@chrishdx/llm-dev-server 1.0.0

package/backend/dist/services/auth/ClaudeAuthService.js

@@ -0,0 +1,401 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClaudeAuthService = void 0;
+const path_1 = __importDefault(require("path"));
+const promises_1 = __importDefault(require("fs/promises"));
+const crypto_1 = __importDefault(require("crypto"));
+const BaseAuthService_1 = require("./BaseAuthService");
+const models_1 = require("../../models");
+const crypto_2 = require("../../utils/crypto");
+const environment_1 = __importDefault(require("../../config/environment"));
+const logger_1 = __importDefault(require("../../utils/logger"));
+const CLAUDE_CLIENT_ID = '9d1c250a-e61b-44d9-88ed-5944d1962f5e';
+const CLAUDE_SCOPES = [
+    'org:create_api_key',
+    'user:profile',
+    'user:inference',
+    'user:sessions:claude_code',
+];
+const CLAUDE_TOKEN_URL = 'https://console.anthropic.com/v1/oauth/token';
+const CLAUDE_PROFILE_URL = 'https://api.anthropic.com/api/oauth/profile';
+const MANUAL_REDIRECT_URL = 'https://console.anthropic.com/oauth/code/callback';
+const CLAUDE_AI_AUTHORIZE_URL = 'https://claude.ai/oauth/authorize';
+const CONSOLE_AUTHORIZE_URL = 'https://console.anthropic.com/oauth/authorize';
+class ClaudeAuthService extends BaseAuthService_1.BaseAuthService {
+    constructor() {
+        super('claude');
+        this.claudeConfigDir = path_1.default.join(environment_1.default.DATA_DIR, 'claude');
+    }
+    /**
+     * Parse various callback input formats (URL, query params, or raw code)
+     * Based on n8n plugin implementation
+     */
+    static parseCallbackInput(input) {
+        const trimmed = input.trim();
+        if (!trimmed)
+            return {};
+        let code;
+        let state;
+        const trySet = (maybeCode, maybeState) => {
+            const trimmedCode = maybeCode?.trim() || '';
+            const trimmedState = maybeState?.trim() || '';
+            if (!code && trimmedCode)
+                code = trimmedCode;
+            if (!state && trimmedState)
+                state = trimmedState;
+        };
+        // Try parsing as URL
+        try {
+            const url = new URL(trimmed);
+            trySet(url.searchParams.get('code'), url.searchParams.get('state'));
+            const hash = url.hash.startsWith('#') ? url.hash.slice(1) : url.hash;
+            if (hash) {
+                if (hash.includes('=')) {
+                    const hashParams = new URLSearchParams(hash);
+                    trySet(hashParams.get('code'), hashParams.get('state'));
+                }
+                else if (!state) {
+                    state = hash.trim();
+                }
+            }
+            if (code || state)
+                return { code, state };
+        }
+        catch {
+            // Fall through to non-URL parsing
+        }
+        // Parse as query string or hash fragments
+        const [beforeHash, ...hashParts] = trimmed.split('#');
+        const hashPart = hashParts.join('#');
+        if (beforeHash.includes('?')) {
+            const params = new URLSearchParams(beforeHash.slice(beforeHash.indexOf('?') + 1));
+            trySet(params.get('code'), params.get('state'));
+        }
+        if (beforeHash.includes('code=')) {
+            const params = new URLSearchParams(beforeHash);
+            trySet(params.get('code'), params.get('state'));
+        }
+        // If still no code, treat entire input as code
+        if (!code && beforeHash && !beforeHash.includes('?') && !beforeHash.includes('=')) {
+            code = beforeHash.trim();
+        }
+        if (hashPart) {
+            if (hashPart.includes('=')) {
+                const hashParams = new URLSearchParams(hashPart);
+                trySet(hashParams.get('code'), hashParams.get('state'));
+            }
+            else if (!state) {
+                state = hashPart.trim();
+            }
+        }
+        return { code, state };
+    }
+    /**
+     * Start Claude OAuth login flow
+     */
+    async startLogin(options) {
+        const codeVerifier = (0, crypto_2.generateCodeVerifier)();
+        const codeChallenge = (0, crypto_2.generateCodeChallenge)(codeVerifier);
+        const state = crypto_1.default.randomUUID();
+        const baseUrl = options.loginWithClaudeAi
+            ? 'https://claude.ai/oauth/authorize'
+            : 'https://console.anthropic.com/oauth/authorize';
+        const redirectUri = 'http://localhost:3000/oauth/callback';
+        const url = new URL(baseUrl);
+        url.searchParams.set('client_id', CLAUDE_CLIENT_ID);
+        url.searchParams.set('response_type', 'code');
+        url.searchParams.set('redirect_uri', redirectUri);
+        url.searchParams.set('scope', CLAUDE_SCOPES.join(' '));
+        url.searchParams.set('code_challenge', codeChallenge);
+        url.searchParams.set('code_challenge_method', 'S256');
+        url.searchParams.set('state', state);
+        const sessionId = crypto_1.default.randomUUID();
+        await this.storeLoginSession({
+            sessionId,
+            state,
+            codeVerifier: this.encrypt(codeVerifier),
+            provider: 'claude',
+            redirectUri,
+            expiresAt: new Date(Date.now() + 15 * 60 * 1000),
+        });
+        logger_1.default.info('Claude OAuth login started', { sessionId, baseUrl: baseUrl });
+        return {
+            loginUrl: url.toString(),
+            sessionId,
+            state,
+        };
+    }
+    /**
+     * Complete Claude OAuth login flow
+     */
+    async completeLogin(params) {
+        // Validate session
+        const session = await this.getLoginSession(params.sessionId);
+        if (!session || session.state !== params.state) {
+            throw new Error('Invalid OAuth state');
+        }
+        const codeVerifier = this.decrypt(session.codeVerifier);
+        // Exchange code for tokens
+        const tokenResponse = await fetch(CLAUDE_TOKEN_URL, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                grant_type: 'authorization_code',
+                code: params.code,
+                redirect_uri: session.redirectUri || 'http://localhost:3000/oauth/callback',
+                client_id: CLAUDE_CLIENT_ID,
+                code_verifier: codeVerifier,
+            }),
+        });
+        if (!tokenResponse.ok) {
+            const error = await tokenResponse.text();
+            throw new Error(`Token exchange failed: ${error}`);
+        }
+        const tokens = (await tokenResponse.json());
+        // Fetch user profile
+        const profileResponse = await fetch(CLAUDE_PROFILE_URL, {
+            headers: { Authorization: `Bearer ${tokens.access_token}` },
+        });
+        const profile = profileResponse.ok
+            ? (await profileResponse.json())
+            : {};
+        // 1. Create directory structure
+        await promises_1.default.mkdir(this.claudeConfigDir, { recursive: true, mode: 0o700 });
+        // 2. Write credentials to file (like native Claude CLI)
+        const credentialsPath = path_1.default.join(this.claudeConfigDir, '.credentials.json');
+        const credentialsData = {
+            accessToken: tokens.access_token,
+            refreshToken: tokens.refresh_token,
+            expiresAt: Date.now() + tokens.expires_in * 1000,
+            issuedAt: Date.now(),
+            scopes: tokens.scope?.split(' '),
+            subscriptionType: profile.organization?.organization_type,
+            rateLimitTier: profile.rate_limit_tier,
+        };
+        await promises_1.default.writeFile(credentialsPath, JSON.stringify(credentialsData, null, 2), { encoding: 'utf8', mode: 0o600 });
+        logger_1.default.info('Claude credentials written to file');
+        // 3. Store in database (for UI/management)
+        const authToken = await models_1.AuthToken.create({
+            provider: 'claude',
+            accessToken: this.encrypt(tokens.access_token),
+            refreshToken: tokens.refresh_token ? this.encrypt(tokens.refresh_token) : undefined,
+            tokenType: tokens.token_type,
+            expiresAt: new Date(Date.now() + tokens.expires_in * 1000),
+            issuedAt: new Date(),
+            scopes: tokens.scope?.split(' '),
+            email: profile.account?.email,
+            organization: profile.organization?.name,
+            isActive: true,
+        });
+        // Cleanup session
+        await this.deleteLoginSession(params.sessionId);
+        logger_1.default.info('Claude OAuth login completed', { tokenId: authToken.id });
+        return authToken;
+    }
+    /**
+     * Load credentials from file on server startup
+     */
+    async loadFromFile() {
+        const credentialsPath = path_1.default.join(this.claudeConfigDir, '.credentials.json');
+        try {
+            const content = await promises_1.default.readFile(credentialsPath, 'utf8');
+            const creds = JSON.parse(content);
+            // Check if already in database
+            let authToken = await models_1.AuthToken.findOne({
+                where: { provider: 'claude', isActive: true },
+            });
+            if (!authToken) {
+                // Create from file
+                authToken = await models_1.AuthToken.create({
+                    provider: 'claude',
+                    accessToken: this.encrypt(creds.accessToken),
+                    refreshToken: creds.refreshToken ? this.encrypt(creds.refreshToken) : undefined,
+                    tokenType: 'Bearer',
+                    expiresAt: new Date(creds.expiresAt),
+                    issuedAt: new Date(creds.issuedAt),
+                    scopes: creds.scopes,
+                    isActive: true,
+                });
+                logger_1.default.info('Claude credentials loaded from file and synced to database');
+            }
+            return authToken;
+        }
+        catch (error) {
+            if (error instanceof Error && error.code !== 'ENOENT') {
+                logger_1.default.warn('Failed to load Claude credentials from file:', error.message);
+            }
+            return null;
+        }
+    }
+    /**
+     * Refresh Claude access token
+     */
+    async refreshToken(token) {
+        if (!token.refreshToken) {
+            throw new Error('No refresh token available');
+        }
+        const refreshTokenDecrypted = this.decrypt(token.refreshToken);
+        const tokenResponse = await fetch(CLAUDE_TOKEN_URL, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                grant_type: 'refresh_token',
+                refresh_token: refreshTokenDecrypted,
+                client_id: CLAUDE_CLIENT_ID,
+            }),
+        });
+        if (!tokenResponse.ok) {
+            const error = await tokenResponse.text();
+            throw new Error(`Token refresh failed: ${error}`);
+        }
+        const tokens = (await tokenResponse.json());
+        logger_1.default.info('Claude token refreshed successfully');
+        return {
+            accessToken: tokens.access_token,
+            refreshToken: tokens.refresh_token,
+            expiresAt: new Date(Date.now() + tokens.expires_in * 1000),
+        };
+    }
+    /**
+     * Get current authentication status
+     */
+    async getStatus() {
+        const token = await this.getActiveToken();
+        if (!token) {
+            return { loggedIn: false };
+        }
+        return {
+            loggedIn: true,
+            tokenId: token.id,
+            email: token.email,
+            expiresAt: token.expiresAt,
+            hasInferenceScope: token.scopes?.includes('user:inference') || false,
+        };
+    }
+    /**
+     * Start Claude OAuth login flow for manual code entry
+     * Uses official Anthropic static callback page for displaying authorization code
+     */
+    async startLoginWithRedirect(_redirectUri, loginWithClaudeAi = true) {
+        const codeVerifier = (0, crypto_2.generateCodeVerifier)();
+        const codeChallenge = (0, crypto_2.generateCodeChallenge)(codeVerifier);
+        const state = crypto_1.default.randomUUID();
+        // Use static manual redirect URI (official Anthropic page)
+        const manualRedirectUri = MANUAL_REDIRECT_URL;
+        // Choose authorization endpoint
+        const baseUrl = loginWithClaudeAi ? CLAUDE_AI_AUTHORIZE_URL : CONSOLE_AUTHORIZE_URL;
+        const url = new URL(baseUrl);
+        url.searchParams.set('client_id', CLAUDE_CLIENT_ID);
+        url.searchParams.set('response_type', 'code');
+        url.searchParams.set('redirect_uri', manualRedirectUri);
+        url.searchParams.set('scope', CLAUDE_SCOPES.join(' '));
+        url.searchParams.set('code_challenge', codeChallenge);
+        url.searchParams.set('code_challenge_method', 'S256');
+        url.searchParams.set('state', state);
+        // Store session in memory (state is sessionId)
+        await this.storeLoginSession({
+            sessionId: state,
+            state,
+            codeVerifier: this.encrypt(codeVerifier),
+            provider: 'claude',
+            redirectUri: manualRedirectUri,
+            expiresAt: new Date(Date.now() + 15 * 60 * 1000),
+        });
+        logger_1.default.info('Claude OAuth manual login started', { baseUrl, state });
+        return {
+            loginUrl: url.toString(),
+            state,
+        };
+    }
+    /**
+     * Complete Claude OAuth login with manual code entry
+     * Accepts full callback URL or just the authorization code
+     */
+    async completeLoginFromCallback(code, state) {
+        // 1. Validate session
+        const session = await this.getLoginSession(state);
+        if (!session) {
+            throw new Error('Login session expired or not found. Please restart the login process.');
+        }
+        if (session.state !== state) {
+            await this.deleteLoginSession(state);
+            throw new Error('Invalid authentication state. Please restart the login process.');
+        }
+        // 2. Validate code
+        if (!code || code.trim().length === 0) {
+            await this.deleteLoginSession(state);
+            throw new Error('Invalid authorization code. Please copy the full callback URL.');
+        }
+        const codeVerifier = this.decrypt(session.codeVerifier);
+        // 3. Exchange code for tokens (with error handling)
+        try {
+            const tokenResponse = await fetch(CLAUDE_TOKEN_URL, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                    grant_type: 'authorization_code',
+                    code: code.trim(),
+                    redirect_uri: session.redirectUri || MANUAL_REDIRECT_URL,
+                    client_id: CLAUDE_CLIENT_ID,
+                    code_verifier: codeVerifier,
+                    state: state, // WICHTIG: State muss auch beim Token-Exchange mitgesendet werden!
+                }),
+            });
+            if (!tokenResponse.ok) {
+                const error = await tokenResponse.text();
+                throw new Error(`Token exchange failed: ${error}`);
+            }
+            const tokens = (await tokenResponse.json());
+            // 4. Fetch user profile
+            const profileResponse = await fetch(CLAUDE_PROFILE_URL, {
+                headers: { Authorization: `Bearer ${tokens.access_token}` },
+            });
+            const profile = profileResponse.ok
+                ? (await profileResponse.json())
+                : {};
+            // 5. Create directory structure
+            await promises_1.default.mkdir(this.claudeConfigDir, { recursive: true, mode: 0o700 });
+            // 6. Write credentials to file (like native Claude CLI)
+            const credentialsPath = path_1.default.join(this.claudeConfigDir, '.credentials.json');
+            const credentialsData = {
+                accessToken: tokens.access_token,
+                refreshToken: tokens.refresh_token,
+                expiresAt: Date.now() + tokens.expires_in * 1000,
+                issuedAt: Date.now(),
+                scopes: tokens.scope?.split(' '),
+                subscriptionType: profile.organization?.organization_type,
+                rateLimitTier: profile.rate_limit_tier,
+            };
+            await promises_1.default.writeFile(credentialsPath, JSON.stringify(credentialsData, null, 2), { encoding: 'utf8', mode: 0o600 });
+            logger_1.default.info('Claude credentials written to file');
+            // 7. Store in database
+            const authToken = await models_1.AuthToken.create({
+                provider: 'claude',
+                accessToken: this.encrypt(tokens.access_token),
+                refreshToken: tokens.refresh_token ? this.encrypt(tokens.refresh_token) : undefined,
+                tokenType: tokens.token_type,
+                expiresAt: new Date(Date.now() + tokens.expires_in * 1000),
+                issuedAt: new Date(),
+                scopes: tokens.scope?.split(' '),
+                email: profile.account?.email,
+                organization: profile.organization?.name,
+                isActive: true,
+            });
+            // 8. Cleanup session
+            await this.deleteLoginSession(state);
+            logger_1.default.info('Claude OAuth manual login completed', { tokenId: authToken.id });
+            return authToken;
+        }
+        catch (error) {
+            // Cleanup session on failure
+            await this.deleteLoginSession(state);
+            throw error;
+        }
+    }
+}
+exports.ClaudeAuthService = ClaudeAuthService;
+exports.default = ClaudeAuthService;
+//# sourceMappingURL=ClaudeAuthService.js.map

package/backend/dist/services/auth/ClaudeAuthService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ClaudeAuthService.js","sourceRoot":"","sources":["../../../src/services/auth/ClaudeAuthService.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,2DAA6B;AAC7B,oDAA4B;AAC5B,uDAAoD;AACpD,yCAAyC;AACzC,+CAAiF;AACjF,2EAA8C;AAC9C,gEAAwC;AAExC,MAAM,gBAAgB,GAAG,sCAAsC,CAAC;AAChE,MAAM,aAAa,GAAG;IACpB,oBAAoB;IACpB,cAAc;IACd,gBAAgB;IAChB,2BAA2B;CAC5B,CAAC;AACF,MAAM,gBAAgB,GAAG,8CAA8C,CAAC;AACxE,MAAM,kBAAkB,GAAG,6CAA6C,CAAC;AACzE,MAAM,mBAAmB,GAAG,mDAAmD,CAAC;AAChF,MAAM,uBAAuB,GAAG,mCAAmC,CAAC;AACpE,MAAM,qBAAqB,GAAG,+CAA+C,CAAC;AAqB9E,MAAa,iBAAkB,SAAQ,iCAAe;IAGpD;QACE,KAAK,CAAC,QAAQ,CAAC,CAAC;QAChB,IAAI,CAAC,eAAe,GAAG,cAAI,CAAC,IAAI,CAAC,qBAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC9D,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,kBAAkB,CAAC,KAAa;QACrC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QAExB,IAAI,IAAwB,CAAC;QAC7B,IAAI,KAAyB,CAAC;QAE9B,MAAM,MAAM,GAAG,CAAC,SAAwB,EAAE,UAAyB,EAAE,EAAE;YACrE,MAAM,WAAW,GAAG,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAC5C,MAAM,YAAY,GAAG,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAC9C,IAAI,CAAC,IAAI,IAAI,WAAW;gBAAE,IAAI,GAAG,WAAW,CAAC;YAC7C,IAAI,CAAC,KAAK,IAAI,YAAY;gBAAE,KAAK,GAAG,YAAY,CAAC;QACnD,CAAC,CAAC;QAEF,qBAAqB;QACrB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;YAC7B,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;YACpE,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;YACrE,IAAI,IAAI,EAAE,CAAC;gBACT,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACvB,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC;oBAC7C,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;gBAC1D,CAAC;qBAAM,IAAI,CAAC,KAAK,EAAE,CAAC;oBAClB,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBACtB,CAAC;YACH,CAAC;YACD,IAAI,IAAI,IAAI,KAAK;gBAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;QAED,0CAA0C;QAC1C,MAAM,CAAC,UAAU,EAAE,GAAG,SAAS,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAClF,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,UAAU,CAAC,CAAC;YAC/C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;QAClD,CAAC;QAED,+CAA+C;QAC/C,IAAI,CAAC,IAAI,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAClF,IAAI,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC3B,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,QAAQ,CAAC,CAAC;gBACjD,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;YAC1D,CAAC;iBAAM,IAAI,CAAC,KAAK,EAAE,CAAC;gBAClB,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,OAEhB;QAKC,MAAM,YAAY,GAAG,IAAA,6BAAoB,GAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,IAAA,8BAAqB,EAAC,YAAY,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,gBAAM,CAAC,UAAU,EAAE,CAAC;QAElC,MAAM,OAAO,GAAG,OAAO,CAAC,iBAAiB;YACvC,CAAC,CAAC,mCAAmC;YACrC,CAAC,CAAC,+CAA+C,CAAC;QAEpD,MAAM,WAAW,GAAG,sCAAsC,CAAC;QAE3D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QACpD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACvD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;QACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAErC,MAAM,SAAS,GAAG,gBAAM,CAAC,UAAU,EAAE,CAAC;QACtC,MAAM,IAAI,CAAC,iBAAiB,CAAC;YAC3B,SAAS;YACT,KAAK;YACL,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC;YACxC,QAAQ,EAAE,QAAQ;YAClB,WAAW;YACX,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;SACjD,CAAC,CAAC;QAEH,gBAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QAE3E,OAAO;YACL,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE;YACxB,SAAS;YACT,KAAK;SACN,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,MAInB;QACC,mBAAmB;QACnB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC7D,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAExD,2BAA2B;QAC3B,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;YAClD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,oBAAoB;gBAChC,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,YAAY,EAAE,OAAO,CAAC,WAAW,IAAI,sCAAsC;gBAC3E,SAAS,EAAE,gBAAgB;gBAC3B,aAAa,EAAE,YAAY;aAC5B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAAwB,CAAC;QAEnE,qBAAqB;QACrB,MAAM,eAAe,GAAG,MAAM,KAAK,CAAC,kBAAkB,EAAE;YACtD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,MAAM,CAAC,YAAY,EAAE,EAAE;SAC5D,CAAC,CAAC;QAEH,MAAM,OAAO,GAAkB,eAAe,CAAC,EAAE;YAC/C,CAAC,CAAE,CAAC,MAAM,eAAe,CAAC,IAAI,EAAE,CAAmB;YACnD,CAAC,CAAC,EAAE,CAAC;QAEP,gCAAgC;QAChC,MAAM,kBAAE,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAEvE,wDAAwD;QACxD,MAAM,eAAe,GAAG,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,mBAAmB,CAAC,CAAC;QAC7E,MAAM,eAAe,GAAG;YACtB,WAAW,EAAE,MAAM,CAAC,YAAY;YAChC,YAAY,EAAE,MAAM,CAAC,aAAa;YAClC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;YAChD,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;YACpB,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC;YAChC,gBAAgB,EAAE,OAAO,CAAC,YAAY,EAAE,iBAAiB;YACzD,aAAa,EAAE,OAAO,CAAC,eAAe;SACvC,CAAC;QAEF,MAAM,kBAAE,CAAC,SAAS,CAChB,eAAe,EACf,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC,EACxC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAClC,CAAC;QAEF,gBAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAElD,2CAA2C;QAC3C,MAAM,SAAS,GAAG,MAAM,kBAAS,CAAC,MAAM,CAAC;YACvC,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC;YAC9C,YAAY,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS;YACnF,SAAS,EAAE,MAAM,CAAC,UAAU;YAC5B,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;YAC1D,QAAQ,EAAE,IAAI,IAAI,EAAE;YACpB,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC;YAChC,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,KAAK;YAC7B,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,IAAI;YACxC,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;QAEH,kBAAkB;QAClB,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEhD,gBAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,EAAE,CAAC,CAAC;QAEvE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,eAAe,GAAG,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,mBAAmB,CAAC,CAAC;QAE7E,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAElC,+BAA+B;YAC/B,IAAI,SAAS,GAAG,MAAM,kBAAS,CAAC,OAAO,CAAC;gBACtC,KAAK,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE;aAC9C,CAAC,CAAC;YAEH,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,mBAAmB;gBACnB,SAAS,GAAG,MAAM,kBAAS,CAAC,MAAM,CAAC;oBACjC,QAAQ,EAAE,QAAQ;oBAClB,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;oBAC5C,YAAY,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS;oBAC/E,SAAS,EAAE,QAAQ;oBACnB,SAAS,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;oBACpC,QAAQ,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;oBAClC,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,QAAQ,EAAE,IAAI;iBACf,CAAC,CAAC;gBAEH,gBAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;YAC5E,CAAC;YAED,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAK,KAAa,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC/D,gBAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7E,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,KAAgB;QAKjC,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,qBAAqB,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAE/D,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;YAClD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,qBAAqB;gBACpC,SAAS,EAAE,gBAAgB;aAC5B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAAwB,CAAC;QAEnE,gBAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QAEnD,OAAO;YACL,WAAW,EAAE,MAAM,CAAC,YAAY;YAChC,YAAY,EAAE,MAAM,CAAC,aAAa;YAClC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;SAC3D,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS;QAOb,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAE1C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,KAAK,CAAC,EAAE;YACjB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,iBAAiB,EAAE,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,gBAAgB,CAAC,IAAI,KAAK;SACrE,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sBAAsB,CAC1B,YAAqB,EACrB,iBAAiB,GAAG,IAAI;QAKxB,MAAM,YAAY,GAAG,IAAA,6BAAoB,GAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,IAAA,8BAAqB,EAAC,YAAY,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,gBAAM,CAAC,UAAU,EAAE,CAAC;QAElC,2DAA2D;QAC3D,MAAM,iBAAiB,GAAG,mBAAmB,CAAC;QAE9C,gCAAgC;QAChC,MAAM,OAAO,GAAG,iBAAiB,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,qBAAqB,CAAC;QAEpF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QACpD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,iBAAiB,CAAC,CAAC;QACxD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACvD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;QACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAErC,+CAA+C;QAC/C,MAAM,IAAI,CAAC,iBAAiB,CAAC;YAC3B,SAAS,EAAE,KAAK;YAChB,KAAK;YACL,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC;YACxC,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,iBAAiB;YAC9B,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;SACjD,CAAC,CAAC;QAEH,gBAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QAErE,OAAO;YACL,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE;YACxB,KAAK;SACN,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,yBAAyB,CAAC,IAAY,EAAE,KAAa;QACzD,sBAAsB;QACtB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;QAC3F,CAAC;QAED,IAAI,OAAO,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;YAC5B,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACrF,CAAC;QAED,mBAAmB;QACnB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;QACpF,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAExD,oDAAoD;QACpD,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;gBAClD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,UAAU,EAAE,oBAAoB;oBAChC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;oBACjB,YAAY,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;oBACxD,SAAS,EAAE,gBAAgB;oBAC3B,aAAa,EAAE,YAAY;oBAC3B,KAAK,EAAE,KAAK,EAAG,mEAAmE;iBACnF,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;gBACtB,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;YACrD,CAAC;YAED,MAAM,MAAM,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAAwB,CAAC;YAEnE,wBAAwB;YACxB,MAAM,eAAe,GAAG,MAAM,KAAK,CAAC,kBAAkB,EAAE;gBACtD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,MAAM,CAAC,YAAY,EAAE,EAAE;aAC5D,CAAC,CAAC;YAEH,MAAM,OAAO,GAAkB,eAAe,CAAC,EAAE;gBAC/C,CAAC,CAAE,CAAC,MAAM,eAAe,CAAC,IAAI,EAAE,CAAmB;gBACnD,CAAC,CAAC,EAAE,CAAC;YAEP,gCAAgC;YAChC,MAAM,kBAAE,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAEvE,wDAAwD;YACxD,MAAM,eAAe,GAAG,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,mBAAmB,CAAC,CAAC;YAC7E,MAAM,eAAe,GAAG;gBACtB,WAAW,EAAE,MAAM,CAAC,YAAY;gBAChC,YAAY,EAAE,MAAM,CAAC,aAAa;gBAClC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;gBAChD,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;gBACpB,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC;gBAChC,gBAAgB,EAAE,OAAO,CAAC,YAAY,EAAE,iBAAiB;gBACzD,aAAa,EAAE,OAAO,CAAC,eAAe;aACvC,CAAC;YAEF,MAAM,kBAAE,CAAC,SAAS,CAChB,eAAe,EACf,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC,EACxC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAClC,CAAC;YAEF,gBAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;YAElD,uBAAuB;YACvB,MAAM,SAAS,GAAG,MAAM,kBAAS,CAAC,MAAM,CAAC;gBACvC,QAAQ,EAAE,QAAQ;gBAClB,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC;gBAC9C,YAAY,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS;gBACnF,SAAS,EAAE,MAAM,CAAC,UAAU;gBAC5B,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;gBAC1D,QAAQ,EAAE,IAAI,IAAI,EAAE;gBACpB,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC;gBAChC,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,KAAK;gBAC7B,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,IAAI;gBACxC,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;YAEH,qBAAqB;YACrB,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAErC,gBAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,EAAE,CAAC,CAAC;YAE9E,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,6BAA6B;YAC7B,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;YACrC,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF;AAtdD,8CAsdC;AAED,kBAAe,iBAAiB,CAAC"}

package/backend/dist/services/auth/CodexAuthService.d.ts

@@ -0,0 +1,37 @@
+import { BaseAuthService } from './BaseAuthService';
+import { AuthToken } from '../../models';
+export declare class CodexAuthService extends BaseAuthService {
+    private codexHome;
+    constructor();
+    /**
+     * Start Codex Device Auth flow
+     */
+    startLogin(): Promise<{
+        deviceAuthId: string;
+        userCode: string;
+        verificationUrl: string;
+        intervalSeconds: number;
+        expiresIn: number;
+    }>;
+    /**
+     * Poll for device auth token
+     */
+    pollForToken(params: {
+        deviceAuthId: string;
+        userCode: string;
+    }): Promise<AuthToken>;
+    /**
+     * Load credentials from file on server startup
+     */
+    loadFromFile(): Promise<AuthToken | null>;
+    /**
+     * Get current authentication status
+     */
+    getStatus(): Promise<{
+        loggedIn: boolean;
+        tokenId?: string;
+        email?: string;
+    }>;
+}
+export default CodexAuthService;
+//# sourceMappingURL=CodexAuthService.d.ts.map

package/backend/dist/services/auth/CodexAuthService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CodexAuthService.d.ts","sourceRoot":"","sources":["../../../src/services/auth/CodexAuthService.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAmCzC,qBAAa,gBAAiB,SAAQ,eAAe;IACnD,OAAO,CAAC,SAAS,CAAS;;IAO1B;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC;QAC1B,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,EAAE,MAAM,CAAC;QACjB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IAmCF;;OAEG;IACG,YAAY,CAAC,MAAM,EAAE;QACzB,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC,SAAS,CAAC;IA6FtB;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAmC/C;;OAEG;IACG,SAAS,IAAI,OAAO,CAAC;QACzB,QAAQ,EAAE,OAAO,CAAC;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CAaH;AAED,eAAe,gBAAgB,CAAC"}

package/backend/dist/services/auth/CodexAuthService.js

@@ -0,0 +1,186 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CodexAuthService = void 0;
+const path_1 = __importDefault(require("path"));
+const promises_1 = __importDefault(require("fs/promises"));
+const BaseAuthService_1 = require("./BaseAuthService");
+const models_1 = require("../../models");
+const crypto_1 = require("../../utils/crypto");
+const environment_1 = __importDefault(require("../../config/environment"));
+const logger_1 = __importDefault(require("../../utils/logger"));
+const CODEX_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
+const CODEX_ISSUER = 'https://auth.openai.com';
+/**
+ * Construct the verification URL for device auth
+ */
+function getVerificationUrl(issuer) {
+    const normalized = issuer.replace(/\/+$/g, '');
+    return `${normalized}/codex/device`;
+}
+class CodexAuthService extends BaseAuthService_1.BaseAuthService {
+    constructor() {
+        super('codex');
+        this.codexHome = path_1.default.join(environment_1.default.DATA_DIR, 'codex');
+    }
+    /**
+     * Start Codex Device Auth flow
+     */
+    async startLogin() {
+        const response = await fetch(`${CODEX_ISSUER}/api/accounts/deviceauth/usercode`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                client_id: CODEX_CLIENT_ID,
+            }),
+        });
+        if (!response.ok) {
+            const error = await response.text();
+            throw new Error(`Failed to start device auth: ${error}`);
+        }
+        const data = (await response.json());
+        const verificationUrl = getVerificationUrl(CODEX_ISSUER);
+        // OpenAI doesn't return expires_in, so we use a default of 15 minutes
+        const expiresIn = data.expires_in || (15 * 60);
+        logger_1.default.info('Codex device auth started', {
+            userCode: data.user_code,
+            expiresIn,
+            verificationUrl
+        });
+        return {
+            deviceAuthId: data.device_auth_id,
+            userCode: data.user_code,
+            verificationUrl,
+            intervalSeconds: parseInt(data.interval) || 5,
+            expiresIn,
+        };
+    }
+    /**
+     * Poll for device auth token
+     */
+    async pollForToken(params) {
+        // Poll device token endpoint
+        const deviceTokenResponse = await fetch(`${CODEX_ISSUER}/api/accounts/deviceauth/token`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                device_auth_id: params.deviceAuthId,
+                user_code: params.userCode,
+            }),
+        });
+        logger_1.default.debug('Device token poll response', {
+            status: deviceTokenResponse.status,
+            ok: deviceTokenResponse.ok
+        });
+        if (!deviceTokenResponse.ok) {
+            // OpenAI returns 403 or 404 when device auth is pending
+            if (deviceTokenResponse.status === 400 || deviceTokenResponse.status === 403 || deviceTokenResponse.status === 404) {
+                throw new Error('Device auth not yet approved');
+            }
+            const error = await deviceTokenResponse.text();
+            logger_1.default.error('Device token poll failed', { status: deviceTokenResponse.status, error });
+            throw new Error(`Failed to poll device token: ${error}`);
+        }
+        const deviceTokens = (await deviceTokenResponse.json());
+        // Exchange for OAuth tokens
+        // OAuth token endpoints expect application/x-www-form-urlencoded
+        const tokenBody = new URLSearchParams();
+        tokenBody.set('grant_type', 'authorization_code');
+        tokenBody.set('code', deviceTokens.authorization_code);
+        tokenBody.set('redirect_uri', `${CODEX_ISSUER}/deviceauth/callback`);
+        tokenBody.set('client_id', CODEX_CLIENT_ID);
+        tokenBody.set('code_verifier', deviceTokens.code_verifier);
+        const tokenResponse = await fetch(`${CODEX_ISSUER}/oauth/token`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: tokenBody.toString(),
+        });
+        if (!tokenResponse.ok) {
+            const error = await tokenResponse.text();
+            logger_1.default.error('Token exchange failed', { status: tokenResponse.status, error });
+            throw new Error(`Failed to exchange tokens: ${error}`);
+        }
+        const tokens = (await tokenResponse.json());
+        // Decode JWT for user info
+        const claims = (0, crypto_1.decodeJWT)(tokens.id_token);
+        // 1. Create directory structure
+        await promises_1.default.mkdir(this.codexHome, { recursive: true, mode: 0o700 });
+        // 2. Write auth.json (like native Codex CLI)
+        const authPath = path_1.default.join(this.codexHome, 'auth.json');
+        const authData = {
+            tokens: {
+                id_token: tokens.id_token,
+                access_token: tokens.access_token,
+                refresh_token: tokens.refresh_token,
+                account_id: claims.account_id || claims.sub,
+            },
+            last_refresh: new Date().toISOString(),
+        };
+        await promises_1.default.writeFile(authPath, JSON.stringify(authData, null, 2), { encoding: 'utf8', mode: 0o600 });
+        logger_1.default.info('Codex credentials written to file');
+        // 3. Store in database
+        const authToken = await models_1.AuthToken.create({
+            provider: 'codex',
+            accessToken: this.encrypt(tokens.access_token),
+            refreshToken: this.encrypt(tokens.refresh_token),
+            tokenType: 'Bearer',
+            issuedAt: new Date(),
+            email: claims.email,
+            isActive: true,
+        });
+        logger_1.default.info('Codex device auth completed', { tokenId: authToken.id });
+        return authToken;
+    }
+    /**
+     * Load credentials from file on server startup
+     */
+    async loadFromFile() {
+        const authPath = path_1.default.join(this.codexHome, 'auth.json');
+        try {
+            const content = await promises_1.default.readFile(authPath, 'utf8');
+            const auth = JSON.parse(content);
+            // Check if already in database
+            let authToken = await models_1.AuthToken.findOne({
+                where: { provider: 'codex', isActive: true },
+            });
+            if (!authToken) {
+                // Create from file
+                authToken = await models_1.AuthToken.create({
+                    provider: 'codex',
+                    accessToken: this.encrypt(auth.tokens.access_token),
+                    refreshToken: this.encrypt(auth.tokens.refresh_token),
+                    tokenType: 'Bearer',
+                    issuedAt: new Date(auth.last_refresh),
+                    isActive: true,
+                });
+                logger_1.default.info('Codex credentials loaded from file and synced to database');
+            }
+            return authToken;
+        }
+        catch (error) {
+            if (error instanceof Error && error.code !== 'ENOENT') {
+                logger_1.default.warn('Failed to load Codex credentials from file:', error.message);
+            }
+            return null;
+        }
+    }
+    /**
+     * Get current authentication status
+     */
+    async getStatus() {
+        const token = await this.getActiveToken();
+        if (!token) {
+            return { loggedIn: false };
+        }
+        return {
+            loggedIn: true,
+            tokenId: token.id,
+            email: token.email,
+        };
+    }
+}
+exports.CodexAuthService = CodexAuthService;
+exports.default = CodexAuthService;
+//# sourceMappingURL=CodexAuthService.js.map

package/backend/dist/services/auth/CodexAuthService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CodexAuthService.js","sourceRoot":"","sources":["../../../src/services/auth/CodexAuthService.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,2DAA6B;AAC7B,uDAAoD;AACpD,yCAAyC;AACzC,+CAA+C;AAC/C,2EAA8C;AAC9C,gEAAwC;AAExC,MAAM,eAAe,GAAG,8BAA8B,CAAC;AACvD,MAAM,YAAY,GAAG,yBAAyB,CAAC;AAE/C;;GAEG;AACH,SAAS,kBAAkB,CAAC,MAAc;IACxC,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC/C,OAAO,GAAG,UAAU,eAAe,CAAC;AACtC,CAAC;AAqBD,MAAa,gBAAiB,SAAQ,iCAAe;IAGnD;QACE,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,SAAS,GAAG,cAAI,CAAC,IAAI,CAAC,qBAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QAOd,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,mCAAmC,EAAE;YAC/E,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,eAAe;aAC3B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,gCAAgC,KAAK,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAChE,MAAM,eAAe,GAAG,kBAAkB,CAAC,YAAY,CAAC,CAAC;QAEzD,sEAAsE;QACtE,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAE/C,gBAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACvC,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,SAAS;YACT,eAAe;SAChB,CAAC,CAAC;QAEH,OAAO;YACL,YAAY,EAAE,IAAI,CAAC,cAAc;YACjC,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,eAAe;YACf,eAAe,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC7C,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,MAGlB;QACC,6BAA6B;QAC7B,MAAM,mBAAmB,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,gCAAgC,EAAE;YACvF,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,cAAc,EAAE,MAAM,CAAC,YAAY;gBACnC,SAAS,EAAE,MAAM,CAAC,QAAQ;aAC3B,CAAC;SACH,CAAC,CAAC;QAEH,gBAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE;YACzC,MAAM,EAAE,mBAAmB,CAAC,MAAM;YAClC,EAAE,EAAE,mBAAmB,CAAC,EAAE;SAC3B,CAAC,CAAC;QAEH,IAAI,CAAC,mBAAmB,CAAC,EAAE,EAAE,CAAC;YAC5B,wDAAwD;YACxD,IAAI,mBAAmB,CAAC,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnH,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;YAClD,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,mBAAmB,CAAC,IAAI,EAAE,CAAC;YAC/C,gBAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,MAAM,EAAE,mBAAmB,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACxF,MAAM,IAAI,KAAK,CAAC,gCAAgC,KAAK,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,YAAY,GAAG,CAAC,MAAM,mBAAmB,CAAC,IAAI,EAAE,CAA6B,CAAC;QAEpF,4BAA4B;QAC5B,iEAAiE;QACjE,MAAM,SAAS,GAAG,IAAI,eAAe,EAAE,CAAC;QACxC,SAAS,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;QAClD,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,kBAAkB,CAAC,CAAC;QACvD,SAAS,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,YAAY,sBAAsB,CAAC,CAAC;QACrE,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;QAC5C,SAAS,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,aAAa,CAAC,CAAC;QAE3D,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,cAAc,EAAE;YAC/D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,SAAS,CAAC,QAAQ,EAAE;SAC3B,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YACzC,gBAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/E,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAA4B,CAAC;QAEvE,2BAA2B;QAC3B,MAAM,MAAM,GAAG,IAAA,kBAAS,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAE1C,gCAAgC;QAChC,MAAM,kBAAE,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAEjE,6CAA6C;QAC7C,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG;YACf,MAAM,EAAE;gBACN,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,GAAG;aAC5C;YACD,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACvC,CAAC;QAEF,MAAM,kBAAE,CAAC,SAAS,CAChB,QAAQ,EACR,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EACjC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAClC,CAAC;QAEF,gBAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QAEjD,uBAAuB;QACvB,MAAM,SAAS,GAAG,MAAM,kBAAS,CAAC,MAAM,CAAC;YACvC,QAAQ,EAAE,OAAO;YACjB,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC;YAC9C,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC;YAChD,SAAS,EAAE,QAAQ;YACnB,QAAQ,EAAE,IAAI,IAAI,EAAE;YACpB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;QAEH,gBAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,EAAE,CAAC,CAAC;QAEtE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAExD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YACpD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEjC,+BAA+B;YAC/B,IAAI,SAAS,GAAG,MAAM,kBAAS,CAAC,OAAO,CAAC;gBACtC,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE;aAC7C,CAAC,CAAC;YAEH,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,mBAAmB;gBACnB,SAAS,GAAG,MAAM,kBAAS,CAAC,MAAM,CAAC;oBACjC,QAAQ,EAAE,OAAO;oBACjB,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;oBACnD,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;oBACrD,SAAS,EAAE,QAAQ;oBACnB,QAAQ,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC;oBACrC,QAAQ,EAAE,IAAI;iBACf,CAAC,CAAC;gBAEH,gBAAM,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;YAC3E,CAAC;YAED,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAK,KAAa,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC/D,gBAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YAC5E,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS;QAKb,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAE1C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,KAAK,CAAC,EAAE;YACjB,KAAK,EAAE,KAAK,CAAC,KAAK;SACnB,CAAC;IACJ,CAAC;CACF;AAjND,4CAiNC;AAED,kBAAe,gBAAgB,CAAC"}