@culturefy/shared 1.0.51 → 1.0.53
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/cjs/constants/app.js +6 -6
- package/build/cjs/constants/app.js.map +1 -1
- package/build/cjs/enums/secretKeys.enum.js +2 -0
- package/build/cjs/enums/secretKeys.enum.js.map +1 -1
- package/build/cjs/middlewares/index.js +6 -0
- package/build/cjs/middlewares/index.js.map +1 -1
- package/build/cjs/middlewares/verify-express.js +68 -0
- package/build/cjs/middlewares/verify-express.js.map +1 -0
- package/build/cjs/middlewares/verify-middleware.js +9 -1
- package/build/cjs/middlewares/verify-middleware.js.map +1 -1
- package/build/cjs/types/app.js.map +1 -1
- package/build/cjs/utils/cookies.js +13 -6
- package/build/cjs/utils/cookies.js.map +1 -1
- package/build/esm/constants/app.js +6 -6
- package/build/esm/constants/app.js.map +1 -1
- package/build/esm/enums/secretKeys.enum.js +2 -0
- package/build/esm/enums/secretKeys.enum.js.map +1 -1
- package/build/esm/middlewares/index.js +1 -0
- package/build/esm/middlewares/index.js.map +1 -1
- package/build/esm/middlewares/verify-express.js +64 -0
- package/build/esm/middlewares/verify-express.js.map +1 -0
- package/build/esm/middlewares/verify-middleware.js +9 -1
- package/build/esm/middlewares/verify-middleware.js.map +1 -1
- package/build/esm/types/app.js.map +1 -1
- package/build/esm/utils/cookies.js +13 -6
- package/build/esm/utils/cookies.js.map +1 -1
- package/build/src/constants/app.js +4 -4
- package/build/src/constants/app.js.map +1 -1
- package/build/src/enums/secretKeys.enum.d.ts +3 -1
- package/build/src/enums/secretKeys.enum.js +2 -0
- package/build/src/enums/secretKeys.enum.js.map +1 -1
- package/build/src/middlewares/index.d.ts +1 -0
- package/build/src/middlewares/index.js +1 -0
- package/build/src/middlewares/index.js.map +1 -1
- package/build/src/middlewares/verify-express.d.ts +3 -0
- package/build/src/middlewares/verify-express.js +63 -0
- package/build/src/middlewares/verify-express.js.map +1 -0
- package/build/src/middlewares/verify-middleware.js +12 -1
- package/build/src/middlewares/verify-middleware.js.map +1 -1
- package/build/src/types/app.d.ts +1 -1
- package/build/src/utils/cookies.d.ts +8 -1
- package/build/src/utils/cookies.js +8 -6
- package/build/src/utils/cookies.js.map +1 -1
- package/package.json +3 -1
|
@@ -25,10 +25,10 @@ const APP_MAP = exports.APP_MAP = {
|
|
|
25
25
|
domain: {
|
|
26
26
|
local: null,
|
|
27
27
|
// host-bound in local
|
|
28
|
-
dev: ".culturefy.
|
|
29
|
-
//
|
|
30
|
-
staging: ".culturefy.
|
|
31
|
-
//
|
|
28
|
+
dev: ".dev.culturefy.app",
|
|
29
|
+
// covers dev.culturefy.app + api.dev.culturefy.app
|
|
30
|
+
staging: ".staging.culturefy.app",
|
|
31
|
+
// covers staging.culturefy.app + api.staging.culturefy.app
|
|
32
32
|
prod: ".culturefy.app"
|
|
33
33
|
},
|
|
34
34
|
path: "/",
|
|
@@ -41,8 +41,8 @@ const APP_MAP = exports.APP_MAP = {
|
|
|
41
41
|
} // 15m / 30d
|
|
42
42
|
}
|
|
43
43
|
},
|
|
44
|
-
'
|
|
45
|
-
appId: "
|
|
44
|
+
'5x8jws1b': {
|
|
45
|
+
appId: "5x8jws1b",
|
|
46
46
|
name: "superadmin",
|
|
47
47
|
clientId: "cfy-superadmin-web",
|
|
48
48
|
domains: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app.js","names":["APP_MAP","exports","appId","name","clientId","domains","local","dev","staging","prod","auth","realm","exclude","cookie","prefix","domain","path","sameSite","secure","httpOnly","maxAgeSec","sid","rt"],"sources":["../../../src/constants/app.ts"],"sourcesContent":["import { IAppId, IDomainMappings } from \"../types/app\";\n\nexport const APP_MAP: Record<IAppId, IDomainMappings> = {\n '3238hxa2': {\n appId: \"3238hxa2\",\n name: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n domains: {\n local: [\"localhost:5173\", \"127.0.0.1:5173\"],\n dev: [\"accounts.dev.culturefy.app\"],\n staging: [\"accounts.staging.culturefy.app\"],\n prod: [\"accounts.culturefy.app\"]\n },\n\n auth: {\n realm: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n },\n\n exclude: {\n prod: [] // e.g. add \"app.culturefy.app\" to prevent misrouting\n },\n cookie: {\n prefix: \"__Secure-auth\",\n domain: {\n local: null, // host-bound in local\n dev: \".culturefy.
|
|
1
|
+
{"version":3,"file":"app.js","names":["APP_MAP","exports","appId","name","clientId","domains","local","dev","staging","prod","auth","realm","exclude","cookie","prefix","domain","path","sameSite","secure","httpOnly","maxAgeSec","sid","rt"],"sources":["../../../src/constants/app.ts"],"sourcesContent":["import { IAppId, IDomainMappings } from \"../types/app\";\n\nexport const APP_MAP: Record<IAppId, IDomainMappings> = {\n '3238hxa2': {\n appId: \"3238hxa2\",\n name: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n domains: {\n local: [\"localhost:5173\", \"127.0.0.1:5173\"],\n dev: [\"accounts.dev.culturefy.app\"],\n staging: [\"accounts.staging.culturefy.app\"],\n prod: [\"accounts.culturefy.app\"]\n },\n\n auth: {\n realm: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n },\n\n exclude: {\n prod: [] // e.g. add \"app.culturefy.app\" to prevent misrouting\n },\n cookie: {\n prefix: \"__Secure-auth\",\n domain: {\n local: null, // host-bound in local\n dev: \".dev.culturefy.app\", // covers dev.culturefy.app + api.dev.culturefy.app\n staging: \".staging.culturefy.app\", // covers staging.culturefy.app + api.staging.culturefy.app\n prod: \".culturefy.app\"\n },\n path: \"/\",\n sameSite: \"None\",\n secure: true,\n httpOnly: true,\n maxAgeSec: { sid: 15 * 60, rt: 30 * 24 * 60 * 60 } // 15m / 30d\n }\n\n },\n '5x8jws1b': {\n appId: \"5x8jws1b\",\n name: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n domains: {\n local: [\"localhost:5173\", \"127.0.0.1:5173\"],\n dev: [\"accounts.dev.culturefy.app\"],\n staging: [\"accounts.staging.culturefy.app\"],\n prod: [\"accounts.culturefy.app\"]\n },\n\n auth: {\n realm: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n },\n\n exclude: {\n prod: [] // e.g. add \"app.culturefy.app\" to prevent misrouting\n },\n cookie: {\n prefix: \"__Secure-auth\",\n domain: {\n local: null, // host-bound in local\n dev: \".culturefy.dev\", // adjust to your dev root\n staging: \".culturefy.staging\", // adjust to your staging root\n prod: \".culturefy.app\"\n },\n path: \"/\",\n sameSite: \"None\",\n secure: true,\n httpOnly: true,\n maxAgeSec: { sid: 15 * 60, rt: 30 * 24 * 60 * 60 } // 15m / 30d\n }\n\n },\n\n};\n\n"],"mappings":";;;;AAEO,MAAMA,OAAwC,GAAAC,OAAA,CAAAD,OAAA,GAAG;EACtD,UAAU,EAAE;IACRE,KAAK,EAAE,UAAU;IACjBC,IAAI,EAAE,YAAY;IAClBC,QAAQ,EAAE,oBAAoB;IAC9BC,OAAO,EAAE;MACLC,KAAK,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;MAC3CC,GAAG,EAAE,CAAC,4BAA4B,CAAC;MACnCC,OAAO,EAAE,CAAC,gCAAgC,CAAC;MAC3CC,IAAI,EAAE,CAAC,wBAAwB;IACnC,CAAC;IAEDC,IAAI,EAAE;MACFC,KAAK,EAAE,YAAY;MACnBP,QAAQ,EAAE;IACd,CAAC;IAEDQ,OAAO,EAAE;MACLH,IAAI,EAAE,EAAE,CAAC;IACb,CAAC;IACDI,MAAM,EAAE;MACJC,MAAM,EAAE,eAAe;MACvBC,MAAM,EAAE;QACJT,KAAK,EAAE,IAAI;QAAE;QACbC,GAAG,EAAE,oBAAoB;QAAE;QAC3BC,OAAO,EAAE,wBAAwB;QAAE;QACnCC,IAAI,EAAE;MACV,CAAC;MACDO,IAAI,EAAE,GAAG;MACTC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,IAAI;MACdC,SAAS,EAAE;QAAEC,GAAG,EAAE,EAAE,GAAG,EAAE;QAAEC,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;MAAG,CAAC,CAAC;IACvD;EAEJ,CAAC;EACD,UAAU,EAAE;IACRpB,KAAK,EAAE,UAAU;IACjBC,IAAI,EAAE,YAAY;IAClBC,QAAQ,EAAE,oBAAoB;IAC9BC,OAAO,EAAE;MACLC,KAAK,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;MAC3CC,GAAG,EAAE,CAAC,4BAA4B,CAAC;MACnCC,OAAO,EAAE,CAAC,gCAAgC,CAAC;MAC3CC,IAAI,EAAE,CAAC,wBAAwB;IACnC,CAAC;IAEDC,IAAI,EAAE;MACFC,KAAK,EAAE,YAAY;MACnBP,QAAQ,EAAE;IACd,CAAC;IAEDQ,OAAO,EAAE;MACLH,IAAI,EAAE,EAAE,CAAC;IACb,CAAC;IACDI,MAAM,EAAE;MACJC,MAAM,EAAE,eAAe;MACvBC,MAAM,EAAE;QACJT,KAAK,EAAE,IAAI;QAAE;QACbC,GAAG,EAAE,gBAAgB;QAAE;QACvBC,OAAO,EAAE,oBAAoB;QAAE;QAC/BC,IAAI,EAAE;MACV,CAAC;MACDO,IAAI,EAAE,GAAG;MACTC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,IAAI;MACdC,SAAS,EAAE;QAAEC,GAAG,EAAE,EAAE,GAAG,EAAE;QAAEC,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;MAAG,CAAC,CAAC;IACvD;EAEJ;AAEF,CAAC","ignoreList":[]}
|
|
@@ -40,6 +40,8 @@ let AzureSecretKeysEnum = exports.AzureSecretKeysEnum = /*#__PURE__*/function (A
|
|
|
40
40
|
AzureSecretKeysEnum["GCP_PROJECT_ID"] = "gcp-project-id";
|
|
41
41
|
AzureSecretKeysEnum["PUBSUB_SERVICE_ACCOUNT_KEYS"] = "pubsub-service-account-keys";
|
|
42
42
|
AzureSecretKeysEnum["VAPI_TOKEN"] = "vapi-token";
|
|
43
|
+
AzureSecretKeysEnum["GITHUB_TOKEN"] = "GITHUB-TOKEN";
|
|
44
|
+
AzureSecretKeysEnum["GITHUB_WORKFLOW_URL"] = "GITHUB-WORKFLOW-URL";
|
|
43
45
|
return AzureSecretKeysEnum;
|
|
44
46
|
}({}); // AUTH-SERVICE-AUTHENTICATION-URL
|
|
45
47
|
// https://culturefy-auth-staging.azurewebsites.net/api/verify
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum","exports"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_TENANT_BRIDGE = \"DB-Connecting-String-Tenant-Bridge\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":";;;;AAAA;AAAA,IACYA,mBAAmB,GAAAC,OAAA,CAAAD,mBAAA,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA,
|
|
1
|
+
{"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum","exports"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_TENANT_BRIDGE = \"DB-Connecting-String-Tenant-Bridge\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n GITHUB_TOKEN = \"GITHUB-TOKEN\",\n GITHUB_WORKFLOW_URL = \"GITHUB-WORKFLOW-URL\",\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":";;;;AAAA;AAAA,IACYA,mBAAmB,GAAAC,OAAA,CAAAD,mBAAA,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA,OAqC/B;AACA;AAEA","ignoreList":[]}
|
|
@@ -13,4 +13,10 @@ Object.keys(_verifyMiddleware).forEach(function (key) {
|
|
|
13
13
|
if (key in exports && exports[key] === _verifyMiddleware[key]) return;
|
|
14
14
|
exports[key] = _verifyMiddleware[key];
|
|
15
15
|
});
|
|
16
|
+
var _verifyExpress = require("./verify-express");
|
|
17
|
+
Object.keys(_verifyExpress).forEach(function (key) {
|
|
18
|
+
if (key === "default" || key === "__esModule") return;
|
|
19
|
+
if (key in exports && exports[key] === _verifyExpress[key]) return;
|
|
20
|
+
exports[key] = _verifyExpress[key];
|
|
21
|
+
});
|
|
16
22
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":["_tokenValidation","require","Object","keys","forEach","key","exports","_verifyMiddleware"],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './verify-middleware';\n"],"mappings":";;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,gBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,gBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,gBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,iBAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,iBAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,iBAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,iBAAA,CAAAF,GAAA;AAAA","ignoreList":[]}
|
|
1
|
+
{"version":3,"file":"index.js","names":["_tokenValidation","require","Object","keys","forEach","key","exports","_verifyMiddleware","_verifyExpress"],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":";;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,gBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,gBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,gBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,iBAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,iBAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,iBAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,iBAAA,CAAAF,GAAA;AAAA;AACA,IAAAG,cAAA,GAAAP,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAK,cAAA,EAAAJ,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAG,cAAA,CAAAH,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAG,cAAA,CAAAH,GAAA;AAAA","ignoreList":[]}
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
exports.__esModule = true;
|
|
4
|
+
exports.verifyExpress = void 0;
|
|
5
|
+
var _verifyMiddleware = require("./verify-middleware");
|
|
6
|
+
// Lightweight adapter to reuse verifyMw (Azure Functions-style) inside Express.
|
|
7
|
+
// It expects the Azure HttpRequest/InvocationContext to be available on the Express
|
|
8
|
+
// request as azureReq/azureCtx (set by the Azure→Express bridge). If absent, it
|
|
9
|
+
// builds minimal fallbacks so the middleware can still run in local tests.
|
|
10
|
+
const toHeaders = req => {
|
|
11
|
+
const h = new Headers();
|
|
12
|
+
Object.entries(req.headers).forEach(([key, value]) => {
|
|
13
|
+
if (Array.isArray(value)) {
|
|
14
|
+
value.forEach(v => h.append(key, v));
|
|
15
|
+
} else if (value !== undefined) {
|
|
16
|
+
h.append(key, String(value));
|
|
17
|
+
}
|
|
18
|
+
});
|
|
19
|
+
return h;
|
|
20
|
+
};
|
|
21
|
+
const buildAzureRequest = req => {
|
|
22
|
+
return {
|
|
23
|
+
method: req.method,
|
|
24
|
+
url: req.originalUrl || req.url,
|
|
25
|
+
headers: toHeaders(req),
|
|
26
|
+
query: req.query || {},
|
|
27
|
+
params: req.params || {},
|
|
28
|
+
// Body is already parsed by the Azure→Express adapter when present
|
|
29
|
+
body: req.body
|
|
30
|
+
};
|
|
31
|
+
};
|
|
32
|
+
const fallbackCtx = {
|
|
33
|
+
log: console.log,
|
|
34
|
+
info: console.info,
|
|
35
|
+
warn: console.warn,
|
|
36
|
+
error: console.error,
|
|
37
|
+
trace: console.debug
|
|
38
|
+
};
|
|
39
|
+
|
|
40
|
+
// Factory so callers can optionally provide their own ctx retriever
|
|
41
|
+
const verifyExpress = getCtx => {
|
|
42
|
+
return async (req, res, next) => {
|
|
43
|
+
var _state;
|
|
44
|
+
const azureReq = req.azureReq || buildAzureRequest(req);
|
|
45
|
+
const ctx = req.azureCtx || (getCtx == null ? void 0 : getCtx(req)) || fallbackCtx;
|
|
46
|
+
const result = await (0, _verifyMiddleware.verifyMw)(azureReq, ctx, async () => ({
|
|
47
|
+
status: 200
|
|
48
|
+
}));
|
|
49
|
+
|
|
50
|
+
// Short-circuit on failures
|
|
51
|
+
if (result.status && result.status !== 200) {
|
|
52
|
+
var _result$status, _result$body;
|
|
53
|
+
if (result.headers) {
|
|
54
|
+
Object.entries(result.headers).forEach(([k, v]) => res.setHeader(k, String(v)));
|
|
55
|
+
}
|
|
56
|
+
return res.status((_result$status = result.status) != null ? _result$status : 401).send((_result$body = result.body) != null ? _result$body : "");
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
// Propagate auth payload if verifyMw set it
|
|
60
|
+
const auth = ctx == null || (_state = ctx.state) == null ? void 0 : _state.auth;
|
|
61
|
+
if (auth) {
|
|
62
|
+
req.auth = auth;
|
|
63
|
+
}
|
|
64
|
+
return next();
|
|
65
|
+
};
|
|
66
|
+
};
|
|
67
|
+
exports.verifyExpress = verifyExpress;
|
|
68
|
+
//# sourceMappingURL=verify-express.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify-express.js","names":["_verifyMiddleware","require","toHeaders","req","h","Headers","Object","entries","headers","forEach","key","value","Array","isArray","v","append","undefined","String","buildAzureRequest","method","url","originalUrl","query","params","body","fallbackCtx","log","console","info","warn","error","trace","debug","verifyExpress","getCtx","res","next","_state","azureReq","ctx","azureCtx","result","verifyMw","status","_result$status","_result$body","k","setHeader","send","auth","state","exports"],"sources":["../../../src/middlewares/verify-express.ts"],"sourcesContent":["import { Request, Response, NextFunction } from \"express\";\nimport { HttpRequest, InvocationContext, HttpResponseInit } from \"@azure/functions\";\nimport { verifyMw } from \"./verify-middleware\";\n\n// Lightweight adapter to reuse verifyMw (Azure Functions-style) inside Express.\n// It expects the Azure HttpRequest/InvocationContext to be available on the Express\n// request as azureReq/azureCtx (set by the Azure→Express bridge). If absent, it\n// builds minimal fallbacks so the middleware can still run in local tests.\nconst toHeaders = (req: Request): Headers => {\n const h = new Headers();\n Object.entries(req.headers).forEach(([key, value]) => {\n if (Array.isArray(value)) {\n value.forEach((v) => h.append(key, v));\n } else if (value !== undefined) {\n h.append(key, String(value));\n }\n });\n return h;\n};\n\nconst buildAzureRequest = (req: Request): HttpRequest => {\n return {\n method: req.method,\n url: req.originalUrl || req.url,\n headers: toHeaders(req),\n query: (req.query || {}) as any,\n params: (req.params || {}) as any,\n // Body is already parsed by the Azure→Express adapter when present\n body: (req as any).body,\n } as HttpRequest;\n};\n\nconst fallbackCtx: InvocationContext = {\n log: console.log,\n info: console.info,\n warn: console.warn,\n error: console.error,\n trace: console.debug,\n} as any;\n\n// Factory so callers can optionally provide their own ctx retriever\nexport const verifyExpress = (\n getCtx?: (req: Request) => InvocationContext | undefined,\n) => {\n return async (req: Request, res: Response, next: NextFunction) => {\n const azureReq: HttpRequest = (req as any).azureReq || buildAzureRequest(req);\n const ctx: InvocationContext =\n (req as any).azureCtx || getCtx?.(req) || fallbackCtx;\n\n const result = await verifyMw(\n azureReq,\n ctx,\n async () => ({ status: 200 } as HttpResponseInit),\n );\n\n // Short-circuit on failures\n if (result.status && result.status !== 200) {\n if (result.headers) {\n Object.entries(result.headers).forEach(([k, v]) =>\n res.setHeader(k, String(v)),\n );\n }\n return res.status(result.status ?? 401).send(result.body ?? \"\");\n }\n\n // Propagate auth payload if verifyMw set it\n const auth = (ctx as any)?.state?.auth;\n if (auth) {\n (req as any).auth = auth;\n }\n\n return next();\n };\n};\n"],"mappings":";;;;AAEA,IAAAA,iBAAA,GAAAC,OAAA;AAEA;AACA;AACA;AACA;AACA,MAAMC,SAAS,GAAIC,GAAY,IAAc;EAC3C,MAAMC,CAAC,GAAG,IAAIC,OAAO,CAAC,CAAC;EACvBC,MAAM,CAACC,OAAO,CAACJ,GAAG,CAACK,OAAO,CAAC,CAACC,OAAO,CAAC,CAAC,CAACC,GAAG,EAAEC,KAAK,CAAC,KAAK;IACpD,IAAIC,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,EAAE;MACxBA,KAAK,CAACF,OAAO,CAAEK,CAAC,IAAKV,CAAC,CAACW,MAAM,CAACL,GAAG,EAAEI,CAAC,CAAC,CAAC;IACxC,CAAC,MAAM,IAAIH,KAAK,KAAKK,SAAS,EAAE;MAC9BZ,CAAC,CAACW,MAAM,CAACL,GAAG,EAAEO,MAAM,CAACN,KAAK,CAAC,CAAC;IAC9B;EACF,CAAC,CAAC;EACF,OAAOP,CAAC;AACV,CAAC;AAED,MAAMc,iBAAiB,GAAIf,GAAY,IAAkB;EACvD,OAAO;IACLgB,MAAM,EAAEhB,GAAG,CAACgB,MAAM;IAClBC,GAAG,EAAEjB,GAAG,CAACkB,WAAW,IAAIlB,GAAG,CAACiB,GAAG;IAC/BZ,OAAO,EAAEN,SAAS,CAACC,GAAG,CAAC;IACvBmB,KAAK,EAAGnB,GAAG,CAACmB,KAAK,IAAI,CAAC,CAAS;IAC/BC,MAAM,EAAGpB,GAAG,CAACoB,MAAM,IAAI,CAAC,CAAS;IACjC;IACAC,IAAI,EAAGrB,GAAG,CAASqB;EACrB,CAAC;AACH,CAAC;AAED,MAAMC,WAA8B,GAAG;EACrCC,GAAG,EAAEC,OAAO,CAACD,GAAG;EAChBE,IAAI,EAAED,OAAO,CAACC,IAAI;EAClBC,IAAI,EAAEF,OAAO,CAACE,IAAI;EAClBC,KAAK,EAAEH,OAAO,CAACG,KAAK;EACpBC,KAAK,EAAEJ,OAAO,CAACK;AACjB,CAAQ;;AAER;AACO,MAAMC,aAAa,GACxBC,MAAwD,IACrD;EACH,OAAO,OAAO/B,GAAY,EAAEgC,GAAa,EAAEC,IAAkB,KAAK;IAAA,IAAAC,MAAA;IAChE,MAAMC,QAAqB,GAAInC,GAAG,CAASmC,QAAQ,IAAIpB,iBAAiB,CAACf,GAAG,CAAC;IAC7E,MAAMoC,GAAsB,GACzBpC,GAAG,CAASqC,QAAQ,KAAIN,MAAM,oBAANA,MAAM,CAAG/B,GAAG,CAAC,KAAIsB,WAAW;IAEvD,MAAMgB,MAAM,GAAG,MAAM,IAAAC,0BAAQ,EAC3BJ,QAAQ,EACRC,GAAG,EACH,aAAa;MAAEI,MAAM,EAAE;IAAI,CAAC,CAC9B,CAAC;;IAED;IACA,IAAIF,MAAM,CAACE,MAAM,IAAIF,MAAM,CAACE,MAAM,KAAK,GAAG,EAAE;MAAA,IAAAC,cAAA,EAAAC,YAAA;MAC1C,IAAIJ,MAAM,CAACjC,OAAO,EAAE;QAClBF,MAAM,CAACC,OAAO,CAACkC,MAAM,CAACjC,OAAO,CAAC,CAACC,OAAO,CAAC,CAAC,CAACqC,CAAC,EAAEhC,CAAC,CAAC,KAC5CqB,GAAG,CAACY,SAAS,CAACD,CAAC,EAAE7B,MAAM,CAACH,CAAC,CAAC,CAC5B,CAAC;MACH;MACA,OAAOqB,GAAG,CAACQ,MAAM,EAAAC,cAAA,GAACH,MAAM,CAACE,MAAM,YAAAC,cAAA,GAAI,GAAG,CAAC,CAACI,IAAI,EAAAH,YAAA,GAACJ,MAAM,CAACjB,IAAI,YAAAqB,YAAA,GAAI,EAAE,CAAC;IACjE;;IAEA;IACA,MAAMI,IAAI,GAAIV,GAAG,aAAAF,MAAA,GAAHE,GAAG,CAAUW,KAAK,qBAAnBb,MAAA,CAAqBY,IAAI;IACtC,IAAIA,IAAI,EAAE;MACP9C,GAAG,CAAS8C,IAAI,GAAGA,IAAI;IAC1B;IAEA,OAAOb,IAAI,CAAC,CAAC;EACf,CAAC;AACH,CAAC;AAACe,OAAA,CAAAlB,aAAA,GAAAA,aAAA","ignoreList":[]}
|
|
@@ -301,7 +301,15 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
|
|
|
301
301
|
});
|
|
302
302
|
|
|
303
303
|
// Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
|
|
304
|
-
|
|
304
|
+
const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : typeof data.expires_in === "number" ? data.expires_in : 60 * 60 * 24; // fallback 24h
|
|
305
|
+
|
|
306
|
+
(0, _cookies.setCookieKV)(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {
|
|
307
|
+
// mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only
|
|
308
|
+
httpOnly: false,
|
|
309
|
+
secure: true,
|
|
310
|
+
sameSite: "None",
|
|
311
|
+
maxAge: mappingMaxAge
|
|
312
|
+
});
|
|
305
313
|
|
|
306
314
|
// Decode new AT and proceed
|
|
307
315
|
let p2;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_p$sub","_ref2","_p$cfy_bid","_ref3","_p$email","_p$name","_ref4","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","APP_MAP","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","exports","info","_ref5","_ref5$state","_p2$sub","_ref6","_p2$cfy_bid","_ref7","_p2$email","_p2$name","_ref8","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","setCookieKV","p2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping);\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAEM,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGjB,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACG,kBAAO,aAAAjB,cAAA,GAAPiB,kBAAO,CAAGH,KAAK,CAAC,aAAhBd,cAAA,CAAkBkB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGP,kBAAO,CAACH,KAAK,CAAC,CAACI,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAGvC,iBAAiB,CAACW,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIU,OAAsB,GAAGD,OAAO,CAAC,uBAAuBX,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACY,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/B,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC8C,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpC,GAAG,EAAE8B,KAAK,CAAC;EAE/D,MAAMO,YAAY,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACV,OAAO,CAAC;EAE3E,IAAI,CAACS,YAAY,EAAE;IACjB,OAAO;MACLhB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIc,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMkB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMxB,QAAQ,GAAGiB,YAAY,CAACjB,QAAQ;;EAEtC;EACA,IAAIyB,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACP,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAtB,EAAA,GAAC0C,CAAC,aAAD1C,EAAA,CAAG4C,GAAG,GAAE;IACX,OAAO;MACL1B,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMuB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAACtD,GAAG,EAAEC,GAAG,EAAEgB,KAAK,EAAE2B,KAAK,EAAEvB,QAAQ,EAAEqB,EAAE,EAAEb,OAAO,EAAEiB,CAAC,EAAE5C,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMqD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAChD,OAAOyB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKrC,QAAQ,IAAIyB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKvC,QAAQ;EAEpB,IAAI,CAACkC,KAAK,EAAE;IACV,OAAO;MACLjC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAApB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAAS4D,KAAK,YAAAvD,UAAA,GAAlBD,IAAA,CAAawD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;IACxB/C,KAAK;IACLgD,MAAM,GAAA1D,MAAA,GAAEuC,CAAC,CAACoB,GAAG,YAAA3D,MAAA,GAAI,IAAI;IACrB4D,UAAU,GAAA3D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACsB,OAAO,YAAA3D,UAAA,GAAIqD,QAAQ,YAAAtD,KAAA,GAAI,IAAI;IACzCsD,QAAQ;IACRO,KAAK,GAAA3D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACuB,KAAK,YAAA1D,QAAA,GAAImC,CAAC,CAACwB,kBAAkB,YAAA5D,KAAA,GAAI,IAAI;IAC9C6D,IAAI,GAAA3D,OAAA,GAAEkC,CAAC,CAACyB,IAAI,YAAA3D,OAAA,GAAI4D,SAAS;IACzBC,KAAK,GAAA5D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE+B,CAAC,CAAC4B,eAAe,cAAA3D,kBAAA,GAAjBA,kBAAA,CAAoBM,QAAQ,CAAC,qBAA7BN,kBAAA,CAA+B0D,KAAK,YAAA3D,qBAAA,IAAAE,eAAA,GAAI8B,CAAC,CAAC6B,YAAY,qBAAd3D,eAAA,CAAgByD,KAAK,YAAA5D,KAAA,GAAI,EAAE;IAC1EwC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAOnD,IAAI,CAAC,CAAC;AACf,CAAC;AAAC0E,OAAA,CAAA7E,QAAA,GAAAA,QAAA;AAIF,eAAeuD,kBAAkBA,CAC/BtD,GAAgB,EAChBC,GAAsB,EACtBgB,KAAa,EACb4B,OAAe,EACfxB,QAAgB,EAChBqB,EAAsB,EACtBb,OAAe,EACfiB,CAAM,EACN5C,IAAqC,EACV;EAC3B;EACA,IAAI,CAACwC,EAAE,EAAE;IACP,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAzB,GAAG,CAAC4E,IAAI,CAAC,iDAAiD,EAAE;IAC1DhC,OAAO;IACPxB,QAAQ;IACRqB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAoC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAAC1G,MAAM,EAAE;MAC/B2G,MAAM,EAAE,MAAM;MACd1E,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBoB,OAAO;QACPxB,QAAQ,EAAEA,QAAQ;QAClBwE,aAAa,EAAEnD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACgD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9B9F,GAAG,CAAC+F,IAAI,YAAR/F,GAAG,CAAC+F,IAAI,CAAG,wBAAwBN,IAAI,CAACpE,MAAM,IAAIyE,IAAI,EAAE,CAAC;MACzD,OAAO;QACLzE,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMuE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLhF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/B,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC8C,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpC,GAAG,EAAE8B,KAAK,CAAC;IAE/D,MAAMK,mBAAmB,CAACmE,kBAAkB,CAAC1E,OAAO,EAAE;MACpDY,WAAW,EAAE2D,KAAe;MAC5BzD,YAAY,EAAE2D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAIrD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGkD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGjC;IACnG,CAAC,CAAC;;IAEF;IACA,IAAAkC,oBAAW,EAACzG,GAAG,EAAE,uBAAuBgB,KAAK,UAAU,EAAEY,OAAO,CAAC;;IAEjE;IACA,IAAI8E,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA5D,oBAAS,EAACqD,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL9E,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMkF,MAAM,GACTpD,KAAK,CAACC,OAAO,CAACkD,EAAE,CAACjD,GAAG,CAAC,IAAIiD,EAAE,CAACjD,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAClD,OAAOsF,EAAE,CAACjD,GAAG,KAAK,QAAQ,KAAKiD,EAAE,CAACjD,GAAG,KAAKrC,QAAQ,IAAIsF,EAAE,CAACjD,GAAG,KAAK,SAAS,CAAE,IAC7EiD,EAAE,CAAC/C,GAAG,KAAKvC,QAAQ;IACrB,IAAI,CAACuF,MAAM,EAAE;MACX,OAAO;QACLtF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAqD,WAAA,IAAAD,KAAA,GAAC7E,GAAG,EAAS4D,KAAK,YAAAkB,WAAA,GAAlBD,KAAA,CAAajB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMgD,SAAS,GAAGhE,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;MACxB/C,KAAK;MACLgD,MAAM,GAAAe,OAAA,GAAE2B,EAAE,CAACzC,GAAG,YAAAc,OAAA,GAAI,IAAI;MACtBb,UAAU,GAAAc,KAAA,IAAAC,WAAA,GAAEyB,EAAE,CAACvC,OAAO,YAAAc,WAAA,GAAI2B,SAAS,YAAA5B,KAAA,GAAI,IAAI;MAC3CnB,QAAQ,EAAE+C,SAAS;MACnBxC,KAAK,GAAAc,KAAA,IAAAC,SAAA,GAAEuB,EAAE,CAACtC,KAAK,YAAAe,SAAA,GAAIuB,EAAE,CAACrC,kBAAkB,YAAAa,KAAA,GAAI,IAAI;MAChDZ,IAAI,GAAAc,QAAA,GAAEsB,EAAE,CAACpC,IAAI,YAAAc,QAAA,GAAIb,SAAS;MAC1BC,KAAK,GAAAa,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEmB,EAAE,CAACjC,eAAe,cAAAc,mBAAA,GAAlBA,mBAAA,CAAqBnE,QAAQ,CAAC,qBAA9BmE,mBAAA,CAAgCf,KAAK,YAAAc,qBAAA,IAAAE,gBAAA,GAAIkB,EAAE,CAAChC,YAAY,qBAAfc,gBAAA,CAAiBhB,KAAK,YAAAa,KAAA,GAAI,EAAE;MAC5EjC,GAAG,EAAEsD,EAAE,CAACtD;IACV,CAAC;;IAED;IACA,OAAOnD,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAO4G,CAAC,EAAE;IACV7G,GAAG,CAAC8G,KAAK,YAAT9G,GAAG,CAAC8G,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACLxF,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACkF,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAACjD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOgD,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
1
|
+
{"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_p$sub","_ref2","_p$cfy_bid","_ref3","_p$email","_p$name","_ref4","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","APP_MAP","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","exports","info","_ref5","_ref5$state","_p2$sub","_ref6","_p2$cfy_bid","_ref7","_p2$email","_p2$name","_ref8","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","mappingMaxAge","refresh_expires_in","setCookieKV","httpOnly","secure","sameSite","maxAge","p2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAEM,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGjB,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACG,kBAAO,aAAAjB,cAAA,GAAPiB,kBAAO,CAAGH,KAAK,CAAC,aAAhBd,cAAA,CAAkBkB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGP,kBAAO,CAACH,KAAK,CAAC,CAACI,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAGvC,iBAAiB,CAACW,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIU,OAAsB,GAAGD,OAAO,CAAC,uBAAuBX,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACY,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/B,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC8C,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpC,GAAG,EAAE8B,KAAK,CAAC;EAE/D,MAAMO,YAAY,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACV,OAAO,CAAC;EAE3E,IAAI,CAACS,YAAY,EAAE;IACjB,OAAO;MACLhB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIc,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMkB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMxB,QAAQ,GAAGiB,YAAY,CAACjB,QAAQ;;EAEtC;EACA,IAAIyB,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACP,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAtB,EAAA,GAAC0C,CAAC,aAAD1C,EAAA,CAAG4C,GAAG,GAAE;IACX,OAAO;MACL1B,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMuB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAACtD,GAAG,EAAEC,GAAG,EAAEgB,KAAK,EAAE2B,KAAK,EAAEvB,QAAQ,EAAEqB,EAAE,EAAEb,OAAO,EAAEiB,CAAC,EAAE5C,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMqD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAChD,OAAOyB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKrC,QAAQ,IAAIyB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKvC,QAAQ;EAEpB,IAAI,CAACkC,KAAK,EAAE;IACV,OAAO;MACLjC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAApB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAAS4D,KAAK,YAAAvD,UAAA,GAAlBD,IAAA,CAAawD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;IACxB/C,KAAK;IACLgD,MAAM,GAAA1D,MAAA,GAAEuC,CAAC,CAACoB,GAAG,YAAA3D,MAAA,GAAI,IAAI;IACrB4D,UAAU,GAAA3D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACsB,OAAO,YAAA3D,UAAA,GAAIqD,QAAQ,YAAAtD,KAAA,GAAI,IAAI;IACzCsD,QAAQ;IACRO,KAAK,GAAA3D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACuB,KAAK,YAAA1D,QAAA,GAAImC,CAAC,CAACwB,kBAAkB,YAAA5D,KAAA,GAAI,IAAI;IAC9C6D,IAAI,GAAA3D,OAAA,GAAEkC,CAAC,CAACyB,IAAI,YAAA3D,OAAA,GAAI4D,SAAS;IACzBC,KAAK,GAAA5D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE+B,CAAC,CAAC4B,eAAe,cAAA3D,kBAAA,GAAjBA,kBAAA,CAAoBM,QAAQ,CAAC,qBAA7BN,kBAAA,CAA+B0D,KAAK,YAAA3D,qBAAA,IAAAE,eAAA,GAAI8B,CAAC,CAAC6B,YAAY,qBAAd3D,eAAA,CAAgByD,KAAK,YAAA5D,KAAA,GAAI,EAAE;IAC1EwC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAOnD,IAAI,CAAC,CAAC;AACf,CAAC;AAAC0E,OAAA,CAAA7E,QAAA,GAAAA,QAAA;AAIF,eAAeuD,kBAAkBA,CAC/BtD,GAAgB,EAChBC,GAAsB,EACtBgB,KAAa,EACb4B,OAAe,EACfxB,QAAgB,EAChBqB,EAAsB,EACtBb,OAAe,EACfiB,CAAM,EACN5C,IAAqC,EACV;EAC3B;EACA,IAAI,CAACwC,EAAE,EAAE;IACP,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAzB,GAAG,CAAC4E,IAAI,CAAC,iDAAiD,EAAE;IAC1DhC,OAAO;IACPxB,QAAQ;IACRqB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAoC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAAC1G,MAAM,EAAE;MAC/B2G,MAAM,EAAE,MAAM;MACd1E,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBoB,OAAO;QACPxB,QAAQ,EAAEA,QAAQ;QAClBwE,aAAa,EAAEnD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACgD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9B9F,GAAG,CAAC+F,IAAI,YAAR/F,GAAG,CAAC+F,IAAI,CAAG,wBAAwBN,IAAI,CAACpE,MAAM,IAAIyE,IAAI,EAAE,CAAC;MACzD,OAAO;QACLzE,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMuE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLhF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/B,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC8C,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpC,GAAG,EAAE8B,KAAK,CAAC;IAE/D,MAAMK,mBAAmB,CAACmE,kBAAkB,CAAC1E,OAAO,EAAE;MACpDY,WAAW,EAAE2D,KAAe;MAC5BzD,YAAY,EAAE2D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAIrD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGkD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGjC;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMkC,aAAa,GACjB,OAAOP,IAAI,CAACQ,kBAAkB,KAAK,QAAQ,GACvCR,IAAI,CAACQ,kBAAkB,GACvB,OAAOR,IAAI,CAACM,UAAU,KAAK,QAAQ,GACjCN,IAAI,CAACM,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,IAAAG,oBAAW,EAAC3G,GAAG,EAAE,uBAAuBgB,KAAK,UAAU,EAAEY,OAAO,EAAE;MAChE;MACAgF,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEN;IACV,CAAC,CAAC;;IAEF;IACA,IAAIO,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAAlE,oBAAS,EAACqD,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL9E,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMwF,MAAM,GACT1D,KAAK,CAACC,OAAO,CAACwD,EAAE,CAACvD,GAAG,CAAC,IAAIuD,EAAE,CAACvD,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAClD,OAAO4F,EAAE,CAACvD,GAAG,KAAK,QAAQ,KAAKuD,EAAE,CAACvD,GAAG,KAAKrC,QAAQ,IAAI4F,EAAE,CAACvD,GAAG,KAAK,SAAS,CAAE,IAC7EuD,EAAE,CAACrD,GAAG,KAAKvC,QAAQ;IACrB,IAAI,CAAC6F,MAAM,EAAE;MACX,OAAO;QACL5F,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAqD,WAAA,IAAAD,KAAA,GAAC7E,GAAG,EAAS4D,KAAK,YAAAkB,WAAA,GAAlBD,KAAA,CAAajB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMsD,SAAS,GAAGtE,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;MACxB/C,KAAK;MACLgD,MAAM,GAAAe,OAAA,GAAEiC,EAAE,CAAC/C,GAAG,YAAAc,OAAA,GAAI,IAAI;MACtBb,UAAU,GAAAc,KAAA,IAAAC,WAAA,GAAE+B,EAAE,CAAC7C,OAAO,YAAAc,WAAA,GAAIiC,SAAS,YAAAlC,KAAA,GAAI,IAAI;MAC3CnB,QAAQ,EAAEqD,SAAS;MACnB9C,KAAK,GAAAc,KAAA,IAAAC,SAAA,GAAE6B,EAAE,CAAC5C,KAAK,YAAAe,SAAA,GAAI6B,EAAE,CAAC3C,kBAAkB,YAAAa,KAAA,GAAI,IAAI;MAChDZ,IAAI,GAAAc,QAAA,GAAE4B,EAAE,CAAC1C,IAAI,YAAAc,QAAA,GAAIb,SAAS;MAC1BC,KAAK,GAAAa,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEyB,EAAE,CAACvC,eAAe,cAAAc,mBAAA,GAAlBA,mBAAA,CAAqBnE,QAAQ,CAAC,qBAA9BmE,mBAAA,CAAgCf,KAAK,YAAAc,qBAAA,IAAAE,gBAAA,GAAIwB,EAAE,CAACtC,YAAY,qBAAfc,gBAAA,CAAiBhB,KAAK,YAAAa,KAAA,GAAI,EAAE;MAC5EjC,GAAG,EAAE4D,EAAE,CAAC5D;IACV,CAAC;;IAED;IACA,OAAOnD,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOkH,CAAC,EAAE;IACVnH,GAAG,CAACoH,KAAK,YAATpH,GAAG,CAACoH,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACL9F,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACwF,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAACvD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOsD,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app.js","names":[],"sources":["../../../src/types/app.ts"],"sourcesContent":["export type IAppId = \"3238hxa2\" | \"
|
|
1
|
+
{"version":3,"file":"app.js","names":[],"sources":["../../../src/types/app.ts"],"sourcesContent":["export type IAppId = \"3238hxa2\" | \"5x8jws1b\";\n\nexport interface IDomainMappings {\n domains: Record<string, string[]>;\n clientId: string;\n appId: string;\n name: string;\n exclude: Record<string, string[]>;\n cookie: {\n prefix: string;\n domain: {\n local: string | null;\n dev: string;\n staging: string;\n prod: string;\n };\n path: string;\n sameSite: string;\n secure: boolean;\n httpOnly: boolean;\n maxAgeSec: { sid: number; rt: number };\n };\n auth?: {\n realm: string;\n clientId: string;\n };\n}"],"mappings":"","ignoreList":[]}
|
|
@@ -2,8 +2,15 @@
|
|
|
2
2
|
|
|
3
3
|
exports.__esModule = true;
|
|
4
4
|
exports.setCookieKV = setCookieKV;
|
|
5
|
-
function setCookieKV(ctx, key, value) {
|
|
5
|
+
function setCookieKV(ctx, key, value, options = {}) {
|
|
6
6
|
var _ref, _ref$CTX_COOKIES_OBJ, _ref2, _ref2$CTX_COOKIES;
|
|
7
|
+
const {
|
|
8
|
+
httpOnly = true,
|
|
9
|
+
secure = true,
|
|
10
|
+
sameSite = "None",
|
|
11
|
+
maxAge = 300 // seconds (default)
|
|
12
|
+
} = options;
|
|
13
|
+
|
|
7
14
|
// Object-cookie bag (preferred)
|
|
8
15
|
const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj");
|
|
9
16
|
// @ts-ignore
|
|
@@ -12,17 +19,17 @@ function setCookieKV(ctx, key, value) {
|
|
|
12
19
|
name: key,
|
|
13
20
|
value,
|
|
14
21
|
path: "/",
|
|
15
|
-
httpOnly
|
|
16
|
-
secure
|
|
22
|
+
httpOnly,
|
|
23
|
+
secure,
|
|
17
24
|
// drop to false if testing on http://
|
|
18
|
-
sameSite
|
|
25
|
+
sameSite,
|
|
19
26
|
// use "Lax" for same-site
|
|
20
|
-
maxAge
|
|
27
|
+
maxAge
|
|
21
28
|
});
|
|
22
29
|
|
|
23
30
|
// (Optional) Keep your string fallback too:
|
|
24
31
|
const CTX_COOKIES = Symbol.for("cfy.resCookies");
|
|
25
32
|
const strBag = (_ref2$CTX_COOKIES = (_ref2 = ctx)[CTX_COOKIES]) != null ? _ref2$CTX_COOKIES : _ref2[CTX_COOKIES] = [];
|
|
26
|
-
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path
|
|
33
|
+
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
|
|
27
34
|
}
|
|
28
35
|
//# sourceMappingURL=cookies.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","
|
|
1
|
+
{"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","options","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","httpOnly","secure","sameSite","maxAge","CTX_COOKIES_OBJ","Symbol","for","objBag","push","name","path","CTX_COOKIES","strBag","encodeURIComponent"],"sources":["../../../src/utils/cookies.ts"],"sourcesContent":["import { InvocationContext } from \"@azure/functions\";\n\ntype CookieOptions = {\n httpOnly?: boolean;\n secure?: boolean;\n sameSite?: \"None\" | \"Lax\" | \"Strict\";\n maxAge?: number;\n};\n\nexport function setCookieKV(\n ctx: InvocationContext,\n key: string,\n value: string,\n options: CookieOptions = {}\n): void {\n const {\n httpOnly = true,\n secure = true,\n sameSite = \"None\",\n maxAge = 300, // seconds (default)\n } = options;\n\n // Object-cookie bag (preferred)\n const CTX_COOKIES_OBJ = Symbol.for(\"cfy.resCookies.obj\");\n // @ts-ignore\n const objBag = ((ctx as any)[CTX_COOKIES_OBJ] ??= [] as HttpCookie[]);\n objBag.push({\n name: key,\n value,\n path: \"/\",\n httpOnly,\n secure, // drop to false if testing on http://\n sameSite, // use \"Lax\" for same-site\n maxAge,\n });\n\n // (Optional) Keep your string fallback too:\n const CTX_COOKIES = Symbol.for(\"cfy.resCookies\");\n const strBag = ((ctx as any)[CTX_COOKIES] ??= [] as string[]);\n strBag.push(\n `${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? \" HttpOnly;\" : \"\"} SameSite=${sameSite};${secure ? \" Secure;\" : \"\"}${typeof maxAge === \"number\" ? ` Max-Age=${maxAge}` : \"\"}`\n );\n}"],"mappings":";;;;AASO,SAASA,WAAWA,CACzBC,GAAsB,EACtBC,GAAW,EACXC,KAAa,EACbC,OAAsB,GAAG,CAAC,CAAC,EACrB;EAAA,IAAAC,IAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,iBAAA;EACN,MAAM;IACJC,QAAQ,GAAG,IAAI;IACfC,MAAM,GAAG,IAAI;IACbC,QAAQ,GAAG,MAAM;IACjBC,MAAM,GAAG,GAAG,CAAE;EAChB,CAAC,GAAGR,OAAO;;EAEX;EACA,MAAMS,eAAe,GAAGC,MAAM,CAACC,GAAG,CAAC,oBAAoB,CAAC;EACxD;EACA,MAAMC,MAAM,IAAAV,oBAAA,GAAI,CAAAD,IAAA,GAACJ,GAAG,EAASY,eAAe,CAAC,YAAAP,oBAAA,GAA7BD,IAAA,CAAaQ,eAAe,CAAC,GAAK,EAAmB;EACrEG,MAAM,CAACC,IAAI,CAAC;IACRC,IAAI,EAAEhB,GAAG;IACTC,KAAK;IACLgB,IAAI,EAAE,GAAG;IACTV,QAAQ;IACRC,MAAM;IAAQ;IACdC,QAAQ;IAAI;IACZC;EACJ,CAAC,CAAC;;EAEF;EACA,MAAMQ,WAAW,GAAGN,MAAM,CAACC,GAAG,CAAC,gBAAgB,CAAC;EAChD,MAAMM,MAAM,IAAAb,iBAAA,GAAI,CAAAD,KAAA,GAACN,GAAG,EAASmB,WAAW,CAAC,YAAAZ,iBAAA,GAAzBD,KAAA,CAAaa,WAAW,CAAC,GAAK,EAAe;EAC7DC,MAAM,CAACJ,IAAI,CACP,GAAGK,kBAAkB,CAACpB,GAAG,CAAC,IAAIoB,kBAAkB,CAACnB,KAAK,CAAC,YAAYM,QAAQ,GAAG,YAAY,GAAG,EAAE,aAAaE,QAAQ,IAAID,MAAM,GAAG,UAAU,GAAG,EAAE,GAAG,OAAOE,MAAM,KAAK,QAAQ,GAAG,YAAYA,MAAM,EAAE,GAAG,EAAE,EAC7M,CAAC;AACH","ignoreList":[]}
|
|
@@ -21,10 +21,10 @@ export const APP_MAP = {
|
|
|
21
21
|
domain: {
|
|
22
22
|
local: null,
|
|
23
23
|
// host-bound in local
|
|
24
|
-
dev: ".culturefy.
|
|
25
|
-
//
|
|
26
|
-
staging: ".culturefy.
|
|
27
|
-
//
|
|
24
|
+
dev: ".dev.culturefy.app",
|
|
25
|
+
// covers dev.culturefy.app + api.dev.culturefy.app
|
|
26
|
+
staging: ".staging.culturefy.app",
|
|
27
|
+
// covers staging.culturefy.app + api.staging.culturefy.app
|
|
28
28
|
prod: ".culturefy.app"
|
|
29
29
|
},
|
|
30
30
|
path: "/",
|
|
@@ -37,8 +37,8 @@ export const APP_MAP = {
|
|
|
37
37
|
} // 15m / 30d
|
|
38
38
|
}
|
|
39
39
|
},
|
|
40
|
-
'
|
|
41
|
-
appId: "
|
|
40
|
+
'5x8jws1b': {
|
|
41
|
+
appId: "5x8jws1b",
|
|
42
42
|
name: "superadmin",
|
|
43
43
|
clientId: "cfy-superadmin-web",
|
|
44
44
|
domains: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app.js","names":["APP_MAP","appId","name","clientId","domains","local","dev","staging","prod","auth","realm","exclude","cookie","prefix","domain","path","sameSite","secure","httpOnly","maxAgeSec","sid","rt"],"sources":["../../../src/constants/app.ts"],"sourcesContent":["import { IAppId, IDomainMappings } from \"../types/app\";\n\nexport const APP_MAP: Record<IAppId, IDomainMappings> = {\n '3238hxa2': {\n appId: \"3238hxa2\",\n name: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n domains: {\n local: [\"localhost:5173\", \"127.0.0.1:5173\"],\n dev: [\"accounts.dev.culturefy.app\"],\n staging: [\"accounts.staging.culturefy.app\"],\n prod: [\"accounts.culturefy.app\"]\n },\n\n auth: {\n realm: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n },\n\n exclude: {\n prod: [] // e.g. add \"app.culturefy.app\" to prevent misrouting\n },\n cookie: {\n prefix: \"__Secure-auth\",\n domain: {\n local: null, // host-bound in local\n dev: \".culturefy.
|
|
1
|
+
{"version":3,"file":"app.js","names":["APP_MAP","appId","name","clientId","domains","local","dev","staging","prod","auth","realm","exclude","cookie","prefix","domain","path","sameSite","secure","httpOnly","maxAgeSec","sid","rt"],"sources":["../../../src/constants/app.ts"],"sourcesContent":["import { IAppId, IDomainMappings } from \"../types/app\";\n\nexport const APP_MAP: Record<IAppId, IDomainMappings> = {\n '3238hxa2': {\n appId: \"3238hxa2\",\n name: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n domains: {\n local: [\"localhost:5173\", \"127.0.0.1:5173\"],\n dev: [\"accounts.dev.culturefy.app\"],\n staging: [\"accounts.staging.culturefy.app\"],\n prod: [\"accounts.culturefy.app\"]\n },\n\n auth: {\n realm: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n },\n\n exclude: {\n prod: [] // e.g. add \"app.culturefy.app\" to prevent misrouting\n },\n cookie: {\n prefix: \"__Secure-auth\",\n domain: {\n local: null, // host-bound in local\n dev: \".dev.culturefy.app\", // covers dev.culturefy.app + api.dev.culturefy.app\n staging: \".staging.culturefy.app\", // covers staging.culturefy.app + api.staging.culturefy.app\n prod: \".culturefy.app\"\n },\n path: \"/\",\n sameSite: \"None\",\n secure: true,\n httpOnly: true,\n maxAgeSec: { sid: 15 * 60, rt: 30 * 24 * 60 * 60 } // 15m / 30d\n }\n\n },\n '5x8jws1b': {\n appId: \"5x8jws1b\",\n name: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n domains: {\n local: [\"localhost:5173\", \"127.0.0.1:5173\"],\n dev: [\"accounts.dev.culturefy.app\"],\n staging: [\"accounts.staging.culturefy.app\"],\n prod: [\"accounts.culturefy.app\"]\n },\n\n auth: {\n realm: \"superadmin\",\n clientId: \"cfy-superadmin-web\",\n },\n\n exclude: {\n prod: [] // e.g. add \"app.culturefy.app\" to prevent misrouting\n },\n cookie: {\n prefix: \"__Secure-auth\",\n domain: {\n local: null, // host-bound in local\n dev: \".culturefy.dev\", // adjust to your dev root\n staging: \".culturefy.staging\", // adjust to your staging root\n prod: \".culturefy.app\"\n },\n path: \"/\",\n sameSite: \"None\",\n secure: true,\n httpOnly: true,\n maxAgeSec: { sid: 15 * 60, rt: 30 * 24 * 60 * 60 } // 15m / 30d\n }\n\n },\n\n};\n\n"],"mappings":"AAEA,OAAO,MAAMA,OAAwC,GAAG;EACtD,UAAU,EAAE;IACRC,KAAK,EAAE,UAAU;IACjBC,IAAI,EAAE,YAAY;IAClBC,QAAQ,EAAE,oBAAoB;IAC9BC,OAAO,EAAE;MACLC,KAAK,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;MAC3CC,GAAG,EAAE,CAAC,4BAA4B,CAAC;MACnCC,OAAO,EAAE,CAAC,gCAAgC,CAAC;MAC3CC,IAAI,EAAE,CAAC,wBAAwB;IACnC,CAAC;IAEDC,IAAI,EAAE;MACFC,KAAK,EAAE,YAAY;MACnBP,QAAQ,EAAE;IACd,CAAC;IAEDQ,OAAO,EAAE;MACLH,IAAI,EAAE,EAAE,CAAC;IACb,CAAC;IACDI,MAAM,EAAE;MACJC,MAAM,EAAE,eAAe;MACvBC,MAAM,EAAE;QACJT,KAAK,EAAE,IAAI;QAAE;QACbC,GAAG,EAAE,oBAAoB;QAAE;QAC3BC,OAAO,EAAE,wBAAwB;QAAE;QACnCC,IAAI,EAAE;MACV,CAAC;MACDO,IAAI,EAAE,GAAG;MACTC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,IAAI;MACdC,SAAS,EAAE;QAAEC,GAAG,EAAE,EAAE,GAAG,EAAE;QAAEC,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;MAAG,CAAC,CAAC;IACvD;EAEJ,CAAC;EACD,UAAU,EAAE;IACRpB,KAAK,EAAE,UAAU;IACjBC,IAAI,EAAE,YAAY;IAClBC,QAAQ,EAAE,oBAAoB;IAC9BC,OAAO,EAAE;MACLC,KAAK,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;MAC3CC,GAAG,EAAE,CAAC,4BAA4B,CAAC;MACnCC,OAAO,EAAE,CAAC,gCAAgC,CAAC;MAC3CC,IAAI,EAAE,CAAC,wBAAwB;IACnC,CAAC;IAEDC,IAAI,EAAE;MACFC,KAAK,EAAE,YAAY;MACnBP,QAAQ,EAAE;IACd,CAAC;IAEDQ,OAAO,EAAE;MACLH,IAAI,EAAE,EAAE,CAAC;IACb,CAAC;IACDI,MAAM,EAAE;MACJC,MAAM,EAAE,eAAe;MACvBC,MAAM,EAAE;QACJT,KAAK,EAAE,IAAI;QAAE;QACbC,GAAG,EAAE,gBAAgB;QAAE;QACvBC,OAAO,EAAE,oBAAoB;QAAE;QAC/BC,IAAI,EAAE;MACV,CAAC;MACDO,IAAI,EAAE,GAAG;MACTC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,IAAI;MACdC,SAAS,EAAE;QAAEC,GAAG,EAAE,EAAE,GAAG,EAAE;QAAEC,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;MAAG,CAAC,CAAC;IACvD;EAEJ;AAEF,CAAC","ignoreList":[]}
|
|
@@ -36,6 +36,8 @@ export let AzureSecretKeysEnum = /*#__PURE__*/function (AzureSecretKeysEnum) {
|
|
|
36
36
|
AzureSecretKeysEnum["GCP_PROJECT_ID"] = "gcp-project-id";
|
|
37
37
|
AzureSecretKeysEnum["PUBSUB_SERVICE_ACCOUNT_KEYS"] = "pubsub-service-account-keys";
|
|
38
38
|
AzureSecretKeysEnum["VAPI_TOKEN"] = "vapi-token";
|
|
39
|
+
AzureSecretKeysEnum["GITHUB_TOKEN"] = "GITHUB-TOKEN";
|
|
40
|
+
AzureSecretKeysEnum["GITHUB_WORKFLOW_URL"] = "GITHUB-WORKFLOW-URL";
|
|
39
41
|
return AzureSecretKeysEnum;
|
|
40
42
|
}({});
|
|
41
43
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_TENANT_BRIDGE = \"DB-Connecting-String-Tenant-Bridge\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":"AAAA;AACA,WAAYA,mBAAmB,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA;;
|
|
1
|
+
{"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_TENANT_BRIDGE = \"DB-Connecting-String-Tenant-Bridge\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n GITHUB_TOKEN = \"GITHUB-TOKEN\",\n GITHUB_WORKFLOW_URL = \"GITHUB-WORKFLOW-URL\",\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":"AAAA;AACA,WAAYA,mBAAmB,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA;;AAqC/B;AACA;;AAEA","ignoreList":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":[],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './verify-middleware';\n"],"mappings":"AAAA,cAAc,oBAAoB;AAClC,cAAc,qBAAqB","ignoreList":[]}
|
|
1
|
+
{"version":3,"file":"index.js","names":[],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":"AAAA,cAAc,oBAAoB;AAClC,cAAc,qBAAqB;AACnC,cAAc,kBAAkB","ignoreList":[]}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
import { verifyMw } from "./verify-middleware";
|
|
2
|
+
|
|
3
|
+
// Lightweight adapter to reuse verifyMw (Azure Functions-style) inside Express.
|
|
4
|
+
// It expects the Azure HttpRequest/InvocationContext to be available on the Express
|
|
5
|
+
// request as azureReq/azureCtx (set by the Azure→Express bridge). If absent, it
|
|
6
|
+
// builds minimal fallbacks so the middleware can still run in local tests.
|
|
7
|
+
const toHeaders = req => {
|
|
8
|
+
const h = new Headers();
|
|
9
|
+
Object.entries(req.headers).forEach(([key, value]) => {
|
|
10
|
+
if (Array.isArray(value)) {
|
|
11
|
+
value.forEach(v => h.append(key, v));
|
|
12
|
+
} else if (value !== undefined) {
|
|
13
|
+
h.append(key, String(value));
|
|
14
|
+
}
|
|
15
|
+
});
|
|
16
|
+
return h;
|
|
17
|
+
};
|
|
18
|
+
const buildAzureRequest = req => {
|
|
19
|
+
return {
|
|
20
|
+
method: req.method,
|
|
21
|
+
url: req.originalUrl || req.url,
|
|
22
|
+
headers: toHeaders(req),
|
|
23
|
+
query: req.query || {},
|
|
24
|
+
params: req.params || {},
|
|
25
|
+
// Body is already parsed by the Azure→Express adapter when present
|
|
26
|
+
body: req.body
|
|
27
|
+
};
|
|
28
|
+
};
|
|
29
|
+
const fallbackCtx = {
|
|
30
|
+
log: console.log,
|
|
31
|
+
info: console.info,
|
|
32
|
+
warn: console.warn,
|
|
33
|
+
error: console.error,
|
|
34
|
+
trace: console.debug
|
|
35
|
+
};
|
|
36
|
+
|
|
37
|
+
// Factory so callers can optionally provide their own ctx retriever
|
|
38
|
+
export const verifyExpress = getCtx => {
|
|
39
|
+
return async (req, res, next) => {
|
|
40
|
+
var _state;
|
|
41
|
+
const azureReq = req.azureReq || buildAzureRequest(req);
|
|
42
|
+
const ctx = req.azureCtx || (getCtx == null ? void 0 : getCtx(req)) || fallbackCtx;
|
|
43
|
+
const result = await verifyMw(azureReq, ctx, async () => ({
|
|
44
|
+
status: 200
|
|
45
|
+
}));
|
|
46
|
+
|
|
47
|
+
// Short-circuit on failures
|
|
48
|
+
if (result.status && result.status !== 200) {
|
|
49
|
+
var _result$status, _result$body;
|
|
50
|
+
if (result.headers) {
|
|
51
|
+
Object.entries(result.headers).forEach(([k, v]) => res.setHeader(k, String(v)));
|
|
52
|
+
}
|
|
53
|
+
return res.status((_result$status = result.status) != null ? _result$status : 401).send((_result$body = result.body) != null ? _result$body : "");
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
// Propagate auth payload if verifyMw set it
|
|
57
|
+
const auth = ctx == null || (_state = ctx.state) == null ? void 0 : _state.auth;
|
|
58
|
+
if (auth) {
|
|
59
|
+
req.auth = auth;
|
|
60
|
+
}
|
|
61
|
+
return next();
|
|
62
|
+
};
|
|
63
|
+
};
|
|
64
|
+
//# sourceMappingURL=verify-express.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify-express.js","names":["verifyMw","toHeaders","req","h","Headers","Object","entries","headers","forEach","key","value","Array","isArray","v","append","undefined","String","buildAzureRequest","method","url","originalUrl","query","params","body","fallbackCtx","log","console","info","warn","error","trace","debug","verifyExpress","getCtx","res","next","_state","azureReq","ctx","azureCtx","result","status","_result$status","_result$body","k","setHeader","send","auth","state"],"sources":["../../../src/middlewares/verify-express.ts"],"sourcesContent":["import { Request, Response, NextFunction } from \"express\";\nimport { HttpRequest, InvocationContext, HttpResponseInit } from \"@azure/functions\";\nimport { verifyMw } from \"./verify-middleware\";\n\n// Lightweight adapter to reuse verifyMw (Azure Functions-style) inside Express.\n// It expects the Azure HttpRequest/InvocationContext to be available on the Express\n// request as azureReq/azureCtx (set by the Azure→Express bridge). If absent, it\n// builds minimal fallbacks so the middleware can still run in local tests.\nconst toHeaders = (req: Request): Headers => {\n const h = new Headers();\n Object.entries(req.headers).forEach(([key, value]) => {\n if (Array.isArray(value)) {\n value.forEach((v) => h.append(key, v));\n } else if (value !== undefined) {\n h.append(key, String(value));\n }\n });\n return h;\n};\n\nconst buildAzureRequest = (req: Request): HttpRequest => {\n return {\n method: req.method,\n url: req.originalUrl || req.url,\n headers: toHeaders(req),\n query: (req.query || {}) as any,\n params: (req.params || {}) as any,\n // Body is already parsed by the Azure→Express adapter when present\n body: (req as any).body,\n } as HttpRequest;\n};\n\nconst fallbackCtx: InvocationContext = {\n log: console.log,\n info: console.info,\n warn: console.warn,\n error: console.error,\n trace: console.debug,\n} as any;\n\n// Factory so callers can optionally provide their own ctx retriever\nexport const verifyExpress = (\n getCtx?: (req: Request) => InvocationContext | undefined,\n) => {\n return async (req: Request, res: Response, next: NextFunction) => {\n const azureReq: HttpRequest = (req as any).azureReq || buildAzureRequest(req);\n const ctx: InvocationContext =\n (req as any).azureCtx || getCtx?.(req) || fallbackCtx;\n\n const result = await verifyMw(\n azureReq,\n ctx,\n async () => ({ status: 200 } as HttpResponseInit),\n );\n\n // Short-circuit on failures\n if (result.status && result.status !== 200) {\n if (result.headers) {\n Object.entries(result.headers).forEach(([k, v]) =>\n res.setHeader(k, String(v)),\n );\n }\n return res.status(result.status ?? 401).send(result.body ?? \"\");\n }\n\n // Propagate auth payload if verifyMw set it\n const auth = (ctx as any)?.state?.auth;\n if (auth) {\n (req as any).auth = auth;\n }\n\n return next();\n };\n};\n"],"mappings":"AAEA,SAASA,QAAQ,QAAQ,qBAAqB;;AAE9C;AACA;AACA;AACA;AACA,MAAMC,SAAS,GAAIC,GAAY,IAAc;EAC3C,MAAMC,CAAC,GAAG,IAAIC,OAAO,CAAC,CAAC;EACvBC,MAAM,CAACC,OAAO,CAACJ,GAAG,CAACK,OAAO,CAAC,CAACC,OAAO,CAAC,CAAC,CAACC,GAAG,EAAEC,KAAK,CAAC,KAAK;IACpD,IAAIC,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,EAAE;MACxBA,KAAK,CAACF,OAAO,CAAEK,CAAC,IAAKV,CAAC,CAACW,MAAM,CAACL,GAAG,EAAEI,CAAC,CAAC,CAAC;IACxC,CAAC,MAAM,IAAIH,KAAK,KAAKK,SAAS,EAAE;MAC9BZ,CAAC,CAACW,MAAM,CAACL,GAAG,EAAEO,MAAM,CAACN,KAAK,CAAC,CAAC;IAC9B;EACF,CAAC,CAAC;EACF,OAAOP,CAAC;AACV,CAAC;AAED,MAAMc,iBAAiB,GAAIf,GAAY,IAAkB;EACvD,OAAO;IACLgB,MAAM,EAAEhB,GAAG,CAACgB,MAAM;IAClBC,GAAG,EAAEjB,GAAG,CAACkB,WAAW,IAAIlB,GAAG,CAACiB,GAAG;IAC/BZ,OAAO,EAAEN,SAAS,CAACC,GAAG,CAAC;IACvBmB,KAAK,EAAGnB,GAAG,CAACmB,KAAK,IAAI,CAAC,CAAS;IAC/BC,MAAM,EAAGpB,GAAG,CAACoB,MAAM,IAAI,CAAC,CAAS;IACjC;IACAC,IAAI,EAAGrB,GAAG,CAASqB;EACrB,CAAC;AACH,CAAC;AAED,MAAMC,WAA8B,GAAG;EACrCC,GAAG,EAAEC,OAAO,CAACD,GAAG;EAChBE,IAAI,EAAED,OAAO,CAACC,IAAI;EAClBC,IAAI,EAAEF,OAAO,CAACE,IAAI;EAClBC,KAAK,EAAEH,OAAO,CAACG,KAAK;EACpBC,KAAK,EAAEJ,OAAO,CAACK;AACjB,CAAQ;;AAER;AACA,OAAO,MAAMC,aAAa,GACxBC,MAAwD,IACrD;EACH,OAAO,OAAO/B,GAAY,EAAEgC,GAAa,EAAEC,IAAkB,KAAK;IAAA,IAAAC,MAAA;IAChE,MAAMC,QAAqB,GAAInC,GAAG,CAASmC,QAAQ,IAAIpB,iBAAiB,CAACf,GAAG,CAAC;IAC7E,MAAMoC,GAAsB,GACzBpC,GAAG,CAASqC,QAAQ,KAAIN,MAAM,oBAANA,MAAM,CAAG/B,GAAG,CAAC,KAAIsB,WAAW;IAEvD,MAAMgB,MAAM,GAAG,MAAMxC,QAAQ,CAC3BqC,QAAQ,EACRC,GAAG,EACH,aAAa;MAAEG,MAAM,EAAE;IAAI,CAAC,CAC9B,CAAC;;IAED;IACA,IAAID,MAAM,CAACC,MAAM,IAAID,MAAM,CAACC,MAAM,KAAK,GAAG,EAAE;MAAA,IAAAC,cAAA,EAAAC,YAAA;MAC1C,IAAIH,MAAM,CAACjC,OAAO,EAAE;QAClBF,MAAM,CAACC,OAAO,CAACkC,MAAM,CAACjC,OAAO,CAAC,CAACC,OAAO,CAAC,CAAC,CAACoC,CAAC,EAAE/B,CAAC,CAAC,KAC5CqB,GAAG,CAACW,SAAS,CAACD,CAAC,EAAE5B,MAAM,CAACH,CAAC,CAAC,CAC5B,CAAC;MACH;MACA,OAAOqB,GAAG,CAACO,MAAM,EAAAC,cAAA,GAACF,MAAM,CAACC,MAAM,YAAAC,cAAA,GAAI,GAAG,CAAC,CAACI,IAAI,EAAAH,YAAA,GAACH,MAAM,CAACjB,IAAI,YAAAoB,YAAA,GAAI,EAAE,CAAC;IACjE;;IAEA;IACA,MAAMI,IAAI,GAAIT,GAAG,aAAAF,MAAA,GAAHE,GAAG,CAAUU,KAAK,qBAAnBZ,MAAA,CAAqBW,IAAI;IACtC,IAAIA,IAAI,EAAE;MACP7C,GAAG,CAAS6C,IAAI,GAAGA,IAAI;IAC1B;IAEA,OAAOZ,IAAI,CAAC,CAAC;EACf,CAAC;AACH,CAAC","ignoreList":[]}
|
|
@@ -296,7 +296,15 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
|
|
|
296
296
|
});
|
|
297
297
|
|
|
298
298
|
// Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
|
|
299
|
-
|
|
299
|
+
const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : typeof data.expires_in === "number" ? data.expires_in : 60 * 60 * 24; // fallback 24h
|
|
300
|
+
|
|
301
|
+
setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {
|
|
302
|
+
// mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only
|
|
303
|
+
httpOnly: false,
|
|
304
|
+
secure: true,
|
|
305
|
+
sameSite: "None",
|
|
306
|
+
maxAge: mappingMaxAge
|
|
307
|
+
});
|
|
300
308
|
|
|
301
309
|
// Decode new AT and proceed
|
|
302
310
|
let p2;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_p$sub","_ref2","_p$cfy_bid","_ref3","_p$email","_p$name","_ref4","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","_unused","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","info","_ref5","_ref5$state","_p2$sub","_ref6","_p2$cfy_bid","_ref7","_p2$email","_p2$name","_ref8","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","p2","_unused2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping);\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,wBAAwB,QAAQ,UAAU;AAEnD,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGjB,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACtC,OAAO,aAAAwB,cAAA,GAAPxB,OAAO,CAAGsC,KAAK,CAAC,aAAhBd,cAAA,CAAkBiB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAG/C,OAAO,CAACsC,KAAK,CAAC,CAACG,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAGtC,iBAAiB,CAACW,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIS,OAAsB,GAAGD,OAAO,CAAC,uBAAuBV,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACW,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM/C,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC4C,oBAAoB,IAAI,EAAE,EACtClD,mBAAmB,CAACmD,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMQ,mBAAmB,GAAG,IAAIjD,mBAAmB,CAACiB,GAAG,EAAE6B,KAAK,CAAC;EAE/D,MAAMI,YAAY,GAAG,MAAMD,mBAAmB,CAACE,mBAAmB,CAACP,OAAO,CAAC;EAE3E,IAAI,CAACM,YAAY,EAAE;IACjB,OAAO;MACLb,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIW,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMe,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMrB,QAAQ,GAAGc,YAAY,CAACd,QAAQ;;EAEtC;EACA,IAAIsB,CAAM;EACV,IAAI;IACFA,CAAC,GAAG9D,SAAS,CAACwD,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAO,OAAA,EAAM;IACN,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAArB,EAAA,GAACsC,CAAC,aAADtC,EAAA,CAAGwC,GAAG,GAAE;IACX,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMoB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAClD,GAAG,EAAEC,GAAG,EAAEgB,KAAK,EAAEuB,KAAK,EAAEpB,QAAQ,EAAEkB,EAAE,EAAEV,OAAO,EAAEc,CAAC,EAAExC,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMiD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAChD,OAAOsB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKlC,QAAQ,IAAIsB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKpC,QAAQ;EAEpB,IAAI,CAAC+B,KAAK,EAAE;IACV,OAAO;MACL9B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAnB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAASwD,KAAK,YAAAnD,UAAA,GAAlBD,IAAA,CAAaoD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhC1D,GAAG,CAASwD,KAAK,CAACG,IAAI,GAAG;IACxB3C,KAAK;IACL4C,MAAM,GAAAtD,MAAA,GAAEmC,CAAC,CAACoB,GAAG,YAAAvD,MAAA,GAAI,IAAI;IACrBwD,UAAU,GAAAvD,KAAA,IAAAC,UAAA,GAAEiC,CAAC,CAACsB,OAAO,YAAAvD,UAAA,GAAIiD,QAAQ,YAAAlD,KAAA,GAAI,IAAI;IACzCkD,QAAQ;IACRO,KAAK,GAAAvD,KAAA,IAAAC,QAAA,GAAE+B,CAAC,CAACuB,KAAK,YAAAtD,QAAA,GAAI+B,CAAC,CAACwB,kBAAkB,YAAAxD,KAAA,GAAI,IAAI;IAC9CyD,IAAI,GAAAvD,OAAA,GAAE8B,CAAC,CAACyB,IAAI,YAAAvD,OAAA,GAAIwD,SAAS;IACzBC,KAAK,GAAAxD,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE2B,CAAC,CAAC4B,eAAe,cAAAvD,kBAAA,GAAjBA,kBAAA,CAAoBK,QAAQ,CAAC,qBAA7BL,kBAAA,CAA+BsD,KAAK,YAAAvD,qBAAA,IAAAE,eAAA,GAAI0B,CAAC,CAAC6B,YAAY,qBAAdvD,eAAA,CAAgBqD,KAAK,YAAAxD,KAAA,GAAI,EAAE;IAC1EoC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAO/C,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAegD,kBAAkBA,CAC/BlD,GAAgB,EAChBC,GAAsB,EACtBgB,KAAa,EACbwB,OAAe,EACfrB,QAAgB,EAChBkB,EAAsB,EACtBV,OAAe,EACfc,CAAM,EACNxC,IAAqC,EACV;EAC3B;EACA,IAAI,CAACoC,EAAE,EAAE;IACP,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAxB,GAAG,CAACuE,IAAI,CAAC,iDAAiD,EAAE;IAC1D/B,OAAO;IACPrB,QAAQ;IACRkB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAmC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAACrG,MAAM,EAAE;MAC/BsG,MAAM,EAAE,MAAM;MACdrE,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBiB,OAAO;QACPrB,QAAQ,EAAEA,QAAQ;QAClBoE,aAAa,EAAElD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC+C,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9BzF,GAAG,CAAC0F,IAAI,YAAR1F,GAAG,CAAC0F,IAAI,CAAG,wBAAwBN,IAAI,CAAChE,MAAM,IAAIqE,IAAI,EAAE,CAAC;MACzD,OAAO;QACLrE,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMmE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL5E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM/C,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC4C,oBAAoB,IAAI,EAAE,EACtClD,mBAAmB,CAACmD,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMQ,mBAAmB,GAAG,IAAIjD,mBAAmB,CAACiB,GAAG,EAAE6B,KAAK,CAAC;IAE/D,MAAMG,mBAAmB,CAACiE,kBAAkB,CAACtE,OAAO,EAAE;MACpDS,WAAW,EAAE0D,KAAe;MAC5BxD,YAAY,EAAE0D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAIpD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGiD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGhC;IACnG,CAAC,CAAC;;IAEF;IACAtF,WAAW,CAACmB,GAAG,EAAE,uBAAuBgB,KAAK,UAAU,EAAEW,OAAO,CAAC;;IAEjE;IACA,IAAIyE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAGzH,SAAS,CAACmH,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAO,QAAA,EAAM;MACnC,OAAO;QACLjF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAM8E,MAAM,GACTnD,KAAK,CAACC,OAAO,CAACgD,EAAE,CAAC/C,GAAG,CAAC,IAAI+C,EAAE,CAAC/C,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAClD,OAAOiF,EAAE,CAAC/C,GAAG,KAAK,QAAQ,KAAK+C,EAAE,CAAC/C,GAAG,KAAKlC,QAAQ,IAAIiF,EAAE,CAAC/C,GAAG,KAAK,SAAS,CAAE,IAC7E+C,EAAE,CAAC7C,GAAG,KAAKpC,QAAQ;IACrB,IAAI,CAACmF,MAAM,EAAE;MACX,OAAO;QACLlF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAiD,WAAA,IAAAD,KAAA,GAACxE,GAAG,EAASwD,KAAK,YAAAiB,WAAA,GAAlBD,KAAA,CAAahB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+C,SAAS,GAAG/D,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnC1D,GAAG,CAASwD,KAAK,CAACG,IAAI,GAAG;MACxB3C,KAAK;MACL4C,MAAM,GAAAc,OAAA,GAAE0B,EAAE,CAACvC,GAAG,YAAAa,OAAA,GAAI,IAAI;MACtBZ,UAAU,GAAAa,KAAA,IAAAC,WAAA,GAAEwB,EAAE,CAACrC,OAAO,YAAAa,WAAA,GAAI2B,SAAS,YAAA5B,KAAA,GAAI,IAAI;MAC3ClB,QAAQ,EAAE8C,SAAS;MACnBvC,KAAK,GAAAa,KAAA,IAAAC,SAAA,GAAEsB,EAAE,CAACpC,KAAK,YAAAc,SAAA,GAAIsB,EAAE,CAACnC,kBAAkB,YAAAY,KAAA,GAAI,IAAI;MAChDX,IAAI,GAAAa,QAAA,GAAEqB,EAAE,CAAClC,IAAI,YAAAa,QAAA,GAAIZ,SAAS;MAC1BC,KAAK,GAAAY,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEkB,EAAE,CAAC/B,eAAe,cAAAa,mBAAA,GAAlBA,mBAAA,CAAqB/D,QAAQ,CAAC,qBAA9B+D,mBAAA,CAAgCd,KAAK,YAAAa,qBAAA,IAAAE,gBAAA,GAAIiB,EAAE,CAAC9B,YAAY,qBAAfa,gBAAA,CAAiBf,KAAK,YAAAY,KAAA,GAAI,EAAE;MAC5EhC,GAAG,EAAEoD,EAAE,CAACpD;IACV,CAAC;;IAED;IACA,OAAO/C,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOuG,CAAC,EAAE;IACVxG,GAAG,CAACyG,KAAK,YAATzG,GAAG,CAACyG,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACLpF,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAAC8E,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAAChD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAO+C,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
1
|
+
{"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_p$sub","_ref2","_p$cfy_bid","_ref3","_p$email","_p$name","_ref4","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","_unused","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","info","_ref5","_ref5$state","_p2$sub","_ref6","_p2$cfy_bid","_ref7","_p2$email","_p2$name","_ref8","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","mappingMaxAge","refresh_expires_in","httpOnly","secure","sameSite","maxAge","p2","_unused2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,wBAAwB,QAAQ,UAAU;AAEnD,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGjB,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACtC,OAAO,aAAAwB,cAAA,GAAPxB,OAAO,CAAGsC,KAAK,CAAC,aAAhBd,cAAA,CAAkBiB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAG/C,OAAO,CAACsC,KAAK,CAAC,CAACG,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAGtC,iBAAiB,CAACW,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIS,OAAsB,GAAGD,OAAO,CAAC,uBAAuBV,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACW,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM/C,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC4C,oBAAoB,IAAI,EAAE,EACtClD,mBAAmB,CAACmD,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMQ,mBAAmB,GAAG,IAAIjD,mBAAmB,CAACiB,GAAG,EAAE6B,KAAK,CAAC;EAE/D,MAAMI,YAAY,GAAG,MAAMD,mBAAmB,CAACE,mBAAmB,CAACP,OAAO,CAAC;EAE3E,IAAI,CAACM,YAAY,EAAE;IACjB,OAAO;MACLb,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIW,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMe,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMrB,QAAQ,GAAGc,YAAY,CAACd,QAAQ;;EAEtC;EACA,IAAIsB,CAAM;EACV,IAAI;IACFA,CAAC,GAAG9D,SAAS,CAACwD,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAO,OAAA,EAAM;IACN,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAArB,EAAA,GAACsC,CAAC,aAADtC,EAAA,CAAGwC,GAAG,GAAE;IACX,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMoB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAClD,GAAG,EAAEC,GAAG,EAAEgB,KAAK,EAAEuB,KAAK,EAAEpB,QAAQ,EAAEkB,EAAE,EAAEV,OAAO,EAAEc,CAAC,EAAExC,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMiD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAChD,OAAOsB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKlC,QAAQ,IAAIsB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKpC,QAAQ;EAEpB,IAAI,CAAC+B,KAAK,EAAE;IACV,OAAO;MACL9B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAnB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAASwD,KAAK,YAAAnD,UAAA,GAAlBD,IAAA,CAAaoD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhC1D,GAAG,CAASwD,KAAK,CAACG,IAAI,GAAG;IACxB3C,KAAK;IACL4C,MAAM,GAAAtD,MAAA,GAAEmC,CAAC,CAACoB,GAAG,YAAAvD,MAAA,GAAI,IAAI;IACrBwD,UAAU,GAAAvD,KAAA,IAAAC,UAAA,GAAEiC,CAAC,CAACsB,OAAO,YAAAvD,UAAA,GAAIiD,QAAQ,YAAAlD,KAAA,GAAI,IAAI;IACzCkD,QAAQ;IACRO,KAAK,GAAAvD,KAAA,IAAAC,QAAA,GAAE+B,CAAC,CAACuB,KAAK,YAAAtD,QAAA,GAAI+B,CAAC,CAACwB,kBAAkB,YAAAxD,KAAA,GAAI,IAAI;IAC9CyD,IAAI,GAAAvD,OAAA,GAAE8B,CAAC,CAACyB,IAAI,YAAAvD,OAAA,GAAIwD,SAAS;IACzBC,KAAK,GAAAxD,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE2B,CAAC,CAAC4B,eAAe,cAAAvD,kBAAA,GAAjBA,kBAAA,CAAoBK,QAAQ,CAAC,qBAA7BL,kBAAA,CAA+BsD,KAAK,YAAAvD,qBAAA,IAAAE,eAAA,GAAI0B,CAAC,CAAC6B,YAAY,qBAAdvD,eAAA,CAAgBqD,KAAK,YAAAxD,KAAA,GAAI,EAAE;IAC1EoC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAO/C,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAegD,kBAAkBA,CAC/BlD,GAAgB,EAChBC,GAAsB,EACtBgB,KAAa,EACbwB,OAAe,EACfrB,QAAgB,EAChBkB,EAAsB,EACtBV,OAAe,EACfc,CAAM,EACNxC,IAAqC,EACV;EAC3B;EACA,IAAI,CAACoC,EAAE,EAAE;IACP,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAxB,GAAG,CAACuE,IAAI,CAAC,iDAAiD,EAAE;IAC1D/B,OAAO;IACPrB,QAAQ;IACRkB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAmC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAACrG,MAAM,EAAE;MAC/BsG,MAAM,EAAE,MAAM;MACdrE,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBiB,OAAO;QACPrB,QAAQ,EAAEA,QAAQ;QAClBoE,aAAa,EAAElD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC+C,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9BzF,GAAG,CAAC0F,IAAI,YAAR1F,GAAG,CAAC0F,IAAI,CAAG,wBAAwBN,IAAI,CAAChE,MAAM,IAAIqE,IAAI,EAAE,CAAC;MACzD,OAAO;QACLrE,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMmE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL5E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM/C,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC4C,oBAAoB,IAAI,EAAE,EACtClD,mBAAmB,CAACmD,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMQ,mBAAmB,GAAG,IAAIjD,mBAAmB,CAACiB,GAAG,EAAE6B,KAAK,CAAC;IAE/D,MAAMG,mBAAmB,CAACiE,kBAAkB,CAACtE,OAAO,EAAE;MACpDS,WAAW,EAAE0D,KAAe;MAC5BxD,YAAY,EAAE0D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAIpD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGiD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGhC;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMiC,aAAa,GACjB,OAAOP,IAAI,CAACQ,kBAAkB,KAAK,QAAQ,GACvCR,IAAI,CAACQ,kBAAkB,GACvB,OAAOR,IAAI,CAACM,UAAU,KAAK,QAAQ,GACjCN,IAAI,CAACM,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtBtH,WAAW,CAACmB,GAAG,EAAE,uBAAuBgB,KAAK,UAAU,EAAEW,OAAO,EAAE;MAChE;MACA2E,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEL;IACV,CAAC,CAAC;;IAEF;IACA,IAAIM,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG/H,SAAS,CAACmH,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAa,QAAA,EAAM;MACnC,OAAO;QACLvF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMoF,MAAM,GACTzD,KAAK,CAACC,OAAO,CAACsD,EAAE,CAACrD,GAAG,CAAC,IAAIqD,EAAE,CAACrD,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAClD,OAAOuF,EAAE,CAACrD,GAAG,KAAK,QAAQ,KAAKqD,EAAE,CAACrD,GAAG,KAAKlC,QAAQ,IAAIuF,EAAE,CAACrD,GAAG,KAAK,SAAS,CAAE,IAC7EqD,EAAE,CAACnD,GAAG,KAAKpC,QAAQ;IACrB,IAAI,CAACyF,MAAM,EAAE;MACX,OAAO;QACLxF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAiD,WAAA,IAAAD,KAAA,GAACxE,GAAG,EAASwD,KAAK,YAAAiB,WAAA,GAAlBD,KAAA,CAAahB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMqD,SAAS,GAAGrE,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnC1D,GAAG,CAASwD,KAAK,CAACG,IAAI,GAAG;MACxB3C,KAAK;MACL4C,MAAM,GAAAc,OAAA,GAAEgC,EAAE,CAAC7C,GAAG,YAAAa,OAAA,GAAI,IAAI;MACtBZ,UAAU,GAAAa,KAAA,IAAAC,WAAA,GAAE8B,EAAE,CAAC3C,OAAO,YAAAa,WAAA,GAAIiC,SAAS,YAAAlC,KAAA,GAAI,IAAI;MAC3ClB,QAAQ,EAAEoD,SAAS;MACnB7C,KAAK,GAAAa,KAAA,IAAAC,SAAA,GAAE4B,EAAE,CAAC1C,KAAK,YAAAc,SAAA,GAAI4B,EAAE,CAACzC,kBAAkB,YAAAY,KAAA,GAAI,IAAI;MAChDX,IAAI,GAAAa,QAAA,GAAE2B,EAAE,CAACxC,IAAI,YAAAa,QAAA,GAAIZ,SAAS;MAC1BC,KAAK,GAAAY,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEwB,EAAE,CAACrC,eAAe,cAAAa,mBAAA,GAAlBA,mBAAA,CAAqB/D,QAAQ,CAAC,qBAA9B+D,mBAAA,CAAgCd,KAAK,YAAAa,qBAAA,IAAAE,gBAAA,GAAIuB,EAAE,CAACpC,YAAY,qBAAfa,gBAAA,CAAiBf,KAAK,YAAAY,KAAA,GAAI,EAAE;MAC5EhC,GAAG,EAAE0D,EAAE,CAAC1D;IACV,CAAC;;IAED;IACA,OAAO/C,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAO6G,CAAC,EAAE;IACV9G,GAAG,CAAC+G,KAAK,YAAT/G,GAAG,CAAC+G,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACL1F,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACoF,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAACtD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOqD,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app.js","names":[],"sources":["../../../src/types/app.ts"],"sourcesContent":["export type IAppId = \"3238hxa2\" | \"
|
|
1
|
+
{"version":3,"file":"app.js","names":[],"sources":["../../../src/types/app.ts"],"sourcesContent":["export type IAppId = \"3238hxa2\" | \"5x8jws1b\";\n\nexport interface IDomainMappings {\n domains: Record<string, string[]>;\n clientId: string;\n appId: string;\n name: string;\n exclude: Record<string, string[]>;\n cookie: {\n prefix: string;\n domain: {\n local: string | null;\n dev: string;\n staging: string;\n prod: string;\n };\n path: string;\n sameSite: string;\n secure: boolean;\n httpOnly: boolean;\n maxAgeSec: { sid: number; rt: number };\n };\n auth?: {\n realm: string;\n clientId: string;\n };\n}"],"mappings":"","ignoreList":[]}
|
|
@@ -1,5 +1,12 @@
|
|
|
1
|
-
export function setCookieKV(ctx, key, value) {
|
|
1
|
+
export function setCookieKV(ctx, key, value, options = {}) {
|
|
2
2
|
var _ref, _ref$CTX_COOKIES_OBJ, _ref2, _ref2$CTX_COOKIES;
|
|
3
|
+
const {
|
|
4
|
+
httpOnly = true,
|
|
5
|
+
secure = true,
|
|
6
|
+
sameSite = "None",
|
|
7
|
+
maxAge = 300 // seconds (default)
|
|
8
|
+
} = options;
|
|
9
|
+
|
|
3
10
|
// Object-cookie bag (preferred)
|
|
4
11
|
const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj");
|
|
5
12
|
// @ts-ignore
|
|
@@ -8,17 +15,17 @@ export function setCookieKV(ctx, key, value) {
|
|
|
8
15
|
name: key,
|
|
9
16
|
value,
|
|
10
17
|
path: "/",
|
|
11
|
-
httpOnly
|
|
12
|
-
secure
|
|
18
|
+
httpOnly,
|
|
19
|
+
secure,
|
|
13
20
|
// drop to false if testing on http://
|
|
14
|
-
sameSite
|
|
21
|
+
sameSite,
|
|
15
22
|
// use "Lax" for same-site
|
|
16
|
-
maxAge
|
|
23
|
+
maxAge
|
|
17
24
|
});
|
|
18
25
|
|
|
19
26
|
// (Optional) Keep your string fallback too:
|
|
20
27
|
const CTX_COOKIES = Symbol.for("cfy.resCookies");
|
|
21
28
|
const strBag = (_ref2$CTX_COOKIES = (_ref2 = ctx)[CTX_COOKIES]) != null ? _ref2$CTX_COOKIES : _ref2[CTX_COOKIES] = [];
|
|
22
|
-
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path
|
|
29
|
+
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
|
|
23
30
|
}
|
|
24
31
|
//# sourceMappingURL=cookies.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","
|
|
1
|
+
{"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","options","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","httpOnly","secure","sameSite","maxAge","CTX_COOKIES_OBJ","Symbol","for","objBag","push","name","path","CTX_COOKIES","strBag","encodeURIComponent"],"sources":["../../../src/utils/cookies.ts"],"sourcesContent":["import { InvocationContext } from \"@azure/functions\";\n\ntype CookieOptions = {\n httpOnly?: boolean;\n secure?: boolean;\n sameSite?: \"None\" | \"Lax\" | \"Strict\";\n maxAge?: number;\n};\n\nexport function setCookieKV(\n ctx: InvocationContext,\n key: string,\n value: string,\n options: CookieOptions = {}\n): void {\n const {\n httpOnly = true,\n secure = true,\n sameSite = \"None\",\n maxAge = 300, // seconds (default)\n } = options;\n\n // Object-cookie bag (preferred)\n const CTX_COOKIES_OBJ = Symbol.for(\"cfy.resCookies.obj\");\n // @ts-ignore\n const objBag = ((ctx as any)[CTX_COOKIES_OBJ] ??= [] as HttpCookie[]);\n objBag.push({\n name: key,\n value,\n path: \"/\",\n httpOnly,\n secure, // drop to false if testing on http://\n sameSite, // use \"Lax\" for same-site\n maxAge,\n });\n\n // (Optional) Keep your string fallback too:\n const CTX_COOKIES = Symbol.for(\"cfy.resCookies\");\n const strBag = ((ctx as any)[CTX_COOKIES] ??= [] as string[]);\n strBag.push(\n `${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? \" HttpOnly;\" : \"\"} SameSite=${sameSite};${secure ? \" Secure;\" : \"\"}${typeof maxAge === \"number\" ? ` Max-Age=${maxAge}` : \"\"}`\n );\n}"],"mappings":"AASA,OAAO,SAASA,WAAWA,CACzBC,GAAsB,EACtBC,GAAW,EACXC,KAAa,EACbC,OAAsB,GAAG,CAAC,CAAC,EACrB;EAAA,IAAAC,IAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,iBAAA;EACN,MAAM;IACJC,QAAQ,GAAG,IAAI;IACfC,MAAM,GAAG,IAAI;IACbC,QAAQ,GAAG,MAAM;IACjBC,MAAM,GAAG,GAAG,CAAE;EAChB,CAAC,GAAGR,OAAO;;EAEX;EACA,MAAMS,eAAe,GAAGC,MAAM,CAACC,GAAG,CAAC,oBAAoB,CAAC;EACxD;EACA,MAAMC,MAAM,IAAAV,oBAAA,GAAI,CAAAD,IAAA,GAACJ,GAAG,EAASY,eAAe,CAAC,YAAAP,oBAAA,GAA7BD,IAAA,CAAaQ,eAAe,CAAC,GAAK,EAAmB;EACrEG,MAAM,CAACC,IAAI,CAAC;IACRC,IAAI,EAAEhB,GAAG;IACTC,KAAK;IACLgB,IAAI,EAAE,GAAG;IACTV,QAAQ;IACRC,MAAM;IAAQ;IACdC,QAAQ;IAAI;IACZC;EACJ,CAAC,CAAC;;EAEF;EACA,MAAMQ,WAAW,GAAGN,MAAM,CAACC,GAAG,CAAC,gBAAgB,CAAC;EAChD,MAAMM,MAAM,IAAAb,iBAAA,GAAI,CAAAD,KAAA,GAACN,GAAG,EAASmB,WAAW,CAAC,YAAAZ,iBAAA,GAAzBD,KAAA,CAAaa,WAAW,CAAC,GAAK,EAAe;EAC7DC,MAAM,CAACJ,IAAI,CACP,GAAGK,kBAAkB,CAACpB,GAAG,CAAC,IAAIoB,kBAAkB,CAACnB,KAAK,CAAC,YAAYM,QAAQ,GAAG,YAAY,GAAG,EAAE,aAAaE,QAAQ,IAAID,MAAM,GAAG,UAAU,GAAG,EAAE,GAAG,OAAOE,MAAM,KAAK,QAAQ,GAAG,YAAYA,MAAM,EAAE,GAAG,EAAE,EAC7M,CAAC;AACH","ignoreList":[]}
|
|
@@ -23,8 +23,8 @@ exports.APP_MAP = {
|
|
|
23
23
|
prefix: "__Secure-auth",
|
|
24
24
|
domain: {
|
|
25
25
|
local: null, // host-bound in local
|
|
26
|
-
dev: ".culturefy.
|
|
27
|
-
staging: ".culturefy.
|
|
26
|
+
dev: ".dev.culturefy.app", // covers dev.culturefy.app + api.dev.culturefy.app
|
|
27
|
+
staging: ".staging.culturefy.app", // covers staging.culturefy.app + api.staging.culturefy.app
|
|
28
28
|
prod: ".culturefy.app"
|
|
29
29
|
},
|
|
30
30
|
path: "/",
|
|
@@ -34,8 +34,8 @@ exports.APP_MAP = {
|
|
|
34
34
|
maxAgeSec: { sid: 15 * 60, rt: 30 * 24 * 60 * 60 } // 15m / 30d
|
|
35
35
|
}
|
|
36
36
|
},
|
|
37
|
-
'
|
|
38
|
-
appId: "
|
|
37
|
+
'5x8jws1b': {
|
|
38
|
+
appId: "5x8jws1b",
|
|
39
39
|
name: "superadmin",
|
|
40
40
|
clientId: "cfy-superadmin-web",
|
|
41
41
|
domains: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app.js","sourceRoot":"","sources":["../../../src/constants/app.ts"],"names":[],"mappings":";;;AAEa,QAAA,OAAO,GAAoC;IACtD,UAAU,EAAE;QACR,KAAK,EAAE,UAAU;QACjB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,oBAAoB;QAC9B,OAAO,EAAE;YACL,KAAK,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;YAC3C,GAAG,EAAE,CAAC,4BAA4B,CAAC;YACnC,OAAO,EAAE,CAAC,gCAAgC,CAAC;YAC3C,IAAI,EAAE,CAAC,wBAAwB,CAAC;SACnC;QAED,IAAI,EAAE;YACF,KAAK,EAAE,YAAY;YACnB,QAAQ,EAAE,oBAAoB;SACjC;QAED,OAAO,EAAE;YACL,IAAI,EAAE,EAAE,CAAC,qDAAqD;SACjE;QACD,MAAM,EAAE;YACJ,MAAM,EAAE,eAAe;YACvB,MAAM,EAAE;gBACJ,KAAK,EAAE,IAAI,EAAE,sBAAsB;gBACnC,GAAG,EAAE,
|
|
1
|
+
{"version":3,"file":"app.js","sourceRoot":"","sources":["../../../src/constants/app.ts"],"names":[],"mappings":";;;AAEa,QAAA,OAAO,GAAoC;IACtD,UAAU,EAAE;QACR,KAAK,EAAE,UAAU;QACjB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,oBAAoB;QAC9B,OAAO,EAAE;YACL,KAAK,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;YAC3C,GAAG,EAAE,CAAC,4BAA4B,CAAC;YACnC,OAAO,EAAE,CAAC,gCAAgC,CAAC;YAC3C,IAAI,EAAE,CAAC,wBAAwB,CAAC;SACnC;QAED,IAAI,EAAE;YACF,KAAK,EAAE,YAAY;YACnB,QAAQ,EAAE,oBAAoB;SACjC;QAED,OAAO,EAAE;YACL,IAAI,EAAE,EAAE,CAAC,qDAAqD;SACjE;QACD,MAAM,EAAE;YACJ,MAAM,EAAE,eAAe;YACvB,MAAM,EAAE;gBACJ,KAAK,EAAE,IAAI,EAAE,sBAAsB;gBACnC,GAAG,EAAE,oBAAoB,EAAE,mDAAmD;gBAC9E,OAAO,EAAE,wBAAwB,EAAE,2DAA2D;gBAC9F,IAAI,EAAE,gBAAgB;aACzB;YACD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,YAAY;SAClE;KAEJ;IACD,UAAU,EAAE;QACR,KAAK,EAAE,UAAU;QACjB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,oBAAoB;QAC9B,OAAO,EAAE;YACL,KAAK,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;YAC3C,GAAG,EAAE,CAAC,4BAA4B,CAAC;YACnC,OAAO,EAAE,CAAC,gCAAgC,CAAC;YAC3C,IAAI,EAAE,CAAC,wBAAwB,CAAC;SACnC;QAED,IAAI,EAAE;YACF,KAAK,EAAE,YAAY;YACnB,QAAQ,EAAE,oBAAoB;SACjC;QAED,OAAO,EAAE;YACL,IAAI,EAAE,EAAE,CAAC,qDAAqD;SACjE;QACD,MAAM,EAAE;YACJ,MAAM,EAAE,eAAe;YACvB,MAAM,EAAE;gBACJ,KAAK,EAAE,IAAI,EAAE,sBAAsB;gBACnC,GAAG,EAAE,gBAAgB,EAAE,0BAA0B;gBACjD,OAAO,EAAE,oBAAoB,EAAE,8BAA8B;gBAC7D,IAAI,EAAE,gBAAgB;aACzB;YACD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,YAAY;SAClE;KAEJ;CAEF,CAAC"}
|
|
@@ -30,5 +30,7 @@ export declare enum AzureSecretKeysEnum {
|
|
|
30
30
|
AUTH_SERVICE_AUTHENTICATION_URL = "AUTH-SERVICE-AUTHENTICATION-URL",
|
|
31
31
|
GCP_PROJECT_ID = "gcp-project-id",
|
|
32
32
|
PUBSUB_SERVICE_ACCOUNT_KEYS = "pubsub-service-account-keys",
|
|
33
|
-
VAPI_TOKEN = "vapi-token"
|
|
33
|
+
VAPI_TOKEN = "vapi-token",
|
|
34
|
+
GITHUB_TOKEN = "GITHUB-TOKEN",
|
|
35
|
+
GITHUB_WORKFLOW_URL = "GITHUB-WORKFLOW-URL"
|
|
34
36
|
}
|
|
@@ -36,6 +36,8 @@ var AzureSecretKeysEnum;
|
|
|
36
36
|
AzureSecretKeysEnum["GCP_PROJECT_ID"] = "gcp-project-id";
|
|
37
37
|
AzureSecretKeysEnum["PUBSUB_SERVICE_ACCOUNT_KEYS"] = "pubsub-service-account-keys";
|
|
38
38
|
AzureSecretKeysEnum["VAPI_TOKEN"] = "vapi-token";
|
|
39
|
+
AzureSecretKeysEnum["GITHUB_TOKEN"] = "GITHUB-TOKEN";
|
|
40
|
+
AzureSecretKeysEnum["GITHUB_WORKFLOW_URL"] = "GITHUB-WORKFLOW-URL";
|
|
39
41
|
})(AzureSecretKeysEnum || (exports.AzureSecretKeysEnum = AzureSecretKeysEnum = {}));
|
|
40
42
|
// AUTH-SERVICE-AUTHENTICATION-URL
|
|
41
43
|
// https://culturefy-auth-staging.azurewebsites.net/api/verify
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secretKeys.enum.js","sourceRoot":"","sources":["../../../src/enums/secretKeys.enum.ts"],"names":[],"mappings":";;;AAAA,uBAAuB;AACvB,IAAY,
|
|
1
|
+
{"version":3,"file":"secretKeys.enum.js","sourceRoot":"","sources":["../../../src/enums/secretKeys.enum.ts"],"names":[],"mappings":";;;AAAA,uBAAuB;AACvB,IAAY,mBAmCX;AAnCD,WAAY,mBAAmB;IAC7B,oFAA6D,CAAA;IAC7D,4EAAqD,CAAA;IACrD,8DAAuC,CAAA;IACvC,8FAAuE,CAAA;IACvE,0FAAmE,CAAA;IACnE,sFAA+D,CAAA;IAC/D,8DAAuC,CAAA;IACvC,8EAAuD,CAAA;IACvD,8EAAuD,CAAA;IACvD,gGAAyE,CAAA;IACzE,oFAA6D,CAAA;IAC7D,8EAAuD,CAAA;IACvD,oFAA6D,CAAA;IAC7D,oFAA8D,CAAA;IAC9D,oFAA6D,CAAA;IAC7D,gGAAyE,CAAA;IACzE,qFAA8D,CAAA;IAC9D,sGAA+E,CAAA;IAC/E,oGAA6E,CAAA;IAC7E,oGAA6E,CAAA;IAC7E,gGAAyE,CAAA;IACzE,8DAAuC,CAAA;IACvC,gHAAyF,CAAA;IACzF,8GAAuF,CAAA;IACvF,gGAAyE,CAAA;IACzE,2EAAkD,CAAA;IAClD,0EAAiD,CAAA;IACjD,wGAAiF,CAAA;IACjF,0FAAmE,CAAA;IACnE,wDAA+B,CAAA;IAC/B,kFAAyD,CAAA;IACzD,gDAAyB,CAAA;IACzB,oDAA6B,CAAA;IAC7B,kEAA2C,CAAA;AAC7C,CAAC,EAnCW,mBAAmB,mCAAnB,mBAAmB,QAmC9B;AAED,kCAAkC;AAClC,8DAA8D;AAE9D,sBAAsB"}
|
|
@@ -3,4 +3,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
const tslib_1 = require("tslib");
|
|
4
4
|
tslib_1.__exportStar(require("./token-validation"), exports);
|
|
5
5
|
tslib_1.__exportStar(require("./verify-middleware"), exports);
|
|
6
|
+
tslib_1.__exportStar(require("./verify-express"), exports);
|
|
6
7
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/middlewares/index.ts"],"names":[],"mappings":";;;AAAA,6DAAmC;AACnC,8DAAoC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/middlewares/index.ts"],"names":[],"mappings":";;;AAAA,6DAAmC;AACnC,8DAAoC;AACpC,2DAAiC"}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import { Request, Response, NextFunction } from "express";
|
|
2
|
+
import { InvocationContext } from "@azure/functions";
|
|
3
|
+
export declare const verifyExpress: (getCtx?: (req: Request) => InvocationContext | undefined) => (req: Request, res: Response, next: NextFunction) => Promise<void | Response<any, Record<string, any>>>;
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.verifyExpress = void 0;
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const verify_middleware_1 = require("./verify-middleware");
|
|
6
|
+
// Lightweight adapter to reuse verifyMw (Azure Functions-style) inside Express.
|
|
7
|
+
// It expects the Azure HttpRequest/InvocationContext to be available on the Express
|
|
8
|
+
// request as azureReq/azureCtx (set by the Azure→Express bridge). If absent, it
|
|
9
|
+
// builds minimal fallbacks so the middleware can still run in local tests.
|
|
10
|
+
const toHeaders = (req) => {
|
|
11
|
+
const h = new Headers();
|
|
12
|
+
Object.entries(req.headers).forEach(([key, value]) => {
|
|
13
|
+
if (Array.isArray(value)) {
|
|
14
|
+
value.forEach((v) => h.append(key, v));
|
|
15
|
+
}
|
|
16
|
+
else if (value !== undefined) {
|
|
17
|
+
h.append(key, String(value));
|
|
18
|
+
}
|
|
19
|
+
});
|
|
20
|
+
return h;
|
|
21
|
+
};
|
|
22
|
+
const buildAzureRequest = (req) => {
|
|
23
|
+
return {
|
|
24
|
+
method: req.method,
|
|
25
|
+
url: req.originalUrl || req.url,
|
|
26
|
+
headers: toHeaders(req),
|
|
27
|
+
query: (req.query || {}),
|
|
28
|
+
params: (req.params || {}),
|
|
29
|
+
// Body is already parsed by the Azure→Express adapter when present
|
|
30
|
+
body: req.body,
|
|
31
|
+
};
|
|
32
|
+
};
|
|
33
|
+
const fallbackCtx = {
|
|
34
|
+
log: console.log,
|
|
35
|
+
info: console.info,
|
|
36
|
+
warn: console.warn,
|
|
37
|
+
error: console.error,
|
|
38
|
+
trace: console.debug,
|
|
39
|
+
};
|
|
40
|
+
// Factory so callers can optionally provide their own ctx retriever
|
|
41
|
+
const verifyExpress = (getCtx) => {
|
|
42
|
+
return (req, res, next) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
|
|
43
|
+
var _a, _b, _c;
|
|
44
|
+
const azureReq = req.azureReq || buildAzureRequest(req);
|
|
45
|
+
const ctx = req.azureCtx || (getCtx === null || getCtx === void 0 ? void 0 : getCtx(req)) || fallbackCtx;
|
|
46
|
+
const result = yield (0, verify_middleware_1.verifyMw)(azureReq, ctx, () => tslib_1.__awaiter(void 0, void 0, void 0, function* () { return ({ status: 200 }); }));
|
|
47
|
+
// Short-circuit on failures
|
|
48
|
+
if (result.status && result.status !== 200) {
|
|
49
|
+
if (result.headers) {
|
|
50
|
+
Object.entries(result.headers).forEach(([k, v]) => res.setHeader(k, String(v)));
|
|
51
|
+
}
|
|
52
|
+
return res.status((_a = result.status) !== null && _a !== void 0 ? _a : 401).send((_b = result.body) !== null && _b !== void 0 ? _b : "");
|
|
53
|
+
}
|
|
54
|
+
// Propagate auth payload if verifyMw set it
|
|
55
|
+
const auth = (_c = ctx === null || ctx === void 0 ? void 0 : ctx.state) === null || _c === void 0 ? void 0 : _c.auth;
|
|
56
|
+
if (auth) {
|
|
57
|
+
req.auth = auth;
|
|
58
|
+
}
|
|
59
|
+
return next();
|
|
60
|
+
});
|
|
61
|
+
};
|
|
62
|
+
exports.verifyExpress = verifyExpress;
|
|
63
|
+
//# sourceMappingURL=verify-express.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify-express.js","sourceRoot":"","sources":["../../../src/middlewares/verify-express.ts"],"names":[],"mappings":";;;;AAEA,2DAA+C;AAE/C,gFAAgF;AAChF,oFAAoF;AACpF,gFAAgF;AAChF,2EAA2E;AAC3E,MAAM,SAAS,GAAG,CAAC,GAAY,EAAW,EAAE;IAC1C,MAAM,CAAC,GAAG,IAAI,OAAO,EAAE,CAAC;IACxB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;QACnD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC/B,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,CAAC;AACX,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,GAAY,EAAe,EAAE;IACtD,OAAO;QACL,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,GAAG,EAAE,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG;QAC/B,OAAO,EAAE,SAAS,CAAC,GAAG,CAAC;QACvB,KAAK,EAAE,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAQ;QAC/B,MAAM,EAAE,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAQ;QACjC,mEAAmE;QACnE,IAAI,EAAG,GAAW,CAAC,IAAI;KACT,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,WAAW,GAAsB;IACrC,GAAG,EAAE,OAAO,CAAC,GAAG;IAChB,IAAI,EAAE,OAAO,CAAC,IAAI;IAClB,IAAI,EAAE,OAAO,CAAC,IAAI;IAClB,KAAK,EAAE,OAAO,CAAC,KAAK;IACpB,KAAK,EAAE,OAAO,CAAC,KAAK;CACd,CAAC;AAET,oEAAoE;AAC7D,MAAM,aAAa,GAAG,CAC3B,MAAwD,EACxD,EAAE;IACF,OAAO,CAAO,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;;QAC/D,MAAM,QAAQ,GAAiB,GAAW,CAAC,QAAQ,IAAI,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAC9E,MAAM,GAAG,GACN,GAAW,CAAC,QAAQ,KAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAG,GAAG,CAAC,CAAA,IAAI,WAAW,CAAC;QAExD,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAQ,EAC3B,QAAQ,EACR,GAAG,EACH,GAAS,EAAE,0DAAC,OAAA,CAAC,EAAE,MAAM,EAAE,GAAG,EAAuB,CAAA,CAAA,GAAA,CAClD,CAAC;QAEF,4BAA4B;QAC5B,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC3C,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAChD,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAC5B,CAAC;YACJ,CAAC;YACD,OAAO,GAAG,CAAC,MAAM,CAAC,MAAA,MAAM,CAAC,MAAM,mCAAI,GAAG,CAAC,CAAC,IAAI,CAAC,MAAA,MAAM,CAAC,IAAI,mCAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,4CAA4C;QAC5C,MAAM,IAAI,GAAG,MAAC,GAAW,aAAX,GAAG,uBAAH,GAAG,CAAU,KAAK,0CAAE,IAAI,CAAC;QACvC,IAAI,IAAI,EAAE,CAAC;YACR,GAAW,CAAC,IAAI,GAAG,IAAI,CAAC;QAC3B,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAA,CAAC;AACJ,CAAC,CAAC;AAhCW,QAAA,aAAa,iBAgCxB"}
|
|
@@ -196,7 +196,18 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
|
|
|
196
196
|
expiresAt: typeof data.expires_in === "number" ? new Date(Date.now() + data.expires_in * 1000) : undefined
|
|
197
197
|
});
|
|
198
198
|
// Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
|
|
199
|
-
|
|
199
|
+
const mappingMaxAge = typeof data.refresh_expires_in === "number"
|
|
200
|
+
? data.refresh_expires_in
|
|
201
|
+
: typeof data.expires_in === "number"
|
|
202
|
+
? data.expires_in
|
|
203
|
+
: 60 * 60 * 24; // fallback 24h
|
|
204
|
+
(0, cookies_1.setCookieKV)(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {
|
|
205
|
+
// mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only
|
|
206
|
+
httpOnly: false,
|
|
207
|
+
secure: true,
|
|
208
|
+
sameSite: "None",
|
|
209
|
+
maxAge: mappingMaxAge
|
|
210
|
+
});
|
|
200
211
|
// Decode new AT and proceed
|
|
201
212
|
let p2;
|
|
202
213
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAoD;AAEpD,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAA;AAEpD,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEK,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEjD,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE7D,IAAI,OAAO,GAAkB,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC,CAAC;IAE7E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAE5E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;IAEvC,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,4BAA4B;IAC5B,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9C,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC1F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC1E,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC;IAErB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,CAAC,CAAC,GAAG,mCAAI,IAAI;QACrB,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC1E,GAAG,EAAE,CAAC,CAAC,GAAG;KACX,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AA3IW,QAAA,QAAQ,YA2InB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,iDAAiD,EAAE;YAC1D,OAAO;YACP,QAAQ;YACR,EAAE;SACH,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAA,GAAG,CAAC,IAAI,oDAAG,wBAAwB,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC1D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBACpD,WAAW,EAAE,KAAe;gBAC5B,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4FAA4F;YAC5F,IAAA,qBAAW,EAAC,GAAG,EAAE,uBAAuB,KAAK,UAAU,EAAE,OAAO,CAAC,CAAC;YAElE,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK;gBACL,MAAM,EAAE,MAAA,EAAE,CAAC,GAAG,mCAAI,IAAI;gBACtB,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE,CAAQ,CAAC,CAAC;YAC3C,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAoD;AAEpD,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAA;AAEpD,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEK,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEjD,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE7D,IAAI,OAAO,GAAkB,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC,CAAC;IAE7E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAE5E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;IAEvC,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,4BAA4B;IAC5B,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9C,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC1F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC1E,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC;IAErB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,CAAC,CAAC,GAAG,mCAAI,IAAI;QACrB,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC1E,GAAG,EAAE,CAAC,CAAC,GAAG;KACX,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AA3IW,QAAA,QAAQ,YA2InB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,iDAAiD,EAAE;YAC1D,OAAO;YACP,QAAQ;YACR,EAAE;SACH,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAA,GAAG,CAAC,IAAI,oDAAG,wBAAwB,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC1D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBACpD,WAAW,EAAE,KAAe;gBAC5B,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;oBACnC,CAAC,CAAC,IAAI,CAAC,UAAU;oBACjB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,eAAe;YAErC,IAAA,qBAAW,EAAC,GAAG,EAAE,uBAAuB,KAAK,UAAU,EAAE,OAAO,EAAE;gBAChE,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK;gBACL,MAAM,EAAE,MAAA,EAAE,CAAC,GAAG,mCAAI,IAAI;gBACtB,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE,CAAQ,CAAC,CAAC;YAC3C,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
package/build/src/types/app.d.ts
CHANGED
|
@@ -1,2 +1,9 @@
|
|
|
1
1
|
import { InvocationContext } from "@azure/functions";
|
|
2
|
-
|
|
2
|
+
type CookieOptions = {
|
|
3
|
+
httpOnly?: boolean;
|
|
4
|
+
secure?: boolean;
|
|
5
|
+
sameSite?: "None" | "Lax" | "Strict";
|
|
6
|
+
maxAge?: number;
|
|
7
|
+
};
|
|
8
|
+
export declare function setCookieKV(ctx: InvocationContext, key: string, value: string, options?: CookieOptions): void;
|
|
9
|
+
export {};
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.setCookieKV = setCookieKV;
|
|
4
|
-
function setCookieKV(ctx, key, value) {
|
|
4
|
+
function setCookieKV(ctx, key, value, options = {}) {
|
|
5
5
|
var _a, _b;
|
|
6
6
|
var _c, _d;
|
|
7
|
+
const { httpOnly = true, secure = true, sameSite = "None", maxAge = 300, // seconds (default)
|
|
8
|
+
} = options;
|
|
7
9
|
// Object-cookie bag (preferred)
|
|
8
10
|
const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj");
|
|
9
11
|
// @ts-ignore
|
|
@@ -12,14 +14,14 @@ function setCookieKV(ctx, key, value) {
|
|
|
12
14
|
name: key,
|
|
13
15
|
value,
|
|
14
16
|
path: "/",
|
|
15
|
-
httpOnly
|
|
16
|
-
secure
|
|
17
|
-
sameSite
|
|
18
|
-
maxAge
|
|
17
|
+
httpOnly,
|
|
18
|
+
secure, // drop to false if testing on http://
|
|
19
|
+
sameSite, // use "Lax" for same-site
|
|
20
|
+
maxAge,
|
|
19
21
|
});
|
|
20
22
|
// (Optional) Keep your string fallback too:
|
|
21
23
|
const CTX_COOKIES = Symbol.for("cfy.resCookies");
|
|
22
24
|
const strBag = ((_b = (_d = ctx)[CTX_COOKIES]) !== null && _b !== void 0 ? _b : (_d[CTX_COOKIES] = []));
|
|
23
|
-
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path
|
|
25
|
+
strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
|
|
24
26
|
}
|
|
25
27
|
//# sourceMappingURL=cookies.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/utils/cookies.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/utils/cookies.ts"],"names":[],"mappings":";;AASA,kCAiCC;AAjCD,SAAgB,WAAW,CACzB,GAAsB,EACtB,GAAW,EACX,KAAa,EACb,UAAyB,EAAE;;;IAE3B,MAAM,EACJ,QAAQ,GAAG,IAAI,EACf,MAAM,GAAG,IAAI,EACb,QAAQ,GAAG,MAAM,EACjB,MAAM,GAAG,GAAG,EAAE,oBAAoB;MACnC,GAAG,OAAO,CAAC;IAEZ,gCAAgC;IAChC,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IACzD,aAAa;IACb,MAAM,MAAM,GAAG,aAAE,GAAW,EAAC,eAAe,wCAAf,eAAe,IAAM,EAAkB,EAAC,CAAC;IACtE,MAAM,CAAC,IAAI,CAAC;QACR,IAAI,EAAE,GAAG;QACT,KAAK;QACL,IAAI,EAAE,GAAG;QACT,QAAQ;QACR,MAAM,EAAQ,sCAAsC;QACpD,QAAQ,EAAI,0BAA0B;QACtC,MAAM;KACT,CAAC,CAAC;IAEH,4CAA4C;IAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,aAAE,GAAW,EAAC,WAAW,wCAAX,WAAW,IAAM,EAAc,EAAC,CAAC;IAC9D,MAAM,CAAC,IAAI,CACP,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC,KAAK,CAAC,YAAY,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,aAAa,QAAQ,IAAI,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9M,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@culturefy/shared",
|
|
3
3
|
"description": "Shared utilities for culturefy serverless services",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.53",
|
|
5
5
|
"main": "build/cjs/index.js",
|
|
6
6
|
"module": "build/esm/index.js",
|
|
7
7
|
"types": "build/src/index.d.ts",
|
|
@@ -43,6 +43,7 @@
|
|
|
43
43
|
"@babel/plugin-proposal-decorators": "^7.28.0",
|
|
44
44
|
"@babel/preset-env": "^7.24.3",
|
|
45
45
|
"@babel/preset-typescript": "^7.24.1",
|
|
46
|
+
"@types/express": "^4.17.21",
|
|
46
47
|
"@types/node": "^25.0.3"
|
|
47
48
|
},
|
|
48
49
|
"prettier": {
|
|
@@ -56,6 +57,7 @@
|
|
|
56
57
|
"@azure/identity": "^4.13.0",
|
|
57
58
|
"@azure/keyvault-secrets": "^4.10.0",
|
|
58
59
|
"@types/mongoose": "^5.11.96",
|
|
60
|
+
"express": "^4.18.2",
|
|
59
61
|
"axios": "^1.11.0",
|
|
60
62
|
"jwt-decode": "^4.0.0",
|
|
61
63
|
"mongoose": "^8.18.1"
|