@code-rag/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +19 -0
- package/dist/auth/audit-log.d.ts +35 -0
- package/dist/auth/audit-log.js +110 -0
- package/dist/auth/audit-log.js.map +1 -0
- package/dist/auth/audit-log.test.d.ts +1 -0
- package/dist/auth/audit-log.test.js +261 -0
- package/dist/auth/audit-log.test.js.map +1 -0
- package/dist/auth/index.d.ts +6 -0
- package/dist/auth/index.js +5 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/oidc-provider.d.ts +49 -0
- package/dist/auth/oidc-provider.js +358 -0
- package/dist/auth/oidc-provider.js.map +1 -0
- package/dist/auth/oidc-provider.test.d.ts +1 -0
- package/dist/auth/oidc-provider.test.js +520 -0
- package/dist/auth/oidc-provider.test.js.map +1 -0
- package/dist/auth/rbac.d.ts +29 -0
- package/dist/auth/rbac.js +75 -0
- package/dist/auth/rbac.js.map +1 -0
- package/dist/auth/rbac.test.d.ts +1 -0
- package/dist/auth/rbac.test.js +224 -0
- package/dist/auth/rbac.test.js.map +1 -0
- package/dist/auth/saml-provider.d.ts +51 -0
- package/dist/auth/saml-provider.js +355 -0
- package/dist/auth/saml-provider.js.map +1 -0
- package/dist/auth/saml-provider.test.d.ts +1 -0
- package/dist/auth/saml-provider.test.js +422 -0
- package/dist/auth/saml-provider.test.js.map +1 -0
- package/dist/auth/types.d.ts +81 -0
- package/dist/auth/types.js +11 -0
- package/dist/auth/types.js.map +1 -0
- package/dist/auth/types.test.d.ts +1 -0
- package/dist/auth/types.test.js +147 -0
- package/dist/auth/types.test.js.map +1 -0
- package/dist/backlog/ab-reference-scanner.d.ts +10 -0
- package/dist/backlog/ab-reference-scanner.js +22 -0
- package/dist/backlog/ab-reference-scanner.js.map +1 -0
- package/dist/backlog/ab-reference-scanner.test.d.ts +1 -0
- package/dist/backlog/ab-reference-scanner.test.js +83 -0
- package/dist/backlog/ab-reference-scanner.test.js.map +1 -0
- package/dist/backlog/azure-devops-provider.d.ts +59 -0
- package/dist/backlog/azure-devops-provider.js +283 -0
- package/dist/backlog/azure-devops-provider.js.map +1 -0
- package/dist/backlog/backlog-provider.d.ts +13 -0
- package/dist/backlog/backlog-provider.js +6 -0
- package/dist/backlog/backlog-provider.js.map +1 -0
- package/dist/backlog/backlog-provider.test.d.ts +1 -0
- package/dist/backlog/backlog-provider.test.js +426 -0
- package/dist/backlog/backlog-provider.test.js.map +1 -0
- package/dist/backlog/clickup-provider.d.ts +55 -0
- package/dist/backlog/clickup-provider.js +301 -0
- package/dist/backlog/clickup-provider.js.map +1 -0
- package/dist/backlog/clickup-provider.test.d.ts +1 -0
- package/dist/backlog/clickup-provider.test.js +426 -0
- package/dist/backlog/clickup-provider.test.js.map +1 -0
- package/dist/backlog/clickup-reference-scanner.d.ts +10 -0
- package/dist/backlog/clickup-reference-scanner.js +32 -0
- package/dist/backlog/clickup-reference-scanner.js.map +1 -0
- package/dist/backlog/clickup-reference-scanner.test.d.ts +1 -0
- package/dist/backlog/clickup-reference-scanner.test.js +92 -0
- package/dist/backlog/clickup-reference-scanner.test.js.map +1 -0
- package/dist/backlog/code-linker.d.ts +63 -0
- package/dist/backlog/code-linker.js +90 -0
- package/dist/backlog/code-linker.js.map +1 -0
- package/dist/backlog/code-linker.test.d.ts +1 -0
- package/dist/backlog/code-linker.test.js +325 -0
- package/dist/backlog/code-linker.test.js.map +1 -0
- package/dist/backlog/index.d.ts +14 -0
- package/dist/backlog/index.js +8 -0
- package/dist/backlog/index.js.map +1 -0
- package/dist/backlog/jira-provider.d.ts +60 -0
- package/dist/backlog/jira-provider.js +272 -0
- package/dist/backlog/jira-provider.js.map +1 -0
- package/dist/backlog/jira-provider.test.d.ts +1 -0
- package/dist/backlog/jira-provider.test.js +449 -0
- package/dist/backlog/jira-provider.test.js.map +1 -0
- package/dist/backlog/jira-reference-scanner.d.ts +11 -0
- package/dist/backlog/jira-reference-scanner.js +26 -0
- package/dist/backlog/jira-reference-scanner.js.map +1 -0
- package/dist/backlog/jira-reference-scanner.test.d.ts +1 -0
- package/dist/backlog/jira-reference-scanner.test.js +127 -0
- package/dist/backlog/jira-reference-scanner.test.js.map +1 -0
- package/dist/backlog/types.d.ts +22 -0
- package/dist/backlog/types.js +1 -0
- package/dist/backlog/types.js.map +1 -0
- package/dist/chunker/ast-chunker.d.ts +45 -0
- package/dist/chunker/ast-chunker.js +292 -0
- package/dist/chunker/ast-chunker.js.map +1 -0
- package/dist/chunker/ast-chunker.test.d.ts +1 -0
- package/dist/chunker/ast-chunker.test.js +391 -0
- package/dist/chunker/ast-chunker.test.js.map +1 -0
- package/dist/chunker/chunker.d.ts +8 -0
- package/dist/chunker/chunker.js +1 -0
- package/dist/chunker/chunker.js.map +1 -0
- package/dist/chunker/index.d.ts +3 -0
- package/dist/chunker/index.js +2 -0
- package/dist/chunker/index.js.map +1 -0
- package/dist/config/config-parser.d.ts +15 -0
- package/dist/config/config-parser.js +283 -0
- package/dist/config/config-parser.js.map +1 -0
- package/dist/config/config-parser.test.d.ts +1 -0
- package/dist/config/config-parser.test.js +699 -0
- package/dist/config/config-parser.test.js.map +1 -0
- package/dist/docs/confluence-provider.d.ts +121 -0
- package/dist/docs/confluence-provider.js +459 -0
- package/dist/docs/confluence-provider.js.map +1 -0
- package/dist/docs/confluence-provider.test.d.ts +1 -0
- package/dist/docs/confluence-provider.test.js +765 -0
- package/dist/docs/confluence-provider.test.js.map +1 -0
- package/dist/docs/index.d.ts +4 -0
- package/dist/docs/index.js +2 -0
- package/dist/docs/index.js.map +1 -0
- package/dist/docs/sharepoint-provider.d.ts +150 -0
- package/dist/docs/sharepoint-provider.js +637 -0
- package/dist/docs/sharepoint-provider.js.map +1 -0
- package/dist/docs/sharepoint-provider.test.d.ts +1 -0
- package/dist/docs/sharepoint-provider.test.js +873 -0
- package/dist/docs/sharepoint-provider.test.js.map +1 -0
- package/dist/embedding/bm25-index.d.ts +12 -0
- package/dist/embedding/bm25-index.js +89 -0
- package/dist/embedding/bm25-index.js.map +1 -0
- package/dist/embedding/bm25-index.test.d.ts +1 -0
- package/dist/embedding/bm25-index.test.js +289 -0
- package/dist/embedding/bm25-index.test.js.map +1 -0
- package/dist/embedding/hybrid-search.d.ts +13 -0
- package/dist/embedding/hybrid-search.js +124 -0
- package/dist/embedding/hybrid-search.js.map +1 -0
- package/dist/embedding/hybrid-search.test.d.ts +1 -0
- package/dist/embedding/hybrid-search.test.js +266 -0
- package/dist/embedding/hybrid-search.test.js.map +1 -0
- package/dist/embedding/index.d.ts +11 -0
- package/dist/embedding/index.js +7 -0
- package/dist/embedding/index.js.map +1 -0
- package/dist/embedding/lancedb-store.d.ts +21 -0
- package/dist/embedding/lancedb-store.js +172 -0
- package/dist/embedding/lancedb-store.js.map +1 -0
- package/dist/embedding/lancedb-store.test.d.ts +1 -0
- package/dist/embedding/lancedb-store.test.js +268 -0
- package/dist/embedding/lancedb-store.test.js.map +1 -0
- package/dist/embedding/model-lifecycle-manager.d.ts +83 -0
- package/dist/embedding/model-lifecycle-manager.js +419 -0
- package/dist/embedding/model-lifecycle-manager.js.map +1 -0
- package/dist/embedding/model-lifecycle-manager.test.d.ts +1 -0
- package/dist/embedding/model-lifecycle-manager.test.js +642 -0
- package/dist/embedding/model-lifecycle-manager.test.js.map +1 -0
- package/dist/embedding/ollama-embedding-provider.d.ts +16 -0
- package/dist/embedding/ollama-embedding-provider.js +74 -0
- package/dist/embedding/ollama-embedding-provider.js.map +1 -0
- package/dist/embedding/ollama-embedding-provider.test.d.ts +1 -0
- package/dist/embedding/ollama-embedding-provider.test.js +198 -0
- package/dist/embedding/ollama-embedding-provider.test.js.map +1 -0
- package/dist/embedding/openai-compatible-embedding-provider.d.ts +19 -0
- package/dist/embedding/openai-compatible-embedding-provider.js +108 -0
- package/dist/embedding/openai-compatible-embedding-provider.js.map +1 -0
- package/dist/embedding/openai-compatible-embedding-provider.test.d.ts +1 -0
- package/dist/embedding/openai-compatible-embedding-provider.test.js +456 -0
- package/dist/embedding/openai-compatible-embedding-provider.test.js.map +1 -0
- package/dist/embedding/qdrant-store.d.ts +28 -0
- package/dist/embedding/qdrant-store.js +174 -0
- package/dist/embedding/qdrant-store.js.map +1 -0
- package/dist/embedding/qdrant-store.test.d.ts +1 -0
- package/dist/embedding/qdrant-store.test.js +359 -0
- package/dist/embedding/qdrant-store.test.js.map +1 -0
- package/dist/enrichment/index.d.ts +4 -0
- package/dist/enrichment/index.js +2 -0
- package/dist/enrichment/index.js.map +1 -0
- package/dist/enrichment/nl-enricher.d.ts +16 -0
- package/dist/enrichment/nl-enricher.js +47 -0
- package/dist/enrichment/nl-enricher.js.map +1 -0
- package/dist/enrichment/nl-enricher.test.d.ts +1 -0
- package/dist/enrichment/nl-enricher.test.js +154 -0
- package/dist/enrichment/nl-enricher.test.js.map +1 -0
- package/dist/enrichment/ollama-client.d.ts +18 -0
- package/dist/enrichment/ollama-client.js +55 -0
- package/dist/enrichment/ollama-client.js.map +1 -0
- package/dist/enrichment/ollama-client.test.d.ts +1 -0
- package/dist/enrichment/ollama-client.test.js +129 -0
- package/dist/enrichment/ollama-client.test.js.map +1 -0
- package/dist/git/git-client.d.ts +22 -0
- package/dist/git/git-client.js +6 -0
- package/dist/git/git-client.js.map +1 -0
- package/dist/git/git-client.test.d.ts +1 -0
- package/dist/git/git-client.test.js +200 -0
- package/dist/git/git-client.test.js.map +1 -0
- package/dist/git/ignore-filter.d.ts +2 -0
- package/dist/git/ignore-filter.js +31 -0
- package/dist/git/ignore-filter.js.map +1 -0
- package/dist/git/ignore-filter.test.d.ts +1 -0
- package/dist/git/ignore-filter.test.js +87 -0
- package/dist/git/ignore-filter.test.js.map +1 -0
- package/dist/git/index.d.ts +4 -0
- package/dist/git/index.js +3 -0
- package/dist/git/index.js.map +1 -0
- package/dist/git/simple-git-client.d.ts +12 -0
- package/dist/git/simple-git-client.js +138 -0
- package/dist/git/simple-git-client.js.map +1 -0
- package/dist/graph/cross-repo-resolver.d.ts +50 -0
- package/dist/graph/cross-repo-resolver.js +315 -0
- package/dist/graph/cross-repo-resolver.js.map +1 -0
- package/dist/graph/cross-repo-resolver.test.d.ts +1 -0
- package/dist/graph/cross-repo-resolver.test.js +548 -0
- package/dist/graph/cross-repo-resolver.test.js.map +1 -0
- package/dist/graph/dependency-graph.d.ts +44 -0
- package/dist/graph/dependency-graph.js +108 -0
- package/dist/graph/dependency-graph.js.map +1 -0
- package/dist/graph/dependency-graph.test.d.ts +1 -0
- package/dist/graph/dependency-graph.test.js +276 -0
- package/dist/graph/dependency-graph.test.js.map +1 -0
- package/dist/graph/graph-builder.d.ts +11 -0
- package/dist/graph/graph-builder.js +113 -0
- package/dist/graph/graph-builder.js.map +1 -0
- package/dist/graph/graph-builder.test.d.ts +1 -0
- package/dist/graph/graph-builder.test.js +178 -0
- package/dist/graph/graph-builder.test.js.map +1 -0
- package/dist/graph/import-resolver.d.ts +11 -0
- package/dist/graph/import-resolver.js +199 -0
- package/dist/graph/import-resolver.js.map +1 -0
- package/dist/graph/import-resolver.test.d.ts +1 -0
- package/dist/graph/import-resolver.test.js +282 -0
- package/dist/graph/import-resolver.test.js.map +1 -0
- package/dist/graph/index.d.ts +7 -0
- package/dist/graph/index.js +4 -0
- package/dist/graph/index.js.map +1 -0
- package/dist/index.d.ts +31 -0
- package/dist/index.js +15 -0
- package/dist/index.js.map +1 -0
- package/dist/indexer/file-scanner.d.ts +34 -0
- package/dist/indexer/file-scanner.js +69 -0
- package/dist/indexer/file-scanner.js.map +1 -0
- package/dist/indexer/file-scanner.test.d.ts +1 -0
- package/dist/indexer/file-scanner.test.js +110 -0
- package/dist/indexer/file-scanner.test.js.map +1 -0
- package/dist/indexer/file-watcher.d.ts +79 -0
- package/dist/indexer/file-watcher.js +148 -0
- package/dist/indexer/incremental-indexer.d.ts +67 -0
- package/dist/indexer/incremental-indexer.js +142 -0
- package/dist/indexer/incremental-indexer.js.map +1 -0
- package/dist/indexer/incremental-indexer.test.d.ts +1 -0
- package/dist/indexer/incremental-indexer.test.js +266 -0
- package/dist/indexer/incremental-indexer.test.js.map +1 -0
- package/dist/indexer/index-check.d.ts +22 -0
- package/dist/indexer/index-check.js +74 -0
- package/dist/indexer/index-check.js.map +1 -0
- package/dist/indexer/index-check.test.d.ts +1 -0
- package/dist/indexer/index-check.test.js +100 -0
- package/dist/indexer/index-check.test.js.map +1 -0
- package/dist/indexer/index-state.d.ts +61 -0
- package/dist/indexer/index-state.js +82 -0
- package/dist/indexer/index-state.js.map +1 -0
- package/dist/indexer/index-state.test.d.ts +1 -0
- package/dist/indexer/index-state.test.js +140 -0
- package/dist/indexer/index-state.test.js.map +1 -0
- package/dist/indexer/index.d.ts +12 -0
- package/dist/indexer/index.js +6 -0
- package/dist/indexer/index.js.map +1 -0
- package/dist/indexer/multi-repo-indexer.d.ts +63 -0
- package/dist/indexer/multi-repo-indexer.js +144 -0
- package/dist/indexer/multi-repo-indexer.js.map +1 -0
- package/dist/indexer/multi-repo-indexer.test.d.ts +1 -0
- package/dist/indexer/multi-repo-indexer.test.js +238 -0
- package/dist/indexer/multi-repo-indexer.test.js.map +1 -0
- package/dist/parser/index.d.ts +4 -0
- package/dist/parser/index.js +3 -0
- package/dist/parser/index.js.map +1 -0
- package/dist/parser/language-registry.d.ts +46 -0
- package/dist/parser/language-registry.js +219 -0
- package/dist/parser/language-registry.js.map +1 -0
- package/dist/parser/language-registry.test.d.ts +1 -0
- package/dist/parser/language-registry.test.js +225 -0
- package/dist/parser/language-registry.test.js.map +1 -0
- package/dist/parser/markdown-parser.d.ts +124 -0
- package/dist/parser/markdown-parser.js +487 -0
- package/dist/parser/markdown-parser.js.map +1 -0
- package/dist/parser/markdown-parser.test.d.ts +1 -0
- package/dist/parser/markdown-parser.test.js +600 -0
- package/dist/parser/markdown-parser.test.js.map +1 -0
- package/dist/parser/tree-sitter-parser.d.ts +32 -0
- package/dist/parser/tree-sitter-parser.js +146 -0
- package/dist/parser/tree-sitter-parser.js.map +1 -0
- package/dist/retrieval/context-expander.d.ts +51 -0
- package/dist/retrieval/context-expander.js +218 -0
- package/dist/retrieval/context-expander.js.map +1 -0
- package/dist/retrieval/context-expander.test.d.ts +1 -0
- package/dist/retrieval/context-expander.test.js +339 -0
- package/dist/retrieval/context-expander.test.js.map +1 -0
- package/dist/retrieval/cross-encoder-reranker.d.ts +16 -0
- package/dist/retrieval/cross-encoder-reranker.js +90 -0
- package/dist/retrieval/cross-encoder-reranker.js.map +1 -0
- package/dist/retrieval/cross-encoder-reranker.test.d.ts +1 -0
- package/dist/retrieval/cross-encoder-reranker.test.js +305 -0
- package/dist/retrieval/cross-encoder-reranker.test.js.map +1 -0
- package/dist/retrieval/index.d.ts +8 -0
- package/dist/retrieval/index.js +4 -0
- package/dist/retrieval/index.js.map +1 -0
- package/dist/retrieval/query-analyzer.d.ts +29 -0
- package/dist/retrieval/query-analyzer.js +238 -0
- package/dist/retrieval/query-analyzer.js.map +1 -0
- package/dist/retrieval/query-analyzer.test.d.ts +1 -0
- package/dist/retrieval/query-analyzer.test.js +236 -0
- package/dist/retrieval/query-analyzer.test.js.map +1 -0
- package/dist/retrieval/token-budget.d.ts +51 -0
- package/dist/retrieval/token-budget.js +141 -0
- package/dist/retrieval/token-budget.js.map +1 -0
- package/dist/retrieval/token-budget.test.d.ts +1 -0
- package/dist/retrieval/token-budget.test.js +404 -0
- package/dist/retrieval/token-budget.test.js.map +1 -0
- package/dist/storage/azure-blob-provider.d.ts +19 -0
- package/dist/storage/azure-blob-provider.js +199 -0
- package/dist/storage/azure-blob-provider.js.map +1 -0
- package/dist/storage/azure-blob-provider.test.d.ts +1 -0
- package/dist/storage/azure-blob-provider.test.js +250 -0
- package/dist/storage/azure-blob-provider.test.js.map +1 -0
- package/dist/storage/gcs-provider.d.ts +22 -0
- package/dist/storage/gcs-provider.js +241 -0
- package/dist/storage/gcs-provider.js.map +1 -0
- package/dist/storage/gcs-provider.test.d.ts +1 -0
- package/dist/storage/gcs-provider.test.js +299 -0
- package/dist/storage/gcs-provider.test.js.map +1 -0
- package/dist/storage/index.d.ts +5 -0
- package/dist/storage/index.js +4 -0
- package/dist/storage/index.js.map +1 -0
- package/dist/storage/s3-provider.d.ts +21 -0
- package/dist/storage/s3-provider.js +220 -0
- package/dist/storage/s3-provider.js.map +1 -0
- package/dist/storage/s3-provider.test.d.ts +1 -0
- package/dist/storage/s3-provider.test.js +329 -0
- package/dist/storage/s3-provider.test.js.map +1 -0
- package/dist/storage/types.d.ts +65 -0
- package/dist/storage/types.js +12 -0
- package/dist/storage/types.js.map +1 -0
- package/dist/types/chunk.d.ts +32 -0
- package/dist/types/chunk.js +1 -0
- package/dist/types/chunk.js.map +1 -0
- package/dist/types/config.d.ts +71 -0
- package/dist/types/config.js +1 -0
- package/dist/types/config.js.map +1 -0
- package/dist/types/index.d.ts +5 -0
- package/dist/types/index.js +1 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/provider.d.ts +54 -0
- package/dist/types/provider.js +36 -0
- package/dist/types/provider.js.map +1 -0
- package/dist/types/search.d.ts +27 -0
- package/dist/types/search.js +1 -0
- package/dist/types/search.js.map +1 -0
- package/package.json +70 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"saml-provider.js","sourceRoot":"","sources":["../../src/auth/saml-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,GAAG,EAAe,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAS3C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;;;GAKG;AACH,SAAS,UAAU,CAAC,GAAW,EAAE,OAAe;IAC9C,+CAA+C;IAC/C,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAG,CAAC,CAAC,CAAC,OAAO,CAAC;IAE9E,gDAAgD;IAChD,KAAK,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG;YACf,6EAA6E;YAC7E,IAAI,MAAM,CAAC,uBAAuB,GAAG,oDAAoD,GAAG,GAAG,EAAE,GAAG,CAAC;YACrG,yBAAyB;YACzB,IAAI,MAAM,CAAC,IAAI,GAAG,iCAAiC,GAAG,GAAG,EAAE,GAAG,CAAC;SAChE,CAAC;QAEF,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC3B,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC7B,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,GAAW,EAAE,OAAe,EAAE,QAAgB;IAChE,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAG,CAAC,CAAC,CAAC,OAAO,CAAC;IAE9E,KAAK,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QAC9B,qFAAqF;QACrF,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,uBAAuB,GAAG,oBAAoB,EAAE,GAAG,CAAC,CAAC;QAC9E,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;YAC7E,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;gBACjC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,GAAW;IACxC,MAAM,KAAK,GAA2B,EAAE,CAAC;IAEzC,mGAAmG;IACnG,MAAM,MAAM,GAAG,oFAAoF,CAAC;IACpG,IAAI,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,OAAO,SAAS,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC1B,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC;YACjB,+BAA+B;YAC/B,MAAM,OAAO,GAAG,iEAAiE,CAAC;YAClF,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,IAAI,UAAU,EAAE,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;gBAClC,KAAK,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACrC,CAAC;QACH,CAAC;QACD,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,OAAO,YAAY;IACd,IAAI,GAAG,MAAM,CAAC;IAEN,MAAM,CAAa;IAC5B,WAAW,CAA8B;IAEjD,4DAA4D;IAC3C,SAAS,GAAG,IAAI,GAAG,EAAgB,CAAC;IAErD,2CAA2C;IACnC,cAAc,GAAG,CAAC,CAAC;IAE3B;;OAEG;IACc,OAAO,CAAe;IAEvC,YAAY,MAAkB,EAAE,OAAsB;QACpD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC;IAC7C,CAAC;IAED,0EAA0E;IAC1E,iBAAiB;IACjB,0EAA0E;IAE1E;;;OAGG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;YAChE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,GAAG,CACR,IAAI,SAAS,CAAC,mCAAmC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAC5E,CAAC;YACJ,CAAC;YAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,EAAE,kBAAkB,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC;YACvE,MAAM,MAAM,GACV,UAAU,CAAC,GAAG,EAAE,qBAAqB,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC;YAC3D,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,EAAE,iBAAiB,CAAC,IAAI,EAAE,CAAC;YAC7D,MAAM,YAAY,GAChB,UAAU,CAAC,GAAG,EAAE,cAAc,CAAC;gBAC/B,wDAAwD,CAAC;YAE3D,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;gBACzC,OAAO,GAAG,CACR,IAAI,SAAS,CAAC,0EAA0E,CAAC,CAC1F,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,WAAW,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;YACnE,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACzE,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,0BAA0B;IAC1B,0EAA0E;IAE1E;;;OAGG;IACH,mBAAmB;QACjB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,gDAAgD,CAAC,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,CAAC,cAAc,IAAI,CAAC,CAAC;QACzB,MAAM,EAAE,GAAG,YAAY,IAAI,CAAC,GAAG,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;QACnE,MAAM,YAAY,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAE9C,MAAM,YAAY,GAAG;YACnB,qBAAqB;YACrB,qDAAqD;YACrD,qDAAqD;YACrD,QAAQ,EAAE,GAAG;YACb,gBAAgB;YAChB,kBAAkB,YAAY,GAAG;YACjC,iBAAiB,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG;YAC3C,iCAAiC,IAAI,CAAC,MAAM,CAAC,QAAQ,GAAG;YACxD,oEAAoE;YACpE,kBAAkB,IAAI,CAAC,MAAM,CAAC,UAAU,gBAAgB;YACxD,uBAAuB;YACvB,cAAc,IAAI,CAAC,WAAW,CAAC,YAAY,GAAG;YAC9C,0BAA0B;YAC1B,uBAAuB;SACxB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACpE,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,SAAS,eAAe,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;QAE/F,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IACzB,CAAC;IAED,0EAA0E;IAC1E,8BAA8B;IAC9B,0EAA0E;IAE1E,KAAK,CAAC,YAAY,CAAC,KAAa;QAC9B,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACtD,IAAI,UAAU,CAAC,KAAK,EAAE,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC/B,CAAC;QAED,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAc;YAC3B,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,GAAG,EAAE,GAAG,GAAG,IAAI,EAAE,iBAAiB;YAClC,GAAG,EAAE,GAAG;SACT,CAAC;QACF,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAAc;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACxC,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAU,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAAc;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACxC,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/B,CAAC;QACD,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAChB,CAAC;IAED,0EAA0E;IAC1E,2BAA2B;IAC3B,0EAA0E;IAE1E;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,eAAuB;QAC5C,IAAI,GAAW,CAAC;QAChB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAC,CAAC;QAC5D,CAAC;QAED,mBAAmB;QACnB,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;QAC/C,IAAI,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC;YACtB,OAAO,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC;QAED,mBAAmB;QACnB,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,UAAU,CAAC,KAAK,EAAE,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC/B,CAAC;QAED,eAAe;QACf,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,qBAAqB,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QACjE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAClC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC;IAClB,CAAC;IAED,0EAA0E;IAC1E,oBAAoB;IACpB,0EAA0E;IAE1E;;OAEG;IACH,aAAa,CAAC,UAA4C,EAAE,GAAY;QACtE,MAAM,KAAK,GACT,UAAU,CAAC,oEAAoE,CAAC;YAChF,UAAU,CAAC,OAAO,CAAC;YACnB,UAAU,CAAC,OAAO,CAAC;YACnB,EAAE,CAAC;QAEL,MAAM,IAAI,GACR,UAAU,CAAC,4DAA4D,CAAC;YACxE,UAAU,CAAC,aAAa,CAAC;YACzB,UAAU,CAAC,MAAM,CAAC;YAClB,KAAK,CAAC;QAER,4BAA4B;QAC5B,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,GAAG,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC3C,CAAC;QACD,MAAM,EAAE,GAAG,MAAM,IAAI,KAAK,CAAC;QAE3B,YAAY;QACZ,MAAM,QAAQ,GACZ,UAAU,CAAC,8DAA8D,CAAC;YAC1E,UAAU,CAAC,MAAM,CAAC;YAClB,UAAU,CAAC,MAAM,CAAC;YAClB,EAAE,CAAC;QAEL,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAE3C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;IACtD,CAAC;IAED,0EAA0E;IAC1E,kBAAkB;IAClB,0EAA0E;IAElE,aAAa,CAAC,SAAiB;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;QAC9C,MAAM,MAAM,GAAG,SAAS;aACrB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnB,MAAM,KAAK,GAAG,IAAI,GAAG,EAAQ,CAAC;QAC9B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;YAC9B,IAAI,MAAM,EAAE,CAAC;gBACX,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC;YACD,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,WAAW,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACrE,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpB,CAAC;QACD,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC;IACpB,CAAC;IAEO,kBAAkB,CAAC,GAAW;QACpC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,gDAAgD,CAAC,CAAC,CAAC;QAC9E,CAAC;QAED,4CAA4C;QAC5C,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;QACzD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,0CAA0C,CAAC,CAAC,CAAC;QACxE,CAAC;QAED,qDAAqD;QACrD,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QACnD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC,CAAC;QACrE,CAAC;QAED,iDAAiD;QACjD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAC,CAAC;QACpE,CAAC;QAED,2DAA2D;QAC3D,MAAM,aAAa,GAAG,0DAA0D,UAAU,eAAe,CAAC;QAC1G,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC;QAE3E,uDAAuD;QACvD,MAAM,UAAU,GAAG;YACjB,gCAAgC,IAAI,CAAC,WAAW,CAAC,WAAW,6BAA6B;YACzF,+BAA+B,IAAI,CAAC,WAAW,CAAC,WAAW,4BAA4B;SACxF,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;gBAC5C,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;gBAC/B,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;gBACjD,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC;gBACvB,CAAC;gBACD,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,iCAAiC,CAAC,CAAC,CAAC;YAC/D,CAAC;YAAC,MAAM,CAAC;gBACP,kBAAkB;gBAClB,SAAS;YACX,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,uDAAuD,CAAC,CAAC,CAAC;IACrF,CAAC;IAEO,eAAe,CAAC,GAAW;QACjC,iCAAiC;QACjC,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;QAChE,MAAM,eAAe,GAAG,UAAU,CAAC,GAAG,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;QACtE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAEvB,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC;YACzC,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;gBACpB,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YACpB,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,CAAC;YAC/C,IAAI,GAAG,IAAI,YAAY,EAAE,CAAC;gBACxB,OAAO,GAAG,CAAC,IAAI,SAAS,CAAC,wBAAwB,CAAC,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QAC7C,IAAI,QAAQ,IAAI,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YACpD,OAAO,GAAG,CACR,IAAI,SAAS,CACX,oCAAoC,IAAI,CAAC,MAAM,CAAC,UAAU,SAAS,QAAQ,EAAE,CAC9E,CACF,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC;IACvB,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,422 @@
|
|
|
1
|
+
import { describe, it, expect, vi, beforeEach } from 'vitest';
|
|
2
|
+
import { createSign, generateKeyPairSync } from 'node:crypto';
|
|
3
|
+
import { SAMLProvider } from './saml-provider.js';
|
|
4
|
+
import { AuthError } from './types.js';
|
|
5
|
+
// ---------------------------------------------------------------------------
|
|
6
|
+
// RSA key pair for SAML signature testing
|
|
7
|
+
// ---------------------------------------------------------------------------
|
|
8
|
+
const { publicKey, privateKey } = generateKeyPairSync('rsa', {
|
|
9
|
+
modulusLength: 2048,
|
|
10
|
+
});
|
|
11
|
+
// For test purposes, extract the base64 public key as a stand-in certificate
|
|
12
|
+
const publicKeyDer = publicKey.export({ type: 'spki', format: 'der' });
|
|
13
|
+
const certBase64 = publicKeyDer.toString('base64');
|
|
14
|
+
// ---------------------------------------------------------------------------
|
|
15
|
+
// Helpers
|
|
16
|
+
// ---------------------------------------------------------------------------
|
|
17
|
+
function defaultConfig() {
|
|
18
|
+
return {
|
|
19
|
+
idpMetadataUrl: 'https://idp.example.com/metadata',
|
|
20
|
+
spEntityId: 'https://coderag.example.com',
|
|
21
|
+
spAcsUrl: 'https://coderag.example.com/sso/acs',
|
|
22
|
+
certificatePem: `-----BEGIN CERTIFICATE-----\n${certBase64}\n-----END CERTIFICATE-----`,
|
|
23
|
+
roleMapping: {
|
|
24
|
+
'coderag-admins': 'admin',
|
|
25
|
+
'coderag-devs': 'developer',
|
|
26
|
+
'coderag-readers': 'viewer',
|
|
27
|
+
},
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
function createIdpMetadataXml() {
|
|
31
|
+
return `<?xml version="1.0" encoding="UTF-8"?>
|
|
32
|
+
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
|
|
33
|
+
entityID="https://idp.example.com">
|
|
34
|
+
<md:IDPSSODescriptor>
|
|
35
|
+
<md:KeyDescriptor use="signing">
|
|
36
|
+
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
37
|
+
<ds:X509Data>
|
|
38
|
+
<ds:X509Certificate>${certBase64}</ds:X509Certificate>
|
|
39
|
+
</ds:X509Data>
|
|
40
|
+
</ds:KeyInfo>
|
|
41
|
+
</md:KeyDescriptor>
|
|
42
|
+
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
|
|
43
|
+
<md:SingleSignOnService
|
|
44
|
+
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
|
45
|
+
Location="https://idp.example.com/sso" />
|
|
46
|
+
</md:IDPSSODescriptor>
|
|
47
|
+
</md:EntityDescriptor>`;
|
|
48
|
+
}
|
|
49
|
+
function createSamlResponse(options) {
|
|
50
|
+
const nameId = options?.nameId ?? 'user@example.com';
|
|
51
|
+
const email = options?.email ?? 'user@example.com';
|
|
52
|
+
const role = options?.role ?? 'developer';
|
|
53
|
+
const audience = options?.audience ?? 'https://coderag.example.com';
|
|
54
|
+
const now = new Date();
|
|
55
|
+
const notBefore = options?.notBefore ?? new Date(now.getTime() - 60000).toISOString();
|
|
56
|
+
const notOnOrAfter = options?.notOnOrAfter ?? new Date(now.getTime() + 3600000).toISOString();
|
|
57
|
+
// Create a simplified SAML assertion for testing
|
|
58
|
+
const assertion = `<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
|
|
59
|
+
<saml:Issuer>https://idp.example.com</saml:Issuer>
|
|
60
|
+
<saml:Subject>
|
|
61
|
+
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">${nameId}</saml:NameID>
|
|
62
|
+
</saml:Subject>
|
|
63
|
+
<saml:Conditions NotBefore="${notBefore}" NotOnOrAfter="${notOnOrAfter}">
|
|
64
|
+
<saml:AudienceRestriction>
|
|
65
|
+
<saml:Audience>${audience}</saml:Audience>
|
|
66
|
+
</saml:AudienceRestriction>
|
|
67
|
+
</saml:Conditions>
|
|
68
|
+
<saml:AttributeStatement>
|
|
69
|
+
<saml:Attribute Name="email">
|
|
70
|
+
<saml:AttributeValue>${email}</saml:AttributeValue>
|
|
71
|
+
</saml:Attribute>
|
|
72
|
+
<saml:Attribute Name="role">
|
|
73
|
+
<saml:AttributeValue>${role}</saml:AttributeValue>
|
|
74
|
+
</saml:Attribute>
|
|
75
|
+
<saml:Attribute Name="displayName">
|
|
76
|
+
<saml:AttributeValue>Test User</saml:AttributeValue>
|
|
77
|
+
</saml:Attribute>
|
|
78
|
+
</saml:AttributeStatement>
|
|
79
|
+
</saml:Assertion>`;
|
|
80
|
+
// Create SignedInfo and sign it.
|
|
81
|
+
// The provider extracts text between <ds:SignedInfo>...</ds:SignedInfo>,
|
|
82
|
+
// trims it, and wraps it: <SignedInfo xmlns="...">{trimmed}</SignedInfo>.
|
|
83
|
+
// We must sign exactly that reconstructed string.
|
|
84
|
+
const digestValue = Buffer.from('test-digest').toString('base64');
|
|
85
|
+
const signedInfoInner = `<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI=""><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>${digestValue}</ds:DigestValue></ds:Reference>`;
|
|
86
|
+
// This is what the provider will reconstruct and verify against
|
|
87
|
+
const signedInfoXml = `<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">${signedInfoInner}</SignedInfo>`;
|
|
88
|
+
const signer = createSign('RSA-SHA256');
|
|
89
|
+
signer.update(signedInfoXml);
|
|
90
|
+
const signatureValue = signer.sign(privateKey).toString('base64');
|
|
91
|
+
return `<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
|
|
92
|
+
${assertion}
|
|
93
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
94
|
+
<ds:SignedInfo>${signedInfoInner}</ds:SignedInfo>
|
|
95
|
+
<ds:SignatureValue>${signatureValue}</ds:SignatureValue>
|
|
96
|
+
</ds:Signature>
|
|
97
|
+
</samlp:Response>`;
|
|
98
|
+
}
|
|
99
|
+
function createMockFetch(responses) {
|
|
100
|
+
return vi.fn(async (input) => {
|
|
101
|
+
const url = typeof input === 'string' ? input : input.toString();
|
|
102
|
+
const response = responses[url];
|
|
103
|
+
if (!response) {
|
|
104
|
+
return {
|
|
105
|
+
ok: false,
|
|
106
|
+
status: 404,
|
|
107
|
+
json: async () => ({}),
|
|
108
|
+
text: async () => '',
|
|
109
|
+
};
|
|
110
|
+
}
|
|
111
|
+
return {
|
|
112
|
+
ok: response.ok,
|
|
113
|
+
status: response.status,
|
|
114
|
+
json: async () => JSON.parse(response.body),
|
|
115
|
+
text: async () => response.body,
|
|
116
|
+
};
|
|
117
|
+
});
|
|
118
|
+
}
|
|
119
|
+
// ---------------------------------------------------------------------------
|
|
120
|
+
// Tests
|
|
121
|
+
// ---------------------------------------------------------------------------
|
|
122
|
+
describe('SAMLProvider', () => {
|
|
123
|
+
let config;
|
|
124
|
+
beforeEach(() => {
|
|
125
|
+
config = defaultConfig();
|
|
126
|
+
});
|
|
127
|
+
// -----------------------------------------------------------------------
|
|
128
|
+
// Constructor
|
|
129
|
+
// -----------------------------------------------------------------------
|
|
130
|
+
describe('constructor', () => {
|
|
131
|
+
it('should have name set to saml', () => {
|
|
132
|
+
const provider = new SAMLProvider(config);
|
|
133
|
+
expect(provider.name).toBe('saml');
|
|
134
|
+
});
|
|
135
|
+
});
|
|
136
|
+
// -----------------------------------------------------------------------
|
|
137
|
+
// initialize
|
|
138
|
+
// -----------------------------------------------------------------------
|
|
139
|
+
describe('initialize', () => {
|
|
140
|
+
it('should fetch and parse IdP metadata', async () => {
|
|
141
|
+
const mockFetch = createMockFetch({
|
|
142
|
+
'https://idp.example.com/metadata': {
|
|
143
|
+
ok: true,
|
|
144
|
+
status: 200,
|
|
145
|
+
body: createIdpMetadataXml(),
|
|
146
|
+
},
|
|
147
|
+
});
|
|
148
|
+
const provider = new SAMLProvider(config, mockFetch);
|
|
149
|
+
const result = await provider.initialize();
|
|
150
|
+
expect(result.isOk()).toBe(true);
|
|
151
|
+
});
|
|
152
|
+
it('should return error when metadata fetch fails', async () => {
|
|
153
|
+
const mockFetch = createMockFetch({
|
|
154
|
+
'https://idp.example.com/metadata': {
|
|
155
|
+
ok: false,
|
|
156
|
+
status: 500,
|
|
157
|
+
body: '',
|
|
158
|
+
},
|
|
159
|
+
});
|
|
160
|
+
const provider = new SAMLProvider(config, mockFetch);
|
|
161
|
+
const result = await provider.initialize();
|
|
162
|
+
expect(result.isErr()).toBe(true);
|
|
163
|
+
if (result.isErr()) {
|
|
164
|
+
expect(result.error).toBeInstanceOf(AuthError);
|
|
165
|
+
expect(result.error.message).toContain('metadata fetch failed');
|
|
166
|
+
}
|
|
167
|
+
});
|
|
168
|
+
it('should return error when metadata is missing required fields', async () => {
|
|
169
|
+
const mockFetch = createMockFetch({
|
|
170
|
+
'https://idp.example.com/metadata': {
|
|
171
|
+
ok: true,
|
|
172
|
+
status: 200,
|
|
173
|
+
body: '<EntityDescriptor></EntityDescriptor>',
|
|
174
|
+
},
|
|
175
|
+
});
|
|
176
|
+
const provider = new SAMLProvider(config, mockFetch);
|
|
177
|
+
const result = await provider.initialize();
|
|
178
|
+
expect(result.isErr()).toBe(true);
|
|
179
|
+
if (result.isErr()) {
|
|
180
|
+
expect(result.error.message).toContain('missing required fields');
|
|
181
|
+
}
|
|
182
|
+
});
|
|
183
|
+
it('should return error on network failure', async () => {
|
|
184
|
+
const mockFetch = vi.fn(async () => {
|
|
185
|
+
throw new Error('DNS resolution failed');
|
|
186
|
+
});
|
|
187
|
+
const provider = new SAMLProvider(config, mockFetch);
|
|
188
|
+
const result = await provider.initialize();
|
|
189
|
+
expect(result.isErr()).toBe(true);
|
|
190
|
+
if (result.isErr()) {
|
|
191
|
+
expect(result.error.message).toContain('DNS resolution failed');
|
|
192
|
+
}
|
|
193
|
+
});
|
|
194
|
+
});
|
|
195
|
+
// -----------------------------------------------------------------------
|
|
196
|
+
// generateAuthRequest
|
|
197
|
+
// -----------------------------------------------------------------------
|
|
198
|
+
describe('generateAuthRequest', () => {
|
|
199
|
+
it('should generate a valid SAML AuthnRequest URL', async () => {
|
|
200
|
+
const mockFetch = createMockFetch({
|
|
201
|
+
'https://idp.example.com/metadata': {
|
|
202
|
+
ok: true,
|
|
203
|
+
status: 200,
|
|
204
|
+
body: createIdpMetadataXml(),
|
|
205
|
+
},
|
|
206
|
+
});
|
|
207
|
+
const provider = new SAMLProvider(config, mockFetch);
|
|
208
|
+
await provider.initialize();
|
|
209
|
+
const result = provider.generateAuthRequest();
|
|
210
|
+
expect(result.isOk()).toBe(true);
|
|
211
|
+
if (result.isOk()) {
|
|
212
|
+
expect(result.value.url).toContain('https://idp.example.com/sso');
|
|
213
|
+
expect(result.value.url).toContain('SAMLRequest=');
|
|
214
|
+
expect(result.value.id).toContain('_coderag_');
|
|
215
|
+
}
|
|
216
|
+
});
|
|
217
|
+
it('should generate unique IDs for each request', async () => {
|
|
218
|
+
const mockFetch = createMockFetch({
|
|
219
|
+
'https://idp.example.com/metadata': {
|
|
220
|
+
ok: true,
|
|
221
|
+
status: 200,
|
|
222
|
+
body: createIdpMetadataXml(),
|
|
223
|
+
},
|
|
224
|
+
});
|
|
225
|
+
const provider = new SAMLProvider(config, mockFetch);
|
|
226
|
+
await provider.initialize();
|
|
227
|
+
const result1 = provider.generateAuthRequest();
|
|
228
|
+
const result2 = provider.generateAuthRequest();
|
|
229
|
+
expect(result1.isOk() && result2.isOk()).toBe(true);
|
|
230
|
+
if (result1.isOk() && result2.isOk()) {
|
|
231
|
+
expect(result1.value.id).not.toBe(result2.value.id);
|
|
232
|
+
}
|
|
233
|
+
});
|
|
234
|
+
it('should return error when not initialized', () => {
|
|
235
|
+
const provider = new SAMLProvider(config);
|
|
236
|
+
const result = provider.generateAuthRequest();
|
|
237
|
+
expect(result.isErr()).toBe(true);
|
|
238
|
+
if (result.isErr()) {
|
|
239
|
+
expect(result.error.message).toContain('not initialized');
|
|
240
|
+
}
|
|
241
|
+
});
|
|
242
|
+
});
|
|
243
|
+
// -----------------------------------------------------------------------
|
|
244
|
+
// validateResponse
|
|
245
|
+
// -----------------------------------------------------------------------
|
|
246
|
+
describe('validateResponse', () => {
|
|
247
|
+
async function createInitializedProvider() {
|
|
248
|
+
const mockFetch = createMockFetch({
|
|
249
|
+
'https://idp.example.com/metadata': {
|
|
250
|
+
ok: true,
|
|
251
|
+
status: 200,
|
|
252
|
+
body: createIdpMetadataXml(),
|
|
253
|
+
},
|
|
254
|
+
});
|
|
255
|
+
const provider = new SAMLProvider(config, mockFetch);
|
|
256
|
+
await provider.initialize();
|
|
257
|
+
return provider;
|
|
258
|
+
}
|
|
259
|
+
it('should validate a well-formed SAML response', async () => {
|
|
260
|
+
const provider = await createInitializedProvider();
|
|
261
|
+
const samlXml = createSamlResponse();
|
|
262
|
+
const samlB64 = Buffer.from(samlXml).toString('base64');
|
|
263
|
+
const result = await provider.validateResponse(samlB64);
|
|
264
|
+
expect(result.isOk()).toBe(true);
|
|
265
|
+
if (result.isOk()) {
|
|
266
|
+
expect(result.value.email).toBe('user@example.com');
|
|
267
|
+
expect(result.value.name).toBe('Test User');
|
|
268
|
+
expect(result.value.roles).toContain('developer');
|
|
269
|
+
}
|
|
270
|
+
});
|
|
271
|
+
it('should reject an expired SAML assertion', async () => {
|
|
272
|
+
const provider = await createInitializedProvider();
|
|
273
|
+
const pastDate = new Date(Date.now() - 7200000).toISOString();
|
|
274
|
+
const samlXml = createSamlResponse({
|
|
275
|
+
notBefore: new Date(Date.now() - 14400000).toISOString(),
|
|
276
|
+
notOnOrAfter: pastDate,
|
|
277
|
+
});
|
|
278
|
+
const samlB64 = Buffer.from(samlXml).toString('base64');
|
|
279
|
+
const result = await provider.validateResponse(samlB64);
|
|
280
|
+
expect(result.isErr()).toBe(true);
|
|
281
|
+
if (result.isErr()) {
|
|
282
|
+
expect(result.error.message).toContain('expired');
|
|
283
|
+
}
|
|
284
|
+
});
|
|
285
|
+
it('should reject a SAML assertion not yet valid', async () => {
|
|
286
|
+
const provider = await createInitializedProvider();
|
|
287
|
+
const futureDate = new Date(Date.now() + 7200000).toISOString();
|
|
288
|
+
const farFuture = new Date(Date.now() + 14400000).toISOString();
|
|
289
|
+
const samlXml = createSamlResponse({
|
|
290
|
+
notBefore: futureDate,
|
|
291
|
+
notOnOrAfter: farFuture,
|
|
292
|
+
});
|
|
293
|
+
const samlB64 = Buffer.from(samlXml).toString('base64');
|
|
294
|
+
const result = await provider.validateResponse(samlB64);
|
|
295
|
+
expect(result.isErr()).toBe(true);
|
|
296
|
+
if (result.isErr()) {
|
|
297
|
+
expect(result.error.message).toContain('not yet valid');
|
|
298
|
+
}
|
|
299
|
+
});
|
|
300
|
+
it('should reject a SAML assertion with wrong audience', async () => {
|
|
301
|
+
const provider = await createInitializedProvider();
|
|
302
|
+
const samlXml = createSamlResponse({
|
|
303
|
+
audience: 'https://wrong-audience.com',
|
|
304
|
+
});
|
|
305
|
+
const samlB64 = Buffer.from(samlXml).toString('base64');
|
|
306
|
+
const result = await provider.validateResponse(samlB64);
|
|
307
|
+
expect(result.isErr()).toBe(true);
|
|
308
|
+
if (result.isErr()) {
|
|
309
|
+
expect(result.error.message).toContain('audience mismatch');
|
|
310
|
+
}
|
|
311
|
+
});
|
|
312
|
+
it('should reject invalid Base64 input', async () => {
|
|
313
|
+
const provider = await createInitializedProvider();
|
|
314
|
+
// Provide valid base64 that decodes to non-XML
|
|
315
|
+
const result = await provider.validateResponse(Buffer.from('not-xml-at-all').toString('base64'));
|
|
316
|
+
expect(result.isErr()).toBe(true);
|
|
317
|
+
});
|
|
318
|
+
});
|
|
319
|
+
// -----------------------------------------------------------------------
|
|
320
|
+
// authenticate
|
|
321
|
+
// -----------------------------------------------------------------------
|
|
322
|
+
describe('authenticate', () => {
|
|
323
|
+
it('should return AuthToken for valid SAML response', async () => {
|
|
324
|
+
const mockFetch = createMockFetch({
|
|
325
|
+
'https://idp.example.com/metadata': {
|
|
326
|
+
ok: true,
|
|
327
|
+
status: 200,
|
|
328
|
+
body: createIdpMetadataXml(),
|
|
329
|
+
},
|
|
330
|
+
});
|
|
331
|
+
const provider = new SAMLProvider(config, mockFetch);
|
|
332
|
+
await provider.initialize();
|
|
333
|
+
const samlXml = createSamlResponse();
|
|
334
|
+
const samlB64 = Buffer.from(samlXml).toString('base64');
|
|
335
|
+
const result = await provider.authenticate(samlB64);
|
|
336
|
+
expect(result.isOk()).toBe(true);
|
|
337
|
+
if (result.isOk()) {
|
|
338
|
+
expect(result.value.email).toBe('user@example.com');
|
|
339
|
+
expect(result.value.roles).toContain('developer');
|
|
340
|
+
expect(result.value.exp).toBeGreaterThan(result.value.iat);
|
|
341
|
+
}
|
|
342
|
+
});
|
|
343
|
+
});
|
|
344
|
+
// -----------------------------------------------------------------------
|
|
345
|
+
// mapAttributes
|
|
346
|
+
// -----------------------------------------------------------------------
|
|
347
|
+
describe('mapAttributes', () => {
|
|
348
|
+
it('should map standard email attribute', () => {
|
|
349
|
+
const provider = new SAMLProvider(config);
|
|
350
|
+
const user = provider.mapAttributes({
|
|
351
|
+
email: 'test@example.com',
|
|
352
|
+
displayName: 'Test User',
|
|
353
|
+
role: 'admin',
|
|
354
|
+
});
|
|
355
|
+
expect(user.email).toBe('test@example.com');
|
|
356
|
+
expect(user.name).toBe('Test User');
|
|
357
|
+
expect(user.roles).toContain('admin');
|
|
358
|
+
});
|
|
359
|
+
it('should map Microsoft claims-style attributes', () => {
|
|
360
|
+
const provider = new SAMLProvider(config);
|
|
361
|
+
const user = provider.mapAttributes({
|
|
362
|
+
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress': 'ms@example.com',
|
|
363
|
+
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name': 'MS User',
|
|
364
|
+
'http://schemas.microsoft.com/ws/2008/06/identity/claims/role': 'coderag-admins',
|
|
365
|
+
});
|
|
366
|
+
expect(user.email).toBe('ms@example.com');
|
|
367
|
+
expect(user.name).toBe('MS User');
|
|
368
|
+
expect(user.roles).toContain('admin');
|
|
369
|
+
});
|
|
370
|
+
it('should default to viewer when no role matches', () => {
|
|
371
|
+
const provider = new SAMLProvider(config);
|
|
372
|
+
const user = provider.mapAttributes({
|
|
373
|
+
email: 'test@example.com',
|
|
374
|
+
});
|
|
375
|
+
expect(user.roles).toEqual(['viewer']);
|
|
376
|
+
});
|
|
377
|
+
it('should use email as fallback for name', () => {
|
|
378
|
+
const provider = new SAMLProvider(config);
|
|
379
|
+
const user = provider.mapAttributes({
|
|
380
|
+
email: 'test@example.com',
|
|
381
|
+
});
|
|
382
|
+
expect(user.name).toBe('test@example.com');
|
|
383
|
+
});
|
|
384
|
+
it('should extract NameID from XML as user id', () => {
|
|
385
|
+
const provider = new SAMLProvider(config);
|
|
386
|
+
const xml = '<saml:NameID>unique-id-123</saml:NameID>';
|
|
387
|
+
const user = provider.mapAttributes({ email: 'test@example.com' }, xml);
|
|
388
|
+
expect(user.id).toBe('unique-id-123');
|
|
389
|
+
});
|
|
390
|
+
it('should use email as fallback for id when no NameID', () => {
|
|
391
|
+
const provider = new SAMLProvider(config);
|
|
392
|
+
const user = provider.mapAttributes({
|
|
393
|
+
email: 'fallback@example.com',
|
|
394
|
+
});
|
|
395
|
+
expect(user.id).toBe('fallback@example.com');
|
|
396
|
+
});
|
|
397
|
+
});
|
|
398
|
+
// -----------------------------------------------------------------------
|
|
399
|
+
// getUserRoles / getUserRepos (cache)
|
|
400
|
+
// -----------------------------------------------------------------------
|
|
401
|
+
describe('getUserRoles', () => {
|
|
402
|
+
it('should return viewer for unknown user', async () => {
|
|
403
|
+
const provider = new SAMLProvider(config);
|
|
404
|
+
const result = await provider.getUserRoles('unknown');
|
|
405
|
+
expect(result.isOk()).toBe(true);
|
|
406
|
+
if (result.isOk()) {
|
|
407
|
+
expect(result.value).toEqual(['viewer']);
|
|
408
|
+
}
|
|
409
|
+
});
|
|
410
|
+
});
|
|
411
|
+
describe('getUserRepos', () => {
|
|
412
|
+
it('should return empty array for unknown user', async () => {
|
|
413
|
+
const provider = new SAMLProvider(config);
|
|
414
|
+
const result = await provider.getUserRepos('unknown');
|
|
415
|
+
expect(result.isOk()).toBe(true);
|
|
416
|
+
if (result.isOk()) {
|
|
417
|
+
expect(result.value).toEqual([]);
|
|
418
|
+
}
|
|
419
|
+
});
|
|
420
|
+
});
|
|
421
|
+
});
|
|
422
|
+
//# sourceMappingURL=saml-provider.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"saml-provider.test.js","sourceRoot":"","sources":["../../src/auth/saml-provider.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAGvC,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,KAAK,EAAE;IAC3D,aAAa,EAAE,IAAI;CACpB,CAAC,CAAC;AAEH,6EAA6E;AAC7E,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;AACjF,MAAM,UAAU,GAAG,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAEnD,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,aAAa;IACpB,OAAO;QACL,cAAc,EAAE,kCAAkC;QAClD,UAAU,EAAE,6BAA6B;QACzC,QAAQ,EAAE,qCAAqC;QAC/C,cAAc,EAAE,gCAAgC,UAAU,6BAA6B;QACvF,WAAW,EAAE;YACX,gBAAgB,EAAE,OAAO;YACzB,cAAc,EAAE,WAAW;YAC3B,iBAAiB,EAAE,QAAQ;SAC5B;KACF,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB;IAC3B,OAAO;;;;;;;gCAOuB,UAAU;;;;;;;;;uBASnB,CAAC;AACxB,CAAC;AAED,SAAS,kBAAkB,CAAC,OAO3B;IACC,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,kBAAkB,CAAC;IACrD,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,kBAAkB,CAAC;IACnD,MAAM,IAAI,GAAG,OAAO,EAAE,IAAI,IAAI,WAAW,CAAC;IAC1C,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,6BAA6B,CAAC;IACpE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IACtF,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAE9F,iDAAiD;IACjD,MAAM,SAAS,GAAG;;;mFAG+D,MAAM;;gCAEzD,SAAS,mBAAmB,YAAY;;uBAEjD,QAAQ;;;;;6BAKF,KAAK;;;6BAGL,IAAI;;;;;;kBAMf,CAAC;IAEjB,iCAAiC;IACjC,yEAAyE;IACzE,0EAA0E;IAC1E,kDAAkD;IAClD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAClE,MAAM,eAAe,GAAG,iRAAiR,WAAW,kCAAkC,CAAC;IAEvV,gEAAgE;IAChE,MAAM,aAAa,GAAG,0DAA0D,eAAe,eAAe,CAAC;IAE/G,MAAM,MAAM,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACxC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAC7B,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAElE,OAAO;IACL,SAAS;;qBAEQ,eAAe;yBACX,cAAc;;kBAErB,CAAC;AACnB,CAAC;AAED,SAAS,eAAe,CACtB,SAAwE;IAExE,OAAO,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,KAAwB,EAAE,EAAE;QAC9C,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACjE,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;gBACtB,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;aACT,CAAC;QAChB,CAAC;QACD,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC3C,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,QAAQ,CAAC,IAAI;SACpB,CAAC;IAChB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,IAAI,MAAkB,CAAC;IAEvB,UAAU,CAAC,GAAG,EAAE;QACd,MAAM,GAAG,aAAa,EAAE,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,cAAc;IACd,0EAA0E;IAE1E,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,aAAa;IACb,0EAA0E;IAE1E,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,oBAAoB,EAAE;iBAC7B;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,EAAE;iBACT;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;gBAC/C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;YAClE,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;YAC5E,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,uCAAuC;iBAC9C;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;YACpE,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE;gBACjC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC,CAA4B,CAAC;YAE9B,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;YAClE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,sBAAsB;IACtB,0EAA0E;IAE1E,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,oBAAoB,EAAE;iBAC7B;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAE5B,MAAM,MAAM,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;gBAClE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;gBACnD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YACjD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,oBAAoB,EAAE;iBAC7B;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAE5B,MAAM,OAAO,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAE/C,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpD,IAAI,OAAO,CAAC,IAAI,EAAE,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACrC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,MAAM,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,mBAAmB;IACnB,0EAA0E;IAE1E,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,KAAK,UAAU,yBAAyB;YACtC,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,oBAAoB,EAAE;iBAC7B;aACF,CAAC,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC5B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAExD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBACpD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC5C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YACpD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACvD,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9D,MAAM,OAAO,GAAG,kBAAkB,CAAC;gBACjC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE;gBACxD,YAAY,EAAE,QAAQ;aACvB,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAExD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACpD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;YAC5D,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAC;YACnD,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAChE,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAChE,MAAM,OAAO,GAAG,kBAAkB,CAAC;gBACjC,SAAS,EAAE,UAAU;gBACrB,YAAY,EAAE,SAAS;aACxB,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAExD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,kBAAkB,CAAC;gBACjC,QAAQ,EAAE,4BAA4B;aACvC,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAExD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAC;YACnD,+CAA+C;YAC/C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjG,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,eAAe;IACf,0EAA0E;IAE1E,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC5B,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,oBAAoB,EAAE;iBAC7B;aACF,CAAC,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAE5B,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YAEpD,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBACpD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,gBAAgB;IAChB,0EAA0E;IAE1E,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC;gBAClC,KAAK,EAAE,kBAAkB;gBACzB,WAAW,EAAE,WAAW;gBACxB,IAAI,EAAE,OAAO;aACd,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC5C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC;gBAClC,oEAAoE,EAAE,gBAAgB;gBACtF,4DAA4D,EAAE,SAAS;gBACvE,8DAA8D,EAAE,gBAAgB;aACjF,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC;gBAClC,KAAK,EAAE,kBAAkB;aAC1B,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC;gBAClC,KAAK,EAAE,kBAAkB;aAC1B,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,GAAG,GAAG,0CAA0C,CAAC;YACvD,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CACjC,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAC7B,GAAG,CACJ,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC;gBAClC,KAAK,EAAE,sBAAsB;aAC9B,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,sCAAsC;IACtC,0EAA0E;IAE1E,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC5B,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC5B,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YACnC,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import type { Result } from 'neverthrow';
|
|
2
|
+
/** CodeRAG role hierarchy: Admin > Developer > Viewer */
|
|
3
|
+
export type Role = 'admin' | 'developer' | 'viewer';
|
|
4
|
+
/** Ordered role hierarchy (index = privilege level, higher = more access). */
|
|
5
|
+
export declare const ROLE_HIERARCHY: readonly Role[];
|
|
6
|
+
/** Actions that can be gated by RBAC. */
|
|
7
|
+
export type Action = 'search' | 'context' | 'status' | 'explain' | 'docs' | 'index' | 'configure';
|
|
8
|
+
/** Per-repo access level. */
|
|
9
|
+
export type RepoAccessLevel = 'read' | 'write' | 'admin';
|
|
10
|
+
export interface RepoPermission {
|
|
11
|
+
readonly repoName: string;
|
|
12
|
+
readonly access: RepoAccessLevel;
|
|
13
|
+
}
|
|
14
|
+
export interface User {
|
|
15
|
+
readonly id: string;
|
|
16
|
+
readonly email: string;
|
|
17
|
+
readonly name: string;
|
|
18
|
+
readonly roles: readonly Role[];
|
|
19
|
+
readonly allowedRepos: readonly string[];
|
|
20
|
+
}
|
|
21
|
+
export interface AuthToken {
|
|
22
|
+
readonly userId: string;
|
|
23
|
+
readonly email: string;
|
|
24
|
+
readonly roles: readonly Role[];
|
|
25
|
+
readonly exp: number;
|
|
26
|
+
readonly iat: number;
|
|
27
|
+
}
|
|
28
|
+
export interface AuditEntry {
|
|
29
|
+
readonly timestamp: Date;
|
|
30
|
+
readonly userId: string;
|
|
31
|
+
readonly action: string;
|
|
32
|
+
readonly resource: string;
|
|
33
|
+
readonly details: string;
|
|
34
|
+
readonly ip: string;
|
|
35
|
+
}
|
|
36
|
+
export interface AuditQuery {
|
|
37
|
+
readonly userId?: string;
|
|
38
|
+
readonly action?: string;
|
|
39
|
+
readonly startDate?: Date;
|
|
40
|
+
readonly endDate?: Date;
|
|
41
|
+
readonly limit?: number;
|
|
42
|
+
}
|
|
43
|
+
export declare class AuthError extends Error {
|
|
44
|
+
constructor(message: string);
|
|
45
|
+
}
|
|
46
|
+
export interface AuthProvider {
|
|
47
|
+
readonly name: string;
|
|
48
|
+
authenticate(token: string): Promise<Result<AuthToken, AuthError>>;
|
|
49
|
+
getUserRoles(userId: string): Promise<Result<readonly Role[], AuthError>>;
|
|
50
|
+
getUserRepos(userId: string): Promise<Result<readonly string[], AuthError>>;
|
|
51
|
+
}
|
|
52
|
+
export interface OIDCConfig {
|
|
53
|
+
readonly issuerUrl: string;
|
|
54
|
+
readonly clientId: string;
|
|
55
|
+
readonly clientSecret: string;
|
|
56
|
+
readonly audience: string;
|
|
57
|
+
/** Optional mapping from OIDC group claim values to CodeRAG roles. */
|
|
58
|
+
readonly roleMapping?: Readonly<Record<string, Role>>;
|
|
59
|
+
}
|
|
60
|
+
/** Subset of the OpenID Connect Discovery document we use. */
|
|
61
|
+
export interface OIDCDiscoveryDocument {
|
|
62
|
+
readonly issuer: string;
|
|
63
|
+
readonly authorization_endpoint: string;
|
|
64
|
+
readonly token_endpoint: string;
|
|
65
|
+
readonly userinfo_endpoint: string;
|
|
66
|
+
readonly jwks_uri: string;
|
|
67
|
+
}
|
|
68
|
+
export interface SAMLConfig {
|
|
69
|
+
readonly idpMetadataUrl: string;
|
|
70
|
+
readonly spEntityId: string;
|
|
71
|
+
readonly spAcsUrl: string;
|
|
72
|
+
readonly certificatePem: string;
|
|
73
|
+
/** Optional mapping from SAML attribute values to CodeRAG roles. */
|
|
74
|
+
readonly roleMapping?: Readonly<Record<string, Role>>;
|
|
75
|
+
}
|
|
76
|
+
export interface SAMLIdPMetadata {
|
|
77
|
+
readonly entityId: string;
|
|
78
|
+
readonly ssoUrl: string;
|
|
79
|
+
readonly certificate: string;
|
|
80
|
+
readonly nameIdFormat: string;
|
|
81
|
+
}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/** Ordered role hierarchy (index = privilege level, higher = more access). */
|
|
2
|
+
export const ROLE_HIERARCHY = ['viewer', 'developer', 'admin'];
|
|
3
|
+
// ---------------------------------------------------------------------------
|
|
4
|
+
// Auth Provider interface
|
|
5
|
+
// ---------------------------------------------------------------------------
|
|
6
|
+
export class AuthError extends Error {
|
|
7
|
+
constructor(message) {
|
|
8
|
+
super(message);
|
|
9
|
+
this.name = 'AuthError';
|
|
10
|
+
}
|
|
11
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AASA,8EAA8E;AAC9E,MAAM,CAAC,MAAM,cAAc,GAAoB,CAAC,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAU,CAAC;AA6DzF,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,MAAM,OAAO,SAAU,SAAQ,KAAK;IAClC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|