAE,cAAc;YAC7C,qBAAqB,EAAE,aAAa,EAAE,aAAa;YACnD,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,YAAY;SACtB,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,IAAa;YACrB,OAAO,EAAE,oBAAoB;YAC7B,cAAc,EAAE,aAAa,EAAE,cAAc;YAC7C,qBAAqB,EAAE,aAAa,EAAE,aAAa;YACnD,eAAe,EAAE,IAAI;YACrB,MAAM,EAAE,EAAE;YACV,OAAO;YACP,IAAI,EAAE;gBACJ,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG;gBAChB,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI;gBACnB,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,KAAK;gBACrB,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO;aAC1B;SACF,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC;IAC7B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,qEAAqE,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;IAC3I,CAAC;IAED,OAAO;QACL,MAAM,EAAE,IAAa;QACrB,OAAO,EAAE,yBAAyB;QAClC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,qBAAqB,EAAE,MAAM,CAAC,aAAa;QAC3C,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC;QAClC,OAAO;KACR,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,MAAM,CAAC,MAAM,UAAU,GAAG,aAAa,CACrC,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,EACxE,KAAK,EAAE,GAAG,EAAE,EAAE;IACZ,MAAM,OAAO,GAAG,GAAG,CAAC,OAAsC,CAAC;IAC3D,MAAM,MAAM,GAAG,wBAAwB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,iBAAiB,CAAC,OAAO,CAAC,IAAI,IAAK,GAAG,CAAC,KAAmC,CAAC,IAAI,IAAI,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC9H,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,6DAA6D,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;IACnI,CAAC;IAED,IAAI,IAAe,CAAC;IACpB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IAChI,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACtB,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,uCAAwC,KAAe,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;IACvI,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;QAClD,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,wDAAwD,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;IAC9H,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC;QAC5C,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE;QACvB,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE;QACjB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,YAAY,EAAE,aAAa;QAC3B,eAAe,EAAE,IAAI,CAAC,GAAG;QACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,IAAI,EAAE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI;QAC7C,KAAK,EAAE,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK;QAChD,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO;KACvD,EAAE,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAC,CAAC;IACnC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,eAAe,EAAE,UAAU,MAAM,CAAC,WAAW,EAAE,EAAE;QAClE,MAAM,EAAE,IAAI;QACZ,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;QACpD,WAAW,EAAE,UAAU;QACvB,oBAAoB,EAAE,EAAE;KACzB,CAAC,CAAC;IACH,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,WAAW,EAAE;QACtD,MAAM,EAAE,IAAI;QACZ,YAAY,EAAE,IAAI;QAClB,gBAAgB,EAAE,qBAAqB,CAAC,OAAO,CAAC,WAAW,CAAC;KAC7D,CAAC,CAAC;IACH,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IACjD,IAAI,GAAG,CAAC,SAAS;QAAE,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,YAAY,EAAE,gBAAgB,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;IAE3F,OAAO;QACL,MAAM,EAAE,IAAa;QACrB,OAAO,EAAE,YAAY;QACrB,MAAM,EAAE,EAAE;QACV,OAAO;QACP,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;QACpD,IAAI,EAAE;YACJ,EAAE,EAAE,IAAI,CAAC,GAAG;YACZ,IAAI,EAAE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI;YAC7C,KAAK,EAAE,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK;YAChD,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO;SACvD;KACF,CAAC;AACJ,CAAC,CACF,CAAC"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import * as av from "anyvali";
|
|
2
|
+
import type { Infer } from "anyvali";
|
|
3
|
+
import { type ApiAuthRequirement, type CacheHints } from "@betterportal/framework";
|
|
4
|
+
export declare const QuerySchema: av.ObjectSchema<{
|
|
5
|
+
next: av.OptionalSchema<av.StringSchema>;
|
|
6
|
+
redirect: av.OptionalSchema<av.StringSchema>;
|
|
7
|
+
}>;
|
|
8
|
+
export declare const ResponseSchema: av.ObjectSchema<{
|
|
9
|
+
status: av.EnumSchema<readonly ["ok"]>;
|
|
10
|
+
message: av.StringSchema;
|
|
11
|
+
nextUrl: av.StringSchema;
|
|
12
|
+
}>;
|
|
13
|
+
export type ResponseData = Infer<typeof ResponseSchema>;
|
|
14
|
+
export declare const title = "Authress Logout";
|
|
15
|
+
export declare const description = "Clear the stored Authress bearer token.";
|
|
16
|
+
export declare const role = "auth.logout";
|
|
17
|
+
export declare const auth: ApiAuthRequirement;
|
|
18
|
+
export declare const cacheHints: CacheHints;
|
|
19
|
+
export declare const handleGet: import("@betterportal/framework").RouteHandler<Record<string, string>, {
|
|
20
|
+
next?: string | undefined;
|
|
21
|
+
redirect?: string | undefined;
|
|
22
|
+
}, Record<string, string>, Record<string, unknown>, {
|
|
23
|
+
status: "ok";
|
|
24
|
+
message: string;
|
|
25
|
+
nextUrl: string;
|
|
26
|
+
}, unknown, Record<string, unknown>>;
|
|
27
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAiB,KAAK,kBAAkB,EAAE,KAAK,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAElG,eAAO,MAAM,WAAW;;;EAGI,CAAC;AAE7B,eAAO,MAAM,cAAc;;;;EAIC,CAAC;AAC7B,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAExD,eAAO,MAAM,KAAK,oBAAoB,CAAC;AACvC,eAAO,MAAM,WAAW,4CAA4C,CAAC;AACrE,eAAO,MAAM,IAAI,gBAAgB,CAAC;AAClC,eAAO,MAAM,IAAI,EAAE,kBAAyD,CAAC;AAC7E,eAAO,MAAM,UAAU,EAAE,UAA0C,CAAC;AASpE,eAAO,MAAM,SAAS;;;;;;;oCAWrB,CAAC"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import * as av from "anyvali";
|
|
2
|
+
import { createHandler } from "@betterportal/framework";
|
|
3
|
+
export const QuerySchema = av.object({
|
|
4
|
+
next: av.optional(av.string()),
|
|
5
|
+
redirect: av.optional(av.string())
|
|
6
|
+
}, { unknownKeys: "strip" });
|
|
7
|
+
export const ResponseSchema = av.object({
|
|
8
|
+
status: av.enum_(["ok"]),
|
|
9
|
+
message: av.string(),
|
|
10
|
+
nextUrl: av.string()
|
|
11
|
+
}, { unknownKeys: "strip" });
|
|
12
|
+
export const title = "Authress Logout";
|
|
13
|
+
export const description = "Clear the stored Authress bearer token.";
|
|
14
|
+
export const role = "auth.logout";
|
|
15
|
+
export const auth = { required: false, permissions: [] };
|
|
16
|
+
export const cacheHints = { ttlSeconds: 0, varyBy: [] };
|
|
17
|
+
function normalizeRedirect(raw) {
|
|
18
|
+
const redirect = raw?.trim();
|
|
19
|
+
if (!redirect)
|
|
20
|
+
return "/";
|
|
21
|
+
if (redirect.startsWith("http://") || redirect.startsWith("https://"))
|
|
22
|
+
return redirect;
|
|
23
|
+
return redirect.startsWith("/") ? redirect : `/${redirect}`;
|
|
24
|
+
}
|
|
25
|
+
export const handleGet = createHandler({ response: ResponseSchema, query: QuerySchema }, (ctx) => {
|
|
26
|
+
const query = ctx.query;
|
|
27
|
+
const nextUrl = normalizeRedirect(query.next ?? query.redirect);
|
|
28
|
+
ctx.bpHeaders?.remove("Authorization");
|
|
29
|
+
ctx.bpHeaders?.remove("X-BP-Refresh");
|
|
30
|
+
ctx.responseHeaders?.set("HX-Location", "/login?action=logout");
|
|
31
|
+
if (ctx.serviceId)
|
|
32
|
+
ctx.responseHeaders?.set("HX-Trigger", `bp:fragments:${ctx.serviceId}`);
|
|
33
|
+
return { status: "ok", message: "Signed out.", nextUrl };
|
|
34
|
+
});
|
|
35
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,aAAa,EAA4C,MAAM,yBAAyB,CAAC;AAElG,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC,MAAM,CAAC;IACnC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC9B,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;CACnC,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC,MAAM,CAAC;IACtC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAU,CAAC;IACjC,OAAO,EAAE,EAAE,CAAC,MAAM,EAAE;IACpB,OAAO,EAAE,EAAE,CAAC,MAAM,EAAE;CACrB,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAG7B,MAAM,CAAC,MAAM,KAAK,GAAG,iBAAiB,CAAC;AACvC,MAAM,CAAC,MAAM,WAAW,GAAG,yCAAyC,CAAC;AACrE,MAAM,CAAC,MAAM,IAAI,GAAG,aAAa,CAAC;AAClC,MAAM,CAAC,MAAM,IAAI,GAAuB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;AAC7E,MAAM,CAAC,MAAM,UAAU,GAAe,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAEpE,SAAS,iBAAiB,CAAC,GAAuB;IAChD,MAAM,QAAQ,GAAG,GAAG,EAAE,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC1B,IAAI,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,QAAQ,CAAC;IACvF,OAAO,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,CAAC,MAAM,SAAS,GAAG,aAAa,CACpC,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,EAChD,CAAC,GAAG,EAAE,EAAE;IACN,MAAM,KAAK,GAAG,GAAG,CAAC,KAAkC,CAAC;IACrD,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;IAChE,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IACvC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IACtC,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,aAAa,EAAE,sBAAsB,CAAC,CAAC;IAChE,IAAI,GAAG,CAAC,SAAS;QAAE,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,YAAY,EAAE,gBAAgB,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3F,OAAO,EAAE,MAAM,EAAE,IAAa,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;AACpE,CAAC,CACF,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import * as av from "anyvali";
|
|
2
|
+
import type { Infer } from "anyvali";
|
|
3
|
+
import { type ApiAuthRequirement, type CacheHints } from "@betterportal/framework";
|
|
4
|
+
export declare const RequestSchema: av.ObjectSchema<{
|
|
5
|
+
refreshToken: av.OptionalSchema<av.StringSchema>;
|
|
6
|
+
accessToken: av.OptionalSchema<av.StringSchema>;
|
|
7
|
+
}>;
|
|
8
|
+
export declare const ResponseSchema: av.ObjectSchema<{
|
|
9
|
+
status: av.EnumSchema<readonly ["ok", "error"]>;
|
|
10
|
+
message: av.OptionalSchema<av.StringSchema>;
|
|
11
|
+
accessToken: av.OptionalSchema<av.StringSchema>;
|
|
12
|
+
expiresInSeconds: av.OptionalSchema<av.IntSchema>;
|
|
13
|
+
}>;
|
|
14
|
+
export type ResponseData = Infer<typeof ResponseSchema>;
|
|
15
|
+
export declare const title = "Authress Refresh";
|
|
16
|
+
export declare const description = "Refresh BetterPortal tokens after Authress session renewal.";
|
|
17
|
+
export declare const role = "auth.refresh";
|
|
18
|
+
export declare const auth: ApiAuthRequirement;
|
|
19
|
+
export declare const cacheHints: CacheHints;
|
|
20
|
+
export declare const handlePost: import("@betterportal/framework").RouteHandler<Record<string, string>, Record<string, unknown>, Record<string, string>, {
|
|
21
|
+
refreshToken?: string | undefined;
|
|
22
|
+
accessToken?: string | undefined;
|
|
23
|
+
}, {
|
|
24
|
+
status: "ok" | "error";
|
|
25
|
+
message?: string | undefined;
|
|
26
|
+
accessToken?: string | undefined;
|
|
27
|
+
expiresInSeconds?: number | undefined;
|
|
28
|
+
}, unknown, Record<string, unknown>>;
|
|
29
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAEL,KAAK,kBAAkB,EACvB,KAAK,UAAU,EAChB,MAAM,yBAAyB,CAAC;AAIjC,eAAO,MAAM,aAAa;;;EAGE,CAAC;AAE7B,eAAO,MAAM,cAAc;;;;;EAKC,CAAC;AAC7B,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAExD,eAAO,MAAM,KAAK,qBAAqB,CAAC;AACxC,eAAO,MAAM,WAAW,gEAAgE,CAAC;AACzF,eAAO,MAAM,IAAI,iBAAiB,CAAC;AACnC,eAAO,MAAM,IAAI,EAAE,kBAAyD,CAAC;AAC7E,eAAO,MAAM,UAAU,EAAE,UAA0C,CAAC;AAQpE,eAAO,MAAM,UAAU;;;;;;;;oCAqDtB,CAAC"}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
import * as av from "anyvali";
|
|
2
|
+
import { createHandler } from "@betterportal/framework";
|
|
3
|
+
import { resolveAuthressAppConfig } from "../../index.js";
|
|
4
|
+
export const RequestSchema = av.object({
|
|
5
|
+
refreshToken: av.optional(av.string().minLength(1)),
|
|
6
|
+
accessToken: av.optional(av.string())
|
|
7
|
+
}, { unknownKeys: "strip" });
|
|
8
|
+
export const ResponseSchema = av.object({
|
|
9
|
+
status: av.enum_(["ok", "error"]),
|
|
10
|
+
message: av.optional(av.string()),
|
|
11
|
+
accessToken: av.optional(av.string()),
|
|
12
|
+
expiresInSeconds: av.optional(av.int().min(1))
|
|
13
|
+
}, { unknownKeys: "strip" });
|
|
14
|
+
export const title = "Authress Refresh";
|
|
15
|
+
export const description = "Refresh BetterPortal tokens after Authress session renewal.";
|
|
16
|
+
export const role = "auth.refresh";
|
|
17
|
+
export const auth = { required: false, permissions: [] };
|
|
18
|
+
export const cacheHints = { ttlSeconds: 0, varyBy: [] };
|
|
19
|
+
function pluginFrom(ctx) {
|
|
20
|
+
const plugin = ctx.plugin;
|
|
21
|
+
if (!plugin)
|
|
22
|
+
throw new Error("Authress plugin not available on handler context");
|
|
23
|
+
return plugin;
|
|
24
|
+
}
|
|
25
|
+
export const handlePost = createHandler({ response: ResponseSchema, request: RequestSchema }, async (ctx) => {
|
|
26
|
+
const config = resolveAuthressAppConfig(ctx.config);
|
|
27
|
+
if (!config) {
|
|
28
|
+
return { status: "error", message: "Authress config is missing authressApiUrl or applicationId." };
|
|
29
|
+
}
|
|
30
|
+
const body = ctx.request;
|
|
31
|
+
const headers = ctx.headers;
|
|
32
|
+
const authressToken = body.accessToken ?? headers["x-bp-refresh"];
|
|
33
|
+
if (!authressToken?.trim()) {
|
|
34
|
+
return { status: "error", message: "Authress access token is required to refresh BetterPortal tokens." };
|
|
35
|
+
}
|
|
36
|
+
const plugin = pluginFrom(ctx);
|
|
37
|
+
let authressClaims;
|
|
38
|
+
try {
|
|
39
|
+
authressClaims = await plugin.verifyAuthressToken(authressToken, config, { tenantId: ctx.tenant.id, appId: ctx.app.id });
|
|
40
|
+
}
|
|
41
|
+
catch {
|
|
42
|
+
return { status: "error", message: "Authress token invalid or expired." };
|
|
43
|
+
}
|
|
44
|
+
const issued = plugin.issueTokenPair({
|
|
45
|
+
sub: authressClaims.sub,
|
|
46
|
+
tenantId: ctx.tenant.id,
|
|
47
|
+
appId: ctx.app.id,
|
|
48
|
+
roles: authressClaims.roles,
|
|
49
|
+
authProvider: "authress.io",
|
|
50
|
+
providerSubject: authressClaims.sub,
|
|
51
|
+
provider: authressClaims.provider,
|
|
52
|
+
name: authressClaims.name,
|
|
53
|
+
email: authressClaims.email,
|
|
54
|
+
picture: authressClaims.picture
|
|
55
|
+
}, { includeRefreshToken: false });
|
|
56
|
+
ctx.bpHeaders?.set("Authorization", `Bearer ${issued.accessToken}`, {
|
|
57
|
+
locked: true,
|
|
58
|
+
expiresInSeconds: issued.accessTokenExpiresInSeconds,
|
|
59
|
+
refreshPath: "/refresh",
|
|
60
|
+
refreshBeforeSeconds: 60
|
|
61
|
+
});
|
|
62
|
+
ctx.bpHeaders?.set("X-BP-Refresh", authressToken, {
|
|
63
|
+
locked: true,
|
|
64
|
+
scopeToOwner: true,
|
|
65
|
+
expiresInSeconds: secondsUntilJwtExpiry(authressToken)
|
|
66
|
+
});
|
|
67
|
+
return {
|
|
68
|
+
status: "ok",
|
|
69
|
+
accessToken: issued.accessToken,
|
|
70
|
+
expiresInSeconds: issued.accessTokenExpiresInSeconds
|
|
71
|
+
};
|
|
72
|
+
});
|
|
73
|
+
function secondsUntilJwtExpiry(token) {
|
|
74
|
+
const payload = token.split(".")[1];
|
|
75
|
+
if (!payload)
|
|
76
|
+
return 60 * 15;
|
|
77
|
+
try {
|
|
78
|
+
const parsed = JSON.parse(Buffer.from(payload, "base64url").toString("utf8"));
|
|
79
|
+
if (typeof parsed.exp !== "number")
|
|
80
|
+
return 60 * 15;
|
|
81
|
+
return Math.max(1, parsed.exp - Math.floor(Date.now() / 1000));
|
|
82
|
+
}
|
|
83
|
+
catch {
|
|
84
|
+
return 60 * 15;
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EACL,aAAa,EAGd,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAE1D,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC;IACrC,YAAY,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACnD,WAAW,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;CACtC,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC,MAAM,CAAC;IACtC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,OAAO,CAAU,CAAC;IAC1C,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACjC,WAAW,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACrC,gBAAgB,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC/C,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAG7B,MAAM,CAAC,MAAM,KAAK,GAAG,kBAAkB,CAAC;AACxC,MAAM,CAAC,MAAM,WAAW,GAAG,6DAA6D,CAAC;AACzF,MAAM,CAAC,MAAM,IAAI,GAAG,cAAc,CAAC;AACnC,MAAM,CAAC,MAAM,IAAI,GAAuB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;AAC7E,MAAM,CAAC,MAAM,UAAU,GAAe,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAEpE,SAAS,UAAU,CAAC,GAAyB;IAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,MAA4B,CAAC;IAChD,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACjF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,aAAa,CACrC,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,aAAa,EAAE,EACpD,KAAK,EAAE,GAAG,EAAE,EAAE;IACZ,MAAM,MAAM,GAAG,wBAAwB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,6DAA6D,EAAE,CAAC;IAC9G,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,CAAC,OAAsC,CAAC;IACxD,MAAM,OAAO,GAAG,GAAG,CAAC,OAA6C,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,cAAc,CAAC,CAAC;IAClE,IAAI,CAAC,aAAa,EAAE,IAAI,EAAE,EAAE,CAAC;QAC3B,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,mEAAmE,EAAE,CAAC;IACpH,CAAC;IACD,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,cAAc,CAAC;IACnB,IAAI,CAAC;QACH,cAAc,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,aAAa,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IAC3H,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,oCAAoC,EAAE,CAAC;IACrF,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC;QACnC,GAAG,EAAE,cAAc,CAAC,GAAG;QACvB,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE;QACvB,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE;QACjB,KAAK,EAAE,cAAc,CAAC,KAAK;QAC3B,YAAY,EAAE,aAAa;QAC3B,eAAe,EAAE,cAAc,CAAC,GAAG;QACnC,QAAQ,EAAE,cAAc,CAAC,QAAQ;QACjC,IAAI,EAAE,cAAc,CAAC,IAAI;QACzB,KAAK,EAAE,cAAc,CAAC,KAAK;QAC3B,OAAO,EAAE,cAAc,CAAC,OAAO;KAChC,EAAE,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAC,CAAC;IAEnC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,eAAe,EAAE,UAAU,MAAM,CAAC,WAAW,EAAE,EAAE;QAClE,MAAM,EAAE,IAAI;QACZ,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;QACpD,WAAW,EAAE,UAAU;QACvB,oBAAoB,EAAE,EAAE;KACzB,CAAC,CAAC;IACH,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,cAAc,EAAE,aAAa,EAAE;QAChD,MAAM,EAAE,IAAI;QACZ,YAAY,EAAE,IAAI;QAClB,gBAAgB,EAAE,qBAAqB,CAAC,aAAa,CAAC;KACvD,CAAC,CAAC;IAEH,OAAO;QACL,MAAM,EAAE,IAAa;QACrB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;KACrD,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,SAAS,qBAAqB,CAAC,KAAa;IAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAsB,CAAC;QACnG,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAAE,OAAO,EAAE,GAAG,EAAE,CAAC;QACnD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,GAAG,EAAE,CAAC;IACjB,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
import { type BSBServiceConstructor, type Observable } from "@bsb/base";
|
|
2
|
+
import * as av from "anyvali";
|
|
3
|
+
import { BPService, type BPServiceDefinition } from "@betterportal/plugin-bsb";
|
|
4
|
+
import { type ConfigSchemaDescriptor, type JwtClaims, type JwtVerifier } from "@betterportal/framework";
|
|
5
|
+
declare const PluginConfigSchema: av.ObjectSchema<{
|
|
6
|
+
host: av.StringSchema;
|
|
7
|
+
port: av.IntSchema;
|
|
8
|
+
issuer: av.StringSchema;
|
|
9
|
+
audience: av.StringSchema;
|
|
10
|
+
accessTokenSeconds: av.IntSchema;
|
|
11
|
+
refreshTokenSeconds: av.IntSchema;
|
|
12
|
+
keyStorePath: av.StringSchema;
|
|
13
|
+
betterportal: av.OptionalSchema<av.ObjectSchema<{
|
|
14
|
+
bpConfigPath: av.OptionalSchema<av.StringSchema>;
|
|
15
|
+
configApiToken: av.OptionalSchema<av.StringSchema>;
|
|
16
|
+
configEncryptionKey: av.OptionalSchema<av.StringSchema>;
|
|
17
|
+
controlPlaneUrl: av.OptionalSchema<av.StringSchema>;
|
|
18
|
+
serviceApiKey: av.OptionalSchema<av.StringSchema>;
|
|
19
|
+
bootstrapStatePath: av.StringSchema;
|
|
20
|
+
scopedConfigCachePath: av.StringSchema;
|
|
21
|
+
trustedProxyHeaders: av.BoolSchema;
|
|
22
|
+
cfProxy: av.BoolSchema;
|
|
23
|
+
trustedProxyIps: av.ArraySchema<av.StringSchema>;
|
|
24
|
+
}>>;
|
|
25
|
+
}>;
|
|
26
|
+
export type AuthressPluginConfig = av.Infer<typeof PluginConfigSchema>;
|
|
27
|
+
declare const Config: import("@bsb/base").BSBPluginConfigClass<av.ObjectSchema<{
|
|
28
|
+
host: av.StringSchema;
|
|
29
|
+
port: av.IntSchema;
|
|
30
|
+
issuer: av.StringSchema;
|
|
31
|
+
audience: av.StringSchema;
|
|
32
|
+
accessTokenSeconds: av.IntSchema;
|
|
33
|
+
refreshTokenSeconds: av.IntSchema;
|
|
34
|
+
keyStorePath: av.StringSchema;
|
|
35
|
+
betterportal: av.OptionalSchema<av.ObjectSchema<{
|
|
36
|
+
bpConfigPath: av.OptionalSchema<av.StringSchema>;
|
|
37
|
+
configApiToken: av.OptionalSchema<av.StringSchema>;
|
|
38
|
+
configEncryptionKey: av.OptionalSchema<av.StringSchema>;
|
|
39
|
+
controlPlaneUrl: av.OptionalSchema<av.StringSchema>;
|
|
40
|
+
serviceApiKey: av.OptionalSchema<av.StringSchema>;
|
|
41
|
+
bootstrapStatePath: av.StringSchema;
|
|
42
|
+
scopedConfigCachePath: av.StringSchema;
|
|
43
|
+
trustedProxyHeaders: av.BoolSchema;
|
|
44
|
+
cfProxy: av.BoolSchema;
|
|
45
|
+
trustedProxyIps: av.ArraySchema<av.StringSchema>;
|
|
46
|
+
}>>;
|
|
47
|
+
}>>;
|
|
48
|
+
declare const EventSchemas: {
|
|
49
|
+
readonly emitEvents: {};
|
|
50
|
+
readonly onEvents: {};
|
|
51
|
+
readonly emitReturnableEvents: {};
|
|
52
|
+
readonly onReturnableEvents: {};
|
|
53
|
+
readonly emitBroadcast: {};
|
|
54
|
+
readonly onBroadcast: {};
|
|
55
|
+
};
|
|
56
|
+
export interface AuthressAppConfig {
|
|
57
|
+
authressApiUrl: string;
|
|
58
|
+
applicationId: string;
|
|
59
|
+
expectedIssuer: string;
|
|
60
|
+
expectedAudience?: string;
|
|
61
|
+
jwksUri: string;
|
|
62
|
+
scopes?: string;
|
|
63
|
+
loginRedirectPath?: string;
|
|
64
|
+
logoutRedirectPath?: string;
|
|
65
|
+
roleClaimPath?: string;
|
|
66
|
+
subjectClaimPath?: string;
|
|
67
|
+
nameClaimPath?: string;
|
|
68
|
+
emailClaimPath?: string;
|
|
69
|
+
pictureClaimPath?: string;
|
|
70
|
+
clientSecret?: string;
|
|
71
|
+
apiKey?: string;
|
|
72
|
+
}
|
|
73
|
+
export type AuthressBrowserConfig = Pick<AuthressAppConfig, "authressApiUrl" | "applicationId" | "scopes">;
|
|
74
|
+
export declare function resolveAuthressBrowserConfig(raw: Record<string, unknown> | undefined): AuthressBrowserConfig | null;
|
|
75
|
+
export declare function resolveAuthressAppConfig(raw: Record<string, unknown> | undefined): AuthressAppConfig | null;
|
|
76
|
+
export declare const AuthressConfigSchemas: ConfigSchemaDescriptor[];
|
|
77
|
+
export declare class Plugin extends BPService<InstanceType<typeof Config>, typeof EventSchemas> {
|
|
78
|
+
static Config: import("@bsb/base").BSBPluginConfigClass<av.ObjectSchema<{
|
|
79
|
+
host: av.StringSchema;
|
|
80
|
+
port: av.IntSchema;
|
|
81
|
+
issuer: av.StringSchema;
|
|
82
|
+
audience: av.StringSchema;
|
|
83
|
+
accessTokenSeconds: av.IntSchema;
|
|
84
|
+
refreshTokenSeconds: av.IntSchema;
|
|
85
|
+
keyStorePath: av.StringSchema;
|
|
86
|
+
betterportal: av.OptionalSchema<av.ObjectSchema<{
|
|
87
|
+
bpConfigPath: av.OptionalSchema<av.StringSchema>;
|
|
88
|
+
configApiToken: av.OptionalSchema<av.StringSchema>;
|
|
89
|
+
configEncryptionKey: av.OptionalSchema<av.StringSchema>;
|
|
90
|
+
controlPlaneUrl: av.OptionalSchema<av.StringSchema>;
|
|
91
|
+
serviceApiKey: av.OptionalSchema<av.StringSchema>;
|
|
92
|
+
bootstrapStatePath: av.StringSchema;
|
|
93
|
+
scopedConfigCachePath: av.StringSchema;
|
|
94
|
+
trustedProxyHeaders: av.BoolSchema;
|
|
95
|
+
cfProxy: av.BoolSchema;
|
|
96
|
+
trustedProxyIps: av.ArraySchema<av.StringSchema>;
|
|
97
|
+
}>>;
|
|
98
|
+
}>>;
|
|
99
|
+
static EventSchemas: {
|
|
100
|
+
readonly emitEvents: {};
|
|
101
|
+
readonly onEvents: {};
|
|
102
|
+
readonly emitReturnableEvents: {};
|
|
103
|
+
readonly onReturnableEvents: {};
|
|
104
|
+
readonly emitBroadcast: {};
|
|
105
|
+
readonly onBroadcast: {};
|
|
106
|
+
};
|
|
107
|
+
private keyPair;
|
|
108
|
+
constructor(cfg: BSBServiceConstructor<InstanceType<typeof Config>, typeof EventSchemas>);
|
|
109
|
+
init(obs: Observable): Promise<void>;
|
|
110
|
+
protected definition(): BPServiceDefinition;
|
|
111
|
+
protected getJwtVerifier(tenantId: string, appId: string): JwtVerifier | undefined;
|
|
112
|
+
signAccessToken(input: {
|
|
113
|
+
sub: string;
|
|
114
|
+
tenantId: string;
|
|
115
|
+
appId: string;
|
|
116
|
+
roles: string[];
|
|
117
|
+
name?: string;
|
|
118
|
+
email?: string;
|
|
119
|
+
picture?: string;
|
|
120
|
+
}): string;
|
|
121
|
+
verifyAuthressToken(token: string, appConfig: AuthressAppConfig, scope: {
|
|
122
|
+
tenantId: string;
|
|
123
|
+
appId: string;
|
|
124
|
+
}): Promise<JwtClaims>;
|
|
125
|
+
issueTokenPair(input: {
|
|
126
|
+
sub: string;
|
|
127
|
+
tenantId: string;
|
|
128
|
+
appId: string;
|
|
129
|
+
roles: string[];
|
|
130
|
+
authProvider: string;
|
|
131
|
+
providerSubject: string;
|
|
132
|
+
provider?: JwtClaims["provider"];
|
|
133
|
+
name?: string;
|
|
134
|
+
email?: string;
|
|
135
|
+
picture?: string;
|
|
136
|
+
}, options?: {
|
|
137
|
+
includeRefreshToken?: boolean;
|
|
138
|
+
}): import("@betterportal/framework").BpIssuedTokenPair;
|
|
139
|
+
getAuthressAppConfig(tenantId: string, appId: string): AuthressAppConfig | null;
|
|
140
|
+
getAuthressBrowserConfig(tenantId: string, appId: string): AuthressBrowserConfig | null;
|
|
141
|
+
private getAuthressRawConfig;
|
|
142
|
+
private authressConfigReadTicket;
|
|
143
|
+
private tokenIssuer;
|
|
144
|
+
}
|
|
145
|
+
export { Config, EventSchemas };
|
|
146
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/service-betterportal-auth-authress-io/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,qBAAqB,EAG1B,KAAK,UAAU,EAChB,MAAM,WAAW,CAAC;AACnB,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAEL,SAAS,EACT,KAAK,mBAAmB,EACzB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAML,KAAK,sBAAsB,EAC3B,KAAK,SAAS,EACd,KAAK,WAAW,EAGjB,MAAM,yBAAyB,CAAC;AAIjC,QAAA,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;EASI,CAAC;AAC7B,MAAM,MAAM,oBAAoB,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEvE,QAAA,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;GAQX,CAAC;AAEF,QAAA,MAAM,YAAY;;;;;;;CAOhB,CAAC;AASH,MAAM,WAAW,iBAAiB;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,qBAAqB,GAAG,IAAI,CAAC,iBAAiB,EAAE,gBAAgB,GAAG,eAAe,GAAG,QAAQ,CAAC,CAAC;AAU3G,wBAAgB,4BAA4B,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GAAG,qBAAqB,GAAG,IAAI,CASnH;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GAAG,iBAAiB,GAAG,IAAI,CAoB3G;AAED,eAAO,MAAM,qBAAqB,EAAE,sBAAsB,EAgDzD,CAAC;AAEF,qBAAa,MAAO,SAAQ,SAAS,CAAC,YAAY,CAAC,OAAO,MAAM,CAAC,EAAE,OAAO,YAAY,CAAC;IACrF,MAAM,CAAC,MAAM;;;;;;;;;;;;;;;;;;;;QAAU;IACvB,MAAM,CAAC,YAAY;;;;;;;MAAgB;IACnC,OAAO,CAAC,OAAO,CAAc;gBAEjB,GAAG,EAAE,qBAAqB,CAAC,YAAY,CAAC,OAAO,MAAM,CAAC,EAAE,OAAO,YAAY,CAAC;IAIlF,IAAI,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAS1C,SAAS,CAAC,UAAU,IAAI,mBAAmB;IAa3C,SAAS,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAMlF,eAAe,CAAC,KAAK,EAAE;QACrB,GAAG,EAAE,MAAM,CAAC;QACZ,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,GAAG,MAAM;IAIV,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,KAAK,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,SAAS,CAAC;IAIhI,cAAc,CAAC,KAAK,EAAE;QACpB,GAAG,EAAE,MAAM,CAAC;QACZ,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,EAAE,OAAO,CAAC,EAAE;QAAE,mBAAmB,CAAC,EAAE,OAAO,CAAA;KAAE;IAI9C,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI;IAI/E,wBAAwB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,qBAAqB,GAAG,IAAI;IAIvF,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,wBAAwB;IAgBhC,OAAO,CAAC,WAAW;CASpB;AAED,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC"}
|