@culturefy/shared 1.0.51 → 1.0.52
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/cjs/enums/secretKeys.enum.js +2 -0
- package/build/cjs/enums/secretKeys.enum.js.map +1 -1
- package/build/cjs/middlewares/verify-middleware.js +9 -1
- package/build/cjs/middlewares/verify-middleware.js.map +1 -1
- package/build/cjs/utils/cookies.js +13 -6
- package/build/cjs/utils/cookies.js.map +1 -1
- package/build/esm/enums/secretKeys.enum.js +2 -0
- package/build/esm/enums/secretKeys.enum.js.map +1 -1
- package/build/esm/middlewares/verify-middleware.js +9 -1
- package/build/esm/middlewares/verify-middleware.js.map +1 -1
- package/build/esm/utils/cookies.js +13 -6
- package/build/esm/utils/cookies.js.map +1 -1
- package/build/src/enums/secretKeys.enum.d.ts +3 -1
- package/build/src/enums/secretKeys.enum.js +2 -0
- package/build/src/enums/secretKeys.enum.js.map +1 -1
- package/build/src/middlewares/verify-middleware.js +12 -1
- package/build/src/middlewares/verify-middleware.js.map +1 -1
- package/build/src/utils/cookies.d.ts +8 -1
- package/build/src/utils/cookies.js +8 -6
- package/build/src/utils/cookies.js.map +1 -1
- package/package.json +1 -1
|
@@ -40,6 +40,8 @@ let AzureSecretKeysEnum = exports.AzureSecretKeysEnum = /*#__PURE__*/function (A
|
|
|
40
40
|
AzureSecretKeysEnum["GCP_PROJECT_ID"] = "gcp-project-id";
|
|
41
41
|
AzureSecretKeysEnum["PUBSUB_SERVICE_ACCOUNT_KEYS"] = "pubsub-service-account-keys";
|
|
42
42
|
AzureSecretKeysEnum["VAPI_TOKEN"] = "vapi-token";
|
|
43
|
+
AzureSecretKeysEnum["GITHUB_TOKEN"] = "GITHUB-TOKEN";
|
|
44
|
+
AzureSecretKeysEnum["GITHUB_WORKFLOW_URL"] = "GITHUB-WORKFLOW-URL";
|
|
43
45
|
return AzureSecretKeysEnum;
|
|
44
46
|
}({}); // AUTH-SERVICE-AUTHENTICATION-URL
|
|
45
47
|
// https://culturefy-auth-staging.azurewebsites.net/api/verify
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum","exports"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_TENANT_BRIDGE = \"DB-Connecting-String-Tenant-Bridge\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":";;;;AAAA;AAAA,IACYA,mBAAmB,GAAAC,OAAA,CAAAD,mBAAA,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA,
|
|
1
|
+
{"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum","exports"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_TENANT_BRIDGE = \"DB-Connecting-String-Tenant-Bridge\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n GITHUB_TOKEN = \"GITHUB-TOKEN\",\n GITHUB_WORKFLOW_URL = \"GITHUB-WORKFLOW-URL\",\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":";;;;AAAA;AAAA,IACYA,mBAAmB,GAAAC,OAAA,CAAAD,mBAAA,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA,OAqC/B;AACA;AAEA","ignoreList":[]}
|
|
@@ -301,7 +301,15 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
|
|
|
301
301
|
});
|
|
302
302
|
|
|
303
303
|
// Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
|
|
304
|
-
|
|
304
|
+
const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : typeof data.expires_in === "number" ? data.expires_in : 60 * 60 * 24; // fallback 24h
|
|
305
|
+
|
|
306
|
+
(0, _cookies.setCookieKV)(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {
|
|
307
|
+
// mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only
|
|
308
|
+
httpOnly: false,
|
|
309
|
+
secure: true,
|
|
310
|
+
sameSite: "None",
|
|
311
|
+
maxAge: mappingMaxAge
|
|
312
|
+
});
|
|
305
313
|
|
|
306
314
|
// Decode new AT and proceed
|
|
307
315
|
let p2;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_p$sub","_ref2","_p$cfy_bid","_ref3","_p$email","_p$name","_ref4","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","APP_MAP","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","exports","info","_ref5","_ref5$state","_p2$sub","_ref6","_p2$cfy_bid","_ref7","_p2$email","_p2$name","_ref8","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","setCookieKV","p2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping);\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAEM,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGjB,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACG,kBAAO,aAAAjB,cAAA,GAAPiB,kBAAO,CAAGH,KAAK,CAAC,aAAhBd,cAAA,CAAkBkB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGP,kBAAO,CAACH,KAAK,CAAC,CAACI,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAGvC,iBAAiB,CAACW,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIU,OAAsB,GAAGD,OAAO,CAAC,uBAAuBX,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACY,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/B,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC8C,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpC,GAAG,EAAE8B,KAAK,CAAC;EAE/D,MAAMO,YAAY,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACV,OAAO,CAAC;EAE3E,IAAI,CAACS,YAAY,EAAE;IACjB,OAAO;MACLhB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIc,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMkB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMxB,QAAQ,GAAGiB,YAAY,CAACjB,QAAQ;;EAEtC;EACA,IAAIyB,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACP,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAtB,EAAA,GAAC0C,CAAC,aAAD1C,EAAA,CAAG4C,GAAG,GAAE;IACX,OAAO;MACL1B,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMuB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAACtD,GAAG,EAAEC,GAAG,EAAEgB,KAAK,EAAE2B,KAAK,EAAEvB,QAAQ,EAAEqB,EAAE,EAAEb,OAAO,EAAEiB,CAAC,EAAE5C,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMqD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAChD,OAAOyB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKrC,QAAQ,IAAIyB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKvC,QAAQ;EAEpB,IAAI,CAACkC,KAAK,EAAE;IACV,OAAO;MACLjC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAApB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAAS4D,KAAK,YAAAvD,UAAA,GAAlBD,IAAA,CAAawD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;IACxB/C,KAAK;IACLgD,MAAM,GAAA1D,MAAA,GAAEuC,CAAC,CAACoB,GAAG,YAAA3D,MAAA,GAAI,IAAI;IACrB4D,UAAU,GAAA3D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACsB,OAAO,YAAA3D,UAAA,GAAIqD,QAAQ,YAAAtD,KAAA,GAAI,IAAI;IACzCsD,QAAQ;IACRO,KAAK,GAAA3D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACuB,KAAK,YAAA1D,QAAA,GAAImC,CAAC,CAACwB,kBAAkB,YAAA5D,KAAA,GAAI,IAAI;IAC9C6D,IAAI,GAAA3D,OAAA,GAAEkC,CAAC,CAACyB,IAAI,YAAA3D,OAAA,GAAI4D,SAAS;IACzBC,KAAK,GAAA5D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE+B,CAAC,CAAC4B,eAAe,cAAA3D,kBAAA,GAAjBA,kBAAA,CAAoBM,QAAQ,CAAC,qBAA7BN,kBAAA,CAA+B0D,KAAK,YAAA3D,qBAAA,IAAAE,eAAA,GAAI8B,CAAC,CAAC6B,YAAY,qBAAd3D,eAAA,CAAgByD,KAAK,YAAA5D,KAAA,GAAI,EAAE;IAC1EwC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAOnD,IAAI,CAAC,CAAC;AACf,CAAC;AAAC0E,OAAA,CAAA7E,QAAA,GAAAA,QAAA;AAIF,eAAeuD,kBAAkBA,CAC/BtD,GAAgB,EAChBC,GAAsB,EACtBgB,KAAa,EACb4B,OAAe,EACfxB,QAAgB,EAChBqB,EAAsB,EACtBb,OAAe,EACfiB,CAAM,EACN5C,IAAqC,EACV;EAC3B;EACA,IAAI,CAACwC,EAAE,EAAE;IACP,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAzB,GAAG,CAAC4E,IAAI,CAAC,iDAAiD,EAAE;IAC1DhC,OAAO;IACPxB,QAAQ;IACRqB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAoC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAAC1G,MAAM,EAAE;MAC/B2G,MAAM,EAAE,MAAM;MACd1E,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBoB,OAAO;QACPxB,QAAQ,EAAEA,QAAQ;QAClBwE,aAAa,EAAEnD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACgD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9B9F,GAAG,CAAC+F,IAAI,YAAR/F,GAAG,CAAC+F,IAAI,CAAG,wBAAwBN,IAAI,CAACpE,MAAM,IAAIyE,IAAI,EAAE,CAAC;MACzD,OAAO;QACLzE,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMuE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLhF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/B,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC8C,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpC,GAAG,EAAE8B,KAAK,CAAC;IAE/D,MAAMK,mBAAmB,CAACmE,kBAAkB,CAAC1E,OAAO,EAAE;MACpDY,WAAW,EAAE2D,KAAe;MAC5BzD,YAAY,EAAE2D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAIrD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGkD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGjC;IACnG,CAAC,CAAC;;IAEF;IACA,IAAAkC,oBAAW,EAACzG,GAAG,EAAE,uBAAuBgB,KAAK,UAAU,EAAEY,OAAO,CAAC;;IAEjE;IACA,IAAI8E,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA5D,oBAAS,EAACqD,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL9E,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMkF,MAAM,GACTpD,KAAK,CAACC,OAAO,CAACkD,EAAE,CAACjD,GAAG,CAAC,IAAIiD,EAAE,CAACjD,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAClD,OAAOsF,EAAE,CAACjD,GAAG,KAAK,QAAQ,KAAKiD,EAAE,CAACjD,GAAG,KAAKrC,QAAQ,IAAIsF,EAAE,CAACjD,GAAG,KAAK,SAAS,CAAE,IAC7EiD,EAAE,CAAC/C,GAAG,KAAKvC,QAAQ;IACrB,IAAI,CAACuF,MAAM,EAAE;MACX,OAAO;QACLtF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAqD,WAAA,IAAAD,KAAA,GAAC7E,GAAG,EAAS4D,KAAK,YAAAkB,WAAA,GAAlBD,KAAA,CAAajB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMgD,SAAS,GAAGhE,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;MACxB/C,KAAK;MACLgD,MAAM,GAAAe,OAAA,GAAE2B,EAAE,CAACzC,GAAG,YAAAc,OAAA,GAAI,IAAI;MACtBb,UAAU,GAAAc,KAAA,IAAAC,WAAA,GAAEyB,EAAE,CAACvC,OAAO,YAAAc,WAAA,GAAI2B,SAAS,YAAA5B,KAAA,GAAI,IAAI;MAC3CnB,QAAQ,EAAE+C,SAAS;MACnBxC,KAAK,GAAAc,KAAA,IAAAC,SAAA,GAAEuB,EAAE,CAACtC,KAAK,YAAAe,SAAA,GAAIuB,EAAE,CAACrC,kBAAkB,YAAAa,KAAA,GAAI,IAAI;MAChDZ,IAAI,GAAAc,QAAA,GAAEsB,EAAE,CAACpC,IAAI,YAAAc,QAAA,GAAIb,SAAS;MAC1BC,KAAK,GAAAa,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEmB,EAAE,CAACjC,eAAe,cAAAc,mBAAA,GAAlBA,mBAAA,CAAqBnE,QAAQ,CAAC,qBAA9BmE,mBAAA,CAAgCf,KAAK,YAAAc,qBAAA,IAAAE,gBAAA,GAAIkB,EAAE,CAAChC,YAAY,qBAAfc,gBAAA,CAAiBhB,KAAK,YAAAa,KAAA,GAAI,EAAE;MAC5EjC,GAAG,EAAEsD,EAAE,CAACtD;IACV,CAAC;;IAED;IACA,OAAOnD,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAO4G,CAAC,EAAE;IACV7G,GAAG,CAAC8G,KAAK,YAAT9G,GAAG,CAAC8G,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACLxF,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACkF,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAACjD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOgD,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
1
|
+
{"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_p$sub","_ref2","_p$cfy_bid","_ref3","_p$email","_p$name","_ref4","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","APP_MAP","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","exports","info","_ref5","_ref5$state","_p2$sub","_ref6","_p2$cfy_bid","_ref7","_p2$email","_p2$name","_ref8","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","mappingMaxAge","refresh_expires_in","setCookieKV","httpOnly","secure","sameSite","maxAge","p2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAEM,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGjB,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACG,kBAAO,aAAAjB,cAAA,GAAPiB,kBAAO,CAAGH,KAAK,CAAC,aAAhBd,cAAA,CAAkBkB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGP,kBAAO,CAACH,KAAK,CAAC,CAACI,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAGvC,iBAAiB,CAACW,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIU,OAAsB,GAAGD,OAAO,CAAC,uBAAuBX,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACY,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/B,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC8C,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpC,GAAG,EAAE8B,KAAK,CAAC;EAE/D,MAAMO,YAAY,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACV,OAAO,CAAC;EAE3E,IAAI,CAACS,YAAY,EAAE;IACjB,OAAO;MACLhB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIc,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMkB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMxB,QAAQ,GAAGiB,YAAY,CAACjB,QAAQ;;EAEtC;EACA,IAAIyB,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACP,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAtB,EAAA,GAAC0C,CAAC,aAAD1C,EAAA,CAAG4C,GAAG,GAAE;IACX,OAAO;MACL1B,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMuB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAACtD,GAAG,EAAEC,GAAG,EAAEgB,KAAK,EAAE2B,KAAK,EAAEvB,QAAQ,EAAEqB,EAAE,EAAEb,OAAO,EAAEiB,CAAC,EAAE5C,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMqD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAChD,OAAOyB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKrC,QAAQ,IAAIyB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKvC,QAAQ;EAEpB,IAAI,CAACkC,KAAK,EAAE;IACV,OAAO;MACLjC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAApB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAAS4D,KAAK,YAAAvD,UAAA,GAAlBD,IAAA,CAAawD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;IACxB/C,KAAK;IACLgD,MAAM,GAAA1D,MAAA,GAAEuC,CAAC,CAACoB,GAAG,YAAA3D,MAAA,GAAI,IAAI;IACrB4D,UAAU,GAAA3D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACsB,OAAO,YAAA3D,UAAA,GAAIqD,QAAQ,YAAAtD,KAAA,GAAI,IAAI;IACzCsD,QAAQ;IACRO,KAAK,GAAA3D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACuB,KAAK,YAAA1D,QAAA,GAAImC,CAAC,CAACwB,kBAAkB,YAAA5D,KAAA,GAAI,IAAI;IAC9C6D,IAAI,GAAA3D,OAAA,GAAEkC,CAAC,CAACyB,IAAI,YAAA3D,OAAA,GAAI4D,SAAS;IACzBC,KAAK,GAAA5D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE+B,CAAC,CAAC4B,eAAe,cAAA3D,kBAAA,GAAjBA,kBAAA,CAAoBM,QAAQ,CAAC,qBAA7BN,kBAAA,CAA+B0D,KAAK,YAAA3D,qBAAA,IAAAE,eAAA,GAAI8B,CAAC,CAAC6B,YAAY,qBAAd3D,eAAA,CAAgByD,KAAK,YAAA5D,KAAA,GAAI,EAAE;IAC1EwC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAOnD,IAAI,CAAC,CAAC;AACf,CAAC;AAAC0E,OAAA,CAAA7E,QAAA,GAAAA,QAAA;AAIF,eAAeuD,kBAAkBA,CAC/BtD,GAAgB,EAChBC,GAAsB,EACtBgB,KAAa,EACb4B,OAAe,EACfxB,QAAgB,EAChBqB,EAAsB,EACtBb,OAAe,EACfiB,CAAM,EACN5C,IAAqC,EACV;EAC3B;EACA,IAAI,CAACwC,EAAE,EAAE;IACP,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAzB,GAAG,CAAC4E,IAAI,CAAC,iDAAiD,EAAE;IAC1DhC,OAAO;IACPxB,QAAQ;IACRqB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAoC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAAC1G,MAAM,EAAE;MAC/B2G,MAAM,EAAE,MAAM;MACd1E,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBoB,OAAO;QACPxB,QAAQ,EAAEA,QAAQ;QAClBwE,aAAa,EAAEnD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACgD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9B9F,GAAG,CAAC+F,IAAI,YAAR/F,GAAG,CAAC+F,IAAI,CAAG,wBAAwBN,IAAI,CAACpE,MAAM,IAAIyE,IAAI,EAAE,CAAC;MACzD,OAAO;QACLzE,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMuE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLhF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/B,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC8C,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpC,GAAG,EAAE8B,KAAK,CAAC;IAE/D,MAAMK,mBAAmB,CAACmE,kBAAkB,CAAC1E,OAAO,EAAE;MACpDY,WAAW,EAAE2D,KAAe;MAC5BzD,YAAY,EAAE2D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAIrD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGkD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGjC;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMkC,aAAa,GACjB,OAAOP,IAAI,CAACQ,kBAAkB,KAAK,QAAQ,GACvCR,IAAI,CAACQ,kBAAkB,GACvB,OAAOR,IAAI,CAACM,UAAU,KAAK,QAAQ,GACjCN,IAAI,CAACM,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,IAAAG,oBAAW,EAAC3G,GAAG,EAAE,uBAAuBgB,KAAK,UAAU,EAAEY,OAAO,EAAE;MAChE;MACAgF,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEN;IACV,CAAC,CAAC;;IAEF;IACA,IAAIO,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAAlE,oBAAS,EAACqD,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL9E,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMwF,MAAM,GACT1D,KAAK,CAACC,OAAO,CAACwD,EAAE,CAACvD,GAAG,CAAC,IAAIuD,EAAE,CAACvD,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAClD,OAAO4F,EAAE,CAACvD,GAAG,KAAK,QAAQ,KAAKuD,EAAE,CAACvD,GAAG,KAAKrC,QAAQ,IAAI4F,EAAE,CAACvD,GAAG,KAAK,SAAS,CAAE,IAC7EuD,EAAE,CAACrD,GAAG,KAAKvC,QAAQ;IACrB,IAAI,CAAC6F,MAAM,EAAE;MACX,OAAO;QACL5F,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAqD,WAAA,IAAAD,KAAA,GAAC7E,GAAG,EAAS4D,KAAK,YAAAkB,WAAA,GAAlBD,KAAA,CAAajB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMsD,SAAS,GAAGtE,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;MACxB/C,KAAK;MACLgD,MAAM,GAAAe,OAAA,GAAEiC,EAAE,CAAC/C,GAAG,YAAAc,OAAA,GAAI,IAAI;MACtBb,UAAU,GAAAc,KAAA,IAAAC,WAAA,GAAE+B,EAAE,CAAC7C,OAAO,YAAAc,WAAA,GAAIiC,SAAS,YAAAlC,KAAA,GAAI,IAAI;MAC3CnB,QAAQ,EAAEqD,SAAS;MACnB9C,KAAK,GAAAc,KAAA,IAAAC,SAAA,GAAE6B,EAAE,CAAC5C,KAAK,YAAAe,SAAA,GAAI6B,EAAE,CAAC3C,kBAAkB,YAAAa,KAAA,GAAI,IAAI;MAChDZ,IAAI,GAAAc,QAAA,GAAE4B,EAAE,CAAC1C,IAAI,YAAAc,QAAA,GAAIb,SAAS;MAC1BC,KAAK,GAAAa,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEyB,EAAE,CAACvC,eAAe,cAAAc,mBAAA,GAAlBA,mBAAA,CAAqBnE,QAAQ,CAAC,qBAA9BmE,mBAAA,CAAgCf,KAAK,YAAAc,qBAAA,IAAAE,gBAAA,GAAIwB,EAAE,CAACtC,YAAY,qBAAfc,gBAAA,CAAiBhB,KAAK,YAAAa,KAAA,GAAI,EAAE;MAC5EjC,GAAG,EAAE4D,EAAE,CAAC5D;IACV,CAAC;;IAED;IACA,OAAOnD,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOkH,CAAC,EAAE;IACVnH,GAAG,CAACoH,KAAK,YAATpH,GAAG,CAACoH,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACL9F,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACwF,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAACvD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOsD,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
@@ -2,8 +2,15 @@
|
|
|
2
2
|
|
|
3
3
|
exports.__esModule = true;
|
|
4
4
|
exports.setCookieKV = setCookieKV;
|
|
5
|
-
function setCookieKV(ctx, key, value) {
|
|
5
|
+
function setCookieKV(ctx, key, value, options = {}) {
|
|
6
6
|
var _ref, _ref$CTX_COOKIES_OBJ, _ref2, _ref2$CTX_COOKIES;
|
|
7
|
+
const {
|
|
8
|
+
httpOnly = true,
|
|
9
|
+
secure = true,
|
|
10
|
+
sameSite = "None",
|
|
11
|
+
maxAge = 300 // seconds (default)
|
|
12
|
+
} = options;
|
|
13
|
+
|
|
7
14
|
// Object-cookie bag (preferred)
|
|
8
15
|
const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj");
|
|
9
16
|
// @ts-ignore
|
|
@@ -12,17 +19,17 @@ function setCookieKV(ctx, key, value) {
|
|
|
12
19
|
name: key,
|
|
13
20
|
value,
|
|
14
21
|
path: "/",
|
|
15
|
-
httpOnly
|
|
16
|
-
secure
|
|
22
|
+
httpOnly,
|
|
23
|
+
secure,
|
|
17
24
|
// drop to false if testing on http://
|
|
18
|
-
sameSite
|
|
25
|
+
sameSite,
|
|
19
26
|
// use "Lax" for same-site
|
|
20
|
-
maxAge
|
|
27
|
+
maxAge
|
|
21
28
|
});
|
|
22
29
|
|
|
23
30
|
// (Optional) Keep your string fallback too:
|
|
24
31
|
const CTX_COOKIES = Symbol.for("cfy.resCookies");
|
|
25
32
|
const strBag = (_ref2$CTX_COOKIES = (_ref2 = ctx)[CTX_COOKIES]) != null ? _ref2$CTX_COOKIES : _ref2[CTX_COOKIES] = [];
|
|
26
|
-
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path
|
|
33
|
+
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
|
|
27
34
|
}
|
|
28
35
|
//# sourceMappingURL=cookies.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","
|
|
1
|
+
{"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","options","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","httpOnly","secure","sameSite","maxAge","CTX_COOKIES_OBJ","Symbol","for","objBag","push","name","path","CTX_COOKIES","strBag","encodeURIComponent"],"sources":["../../../src/utils/cookies.ts"],"sourcesContent":["import { InvocationContext } from \"@azure/functions\";\n\ntype CookieOptions = {\n httpOnly?: boolean;\n secure?: boolean;\n sameSite?: \"None\" | \"Lax\" | \"Strict\";\n maxAge?: number;\n};\n\nexport function setCookieKV(\n ctx: InvocationContext,\n key: string,\n value: string,\n options: CookieOptions = {}\n): void {\n const {\n httpOnly = true,\n secure = true,\n sameSite = \"None\",\n maxAge = 300, // seconds (default)\n } = options;\n\n // Object-cookie bag (preferred)\n const CTX_COOKIES_OBJ = Symbol.for(\"cfy.resCookies.obj\");\n // @ts-ignore\n const objBag = ((ctx as any)[CTX_COOKIES_OBJ] ??= [] as HttpCookie[]);\n objBag.push({\n name: key,\n value,\n path: \"/\",\n httpOnly,\n secure, // drop to false if testing on http://\n sameSite, // use \"Lax\" for same-site\n maxAge,\n });\n\n // (Optional) Keep your string fallback too:\n const CTX_COOKIES = Symbol.for(\"cfy.resCookies\");\n const strBag = ((ctx as any)[CTX_COOKIES] ??= [] as string[]);\n strBag.push(\n `${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? \" HttpOnly;\" : \"\"} SameSite=${sameSite};${secure ? \" Secure;\" : \"\"}${typeof maxAge === \"number\" ? ` Max-Age=${maxAge}` : \"\"}`\n );\n}"],"mappings":";;;;AASO,SAASA,WAAWA,CACzBC,GAAsB,EACtBC,GAAW,EACXC,KAAa,EACbC,OAAsB,GAAG,CAAC,CAAC,EACrB;EAAA,IAAAC,IAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,iBAAA;EACN,MAAM;IACJC,QAAQ,GAAG,IAAI;IACfC,MAAM,GAAG,IAAI;IACbC,QAAQ,GAAG,MAAM;IACjBC,MAAM,GAAG,GAAG,CAAE;EAChB,CAAC,GAAGR,OAAO;;EAEX;EACA,MAAMS,eAAe,GAAGC,MAAM,CAACC,GAAG,CAAC,oBAAoB,CAAC;EACxD;EACA,MAAMC,MAAM,IAAAV,oBAAA,GAAI,CAAAD,IAAA,GAACJ,GAAG,EAASY,eAAe,CAAC,YAAAP,oBAAA,GAA7BD,IAAA,CAAaQ,eAAe,CAAC,GAAK,EAAmB;EACrEG,MAAM,CAACC,IAAI,CAAC;IACRC,IAAI,EAAEhB,GAAG;IACTC,KAAK;IACLgB,IAAI,EAAE,GAAG;IACTV,QAAQ;IACRC,MAAM;IAAQ;IACdC,QAAQ;IAAI;IACZC;EACJ,CAAC,CAAC;;EAEF;EACA,MAAMQ,WAAW,GAAGN,MAAM,CAACC,GAAG,CAAC,gBAAgB,CAAC;EAChD,MAAMM,MAAM,IAAAb,iBAAA,GAAI,CAAAD,KAAA,GAACN,GAAG,EAASmB,WAAW,CAAC,YAAAZ,iBAAA,GAAzBD,KAAA,CAAaa,WAAW,CAAC,GAAK,EAAe;EAC7DC,MAAM,CAACJ,IAAI,CACP,GAAGK,kBAAkB,CAACpB,GAAG,CAAC,IAAIoB,kBAAkB,CAACnB,KAAK,CAAC,YAAYM,QAAQ,GAAG,YAAY,GAAG,EAAE,aAAaE,QAAQ,IAAID,MAAM,GAAG,UAAU,GAAG,EAAE,GAAG,OAAOE,MAAM,KAAK,QAAQ,GAAG,YAAYA,MAAM,EAAE,GAAG,EAAE,EAC7M,CAAC;AACH","ignoreList":[]}
|
|
@@ -36,6 +36,8 @@ export let AzureSecretKeysEnum = /*#__PURE__*/function (AzureSecretKeysEnum) {
|
|
|
36
36
|
AzureSecretKeysEnum["GCP_PROJECT_ID"] = "gcp-project-id";
|
|
37
37
|
AzureSecretKeysEnum["PUBSUB_SERVICE_ACCOUNT_KEYS"] = "pubsub-service-account-keys";
|
|
38
38
|
AzureSecretKeysEnum["VAPI_TOKEN"] = "vapi-token";
|
|
39
|
+
AzureSecretKeysEnum["GITHUB_TOKEN"] = "GITHUB-TOKEN";
|
|
40
|
+
AzureSecretKeysEnum["GITHUB_WORKFLOW_URL"] = "GITHUB-WORKFLOW-URL";
|
|
39
41
|
return AzureSecretKeysEnum;
|
|
40
42
|
}({});
|
|
41
43
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_TENANT_BRIDGE = \"DB-Connecting-String-Tenant-Bridge\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":"AAAA;AACA,WAAYA,mBAAmB,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA;;
|
|
1
|
+
{"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_TENANT_BRIDGE = \"DB-Connecting-String-Tenant-Bridge\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n GITHUB_TOKEN = \"GITHUB-TOKEN\",\n GITHUB_WORKFLOW_URL = \"GITHUB-WORKFLOW-URL\",\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":"AAAA;AACA,WAAYA,mBAAmB,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA;;AAqC/B;AACA;;AAEA","ignoreList":[]}
|
|
@@ -296,7 +296,15 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
|
|
|
296
296
|
});
|
|
297
297
|
|
|
298
298
|
// Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
|
|
299
|
-
|
|
299
|
+
const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : typeof data.expires_in === "number" ? data.expires_in : 60 * 60 * 24; // fallback 24h
|
|
300
|
+
|
|
301
|
+
setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {
|
|
302
|
+
// mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only
|
|
303
|
+
httpOnly: false,
|
|
304
|
+
secure: true,
|
|
305
|
+
sameSite: "None",
|
|
306
|
+
maxAge: mappingMaxAge
|
|
307
|
+
});
|
|
300
308
|
|
|
301
309
|
// Decode new AT and proceed
|
|
302
310
|
let p2;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_p$sub","_ref2","_p$cfy_bid","_ref3","_p$email","_p$name","_ref4","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","_unused","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","info","_ref5","_ref5$state","_p2$sub","_ref6","_p2$cfy_bid","_ref7","_p2$email","_p2$name","_ref8","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","p2","_unused2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping);\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,wBAAwB,QAAQ,UAAU;AAEnD,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGjB,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACtC,OAAO,aAAAwB,cAAA,GAAPxB,OAAO,CAAGsC,KAAK,CAAC,aAAhBd,cAAA,CAAkBiB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAG/C,OAAO,CAACsC,KAAK,CAAC,CAACG,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAGtC,iBAAiB,CAACW,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIS,OAAsB,GAAGD,OAAO,CAAC,uBAAuBV,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACW,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM/C,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC4C,oBAAoB,IAAI,EAAE,EACtClD,mBAAmB,CAACmD,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMQ,mBAAmB,GAAG,IAAIjD,mBAAmB,CAACiB,GAAG,EAAE6B,KAAK,CAAC;EAE/D,MAAMI,YAAY,GAAG,MAAMD,mBAAmB,CAACE,mBAAmB,CAACP,OAAO,CAAC;EAE3E,IAAI,CAACM,YAAY,EAAE;IACjB,OAAO;MACLb,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIW,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMe,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMrB,QAAQ,GAAGc,YAAY,CAACd,QAAQ;;EAEtC;EACA,IAAIsB,CAAM;EACV,IAAI;IACFA,CAAC,GAAG9D,SAAS,CAACwD,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAO,OAAA,EAAM;IACN,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAArB,EAAA,GAACsC,CAAC,aAADtC,EAAA,CAAGwC,GAAG,GAAE;IACX,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMoB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAClD,GAAG,EAAEC,GAAG,EAAEgB,KAAK,EAAEuB,KAAK,EAAEpB,QAAQ,EAAEkB,EAAE,EAAEV,OAAO,EAAEc,CAAC,EAAExC,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMiD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAChD,OAAOsB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKlC,QAAQ,IAAIsB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKpC,QAAQ;EAEpB,IAAI,CAAC+B,KAAK,EAAE;IACV,OAAO;MACL9B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAnB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAASwD,KAAK,YAAAnD,UAAA,GAAlBD,IAAA,CAAaoD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhC1D,GAAG,CAASwD,KAAK,CAACG,IAAI,GAAG;IACxB3C,KAAK;IACL4C,MAAM,GAAAtD,MAAA,GAAEmC,CAAC,CAACoB,GAAG,YAAAvD,MAAA,GAAI,IAAI;IACrBwD,UAAU,GAAAvD,KAAA,IAAAC,UAAA,GAAEiC,CAAC,CAACsB,OAAO,YAAAvD,UAAA,GAAIiD,QAAQ,YAAAlD,KAAA,GAAI,IAAI;IACzCkD,QAAQ;IACRO,KAAK,GAAAvD,KAAA,IAAAC,QAAA,GAAE+B,CAAC,CAACuB,KAAK,YAAAtD,QAAA,GAAI+B,CAAC,CAACwB,kBAAkB,YAAAxD,KAAA,GAAI,IAAI;IAC9CyD,IAAI,GAAAvD,OAAA,GAAE8B,CAAC,CAACyB,IAAI,YAAAvD,OAAA,GAAIwD,SAAS;IACzBC,KAAK,GAAAxD,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE2B,CAAC,CAAC4B,eAAe,cAAAvD,kBAAA,GAAjBA,kBAAA,CAAoBK,QAAQ,CAAC,qBAA7BL,kBAAA,CAA+BsD,KAAK,YAAAvD,qBAAA,IAAAE,eAAA,GAAI0B,CAAC,CAAC6B,YAAY,qBAAdvD,eAAA,CAAgBqD,KAAK,YAAAxD,KAAA,GAAI,EAAE;IAC1EoC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAO/C,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAegD,kBAAkBA,CAC/BlD,GAAgB,EAChBC,GAAsB,EACtBgB,KAAa,EACbwB,OAAe,EACfrB,QAAgB,EAChBkB,EAAsB,EACtBV,OAAe,EACfc,CAAM,EACNxC,IAAqC,EACV;EAC3B;EACA,IAAI,CAACoC,EAAE,EAAE;IACP,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAxB,GAAG,CAACuE,IAAI,CAAC,iDAAiD,EAAE;IAC1D/B,OAAO;IACPrB,QAAQ;IACRkB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAmC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAACrG,MAAM,EAAE;MAC/BsG,MAAM,EAAE,MAAM;MACdrE,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBiB,OAAO;QACPrB,QAAQ,EAAEA,QAAQ;QAClBoE,aAAa,EAAElD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC+C,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9BzF,GAAG,CAAC0F,IAAI,YAAR1F,GAAG,CAAC0F,IAAI,CAAG,wBAAwBN,IAAI,CAAChE,MAAM,IAAIqE,IAAI,EAAE,CAAC;MACzD,OAAO;QACLrE,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMmE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL5E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM/C,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC4C,oBAAoB,IAAI,EAAE,EACtClD,mBAAmB,CAACmD,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMQ,mBAAmB,GAAG,IAAIjD,mBAAmB,CAACiB,GAAG,EAAE6B,KAAK,CAAC;IAE/D,MAAMG,mBAAmB,CAACiE,kBAAkB,CAACtE,OAAO,EAAE;MACpDS,WAAW,EAAE0D,KAAe;MAC5BxD,YAAY,EAAE0D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAIpD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGiD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGhC;IACnG,CAAC,CAAC;;IAEF;IACAtF,WAAW,CAACmB,GAAG,EAAE,uBAAuBgB,KAAK,UAAU,EAAEW,OAAO,CAAC;;IAEjE;IACA,IAAIyE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAGzH,SAAS,CAACmH,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAO,QAAA,EAAM;MACnC,OAAO;QACLjF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAM8E,MAAM,GACTnD,KAAK,CAACC,OAAO,CAACgD,EAAE,CAAC/C,GAAG,CAAC,IAAI+C,EAAE,CAAC/C,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAClD,OAAOiF,EAAE,CAAC/C,GAAG,KAAK,QAAQ,KAAK+C,EAAE,CAAC/C,GAAG,KAAKlC,QAAQ,IAAIiF,EAAE,CAAC/C,GAAG,KAAK,SAAS,CAAE,IAC7E+C,EAAE,CAAC7C,GAAG,KAAKpC,QAAQ;IACrB,IAAI,CAACmF,MAAM,EAAE;MACX,OAAO;QACLlF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAiD,WAAA,IAAAD,KAAA,GAACxE,GAAG,EAASwD,KAAK,YAAAiB,WAAA,GAAlBD,KAAA,CAAahB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+C,SAAS,GAAG/D,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnC1D,GAAG,CAASwD,KAAK,CAACG,IAAI,GAAG;MACxB3C,KAAK;MACL4C,MAAM,GAAAc,OAAA,GAAE0B,EAAE,CAACvC,GAAG,YAAAa,OAAA,GAAI,IAAI;MACtBZ,UAAU,GAAAa,KAAA,IAAAC,WAAA,GAAEwB,EAAE,CAACrC,OAAO,YAAAa,WAAA,GAAI2B,SAAS,YAAA5B,KAAA,GAAI,IAAI;MAC3ClB,QAAQ,EAAE8C,SAAS;MACnBvC,KAAK,GAAAa,KAAA,IAAAC,SAAA,GAAEsB,EAAE,CAACpC,KAAK,YAAAc,SAAA,GAAIsB,EAAE,CAACnC,kBAAkB,YAAAY,KAAA,GAAI,IAAI;MAChDX,IAAI,GAAAa,QAAA,GAAEqB,EAAE,CAAClC,IAAI,YAAAa,QAAA,GAAIZ,SAAS;MAC1BC,KAAK,GAAAY,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEkB,EAAE,CAAC/B,eAAe,cAAAa,mBAAA,GAAlBA,mBAAA,CAAqB/D,QAAQ,CAAC,qBAA9B+D,mBAAA,CAAgCd,KAAK,YAAAa,qBAAA,IAAAE,gBAAA,GAAIiB,EAAE,CAAC9B,YAAY,qBAAfa,gBAAA,CAAiBf,KAAK,YAAAY,KAAA,GAAI,EAAE;MAC5EhC,GAAG,EAAEoD,EAAE,CAACpD;IACV,CAAC;;IAED;IACA,OAAO/C,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOuG,CAAC,EAAE;IACVxG,GAAG,CAACyG,KAAK,YAATzG,GAAG,CAACyG,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACLpF,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAAC8E,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAAChD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAO+C,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
1
|
+
{"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_p$sub","_ref2","_p$cfy_bid","_ref3","_p$email","_p$name","_ref4","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","_unused","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","info","_ref5","_ref5$state","_p2$sub","_ref6","_p2$cfy_bid","_ref7","_p2$email","_p2$name","_ref8","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","mappingMaxAge","refresh_expires_in","httpOnly","secure","sameSite","maxAge","p2","_unused2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,wBAAwB,QAAQ,UAAU;AAEnD,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGjB,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACtC,OAAO,aAAAwB,cAAA,GAAPxB,OAAO,CAAGsC,KAAK,CAAC,aAAhBd,cAAA,CAAkBiB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAG/C,OAAO,CAACsC,KAAK,CAAC,CAACG,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAGtC,iBAAiB,CAACW,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIS,OAAsB,GAAGD,OAAO,CAAC,uBAAuBV,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACW,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM/C,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC4C,oBAAoB,IAAI,EAAE,EACtClD,mBAAmB,CAACmD,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMQ,mBAAmB,GAAG,IAAIjD,mBAAmB,CAACiB,GAAG,EAAE6B,KAAK,CAAC;EAE/D,MAAMI,YAAY,GAAG,MAAMD,mBAAmB,CAACE,mBAAmB,CAACP,OAAO,CAAC;EAE3E,IAAI,CAACM,YAAY,EAAE;IACjB,OAAO;MACLb,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIW,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMe,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMrB,QAAQ,GAAGc,YAAY,CAACd,QAAQ;;EAEtC;EACA,IAAIsB,CAAM;EACV,IAAI;IACFA,CAAC,GAAG9D,SAAS,CAACwD,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAO,OAAA,EAAM;IACN,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAArB,EAAA,GAACsC,CAAC,aAADtC,EAAA,CAAGwC,GAAG,GAAE;IACX,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMoB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAClD,GAAG,EAAEC,GAAG,EAAEgB,KAAK,EAAEuB,KAAK,EAAEpB,QAAQ,EAAEkB,EAAE,EAAEV,OAAO,EAAEc,CAAC,EAAExC,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMiD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAChD,OAAOsB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKlC,QAAQ,IAAIsB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKpC,QAAQ;EAEpB,IAAI,CAAC+B,KAAK,EAAE;IACV,OAAO;MACL9B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAnB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAASwD,KAAK,YAAAnD,UAAA,GAAlBD,IAAA,CAAaoD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhC1D,GAAG,CAASwD,KAAK,CAACG,IAAI,GAAG;IACxB3C,KAAK;IACL4C,MAAM,GAAAtD,MAAA,GAAEmC,CAAC,CAACoB,GAAG,YAAAvD,MAAA,GAAI,IAAI;IACrBwD,UAAU,GAAAvD,KAAA,IAAAC,UAAA,GAAEiC,CAAC,CAACsB,OAAO,YAAAvD,UAAA,GAAIiD,QAAQ,YAAAlD,KAAA,GAAI,IAAI;IACzCkD,QAAQ;IACRO,KAAK,GAAAvD,KAAA,IAAAC,QAAA,GAAE+B,CAAC,CAACuB,KAAK,YAAAtD,QAAA,GAAI+B,CAAC,CAACwB,kBAAkB,YAAAxD,KAAA,GAAI,IAAI;IAC9CyD,IAAI,GAAAvD,OAAA,GAAE8B,CAAC,CAACyB,IAAI,YAAAvD,OAAA,GAAIwD,SAAS;IACzBC,KAAK,GAAAxD,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE2B,CAAC,CAAC4B,eAAe,cAAAvD,kBAAA,GAAjBA,kBAAA,CAAoBK,QAAQ,CAAC,qBAA7BL,kBAAA,CAA+BsD,KAAK,YAAAvD,qBAAA,IAAAE,eAAA,GAAI0B,CAAC,CAAC6B,YAAY,qBAAdvD,eAAA,CAAgBqD,KAAK,YAAAxD,KAAA,GAAI,EAAE;IAC1EoC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAO/C,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAegD,kBAAkBA,CAC/BlD,GAAgB,EAChBC,GAAsB,EACtBgB,KAAa,EACbwB,OAAe,EACfrB,QAAgB,EAChBkB,EAAsB,EACtBV,OAAe,EACfc,CAAM,EACNxC,IAAqC,EACV;EAC3B;EACA,IAAI,CAACoC,EAAE,EAAE;IACP,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAxB,GAAG,CAACuE,IAAI,CAAC,iDAAiD,EAAE;IAC1D/B,OAAO;IACPrB,QAAQ;IACRkB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAmC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAACrG,MAAM,EAAE;MAC/BsG,MAAM,EAAE,MAAM;MACdrE,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBiB,OAAO;QACPrB,QAAQ,EAAEA,QAAQ;QAClBoE,aAAa,EAAElD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC+C,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9BzF,GAAG,CAAC0F,IAAI,YAAR1F,GAAG,CAAC0F,IAAI,CAAG,wBAAwBN,IAAI,CAAChE,MAAM,IAAIqE,IAAI,EAAE,CAAC;MACzD,OAAO;QACLrE,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMmE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL5E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM/C,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC4C,oBAAoB,IAAI,EAAE,EACtClD,mBAAmB,CAACmD,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMQ,mBAAmB,GAAG,IAAIjD,mBAAmB,CAACiB,GAAG,EAAE6B,KAAK,CAAC;IAE/D,MAAMG,mBAAmB,CAACiE,kBAAkB,CAACtE,OAAO,EAAE;MACpDS,WAAW,EAAE0D,KAAe;MAC5BxD,YAAY,EAAE0D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAIpD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGiD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGhC;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMiC,aAAa,GACjB,OAAOP,IAAI,CAACQ,kBAAkB,KAAK,QAAQ,GACvCR,IAAI,CAACQ,kBAAkB,GACvB,OAAOR,IAAI,CAACM,UAAU,KAAK,QAAQ,GACjCN,IAAI,CAACM,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtBtH,WAAW,CAACmB,GAAG,EAAE,uBAAuBgB,KAAK,UAAU,EAAEW,OAAO,EAAE;MAChE;MACA2E,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEL;IACV,CAAC,CAAC;;IAEF;IACA,IAAIM,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG/H,SAAS,CAACmH,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAa,QAAA,EAAM;MACnC,OAAO;QACLvF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMoF,MAAM,GACTzD,KAAK,CAACC,OAAO,CAACsD,EAAE,CAACrD,GAAG,CAAC,IAAIqD,EAAE,CAACrD,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAClD,OAAOuF,EAAE,CAACrD,GAAG,KAAK,QAAQ,KAAKqD,EAAE,CAACrD,GAAG,KAAKlC,QAAQ,IAAIuF,EAAE,CAACrD,GAAG,KAAK,SAAS,CAAE,IAC7EqD,EAAE,CAACnD,GAAG,KAAKpC,QAAQ;IACrB,IAAI,CAACyF,MAAM,EAAE;MACX,OAAO;QACLxF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAiD,WAAA,IAAAD,KAAA,GAACxE,GAAG,EAASwD,KAAK,YAAAiB,WAAA,GAAlBD,KAAA,CAAahB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMqD,SAAS,GAAGrE,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnC1D,GAAG,CAASwD,KAAK,CAACG,IAAI,GAAG;MACxB3C,KAAK;MACL4C,MAAM,GAAAc,OAAA,GAAEgC,EAAE,CAAC7C,GAAG,YAAAa,OAAA,GAAI,IAAI;MACtBZ,UAAU,GAAAa,KAAA,IAAAC,WAAA,GAAE8B,EAAE,CAAC3C,OAAO,YAAAa,WAAA,GAAIiC,SAAS,YAAAlC,KAAA,GAAI,IAAI;MAC3ClB,QAAQ,EAAEoD,SAAS;MACnB7C,KAAK,GAAAa,KAAA,IAAAC,SAAA,GAAE4B,EAAE,CAAC1C,KAAK,YAAAc,SAAA,GAAI4B,EAAE,CAACzC,kBAAkB,YAAAY,KAAA,GAAI,IAAI;MAChDX,IAAI,GAAAa,QAAA,GAAE2B,EAAE,CAACxC,IAAI,YAAAa,QAAA,GAAIZ,SAAS;MAC1BC,KAAK,GAAAY,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEwB,EAAE,CAACrC,eAAe,cAAAa,mBAAA,GAAlBA,mBAAA,CAAqB/D,QAAQ,CAAC,qBAA9B+D,mBAAA,CAAgCd,KAAK,YAAAa,qBAAA,IAAAE,gBAAA,GAAIuB,EAAE,CAACpC,YAAY,qBAAfa,gBAAA,CAAiBf,KAAK,YAAAY,KAAA,GAAI,EAAE;MAC5EhC,GAAG,EAAE0D,EAAE,CAAC1D;IACV,CAAC;;IAED;IACA,OAAO/C,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAO6G,CAAC,EAAE;IACV9G,GAAG,CAAC+G,KAAK,YAAT/G,GAAG,CAAC+G,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACL1F,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACoF,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAACtD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOqD,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
@@ -1,5 +1,12 @@
|
|
|
1
|
-
export function setCookieKV(ctx, key, value) {
|
|
1
|
+
export function setCookieKV(ctx, key, value, options = {}) {
|
|
2
2
|
var _ref, _ref$CTX_COOKIES_OBJ, _ref2, _ref2$CTX_COOKIES;
|
|
3
|
+
const {
|
|
4
|
+
httpOnly = true,
|
|
5
|
+
secure = true,
|
|
6
|
+
sameSite = "None",
|
|
7
|
+
maxAge = 300 // seconds (default)
|
|
8
|
+
} = options;
|
|
9
|
+
|
|
3
10
|
// Object-cookie bag (preferred)
|
|
4
11
|
const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj");
|
|
5
12
|
// @ts-ignore
|
|
@@ -8,17 +15,17 @@ export function setCookieKV(ctx, key, value) {
|
|
|
8
15
|
name: key,
|
|
9
16
|
value,
|
|
10
17
|
path: "/",
|
|
11
|
-
httpOnly
|
|
12
|
-
secure
|
|
18
|
+
httpOnly,
|
|
19
|
+
secure,
|
|
13
20
|
// drop to false if testing on http://
|
|
14
|
-
sameSite
|
|
21
|
+
sameSite,
|
|
15
22
|
// use "Lax" for same-site
|
|
16
|
-
maxAge
|
|
23
|
+
maxAge
|
|
17
24
|
});
|
|
18
25
|
|
|
19
26
|
// (Optional) Keep your string fallback too:
|
|
20
27
|
const CTX_COOKIES = Symbol.for("cfy.resCookies");
|
|
21
28
|
const strBag = (_ref2$CTX_COOKIES = (_ref2 = ctx)[CTX_COOKIES]) != null ? _ref2$CTX_COOKIES : _ref2[CTX_COOKIES] = [];
|
|
22
|
-
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path
|
|
29
|
+
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
|
|
23
30
|
}
|
|
24
31
|
//# sourceMappingURL=cookies.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","
|
|
1
|
+
{"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","options","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","httpOnly","secure","sameSite","maxAge","CTX_COOKIES_OBJ","Symbol","for","objBag","push","name","path","CTX_COOKIES","strBag","encodeURIComponent"],"sources":["../../../src/utils/cookies.ts"],"sourcesContent":["import { InvocationContext } from \"@azure/functions\";\n\ntype CookieOptions = {\n httpOnly?: boolean;\n secure?: boolean;\n sameSite?: \"None\" | \"Lax\" | \"Strict\";\n maxAge?: number;\n};\n\nexport function setCookieKV(\n ctx: InvocationContext,\n key: string,\n value: string,\n options: CookieOptions = {}\n): void {\n const {\n httpOnly = true,\n secure = true,\n sameSite = \"None\",\n maxAge = 300, // seconds (default)\n } = options;\n\n // Object-cookie bag (preferred)\n const CTX_COOKIES_OBJ = Symbol.for(\"cfy.resCookies.obj\");\n // @ts-ignore\n const objBag = ((ctx as any)[CTX_COOKIES_OBJ] ??= [] as HttpCookie[]);\n objBag.push({\n name: key,\n value,\n path: \"/\",\n httpOnly,\n secure, // drop to false if testing on http://\n sameSite, // use \"Lax\" for same-site\n maxAge,\n });\n\n // (Optional) Keep your string fallback too:\n const CTX_COOKIES = Symbol.for(\"cfy.resCookies\");\n const strBag = ((ctx as any)[CTX_COOKIES] ??= [] as string[]);\n strBag.push(\n `${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? \" HttpOnly;\" : \"\"} SameSite=${sameSite};${secure ? \" Secure;\" : \"\"}${typeof maxAge === \"number\" ? ` Max-Age=${maxAge}` : \"\"}`\n );\n}"],"mappings":"AASA,OAAO,SAASA,WAAWA,CACzBC,GAAsB,EACtBC,GAAW,EACXC,KAAa,EACbC,OAAsB,GAAG,CAAC,CAAC,EACrB;EAAA,IAAAC,IAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,iBAAA;EACN,MAAM;IACJC,QAAQ,GAAG,IAAI;IACfC,MAAM,GAAG,IAAI;IACbC,QAAQ,GAAG,MAAM;IACjBC,MAAM,GAAG,GAAG,CAAE;EAChB,CAAC,GAAGR,OAAO;;EAEX;EACA,MAAMS,eAAe,GAAGC,MAAM,CAACC,GAAG,CAAC,oBAAoB,CAAC;EACxD;EACA,MAAMC,MAAM,IAAAV,oBAAA,GAAI,CAAAD,IAAA,GAACJ,GAAG,EAASY,eAAe,CAAC,YAAAP,oBAAA,GAA7BD,IAAA,CAAaQ,eAAe,CAAC,GAAK,EAAmB;EACrEG,MAAM,CAACC,IAAI,CAAC;IACRC,IAAI,EAAEhB,GAAG;IACTC,KAAK;IACLgB,IAAI,EAAE,GAAG;IACTV,QAAQ;IACRC,MAAM;IAAQ;IACdC,QAAQ;IAAI;IACZC;EACJ,CAAC,CAAC;;EAEF;EACA,MAAMQ,WAAW,GAAGN,MAAM,CAACC,GAAG,CAAC,gBAAgB,CAAC;EAChD,MAAMM,MAAM,IAAAb,iBAAA,GAAI,CAAAD,KAAA,GAACN,GAAG,EAASmB,WAAW,CAAC,YAAAZ,iBAAA,GAAzBD,KAAA,CAAaa,WAAW,CAAC,GAAK,EAAe;EAC7DC,MAAM,CAACJ,IAAI,CACP,GAAGK,kBAAkB,CAACpB,GAAG,CAAC,IAAIoB,kBAAkB,CAACnB,KAAK,CAAC,YAAYM,QAAQ,GAAG,YAAY,GAAG,EAAE,aAAaE,QAAQ,IAAID,MAAM,GAAG,UAAU,GAAG,EAAE,GAAG,OAAOE,MAAM,KAAK,QAAQ,GAAG,YAAYA,MAAM,EAAE,GAAG,EAAE,EAC7M,CAAC;AACH","ignoreList":[]}
|
|
@@ -30,5 +30,7 @@ export declare enum AzureSecretKeysEnum {
|
|
|
30
30
|
AUTH_SERVICE_AUTHENTICATION_URL = "AUTH-SERVICE-AUTHENTICATION-URL",
|
|
31
31
|
GCP_PROJECT_ID = "gcp-project-id",
|
|
32
32
|
PUBSUB_SERVICE_ACCOUNT_KEYS = "pubsub-service-account-keys",
|
|
33
|
-
VAPI_TOKEN = "vapi-token"
|
|
33
|
+
VAPI_TOKEN = "vapi-token",
|
|
34
|
+
GITHUB_TOKEN = "GITHUB-TOKEN",
|
|
35
|
+
GITHUB_WORKFLOW_URL = "GITHUB-WORKFLOW-URL"
|
|
34
36
|
}
|
|
@@ -36,6 +36,8 @@ var AzureSecretKeysEnum;
|
|
|
36
36
|
AzureSecretKeysEnum["GCP_PROJECT_ID"] = "gcp-project-id";
|
|
37
37
|
AzureSecretKeysEnum["PUBSUB_SERVICE_ACCOUNT_KEYS"] = "pubsub-service-account-keys";
|
|
38
38
|
AzureSecretKeysEnum["VAPI_TOKEN"] = "vapi-token";
|
|
39
|
+
AzureSecretKeysEnum["GITHUB_TOKEN"] = "GITHUB-TOKEN";
|
|
40
|
+
AzureSecretKeysEnum["GITHUB_WORKFLOW_URL"] = "GITHUB-WORKFLOW-URL";
|
|
39
41
|
})(AzureSecretKeysEnum || (exports.AzureSecretKeysEnum = AzureSecretKeysEnum = {}));
|
|
40
42
|
// AUTH-SERVICE-AUTHENTICATION-URL
|
|
41
43
|
// https://culturefy-auth-staging.azurewebsites.net/api/verify
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secretKeys.enum.js","sourceRoot":"","sources":["../../../src/enums/secretKeys.enum.ts"],"names":[],"mappings":";;;AAAA,uBAAuB;AACvB,IAAY,
|
|
1
|
+
{"version":3,"file":"secretKeys.enum.js","sourceRoot":"","sources":["../../../src/enums/secretKeys.enum.ts"],"names":[],"mappings":";;;AAAA,uBAAuB;AACvB,IAAY,mBAmCX;AAnCD,WAAY,mBAAmB;IAC7B,oFAA6D,CAAA;IAC7D,4EAAqD,CAAA;IACrD,8DAAuC,CAAA;IACvC,8FAAuE,CAAA;IACvE,0FAAmE,CAAA;IACnE,sFAA+D,CAAA;IAC/D,8DAAuC,CAAA;IACvC,8EAAuD,CAAA;IACvD,8EAAuD,CAAA;IACvD,gGAAyE,CAAA;IACzE,oFAA6D,CAAA;IAC7D,8EAAuD,CAAA;IACvD,oFAA6D,CAAA;IAC7D,oFAA8D,CAAA;IAC9D,oFAA6D,CAAA;IAC7D,gGAAyE,CAAA;IACzE,qFAA8D,CAAA;IAC9D,sGAA+E,CAAA;IAC/E,oGAA6E,CAAA;IAC7E,oGAA6E,CAAA;IAC7E,gGAAyE,CAAA;IACzE,8DAAuC,CAAA;IACvC,gHAAyF,CAAA;IACzF,8GAAuF,CAAA;IACvF,gGAAyE,CAAA;IACzE,2EAAkD,CAAA;IAClD,0EAAiD,CAAA;IACjD,wGAAiF,CAAA;IACjF,0FAAmE,CAAA;IACnE,wDAA+B,CAAA;IAC/B,kFAAyD,CAAA;IACzD,gDAAyB,CAAA;IACzB,oDAA6B,CAAA;IAC7B,kEAA2C,CAAA;AAC7C,CAAC,EAnCW,mBAAmB,mCAAnB,mBAAmB,QAmC9B;AAED,kCAAkC;AAClC,8DAA8D;AAE9D,sBAAsB"}
|
|
@@ -196,7 +196,18 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
|
|
|
196
196
|
expiresAt: typeof data.expires_in === "number" ? new Date(Date.now() + data.expires_in * 1000) : undefined
|
|
197
197
|
});
|
|
198
198
|
// Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
|
|
199
|
-
|
|
199
|
+
const mappingMaxAge = typeof data.refresh_expires_in === "number"
|
|
200
|
+
? data.refresh_expires_in
|
|
201
|
+
: typeof data.expires_in === "number"
|
|
202
|
+
? data.expires_in
|
|
203
|
+
: 60 * 60 * 24; // fallback 24h
|
|
204
|
+
(0, cookies_1.setCookieKV)(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {
|
|
205
|
+
// mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only
|
|
206
|
+
httpOnly: false,
|
|
207
|
+
secure: true,
|
|
208
|
+
sameSite: "None",
|
|
209
|
+
maxAge: mappingMaxAge
|
|
210
|
+
});
|
|
200
211
|
// Decode new AT and proceed
|
|
201
212
|
let p2;
|
|
202
213
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAoD;AAEpD,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAA;AAEpD,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEK,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEjD,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE7D,IAAI,OAAO,GAAkB,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC,CAAC;IAE7E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAE5E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;IAEvC,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,4BAA4B;IAC5B,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9C,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC1F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC1E,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC;IAErB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,CAAC,CAAC,GAAG,mCAAI,IAAI;QACrB,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC1E,GAAG,EAAE,CAAC,CAAC,GAAG;KACX,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AA3IW,QAAA,QAAQ,YA2InB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,iDAAiD,EAAE;YAC1D,OAAO;YACP,QAAQ;YACR,EAAE;SACH,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAA,GAAG,CAAC,IAAI,oDAAG,wBAAwB,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC1D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBACpD,WAAW,EAAE,KAAe;gBAC5B,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4FAA4F;YAC5F,IAAA,qBAAW,EAAC,GAAG,EAAE,uBAAuB,KAAK,UAAU,EAAE,OAAO,CAAC,CAAC;YAElE,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK;gBACL,MAAM,EAAE,MAAA,EAAE,CAAC,GAAG,mCAAI,IAAI;gBACtB,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE,CAAQ,CAAC,CAAC;YAC3C,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAoD;AAEpD,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAA;AAEpD,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEK,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEjD,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE7D,IAAI,OAAO,GAAkB,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC,CAAC;IAE7E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAE5E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;IAEvC,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,4BAA4B;IAC5B,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9C,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC1F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC1E,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC;IAErB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,CAAC,CAAC,GAAG,mCAAI,IAAI;QACrB,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC1E,GAAG,EAAE,CAAC,CAAC,GAAG;KACX,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AA3IW,QAAA,QAAQ,YA2InB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,iDAAiD,EAAE;YAC1D,OAAO;YACP,QAAQ;YACR,EAAE;SACH,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAA,GAAG,CAAC,IAAI,oDAAG,wBAAwB,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC1D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBACpD,WAAW,EAAE,KAAe;gBAC5B,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;oBACnC,CAAC,CAAC,IAAI,CAAC,UAAU;oBACjB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,eAAe;YAErC,IAAA,qBAAW,EAAC,GAAG,EAAE,uBAAuB,KAAK,UAAU,EAAE,OAAO,EAAE;gBAChE,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK;gBACL,MAAM,EAAE,MAAA,EAAE,CAAC,GAAG,mCAAI,IAAI;gBACtB,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE,CAAQ,CAAC,CAAC;YAC3C,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
|
@@ -1,2 +1,9 @@
|
|
|
1
1
|
import { InvocationContext } from "@azure/functions";
|
|
2
|
-
|
|
2
|
+
type CookieOptions = {
|
|
3
|
+
httpOnly?: boolean;
|
|
4
|
+
secure?: boolean;
|
|
5
|
+
sameSite?: "None" | "Lax" | "Strict";
|
|
6
|
+
maxAge?: number;
|
|
7
|
+
};
|
|
8
|
+
export declare function setCookieKV(ctx: InvocationContext, key: string, value: string, options?: CookieOptions): void;
|
|
9
|
+
export {};
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.setCookieKV = setCookieKV;
|
|
4
|
-
function setCookieKV(ctx, key, value) {
|
|
4
|
+
function setCookieKV(ctx, key, value, options = {}) {
|
|
5
5
|
var _a, _b;
|
|
6
6
|
var _c, _d;
|
|
7
|
+
const { httpOnly = true, secure = true, sameSite = "None", maxAge = 300, // seconds (default)
|
|
8
|
+
} = options;
|
|
7
9
|
// Object-cookie bag (preferred)
|
|
8
10
|
const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj");
|
|
9
11
|
// @ts-ignore
|
|
@@ -12,14 +14,14 @@ function setCookieKV(ctx, key, value) {
|
|
|
12
14
|
name: key,
|
|
13
15
|
value,
|
|
14
16
|
path: "/",
|
|
15
|
-
httpOnly
|
|
16
|
-
secure
|
|
17
|
-
sameSite
|
|
18
|
-
maxAge
|
|
17
|
+
httpOnly,
|
|
18
|
+
secure, // drop to false if testing on http://
|
|
19
|
+
sameSite, // use "Lax" for same-site
|
|
20
|
+
maxAge,
|
|
19
21
|
});
|
|
20
22
|
// (Optional) Keep your string fallback too:
|
|
21
23
|
const CTX_COOKIES = Symbol.for("cfy.resCookies");
|
|
22
24
|
const strBag = ((_b = (_d = ctx)[CTX_COOKIES]) !== null && _b !== void 0 ? _b : (_d[CTX_COOKIES] = []));
|
|
23
|
-
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path
|
|
25
|
+
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
|
|
24
26
|
}
|
|
25
27
|
//# sourceMappingURL=cookies.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/utils/cookies.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/utils/cookies.ts"],"names":[],"mappings":";;AASA,kCAiCC;AAjCD,SAAgB,WAAW,CACzB,GAAsB,EACtB,GAAW,EACX,KAAa,EACb,UAAyB,EAAE;;;IAE3B,MAAM,EACJ,QAAQ,GAAG,IAAI,EACf,MAAM,GAAG,IAAI,EACb,QAAQ,GAAG,MAAM,EACjB,MAAM,GAAG,GAAG,EAAE,oBAAoB;MACnC,GAAG,OAAO,CAAC;IAEZ,gCAAgC;IAChC,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IACzD,aAAa;IACb,MAAM,MAAM,GAAG,aAAE,GAAW,EAAC,eAAe,wCAAf,eAAe,IAAM,EAAkB,EAAC,CAAC;IACtE,MAAM,CAAC,IAAI,CAAC;QACR,IAAI,EAAE,GAAG;QACT,KAAK;QACL,IAAI,EAAE,GAAG;QACT,QAAQ;QACR,MAAM,EAAQ,sCAAsC;QACpD,QAAQ,EAAI,0BAA0B;QACtC,MAAM;KACT,CAAC,CAAC;IAEH,4CAA4C;IAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,aAAE,GAAW,EAAC,WAAW,wCAAX,WAAW,IAAM,EAAc,EAAC,CAAC;IAC9D,MAAM,CAAC,IAAI,CACP,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC,KAAK,CAAC,YAAY,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,aAAa,QAAQ,IAAI,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9M,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED